So i have internet, but i cant use IE8? I run all my antivirus's, MAM, and that type of maintance daily, but i somehow got a virus i believe?

Heres my Hijackthis...
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 10:38:23 PM, on 12/7/2009
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16915)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\DigitalPersona\Bin\DPWinLct.exe
C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Symantec AntiVirus\DefWatch.exe
C:\Program Files\DigitalPersona\Bin\DpHost.exe
C:\Documents and Settings\All Users\Application Data\EPSON\EPW!3 SSRP\E_S40RP7.EXE
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\Program Files\Raxco\PerfectDisk2008\PD91Agent.exe
C:\Program Files\Symantec AntiVirus\Rtvscan.exe
C:\Program Files\DigitalPersona\Bin\DPFUSMgr.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\PROGRA~1\SYMANT~1\VPTray.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Windows Media Player\WMPNSCFG.exe
C:\Program Files\UltraMon\UltraMon.exe
C:\Program Files\UltraMon\UltraMonTaskbar.exe
c:\windows\system\hpsysdrv.exe
C:\Program Files\Java\jre1.5.0_05\bin\jusched.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\iTunes\iTunes.exe
C:\WINDOWS\system32\cmd.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iesearch&locale=EN_US&c=Q106&bd=presario&pf=desktop
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iesearch&locale=EN_US&c=Q106&bd=presario&pf=desktop
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://newcelica.org/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iesearch&locale=EN_US&c=Q106&bd=presario&pf=desktop
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iesearch&locale=EN_US&c=Q106&bd=presario&pf=desktop
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = http=127.0.0.1:5555
O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - (no file)
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O2 - BHO: (no name) - {64d9006c-6a15-4512-adb1-8dfdae1776b3} - (no file)
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O4 - HKLM\..\Run: [HPBootOp] "C:\Program Files\Hewlett-Packard\HP Boot Optimizer\HPBootOp.exe" /run
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [vptray] C:\PROGRA~1\SYMANT~1\VPTray.exe
O4 - HKLM\..\Run: [nwiz] nwiz.exe /installquiet
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe
O4 - HKUS\S-1-5-18\..\Run: [HKCU] c:\dir\install\install\ser4jg.exe (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [HKCU] c:\dir\install\install\ser4jg.exe (User 'Default user')
O4 - .DEFAULT User Startup: Pin.lnk = C:\hp\bin\CLOAKER.EXE (User 'Default user')
O4 - Global Startup: UltraMon.lnk = ?
O8 - Extra context menu item: &ieSpell Options - res://C:\Program Files\ieSpell\iespell.dll/SPELLOPTION.HTM
O8 - Extra context menu item: Check &Spelling - res://C:\Program Files\ieSpell\iespell.dll/SPELLCHECK.HTM
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~4\Office12\EXCEL.EXE/3000
O8 - Extra context menu item: Lookup on Merriam Webster - file://C:\Program Files\ieSpell\Merriam Webster.HTM
O8 - Extra context menu item: Lookup on Wikipedia - file://C:\Program Files\ieSpell\wikipedia.HTM
O9 - Extra button: ieSpell - {0E17D5B7-9F5D-4fee-9DF6-CA6EE38B68A8} - C:\Program Files\ieSpell\iespell.dll
O9 - Extra 'Tools' menuitem: ieSpell - {0E17D5B7-9F5D-4fee-9DF6-CA6EE38B68A8} - C:\Program Files\ieSpell\iespell.dll
O9 - Extra button: (no name) - {1606D6F9-9D3B-4aea-A025-ED5B2FD488E7} - C:\Program Files\ieSpell\iespell.dll
O9 - Extra 'Tools' menuitem: ieSpell Options - {1606D6F9-9D3B-4aea-A025-ED5B2FD488E7} - C:\Program Files\ieSpell\iespell.dll
O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~4\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~4\Office12\ONBttnIE.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~4\Office12\REFIEBAR.DLL
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search && Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O9 - Extra button: Connection Help - {E2D4D26B-0180-43a4-B05F-462D6D54C789} - C:\WINDOWS\PCHEALTH\HELPCTR\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\IEButton\support.htm
O9 - Extra 'Tools' menuitem: Connection Help - {E2D4D26B-0180-43a4-B05F-462D6D54C789} - C:\WINDOWS\PCHEALTH\HELPCTR\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\IEButton\support.htm
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {1E54D648-B804-468d-BC78-4AFFED8E262F} (System Requirements Lab) - http://www.nvidia.com/content/DriverDownload/srl/3.0.0.4/srl_bin/sysreqlab_nvd.cab
O16 - DPF: {4871A87A-BFDD-4106-8153-FFDE2BAC2967} (DLM Control) - http://dlm.tools.akamai.com/dlmanager/versions/activex/dlm-activex-2.2.4.8.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
O20 - Winlogon Notify: cbXpMEwX - cbXpMEwX.dll (file missing)
O20 - Winlogon Notify: DPWLN - C:\WINDOWS\system32\DPWLEvHd.dll
O22 - SharedTaskScheduler: DpunicorMsw - {E99D38E9-4B17-48E3-A6D8-3290FD0DC3CA} - C:\WINDOWS\system32\dpunicor.dll
O23 - Service: nmahnds (7abs3rho7) - Unknown owner - C:\Program Files\Common Files\tya62hfb\zmaodn92.exe (file missing)
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
O23 - Service: Symantec AntiVirus Definition Watcher (DefWatch) - Symantec Corporation - C:\Program Files\Symantec AntiVirus\DefWatch.exe
O23 - Service: Windows XP FUS Manager (DPFUSMgr) - DigitalPersona, Inc. - C:\Program Files\DigitalPersona\Bin\DPFUSMgr.exe
O23 - Service: Biometric Authentication Service (DpHost) - DigitalPersona, Inc. - C:\Program Files\DigitalPersona\Bin\DpHost.exe
O23 - Service: EPSON V3 Service4(01) (EPSON_PM_RPCV4_01) - SEIKO EPSON CORPORATION - C:\Documents and Settings\All Users\Application Data\EPSON\EPW!3 SSRP\E_S40RP7.EXE
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE
O23 - Service: NVIDIA Display Driver Service (nvsvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: PD91Agent - Raxco Software, Inc. - C:\Program Files\Raxco\PerfectDisk2008\PD91Agent.exe
O23 - Service: PD91Engine - Raxco Software, Inc. - C:\Program Files\Raxco\PerfectDisk2008\PD91Engine.exe
O23 - Service: SAVRoam (SavRoam) - symantec - C:\Program Files\Symantec AntiVirus\SavRoam.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
O23 - Service: Symantec SPBBCSvc (SPBBCSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
O23 - Service: Symantec AntiVirus - Symantec Corporation - C:\Program Files\Symantec AntiVirus\Rtvscan.exe

--
End of file - 10754 bytes

Thanks for any help :)

Recommended Answers

All 37 Replies

:( anything i can do to get this thing eliminated? I looked at the sticky's, and tried running those programs, but no luck. I also cant go into safe mode. It just restarts.

:( anything i can do to get this thing eliminated? I looked at the sticky's, and tried running those programs, but no luck. I also cant go into safe mode. It just restarts.

Sorry for the lack of replies - it's the holidays and most of the regular volunteers are pretty busy. That and most IE8 issues are hard to track down if not obviously due to malware....

Not sure about your IE8 issues.
If IE7 works OK, the IE8 troubles are probably not malware-related.
Did you try reinstalling it? Seems to be a lot of this going around.

Honestly, while this is not a solution, go with Firefox or Opera - Both are much better browsers.......

I'd be more worried about not being able to get into Safe Mode at this time.
Were you infected with malware recently?

PP:)

Im pretty sure i have a virus/malware of some sort.
I cannot get IE to work, some programs i cant update (or connect to internet). Thing is, i cant find anything thats wrong with the computer. Several scans show nothing, but i wish i could go into safe mode and scan there...but i cant =\

Im pretty sure i have a virus/malware of some sort.
I cannot get IE to work, some programs i cant update (or connect to internet). Thing is, i cant find anything thats wrong with the computer. Several scans show nothing, but i wish i could go into safe mode and scan there...but i cant =\

Well, there is some malware showing in that log, so let's try this:

If you already have Combofix on your machine, DELETE it.
Then follow the instructions in the link below to download a fresh copy of Combofix and run it:
http://www.bleepingcomputer.com/combofix/how-to-use-combofix

Follow the instructions in the linky very carefully to run it and then post the combofix log for me.

Be sure to install Recovery Console (if you are able to do so) and disable any other security programs or Anti-Virus programs as per the linky before running Combofix!

Will try to check back as time permits.

PP:)

ComboFix 09-12-09.04 - Compaq_Owner 12/10/2009 10:37:23.1.2 - x86
Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.2302.1734 [GMT -5:00]
Running from: c:\documents and settings\Compaq_Owner\Desktop\ComboFix.exe
AV: Symantec AntiVirus Corporate Edition *On-access scanning disabled* (Updated) {FB06448E-52B8-493A-90F3-E43226D3305C}
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\documents and settings\All Users\Start Menu\HP Image Zone .lnk
c:\documents and settings\Compaq_Owner\Application Data\Desktopicon

c:\windows\system32\DRIVERS\atapi.sys . . . is infected!!

c:\windows\system32\DRIVERS\iaStor.sys . . . is infected!!

.
((((((((((((((((((((((((( Files Created from 2009-11-10 to 2009-12-10 )))))))))))))))))))))))))))))))
.

2009-12-10 02:43 . 2009-12-10 02:43 -------- d-----w- c:\documents and settings\Compaq_Owner\Application Data\TrojanHunter
2009-12-10 00:59 . 2009-12-10 00:59 -------- d-----w- c:\documents and settings\LocalService\Local Settings\Application Data\Threat Expert
2009-12-10 00:16 . 2009-12-10 00:16 -------- d-----w- c:\program files\ESET
2009-12-10 00:16 . 2009-12-10 00:16 -------- d-----w- c:\documents and settings\Compaq_Owner\Local Settings\Application Data\Threat Expert
2009-12-10 00:09 . 2009-12-10 02:41 -------- d-----w- c:\program files\TrojanHunter 5.2
2009-12-08 03:38 . 2009-12-08 03:38 -------- d-----w- c:\program files\Trend Micro
2009-12-07 04:05 . 2009-12-07 12:16 -------- d-----w- c:\documents and settings\Compaq_Owner\Local Settings\Application Data\bybisg
2009-12-07 03:13 . 2009-12-07 03:13 4844296 ----a-w- c:\documents and settings\All Users\Application Data\Malwarebytes\Malwarebytes' Anti-Malware\mbam-setup.exe
2009-12-05 18:10 . 2009-12-05 18:10 8 ----a-w- c:\windows\system32\nvModes.dat
2009-12-05 17:52 . 2009-12-05 17:56 664 ----a-w- c:\windows\system32\d3d9caps.dat
2009-12-05 17:52 . 2009-12-05 17:52 552 ----a-w- c:\windows\system32\d3d8caps.dat
2009-12-05 01:55 . 2005-03-11 07:57 110592 ----a-w- c:\windows\system32\drivers\ianswxp.sys
2009-12-05 01:55 . 2005-03-11 07:51 81920 ------w- c:\windows\system32\drivers\iansmsg.dll
2009-12-05 01:55 . 2004-11-11 10:55 135168 ------w- c:\windows\system32\PRONtObj.dll
2009-12-05 01:55 . 2005-03-21 14:07 126976 ------w- c:\windows\system32\Ncs2InstUtility.dll
2009-12-05 01:55 . 2005-03-18 19:29 421888 ------w- c:\windows\system32\NcsCoLib.dll
2009-12-05 01:55 . 2005-03-16 15:43 19456 ------w- c:\windows\system32\drivers\iqvw32.sys
2009-12-05 01:55 . 2005-03-22 18:22 405504 ------w- c:\windows\system32\Ncs2DMIX.dll
2009-12-05 01:55 . 2005-03-18 20:00 290816 ------w- c:\windows\system32\Accesor.dll
2009-12-05 01:51 . 2009-12-05 01:55 -------- d-----w- c:\program files\Intel
2009-12-05 01:49 . 2009-12-05 01:49 -------- d-----w- C:\cabs
2009-12-05 01:34 . 2009-12-05 17:58 -------- d-----w- c:\program files\NVIDIA Corporation
2009-12-04 03:25 . 2009-11-21 02:34 69632 ----a-w- c:\windows\system32\OpenCL.dll
2009-12-04 03:25 . 2009-11-21 02:34 10235968 ----a-w- c:\windows\system32\drivers\nv4_mini.sys
2009-12-04 03:25 . 2009-11-21 02:34 10235968 ----a-w- c:\windows\system32\dllcache\nv4_mini.sys
2009-12-04 03:25 . 2009-11-21 02:34 4038656 ----a-w- c:\windows\system32\nvcuda.dll
2009-12-04 03:25 . 2009-11-21 02:34 2259560 ----a-w- c:\windows\system32\nvcuvid.dll
2009-12-04 03:25 . 2009-11-21 02:34 1989224 ----a-w- c:\windows\system32\nvcuvenc.dll
2009-12-04 03:25 . 2009-11-21 02:34 13602816 ----a-w- c:\windows\system32\nvoglnt.dll
2009-12-04 03:25 . 2009-11-21 02:34 2293286 ----a-w- c:\windows\system32\nvdata.bin
2009-12-04 03:25 . 2009-11-21 02:34 182888 ----a-w- c:\windows\system32\nvcodins.dll
2009-12-04 03:25 . 2009-11-21 02:34 182888 ----a-w- c:\windows\system32\nvcod.dll
2009-12-04 03:25 . 2009-11-21 02:34 11374592 ----a-w- c:\windows\system32\nvcompiler.dll
2009-12-04 03:25 . 2009-11-21 02:34 1056768 ----a-w- c:\windows\system32\nvapi.dll
2009-12-04 02:58 . 2009-12-04 02:58 -------- d-----w- c:\documents and settings\All Users\Application Data\NVIDIA Corporation
2009-12-03 02:56 . 2009-12-03 02:56 -------- d-----w- c:\documents and settings\Compaq_Owner\Local Settings\Application Data\Symantec
2009-12-03 02:55 . 2006-09-18 22:55 48816 ----a-w- c:\windows\system32\S32EVNT1.DLL
2009-12-03 02:55 . 2006-09-18 22:55 109744 ----a-w- c:\windows\system32\drivers\SYMEVENT.SYS
2009-12-03 02:54 . 2009-12-10 15:49 -------- d-----w- c:\program files\Symantec AntiVirus
2009-12-03 02:54 . 2009-12-03 02:58 -------- d-----w- c:\program files\Common Files\Symantec Shared
2009-12-03 02:49 . 2009-12-03 02:49 -------- d-----w- C:\Symantec10.1.5
2009-12-03 02:26 . 2009-12-03 02:26 152576 ----a-w- c:\documents and settings\Compaq_Owner\Application Data\Sun\Java\jre1.6.0_17\lzma.dll
2009-12-03 02:26 . 2009-12-03 02:26 79488 ----a-w- c:\documents and settings\Compaq_Owner\Application Data\Sun\Java\jre1.6.0_17\gtapi.dll
2009-12-02 04:18 . 2009-12-02 04:18 -------- d-----w- c:\documents and settings\Compaq_Owner\Local Settings\Application Data\Identities
2009-12-01 22:55 . 2009-12-01 22:55 170760 ----a-w- c:\documents and settings\LocalService\Local Settings\Application Data\FontCache3.0.0.0.dat
2009-12-01 02:35 . 2009-12-01 02:35 -------- d-----w- c:\program files\ATI Technologies
2009-12-01 02:35 . 2009-12-04 03:15 -------- d-----w- c:\program files\ATI
2009-12-01 02:35 . 2009-12-01 02:35 -------- d-----w- C:\ATI
2009-12-01 02:26 . 2009-12-01 02:31 -------- d-----w- c:\program files\RivaTuner v2.24 MSI Master Overclocking Arena 2009 edition
2009-12-01 01:54 . 2009-12-05 17:37 -------- d-----w- c:\documents and settings\Compaq_Owner\Tracing
2009-12-01 01:49 . 2009-12-01 01:49 -------- d-----w- c:\program files\Microsoft
2009-12-01 01:49 . 2009-12-01 01:49 -------- d-----w- c:\program files\Windows Live SkyDrive
2009-12-01 01:47 . 2009-12-01 01:47 -------- d-----w- c:\program files\Common Files\Windows Live
2009-11-27 22:17 . 2008-11-13 14:18 177664 ------w- c:\windows\system32\dllcache\wintrust.dll
2009-11-27 22:17 . 2008-11-13 14:18 599552 ------w- c:\windows\system32\dllcache\crypt32.dll
2009-11-27 22:16 . 2009-09-04 22:29 453456 ----a-w- c:\windows\system32\d3dx10_42.dll
2009-11-27 22:16 . 2009-09-04 22:29 1892184 ----a-w- c:\windows\system32\D3DX9_42.dll
2009-11-27 22:16 . 2009-11-27 22:16 -------- d-----w- c:\windows\Logs
2009-11-27 22:04 . 2009-11-27 22:04 -------- d--h--r- c:\documents and settings\Compaq_Owner\Application Data\SecuROM
2009-11-27 21:49 . 2009-11-27 21:49 108144 ----a-w- c:\windows\system32\CmdLineExt.dll
2009-11-25 02:11 . 2009-07-31 04:35 1172480 ------w- c:\windows\system32\dllcache\msxml3.dll
2009-11-21 01:32 . 2009-11-21 01:32 278120 ----a-w- c:\windows\system32\nvmccs.dll
2009-11-21 01:32 . 2009-11-21 01:32 154216 ----a-w- c:\windows\system32\nvsvc32.exe
2009-11-21 01:32 . 2009-11-21 01:32 145000 ----a-w- c:\windows\system32\nvcolor.exe
2009-11-21 01:32 . 2009-11-21 01:32 12669544 ----a-w- c:\windows\system32\nvcpl.dll
2009-11-21 01:32 . 2009-11-21 01:32 110184 ----a-w- c:\windows\system32\nvmctray.dll
2009-11-21 01:32 . 2009-11-21 01:32 81920 ----a-w- c:\windows\system32\nvwddi.dll
2009-11-19 22:54 . 2009-11-25 23:33 -------- d-----w- c:\documents and settings\Compaq_Owner\Application Data\foobar2000
2009-11-19 22:54 . 2009-11-19 22:54 -------- d-----w- c:\program files\foobar2000
2009-11-19 22:49 . 2009-11-19 22:49 -------- d-----w- c:\program files\uTorrent
2009-11-19 22:48 . 2009-12-05 17:37 -------- d-----w- c:\documents and settings\Compaq_Owner\Application Data\uTorrent

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-12-10 02:46 . 2008-11-29 06:41 -------- d---a-w- c:\documents and settings\All Users\Application Data\TEMP
2009-12-10 01:15 . 2008-11-29 04:09 -------- d-----w- c:\program files\World of Warcraft
2009-12-09 11:58 . 2008-12-06 05:16 -------- d-----w- c:\documents and settings\All Users\Application Data\Microsoft Help
2009-12-09 04:46 . 2008-12-06 18:42 -------- d-----w- c:\documents and settings\All Users\Application Data\Spybot - Search & Destroy
2009-12-08 08:02 . 2004-08-04 12:00 96512 ------w- c:\windows\system32\drivers\atapi.sys
2009-12-08 05:43 . 2009-07-21 16:11 -------- d-----w- c:\program files\LimeWire
2009-12-07 04:08 . 2009-10-08 02:55 -------- d-----w- c:\program files\SpeedFan
2009-12-07 03:13 . 2009-09-15 01:43 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2009-12-05 17:48 . 2009-11-06 01:10 -------- d-----w- c:\program files\Yahoo!
2009-12-05 17:44 . 2008-11-29 02:26 -------- d-----w- c:\program files\Common Files\Wise Installation Wizard
2009-12-05 01:32 . 2008-12-13 22:51 -------- d-----w- c:\documents and settings\Compaq_Owner\Application Data\Ventrilo
2009-12-03 21:14 . 2009-09-15 01:43 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2009-12-03 21:13 . 2009-09-15 01:43 19160 ----a-w- c:\windows\system32\drivers\mbam.sys
2009-12-03 02:56 . 2005-11-14 15:41 -------- d-----w- c:\program files\Symantec
2009-12-03 02:54 . 2005-11-14 15:41 -------- d-----w- c:\documents and settings\All Users\Application Data\Symantec
2009-12-03 02:32 . 2005-11-14 15:02 -------- d--h--w- c:\program files\InstallShield Installation Information
2009-12-03 02:31 . 2009-10-03 15:55 -------- d-----w- c:\program files\Common Files\AOL
2009-12-03 02:28 . 2005-11-14 14:54 -------- d-----w- c:\program files\Java
2009-12-01 01:48 . 2008-12-06 05:08 -------- d-----w- c:\program files\Windows Live
2009-11-21 02:34 . 2008-10-07 18:33 6282752 ----a-w- c:\windows\system32\nv4_disp.dll
2009-11-19 23:29 . 2008-12-07 19:18 -------- d-----w- c:\documents and settings\Compaq_Owner\Application Data\LimeWire
2009-11-19 22:40 . 2009-10-20 12:58 -------- d-----w- c:\documents and settings\Compaq_Owner\Application Data\Audacity
2009-11-06 01:10 . 2009-11-06 01:10 -------- d-----w- c:\documents and settings\Compaq_Owner\Application Data\Yahoo!
2009-11-01 03:01 . 2009-11-01 03:00 -------- d-----w- c:\program files\iTunes
2009-11-01 03:00 . 2009-11-01 03:00 -------- d-----w- c:\program files\iPod
2009-11-01 03:00 . 2009-11-01 02:57 -------- d-----w- c:\program files\Common Files\Apple
2009-11-01 02:59 . 2009-09-17 01:45 -------- d-----w- c:\program files\QuickTime
2009-11-01 02:59 . 2008-11-29 06:51 -------- d-----w- c:\documents and settings\All Users\Application Data\Apple Computer
2009-11-01 02:58 . 2009-11-01 02:58 -------- d-----w- c:\program files\Apple Software Update
2009-10-29 07:46 . 2004-08-04 12:00 832512 ----a-w- c:\windows\system32\wininet.dll
2009-10-29 07:46 . 2009-06-09 03:13 78336 ----a-w- c:\windows\system32\ieencode.dll
2009-10-29 07:46 . 2004-08-04 12:00 17408 ----a-w- c:\windows\system32\corpol.dll
2009-10-29 00:58 . 2009-10-29 00:58 79144 ----a-w- c:\documents and settings\All Users\Application Data\Apple Computer\Installer Cache\iTunes 9.0.2.25\SetupAdmin.exe
2009-10-27 04:34 . 2008-11-29 02:04 78024 ----a-w- c:\documents and settings\Compaq_Owner\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
2009-10-27 01:47 . 2005-11-14 15:20 -------- d-----w- c:\program files\Microsoft Works
2009-10-26 02:58 . 2009-10-26 02:58 -------- d-----w- c:\program files\Lame for Audacity
2009-10-24 19:42 . 2009-10-03 15:56 -------- d-----w- c:\program files\AIM Toolbar
2009-10-21 05:38 . 2004-08-04 12:00 75776 ----a-w- c:\windows\system32\strmfilt.dll
2009-10-21 05:38 . 2004-08-04 12:00 25088 ----a-w- c:\windows\system32\httpapi.dll
2009-10-20 16:20 . 2004-08-04 12:00 265728 ----a-w- c:\windows\system32\drivers\http.sys
2009-10-20 13:48 . 2009-10-20 13:41 -------- d-----w- c:\program files\Essentials Codec Pack
2009-10-20 13:36 . 2009-10-20 13:36 -------- d-----w- c:\documents and settings\Compaq_Owner\Application Data\ImTOO Software Studio
2009-10-20 12:58 . 2009-10-20 12:57 -------- d-----w- c:\program files\Audacity 1.3 Beta (Unicode)
2009-10-19 02:56 . 2008-12-03 03:41 258 ----a-w- c:\documents and settings\Compaq_Owner\Application Data\wklnhst.dat
2009-10-14 00:40 . 2009-10-14 00:40 -------- d-----w- c:\program files\ieSpell
2009-10-13 10:30 . 2004-08-04 12:00 270336 ----a-w- c:\windows\system32\oakley.dll
2009-10-12 13:38 . 2004-08-04 12:00 149504 ----a-w- c:\windows\system32\rastls.dll
2009-10-12 13:38 . 2004-08-04 12:00 79872 ----a-w- c:\windows\system32\raschap.dll
2009-10-11 09:17 . 2009-02-10 05:40 411368 ----a-w- c:\windows\system32\deploytk.dll
2009-09-17 02:13 . 2009-09-17 02:13 63924 ---ha-w- c:\windows\system32\mlfcache.dat
2009-09-13 16:15 . 2009-01-19 00:04 7 ----a-w- c:\windows\sbacknt.bin
2009-09-13 16:10 . 2009-01-19 00:03 152904 ----a-w- c:\windows\system32\vghd.scr
2008-06-30 14:52 . 2008-11-29 02:35 1425408 ----a-w- c:\program files\cpuz.exe
2006-06-02 02:07 . 2008-11-29 03:30 22 --sha-w- c:\windows\SMINST\HPCD.SYS
2001-03-30 17:07 . 2001-03-30 17:07 372736 --sha-r- c:\windows\system32\dpunicor.dll
2001-03-30 17:07 . 2001-03-30 17:07 32768 --sha-r- c:\windows\system32\fbhco.dll
.

------- Sigcheck -------

[-] 2009-12-08 . 9F3A2F5AA6875C72BF062C712CFA2674 . 96512 . . [5.1.2600.5512] . . c:\windows\system32\drivers\atapi.sys
[-] 2008-04-13 . 9F3A2F5AA6875C72BF062C712CFA2674 . 96512 . . [5.1.2600.5512] . . c:\windows\ServicePackFiles\i386\atapi.sys
[-] 2004-08-04 . CDFE4411A69C224BD1D11B2DA92DAC51 . 95360 . . [5.1.2600.2180] . . c:\windows\$NtServicePackUninstall$\atapi.sys

[-] 2008-04-13 . B153AFFAC761E7F5FCFA822B9C4E97BC . 14336 . . [5.1.2600.5512] . . c:\windows\ServicePackFiles\i386\asyncmac.sys
[-] 2008-04-13 . B153AFFAC761E7F5FCFA822B9C4E97BC . 14336 . . [5.1.2600.5512] . . c:\windows\system32\drivers\asyncmac.sys
[-] 2004-08-04 . 02000ABF34AF4C218C35D257024807D6 . 14336 . . [5.1.2600.2180] . . c:\windows\$NtServicePackUninstall$\asyncmac.sys

[-] 2004-08-04 . DA1F27D85E0D1525F6621372E7B685E9 . 4224 . . [5.1.2600.0] . . c:\windows\system32\drivers\beep.sys

[-] 2008-04-13 . 463C1EC80CD17420A542B7F36A36F128 . 24576 . . [5.1.2600.5512] . . c:\windows\system32\drivers\kbdclass.sys
[-] 2008-04-13 . 463C1EC80CD17420A542B7F36A36F128 . 24576 . . [5.1.2600.5512] . . c:\windows\ServicePackFiles\i386\kbdclass.sys
[-] 2004-08-04 . EBDEE8A2EE5393890A1ACEE971C4C246 . 24576 . . [5.1.2600.2180] . . c:\windows\$NtServicePackUninstall$\kbdclass.sys

[-] 2008-04-13 . 1DF7F42665C94B825322FAE71721130D . 182656 . . [5.1.2600.5512] . . c:\windows\ServicePackFiles\i386\ndis.sys
[-] 2008-04-13 . 1DF7F42665C94B825322FAE71721130D . 182656 . . [5.1.2600.5512] . . c:\windows\system32\drivers\ndis.sys
[-] 2004-08-04 . 558635D3AF1C7546D26067D5D9B6959E . 182912 . . [5.1.2600.2180] . . c:\windows\$NtServicePackUninstall$\ndis.sys

[-] 2008-04-13 . 78A08DD6A8D65E697C18E1DB01C5CDCA . 574976 . . [5.1.2600.5512] . . c:\windows\ServicePackFiles\i386\ntfs.sys
[-] 2008-04-13 . 78A08DD6A8D65E697C18E1DB01C5CDCA . 574976 . . [5.1.2600.5512] . . c:\windows\system32\drivers\ntfs.sys
[-] 2007-02-09 . 05AB81909514BFD69CBB1F2C147CF6B9 . 574976 . . [5.1.2600.3081] . . c:\windows\$hf_mig$\KB930916\SP2QFE\ntfs.sys
[-] 2007-02-09 . 19A811EF5F1ED5C926A028CE107FF1AF . 574464 . . [5.1.2600.3081] . . c:\windows\$NtServicePackUninstall$\ntfs.sys
[-] 2004-08-04 . B78BE402C3F63DD55521F73876951CDD . 574592 . . [5.1.2600.2180] . . c:\windows\$NtUninstallKB930916$\ntfs.sys

[-] 2004-08-04 . 73C1E1F395918BC2C6DD67AF7591A3AD . 2944 . . [5.1.2600.0] . . c:\windows\system32\drivers\null.sys

[-] 2008-06-20 . AD978A1B783B5719720CFF204B666C8E . 361600 . . [5.1.2600.5625] . . c:\windows\$hf_mig$\KB951748\SP3QFE\tcpip.sys
[-] 2008-06-20 . 9AEFA14BD6B182D61E3119FA5F436D3D . 361600 . . [5.1.2600.5625] . . c:\windows\$hf_mig$\KB951748\SP3GDR\tcpip.sys
[-] 2008-06-20 . 9AEFA14BD6B182D61E3119FA5F436D3D . 361600 . . [5.1.2600.5625] . . c:\windows\system32\drivers\tcpip.sys
[-] 2008-06-20 . 2A5554FC5B1E04E131230E3CE035C3F9 . 360320 . . [5.1.2600.3394] . . c:\windows\$NtServicePackUninstall$\tcpip.sys
[-] 2008-06-20 . 744E57C99232201AE98C49168B918F48 . 360960 . . [5.1.2600.3394] . . c:\windows\$hf_mig$\KB951748\SP2QFE\tcpip.sys
[-] 2008-04-13 . 93EA8D04EC73A85DB02EB8805988F733 . 361344 . . [5.1.2600.5512] . . c:\windows\$NtUninstallKB951748$\tcpip.sys
[-] 2008-04-13 . 93EA8D04EC73A85DB02EB8805988F733 . 361344 . . [5.1.2600.5512] . . c:\windows\ServicePackFiles\i386\tcpip.sys
[-] 2005-03-14 . 6129E70F3D2F1E60860C930EBEAF92C2 . 359936 . . [5.1.2600.2631] . . c:\windows\$hf_mig$\KB893066\SP2QFE\tcpip.sys
[-] 2005-03-14 . 0E66B538096A6529D1AC66E78EB0D5C8 . 359808 . . [5.1.2600.2631] . . c:\windows\$NtUninstallKB951748_0$\tcpip.sys
[-] 2004-08-04 . 9F4B36614A0FC234525BA224957DE55C . 359040 . . [5.1.2600.2180] . . c:\windows\$NtUninstallKB893066$\tcpip.sys

[-] 2008-04-14 . A06CE3399D16DB864F55FAEB1F1927A9 . 77824 . . [5.1.2600.5512] . . c:\windows\ServicePackFiles\i386\browser.dll
[-] 2008-04-14 . A06CE3399D16DB864F55FAEB1F1927A9 . 77824 . . [5.1.2600.5512] . . c:\windows\system32\browser.dll
[-] 2004-08-04 . E3CFCCDDA4EDD1D0DC9168B2E18F27B8 . 77312 . . [5.1.2600.2180] . . c:\windows\$NtServicePackUninstall$\browser.dll

[-] 2008-04-14 . BF2466B3E18E970D8A976FB95FC1CA85 . 13312 . . [5.1.2600.5512] . . c:\windows\ServicePackFiles\i386\lsass.exe
[-] 2008-04-14 . BF2466B3E18E970D8A976FB95FC1CA85 . 13312 . . [5.1.2600.5512] . . c:\windows\system32\lsass.exe
[-] 2004-08-04 . 84885F9B82F4D55C6146EBF6065D75D2 . 13312 . . [5.1.2600.2180] . . c:\windows\$NtServicePackUninstall$\lsass.exe

[-] 2008-04-14 . 13E67B55B3ABD7BF3FE7AAE5A0F9A9DE . 198144 . . [5.1.2600.5512] . . c:\windows\ServicePackFiles\i386\netman.dll
[-] 2008-04-14 . 13E67B55B3ABD7BF3FE7AAE5A0F9A9DE . 198144 . . [5.1.2600.5512] . . c:\windows\system32\netman.dll
[-] 2005-08-22 . 36739B39267914BA69AD0610A0299732 . 197632 . . [5.1.2600.2743] . . c:\windows\$NtServicePackUninstall$\netman.dll
[-] 2005-08-22 . 3516D8A18B36784B1005B950B84232E1 . 197632 . . [5.1.2600.2743] . . c:\windows\$hf_mig$\KB905414\SP2QFE\netman.dll
[-] 2004-08-04 . DAB9E6C7105D2EF49876FE92C524F565 . 198144 . . [5.1.2600.2180] . . c:\windows\$NtUninstallKB905414$\netman.dll

[-] 2008-04-14 . 574738F61FCA2935F5265DC4E5691314 . 409088 . . [6.7.2600.5512] . . c:\windows\ServicePackFiles\i386\qmgr.dll
[-] 2008-04-14 . 574738F61FCA2935F5265DC4E5691314 . 409088 . . [6.7.2600.5512] . . c:\windows\system32\qmgr.dll
[-] 2008-04-14 . 574738F61FCA2935F5265DC4E5691314 . 409088 . . [6.7.2600.5512] . . c:\windows\system32\bits\qmgr.dll
[-] 2004-08-04 . 2C69EC7E5A311334D10DD95F338FCCEA . 382464 . . [6.6.2600.2180] . . c:\windows\$NtServicePackUninstall$\qmgr.dll

[-] 2008-04-14 . D8E14A61ACC1D4A6CD0D38AEBAC7FA3B . 57856 . . [5.1.2600.5512] . . c:\windows\ServicePackFiles\i386\spoolsv.exe
[-] 2008-04-14 . D8E14A61ACC1D4A6CD0D38AEBAC7FA3B . 57856 . . [5.1.2600.5512] . . c:\windows\system32\spoolsv.exe
[-] 2005-06-11 . AD3D9D191AEA7B5445FE1D82FFBB4788 . 57856 . . [5.1.2600.2696] . . c:\windows\$hf_mig$\KB896423\SP2QFE\spoolsv.exe
[-] 2005-06-10 . DA81EC57ACD4CDC3D4C51CF3D409AF9F . 57856 . . [5.1.2600.2696] . . c:\windows\$NtServicePackUninstall$\spoolsv.exe
[-] 2004-08-04 . 7435B108B935E42EA92CA94F59C8E717 . 57856 . . [5.1.2600.2180] . . c:\windows\$NtUninstallKB896423$\spoolsv.exe

[-] 2008-04-14 . ED0EF0A136DEC83DF69F04118870003E . 507904 . . [5.1.2600.5512] . . c:\windows\ServicePackFiles\i386\winlogon.exe
[-] 2008-04-14 . ED0EF0A136DEC83DF69F04118870003E . 507904 . . [5.1.2600.5512] . . c:\windows\system32\winlogon.exe
[-] 2004-08-04 . 01C3346C241652F43AED8E2149881BFE . 502272 . . [5.1.2600.2180] . . c:\windows\$NtServicePackUninstall$\winlogon.exe

[-] 2008-04-14 . 06F247492BC786CE5C24A23E178C711A . 617472 . . [5.82] . . c:\windows\ServicePackFiles\i386\comctl32.dll
[-] 2008-04-14 . 06F247492BC786CE5C24A23E178C711A . 617472 . . [5.82] . . c:\windows\system32\comctl32.dll
[-] 2006-08-25 . B0124CB21D28B1C9F678B566B6B57D92 . 617472 . . [5.82] . . c:\windows\$NtServicePackUninstall$\comctl32.dll
[-] 2004-08-04 . A77DFB85FAEE49D66C74DA6024EBC69B . 611328 . . [5.82] . . c:\windows\$NtUninstallKB923191$\comctl32.dll

[-] 2008-04-14 . 3D4E199942E29207970E04315D02AD3B . 62464 . . [5.1.2600.5512] . . c:\windows\ServicePackFiles\i386\cryptsvc.dll
[-] 2008-04-14 . 3D4E199942E29207970E04315D02AD3B . 62464 . . [5.1.2600.5512] . . c:\windows\system32\cryptsvc.dll
[-] 2004-08-04 . 10654F9DDCEA9C46CFB77554231BE73B . 60416 . . [5.1.2600.2180] . . c:\windows\$NtServicePackUninstall$\cryptsvc.dll

[-] 2008-07-07 20:32 . 60D1A6342238378BFB7545C81EE3606C . 253952 . . [2001.12.4414.320] . . c:\windows\$NtServicePackUninstall$\es.dll
[-] 2008-07-07 20:26 . D4991D98F2DB73C60D042F1AEF79EFAE . 253952 . . [2001.12.4414.706] . . c:\windows\$hf_mig$\KB950974\SP3GDR\es.dll
[-] 2008-07-07 20:26 . D4991D98F2DB73C60D042F1AEF79EFAE . 253952 . . [2001.12.4414.706] . . c:\windows\system32\es.dll
[-] 2008-07-07 20:23 . F17F6226BDC0CD5F0BEF0DAF84D29BEC . 253952 . . [2001.12.4414.706] . . c:\windows\$hf_mig$\KB950974\SP3QFE\es.dll
[-] 2008-07-07 20:06 . A4AB3DCA4A383F0DF4988ABDEB84F9A4 . 253952 . . [2001.12.4414.320] . . c:\windows\$hf_mig$\KB950974\SP2QFE\es.dll
[-] 2008-04-14 00:11 . 19A799805B24990867B00C120D300C3A . 246272 . . [2001.12.4414.701] . . c:\windows\$NtUninstallKB950974$\es.dll
[-] 2008-04-14 00:11 . 19A799805B24990867B00C120D300C3A . 246272 . . [2001.12.4414.701] . . c:\windows\ServicePackFiles\i386\es.dll
[-] 2005-07-26 11:39 . 34BBD9ACC1538818F2C878898C64E793 . 243200 . . [2001.12.4414.308] . . c:\windows\$NtUninstallKB950974_0$\es.dll
[-] 2005-07-26 11:20 . 95F5FEA4C6DE2C3F28784D0DCC8F0DD3 . 243200 . . [2001.12.4414.308] . . c:\windows\$hf_mig$\KB902400\SP2QFE\es.dll
[-] 2004-08-04 12:00 . ACD36A2DD7D1E9D8A060AA651DC07E63 . 243200 . . [2001.12.4414.258] . . c:\windows\$NtUninstallKB902400$\es.dll

[-] 2008-04-14 . 0DA85218E92526972A821587E6A8BF8F . 110080 . . [5.1.2600.5512] . . c:\windows\ServicePackFiles\i386\imm32.dll
[-] 2008-04-14 . 0DA85218E92526972A821587E6A8BF8F . 110080 . . [5.1.2600.5512] . . c:\windows\system32\imm32.dll
[-] 2004-08-04 . 87CA7CE6469577F059297B9D6556D66D . 110080 . . [5.1.2600.2180] . . c:\windows\$NtServicePackUninstall$\imm32.dll

[-] 2008-04-14 . 2DC5A8019E2387987905F77C664E4BE2 . 19968 . . [5.1.2600.5512] . . c:\windows\ServicePackFiles\i386\linkinfo.dll
[-] 2008-04-14 . 2DC5A8019E2387987905F77C664E4BE2 . 19968 . . [5.1.2600.5512] . . c:\windows\system32\linkinfo.dll
[-] 2005-09-01 . 648BF0B4DDE4F7A1156DAE7174D36EFA . 19968 . . [5.1.2600.2751] . . c:\windows\$hf_mig$\KB900725\SP2QFE\linkinfo.dll
[-] 2005-09-01 . A1A688EE56CF3BBD24EDEB815D48E9BA . 19968 . . [5.1.2600.2751] . . c:\windows\$NtServicePackUninstall$\linkinfo.dll
[-] 2004-08-04 . C2BBD044C741EA4292016C36F718D2E4 . 18944 . . [5.1.2600.2180] . . c:\windows\$NtUninstallKB900725$\linkinfo.dll

[-] 2008-04-14 . 012DF358CEBAA23ACB26D82077820817 . 22016 . . [5.1.2600.5512] . . c:\windows\ServicePackFiles\i386\lpk.dll
[-] 2008-04-14 . 012DF358CEBAA23ACB26D82077820817 . 22016 . . [5.1.2600.5512] . . c:\windows\system32\lpk.dll
[-] 2004-08-04 . 74D66B3DE265E8789153414E75175F26 . 22016 . . [5.1.2600.2180] . . c:\windows\$NtServicePackUninstall$\lpk.dll

[-] 2008-04-14 . 355EDBB4D412B01F1740C17E3F50FA00 . 343040 . . [7.0.2600.5512] . . c:\windows\ServicePackFiles\i386\msvcrt.dll
[-] 2008-04-14 . 355EDBB4D412B01F1740C17E3F50FA00 . 343040 . . [7.0.2600.5512] . . c:\windows\system32\msvcrt.dll
[-] 2004-08-04 . B0FEFA816D61EC66AA765DDF534EAB5E . 343040 . . [7.0.2600.2180] . . c:\windows\$NtServicePackUninstall$\msvcrt.dll

[-] 2008-06-20 . 832E4DD8964AB7ACC880B2837CB1ED20 . 245248 . . [5.1.2600.5625] . . c:\windows\$hf_mig$\KB951748\SP3GDR\mswsock.dll
[-] 2008-06-20 . 832E4DD8964AB7ACC880B2837CB1ED20 . 245248 . . [5.1.2600.5625] . . c:\windows\system32\mswsock.dll
[-] 2008-06-20 . FCEE5FCB99F7C724593365C706D28388 . 245248 . . [5.1.2600.5625] . . c:\windows\$hf_mig$\KB951748\SP3QFE\mswsock.dll
[-] 2008-06-20 . 097722F235A1FB698BF9234E01B52637 . 245248 . . [5.1.2600.3394] . . c:\windows\$NtServicePackUninstall$\mswsock.dll
[-] 2008-06-20 . 1DFCA7713EA5A70D5D93B436AEA0317A . 245248 . . [5.1.2600.3394] . . c:\windows\$hf_mig$\KB951748\SP2QFE\mswsock.dll
[-] 2008-04-14 . B4138E99236F0F57D4CF49BAE98A0746 . 245248 . . [5.1.2600.5512] . . c:\windows\$NtUninstallKB951748$\mswsock.dll
[-] 2008-04-14 . B4138E99236F0F57D4CF49BAE98A0746 . 245248 . . [5.1.2600.5512] . . c:\windows\ServicePackFiles\i386\mswsock.dll
[-] 2004-08-04 . 4E74AF063C3271FBEA20DD940CFD1184 . 245248 . . [5.1.2600.2180] . . c:\windows\$NtUninstallKB951748_0$\mswsock.dll

[-] 2008-04-14 . 1B7F071C51B77C272875C3A23E1E4550 . 407040 . . [5.1.2600.5512] . . c:\windows\ServicePackFiles\i386\netlogon.dll
[-] 2008-04-14 . 1B7F071C51B77C272875C3A23E1E4550 . 407040 . . [5.1.2600.5512] . . c:\windows\system32\netlogon.dll
[-] 2004-08-04 . 96353FCECBA774BB8DA74A1C6507015A . 407040 . . [5.1.2600.2180] . . c:\windows\$NtServicePackUninstall$\netlogon.dll

[-] 2008-04-14 . 50A166237A0FA771261275A405646CC0 . 17408 . . [6.00.2900.5512] . . c:\windows\ServicePackFiles\i386\powrprof.dll
[-] 2008-04-14 . 50A166237A0FA771261275A405646CC0 . 17408 . . [6.00.2900.5512] . . c:\windows\system32\powrprof.dll
[-] 2004-08-04 . 1B5F6923ABB450692E9FE0672C897AED . 17408 . . [6.00.2900.2180] . . c:\windows\$NtServicePackUninstall$\powrprof.dll

[-] 2008-04-14 . A86BB5E61BF3E39B62AB4C7E7085A084 . 181248 . . [5.1.2600.5512] . . c:\windows\ServicePackFiles\i386\scecli.dll
[-] 2008-04-14 . A86BB5E61BF3E39B62AB4C7E7085A084 . 181248 . . [5.1.2600.5512] . . c:\windows\system32\scecli.dll
[-] 2004-08-04 . 0F78E27F563F2AAF74B91A49E2ABF19A . 180224 . . [5.1.2600.2180] . . c:\windows\$NtServicePackUninstall$\scecli.dll

[-] 2008-04-14 . 96E1C926F22EE1BFBAE82901A35F6BF3 . 5120 . . [5.1.2600.5512] . . c:\windows\ServicePackFiles\i386\sfc.dll
[-] 2008-04-14 . 96E1C926F22EE1BFBAE82901A35F6BF3 . 5120 . . [5.1.2600.5512] . . c:\windows\system32\sfc.dll
[-] 2004-08-04 . E8A12A12EA9088B4327D49EDCA3ADD3E . 5120 . . [5.1.2600.2180] . . c:\windows\$NtServicePackUninstall$\sfc.dll

[-] 2008-04-14 . 27C6D03BCDB8CFEB96B716F3D8BE3E18 . 14336 . . [5.1.2600.5512] . . c:\windows\ServicePackFiles\i386\svchost.exe
[-] 2008-04-14 . 27C6D03BCDB8CFEB96B716F3D8BE3E18 . 14336 . . [5.1.2600.5512] . . c:\windows\system32\svchost.exe
[-] 2004-08-04 . 8F078AE4ED187AAABC0A305146DE6716 . 14336 . . [5.1.2600.2180] . . c:\windows\$NtServicePackUninstall$\svchost.exe

[-] 2008-04-14 . 3CB78C17BB664637787C9A1C98F79C38 . 249856 . . [5.1.2600.5512] . . c:\windows\ServicePackFiles\i386\tapisrv.dll
[-] 2008-04-14 . 3CB78C17BB664637787C9A1C98F79C38 . 249856 . . [5.1.2600.5512] . . c:\windows\system32\tapisrv.dll
[-] 2005-07-08 . 1418A3A6E76E5A2E3F5E43866E793A8B . 249344 . . [5.1.2600.2716] . . c:\windows\$hf_mig$\KB893756\SP2QFE\tapisrv.dll
[-] 2005-07-08 . FB78839B36025AA286A51289ED28B73E . 249344 . . [5.1.2600.2716] . . c:\windows\$NtServicePackUninstall$\tapisrv.dll
[-] 2004-08-04 . EB4A4187D74A8EFDCBEA3EA2CB1BDFBD . 246272 . . [5.1.2600.2180] . . c:\windows\$NtUninstallKB893756$\tapisrv.dll

[-] 2008-04-14 . B26B135FF1B9F60C9388B4A7D16F600B . 578560 . . [5.1.2600.5512] . . c:\windows\ServicePackFiles\i386\user32.dll
[-] 2008-04-14 . B26B135FF1B9F60C9388B4A7D16F600B . 578560 . . [5.1.2600.5512] . . c:\windows\system32\user32.dll
[-] 2007-03-08 . 7AA4F6C00405DFC4B70ED4214E7D687B . 578048 . . [5.1.2600.3099] . . c:\windows\$hf_mig$\KB925902\SP2QFE\user32.dll
[-] 2007-03-08 . B409909F6E2E8A7067076ED748ABF1E7 . 577536 . . [5.1.2600.3099] . . c:\windows\$NtServicePackUninstall$\user32.dll
[-] 2005-03-02 . 1800F293BCCC8EDE8A70E12B88D80036 . 577024 . . [5.1.2600.2622] . . c:\windows\$hf_mig$\KB890859\SP2QFE\user32.dll
[-] 2005-03-02 . DE2DB164BBB35DB061AF0997E4499054 . 577024 . . [5.1.2600.2622] . . c:\windows\$NtUninstallKB925902$\user32.dll
[-] 2004-08-04 . C72661F8552ACE7C5C85E16A3CF505C4 . 577024 . . [5.1.2600.2180] . . c:\windows\$NtUninstallKB890859$\user32.dll

[-] 2008-04-14 . A93AEE1928A9D7CE3E16D24EC7380F89 . 26112 . . [5.1.2600.5512] . . c:\windows\ServicePackFiles\i386\userinit.exe
[-] 2008-04-14 . A93AEE1928A9D7CE3E16D24EC7380F89 . 26112 . . [5.1.2600.5512] . . c:\windows\system32\userinit.exe
[-] 2004-08-04 . 39B1FFB03C2296323832ACBAE50D2AFF . 24576 . . [5.1.2600.2180] . . c:\windows\$NtServicePackUninstall$\userinit.exe

[-] 2008-04-14 . 2CCC474EB85CEAA3E1FA1726580A3E5A . 82432 . . [5.1.2600.5512] . . c:\windows\ServicePackFiles\i386\ws2_32.dll
[-] 2008-04-14 . 2CCC474EB85CEAA3E1FA1726580A3E5A . 82432 . . [5.1.2600.5512] . . c:\windows\system32\ws2_32.dll
[-] 2004-08-04 . 2ED0B7F12A60F90092081C50FA0EC2B2 . 82944 . . [5.1.2600.2180] . . c:\windows\$NtServicePackUninstall$\ws2_32.dll

[-] 2008-04-14 . 12896823FB95BFB3DC9B46BCAEDC9923 . 1033728 . . [6.00.2900.5512] . . c:\windows\explorer.exe
[-] 2008-04-14 . 12896823FB95BFB3DC9B46BCAEDC9923 . 1033728 . . [6.00.2900.5512] . . c:\windows\ServicePackFiles\i386\explorer.exe
[-] 2007-06-13 . 7712DF0CDDE3A5AC89843E61CD5B3658 . 1033216 . . [6.00.2900.3156] . . c:\windows\$hf_mig$\KB938828\SP2QFE\explorer.exe
[-] 2007-06-13 . 97BD6515465659FF8F3B7BE375B2EA87 . 1033216 . . [6.00.2900.3156] . . c:\windows\$NtServicePackUninstall$\explorer.exe
[-] 2004-08-04 . A0732187050030AE399B241436565E64 . 1032192 . . [6.00.2900.2180] . . c:\windows\$NtUninstallKB938828$\explorer.exe

[-] 2008-04-14 . 3805DF0AC4296A34BA4BF93B346CC378 . 171008 . . [5.1.2600.5512] . . c:\windows\ServicePackFiles\i386\srsvc.dll
[-] 2008-04-14 . 3805DF0AC4296A34BA4BF93B346CC378 . 171008 . . [5.1.2600.5512] . . c:\windows\system32\srsvc.dll
[-] 2004-08-04 . 92BDF74F12D6CBEC43C94D4B7F804838 . 170496 . . [5.1.2600.2180] . . c:\windows\$NtServicePackUninstall$\srsvc.dll

[-] 2008-04-14 . F92E1076C42FCD6DB3D72D8CFE9816D5 . 13824 . . [5.1.2600.5512] . . c:\windows\ServicePackFiles\i386\wscntfy.exe
[-] 2008-04-14 . F92E1076C42FCD6DB3D72D8CFE9816D5 . 13824 . . [5.1.2600.5512] . . c:\windows\system32\wscntfy.exe
[-] 2004-08-04 . 49911DD39E023BB6C45E4E436CFBD297 . 13824 . . [5.1.2600.2180] . . c:\windows\$NtServicePackUninstall$\wscntfy.exe

[-] 2008-04-14 . 295D21F14C335B53CB8154E5B1F892B9 . 129024 . . [5.1.2600.5512] . . c:\windows\ServicePackFiles\i386\xmlprov.dll
[-] 2008-04-14 . 295D21F14C335B53CB8154E5B1F892B9 . 129024 . . [5.1.2600.5512] . . c:\windows\system32\xmlprov.dll
[-] 2004-08-04 . EEF46DAB68229A14DA3D8E73C99E2959 . 129536 . . [5.1.2600.2180] . . c:\windows\$NtServicePackUninstall$\xmlprov.dll

[-] 2008-04-14 . 6D4FEB43EE538FC5428CC7F0565AA656 . 56320 . . [5.1.2600.5512] . . c:\windows\ServicePackFiles\i386\eventlog.dll
[-] 2008-04-14 . 6D4FEB43EE538FC5428CC7F0565AA656 . 56320 . . [5.1.2600.5512] . . c:\windows\system32\eventlog.dll
[-] 2004-08-04 . 82B24CB70E5944E6E34662205A2A5B78 . 55808 . . [5.1.2600.2180] . . c:\windows\$NtServicePackUninstall$\eventlog.dll

[-] 2008-04-14 . 9DD07AF82244867CA36681EA2D29CE79 . 1614848 . . [5.1.2600.5512] . . c:\windows\ServicePackFiles\i386\sfcfiles.dll
[-] 2008-04-14 . 9DD07AF82244867CA36681EA2D29CE79 . 1614848 . . [5.1.2600.5512] . . c:\windows\system32\sfcfiles.dll
[-] 2004-08-04 . 30A609E00BD1D4FFC49D6B5A432BE7F2 . 1580544 . . [5.1.2600.2180] . . c:\windows\$NtServicePackUninstall$\sfcfiles.dll

[-] 2008-04-14 . 5F1D5F88303D4A4DBC8E5F97BA967CC3 . 15360 . . [5.1.2600.5512] . . c:\windows\ServicePackFiles\i386\ctfmon.exe
[-] 2008-04-14 . 5F1D5F88303D4A4DBC8E5F97BA967CC3 . 15360 . . [5.1.2600.5512] . . c:\windows\system32\ctfmon.exe
[-] 2004-08-04 . 24232996A38C0B0CF151C2140AE29FC8 . 15360 . . [5.1.2600.2180] . . c:\windows\$NtServicePackUninstall$\ctfmon.exe

[-] 2008-04-14 . 5B19B557B0C188210A56A6B699D90B8F . 59904 . . [5.1.2600.5512] . . c:\windows\ServicePackFiles\i386\regsvc.dll
[-] 2008-04-14 . 5B19B557B0C188210A56A6B699D90B8F . 59904 . . [5.1.2600.5512] . . c:\windows\system32\regsvc.dll
[-] 2004-08-04 . 3151427DB7D87107D1C5BE58FAC53960 . 59904 . . [5.1.2600.2180] . . c:\windows\$NtServicePackUninstall$\regsvc.dll

[-] 2008-04-14 . 0A9A7365A1CA4319AA7C1D6CD8E4EAFA . 192512 . . [5.1.2600.5512] . . c:\windows\ServicePackFiles\i386\schedsvc.dll
[-] 2008-04-14 . 0A9A7365A1CA4319AA7C1D6CD8E4EAFA . 192512 . . [5.1.2600.5512] . . c:\windows\system32\schedsvc.dll
[-] 2004-08-04 . 92360854316611F6CC471612213C3D92 . 190976 . . [5.1.2600.2180] . . c:\windows\$NtServicePackUninstall$\schedsvc.dll

[-] 2008-04-14 . 0A5679B3714EDAB99E357057EE88FCA6 . 71680 . . [5.1.2600.5512] . . c:\windows\ServicePackFiles\i386\ssdpsrv.dll
[-] 2008-04-14 . 0A5679B3714EDAB99E357057EE88FCA6 . 71680 . . [5.1.2600.5512] . . c:\windows\system32\ssdpsrv.dll
[-] 2004-08-04 . 4B8D61792F7175BED48859CC18CE4E38 . 71680 . . [5.1.2600.2180] . . c:\windows\$NtServicePackUninstall$\ssdpsrv.dll

[-] 2008-04-14 . FF3477C03BE7201C294C35F684B3479F . 295424 . . [5.1.2600.5512] . . c:\windows\ServicePackFiles\i386\termsrv.dll
[-] 2008-04-14 . FF3477C03BE7201C294C35F684B3479F . 295424 . . [5.1.2600.5512] . . c:\windows\system32\termsrv.dll
[-] 2004-08-04 . B60C877D16D9C880B952FDA04ADF16E6 . 295424 . . [5.1.2600.2180] . . c:\windows\$NtServicePackUninstall$\termsrv.dll

[-] 2004-08-04 . 9859C0F6936E723E4892D7141B1327D5 . 11648 . . [5.1.2600.0] . . c:\windows\system32\drivers\acpiec.sys

[-] 2008-04-13 16:39 . 8BED39E3C35D6A489438B8141717A557 . 142592 . . [5.1.2601.3142] . . c:\windows\ServicePackFiles\i386\aec.sys
[-] 2008-04-13 16:39 . 8BED39E3C35D6A489438B8141717A557 . 142592 . . [5.1.2601.3142] . . c:\windows\system32\drivers\aec.sys
[-] 2006-02-15 00:30 . 1EE7B434BA961EF845DE136224C30FEC . 142464 . . [5.1.2601.2180] . . c:\windows\$hf_mig$\KB900485\SP2QFE\aec.sys
[-] 2006-02-15 00:22 . 1EE7B434BA961EF845DE136224C30FEC . 142464 . . [5.1.2601.2180] . . c:\windows\$NtServicePackUninstall$\aec.sys
[-] 2004-08-04 13:39 . 841F385C6CFAF66B58FBD898722BB4F0 . 142464 . . [5.1.2601.2078] . . c:\windows\$NtUninstallKB900485$\aec.sys

[-] 2008-04-13 . 08FD04AA961BDC77FB983F328334E3D7 . 42368 . . [5.1.2600.5512] . . c:\windows\ServicePackFiles\i386\agp440.sys
[-] 2008-04-13 . 08FD04AA961BDC77FB983F328334E3D7 . 42368 . . [5.1.2600.5512] . . c:\windows\system32\drivers\agp440.sys

[-] 2008-04-13 . 3BB22519A194418D5FEC05D800A19AD0 . 36608 . . [5.1.2600.5512] . . c:\windows\ServicePackFiles\i386\ip6fw.sys
[-] 2008-04-13 . 3BB22519A194418D5FEC05D800A19AD0 . 36608 . . [5.1.2600.5512] . . c:\windows\system32\drivers\ip6fw.sys
[-] 2004-08-04 . 4448006B6BC60E6C027932CFC38D6855 . 29056 . . [5.1.2600.2180] . . c:\windows\$NtServicePackUninstall$\ip6fw.sys

[-] 2008-04-14 00:11 . CDDD4416B2B4C7295FE3FDB6DDE57E4E . 927504 . . [4.1.0.61] . . c:\windows\ServicePackFiles\i386\mfc40u.dll
[-] 2008-04-14 00:11 . CDDD4416B2B4C7295FE3FDB6DDE57E4E . 927504 . . [4.1.0.61] . . c:\windows\system32\mfc40u.dll
[-] 2006-11-01 19:17 . 925F8B61ED301A317BA850EBEECBDAA0 . 927504 . . [4.1.0.61] . . c:\windows\$NtServicePackUninstall$\mfc40u.dll
[-] 2004-08-04 12:00 . DDF8D47ACF8FC3FE5F7F2B95C4D4D136 . 924432 . . [4.1.6140] . . c:\windows\$NtUninstallKB924667$\mfc40u.dll

[-] 2008-04-14 . 986B1FF5814366D71E0AC5755C88F2D3 . 33792 . . [5.1.2600.5512] . . c:\windows\ServicePackFiles\i386\msgsvc.dll
[-] 2008-04-14 . 986B1FF5814366D71E0AC5755C88F2D3 . 33792 . . [5.1.2600.5512] . . c:\windows\system32\msgsvc.dll
[-] 2004-08-04 . 95FD808E4AC22ABA025A7B3EAC0375D2 . 33792 . . [5.1.2600.2180] . . c:\windows\$NtServicePackUninstall$\msgsvc.dll

[-] 2008-04-14 00:12 . 156F64A3345BD23C600655FB4D10BC08 . 435200 . . [5.1.2400.5512] . . c:\windows\ServicePackFiles\i386\ntmssvc.dll
[-] 2008-04-14 00:12 . 156F64A3345BD23C600655FB4D10BC08 . 435200 . . [5.1.2400.5512] . . c:\windows\system32\ntmssvc.dll
[-] 2004-08-04 12:00 . B62F29C00AC55A761B2E45877D85EA0F . 435200 . . [5.1.2400.2180] . . c:\windows\$NtServicePackUninstall$\ntmssvc.dll

[-] 2008-04-14 . 1EBAFEB9A3FBDC41B8D9C7F0F687AD91 . 185856 . . [5.1.2600.5512] . . c:\windows\ServicePackFiles\i386\upnphost.dll
[-] 2008-04-14 . 1EBAFEB9A3FBDC41B8D9C7F0F687AD91 . 185856 . . [5.1.2600.5512] . . c:\windows\system32\upnphost.dll
[-] 2007-02-05 . 36ACA6CDC19C95FF468A1426EB7F32F0 . 185344 . . [5.1.2600.3077] . . c:\windows\$hf_mig$\KB931261\SP2QFE\upnphost.dll
[-] 2007-02-05 . ACA5D98663D879C6BAAFCEA7E2F1B710 . 185344 . . [5.1.2600.3077] . . c:\windows\$NtServicePackUninstall$\upnphost.dll
[-] 2004-08-04 . 0546477BDE979E33294FE97F6B3DE84A . 185344 . . [5.1.2600.2180] . . c:\windows\$NtUninstallKB931261$\upnphost.dll
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"="c:\windows\system32\ctfmon.exe" [2008-04-14 15360]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2009-11-21 12669544]

[hkey_local_machine\software\microsoft\windows\currentversion\explorer\SharedTaskScheduler]
"{E99D38E9-4B17-48E3-A6D8-3290FD0DC3CA}"= "c:\windows\system32\dpunicor.dll" [2001-03-30 372736]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\DPWLN ]
2006-10-09 21:27 99856 ----a-w- c:\windows\system32\DPWLEvHd.dll

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]
BootExecute REG_MULTI_SZ PDBoot.exe\0autocheck autochk *

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
Notification Packages REG_MULTI_SZ scecli DPPWDFLT

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]
@="Driver"

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Logiteck Software PreLoad.exe]
backup=c:\windows\pss\Logiteck Software PreLoad.exeCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^UltraMon.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\UltraMon.lnk
backup=c:\windows\pss\UltraMon.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^Compaq_Owner^Start Menu^Programs^Startup^Assus XDesktop PreLoad.exe]
backup=c:\windows\pss\Assus XDesktop PreLoad.exeStartup
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AVG8_TRAY

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\CurseClient]
c:\program files\Curse\CurseClient.exe -silent [X]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MsgCenterExe]
c:\program files\Common Files\Real\Update_OB\RealOneMessageCenter.exe -osboot [X]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
c:\program files\QuickTime\qttask.exe -atboottime [X]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TkBellExe]
c:\program files\Common Files\Real\Update_OB\realsched.exe -osboot [X]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Advanced SystemCare 3]
2009-02-22 18:45 2272592 ----a-w- c:\program files\IObit\Advanced SystemCare 3\AWC.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ccApp]
2006-07-20 00:26 52896 ----a-w- c:\program files\Common Files\Symantec Shared\ccApp.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ctfmon.exe]
2008-04-14 00:12 15360 ----a-w- c:\windows\system32\ctfmon.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DPAgnt]
2006-10-09 21:27 807440 ----a-w- c:\program files\DigitalPersona\Bin\DPAgnt.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\EPSON Stylus CX4400 Series]
2007-03-01 11:01 180736 ----a-w- c:\windows\system32\spool\drivers\w32x86\3\E_FATICAA.EXE

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HP Software Update]
2005-02-17 14:11 49152 ----a-w- c:\program files\HP\HP Software Update\hpwuSchd2.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HPBootOp]
2005-09-21 17:41 1605740 ----a-w- c:\program files\Hewlett-Packard\HP Boot Optimizer\HPBootOp.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper]
2009-10-29 00:21 141600 ----a-w- c:\program files\iTunes\iTunesHelper.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Malwarebytes Anti-Malware (reboot)]
2009-12-03 21:14 1394000 ----a-w- c:\program files\Malwarebytes' Anti-Malware\mbam.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MsnMsgr]
2009-07-26 21:44 3883856 ----a-w- c:\program files\Windows Live\Messenger\msnmsgr.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NvCplDaemon]
2009-11-21 01:32 12669544 ----a-w- c:\windows\system32\nvcpl.dll

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NvMediaCenter]
2009-11-21 01:32 110184 ----a-w- c:\windows\system32\nvmctray.dll

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SpybotSD TeaTimer]
2009-03-05 20:07 2260480 --sha-r- c:\program files\Spybot - Search & Destroy\TeaTimer.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
2009-10-11 09:17 149280 ----a-w- c:\program files\Java\jre6\bin\jusched.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\UnlockerAssistant]
2008-05-02 04:15 15872 ----a-w- c:\program files\Unlocker\UnlockerAssistant.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\uTorrent]
2009-11-19 22:49 289584 ----a-w- c:\program files\uTorrent\uTorrent.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\vptray]
2006-10-25 00:33 125120 ----a-w- c:\progra~1\SYMANT~1\VPTray.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WMPNSCFG]
2006-10-19 00:05 204288 ------w- c:\program files\Windows Media Player\wmpnscfg.exe

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
"DisableMonitoring"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\Messenger\\msmsgs.exe"=
"c:\\Program Files\\Microsoft Office\\Office12\\OUTLOOK.EXE"=
"c:\\Program Files\\Microsoft Office\\Office12\\ONENOTE.EXE"=
"c:\\Program Files\\Ventrilo\\Ventrilo.exe"=
"c:\\Program Files\\Mozilla Firefox\\firefox.exe"=
"c:\\Program Files\\Curse\\CurseClient.exe"=
"c:\\Program Files\\World of Warcraft\\Launcher.exe"=
"c:\\Program Files\\Java\\jre6\\bin\\javaws.exe"=
"c:\\Program Files\\World of Warcraft\\WoW-3.1.3.9947-to-3.2.0.10192-enUS-downloader.exe"=
"c:\\Program Files\\World of Warcraft\\WoW-3.2.0.10192-to-3.2.0.10314-enUS-downloader.exe"=
"c:\\Program Files\\World of Warcraft\\WoW-3.2.0.10314-to-3.2.2.10482-enUS-downloader.exe"=
"c:\\Program Files\\World of Warcraft\\WoW-3.2.2.10482-to-3.2.2.10505-enUS-downloader.exe"=
"c:\\Program Files\\iTunes\\iTunes.exe"=
"c:\\Program Files\\uTorrent\\uTorrent.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\wlcsdk.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
"c:\\Program Files\\World of Warcraft\\BackgroundDownloader.exe"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"3724:TCP"= 3724:TCP:Blizzard Downloader: 3724

R2 PD91Agent;PD91Agent;c:\program files\Raxco\PerfectDisk2008\PD91Agent.exe [12/31/2008 1:12 PM 693512]
R2 UltraMonUtility;UltraMon Utility Driver;c:\program files\Common Files\Realtime Soft\UltraMonMirrorDrv\x32\UltraMonUtility.sys [11/14/2008 2:11 AM 17184]
R3 dpK0Bx01;Fingerprint Reader Filter Driver;c:\windows\system32\drivers\dpK0Bx01.sys [9/16/2006 5:25 PM 35584]
R3 EraserUtilRebootDrv;EraserUtilRebootDrv;c:\program files\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [12/2/2009 9:58 PM 102448]
R3 usbdpfp;Fingerprint Reader Class Driver;c:\windows\system32\drivers\usbdpfp.sys [9/16/2006 5:23 PM 47360]
S2 7abs3rho7;nmahnds;"c:\program files\Common Files\tya62hfb\zmaodn92.exe" --> c:\program files\Common Files\tya62hfb\zmaodn92.exe [?]
S3 JmtFltr;n52te;c:\windows\system32\Drivers\JmtFltr.sys --> c:\windows\system32\Drivers\JmtFltr.sys [?]
S3 PD91Engine;PD91Engine;c:\program files\Raxco\PerfectDisk2008\PD91Engine.exe [12/31/2008 1:12 PM 910600]
S3 SavRoam;SAVRoam;c:\program files\Symantec AntiVirus\SavRoam.exe [10/24/2006 7:32 PM 116416]
S3 UltraMonMirror;UltraMonMirror;c:\windows\system32\DRIVERS\UltraMonMirror.sys --> c:\windows\system32\DRIVERS\UltraMonMirror.sys [?]
.
------- Supplementary Scan -------
.
uStart Page = hxxp://newcelica.org/
uDefault_Search_URL = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iesearch&locale=EN_US&c=Q106&bd=presario&pf=desktop
mSearch Bar = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iesearch&locale=EN_US&c=Q106&bd=presario&pf=desktop
uInternet Settings,ProxyServer = http=127.0.0.1:5555
uInternet Settings,ProxyOverride = <local>
IE: &ieSpell Options - c:\program files\ieSpell\iespell.dll/SPELLOPTION.HTM
IE: Check &Spelling - c:\program files\ieSpell\iespell.dll/SPELLCHECK.HTM
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~4\Office12\EXCEL.EXE/3000
IE: Lookup on Merriam Webster - file://c:\program files\ieSpell\Merriam Webster.HTM
IE: Lookup on Wikipedia - file://c:\program files\ieSpell\wikipedia.HTM
FF - ProfilePath - c:\documents and settings\Compaq_Owner\Application Data\Mozilla\Firefox\Profiles\oa40z2j8.default\
FF - prefs.js: browser.search.defaulturl - hxxp://aim.search.aol.com/search/search?query={searchTerms}&invocationType=tb50-ff-aim-chromesbox-en-us
FF - prefs.js: keyword.URL - hxxp://slirsredirect.search.aol.com/slirs_http/sredir?sredir=2706&invocationType=tb50-ff-aim-ab-en-us&query=
FF - plugin: c:\program files\Mozilla Firefox\plugins\npdnupdater2.dll
FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\

---- FIREFOX POLICIES ----
FF - user.js: network.protocol-handler.warn-external.dnupdate - false);user_pref(network.protocol-handler.warn-external.dnupdate, false);user_pref(network.protocol-handler.warn-external.dnupdate, false.
- - - - ORPHANS REMOVED - - - -

BHO-{64d9006c-6a15-4512-adb1-8dfdae1776b3} - (no file)
HKU-Default-Run-HKCU - c:\dir\install\install\ser4jg.exe
Notify-cbXpMEwX - cbXpMEwX.dll
MSConfigStartUp-Aim - c:\program files\AIM\aim.exe
MSConfigStartUp-nwiz - nwiz.exe

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-12-10 10:50
Windows 5.1.2600 Service Pack 3 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************

Stealth MBR rootkit/Mebroot/Sinowal detector 0.3.7 by Gmer, http://www.gmer.net

device: opened successfully
user: MBR read successfully
called modules: ntkrnlpa.exe CLASSPNP.SYS disk.sys ACPI.sys hal.dll >>UNKNOWN [0x8A6C9618]<<
kernel: MBR read successfully
detected MBR rootkit hooks:
\Driver\Disk -> CLASSPNP.SYS @ 0xb810cf28
\Driver\ACPI -> ACPI.sys @ 0xb7f7fcb8
\Driver\atapi -> atapi.sys @ 0xb7e62852
\Driver\iaStor -> iaStor.sys @ 0xb7e86ade
IoDeviceObjectType -> ParseProcedure -> ntkrnlpa.exe @ 0x805827e8
SecurityProcedure -> ntkrnlpa.exe @ 0x80583d4a
\Device\Harddisk0\DR0 -> ParseProcedure -> ntkrnlpa.exe @ 0x805827e8
SecurityProcedure -> ntkrnlpa.exe @ 0x80583d4a
NDIS: Realtek RTL8139/810x Family Fast Ethernet NIC -> SendCompleteHandler -> NDIS.sys @ 0xb7d01bd4
PacketIndicateHandler -> NDIS.sys @ 0xb7d0da21
SendHandler -> NDIS.sys @ 0xb7d01d44
user & kernel MBR OK

**************************************************************************
.
--------------------- LOCKED REGISTRY KEYS ---------------------

[HKEY_USERS\S-1-5-21-3994133828-2625800171-4019574962-1009\Software\SecuROM\!CAUTION! NEVER A OR CHANGE ANY KEY*]
"??"=hex:b9,bb,2b,90,cb,41,12,ad,a5,38,76,14,3b,23,59,e7,e0,7f,ad,87,89,7e,01,
e9,e9,e2,59,5f,eb,39,75,8c,74,57,45,0f,ec,41,53,c4,3c,75,87,82,b0,d3,79,2a,\
"??"=hex:cf,55,c7,95,2b,14,4d,f8,66,7b,0c,1b,19,52,fe,22
.
--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'winlogon.exe'(600)
c:\windows\system32\WININET.dll
c:\windows\system32\Ati2evxx.dll
c:\windows\system32\DPWLEvHd.dll

- - - - - - - > 'lsass.exe'(660)
c:\windows\system32\WININET.dll
c:\windows\DPPWDFLT.dll

- - - - - - - > 'explorer.exe'(3628)
c:\windows\system32\WININET.dll
c:\windows\system32\ieframe.dll
c:\windows\system32\WPDShServiceObj.dll
c:\windows\system32\dpunicor.dll
c:\windows\system32\mshtml.dll
c:\program files\WinSCP\DragExt.dll
c:\windows\system32\fbhco.dll
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
.
------------------------ Other Running Processes ------------------------
.
c:\windows\system32\nvsvc32.exe
c:\program files\DigitalPersona\Bin\DPWinLct.exe
c:\program files\Common Files\Symantec Shared\ccSetMgr.exe
c:\program files\Common Files\Symantec Shared\ccEvtMgr.exe
c:\program files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
c:\program files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
c:\program files\Symantec AntiVirus\DefWatch.exe
c:\program files\DigitalPersona\Bin\DpHost.exe
c:\documents and settings\All Users\Application Data\EPSON\EPW!3 SSRP\E_S40RP7.EXE
c:\program files\Java\jre6\bin\jqs.exe
c:\program files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
c:\program files\Symantec AntiVirus\Rtvscan.exe
c:\program files\DigitalPersona\Bin\DPFUSMgr.exe
.
**************************************************************************
.
Completion time: 2009-12-10 10:58:33 - machine was rebooted
ComboFix-quarantined-files.txt 2009-12-10 15:58

Pre-Run: 8,938,250,240 bytes free
Post-Run: 8,820,015,104 bytes free

WindowsXP-KB310994-SP2-Home-BootDisk-ENU.exe
[boot loader]
timeout=2
default=multi(0)disk(0)rdisk(0)partition(2)\WINDOWS
[operating systems]
c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
multi(0)disk(0)rdisk(0)partition(2)\WINDOWS="Microsoft Windows XP Home Edition" /noexecute=optin /fastdetect

- - End Of File - - 7E581DDF020114FD1EC7FD943665F84F

IE8 is working, but sometimes when i open it, i get some popups and sometimes it opens my C drive?

IE8 is working, but sometimes when i open it, i get some popups and sometimes it opens my C drive?

Well . . . That combofix log is ugly. You have some nasty rootkitted malware. Probably not responsible for the IE8 issues since other browsers work, but definitely more serious and worrisome....

  • Do you have your Windows CD?
  • Are you able to make backups of your important data (music / pictures / work product and the like)?

You should keep this computer offline as much as possible and, if it is part of a network, disconnect it from the network until it can be cleaned.

I'd like to have a more detailed look as some things:
Please download GMER Rootkit Scanner:
http://www.gmer.net/download.php

  • DoubleClick the .exe file and, if asked, allow the gmer.sys driver to load.

    • When GMER opens, it should automatically do a quick scan for rootkits.
    • When the quick scan finishes, click the Save Button and save the scanlog to your Desktop as GMER One.
  • If upon running GMER you receive a warning about Rootkit Activity and GMER asks if you want to run a scan, Click NO

  • Make sure the Rootkit/Malware Tab is selected (Top Left of GMER GUI)
  • Along the Right Side of the GMER GUI there will be a number of checked boxes (GMER GUI. Please Uncheck the following:

    • Sections
    • IAT/EAT
    • Drives or Partitions other than your Systemdrive (usually C:)
    • Show All (be sure this one remains Unchecked!)
  • Then, click the Scan Button

  • Allow the scan as long as it needs and then click the save button and name the log GMER Two.log and save it to where you can easily find it and post it for me along with the first log.
  • Disconnect from the internet and do not run any other programs while GMER is scanning. Temporarily disable any real-time anti-spyware or anti-virus protection so they do not interfere with the running of GMER.
  • DO NOT take any action for any found items until I can have a look.

PP:)

GMER 1.0.15.15273 - http://www.gmer.net
Rootkit scan 2009-12-10 19:54:31
Windows 5.1.2600 Service Pack 3
Running: hbhksp47.exe; Driver: C:\DOCUME~1\COMPAQ~1\LOCALS~1\Temp\kfddapoc.sys


---- System - GMER 1.0.15 ----

SSDT 8A7BB2E0 ZwAlertResumeThread
SSDT 8A3BD528 ZwAlertThread
SSDT 8A2E1AF8 ZwAllocateVirtualMemory
SSDT 8A2B1B28 ZwConnectPort
SSDT 8A2DC470 ZwCreateMutant
SSDT 8A3C46A0 ZwCreateThread
SSDT \??\C:\Program Files\Symantec\SYMEVENT.SYS (Symantec Event Library/Symantec Corporation) ZwDeleteValueKey [0xA88F7350]
SSDT 8A234330 ZwFreeVirtualMemory
SSDT 8A2DCE10 ZwImpersonateAnonymousToken
SSDT 8A30DB98 ZwImpersonateThread
SSDT 8A39C430 ZwMapViewOfSection
SSDT 8A2DD488 ZwOpenEvent
SSDT 8A3AAA58 ZwOpenProcessToken
SSDT 8A2DF420 ZwOpenThreadToken
SSDT 8A251400 ZwQueryValueKey
SSDT 8A317EF0 ZwResumeThread
SSDT 8A2D95A0 ZwSetContextThread
SSDT 8A39FF70 ZwSetInformationProcess
SSDT 8A2D7818 ZwSetInformationThread
SSDT \??\C:\Program Files\Symantec\SYMEVENT.SYS (Symantec Event Library/Symantec Corporation) ZwSetValueKey [0xA88F7580]
SSDT 8A2DD728 ZwSuspendProcess
SSDT 8A2D53B8 ZwSuspendThread
SSDT 8A37A970 ZwTerminateProcess
SSDT 8A2D5560 ZwTerminateThread
SSDT 8A2E8518 ZwUnmapViewOfSection
SSDT 8A2DFC70 ZwWriteVirtualMemory

---- Devices - GMER 1.0.15 ----

AttachedDevice \FileSystem\Ntfs \Ntfs bb-run.sys (Promise Disk Accelerator/Promise Technology, Inc.)
AttachedDevice \FileSystem\Ntfs \Ntfs SYMEVENT.SYS (Symantec Event Library/Symantec Corporation)
AttachedDevice \Driver\Tcpip \Device\Ip SYMTDI.SYS (Network Dispatch Driver/Symantec Corporation)
AttachedDevice \Driver\Tcpip \Device\Tcp SYMTDI.SYS (Network Dispatch Driver/Symantec Corporation)
AttachedDevice \Driver\Tcpip \Device\Udp SYMTDI.SYS (Network Dispatch Driver/Symantec Corporation)
AttachedDevice \Driver\Tcpip \Device\RawIp SYMTDI.SYS (Network Dispatch Driver/Symantec Corporation)
AttachedDevice \FileSystem\Fastfat \Fat fltmgr.sys (Microsoft Filesystem Filter Manager/Microsoft Corporation)

Device -> \Driver\atapi \Device\Harddisk0\DR0 8A743618

---- Files - GMER 1.0.15 ----

File C:\WINDOWS\system32\drivers\atapi.sys suspicious modification

---- EOF - GMER 1.0.15 ----

Sorry for the late reply - really tied up with work these days.

Please try the following:

Click START > RUN > type cmd and hit OK
At the prompt Copy&Paste the complete text in Red below and hit ENTER:

Copy C:\windows\ServicePackFiles\i386\atapi.sys C:\

Then, with the command prompt still open, do the same for this one:

Copy C:\windows\ServicePackFiles\i386\iaStor.sys C:\


NEXT:
Please Download The Avenger v2 by Swandog46
http://swandog46.geekstogo.com/avenger.zip

-- Extract Avenger.exe from the ZIP to your Desktop
-- Highlight Everything in Red below and copy it using Ctrl+C or RightClick > Copy:


Files to move:
C:\iaStor.sys | C:\windows\system32\drivers\iaStor.sys
C:\atapi.sys | C:\windows\system32\drivers\atapi.sys


-- Now, DoubleClick avenger.exe on your desktop to run it
-- Read the Warning Prompt and press OK
-- Paste the script you just copied into the textbox, using Ctrl+V or RightClick > Paste
-- Press Execute
-- Answer YES to the confirmation prompts and allow your computer to reboot.
In some cases, The Avenger will reboot your machine a second time. No worries.
-- After reboot, The Avenger should open a log – please post that for me.

THEN:
Reboot into the Recovery Console (you should now have the option to select that option on reboot).

-- At the command prompt, type fixmbr and hit ENTER.

Then reboot to Normal Windows and let me know how you fared with the above steps and please pot that Avenger log for me.

Best Luck :)
PP

I just want to say here and now, i really appreciate the help. And no problem in posting late...at least its not like a regular forum where people read it, and no one help. This really is a nice fourm.

But back to topic,
I copied the first one in CMD, but it said it couldn't find the second one though, but i carried on.

Logfile of The Avenger Version 2.0, (c) by Swandog46
http://swandog46.geekstogo.com

Platform:  Windows XP

*******************

Script file opened successfully.
Script file read successfully.

Backups directory opened successfully at C:\Avenger

*******************

Beginning to process script file:

Rootkit scan active.
No rootkits found!


Error:  file "C:\iaStor.sys" not found!
File move operation "C:\iaStor.sys|C:\windows\system32\drivers\iaStor.sys" failed!
Status: 0xc0000034 (STATUS_OBJECT_NAME_NOT_FOUND)
  --> the object does not exist


Error:  could not move file "C:\atapi.sys"
File move operation "C:\atapi.sys|C:\windows\system32\drivers\atapi.sys" failed!
Status: 0xc0000022 (STATUS_ACCESS_DENIED)


Completed script processing.

*******************

Finished!  Terminate.

Then i left my computer running, and came back to this screen.
http://img.photobucket.com/albums/v439/Tug_bran612/found-1.jpg

I just want to say here and now, i really appreciate the help. And no problem in posting late...at least its not like a regular forum where people read it, and no one help. This really is a nice fourm.

There are a lot of good forums, but most are overwhelmed with requests for help and have few regular volunteers. Factor in the holidays and you might have quite a wait.
I have a friend who runs the malware forum at another site and, while they offer excellent advice, they run 2-3 days between replies....

I copied the first one in CMD, but it said it couldn't find the second one though, but i carried on.

That's what I figured - we'll need to look for it. Probably need to come up with two uninfected copies.....

-- Did you try the Recovery Console and fixmbr? We'll have to do that again once we get rid of the modified files.

Then i left my computer running, and came back to this screen.
http://img.photobucket.com/albums/v439/Tug_bran612/found-1.jpg

That is not surprising - we may need to download a clean copy.


Let's first try whacking at this with a different tool:

Please download TDSSKiller.zip and Extract TDSSKiller.exe from the ZIP to your Desktop.
-- Click START > RUN and type or Copy&Paste the following command into the Run Box and hit ENTER:

"%userprofile%\Desktop\TDSSKiller.exe" -l C:\LogIt.txt -v

Let the tool run. If you get a Hidden service detected message, DO NOT take any action. Just press ENTER and allow the tool to continue.

Once it finishes, please post the C:\LogIt.txt for me.

Will check back as time permits.

PP:)

Ive tried looking through these logs and stuff, i don't see how you can visually look at this stuff and be like "oh he has that virus..etc"...thats crazy.

3:19:14:609	2436	ForceUnloadDriver: NtUnloadDriver error 2
3:19:14:609	2436	ForceUnloadDriver: NtUnloadDriver error 2
3:19:14:609	2436	ForceUnloadDriver: NtUnloadDriver error 2
3:19:14:625	2436	main: Driver KLMD successfully dropped
3:19:14:625	2436	main: Driver KLMD successfully loaded
3:19:14:625	2436	
Scanning	Registry ...
3:19:14:687	2436	ScanServices: Searching service UACd.sys
3:19:14:687	2436	ScanServices: Open/Create key error 2
3:19:14:687	2436	ScanServices: Searching service TDSSserv.sys
3:19:14:687	2436	ScanServices: Open/Create key error 2
3:19:14:687	2436	ScanServices: Searching service gaopdxserv.sys
3:19:14:687	2436	ScanServices: Open/Create key error 2
3:19:14:687	2436	ScanServices: Searching service gxvxcserv.sys
3:19:14:687	2436	ScanServices: Open/Create key error 2
3:19:14:687	2436	ScanServices: Searching service MSIVXserv.sys
3:19:14:687	2436	ScanServices: Open/Create key error 2
3:19:14:687	2436	UnhookRegistry: Kernel module file name: C:\windows\system32\ntkrnlpa.exe, base addr: 804D7000
3:19:14:703	2436	UnhookRegistry: Kernel local addr: A40000
3:19:14:796	2436	UnhookRegistry: KeServiceDescriptorTable addr: AC5700
3:19:14:968	2436	UnhookRegistry: KiServiceTable addr: A6D460
3:19:14:968	2436	UnhookRegistry: NtEnumerateKey service number (local): 47
3:19:14:968	2436	UnhookRegistry: NtEnumerateKey local addr: B8CFF2
3:19:14:984	2436	KLMD_OpenDevice: Trying to open KLMD device
3:19:14:984	2436	KLMD_GetSystemRoutineAddressA: Trying to get system routine address ZwEnumerateKey
3:19:14:984	2436	KLMD_GetSystemRoutineAddressW: Trying to get system routine address ZwEnumerateKey
3:19:14:984	2436	KLMD_ReadMem: Trying to ReadMemory 0x805002C9[0x4]
3:19:14:984	2436	UnhookRegistry: NtEnumerateKey service number (kernel): 47
3:19:14:984	2436	KLMD_ReadMem: Trying to ReadMemory 0x8050457C[0x4]
3:19:14:984	2436	UnhookRegistry: NtEnumerateKey real addr: 80623FF2
3:19:14:984	2436	UnhookRegistry: NtEnumerateKey calc addr: 80623FF2
3:19:14:984	2436	UnhookRegistry: No SDT hooks found on NtEnumerateKey
3:19:14:984	2436	KLMD_ReadMem: Trying to ReadMemory 0x80623FF2[0xA]
3:19:14:984	2436	UnhookRegistry: No splicing found on NtEnumerateKey
3:19:14:984	2436	
Scanning	Kernel memory ...
3:19:14:984	2436	KLMD_OpenDevice: Trying to open KLMD device
3:19:14:984	2436	KLMD_GetSystemObjectAddressByNameA: Trying to get system object address by name \Driver\Disk
3:19:14:984	2436	KLMD_GetSystemObjectAddressByNameW: Trying to get system object address by name \Driver\Disk
3:19:14:984	2436	DetectCureTDL3: \Driver\Disk PDRIVER_OBJECT: 8A772910
3:19:14:984	2436	DetectCureTDL3: KLMD_GetDeviceObjectList returned 11 DevObjects
3:19:14:984	2436	DetectCureTDL3: 0 Curr stack PDEVICE_OBJECT: 8A2A8C68
3:19:14:984	2436	KLMD_GetLowerDeviceObject: Trying to get lower device object for 8A2A8C68
3:19:14:984	2436	KLMD_ReadMem: Trying to ReadMemory 0x8A2A8C68[0x38]
3:19:14:984	2436	DetectCureTDL3: DRIVER_OBJECT addr: 8A772910
3:19:14:984	2436	KLMD_ReadMem: Trying to ReadMemory 0x8A772910[0xA8]
3:19:14:984	2436	KLMD_ReadMem: Trying to ReadMemory 0xE10142C8[0x208]
3:19:14:984	2436	DetectCureTDL3: DRIVER_OBJECT name: \Driver\Disk, Driver Name: Disk
3:19:14:984	2436	DetectCureTDL3: IrpHandler (0) addr: B810EBB0
3:19:14:984	2436	DetectCureTDL3: IrpHandler (1) addr: 804F4562
3:19:14:984	2436	DetectCureTDL3: IrpHandler (2) addr: B810EBB0
3:19:14:984	2436	DetectCureTDL3: IrpHandler (3) addr: B8108D1F
3:19:14:984	2436	DetectCureTDL3: IrpHandler (4) addr: B8108D1F
3:19:14:984	2436	DetectCureTDL3: IrpHandler (5) addr: 804F4562
3:19:14:984	2436	DetectCureTDL3: IrpHandler (6) addr: 804F4562
3:19:14:984	2436	DetectCureTDL3: IrpHandler (7) addr: 804F4562
3:19:14:984	2436	DetectCureTDL3: IrpHandler (8) addr: 804F4562
3:19:14:984	2436	DetectCureTDL3: IrpHandler (9) addr: B81092E2
3:19:14:984	2436	DetectCureTDL3: IrpHandler (10) addr: 804F4562
3:19:14:984	2436	DetectCureTDL3: IrpHandler (11) addr: 804F4562
3:19:14:984	2436	DetectCureTDL3: IrpHandler (12) addr: 804F4562
3:19:14:984	2436	DetectCureTDL3: IrpHandler (13) addr: 804F4562
3:19:14:984	2436	DetectCureTDL3: IrpHandler (14) addr: B81093BB
3:19:14:984	2436	DetectCureTDL3: IrpHandler (15) addr: B810CF28
3:19:14:984	2436	DetectCureTDL3: IrpHandler (16) addr: B81092E2
3:19:14:984	2436	DetectCureTDL3: IrpHandler (17) addr: 804F4562
3:19:14:984	2436	DetectCureTDL3: IrpHandler (18) addr: 804F4562
3:19:14:984	2436	DetectCureTDL3: IrpHandler (19) addr: 804F4562
3:19:14:984	2436	DetectCureTDL3: IrpHandler (20) addr: 804F4562
3:19:14:984	2436	DetectCureTDL3: IrpHandler (21) addr: 804F4562
3:19:14:984	2436	DetectCureTDL3: IrpHandler (22) addr: B810AC82
3:19:14:984	2436	DetectCureTDL3: IrpHandler (23) addr: B810F99E
3:19:14:984	2436	DetectCureTDL3: IrpHandler (24) addr: 804F4562
3:19:14:984	2436	DetectCureTDL3: IrpHandler (25) addr: 804F4562
3:19:14:984	2436	DetectCureTDL3: IrpHandler (26) addr: 804F4562
3:19:14:984	2436	KLMD_ReadMem: Trying to ReadMemory 0x0[0x400]
3:19:14:984	2436	KLMD_ReadMem: DeviceIoControl error 1
3:19:14:984	2436	TDL3_StartIoHookDetect: Unable to get StartIo handler code
3:19:14:984	2436	TDL3_FileDetect: Processing driver: Disk
3:19:14:984	2436	TDL3_FileDetect: Parameters: C:\WINDOWS\system32\drivers\disk.sys, C:\WINDOWS\system32\Drivers\tsk_disk.sys, SYSTEM\CurrentControlSet\Services\Disk, system32\Drivers\tsk_disk.sys
3:19:14:984	2436	TDL3_FileDetect: Processing driver file: C:\WINDOWS\system32\drivers\disk.sys
3:19:14:984	2436	KLMD_CreateFileW: Trying to open file C:\WINDOWS\system32\drivers\disk.sys
3:19:15:31	2436	DetectCureTDL3: 1 Curr stack PDEVICE_OBJECT: 8A3C5448
3:19:15:31	2436	KLMD_GetLowerDeviceObject: Trying to get lower device object for 8A3C5448
3:19:15:31	2436	KLMD_ReadMem: Trying to ReadMemory 0x8A3C5448[0x38]
3:19:15:31	2436	DetectCureTDL3: DRIVER_OBJECT addr: 8A772910
3:19:15:31	2436	KLMD_ReadMem: Trying to ReadMemory 0x8A772910[0xA8]
3:19:15:31	2436	KLMD_ReadMem: Trying to ReadMemory 0xE10142C8[0x208]
3:19:15:31	2436	DetectCureTDL3: DRIVER_OBJECT name: \Driver\Disk, Driver Name: Disk
3:19:15:31	2436	DetectCureTDL3: IrpHandler (0) addr: B810EBB0
3:19:15:31	2436	DetectCureTDL3: IrpHandler (1) addr: 804F4562
3:19:15:31	2436	DetectCureTDL3: IrpHandler (2) addr: B810EBB0
3:19:15:31	2436	DetectCureTDL3: IrpHandler (3) addr: B8108D1F
3:19:15:31	2436	DetectCureTDL3: IrpHandler (4) addr: B8108D1F
3:19:15:31	2436	DetectCureTDL3: IrpHandler (5) addr: 804F4562
3:19:15:31	2436	DetectCureTDL3: IrpHandler (6) addr: 804F4562
3:19:15:31	2436	DetectCureTDL3: IrpHandler (7) addr: 804F4562
3:19:15:31	2436	DetectCureTDL3: IrpHandler (8) addr: 804F4562
3:19:15:31	2436	DetectCureTDL3: IrpHandler (9) addr: B81092E2
3:19:15:31	2436	DetectCureTDL3: IrpHandler (10) addr: 804F4562
3:19:15:31	2436	DetectCureTDL3: IrpHandler (11) addr: 804F4562
3:19:15:31	2436	DetectCureTDL3: IrpHandler (12) addr: 804F4562
3:19:15:31	2436	DetectCureTDL3: IrpHandler (13) addr: 804F4562
3:19:15:31	2436	DetectCureTDL3: IrpHandler (14) addr: B81093BB
3:19:15:31	2436	DetectCureTDL3: IrpHandler (15) addr: B810CF28
3:19:15:31	2436	DetectCureTDL3: IrpHandler (16) addr: B81092E2
3:19:15:31	2436	DetectCureTDL3: IrpHandler (17) addr: 804F4562
3:19:15:31	2436	DetectCureTDL3: IrpHandler (18) addr: 804F4562
3:19:15:31	2436	DetectCureTDL3: IrpHandler (19) addr: 804F4562
3:19:15:31	2436	DetectCureTDL3: IrpHandler (20) addr: 804F4562
3:19:15:31	2436	DetectCureTDL3: IrpHandler (21) addr: 804F4562
3:19:15:31	2436	DetectCureTDL3: IrpHandler (22) addr: B810AC82
3:19:15:31	2436	DetectCureTDL3: IrpHandler (23) addr: B810F99E
3:19:15:31	2436	DetectCureTDL3: IrpHandler (24) addr: 804F4562
3:19:15:31	2436	DetectCureTDL3: IrpHandler (25) addr: 804F4562
3:19:15:31	2436	DetectCureTDL3: IrpHandler (26) addr: 804F4562
3:19:15:31	2436	KLMD_ReadMem: Trying to ReadMemory 0x0[0x400]
3:19:15:31	2436	KLMD_ReadMem: DeviceIoControl error 1
3:19:15:31	2436	TDL3_StartIoHookDetect: Unable to get StartIo handler code
3:19:15:31	2436	TDL3_FileDetect: Processing driver: Disk
3:19:15:31	2436	TDL3_FileDetect: Parameters: C:\WINDOWS\system32\drivers\disk.sys, C:\WINDOWS\system32\Drivers\tsk_disk.sys, SYSTEM\CurrentControlSet\Services\Disk, system32\Drivers\tsk_disk.sys
3:19:15:31	2436	TDL3_FileDetect: Processing driver file: C:\WINDOWS\system32\drivers\disk.sys
3:19:15:31	2436	KLMD_CreateFileW: Trying to open file C:\WINDOWS\system32\drivers\disk.sys
3:19:15:187	2436	DetectCureTDL3: 2 Curr stack PDEVICE_OBJECT: 8A3E6C68
3:19:15:187	2436	KLMD_GetLowerDeviceObject: Trying to get lower device object for 8A3E6C68
3:19:15:187	2436	KLMD_ReadMem: Trying to ReadMemory 0x8A3E6C68[0x38]
3:19:15:187	2436	DetectCureTDL3: DRIVER_OBJECT addr: 8A772910
3:19:15:187	2436	KLMD_ReadMem: Trying to ReadMemory 0x8A772910[0xA8]
3:19:15:187	2436	KLMD_ReadMem: Trying to ReadMemory 0xE10142C8[0x208]
3:19:15:187	2436	DetectCureTDL3: DRIVER_OBJECT name: \Driver\Disk, Driver Name: Disk
3:19:15:187	2436	DetectCureTDL3: IrpHandler (0) addr: B810EBB0
3:19:15:187	2436	DetectCureTDL3: IrpHandler (1) addr: 804F4562
3:19:15:187	2436	DetectCureTDL3: IrpHandler (2) addr: B810EBB0
3:19:15:187	2436	DetectCureTDL3: IrpHandler (3) addr: B8108D1F
3:19:15:187	2436	DetectCureTDL3: IrpHandler (4) addr: B8108D1F
3:19:15:187	2436	DetectCureTDL3: IrpHandler (5) addr: 804F4562
3:19:15:187	2436	DetectCureTDL3: IrpHandler (6) addr: 804F4562
3:19:15:187	2436	DetectCureTDL3: IrpHandler (7) addr: 804F4562
3:19:15:187	2436	DetectCureTDL3: IrpHandler (8) addr: 804F4562
3:19:15:187	2436	DetectCureTDL3: IrpHandler (9) addr: B81092E2
3:19:15:187	2436	DetectCureTDL3: IrpHandler (10) addr: 804F4562
3:19:15:187	2436	DetectCureTDL3: IrpHandler (11) addr: 804F4562
3:19:15:187	2436	DetectCureTDL3: IrpHandler (12) addr: 804F4562
3:19:15:187	2436	DetectCureTDL3: IrpHandler (13) addr: 804F4562
3:19:15:187	2436	DetectCureTDL3: IrpHandler (14) addr: B81093BB
3:19:15:187	2436	DetectCureTDL3: IrpHandler (15) addr: B810CF28
3:19:15:187	2436	DetectCureTDL3: IrpHandler (16) addr: B81092E2
3:19:15:187	2436	DetectCureTDL3: IrpHandler (17) addr: 804F4562
3:19:15:187	2436	DetectCureTDL3: IrpHandler (18) addr: 804F4562
3:19:15:187	2436	DetectCureTDL3: IrpHandler (19) addr: 804F4562
3:19:15:187	2436	DetectCureTDL3: IrpHandler (20) addr: 804F4562
3:19:15:187	2436	DetectCureTDL3: IrpHandler (21) addr: 804F4562
3:19:15:187	2436	DetectCureTDL3: IrpHandler (22) addr: B810AC82
3:19:15:187	2436	DetectCureTDL3: IrpHandler (23) addr: B810F99E
3:19:15:187	2436	DetectCureTDL3: IrpHandler (24) addr: 804F4562
3:19:15:187	2436	DetectCureTDL3: IrpHandler (25) addr: 804F4562
3:19:15:187	2436	DetectCureTDL3: IrpHandler (26) addr: 804F4562
3:19:15:187	2436	KLMD_ReadMem: Trying to ReadMemory 0x0[0x400]
3:19:15:187	2436	KLMD_ReadMem: DeviceIoControl error 1
3:19:15:187	2436	TDL3_StartIoHookDetect: Unable to get StartIo handler code
3:19:15:187	2436	TDL3_FileDetect: Processing driver: Disk
3:19:15:234	2436	TDL3_FileDetect: Parameters: C:\WINDOWS\system32\drivers\disk.sys, C:\WINDOWS\system32\Drivers\tsk_disk.sys, SYSTEM\CurrentControlSet\Services\Disk, system32\Drivers\tsk_disk.sys
3:19:15:234	2436	TDL3_FileDetect: Processing driver file: C:\WINDOWS\system32\drivers\disk.sys
3:19:15:234	2436	KLMD_CreateFileW: Trying to open file C:\WINDOWS\system32\drivers\disk.sys
3:19:15:234	2436	DetectCureTDL3: 3 Curr stack PDEVICE_OBJECT: 8A324C68
3:19:15:234	2436	KLMD_GetLowerDeviceObject: Trying to get lower device object for 8A324C68
3:19:15:234	2436	KLMD_ReadMem: Trying to ReadMemory 0x8A324C68[0x38]
3:19:15:234	2436	DetectCureTDL3: DRIVER_OBJECT addr: 8A772910
3:19:15:234	2436	KLMD_ReadMem: Trying to ReadMemory 0x8A772910[0xA8]
3:19:15:234	2436	KLMD_ReadMem: Trying to ReadMemory 0xE10142C8[0x208]
3:19:15:234	2436	DetectCureTDL3: DRIVER_OBJECT name: \Driver\Disk, Driver Name: Disk
3:19:15:234	2436	DetectCureTDL3: IrpHandler (0) addr: B810EBB0
3:19:15:234	2436	DetectCureTDL3: IrpHandler (1) addr: 804F4562
3:19:15:234	2436	DetectCureTDL3: IrpHandler (2) addr: B810EBB0
3:19:15:234	2436	DetectCureTDL3: IrpHandler (3) addr: B8108D1F
3:19:15:234	2436	DetectCureTDL3: IrpHandler (4) addr: B8108D1F
3:19:15:234	2436	DetectCureTDL3: IrpHandler (5) addr: 804F4562
3:19:15:234	2436	DetectCureTDL3: IrpHandler (6) addr: 804F4562
3:19:15:234	2436	DetectCureTDL3: IrpHandler (7) addr: 804F4562
3:19:15:234	2436	DetectCureTDL3: IrpHandler (8) addr: 804F4562
3:19:15:234	2436	DetectCureTDL3: IrpHandler (9) addr: B81092E2
3:19:15:234	2436	DetectCureTDL3: IrpHandler (10) addr: 804F4562
3:19:15:234	2436	DetectCureTDL3: IrpHandler (11) addr: 804F4562
3:19:15:234	2436	DetectCureTDL3: IrpHandler (12) addr: 804F4562
3:19:15:234	2436	DetectCureTDL3: IrpHandler (13) addr: 804F4562
3:19:15:234	2436	DetectCureTDL3: IrpHandler (14) addr: B81093BB
3:19:15:234	2436	DetectCureTDL3: IrpHandler (15) addr: B810CF28
3:19:15:234	2436	DetectCureTDL3: IrpHandler (16) addr: B81092E2
3:19:15:234	2436	DetectCureTDL3: IrpHandler (17) addr: 804F4562
3:19:15:234	2436	DetectCureTDL3: IrpHandler (18) addr: 804F4562
3:19:15:234	2436	DetectCureTDL3: IrpHandler (19) addr: 804F4562
3:19:15:234	2436	DetectCureTDL3: IrpHandler (20) addr: 804F4562
3:19:15:234	2436	DetectCureTDL3: IrpHandler (21) addr: 804F4562
3:19:15:234	2436	DetectCureTDL3: IrpHandler (22) addr: B810AC82
3:19:15:234	2436	DetectCureTDL3: IrpHandler (23) addr: B810F99E
3:19:15:234	2436	DetectCureTDL3: IrpHandler (24) addr: 804F4562
3:19:15:234	2436	DetectCureTDL3: IrpHandler (25) addr: 804F4562
3:19:15:234	2436	DetectCureTDL3: IrpHandler (26) addr: 804F4562
3:19:15:234	2436	KLMD_ReadMem: Trying to ReadMemory 0x0[0x400]
3:19:15:234	2436	KLMD_ReadMem: DeviceIoControl error 1
3:19:15:234	2436	TDL3_StartIoHookDetect: Unable to get StartIo handler code
3:19:15:234	2436	TDL3_FileDetect: Processing driver: Disk
3:19:15:234	2436	TDL3_FileDetect: Parameters: C:\WINDOWS\system32\drivers\disk.sys, C:\WINDOWS\system32\Drivers\tsk_disk.sys, SYSTEM\CurrentControlSet\Services\Disk, system32\Drivers\tsk_disk.sys
3:19:15:234	2436	TDL3_FileDetect: Processing driver file: C:\WINDOWS\system32\drivers\disk.sys
3:19:15:234	2436	KLMD_CreateFileW: Trying to open file C:\WINDOWS\system32\drivers\disk.sys
3:19:15:234	2436	DetectCureTDL3: 4 Curr stack PDEVICE_OBJECT: 8A1FC300
3:19:15:234	2436	KLMD_GetLowerDeviceObject: Trying to get lower device object for 8A1FC300
3:19:15:234	2436	DetectCureTDL3: 4 Curr stack PDEVICE_OBJECT: 8A2E9888
3:19:15:234	2436	KLMD_GetLowerDeviceObject: Trying to get lower device object for 8A2E9888
3:19:15:234	2436	KLMD_ReadMem: Trying to ReadMemory 0x8A2E9888[0x38]
3:19:15:234	2436	DetectCureTDL3: DRIVER_OBJECT addr: 8A3DDB88
3:19:15:234	2436	KLMD_ReadMem: Trying to ReadMemory 0x8A3DDB88[0xA8]
3:19:15:234	2436	KLMD_ReadMem: Trying to ReadMemory 0xE1CF9FE0[0x208]
3:19:15:234	2436	DetectCureTDL3: DRIVER_OBJECT name: \Driver\usbstor, Driver Name: usbstor
3:19:15:234	2436	DetectCureTDL3: IrpHandler (0) addr: B842D218
3:19:15:234	2436	DetectCureTDL3: IrpHandler (1) addr: 804F4562
3:19:15:234	2436	DetectCureTDL3: IrpHandler (2) addr: B842D218
3:19:15:234	2436	DetectCureTDL3: IrpHandler (3) addr: B842D23C
3:19:15:234	2436	DetectCureTDL3: IrpHandler (4) addr: B842D23C
3:19:15:234	2436	DetectCureTDL3: IrpHandler (5) addr: 804F4562
3:19:15:234	2436	DetectCureTDL3: IrpHandler (6) addr: 804F4562
3:19:15:234	2436	DetectCureTDL3: IrpHandler (7) addr: 804F4562
3:19:15:234	2436	DetectCureTDL3: IrpHandler (8) addr: 804F4562
3:19:15:234	2436	DetectCureTDL3: IrpHandler (9) addr: 804F4562
3:19:15:234	2436	DetectCureTDL3: IrpHandler (10) addr: 804F4562
3:19:15:234	2436	DetectCureTDL3: IrpHandler (11) addr: 804F4562
3:19:15:234	2436	DetectCureTDL3: IrpHandler (12) addr: 804F4562
3:19:15:234	2436	DetectCureTDL3: IrpHandler (13) addr: 804F4562
3:19:15:234	2436	DetectCureTDL3: IrpHandler (14) addr: B842D180
3:19:15:234	2436	DetectCureTDL3: IrpHandler (15) addr: B84289E6
3:19:15:234	2436	DetectCureTDL3: IrpHandler (16) addr: 804F4562
3:19:15:234	2436	DetectCureTDL3: IrpHandler (17) addr: 804F4562
3:19:15:234	2436	DetectCureTDL3: IrpHandler (18) addr: 804F4562
3:19:15:234	2436	DetectCureTDL3: IrpHandler (19) addr: 804F4562
3:19:15:234	2436	DetectCureTDL3: IrpHandler (20) addr: 804F4562
3:19:15:234	2436	DetectCureTDL3: IrpHandler (21) addr: 804F4562
3:19:15:234	2436	DetectCureTDL3: IrpHandler (22) addr: B842C5F0
3:19:15:234	2436	DetectCureTDL3: IrpHandler (23) addr: B842AA6E
3:19:15:234	2436	DetectCureTDL3: IrpHandler (24) addr: 804F4562
3:19:15:234	2436	DetectCureTDL3: IrpHandler (25) addr: 804F4562
3:19:15:234	2436	DetectCureTDL3: IrpHandler (26) addr: 804F4562
3:19:15:234	2436	KLMD_ReadMem: Trying to ReadMemory 0xB8429F26[0x400]
3:19:15:234	2436	TDL3_StartIoHookDetect: CheckParameters: 0, 0, 0, 0
3:19:15:234	2436	TDL3_FileDetect: Processing driver: usbstor
3:19:15:234	2436	TDL3_FileDetect: Parameters: C:\WINDOWS\system32\drivers\usbstor.sys, C:\WINDOWS\system32\Drivers\tsk_usbstor.sys, SYSTEM\CurrentControlSet\Services\usbstor, system32\Drivers\tsk_usbstor.sys
3:19:15:234	2436	TDL3_FileDetect: Processing driver file: C:\WINDOWS\system32\drivers\usbstor.sys
3:19:15:234	2436	KLMD_CreateFileW: Trying to open file C:\WINDOWS\system32\drivers\usbstor.sys
3:19:15:281	2436	DetectCureTDL3: 5 Curr stack PDEVICE_OBJECT: 8A40B2B0
3:19:15:281	2436	KLMD_GetLowerDeviceObject: Trying to get lower device object for 8A40B2B0
3:19:15:281	2436	DetectCureTDL3: 5 Curr stack PDEVICE_OBJECT: 8A2EB338
3:19:15:281	2436	KLMD_GetLowerDeviceObject: Trying to get lower device object for 8A2EB338
3:19:15:281	2436	KLMD_ReadMem: Trying to ReadMemory 0x8A2EB338[0x38]
3:19:15:281	2436	DetectCureTDL3: DRIVER_OBJECT addr: 8A3DDB88
3:19:15:281	2436	KLMD_ReadMem: Trying to ReadMemory 0x8A3DDB88[0xA8]
3:19:15:281	2436	KLMD_ReadMem: Trying to ReadMemory 0xE1CF9FE0[0x208]
3:19:15:281	2436	DetectCureTDL3: DRIVER_OBJECT name: \Driver\usbstor, Driver Name: usbstor
3:19:15:281	2436	DetectCureTDL3: IrpHandler (0) addr: B842D218
3:19:15:281	2436	DetectCureTDL3: IrpHandler (1) addr: 804F4562
3:19:15:281	2436	DetectCureTDL3: IrpHandler (2) addr: B842D218
3:19:15:281	2436	DetectCureTDL3: IrpHandler (3) addr: B842D23C
3:19:15:281	2436	DetectCureTDL3: IrpHandler (4) addr: B842D23C
3:19:15:281	2436	DetectCureTDL3: IrpHandler (5) addr: 804F4562
3:19:15:281	2436	DetectCureTDL3: IrpHandler (6) addr: 804F4562
3:19:15:281	2436	DetectCureTDL3: IrpHandler (7) addr: 804F4562
3:19:15:281	2436	DetectCureTDL3: IrpHandler (8) addr: 804F4562
3:19:15:281	2436	DetectCureTDL3: IrpHandler (9) addr: 804F4562
3:19:15:281	2436	DetectCureTDL3: IrpHandler (10) addr: 804F4562
3:19:15:281	2436	DetectCureTDL3: IrpHandler (11) addr: 804F4562
3:19:15:281	2436	DetectCureTDL3: IrpHandler (12) addr: 804F4562
3:19:15:281	2436	DetectCureTDL3: IrpHandler (13) addr: 804F4562
3:19:15:281	2436	DetectCureTDL3: IrpHandler (14) addr: B842D180
3:19:15:281	2436	DetectCureTDL3: IrpHandler (15) addr: B84289E6
3:19:15:281	2436	DetectCureTDL3: IrpHandler (16) addr: 804F4562
3:19:15:281	2436	DetectCureTDL3: IrpHandler (17) addr: 804F4562
3:19:15:281	2436	DetectCureTDL3: IrpHandler (18) addr: 804F4562
3:19:15:281	2436	DetectCureTDL3: IrpHandler (19) addr: 804F4562
3:19:15:281	2436	DetectCureTDL3: IrpHandler (20) addr: 804F4562
3:19:15:281	2436	DetectCureTDL3: IrpHandler (21) addr: 804F4562
3:19:15:281	2436	DetectCureTDL3: IrpHandler (22) addr: B842C5F0
3:19:15:281	2436	DetectCureTDL3: IrpHandler (23) addr: B842AA6E
3:19:15:281	2436	DetectCureTDL3: IrpHandler (24) addr: 804F4562
3:19:15:281	2436	DetectCureTDL3: IrpHandler (25) addr: 804F4562
3:19:15:281	2436	DetectCureTDL3: IrpHandler (26) addr: 804F4562
3:19:15:281	2436	KLMD_ReadMem: Trying to ReadMemory 0xB8429F26[0x400]
3:19:15:281	2436	TDL3_StartIoHookDetect: CheckParameters: 0, 0, 0, 0
3:19:15:281	2436	TDL3_FileDetect: Processing driver: usbstor
3:19:15:281	2436	TDL3_FileDetect: Parameters: C:\WINDOWS\system32\drivers\usbstor.sys, C:\WINDOWS\system32\Drivers\tsk_usbstor.sys, SYSTEM\CurrentControlSet\Services\usbstor, system32\Drivers\tsk_usbstor.sys
3:19:15:281	2436	TDL3_FileDetect: Processing driver file: C:\WINDOWS\system32\drivers\usbstor.sys
3:19:15:281	2436	KLMD_CreateFileW: Trying to open file C:\WINDOWS\system32\drivers\usbstor.sys
3:19:15:281	2436	DetectCureTDL3: 6 Curr stack PDEVICE_OBJECT: 8A203230
3:19:15:281	2436	KLMD_GetLowerDeviceObject: Trying to get lower device object for 8A203230
3:19:15:281	2436	DetectCureTDL3: 6 Curr stack PDEVICE_OBJECT: 8A3C71D0
3:19:15:281	2436	KLMD_GetLowerDeviceObject: Trying to get lower device object for 8A3C71D0
3:19:15:281	2436	KLMD_ReadMem: Trying to ReadMemory 0x8A3C71D0[0x38]
3:19:15:281	2436	DetectCureTDL3: DRIVER_OBJECT addr: 8A3DDB88
3:19:15:281	2436	KLMD_ReadMem: Trying to ReadMemory 0x8A3DDB88[0xA8]
3:19:15:281	2436	KLMD_ReadMem: Trying to ReadMemory 0xE1CF9FE0[0x208]
3:19:15:281	2436	DetectCureTDL3: DRIVER_OBJECT name: \Driver\usbstor, Driver Name: usbstor
3:19:15:281	2436	DetectCureTDL3: IrpHandler (0) addr: B842D218
3:19:15:281	2436	DetectCureTDL3: IrpHandler (1) addr: 804F4562
3:19:15:281	2436	DetectCureTDL3: IrpHandler (2) addr: B842D218
3:19:15:281	2436	DetectCureTDL3: IrpHandler (3) addr: B842D23C
3:19:15:281	2436	DetectCureTDL3: IrpHandler (4) addr: B842D23C
3:19:15:281	2436	DetectCureTDL3: IrpHandler (5) addr: 804F4562
3:19:15:281	2436	DetectCureTDL3: IrpHandler (6) addr: 804F4562
3:19:15:281	2436	DetectCureTDL3: IrpHandler (7) addr: 804F4562
3:19:15:281	2436	DetectCureTDL3: IrpHandler (8) addr: 804F4562
3:19:15:281	2436	DetectCureTDL3: IrpHandler (9) addr: 804F4562
3:19:15:281	2436	DetectCureTDL3: IrpHandler (10) addr: 804F4562
3:19:15:281	2436	DetectCureTDL3: IrpHandler (11) addr: 804F4562
3:19:15:281	2436	DetectCureTDL3: IrpHandler (12) addr: 804F4562
3:19:15:281	2436	DetectCureTDL3: IrpHandler (13) addr: 804F4562
3:19:15:281	2436	DetectCureTDL3: IrpHandler (14) addr: B842D180
3:19:15:281	2436	DetectCureTDL3: IrpHandler (15) addr: B84289E6
3:19:15:281	2436	DetectCureTDL3: IrpHandler (16) addr: 804F4562
3:19:15:281	2436	DetectCureTDL3: IrpHandler (17) addr: 804F4562
3:19:15:281	2436	DetectCureTDL3: IrpHandler (18) addr: 804F4562
3:19:15:281	2436	DetectCureTDL3: IrpHandler (19) addr: 804F4562
3:19:15:281	2436	DetectCureTDL3: IrpHandler (20) addr: 804F4562
3:19:15:281	2436	DetectCureTDL3: IrpHandler (21) addr: 804F4562
3:19:15:281	2436	DetectCureTDL3: IrpHandler (22) addr: B842C5F0
3:19:15:281	2436	DetectCureTDL3: IrpHandler (23) addr: B842AA6E
3:19:15:281	2436	DetectCureTDL3: IrpHandler (24) addr: 804F4562
3:19:15:281	2436	DetectCureTDL3: IrpHandler (25) addr: 804F4562
3:19:15:281	2436	DetectCureTDL3: IrpHandler (26) addr: 804F4562
3:19:15:281	2436	KLMD_ReadMem: Trying to ReadMemory 0xB8429F26[0x400]
3:19:15:281	2436	TDL3_StartIoHookDetect: CheckParameters: 0, 0, 0, 0
3:19:15:281	2436	TDL3_FileDetect: Processing driver: usbstor
3:19:15:281	2436	TDL3_FileDetect: Parameters: C:\WINDOWS\system32\drivers\usbstor.sys, C:\WINDOWS\system32\Drivers\tsk_usbstor.sys, SYSTEM\CurrentControlSet\Services\usbstor, system32\Drivers\tsk_usbstor.sys
3:19:15:281	2436	TDL3_FileDetect: Processing driver file: C:\WINDOWS\system32\drivers\usbstor.sys
3:19:15:281	2436	KLMD_CreateFileW: Trying to open file C:\WINDOWS\system32\drivers\usbstor.sys
3:19:15:281	2436	DetectCureTDL3: 7 Curr stack PDEVICE_OBJECT: 8A315030
3:19:15:281	2436	KLMD_GetLowerDeviceObject: Trying to get lower device object for 8A315030
3:19:15:281	2436	DetectCureTDL3: 7 Curr stack PDEVICE_OBJECT: 8A7BFEA0
3:19:15:281	2436	KLMD_GetLowerDeviceObject: Trying to get lower device object for 8A7BFEA0
3:19:15:281	2436	KLMD_ReadMem: Trying to ReadMemory 0x8A7BFEA0[0x38]
3:19:15:281	2436	DetectCureTDL3: DRIVER_OBJECT addr: 8A3DDB88
3:19:15:281	2436	KLMD_ReadMem: Trying to ReadMemory 0x8A3DDB88[0xA8]
3:19:15:281	2436	KLMD_ReadMem: Trying to ReadMemory 0xE1CF9FE0[0x208]
3:19:15:281	2436	DetectCureTDL3: DRIVER_OBJECT name: \Driver\usbstor, Driver Name: usbstor
3:19:15:281	2436	DetectCureTDL3: IrpHandler (0) addr: B842D218
3:19:15:281	2436	DetectCureTDL3: IrpHandler (1) addr: 804F4562
3:19:15:281	2436	DetectCureTDL3: IrpHandler (2) addr: B842D218
3:19:15:281	2436	DetectCureTDL3: IrpHandler (3) addr: B842D23C
3:19:15:281	2436	DetectCureTDL3: IrpHandler (4) addr: B842D23C
3:19:15:281	2436	DetectCureTDL3: IrpHandler (5) addr: 804F4562
3:19:15:281	2436	DetectCureTDL3: IrpHandler (6) addr: 804F4562
3:19:15:281	2436	DetectCureTDL3: IrpHandler (7) addr: 804F4562
3:19:15:281	2436	DetectCureTDL3: IrpHandler (8) addr: 804F4562
3:19:15:281	2436	DetectCureTDL3: IrpHandler (9) addr: 804F4562
3:19:15:281	2436	DetectCureTDL3: IrpHandler (10) addr: 804F4562
3:19:15:281	2436	DetectCureTDL3: IrpHandler (11) addr: 804F4562
3:19:15:281	2436	DetectCureTDL3: IrpHandler (12) addr: 804F4562
3:19:15:281	2436	DetectCureTDL3: IrpHandler (13) addr: 804F4562
3:19:15:281	2436	DetectCureTDL3: IrpHandler (14) addr: B842D180
3:19:15:281	2436	DetectCureTDL3: IrpHandler (15) addr: B84289E6
3:19:15:281	2436	DetectCureTDL3: IrpHandler (16) addr: 804F4562
3:19:15:281	2436	DetectCureTDL3: IrpHandler (17) addr: 804F4562
3:19:15:281	2436	DetectCureTDL3: IrpHandler (18) addr: 804F4562
3:19:15:281	2436	DetectCureTDL3: IrpHandler (19) addr: 804F4562
3:19:15:281	2436	DetectCureTDL3: IrpHandler (20) addr: 804F4562
3:19:15:281	2436	DetectCureTDL3: IrpHandler (21) addr: 804F4562
3:19:15:281	2436	DetectCureTDL3: IrpHandler (22) addr: B842C5F0
3:19:15:281	2436	DetectCureTDL3: IrpHandler (23) addr: B842AA6E
3:19:15:281	2436	DetectCureTDL3: IrpHandler (24) addr: 804F4562
3:19:15:281	2436	DetectCureTDL3: IrpHandler (25) addr: 804F4562
3:19:15:281	2436	DetectCureTDL3: IrpHandler (26) addr: 804F4562
3:19:15:281	2436	KLMD_ReadMem: Trying to ReadMemory 0xB8429F26[0x400]
3:19:15:281	2436	TDL3_StartIoHookDetect: CheckParameters: 0, 0, 0, 0
3:19:15:281	2436	TDL3_FileDetect: Processing driver: usbstor
3:19:15:281	2436	TDL3_FileDetect: Parameters: C:\WINDOWS\system32\drivers\usbstor.sys, C:\WINDOWS\system32\Drivers\tsk_usbstor.sys, SYSTEM\CurrentControlSet\Services\usbstor, system32\Drivers\tsk_usbstor.sys
3:19:15:281	2436	TDL3_FileDetect: Processing driver file: C:\WINDOWS\system32\drivers\usbstor.sys
3:19:15:281	2436	KLMD_CreateFileW: Trying to open file C:\WINDOWS\system32\drivers\usbstor.sys
3:19:15:281	2436	DetectCureTDL3: 8 Curr stack PDEVICE_OBJECT: 8A705C68
3:19:15:281	2436	KLMD_GetLowerDeviceObject: Trying to get lower device object for 8A705C68
3:19:15:281	2436	KLMD_ReadMem: Trying to ReadMemory 0x8A705C68[0x38]
3:19:15:281	2436	DetectCureTDL3: DRIVER_OBJECT addr: 8A772910
3:19:15:281	2436	KLMD_ReadMem: Trying to ReadMemory 0x8A772910[0xA8]
3:19:15:281	2436	KLMD_ReadMem: Trying to ReadMemory 0xE10142C8[0x208]
3:19:15:281	2436	DetectCureTDL3: DRIVER_OBJECT name: \Driver\Disk, Driver Name: Disk
3:19:15:281	2436	DetectCureTDL3: IrpHandler (0) addr: B810EBB0
3:19:15:281	2436	DetectCureTDL3: IrpHandler (1) addr: 804F4562
3:19:15:281	2436	DetectCureTDL3: IrpHandler (2) addr: B810EBB0
3:19:15:281	2436	DetectCureTDL3: IrpHandler (3) addr: B8108D1F
3:19:15:281	2436	DetectCureTDL3: IrpHandler (4) addr: B8108D1F
3:19:15:281	2436	DetectCureTDL3: IrpHandler (5) addr: 804F4562
3:19:15:281	2436	DetectCureTDL3: IrpHandler (6) addr: 804F4562
3:19:15:281	2436	DetectCureTDL3: IrpHandler (7) addr: 804F4562
3:19:15:281	2436	DetectCureTDL3: IrpHandler (8) addr: 804F4562
3:19:15:281	2436	DetectCureTDL3: IrpHandler (9) addr: B81092E2
3:19:15:281	2436	DetectCureTDL3: IrpHandler (10) addr: 804F4562
3:19:15:281	2436	DetectCureTDL3: IrpHandler (11) addr: 804F4562
3:19:15:281	2436	DetectCureTDL3: IrpHandler (12) addr: 804F4562
3:19:15:281	2436	DetectCureTDL3: IrpHandler (13) addr: 804F4562
3:19:15:281	2436	DetectCureTDL3: IrpHandler (14) addr: B81093BB
3:19:15:281	2436	DetectCureTDL3: IrpHandler (15) addr: B810CF28
3:19:15:281	2436	DetectCureTDL3: IrpHandler (16) addr: B81092E2
3:19:15:281	2436	DetectCureTDL3: IrpHandler (17) addr: 804F4562
3:19:15:281	2436	DetectCureTDL3: IrpHandler (18) addr: 804F4562
3:19:15:281	2436	DetectCureTDL3: IrpHandler (19) addr: 804F4562
3:19:15:281	2436	DetectCureTDL3: IrpHandler (20) addr: 804F4562
3:19:15:281	2436	DetectCureTDL3: IrpHandler (21) addr: 804F4562
3:19:15:281	2436	DetectCureTDL3: IrpHandler (22) addr: B810AC82
3:19:15:281	2436	DetectCureTDL3: IrpHandler (23) addr: B810F99E
3:19:15:281	2436	DetectCureTDL3: IrpHandler (24) addr: 804F4562
3:19:15:281	2436	DetectCureTDL3: IrpHandler (25) addr: 804F4562
3:19:15:281	2436	DetectCureTDL3: IrpHandler (26) addr: 804F4562
3:19:15:281	2436	KLMD_ReadMem: Trying to ReadMemory 0x0[0x400]
3:19:15:281	2436	KLMD_ReadMem: DeviceIoControl error 1
3:19:15:281	2436	TDL3_StartIoHookDetect: Unable to get StartIo handler code
3:19:15:281	2436	TDL3_FileDetect: Processing driver: Disk
3:19:15:281	2436	TDL3_FileDetect: Parameters: C:\WINDOWS\system32\drivers\disk.sys, C:\WINDOWS\system32\Drivers\tsk_disk.sys, SYSTEM\CurrentControlSet\Services\Disk, system32\Drivers\tsk_disk.sys
3:19:15:281	2436	TDL3_FileDetect: Processing driver file: C:\WINDOWS\system32\drivers\disk.sys
3:19:15:281	2436	KLMD_CreateFileW: Trying to open file C:\WINDOWS\system32\drivers\disk.sys
3:19:15:296	2436	DetectCureTDL3: 9 Curr stack PDEVICE_OBJECT: 8A75AC68
3:19:15:296	2436	KLMD_GetLowerDeviceObject: Trying to get lower device object for 8A75AC68
3:19:15:296	2436	KLMD_ReadMem: Trying to ReadMemory 0x8A75AC68[0x38]
3:19:15:296	2436	DetectCureTDL3: DRIVER_OBJECT addr: 8A772910
3:19:15:296	2436	KLMD_ReadMem: Trying to ReadMemory 0x8A772910[0xA8]
3:19:15:296	2436	KLMD_ReadMem: Trying to ReadMemory 0xE10142C8[0x208]
3:19:15:296	2436	DetectCureTDL3: DRIVER_OBJECT name: \Driver\Disk, Driver Name: Disk
3:19:15:296	2436	DetectCureTDL3: IrpHandler (0) addr: B810EBB0
3:19:15:296	2436	DetectCureTDL3: IrpHandler (1) addr: 804F4562
3:19:15:296	2436	DetectCureTDL3: IrpHandler (2) addr: B810EBB0
3:19:15:296	2436	DetectCureTDL3: IrpHandler (3) addr: B8108D1F
3:19:15:296	2436	DetectCureTDL3: IrpHandler (4) addr: B8108D1F
3:19:15:296	2436	DetectCureTDL3: IrpHandler (5) addr: 804F4562
3:19:15:296	2436	DetectCureTDL3: IrpHandler (6) addr: 804F4562
3:19:15:296	2436	DetectCureTDL3: IrpHandler (7) addr: 804F4562
3:19:15:296	2436	DetectCureTDL3: IrpHandler (8) addr: 804F4562
3:19:15:296	2436	DetectCureTDL3: IrpHandler (9) addr: B81092E2
3:19:15:296	2436	DetectCureTDL3: IrpHandler (10) addr: 804F4562
3:19:15:296	2436	DetectCureTDL3: IrpHandler (11) addr: 804F4562
3:19:15:296	2436	DetectCureTDL3: IrpHandler (12) addr: 804F4562
3:19:15:296	2436	DetectCureTDL3: IrpHandler (13) addr: 804F4562
3:19:15:296	2436	DetectCureTDL3: IrpHandler (14) addr: B81093BB
3:19:15:296	2436	DetectCureTDL3: IrpHandler (15) addr: B810CF28
3:19:15:296	2436	DetectCureTDL3: IrpHandler (16) addr: B81092E2
3:19:15:296	2436	DetectCureTDL3: IrpHandler (17) addr: 804F4562
3:19:15:296	2436	DetectCureTDL3: IrpHandler (18) addr: 804F4562
3:19:15:296	2436	DetectCureTDL3: IrpHandler (19) addr: 804F4562
3:19:15:296	2436	DetectCureTDL3: IrpHandler (20) addr: 804F4562
3:19:15:296	2436	DetectCureTDL3: IrpHandler (21) addr: 804F4562
3:19:15:296	2436	DetectCureTDL3: IrpHandler (22) addr: B810AC82
3:19:15:296	2436	DetectCureTDL3: IrpHandler (23) addr: B810F99E
3:19:15:296	2436	DetectCureTDL3: IrpHandler (24) addr: 804F4562
3:19:15:296	2436	DetectCureTDL3: IrpHandler (25) addr: 804F4562
3:19:15:296	2436	DetectCureTDL3: IrpHandler (26) addr: 804F4562
3:19:15:296	2436	KLMD_ReadMem: Trying to ReadMemory 0x0[0x400]
3:19:15:296	2436	KLMD_ReadMem: DeviceIoControl error 1
3:19:15:296	2436	TDL3_StartIoHookDetect: Unable to get StartIo handler code
3:19:15:296	2436	TDL3_FileDetect: Processing driver: Disk
3:19:15:296	2436	TDL3_FileDetect: Parameters: C:\WINDOWS\system32\drivers\disk.sys, C:\WINDOWS\system32\Drivers\tsk_disk.sys, SYSTEM\CurrentControlSet\Services\Disk, system32\Drivers\tsk_disk.sys
3:19:15:296	2436	TDL3_FileDetect: Processing driver file: C:\WINDOWS\system32\drivers\disk.sys
3:19:15:296	2436	KLMD_CreateFileW: Trying to open file C:\WINDOWS\system32\drivers\disk.sys
3:19:15:296	2436	DetectCureTDL3: 10 Curr stack PDEVICE_OBJECT: 8A771AB8
3:19:15:296	2436	KLMD_GetLowerDeviceObject: Trying to get lower device object for 8A771AB8
3:19:15:296	2436	DetectCureTDL3: 10 Curr stack PDEVICE_OBJECT: 8A777F18
3:19:15:296	2436	KLMD_GetLowerDeviceObject: Trying to get lower device object for 8A777F18
3:19:15:296	2436	DetectCureTDL3: 10 Curr stack PDEVICE_OBJECT: 8A70B940
3:19:15:296	2436	KLMD_GetLowerDeviceObject: Trying to get lower device object for 8A70B940
3:19:15:296	2436	KLMD_ReadMem: Trying to ReadMemory 0x8A70B940[0x38]
3:19:15:296	2436	DetectCureTDL3: DRIVER_OBJECT addr: 8A77E600
3:19:15:296	2436	KLMD_ReadMem: Trying to ReadMemory 0x8A77E600[0xA8]
3:19:15:296	2436	KLMD_ReadMem: Trying to ReadMemory 0xE1009138[0x208]
3:19:15:296	2436	DetectCureTDL3: DRIVER_OBJECT name: \Driver\atapi, Driver Name: atapi
3:19:15:296	2436	DetectCureTDL3: IrpHandler (0) addr: B7E666F2
3:19:15:296	2436	DetectCureTDL3: IrpHandler (1) addr: 804F4562
3:19:15:296	2436	DetectCureTDL3: IrpHandler (2) addr: B7E666F2
3:19:15:296	2436	DetectCureTDL3: IrpHandler (3) addr: 804F4562
3:19:15:296	2436	DetectCureTDL3: IrpHandler (4) addr: 804F4562
3:19:15:296	2436	DetectCureTDL3: IrpHandler (5) addr: 804F4562
3:19:15:296	2436	DetectCureTDL3: IrpHandler (6) addr: 804F4562
3:19:15:296	2436	DetectCureTDL3: IrpHandler (7) addr: 804F4562
3:19:15:296	2436	DetectCureTDL3: IrpHandler (8) addr: 804F4562
3:19:15:296	2436	DetectCureTDL3: IrpHandler (9) addr: 804F4562
3:19:15:296	2436	DetectCureTDL3: IrpHandler (10) addr: 804F4562
3:19:15:296	2436	DetectCureTDL3: IrpHandler (11) addr: 804F4562
3:19:15:296	2436	DetectCureTDL3: IrpHandler (12) addr: 804F4562
3:19:15:296	2436	DetectCureTDL3: IrpHandler (13) addr: 804F4562
3:19:15:296	2436	DetectCureTDL3: IrpHandler (14) addr: B7E66712
3:19:15:296	2436	DetectCureTDL3: IrpHandler (15) addr: B7E62852
3:19:15:296	2436	DetectCureTDL3: IrpHandler (16) addr: 804F4562
3:19:15:296	2436	DetectCureTDL3: IrpHandler (17) addr: 804F4562
3:19:15:296	2436	DetectCureTDL3: IrpHandler (18) addr: 804F4562
3:19:15:296	2436	DetectCureTDL3: IrpHandler (19) addr: 804F4562
3:19:15:296	2436	DetectCureTDL3: IrpHandler (20) addr: 804F4562
3:19:15:296	2436	DetectCureTDL3: IrpHandler (21) addr: 804F4562
3:19:15:296	2436	DetectCureTDL3: IrpHandler (22) addr: B7E6673C
3:19:15:296	2436	DetectCureTDL3: IrpHandler (23) addr: B7E6D336
3:19:15:296	2436	DetectCureTDL3: IrpHandler (24) addr: 804F4562
3:19:15:296	2436	DetectCureTDL3: IrpHandler (25) addr: 804F4562
3:19:15:296	2436	DetectCureTDL3: IrpHandler (26) addr: 804F4562
3:19:15:296	2436	KLMD_ReadMem: Trying to ReadMemory 0xB7E63864[0x400]
3:19:15:296	2436	TDL3_StartIoHookDetect: CheckParameters: 0, 0, 316, 0
3:19:15:296	2436	TDL3_FileDetect: Processing driver: atapi
3:19:15:296	2436	TDL3_FileDetect: Parameters: C:\WINDOWS\system32\drivers\tsk_atapi.sys, C:\WINDOWS\system32\Drivers\tsk_tsk_atapi.sys, SYSTEM\CurrentControlSet\Services\atapi, system32\Drivers\tsk_tsk_atapi.sys
3:19:15:296	2436	TDL3_FileDetect: Processing driver file: C:\WINDOWS\system32\drivers\tsk_atapi.sys
3:19:15:296	2436	KLMD_CreateFileW: Trying to open file C:\WINDOWS\system32\drivers\tsk_atapi.sys
3:19:15:328	2436	
Completed

Results:
3:19:15:328	2436	Infected objects in memory:			0
3:19:15:328	2436	Cured objects in memory:			0
3:19:15:328	2436	Infected objects on disk:			0
3:19:15:328	2436	Objects on disk cured on reboot:		0
3:19:15:328	2436	Objects on disk deleted on reboot:		0
3:19:15:328	2436	Registry nodes deleted on reboot:		0
3:19:15:328	2436

uhh also i ran this wrong, and re-ran it >< I dont know if thats the original log

uhh also i ran this wrong, and re-ran it >< I dont know if thats the original log

How did you run it wrong? Did it prompt you to delete anything?

The log you posted is clean - otherwise it would have shown something like "atapi.sys is infected by TDSS rootkit" and then cured it.

-- Please open a command prompt START > RUN > type cmd ENTER
At the prompt, type dir /a /s "iaStor.sys" >C:\Look.txt
and hit ENTER.

Please post me the Look.txt.

Also, you never told me if you tried the Recovery Console and the fixmbr command.


PP:)

How did you run it wrong? Did it prompt you to delete anything?

I doubleclicked the EXE and ran it instead of going into CMD and running it. I thought i was suppose to copy what you typed and paste it in the program you posted.

The log you posted is clean - otherwise it would have shown something like "atapi.sys is infected by TDSS rootkit" and then cured it.

Is there something i can run to see if my computer is clean?

Also, you never told me if you tried the Recovery Console and the fixmbr command.

I HAVENT tried the Recovery Console...or the fixmbr, im sorry. Ill have to try that, and run the CMD prompt you posted when i get home from work.

But once im in the Recovery Console, what do i want to do there?

I doubleclicked the EXE and ran it instead of going into CMD and running it. I thought i was suppose to copy what you typed and paste it in the program you posted.

Ok - it ran and cleaned the first time through. The only difference between that and the command I posted was the log output.

The second run was clean, so we're good there.

But once im in the Recovery Console, what do i want to do there?

Hold off on that for now and let me see that Look.txt from previous post.

PP:)

Still at work =\, but do you know how i got this? Like, i thought the antivirus/spywares/etc. was doing the job. Would you care to look at my program list and tell me what i should get rid of?

Volume in drive C is PRESARIO
Volume Serial Number is

CMD said file is not found.

Still at work =\, but do you know how i got this? Like, i thought the antivirus/spywares/etc. was doing the job. Would you care to look at my program list and tell me what i should get rid of?

It is hard to say how you got infected - looks to me as though much was cleaned before you posted here.
A lot of times I see a ton of P2P clients/apps on infected compys. Also, could be some sort of "drive by" download.

We can have a look at updating/removing stuff once we get this sorted out.

Volume in drive C is PRESARIO
Volume Serial Number is

CMD said file is not found.

That is odd, since combofix noted it was infected. We may need to download new copies if they have been removed.


Let's try this again and see what shakes out:

Please Delete your current copy of Combofix
Then follow the instructions in the link below as you did before to download a fresh copy of Combofix and run it:
http://www.bleepingcomputer.com/combofix/how-to-use-combofix

Make sure all AV and anti-spyware are temporarily disable for the run. Please post me the log.

Cheers :)
PP

It is hard to say how you got infected - looks to me as though much was cleaned before you posted here.
A lot of times I see a ton of P2P clients/apps on infected compys. Also, could be some sort of "drive by" download.

We can have a look at updating/removing stuff once we get this sorted out.


That is odd, since combofix noted it was infected. We may need to download new copies if they have been removed.


Let's try this again and see what shakes out:

Please Delete your current copy of Combofix
Then follow the instructions in the link below as you did before to download a fresh copy of Combofix and run it:
http://www.bleepingcomputer.com/combofix/how-to-use-combofix

Make sure all AV and anti-spyware are temporarily disable for the run. Please post me the log.

Cheers :)
PP

Thanks for the reply...but

ComboFix is not available for download until an issue with the program has been resolved. Please be patient while the developer fixes the program and makes it available once again. As more information becomes available, we will update this page.

DO NOT attempt to download ComboFix from sites other than BleepingComputer.com and Forospyware.com!

Thanks for the reply...but

Yeah - that happens now and then. Usually due to a bad interaction with a piece of malware. Not sure if that's the case this time as I was away from compy for much of the weekend.
Go ahead and delete your current copy of combofix - no reason to have that on hand.

Guess we'll have to wait until sUBs addresses the issue and makes it available again.

PP:)

Yeah - that happens now and then. Usually due to a bad interaction with a piece of malware. Not sure if that's the case this time as I was away from compy for much of the weekend.
Go ahead and delete your current copy of combofix - no reason to have that on hand.

Guess we'll have to wait until sUBs addresses the issue and makes it available again.

PP:)

Thanks. In the meanwhile, i want to throw out that im still constantly getting a "virus" found in C:\system restore (75% of time), or in the C:\ drivers. And also 75% of the time i open IE7 (i thought it was 8) i get popup "ad.yieldmanager.com" Its blank thought..and IE 7 said pop-up blocked.

Edit: is there any programs that stand out "Uninstall now!!"
http://img.photobucket.com/albums/v439/Tug_bran612/programs.jpg

Thanks. In the meanwhile, i want to throw out that im still constantly getting a "virus" found in C:\system restore (75% of time), or in the C:\ drivers.

That is to be expected. Once we get this sorted out, we'll flush System Restore. Just ignore that for now - not going to hurt anything and it's good to have a restore point on hand if needed. Even an infected one.
Atapi.sys and others are probably still infected - that's where the drivers folder comes in. We'll need to replace the infected drivers. Combofix will usually do this, though we might have to DL fresh copies of the infected drivers.

And also 75% of the time i open IE7 (i thought it was 8) i get popup "ad.yieldmanager.com" Its blank thought..and IE 7 said pop-up blocked.

I wouldn't worry about that at the moment - bigger fish to fry....

Edit: is there any programs that stand out "Uninstall now!!"
http://img.photobucket.com/albums/v439/Tug_bran612/programs.jpg

Remove Adobe Reader 7 and then update to Adobe Reader 9 for better security.
http://www.adobe.com/products/reader/

Remove J2SE Runtime 5.0 and Java 6 Update 7

Leave Java 6 Update 17 alone - that is the one you want to keep right now.

PP:)

do you think ill be fine using the "CF Beta"
http://twitter.com/BleepinComputer

That's your call.

I'm sure sUBs would not release it at this point unless he was confident it was working properly - but again, there are no guarantees.

I would still like to get a handle on what exactly is still infected here as the various logs tell a varying story.

-- There is no rush on my end as I am pretty swamped with work these days. Ball's in your court - if you want to go ahead with kittyfix, it's up to you.

PP:)

That's your call.

I'm sure sUBs would not release it at this point unless he was confident it was working properly - but again, there are no guarantees.

I would still like to get a handle on what exactly is still infected here as the various logs tell a varying story.

-- There is no rush on my end as I am pretty swamped with work these days. Ball's in your court - if you want to go ahead with kittyfix, it's up to you.

PP:)

Thanks for the reply, and i really appreciate you helping me even with all the work you gotta do :).

Im going to go ahead and say its safe to use
"I'm reasonably satisfied that the BETA is safe for use by forum helpers."

ComboFix 09-12-16.05 - Compaq_Owner 12/16/2009 22:49:20.2.2 - x86
Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.2302.1640 [GMT -5:00]
Running from: c:\documents and settings\Compaq_Owner\My Documents\Downloads\KittyFix.exe
AV: Symantec AntiVirus Corporate Edition *On-access scanning disabled* (Updated) {FB06448E-52B8-493A-90F3-E43226D3305C}
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\windows\Fonts\RandFont.dll

.
((((((((((((((((((((((((( Files Created from 2009-11-17 to 2009-12-17 )))))))))))))))))))))))))))))))
.

2009-12-15 11:51 . 2009-12-15 11:52 -------- d-----w- c:\program files\Common Files\Adobe
2009-12-12 08:14 . 2009-12-12 08:14 96512 ----a-w- c:\windows\system32\drivers\tsk_atapi.sys
2009-12-11 13:57 . 2008-04-13 18:40 96512 ----a-w- C:\atapi.sys
2009-12-10 02:43 . 2009-12-10 02:43 -------- d-----w- c:\documents and settings\Compaq_Owner\Application Data\TrojanHunter
2009-12-10 00:59 . 2009-12-10 00:59 -------- d-----w- c:\documents and settings\LocalService\Local Settings\Application Data\Threat Expert
2009-12-10 00:16 . 2009-12-10 00:16 -------- d-----w- c:\program files\ESET
2009-12-10 00:16 . 2009-12-10 00:16 -------- d-----w- c:\documents and settings\Compaq_Owner\Local Settings\Application Data\Threat Expert
2009-12-10 00:09 . 2009-12-10 02:41 -------- d-----w- c:\program files\TrojanHunter 5.2
2009-12-08 03:38 . 2009-12-08 03:38 -------- d-----w- c:\program files\Trend Micro
2009-12-07 04:05 . 2009-12-07 12:16 -------- d-----w- c:\documents and settings\Compaq_Owner\Local Settings\Application Data\bybisg
2009-12-07 03:13 . 2009-12-07 03:13 4844296 ----a-w- c:\documents and settings\All Users\Application Data\Malwarebytes\Malwarebytes' Anti-Malware\mbam-setup.exe
2009-12-05 18:10 . 2009-12-05 18:10 8 ----a-w- c:\windows\system32\nvModes.dat
2009-12-05 17:52 . 2009-12-05 17:56 664 ----a-w- c:\windows\system32\d3d9caps.dat
2009-12-05 17:52 . 2009-12-05 17:52 552 ----a-w- c:\windows\system32\d3d8caps.dat
2009-12-05 01:55 . 2005-03-11 07:57 110592 ----a-w- c:\windows\system32\drivers\ianswxp.sys
2009-12-05 01:55 . 2005-03-11 07:51 81920 ------w- c:\windows\system32\drivers\iansmsg.dll
2009-12-05 01:55 . 2004-11-11 10:55 135168 ------w- c:\windows\system32\PRONtObj.dll
2009-12-05 01:55 . 2005-03-21 14:07 126976 ------w- c:\windows\system32\Ncs2InstUtility.dll
2009-12-05 01:55 . 2005-03-18 19:29 421888 ------w- c:\windows\system32\NcsCoLib.dll
2009-12-05 01:55 . 2005-03-16 15:43 19456 ------w- c:\windows\system32\drivers\iqvw32.sys
2009-12-05 01:55 . 2005-03-22 18:22 405504 ------w- c:\windows\system32\Ncs2DMIX.dll
2009-12-05 01:55 . 2005-03-18 20:00 290816 ------w- c:\windows\system32\Accesor.dll
2009-12-05 01:51 . 2009-12-05 01:55 -------- d-----w- c:\program files\Intel
2009-12-05 01:49 . 2009-12-05 01:49 -------- d-----w- C:\cabs
2009-12-05 01:34 . 2009-12-05 17:58 -------- d-----w- c:\program files\NVIDIA Corporation
2009-12-04 03:25 . 2009-11-21 02:34 69632 ----a-w- c:\windows\system32\OpenCL.dll
2009-12-04 03:25 . 2009-11-21 02:34 10235968 ----a-w- c:\windows\system32\drivers\nv4_mini.sys
2009-12-04 03:25 . 2009-11-21 02:34 10235968 ----a-w- c:\windows\system32\dllcache\nv4_mini.sys
2009-12-04 03:25 . 2009-11-21 02:34 4038656 ----a-w- c:\windows\system32\nvcuda.dll
2009-12-04 03:25 . 2009-11-21 02:34 2259560 ----a-w- c:\windows\system32\nvcuvid.dll
2009-12-04 03:25 . 2009-11-21 02:34 1989224 ----a-w- c:\windows\system32\nvcuvenc.dll
2009-12-04 03:25 . 2009-11-21 02:34 13602816 ----a-w- c:\windows\system32\nvoglnt.dll
2009-12-04 03:25 . 2009-11-21 02:34 2293286 ----a-w- c:\windows\system32\nvdata.bin
2009-12-04 03:25 . 2009-11-21 02:34 182888 ----a-w- c:\windows\system32\nvcodins.dll
2009-12-04 03:25 . 2009-11-21 02:34 182888 ----a-w- c:\windows\system32\nvcod.dll
2009-12-04 03:25 . 2009-11-21 02:34 11374592 ----a-w- c:\windows\system32\nvcompiler.dll
2009-12-04 03:25 . 2009-11-21 02:34 1056768 ----a-w- c:\windows\system32\nvapi.dll
2009-12-04 02:58 . 2009-12-04 02:58 -------- d-----w- c:\documents and settings\All Users\Application Data\NVIDIA Corporation
2009-12-03 02:56 . 2009-12-03 02:56 -------- d-----w- c:\documents and settings\Compaq_Owner\Local Settings\Application Data\Symantec
2009-12-03 02:55 . 2006-09-18 22:55 48816 ----a-w- c:\windows\system32\S32EVNT1.DLL
2009-12-03 02:55 . 2006-09-18 22:55 109744 ----a-w- c:\windows\system32\drivers\SYMEVENT.SYS
2009-12-03 02:54 . 2009-12-17 03:47 -------- d-----w- c:\program files\Symantec AntiVirus
2009-12-03 02:54 . 2009-12-03 02:58 -------- d-----w- c:\program files\Common Files\Symantec Shared
2009-12-03 02:49 . 2009-12-03 02:49 -------- d-----w- C:\Symantec10.1.5
2009-12-03 02:26 . 2009-12-03 02:26 152576 ----a-w- c:\documents and settings\Compaq_Owner\Application Data\Sun\Java\jre1.6.0_17\lzma.dll
2009-12-03 02:26 . 2009-12-03 02:26 79488 ----a-w- c:\documents and settings\Compaq_Owner\Application Data\Sun\Java\jre1.6.0_17\gtapi.dll
2009-12-02 04:18 . 2009-12-02 04:18 -------- d-----w- c:\documents and settings\Compaq_Owner\Local Settings\Application Data\Identities
2009-12-01 22:55 . 2009-12-01 22:55 170760 ----a-w- c:\documents and settings\LocalService\Local Settings\Application Data\FontCache3.0.0.0.dat
2009-12-01 02:35 . 2009-12-01 02:35 -------- d-----w- c:\program files\ATI Technologies
2009-12-01 02:35 . 2009-12-04 03:15 -------- d-----w- c:\program files\ATI
2009-12-01 02:35 . 2009-12-01 02:35 -------- d-----w- C:\ATI
2009-12-01 02:26 . 2009-12-01 02:31 -------- d-----w- c:\program files\RivaTuner v2.24 MSI Master Overclocking Arena 2009 edition
2009-12-01 01:54 . 2009-12-05 17:37 -------- d-----w- c:\documents and settings\Compaq_Owner\Tracing
2009-12-01 01:49 . 2009-12-01 01:49 -------- d-----w- c:\program files\Microsoft
2009-12-01 01:49 . 2009-12-01 01:49 -------- d-----w- c:\program files\Windows Live SkyDrive
2009-12-01 01:47 . 2009-12-01 01:47 -------- d-----w- c:\program files\Common Files\Windows Live
2009-11-27 22:17 . 2008-11-13 14:18 177664 ------w- c:\windows\system32\dllcache\wintrust.dll
2009-11-27 22:17 . 2008-11-13 14:18 599552 ------w- c:\windows\system32\dllcache\crypt32.dll
2009-11-27 22:16 . 2009-09-04 22:29 453456 ----a-w- c:\windows\system32\d3dx10_42.dll
2009-11-27 22:16 . 2009-09-04 22:29 1892184 ----a-w- c:\windows\system32\D3DX9_42.dll
2009-11-27 22:16 . 2009-11-27 22:16 -------- d-----w- c:\windows\Logs
2009-11-27 22:04 . 2009-11-27 22:04 -------- d--h--r- c:\documents and settings\Compaq_Owner\Application Data\SecuROM
2009-11-27 21:49 . 2009-11-27 21:49 108144 ----a-w- c:\windows\system32\CmdLineExt.dll
2009-11-25 02:11 . 2009-07-31 04:35 1172480 ------w- c:\windows\system32\dllcache\msxml3.dll
2009-11-21 01:32 . 2009-11-21 01:32 278120 ----a-w- c:\windows\system32\nvmccs.dll
2009-11-21 01:32 . 2009-11-21 01:32 154216 ----a-w- c:\windows\system32\nvsvc32.exe
2009-11-21 01:32 . 2009-11-21 01:32 145000 ----a-w- c:\windows\system32\nvcolor.exe
2009-11-21 01:32 . 2009-11-21 01:32 12669544 ----a-w- c:\windows\system32\nvcpl.dll
2009-11-21 01:32 . 2009-11-21 01:32 110184 ----a-w- c:\windows\system32\nvmctray.dll
2009-11-21 01:32 . 2009-11-21 01:32 81920 ----a-w- c:\windows\system32\nvwddi.dll
2009-11-19 22:54 . 2009-11-25 23:33 -------- d-----w- c:\documents and settings\Compaq_Owner\Application Data\foobar2000
2009-11-19 22:54 . 2009-11-19 22:54 -------- d-----w- c:\program files\foobar2000
2009-11-19 22:49 . 2009-11-19 22:49 -------- d-----w- c:\program files\uTorrent
2009-11-19 22:48 . 2009-12-05 17:37 -------- d-----w- c:\documents and settings\Compaq_Owner\Application Data\uTorrent

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-12-15 11:53 . 2005-11-14 14:54 -------- d-----w- c:\program files\Java
2009-12-15 02:05 . 2008-11-29 02:04 78408 ----a-w- c:\documents and settings\Compaq_Owner\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
2009-12-15 00:12 . 2008-11-29 04:09 -------- d-----w- c:\program files\World of Warcraft
2009-12-12 02:01 . 2004-08-04 12:00 96512 ----a-w- c:\windows\system32\drivers\atapi.sys
2009-12-10 02:46 . 2008-11-29 06:41 -------- d---a-w- c:\documents and settings\All Users\Application Data\TEMP
2009-12-09 11:58 . 2008-12-06 05:16 -------- d-----w- c:\documents and settings\All Users\Application Data\Microsoft Help
2009-12-09 04:46 . 2008-12-06 18:42 -------- d-----w- c:\documents and settings\All Users\Application Data\Spybot - Search & Destroy
2009-12-08 05:43 . 2009-07-21 16:11 -------- d-----w- c:\program files\LimeWire
2009-12-07 04:08 . 2009-10-08 02:55 -------- d-----w- c:\program files\SpeedFan
2009-12-07 03:13 . 2009-09-15 01:43 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2009-12-05 17:48 . 2009-11-06 01:10 -------- d-----w- c:\program files\Yahoo!
2009-12-05 17:44 . 2008-11-29 02:26 -------- d-----w- c:\program files\Common Files\Wise Installation Wizard
2009-12-05 01:32 . 2008-12-13 22:51 -------- d-----w- c:\documents and settings\Compaq_Owner\Application Data\Ventrilo
2009-12-03 21:14 . 2009-09-15 01:43 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2009-12-03 21:13 . 2009-09-15 01:43 19160 ----a-w- c:\windows\system32\drivers\mbam.sys
2009-12-03 02:56 . 2005-11-14 15:41 -------- d-----w- c:\program files\Symantec
2009-12-03 02:54 . 2005-11-14 15:41 -------- d-----w- c:\documents and settings\All Users\Application Data\Symantec
2009-12-03 02:32 . 2005-11-14 15:02 -------- d--h--w- c:\program files\InstallShield Installation Information
2009-12-03 02:31 . 2009-10-03 15:55 -------- d-----w- c:\program files\Common Files\AOL
2009-12-01 01:48 . 2008-12-06 05:08 -------- d-----w- c:\program files\Windows Live
2009-11-21 02:34 . 2008-10-07 18:33 6282752 ----a-w- c:\windows\system32\nv4_disp.dll
2009-11-19 23:29 . 2008-12-07 19:18 -------- d-----w- c:\documents and settings\Compaq_Owner\Application Data\LimeWire
2009-11-19 22:40 . 2009-10-20 12:58 -------- d-----w- c:\documents and settings\Compaq_Owner\Application Data\Audacity
2009-11-06 01:10 . 2009-11-06 01:10 -------- d-----w- c:\documents and settings\Compaq_Owner\Application Data\Yahoo!
2009-11-01 03:01 . 2009-11-01 03:00 -------- d-----w- c:\program files\iTunes
2009-11-01 03:00 . 2009-11-01 03:00 -------- d-----w- c:\program files\iPod
2009-11-01 03:00 . 2009-11-01 02:57 -------- d-----w- c:\program files\Common Files\Apple
2009-11-01 02:59 . 2009-09-17 01:45 -------- d-----w- c:\program files\QuickTime
2009-11-01 02:59 . 2008-11-29 06:51 -------- d-----w- c:\documents and settings\All Users\Application Data\Apple Computer
2009-11-01 02:58 . 2009-11-01 02:58 -------- d-----w- c:\program files\Apple Software Update
2009-10-29 07:46 . 2004-08-04 12:00 832512 ------w- c:\windows\system32\wininet.dll
2009-10-29 07:46 . 2009-06-09 03:13 78336 ----a-w- c:\windows\system32\ieencode.dll
2009-10-29 07:46 . 2004-08-04 12:00 17408 ----a-w- c:\windows\system32\corpol.dll
2009-10-29 00:58 . 2009-10-29 00:58 79144 ----a-w- c:\documents and settings\All Users\Application Data\Apple Computer\Installer Cache\iTunes 9.0.2.25\SetupAdmin.exe
2009-10-27 01:47 . 2005-11-14 15:20 -------- d-----w- c:\program files\Microsoft Works
2009-10-26 02:58 . 2009-10-26 02:58 -------- d-----w- c:\program files\Lame for Audacity
2009-10-24 19:42 . 2009-10-03 15:56 -------- d-----w- c:\program files\AIM Toolbar
2009-10-21 05:38 . 2004-08-04 12:00 75776 ----a-w- c:\windows\system32\strmfilt.dll
2009-10-21 05:38 . 2004-08-04 12:00 25088 ----a-w- c:\windows\system32\httpapi.dll
2009-10-20 16:20 . 2004-08-04 12:00 265728 ----a-w- c:\windows\system32\drivers\http.sys
2009-10-20 13:48 . 2009-10-20 13:41 -------- d-----w- c:\program files\Essentials Codec Pack
2009-10-20 13:36 . 2009-10-20 13:36 -------- d-----w- c:\documents and settings\Compaq_Owner\Application Data\ImTOO Software Studio
2009-10-20 12:58 . 2009-10-20 12:57 -------- d-----w- c:\program files\Audacity 1.3 Beta (Unicode)
2009-10-19 02:56 . 2008-12-03 03:41 258 ----a-w- c:\documents and settings\Compaq_Owner\Application Data\wklnhst.dat
2009-10-13 10:30 . 2004-08-04 12:00 270336 ----a-w- c:\windows\system32\oakley.dll
2009-10-12 13:38 . 2004-08-04 12:00 149504 ----a-w- c:\windows\system32\rastls.dll
2009-10-12 13:38 . 2004-08-04 12:00 79872 ----a-w- c:\windows\system32\raschap.dll
2009-10-11 09:17 . 2009-02-10 05:40 411368 ----a-w- c:\windows\system32\deploytk.dll
2008-06-30 14:52 . 2008-11-29 02:35 1425408 ----a-w- c:\program files\cpuz.exe
2006-06-02 02:07 . 2008-11-29 03:30 22 --sha-w- c:\windows\SMINST\HPCD.SYS
2001-03-30 17:07 . 2001-03-30 17:07 372736 --sha-r- c:\windows\system32\dpunicor.dll
2001-03-30 17:07 . 2001-03-30 17:07 32768 --sha-r- c:\windows\system32\fbhco.dll
.

------- Sigcheck -------

[-] 2009-12-12 02:01 . 70B6DACFF66B1E0A2EF44E6221CDC134 . 96512 . . . . c:\windows\system32\drivers\atapi.sys
[-] 2008-04-13 . 9F3A2F5AA6875C72BF062C712CFA2674 . 96512 . . [5.1.2600.5512] . . c:\windows\ServicePackFiles\i386\atapi.sys
[-] 2004-08-04 . CDFE4411A69C224BD1D11B2DA92DAC51 . 95360 . . [5.1.2600.2180] . . c:\windows\$NtServicePackUninstall$\atapi.sys

[-] 2008-04-13 . B153AFFAC761E7F5FCFA822B9C4E97BC . 14336 . . [5.1.2600.5512] . . c:\windows\ServicePackFiles\i386\asyncmac.sys
[-] 2008-04-13 . B153AFFAC761E7F5FCFA822B9C4E97BC . 14336 . . [5.1.2600.5512] . . c:\windows\system32\drivers\asyncmac.sys
[-] 2004-08-04 . 02000ABF34AF4C218C35D257024807D6 . 14336 . . [5.1.2600.2180] . . c:\windows\$NtServicePackUninstall$\asyncmac.sys

[-] 2004-08-04 . DA1F27D85E0D1525F6621372E7B685E9 . 4224 . . [5.1.2600.0] . . c:\windows\system32\drivers\beep.sys

[-] 2008-04-13 . 463C1EC80CD17420A542B7F36A36F128 . 24576 . . [5.1.2600.5512] . . c:\windows\system32\drivers\kbdclass.sys
[-] 2008-04-13 . 463C1EC80CD17420A542B7F36A36F128 . 24576 . . [5.1.2600.5512] . . c:\windows\ServicePackFiles\i386\kbdclass.sys
[-] 2004-08-04 . EBDEE8A2EE5393890A1ACEE971C4C246 . 24576 . . [5.1.2600.2180] . . c:\windows\$NtServicePackUninstall$\kbdclass.sys

[-] 2008-04-13 . 1DF7F42665C94B825322FAE71721130D . 182656 . . [5.1.2600.5512] . . c:\windows\ServicePackFiles\i386\ndis.sys
[-] 2008-04-13 . 1DF7F42665C94B825322FAE71721130D . 182656 . . [5.1.2600.5512] . . c:\windows\system32\drivers\ndis.sys
[-] 2004-08-04 . 558635D3AF1C7546D26067D5D9B6959E . 182912 . . [5.1.2600.2180] . . c:\windows\$NtServicePackUninstall$\ndis.sys

[-] 2008-04-13 . 78A08DD6A8D65E697C18E1DB01C5CDCA . 574976 . . [5.1.2600.5512] . . c:\windows\ServicePackFiles\i386\ntfs.sys
[-] 2008-04-13 . 78A08DD6A8D65E697C18E1DB01C5CDCA . 574976 . . [5.1.2600.5512] . . c:\windows\system32\drivers\ntfs.sys
[-] 2007-02-09 . 05AB81909514BFD69CBB1F2C147CF6B9 . 574976 . . [5.1.2600.3081] . . c:\windows\$hf_mig$\KB930916\SP2QFE\ntfs.sys
[-] 2007-02-09 . 19A811EF5F1ED5C926A028CE107FF1AF . 574464 . . [5.1.2600.3081] . . c:\windows\$NtServicePackUninstall$\ntfs.sys
[-] 2004-08-04 . B78BE402C3F63DD55521F73876951CDD . 574592 . . [5.1.2600.2180] . . c:\windows\$NtUninstallKB930916$\ntfs.sys

[-] 2004-08-04 . 73C1E1F395918BC2C6DD67AF7591A3AD . 2944 . . [5.1.2600.0] . . c:\windows\system32\drivers\null.sys

[-] 2008-06-20 . AD978A1B783B5719720CFF204B666C8E . 361600 . . [5.1.2600.5625] . . c:\windows\$hf_mig$\KB951748\SP3QFE\tcpip.sys
[-] 2008-06-20 . 9AEFA14BD6B182D61E3119FA5F436D3D . 361600 . . [5.1.2600.5625] . . c:\windows\$hf_mig$\KB951748\SP3GDR\tcpip.sys
[-] 2008-06-20 . 9AEFA14BD6B182D61E3119FA5F436D3D . 361600 . . [5.1.2600.5625] . . c:\windows\system32\drivers\tcpip.sys
[-] 2008-06-20 . 2A5554FC5B1E04E131230E3CE035C3F9 . 360320 . . [5.1.2600.3394] . . c:\windows\$NtServicePackUninstall$\tcpip.sys
[-] 2008-06-20 . 744E57C99232201AE98C49168B918F48 . 360960 . . [5.1.2600.3394] . . c:\windows\$hf_mig$\KB951748\SP2QFE\tcpip.sys
[-] 2008-04-13 . 93EA8D04EC73A85DB02EB8805988F733 . 361344 . . [5.1.2600.5512] . . c:\windows\$NtUninstallKB951748$\tcpip.sys
[-] 2008-04-13 . 93EA8D04EC73A85DB02EB8805988F733 . 361344 . . [5.1.2600.5512] . . c:\windows\ServicePackFiles\i386\tcpip.sys
[-] 2005-03-14 . 6129E70F3D2F1E60860C930EBEAF92C2 . 359936 . . [5.1.2600.2631] . . c:\windows\$hf_mig$\KB893066\SP2QFE\tcpip.sys
[-] 2005-03-14 . 0E66B538096A6529D1AC66E78EB0D5C8 . 359808 . . [5.1.2600.2631] . . c:\windows\$NtUninstallKB951748_0$\tcpip.sys
[-] 2004-08-04 . 9F4B36614A0FC234525BA224957DE55C . 359040 . . [5.1.2600.2180] . . c:\windows\$NtUninstallKB893066$\tcpip.sys

[-] 2008-04-14 . A06CE3399D16DB864F55FAEB1F1927A9 . 77824 . . [5.1.2600.5512] . . c:\windows\ServicePackFiles\i386\browser.dll
[-] 2008-04-14 . A06CE3399D16DB864F55FAEB1F1927A9 . 77824 . . [5.1.2600.5512] . . c:\windows\system32\browser.dll
[-] 2004-08-04 . E3CFCCDDA4EDD1D0DC9168B2E18F27B8 . 77312 . . [5.1.2600.2180] . . c:\windows\$NtServicePackUninstall$\browser.dll

[-] 2008-04-14 . BF2466B3E18E970D8A976FB95FC1CA85 . 13312 . . [5.1.2600.5512] . . c:\windows\ServicePackFiles\i386\lsass.exe
[-] 2008-04-14 . BF2466B3E18E970D8A976FB95FC1CA85 . 13312 . . [5.1.2600.5512] . . c:\windows\system32\lsass.exe
[-] 2004-08-04 . 84885F9B82F4D55C6146EBF6065D75D2 . 13312 . . [5.1.2600.2180] . . c:\windows\$NtServicePackUninstall$\lsass.exe

[-] 2008-04-14 . 13E67B55B3ABD7BF3FE7AAE5A0F9A9DE . 198144 . . [5.1.2600.5512] . . c:\windows\ServicePackFiles\i386\netman.dll
[-] 2008-04-14 . 13E67B55B3ABD7BF3FE7AAE5A0F9A9DE . 198144 . . [5.1.2600.5512] . . c:\windows\system32\netman.dll
[-] 2005-08-22 . 36739B39267914BA69AD0610A0299732 . 197632 . . [5.1.2600.2743] . . c:\windows\$NtServicePackUninstall$\netman.dll
[-] 2005-08-22 . 3516D8A18B36784B1005B950B84232E1 . 197632 . . [5.1.2600.2743] . . c:\windows\$hf_mig$\KB905414\SP2QFE\netman.dll
[-] 2004-08-04 . DAB9E6C7105D2EF49876FE92C524F565 . 198144 . . [5.1.2600.2180] . . c:\windows\$NtUninstallKB905414$\netman.dll

[-] 2008-04-14 . 574738F61FCA2935F5265DC4E5691314 . 409088 . . [6.7.2600.5512] . . c:\windows\ServicePackFiles\i386\qmgr.dll
[-] 2008-04-14 . 574738F61FCA2935F5265DC4E5691314 . 409088 . . [6.7.2600.5512] . . c:\windows\system32\qmgr.dll
[-] 2008-04-14 . 574738F61FCA2935F5265DC4E5691314 . 409088 . . [6.7.2600.5512] . . c:\windows\system32\bits\qmgr.dll
[-] 2004-08-04 . 2C69EC7E5A311334D10DD95F338FCCEA . 382464 . . [6.6.2600.2180] . . c:\windows\$NtServicePackUninstall$\qmgr.dll

[-] 2008-04-14 . D8E14A61ACC1D4A6CD0D38AEBAC7FA3B . 57856 . . [5.1.2600.5512] . . c:\windows\ServicePackFiles\i386\spoolsv.exe
[-] 2008-04-14 . D8E14A61ACC1D4A6CD0D38AEBAC7FA3B . 57856 . . [5.1.2600.5512] . . c:\windows\system32\spoolsv.exe
[-] 2005-06-11 . AD3D9D191AEA7B5445FE1D82FFBB4788 . 57856 . . [5.1.2600.2696] . . c:\windows\$hf_mig$\KB896423\SP2QFE\spoolsv.exe
[-] 2005-06-10 . DA81EC57ACD4CDC3D4C51CF3D409AF9F . 57856 . . [5.1.2600.2696] . . c:\windows\$NtServicePackUninstall$\spoolsv.exe
[-] 2004-08-04 . 7435B108B935E42EA92CA94F59C8E717 . 57856 . . [5.1.2600.2180] . . c:\windows\$NtUninstallKB896423$\spoolsv.exe

[-] 2008-04-14 . ED0EF0A136DEC83DF69F04118870003E . 507904 . . [5.1.2600.5512] . . c:\windows\ServicePackFiles\i386\winlogon.exe
[-] 2008-04-14 . ED0EF0A136DEC83DF69F04118870003E . 507904 . . [5.1.2600.5512] . . c:\windows\system32\winlogon.exe
[-] 2004-08-04 . 01C3346C241652F43AED8E2149881BFE . 502272 . . [5.1.2600.2180] . . c:\windows\$NtServicePackUninstall$\winlogon.exe

[-] 2008-04-14 . 06F247492BC786CE5C24A23E178C711A . 617472 . . [5.82] . . c:\windows\ServicePackFiles\i386\comctl32.dll
[-] 2008-04-14 . 06F247492BC786CE5C24A23E178C711A . 617472 . . [5.82] . . c:\windows\system32\comctl32.dll
[-] 2006-08-25 . B0124CB21D28B1C9F678B566B6B57D92 . 617472 . . [5.82] . . c:\windows\$NtServicePackUninstall$\comctl32.dll
[-] 2004-08-04 . A77DFB85FAEE49D66C74DA6024EBC69B . 611328 . . [5.82] . . c:\windows\$NtUninstallKB923191$\comctl32.dll

[-] 2008-04-14 . 3D4E199942E29207970E04315D02AD3B . 62464 . . [5.1.2600.5512] . . c:\windows\ServicePackFiles\i386\cryptsvc.dll
[-] 2008-04-14 . 3D4E199942E29207970E04315D02AD3B . 62464 . . [5.1.2600.5512] . . c:\windows\system32\cryptsvc.dll
[-] 2004-08-04 . 10654F9DDCEA9C46CFB77554231BE73B . 60416 . . [5.1.2600.2180] . . c:\windows\$NtServicePackUninstall$\cryptsvc.dll

[-] 2008-07-07 20:32 . 60D1A6342238378BFB7545C81EE3606C . 253952 . . [2001.12.4414.320] . . c:\windows\$NtServicePackUninstall$\es.dll
[-] 2008-07-07 20:26 . D4991D98F2DB73C60D042F1AEF79EFAE . 253952 . . [2001.12.4414.706] . . c:\windows\$hf_mig$\KB950974\SP3GDR\es.dll
[-] 2008-07-07 20:26 . D4991D98F2DB73C60D042F1AEF79EFAE . 253952 . . [2001.12.4414.706] . . c:\windows\system32\es.dll
[-] 2008-07-07 20:23 . F17F6226BDC0CD5F0BEF0DAF84D29BEC . 253952 . . [2001.12.4414.706] . . c:\windows\$hf_mig$\KB950974\SP3QFE\es.dll
[-] 2008-07-07 20:06 . A4AB3DCA4A383F0DF4988ABDEB84F9A4 . 253952 . . [2001.12.4414.320] . . c:\windows\$hf_mig$\KB950974\SP2QFE\es.dll
[-] 2008-04-14 00:11 . 19A799805B24990867B00C120D300C3A . 246272 . . [2001.12.4414.701] . . c:\windows\$NtUninstallKB950974$\es.dll
[-] 2008-04-14 00:11 . 19A799805B24990867B00C120D300C3A . 246272 . . [2001.12.4414.701] . . c:\windows\ServicePackFiles\i386\es.dll
[-] 2005-07-26 11:39 . 34BBD9ACC1538818F2C878898C64E793 . 243200 . . [2001.12.4414.308] . . c:\windows\$NtUninstallKB950974_0$\es.dll
[-] 2005-07-26 11:20 . 95F5FEA4C6DE2C3F28784D0DCC8F0DD3 . 243200 . . [2001.12.4414.308] . . c:\windows\$hf_mig$\KB902400\SP2QFE\es.dll
[-] 2004-08-04 12:00 . ACD36A2DD7D1E9D8A060AA651DC07E63 . 243200 . . [2001.12.4414.258] . . c:\windows\$NtUninstallKB902400$\es.dll

[-] 2008-04-14 . 0DA85218E92526972A821587E6A8BF8F . 110080 . . [5.1.2600.5512] . . c:\windows\ServicePackFiles\i386\imm32.dll
[-] 2008-04-14 . 0DA85218E92526972A821587E6A8BF8F . 110080 . . [5.1.2600.5512] . . c:\windows\system32\imm32.dll
[-] 2004-08-04 . 87CA7CE6469577F059297B9D6556D66D . 110080 . . [5.1.2600.2180] . . c:\windows\$NtServicePackUninstall$\imm32.dll

[-] 2008-04-14 . 2DC5A8019E2387987905F77C664E4BE2 . 19968 . . [5.1.2600.5512] . . c:\windows\ServicePackFiles\i386\linkinfo.dll
[-] 2008-04-14 . 2DC5A8019E2387987905F77C664E4BE2 . 19968 . . [5.1.2600.5512] . . c:\windows\system32\linkinfo.dll
[-] 2005-09-01 . 648BF0B4DDE4F7A1156DAE7174D36EFA . 19968 . . [5.1.2600.2751] . . c:\windows\$hf_mig$\KB900725\SP2QFE\linkinfo.dll
[-] 2005-09-01 . A1A688EE56CF3BBD24EDEB815D48E9BA . 19968 . . [5.1.2600.2751] . . c:\windows\$NtServicePackUninstall$\linkinfo.dll
[-] 2004-08-04 . C2BBD044C741EA4292016C36F718D2E4 . 18944 . . [5.1.2600.2180] . . c:\windows\$NtUninstallKB900725$\linkinfo.dll

[-] 2008-04-14 . 012DF358CEBAA23ACB26D82077820817 . 22016 . . [5.1.2600.5512] . . c:\windows\ServicePackFiles\i386\lpk.dll
[-] 2008-04-14 . 012DF358CEBAA23ACB26D82077820817 . 22016 . . [5.1.2600.5512] . . c:\windows\system32\lpk.dll
[-] 2004-08-04 . 74D66B3DE265E8789153414E75175F26 . 22016 . . [5.1.2600.2180] . . c:\windows\$NtServicePackUninstall$\lpk.dll

[-] 2008-04-14 . 355EDBB4D412B01F1740C17E3F50FA00 . 343040 . . [7.0.2600.5512] . . c:\windows\ServicePackFiles\i386\msvcrt.dll
[-] 2008-04-14 . 355EDBB4D412B01F1740C17E3F50FA00 . 343040 . . [7.0.2600.5512] . . c:\windows\system32\msvcrt.dll
[-] 2004-08-04 . B0FEFA816D61EC66AA765DDF534EAB5E . 343040 . . [7.0.2600.2180] . . c:\windows\$NtServicePackUninstall$\msvcrt.dll

[-] 2008-06-20 . 832E4DD8964AB7ACC880B2837CB1ED20 . 245248 . . [5.1.2600.5625] . . c:\windows\$hf_mig$\KB951748\SP3GDR\mswsock.dll
[-] 2008-06-20 . 832E4DD8964AB7ACC880B2837CB1ED20 . 245248 . . [5.1.2600.5625] . . c:\windows\system32\mswsock.dll
[-] 2008-06-20 . FCEE5FCB99F7C724593365C706D28388 . 245248 . . [5.1.2600.5625] . . c:\windows\$hf_mig$\KB951748\SP3QFE\mswsock.dll
[-] 2008-06-20 . 097722F235A1FB698BF9234E01B52637 . 245248 . . [5.1.2600.3394] . . c:\windows\$NtServicePackUninstall$\mswsock.dll
[-] 2008-06-20 . 1DFCA7713EA5A70D5D93B436AEA0317A . 245248 . . [5.1.2600.3394] . . c:\windows\$hf_mig$\KB951748\SP2QFE\mswsock.dll
[-] 2008-04-14 . B4138E99236F0F57D4CF49BAE98A0746 . 245248 . . [5.1.2600.5512] . . c:\windows\$NtUninstallKB951748$\mswsock.dll
[-] 2008-04-14 . B4138E99236F0F57D4CF49BAE98A0746 . 245248 . . [5.1.2600.5512] . . c:\windows\ServicePackFiles\i386\mswsock.dll
[-] 2004-08-04 . 4E74AF063C3271FBEA20DD940CFD1184 . 245248 . . [5.1.2600.2180] . . c:\windows\$NtUninstallKB951748_0$\mswsock.dll

[-] 2008-04-14 . 1B7F071C51B77C272875C3A23E1E4550 . 407040 . . [5.1.2600.5512] . . c:\windows\ServicePackFiles\i386\netlogon.dll
[-] 2008-04-14 . 1B7F071C51B77C272875C3A23E1E4550 . 407040 . . [5.1.2600.5512] . . c:\windows\system32\netlogon.dll
[-] 2004-08-04 . 96353FCECBA774BB8DA74A1C6507015A . 407040 . . [5.1.2600.2180] . . c:\windows\$NtServicePackUninstall$\netlogon.dll

[-] 2008-04-14 . 50A166237A0FA771261275A405646CC0 . 17408 . . [6.00.2900.5512] . . c:\windows\ServicePackFiles\i386\powrprof.dll
[-] 2008-04-14 . 50A166237A0FA771261275A405646CC0 . 17408 . . [6.00.2900.5512] . . c:\windows\system32\powrprof.dll
[-] 2004-08-04 . 1B5F6923ABB450692E9FE0672C897AED . 17408 . . [6.00.2900.2180] . . c:\windows\$NtServicePackUninstall$\powrprof.dll

[-] 2008-04-14 . A86BB5E61BF3E39B62AB4C7E7085A084 . 181248 . . [5.1.2600.5512] . . c:\windows\ServicePackFiles\i386\scecli.dll
[-] 2008-04-14 . A86BB5E61BF3E39B62AB4C7E7085A084 . 181248 . . [5.1.2600.5512] . . c:\windows\system32\scecli.dll
[-] 2004-08-04 . 0F78E27F563F2AAF74B91A49E2ABF19A . 180224 . . [5.1.2600.2180] . . c:\windows\$NtServicePackUninstall$\scecli.dll

[-] 2008-04-14 . 96E1C926F22EE1BFBAE82901A35F6BF3 . 5120 . . [5.1.2600.5512] . . c:\windows\ServicePackFiles\i386\sfc.dll
[-] 2008-04-14 . 96E1C926F22EE1BFBAE82901A35F6BF3 . 5120 . . [5.1.2600.5512] . . c:\windows\system32\sfc.dll
[-] 2004-08-04 . E8A12A12EA9088B4327D49EDCA3ADD3E . 5120 . . [5.1.2600.2180] . . c:\windows\$NtServicePackUninstall$\sfc.dll

[-] 2008-04-14 . 27C6D03BCDB8CFEB96B716F3D8BE3E18 . 14336 . . [5.1.2600.5512] . . c:\windows\ServicePackFiles\i386\svchost.exe
[-] 2008-04-14 . 27C6D03BCDB8CFEB96B716F3D8BE3E18 . 14336 . . [5.1.2600.5512] . . c:\windows\system32\svchost.exe
[-] 2004-08-04 . 8F078AE4ED187AAABC0A305146DE6716 . 14336 . . [5.1.2600.2180] . . c:\windows\$NtServicePackUninstall$\svchost.exe

[-] 2008-04-14 . 3CB78C17BB664637787C9A1C98F79C38 . 249856 . . [5.1.2600.5512] . . c:\windows\ServicePackFiles\i386\tapisrv.dll
[-] 2008-04-14 . 3CB78C17BB664637787C9A1C98F79C38 . 249856 . . [5.1.2600.5512] . . c:\windows\system32\tapisrv.dll
[-] 2005-07-08 . 1418A3A6E76E5A2E3F5E43866E793A8B . 249344 . . [5.1.2600.2716] . . c:\windows\$hf_mig$\KB893756\SP2QFE\tapisrv.dll
[-] 2005-07-08 . FB78839B36025AA286A51289ED28B73E . 249344 . . [5.1.2600.2716] . . c:\windows\$NtServicePackUninstall$\tapisrv.dll
[-] 2004-08-04 . EB4A4187D74A8EFDCBEA3EA2CB1BDFBD . 246272 . . [5.1.2600.2180] . . c:\windows\$NtUninstallKB893756$\tapisrv.dll

[-] 2008-04-14 . B26B135FF1B9F60C9388B4A7D16F600B . 578560 . . [5.1.2600.5512] . . c:\windows\ServicePackFiles\i386\user32.dll
[-] 2008-04-14 . B26B135FF1B9F60C9388B4A7D16F600B . 578560 . . [5.1.2600.5512] . . c:\windows\system32\user32.dll
[-] 2007-03-08 . 7AA4F6C00405DFC4B70ED4214E7D687B . 578048 . . [5.1.2600.3099] . . c:\windows\$hf_mig$\KB925902\SP2QFE\user32.dll
[-] 2007-03-08 . B409909F6E2E8A7067076ED748ABF1E7 . 577536 . . [5.1.2600.3099] . . c:\windows\$NtServicePackUninstall$\user32.dll
[-] 2005-03-02 . 1800F293BCCC8EDE8A70E12B88D80036 . 577024 . . [5.1.2600.2622] . . c:\windows\$hf_mig$\KB890859\SP2QFE\user32.dll
[-] 2005-03-02 . DE2DB164BBB35DB061AF0997E4499054 . 577024 . . [5.1.2600.2622] . . c:\windows\$NtUninstallKB925902$\user32.dll
[-] 2004-08-04 . C72661F8552ACE7C5C85E16A3CF505C4 . 577024 . . [5.1.2600.2180] . . c:\windows\$NtUninstallKB890859$\user32.dll

[-] 2008-04-14 . A93AEE1928A9D7CE3E16D24EC7380F89 . 26112 . . [5.1.2600.5512] . . c:\windows\ServicePackFiles\i386\userinit.exe
[-] 2008-04-14 . A93AEE1928A9D7CE3E16D24EC7380F89 . 26112 . . [5.1.2600.5512] . . c:\windows\system32\userinit.exe
[-] 2004-08-04 . 39B1FFB03C2296323832ACBAE50D2AFF . 24576 . . [5.1.2600.2180] . . c:\windows\$NtServicePackUninstall$\userinit.exe

[-] 2008-04-14 . 2CCC474EB85CEAA3E1FA1726580A3E5A . 82432 . . [5.1.2600.5512] . . c:\windows\ServicePackFiles\i386\ws2_32.dll
[-] 2008-04-14 . 2CCC474EB85CEAA3E1FA1726580A3E5A . 82432 . . [5.1.2600.5512] . . c:\windows\system32\ws2_32.dll
[-] 2004-08-04 . 2ED0B7F12A60F90092081C50FA0EC2B2 . 82944 . . [5.1.2600.2180] . . c:\windows\$NtServicePackUninstall$\ws2_32.dll

[-] 2008-04-14 . 12896823FB95BFB3DC9B46BCAEDC9923 . 1033728 . . [6.00.2900.5512] . . c:\windows\explorer.exe
[-] 2008-04-14 . 12896823FB95BFB3DC9B46BCAEDC9923 . 1033728 . . [6.00.2900.5512] . . c:\windows\ServicePackFiles\i386\explorer.exe
[-] 2007-06-13 . 7712DF0CDDE3A5AC89843E61CD5B3658 . 1033216 . . [6.00.2900.3156] . . c:\windows\$hf_mig$\KB938828\SP2QFE\explorer.exe
[-] 2007-06-13 . 97BD6515465659FF8F3B7BE375B2EA87 . 1033216 . . [6.00.2900.3156] . . c:\windows\$NtServicePackUninstall$\explorer.exe
[-] 2004-08-04 . A0732187050030AE399B241436565E64 . 1032192 . . [6.00.2900.2180] . . c:\windows\$NtUninstallKB938828$\explorer.exe

[-] 2008-04-14 . 3805DF0AC4296A34BA4BF93B346CC378 . 171008 . . [5.1.2600.5512] . . c:\windows\ServicePackFiles\i386\srsvc.dll
[-] 2008-04-14 . 3805DF0AC4296A34BA4BF93B346CC378 . 171008 . . [5.1.2600.5512] . . c:\windows\system32\srsvc.dll
[-] 2004-08-04 . 92BDF74F12D6CBEC43C94D4B7F804838 . 170496 . . [5.1.2600.2180] . . c:\windows\$NtServicePackUninstall$\srsvc.dll

[-] 2008-04-14 . F92E1076C42FCD6DB3D72D8CFE9816D5 . 13824 . . [5.1.2600.5512] . . c:\windows\ServicePackFiles\i386\wscntfy.exe
[-] 2008-04-14 . F92E1076C42FCD6DB3D72D8CFE9816D5 . 13824 . . [5.1.2600.5512] . . c:\windows\system32\wscntfy.exe
[-] 2004-08-04 . 49911DD39E023BB6C45E4E436CFBD297 . 13824 . . [5.1.2600.2180] . . c:\windows\$NtServicePackUninstall$\wscntfy.exe

[-] 2008-04-14 . 295D21F14C335B53CB8154E5B1F892B9 . 129024 . . [5.1.2600.5512] . . c:\windows\ServicePackFiles\i386\xmlprov.dll
[-] 2008-04-14 . 295D21F14C335B53CB8154E5B1F892B9 . 129024 . . [5.1.2600.5512] . . c:\windows\system32\xmlprov.dll
[-] 2004-08-04 . EEF46DAB68229A14DA3D8E73C99E2959 . 129536 . . [5.1.2600.2180] . . c:\windows\$NtServicePackUninstall$\xmlprov.dll

[-] 2008-04-14 . 6D4FEB43EE538FC5428CC7F0565AA656 . 56320 . . [5.1.2600.5512] . . c:\windows\ServicePackFiles\i386\eventlog.dll
[-] 2008-04-14 . 6D4FEB43EE538FC5428CC7F0565AA656 . 56320 . . [5.1.2600.5512] . . c:\windows\system32\eventlog.dll
[-] 2004-08-04 . 82B24CB70E5944E6E34662205A2A5B78 . 55808 . . [5.1.2600.2180] . . c:\windows\$NtServicePackUninstall$\eventlog.dll

[-] 2008-04-14 . 9DD07AF82244867CA36681EA2D29CE79 . 1614848 . . [5.1.2600.5512] . . c:\windows\ServicePackFiles\i386\sfcfiles.dll
[-] 2008-04-14 . 9DD07AF82244867CA36681EA2D29CE79 . 1614848 . . [5.1.2600.5512] . . c:\windows\system32\sfcfiles.dll
[-] 2004-08-04 . 30A609E00BD1D4FFC49D6B5A432BE7F2 . 1580544 . . [5.1.2600.2180] . . c:\windows\$NtServicePackUninstall$\sfcfiles.dll

[-] 2008-04-14 . 5F1D5F88303D4A4DBC8E5F97BA967CC3 . 15360 . . [5.1.2600.5512] . . c:\windows\ServicePackFiles\i386\ctfmon.exe
[-] 2008-04-14 . 5F1D5F88303D4A4DBC8E5F97BA967CC3 . 15360 . . [5.1.2600.5512] . . c:\windows\system32\ctfmon.exe
[-] 2004-08-04 . 24232996A38C0B0CF151C2140AE29FC8 . 15360 . . [5.1.2600.2180] . . c:\windows\$NtServicePackUninstall$\ctfmon.exe

[-] 2008-04-14 . 5B19B557B0C188210A56A6B699D90B8F . 59904 . . [5.1.2600.5512] . . c:\windows\ServicePackFiles\i386\regsvc.dll
[-] 2008-04-14 . 5B19B557B0C188210A56A6B699D90B8F . 59904 . . [5.1.2600.5512] . . c:\windows\system32\regsvc.dll
[-] 2004-08-04 . 3151427DB7D87107D1C5BE58FAC53960 . 59904 . . [5.1.2600.2180] . . c:\windows\$NtServicePackUninstall$\regsvc.dll

[-] 2008-04-14 . 0A9A7365A1CA4319AA7C1D6CD8E4EAFA . 192512 . . [5.1.2600.5512] . . c:\windows\ServicePackFiles\i386\schedsvc.dll
[-] 2008-04-14 . 0A9A7365A1CA4319AA7C1D6CD8E4EAFA . 192512 . . [5.1.2600.5512] . . c:\windows\system32\schedsvc.dll
[-] 2004-08-04 . 92360854316611F6CC471612213C3D92 . 190976 . . [5.1.2600.2180] . . c:\windows\$NtServicePackUninstall$\schedsvc.dll

[-] 2008-04-14 . 0A5679B3714EDAB99E357057EE88FCA6 . 71680 . . [5.1.2600.5512] . . c:\windows\ServicePackFiles\i386\ssdpsrv.dll
[-] 2008-04-14 . 0A5679B3714EDAB99E357057EE88FCA6 . 71680 . . [5.1.2600.5512] . . c:\windows\system32\ssdpsrv.dll
[-] 2004-08-04 . 4B8D61792F7175BED48859CC18CE4E38 . 71680 . . [5.1.2600.2180] . . c:\windows\$NtServicePackUninstall$\ssdpsrv.dll

[-] 2008-04-14 . FF3477C03BE7201C294C35F684B3479F . 295424 . . [5.1.2600.5512] . . c:\windows\ServicePackFiles\i386\termsrv.dll
[-] 2008-04-14 . FF3477C03BE7201C294C35F684B3479F . 295424 . . [5.1.2600.5512] . . c:\windows\system32\termsrv.dll
[-] 2004-08-04 . B60C877D16D9C880B952FDA04ADF16E6 . 295424 . . [5.1.2600.2180] . . c:\windows\$NtServicePackUninstall$\termsrv.dll

[-] 2004-08-04 . 9859C0F6936E723E4892D7141B1327D5 . 11648 . . [5.1.2600.0] . . c:\windows\system32\drivers\acpiec.sys

[-] 2008-04-13 16:39 . 8BED39E3C35D6A489438B8141717A557 . 142592 . . [5.1.2601.3142] . . c:\windows\ServicePackFiles\i386\aec.sys
[-] 2008-04-13 16:39 . 8BED39E3C35D6A489438B8141717A557 . 142592 . . [5.1.2601.3142] . . c:\windows\system32\drivers\aec.sys
[-] 2006-02-15 00:30 . 1EE7B434BA961EF845DE136224C30FEC . 142464 . . [5.1.2601.2180] . . c:\windows\$hf_mig$\KB900485\SP2QFE\aec.sys
[-] 2006-02-15 00:22 . 1EE7B434BA961EF845DE136224C30FEC . 142464 . . [5.1.2601.2180] . . c:\windows\$NtServicePackUninstall$\aec.sys
[-] 2004-08-04 13:39 . 841F385C6CFAF66B58FBD898722BB4F0 . 142464 . . [5.1.2601.2078] . . c:\windows\$NtUninstallKB900485$\aec.sys

[-] 2008-04-13 . 08FD04AA961BDC77FB983F328334E3D7 . 42368 . . [5.1.2600.5512] . . c:\windows\ServicePackFiles\i386\agp440.sys
[-] 2008-04-13 . 08FD04AA961BDC77FB983F328334E3D7 . 42368 . . [5.1.2600.5512] . . c:\windows\system32\drivers\agp440.sys

[-] 2008-04-13 . 3BB22519A194418D5FEC05D800A19AD0 . 36608 . . [5.1.2600.5512] . . c:\windows\ServicePackFiles\i386\ip6fw.sys
[-] 2008-04-13 . 3BB22519A194418D5FEC05D800A19AD0 . 36608 . . [5.1.2600.5512] . . c:\windows\system32\drivers\ip6fw.sys
[-] 2004-08-04 . 4448006B6BC60E6C027932CFC38D6855 . 29056 . . [5.1.2600.2180] . . c:\windows\$NtServicePackUninstall$\ip6fw.sys

[-] 2008-04-14 00:11 . CDDD4416B2B4C7295FE3FDB6DDE57E4E . 927504 . . [4.1.0.61] . . c:\windows\ServicePackFiles\i386\mfc40u.dll
[-] 2008-04-14 00:11 . CDDD4416B2B4C7295FE3FDB6DDE57E4E . 927504 . . [4.1.0.61] . . c:\windows\system32\mfc40u.dll
[-] 2006-11-01 19:17 . 925F8B61ED301A317BA850EBEECBDAA0 . 927504 . . [4.1.0.61] . . c:\windows\$NtServicePackUninstall$\mfc40u.dll
[-] 2004-08-04 12:00 . DDF8D47ACF8FC3FE5F7F2B95C4D4D136 . 924432 . . [4.1.6140] . . c:\windows\$NtUninstallKB924667$\mfc40u.dll

[-] 2008-04-14 . 986B1FF5814366D71E0AC5755C88F2D3 . 33792 . . [5.1.2600.5512] . . c:\windows\ServicePackFiles\i386\msgsvc.dll
[-] 2008-04-14 . 986B1FF5814366D71E0AC5755C88F2D3 . 33792 . . [5.1.2600.5512] . . c:\windows\system32\msgsvc.dll
[-] 2004-08-04 . 95FD808E4AC22ABA025A7B3EAC0375D2 . 33792 . . [5.1.2600.2180] . . c:\windows\$NtServicePackUninstall$\msgsvc.dll

[-] 2008-04-14 00:12 . 156F64A3345BD23C600655FB4D10BC08 . 435200 . . [5.1.2400.5512] . . c:\windows\ServicePackFiles\i386\ntmssvc.dll
[-] 2008-04-14 00:12 . 156F64A3345BD23C600655FB4D10BC08 . 435200 . . [5.1.2400.5512] . . c:\windows\system32\ntmssvc.dll
[-] 2004-08-04 12:00 . B62F29C00AC55A761B2E45877D85EA0F . 435200 . . [5.1.2400.2180] . . c:\windows\$NtServicePackUninstall$\ntmssvc.dll

[-] 2008-04-14 . 1EBAFEB9A3FBDC41B8D9C7F0F687AD91 . 185856 . . [5.1.2600.5512] . . c:\windows\ServicePackFiles\i386\upnphost.dll
[-] 2008-04-14 . 1EBAFEB9A3FBDC41B8D9C7F0F687AD91 . 185856 . . [5.1.2600.5512] . . c:\windows\system32\upnphost.dll
[-] 2007-02-05 . 36ACA6CDC19C95FF468A1426EB7F32F0 . 185344 . . [5.1.2600.3077] . . c:\windows\$hf_mig$\KB931261\SP2QFE\upnphost.dll
[-] 2007-02-05 . ACA5D98663D879C6BAAFCEA7E2F1B710 . 185344 . . [5.1.2600.3077] . . c:\windows\$NtServicePackUninstall$\upnphost.dll
[-] 2004-08-04 . 0546477BDE979E33294FE97F6B3DE84A . 185344 . . [5.1.2600.2180] . . c:\windows\$NtUninstallKB931261$\upnphost.dll
.
((((((((((((((((((((((((((((( SnapShot@2009-12-10_15.51.15 )))))))))))))))))))))))))))))))))))))))))
.
+ 2009-12-13 17:01 . 2009-12-13 17:01 16384 c:\windows\Temp\Perflib_Perfdata_7fc.dat
+ 2009-12-10 15:54 . 2009-12-10 15:54 32768 c:\windows\system32\config\systemprofile\Local Settings\History\History.IE5\MSHist012009121020091211\index.dat
+ 2005-06-24 22:25 . 2009-12-11 14:01 32768 c:\windows\system32\config\systemprofile\Local Settings\History\History.IE5\index.dat
- 2005-06-24 22:25 . 2009-12-10 15:35 32768 c:\windows\system32\config\systemprofile\Local Settings\History\History.IE5\index.dat
+ 2005-06-24 22:25 . 2009-12-11 14:01 32768 c:\windows\system32\config\systemprofile\Cookies\index.dat
- 2005-06-24 22:25 . 2009-12-10 15:35 32768 c:\windows\system32\config\systemprofile\Cookies\index.dat
+ 2005-06-25 05:32 . 2009-12-12 03:07 262144 c:\windows\system32\config\systemprofile\Local Settings\Temporary Internet Files\Content.IE5\index.dat
+ 2009-12-15 11:52 . 2009-12-15 11:52 3940352 c:\windows\Installer\92f6ac8.msi
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"WMPNSCFG"="c:\program files\Windows Media Player\WMPNSCFG.exe" [2006-10-19 204288]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2009-11-21 12669544]
"vptray"="c:\progra~1\SYMANT~1\VPTray.exe" [2006-10-25 125120]
"NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2009-11-21 110184]
"HPBootOp"="c:\program files\Hewlett-Packard\HP Boot Optimizer\HPBootOp.exe" [2005-09-21 1605740]
"HP Software Update"="c:\program files\HP\HP Software Update\HPwuSchd2.exe" [2005-02-17 49152]
"DPAgnt"="c:\program files\DigitalPersona\Bin\DPAgnt.exe" [2006-10-09 807440]
"ccApp"="c:\program files\Common Files\Symantec Shared\ccApp.exe" [2006-07-20 52896]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2009-10-03 35696]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2009-09-04 935288]
"SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2009-10-11 149280]
"QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2009-09-05 417792]

c:\documents and settings\All Users\Start Menu\Programs\Startup\
UltraMon.lnk - c:\windows\Installer\{20A36691-B09B-4EF2-A371-64A5BD265E20}\IcoUltraMon.ico [2009-9-16 29310]

[hkey_local_machine\software\microsoft\windows\currentversion\explorer\SharedTaskScheduler]
"{E99D38E9-4B17-48E3-A6D8-3290FD0DC3CA}"= "c:\windows\system32\dpunicor.dll" [2001-03-30 372736]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\DPWLN ]
2006-10-09 21:27 99856 ----a-w- c:\windows\system32\DPWLEvHd.dll

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]
BootExecute REG_MULTI_SZ PDBoot.exe\0autocheck autochk *

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
Notification Packages REG_MULTI_SZ scecli DPPWDFLT

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]
@="Driver"

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Logiteck Software PreLoad.exe]
backup=c:\windows\pss\Logiteck Software PreLoad.exeCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^Compaq_Owner^Start Menu^Programs^Startup^Assus XDesktop PreLoad.exe]
backup=c:\windows\pss\Assus XDesktop PreLoad.exeStartup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Advanced SystemCare 3]
2009-02-22 18:45 2272592 ----a-w- c:\program files\IObit\Advanced SystemCare 3\AWC.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\CurseClient]
2009-06-11 22:37 1934336 ----a-w- c:\program files\Curse\CurseClient.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\EPSON Stylus CX4400 Series]
2007-03-01 11:01 180736 ----a-w- c:\windows\system32\spool\drivers\w32x86\3\E_FATICAA.EXE

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper]
2009-10-29 00:21 141600 ----a-w- c:\program files\iTunes\iTunesHelper.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MsnMsgr]
2009-07-26 21:44 3883856 ----a-w- c:\program files\Windows Live\Messenger\msnmsgr.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NvCplDaemon]
2009-11-21 01:32 12669544 ----a-w- c:\windows\system32\nvcpl.dll

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
2009-09-05 05:54 417792 ----a-w- c:\program files\QuickTime\QTTask.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SpybotSD TeaTimer]
2009-03-05 20:07 2260480 --sha-r- c:\program files\Spybot - Search & Destroy\TeaTimer.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
2009-10-11 09:17 149280 ----a-w- c:\program files\Java\jre6\bin\jusched.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\UnlockerAssistant]
2008-05-02 04:15 15872 ----a-w- c:\program files\Unlocker\UnlockerAssistant.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\uTorrent]
2009-11-19 22:49 289584 ----a-w- c:\program files\uTorrent\uTorrent.exe

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
"DisableMonitoring"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\Messenger\\msmsgs.exe"=
"c:\\Program Files\\Microsoft Office\\Office12\\OUTLOOK.EXE"=
"c:\\Program Files\\Microsoft Office\\Office12\\ONENOTE.EXE"=
"c:\\Program Files\\Ventrilo\\Ventrilo.exe"=
"c:\\Program Files\\Mozilla Firefox\\firefox.exe"=
"c:\\Program Files\\Curse\\CurseClient.exe"=
"c:\\Program Files\\World of Warcraft\\Launcher.exe"=
"c:\\Program Files\\Java\\jre6\\bin\\javaws.exe"=
"c:\\Program Files\\World of Warcraft\\WoW-3.1.3.9947-to-3.2.0.10192-enUS-downloader.exe"=
"c:\\Program Files\\World of Warcraft\\WoW-3.2.0.10192-to-3.2.0.10314-enUS-downloader.exe"=
"c:\\Program Files\\World of Warcraft\\WoW-3.2.0.10314-to-3.2.2.10482-enUS-downloader.exe"=
"c:\\Program Files\\World of Warcraft\\WoW-3.2.2.10482-to-3.2.2.10505-enUS-downloader.exe"=
"c:\\Program Files\\iTunes\\iTunes.exe"=
"c:\\Program Files\\uTorrent\\uTorrent.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\wlcsdk.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
"c:\\Program Files\\World of Warcraft\\BackgroundDownloader.exe"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"3724:TCP"= 3724:TCP:Blizzard Downloader: 3724

R2 PD91Agent;PD91Agent;c:\program files\Raxco\PerfectDisk2008\PD91Agent.exe [12/31/2008 1:12 PM 693512]
R2 UltraMonUtility;UltraMon Utility Driver;c:\program files\Common Files\Realtime Soft\UltraMonMirrorDrv\x32\UltraMonUtility.sys [11/14/2008 2:11 AM 17184]
R3 dpK0Bx01;Fingerprint Reader Filter Driver;c:\windows\system32\drivers\dpK0Bx01.sys [9/16/2006 5:25 PM 35584]
R3 EraserUtilRebootDrv;EraserUtilRebootDrv;c:\program files\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [12/2/2009 9:58 PM 102448]
R3 usbdpfp;Fingerprint Reader Class Driver;c:\windows\system32\drivers\usbdpfp.sys [9/16/2006 5:23 PM 47360]
S2 7abs3rho7;nmahnds;"c:\program files\Common Files\tya62hfb\zmaodn92.exe" --> c:\program files\Common Files\tya62hfb\zmaodn92.exe [?]
S3 JmtFltr;n52te;c:\windows\system32\Drivers\JmtFltr.sys --> c:\windows\system32\Drivers\JmtFltr.sys [?]
S3 PD91Engine;PD91Engine;c:\program files\Raxco\PerfectDisk2008\PD91Engine.exe [12/31/2008 1:12 PM 910600]
S3 SavRoam;SAVRoam;c:\program files\Symantec AntiVirus\SavRoam.exe [10/24/2006 7:32 PM 116416]
S3 UltraMonMirror;UltraMonMirror;c:\windows\system32\DRIVERS\UltraMonMirror.sys --> c:\windows\system32\DRIVERS\UltraMonMirror.sys [?]
.
------- Supplementary Scan -------
.
uStart Page = hxxp://newcelica.org/
uDefault_Search_URL = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iesearch&locale=EN_US&c=Q106&bd=presario&pf=desktop
mSearch Bar = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iesearch&locale=EN_US&c=Q106&bd=presario&pf=desktop
uInternet Settings,ProxyServer = http=127.0.0.1:5555
uInternet Settings,ProxyOverride = <local>
IE: &ieSpell Options - c:\program files\ieSpell\iespell.dll/SPELLOPTION.HTM
IE: Check &Spelling - c:\program files\ieSpell\iespell.dll/SPELLCHECK.HTM
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~4\Office12\EXCEL.EXE/3000
IE: Lookup on Merriam Webster - file://c:\program files\ieSpell\Merriam Webster.HTM
IE: Lookup on Wikipedia - file://c:\program files\ieSpell\wikipedia.HTM
FF - ProfilePath - c:\documents and settings\Compaq_Owner\Application Data\Mozilla\Firefox\Profiles\oa40z2j8.default\
FF - prefs.js: browser.search.defaulturl - hxxp://aim.search.aol.com/search/search?query={searchTerms}&invocationType=tb50-ff-aim-chromesbox-en-us
FF - prefs.js: browser.search.selectedEngine - Google
FF - prefs.js: keyword.URL - hxxp://slirsredirect.search.aol.com/slirs_http/sredir?sredir=2706&invocationType=tb50-ff-aim-ab-en-us&query=
FF - plugin: c:\program files\Mozilla Firefox\plugins\npdnupdater2.dll
FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\

---- FIREFOX POLICIES ----
FF - user.js: network.protocol-handler.warn-external.dnupdate - false);user_pref(network.protocol-handler.warn-external.dnupdate, false);user_pref(network.protocol-handler.warn-external.dnupdate, false.
- - - - ORPHANS REMOVED - - - -

MSConfigStartUp-MsgCenterExe - c:\program files\Common Files\Real\Update_OB\RealOneMessageCenter.exe
MSConfigStartUp-TkBellExe - c:\program files\Common Files\Real\Update_OB\realsched.exe

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-12-16 22:55
Windows 5.1.2600 Service Pack 3 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
--------------------- LOCKED REGISTRY KEYS ---------------------

[HKEY_USERS\S-1-5-21-3994133828-2625800171-4019574962-1009\Software\SecuROM\!CAUTION! NEVER A OR CHANGE ANY KEY*]
"??"=hex:b9,bb,2b,90,cb,41,12,ad,a5,38,76,14,3b,23,59,e7,e0,7f,ad,87,89,7e,01,
e9,e9,e2,59,5f,eb,39,75,8c,74,57,45,0f,ec,41,53,c4,3c,75,87,82,b0,d3,79,2a,\
"??"=hex:cf,55,c7,95,2b,14,4d,f8,66,7b,0c,1b,19,52,fe,22
.
--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'winlogon.exe'(596)
c:\windows\system32\Ati2evxx.dll
c:\windows\system32\DPWLEvHd.dll

- - - - - - - > 'lsass.exe'(652)
c:\windows\DPPWDFLT.dll
.
Completion time: 2009-12-16 22:58:01
ComboFix-quarantined-files.txt 2009-12-17 03:57

Pre-Run: 8,710,922,240 bytes free
Post-Run: 8,722,845,696 bytes free

- - End Of File - - 050631ADA3BEDC118E1426165E3D7575

Thanks for the reply, and i really appreciate you helping me even with all the work you gotta do :).
Im going to go ahead and say its safe to use
"I'm reasonably satisfied that the BETA is safe for use by forum helpers."

Happy to help - my worry is that I'll get sloppy when pressed for time and miss something.


Anyhoo, that log looks OK to me outside of a couple things.
I do not know what these are:

c:\windows\system32\dpunicor.dll
c:\windows\system32\fbhco.dll
RightClick on these and see what property and version info is listed, if any. You'll need to have the Viewing of Hidden Files enabled to see them it not already enabled.

Better yet, go here ---> and use the Browse Button at the top of the page to navigate to each of those items and and Submit them for analysis. Let me know what you find. If even one scanner reports malware, let me know.

S2 7abs3rho7;nmahnds;"c:\program files\Common Files\tya62hfb\zmaodn92.exe"
I think this might be related to Viewpoint foistware, but not sure.
You'll need to check the Folder as well - what else is in that folder?


It looks as though TDSSKill "cured" the infected atapi.sys, but I'd like to do this anyway:

-- Download the attached File.zip and extract the contents to the Desktop

If you don't still have this on hand, download The Avenger v2 by Swandog46
http://swandog46.geekstogo.com/avenger.zip

-- Extract Avenger.exe from the ZIP to your Desktop
-- Highlight Everything in Red below and copy it using Ctrl+C or RightClick > Copy:


Files to move:
%userprofile%\desktop\atapi.sys | C:\windows\system32\drivers\atapi.sys


-- Now, DoubleClick avenger.exe on your desktop to run it
-- Read the Warning Prompt and press OK
-- Paste the script you just copied into the textbox, using Ctrl+V or RightClick > Paste
-- Press Execute
-- Answer YES to the confirmation prompts and allow your computer to reboot.
In some cases, The Avenger will reboot your machine a second time. No worries.
-- After reboot, The Avenger should open a log – please post that for me.


Let me know how you fare.

PP:)

Okay, so i forgot to extract the contents to the desktop (it was in file folder) so i had to rerun avenger...glad i actually read the log :D.

http://img.photobucket.com/albums/v439/Tug_bran612/fbh.jpg
http://img.photobucket.com/albums/v439/Tug_bran612/dpuni.jpg

Logfile of The Avenger Version 2.0, (c) by Swandog46
http://swandog46.geekstogo.com

Platform:  Windows XP

*******************

Script file opened successfully.
Script file read successfully.

Backups directory opened successfully at C:\Avenger

*******************

Beginning to process script file:

Rootkit scan active.
No rootkits found!

File move operation "C:\Documents and Settings\Compaq_Owner\desktop\atapi.sys|C:\windows\system32\drivers\atapi.sys" completed successfully.

Completed script processing.

*******************

Finished!  Terminate.

Okay, so i forgot to extract the contents to the desktop (it was in file folder) so i had to rerun avenger...glad i actually read the log :D.

Great - Go ahead and delete those two files.
If you are more comfortable renaming c:\windows\system32\fbhco.dll to fbhco.OLD rather than deleting it, then do that.

The other one obviously needs to go.

Other than those and this folder - c:\program files\Common Files\tya62hfb - I think you are good to go now.

How are things running?

PP:)

Be a part of the DaniWeb community

We're a friendly, industry-focused community of developers, IT pros, digital marketers, and technology enthusiasts meeting, networking, learning, and sharing knowledge.