|
Malware Removal Discussion about Trojans, viruses, hoaxes, firewalls, spyware, and general Security issues. If you suspect your PC is infected with a virus, trojan or spyware app please include any supporting documentation or logs |
![]() |
|
Topic Tools |
#16
|
|||
|
|||
GMER 1.0.14.14536 - http://www.gmer.net
Rootkit scan 2008-08-31 01:51:25 Windows 5.1.2600 Service Pack 2 ---- System - GMER 1.0.14 ---- SSDT sptd.sys ZwCreateKey [0xF73C00B0] SSDT F7C220CC ZwCreateThread SSDT sptd.sys ZwEnumerateKey [0xF73C4D1C] SSDT sptd.sys ZwEnumerateValueKey [0xF73C50BC] SSDT sptd.sys ZwOpenKey [0xF73C0090] SSDT F7C220B8 ZwOpenProcess SSDT F7C220BD ZwOpenThread SSDT sptd.sys ZwQueryKey [0xF73C5194] SSDT sptd.sys ZwQueryValueKey [0xF73C5014] SSDT sptd.sys ZwSetValueKey [0xF73C5226] SSDT F7C220C7 ZwTerminateProcess SSDT F7C220C2 ZwWriteVirtualMemory ---- Kernel code sections - GMER 1.0.14 ---- ? C:\WINDOWS\system32\drivers\sptd.sys The process cannot access the file because it is being used by another process. .text USBPORT.SYS!DllUnload F61AD62C 5 Bytes JMP 86BBE1B8 ---- Kernel IAT/EAT - GMER 1.0.14 ---- IAT atapi.sys[HAL.dll!READ_PORT_UCHAR] [F73C0AB6] sptd.sys IAT atapi.sys[HAL.dll!READ_PORT_BUFFER_USHORT] [F73C0BEE] sptd.sys IAT atapi.sys[HAL.dll!READ_PORT_USHORT] [F73C0B76] sptd.sys IAT atapi.sys[HAL.dll!WRITE_PORT_BUFFER_USHORT] [F73C171C] sptd.sys IAT atapi.sys[HAL.dll!WRITE_PORT_UCHAR] [F73C15F2] sptd.sys IAT \SystemRoot\system32\DRIVERS\i8042prt.sys[HAL.dll!READ_PORT_UCHAR] [F73E57AE] sptd.sys ---- Devices - GMER 1.0.14 ---- Device \FileSystem\Ntfs \Ntfs 86D671D8 Device \FileSystem\Fastfat \FatCdrom 864C6990 Device \Driver\usbuhci \Device\USBPDO-0 86B0A1D8 Device \Driver\dmio \Device\DmControl\DmIoDaemon 86D691D8 Device \Driver\dmio \Device\DmControl\DmConfig 86D691D8 Device \Driver\dmio \Device\DmControl\DmPnP 86D691D8 Device \Driver\dmio \Device\DmControl\DmInfo 86D691D8 Device \Driver\usbuhci \Device\USBPDO-1 86B0A1D8 Device \Driver\usbuhci \Device\USBPDO-2 86B0A1D8 Device \Driver\NetBT \Device\NetBT_Tcpip_{F2EA6E95-22A4-4FA3-AC0B-59DAE1720471} 86572718 Device \Driver\usbuhci \Device\USBPDO-3 86B0A1D8 Device \Driver\usbehci \Device\USBPDO-4 86AF31D8 Device \Driver\Ftdisk \Device\HarddiskVolume1 86DD31D8 Device \Driver\Ftdisk \Device\HarddiskVolume2 86DD31D8 Device \Driver\Cdrom \Device\CdRom0 86BDB3A8 Device \Driver\Cdrom \Device\CdRom1 86BDB3A8 Device \Driver\atapi \Device\Ide\IdePort0 86D681D8 Device \Driver\atapi \Device\Ide\IdeDeviceP0T0L0-4 86D681D8 Device \Driver\atapi \Device\Ide\IdePort1 86D681D8 Device \Driver\atapi \Device\Ide\IdePort2 86D681D8 Device \Driver\atapi \Device\Ide\IdeDeviceP0T1L0-c 86D681D8 Device \Driver\atapi \Device\Ide\IdePort3 86D681D8 Device \Driver\atapi \Device\Ide\IdeDeviceP2T0L0-17 86D681D8 Device \Driver\USBSTOR \Device\00000080 86750990 Device \Driver\NetBT \Device\NetBt_Wins_Export 86572718 Device \Driver\USBSTOR \Device\00000078 86750990 Device \Driver\NetBT \Device\NetbiosSmb 86572718 Device \Driver\usbuhci \Device\USBFDO-0 86B0A1D8 Device \Driver\usbuhci \Device\USBFDO-1 86B0A1D8 Device \FileSystem\MRxSmb \Device\LanmanDatagramReceiver 8675B990 Device \Driver\usbuhci \Device\USBFDO-2 86B0A1D8 Device \FileSystem\MRxSmb \Device\LanmanRedirector 8675B990 Device \Driver\usbuhci \Device\USBFDO-3 86B0A1D8 Device \Driver\USBSTOR \Device\0000007d 86750990 Device \Driver\usbehci \Device\USBFDO-4 86AF31D8 Device \Driver\Ftdisk \Device\FtControl 86DD31D8 Device \Driver\USBSTOR \Device\0000007e 86750990 Device \Driver\USBSTOR \Device\0000007f 86750990 Device \FileSystem\Fastfat \Fat 864C6990 AttachedDevice \FileSystem\Fastfat \Fat fltMgr.sys (Microsoft Filesystem Filter Manager/Microsoft Corporation) Device \FileSystem\Cdfs \Cdfs 8689E990 ---- Registry - GMER 1.0.14 ---- Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg@s1 1525703580 Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg@s2 184076567 Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg@h0 1 Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19 659239224E364682FA4BAF72C53EA4 Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19 659239224E364682FA4BAF72C53EA4@h0 0 Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19 659239224E364682FA4BAF72C53EA4@khjeh 0x3D 0x1D 0xF7 0xEF ... Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\196592 39224E364682FA4BAF72C53EA4 Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\196592 39224E364682FA4BAF72C53EA4@h0 0 Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\196592 39224E364682FA4BAF72C53EA4@khjeh 0x3D 0x1D 0xF7 0xEF ... ---- Disk sectors - GMER 1.0.14 ---- Disk \Device\Harddisk0\DR0 sector 61: malicious code @ sector 0x1749da10 size 0x1a8 Disk \Device\Harddisk0\DR0 sector 62: copy of MBR ---- EOF - GMER 1.0.14 ---- |
#17
|
||||
|
||||
Looks like your MBR (Master Boot Record) is infected. One more log and it's a little one.
![]() Download mbr.exe from here and place it on your C drive (so the filepath is then C:\mbr.exe). Then click mbr.exe to run the scan (a window will open briefly, then close). The scan will create a mbr.log on your C drive as well (C:\mbr.log). Please copy/paste those contents in your next reply. |
#18
|
|||
|
|||
![]() Stealth MBR rootkit detector 0.2.4 by Gmer, http://www.gmer.net device: opened successfully user: MBR read successfully kernel: MBR read successfully user & kernel MBR OK malicious code @ sector 0x1749da10 size 0x1a8 ! copy of MBR has been found in sector 62 ! |
#19
|
||||
|
||||
Ok, lets get rid of that. Rename the C:\mbr.log to C:\mbr.old.
Go to Start > Run and type: cmd.exe and click OK. After the prompt, type the below commands and hit Enter after each line. cd\ mbr.exe -f (there is a space between exe and -f) Still with the command window open, click on the Icon in the top left hand corner of the Command Prompt and choose Edit > Select All and then Edit > Copy. Rightclick on your Desktop and create a text file. Open it and position your mouse inside the file, rightclick again and choose Paste. Save the file and post the contents here. Then click on C:\mbr.exe and again allow it to do a quick scan, and post back here the contents of the new C:\mbr.log as well please. Also post a new Gmer log. |
#20
|
|||
|
|||
ok I might have done this wrong but....I didnt really see what happened....
Microsoft Windows XP [Version 5.1.2600] (C) Copyright 1985-2001 Microsoft Corp. C:\Documents and Settings\HP_Administrator>cd/ C:\Documents and Settings\HP_Administrator>mbr.exe -f 'mbr.exe' is not recognized as an internal or external command, operable program or batch file. C:\Documents and Settings\HP_Administrator> Stealth MBR rootkit detector 0.2.4 by Gmer, http://www.gmer.net device: opened successfully user: MBR read successfully kernel: MBR read successfully user & kernel MBR OK malicious code @ sector 0x1749da10 size 0x1a8 ! copy of MBR has been found in sector 62 ! GMER 1.0.14.14536 - http://www.gmer.net Rootkit scan 2008-08-31 02:33:37 Windows 5.1.2600 Service Pack 2 ---- System - GMER 1.0.14 ---- SSDT sptd.sys ZwCreateKey [0xF73C00B0] SSDT F7C220CC ZwCreateThread SSDT sptd.sys ZwEnumerateKey [0xF73C4D1C] SSDT sptd.sys ZwEnumerateValueKey [0xF73C50BC] SSDT sptd.sys ZwOpenKey [0xF73C0090] SSDT F7C220B8 ZwOpenProcess SSDT F7C220BD ZwOpenThread SSDT sptd.sys ZwQueryKey [0xF73C5194] SSDT sptd.sys ZwQueryValueKey [0xF73C5014] SSDT sptd.sys ZwSetValueKey [0xF73C5226] SSDT F7C220C7 ZwTerminateProcess SSDT F7C220C2 ZwWriteVirtualMemory ---- Kernel code sections - GMER 1.0.14 ---- ? C:\WINDOWS\system32\drivers\sptd.sys The process cannot access the file because it is being used by another process. .text USBPORT.SYS!DllUnload F61AD62C 5 Bytes JMP 86BBE1B8 ? C:\DOCUME~1\HP_ADM~1\LOCALS~1\Temp\mbr.sys The system cannot find the file specified. ! ---- Kernel IAT/EAT - GMER 1.0.14 ---- IAT atapi.sys[HAL.dll!READ_PORT_UCHAR] [F73C0AB6] sptd.sys IAT atapi.sys[HAL.dll!READ_PORT_BUFFER_USHORT] [F73C0BEE] sptd.sys IAT atapi.sys[HAL.dll!READ_PORT_USHORT] [F73C0B76] sptd.sys IAT atapi.sys[HAL.dll!WRITE_PORT_BUFFER_USHORT] [F73C171C] sptd.sys IAT atapi.sys[HAL.dll!WRITE_PORT_UCHAR] [F73C15F2] sptd.sys IAT \SystemRoot\system32\DRIVERS\i8042prt.sys[HAL.dll!READ_PORT_UCHAR] [F73E57AE] sptd.sys ---- Devices - GMER 1.0.14 ---- Device \FileSystem\Ntfs \Ntfs 86D671D8 Device \FileSystem\Fastfat \FatCdrom 864C6990 Device \Driver\usbuhci \Device\USBPDO-0 86B0A1D8 Device \Driver\usbuhci \Device\USBPDO-1 86B0A1D8 Device \Driver\dmio \Device\DmControl\DmIoDaemon 86D691D8 Device \Driver\dmio \Device\DmControl\DmConfig 86D691D8 Device \Driver\dmio \Device\DmControl\DmPnP 86D691D8 Device \Driver\dmio \Device\DmControl\DmInfo 86D691D8 Device \Driver\usbuhci \Device\USBPDO-2 86B0A1D8 Device \Driver\NetBT \Device\NetBT_Tcpip_{F2EA6E95-22A4-4FA3-AC0B-59DAE1720471} 86572718 Device \Driver\usbuhci \Device\USBPDO-3 86B0A1D8 Device \Driver\usbehci \Device\USBPDO-4 86AF31D8 Device \Driver\Ftdisk \Device\HarddiskVolume1 86DD31D8 Device \Driver\Ftdisk \Device\HarddiskVolume2 86DD31D8 Device \Driver\Cdrom \Device\CdRom0 86BDB3A8 Device \Driver\atapi \Device\Ide\IdePort0 86D681D8 Device \Driver\atapi \Device\Ide\IdeDeviceP0T0L0-4 86D681D8 Device \Driver\atapi \Device\Ide\IdePort1 86D681D8 Device \Driver\atapi \Device\Ide\IdePort2 86D681D8 Device \Driver\atapi \Device\Ide\IdeDeviceP0T1L0-c 86D681D8 Device \Driver\atapi \Device\Ide\IdePort3 86D681D8 Device \Driver\atapi \Device\Ide\IdeDeviceP2T0L0-17 86D681D8 Device \Driver\Cdrom \Device\CdRom1 86BDB3A8 Device \Driver\USBSTOR \Device\00000080 86750990 Device \Driver\NetBT \Device\NetBt_Wins_Export 86572718 Device \Driver\USBSTOR \Device\00000078 86750990 Device \Driver\NetBT \Device\NetbiosSmb 86572718 Device \Driver\usbuhci \Device\USBFDO-0 86B0A1D8 Device \Driver\usbuhci \Device\USBFDO-1 86B0A1D8 Device \FileSystem\MRxSmb \Device\LanmanDatagramReceiver 8675B990 Device \Driver\usbuhci \Device\USBFDO-2 86B0A1D8 Device \FileSystem\MRxSmb \Device\LanmanRedirector 8675B990 Device \Driver\usbuhci \Device\USBFDO-3 86B0A1D8 Device \Driver\USBSTOR \Device\0000007d 86750990 Device \Driver\Ftdisk \Device\FtControl 86DD31D8 Device \Driver\usbehci \Device\USBFDO-4 86AF31D8 Device \Driver\USBSTOR \Device\0000007e 86750990 Device \Driver\USBSTOR \Device\0000007f 86750990 Device \FileSystem\Fastfat \Fat 864C6990 AttachedDevice \FileSystem\Fastfat \Fat fltMgr.sys (Microsoft Filesystem Filter Manager/Microsoft Corporation) Device \FileSystem\Cdfs \Cdfs 8689E990 ---- Registry - GMER 1.0.14 ---- Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg@s1 1525703580 Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg@s2 184076567 Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg@h0 1 Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19 659239224E364682FA4BAF72C53EA4 Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19 659239224E364682FA4BAF72C53EA4@h0 0 Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19 659239224E364682FA4BAF72C53EA4@khjeh 0x3D 0x1D 0xF7 0xEF ... Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\196592 39224E364682FA4BAF72C53EA4 Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\196592 39224E364682FA4BAF72C53EA4@h0 0 Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\196592 39224E364682FA4BAF72C53EA4@khjeh 0x3D 0x1D 0xF7 0xEF ... ---- Disk sectors - GMER 1.0.14 ---- Disk \Device\Harddisk0\DR0 sector 61: malicious code @ sector 0x1749da10 size 0x1a8 Disk \Device\Harddisk0\DR0 sector 62: copy of MBR ---- EOF - GMER 1.0.14 ---- |
#21
|
||||
|
||||
Quote:
|
#22
|
|||
|
|||
wow I feel less smart now...here you go...lol
Microsoft Windows XP [Version 5.1.2600] (C) Copyright 1985-2001 Microsoft Corp. C:\Documents and Settings\HP_Administrator>cd C:\Documents and Settings\HP_Administrator C:\Documents and Settings\HP_Administrator>cd\ C:\>mbr.exe -f Stealth MBR rootkit detector 0.2.4 by Gmer, http://www.gmer.net device: opened successfully user: MBR read successfully kernel: MBR read successfully user & kernel MBR OK malicious code @ sector 0x1749da10 size 0x1a8 ! copy of MBR has been found in sector 62 ! Stealth MBR rootkit detector 0.2.4 by Gmer, http://www.gmer.net device: opened successfully user: MBR read successfully kernel: MBR read successfully user & kernel MBR OK malicious code @ sector 0x1749da10 size 0x1a8 ! copy of MBR has been found in sector 62 ! GMER 1.0.14.14536 - http://www.gmer.net Rootkit scan 2008-08-31 03:08:17 Windows 5.1.2600 Service Pack 2 ---- System - GMER 1.0.14 ---- SSDT sptd.sys ZwCreateKey [0xF73C00B0] SSDT F7C220CC ZwCreateThread SSDT sptd.sys ZwEnumerateKey [0xF73C4D1C] SSDT sptd.sys ZwEnumerateValueKey [0xF73C50BC] SSDT sptd.sys ZwOpenKey [0xF73C0090] SSDT F7C220B8 ZwOpenProcess SSDT F7C220BD ZwOpenThread SSDT sptd.sys ZwQueryKey [0xF73C5194] SSDT sptd.sys ZwQueryValueKey [0xF73C5014] SSDT sptd.sys ZwSetValueKey [0xF73C5226] SSDT F7C220C7 ZwTerminateProcess SSDT F7C220C2 ZwWriteVirtualMemory ---- Kernel code sections - GMER 1.0.14 ---- ? C:\WINDOWS\system32\drivers\sptd.sys The process cannot access the file because it is being used by another process. .text USBPORT.SYS!DllUnload F61AD62C 5 Bytes JMP 86BBE1B8 ? C:\DOCUME~1\HP_ADM~1\LOCALS~1\Temp\mbr.sys The system cannot find the file specified. ! ---- Kernel IAT/EAT - GMER 1.0.14 ---- IAT atapi.sys[HAL.dll!READ_PORT_UCHAR] [F73C0AB6] sptd.sys IAT atapi.sys[HAL.dll!READ_PORT_BUFFER_USHORT] [F73C0BEE] sptd.sys IAT atapi.sys[HAL.dll!READ_PORT_USHORT] [F73C0B76] sptd.sys IAT atapi.sys[HAL.dll!WRITE_PORT_BUFFER_USHORT] [F73C171C] sptd.sys IAT atapi.sys[HAL.dll!WRITE_PORT_UCHAR] [F73C15F2] sptd.sys IAT \SystemRoot\system32\DRIVERS\i8042prt.sys[HAL.dll!READ_PORT_UCHAR] [F73E57AE] sptd.sys ---- Devices - GMER 1.0.14 ---- Device \FileSystem\Ntfs \Ntfs 86D671D8 Device \FileSystem\Fastfat \FatCdrom 864C6990 Device \Driver\usbuhci \Device\USBPDO-0 86B0A1D8 Device \Driver\dmio \Device\DmControl\DmIoDaemon 86D691D8 Device \Driver\dmio \Device\DmControl\DmConfig 86D691D8 Device \Driver\dmio \Device\DmControl\DmPnP 86D691D8 Device \Driver\dmio \Device\DmControl\DmInfo 86D691D8 Device \Driver\usbuhci \Device\USBPDO-1 86B0A1D8 Device \Driver\usbuhci \Device\USBPDO-2 86B0A1D8 Device \Driver\NetBT \Device\NetBT_Tcpip_{F2EA6E95-22A4-4FA3-AC0B-59DAE1720471} 86572718 Device \Driver\usbuhci \Device\USBPDO-3 86B0A1D8 Device \Driver\usbehci \Device\USBPDO-4 86AF31D8 Device \Driver\Ftdisk \Device\HarddiskVolume1 86DD31D8 Device \Driver\Ftdisk \Device\HarddiskVolume2 86DD31D8 Device \Driver\Cdrom \Device\CdRom0 86BDB3A8 Device \Driver\Cdrom \Device\CdRom1 86BDB3A8 Device \Driver\atapi \Device\Ide\IdePort0 86D681D8 Device \Driver\atapi \Device\Ide\IdeDeviceP0T0L0-4 86D681D8 Device \Driver\atapi \Device\Ide\IdePort1 86D681D8 Device \Driver\atapi \Device\Ide\IdePort2 86D681D8 Device \Driver\atapi \Device\Ide\IdeDeviceP0T1L0-c 86D681D8 Device \Driver\atapi \Device\Ide\IdePort3 86D681D8 Device \Driver\atapi \Device\Ide\IdeDeviceP2T0L0-17 86D681D8 Device \Driver\USBSTOR \Device\00000080 86750990 Device \Driver\NetBT \Device\NetBt_Wins_Export 86572718 Device \Driver\USBSTOR \Device\00000078 86750990 Device \Driver\NetBT \Device\NetbiosSmb 86572718 Device \Driver\usbuhci \Device\USBFDO-0 86B0A1D8 Device \Driver\usbuhci \Device\USBFDO-1 86B0A1D8 Device \FileSystem\MRxSmb \Device\LanmanDatagramReceiver 8675B990 Device \Driver\usbuhci \Device\USBFDO-2 86B0A1D8 Device \FileSystem\MRxSmb \Device\LanmanRedirector 8675B990 Device \Driver\usbuhci \Device\USBFDO-3 86B0A1D8 Device \Driver\usbehci \Device\USBFDO-4 86AF31D8 Device \Driver\Ftdisk \Device\FtControl 86DD31D8 Device \Driver\USBSTOR \Device\0000007d 86750990 Device \Driver\USBSTOR \Device\0000007e 86750990 Device \Driver\USBSTOR \Device\0000007f 86750990 Device \FileSystem\Fastfat \Fat 864C6990 AttachedDevice \FileSystem\Fastfat \Fat fltMgr.sys (Microsoft Filesystem Filter Manager/Microsoft Corporation) Device \FileSystem\Cdfs \Cdfs 8689E990 ---- Registry - GMER 1.0.14 ---- Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg@s1 1525703580 Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg@s2 184076567 Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg@h0 1 Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19 659239224E364682FA4BAF72C53EA4 Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19 659239224E364682FA4BAF72C53EA4@h0 0 Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19 659239224E364682FA4BAF72C53EA4@khjeh 0x3D 0x1D 0xF7 0xEF ... Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\196592 39224E364682FA4BAF72C53EA4 Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\196592 39224E364682FA4BAF72C53EA4@h0 0 Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\196592 39224E364682FA4BAF72C53EA4@khjeh 0x3D 0x1D 0xF7 0xEF ... ---- Disk sectors - GMER 1.0.14 ---- Disk \Device\Harddisk0\DR0 sector 61: malicious code @ sector 0x1749da10 size 0x1a8 Disk \Device\Harddisk0\DR0 sector 62: copy of MBR ---- EOF - GMER 1.0.14 ---- |
#23
|
||||
|
||||
Code:
wow I feel less smart now...here you go...lol There is still malware to be removed though and I would like to see if SDFix detects it. If not, I will remove it manually but I would like to try the utility first. Please download SDFix from here and save it to your desktop. Reboot into Safe Mode (reboot and tap the F8 key continuously as your computer restarts and select Safe Mode). In Safe Mode, doubleclick on SDFix.exe and click on Install. Navigate to C:\SdFix, open the SdFix folder and double click RunThis.bat to start the script. Type Y to begin the script. It will remove any Trojan Services then make some repairs to the registry and prompt you to press any key to Reboot. When you hit any key, your computer will reboot. Your system will take a lot longer than normal to restart as the fixtool will be running and removing files. When your desktop loads, the utility will complete the removal and display Finished. Press any key again to end the script and load your desktop icons. Finally open the SDFix folder on your desktop and copy and paste the contents of Report.txt back in this thread with a new OTViewIt log (dont worry about Extras.txt). |
#24
|
|||
|
|||
Well it happens
![]() SDFix: Version 1.220 Run by Possible on Sun 08/31/2008 at 04:21 AM Microsoft Windows XP [Version 5.1.2600] Running From: C:\SDFix Checking Services : Name : {DEF85C80-216A-43ab-AF70-1665EDBE2780} Path : \??\C:\WINDOWS\TEMP\3E2.tmp {DEF85C80-216A-43ab-AF70-1665EDBE2780} - Deleted Restoring Default Security Values Restoring Default Hosts File Rebooting Checking Files : Trojan Files Found: C:\WINDOWS\system32\h@tkeysh@@k.dll - Deleted C:\WINDOWS\Temp\bca4e2da.$$$ - Deleted C:\WINDOWS\Temp\ed47fa.$ - Deleted C:\WINDOWS\Temp\fa56d7ec.$$$ - Deleted Note - Files associated with the MBR Rootkit have been found on this system, to check the PC use the MBR Rootkit Detector by Gmer Folder C:\Documents and Settings\HP_Administrator\Application Data\Macromedia\Flash Player\macromedia.com\support\flashplayer\sys\#w*w .redtube.com - Removed Removing Temp Files ADS Check : Final Check : catchme 0.3.1361.2 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net Rootkit scan 2008-08-31 04:28:55 Windows 5.1.2600 Service Pack 2 NTFS scanning hidden processes ... scanning hidden services & system hive ... [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Servic es\sptd\Cfg] "s1"=dword:5af0639c "s2"=dword:0af8c917 "h0"=dword:00000001 [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Servic es\sptd\Cfg\19659239224E364682FA4BAF72C53EA4] "h0"=dword:00000000 "khjeh"=hex:3d,1d,f7,ef,4b,a3,b1,83,c1,ac,50,82,4b ,6d,cf,e3,84,80,16,28,5c,.. [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Services\s ptd\Cfg\19659239224E364682FA4BAF72C53EA4] "h0"=dword:00000000 "khjeh"=hex:3d,1d,f7,ef,4b,a3,b1,83,c1,ac,50,82,4b ,6d,cf,e3,84,80,16,28,5c,.. scanning hidden registry entries ... scanning hidden files ... scan completed successfully hidden processes: 0 hidden services: 0 hidden files: 0 Remaining Services : Authorized Application Key Export: [HKEY_LOCAL_MACHINE\system\currentcontrolset\servic es\sharedaccess\parameters\firewallpolicy\standard profile\authorizedapplications\list] "%windir%\\system32\\sessmgr.exe"="%windir%\\syste m32\\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019" "C:\\Program Files\\HP\\Digital Imaging\\bin\\hpqtra08.exe"="C:\\Program Files\\HP\\Digital Imaging\\bin\\hpqtra08.exe:*:Enabled:hpqtra08.exe" "C:\\Program Files\\HP\\Digital Imaging\\bin\\hpqste08.exe"="C:\\Program Files\\HP\\Digital Imaging\\bin\\hpqste08.exe:*:Enabled:hpqste08.exe" "C:\\Program Files\\HP\\Digital Imaging\\bin\\hpofxm08.exe"="C:\\Program Files\\HP\\Digital Imaging\\bin\\hpofxm08.exe:*:Enabled:hpofxm08.exe" "C:\\Program Files\\HP\\Digital Imaging\\bin\\hposfx08.exe"="C:\\Program Files\\HP\\Digital Imaging\\bin\\hposfx08.exe:*:Enabled:hposfx08.exe" "C:\\Program Files\\HP\\Digital Imaging\\bin\\hposid01.exe"="C:\\Program Files\\HP\\Digital Imaging\\bin\\hposid01.exe:*:Enabled:hposid01.exe" "C:\\Program Files\\HP\\Digital Imaging\\bin\\hpqscnvw.exe"="C:\\Program Files\\HP\\Digital Imaging\\bin\\hpqscnvw.exe:*:Enabled:hpqscnvw.exe" "C:\\Program Files\\HP\\Digital Imaging\\bin\\hpqkygrp.exe"="C:\\Program Files\\HP\\Digital Imaging\\bin\\hpqkygrp.exe:*:Enabled:hpqkygrp.exe" "C:\\Program Files\\HP\\Digital Imaging\\bin\\hpqCopy.exe"="C:\\Program Files\\HP\\Digital Imaging\\bin\\hpqCopy.exe:*:Enabled:hpqcopy.exe" "C:\\Program Files\\HP\\Digital Imaging\\bin\\hpfccopy.exe"="C:\\Program Files\\HP\\Digital Imaging\\bin\\hpfccopy.exe:*:Enabled:hpfccopy.exe" "C:\\Program Files\\HP\\Digital Imaging\\bin\\hpzwiz01.exe"="C:\\Program Files\\HP\\Digital Imaging\\bin\\hpzwiz01.exe:*:Enabled:hpzwiz01.exe" "C:\\Program Files\\HP\\Digital Imaging\\Unload\\HpqPhUnl.exe"="C:\\Program Files\\HP\\Digital Imaging\\Unload\\HpqPhUnl.exe:*:Enabled:hpqphunl.e xe" "C:\\Program Files\\HP\\Digital Imaging\\Unload\\HpqDIA.exe"="C:\\Program Files\\HP\\Digital Imaging\\Unload\\HpqDIA.exe:*:Enabled:hpqdia.exe" "C:\\Program Files\\HP\\Digital Imaging\\bin\\hpoews01.exe"="C:\\Program Files\\HP\\Digital Imaging\\bin\\hpoews01.exe:*:Enabled:hpoews01.exe" "C:\\Program Files\\iTunes\\iTunes.exe"="C:\\Program Files\\iTunes\\iTunes.exe:*:Enabled:iTunes" "C:\\Program Files\\Updates from HP\\9972322\\Program\\Updates from HP.exe"="C:\\Program Files\\Updates from HP\\9972322\\Program\\Updates from HP.exe:*:Enabled:Updates from HP" "C:\\Program Files\\EarthLink TotalAccess\\TaskPanl.exe"="C:\\Program Files\\EarthLink TotalAccess\\TaskPanl.exe:*:Enabled:Earthlink" "C:\\Program Files\\Common Files\\AOL\\1141872391\\ee\\aolsoftware.exe"="C:\\ Program Files\\Common Files\\AOL\\1141872391\\ee\\aolsoftware.exe:*:Enab led:AOL Services" "C:\\Program Files\\Common Files\\AOL\\1141872391\\ee\\aim6.exe"="C:\\Program Files\\Common Files\\AOL\\1141872391\\ee\\aim6.exe:*:Enabled:AIM " "C:\\Program Files\\Common Files\\AOL\\1141872391\\ee\\AOLServiceHost.exe"="C :\\Program Files\\Common Files\\AOL\\1141872391\\ee\\AOLServiceHost.exe:*:E nabled:AOL Services" "C:\\Program Files\\Common Files\\AOL\\Loader\\aolload.exe"="C:\\Program Files\\Common Files\\AOL\\Loader\\aolload.exe:*:Enabled:AOL Loader" "C:\\Program Files\\Google\\Google Talk\\googletalk.exe"="C:\\Program Files\\Google\\Google Talk\\googletalk.exe:*:Enabled:Google Talk" "C:\\Program Files\\LimeWire\\LimeWire.exe"="C:\\Program Files\\LimeWire\\LimeWire.exe:*:Enabled:LimeWire" "C:\\Program Files\\uTorrent\\utorrent.exe"="C:\\Program Files\\uTorrent\\utorrent.exe:*:Enabled:æTorrent" "C:\\Program Files\\BitTorrent\\bittorrent.exe"="C:\\Program Files\\BitTorrent\\bittorrent.exe:*:Enabled:BitTor rent" "C:\\Program Files\\Yahoo!\\Messenger\\YahooMessenger.exe"="C:\ \Program Files\\Yahoo!\\Messenger\\YahooMessenger.exe:*:Ena bled:Yahoo! Messenger" "C:\\Program Files\\Yahoo!\\Messenger\\YServer.exe"="C:\\Progra m Files\\Yahoo!\\Messenger\\YServer.exe:*:Enabled:Ya hoo! FT Server" "C:\\Program Files\\Messenger\\msmsgs.exe"="C:\\Program Files\\Messenger\\msmsgs.exe:*:Enabled:Windows Messenger" "C:\\WINDOWS\\system32\\rlvknlg.exe"="C:\\WINDOWS\ \system32\\rlvknlg.exe:*:Enabled:rlvknlg.exe" "C:\\Program Files\\Microsoft Games\\Age of Empires II\\empires2.exe"="C:\\Program Files\\Microsoft Games\\Age of Empires II\\empires2.exe:*:Enabled:Age of Empires II" "C:\\WINDOWS\\system32\\dplaysvr.exe"="C:\\WINDOWS \\system32\\dplaysvr.exe:*:Enabled:Microsoft DirectPlay Helper" "C:\\Program Files\\Wolfenstein - Enemy Territory\\ET.exe"="C:\\Program Files\\Wolfenstein - Enemy Territory\\ET.exe:*:Enabled:ET" "C:\\Program Files\\Microsoft Games\\Age of Empires II\\age2_x1.exe"="C:\\Program Files\\Microsoft Games\\Age of Empires II\\age2_x1.exe:*:Enabled:Age of Empires II Expansion" "C:\\Program Files\\Microsoft Games\\Age of Empires II\\age2_x1\\age2_x1.exe"="C:\\Program Files\\Microsoft Games\\Age of Empires II\\age2_x1\\age2_x1.exe:*:Enabled:The Conquerors" "C:\\Program Files\\GameSpy Arcade\\Aphex.exe"="C:\\Program Files\\GameSpy Arcade\\Aphex.exe:*:Enabled:GameSpy Arcade" "C:\\Program Files\\AIM\\aim.exe"="C:\\Program Files\\AIM\\aim.exe:*:Enabled:AOL Instant Messenger" "C:\\Program Files\\Skype\\Phone\\Skype.exe"="C:\\Program Files\\Skype\\Phone\\Skype.exe:*:Enabled:Skype" "%windir%\\Network Diagnostic\\xpnetdiag.exe"="%windir%\\Network Diagnostic\\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000" "C:\\ijji\\ENGLISH\\u_skid.exe"="C:\\ijji\\ENGLISH \\u_skid.exe:*:Enabled:<ijji Downloader>" "C:\\Program Files\\DriftCity\\DriftCity.exe"="C:\\Program Files\\DriftCity\\DriftCity.exe:*:Enabled ![]() "C:\\ijji\\ENGLISH\\u_sf\\soldierfront.exe"="C:\\i jji\\ENGLISH\\u_sf\\soldierfront.exe:*:Enabled:sol dierfront" "C:\\WINDOWS\\pchealth\\helpctr\\binaries\\HelpCtr .exe"="C:\\WINDOWS\\pchealth\\helpctr\\binaries\\H elpCtr.exe:*:Enabled:Remote Assistance - Windows Messenger and Voice" "C:\\ijji\\ENGLISH\\u_sf.exe"="C:\\ijji\\ENGLISH\\ u_sf.exe:*:Enabled:<ijji Downloader>" [HKEY_LOCAL_MACHINE\system\currentcontrolset\servic es\sharedaccess\parameters\firewallpolicy\domainpr ofile\authorizedapplications\list] "%windir%\\system32\\sessmgr.exe"="%windir%\\syste m32\\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019" "%ProgramFiles%\\iTunes\\iTunes.exe"="%ProgramFile s%\\iTunes\\iTunes.exe:*:enabled:iTunes" "C:\\Program Files\\Updates from HP\\9972322\\Program\\Updates from HP.exe"="C:\\Program Files\\Updates from HP\\9972322\\Program\\Updates from HP.exe:*:Enabled:Updates from HP" "C:\\Program Files\\Common Files\\AOL\\1141872391\\ee\\AOLServiceHost.exe"="C :\\Program Files\\Common Files\\AOL\\1141872391\\ee\\AOLServiceHost.exe:*:E nabled:AOL Services" "C:\\Program Files\\Common Files\\AOL\\Loader\\aolload.exe"="C:\\Program Files\\Common Files\\AOL\\Loader\\aolload.exe:*:Enabled:AOL Loader" "%windir%\\Network Diagnostic\\xpnetdiag.exe"="%windir%\\Network Diagnostic\\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000" Remaining Files : File Backups: - C:\SDFix\backups\backups.zip Files with Hidden Attributes : Wed 8 Mar 2006 211 A.SHR --- "C:\BOOT.BAK" Wed 8 Mar 2006 4,348 ..SH. --- "C:\Documents and Settings\All Users\DRM\DRMv1.bak" Sat 30 Aug 2008 475,136 A..H. --- "C:\Documents and Settings\HP_Administrator\Local Settings\Temporary Internet Files\ijjistarter2FxB.exe" Wed 8 Mar 2006 1,613 A..H. --- "C:\Program Files\Common Files\AOL\IPHSend\IPH.BAK" Thu 17 Jul 2008 0 A..H. --- "C:\WINDOWS\SoftwareDistribution\Download\385cb67d da0ffd4dea8c0d990dc65796\BIT1.tmp" Finished! |
#25
|
|||
|
|||
OTViewIt logfile created on: 8/31/2008 4:33:18 AM - Run 2
OTViewIt by OldTimer - Version 1.0.1.7 Folder = C:\Documents and Settings\HP_Administrator\Desktop Windows XP Media Center Edition Service Pack 2 (Version = 5.1.2600) - Type = NTWorkstation Internet Explorer (Version = 7.0.5730.13) Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy 1015.29 Mb Total Physical Memory | 612.70 Mb Available Physical Memory | 60.35% Memory free 2.38 Gb Paging File | 2.12 Gb Available in Paging File | 88.90% Paging File free Paging file location(s): C:\pagefile.sys 1524 3048; %SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files Drive C: | 178.30 Gb Total Space | 113.51 Gb Free Space | 63.66% Space Free | Partition Type: NTFS Drive D: | 8.00 Gb Total Space | 0.91 Gb Free Space | 11.42% Space Free | Partition Type: FAT32 E: Drive not present or media not loaded F: Drive not present or media not loaded G: Drive not present or media not loaded H: Drive not present or media not loaded I: Drive not present or media not loaded Computer Name: YOUR-B27FB1C401 Current User Name: Possible Logged in as Administrator. Current Boot Mode: Normal Scan Mode: All users Whitelist: On ===== Processes - Non-Microsoft Only ===== [09/26/2007 12:51 AM | 00,066,872 | ---- | M] () - C:\WINDOWS\system32\PnkBstrA.exe [06/08/2005 01:59 PM | 00,077,824 | ---- | M] (Intel Corporation) - C:\WINDOWS\system32\hkcmd.exe [06/08/2005 02:03 PM | 00,114,688 | ---- | M] (Intel Corporation) - C:\WINDOWS\system32\igfxpers.exe [09/28/2005 02:05 AM | 00,098,304 | ---- | M] (Apple Computer, Inc.) - C:\Program Files\QuickTime\qttask.exe [01/24/2005 05:56 AM | 00,544,768 | ---- | M] (Motorola Inc.) - C:\WINDOWS\sm56hlpr.exe [05/04/2005 01:01 PM | 02,805,248 | ---- | M] (RealTek Semicoductor Corp.) - C:\WINDOWS\ALCWZRD.EXE ===== Win32 Services - Non-Microsoft Only ===== (iPodService) iPod Service [Disabled | Stopped] [05/05/2005 03:21 AM | 00,327,680 | ---- | M] (Apple Computer, Inc.) - C:\Program Files\iPod\bin\iPodService.exe (PnkBstrA) PnkBstrA [Auto | Running] [09/26/2007 12:51 AM | 00,066,872 | ---- | M] () - C:\WINDOWS\system32\PnkBstrA.exe (TuneUp.Defrag) TuneUp Drive Defrag Service [Disabled | Stopped] [04/06/2008 05:29 AM | 00,307,968 | ---- | M] (TuneUp Software GmbH) - C:\WINDOWS\system32\TuneUpDefragService.exe ===== Driver Services - Non-Microsoft Only ===== (catchme) catchme [On_Demand | Running] File not found - C:\DOCUME~1\HP_ADM~1\LOCALS~1\Temp\catchme.sys (ftsata2) ftsata2 [Boot | Stopped] File not found - C:\WINDOWS\system32\DRIVERS\ftsata2.sys (giveio) giveio [Boot | Running] [04/03/1996 03:33 PM | 00,005,248 | ---- | M] () - C:\WINDOWS\system32\giveio.sys (gmer) gmer [On_Demand | Stopped] [08/31/2008 01:39 AM | 00,085,969 | ---- | M] (GMER) - C:\WINDOWS\system32\drivers\gmer.sys (ialm) ialm [On_Demand | Running] [06/08/2005 02:27 PM | 01,050,140 | ---- | M] (Intel Corporation) - C:\WINDOWS\system32\drivers\ialmnt5.sys (iaStor) Intel RAID Controller [Boot | Running] [03/09/2005 09:09 PM | 00,870,912 | ---- | M] (Intel Corporation) - C:\WINDOWS\system32\drivers\iaStor.sys (ltmodem5) LT Modem Driver [On_Demand | Stopped] [08/04/2004 08:41 AM | 00,606,684 | ---- | M] (LT) - C:\WINDOWS\system32\drivers\ltmdmnt.sys (mbmiodrvr) mbmiodrvr [Auto | Running] [04/10/2004 09:42 AM | 00,002,944 | ---- | M] (cansoft@livewiredev.com) - C:\WINDOWS\system32\mbmiodrvr.sys (mbr) mbr [On_Demand | Stopped] File not found - C:\DOCUME~1\HP_ADM~1\LOCALS~1\Temp\mbr.sys (RTL8023xp) Realtek 10/100/1000 NIC Family all in one NDIS XP Driver [On_Demand | Running] [03/04/2005 02:10 PM | 00,074,496 | ---- | M] (Realtek Semiconductor Corporation ) - C:\WINDOWS\system32\drivers\Rtlnicxp.sys (rtl8139) Realtek RTL8139(A/B/C)-based PCI Fast Ethernet Adapter NT Driver [On_Demand | Stopped] [08/04/2004 08:31 AM | 00,020,992 | ---- | M] (Realtek Semiconductor Corporation) - C:\WINDOWS\system32\drivers\RTL8139.sys (samhid) samhid [On_Demand | Stopped] [01/07/2006 12:09 PM | 00,007,548 | ---- | M] () - C:\WINDOWS\system32\drivers\Samhid.sys (smserial) smserial [On_Demand | Running] [01/25/2005 09:56 AM | 00,923,863 | ---- | M] (Motorola Inc.) - C:\WINDOWS\system32\drivers\smserial.sys (speedfan) speedfan [Boot | Running] [09/24/2006 09:28 AM | 00,005,248 | ---- | M] (Windows (R) 2000 DDK provider) - C:\WINDOWS\system32\speedfan.sys (sptd) sptd [Boot | Running] [10/22/2006 05:00 AM | 00,611,064 | ---- | M] () - C:\WINDOWS\system32\drivers\sptd.sys (XDva016) XDva016 [On_Demand | Stopped] File not found - C:\WINDOWS\system32\XDva016.sys (XDva024) XDva024 [On_Demand | Stopped] File not found - C:\WINDOWS\system32\XDva024.sys (XTrapD12) XTrapD12 [On_Demand | Stopped] File not found - C:\WINDOWS\system32\XTrapD12.sys ========== Run Keys ========== [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\Curr entVersion\Run] "avgnt" = "C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe" /min [06/12/2008 02:28 PM | 00,266,497 | ---- | M] (Avira GmbH) "High Definition Audio Property Page Shortcut" = HDAShCut.exe [01/08/2005 03:07 AM | 00,061,952 | ---- | M] (Windows (R) Server 2003 DDK provider) "HotKeysCmds" = C:\WINDOWS\system32\hkcmd.exe [06/08/2005 01:59 PM | 00,077,824 | ---- | M] (Intel Corporation) "HP Software Update" = C:\Program Files\HP\HP Software Update\HPWuSchd2.exe [05/08/2007 04:24 PM | 00,054,840 | ---- | M] (Hewlett-Packard) "HPBootOp" = "C:\Program Files\Hewlett-Packard\HP Boot Optimizer\HPBootOp.exe" /run [02/26/2005 01:34 AM | 00,245,760 | ---- | M] (Hewlett-Packard Company) "HPHUPD08" = c:\Program Files\HP\Digital Imaging\{33D6CC28-9F75-4d1b-A11D-98895B3A3729}\hphupd08.exe [06/02/2005 02:35 AM | 00,049,152 | ---- | M] (Hewlett-Packard) "KBD" = C:\HP\KBD\KBD.EXE [02/02/2005 04:44 PM | 00,061,440 | ---- | M] (Hewlett-Packard Company) "Persistence" = C:\WINDOWS\system32\igfxpers.exe [06/08/2005 02:03 PM | 00,114,688 | ---- | M] (Intel Corporation) "QuickTime Task" = "C:\Program Files\QuickTime\qttask.exe" -atboottime [09/28/2005 02:05 AM | 00,098,304 | ---- | M] (Apple Computer, Inc.) "SMSERIAL" = sm56hlpr.exe [01/24/2005 05:56 AM | 00,544,768 | ---- | M] (Motorola Inc.) "SunJavaUpdateSched" = "C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe" [02/22/2008 04:25 AM | 00,144,784 | ---- | M] (Sun Microsystems, Inc.) "TkBellExe" = "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot [04/12/2008 10:15 PM | 00,185,896 | ---- | M] (RealNetworks, Inc.) [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows] "load" = Reg Error: Value load does not exist or could not be read. "run" = Reg Error: Value run does not exist or could not be read. [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows] "load" = "run" = Reg Error: Value run does not exist or could not be read. [HKEY_USERS\.DEFAULT\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows] "load" = "run" = Reg Error: Value run does not exist or could not be read. [HKEY_USERS\S-1-5-18\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows] "load" = "run" = Reg Error: Value run does not exist or could not be read. [HKEY_USERS\S-1-5-19\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows] "load" = "run" = Reg Error: Value run does not exist or could not be read. [HKEY_USERS\S-1-5-20\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows] "load" = "run" = Reg Error: Value run does not exist or could not be read. [HKEY_USERS\S-1-5-21-3168850613-2940384695-3104939514-1008\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows] "load" = "run" = Reg Error: Value run does not exist or could not be read. ========== Startup Folders ========== [Administrator Startup Folder - C:\Documents and Settings\Administrator\Start Menu\Programs\Startup] [All Users Startup Folder - C:\Documents and Settings\All Users\Start Menu\Programs\Startup] [Default User Startup Folder - C:\Documents and Settings\Default User\Start Menu\Programs\Startup] [HP_Administrator Startup Folder - C:\Documents and Settings\HP_Administrator\Start Menu\Programs\Startup] ========== BHO's ========== [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\Curr entVersion\Explorer\Browser Helper Objects\{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3}] HKLM CLSID: (Adobe PDF Reader Link Helper) - [12/18/2006 05:16 AM | 00,059,032 | ---- | M] (Adobe Systems Incorporated) C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\Curr entVersion\Explorer\Browser Helper Objects\{3049C3E9-B461-4BC5-8870-4C09146192CA}] HKLM CLSID: (RealPlayer Download and Record Plugin for Internet Explorer) - [04/12/2008 10:15 PM | 00,308,856 | ---- | M] (RealPlayer) C:\Program Files\Real\RealPlayer\rpbrowserrecordplugin.dll [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\Curr entVersion\Explorer\Browser Helper Objects\{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}] HKLM CLSID: (SSVHelper Class) - [02/22/2008 04:25 AM | 00,509,328 | ---- | M] (Sun Microsystems, Inc.) C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll ========== Toolbars ========== [HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\ShellBrowser] "{5CBE2611-C31B-401F-89BC-4CBB25E853D7}" HKLM CLSID: (Reg Error: Key does not exist or could not be opened.) - File not found Reg Error: Key does not exist or could not be opened. [HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser] "{42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6}" HKLM CLSID: (Reg Error: Key does not exist or could not be opened.) - File not found Reg Error: Key does not exist or could not be opened. [HKEY_USERS\.DEFAULT\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser] "{54B1488E-4984-472F-B6AA-B83044D7CD90}" HKLM CLSID: (Reg Error: Key does not exist or could not be opened.) - File not found Reg Error: Key does not exist or could not be opened. [HKEY_USERS\S-1-5-18\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser] "{54B1488E-4984-472F-B6AA-B83044D7CD90}" HKLM CLSID: (Reg Error: Key does not exist or could not be opened.) - File not found Reg Error: Key does not exist or could not be opened. [HKEY_USERS\S-1-5-21-3168850613-2940384695-3104939514-1008\Software\Microsoft\Internet Explorer\Toolbar\ShellBrowser] "{5CBE2611-C31B-401F-89BC-4CBB25E853D7}" HKLM CLSID: (Reg Error: Key does not exist or could not be opened.) - File not found Reg Error: Key does not exist or could not be opened. [HKEY_USERS\S-1-5-21-3168850613-2940384695-3104939514-1008\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser] "{42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6}" HKLM CLSID: (Reg Error: Key does not exist or could not be opened.) - File not found Reg Error: Key does not exist or could not be opened. ========== AppInit_Dlls ========== ========== HKLM Security Providers ========== ========== HKLM Winlogon Settings ========== [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\\Shell] "Explorer.exe" - [06/13/2007 06:23 AM | 01,033,216 | ---- | M] (Microsoft Corporation) C:\WINDOWS\explorer.exe [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\\UserInit] "C:\WINDOWS\system32\userinit.exe" - [08/10/2004 03:00 PM | 00,024,576 | ---- | M] (Microsoft Corporation) C:\WINDOWS\system32\userinit.exe [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\\UIHost] "logonui.exe" - [08/10/2004 03:00 PM | 00,514,560 | ---- | M] (Microsoft Corporation) C:\WINDOWS\system32\logonui.exe [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\\VMApplet] "rundll32 shell32" - [10/25/2007 11:34 PM | 08,460,288 | ---- | M] (Microsoft Corporation) C:\WINDOWS\system32\shell32.dll "Control_RunDLL "sysdm.cpl"" - [08/10/2004 03:00 PM | 00,298,496 | ---- | M] (Microsoft Corporation) C:\WINDOWS\system32\sysdm.cpl ========== User's Winlogon Settings ========== ========== Winlogon Notify Settings ========== |
#26
|
|||
|
|||
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\igfxcui]
"DllName" = C:\WINDOWS\system32\igfxdev.dll [06/08/2005 01:58 PM | 00,131,072 | ---- | M] (Intel Corporation) ========== Policies ========== [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\Curr entVersion\policies\Explorer] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\Curr entVersion\policies\System] "dontdisplaylastusername" = 0 "legalnoticecaption" = "legalnoticetext" = "shutdownwithoutlogon" = 1 "undockwithoutlogon" = 1 "InstallVisualStyle" = C:\WINDOWS\Resources\Themes\Royale\Royale.mss File not found "InstallTheme" = C:\WINDOWS\Resources\Themes\Royale.the File not found [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\Curre ntVersion\policies\Explorer] "NoDriveTypeAutoRun" = 145 "NoBandCustomize" = 0 "NoMovingBands" = 0 "NoCloseDragDropBands" = 0 "NoSetTaskbar" = 0 "NoToolbarsOnTaskbar" = 0 [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\Curre ntVersion\policies\System] [HKEY_USERS\.DEFAULT\SOFTWARE\Microsoft\Windows\Cur rentVersion\policies\Explorer] "NoDriveTypeAutoRun" = 145 [HKEY_USERS\.DEFAULT\SOFTWARE\Microsoft\Windows\Cur rentVersion\policies\System] [HKEY_USERS\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\polic ies\Explorer] "NoDriveTypeAutoRun" = 145 [HKEY_USERS\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\polic ies\System] [HKEY_USERS\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\polic ies\Explorer] "NoDriveTypeAutoRun" = 145 [HKEY_USERS\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\polic ies\System] Unable to open key or key not present! [HKEY_USERS\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\polic ies\Explorer] "NoDriveTypeAutoRun" = 145 [HKEY_USERS\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\polic ies\System] Unable to open key or key not present! [HKEY_USERS\S-1-5-21-3168850613-2940384695-3104939514-1008\SOFTWARE\Microsoft\Windows\CurrentVersion\pol icies\Explorer] "NoDriveTypeAutoRun" = 145 "NoBandCustomize" = 0 "NoMovingBands" = 0 "NoCloseDragDropBands" = 0 "NoSetTaskbar" = 0 "NoToolbarsOnTaskbar" = 0 [HKEY_USERS\S-1-5-21-3168850613-2940384695-3104939514-1008\SOFTWARE\Microsoft\Windows\CurrentVersion\pol icies\System] ========== Lsa Authentication Packages ========== ========== Lsa Security Packages ========== ========== Desktop Components ========== [HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Desktop\Components\0] "FriendlyName" = "My Current Home Page" "Source" = "About:Home" "SubscribedURL" = "About:Home" ========== Safeboot Options ========== [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Contro l\SafeBoot] "AlternateShell" = cmd.exe ========== Disabled MsConfig Items ========== [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\services] "TuneUp.Defrag" = 3 "LightScribeService" = 2 "iPodService" = 3 "Fax" = 3 [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupfolder] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Adobe Reader Speed Launch.lnk] "path" = C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Adobe Reader Speed Launch.lnk File not found "backup" = C:\WINDOWS\pss\Adobe Reader Speed Launch.lnk File not found "location" = Common Startup "command" = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe [09/23/2005 11:05 PM | 00,029,696 | ---- | M] (Adobe Systems Incorporated) "item" = Adobe Reader Speed Launch [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^HP Digital Imaging Monitor.lnk] "path" = C:\Documents and Settings\All Users\Start Menu\Programs\Startup\HP Digital Imaging Monitor.lnk File not found "backup" = C:\WINDOWS\pss\HP Digital Imaging Monitor.lnk File not found "location" = Common Startup "command" = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe [05/12/2005 09:23 AM | 00,282,624 | ---- | M] (Hewlett-Packard Co.) "item" = HP Digital Imaging Monitor [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupfolder\C:^Documents and Settings^HP_Administrator^Start Menu^Programs^Startup^Cyber-shot Viewer Media Check Tool.lnk] "path" = C:\Documents and Settings\HP_Administrator\Start Menu\Programs\Startup\Cyber-shot Viewer Media Check Tool.lnk File not found "backup" = C:\WINDOWS\pss\Cyber-shot Viewer Media Check Tool.lnk File not found "location" = Startup "command" = C:\Program Files\Sony\Sony Picture Utility\VolumeWatcher\SPUVolumeWatcher.exe [10/28/2005 03:12 PM | 00,155,648 | ---- | M] (Sony Corporation) "item" = Cyber-shot Viewer Media Check Tool [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg] "key" = SOFTWARE\Microsoft\Windows\CurrentVersion\Run "item" = "hkey" = HKCU "command" = "inimapping" = 0 [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\Aim6] "key" = SOFTWARE\Microsoft\Windows\CurrentVersion\Run "item" = AOLLaunch "hkey" = HKCU "command" = C:\Program Files\Common Files\AOL\Launch\aollaunch.exe [12/15/2005 09:38 PM | 00,050,792 | ---- | M] (America Online, Inc.) "inimapping" = 0 [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\googletalk] "key" = SOFTWARE\Microsoft\Windows\CurrentVersion\Run "item" = googletalk "hkey" = HKCU "command" = C:\Program Files\Google\Google Talk\googletalk.exe File not found "inimapping" = 0 [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\HostManager] "key" = SOFTWARE\Microsoft\Windows\CurrentVersion\Run "item" = AOLHostManager "hkey" = HKLM "command" = C:\Program Files\Common Files\AOL\1141872391\ee\AOLHostManager.exe [12/15/2005 09:38 PM | 00,013,416 | ---- | M] (America Online, Inc.) "inimapping" = 0 [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\MSMSGS] "key" = SOFTWARE\Microsoft\Windows\CurrentVersion\Run "item" = msmsgs "hkey" = HKCU "command" = C:\Program Files\Messenger\msmsgs.exe [10/13/2004 07:24 PM | 01,694,208 | ---- | M] (Microsoft Corporation) "inimapping" = 0 [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\PCDrProfiler] "key" = SOFTWARE\Microsoft\Windows\CurrentVersion\Run "item" = "hkey" = HKLM "command" = "inimapping" = 0 [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\TkBellExe] "key" = SOFTWARE\Microsoft\Windows\CurrentVersion\Run "item" = realsched "hkey" = HKLM "command" = C:\Program Files\Common Files\Real\Update_OB\realsched.exe [04/12/2008 10:15 PM | 00,185,896 | ---- | M] (RealNetworks, Inc.) "inimapping" = 0 [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\updateMgr] "key" = SOFTWARE\Microsoft\Windows\CurrentVersion\Run "item" = AdobeUpdateManager "hkey" = HKCU "command" = C:\Program Files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe [03/30/2006 05:45 PM | 00,313,472 | R--- | M] (Adobe Systems Incorporated) "inimapping" = 0 [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\state] "system.ini" = 0 "win.ini" = 0 "bootini" = 0 "services" = 2 "startup" = 2 ========== CDRom AutoRun Settings ========== [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Servic es\Cdrom] "AutoRun" = 1 ========== Autorun Files on Drives ========== AUTOEXEC.BAT [PATH=%PATH%;C:\PROGRA~1\COMMON~1\MUVEET~1\030625 | PATH=%PATH%;C:\PROGRA~1\COMMON~1\MUVEET~1\030625 | ] [09/28/2005 02:09 AM | 00,000,100 | ---- | M] () C:\AUTOEXEC.BAT [ NTFS ] AUTOEXEC.BAT [] [07/28/2001 05:07 AM | 00,000,000 | -HS- | M] () D:\AUTOEXEC.BAT [ FAT32 ] Autorun.inf [[AUTORUN] | ShellExecute=Info.exe protect.ed 480 480 | ] [04/30/2004 09:01 PM | 00,000,053 | -HS- | M] () D:\Autorun.inf [ FAT32 ] ========== MountPoints2 ========== [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\Curre ntVersion\Explorer\MountPoints2\{009a82f9-d3bc-11db-8dbc-0013d4e9e658}\Shell] "" = None [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\Curre ntVersion\Explorer\MountPoints2\{051d8e46-9750-11db-8db8-0013d4e9e658}\Shell] "" = None [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\Curre ntVersion\Explorer\MountPoints2\{af221b6f-bd0f-11db-8dba-0013d4e9e658}\Shell] "" = None [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\Curre ntVersion\Explorer\MountPoints2\{af221b75-bd0f-11db-8dba-0013d4e9e658}\Shell] "" = None [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\Curre ntVersion\Explorer\MountPoints2\{c7dea048-c1c8-11db-8dbb-0013d4e9e658}\Shell] "" = None [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\Curre ntVersion\Explorer\MountPoints2\{df4591b8-8279-11db-8db5-0013d4e9e658}\Shell] "" = None [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\Curre ntVersion\Explorer\MountPoints2\{e619c920-81a8-11db-8db4-0013d4e9e658}\Shell] "" = None ========== DNS Name Servers ========== [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Servic es\Tcpip\Parameters\Adapters\{24C35E9D-43DE-47B3-8C8D-C6AC403DF807}] Servers: | Description: Realtek RTL8139 Family PCI Fast Ethernet NIC [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Servic es\Tcpip\Parameters\Adapters\{B43D45C4-246C-4B18-8A68-6B1D4349FF5E}] Servers: | Description: 1394 Net Adapter [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Servic es\Tcpip\Parameters\Adapters\{F2EA6E95-22A4-4FA3-AC0B-59DAE1720471}] Servers: | Description: Realtek RTL8139/810x Family Fast Ethernet NIC ========== Hosts File ========== HOSTS File = (686 bytes) - C:\WINDOWS\System32\drivers\etc\Hosts First 25 entries... 127.0.0.1 localhost ========== Files/Folders - Created Within 30 days ========== [08/31/2008 02:01 AM | 00,066,048 | ---- | C] () - C:\mbr.exe [08/31/2008 04:17 AM | ---D | C] - C:\SDFix [08/29/2008 05:31 PM | 00,004,639 | ---- | C] () - C:\WINDOWS\System32\dllcache\mplayer2.exe [08/29/2008 05:31 PM | 00,009,472 | ---- | C] () - C:\WINDOWS\System32\dllcache\ativmdcd.sys [08/29/2008 05:31 PM | 00,010,240 | ---- | C] () - C:\WINDOWS\System32\dllcache\atipcxxx.sys [08/29/2008 05:31 PM | 00,010,880 | ---- | C] (Aureal, Inc.) - C:\WINDOWS\System32\dllcache\admjoy.sys [08/29/2008 05:31 PM | 00,016,969 | ---- | C] (AmbiCom, Inc.) - C:\WINDOWS\System32\dllcache\amb8002.sys [08/29/2008 05:31 PM | 00,017,152 | ---- | C] () - C:\WINDOWS\System32\dllcache\atitunep.sys [08/29/2008 05:31 PM | 00,017,152 | ---- | C] () - C:\WINDOWS\System32\dllcache\atitvsnd.sys [08/29/2008 05:31 PM | 00,019,456 | ---- | C] () - C:\WINDOWS\System32\dllcache\ativttxx.sys [08/29/2008 05:31 PM | 00,020,160 | ---- | C] (ADMtek Incorporated) - C:\WINDOWS\System32\dllcache\adm8511.sys [08/29/2008 05:31 PM | 00,023,552 | ---- | C] () - C:\WINDOWS\System32\dllcache\atixbar.sys [08/29/2008 05:31 PM | 00,026,624 | ---- | C] () - C:\WINDOWS\System32\dllcache\ativxbar.sys [08/29/2008 05:31 PM | 00,026,880 | ---- | C] () - C:\WINDOWS\System32\dllcache\atirtsnd.sys [08/29/2008 05:31 PM | 00,036,128 | ---- | C] (3Dfx Interactive, Inc.) - C:\WINDOWS\System32\dllcache\banshee.sys [08/29/2008 05:31 PM | 00,036,992 | ---- | C] (Aztech Systems Ltd) - C:\WINDOWS\System32\dllcache\aztw2320.sys [08/29/2008 05:31 PM | 00,037,568 | ---- | C] (AVM GmbH) - C:\WINDOWS\System32\dllcache\avmwan.sys [08/29/2008 05:31 PM | 00,046,112 | ---- | C] (Adaptec, Inc ) - C:\WINDOWS\System32\dllcache\adptsf50.sys [08/29/2008 05:31 PM | 00,046,464 | ---- | C] () - C:\WINDOWS\System32\dllcache\atibt829.sys [08/29/2008 05:31 PM | 00,049,920 | ---- | C] () - C:\WINDOWS\System32\dllcache\atirtcap.sys [08/29/2008 05:31 PM | 00,061,440 | ---- | C] (Color Flatbed Scanner) - C:\WINDOWS\System32\dllcache\acerscad.dll [08/29/2008 05:31 PM | 00,077,568 | ---- | C] (ATI Technologies, Inc.) - C:\WINDOWS\System32\dllcache\ati.sys [08/29/2008 05:31 PM | 00,084,480 | ---- | C] (VIA Technologies, Inc.) - C:\WINDOWS\System32\dllcache\ac97via.sys [08/29/2008 05:31 PM | 00,087,552 | ---- | C] (AVM GmbH) - C:\WINDOWS\System32\dllcache\avmcoxp.dll [08/29/2008 05:31 PM | 00,089,952 | ---- | C] (AVM GmbH) - C:\WINDOWS\System32\dllcache\b1cbase.sys [08/29/2008 05:31 PM | 00,096,256 | ---- | C] (Intel Corporation) - C:\WINDOWS\System32\dllcache\ac97intc.sys [08/29/2008 05:31 PM | 00,097,354 | ---- | C] (Bay Networks, Inc.) - C:\WINDOWS\System32\dllcache\aspndis3.sys [08/29/2008 05:31 PM | 00,098,304 | ---- | C] (Aureal Semiconductor) - C:\WINDOWS\System32\dllcache\a3d.dll [08/29/2008 05:31 PM | 00,144,384 | ---- | C] (AVM GmbH) - C:\WINDOWS\System32\dllcache\avmenum.dll [08/29/2008 05:31 PM | 00,148,352 | ---- | C] (3dfx Interactive, Inc.) - C:\WINDOWS\System32\dllcache\3dfxvsm.sys [08/29/2008 05:31 PM | 00,297,728 | ---- | C] (Silicon Integrated Systems Corp.) - C:\WINDOWS\System32\dllcache\ac97sis.sys [08/29/2008 05:31 PM | 00,342,336 | ---- | C] (3Dfx Interactive, Inc.) - C:\WINDOWS\System32\dllcache\banshee.dll [08/29/2008 05:31 PM | 00,462,848 | ---- | C] (Aureal Inc.) - C:\WINDOWS\System32\dllcache\a3dapi.dll [08/29/2008 05:31 PM | 00,553,984 | ---- | C] (Aureal, Inc.) - C:\WINDOWS\System32\dllcache\adm8820.sys [08/29/2008 05:31 PM | 00,584,448 | ---- | C] (Aureal, Inc.) - C:\WINDOWS\System32\dllcache\adm8810.sys [08/29/2008 05:31 PM | 00,689,216 | ---- | C] (3dfx Interactive, Inc.) - C:\WINDOWS\System32\dllcache\3dfxvs.dll [08/29/2008 05:31 PM | 00,747,392 | ---- | C] (Aureal, Inc.) - C:\WINDOWS\System32\dllcache\adm8830.sys [08/29/2008 05:31 PM | 00,762,780 | ---- | C] (3Com, Inc.) - C:\WINDOWS\System32\dllcache\3cwmcru.sys [08/29/2008 05:32 PM | 00,002,944 | ---- | C] (Brother Industries Ltd.) - C:\WINDOWS\System32\dllcache\brfilt.sys [08/29/2008 05:32 PM | 00,003,168 | ---- | C] (Brother Industries Ltd.) - C:\WINDOWS\System32\dllcache\brparimg.sys [08/29/2008 05:32 PM | 00,003,968 | ---- | C] (Brother Industries, Ltd.) - C:\WINDOWS\System32\dllcache\brfiltup.sys [08/29/2008 05:32 PM | 00,005,120 | ---- | C] (Brother Industries,Ltd.) - C:\WINDOWS\System32\dllcache\brscnrsm.dll [08/29/2008 05:32 PM | 00,009,728 | ---- | C] (Brother Industries Ltd.) - C:\WINDOWS\System32\dllcache\brcoinst.dll [08/29/2008 05:32 PM | 00,009,728 | ---- | C] (Brother Industries, Ltd.) - C:\WINDOWS\System32\dllcache\brserif.dll [08/29/2008 05:32 PM | 00,010,368 | ---- | C] (Brother Industries Ltd.) - C:\WINDOWS\System32\dllcache\brusbscn.sys [08/29/2008 05:32 PM | 00,011,008 | ---- | C] (Brother Industries Ltd.) - C:\WINDOWS\System32\dllcache\brusbmdm.sys [08/29/2008 05:32 PM | 00,012,160 | ---- | C] (Brother Industries, Ltd.) - C:\WINDOWS\System32\dllcache\brfiltlo.sys [08/29/2008 05:32 PM | 00,012,800 | ---- | C] (Brother Industries, Ltd.) - C:\WINDOWS\System32\dllcache\brevif.dll [08/29/2008 05:32 PM | 00,015,360 | ---- | C] (Brother Industries, Ltd.) - C:\WINDOWS\System32\dllcache\brmfbidi.dll [08/29/2008 05:32 PM | 00,019,456 | ---- | C] (Brother Industries, Ltd.) - C:\WINDOWS\System32\dllcache\brbidiif.dll [08/29/2008 05:32 PM | 00,020,736 | ---- | C] (OMNIKEY AG) - C:\WINDOWS\System32\dllcache\cmbp0wdm.sys [08/29/2008 05:32 PM | 00,021,530 | ---- | C] (Xircom, Inc.) - C:\WINDOWS\System32\dllcache\ce2n5.sys [08/29/2008 05:32 PM | 00,022,044 | ---- | C] (Xircom, Inc.) - C:\WINDOWS\System32\dllcache\cem28n5.sys [08/29/2008 05:32 PM | 00,022,044 | ---- | C] (Xircom, Inc.) - C:\WINDOWS\System32\dllcache\cem33n5.sys [08/29/2008 05:32 PM | 00,027,164 | ---- | C] (Xircom, Inc.) - C:\WINDOWS\System32\dllcache\ce3n5.sys [08/29/2008 05:32 PM | 00,029,696 | ---- | C] (Brother Industries, Ltd.) - C:\WINDOWS\System32\dllcache\brmflpt.dll [08/29/2008 05:32 PM | 00,031,529 | ---- | C] (BreezeCOM) - C:\WINDOWS\System32\dllcache\brzwlan.sys [08/29/2008 05:32 PM | 00,032,256 | ---- | C] (Brother Industries, Ltd.) - C:\WINDOWS\System32\dllcache\brmfrsmg.exe [08/29/2008 05:32 PM | 00,032,256 | ---- | C] (Eicon Technology Corporation) - C:\WINDOWS\System32\dllcache\diapi2NT.dll [08/29/2008 05:32 PM | 00,037,916 | ---- | C] (Fast Ethernet Controller Provider) - C:\WINDOWS\System32\dllcache\cb102.sys [08/29/2008 05:32 PM | 00,039,552 | ---- | C] (Brother Industries Ltd.) - C:\WINDOWS\System32\dllcache\brparwdm.sys [08/29/2008 05:32 PM | 00,039,680 | ---- | C] (Silicom Ltd.) - C:\WINDOWS\System32\dllcache\cb325.sys [08/29/2008 05:32 PM | 00,041,472 | ---- | C] (Brother Industries, Ltd.) - C:\WINDOWS\System32\dllcache\brmfusb.dll [08/29/2008 05:32 PM | 00,046,108 | ---- | C] (Xircom, Inc.) - C:\WINDOWS\System32\dllcache\cben5.sys [08/29/2008 05:32 PM | 00,049,182 | ---- | C] (Xircom, Inc.) - C:\WINDOWS\System32\dllcache\cem56n5.sys [08/29/2008 05:32 PM | 00,054,528 | ---- | C] (Philips Semiconductors GmbH) - C:\WINDOWS\System32\dllcache\cap7146.sys [08/29/2008 05:32 PM | 00,060,416 | ---- | C] (Brother Industries Ltd.) - C:\WINDOWS\System32\dllcache\brserwdm.sys [08/29/2008 05:32 PM | 00,164,923 | ---- | C] (Eicon Technology) - C:\WINDOWS\System32\dllcache\diapi2.sys [08/29/2008 05:32 PM | 00,173,568 | ---- | C] () - C:\WINDOWS\System32\dllcache\chtskf.dll [08/29/2008 05:32 PM | 00,272,640 | ---- | C] (RAVISENT Technologies Inc.) - C:\WINDOWS\System32\dllcache\cinemclc.sys [08/29/2008 05:32 PM | 00,714,698 | ---- | C] (Xircom, Inc.) - C:\WINDOWS\System32\dllcache\cbmdmkxx.sys [08/29/2008 05:32 PM | 00,871,388 | ---- | C] (BCM) - C:\WINDOWS\System32\dllcache\bcmdm.sys [08/29/2008 05:32 PM | 00,980,034 | ---- | C] (Xircom) - C:\WINDOWS\System32\dllcache\cicap.sys [08/29/2008 05:33 PM | 00,003,072 | ---- | C] (Crystal Semiconductor Corp.) - C:\WINDOWS\System32\dllcache\cwbase.sys [08/29/2008 05:33 PM | 00,003,072 | ---- | C] (Crystal Semiconductor Corp.) - C:\WINDOWS\System32\dllcache\cwbmidi.sys [08/29/2008 05:33 PM | 00,003,584 | ---- | C] (Crystal Semiconductor Corp.) - C:\WINDOWS\System32\dllcache\cwcosnt5.sys [08/29/2008 05:33 PM | 00,003,712 | ---- | C] (Creative Technology Ltd.) - C:\WINDOWS\System32\dllcache\ctljystk.sys [08/29/2008 05:33 PM | 00,004,096 | ---- | C] (Creative Technology Ltd.) - C:\WINDOWS\System32\dllcache\ctwdm32.dll [08/29/2008 05:33 PM | 00,006,216 | ---- | C] () - C:\WINDOWS\System32\dllcache\divaci.dll [08/29/2008 05:33 PM | 00,006,729 | ---- | C] (Eicon Technology) - C:\WINDOWS\System32\dllcache\disrvci.dll [08/29/2008 05:33 PM | 00,006,912 | ---- | C] (Creative Technology Ltd.) - C:\WINDOWS\System32\dllcache\ctlfacem.sys [08/29/2008 05:33 PM | 00,020,928 | ---- | C] (Digital Networks, LLC) - C:\WINDOWS\System32\dllcache\defpa.sys [08/29/2008 05:33 PM | 00,021,533 | ---- | C] (Compaq Computer Corporation) - C:\WINDOWS\System32\dllcache\cpqndis5.sys [08/29/2008 05:33 PM | 00,024,064 | ---- | C] (Creative Technology Ltd.) - C:\WINDOWS\System32\dllcache\devldr32.exe [08/29/2008 05:33 PM | 00,024,648 | ---- | C] (D-Link) - C:\WINDOWS\System32\dllcache\dfe650.sys [08/29/2008 05:33 PM | 00,024,649 | ---- | C] (D-Link) - C:\WINDOWS\System32\dllcache\dfe650d.sys [08/29/2008 05:33 PM | 00,029,768 | ---- | C] () - C:\WINDOWS\System32\dllcache\divasu.dll [08/29/2008 05:33 PM | 00,031,305 | ---- | C] (Eicon Technology) - C:\WINDOWS\System32\dllcache\disrvpp.dll [08/29/2008 05:33 PM | 00,037,962 | ---- | C] () - C:\WINDOWS\System32\dllcache\divaprop.dll [08/29/2008 05:33 PM | 00,038,985 | ---- | C] (Eicon Technology) - C:\WINDOWS\System32\dllcache\disrvsu.dll [08/29/2008 05:33 PM | 00,048,640 | ---- | C] (Crystal Semiconductor Corp.) - C:\WINDOWS\System32\dllcache\cwrwdm.sys [08/29/2008 05:33 PM | 00,060,970 | ---- | C] (Compaq Computer Corp.) - C:\WINDOWS\System32\dllcache\cpqtrnd5.sys |
#27
|
|||
|
|||
[08/29/2008 05:33 PM | 00,063,208 | ---- | C] (Intel Corporation.) - C:\WINDOWS\System32\dllcache\dc21x4.sys
[08/29/2008 05:33 PM | 00,072,832 | ---- | C] (Crystal Semiconductor Corp.) - C:\WINDOWS\System32\dllcache\cwbwdm.sys [08/29/2008 05:33 PM | 00,091,305 | ---- | C] (Eicon Technology) - C:\WINDOWS\System32\dllcache\dimaint.sys [08/29/2008 05:33 PM | 00,093,952 | ---- | C] (Crystal Semiconductor Corp.) - C:\WINDOWS\System32\dllcache\cwcwdm.sys [08/29/2008 05:33 PM | 00,096,256 | ---- | C] (Copyright (C) Creative Technology Ltd. 1994-2001) - C:\WINDOWS\System32\dllcache\ctlsb16.sys [08/29/2008 05:33 PM | 00,111,872 | ---- | C] (Crystal Semiconductor Corp.) - C:\WINDOWS\System32\dllcache\cwcspud.sys [08/29/2008 05:33 PM | 00,117,760 | ---- | C] (Intel Corporation) - C:\WINDOWS\System32\dllcache\d100ib5.sys [08/29/2008 05:33 PM | 00,216,064 | ---- | C] (COMPAQ Inc.) - C:\WINDOWS\System32\dllcache\cpscan.dll [08/29/2008 05:33 PM | 00,236,060 | ---- | C] (Eicon Technology) - C:\WINDOWS\System32\dllcache\ditrace.exe [08/29/2008 05:33 PM | 00,249,856 | ---- | C] (Comtrol® Corporation) - C:\WINDOWS\System32\dllcache\ctmasetp.dll [08/29/2008 05:33 PM | 00,256,512 | ---- | C] (Creative Technology Ltd.) - C:\WINDOWS\System32\dllcache\devcon32.dll [08/29/2008 05:34 PM | 00,018,503 | ---- | C] (Intel Corporation) - C:\WINDOWS\System32\dllcache\epro4.sys [08/29/2008 05:34 PM | 00,019,594 | ---- | C] (Intel Corporation) - C:\WINDOWS\System32\dllcache\e100isa4.sys [08/29/2008 05:34 PM | 00,026,698 | ---- | C] (D-Link Corporation) - C:\WINDOWS\System32\dllcache\dlh5xnd5.sys [08/29/2008 05:34 PM | 00,028,062 | ---- | C] (National Semiconductor Coproration) - C:\WINDOWS\System32\dllcache\dp83820.sys [08/29/2008 05:34 PM | 00,029,696 | ---- | C] (CNet Technology, Inc. ) - C:\WINDOWS\System32\dllcache\dm9pci5.sys [08/29/2008 05:34 PM | 00,037,120 | ---- | C] (Creative Technology Ltd.) - C:\WINDOWS\System32\dllcache\es1370mp.sys [08/29/2008 05:34 PM | 00,040,704 | ---- | C] (Creative Technology Ltd.) - C:\WINDOWS\System32\dllcache\es1371mp.sys [08/29/2008 05:34 PM | 00,050,719 | ---- | C] (Intel Corporation) - C:\WINDOWS\System32\dllcache\e1000nt5.sys [08/29/2008 05:34 PM | 00,072,192 | ---- | C] (ESS Technology Inc.) - C:\WINDOWS\System32\dllcache\es1969.sys [08/29/2008 05:34 PM | 00,117,760 | ---- | C] (Intel Corporation) - C:\WINDOWS\System32\dllcache\e100b325.sys [08/29/2008 05:34 PM | 00,283,904 | ---- | C] (Creative Technology Ltd.) - C:\WINDOWS\System32\dllcache\emu10k1m.sys [08/29/2008 05:34 PM | 00,334,208 | ---- | C] (Yamaha Corp.) - C:\WINDOWS\System32\dllcache\ds1wdm.sys [08/29/2008 05:34 PM | 00,952,007 | ---- | C] (Eicon Technology) - C:\WINDOWS\System32\dllcache\diwan.sys [08/29/2008 05:35 PM | 00,011,850 | ---- | C] (FUJITSU LIMITED) - C:\WINDOWS\System32\dllcache\f3ab18xj.sys [08/29/2008 05:35 PM | 00,012,362 | ---- | C] (FUJITSU LIMITED) - C:\WINDOWS\System32\dllcache\f3ab18xi.sys [08/29/2008 05:35 PM | 00,016,998 | ---- | C] (Intel Corporation) - C:\WINDOWS\System32\dllcache\ex10.sys [08/29/2008 05:35 PM | 00,024,618 | ---- | C] (NETGEAR) - C:\WINDOWS\System32\dllcache\fa410nd5.sys [08/29/2008 05:35 PM | 00,027,165 | ---- | C] (VIA Technologies, Inc. ) - C:\WINDOWS\System32\dllcache\fetnd5.sys [08/29/2008 05:35 PM | 00,031,744 | ---- | C] (SEIKO EPSON CORP.) - C:\WINDOWS\System32\dllcache\esucmd.dll [08/29/2008 05:35 PM | 00,034,173 | ---- | C] (Marconi Communications, Inc.) - C:\WINDOWS\System32\dllcache\forehe.sys [08/29/2008 05:35 PM | 00,034,816 | ---- | C] (SEIKO EPSON CORP.) - C:\WINDOWS\System32\dllcache\esuimg.dll [08/29/2008 05:35 PM | 00,043,008 | ---- | C] (SEIKO EPSON CORP.) - C:\WINDOWS\System32\dllcache\esucm.dll [08/29/2008 05:35 PM | 00,045,056 | ---- | C] (SEIKO EPSON CORP.) - C:\WINDOWS\System32\dllcache\esunid.dll [08/29/2008 05:35 PM | 00,045,568 | ---- | C] (SEIKO EPSON CORP.) - C:\WINDOWS\System32\dllcache\esuni.dll [08/29/2008 05:35 PM | 00,045,568 | ---- | C] (SEIKO EPSON CORP.) - C:\WINDOWS\System32\dllcache\esunib.dll [08/29/2008 05:35 PM | 00,057,856 | ---- | C] (SEIKO EPSON CORP.) - C:\WINDOWS\System32\dllcache\esuimgd.dll [08/29/2008 05:35 PM | 00,094,208 | ---- | C] () - C:\WINDOWS\System32\dllcache\fpencode.dll [08/29/2008 05:35 PM | 00,441,728 | ---- | C] (AVM GmbH) - C:\WINDOWS\System32\dllcache\fpcmbase.sys [08/29/2008 05:35 PM | 00,442,240 | ---- | C] (AVM GmbH) - C:\WINDOWS\System32\dllcache\fpnpbase.sys [08/29/2008 05:35 PM | 00,444,416 | ---- | C] (AVM GmbH) - C:\WINDOWS\System32\dllcache\fpcibase.sys [08/29/2008 05:35 PM | 00,454,912 | ---- | C] (AVM GmbH) - C:\WINDOWS\System32\dllcache\fxusbase.sys [08/29/2008 05:35 PM | 00,455,296 | ---- | C] (AVM GmbH) - C:\WINDOWS\System32\dllcache\fusbbase.sys [08/29/2008 05:35 PM | 00,455,680 | ---- | C] (AVM GmbH) - C:\WINDOWS\System32\dllcache\fus2base.sys [08/29/2008 05:36 PM | 00,017,408 | ---- | C] (Gemplus) - C:\WINDOWS\System32\dllcache\gpr400.sys [08/29/2008 05:36 PM | 00,028,288 | ---- | C] (Gemplus) - C:\WINDOWS\System32\dllcache\grserial.sys [08/29/2008 05:36 PM | 00,068,608 | ---- | C] (Avisioin) - C:\WINDOWS\System32\dllcache\hpgt53tk.dll [08/29/2008 05:36 PM | 00,082,304 | ---- | C] (Gemplus) - C:\WINDOWS\System32\dllcache\grclass.sys [08/29/2008 05:36 PM | 00,083,968 | ---- | C] () - C:\WINDOWS\System32\dllcache\hpgt21.dll [08/29/2008 05:36 PM | 00,089,088 | ---- | C] () - C:\WINDOWS\System32\dllcache\hpgt33.dll [08/29/2008 05:36 PM | 00,093,696 | ---- | C] () - C:\WINDOWS\System32\dllcache\hpgt42.dll [08/29/2008 05:36 PM | 00,101,376 | ---- | C] () - C:\WINDOWS\System32\dllcache\hpgt34.dll [08/29/2008 05:36 PM | 00,108,827 | ---- | C] () - C:\WINDOWS\System32\dllcache\hanja.lex [08/29/2008 05:36 PM | 00,126,976 | ---- | C] (Hewlett Packard) - C:\WINDOWS\System32\dllcache\hpgt34tk.dll [08/29/2008 05:36 PM | 00,165,888 | ---- | C] () - C:\WINDOWS\System32\dllcache\hpgt53.dll [08/29/2008 05:37 PM | 00,009,216 | ---- | C] (IBM Corporation) - C:\WINDOWS\System32\dllcache\ibmsgnet.dll [08/29/2008 05:37 PM | 00,028,700 | ---- | C] (IBM Corp.) - C:\WINDOWS\System32\dllcache\ibmexmp.sys [08/29/2008 05:37 PM | 00,058,592 | ---- | C] (Intel Corporation) - C:\WINDOWS\System32\dllcache\i740nt5.sys [08/29/2008 05:37 PM | 00,100,936 | ---- | C] (IBM Corporation) - C:\WINDOWS\System32\dllcache\ibmtok.sys [08/29/2008 05:37 PM | 00,109,085 | ---- | C] (IBM Corporation) - C:\WINDOWS\System32\dllcache\ibmtrp.sys [08/29/2008 05:37 PM | 00,353,184 | ---- | C] (Intel Corporation) - C:\WINDOWS\System32\dllcache\i740dnt5.dll [08/29/2008 05:37 PM | 13,463,552 | ---- | C] () - C:\WINDOWS\System32\dllcache\hwxjpn.dll [08/29/2008 05:38 PM | 00,023,552 | ---- | C] (MKNet Corporation) - C:\WINDOWS\System32\dllcache\irmk7.sys [08/29/2008 05:38 PM | 00,038,784 | ---- | C] (Perle Systems Ltd. ) - C:\WINDOWS\System32\dllcache\io8.sys [08/29/2008 05:38 PM | 00,045,632 | ---- | C] (Interphase (R) Corporation a Windows (R) 2000 DDK Driver Provider) - C:\WINDOWS\System32\dllcache\ip5515.sys [08/29/2008 05:38 PM | 00,059,392 | ---- | C] () - C:\WINDOWS\System32\dllcache\imscinst.exe [08/29/2008 05:38 PM | 00,090,200 | ---- | C] (Perle Systems Ltd. ) - C:\WINDOWS\System32\dllcache\io8ports.dll [08/29/2008 05:38 PM | 00,134,339 | ---- | C] () - C:\WINDOWS\System32\dllcache\imekr.lex [08/29/2008 05:38 PM | 00,196,665 | ---- | C] () - C:\WINDOWS\System32\dllcache\imjpinst.exe [08/29/2008 05:38 PM | 00,372,824 | ---- | C] (Xircom) - C:\WINDOWS\System32\dllcache\iconf32.dll [08/29/2008 05:39 PM | 00,015,744 | ---- | C] (Litronic Industries) - C:\WINDOWS\System32\dllcache\lit220p.sys [08/29/2008 05:39 PM | 00,019,016 | ---- | C] (Kingston Technology Company ) - C:\WINDOWS\System32\dllcache\ktc111.sys [08/29/2008 05:39 PM | 00,020,573 | ---- | C] (The Linksts Group ) - C:\WINDOWS\System32\dllcache\lne100.sys [08/29/2008 05:39 PM | 00,020,864 | ---- | C] (Logitech Inc.) - C:\WINDOWS\System32\dllcache\lwadihid.sys [08/29/2008 05:39 PM | 00,022,848 | ---- | C] (Logitech Inc.) - C:\WINDOWS\System32\dllcache\lwusbhid.sys [08/29/2008 05:39 PM | 00,025,065 | ---- | C] (D-Link) - C:\WINDOWS\System32\dllcache\lmndis3.sys [08/29/2008 05:39 PM | 00,026,442 | ---- | C] (SMSC) - C:\WINDOWS\System32\dllcache\lanepic5.sys [08/29/2008 05:39 PM | 00,034,688 | ---- | C] (Toshiba Corp.) - C:\WINDOWS\System32\dllcache\lbrtfdc.sys [08/29/2008 05:39 PM | 00,070,730 | ---- | C] (Linksys Group, Inc.) - C:\WINDOWS\System32\dllcache\lne100tx.sys [08/29/2008 05:39 PM | 00,164,586 | ---- | C] (Madge Networks Ltd) - C:\WINDOWS\System32\dllcache\mdgndis5.sys [08/29/2008 05:39 PM | 00,420,992 | ---- | C] (LT) - C:\WINDOWS\System32\dllcache\ltmdmntt.sys [08/29/2008 05:39 PM | 00,576,746 | ---- | C] (LT) - C:\WINDOWS\System32\dllcache\ltmdmntl.sys [08/29/2008 05:39 PM | 00,727,786 | ---- | C] (Xircom, Inc.) - C:\WINDOWS\System32\dllcache\ltck000c.sys [08/29/2008 05:39 PM | 00,797,500 | ---- | C] (LT) - C:\WINDOWS\System32\dllcache\ltsmt.sys [08/29/2008 05:39 PM | 00,802,683 | ---- | C] (Lucent Technologies) - C:\WINDOWS\System32\dllcache\ltsm.sys [08/29/2008 05:39 PM | 01,158,818 | ---- | C] () - C:\WINDOWS\System32\dllcache\korwbrkr.lex [08/29/2008 05:40 PM | 00,007,168 | ---- | C] (Moxa Technologies Co., Ltd) - C:\WINDOWS\System32\dllcache\mxport.dll [08/29/2008 05:40 PM | 00,017,280 | ---- | C] (American Megatrends Inc.) - C:\WINDOWS\System32\dllcache\mraid35x.sys [08/29/2008 05:40 PM | 00,019,968 | ---- | C] (Macronix International Co., Ltd. ) - C:\WINDOWS\System32\dllcache\mxnic.sys [08/29/2008 05:40 PM | 00,019,968 | ---- | C] (Moxa Technologies Co., Ltd) - C:\WINDOWS\System32\dllcache\mxicfg.dll [08/29/2008 05:40 PM | 00,021,888 | ---- | C] (Moxa Technologies Co., Ltd.) - C:\WINDOWS\System32\dllcache\mxcard.sys [08/29/2008 05:40 PM | 00,052,255 | ---- | C] (Compaq Computer Corporation) - C:\WINDOWS\System32\dllcache\n1000nt5.sys [08/29/2008 05:40 PM | 00,075,520 | ---- | C] (Moxa Technologies Co., Ltd.) - C:\WINDOWS\System32\dllcache\mxport.sys [08/29/2008 05:40 PM | 00,103,296 | ---- | C] (Matrox Graphics Inc) - C:\WINDOWS\System32\dllcache\mtxvideo.sys [08/29/2008 05:41 PM | 00,013,664 | ---- | C] (Number Nine Visual Technology Corp.) - C:\WINDOWS\System32\dllcache\n9i128.sys [08/29/2008 05:41 PM | 00,027,936 | ---- | C] (Number Nine Visual Technology Corp.) - C:\WINDOWS\System32\dllcache\n9i3d.sys [08/29/2008 05:41 PM | 00,028,672 | ---- | C] (National Semiconductor Corporation) - C:\WINDOWS\System32\dllcache\nscirda.sys [08/29/2008 05:41 PM | 00,032,840 | ---- | C] (NETGEAR Corporation.) - C:\WINDOWS\System32\dllcache\ngrpci.sys [08/29/2008 05:41 PM | 00,033,088 | ---- | C] (Number Nine Visual Technology Corp.) - C:\WINDOWS\System32\dllcache\n9i128v2.sys [08/29/2008 05:41 PM | 00,035,392 | ---- | C] (Number Nine Visual Technology Corp.) - C:\WINDOWS\System32\dllcache\n9i128.dll [08/29/2008 05:41 PM | 00,039,264 | ---- | C] (NeoMagic Corporation) - C:\WINDOWS\System32\dllcache\neo20xx.sys [08/29/2008 05:41 PM | 00,051,552 | ---- | C] (Kensington Technology Group) - C:\WINDOWS\System32\dllcache\ntgrip.sys [08/29/2008 05:41 PM | 00,059,104 | ---- | C] (Number Nine Visual Technology Corp.) - C:\WINDOWS\System32\dllcache\n9i128v2.dll [08/29/2008 05:41 PM | 00,060,480 | ---- | C] (NeoMagic Corporation) - C:\WINDOWS\System32\dllcache\neo20xx.dll [08/29/2008 05:41 PM | 00,065,278 | ---- | C] (Compaq Computer Corporation) - C:\WINDOWS\System32\dllcache\netflx3.sys [08/29/2008 05:41 PM | 00,087,040 | ---- | C] (NeoMagic Corporation) - C:\WINDOWS\System32\dllcache\nm6wdm.sys [08/29/2008 05:41 PM | 00,091,488 | ---- | C] (Number Nine Visual Technology Corp.) - C:\WINDOWS\System32\dllcache\n9i3disp.dll [08/29/2008 05:41 PM | 00,126,080 | ---- | C] (NeoMagic Corporation) - C:\WINDOWS\System32\dllcache\nm5a2wdm.sys [08/29/2008 05:41 PM | 00,128,000 | ---- | C] (Compaq Computer Corporation) - C:\WINDOWS\System32\dllcache\n100325.sys [08/29/2008 05:41 PM | 00,132,695 | ---- | C] (802.11b) - C:\WINDOWS\System32\dllcache\netwlan5.sys [08/29/2008 05:42 PM | 00,026,153 | ---- | C] (Linksys) - C:\WINDOWS\System32\dllcache\pcmlm56.sys [08/29/2008 05:42 PM | 00,027,209 | ---- | C] (Ositech Communications, Inc.) - C:\WINDOWS\System32\dllcache\otc06x5.sys [08/29/2008 05:42 PM | 00,029,502 | ---- | C] (Marconi Communications, Inc.) - C:\WINDOWS\System32\dllcache\pca200e.sys [08/29/2008 05:42 PM | 00,029,769 | ---- | C] (AMD Inc.) - C:\WINDOWS\System32\dllcache\pcntn5m.sys [08/29/2008 05:42 PM | 00,030,282 | ---- | C] (AMD Inc.) - C:\WINDOWS\System32\dllcache\pcntn5hl.sys [08/29/2008 05:42 PM | 00,030,495 | ---- | C] (Linksys) - C:\WINDOWS\System32\dllcache\pc100nds.sys [08/29/2008 05:42 PM | 00,043,689 | ---- | C] (Ositech Communications, Inc.) - C:\WINDOWS\System32\dllcache\otceth5.sys [08/29/2008 05:42 PM | 00,054,186 | ---- | C] (Ositech Communications, Inc.) - C:\WINDOWS\System32\dllcache\otcsercb.sys [08/29/2008 05:42 PM | 00,054,528 | ---- | C] (Yamaha Corp.) - C:\WINDOWS\System32\dllcache\opl3sax.sys [08/29/2008 05:43 PM | 00,016,128 | ---- | C] (SCM Microsystems, Inc.) - C:\WINDOWS\System32\dllcache\pscr.sys [08/29/2008 05:43 PM | 00,027,904 | ---- | C] (Microsoft Corp., 3Dlabs Inc. Ltd.) - C:\WINDOWS\System32\dllcache\perm2.sys [08/29/2008 05:43 PM | 00,028,032 | ---- | C] (Microsoft Corp., 3Dlabs Inc. Ltd.) - C:\WINDOWS\System32\dllcache\perm3.sys [08/29/2008 05:43 PM | 00,035,328 | ---- | C] (AMD Inc.) - C:\WINDOWS\System32\dllcache\pcntpci5.sys [08/29/2008 05:43 PM | 00,086,016 | ---- | C] (PCtel, Inc.) - C:\WINDOWS\System32\dllcache\pctspk.exe [08/29/2008 05:43 PM | 00,128,286 | ---- | C] (PCTEL, INC.) - C:\WINDOWS\System32\dllcache\ptserli.sys [08/29/2008 05:43 PM | 00,169,984 | ---- | C] (Cisco Systems) - C:\WINDOWS\System32\dllcache\pcx500.sys [08/29/2008 05:43 PM | 00,175,104 | ---- | C] () - C:\WINDOWS\System32\dllcache\pintlcsa.dll [08/29/2008 05:43 PM | 00,211,712 | ---- | C] (Microsoft Corp., 3Dlabs Inc. Ltd.) - C:\WINDOWS\System32\dllcache\perm2dll.dll [08/29/2008 05:43 PM | 00,259,328 | ---- | C] (Microsoft Corp., 3Dlabs Inc. Ltd.) - C:\WINDOWS\System32\dllcache\perm3dd.dll [08/29/2008 05:44 PM | 00,009,216 | ---- | C] (Brother Industries, Ltd.) - C:\WINDOWS\System32\dllcache\rsmgrstr.dll [08/29/2008 05:44 PM | 00,019,017 | ---- | C] (Realtek Semiconductor Corporation) - C:\WINDOWS\System32\dllcache\rtl8029.sys [08/29/2008 05:44 PM | 00,037,563 | ---- | C] (RadioLAN) - C:\WINDOWS\System32\dllcache\rlnet5.sys [08/29/2008 05:44 PM | 00,079,104 | ---- | C] (Comtrol Corporation) - C:\WINDOWS\System32\dllcache\rocket.sys [08/29/2008 05:44 PM | 00,086,097 | ---- | C] (Xircom) - C:\WINDOWS\System32\dllcache\reslog32.dll [08/29/2008 05:44 PM | 00,112,574 | ---- | C] (PCTEL, INC.) - C:\WINDOWS\System32\dllcache\ptserlp.sys [08/29/2008 05:44 PM | 00,130,942 | ---- | C] (PCTEL, INC.) - C:\WINDOWS\System32\dllcache\ptserlv.sys [08/29/2008 05:44 PM | 00,714,762 | ---- | C] (Xircom, Inc.) - C:\WINDOWS\System32\dllcache\r2mdmkxx.sys [08/29/2008 05:44 PM | 00,899,146 | ---- | C] (Xircom, Inc.) - C:\WINDOWS\System32\dllcache\r2mdkxga.sys [08/29/2008 05:45 PM | 00,023,936 | ---- | C] (OMNIKEY AG) - C:\WINDOWS\System32\dllcache\sccmn50m.sys [08/29/2008 05:45 PM | 00,023,936 | ---- | C] (OMNIKEY AG) - C:\WINDOWS\System32\dllcache\sccmusbm.sys [08/29/2008 05:45 PM | 00,024,576 | ---- | C] (Ricoh Co., Ltd.) - C:\WINDOWS\System32\dllcache\rw430ext.dll [08/29/2008 05:45 PM | 00,026,624 | ---- | C] (Ricoh Co., Ltd.) - C:\WINDOWS\System32\dllcache\rw330ext.dll [08/29/2008 05:45 PM | 00,026,624 | ---- | C] (Ricoh Co., Ltd.) - C:\WINDOWS\System32\dllcache\rw450ext.dll |
#28
|
|||
|
|||
[08/29/2008 05:45 PM | 00,041,216 | ---- | C] (S3 Incorporated) - C:\WINDOWS\System32\dllcache\s3mt3d.sys
[08/29/2008 05:45 PM | 00,061,504 | ---- | C] (S3 Incorporated) - C:\WINDOWS\System32\dllcache\s3sav3dm.sys [08/29/2008 05:45 PM | 00,062,496 | ---- | C] (S3 Incorporated) - C:\WINDOWS\System32\dllcache\s3mtrio.dll [08/29/2008 05:45 PM | 00,077,824 | ---- | C] (S3 Incorporated) - C:\WINDOWS\System32\dllcache\s3sav4m.sys [08/29/2008 05:45 PM | 00,079,872 | ---- | C] (Ricoh Co., Ltd.) - C:\WINDOWS\System32\dllcache\rwia001.dll [08/29/2008 05:45 PM | 00,079,872 | ---- | C] (Ricoh Co., Ltd.) - C:\WINDOWS\System32\dllcache\rwia330.dll [08/29/2008 05:45 PM | 00,079,872 | ---- | C] (Ricoh Co., Ltd.) - C:\WINDOWS\System32\dllcache\rwia430.dll [08/29/2008 05:45 PM | 00,082,432 | ---- | C] (Ricoh Co., Ltd.) - C:\WINDOWS\System32\dllcache\rwia450.dll [08/29/2008 05:45 PM | 00,166,720 | ---- | C] (S3 Incorporated) - C:\WINDOWS\System32\dllcache\s3m.sys [08/29/2008 05:45 PM | 00,179,264 | ---- | C] (S3 Incorporated) - C:\WINDOWS\System32\dllcache\s3sav3d.dll [08/29/2008 05:45 PM | 00,182,272 | ---- | C] (S3 Incorporated) - C:\WINDOWS\System32\dllcache\s3mt3d.dll [08/29/2008 05:45 PM | 00,198,400 | ---- | C] (S3 Incorporated) - C:\WINDOWS\System32\dllcache\s3sav4.dll [08/29/2008 05:45 PM | 00,210,496 | ---- | C] (S3 Incorporated) - C:\WINDOWS\System32\dllcache\s3mvirge.dll [08/29/2008 05:45 PM | 00,495,616 | ---- | C] (Creative Technology Ltd.) - C:\WINDOWS\System32\dllcache\sblfx.dll [08/29/2008 05:46 PM | 00,017,280 | ---- | C] (SCM Microsystems) - C:\WINDOWS\System32\dllcache\scr111.sys [08/29/2008 05:46 PM | 00,018,400 | ---- | C] (Micro Systemation) - C:\WINDOWS\System32\dllcache\sgsmld.sys [08/29/2008 05:46 PM | 00,032,768 | ---- | C] (SiS Corporation) - C:\WINDOWS\System32\dllcache\sisnic.sys [08/29/2008 05:46 PM | 00,036,480 | ---- | C] (Creative Technology Ltd.) - C:\WINDOWS\System32\dllcache\sfmanm.sys [08/29/2008 05:46 PM | 00,098,080 | ---- | C] (Trident Microsystems Inc.) - C:\WINDOWS\System32\dllcache\sgiulnt5.sys [08/29/2008 05:46 PM | 00,161,568 | ---- | C] (Micro Systemation) - C:\WINDOWS\System32\dllcache\sgsmusb.sys [08/29/2008 05:46 PM | 00,386,560 | ---- | C] (Trident Microsystems Inc.) - C:\WINDOWS\System32\dllcache\sgiul50.dll [08/29/2008 05:47 PM | 00,024,576 | ---- | C] (SMC Networks, Inc.) - C:\WINDOWS\System32\dllcache\smc8000n.sys [08/29/2008 05:47 PM | 00,025,034 | ---- | C] (SMC Networks, Inc.) - C:\WINDOWS\System32\dllcache\smcpwr2n.sys [08/29/2008 05:47 PM | 00,035,913 | ---- | C] (SMC) - C:\WINDOWS\System32\dllcache\smcirda.sys [08/29/2008 05:47 PM | 00,058,368 | ---- | C] (Silicon Motion Inc.) - C:\WINDOWS\System32\dllcache\smiminib.sys [08/29/2008 05:47 PM | 00,063,547 | ---- | C] (Symbol Technologies) - C:\WINDOWS\System32\dllcache\sla30nd5.sys [08/29/2008 05:47 PM | 00,091,294 | ---- | C] (SysKonnect, a business unit of Schneider & Koch & Co. Datensysteme GmbH.) - C:\WINDOWS\System32\dllcache\skfpwin.sys [08/29/2008 05:47 PM | 00,094,698 | ---- | C] (SysKonnect GmbH.) - C:\WINDOWS\System32\dllcache\sk98xwin.sys [08/29/2008 05:47 PM | 00,147,200 | ---- | C] (Silicon Motion Inc.) - C:\WINDOWS\System32\dllcache\smidispb.dll [08/29/2008 05:48 PM | 00,016,896 | ---- | C] (SCM Microsystems, Inc.) - C:\WINDOWS\System32\dllcache\stcusb.sys [08/29/2008 05:48 PM | 00,019,072 | ---- | C] (Adaptec, Inc.) - C:\WINDOWS\System32\dllcache\sparrow.sys [08/29/2008 05:48 PM | 00,024,660 | ---- | C] (Perle Systems Ltd.) - C:\WINDOWS\System32\dllcache\spxupchk.dll [08/29/2008 05:48 PM | 00,048,736 | ---- | C] (3Com) - C:\WINDOWS\System32\dllcache\srwlnd5.sys [08/29/2008 05:48 PM | 00,053,248 | ---- | C] (Stallion Technologies) - C:\WINDOWS\System32\dllcache\stlncoin.dll [08/29/2008 05:48 PM | 00,061,824 | ---- | C] (Perle Systems Ltd.) - C:\WINDOWS\System32\dllcache\speed.sys [08/29/2008 05:48 PM | 00,106,584 | ---- | C] (Perle Systems Ltd.) - C:\WINDOWS\System32\dllcache\spdports.dll [08/29/2008 05:48 PM | 00,155,648 | ---- | C] (Stallion Technologies) - C:\WINDOWS\System32\dllcache\stlnprop.dll [08/29/2008 05:48 PM | 00,285,760 | ---- | C] (Stallion Technologies) - C:\WINDOWS\System32\dllcache\stlnata.sys [08/29/2008 05:49 PM | 00,094,293 | ---- | C] (Perle Systems Ltd. ) - C:\WINDOWS\System32\dllcache\sxports.dll [08/29/2008 05:49 PM | 00,103,936 | ---- | C] (Perle Systems Ltd. ) - C:\WINDOWS\System32\dllcache\sx.sys [08/31/2008 01:39 AM | 00,085,969 | ---- | C] (GMER) - C:\WINDOWS\System32\drivers\gmer.sys [2 C:\WINDOWS\*.tmp files] [08/29/2008 04:45 PM | ---D | C] - C:\WINDOWS\5888428E699C4E71BF7194EE06B497DA.TMP [08/31/2008 01:39 AM | 00,000,080 | ---- | C] () - C:\WINDOWS\gmer_uninstall.cmd [08/31/2008 01:39 AM | 00,000,250 | ---- | C] () - C:\WINDOWS\gmer.ini [08/31/2008 01:39 AM | 00,811,008 | ---- | C] () - C:\WINDOWS\gmer.exe [08/31/2008 01:39 AM | 00,884,736 | ---- | C] () - C:\WINDOWS\gmer.dll [08/31/2008 04:18 AM | ---D | C] - C:\WINDOWS\ERUNT [08/17/2008 02:10 AM | 00,000,350 | ---- | C] () - C:\WINDOWS\tasks\At25.job [08/17/2008 02:10 AM | 00,000,350 | ---- | C] () - C:\WINDOWS\tasks\At26.job [08/17/2008 02:10 AM | 00,000,350 | ---- | C] () - C:\WINDOWS\tasks\At27.job [08/17/2008 02:10 AM | 00,000,350 | ---- | C] () - C:\WINDOWS\tasks\At28.job [08/17/2008 02:10 AM | 00,000,350 | ---- | C] () - C:\WINDOWS\tasks\At29.job [08/17/2008 02:10 AM | 00,000,350 | ---- | C] () - C:\WINDOWS\tasks\At30.job [08/17/2008 02:10 AM | 00,000,350 | ---- | C] () - C:\WINDOWS\tasks\At31.job [08/17/2008 02:10 AM | 00,000,350 | ---- | C] () - C:\WINDOWS\tasks\At32.job [08/17/2008 02:10 AM | 00,000,350 | ---- | C] () - C:\WINDOWS\tasks\At33.job [08/17/2008 02:10 AM | 00,000,350 | ---- | C] () - C:\WINDOWS\tasks\At34.job [08/17/2008 02:10 AM | 00,000,350 | ---- | C] () - C:\WINDOWS\tasks\At35.job [08/17/2008 02:10 AM | 00,000,350 | ---- | C] () - C:\WINDOWS\tasks\At36.job [08/17/2008 02:10 AM | 00,000,350 | ---- | C] () - C:\WINDOWS\tasks\At37.job [08/17/2008 02:10 AM | 00,000,350 | ---- | C] () - C:\WINDOWS\tasks\At38.job [08/17/2008 02:10 AM | 00,000,350 | ---- | C] () - C:\WINDOWS\tasks\At39.job [08/17/2008 02:10 AM | 00,000,350 | ---- | C] () - C:\WINDOWS\tasks\At40.job [08/17/2008 02:10 AM | 00,000,350 | ---- | C] () - C:\WINDOWS\tasks\At41.job [08/17/2008 02:10 AM | 00,000,350 | ---- | C] () - C:\WINDOWS\tasks\At42.job [08/17/2008 02:10 AM | 00,000,350 | ---- | C] () - C:\WINDOWS\tasks\At43.job [08/17/2008 02:10 AM | 00,000,350 | ---- | C] () - C:\WINDOWS\tasks\At44.job [08/17/2008 02:10 AM | 00,000,350 | ---- | C] () - C:\WINDOWS\tasks\At45.job [08/17/2008 02:10 AM | 00,000,350 | ---- | C] () - C:\WINDOWS\tasks\At46.job [08/17/2008 02:10 AM | 00,000,350 | ---- | C] () - C:\WINDOWS\tasks\At47.job [08/17/2008 02:10 AM | 00,000,350 | ---- | C] () - C:\WINDOWS\tasks\At48.job [08/23/2008 12:17 AM | 00,000,350 | ---- | C] () - C:\WINDOWS\tasks\At1.job [08/23/2008 12:17 AM | 00,000,350 | ---- | C] () - C:\WINDOWS\tasks\At10.job [08/23/2008 12:17 AM | 00,000,350 | ---- | C] () - C:\WINDOWS\tasks\At11.job [08/23/2008 12:17 AM | 00,000,350 | ---- | C] () - C:\WINDOWS\tasks\At12.job [08/23/2008 12:17 AM | 00,000,350 | ---- | C] () - C:\WINDOWS\tasks\At13.job [08/23/2008 12:17 AM | 00,000,350 | ---- | C] () - C:\WINDOWS\tasks\At14.job [08/23/2008 12:17 AM | 00,000,350 | ---- | C] () - C:\WINDOWS\tasks\At15.job [08/23/2008 12:17 AM | 00,000,350 | ---- | C] () - C:\WINDOWS\tasks\At16.job [08/23/2008 12:17 AM | 00,000,350 | ---- | C] () - C:\WINDOWS\tasks\At17.job [08/23/2008 12:17 AM | 00,000,350 | ---- | C] () - C:\WINDOWS\tasks\At18.job [08/23/2008 12:17 AM | 00,000,350 | ---- | C] () - C:\WINDOWS\tasks\At19.job [08/23/2008 12:17 AM | 00,000,350 | ---- | C] () - C:\WINDOWS\tasks\At2.job [08/23/2008 12:17 AM | 00,000,350 | ---- | C] () - C:\WINDOWS\tasks\At20.job [08/23/2008 12:17 AM | 00,000,350 | ---- | C] () - C:\WINDOWS\tasks\At21.job [08/23/2008 12:17 AM | 00,000,350 | ---- | C] () - C:\WINDOWS\tasks\At22.job [08/23/2008 12:17 AM | 00,000,350 | ---- | C] () - C:\WINDOWS\tasks\At23.job [08/23/2008 12:17 AM | 00,000,350 | ---- | C] () - C:\WINDOWS\tasks\At24.job [08/23/2008 12:17 AM | 00,000,350 | ---- | C] () - C:\WINDOWS\tasks\At3.job [08/23/2008 12:17 AM | 00,000,350 | ---- | C] () - C:\WINDOWS\tasks\At4.job [08/23/2008 12:17 AM | 00,000,350 | ---- | C] () - C:\WINDOWS\tasks\At5.job [08/23/2008 12:17 AM | 00,000,350 | ---- | C] () - C:\WINDOWS\tasks\At6.job [08/23/2008 12:17 AM | 00,000,350 | ---- | C] () - C:\WINDOWS\tasks\At7.job [08/23/2008 12:17 AM | 00,000,350 | ---- | C] () - C:\WINDOWS\tasks\At8.job [08/23/2008 12:17 AM | 00,000,350 | ---- | C] () - C:\WINDOWS\tasks\At9.job [08/28/2008 08:18 AM | ---D | C] - C:\Documents and Settings\All Users\Application Data\Avira [08/28/2008 08:18 AM | 00,001,862 | ---- | C] () - C:\Documents and Settings\All Users\Desktop\AntiVir PE Classic.lnk [08/28/2008 08:18 AM | ---D | C] - C:\Program Files\Avira ========== Files - Modified Within 30 days ========== [08/31/2008 02:01 AM | 00,066,048 | ---- | M] () - C:\mbr.exe [08/31/2008 04:22 AM | 00,000,686 | ---- | M] () - C:\WINDOWS\System32\drivers\etc\HOSTS [08/31/2008 01:39 AM | 00,085,969 | ---- | M] (GMER) - C:\WINDOWS\System32\drivers\gmer.sys [08/31/2008 02:37 AM | 00,137,472 | ---- | M] () - C:\WINDOWS\System32\drivers\PnkBstrK.sys [3 C:\WINDOWS\System32\*.tmp files] [08/31/2008 02:37 AM | 00,111,928 | ---- | M] () - C:\WINDOWS\System32\PnkBstrB.exe [08/31/2008 04:27 AM | 00,001,158 | ---- | M] () - C:\WINDOWS\System32\wpa.dbl [08/31/2008 04:32 AM | 00,000,246 | ---- | M] () - C:\WINDOWS\System\hpsysdrv.dat [2 C:\WINDOWS\*.tmp files] [08/11/2008 06:09 PM | 00,000,105 | ---- | M] () - C:\WINDOWS\muveeapp.INI [08/13/2008 03:02 AM | 00,001,374 | ---- | M] () - C:\WINDOWS\imsins.BAK [08/28/2008 08:19 AM | 00,001,031 | ---- | M] () - C:\WINDOWS\win.ini [08/31/2008 01:39 AM | 00,000,080 | ---- | M] () - C:\WINDOWS\gmer_uninstall.cmd [08/31/2008 01:39 AM | 00,884,736 | ---- | M] () - C:\WINDOWS\gmer.dll [08/31/2008 03:01 AM | 00,000,250 | ---- | M] () - C:\WINDOWS\gmer.ini [08/31/2008 04:25 AM | 00,002,048 | --S- | M] () - C:\WINDOWS\bootstat.dat [08/29/2008 01:00 PM | 00,000,350 | ---- | M] () - C:\WINDOWS\tasks\At14.job [08/29/2008 01:00 PM | 00,000,350 | ---- | M] () - C:\WINDOWS\tasks\At38.job [08/29/2008 02:00 PM | 00,000,350 | ---- | M] () - C:\WINDOWS\tasks\At15.job [08/29/2008 02:00 PM | 00,000,350 | ---- | M] () - C:\WINDOWS\tasks\At39.job [08/29/2008 03:00 PM | 00,000,350 | ---- | M] () - C:\WINDOWS\tasks\At16.job [08/29/2008 03:00 PM | 00,000,350 | ---- | M] () - C:\WINDOWS\tasks\At40.job [08/29/2008 04:00 PM | 00,000,350 | ---- | M] () - C:\WINDOWS\tasks\At17.job [08/29/2008 04:00 PM | 00,000,350 | ---- | M] () - C:\WINDOWS\tasks\At41.job [08/29/2008 05:00 AM | 00,000,350 | ---- | M] () - C:\WINDOWS\tasks\At30.job [08/29/2008 05:00 AM | 00,000,350 | ---- | M] () - C:\WINDOWS\tasks\At6.job [08/29/2008 05:00 PM | 00,000,350 | ---- | M] () - C:\WINDOWS\tasks\At18.job [08/29/2008 05:00 PM | 00,000,350 | ---- | M] () - C:\WINDOWS\tasks\At42.job [08/29/2008 06:00 AM | 00,000,350 | ---- | M] () - C:\WINDOWS\tasks\At31.job [08/29/2008 06:00 AM | 00,000,350 | ---- | M] () - C:\WINDOWS\tasks\At7.job [08/29/2008 07:00 AM | 00,000,350 | ---- | M] () - C:\WINDOWS\tasks\At32.job [08/29/2008 07:00 AM | 00,000,350 | ---- | M] () - C:\WINDOWS\tasks\At8.job [08/29/2008 08:00 AM | 00,000,350 | ---- | M] () - C:\WINDOWS\tasks\At33.job [08/29/2008 08:00 AM | 00,000,350 | ---- | M] () - C:\WINDOWS\tasks\At9.job [08/29/2008 09:00 AM | 00,000,350 | ---- | M] () - C:\WINDOWS\tasks\At10.job [08/29/2008 09:00 AM | 00,000,350 | ---- | M] () - C:\WINDOWS\tasks\At34.job [08/29/2008 10:00 AM | 00,000,350 | ---- | M] () - C:\WINDOWS\tasks\At11.job [08/29/2008 10:00 AM | 00,000,350 | ---- | M] () - C:\WINDOWS\tasks\At35.job [08/29/2008 11:00 AM | 00,000,350 | ---- | M] () - C:\WINDOWS\tasks\At12.job [08/29/2008 11:00 AM | 00,000,350 | ---- | M] () - C:\WINDOWS\tasks\At36.job [08/29/2008 12:00 PM | 00,000,350 | ---- | M] () - C:\WINDOWS\tasks\At13.job [08/29/2008 12:00 PM | 00,000,350 | ---- | M] () - C:\WINDOWS\tasks\At37.job [08/30/2008 06:00 PM | 00,000,350 | ---- | M] () - C:\WINDOWS\tasks\At19.job [08/30/2008 06:00 PM | 00,000,350 | ---- | M] () - C:\WINDOWS\tasks\At43.job [08/30/2008 07:00 PM | 00,000,350 | ---- | M] () - C:\WINDOWS\tasks\At20.job [08/30/2008 07:00 PM | 00,000,350 | ---- | M] () - C:\WINDOWS\tasks\At44.job [08/30/2008 08:00 PM | 00,000,350 | ---- | M] () - C:\WINDOWS\tasks\At21.job [08/30/2008 08:00 PM | 00,000,350 | ---- | M] () - C:\WINDOWS\tasks\At45.job [08/30/2008 09:00 PM | 00,000,350 | ---- | M] () - C:\WINDOWS\tasks\At22.job [08/30/2008 09:00 PM | 00,000,350 | ---- | M] () - C:\WINDOWS\tasks\At46.job [08/30/2008 10:00 PM | 00,000,350 | ---- | M] () - C:\WINDOWS\tasks\At23.job [08/30/2008 10:00 PM | 00,000,350 | ---- | M] () - C:\WINDOWS\tasks\At47.job [08/30/2008 11:00 PM | 00,000,350 | ---- | M] () - C:\WINDOWS\tasks\At24.job [08/30/2008 11:00 PM | 00,000,350 | ---- | M] () - C:\WINDOWS\tasks\At48.job [08/31/2008 01:00 AM | 00,000,350 | ---- | M] () - C:\WINDOWS\tasks\At2.job [08/31/2008 01:00 AM | 00,000,350 | ---- | M] () - C:\WINDOWS\tasks\At26.job [08/31/2008 02:00 AM | 00,000,350 | ---- | M] () - C:\WINDOWS\tasks\At27.job [08/31/2008 02:00 AM | 00,000,350 | ---- | M] () - C:\WINDOWS\tasks\At3.job [08/31/2008 03:00 AM | 00,000,350 | ---- | M] () - C:\WINDOWS\tasks\At28.job [08/31/2008 03:00 AM | 00,000,350 | ---- | M] () - C:\WINDOWS\tasks\At4.job [08/31/2008 04:00 AM | 00,000,350 | ---- | M] () - C:\WINDOWS\tasks\At29.job [08/31/2008 04:00 AM | 00,000,350 | ---- | M] () - C:\WINDOWS\tasks\At5.job [08/31/2008 04:25 AM | 00,000,006 | -H-- | M] () - C:\WINDOWS\tasks\SA.DAT [08/31/2008 04:25 AM | 00,000,492 | ---- | M] () - C:\WINDOWS\tasks\1-Click Maintenance.job [08/31/2008 12:32 AM | 00,000,350 | ---- | M] () - C:\WINDOWS\tasks\At1.job [08/31/2008 12:50 AM | 00,000,350 | ---- | M] () - C:\WINDOWS\tasks\At25.job [08/28/2008 08:18 AM | 00,001,862 | ---- | M] () - C:\Documents and Settings\All Users\Desktop\AntiVir PE Classic.lnk < End of report > |
#29
|
||||
|
||||
Good. SDFix got the malware driver and associated files.
We still have some cleaning up to do though. Download OTMoveIt and save the file to your desktop. Copy all the text contained in the code box below by highlighting it and right clicking and selecting "Copy" Code:
C:\WINDOWS\tasks\At25.job C:\WINDOWS\tasks\At26.job C:\WINDOWS\tasks\At27.job C:\WINDOWS\tasks\At28.job C:\WINDOWS\tasks\At29.job C:\WINDOWS\tasks\At30.job C:\WINDOWS\tasks\At31.job C:\WINDOWS\tasks\At32.job C:\WINDOWS\tasks\At33.job C:\WINDOWS\tasks\At34.job C:\WINDOWS\tasks\At35.job C:\WINDOWS\tasks\At36.job C:\WINDOWS\tasks\At37.job C:\WINDOWS\tasks\At38.job C:\WINDOWS\tasks\At40.job C:\WINDOWS\tasks\At41.job C:\WINDOWS\tasks\At42.job C:\WINDOWS\tasks\At43.job C:\WINDOWS\tasks\At44.job C:\WINDOWS\tasks\At45.job C:\WINDOWS\tasks\At46.job C:\WINDOWS\tasks\At47.job C:\WINDOWS\tasks\At48.job C:\WINDOWS\tasks\At1.job C:\WINDOWS\tasks\At10.job C:\WINDOWS\tasks\At11.job C:\WINDOWS\tasks\At12.job C:\WINDOWS\tasks\At13.job C:\WINDOWS\tasks\At14.job C:\WINDOWS\tasks\At15.job C:\WINDOWS\tasks\At16.job C:\WINDOWS\tasks\At17.job C:\WINDOWS\tasks\At18.job C:\WINDOWS\tasks\At19.job C:\WINDOWS\tasks\At2.job C:\WINDOWS\tasks\At20.job C:\WINDOWS\tasks\At21.job C:\WINDOWS\tasks\At22.job C:\WINDOWS\tasks\At23.job C:\WINDOWS\tasks\At24.job C:\WINDOWS\tasks\At3.job C:\WINDOWS\tasks\At4.job C:\WINDOWS\tasks\At5.job C:\WINDOWS\tasks\At6.job C:\WINDOWS\tasks\At7.job C:\WINDOWS\tasks\At8.job C:\WINDOWS\tasks\At9.job C:\WINDOWS\tasks\At14.job C:\WINDOWS\tasks\At38.job C:\WINDOWS\tasks\At15.job C:\WINDOWS\tasks\At39.job C:\WINDOWS\tasks\At16.job C:\WINDOWS\tasks\At40.job C:\WINDOWS\tasks\At17.job C:\WINDOWS\tasks\At41.job C:\WINDOWS\tasks\At30.job C:\WINDOWS\tasks\At6.job C:\WINDOWS\tasks\At18.job C:\WINDOWS\tasks\At42.job C:\WINDOWS\tasks\At31.job C:\WINDOWS\tasks\At7.job C:\WINDOWS\tasks\At32.job C:\WINDOWS\tasks\At8.job C:\WINDOWS\tasks\At33.job C:\WINDOWS\tasks\At9.job C:\WINDOWS\tasks\At10.job C:\WINDOWS\tasks\At34.job C:\WINDOWS\tasks\At11.job C:\WINDOWS\tasks\At35.job C:\WINDOWS\tasks\At12.job C:\WINDOWS\tasks\At36.job C:\WINDOWS\tasks\At13.job C:\WINDOWS\tasks\At37.job C:\WINDOWS\tasks\At19.job C:\WINDOWS\tasks\At43.job C:\WINDOWS\tasks\At20.job C:\WINDOWS\tasks\At44.job C:\WINDOWS\tasks\At21.job C:\WINDOWS\tasks\At45.job C:\WINDOWS\tasks\At22.job C:\WINDOWS\tasks\At46.job C:\WINDOWS\tasks\At23.job C:\WINDOWS\tasks\At47.job C:\WINDOWS\tasks\At24.job C:\WINDOWS\tasks\At48.job C:\WINDOWS\tasks\At2.job C:\WINDOWS\tasks\At26.job C:\WINDOWS\tasks\At27.job C:\WINDOWS\tasks\At3.job C:\WINDOWS\tasks\At28.job C:\WINDOWS\tasks\At4.job C:\WINDOWS\tasks\At29.job C:\WINDOWS\tasks\At5.job C:\WINDOWS\tasks\At1.job C:\WINDOWS\tasks\At25.job Use the same procedure to copy everything in the Results window and paste it into a new text file and save it so you can post it back into this thread. Click Exit to close OTMoveIt. If a file or folder cannot be moved immediately you may be asked to reboot the machine to finish the process. If you are asked to reboot the machine choose Yes. If a reboot was necessary or you needed to exit before posting the log, you will find a copy of the log at the root of the drive where OTMoveIt is installed (usually C:\_OTMoveIt\MovedFiles\date_time.log). Download Malwarebytes' Anti-Malware from here or here. Doubleclick on mbam-setup.exe to install the application. Make sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes' Anti-Malware then click Finish. If an update is found, it will download and install the latest version. Once the program has loaded, select "Perform Quick Scan" then click Scan. The scan may take some time to finish so please be patient. When the scan is complete, click OK, then Show Results to view the results. Make sure that everything is checked, and click Remove Selected. When disinfection is completed, a log will open in Notepad and you may be prompted to Restart. Please do so. The log is automatically saved by MBAM and can be viewed by clicking the Logs tab in MBAM. Please copy and paste the entire report in your next reply. Also post a new OTViewIt log please. |
#30
|
|||
|
|||
Good news. Here is the logs.
OTViewIt logfile created on: 8/31/2008 10:27:35 AM - Run 3 OTViewIt by OldTimer - Version 1.0.1.7 Folder = C:\Documents and Settings\HP_Administrator\Desktop Windows XP Media Center Edition Service Pack 2 (Version = 5.1.2600) - Type = NTWorkstation Internet Explorer (Version = 7.0.5730.13) Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy 1015.29 Mb Total Physical Memory | 645.91 Mb Available Physical Memory | 63.62% Memory free 2.38 Gb Paging File | 2.11 Gb Available in Paging File | 88.48% Paging File free Paging file location(s): C:\pagefile.sys 1524 3048; %SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files Drive C: | 178.30 Gb Total Space | 113.50 Gb Free Space | 63.66% Space Free | Partition Type: NTFS Drive D: | 8.00 Gb Total Space | 0.91 Gb Free Space | 11.42% Space Free | Partition Type: FAT32 E: Drive not present or media not loaded F: Drive not present or media not loaded G: Drive not present or media not loaded H: Drive not present or media not loaded I: Drive not present or media not loaded Computer Name: YOUR-B27FB1C401 Current User Name: Possible Logged in as Administrator. Current Boot Mode: Normal Scan Mode: All users Whitelist: On ===== Processes - Non-Microsoft Only ===== [09/26/2007 12:51 AM | 00,066,872 | ---- | M] () - C:\WINDOWS\system32\PnkBstrA.exe [06/08/2005 01:59 PM | 00,077,824 | ---- | M] (Intel Corporation) - C:\WINDOWS\system32\hkcmd.exe [06/08/2005 02:03 PM | 00,114,688 | ---- | M] (Intel Corporation) - C:\WINDOWS\system32\igfxpers.exe [09/28/2005 02:05 AM | 00,098,304 | ---- | M] (Apple Computer, Inc.) - C:\Program Files\QuickTime\qttask.exe [01/24/2005 05:56 AM | 00,544,768 | ---- | M] (Motorola Inc.) - C:\WINDOWS\sm56hlpr.exe [05/04/2005 01:01 PM | 02,805,248 | ---- | M] (RealTek Semicoductor Corp.) - C:\WINDOWS\ALCWZRD.EXE [06/08/2005 01:58 PM | 00,155,648 | ---- | M] (Intel Corporation) - C:\WINDOWS\system32\igfxsrvc.exe ===== Win32 Services - Non-Microsoft Only ===== (iPodService) iPod Service [Disabled | Stopped] [05/05/2005 03:21 AM | 00,327,680 | ---- | M] (Apple Computer, Inc.) - C:\Program Files\iPod\bin\iPodService.exe (PnkBstrA) PnkBstrA [Auto | Running] [09/26/2007 12:51 AM | 00,066,872 | ---- | M] () - C:\WINDOWS\system32\PnkBstrA.exe (TuneUp.Defrag) TuneUp Drive Defrag Service [Disabled | Stopped] [04/06/2008 05:29 AM | 00,307,968 | ---- | M] (TuneUp Software GmbH) - C:\WINDOWS\system32\TuneUpDefragService.exe ===== Driver Services - Non-Microsoft Only ===== (catchme) catchme [On_Demand | Running] File not found - C:\DOCUME~1\HP_ADM~1\LOCALS~1\Temp\catchme.sys (ftsata2) ftsata2 [Boot | Stopped] File not found - C:\WINDOWS\system32\DRIVERS\ftsata2.sys (giveio) giveio [Boot | Running] [04/03/1996 03:33 PM | 00,005,248 | ---- | M] () - C:\WINDOWS\system32\giveio.sys (gmer) gmer [On_Demand | Stopped] [08/31/2008 01:39 AM | 00,085,969 | ---- | M] (GMER) - C:\WINDOWS\system32\drivers\gmer.sys (ialm) ialm [On_Demand | Running] [06/08/2005 02:27 PM | 01,050,140 | ---- | M] (Intel Corporation) - C:\WINDOWS\system32\drivers\ialmnt5.sys (iaStor) Intel RAID Controller [Boot | Running] [03/09/2005 09:09 PM | 00,870,912 | ---- | M] (Intel Corporation) - C:\WINDOWS\system32\drivers\iaStor.sys (ltmodem5) LT Modem Driver [On_Demand | Stopped] [08/04/2004 08:41 AM | 00,606,684 | ---- | M] (LT) - C:\WINDOWS\system32\drivers\ltmdmnt.sys (mbmiodrvr) mbmiodrvr [Auto | Running] [04/10/2004 09:42 AM | 00,002,944 | ---- | M] (cansoft@livewiredev.com) - C:\WINDOWS\system32\mbmiodrvr.sys (mbr) mbr [On_Demand | Stopped] File not found - C:\DOCUME~1\HP_ADM~1\LOCALS~1\Temp\mbr.sys (RTL8023xp) Realtek 10/100/1000 NIC Family all in one NDIS XP Driver [On_Demand | Running] [03/04/2005 02:10 PM | 00,074,496 | ---- | M] (Realtek Semiconductor Corporation ) - C:\WINDOWS\system32\drivers\Rtlnicxp.sys (rtl8139) Realtek RTL8139(A/B/C)-based PCI Fast Ethernet Adapter NT Driver [On_Demand | Stopped] [08/04/2004 08:31 AM | 00,020,992 | ---- | M] (Realtek Semiconductor Corporation) - C:\WINDOWS\system32\drivers\RTL8139.sys (samhid) samhid [On_Demand | Stopped] [01/07/2006 12:09 PM | 00,007,548 | ---- | M] () - C:\WINDOWS\system32\drivers\Samhid.sys (smserial) smserial [On_Demand | Running] [01/25/2005 09:56 AM | 00,923,863 | ---- | M] (Motorola Inc.) - C:\WINDOWS\system32\drivers\smserial.sys (speedfan) speedfan [Boot | Running] [09/24/2006 09:28 AM | 00,005,248 | ---- | M] (Windows (R) 2000 DDK provider) - C:\WINDOWS\system32\speedfan.sys (sptd) sptd [Boot | Running] [10/22/2006 05:00 AM | 00,611,064 | ---- | M] () - C:\WINDOWS\system32\drivers\sptd.sys (XDva016) XDva016 [On_Demand | Stopped] File not found - C:\WINDOWS\system32\XDva016.sys (XDva024) XDva024 [On_Demand | Stopped] File not found - C:\WINDOWS\system32\XDva024.sys (XTrapD12) XTrapD12 [On_Demand | Stopped] File not found - C:\WINDOWS\system32\XTrapD12.sys ========== Run Keys ========== [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\Curr entVersion\Run] "avgnt" = "C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe" /min [06/12/2008 02:28 PM | 00,266,497 | ---- | M] (Avira GmbH) "High Definition Audio Property Page Shortcut" = HDAShCut.exe [01/08/2005 03:07 AM | 00,061,952 | ---- | M] (Windows (R) Server 2003 DDK provider) "HotKeysCmds" = C:\WINDOWS\system32\hkcmd.exe [06/08/2005 01:59 PM | 00,077,824 | ---- | M] (Intel Corporation) "HP Software Update" = C:\Program Files\HP\HP Software Update\HPWuSchd2.exe [05/08/2007 04:24 PM | 00,054,840 | ---- | M] (Hewlett-Packard) "HPBootOp" = "C:\Program Files\Hewlett-Packard\HP Boot Optimizer\HPBootOp.exe" /run [02/26/2005 01:34 AM | 00,245,760 | ---- | M] (Hewlett-Packard Company) "HPHUPD08" = c:\Program Files\HP\Digital Imaging\{33D6CC28-9F75-4d1b-A11D-98895B3A3729}\hphupd08.exe [06/02/2005 02:35 AM | 00,049,152 | ---- | M] (Hewlett-Packard) "KBD" = C:\HP\KBD\KBD.EXE [02/02/2005 04:44 PM | 00,061,440 | ---- | M] (Hewlett-Packard Company) "Persistence" = C:\WINDOWS\system32\igfxpers.exe [06/08/2005 02:03 PM | 00,114,688 | ---- | M] (Intel Corporation) "QuickTime Task" = "C:\Program Files\QuickTime\qttask.exe" -atboottime [09/28/2005 02:05 AM | 00,098,304 | ---- | M] (Apple Computer, Inc.) "SMSERIAL" = sm56hlpr.exe [01/24/2005 05:56 AM | 00,544,768 | ---- | M] (Motorola Inc.) "SunJavaUpdateSched" = "C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe" [02/22/2008 04:25 AM | 00,144,784 | ---- | M] (Sun Microsystems, Inc.) "TkBellExe" = "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot [04/12/2008 10:15 PM | 00,185,896 | ---- | M] (RealNetworks, Inc.) [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows] "load" = Reg Error: Value load does not exist or could not be read. "run" = Reg Error: Value run does not exist or could not be read. [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows] "load" = "run" = Reg Error: Value run does not exist or could not be read. [HKEY_USERS\.DEFAULT\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows] "load" = "run" = Reg Error: Value run does not exist or could not be read. [HKEY_USERS\S-1-5-18\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows] "load" = "run" = Reg Error: Value run does not exist or could not be read. [HKEY_USERS\S-1-5-19\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows] "load" = "run" = Reg Error: Value run does not exist or could not be read. [HKEY_USERS\S-1-5-20\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows] "load" = "run" = Reg Error: Value run does not exist or could not be read. [HKEY_USERS\S-1-5-21-3168850613-2940384695-3104939514-1008\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows] "load" = "run" = Reg Error: Value run does not exist or could not be read. ========== Startup Folders ========== [Administrator Startup Folder - C:\Documents and Settings\Administrator\Start Menu\Programs\Startup] [All Users Startup Folder - C:\Documents and Settings\All Users\Start Menu\Programs\Startup] [Default User Startup Folder - C:\Documents and Settings\Default User\Start Menu\Programs\Startup] [HP_Administrator Startup Folder - C:\Documents and Settings\HP_Administrator\Start Menu\Programs\Startup] ========== BHO's ========== [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\Curr entVersion\Explorer\Browser Helper Objects\{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3}] HKLM CLSID: (Adobe PDF Reader Link Helper) - [12/18/2006 05:16 AM | 00,059,032 | ---- | M] (Adobe Systems Incorporated) C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\Curr entVersion\Explorer\Browser Helper Objects\{3049C3E9-B461-4BC5-8870-4C09146192CA}] HKLM CLSID: (RealPlayer Download and Record Plugin for Internet Explorer) - [04/12/2008 10:15 PM | 00,308,856 | ---- | M] (RealPlayer) C:\Program Files\Real\RealPlayer\rpbrowserrecordplugin.dll [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\Curr entVersion\Explorer\Browser Helper Objects\{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}] HKLM CLSID: (SSVHelper Class) - [02/22/2008 04:25 AM | 00,509,328 | ---- | M] (Sun Microsystems, Inc.) C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll ========== Toolbars ========== [HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\ShellBrowser] "{5CBE2611-C31B-401F-89BC-4CBB25E853D7}" HKLM CLSID: (Reg Error: Key does not exist or could not be opened.) - File not found Reg Error: Key does not exist or could not be opened. [HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser] "{42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6}" HKLM CLSID: (Reg Error: Key does not exist or could not be opened.) - File not found Reg Error: Key does not exist or could not be opened. [HKEY_USERS\.DEFAULT\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser] "{54B1488E-4984-472F-B6AA-B83044D7CD90}" HKLM CLSID: (Reg Error: Key does not exist or could not be opened.) - File not found Reg Error: Key does not exist or could not be opened. [HKEY_USERS\S-1-5-18\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser] "{54B1488E-4984-472F-B6AA-B83044D7CD90}" HKLM CLSID: (Reg Error: Key does not exist or could not be opened.) - File not found Reg Error: Key does not exist or could not be opened. [HKEY_USERS\S-1-5-21-3168850613-2940384695-3104939514-1008\Software\Microsoft\Internet Explorer\Toolbar\ShellBrowser] "{5CBE2611-C31B-401F-89BC-4CBB25E853D7}" HKLM CLSID: (Reg Error: Key does not exist or could not be opened.) - File not found Reg Error: Key does not exist or could not be opened. [HKEY_USERS\S-1-5-21-3168850613-2940384695-3104939514-1008\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser] "{42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6}" HKLM CLSID: (Reg Error: Key does not exist or could not be opened.) - File not found Reg Error: Key does not exist or could not be opened. ========== AppInit_Dlls ========== ========== HKLM Security Providers ========== [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Contro l\SecurityProviders\\SecurityProviders] "msapsspc.dll schannel.dll digest.dll msnsspc.dll" - File not found |
![]() |
Bookmarks |
«
Previous Topic
|
Next Topic
»
|
|
![]() |
||||
Topic | Topic Starter | Forum | Replies | Last Post |
How to De-Crypt Infected Files from Virus | leachim | Malware Removal | 3 | May 31st, 2014 11:04 PM |
Infected with kd Crypt worm | rainie | Malware Removal | 18 | February 15th, 2009 01:33 AM |
Trojan.Win32.crypt.o | blakeh7787 | Malware Removal | 44 | July 26th, 2006 04:32 AM |
Malware? Virus? Trojan? (HJT, ewido logs inside) | AlphaShadow | Malware Removal | 4 | June 8th, 2006 02:59 AM |
Searchem.net Problem (popups... logs inside) | ShhBeqQuiet9772 | Malware Removal | 3 | May 12th, 2005 01:11 PM |
All times are GMT +1. The time now is 12:44 AM.