Solved Google redirect and windows update blocked.

ldaoust · 2011/04/11

[Resolved] Google redirect and windows update blocked.

Hi,

My story starts on april 6.
After a Divx auto update (which I can't relate to this problem for sure), i got a popup of Windows XP Anti-Virus 2011 and it was showing what looked like a scan. I knew this was not normal, tried to stop it, was coming back. Checked running processes, saw ram.exe which was not normal. Killed it, came back. Tried to start a scan (Spybot S&D). Could not start any program, was just bringing back WinXP AV 2011. Searched the net for info. Managed to repair registry keys so I can get control back for starting applications. I noticed my firewall was off and was set to PC Tool Firewall Plus, which is not what I was using. I use Windows Firewall. I managed to restart Windows Firewall.

Did a scan in safe mode with Spybot, it did fix some infections which I dont have a log for.

Rebooted normal mode. Manage to retart Windows Security Essentials. Did a scan with it. My current logs in Windows Security essetials:
Trojan:HTML/SWFRedir.Q Severe 10/04/2011 17:50 Removed
Trojan Downloader:Win32/Karagany.A Severe 05/04/2011 19:55 Removed

April 9: Search the net, found that MBAM is often suggested. Installed and did a quick scan with it. The log of that scan is below.
After MBAM scan, I rebooted and got a BSOD. Turned off PC, waited, turned back on, still got BSOD. Had to start with 'Last known good configuration'. Don't know what this was about. I was, and am still suspecting something wrong with my video drivers or something related to video. I see error entries in System log for 'ati2mtag'.

Did another quick scan with MBAM nothing found that time. Did a full scan later on. It did find infections. Log is below. I read somehting about Java. Uninstalled all java from 'Add/remove programs' and installed latest from Sun's site.
Note: after FULL scan with MBAM, rebooting got me the BSOD again. Had to restart with 'Last known good configuration'.

Was getting, and still am, random redirects when googling. Also, windows update wont turn on completly and windows update site is blocked somehow. So I think my Windows Update are not being done.

Followed the steps from this site. My logs will follow on next posts. Hoping you guys can help me get rid of those critters.

Louis.

===
=== This is the log of my first MBAM QUICK scan. (before coming to this site and follwing steps) ===
===

Malwarebytes' Anti-Malware 1.50.1.1100
www.malwarebytes.org

Database version: 6319

Windows 5.1.2600 Service Pack 3
Internet Explorer 8.0.6001.18702

09/04/2011 23:59:46
mbam-log-2011-04-09 (23-59-46).txt

Scan type: Quick scan
Objects scanned: 211574
Time elapsed: 8 minute(s), 38 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 7
Folders Infected: 0
Files Infected: 5

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
HKEY_LOCAL_MACHINE\SOFTWARE\Clients\StartMenuInternet\FIREFOX.EXE\shell\open\command\(default) (Hijack.StartMenuInternet) -> Bad: ( "C:\Documents and Settings\Louis Daoust\Local Settings\Application Data\ram.exe" -a "C:\Program Files\Mozilla Firefox\firefox.exe ") Good: (firefox.exe) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Clients\StartMenuInternet\FIREFOX.EXE\shell\safemode\command\(default) (Hijack.StartMenuInternet) -> Bad: ( "C:\Documents and Settings\Louis Daoust\Local Settings\Application Data\ram.exe" -a "C:\Program Files\Mozilla Firefox\firefox.exe" -safe-mode) Good: (firefox.exe -safe-mode) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Clients\StartMenuInternet\IEXPLORE.EXE\shell\open\command\(default) (Hijack.StartMenuInternet) -> Bad: ( "C:\Documents and Settings\Louis Daoust\Local Settings\Application Data\ram.exe" -a "C:\Program Files\Internet Explorer\iexplore.exe ") Good: (iexplore.exe) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\AntiVirusDisableNotify (PUM.Disabled.SecurityCenter) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\FirewallDisableNotify (PUM.Disabled.SecurityCenter) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\UpdatesDisableNotify (PUM.Disabled.SecurityCenter) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\regfile\shell\open\command\(default) (Broken.OpenCommand) -> Bad: ( "regedit.exe" "%1 ") Good: (regedit.exe "%1 ") -> Quarantined and deleted successfully.

Folders Infected:
(No malicious items detected)

Files Infected:
c:\documents and settings\louis daoust\local settings\Temp\rxonwacmse.tmp (Trojan.Hiloti) -> Quarantined and deleted successfully.
c:\documents and settings\louis daoust\local settings\Temp\0.8325412798307016.exe (Trojan.Agent) -> Quarantined and deleted successfully.
c:\documents and settings\louis daoust\local settings\application data\ram.exe (Trojan.Agent) -> Quarantined and deleted successfully.
c:\WINDOWS\edsaea.dll.xxx (Trojan.Hiloti) -> Quarantined and deleted successfully.
c:\WINDOWS\SYSTEM32\sys.dll (Trojan.Starter) -> Quarantined and deleted successfully.

===
=== This is the log of my first MBAM FULL scan. (before coming to this site and following steps) ===
===

Malwarebytes' Anti-Malware 1.50.1.1100
www.malwarebytes.org

Database version: 6319

Windows 5.1.2600 Service Pack 3 (Safe Mode)
Internet Explorer 8.0.6001.18702

10/04/2011 05:36:28
mbam-log-2011-04-10 (05-36-28).txt

Scan type: Full scan (C:\|D:\|E:\|)
Objects scanned: 445959
Time elapsed: 2 hour(s), 32 minute(s), 48 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 3

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
c:\documents and settings\louis daoust\application data\Sun\Java\deployment\cache\6.0\61\457c313d-44f3af70 (Trojan.Agent) -> Quarantined and deleted successfully.
e:\Download\editplus\****_editplus210c.exe (Trojan.Agent.CK) -> Quarantined and deleted successfully.
e:\Download\source\simplebrowser_demo\release\simplebrowserdemo.exe (Trojan.Agent) -> Quarantined and deleted successfully.

broni · 2011/04/11

Welcome aboard

Please, complete all steps listed here: this post

Please, observe following rules:

Read all of my instructions very carefully. Your mistakes during cleaning process may have very serious consequences, like unbootable computer.

If you're stuck, or you're not sure about certain step, always ask before doing anything else.

Please refrain from running tools or applying updates other than those I suggest.

Never run more than one scan at a time.

Keep updating me regarding your computer behavior, good, or bad.

The cleaning process, once started, has to be completed. Even if your computer appears to act better, it may still be infected. Once the computer is totally clean, I'll certainly let you know.

If you leave the topic without explanation in the middle of a cleaning process, you may not be eligible to receive any more help in malware removal forum.

I close my topics if you have not replied in 5 days. If you need more time, simply let me know. If I closed your topic and you need it to be reopened, simply PM me.

ldaoust · 2011/04/12

Step 1 Result
==========

Malwarebytes' Anti-Malware 1.50.1.1100
www.malwarebytes.org

Database version: 6319

Windows 5.1.2600 Service Pack 3
Internet Explorer 8.0.6001.18702

11/04/2011 16:36:24
mbam-log-2011-04-11 (16-36-24).txt

Scan type: Quick scan
Objects scanned: 210715
Time elapsed: 14 minute(s), 50 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 0

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
(No malicious items detected)

ldaoust · 2011/04/12

My GMER log is very big. 415876 characters...
I noticed that it includes a list of joomla files (joomla is a CMS). The list only specifies the file name and file size. It is installed for Apache. I don't use Joomla. Was mainly for studying the workings.

What is the best way to send this since the maximum number of characters seems to be 55000 ?

Do I have to make 7.5 posts ?

Can I post all my logs before waiting that a post I made appears on the board ?

broni · 2011/04/12

Upload GMER file here: http://www.filedropper.com/
Post download link (copy URL: link):

ldaoust · 2011/04/12

Step 2 Result
==========

http://www.filedropper.com/gmer2

ldaoust · 2011/04/12

Step 3 Result
==========

MBRCheck, version 1.2.3
(c) 2010, AD

Command-line:
Windows Version: Windows XP Professional
Windows Information: Service Pack 3 (build 2600)
Logical Drives Mask: 0x000000fd

Kernel Drivers (total 142):
0x804D7000 \WINDOWS\system32\ntoskrnl.exe
0x806EF000 \WINDOWS\system32\hal.dll
0x87760000 \WINDOWS\system32\KDCOM.DLL
0xF7A03000 \WINDOWS\system32\BOOTVID.dll
0xF75A0000 ACPI.sys
0xF7AEF000 \WINDOWS\System32\DRIVERS\WMILIB.SYS
0xF758F000 pci.sys
0xF75EF000 isapnp.sys
0xF7A07000 compbatt.sys
0xF7A0B000 \WINDOWS\system32\DRIVERS\BATTC.SYS
0xF7AF1000 intelide.sys
0xF786F000 \WINDOWS\System32\DRIVERS\PCIIDEX.SYS
0xF75FF000 MountMgr.sys
0xF7570000 ftdisk.sys
0xF7AF3000 dmload.sys
0xF754A000 dmio.sys
0xF7877000 PartMgr.sys
0xF760F000 VolSnap.sys
0xF7532000 atapi.sys
0xF761F000 disk.sys
0xF762F000 \WINDOWS\System32\DRIVERS\CLASSPNP.SYS
0xF7512000 fltmgr.sys
0xF763F000 PxHelp20.sys
0xF74FB000 KSecDD.sys
0xF74E8000 WudfPf.sys
0xF745B000 Ntfs.sys
0xF742E000 NDIS.sys
0xF7414000 Mup.sys
0xF764F000 agp440.sys
0xF76AF000 \SystemRoot\System32\DRIVERS\intelppm.sys
0xF6841000 \SystemRoot\system32\DRIVERS\ati2mtag.sys
0xF682D000 \SystemRoot\system32\DRIVERS\VIDEOPRT.SYS
0xF78A7000 \SystemRoot\system32\DRIVERS\usbohci.sys
0xF6809000 \SystemRoot\system32\DRIVERS\USBPORT.SYS
0xF78AF000 \SystemRoot\system32\DRIVERS\usbehci.sys
0xF66C4000 \SystemRoot\system32\drivers\P16X.sys
0xF66A1000 \SystemRoot\system32\drivers\ks.sys
0xF667D000 \SystemRoot\system32\drivers\portcls.sys
0xF76DF000 \SystemRoot\system32\drivers\drmk.sys
0xF6651000 \SystemRoot\System32\DRIVERS\ctoss2k.sys
0xF6631000 \SystemRoot\System32\DRIVERS\ctsfm2k.sys
0xF7ACB000 \SystemRoot\System32\DRIVERS\gameenum.sys
0xF78B7000 \SystemRoot\System32\DRIVERS\fdc.sys
0xF76FF000 \SystemRoot\System32\DRIVERS\i8042prt.sys
0xF78BF000 \SystemRoot\System32\DRIVERS\kbdclass.sys
0xF770F000 \SystemRoot\System32\DRIVERS\serial.sys
0xF7ACF000 \SystemRoot\System32\DRIVERS\serenum.sys
0xF661D000 \SystemRoot\System32\DRIVERS\parport.sys
0xF771F000 \SystemRoot\system32\drivers\Imapi.sys
0xF7AD3000 \SystemRoot\system32\drivers\pfc.sys
0xF772F000 \SystemRoot\System32\DRIVERS\cdrom.sys
0xF773F000 \SystemRoot\System32\DRIVERS\redbook.sys
0xF65FD000 \SystemRoot\System32\Drivers\pwd_2k.SYS
0xF78C7000 \SystemRoot\system32\DRIVERS\GEARAspiWDM.sys
0xF790F000 \SystemRoot\System32\DRIVERS\usbuhci.sys
0xF58A0000 \SystemRoot\system32\DRIVERS\btkrnl.sys
0xF0836000 \SystemRoot\System32\DRIVERS\audstub.sys
0xF6B13000 \SystemRoot\System32\DRIVERS\rasl2tp.sys
0xF73C3000 \SystemRoot\System32\DRIVERS\ndistapi.sys
0xF02D4000 \SystemRoot\System32\DRIVERS\ndiswan.sys
0xF6B03000 \SystemRoot\System32\DRIVERS\raspppoe.sys
0xF6AF3000 \SystemRoot\System32\DRIVERS\raspptp.sys
0xF78DF000 \SystemRoot\System32\DRIVERS\TDI.SYS
0xF78E7000 \SystemRoot\System32\DRIVERS\ptilink.sys
0xF78EF000 \SystemRoot\System32\DRIVERS\raspti.sys
0xF02A4000 \SystemRoot\System32\DRIVERS\rdpdr.sys
0xF77CF000 \SystemRoot\System32\DRIVERS\termdd.sys
0xF78F7000 \SystemRoot\System32\DRIVERS\mouclass.sys
0xF1132000 \SystemRoot\System32\DRIVERS\swenum.sys
0xF0246000 \SystemRoot\System32\DRIVERS\update.sys
0xF78FF000 \SystemRoot\System32\DRIVERS\omci.sys
0xF6AE3000 \SystemRoot\System32\DRIVERS\mssmbios.sys
0xF7907000 \SystemRoot\System32\Drivers\mmc_2K.SYS
0xF7917000 \SystemRoot\System32\Drivers\dvd_2K.SYS
0xF77DF000 \SystemRoot\System32\DRIVERS\usbhub.sys
0xF112E000 \SystemRoot\System32\DRIVERS\USBD.SYS
0xF791F000 \SystemRoot\system32\DRIVERS\btport.sys
0xF77EF000 \SystemRoot\System32\Drivers\NDProxy.SYS
0xF7927000 \SystemRoot\System32\DRIVERS\flpydisk.sys
0xF7ABF000 \SystemRoot\System32\Drivers\i2omgmt.SYS
0xB27B7000 \SystemRoot\system32\DRIVERS\MpFilter.sys
0xF1D80000 \SystemRoot\System32\DRIVERS\hidusb.sys
0xF784F000 \SystemRoot\System32\DRIVERS\HIDCLASS.SYS
0xF7957000 \SystemRoot\System32\DRIVERS\HIDPARSE.SYS
0xF0833000 \SystemRoot\System32\Drivers\Cdr4_xp.SYS
0xF0832000 \SystemRoot\System32\Drivers\Cdralw2k.SYS
0xF7B95000 \SystemRoot\System32\Drivers\Fs_Rec.SYS
0xF081C000 \SystemRoot\System32\Drivers\Null.SYS
0xF7B97000 \SystemRoot\System32\Drivers\Beep.SYS
0xF7967000 \SystemRoot\System32\drivers\vga.sys
0xF7B99000 \SystemRoot\System32\Drivers\mnmdd.SYS
0xF7B9B000 \SystemRoot\System32\DRIVERS\RDPCDD.sys
0xB275C000 \SystemRoot\System32\Drivers\cdudf_xp.SYS
0xF796F000 \SystemRoot\System32\Drivers\Msfs.SYS
0xF7977000 \SystemRoot\System32\Drivers\Npfs.SYS
0xB2717000 \SystemRoot\System32\Drivers\UdfReadr_xp.SYS
0xF1D60000 \SystemRoot\System32\DRIVERS\rasacd.sys
0xB26F2000 \SystemRoot\System32\DRIVERS\ipsec.sys
0xF785F000 \SystemRoot\System32\DRIVERS\msgpc.sys
0xB2699000 \SystemRoot\System32\DRIVERS\tcpip.sys
0xB2671000 \SystemRoot\System32\DRIVERS\netbt.sys
0xB264F000 \SystemRoot\System32\drivers\afd.sys
0xF766F000 \SystemRoot\System32\DRIVERS\netbios.sys
0xB2624000 \SystemRoot\System32\DRIVERS\rdbss.sys
0xF0DD0000 \SystemRoot\system32\ckldrv.sys
0xB25B4000 \SystemRoot\System32\DRIVERS\mrxsmb.sys
0xF769F000 \SystemRoot\System32\Drivers\Fips.SYS
0xB258E000 \SystemRoot\System32\DRIVERS\ipnat.sys
0xF76CF000 \SystemRoot\System32\DRIVERS\wanarp.sys
0xF0A2A000 \SystemRoot\System32\Drivers\ASPI32.SYS
0xF0A1A000 \SystemRoot\System32\DRIVERS\mouhid.sys
0xF0A12000 \SystemRoot\system32\DRIVERS\lvuvcflt.sys
0xF797F000 \SystemRoot\System32\DRIVERS\usbccgp.sys
0xB23BB000 \??\C:\WINDOWS\system32\drivers\lvmvdrv.sys
0xF511E000 \SystemRoot\system32\drivers\LVUSBSta.sys
0xB2052000 \SystemRoot\system32\DRIVERS\lvuvc.sys
0xF510E000 \SystemRoot\system32\drivers\usbaudio.sys
0xB1E40000 \??\C:\WINDOWS\system32\drivers\Lvckap.sys
0xBF800000 \SystemRoot\System32\win32k.sys
0xF73D7000 \SystemRoot\System32\drivers\Dxapi.sys
0xF7997000 \SystemRoot\System32\watchdog.sys
0xBF000000 \SystemRoot\System32\drivers\dxg.sys
0xF7CE8000 \SystemRoot\System32\drivers\dxgthk.sys
0xBF012000 \SystemRoot\System32\ati2dvag.dll
0xBF057000 \SystemRoot\System32\ati2cqag.dll
0xBF0D1000 \SystemRoot\System32\atikvmag.dll
0xBF13D000 \SystemRoot\System32\atiok3x2.dll
0xBF16B000 \SystemRoot\System32\ati3duag.dll
0xBF468000 \SystemRoot\System32\ativvaxx.dll
0xBF5EE000 \SystemRoot\System32\ATMFD.DLL
0xAE41D000 \SystemRoot\System32\DRIVERS\ndisuio.sys
0xAE2FC000 \SystemRoot\System32\DRIVERS\mrxdav.sys
0xAE2E7000 \SystemRoot\system32\drivers\wdmaud.sys
0xF2190000 \SystemRoot\system32\drivers\sysaudio.sys
0xF7B0F000 \SystemRoot\System32\Drivers\ParVdm.SYS
0xF0759000 \SystemRoot\System32\Drivers\Cdfs.SYS
0xADED5000 \SystemRoot\System32\Drivers\Fastfat.SYS
0xADBAD000 \SystemRoot\System32\DRIVERS\srv.sys
0xF7B4B000 \??\C:\WINDOWS\System32\PfModNT.sys
0xAD7FC000 \SystemRoot\System32\Drivers\HTTP.sys
0xF7987000 \??\C:\Documents and Settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{B6BD3FAA-8113-45E8-958F-E0310A009A1D}\MpKsl5ff1ea11.sys
0x7C900000 \WINDOWS\SYSTEM32\ntdll.dll

Processes (total 52):
0 System Idle Process
4 System
336 C:\WINDOWS\SYSTEM32\smss.exe
424 csrss.exe
452 C:\WINDOWS\SYSTEM32\winlogon.exe
500 C:\WINDOWS\SYSTEM32\services.exe
512 C:\WINDOWS\SYSTEM32\lsass.exe
664 C:\WINDOWS\SYSTEM32\ati2evxx.exe
688 C:\WINDOWS\SYSTEM32\svchost.exe
760 svchost.exe
804 C:\Program Files\Microsoft Security Client\Antimalware\MsMpEng.exe
888 C:\WINDOWS\SYSTEM32\svchost.exe
968 C:\Program Files\WIDCOMM\Bluetooth Software\bin\btwdins.exe
996 C:\WINDOWS\SYSTEM32\ati2evxx.exe
1232 C:\WINDOWS\SYSTEM32\svchost.exe
1272 C:\WINDOWS\explorer.exe
1464 C:\WINDOWS\SYSTEM32\spoolsv.exe
1568 svchost.exe
1628 C:\Program Files\APC\APC PowerChute Personal Edition\mainserv.exe
1700 C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
1736 C:\Program Files\Bonjour\mDNSResponder.exe
1848 C:\WINDOWS\SYSTEM32\TaskSwitch.exe
1856 C:\Program Files\HP\HP Software Update\hpwuSchd2.exe
1912 C:\Program Files\iTunes\iTunesHelper.exe
1920 C:\WINDOWS\SYSTEM32\Crypserv.exe
1936 C:\Program Files\Microsoft Security Client\msseces.exe
1992 C:\WINDOWS\SYSTEM32\ctfmon.exe
2004 C:\Program Files\POP Peeper\POPPeeper.exe
2020 C:\Program Files\Windows Media Player\wmpnscfg.exe
2028 C:\Documents and Settings\Louis Daoust\Local Settings\Application Data\MÃ©tÃ©oMÃ©dia\MÃ©tÃ©oÃ‰clair\WeatherEye.exe
312 C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
308 C:\Program Files\Apache Software Foundation\Apache2.2\bin\ApacheMonitor.exe
388 C:\Program Files\USB_ERF_Gateway\USB_ERF_Gateway.exe
428 C:\Program Files\MySQL\MySQL Administrator 1.1\MySQLSystemTrayMonitor.exe
1624 C:\Program Files\Google\Update\GoogleUpdate.exe
1720 C:\Program Files\APC\APC PowerChute Personal Edition\apcsystray.exe
2088 C:\WINDOWS\SYSTEM32\INETSRV\inetinfo.exe
2128 C:\Program Files\HP\Digital Imaging\bin\hpqste08.exe
2248 C:\Program Files\Java\jre6\bin\jqs.exe
2304 C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe
2360 C:\Program Files\MySQL\MySQL Server 5.1\bin\mysqld.exe
2480 C:\WINDOWS\SYSTEM32\PnkBstrA.exe
2504 C:\WINDOWS\SYSTEM32\PnkBstrB.exe
2548 C:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe
2604 C:\WINDOWS\SYSTEM32\svchost.exe
3044 C:\WINDOWS\SYSTEM32\svchost.exe
3064 svchost.exe
3176 wmpnetwk.exe
3232 C:\Program Files\iPod\bin\iPodService.exe
3636 alg.exe
2840 C:\Program Files\Notepad++\notepad++.exe
3396 C:\Documents and Settings\Louis Daoust\Desktop\Virus and Scanners\MBRCheck.exe

\\.\C: --> \\.\PhysicalDrive0 at offset 0x00000000`01f60800 (NTFS)
\\.\D: --> \\.\PhysicalDrive1 at offset 0x00000000`00007e00 (NTFS)
\\.\E: --> \\.\PhysicalDrive1 at offset 0x00000000`ffeb9200 (NTFS)
\\.\F: --> \\.\PhysicalDrive1 at offset 0x00000013`21420800 (NTFS)

PhysicalDrive0 Model Number: WDCWD600BB-75CAA0, Rev: 16.06V16
PhysicalDrive1 Model Number: WDCWD1600JB-00GVC0, Rev: 08.02D08

Size Device Name MBR Status
--------------------------------------------
55 GB \\.\PhysicalDrive0 Windows XP MBR code detected
SHA1: DA38B874B7713D1B51CBC449F4EF809B0DEC644A
149 GB \\.\PhysicalDrive1 Windows XP MBR code detected
SHA1: DA38B874B7713D1B51CBC449F4EF809B0DEC644A

Done!

ldaoust · 2011/04/12

Step 4 Result

* Having problems with this post. Connection is reset every time. 3 times in a row. Am posting only this text now. Could it be infection ?

ldaoust · 2011/04/12

Step 4 Result (part1)
================

http://www.filedropper.com/dds2

ldaoust · 2011/04/12

Step 4 Result (part2)
==========

.
UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
IF REQUESTED, ZIP IT UP & ATTACH IT
.
DDS (Ver_11-03-05.01)
.
Microsoft Windows XP Professional
Boot Device: \Device\HarddiskVolume2
Install Date: 26/11/2002 20:12:36
System Uptime: 11/04/2011 17:53:46 (3 hours ago)
.
Motherboard: Dell Computer Corp. | |
Processor: Intel(R) Pentium(R) 4 CPU 2.40GHz | Microprocessor | 2386/133mhz
.
==== Disk Partitions =========================
.
A: is Removable
C: is FIXED (NTFS) - 56 GiB total, 8.227 GiB free.
D: is FIXED (NTFS) - 4 GiB total, 3.976 GiB free.
E: is FIXED (NTFS) - 73 GiB total, 27.845 GiB free.
F: is FIXED (NTFS) - 73 GiB total, 61.49 GiB free.
G: is CDROM ()
H: is CDROM ()
.
==== Disabled Device Manager Items =============
.
Class GUID: {4D36E972-E325-11CE-BFC1-08002BE10318}
Description: GVC-REALTEK Ethernet 10/100 PCI Adapter
Device ID: PCI\VEN_10EC&DEV_8139&SUBSYS_000113E0&REV_10\4&19FD8D60&0&50F0
Manufacturer: GVC
Name: GVC-REALTEK Ethernet 10/100 PCI Adapter #2
PNP Device ID: PCI\VEN_10EC&DEV_8139&SUBSYS_000113E0&REV_10\4&19FD8D60&0&50F0
Service: rtl8139
.
==== System Restore Points ===================
.
No restore point in system.
.
==== Installed Programs ======================
.
.
5600
5600_Help
5600Trb
7-Zip 9.14
Active WebCam
ActivePerl 5.10.1 Build 1007
Adobe Atmosphere Player for Acrobat and Adobe Reader
Adobe Flash Player 10 ActiveX
Adobe Flash Player 10 Plugin
Adobe Reader 8.2.6
Adobe Shockwave Player 11
AFPL Ghostscript 8.14
AFPL Ghostscript Fonts
AiO_Scan
AiOSoftware
AllToAVI v4 r5394
Alt-Tab Task Switcher Powertoy for Windows XP
Any Video Converter 2.7.0
Apache HTTP Server 2.2.17
APC PowerChute Personal Edition
Apple Application Support
Apple Mobile Device Support
Apple Software Update
ArcSoft PhotoStudio 2000
ATI - Software Uninstall Utility
ATI Display Driver
ATI HYDRAVISION
AttachmentOptions
AWicons Lite by Lokas Software
Bonjour
BufferChm
Calculator Powertoy for Windows XP
Camera Window
Canon Camera Window for ZoomBrowser EX
Canon Digital Camera SDK 6.0
Canon PhotoRecord
Canon Utilities File Viewer Utility 1.2
Canon Utilities PhotoStitch 3.1
Canon Utilities RemoteCapture 2.7
Canon Utilities ZoomBrowser EX
CCleaner
CDBurnerXP
Celestia 1.5.1
CmdHere Powertoy For Windows XP
ColorPic
Common Setup Files (3790.0)
Compact Wireless-G Internet Video Camera
Compatibility Pack for the 2007 Office system
ConquerCam 2.5.1
Core SDK (Windows Server 2003) (3790.0)
CP_AtenaShokunin1Config
CP_CalendarTemplates1
CP_Package_Basic1
CP_Package_Variety1
CP_Package_Variety2
CP_Package_Variety3
CP_Panorama1Config
Critical Update for Windows Media Player 11 (KB959772)
CueTour
DAO
Data Access Objects (DAO) 3.5
Debugging Tools for Windows
Dell Solution Center
Destinations
DeviceFunctionQFolder
DeviceManagementQFolder
Dia (remove only)
DiagramStudio 5.3
DirectX 8.1 SDK
DivX Version Checker
DocProc
DocumentViewer
DocumentViewerQFolder
DVD Decrypter (Remove Only)
DVD Solution
DynDNS Updater 3.0
Easy CD Creator 5 Basic
EasyGPS 3.0
eSupportQFolder
Ethereal 0.10.12
FastStone Image Viewer 3.2
Fax
File Viewer Utility 1.2
FileZilla (remove only)
FileZilla Client 3.3.5.1
FileZilla Server (remove only)
FLV-Media Player 1.6
FullDPAppQFolder
Garmin City Navigator North America NT 2009.11 Update
Garmin City Navigator North America NT 2010.10 Update
Garmin City Navigator North America NT 2010.20
Garmin City Navigator North America NT 2010.30
Garmin City Navigator North America NT 2011.20 Update
Garmin Communicator Plugin
Garmin MapSource
Garmin USB Drivers
Garmin WebUpdater
GdiplusUpgrade
Generations Arena 0.99f (remove only)
GeoHTML
Google Earth
Google Talk (remove only)
Google Toolbar for Internet Explorer
Google Update Helper
Google Updater
GPL MPEG-1/2 DirectShow Decoder Filter
GPS TrackMaker
GSview 4.6
GTK+ 2.8.18-1 runtime environment
Help and Support Customization
HighMAT Extension to Microsoft Windows XP CD Writing Wizard
HijackThis 1.99.1
HM NIS Edit 2.0.3
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB953595)
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB958484)
Hotfix for Microsoft Visual C# 2008 Express Edition with SP1 - ENU (KB945282)
Hotfix for Microsoft Visual C# 2008 Express Edition with SP1 - ENU (KB946040)
Hotfix for Microsoft Visual C# 2008 Express Edition with SP1 - ENU (KB946308)
Hotfix for Microsoft Visual C# 2008 Express Edition with SP1 - ENU (KB947540)
Hotfix for Microsoft Visual C# 2008 Express Edition with SP1 - ENU (KB947789)
Hotfix for Microsoft Visual C++ 2008 Express Edition with SP1 - ENU (KB945282)
Hotfix for Microsoft Visual C++ 2008 Express Edition with SP1 - ENU (KB946040)
Hotfix for Microsoft Visual C++ 2008 Express Edition with SP1 - ENU (KB946308)
Hotfix for Microsoft Visual C++ 2008 Express Edition with SP1 - ENU (KB947540)
Hotfix for Microsoft Visual C++ 2008 Express Edition with SP1 - ENU (KB947789)
Hotfix for Microsoft Visual C++ 2008 Express Edition with SP1 - ENU (KB948127)
Hotfix for Microsoft Visual Web Developer 2008 Express Edition with SP1 - ENU (KB945282)
Hotfix for Microsoft Visual Web Developer 2008 Express Edition with SP1 - ENU (KB946040)
Hotfix for Microsoft Visual Web Developer 2008 Express Edition with SP1 - ENU (KB946308)
Hotfix for Microsoft Visual Web Developer 2008 Express Edition with SP1 - ENU (KB946344)
Hotfix for Microsoft Visual Web Developer 2008 Express Edition with SP1 - ENU (KB946581)
Hotfix for Microsoft Visual Web Developer 2008 Express Edition with SP1 - ENU (KB947540)
Hotfix for Microsoft Visual Web Developer 2008 Express Edition with SP1 - ENU (KB947789)
Hotfix for Microsoft Visual Web Developer 2008 Express Edition with SP1 - ENU (KB951708)
Hotfix for Windows Internet Explorer 7 (KB947864)
Hotfix for Windows Media Format 11 SDK (KB929399)
Hotfix for Windows Media Player 11 (KB939683)
Hotfix for Windows XP (KB2158563)
Hotfix for Windows XP (KB2443685)
Hotfix for Windows XP (KB942288-v3)
Hotfix for Windows XP (KB952287)
Hotfix for Windows XP (KB954550-v5)
Hotfix for Windows XP (KB961118)
Hotfix for Windows XP (KB970653-v3)
Hotfix for Windows XP (KB976098-v2)
Hotfix for Windows XP (KB979306)
Hotfix for Windows XP (KB981793)
HP Document Viewer 5.3
HP Image Zone 5.3
HP Imaging Device Functions 5.3
HP PSC & OfficeJet 5.3.B
HP Solution Center & Imaging Support Tools 5.3
HP Update
HPProductAssistant
Icecast 2.3.2
ImgBurn (Remove Only)
Inkscape 0.46
InstantShareDevices
iPhone Configuration Utility
iPhoneBrowser
IrfanView (remove only)
ISScript
iTunes
JAlbum 7.0
Java Auto Updater
Java(TM) 6 Update 24
KingsTools
Logitech Camera Driver
Logitech Harmony Remote Software 7
LQfix 2.1
Macromedia Shockwave Player
Malwarebytes' Anti-Malware
Microsoft .NET Compact Framework 1.0 SP3 Developer
Microsoft .NET Compact Framework 2.0
Microsoft .NET Framework (English)
Microsoft .NET Framework (English) v1.0.3705
Microsoft .NET Framework 1.0 Hotfix (KB928367)
Microsoft .NET Framework 1.1
Microsoft .NET Framework 1.1 Security Update (KB2416447)
Microsoft .NET Framework 1.1 Security Update (KB979906)
Microsoft .NET Framework 2.0 Service Pack 2
Microsoft .NET Framework 3.0 Service Pack 2
Microsoft .NET Framework 3.5 SP1
Microsoft .NET Framework 4 Client Profile
Microsoft .NET Framework SDK (English) 1.1
Microsoft Antimalware
Microsoft Application Error Reporting
Microsoft Baseline Security Analyzer 2.0.1
Microsoft Calculator Plus
Microsoft Compression Client Pack 1.0 for Windows XP
Microsoft Data Access Components KB870669
Microsoft Device Emulator version 1.0 - ENU
Microsoft DirectX 8.1 SDK
Microsoft DirectX 9.0 SDK Documentation for Visual Studio 2003
Microsoft DirectX 9.0 SDK Update (Summer 2003)
Microsoft Document Explorer 2005
Microsoft FrontPage Client - English
Microsoft Interactive Training
Microsoft Internationalized Domain Names Mitigation APIs
Microsoft Managed DirectX (1126)
Microsoft National Language Support Downlevel APIs
Microsoft Network Monitor 3.1
Microsoft Office 2007 Service Pack 2 (SP2)
Microsoft Office Shared MUI (English) 2007
Microsoft Office Shared Setup Metadata MUI (English) 2007
Microsoft Office SharePoint Designer 2007 Service Pack 2 (SP2)
Microsoft Office Visual Web Developer 2007
Microsoft Office Visual Web Developer MUI (English) 2007
Microsoft Office XP Media Content
Microsoft Office XP Professional with FrontPage
Microsoft Picture It! Express 7.0
Microsoft SDK Update February 2003 (5.2.3790.0)
Microsoft Security Client
Microsoft Security Essentials
Microsoft Silverlight
Microsoft SQL Server 2005
Microsoft SQL Server 2005 Mobile [ENU] Developer Tools
Microsoft SQL Server 2005 Tools Express Edition
Microsoft SQL Server 2008
Microsoft SQL Server 2008 Browser
Microsoft SQL Server 2008 Common Files
Microsoft SQL Server 2008 Database Engine Services
Microsoft SQL Server 2008 Database Engine Shared
Microsoft SQL Server 2008 Management Objects
Microsoft SQL Server 2008 Native Client
Microsoft SQL Server 2008 RsFx Driver
Microsoft SQL Server 2008 Setup Support Files (English)
Microsoft SQL Server Compact 3.5 SP1 Design Tools English
Microsoft SQL Server Compact 3.5 SP1 English
Microsoft SQL Server Database Publishing Wizard 1.3
Microsoft SQL Server Native Client
Microsoft SQL Server Setup Support Files (English)
Microsoft SQL Server VSS Writer
Microsoft User-Mode Driver Framework Feature Pack 1.0
Microsoft Visual C# 2008 Express Edition with SP1 - ENU
Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
Microsoft Visual C++ 2005 Redistributable
Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148
Microsoft Visual C++ 2008 Express Edition with SP1 - ENU
Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
Microsoft Visual J# .NET Redistributable Package 1.1
Microsoft Visual J# 2.0 Redistributable Package
Microsoft Visual SourceSafe 2005 - ENU
Microsoft Visual Studio .NET Enterprise Developer 2003 - English
Microsoft Visual Studio 2005 Professional Edition - ENU
Microsoft Visual Studio 2005 Professional Edition - ENU Service Pack 1 (KB926601)
Microsoft Visual Studio 6.0 Enterprise Edition
Microsoft Visual Studio Web Authoring Component
Microsoft Visual Web Developer 2008 Express Edition with SP1 - ENU
Microsoft Web Publishing Wizard 1.53
Microsoft Windows Journal Viewer
Microsoft Windows SDK for Visual Studio 2008 Headers and Libraries
Microsoft Windows SDK for Visual Studio 2008 SP1 Express Tools for .NET Framework - enu
Microsoft Windows SDK for Visual Studio 2008 SP1 Express Tools for Web - enu
Microsoft Windows SDK for Visual Studio 2008 SP1 Express Tools for Win32
Miro
Mozilla Firefox (3.6.16)
Mozilla Thunderbird (2.0.0.17)
MSDN Library for Visual Studio .NET 2003
MSDN Library for Visual Studio 2005
MSN Messenger 6.2
MSXML 4.0 SP2 (KB927978)
MSXML 4.0 SP2 (KB936181)
MSXML 4.0 SP2 (KB954430)
MSXML 4.0 SP2 (KB973688)
MSXML 6.0 Parser (KB933579)
Multimedia Launcher
Music Visualizer Library 1.4.00
MyODBC
MySQL Administrator 1.1
MySQL Connector/Net 5.0.9
MySQL Connector/ODBC 3.51
MySQL Query Browser 1.1
MySQL Server 5.0
MySQL Server 5.1
MySQL Workbench 5.0 OSS
MÃ©tÃ©oÃ‰clair
Nero OEM
Net MD Simple Burner
Netquote Charts
NewCopy
Notepad++
Nvu 1.0
OpenMG Limited Patch 3.2-03-02-21-08
OpenMG Limited Patch 3.2-03-04-14-02
OpenMG Limited Patch 3.2-03-04-17-02
OpenMG Secure Module 3.2
OpenOffice.org 2.2
OpenSSL 1.0.0a (32-bit)
Pandion
PanoStandAlone
PhotoGallery
PhotoStitch
PHP 5.1.1
POP Peeper
ProductContext
Qtracker
Quake III Arena
Quake III Arena Point Release 1.32
QuickTime
RandMap
Readme
RealPlayer
Realtek RTL8139 Diagnostics Program
Remote Control USB Driver
RemoteCapture 2.7.0
Rocket Arena 3 Upgrade 1.7 (remove only)
Scan
ScannerCopy
Security Update for 2007 Microsoft Office System (KB2288621)
Security Update for 2007 Microsoft Office System (KB2289158)
Security Update for CAPICOM (KB931906)
Security Update for Microsoft .NET Framework 3.5 SP1 (KB2416473)
Security Update for Microsoft Office system 2007 (972581)
Security Update for Microsoft Office system 2007 (KB974234)
Security Update for Microsoft Visual Studio 2005 Professional Edition - ENU (KB937061)
Security Update for Microsoft Visual Studio 2005 Professional Edition - ENU (KB947738)
Security Update for Microsoft Visual Studio 2005 Professional Edition - ENU (KB971023)
Security Update for Microsoft Visual Studio 2005 Professional Edition - ENU (KB971090)
Security Update for Microsoft Visual Studio 2005 Professional Edition - ENU (KB973673)
Security Update for Step By Step Interactive Training (KB898458)
Security Update for Step By Step Interactive Training (KB923723)
Security Update for Windows Internet Explorer 7 (KB928090)
Security Update for Windows Internet Explorer 7 (KB929969)
Security Update for Windows Internet Explorer 7 (KB931768)
Security Update for Windows Internet Explorer 7 (KB933566)
Security Update for Windows Internet Explorer 7 (KB937143)
Security Update for Windows Internet Explorer 7 (KB938127)
Security Update for Windows Internet Explorer 7 (KB939653)
Security Update for Windows Internet Explorer 7 (KB942615)
Security Update for Windows Internet Explorer 7 (KB944533)
Security Update for Windows Internet Explorer 7 (KB950759)
Security Update for Windows Internet Explorer 7 (KB953838)
Security Update for Windows Internet Explorer 7 (KB956390)
Security Update for Windows Internet Explorer 7 (KB958215)
Security Update for Windows Internet Explorer 7 (KB960714)
Security Update for Windows Internet Explorer 7 (KB961260)
Security Update for Windows Internet Explorer 7 (KB963027)
Security Update for Windows Internet Explorer 7 (KB969897)
Security Update for Windows Internet Explorer 8 (KB2183461)
Security Update for Windows Internet Explorer 8 (KB2360131)
Security Update for Windows Internet Explorer 8 (KB2416400)
Security Update for Windows Internet Explorer 8 (KB2482017)
Security Update for Windows Internet Explorer 8 (KB969897)
Security Update for Windows Internet Explorer 8 (KB971961)
Security Update for Windows Internet Explorer 8 (KB972260)
Security Update for Windows Internet Explorer 8 (KB974455)
Security Update for Windows Internet Explorer 8 (KB976325)
Security Update for Windows Internet Explorer 8 (KB978207)
Security Update for Windows Internet Explorer 8 (KB981332)
Security Update for Windows Internet Explorer 8 (KB982381)
Security Update for Windows Media Encoder (KB2447961)
Security Update for Windows Media Encoder (KB954156)
Security Update for Windows Media Encoder (KB979332)
Security Update for Windows Media Player (KB2378111)
Security Update for Windows Media Player (KB911564)
Security Update for Windows Media Player (KB952069)
Security Update for Windows Media Player (KB954155)
Security Update for Windows Media Player (KB968816)
Security Update for Windows Media Player (KB973540)
Security Update for Windows Media Player (KB975558)
Security Update for Windows Media Player (KB978695)
Security Update for Windows Media Player 10 (KB911565)
Security Update for Windows Media Player 10 (KB917734)
Security Update for Windows Media Player 11 (KB936782)
Security Update for Windows Media Player 11 (KB954154)
Security Update for Windows Media Player 6.4 (KB925398)
Security Update for Windows XP (KB2079403)
Security Update for Windows XP (KB2115168)
Security Update for Windows XP (KB2121546)
Security Update for Windows XP (KB2124261)
Security Update for Windows XP (KB2160329)
Security Update for Windows XP (KB2229593)
Security Update for Windows XP (KB2259922)
Security Update for Windows XP (KB2279986)
Security Update for Windows XP (KB2286198)
Security Update for Windows XP (KB2290570)
Security Update for Windows XP (KB2296011)
Security Update for Windows XP (KB2296199)
Security Update for Windows XP (KB2347290)
Security Update for Windows XP (KB2360937)
Security Update for Windows XP (KB2387149)
Security Update for Windows XP (KB2393802)
Security Update for Windows XP (KB2419632)
Security Update for Windows XP (KB2423089)
Security Update for Windows XP (KB2436673)
Security Update for Windows XP (KB2440591)
Security Update for Windows XP (KB2443105)
Security Update for Windows XP (KB2476687)
Security Update for Windows XP (KB2478960)
Security Update for Windows XP (KB2478971)
Security Update for Windows XP (KB2479628)
Security Update for Windows XP (KB2479943)
Security Update for Windows XP (KB2481109)
Security Update for Windows XP (KB2483185)
Security Update for Windows XP (KB2485376)
Security Update for Windows XP (KB2524375)
Security Update for Windows XP (KB923561)
Security Update for Windows XP (KB938464)
Security Update for Windows XP (KB941569)
Security Update for Windows XP (KB946648)
Security Update for Windows XP (KB950760)
Security Update for Windows XP (KB950762)
Security Update for Windows XP (KB950974)
Security Update for Windows XP (KB951066)
Security Update for Windows XP (KB951376-v2)
Security Update for Windows XP (KB951376)
Security Update for Windows XP (KB951698)
Security Update for Windows XP (KB951748)
Security Update for Windows XP (KB952004)
Security Update for Windows XP (KB952954)
Security Update for Windows XP (KB953155)
Security Update for Windows XP (KB953839)
Security Update for Windows XP (KB954211)
Security Update for Windows XP (KB954459)
Security Update for Windows XP (KB954600)
Security Update for Windows XP (KB955069)
Security Update for Windows XP (KB956391)
Security Update for Windows XP (KB956572)
Security Update for Windows XP (KB956744)
Security Update for Windows XP (KB956802)
Security Update for Windows XP (KB956803)
Security Update for Windows XP (KB956841)
Security Update for Windows XP (KB956844)
Security Update for Windows XP (KB957095)
Security Update for Windows XP (KB957097)
Security Update for Windows XP (KB958644)
Security Update for Windows XP (KB958687)
Security Update for Windows XP (KB958690)
Security Update for Windows XP (KB958869)
Security Update for Windows XP (KB959426)
Security Update for Windows XP (KB960225)
Security Update for Windows XP (KB960715)
Security Update for Windows XP (KB960803)
Security Update for Windows XP (KB960859)
Security Update for Windows XP (KB961371)
Security Update for Windows XP (KB961373)
Security Update for Windows XP (KB961501)
Security Update for Windows XP (KB968537)
Security Update for Windows XP (KB969059)
Security Update for Windows XP (KB969898)
Security Update for Windows XP (KB969947)
Security Update for Windows XP (KB970238)
Security Update for Windows XP (KB970430)
Security Update for Windows XP (KB970483)
Security Update for Windows XP (KB971468)
Security Update for Windows XP (KB971486)
Security Update for Windows XP (KB971557)
Security Update for Windows XP (KB971633)
Security Update for Windows XP (KB971657)
Security Update for Windows XP (KB972270)
Security Update for Windows XP (KB973346)
Security Update for Windows XP (KB973354)
Security Update for Windows XP (KB973507)
Security Update for Windows XP (KB973525)
Security Update for Windows XP (KB973869)
Security Update for Windows XP (KB973904)
Security Update for Windows XP (KB974112)
Security Update for Windows XP (KB974318)
Security Update for Windows XP (KB974392)
Security Update for Windows XP (KB974571)
Security Update for Windows XP (KB975025)
Security Update for Windows XP (KB975254)
Security Update for Windows XP (KB975467)
Security Update for Windows XP (KB975560)
Security Update for Windows XP (KB975561)
Security Update for Windows XP (KB975562)
Security Update for Windows XP (KB975713)
Security Update for Windows XP (KB977165)
Security Update for Windows XP (KB977816)
Security Update for Windows XP (KB977914)
Security Update for Windows XP (KB978037)
Security Update for Windows XP (KB978251)
Security Update for Windows XP (KB978262)
Security Update for Windows XP (KB978338)
Security Update for Windows XP (KB978542)
Security Update for Windows XP (KB978601)
Security Update for Windows XP (KB978706)
Security Update for Windows XP (KB979309)
Security Update for Windows XP (KB979482)
Security Update for Windows XP (KB979559)
Security Update for Windows XP (KB979683)
Security Update for Windows XP (KB979687)
Security Update for Windows XP (KB980195)
Security Update for Windows XP (KB980218)
Security Update for Windows XP (KB980232)
Security Update for Windows XP (KB980436)
Security Update for Windows XP (KB981322)
Security Update for Windows XP (KB981852)
Security Update for Windows XP (KB981957)
Security Update for Windows XP (KB981997)
Security Update for Windows XP (KB982132)
Security Update for Windows XP (KB982214)
Security Update for Windows XP (KB982665)
Security Update for Windows XP (KB982802)
Shockwave
Sibelius Scorch
SkinsHP1
Skypeâ„¢ 4.2
SolutionCenter
Sonic_PrimoSDK
SonicStage 1.5.53
Sound Blaster Live!
Spybot - Search & Destroy
Spybot - Search & Destroy 1.4
Sql Server Customer Experience Improvement Program
SQL Server System CLR Types
SQLyog 5.01
Status
Stellarium 0.10.0
Traderplus
TrayApp
Tweakui Powertoy for Windows XP
Ultra Defragmenter
Ultra Freeze Tag 1.1 Final
UltraVNC 1.0.6.5
Unload
Update for 2007 Microsoft Office System (KB2284654)
Update for 2007 Microsoft Office System (KB967642)
Update for Microsoft .NET Framework 3.5 SP1 (KB963707)
Update for Microsoft Visual Studio Web Authoring Component (KB945140)
Update for Windows Internet Explorer 8 (KB971930)
Update for Windows Internet Explorer 8 (KB976662)
Update for Windows Internet Explorer 8 (KB976749)
Update for Windows Internet Explorer 8 (KB980182)
Update for Windows XP (KB2141007)
Update for Windows XP (KB2345886)
Update for Windows XP (KB2467659)
Update for Windows XP (KB951072-v2)
Update for Windows XP (KB951978)
Update for Windows XP (KB955759)
Update for Windows XP (KB955839)
Update for Windows XP (KB967715)
Update for Windows XP (KB968389)
Update for Windows XP (KB971029)
Update for Windows XP (KB971737)
Update for Windows XP (KB973687)
Update for Windows XP (KB973815)
USB ERF Gateway 1.7
Virtual Earth 3D (Beta)
Visual SourceSafe Server
Visual Studio .NET Enterprise Developer 2003 - English
Visual Studio.NET Baseline - English
VNC Free Edition 4.1.2
WebFldrs XP
WebReg
WIDCOMM Bluetooth Software
Winamp (remove only)
Windows Defender
Windows Defender Signatures
Windows Driver Package - Garmin (grmnusb) GARMIN Devices (03/08/2007 2.2.1.0)
Windows Genuine Advantage Notifications (KB905474)
Windows Genuine Advantage v1.3.0254.0
Windows Genuine Advantage Validation Tool (KB892130)
Windows Imaging Component
Windows Internet Explorer 7
Windows Internet Explorer 8
Windows Media Connect
Windows Media Encoder 9 Series
Windows Media Format 11 runtime
Windows Media Format SDK Hotfix - KB891122
Windows Media Player 11
Windows Media Player 9 Series SDK
Windows XP Service Pack 3
WinMerge 2.12.4
WinPcap 3.1 beta4
.
==== Event Viewer Messages From Past Week ========
.
11/04/2011 17:51:07, error: SideBySide [59] - Resolve Partial Assembly failed for Microsoft.Windows.Common-Controls. Reference error message: Insufficient system resources exist to complete the requested service. .
11/04/2011 17:51:07, error: SideBySide [59] - Generate Activation Context failed for C:\WINDOWS\WindowsShell.Manifest. Reference error message: The operation completed successfully. .
11/04/2011 13:52:20, error: atapi [9] - The device, \Device\Ide\IdePort0, did not respond within the timeout period.
11/04/2011 12:45:39, error: Service Control Manager [7034] - The World Wide Web Publishing service terminated unexpectedly. It has done this 1 time(s).
11/04/2011 12:45:39, error: Service Control Manager [7034] - The SQL Server VSS Writer service terminated unexpectedly. It has done this 1 time(s).
11/04/2011 12:45:39, error: Service Control Manager [7034] - The PnkBstrB service terminated unexpectedly. It has done this 1 time(s).
11/04/2011 12:45:39, error: Service Control Manager [7034] - The PnkBstrA service terminated unexpectedly. It has done this 1 time(s).
11/04/2011 12:45:39, error: Service Control Manager [7034] - The MySQL service terminated unexpectedly. It has done this 1 time(s).
11/04/2011 12:45:39, error: Service Control Manager [7034] - The iPod Service service terminated unexpectedly. It has done this 1 time(s).
11/04/2011 12:45:39, error: Service Control Manager [7034] - The IIS Admin service terminated unexpectedly. It has done this 1 time(s).
11/04/2011 12:45:39, error: Service Control Manager [7034] - The Crypkey License service terminated unexpectedly. It has done this 1 time(s).
11/04/2011 12:45:39, error: Service Control Manager [7034] - The Bonjour Service service terminated unexpectedly. It has done this 1 time(s).
11/04/2011 12:45:39, error: Service Control Manager [7031] - The Apple Mobile Device service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 60000 milliseconds: Restart the service.
11/04/2011 12:45:38, error: Service Control Manager [7034] - The Ati HotKey Poller service terminated unexpectedly. It has done this 1 time(s).
11/04/2011 12:45:38, error: Service Control Manager [7034] - The APC UPS Service service terminated unexpectedly. It has done this 1 time(s).
11/04/2011 12:45:38, error: Service Control Manager [7031] - The Bluetooth Service service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 60000 milliseconds: Restart the service.
11/04/2011 11:18:22, error: Microsoft Antimalware [2001] - Microsoft Antimalware has encountered an error trying to update signatures. New Signature Version: Previous Signature Version: 1.101.806.0 Update Source: Microsoft Update Server Update Stage: Search Source Path: Default URL Signature Type: AntiVirus Update Type: Full User: NT AUTHORITY\SYSTEM Current Engine Version: Previous Engine Version: 1.1.6702.0 Error code: 0x80070424 Error description: The specified service does not exist as an installed service.
11/04/2011 11:17:55, error: Microsoft Antimalware [2001] - Microsoft Antimalware has encountered an error trying to update signatures. New Signature Version: Previous Signature Version: 1.101.806.0 Update Source: Microsoft Malware Protection Center Update Stage: Install Source Path: http://go.microsoft.com/fwlink/?Lin...6.0&prod=EDB4FA23-53B8-4AFA-8C5D-99752CCA7094 Signature Type: AntiVirus Update Type: Full User: NT AUTHORITY\NETWORK SERVICE Current Engine Version: Previous Engine Version: 1.1.6702.0 Error code: 0x80070008 Error description: Not enough storage is available to process this command.
11/04/2011 11:17:55, error: Microsoft Antimalware [2001] - Microsoft Antimalware has encountered an error trying to update signatures. New Signature Version: Previous Signature Version: 1.101.806.0 Update Source: Microsoft Malware Protection Center Update Stage: Install Source Path: http://go.microsoft.com/fwlink/?Lin...6.0&prod=EDB4FA23-53B8-4AFA-8C5D-99752CCA7094 Signature Type: AntiVirus Update Type: Full User: NT AUTHORITY\NETWORK SERVICE Current Engine Version: Previous Engine Version: 1.1.6702.0 Error code: 0x80070008 Error description: Not enough storage is available to process this command.
11/04/2011 11:17:55, error: Microsoft Antimalware [2001] - Microsoft Antimalware has encountered an error trying to update signatures. New Signature Version: Previous Signature Version: 1.101.806.0 Update Source: Microsoft Malware Protection Center Update Stage: Install Source Path: http://go.microsoft.com/fwlink/?Lin...6.0&prod=EDB4FA23-53B8-4AFA-8C5D-99752CCA7094 Signature Type: AntiSpyware Update Type: Full User: NT AUTHORITY\NETWORK SERVICE Current Engine Version: Previous Engine Version: 1.1.6702.0 Error code: 0x80070008 Error description: Not enough storage is available to process this command.
11/04/2011 11:17:55, error: Microsoft Antimalware [2001] - Microsoft Antimalware has encountered an error trying to update signatures. New Signature Version: Previous Signature Version: 1.101.806.0 Update Source: Microsoft Malware Protection Center Update Stage: Install Source Path: http://go.microsoft.com/fwlink/?Lin...6.0&prod=EDB4FA23-53B8-4AFA-8C5D-99752CCA7094 Signature Type: AntiSpyware Update Type: Full User: NT AUTHORITY\NETWORK SERVICE Current Engine Version: Previous Engine Version: 1.1.6702.0 Error code: 0x80070008 Error description: Not enough storage is available to process this command.
11/04/2011 11:17:35, error: Microsoft Antimalware [2001] - Microsoft Antimalware has encountered an error trying to update signatures. New Signature Version: Previous Signature Version: 1.101.806.0 Update Source: Microsoft Update Server Update Stage: Search Source Path: Default URL Signature Type: AntiVirus Update Type: Full User: NT AUTHORITY\SYSTEM Current Engine Version: Previous Engine Version: 1.1.6702.0 Error code: 0x80070424 Error description: The specified service does not exist as an installed service.
10/04/2011 00:09:55, error: Service Control Manager [7009] - Timeout (30000 milliseconds) waiting for the Apple Mobile Device service to connect.
10/04/2011 00:09:55, error: Service Control Manager [7000] - The Apple Mobile Device service failed to start due to the following error: The service did not respond to the start or control request in a timely fashion.
09/04/2011 23:19:25, error: Microsoft Antimalware [2001] - Microsoft Antimalware has encountered an error trying to update signatures. New Signature Version: Previous Signature Version: 1.101.806.0 Update Source: Microsoft Update Server Update Stage: Search Source Path: Default URL Signature Type: AntiVirus Update Type: Full User: NT AUTHORITY\SYSTEM Current Engine Version: Previous Engine Version: 1.1.6702.0 Error code: 0x80070424 Error description: The specified service does not exist as an installed service.
08/04/2011 21:26:12, error: ati2mtag [45062] - CRT invalid display type
08/04/2011 20:02:42, error: Microsoft Antimalware [2001] - Microsoft Antimalware has encountered an error trying to update signatures. New Signature Version: Previous Signature Version: 1.101.806.0 Update Source: Microsoft Update Server Update Stage: Search Source Path: Default URL Signature Type: AntiVirus Update Type: Full User: NT AUTHORITY\SYSTEM Current Engine Version: Previous Engine Version: 1.1.6702.0 Error code: 0x80070424 Error description: The specified service does not exist as an installed service.
08/04/2011 19:52:09, error: Service Control Manager [7000] - The ATI WDM TV Tuner service failed to start due to the following error: The service cannot be started, either because it is disabled or because it has no enabled devices associated with it.
08/04/2011 19:52:09, error: Service Control Manager [7000] - The ATI WDM TV Audio Crossbar service failed to start due to the following error: The service cannot be started, either because it is disabled or because it has no enabled devices associated with it.
08/04/2011 19:52:09, error: Service Control Manager [7000] - The ATI WDM Specialized PCD Codec service failed to start due to the following error: The service cannot be started, either because it is disabled or because it has no enabled devices associated with it.
08/04/2011 19:52:09, error: Service Control Manager [7000] - The ATI WDM Specialized MVD Codec service failed to start due to the following error: The service cannot be started, either because it is disabled or because it has no enabled devices associated with it.
07/04/2011 19:15:10, error: Microsoft Antimalware [2001] - Microsoft Antimalware has encountered an error trying to update signatures. New Signature Version: Previous Signature Version: 1.101.806.0 Update Source: Microsoft Update Server Update Stage: Search Source Path: Default URL Signature Type: AntiVirus Update Type: Full User: NT AUTHORITY\SYSTEM Current Engine Version: Previous Engine Version: 1.1.6702.0 Error code: 0x80070424 Error description: The specified service does not exist as an installed service.
05/04/2011 23:01:17, error: Microsoft Antimalware [2001] - Microsoft Antimalware has encountered an error trying to update signatures. New Signature Version: Previous Signature Version: 1.101.806.0 Update Source: Microsoft Update Server Update Stage: Search Source Path: Default URL Signature Type: AntiVirus Update Type: Full User: NT AUTHORITY\SYSTEM Current Engine Version: Previous Engine Version: 1.1.6702.0 Error code: 0x80070424 Error description: The specified service does not exist as an installed service.
05/04/2011 22:44:22, error: DCOM [10005] - DCOM got error "%1084" attempting to start the service EventSystem with arguments " " in order to run the server: {1BE1F766-5536-11D1-B726-00C04FB926AF}
05/04/2011 22:42:55, error: DCOM [10005] - DCOM got error "%1084" attempting to start the service StiSvc with arguments " " in order to run the server: {A1F4E726-8CF1-11D1-BF92-0060081ED811}
05/04/2011 21:46:17, error: Service Control Manager [7026] - The following boot-start or system-start driver(s) failed to load: ASPI32 cdudf_xp Fips intelppm MpFilter NetworkX
05/04/2011 21:46:17, error: Service Control Manager [7001] - The World Wide Web Publishing service depends on the IIS Admin service which failed to start because of the following error: The dependency service or group failed to start.
05/04/2011 20:30:55, error: Service Control Manager [7034] - The Java Quick Starter service terminated unexpectedly. It has done this 1 time(s).
05/04/2011 20:30:46, error: Service Control Manager [7031] - The Microsoft Antimalware Service service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 15000 milliseconds: Restart the service.
05/04/2011 20:29:49, error: Service Control Manager [7034] - The Pml Driver HPZ12 service terminated unexpectedly. It has done this 1 time(s).
05/04/2011 20:09:51, error: Service Control Manager [7009] - Timeout (30000 milliseconds) waiting for the Print Spooler service to connect.
05/04/2011 20:09:51, error: Service Control Manager [7000] - The Print Spooler service failed to start due to the following error: The service did not respond to the start or control request in a timely fashion.
.
==== End Of File ===========================

broni · 2011/04/12

All logs have to be pasted.
GMER was just an exception.

.
DDS (Ver_11-03-05.01) - NTFSx86
Run by Louis Daoust at 20:09:53.29 on 11/04/2011
Internet Explorer: 8.0.6001.18702 BrowserJavaVersion: 1.6.0_24
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.1023.432 [GMT -4:00]
.
AV: Microsoft Security Essentials *Enabled/Updated* {EDB4FA23-53B8-4AFA-8C5D-99752CCA7095}
AV: Microsoft Security Essentials *Disabled/Updated* {BCF43643-A118-4432-AEDE-D861FCBCFCDF}
FW: PC Tools Firewall Plus *Disabled*
.
============== Running Processes ===============
.
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost -k DcomLaunch
svchost.exe
C:\Program Files\Microsoft Security Client\Antimalware\MsMpEng.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
C:\Program Files\WIDCOMM\Bluetooth Software\bin\btwdins.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe -k WudfServiceGroup
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
svchost.exe
C:\Program Files\APC\APC PowerChute Personal Edition\mainserv.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\WINDOWS\System32\taskswitch.exe
C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\WINDOWS\system32\crypserv.exe
C:\Program Files\Microsoft Security Client\msseces.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\POP Peeper\POPPeeper.exe
C:\Program Files\Windows Media Player\WMPNSCFG.exe
C:\Documents and Settings\Louis Daoust\Local Settings\Application Data\MÃ©tÃ©oMÃ©dia\MÃ©tÃ©oÃ‰clair\WeatherEye.exe
C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
C:\Program Files\Apache Software Foundation\Apache2.2\bin\ApacheMonitor.exe
C:\Program Files\USB_ERF_Gateway\USB_ERF_Gateway.exe
C:\Program Files\MySQL\MySQL Administrator 1.1\MySQLSystemTrayMonitor.exe
C:\Program Files\Google\Update\GoogleUpdate.exe
C:\Program Files\APC\APC PowerChute Personal Edition\apcsystray.exe
C:\WINDOWS\System32\inetsrv\inetinfo.exe
C:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe
C:\Program Files\MySQL\MySQL Server 5.1\bin\mysqld.exe
C:\WINDOWS\system32\PnkBstrA.exe
C:\WINDOWS\system32\PnkBstrB.exe
C:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe
C:\WINDOWS\System32\svchost.exe -k imgsvc
C:\WINDOWS\System32\svchost.exe -k HTTPFilter
svchost.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Documents and Settings\Louis Daoust\Desktop\Virus and Scanners\dds.scr
.
============== Pseudo HJT Report ===============
.
uSearch Page = hxxp://www.google.com
uSearch Bar = hxxp://www.google.com/ie
uSearchMigratedDefaultURL = hxxp://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8
uInternet Connection Wizard,ShellNext = iexplore
uInternet Settings,ProxyOverride = *.local
uSearchURL,(Default) = hxxp://www.google.com/keyword/%s
mSearchAssistant = hxxp://www.google.com/ie
BHO: Adobe PDF Reader Link Helper: {06849e9f-c8d7-4d59-b87d-784b7d6be0b3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelper.dll
BHO: AVG Safe Search: {3ca2f312-6f6e-4b53-a66e-4e65e497c8c0} - c:\program files\avg\avg8\avgssie.dll
BHO: Google Toolbar Helper: {aa58ed58-01dd-4d91-8333-cf10577473f7} - c:\program files\google\google toolbar\GoogleToolbar_32.dll
BHO: Google Toolbar Notifier BHO: {af69de43-7d58-4638-b6fa-ce66b5ad205d} - c:\program files\google\googletoolbarnotifier\5.6.6209.1142\swg.dll
BHO: Java(tm) Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
BHO: JQSIEStartDetectorImpl Class: {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - c:\program files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
TB: Google Toolbar: {2318c2b1-4965-11d4-9b18-009027a5cd4f} - c:\program files\google\google toolbar\GoogleToolbar_32.dll
TB: {3F200D98-8C77-427A-8DD8-F8106B4EEB45} - No File
EB: {32683183-48a0-441b-a342-7c2a440a9478} - No File
EB: {44226DFF-747E-4EDC-B30C-78752E50CD0C} - No File
uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe
uRun: [POP Peeper] "c:\program files\pop peeper\POPPeeper.exe" -min
uRun: [WMPNSCFG] c:\program files\windows media player\WMPNSCFG.exe
uRun: [WeatherEye] c:\documents and settings\louis daoust\local settings\application data\mÃ©tÃ©omÃ©dia\mÃ©tÃ©oÃ©clair\WeatherEye.exe
mRun: [CoolSwitch] c:\windows\system32\taskswitch.exe
mRun: [HP Software Update] c:\program files\hp\hp software update\HPWuSchd2.exe
mRun: [Windows Defender] "c:\program files\windows defender\MSASCui.exe" -hide
mRun: [Adobe Reader Speed Launcher] "c:\program files\adobe\reader 8.0\reader\Reader_sl.exe "
mRun: [Adobe ARM] "c:\program files\common files\adobe\arm\1.0\AdobeARM.exe "
mRun: [QuickTime Task] "c:\program files\quicktime\QTTask.exe" -atboottime
mRun: [iTunesHelper] "c:\program files\itunes\iTunesHelper.exe "
mRun: [MSC] "c:\program files\microsoft security client\msseces.exe" -hide -runkey
mRun: [NeroFilterCheck] c:\windows\system32\NeroCheck.exe
mRun: [googletalk] c:\program files\google\google talk\googletalk.exe /autostart
mRun: [SunJavaUpdateSched] "c:\program files\common files\java\java update\jusched.exe "
StartupFolder: c:\documents and settings\louis daoust\start menu\programs\startup\DESKTOP.INI.DIS
StartupFolder: c:\docume~1\louisd~1\startm~1\programs\startup\mysqls~1.lnk - c:\program files\mysql\mysql administrator 1.1\MySQLSystemTrayMonitor.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\apcups~1.lnk - c:\program files\apc\apc powerchute personal edition\Display.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\hpdigi~1.lnk - c:\program files\hp\digital imaging\bin\hpqtra08.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\monito~1.lnk - c:\program files\apache software foundation\apache2.2\bin\ApacheMonitor.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\usberf~1.lnk - c:\program files\usb_erf_gateway\USB_ERF_Gateway.exe
mPolicies-explorer: <NO NAME> =
IE: {CCA281CA-C863-46ef-9331-5C8D4460577F} - c:\program files\widcomm\bluetooth software\btsendto_ie.htm
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
DPF: DirectAnimation Java Classes - file://c:\windows\java\classes\dajava.cab
DPF: Microsoft XML Parser for Java - file://c:\windows\java\classes\xmldso.cab
DPF: {00000075-9980-0010-8000-00AA00389B71} - hxxp://codecs.microsoft.com/codecs/i386/voxacm.CAB
DPF: {03F998B2-0E00-11D3-A498-00104B6EB52E} - hxxps://components.viewpoint.com/MTSInstallers/MetaStream3.cab?url=http://www.viewpoint.com/cgi-bin/vet_install_popup.pl?2&04.00.03.15&http://www.space.com/zoomview/montreal_olympic.html
DPF: {05CA9FB0-3E3E-4B36-BF41-0E3A5CAA8CD8} - hxxp://download.microsoft.com/download/e/7/3/e7345c16-80aa-4488-ae10-9ac6be844f99/OGAControl.cab
DPF: {166B1BCA-3F9C-11CF-8075-444553540000} - hxxp://download.macromedia.com/pub/shockwave/cabs/director/sw.cab
DPF: {17492023-C23A-453E-A040-C7C580BBF700} - hxxp://download.microsoft.com/download/3/9/8/398422c0-8d3e-40e1-a617-af65a72a0465/LegitCheckControl.cab
DPF: {193C772A-87BE-4B19-A7BB-445B226FE9A1} - hxxp://download.ewido.net/ewidoOnlineScan.cab
DPF: {33564D57-9980-0010-8000-00AA00389B71} - hxxp://codecs.microsoft.com/codecs/i386/wmv9dmo.cab
DPF: {41F17733-B041-4099-A042-B518BB6A408C} - hxxp://a1540.g.akamai.net/7/1540/52/20021205/qtinstall.info.apple.com/drakken/us/win/QuickTimeInstaller.exe
DPF: {4B48D5DF-9021-45F7-A240-60304302A215} - hxxp://download.microsoft.com/download/b/d/b/bdb4e4ee-63b2-45ff-9d84-33205bf43143/WebCleaner.cab
DPF: {6CB5E471-C305-11D3-99A8-000086395495} - hxxp://toolbar.google.com/data/en/big/1.1.63-big/GoogleNav.cab
DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} - hxxp://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1166903956703
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cab
DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} - hxxp://fpdownload.macromedia.com/get/flashplayer/current/polarbear/ultrashim.cab
DPF: {9F1C11AA-197B-4942-BA54-47A8489BB47F} - hxxp://v4.windowsupdate.microsoft.com/CAB/x86/unicode/iuctl.CAB?37587.681412037
DPF: {C7DB51B4-BCF7-4923-8874-7F1A0DC92277} - hxxp://office.microsoft.com/officeupdate/content/opuc4.cab
DPF: {CAFEEFAC-0014-0000-0000-ABCDEFFEDCBA}
DPF: {CAFEEFAC-0014-0001-0000-ABCDEFFEDCBA}
DPF: {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cab
DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://download.macromedia.com/pub/shockwave/cabs/flash/swflash.cab
DPF: {D7208880-9B7A-43E1-AABB-8C888A5704F9} - hxxp://192.168.1.200/NetCamPlayerWeb11gv2.cab
DPF: {F2A84794-EE6D-447B-8C21-3BA1DC77C5B4} - hxxp://activex.microsoft.com/activex/controls/sdkupdate/sdkinst.cab
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - c:\progra~1\common~1\skype\SKYPE4~1.DLL
Notify: AtiExtEvent - Ati2evxx.dll
SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll
SEH: Microsoft AntiMalware ShellExecuteHook: {091eb208-39dd-417d-a5dd-7e2c2d8fb9cb} - c:\progra~1\wifd1f~1\MpShHook.dll
.
================= FIREFOX ===================
.
FF - ProfilePath - c:\docume~1\louisd~1\applic~1\mozilla\firefox\profiles\860qi792.default\
FF - prefs.js: browser.search.defaulturl - hxxp://www.google.com/search?lr=&ie=UTF-8&oe=UTF-8&q=
FF - prefs.js: browser.search.selectedEngine - Google
FF - prefs.js: browser.startup.homepage - hxxp://www.radio-canada.ca/
FF - prefs.js: network.proxy.type - 0
FF - component: c:\documents and settings\louis daoust\application data\mozilla\firefox\profiles\860qi792.default\extensions\{3112ca9c-de6d-4884-a869-9855de68056c}\components\frozen.dll
FF - component: c:\documents and settings\louis daoust\application data\mozilla\firefox\profiles\860qi792.default\extensions\{3112ca9c-de6d-4884-a869-9855de68056c}\components\googletoolbar-ff3.dll
FF - component: c:\documents and settings\louis daoust\application data\mozilla\firefox\profiles\860qi792.default\extensions\{eecba28f-b68b-4b3a-b501-6ce12e6b8696}\platform\winnt_x86-msvc\components\winprocess.dll
FF - plugin: c:\documents and settings\louis daoust\application data\mozilla\firefox\profiles\860qi792.default\extensions\{195a3098-0bd5-4e90-ae22-ba1c540afd1e}\plugins\npGarmin.dll
FF - plugin: c:\program files\google\google earth\plugin\npgeplugin.dll
FF - plugin: c:\program files\google\google updater\2.4.1536.6592\npCIDetect13.dll
FF - plugin: c:\program files\google\update\1.2.183.39\npGoogleOneClick8.dll
FF - plugin: c:\program files\java\jre6\bin\new_plugin\npdeployJava1.dll
FF - plugin: c:\program files\mozilla firefox\plugins\npmozax.dll
FF - plugin: c:\program files\mozilla firefox\plugins\npmusicn.dll
FF - plugin: c:\program files\real\realone player\netscape6\nppl3260.dll
FF - plugin: c:\program files\real\realone player\netscape6\nprjplug.dll
FF - plugin: c:\program files\real\realone player\netscape6\nprpjplug.dll
FF - plugin: c:\program files\viewpoint\viewpoint media player\npViewpoint.dll
FF - plugin: c:\program files\virtual earth 3d\npVE3D.dll
FF - Ext: Dictionnaire franÃƒ§ais Ã‚«ClassiqueÃ‚»: fr-FR@dictionaries.addons.mozilla.org - %profile%\extensions\fr-FR@dictionaries.addons.mozilla.org
FF - Ext: Google Toolbar for Firefox: {3112ca9c-de6d-4884-a869-9855de68056c} - %profile%\extensions\{3112ca9c-de6d-4884-a869-9855de68056c}
FF - Ext: ViewSourceWith: {eecba28f-b68b-4b3a-b501-6ce12e6b8696} - %profile%\extensions\{eecba28f-b68b-4b3a-b501-6ce12e6b8696}
FF - Ext: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - %profile%\extensions\{20a82645-c095-46ed-80e3-08825760534b}
FF - Ext: DOM Inspector: inspector@mozilla.org - %profile%\extensions\inspector@mozilla.org
FF - Ext: Garmin Communicator: {195A3098-0BD5-4e90-AE22-BA1C540AFD1E} - %profile%\extensions\{195A3098-0BD5-4e90-AE22-BA1C540AFD1E}
FF - Ext: Firebug: firebug@software.joehewitt.com - %profile%\extensions\firebug@software.joehewitt.com
FF - Ext: Default: {972ce4c6-7e08-4474-a285-3208198ce6fd} - c:\program files\mozilla firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA} - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA}
FF - Ext: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\microsoft.net\framework\v3.5\windows presentation foundation\DotNetAssistantExtension
FF - Ext: Java Quick Starter: jqs@sun.com - c:\program files\java\jre6\lib\deploy\jqs\ff
FF - Ext: XULRunner: {15A2A8D5-0502-441E-AA08-A31253EDB69B} - c:\documents and settings\louis daoust\local settings\application data\{15A2A8D5-0502-441E-AA08-A31253EDB69B}
FF - Ext: XULRunner: {BDBBE2A2-8328-4395-A787-80AE44F18199} - c:\documents and settings\administrator\local settings\application data\{BDBBE2A2-8328-4395-A787-80AE44F18199}
.
============= SERVICES / DRIVERS ===============
.
R1 MpFilter;Microsoft Malware Protection Driver;c:\windows\system32\drivers\MpFilter.sys [2010-10-24 165264]
R1 MpKsl5ff1ea11;MpKsl5ff1ea11;c:\documents and settings\all users\application data\microsoft\microsoft antimalware\definition updates\{b6bd3faa-8113-45e8-958f-e0310a009a1d}\MpKsl5ff1ea11.sys [2011-4-11 28752]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\microsoft.net\framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
S2 gupdate;Google Update Service (gupdate);c:\program files\google\update\GoogleUpdate.exe [2010-1-10 135664]
S2 WinDefend;Windows Defender;c:\program files\windows defender\MsMpEng.exe [2006-11-3 13592]
S3 Apache2.2;Apache2.2;c:\program files\apache software foundation\apache2.2\bin\httpd.exe [2010-10-18 20549]
S3 libusb0;LibUsb-Win32 - Kernel Driver 09/17/2006, 0.1.12.0;c:\windows\system32\drivers\libusb0.sys [2006-12-1 28672]
S3 NPF;NetGroup Packet Filter Driver;c:\windows\system32\drivers\npf.sys [2004-10-29 32000]
S3 ultradfg;ultradfg;c:\windows\system32\drivers\ultradfg.sys [2009-5-13 33792]
S3 VX6000;Microsoft LifeCam VX-6000;c:\windows\system32\drivers\VX6000Xp.sys [2006-6-29 2383152]
S3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;c:\windows\microsoft.net\framework\v4.0.30319\wpf\WPFFontCache_v0400.exe [2010-3-18 753504]
S4 MSSQLServerADHelper100;SQL Active Directory Helper Service;c:\program files\microsoft sql server\100\shared\sqladhlp.exe [2008-7-10 47128]
S4 msvsmon80;Visual Studio 2005 Remote Debugger;c:\program files\microsoft visual studio 8\common7\ide\remote debugger\x86\msvsmon.exe [2006-12-2 2805000]
S4 MySQL5;MySQL5; "c:\program files\mysql\mysql server 5.0\bin\mysqld-nt" --defaults-file= "c:\program files\mysql\mysql server 5.0\my.ini" "mysql5" --> c:\program files\mysql\mysql server 5.0\bin\mysqld-nt [?]
S4 RsFx0102;RsFx0102 Driver;c:\windows\system32\drivers\RsFx0102.sys [2008-7-10 242712]
S4 SQLAgent$SQLEXPRESS;SQL Server Agent (SQLEXPRESS);c:\program files\microsoft sql server\mssql10.sqlexpress\mssql\binn\SQLAGENT.EXE [2008-7-10 369688]
.
=============== Created Last 30 ================
.
2011-04-11 21:56:46 28752 ----a-w- c:\docume~1\alluse~1\applic~1\microsoft\microsoft antimalware\definition updates\{b6bd3faa-8113-45e8-958f-e0310a009a1d}\MpKsl5ff1ea11.sys
2011-04-11 21:51:57 6792528 ----a-w- c:\docume~1\alluse~1\applic~1\microsoft\microsoft antimalware\definition updates\{b6bd3faa-8113-45e8-958f-e0310a009a1d}\mpengine.dll
2011-04-10 16:17:59 73728 ----a-w- c:\windows\system32\javacpl.cpl
2011-04-10 09:36:47 54016 ----a-w- c:\windows\system32\drivers\gbophgyl.sys
2011-04-10 04:00:32 54016 ----a-w- c:\windows\system32\drivers\hugoogi.sys
2011-04-09 14:40:32 -------- d-----w- c:\docume~1\louisd~1\applic~1\Malwarebytes
2011-04-09 14:40:22 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2011-04-09 14:40:21 -------- d-----w- c:\docume~1\alluse~1\applic~1\Malwarebytes
2011-04-09 14:40:17 20952 ----a-w- c:\windows\system32\drivers\mbam.sys
2011-04-09 14:40:16 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2011-04-06 01:40:54 -------- d-----w- c:\program files\TeaTimer (Spybot - Search & Destroy)
2011-04-06 01:40:54 -------- d-----w- c:\program files\Misc. Support Library (Spybot - Search & Destroy)
2011-04-06 01:40:45 -------- d-----w- c:\program files\File Scanner Library (Spybot - Search & Destroy)
2011-04-05 23:56:12 0 ----a-w- c:\windows\Cfoqupiyepetero.bin
2011-04-05 23:56:11 -------- d-----w- c:\docume~1\louisd~1\locals~1\applic~1\{15A2A8D5-0502-441E-AA08-A31253EDB69B}
2011-03-16 01:24:57 -------- d-----w- c:\program files\WinMerge
2011-03-14 02:24:37 -------- d-----w- C:\source
.
==================== Find3M ====================
.
2011-04-10 19:39:21 107832 ----a-w- c:\windows\system32\PnkBstrB.exe
2011-04-10 16:17:39 472808 ----a-w- c:\windows\system32\deployJava1.dll
2011-02-09 13:53:52 270848 ----a-w- c:\windows\system32\sbe.dll
2011-02-09 13:53:52 186880 ----a-w- c:\windows\system32\encdec.dll
2011-02-02 22:11:20 222080 ------w- c:\windows\system32\MpSigStub.exe
2011-02-02 07:58:35 2067456 ----a-w- c:\windows\system32\mstscax.dll
2011-01-27 11:57:06 677888 ----a-w- c:\windows\system32\mstsc.exe
2011-01-21 14:44:37 439296 ----a-w- c:\windows\system32\shimgvw.dll
2004-10-01 20:00:16 40960 ----a-w- c:\program files\Uninstall_CDS.exe
.
=================== ROOTKIT ====================
.
Stealth MBR rootkit/Mebroot/Sinowal/TDL4 detector 0.4.2 by Gmer, http://www.gmer.net
Windows 5.1.2600 Disk: WDC_WD600BB-75CAA0 rev.16.06V16 -> Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T1L0-c
.
device: opened successfully
user: MBR read successfully
.
Disk trace:
called modules: ntoskrnl.exe CLASSPNP.SYS disk.sys >>UNKNOWN [0x8773E439]<<
_asm { PUSH EBP; MOV EBP, ESP; PUSH ECX; MOV EAX, [EBP+0x8]; CMP EAX, [0x877447d0]; MOV EAX, [0x8774484c]; PUSH EBX; PUSH ESI; MOV ESI, [EBP+0xc]; MOV EBX, [ESI+0x60]; PUSH EDI; JNZ 0x20; MOV [EBP+0x8], EAX; }
1 nt!IofCallDriver[0x804E37D5] -> \Device\Harddisk0\DR0[0x8776FAB8]
3 CLASSPNP[0xF762FFD7] -> nt!IofCallDriver[0x804E37D5] -> [0x87705A18]
\Driver\atapi[0x8776E308] -> IRP_MJ_CREATE -> 0x8773E439
kernel: MBR read successfully
_asm { XOR AX, AX; MOV SS, AX; MOV SP, 0x7c00; STI ; PUSH AX; POP ES; PUSH AX; POP DS; CLD ; MOV SI, 0x7c1b; MOV DI, 0x61b; PUSH AX; PUSH DI; MOV CX, 0x1e5; REP MOVSB ; RETF ; MOV BP, 0x7be; MOV CL, 0x4; CMP [BP+0x0], CH; JL 0x2e; JNZ 0x3a; }
detected disk devices:
\Device\Ide\IdeDeviceP0T0L0-4 -> \??\IDE#DiskWDC_WD600BB-75CAA0______________________16.06V16#4457572d414d4638373136323235_035_0_0_0_0#{53f56307-b6bf-11d0-94f2-00a0c91efb8b} device not found
detected hooks:
\Driver\atapi DriverStartIo -> 0x8773E27F
user != kernel MBR !!!
sectors 117187498 (+255): user != kernel
Warning: possible TDL4 rootkit infection !
TDL4 rootkit infection detected ! Use: "mbr.exe -f" to fix.
.
============= FINISH: 20:13:13.23 ===============

broni · 2011/04/12

You're infected with a rootkit.

Download TDSSKiller and save it to your desktop.

Extract (unzip) its contents to your desktop.

Open the TDSSKiller folder and doubleclick on TDSSKiller.exe to run the application, then on Start Scan.

If an infected file is detected, the default action will be Cure, click on Continue.

If a suspicious file is detected, the default action will be Skip, click on Continue.

It may ask you to reboot the computer to complete the process. Click on Reboot Now.

If no reboot is require, click on Report. A log file should appear. Please copy and paste the contents of that file here.

If a reboot is required, the report can also be found in your root directory (usually C:\ folder) in the form of TDSSKiller_xxxx_log.txt. Please copy and paste the contents of that file here.

ldaoust · 2011/04/12

2011/04/12 20:49:35.0093 3832 TDSS rootkit removing tool 2.4.21.0 Mar 10 2011 12:26:28
2011/04/12 20:49:37.0093 3832 ================================================================================
2011/04/12 20:49:37.0093 3832 SystemInfo:
2011/04/12 20:49:37.0093 3832
2011/04/12 20:49:37.0093 3832 OS Version: 5.1.2600 ServicePack: 3.0
2011/04/12 20:49:37.0093 3832 Product type: Workstation
2011/04/12 20:49:37.0093 3832 ComputerName: STATION1
2011/04/12 20:49:37.0093 3832 UserName: Louis Daoust
2011/04/12 20:49:37.0093 3832 Windows directory: C:\WINDOWS
2011/04/12 20:49:37.0093 3832 System windows directory: C:\WINDOWS
2011/04/12 20:49:37.0093 3832 Processor architecture: Intel x86
2011/04/12 20:49:37.0093 3832 Number of processors: 1
2011/04/12 20:49:37.0093 3832 Page size: 0x1000
2011/04/12 20:49:37.0093 3832 Boot type: Normal boot
2011/04/12 20:49:37.0109 3832 ================================================================================
2011/04/12 20:49:37.0687 3832 Initialize success
2011/04/12 20:49:42.0609 1980 ================================================================================
2011/04/12 20:49:42.0609 1980 Scan started
2011/04/12 20:49:42.0609 1980 Mode: Manual;
2011/04/12 20:49:42.0609 1980 ================================================================================
2011/04/12 20:49:43.0765 1980 abp480n5 (6abb91494fe6c59089b9336452ab2ea3) C:\WINDOWS\System32\DRIVERS\ABP480N5.SYS
2011/04/12 20:49:43.0906 1980 ACPI (8fd99680a539792a30e97944fdaecf17) C:\WINDOWS\system32\DRIVERS\ACPI.sys
2011/04/12 20:49:44.0031 1980 ACPIEC (9859c0f6936e723e4892d7141b1327d5) C:\WINDOWS\system32\drivers\ACPIEC.sys
2011/04/12 20:49:44.0187 1980 adpu160m (9a11864873da202c996558b2106b0bbc) C:\WINDOWS\System32\DRIVERS\adpu160m.sys
2011/04/12 20:49:44.0375 1980 aec (8bed39e3c35d6a489438b8141717a557) C:\WINDOWS\system32\drivers\aec.sys
2011/04/12 20:49:44.0531 1980 AFD (7e775010ef291da96ad17ca4b17137d7) C:\WINDOWS\System32\drivers\afd.sys
2011/04/12 20:49:44.0671 1980 agp440 (08fd04aa961bdc77fb983f328334e3d7) C:\WINDOWS\system32\DRIVERS\agp440.sys
2011/04/12 20:49:44.0765 1980 agpCPQ (03a7e0922acfe1b07d5db2eeb0773063) C:\WINDOWS\System32\DRIVERS\agpCPQ.sys
2011/04/12 20:49:44.0859 1980 Aha154x (c23ea9b5f46c7f7910db3eab648ff013) C:\WINDOWS\System32\DRIVERS\aha154x.sys
2011/04/12 20:49:44.0984 1980 aic78u2 (19dd0fb48b0c18892f70e2e7d61a1529) C:\WINDOWS\System32\DRIVERS\aic78u2.sys
2011/04/12 20:49:45.0062 1980 aic78xx (b7fe594a7468aa0132deb03fb8e34326) C:\WINDOWS\System32\DRIVERS\aic78xx.sys
2011/04/12 20:49:45.0171 1980 AliIde (1140ab9938809700b46bb88e46d72a96) C:\WINDOWS\System32\DRIVERS\aliide.sys
2011/04/12 20:49:45.0265 1980 alim1541 (cb08aed0de2dd889a8a820cd8082d83c) C:\WINDOWS\System32\DRIVERS\alim1541.sys
2011/04/12 20:49:45.0390 1980 amdagp (95b4fb835e28aa1336ceeb07fd5b9398) C:\WINDOWS\System32\DRIVERS\amdagp.sys
2011/04/12 20:49:45.0578 1980 amsint (79f5add8d24bd6893f2903a3e2f3fad6) C:\WINDOWS\System32\DRIVERS\amsint.sys
2011/04/12 20:49:45.0718 1980 asc (62d318e9a0c8fc9b780008e724283707) C:\WINDOWS\System32\DRIVERS\asc.sys
2011/04/12 20:49:45.0812 1980 asc3350p (69eb0cc7714b32896ccbfd5edcbea447) C:\WINDOWS\System32\DRIVERS\asc3350p.sys
2011/04/12 20:49:45.0906 1980 asc3550 (5d8de112aa0254b907861e9e9c31d597) C:\WINDOWS\System32\DRIVERS\asc3550.sys
2011/04/12 20:49:46.0031 1980 ASPI32 (b979979ab8027f7f53fb16ec4229b7db) C:\WINDOWS\system32\drivers\ASPI32.sys
2011/04/12 20:49:46.0171 1980 AsyncMac (b153affac761e7f5fcfa822b9c4e97bc) C:\WINDOWS\system32\DRIVERS\asyncmac.sys
2011/04/12 20:49:46.0265 1980 atapi (9f3a2f5aa6875c72bf062c712cfa2674) C:\WINDOWS\system32\DRIVERS\atapi.sys
2011/04/12 20:49:46.0593 1980 ati2mtag (0c2ca1c294938139829b1983a0c38b31) C:\WINDOWS\system32\DRIVERS\ati2mtag.sys
2011/04/12 20:49:46.0812 1980 atinrvxx (a7a01b907db63898d40b0a14248ff9a2) C:\WINDOWS\system32\DRIVERS\atinrvxx.sys
2011/04/12 20:49:46.0968 1980 ATITUNEP (edd66332608d27f4fd5069bcd0bc5164) C:\WINDOWS\system32\DRIVERS\atintuxx.sys
2011/04/12 20:49:47.0093 1980 ativraxx (da36687d701c833430605a298731410b) C:\WINDOWS\system32\DRIVERS\atinraxx.sys
2011/04/12 20:49:47.0203 1980 ATIXSAudio (77b575d7aab35d5908ae6ce681608d62) C:\WINDOWS\system32\DRIVERS\atinxsxx.sys
2011/04/12 20:49:47.0359 1980 Atmarpc (9916c1225104ba14794209cfa8012159) C:\WINDOWS\system32\DRIVERS\atmarpc.sys
2011/04/12 20:49:47.0468 1980 audstub (d9f724aa26c010a217c97606b160ed68) C:\WINDOWS\system32\DRIVERS\audstub.sys
2011/04/12 20:49:47.0562 1980 Beep (da1f27d85e0d1525f6621372e7b685e9) C:\WINDOWS\system32\drivers\Beep.sys
2011/04/12 20:49:47.0718 1980 btaudio (faba1418646a2b433c0bded6ff92d2fa) C:\WINDOWS\system32\drivers\btaudio.sys
2011/04/12 20:49:47.0906 1980 BTDriver (2f9f111d31aa3fbbe5781d829a4524e6) C:\WINDOWS\system32\DRIVERS\btport.sys
2011/04/12 20:49:48.0078 1980 BTKRNL (aef038061bc1cafb4865d43a85beb1a1) C:\WINDOWS\system32\DRIVERS\btkrnl.sys
2011/04/12 20:49:48.0265 1980 BTWDNDIS (80f61de965c116051614ac2f04222ff7) C:\WINDOWS\system32\DRIVERS\btwdndis.sys
2011/04/12 20:49:48.0406 1980 btwhid (949eca9c56f657c06d3166d51f3226c7) C:\WINDOWS\system32\DRIVERS\btwhid.sys
2011/04/12 20:49:48.0546 1980 btwmodem (5922bae0cd84924b9cd7e6bb515ee070) C:\WINDOWS\system32\DRIVERS\btwmodem.sys
2011/04/12 20:49:48.0687 1980 BTWUSB (179a37c86fd2b9cc28eb93d093d394c7) C:\WINDOWS\system32\Drivers\btwusb.sys
2011/04/12 20:49:48.0781 1980 cbidf (90a673fc8e12a79afbed2576f6a7aaf9) C:\WINDOWS\System32\DRIVERS\cbidf2k.sys
2011/04/12 20:49:48.0875 1980 cbidf2k (90a673fc8e12a79afbed2576f6a7aaf9) C:\WINDOWS\system32\drivers\cbidf2k.sys
2011/04/12 20:49:48.0984 1980 CCDECODE (0be5aef125be881c4f854c554f2b025c) C:\WINDOWS\system32\DRIVERS\CCDECODE.sys
2011/04/12 20:49:49.0078 1980 cd20xrnt (f3ec03299634490e97bbce94cd2954c7) C:\WINDOWS\System32\DRIVERS\cd20xrnt.sys
2011/04/12 20:49:49.0171 1980 Cdaudio (c1b486a7658353d33a10cc15211a873b) C:\WINDOWS\system32\drivers\Cdaudio.sys
2011/04/12 20:49:49.0250 1980 Cdfs (c885b02847f5d2fd45a24e219ed93b32) C:\WINDOWS\system32\drivers\Cdfs.sys
2011/04/12 20:49:49.0359 1980 Cdr4_xp (bf79e659c506674c0497cc9c61f1a165) C:\WINDOWS\system32\drivers\Cdr4_xp.sys
2011/04/12 20:49:49.0468 1980 Cdralw2k (2c41cd49d82d5fd85c72d57b6ca25471) C:\WINDOWS\system32\drivers\Cdralw2k.sys
2011/04/12 20:49:49.0593 1980 Cdrom (1f4260cc5b42272d71f79e570a27a4fe) C:\WINDOWS\system32\DRIVERS\cdrom.sys
2011/04/12 20:49:49.0734 1980 cdudf_xp (8c7746acde6225a46b58ed7ae09ec166) C:\WINDOWS\system32\drivers\cdudf_xp.sys
2011/04/12 20:49:49.0937 1980 CmdIde (e5dcb56c533014ecbc556a8357c929d5) C:\WINDOWS\System32\DRIVERS\cmdide.sys
2011/04/12 20:49:50.0046 1980 Compbatt (6e4c9f21f0fae8940661144f41b13203) C:\WINDOWS\system32\DRIVERS\compbatt.sys
2011/04/12 20:49:50.0140 1980 Cpqarray (3ee529119eed34cd212a215e8c40d4b6) C:\WINDOWS\System32\DRIVERS\cpqarray.sys
2011/04/12 20:49:50.0265 1980 ctsfm2k (b459ae4afca570088adddbe55eabbc92) C:\WINDOWS\system32\DRIVERS\ctsfm2k.sys
2011/04/12 20:49:50.0453 1980 dac2w2k (e550e7418984b65a78299d248f0a7f36) C:\WINDOWS\System32\DRIVERS\dac2w2k.sys
2011/04/12 20:49:50.0593 1980 dac960nt (683789caa3864eb46125ae86ff677d34) C:\WINDOWS\System32\DRIVERS\dac960nt.sys
2011/04/12 20:49:50.0718 1980 Disk (044452051f3e02e7963599fc8f4f3e25) C:\WINDOWS\system32\DRIVERS\disk.sys
2011/04/12 20:49:50.0859 1980 dmboot (d992fe1274bde0f84ad826acae022a41) C:\WINDOWS\system32\drivers\dmboot.sys
2011/04/12 20:49:51.0015 1980 dmio (7c824cf7bbde77d95c08005717a95f6f) C:\WINDOWS\system32\drivers\dmio.sys
2011/04/12 20:49:51.0156 1980 dmload (e9317282a63ca4d188c0df5e09c6ac5f) C:\WINDOWS\system32\drivers\dmload.sys
2011/04/12 20:49:51.0250 1980 DMusic (8a208dfcf89792a484e76c40e5f50b45) C:\WINDOWS\system32\drivers\DMusic.sys
2011/04/12 20:49:51.0406 1980 dpti2o (40f3b93b4e5b0126f2f5c0a7a5e22660) C:\WINDOWS\System32\DRIVERS\dpti2o.sys
2011/04/12 20:49:51.0500 1980 drmkaud (8f5fcff8e8848afac920905fbd9d33c8) C:\WINDOWS\system32\drivers\drmkaud.sys
2011/04/12 20:49:51.0640 1980 dvd_2K (800de2dfa19db3fd87aa95308ba0c17b) C:\WINDOWS\system32\drivers\dvd_2K.sys
2011/04/12 20:49:51.0796 1980 EL90XBC (6e883bf518296a40959131c2304af714) C:\WINDOWS\system32\DRIVERS\el90xbc5.sys
2011/04/12 20:49:51.0890 1980 Fastfat (38d332a6d56af32635675f132548343e) C:\WINDOWS\system32\drivers\Fastfat.sys
2011/04/12 20:49:51.0984 1980 Fdc (92cdd60b6730b9f50f6a1a0c1f8cdc81) C:\WINDOWS\system32\DRIVERS\fdc.sys
2011/04/12 20:49:52.0093 1980 FilterService (52cd33f70a70fa71e051d6f9276c4702) C:\WINDOWS\system32\DRIVERS\lvuvcflt.sys
2011/04/12 20:49:52.0234 1980 Fips (d45926117eb9fa946a6af572fbe1caa3) C:\WINDOWS\system32\drivers\Fips.sys
2011/04/12 20:49:52.0375 1980 Flpydisk (9d27e7b80bfcdf1cdd9b555862d5e7f0) C:\WINDOWS\system32\DRIVERS\flpydisk.sys
2011/04/12 20:49:52.0484 1980 FltMgr (b2cf4b0786f8212cb92ed2b50c6db6b0) C:\WINDOWS\system32\drivers\fltmgr.sys
2011/04/12 20:49:52.0609 1980 Fs_Rec (3e1e2bd4f39b0e2b7dc4f4d2bcc2779a) C:\WINDOWS\system32\drivers\Fs_Rec.sys
2011/04/12 20:49:52.0765 1980 Ftdisk (6ac26732762483366c3969c9e4d2259d) C:\WINDOWS\system32\DRIVERS\ftdisk.sys
2011/04/12 20:49:52.0875 1980 gameenum (065639773d8b03f33577f6cdaea21063) C:\WINDOWS\system32\DRIVERS\gameenum.sys
2011/04/12 20:49:52.0984 1980 GEARAspiWDM (8182ff89c65e4d38b2de4bb0fb18564e) C:\WINDOWS\system32\DRIVERS\GEARAspiWDM.sys
2011/04/12 20:49:53.0093 1980 Gpc (0a02c63c8b144bd8c86b103dee7c86a2) C:\WINDOWS\system32\DRIVERS\msgpc.sys
2011/04/12 20:49:53.0234 1980 grmnusb (d956358054e99e6ffac69cd87e893a89) C:\WINDOWS\system32\drivers\grmnusb.sys
2011/04/12 20:49:53.0390 1980 HidBatt (748031ff4fe45ccc47546294905feab8) C:\WINDOWS\system32\DRIVERS\HidBatt.sys
2011/04/12 20:49:53.0531 1980 HidUsb (ccf82c5ec8a7326c3066de870c06daf1) C:\WINDOWS\system32\DRIVERS\hidusb.sys
2011/04/12 20:49:53.0625 1980 hpn (b028377dea0546a5fcfba928a8aefae0) C:\WINDOWS\System32\DRIVERS\hpn.sys
2011/04/12 20:49:53.0734 1980 HPZid412 (9f1d80908658eb7f1bf70809e0b51470) C:\WINDOWS\system32\DRIVERS\HPZid412.sys
2011/04/12 20:49:53.0875 1980 HPZipr12 (f7e3e9d50f9cd3de28085a8fdaa0a1c3) C:\WINDOWS\system32\DRIVERS\HPZipr12.sys
2011/04/12 20:49:54.0390 1980 HPZius12 (cf1b7951b4ec8d13f3c93b74bb2b461b) C:\WINDOWS\system32\DRIVERS\HPZius12.sys
2011/04/12 20:49:54.0531 1980 HTTP (f80a415ef82cd06ffaf0d971528ead38) C:\WINDOWS\system32\Drivers\HTTP.sys
2011/04/12 20:49:54.0656 1980 i2omgmt (9368670bd426ebea5e8b18a62416ec28) C:\WINDOWS\system32\drivers\i2omgmt.sys
2011/04/12 20:49:54.0765 1980 i2omp (f10863bf1ccc290babd1a09188ae49e0) C:\WINDOWS\System32\DRIVERS\i2omp.sys
2011/04/12 20:49:54.0890 1980 i8042prt (4a0b06aa8943c1e332520f7440c0aa30) C:\WINDOWS\system32\DRIVERS\i8042prt.sys
2011/04/12 20:49:54.0968 1980 i81x (06b7ef73ba5f302eecc294cdf7e19702) C:\WINDOWS\system32\DRIVERS\i81xnt5.sys
2011/04/12 20:49:55.0109 1980 iAimFP0 (7b5b44efe5eb9dadfb8ee29700885d23) C:\WINDOWS\system32\DRIVERS\wADV01nt.sys
2011/04/12 20:49:55.0218 1980 iAimFP1 (eb1f6bab6c22ede0ba551b527475f7e9) C:\WINDOWS\system32\DRIVERS\wADV02NT.sys
2011/04/12 20:49:55.0343 1980 iAimFP2 (03ce989d846c1aa81145cb22fcb86d06) C:\WINDOWS\system32\DRIVERS\wADV05NT.sys
2011/04/12 20:49:55.0453 1980 iAimFP3 (525849b4469de021d5d61b4db9be3a9d) C:\WINDOWS\system32\DRIVERS\wSiINTxx.sys
2011/04/12 20:49:55.0734 1980 iAimFP4 (589c2bcdb5bd602bf7b63d210407ef8c) C:\WINDOWS\system32\DRIVERS\wVchNTxx.sys
2011/04/12 20:49:56.0000 1980 iAimTV0 (d83bdd5c059667a2f647a6be5703a4d2) C:\WINDOWS\system32\DRIVERS\wATV01nt.sys
2011/04/12 20:49:56.0375 1980 iAimTV1 (ed968d23354daa0d7c621580c012a1f6) C:\WINDOWS\system32\DRIVERS\wATV02NT.sys
2011/04/12 20:49:56.0640 1980 iAimTV3 (d738273f218a224c1ddac04203f27a84) C:\WINDOWS\system32\DRIVERS\wATV04nt.sys
2011/04/12 20:49:57.0000 1980 iAimTV4 (0052d118995cbab152daabe6106d1442) C:\WINDOWS\system32\DRIVERS\wCh7xxNT.sys
2011/04/12 20:49:57.0265 1980 Imapi (083a052659f5310dd8b6a6cb05edcf8e) C:\WINDOWS\system32\drivers\Imapi.sys
2011/04/12 20:49:57.0375 1980 ini910u (4a40e045faee58631fd8d91afc620719) C:\WINDOWS\System32\DRIVERS\ini910u.sys
2011/04/12 20:49:57.0453 1980 IntelIde (b5466a9250342a7aa0cd1fba13420678) C:\WINDOWS\system32\DRIVERS\intelide.sys
2011/04/12 20:49:57.0546 1980 intelppm (8c953733d8f36eb2133f5bb58808b66b) C:\WINDOWS\system32\DRIVERS\intelppm.sys
2011/04/12 20:49:57.0656 1980 Ip6Fw (3bb22519a194418d5fec05d800a19ad0) C:\WINDOWS\system32\drivers\ip6fw.sys
2011/04/12 20:49:57.0843 1980 IpFilterDriver (731f22ba402ee4b62748adaf6363c182) C:\WINDOWS\system32\DRIVERS\ipfltdrv.sys
2011/04/12 20:49:57.0921 1980 IpInIp (b87ab476dcf76e72010632b5550955f5) C:\WINDOWS\system32\DRIVERS\ipinip.sys
2011/04/12 20:49:58.0109 1980 IpNat (cc748ea12c6effde940ee98098bf96bb) C:\WINDOWS\system32\DRIVERS\ipnat.sys
2011/04/12 20:49:58.0218 1980 IPSec (23c74d75e36e7158768dd63d92789a91) C:\WINDOWS\system32\DRIVERS\ipsec.sys
2011/04/12 20:49:58.0296 1980 IRENUM (c93c9ff7b04d772627a3646d89f7bf89) C:\WINDOWS\system32\DRIVERS\irenum.sys
2011/04/12 20:49:58.0406 1980 isapnp (05a299ec56e52649b1cf2fc52d20f2d7) C:\WINDOWS\system32\DRIVERS\isapnp.sys
2011/04/12 20:49:58.0515 1980 Kbdclass (463c1ec80cd17420a542b7f36a36f128) C:\WINDOWS\system32\DRIVERS\kbdclass.sys
2011/04/12 20:49:58.0625 1980 kbdhid (9ef487a186dea361aa06913a75b3fa99) C:\WINDOWS\system32\DRIVERS\kbdhid.sys
2011/04/12 20:49:58.0765 1980 kmixer (692bcf44383d056aed41b045a323d378) C:\WINDOWS\system32\drivers\kmixer.sys
2011/04/12 20:49:58.0906 1980 KSecDD (b467646c54cc746128904e1654c750c1) C:\WINDOWS\system32\drivers\KSecDD.sys
2011/04/12 20:49:59.0109 1980 libusb0 (e7c3b14e649ce7a2c3e815c95244d6a6) C:\WINDOWS\system32\DRIVERS\libusb0.sys
2011/04/12 20:49:59.0328 1980 Lvckap (f38e7600e2188b0fc640eba498ec1d8f) C:\WINDOWS\system32\drivers\Lvckap.sys
2011/04/12 20:49:59.0625 1980 lvmvdrv (98f2eb95589a29c3baad859779b5baf4) C:\WINDOWS\system32\drivers\lvmvdrv.sys
2011/04/12 20:49:59.0906 1980 lvpopflt (b0456b8a332135c1216ff2374b584161) C:\WINDOWS\system32\DRIVERS\lvpopflt.sys
2011/04/12 20:50:00.0093 1980 LVPrcMon (0354c6a753360ca5e1fe1eba81cb1a35) C:\WINDOWS\system32\drivers\LVPrcMon.sys
2011/04/12 20:50:00.0218 1980 LVUSBSta (f7e15f2fe7790733df86e95a76556389) C:\WINDOWS\system32\drivers\LVUSBSta.sys
2011/04/12 20:50:00.0453 1980 LVUVC (92d03dc19eae9d0a86735705e374fdad) C:\WINDOWS\system32\DRIVERS\lvuvc.sys
2011/04/12 20:50:00.0718 1980 mmc_2K (0a35ad036de912858a1c5e9637840724) C:\WINDOWS\system32\drivers\mmc_2K.sys
2011/04/12 20:50:00.0859 1980 mnmdd (4ae068242760a1fb6e1a44bf4e16afa6) C:\WINDOWS\system32\drivers\mnmdd.sys
2011/04/12 20:50:00.0968 1980 Modem (dfcbad3cec1c5f964962ae10e0bcc8e1) C:\WINDOWS\system32\drivers\Modem.sys
2011/04/12 20:50:01.0078 1980 Mouclass (35c9e97194c8cfb8430125f8dbc34d04) C:\WINDOWS\system32\DRIVERS\mouclass.sys
2011/04/12 20:50:01.0218 1980 mouhid (b1c303e17fb9d46e87a98e4ba6769685) C:\WINDOWS\system32\DRIVERS\mouhid.sys
2011/04/12 20:50:01.0328 1980 MountMgr (a80b9a0bad1b73637dbcbba7df72d3fd) C:\WINDOWS\system32\drivers\MountMgr.sys
2011/04/12 20:50:01.0437 1980 MpFilter (7e34bfa1a7b60bba1da03d677f16cd63) C:\WINDOWS\system32\DRIVERS\MpFilter.sys
2011/04/12 20:50:01.0578 1980 MpKsl71e1fc58 (5f53edfead46fa7adb78eee9ecce8fdf) C:\Documents and Settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{B6BD3FAA-8113-45E8-958F-E0310A009A1D}\MpKsl71e1fc58.sys
2011/04/12 20:50:01.0671 1980 mraid35x (3f4bb95e5a44f3be34824e8e7caf0737) C:\WINDOWS\System32\DRIVERS\mraid35x.sys
2011/04/12 20:50:01.0812 1980 MRxDAV (11d42bb6206f33fbb3ba0288d3ef81bd) C:\WINDOWS\system32\DRIVERS\mrxdav.sys
2011/04/12 20:50:01.0984 1980 MRxSmb (f3aefb11abc521122b67095044169e98) C:\WINDOWS\system32\DRIVERS\mrxsmb.sys
2011/04/12 20:50:02.0156 1980 Msfs (c941ea2454ba8350021d774daf0f1027) C:\WINDOWS\system32\drivers\Msfs.sys
2011/04/12 20:50:02.0312 1980 MSKSSRV (d1575e71568f4d9e14ca56b7b0453bf1) C:\WINDOWS\system32\drivers\MSKSSRV.sys
2011/04/12 20:50:02.0453 1980 MSPCLOCK (325bb26842fc7ccc1fcce2c457317f3e) C:\WINDOWS\system32\drivers\MSPCLOCK.sys
2011/04/12 20:50:02.0578 1980 MSPQM (bad59648ba099da4a17680b39730cb3d) C:\WINDOWS\system32\drivers\MSPQM.sys
2011/04/12 20:50:02.0687 1980 mssmbios (af5f4f3f14a8ea2c26de30f7a1e17136) C:\WINDOWS\system32\DRIVERS\mssmbios.sys
2011/04/12 20:50:02.0828 1980 MSTEE (e53736a9e30c45fa9e7b5eac55056d1d) C:\WINDOWS\system32\drivers\MSTEE.sys
2011/04/12 20:50:02.0968 1980 Mup (2f625d11385b1a94360bfc70aaefdee1) C:\WINDOWS\system32\drivers\Mup.sys
2011/04/12 20:50:03.0093 1980 MVDCODEC (ed4c2bf8403f4437987c0ba09cf48716) C:\WINDOWS\system32\DRIVERS\atinmdxx.sys
2011/04/12 20:50:03.0234 1980 NABTSFEC (5b50f1b2a2ed47d560577b221da734db) C:\WINDOWS\system32\DRIVERS\NABTSFEC.sys
2011/04/12 20:50:03.0328 1980 NDIS (1df7f42665c94b825322fae71721130d) C:\WINDOWS\system32\drivers\NDIS.sys
2011/04/12 20:50:03.0437 1980 NdisIP (7ff1f1fd8609c149aa432f95a8163d97) C:\WINDOWS\system32\DRIVERS\NdisIP.sys
2011/04/12 20:50:03.0546 1980 NdisTapi (1ab3d00c991ab086e69db84b6c0ed78f) C:\WINDOWS\system32\DRIVERS\ndistapi.sys
2011/04/12 20:50:03.0640 1980 Ndisuio (f927a4434c5028758a842943ef1a3849) C:\WINDOWS\system32\DRIVERS\ndisuio.sys
2011/04/12 20:50:03.0750 1980 NdisWan (edc1531a49c80614b2cfda43ca8659ab) C:\WINDOWS\system32\DRIVERS\ndiswan.sys
2011/04/12 20:50:03.0843 1980 NDProxy (9282bd12dfb069d3889eb3fcc1000a9b) C:\WINDOWS\system32\drivers\NDProxy.sys
2011/04/12 20:50:03.0984 1980 NetBIOS (5d81cf9a2f1a3a756b66cf684911cdf0) C:\WINDOWS\system32\DRIVERS\netbios.sys
2011/04/12 20:50:04.0125 1980 NetBT (74b2b2f5bea5e9a3dc021d685551bd3d) C:\WINDOWS\system32\DRIVERS\netbt.sys
2011/04/12 20:50:04.0265 1980 NETMDUSB (986acdece933131288f1957dc359865f) C:\WINDOWS\system32\Drivers\NETMDUSB.sys
2011/04/12 20:50:04.0390 1980 NetworkX (8d355489b70bcc0b2a0f1d6165a50414) C:\WINDOWS\system32\ckldrv.sys
2011/04/12 20:50:04.0546 1980 nm (1e421a6bcf2203cc61b821ada9de878b) C:\WINDOWS\system32\DRIVERS\NMnt.sys
2011/04/12 20:50:04.0656 1980 NPF (05f6be0427ecb1d4f0985217f30f49f2) C:\WINDOWS\system32\drivers\npf.sys
2011/04/12 20:50:04.0812 1980 Npfs (3182d64ae053d6fb034f44b6def8034a) C:\WINDOWS\system32\drivers\Npfs.sys
2011/04/12 20:50:04.0953 1980 Ntfs (78a08dd6a8d65e697c18e1db01c5cdca) C:\WINDOWS\system32\drivers\Ntfs.sys
2011/04/12 20:50:05.0125 1980 Null (73c1e1f395918bc2c6dd67af7591a3ad) C:\WINDOWS\system32\drivers\Null.sys
2011/04/12 20:50:05.0187 1980 NwlnkFlt (b305f3fad35083837ef46a0bbce2fc57) C:\WINDOWS\system32\DRIVERS\nwlnkflt.sys
2011/04/12 20:50:05.0265 1980 NwlnkFwd (c99b3415198d1aab7227f2c88fd664b9) C:\WINDOWS\system32\DRIVERS\nwlnkfwd.sys
2011/04/12 20:50:05.0390 1980 omci (1d98907d80461371437a7c898c58c8ae) C:\WINDOWS\system32\DRIVERS\omci.sys
2011/04/12 20:50:05.0531 1980 ossrv (c720c25b2d0c93dc425155f5b6a707f3) C:\WINDOWS\system32\DRIVERS\ctoss2k.sys
2011/04/12 20:50:05.0718 1980 P16X (f051107ff80f132882e71e3a5d302ec1) C:\WINDOWS\system32\drivers\P16X.sys
2011/04/12 20:50:05.0890 1980 P3 (c90018bafdc7098619a4a95b046b30f3) C:\WINDOWS\system32\DRIVERS\p3.sys
2011/04/12 20:50:06.0062 1980 Parport (5575faf8f97ce5e713d108c2a58d7c7c) C:\WINDOWS\system32\DRIVERS\parport.sys
2011/04/12 20:50:06.0171 1980 PartMgr (beb3ba25197665d82ec7065b724171c6) C:\WINDOWS\system32\drivers\PartMgr.sys
2011/04/12 20:50:06.0250 1980 ParVdm (70e98b3fd8e963a6a46a2e6247e0bea1) C:\WINDOWS\system32\drivers\ParVdm.sys
2011/04/12 20:50:06.0390 1980 PCDCODEC (e90ac2b14e98f1a4372e5891b4278784) C:\WINDOWS\system32\DRIVERS\atinpdxx.sys
2011/04/12 20:50:06.0500 1980 PCI (a219903ccf74233761d92bef471a07b1) C:\WINDOWS\system32\DRIVERS\pci.sys
2011/04/12 20:50:06.0656 1980 PCIIde (ccf5f451bb1a5a2a522a76e670000ff0) C:\WINDOWS\System32\DRIVERS\pciide.sys
2011/04/12 20:50:06.0796 1980 Pcmcia (9e89ef60e9ee05e3f2eef2da7397f1c1) C:\WINDOWS\system32\drivers\Pcmcia.sys
2011/04/12 20:50:07.0140 1980 perc2 (6c14b9c19ba84f73d3a86dba11133101) C:\WINDOWS\System32\DRIVERS\perc2.sys
2011/04/12 20:50:07.0250 1980 perc2hib (f50f7c27f131afe7beba13e14a3b9416) C:\WINDOWS\System32\DRIVERS\perc2hib.sys
2011/04/12 20:50:07.0421 1980 pfc (444f122e68db44c0589227781f3c8b3f) C:\WINDOWS\system32\drivers\pfc.sys
2011/04/12 20:50:07.0515 1980 PfModNT (2f5532f9b0f903b26847da674b4f55b2) C:\WINDOWS\System32\PfModNT.sys
2011/04/12 20:50:07.0750 1980 PptpMiniport (efeec01b1d3cf84f16ddd24d9d9d8f99) C:\WINDOWS\system32\DRIVERS\raspptp.sys
2011/04/12 20:50:07.0890 1980 Processor (a32bebaf723557681bfc6bd93e98bd26) C:\WINDOWS\system32\DRIVERS\processr.sys
2011/04/12 20:50:08.0015 1980 Ptilink (80d317bd1c3dbc5d4fe7b1678c60cadd) C:\WINDOWS\system32\DRIVERS\ptilink.sys
2011/04/12 20:50:08.0125 1980 pwd_2k (1840112f3f3b7ece84dbbd93a70c4135) C:\WINDOWS\system32\drivers\pwd_2k.sys
2011/04/12 20:50:08.0250 1980 PxHelp20 (e42e3433dbb4cffe8fdd91eab29aea8e) C:\WINDOWS\system32\Drivers\PxHelp20.sys
2011/04/12 20:50:08.0406 1980 ql1080 (0a63fb54039eb5662433caba3b26dba7) C:\WINDOWS\System32\DRIVERS\ql1080.sys
2011/04/12 20:50:08.0546 1980 Ql10wnt (6503449e1d43a0ff0201ad5cb1b8c706) C:\WINDOWS\System32\DRIVERS\ql10wnt.sys
2011/04/12 20:50:08.0671 1980 ql12160 (156ed0ef20c15114ca097a34a30d8a01) C:\WINDOWS\System32\DRIVERS\ql12160.sys
2011/04/12 20:50:08.0750 1980 ql1240 (70f016bebde6d29e864c1230a07cc5e6) C:\WINDOWS\System32\DRIVERS\ql1240.sys
2011/04/12 20:50:08.0843 1980 ql1280 (907f0aeea6bc451011611e732bd31fcf) C:\WINDOWS\System32\DRIVERS\ql1280.sys
2011/04/12 20:50:08.0921 1980 RasAcd (fe0d99d6f31e4fad8159f690d68ded9c) C:\WINDOWS\system32\DRIVERS\rasacd.sys
2011/04/12 20:50:09.0062 1980 Rasl2tp (11b4a627bc9614b885c4969bfa5ff8a6) C:\WINDOWS\system32\DRIVERS\rasl2tp.sys
2011/04/12 20:50:09.0171 1980 RasPppoe (5bc962f2654137c9909c3d4603587dee) C:\WINDOWS\system32\DRIVERS\raspppoe.sys
2011/04/12 20:50:09.0234 1980 Raspti (fdbb1d60066fcfbb7452fd8f9829b242) C:\WINDOWS\system32\DRIVERS\raspti.sys
2011/04/12 20:50:09.0343 1980 Rdbss (7ad224ad1a1437fe28d89cf22b17780a) C:\WINDOWS\system32\DRIVERS\rdbss.sys
2011/04/12 20:50:09.0468 1980 RDPCDD (4912d5b403614ce99c28420f75353332) C:\WINDOWS\system32\DRIVERS\RDPCDD.sys
2011/04/12 20:50:09.0593 1980 rdpdr (15cabd0f7c00c47c70124907916af3f1) C:\WINDOWS\system32\DRIVERS\rdpdr.sys
2011/04/12 20:50:09.0750 1980 RDPWD (6728e45b66f93c08f11de2e316fc70dd) C:\WINDOWS\system32\drivers\RDPWD.sys
2011/04/12 20:50:09.0890 1980 redbook (f828dd7e1419b6653894a8f97a0094c5) C:\WINDOWS\system32\DRIVERS\redbook.sys
2011/04/12 20:50:10.0062 1980 RsFx0102 (fedd2710b75be3ecf078adace790c423) C:\WINDOWS\system32\DRIVERS\RsFx0102.sys
2011/04/12 20:50:10.0203 1980 rtl8139 (d6066a0596b13e486204dd365fdb2d4f) C:\WINDOWS\system32\DRIVERS\RTL8139.SYS
2011/04/12 20:50:10.0343 1980 Secdrv (90a3935d05b494a5a39d37e71f09a677) C:\WINDOWS\system32\DRIVERS\secdrv.sys
2011/04/12 20:50:10.0484 1980 serenum (0f29512ccd6bead730039fb4bd2c85ce) C:\WINDOWS\system32\DRIVERS\serenum.sys
2011/04/12 20:50:10.0609 1980 Serial (cca207a8896d4c6a0c9ce29a4ae411a7) C:\WINDOWS\system32\DRIVERS\serial.sys
2011/04/12 20:50:10.0765 1980 Sfloppy (8e6b8c671615d126fdc553d1e2de5562) C:\WINDOWS\system32\drivers\Sfloppy.sys
2011/04/12 20:50:10.0921 1980 sisagp (6b33d0ebd30db32e27d1d78fe946a754) C:\WINDOWS\System32\DRIVERS\sisagp.sys
2011/04/12 20:50:11.0031 1980 SLIP (866d538ebe33709a5c9f5c62b73b7d14) C:\WINDOWS\system32\DRIVERS\SLIP.sys
2011/04/12 20:50:11.0171 1980 Sparrow (83c0f71f86d3bdaf915685f3d568b20e) C:\WINDOWS\System32\DRIVERS\sparrow.sys
2011/04/12 20:50:11.0250 1980 splitter (ab8b92451ecb048a4d1de7c3ffcb4a9f) C:\WINDOWS\system32\drivers\splitter.sys
2011/04/12 20:50:11.0375 1980 sr (76bb022c2fb6902fd5bdd4f78fc13a5d) C:\WINDOWS\System32\DRIVERS\sr.sys
2011/04/12 20:50:11.0531 1980 Srv (0f6aefad3641a657e18081f52d0c15af) C:\WINDOWS\system32\DRIVERS\srv.sys
2011/04/12 20:50:11.0687 1980 streamip (77813007ba6265c4b6098187e6ed79d2) C:\WINDOWS\system32\DRIVERS\StreamIP.sys
2011/04/12 20:50:11.0765 1980 swenum (3941d127aef12e93addf6fe6ee027e0f) C:\WINDOWS\system32\DRIVERS\swenum.sys
2011/04/12 20:50:11.0921 1980 swmidi (8ce882bcc6cf8a62f2b2323d95cb3d01) C:\WINDOWS\system32\drivers\swmidi.sys
2011/04/12 20:50:12.0046 1980 symc810 (1ff3217614018630d0a6758630fc698c) C:\WINDOWS\System32\DRIVERS\symc810.sys
2011/04/12 20:50:12.0171 1980 symc8xx (070e001d95cf725186ef8b20335f933c) C:\WINDOWS\System32\DRIVERS\symc8xx.sys
2011/04/12 20:50:12.0296 1980 sym_hi (80ac1c4abbe2df3b738bf15517a51f2c) C:\WINDOWS\System32\DRIVERS\sym_hi.sys
2011/04/12 20:50:12.0406 1980 sym_u3 (bf4fab949a382a8e105f46ebb4937058) C:\WINDOWS\System32\DRIVERS\sym_u3.sys
2011/04/12 20:50:12.0515 1980 sysaudio (8b83f3ed0f1688b4958f77cd6d2bf290) C:\WINDOWS\system32\drivers\sysaudio.sys
2011/04/12 20:50:12.0656 1980 Tcpip (9aefa14bd6b182d61e3119fa5f436d3d) C:\WINDOWS\system32\DRIVERS\tcpip.sys
2011/04/12 20:50:12.0828 1980 TDPIPE (6471a66807f5e104e4885f5b67349397) C:\WINDOWS\system32\drivers\TDPIPE.sys
2011/04/12 20:50:12.0937 1980 TDTCP (c56b6d0402371cf3700eb322ef3aaf61) C:\WINDOWS\system32\drivers\TDTCP.sys
2011/04/12 20:50:13.0015 1980 TermDD (88155247177638048422893737429d9e) C:\WINDOWS\system32\DRIVERS\termdd.sys
2011/04/12 20:50:13.0156 1980 TosIde (f2790f6af01321b172aa62f8e1e187d9) C:\WINDOWS\System32\DRIVERS\toside.sys
2011/04/12 20:50:13.0312 1980 UdfReadr_xp (e1b5bfba7f1cde1fc28934639e83b3cf) C:\WINDOWS\system32\drivers\UdfReadr_xp.sys
2011/04/12 20:50:13.0437 1980 Udfs (5787b80c2e3c5e2f56c2a233d91fa2c9) C:\WINDOWS\system32\drivers\Udfs.sys
2011/04/12 20:50:13.0515 1980 ultra (1b698a51cd528d8da4ffaed66dfc51b9) C:\WINDOWS\System32\DRIVERS\ultra.sys
2011/04/12 20:50:13.0593 1980 ultradfg (b0edec95310e259238cbc9319efba3fc) C:\WINDOWS\system32\DRIVERS\ultradfg.sys
2011/04/12 20:50:13.0750 1980 Update (402ddc88356b1bac0ee3dd1580c76a31) C:\WINDOWS\system32\DRIVERS\update.sys
2011/04/12 20:50:13.0937 1980 USBAAPL (5c2bdc152bbab34f36473deaf7713f22) C:\WINDOWS\system32\Drivers\usbaapl.sys
2011/04/12 20:50:14.0062 1980 usbaudio (e919708db44ed8543a7c017953148330) C:\WINDOWS\system32\drivers\usbaudio.sys
2011/04/12 20:50:14.0187 1980 usbccgp (173f317ce0db8e21322e71b7e60a27e8) C:\WINDOWS\system32\DRIVERS\usbccgp.sys
2011/04/12 20:50:14.0296 1980 usbehci (65dcf09d0e37d4c6b11b5b0b76d470a7) C:\WINDOWS\system32\DRIVERS\usbehci.sys
2011/04/12 20:50:14.0406 1980 usbhub (1ab3cdde553b6e064d2e754efe20285c) C:\WINDOWS\system32\DRIVERS\usbhub.sys
2011/04/12 20:50:14.0515 1980 usbohci (0daecce65366ea32b162f85f07c6753b) C:\WINDOWS\system32\DRIVERS\usbohci.sys
2011/04/12 20:50:14.0656 1980 usbprint (a717c8721046828520c9edf31288fc00) C:\WINDOWS\system32\DRIVERS\usbprint.sys
2011/04/12 20:50:14.0765 1980 usbscan (a0b8cf9deb1184fbdd20784a58fa75d4) C:\WINDOWS\system32\DRIVERS\usbscan.sys
2011/04/12 20:50:14.0890 1980 USBSTOR (a32426d9b14a089eaa1d922e0c5801a9) C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS
2011/04/12 20:50:14.0968 1980 usbuhci (26496f9dee2d787fc3e61ad54821ffe6) C:\WINDOWS\system32\DRIVERS\usbuhci.sys
2011/04/12 20:50:15.0046 1980 VgaSave (0d3a8fafceacd8b7625cd549757a7df1) C:\WINDOWS\System32\drivers\vga.sys
2011/04/12 20:50:15.0140 1980 viaagp (754292ce5848b3738281b4f3607eaef4) C:\WINDOWS\System32\DRIVERS\viaagp.sys
2011/04/12 20:50:15.0281 1980 ViaIde (3b3efcda263b8ac14fdf9cbdd0791b2e) C:\WINDOWS\System32\DRIVERS\viaide.sys
2011/04/12 20:50:15.0390 1980 VolSnap (4c8fcb5cc53aab716d810740fe59d025) C:\WINDOWS\system32\drivers\VolSnap.sys
2011/04/12 20:50:15.0593 1980 VX6000 (61fc38a2e136a2e5944e7ca286abaaae) C:\WINDOWS\system32\DRIVERS\VX6000Xp.sys
2011/04/12 20:50:15.0828 1980 Wanarp (e20b95baedb550f32dd489265c1da1f6) C:\WINDOWS\system32\DRIVERS\wanarp.sys
2011/04/12 20:50:16.0031 1980 wdmaud (6768acf64b18196494413695f0c3a00f) C:\WINDOWS\system32\drivers\wdmaud.sys
2011/04/12 20:50:16.0296 1980 WpdUsb (cf4def1bf66f06964dc0d91844239104) C:\WINDOWS\system32\Drivers\wpdusb.sys
2011/04/12 20:50:16.0453 1980 WSTCODEC (c98b39829c2bbd34e454150633c62c78) C:\WINDOWS\system32\DRIVERS\WSTCODEC.SYS
2011/04/12 20:50:16.0578 1980 WudfPf (f15feafffbb3644ccc80c5da584e6311) C:\WINDOWS\system32\DRIVERS\WudfPf.sys
2011/04/12 20:50:16.0734 1980 WudfRd (28b524262bce6de1f7ef9f510ba3985b) C:\WINDOWS\system32\DRIVERS\wudfrd.sys
2011/04/12 20:50:16.0875 1980 \HardDisk1 - detected Rootkit.Win32.TDSS.tdl4 (0)
2011/04/12 20:50:16.0890 1980 ================================================================================
2011/04/12 20:50:16.0890 1980 Scan finished
2011/04/12 20:50:16.0890 1980 ================================================================================
2011/04/12 20:50:16.0906 1336 Detected object count: 1
2011/04/12 20:50:20.0953 1336 \HardDisk1 (Rootkit.Win32.TDSS.tdl4) - will be cured after reboot
2011/04/12 20:50:20.0953 1336 \HardDisk1 - ok
2011/04/12 20:50:20.0953 1336 Rootkit.Win32.TDSS.tdl4(\HardDisk1) - User select action: Cure
2011/04/12 20:50:28.0312 0252 Deinitialize success

broni · 2011/04/12

Very good

How is computer doing?

Please download ComboFix from [color= "Red"]Here[/color] or [color= "#FF0000"]Here[/color] to your Desktop.

[color= "Blue"]**Note: In the event you already have Combofix, this is a new version that I need you to download. It is important that it is saved directly to your desktop**[/color]

Please, never rename Combofix unless instructed.

Close any open browsers.

Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.

Very Important! Temporarily disable your anti-virus, script blocking and any anti-malware real-time protection before performing a scan. They can interfere with ComboFix or remove some of its embedded files which may cause "unpredictable results ".

Click on [color= "Red"]this link[/color] to see a list of programs that should be disabled. The list is not all inclusive. If yours is not listed and you don't know how to disable it, please ask.

NOTE1. If Combofix asks you to install Recovery Console, please allow it.
NOTE 2. If Combofix asks you to update the program, always do so.

Close any open browsers.

[color= "Red"]WARNING:[/color] Combofix will disconnect your machine from the Internet as soon as it starts

Please do not attempt to re-connect your machine back to the Internet until Combofix has completely finished.

If there is no internet connection after running Combofix, then restart your computer to restore back your connection.

Double click on combofix.exe & follow the prompts.

When finished, it will produce a report for you.

Please post the "C:\ComboFix.txt"

**Note 1: Do not mouseclick combofix's window while it's running. That may cause it to stall
**Note 2 for AVG users: ComboFix will not run until AVG is uninstalled as a protective measure against the anti-virus. This is because AVG "falsely" detects ComboFix (or its embedded files) as a threat and may remove them resulting in the tool not working correctly which in turn can cause "unpredictable results ". Since AVG cannot be effectively disabled before running ComboFix, the author recommends you to uninstall AVG first.
Use AppRemover to uninstall it: http://www.appremover.com/
We can reinstall it when we're done with CF.
**Note 3: If you receive an error "Illegal operation attempted on a registery key that has been marked for deletion ", restart computer to fix the issue.

Make sure, you re-enable your security programs, when you're done with Combofix.

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

NOTE.
If, for some reason, Combofix refuses to run, try one of the following:

1. Run Combofix from Safe Mode.

2. Delete Combofix file, download fresh one, but rename combofix.exe to your_name.exe BEFORE saving it to your desktop.
Do NOT run it yet.

Please download and run the below tool named Rkill (courtesy of BleepingComputer.com) which may help allow other programs to run.

There are 4 different versions. If one of them won't run then download and try to run the other one.

Vista and Win7 users need to right click Rkill and choose Run as Administrator

You only need to get one of these to run, not all of them. You may get warnings from your antivirus about this tool, ignore them or shutdown your antivirus.

Rkill.com
Rkill.scr
Rkill.exe

Double-click on the Rkill desktop icon to run the tool.

If using Vista or Windows 7 right-click on it and choose Run As Administrator.

A black DOS box will briefly flash and then disappear. This is normal and indicates the tool ran successfully.

If not, delete the file, then download and use the one provided in Link 2.

If it does not work, repeat the process and attempt to use one of the remaining links until the tool runs.

Do not reboot until instructed.

If the tool does not run from any of the links provided, please let me know.

Once you've gotten one of them to run, immediately run your_name.exe by double clicking on it.

If normal mode still doesn't work, run BOTH tools from safe mode.

In case #2, please post BOTH logs, rKill and Combofix.

DO NOT make any other changes to your computer (like installing programs, using other cleaning tools, etc.), until it's officially declared clean!!!

ldaoust · 2011/04/12

Computer seems to be running nicely now. Didn't get any random URLs with google searches. Windows update site is now accessible.

Was able to run Combofix from desktop without any problems.
I noticed, after Combofix rebooted the machine, that APC Powerchute tray icon is not showing. Not a biggy. Maybe next reboot will be ok.

Combofix log:

ComboFix 11-04-12.01 - Louis Daoust 12/04/2011 21:24:29.1.1 - x86
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.1023.464 [GMT -4:00]
Running from: c:\documents and settings\Louis Daoust\Desktop\ComboFix.exe
AV: Microsoft Security Essentials *Disabled/Updated* {BCF43643-A118-4432-AEDE-D861FCBCFCDF}
AV: Microsoft Security Essentials *Disabled/Updated* {EDB4FA23-53B8-4AFA-8C5D-99752CCA7095}
FW: PC Tools Firewall Plus *Disabled* {ABBD5028-5A95-4B6D-996E-98D64AE88D52}
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\documents and settings\Administrator\Local Settings\Application Data\{BDBBE2A2-8328-4395-A787-80AE44F18199}
c:\documents and settings\Administrator\Local Settings\Application Data\{BDBBE2A2-8328-4395-A787-80AE44F18199}\chrome.manifest
c:\documents and settings\Administrator\Local Settings\Application Data\{BDBBE2A2-8328-4395-A787-80AE44F18199}\chrome\content\_cfg.js
c:\documents and settings\Administrator\Local Settings\Application Data\{BDBBE2A2-8328-4395-A787-80AE44F18199}\chrome\content\overlay.xul
c:\documents and settings\Administrator\Local Settings\Application Data\{BDBBE2A2-8328-4395-A787-80AE44F18199}\install.rdf
c:\documents and settings\All Users\Start Menu\HP Image Zone .lnk
c:\documents and settings\Louis Daoust\Local Settings\Application Data\{15A2A8D5-0502-441E-AA08-A31253EDB69B}
c:\documents and settings\Louis Daoust\Local Settings\Application Data\{15A2A8D5-0502-441E-AA08-A31253EDB69B}\chrome.manifest
c:\documents and settings\Louis Daoust\Local Settings\Application Data\{15A2A8D5-0502-441E-AA08-A31253EDB69B}\chrome\content\_cfg.js
c:\documents and settings\Louis Daoust\Local Settings\Application Data\{15A2A8D5-0502-441E-AA08-A31253EDB69B}\chrome\content\overlay.xul
c:\documents and settings\Louis Daoust\Local Settings\Application Data\{15A2A8D5-0502-441E-AA08-A31253EDB69B}\install.rdf
c:\documents and settings\Louis Daoust\WINDOWS
c:\program files\WinPCap
c:\program files\WinPCap\daemon_mgm.exe
c:\program files\WinPCap\INSTALL.LOG
c:\program files\WinPCap\NetMonInstaller.exe
c:\program files\WinPCap\npf_mgm.exe
c:\program files\WinPCap\rpcapd.exe
c:\program files\WinPCap\Uninstall.exe
C:\Thumbs.db
c:\windows\system\VI30AUT.DLL
c:\windows\system32\Cache
c:\windows\system32\Data
c:\windows\system32\drivers\npf.sys
c:\windows\system32\Ijl11.dll
c:\windows\system32\Packet.dll
c:\windows\system32\pthreadVC.dll
c:\windows\system32\reg.dll
c:\windows\system32\uninstall.exe
c:\windows\system32\WanPacket.dll
c:\windows\system32\wpcap.dll
F:\install.exe
.
.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
-------\Legacy_NPF
-------\Service_NPF
.
.
((((((((((((((((((((((((( Files Created from 2011-03-13 to 2011-04-13 )))))))))))))))))))))))))))))))
.
.
2011-04-12 12:50 . 2011-04-12 12:50 781272 ----a-w- c:\program files\Mozilla Firefox\mozsqlite3.dll
2011-04-12 12:50 . 2011-04-12 12:50 1874904 ----a-w- c:\program files\Mozilla Firefox\mozjs.dll
2011-04-12 12:50 . 2011-04-12 12:50 728024 ----a-w- c:\program files\Mozilla Firefox\libGLESv2.dll
2011-04-12 12:50 . 2011-04-12 12:50 15832 ----a-w- c:\program files\Mozilla Firefox\mozalloc.dll
2011-04-12 12:50 . 2011-04-12 12:50 142296 ----a-w- c:\program files\Mozilla Firefox\libEGL.dll
2011-04-12 12:50 . 2011-04-12 12:50 1893336 ----a-w- c:\program files\Mozilla Firefox\d3dx9_42.dll
2011-04-12 12:50 . 2011-04-12 12:50 142296 ----a-w- c:\program files\Mozilla Firefox\components\browsercomps.dll
2011-04-12 12:50 . 2011-04-12 12:50 1975768 ----a-w- c:\program files\Mozilla Firefox\D3DCompiler_42.dll
2011-04-11 21:51 . 2011-03-15 04:05 6792528 ----a-w- c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{B6BD3FAA-8113-45E8-958F-E0310A009A1D}\mpengine.dll
2011-04-10 16:18 . 2011-04-10 16:18 -------- d-----w- c:\program files\Common Files\Java
2011-04-10 16:17 . 2011-04-10 16:17 73728 ----a-w- c:\windows\system32\javacpl.cpl
2011-04-10 09:36 . 2011-04-10 09:36 54016 ----a-w- c:\windows\system32\drivers\gbophgyl.sys
2011-04-10 04:00 . 2011-04-10 04:00 54016 ----a-w- c:\windows\system32\drivers\hugoogi.sys
2011-04-09 14:40 . 2011-04-09 14:40 -------- d-----w- c:\documents and settings\Louis Daoust\Application Data\Malwarebytes
2011-04-09 14:40 . 2010-12-20 22:09 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2011-04-09 14:40 . 2011-04-09 14:40 -------- d-----w- c:\documents and settings\All Users\Application Data\Malwarebytes
2011-04-09 14:40 . 2010-12-20 22:08 20952 ----a-w- c:\windows\system32\drivers\mbam.sys
2011-04-09 14:40 . 2011-04-09 14:40 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2011-04-06 01:40 . 2011-04-06 01:40 -------- d-----w- c:\program files\TeaTimer (Spybot - Search & Destroy)
2011-04-06 01:40 . 2011-04-06 01:40 -------- d-----w- c:\program files\Misc. Support Library (Spybot - Search & Destroy)
2011-04-06 01:40 . 2011-04-06 01:40 -------- d-----w- c:\program files\File Scanner Library (Spybot - Search & Destroy)
2011-04-06 00:33 . 2011-04-06 00:33 -------- d-sh--w- c:\documents and settings\Administrator\IETldCache
2011-04-05 23:56 . 2011-04-05 23:56 0 ----a-w- c:\windows\Cfoqupiyepetero.bin
2011-03-16 01:24 . 2011-03-16 01:26 -------- d-----w- c:\program files\WinMerge
2011-03-14 02:24 . 2011-03-14 02:24 -------- d-----w- C:\source
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2011-04-10 19:39 . 2007-06-30 17:46 107832 ----a-w- c:\windows\system32\PnkBstrB.exe
2011-04-10 16:17 . 2010-11-26 14:43 472808 ----a-w- c:\windows\system32\deployJava1.dll
2011-04-09 02:11 . 2007-06-30 17:47 22328 ----a-w- c:\windows\system32\drivers\PnkBstrK.sys
2011-03-15 04:05 . 2010-04-23 00:17 6792528 ----a-w- c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\Backup\mpengine.dll
2011-02-09 13:53 . 2002-11-26 19:15 186880 ----a-w- c:\windows\system32\encdec.dll
2011-02-09 13:53 . 2002-11-26 19:15 270848 ----a-w- c:\windows\system32\sbe.dll
2011-02-02 22:11 . 2009-10-03 00:10 222080 ------w- c:\windows\system32\MpSigStub.exe
2011-02-02 07:58 . 2002-08-29 11:00 2067456 ----a-w- c:\windows\system32\mstscax.dll
2011-01-27 11:57 . 2002-08-29 11:00 677888 ----a-w- c:\windows\system32\mstsc.exe
2011-01-21 14:44 . 2002-08-29 11:00 439296 ----a-w- c:\windows\system32\shimgvw.dll
2004-10-01 20:00 . 2005-12-28 20:16 40960 ----a-w- c:\program files\Uninstall_CDS.exe
2011-04-12 12:50 . 2011-04-12 12:50 142296 ----a-w- c:\program files\mozilla firefox\components\browsercomps.dll
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"POP Peeper "= "c:\program files\POP Peeper\POPPeeper.exe" [2009-01-22 1470464]
"WMPNSCFG "= "c:\program files\Windows Media Player\WMPNSCFG.exe" [2006-10-19 204288]
"WeatherEye "= "c:\documents and settings\Louis Daoust\Local Settings\Application Data\MÃ©tÃ©oMÃ©dia\MÃ©tÃ©oÃ‰clair\WeatherEye.exe" [2009-10-27 718232]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"CoolSwitch "= "c:\windows\System32\taskswitch.exe" [2002-03-19 45632]
"HP Software Update "= "c:\program files\HP\HP Software Update\HPWuSchd2.exe" [2005-05-12 49152]
"Adobe Reader Speed Launcher "= "c:\program files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2011-01-22 40368]
"Adobe ARM "= "c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2010-09-21 932288]
"QuickTime Task "= "c:\program files\QuickTime\QTTask.exe" [2010-11-29 421888]
"iTunesHelper "= "c:\program files\iTunes\iTunesHelper.exe" [2010-12-13 421160]
"MSC "= "c:\program files\Microsoft Security Client\msseces.exe" [2010-11-30 997408]
"NeroFilterCheck "= "c:\windows\system32\NeroCheck.exe" [2001-07-09 155648]
"googletalk "= "c:\program files\Google\Google Talk\googletalk.exe" [2007-01-01 3739648]
"SunJavaUpdateSched "= "c:\program files\Common Files\Java\Java Update\jusched.exe" [2010-10-29 249064]
.
c:\documents and settings\Louis Daoust\Start Menu\Programs\Startup\
DESKTOP.INI.DIS [2002-9-3 84]
MySQL System Tray Monitor.lnk - c:\program files\MySQL\MySQL Administrator 1.1\MySQLSystemTrayMonitor.exe [2005-12-15 986624]
.
c:\documents and settings\All Users\Start Menu\Programs\Startup\
APC UPS Status.lnk - c:\program files\APC\APC PowerChute Personal Edition\Display.exe [2008-8-23 221247]
HP Digital Imaging Monitor.lnk - c:\program files\HP\Digital Imaging\bin\hpqtra08.exe [2005-5-11 282624]
Monitor Apache Servers.lnk - c:\program files\Apache Software Foundation\Apache2.2\bin\ApacheMonitor.exe [2010-10-18 41051]
USB ERF Gateway.lnk - c:\program files\USB_ERF_Gateway\USB_ERF_Gateway.exe [2010-12-16 677888]
.
[HKEY_CURRENT_USER\software\microsoft\internet explorer\desktop\components\1]
Source= c:\inetpub\wwwroot\ldaoust\calendar.html
FriendlyName=
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MsMpSvc]
@= "Service "
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WinDefend]
@= "Service "
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"DisableNotifications "= 1 (0x1)
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe "=
"c:\\Program Files\\MSN Messenger\\msnmsgr.exe "=
"%windir%\\Network Diagnostic\\xpnetdiag.exe "=
"c:\\Program Files\\Logitech\\Logitech Harmony Remote Software 7\\HarmonyRemote.exe "=
"c:\\Program Files\\UltraVNC\\vncviewer.exe "=
"c:\\Program Files\\Qtracker\\qtracker.exe "=
"c:\\Games\\Quake III Arena\\quake3.exe "=
"c:\\Games\\Quake III Arena\\quake3131.exe "=
"c:\\Games\\Quake III Arena\\quake3130.exe "=
"c:\\Program Files\\Real\\RealOne Player\\realplay.exe "=
"c:\\Program Files\\Active WebCam\\WebCam.exe "=
"c:\\Program Files\\ConquerCam\\ConquerCam.exe "=
"e:\\Download\\source\\WinsockIOCP_demo\\IOCP_Server\\Debug\\IOCP_Server.exe "=
"e:\\Download\\source\\WinsockIOCP_demo\\IOCP_Server\\Release\\IOCP_Server.exe "=
"c:\\Documents and Settings\\Louis Daoust\\Desktop\\dpnxui.exe "=
"c:\\Program Files\\Skype\\Phone\\Skype.exe "=
"c:\\Program Files\\Skype\\Plugin Manager\\skypePM.exe "=
"c:\\Program Files\\Bonjour\\mDNSResponder.exe "=
"c:\\Program Files\\iTunes\\iTunes.exe "=
"c:\\Program Files\\FileZilla FTP Client\\filezilla.exe "=
"c:\\Program Files\\Google\\Google Earth\\plugin\\geplugin.exe "=
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"5900:TCP "= 5900:TCP:vnc5900
"5800:TCP "= 5800:TCP:vnc5800
.
S1 MpKslc3a62d1c;MpKslc3a62d1c;\??\c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{B6BD3FAA-8113-45E8-958F-E0310A009A1D}\MpKslc3a62d1c.sys --> c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{B6BD3FAA-8113-45E8-958F-E0310A009A1D}\MpKslc3a62d1c.sys [?]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [18/03/2010 13:16 130384]
S2 gupdate;Google Update Service (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [10/01/2010 11:10 135664]
S2 WinDefend;Windows Defender;c:\program files\Windows Defender\MsMpEng.exe [03/11/2006 19:19 13592]
S3 Apache2.2;Apache2.2;c:\program files\Apache Software Foundation\Apache2.2\bin\httpd.exe [18/10/2010 02:32 20549]
S3 libusb0;LibUsb-Win32 - Kernel Driver 09/17/2006, 0.1.12.0;c:\windows\SYSTEM32\DRIVERS\libusb0.sys [01/12/2006 20:33 28672]
S3 ultradfg;ultradfg;c:\windows\SYSTEM32\DRIVERS\ultradfg.sys [13/05/2009 10:37 33792]
S3 VX6000;Microsoft LifeCam VX-6000;c:\windows\SYSTEM32\DRIVERS\VX6000Xp.sys [29/06/2006 19:56 2383152]
S3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;c:\windows\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe [18/03/2010 13:16 753504]
S4 MSSQLServerADHelper100;SQL Active Directory Helper Service;c:\program files\Microsoft SQL Server\100\Shared\sqladhlp.exe [10/07/2008 20:28 47128]
S4 msvsmon80;Visual Studio 2005 Remote Debugger;c:\program files\Microsoft Visual Studio 8\Common7\IDE\Remote Debugger\x86\msvsmon.exe [02/12/2006 07:17 2805000]
S4 MySQL5;MySQL5; "c:\program files\MySQL\MySQL Server 5.0\bin\mysqld-nt" --defaults-file= "c:\program files\MySQL\MySQL Server 5.0\my.ini" "MySQL5" --> c:\program files\MySQL\MySQL Server 5.0\bin\mysqld-nt [?]
S4 RsFx0102;RsFx0102 Driver;c:\windows\SYSTEM32\DRIVERS\RsFx0102.sys [10/07/2008 02:49 242712]
S4 SQLAgent$SQLEXPRESS;SQL Server Agent (SQLEXPRESS);c:\program files\Microsoft SQL Server\MSSQL10.SQLEXPRESS\MSSQL\Binn\SQLAGENT.EXE [10/07/2008 20:28 369688]
.
Contents of the 'Scheduled Tasks' folder
.
2010-12-31 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2008-07-30 16:34]
.
2011-04-13 c:\windows\Tasks\Google Software Updater.job
- c:\program files\Google\Common\Google Updater\GoogleUpdaterService.exe [2007-02-03 23:15]
.
2011-04-13 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-01-10 15:10]
.
2011-04-13 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-01-10 15:10]
.
.
------- Supplementary Scan -------
.
uSearchMigratedDefaultURL = hxxp://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8
uInternet Connection Wizard,ShellNext = iexplore
uInternet Settings,ProxyOverride = *.local
uSearchURL,(Default) = hxxp://www.google.com/keyword/%s
DPF: DirectAnimation Java Classes - file://c:\windows\Java\classes\dajava.cab
DPF: Microsoft XML Parser for Java - file://c:\windows\Java\classes\xmldso.cab
DPF: {193C772A-87BE-4B19-A7BB-445B226FE9A1} - hxxp://download.ewido.net/ewidoOnlineScan.cab
DPF: {D7208880-9B7A-43E1-AABB-8C888A5704F9} - hxxp://192.168.1.200/NetCamPlayerWeb11gv2.cab
FF - ProfilePath - c:\documents and settings\Louis Daoust\Application Data\Mozilla\Firefox\Profiles\860qi792.default\
FF - prefs.js: browser.search.defaulturl - hxxp://www.google.com/search?lr=&ie=UTF-8&oe=UTF-8&q=
FF - prefs.js: browser.search.selectedEngine - Google
FF - prefs.js: browser.startup.homepage - hxxp://www.radio-canada.ca/
FF - prefs.js: network.proxy.type - 0
.
- - - - ORPHANS REMOVED - - - -
.
Toolbar-Locked - (no file)
AddRemove-Active WebCam - c:\program files\Active WebCam\PY_UNINSTAL.EXE SOFTWARE\PySoft\Act_WebCam
AddRemove-AWicons Lite by Lokas Software - c:\windows\AWuninstall.exe Software\Lokas Ltd\AWicons Lite
AddRemove-HijackThis - c:\download\Virus\hijackthis\HijackThis.exe
AddRemove-Macromedia Shockwave Player - c:\windows\SYSTEM32\Macromed\SHOCKW~2\UNWISE.EXE
AddRemove-RA3 - c:\games\Quake III Arena\arena\uninstall.exe
AddRemove-SQLyog - c:\program files\SQLyog\uninst.exe
AddRemove-WinPcapInst - c:\program files\WinPcap\Uninstall.exe
AddRemove-{7B63B2922B174135AFC0E1377DD81EC2} - c:\program files\DivX\DivXCodecUninstall.exe
.
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2011-04-12 21:39
Windows 5.1.2600 Service Pack 3 NTFS
.
scanning hidden processes ...
.
scanning hidden autostart entries ...
.
scanning hidden files ...
.
scan completed successfully
hidden files: 0
.
**************************************************************************
.
[HKEY_LOCAL_MACHINE\System\ControlSet002\Services\MySQL]
"ImagePath "= "\ "c:\program files\MySQL\MySQL Server 5.1\bin\mysqld\" --defaults-file=\ "c:\program files\MySQL\MySQL Server 5.1\my.ini\" MySQL "
.
[HKEY_LOCAL_MACHINE\System\ControlSet002\Services\MySQL5]
"ImagePath "= "\ "c:\program files\MySQL\MySQL Server 5.0\bin\mysqld-nt\" --defaults-file=\ "c:\program files\MySQL\MySQL Server 5.0\my.ini\" \ "MySQL5\" "
.
--------------------- DLLs Loaded Under Running Processes ---------------------
.
- - - - - - - > 'winlogon.exe'(456)
c:\windows\system32\Ati2evxx.dll
.
- - - - - - - > 'explorer.exe'(3728)
c:\windows\system32\WININET.dll
c:\windows\system32\ieframe.dll
c:\windows\system32\msi.dll
c:\windows\system32\webcheck.dll
c:\windows\system32\WPDShServiceObj.dll
c:\windows\system32\btncopy.dll
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
.
------------------------ Other Running Processes ------------------------
.
c:\windows\system32\Ati2evxx.exe
c:\program files\Microsoft Security Client\Antimalware\MsMpEng.exe
c:\program files\WIDCOMM\Bluetooth Software\bin\btwdins.exe
c:\windows\system32\Ati2evxx.exe
c:\program files\APC\APC PowerChute Personal Edition\mainserv.exe
c:\program files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
c:\program files\Bonjour\mDNSResponder.exe
c:\windows\system32\crypserv.exe
c:\windows\System32\inetsrv\inetinfo.exe
c:\program files\Java\jre6\bin\jqs.exe
c:\program files\Common Files\Microsoft Shared\VS7Debug\mdm.exe
c:\program files\MySQL\MySQL Server 5.1\bin\mysqld.exe
c:\windows\system32\PnkBstrA.exe
c:\windows\system32\PnkBstrB.exe
c:\program files\Microsoft SQL Server\90\Shared\sqlwriter.exe
c:\windows\system32\wscntfy.exe
c:\program files\APC\APC PowerChute Personal Edition\apcsystray.exe
c:\program files\Windows Media Player\WMPNetwk.exe
c:\program files\HP\Digital Imaging\bin\hpqSTE08.exe
c:\program files\iPod\bin\iPodService.exe
.
**************************************************************************
.
Completion time: 2011-04-12 21:53:24 - machine was rebooted
ComboFix-quarantined-files.txt 2011-04-13 01:53
.
Pre-Run: 8,305,012,736 bytes free
Post-Run: 8,041,873,408 bytes free
.
WindowsXP-KB310994-SP2-Pro-BootDisk-ENU.exe
[boot loader]
timeout=2
default=multi(0)disk(0)rdisk(0)partition(2)\WINDOWS
[operating systems]
c:\cmdcons\BOOTSECT.DAT= "Microsoft Windows Recovery Console" /cmdcons
UnsupportedDebug= "do not select this" /debug
multi(0)disk(0)rdisk(0)partition(2)\WINDOWS= "Microsoft Windows XP Professional" /fastdetect /NoExecute=OptIn
[spybotsd]
timeout.old=30
.
- - End Of File - - 52EC8811A2BA519520EF37D1B2D9B492

broni · 2011/04/12

Good news

1. Please open Notepad

Click Start , then Run

Type notepad .exe in the Run Box.

2. Now copy/paste the entire content of the codebox below into the Notepad window:
Code:
File::
c:\windows\Cfoqupiyepetero.bin

Registry::
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
 "DisableNotifications "=-
3. Save the above as CFScript.txt

4. Close/disable all anti virus and anti malware programs again, so they do not interfere with the running of ComboFix.

5. Then drag the CFScript.txt into ComboFix.exe as depicted in the animation below. This will start ComboFix again.

6. After reboot, (in case it asks to reboot), please post the following reports/logs into your next reply:

Combofix.txt

ldaoust · 2011/04/12

ComboFix 11-04-12.01 - Louis Daoust 12/04/2011 22:54:27.2.1 - x86
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.1023.442 [GMT -4:00]
Running from: c:\documents and settings\Louis Daoust\Desktop\ComboFix.exe
Command switches used :: c:\documents and settings\Louis Daoust\Desktop\CFScript.txt
AV: Microsoft Security Essentials *Disabled/Updated* {BCF43643-A118-4432-AEDE-D861FCBCFCDF}
AV: Microsoft Security Essentials *Disabled/Updated* {EDB4FA23-53B8-4AFA-8C5D-99752CCA7095}
FW: PC Tools Firewall Plus *Disabled* {ABBD5028-5A95-4B6D-996E-98D64AE88D52}
.
FILE ::
"c:\windows\Cfoqupiyepetero.bin "
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\windows\Cfoqupiyepetero.bin
.
.
((((((((((((((((((((((((( Files Created from 2011-03-13 to 2011-04-13 )))))))))))))))))))))))))))))))
.
.
2011-04-13 02:02 . 2011-04-13 02:02 28752 ----a-w- c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{EE68B4F8-3231-4135-A8AA-E04EEC6DFB26}\MpKsl996e0953.sys
2011-04-13 02:02 . 2011-03-15 04:05 6792528 ----a-w- c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{EE68B4F8-3231-4135-A8AA-E04EEC6DFB26}\mpengine.dll
2011-04-12 12:50 . 2011-04-12 12:50 781272 ----a-w- c:\program files\Mozilla Firefox\mozsqlite3.dll
2011-04-12 12:50 . 2011-04-12 12:50 1874904 ----a-w- c:\program files\Mozilla Firefox\mozjs.dll
2011-04-12 12:50 . 2011-04-12 12:50 728024 ----a-w- c:\program files\Mozilla Firefox\libGLESv2.dll
2011-04-12 12:50 . 2011-04-12 12:50 15832 ----a-w- c:\program files\Mozilla Firefox\mozalloc.dll
2011-04-12 12:50 . 2011-04-12 12:50 142296 ----a-w- c:\program files\Mozilla Firefox\libEGL.dll
2011-04-12 12:50 . 2011-04-12 12:50 1893336 ----a-w- c:\program files\Mozilla Firefox\d3dx9_42.dll
2011-04-12 12:50 . 2011-04-12 12:50 142296 ----a-w- c:\program files\Mozilla Firefox\components\browsercomps.dll
2011-04-12 12:50 . 2011-04-12 12:50 1975768 ----a-w- c:\program files\Mozilla Firefox\D3DCompiler_42.dll
2011-04-10 16:18 . 2011-04-10 16:18 -------- d-----w- c:\program files\Common Files\Java
2011-04-10 16:17 . 2011-04-10 16:17 73728 ----a-w- c:\windows\system32\javacpl.cpl
2011-04-10 09:36 . 2011-04-10 09:36 54016 ----a-w- c:\windows\system32\drivers\gbophgyl.sys
2011-04-10 04:00 . 2011-04-10 04:00 54016 ----a-w- c:\windows\system32\drivers\hugoogi.sys
2011-04-09 14:40 . 2011-04-09 14:40 -------- d-----w- c:\documents and settings\Louis Daoust\Application Data\Malwarebytes
2011-04-09 14:40 . 2010-12-20 22:09 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2011-04-09 14:40 . 2011-04-09 14:40 -------- d-----w- c:\documents and settings\All Users\Application Data\Malwarebytes
2011-04-09 14:40 . 2010-12-20 22:08 20952 ----a-w- c:\windows\system32\drivers\mbam.sys
2011-04-09 14:40 . 2011-04-09 14:40 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2011-04-06 01:40 . 2011-04-06 01:40 -------- d-----w- c:\program files\TeaTimer (Spybot - Search & Destroy)
2011-04-06 01:40 . 2011-04-06 01:40 -------- d-----w- c:\program files\Misc. Support Library (Spybot - Search & Destroy)
2011-04-06 01:40 . 2011-04-06 01:40 -------- d-----w- c:\program files\File Scanner Library (Spybot - Search & Destroy)
2011-04-06 00:33 . 2011-04-06 00:33 -------- d-sh--w- c:\documents and settings\Administrator\IETldCache
2011-03-16 01:24 . 2011-03-16 01:26 -------- d-----w- c:\program files\WinMerge
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2011-04-10 19:39 . 2007-06-30 17:46 107832 ----a-w- c:\windows\system32\PnkBstrB.exe
2011-04-10 16:17 . 2010-11-26 14:43 472808 ----a-w- c:\windows\system32\deployJava1.dll
2011-04-09 02:11 . 2007-06-30 17:47 22328 ----a-w- c:\windows\system32\drivers\PnkBstrK.sys
2011-03-15 04:05 . 2010-04-23 00:17 6792528 ----a-w- c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\Backup\mpengine.dll
2011-02-09 13:53 . 2002-11-26 19:15 186880 ----a-w- c:\windows\system32\encdec.dll
2011-02-09 13:53 . 2002-11-26 19:15 270848 ----a-w- c:\windows\system32\sbe.dll
2011-02-02 22:11 . 2009-10-03 00:10 222080 ------w- c:\windows\system32\MpSigStub.exe
2011-02-02 07:58 . 2002-08-29 11:00 2067456 ----a-w- c:\windows\system32\mstscax.dll
2011-01-27 11:57 . 2002-08-29 11:00 677888 ----a-w- c:\windows\system32\mstsc.exe
2011-01-21 14:44 . 2002-08-29 11:00 439296 ----a-w- c:\windows\system32\shimgvw.dll
2004-10-01 20:00 . 2005-12-28 20:16 40960 ----a-w- c:\program files\Uninstall_CDS.exe
2011-04-12 12:50 . 2011-04-12 12:50 142296 ----a-w- c:\program files\mozilla firefox\components\browsercomps.dll
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"POP Peeper "= "c:\program files\POP Peeper\POPPeeper.exe" [2009-01-22 1470464]
"WMPNSCFG "= "c:\program files\Windows Media Player\WMPNSCFG.exe" [2006-10-19 204288]
"WeatherEye "= "c:\documents and settings\Louis Daoust\Local Settings\Application Data\MÃ©tÃ©oMÃ©dia\MÃ©tÃ©oÃ‰clair\WeatherEye.exe" [2009-10-27 718232]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"CoolSwitch "= "c:\windows\System32\taskswitch.exe" [2002-03-19 45632]
"HP Software Update "= "c:\program files\HP\HP Software Update\HPWuSchd2.exe" [2005-05-12 49152]
"Adobe Reader Speed Launcher "= "c:\program files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2011-01-22 40368]
"Adobe ARM "= "c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2010-09-21 932288]
"QuickTime Task "= "c:\program files\QuickTime\QTTask.exe" [2010-11-29 421888]
"iTunesHelper "= "c:\program files\iTunes\iTunesHelper.exe" [2010-12-13 421160]
"MSC "= "c:\program files\Microsoft Security Client\msseces.exe" [2010-11-30 997408]
"NeroFilterCheck "= "c:\windows\system32\NeroCheck.exe" [2001-07-09 155648]
"googletalk "= "c:\program files\Google\Google Talk\googletalk.exe" [2007-01-01 3739648]
"SunJavaUpdateSched "= "c:\program files\Common Files\Java\Java Update\jusched.exe" [2010-10-29 249064]
.
c:\documents and settings\Louis Daoust\Start Menu\Programs\Startup\
DESKTOP.INI.DIS [2002-9-3 84]
MySQL System Tray Monitor.lnk - c:\program files\MySQL\MySQL Administrator 1.1\MySQLSystemTrayMonitor.exe [2005-12-15 986624]
.
c:\documents and settings\All Users\Start Menu\Programs\Startup\
APC UPS Status.lnk - c:\program files\APC\APC PowerChute Personal Edition\Display.exe [2008-8-23 221247]
HP Digital Imaging Monitor.lnk - c:\program files\HP\Digital Imaging\bin\hpqtra08.exe [2005-5-11 282624]
Monitor Apache Servers.lnk - c:\program files\Apache Software Foundation\Apache2.2\bin\ApacheMonitor.exe [2010-10-18 41051]
USB ERF Gateway.lnk - c:\program files\USB_ERF_Gateway\USB_ERF_Gateway.exe [2010-12-16 677888]
.
[HKEY_CURRENT_USER\software\microsoft\internet explorer\desktop\components\1]
Source= c:\inetpub\wwwroot\ldaoust\calendar.html
FriendlyName=
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MsMpSvc]
@= "Service "
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WinDefend]
@= "Service "
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe "=
"c:\\Program Files\\MSN Messenger\\msnmsgr.exe "=
"%windir%\\Network Diagnostic\\xpnetdiag.exe "=
"c:\\Program Files\\Logitech\\Logitech Harmony Remote Software 7\\HarmonyRemote.exe "=
"c:\\Program Files\\UltraVNC\\vncviewer.exe "=
"c:\\Program Files\\Qtracker\\qtracker.exe "=
"c:\\Games\\Quake III Arena\\quake3.exe "=
"c:\\Games\\Quake III Arena\\quake3131.exe "=
"c:\\Games\\Quake III Arena\\quake3130.exe "=
"c:\\Program Files\\Real\\RealOne Player\\realplay.exe "=
"c:\\Program Files\\Active WebCam\\WebCam.exe "=
"c:\\Program Files\\ConquerCam\\ConquerCam.exe "=
"e:\\Download\\source\\WinsockIOCP_demo\\IOCP_Server\\Debug\\IOCP_Server.exe "=
"e:\\Download\\source\\WinsockIOCP_demo\\IOCP_Server\\Release\\IOCP_Server.exe "=
"c:\\Documents and Settings\\Louis Daoust\\Desktop\\dpnxui.exe "=
"c:\\Program Files\\Skype\\Phone\\Skype.exe "=
"c:\\Program Files\\Skype\\Plugin Manager\\skypePM.exe "=
"c:\\Program Files\\Bonjour\\mDNSResponder.exe "=
"c:\\Program Files\\iTunes\\iTunes.exe "=
"c:\\Program Files\\FileZilla FTP Client\\filezilla.exe "=
"c:\\Program Files\\Google\\Google Earth\\plugin\\geplugin.exe "=
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"5900:TCP "= 5900:TCP:vnc5900
"5800:TCP "= 5800:TCP:vnc5800
.
R1 MpKsl996e0953;MpKsl996e0953;c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{EE68B4F8-3231-4135-A8AA-E04EEC6DFB26}\MpKsl996e0953.sys [12/04/2011 22:02 28752]
S1 MpKslc3a62d1c;MpKslc3a62d1c;\??\c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{B6BD3FAA-8113-45E8-958F-E0310A009A1D}\MpKslc3a62d1c.sys --> c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{B6BD3FAA-8113-45E8-958F-E0310A009A1D}\MpKslc3a62d1c.sys [?]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [18/03/2010 13:16 130384]
S2 gupdate;Google Update Service (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [10/01/2010 11:10 135664]
S2 WinDefend;Windows Defender;c:\program files\Windows Defender\MsMpEng.exe [03/11/2006 19:19 13592]
S3 Apache2.2;Apache2.2;c:\program files\Apache Software Foundation\Apache2.2\bin\httpd.exe [18/10/2010 02:32 20549]
S3 libusb0;LibUsb-Win32 - Kernel Driver 09/17/2006, 0.1.12.0;c:\windows\SYSTEM32\DRIVERS\libusb0.sys [01/12/2006 20:33 28672]
S3 ultradfg;ultradfg;c:\windows\SYSTEM32\DRIVERS\ultradfg.sys [13/05/2009 10:37 33792]
S3 VX6000;Microsoft LifeCam VX-6000;c:\windows\SYSTEM32\DRIVERS\VX6000Xp.sys [29/06/2006 19:56 2383152]
S3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;c:\windows\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe [18/03/2010 13:16 753504]
S4 MSSQLServerADHelper100;SQL Active Directory Helper Service;c:\program files\Microsoft SQL Server\100\Shared\sqladhlp.exe [10/07/2008 20:28 47128]
S4 msvsmon80;Visual Studio 2005 Remote Debugger;c:\program files\Microsoft Visual Studio 8\Common7\IDE\Remote Debugger\x86\msvsmon.exe [02/12/2006 07:17 2805000]
S4 MySQL5;MySQL5; "c:\program files\MySQL\MySQL Server 5.0\bin\mysqld-nt" --defaults-file= "c:\program files\MySQL\MySQL Server 5.0\my.ini" "MySQL5" --> c:\program files\MySQL\MySQL Server 5.0\bin\mysqld-nt [?]
S4 RsFx0102;RsFx0102 Driver;c:\windows\SYSTEM32\DRIVERS\RsFx0102.sys [10/07/2008 02:49 242712]
S4 SQLAgent$SQLEXPRESS;SQL Server Agent (SQLEXPRESS);c:\program files\Microsoft SQL Server\MSSQL10.SQLEXPRESS\MSSQL\Binn\SQLAGENT.EXE [10/07/2008 20:28 369688]
.
--- Other Services/Drivers In Memory ---
.
*NewlyCreated* - MPKSL996E0953
.
Contents of the 'Scheduled Tasks' folder
.
2010-12-31 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2008-07-30 16:34]
.
2011-04-13 c:\windows\Tasks\Google Software Updater.job
- c:\program files\Google\Common\Google Updater\GoogleUpdaterService.exe [2007-02-03 23:15]
.
2011-04-13 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-01-10 15:10]
.
2011-04-13 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-01-10 15:10]
.
.
------- Supplementary Scan -------
.
uSearchMigratedDefaultURL = hxxp://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8
uStart Page = hxxp://www.radio-canada.ca/
uInternet Connection Wizard,ShellNext = iexplore
uInternet Settings,ProxyOverride = *.local
uSearchURL,(Default) = hxxp://www.google.com/keyword/%s
DPF: DirectAnimation Java Classes - file://c:\windows\Java\classes\dajava.cab
DPF: Microsoft XML Parser for Java - file://c:\windows\Java\classes\xmldso.cab
DPF: {193C772A-87BE-4B19-A7BB-445B226FE9A1} - hxxp://download.ewido.net/ewidoOnlineScan.cab
DPF: {D7208880-9B7A-43E1-AABB-8C888A5704F9} - hxxp://192.168.1.200/NetCamPlayerWeb11gv2.cab
FF - ProfilePath - c:\documents and settings\Louis Daoust\Application Data\Mozilla\Firefox\Profiles\860qi792.default\
FF - prefs.js: browser.search.defaulturl - hxxp://www.google.com/search?lr=&ie=UTF-8&oe=UTF-8&q=
FF - prefs.js: browser.search.selectedEngine - Google
FF - prefs.js: browser.startup.homepage - hxxp://www.radio-canada.ca/
FF - prefs.js: network.proxy.type - 0
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2011-04-12 23:08
Windows 5.1.2600 Service Pack 3 NTFS
.
scanning hidden processes ...
.
scanning hidden autostart entries ...
.
scanning hidden files ...
.
scan completed successfully
hidden files: 0
.
**************************************************************************
.
[HKEY_LOCAL_MACHINE\System\ControlSet002\Services\MySQL]
"ImagePath "= "\ "c:\program files\MySQL\MySQL Server 5.1\bin\mysqld\" --defaults-file=\ "c:\program files\MySQL\MySQL Server 5.1\my.ini\" MySQL "
.
[HKEY_LOCAL_MACHINE\System\ControlSet002\Services\MySQL5]
"ImagePath "= "\ "c:\program files\MySQL\MySQL Server 5.0\bin\mysqld-nt\" --defaults-file=\ "c:\program files\MySQL\MySQL Server 5.0\my.ini\" \ "MySQL5\" "
.
--------------------- DLLs Loaded Under Running Processes ---------------------
.
- - - - - - - > 'winlogon.exe'(456)
c:\windows\system32\Ati2evxx.dll
.
Completion time: 2011-04-12 23:12:38
ComboFix-quarantined-files.txt 2011-04-13 03:12
ComboFix2.txt 2011-04-13 01:53
.
Pre-Run: 8,059,498,496 bytes free
Post-Run: 8,020,017,152 bytes free
.
- - End Of File - - B7D0B2217023B4F0E38FF588F217CFDC

broni · 2011/04/12

Good

Download OTL to your Desktop.

Double click on the icon to run it. Make sure all other windows are closed and to let it run uninterrupted.

Click the Scan All Users checkbox.

Under the Custom Scan box paste this in:

netsvcs
drivers32
%SYSTEMDRIVE%\*.*
%systemroot%\Fonts\*.com
%systemroot%\Fonts\*.dll
%systemroot%\Fonts\*.ini
%systemroot%\Fonts\*.ini2
%systemroot%\Fonts\*.exe
%systemroot%\system32\spool\prtprocs\w32x86\*.*
%systemroot%\REPAIR\*.bak1
%systemroot%\REPAIR\*.ini
%systemroot%\system32\*.jpg
%systemroot%\*.jpg
%systemroot%\*.png
%systemroot%\*.scr
%systemroot%\*._sy
%APPDATA%\Adobe\Update\*.*
%ALLUSERSPROFILE%\Favorites\*.*
%APPDATA%\Microsoft\*.*
%PROGRAMFILES%\*.*
%APPDATA%\Update\*.*
%systemroot%\*. /mp /s
CREATERESTOREPOINT
%systemroot%\System32\config\*.sav
%PROGRAMFILES%\bak. /s
%systemroot%\system32\bak. /s
%ALLUSERSPROFILE%\Start Menu\*.lnk /x
%systemroot%\system32\config\systemprofile\*.dat /x
%systemroot%\*.config
%systemroot%\system32\*.db
%APPDATA%\Microsoft\Internet Explorer\Quick Launch\*.lnk /x
%USERPROFILE%\Desktop\*.exe
%PROGRAMFILES%\Common Files\*.*
%systemroot%\*.src
%systemroot%\install\*.*
%systemroot%\system32\DLL\*.*
%systemroot%\system32\HelpFiles\*.*
%systemroot%\system32\rundll\*.*
%systemroot%\winn32\*.*
%systemroot%\Java\*.*
%systemroot%\system32\test\*.*
%systemroot%\system32\Rundll32\*.*
%systemroot%\AppPatch\Custom\*.*
%APPDATA%\Roaming\Microsoft\Windows\Recent\*.lnk /x
%PROGRAMFILES%\PC-Doctor\Downloads\*.*
%PROGRAMFILES%\Internet Explorer\*.tmp
%PROGRAMFILES%\Internet Explorer\*.dat
%USERPROFILE%\My Documents\*.exe
%USERPROFILE%\*.exe
%systemroot%\ADDINS\*.*
%systemroot%\assembly\*.bak2
%systemroot%\Config\*.*
%systemroot%\REPAIR\*.bak2
%systemroot%\SECURITY\Database\*.sdb /x
%systemroot%\SYSTEM\*.bak2
%systemroot%\Web\*.bak2
%systemroot%\Driver Cache\*.*
%PROGRAMFILES%\Mozilla Firefox\0*.exe
%ProgramFiles%\Microsoft Common\*.*
%ProgramFiles%\TinyProxy.
%USERPROFILE%\Favorites\*.url /x
%systemroot%\system32\*.bk
%systemroot%\*.te
%systemroot%\system32\system32\*.*
%ALLUSERSPROFILE%\*.dat /x
%systemroot%\system32\drivers\*.rmv
dir /b "%systemroot%\system32\*.exe" | find /i " " /c
dir /b "%systemroot%\*.exe" | find /i " " /c
%PROGRAMFILES%\Microsoft\*.*
%systemroot%\System32\Wbem\proquota.exe
%PROGRAMFILES%\Mozilla Firefox\*.dat
%USERPROFILE%\Cookies\*.txt /x
%SystemRoot%\system32\fonts\*.*
%systemroot%\system32\winlog\*.*
%systemroot%\system32\Language\*.*
%systemroot%\system32\Settings\*.*
%systemroot%\system32\*.quo
%SYSTEMROOT%\AppPatch\*.exe
%SYSTEMROOT%\inf\*.exe
%SYSTEMROOT%\Installer\*.exe
%systemroot%\system32\config\*.bak2
%systemroot%\system32\Computers\*.*
%SystemRoot%\system32\Sound\*.*
%SystemRoot%\system32\SpecialImg\*.*
%SystemRoot%\system32\code\*.*
%SystemRoot%\system32\draft\*.*
%SystemRoot%\system32\MSSSys\*.*
%ProgramFiles%\Javascript\*.*
%systemroot%\pchealth\helpctr\System\*.exe /s
%systemroot%\Web\*.exe
%systemroot%\system32\msn\*.*
%systemroot%\system32\*.tro
%AppData%\Microsoft\Installer\msupdates\*.*
%ProgramFiles%\Messenger\*.*
%systemroot%\system32\systhem32\*.*
%systemroot%\system\*.exe
HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate\AU
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\Auto Update\Results\Install|LastSuccessTime /rs
/md5start
/md5stop

Click the Quick Scan button. Do not change any settings unless otherwise told to do so. The scan wont take long.

When the scan completes, it will open two notepad windows: OTL.txt and Extras.txt. These are saved in the same location as OTL.

Please copy (Edit->Select All, Edit->Copy) the contents of these files, one at a time, and post them back here.

ldaoust · 2011/04/12

Part 1 of OTL log

OTL logfile created on: 13/04/2011 00:01:52 - Run 1
OTL by OldTimer - Version 3.2.22.3 Folder = C:\Documents and Settings\Louis Daoust\Desktop
Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00001009 | Country: Canada | Language: ENC | Date Format: dd/MM/yyyy

1,023.00 Mb Total Physical Memory | 462.00 Mb Available Physical Memory | 45.00% Memory free
2.00 Gb Paging File | 2.00 Gb Available in Paging File | 81.00% Paging File free
Paging file location(s): F:\pagefile.sys 0 0 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 55.84 Gb Total Space | 7.52 Gb Free Space | 13.46% Space Free | Partition Type: NTFS
Drive D: | 4.00 Gb Total Space | 3.98 Gb Free Space | 99.44% Space Free | Partition Type: NTFS
Drive E: | 72.52 Gb Total Space | 27.84 Gb Free Space | 38.39% Space Free | Partition Type: NTFS
Drive F: | 72.53 Gb Total Space | 61.49 Gb Free Space | 84.78% Space Free | Partition Type: NTFS

Computer Name: STATION1 | User Name: Louis Daoust | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2011/04/12 23:53:37 | 000,580,608 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Louis Daoust\Desktop\OTL.exe
PRC - [2010/11/30 14:20:36 | 000,997,408 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Microsoft Security Client\msseces.exe
PRC - [2010/11/11 13:26:40 | 000,011,736 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Microsoft Security Client\Antimalware\MsMpEng.exe
PRC - [2008/04/13 20:12:22 | 000,015,360 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\SYSTEM32\INETSRV\inetinfo.exe
PRC - [2008/04/13 20:12:19 | 001,033,728 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe
PRC - [2005/12/12 15:03:54 | 000,417,855 | ---- | M] (American Power Conversion Corporation) -- C:\Program Files\APC\APC PowerChute Personal Edition\apcsystray.exe
PRC - [2005/12/12 15:02:24 | 000,176,193 | ---- | M] (American Power Conversion Corporation) -- C:\Program Files\APC\APC PowerChute Personal Edition\mainserv.exe
PRC - [2000/06/29 04:45:10 | 000,052,224 | ---- | M] (Kenonic Controls Ltd.) -- C:\WINDOWS\SYSTEM32\Crypserv.exe

========== Modules (SafeList) ==========

MOD - [2011/04/12 23:53:37 | 000,580,608 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Louis Daoust\Desktop\OTL.exe
MOD - [2010/08/23 12:12:02 | 001,054,208 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.6028_x-ww_61e65202\comctl32.dll

========== Win32 Services (SafeList) ==========

SRV - File not found [On_Demand | Stopped] -- -- (rpcapd) Remote Packet Capture Protocol v.0 (experimental)
SRV - [2010/11/11 13:26:40 | 000,011,736 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Microsoft Security Client\Antimalware\MsMpEng.exe -- (MsMpSvc)
SRV - [2008/04/13 20:12:22 | 000,015,360 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\WINDOWS\SYSTEM32\INETSRV\inetinfo.exe -- (W3SVC)
SRV - [2008/04/13 20:12:22 | 000,015,360 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\WINDOWS\SYSTEM32\INETSRV\inetinfo.exe -- (MSFtpsvc)
SRV - [2008/04/13 20:12:22 | 000,015,360 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\WINDOWS\SYSTEM32\INETSRV\inetinfo.exe -- (IISADMIN)
SRV - [2007/10/12 09:34:56 | 000,071,096 | ---- | M] () [Disabled | Stopped] -- C:\Program Files\CDBurnerXP\NMSAccessU.exe -- (NMSAccessU)
SRV - [2006/12/11 08:12:48 | 000,576,000 | ---- | M] (FileZilla Project) [On_Demand | Stopped] -- C:\Program Files\FileZilla Server\FileZilla server.exe -- (FileZilla Server)
SRV - [2006/12/02 07:17:54 | 002,805,000 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Program Files\Microsoft Visual Studio 8\Common7\IDE\Remote Debugger\x86\msvsmon.exe -- (msvsmon80)
SRV - [2006/11/03 19:19:58 | 000,013,592 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Program Files\Windows Defender\MsMpEng.exe -- (WinDefend)
SRV - [2006/03/02 21:49:14 | 000,069,632 | ---- | M] (HP) [Unknown | Stopped] -- C:\WINDOWS\SYSTEM32\HPZipm12.exe -- (Pml Driver HPZ12)
SRV - [2005/12/15 03:30:28 | 003,956,736 | ---- | M] () [Disabled | Stopped] -- C:\Program Files\MySQL\MySQL Server 5.0\bin\mysqld-nt.exe -- (MySQL5)
SRV - [2005/12/12 15:02:24 | 000,176,193 | ---- | M] (American Power Conversion Corporation) [Auto | Running] -- C:\Program Files\APC\APC PowerChute Personal Edition\mainserv.exe -- (APC UPS Service)
SRV - [2005/09/01 14:11:52 | 000,081,920 | ---- | M] (Logitech Inc.) [Disabled | Stopped] -- c:\Program Files\Common Files\Logitech\LVMVFM\LVPrcSrv.exe -- (LVPrcSrv)
SRV - [2002/12/24 12:01:22 | 000,065,536 | ---- | M] (Sony Corporation) [On_Demand | Stopped] -- C:\Program Files\Common Files\Sony Shared\AVLib\SPTISRV.exe -- (SPTISRV)
SRV - [2000/06/29 04:45:10 | 000,052,224 | ---- | M] (Kenonic Controls Ltd.) [Auto | Running] -- C:\WINDOWS\System32\Crypserv.exe -- (Crypkey License)
SRV - [1998/06/06 01:00:00 | 000,034,036 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Microsoft Visual Studio\Common\Tools\VS-Ent98\Vanalyzr\VARPC.EXE -- (Visual Studio Analyzer RPC bridge)

========== Driver Services (SafeList) ==========

DRV - File not found [Kernel | On_Demand | Running] -- -- (catchme)
DRV - [2011/04/12 23:18:29 | 000,028,752 | ---- | M] (Microsoft Corporation) [Kernel | System | Running] -- C:\Documents and Settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{AA5A040E-A827-4A0F-A5F4-623FE7FE34FB}\MpKsleff7163f.sys -- (MpKsleff7163f)
DRV - [2009/05/13 10:37:10 | 000,033,792 | ---- | M] (UltraDefrag Development Team) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\SYSTEM32\DRIVERS\ultradfg.sys -- (ultradfg)
DRV - [2008/07/10 02:49:14 | 000,242,712 | ---- | M] (Microsoft Corporation) [File_System | Disabled | Stopped] -- C:\WINDOWS\SYSTEM32\DRIVERS\RsFx0102.sys -- (RsFx0102)
DRV - [2008/04/15 07:14:02 | 000,990,632 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand | Running] -- C:\WINDOWS\SYSTEM32\DRIVERS\btkrnl.sys -- (BTKRNL)
DRV - [2008/04/15 07:13:58 | 000,534,440 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\SYSTEM32\DRIVERS\btaudio.sys -- (btaudio)
DRV - [2008/04/13 14:53:09 | 000,040,320 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\SYSTEM32\DRIVERS\nmnt.sys -- (nm)
DRV - [2008/04/13 14:45:29 | 000,010,624 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\SYSTEM32\DRIVERS\gameenum.sys -- (gameenum)
DRV - [2008/03/27 13:18:12 | 000,047,272 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\SYSTEM32\DRIVERS\btwusb.sys -- (BTWUSB)
DRV - [2008/03/10 14:18:42 | 000,057,384 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\SYSTEM32\DRIVERS\btwhid.sys -- (btwhid)
DRV - [2008/02/04 13:57:44 | 000,037,160 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand | Running] -- C:\WINDOWS\SYSTEM32\DRIVERS\btport.sys -- (BTDriver)
DRV - [2008/02/04 13:57:30 | 000,037,032 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\SYSTEM32\DRIVERS\btwmodem.sys -- (btwmodem)
DRV - [2007/09/29 04:06:00 | 002,456,064 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\SYSTEM32\DRIVERS\ati2mtag.sys -- (ati2mtag)
DRV - [2007/09/20 07:59:14 | 000,156,392 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\SYSTEM32\DRIVERS\btwdndis.sys -- (BTWDNDIS)
DRV - [2007/05/11 18:31:48 | 000,022,560 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\SYSTEM32\DRIVERS\lvuvcflt.sys -- (FilterService)
DRV - [2007/05/11 18:31:36 | 003,580,832 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\SYSTEM32\DRIVERS\lvuvc.sys -- (LVUVC) Logitech QuickCam Pro 5000(UVC)
DRV - [2007/05/11 18:31:22 | 000,041,888 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\SYSTEM32\DRIVERS\LVUSBSta.sys -- (LVUSBSta)
DRV - [2007/05/11 18:30:04 | 001,921,184 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\SYSTEM32\DRIVERS\lvpopflt.sys -- (lvpopflt)
DRV - [2007/03/27 03:55:32 | 000,002,560 | ---- | M] (Sonic Solutions) [Kernel | System | Running] -- C:\WINDOWS\System32\drivers\cdralw2k.sys -- (Cdralw2k)
DRV - [2007/03/27 03:55:32 | 000,002,432 | ---- | M] (Sonic Solutions) [Kernel | System | Running] -- C:\WINDOWS\System32\drivers\cdr4_xp.sys -- (Cdr4_xp)
DRV - [2006/12/01 20:33:18 | 000,028,672 | ---- | M] (http://libusb-win32.sourceforge.net) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\SYSTEM32\DRIVERS\libusb0.sys -- (libusb0)
DRV - [2006/10/13 18:04:44 | 002,383,152 | ---- | M] (Microsoft Corporation
) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\SYSTEM32\DRIVERS\VX6000Xp.sys -- (VX6000)
DRV - [2005/09/01 14:11:52 | 001,912,064 | ---- | M] () [Kernel | On_Demand | Running] -- C:\WINDOWS\SYSTEM32\DRIVERS\LVMVdrv.sys -- (lvmvdrv)
DRV - [2005/09/01 14:11:52 | 000,016,768 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\WINDOWS\SYSTEM32\DRIVERS\LVPrcMon.sys -- (LVPrcMon)
DRV - [2005/09/01 14:09:28 | 002,169,984 | ---- | M] () [Kernel | On_Demand | Running] -- C:\WINDOWS\SYSTEM32\DRIVERS\Lvckap.sys -- (Lvckap)
DRV - [2004/10/09 18:42:39 | 000,241,280 | ---- | M] (Roxio) [File_System | System | Running] -- C:\WINDOWS\System32\drivers\cdudf_xp.sys -- (cdudf_xp)
DRV - [2004/10/09 18:42:39 | 000,206,464 | ---- | M] (Roxio) [File_System | System | Running] -- C:\WINDOWS\System32\drivers\udfreadr_xp.sys -- (UdfReadr_xp)
DRV - [2004/10/09 18:42:39 | 000,144,250 | ---- | M] (Roxio) [Kernel | System | Running] -- C:\WINDOWS\System32\drivers\pwd_2K.sys -- (pwd_2k)
DRV - [2004/10/09 18:42:39 | 000,030,662 | ---- | M] (Roxio) [Kernel | On_Demand | Running] -- C:\WINDOWS\System32\drivers\Mmc_2k.sys -- (mmc_2K)
DRV - [2004/10/09 18:42:39 | 000,025,930 | ---- | M] (Roxio) [Kernel | On_Demand | Running] -- C:\WINDOWS\System32\drivers\Dvd_2k.sys -- (dvd_2K)
DRV - [2004/08/04 02:29:32 | 000,073,216 | ---- | M] (ATI Technologies Inc.) [Kernel | Auto | Stopped] -- C:\WINDOWS\SYSTEM32\DRIVERS\atintuxx.sys -- (ATITUNEP)
DRV - [2004/08/04 02:29:32 | 000,063,488 | ---- | M] (ATI Technologies Inc.) [Kernel | Auto | Stopped] -- C:\WINDOWS\SYSTEM32\DRIVERS\atinxsxx.sys -- (ATIXSAudio)
DRV - [2004/08/04 02:29:30 | 000,104,960 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\SYSTEM32\DRIVERS\atinrvxx.sys -- (atinrvxx)
DRV - [2004/08/04 02:29:30 | 000,052,224 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\SYSTEM32\DRIVERS\atinraxx.sys -- (ativraxx)
DRV - [2004/08/04 02:29:30 | 000,014,336 | ---- | M] (ATI Technologies Inc.) [Kernel | Auto | Stopped] -- C:\WINDOWS\SYSTEM32\DRIVERS\atinpdxx.sys -- (PCDCODEC)
DRV - [2004/08/04 02:29:28 | 000,013,824 | ---- | M] (ATI Technologies Inc.) [Kernel | Auto | Stopped] -- C:\WINDOWS\SYSTEM32\DRIVERS\atinmdxx.sys -- (MVDCODEC)
DRV - [2004/08/04 01:29:49 | 000,019,455 | ---- | M] (Intel(R) Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\SYSTEM32\DRIVERS\wvchntxx.sys -- (iAimFP4)
DRV - [2004/08/04 01:29:47 | 000,012,063 | ---- | M] (Intel(R) Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\SYSTEM32\DRIVERS\wsiintxx.sys -- (iAimFP3)
DRV - [2004/08/04 01:29:45 | 000,023,615 | ---- | M] (Intel(R) Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\SYSTEM32\DRIVERS\wch7xxnt.sys -- (iAimTV4)
DRV - [2004/08/04 01:29:43 | 000,033,599 | ---- | M] (Intel(R) Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\SYSTEM32\DRIVERS\watv04nt.sys -- (iAimTV3)
DRV - [2004/08/04 01:29:42 | 000,019,551 | ---- | M] (Intel(R) Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\SYSTEM32\DRIVERS\watv02nt.sys -- (iAimTV1)
DRV - [2004/08/04 01:29:41 | 000,029,311 | ---- | M] (Intel(R) Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\SYSTEM32\DRIVERS\watv01nt.sys -- (iAimTV0)
DRV - [2004/08/04 01:29:37 | 000,012,415 | ---- | M] (Intel(R) Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\SYSTEM32\DRIVERS\wadv01nt.sys -- (iAimFP0)
DRV - [2004/08/04 01:29:37 | 000,012,127 | ---- | M] (Intel(R) Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\SYSTEM32\DRIVERS\wadv02nt.sys -- (iAimFP1)
DRV - [2004/08/04 01:29:37 | 000,011,775 | ---- | M] (Intel(R) Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\SYSTEM32\DRIVERS\wadv05nt.sys -- (iAimFP2)
DRV - [2004/08/04 01:29:36 | 000,161,020 | ---- | M] (Intel(R) Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\SYSTEM32\DRIVERS\i81xnt5.sys -- (i81x)
DRV - [2003/12/05 05:46:36 | 000,010,368 | ---- | M] (Padus, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\SYSTEM32\DRIVERS\pfc.sys -- (pfc)
DRV - [2003/09/22 12:43:06 | 001,330,048 | ---- | M] (Creative Technology Ltd.) [Kernel | On_Demand | Running] -- C:\WINDOWS\SYSTEM32\DRIVERS\P16X.sys -- (P16X) Creative SB Live! Series (WDM)
DRV - [2003/09/22 08:48:06 | 000,130,192 | ---- | M] (Creative Technology Ltd) [Kernel | On_Demand | Running] -- C:\WINDOWS\SYSTEM32\DRIVERS\ctsfm2k.sys -- (ctsfm2k)
DRV - [2003/09/22 08:47:38 | 000,178,672 | ---- | M] (Creative Technology Ltd.) [Kernel | On_Demand | Running] -- C:\WINDOWS\SYSTEM32\DRIVERS\ctoss2k.sys -- (ossrv)
DRV - [2002/08/08 16:51:32 | 000,038,951 | ---- | M] (Sony Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\SYSTEM32\DRIVERS\NETMDUSB.sys -- (NETMDUSB)
DRV - [2002/07/19 12:22:08 | 000,017,153 | ---- | M] (Dell Computer Corporation) [Kernel | System | Running] -- C:\WINDOWS\SYSTEM32\DRIVERS\omci.sys -- (omci)
DRV - [2001/09/03 19:14:38 | 000,025,454 | ---- | M] (Realtek Semiconductor Corporation ) [Kernel | On_Demand | Running] -- C:\WINDOWS\SYSTEM32\DRIVERS\RTL8139.sys -- (rtl8139)
DRV - [2001/08/17 14:11:06 | 000,066,591 | ---- | M] (3Com Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\SYSTEM32\DRIVERS\EL90XBC5.SYS -- (EL90XBC)
DRV - [2000/02/03 15:53:12 | 000,024,608 | ---- | M] () [Kernel | System | Running] -- C:\WINDOWS\system32\ckldrv.sys -- (NetworkX)
DRV - [1999/12/17 03:00:00 | 000,006,752 | ---- | M] (Creative Technology Ltd.) [Kernel | Auto | Running] -- C:\WINDOWS\SYSTEM32\PFMODNT.SYS -- (PfModNT)
DRV - [1999/09/10 13:06:00 | 000,025,244 | ---- | M] (Adaptec) [Kernel | System | Running] -- C:\WINDOWS\System32\drivers\ASPI32.SYS -- (ASPI32)

========== Standard Registry (SafeList) ==========

========== Internet Explorer ==========

IE - HKU\.DEFAULT\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.dellnet.com
IE - HKU\.DEFAULT\SOFTWARE\Microsoft\Internet Explorer\Main,First Home Page = http://www.dellnet.com
IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-18\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.dellnet.com
IE - HKU\S-1-5-18\SOFTWARE\Microsoft\Internet Explorer\Main,First Home Page = http://www.dellnet.com
IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-19\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-20\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-21-641499419-3881828550-583855553-1005\SOFTWARE\Microsoft\Internet Explorer\Main,SearchMigratedDefaultName = Google
IE - HKU\S-1-5-21-641499419-3881828550-583855553-1005\SOFTWARE\Microsoft\Internet Explorer\Main,SearchMigratedDefaultURL = http://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8
IE - HKU\S-1-5-21-641499419-3881828550-583855553-1005\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.radio-canada.ca/
IE - HKU\S-1-5-21-641499419-3881828550-583855553-1005\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = en-ca
IE - HKU\S-1-5-21-641499419-3881828550-583855553-1005\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 7C 61 E5 31 80 F9 CB 01 [binary data]
IE - HKU\S-1-5-21-641499419-3881828550-583855553-1005\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-21-641499419-3881828550-583855553-1005\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local

========== FireFox ==========

FF - prefs.js..browser.search.defaultenginename: "Google "
FF - prefs.js..browser.search.defaulturl: "http://www.google.com/search?lr=&ie=UTF-8&oe=UTF-8&q= "
FF - prefs.js..browser.search.selectedEngine: "Google "
FF - prefs.js..browser.startup.homepage: "http://www.radio-canada.ca/ "
FF - prefs.js..extensions.enabledItems: fr-FR@dictionaries.addons.mozilla.org:3.5
FF - prefs.js..extensions.enabledItems: inspector@mozilla.org:2.0.9
FF - prefs.js..extensions.enabledItems: {195A3098-0BD5-4e90-AE22-BA1C540AFD1E}:2.9.3
FF - prefs.js..extensions.enabledItems: {eecba28f-b68b-4b3a-b501-6ce12e6b8696}:0.7.3
FF - prefs.js..extensions.enabledItems: firebug@software.joehewitt.com:1.6.2
FF - prefs.js..extensions.enabledItems: jqs@sun.com:1.0
FF - prefs.js..extensions.enabledItems: {15A2A8D5-0502-441E-AA08-A31253EDB69B}:1.9.1
FF - prefs.js..extensions.enabledItems: {BDBBE2A2-8328-4395-A787-80AE44F18199}:1.9.1
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA}:6.0.24
FF - prefs.js..network.proxy.type: 0

FF - HKLM\software\mozilla\Mozilla Firefox 4.0\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2011/04/12 08:51:06 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 4.0\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2011/04/12 08:51:06 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Thunderbird 2.0.0.17\extensions\\Components: C:\Program Files\Mozilla Thunderbird\components [2010/12/24 15:57:17 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Thunderbird 2.0.0.17\extensions\\Plugins: C:\Program Files\Mozilla Thunderbird\plugins [2011/02/08 22:12:13 | 000,000,000 | ---D | M]

[2008/08/29 09:13:49 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Louis Daoust\Application Data\Mozilla\Extensions
[2011/04/12 08:51:43 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Louis Daoust\Application Data\Mozilla\Firefox\Profiles\860qi792.default\extensions
[2011/04/01 19:12:57 | 000,000,000 | ---D | M] (Garmin Communicator) -- C:\Documents and Settings\Louis Daoust\Application Data\Mozilla\Firefox\Profiles\860qi792.default\extensions\{195A3098-0BD5-4e90-AE22-BA1C540AFD1E}
[2010/04/30 18:53:17 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Documents and Settings\Louis Daoust\Application Data\Mozilla\Firefox\Profiles\860qi792.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}
[2011/01/16 12:46:33 | 000,000,000 | ---D | M] (Google Toolbar for Firefox) -- C:\Documents and Settings\Louis Daoust\Application Data\Mozilla\Firefox\Profiles\860qi792.default\extensions\{3112ca9c-de6d-4884-a869-9855de68056c}
[2010/10/15 19:36:11 | 000,000,000 | ---D | M] (ViewSourceWith) -- C:\Documents and Settings\Louis Daoust\Application Data\Mozilla\Firefox\Profiles\860qi792.default\extensions\{eecba28f-b68b-4b3a-b501-6ce12e6b8696}
[2010/02/13 15:38:10 | 000,000,000 | ---D | M] (Dictionnaire franÃƒ§ais Ã‚«ClassiqueÃ‚») -- C:\Documents and Settings\Louis Daoust\Application Data\Mozilla\Firefox\Profiles\860qi792.default\extensions\fr-FR@dictionaries.addons.mozilla.org
[2011/02/20 00:31:25 | 000,000,000 | ---D | M] (DOM Inspector) -- C:\Documents and Settings\Louis Daoust\Application Data\Mozilla\Firefox\Profiles\860qi792.default\extensions\inspector@mozilla.org
[2011/04/10 12:19:46 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions
[2011/04/10 12:18:01 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA}
File not found (No name found) --
() (No name found) -- C:\DOCUMENTS AND SETTINGS\LOUIS DAOUST\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\860QI792.DEFAULT\EXTENSIONS\FIREBUG@SOFTWARE.JOEHEWITT.COM.XPI
[2011/04/10 12:17:39 | 000,000,000 | ---D | M] (Java Quick Starter) -- C:\PROGRAM FILES\JAVA\JRE6\LIB\DEPLOY\JQS\FF
[2011/04/12 08:50:47 | 000,142,296 | ---- | M] (Mozilla Foundation) -- C:\Program Files\Mozilla Firefox\components\browsercomps.dll
[2011/04/10 12:17:39 | 000,472,808 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\Mozilla Firefox\plugins\npdeployJava1.dll
[2005/12/05 22:31:00 | 000,114,688 | ---- | M] () -- C:\Program Files\Mozilla Firefox\plugins\npmozax.dll
[2003/11/18 13:37:32 | 000,241,664 | ---- | M] (Musicnotes, Inc.) -- C:\Program Files\Mozilla Firefox\plugins\npmusicn.dll
[2011/04/12 08:50:53 | 000,002,252 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\bing.xml

O1 HOSTS File: ([2011/04/12 23:08:42 | 000,000,027 | ---- | M]) - C:\WINDOWS\SYSTEM32\DRIVERS\ETC\hosts
O1 - Hosts: 127.0.0.1 localhost
O2 - BHO: (Adobe PDF Reader Link Helper) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated)
O2 - BHO: (AVG Safe Search) - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - File not found
O2 - BHO: (Google Toolbar Notifier BHO) - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.6.6209.1142\swg.dll (Google Inc.)
O3 - HKU\S-1-5-21-641499419-3881828550-583855553-1005\..\Toolbar\WebBrowser: (no name) - {3F200D98-8C77-427A-8DD8-F8106B4EEB45} - No CLSID value found.
O4 - HKLM..\Run: [CoolSwitch] C:\WINDOWS\SYSTEM32\TaskSwitch.exe ()
O4 - HKLM..\Run: [googletalk] C:\Program Files\Google\Google Talk\googletalk.exe (Google)
O4 - HKLM..\Run: [MSC] C:\Program Files\Microsoft Security Client\msseces.exe (Microsoft Corporation)
O4 - HKLM..\Run: [NeroFilterCheck] C:\WINDOWS\SYSTEM32\NeroCheck.exe (Ahead Software Gmbh)
O4 - HKU\S-1-5-21-641499419-3881828550-583855553-1005..\Run: [POP Peeper] C:\Program Files\POP Peeper\POPPeeper.exe (Mortal Universe)
O4 - HKU\S-1-5-21-641499419-3881828550-583855553-1005..\Run: [WeatherEye] C:\Documents and Settings\Louis Daoust\Local Settings\Application Data\MÃ©tÃ©oMÃ©dia\MÃ©tÃ©oÃ‰clair\WeatherEye.exe (Pelmorex Media Inc.)
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\APC UPS Status.lnk = C:\Program Files\APC\APC PowerChute Personal Edition\Display.exe (American Power Conversion Corporation)
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\USB ERF Gateway.lnk = C:\Program Files\USB_ERF_Gateway\USB_ERF_Gateway.exe ()
O4 - Startup: C:\Documents and Settings\Louis Daoust\Start Menu\Programs\Startup\MySQL System Tray Monitor.lnk = C:\Program Files\MySQL\MySQL Administrator 1.1\MySQLSystemTrayMonitor.exe ()
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: =
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoCDBurning = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O7 - HKU\.DEFAULT\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: CDRAutoRun = 0
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKU\S-1-5-18\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: CDRAutoRun = 0
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKU\S-1-5-19\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-20\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-21-641499419-3881828550-583855553-1005\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-21-641499419-3881828550-583855553-1005\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKU\S-1-5-21-641499419-3881828550-583855553-1005\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoBandCustomize = 0
O7 - HKU\S-1-5-21-641499419-3881828550-583855553-1005\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKU\S-1-5-21-641499419-3881828550-583855553-1005\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O9 - Extra Button: @btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm ()
O9 - Extra 'Tools' menuitem : @btrez.dll,-12650 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm ()
O10 - NameSpace_Catalog5\Catalog_Entries\000000000004 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O15 - HKU\S-1-5-21-641499419-3881828550-583855553-1005\..Trusted Domains: ([]msn in My Computer)
O16 - DPF: {00000075-9980-0010-8000-00AA00389B71} http://codecs.microsoft.com/codecs/i386/voxacm.CAB (Reg Error: Key error.)
O16 - DPF: {03F998B2-0E00-11D3-A498-00104B6EB52E} https://components.viewpoint.com/MT.../www.space.com/zoomview/montreal_olympic.html (MetaStreamCtl Class)
O16 - DPF: {05CA9FB0-3E3E-4B36-BF41-0E3A5CAA8CD8} http://download.microsoft.com/download/e/7/3/e7345c16-80aa-4488-ae10-9ac6be844f99/OGAControl.cab (Office Genuine Advantage Validation Tool)
O16 - DPF: {166B1BCA-3F9C-11CF-8075-444553540000} http://download.macromedia.com/pub/shockwave/cabs/director/sw.cab (Shockwave ActiveX Control)
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} http://download.microsoft.com/downl...-40e1-a617-af65a72a0465/LegitCheckControl.cab (Windows Genuine Advantage Validation Tool)
O16 - DPF: {193C772A-87BE-4B19-A7BB-445B226FE9A1} http://download.ewido.net/ewidoOnlineScan.cab (ewidoOnlineScan Control)
O16 - DPF: {33564D57-9980-0010-8000-00AA00389B71} http://codecs.microsoft.com/codecs/i386/wmv9dmo.cab (Reg Error: Key error.)
O16 - DPF: {41F17733-B041-4099-A042-B518BB6A408C} http://a1540.g.akamai.net/7/1540/52...ple.com/drakken/us/win/QuickTimeInstaller.exe (Reg Error: Key error.)
O16 - DPF: {4B48D5DF-9021-45F7-A240-60304302A215} http://download.microsoft.com/download/b/d/b/bdb4e4ee-63b2-45ff-9d84-33205bf43143/WebCleaner.cab (Malicious Software Removal Tool)
O16 - DPF: {6CB5E471-C305-11D3-99A8-000086395495} http://toolbar.google.com/data/en/big/1.1.63-big/GoogleNav.cab (Reg Error: Key error.)
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} http://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1166903956703 (MUWebControl Class)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cab (Java Plug-in 1.6.0_24)
O16 - DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} http://fpdownload.macromedia.com/get/flashplayer/current/polarbear/ultrashim.cab (Reg Error: Key error.)
O16 - DPF: {9F1C11AA-197B-4942-BA54-47A8489BB47F} http://v4.windowsupdate.microsoft.com/CAB/x86/unicode/iuctl.CAB?37587.681412037 (Reg Error: Key error.)
O16 - DPF: {C7DB51B4-BCF7-4923-8874-7F1A0DC92277} http://office.microsoft.com/officeupdate/content/opuc4.cab (Office Update Installation Engine)
O16 - DPF: {CAFEEFAC-0014-0000-0000-ABCDEFFEDCBA} Reg Error: Key error. (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-0014-0001-0000-ABCDEFFEDCBA} Reg Error: Key error. (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cab (Java Plug-in 1.6.0_24)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cab (Java Plug-in 1.6.0_24)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://download.macromedia.com/pub/shockwave/cabs/flash/swflash.cab (Shockwave Flash Object)
O16 - DPF: {D7208880-9B7A-43E1-AABB-8C888A5704F9} http://192.168.1.200/NetCamPlayerWeb11gv2.cab (NetCamPlayerWeb11gv2 Control)
O16 - DPF: {F2A84794-EE6D-447B-8C21-3BA1DC77C5B4} http://activex.microsoft.com/activex/controls/sdkupdate/sdkinst.cab (SDKInstall Class)
O16 - DPF: DirectAnimation Java Classes file://C:\WINDOWS\Java\classes\dajava.cab (Reg Error: Key error.)
O16 - DPF: Microsoft XML Parser for Java file://C:\WINDOWS\Java\classes\xmldso.cab (Reg Error: Key error.)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 24.200.241.37 24.201.245.77 24.200.243.189
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - Winlogon\Notify\AtiExtEvent: DllName - Ati2evxx.dll - C:\WINDOWS\System32\ati2evxx.dll (ATI Technologies Inc.)
O24 - Desktop Components:1 () - C:\Inetpub\wwwroot\ldaoust\calendar.html
O24 - Desktop WallPaper: C:\Documents and Settings\Louis Daoust\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O24 - Desktop BackupWallPaper: C:\Documents and Settings\Louis Daoust\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O28 - HKLM ShellExecuteHooks: {091EB208-39DD-417D-A5DD-7E2C2D8FB9CB} - C:\Program Files\Windows Defender\MpShHook.dll (Microsoft Corporation)
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2007/12/22 22:25:19 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O35 - HKU\S-1-5-21-641499419-3881828550-583855553-1005..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = ComFile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

NetSvcs: 6to4 - File not found
NetSvcs: Ias - File not found
NetSvcs: Iprip - File not found
NetSvcs: Irmon - File not found
NetSvcs: NWCWorkstation - File not found
NetSvcs: Nwsapagent - File not found
NetSvcs: WmdmPmSp - File not found
NetSvcs: Ip6FwHlp - File not found

Drivers32: msacm.ctmp3 - C:\WINDOWS\SYSTEM32\ctmp3.acm (Creative Technology Ltd.)
Drivers32: msacm.iac2 - C:\WINDOWS\System32\iac25_32.ax (Intel Corporation)
Drivers32: msacm.l3acm - C:\WINDOWS\SYSTEM32\l3codeca.acm (Fraunhofer Institut Integrierte Schaltungen IIS)
Drivers32: msacm.lhacm - C:\WINDOWS\System32\lhacm.acm (Microsoft Corporation)
Drivers32: msacm.sl_anet - C:\WINDOWS\System32\sl_anet.acm (Sipro Lab Telecom Inc.)
Drivers32: msacm.trspch - C:\WINDOWS\System32\TSSOFT32.ACM (DSP GROUP, INC.)
Drivers32: msacm.vorbis - C:\WINDOWS\System32\vorbis.acm (HMS http://hp.vector.co.jp/authors/VA012897/)
Drivers32: msacm.voxacm160 - C:\WINDOWS\System32\vct3216.acm (Voxware, Inc.)
Drivers32: MSVideo - C:\WINDOWS\System32\vfwwdm32.dll (Microsoft Corporation)
Drivers32: MSVideo8 - C:\WINDOWS\System32\vfwwdm32.dll (Microsoft Corporation)
Drivers32: vidc.cvid - C:\WINDOWS\System32\iccvid.dll (Radius Inc.)
Drivers32: VIDC.I420 - C:\WINDOWS\System32\lvcodec2.dll (Logitech Inc.)
Drivers32: vidc.iv31 - C:\WINDOWS\System32\IR32_32.DLL ()
Drivers32: vidc.iv32 - C:\WINDOWS\System32\IR32_32.DLL ()
Drivers32: vidc.iv41 - C:\WINDOWS\System32\ir41_32.ax (Intel Corporation)
Drivers32: vidc.iv50 - C:\WINDOWS\System32\ir50_32.dll (Intel Corporation)

CREATERESTOREPOINT
Restore point Set: OTL Restore Point (16902109354000384)

========== Files/Folders - Created Within 30 Days ==========

[2011/04/12 23:53:13 | 000,580,608 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\Louis Daoust\Desktop\OTL.exe
[2011/04/12 21:17:06 | 000,000,000 | RHSD | C] -- C:\cmdcons
[2011/04/12 21:12:28 | 000,212,480 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWXCACLS.exe
[2011/04/12 21:12:28 | 000,161,792 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWREG.exe
[2011/04/12 21:12:28 | 000,136,704 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWSC.exe
[2011/04/12 21:12:28 | 000,031,232 | ---- | C] (NirSoft) -- C:\WINDOWS\NIRCMD.exe
[2011/04/12 21:12:04 | 000,000,000 | ---D | C] -- C:\WINDOWS\ERDNT
[2011/04/12 21:11:31 | 000,000,000 | ---D | C] -- C:\Qoobox
[2011/04/10 12:20:26 | 000,000,000 | RH-D | C] -- C:\Documents and Settings\Louis Daoust\Recent
[2011/04/10 12:18:17 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Java
[2011/04/09 10:40:32 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Louis Daoust\Application Data\Malwarebytes
[2011/04/09 10:40:22 | 000,038,224 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbamswissarmy.sys
[2011/04/09 10:40:22 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\Malwarebytes' Anti-Malware
[2011/04/09 10:40:21 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Malwarebytes
[2011/04/09 10:40:17 | 000,020,952 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys
[2011/04/09 10:40:16 | 000,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware
[2011/04/06 19:26:24 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\CCleaner
[2011/04/05 21:55:42 | 000,000,000 | ---D | C] -- C:\Documents and Settings\NetworkService\Application Data\Macromedia
[2011/04/05 21:55:36 | 000,000,000 | ---D | C] -- C:\Documents and Settings\NetworkService\Application Data\Adobe
[2011/04/05 21:40:58 | 016,409,960 | ---- | C] (Safer Networking Limited ) -- C:\Documents and Settings\Louis Daoust\Desktop\setup-spybotsd162.exe
[2011/04/05 21:40:54 | 000,000,000 | ---D | C] -- C:\Program Files\TeaTimer (Spybot - Search & Destroy)
[2011/04/05 21:40:54 | 000,000,000 | ---D | C] -- C:\Program Files\Misc. Support Library (Spybot - Search & Destroy)
[2011/04/05 21:40:45 | 000,000,000 | ---D | C] -- C:\Program Files\File Scanner Library (Spybot - Search & Destroy)
[2011/03/15 21:25:00 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\WinMerge
[2011/03/15 21:24:57 | 000,000,000 | ---D | C] -- C:\Program Files\WinMerge
[2002/04/11 01:41:00 | 000,065,536 | ---- | C] ( ) -- C:\WINDOWS\System32\A3d.dll
[2 C:\Documents and Settings\All Users\Application Data\*.tmp files -> C:\Documents and Settings\All Users\Application Data\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2011/04/12 23:53:37 | 000,580,608 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Louis Daoust\Desktop\OTL.exe
[2011/04/12 23:31:00 | 000,000,886 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineUA.job
[2011/04/12 23:08:42 | 000,000,027 | ---- | M] () -- C:\WINDOWS\System32\drivers\ETC\hosts
[2011/04/12 21:39:04 | 000,001,170 | ---- | M] () -- C:\WINDOWS\System32\WPA.DBL
[2011/04/12 21:38:25 | 000,000,868 | ---- | M] () -- C:\WINDOWS\tasks\Google Software Updater.job
[2011/04/12 21:38:07 | 000,000,882 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineCore.job
[2011/04/12 21:38:00 | 000,002,048 | --S- | M] () -- C:\WINDOWS\BOOTSTAT.DAT
[2011/04/12 21:37:51 | 000,000,000 | ---- | M] () -- C:\WINDOWS\System32\drivers\lvuvc.hs
[2011/04/12 21:17:12 | 000,000,355 | RHS- | M] () -- C:\BOOT.INI
[2011/04/12 21:09:04 | 004,319,795 | R--- | M] () -- C:\Documents and Settings\Louis Daoust\Desktop\ComboFix.exe
[2011/04/10 13:15:09 | 000,000,245 | ---- | M] () -- C:\Boot.bak
[2011/04/10 10:36:44 | 000,080,384 | ---- | M] () -- C:\Documents and Settings\Louis Daoust\Desktop\MBRCheck.exe
[2011/04/10 05:36:47 | 000,054,016 | ---- | M] () -- C:\WINDOWS\System32\drivers\gbophgyl.sys
[2011/04/10 00:00:32 | 000,054,016 | ---- | M] () -- C:\WINDOWS\System32\drivers\hugoogi.sys
[2011/04/08 22:11:26 | 000,022,328 | ---- | M] () -- C:\WINDOWS\System32\drivers\PnkBstrK.sys
[2011/04/06 19:26:24 | 000,000,690 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\CCleaner.lnk
[2011/04/05 22:46:58 | 000,000,120 | ---- | M] () -- C:\WINDOWS\Ekuxihehafile.dat
[2011/04/05 22:41:42 | 000,001,920 | ---- | M] () -- C:\WINDOWS\wininit.ini
[2011/04/05 21:41:41 | 016,409,960 | ---- | M] (Safer Networking Limited ) -- C:\Documents and Settings\Louis Daoust\Desktop\setup-spybotsd162.exe
[2011/04/05 21:28:56 | 000,000,363 | ---- | M] () -- C:\Documents and Settings\Louis Daoust\Desktop\fix.inf
[2011/04/05 21:27:52 | 000,000,328 | ---- | M] () -- C:\Documents and Settings\Louis Daoust\Desktop\fix.reg
[2011/04/05 21:01:58 | 000,015,052 | -HS- | M] () -- C:\Documents and Settings\Louis Daoust\Local Settings\Application Data\2tr4yndwvnsg0s521l3n643d
[2011/04/05 21:01:58 | 000,015,052 | -HS- | M] () -- C:\Documents and Settings\All Users\Application Data\2tr4yndwvnsg0s521l3n643d
[2011/04/05 20:19:05 | 000,000,688 | ---- | M] () -- C:\Documents and Settings\Louis Daoust\Desktop\Shortcut to q3office.exe.lnk
[2011/03/24 23:49:57 | 000,000,116 | ---- | M] () -- C:\WINDOWS\NeroDigital.ini
[2011/03/15 21:25:00 | 000,000,643 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\WinMerge.lnk
[2 C:\Documents and Settings\All Users\Application Data\*.tmp files -> C:\Documents and Settings\All Users\Application Data\*.tmp -> ]

ldaoust · 2011/04/12

Part 2 of OTL log

========== Files Created - No Company Name ==========

[2011/04/12 21:17:12 | 000,000,245 | ---- | C] () -- C:\Boot.bak
[2011/04/12 21:17:09 | 000,260,272 | RHS- | C] () -- C:\cmldr
[2011/04/12 21:12:28 | 000,256,512 | ---- | C] () -- C:\WINDOWS\PEV.exe
[2011/04/12 21:12:28 | 000,098,816 | ---- | C] () -- C:\WINDOWS\sed.exe
[2011/04/12 21:12:28 | 000,089,088 | ---- | C] () -- C:\WINDOWS\MBR.exe
[2011/04/12 21:12:28 | 000,080,412 | ---- | C] () -- C:\WINDOWS\grep.exe
[2011/04/12 21:12:28 | 000,068,096 | ---- | C] () -- C:\WINDOWS\zip.exe
[2011/04/12 21:08:30 | 004,319,795 | R--- | C] () -- C:\Documents and Settings\Louis Daoust\Desktop\ComboFix.exe
[2011/04/12 08:51:08 | 000,000,738 | ---- | C] () -- C:\Documents and Settings\All Users\Start Menu\Programs\Mozilla Firefox.lnk
[2011/04/10 10:35:18 | 000,080,384 | ---- | C] () -- C:\Documents and Settings\Louis Daoust\Desktop\MBRCheck.exe
[2011/04/10 05:36:47 | 000,054,016 | ---- | C] () -- C:\WINDOWS\System32\drivers\gbophgyl.sys
[2011/04/10 00:00:32 | 000,054,016 | ---- | C] () -- C:\WINDOWS\System32\drivers\hugoogi.sys
[2011/04/06 19:26:24 | 000,000,690 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\CCleaner.lnk
[2011/04/05 21:32:05 | 000,000,363 | ---- | C] () -- C:\Documents and Settings\Louis Daoust\Desktop\fix.inf
[2011/04/05 21:32:05 | 000,000,328 | ---- | C] () -- C:\Documents and Settings\Louis Daoust\Desktop\fix.reg
[2011/04/05 19:56:12 | 000,000,120 | ---- | C] () -- C:\WINDOWS\Ekuxihehafile.dat
[2011/04/05 19:46:48 | 000,015,052 | -HS- | C] () -- C:\Documents and Settings\Louis Daoust\Local Settings\Application Data\2tr4yndwvnsg0s521l3n643d
[2011/04/05 19:46:48 | 000,015,052 | -HS- | C] () -- C:\Documents and Settings\All Users\Application Data\2tr4yndwvnsg0s521l3n643d
[2011/03/15 21:25:00 | 000,000,643 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\WinMerge.lnk
[2011/02/20 22:44:03 | 000,000,059 | ---- | C] () -- C:\WINDOWS\HL_RecentFile.ini
[2010/11/01 05:25:02 | 000,173,080 | ---- | C] () -- C:\Documents and Settings\LocalService\Local Settings\Application Data\FontCache3.0.0.0.dat
[2010/11/01 05:25:01 | 000,287,962 | ---- | C] () -- C:\Documents and Settings\LocalService\Local Settings\Application Data\WPFFontCache_v0400-S-1-5-21-641499419-3881828550-583855553-1005-0.dat
[2010/11/01 05:24:52 | 000,287,962 | ---- | C] () -- C:\Documents and Settings\LocalService\Local Settings\Application Data\WPFFontCache_v0400-System.dat
[2009/10/10 12:26:10 | 000,000,579 | ---- | C] () -- C:\WINDOWS\qtracker.INI
[2009/09/12 19:14:54 | 000,063,768 | -H-- | C] () -- C:\WINDOWS\System32\mlfcache.dat
[2009/08/19 22:34:11 | 000,000,600 | ---- | C] () -- C:\Documents and Settings\Louis Daoust\Local Settings\Application Data\PUTTY.RND
[2009/08/18 23:41:12 | 000,000,056 | -H-- | C] () -- C:\WINDOWS\System32\ezsidmv.dat
[2009/05/13 10:37:24 | 000,014,848 | ---- | C] () -- C:\WINDOWS\System32\lua5.1a_gui.exe
[2009/05/13 10:37:24 | 000,010,752 | ---- | C] () -- C:\WINDOWS\System32\lua5.1a.exe
[2009/05/13 10:37:22 | 000,091,648 | ---- | C] () -- C:\WINDOWS\System32\lua5.1a.dll
[2008/11/30 18:40:47 | 000,000,025 | ---- | C] () -- C:\WINDOWS\OverlayXP.ini
[2008/08/03 16:35:02 | 000,000,171 | ---- | C] () -- C:\WINDOWS\icecast2.ini
[2008/07/08 02:29:26 | 000,114,688 | ---- | C] () -- C:\WINDOWS\System32\myodbc3i.exe
[2008/07/08 02:29:26 | 000,106,496 | ---- | C] () -- C:\WINDOWS\System32\myodbc3m.exe
[2008/04/14 13:58:40 | 002,854,912 | ---- | C] () -- C:\WINDOWS\System32\btwicons.dll
[2008/02/17 12:42:09 | 000,000,000 | ---- | C] () -- C:\WINDOWS\ativpsrm.bin
[2007/12/22 22:23:23 | 000,000,026 | ---- | C] () -- C:\WINDOWS\ExplorerXP.INI
[2007/09/29 03:36:06 | 003,107,788 | ---- | C] () -- C:\WINDOWS\System32\ativvaxx.dat
[2007/09/29 03:36:06 | 003,107,788 | ---- | C] () -- C:\WINDOWS\System32\ativva5x.dat
[2007/09/29 03:36:06 | 000,972,072 | ---- | C] () -- C:\WINDOWS\System32\ativva6x.dat
[2007/06/30 13:47:05 | 000,022,328 | ---- | C] () -- C:\WINDOWS\System32\drivers\PnkBstrK.sys
[2007/06/30 13:46:58 | 000,107,832 | ---- | C] () -- C:\WINDOWS\System32\PnkBstrB.exe
[2007/06/30 13:46:48 | 000,066,872 | ---- | C] () -- C:\WINDOWS\System32\PnkBstrA.exe
[2007/03/09 13:58:25 | 000,001,069 | ---- | C] () -- C:\WINDOWS\checkip.dat
[2007/03/05 13:34:28 | 000,676,224 | ---- | C] () -- C:\WINDOWS\System32\OGACheckControl.DLL
[2006/10/29 19:30:14 | 000,008,331 | ---- | C] () -- C:\Documents and Settings\Louis Daoust\Application Data\mainhst.zgh
[2006/10/21 22:43:36 | 000,000,000 | ---- | C] () -- C:\WINDOWS\chapter2.INI
[2006/10/07 15:05:44 | 000,134,136 | ---- | C] () -- C:\WINDOWS\ColorPic Uninstaller.exe
[2006/09/13 20:38:52 | 000,000,214 | ---- | C] () -- C:\WINDOWS\HP_48BitScanUpdatePatch.ini
[2006/09/13 20:34:20 | 000,000,234 | ---- | C] () -- C:\WINDOWS\PrnHlpLogConfig.ini
[2006/09/13 20:32:55 | 000,000,228 | ---- | C] () -- C:\WINDOWS\HP_ISRegionListUpdatelog_HPSU.ini
[2006/09/13 20:32:45 | 000,000,214 | ---- | C] () -- C:\WINDOWS\HP_InstantSHareJPG.ini
[2006/09/13 20:32:33 | 000,000,217 | ---- | C] () -- C:\WINDOWS\HP_IZClosingDiscErrorPatch.ini
[2006/09/13 20:31:21 | 000,000,206 | ---- | C] () -- C:\WINDOWS\HPGdiPlus.ini
[2006/09/13 20:29:43 | 000,000,221 | ---- | C] () -- C:\WINDOWS\HP_RedboxHprblog_HPSU.ini
[2006/08/12 12:29:56 | 000,000,221 | ---- | C] () -- C:\WINDOWS\NCLogConfig.ini
[2006/08/12 11:01:27 | 000,112,422 | ---- | C] () -- C:\WINDOWS\hpoins07.dat
[2006/08/12 11:01:26 | 000,021,124 | ---- | C] () -- C:\WINDOWS\hpomdl07.dat
[2006/05/21 22:08:39 | 000,001,359 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\QTSBandwidthCache
[2006/04/14 22:30:49 | 000,015,497 | ---- | C] () -- C:\WINDOWS\VX6KStd.ini
[2006/03/18 09:16:04 | 000,540,178 | ---- | C] () -- C:\WINDOWS\System32\x264vfw.dll
[2006/01/04 13:19:23 | 000,057,126 | ---- | C] () -- C:\WINDOWS\System32\lvcoinst.ini
[2006/01/04 13:15:38 | 000,000,719 | R--- | C] () -- C:\WINDOWS\System32\InstExec.ini
[2005/12/29 15:32:59 | 000,000,116 | ---- | C] () -- C:\WINDOWS\NeroDigital.ini
[2005/12/28 16:16:14 | 000,040,960 | ---- | C] () -- C:\Program Files\Uninstall_CDS.exe
[2005/12/24 22:07:42 | 000,042,620 | ---- | C] () -- C:\WINDOWS\php_old.ini
[2005/12/12 21:23:47 | 000,001,143 | ---- | C] () -- C:\WINDOWS\speakfre.ini
[2005/12/11 16:23:53 | 000,022,528 | -H-- | C] () -- C:\WINDOWS\System32\cleaner12.exe
[2005/12/06 20:49:18 | 000,003,067 | ---- | C] () -- C:\WINDOWS\cdgrabber.ini
[2005/10/28 22:43:24 | 000,000,112 | ---- | C] () -- C:\WINDOWS\ActiveSkin.INI
[2005/10/10 11:00:51 | 000,595,160 | ---- | C] () -- C:\WINDOWS\System32\wodCertificate.dll
[2005/10/10 11:00:50 | 000,286,720 | ---- | C] () -- C:\WINDOWS\System32\wsmib.dll
[2005/10/10 11:00:50 | 000,223,232 | ---- | C] () -- C:\WINDOWS\System32\sqlite3.dll
[2005/10/10 11:00:50 | 000,102,400 | ---- | C] () -- C:\WINDOWS\System32\IcqMsgSender.dll
[2005/10/10 11:00:46 | 000,081,920 | ---- | C] () -- C:\WINDOWS\System32\tccradcom.dll
[2005/09/01 14:11:52 | 001,912,064 | ---- | C] () -- C:\WINDOWS\System32\drivers\LVMVdrv.sys
[2005/09/01 14:11:52 | 000,016,768 | ---- | C] () -- C:\WINDOWS\System32\drivers\LVPrcMon.sys
[2005/09/01 14:09:28 | 002,169,984 | ---- | C] () -- C:\WINDOWS\System32\drivers\Lvckap.sys
[2005/08/13 07:23:13 | 000,176,128 | ---- | C] () -- C:\WINDOWS\System32\BBLog.dll
[2005/07/30 23:00:27 | 000,044,544 | ---- | C] () -- C:\WINDOWS\AWuninstall.exe
[2005/07/30 22:58:24 | 000,000,052 | ---- | C] () -- C:\WINDOWS\RTFContentCtrl.INI
[2005/07/28 21:57:26 | 000,057,856 | ---- | C] () -- C:\WINDOWS\System32\StickyKey.dll
[2005/05/13 09:42:30 | 000,056,320 | ---- | C] () -- C:\WINDOWS\System32\ggTray.dll
[2005/03/07 14:27:00 | 000,028,672 | ---- | C] () -- C:\WINDOWS\System32\winclose.dll
[2005/02/13 21:38:28 | 000,003,972 | ---- | C] () -- C:\WINDOWS\System32\drivers\PciBus.sys
[2005/02/12 15:33:19 | 000,516,096 | ---- | C] () -- C:\WINDOWS\System32\ati2sgag.exe
[2005/01/30 14:27:46 | 000,028,672 | ---- | C] () -- C:\WINDOWS\System32\myodbcinst.exe
[2005/01/30 14:27:32 | 000,011,776 | ---- | C] () -- C:\WINDOWS\System32\imyodbc.exe
[2004/12/20 18:48:50 | 000,156,671 | ---- | C] () -- C:\WINDOWS\System32\atiicdxx.dat
[2004/12/15 22:51:16 | 000,041,047 | ---- | C] () -- C:\WINDOWS\System32\ActPanel.dll
[2004/12/06 06:18:25 | 000,072,192 | ---- | C] () -- C:\WINDOWS\System32\zlib.dll
[2004/10/10 21:42:54 | 000,000,000 | ---- | C] () -- C:\WINDOWS\nsreg.dat
[2004/10/10 21:42:44 | 000,107,132 | ---- | C] () -- C:\WINDOWS\UninstallFirefox.exe
[2004/10/10 21:42:31 | 000,007,460 | ---- | C] () -- C:\WINDOWS\mozver.dat
[2004/10/09 17:04:22 | 000,000,033 | ---- | C] () -- C:\WINDOWS\MSFDM.INI
[2004/10/04 21:32:17 | 000,122,880 | ---- | C] () -- C:\WINDOWS\UnGins.exe
[2004/10/01 21:25:10 | 000,004,569 | ---- | C] () -- C:\WINDOWS\System32\secupd.dat
[2004/08/13 18:24:57 | 003,375,104 | ---- | C] () -- C:\WINDOWS\System32\qt-mt331.dll
[2004/06/19 11:42:45 | 000,037,027 | ---- | C] () -- C:\WINDOWS\atmoUn.exe
[2004/03/10 21:26:17 | 000,262,416 | ---- | C] () -- C:\WINDOWS\System32\ASFV2.DLL
[2004/03/10 21:24:35 | 000,524,288 | ---- | C] () -- C:\WINDOWS\System32\TDI-SonyOMG.dll
[2003/11/30 17:08:57 | 000,000,135 | ---- | C] () -- C:\Documents and Settings\Louis Daoust\Local Settings\Application Data\fusioncache.dat
[2003/11/08 19:58:00 | 000,000,000 | ---- | C] () -- C:\WINDOWS\PROTOCOL.INI
[2003/09/15 04:55:53 | 000,014,843 | ---- | C] () -- C:\WINDOWS\System32\mingwm10.dll
[2003/08/28 18:14:45 | 000,004,269 | ---- | C] () -- C:\WINDOWS\IFiltSet.Ini
[2003/08/28 18:12:59 | 000,000,033 | ---- | C] () -- C:\WINDOWS\iltwain.ini
[2003/08/28 15:25:56 | 000,000,000 | ---- | C] () -- C:\WINDOWS\OpPrintServer.INI
[2003/08/23 15:31:53 | 000,363,520 | ---- | C] () -- C:\WINDOWS\System32\psisdecd.dll
[2003/07/08 14:41:48 | 000,047,616 | ---- | C] () -- C:\WINDOWS\System32\P16X.dll
[2003/04/19 15:10:24 | 000,000,031 | ---- | C] () -- C:\WINDOWS\System32\GLW-FileStore.dll
[2003/04/09 21:42:07 | 000,006,550 | ---- | C] () -- C:\WINDOWS\jautoexp.dat
[2003/04/05 19:31:45 | 000,069,632 | ---- | C] () -- C:\WINDOWS\System32\xmltok.dll.off
[2003/04/05 19:31:45 | 000,036,864 | ---- | C] () -- C:\WINDOWS\System32\xmlparse.dll.off
[2003/04/05 18:42:18 | 000,000,000 | ---- | C] () -- C:\WINDOWS\PowerReg.dat
[2003/03/15 19:31:30 | 000,038,439 | ---- | C] () -- C:\Documents and Settings\Louis Daoust\Application Data\Comma Separated Values (Windows).ADR
[2003/02/27 10:05:08 | 000,000,034 | ---- | C] () -- C:\WINDOWS\phone_var.ini
[2003/02/27 10:05:05 | 000,051,942 | ---- | C] () -- C:\WINDOWS\name_gender.ini
[2003/02/27 10:05:05 | 000,000,212 | ---- | C] () -- C:\WINDOWS\states.ini
[2003/02/27 10:05:05 | 000,000,069 | ---- | C] () -- C:\WINDOWS\zip_var.ini
[2003/02/27 10:05:05 | 000,000,037 | ---- | C] () -- C:\WINDOWS\name_var.ini
[2003/02/27 10:05:04 | 000,000,058 | ---- | C] () -- C:\WINDOWS\birth_var.ini
[2003/02/27 10:05:04 | 000,000,016 | ---- | C] () -- C:\WINDOWS\addr_var.ini
[2003/02/27 10:05:04 | 000,000,011 | ---- | C] () -- C:\WINDOWS\city_var.ini
[2003/01/20 22:55:26 | 000,000,059 | ---- | C] () -- C:\WINDOWS\LTDLG13N.INI
[2003/01/14 20:31:22 | 000,056,832 | ---- | C] () -- C:\WINDOWS\Fce32.dll
[2003/01/14 20:31:21 | 000,056,832 | ---- | C] () -- C:\WINDOWS\System32\Fce32.dll
[2002/12/31 17:50:58 | 000,001,920 | ---- | C] () -- C:\WINDOWS\wininit.ini
[2002/12/31 12:50:53 | 000,000,126 | ---- | C] () -- C:\WINDOWS\mdm.ini
[2002/12/24 16:46:08 | 000,000,000 | ---- | C] () -- C:\WINDOWS\graphedt.INI
[2002/12/24 15:14:20 | 000,000,000 | ---- | C] () -- C:\WINDOWS\ATIMMC.INI
[2002/12/21 15:19:12 | 000,000,059 | ---- | C] () -- C:\WINDOWS\Crypkey.ini
[2002/12/21 15:19:09 | 000,027,648 | R--- | C] () -- C:\WINDOWS\Setup_ck.exe
[2002/12/21 15:19:09 | 000,024,608 | ---- | C] () -- C:\WINDOWS\System32\Ckldrv.sys
[2002/12/21 15:19:09 | 000,018,432 | ---- | C] () -- C:\WINDOWS\Setup_ck.dll
[2002/12/21 15:19:09 | 000,011,776 | ---- | C] () -- C:\WINDOWS\Ckrfresh.exe
[2002/12/15 23:00:12 | 000,479,232 | ---- | C] () -- C:\WINDOWS\System32\MusicCitydll2.dll
[2002/12/15 22:58:48 | 000,032,256 | ---- | C] () -- C:\WINDOWS\System32\Decln.dll
[2002/12/15 22:58:48 | 000,014,629 | ---- | C] () -- C:\WINDOWS\System32\Declw.dll
[2002/12/15 22:58:42 | 000,149,504 | ---- | C] () -- C:\WINDOWS\System32\UNWISE.EXE
[2002/12/15 22:58:42 | 000,005,863 | ---- | C] () -- C:\WINDOWS\System32\UNWISE.INI
[2002/12/15 20:09:32 | 000,000,037 | ---- | C] () -- C:\WINDOWS\D660UES.ini
[2002/12/15 19:48:39 | 000,000,035 | ---- | C] () -- C:\WINDOWS\A4W.INI
[2002/12/15 19:48:08 | 000,000,572 | ---- | C] () -- C:\WINDOWS\maxlink.ini
[2002/12/15 19:47:36 | 000,000,000 | ---- | C] () -- C:\WINDOWS\OP70.INI
[2002/12/15 19:46:42 | 000,001,616 | ---- | C] () -- C:\WINDOWS\pstudio.ini
[2002/12/15 19:46:42 | 000,000,028 | ---- | C] () -- C:\WINDOWS\album.ini
[2002/12/15 19:46:41 | 000,000,021 | ---- | C] () -- C:\WINDOWS\Ps_setup.ini
[2002/12/01 21:41:15 | 000,007,909 | ---- | C] () -- C:\WINDOWS\System32\ftpctrs.ini
[2002/12/01 21:41:13 | 000,038,576 | ---- | C] () -- C:\WINDOWS\System32\w3ctrs.ini
[2002/12/01 21:41:13 | 000,010,225 | ---- | C] () -- C:\WINDOWS\System32\axperf.ini
[2002/12/01 21:41:11 | 000,011,435 | ---- | C] () -- C:\WINDOWS\System32\infoctrs.ini
[2002/11/30 19:59:58 | 000,000,192 | ---- | C] () -- C:\WINDOWS\Winamp.ini
[2002/11/30 19:59:40 | 000,000,041 | ---- | C] () -- C:\WINDOWS\winampa.ini
[2002/11/28 20:09:59 | 000,000,831 | ---- | C] () -- C:\WINDOWS\QIII.INI
[2002/11/26 23:00:54 | 000,204,800 | ---- | C] () -- C:\Documents and Settings\Louis Daoust\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2002/11/26 21:33:45 | 000,000,061 | ---- | C] () -- C:\WINDOWS\stci.ini
[2002/11/21 12:47:16 | 000,000,061 | ---- | C] () -- C:\WINDOWS\smscfg.ini
[2002/11/21 12:43:56 | 000,000,783 | ---- | C] () -- C:\WINDOWS\lrun32.ini
[2002/11/21 12:42:48 | 000,001,360 | ---- | C] () -- C:\WINDOWS\ODBC.INI
[2002/11/21 12:41:58 | 001,048,576 | ---- | C] () -- C:\WINDOWS\System32\SFMAN.DAT
[2002/11/21 12:41:58 | 000,000,231 | ---- | C] () -- C:\WINDOWS\AC3API.INI
[2002/11/21 12:41:47 | 000,002,092 | ---- | C] () -- C:\WINDOWS\System32\P16X.ini
[2002/11/21 12:41:47 | 000,000,026 | ---- | C] () -- C:\WINDOWS\System32\ctzapxx.ini
[2002/11/21 12:41:46 | 000,006,175 | ---- | C] () -- C:\WINDOWS\MIXDEF.INI
[2002/11/21 12:41:46 | 000,005,917 | ---- | C] () -- C:\WINDOWS\SBMIXDEF.INI
[2002/11/21 12:41:46 | 000,000,064 | ---- | C] () -- C:\WINDOWS\P16x.ini
[2002/11/21 12:41:20 | 000,000,245 | ---- | C] () -- C:\WINDOWS\SBWIN.INI
[2002/11/21 12:39:42 | 000,000,791 | ---- | C] () -- C:\WINDOWS\orun32.ini
[2002/11/21 12:33:40 | 000,002,048 | --S- | C] () -- C:\WINDOWS\BOOTSTAT.DAT
[2002/11/21 12:22:30 | 000,000,547 | ---- | C] () -- C:\WINDOWS\System32\OEMINFO.INI
[2002/11/19 20:21:18 | 000,905,216 | ---- | C] () -- C:\WINDOWS\System32\ltmm_n.dll
[2002/10/03 15:42:27 | 000,000,034 | ---- | C] () -- C:\WINDOWS\Q3version.ini
[2002/09/03 15:51:12 | 000,587,340 | ---- | C] () -- C:\WINDOWS\System32\PERFH009.DAT
[2002/09/03 15:51:12 | 000,115,262 | ---- | C] () -- C:\WINDOWS\System32\PERFC009.DAT
[2002/09/03 15:42:36 | 000,302,032 | ---- | C] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2002/09/03 15:35:18 | 000,004,328 | ---- | C] () -- C:\WINDOWS\ODBCINST.INI
[2002/09/03 15:31:48 | 000,021,640 | ---- | C] () -- C:\WINDOWS\System32\emptyregdb.dat
[2002/09/03 10:31:46 | 013,107,200 | ---- | C] () -- C:\WINDOWS\System32\OEMBIOS.BIN
[2002/09/03 10:31:44 | 000,004,594 | ---- | C] () -- C:\WINDOWS\System32\OEMBIOS.DAT
[2002/08/29 07:00:00 | 000,673,088 | ---- | C] () -- C:\WINDOWS\System32\MLANG.DAT
[2002/08/29 07:00:00 | 000,272,128 | ---- | C] () -- C:\WINDOWS\System32\PERFI009.DAT
[2002/08/29 07:00:00 | 000,218,003 | ---- | C] () -- C:\WINDOWS\System32\DSSEC.DAT
[2002/08/29 07:00:00 | 000,046,258 | ---- | C] () -- C:\WINDOWS\System32\MIB.BIN
[2002/08/29 07:00:00 | 000,028,626 | ---- | C] () -- C:\WINDOWS\System32\PERFD009.DAT
[2002/08/29 07:00:00 | 000,001,804 | ---- | C] () -- C:\WINDOWS\System32\dcache.bin
[2002/08/29 07:00:00 | 000,000,741 | ---- | C] () -- C:\WINDOWS\System32\NOISE.DAT
[2002/03/26 21:18:27 | 000,091,136 | ---- | C] () -- C:\WINDOWS\System32\mp4fil32.dll
[2002/03/19 18:30:00 | 000,216,576 | ---- | C] () -- C:\WINDOWS\System32\PowerCalc.exe
[2002/03/19 18:30:00 | 000,045,632 | ---- | C] () -- C:\WINDOWS\System32\TaskSwitch.exe
[2001/11/14 13:56:00 | 001,802,240 | ---- | C] () -- C:\WINDOWS\System32\lcppn21.dll
[2001/07/06 15:30:00 | 000,003,399 | ---- | C] () -- C:\WINDOWS\System32\hptcpmon.ini
[2000/07/15 01:00:00 | 000,030,720 | ---- | C] () -- C:\WINDOWS\REGTLIB.EXE
[2000/03/29 23:00:00 | 000,125,440 | ---- | C] () -- C:\WINDOWS\System32\UNZDLL.DLL
[1999/10/23 19:29:44 | 000,053,248 | ---- | C] () -- C:\WINDOWS\System32\UNRAR.DLL
[1999/08/12 01:00:00 | 000,036,864 | ---- | C] () -- C:\WINDOWS\System32\DOCOBJ.DLL
[1999/08/12 01:00:00 | 000,032,768 | ---- | C] () -- C:\WINDOWS\System32\HLINKPRX.DLL
[1999/08/11 16:28:02 | 000,101,888 | ---- | C] () -- C:\WINDOWS\System32\LIBBZ2.DLL
[1999/05/21 22:10:00 | 000,129,024 | ---- | C] () -- C:\WINDOWS\System32\ZIPDLL.DLL
[1999/01/27 14:39:06 | 000,065,024 | ---- | C] () -- C:\WINDOWS\System32\indounin.dll
[1999/01/22 14:46:58 | 000,065,536 | ---- | C] () -- C:\WINDOWS\System32\MSRTEDIT.DLL
[1998/06/10 01:00:00 | 000,015,120 | ---- | C] () -- C:\WINDOWS\System32\REPUTIL.DLL
[1998/05/18 01:00:00 | 000,014,017 | ---- | C] () -- C:\WINDOWS\JAUTOEXP.INI
[1998/04/24 01:00:00 | 000,000,218 | ---- | C] () -- C:\WINDOWS\FRONTPG.INI
[1998/01/28 01:06:04 | 000,045,056 | ---- | C] () -- C:\WINDOWS\System32\UNACE.DLL
[1997/06/13 08:56:08 | 000,056,832 | ---- | C] () -- C:\WINDOWS\System32\Iyvu9_32.dll

========== LOP Check ==========

[2006/02/04 18:05:09 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\.mono
[2009/09/19 15:15:21 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\ElectricSheep
[2007/11/22 15:03:33 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\GameServerBrowser
[2009/03/12 20:37:21 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\GARMIN
[2004/07/16 20:38:57 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\MSN Messenger 6.2.0137
[2011/02/20 11:37:04 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\MySQL
[2007/01/07 13:09:13 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\PreEmptive Solutions
[2006/02/04 19:11:13 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\River Past G4
[2003/12/28 13:55:20 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\The Code Project
[2004/06/19 11:42:43 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Viewpoint
[2010/03/06 18:40:42 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\webcam 7
[2008/11/30 18:40:29 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\webcamXP5
[2004/10/03 10:58:23 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Yamaha
[2010/04/02 14:12:32 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\{429CAD59-35B1-4DBC-BB6D-1DB246563521}
[2009/09/12 10:19:13 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\{755AC846-7372-4AC8-8550-C52491DAA8BD}
[2009/08/09 12:38:06 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\{8CD7F5AF-ECFA-4793-BF40-D8F42DBFF906}
[2006/02/04 18:05:09 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Louis Daoust\Application Data\.mono
[2004/07/04 17:28:43 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Louis Daoust\Application Data\Anvil Studio
[2009/08/27 20:56:29 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Louis Daoust\Application Data\Any Video Converter
[2003/03/07 13:16:35 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Louis Daoust\Application Data\Canon
[2008/06/03 21:44:02 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Louis Daoust\Application Data\CDBurnerXP_Soft
[2007/03/18 21:10:55 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Louis Daoust\Application Data\DBDesigner4
[2010/11/12 22:31:36 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Louis Daoust\Application Data\DECISION-PLUS
[2005/10/10 12:03:38 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Louis Daoust\Application Data\Ethereal
[2011/04/09 10:37:32 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Louis Daoust\Application Data\FileZilla
[2010/05/07 19:40:04 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Louis Daoust\Application Data\GameServerBrowser
[2009/03/13 14:16:56 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Louis Daoust\Application Data\GARMIN
[2008/07/20 22:17:19 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Louis Daoust\Application Data\gtk-2.0
[2008/07/20 22:10:55 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Louis Daoust\Application Data\Inkscape
[2009/12/20 17:02:23 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Louis Daoust\Application Data\IrfanView
[2006/01/15 11:53:09 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Louis Daoust\Application Data\Kana Solution
[2004/07/01 19:49:09 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Louis Daoust\Application Data\Leadertech
[2004/01/31 20:55:32 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Louis Daoust\Application Data\msqt
[2011/02/20 13:06:20 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Louis Daoust\Application Data\MySQL
[2009/06/08 21:35:58 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Louis Daoust\Application Data\Neverball
[2011/02/06 13:33:18 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Louis Daoust\Application Data\Notepad++
[2005/10/15 15:29:25 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Louis Daoust\Application Data\Nvu
[2007/02/03 12:44:06 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Louis Daoust\Application Data\OfficeUpdate12
[2008/12/26 15:47:34 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Louis Daoust\Application Data\OpenArena
[2010/07/19 20:50:53 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Louis Daoust\Application Data\Pandion
[2010/01/31 14:43:37 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Louis Daoust\Application Data\Participatory Culture Foundation
[2007/03/17 13:48:16 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Louis Daoust\Application Data\PCToolsFirewallPlus
[2011/04/12 22:51:26 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Louis Daoust\Application Data\POP Peeper
[2006/02/04 19:11:11 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Louis Daoust\Application Data\River Past G4
[2011/04/03 23:25:33 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Louis Daoust\Application Data\SQLyog
[2008/09/28 20:27:08 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Louis Daoust\Application Data\Stellarium
[2007/07/29 00:28:25 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Louis Daoust\Application Data\Thunderbird
[2005/12/31 16:47:16 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Louis Daoust\Application Data\Video DVD Maker FREE
[2004/10/03 10:28:07 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Louis Daoust\Application Data\yamaha

========== Purity Check ==========

========== Custom Scans ==========

< %SYSTEMDRIVE%\*.* >
[2007/12/22 22:25:19 | 000,000,000 | ---- | M] () -- C:\AUTOEXEC.BAT
[2004/11/13 22:55:18 | 007,695,598 | RHS- | M] () -- C:\AVG6DB_F.DAT
[2011/04/10 13:15:09 | 000,000,245 | ---- | M] () -- C:\Boot.bak
[2011/04/12 21:17:12 | 000,000,355 | RHS- | M] () -- C:\BOOT.INI
[2002/09/03 15:13:28 | 000,000,512 | -HS- | M] () -- C:\BOOTSECT.DOS
[2004/08/03 23:00:00 | 000,260,272 | RHS- | M] () -- C:\cmldr
[2011/04/12 23:12:39 | 000,014,302 | ---- | M] () -- C:\ComboFix.txt
[2002/09/03 15:36:02 | 000,000,000 | ---- | M] () -- C:\CONFIG.SYS
[2007/03/08 16:07:47 | 000,921,624 | ---- | M] () -- C:\DC6810xp-001.raw
[2005/12/29 15:24:37 | 000,000,044 | ---- | M] () -- C:\decode.wav
[2002/11/21 12:25:22 | 000,003,390 | RH-- | M] () -- C:\DELL.SDR
[2004/11/13 20:52:58 | 000,786,593 | ---- | M] () -- C:\ecurierodimax.zip
[2004/11/20 16:16:53 | 000,002,876 | ---- | M] () -- C:\e_powered.gif
[2009/09/19 16:10:57 | 000,060,449 | ---- | M] () -- C:\fraglist.htm
[2009/09/20 10:28:19 | 000,355,406 | ---- | M] () -- C:\fraglist.luar
[2005/10/28 22:43:26 | 000,001,149 | ---- | M] () -- C:\INSTALL.LOG
[2002/09/03 15:36:02 | 000,000,000 | -H-- | M] () -- C:\IO.SYS
[2009/04/12 10:44:53 | 001,613,678 | ---- | M] () -- C:\log.txt
[2005/02/05 15:39:25 | 000,007,106 | ---- | M] () -- C:\mmcInst.log
[2002/09/03 15:36:02 | 000,000,000 | -H-- | M] () -- C:\MSDOS.SYS
[2005/03/12 22:19:53 | 000,010,046 | ---- | M] () -- C:\my.ini
[2004/10/01 21:33:46 | 000,047,564 | RHS- | M] () -- C:\NTDETECT.COM
[2008/08/18 17:33:15 | 000,250,048 | RHS- | M] () -- C:\NTLDR
[2004/10/03 11:15:43 | 000,001,326 | ---- | M] () -- C:\SearchIndex.edx
[2001/05/24 12:59:30 | 000,162,304 | ---- | M] () -- C:\UNWISE.EXE
[2007/03/09 14:00:02 | 000,000,031 | ---- | M] () -- C:\wizard.txt
[2003/08/28 15:35:41 | 000,011,090 | -H-- | M] () -- C:\ZbThumbnail.info

< %systemroot%\Fonts\*.com >
[2006/04/18 15:39:28 | 000,026,040 | ---- | M] () -- C:\WINDOWS\Fonts\GlobalMonospace.CompositeFont
[2006/06/29 14:53:56 | 000,026,489 | ---- | M] () -- C:\WINDOWS\Fonts\GlobalSansSerif.CompositeFont
[2006/04/18 15:39:28 | 000,029,779 | ---- | M] () -- C:\WINDOWS\Fonts\GlobalSerif.CompositeFont
[2006/06/29 14:58:52 | 000,030,808 | ---- | M] () -- C:\WINDOWS\Fonts\GlobalUserInterface.CompositeFont

< %systemroot%\Fonts\*.dll >
[2005/05/11 23:36:48 | 000,012,288 | ---- | M] (Hewlett-Packard Co.) -- C:\WINDOWS\Fonts\RandFont.dll

< %systemroot%\Fonts\*.ini >
[2002/09/03 15:35:02 | 000,000,067 | -HS- | M] () -- C:\WINDOWS\Fonts\DESKTOP.INI

< %systemroot%\Fonts\*.ini2 >

< %systemroot%\Fonts\*.exe >

< %systemroot%\system32\spool\prtprocs\w32x86\*.* >
[2008/07/06 08:06:10 | 000,089,088 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\SYSTEM32\SPOOL\PRTPROCS\W32X86\filterpipelineprintproc.dll
[2008/07/06 06:50:03 | 000,597,504 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\SYSTEM32\SPOOL\PRTPROCS\W32X86\printfilterpipelinesvc.exe

< %systemroot%\REPAIR\*.bak1 >

< %systemroot%\REPAIR\*.ini >

< %systemroot%\system32\*.jpg >

< %systemroot%\*.jpg >

< %systemroot%\*.png >

< %systemroot%\*.scr >

< %systemroot%\*._sy >

< %APPDATA%\Adobe\Update\*.* >

< %ALLUSERSPROFILE%\Favorites\*.* >

< %APPDATA%\Microsoft\*.* >

< %PROGRAMFILES%\*.* >
[2004/10/01 16:00:16 | 000,040,960 | ---- | M] () -- C:\Program Files\Uninstall_CDS.exe

< %APPDATA%\Update\*.* >

< %systemroot%\*. /mp /s >

< %systemroot%\System32\config\*.sav >
[2002/09/03 15:22:52 | 000,094,208 | ---- | M] () -- C:\WINDOWS\SYSTEM32\CONFIG\DEFAULT.SAV
[2002/09/03 15:22:52 | 000,626,688 | ---- | M] () -- C:\WINDOWS\SYSTEM32\CONFIG\SOFTWARE.SAV
[2002/09/03 15:22:52 | 000,397,312 | ---- | M] () -- C:\WINDOWS\SYSTEM32\CONFIG\SYSTEM.SAV

< %PROGRAMFILES%\bak. /s >

< %systemroot%\system32\bak. /s >

< %ALLUSERSPROFILE%\Start Menu\*.lnk /x >
[2008/08/18 17:42:55 | 000,000,272 | -HS- | M] () -- C:\Documents and Settings\All Users\Start Menu\DESKTOP.INI

< %systemroot%\system32\config\systemprofile\*.dat /x >

< %systemroot%\*.config >

< %systemroot%\system32\*.db >

< %APPDATA%\Microsoft\Internet Explorer\Quick Launch\*.lnk /x >
[2004/10/02 00:51:15 | 000,000,177 | -HS- | M] () -- C:\Documents and Settings\Louis Daoust\Application Data\Microsoft\Internet Explorer\Quick Launch\DESKTOP.INI
[2002/11/26 21:14:28 | 000,000,079 | ---- | M] () -- C:\Documents and Settings\Louis Daoust\Application Data\Microsoft\Internet Explorer\Quick Launch\Show Desktop.scf

< %USERPROFILE%\Desktop\*.exe >
[2011/04/12 21:09:04 | 004,319,795 | R--- | M] () -- C:\Documents and Settings\Louis Daoust\Desktop\ComboFix.exe
[2010/02/26 11:17:37 | 000,327,680 | ---- | M] () -- C:\Documents and Settings\Louis Daoust\Desktop\DbgOut.exe
[2008/11/14 22:07:03 | 000,290,816 | ---- | M] (TODO: <Company name>) -- C:\Documents and Settings\Louis Daoust\Desktop\dpnxui.exe
[2010/11/13 23:58:09 | 000,368,856 | ---- | M] (Decision-Plus) -- C:\Documents and Settings\Louis Daoust\Desktop\dptrial.exe
[2011/04/10 11:02:12 | 016,525,088 | ---- | M] (Sun Microsystems, Inc.) -- C:\Documents and Settings\Louis Daoust\Desktop\jre-6u24-windows-i586.exe
[2011/04/10 10:36:44 | 000,080,384 | ---- | M] () -- C:\Documents and Settings\Louis Daoust\Desktop\MBRCheck.exe
[2011/04/12 23:53:37 | 000,580,608 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Louis Daoust\Desktop\OTL.exe
[2011/04/05 21:41:41 | 016,409,960 | ---- | M] (Safer Networking Limited ) -- C:\Documents and Settings\Louis Daoust\Desktop\setup-spybotsd162.exe
[2010/11/12 22:29:35 | 032,108,894 | ---- | M] () -- C:\Documents and Settings\Louis Daoust\Desktop\setupmvpfr.exe
[2010/11/13 12:11:43 | 010,463,479 | ---- | M] () -- C:\Documents and Settings\Louis Daoust\Desktop\setuptraderplusfr.exe
[2010/12/16 14:38:15 | 001,440,963 | ---- | M] (La Crosse Technology®, Ltd ) -- C:\Documents and Settings\Louis Daoust\Desktop\USB_ERF_Gateway-1.7.exe

< %PROGRAMFILES%\Common Files\*.* >

< %systemroot%\*.src >
[2006/09/11 19:59:38 | 000,013,022 | ---- | M] () -- C:\WINDOWS\VX6000.src

< %systemroot%\install\*.* >

< %systemroot%\system32\DLL\*.* >

< %systemroot%\system32\HelpFiles\*.* >

< %systemroot%\system32\rundll\*.* >

< %systemroot%\winn32\*.* >

< %systemroot%\Java\*.* >

< %systemroot%\system32\test\*.* >

< %systemroot%\system32\Rundll32\*.* >

< %systemroot%\AppPatch\Custom\*.* >

< %APPDATA%\Roaming\Microsoft\Windows\Recent\*.lnk /x >

< %PROGRAMFILES%\PC-Doctor\Downloads\*.* >

< %PROGRAMFILES%\Internet Explorer\*.tmp >

< %PROGRAMFILES%\Internet Explorer\*.dat >

< %USERPROFILE%\My Documents\*.exe >

< %USERPROFILE%\*.exe >

< %systemroot%\ADDINS\*.* >

< %systemroot%\assembly\*.bak2 >

< %systemroot%\Config\*.* >

< %systemroot%\REPAIR\*.bak2 >

< %systemroot%\SECURITY\Database\*.sdb /x >

< %systemroot%\SYSTEM\*.bak2 >

< %systemroot%\Web\*.bak2 >

< %systemroot%\Driver Cache\*.* >

< %PROGRAMFILES%\Mozilla Firefox\0*.exe >

< %ProgramFiles%\Microsoft Common\*.* >

< %ProgramFiles%\TinyProxy. >

< %USERPROFILE%\Favorites\*.url /x >
[2004/10/02 00:51:15 | 000,000,122 | -HS- | M] () -- C:\Documents and Settings\Louis Daoust\Favorites\Desktop.ini
[2002/12/08 14:12:12 | 000,001,288 | ---- | M] () -- C:\Documents and Settings\Louis Daoust\Favorites\Microsoft bCentral.lnk

< %systemroot%\system32\*.bk >

< %systemroot%\*.te >

< %systemroot%\system32\system32\*.* >

< %ALLUSERSPROFILE%\*.dat /x >

< %systemroot%\system32\drivers\*.rmv >

< dir /b "%systemroot%\system32\*.exe" | find /i " " /c >

< dir /b "%systemroot%\*.exe" | find /i " " /c >
ColorPic Uninstaller.exe

< %PROGRAMFILES%\Microsoft\*.* >

< %systemroot%\System32\Wbem\proquota.exe >

< %PROGRAMFILES%\Mozilla Firefox\*.dat >

< %USERPROFILE%\Cookies\*.txt /x >
[2011/04/11 12:19:59 | 000,000,067 | -HS- | M] () -- C:\Documents and Settings\Louis Daoust\Cookies\desktop.ini
[2011/04/13 00:01:13 | 000,081,920 | -HS- | M] () -- C:\Documents and Settings\Louis Daoust\Cookies\index.dat

< %SystemRoot%\system32\fonts\*.* >

< %systemroot%\system32\winlog\*.* >

< %systemroot%\system32\Language\*.* >

< %systemroot%\system32\Settings\*.* >

< %systemroot%\system32\*.quo >

< %SYSTEMROOT%\AppPatch\*.exe >

< %SYSTEMROOT%\inf\*.exe >
[2007/06/26 22:10:26 | 000,317,440 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\INF\unregmp2.exe

< %SYSTEMROOT%\Installer\*.exe >

< %systemroot%\system32\config\*.bak2 >

< %systemroot%\system32\Computers\*.* >

< %SystemRoot%\system32\Sound\*.* >

< %SystemRoot%\system32\SpecialImg\*.* >

< %SystemRoot%\system32\code\*.* >

< %SystemRoot%\system32\draft\*.* >

< %SystemRoot%\system32\MSSSys\*.* >

< %ProgramFiles%\Javascript\*.* >

< %systemroot%\pchealth\helpctr\System\*.exe /s >

< %systemroot%\Web\*.exe >

< %systemroot%\system32\msn\*.* >

< %systemroot%\system32\*.tro >

< %AppData%\Microsoft\Installer\msupdates\*.* >

< %ProgramFiles%\Messenger\*.* >
[2008/04/13 20:11:51 | 000,033,792 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Messenger\custsat.dll
[2002/12/17 11:23:28 | 000,015,692 | ---- | M] () -- C:\Program Files\Messenger\license.txt
[2002/12/17 11:23:22 | 000,004,821 | ---- | M] () -- C:\Program Files\Messenger\logowin.gif
[2002/12/17 11:23:22 | 000,007,047 | ---- | M] () -- C:\Program Files\Messenger\lvback.gif
[2002/12/17 11:23:28 | 000,000,807 | ---- | M] () -- C:\Program Files\Messenger\mailtmpl.txt
[2008/05/02 10:01:49 | 000,083,968 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Messenger\msgsc.dll
[2008/04/13 13:30:28 | 000,180,224 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Messenger\msgslang.dll
[2008/04/13 20:12:28 | 001,695,232 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Messenger\msmsgs.exe
[2002/08/20 17:08:38 | 000,069,663 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Messenger\MSMSGSIN.EXE
[2002/12/17 11:23:18 | 000,002,882 | ---- | M] () -- C:\Program Files\Messenger\newalert.wav
[2002/12/17 11:23:18 | 000,006,156 | ---- | M] () -- C:\Program Files\Messenger\newemail.wav
[2002/12/17 11:23:18 | 000,006,160 | ---- | M] () -- C:\Program Files\Messenger\online.wav
[2002/12/17 11:23:24 | 000,004,454 | ---- | M] () -- C:\Program Files\Messenger\type.wav
[2004/07/17 14:41:04 | 000,115,981 | ---- | M] () -- C:\Program Files\Messenger\xpmsgr.chm

< %systemroot%\system32\systhem32\*.* >

< %systemroot%\system\*.exe >
[1999/09/10 13:06:00 | 000,004,672 | ---- | M] (Adaptec) -- C:\WINDOWS\SYSTEM\WOWPOST.EXE

< HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate\AU >

< HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\ Auto Update\Results\Install|LastSuccessTime /rs >

========== Alternate Data Streams ==========

@Alternate Data Stream - 120 bytes -> C:\AUTOEXEC.BAT:SummaryInformation

< End of report >

Log in or Sign up

Solved Google redirect and windows update blocked.

ldaoust Inactive Thread Starter

broni Moderator Malware Analyst

ldaoust Inactive Thread Starter

ldaoust Inactive Thread Starter

broni Moderator Malware Analyst

ldaoust Inactive Thread Starter

ldaoust Inactive Thread Starter

ldaoust Inactive Thread Starter

ldaoust Inactive Thread Starter

ldaoust Inactive Thread Starter

broni Moderator Malware Analyst

broni Moderator Malware Analyst

ldaoust Inactive Thread Starter

broni Moderator Malware Analyst

ldaoust Inactive Thread Starter

broni Moderator Malware Analyst

ldaoust Inactive Thread Starter

broni Moderator Malware Analyst

ldaoust Inactive Thread Starter

ldaoust Inactive Thread Starter

Share This Page

Log in or Sign up

Solved Google redirect and windows update blocked.

ldaoust Inactive Thread Starter

broni Moderator Malware Analyst

ldaoust Inactive Thread Starter

ldaoust Inactive Thread Starter

broni Moderator Malware Analyst

ldaoust Inactive Thread Starter

ldaoust Inactive Thread Starter

ldaoust Inactive Thread Starter

ldaoust Inactive Thread Starter

ldaoust Inactive Thread Starter

broni Moderator Malware Analyst

broni Moderator Malware Analyst

ldaoust Inactive Thread Starter

broni Moderator Malware Analyst

ldaoust Inactive Thread Starter

broni Moderator Malware Analyst

ldaoust Inactive Thread Starter

broni Moderator Malware Analyst

ldaoust Inactive Thread Starter

ldaoust Inactive Thread Starter

Share This Page

Useful Searches