Show Posts

This section allows you to view all posts made by this member. Note that you can only see posts made in areas you currently have access to.

Messages - iboglander

Pages: [1] 2

Tech Clinic / Missing Rundll32.exe/Virus/Trojan arrrrgghhh

« on: May 25, 2011, 01:56:15 PM »

I'd guess zip em to me and I will try to do it myself, if you can give me a bit of instruction as to what im doing...at least to make sure I'm not making things worse, lol.

Hope you feel better, being sick is just a drag in general, lol.

Thanks again.

Tech Clinic / Missing Rundll32.exe/Virus/Trojan arrrrgghhh

« on: May 25, 2011, 11:01:33 AM »

Crazy lately, had like zero ME time lately, lol. Comp seems to be holding up great and I like the WoT feature, thanks. Still missing shortcuts, but I think I'm just being stupid about it. I either cant find the right application starter or its hidden/missing in some cases.

Oh and I'd like to get rid of the other user account (the original one that was on the comp, before we created Napper) but I dont want to screw anything by doing so. Let me know what to do if you can or if i should yet. Thanks.

Hope you had a good holiday weekend!

Tech Clinic / Missing Rundll32.exe/Virus/Trojan arrrrgghhh

« on: May 21, 2011, 05:39:06 PM »

OTL logfile created on: 5/21/2011 3:37:26 PM - Run 3
OTL by OldTimer - Version 3.2.22.3 Folder = C:\Documents and Settings\Napper\Desktop
Windows XP Media Center Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

1,022.00 Mb Total Physical Memory | 392.00 Mb Available Physical Memory | 38.00% Memory free
4.00 Gb Paging File | 3.00 Gb Available in Paging File | 86.00% Paging File free
Paging file location(s): C:\pagefile.sys 3048 4096 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 232.88 Gb Total Space | 196.11 Gb Free Space | 84.21% Space Free | Partition Type: NTFS
Drive D: | 37.62 Mb Total Space | 0.00 Mb Free Space | 0.00% Space Free | Partition Type: CDFS
Drive E: | 464.26 Mb Total Space | 0.00 Mb Free Space | 0.00% Space Free | Partition Type: CDFS

Computer Name: YOUR-D26EF63B94 | User Name: Napper | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: Off | File Age = 30 Days

========== Custom Scans ==========

< %temp%\smtmp\*.* /s >

< %temp%\*.lnk /s >

< End of report >

And yes I'm having issues finding some of my shortcuts, especially when Im starting to be unsure of what came from where anymore, lol.

Tech Clinic / Missing Rundll32.exe/Virus/Trojan arrrrgghhh

« on: May 21, 2011, 12:50:29 AM »

Been a rough week havent touched the comp much unfortunately..however no new issues so thats a win! Yes the shortcuts are still missing, I just havent had the time to get to them, lol..if I even know exactly what Im doing to fix them, that is.

If I hadnt said it before, thank you so much for all your time and energy in this. It is much appreciated.

If I get some comp time this weekend, I will see if I can do some checking/fixing and maybe even hook up with you for some double checking, lol.

See you sometime soon hopefully.

Irish

PS anything I should do/send you to see from the technical side if things look ok?

Tech Clinic / Missing Rundll32.exe/Virus/Trojan arrrrgghhh

« on: May 14, 2011, 11:16:21 PM »

ok back again, lol, checkin every hour...now every 30 min, lol.

Tech Clinic / Missing Rundll32.exe/Virus/Trojan arrrrgghhh

« on: May 14, 2011, 09:39:19 PM »

ok back home and around, if you are available tonight=D

Tech Clinic / Missing Rundll32.exe/Virus/Trojan arrrrgghhh

« on: May 14, 2011, 10:20:28 AM »

You were adamant yesterday about me using Mozilla for some of the downloads yesterday, thats why I was asking about that (I know your multitasking a bunch of us and you just woke up, lol).

How do I do a screenshot by the way, its been so long I honestly dont remember and all the screenshots I've done in recent years were game related, lol. I just want to capture what I'm looking at to show you and make sure were on the same page and that I'm explaining it correctly.

Tech Clinic / Missing Rundll32.exe/Virus/Trojan arrrrgghhh

« on: May 14, 2011, 10:17:28 AM »

No change, settings were already like that for starters. I toggled them all back to hidden, hidden and hidden and applied. Then went back and showed, showed and showed and applied, but still no change. I hope that made sense, lol.

Also, noticed that under Administrative Tools in the Control Panel there is absolutely nothing there, no files or folders. Just something I came across=D

Tech Clinic / Missing Rundll32.exe/Virus/Trojan arrrrgghhh

« on: May 14, 2011, 10:02:25 AM »

No luck, no change=(

PS thanks for the Mozilla advice, been running around on it and checking it out, I likey, lol.
But why, out of curiosity, the preference for Mozilla vs IE for downloads and such...just lookin to get some knowledge or a link to knowledge, lol.

Anyway..next?

Tech Clinic / Missing Rundll32.exe/Virus/Trojan arrrrgghhh

« on: May 14, 2011, 01:33:44 AM »

No change: exactly the same=( Start/All Programs/Ccleaner/(empty) yadda yadda yadda

.....awwwww, Sleep must have crept in and taken you, lol.

Thanks for all your help today! Have a great night.

Tech Clinic / Missing Rundll32.exe/Virus/Trojan arrrrgghhh

« on: May 14, 2011, 12:31:13 AM »

Dogs, sometimes I'd like to trade the kids in for dogs...they're easier to please..and potty train for that matter...

OK files under Start/All programs: Remains the same...folders that lead to "<empty>" i.e. Start/All Programs/Games/(empty); Start/All Programs/itunes/(empty)..lather, rinse repeat.

As far as the unchecking for the rundll32.exe issue, unchecked before reboot..never popped again. After reboot, still holding...no pop up, just straight to whatever I'm opening. WIN!

Next?

Tech Clinic / Missing Rundll32.exe/Virus/Trojan arrrrgghhh

« on: May 13, 2011, 11:40:35 PM »

OK, all instructions followed except loading a new SmartWebPrint, not even sure I've ever consciously used it (do I need or you recommend I have it?).

Sorry for the delay between responses, life got in the way. Married, 2 kids blah blah blah.

Notes:
1. When I open programs it still asks me about running rundll32.exe, should I just uncheck the "ask me" part and be done with it?
2. My Start/All Programs list is populated again, but only with folders, no actual executable files in them, except things youve had me download and a couple under Accessories.

Waiting for next commands O Mighty Master of the Mysterious Menagerie of Malware =D

Tech Clinic / Missing Rundll32.exe/Virus/Trojan arrrrgghhh

« on: May 13, 2011, 06:47:44 PM »

Results of screen317's Security Check version 0.99.10
Windows XP Service Pack 3
Internet Explorer 8
``````````````````````````````
Antivirus/Firewall Check:
Windows Firewall Enabled!
ESET Online Scanner v3
WMI entry may not exist for antivirus; attempting automatic update.
```````````````````````````````
Anti-malware/Other Utilities Check:
Malwarebytes' Anti-Malware
CCleaner
Java(TM) 6 Update 25
Java(TM) SE Runtime Environment 6 Update 1
Java(TM) 6 Update 2
Java(TM) 6 Update 3
Java(TM) 6 Update 5
Java 2 Runtime Environment, SE v1.4.2
Out of date Java installed!
Adobe Flash Player    10.0.22.87
Adobe Reader 8.2.0
Out of date Adobe Reader installed!
Mozilla Firefox (x86 en-US..)
````````````````````````````````
Process Check:
objlist.exe by Laurent
``````````End of Log````````````

and that Smartwebprinting thing is happening when I opened: Search, Control Panel or pretty much any program off the list. =(

Tech Clinic / Missing Rundll32.exe/Virus/Trojan arrrrgghhh

« on: May 13, 2011, 06:35:19 PM »

New dilemma, when trying to open My Computer, it tries to open SmartWebPrinting and fails. It ask me to insert a disk for the program. "An installation program for the product SmartWebPrinting cannot be found. Try the installation again using a valid copy of the installation package "SmartWebPrinting.msi"" After hitting cancel, it tries it again, one more cancel and it gives up and lets me see My Computer.

ESETSmartInstaller@High as downloader log:
all ok
# version=7
# OnlineScannerApp.exe=1.0.0.1
# OnlineScanner.ocx=1.0.0.6427
# api_version=3.0.2
# EOSSerial=8a322c597cb31641bb041c093e019b2b
# end=finished
# remove_checked=true
# archives_checked=false
# unwanted_checked=true
# unsafe_checked=false
# antistealth_checked=true
# utc_time=2011-05-13 11:26:37
# local_time=2011-05-13 04:26:37 (-0800, Pacific Daylight Time)
# country="United States"
# lang=1033
# osver=5.1.2600 NT Service Pack 3
# compatibility_mode=512 16777215 100 0 0 0 0 0
# compatibility_mode=8192 67108863 100 0 0 0 0 0
# scanned=78081
# found=15
# cleaned=15
# scan_time=2183
C:\Qoobox\Quarantine\C\Documents and Settings\Owner\jxvuof.exe.vir   Win32/AutoRun.VB.AFP worm (cleaned by deleting - quarantined)   00000000000000000000000000000000   C
C:\System Volume Information\_restore{EC4CB99F-E069-439A-9C27-2FEFF753D9C8}\RP1\A0000004.exe   Win32/AutoRun.VB.AFP worm (cleaned by deleting - quarantined)   00000000000000000000000000000000   C
C:\System Volume Information\_restore{EC4CB99F-E069-439A-9C27-2FEFF753D9C8}\RP1\A0000021.exe   Win32/AutoRun.VB.AFP worm (cleaned by deleting - quarantined)   00000000000000000000000000000000   C
C:\System Volume Information\_restore{EC4CB99F-E069-439A-9C27-2FEFF753D9C8}\RP18\A0005981.exe   Win32/AutoRun.VB.AFP worm (cleaned by deleting - quarantined)   00000000000000000000000000000000   C
C:\System Volume Information\_restore{EC4CB99F-E069-439A-9C27-2FEFF753D9C8}\RP4\A0002078.exe   multiple threats (deleted - quarantined)   00000000000000000000000000000000   C
C:\System Volume Information\_restore{EC4CB99F-E069-439A-9C27-2FEFF753D9C8}\RP4\A0002079.exe   multiple threats (deleted - quarantined)   00000000000000000000000000000000   C
C:\System Volume Information\_restore{EC4CB99F-E069-439A-9C27-2FEFF753D9C8}\RP4\A0002080.exe   multiple threats (deleted - quarantined)   00000000000000000000000000000000   C
C:\System Volume Information\_restore{EC4CB99F-E069-439A-9C27-2FEFF753D9C8}\RP4\A0002081.exe   multiple threats (deleted - quarantined)   00000000000000000000000000000000   C
C:\System Volume Information\_restore{EC4CB99F-E069-439A-9C27-2FEFF753D9C8}\RP6\A0002435.exe   multiple threats (deleted - quarantined)   00000000000000000000000000000000   C
C:\System Volume Information\_restore{EC4CB99F-E069-439A-9C27-2FEFF753D9C8}\RP7\A0003115.ini   Win32/Adware.AntimalwareDoctor.AE.Gen application (cleaned by deleting - quarantined)   00000000000000000000000000000000   C
C:\System Volume Information\_restore{EC4CB99F-E069-439A-9C27-2FEFF753D9C8}\RP7\A0003235.exe   multiple threats (deleted - quarantined)   00000000000000000000000000000000   C
C:\System Volume Information\_restore{EC4CB99F-E069-439A-9C27-2FEFF753D9C8}\RP7\A0003701.exe   multiple threats (deleted - quarantined)   00000000000000000000000000000000   C
C:\System Volume Information\_restore{EC4CB99F-E069-439A-9C27-2FEFF753D9C8}\RP7\A0003702.exe   multiple threats (deleted - quarantined)   00000000000000000000000000000000   C
C:\System Volume Information\_restore{EC4CB99F-E069-439A-9C27-2FEFF753D9C8}\RP7\A0003728.exe   multiple threats (deleted - quarantined)   00000000000000000000000000000000   C
C:\System Volume Information\_restore{EC4CB99F-E069-439A-9C27-2FEFF753D9C8}\RP8\A0003883.ini   Win32/Adware.AntimalwareDoctor.AE.Gen application (cleaned by deleting - quarantined)   00000000000000000000000000000000   C

Working on the next task.

Tech Clinic / Missing Rundll32.exe/Virus/Trojan arrrrgghhh

« on: May 13, 2011, 05:36:07 PM »

All processes killed
========== OTL ==========
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Extensions\{08B0E5C0-4FCB-11CF-AAA5-00401C608501}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{08B0E5C0-4FCB-11CF-AAA5-00401C608501}\ deleted successfully.
========== REGISTRY ==========
Registry value HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\\EnableFirewall deleted successfully.
Registry value HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\\DisableNotifications deleted successfully.
========== FILES ==========
c:\windows\system32\dllcache\rundll32.exe moved successfully.
c:\windows\system32\rundll32.exe moved successfully.
========== COMMANDS ==========

[EMPTYTEMP]

User: Administrator
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->Java cache emptied: 0 bytes

User: All Users

User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->Java cache emptied: 0 bytes
->Flash cache emptied: 0 bytes

User: LocalService
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 32835 bytes

User: NetworkService
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->Flash cache emptied: 0 bytes

User: Owner
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->Java cache emptied: 0 bytes
->FireFox cache emptied: 0 bytes
->Flash cache emptied: 0 bytes

User: Owner.YOUR-D26EF63B94
->Temp folder emptied: 20195982 bytes
->Temporary Internet Files folder emptied: 3324390 bytes
->Java cache emptied: 0 bytes
->FireFox cache emptied: 58205132 bytes
->Flash cache emptied: 1901 bytes

%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32\dllcache .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 4434 bytes
%systemroot%\system32\config\systemprofile\Local Settings\Temp folder emptied: 0 bytes
%systemroot%\system32\config\systemprofile\Local Settings\Temporary Internet Files folder emptied: 0 bytes
RecycleBin emptied: 33280 bytes

Total Files Cleaned = 78.00 mb

OTL by OldTimer - Version 3.2.22.3 log created on 05132011_153002

Files\Folders moved on Reboot...
C:\WINDOWS\temp\HPSLPSVC0003.log moved successfully.

Registry entries deleted on Reboot...

Removed Norton per instruction, ran OTL..working on the rest....

Tech Clinic / Missing Rundll32.exe/Virus/Trojan arrrrgghhh

« on: May 13, 2011, 05:04:26 PM »

Ok Firefox updated, original rundll32.exe from desktop deleted (the other copies are still in the areas you told me to put them), new download with firefox done and on desktop.

Ready when you are.

Tech Clinic / Missing Rundll32.exe/Virus/Trojan arrrrgghhh

« on: May 13, 2011, 04:13:07 PM »

ComboFix 11-05-13.01 - Owner 05/13/2011 13:46:12.1.2 - x86
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.1022.543 [GMT -7:00]
Running from: c:\documents and settings\Owner.YOUR-D26EF63B94\Desktop\ComboFix.exe
FW: Norton Internet Worm Protection *Disabled* {990F9400-4CEE-43EA-A83A-D013ADD8EA6E}
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\documents and settings\Owner\jxvuof.exe
c:\documents and settings\Owner\WINDOWS
c:\windows\system32\_000005_.tmp.dll
c:\windows\system32\_000006_.tmp.dll
c:\windows\system32\Cache
.
.
((((((((((((((((((((((((( Files Created from 2011-04-13 to 2011-05-13 )))))))))))))))))))))))))))))))
.
.
2011-05-13 20:04 . 2011-05-13 20:01 33280 -c--a-w- c:\windows\system32\dllcache\rundll32.exe
2011-05-13 20:04 . 2011-05-13 20:01 33280 ----a-w- c:\windows\system32\rundll32.exe
2011-05-13 19:03 . 2011-05-13 19:03 -------- d-----w- C:\_OTL
2011-05-13 16:36 . 2011-05-13 16:36 -------- d-----w- c:\documents and settings\All Users\Application Data\Malwarebytes
2011-05-13 16:36 . 2010-12-21 01:09 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2011-05-13 16:36 . 2011-05-13 16:37 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2011-05-13 14:25 . 2011-05-13 14:25 -------- d-----w- c:\program files\Trend Micro
2011-05-13 14:04 . 2011-05-13 14:04 -------- d-----w- C:\unzipped rundll32.exe file
2011-05-13 09:04 . 2011-05-13 09:04 -------- d-----w- c:\windows\system32\wbem\Repository
2011-05-12 22:30 . 2011-05-13 09:03 -------- d-----w- c:\program files\ARO 2011
2011-05-12 15:39 . 2011-05-13 09:04 -------- d-----w- c:\documents and settings\Owner.YOUR-D26EF63B94
2011-05-11 16:39 . 2011-05-11 16:39 -------- d-----w- c:\documents and settings\NetworkService\Local Settings\Application Data\PCHealth
2011-05-06 16:27 . 2008-11-13 14:18 599552 -c----w- c:\windows\system32\dllcache\crypt32.dll
2011-04-14 16:27 . 2011-04-14 16:27 -------- d--h--w- c:\documents and settings\All Users\Application Data\TaxCut
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2011-05-13 19:52 . 2004-09-07 18:54 52352 ----a-w- c:\windows\system32\drivers\volsnap.sys
2011-03-07 05:33 . 2004-09-07 19:15 692736 ----a-w- c:\windows\system32\inetcomm.dll
2011-03-04 06:37 . 2004-09-07 18:54 420864 ----a-w- c:\windows\system32\vbscript.dll
2011-03-03 13:21 . 2004-09-07 18:54 1857920 ----a-w- c:\windows\system32\win32k.sys
2011-02-22 23:06 . 2004-09-07 18:54 916480 ----a-w- c:\windows\system32\wininet.dll
2011-02-22 23:06 . 2004-09-07 18:53 43520 ----a-w- c:\windows\system32\licmgr10.dll
2011-02-22 23:06 . 2004-09-07 18:53 1469440 ----a-w- c:\windows\system32\inetcpl.cpl
2011-02-22 11:41 . 2004-09-07 18:53 385024 ----a-w- c:\windows\system32\html.iec
2011-02-17 13:18 . 2004-09-07 18:53 455936 ----a-w- c:\windows\system32\drivers\mrxsmb.sys
2011-02-17 13:18 . 2004-09-07 18:54 357888 ----a-w- c:\windows\system32\drivers\srv.sys
2011-02-17 12:32 . 2009-04-15 03:11 5120 ----a-w- c:\windows\system32\xpsp4res.dll
2011-02-15 12:56 . 2004-09-07 18:53 290432 ----a-w- c:\windows\system32\atmfd.dll
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"High Definition Audio Property Page Shortcut"="HDAShCut.exe" [2005-01-07 61952]
"ATIPTA"="c:\program files\ATI Technologies\ATI Control Panel\atiptaxx.exe" [2005-02-02 339968]
"CHotkey"="zHotkey.exe" [2004-05-18 543232]
"SoundMan"="SOUNDMAN.EXE" [2005-09-21 86016]
"AlcWzrd"="ALCWZRD.EXE" [2005-09-21 2807808]
.
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"DWQueuedReporting"="c:\progra~1\COMMON~1\MICROS~1\DW\dwtrig20.exe" [2007-02-26 437160]
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)
"DisableNotifications"= 1 (0x1)
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"c:\\Program Files\\Logitech\\Desktop Messenger\\8876480\\Program\\LogitechDesktopMessenger.exe"=
"c:\\WINDOWS\\system32\\fxsclnt.exe"=
"c:\\Program Files\\Messenger\\msmsgs.exe"=
"c:\\Program Files\\Yahoo!\\Messenger\\YPager.exe"=
"c:\\Program Files\\iTunes\\iTunes.exe"=
"c:\\WINDOWS\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\WINDOWS\\system32\\sessmgr.exe"=
"c:\\Program Files\\Yahoo!\\Messenger\\YServer.exe"=
"c:\\Program Files\\Microsoft Games\\Age of Mythology\\aomx.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\Kodak\\Kodak EasyShare software\\bin\\EasyShare.exe"=
"c:\\Documents and Settings\\All Users\\Application Data\\NexonUS\\NGM\\NGM.exe"=
"c:\\Program Files\\Pando Networks\\Media Booster\\PMB.exe"=
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"3389:TCP"= 3389:TCP:*:Disabled:@xpsp2res.dll,-22009
"5985:TCP"= 5985:TCP:*:Disabled:Windows Remote Management
"57696:TCP"= 57696:TCP:Pando Media Booster
"57696:UDP"= 57696:UDP:Pando Media Booster
.
R2 CX88XBAR;AVerMedia AVerTV MPEG Crossbar (Dual-Input);c:\windows\system32\drivers\A88BarBB.sys [9/7/2004 11:55 AM 10112]
R3 CXAVSAUD;AVerMedia AVerTV AvStream Audio Capture;c:\windows\system32\drivers\A88AudBB.sys [9/7/2004 11:55 AM 9216]
S3 nosGetPlusHelper;getPlus(R) Helper 3004;c:\windows\System32\svchost.exe -k nosGetPlusHelper [9/7/2004 11:54 AM 14336]
S3 WinRM;Windows Remote Management (WS-Management);c:\windows\system32\svchost.exe -k WINRM [9/7/2004 11:54 AM 14336]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
getPlusHelper REG_MULTI_SZ getPlusHelper
HPZ12 REG_MULTI_SZ Pml Driver HPZ12 Net Driver HPZ12
HPService REG_MULTI_SZ HPSLPSVC
hpdevmgmt REG_MULTI_SZ hpqcxs08 hpqddsvc
nosGetPlusHelper REG_MULTI_SZ nosGetPlusHelper
WINRM REG_MULTI_SZ WINRM
.
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{A509B1FF-37FF-4bFF-8CFF-4F3A747040FF}]
2009-03-08 11:32 128512 ----a-w- c:\windows\system32\advpack.dll
.
Contents of the 'Scheduled Tasks' folder
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.yahoo.com/?fr=fp-yie8
mSearch Bar = hxxp://red.clientapps.yahoo.com/customize/ie/defaults/sb/ymsgr6/*http://www.yahoo.com/ext/search/search.html
IE: &AOL Toolbar search - c:\program files\AOL Toolbar\toolbar.dll/SEARCH.HTML
Handler: bwfile-8876480 - {9462A756-7B47-47BC-8C80-C34B9B80B32B} - c:\program files\Logitech\Desktop Messenger\8876480\Program\GAPlugProtocol-8876480.dll
DPF: {26B2A5DA-BFD6-422F-A89A-28A54C74B12B} - hxxp://images3.pnimedia.com/ProductAssets/costcous/activex/v3_0_0_4/PhotoCenter_ActiveX_Control.cab
DPF: {45A0A292-ECC6-4D8F-9EA9-A4BD411D24C1} - hxxp://games.king.com/ctl/kingcomie.cab
DPF: {AA07EBD2-EBDD-4BD6-9F8F-114BD513492C} - hxxp://disteng.nefficient.com/disteng/neffy/NeffyLauncher.cab
DPF: {B3872502-F9FD-4E96-93FF-0D37298F0689} - hxxp://everquest2.station.sony.com/systemscan/soesysinfo.cab
FF - ProfilePath -
.
- - - - ORPHANS REMOVED - - - -
.
SafeBoot-klmdb.sys
.
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2011-05-13 13:50
Windows 5.1.2600 Service Pack 3 NTFS
.
scanning hidden processes ...
.
scanning hidden autostart entries ...
.
scanning hidden files ...
.
scan completed successfully
hidden files: 0
.
**************************************************************************
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil10n_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]
@="c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil10n_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]
@Denied: (A 2) (Everyone)
@="IFlashBroker4"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
--------------------- DLLs Loaded Under Running Processes ---------------------
.
- - - - - - - > 'winlogon.exe'(524)
c:\windows\system32\Ati2evxx.dll
.
Completion time: 2011-05-13 13:55:03
ComboFix-quarantined-files.txt 2011-05-13 20:55
.
Pre-Run: 220,296,900,608 bytes free
Post-Run: 220,263,407,616 bytes free
.
WindowsXP-KB310994-SP2-Pro-BootDisk-ENU.exe
[boot loader]
timeout=2
default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS
[operating systems]
c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
UnsupportedDebug="do not select this" /debug
multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Windows XP Media Center Edition" /noexecute=optin /fastdetect
.
- - End Of File - - F018B7F658D451D69163B3C284C03B50

OTL logfile created on: 5/13/2011 2:09:25 PM - Run 2
OTL by OldTimer - Version 3.2.22.3    Folder = C:\Documents and Settings\Owner.YOUR-D26EF63B94\Desktop
Windows XP Media Center Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

1,022.00 Mb Total Physical Memory | 524.00 Mb Available Physical Memory | 51.00% Memory free
4.00 Gb Paging File | 4.00 Gb Available in Paging File | 92.00% Paging File free
Paging file location(s): C:\pagefile.sys 3048 4096 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 232.88 Gb Total Space | 205.17 Gb Free Space | 88.10% Space Free | Partition Type: NTFS
Drive D: | 37.62 Mb Total Space | 0.00 Mb Free Space | 0.00% Space Free | Partition Type: CDFS
Drive E: | 464.26 Mb Total Space | 0.00 Mb Free Space | 0.00% Space Free | Partition Type: CDFS

Computer Name: YOUR-D26EF63B94 | User Name: Owner | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2011/05/13 10:36:28 | 000,580,608 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Owner.YOUR-D26EF63B94\Desktop\OTL.exe
PRC - [2008/11/09 13:48:14 | 000,602,392 | ---- | M] (Yahoo! Inc.) -- C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe
PRC - [2008/04/13 17:12:22 | 000,015,360 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\inetsrv\inetinfo.exe
PRC - [2008/04/13 17:12:19 | 001,033,728 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe
PRC - [2007/09/19 17:14:16 | 001,247,600 | ---- | M] () -- C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
PRC - [2005/09/21 15:32:56 | 002,807,808 | ---- | M] (RealTek Semicoductor Corp.) -- C:\WINDOWS\ALCWZRD.EXE
PRC - [2005/09/21 10:24:02 | 000,086,016 | ---- | M] (Realtek Semiconductor Corp.) -- C:\WINDOWS\SOUNDMAN.EXE
PRC - [2004/05/17 18:30:04 | 000,543,232 | ---- | M] () -- C:\WINDOWS\zHotkey.exe

========== Modules (SafeList) ==========

MOD - [2011/05/13 10:36:28 | 000,580,608 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Owner.YOUR-D26EF63B94\Desktop\OTL.exe
MOD - [2010/08/23 09:12:02 | 001,054,208 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.6028_x-ww_61e65202\comctl32.dll

========== Win32 Services (SafeList) ==========

SRV - [2011/02/02 10:57:54 | 000,052,288 | ---- | M] (NOS Microsystems Ltd.) [On_Demand | Stopped] -- C:\Program Files\NOS\bin\getPlus_Helper_3004.dll -- (nosGetPlusHelper) getPlus(R)
SRV - [2009/08/07 12:43:04 | 000,045,816 | ---- | M] (NOS Microsystems Ltd.) [On_Demand | Stopped] -- C:\Program Files\NOS\bin\getPlus_Helper.dll -- (getPlusHelper) getPlus(R)
SRV - [2008/11/09 13:48:14 | 000,602,392 | ---- | M] (Yahoo! Inc.) [Auto | Running] -- C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe -- (YahooAUService)
SRV - [2008/04/13 17:12:22 | 000,015,360 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\WINDOWS\system32\inetsrv\inetinfo.exe -- (W3SVC)
SRV - [2008/04/13 17:12:22 | 000,015,360 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\WINDOWS\system32\inetsrv\inetinfo.exe -- (IISADMIN)
SRV - [2007/09/19 17:14:16 | 001,247,600 | ---- | M] () [Auto | Running] -- C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe -- (Symantec Core LC)

========== Driver Services (SafeList) ==========

DRV - [2008/04/13 11:56:49 | 000,012,800 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\usb8023.sys -- (USB_RNDIS)
DRV - [2008/04/13 11:45:34 | 000,046,592 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\irbus.sys -- (IrBus)
DRV - [2007/12/06 10:51:00 | 000,285,952 | ---- | M] (Marvell) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\yk51x86.sys -- (yukonwxp)
DRV - [2007/09/27 13:44:12 | 000,102,664 | ---- | M] (Trend Micro Inc.) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\tmcomm.sys -- (tmcomm)
DRV - [2007/06/20 04:00:00 | 000,009,200 | ---- | M] (Sonic Solutions) [Kernel | System | Running] -- C:\WINDOWS\System32\drivers\cdralw2k.sys -- (Cdralw2k)
DRV - [2007/06/20 04:00:00 | 000,009,072 | ---- | M] (Sonic Solutions) [Kernel | System | Running] -- C:\WINDOWS\System32\drivers\cdr4_xp.sys -- (Cdr4_xp)
DRV - [2007/05/09 22:51:34 | 000,041,888 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\LVUSBSta.sys -- (LVUSBSta)
DRV - [2007/05/09 22:47:00 | 001,276,832 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\LV302V32.SYS -- (PID_PEPI) Logitech QuickCam IM(PID_PEPI)
DRV - [2007/05/09 22:46:48 | 000,014,112 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\lv302af.sys -- (pepifilter)
DRV - [2006/08/12 20:53:27 | 000,012,464 | ---- | M] (Macrovision Europe Ltd) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\CdaD10BA.SYS -- (CdaD10BA)
DRV - [2006/02/20 10:43:19 | 000,010,344 | ---- | M] (Symantec Corporation) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\symlcbrd.sys -- (symlcbrd)
DRV - [2005/09/23 18:56:28 | 003,966,976 | ---- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\RtkHDAud.sys -- (IntcAzAudAddService) Service for Realtek HD Audio (WDM)
DRV - [2005/07/22 11:02:12 | 001,035,008 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\HSF_DPV.sys -- (HSF_DPV)
DRV - [2005/07/22 11:01:10 | 000,231,168 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\HSFHWBS2.sys -- (HSFHWBS2)
DRV - [2005/07/22 11:01:00 | 000,717,952 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\HSF_CNXT.sys -- (winachsf)
DRV - [2005/05/27 02:46:22 | 000,913,280 | R--- | M] (Logitech Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\LV302AV.SYS -- (PID_08A0) QuickCam IM(PID_08A0)
DRV - [2005/02/01 17:39:18 | 000,970,240 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ati2mtag.sys -- (ati2mtag)
DRV - [2005/01/07 16:07:16 | 000,145,920 | ---- | M] (Windows (R) Server 2003 DDK provider) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\Hdaudio.sys -- (HdAudAddService)
DRV - [2004/09/15 13:59:54 | 000,241,152 | ---- | M] (AVerMedia TECHNOLOGIES, Inc.) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\A88VidBB.sys -- (CX23880) AVerMedia AVerTV MPEG Video Capture (!)
DRV - [2004/09/15 11:30:58 | 000,296,576 | ---- | M] (AVerMedia TECHNOLOGIES, Inc.) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\A88EncBB.sys -- (CX88ENC)
DRV - [2004/09/15 11:29:38 | 000,010,112 | ---- | M] (AVerMedia TECHNOLOGIES, Inc.) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\A88BarBB.sys -- (CX88XBAR) AVerMedia AVerTV MPEG Crossbar (Dual-Input)
DRV - [2004/09/15 11:29:16 | 000,024,576 | ---- | M] (AVerMedia TECHNOLOGIES, Inc.) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\A88TunBB.sys -- (CXTUNE)
DRV - [2004/09/15 10:16:54 | 000,009,216 | ---- | M] (AVerMedia) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\A88AudBB.sys -- (CXAVSAUD)
DRV - [2004/09/07 16:29:37 | 000,028,352 | ---- | M] (MusicMatch, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\System32\drivers\MxlW2k.sys -- (MxlW2k)
DRV - [2004/06/17 15:55:04 | 001,041,536 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\HSF_DP.sys -- (HSF_DP)
DRV - [2004/03/22 11:27:20 | 000,042,936 | ---- | M] (Alcor Micro Corp.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\Sunkfilt39.sys -- (SunkFilt39)
DRV - [2004/03/22 11:01:38 | 000,040,564 | ---- | M] (Alcor Micro Corp.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\Sunkfilt.sys -- (SunkFilt)

========== Standard Registry (SafeList) ==========

========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,CustomSearch =

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,SearchDefaultBranded = 1
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/?fr=fp-yie8
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

FF - HKLM\software\mozilla\Firefox\Extensions\\[email protected]: C:\Program Files\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3 [2010/11/27 16:27:25 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Firefox\Extensions\\{7796FD67-9319-444C-88F2-7A247E0BBED9}: C:\Documents and Settings\Owner\Local Settings\Application Data\{7796FD67-9319-444C-88F2-7A247E0BBED9}
FF - HKLM\software\mozilla\Mozilla Firefox 3.5\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2010/12/09 00:44:38 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.5\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2011/04/06 22:07:52 | 000,000,000 | ---D | M]

[2010/09/15 14:34:55 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions
[2011/04/06 22:07:51 | 000,466,944 | ---- | M] (Catalina Marketing Corporation) -- C:\Program Files\Mozilla Firefox\plugins\NPcol400.dll
[2011/04/06 22:07:51 | 000,466,944 | ---- | M] (Catalina Marketing Corporation) -- C:\Program Files\Mozilla Firefox\plugins\NPcol500.dll

O1 HOSTS File: ([2011/05/13 13:50:18 | 000,000,027 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1    localhost
O2 - BHO: (&Yahoo! Toolbar Helper) - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn4\yt.dll (Yahoo! Inc.)
O2 - BHO: (Adobe PDF Reader Link Helper) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated)
O2 - BHO: (Spybot-S&D IE Protection) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
O2 - BHO: (EWPBrowseObject Class) - {68F9551E-0411-48E4-9AAF-4BC42A6A46BE} - C:\Program Files\Canon\Easy-WebPrint\EWPBrowseLoader.dll ()
O2 - BHO: (SSVHelper Class) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll (Sun Microsystems, Inc.)
O2 - BHO: (SingleInstance Class) - {FDAD4DA1-61A2-4FD8-9C17-86F7AC245081} - C:\Program Files\Yahoo!\Companion\Installs\cpn4\YTSingleInstance.dll (Yahoo! Inc)
O3 - HKLM\..\Toolbar: (Easy-WebPrint) - {327C2873-E90D-4c37-AA9D-10AC9BABA46C} - C:\Program Files\Canon\Easy-WebPrint\Toolband.dll ()
O3 - HKLM\..\Toolbar: (Yahoo! Toolbar) - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn4\yt.dll (Yahoo! Inc.)
O4 - HKLM..\Run: [AlcWzrd] C:\WINDOWS\ALCWZRD.EXE (RealTek Semicoductor Corp.)
O4 - HKLM..\Run: [CHotkey] C:\WINDOWS\zHotkey.exe ()
O4 - HKLM..\Run: [High Definition Audio Property Page Shortcut] C:\WINDOWS\System32\HdAShCut.exe (Windows (R) Server 2003 DDK provider)
O4 - HKLM..\Run: [SoundMan] C:\WINDOWS\SOUNDMAN.EXE (Realtek Semiconductor Corp.)
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\control panel present
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Infodelivery present
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\restrictions present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoCDBurning = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: LinkResolveIgnoreLinkInfo = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoResolveSearch = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: InstallVisualStyle = C:\WINDOWS\Resources\Themes\Royale\Royale.msstyles (Microsoft)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: InstallTheme = C:\WINDOWS\Resources\Themes\Royale.theme ()
O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Recovery present
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O9 - Extra 'Tools' menuitem : Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - Reg Error: Key error. File not found
O9 - Extra Button: Messenger - {4528BBE0-4E08-11D5-AD55-00010333D0AD} - C:\Program Files\Yahoo!\Companion\Modules\messmod2\v4\yhexbmes.dll (Yahoo! Inc.)
O9 - Extra 'Tools' menuitem : Yahoo! Messenger - {4528BBE0-4E08-11D5-AD55-00010333D0AD} - C:\Program Files\Yahoo!\Companion\Modules\messmod2\v4\yhexbmes.dll (Yahoo! Inc.)
O9 - Extra 'Tools' menuitem : Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
O16 - DPF: {02BF25D5-8C17-4B23-BC80-D3488ABDDC6B} http://www.apple.com/qtactivex/qtplugin.cab (QuickTime Object)
O16 - DPF: {0CCA191D-13A6-4E29-B746-314DEE697D83} http://upload.facebook.com/controls/2008.10.10_v5.5.8/FacebookPhotoUploader5.cab (Facebook Photo Uploader 5 Control)
O16 - DPF: {166B1BCA-3F9C-11CF-8075-444553540000} http://fpdownload.macromedia.com/get/shockwave/cabs/director/sw.cab (Shockwave ActiveX Control)
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} http://go.microsoft.com/fwlink/?linkid=48835 (Windows Genuine Advantage Validation Tool)
O16 - DPF: {26B2A5DA-BFD6-422F-A89A-28A54C74B12B} http://images3.pnimedia.com/ProductAssets/costcous/activex/v3_0_0_4/PhotoCenter_ActiveX_Control.cab (Photo Upload Plugin Class)
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} C:\Program Files\Yahoo!\Common\Yinsthelper.dll (Installation Support)
O16 - DPF: {406B5949-7190-4245-91A9-30A17DE16AD0} http://www.costcophotocenter.com/CostcoActivia.cab (Snapfish Activia)
O16 - DPF: {45A0A292-ECC6-4D8F-9EA9-A4BD411D24C1} http://games.king.com/ctl/kingcomie.cab (king.com)
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} http://www.update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1264368087191 (WUWebControl Class)
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} http://www.update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1264368078129 (MUWebControl Class)
O16 - DPF: {8100D56A-5661-482C-BEE8-AFECE305D968} http://upload.facebook.com/controls/2009.07.28_v5.5.8.1/FacebookPhotoUploader55.cab (Facebook Photo Uploader 5 Control)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_05-windows-i586.cab (Java Plug-in 1.6.0_05)
O16 - DPF: {9600F64D-755F-11D4-A47F-0001023E6D5A} http://web1.shutterfly.com/downloads/Uploader.cab (Shutterfly Picture Upload Plugin)
O16 - DPF: {AA07EBD2-EBDD-4BD6-9F8F-114BD513492C} http://disteng.nefficient.com/disteng/neffy/NeffyLauncher.cab (NeffyLauncherCtl Class)
O16 - DPF: {ABB660B6-6694-407B-950A-EDBA5A159722} http://download.games.yahoo.com/games/web_games/sony/davinci/DVCDownloadControl.cab (DVCDownloadControl)
O16 - DPF: {B3872502-F9FD-4E96-93FF-0D37298F0689} http://everquest2.station.sony.com/systemscan/soesysinfo.cab (SOESysInfo Control)
O16 - DPF: {BEA7310D-06C4-4339-A784-DC3804819809} http://images3.pnimedia.com/ProductAssets/costcous/activex/v3_0_0_7/PhotoCenter_ActiveX_Control.cab (Photo Upload Plugin Class)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_05-windows-i586.cab (Java Plug-in 1.6.0_05)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab (Shockwave Flash Object)
O16 - DPF: {D77EF652-9A6B-40C8-A4B9-1C0697C6CF41} http://download.games.yahoo.com/games/web_games/tikgames/cinematycoon/cinematycoon.cab (TikGames Online Control)
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab (get_atlcom Class)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 68.105.28.12 68.105.29.12 68.105.28.11
O18 - Protocol\Handler\bwfile-8876480 {9462A756-7B47-47BC-8C80-C34B9B80B32B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\GAPlugProtocol-8876480.dll (Logitech Inc.)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - Winlogon\Notify\AtiExtEvent: DllName - Ati2evxx.dll - C:\WINDOWS\System32\ati2evxx.dll (ATI Technologies Inc.)
O24 - Desktop WallPaper: C:\WINDOWS\Web\Wallpaper\Gateway.bmp
O24 - Desktop BackupWallPaper: C:\WINDOWS\Web\Wallpaper\Gateway.bmp
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2004/09/07 12:17:21 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O32 - AutoRun File - [2010/10/18 13:32:07 | 000,000,082 | RH-- | M] () - D:\autorun.inf -- [ CDFS ]
O32 - AutoRun File - [2003/07/10 15:09:09 | 000,000,111 | R--- | M] () - E:\AUTORUN.INF -- [ CDFS ]
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = ComFile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

========== Files/Folders - Created Within 30 Days ==========

[2011/05/13 13:44:02 | 000,000,000 | RHSD | C] -- C:\cmdcons
[2011/05/13 13:41:44 | 000,212,480 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWXCACLS.exe
[2011/05/13 13:41:44 | 000,161,792 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWREG.exe
[2011/05/13 13:41:44 | 000,136,704 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWSC.exe
[2011/05/13 13:41:44 | 000,031,232 | ---- | C] (NirSoft) -- C:\WINDOWS\NIRCMD.exe
[2011/05/13 13:41:37 | 000,000,000 | ---D | C] -- C:\WINDOWS\ERDNT
[2011/05/13 13:39:45 | 000,000,000 | ---D | C] -- C:\Qoobox
[2011/05/13 13:21:28 | 001,407,280 | ---- | C] (Kaspersky Lab ZAO) -- C:\Documents and Settings\Owner.YOUR-D26EF63B94\Desktop\TDSSKiller.exe
[2011/05/13 13:06:46 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Owner.YOUR-D26EF63B94\Desktop\JavaRA
[2011/05/13 12:03:03 | 000,000,000 | ---D | C] -- C:\_OTL
[2011/05/13 10:36:27 | 000,580,608 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\Owner.YOUR-D26EF63B94\Desktop\OTL.exe
[2011/05/13 09:37:09 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Owner.YOUR-D26EF63B94\Application Data\Malwarebytes
[2011/05/13 09:36:59 | 000,038,224 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbamswissarmy.sys
[2011/05/13 09:36:59 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\Malwarebytes' Anti-Malware
[2011/05/13 09:36:59 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Malwarebytes
[2011/05/13 09:36:55 | 000,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware
[2011/05/13 09:36:25 | 007,734,208 | ---- | C] (Malwarebytes Corporation     ) -- C:\Documents and Settings\Owner.YOUR-D26EF63B94\Desktop\mbam-setup-1.50.1.1100.exe
[2011/05/13 09:33:17 | 000,066,896 | ---- | C] (Malwarebytes Corporation) -- C:\Documents and Settings\Owner.YOUR-D26EF63B94\Desktop\mbam-clean.exe
[2011/05/13 09:25:47 | 000,446,464 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\Owner.YOUR-D26EF63B94\Desktop\TFC.exe
[2011/05/13 07:25:04 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Owner.YOUR-D26EF63B94\Start Menu\Programs\HiJackThis
[2011/05/13 07:25:03 | 000,000,000 | ---D | C] -- C:\Program Files\Trend Micro
[2011/05/13 07:04:04 | 000,000,000 | ---D | C] -- C:\unzipped rundll32.exe file
[2011/05/13 02:02:23 | 000,000,000 | R--D | C] -- C:\Documents and Settings\Owner.YOUR-D26EF63B94\Recent
[2011/05/12 19:07:05 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Owner.YOUR-D26EF63B94\Local Settings\Application Data\Adobe
[2011/05/12 15:40:24 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\Advanced SystemCare 4
[2011/05/12 15:40:18 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Owner.YOUR-D26EF63B94\Application Data\IObit
[2011/05/12 15:30:19 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Owner.YOUR-D26EF63B94\Application Data\Sammsoft
[2011/05/12 15:30:03 | 000,000,000 | ---D | C] -- C:\Program Files\ARO 2011
[2011/05/12 15:28:27 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Owner.YOUR-D26EF63B94\Application Data\Adobe
[2011/05/12 15:16:21 | 000,000,000 | -HSD | C] -- C:\Documents and Settings\Owner.YOUR-D26EF63B94\PrivacIE
[2011/05/12 15:16:20 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Owner.YOUR-D26EF63B94\Application Data\Yahoo!
[2011/05/12 15:16:15 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Owner.YOUR-D26EF63B94\Application Data\HPAppData
[2011/05/12 08:39:39 | 000,000,000 | -HSD | C] -- C:\Documents and Settings\Owner.YOUR-D26EF63B94\IETldCache
[2011/05/12 08:39:12 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Owner.YOUR-D26EF63B94\Application Data\CyberLink
[2011/05/12 08:39:12 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Owner.YOUR-D26EF63B94\Application Data\AOL
[2011/05/12 08:39:11 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Owner.YOUR-D26EF63B94\Application Data\Macromedia
[2011/05/12 08:39:11 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Owner.YOUR-D26EF63B94\Application Data\Identities
[2011/05/12 08:39:09 | 000,000,000 | --SD | C] -- C:\Documents and Settings\Owner.YOUR-D26EF63B94\Application Data\Microsoft
[2011/05/12 08:39:09 | 000,000,000 | R--D | C] -- C:\Documents and Settings\Owner.YOUR-D26EF63B94\Favorites
[2011/05/12 08:39:09 | 000,000,000 | R--D | C] -- C:\Documents and Settings\Owner.YOUR-D26EF63B94\Application Data
[2011/05/12 08:39:09 | 000,000,000 | -HSD | C] -- C:\Documents and Settings\Owner.YOUR-D26EF63B94\Cookies
[2011/05/12 08:39:09 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Owner.YOUR-D26EF63B94\Application Data\You've Got Pictures Screensaver
[2011/05/12 08:39:09 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Owner.YOUR-D26EF63B94\Application Data\Symantec
[2011/05/12 08:39:09 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Owner.YOUR-D26EF63B94\Application Data\Sun
[2011/05/12 08:39:09 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Owner.YOUR-D26EF63B94\Desktop
[2011/05/12 08:39:08 | 000,000,000 | R--D | C] -- C:\Documents and Settings\Owner.YOUR-D26EF63B94\Start Menu\Programs\Startup
[2011/05/12 08:39:08 | 000,000,000 | R--D | C] -- C:\Documents and Settings\Owner.YOUR-D26EF63B94\Start Menu
[2011/05/12 08:39:08 | 000,000,000 | R--D | C] -- C:\Documents and Settings\Owner.YOUR-D26EF63B94\SendTo
[2011/05/12 08:39:08 | 000,000,000 | R--D | C] -- C:\Documents and Settings\Owner.YOUR-D26EF63B94\My Documents\My Videos
[2011/05/12 08:39:08 | 000,000,000 | R--D | C] -- C:\Documents and Settings\Owner.YOUR-D26EF63B94\My Documents\My Pictures
[2011/05/12 08:39:08 | 000,000,000 | R--D | C] -- C:\Documents and Settings\Owner.YOUR-D26EF63B94\My Documents\My Music
[2011/05/12 08:39:08 | 000,000,000 | R--D | C] -- C:\Documents and Settings\Owner.YOUR-D26EF63B94\My Documents
[2011/05/12 08:39:08 | 000,000,000 | R--D | C] -- C:\Documents and Settings\Owner.YOUR-D26EF63B94\Start Menu\Programs\Accessories
[2011/05/12 08:39:08 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Owner.YOUR-D26EF63B94\PrintHood
[2011/05/12 08:39:08 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Owner.YOUR-D26EF63B94\NetHood
[2011/05/12 08:39:08 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Owner.YOUR-D26EF63B94\Local Settings\Application Data\Microsoft
[2011/05/12 08:39:08 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Owner.YOUR-D26EF63B94\Local Settings
[2011/05/12 08:39:08 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Owner.YOUR-D26EF63B94\My Documents\CyberLink
[2011/05/12 08:39:08 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Owner.YOUR-D26EF63B94\Local Settings\Application Data\ApplicationHistory
[2011/05/12 08:39:08 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Owner.YOUR-D26EF63B94\Local Settings\Application Data\{7148F0A6-6813-11D6-A77B-00B0D0142000}
[2011/05/12 08:39:07 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Owner.YOUR-D26EF63B94\Templates
[2011/05/11 09:39:22 | 000,000,000 | ---D | C] -- C:\Documents and Settings\NetworkService\Local Settings\Application Data\PCHealth
[2011/05/10 10:02:26 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\ODBC
[2011/04/14 09:27:43 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\TaxCut

========== Files - Modified Within 30 Days ==========

[2011/05/13 13:50:18 | 000,000,027 | ---- | M] () -- C:\WINDOWS\System32\drivers\etc\hosts
[2011/05/13 13:44:05 | 000,000,325 | RHS- | M] () -- C:\boot.ini
[2011/05/13 13:38:31 | 004,347,339 | R--- | M] () -- C:\Documents and Settings\Owner.YOUR-D26EF63B94\Desktop\ComboFix.exe
[2011/05/13 13:13:36 | 000,002,148 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2011/05/13 13:06:05 | 000,160,350 | ---- | M] () -- C:\Documents and Settings\Owner.YOUR-D26EF63B94\Desktop\JavaRa.zip
[2011/05/13 13:00:51 | 000,012,796 | ---- | M] () -- C:\Documents and Settings\Owner.YOUR-D26EF63B94\Desktop\rundll32.zip
[2011/05/13 12:49:45 | 001,407,280 | ---- | M] (Kaspersky Lab ZAO) -- C:\Documents and Settings\Owner.YOUR-D26EF63B94\Desktop\TDSSKiller.exe
[2011/05/13 12:48:13 | 001,280,208 | ---- | M] () -- C:\Documents and Settings\Owner.YOUR-D26EF63B94\Desktop\tdsskiller.zip
[2011/05/13 12:23:20 | 000,002,479 | ---- | M] () -- C:\Documents and Settings\Owner.YOUR-D26EF63B94\Desktop\HiJackThis.lnk
[2011/05/13 12:12:56 | 000,075,264 | ---- | M] () -- C:\Documents and Settings\Owner.YOUR-D26EF63B94\Desktop\SystemLook.exe
[2011/05/13 10:36:28 | 000,580,608 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Owner.YOUR-D26EF63B94\Desktop\OTL.exe
[2011/05/13 09:36:59 | 000,000,784 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Malwarebytes' Anti-Malware.lnk
[2011/05/13 09:36:33 | 007,734,208 | ---- | M] (Malwarebytes Corporation     ) -- C:\Documents and Settings\Owner.YOUR-D26EF63B94\Desktop\mbam-setup-1.50.1.1100.exe
[2011/05/13 09:33:20 | 000,066,896 | ---- | M] (Malwarebytes Corporation) -- C:\Documents and Settings\Owner.YOUR-D26EF63B94\Desktop\mbam-clean.exe
[2011/05/13 09:27:24 | 000,446,464 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Owner.YOUR-D26EF63B94\Desktop\TFC.exe
[2011/05/13 07:24:37 | 001,402,880 | ---- | M] () -- C:\Documents and Settings\Owner.YOUR-D26EF63B94\Desktop\HiJackThis.msi
[2011/05/12 15:15:38 | 000,001,945 | ---- | M] () -- C:\WINDOWS\epplauncher.mif
[2011/05/12 11:56:47 | 000,295,664 | ---- | M] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2011/05/12 10:19:43 | 000,000,662 | ---- | M] () -- C:\Documents and Settings\Owner.YOUR-D26EF63B94\Desktop\System Restore.lnk
[2011/05/12 08:51:03 | 000,000,474 | ---- | M] () -- C:\Documents and Settings\Owner.YOUR-D26EF63B94\My Documents\cc_20110512_085055.reg
[2011/05/12 08:50:36 | 000,037,298 | ---- | M] () -- C:\Documents and Settings\Owner.YOUR-D26EF63B94\My Documents\cc_20110512_085030.reg
[2011/05/12 08:47:44 | 000,000,695 | ---- | M] () -- C:\Documents and Settings\Owner.YOUR-D26EF63B94\Desktop\Spybot.lnk
[2011/05/12 08:45:00 | 000,000,702 | ---- | M] () -- C:\Documents and Settings\Owner.YOUR-D26EF63B94\Desktop\CAYahooAntiSpy.lnk
[2011/05/12 08:43:40 | 000,000,688 | ---- | M] () -- C:\Documents and Settings\Owner.YOUR-D26EF63B94\Desktop\Shortcut to mbam.lnk
[2011/05/12 08:43:25 | 000,000,622 | ---- | M] () -- C:\Documents and Settings\Owner.YOUR-D26EF63B94\Desktop\CCleaner.lnk
[2011/05/12 08:39:58 | 000,000,815 | ---- | M] () -- C:\Documents and Settings\Owner.YOUR-D26EF63B94\Application Data\Microsoft\Internet Explorer\Quick Launch\Launch Internet Explorer Browser.lnk
[2011/05/12 08:39:46 | 000,001,478 | ---- | M] () -- C:\Documents and Settings\Owner.YOUR-D26EF63B94\Application Data\Microsoft\Internet Explorer\Quick Launch\Media Center.lnk
[2011/05/12 07:12:37 | 000,441,042 | R--- | M] () -- C:\WINDOWS\System32\drivers\etc\hosts.20110512-085451.backup
[2011/04/26 23:18:35 | 000,441,042 | R--- | M] () -- C:\WINDOWS\System32\drivers\etc\hosts.20110512-071237.backup

========== Files Created - No Company Name ==========

[2011/05/13 13:44:05 | 000,000,209 | ---- | C] () -- C:\Boot.bak
[2011/05/13 13:44:04 | 000,260,272 | RHS- | C] () -- C:\cmldr
[2011/05/13 13:41:44 | 000,256,512 | ---- | C] () -- C:\WINDOWS\PEV.exe
[2011/05/13 13:41:44 | 000,098,816 | ---- | C] () -- C:\WINDOWS\sed.exe
[2011/05/13 13:41:44 | 000,089,088 | ---- | C] () -- C:\WINDOWS\MBR.exe
[2011/05/13 13:41:44 | 000,080,412 | ---- | C] () -- C:\WINDOWS\grep.exe
[2011/05/13 13:41:44 | 000,068,096 | ---- | C] () -- C:\WINDOWS\zip.exe
[2011/05/13 13:38:26 | 004,347,339 | R--- | C] () -- C:\Documents and Settings\Owner.YOUR-D26EF63B94\Desktop\ComboFix.exe
[2011/05/13 13:06:05 | 000,160,350 | ---- | C] () -- C:\Documents and Settings\Owner.YOUR-D26EF63B94\Desktop\JavaRa.zip
[2011/05/13 13:00:48 | 000,012,796 | ---- | C] () -- C:\Documents and Settings\Owner.YOUR-D26EF63B94\Desktop\rundll32.zip
[2011/05/13 12:47:59 | 001,280,208 | ---- | C] () -- C:\Documents and Settings\Owner.YOUR-D26EF63B94\Desktop\tdsskiller.zip
[2011/05/13 12:12:47 | 000,075,264 | ---- | C] () -- C:\Documents and Settings\Owner.YOUR-D26EF63B94\Desktop\SystemLook.exe
[2011/05/13 09:36:59 | 000,000,784 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Malwarebytes' Anti-Malware.lnk
[2011/05/13 07:25:04 | 000,002,479 | ---- | C] () -- C:\Documents and Settings\Owner.YOUR-D26EF63B94\Desktop\HiJackThis.lnk
[2011/05/13 07:24:15 | 001,402,880 | ---- | C] () -- C:\Documents and Settings\Owner.YOUR-D26EF63B94\Desktop\HiJackThis.msi
[2011/05/12 11:57:06 | 000,002,148 | ---- | C] () -- C:\WINDOWS\System32\wpa.dbl
[2011/05/12 11:56:47 | 000,295,664 | ---- | C] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2011/05/12 10:19:43 | 000,000,662 | ---- | C] () -- C:\Documents and Settings\Owner.YOUR-D26EF63B94\Desktop\System Restore.lnk
[2011/05/12 08:50:58 | 000,000,474 | ---- | C] () -- C:\Documents and Settings\Owner.YOUR-D26EF63B94\My Documents\cc_20110512_085055.reg
[2011/05/12 08:50:34 | 000,037,298 | ---- | C] () -- C:\Documents and Settings\Owner.YOUR-D26EF63B94\My Documents\cc_20110512_085030.reg
[2011/05/12 08:47:44 | 000,000,695 | ---- | C] () -- C:\Documents and Settings\Owner.YOUR-D26EF63B94\Desktop\Spybot.lnk
[2011/05/12 08:45:00 | 000,000,702 | ---- | C] () -- C:\Documents and Settings\Owner.YOUR-D26EF63B94\Desktop\CAYahooAntiSpy.lnk
[2011/05/12 08:43:40 | 000,000,688 | ---- | C] () -- C:\Documents and Settings\Owner.YOUR-D26EF63B94\Desktop\Shortcut to mbam.lnk
[2011/05/12 08:43:25 | 000,000,622 | ---- | C] () -- C:\Documents and Settings\Owner.YOUR-D26EF63B94\Desktop\CCleaner.lnk
[2011/05/12 08:39:50 | 000,000,788 | ---- | C] () -- C:\Documents and Settings\Owner.YOUR-D26EF63B94\Start Menu\Programs\Windows Media Player.lnk
[2011/05/12 08:39:46 | 000,001,478 | ---- | C] () -- C:\Documents and Settings\Owner.YOUR-D26EF63B94\Application Data\Microsoft\Internet Explorer\Quick Launch\Media Center.lnk
[2011/05/12 08:39:22 | 000,001,769 | ---- | C] () -- C:\Documents and Settings\Owner.YOUR-D26EF63B94\Application Data\Microsoft\Internet Explorer\Quick Launch\MUSICMATCH Jukebox.lnk
[2011/05/12 08:39:22 | 000,000,815 | ---- | C] () -- C:\Documents and Settings\Owner.YOUR-D26EF63B94\Application Data\Microsoft\Internet Explorer\Quick Launch\Launch Internet Explorer Browser.lnk
[2011/05/12 08:39:22 | 000,000,742 | ---- | C] () -- C:\Documents and Settings\Owner.YOUR-D26EF63B94\Application Data\Microsoft\Internet Explorer\Quick Launch\QuickTime Player.lnk
[2011/05/12 08:39:22 | 000,000,669 | ---- | C] () -- C:\Documents and Settings\Owner.YOUR-D26EF63B94\Application Data\Microsoft\Internet Explorer\Quick Launch\America Online 9.0.lnk
[2011/05/12 08:39:22 | 000,000,079 | ---- | C] () -- C:\Documents and Settings\Owner.YOUR-D26EF63B94\Application Data\Microsoft\Internet Explorer\Quick Launch\Show Desktop.scf
[2011/05/12 08:39:20 | 000,000,136 | ---- | C] () -- C:\Documents and Settings\Owner.YOUR-D26EF63B94\Local Settings\Application Data\fusioncache.dat
[2011/05/12 08:39:17 | 000,000,206 | ---- | C] () -- C:\Documents and Settings\Owner.YOUR-D26EF63B94\My Documents\Yahoo! Briefcase.url
[2011/05/12 08:39:14 | 000,000,803 | ---- | C] () -- C:\Documents and Settings\Owner.YOUR-D26EF63B94\Start Menu\Programs\Internet Explorer.lnk
[2011/05/12 08:39:13 | 000,001,599 | ---- | C] () -- C:\Documents and Settings\Owner.YOUR-D26EF63B94\Start Menu\Programs\Remote Assistance.lnk
[2010/12/09 00:19:57 | 000,045,056 | ---- | C] () -- C:\WINDOWS\System32\KmRemove.exe
[2010/12/02 21:52:30 | 000,000,000 | ---- | C] () -- C:\WINDOWS\hpqEmlSz.INI
[2010/11/27 16:19:40 | 000,205,118 | ---- | C] () -- C:\WINDOWS\hpwins26.dat
[2010/11/27 16:19:39 | 000,000,370 | ---- | C] () -- C:\WINDOWS\hpwmdl26.dat
[2010/06/13 10:39:10 | 000,000,056 | ---- | C] () -- C:\WINDOWS\System32\ezsidmv.dat
[2010/05/20 16:31:13 | 000,038,576 | ---- | C] () -- C:\WINDOWS\System32\w3ctrs.ini
[2010/05/20 16:31:12 | 000,011,435 | ---- | C] () -- C:\WINDOWS\System32\infoctrs.ini
[2010/05/20 16:31:12 | 000,010,225 | ---- | C] () -- C:\WINDOWS\System32\axperf.ini
[2008/07/12 20:44:09 | 000,032,549 | ---- | C] () -- C:\WINDOWS\king-uninstall.exe
[2006/11/20 10:21:10 | 000,008,704 | ---- | C] () -- C:\WINDOWS\System32\CNMVS7R.DLL
[2006/11/20 10:20:27 | 000,040,960 | ---- | C] () -- C:\WINDOWS\System32\IPPCPUID.DLL
[2006/11/20 10:19:54 | 000,011,776 | ---- | C] () -- C:\WINDOWS\System32\pmsbfn32.dll
[2006/08/10 13:31:42 | 000,000,022 | ---- | C] () -- C:\WINDOWS\kodakpcd.Owner.ini
[2006/07/17 21:39:38 | 000,118,784 | R--- | C] () -- C:\WINDOWS\bwUnin-7.2.0.157-8876480SL.exe
[2006/07/04 09:15:51 | 000,057,126 | ---- | C] () -- C:\WINDOWS\System32\lvcoinst.ini
[2006/07/04 09:09:19 | 000,053,248 | R--- | C] () -- C:\WINDOWS\System32\InstMed.exe
[2006/07/04 09:07:45 | 000,081,920 | R--- | C] () -- C:\WINDOWS\bwUnin-6.1.4.68-8876480L.exe
[2006/06/24 23:40:10 | 000,000,137 | ---- | C] () -- C:\Documents and Settings\NetworkService\Local Settings\Application Data\fusioncache.dat
[2006/04/16 17:37:32 | 000,000,000 | ---- | C] () -- C:\WINDOWS\iPlayer.INI
[2006/04/03 10:28:10 | 000,000,053 | ---- | C] () -- C:\WINDOWS\WININIT.INI
[2006/04/03 10:28:03 | 000,000,000 | ---- | C] () -- C:\WINDOWS\SETUP32.INI
[2005/08/15 16:34:37 | 000,040,960 | ---- | C] () -- C:\WINDOWS\System32\ChCfg.exe
[2005/08/05 14:01:54 | 000,235,008 | ---- | C] () -- C:\WINDOWS\System32\psisdecd.dll
[2005/04/28 12:46:18 | 000,516,096 | ---- | C] () -- C:\WINDOWS\System32\ati2sgag.exe
[2005/03/24 21:44:08 | 000,000,009 | ---- | C] () -- C:\WINDOWS\Debug.ini
[2005/03/05 06:15:41 | 000,001,793 | ---- | C] () -- C:\WINDOWS\System32\fxsperf.ini
[2004/12/27 13:39:47 | 000,000,754 | ---- | C] () -- C:\WINDOWS\WORDPAD.INI
[2004/12/20 13:48:50 | 000,073,845 | ---- | C] () -- C:\WINDOWS\System32\atiicdxx.dat
[2004/10/31 21:27:02 | 002,031,629 | ---- | C] () -- C:\Program Files\Winziptransfer.zip
[2004/10/31 07:39:26 | 000,000,049 | ---- | C] () -- C:\WINDOWS\NeroDigital.ini
[2004/10/30 23:05:01 | 000,000,002 | ---- | C] () -- C:\WINDOWS\msoffice.ini
[2004/09/07 17:16:48 | 000,000,061 | ---- | C] () -- C:\WINDOWS\smscfg.ini
[2004/09/07 14:43:08 | 000,036,864 | ---- | C] () -- C:\WINDOWS\ShowWnd.exe
[2004/09/07 14:43:07 | 000,543,232 | ---- | C] () -- C:\WINDOWS\zHotkey.exe
[2004/09/07 14:43:07 | 000,532,544 | ---- | C] () -- C:\WINDOWS\PIC.dll
[2004/09/07 14:43:07 | 000,024,576 | ---- | C] () -- C:\WINDOWS\HKNTDLL.dll
[2004/09/07 12:37:45 | 000,000,335 | ---- | C] () -- C:\WINDOWS\nsreg.dat
[2004/09/07 12:14:32 | 000,021,640 | ---- | C] () -- C:\WINDOWS\System32\emptyregdb.dat
[2004/09/07 11:54:20 | 000,000,914 | ---- | C] () -- C:\WINDOWS\System32\oeminfo.ini
[2004/09/07 11:54:20 | 000,000,502 | ---- | C] () -- C:\WINDOWS\System32\emver.ini
[2004/09/07 11:53:59 | 000,272,128 | ---- | C] () -- C:\WINDOWS\System32\perfi009.dat
[2004/09/07 11:53:59 | 000,028,626 | ---- | C] () -- C:\WINDOWS\System32\perfd009.dat
[2004/09/07 11:53:59 | 000,004,569 | ---- | C] () -- C:\WINDOWS\System32\secupd.dat
[2004/09/07 11:53:58 | 013,107,200 | ---- | C] () -- C:\WINDOWS\System32\oembios.bin
[2004/09/07 11:53:58 | 000,005,151 | ---- | C] () -- C:\WINDOWS\System32\oembios.dat
[2004/09/07 11:53:58 | 000,000,741 | ---- | C] () -- C:\WINDOWS\System32\noise.dat
[2004/09/07 11:53:56 | 000,673,088 | ---- | C] () -- C:\WINDOWS\System32\mlang.dat
[2004/09/07 11:53:56 | 000,046,258 | ---- | C] () -- C:\WINDOWS\System32\mib.bin
[2004/09/07 11:53:54 | 000,218,003 | ---- | C] () -- C:\WINDOWS\System32\dssec.dat
[2004/09/07 11:53:52 | 000,001,804 | ---- | C] () -- C:\WINDOWS\System32\dcache.bin
[2004/09/07 05:09:26 | 000,004,161 | ---- | C] () -- C:\WINDOWS\ODBCINST.INI
[1999/01/27 12:39:06 | 000,065,024 | ---- | C] () -- C:\WINDOWS\System32\indounin.dll
[1997/06/13 18:56:08 | 000,056,832 | ---- | C] () -- C:\WINDOWS\System32\Iyvu9_32.dll
[1997/03/31 23:00:00 | 001,664,272 | ---- | C] () -- C:\WINDOWS\System32\MSO97V.DLL
[1997/03/31 23:00:00 | 000,022,016 | ---- | C] () -- C:\WINDOWS\System32\DOCOBJ.DLL
[1997/03/31 23:00:00 | 000,016,384 | ---- | C] () -- C:\WINDOWS\System32\MSORFS.DLL
[1997/03/31 23:00:00 | 000,012,288 | ---- | C] () -- C:\WINDOWS\System32\HLINKPRX.DLL

========== LOP Check ==========

[2006/04/03 10:30:22 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Broderbund
[2011/04/01 12:08:19 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Nexon
[2011/04/01 12:05:44 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\NexonUS
[2011/04/09 21:02:30 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\PMB Files
[2006/08/12 20:54:12 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\SkillJam
[2006/08/01 23:36:42 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\SonyPicturesGames
[2009/09/26 15:47:00 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\STOPzilla!
[2011/04/14 09:27:43 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\TaxCut
[2009/09/26 15:46:57 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\TEMP
[2010/09/15 14:38:44 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Viewpoint
[2011/05/12 15:40:18 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner.YOUR-D26EF63B94\Application Data\IObit
[2011/05/12 15:30:19 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner.YOUR-D26EF63B94\Application Data\Sammsoft

========== Purity Check ==========

< End of report >

I use Internet Explorer, I dont think i've ever used Firefox and if its on my comp, I have no idea how it got there, lol.

Tech Clinic / Missing Rundll32.exe/Virus/Trojan arrrrgghhh

« on: May 13, 2011, 03:37:45 PM »

You may want to hit me for leaving this out earlier, but until I got back into the control panel functions, I had forgotten about this:

Microsoft Security Essentials seemed to be seriously compromised by this virus, would not let anything be touched, firewall turned off, virus protection off...and now that I see it in the Control Panel, I'm scared as hell to even click near it, lol.

Only other thing to add to this mess, is that if I try to navigate around the internet, I get iffy results. Sometimes it goes where it is supposed to, other times it gets redirected. Anything microsoft related, it will not let me go, always a redirect. I was suprised it let me go here, honestly. Details of this issue are varied, but in example:

I use search to find virus protection, it gives the usual list of choices, I pick one and it starts to go where it says, then it gets derailed to somewhere else. Of course, while I was typing this, I rechecked this issue and its not happening at the moment, lol.

Anyway, just adding info as I remember, encounter or stumble over it, thanks.

Tech Clinic / Missing Rundll32.exe/Virus/Trojan arrrrgghhh

« on: May 13, 2011, 03:26:32 PM »

It now allows me to open programs in my control panel, but (and this may be something i have to live with, I'm just checking that I did it right) when I do click on Add/Remove Programs or any other Control Panel function I get a:

Open File - Security Warning

The publisher could not be be verified. Are you sure you want to run this software?

Name: rundll32.exe
Publisher: Unknown Publisher
Type: Application
From: C:\WINDOWS\system32

run/cancel

always ask before opening this file? (checked)

This file does not have a valid digital signature that verifies its publisher. You should only run software from publishers you trust..blahblahblah

This might be an easy one, but I should probably just uncheck the "always ask" or did I do something incorrect?

Either way, it works thats a step in the right direction=D Thank you.

Tech Clinic / Missing Rundll32.exe/Virus/Trojan arrrrgghhh

« on: May 13, 2011, 02:59:47 PM »

2011/05/13 12:50:18.0265 3192 TDSS rootkit removing tool 2.5.1.0 May 13 2011 13:20:29
2011/05/13 12:50:18.0843 3192 ================================================================================
2011/05/13 12:50:18.0843 3192 SystemInfo:
2011/05/13 12:50:18.0843 3192
2011/05/13 12:50:18.0843 3192 OS Version: 5.1.2600 ServicePack: 3.0
2011/05/13 12:50:18.0843 3192 Product type: Workstation
2011/05/13 12:50:18.0843 3192 ComputerName: YOUR-D26EF63B94
2011/05/13 12:50:18.0843 3192 UserName: Owner
2011/05/13 12:50:18.0843 3192 Windows directory: C:\WINDOWS
2011/05/13 12:50:18.0843 3192 System windows directory: C:\WINDOWS
2011/05/13 12:50:18.0843 3192 Processor architecture: Intel x86
2011/05/13 12:50:18.0843 3192 Number of processors: 2
2011/05/13 12:50:18.0843 3192 Page size: 0x1000
2011/05/13 12:50:18.0843 3192 Boot type: Normal boot
2011/05/13 12:50:18.0843 3192 ================================================================================
2011/05/13 12:50:19.0250 3192 Initialize success
2011/05/13 12:50:27.0890 1092 ================================================================================
2011/05/13 12:50:27.0890 1092 Scan started
2011/05/13 12:50:27.0890 1092 Mode: Manual;
2011/05/13 12:50:27.0890 1092 ================================================================================
2011/05/13 12:50:28.0906 1092 ACPI     (8fd99680a539792a30e97944fdaecf17) C:\WINDOWS\system32\DRIVERS\ACPI.sys
2011/05/13 12:50:28.0984 1092 ACPIEC     (9859c0f6936e723e4892d7141b1327d5) C:\WINDOWS\system32\drivers\ACPIEC.sys
2011/05/13 12:50:29.0046 1092 aec    (8bed39e3c35d6a489438b8141717a557) C:\WINDOWS\system32\drivers\aec.sys
2011/05/13 12:50:29.0109 1092 AFD    (7618d5218f2a614672ec61a80d854a37) C:\WINDOWS\System32\drivers\afd.sys
2011/05/13 12:50:29.0312 1092 Arp1394    (b5b8a80875c1dededa8b02765642c32f) C:\WINDOWS\system32\DRIVERS\arp1394.sys
2011/05/13 12:50:29.0453 1092 AsyncMac     (b153affac761e7f5fcfa822b9c4e97bc) C:\WINDOWS\system32\DRIVERS\asyncmac.sys
2011/05/13 12:50:29.0468 1092 atapi    (9f3a2f5aa6875c72bf062c712cfa2674) C:\WINDOWS\system32\DRIVERS\atapi.sys
2011/05/13 12:50:29.0593 1092 ati2mtag     (e42f83f1e85cf0b9f9873851543dcd9d) C:\WINDOWS\system32\DRIVERS\ati2mtag.sys
2011/05/13 12:50:29.0656 1092 Atmarpc    (9916c1225104ba14794209cfa8012159) C:\WINDOWS\system32\DRIVERS\atmarpc.sys
2011/05/13 12:50:29.0718 1092 audstub    (d9f724aa26c010a217c97606b160ed68) C:\WINDOWS\system32\DRIVERS\audstub.sys
2011/05/13 12:50:29.0781 1092 Beep     (da1f27d85e0d1525f6621372e7b685e9) C:\WINDOWS\system32\drivers\Beep.sys
2011/05/13 12:50:29.0843 1092 cbidf2k    (90a673fc8e12a79afbed2576f6a7aaf9) C:\WINDOWS\system32\drivers\cbidf2k.sys
2011/05/13 12:50:29.0875 1092 CCDECODE     (0be5aef125be881c4f854c554f2b025c) C:\WINDOWS\system32\DRIVERS\CCDECODE.sys
2011/05/13 12:50:30.0203 1092 CdaD10BA     (841cefab8228ee691705d059e7f21c47) C:\WINDOWS\system32\drivers\CdaD10BA.SYS
2011/05/13 12:50:30.0265 1092 Cdaudio    (c1b486a7658353d33a10cc15211a873b) C:\WINDOWS\system32\drivers\Cdaudio.sys
2011/05/13 12:50:30.0296 1092 Cdfs     (c885b02847f5d2fd45a24e219ed93b32) C:\WINDOWS\system32\drivers\Cdfs.sys
2011/05/13 12:50:30.0359 1092 Cdr4_xp    (223dea13c9d064babc882b4727f6f905) C:\WINDOWS\system32\drivers\Cdr4_xp.sys
2011/05/13 12:50:30.0390 1092 Cdralw2k     (9e26599599d178e71afb5599e146031a) C:\WINDOWS\system32\drivers\Cdralw2k.sys
2011/05/13 12:50:30.0437 1092 Cdrom    (4b0a100eaf5c49ef3cca8c641431eacc) C:\WINDOWS\system32\DRIVERS\cdrom.sys
2011/05/13 12:50:30.0593 1092 CX23880    (0cdad5c0e3634b0c3fae91a61b419143) C:\WINDOWS\system32\drivers\A88VidBB.sys
2011/05/13 12:50:30.0656 1092 CX88ENC    (a1b918bb5df62d48596863b3a6c7a1db) C:\WINDOWS\system32\drivers\A88EncBB.sys
2011/05/13 12:50:30.0687 1092 CX88XBAR     (e4d09bae3963745930eedbaeb32264a1) C:\WINDOWS\system32\drivers\A88BarBB.sys
2011/05/13 12:50:30.0703 1092 CXAVSAUD     (79127a6522c4c858c407e9685971c8fd) C:\WINDOWS\system32\drivers\A88AudBB.sys
2011/05/13 12:50:30.0734 1092 CXTUNE     (feb738a2aa102e35e22061ef07b87081) C:\WINDOWS\system32\drivers\A88TunBB.sys
2011/05/13 12:50:30.0828 1092 Disk     (044452051f3e02e7963599fc8f4f3e25) C:\WINDOWS\system32\DRIVERS\disk.sys
2011/05/13 12:50:30.0921 1092 dmboot     (d992fe1274bde0f84ad826acae022a41) C:\WINDOWS\system32\drivers\dmboot.sys
2011/05/13 12:50:31.0031 1092 dmio     (7c824cf7bbde77d95c08005717a95f6f) C:\WINDOWS\system32\drivers\dmio.sys
2011/05/13 12:50:31.0062 1092 dmload     (e9317282a63ca4d188c0df5e09c6ac5f) C:\WINDOWS\system32\drivers\dmload.sys
2011/05/13 12:50:31.0125 1092 DMusic     (8a208dfcf89792a484e76c40e5f50b45) C:\WINDOWS\system32\drivers\DMusic.sys
2011/05/13 12:50:31.0203 1092 drmkaud    (8f5fcff8e8848afac920905fbd9d33c8) C:\WINDOWS\system32\drivers\drmkaud.sys
2011/05/13 12:50:31.0296 1092 Fastfat    (38d332a6d56af32635675f132548343e) C:\WINDOWS\system32\drivers\Fastfat.sys
2011/05/13 12:50:31.0343 1092 Fdc    (92cdd60b6730b9f50f6a1a0c1f8cdc81) C:\WINDOWS\system32\drivers\Fdc.sys
2011/05/13 12:50:31.0375 1092 Fips     (d45926117eb9fa946a6af572fbe1caa3) C:\WINDOWS\system32\drivers\Fips.sys
2011/05/13 12:50:31.0406 1092 Flpydisk     (9d27e7b80bfcdf1cdd9b555862d5e7f0) C:\WINDOWS\system32\drivers\Flpydisk.sys
2011/05/13 12:50:31.0437 1092 FltMgr     (b2cf4b0786f8212cb92ed2b50c6db6b0) C:\WINDOWS\system32\drivers\fltmgr.sys
2011/05/13 12:50:31.0468 1092 Fs_Rec     (3e1e2bd4f39b0e2b7dc4f4d2bcc2779a) C:\WINDOWS\system32\drivers\Fs_Rec.sys
2011/05/13 12:50:31.0500 1092 Ftdisk     (6ac26732762483366c3969c9e4d2259d) C:\WINDOWS\system32\DRIVERS\ftdisk.sys
2011/05/13 12:50:31.0578 1092 GEARAspiWDM    (4ac51459805264affd5f6fdfb9d9235f) C:\WINDOWS\system32\Drivers\GEARAspiWDM.sys
2011/05/13 12:50:31.0609 1092 Gpc    (0a02c63c8b144bd8c86b103dee7c86a2) C:\WINDOWS\system32\DRIVERS\msgpc.sys
2011/05/13 12:50:31.0656 1092 HdAudAddService (2a013e7530beab6e569faa83f517e836) C:\WINDOWS\system32\drivers\HdAudio.sys
2011/05/13 12:50:31.0703 1092 HDAudBus     (573c7d0a32852b48f3058cfd8026f511) C:\WINDOWS\system32\DRIVERS\HDAudBus.sys
2011/05/13 12:50:31.0750 1092 HidIr    (bb1a6fb7d35a91e599973fa74a619056) C:\WINDOWS\system32\DRIVERS\hidir.sys
2011/05/13 12:50:31.0781 1092 HidUsb     (ccf82c5ec8a7326c3066de870c06daf1) C:\WINDOWS\system32\DRIVERS\hidusb.sys
2011/05/13 12:50:31.0906 1092 HPZid412     (d03d10f7ded688fecf50f8fbf1ea9b8a) C:\WINDOWS\system32\DRIVERS\HPZid412.sys
2011/05/13 12:50:31.0937 1092 HPZipr12     (89f41658929393487b6b7d13c8528ce3) C:\WINDOWS\system32\DRIVERS\HPZipr12.sys
2011/05/13 12:50:32.0015 1092 HPZius12     (abcb05ccdbf03000354b9553820e39f8) C:\WINDOWS\system32\DRIVERS\HPZius12.sys
2011/05/13 12:50:32.0078 1092 HSFHWBS2     (b6b0721a86e51d141ec55c3cc1ca5686) C:\WINDOWS\system32\DRIVERS\HSFHWBS2.sys
2011/05/13 12:50:32.0156 1092 HSF_DP     (b2dfc168d6f7512faea085253c5a37ad) C:\WINDOWS\system32\DRIVERS\HSF_DP.sys
2011/05/13 12:50:32.0265 1092 HSF_DPV    (698204d9c2832e53633e53a30a53fc3d) C:\WINDOWS\system32\DRIVERS\HSF_DPV.sys
2011/05/13 12:50:32.0375 1092 HTTP     (f80a415ef82cd06ffaf0d971528ead38) C:\WINDOWS\system32\Drivers\HTTP.sys
2011/05/13 12:50:32.0468 1092 i8042prt     (4a0b06aa8943c1e332520f7440c0aa30) C:\WINDOWS\system32\DRIVERS\i8042prt.sys
2011/05/13 12:50:32.0531 1092 Imapi    (083a052659f5310dd8b6a6cb05edcf8e) C:\WINDOWS\system32\DRIVERS\imapi.sys
2011/05/13 12:50:32.0734 1092 IntcAzAudAddService (a30685283f90ae02f1cd50972c6065e3) C:\WINDOWS\system32\drivers\RtkHDAud.sys
2011/05/13 12:50:32.0890 1092 IntelIde     (b5466a9250342a7aa0cd1fba13420678) C:\WINDOWS\system32\DRIVERS\intelide.sys
2011/05/13 12:50:32.0953 1092 intelppm     (8c953733d8f36eb2133f5bb58808b66b) C:\WINDOWS\system32\DRIVERS\intelppm.sys
2011/05/13 12:50:32.0984 1092 Ip6Fw    (3bb22519a194418d5fec05d800a19ad0) C:\WINDOWS\system32\drivers\ip6fw.sys
2011/05/13 12:50:33.0015 1092 IpInIp     (b87ab476dcf76e72010632b5550955f5) C:\WINDOWS\system32\DRIVERS\ipinip.sys
2011/05/13 12:50:33.0046 1092 IpNat    (cc748ea12c6effde940ee98098bf96bb) C:\WINDOWS\system32\DRIVERS\ipnat.sys
2011/05/13 12:50:33.0078 1092 IPSec    (23c74d75e36e7158768dd63d92789a91) C:\WINDOWS\system32\DRIVERS\ipsec.sys
2011/05/13 12:50:33.0125 1092 IrBus    (b43b36b382aea10861f7c7a37f9d4ae2) C:\WINDOWS\system32\DRIVERS\IrBus.sys
2011/05/13 12:50:33.0171 1092 IRENUM     (c93c9ff7b04d772627a3646d89f7bf89) C:\WINDOWS\system32\DRIVERS\irenum.sys
2011/05/13 12:50:33.0218 1092 isapnp     (05a299ec56e52649b1cf2fc52d20f2d7) C:\WINDOWS\system32\DRIVERS\isapnp.sys
2011/05/13 12:50:33.0265 1092 Kbdclass     (463c1ec80cd17420a542b7f36a36f128) C:\WINDOWS\system32\DRIVERS\kbdclass.sys
2011/05/13 12:50:33.0312 1092 kbdhid     (9ef487a186dea361aa06913a75b3fa99) C:\WINDOWS\system32\DRIVERS\kbdhid.sys
2011/05/13 12:50:33.0359 1092 kmixer     (692bcf44383d056aed41b045a323d378) C:\WINDOWS\system32\drivers\kmixer.sys
2011/05/13 12:50:33.0390 1092 KSecDD     (b467646c54cc746128904e1654c750c1) C:\WINDOWS\system32\drivers\KSecDD.sys
2011/05/13 12:50:33.0500 1092 LVUSBSta     (9e9306063ecd8aa91b3fb76678d3cee2) C:\WINDOWS\system32\drivers\LVUSBSta.sys
2011/05/13 12:50:33.0546 1092 mdmxsdk    (e246a32c445056996074a397da56e815) C:\WINDOWS\system32\DRIVERS\mdmxsdk.sys
2011/05/13 12:50:33.0593 1092 MHNDRV     (7f2f1d2815a6449d346fcccbc569fbd6) C:\WINDOWS\system32\DRIVERS\mhndrv.sys
2011/05/13 12:50:33.0656 1092 mnmdd    (4ae068242760a1fb6e1a44bf4e16afa6) C:\WINDOWS\system32\drivers\mnmdd.sys
2011/05/13 12:50:33.0703 1092 Modem    (dfcbad3cec1c5f964962ae10e0bcc8e1) C:\WINDOWS\system32\drivers\Modem.sys
2011/05/13 12:50:33.0718 1092 Mouclass     (35c9e97194c8cfb8430125f8dbc34d04) C:\WINDOWS\system32\DRIVERS\mouclass.sys
2011/05/13 12:50:33.0781 1092 mouhid     (b1c303e17fb9d46e87a98e4ba6769685) C:\WINDOWS\system32\DRIVERS\mouhid.sys
2011/05/13 12:50:33.0812 1092 MountMgr     (a80b9a0bad1b73637dbcbba7df72d3fd) C:\WINDOWS\system32\drivers\MountMgr.sys
2011/05/13 12:50:33.0859 1092 MRxDAV     (11d42bb6206f33fbb3ba0288d3ef81bd) C:\WINDOWS\system32\DRIVERS\mrxdav.sys
2011/05/13 12:50:33.0953 1092 MRxSmb     (0ea4d8ed179b75f8afa7998ba22285ca) C:\WINDOWS\system32\DRIVERS\mrxsmb.sys
2011/05/13 12:50:34.0015 1092 Msfs     (c941ea2454ba8350021d774daf0f1027) C:\WINDOWS\system32\drivers\Msfs.sys
2011/05/13 12:50:34.0046 1092 MSKSSRV    (d1575e71568f4d9e14ca56b7b0453bf1) C:\WINDOWS\system32\drivers\MSKSSRV.sys
2011/05/13 12:50:34.0062 1092 MSPCLOCK     (325bb26842fc7ccc1fcce2c457317f3e) C:\WINDOWS\system32\drivers\MSPCLOCK.sys
2011/05/13 12:50:34.0093 1092 MSPQM    (bad59648ba099da4a17680b39730cb3d) C:\WINDOWS\system32\drivers\MSPQM.sys
2011/05/13 12:50:34.0171 1092 mssmbios     (af5f4f3f14a8ea2c26de30f7a1e17136) C:\WINDOWS\system32\DRIVERS\mssmbios.sys
2011/05/13 12:50:34.0187 1092 MSTEE    (e53736a9e30c45fa9e7b5eac55056d1d) C:\WINDOWS\system32\drivers\MSTEE.sys
2011/05/13 12:50:34.0234 1092 Mup    (2f625d11385b1a94360bfc70aaefdee1) C:\WINDOWS\system32\drivers\Mup.sys
2011/05/13 12:50:34.0281 1092 MxlW2k     (88f57a15b786bf2af9458f7903768085) C:\WINDOWS\system32\drivers\MxlW2k.sys
2011/05/13 12:50:34.0312 1092 NABTSFEC     (5b50f1b2a2ed47d560577b221da734db) C:\WINDOWS\system32\DRIVERS\NABTSFEC.sys
2011/05/13 12:50:34.0359 1092 NDIS     (1df7f42665c94b825322fae71721130d) C:\WINDOWS\system32\drivers\NDIS.sys
2011/05/13 12:50:34.0390 1092 NdisIP     (7ff1f1fd8609c149aa432f95a8163d97) C:\WINDOWS\system32\DRIVERS\NdisIP.sys
2011/05/13 12:50:34.0406 1092 NdisTapi     (1ab3d00c991ab086e69db84b6c0ed78f) C:\WINDOWS\system32\DRIVERS\ndistapi.sys
2011/05/13 12:50:34.0453 1092 Ndisuio    (f927a4434c5028758a842943ef1a3849) C:\WINDOWS\system32\DRIVERS\ndisuio.sys
2011/05/13 12:50:34.0468 1092 NdisWan    (edc1531a49c80614b2cfda43ca8659ab) C:\WINDOWS\system32\DRIVERS\ndiswan.sys
2011/05/13 12:50:34.0515 1092 NDProxy    (9282bd12dfb069d3889eb3fcc1000a9b) C:\WINDOWS\system32\drivers\NDProxy.sys
2011/05/13 12:50:34.0546 1092 NetBIOS    (5d81cf9a2f1a3a756b66cf684911cdf0) C:\WINDOWS\system32\DRIVERS\netbios.sys
2011/05/13 12:50:34.0593 1092 NetBT    (74b2b2f5bea5e9a3dc021d685551bd3d) C:\WINDOWS\system32\DRIVERS\netbt.sys
2011/05/13 12:50:34.0640 1092 NIC1394    (e9e47cfb2d461fa0fc75b7a74c6383ea) C:\WINDOWS\system32\DRIVERS\nic1394.sys
2011/05/13 12:50:34.0671 1092 Npfs     (3182d64ae053d6fb034f44b6def8034a) C:\WINDOWS\system32\drivers\Npfs.sys
2011/05/13 12:50:34.0734 1092 Ntfs     (78a08dd6a8d65e697c18e1db01c5cdca) C:\WINDOWS\system32\drivers\Ntfs.sys
2011/05/13 12:50:34.0828 1092 Null     (73c1e1f395918bc2c6dd67af7591a3ad) C:\WINDOWS\system32\drivers\Null.sys
2011/05/13 12:50:34.0875 1092 NwlnkFlt     (b305f3fad35083837ef46a0bbce2fc57) C:\WINDOWS\system32\DRIVERS\nwlnkflt.sys
2011/05/13 12:50:34.0921 1092 NwlnkFwd     (c99b3415198d1aab7227f2c88fd664b9) C:\WINDOWS\system32\DRIVERS\nwlnkfwd.sys
2011/05/13 12:50:34.0968 1092 ohci1394     (ca33832df41afb202ee7aeb05145922f) C:\WINDOWS\system32\DRIVERS\ohci1394.sys
2011/05/13 12:50:35.0031 1092 Parport    (5575faf8f97ce5e713d108c2a58d7c7c) C:\WINDOWS\system32\DRIVERS\parport.sys
2011/05/13 12:50:35.0046 1092 PartMgr    (beb3ba25197665d82ec7065b724171c6) C:\WINDOWS\system32\drivers\PartMgr.sys
2011/05/13 12:50:35.0093 1092 ParVdm     (70e98b3fd8e963a6a46a2e6247e0bea1) C:\WINDOWS\system32\drivers\ParVdm.sys
2011/05/13 12:50:35.0125 1092 PCI    (a219903ccf74233761d92bef471a07b1) C:\WINDOWS\system32\DRIVERS\pci.sys
2011/05/13 12:50:35.0187 1092 PCIIde     (ccf5f451bb1a5a2a522a76e670000ff0) C:\WINDOWS\system32\DRIVERS\pciide.sys
2011/05/13 12:50:35.0234 1092 Pcmcia     (9e89ef60e9ee05e3f2eef2da7397f1c1) C:\WINDOWS\system32\drivers\Pcmcia.sys
2011/05/13 12:50:35.0406 1092 pepifilter     (d30eda6e1ab3c8c82f2ca085ab79040a) C:\WINDOWS\system32\DRIVERS\lv302af.sys
2011/05/13 12:50:35.0546 1092 PID_08A0     (cebefeae6156f4fee41f56be89ea9c96) C:\WINDOWS\system32\DRIVERS\LV302AV.SYS
2011/05/13 12:50:35.0703 1092 PID_PEPI     (0da6c5e0c8da6cebe52daacfe7ae9de6) C:\WINDOWS\system32\DRIVERS\LV302V32.SYS
2011/05/13 12:50:35.0828 1092 PptpMiniport   (efeec01b1d3cf84f16ddd24d9d9d8f99) C:\WINDOWS\system32\DRIVERS\raspptp.sys
2011/05/13 12:50:35.0890 1092 Ptilink    (80d317bd1c3dbc5d4fe7b1678c60cadd) C:\WINDOWS\system32\DRIVERS\ptilink.sys
2011/05/13 12:50:35.0968 1092 PxHelp20     (49452bfcec22f36a7a9b9c2181bc3042) C:\WINDOWS\system32\Drivers\PxHelp20.sys
2011/05/13 12:50:36.0140 1092 RasAcd     (fe0d99d6f31e4fad8159f690d68ded9c) C:\WINDOWS\system32\DRIVERS\rasacd.sys
2011/05/13 12:50:36.0171 1092 Rasl2tp    (11b4a627bc9614b885c4969bfa5ff8a6) C:\WINDOWS\system32\DRIVERS\rasl2tp.sys
2011/05/13 12:50:36.0203 1092 RasPppoe     (5bc962f2654137c9909c3d4603587dee) C:\WINDOWS\system32\DRIVERS\raspppoe.sys
2011/05/13 12:50:36.0234 1092 Raspti     (fdbb1d60066fcfbb7452fd8f9829b242) C:\WINDOWS\system32\DRIVERS\raspti.sys
2011/05/13 12:50:36.0265 1092 Rdbss    (7ad224ad1a1437fe28d89cf22b17780a) C:\WINDOWS\system32\DRIVERS\rdbss.sys
2011/05/13 12:50:36.0312 1092 RDPCDD     (4912d5b403614ce99c28420f75353332) C:\WINDOWS\system32\DRIVERS\RDPCDD.sys
2011/05/13 12:50:36.0343 1092 rdpdr    (15cabd0f7c00c47c70124907916af3f1) C:\WINDOWS\system32\DRIVERS\rdpdr.sys
2011/05/13 12:50:36.0390 1092 RDPWD    (6728e45b66f93c08f11de2e316fc70dd) C:\WINDOWS\system32\drivers\RDPWD.sys
2011/05/13 12:50:36.0421 1092 redbook    (f828dd7e1419b6653894a8f97a0094c5) C:\WINDOWS\system32\DRIVERS\redbook.sys
2011/05/13 12:50:36.0546 1092 Secdrv     (90a3935d05b494a5a39d37e71f09a677) C:\WINDOWS\system32\DRIVERS\secdrv.sys
2011/05/13 12:50:36.0625 1092 serenum    (0f29512ccd6bead730039fb4bd2c85ce) C:\WINDOWS\system32\DRIVERS\serenum.sys
2011/05/13 12:50:36.0656 1092 Serial     (cca207a8896d4c6a0c9ce29a4ae411a7) C:\WINDOWS\system32\DRIVERS\serial.sys
2011/05/13 12:50:36.0703 1092 Sfloppy    (8e6b8c671615d126fdc553d1e2de5562) C:\WINDOWS\system32\DRIVERS\sfloppy.sys
2011/05/13 12:50:36.0781 1092 SLIP     (866d538ebe33709a5c9f5c62b73b7d14) C:\WINDOWS\system32\DRIVERS\SLIP.sys
2011/05/13 12:50:36.0875 1092 splitter     (ab8b92451ecb048a4d1de7c3ffcb4a9f) C:\WINDOWS\system32\drivers\splitter.sys
2011/05/13 12:50:36.0937 1092 sr     (76bb022c2fb6902fd5bdd4f78fc13a5d) C:\WINDOWS\system32\DRIVERS\sr.sys
2011/05/13 12:50:37.0031 1092 Srv    (47ddfc2f003f7f9f0592c6874962a2e7) C:\WINDOWS\system32\DRIVERS\srv.sys
2011/05/13 12:50:37.0125 1092 streamip     (77813007ba6265c4b6098187e6ed79d2) C:\WINDOWS\system32\DRIVERS\StreamIP.sys
2011/05/13 12:50:37.0187 1092 SunkFilt     (d8cbd8b4bf4dc9cd64b5cc8e2bec1b96) C:\WINDOWS\System32\Drivers\sunkfilt.sys
2011/05/13 12:50:37.0218 1092 SunkFilt39     (fabcc3bec89a2853958cefb28943c470) C:\WINDOWS\System32\Drivers\sunkfilt39.sys
2011/05/13 12:50:37.0250 1092 swenum     (3941d127aef12e93addf6fe6ee027e0f) C:\WINDOWS\system32\DRIVERS\swenum.sys
2011/05/13 12:50:37.0281 1092 swmidi     (8ce882bcc6cf8a62f2b2323d95cb3d01) C:\WINDOWS\system32\drivers\swmidi.sys
2011/05/13 12:50:37.0359 1092 symlcbrd     (b226f8a4d780acdf76145b58bb791d5b) C:\WINDOWS\system32\drivers\symlcbrd.sys
2011/05/13 12:50:37.0421 1092 sysaudio     (8b83f3ed0f1688b4958f77cd6d2bf290) C:\WINDOWS\system32\drivers\sysaudio.sys
2011/05/13 12:50:37.0484 1092 Tcpip    (9aefa14bd6b182d61e3119fa5f436d3d) C:\WINDOWS\system32\DRIVERS\tcpip.sys
2011/05/13 12:50:37.0531 1092 TDPIPE     (6471a66807f5e104e4885f5b67349397) C:\WINDOWS\system32\drivers\TDPIPE.sys
2011/05/13 12:50:37.0578 1092 TDTCP    (c56b6d0402371cf3700eb322ef3aaf61) C:\WINDOWS\system32\drivers\TDTCP.sys
2011/05/13 12:50:37.0625 1092 TermDD     (88155247177638048422893737429d9e) C:\WINDOWS\system32\DRIVERS\termdd.sys
2011/05/13 12:50:37.0703 1092 tmcomm     (df8444a8fa8fd38d8848bdd40a8403b3) C:\WINDOWS\system32\drivers\tmcomm.sys
2011/05/13 12:50:37.0781 1092 Udfs     (5787b80c2e3c5e2f56c2a233d91fa2c9) C:\WINDOWS\system32\drivers\Udfs.sys
2011/05/13 12:50:37.0859 1092 Update     (402ddc88356b1bac0ee3dd1580c76a31) C:\WINDOWS\system32\DRIVERS\update.sys
2011/05/13 12:50:37.0968 1092 USBAAPL    (f340199e8cb097e1acd58a967c665919) C:\WINDOWS\system32\Drivers\usbaapl.sys
2011/05/13 12:50:38.0031 1092 usbaudio     (e919708db44ed8543a7c017953148330) C:\WINDOWS\system32\drivers\usbaudio.sys
2011/05/13 12:50:38.0078 1092 usbccgp    (173f317ce0db8e21322e71b7e60a27e8) C:\WINDOWS\system32\DRIVERS\usbccgp.sys
2011/05/13 12:50:38.0093 1092 usbehci    (65dcf09d0e37d4c6b11b5b0b76d470a7) C:\WINDOWS\system32\DRIVERS\usbehci.sys
2011/05/13 12:50:38.0125 1092 usbhub     (1ab3cdde553b6e064d2e754efe20285c) C:\WINDOWS\system32\DRIVERS\usbhub.sys
2011/05/13 12:50:38.0140 1092 usbprint     (a717c8721046828520c9edf31288fc00) C:\WINDOWS\system32\DRIVERS\usbprint.sys
2011/05/13 12:50:38.0156 1092 usbscan    (a0b8cf9deb1184fbdd20784a58fa75d4) C:\WINDOWS\system32\DRIVERS\usbscan.sys
2011/05/13 12:50:38.0171 1092 usbstor    (a32426d9b14a089eaa1d922e0c5801a9) C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS
2011/05/13 12:50:38.0203 1092 usbuhci    (26496f9dee2d787fc3e61ad54821ffe6) C:\WINDOWS\system32\DRIVERS\usbuhci.sys
2011/05/13 12:50:38.0218 1092 USB_RNDIS    (bee793d4a059caea55d6ac20e19b3a8f) C:\WINDOWS\system32\DRIVERS\usb8023.sys
2011/05/13 12:50:38.0234 1092 VgaSave    (0d3a8fafceacd8b7625cd549757a7df1) C:\WINDOWS\System32\drivers\vga.sys
2011/05/13 12:50:38.0281 1092 VolSnap    (7c38f81f40d61d1607ddb62fe5817bb9) C:\WINDOWS\system32\drivers\VolSnap.sys
2011/05/13 12:50:38.0281 1092 Suspicious file (Forged): C:\WINDOWS\system32\drivers\VolSnap.sys. Real md5: 7c38f81f40d61d1607ddb62fe5817bb9, Fake md5: 4c8fcb5cc53aab716d810740fe59d025
2011/05/13 12:50:38.0281 1092 VolSnap - detected Rootkit.Win32.TDSS.tdl3 (0)
2011/05/13 12:50:38.0328 1092 Wanarp     (e20b95baedb550f32dd489265c1da1f6) C:\WINDOWS\system32\DRIVERS\wanarp.sys
2011/05/13 12:50:38.0375 1092 wdmaud     (6768acf64b18196494413695f0c3a00f) C:\WINDOWS\system32\drivers\wdmaud.sys
2011/05/13 12:50:38.0453 1092 winachsf     (74cf3f2e4e40c4a2e18d39d6300a5c24) C:\WINDOWS\system32\DRIVERS\HSF_CNXT.sys
2011/05/13 12:50:38.0578 1092 WpdUsb     (cf4def1bf66f06964dc0d91844239104) C:\WINDOWS\system32\Drivers\wpdusb.sys
2011/05/13 12:50:38.0625 1092 WSTCODEC     (c98b39829c2bbd34e454150633c62c78) C:\WINDOWS\system32\DRIVERS\WSTCODEC.SYS
2011/05/13 12:50:38.0671 1092 WudfPf     (f15feafffbb3644ccc80c5da584e6311) C:\WINDOWS\system32\DRIVERS\WudfPf.sys
2011/05/13 12:50:38.0703 1092 WudfRd     (28b524262bce6de1f7ef9f510ba3985b) C:\WINDOWS\system32\DRIVERS\wudfrd.sys
2011/05/13 12:50:38.0781 1092 yukonwxp     (4322c32ced8c4772e039616dcbf01d3f) C:\WINDOWS\system32\DRIVERS\yk51x86.sys
2011/05/13 12:50:38.0906 1092 ================================================================================
2011/05/13 12:50:38.0906 1092 Scan finished
2011/05/13 12:50:38.0906 1092 ================================================================================
2011/05/13 12:50:38.0921 2876 Detected object count: 1
2011/05/13 12:51:33.0515 2876 VolSnap    (7c38f81f40d61d1607ddb62fe5817bb9) C:\WINDOWS\system32\drivers\VolSnap.sys
2011/05/13 12:51:33.0515 2876 Suspicious file (Forged): C:\WINDOWS\system32\drivers\VolSnap.sys. Real md5: 7c38f81f40d61d1607ddb62fe5817bb9, Fake md5: 4c8fcb5cc53aab716d810740fe59d025
2011/05/13 12:51:35.0156 2876 Backup copy found, using it..
2011/05/13 12:51:35.0171 2876 C:\WINDOWS\system32\drivers\VolSnap.sys - will be cured after reboot
2011/05/13 12:51:35.0171 2876 Rootkit.Win32.TDSS.tdl3(VolSnap) - User select action: Cure
2011/05/13 12:51:45.0968 3028 Deinitialize success

TDSS Killer report...working on the other things you told me to do=D

Pages: [1] 2

TheTechGuide Forum

News:

Show Posts

Messages - iboglander

Tech Clinic / Missing Rundll32.exe/Virus/Trojan arrrrgghhh

Tech Clinic / Missing Rundll32.exe/Virus/Trojan arrrrgghhh

Tech Clinic / Missing Rundll32.exe/Virus/Trojan arrrrgghhh

Tech Clinic / Missing Rundll32.exe/Virus/Trojan arrrrgghhh

Tech Clinic / Missing Rundll32.exe/Virus/Trojan arrrrgghhh

Tech Clinic / Missing Rundll32.exe/Virus/Trojan arrrrgghhh

Tech Clinic / Missing Rundll32.exe/Virus/Trojan arrrrgghhh

Tech Clinic / Missing Rundll32.exe/Virus/Trojan arrrrgghhh

Tech Clinic / Missing Rundll32.exe/Virus/Trojan arrrrgghhh

Tech Clinic / Missing Rundll32.exe/Virus/Trojan arrrrgghhh

Tech Clinic / Missing Rundll32.exe/Virus/Trojan arrrrgghhh

Tech Clinic / Missing Rundll32.exe/Virus/Trojan arrrrgghhh

Tech Clinic / Missing Rundll32.exe/Virus/Trojan arrrrgghhh

Tech Clinic / Missing Rundll32.exe/Virus/Trojan arrrrgghhh

Tech Clinic / Missing Rundll32.exe/Virus/Trojan arrrrgghhh

Tech Clinic / Missing Rundll32.exe/Virus/Trojan arrrrgghhh

Tech Clinic / Missing Rundll32.exe/Virus/Trojan arrrrgghhh

Tech Clinic / Missing Rundll32.exe/Virus/Trojan arrrrgghhh

Tech Clinic / Missing Rundll32.exe/Virus/Trojan arrrrgghhh

Tech Clinic / Missing Rundll32.exe/Virus/Trojan arrrrgghhh