Active Proc Exp and RK reveal won't run

[Active] Proc Exp and RK reveal won't run

Hi guys i am having an issue with process explorer and rootkit revealer not running. also when I enter process explorer into either IE or Firefox doing a google search both browsers merely shutdown. i know there is something here that doesn't want to be found and it is probably a root kit but i am having trouble tracking it down. any and all help would be greatly appreciated.

 

Hi Dragon

Read this.

Once you've posted the required logs someone (not me ) will help but they are busy on this board so be patient.

 

Proc Expl and Root kit will Not run

Hi Guys, I posted A few minutes ago about a problem with programs not running on my system. If I complete the names and try to post them the browser will shut down so I have to paraphrase Proc expl and root kit rev will not run. If I try to do a search on google about the problem the browser just shuts down.
I have run RSIT and have the log file but the other file did not appear. Here is the listing from the log file:

Logfile of random's system information tool 1.05 (written by random/random)
Run by pboone at 2008-12-28 18:45:22
Microsoft Windows XP Professional Service Pack 3
System drive C: has 30 GB (21%) free of 145 GB
Total RAM: 1535 MB (52% free)


======Scheduled tasks folder======

C:\WINDOWS\tasks\At1.job
C:\WINDOWS\tasks\At2.job
C:\WINDOWS\tasks\At3.job
C:\WINDOWS\tasks\At4.job
C:\WINDOWS\tasks\At5.job
C:\WINDOWS\tasks\At6.job
C:\WINDOWS\tasks\Pareto UNS.job

======Registry dump======

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]

{B2847E28-5D7D-4DEB-8B67-05D28BCF79F5} - HP View - c:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpdtlk02.dll [2003-06-17 98304]
{4E7BD74F-2B8D-469E-C0FF-FD60B590A87D} - REALBAR - C:\PROGRA~1\COMMON~1\Real\Toolbar\RealBar.dll [2004-02-15 784384]
{47833539-D0C5-4125-9FA8-0819E2EAAC93} - Adobe PDF - C:\Program Files\Adobe\Acrobat 6.0\Acrobat\AcroIEFavClient.dll [2003-05-15 147456]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
"hpsysdrv "=c:\windows\system\hpsysdrv.exe [1998-05-07 52736]
"HotKeysCmds "=C:\WINDOWS\System32\hkcmd.exe [2003-04-07 114688]
"HPHUPD05 "=c:\Program Files\Hewlett-Packard\{45B6180B-DCAB-4093-8EE8-6164457517F0}\hphupd05.exe [2003-05-23 49152]
"KBD "=C:\HP\KBD\KBD.EXE [2003-02-11 61440]
"Sunkist2k "=C:\Program Files\Multimedia Card Reader\shwicon2k.exe [2003-08-09 139264]
"PS2 "=C:\WINDOWS\system32\ps2.exe [2002-10-16 81920]
"HPDJ Taskbar Utility "=C:\WINDOWS\System32\spool\drivers\w32x86\3\hpztsb07.exe [2002-11-22 188416]
"HPHUPD04 "=C:\Program Files\HP Photosmart 11\hphinstall\UniPatch\hphupd04.exe [2002-11-22 49152]
"NvCplDaemon "=C:\WINDOWS\system32\NvCpl.dll [2008-10-07 13574144]
"Recguard "=C:\WINDOWS\SMINST\RECGUARD.EXE [2002-09-13 212992]
"Launch LGDCore "=C:\Program Files\Logitech\G-series Software\LGDCore.exe [2006-03-06 1122304]
"Launch LCDMon "=C:\Program Files\Logitech\G-series Software\LCDMon.exe [2006-03-06 497152]
"ShStatEXE "=C:\Program Files\McAfee\VirusScan Enterprise\SHSTAT.EXE [2007-02-22 112216]
"nwiz "=nwiz.exe /install []
"NvMediaCenter "=C:\WINDOWS\system32\NvMcTray.dll [2008-10-07 86016]

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
"StatBar "=C:\Program Files\Globe Software\StatBar\StatBar.exe [2003-07-25 335872]
"ctfmon.exe "=C:\WINDOWS\system32\ctfmon.exe [2008-04-13 15360]
"WMPNSCFG "=C:\Program Files\Windows Media Player\WMPNSCFG.exe [2006-10-18 204288]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LTMSG]
LTMSG.exe 7 []

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NvCplDaemon]
C:\WINDOWS\System32\NvCpl.dll [2008-10-07 13574144]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
C:\Program Files\QuickTime\qttask.exe [2005-04-24 77824]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TkBellExe]
C:\Program Files\Common Files\Real\Update_OB\realsched.exe [2007-02-16 185896]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Acrobat Assistant.lnk]
C:\PROGRA~1\Adobe\ACROBA~1.0\Distillr\acrotray.exe [2003-10-23 217194]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^HP Digital Imaging Monitor.lnk.disabled]
C:\Documents and Settings\All Users\Start Menu\Programs\Startup\HP Digital Imaging Monitor.lnk.disabled []

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Quicken Scheduled Updates.lnk.disabled]
C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Quicken Scheduled Updates.lnk.disabled []

C:\Documents and Settings\All Users\Start Menu\Programs\Startup
QuickBooks Update Agent.lnk - C:\Program Files\Common Files\Intuit\QuickBooks\QBUpdate\qbupdate.exe

C:\Documents and Settings\Owner\Start Menu\Programs\Startup
SpywareGuard.lnk - C:\Program Files\SpywareGuard\sgmain.exe

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\cabdebc]
C:\WINDOWS\system32\cabdebc.dll [2002-08-05 312847]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\igfxcui]
C:\WINDOWS\system32\igfxsrvc.dll [2003-04-07 315392]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\WgaLogon]
C:\WINDOWS\system32\WgaLogon.dll [2008-09-05 241704]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad]
WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll [2006-10-18 133632]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks]
"{81559C35-8464-49F7-BB0E-07A383BEF910} "=C:\Program Files\SpywareGuard\spywareguard.dll [2003-08-02 126976]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa]
"authentication packages "=msv1_0
relog_ap

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\ati5ukxx.sys]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\ati6bkxx.sys]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\ati5ukxx.sys]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\ati6bkxx.sys]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\UploadMgr]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"dontdisplaylastusername "=1
"legalnoticecaption "=
"legalnoticetext "=
"shutdownwithoutlogon "=1
"undockwithoutlogon "=1

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoDrives "=0
"NoDriveAutoRun "=67108863
"NoDriveTypeAutoRun "=323

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoDriveTypeAutoRun "=
"NoDrives "=
"NoDriveAutoRun "=

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
"C:\Program Files\Real\RealOne Player\realplay.exe "= "C:\Program Files\Real\RealOne Player\realplay.exe:*:Enabled:RealPlayer "
"C:\WINDOWS\system32\mshta.exe "= "C:\WINDOWS\system32\mshta.exe:*isabled:Microsoft (R) HTML Application host "
"C:\WINDOWS\system32\sessmgr.exe "= "C:\WINDOWS\system32\sessmgr.exe:*isabledxpsp2res.dll,-22019 "
"C:\Program Files\Messenger\msmsgs.exe "= "C:\Program Files\Messenger\msmsgs.exe:*:Enabled:Windows Messenger "
"%windir%\system32\sessmgr.exe "= "%windir%\system32\sessmgr.exe:*:enabledxpsp2res.dll,-22019 "
"C:\WINDOWS\system32\mmc.exe "= "C:\WINDOWS\system32\mmc.exe:*:Enabled:Microsoft Management Console "
"C:\Program Files\eMule\emule.exe "= "C:\Program Files\eMule\emule.exe:*:Enabled:eMule "
"%windir%\Network Diagnostic\xpnetdiag.exe "= "%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabledxpsp3res.dll,-20000 "
"C:\Program Files\NovaLogic\Delta Force Black Hawk Down\UPDATE.EXE "= "C:\Program Files\NovaLogic\Delta Force Black Hawk Down\UPDATE.EXE:*:Enabled:UPDATE "
"C:\Program Files\NovaLogic\Delta Force Black Hawk Down\DFBHDLC.EXE "= "C:\Program Files\NovaLogic\Delta Force Black Hawk Down\DFBHDLC.EXE:*:EnabledFBHDLC "
"C:\WINDOWS\system32\dpnsvr.exe "= "C:\WINDOWS\system32\dpnsvr.exe:*:Enabled:Microsoft DirectPlay8 Server "
"C:\Program Files\Microsoft Games\Dungeon Siege\DSLOA.exe "= "C:\Program Files\Microsoft Games\Dungeon Siege\DSLOA.exe:*:Enabledungeon Siege: Legends of Aranna Game Executable "
"C:\Program Files\Autodesk\3dsMax8\3dsmax.exe "= "C:\Program Files\Autodesk\3dsMax8\3dsmax.exe:*:Enabled:Autodesk 3ds Max 8 "
"C:\Program Files\Autodesk\backburner\monitor.exe "= "C:\Program Files\Autodesk\backburner\monitor.exe:*:Enabled:backburner 2.3 monitor "
"C:\Program Files\Autodesk\backburner\manager.exe "= "C:\Program Files\Autodesk\backburner\manager.exe:*:Enabled:backburner 2.3 manager "
"C:\Program Files\Autodesk\backburner\server.exe "= "C:\Program Files\Autodesk\backburner\server.exe:*:Enabled:backburner 2.3 server "
"C:\Program Files\Network Associates\Common Framework\FrameworkService.exe "= "C:\Program Files\Network Associates\Common Framework\FrameworkService.exe:*:Enabled:McAfee Framework Service "
"C:\Program Files\Acronis\TrueImageEnterpriseServer\TrueImage.exe "= "C:\Program Files\Acronis\TrueImageEnterpriseServer\TrueImage.exe:*:Enabled:TrueImage "
"C:\Program Files\Microsoft Visual Studio .NET 2003\Common7\IDE\devenv.exe "= "C:\Program Files\Microsoft Visual Studio .NET 2003\Common7\IDE\devenv.exe:*:Enabled:Microsoft Visual Studio .NET 2003 "
"C:\Program Files\Microsoft Games\Microsoft Flight Simulator X\fsx.exe "= "C:\Program Files\Microsoft Games\Microsoft Flight Simulator X\fsx.exe:*:Enabled:Microsoft Flight Simulator® "
"C:\Program Files\Microsoft Office\OFFICE11\WINWORD.EXE "= "C:\Program Files\Microsoft Office\OFFICE11\WINWORD.EXE:*:Enabled:Microsoft Office Word "
"C:\Program Files\Itiva\Itiva Media Accelerator\ItivaMediaAccelerator.exe "= "C:\Program Files\Itiva\Itiva Media Accelerator\ItivaMediaAccelerator.exe:*:Enabled:Itiva Media Accelerator "
"C:\Program Files\Microsoft Office\OFFICE11\FRONTPG.EXE "= "C:\Program Files\Microsoft Office\OFFICE11\FRONTPG.EXE:*:Enabled:Microsoft Office FrontPage "
"C:\Program Files\Intuit\QuickBooks 2008\QBDBMgrN.exe "= "C:\Program Files\Intuit\QuickBooks 2008\QBDBMgrN.exe:*:Enabled:QuickBooks 2008 Data Manager "
"C:\Program Files\EA GAMES\Need for Speed Most Wanted\speed.exe "= "C:\Program Files\EA GAMES\Need for Speed Most Wanted\speed.exe:*:Enabled:speed "
"C:\Program Files\Electronic Arts\Need for Speed Carbon\NFSC.exe "= "C:\Program Files\Electronic Arts\Need for Speed Carbon\NFSC.exe:*:Enabled:NFSC "
"C:\Program Files\Electronic Arts\Need for Speed ProStreet\nfs.exe "= "C:\Program Files\Electronic Arts\Need for Speed ProStreet\nfs.exe:*:Enabled:nfs "

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]
"%windir%\system32\sessmgr.exe "= "%windir%\system32\sessmgr.exe:*:enabledxpsp2res.dll,-22019 "
"%windir%\Network Diagnostic\xpnetdiag.exe "= "%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabledxpsp3res.dll,-20000 "

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{7cfc5da1-ab69-11dd-a99d-0018f80a4cce}]
shell\AutoRun\command - C:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL L:\m.exe /s

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{f1352e16-741a-11d9-add9-000c6eb4c11f}]
shell\AutoRun\command - C:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL M:\m.exe /s


======List of files/folders created in the last 3 months======

2008-12-28 18:25:32 ----D---- C:\Program Files\trend micro
2008-12-28 18:25:31 ----D---- C:\rsit
2008-12-27 21:00:59 ----SHD---- C:\RECYCLER
2008-12-27 15:20:38 ----A---- C:\ComboFix.txt
2008-12-27 14:57:52 ----A---- C:\WINDOWS\zip.exe
2008-12-27 14:57:52 ----A---- C:\WINDOWS\VFIND.exe
2008-12-27 14:57:52 ----A---- C:\WINDOWS\SWSC.exe
2008-12-27 14:57:52 ----A---- C:\WINDOWS\SWREG.exe
2008-12-27 14:57:52 ----A---- C:\WINDOWS\sed.exe
2008-12-27 14:57:52 ----A---- C:\WINDOWS\NIRCMD.exe
2008-12-27 14:57:52 ----A---- C:\WINDOWS\grep.exe
2008-12-27 14:57:52 ----A---- C:\WINDOWS\fdsv.exe
2008-12-27 14:57:51 ----A---- C:\WINDOWS\SWXCACLS.exe
2008-12-17 22:39:24 ----D---- C:\Documents and Settings\Owner\Application Data\4200Series
2008-12-17 20:38:56 ----D---- C:\Program Files\Mozilla Firefox
2008-12-16 20:45:52 ----A---- C:\WINDOWS\system32\LXBRPMUI.DLL
2008-12-16 20:45:52 ----A---- C:\WINDOWS\system32\LXBRPMRC.DLL
2008-12-16 20:45:52 ----A---- C:\WINDOWS\system32\LXBRPMON.DLL
2008-12-16 20:45:51 ----RA---- C:\WINDOWS\system32\IMHOST32.DLL
2008-12-16 20:45:51 ----RA---- C:\WINDOWS\system32\IMGMAN32.DLL
2008-12-16 20:45:35 ----D---- C:\Documents and Settings\All Users\Application Data\4200Series
2008-12-16 20:44:30 ----D---- C:\Lxk4-1Fax
2008-12-16 20:08:16 ----A---- C:\WINDOWS\lexstat.ini
2008-12-16 20:07:45 ----A---- C:\WINDOWS\system32\lxbmvs.dll
2008-12-16 20:07:45 ----A---- C:\WINDOWS\system32\lxbmpwr.dll
2008-12-16 20:07:43 ----A---- C:\WINDOWS\system32\lxbmcomm.dll
2008-12-16 20:07:42 ----A---- C:\WINDOWS\system32\LEXPPS.EXE
2008-12-16 20:07:42 ----A---- C:\WINDOWS\system32\LEXP2P32.DLL
2008-12-16 20:07:42 ----A---- C:\WINDOWS\system32\LEXBCES.EXE
2008-12-16 20:07:42 ----A---- C:\WINDOWS\system32\LEXBCE.DLL
2008-12-16 20:07:42 ----A---- C:\WINDOWS\system32\LEX2KUSB.DLL
2008-12-16 20:07:40 ----A---- C:\WINDOWS\system32\LEXLMPM.DLL
2008-12-16 20:07:23 ----A---- C:\WINDOWS\system32\wiafbdrv.dll
2008-12-16 20:07:00 ----A---- C:\WINDOWS\system32\lxbmscin.dll
2008-12-16 20:06:59 ----A---- C:\WINDOWS\system32\lxbmcoin.ini
2008-12-16 20:06:59 ----A---- C:\WINDOWS\system32\lxbmcoin.dll
2008-12-16 20:06:59 ----A---- C:\WINDOWS\system32\lxbmcinf.dll
2008-12-16 20:06:54 ----D---- C:\Program Files\Lexmark 4200 Series
2008-12-16 20:06:53 ----A---- C:\WINDOWS\system32\LXBMUTIL.DLL
2008-12-16 20:06:53 ----A---- C:\WINDOWS\system32\LXBMJSWR.DLL
2008-12-16 20:06:53 ----A---- C:\WINDOWS\system32\LXBMIH.EXE
2008-12-16 20:06:53 ----A---- C:\WINDOWS\system32\LEXPING.EXE
2008-12-16 20:06:52 ----A---- C:\WINDOWS\system32\LXBMGF.DLL
2008-12-16 20:06:52 ----A---- C:\WINDOWS\system32\LXBMCUR.DLL
2008-12-16 20:06:52 ----A---- C:\WINDOWS\system32\LXBMCU.DLL
2008-12-16 20:06:52 ----A---- C:\WINDOWS\system32\LXBMCFG.EXE
2008-12-16 20:06:51 ----A---- C:\WINDOWS\system32\LXBMPMNT.DLL
2008-12-16 20:06:51 ----A---- C:\WINDOWS\system32\LXBMLSNT.EXE
2008-12-16 20:06:51 ----A---- C:\WINDOWS\system32\LXBMLCNT.DLL
2008-12-16 20:06:51 ----A---- C:\WINDOWS\system32\LXBMLCNP.DLL
2008-12-16 20:06:51 ----A---- C:\WINDOWS\system32\INSTMON.EXE
2008-12-16 20:06:18 ----D---- C:\Lxk4200
2008-12-14 10:14:41 ----D---- C:\Program Files\ArtMoney
2008-12-12 22:04:19 ----D---- C:\WINDOWS\system32\AGEIA
2008-12-12 22:04:18 ----D---- C:\Program Files\AGEIA Technologies
2008-12-12 22:03:39 ----D---- C:\WINDOWS\NV2801576.TMP
2008-12-12 12:07:35 ----A---- C:\WINDOWS\hw.ini
2008-12-12 11:37:32 ----D---- C:\Program Files\Crystal Fireplace 3D Screensaver
2008-12-12 11:37:32 ----A---- C:\WINDOWS\system32\Crystal Fireplace 3D Screensaver.exe
2008-12-12 11:30:13 ----A---- C:\tv3d_debug.txt
2008-12-12 11:29:53 ----A---- C:\WINDOWS\system32\tvutil62.dll
2008-12-12 11:29:53 ----A---- C:\WINDOWS\system32\tvmedia.dll
2008-12-12 11:29:53 ----A---- C:\WINDOWS\system32\truevision3d.dll
2008-12-12 11:25:50 ----A---- C:\WINDOWS\system32\Fireplace 3D Screensaver.exe
2008-12-12 11:25:49 ----D---- C:\Program Files\Fireplace 3D Screensaver
2008-12-12 11:11:48 ----D---- C:\Program Files\Freeze.com
2008-12-11 20:52:42 ----HDC---- C:\WINDOWS\$NtUninstallKB955839$
2008-12-11 20:46:02 ----HDC---- C:\WINDOWS\$NtUninstallKB952069_WM9$
2008-12-11 20:44:56 ----HDC---- C:\WINDOWS\$NtUninstallKB954600$
2008-12-11 20:44:45 ----HDC---- C:\WINDOWS\$NtUninstallKB956802$
2008-12-11 00:27:24 ----A---- C:\WINDOWS\7F32E9C439C8661BA3C956BE9856EEF.exe
2008-12-08 20:25:46 ----D---- C:\Program Files\nLite
2008-12-06 00:27:24 ----A---- C:\WINDOWS\A8C173C14AF86550C6A4D959DB128623.exe
2008-12-01 21:29:53 ----D---- C:\XPSETUP
2008-12-01 00:27:22 ----A---- C:\WINDOWS\E6185E638645F12C09777196656DD16.exe
2008-11-26 00:22:20 ----A---- C:\WINDOWS\CF1F677DBF251E07B1B17703054E185.exe
2008-11-23 14:38:17 ----A---- C:\WINDOWS\system32\TubeFinder.exe
2008-11-23 14:38:16 ----A---- C:\WINDOWS\system32\VB6FR.DLL
2008-11-23 14:38:15 ----A---- C:\WINDOWS\system32\PCCLPFR.DLL
2008-11-23 14:38:15 ----A---- C:\WINDOWS\system32\MSCMCFR.DLL
2008-11-23 14:38:15 ----A---- C:\WINDOWS\system32\CMDLGFR.DLL
2008-11-23 14:38:14 ----D---- C:\Program Files\Free FLV Converter
2008-11-21 16:35:39 ----D---- C:\WINDOWS\ERDNT
2008-11-21 16:35:39 ----D---- C:\Qoobox
2008-11-21 16:35:33 ----A---- C:\WINDOWS\LCDMedia.INI
2008-11-21 10:16:30 ----D---- C:\~ErdUserProfile.$$$
2008-11-21 00:17:19 ----A---- C:\WINDOWS\F1A295384C0AEF22549F1195F2A7C2.exe
2008-11-21 00:11:54 ----A---- C:\WINDOWS\system32\73f1719c-.txt
2008-11-20 23:37:49 ----D---- C:\Documents and Settings\Owner\Application Data\FLVPlayer4Free
2008-11-20 23:37:36 ----D---- C:\Program Files\FLVPlayer4Free
2008-11-14 13:14:34 ----A---- C:\bxid.txt
2008-11-14 12:57:11 ----D---- C:\Documents and Settings\Owner\Application Data\Malwarebytes
2008-11-14 12:57:05 ----D---- C:\Documents and Settings\All Users\Application Data\Malwarebytes
2008-11-14 12:57:04 ----D---- C:\Program Files\Malwarebytes' Anti-Malware
2008-11-13 18:40:25 ----A---- C:\WINDOWS\Model.txt
2008-11-12 06:04:27 ----HDC---- C:\WINDOWS\$NtUninstallKB957097$
2008-11-12 06:02:45 ----HDC---- C:\WINDOWS\$NtUninstallKB954459$
2008-11-12 06:01:33 ----HDC---- C:\WINDOWS\$NtUninstallKB955069$
2008-11-07 08:01:41 ----D---- C:\Program Files\Acronis
2008-11-06 17:24:12 ----D---- C:\Program Files\AVIConverter
2008-11-06 17:17:50 ----D---- C:\Documents and Settings\Owner\Application Data\AVS4YOU
2008-11-06 13:54:14 ----D---- C:\Program Files\Common Files\ArcSoft
2008-11-06 13:54:13 ----A---- C:\WINDOWS\system32\unicows.dll
2008-11-06 13:50:50 ----A---- C:\WINDOWS\system32\JpegCode.dll
2008-11-06 13:50:50 ----A---- C:\WINDOWS\system32\CoachWrp.dll
2008-11-06 13:50:49 ----A---- C:\WINDOWS\system32\CoachWia.dll
2008-11-06 13:50:49 ----A---- C:\WINDOWS\system32\CoachDlg.dll
2008-11-06 13:50:35 ----D---- C:\Documents and Settings\Owner\Application Data\InstallShield
2008-11-05 13:13:41 ----D---- C:\Program Files\BreakPoint Software
2008-11-02 14:35:03 ----D---- C:\examples
2008-10-26 01:18:46 ----D---- C:\Documents and Settings\Owner\Application Data\Video Converter for Any Flv Player
2008-10-26 01:18:25 ----D---- C:\Program Files\Any Flv Player
2008-10-24 05:01:11 ----HDC---- C:\WINDOWS\$NtUninstallKB958644$
2008-10-15 05:09:41 ----HDC---- C:\WINDOWS\$NtUninstallKB956803$
2008-10-15 05:09:31 ----HDC---- C:\WINDOWS\$NtUninstallKB956391$
2008-10-15 05:09:21 ----HDC---- C:\WINDOWS\$NtUninstallKB957095$
2008-10-15 05:05:21 ----HDC---- C:\WINDOWS\$NtUninstallKB954211$
2008-10-15 05:05:08 ----HDC---- C:\WINDOWS\$NtUninstallKB956841$
2008-10-15 05:02:42 ----HDC---- C:\WINDOWS\$NtUninstallKB953155$
2008-10-01 14:46:47 ----D---- C:\Program Files\Sun
2008-10-01 14:46:39 ----A---- C:\WINDOWS\system32\javaws.exe
2008-10-01 14:46:39 ----A---- C:\WINDOWS\system32\javaw.exe
2008-10-01 14:46:39 ----A---- C:\WINDOWS\system32\java.exe
2008-10-01 11:33:54 ----D---- C:\MCE
2008-10-01 11:33:52 ----A---- C:\WINDOWS\asym.ini
2008-09-30 16:43:34 ----A---- C:\WINDOWS\system32\msxml4.dll

======List of files/folders modified in the last 3 months======

2008-12-28 18:38:32 ----SHD---- C:\Config.Msi
2008-12-28 18:38:24 ----SHD---- C:\WINDOWS\Installer
2008-12-28 18:38:23 ----D---- C:\WINDOWS\system32\inetsrv
2008-12-28 18:36:56 ----D---- C:\WINDOWS
2008-12-28 18:36:32 ----D---- C:\WINDOWS\system32
2008-12-28 18:35:02 ----D---- C:\Program Files
2008-12-28 17:18:57 ----D---- C:\WINDOWS\system32\drivers
2008-12-28 17:06:47 ----D---- C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy
2008-12-28 17:06:44 ----D---- C:\WINDOWS\Debug
2008-12-28 16:57:21 ----D---- C:\WINDOWS\Temp
2008-12-28 16:57:21 ----D---- C:\WINDOWS\system32\ias
2008-12-28 16:57:16 ----A---- C:\WINDOWS\ModemLog_Communications cable between two computers.txt
2008-12-28 16:53:51 ----A---- C:\WINDOWS\SchedLgU.Txt
2008-12-28 16:31:14 ----D---- C:\Program Files\Easy Internet signup
2008-12-28 16:21:58 ----SD---- C:\WINDOWS\Downloaded Program Files
2008-12-28 16:21:49 ----D---- C:\Program Files\Common Files
2008-12-28 16:15:10 ----D---- C:\Program Files\Quicken Legal Products
2008-12-28 16:13:20 ----D---- C:\Program Files\E-Book Systems
2008-12-28 16:13:17 ----D---- C:\WINDOWS\Prefetch
2008-12-28 16:12:41 ----D---- C:\Program Files\ProFantasy Software Ltd
2008-12-28 16:12:25 ----HD---- C:\Program Files\InstallShield Installation Information
2008-12-28 16:12:25 ----D---- C:\CC2
2008-12-28 16:10:14 ----D---- C:\Program Files\Common Files\Wise Installation Wizard
2008-12-28 16:10:09 ----D---- C:\Program Files\Lavasoft
2008-12-27 22:22:30 ----D---- C:\QUARANTINE
2008-12-27 22:16:31 ----D---- C:\WINDOWS\system32\CatRoot2
2008-12-27 15:10:21 ----A---- C:\WINDOWS\system.ini
2008-12-27 15:06:07 ----D---- C:\WINDOWS\system32\config
2008-12-27 15:03:45 ----D---- C:\WINDOWS\AppPatch
2008-12-25 20:35:33 ----SD---- C:\Documents and Settings\All Users\Application Data\Microsoft
2008-12-25 20:35:24 ----HD---- C:\WINDOWS\inf
2008-12-25 01:11:19 ----D---- C:\Documents and Settings\All Users\Application Data\Google Updater
2008-12-18 21:30:46 ----D---- C:\Documents and Settings\Owner\Application Data\AdobeUM
2008-12-17 22:36:22 ----RSHDC---- C:\WINDOWS\system32\dllcache
2008-12-17 22:35:36 ----HD---- C:\WINDOWS\$hf_mig$
2008-12-17 20:39:19 ----D---- C:\Documents and Settings\Owner\Application Data\Mozilla
2008-12-16 20:46:39 ----D---- C:\downloads
2008-12-16 16:36:36 ----A---- C:\WINDOWS\system32\PnkBstrB.exe
2008-12-13 18:38:52 ----A---- C:\WINDOWS\system32\PnkBstrA.exe
2008-12-13 17:57:04 ----D---- C:\WINDOWS\system32\DirectX
2008-12-13 13:02:26 ----D---- C:\Program Files\eMule
2008-12-13 01:40:02 ----A---- C:\WINDOWS\system32\mshtml.dll
2008-12-12 22:07:45 ----D---- C:\WINDOWS\nview
2008-12-12 22:03:36 ----D---- C:\WINDOWS\Help
2008-12-12 22:02:12 ----D---- C:\NVIDIA
2008-12-12 07:42:26 ----D---- C:\WINDOWS\system32\NtmsData
2008-12-11 20:51:58 ----A---- C:\WINDOWS\win.ini
2008-12-11 20:49:41 ----D---- C:\Program Files\Internet Explorer
2008-12-11 08:56:23 ----D---- C:\Lotto1
2008-12-09 18:24:37 ----A---- C:\WINDOWS\system32\MRT.exe
2008-12-08 11:32:23 ----D---- C:\Program Files\Spybot - Search & Destroy
2008-11-30 02:01:14 ----A---- C:\WINDOWS\ModemLog_Agere Win Modem #2.txt
2008-11-29 22:35:48 ----D---- C:\Program Files\LucasArts
2008-11-25 19:58:23 ----D---- C:\WINDOWS\security
2008-11-23 14:50:42 ----D---- C:\Program Files\NCH Swift Sound
2008-11-23 14:50:42 ----D---- C:\Documents and Settings\All Users\Application Data\NCH Swift Sound
2008-11-23 13:55:31 ----D---- C:\Program Files\WM Converter
2008-11-23 13:51:05 ----AD---- C:\Documents and Settings\All Users\Application Data\TEMP
2008-11-22 12:43:04 ----D---- C:\Program Files\CleanUp!
2008-11-21 16:42:33 ----SD---- C:\WINDOWS\Tasks
2008-11-21 16:41:12 ----D---- C:\WINDOWS\system
2008-11-20 22:46:34 ----A---- C:\WINDOWS\videomvp.ini
2008-11-20 10:37:18 ----D---- C:\Documents and Settings\Owner\Application Data\AVSMedia
2008-11-20 08:51:46 ----D---- C:\WINDOWS\system32\CatRoot
2008-11-12 06:01:00 ----D---- C:\WINDOWS\WinSxS
2008-11-11 09:52:07 ----D---- C:\Program Files\FS Panel Studio
2008-11-07 08:01:51 ----D---- C:\Program Files\Common Files\Acronis
2008-11-06 17:17:09 ----D---- C:\Program Files\AVS4YOU
2008-11-06 16:51:22 ----D---- C:\WINDOWS\system32\wbem
2008-11-06 16:51:21 ----A---- C:\WINDOWS\system32\PerfStringBackup.INI
2008-11-06 13:56:13 ----D---- C:\Documents and Settings\Owner\Application Data\ArcSoft
2008-11-06 13:53:37 ----D---- C:\Program Files\ArcSoft
2008-11-04 15:45:59 ----N---- C:\WINDOWS\Setup1.exe
2008-11-04 13:10:59 ----D---- C:\WINDOWS\system32\FxsTmp
2008-11-02 13:45:09 ----D---- C:\WINDOWS\Toolbar List
2008-10-26 01:33:34 ----D---- C:\Program Files\FLV Player
2008-10-23 07:36:14 ----A---- C:\WINDOWS\system32\gdi32.dll
2008-10-23 05:06:59 ----N---- C:\WINDOWS\system32\tzchange.exe
2008-10-16 15:38:40 ----A---- C:\WINDOWS\system32\wininet.dll
2008-10-16 15:38:39 ----A---- C:\WINDOWS\system32\webcheck.dll
2008-10-16 15:38:39 ----A---- C:\WINDOWS\system32\urlmon.dll
2008-10-16 15:38:39 ----A---- C:\WINDOWS\system32\url.dll
2008-10-16 15:38:39 ----A---- C:\WINDOWS\system32\pngfilt.dll
2008-10-16 15:38:39 ----A---- C:\WINDOWS\system32\occache.dll
2008-10-16 15:38:39 ----A---- C:\WINDOWS\system32\mstime.dll
2008-10-16 15:38:38 ----A---- C:\WINDOWS\system32\msrating.dll
2008-10-16 15:38:38 ----A---- C:\WINDOWS\system32\mshtmled.dll
2008-10-16 15:38:37 ----A---- C:\WINDOWS\system32\msfeedsbs.dll
2008-10-16 15:38:37 ----A---- C:\WINDOWS\system32\msfeeds.dll
2008-10-16 15:38:37 ----A---- C:\WINDOWS\system32\jsproxy.dll
2008-10-16 15:38:37 ----A---- C:\WINDOWS\system32\iertutil.dll
2008-10-16 15:38:37 ----A---- C:\WINDOWS\system32\iernonce.dll
2008-10-16 15:38:37 ----A---- C:\WINDOWS\system32\ieframe.dll
2008-10-16 15:38:35 ----A---- C:\WINDOWS\system32\iedkcs32.dll
2008-10-16 15:38:35 ----A---- C:\WINDOWS\system32\ieapfltr.dll
2008-10-16 15:38:35 ----A---- C:\WINDOWS\system32\ieaksie.dll
2008-10-16 15:38:35 ----A---- C:\WINDOWS\system32\ieakeng.dll
2008-10-16 15:38:35 ----A---- C:\WINDOWS\system32\icardie.dll
2008-10-16 15:38:35 ----A---- C:\WINDOWS\system32\extmgr.dll
2008-10-16 15:38:34 ----A---- C:\WINDOWS\system32\dxtrans.dll
2008-10-16 15:38:34 ----A---- C:\WINDOWS\system32\dxtmsft.dll
2008-10-16 15:38:34 ----A---- C:\WINDOWS\system32\advpack.dll
2008-10-16 14:13:40 ----A---- C:\WINDOWS\system32\wuweb.dll
2008-10-16 14:13:40 ----A---- C:\WINDOWS\system32\wuaueng.dll
2008-10-16 14:12:22 ----A---- C:\WINDOWS\system32\wucltui.dll
2008-10-16 14:12:20 ----A---- C:\WINDOWS\system32\wuapi.dll
2008-10-16 14:09:44 ----A---- C:\WINDOWS\system32\wups2.dll
2008-10-16 14:09:44 ----A---- C:\WINDOWS\system32\wuauclt.exe
2008-10-16 14:09:44 ----A---- C:\WINDOWS\system32\cdm.dll
2008-10-16 14:09:40 ----A---- C:\WINDOWS\system32\wucltui.dll.mui
2008-10-16 14:08:58 ----A---- C:\WINDOWS\system32\wups.dll
2008-10-16 14:07:44 ----A---- C:\WINDOWS\system32\wuapi.dll.mui
2008-10-16 14:07:14 ----A---- C:\WINDOWS\system32\wuaueng.dll.mui
2008-10-16 14:06:48 ----A---- C:\WINDOWS\system32\muweb.dll
2008-10-16 14:06:48 ----A---- C:\WINDOWS\system32\mucltui.dll.mui
2008-10-16 14:06:48 ----A---- C:\WINDOWS\system32\mucltui.dll
2008-10-16 08:11:09 ----A---- C:\WINDOWS\system32\ieudinit.exe
2008-10-16 08:11:09 ----A---- C:\WINDOWS\system32\ie4uinit.exe
2008-10-15 11:34:24 ----A---- C:\WINDOWS\system32\netapi32.dll
2008-10-15 02:04:53 ----A---- C:\WINDOWS\system32\ieakui.dll
2008-10-07 13:33:00 ----A---- C:\WINDOWS\system32\nwiz.exe
2008-10-07 13:33:00 ----A---- C:\WINDOWS\system32\nvwss.dll
2008-10-07 13:33:00 ----A---- C:\WINDOWS\system32\nvwimg.dll
2008-10-07 13:33:00 ----A---- C:\WINDOWS\system32\nvwdmcpl.dll
2008-10-07 13:33:00 ----A---- C:\WINDOWS\system32\nvwddi.dll
2008-10-07 13:33:00 ----A---- C:\WINDOWS\system32\nvvitvs.dll
2008-10-07 13:33:00 ----A---- C:\WINDOWS\system32\nvudisp.exe
2008-10-07 13:33:00 ----A---- C:\WINDOWS\system32\nvsvc32.exe
2008-10-07 13:33:00 ----A---- C:\WINDOWS\system32\nvshell.dll
2008-10-07 13:33:00 ----A---- C:\WINDOWS\system32\nvoglnt.dll
2008-10-07 13:33:00 ----A---- C:\WINDOWS\system32\nvnt4cpl.dll
2008-10-07 13:33:00 ----A---- C:\WINDOWS\system32\nvmobls.dll
2008-10-07 13:33:00 ----A---- C:\WINDOWS\system32\nvmctray.dll
2008-10-07 13:33:00 ----A---- C:\WINDOWS\system32\nvmccss.dll
2008-10-07 13:33:00 ----A---- C:\WINDOWS\system32\nvmccsrs.dll
2008-10-07 13:33:00 ----A---- C:\WINDOWS\system32\nvmccs.dll
2008-10-07 13:33:00 ----A---- C:\WINDOWS\system32\nview.dll
2008-10-07 13:33:00 ----A---- C:\WINDOWS\system32\nvgames.dll
2008-10-07 13:33:00 ----A---- C:\WINDOWS\system32\nvdspsch.exe
2008-10-07 13:33:00 ----A---- C:\WINDOWS\system32\nvdisps.dll
2008-10-07 13:33:00 ----A---- C:\WINDOWS\system32\nvcuda.dll
2008-10-07 13:33:00 ----A---- C:\WINDOWS\system32\nvcplui.exe
2008-10-07 13:33:00 ----A---- C:\WINDOWS\system32\nvcpl.dll
2008-10-07 13:33:00 ----A---- C:\WINDOWS\system32\nvcolor.exe
2008-10-07 13:33:00 ----A---- C:\WINDOWS\system32\nvcodins.dll
2008-10-07 13:33:00 ----A---- C:\WINDOWS\system32\nvcod.dll
2008-10-07 13:33:00 ----A---- C:\WINDOWS\system32\nvappbar.exe
2008-10-07 13:33:00 ----A---- C:\WINDOWS\system32\nvapi.dll
2008-10-07 13:33:00 ----A---- C:\WINDOWS\system32\nv4_disp.dll
2008-10-07 13:33:00 ----A---- C:\WINDOWS\system32\keystone.exe
2008-10-03 05:02:42 ----A---- C:\WINDOWS\system32\strmdll.dll
2008-10-02 10:07:58 ----A---- C:\WINDOWS\system32\NVUNINST.EXE
2008-10-02 09:14:58 ----D---- C:\gmax
2008-10-01 14:46:38 ----D---- C:\Program Files\Java

======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R1 AFS2K;AFS2k; C:\WINDOWS\system32\drivers\AFS2K.sys [2004-09-29 43672]
R1 Cdr4_xp;Cdr4_xp; C:\WINDOWS\system32\drivers\Cdr4_xp.sys [2006-10-04 2432]
R1 Cdralw2k;Cdralw2k; C:\WINDOWS\system32\drivers\Cdralw2k.sys [2006-10-04 2560]
R1 cdudf_xp;cdudf_xp; C:\WINDOWS\system32\drivers\cdudf_xp.sys [2004-10-05 249088]
R1 intelppm;Intel Processor Driver; C:\WINDOWS\System32\DRIVERS\intelppm.sys [2008-04-13 36352]
R1 kbdhid;Keyboard HID Driver; C:\WINDOWS\system32\DRIVERS\kbdhid.sys [2008-04-13 14592]
R1 mferkdk;VSCore mferkdk; \??\C:\Program Files\McAfee\VirusScan Enterprise\mferkdk.sys []
R1 mfetdik;McAfee Inc.; C:\WINDOWS\system32\drivers\mfetdik.sys [2006-11-30 52136]
R1 NaiAvTdi1;NaiAvTdi1; C:\WINDOWS\system32\drivers\mvstdi5x.sys [2004-12-23 58464]
R1 pwd_2k;pwd_2k; C:\WINDOWS\system32\drivers\pwd_2k.sys [2003-01-13 118422]
R1 SiSkp;SiSkp; C:\WINDOWS\System32\DRIVERS\srvkp.sys [2003-04-11 10624]
R1 Tcpip6;Microsoft IPv6 Protocol Driver; C:\WINDOWS\system32\DRIVERS\tcpip6.sys [2008-06-20 225856]
R1 UdfReadr_xp;UdfReadr_xp; C:\WINDOWS\system32\drivers\UdfReadr_xp.sys [2003-01-13 206464]
R1 WS2IFSL;Windows Socket 2.0 Non-IFS Service Provider Support Environment; C:\WINDOWS\System32\drivers\ws2ifsl.sys [2004-08-03 12032]
R2 Aspi32;Aspi32; C:\WINDOWS\system32\drivers\Aspi32.sys [2002-08-14 17005]
R2 MCSTRM;MCSTRM; C:\WINDOWS\system32\drivers\MCSTRM.sys [2006-03-02 8413]
R2 tifsfilter;Acronis True Image FS Filter; C:\WINDOWS\system32\DRIVERS\tifsfilt.sys [2008-11-07 32288]
R2 tmcomm;tmcomm; \??\C:\WINDOWS\system32\drivers\tmcomm.sys []
R3 Afc;PPdus ASPI Shell; C:\WINDOWS\system32\drivers\Afc.sys [2005-02-23 11776]
R3 ALCXWDM;Service for Realtek AC97 Audio (WDM); C:\WINDOWS\system32\drivers\ALCXWDM.SYS [2004-10-01 2279424]
R3 Arp1394;1394 ARP Client Protocol; C:\WINDOWS\System32\DRIVERS\arp1394.sys [2008-04-13 60800]
R3 Dot4 HPH11;Dot4 HPH11; C:\WINDOWS\System32\DRIVERS\hphid411.sys [2002-11-22 50896]
R3 Dot4Print HPH11;Print Class Driver for IEEE-1284.4 HPH11; C:\WINDOWS\System32\DRIVERS\hphipr11.sys [2002-11-22 16112]
R3 Dot4Storage HPH11;Storage Class Driver for IEEE-1284.4 (HPH11); C:\WINDOWS\System32\Drivers\hphs2k11.sys [2002-11-22 50276]
R3 Dot4Usb HPH11;Dot4Usb HPH11; C:\WINDOWS\System32\drivers\hphius11.sys [2002-11-22 18928]
R3 dvd_2K;dvd_2K; C:\WINDOWS\system32\drivers\dvd_2K.sys [2004-10-05 21719]
R3 HidUsb;Microsoft HID Class Driver; C:\WINDOWS\system32\DRIVERS\hidusb.sys [2008-04-13 10368]
R3 mfeapfk;McAfee Inc.; C:\WINDOWS\system32\drivers\mfeapfk.sys [2006-11-30 64360]
R3 mfeavfk;McAfee Inc.; C:\WINDOWS\system32\drivers\mfeavfk.sys [2006-11-30 72264]
R3 mfebopk;McAfee Inc.; C:\WINDOWS\system32\drivers\mfebopk.sys [2006-11-30 34152]
R3 mfehidk;McAfee Inc.; C:\WINDOWS\system32\drivers\mfehidk.sys [2007-02-22 170408]
R3 mouhid;Mouse HID Driver; C:\WINDOWS\System32\DRIVERS\mouhid.sys [2004-08-03 12160]
R3 NIC1394;1394 Net Driver; C:\WINDOWS\System32\DRIVERS\nic1394.sys [2008-04-13 61824]
R3 nv;nv; C:\WINDOWS\System32\DRIVERS\nv4_mini.sys [2008-10-07 6133856]
R3 pfc;Padus ASPI Shell; C:\WINDOWS\system32\drivers\pfc.sys [2002-10-01 9856]
R3 ROOTMODEM;Microsoft Legacy Modem Driver; C:\WINDOWS\System32\Drivers\RootMdm.sys [2004-08-03 5888]
R3 RTL8023xp;Linksys EG1032 v3 Instant Gigabit Desktop Network Adapter Driver; C:\WINDOWS\system32\DRIVERS\EG1032xp.sys [2005-01-31 71040]
R3 SunkFilt;Alcor Micro Corp - 9360; \??\C:\WINDOWS\System32\Drivers\sunkfilt.sys []
R3 tunmp;Microsoft Tun Miniport Adapter Driver; C:\WINDOWS\system32\DRIVERS\tunmp.sys [2008-04-13 12288]
R3 usbccgp;Microsoft USB Generic Parent Driver; C:\WINDOWS\system32\DRIVERS\usbccgp.sys [2008-04-13 32128]
R3 usbehci;Microsoft USB 2.0 Enhanced Host Controller Miniport Driver; C:\WINDOWS\system32\DRIVERS\usbehci.sys [2008-04-13 30208]
R3 usbhub;Microsoft USB Standard Hub Driver; C:\WINDOWS\system32\DRIVERS\usbhub.sys [2008-04-13 59520]
R3 usbprint;Microsoft USB PRINTER Class; C:\WINDOWS\system32\DRIVERS\usbprint.sys [2008-04-13 25856]
R3 usbscan;USB Scanner Driver; C:\WINDOWS\System32\DRIVERS\usbscan.sys [2008-04-13 15104]
R3 USBSTOR;USB Mass Storage Driver; C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS [2008-04-13 26368]
R3 usbuhci;Microsoft USB Universal Host Controller Miniport Driver; C:\WINDOWS\system32\DRIVERS\usbuhci.sys [2008-04-13 20608]
R3 WmBEnum;Logitech Virtual Bus Enumerator Driver; C:\WINDOWS\system32\drivers\WmBEnum.sys [2002-06-20 10144]
R3 WmXlCore;Logitech WingMan Translation Layer Driver; C:\WINDOWS\system32\drivers\WmXlCore.sys [2002-06-20 39776]
S1 AmdK7;AMD K7 Processor Driver; C:\WINDOWS\System32\DRIVERS\amdk7.sys [2008-04-13 37760]
S2 ADSEXPB;ADS DVD Xpress B; C:\WINDOWS\System32\Drivers\adsexpb.sys [2003-10-08 32084]
S2 Nbf;NetBEUI Protocol; C:\WINDOWS\System32\DRIVERS\nbf.sys []
S3 {6080A529-897E-4629-A488-ABA0C29B635E};Intel(R) Graphics Platform (SoftBIOS) Driver; C:\WINDOWS\system32\drivers\ialmsbw.sys [2003-04-15 113504]
S3 {D31A0762-0CEB-444e-ACFF-B049A1F6FE91};Intel(R) Graphics Chipset (KCH) Driver; C:\WINDOWS\system32\drivers\ialmkchw.sys [2003-04-15 78752]
S3 ALCXSENS;Service for WDM 3D Audio Driver; C:\WINDOWS\system32\drivers\ALCXSENS.SYS [2004-02-17 391424]
S3 Bridge;MAC Bridge; C:\WINDOWS\System32\DRIVERS\bridge.sys [2008-04-13 71552]
S3 BridgeMP;MAC Bridge Miniport; C:\WINDOWS\System32\DRIVERS\bridge.sys [2008-04-13 71552]
S3 CCDECODE;Closed Caption Decoder; C:\WINDOWS\System32\DRIVERS\CCDECODE.sys [2008-04-13 17024]
S3 CoachUsb;Coach Digital Camera on USB; C:\WINDOWS\system32\DRIVERS\CoachUsb.sys [2007-03-22 50368]
S3 CoachVid;CoachVid; C:\WINDOWS\system32\DRIVERS\CoachVid.sys [2007-03-22 45344]
S3 DCamUSBSQTECH;Dual-Mode DSC(2770); C:\WINDOWS\System32\Drivers\SQcaptur.sys [2003-01-10 30921]
S3 es1371;Creative AudioPCI (ES1371,ES1373) (WDM); C:\WINDOWS\system32\drivers\es1371mp.sys [2001-08-17 40704]
S3 hidgame;Microsoft Hid to Joystick Port Enabler; C:\WINDOWS\system32\DRIVERS\hidgame.sys [2004-08-03 8576]
S3 ialm;ialm; C:\WINDOWS\System32\DRIVERS\ialmnt5.sys [2003-04-15 90907]
S3 kbeepm;kbeepm; \??\C:\DOCUME~1\Owner\LOCALS~1\Temp\kbeepm.sys []
S3 ltmodem5;Agere Modem Driver; C:\WINDOWS\System32\DRIVERS\ltmdmnt.sys [2003-12-12 652689]
S3 mmc_2K;mmc_2K; C:\WINDOWS\system32\drivers\mmc_2K.sys [2003-01-13 22758]
S3 MSTEE;Microsoft Streaming Tee/Sink-to-Sink Converter; C:\WINDOWS\system32\drivers\MSTEE.sys [2008-04-13 5504]
S3 NABTSFEC;NABTS/FEC VBI Codec; C:\WINDOWS\System32\DRIVERS\NABTSFEC.sys [2008-04-13 85248]
S3 NaiAvFilter1;NaiAvFilter1; C:\WINDOWS\system32\drivers\naiavf5x.sys [2004-12-23 108480]
S3 NdisIP;Microsoft TV/Video Connection; C:\WINDOWS\System32\DRIVERS\NdisIP.sys [2008-04-13 10880]
S3 papycpu;papycpu; C:\WINDOWS\system32\drivers\papycpu.sys []
S3 Ps2;PS2; C:\WINDOWS\System32\DRIVERS\PS2.sys [2001-06-04 14112]
S3 rtl8139;Realtek RTL8139/810x Family Fast Ethernet NIC NT Driver; C:\WINDOWS\System32\DRIVERS\R8139n51.SYS [2002-10-04 46976]
S3 S3Psddr;S3Psddr; C:\WINDOWS\System32\DRIVERS\s3gnbm.sys [2004-08-04 166912]
S3 SiS315;SiS315; C:\WINDOWS\System32\DRIVERS\sisgrp.sys [2003-05-06 394752]
S3 sk98wxp;NDIS5.1 Miniport Driver for SysKonnect SK-98xx and SK-95xx Gigabit Ethernet Adapter Family; C:\WINDOWS\system32\DRIVERS\sk98wxp.sys [2003-12-23 174464]
S3 SLIP;BDA Slip De-Framer; C:\WINDOWS\System32\DRIVERS\SLIP.sys [2008-04-13 11136]
S3 streamip;BDA IPSink; C:\WINDOWS\System32\DRIVERS\StreamIP.sys [2008-04-13 15232]
S3 STV680;USB Dual-mode Camera; C:\WINDOWS\system32\drivers\STV680.sys []
S3 STV680m;USB Dual-mode Cameram; C:\WINDOWS\system32\drivers\STV680m.sys [2002-02-11 9024]
S3 Sunkfiltp;HP && Alcor Micro Corp for Phison; \??\C:\WINDOWS\System32\Drivers\sunkfiltp.sys []
S3 usbohci;Microsoft USB Open Host Controller Miniport Driver; C:\WINDOWS\System32\DRIVERS\usbohci.sys [2008-04-13 17152]
S3 WmFilter;Logitech WingMan HID Filter Driver; C:\WINDOWS\system32\drivers\WmFilter.sys [2002-06-20 20128]
S3 WmHidLo;Logitech WingMan USB Filter Driver; C:\WINDOWS\system32\drivers\WmHidLo.sys [2002-06-20 13920]
S3 WmVirHid;Logitech Virtual Hid Device Driver; C:\WINDOWS\system32\drivers\WmVirHid.sys [2002-06-20 5728]
S3 WpdUsb;WpdUsb; C:\WINDOWS\system32\DRIVERS\wpdusb.sys [2006-10-18 38528]
S3 WSTCODEC;World Standard Teletext Codec; C:\WINDOWS\System32\DRIVERS\WSTCODEC.SYS [2008-04-13 19200]
S3 WudfRd;Windows Driver Foundation - User-mode Driver Framework Reflector; C:\WINDOWS\system32\DRIVERS\wudfrd.sys [2006-09-28 82944]
S4 IntelIde;IntelIde; C:\WINDOWS\System32\DRIVERS\intelide.sys [2008-04-13 5504]

======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R01000000 papycpu2;papycpu2; C:\WINDOWS\System32\DRIVERS\papycpu2.sys [2003-01-24 1984]
R01000000 papyjoy;papyjoy; C:\WINDOWS\System32\DRIVERS\papyjoy.sys [2003-01-24 1856]
R2 6to4;IPv6 Helper Service; C:\WINDOWS\system32\svchost.exe [2008-04-13 14336]
R2 6to4;IPv6 Helper Service; C:\WINDOWS\system32\svchost.exe [2008-04-13 14336]
R2 AcrSch2Svc;Acronis Scheduler2 Service; C:\Program Files\Common Files\Acronis\Schedule2\schedul2.exe [2006-06-20 204800]
R2 AlertManager;Network Associates Alert Manager; C:\Program Files\Common Files\Network Associates\Alert Manager\amgrsrvc.exe [2000-02-24 126993]
R2 Autodesk Licensing Service;Autodesk Licensing Service; C:\Program Files\Common Files\Autodesk Shared\Service\AdskScSrv.exe [2007-03-30 72704]
R2 IISADMIN;IIS Admin; C:\WINDOWS\system32\inetsrv\inetinfo.exe [2008-04-13 15360]
R2 LexBceS;LexBce Server; C:\WINDOWS\system32\LEXBCES.EXE [2004-01-13 311296]
R2 McAfeeFramework;McAfee Framework Service; C:\Program Files\Network Associates\Common Framework\FrameworkService.exe [2006-11-17 104000]
R2 McShield;McAfee McShield; C:\Program Files\McAfee\VirusScan Enterprise\mcshield.exe [2007-02-22 144960]
R2 McTaskManager;McAfee Task Manager; C:\Program Files\McAfee\VirusScan Enterprise\vstskmgr.exe [2007-02-22 54872]
R2 MDM;Machine Debug Manager; C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE [2006-07-12 335872]
R2 Network Associates Log Service;Network Associates Log Service; C:\Program Files\Common Files\Network Associates\log and quarantine\bin\i386\NAIlgpip.exe [2000-02-24 118784]
R2 NVSvc;NVIDIA Display Driver Service; C:\WINDOWS\system32\nvsvc32.exe [2008-10-07 163908]
R2 Outbreak Manager;Network Associates Outbreak Manager; C:\Program Files\Common Files\Network Associates\Outbreak Manager\Outbreak.exe [2000-03-10 127074]
R2 QBCFMonitorService;QBCFMonitorService; C:\Program Files\Common Files\Intuit\QuickBooks\QBCFMonitorService.exe [2008-02-27 20480]
R2 SMTPSVC;Simple Mail Transfer Protocol (SMTP); C:\WINDOWS\system32\inetsrv\inetinfo.exe [2008-04-13 15360]
R2 SNMP;SNMP Service; C:\WINDOWS\System32\snmp.exe [2008-04-13 33280]
R2 W3SVC;World Wide Web Publishing; C:\WINDOWS\system32\inetsrv\inetinfo.exe [2008-04-13 15360]
R2 WebShield SMTP MailScan;Network Associates WebShield SMTP MailScan; C:\Program Files\Network Associates\TVD\WebShield SMTP\mailscan.exe [2001-08-21 339968]
R2 WMPNetworkSvc;Windows Media Player Network Sharing Service; C:\Program Files\Windows Media Player\WMPNetwk.exe [2006-10-18 913408]
R2 WudfSvc;Windows Driver Foundation - User-mode Driver Framework; C:\WINDOWS\system32\svchost.exe [2008-04-13 14336]
S2 Fax;Fax; C:\WINDOWS\system32\fxssvc.exe [2008-04-13 267776]
S2 gusvc;Google Updater Service; C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe [2008-10-17 168432]
S2 mi-raysat_3dsmax8;RaySat_3dsmax8 Server; C:\Program Files\Autodesk\3dsMax8\mentalray\satellite\raysat_3dsmax8server.exe [2005-09-21 65536]
S2 PnkBstrA;PnkBstrA; C:\WINDOWS\system32\PnkBstrA.exe [2008-12-13 66872]
S2 WebShield SMTP MailCfg;Network Associates WebShield SMTP MailCfg; C:\Program Files\Network Associates\TVD\WebShield SMTP\MailCFG.exe [2001-08-21 110592]
S3 Adpostmegtn;Adpostmegtn; C:\WINDOWS\System32\drivers\sysaudio.sys [2008-04-13 60800]
S3 aspnet_state;ASP.NET State Service; C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe [2007-10-24 33800]
S3 CJAIRGI;CJAIRGI; C:\DOCUME~1\Owner\LOCALS~1\Temp\CJAIRGI.exe [2008-12-28 555904]
S3 clr_optimization_v2.0.50727_32;.NET Runtime Optimization Service v2.0.50727_X86; C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe [2007-10-24 70144]
S3 FontCache3.0.0.0;Windows Presentation Foundation Font Cache 3.0.0.0; c:\WINDOWS\Microsoft.Net\Framework\v3.0\WPF\PresentationFontCache.exe [2007-10-09 36864]
S3 IDriverT;InstallDriver Table Manager; C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe [2004-10-22 73728]
S3 idsvc;Windows CardSpace; C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe [2007-10-11 864256]
S3 LPDSVC;TCP/IP Print Server; C:\WINDOWS\System32\tcpsvcs.exe [2004-08-03 19456]
S3 ose;Office Source Engine; C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE [2003-07-28 89136]
S3 PKQO;PKQO; C:\DOCUME~1\Owner\LOCALS~1\Temp\PKQO.exe [2008-12-28 478080]
S3 Pml Driver HPH11;Pml Driver HPH11; C:\WINDOWS\System32\HPHipm11.exe [2002-11-22 77824]
S3 PNQDXTZVY;PNQDXTZVY; C:\DOCUME~1\Owner\LOCALS~1\Temp\PNQDXTZVY.exe [2008-12-28 387968]
S3 QBFCService;Intuit QuickBooks FCS; C:\Program Files\Common Files\Intuit\QuickBooks\FCS\Intuit.QuickBooks.FCS.exe [2007-05-24 61440]
S3 QPQJJZRMPCZ;QPQJJZRMPCZ; C:\DOCUME~1\Owner\LOCALS~1\Temp\QPQJJZRMPCZ.exe []
S3 RFTRON;RFTRON; C:\DOCUME~1\Owner\LOCALS~1\Temp\RFTRON.exe []
S3 SNMPTRAP;SNMP Trap Service; C:\WINDOWS\System32\snmptrap.exe [2008-04-13 8704]
S3 UHJPKG;UHJPKG; C:\DOCUME~1\Owner\LOCALS~1\Temp\UHJPKG.exe [2008-12-28 342912]
S3 W;W; C:\DOCUME~1\Owner\LOCALS~1\Temp\W.exe [2008-12-28 359296]
S4 NetTcpPortSharing;Net.Tcp Port Sharing Service; C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe [2007-10-11 122880]

-----------------EOF-----------------

 

Welcome to WindowsBBS Dragon30655

Please visit the following webpage for instructions for downloading and running ComboFix

How to use ComboFix


Download ComboFix by sUBs from here, saving the file to your desktop.


Disable realtime protection applications as they sometimes interfere with the tool. Check this link for your applicable programs.

• Close all open programs and windows
• Double click ComboFix.exe and follow the prompts.
• It may reboot your computer and resume running when you logon. Wait for it to complete. When finished, it will open a log for you. Post that log in your next reply.

Note: Do not mouseclick combofix's window while its running. That may cause it to stall

**NOTE - I recommend you allow the Recovery Console to be downloaded and installed if or when prompted.


If you are unable to download ComboFix from your computer, is there another availbe to download it, and a means of transferring it?

Note* If ComboFix will not run on the affected computer, try saving from the transfer media again, but give it a different name prior to saving it to the hard drive.

 

I'm Sorry I failed to tell you the rest of all this. I have updated and run the following programs to try and solve this issue:

Combo-fix
MalwareBytes
Ad-aware
Spy-bot S&D
Spywareblaster
Spywareguard always on
MRT from Microsoft
tried to run RK Reveal- never opened
Tried to run Proc Exp- Never opened

Just tried to run kaspersky online scan but when I clicked the link the browser shut down.

Hope this helps sorry again for not filling you in to start with.

 

Please download and run a fresh copy of ComboFix anyway.

Then, download GMER

Right click and extract it to it's own folder on the desktop.

Open the program and click on the Rootkit tab.
Make sure all the boxes on the right of the screen are checked, EXCEPT for "˜Show All’.
Click on Scan.
When the scan has completed, click Copy and paste the results (if any) into this topic.

If it won't run, rename it prior to saving to the drive and try again.

 

okay I have run a new download of combo fix - No Change. I also downloaded GMER and it found this:

GMER 1.0.14.14536 - http://www.gmer.net
Rootkit scan 2008-12-28 22:02:07
Windows 5.1.2600 Service Pack 3


---- System - GMER 1.0.14 ----

Code \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) ZwCreateKey [0xB5A94505]
Code \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) ZwDeleteKey [0xB5A94519]
Code \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) ZwDeleteValueKey [0xB5A94545]
Code 22eab9365c1f14f7c2fc63e1d5f46251.sys ZwEnumerateKey [0xF75FA791]
Code \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) ZwOpenKey [0xB5A944EC]
Code 22eab9365c1f14f7c2fc63e1d5f46251.sys ZwQueryDirectoryFile [0xF75FA417]
Code \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) ZwRenameKey [0xB5A9452F]
Code \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) ZwSetValueKey [0xB5A9455B]
Code \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) ZwTerminateProcess [0xB5A94571]
Code 22eab9365c1f14f7c2fc63e1d5f46251.sys IoCreateFile
Code 22eab9365c1f14f7c2fc63e1d5f46251.sys NtQueryDirectoryFile

---- Kernel code sections - GMER 1.0.14 ----

PAGE ntoskrnl.exe!ZwOpenKey 80572BF4 5 Bytes JMP B5A944F0 \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.)
PAGE ntoskrnl.exe!ZwCreateKey 8057791D 5 Bytes JMP B5A94509 \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.)
PAGE ntoskrnl.exe!ZwSetValueKey 8058228C 7 Bytes JMP B5A9455F \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.)
PAGE ntoskrnl.exe!ZwTerminateProcess 8058E695 5 Bytes JMP B5A94575 \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.)
PAGE ntoskrnl.exe!ZwDeleteValueKey 80591F8B 7 Bytes JMP B5A94549 \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.)
PAGE ntoskrnl.exe!ZwDeleteKey 80593334 7 Bytes JMP B5A9451D \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.)
PAGE ntoskrnl.exe!ZwRenameKey 80655B56 7 Bytes JMP B5A94533 \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.)
? Combo-Fix.sys The system cannot find the file specified. !
? C:\ComboFix\catchme.sys The system cannot find the path specified. !
? C:\WINDOWS\system32\Drivers\PROCEXP90.SYS The system cannot find the file specified. !

---- Devices - GMER 1.0.14 ----

AttachedDevice \FileSystem\Ntfs \Ntfs mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.)
AttachedDevice \Driver\Tcpip \Device\Ip mfetdik.sys (Anti-Virus Mini-Firewall Driver/McAfee, Inc.)
AttachedDevice \Driver\Tcpip \Device\Tcp mfetdik.sys (Anti-Virus Mini-Firewall Driver/McAfee, Inc.)
AttachedDevice \Driver\Ftdisk \Device\HarddiskVolume1 snapman.sys (Acronis Snapshot API/Acronis)
AttachedDevice \Driver\Ftdisk \Device\HarddiskVolume1 timntr.sys (Acronis True Image Backup Archive Explorer/Acronis)
AttachedDevice \Driver\Ftdisk \Device\HarddiskVolume2 snapman.sys (Acronis Snapshot API/Acronis)
AttachedDevice \Driver\Ftdisk \Device\HarddiskVolume2 timntr.sys (Acronis True Image Backup Archive Explorer/Acronis)
AttachedDevice \Driver\Ftdisk \Device\HarddiskVolume3 snapman.sys (Acronis Snapshot API/Acronis)
AttachedDevice \Driver\Ftdisk \Device\HarddiskVolume3 timntr.sys (Acronis True Image Backup Archive Explorer/Acronis)
AttachedDevice \Driver\Tcpip \Device\Udp mfetdik.sys (Anti-Virus Mini-Firewall Driver/McAfee, Inc.)
AttachedDevice \Driver\Tcpip \Device\RawIp mfetdik.sys (Anti-Virus Mini-Firewall Driver/McAfee, Inc.)
AttachedDevice \FileSystem\Fastfat \Fat mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.)

---- Services - GMER 1.0.14 ----

Service C:\WINDOWS\system32\22eab9365c1f14f7c2fc63e1d5f46251.sys (*** hidden *** ) [BOOT] 22eab9365c1f14f7c2fc63e1d5f46251 <-- ROOTKIT !!!

---- Registry - GMER 1.0.14 ----

Reg HKLM\SYSTEM\CurrentControlSet\Services\22eab9365c1f14f7c2fc63e1d5f46251
Reg HKLM\SYSTEM\CurrentControlSet\Services\22eab9365c1f14f7c2fc63e1d5f46251@c &registry_path=\REGISTRY\MACHINE\SYSTEM\ControlSet001\Services\22eab9365c1f14f7c2fc63e1d5f46251&primary_ip=586742989&secondary_ip=586742989&primary_port=7000&secondary_port=7000&download_period=432000&first_download_delay=300&version=1&current_ip=1&name=22eab9365c1f14f7c2fc63e1d5f46251&path=system32\22eab9365c1f14f7c2fc63e1d5f46251.sys&wmid=DDkz001&idate=2008-11-21 00:12:16:894&last_download_time=2008-12-26 0:42:30.359
Reg HKLM\SYSTEM\CurrentControlSet\Services\22eab9365c1f14f7c2fc63e1d5f46251@Type 1
Reg HKLM\SYSTEM\CurrentControlSet\Services\22eab9365c1f14f7c2fc63e1d5f46251@Start 0
Reg HKLM\SYSTEM\CurrentControlSet\Services\22eab9365c1f14f7c2fc63e1d5f46251@ErrorControl 0
Reg HKLM\SYSTEM\CurrentControlSet\Services\22eab9365c1f14f7c2fc63e1d5f46251@Tag 1
Reg HKLM\SYSTEM\CurrentControlSet\Services\22eab9365c1f14f7c2fc63e1d5f46251@ImagePath system32\22eab9365c1f14f7c2fc63e1d5f46251.sys
Reg HKLM\SYSTEM\CurrentControlSet\Services\22eab9365c1f14f7c2fc63e1d5f46251@DisplayName 22eab9365c1f14f7c2fc63e1d5f46251
Reg HKLM\SYSTEM\CurrentControlSet\Services\22eab9365c1f14f7c2fc63e1d5f46251@Group isjq
Reg HKLM\SYSTEM\CurrentControlSet\Services\22eab9365c1f14f7c2fc63e1d5f46251\Security
Reg HKLM\SYSTEM\CurrentControlSet\Services\22eab9365c1f14f7c2fc63e1d5f46251\Security@Security 0x01 0x00 0x14 0x80 ...
Reg HKLM\SYSTEM\ControlSet003\Services\22eab9365c1f14f7c2fc63e1d5f46251
Reg HKLM\SYSTEM\ControlSet003\Services\22eab9365c1f14f7c2fc63e1d5f46251@c &registry_path=\REGISTRY\MACHINE\SYSTEM\ControlSet001\Services\22eab9365c1f14f7c2fc63e1d5f46251&primary_ip=586742989&secondary_ip=586742989&primary_port=7000&secondary_port=7000&download_period=432000&first_download_delay=300&version=1&current_ip=1&name=22eab9365c1f14f7c2fc63e1d5f46251&path=system32\22eab9365c1f14f7c2fc63e1d5f46251.sys&wmid=DDkz001&idate=2008-11-21 00:12:16:894&last_download_time=2008-12-26 0:42:30.359
Reg HKLM\SYSTEM\ControlSet003\Services\22eab9365c1f14f7c2fc63e1d5f46251@Type 1
Reg HKLM\SYSTEM\ControlSet003\Services\22eab9365c1f14f7c2fc63e1d5f46251@Start 0
Reg HKLM\SYSTEM\ControlSet003\Services\22eab9365c1f14f7c2fc63e1d5f46251@ErrorControl 0
Reg HKLM\SYSTEM\ControlSet003\Services\22eab9365c1f14f7c2fc63e1d5f46251@Tag 1
Reg HKLM\SYSTEM\ControlSet003\Services\22eab9365c1f14f7c2fc63e1d5f46251@ImagePath system32\22eab9365c1f14f7c2fc63e1d5f46251.sys
Reg HKLM\SYSTEM\ControlSet003\Services\22eab9365c1f14f7c2fc63e1d5f46251@DisplayName 22eab9365c1f14f7c2fc63e1d5f46251
Reg HKLM\SYSTEM\ControlSet003\Services\22eab9365c1f14f7c2fc63e1d5f46251@Group isjq
Reg HKLM\SYSTEM\ControlSet003\Services\22eab9365c1f14f7c2fc63e1d5f46251\Security
Reg HKLM\SYSTEM\ControlSet003\Services\22eab9365c1f14f7c2fc63e1d5f46251\Security@Security 0x01 0x00 0x14 0x80 ...

---- Files - GMER 1.0.14 ----

File C:\WINDOWS\system32\22eab9365c1f14f7c2fc63e1d5f46251.sys 36864 bytes executable <-- ROOTKIT !!!
File C:\WINDOWS\system32\_22eab9365c1f14f7c2fc63e1d5f46251.sys_.vir 36864 bytes executable

---- EOF - GMER 1.0.14 ----

Now I just need to know how to get rid of it as it is hidden in the registry. Also I would like to know where I can find out more info on the GMER program. Thanks

 

ok guys I have managed to kill the rootkit that was infecting my system. These files:
File C:\WINDOWS\system32\22eab9365c1f14f7c2fc63e1d5f46251.sys 36864 bytes executable <-- Hidden ROOTKIT !!!
File C:\WINDOWS\system32\_22eab9365c1f14f7c2fc63e1d5f46251.sys_.vir 36864 bytes executable<-- Hidden ROOTKIT !!!
Are labels as Rootkit.8304 and I used Bitdefender to kill them. Apparently they shut down proc exp, rootkit reveal, and shut down my McAfee virus scanner along with hiding some other trojan downloaders. I am currently finishing up with the clean up and all should be well. I ran a search for the rootkit.8304 and only found one site that had anything on it, and it had a date of 11-27-08 so it is a new rootkit that needs to be watched for. Thanks for all your help and I hope this info helps you and others in the future.

 

ComboFix needs to be uninstalled to properly remove it from the system. Click Start>Run and type ComboFix /u then hit Enter to uninstall ComboFix and remove the files it has quarantined. This action will also reset the System Restore points, removing any infected files there as well.
Verify the C:\Qoobox and C:\ComboFix folders were removed, as well as the C:\ComboFix.txt file.

Then, click Start>Run and type or paste the following command then hit enter to uninstall gmer.

%systemroot%\gmer_uninstall.cmd

Restart the computer to complete the uninstallation of gmer.