Windows Recovery Malware Infection [Computer 1]

Forum Guidelines

Read the following topic before creating a new topic in this forum. It contains instructions on the what we would like you to post, which will enable us to help you more quickly.

Preparation Guide For Use Before Using Malware Removal Tools and Requesting Help

Posted Image

Unfortunately, with the amount of logs we receive per day, the average response time is 5 days. I want to assure you, though, that your topic will be looked at and responded to. So please be patient.

Posted Image

DO NOT RUN ComboFix unless requested to.

Posted Image

Only members of the Malware Response Team or Moderators are allowed to help people with logs. Anyone else should refrain from posting to another user's log.

Posted Image

When posting a log please put the type of infection you have in the topic title. IE: Winfixer, Virtumonde, WinTools, WebSearch, Home Search Assistant, etc.

Posted Image

Do not bump your topic. We try to resolve logs on a first come/first served basis. By bumping your log you will be pushed back in line due to the new date of your bump.

2 Pages
1
2
→

You cannot start a new topic
This topic is locked

Windows Recovery Malware Infection [Computer 1] WIndows Recovery Console and HDD failure popups.

#1 nyclad

Member

Group: Members
Posts: 44
Joined: 06-September 10

Posted 01 May 2011 - 09:20 PM

Hi,

My Windows 7 netbook is infected with some sort of WindowsRecovery malware. Symptoms include the WindowsRecovery console, my HDD seems to be constantly running, slowing things down, multiple popups alleging Critical Hard Disk Error (saying my private data will be lost.)

The malware made the Desktop black and all icons disappeared. I loaded DeFogger, DDS, and GMER onto a USB flash drive and tried to load it onto the infected netbook's Desktop, but it seemed to make the icons disappear from the Desktop. I ended up running DeFogger and DDS. GMER wouldn't run and said something about a side-by-side error?

Please help me out with curing this infection.

My netbook is running Windows 7 Starter Edition.

Thanks much,
Steve

Here are the DDS.txt and ATTACH.txt from the DDS program.

DDS.TXT

.
DDS (Ver_11-03-05.01) - NTFSx86
Run by Steev at 18:05:30.75 on Sun 05/01/2011
Internet Explorer: 9.0.8112.16421
Microsoft Windows 7 Starter 6.1.7601.1.1252.1.1033.18.1012.52 [GMT -7:00]
.
AV: AVG Anti-Virus Free Edition 2011 *Disabled/Updated* {5A2746B1-DEE9-F85A-FBCD-ADB11639C5F0}
SP: AVG Anti-Virus Free Edition 2011 *Disabled/Updated* {E146A755-F8D3-F7D4-C17D-96C36DBE8F4D}
SP: Windows Defender *Disabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
============== Running Processes ===============
.
C:\PROGRA~1\AVG\AVG10\avgchsvx.exe
C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\svchost.exe -k RPCSS
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\System32\DriverStore\FileRepository\stwrt.inf_x86_neutral_0cefa6767c6211ec\STacSV.exe
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\system32\WLANExt.exe
C:\Windows\system32\conhost.exe
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Windows\System32\DriverStore\FileRepository\stwrt.inf_x86_neutral_0cefa6767c6211ec\aestsrv.exe
C:\Program Files\AVG\AVG10\avgwdsvc.exe
C:\SwSetup\QuickWeb\QW.SYS\config\DVMExportService.exe
C:\Windows\system32\svchost.exe -k hpdevmgmt
C:\Program Files\Hewlett-Packard\HP Quick Launch\HPWMISVC.exe
C:\Program Files\Motorola\MotoConnectService\MotoConnectService.exe
C:\Windows\System32\svchost.exe -k HPZ12
C:\Windows\System32\svchost.exe -k HPZ12
C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
C:\Program Files\Western Digital\WD SmartWare\WD Drive Manager\WDDMService.exe
C:\Program Files\Western Digital\WD SmartWare\Front Parlor\WDSmartWareBackgroundService.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTMon.exe
C:\Program Files\AVG\AVG10\avgnsx.exe
C:\Program Files\AVG\AVG10\Identity Protection\Agent\Bin\AVGIDSAgent.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
C:\Windows\system32\SearchIndexer.exe
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Program Files\Hewlett-Packard\HP Health Check\hphc_service.exe
C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWA_Service.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Program Files\Hewlett-Packard\Shared\hpqwmiex.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\PROGRA~1\AVG\AVG10\avgrsx.exe
C:\Program Files\AVG\AVG10\avgcsrvx.exe
C:\Windows\system32\WUDFHost.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\Intel\Intel Matrix Storage Manager\IAAnotif.exe
C:\Program Files\IDT\WDM\sttray.exe
C:\Program Files\MSN Toolbar\Platform\4.0.0369.0\mswinext.exe
C:\Program Files\Hewlett-Packard\HP Quick Launch\HPMSGSVC.exe
C:\Program Files\Hp\HP Software Update\hpwuschd2.exe
C:\Program Files\Hewlett-Packard\HP CloudDrive\zumodrive.exe
C:\Program Files\Adobe\Acrobat 8.0\Acrobat\acrotray.exe
C:\Windows\system32\conhost.exe
C:\Program Files\AVG\AVG10\avgtray.exe
C:\Windows\System32\igfxpers.exe
C:\Program Files\Common Files\Java\Java Update\jusched.exe
C:\Program Files\Hp\HP Color LaserJet CM2320 MFP Series\hppfaxprintersrv.exe
C:\Program Files\Hp\HP UT\bin\hppusg.exe
C:\Program Files\Microsoft IntelliPoint\ipoint.exe
C:\Program Files\Motorola\MotoConnectService\MotoConnect.exe
C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
C:\Users\Steev\AppData\Local\Google\Update\GoogleUpdate.exe
C:\Windows\System32\rundll32.exe
C:\Windows\system32\igfxsrvc.exe
C:\ProgramData\fhFLtreUvTGXnKC.exe
C:\Windows\system32\wuauclt.exe
C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
C:\Program Files\AVG\AVG10\Identity Protection\agent\bin\avgidsmonitor.exe
C:\Windows\system32\attrib.exe
C:\ProgramData\36822792.exe
C:\Windows\system32\conhost.exe
C:\Windows\system32\conhost.exe
C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWA_Main.exe
C:\Program Files\Hewlett-Packard\Shared\hpCaslNotification.exe
C:\Windows\system32\attrib.exe
C:\Windows\system32\conhost.exe
F:\dds.scr
C:\Windows\system32\conhost.exe
.
============== Pseudo HJT Report ===============
.
uStart Page = hxxp://www.bing.com/?pc=ZUGO&form=ZGAPHP
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll
BHO: AVG Safe Search: {3ca2f312-6f6e-4b53-a66e-4e65e497c8c0} - c:\program files\avg\avg10\avgssie.dll
BHO: {5C255C8A-E604-49b4-9D64-90988571CECB} - No File
BHO: Search Helper: {6ebf7485-159f-4bff-a14f-b9e3aac4465b} - c:\program files\microsoft\search enhancement pack\search helper\SEPsearchhelperie.dll
BHO: Groove GFS Browser Helper: {72853161-30c5-4d22-b7f9-0bbc1d38a37e} - c:\progra~1\mif5ba~1\office14\GROOVEEX.DLL
BHO: Windows Live ID Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - c:\program files\common files\microsoft shared\windows live\WindowsLiveLogin.dll
BHO: Search Toolbar: {9d425283-d487-4337-bab6-ab8354a81457} - c:\program files\search toolbar\SearchToolbar.dll
BHO: Adobe PDF Conversion Toolbar Helper: {ae7cd045-e861-484f-8273-0445ee161910} - c:\program files\adobe\acrobat 8.0\acrobat\AcroIEFavClient.dll
BHO: Office Document Cache Handler: {b4f3a835-0e21-4959-ba22-42b3008e02ff} - c:\progra~1\mif5ba~1\office14\URLREDIR.DLL
BHO: MSN Toolbar BHO: {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - c:\program files\msn toolbar\platform\4.0.0369.0\npwinext.dll
BHO: Java™ Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
TB: MSN Toolbar: {8dcb7100-df86-4384-8842-8fa844297b3f} - c:\program files\msn toolbar\platform\4.0.0369.0\npwinext.dll
TB: Adobe PDF: {47833539-d0c5-4125-9fa8-0819e2eaac93} - c:\program files\adobe\acrobat 8.0\acrobat\AcroIEFavClient.dll
TB: Search Toolbar: {9d425283-d487-4337-bab6-ab8354a81457} - c:\program files\search toolbar\SearchToolbar.dll
EB: Adobe PDF: {182ec0be-5110-49c8-a062-beb1d02a220b} - c:\program files\adobe\acrobat 8.0\acrobat\AcroIEFavClient.dll
uRun: [Google Update] "c:\users\steev\appdata\local\google\update\GoogleUpdate.exe" /c
uRun: [Lfodupadewiyohup] rundll32.exe "c:\users\steev\appdata\local\mgesyp.dll",Startup
uRun: [fhFLtreUvTGXnKC] c:\programdata\fhFLtreUvTGXnKC.exe
uRun: [Zxjejd] c:\users\steev\appdata\roaming\Zxjejd.exe
uRun: [engel] c:\users\steev\appdata\roaming\5467.tmp.exe
uRun: [12CFG214-K641-12SF-N85P] c:\recycler\s-1-5-21-0243936033-3052116371-381863308-1811\vsbntlo.exe
uRun: [506E7F4A_0] c:\users\steev\appdata\local\temp\hhckoyg.exe
uRun: [Lviehfngpqg] c:\users\steev\appdata\local\temp\phaommx.exe
mRun: [SynTPEnh] %ProgramFiles%\Synaptics\SynTP\SynTPEnh.exe
mRun: [IAAnotif] c:\program files\intel\intel matrix storage manager\iaanotif.exe
mRun: [SysTrayApp] c:\program files\idt\wdm\sttray.exe
mRun: [MSN Toolbar] "c:\program files\msn toolbar\platform\4.0.0369.0\mswinext.exe"
mRun: [Microsoft Default Manager] "c:\program files\microsoft\search enhancement pack\default manager\DefMgr.exe" -resume
mRun: [DTRun] c:\program files\arcsoft\totalmedia theatre 3\uDTRun.exe
mRun: [HP Quick Launch] c:\program files\hewlett-packard\hp quick launch\HPMSGSVC.exe
mRun: [Adobe ARM] "c:\program files\common files\adobe\arm\1.0\AdobeARM.exe"
mRun: [Adobe Reader Speed Launcher] "c:\program files\adobe\reader 9.0\reader\Reader_sl.exe"
mRun: [HP Software Update] c:\program files\hp\hp software update\HPWuSchd2.exe
mRun: [ZumoDrive] "c:\program files\hewlett-packard\hp clouddrive\ZumoLauncher.lnk"
mRun: [HPWirelessAssistant] c:\program files\hewlett-packard\hp wireless assistant\delayedappstarter.exe 120 c:\program files\hewlett-packard\hp wireless assistant\HPWA_Main.exe /hidden
mRun: [BCSSync] "c:\program files\microsoft office\office14\BCSSync.exe" /DelayServices
mRun: [Acrobat Assistant 8.0] "c:\program files\adobe\acrobat 8.0\acrobat\Acrotray.exe"
mRun: [<NO NAME>]
mRun: [AVG_TRAY] c:\program files\avg\avg10\avgtray.exe
mRun: [IgfxTray] c:\windows\system32\igfxtray.exe
mRun: [HotKeysCmds] c:\windows\system32\hkcmd.exe
mRun: [Persistence] c:\windows\system32\igfxpers.exe
mRun: [SunJavaUpdateSched] "c:\program files\common files\java\java update\jusched.exe"
mRun: [HP Color LaserJet CM2320 MFP Series Fax] c:\program files\hp\hp color laserjet cm2320 mfp series\hppfaxprintersrv.exe "HP Color LaserJet CM2320 MFP Series Fax"
mRun: [HPUsageTracking] "c:\program files\hp\hp ut\bin\hppusg.exe" "c:\program files\hp\hp ut\"
mRun: [IntelliPoint] "c:\program files\microsoft intellipoint\ipoint.exe"
mRun: [cftmon] c:\windows\system32\dafr.exe
mRun: [Lviehfngpqg] c:\users\steev\appdata\local\temp\phaommx.exe
uPolicies-system: DisableTaskMgr = 1 (0x1)
uPolicies-system: DisableRegistryTools = 1 (0x1)
mPolicies-system: ConsentPromptBehaviorAdmin = 0 (0x0)
mPolicies-system: ConsentPromptBehaviorUser = 3 (0x3)
mPolicies-system: EnableLUA = 0 (0x0)
mPolicies-system: EnableUIADesktopToggle = 0 (0x0)
mPolicies-system: PromptOnSecureDesktop = 0 (0x0)
mPolicies-system: DisableTaskMgr = 1 (0x1)
IE: Append Link Target to Existing PDF - c:\program files\common files\adobe\acrobat\activex\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
IE: Append to existing PDF - c:\program files\adobe\acrobat 8.0\acrobat\AcroIEFavClient.dll/AcroIEAppend.html
IE: Convert link target to Adobe PDF - c:\program files\adobe\acrobat 8.0\acrobat\AcroIEFavClient.dll/AcroIECapture.html
IE: Convert link target to existing PDF - c:\program files\adobe\acrobat 8.0\acrobat\AcroIEFavClient.dll/AcroIEAppend.html
IE: Convert selected links to Adobe PDF - c:\program files\adobe\acrobat 8.0\acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
IE: Convert selected links to existing PDF - c:\program files\adobe\acrobat 8.0\acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
IE: Convert selection to Adobe PDF - c:\program files\adobe\acrobat 8.0\acrobat\AcroIEFavClient.dll/AcroIECapture.html
IE: Convert selection to existing PDF - c:\program files\adobe\acrobat 8.0\acrobat\AcroIEFavClient.dll/AcroIEAppend.html
IE: Convert to Adobe PDF - c:\program files\adobe\acrobat 8.0\acrobat\AcroIEFavClient.dll/AcroIECapture.html
IE: E&xport to Microsoft Excel - c:\progra~1\mif5ba~1\office14\EXCEL.EXE/3000
IE: Se&nd to OneNote - c:\progra~1\mif5ba~1\office14\ONBttnIE.dll/105
IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - c:\program files\windows live\writer\WriterBrowserExtension.dll
IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - c:\program files\microsoft office\office14\ONBttnIE.dll
IE: {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - {FFFDC614-B694-4AE6-AB38-5D6374584B52} - c:\program files\microsoft office\office14\ONBttnIELinkedNotes.dll
DPF: {6F15128C-E66A-490C-B848-5000B5ABEEAC} - hxxps://h20436.www2.hp.com/ediags/dex/secure/HPDEXAXO.cab
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cab
Filter: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - c:\program files\common files\microsoft shared\office14\MSOXMLMF.DLL
Handler: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - c:\program files\avg\avg10\avgpp.dll
Notify: igfxcui - igfxdev.dll
AppInit_DLLs: c:\windows\System32
SEH: Groove GFS Stub Execution Hook: {b5a7f190-dda6-4420-b3ba-52453494e6cd} - c:\progra~1\mif5ba~1\office14\GROOVEEX.DLL
mASetup: {4FB2407C-C8E4-BBC8-BB1C-FCCB2EF5914B} - c:\program files\hewlett-packard\hp media suite\home\HPMediaSuite.exe "/installer"
mASetup: {4FB2AA7C-C8E4-BBC8-BB1C-FAAB2EF5914B} - c:\windows\system32\wscript.exe "c:\program files\hewlett-packard\hp media suite\home\PinItem.vbs"
.
============= SERVICES / DRIVERS ===============
.
R0 AVGIDSEH;AVGIDSEH;c:\windows\system32\drivers\AVGIDSEH.sys [2010-9-13 25680]
R0 Avgrkx86;AVG Anti-Rootkit Driver;c:\windows\system32\drivers\avgrkx86.sys [2010-9-7 26064]
R1 archlp;archlp;c:\windows\system32\drivers\ArcHlp.sys [2009-6-3 131584]
R1 Avgldx86;AVG AVI Loader Driver;c:\windows\system32\drivers\avgldx86.sys [2010-12-8 251728]
R1 Avgmfx86;AVG Mini-Filter Resident Anti-Virus Shield;c:\windows\system32\drivers\avgmfx86.sys [2010-9-7 34384]
R1 Avgtdix;AVG TDI Driver;c:\windows\system32\drivers\avgtdix.sys [2010-11-12 299984]
R1 DVMIO;DeviceVM IO Service;c:\windows\system32\drivers\dvmio.sys [2009-11-11 18136]
R1 vwififlt;Virtual WiFi Filter Driver;c:\windows\system32\drivers\vwififlt.sys [2009-7-13 48128]
R2 AESTFilters;Andrea ST Filters Service;c:\windows\system32\driverstore\filerepository\stwrt.inf_x86_neutral_0cefa6767c6211ec\AEstSrv.exe [2010-6-10 81920]
R2 AVGIDSAgent;AVGIDSAgent;c:\program files\avg\avg10\identity protection\agent\bin\AVGIDSAgent.exe [2011-1-6 6128720]
R2 avgwd;AVG WatchDog;c:\program files\avg\avg10\avgwdsvc.exe [2010-10-22 265400]
R2 DvmMDES;DeviceVM Meta Data Export Service;c:\swsetup\quickweb\qw.sys\config\DVMExportService.exe [2010-3-31 338168]
R2 srenum;srenum;c:\windows\system32\drivers\srenum.sys [2011-5-1 58720]
R3 AVGIDSDriver;AVGIDSDriver;c:\windows\system32\drivers\AVGIDSDriver.sys [2010-8-19 123472]
R3 AVGIDSFilter;AVGIDSFilter;c:\windows\system32\drivers\AVGIDSFilter.sys [2010-8-19 30288]
R3 AVGIDSShim;AVGIDSShim;c:\windows\system32\drivers\AVGIDSShim.sys [2010-8-19 21072]
R3 ndisrd;WinpkFilter Service;c:\windows\system32\drivers\ndisrd.sys [2011-5-1 20480]
R3 vwifimp;Microsoft Virtual WiFi Miniport Service;c:\windows\system32\drivers\vwifimp.sys [2009-7-13 14336]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\microsoft.net\framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
S3 b57nd60x;Broadcom NetXtreme Gigabit Ethernet - NDIS 6.0;c:\windows\system32\drivers\b57nd60x.sys [2009-7-13 229888]
S3 HPFXFAX;HPFXFAX;c:\windows\system32\drivers\hpfxfax.sys [2011-4-8 20504]
S3 netw5v32;Intel® Wireless WiFi Link 5000 Series Adapter Driver for Windows Vista 32 Bit;c:\windows\system32\drivers\netw5v32.sys [2009-6-10 4231168]
S3 RSUSBSTOR;RtsUStor.Sys Realtek USB Card Reader;c:\windows\system32\drivers\RtsUStor.sys [2010-6-10 186912]
S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\drivers\Rt86win7.sys [2010-6-10 204288]
S3 SrvHsfHDA;SrvHsfHDA;c:\windows\system32\drivers\VSTAZL3.SYS [2009-7-13 207360]
S3 SrvHsfV92;SrvHsfV92;c:\windows\system32\drivers\VSTDPV3.SYS [2009-7-13 980992]
S3 SrvHsfWinac;SrvHsfWinac;c:\windows\system32\drivers\VSTCNXT3.SYS [2009-7-13 661504]
S3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\TsUsbFlt.sys [2011-3-3 52224]
S3 WDC_SAM;WD SCSI Pass Thru driver;c:\windows\system32\drivers\wdcsam.sys [2009-2-13 11520]
S3 yukonw7;NDIS6.2 Miniport Driver for Marvell Yukon Ethernet Controller;c:\windows\system32\drivers\yk62x86.sys [2009-7-13 311296]
.
=============== Created Last 30 ================
.
2011-05-02 00:56:26 743352 ----a-w- c:\windows\system32\PerfStringBackup.TMP
2011-05-01 22:44:34 444416 ---ha-w- c:\progra~2\36822792.exe
2011-05-01 22:41:21 58720 ---ha-w- c:\windows\system32\drivers\srenum.sys
2011-05-01 22:41:21 4128 ---ha-w- c:\windows\system32\msrun.exe
2011-05-01 22:36:32 385024 ---ha-w- c:\windows\system32\dafr.exe
2011-05-01 22:36:21 50000 ---ha-w- c:\windows\system32\ww1waf.dll
2011-05-01 22:35:50 -------- d--h--w- c:\users\steev\appdata\roaming\engel
2011-05-01 22:35:47 24930 ---ha-w- c:\users\steev\appdata\roaming\70B0.tmp
2011-05-01 22:35:43 24576 ---ha-w- c:\users\steev\appdata\roaming\6134.tmp
2011-05-01 22:35:40 27136 ---ha-w- c:\users\steev\appdata\roaming\5467.tmp
2011-05-01 22:34:57 520704 ---ha-w- c:\progra~2\fhFLtreUvTGXnKC.exe
2011-05-01 22:34:57 20480 ---ha-w- c:\windows\system32\drivers\ndisrd.sys
2011-05-01 22:34:56 -------- d--h--w- c:\program files\Search Toolbar
2011-05-01 03:55:38 -------- d--h--w- c:\program files\Microsoft IntelliPoint
2011-05-01 03:04:14 870912 ----a-w- c:\windows\system32\XpsPrint.dll
2011-05-01 03:04:12 2616320 ----a-w- c:\windows\explorer.exe
2011-04-23 01:02:38 311808 ----a-w- c:\windows\system32\drivers\srv.sys
2011-04-23 01:02:38 310272 ----a-w- c:\windows\system32\drivers\srv2.sys
2011-04-23 01:02:38 114176 ----a-w- c:\windows\system32\drivers\srvnet.sys
2011-04-23 01:02:36 28672 ----a-w- c:\windows\system32\dnscacheugc.exe
2011-04-23 01:02:36 132608 ----a-w- c:\windows\system32\dnsrslvr.dll
2011-04-23 01:02:35 34304 ----a-w- c:\windows\system32\atmlib.dll
2011-04-23 01:02:35 294912 ----a-w- c:\windows\system32\atmfd.dll
2011-04-23 01:02:34 2333184 ----a-w- c:\windows\system32\win32k.sys
2011-04-23 01:02:32 191488 ----a-w- c:\windows\system32\FXSCOVER.exe
2011-04-23 01:02:31 288256 ----a-w- c:\windows\system32\XpsGdiConverter.dll
2011-04-23 01:02:30 741376 ----a-w- c:\windows\system32\inetcomm.dll
2011-04-23 01:02:28 1164288 ----a-w- c:\windows\system32\mfc42u.dll
2011-04-23 01:02:28 1137664 ----a-w- c:\windows\system32\mfc42.dll
2011-04-23 01:02:25 96768 ----a-w- c:\windows\system32\drivers\mrxsmb20.sys
2011-04-23 01:02:25 69632 ----a-w- c:\windows\system32\drivers\bowser.sys
2011-04-23 01:02:25 223232 ----a-w- c:\windows\system32\drivers\mrxsmb10.sys
2011-04-23 01:02:25 123904 ----a-w- c:\windows\system32\drivers\mrxsmb.sys
2011-04-13 22:02:36 40984 ----a-w- c:\windows\system32\drivers\point32.sys
2011-04-09 06:02:04 390656 ---ha-w- c:\windows\system32\ipcoin815.dll
2011-04-08 21:06:49 9451 ---h--w- c:\windows\system32\hppfaxprintermonui5.dll
2011-04-08 21:06:49 13929 ---h--w- c:\windows\system32\hppfaxprintermon5.dll
2011-04-08 20:33:58 608 --sha-w- c:\windows\system32\winzvprt5.sys
2011-04-08 20:31:41 281600 ---ha-w- c:\windows\system32\spool\prtprocs\w32x86\hpcpp093.DLL
2011-04-08 20:25:23 161280 ---ha-w- c:\windows\system32\hpcpn093.dll
2011-04-08 20:25:22 59928 ---ha-w- c:\windows\system32\fxcompchannel.dll
2011-04-08 20:20:58 26136 ---ha-w- c:\windows\system32\drivers\hpfxgen.sys
2011-04-08 20:20:58 20504 ---ha-w- c:\windows\system32\drivers\hpfxfax.sys
2011-04-08 20:20:58 17432 ---ha-w- c:\windows\system32\drivers\hpfxbulk.sys
2011-04-08 20:20:56 770048 ---ha-w- c:\windows\system32\hpptsp05.dll
2011-04-08 20:20:56 761856 ---ha-w- c:\windows\system32\hpxp2320.dll
2011-04-08 20:20:56 450560 ---ha-w- c:\windows\system32\hppasc12.dll
2011-04-08 20:20:56 331776 ---ha-w- c:\windows\system32\hppcpr12.dll
2011-04-08 20:20:56 188416 ---ha-w- c:\windows\system32\hppcew12.dll
2011-04-08 20:20:55 59928 ---ha-w- c:\windows\system32\fxfaxchannel.dll
2011-04-08 20:20:55 188416 ---ha-w- c:\windows\system32\hppafx12.dll
2011-04-08 20:18:58 -------- d--h--w- C:\CM_2320_Full_Solution_Win7_3_1_AM-EMEA1
2011-04-08 20:08:31 -------- d--h--w- c:\program files\common files\SWF Studio
2011-04-08 20:06:14 -------- d--h--w- C:\HP_CM2320_series_full_solution_v3.0_AM-EMEA
2011-04-08 17:51:59 748336 ----a-w- c:\program files\internet explorer\iexplore.exe
2011-04-08 17:51:58 74752 ----a-w- c:\windows\system32\RegisterIEPKEYs.exe
2011-04-08 17:51:58 161792 ----a-w- c:\windows\system32\msls31.dll
2011-04-08 17:51:58 1126912 ----a-w- c:\windows\system32\wininet.dll
2011-04-08 17:51:58 107008 ----a-w- c:\program files\internet explorer\iecleanup.exe
2011-04-08 17:51:57 386560 ----a-w- c:\program files\internet explorer\jsdbgui.dll
2011-04-08 17:51:57 307200 ----a-w- c:\program files\internet explorer\iediagcmd.exe
2011-04-08 17:51:57 149504 ----a-w- c:\program files\internet explorer\jsprofilerui.dll
2011-04-08 17:51:57 141104 ----a-w- c:\program files\internet explorer\sqmapi.dll
2011-04-08 17:51:57 110592 ----a-w- c:\windows\system32\IEAdvpack.dll
2011-04-08 17:51:56 86528 ----a-w- c:\windows\system32\iesysprep.dll
2011-04-08 17:51:56 76800 ----a-w- c:\windows\system32\SetIEInstalledDate.exe
2011-04-08 17:51:56 48640 ----a-w- c:\windows\system32\mshtmler.dll
2011-04-08 17:51:56 22016 ----a-w- c:\program files\internet explorer\ExtExport.exe
2011-04-08 17:51:55 63488 ----a-w- c:\windows\system32\tdc.ocx
2011-04-08 17:51:55 466432 ----a-w- c:\program files\internet explorer\ieinstal.exe
2011-04-08 17:51:55 367104 ----a-w- c:\windows\system32\html.iec
2011-04-08 17:51:55 222720 ----a-w- c:\program files\internet explorer\ielowutil.exe
2011-04-08 17:51:55 194048 ----a-w- c:\program files\internet explorer\IEShims.dll
2011-04-08 17:51:54 74752 ----a-w- c:\windows\system32\iesetup.dll
2011-04-08 17:51:53 301056 ----a-w- c:\program files\internet explorer\networkinspection.dll
2011-04-08 17:51:53 23552 ----a-w- c:\windows\system32\licmgr10.dll
2011-04-08 17:51:53 193536 ----a-w- c:\program files\internet explorer\ieproxy.dll
2011-04-08 17:51:53 1427456 ----a-w- c:\windows\system32\inetcpl.cpl
2011-04-08 17:51:52 678912 ----a-w- c:\program files\internet explorer\iedvtool.dll
2011-04-08 17:51:52 152064 ----a-w- c:\windows\system32\wextract.exe
2011-04-08 17:51:52 150528 ----a-w- c:\windows\system32\iexpress.exe
2011-04-08 17:51:51 49664 ----a-w- c:\program files\internet explorer\JSProfilerCore.dll
2011-04-08 17:51:51 420864 ----a-w- c:\windows\system32\vbscript.dll
2011-04-08 17:51:51 2382848 ----a-w- c:\windows\system32\mshtml.tlb
2011-04-08 17:51:51 142848 ----a-w- c:\windows\system32\ieUnatt.exe
2011-04-08 17:51:50 1797632 ----a-w- c:\windows\system32\jscript9.dll
2011-04-08 17:51:50 11776 ----a-w- c:\windows\system32\mshta.exe
2011-04-08 17:51:50 104448 ----a-w- c:\program files\internet explorer\jsdebuggeride.dll
2011-04-08 17:51:50 101888 ----a-w- c:\windows\system32\admparse.dll
2011-04-08 17:51:49 766976 ----a-w- c:\program files\common files\microsoft shared\vgx\VGX.dll
2011-04-08 17:51:49 35840 ----a-w- c:\windows\system32\imgutil.dll
.
==================== Find3M ====================
.
2011-03-03 19:49:17 152576 ---ha-w- c:\windows\system32\msclmd.dll
2011-02-19 06:30:54 805376 ----a-w- c:\windows\system32\FntCache.dll
2011-02-19 06:30:51 1076736 ----a-w- c:\windows\system32\DWrite.dll
2011-02-19 06:30:50 739840 ----a-w- c:\windows\system32\d2d1.dll
2011-02-03 04:40:23 472808 ---ha-w- c:\windows\system32\deployJava1.dll
.
============= FINISH: 18:11:18.97 ===============

Just for info, I have a second current virus/malware topic, but it's for a different computer. I don't know if these two are related, but this one (a netbook) is mainly used by my kid at college. He doesn't take it home much, so I don't know if there is any infection via the home network.

Thanks a lot for your help.
Steve

Merged posts. ~ OB

Attached File(s)

Attach.txt (792bytes)
Number of downloads: 1

This post has been edited by Orange Blossom: 04 May 2011 - 10:36 PM

#2 SweetTech

Agent ST

Group: Malware Response Team
Posts: 12,662
Joined: 15-March 09
Gender:Male
Location:Antarctica

Posted 08 May 2011 - 09:47 AM

Hello and welcome to the forums!

My secret agent name on the forums is SweetTech (you can call me ST for short), it's a pleasure to meet you.

I am very sorry for the delay in responding, but as you can see we are at the moment being flooded with logs which, when paired with the never-ending shortage of helpers, resulted in the delayed responding to your thread.

I would be glad to take a look at your log and help you with solving any malware problems.

If you have since resolved the issues you were originally experiencing, or have received help elsewhere, please inform me so that this topic can be closed.

If you have not, please adhere to the guidelines below and then follow instructions as outlined further below:

Logs from malware removal programs (OTL is one of them) can take some time to analyze. I need you to be patient while I analyze any logs you post. Please remember, I am a volunteer, and I do have a life outside of these forums.
Please make sure to carefully read any instruction that I give you. Attention to detail is important! Since I cannot see or directly interact with your computer I am dependent on you to "be my eyes" and provide as much information as you can regarding the current state of your computer.
If you're not sure, or if something unexpected happens, do NOT continue! Stop and ask!
In Windows Vista and Windows 7, all tools need to be started by right clicking and selecting Run as Administrator!
If I instruct you to download a specific tool in which you already have, please delete the copy that you have and re-download the tool. The reason I ask you to do this is because these tools are updated fairly regularly.
Do not do things I do not ask for, such as running a spyware scan on your computer. The one thing that you should always do, is to make sure sure that your anti-virus definitions are up-to-date!
Please do not use the Attachment feature for any log file. Do a Copy/Paste of the entire contents of the log file and submit it inside your post.
I am going to stick with you until ALL malware is gone from your system. I would appreciate it if you would do the same. From this point, we're in this together ;)
Because of this, you must reply within three days failure to reply will result in the topic being closed!
Please do not PM me directly for help. If you have any questions, post them in this topic.
Lastly, I am no magician. I will try very hard to fix your issues, but no promises can be made. Also be aware that some infections are so severe that you might need to resort to reformatting and reinstalling your operating system.
Don't worry, this only happens in severe cases, but it sadly does happen. Be prepared to back up your data. Have means of backing up your data available.

____________________________________________________

Rootkit UnHooker (RkU)
Please download Rootkit Unhooker from one of the following links and save it to your desktop.

Link 1 (.exe file)

Link 2 (zipped file)

Link 3 (.rar file)

In order to use this tool if you downloaded from either of the second two links, you will need to extract the RKUnhookerLE.exe file using a program capable of extracing ZIP and RAR compressed files. If you don't have an extraction program, you can downlaod, install and use the free 7-zip utility.

Double-click on RKUnhookerLE.exe to start the program.
Vista/Windows 7 users right-click and select Run As Administrator.
Click the Report tab, then click Scan.
Check Drivers, Stealth, and uncheck the rest.
Click OK.
Wait until it's finished and then go to File > Save Report.
Save the report to your Desktop.
Copy and paste the contents of the report into your next reply.

-- Note: You may get this warning...just ignore it, click OK and continue: "Rootkit Unhooker has detected a parasite inside itself! It is recommended to remove parasite, okay?".

NEXT:

Running OTL

We need to create an OTL Report

Please download OTL from one of the following mirrors:
- This is THE Mirror
Save it to your desktop.
Double click on the icon on your desktop.
Click the "Scan All Users" checkbox.
Push the button.
Two reports will open, copy and paste them in a reply here:
- OTL.txt <-- Will be opened
- Extra.txt <-- Will be minimized

NEXT:

Please provide an update on how things are running in your next reply.

Have I helped you? If you'd like to assist in the fight against malware, click here

The instructions seen in this post have been specifically tailored to this user and the issues they are experiencing with their computer. If you think you have a similar problem, please first read this topic, and then begin your own, new thread. I do not offer private support via Private Message.

#3 nyclad

Member

Group: Members
Posts: 44
Joined: 06-September 10

Posted 08 May 2011 - 05:33 PM

Hi ST,

Thanks for your help. The affected computer's infection has the internet disabled, so I had to use another computer to download the two programs, RKUnhookerLE and OTL, and I put them on a flash drive, but I had to run them directly off the flash drive as anything I put on the affected computer's desktop seems to disappear. (the entire desktop is blank/black.)

I was able to run the RKUnhookerLE on normal mode, but I could not completely run OTL. The computer reboots itself after about 20 minutes, which doesn't allow OTL to complete the scan. Some fake virus window pops up alleging hard drive delayed write failure and it reboots before I can do anything else.

I was able to run OTL on Windows 7 Safe Mode, but oddly enough, I cannot run RKUnhookerLE in Safe mode.

I have posted the RKUnhookerLE from the Normal Mode, but the 2 reports from OTL are in the Windows 7 Startup's Safe Mode. If you need the 2 OTL reports in Normal Mode, I'll need a way to keep it from rebooting long enough to allow OTL to finish it's scan.

Hopefully these will work. Thanks again.

RKUnhookerLE Report:

RkU Version: 3.8.388.590, Type LE (SR2)
==============================================
OS Name: Windows 7
Version 6.1.7601 (Service Pack 1)
Number of processors #2
==============================================
>Drivers
==============================================
0x8B619000 C:\Windows\system32\DRIVERS\igdkmd32.sys 5275648 bytes (Intel Corporation, Intel Graphics Kernel Mode Driver)
0x81A4D000 C:\Windows\system32\ntkrnlpa.exe 4268032 bytes (Microsoft Corporation, NT Kernel & System)
0x81A4D000 PnpManager 4268032 bytes
0x81A4D000 RAW 4268032 bytes
0x81A4D000 WMIxWDM 4268032 bytes
0x8C225000 C:\Windows\system32\DRIVERS\bcmwl6.sys 2732032 bytes (Broadcom Corporation, Broadcom 802.11 Network Adapter wireless driver)
0x8F810000 Win32k 2416640 bytes
0x8F810000 C:\Windows\System32\win32k.sys 2416640 bytes (Microsoft Corporation, Multi-User Win32 Driver)
0x86A34000 C:\Windows\System32\drivers\tcpip.sys 1351680 bytes (Microsoft Corporation, TCP/IP Driver)
0x8660B000 C:\Windows\System32\Drivers\Ntfs.sys 1241088 bytes (Microsoft Corporation, NT File System Driver)
0x8A617000 C:\Windows\System32\Drivers\dump_iaStor.sys 892928 bytes
0x86439000 C:\Windows\system32\DRIVERS\iaStor.sys 892928 bytes (Intel Corporation, Intel Matrix Storage Manager driver - ia32)
0x8BB21000 C:\Windows\System32\drivers\dxgkrnl.sys 749568 bytes (Microsoft Corporation, DirectX Graphics Kernel)
0x8683E000 C:\Windows\system32\drivers\ndis.sys 749568 bytes (Microsoft Corporation, NDIS 6.20 driver)
0x860FC000 C:\Windows\system32\CI.dll 700416 bytes (Microsoft Corporation, Code Integrity Module)
0xA8960000 C:\Windows\system32\drivers\peauth.sys 618496 bytes (Microsoft Corporation, Protected Environment Authentication and Authorization Export Driver)
0xA880D000 C:\Windows\system32\drivers\HTTP.sys 544768 bytes (Microsoft Corporation, HTTP Protocol Stack)
0x8601C000 C:\Windows\system32\mcupdate_GenuineIntel.dll 544768 bytes (Microsoft Corporation, Intel Microcode Update Library)
0x86231000 C:\Windows\system32\drivers\Wdf01000.sys 462848 bytes (Microsoft Corporation, Kernel Mode Driver Framework Runtime)
0x8BEC6000 C:\Windows\system32\DRIVERS\stwrt.sys 442368 bytes (IDT, Inc., IDT PC Audio)
0x86778000 C:\Windows\System32\Drivers\cng.sys 380928 bytes (Microsoft Corporation, Kernel Cryptography, Next Generation)
0x8AE28000 C:\Windows\system32\drivers\afd.sys 368640 bytes (Microsoft Corporation, Ancillary Function Driver for WinSock)
0xABC93000 C:\Windows\System32\DRIVERS\srv.sys 335872 bytes (Microsoft Corporation, Server driver)
0xABC1B000 C:\Windows\System32\DRIVERS\srv2.sys 327680 bytes (Microsoft Corporation, Smb 2.0 Server driver)
0x8FAC0000 C:\Windows\System32\ATMFD.DLL 315392 bytes (Adobe Systems Incorporated, Windows NT OpenType/Type 1 Font Driver)
0x8C4F6000 C:\Windows\system32\drivers\USBPORT.SYS 307200 bytes (Microsoft Corporation, USB 1.1 & 2.0 Port Driver)
0x86372000 C:\Windows\System32\drivers\volmgrx.sys 307200 bytes (Microsoft Corporation, Volume Manager Extension Driver)
0x862B0000 C:\Windows\system32\drivers\ACPI.sys 294912 bytes (Microsoft Corporation, ACPI Driver for NT)
0x865A5000 C:\Windows\system32\DRIVERS\avgtdix.sys 294912 bytes (AVG Technologies CZ, s.r.o., AVG Network connection watcher)
0x861A7000 C:\Windows\system32\DRIVERS\nwifi.sys 286720 bytes (Microsoft Corporation, NativeWiFi Miniport Driver)
0x8BE71000 C:\Windows\system32\drivers\usbhub.sys 278528 bytes (Microsoft Corporation, Default Hub Driver for USB)
0x860BA000 C:\Windows\system32\CLFS.SYS 270336 bytes (Microsoft Corporation, Common Log File System Driver)
0x8AEEB000 C:\Windows\system32\DRIVERS\rdbss.sys 266240 bytes (Microsoft Corporation, Redirected Drive Buffering SubSystem Driver)
0x86BAF000 C:\Windows\system32\drivers\volsnap.sys 258048 bytes (Microsoft Corporation, Volume Shadow Copy Driver)
0x868F5000 C:\Windows\system32\drivers\NETIO.SYS 253952 bytes (Microsoft Corporation, Network I/O Subsystem)
0x8AF75000 C:\Windows\system32\DRIVERS\avgldx86.sys 245760 bytes (AVG Technologies CZ, s.r.o., AVG AVI Loader Driver)
0xA88E0000 C:\Windows\system32\DRIVERS\mrxsmb10.sys 241664 bytes (Microsoft Corporation, Longhorn SMB Downlevel SubRdr)
0x8C575000 C:\Windows\system32\DRIVERS\SynTP.sys 241664 bytes (Synaptics Incorporated, Synaptics Touchpad Driver)
0x86400000 C:\Windows\System32\drivers\dxgmms1.sys 233472 bytes (Microsoft Corporation, DirectX Graphics MMS)
0x81A16000 ACPI_HAL 225280 bytes
0x81A16000 C:\Windows\system32\halmacpi.dll 225280 bytes (Microsoft Corporation, Hardware Abstraction Layer DLL)
0x86560000 C:\Windows\system32\drivers\fltmgr.sys 212992 bytes (Microsoft Corporation, Microsoft Filesystem Filter Manager)
0x8BE2F000 C:\Windows\system32\drivers\ks.sys 212992 bytes (Microsoft Corporation, Kernel CSA Library)
0x86968000 C:\Windows\System32\DRIVERS\fvevol.sys 204800 bytes (Microsoft Corporation, BitLocker Drive Encryption Driver)
0x86800000 C:\Windows\System32\DRIVERS\netbt.sys 204800 bytes (Microsoft Corporation, MBT Transport driver)
0x86B7E000 C:\Windows\System32\drivers\fwpkclnt.sys 200704 bytes (Microsoft Corporation, FWP/IPsec Kernel-Mode API)
0x8BF32000 C:\Windows\system32\DRIVERS\portcls.sys 192512 bytes (Microsoft Corporation, Port Class (Class Driver for Port/Miniport Devices))
0x86A00000 C:\Windows\System32\drivers\rdyboost.sys 184320 bytes (Microsoft Corporation, ReadyBoost Driver)
0x8673A000 C:\Windows\System32\Drivers\msrpc.sys 176128 bytes (Microsoft Corporation, Kernel Remote Procedure Call Provider)
0x8BF7A000 C:\Windows\System32\Drivers\fastfat.SYS 172032 bytes (Microsoft Corporation, Fast FAT File System Driver)
0x86309000 C:\Windows\system32\drivers\pci.sys 172032 bytes (Microsoft Corporation, NT Plug and Play PCI Enumerator)
0xABC6B000 C:\Windows\system32\DRIVERS\AVGIDSDriver.Sys 163840 bytes (AVG Technologies CZ, s.r.o. , IDS Application Activity Monitor Driver.)
0x869AB000 C:\Windows\system32\DRIVERS\CLASSPNP.SYS 151552 bytes (Microsoft Corporation, SCSI Class System Dll)
0x86933000 C:\Windows\System32\Drivers\ksecpkg.sys 151552 bytes (Microsoft Corporation, Kernel Security Support Provider Interface Packages)
0x8BE0B000 C:\Windows\System32\Drivers\usbvideo.sys 147456 bytes (Microsoft Corporation, USB Video Class Driver)
0x8651C000 C:\Windows\system32\drivers\ataport.SYS 143360 bytes (Microsoft Corporation, ATAPI Driver Extension)
0xA88BD000 C:\Windows\system32\DRIVERS\mrxsmb.sys 143360 bytes (Microsoft Corporation, Windows NT SMB Minirdr)
0x8A7D8000 C:\Windows\system32\DRIVERS\ndiswan.sys 139264 bytes (Microsoft Corporation, MS PPP Framing Driver (Strong Encryption))
0x8C4CA000 C:\Windows\system32\DRIVERS\BRCMHD32.sys 135168 bytes (Broadcom Corporation, Broadcom CrystalHD Decoder Driver)
0x863D3000 C:\Windows\System32\DRIVERS\srvnet.sys 135168 bytes (Microsoft Corporation, Server Network driver)
0x8AFD0000 C:\Windows\system32\DRIVERS\tunnel.sys 135168 bytes (Microsoft Corporation, Microsoft Tunnel Interface Driver)
0x8A756000 C:\Windows\System32\drivers\VIDEOPRT.SYS 135168 bytes (Microsoft Corporation, Video Port Driver)
0xABCFC000 C:\Windows\system32\DRIVERS\WUDFRd.sys 135168 bytes (Microsoft Corporation, Windows Driver Foundation - User-mode Driver Framework Reflector)
0x8AFB1000 C:\Windows\system32\drivers\archlp.sys 126976 bytes
0x8BBD8000 C:\Windows\system32\drivers\HDAudBus.sys 126976 bytes (Microsoft Corporation, High Definition Audio Bus Driver)
0x8AE89000 C:\Windows\system32\DRIVERS\pacer.sys 126976 bytes (Microsoft Corporation, QoS Packet Scheduler)
0x8FAA0000 C:\Windows\System32\cdd.dll 122880 bytes (Microsoft Corporation, Canonical Display Driver)
0x8A6F1000 C:\Windows\system32\drivers\luafv.sys 110592 bytes (Microsoft Corporation, LUA File Virtualization Filter Driver)
0xA891B000 C:\Windows\system32\DRIVERS\mrxsmb20.sys 110592 bytes (Microsoft Corporation, Longhorn SMB 2.0 Redirector)
0x8A70C000 C:\Windows\system32\drivers\WudfPf.sys 106496 bytes (Microsoft Corporation, Windows Driver Foundation - User-mode Driver Framework Platform Driver)
0xA8892000 C:\Windows\system32\DRIVERS\bowser.sys 102400 bytes (Microsoft Corporation, NT Lan Manager Datagram Receiver Driver)
0x8BF61000 C:\Windows\system32\DRIVERS\drmk.sys 102400 bytes (Microsoft Corporation, Microsoft Trusted Audio Drivers)
0x8AF4F000 C:\Windows\System32\Drivers\dfsc.sys 98304 bytes (Microsoft Corporation, DFS Namespace Client Driver)
0x8C550000 C:\Windows\system32\drivers\i8042prt.sys 98304 bytes (Microsoft Corporation, i8042 Port Driver)
0x8C5E7000 C:\Windows\system32\DRIVERS\rasl2tp.sys 98304 bytes (Microsoft Corporation, RAS L2TP mini-port/call-manager driver)
0x8C20B000 C:\Windows\system32\DRIVERS\raspppoe.sys 98304 bytes (Microsoft Corporation, RAS PPPoE mini-port/call-manager driver)
0x8B600000 C:\Windows\system32\DRIVERS\raspptp.sys 94208 bytes (Microsoft Corporation, Peer-to-Peer Tunneling Protocol)
0x8A600000 C:\Windows\system32\DRIVERS\rassstp.sys 94208 bytes (Microsoft Corporation, RAS SSTP Miniport Call Manager)
0x8A7B5000 C:\Windows\system32\DRIVERS\tdx.sys 94208 bytes (Microsoft Corporation, TDI Translation Driver)
0x8BFE7000 C:\Windows\system32\DRIVERS\usbccgp.sys 94208 bytes (Microsoft Corporation, USB Common Class Generic Parent Driver)
0xABCE5000 C:\Windows\system32\DRIVERS\USBSTOR.SYS 94208 bytes (Microsoft Corporation, USB Mass Storage Class Driver)
0x863BD000 C:\Windows\System32\drivers\mountmgr.sys 90112 bytes (Microsoft Corporation, Mount Point Manager)
0x8BFBC000 C:\Windows\system32\DRIVERS\HIDCLASS.SYS 77824 bytes (Microsoft Corporation, Hid Class Library)
0x86765000 C:\Windows\System32\Drivers\ksecdd.sys 77824 bytes (Microsoft Corporation, Kernel Security Support Provider Interface)
0x867EC000 C:\Windows\system32\DRIVERS\rspndr.sys 77824 bytes (Microsoft Corporation, Link-Layer Topology Responder Driver for NDIS 6)
0x8AEC7000 C:\Windows\system32\DRIVERS\wanarp.sys 77824 bytes (Microsoft Corporation, MS Remote Access and Routing ARP Driver)
0x8C5D5000 C:\Windows\system32\DRIVERS\AgileVpn.sys 73728 bytes (Microsoft Corporation, RAS Agile Vpn Miniport Call Manager)
0x8AE00000 C:\Windows\system32\DRIVERS\intelppm.sys 73728 bytes (Microsoft Corporation, Processor Device Driver)
0xA88AB000 C:\Windows\System32\drivers\mpsdrv.sys 73728 bytes (Microsoft Corporation, Microsoft Protection Service Driver)
0x8699A000 C:\Windows\system32\DRIVERS\disk.sys 69632 bytes (Microsoft Corporation, PnP Disk Driver)
0x8BFD6000 C:\Windows\System32\Drivers\dump_dumpfve.sys 69632 bytes
0x86594000 C:\Windows\system32\drivers\fileinfo.sys 69632 bytes (Microsoft Corporation, FileInfo Filter Driver)
0x8BEB5000 C:\Windows\System32\Drivers\NDProxy.SYS 69632 bytes (Microsoft Corporation, NDIS Proxy)
0x8633E000 C:\Windows\System32\drivers\partmgr.sys 69632 bytes (Microsoft Corporation, Partition Management Driver)
0x860A1000 C:\Windows\system32\PSHED.dll 69632 bytes (Microsoft Corporation, Platform Specific Hardware Error Driver)
0x8AEDA000 C:\Windows\system32\drivers\termdd.sys 69632 bytes (Microsoft Corporation, Remote Desktop Server Driver)
0x8AEA8000 C:\Windows\system32\DRIVERS\vwififlt.sys 69632 bytes (Microsoft Corporation, Virtual WiFi Filter Driver)
0x869D9000 C:\Windows\system32\DRIVERS\lltdio.sys 65536 bytes (Microsoft Corporation, Link-Layer Topology Mapper I/O Driver)
0x86958000 C:\Windows\System32\Drivers\mup.sys 65536 bytes (Microsoft Corporation, Multiple UNC Provider Driver)
0x869E9000 C:\Windows\system32\DRIVERS\ndisuio.sys 65536 bytes (Microsoft Corporation, NDIS User mode I/O driver)
0x86362000 C:\Windows\system32\drivers\volmgr.sys 65536 bytes (Microsoft Corporation, Volume Manager Driver)
0xA893F000 C:\Windows\System32\DRIVERS\srenum.sys 61440 bytes
0x8C541000 C:\Windows\system32\drivers\usbehci.sys 61440 bytes (Microsoft Corporation, EHCI eUSB Miniport Driver)
0x8AF67000 C:\Windows\system32\DRIVERS\blbdrive.sys 57344 bytes (Microsoft Corporation, BLB Drive Driver)
0x8AEB9000 C:\Windows\system32\DRIVERS\netbios.sys 57344 bytes (Microsoft Corporation, NetBIOS interface driver)
0x8A7A7000 C:\Windows\System32\Drivers\Npfs.SYS 57344 bytes (Microsoft Corporation, NPFS Driver)
0x86549000 C:\Windows\system32\drivers\PCIIDEX.SYS 57344 bytes (Microsoft Corporation, PCI IDE Bus Driver Extension)
0x867D5000 C:\Windows\System32\drivers\pcw.sys 57344 bytes (Microsoft Corporation, Performance Counters for Windows Driver)
0x8BE63000 C:\Windows\system32\drivers\umbus.sys 57344 bytes (Microsoft Corporation, User-Mode Bus Enumerator)
0x862A2000 C:\Windows\system32\drivers\WDFLDR.SYS 57344 bytes (Microsoft Corporation, Kernel Mode Driver Framework Loader)
0x8C5C8000 C:\Windows\system32\drivers\CompositeBus.sys 53248 bytes (Microsoft Corporation, Multi-Transport Composite Bus Enumerator)
0x8BFA4000 C:\Windows\System32\Drivers\crashdmp.sys 53248 bytes (Microsoft Corporation, Crash Dump Driver)
0x8C568000 C:\Windows\system32\drivers\kbdclass.sys 53248 bytes (Microsoft Corporation, Keyboard Class Driver)
0x8C5B2000 C:\Windows\system32\DRIVERS\mouclass.sys 53248 bytes (Microsoft Corporation, Mouse Class Driver)
0x865ED000 C:\Windows\System32\drivers\tcpipreg.sys 53248 bytes (Microsoft Corporation, TCP/IP Registry Compatibility Driver)
0x8A777000 C:\Windows\System32\drivers\watchdog.sys 53248 bytes (Microsoft Corporation, Watchdog Driver)
0x8A730000 C:\Windows\system32\DRIVERS\avgmfx86.sys 49152 bytes (AVG Technologies CZ, s.r.o., AVG Resident Shield Minifilter Driver)
0x8AF43000 C:\Windows\System32\drivers\discache.sys 49152 bytes (Microsoft Corporation, System Indexer/Cache Driver)
0x8A7CC000 C:\Windows\system32\DRIVERS\TDI.SYS 49152 bytes (Microsoft Corporation, TDI Wrapper)
0x8A74A000 C:\Windows\System32\drivers\vga.sys 49152 bytes (Microsoft Corporation, VGA/Super VGA Video Driver)
0x86357000 C:\Windows\system32\DRIVERS\BATTC.SYS 45056 bytes (Microsoft Corporation, Battery Class Driver)
0x8BFB1000 C:\Windows\system32\DRIVERS\hidusb.sys 45056 bytes (Microsoft Corporation, USB Miniport Driver for Input Devices)
0x8AFF1000 C:\Windows\system32\DRIVERS\monitor.sys 45056 bytes (Microsoft Corporation, Monitor Driver)
0x8BE00000 C:\Windows\system32\DRIVERS\mouhid.sys 45056 bytes (Microsoft Corporation, HID Mouse Filter Driver)
0x8A79C000 C:\Windows\System32\Drivers\Msfs.SYS 45056 bytes (Microsoft Corporation, Mailslot driver)
0x8C200000 C:\Windows\system32\DRIVERS\ndistapi.sys 45056 bytes (Microsoft Corporation, NDIS 3.0 connection wrapper driver)
0x8C4EB000 C:\Windows\system32\drivers\usbuhci.sys 45056 bytes (Microsoft Corporation, UHCI USB Miniport Driver)
0x86333000 C:\Windows\system32\drivers\vdrvroot.sys 45056 bytes (Microsoft Corporation, Virtual Drive Root Enumerator)
0x8A726000 C:\Windows\system32\DRIVERS\AVGIDSFilter.Sys 40960 bytes (AVG Technologies CZ, s.r.o. , IDS Application Activity Monitor Filter Driver.)
0x8AE16000 C:\Windows\System32\drivers\Dxapi.sys 40960 bytes (Microsoft Corporation, DirectX API Driver)
0x8653F000 C:\Windows\system32\drivers\msahci.sys 40960 bytes (Microsoft Corporation, MS AHCI 1.0 Standard Driver)
0x8AF36000 C:\Windows\system32\drivers\mssmbios.sys 40960 bytes (Microsoft Corporation, System Management BIOS Driver)
0x8AF2C000 C:\Windows\system32\drivers\nsiproxy.sys 40960 bytes (Microsoft Corporation, NSI Proxy)
0xA8800000 C:\Windows\System32\Drivers\secdrv.SYS 40960 bytes (Macrovision Corporation, Macrovision Europe Limited, and Macrovision Japan and Asia K.K., Macrovision SECURITY Driver)
0x8C4C0000 C:\Windows\system32\DRIVERS\vwifibus.sys 40960 bytes (Microsoft Corporation, Virtual WiFi Bus Driver)
0x86557000 C:\Windows\system32\drivers\amdxata.sys 36864 bytes (Advanced Micro Devices, Storage Filter Driver)
0x86513000 C:\Windows\system32\drivers\atapi.sys 36864 bytes (Microsoft Corporation, ATAPI IDE Miniport Driver)
0x869D0000 C:\Windows\system32\DRIVERS\AVGIDSEH.Sys 36864 bytes (AVG Technologies CZ, s.r.o. , IDS Application Activity Monitor Helper Driver.)
0xA8957000 C:\Windows\system32\DRIVERS\AVGIDSShim.Sys 36864 bytes (AVG Technologies CZ, s.r.o. , IDS Application Activity Monitor Loader Driver.)
0x867E3000 C:\Windows\System32\Drivers\Fs_Rec.sys 36864 bytes (Microsoft Corporation, File System Recognizer Driver)
0x8BBF7000 C:\Windows\system32\DRIVERS\ndisrd.sys 36864 bytes (NT Kernel Resources, NDISRD helper driver)
0xABD1D000 C:\Windows\System32\Drivers\Normandy.SYS 36864 bytes (RKU Driver)
0x8FA70000 C:\Windows\System32\TSDDD.dll 36864 bytes (Microsoft Corporation, Framebuffer Display Driver)
0xA8936000 C:\Windows\system32\DRIVERS\vwifimp.sys 36864 bytes (Microsoft Corporation, Virtual WiFi Miniport Driver)
0x8C5BF000 C:\Windows\system32\drivers\wmiacpi.sys 36864 bytes (Microsoft Corporation, Windows Management Interface for ACPI)
0x862F8000 C:\Windows\system32\drivers\WMILIB.SYS 36864 bytes (Microsoft Corporation, WMILIB WMI support library Dll)
0x860B2000 C:\Windows\system32\BOOTVID.dll 32768 bytes (Microsoft Corporation, VGA Boot Driver)
0x8634F000 C:\Windows\system32\DRIVERS\compbatt.sys 32768 bytes (Microsoft Corporation, Composite Battery Driver)
0x86BF6000 C:\Windows\System32\drivers\hwpolicy.sys 32768 bytes (Microsoft Corporation, Hardware Policy Driver)
0x86301000 C:\Windows\system32\drivers\msisadrv.sys 32768 bytes (Microsoft Corporation, ISA Driver)
0x8A784000 C:\Windows\System32\DRIVERS\RDPCDD.sys 32768 bytes (Microsoft Corporation, RDP Miniport)
0x8A78C000 C:\Windows\system32\drivers\rdpencdd.sys 32768 bytes (Microsoft Corporation, RDP Encoder Miniport)
0x8A794000 C:\Windows\system32\drivers\rdprefmp.sys 32768 bytes (Microsoft Corporation, RDP Reflector Driver Miniport)
0x86BEE000 C:\Windows\System32\Drivers\spldr.sys 32768 bytes (Microsoft Corporation, loader for security processor)
0x8A743000 C:\Windows\System32\Drivers\Beep.SYS 28672 bytes (Microsoft Corporation, BEEP Driver)
0x8BFCF000 C:\Windows\system32\DRIVERS\HIDPARSE.SYS 28672 bytes (Microsoft Corporation, Hid Parsing Library)
0x8A73C000 C:\Windows\System32\Drivers\Null.SYS 28672 bytes (Microsoft Corporation, NULL Driver)
0x8AE82000 C:\Windows\system32\DRIVERS\wfplwf.sys 28672 bytes (Microsoft Corporation, WFP NDIS 6.20 Lightweight Filter Driver)
0x86A2D000 C:\Windows\system32\DRIVERS\avgrkx86.sys 20480 bytes (AVG Technologies CZ, s.r.o., AVG Anti-Rootkit Driver)
0x8AE12000 C:\Windows\system32\DRIVERS\CmBatt.sys 16384 bytes (Microsoft Corporation, Control Method Battery Driver)
0x8AF40000 C:\Windows\system32\DRIVERS\dvmio.sys 12288 bytes (DeviceVM, Inc., DVMIO virtual device driver)
0x8518B000 C:\Windows\system32\kdcom.dll 12288 bytes (Microsoft Corporation, Serial Kernel Debugger)
0x8C223000 C:\Windows\system32\drivers\swenum.sys 8192 bytes (Microsoft Corporation, Plug and Play Software Device Enumerator)
0x8C5B0000 C:\Windows\system32\DRIVERS\USBD.SYS 8192 bytes (Microsoft Corporation, Universal Serial Bus Driver)
==============================================
>Stealth
==============================================
0x00470000 Hidden Image-->MemeoRemoteCore.dll [ EPROCESS 0x85194770 ] PID: 164, 36864 bytes

OTL.TXT as run from Windows 7 Starter SAFE MODE:
OTL logfile created on: 5/8/2011 9:51:56 AM - Run 1
OTL by OldTimer - Version 3.2.22.3 Folder = F:\
Starter Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

1,012.00 Mb Total Physical Memory | 541.00 Mb Available Physical Memory | 53.00% Memory free
2.00 Gb Paging File | 2.00 Gb Available in Paging File | 78.00% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 218.08 Gb Total Space | 113.07 Gb Free Space | 51.85% Space Free | Partition Type: NTFS
Drive D: | 14.51 Gb Total Space | 1.47 Gb Free Space | 10.13% Space Free | Partition Type: NTFS
Drive E: | 99.18 Mb Total Space | 94.01 Mb Free Space | 94.79% Space Free | Partition Type: FAT32
Drive F: | 3.99 Gb Total Space | 3.99 Gb Free Space | 99.98% Space Free | Partition Type: FAT32

Computer Name: STEEV-NB | User Name: Steev | Logged in as Administrator.
Boot Mode: SafeMode | Scan Mode: All users
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2011/05/08 08:41:52 | 000,580,608 | ---- | M] (OldTimer Tools) -- F:\OTL.exe
PRC - [2011/02/24 22:30:54 | 002,616,320 | ---- | M] (Microsoft Corporation) -- C:\Windows\explorer.exe

========== Modules (SafeList) ==========

MOD - [2011/05/08 08:41:52 | 000,580,608 | ---- | M] (OldTimer Tools) -- F:\OTL.exe
MOD - [2010/11/20 04:55:09 | 001,680,896 | ---- | M] (Microsoft Corporation) -- C:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2\comctl32.dll

========== Win32 Services (SafeList) ==========

SRV - [2011/01/06 16:23:18 | 006,128,720 | -H-- | M] (AVG Technologies CZ, s.r.o.) [Auto | Stopped] -- C:\Program Files\AVG\AVG10\Identity Protection\Agent\Bin\AVGIDSAgent.exe -- (AVGIDSAgent)
SRV - [2010/11/03 18:17:08 | 000,654,848 | -H-- | M] (Macrovision Europe Ltd.) [On_Demand | Stopped] -- C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe -- (FLEXnet Licensing Service)
SRV - [2010/10/22 05:58:18 | 000,265,400 | -H-- | M] (AVG Technologies CZ, s.r.o.) [Auto | Stopped] -- C:\Program Files\AVG\AVG10\avgwdsvc.exe -- (avgwd)
SRV - [2010/07/28 14:36:52 | 000,246,520 | -H-- | M] (WildTangent, Inc.) [On_Demand | Stopped] -- C:\Program Files\HP Games\HP Game Console\GameConsoleService.exe -- (GameConsoleService)
SRV - [2010/06/24 14:34:52 | 000,091,456 | -H-- | M] () [Auto | Stopped] -- C:\Program Files\Motorola\MotoConnectService\MotoConnectService.exe -- (MotoConnect Service)
SRV - [2010/04/23 17:55:56 | 000,103,992 | -H-- | M] (Hewlett-Packard Company) [Auto | Stopped] -- C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWA_Service.exe -- (HP Wireless Assistant Service)
SRV - [2010/04/09 15:43:38 | 000,026,168 | -H-- | M] () [Auto | Stopped] -- C:\Program Files\Hewlett-Packard\HP Quick Launch\HPWMISVC.exe -- (HPWMISVC)
SRV - [2010/03/31 18:53:18 | 000,338,168 | -H-- | M] (DeviceVM, Inc.) [Auto | Stopped] -- C:\SwSetup\QuickWeb\QW.SYS\config\DVMExportService.exe -- (DvmMDES)
SRV - [2010/03/25 10:25:22 | 030,969,208 | -H-- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Microsoft Office\Office14\GROOVE.EXE -- (Microsoft SharePoint Workspace Audit Service)
SRV - [2010/03/18 11:19:26 | 000,113,152 | -H-- | M] (ArcSoft Inc.) [On_Demand | Stopped] -- C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACService.exe -- (ACDaemon)
SRV - [2010/02/26 03:03:00 | 000,229,458 | ---- | M] (IDT, Inc.) [Auto | Stopped] -- C:\Windows\System32\DriverStore\FileRepository\stwrt.inf_x86_neutral_0cefa6767c6211ec\stacsv.exe -- (STacSV)
SRV - [2009/11/13 12:28:04 | 000,110,592 | -H-- | M] (WDC) [Auto | Stopped] -- C:\Program Files\Western Digital\WD SmartWare\WD Drive Manager\WDDMService.exe -- (WDDMService)
SRV - [2009/10/13 10:25:30 | 000,354,840 | -H-- | M] (Intel Corporation) [Auto | Stopped] -- C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTmon.exe -- (IAANTMON) Intel®
SRV - [2009/07/13 18:15:41 | 000,680,960 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
SRV - [2009/06/16 09:58:08 | 000,020,480 | -H-- | M] (Memeo) [Auto | Stopped] -- C:\Program Files\Western Digital\WD SmartWare\Front Parlor\WDSmartWareBackgroundService.exe -- (WDSmartWareBackgroundService)
SRV - [2009/03/03 03:43:08 | 000,081,920 | ---- | M] (Andrea Electronics Corporation) [Auto | Stopped] -- C:\Windows\System32\DriverStore\FileRepository\stwrt.inf_x86_neutral_0cefa6767c6211ec\AEstSrv.exe -- (AESTFilters)

========== Driver Services (SafeList) ==========

DRV - [2011/05/01 15:41:21 | 000,058,720 | -H-- | M] () [Kernel | Auto | Stopped] -- C:\Windows\System32\drivers\srenum.sys -- (srenum)
DRV - [2011/05/01 15:34:57 | 000,020,480 | -H-- | M] (NT Kernel Resources) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\ndisrd.sys -- (ndisrd)
DRV - [2010/12/08 05:12:38 | 000,251,728 | -H-- | M] (AVG Technologies CZ, s.r.o.) [Kernel | System | Stopped] -- C:\Windows\System32\drivers\avgldx86.sys -- (Avgldx86)
DRV - [2010/11/20 03:24:41 | 000,052,224 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\TsUsbFlt.sys -- (TsUsbFlt)
DRV - [2010/11/20 02:59:44 | 000,035,968 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\winusb.sys -- (WinUsb)
DRV - [2010/11/12 14:19:38 | 000,299,984 | -H-- | M] (AVG Technologies CZ, s.r.o.) [Kernel | System | Stopped] -- C:\Windows\System32\drivers\avgtdix.sys -- (Avgtdix)
DRV - [2010/09/13 16:27:54 | 000,025,680 | -H-- | M] (AVG Technologies CZ, s.r.o. ) [Kernel | Boot | Running] -- C:\Windows\system32\DRIVERS\AVGIDSEH.Sys -- (AVGIDSEH)
DRV - [2010/09/07 04:48:56 | 000,034,384 | -H-- | M] (AVG Technologies CZ, s.r.o.) [File_System | System | Stopped] -- C:\Windows\System32\drivers\avgmfx86.sys -- (Avgmfx86)
DRV - [2010/09/07 04:48:50 | 000,026,064 | -H-- | M] (AVG Technologies CZ, s.r.o.) [File_System | Boot | Running] -- C:\Windows\system32\DRIVERS\avgrkx86.sys -- (Avgrkx86)
DRV - [2010/08/19 21:42:38 | 000,123,472 | -H-- | M] (AVG Technologies CZ, s.r.o. ) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\AVGIDSDriver.sys -- (AVGIDSDriver)
DRV - [2010/08/19 21:42:38 | 000,030,288 | -H-- | M] (AVG Technologies CZ, s.r.o. ) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\AVGIDSFilter.sys -- (AVGIDSFilter)
DRV - [2010/08/19 21:42:36 | 000,021,072 | -H-- | M] (AVG Technologies CZ, s.r.o. ) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\AVGIDSShim.sys -- (AVGIDSShim)
DRV - [2010/07/12 14:49:18 | 000,060,104 | -H-- | M] (FTDI Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\ftdibus.sys -- (FTDIBUS)
DRV - [2010/07/12 14:48:56 | 000,073,032 | -H-- | M] (FTDI Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\ftser2k.sys -- (FTSER2K)
DRV - [2010/06/22 04:30:14 | 000,116,224 | -H-- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\BRCMHD32.sys -- (BRCMDECO)
DRV - [2010/02/26 03:03:00 | 000,423,424 | -H-- | M] (IDT, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\stwrt.sys -- (STHDA)
DRV - [2010/02/08 22:57:16 | 000,186,912 | -H-- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\RtsUStor.sys -- (RSUSBSTOR)
DRV - [2009/11/11 13:09:22 | 000,018,136 | -H-- | M] (DeviceVM, Inc.) [Kernel | System | Stopped] -- C:\Windows\System32\drivers\dvmio.sys -- (DVMIO)
DRV - [2009/10/27 12:02:14 | 000,023,936 | -H-- | M] (Motorola) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\motmodem.sys -- (motmodem)
DRV - [2009/07/13 16:52:10 | 000,014,336 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\vwifimp.sys -- (vwifimp)
DRV - [2009/07/13 15:02:53 | 000,311,296 | -H-- | M] (Marvell) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\yk62x86.sys -- (yukonw7)
DRV - [2009/07/13 15:02:51 | 004,231,168 | -H-- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\netw5v32.sys -- (netw5v32) Intel®
DRV - [2009/06/03 16:17:14 | 000,131,584 | -H-- | M] () [Kernel | System | Stopped] -- C:\Windows\System32\drivers\ArcHlp.sys -- (archlp)
DRV - [2009/02/13 12:02:52 | 000,011,520 | -H-- | M] (Western Digital Technologies) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\wdcsam.sys -- (WDC_SAM)
DRV - [2007/07/16 14:29:43 | 000,020,504 | -H-- | M] (Hewlett Packard) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\hpfxfax.sys -- (HPFXFAX)
DRV - [2007/07/16 14:29:33 | 000,017,432 | -H-- | M] (Hewlett Packard) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\hpfxbulk.sys -- (HPFXBULK)

========== Standard Registry (SafeList) ==========

========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://g.msn.com/HPNOT/1

IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-21-2769440373-2176610137-4011517129-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.bing.com/?pc=ZUGO&form=ZGAPHP
IE - HKU\S-1-5-21-2769440373-2176610137-4011517129-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Restore = http://www.yahoo.com/
IE - HKU\S-1-5-21-2769440373-2176610137-4011517129-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

FF - HKLM\software\mozilla\Firefox\Extensions\\msntoolbar@msn.com: C:\Program Files\MSN Toolbar\Platform\4.0.0369.0\Firefox [2010/06/10 10:54:55 | 000,000,000 | -H-D | M]
FF - HKLM\software\mozilla\Firefox\Extensions\\{27182e60-b5f3-411c-b545-b44205977502}: C:\Program Files\Microsoft\Search Enhancement Pack\Search Helper\firefoxextension\SearchHelperExtension\ [2010/06/10 10:54:57 | 000,000,000 | -H-D | M]
FF - HKLM\software\mozilla\Firefox\Extensions\\{1E73965B-8B48-48be-9C8D-68B920ABC1C4}: C:\Program Files\AVG\AVG10\Firefox4\ [2011/04/01 14:35:28 | 000,000,000 | -H-D | M]

Hosts file not found
O2 - BHO: (AVG Safe Search) - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG10\avgssie.dll (AVG Technologies CZ, s.r.o.)
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - No CLSID value found.
O2 - BHO: (Groove GFS Browser Helper) - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files\Microsoft Office\Office14\GROOVEEX.DLL (Microsoft Corporation)
O2 - BHO: (Search Toolbar) - {9D425283-D487-4337-BAB6-AB8354A81457} - C:\Program Files\Search Toolbar\SearchToolbar.dll ()
O2 - BHO: (Adobe PDF Conversion Toolbar Helper) - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O2 - BHO: (Office Document Cache Handler) - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation)
O3 - HKLM\..\Toolbar: (Adobe PDF) - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O3 - HKLM\..\Toolbar: (Search Toolbar) - {9D425283-D487-4337-BAB6-AB8354A81457} - C:\Program Files\Search Toolbar\SearchToolbar.dll ()
O3 - HKU\S-1-5-21-2769440373-2176610137-4011517129-1000\..\Toolbar\WebBrowser: (Adobe PDF) - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O4 - HKLM..\Run: [] File not found
O4 - HKLM..\Run: [Acrobat Assistant 8.0] C:\Program Files\Adobe\Acrobat 8.0\Acrobat\Acrotray.exe (Adobe Systems Inc.)
O4 - HKLM..\Run: [AVG_TRAY] C:\Program Files\AVG\AVG10\avgtray.exe (AVG Technologies CZ, s.r.o.)
O4 - HKLM..\Run: [BCSSync] C:\Program Files\Microsoft Office\Office14\BCSSync.exe (Microsoft Corporation)
O4 - HKLM..\Run: [cftmon] C:\Windows\System32\dafr.exe (vuoopjgqkoybrxsctdvw)
O4 - HKLM..\Run: [DTRun] C:\Program Files\ArcSoft\TotalMedia Theatre 3\uDTRun.exe (ArcSoft Inc.)
O4 - HKLM..\Run: [HP Color LaserJet CM2320 MFP Series Fax] C:\Program Files\HP\HP Color LaserJet CM2320 MFP Series\hppfaxprintersrv.exe (Hewlett-Packard Company)
O4 - HKLM..\Run: [HP Quick Launch] C:\Program Files\Hewlett-Packard\HP Quick Launch\HPMSGSVC.exe (Hewlett-Packard Company)
O4 - HKLM..\Run: [HPUsageTracking] C:\Program Files\HP\HP UT\bin\hppusg.exe (Hewlett-Packard Company)
O4 - HKLM..\Run: [HPWirelessAssistant] C:\Program Files\Hewlett-Packard\HP Wireless Assistant\DelayedAppStarter.exe ()
O4 - HKLM..\Run: [IAAnotif] C:\Program Files\Intel\Intel Matrix Storage Manager\IAAnotif.exe (Intel Corporation)
O4 - HKLM..\Run: [Lviehfngpqg] File not found
O4 - HKLM..\Run: [SysTrayApp] C:\Program Files\IDT\WDM\sttray.exe (IDT, Inc.)
O4 - HKLM..\Run: [ZumoDrive] C:\Program Files\Hewlett-Packard\HP CloudDrive\ZumoLauncher.lnk ()
O4 - HKU\S-1-5-21-2769440373-2176610137-4011517129-1000..\Run: [12CFG214-K641-12SF-N85P] C:\RECYCLER\S-1-5-21-0243936033-3052116371-381863308-1811\vsbntlo.exe ()
O4 - HKU\S-1-5-21-2769440373-2176610137-4011517129-1000..\Run: [506E7F4A_0] File not found
O4 - HKU\S-1-5-21-2769440373-2176610137-4011517129-1000..\Run: [engel] File not found
O4 - HKU\S-1-5-21-2769440373-2176610137-4011517129-1000..\Run: [fhFLtreUvTGXnKC] C:\ProgramData\fhFLtreUvTGXnKC.exe (WinTrust)
O4 - HKU\S-1-5-21-2769440373-2176610137-4011517129-1000..\Run: [Lfodupadewiyohup] C:\Users\Steev\AppData\Local\mgesyp.dll (ArcSoft Inc.)
O4 - HKU\S-1-5-21-2769440373-2176610137-4011517129-1000..\Run: [Lviehfngpqg] File not found
O4 - HKU\S-1-5-21-2769440373-2176610137-4011517129-1000..\Run: [Zxjejd] File not found
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLUA = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: PromptOnSecureDesktop = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: DisableTaskMgr = 1
O7 - HKU\.DEFAULT\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-18\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-19\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-20\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-21-2769440373-2176610137-4011517129-1000\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-21-2769440373-2176610137-4011517129-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: DisableTaskMgr = 1
O7 - HKU\S-1-5-21-2769440373-2176610137-4011517129-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: DisableRegistryTools = 1
O8 - Extra context menu item: Append to existing PDF - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Convert link target to Adobe PDF - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Convert link target to existing PDF - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Convert selected links to Adobe PDF - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Convert selected links to existing PDF - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Convert selection to Adobe PDF - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Convert selection to existing PDF - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Convert to Adobe PDF - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: E&xport to Microsoft Excel - C:\Program Files\Microsoft Office\Office14\EXCEL.EXE (Microsoft Corporation)
O8 - Extra context menu item: Se&nd to OneNote - C:\Program Files\Microsoft Office\Office14\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra Button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office\Office14\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : Se&nd to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office\Office14\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra Button: OneNote Lin&ked Notes - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files\Microsoft Office\Office14\ONBttnIELinkedNotes.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : OneNote Lin&ked Notes - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files\Microsoft Office\Office14\ONBttnIELinkedNotes.dll (Microsoft Corporation)
O16 - DPF: {6F15128C-E66A-490C-B848-5000B5ABEEAC} https://h20436.www2.hp.com/ediags/dex/secure/HPDEXAXO.cab (HP Download Manager)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cab (Java Plug-in 1.6.0_24)
O16 - DPF: {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cab (Java Plug-in 1.6.0_24)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cab (Java Plug-in 1.6.0_24)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.0.1
O18 - Protocol\Handler\linkscanner {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG10\avgpp.dll (AVG Technologies CZ, s.r.o.)
O20 - AppInit_DLLs: (C:\Windows\System32) - C:\Windows\System32 [2011/05/08 09:48:24 | 000,000,000 | -H-D | M]
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\System32\SystemPropertiesPerformance.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (/pagefile) - File not found
O28 - HKLM ShellExecuteHooks: {AEB6717E-7E19-11d0-97EE-00C04FD91972} - Reg Error: Key error. File not found
O28 - HKLM ShellExecuteHooks: {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\Program Files\Microsoft Office\Office14\GROOVEEX.DLL (Microsoft Corporation)
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2009/06/10 14:42:20 | 000,000,024 | -H-- | M] () - C:\autoexec.bat -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O34 - HKLM BootExecute: (C:\PROGRA~1\AVG\AVG10\avgchsvx.exe /sync) - C:\Program Files\AVG\AVG10\avgchsvx.exe (AVG Technologies CZ, s.r.o.)
O34 - HKLM BootExecute: (C:\PROGRA~1\AVG\AVG10\avgrsx.exe /sync /restart) - C:\Program Files\AVG\AVG10\avgrsx.exe (AVG Technologies CZ, s.r.o.)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = ComFile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

========== Files/Folders - Created Within 30 Days ==========

[2011/05/08 08:53:12 | 000,580,608 | -H-- | C] (OldTimer Tools) -- C:\Users\Steev\Desktop\OTL.exe
[2011/05/01 17:01:40 | 000,000,000 | -H-D | C] -- C:\32788R22FWJFW
[2011/05/01 16:07:37 | 000,000,000 | -H-D | C] -- C:\Windows\Minidump
[2011/05/01 15:46:52 | 000,000,000 | -H-D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows Recovery
[2011/05/01 15:46:51 | 000,000,000 | -H-D | C] -- C:\Users\Steev\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Windows Recovery
[2011/05/01 15:36:32 | 000,385,024 | -H-- | C] (vuoopjgqkoybrxsctdvw) -- C:\Windows\System32\dafr.exe
[2011/05/01 15:35:53 | 000,000,000 | -H-D | C] -- C:\RECYCLER
[2011/05/01 15:35:50 | 000,000,000 | -H-D | C] -- C:\Users\Steev\AppData\Roaming\engel
[2011/05/01 15:34:57 | 000,520,704 | -H-- | C] (WinTrust) -- C:\ProgramData\fhFLtreUvTGXnKC.exe
[2011/05/01 15:34:57 | 000,020,480 | -H-- | C] (NT Kernel Resources) -- C:\Windows\System32\drivers\ndisrd.sys
[2011/05/01 15:34:56 | 000,000,000 | -H-D | C] -- C:\Program Files\Search Toolbar
[2011/04/30 20:56:21 | 000,000,000 | -H-D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Mouse
[2011/04/30 20:55:38 | 000,000,000 | -H-D | C] -- C:\Program Files\Microsoft IntelliPoint
[2011/04/30 20:04:14 | 000,870,912 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\XpsPrint.dll
[2011/04/30 20:04:12 | 002,616,320 | ---- | C] (Microsoft Corporation) -- C:\Windows\explorer.exe
[2011/04/22 18:02:36 | 000,028,672 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\dnscacheugc.exe
[2011/04/22 18:02:35 | 000,294,912 | ---- | C] (Adobe Systems Incorporated) -- C:\Windows\System32\atmfd.dll
[2011/04/22 18:02:35 | 000,034,304 | ---- | C] (Adobe Systems) -- C:\Windows\System32\atmlib.dll
[2011/04/22 18:02:34 | 002,333,184 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\win32k.sys
[2011/04/22 18:02:32 | 000,191,488 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\FXSCOVER.exe
[2011/04/22 18:02:31 | 000,288,256 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\XpsGdiConverter.dll
[2011/04/22 18:02:28 | 001,164,288 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mfc42u.dll
[2011/04/22 18:02:28 | 001,137,664 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mfc42.dll
[2011/04/08 23:02:04 | 000,390,656 | -H-- | C] (Microsoft Corporation) -- C:\Windows\System32\ipcoin815.dll
[2011/04/08 14:07:08 | 000,000,000 | -H-D | C] -- C:\Users\Public\Documents\HP
[2011/04/08 14:06:49 | 000,013,929 | -H-- | C] (Hewlett-Packard Company) -- C:\Windows\System32\hppfaxprintermon5.dll
[2011/04/08 14:06:49 | 000,009,451 | -H-- | C] (Hewlett-Packard Company) -- C:\Windows\System32\hppfaxprintermonui5.dll
[2011/04/08 13:25:23 | 000,161,280 | -H-- | C] (Hewlett-Packard Corporation) -- C:\Windows\System32\hpcpn093.dll
[2011/04/08 13:25:22 | 000,059,928 | -H-- | C] (Hewlett-Packard) -- C:\Windows\System32\fxcompchannel.dll
[2011/04/08 13:23:42 | 000,000,000 | -H-D | C] -- C:\Config.Msi
[2011/04/08 13:20:58 | 000,026,136 | -H-- | C] (Hewlett Packard) -- C:\Windows\System32\drivers\hpfxgen.sys
[2011/04/08 13:20:58 | 000,020,504 | -H-- | C] (Hewlett Packard) -- C:\Windows\System32\drivers\hpfxfax.sys
[2011/04/08 13:20:58 | 000,017,432 | -H-- | C] (Hewlett Packard) -- C:\Windows\System32\drivers\hpfxbulk.sys
[2011/04/08 13:20:56 | 000,770,048 | -H-- | C] (Hewlett-Packard) -- C:\Windows\System32\hpptsp05.dll
[2011/04/08 13:20:56 | 000,761,856 | -H-- | C] (Hewlett-Packard) -- C:\Windows\System32\hpxp2320.dll
[2011/04/08 13:20:56 | 000,450,560 | -H-- | C] (Hewlett-Packard) -- C:\Windows\System32\hppasc12.dll
[2011/04/08 13:20:56 | 000,331,776 | -H-- | C] (Hewlett-Packard) -- C:\Windows\System32\hppcpr12.dll
[2011/04/08 13:20:56 | 000,188,416 | -H-- | C] (Hewlett Packard) -- C:\Windows\System32\hppcew12.dll
[2011/04/08 13:20:55 | 000,188,416 | -H-- | C] (Hewlett Packard) -- C:\Windows\System32\hppafx12.dll
[2011/04/08 13:20:55 | 000,059,928 | -H-- | C] (Hewlett-Packard) -- C:\Windows\System32\fxfaxchannel.dll
[2011/04/08 13:18:58 | 000,000,000 | -H-D | C] -- C:\CM_2320_Full_Solution_Win7_3_1_AM-EMEA1
[2011/04/08 13:09:36 | 000,000,000 | -H-D | C] -- C:\ProgramData\HP
[2011/04/08 13:08:31 | 000,000,000 | -H-D | C] -- C:\Program Files\Common Files\SWF Studio
[2011/04/08 13:06:14 | 000,000,000 | -H-D | C] -- C:\HP_CM2320_series_full_solution_v3.0_AM-EMEA
[2011/04/08 10:51:58 | 000,161,792 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msls31.dll
[2011/04/08 10:51:58 | 000,074,752 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\RegisterIEPKEYs.exe
[2011/04/08 10:51:58 | 000,065,024 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\jsproxy.dll
[2011/04/08 10:51:57 | 000,162,304 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msrating.dll
[2011/04/08 10:51:57 | 000,110,592 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\IEAdvpack.dll
[2011/04/08 10:51:57 | 000,041,472 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msfeedsbs.dll
[2011/04/08 10:51:57 | 000,010,752 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msfeedssync.exe
[2011/04/08 10:51:56 | 000,176,640 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieui.dll
[2011/04/08 10:51:56 | 000,130,560 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieakeng.dll
[2011/04/08 10:51:56 | 000,086,528 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iesysprep.dll
[2011/04/08 10:51:56 | 000,076,800 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\SetIEInstalledDate.exe
[2011/04/08 10:51:56 | 000,048,640 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mshtmler.dll
[2011/04/08 10:51:55 | 000,367,104 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\html.iec
[2011/04/08 10:51:55 | 000,353,792 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\dxtmsft.dll
[2011/04/08 10:51:55 | 000,223,232 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\dxtrans.dll
[2011/04/08 10:51:54 | 003,695,416 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieapfltr.dat
[2011/04/08 10:51:54 | 000,434,176 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieapfltr.dll
[2011/04/08 10:51:54 | 000,353,584 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iedkcs32.dll
[2011/04/08 10:51:54 | 000,231,936 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\url.dll
[2011/04/08 10:51:54 | 000,074,752 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iesetup.dll
[2011/04/08 10:51:54 | 000,074,240 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ie4uinit.exe
[2011/04/08 10:51:54 | 000,031,744 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iernonce.dll
[2011/04/08 10:51:53 | 001,427,456 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\inetcpl.cpl
[2011/04/08 10:51:53 | 000,078,848 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\inseng.dll
[2011/04/08 10:51:53 | 000,023,552 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\licmgr10.dll
[2011/04/08 10:51:52 | 000,580,608 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msfeeds.dll
[2011/04/08 10:51:52 | 000,152,064 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wextract.exe
[2011/04/08 10:51:52 | 000,150,528 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iexpress.exe
[2011/04/08 10:51:51 | 002,382,848 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mshtml.tlb
[2011/04/08 10:51:51 | 000,420,864 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\vbscript.dll
[2011/04/08 10:51:51 | 000,142,848 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieUnatt.exe
[2011/04/08 10:51:51 | 000,054,272 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\pngfilt.dll
[2011/04/08 10:51:50 | 001,797,632 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\jscript9.dll
[2011/04/08 10:51:50 | 000,716,800 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\jscript.dll
[2011/04/08 10:51:50 | 000,227,840 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieaksie.dll
[2011/04/08 10:51:50 | 000,163,840 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieakui.dll
[2011/04/08 10:51:50 | 000,101,888 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\admparse.dll
[2011/04/08 10:51:49 | 000,118,784 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iepeers.dll
[2011/04/08 10:51:49 | 000,035,840 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\imgutil.dll
[2011/03/03 12:27:10 | 000,122,880 | -H-- | C] (ArcSoft Inc.) -- C:\Users\Steev\AppData\Local\mgesyp.dll
[3 C:\Users\Steev\AppData\Roaming\*.tmp files -> C:\Users\Steev\AppData\Roaming\*.tmp -> ]
[1 C:\Windows\System32\*.tmp files -> C:\Windows\System32\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2011/05/08 09:51:46 | 000,034,560 | ---- | M] () -- C:\Windows\System32\drivers\Normandy.sys
[2011/05/08 09:50:48 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2011/05/08 09:50:43 | 796,020,736 | -HS- | M] () -- C:\hiberfil.sys
[2011/05/08 09:50:41 | 226,552,569 | ---- | M] () -- C:\Windows\MEMORY.DMP
[2011/05/08 09:26:39 | 000,000,908 | -H-- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-2769440373-2176610137-4011517129-1000UA.job
[2011/05/08 09:26:07 | 000,014,128 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2011/05/08 09:26:07 | 000,014,128 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2011/05/08 08:41:52 | 000,580,608 | -H-- | M] (OldTimer Tools) -- C:\Users\Steev\Desktop\OTL.exe
[2011/05/08 08:41:44 | 000,133,632 | -H-- | M] () -- C:\Users\Steev\Desktop\RKUnhookerLE.EXE
[2011/05/01 18:01:13 | 000,000,000 | -H-- | M] () -- C:\Users\Steev\defogger_reenable
[2011/05/01 17:27:04 | 000,624,178 | -H-- | M] () -- C:\Windows\System32\perfh009.dat
[2011/05/01 17:27:04 | 000,106,522 | -H-- | M] () -- C:\Windows\System32\perfc009.dat
[2011/05/01 15:46:52 | 000,000,631 | -H-- | M] () -- C:\Users\Steev\Desktop\Windows Recovery.lnk
[2011/05/01 15:44:42 | 000,000,336 | -H-- | M] () -- C:\ProgramData\36822792
[2011/05/01 15:44:34 | 000,444,416 | -H-- | M] () -- C:\ProgramData\36822792.exe
[2011/05/01 15:41:21 | 000,058,720 | -H-- | M] () -- C:\Windows\System32\drivers\srenum.sys
[2011/05/01 15:41:21 | 000,004,128 | -H-- | M] () -- C:\Windows\System32\msrun.exe
[2011/05/01 15:37:28 | 000,001,608 | -H-- | M] () -- C:\Users\Steev\AppData\Roaming\7BBE.808
[2011/05/01 15:36:56 | 000,000,093 | -H-- | M] () -- C:\Windows\System32\winset.ini
[2011/05/01 15:36:32 | 000,385,024 | -H-- | M] (vuoopjgqkoybrxsctdvw) -- C:\Windows\System32\dafr.exe
[2011/05/01 15:36:21 | 000,050,000 | -H-- | M] () -- C:\Windows\System32\ww1waf.dll
[2011/05/01 15:34:57 | 000,020,480 | -H-- | M] (NT Kernel Resources) -- C:\Windows\System32\drivers\ndisrd.sys
[2011/05/01 15:34:54 | 000,520,704 | -H-- | M] (WinTrust) -- C:\ProgramData\fhFLtreUvTGXnKC.exe
[2011/05/01 09:14:04 | 113,882,525 | -H-- | M] () -- C:\Windows\System32\drivers\Avg\incavi.avm
[2011/05/01 07:33:17 | 000,000,856 | -H-- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-2769440373-2176610137-4011517129-1000Core.job
[2011/04/30 22:12:38 | 000,002,363 | -H-- | M] () -- C:\Users\Steev\Desktop\Google Chrome.lnk
[2011/04/30 21:50:34 | 000,474,208 | -H-- | M] () -- C:\Windows\System32\FNTCACHE.DAT
[2011/04/29 12:45:36 | 000,301,568 | -H-- | M] () -- C:\Users\Steev\Desktop\gmer.exe
[2011/04/08 23:02:04 | 000,390,656 | -H-- | M] (Microsoft Corporation) -- C:\Windows\System32\ipcoin815.dll
[2011/04/08 14:08:50 | 000,176,747 | -H-- | M] () -- C:\Windows\hppins12.dat
[2011/04/08 14:06:46 | 000,000,608 | -HS- | M] () -- C:\Windows\System32\winzvprt5.sys
[2011/04/08 14:06:46 | 000,000,222 | -H-- | M] () -- C:\Windows\System32\hppfaxprinter5.ini
[2011/04/08 13:29:27 | 000,000,987 | -H-- | M] () -- C:\Windows\hpntwksetup.ini
[2011/04/08 10:53:40 | 000,001,411 | -H-- | M] () -- C:\Users\Steev\Application Data\Microsoft\Internet Explorer\Quick Launch\Launch Internet Explorer Browser.lnk
[2011/04/08 10:51:58 | 000,161,792 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\msls31.dll
[2011/04/08 10:51:58 | 000,074,752 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\RegisterIEPKEYs.exe
[2011/04/08 10:51:58 | 000,065,024 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\jsproxy.dll
[2011/04/08 10:51:57 | 000,162,304 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\msrating.dll
[2011/04/08 10:51:57 | 000,110,592 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\IEAdvpack.dll
[2011/04/08 10:51:57 | 000,041,472 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\msfeedsbs.dll
[2011/04/08 10:51:57 | 000,010,752 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\msfeedssync.exe
[2011/04/08 10:51:56 | 000,176,640 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\ieui.dll
[2011/04/08 10:51:56 | 000,130,560 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\ieakeng.dll
[2011/04/08 10:51:56 | 000,086,528 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\iesysprep.dll
[2011/04/08 10:51:56 | 000,076,800 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\SetIEInstalledDate.exe
[2011/04/08 10:51:56 | 000,048,640 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\mshtmler.dll
[2011/04/08 10:51:55 | 003,695,416 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\ieapfltr.dat
[2011/04/08 10:51:55 | 000,367,104 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\html.iec
[2011/04/08 10:51:55 | 000,353,792 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\dxtmsft.dll
[2011/04/08 10:51:55 | 000,223,232 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\dxtrans.dll
[2011/04/08 10:51:54 | 000,434,176 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\ieapfltr.dll
[2011/04/08 10:51:54 | 000,353,584 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\iedkcs32.dll
[2011/04/08 10:51:54 | 000,231,936 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\url.dll
[2011/04/08 10:51:54 | 000,074,752 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\iesetup.dll
[2011/04/08 10:51:54 | 000,074,240 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\ie4uinit.exe
[2011/04/08 10:51:54 | 000,072,822 | ---- | M] () -- C:\Windows\System32\ieuinit.inf
[2011/04/08 10:51:54 | 000,031,744 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\iernonce.dll
[2011/04/08 10:51:53 | 001,427,456 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\inetcpl.cpl
[2011/04/08 10:51:53 | 000,078,848 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\inseng.dll
[2011/04/08 10:51:53 | 000,023,552 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\licmgr10.dll
[2011/04/08 10:51:52 | 000,580,608 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\msfeeds.dll
[2011/04/08 10:51:52 | 000,152,064 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\wextract.exe
[2011/04/08 10:51:52 | 000,150,528 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\iexpress.exe
[2011/04/08 10:51:51 | 002,382,848 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\mshtml.tlb
[2011/04/08 10:51:51 | 000,420,864 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\vbscript.dll
[2011/04/08 10:51:51 | 000,142,848 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\ieUnatt.exe
[2011/04/08 10:51:51 | 000,054,272 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\pngfilt.dll
[2011/04/08 10:51:50 | 001,797,632 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\jscript9.dll
[2011/04/08 10:51:50 | 000,716,800 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\jscript.dll
[2011/04/08 10:51:50 | 000,227,840 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\ieaksie.dll
[2011/04/08 10:51:50 | 000,163,840 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\ieakui.dll
[2011/04/08 10:51:50 | 000,101,888 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\admparse.dll
[2011/04/08 10:51:49 | 000,118,784 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\iepeers.dll
[2011/04/08 10:51:49 | 000,035,840 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\imgutil.dll
[2011/04/08 10:21:15 | 000,000,320 | -H-- | M] () -- C:\Windows\tasks\HPCeeScheduleForSteev.job
[3 C:\Users\Steev\AppData\Roaming\*.tmp files -> C:\Users\Steev\AppData\Roaming\*.tmp -> ]
[1 C:\Windows\System32\*.tmp files -> C:\Windows\System32\*.tmp -> ]

========== Files Created - No Company Name ==========

[2011/05/08 09:51:46 | 000,034,560 | ---- | C] () -- C:\Windows\System32\drivers\Normandy.sys
[2011/05/08 08:53:15 | 000,133,632 | -H-- | C] () -- C:\Users\Steev\Desktop\RKUnhookerLE.EXE
[2011/05/01 18:18:05 | 000,301,568 | -H-- | C] () -- C:\Users\Steev\Desktop\gmer.exe
[2011/05/01 18:01:13 | 000,000,000 | -H-- | C] () -- C:\Users\Steev\defogger_reenable
[2011/05/01 16:07:32 | 226,552,569 | ---- | C] () -- C:\Windows\MEMORY.DMP
[2011/05/01 15:46:52 | 000,000,631 | -H-- | C] () -- C:\Users\Steev\Desktop\Windows Recovery.lnk
[2011/05/01 15:44:42 | 000,000,336 | -H-- | C] () -- C:\ProgramData\36822792
[2011/05/01 15:44:34 | 000,444,416 | -H-- | C] () -- C:\ProgramData\36822792.exe
[2011/05/01 15:41:21 | 000,058,720 | -H-- | C] () -- C:\Windows\System32\drivers\srenum.sys
[2011/05/01 15:41:21 | 000,004,128 | -H-- | C] () -- C:\Windows\System32\msrun.exe
[2011/05/01 15:36:35 | 000,001,608 | -H-- | C] () -- C:\Users\Steev\AppData\Roaming\7BBE.808
[2011/05/01 15:36:31 | 000,000,093 | -H-- | C] () -- C:\Windows\System32\winset.ini
[2011/05/01 15:36:21 | 000,050,000 | -H-- | C] () -- C:\Windows\System32\ww1waf.dll
[2011/04/08 14:06:46 | 000,000,222 | -H-- | C] () -- C:\Windows\System32\hppfaxprinter5.ini
[2011/04/08 13:57:01 | 000,176,747 | -H-- | C] () -- C:\Windows\hppins12.dat
[2011/04/08 13:57:00 | 000,007,855 | -H-- | C] () -- C:\Windows\hppmdl12.dat
[2011/04/08 13:33:58 | 000,000,608 | -HS- | C] () -- C:\Windows\System32\winzvprt5.sys
[2011/04/08 13:27:01 | 000,000,987 | -H-- | C] () -- C:\Windows\hpntwksetup.ini
[2011/04/08 13:20:25 | 000,003,212 | -H-- | C] () -- C:\Windows\System32\hppls2320.spf
[2011/04/08 13:20:24 | 000,000,665 | -H-- | C] () -- C:\Windows\System32\hppapr12.dat
[2011/04/08 10:51:54 | 000,072,822 | ---- | C] () -- C:\Windows\System32\ieuinit.inf
[2011/01/27 15:11:26 | 000,000,020 | -H-- | C] () -- C:\Windows\System32\AVGRSSTX.DLL
[2010/08/10 22:54:03 | 000,000,016 | -H-- | C] () -- C:\Windows\popcinfo.dat
[2010/08/07 21:52:06 | 000,256,512 | -H-- | C] () -- C:\Windows\PEV.exe
[2010/08/07 21:52:06 | 000,098,816 | -H-- | C] () -- C:\Windows\sed.exe
[2010/08/07 21:52:06 | 000,080,412 | -H-- | C] () -- C:\Windows\grep.exe
[2010/08/07 21:52:06 | 000,077,312 | -H-- | C] () -- C:\Windows\MBR.exe
[2010/08/07 21:52:06 | 000,068,096 | -H-- | C] () -- C:\Windows\zip.exe
[2010/08/06 19:05:52 | 000,168,448 | -H-- | C] () -- C:\Windows\System32\unrar.dll
[2010/08/06 19:05:51 | 000,000,038 | -H-- | C] () -- C:\Windows\avisplitter.ini
[2010/08/06 19:05:46 | 000,881,664 | -H-- | C] () -- C:\Windows\System32\xvidcore.dll
[2010/08/06 19:05:45 | 003,596,288 | -H-- | C] () -- C:\Windows\System32\qt-dx331.dll
[2010/08/06 19:05:45 | 000,205,824 | -H-- | C] () -- C:\Windows\System32\xvidvfw.dll
[2010/08/06 19:05:40 | 000,085,504 | -H-- | C] () -- C:\Windows\System32\ff_vfw.dll
[2010/06/22 04:30:08 | 000,864,276 | RH-- | C] () -- C:\Windows\System32\drivers\bcm70015fw.bin
[2010/06/22 04:30:04 | 002,786,404 | RH-- | C] () -- C:\Windows\System32\drivers\bcm70012fw.bin
[2010/06/10 10:47:05 | 000,006,656 | -H-- | C] () -- C:\Windows\System32\bcmwlrc.dll
[2010/06/10 10:38:29 | 000,073,728 | -H-- | C] () -- C:\Windows\System32\RtNicProp32.dll
[2010/06/10 10:36:41 | 000,000,276 | -H-- | C] () -- C:\Windows\System32\RStoneLog2.ini
[2010/06/10 10:36:41 | 000,000,217 | -H-- | C] () -- C:\Windows\System32\RStoneLog.ini
[2010/05/12 22:47:33 | 000,000,188 | -H-- | C] () -- C:\Windows\System32\HPWA.ini
[2009/07/13 21:57:37 | 000,067,584 | --S- | C] () -- C:\Windows\bootstat.dat
[2009/07/13 21:33:53 | 000,474,208 | -H-- | C] () -- C:\Windows\System32\FNTCACHE.DAT
[2009/07/13 19:05:48 | 000,624,178 | -H-- | C] () -- C:\Windows\System32\perfh009.dat
[2009/07/13 19:05:48 | 000,291,294 | -H-- | C] () -- C:\Windows\System32\perfi009.dat
[2009/07/13 19:05:48 | 000,106,522 | -H-- | C] () -- C:\Windows\System32\perfc009.dat
[2009/07/13 19:05:48 | 000,031,548 | -H-- | C] () -- C:\Windows\System32\perfd009.dat
[2009/07/13 19:05:05 | 000,000,741 | -H-- | C] () -- C:\Windows\System32\NOISE.DAT
[2009/07/13 19:04:11 | 000,215,943 | -H-- | C] () -- C:\Windows\System32\dssec.dat
[2009/07/13 16:55:01 | 000,043,131 | ---- | C] () -- C:\Windows\mib.bin
[2009/07/13 16:51:43 | 000,073,728 | ---- | C] () -- C:\Windows\System32\BthpanContextHandler.dll
[2009/07/13 16:42:10 | 000,064,000 | ---- | C] () -- C:\Windows\System32\BWContextHandler.dll
[2009/07/13 15:09:19 | 001,498,564 | -H-- | C] () -- C:\Windows\System32\igkrng400.bin
[2009/07/09 21:03:56 | 000,370,312 | -H-- | C] () -- C:\Windows\System32\sqlite3.dll
[2009/06/10 14:26:10 | 000,673,088 | ---- | C] () -- C:\Windows\System32\mlang.dat
[2009/06/03 16:17:14 | 000,131,584 | -H-- | C] () -- C:\Windows\System32\drivers\ArcHlp.sys
[2007/03/16 17:00:00 | 000,003,403 | -H-- | C] () -- C:\Windows\System32\hptcpmon.ini

< End of report >

Extras.txt as run from Windows 7 SAFE MODE:

OTL Extras logfile created on: 5/8/2011 9:51:56 AM - Run 1
OTL by OldTimer - Version 3.2.22.3 Folder = F:\
Starter Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

1,012.00 Mb Total Physical Memory | 541.00 Mb Available Physical Memory | 53.00% Memory free
2.00 Gb Paging File | 2.00 Gb Available in Paging File | 78.00% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 218.08 Gb Total Space | 113.07 Gb Free Space | 51.85% Space Free | Partition Type: NTFS
Drive D: | 14.51 Gb Total Space | 1.47 Gb Free Space | 10.13% Space Free | Partition Type: NTFS
Drive E: | 99.18 Mb Total Space | 94.01 Mb Free Space | 94.79% Space Free | Partition Type: FAT32
Drive F: | 3.99 Gb Total Space | 3.99 Gb Free Space | 99.98% Space Free | Partition Type: FAT32

Computer Name: STEEV-NB | User Name: Steev | Logged in as Administrator.
Boot Mode: SafeMode | Scan Mode: All users
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Extra Registry (SafeList) ==========

========== File Associations ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\System32\control.exe (Microsoft Corporation)
.hlp [@ = hlpfile] -- C:\Windows\winhlp32.exe (Microsoft Corporation)
.jse [@ = JSEFile] -- C:\Windows\System32\CScript.exe (Microsoft Corporation)
.wsf [@ = WSFFile] -- C:\Windows\System32\CScript.exe (Microsoft Corporation)

[HKEY_USERS\S-1-5-21-2769440373-2176610137-4011517129-1000\SOFTWARE\Classes\<extension>]
.html [@ = ChromeHTML] -- Reg Error: Key error. File not found

========== Shell Spawning ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
hlpfile [open] -- %SystemRoot%\winhlp32.exe %1 (Microsoft Corporation)
htmlfile [edit] -- "C:\Program Files\Microsoft Office\Office14\msohtmed.exe" %1 (Microsoft Corporation)
htmlfile [print] -- "C:\Program Files\Microsoft Office\Office14\msohtmed.exe" /p %1 (Microsoft Corporation)
jsefile [open] -- %SystemRoot%\System32\CScript.exe "%1" %* (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
wsffile [open] -- %SystemRoot%\System32\CScript.exe "%1" %* (Microsoft Corporation)
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

========== Security Center Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 0
"FirewallDisableNotify" = 0
"AntiVirusDisableNotify" = 0
"UpdatesDisableNotify" = 0

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"VistaSp1" = Reg Error: Unknown registry data type -- File not found
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0

========== System Restore Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows NT\SystemRestore]
"DisableSR" = 1

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]
"DisableSR" = 0

========== Firewall Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile]

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\StandardProfile]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"DisableNotifications" = 0
"EnableFirewall" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1

========== Authorized Applications List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]

========== HKEY_LOCAL_MACHINE Uninstall List ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{07FA4960-B038-49EB-891B-9F95930AA544}" = HP Customer Experience Enhancements
"{08234a0d-cf39-4dca-99f0-0c5cb496da81}" = MSN Toolbar
"{0840B4D6-7DD1-4187-8523-E6FC0007EFB7}" = Windows Live ID Sign-in Assistant
"{0868BB9D-5EA0-40AF-A1CC-A38ED4E5BC67}" = 32 Bit HP CIO Components Installer
"{15BC8CD0-A65B-47D0-A2DD-90A824590FA8}" = Microsoft Works
"{178832DE-9DE0-4C87-9F82-9315A9B03985}" = Windows Live Writer
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{1FBF6C24-C1FD-4101-A42B-0C564F9E8E79}" = CyberLink DVD Suite
"{205C6BDD-7B73-42DE-8505-9A093F35A238}" = Windows Live Upload Tool
"{22B775E7-6C42-4FC5-8E10-9A5E3257BD94}" = MSVCRT
"{232DB76D-4751-41A9-9EC2-CDC0DAC1FAB6}" = WD SmartWare
"{236BB7C4-4419-42FD-0409-1E257A25E34D}" = Adobe Photoshop CS2
"{24495227-1B47-4D55-AC27-167B6BC3FF73}" = hppScanToCM2320
"{254C37AA-6B72-4300-84F6-98A82419187E}" = ActiveCheck component for HP Active Support Library
"{26A24AE4-039D-4CA4-87B4-2F83216018FF}" = Java™ 6 Update 24
"{287ECFA4-719A-2143-A09B-D6A12DE54E40}" = Acrobat.com
"{338DAD71-9CE7-4D63-B729-7E91C07A4D7D}" = Microsoft Search Enhancement Pack
"{34985F59-8F6F-46F4-9AD5-53E2714294D2}" = ArcSoft WebCam Companion 3
"{3598D33E-AF4E-4423-ABDD-9EA32D03D3DC}" = ArcSoft TotalMedia Theatre 3
"{3877C901-7B90-4727-A639-B6ED2DD59D43}" = ESU for Microsoft Windows 7
"{394FA67A-FF0A-4356-BB77-D85E5A300BDE}" = HP QuickWeb Installer
"{3B4E636E-9D65-4D67-BA61-189800823F52}" = Windows Live Communications Platform
"{3C3901C5-3455-3E0A-A214-0B093A5070A6}" = Microsoft .NET Framework 4 Client Profile
"{40BF1E83-20EB-11D8-97C5-0009C5020658}" = Power2Go
"{40C915B0-F2A0-423D-BEDF-04D3CE4D4DC5}" = HP Quick Launch
"{4123BE4D-C65C-467E-8071-232FB1FBF3B8}" = MSN Toolbar Platform
"{44B2A0AB-412E-4F8C-B058-D1E8AECCDFF5}" = Recovery Manager
"{491ADA37-04EE-2ECE-9F86-DDC0106047AC}" = Times Reader
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{4F22707C-C8E4-4BC8-881C-FAAB2EF5914B}" = HP HomeBase
"{511CA535-9CB1-4128-A30C-5F4C5D4AB848}" = hppFaxUtilityCM2320
"{52A69E11-7CEB-4a7d-9607-68BA4F39A89B}" = DeviceDiscovery
"{53454A1C-26F6-4599-A410-847B6AAD0009}" = Motorola Driver Installation 4.6.5
"{5ACE69F0-A3E8-44eb-88C1-0A841E700180}" = TrayApp
"{61BEA823-ECAF-49F1-8378-A59B3B8AD247}" = Microsoft Default Manager
"{6412CECE-8172-4BE5-935B-6CECACD2CA87}" = Windows Live Mail
"{6590DC16-A0D3-4397-9A91-C4E8836E40A4}" = HP User Guides 0214
"{669D4A35-146B-4314-89F1-1AC3D7B88367}" = HPAsset component for HP Active Support Library
"{687FEF8A-8597-40b4-832C-297EA3F35817}" = BufferChm
"{6F5E2F4A-377D-4700-B0E3-8F7F7507EA15}" = CustomerResearchQFolder
"{77697747-7567-428D-8394-2287586F6974}" = hppusgCM2320
"{786C5747-1033-0000-B58E-000000000001}" = Adobe Stock Photos 1.0
"{81128EE8-8EAD-4DB0-85C6-17C2CE50FF71}" = Windows Live Essentials
"{837b34e3-7c30-493c-8f6a-2b0f04e2912c}" = Microsoft Visual C++ 2005 Redistributable
"{84EBDF39-4B33-49D7-A0BD-EB6E2C4E81C1}" = Windows Live Sync
"{8833FFB6-5B0C-4764-81AA-06DFEED9A476}" = Realtek Ethernet Controller Driver For Windows Vista and Later
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{90120000-0020-0409-0000-0000000FF1CE}" = Compatibility Pack for the 2007 Office system
"{90140000-0011-0000-0000-0000000FF1CE}" = Microsoft Office Professional Plus 2010
"{90140000-0015-0409-0000-0000000FF1CE}" = Microsoft Office Access MUI (English) 2010
"{90140000-0016-0409-0000-0000000FF1CE}" = Microsoft Office Excel MUI (English) 2010
"{90140000-0018-0409-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (English) 2010
"{90140000-0019-0409-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (English) 2010
"{90140000-001A-0409-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (English) 2010
"{90140000-001B-0409-0000-0000000FF1CE}" = Microsoft Office Word MUI (English) 2010
"{90140000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2010
"{90140000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2010
"{90140000-001F-0C0A-0000-0000000FF1CE}" = Microsoft Office Proof (Spanish) 2010
"{90140000-002C-0409-0000-0000000FF1CE}" = Microsoft Office Proofing (English) 2010
"{90140000-0044-0409-0000-0000000FF1CE}" = Microsoft Office InfoPath MUI (English) 2010
"{90140000-006E-0409-0000-0000000FF1CE}" = Microsoft Office Shared MUI (English) 2010
"{90140000-00A1-0409-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (English) 2010
"{90140000-00BA-0409-0000-0000000FF1CE}" = Microsoft Office Groove MUI (English) 2010
"{90140000-0115-0409-0000-0000000FF1CE}" = Microsoft Office Shared Setup Metadata MUI (English) 2010
"{90140000-0117-0409-0000-0000000FF1CE}" = Microsoft Office Access Setup Metadata MUI (English) 2010
"{9068B2BE-D93A-4C0A-861C-5E35E2C0E09E}" = Intel® Matrix Storage Manager
"{95120000-00AF-0409-0000-0000000FF1CE}" = Microsoft Office PowerPoint Viewer 2007 (English)
"{95120000-00B9-0409-0000-0000000FF1CE}" = Microsoft Application Error Reporting
"{96AE7E41-E34E-47D0-AC07-1091A8127911}" = Realtek USB 2.0 Card Reader
"{995F2783-8311-49BF-833E-DB659774B4F6}" = hppFonts
"{99EE30D2-A7EA-486C-9AD4-57C8583375BF}" = hppSendFaxCM2320
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{9C2F9B2C-1585-43AD-9EF9-48AAD60DFC04}" = Microsoft IntelliPoint 8.1
"{A2BCA9F1-566C-4805-97D1-7FDC93386723}" = Adobe AIR
"{A85FD55B-891B-4314-97A5-EA96C0BD80B5}" = Windows Live Messenger
"{AB5D51AE-EBC3-438D-872C-705C7C2084B0}" = DeviceManagementQFolder
"{AC76BA86-1033-F400-7760-000000000003}" = Adobe Acrobat 8 Professional - English, Français, Deutsch
"{AC76BA86-7AD7-FFFF-7B44-A91000000001}" = Adobe Reader 9.3 MUI
"{AE7C40B6-9C6D-4022-B017-A41A6B7FA4D3}" = hppManualsCM2320
"{B226235F-51A4-4090-B5DB-5482A28D1B0F}" = hppFaxDrvCM2320
"{B3AEF776-7FFF-4C50-A402-9119E3849EE0}" = AVG 2011
"{B74D4E10-1033-0000-0000-000000000001}" = Adobe Bridge 1.0
"{CCB9B81A-167F-4832-B305-D2A0430840B3}" = WebReg
"{D2E0F0CC-6BE0-490b-B08B-9267083E34C9}" = MarketResearch
"{D46D081B-F60E-467E-A7C4-117B70D76731}" = HP Update
"{D4E53304-1F6C-4111-9872-1BCD2CF5B642}" = AVG 2011
"{D6C75F0B-3BC1-4FC9-B8C5-3F7E8ED059CA}" = Windows Live Photo Gallery
"{D8DFA46A-39F7-4368-810D-18AFCFDDAEAF}" = Adobe Shockwave Player
"{DA200FDD-DE3D-4958-8465-C4FBC869544B}" = HP Software Framework
"{DB23EB2A-5137-4FA0-9A90-AAAABE4AADBA}" = HP QuickSync
"{DD7D788B-D6C2-4CB1-AACC-8614D6C21D7C}" = hppCLJCM2320
"{DFB3914C-99B4-43C7-A9B6-298C2E11152A}" = HP Wireless Assistant
"{E2831862-F131-4327-B9CC-FA30F587EB6C}" = HP Setup
"{E2DFE069-083E-4631-9B6C-43C48E991DE5}" = Junk Mail filter update
"{E3A5A8AB-58F6-45FF-AFCB-C9AE18C05001}" = IDT Audio
"{E50AE784-FABE-46DA-A1F8-7B6B56DCB22E}" = Microsoft Office Suite Activation Assistant
"{E9787678-1033-0000-8E67-000000000001}" = Adobe Help Center 1.0
"{ECC3713C-08A4-40E3-95F1-7D0704F1CE5E}" = PL-2303 USB-to-Serial
"{ECF3E482-9188-4e29-9C31-E02FD8DC74C0}" = HP Color LaserJet CM2320 MFP Series 3.1
"{EEC010D0-1252-4E1D-BAD9-F1B8F414535C}" = PL-2303 Vista Driver Installer
"{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}" = Microsoft SQL Server 2005 Compact Edition [ENU]
"{F0E12BBA-AD66-4022-A453-A1C8A0C4D570}" = Microsoft Choice Guard
"{F6BD194C-4190-4D73-B1B1-C48C99921BFE}" = Windows Live Call
"{FE01E1D7-D3C8-4B08-898A-C59A977098C5}" = Broadcom CrystalHD Decoder
"{FF841249-0D6B-41D7-8013-953EE3A33263}" = hppQFolderCM2320
"9657EE3B-8192-467a-8292-976253F38749_is1" = Jagged Alliance 2 v1.13 (EN) [1.0.0.2085]
"Adobe Acrobat 8 Professional - English, Français, Deutsch" = Adobe Acrobat 8 Professional - English, Français, Deutsch
"Adobe AIR" = Adobe AIR
"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX
"Adobe Photoshop CS2 - {236BB7C4-4419-42FD-0409-1E257A25E34D}" = Adobe Photoshop CS2
"ArcSoft TotalMedia" = ArcSoft TotalMedia Theatre3
"AVG" = AVG 2011
"Broadcom 802.11 Wireless LAN Adapter" = Broadcom 802.11 Wireless LAN Adapter
"com.nyt.timesreader.78C54164786ADE80CB31E1C5D95607D0938C987A.1" = Times Reader
"Combined Community Codec Pack_is1" = Combined Community Codec Pack 2009-09-09
"HDMI" = Intel® Graphics Media Accelerator Driver
"HP Imaging Device Functions" = HP Imaging Device Functions 10.0
"HPExtendedCapabilities" = HP Customer Participation Program 10.0
"InstallShield_{1FBF6C24-C1FD-4101-A42B-0C564F9E8E79}" = CyberLink DVD Suite
"InstallShield_{40BF1E83-20EB-11D8-97C5-0009C5020658}" = Power2Go
"Jagged Alliance 2 Gold" = Jagged Alliance 2 Gold
"KLiteCodecPack_is1" = K-Lite Codec Pack 5.0.5 (Full)
"Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"Microsoft IntelliPoint 8.1" = Microsoft IntelliPoint 8.1
"My HP Game Console" = HP Game Console
"Office14.PROPLUS" = Microsoft Office Professional Plus 2010
"ScanTool.net for Windows" = ScanTool.net for Windows v1.13
"Search Toolbar" = Search Toolbar
"SynTPDeinstKey" = Synaptics Pointing Device Driver
"WildTangent hp Master Uninstall" = HP Games
"WinLiveSuite_Wave3" = Windows Live Essentials
"WinRAR archiver" = WinRAR archiver
"WT082124" = Blasterball 3
"WT082141" = FATE
"WT082168" = Penguins!
"WT082170" = Plants vs. Zombies
"WT082172" = Polar Bowler
"WT082192" = Bejeweled 2 Deluxe
"WT082200" = Chuzzle Deluxe
"WT082222" = Insaniquarium Deluxe
"WT082241" = Virtual Villagers - The Secret City
"WT082246" = Zuma Deluxe
"WT082396" = Diner Dash 2 Restaurant Rescue
"WT082409" = Mahjongg Artifacts
"WT082422" = Wedding Dash
"WT082427" = Slingo Deluxe
"WT082442" = Faerie Solitaire
"WT083489" = JoJo's Fashion Show
"WT083503" = Jewel Match 2
"WT083510" = Jewel Quest Solitaire
"WT083514" = Jewel Quest II
"WT083521" = Dream Chronicles
"WT083529" = Gem Shop
"ZumoDrive" = HP CloudDrive

========== HKEY_USERS Uninstall List ==========

[HKEY_USERS\S-1-5-21-2769440373-2176610137-4011517129-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"Google Chrome" = Google Chrome

========== Last 10 Event Log Errors ==========

[ Application Events ]
Error - 3/5/2011 1:06:08 PM | Computer Name = Steev-NB | Source = Application Error | ID = 1000
Description = Faulting application name: ScanTool.exe, version: 1.13.0.0, time stamp:
0x4472d4e7 Faulting module name: ntdll.dll, version: 6.1.7601.17514, time stamp:
0x4ce7b96e Exception code: 0xc0000005 Fault offset: 0x00052d94 Faulting process id:
0x16ec Faulting application start time: 0x01cbdb57363d9e16 Faulting application path:
C:\Program Files\ScanTool.net_win\ScanTool.exe Faulting module path: C:\Windows\SYSTEM32\ntdll.dll
Report
Id: dcc5a6e8-474a-11e0-9355-00268286e822

Error - 3/5/2011 1:55:54 PM | Computer Name = Steev-NB | Source = Application Error | ID = 1000
Description = Faulting application name: MotoConnect.exe, version: 1.1.30.0, time
stamp: 0x4c22fc56 Faulting module name: KERNELBASE.dll, version: 6.1.7601.17514,
time stamp: 0x4ce7b8f0 Exception code: 0xe06d7363 Fault offset: 0x0000b760 Faulting
process id: 0x1410 Faulting application start time: 0x01cbdb5e90be568f Faulting application
path: C:\Program Files\Motorola\MotoConnectService\MotoConnect.exe Faulting module
path: C:\Windows\system32\KERNELBASE.dll Report Id: d0a62bb1-4751-11e0-9355-be97d91f3397

Error - 3/7/2011 5:37:13 PM | Computer Name = Steev-NB | Source = RasClient | ID = 20227
Description =

Error - 3/7/2011 5:40:28 PM | Computer Name = Steev-NB | Source = RasClient | ID = 20227
Description =

Error - 3/7/2011 5:45:20 PM | Computer Name = Steev-NB | Source = Application Error | ID = 1000
Description = Faulting application name: MotoConnect.exe, version: 1.1.30.0, time
stamp: 0x4c22fc56 Faulting module name: KERNELBASE.dll, version: 6.1.7601.17514,
time stamp: 0x4ce7b8f0 Exception code: 0xe06d7363 Fault offset: 0x0000b760 Faulting
process id: 0xe0c Faulting application start time: 0x01cbdd10f1c05b67 Faulting application
path: C:\Program Files\Motorola\MotoConnectService\MotoConnect.exe Faulting module
path: C:\Windows\system32\KERNELBASE.dll Report Id: 32370319-4904-11e0-8973-c80aa9c418d6

Error - 3/9/2011 12:48:55 PM | Computer Name = Steev-NB | Source = Application Error | ID = 1000
Description = Faulting application name: MotoConnect.exe, version: 1.1.30.0, time
stamp: 0x4c22fc56 Faulting module name: KERNELBASE.dll, version: 6.1.7601.17514,
time stamp: 0x4ce7b8f0 Exception code: 0xe06d7363 Fault offset: 0x0000b760 Faulting
process id: 0x1650 Faulting application start time: 0x01cbde79df3f5425 Faulting application
path: C:\Program Files\Motorola\MotoConnectService\MotoConnect.exe Faulting module
path: C:\Windows\system32\KERNELBASE.dll Report Id: 1e95f556-4a6d-11e0-ac32-cfa3592346da

Error - 3/19/2011 12:36:55 PM | Computer Name = Steev-NB | Source = Application Error | ID = 1000
Description = Faulting application name: iexplore.exe, version: 8.0.7601.17514,
time stamp: 0x4ce79912 Faulting module name: Flash10l.ocx, version: 10.1.102.64,
time stamp: 0x4cc0fef8 Exception code: 0xc0000005 Fault offset: 0x003f4c2f Faulting
process id: 0x15e4 Faulting application start time: 0x01cbe6519015754e Faulting application
path: C:\Program Files\Internet Explorer\iexplore.exe Faulting module path: C:\Windows\system32\Macromed\Flash\Flash10l.ocx
Report
Id: 1952a55e-5247-11e0-8303-959d6a8f0ed7

Error - 3/19/2011 12:37:16 PM | Computer Name = Steev-NB | Source = Application Error | ID = 1000
Description = Faulting application name: iexplore.exe, version: 8.0.7601.17514,
time stamp: 0x4ce79912 Faulting module name: Flash10l.ocx, version: 10.1.102.64,
time stamp: 0x4cc0fef8 Exception code: 0xc0000005 Fault offset: 0x003f4c2f Faulting
process id: 0x1794 Faulting application start time: 0x01cbe653de61ef0e Faulting application
path: C:\Program Files\Internet Explorer\iexplore.exe Faulting module path: C:\Windows\system32\Macromed\Flash\Flash10l.ocx
Report
Id: 25f121b8-5247-11e0-8303-959d6a8f0ed7

Error - 3/19/2011 12:52:14 PM | Computer Name = Steev-NB | Source = Application Error | ID = 1000
Description = Faulting application name: MotoConnect.exe, version: 1.1.30.0, time
stamp: 0x4c22fc56 Faulting module name: KERNELBASE.dll, version: 6.1.7601.17514,
time stamp: 0x4ce7b8f0 Exception code: 0xe06d7363 Fault offset: 0x0000b760 Faulting
process id: 0x11e4 Faulting application start time: 0x01cbe655fe020c25 Faulting application
path: C:\Program Files\Motorola\MotoConnectService\MotoConnect.exe Faulting module
path: C:\Windows\system32\KERNELBASE.dll Report Id: 3d0c814d-5249-11e0-8303-959d6a8f0ed7

Error - 3/19/2011 1:09:46 PM | Computer Name = Steev-NB | Source = Application Error | ID = 1000
Description = Faulting application name: MotoConnect.exe, version: 1.1.30.0, time
stamp: 0x4c22fc56 Faulting module name: KERNELBASE.dll, version: 6.1.7601.17514,
time stamp: 0x4ce7b8f0 Exception code: 0xe06d7363 Fault offset: 0x0000b760 Faulting
process id: 0xe00 Faulting application start time: 0x01cbe658706fc7c6 Faulting application
path: C:\Program Files\Motorola\MotoConnectService\MotoConnect.exe Faulting module
path: C:\Windows\system32\KERNELBASE.dll Report Id: b014f661-524b-11e0-ac4a-a79c59a765b4

[ Hewlett-Packard Events ]
Error - 9/17/2010 8:06:07 PM | Computer Name = Steev-NB | Source = Hewlett-Packard | ID = 0
Description = en-US Could not find file 'C:\Program Files\Hewlett-Packard\HP Support
Framework\Logs\SystemInfoAA.xml'. mscorlib at System.IO.__Error.WinIOError(Int32
errorCode, String maybeFullPath) at System.IO.FileStream.Init(String path, FileMode
mode, FileAccess access, Int32 rights, Boolean useRights, FileShare share, Int32
bufferSize, FileOptions options, SECURITY_ATTRIBUTES secAttrs, String msgPath,
Boolean bFromProxy) at System.IO.FileStream..ctor(String path, FileMode mode,
FileAccess access, FileShare share, Int32 bufferSize, FileOptions options) at
System.IO.StreamReader..ctor(String path, Encoding encoding, Boolean detectEncodingFromByteOrderMarks,
Int32 bufferSize) at System.IO.StreamReader..ctor(String path, Encoding encoding)

at System.IO.File.ReadAllText(String path, Encoding encoding) at n.a()

Error - 9/17/2010 8:34:15 PM | Computer Name = Steev-NB | Source = Hewlett-Packard | ID = 0
Description = en-US Process must exit before requested information can be determined.
System

at System.Diagnostics.Process.EnsureState(State state) at System.Diagnostics.Process.get_ExitCode()

at g.a(FixableIssues[] A_0)

Error - 10/18/2010 3:51:07 PM | Computer Name = Steev-NB | Source = Hewlett-Packard | ID = 0
Description = en-US Exception of type 'System.Exception' was thrown. Configurator
at Configurator.ConfiguratorClass.loadXML() at HPSFConfigReader.ConfigHelper..ctor()

at HPAssistant.csSettings.loadApplicationResources(Boolean isOnAppLoad)

Error - 10/18/2010 3:51:08 PM | Computer Name = Steev-NB | Source = Hewlett-Packard | ID = 0
Description = en-US Exception of type 'System.Exception' was thrown. Configurator
at Configurator.ConfiguratorClass.loadXML() at Configurator.ConfiguratorClass..ctor(Boolean
loadxml) at HPSFConfigReader.ConfigHelper..ctor() at HPAssistant.csSettings.loadApplicationResources(Boolean
isOnAppLoad)

Error - 11/13/2010 2:41:52 AM | Computer Name = Steev-NB | Source = Hewlett-Packard | ID = 0
Description =

Error - 4/22/2011 9:22:21 PM | Computer Name = Steev-NB | Source = Hewlett-Packard | ID = 0
Description =

[ HP Wireless Assistant Events ]
Error - 2/10/2011 12:01:38 PM | Computer Name = Steev-NB | Source = HP WA Service | ID = 0
Description = GetPanelBrightnessTables() failed : e_BIOS_INVALID_COMMAND_TYPE

Error - 2/10/2011 12:01:38 PM | Computer Name = Steev-NB | Source = HP WA Service | ID = 0
Description = Unable to access panel brightness tables.

Error - 2/10/2011 4:41:19 PM | Computer Name = Steev-NB | Source = HP WA Service | ID = 0
Description = GetPanelBrightnessTables() failed : e_BIOS_INVALID_COMMAND_TYPE

Error - 2/10/2011 4:41:19 PM | Computer Name = Steev-NB | Source = HP WA Service | ID = 0
Description = Unable to access panel brightness tables.

Error - 2/21/2011 7:14:30 PM | Computer Name = Steev-NB | Source = HP WA Service | ID = 0
Description = GetPanelBrightnessTables() failed : e_BIOS_INVALID_COMMAND_TYPE

Error - 2/21/2011 7:14:30 PM | Computer Name = Steev-NB | Source = HP WA Service | ID = 0
Description = Unable to access panel brightness tables.

Error - 2/26/2011 4:53:45 PM | Computer Name = Steev-NB | Source = HP WA Service | ID = 0
Description = GetPanelBrightnessTables() failed : e_BIOS_INVALID_COMMAND_TYPE

Error - 2/26/2011 4:53:45 PM | Computer Name = Steev-NB | Source = HP WA Service | ID = 0
Description = Unable to access panel brightness tables.

Error - 4/1/2011 5:16:32 PM | Computer Name = Steev-NB | Source = HP WA Service | ID = 0
Description = GetPanelBrightnessTables() failed : e_BIOS_INVALID_COMMAND_TYPE

Error - 4/1/2011 5:16:32 PM | Computer Name = Steev-NB | Source = HP WA Service | ID = 0
Description = Unable to access panel brightness tables.

[ System Events ]
Error - 4/8/2011 6:23:49 PM | Computer Name = Steev-NB | Source = DCOM | ID = 10010
Description =

Error - 4/22/2011 8:50:11 PM | Computer Name = Steev-NB | Source = EventLog | ID = 6008
Description = The previous system shutdown at 11:21:59 AM on ?4/?9/?2011 was unexpected.

Error - 4/22/2011 8:52:07 PM | Computer Name = Steev-NB | Source = Service Control Manager | ID = 7022
Description = The HP CUE DeviceDiscovery Service service hung on starting.

Error - 4/22/2011 8:52:07 PM | Computer Name = Steev-NB | Source = Service Control Manager | ID = 7026
Description = The following boot-start or system-start driver(s) failed to load:
cdrom

Error - 4/22/2011 10:27:49 PM | Computer Name = Steev-NB | Source = DCOM | ID = 10010
Description =

Error - 4/22/2011 11:52:21 PM | Computer Name = Steev-NB | Source = Service Control Manager | ID = 7022
Description = The HP CUE DeviceDiscovery Service service hung on starting.

Error - 4/22/2011 11:52:21 PM | Computer Name = Steev-NB | Source = Service Control Manager | ID = 7026
Description = The following boot-start or system-start driver(s) failed to load:
cdrom

Error - 4/23/2011 6:23:03 PM | Computer Name = Steev-NB | Source = Service Control Manager | ID = 7011
Description = A timeout (30000 milliseconds) was reached while waiting for a transaction
response from the HPWMISVC service.

Error - 4/23/2011 6:24:19 PM | Computer Name = Steev-NB | Source = Service Control Manager | ID = 7022
Description = The HP CUE DeviceDiscovery Service service hung on starting.

Error - 4/23/2011 6:24:19 PM | Computer Name = Steev-NB | Source = Service Control Manager | ID = 7026
Description = The following boot-start or system-start driver(s) failed to load:
cdrom

< End of report >

This post has been edited by nyclad: 08 May 2011 - 05:39 PM

#4 SweetTech

Agent ST

Group: Malware Response Team
Posts: 12,662
Joined: 15-March 09
Gender:Male
Location:Antarctica

Posted 08 May 2011 - 07:27 PM

Hi!

The logs you have provided me with should be sufficient for right now.

I am also attaching a file called Fix.txt to this post, so that if you need to download the OTL fix I've create a little further down, you can do so easily and copy it onto your USB device.

Before we do anything, lets unhide your files/folders that were hidden by the virus.

Please download UnHide.exe by Grinler.

It will unhide folders/files that were set to be hidden by the infection you had.

NEXT:

OTL Fix

We need to run an OTL Fix

Please reopen on your desktop.

Copy and Paste the following code into the Posted Image

textbox.

:Services
:OTL
DRV - [2011/05/01 15:41:21 | 000,058,720 | -H-- | M] () [Kernel | Auto | Stopped] -- C:\Windows\System32\drivers\srenum.sys -- (srenum)
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - No CLSID value found.
O4 - HKLM..\Run: [] File not found
O4 - HKLM..\Run: [cftmon] C:\Windows\System32\dafr.exe (vuoopjgqkoybrxsctdvw)
O4 - HKLM..\Run: [Lviehfngpqg] File not found
O4 - HKU\S-1-5-21-2769440373-2176610137-4011517129-1000..\Run: [12CFG214-K641-12SF-N85P] C:\RECYCLER\S-1-5-21-0243936033-3052116371-381863308-1811\vsbntlo.exe ()
O4 - HKU\S-1-5-21-2769440373-2176610137-4011517129-1000..\Run: [506E7F4A_0] File not found
O4 - HKU\S-1-5-21-2769440373-2176610137-4011517129-1000..\Run: [engel] File not found
O4 - HKU\S-1-5-21-2769440373-2176610137-4011517129-1000..\Run: [fhFLtreUvTGXnKC] C:\ProgramData\fhFLtreUvTGXnKC.exe (WinTrust)
O4 - HKU\S-1-5-21-2769440373-2176610137-4011517129-1000..\Run: [Lfodupadewiyohup] C:\Users\Steev\AppData\Local\mgesyp.dll (ArcSoft Inc.)
O4 - HKU\S-1-5-21-2769440373-2176610137-4011517129-1000..\Run: [Lviehfngpqg] File not found
O4 - HKU\S-1-5-21-2769440373-2176610137-4011517129-1000..\Run: [Zxjejd] File not found
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: DisableTaskMgr = 1
O7 - HKU\.DEFAULT\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-18\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-19\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-20\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-21-2769440373-2176610137-4011517129-1000\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-21-2769440373-2176610137-4011517129-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: DisableTaskMgr = 1
O7 - HKU\S-1-5-21-2769440373-2176610137-4011517129-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: DisableRegistryTools = 1
[2011/05/01 15:46:52 | 000,000,000 | -H-D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows Recovery
[2011/05/01 15:46:51 | 000,000,000 | -H-D | C] -- C:\Users\Steev\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Windows Recovery
[2011/05/01 15:36:32 | 000,385,024 | -H-- | C] (vuoopjgqkoybrxsctdvw) -- C:\Windows\System32\dafr.exe
[2011/05/01 15:35:50 | 000,000,000 | -H-D | C] -- C:\Users\Steev\AppData\Roaming\engel
[2011/05/01 15:34:57 | 000,520,704 | -H-- | C] (WinTrust) -- C:\ProgramData\fhFLtreUvTGXnKC.exe
[3 C:\Users\Steev\AppData\Roaming\*.tmp files -> C:\Users\Steev\AppData\Roaming\*.tmp -> ]
[1 C:\Windows\System32\*.tmp files -> C:\Windows\System32\*.tmp -> ]
[2011/05/01 15:46:52 | 000,000,631 | -H-- | M] () -- C:\Users\Steev\Desktop\Windows Recovery.lnk
[2011/05/01 15:44:42 | 000,000,336 | -H-- | M] () -- C:\ProgramData\36822792
[2011/05/01 15:44:34 | 000,444,416 | -H-- | M] () -- C:\ProgramData\36822792.exe
[2011/05/01 15:41:21 | 000,058,720 | -H-- | M] () -- C:\Windows\System32\drivers\srenum.sys
[2011/05/01 15:41:21 | 000,004,128 | -H-- | M] () -- C:\Windows\System32\msrun.exe
[2011/05/01 15:37:28 | 000,001,608 | -H-- | M] () -- C:\Users\Steev\AppData\Roaming\7BBE.808
[2011/05/01 15:36:32 | 000,385,024 | -H-- | M] (vuoopjgqkoybrxsctdvw) -- C:\Windows\System32\dafr.exe
[2011/05/01 15:36:21 | 000,050,000 | -H-- | M] () -- C:\Windows\System32\ww1waf.dll
[2011/05/01 15:34:54 | 000,520,704 | -H-- | M] (WinTrust) -- C:\ProgramData\fhFLtreUvTGXnKC.exe
[3 C:\Users\Steev\AppData\Roaming\*.tmp files -> C:\Users\Steev\AppData\Roaming\*.tmp -> ]
[1 C:\Windows\System32\*.tmp files -> C:\Windows\System32\*.tmp -> ]

:Reg

:Files
ipconfig /flushdns /c
:Commands
[purity]
[resethosts]
[CreateRestorePoint]
[emptytemp]
[EMPTYFLASH]

Push
OTL may ask to reboot the machine. Please do so if asked.
Click the OK button.
A report will open. Copy and Paste that report in your next reply.
If the machine reboots, the log will be located at C:\_OTL\MovedFiles\mmddyyyy_hhmmss.log, where mmddyyyy_hhmmss is the date of the tool run.

NEXT:

Running ComboFix
Download Combofix from either of the links below, and save it to your desktop.

Link 1
Link 2

**Note: It is important that it is saved directly to your desktop**

--------------------------------------------------------------------
IMPORTANT - Disable your AntiVirus and AntiSpyware applications, usually via a right click on the System Tray icon. They may otherwise interfere with our tools. If you have difficulty properly disabling your protective programs, refer to this link here

Note: If AVG or CA Internet Security Suite is installed, you must remove these programs before using Combofix. If for some reason these applications will not uninstall, try uninstalling with AppRemover by Opswat.
--------------------------------------------------------------------

Double click on ComboFix.exe & follow the prompts.

Please post the C:\ComboFix.txt for further review.

#5 nyclad

Member

Group: Members
Posts: 44
Joined: 06-September 10

Posted 09 May 2011 - 12:21 AM

Hello ST,

I can't seem to get past the Unhide part. I downloaded the Unhide.exe program to my USB drive and plugged it into my affected netbook. Every time I try to run it, I get an Error popup that reads: Some installation files are corrupt. Please download a fresh copy and retry the installation.

When I click Okay on that, I get a WinRAR self extracting archive window that reads:

Extracting unhide.bat
Extracting pev.exe
CRC Failed in pev.exe
Unexpected end of archive.

Is there a way around this, or do you want me to proceed to the second step with the OTL fix?

Also, an observation which might be helpful:
The first thing I see when I boot to my Windows 7 desktop (besides the obvious all black screen) is a window that reads:
vsbntlo PROPERTIES
Origin: S-1-5-21-0243936033-305211637-1811

#6 SweetTech

Agent ST

Group: Malware Response Team
Posts: 12,662
Joined: 15-March 09
Gender:Male
Location:Antarctica

Posted 09 May 2011 - 10:09 AM

Please try and proceed with the OTL fix, and then see if things are more stable, that allow you to download and run unhide.exe on the infected computer followed by running the ComboFix scan.

#7 nyclad

Member

Group: Members
Posts: 44
Joined: 06-September 10

Posted 09 May 2011 - 01:41 PM

Hi ST,

I did the OTL fix in Normal MOde. The OTL log is below.

After running the OTL fix, along with the resulting reboot, I think most, if not all, of the desktop icons are visible. I do notice that in the start menu, there are no programs visible.
Now I notice that upon startup, once we get to the desktop, we get a warning popup: RUNDLL, which says it can't run mgesyp.dll.

I tried the Unhide.exe in Normal Mode, but same results as before, even after downloading fresh copies.

I did try the ComboFix anyways in Normal Mode, but it's not working. I tried about 5-6 times and got similar results. After the progress bar for loading ComboFix is finished and disappears, it bluescreens and says:
DRIVER IRQL_NOT_LESS_EQUAL...or something similar, it reboots before I can copy down what it says. Sometimes, instead of that, it says IASTOR.SYS on the blue screen, and reboots before I can get more info.
I did NOT try to run ComboFix on Safe Mode. Should I try that? Or is there something else I should try out?

I did try the Unhide.exe on Safe Mode, but same results.

Thanks again for your help on this.

Here's the OTL log.

All processes killed
========== SERVICES/DRIVERS ==========
========== OTL ==========
Service srenum stopped successfully!
Service srenum deleted successfully!
C:\Windows\System32\drivers\srenum.sys moved successfully.
Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{5C255C8A-E604-49b4-9D64-90988571CECB}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{5C255C8A-E604-49b4-9D64-90988571CECB}\ not found.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\\ deleted successfully.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\\cftmon deleted successfully.
C:\Windows\System32\dafr.exe moved successfully.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\\Lviehfngpqg deleted successfully.
Registry value HKEY_USERS\S-1-5-21-2769440373-2176610137-4011517129-1000\Software\Microsoft\Windows\CurrentVersion\Run\\12CFG214-K641-12SF-N85P deleted successfully.
C:\RECYCLER\S-1-5-21-0243936033-3052116371-381863308-1811\vsbntlo.exe moved successfully.
Registry value HKEY_USERS\S-1-5-21-2769440373-2176610137-4011517129-1000\Software\Microsoft\Windows\CurrentVersion\Run\\506E7F4A_0 deleted successfully.
Registry value HKEY_USERS\S-1-5-21-2769440373-2176610137-4011517129-1000\Software\Microsoft\Windows\CurrentVersion\Run\\engel deleted successfully.
Registry value HKEY_USERS\S-1-5-21-2769440373-2176610137-4011517129-1000\Software\Microsoft\Windows\CurrentVersion\Run\\fhFLtreUvTGXnKC deleted successfully.
C:\ProgramData\fhFLtreUvTGXnKC.exe moved successfully.
Registry value HKEY_USERS\S-1-5-21-2769440373-2176610137-4011517129-1000\Software\Microsoft\Windows\CurrentVersion\Run\\Lfodupadewiyohup deleted successfully.
C:\Users\Steev\AppData\Local\mgesyp.dll moved successfully.
Registry value HKEY_USERS\S-1-5-21-2769440373-2176610137-4011517129-1000\Software\Microsoft\Windows\CurrentVersion\Run\\Lviehfngpqg deleted successfully.
Registry value HKEY_USERS\S-1-5-21-2769440373-2176610137-4011517129-1000\Software\Microsoft\Windows\CurrentVersion\Run\\Zxjejd deleted successfully.
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\\DisableTaskMgr deleted successfully.
Registry key HKEY_USERS\.DEFAULT\Software\Policies\Microsoft\Internet Explorer\Control Panel\ not found.
Registry key HKEY_USERS\S-1-5-18\Software\Policies\Microsoft\Internet Explorer\Control Panel\ not found.
Registry key HKEY_USERS\S-1-5-19\Software\Policies\Microsoft\Internet Explorer\Control Panel\ not found.
Registry key HKEY_USERS\S-1-5-20\Software\Policies\Microsoft\Internet Explorer\Control Panel\ not found.
Registry key HKEY_USERS\S-1-5-21-2769440373-2176610137-4011517129-1000\Software\Policies\Microsoft\Internet Explorer\Control Panel\ deleted successfully.
Registry value HKEY_USERS\S-1-5-21-2769440373-2176610137-4011517129-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\\DisableTaskMgr deleted successfully.
Registry value HKEY_USERS\S-1-5-21-2769440373-2176610137-4011517129-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\\DisableRegistryTools deleted successfully.
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows Recovery folder moved successfully.
C:\Users\Steev\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Windows Recovery folder moved successfully.
File C:\Windows\System32\dafr.exe not found.
C:\Users\Steev\AppData\Roaming\engel folder moved successfully.
File C:\ProgramData\fhFLtreUvTGXnKC.exe not found.
C:\Users\Steev\AppData\Roaming\5467.tmp deleted successfully.
C:\Users\Steev\AppData\Roaming\6134.tmp deleted successfully.
C:\Users\Steev\AppData\Roaming\70B0.tmp deleted successfully.
C:\Windows\System32\PerfStringBackup.TMP deleted successfully.
C:\Users\Steev\Desktop\Windows Recovery.lnk moved successfully.
C:\ProgramData\36822792 moved successfully.
C:\ProgramData\36822792.exe moved successfully.
File C:\Windows\System32\drivers\srenum.sys not found.
C:\Windows\System32\msrun.exe moved successfully.
C:\Users\Steev\AppData\Roaming\7BBE.808 moved successfully.
File C:\Windows\System32\dafr.exe not found.
C:\Windows\System32\ww1waf.dll moved successfully.
File C:\ProgramData\fhFLtreUvTGXnKC.exe not found.
========== REGISTRY ==========
========== FILES ==========
< ipconfig /flushdns /c >
Windows IP Configuration
Successfully flushed the DNS Resolver Cache.
File delete failed. C:\Users\Steev\Desktop\cmd.bat scheduled to be deleted on reboot.
C:\Users\Steev\Desktop\cmd.txt deleted successfully.
========== COMMANDS ==========
HOSTS file reset successfully

[EMPTYTEMP]

User: All Users

User: Default
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 33170 bytes
->Flash cache emptied: 41620 bytes

User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->Flash cache emptied: 0 bytes

User: Public
->Temp folder emptied: 0 bytes

User: Steev
->Temp folder emptied: 1269142755 bytes
->Temporary Internet Files folder emptied: 286199585 bytes
->Java cache emptied: 7555754 bytes
->Google Chrome cache emptied: 377791250 bytes
->Flash cache emptied: 65392 bytes

%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 115227117 bytes
RecycleBin emptied: 0 bytes

Total Files Cleaned = 1,961.00 mb

[EMPTYFLASH]

User: All Users

User: Default
->Flash cache emptied: 0 bytes

User: Default User
->Flash cache emptied: 0 bytes

User: Public

User: Steev
->Flash cache emptied: 0 bytes

Total Flash Files Cleaned = 0.00 mb

OTL by OldTimer - Version 3.2.22.3 log created on 05092011_100145

This post has been edited by nyclad: 09 May 2011 - 01:43 PM

#8 SweetTech

Agent ST

Group: Malware Response Team
Posts: 12,662
Joined: 15-March 09
Gender:Male
Location:Antarctica

Posted 09 May 2011 - 01:57 PM

Please try to run this tool and then try running ComboFix again.

Running TDSSKiller

Please read carefully and follow these steps.

Download TDSSKiller and save it to your Desktop.
Extract its contents to your desktop.
Once extracted, open the TDSSKiller folder and doubleclick on TDSSKiller.exe to run the application, then on Start Scan.
If an infected file is detected, the default action will be Cure, click on Continue.
If a suspicious file is detected, the default action will be Skip, click on Continue.
It may ask you to reboot the computer to complete the process. Click on Reboot Now.
If no reboot is require, click on Report. A log file should appear. Please copy and paste the contents of that file here.
If a reboot is required, the report can also be found in your root directory, (usually C:\ folder) in the form of "TDSSKiller.[Version]_[Date]_[Time]_log.txt". Please copy and paste the contents of that file here.

#9 nyclad

Member

Group: Members
Posts: 44
Joined: 06-September 10

Posted 09 May 2011 - 03:32 PM

Hi ST,

I ran the TDSSKiller and it seems to work. I then ran the ComboFix. The logs for both are below.

On another note, I notice a cmd.bat file on the desktop. I recall seeing mention of it in one of the logs as something that was supposed to be deleted?

TDSSKiller Log:

2011/05/09 12:48:04.0953 3780 TDSS rootkit removing tool 2.5.0.0 May 1 2011 14:20:16
2011/05/09 12:48:04.0984 3780 ================================================================================
2011/05/09 12:48:04.0984 3780 SystemInfo:
2011/05/09 12:48:04.0984 3780
2011/05/09 12:48:04.0984 3780 OS Version: 6.1.7601 ServicePack: 1.0
2011/05/09 12:48:04.0984 3780 Product type: Workstation
2011/05/09 12:48:04.0984 3780 ComputerName: STEEV-NB
2011/05/09 12:48:04.0984 3780 UserName: Steev
2011/05/09 12:48:04.0984 3780 Windows directory: C:\Windows
2011/05/09 12:48:04.0984 3780 System windows directory: C:\Windows
2011/05/09 12:48:04.0984 3780 Processor architecture: Intel x86
2011/05/09 12:48:04.0984 3780 Number of processors: 2
2011/05/09 12:48:04.0984 3780 Page size: 0x1000
2011/05/09 12:48:04.0984 3780 Boot type: Normal boot
2011/05/09 12:48:04.0984 3780 ================================================================================
2011/05/09 12:48:05.0983 3780 Initialize success
2011/05/09 12:48:21.0863 3480 ================================================================================
2011/05/09 12:48:21.0863 3480 Scan started
2011/05/09 12:48:21.0863 3480 Mode: Manual;
2011/05/09 12:48:21.0863 3480 ================================================================================
2011/05/09 12:48:24.0297 3480 1394ohci (1b133875b8aa8ac48969bd3458afe9f5) C:\Windows\system32\drivers\1394ohci.sys
2011/05/09 12:48:24.0406 3480 ACPI (cea80c80bed809aa0da6febc04733349) C:\Windows\system32\drivers\ACPI.sys
2011/05/09 12:48:24.0500 3480 AcpiPmi (1efbc664abff416d1d07db115dcb264f) C:\Windows\system32\drivers\acpipmi.sys
2011/05/09 12:48:24.0640 3480 adp94xx (21e785ebd7dc90a06391141aac7892fb) C:\Windows\system32\DRIVERS\adp94xx.sys
2011/05/09 12:48:24.0734 3480 adpahci (0c676bc278d5b59ff5abd57bbe9123f2) C:\Windows\system32\DRIVERS\adpahci.sys
2011/05/09 12:48:24.0812 3480 adpu320 (7c7b5ee4b7b822ec85321fe23a27db33) C:\Windows\system32\DRIVERS\adpu320.sys
2011/05/09 12:48:24.0983 3480 AFD (1151fd4fb0216cfed887bfde29ebd516) C:\Windows\system32\drivers\afd.sys
2011/05/09 12:48:25.0093 3480 agp440 (507812c3054c21cef746b6ee3d04dd6e) C:\Windows\system32\drivers\agp440.sys
2011/05/09 12:48:25.0186 3480 aic78xx (8b30250d573a8f6b4bd23195160d8707) C:\Windows\system32\DRIVERS\djsvs.sys
2011/05/09 12:48:25.0280 3480 aliide (0d40bcf52ea90fc7df2aeab6503dea44) C:\Windows\system32\drivers\aliide.sys
2011/05/09 12:48:25.0342 3480 amdagp (3c6600a0696e90a463771c7422e23ab5) C:\Windows\system32\drivers\amdagp.sys
2011/05/09 12:48:25.0436 3480 amdide (cd5914170297126b6266860198d1d4f0) C:\Windows\system32\drivers\amdide.sys
2011/05/09 12:48:25.0529 3480 AmdK8 (00dda200d71bac534bf56a9db5dfd666) C:\Windows\system32\DRIVERS\amdk8.sys
2011/05/09 12:48:25.0592 3480 AmdPPM (3cbf30f5370fda40dd3e87df38ea53b6) C:\Windows\system32\DRIVERS\amdppm.sys
2011/05/09 12:48:25.0670 3480 amdsata (e7f4d42d8076ec60e21715cd11743a0d) C:\Windows\system32\drivers\amdsata.sys
2011/05/09 12:48:25.0717 3480 amdsbs (ea43af0c423ff267355f74e7a53bdaba) C:\Windows\system32\DRIVERS\amdsbs.sys
2011/05/09 12:48:25.0779 3480 amdxata (146459d2b08bfdcbfa856d9947043c81) C:\Windows\system32\drivers\amdxata.sys
2011/05/09 12:48:25.0888 3480 AppID (aea177f783e20150ace5383ee368da19) C:\Windows\system32\drivers\appid.sys
2011/05/09 12:48:26.0013 3480 arc (2932004f49677bd84dbc72edb754ffb3) C:\Windows\system32\DRIVERS\arc.sys
2011/05/09 12:48:26.0091 3480 archlp (20da1dc31893e1ad82a9c79011f5b344) C:\Windows\system32\drivers\archlp.sys
2011/05/09 12:48:26.0169 3480 arcsas (5d6f36c46fd283ae1b57bd2e9feb0bc7) C:\Windows\system32\DRIVERS\arcsas.sys
2011/05/09 12:48:26.0231 3480 AsyncMac (add2ade1c2b285ab8378d2daaf991481) C:\Windows\system32\DRIVERS\asyncmac.sys
2011/05/09 12:48:26.0309 3480 atapi (338c86357871c167a96ab976519bf59e) C:\Windows\system32\drivers\atapi.sys
2011/05/09 12:48:26.0434 3480 b06bdrv (1a231abec60fd316ec54c66715543cec) C:\Windows\system32\DRIVERS\bxvbdx.sys
2011/05/09 12:48:26.0512 3480 b57nd60x (bd8869eb9cde6bbe4508d869929869ee) C:\Windows\system32\DRIVERS\b57nd60x.sys
2011/05/09 12:48:26.0731 3480 BCM43XX (9c3b534854f0152ed4711d936a2192eb) C:\Windows\system32\DRIVERS\bcmwl6.sys
2011/05/09 12:48:26.0902 3480 Beep (505506526a9d467307b3c393dedaf858) C:\Windows\system32\drivers\Beep.sys
2011/05/09 12:48:27.0027 3480 blbdrive (2287078ed48fcfc477b05b20cf38f36f) C:\Windows\system32\DRIVERS\blbdrive.sys
2011/05/09 12:48:27.0089 3480 bowser (8f2da3028d5fcbd1a060a3de64cd6506) C:\Windows\system32\DRIVERS\bowser.sys
2011/05/09 12:48:27.0152 3480 BRCMDECO (a829cae879189857448f0e05c982f592) C:\Windows\system32\DRIVERS\BRCMHD32.sys
2011/05/09 12:48:27.0214 3480 BrFiltLo (9f9acc7f7ccde8a15c282d3f88b43309) C:\Windows\system32\DRIVERS\BrFiltLo.sys
2011/05/09 12:48:27.0261 3480 BrFiltUp (56801ad62213a41f6497f96dee83755a) C:\Windows\system32\DRIVERS\BrFiltUp.sys
2011/05/09 12:48:27.0355 3480 Brserid (845b8ce732e67f3b4133164868c666ea) C:\Windows\System32\Drivers\Brserid.sys
2011/05/09 12:48:27.0401 3480 BrSerWdm (203f0b1e73adadbbb7b7b1fabd901f6b) C:\Windows\System32\Drivers\BrSerWdm.sys
2011/05/09 12:48:27.0448 3480 BrUsbMdm (bd456606156ba17e60a04e18016ae54b) C:\Windows\System32\Drivers\BrUsbMdm.sys
2011/05/09 12:48:27.0511 3480 BrUsbSer (af72ed54503f717a43268b3cc5faec2e) C:\Windows\System32\Drivers\BrUsbSer.sys
2011/05/09 12:48:27.0557 3480 BTHMODEM (ed3df7c56ce0084eb2034432fc56565a) C:\Windows\system32\DRIVERS\bthmodem.sys
2011/05/09 12:48:27.0807 3480 cdfs (77ea11b065e0a8ab902d78145ca51e10) C:\Windows\system32\DRIVERS\cdfs.sys
2011/05/09 12:48:27.0901 3480 cdrom (be167ed0fdb9c1fa1133953c18d5a6c9) C:\Windows\system32\drivers\cdrom.sys
2011/05/09 12:48:27.0979 3480 circlass (3fe3fe94a34df6fb06e6418d0f6a0060) C:\Windows\system32\DRIVERS\circlass.sys
2011/05/09 12:48:28.0025 3480 CLFS (635181e0e9bbf16871bf5380d71db02d) C:\Windows\system32\CLFS.sys
2011/05/09 12:48:28.0119 3480 CmBatt (dea805815e587dad1dd2c502220b5616) C:\Windows\system32\DRIVERS\CmBatt.sys
2011/05/09 12:48:28.0181 3480 cmdide (c537b1db64d495b9b4717b4d6d9edbf2) C:\Windows\system32\drivers\cmdide.sys
2011/05/09 12:48:28.0275 3480 CNG (1b675691ed940766149c93e8f4488d68) C:\Windows\system32\Drivers\cng.sys
2011/05/09 12:48:28.0353 3480 Compbatt (a6023d3823c37043986713f118a89bee) C:\Windows\system32\DRIVERS\compbatt.sys
2011/05/09 12:48:28.0462 3480 CompositeBus (cbe8c58a8579cfe5fccf809e6f114e89) C:\Windows\system32\drivers\CompositeBus.sys
2011/05/09 12:48:28.0556 3480 crcdisk (2c4ebcfc84a9b44f209dff6c6e6c61d1) C:\Windows\system32\DRIVERS\crcdisk.sys
2011/05/09 12:48:28.0696 3480 DfsC (f024449c97ec1e464aaffda18593db88) C:\Windows\system32\Drivers\dfsc.sys
2011/05/09 12:48:28.0805 3480 discache (1a050b0274bfb3890703d490f330c0da) C:\Windows\system32\drivers\discache.sys
2011/05/09 12:48:28.0883 3480 Disk (565003f326f99802e68ca78f2a68e9ff) C:\Windows\system32\DRIVERS\disk.sys
2011/05/09 12:48:29.0008 3480 dot4 (b5e479eb83707dd698f66953e922042c) C:\Windows\system32\DRIVERS\Dot4.sys
2011/05/09 12:48:29.0086 3480 Dot4Print (caefd09b6a6249c53a67d55a9a9fcabf) C:\Windows\system32\drivers\Dot4Prt.sys
2011/05/09 12:48:29.0149 3480 Dot4Scan (9f7de667c505ce6500becdd8e11644d7) C:\Windows\system32\DRIVERS\Dot4Scan.sys
2011/05/09 12:48:29.0195 3480 dot4usb (cf491ff38d62143203c065260567e2f7) C:\Windows\system32\DRIVERS\dot4usb.sys
2011/05/09 12:48:29.0273 3480 drmkaud (b918e7c5f9bf77202f89e1a9539f2eb4) C:\Windows\system32\drivers\drmkaud.sys
2011/05/09 12:48:29.0320 3480 DVMIO (ff7a7a1e0f9a0ab892a454ffb9d14bbe) C:\Windows\system32\DRIVERS\dvmio.sys
2011/05/09 12:48:29.0476 3480 DXGKrnl (23f5d28378a160352ba8f817bd8c71cb) C:\Windows\System32\drivers\dxgkrnl.sys
2011/05/09 12:48:29.0663 3480 ebdrv (024e1b5cac09731e4d868e64dbfb4ab0) C:\Windows\system32\DRIVERS\evbdx.sys
2011/05/09 12:48:29.0835 3480 elxstor (0ed67910c8c326796faa00b2bf6d9d3c) C:\Windows\system32\DRIVERS\elxstor.sys
2011/05/09 12:48:29.0913 3480 ErrDev (8fc3208352dd3912c94367a206ab3f11) C:\Windows\system32\drivers\errdev.sys
2011/05/09 12:48:30.0022 3480 exfat (2dc9108d74081149cc8b651d3a26207f) C:\Windows\system32\drivers\exfat.sys
2011/05/09 12:48:30.0100 3480 fastfat (7e0ab74553476622fb6ae36f73d97d35) C:\Windows\system32\drivers\fastfat.sys
2011/05/09 12:48:30.0178 3480 fdc (e817a017f82df2a1f8cfdbda29388b29) C:\Windows\system32\DRIVERS\fdc.sys
2011/05/09 12:48:30.0272 3480 FileInfo (6cf00369c97f3cf563be99be983d13d8) C:\Windows\system32\drivers\fileinfo.sys
2011/05/09 12:48:30.0334 3480 Filetrace (42c51dc94c91da21cb9196eb64c45db9) C:\Windows\system32\drivers\filetrace.sys
2011/05/09 12:48:30.0412 3480 flpydisk (87907aa70cb3c56600f1c2fb8841579b) C:\Windows\system32\DRIVERS\flpydisk.sys
2011/05/09 12:48:30.0490 3480 FltMgr (7520ec808e0c35e0ee6f841294316653) C:\Windows\system32\drivers\fltmgr.sys
2011/05/09 12:48:30.0568 3480 FsDepends (1a16b57943853e598cff37fe2b8cbf1d) C:\Windows\system32\drivers\FsDepends.sys
2011/05/09 12:48:30.0615 3480 Fs_Rec (a574b4360e438977038aae4bf60d79a2) C:\Windows\system32\drivers\Fs_Rec.sys
2011/05/09 12:48:30.0709 3480 FTDIBUS (8142d5d886829b9876cb93af59475c09) C:\Windows\system32\drivers\ftdibus.sys
2011/05/09 12:48:30.0771 3480 FTSER2K (63d72a4cf9f163b59db0ceed940a7d76) C:\Windows\system32\drivers\ftser2k.sys
2011/05/09 12:48:30.0833 3480 fvevol (8a73e79089b282100b9393b644cb853b) C:\Windows\system32\DRIVERS\fvevol.sys
2011/05/09 12:48:30.0896 3480 gagp30kx (65ee0c7a58b65e74ae05637418153938) C:\Windows\system32\DRIVERS\gagp30kx.sys
2011/05/09 12:48:31.0005 3480 hcw85cir (c44e3c2bab6837db337ddee7544736db) C:\Windows\system32\drivers\hcw85cir.sys
2011/05/09 12:48:31.0067 3480 HdAudAddService (a5ef29d5315111c80a5c1abad14c8972) C:\Windows\system32\drivers\HdAudio.sys
2011/05/09 12:48:31.0130 3480 HDAudBus (9036377b8a6c15dc2eec53e489d159b5) C:\Windows\system32\drivers\HDAudBus.sys
2011/05/09 12:48:31.0177 3480 HidBatt (1d58a7f3e11a9731d0eaaaa8405acc36) C:\Windows\system32\DRIVERS\HidBatt.sys
2011/05/09 12:48:31.0239 3480 HidBth (89448f40e6df260c206a193a4683ba78) C:\Windows\system32\DRIVERS\hidbth.sys
2011/05/09 12:48:31.0286 3480 HidIr (cf50b4cf4a4f229b9f3c08351f99ca5e) C:\Windows\system32\DRIVERS\hidir.sys
2011/05/09 12:48:31.0379 3480 HidUsb (10c19f8290891af023eaec0832e1eb4d) C:\Windows\system32\DRIVERS\hidusb.sys
2011/05/09 12:48:31.0567 3480 HPFXBULK (299683d4c8aaa3f6f5d5d226a1782a6e) C:\Windows\system32\drivers\hpfxbulk.sys
2011/05/09 12:48:31.0691 3480 HPFXFAX (f728db73a87231e27b6ba34d71ce2edb) C:\Windows\system32\drivers\hpfxfax.sys
2011/05/09 12:48:31.0832 3480 HpSAMD (295fdc419039090eb8b49ffdbb374549) C:\Windows\system32\drivers\HpSAMD.sys
2011/05/09 12:48:31.0925 3480 HTTP (871917b07a141bff43d76d8844d48106) C:\Windows\system32\drivers\HTTP.sys
2011/05/09 12:48:32.0019 3480 hwpolicy (0c4e035c7f105f1299258c90886c64c5) C:\Windows\system32\drivers\hwpolicy.sys
2011/05/09 12:48:32.0097 3480 i8042prt (f151f0bdc47f4a28b1b20a0818ea36d6) C:\Windows\system32\drivers\i8042prt.sys
2011/05/09 12:48:32.0191 3480 iaStor (0baa4115dfffd6a6d809a89d65e1281a) C:\Windows\system32\DRIVERS\iaStor.sys
2011/05/09 12:48:32.0253 3480 iaStorV (a3cae5d281db4cff7cff8233507ee5ad) C:\Windows\system32\drivers\iaStorV.sys
2011/05/09 12:48:32.0518 3480 igfx (ba41e1bba410212ce6d30e0dac47972b) C:\Windows\system32\DRIVERS\igdkmd32.sys
2011/05/09 12:48:32.0705 3480 iirsp (4173ff5708f3236cf25195fecd742915) C:\Windows\system32\DRIVERS\iirsp.sys
2011/05/09 12:48:32.0783 3480 intelide (a0f12f2c9ba6c72f3987ce780e77c130) C:\Windows\system32\drivers\intelide.sys
2011/05/09 12:48:32.0861 3480 intelppm (3b514d27bfc4accb4037bc6685f766e0) C:\Windows\system32\DRIVERS\intelppm.sys
2011/05/09 12:48:32.0939 3480 IpFilterDriver (709d1761d3b19a932ff0238ea6d50200) C:\Windows\system32\DRIVERS\ipfltdrv.sys
2011/05/09 12:48:33.0002 3480 IPMIDRV (4bd7134618c1d2a27466a099062547bf) C:\Windows\system32\drivers\IPMIDrv.sys
2011/05/09 12:48:33.0033 3480 IPNAT (a5fa468d67abcdaa36264e463a7bb0cd) C:\Windows\system32\drivers\ipnat.sys
2011/05/09 12:48:33.0095 3480 IRENUM (42996cff20a3084a56017b7902307e9f) C:\Windows\system32\drivers\irenum.sys
2011/05/09 12:48:33.0158 3480 isapnp (1f32bb6b38f62f7df1a7ab7292638a35) C:\Windows\system32\drivers\isapnp.sys
2011/05/09 12:48:33.0205 3480 iScsiPrt (cb7a9abb12b8415bce5d74994c7ba3ae) C:\Windows\system32\drivers\msiscsi.sys
2011/05/09 12:48:33.0251 3480 kbdclass (adef52ca1aeae82b50df86b56413107e) C:\Windows\system32\drivers\kbdclass.sys
2011/05/09 12:48:33.0298 3480 kbdhid (9e3ced91863e6ee98c24794d05e27a71) C:\Windows\system32\drivers\kbdhid.sys
2011/05/09 12:48:33.0376 3480 KSecDD (412cea1aa78cc02a447f5c9e62b32ff1) C:\Windows\system32\Drivers\ksecdd.sys
2011/05/09 12:48:33.0423 3480 KSecPkg (26c046977e85b95036453d7b88ba1820) C:\Windows\system32\Drivers\ksecpkg.sys
2011/05/09 12:48:33.0548 3480 lltdio (f7611ec07349979da9b0ae1f18ccc7a6) C:\Windows\system32\DRIVERS\lltdio.sys
2011/05/09 12:48:33.0704 3480 LSI_FC (eb119a53ccf2acc000ac71b065b78fef) C:\Windows\system32\DRIVERS\lsi_fc.sys
2011/05/09 12:48:33.0782 3480 LSI_SAS (8ade1c877256a22e49b75d1cc9161f9c) C:\Windows\system32\DRIVERS\lsi_sas.sys
2011/05/09 12:48:33.0844 3480 LSI_SAS2 (dc9dc3d3daa0e276fd2ec262e38b11e9) C:\Windows\system32\DRIVERS\lsi_sas2.sys
2011/05/09 12:48:33.0907 3480 LSI_SCSI (0a036c7d7cab643a7f07135ac47e0524) C:\Windows\system32\DRIVERS\lsi_scsi.sys
2011/05/09 12:48:34.0000 3480 luafv (6703e366cc18d3b6e534f5cf7df39cee) C:\Windows\system32\drivers\luafv.sys
2011/05/09 12:48:34.0063 3480 megasas (0fff5b045293002ab38eb1fd1fc2fb74) C:\Windows\system32\DRIVERS\megasas.sys
2011/05/09 12:48:34.0141 3480 MegaSR (dcbab2920c75f390caf1d29f675d03d6) C:\Windows\system32\DRIVERS\MegaSR.sys
2011/05/09 12:48:34.0250 3480 Modem (f001861e5700ee84e2d4e52c712f4964) C:\Windows\system32\drivers\modem.sys
2011/05/09 12:48:34.0297 3480 monitor (79d10964de86b292320e9dfe02282a23) C:\Windows\system32\DRIVERS\monitor.sys
2011/05/09 12:48:34.0406 3480 motmodem (54fee02961c70fd9d4d7e2f87afa23fa) C:\Windows\system32\DRIVERS\motmodem.sys
2011/05/09 12:48:34.0515 3480 mouclass (fb18cc1d4c2e716b6b903b0ac0cc0609) C:\Windows\system32\DRIVERS\mouclass.sys
2011/05/09 12:48:34.0577 3480 mouhid (2c388d2cd01c9042596cf3c8f3c7b24d) C:\Windows\system32\DRIVERS\mouhid.sys
2011/05/09 12:48:34.0671 3480 mountmgr (fc8771f45ecccfd89684e38842539b9b) C:\Windows\system32\drivers\mountmgr.sys
2011/05/09 12:48:34.0811 3480 mpio (2d699fb6e89ce0d8da14ecc03b3edfe0) C:\Windows\system32\drivers\mpio.sys
2011/05/09 12:48:34.0889 3480 mpsdrv (ad2723a7b53dd1aacae6ad8c0bfbf4d0) C:\Windows\system32\drivers\mpsdrv.sys
2011/05/09 12:48:34.0999 3480 MRxDAV (ceb46ab7c01c9f825f8cc6babc18166a) C:\Windows\system32\drivers\mrxdav.sys
2011/05/09 12:48:35.0092 3480 mrxsmb (ed3d3419b064f28d812995ed8cadc541) C:\Windows\system32\DRIVERS\mrxsmb.sys
2011/05/09 12:48:35.0155 3480 mrxsmb10 (dc914446049169a964e27fd8888ffaee) C:\Windows\system32\DRIVERS\mrxsmb10.sys
2011/05/09 12:48:35.0201 3480 mrxsmb20 (e7d90388d14fae057c166c1801e0bf94) C:\Windows\system32\DRIVERS\mrxsmb20.sys
2011/05/09 12:48:35.0279 3480 msahci (012c5f4e9349e711e11e0f19a8589f0a) C:\Windows\system32\drivers\msahci.sys
2011/05/09 12:48:35.0357 3480 msdsm (55055f8ad8be27a64c831322a780a228) C:\Windows\system32\drivers\msdsm.sys
2011/05/09 12:48:35.0467 3480 Msfs (daefb28e3af5a76abcc2c3078c07327f) C:\Windows\system32\drivers\Msfs.sys
2011/05/09 12:48:35.0591 3480 mshidkmdf (3e1e5767043c5af9367f0056295e9f84) C:\Windows\System32\drivers\mshidkmdf.sys
2011/05/09 12:48:35.0623 3480 msisadrv (0a4e5757ae09fa9622e3158cc1aef114) C:\Windows\system32\drivers\msisadrv.sys
2011/05/09 12:48:35.0732 3480 MSKSSRV (8c0860d6366aaffb6c5bb9df9448e631) C:\Windows\system32\drivers\MSKSSRV.sys
2011/05/09 12:48:35.0779 3480 MSPCLOCK (3ea8b949f963562cedbb549eac0c11ce) C:\Windows\system32\drivers\MSPCLOCK.sys
2011/05/09 12:48:35.0825 3480 MSPQM (f456e973590d663b1073e9c463b40932) C:\Windows\system32\drivers\MSPQM.sys
2011/05/09 12:48:35.0872 3480 MsRPC (0e008fc4819d238c51d7c93e7b41e560) C:\Windows\system32\drivers\MsRPC.sys
2011/05/09 12:48:35.0935 3480 mssmbios (fc6b9ff600cc585ea38b12589bd4e246) C:\Windows\system32\drivers\mssmbios.sys
2011/05/09 12:48:35.0997 3480 MSTEE (b42c6b921f61a6e55159b8be6cd54a36) C:\Windows\system32\drivers\MSTEE.sys
2011/05/09 12:48:36.0059 3480 MTConfig (33599130f44e1f34631cea241de8ac84) C:\Windows\system32\DRIVERS\MTConfig.sys
2011/05/09 12:48:36.0122 3480 Mup (159fad02f64e6381758c990f753bcc80) C:\Windows\system32\Drivers\mup.sys
2011/05/09 12:48:36.0200 3480 NativeWifiP (26384429fcd85d83746f63e798ab1480) C:\Windows\system32\DRIVERS\nwifi.sys
2011/05/09 12:48:36.0340 3480 NDIS (e7c54812a2aaf43316eb6930c1ffa108) C:\Windows\system32\drivers\ndis.sys
2011/05/09 12:48:36.0403 3480 NdisCap (0e1787aa6c9191d3d319e8bafe86f80c) C:\Windows\system32\DRIVERS\ndiscap.sys
2011/05/09 12:48:36.0512 3480 ndisrd (1359b200974395679b092f1d5f63cfa9) C:\Windows\system32\DRIVERS\ndisrd.sys
2011/05/09 12:48:36.0574 3480 NdisTapi (e4a8aec125a2e43a9e32afeea7c9c888) C:\Windows\system32\DRIVERS\ndistapi.sys
2011/05/09 12:48:36.0652 3480 Ndisuio (d8a65dafb3eb41cbb622745676fcd072) C:\Windows\system32\DRIVERS\ndisuio.sys
2011/05/09 12:48:36.0715 3480 NdisWan (38fbe267e7e6983311179230facb1017) C:\Windows\system32\DRIVERS\ndiswan.sys
2011/05/09 12:48:36.0793 3480 NDProxy (a4bdc541e69674fbff1a8ff00be913f2) C:\Windows\system32\drivers\NDProxy.sys
2011/05/09 12:48:36.0871 3480 NetBIOS (80b275b1ce3b0e79909db7b39af74d51) C:\Windows\system32\DRIVERS\netbios.sys
2011/05/09 12:48:36.0980 3480 NetBT (280122ddcf04b378edd1ad54d71c1e54) C:\Windows\system32\DRIVERS\netbt.sys
2011/05/09 12:48:37.0198 3480 netw5v32 (58218ec6b61b1169cf54aab0d00f5fe2) C:\Windows\system32\DRIVERS\netw5v32.sys
2011/05/09 12:48:37.0432 3480 nfrd960 (1d85c4b390b0ee09c7a46b91efb2c097) C:\Windows\system32\DRIVERS\nfrd960.sys
2011/05/09 12:48:37.0495 3480 Npfs (1db262a9f8c087e8153d89bef3d2235f) C:\Windows\system32\drivers\Npfs.sys
2011/05/09 12:48:37.0588 3480 nsiproxy (e9a0a4d07e53d8fea2bb8387a3293c58) C:\Windows\system32\drivers\nsiproxy.sys
2011/05/09 12:48:37.0729 3480 Ntfs (33c3093d09017cfe2e219f2472bff6eb) C:\Windows\system32\drivers\Ntfs.sys
2011/05/09 12:48:37.0885 3480 Null (f9756a98d69098dca8945d62858a812c) C:\Windows\system32\drivers\Null.sys
2011/05/09 12:48:37.0978 3480 nvraid (af2eec9580c1d32fb7eaf105d9784061) C:\Windows\system32\drivers\nvraid.sys
2011/05/09 12:48:38.0041 3480 nvstor (9283c58ebaa2618f93482eb5dabcec82) C:\Windows\system32\drivers\nvstor.sys
2011/05/09 12:48:38.0134 3480 nv_agp (5a0983915f02bae73267cc2a041f717d) C:\Windows\system32\drivers\nv_agp.sys
2011/05/09 12:48:38.0243 3480 ohci1394 (08a70a1f2cdde9bb49b885cb817a66eb) C:\Windows\system32\drivers\ohci1394.sys
2011/05/09 12:48:38.0399 3480 Parport (2ea877ed5dd9713c5ac74e8ea7348d14) C:\Windows\system32\DRIVERS\parport.sys
2011/05/09 12:48:38.0462 3480 partmgr (bf8f6af06da75b336f07e23aef97d93b) C:\Windows\system32\drivers\partmgr.sys
2011/05/09 12:48:38.0540 3480 Parvdm (eb0a59f29c19b86479d36b35983daadc) C:\Windows\system32\DRIVERS\parvdm.sys
2011/05/09 12:48:38.0618 3480 pci (673e55c3498eb970088e812ea820aa8f) C:\Windows\system32\drivers\pci.sys
2011/05/09 12:48:38.0680 3480 pciide (afe86f419014db4e5593f69ffe26ce0a) C:\Windows\system32\drivers\pciide.sys
2011/05/09 12:48:38.0758 3480 pcmcia (f396431b31693e71e8a80687ef523506) C:\Windows\system32\DRIVERS\pcmcia.sys
2011/05/09 12:48:38.0805 3480 pcw (250f6b43d2b613172035c6747aeeb19f) C:\Windows\system32\drivers\pcw.sys
2011/05/09 12:48:38.0883 3480 PEAUTH (9e0104ba49f4e6973749a02bf41344ed) C:\Windows\system32\drivers\peauth.sys
2011/05/09 12:48:39.0133 3480 Point32 (7d7a9c17d5455203dea11e5ef886cc59) C:\Windows\system32\DRIVERS\point32.sys
2011/05/09 12:48:39.0226 3480 PptpMiniport (631e3e205ad6d86f2aed6a4a8e69f2db) C:\Windows\system32\DRIVERS\raspptp.sys
2011/05/09 12:48:39.0289 3480 Processor (85b1e3a0c7585bc4aae6899ec6fcf011) C:\Windows\system32\DRIVERS\processr.sys
2011/05/09 12:48:39.0367 3480 Psched (6270ccae2a86de6d146529fe55b3246a) C:\Windows\system32\DRIVERS\pacer.sys
2011/05/09 12:48:39.0460 3480 ql2300 (ab95ecf1f6659a60ddc166d8315b0751) C:\Windows\system32\DRIVERS\ql2300.sys
2011/05/09 12:48:39.0554 3480 ql40xx (b4dd51dd25182244b86737dc51af2270) C:\Windows\system32\DRIVERS\ql40xx.sys
2011/05/09 12:48:39.0616 3480 QWAVEdrv (584078ca1b95ca72df2a27c336f9719d) C:\Windows\system32\drivers\qwavedrv.sys
2011/05/09 12:48:39.0663 3480 RasAcd (30a81b53c766d0133bb86d234e5556ab) C:\Windows\system32\DRIVERS\rasacd.sys
2011/05/09 12:48:39.0710 3480 RasAgileVpn (57ec4aef73660166074d8f7f31c0d4fd) C:\Windows\system32\DRIVERS\AgileVpn.sys
2011/05/09 12:48:39.0788 3480 Rasl2tp (d9f91eafec2815365cbe6d167e4e332a) C:\Windows\system32\DRIVERS\rasl2tp.sys
2011/05/09 12:48:39.0850 3480 RasPppoe (0fe8b15916307a6ac12bfb6a63e45507) C:\Windows\system32\DRIVERS\raspppoe.sys
2011/05/09 12:48:39.0913 3480 RasSstp (44101f495a83ea6401d886e7fd70096b) C:\Windows\system32\DRIVERS\rassstp.sys
2011/05/09 12:48:39.0991 3480 rdbss (d528bc58a489409ba40334ebf96a311b) C:\Windows\system32\DRIVERS\rdbss.sys
2011/05/09 12:48:40.0053 3480 rdpbus (0d8f05481cb76e70e1da06ee9f0da9df) C:\Windows\system32\DRIVERS\rdpbus.sys
2011/05/09 12:48:40.0131 3480 RDPCDD (23dae03f29d253ae74c44f99e515f9a1) C:\Windows\system32\DRIVERS\RDPCDD.sys
2011/05/09 12:48:40.0240 3480 RDPENCDD (5a53ca1598dd4156d44196d200c94b8a) C:\Windows\system32\drivers\rdpencdd.sys
2011/05/09 12:48:40.0349 3480 RDPREFMP (44b0a53cd4f27d50ed461dae0c0b4e1f) C:\Windows\system32\drivers\rdprefmp.sys
2011/05/09 12:48:40.0459 3480 RDPWD (288b06960d78428ff89e811632684e20) C:\Windows\system32\drivers\RDPWD.sys
2011/05/09 12:48:40.0599 3480 rdyboost (518395321dc96fe2c9f0e96ac743b656) C:\Windows\system32\drivers\rdyboost.sys
2011/05/09 12:48:40.0739 3480 rspndr (032b0d36ad92b582d869879f5af5b928) C:\Windows\system32\DRIVERS\rspndr.sys
2011/05/09 12:48:40.0833 3480 RSUSBSTOR (867beb23207ba425c85293bb0d3ea971) C:\Windows\system32\Drivers\RtsUStor.sys
2011/05/09 12:48:40.0895 3480 RTL8167 (c5a68c5ec01fd6f03396dd154b48db56) C:\Windows\system32\DRIVERS\Rt86win7.sys
2011/05/09 12:48:41.0020 3480 sbp2port (05d860da1040f111503ac416ccef2bca) C:\Windows\system32\drivers\sbp2port.sys
2011/05/09 12:48:41.0114 3480 scfilter (0693b5ec673e34dc147e195779a4dcf6) C:\Windows\system32\DRIVERS\scfilter.sys
2011/05/09 12:48:41.0207 3480 sdbus (0328be1c7f1cba23848179f8762e391c) C:\Windows\system32\drivers\sdbus.sys
2011/05/09 12:48:41.0301 3480 secdrv (90a3935d05b494a5a39d37e71f09a677) C:\Windows\system32\drivers\secdrv.sys
2011/05/09 12:48:41.0441 3480 Serenum (9ad8b8b515e3df6acd4212ef465de2d1) C:\Windows\system32\DRIVERS\serenum.sys
2011/05/09 12:48:41.0488 3480 Serial (5fb7fcea0490d821f26f39cc5ea3d1e2) C:\Windows\system32\DRIVERS\serial.sys
2011/05/09 12:48:41.0566 3480 sermouse (79bffb520327ff916a582dfea17aa813) C:\Windows\system32\DRIVERS\sermouse.sys
2011/05/09 12:48:41.0691 3480 sffdisk (9f976e1eb233df46fce808d9dea3eb9c) C:\Windows\system32\drivers\sffdisk.sys
2011/05/09 12:48:41.0753 3480 sffp_mmc (932a68ee27833cfd57c1639d375f2731) C:\Windows\system32\drivers\sffp_mmc.sys
2011/05/09 12:48:41.0816 3480 sffp_sd (6d4ccaedc018f1cf52866bbbaa235982) C:\Windows\system32\drivers\sffp_sd.sys
2011/05/09 12:48:41.0863 3480 sfloppy (db96666cc8312ebc45032f30b007a547) C:\Windows\system32\DRIVERS\sfloppy.sys
2011/05/09 12:48:41.0972 3480 sisagp (2565cac0dc9fe0371bdce60832582b2e) C:\Windows\system32\drivers\sisagp.sys
2011/05/09 12:48:42.0019 3480 SiSRaid2 (a9f0486851becb6dda1d89d381e71055) C:\Windows\system32\DRIVERS\SiSRaid2.sys
2011/05/09 12:48:42.0097 3480 SiSRaid4 (3727097b55738e2f554972c3be5bc1aa) C:\Windows\system32\DRIVERS\sisraid4.sys
2011/05/09 12:48:42.0159 3480 Smb (3e21c083b8a01cb70ba1f09303010fce) C:\Windows\system32\DRIVERS\smb.sys
2011/05/09 12:48:42.0268 3480 spldr (95cf1ae7527fb70f7816563cbc09d942) C:\Windows\system32\drivers\spldr.sys
2011/05/09 12:48:42.0393 3480 srv (4e636465a8653ba3bf29f929aa578e6f) C:\Windows\system32\DRIVERS\srv.sys
2011/05/09 12:48:42.0455 3480 srv2 (4e4e17a3865f650ee8c67726872d9431) C:\Windows\system32\DRIVERS\srv2.sys
2011/05/09 12:48:42.0549 3480 SrvHsfHDA (e00fdfaff025e94f9821153750c35a6d) C:\Windows\system32\DRIVERS\VSTAZL3.SYS
2011/05/09 12:48:42.0658 3480 SrvHsfV92 (ceb4e3b6890e1e42dca6694d9e59e1a0) C:\Windows\system32\DRIVERS\VSTDPV3.SYS
2011/05/09 12:48:42.0783 3480 SrvHsfWinac (bc0c7ea89194c299f051c24119000e17) C:\Windows\system32\DRIVERS\VSTCNXT3.SYS
2011/05/09 12:48:42.0861 3480 srvnet (1346dff5be932939997d373d61a35626) C:\Windows\system32\DRIVERS\srvnet.sys
2011/05/09 12:48:42.0986 3480 stexstor (db32d325c192b801df274bfd12a7e72b) C:\Windows\system32\DRIVERS\stexstor.sys
2011/05/09 12:48:43.0064 3480 STHDA (02b3ef45094f090e397eea46cbed7b9e) C:\Windows\system32\DRIVERS\stwrt.sys
2011/05/09 12:48:43.0157 3480 swenum (e58c78a848add9610a4db6d214af5224) C:\Windows\system32\drivers\swenum.sys
2011/05/09 12:48:43.0267 3480 SynTP (067cb9d745407a8c1b26e89a6a2ce152) C:\Windows\system32\DRIVERS\SynTP.sys
2011/05/09 12:48:43.0454 3480 Tcpip (37e8fa3779668837ca9e2c36d2415949) C:\Windows\system32\drivers\tcpip.sys
2011/05/09 12:48:43.0610 3480 TCPIP6 (37e8fa3779668837ca9e2c36d2415949) C:\Windows\system32\DRIVERS\tcpip.sys
2011/05/09 12:48:43.0719 3480 tcpipreg (cca24162e055c3714ce5a88b100c64ed) C:\Windows\system32\drivers\tcpipreg.sys
2011/05/09 12:48:43.0859 3480 TDPIPE (1cb91b2bd8f6dd367dfc2ef26fd751b2) C:\Windows\system32\drivers\tdpipe.sys
2011/05/09 12:48:43.0891 3480 TDTCP (2c10395baa4847f83042813c515cc289) C:\Windows\system32\drivers\tdtcp.sys
2011/05/09 12:48:43.0969 3480 tdx (b459575348c20e8121d6039da063c704) C:\Windows\system32\DRIVERS\tdx.sys
2011/05/09 12:48:44.0047 3480 TermDD (04dbf4b01ea4bf25a9a3e84affac9b20) C:\Windows\system32\drivers\termdd.sys
2011/05/09 12:48:44.0187 3480 tssecsrv (254bb140eee3c59d6114c1a86b636877) C:\Windows\system32\DRIVERS\tssecsrv.sys
2011/05/09 12:48:44.0281 3480 TsUsbFlt (fd1d6c73e6333be727cbcc6054247654) C:\Windows\system32\drivers\tsusbflt.sys
2011/05/09 12:48:44.0343 3480 tunnel (b2fa25d9b17a68bb93d58b0556e8c90d) C:\Windows\system32\DRIVERS\tunnel.sys
2011/05/09 12:48:44.0421 3480 uagp35 (750fbcb269f4d7dd2e420c56b795db6d) C:\Windows\system32\DRIVERS\uagp35.sys
2011/05/09 12:48:44.0499 3480 udfs (ee43346c7e4b5e63e54f927babbb32ff) C:\Windows\system32\DRIVERS\udfs.sys
2011/05/09 12:48:44.0593 3480 uliagpkx (44e8048ace47befbfdc2e9be4cbc8880) C:\Windows\system32\drivers\uliagpkx.sys
2011/05/09 12:48:44.0702 3480 umbus (d295bed4b898f0fd999fcfa9b32b071b) C:\Windows\system32\drivers\umbus.sys
2011/05/09 12:48:44.0749 3480 UmPass (7550ad0c6998ba1cb4843e920ee0feac) C:\Windows\system32\DRIVERS\umpass.sys
2011/05/09 12:48:44.0827 3480 usbccgp (7e72e7d7e0757d59481d530fd2b0bfae) C:\Windows\system32\DRIVERS\usbccgp.sys
2011/05/09 12:48:44.0905 3480 usbcir (04ec7cec62ec3b6d9354eee93327fc82) C:\Windows\system32\drivers\usbcir.sys
2011/05/09 12:48:44.0951 3480 usbehci (cfbce999c057d78979a181c9c60f208e) C:\Windows\system32\drivers\usbehci.sys
2011/05/09 12:48:44.0998 3480 usbhub (9d22aad9ac6a07c691a1113e5f860868) C:\Windows\system32\drivers\usbhub.sys
2011/05/09 12:48:45.0045 3480 usbohci (a6fb7957ea7afb1165991e54ce934b74) C:\Windows\system32\DRIVERS\usbohci.sys
2011/05/09 12:48:45.0107 3480 usbprint (797d862fe0875e75c7cc4c1ad7b30252) C:\Windows\system32\DRIVERS\usbprint.sys
2011/05/09 12:48:45.0185 3480 usbscan (576096ccbc07e7c4ea4f5e6686d6888f) C:\Windows\system32\DRIVERS\usbscan.sys
2011/05/09 12:48:45.0263 3480 USBSTOR (bf63ebfc6979fefb2bc03df7989a0c1a) C:\Windows\system32\DRIVERS\USBSTOR.SYS
2011/05/09 12:48:45.0326 3480 usbuhci (78780c3ebce17405b1ccd07a3a8a7d72) C:\Windows\system32\drivers\usbuhci.sys
2011/05/09 12:48:45.0451 3480 usbvideo (45f4e7bf43db40a6c6b4d92c76cbc3f2) C:\Windows\System32\Drivers\usbvideo.sys
2011/05/09 12:48:45.0544 3480 vdrvroot (a059c4c3edb09e07d21a8e5c0aabd3cb) C:\Windows\system32\drivers\vdrvroot.sys
2011/05/09 12:48:45.0622 3480 vga (17c408214ea61696cec9c66e388b14f3) C:\Windows\system32\DRIVERS\vgapnp.sys
2011/05/09 12:48:45.0700 3480 VgaSave (8e38096ad5c8570a6f1570a61e251561) C:\Windows\System32\drivers\vga.sys
2011/05/09 12:48:45.0794 3480 vhdmp (5461686cca2fda57b024547733ab42e3) C:\Windows\system32\drivers\vhdmp.sys
2011/05/09 12:48:45.0887 3480 viaagp (c829317a37b4bea8f39735d4b076e923) C:\Windows\system32\drivers\viaagp.sys
2011/05/09 12:48:45.0950 3480 ViaC7 (e02f079a6aa107f06b16549c6e5c7b74) C:\Windows\system32\DRIVERS\viac7.sys
2011/05/09 12:48:45.0997 3480 viaide (e43574f6a56a0ee11809b48c09e4fd3c) C:\Windows\system32\drivers\viaide.sys
2011/05/09 12:48:46.0059 3480 volmgr (4c63e00f2f4b5f86ab48a58cd990f212) C:\Windows\system32\drivers\volmgr.sys
2011/05/09 12:48:46.0121 3480 volmgrx (b5bb72067ddddbbfb04b2f89ff8c3c87) C:\Windows\system32\drivers\volmgrx.sys
2011/05/09 12:48:46.0215 3480 volsnap (f497f67932c6fa693d7de2780631cfe7) C:\Windows\system32\drivers\volsnap.sys
2011/05/09 12:48:46.0293 3480 vsmraid (9dfa0cc2f8855a04816729651175b631) C:\Windows\system32\DRIVERS\vsmraid.sys
2011/05/09 12:48:46.0371 3480 vwifibus (90567b1e658001e79d7c8bbd3dde5aa6) C:\Windows\system32\DRIVERS\vwifibus.sys
2011/05/09 12:48:46.0449 3480 vwififlt (7090d3436eeb4e7da3373090a23448f7) C:\Windows\system32\DRIVERS\vwififlt.sys
2011/05/09 12:48:46.0543 3480 vwifimp (a3f04cbea6c2a10e6cb01f8b47611882) C:\Windows\system32\DRIVERS\vwifimp.sys
2011/05/09 12:48:46.0652 3480 WacomPen (de3721e89c653aa281428c8a69745d90) C:\Windows\system32\DRIVERS\wacompen.sys
2011/05/09 12:48:46.0761 3480 WANARP (3c3c78515f5ab448b022bdf5b8ffdd2e) C:\Windows\system32\DRIVERS\wanarp.sys
2011/05/09 12:48:46.0823 3480 Wanarpv6 (3c3c78515f5ab448b022bdf5b8ffdd2e) C:\Windows\system32\DRIVERS\wanarp.sys
2011/05/09 12:48:46.0964 3480 Wd (1112a9badacb47b7c0bb0392e3158dff) C:\Windows\system32\DRIVERS\wd.sys
2011/05/09 12:48:47.0042 3480 WDC_SAM (d6efaf429fd30c5df613d220e344cce7) C:\Windows\system32\DRIVERS\wdcsam.sys
2011/05/09 12:48:47.0135 3480 Wdf01000 (9950e3d0f08141c7e89e64456ae7dc73) C:\Windows\system32\drivers\Wdf01000.sys
2011/05/09 12:48:47.0323 3480 WfpLwf (8b9a943f3b53861f2bfaf6c186168f79) C:\Windows\system32\DRIVERS\wfplwf.sys
2011/05/09 12:48:47.0369 3480 WIMMount (5cf95b35e59e2a38023836fff31be64c) C:\Windows\system32\drivers\wimmount.sys
2011/05/09 12:48:47.0588 3480 WinUsb (a67e5f9a400f3bd1be3d80613b45f708) C:\Windows\system32\DRIVERS\WinUsb.sys
2011/05/09 12:48:47.0681 3480 WmiAcpi (0217679b8fca58714c3bf2726d2ca84e) C:\Windows\system32\drivers\wmiacpi.sys
2011/05/09 12:48:47.0822 3480 ws2ifsl (6db3276587b853bf886b69528fdb048c) C:\Windows\system32\drivers\ws2ifsl.sys
2011/05/09 12:48:47.0947 3480 WudfPf (e714a1c0354636837e20ccbf00888ee7) C:\Windows\system32\drivers\WudfPf.sys
2011/05/09 12:48:48.0056 3480 WUDFRd (1023ee888c9b47178c5293ed5336ab69) C:\Windows\system32\DRIVERS\WUDFRd.sys
2011/05/09 12:48:48.0165 3480 yukonw7 (b07c5b7efdf936ff93d4f540938725be) C:\Windows\system32\DRIVERS\yk62x86.sys
2011/05/09 12:48:48.0337 3480 \HardDisk1 - detected Rootkit.Win32.TDSS.tdl4 (0)
2011/05/09 12:48:48.0851 3480 ================================================================================
2011/05/09 12:48:48.0851 3480 Scan finished
2011/05/09 12:48:48.0851 3480 ================================================================================
2011/05/09 12:48:48.0929 3500 Detected object count: 1
2011/05/09 12:49:53.0529 3500 \HardDisk1 (Rootkit.Win32.TDSS.tdl4) - will be cured after reboot
2011/05/09 12:49:53.0529 3500 \HardDisk1 - ok
2011/05/09 12:49:53.0545 3500 Rootkit.Win32.TDSS.tdl4(\HardDisk1) - User select action: Cure
2011/05/09 12:50:13.0372 1724 Deinitialize success

ComboFix log:

ComboFix 10-08-07.01 - Steev 08/07/2010 22:06:14.1.2 - x86
Microsoft Windows 7 Starter 6.1.7600.0.1252.1.1033.18.1012.329 [GMT -7:00]
Running from: c:\recoveryfiles\ComboFix.exe
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

Infected copy of c:\windows\system32\drivers\iaStor.sys was found and disinfected
Restored copy from - Kitty had a snack

.
((((((((((((((((((((((((( Files Created from 2010-07-08 to 2010-08-08 )))))))))))))))))))))))))))))))
.

2010-08-08 05:21 . 2010-08-08 05:22 -------- d-----w- c:\users\Steev\AppData\Local\temp
2010-08-08 05:21 . 2010-08-08 05:21 -------- d-----w- c:\users\Default\AppData\Local\temp
2010-08-08 04:50 . 2010-08-08 04:51 -------- d-----w- C:\32788R22FWJFW
2010-08-08 04:36 . 2010-03-13 01:22 81920 ----a-w- c:\windows\system32\drivers\ser2pl.sys
2010-08-08 02:10 . 2010-08-08 02:23 -------- d-----w- c:\program files\ScanTool.net_win
2010-08-07 23:37 . 2010-08-07 23:37 -------- d-----w- C:\$AVG
2010-08-07 21:29 . 2010-08-07 21:29 -------- d-----w- c:\programdata\FLEXnet
2010-08-07 21:25 . 2010-08-07 21:25 -------- d-----w- c:\program files\Common Files\Macrovision Shared
2010-08-07 21:25 . 2010-08-07 21:29 -------- d-----w- c:\users\Steev\AppData\Local\Adobe
2010-08-07 21:24 . 2008-04-07 12:38 22872 ----a-r- c:\windows\system32\AdobePDFUI.dll
2010-08-07 20:25 . 2005-08-03 23:05 35892 ----a-w- c:\windows\system32\SER9PL.sys
2010-08-07 04:59 . 2010-08-07 04:59 -------- d-----w- c:\program files\Combined Community Codec Pack
2010-08-07 04:58 . 2010-08-07 04:58 -------- d-----w- c:\users\Steev\AppData\Roaming\Media Player Classic
2010-08-07 04:36 . 2010-06-22 11:30 116224 ----a-w- c:\windows\system32\drivers\BRCMHD32.sys
2010-08-07 04:21 . 2010-04-13 00:29 411368 ----a-w- c:\windows\system32\deployJava1.dll
2010-08-07 03:39 . 2010-08-07 03:39 -------- d-----w- c:\users\Steev\AppData\Roaming\Malwarebytes
2010-08-07 03:39 . 2010-04-29 22:39 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2010-08-07 03:39 . 2010-08-07 03:39 -------- d-----w- c:\programdata\Malwarebytes
2010-08-07 03:39 . 2010-08-07 03:45 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2010-08-07 03:39 . 2010-04-29 22:39 20952 ----a-w- c:\windows\system32\drivers\mbam.sys
2010-08-07 03:38 . 2010-08-08 04:34 -------- d-----w- C:\RecoveryFiles
2010-08-07 02:37 . 2010-08-07 02:37 360584 ----a-w- c:\programdata\avg9\update\backup\avgtdix.sys
2010-08-07 02:37 . 2010-08-07 02:37 28424 ----a-w- c:\programdata\avg9\update\backup\avgmfx86.sys
2010-08-07 02:36 . 2010-08-07 02:36 333192 ----a-w- c:\programdata\avg9\update\backup\avgldx86.sys
2010-08-07 02:36 . 2010-08-07 02:36 12536 ----a-w- c:\windows\system32\avgrsstx.dll
2010-08-07 02:35 . 2010-08-07 02:09 1007896 ----a-w- c:\programdata\avg9\update\backup\avgupd.exe
2010-08-07 02:35 . 2010-08-07 02:09 613656 ----a-w- c:\programdata\avg9\update\backup\avgiproxy.exe
2010-08-07 02:35 . 2010-08-07 02:09 800536 ----a-w- c:\programdata\avg9\update\backup\avginet.dll
2010-08-07 02:35 . 2010-08-07 02:09 1658136 ----a-w- c:\programdata\avg9\update\backup\avgupd.dll
2010-08-07 02:10 . 2010-08-07 02:36 243024 ----a-w- c:\windows\system32\drivers\avgtdix.sys
2010-08-07 02:10 . 2010-08-07 02:36 29584 ----a-w- c:\windows\system32\drivers\avgmfx86.sys
2010-08-07 02:10 . 2010-08-07 02:36 216400 ----a-w- c:\windows\system32\drivers\avgldx86.sys
2010-08-07 02:10 . 2010-08-07 23:33 -------- d-----w- c:\windows\system32\drivers\Avg
2010-08-07 02:09 . 2010-08-07 02:09 -------- d-----w- c:\program files\AVG
2010-08-07 02:09 . 2010-08-07 02:09 -------- d-----w- c:\programdata\avg9
2010-08-07 02:05 . 2008-09-16 19:23 168448 ----a-w- c:\windows\system32\unrar.dll
2010-08-07 02:05 . 2009-05-29 21:31 881664 ----a-w- c:\windows\system32\xvidcore.dll
2010-08-07 02:05 . 2004-01-25 16:18 217088 ----a-w- c:\windows\system32\yv12vfw.dll
2010-08-07 02:05 . 2009-05-29 21:37 205824 ----a-w- c:\windows\system32\xvidvfw.dll
2010-08-07 02:05 . 2009-05-01 21:02 90112 ----a-w- c:\windows\system32\dpl100.dll
2010-08-07 02:05 . 2008-11-06 16:37 3596288 ----a-w- c:\windows\system32\qt-dx331.dll
2010-08-07 02:05 . 2009-05-01 21:02 685056 ----a-w- c:\windows\system32\divx.dll
2010-08-07 02:05 . 2009-06-02 16:11 85504 ----a-w- c:\windows\system32\ff_vfw.dll
2010-08-07 02:05 . 2010-08-07 02:07 -------- d-----w- c:\program files\K-Lite Codec Pack
2010-08-07 02:01 . 2010-08-08 02:18 -------- d-----w- C:\Download
2010-08-06 23:32 . 2009-11-25 19:47 99176 ----a-w- c:\windows\system32\PresentationHostProxy.dll
2010-08-06 23:32 . 2009-11-25 19:47 49472 ----a-w- c:\windows\system32\netfxperf.dll
2010-08-06 23:32 . 2009-11-25 19:47 297808 ----a-w- c:\windows\system32\mscoree.dll
2010-08-06 23:32 . 2009-11-25 19:47 295264 ----a-w- c:\windows\system32\PresentationHost.exe
2010-08-06 23:32 . 2009-11-25 19:47 1130824 ----a-w- c:\windows\system32\dfshim.dll
2010-08-06 23:22 . 2010-05-27 07:24 34304 ----a-w- c:\windows\system32\atmlib.dll
2010-08-06 23:22 . 2010-05-27 03:49 293888 ----a-w- c:\windows\system32\atmfd.dll
2010-08-06 23:22 . 2010-02-27 07:32 221696 ----a-w- c:\windows\system32\drivers\mrxsmb10.sys
2010-08-06 23:22 . 2010-02-27 07:32 95744 ----a-w- c:\windows\system32\drivers\mrxsmb20.sys
2010-08-06 23:22 . 2010-02-27 07:32 123392 ----a-w- c:\windows\system32\drivers\mrxsmb.sys
2010-08-06 23:21 . 2009-12-29 06:55 172032 ----a-w- c:\windows\system32\wintrust.dll
2010-08-06 23:20 . 2010-01-09 06:52 132608 ----a-w- c:\windows\system32\cabview.dll
2010-08-06 23:08 . 2010-05-21 21:14 221568 ------w- c:\windows\system32\MpSigStub.exe
2010-08-06 20:29 . 2010-08-06 20:29 -------- d-----w- c:\users\Steev\AppData\Local\Diagnostics
2010-08-06 20:16 . 2010-08-08 04:50 -------- d-----w- c:\users\Steev\AppData\Roaming\ZumoDrive
2010-08-06 20:16 . 2010-08-06 20:16 -------- d-----w- c:\users\Steev\AppData\Roaming\hpqLog
2010-08-06 20:14 . 2010-08-06 22:42 -------- d-----w- c:\users\Steev\AppData\Local\Hewlett-Packard
2010-08-06 20:08 . 2010-08-07 21:50 86632 ----a-w- c:\users\Steev\AppData\Local\GDIPFONTCACHEV1.DAT
2010-08-06 19:42 . 2010-08-06 19:42 -------- d-----w- c:\users\Public\Symantec
2010-08-06 19:42 . 2010-08-06 19:42 -------- d-----w- c:\users\Steev\AppData\Roaming\Hewlett-Packard

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-08-08 01:50 . 2010-06-10 18:00 -------- d-----w- c:\programdata\Norton
2010-08-07 21:25 . 2010-05-13 04:01 -------- d-----w- c:\program files\Common Files\Adobe
2010-08-07 20:25 . 2010-05-13 02:09 -------- d--h--w- c:\program files\InstallShield Installation Information
2010-08-07 04:21 . 2010-05-13 05:12 -------- d-----w- c:\program files\Java
2010-08-06 23:37 . 2009-07-14 02:37 -------- d-----w- c:\program files\Windows Mail
2010-08-06 19:41 . 2009-07-14 04:52 -------- d-----w- c:\program files\Windows Sidebar
2010-08-06 11:26 . 2010-05-13 05:02 -------- d-----w- c:\program files\Microsoft Silverlight
2010-06-22 11:30 . 2010-06-22 11:30 864276 ----a-r- c:\windows\system32\drivers\bcm70015fw.bin
2010-06-22 11:30 . 2010-06-22 11:30 2786404 ----a-r- c:\windows\system32\drivers\bcm70012fw.bin
2010-06-10 18:22 . 2010-05-13 03:40 -------- d-----w- c:\programdata\Hewlett-Packard
2010-06-10 18:08 . 2010-05-13 02:06 -------- d-----w- c:\program files\Hewlett-Packard
2010-06-10 18:07 . 2010-06-10 18:07 -------- d-----w- c:\program files\Common Files\HPQuickWeb
2010-06-10 18:06 . 2010-06-10 18:02 -------- d-----w- c:\program files\Downloaded Installations
2010-06-10 17:59 . 2010-06-10 17:59 -------- d-----w- c:\programdata\NortonInstaller
2010-06-10 17:57 . 2010-06-10 17:57 -------- d-----w- c:\programdata\ArcSoft
2010-06-10 17:57 . 2010-05-13 04:13 -------- d-----w- c:\program files\ArcSoft
2010-06-10 17:56 . 2010-06-10 17:56 53319 ----a-w- c:\programdata\Temp\{051B9612-4D82-42AC-8C63-CD2DCEDC1CB3}\PostBuild.exe
2010-06-10 17:55 . 2010-06-10 17:55 36864 ----a-w- c:\programdata\Temp\{23F3DA62-2D9E-4A69-B8D5-BE8E9E148092}\PostBuild.exe
2010-06-10 17:55 . 2010-05-13 04:34 -------- d-----w- c:\programdata\CyberLink
2010-06-10 17:55 . 2010-05-13 04:34 36864 ----a-w- c:\programdata\Temp\{5DB1DF0C-AABC-4362-8A6D-CEFDFB036E41}\PostBuild.exe
2010-06-10 17:55 . 2010-06-10 17:54 -------- d-----w- c:\program files\MSN Toolbar Installer
2010-06-10 17:54 . 2010-06-10 17:54 -------- d-----w- c:\program files\MSN Toolbar
2010-06-10 17:53 . 2010-06-10 17:53 -------- d-----w- c:\program files\Times Reader
2010-06-10 17:53 . 2010-05-13 04:03 -------- d-----w- c:\program files\Common Files\Adobe AIR
2010-06-10 17:53 . 2010-08-06 19:39 38784 ----a-w- c:\users\Steev\AppData\Roaming\Macromedia\Flash Player\www.macromedia.com\bin\airappinstaller\airappinstaller.exe
2010-06-10 17:53 . 2010-06-10 17:53 38784 ----a-w- c:\users\Default\AppData\Roaming\Macromedia\Flash Player\www.macromedia.com\bin\airappinstaller\airappinstaller.exe
2010-06-10 17:48 . 2010-06-10 17:47 -------- d-----w- c:\program files\Broadcom
2010-06-10 17:46 . 2010-06-10 17:47 6656 ----a-w- c:\windows\system32\bcmwlrc.dll
2010-06-10 17:46 . 2010-06-10 17:36 0 --sha-r- c:\windows\system32\drivers\103C_HP_cNB_Mini 210-1100_Y5335KV_0U_QCNF025C6NJ_E602088-001_4A_I3660_SHP_V48.26_F.22_T100524_WU11-0_L409_M1013_J250_7Intel_86CA_91.67_#100610_N10EC8136;14E44727_(XA521UA#ABA)_XMOBILE_CN10_Z.MRK
2010-06-10 17:46 . 2010-06-10 17:39 -------- d-----w- c:\program files\IDT
2010-06-10 17:39 . 2010-06-10 17:38 -------- d-----w- c:\program files\Realtek
2010-06-10 17:39 . 2010-05-13 02:37 -------- d-----w- c:\program files\Intel
2010-06-10 17:38 . 2010-06-10 17:38 0 ---ha-w- c:\windows\system32\drivers\Msft_Kernel_SynTP_01009.Wdf
2010-06-10 17:38 . 2010-06-10 17:38 -------- d-----w- c:\program files\Synaptics
2010-05-28 05:32 . 2010-05-28 05:32 245936 ----a-w- c:\windows\system32\drivers\SynTP.sys
2010-05-28 05:31 . 2010-05-28 05:31 165160 ----a-w- c:\windows\system32\SynTPAPI.dll
2010-05-28 05:31 . 2010-05-28 05:31 120104 ----a-w- c:\windows\system32\SynTPCo4.dll
2010-05-28 05:31 . 2010-05-28 05:31 210216 ----a-w- c:\windows\system32\SynCtrl.dll
2010-05-28 05:31 . 2010-05-28 05:31 173352 ----a-w- c:\windows\system32\SynCOM.dll
2010-05-21 05:18 . 2010-08-06 23:24 977920 ----a-w- c:\windows\system32\wininet.dll
2010-05-13 04:37 . 2010-05-13 04:37 53319 ----a-w- c:\programdata\Temp\{1FBF6C24-C1FD-4101-A42B-0C564F9E8E79}\PostBuild.exe
2010-05-13 04:34 . 2010-05-13 04:34 36864 ----a-w- c:\programdata\Temp\{40BF1E83-20EB-11D8-97C5-0009C5020658}\PostBuild.exe
2010-05-13 03:39 . 2010-05-13 03:39 36864 ----a-w- c:\programdata\Temp\{44B2A0AB-412E-4F8C-B058-D1E8AECCDFF5}\PostBuild.exe
2010-05-13 02:50 . 2010-05-13 02:50 85504 ----a-w- c:\windows\system32\secproc_ssp_isv.dll
2010-05-13 02:50 . 2010-05-13 02:50 85504 ----a-w- c:\windows\system32\secproc_ssp.dll
2010-05-13 02:50 . 2010-05-13 02:50 369152 ----a-w- c:\windows\system32\secproc.dll
2010-05-13 02:50 . 2010-05-13 02:50 365568 ----a-w- c:\windows\system32\secproc_isv.dll
2010-05-13 02:50 . 2010-05-13 02:50 324608 ----a-w- c:\windows\system32\RMActivate_isv.exe
2010-05-13 02:50 . 2010-05-13 02:50 320512 ----a-w- c:\windows\system32\RMActivate.exe
2010-05-13 02:50 . 2010-05-13 02:50 280064 ----a-w- c:\windows\system32\RMActivate_ssp.exe
2010-05-13 02:50 . 2010-05-13 02:50 277504 ----a-w- c:\windows\system32\RMActivate_ssp_isv.exe
2010-05-13 02:49 . 2010-05-13 02:49 41984 ----a-w- c:\windows\system32\drivers\usbehci.sys
2010-05-13 02:49 . 2010-05-13 02:49 258560 ----a-w- c:\windows\system32\drivers\usbhub.sys
2010-05-13 02:48 . 2010-05-13 02:48 292864 ----a-w- c:\windows\system32\apphelp.dll
2010-05-13 02:48 . 2010-05-13 02:48 285696 ----a-w- c:\windows\system32\winlogon.exe
2010-05-13 02:48 . 2010-05-13 02:48 2614272 ----a-w- c:\windows\explorer.exe
2010-05-13 02:48 . 2010-05-13 02:48 246784 ----a-w- c:\windows\system32\drivers\udfs.sys
2010-05-13 02:47 . 2010-05-13 02:47 668160 ----a-w- c:\windows\system32\autochk.exe
2010-05-13 02:46 . 2010-05-13 02:46 91648 ----a-w- c:\windows\system32\avifil32.dll
2010-05-13 02:46 . 2010-05-13 02:46 84480 ----a-w- c:\windows\system32\mciavi32.dll
2010-05-13 02:46 . 2010-05-13 02:46 50176 ----a-w- c:\windows\system32\iyuv_32.dll
2010-05-13 02:46 . 2010-05-13 02:46 31744 ----a-w- c:\windows\system32\msvidc32.dll
2010-05-13 02:46 . 2010-05-13 02:46 22016 ----a-w- c:\windows\system32\msyuv.dll
2010-05-13 02:46 . 2010-05-13 02:46 13312 ----a-w- c:\windows\system32\msrle32.dll
2010-05-13 02:46 . 2010-05-13 02:46 1328640 ----a-w- c:\windows\system32\quartz.dll
2010-05-13 02:46 . 2010-05-13 02:46 12288 ----a-w- c:\windows\system32\tsbyuv.dll
2010-05-13 02:46 . 2010-05-13 02:46 257024 ----a-w- c:\windows\system32\msv1_0.dll
2010-05-13 02:46 . 2010-05-13 02:46 34816 ----a-w- c:\windows\system32\msasn1.dll
2010-05-13 02:45 . 2010-05-13 02:45 12625408 ----a-w- c:\windows\system32\wmploc.DLL
2010-05-13 02:45 . 2010-05-13 02:45 728648 ----a-w- c:\windows\system32\drivers\dxgkrnl.sys
2010-05-13 02:45 . 2010-05-13 02:45 507568 ----a-w- c:\windows\system32\winload.exe
2010-05-13 02:45 . 2010-05-13 02:45 442920 ----a-w- c:\windows\system32\winresume.exe
2010-05-13 02:45 . 2010-05-13 02:45 1320960 ----a-w- c:\windows\system32\CertEnroll.dll
2010-05-13 02:44 . 2010-05-13 02:44 70656 ----a-w- c:\windows\system32\fontsub.dll
2010-05-13 02:44 . 2010-05-13 02:44 108544 ----a-w- c:\windows\system32\t2embed.dll
2010-05-13 02:44 . 2010-05-13 02:44 310784 ----a-w- c:\windows\system32\drivers\srv.sys
2010-05-13 02:44 . 2010-05-13 02:44 113664 ----a-w- c:\windows\system32\drivers\srvnet.sys
2009-06-10 21:26 . 2009-07-14 02:04 9633792 --sha-r- c:\windows\Fonts\StaticCache.dat
2009-07-14 01:14 . 2009-07-13 23:42 396800 --sha-w- c:\windows\winsxs\x86_microsoft-windows-mail-app_31bf3856ad364e35_6.1.7600.16385_none_f12e83abb108c86c\WinMail.exe
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\00Zecter]
@="{D25B32FE-CB96-491A-98FF-AD59DA382D69}"
[HKEY_CLASSES_ROOT\CLSID\{D25B32FE-CB96-491A-98FF-AD59DA382D69}]
2010-03-28 22:22 718848 ----a-w- c:\program files\Hewlett-Packard\HP CloudDrive\ShellExt.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\01Zecter]
@="{EB24CA6D-F315-4A81-AC1A-C79CFD77F3F5}"
[HKEY_CLASSES_ROOT\CLSID\{EB24CA6D-F315-4A81-AC1A-C79CFD77F3F5}]
2010-03-28 22:22 718848 ----a-w- c:\program files\Hewlett-Packard\HP CloudDrive\ShellExt.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\02Zecter]
@="{B3C78E40-6B64-47C3-AE34-60B770881EB8}"
[HKEY_CLASSES_ROOT\CLSID\{B3C78E40-6B64-47C3-AE34-60B770881EB8}]
2010-03-28 22:22 718848 ----a-w- c:\program files\Hewlett-Packard\HP CloudDrive\ShellExt.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\03Zecter]
@="{622AFE52-33F6-4D9F-9966-E0BC52D7D69D}"
[HKEY_CLASSES_ROOT\CLSID\{622AFE52-33F6-4D9F-9966-E0BC52D7D69D}]
2010-03-28 22:22 718848 ----a-w- c:\program files\Hewlett-Packard\HP CloudDrive\ShellExt.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\04Zecter]
@="{855156F0-2A0F-11DE-8C30-0800200C9A66}"
[HKEY_CLASSES_ROOT\CLSID\{855156F0-2A0F-11DE-8C30-0800200C9A66}]
2010-03-28 22:22 718848 ----a-w- c:\program files\Hewlett-Packard\HP CloudDrive\ShellExt.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2010-04-24 141848]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2010-04-24 173592]
"Persistence"="c:\windows\system32\igfxpers.exe" [2010-04-24 150552]
"SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2010-05-28 1721640]
"IAAnotif"="c:\program files\Intel\Intel Matrix Storage Manager\iaanotif.exe" [2009-10-13 186904]
"SysTrayApp"="c:\program files\IDT\WDM\sttray.exe" [2010-02-26 495708]
"MSN Toolbar"="c:\program files\MSN Toolbar\Platform\4.0.0369.0\mswinext.exe" [2009-11-30 240472]
"Microsoft Default Manager"="c:\program files\Microsoft\Search Enhancement Pack\Default Manager\DefMgr.exe" [2009-07-17 288080]
"DTRun"="c:\program files\ArcSoft\TotalMedia Theatre 3\uDTRun.exe" [2009-12-10 518656]
"HP Quick Launch"="c:\program files\Hewlett-Packard\HP Quick Launch\HPMSGSVC.exe" [2010-04-09 601144]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2009-12-11 948672]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2009-12-22 35760]
"HP Software Update"="c:\program files\Hp\HP Software Update\HPWuSchd2.exe" [2008-12-08 54576]
"ZumoDrive"="c:\program files\Hewlett-Packard\HP CloudDrive\ZumoLauncher.lnk" [2010-05-13 2038]
"HPWirelessAssistant"="c:\program files\Hewlett-Packard\HP Wireless Assistant\DelayedAppStarter.exe" [2010-04-05 8192]
"AVG9_TRAY"="c:\progra~1\AVG\AVG9\avgtray.exe" [2010-08-07 2065760]
"Adobe Acrobat Speed Launcher"="c:\program files\Adobe\Acrobat 9.0\Acrobat\Acrobat_sl.exe" [2008-06-12 37232]
"Acrobat Assistant 8.0"="c:\program files\Adobe\Acrobat 9.0\Acrobat\Acrotray.exe" [2008-06-12 640376]

c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
HP Media Suite.lnk - c:\program files\Hewlett-Packard\HP Media Suite\Home\ArcStart.exe [2010-4-1 91648]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
"PromptOnSecureDesktop"= 0 (0x0)

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"AppInit_DLLs"=c:\windows\System32\avgrsstx.dll c:\windows\System32\acaptuser32.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"mixer"=wdmaud.drv

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
Security Packages REG_MULTI_SZ kerberos msv1_0 schannel wdigest tspkg pku2u livessp

R3 netw5v32;Intel® Wireless WiFi Link 5000 Series Adapter Driver for Windows Vista 32 Bit;c:\windows\system32\DRIVERS\netw5v32.sys [2009-07-13 4231168]
R3 RSUSBSTOR;RtsUStor.Sys Realtek USB Card Reader;c:\windows\system32\Drivers\RtsUStor.sys [2010-02-09 186912]
R3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt86win7.sys [2009-10-03 204288]
R3 SrvHsfHDA;SrvHsfHDA;c:\windows\system32\DRIVERS\VSTAZL3.SYS [2009-07-13 207360]
R3 SrvHsfV92;SrvHsfV92;c:\windows\system32\DRIVERS\VSTDPV3.SYS [2009-07-13 980992]
R3 SrvHsfWinac;SrvHsfWinac;c:\windows\system32\DRIVERS\VSTCNXT3.SYS [2009-07-13 661504]
R3 yukonw7;NDIS6.2 Miniport Driver for Marvell Yukon Ethernet Controller;c:\windows\system32\DRIVERS\yk62x86.sys [2009-07-13 311296]
S1 archlp;archlp;c:\windows\system32\drivers\archlp.sys [2009-06-03 131584]
S1 AvgLdx86;AVG Free AVI Loader Driver x86;c:\windows\System32\Drivers\avgldx86.sys [2010-08-07 216400]
S1 AvgTdiX;AVG Free Network Redirector;c:\windows\System32\Drivers\avgtdix.sys [2010-08-07 243024]
S1 DVMIO;DeviceVM IO Service;c:\windows\system32\DRIVERS\dvmio.sys [2009-11-11 18136]
S1 vwififlt;Virtual WiFi Filter Driver;c:\windows\system32\DRIVERS\vwififlt.sys [2009-07-13 48128]
S2 AESTFilters;Andrea ST Filters Service;c:\windows\System32\DriverStore\FileRepository\stwrt.inf_x86_neutral_0cefa6767c6211ec\aestsrv.exe [2009-03-03 81920]
S2 avg9emc;AVG Free E-mail Scanner;c:\program files\AVG\AVG9\avgemc.exe [2010-08-07 921952]
S2 avg9wd;AVG Free WatchDog;c:\program files\AVG\AVG9\avgwdsvc.exe [2010-08-07 308136]
S2 DvmMDES;DeviceVM Meta Data Export Service;c:\swsetup\QuickWeb\QW.SYS\config\DVMExportService.exe [2010-04-01 338168]
S2 HP Wireless Assistant Service;HP Wireless Assistant Service;c:\program files\Hewlett-Packard\HP Wireless Assistant\HPWA_Service.exe [2010-04-05 103992]
S2 HPWMISVC;HPWMISVC;c:\program files\Hewlett-Packard\HP Quick Launch\HPWMISVC.exe [2010-04-09 26168]
S3 vwifimp;Microsoft Virtual WiFi Miniport Service;c:\windows\system32\DRIVERS\vwifimp.sys [2009-07-13 14336]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
LocalServiceAndNoImpersonation REG_MULTI_SZ SSDPSRV upnphost SCardSvr TBS FontCache fdrespub AppIDSvc QWAVE wcncsvc

[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{4FB2407C-C8E4-BBC8-BB1C-FCCB2EF5914B}]
2010-04-19 03:47 702464 ----a-w- c:\program files\Hewlett-Packard\HP Media Suite\Home\HPMediaSuite.exe

[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{4FB2AA7C-C8E4-BBC8-BB1C-FAAB2EF5914B}]
2009-07-14 01:14 141824 ----a-w- c:\windows\System32\wscript.exe
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.yahoo.com/
IE: Append Link Target to Existing PDF - c:\program files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
IE: Append to Existing PDF - c:\program files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppend.html
IE: Convert Link Target to Adobe PDF - c:\program files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
IE: Convert to Adobe PDF - c:\program files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIECapture.html
.
- - - - ORPHANS REMOVED - - - -

AddRemove-{B60DCA15-56A3-4D2D-8747-22CF7D7B588B} - c:\program files\InstallShield Installation Information\{B60DCA15-56A3-4D2D-8747-22CF7D7B588B}\setup.exe

.
--------------------- LOCKED REGISTRY KEYS ---------------------

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
Completion time: 2010-08-07 22:27:54
ComboFix-quarantined-files.txt 2010-08-08 05:27

Pre-Run: 201,402,802,176 bytes free
Post-Run: 201,321,709,568 bytes free

- - End Of File - - 2AAFE88A26D70BCCB36720E9C36A0DD8

#10 SweetTech

Agent ST

Group: Malware Response Team
Posts: 12,662
Joined: 15-March 09
Gender:Male
Location:Antarctica

Posted 10 May 2011 - 10:15 AM

Hi!

One or more of the identified infections is a backdoor trojan and password stealer.

This type of infection allows hackers to access and remotely control your computer, log keystrokes, steal critical system information, and download and execute files without your knowledge.
If you do any banking or other financial transactions on the PC or if it contains any other sensitive information, then from a clean computer, change all passwords where applicable.
It would also be wise to contact those same financial institutions to appraise them of your situation.

I highly suggest you take a look at the two links provided below:
1. How Do I Handle Possible Identify Theft, Internet Fraud, and CC Fraud?
2. When should I re-format? How should I reinstall?

We can still clean this machine but I can't guarantee that it will be 100% secure afterwards. Let me know what you decide to do. If you decide to go through with the cleanup, please proceed with the following steps.

NEXT:

The main infection that you were infected with is called TDL3 & TDL4.

See the snippet of text below:

Quote

2011/05/09 12:48:48.0929 3500 Detected object count: 1
2011/05/09 12:49:53.0529 3500 \HardDisk1 (Rootkit.Win32.TDSS.tdl4) - will be cured after reboot
2011/05/09 12:49:53.0529 3500 \HardDisk1 - ok
2011/05/09 12:49:53.0545 3500 Rootkit.Win32.TDSS.tdl4(\HardDisk1) - User select action: Cure
2011/05/09 12:50:13.0372 1724 Deinitialize success

You can read more about this infection here:

Special thanks to quietman7 for providing the above links.

NEXT:

Malwarebytes' Anti-Malware

I see that you have Malwarebytes' Anti-Malware installed on your computer could you please do a scan using these settings:

Open Malwarebytes' Anti-Malware
Select the Update tab
Click Check for Updates
After the update have been completed, Select the Scanner tab.
Select Perform quick scan, then click on Scan
Leave the default options as it is and click on Start Scan
When done, you will be prompted. Click OK, then click on Show Results
Checked (ticked) all items and click on Remove Selected
After it has removed the items, Notepad will open. Please post this log in your next reply. You can also find the log in the Logs tab. The bottom most log is the latest

Extra Note: If MBAM encounters a file that is difficult to remove, you will be presented with 1 of 2 prompts, click OK to either and let MBAM proceed with the disinfection process, if asked to restart the computer, please do so immediately.

NEXT:

ESET Online Scanner
I'd like us to scan your machine with ESET Online Scan

Note: It is recommended to disable on-board anti-virus program and anti-spyware programs while performing scans so there are no conflicts and it will speed up scan time.
Please don't go surfing while your resident protection is disabled!
Once the scan is finished remember to re-enable your anti-virus along with your anti-spyware programs.

Hold down Control and click on the following link to open ESET OnlineScan in a new window.
ESET OnlineScan
Click the button.
For alternate browsers only: (Microsoft Internet Explorer users can skip these steps)
- Click on to download the ESET Smart Installer. Save it to your desktop.
- Double click on the icon on your desktop.
Check
Click the button.
Accept any security warnings from your browser.
Check
Make sure that the option "Remove found threats" is Unchecked
When the Computer scan settings display shows, click the Advanced option, the place a check next to the following (if it is not already checked):
- Enable Anti-Stealth technology
Push the Start button.
ESET will then download updates for itself, install itself, and begin
scanning your computer. Please be patient as this can take some time.
When the scan completes, push
Push , and save the file to your desktop using a unique name, such as
ESETScan. Include the contents of this report in your next reply.
Push the button.
Push

NEXT:

Security Check
Download Security Check by screen317 from here or here.

Save it to your Desktop.
Double click SecurityCheck.exe and follow the onscreen instructions inside of the black box.
A Notepad document should open automatically called checkup.txt; please post the contents of that document.

#11 nyclad

Member

Group: Members
Posts: 44
Joined: 06-September 10

Posted 10 May 2011 - 11:39 AM

Hi SR,

I do want to try to clean the computer up as best as possible.

The Malwarebytes' Anti-Malware desktop icon is missing, so I loaded the mbam.exe from Windows Explorer.

THe problem is that it will not allow me to update. I do have internet access, but when I try to update, it "tries" for a few times, then has a popup:
PROGRAM_ERROR_UPDATING (5, 0, CreateFile)
Access is denied.

Malwarebytes' Anti-Malware is 9 days out of date, should I try it without the update? Or is there a workaround?

Thanks much,
Steve

#12 SweetTech

Agent ST

Group: Malware Response Team
Posts: 12,662
Joined: 15-March 09
Gender:Male
Location:Antarctica

Posted 10 May 2011 - 11:48 AM

Are you ensuring that you are running MBAM as an Administrator?

#13 nyclad

Member

Group: Members
Posts: 44
Joined: 06-September 10

Posted 10 May 2011 - 04:24 PM

Hi ST,

Yes, I tried running MBAM as administrator several times with the same result. Should I try a removal and reinstall? Or work around it somehow?

Thanks,
Steve

#14 SweetTech

Agent ST

Group: Malware Response Team
Posts: 12,662
Joined: 15-March 09
Gender:Male
Location:Antarctica

Posted 10 May 2011 - 04:41 PM

Steve,

Yeah, removing MBAM and than re-installing it, will probably be the best option right now.

#15 nyclad

Member

Group: Members
Posts: 44
Joined: 06-September 10

Posted 11 May 2011 - 06:43 AM

Hi ST,

I was able to run MBAM, ESET, and SecurityCheck successfully. The only thing is that ESET seemed to take a really long time, 5-6 hours I think, so I let it run overnight until it completed. I'm not sure if that's normal or not.

Here are the associated logs:

MBAM:

Malwarebytes' Anti-Malware 1.50.1.1100
www.malwarebytes.org

Database version: 6549

Windows 6.1.7601 Service Pack 1
Internet Explorer 9.0.8112.16421

5/10/2011 2:59:16 PM
mbam-log-2011-05-10 (14-59-16).txt

Scan type: Quick scan
Objects scanned: 151205
Time elapsed: 5 minute(s), 11 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 1
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 1

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Lfodupadewiyohup (Trojan.Agent.U) -> Value: Lfodupadewiyohup -> Quarantined and deleted successfully.

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
c:\Windows\System32\winset.ini (Malware.Trace) -> Quarantined and deleted successfully.

ESET:

C:\Qoobox\Quarantine\MBR_HardDisk0.mbr Win32/Olmarik.AJL trojan
C:\Qoobox\Quarantine\C\Program Files\Search Toolbar\SearchToolbar.dll.vir Win32/Toolbar.Zugo application
C:\Qoobox\Quarantine\C\Windows\system32\Drivers\iaStor.sys.vir Win32/Olmarik.SJ trojan
C:\_OTL\MovedFiles\05092011_100145\C_ProgramData\36822792.exe a variant of Win32/Kryptik.NGB trojan
C:\_OTL\MovedFiles\05092011_100145\C_ProgramData\fhFLtreUvTGXnKC.exe a variant of Win32/Kryptik.NGB trojan
C:\_OTL\MovedFiles\05092011_100145\C_RECYCLER\S-1-5-21-0243936033-3052116371-381863308-1811\vsbntlo.exe a variant of Win32/Injector.FYF trojan
C:\_OTL\MovedFiles\05092011_100145\C_Users\Steev\AppData\Local\mgesyp.dll Win32/Cimag.DU trojan
C:\_OTL\MovedFiles\05092011_100145\C_Windows\System32\dafr.exe a variant of Win32/Injector.GAU trojan
C:\_OTL\MovedFiles\05092011_100145\C_Windows\System32\ww1waf.dll a variant of Win32/Ertfor.C trojan
C:\_OTL\MovedFiles\05092011_100145\C_Windows\System32\drivers\srenum.sys Win32/Rootkit.Agent.NUP trojan

SecurityCheck:

Results of screen317's Security Check version 0.99.7
Windows 7 Service Pack 1 (UAC is disabled!)
Internet Explorer 8
``````````````````````````````
Antivirus/Firewall Check:
Windows Firewall Disabled!
AVG 2011
ESET Online Scanner v3
WMI entry may not exist for antivirus; attempting automatic update.
```````````````````````````````
Anti-malware/Other Utilities Check:
Malwarebytes' Anti-Malware
Java™ 6 Update 24
Out of date Java installed!
Adobe Flash Player
Adobe Reader 9.3 MUI
Out of date Adobe Reader installed!
````````````````````````````````
Process Check:
objlist.exe by Laurent
``````````End of Log````````````

This post has been edited by nyclad: 11 May 2011 - 06:44 AM