ROOTREPEAL © AD, 2007-2009
==================================================
Scan Start Time: 2009/10/05 13:36
Program Version: Version 1.3.5.0
Windows Version: Windows Vista SP2
==================================================
Drivers
-------------------
Name: av5flt.sys
Image Path: C:\Windows\system32\drivers\av5flt.sys
Address: 0x9CC43000 Size: 92544 File Visible: No Signed: -
Status: -
Name: dump_atapi.sys
Image Path: C:\Windows\System32\Drivers\dump_atapi.sys
Address: 0x8D489000 Size: 32768 File Visible: No Signed: -
Status: -
Name: dump_dumpata.sys
Image Path: C:\Windows\System32\Drivers\dump_dumpata.sys
Address: 0x8D47E000 Size: 45056 File Visible: No Signed: -
Status: -
Name: PavSRK.sys
Image Path: C:\Windows\system32\PavSRK.sys
Address: 0x9B4C4000 Size: 32768 File Visible: No Signed: -
Status: -
Name: PavTPK.sys
Image Path: C:\Windows\system32\PavTPK.sys
Address: 0x8C3F0000 Size: 49152 File Visible: No Signed: -
Status: -
Name: rootrepeal.sys
Image Path: C:\Windows\system32\drivers\rootrepeal.sys
Address: 0x9CCBA000 Size: 49152 File Visible: No Signed: -
Status: -
Processes
-------------------
Path: System
PID: 4 Status: Locked to the Windows API!
Path: C:\Windows\System32\audiodg.exe
PID: 688 Status: Locked to the Windows API!
==EOF====EOF==
DDS (Ver_09-06-26.01) - NTFSx86
Run by Travis at 13:31:18.95 on Mon 10/05/2009
Internet Explorer: 8.0.6001.18813
Microsoft® Windows Vista™ Home Premium 6.0.6002.2.1252.1.1033.18.2046.1242 [GMT -4:00]
SP: Spybot - Search and Destroy *disabled* (Outdated) {ED588FAF-1B8F-43B4-ACA8-8E3C85DADBE9}
SP: Windows Defender *enabled* (Updated) {D68DDC3A-831F-4FAE-9E44-DA132C1ACF46}
============== Running Processes ===============
C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\nvvsvc.exe
C:\Windows\system32\svchost.exe -k rpcss
C:\Windows\System32\svchost.exe -k secsvcs
C:\Windows\system32\svchost.exe -k NetworkService
C:\Program Files\Panda Security\Panda Internet Security 2009\PskSvc.exe
C:\Program Files\Panda Security\Panda Internet Security 2009\TPSrv.exe
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k GPSvcGroup
C:\Windows\system32\SLsvc.exe
C:\Windows\system32\rundll32.exe
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\Dwm.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Windows\Explorer.EXE
C:\Windows\system32\taskeng.exe
C:\Windows\system32\taskeng.exe
C:\Program Files\AskBarDis\bar\bin\AskService.exe
C:\Program Files\AskBarDis\bar\bin\ASKUpgrade.exe
C:\Windows\system32\svchost.exe -k bthsvcs
C:\Windows\system32\svchost -k Panda
C:\Program Files\Panda Security\Panda Internet Security 2009\PsCtrls.exe
C:\Program Files\Panda Security\Panda Internet Security 2009\PavFnSvr.exe
C:\Program Files\Common Files\Panda Security\PavShld\pavprsrv.exe
C:\Program Files\Panda Security\Panda Internet Security 2009\pavsrvx86.exe
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\Program Files\Panda Security\Panda Internet Security 2009\AVENGINE.EXE
C:\Program Files\Panda Security\Panda Internet Security 2009\PsImSvc.exe
C:\Windows\system32\svchost.exe -k imgsvc
C:\Windows\System32\svchost.exe -k WerSvcGroup
C:\Windows\system32\SearchIndexer.exe
C:\Program Files\Spybot - Search & Destroy\SDWinSec.exe
c:\program files\panda security\panda internet security 2009\firewall\PSHOST.EXE
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\Java\jre6\bin\jusched.exe
C:\Windows\System32\rundll32.exe
C:\Windows\System32\rundll32.exe
C:\Program Files\Razer\Lachesis\razerhid.exe
C:\Program Files\Windows Media Player\wmpnscfg.exe
C:\Program Files\Razer\Lachesis\OSD.exe
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\Program Files\Panda Security\Panda Internet Security 2009\SRVLOAD.EXE
C:\Program Files\Razer\Lachesis\razertra.exe
C:\Program Files\Razer\Lachesis\razerofa.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Panda Security\Panda Internet Security 2009\PavBckPT.exe
C:\Windows\system32\Macromed\Flash\FlashUtil10b.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Windows Defender\MSASCui.exe
C:\Windows\system32\DllHost.exe
C:\Windows\system32\DllHost.exe
C:\Users\Travis\Desktop\My Things\dds.scr
C:\Windows\system32\wbem\wmiprvse.exe
============== Pseudo HJT Report ===============
uStart Page = hxxp://www.google.com/
BHO: AskBar BHO: {201f27d4-3704-41d6-89c1-aa35e39143ed} - c:\program files\askbardis\bar\bin\askBar.dll
BHO: Spybot-S&D IE Protection: {53707962-6f74-2d53-2644-206d7942484f} - c:\program files\spybot - search & destroy\SDHelper.dll
BHO: Java Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
TB: Ask Toolbar: {3041d03e-fd4b-44e0-b742-2d9b88305f98} - c:\program files\askbardis\bar\bin\askBar.dll
uRun: [WMPNSCFG] c:\program files\windows media player\WMPNSCFG.exe
mRun: [APVXDWIN] "c:\program files\panda security\panda internet security 2009\APVXDWIN.EXE" /s
mRun: [SCANINICIO] "c:\program files\panda security\panda internet security 2009\Inicio.exe"
mRun: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide
mRun: [SynTPEnh] c:\program files\synaptics\syntp\SynTPEnh.exe
mRun: [SunJavaUpdateSched] "c:\program files\java\jre6\bin\jusched.exe"
mRun: [NvMediaCenter] RUNDLL32.EXE c:\windows\system32\NvMcTray.dll,NvTaskbarInit
mRun: [NVHotkey] rundll32.exe c:\windows\system32\nvHotkey.dll,Start
mRun: [NvCplDaemon] RUNDLL32.EXE c:\windows\system32\NvCpl.dll,NvStartup
mRun: [Lachesis] c:\program files\razer\lachesis\razerhid.exe
mPolicies-explorer: BindDirectlyToPropertySetStorage = 0 (0x0)
mPolicies-system: EnableUIADesktopToggle = 0 (0x0)
IE: E&xport to Microsoft Excel - c:\progra~1\micros~4\office10\EXCEL.EXE/3000
IE: {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - {53707962-6F74-2D53-2644-206D7942484F} - c:\program files\spybot - search & destroy\SDHelper.dll
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_15-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0015-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_15-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_15-windows-i586.cab
Handler: cdo - {CD00020A-8B95-11D1-82DB-00C04FB1625D} - c:\program files\common files\microsoft shared\web folders\PKMCDO.DLL
============= SERVICES / DRIVERS ===============
R0 pavboot;Panda boot driver;c:\windows\system32\drivers\pavboot.sys [2009-6-20 28544]
R1 APPFLT;App Filter Plugin;c:\windows\system32\drivers\APPFLT.SYS [2009-6-20 73728]
R1 DSAFLT;DSA Filter Plugin;c:\windows\system32\drivers\dsaflt.sys [2009-6-20 52992]
R1 FNETMON;NetMon Filter Plugin;c:\windows\system32\drivers\fnetmon.sys [2009-6-20 22072]
R1 IDSFLT;Ids Filter Plugin;c:\windows\system32\drivers\idsflt.sys [2009-6-20 193792]
R1 NETFLTDI;Panda Net Driver [TDI Layer];c:\windows\system32\drivers\NETFLTDI.SYS [2009-6-20 158848]
R1 ShldDrv;Panda File Shield Driver;c:\windows\system32\drivers\ShlDrv51.sys [2009-6-20 41144]
R1 WNMFLT;Wifi Monitor Filter Plugin;c:\windows\system32\drivers\wnmflt.sys [2009-6-20 46720]
R2 AmFSM;AmFSM;c:\windows\system32\drivers\amm8660.sys [2009-6-20 49208]
R2 ASKService;ASKService;c:\program files\askbardis\bar\bin\AskService.exe [2009-8-9 464264]
R2 ASKUpgrade;ASKUpgrade;c:\program files\askbardis\bar\bin\ASKUpgrade.exe [2009-8-9 234888]
R2 ComFiltr;Panda Anti-Dialer;c:\windows\system32\drivers\COMFiltr.sys [2009-6-20 13880]
R2 Gwmsrv;Panda Goodware Cache Manager;c:\windows\system32\svchost -k panda --> c:\windows\system32\svchost -k Panda [?]
R2 PavProc;Panda Process Protection Driver;c:\windows\system32\drivers\PavProc.sys [2009-6-20 179640]
R2 PskSvcRetail;Panda PSK service;c:\program files\panda security\panda internet security 2009\psksvc.exe [2009-6-20 28928]
R2 SBSDWSCService;SBSD Security Center Service;c:\program files\spybot - search & destroy\SDWinSec.exe [2009-7-9 1153368]
R3 LachesisFltr;Lachesis Mouse Driver;c:\windows\system32\drivers\Lachesis.sys [2009-9-27 12032]
R3 NETIMFLT01060034;PANDA NDIS IM Filter Miniport v1.6.0.34;c:\windows\system32\drivers\neti1634.sys [2009-6-20 197888]
S3 uisp;Freescale USB JW32 driver;c:\windows\system32\drivers\Usbicp.sys [2009-9-27 14592]
=============== Created Last 30 ================
2009-10-03 01:19 195,440 -------- c:\windows\system32\MpSigStub.exe
2009-09-29 23:27 <DIR> --d----- c:\users\travis\048298C9A4D3490B9FF9AB023A9238F3.TMP
2009-09-27 23:58 249,856 a------- c:\windows\system32\Lachesis.cpl
2009-09-27 23:58 <DIR> --d----- c:\programdata\Razer
2009-09-27 16:17 <DIR> --d----- c:\users\travis\appdata\roaming\com.raptr.Raptr.848BBC53270CAC248E8FA0F339176201CDEB525F.1
2009-09-27 16:16 <DIR> --d----- c:\programdata\Adobe
2009-09-27 16:16 <DIR> --d----- c:\users\travis\appdata\roaming\Raptr
2009-09-27 16:16 <DIR> --d----- c:\program files\Raptr
2009-09-27 15:47 14,592 a------- c:\windows\system32\drivers\Usbicp.sys
2009-09-27 15:45 12,032 a------- c:\windows\system32\drivers\Lachesis.sys
2009-09-24 20:12 <DIR> --d----- c:\program files\Ventrilo
2009-09-24 20:12 262 a------- c:\windows\{789289CA-F73A-4A16-A331-54D498CE069F}_WiseFW.ini
2009-09-21 19:55 376 a------- c:\windows\ODBC.INI
2009-09-21 19:53 <DIR> --d----- c:\program files\Microsoft ActiveSync
2009-09-21 19:48 680 a------- c:\windows\lrun32.ini
2009-09-21 19:48 <DIR> --d----- c:\program files\MSPress
2009-09-21 19:47 88,092 a------- c:\windows\lrun32.isu
2009-09-21 19:47 306,688 a------- c:\windows\IsUninst.exe
2009-09-18 08:08 <DIR> --d----- c:\windows\system32\vi-VN
2009-09-18 08:08 <DIR> --d----- c:\windows\system32\eu-ES
2009-09-18 08:08 <DIR> --d----- c:\windows\system32\ca-ES
2009-09-18 01:05 <DIR> --d----- c:\windows\system32\EventProviders
2009-09-13 21:57 <DIR> --d----- c:\program files\Microsoft SQL Server
2009-09-13 21:51 <DIR> --d----- c:\program files\common files\Merge Modules
2009-09-13 21:51 <DIR> --d----- c:\programdata\Microsoft Help
2009-09-09 18:45 <DIR> --d----- c:\programdata\Blizzard Entertainment
2009-09-09 18:45 <DIR> --d----- c:\progra~2\Blizzard Entertainment
2009-09-09 16:55 <DIR> --d----- c:\windows\pss
2009-09-09 13:12 <DIR> --d----- c:\programdata\Blizzard
2009-09-09 13:12 <DIR> --d----- c:\progra~2\Blizzard
2009-09-09 11:23 <DIR> --d----- c:\program files\common files\Blizzard Entertainment
2009-09-09 05:43 904,776 a------- c:\windows\system32\drivers\tcpip.sys
2009-09-09 05:43 105,984 a------- c:\windows\system32\netiohlp.dll
2009-09-09 05:43 30,720 a------- c:\windows\system32\drivers\tcpipreg.sys
2009-09-09 05:43 27,136 a------- c:\windows\system32\NETSTAT.EXE
2009-09-09 05:43 19,968 a------- c:\windows\system32\ARP.EXE
2009-09-09 05:43 17,920 a------- c:\windows\system32\ROUTE.EXE
2009-09-09 05:43 11,264 a------- c:\windows\system32\MRINFO.EXE
2009-09-09 05:43 10,240 a------- c:\windows\system32\finger.exe
2009-09-09 05:43 9,728 a------- c:\windows\system32\TCPSVCS.EXE
2009-09-09 05:43 8,704 a------- c:\windows\system32\HOSTNAME.EXE
2009-09-09 05:43 17,920 a------- c:\windows\system32\netevent.dll
==================== Find3M ====================
2009-10-05 13:10 264,344 a------- c:\windows\system32\drivers\APPFCONT.DAT.bck
2009-10-05 13:10 264,344 a------- c:\windows\system32\drivers\APPFCONT.DAT
2009-10-05 13:09 1,132 a------- c:\windows\system32\drivers\APPFLTR.CFG.bck
2009-10-05 13:09 1,132 a------- c:\windows\system32\drivers\APPFLTR.CFG
2009-10-05 01:02 31,966 a------- c:\programdata\nvModes.dat
2009-10-05 01:02 31,966 a------- c:\progra~2\nvModes.dat
2009-09-27 23:58 86,016 a------- c:\windows\inf\infstrng.dat
2009-09-27 23:58 51,200 a------- c:\windows\inf\infpub.dat
2009-09-27 15:46 86,016 a------- c:\windows\inf\infstor.dat
2009-09-18 08:08 665,600 a------- c:\windows\inf\drvindex.dat
2009-09-10 14:54 38,224 a------- c:\windows\system32\drivers\mbamswissarmy.sys
2009-09-10 14:53 19,160 a------- c:\windows\system32\drivers\mbam.sys
2009-08-30 15:28 50,759 a------- c:\windows\War3Unin.dat
2009-08-28 22:30 173,056 a------- c:\windows\apppatch\AcXtrnal.dll
2009-08-28 22:30 458,752 a------- c:\windows\apppatch\AcSpecfc.dll
2009-08-28 22:30 2,159,616 a------- c:\windows\apppatch\AcGenral.dll
2009-08-28 22:30 542,720 a------- c:\windows\apppatch\AcLayers.dll
2009-08-28 20:27 4,240,384 a------- c:\windows\system32\GameUXLegacyGDFs.dll
2009-08-28 20:14 28,672 a------- c:\windows\system32\Apphlpdm.dll
2009-08-09 11:28 411,368 a------- c:\windows\system32\deploytk.dll
2009-08-02 10:45 33,021 a------- c:\windows\scunin.dat
2009-08-02 10:45 94,208 a------- c:\windows\ScUnin.exe
2009-07-21 17:52 915,456 a------- c:\windows\system32\wininet.dll
2009-07-21 17:47 109,056 a------- c:\windows\system32\iesysprep.dll
2009-07-21 17:47 71,680 a------- c:\windows\system32\iesetup.dll
2009-07-21 16:13 133,632 a------- c:\windows\system32\ieUnatt.exe
2009-07-17 09:54 71,680 a------- c:\windows\system32\atl.dll
2009-07-15 08:40 8,147,456 a------- c:\windows\system32\wmploc.DLL
2009-07-15 08:39 313,344 a------- c:\windows\system32\wmpdxm.dll
2009-07-15 08:39 4,096 a------- c:\windows\system32\dxmasf.dll
2009-07-15 08:39 7,680 a------- c:\windows\system32\spwmp.dll
2009-07-11 15:01 513,536 a------- c:\windows\system32\wlansvc.dll
2009-07-11 15:01 302,592 a------- c:\windows\system32\wlansec.dll
2009-07-11 15:01 293,376 a------- c:\windows\system32\wlanmsm.dll
2009-07-11 15:01 65,024 a------- c:\windows\system32\wlanapi.dll
2009-07-11 13:03 127,488 a------- c:\windows\system32\L2SecHC.dll
2009-06-24 19:31 174 a--sh--- c:\program files\desktop.ini
2006-11-02 08:42 287,440 a------- c:\windows\inf\perflib\0409\perfi.dat
2006-11-02 08:42 287,440 a------- c:\windows\inf\perflib\0409\perfh.dat
2006-11-02 08:42 30,674 a------- c:\windows\inf\perflib\0409\perfd.dat
2006-11-02 08:42 30,674 a------- c:\windows\inf\perflib\0409\perfc.dat
2006-11-02 05:20 287,440 a------- c:\windows\inf\perflib\0000\perfi.dat
2006-11-02 05:20 287,440 a------- c:\windows\inf\perflib\0000\perfh.dat
2006-11-02 05:20 30,674 a------- c:\windows\inf\perflib\0000\perfd.dat
2006-11-02 05:20 30,674 a------- c:\windows\inf\perflib\0000\perfc.dat
2007-02-21 15:49 8,192 a--sh--- c:\windows\users\default\NTUSER.DAT
============= FINISH: 13:32:51.57 ===============