Antivirus keeps being disabled by Backdoor Trojan

Forum Guidelines

Read the following topic before creating a new topic in this forum. It contains instructions on the what we would like you to post, which will enable us to help you more quickly.

Preparation Guide For Use Before Using Malware Removal Tools and Requesting Help

Posted Image

Unfortunately, with the amount of logs we receive per day, the average response time is 5 days. I want to assure you, though, that your topic will be looked at and responded to. So please be patient.

Posted Image

DO NOT RUN ComboFix unless requested to.

Posted Image

Only members of the Malware Response Team or Moderators are allowed to help people with logs. Anyone else should refrain from posting to another user's log.

Posted Image

When posting a log please put the type of infection you have in the topic title. IE: Winfixer, Virtumonde, WinTools, WebSearch, Home Search Assistant, etc.

Posted Image

Do not bump your topic. We try to resolve logs on a first come/first served basis. By bumping your log you will be pushed back in line due to the new date of your bump.

2 Pages
1
2
→

You cannot start a new topic
This topic is locked

Antivirus keeps being disabled by Backdoor Trojan Can't seem to get rid of it

#1 Pyrosteria

New Member

Group: Members
Posts: 13
Joined: 31-May 11

Posted 31 May 2011 - 01:55 PM

Whatever antivirus software that I install(AVG, Avast, Avira), after a restart it becomes disabled. I was able to install AVG in safe mode and run it after a restart. It caught a trojan called Backdoor.Generic13.BKVZ. Also, I used TDSSKiller and it fixed an infected file(system32\drivers\smb.sys) and also labeled sptd.sys as suspicious. Regardless of that, after starting up the computer again this morning, AVG was disabled again(no active components) and TDSSKiller found another infected file(netbt.sys) which it fixed. Now running---or not running---Avira.

DDS (Ver_11-05-19.01) - NTFSx86
Internet Explorer: 8.0.6001.19048 BrowserJavaVersion: 1.6.0_24
Run by owner at 13:32:20 on 2011-05-31
Microsoft® Windows Vista™ Home Basic 6.0.6001.1.1252.1.1033.18.2039.1118 [GMT -4:00]
.
AV: AntiVir Desktop *Disabled/Updated* {090F9C29-64CE-6C6F-379C-5901B49A85B7}
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
SP: AntiVir Desktop *Disabled/Updated* {B26E7DCD-42F4-63E1-0D2C-6273CF1DCF0A}
.
============== Running Processes ===============
.
C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\svchost.exe -k rpcss
C:\Windows\System32\svchost.exe -k secsvcs
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k GPSvcGroup
C:\Windows\system32\SLsvc.exe
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\taskeng.exe
C:\Program Files\Avira\AntiVir Desktop\sched.exe
C:\Windows\system32\Dwm.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Windows\Explorer.EXE
C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
c:\Program Files\Common Files\LightScribe\LSSrvc.exe
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\Windows\system32\svchost.exe -k imgsvc
C:\Windows\System32\svchost.exe -k WerSvcGroup
C:\Windows\system32\SearchIndexer.exe
C:\Windows\system32\DRIVERS\xaudio.exe
C:\Program Files\Spybot - Search & Destroy\SDWinSec.exe
C:\Program Files\Windows Defender\MSASCui.exe
C:\hp\support\hpsysdrv.exe
C:\Program Files\Hewlett-Packard\On-Screen OSD Indicator\OSD.exe
C:\Windows\System32\igfxpers.exe
C:\Program Files\Common Files\Java\Java Update\jusched.exe
C:\Program Files\DivX\DivX Update\DivXUpdate.exe
C:\Program Files\Real\realplayer\Update\realsched.exe
C:\Program Files\Avira\AntiVir Desktop\avgnt.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
C:\Program Files\Compaq Connections\3572475\Program\Compaq Connections.exe
C:\Program Files\Windows Media Player\wmpnscfg.exe
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\Windows\system32\igfxsrvc.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Windows\system32\taskeng.exe
C:\Windows\system32\wuauclt.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Mozilla Firefox\plugin-container.exe
C:\Windows\explorer.exe
C:\Windows\system32\DllHost.exe
C:\Windows\system32\DllHost.exe
C:\Users\owner\Downloads\dds.scr
C:\Windows\system32\WSCRIPT.exe
C:\Windows\system32\wbem\wmiprvse.exe
.
============== Pseudo HJT Report ===============
.
uStart Page = hxxp://www.yahoo.com/
mStart Page = hxxp://www.yahoo.com/
mDefault_Page_URL = hxxp://www.yahoo.com/
uURLSearchHooks: H - No File
BHO: Yahoo! Toolbar Helper: {02478d38-c3f9-4efb-9b51-7695eca05670} - c:\program files\yahoo!\companion\installs\cpn\yt.dll
BHO: Adobe PDF Reader Link Helper: {06849e9f-c8d7-4d59-b87d-784b7d6be0b3} - c:\program files\adobe\acrobat 7.0\activex\AcroIEHelper.dll
BHO: RealPlayer Download and Record Plugin for Internet Explorer: {3049c3e9-b461-4bc5-8870-4c09146192ca} - c:\programdata\real\realplayer\browserrecordplugin\ie\rpbrowserrecordplugin.dll
BHO: Spybot-S&D IE Protection: {53707962-6f74-2d53-2644-206d7942484f} - c:\program files\spybot - search & destroy\SDHelper.dll
BHO: Google Toolbar Helper: {aa58ed58-01dd-4d91-8333-cf10577473f7} - c:\program files\google\googletoolbar1.dll
BHO: Java™ Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
TB: Yahoo! Toolbar: {ef99bd32-c1fb-11d2-892f-0090271d4f88} - c:\program files\yahoo!\companion\installs\cpn\yt.dll
TB: &Google: {2318c2b1-4965-11d4-9b18-009027a5cd4f} - c:\program files\google\googletoolbar1.dll
TB: {CCC7A320-B3CA-4199-B1A6-9F516DD69829} - No File
TB: {4E7BD74F-2B8D-469E-8DA9-FD60BB9AAE33} - No File
TB: {32099AAC-C132-4136-9E9A-4E364A424E17} - No File
TB: {C55BBCD6-41AD-48AD-9953-3609C48EACC7} - No File
TB: {A057A204-BACC-4D26-9990-79A187E2698E} - No File
uRun: [Sidebar] c:\program files\windows sidebar\sidebar.exe /autoRun
uRun: [updateMgr] "c:\program files\adobe\acrobat 7.0\reader\AdobeUpdateManager.exe" AcRdB7_0_9 -reboot 1
uRun: [Google Update] "c:\users\owner\appdata\local\google\update\GoogleUpdate.exe" /c
uRun: [WMPNSCFG] c:\program files\windows media player\WMPNSCFG.exe
uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe
uRun: [SpybotSD TeaTimer] c:\program files\spybot - search & destroy\TeaTimer.exe
mRun: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide
mRun: [hpsysdrv] c:\hp\support\hpsysdrv.exe
mRun: [OsdMaestro] "c:\program files\hewlett-packard\on-screen osd indicator\OSD.exe"
mRun: [RtHDVCpl] RtHDVCpl.exe
mRun: [<NO NAME>]
mRun: [DXM6Patch_981116] c:\windows\p_981116.exe /Q:A
mRun: [Malwarebytes Anti-Malware (reboot)] "c:\program files\malwarebytes' anti-malware\mbam.exe" /runcleanupscript
mRun: [IgfxTray] c:\windows\system32\igfxtray.exe
mRun: [HotKeysCmds] c:\windows\system32\hkcmd.exe
mRun: [Persistence] c:\windows\system32\igfxpers.exe
mRun: [QuickTime Task] "c:\program files\quicktime\QTTask.exe" -atboottime
mRun: [SunJavaUpdateSched] "c:\program files\common files\java\java update\jusched.exe"
mRun: [DivXUpdate] "c:\program files\divx\divx update\DivXUpdate.exe" /CHECKNOW
mRun: [Malwarebytes' Anti-Malware (reboot)] "c:\users\owner\desktop\mailwarebytes' anti-malware\mcam.exe" /runcleanupscript
mRun: [TkBellExe] "c:\program files\real\realplayer\update\realsched.exe" -osboot
mRun: [avgnt] "c:\program files\avira\antivir desktop\avgnt.exe" /min
mRunOnce: [AvgUninstallURL] cmd.exe /c start http://www.avg.com/ww.special-uninstallation-feedback-appf?lic=NFVZOVgtTlNWVkwtTzRCWlEtUUlNQ0wtUVREQ0gtNElKTUg"&"inst=NzctNjQxOTYwMzI4LUJBKzEtS1YzKzctVDUtVUNBTEwrMS1GUDkrNi1UQjkrMi1GTCs5LUYxME0rNS1RSVgxKzQtWDIwMTArMi1WSVAxMCsxLUYxME0xMEQrMi1MSUMrNzctRkwxMCsxLVNQMSsxLVNVRCsxLVMxSSsxLVNVMysxLVRVRysz"&"prod=90"&"ver=10.0.1375
mRunOnce: [Launcher] %WINDIR%\SMINST\launcher.exe
StartupFolder: c:\progra~2\micros~1\windows\startm~1\programs\startup\compaq~1.lnk - c:\program files\compaq connections\3572475\program\Compaq Connections.exe
mPolicies-system: EnableUIADesktopToggle = 0 (0x0)
IE: E&xport to Microsoft Excel - c:\progra~1\micros~3\office12\EXCEL.EXE/3000
IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - c:\progra~1\micros~3\office12\ONBttnIE.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~3\office12\REFIEBAR.DLL
IE: {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - {53707962-6F74-2D53-2644-206D7942484F} - c:\program files\spybot - search & destroy\SDHelper.dll
LSP: mswsock.dll
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0003-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_03-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_07-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cab
Notify: igfxcui - igfxdev.dll
.
================= FIREFOX ===================
.
FF - ProfilePath - c:\users\owner\appdata\roaming\mozilla\firefox\profiles\j7aa5u9e.default\
FF - prefs.js: browser.search.selectedEngine - AVG Secure Search
FF - prefs.js: browser.startup.homepage - hxxp://www.yahoo.com/
FF - prefs.js: keyword.URL - hxxp://search.avg.com/route/?d=4de4144e&v=7.004.022.004&i=23&tp=ab&iy=&ychte=us&lng=en-US&q=
FF - component: c:\program files\avg\avg10\firefox4\components\avgssff4.dll
FF - component: c:\program files\avg\avg10\toolbar\firefox\avg@igeared\components\IGeared_tavgp_xputils3.dll
FF - component: c:\program files\avg\avg10\toolbar\firefox\avg@igeared\components\IGeared_tavgp_xputils35.dll
FF - component: c:\program files\avg\avg10\toolbar\firefox\avg@igeared\components\xpavgtbapi.dll
FF - component: c:\programdata\real\realplayer\browserrecordplugin\firefox\ext\components\nprpffbrowserrecordext.dll
FF - component: c:\programdata\real\realplayer\browserrecordplugin\firefox\ext\components\nprpffbrowserrecordlegacyext.dll
FF - component: c:\users\owner\appdata\roaming\mozilla\firefox\profiles\j7aa5u9e.default\extensions\{a7c6cf7f-112c-4500-a7ea-39801a327e5f}\platform\winnt_x86-msvc\components\ipc_fireftp.dll
FF - plugin: c:\program files\divx\divx ovs helper\npovshelper.dll
FF - plugin: c:\program files\divx\divx plus web player\npdivx32.dll
FF - plugin: c:\program files\java\jre6\bin\new_plugin\npdeployJava1.dll
FF - plugin: c:\program files\mozilla firefox\plugins\npdeployJava1.dll
FF - plugin: c:\programdata\real\realplayer\browserrecordplugin\mozillaplugins\nprpchromebrowserrecordext.dll
FF - plugin: c:\programdata\real\realplayer\browserrecordplugin\mozillaplugins\nprphtml5videoshim.dll
FF - plugin: c:\users\owner\appdata\local\google\update\1.3.21.53\npGoogleUpdate3.dll
.
---- FIREFOX POLICIES ----
FF - user.js: yahoo.homepage.dontask - true
============= SERVICES / DRIVERS ===============
.
R2 aawservice;Ad-Aware 2007 Service;c:\program files\lavasoft\ad-aware 2007\aawservice.exe [2007-6-5 565248]
R2 AntiVirSchedulerService;Avira AntiVir Scheduler;c:\program files\avira\antivir desktop\sched.exe [2011-5-31 136360]
R2 avgntflt;avgntflt;c:\windows\system32\drivers\avgntflt.sys [2011-5-31 61960]
R2 SBSDWSCService;SBSD Security Center Service;c:\program files\spybot - search & destroy\SDWinSec.exe [2011-5-30 1165312]
S2 AntiVirService;Avira AntiVir Guard;c:\program files\avira\antivir desktop\avguard.exe [2011-5-31 269480]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\microsoft.net\framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
S3 Futuremark SystemInfo Service;Futuremark SystemInfo Service;c:\program files\common files\futuremark shared\futuremark systeminfo\FMSISvc.exe [2011-1-22 129440]
S3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;c:\windows\microsoft.net\framework\v4.0.30319\wpf\WPFFontCache_v0400.exe [2010-3-18 753504]
.
=============== Created Last 30 ================
.
2011-05-31 14:26:09 -------- d-----w- c:\users\owner\appdata\roaming\Avira
2011-05-31 14:04:28 61960 ----a-w- c:\windows\system32\drivers\avgntflt.sys
2011-05-31 14:04:27 -------- d-----w- c:\programdata\Avira
2011-05-31 14:04:27 -------- d-----w- c:\program files\Avira
2011-05-31 01:02:41 -------- d--h--w- c:\program files\Temp
2011-05-30 16:44:45 388096 ----a-r- c:\users\owner\appdata\roaming\microsoft\installer\{45a66726-69bc-466b-a7a4-12fcba4883d7}\HiJackThis.exe
2011-05-30 16:44:45 -------- d-----w- c:\program files\Trend Micro
2011-05-30 14:02:16 -------- d-----w- c:\programdata\Spybot - Search & Destroy
2011-05-30 14:02:16 -------- d-----w- c:\program files\Spybot - Search & Destroy
2011-05-30 13:09:44 40112 ----a-w- c:\windows\avastSS.scr
2011-05-30 13:09:32 -------- d-----w- c:\programdata\AVAST Software
2011-05-30 13:03:49 6962000 ----a-w- c:\programdata\microsoft\windows defender\definition updates\{c17b92dd-6c56-461f-8156-51f0b7ac3af2}\mpengine.dll
2011-05-29 02:22:04 54016 ----a-w- c:\windows\system32\drivers\mlkfk.sys
2011-05-22 12:56:06 -------- d-----w- c:\program files\common files\xing shared
2011-05-11 12:09:15 2409784 ----a-w- c:\program files\windows mail\OESpamFilter.dat
2011-05-04 20:04:46 -------- d-----w- c:\program files\Bonjour
.
==================== Find3M ====================
.
2011-05-31 17:11:19 184320 ----a-w- c:\windows\system32\drivers\netbt.sys
2011-05-31 14:51:22 319456 ----a-w- c:\windows\DIFxAPI.dll
2011-05-31 13:36:07 66560 ----a-w- c:\windows\system32\drivers\smb.sys
2011-05-31 12:26:32 388608 ----a-w- c:\windows\system32\drivers\XAudio.exe
2011-05-24 23:14:10 222080 ------w- c:\windows\system32\MpSigStub.exe
2011-05-22 12:54:55 499712 ----a-w- c:\windows\system32\msvcp71.dll
2011-05-22 12:54:55 348160 ----a-w- c:\windows\system32\msvcr71.dll
2011-04-06 20:20:16 91424 ----a-w- c:\windows\system32\dnssd.dll
2011-04-06 20:20:16 75040 ----a-w- c:\windows\system32\jdns_sd.dll
2011-04-06 20:20:16 197920 ----a-w- c:\windows\system32\dnssdX.dll
2011-04-06 20:20:16 107808 ----a-w- c:\windows\system32\dns-sd.exe
2011-03-10 16:12:54 1161728 ----a-w- c:\windows\system32\mfc42u.dll
2011-03-10 16:12:54 1136640 ----a-w- c:\windows\system32\mfc42.dll
2011-03-03 15:00:15 738816 ----a-w- c:\windows\system32\inetcomm.dll
2011-03-03 14:56:40 28672 ----a-w- c:\windows\system32\Apphlpdm.dll
2011-03-03 14:56:29 173056 ----a-w- c:\windows\apppatch\AcXtrnal.dll
2011-03-03 14:56:26 459776 ----a-w- c:\windows\apppatch\AcSpecfc.dll
2011-03-03 14:56:25 541696 ----a-w- c:\windows\apppatch\AcLayers.dll
2011-03-03 14:56:25 2153984 ----a-w- c:\windows\apppatch\AcGenral.dll
2011-03-03 13:01:01 4240384 ----a-w- c:\windows\system32\GameUXLegacyGDFs.dll
2011-03-03 12:53:48 2040832 ----a-w- c:\windows\system32\win32k.sys
.
============= FINISH: 13:32:44.78 ===============

Attached File(s)

Attach.txt (15.79K)
Number of downloads: 0
ark.txt (7.41K)
Number of downloads: 2

#2 SweetTech

Agent ST

Group: Malware Response Team
Posts: 12,662
Joined: 15-March 09
Gender:Male
Location:Antarctica

Posted 06 June 2011 - 11:23 AM

Hello and welcome to the forums!

My secret agent name on the forums is SweetTech (you can call me ST for short), it's a pleasure to meet you.

I am very sorry for the delay in responding, but as you can see we are at the moment being flooded with logs which, when paired with the never-ending shortage of helpers, resulted in the delayed responding to your thread.

I would be glad to take a look at your log and help you with solving any malware problems.

If you have since resolved the issues you were originally experiencing, or have received help elsewhere, please inform me so that this topic can be closed.

If you have not, please adhere to the guidelines below and then follow instructions as outlined further below:

Logs from malware removal programs (OTL is one of them) can take some time to analyze. I need you to be patient while I analyze any logs you post. Please remember, I am a volunteer, and I do have a life outside of these forums.
Please make sure to carefully read any instruction that I give you. Attention to detail is important! Since I cannot see or directly interact with your computer I am dependent on you to "be my eyes" and provide as much information as you can regarding the current state of your computer.
If you're not sure, or if something unexpected happens, do NOT continue! Stop and ask!
In Windows Vista and Windows 7, all tools need to be started by right clicking and selecting Run as Administrator!
If I instruct you to download a specific tool in which you already have, please delete the copy that you have and re-download the tool. The reason I ask you to do this is because these tools are updated fairly regularly.
Do not do things I do not ask for, such as running a spyware scan on your computer. The one thing that you should always do, is to make sure sure that your anti-virus definitions are up-to-date!
Please do not use the Attachment feature for any log file. Do a Copy/Paste of the entire contents of the log file and submit it inside your post.
I am going to stick with you until ALL malware is gone from your system. I would appreciate it if you would do the same. From this point, we're in this together ;)
Because of this, you must reply within three days failure to reply will result in the topic being closed!
Please do not PM me directly for help. If you have any questions, post them in this topic.
Lastly, I am no magician. I will try very hard to fix your issues, but no promises can be made. Also be aware that some infections are so severe that you might need to resort to reformatting and reinstalling your operating system.
Don't worry, this only happens in severe cases, but it sadly does happen. Be prepared to back up your data. Have means of backing up your data available.

____________________________________________________

Please post the TDSSKiller logs. They can be found in the C:\ drive.

Rootkit UnHooker (RkU)
Please download Rootkit Unhooker from one of the following links and save it to your desktop.

Link 1 (.exe file)

Link 2 (zipped file)

Link 3 (.rar file)

In order to use this tool if you downloaded from either of the second two links, you will need to extract the RKUnhookerLE.exe file using a program capable of extracing ZIP and RAR compressed files. If you don't have an extraction program, you can downlaod, install and use the free 7-zip utility.

Double-click on RKUnhookerLE.exe to start the program.
Vista/Windows 7 users right-click and select Run As Administrator.
Click the Report tab, then click Scan.
Check Drivers, Stealth Code, and uncheck the rest.
Click OK.
Wait until it's finished and then go to File > Save Report.
Save the report to your Desktop.
Copy and paste the contents of the report into your next reply.

-- Note: You may get this warning...just ignore it, click OK and continue: "Rootkit Unhooker has detected a parasite inside itself! It is recommended to remove parasite, okay?".

NEXT:

Running OTL

We need to create a FULL OTL Report

Please download OTL from here:
- Main Mirror
- Mirror
Save it to your desktop.
Double click on the icon on your desktop.
Click the "Scan All Users" checkbox.
Change the "Extra Registry" option to "SafeList"
Push the button.
Two reports will open, copy and paste them in a reply here:
- OTL.txt <-- Will be opened
- Extras.txt <-- Will be minimized

NEXT:

Please provide an update on how things are running in your next reply.

Have I helped you? If you'd like to assist in the fight against malware, click here

The instructions seen in this post have been specifically tailored to this user and the issues they are experiencing with their computer. If you think you have a similar problem, please first read this topic, and then begin your own, new thread. I do not offer private support via Private Message.

#3 Pyrosteria

New Member

Group: Members
Posts: 13
Joined: 31-May 11

Posted 06 June 2011 - 02:15 PM

Hello ST! Thank you for replying.

FWIW, I switched back to AVG because Avira freaked out on me, but the antivirus is still disabled. I forgot to mention in my original post that I'm also experiencing Google redirects.

Here are the TDSSKiller logs:
1st
2011/05/31 09:33:20.0260 1320 TDSS rootkit removing tool 2.5.3.0 May 25 2011 07:09:24
2011/05/31 09:33:21.0784 1320 ================================================================================
2011/05/31 09:33:21.0784 1320 SystemInfo:
2011/05/31 09:33:21.0784 1320
2011/05/31 09:33:21.0784 1320 OS Version: 6.0.6001 ServicePack: 1.0
2011/05/31 09:33:21.0784 1320 Product type: Workstation
2011/05/31 09:33:21.0784 1320 ComputerName: OWNER-PC
2011/05/31 09:33:21.0785 1320 UserName: owner
2011/05/31 09:33:21.0785 1320 Windows directory: C:\Windows
2011/05/31 09:33:21.0785 1320 System windows directory: C:\Windows
2011/05/31 09:33:21.0785 1320 Processor architecture: Intel x86
2011/05/31 09:33:21.0785 1320 Number of processors: 1
2011/05/31 09:33:21.0785 1320 Page size: 0x1000
2011/05/31 09:33:21.0785 1320 Boot type: Normal boot
2011/05/31 09:33:21.0785 1320 ================================================================================
2011/05/31 09:33:22.0675 1320 Initialize success
2011/05/31 09:33:30.0065 3900 ================================================================================
2011/05/31 09:33:30.0065 3900 Scan started
2011/05/31 09:33:30.0065 3900 Mode: Manual;
2011/05/31 09:33:30.0065 3900 ================================================================================
2011/05/31 09:33:30.0974 3900 ACPI (fcb8c7210f0135e24c6580f7f649c73c) C:\Windows\system32\drivers\acpi.sys
2011/05/31 09:33:31.0047 3900 adp94xx (2edc5bbac6c651ece337bde8ed97c9fb) C:\Windows\system32\drivers\adp94xx.sys
2011/05/31 09:33:31.0086 3900 adpahci (b84088ca3cdca97da44a984c6ce1ccad) C:\Windows\system32\drivers\adpahci.sys
2011/05/31 09:33:31.0271 3900 adpu160m (7880c67bccc27c86fd05aa2afb5ea469) C:\Windows\system32\drivers\adpu160m.sys
2011/05/31 09:33:31.0353 3900 adpu320 (9ae713f8e30efc2abccd84904333df4d) C:\Windows\system32\drivers\adpu320.sys
2011/05/31 09:33:31.0433 3900 AFD (763e172a55177e478cb419f88fd0ba03) C:\Windows\system32\drivers\afd.sys
2011/05/31 09:33:31.0541 3900 agp440 (ef23439cdd587f64c2c1b8825cead7d8) C:\Windows\system32\drivers\agp440.sys
2011/05/31 09:33:31.0572 3900 aic78xx (ae1fdf7bf7bb6c6a70f67699d880592a) C:\Windows\system32\drivers\djsvs.sys
2011/05/31 09:33:31.0611 3900 aliide (90395b64600ebb4552e26e178c94b2e4) C:\Windows\system32\drivers\aliide.sys
2011/05/31 09:33:31.0660 3900 amdagp (2b13e304c9dfdfa5eb582f6a149fa2c7) C:\Windows\system32\drivers\amdagp.sys
2011/05/31 09:33:31.0755 3900 amdide (0577df1d323fe75a739c787893d300ea) C:\Windows\system32\drivers\amdide.sys
2011/05/31 09:33:31.0796 3900 AmdK7 (dc487885bcef9f28eece6fac0e5ddfc5) C:\Windows\system32\drivers\amdk7.sys
2011/05/31 09:33:31.0825 3900 AmdK8 (0ca0071da4315b00fc1328ca86b425da) C:\Windows\system32\drivers\amdk8.sys
2011/05/31 09:33:31.0868 3900 arc (5f673180268bb1fdb69c99b6619fe379) C:\Windows\system32\drivers\arc.sys
2011/05/31 09:33:31.0905 3900 arcsas (957f7540b5e7f602e44648c7de5a1c05) C:\Windows\system32\drivers\arcsas.sys
2011/05/31 09:33:32.0011 3900 AsyncMac (53b202abee6455406254444303e87be1) C:\Windows\system32\DRIVERS\asyncmac.sys
2011/05/31 09:33:32.0069 3900 atapi (2d9c903dc76a66813d350a562de40ed9) C:\Windows\system32\drivers\atapi.sys
2011/05/31 09:33:32.0254 3900 AVGIDSDriver (97824e8c95d9717777abd46a7b632310) C:\Windows\system32\DRIVERS\AVGIDSDriver.Sys
2011/05/31 09:33:32.0323 3900 AVGIDSEH (c59c9bc3f0612bd207ccdc5d8cb9ce39) C:\Windows\system32\DRIVERS\AVGIDSEH.Sys
2011/05/31 09:33:32.0363 3900 AVGIDSFilter (c5559de2ec66cede15a1664f6d183d8e) C:\Windows\system32\DRIVERS\AVGIDSFilter.Sys
2011/05/31 09:33:32.0465 3900 AVGIDSShim (ae5e9667fa40206796d1bd5bd0427a8a) C:\Windows\system32\DRIVERS\AVGIDSShim.Sys
2011/05/31 09:33:32.0542 3900 Avgldx86 (4e796d3d2c3182b13b3e3b5a2ad4ef0a) C:\Windows\system32\DRIVERS\avgldx86.sys
2011/05/31 09:33:32.0599 3900 Avgmfx86 (5639de66b37d02bd22df4cf3155fba60) C:\Windows\system32\DRIVERS\avgmfx86.sys
2011/05/31 09:33:32.0723 3900 Avgrkx86 (d1baf652eda0ae70896276a1fb32c2d4) C:\Windows\system32\DRIVERS\avgrkx86.sys
2011/05/31 09:33:32.0786 3900 Avgtdix (aaf0ebcad95f2164cffb544e00392498) C:\Windows\system32\DRIVERS\avgtdix.sys
2011/05/31 09:33:32.0875 3900 Beep (67e506b75bd5326a3ec7b70bd014dfb6) C:\Windows\system32\drivers\Beep.sys
2011/05/31 09:33:33.0081 3900 bowser (8153396d5551276227fa146900f734e6) C:\Windows\system32\DRIVERS\bowser.sys
2011/05/31 09:33:33.0137 3900 BrFiltLo (9f9acc7f7ccde8a15c282d3f88b43309) C:\Windows\system32\drivers\brfiltlo.sys
2011/05/31 09:33:33.0229 3900 BrFiltUp (56801ad62213a41f6497f96dee83755a) C:\Windows\system32\drivers\brfiltup.sys
2011/05/31 09:33:33.0313 3900 Brserid (b304e75cff293029eddf094246747113) C:\Windows\system32\drivers\brserid.sys
2011/05/31 09:33:33.0367 3900 BrSerWdm (203f0b1e73adadbbb7b7b1fabd901f6b) C:\Windows\system32\drivers\brserwdm.sys
2011/05/31 09:33:33.0460 3900 BrUsbMdm (bd456606156ba17e60a04e18016ae54b) C:\Windows\system32\drivers\brusbmdm.sys
2011/05/31 09:33:33.0505 3900 BrUsbSer (af72ed54503f717a43268b3cc5faec2e) C:\Windows\system32\drivers\brusbser.sys
2011/05/31 09:33:33.0547 3900 BTHMODEM (ad07c1ec6665b8b35741ab91200c6b68) C:\Windows\system32\drivers\bthmodem.sys
2011/05/31 09:33:33.0604 3900 cdfs (7add03e75beb9e6dd102c3081d29840a) C:\Windows\system32\DRIVERS\cdfs.sys
2011/05/31 09:33:33.0670 3900 cdrom (1ec25cea0de6ac4718bf89f9e1778b57) C:\Windows\system32\DRIVERS\cdrom.sys
2011/05/31 09:33:33.0763 3900 circlass (da8e0afc7baa226c538ef53ac2f90897) C:\Windows\system32\drivers\circlass.sys
2011/05/31 09:33:33.0828 3900 CLFS (465745561c832b29f7c48b488aab3842) C:\Windows\system32\CLFS.sys
2011/05/31 09:33:33.0976 3900 cmdide (45201046c776ffdaf3fc8a0029c581c8) C:\Windows\system32\drivers\cmdide.sys
2011/05/31 09:33:34.0023 3900 Compbatt (82b8c91d327cfecf76cb58716f7d4997) C:\Windows\system32\drivers\compbatt.sys
2011/05/31 09:33:34.0213 3900 crcdisk (2a213ae086bbec5e937553c7d9a2b22c) C:\Windows\system32\drivers\crcdisk.sys
2011/05/31 09:33:34.0282 3900 Crusoe (22a7f883508176489f559ee745b5bf5d) C:\Windows\system32\drivers\crusoe.sys
2011/05/31 09:33:34.0370 3900 DfsC (9e635ae5e8ad93e2b5989e2e23679f97) C:\Windows\system32\Drivers\dfsc.sys
2011/05/31 09:33:34.0517 3900 disk (64109e623abd6955c8fb110b592e68b7) C:\Windows\system32\drivers\disk.sys
2011/05/31 09:33:34.0602 3900 drmkaud (97fef831ab90bee128c9af390e243f80) C:\Windows\system32\drivers\drmkaud.sys
2011/05/31 09:33:34.0671 3900 DXGKrnl (85f33880b8cfb554bd3d9ccdb486845a) C:\Windows\System32\drivers\dxgkrnl.sys
2011/05/31 09:33:34.0779 3900 E1G60 (f88fb26547fd2ce6d0a5af2985892c48) C:\Windows\system32\DRIVERS\E1G60I32.sys
2011/05/31 09:33:34.0862 3900 Ecache (dd2cd259d83d8b72c02c5f2331ff9d68) C:\Windows\system32\drivers\ecache.sys
2011/05/31 09:33:34.0976 3900 elxstor (e8f3f21a71720c84bcf423b80028359f) C:\Windows\system32\drivers\elxstor.sys
2011/05/31 09:33:35.0091 3900 exfat (0d858eb20589a34efb25695acaa6aa2d) C:\Windows\system32\drivers\exfat.sys
2011/05/31 09:33:35.0155 3900 fastfat (3c489390c2e2064563727752af8eab9e) C:\Windows\system32\drivers\fastfat.sys
2011/05/31 09:33:35.0263 3900 fdc (63bdada84951b9c03e641800e176898a) C:\Windows\system32\DRIVERS\fdc.sys
2011/05/31 09:33:35.0343 3900 FileInfo (a8c0139a884861e3aae9cfe73b208a9f) C:\Windows\system32\drivers\fileinfo.sys
2011/05/31 09:33:35.0402 3900 Filetrace (0ae429a696aecbc5970e3cf2c62635ae) C:\Windows\system32\drivers\filetrace.sys
2011/05/31 09:33:35.0498 3900 flpydisk (6603957eff5ec62d25075ea8ac27de68) C:\Windows\system32\DRIVERS\flpydisk.sys
2011/05/31 09:33:35.0569 3900 FltMgr (05ea53afe985443011e36dab07343b46) C:\Windows\system32\drivers\fltmgr.sys
2011/05/31 09:33:35.0644 3900 Fs_Rec (65ea8b77b5851854f0c55c43fa51a198) C:\Windows\system32\drivers\Fs_Rec.sys
2011/05/31 09:33:35.0750 3900 gagp30kx (4e1cd0a45c50a8882616cae5bf82f3c5) C:\Windows\system32\drivers\gagp30kx.sys
2011/05/31 09:33:35.0843 3900 GEARAspiWDM (8182ff89c65e4d38b2de4bb0fb18564e) C:\Windows\system32\DRIVERS\GEARAspiWDM.sys
2011/05/31 09:33:36.0020 3900 HdAudAddService (cb04c744be0a61b1d648faed182c3b59) C:\Windows\system32\drivers\HdAudio.sys
2011/05/31 09:33:36.0751 3900 HidBth (1338520e78d90154ed6be8f84de5fceb) C:\Windows\system32\drivers\hidbth.sys
2011/05/31 09:33:37.0038 3900 HidIr (ff3160c3a2445128c5a6d9b076da519e) C:\Windows\system32\drivers\hidir.sys
2011/05/31 09:33:37.0089 3900 HidUsb (3c64042b95e583b366ba4e5d2450235e) C:\Windows\system32\drivers\hidusb.sys
2011/05/31 09:33:37.0147 3900 HpCISSs (df353b401001246853763c4b7aaa6f50) C:\Windows\system32\drivers\hpcisss.sys
2011/05/31 09:33:37.0221 3900 HSF_DP (88749fbf8beb18c90e7d6626c8c1910b) C:\Windows\system32\DRIVERS\HSX_DP.sys
2011/05/31 09:33:37.0388 3900 HTTP (33b02459e86d0a2b86a6b9fe19139390) C:\Windows\system32\drivers\HTTP.sys
2011/05/31 09:33:37.0445 3900 i2omp (324c2152ff2c61abae92d09f3cca4d63) C:\Windows\system32\drivers\i2omp.sys
2011/05/31 09:33:37.0504 3900 i8042prt (22d56c8184586b7a1f6fa60be5f5a2bd) C:\Windows\system32\DRIVERS\i8042prt.sys
2011/05/31 09:33:37.0621 3900 iaStorV (c957bf4b5d80b46c5017bf0101e6c906) C:\Windows\system32\drivers\iastorv.sys
2011/05/31 09:33:37.0766 3900 igfx (e5490aea3b791c454e9933bf749ca3d8) C:\Windows\system32\DRIVERS\igdkmd32.sys
2011/05/31 09:33:37.0968 3900 iirsp (2d077bf86e843f901d8db709c95b49a5) C:\Windows\system32\drivers\iirsp.sys
2011/05/31 09:33:38.0311 3900 IntcAzAudAddService (edc37b918e583a5a813c53d4f5588255) C:\Windows\system32\drivers\RTKVHDA.sys
2011/05/31 09:33:38.0540 3900 intelide (83aa759f3189e6370c30de5dc5590718) C:\Windows\system32\drivers\intelide.sys
2011/05/31 09:33:38.0598 3900 intelppm (224191001e78c89dfa78924c3ea595ff) C:\Windows\system32\DRIVERS\intelppm.sys
2011/05/31 09:33:39.0271 3900 IpFilterDriver (62c265c38769b864cb25b4bcf62df6c3) C:\Windows\system32\DRIVERS\ipfltdrv.sys
2011/05/31 09:33:39.0391 3900 IPMIDRV (40f34f8aba2a015d780e4b09138b6c17) C:\Windows\system32\drivers\ipmidrv.sys
2011/05/31 09:33:39.0476 3900 IPNAT (8793643a67b42cec66490b2a0cf92d68) C:\Windows\system32\DRIVERS\ipnat.sys
2011/05/31 09:33:39.0571 3900 IRENUM (109c0dfb82c3632fbd11949b73aeeac9) C:\Windows\system32\drivers\irenum.sys
2011/05/31 09:33:39.0671 3900 isapnp (350fca7e73cf65bcef43fae1e4e91293) C:\Windows\system32\drivers\isapnp.sys
2011/05/31 09:33:39.0739 3900 iScsiPrt (f247eec28317f6c739c16de420097301) C:\Windows\system32\DRIVERS\msiscsi.sys
2011/05/31 09:33:39.0786 3900 iteatapi (bced60d16156e428f8df8cf27b0df150) C:\Windows\system32\drivers\iteatapi.sys
2011/05/31 09:33:39.0907 3900 iteraid (06fa654504a498c30adca8bec4e87e7e) C:\Windows\system32\drivers\iteraid.sys
2011/05/31 09:33:39.0968 3900 kbdclass (37605e0a8cf00cbba538e753e4344c6e) C:\Windows\system32\DRIVERS\kbdclass.sys
2011/05/31 09:33:40.0038 3900 kbdhid (d2600cb17b7408b4a83f231dc9a11ac3) C:\Windows\system32\drivers\kbdhid.sys
2011/05/31 09:33:40.0490 3900 KSecDD (7a0cf7908b6824d6a2a1d313e5ae3dca) C:\Windows\system32\Drivers\ksecdd.sys
2011/05/31 09:33:40.0754 3900 lltdio (d1c5883087a0c3f1344d9d55a44901f6) C:\Windows\system32\DRIVERS\lltdio.sys
2011/05/31 09:33:40.0876 3900 LSI_FC (a2262fb9f28935e862b4db46438c80d2) C:\Windows\system32\drivers\lsi_fc.sys
2011/05/31 09:33:40.0921 3900 LSI_SAS (30d73327d390f72a62f32c103daf1d6d) C:\Windows\system32\drivers\lsi_sas.sys
2011/05/31 09:33:40.0979 3900 LSI_SCSI (e1e36fefd45849a95f1ab81de0159fe3) C:\Windows\system32\drivers\lsi_scsi.sys
2011/05/31 09:33:41.0046 3900 luafv (8f5c7426567798e62a3b3614965d62cc) C:\Windows\system32\drivers\luafv.sys
2011/05/31 09:33:41.0184 3900 MCSTRM (5bb01b9f582259d1fb7653c5c1da3653) C:\Windows\system32\drivers\MCSTRM.sys
2011/05/31 09:33:41.0261 3900 mdmxsdk (0cea2d0d3fa284b85ed5b68365114f76) C:\Windows\system32\DRIVERS\mdmxsdk.sys
2011/05/31 09:33:41.0348 3900 megasas (d153b14fc6598eae8422a2037553adce) C:\Windows\system32\drivers\megasas.sys
2011/05/31 09:33:41.0550 3900 Modem (e13b5ea0f51ba5b1512ec671393d09ba) C:\Windows\system32\drivers\modem.sys
2011/05/31 09:33:42.0079 3900 monitor (0a9bb33b56e294f686abb7c1e4e2d8a8) C:\Windows\system32\DRIVERS\monitor.sys
2011/05/31 09:33:42.0295 3900 mouclass (5bf6a1326a335c5298477754a506d263) C:\Windows\system32\DRIVERS\mouclass.sys
2011/05/31 09:33:42.0435 3900 mouhid (a3a6dff7e9e757db3df51a833bc28885) C:\Windows\system32\drivers\mouhid.sys
2011/05/31 09:33:42.0505 3900 MountMgr (bdafc88aa6b92f7842416ea6a48e1600) C:\Windows\system32\drivers\mountmgr.sys
2011/05/31 09:33:42.0933 3900 mpio (583a41f26278d9e0ea548163d6139397) C:\Windows\system32\drivers\mpio.sys
2011/05/31 09:33:43.0331 3900 mpsdrv (22241feba9b2defa669c8cb0a8dd7d2e) C:\Windows\system32\drivers\mpsdrv.sys
2011/05/31 09:33:43.0695 3900 Mraid35x (4fbbb70d30fd20ec51f80061703b001e) C:\Windows\system32\drivers\mraid35x.sys
2011/05/31 09:33:43.0799 3900 MRxDAV (ae3de84536b6799d2267443cec8edbb9) C:\Windows\system32\drivers\mrxdav.sys
2011/05/31 09:33:43.0869 3900 mrxsmb (cc752d233ef39875ca6885d9415ba869) C:\Windows\system32\DRIVERS\mrxsmb.sys
2011/05/31 09:33:43.0910 3900 mrxsmb10 (9049dddd4bd27d43d82f5968f1da76e4) C:\Windows\system32\DRIVERS\mrxsmb10.sys
2011/05/31 09:33:43.0999 3900 mrxsmb20 (91dc069b6831ef564e7d8c97eaf0343e) C:\Windows\system32\DRIVERS\mrxsmb20.sys
2011/05/31 09:33:44.0051 3900 msahci (742aed7939e734c36b7e8d6228ce26b7) C:\Windows\system32\drivers\msahci.sys
2011/05/31 09:33:44.0098 3900 msdsm (3fc82a2ae4cc149165a94699183d3028) C:\Windows\system32\drivers\msdsm.sys
2011/05/31 09:33:44.0198 3900 Msfs (a9927f4a46b816c92f461acb90cf8515) C:\Windows\system32\drivers\Msfs.sys
2011/05/31 09:33:44.0300 3900 msisadrv (0f400e306f385c56317357d6dea56f62) C:\Windows\system32\drivers\msisadrv.sys
2011/05/31 09:33:44.0380 3900 MSKSSRV (d8c63d34d9c9e56c059e24ec7185cc07) C:\Windows\system32\drivers\MSKSSRV.sys
2011/05/31 09:33:44.0471 3900 MSPCLOCK (1d373c90d62ddb641d50e55b9e78d65e) C:\Windows\system32\drivers\MSPCLOCK.sys
2011/05/31 09:33:44.0555 3900 MSPQM (b572da05bf4e098d4bba3a4734fb505b) C:\Windows\system32\drivers\MSPQM.sys
2011/05/31 09:33:44.0886 3900 MsRPC (b5614aecb05a9340aa0fb55bf561cc63) C:\Windows\system32\drivers\MsRPC.sys
2011/05/31 09:33:45.0321 3900 mssmbios (e384487cb84be41d09711c30ca79646c) C:\Windows\system32\DRIVERS\mssmbios.sys
2011/05/31 09:33:45.0523 3900 MSTEE (7199c1eec1e4993caf96b8c0a26bd58a) C:\Windows\system32\drivers\MSTEE.sys
2011/05/31 09:33:45.0604 3900 Mup (6dfd1d322de55b0b7db7d21b90bec49c) C:\Windows\system32\Drivers\mup.sys
2011/05/31 09:33:45.0699 3900 NativeWifiP (3c21ce48ff529bb73dadb98770b54025) C:\Windows\system32\DRIVERS\nwifi.sys
2011/05/31 09:33:45.0804 3900 NDIS (9bdc71790fa08f0a0b5f10462b1bd0b1) C:\Windows\system32\drivers\ndis.sys
2011/05/31 09:33:45.0894 3900 NdisTapi (0e186e90404980569fb449ba7519ae61) C:\Windows\system32\DRIVERS\ndistapi.sys
2011/05/31 09:33:45.0977 3900 Ndisuio (d6973aa34c4d5d76c0430b181c3cd389) C:\Windows\system32\DRIVERS\ndisuio.sys
2011/05/31 09:33:46.0044 3900 NdisWan (3d14c3b3496f88890d431e8aa022a411) C:\Windows\system32\DRIVERS\ndiswan.sys
2011/05/31 09:33:46.0134 3900 NDProxy (71dab552b41936358f3b541ae5997fb3) C:\Windows\system32\drivers\NDProxy.sys
2011/05/31 09:33:46.0209 3900 NetBIOS (bcd093a5a6777cf626434568dc7dba78) C:\Windows\system32\DRIVERS\netbios.sys
2011/05/31 09:33:46.0255 3900 netbt (7c5fee5b1c5728507cd96fb4a13e7a02) C:\Windows\system32\DRIVERS\netbt.sys
2011/05/31 09:33:46.0406 3900 nfrd960 (2e7fb731d4790a1bc6270accefacb36e) C:\Windows\system32\drivers\nfrd960.sys
2011/05/31 09:33:46.0503 3900 Npfs (ecb5003f484f9ed6c608d6d6c7886cbb) C:\Windows\system32\drivers\Npfs.sys
2011/05/31 09:33:46.0580 3900 nsiproxy (609773e344a97410ce4ebf74a8914fcf) C:\Windows\system32\drivers\nsiproxy.sys
2011/05/31 09:33:46.0703 3900 Ntfs (b4effe29eb4f15538fd8a9681108492d) C:\Windows\system32\drivers\Ntfs.sys
2011/05/31 09:33:46.0793 3900 ntrigdigi (e875c093aec0c978a90f30c9e0dfbb72) C:\Windows\system32\drivers\ntrigdigi.sys
2011/05/31 09:33:46.0888 3900 Null (c5dbbcda07d780bda9b685df333bb41e) C:\Windows\system32\drivers\Null.sys
2011/05/31 09:33:46.0930 3900 nvraid (e69e946f80c1c31c53003bfbf50cbb7c) C:\Windows\system32\drivers\nvraid.sys
2011/05/31 09:33:47.0001 3900 nvstor (9e0ba19a28c498a6d323d065db76dffc) C:\Windows\system32\drivers\nvstor.sys
2011/05/31 09:33:47.0049 3900 nv_agp (07c186427eb8fcc3d8d7927187f260f7) C:\Windows\system32\drivers\nv_agp.sys
2011/05/31 09:33:47.0193 3900 ohci1394 (be32da025a0be1878f0ee8d6d9386cd5) C:\Windows\system32\drivers\ohci1394.sys
2011/05/31 09:33:47.0266 3900 Parport (0fa9b5055484649d63c303fe404e5f4d) C:\Windows\system32\drivers\parport.sys
2011/05/31 09:33:47.0351 3900 partmgr (3b38467e7c3daed009dfe359e17f139f) C:\Windows\system32\drivers\partmgr.sys
2011/05/31 09:33:47.0427 3900 Parvdm (4f9a6a8a31413180d0fcb279ad5d8112) C:\Windows\system32\drivers\parvdm.sys
2011/05/31 09:33:47.0524 3900 pci (01b94418deb235dff777cc80076354b4) C:\Windows\system32\drivers\pci.sys
2011/05/31 09:33:47.0618 3900 pciide (3b1901e401473e03eb8c874271e50c26) C:\Windows\system32\drivers\pciide.sys
2011/05/31 09:33:47.0688 3900 pcmcia (e6f3fb1b86aa519e7698ad05e58b04e5) C:\Windows\system32\drivers\pcmcia.sys
2011/05/31 09:33:47.0752 3900 pcouffin (02aaafb7ba137ce5ddabcdf8090954d9) C:\Windows\system32\Drivers\pcouffin.sys
2011/05/31 09:33:47.0845 3900 PEAUTH (6349f6ed9c623b44b52ea3c63c831a92) C:\Windows\system32\drivers\peauth.sys
2011/05/31 09:33:48.0058 3900 PptpMiniport (ecfffaec0c1ecd8dbc77f39070ea1db1) C:\Windows\system32\DRIVERS\raspptp.sys
2011/05/31 09:33:48.0138 3900 Processor (0e3cef5d28b40cf273281d620c50700a) C:\Windows\system32\drivers\processr.sys
2011/05/31 09:33:48.0217 3900 PSched (bfef604508a0ed1eae2a73e872555ffb) C:\Windows\system32\DRIVERS\pacer.sys
2011/05/31 09:33:48.0331 3900 PxHelp20 (40fedd328f98245ad201cf5f9f311724) C:\Windows\system32\Drivers\PxHelp20.sys
2011/05/31 09:33:48.0432 3900 QCDonner (b1ad87b4c97b6b59fcd075001e76865f) C:\Windows\system32\DRIVERS\LVCD.sys
2011/05/31 09:33:48.0533 3900 ql2300 (ccdac889326317792480c0a67156a1ec) C:\Windows\system32\drivers\ql2300.sys
2011/05/31 09:33:48.0616 3900 ql40xx (81a7e5c076e59995d54bc1ed3a16e60b) C:\Windows\system32\drivers\ql40xx.sys
2011/05/31 09:33:48.0720 3900 QWAVEdrv (9f5e0e1926014d17486901c88eca2db7) C:\Windows\system32\drivers\qwavedrv.sys
2011/05/31 09:33:48.0767 3900 RasAcd (147d7f9c556d259924351feb0de606c3) C:\Windows\system32\DRIVERS\rasacd.sys
2011/05/31 09:33:48.0877 3900 Rasl2tp (a214adbaf4cb47dd2728859ef31f26b0) C:\Windows\system32\DRIVERS\rasl2tp.sys
2011/05/31 09:33:48.0977 3900 RasPppoe (3e9d9b048107b40d87b97df2e48e0744) C:\Windows\system32\DRIVERS\raspppoe.sys
2011/05/31 09:33:49.0047 3900 RasSstp (a7d141684e9500ac928a772ed8e6b671) C:\Windows\system32\DRIVERS\rassstp.sys
2011/05/31 09:33:49.0111 3900 rdbss (6e1c5d0457622f9ee35f683110e93d14) C:\Windows\system32\DRIVERS\rdbss.sys
2011/05/31 09:33:49.0197 3900 RDPCDD (89e59be9a564262a3fb6c4f4f1cd9899) C:\Windows\system32\DRIVERS\RDPCDD.sys
2011/05/31 09:33:49.0329 3900 rdpdr (e8bd98d46f2ed77132ba927fccb47d8b) C:\Windows\system32\drivers\rdpdr.sys
2011/05/31 09:33:49.0407 3900 RDPENCDD (9d91fe5286f748862ecffa05f8a0710c) C:\Windows\system32\drivers\rdpencdd.sys
2011/05/31 09:33:49.0476 3900 RDPWD (e1c18f4097a5abcec941dc4b2f99db7e) C:\Windows\system32\drivers\RDPWD.sys
2011/05/31 09:33:49.0623 3900 rspndr (9c508f4074a39e8b4b31d27198146fad) C:\Windows\system32\DRIVERS\rspndr.sys
2011/05/31 09:33:49.0721 3900 RTL8169 (283392af1860ecdb5e0f8ebd7f3d72df) C:\Windows\system32\DRIVERS\Rtlh86.sys
2011/05/31 09:33:49.0809 3900 sbp2port (3ce8f073a557e172b330109436984e30) C:\Windows\system32\drivers\sbp2port.sys
2011/05/31 09:33:49.0945 3900 secdrv (90a3935d05b494a5a39d37e71f09a677) C:\Windows\system32\drivers\secdrv.sys
2011/05/31 09:33:50.0048 3900 Serenum (68e44e331d46f0fb38f0863a84cd1a31) C:\Windows\system32\drivers\serenum.sys
2011/05/31 09:33:50.0087 3900 Serial (c70d69a918b178d3c3b06339b40c2e1b) C:\Windows\system32\drivers\serial.sys
2011/05/31 09:33:50.0145 3900 sermouse (8af3d28a879bf75db53a0ee7a4289624) C:\Windows\system32\drivers\sermouse.sys
2011/05/31 09:33:50.0268 3900 sffdisk (103b79418da647736ee95645f305f68a) C:\Windows\system32\drivers\sffdisk.sys
2011/05/31 09:33:50.0365 3900 sffp_mmc (8fd08a310645fe872eeec6e08c6bf3ee) C:\Windows\system32\drivers\sffp_mmc.sys
2011/05/31 09:33:50.0400 3900 sffp_sd (9cfa05fcfcb7124e69cfc812b72f9614) C:\Windows\system32\drivers\sffp_sd.sys
2011/05/31 09:33:50.0434 3900 sfloppy (46ed8e91793b2e6f848015445a0ac188) C:\Windows\system32\drivers\sfloppy.sys
2011/05/31 09:33:50.0542 3900 sisagp (d2a595d6eebeeaf4334f8e50efbc9931) C:\Windows\system32\drivers\sisagp.sys
2011/05/31 09:33:50.0615 3900 SiSRaid2 (cedd6f4e7d84e9f98b34b3fe988373aa) C:\Windows\system32\drivers\sisraid2.sys
2011/05/31 09:33:50.0654 3900 SiSRaid4 (df843c528c4f69d12ce41ce462e973a7) C:\Windows\system32\drivers\sisraid4.sys
2011/05/31 09:33:50.0779 3900 Smb (fe6ff0d3b657d18a18ed5e56b4d46bfd) C:\Windows\system32\DRIVERS\smb.sys
2011/05/31 09:33:50.0780 3900 Suspicious file (Forged): C:\Windows\system32\DRIVERS\smb.sys. Real md5: fe6ff0d3b657d18a18ed5e56b4d46bfd, Fake md5: 031e6bcd53c9b2b9ace111eafec347b6
2011/05/31 09:33:50.0798 3900 Smb - detected Rootkit.Win32.ZAccess.c (0)
2011/05/31 09:33:50.0897 3900 spldr (7aebdeef071fe28b0eef2cdd69102bff) C:\Windows\system32\drivers\spldr.sys
2011/05/31 09:33:50.0984 3900 sptd (71e276f6d189413266ea22171806597b) C:\Windows\system32\Drivers\sptd.sys
2011/05/31 09:33:50.0985 3900 Suspicious file (NoAccess): C:\Windows\system32\Drivers\sptd.sys. md5: 71e276f6d189413266ea22171806597b
2011/05/31 09:33:51.0004 3900 sptd - detected LockedFile.Multi.Generic (1)
2011/05/31 09:33:51.0084 3900 srv (2252aef839b1093d16761189f45af885) C:\Windows\system32\DRIVERS\srv.sys
2011/05/31 09:33:51.0165 3900 srv2 (96512f4a30b741e7d33a7936b9abbc20) C:\Windows\system32\DRIVERS\srv2.sys
2011/05/31 09:33:51.0230 3900 srvnet (1c69e33e0e23626da5a34ca5ba0dd990) C:\Windows\system32\DRIVERS\srvnet.sys
2011/05/31 09:33:51.0445 3900 swenum (7ba58ecf0c0a9a69d44b3dca62becf56) C:\Windows\system32\DRIVERS\swenum.sys
2011/05/31 09:33:51.0521 3900 Symc8xx (192aa3ac01df071b541094f251deed10) C:\Windows\system32\drivers\symc8xx.sys
2011/05/31 09:33:51.0572 3900 Sym_hi (8c8eb8c76736ebaf3b13b633b2e64125) C:\Windows\system32\drivers\sym_hi.sys
2011/05/31 09:33:51.0620 3900 Sym_u3 (8072af52b5fd103bbba387a1e49f62cb) C:\Windows\system32\drivers\sym_u3.sys
2011/05/31 09:33:51.0774 3900 Tcpip (782568ab6a43160a159b6215b70bcce9) C:\Windows\system32\drivers\tcpip.sys
2011/05/31 09:33:51.0856 3900 Tcpip6 (782568ab6a43160a159b6215b70bcce9) C:\Windows\system32\DRIVERS\tcpip.sys
2011/05/31 09:33:51.0925 3900 tcpipreg (d4a2e4a4b011f3a883af77315a5ae76b) C:\Windows\system32\drivers\tcpipreg.sys
2011/05/31 09:33:52.0023 3900 TDPIPE (5dcf5e267be67a1ae926f2df77fbcc56) C:\Windows\system32\drivers\tdpipe.sys
2011/05/31 09:33:52.0090 3900 TDTCP (389c63e32b3cefed425b61ed92d3f021) C:\Windows\system32\drivers\tdtcp.sys
2011/05/31 09:33:52.0144 3900 tdx (d09276b1fab033ce1d40dcbdf303d10f) C:\Windows\system32\DRIVERS\tdx.sys
2011/05/31 09:33:52.0213 3900 TermDD (a048056f5e1a96a9bf3071b91741a5aa) C:\Windows\system32\DRIVERS\termdd.sys
2011/05/31 09:33:52.0392 3900 tssecsrv (dcf0f056a2e4f52287264f5ab29cf206) C:\Windows\system32\DRIVERS\tssecsrv.sys
2011/05/31 09:33:52.0457 3900 tunmp (caecc0120ac49e3d2f758b9169872d38) C:\Windows\system32\DRIVERS\tunmp.sys
2011/05/31 09:33:52.0531 3900 tunnel (6042505ff6fa9ac1ef7684d0e03b6940) C:\Windows\system32\DRIVERS\tunnel.sys
2011/05/31 09:33:52.0588 3900 uagp35 (c3ade15414120033a36c0f293d4a4121) C:\Windows\system32\drivers\uagp35.sys
2011/05/31 09:33:52.0666 3900 udfs (8b5088058fa1d1cd897a2113ccff6c58) C:\Windows\system32\DRIVERS\udfs.sys
2011/05/31 09:33:52.0787 3900 uliagpkx (75e6890ebfce0841d3291b02e7a8bdb0) C:\Windows\system32\drivers\uliagpkx.sys
2011/05/31 09:33:52.0875 3900 uliahci (3cd4ea35a6221b85dcc25daa46313f8d) C:\Windows\system32\drivers\uliahci.sys
2011/05/31 09:33:52.0929 3900 UlSata (8514d0e5cd0534467c5fc61be94a569f) C:\Windows\system32\drivers\ulsata.sys
2011/05/31 09:33:53.0001 3900 ulsata2 (38c3c6e62b157a6bc46594fada45c62b) C:\Windows\system32\drivers\ulsata2.sys
2011/05/31 09:33:53.0067 3900 umbus (32cff9f809ae9aed85464492bf3e32d2) C:\Windows\system32\DRIVERS\umbus.sys
2011/05/31 09:33:53.0171 3900 USBAAPL (d4fb6ecc60a428564ba8768b0e23c0fc) C:\Windows\system32\Drivers\usbaapl.sys
2011/05/31 09:33:53.0246 3900 usbccgp (8bd3ae150d97ba4e633c6c5c51b41ae1) C:\Windows\system32\drivers\usbccgp.sys
2011/05/31 09:33:53.0309 3900 usbcir (e9476e6c486e76bc4898074768fb7131) C:\Windows\system32\drivers\usbcir.sys
2011/05/31 09:33:53.0378 3900 usbehci (cebe90821810e76320155beba722fcf9) C:\Windows\system32\DRIVERS\usbehci.sys
2011/05/31 09:33:53.0461 3900 usbhub (cc6b28e4ce39951357963119ce47b143) C:\Windows\system32\DRIVERS\usbhub.sys
2011/05/31 09:33:53.0545 3900 usbohci (38dbc7dd6cc5a72011f187425384388b) C:\Windows\system32\drivers\usbohci.sys
2011/05/31 09:33:53.0603 3900 usbprint (e75c4b5269091d15a2e7dc0b6d35f2f5) C:\Windows\system32\DRIVERS\usbprint.sys
2011/05/31 09:33:53.0663 3900 USBSTOR (87ba6b83c5d19b69160968d07d6e2982) C:\Windows\system32\DRIVERS\USBSTOR.SYS
2011/05/31 09:33:53.0744 3900 usbuhci (814d653efc4d48be3b04a307eceff56f) C:\Windows\system32\DRIVERS\usbuhci.sys
2011/05/31 09:33:53.0813 3900 vga (7d92be0028ecdedec74617009084b5ef) C:\Windows\system32\DRIVERS\vgapnp.sys
2011/05/31 09:33:53.0868 3900 VgaSave (2e93ac0a1d8c79d019db6c51f036636c) C:\Windows\System32\drivers\vga.sys
2011/05/31 09:33:53.0934 3900 viaagp (045d9961e591cf0674a920b6ba3ba5cb) C:\Windows\system32\drivers\viaagp.sys
2011/05/31 09:33:54.0011 3900 ViaC7 (56a4de5f02f2e88182b0981119b4dd98) C:\Windows\system32\drivers\viac7.sys
2011/05/31 09:33:54.0057 3900 viaide (fd2e3175fcada350c7ab4521dca187ec) C:\Windows\system32\drivers\viaide.sys
2011/05/31 09:33:54.0118 3900 volmgr (69503668ac66c77c6cd7af86fbdf8c43) C:\Windows\system32\drivers\volmgr.sys
2011/05/31 09:33:54.0211 3900 volmgrx (98f5ffe6316bd74e9e2c97206c190196) C:\Windows\system32\drivers\volmgrx.sys
2011/05/31 09:33:54.0352 3900 volsnap (d8b4a53dd2769f226b3eb374374987c9) C:\Windows\system32\drivers\volsnap.sys
2011/05/31 09:33:54.0434 3900 vsmraid (d984439746d42b30fc65a4c3546c6829) C:\Windows\system32\drivers\vsmraid.sys
2011/05/31 09:33:54.0542 3900 WacomPen (48dfee8f1af7c8235d4e626f0c4fe031) C:\Windows\system32\drivers\wacompen.sys
2011/05/31 09:33:54.0600 3900 Wanarp (55201897378cca7af8b5efd874374a26) C:\Windows\system32\DRIVERS\wanarp.sys
2011/05/31 09:33:54.0630 3900 Wanarpv6 (55201897378cca7af8b5efd874374a26) C:\Windows\system32\DRIVERS\wanarp.sys
2011/05/31 09:33:54.0729 3900 Wd (afc5ad65b991c1e205cf25cfdbf7a6f4) C:\Windows\system32\drivers\wd.sys
2011/05/31 09:33:54.0833 3900 Wdf01000 (b6f0a7ad6d4bd325fbcd8bac96cd8d96) C:\Windows\system32\drivers\Wdf01000.sys
2011/05/31 09:33:55.0002 3900 winachsf (72cc6a8ca7891031d6380db5025c773c) C:\Windows\system32\DRIVERS\HSX_CNXT.sys
2011/05/31 09:33:55.0184 3900 WmiAcpi (701a9f884a294327e9141d73746ee279) C:\Windows\system32\drivers\wmiacpi.sys
2011/05/31 09:33:55.0348 3900 WpdUsb (0cec23084b51b8288099eb710224e955) C:\Windows\system32\DRIVERS\wpdusb.sys
2011/05/31 09:33:55.0460 3900 ws2ifsl (e3a3cb253c0ec2494d4a61f5e43a389c) C:\Windows\system32\drivers\ws2ifsl.sys
2011/05/31 09:33:55.0727 3900 WUDFRd (ac13cb789d93412106b0fb6c7eb2bcb6) C:\Windows\system32\DRIVERS\WUDFRd.sys
2011/05/31 09:33:55.0831 3900 XAudio (dab33cfa9dd24251aaa389ff36b64d4b) C:\Windows\system32\DRIVERS\xaudio.sys
2011/05/31 09:33:55.0928 3900 MBR (0x1B8) (8913823ff508ccf109db74b636c301da) \Device\Harddisk0\DR0
2011/05/31 09:33:55.0980 3900 ================================================================================
2011/05/31 09:33:55.0980 3900 Scan finished
2011/05/31 09:33:55.0980 3900 ================================================================================
2011/05/31 09:33:56.0017 3464 Detected object count: 2
2011/05/31 09:33:56.0017 3464 Actual detected object count: 2
2011/05/31 09:35:02.0455 3464 Smb (fe6ff0d3b657d18a18ed5e56b4d46bfd) C:\Windows\system32\DRIVERS\smb.sys
2011/05/31 09:35:02.0456 3464 Suspicious file (Forged): C:\Windows\system32\DRIVERS\smb.sys. Real md5: fe6ff0d3b657d18a18ed5e56b4d46bfd, Fake md5: 031e6bcd53c9b2b9ace111eafec347b6
2011/05/31 09:35:02.0630 3464 Backup copy found, using it..
2011/05/31 09:35:02.0640 3464 C:\Windows\system32\DRIVERS\smb.sys - will be cured after reboot
2011/05/31 09:35:02.0640 3464 Rootkit.Win32.ZAccess.c(Smb) - User select action: Cure
2011/05/31 09:35:02.0647 3464 LockedFile.Multi.Generic(sptd) - User select action: Skip
2011/05/31 09:35:09.0318 1028 Deinitialize success

2nd
2011/05/31 11:00:40.0281 2732 TDSS rootkit removing tool 2.5.3.0 May 25 2011 07:09:24
2011/05/31 11:00:40.0640 2732 ================================================================================
2011/05/31 11:00:40.0640 2732 SystemInfo:
2011/05/31 11:00:40.0640 2732
2011/05/31 11:00:40.0640 2732 OS Version: 6.0.6001 ServicePack: 1.0
2011/05/31 11:00:40.0640 2732 Product type: Workstation
2011/05/31 11:00:40.0640 2732 ComputerName: OWNER-PC
2011/05/31 11:00:40.0640 2732 UserName: owner
2011/05/31 11:00:40.0640 2732 Windows directory: C:\Windows
2011/05/31 11:00:40.0640 2732 System windows directory: C:\Windows
2011/05/31 11:00:40.0640 2732 Processor architecture: Intel x86
2011/05/31 11:00:40.0640 2732 Number of processors: 1
2011/05/31 11:00:40.0640 2732 Page size: 0x1000
2011/05/31 11:00:40.0640 2732 Boot type: Normal boot
2011/05/31 11:00:40.0640 2732 ================================================================================
2011/05/31 11:00:41.0685 2732 Initialize success
2011/05/31 11:00:45.0850 2104 ================================================================================
2011/05/31 11:00:45.0850 2104 Scan started
2011/05/31 11:00:45.0850 2104 Mode: Manual;
2011/05/31 11:00:45.0850 2104 ================================================================================
2011/05/31 11:00:46.0817 2104 ACPI (fcb8c7210f0135e24c6580f7f649c73c) C:\Windows\system32\drivers\acpi.sys
2011/05/31 11:00:46.0989 2104 adp94xx (2edc5bbac6c651ece337bde8ed97c9fb) C:\Windows\system32\drivers\adp94xx.sys
2011/05/31 11:00:47.0036 2104 adpahci (b84088ca3cdca97da44a984c6ce1ccad) C:\Windows\system32\drivers\adpahci.sys
2011/05/31 11:00:47.0082 2104 adpu160m (7880c67bccc27c86fd05aa2afb5ea469) C:\Windows\system32\drivers\adpu160m.sys
2011/05/31 11:00:47.0254 2104 adpu320 (9ae713f8e30efc2abccd84904333df4d) C:\Windows\system32\drivers\adpu320.sys
2011/05/31 11:00:47.0472 2104 AFD (763e172a55177e478cb419f88fd0ba03) C:\Windows\system32\drivers\afd.sys
2011/05/31 11:00:47.0644 2104 agp440 (ef23439cdd587f64c2c1b8825cead7d8) C:\Windows\system32\drivers\agp440.sys
2011/05/31 11:00:47.0706 2104 aic78xx (ae1fdf7bf7bb6c6a70f67699d880592a) C:\Windows\system32\drivers\djsvs.sys
2011/05/31 11:00:47.0925 2104 aliide (90395b64600ebb4552e26e178c94b2e4) C:\Windows\system32\drivers\aliide.sys
2011/05/31 11:00:48.0096 2104 amdagp (2b13e304c9dfdfa5eb582f6a149fa2c7) C:\Windows\system32\drivers\amdagp.sys
2011/05/31 11:00:48.0143 2104 amdide (0577df1d323fe75a739c787893d300ea) C:\Windows\system32\drivers\amdide.sys
2011/05/31 11:00:48.0424 2104 AmdK7 (dc487885bcef9f28eece6fac0e5ddfc5) C:\Windows\system32\drivers\amdk7.sys
2011/05/31 11:00:48.0471 2104 AmdK8 (0ca0071da4315b00fc1328ca86b425da) C:\Windows\system32\drivers\amdk8.sys
2011/05/31 11:00:48.0736 2104 arc (5f673180268bb1fdb69c99b6619fe379) C:\Windows\system32\drivers\arc.sys
2011/05/31 11:00:48.0767 2104 arcsas (957f7540b5e7f602e44648c7de5a1c05) C:\Windows\system32\drivers\arcsas.sys
2011/05/31 11:00:48.0908 2104 AsyncMac (53b202abee6455406254444303e87be1) C:\Windows\system32\DRIVERS\asyncmac.sys
2011/05/31 11:00:49.0064 2104 atapi (2d9c903dc76a66813d350a562de40ed9) C:\Windows\system32\drivers\atapi.sys
2011/05/31 11:00:49.0220 2104 avgntflt (47b879406246ffdced59e18d331a0e7d) C:\Windows\system32\DRIVERS\avgntflt.sys
2011/05/31 11:00:49.0313 2104 avipbb (5fedef54757b34fb611b9ec8fb399364) C:\Windows\system32\DRIVERS\avipbb.sys
2011/05/31 11:00:49.0438 2104 Beep (67e506b75bd5326a3ec7b70bd014dfb6) C:\Windows\system32\drivers\Beep.sys
2011/05/31 11:00:49.0734 2104 bowser (8153396d5551276227fa146900f734e6) C:\Windows\system32\DRIVERS\bowser.sys
2011/05/31 11:00:49.0812 2104 BrFiltLo (9f9acc7f7ccde8a15c282d3f88b43309) C:\Windows\system32\drivers\brfiltlo.sys
2011/05/31 11:00:49.0906 2104 BrFiltUp (56801ad62213a41f6497f96dee83755a) C:\Windows\system32\drivers\brfiltup.sys
2011/05/31 11:00:50.0171 2104 Brserid (b304e75cff293029eddf094246747113) C:\Windows\system32\drivers\brserid.sys
2011/05/31 11:00:50.0218 2104 BrSerWdm (203f0b1e73adadbbb7b7b1fabd901f6b) C:\Windows\system32\drivers\brserwdm.sys
2011/05/31 11:00:50.0265 2104 BrUsbMdm (bd456606156ba17e60a04e18016ae54b) C:\Windows\system32\drivers\brusbmdm.sys
2011/05/31 11:00:50.0374 2104 BrUsbSer (af72ed54503f717a43268b3cc5faec2e) C:\Windows\system32\drivers\brusbser.sys
2011/05/31 11:00:50.0452 2104 BTHMODEM (ad07c1ec6665b8b35741ab91200c6b68) C:\Windows\system32\drivers\bthmodem.sys
2011/05/31 11:00:50.0530 2104 cdfs (7add03e75beb9e6dd102c3081d29840a) C:\Windows\system32\DRIVERS\cdfs.sys
2011/05/31 11:00:50.0639 2104 cdrom (1ec25cea0de6ac4718bf89f9e1778b57) C:\Windows\system32\DRIVERS\cdrom.sys
2011/05/31 11:00:50.0811 2104 circlass (da8e0afc7baa226c538ef53ac2f90897) C:\Windows\system32\drivers\circlass.sys
2011/05/31 11:00:50.0967 2104 CLFS (465745561c832b29f7c48b488aab3842) C:\Windows\system32\CLFS.sys
2011/05/31 11:00:51.0154 2104 cmdide (45201046c776ffdaf3fc8a0029c581c8) C:\Windows\system32\drivers\cmdide.sys
2011/05/31 11:00:51.0185 2104 Compbatt (82b8c91d327cfecf76cb58716f7d4997) C:\Windows\system32\drivers\compbatt.sys
2011/05/31 11:00:51.0575 2104 crcdisk (2a213ae086bbec5e937553c7d9a2b22c) C:\Windows\system32\drivers\crcdisk.sys
2011/05/31 11:00:51.0747 2104 Crusoe (22a7f883508176489f559ee745b5bf5d) C:\Windows\system32\drivers\crusoe.sys
2011/05/31 11:00:51.0934 2104 DfsC (9e635ae5e8ad93e2b5989e2e23679f97) C:\Windows\system32\Drivers\dfsc.sys
2011/05/31 11:00:52.0106 2104 disk (64109e623abd6955c8fb110b592e68b7) C:\Windows\system32\drivers\disk.sys
2011/05/31 11:00:52.0184 2104 drmkaud (97fef831ab90bee128c9af390e243f80) C:\Windows\system32\drivers\drmkaud.sys
2011/05/31 11:00:52.0340 2104 DXGKrnl (85f33880b8cfb554bd3d9ccdb486845a) C:\Windows\System32\drivers\dxgkrnl.sys
2011/05/31 11:00:52.0464 2104 E1G60 (f88fb26547fd2ce6d0a5af2985892c48) C:\Windows\system32\DRIVERS\E1G60I32.sys
2011/05/31 11:00:52.0574 2104 Ecache (dd2cd259d83d8b72c02c5f2331ff9d68) C:\Windows\system32\drivers\ecache.sys
2011/05/31 11:00:52.0698 2104 elxstor (e8f3f21a71720c84bcf423b80028359f) C:\Windows\system32\drivers\elxstor.sys
2011/05/31 11:00:52.0839 2104 exfat (0d858eb20589a34efb25695acaa6aa2d) C:\Windows\system32\drivers\exfat.sys
2011/05/31 11:00:52.0917 2104 fastfat (3c489390c2e2064563727752af8eab9e) C:\Windows\system32\drivers\fastfat.sys
2011/05/31 11:00:53.0057 2104 fdc (63bdada84951b9c03e641800e176898a) C:\Windows\system32\DRIVERS\fdc.sys
2011/05/31 11:00:53.0229 2104 FileInfo (a8c0139a884861e3aae9cfe73b208a9f) C:\Windows\system32\drivers\fileinfo.sys
2011/05/31 11:00:53.0322 2104 Filetrace (0ae429a696aecbc5970e3cf2c62635ae) C:\Windows\system32\drivers\filetrace.sys
2011/05/31 11:00:53.0416 2104 flpydisk (6603957eff5ec62d25075ea8ac27de68) C:\Windows\system32\DRIVERS\flpydisk.sys
2011/05/31 11:00:53.0478 2104 FltMgr (05ea53afe985443011e36dab07343b46) C:\Windows\system32\drivers\fltmgr.sys
2011/05/31 11:00:53.0556 2104 Fs_Rec (65ea8b77b5851854f0c55c43fa51a198) C:\Windows\system32\drivers\Fs_Rec.sys
2011/05/31 11:00:53.0681 2104 gagp30kx (4e1cd0a45c50a8882616cae5bf82f3c5) C:\Windows\system32\drivers\gagp30kx.sys
2011/05/31 11:00:53.0759 2104 GEARAspiWDM (8182ff89c65e4d38b2de4bb0fb18564e) C:\Windows\system32\DRIVERS\GEARAspiWDM.sys
2011/05/31 11:00:53.0900 2104 HdAudAddService (cb04c744be0a61b1d648faed182c3b59) C:\Windows\system32\drivers\HdAudio.sys
2011/05/31 11:00:54.0087 2104 HidBth (1338520e78d90154ed6be8f84de5fceb) C:\Windows\system32\drivers\hidbth.sys
2011/05/31 11:00:54.0165 2104 HidIr (ff3160c3a2445128c5a6d9b076da519e) C:\Windows\system32\drivers\hidir.sys
2011/05/31 11:00:54.0227 2104 HidUsb (3c64042b95e583b366ba4e5d2450235e) C:\Windows\system32\drivers\hidusb.sys
2011/05/31 11:00:54.0321 2104 HpCISSs (df353b401001246853763c4b7aaa6f50) C:\Windows\system32\drivers\hpcisss.sys
2011/05/31 11:00:54.0539 2104 HSF_DP (88749fbf8beb18c90e7d6626c8c1910b) C:\Windows\system32\DRIVERS\HSX_DP.sys
2011/05/31 11:00:54.0914 2104 HTTP (33b02459e86d0a2b86a6b9fe19139390) C:\Windows\system32\drivers\HTTP.sys
2011/05/31 11:00:55.0023 2104 i2omp (324c2152ff2c61abae92d09f3cca4d63) C:\Windows\system32\drivers\i2omp.sys
2011/05/31 11:00:55.0241 2104 i8042prt (22d56c8184586b7a1f6fa60be5f5a2bd) C:\Windows\system32\DRIVERS\i8042prt.sys
2011/05/31 11:00:55.0350 2104 iaStorV (c957bf4b5d80b46c5017bf0101e6c906) C:\Windows\system32\drivers\iastorv.sys
2011/05/31 11:00:55.0881 2104 igfx (e5490aea3b791c454e9933bf749ca3d8) C:\Windows\system32\DRIVERS\igdkmd32.sys
2011/05/31 11:00:56.0208 2104 iirsp (2d077bf86e843f901d8db709c95b49a5) C:\Windows\system32\drivers\iirsp.sys
2011/05/31 11:00:56.0630 2104 intelide (83aa759f3189e6370c30de5dc5590718) C:\Windows\system32\drivers\intelide.sys
2011/05/31 11:00:56.0895 2104 intelppm (224191001e78c89dfa78924c3ea595ff) C:\Windows\system32\DRIVERS\intelppm.sys
2011/05/31 11:00:56.0973 2104 IpFilterDriver (62c265c38769b864cb25b4bcf62df6c3) C:\Windows\system32\DRIVERS\ipfltdrv.sys
2011/05/31 11:00:57.0316 2104 IPMIDRV (40f34f8aba2a015d780e4b09138b6c17) C:\Windows\system32\drivers\ipmidrv.sys
2011/05/31 11:00:57.0378 2104 IPNAT (8793643a67b42cec66490b2a0cf92d68) C:\Windows\system32\DRIVERS\ipnat.sys
2011/05/31 11:00:57.0659 2104 IRENUM (109c0dfb82c3632fbd11949b73aeeac9) C:\Windows\system32\drivers\irenum.sys
2011/05/31 11:00:57.0909 2104 isapnp (350fca7e73cf65bcef43fae1e4e91293) C:\Windows\system32\drivers\isapnp.sys
2011/05/31 11:00:58.0096 2104 iScsiPrt (f247eec28317f6c739c16de420097301) C:\Windows\system32\DRIVERS\msiscsi.sys
2011/05/31 11:00:58.0470 2104 iteatapi (bced60d16156e428f8df8cf27b0df150) C:\Windows\system32\drivers\iteatapi.sys
2011/05/31 11:00:59.0048 2104 iteraid (06fa654504a498c30adca8bec4e87e7e) C:\Windows\system32\drivers\iteraid.sys
2011/05/31 11:00:59.0703 2104 kbdclass (37605e0a8cf00cbba538e753e4344c6e) C:\Windows\system32\DRIVERS\kbdclass.sys
2011/05/31 11:01:00.0233 2104 kbdhid (d2600cb17b7408b4a83f231dc9a11ac3) C:\Windows\system32\drivers\kbdhid.sys
2011/05/31 11:01:00.0717 2104 KSecDD (7a0cf7908b6824d6a2a1d313e5ae3dca) C:\Windows\system32\Drivers\ksecdd.sys
2011/05/31 11:01:01.0029 2104 lltdio (d1c5883087a0c3f1344d9d55a44901f6) C:\Windows\system32\DRIVERS\lltdio.sys
2011/05/31 11:01:01.0310 2104 LSI_FC (a2262fb9f28935e862b4db46438c80d2) C:\Windows\system32\drivers\lsi_fc.sys
2011/05/31 11:01:01.0419 2104 LSI_SAS (30d73327d390f72a62f32c103daf1d6d) C:\Windows\system32\drivers\lsi_sas.sys
2011/05/31 11:01:01.0746 2104 LSI_SCSI (e1e36fefd45849a95f1ab81de0159fe3) C:\Windows\system32\drivers\lsi_scsi.sys
2011/05/31 11:01:01.0902 2104 luafv (8f5c7426567798e62a3b3614965d62cc) C:\Windows\system32\drivers\luafv.sys
2011/05/31 11:01:02.0230 2104 MCSTRM (5bb01b9f582259d1fb7653c5c1da3653) C:\Windows\system32\drivers\MCSTRM.sys
2011/05/31 11:01:02.0355 2104 mdmxsdk (0cea2d0d3fa284b85ed5b68365114f76) C:\Windows\system32\DRIVERS\mdmxsdk.sys
2011/05/31 11:01:02.0542 2104 megasas (d153b14fc6598eae8422a2037553adce) C:\Windows\system32\drivers\megasas.sys
2011/05/31 11:01:02.0667 2104 Modem (e13b5ea0f51ba5b1512ec671393d09ba) C:\Windows\system32\drivers\modem.sys
2011/05/31 11:01:02.0823 2104 monitor (0a9bb33b56e294f686abb7c1e4e2d8a8) C:\Windows\system32\DRIVERS\monitor.sys
2011/05/31 11:01:02.0932 2104 mouclass (5bf6a1326a335c5298477754a506d263) C:\Windows\system32\DRIVERS\mouclass.sys
2011/05/31 11:01:03.0150 2104 mouhid (a3a6dff7e9e757db3df51a833bc28885) C:\Windows\system32\drivers\mouhid.sys
2011/05/31 11:01:03.0400 2104 MountMgr (bdafc88aa6b92f7842416ea6a48e1600) C:\Windows\system32\drivers\mountmgr.sys
2011/05/31 11:01:03.0556 2104 mpio (583a41f26278d9e0ea548163d6139397) C:\Windows\system32\drivers\mpio.sys
2011/05/31 11:01:03.0962 2104 mpsdrv (22241feba9b2defa669c8cb0a8dd7d2e) C:\Windows\system32\drivers\mpsdrv.sys
2011/05/31 11:01:04.0133 2104 Mraid35x (4fbbb70d30fd20ec51f80061703b001e) C:\Windows\system32\drivers\mraid35x.sys
2011/05/31 11:01:04.0476 2104 MRxDAV (ae3de84536b6799d2267443cec8edbb9) C:\Windows\system32\drivers\mrxdav.sys
2011/05/31 11:01:04.0929 2104 mrxsmb (cc752d233ef39875ca6885d9415ba869) C:\Windows\system32\DRIVERS\mrxsmb.sys
2011/05/31 11:01:05.0210 2104 mrxsmb10 (9049dddd4bd27d43d82f5968f1da76e4) C:\Windows\system32\DRIVERS\mrxsmb10.sys
2011/05/31 11:01:05.0678 2104 mrxsmb20 (91dc069b6831ef564e7d8c97eaf0343e) C:\Windows\system32\DRIVERS\mrxsmb20.sys
2011/05/31 11:01:05.0912 2104 msahci (742aed7939e734c36b7e8d6228ce26b7) C:\Windows\system32\drivers\msahci.sys
2011/05/31 11:01:06.0099 2104 msdsm (3fc82a2ae4cc149165a94699183d3028) C:\Windows\system32\drivers\msdsm.sys
2011/05/31 11:01:06.0582 2104 Msfs (a9927f4a46b816c92f461acb90cf8515) C:\Windows\system32\drivers\Msfs.sys
2011/05/31 11:01:06.0816 2104 msisadrv (0f400e306f385c56317357d6dea56f62) C:\Windows\system32\drivers\msisadrv.sys
2011/05/31 11:01:07.0284 2104 MSKSSRV (d8c63d34d9c9e56c059e24ec7185cc07) C:\Windows\system32\drivers\MSKSSRV.sys
2011/05/31 11:01:07.0534 2104 MSPCLOCK (1d373c90d62ddb641d50e55b9e78d65e) C:\Windows\system32\drivers\MSPCLOCK.sys
2011/05/31 11:01:07.0846 2104 MSPQM (b572da05bf4e098d4bba3a4734fb505b) C:\Windows\system32\drivers\MSPQM.sys
2011/05/31 11:01:08.0049 2104 MsRPC (b5614aecb05a9340aa0fb55bf561cc63) C:\Windows\system32\drivers\MsRPC.sys
2011/05/31 11:01:08.0408 2104 mssmbios (e384487cb84be41d09711c30ca79646c) C:\Windows\system32\DRIVERS\mssmbios.sys
2011/05/31 11:01:08.0548 2104 MSTEE (7199c1eec1e4993caf96b8c0a26bd58a) C:\Windows\system32\drivers\MSTEE.sys
2011/05/31 11:01:09.0063 2104 Mup (6dfd1d322de55b0b7db7d21b90bec49c) C:\Windows\system32\Drivers\mup.sys
2011/05/31 11:01:09.0328 2104 NativeWifiP (3c21ce48ff529bb73dadb98770b54025) C:\Windows\system32\DRIVERS\nwifi.sys
2011/05/31 11:01:09.0827 2104 NDIS (9bdc71790fa08f0a0b5f10462b1bd0b1) C:\Windows\system32\drivers\ndis.sys
2011/05/31 11:01:10.0436 2104 NdisTapi (0e186e90404980569fb449ba7519ae61) C:\Windows\system32\DRIVERS\ndistapi.sys
2011/05/31 11:01:10.0826 2104 Ndisuio (d6973aa34c4d5d76c0430b181c3cd389) C:\Windows\system32\DRIVERS\ndisuio.sys
2011/05/31 11:01:11.0044 2104 NdisWan (3d14c3b3496f88890d431e8aa022a411) C:\Windows\system32\DRIVERS\ndiswan.sys
2011/05/31 11:01:11.0574 2104 NDProxy (71dab552b41936358f3b541ae5997fb3) C:\Windows\system32\drivers\NDProxy.sys
2011/05/31 11:01:11.0855 2104 NetBIOS (bcd093a5a6777cf626434568dc7dba78) C:\Windows\system32\DRIVERS\netbios.sys
2011/05/31 11:01:12.0136 2104 netbt (4994ca603560027a9e9a92dbb8e5e047) C:\Windows\system32\DRIVERS\netbt.sys
2011/05/31 11:01:12.0136 2104 Suspicious file (Forged): C:\Windows\system32\DRIVERS\netbt.sys. Real md5: 4994ca603560027a9e9a92dbb8e5e047, Fake md5: 7c5fee5b1c5728507cd96fb4a13e7a02
2011/05/31 11:01:12.0152 2104 netbt - detected Rootkit.Win32.ZAccess.c (0)
2011/05/31 11:01:12.0573 2104 nfrd960 (2e7fb731d4790a1bc6270accefacb36e) C:\Windows\system32\drivers\nfrd960.sys
2011/05/31 11:01:12.0791 2104 Npfs (ecb5003f484f9ed6c608d6d6c7886cbb) C:\Windows\system32\drivers\Npfs.sys
2011/05/31 11:01:13.0166 2104 nsiproxy (609773e344a97410ce4ebf74a8914fcf) C:\Windows\system32\drivers\nsiproxy.sys
2011/05/31 11:01:13.0493 2104 Ntfs (b4effe29eb4f15538fd8a9681108492d) C:\Windows\system32\drivers\Ntfs.sys
2011/05/31 11:01:13.0930 2104 ntrigdigi (e875c093aec0c978a90f30c9e0dfbb72) C:\Windows\system32\drivers\ntrigdigi.sys
2011/05/31 11:01:14.0039 2104 Null (c5dbbcda07d780bda9b685df333bb41e) C:\Windows\system32\drivers\Null.sys
2011/05/31 11:01:14.0445 2104 nvraid (e69e946f80c1c31c53003bfbf50cbb7c) C:\Windows\system32\drivers\nvraid.sys
2011/05/31 11:01:14.0726 2104 nvstor (9e0ba19a28c498a6d323d065db76dffc) C:\Windows\system32\drivers\nvstor.sys
2011/05/31 11:01:14.0897 2104 nv_agp (07c186427eb8fcc3d8d7927187f260f7) C:\Windows\system32\drivers\nv_agp.sys
2011/05/31 11:01:15.0880 2104 ohci1394 (be32da025a0be1878f0ee8d6d9386cd5) C:\Windows\system32\drivers\ohci1394.sys
2011/05/31 11:01:16.0442 2104 Parport (0fa9b5055484649d63c303fe404e5f4d) C:\Windows\system32\drivers\parport.sys
2011/05/31 11:01:16.0629 2104 partmgr (3b38467e7c3daed009dfe359e17f139f) C:\Windows\system32\drivers\partmgr.sys
2011/05/31 11:01:17.0175 2104 Parvdm (4f9a6a8a31413180d0fcb279ad5d8112) C:\Windows\system32\drivers\parvdm.sys
2011/05/31 11:01:17.0674 2104 pci (01b94418deb235dff777cc80076354b4) C:\Windows\system32\drivers\pci.sys
2011/05/31 11:01:17.0924 2104 pciide (3b1901e401473e03eb8c874271e50c26) C:\Windows\system32\drivers\pciide.sys
2011/05/31 11:01:18.0267 2104 pcmcia (e6f3fb1b86aa519e7698ad05e58b04e5) C:\Windows\system32\drivers\pcmcia.sys
2011/05/31 11:01:18.0501 2104 pcouffin (02aaafb7ba137ce5ddabcdf8090954d9) C:\Windows\system32\Drivers\pcouffin.sys
2011/05/31 11:01:18.0969 2104 PEAUTH (6349f6ed9c623b44b52ea3c63c831a92) C:\Windows\system32\drivers\peauth.sys
2011/05/31 11:01:19.0343 2104 PptpMiniport (ecfffaec0c1ecd8dbc77f39070ea1db1) C:\Windows\system32\DRIVERS\raspptp.sys
2011/05/31 11:01:19.0515 2104 Processor (0e3cef5d28b40cf273281d620c50700a) C:\Windows\system32\drivers\processr.sys
2011/05/31 11:01:19.0780 2104 PSched (bfef604508a0ed1eae2a73e872555ffb) C:\Windows\system32\DRIVERS\pacer.sys
2011/05/31 11:01:19.0967 2104 PxHelp20 (40fedd328f98245ad201cf5f9f311724) C:\Windows\system32\Drivers\PxHelp20.sys
2011/05/31 11:01:20.0154 2104 QCDonner (b1ad87b4c97b6b59fcd075001e76865f) C:\Windows\system32\DRIVERS\LVCD.sys
2011/05/31 11:01:20.0576 2104 ql2300 (ccdac889326317792480c0a67156a1ec) C:\Windows\system32\drivers\ql2300.sys
2011/05/31 11:01:21.0044 2104 ql40xx (81a7e5c076e59995d54bc1ed3a16e60b) C:\Windows\system32\drivers\ql40xx.sys
2011/05/31 11:01:21.0246 2104 QWAVEdrv (9f5e0e1926014d17486901c88eca2db7) C:\Windows\system32\drivers\qwavedrv.sys
2011/05/31 11:01:21.0496 2104 RasAcd (147d7f9c556d259924351feb0de606c3) C:\Windows\system32\DRIVERS\rasacd.sys
2011/05/31 11:01:21.0668 2104 Rasl2tp (a214adbaf4cb47dd2728859ef31f26b0) C:\Windows\system32\DRIVERS\rasl2tp.sys
2011/05/31 11:01:22.0058 2104 RasPppoe (3e9d9b048107b40d87b97df2e48e0744) C:\Windows\system32\DRIVERS\raspppoe.sys
2011/05/31 11:01:22.0370 2104 RasSstp (a7d141684e9500ac928a772ed8e6b671) C:\Windows\system32\DRIVERS\rassstp.sys
2011/05/31 11:01:22.0760 2104 rdbss (6e1c5d0457622f9ee35f683110e93d14) C:\Windows\system32\DRIVERS\rdbss.sys
2011/05/31 11:01:23.0181 2104 RDPCDD (89e59be9a564262a3fb6c4f4f1cd9899) C:\Windows\system32\DRIVERS\RDPCDD.sys
2011/05/31 11:01:23.0306 2104 rdpdr (e8bd98d46f2ed77132ba927fccb47d8b) C:\Windows\system32\drivers\rdpdr.sys
2011/05/31 11:01:23.0758 2104 RDPENCDD (9d91fe5286f748862ecffa05f8a0710c) C:\Windows\system32\drivers\rdpencdd.sys
2011/05/31 11:01:23.0976 2104 RDPWD (e1c18f4097a5abcec941dc4b2f99db7e) C:\Windows\system32\drivers\RDPWD.sys
2011/05/31 11:01:24.0257 2104 rspndr (9c508f4074a39e8b4b31d27198146fad) C:\Windows\system32\DRIVERS\rspndr.sys
2011/05/31 11:01:24.0569 2104 RTL8169 (283392af1860ecdb5e0f8ebd7f3d72df) C:\Windows\system32\DRIVERS\Rtlh86.sys
2011/05/31 11:01:24.0741 2104 sbp2port (3ce8f073a557e172b330109436984e30) C:\Windows\system32\drivers\sbp2port.sys
2011/05/31 11:01:25.0053 2104 secdrv (90a3935d05b494a5a39d37e71f09a677) C:\Windows\system32\drivers\secdrv.sys
2011/05/31 11:01:25.0224 2104 Serenum (68e44e331d46f0fb38f0863a84cd1a31) C:\Windows\system32\drivers\serenum.sys
2011/05/31 11:01:25.0271 2104 Serial (c70d69a918b178d3c3b06339b40c2e1b) C:\Windows\system32\drivers\serial.sys
2011/05/31 11:01:25.0396 2104 sermouse (8af3d28a879bf75db53a0ee7a4289624) C:\Windows\system32\drivers\sermouse.sys
2011/05/31 11:01:25.0536 2104 sffdisk (103b79418da647736ee95645f305f68a) C:\Windows\system32\drivers\sffdisk.sys
2011/05/31 11:01:25.0755 2104 sffp_mmc (8fd08a310645fe872eeec6e08c6bf3ee) C:\Windows\system32\drivers\sffp_mmc.sys
2011/05/31 11:01:25.0864 2104 sffp_sd (9cfa05fcfcb7124e69cfc812b72f9614) C:\Windows\system32\drivers\sffp_sd.sys
2011/05/31 11:01:25.0911 2104 sfloppy (46ed8e91793b2e6f848015445a0ac188) C:\Windows\system32\drivers\sfloppy.sys
2011/05/31 11:01:26.0004 2104 sisagp (d2a595d6eebeeaf4334f8e50efbc9931) C:\Windows\system32\drivers\sisagp.sys
2011/05/31 11:01:26.0051 2104 SiSRaid2 (cedd6f4e7d84e9f98b34b3fe988373aa) C:\Windows\system32\drivers\sisraid2.sys
2011/05/31 11:01:26.0254 2104 SiSRaid4 (df843c528c4f69d12ce41ce462e973a7) C:\Windows\system32\drivers\sisraid4.sys
2011/05/31 11:01:26.0987 2104 Smb (031e6bcd53c9b2b9ace111eafec347b6) C:\Windows\system32\DRIVERS\smb.sys
2011/05/31 11:01:27.0143 2104 spldr (7aebdeef071fe28b0eef2cdd69102bff) C:\Windows\system32\drivers\spldr.sys
2011/05/31 11:01:27.0830 2104 sptd (71e276f6d189413266ea22171806597b) C:\Windows\system32\Drivers\sptd.sys
2011/05/31 11:01:27.0830 2104 Suspicious file (NoAccess): C:\Windows\system32\Drivers\sptd.sys. md5: 71e276f6d189413266ea22171806597b
2011/05/31 11:01:27.0845 2104 sptd - detected LockedFile.Multi.Generic (1)
2011/05/31 11:01:28.0329 2104 srv (2252aef839b1093d16761189f45af885) C:\Windows\system32\DRIVERS\srv.sys
2011/05/31 11:01:28.0859 2104 srv2 (96512f4a30b741e7d33a7936b9abbc20) C:\Windows\system32\DRIVERS\srv2.sys
2011/05/31 11:01:29.0452 2104 srvnet (1c69e33e0e23626da5a34ca5ba0dd990) C:\Windows\system32\DRIVERS\srvnet.sys
2011/05/31 11:01:29.0998 2104 ssmdrv (a36ee93698802cd899f98bfd553d8185) C:\Windows\system32\DRIVERS\ssmdrv.sys
2011/05/31 11:01:30.0684 2104 swenum (7ba58ecf0c0a9a69d44b3dca62becf56) C:\Windows\system32\DRIVERS\swenum.sys
2011/05/31 11:01:31.0184 2104 Symc8xx (192aa3ac01df071b541094f251deed10) C:\Windows\system32\drivers\symc8xx.sys
2011/05/31 11:01:31.0511 2104 Sym_hi (8c8eb8c76736ebaf3b13b633b2e64125) C:\Windows\system32\drivers\sym_hi.sys
2011/05/31 11:01:31.0745 2104 Sym_u3 (8072af52b5fd103bbba387a1e49f62cb) C:\Windows\system32\drivers\sym_u3.sys
2011/05/31 11:01:32.0104 2104 Tcpip (782568ab6a43160a159b6215b70bcce9) C:\Windows\system32\drivers\tcpip.sys
2011/05/31 11:01:32.0416 2104 Tcpip6 (782568ab6a43160a159b6215b70bcce9) C:\Windows\system32\DRIVERS\tcpip.sys
2011/05/31 11:01:32.0541 2104 tcpipreg (d4a2e4a4b011f3a883af77315a5ae76b) C:\Windows\system32\drivers\tcpipreg.sys
2011/05/31 11:01:33.0102 2104 TDPIPE (5dcf5e267be67a1ae926f2df77fbcc56) C:\Windows\system32\drivers\tdpipe.sys
2011/05/31 11:01:33.0851 2104 TDTCP (389c63e32b3cefed425b61ed92d3f021) C:\Windows\system32\drivers\tdtcp.sys
2011/05/31 11:01:34.0319 2104 tdx (d09276b1fab033ce1d40dcbdf303d10f) C:\Windows\system32\DRIVERS\tdx.sys
2011/05/31 11:01:34.0740 2104 TermDD (a048056f5e1a96a9bf3071b91741a5aa) C:\Windows\system32\DRIVERS\termdd.sys
2011/05/31 11:01:35.0006 2104 tssecsrv (dcf0f056a2e4f52287264f5ab29cf206) C:\Windows\system32\DRIVERS\tssecsrv.sys
2011/05/31 11:01:35.0115 2104 tunmp (caecc0120ac49e3d2f758b9169872d38) C:\Windows\system32\DRIVERS\tunmp.sys
2011/05/31 11:01:35.0505 2104 tunnel (6042505ff6fa9ac1ef7684d0e03b6940) C:\Windows\system32\DRIVERS\tunnel.sys
2011/05/31 11:01:35.0832 2104 uagp35 (c3ade15414120033a36c0f293d4a4121) C:\Windows\system32\drivers\uagp35.sys
2011/05/31 11:01:36.0410 2104 udfs (8b5088058fa1d1cd897a2113ccff6c58) C:\Windows\system32\DRIVERS\udfs.sys
2011/05/31 11:01:36.0924 2104 uliagpkx (75e6890ebfce0841d3291b02e7a8bdb0) C:\Windows\system32\drivers\uliagpkx.sys
2011/05/31 11:01:37.0112 2104 uliahci (3cd4ea35a6221b85dcc25daa46313f8d) C:\Windows\system32\drivers\uliahci.sys
2011/05/31 11:01:37.0767 2104 UlSata (8514d0e5cd0534467c5fc61be94a569f) C:\Windows\system32\drivers\ulsata.sys
2011/05/31 11:01:38.0344 2104 ulsata2 (38c3c6e62b157a6bc46594fada45c62b) C:\Windows\system32\drivers\ulsata2.sys
2011/05/31 11:01:38.0734 2104 umbus (32cff9f809ae9aed85464492bf3e32d2) C:\Windows\system32\DRIVERS\umbus.sys
2011/05/31 11:01:39.0140 2104 USBAAPL (d4fb6ecc60a428564ba8768b0e23c0fc) C:\Windows\system32\Drivers\usbaapl.sys
2011/05/31 11:01:39.0795 2104 usbccgp (8bd3ae150d97ba4e633c6c5c51b41ae1) C:\Windows\system32\drivers\usbccgp.sys
2011/05/31 11:01:39.0982 2104 usbcir (e9476e6c486e76bc4898074768fb7131) C:\Windows\system32\drivers\usbcir.sys
2011/05/31 11:01:40.0107 2104 usbehci (cebe90821810e76320155beba722fcf9) C:\Windows\system32\DRIVERS\usbehci.sys
2011/05/31 11:01:40.0247 2104 usbhub (cc6b28e4ce39951357963119ce47b143) C:\Windows\system32\DRIVERS\usbhub.sys
2011/05/31 11:01:40.0544 2104 usbohci (38dbc7dd6cc5a72011f187425384388b) C:\Windows\system32\drivers\usbohci.sys
2011/05/31 11:01:40.0653 2104 usbprint (e75c4b5269091d15a2e7dc0b6d35f2f5) C:\Windows\system32\DRIVERS\usbprint.sys
2011/05/31 11:01:40.0762 2104 USBSTOR (87ba6b83c5d19b69160968d07d6e2982) C:\Windows\system32\DRIVERS\USBSTOR.SYS
2011/05/31 11:01:40.0887 2104 usbuhci (814d653efc4d48be3b04a307eceff56f) C:\Windows\system32\DRIVERS\usbuhci.sys
2011/05/31 11:01:40.0996 2104 vga (7d92be0028ecdedec74617009084b5ef) C:\Windows\system32\DRIVERS\vgapnp.sys
2011/05/31 11:01:41.0090 2104 VgaSave (2e93ac0a1d8c79d019db6c51f036636c) C:\Windows\System32\drivers\vga.sys
2011/05/31 11:01:41.0183 2104 viaagp (045d9961e591cf0674a920b6ba3ba5cb) C:\Windows\system32\drivers\viaagp.sys
2011/05/31 11:01:41.0292 2104 ViaC7 (56a4de5f02f2e88182b0981119b4dd98) C:\Windows\system32\drivers\viac7.sys
2011/05/31 11:01:41.0370 2104 viaide (fd2e3175fcada350c7ab4521dca187ec) C:\Windows\system32\drivers\viaide.sys
2011/05/31 11:01:41.0433 2104 volmgr (69503668ac66c77c6cd7af86fbdf8c43) C:\Windows\system32\drivers\volmgr.sys
2011/05/31 11:01:41.0542 2104 volmgrx (98f5ffe6316bd74e9e2c97206c190196) C:\Windows\system32\drivers\volmgrx.sys
2011/05/31 11:01:42.0057 2104 volsnap (d8b4a53dd2769f226b3eb374374987c9) C:\Windows\system32\drivers\volsnap.sys
2011/05/31 11:01:42.0166 2104 vsmraid (d984439746d42b30fc65a4c3546c6829) C:\Windows\system32\drivers\vsmraid.sys
2011/05/31 11:01:42.0478 2104 WacomPen (48dfee8f1af7c8235d4e626f0c4fe031) C:\Windows\system32\drivers\wacompen.sys
2011/05/31 11:01:42.0790 2104 Wanarp (55201897378cca7af8b5efd874374a26) C:\Windows\system32\DRIVERS\wanarp.sys
2011/05/31 11:01:42.0852 2104 Wanarpv6 (55201897378cca7af8b5efd874374a26) C:\Windows\system32\DRIVERS\wanarp.sys
2011/05/31 11:01:43.0071 2104 Wd (afc5ad65b991c1e205cf25cfdbf7a6f4) C:\Windows\system32\drivers\wd.sys
2011/05/31 11:01:43.0554 2104 Wdf01000 (b6f0a7ad6d4bd325fbcd8bac96cd8d96) C:\Windows\system32\drivers\Wdf01000.sys
2011/05/31 11:01:44.0194 2104 winachsf (72cc6a8ca7891031d6380db5025c773c) C:\Windows\system32\DRIVERS\HSX_CNXT.sys
2011/05/31 11:01:44.0787 2104 WmiAcpi (701a9f884a294327e9141d73746ee279) C:\Windows\system32\drivers\wmiacpi.sys
2011/05/31 11:01:45.0005 2104 WpdUsb (0cec23084b51b8288099eb710224e955) C:\Windows\system32\DRIVERS\wpdusb.sys
2011/05/31 11:01:45.0645 2104 ws2ifsl (e3a3cb253c0ec2494d4a61f5e43a389c) C:\Windows\system32\drivers\ws2ifsl.sys
2011/05/31 11:01:46.0284 2104 WUDFRd (ac13cb789d93412106b0fb6c7eb2bcb6) C:\Windows\system32\DRIVERS\WUDFRd.sys
2011/05/31 11:01:46.0721 2104 XAudio (dab33cfa9dd24251aaa389ff36b64d4b) C:\Windows\system32\DRIVERS\xaudio.sys
2011/05/31 11:01:46.0830 2104 MBR (0x1B8) (8913823ff508ccf109db74b636c301da) \Device\Harddisk0\DR0
2011/05/31 11:01:46.0893 2104 ================================================================================
2011/05/31 11:01:46.0893 2104 Scan finished
2011/05/31 11:01:46.0893 2104 ================================================================================
2011/05/31 11:01:46.0908 2100 Detected object count: 2
2011/05/31 11:01:46.0908 2100 Actual detected object count: 2
2011/05/31 11:11:00.0619 2100 netbt (4994ca603560027a9e9a92dbb8e5e047) C:\Windows\system32\DRIVERS\netbt.sys
2011/05/31 11:11:04.0224 2100 Backup copy found, using it..
2011/05/31 11:11:04.0237 2100 C:\Windows\system32\DRIVERS\netbt.sys - will be cured after reboot
2011/05/31 11:11:04.0238 2100 Rootkit.Win32.ZAccess.c(netbt) - User select action: Cure
2011/05/31 11:11:04.0243 2100 LockedFile.Multi.Generic(sptd) - User select action: Skip
2011/05/31 11:11:28.0021 2792 Deinitialize success

Most recent
2011/06/06 14:38:32.0941 3840 TDSS rootkit removing tool 2.5.3.0 May 25 2011 07:09:24
2011/06/06 14:38:33.0378 3840 ================================================================================
2011/06/06 14:38:33.0378 3840 SystemInfo:
2011/06/06 14:38:33.0378 3840
2011/06/06 14:38:33.0378 3840 OS Version: 6.0.6001 ServicePack: 1.0
2011/06/06 14:38:33.0378 3840 Product type: Workstation
2011/06/06 14:38:33.0378 3840 ComputerName: OWNER-PC
2011/06/06 14:38:33.0378 3840 UserName: owner
2011/06/06 14:38:33.0378 3840 Windows directory: C:\Windows
2011/06/06 14:38:33.0378 3840 System windows directory: C:\Windows
2011/06/06 14:38:33.0378 3840 Processor architecture: Intel x86
2011/06/06 14:38:33.0378 3840 Number of processors: 1
2011/06/06 14:38:33.0378 3840 Page size: 0x1000
2011/06/06 14:38:33.0378 3840 Boot type: Normal boot
2011/06/06 14:38:33.0378 3840 ================================================================================
2011/06/06 14:38:34.0298 3840 Initialize success
2011/06/06 14:38:38.0089 1228 ================================================================================
2011/06/06 14:38:38.0089 1228 Scan started
2011/06/06 14:38:38.0089 1228 Mode: Manual;
2011/06/06 14:38:38.0089 1228 ================================================================================
2011/06/06 14:38:39.0087 1228 ACPI (fcb8c7210f0135e24c6580f7f649c73c) C:\Windows\system32\drivers\acpi.sys
2011/06/06 14:38:39.0181 1228 adp94xx (2edc5bbac6c651ece337bde8ed97c9fb) C:\Windows\system32\drivers\adp94xx.sys
2011/06/06 14:38:39.0290 1228 adpahci (b84088ca3cdca97da44a984c6ce1ccad) C:\Windows\system32\drivers\adpahci.sys
2011/06/06 14:38:39.0337 1228 adpu160m (7880c67bccc27c86fd05aa2afb5ea469) C:\Windows\system32\drivers\adpu160m.sys
2011/06/06 14:38:39.0399 1228 adpu320 (9ae713f8e30efc2abccd84904333df4d) C:\Windows\system32\drivers\adpu320.sys
2011/06/06 14:38:39.0571 1228 AFD (763e172a55177e478cb419f88fd0ba03) C:\Windows\system32\drivers\afd.sys
2011/06/06 14:38:39.0633 1228 agp440 (ef23439cdd587f64c2c1b8825cead7d8) C:\Windows\system32\drivers\agp440.sys
2011/06/06 14:38:39.0711 1228 aic78xx (ae1fdf7bf7bb6c6a70f67699d880592a) C:\Windows\system32\drivers\djsvs.sys
2011/06/06 14:38:39.0774 1228 aliide (90395b64600ebb4552e26e178c94b2e4) C:\Windows\system32\drivers\aliide.sys
2011/06/06 14:38:39.0836 1228 amdagp (2b13e304c9dfdfa5eb582f6a149fa2c7) C:\Windows\system32\drivers\amdagp.sys
2011/06/06 14:38:39.0930 1228 amdide (0577df1d323fe75a739c787893d300ea) C:\Windows\system32\drivers\amdide.sys
2011/06/06 14:38:39.0961 1228 AmdK7 (dc487885bcef9f28eece6fac0e5ddfc5) C:\Windows\system32\drivers\amdk7.sys
2011/06/06 14:38:40.0008 1228 AmdK8 (0ca0071da4315b00fc1328ca86b425da) C:\Windows\system32\drivers\amdk8.sys
2011/06/06 14:38:40.0101 1228 arc (5f673180268bb1fdb69c99b6619fe379) C:\Windows\system32\drivers\arc.sys
2011/06/06 14:38:40.0195 1228 arcsas (957f7540b5e7f602e44648c7de5a1c05) C:\Windows\system32\drivers\arcsas.sys
2011/06/06 14:38:40.0257 1228 AsyncMac (53b202abee6455406254444303e87be1) C:\Windows\system32\DRIVERS\asyncmac.sys
2011/06/06 14:38:40.0320 1228 atapi (2d9c903dc76a66813d350a562de40ed9) C:\Windows\system32\drivers\atapi.sys
2011/06/06 14:38:40.0523 1228 AVGIDSDriver (97824e8c95d9717777abd46a7b632310) C:\Windows\system32\DRIVERS\AVGIDSDriver.Sys
2011/06/06 14:38:40.0569 1228 AVGIDSEH (c59c9bc3f0612bd207ccdc5d8cb9ce39) C:\Windows\system32\DRIVERS\AVGIDSEH.Sys
2011/06/06 14:38:40.0632 1228 AVGIDSFilter (c5559de2ec66cede15a1664f6d183d8e) C:\Windows\system32\DRIVERS\AVGIDSFilter.Sys
2011/06/06 14:38:40.0772 1228 AVGIDSShim (ae5e9667fa40206796d1bd5bd0427a8a) C:\Windows\system32\DRIVERS\AVGIDSShim.Sys
2011/06/06 14:38:40.0850 1228 Avgldx86 (4e796d3d2c3182b13b3e3b5a2ad4ef0a) C:\Windows\system32\DRIVERS\avgldx86.sys
2011/06/06 14:38:40.0991 1228 Avgmfx86 (5639de66b37d02bd22df4cf3155fba60) C:\Windows\system32\DRIVERS\avgmfx86.sys
2011/06/06 14:38:41.0022 1228 Avgrkx86 (d1baf652eda0ae70896276a1fb32c2d4) C:\Windows\system32\DRIVERS\avgrkx86.sys
2011/06/06 14:38:41.0084 1228 Avgtdix (aaf0ebcad95f2164cffb544e00392498) C:\Windows\system32\DRIVERS\avgtdix.sys
2011/06/06 14:38:41.0240 1228 Beep (67e506b75bd5326a3ec7b70bd014dfb6) C:\Windows\system32\drivers\Beep.sys
2011/06/06 14:38:41.0365 1228 bowser (8153396d5551276227fa146900f734e6) C:\Windows\system32\DRIVERS\bowser.sys
2011/06/06 14:38:41.0505 1228 BrFiltLo (9f9acc7f7ccde8a15c282d3f88b43309) C:\Windows\system32\drivers\brfiltlo.sys
2011/06/06 14:38:41.0537 1228 BrFiltUp (56801ad62213a41f6497f96dee83755a) C:\Windows\system32\drivers\brfiltup.sys
2011/06/06 14:38:41.0708 1228 Brserid (b304e75cff293029eddf094246747113) C:\Windows\system32\drivers\brserid.sys
2011/06/06 14:38:41.0755 1228 BrSerWdm (203f0b1e73adadbbb7b7b1fabd901f6b) C:\Windows\system32\drivers\brserwdm.sys
2011/06/06 14:38:41.0786 1228 BrUsbMdm (bd456606156ba17e60a04e18016ae54b) C:\Windows\system32\drivers\brusbmdm.sys
2011/06/06 14:38:41.0895 1228 BrUsbSer (af72ed54503f717a43268b3cc5faec2e) C:\Windows\system32\drivers\brusbser.sys
2011/06/06 14:38:41.0942 1228 BTHMODEM (ad07c1ec6665b8b35741ab91200c6b68) C:\Windows\system32\drivers\bthmodem.sys
2011/06/06 14:38:42.0005 1228 cdfs (7add03e75beb9e6dd102c3081d29840a) C:\Windows\system32\DRIVERS\cdfs.sys
2011/06/06 14:38:42.0067 1228 cdrom (08b855f5f18e1096b095d789cad07f6e) C:\Windows\system32\DRIVERS\cdrom.sys
2011/06/06 14:38:42.0083 1228 cdrom - detected Rootkit.Win32.ZAccess.c (0)
2011/06/06 14:38:42.0176 1228 circlass (da8e0afc7baa226c538ef53ac2f90897) C:\Windows\system32\drivers\circlass.sys
2011/06/06 14:38:42.0254 1228 CLFS (465745561c832b29f7c48b488aab3842) C:\Windows\system32\CLFS.sys
2011/06/06 14:38:42.0379 1228 cmdide (45201046c776ffdaf3fc8a0029c581c8) C:\Windows\system32\drivers\cmdide.sys
2011/06/06 14:38:42.0441 1228 Compbatt (82b8c91d327cfecf76cb58716f7d4997) C:\Windows\system32\drivers\compbatt.sys
2011/06/06 14:38:42.0582 1228 crcdisk (2a213ae086bbec5e937553c7d9a2b22c) C:\Windows\system32\drivers\crcdisk.sys
2011/06/06 14:38:42.0691 1228 Crusoe (22a7f883508176489f559ee745b5bf5d) C:\Windows\system32\drivers\crusoe.sys
2011/06/06 14:38:42.0800 1228 DfsC (9e635ae5e8ad93e2b5989e2e23679f97) C:\Windows\system32\Drivers\dfsc.sys
2011/06/06 14:38:42.0925 1228 disk (64109e623abd6955c8fb110b592e68b7) C:\Windows\system32\drivers\disk.sys
2011/06/06 14:38:43.0003 1228 drmkaud (97fef831ab90bee128c9af390e243f80) C:\Windows\system32\drivers\drmkaud.sys
2011/06/06 14:38:43.0081 1228 DXGKrnl (85f33880b8cfb554bd3d9ccdb486845a) C:\Windows\System32\drivers\dxgkrnl.sys
2011/06/06 14:38:43.0159 1228 E1G60 (f88fb26547fd2ce6d0a5af2985892c48) C:\Windows\system32\DRIVERS\E1G60I32.sys
2011/06/06 14:38:43.0253 1228 Ecache (dd2cd259d83d8b72c02c5f2331ff9d68) C:\Windows\system32\drivers\ecache.sys
2011/06/06 14:38:43.0362 1228 elxstor (e8f3f21a71720c84bcf423b80028359f) C:\Windows\system32\drivers\elxstor.sys
2011/06/06 14:38:43.0502 1228 exfat (0d858eb20589a34efb25695acaa6aa2d) C:\Windows\system32\drivers\exfat.sys
2011/06/06 14:38:43.0611 1228 fastfat (3c489390c2e2064563727752af8eab9e) C:\Windows\system32\drivers\fastfat.sys
2011/06/06 14:38:43.0689 1228 fdc (63bdada84951b9c03e641800e176898a) C:\Windows\system32\DRIVERS\fdc.sys
2011/06/06 14:38:43.0799 1228 FileInfo (a8c0139a884861e3aae9cfe73b208a9f) C:\Windows\system32\drivers\fileinfo.sys
2011/06/06 14:38:43.0861 1228 Filetrace (0ae429a696aecbc5970e3cf2c62635ae) C:\Windows\system32\drivers\filetrace.sys
2011/06/06 14:38:43.0923 1228 flpydisk (6603957eff5ec62d25075ea8ac27de68) C:\Windows\system32\DRIVERS\flpydisk.sys
2011/06/06 14:38:44.0017 1228 FltMgr (05ea53afe985443011e36dab07343b46) C:\Windows\system32\drivers\fltmgr.sys
2011/06/06 14:38:44.0095 1228 Fs_Rec (65ea8b77b5851854f0c55c43fa51a198) C:\Windows\system32\drivers\Fs_Rec.sys
2011/06/06 14:38:44.0173 1228 gagp30kx (4e1cd0a45c50a8882616cae5bf82f3c5) C:\Windows\system32\drivers\gagp30kx.sys
2011/06/06 14:38:44.0251 1228 GEARAspiWDM (8182ff89c65e4d38b2de4bb0fb18564e) C:\Windows\system32\DRIVERS\GEARAspiWDM.sys
2011/06/06 14:38:44.0329 1228 HdAudAddService (cb04c744be0a61b1d648faed182c3b59) C:\Windows\system32\drivers\HdAudio.sys
2011/06/06 14:38:44.0469 1228 HidBth (1338520e78d90154ed6be8f84de5fceb) C:\Windows\system32\drivers\hidbth.sys
2011/06/06 14:38:44.0547 1228 HidIr (ff3160c3a2445128c5a6d9b076da519e) C:\Windows\system32\drivers\hidir.sys
2011/06/06 14:38:44.0594 1228 HidUsb (3c64042b95e583b366ba4e5d2450235e) C:\Windows\system32\drivers\hidusb.sys
2011/06/06 14:38:44.0672 1228 HpCISSs (df353b401001246853763c4b7aaa6f50) C:\Windows\system32\drivers\hpcisss.sys
2011/06/06 14:38:44.0781 1228 HSF_DP (88749fbf8beb18c90e7d6626c8c1910b) C:\Windows\system32\DRIVERS\HSX_DP.sys
2011/06/06 14:38:44.0906 1228 HTTP (33b02459e86d0a2b86a6b9fe19139390) C:\Windows\system32\drivers\HTTP.sys
2011/06/06 14:38:45.0000 1228 i2omp (324c2152ff2c61abae92d09f3cca4d63) C:\Windows\system32\drivers\i2omp.sys
2011/06/06 14:38:45.0062 1228 i8042prt (22d56c8184586b7a1f6fa60be5f5a2bd) C:\Windows\system32\DRIVERS\i8042prt.sys
2011/06/06 14:38:45.0125 1228 iaStorV (c957bf4b5d80b46c5017bf0101e6c906) C:\Windows\system32\drivers\iastorv.sys
2011/06/06 14:38:45.0296 1228 igfx (e5490aea3b791c454e9933bf749ca3d8) C:\Windows\system32\DRIVERS\igdkmd32.sys
2011/06/06 14:38:45.0374 1228 iirsp (2d077bf86e843f901d8db709c95b49a5) C:\Windows\system32\drivers\iirsp.sys
2011/06/06 14:38:45.0530 1228 intelide (83aa759f3189e6370c30de5dc5590718) C:\Windows\system32\drivers\intelide.sys
2011/06/06 14:38:45.0593 1228 intelppm (224191001e78c89dfa78924c3ea595ff) C:\Windows\system32\DRIVERS\intelppm.sys
2011/06/06 14:38:45.0702 1228 IpFilterDriver (62c265c38769b864cb25b4bcf62df6c3) C:\Windows\system32\DRIVERS\ipfltdrv.sys
2011/06/06 14:38:45.0811 1228 IPMIDRV (40f34f8aba2a015d780e4b09138b6c17) C:\Windows\system32\drivers\ipmidrv.sys
2011/06/06 14:38:45.0889 1228 IPNAT (8793643a67b42cec66490b2a0cf92d68) C:\Windows\system32\DRIVERS\ipnat.sys
2011/06/06 14:38:46.0014 1228 IRENUM (109c0dfb82c3632fbd11949b73aeeac9) C:\Windows\system32\drivers\irenum.sys
2011/06/06 14:38:46.0092 1228 isapnp (350fca7e73cf65bcef43fae1e4e91293) C:\Windows\system32\drivers\isapnp.sys
2011/06/06 14:38:46.0201 1228 iScsiPrt (724ff2f5fb3f0ef69142b7e99d67545c) C:\Windows\system32\DRIVERS\msiscsi.sys
2011/06/06 14:38:46.0217 1228 iScsiPrt - detected Rootkit.Win32.ZAccess.c (0)
2011/06/06 14:38:46.0279 1228 iteatapi (bced60d16156e428f8df8cf27b0df150) C:\Windows\system32\drivers\iteatapi.sys
2011/06/06 14:38:46.0310 1228 iteraid (06fa654504a498c30adca8bec4e87e7e) C:\Windows\system32\drivers\iteraid.sys
2011/06/06 14:38:46.0404 1228 kbdclass (37605e0a8cf00cbba538e753e4344c6e) C:\Windows\system32\DRIVERS\kbdclass.sys
2011/06/06 14:38:46.0451 1228 kbdhid (d2600cb17b7408b4a83f231dc9a11ac3) C:\Windows\system32\drivers\kbdhid.sys
2011/06/06 14:38:46.0560 1228 KSecDD (7a0cf7908b6824d6a2a1d313e5ae3dca) C:\Windows\system32\Drivers\ksecdd.sys
2011/06/06 14:38:46.0700 1228 lltdio (d1c5883087a0c3f1344d9d55a44901f6) C:\Windows\system32\DRIVERS\lltdio.sys
2011/06/06 14:38:46.0794 1228 LSI_FC (a2262fb9f28935e862b4db46438c80d2) C:\Windows\system32\drivers\lsi_fc.sys
2011/06/06 14:38:46.0841 1228 LSI_SAS (30d73327d390f72a62f32c103daf1d6d) C:\Windows\system32\drivers\lsi_sas.sys
2011/06/06 14:38:46.0903 1228 LSI_SCSI (e1e36fefd45849a95f1ab81de0159fe3) C:\Windows\system32\drivers\lsi_scsi.sys
2011/06/06 14:38:46.0981 1228 luafv (8f5c7426567798e62a3b3614965d62cc) C:\Windows\system32\drivers\luafv.sys
2011/06/06 14:38:47.0090 1228 MCSTRM (5bb01b9f582259d1fb7653c5c1da3653) C:\Windows\system32\drivers\MCSTRM.sys
2011/06/06 14:38:47.0184 1228 mdmxsdk (0cea2d0d3fa284b85ed5b68365114f76) C:\Windows\system32\DRIVERS\mdmxsdk.sys
2011/06/06 14:38:47.0246 1228 megasas (d153b14fc6598eae8422a2037553adce) C:\Windows\system32\drivers\megasas.sys
2011/06/06 14:38:47.0309 1228 Modem (e13b5ea0f51ba5b1512ec671393d09ba) C:\Windows\system32\drivers\modem.sys
2011/06/06 14:38:47.0418 1228 monitor (0a9bb33b56e294f686abb7c1e4e2d8a8) C:\Windows\system32\DRIVERS\monitor.sys
2011/06/06 14:38:47.0480 1228 mouclass (5bf6a1326a335c5298477754a506d263) C:\Windows\system32\DRIVERS\mouclass.sys
2011/06/06 14:38:47.0527 1228 mouhid (a3a6dff7e9e757db3df51a833bc28885) C:\Windows\system32\drivers\mouhid.sys
2011/06/06 14:38:47.0621 1228 MountMgr (bdafc88aa6b92f7842416ea6a48e1600) C:\Windows\system32\drivers\mountmgr.sys
2011/06/06 14:38:47.0699 1228 mpio (583a41f26278d9e0ea548163d6139397) C:\Windows\system32\drivers\mpio.sys
2011/06/06 14:38:47.0823 1228 mpsdrv (22241feba9b2defa669c8cb0a8dd7d2e) C:\Windows\system32\drivers\mpsdrv.sys
2011/06/06 14:38:47.0933 1228 Mraid35x (4fbbb70d30fd20ec51f80061703b001e) C:\Windows\system32\drivers\mraid35x.sys
2011/06/06 14:38:47.0995 1228 MRxDAV (ae3de84536b6799d2267443cec8edbb9) C:\Windows\system32\drivers\mrxdav.sys
2011/06/06 14:38:48.0057 1228 mrxsmb (cc752d233ef39875ca6885d9415ba869) C:\Windows\system32\DRIVERS\mrxsmb.sys
2011/06/06 14:38:48.0135 1228 mrxsmb10 (9049dddd4bd27d43d82f5968f1da76e4) C:\Windows\system32\DRIVERS\mrxsmb10.sys
2011/06/06 14:38:48.0182 1228 mrxsmb20 (91dc069b6831ef564e7d8c97eaf0343e) C:\Windows\system32\DRIVERS\mrxsmb20.sys
2011/06/06 14:38:48.0245 1228 msahci (742aed7939e734c36b7e8d6228ce26b7) C:\Windows\system32\drivers\msahci.sys
2011/06/06 14:38:48.0307 1228 msdsm (3fc82a2ae4cc149165a94699183d3028) C:\Windows\system32\drivers\msdsm.sys
2011/06/06 14:38:48.0432 1228 Msfs (a9927f4a46b816c92f461acb90cf8515) C:\Windows\system32\drivers\Msfs.sys
2011/06/06 14:38:48.0525 1228 msisadrv (0f400e306f385c56317357d6dea56f62) C:\Windows\system32\drivers\msisadrv.sys
2011/06/06 14:38:48.0635 1228 MSKSSRV (d8c63d34d9c9e56c059e24ec7185cc07) C:\Windows\system32\drivers\MSKSSRV.sys
2011/06/06 14:38:48.0713 1228 MSPCLOCK (1d373c90d62ddb641d50e55b9e78d65e) C:\Windows\system32\drivers\MSPCLOCK.sys
2011/06/06 14:38:48.0759 1228 MSPQM (b572da05bf4e098d4bba3a4734fb505b) C:\Windows\system32\drivers\MSPQM.sys
2011/06/06 14:38:48.0837 1228 MsRPC (b5614aecb05a9340aa0fb55bf561cc63) C:\Windows\system32\drivers\MsRPC.sys
2011/06/06 14:38:48.0915 1228 mssmbios (e384487cb84be41d09711c30ca79646c) C:\Windows\system32\DRIVERS\mssmbios.sys
2011/06/06 14:38:49.0009 1228 MSTEE (7199c1eec1e4993caf96b8c0a26bd58a) C:\Windows\system32\drivers\MSTEE.sys
2011/06/06 14:38:49.0087 1228 Mup (6dfd1d322de55b0b7db7d21b90bec49c) C:\Windows\system32\Drivers\mup.sys
2011/06/06 14:38:49.0149 1228 NativeWifiP (3c21ce48ff529bb73dadb98770b54025) C:\Windows\system32\DRIVERS\nwifi.sys
2011/06/06 14:38:49.0259 1228 NDIS (9bdc71790fa08f0a0b5f10462b1bd0b1) C:\Windows\system32\drivers\ndis.sys
2011/06/06 14:38:49.0337 1228 NdisTapi (0e186e90404980569fb449ba7519ae61) C:\Windows\system32\DRIVERS\ndistapi.sys
2011/06/06 14:38:49.0415 1228 Ndisuio (d6973aa34c4d5d76c0430b181c3cd389) C:\Windows\system32\DRIVERS\ndisuio.sys
2011/06/06 14:38:49.0477 1228 NdisWan (3d14c3b3496f88890d431e8aa022a411) C:\Windows\system32\DRIVERS\ndiswan.sys
2011/06/06 14:38:49.0571 1228 NDProxy (71dab552b41936358f3b541ae5997fb3) C:\Windows\system32\drivers\NDProxy.sys
2011/06/06 14:38:49.0664 1228 NetBIOS (bcd093a5a6777cf626434568dc7dba78) C:\Windows\system32\DRIVERS\netbios.sys
2011/06/06 14:38:49.0695 1228 netbt (7c5fee5b1c5728507cd96fb4a13e7a02) C:\Windows\system32\DRIVERS\netbt.sys
2011/06/06 14:38:49.0820 1228 nfrd960 (2e7fb731d4790a1bc6270accefacb36e) C:\Windows\system32\drivers\nfrd960.sys
2011/06/06 14:38:49.0929 1228 Npfs (ecb5003f484f9ed6c608d6d6c7886cbb) C:\Windows\system32\drivers\Npfs.sys
2011/06/06 14:38:50.0007 1228 nsiproxy (609773e344a97410ce4ebf74a8914fcf) C:\Windows\system32\drivers\nsiproxy.sys
2011/06/06 14:38:50.0117 1228 Ntfs (b4effe29eb4f15538fd8a9681108492d) C:\Windows\system32\drivers\Ntfs.sys
2011/06/06 14:38:50.0210 1228 ntrigdigi (e875c093aec0c978a90f30c9e0dfbb72) C:\Windows\system32\drivers\ntrigdigi.sys
2011/06/06 14:38:50.0288 1228 Null (c5dbbcda07d780bda9b685df333bb41e) C:\Windows\system32\drivers\Null.sys
2011/06/06 14:38:50.0351 1228 nvraid (e69e946f80c1c31c53003bfbf50cbb7c) C:\Windows\system32\drivers\nvraid.sys
2011/06/06 14:38:50.0413 1228 nvstor (9e0ba19a28c498a6d323d065db76dffc) C:\Windows\system32\drivers\nvstor.sys
2011/06/06 14:38:50.0475 1228 nv_agp (07c186427eb8fcc3d8d7927187f260f7) C:\Windows\system32\drivers\nv_agp.sys
2011/06/06 14:38:50.0631 1228 ohci1394 (be32da025a0be1878f0ee8d6d9386cd5) C:\Windows\system32\drivers\ohci1394.sys
2011/06/06 14:38:50.0709 1228 Parport (0fa9b5055484649d63c303fe404e5f4d) C:\Windows\system32\drivers\parport.sys
2011/06/06 14:38:50.0772 1228 partmgr (3b38467e7c3daed009dfe359e17f139f) C:\Windows\system32\drivers\partmgr.sys
2011/06/06 14:38:50.0865 1228 Parvdm (4f9a6a8a31413180d0fcb279ad5d8112) C:\Windows\system32\drivers\parvdm.sys
2011/06/06 14:38:50.0943 1228 pci (01b94418deb235dff777cc80076354b4) C:\Windows\system32\drivers\pci.sys
2011/06/06 14:38:50.0990 1228 pciide (3b1901e401473e03eb8c874271e50c26) C:\Windows\system32\drivers\pciide.sys
2011/06/06 14:38:51.0115 1228 pcmcia (e6f3fb1b86aa519e7698ad05e58b04e5) C:\Windows\system32\drivers\pcmcia.sys
2011/06/06 14:38:51.0193 1228 pcouffin (02aaafb7ba137ce5ddabcdf8090954d9) C:\Windows\system32\Drivers\pcouffin.sys
2011/06/06 14:38:51.0302 1228 PEAUTH (6349f6ed9c623b44b52ea3c63c831a92) C:\Windows\system32\drivers\peauth.sys
2011/06/06 14:38:51.0489 1228 PptpMiniport (ecfffaec0c1ecd8dbc77f39070ea1db1) C:\Windows\system32\DRIVERS\raspptp.sys
2011/06/06 14:38:51.0583 1228 Processor (0e3cef5d28b40cf273281d620c50700a) C:\Windows\system32\drivers\processr.sys
2011/06/06 14:38:51.0661 1228 PSched (bfef604508a0ed1eae2a73e872555ffb) C:\Windows\system32\DRIVERS\pacer.sys
2011/06/06 14:38:51.0739 1228 PxHelp20 (40fedd328f98245ad201cf5f9f311724) C:\Windows\system32\Drivers\PxHelp20.sys
2011/06/06 14:38:51.0833 1228 QCDonner (b1ad87b4c97b6b59fcd075001e76865f) C:\Windows\system32\DRIVERS\LVCD.sys
2011/06/06 14:38:51.0942 1228 ql2300 (ccdac889326317792480c0a67156a1ec) C:\Windows\system32\drivers\ql2300.sys
2011/06/06 14:38:52.0035 1228 ql40xx (81a7e5c076e59995d54bc1ed3a16e60b) C:\Windows\system32\drivers\ql40xx.sys
2011/06/06 14:38:52.0113 1228 QWAVEdrv (9f5e0e1926014d17486901c88eca2db7) C:\Windows\system32\drivers\qwavedrv.sys
2011/06/06 14:38:52.0160 1228 RasAcd (147d7f9c556d259924351feb0de606c3) C:\Windows\system32\DRIVERS\rasacd.sys
2011/06/06 14:38:52.0238 1228 Rasl2tp (a214adbaf4cb47dd2728859ef31f26b0) C:\Windows\system32\DRIVERS\rasl2tp.sys
2011/06/06 14:38:52.0347 1228 RasPppoe (3e9d9b048107b40d87b97df2e48e0744) C:\Windows\system32\DRIVERS\raspppoe.sys
2011/06/06 14:38:52.0425 1228 RasSstp (a7d141684e9500ac928a772ed8e6b671) C:\Windows\system32\DRIVERS\rassstp.sys
2011/06/06 14:38:52.0519 1228 rdbss (6e1c5d0457622f9ee35f683110e93d14) C:\Windows\system32\DRIVERS\rdbss.sys
2011/06/06 14:38:52.0597 1228 RDPCDD (89e59be9a564262a3fb6c4f4f1cd9899) C:\Windows\system32\DRIVERS\RDPCDD.sys
2011/06/06 14:38:52.0753 1228 rdpdr (e8bd98d46f2ed77132ba927fccb47d8b) C:\Windows\system32\drivers\rdpdr.sys
2011/06/06 14:38:52.0847 1228 RDPENCDD (9d91fe5286f748862ecffa05f8a0710c) C:\Windows\system32\drivers\rdpencdd.sys
2011/06/06 14:38:52.0909 1228 RDPWD (e1c18f4097a5abcec941dc4b2f99db7e) C:\Windows\system32\drivers\RDPWD.sys
2011/06/06 14:38:53.0049 1228 rspndr (9c508f4074a39e8b4b31d27198146fad) C:\Windows\system32\DRIVERS\rspndr.sys
2011/06/06 14:38:53.0112 1228 RTL8169 (283392af1860ecdb5e0f8ebd7f3d72df) C:\Windows\system32\DRIVERS\Rtlh86.sys
2011/06/06 14:38:53.0174 1228 sbp2port (3ce8f073a557e172b330109436984e30) C:\Windows\system32\drivers\sbp2port.sys
2011/06/06 14:38:53.0315 1228 secdrv (90a3935d05b494a5a39d37e71f09a677) C:\Windows\system32\drivers\secdrv.sys
2011/06/06 14:38:53.0408 1228 Serenum (68e44e331d46f0fb38f0863a84cd1a31) C:\Windows\system32\drivers\serenum.sys
2011/06/06 14:38:53.0455 1228 Serial (c70d69a918b178d3c3b06339b40c2e1b) C:\Windows\system32\drivers\serial.sys
2011/06/06 14:38:53.0533 1228 sermouse (8af3d28a879bf75db53a0ee7a4289624) C:\Windows\system32\drivers\sermouse.sys
2011/06/06 14:38:53.0673 1228 sffdisk (103b79418da647736ee95645f305f68a) C:\Windows\system32\drivers\sffdisk.sys
2011/06/06 14:38:53.0736 1228 sffp_mmc (8fd08a310645fe872eeec6e08c6bf3ee) C:\Windows\system32\drivers\sffp_mmc.sys
2011/06/06 14:38:53.0798 1228 sffp_sd (9cfa05fcfcb7124e69cfc812b72f9614) C:\Windows\system32\drivers\sffp_sd.sys
2011/06/06 14:38:53.0861 1228 sfloppy (46ed8e91793b2e6f848015445a0ac188) C:\Windows\system32\drivers\sfloppy.sys
2011/06/06 14:38:53.0970 1228 sisagp (d2a595d6eebeeaf4334f8e50efbc9931) C:\Windows\system32\drivers\sisagp.sys
2011/06/06 14:38:54.0017 1228 SiSRaid2 (cedd6f4e7d84e9f98b34b3fe988373aa) C:\Windows\system32\drivers\sisraid2.sys
2011/06/06 14:38:54.0079 1228 SiSRaid4 (df843c528c4f69d12ce41ce462e973a7) C:\Windows\system32\drivers\sisraid4.sys
2011/06/06 14:38:54.0204 1228 Smb (43475501e39ea75334d7c0d499992fa1) C:\Windows\system32\DRIVERS\smb.sys
2011/06/06 14:38:54.0204 1228 Suspicious file (Forged): C:\Windows\system32\DRIVERS\smb.sys. Real md5: 43475501e39ea75334d7c0d499992fa1, Fake md5: 031e6bcd53c9b2b9ace111eafec347b6
2011/06/06 14:38:54.0235 1228 Smb - detected Rootkit.Win32.ZAccess.c (0)
2011/06/06 14:38:54.0297 1228 spldr (7aebdeef071fe28b0eef2cdd69102bff) C:\Windows\system32\drivers\spldr.sys
2011/06/06 14:38:54.0391 1228 sptd (71e276f6d189413266ea22171806597b) C:\Windows\System32\Drivers\sptd.sys
2011/06/06 14:38:54.0485 1228 srv (2252aef839b1093d16761189f45af885) C:\Windows\system32\DRIVERS\srv.sys
2011/06/06 14:38:54.0547 1228 srv2 (96512f4a30b741e7d33a7936b9abbc20) C:\Windows\system32\DRIVERS\srv2.sys
2011/06/06 14:38:54.0625 1228 srvnet (1c69e33e0e23626da5a34ca5ba0dd990) C:\Windows\system32\DRIVERS\srvnet.sys
2011/06/06 14:38:54.0797 1228 swenum (7ba58ecf0c0a9a69d44b3dca62becf56) C:\Windows\system32\DRIVERS\swenum.sys
2011/06/06 14:38:54.0875 1228 Symc8xx (192aa3ac01df071b541094f251deed10) C:\Windows\system32\drivers\symc8xx.sys
2011/06/06 14:38:54.0984 1228 Sym_hi (8c8eb8c76736ebaf3b13b633b2e64125) C:\Windows\system32\drivers\sym_hi.sys
2011/06/06 14:38:55.0046 1228 Sym_u3 (8072af52b5fd103bbba387a1e49f62cb) C:\Windows\system32\drivers\sym_u3.sys
2011/06/06 14:38:55.0171 1228 Tcpip (782568ab6a43160a159b6215b70bcce9) C:\Windows\system32\drivers\tcpip.sys
2011/06/06 14:38:55.0280 1228 Tcpip6 (782568ab6a43160a159b6215b70bcce9) C:\Windows\system32\DRIVERS\tcpip.sys
2011/06/06 14:38:55.0358 1228 tcpipreg (d4a2e4a4b011f3a883af77315a5ae76b) C:\Windows\system32\drivers\tcpipreg.sys
2011/06/06 14:38:55.0421 1228 TDPIPE (5dcf5e267be67a1ae926f2df77fbcc56) C:\Windows\system32\drivers\tdpipe.sys
2011/06/06 14:38:55.0514 1228 TDTCP (389c63e32b3cefed425b61ed92d3f021) C:\Windows\system32\drivers\tdtcp.sys
2011/06/06 14:38:55.0577 1228 tdx (d09276b1fab033ce1d40dcbdf303d10f) C:\Windows\system32\DRIVERS\tdx.sys
2011/06/06 14:38:55.0639 1228 TermDD (a048056f5e1a96a9bf3071b91741a5aa) C:\Windows\system32\DRIVERS\termdd.sys
2011/06/06 14:38:55.0826 1228 tssecsrv (dcf0f056a2e4f52287264f5ab29cf206) C:\Windows\system32\DRIVERS\tssecsrv.sys
2011/06/06 14:38:55.0873 1228 tunmp (caecc0120ac49e3d2f758b9169872d38) C:\Windows\system32\DRIVERS\tunmp.sys
2011/06/06 14:38:55.0935 1228 tunnel (6042505ff6fa9ac1ef7684d0e03b6940) C:\Windows\system32\DRIVERS\tunnel.sys
2011/06/06 14:38:56.0045 1228 uagp35 (c3ade15414120033a36c0f293d4a4121) C:\Windows\system32\drivers\uagp35.sys
2011/06/06 14:38:56.0123 1228 udfs (8b5088058fa1d1cd897a2113ccff6c58) C:\Windows\system32\DRIVERS\udfs.sys
2011/06/06 14:38:56.0263 1228 uliagpkx (75e6890ebfce0841d3291b02e7a8bdb0) C:\Windows\system32\drivers\uliagpkx.sys
2011/06/06 14:38:56.0341 1228 uliahci (3cd4ea35a6221b85dcc25daa46313f8d) C:\Windows\system32\drivers\uliahci.sys
2011/06/06 14:38:56.0450 1228 UlSata (8514d0e5cd0534467c5fc61be94a569f) C:\Windows\system32\drivers\ulsata.sys
2011/06/06 14:38:56.0497 1228 ulsata2 (38c3c6e62b157a6bc46594fada45c62b) C:\Windows\system32\drivers\ulsata2.sys
2011/06/06 14:38:56.0575 1228 umbus (32cff9f809ae9aed85464492bf3e32d2) C:\Windows\system32\DRIVERS\umbus.sys
2011/06/06 14:38:56.0715 1228 USBAAPL (d4fb6ecc60a428564ba8768b0e23c0fc) C:\Windows\system32\Drivers\usbaapl.sys
2011/06/06 14:38:56.0809 1228 usbccgp (8bd3ae150d97ba4e633c6c5c51b41ae1) C:\Windows\system32\drivers\usbccgp.sys
2011/06/06 14:38:56.0918 1228 usbcir (e9476e6c486e76bc4898074768fb7131) C:\Windows\system32\drivers\usbcir.sys
2011/06/06 14:38:56.0981 1228 usbehci (cebe90821810e76320155beba722fcf9) C:\Windows\system32\DRIVERS\usbehci.sys
2011/06/06 14:38:57.0043 1228 usbhub (cc6b28e4ce39951357963119ce47b143) C:\Windows\system32\DRIVERS\usbhub.sys
2011/06/06 14:38:57.0152 1228 usbohci (38dbc7dd6cc5a72011f187425384388b) C:\Windows\system32\drivers\usbohci.sys
2011/06/06 14:38:57.0230 1228 usbprint (e75c4b5269091d15a2e7dc0b6d35f2f5) C:\Windows\system32\DRIVERS\usbprint.sys
2011/06/06 14:38:57.0324 1228 USBSTOR (87ba6b83c5d19b69160968d07d6e2982) C:\Windows\system32\DRIVERS\USBSTOR.SYS
2011/06/06 14:38:57.0371 1228 usbuhci (814d653efc4d48be3b04a307eceff56f) C:\Windows\system32\DRIVERS\usbuhci.sys
2011/06/06 14:38:57.0464 1228 vga (7d92be0028ecdedec74617009084b5ef) C:\Windows\system32\DRIVERS\vgapnp.sys
2011/06/06 14:38:57.0573 1228 VgaSave (2e93ac0a1d8c79d019db6c51f036636c) C:\Windows\System32\drivers\vga.sys
2011/06/06 14:38:57.0620 1228 viaagp (045d9961e591cf0674a920b6ba3ba5cb) C:\Windows\system32\drivers\viaagp.sys
2011/06/06 14:38:57.0683 1228 ViaC7 (56a4de5f02f2e88182b0981119b4dd98) C:\Windows\system32\drivers\viac7.sys
2011/06/06 14:38:57.0792 1228 viaide (fd2e3175fcada350c7ab4521dca187ec) C:\Windows\system32\drivers\viaide.sys
2011/06/06 14:38:57.0948 1228 volmgr (69503668ac66c77c6cd7af86fbdf8c43) C:\Windows\system32\drivers\volmgr.sys
2011/06/06 14:38:58.0010 1228 volmgrx (98f5ffe6316bd74e9e2c97206c190196) C:\Windows\system32\drivers\volmgrx.sys
2011/06/06 14:38:58.0135 1228 volsnap (d8b4a53dd2769f226b3eb374374987c9) C:\Windows\system32\drivers\volsnap.sys
2011/06/06 14:38:58.0213 1228 vsmraid (d984439746d42b30fc65a4c3546c6829) C:\Windows\system32\drivers\vsmraid.sys
2011/06/06 14:38:58.0322 1228 WacomPen (48dfee8f1af7c8235d4e626f0c4fe031) C:\Windows\system32\drivers\wacompen.sys
2011/06/06 14:38:58.0385 1228 Wanarp (55201897378cca7af8b5efd874374a26) C:\Windows\system32\DRIVERS\wanarp.sys
2011/06/06 14:38:58.0416 1228 Wanarpv6 (55201897378cca7af8b5efd874374a26) C:\Windows\system32\DRIVERS\wanarp.sys
2011/06/06 14:38:58.0494 1228 Wd (afc5ad65b991c1e205cf25cfdbf7a6f4) C:\Windows\system32\drivers\wd.sys
2011/06/06 14:38:58.0603 1228 Wdf01000 (b6f0a7ad6d4bd325fbcd8bac96cd8d96) C:\Windows\system32\drivers\Wdf01000.sys
2011/06/06 14:38:58.0759 1228 winachsf (72cc6a8ca7891031d6380db5025c773c) C:\Windows\system32\DRIVERS\HSX_CNXT.sys
2011/06/06 14:38:58.0962 1228 WmiAcpi (701a9f884a294327e9141d73746ee279) C:\Windows\system32\drivers\wmiacpi.sys
2011/06/06 14:38:59.0102 1228 WpdUsb (0cec23084b51b8288099eb710224e955) C:\Windows\system32\DRIVERS\wpdusb.sys
2011/06/06 14:38:59.0211 1228 ws2ifsl (e3a3cb253c0ec2494d4a61f5e43a389c) C:\Windows\system32\drivers\ws2ifsl.sys
2011/06/06 14:38:59.0336 1228 WUDFRd (ac13cb789d93412106b0fb6c7eb2bcb6) C:\Windows\system32\DRIVERS\WUDFRd.sys
2011/06/06 14:38:59.0461 1228 XAudio (dab33cfa9dd24251aaa389ff36b64d4b) C:\Windows\system32\DRIVERS\xaudio.sys
2011/06/06 14:38:59.0539 1228 MBR (0x1B8) (8913823ff508ccf109db74b636c301da) \Device\Harddisk0\DR0
2011/06/06 14:38:59.0586 1228 ================================================================================
2011/06/06 14:38:59.0586 1228 Scan finished
2011/06/06 14:38:59.0586 1228 ================================================================================
2011/06/06 14:38:59.0617 1348 Detected object count: 3
2011/06/06 14:38:59.0617 1348 Actual detected object count: 3
2011/06/06 14:39:12.0503 1348 cdrom (08b855f5f18e1096b095d789cad07f6e) C:\Windows\system32\DRIVERS\cdrom.sys
2011/06/06 14:39:13.0548 1348 Backup copy not found, trying to cure infected file..
2011/06/06 14:39:13.0548 1348 C:\Windows\system32\DRIVERS\cdrom.sys - Cure failed (FFFFFFFF)
2011/06/06 14:39:13.0548 1348 C:\Windows\system32\DRIVERS\cdrom.sys - processing error
2011/06/06 14:39:13.0548 1348 Rootkit.Win32.ZAccess.c(cdrom) - User select action: Cure
2011/06/06 14:39:13.0688 1348 iScsiPrt (724ff2f5fb3f0ef69142b7e99d67545c) C:\Windows\system32\DRIVERS\msiscsi.sys
2011/06/06 14:39:13.0860 1348 Backup copy not found, trying to cure infected file..
2011/06/06 14:39:13.0860 1348 C:\Windows\system32\DRIVERS\msiscsi.sys - Cure failed (FFFFFFFF)
2011/06/06 14:39:13.0860 1348 C:\Windows\system32\DRIVERS\msiscsi.sys - processing error
2011/06/06 14:39:13.0860 1348 Rootkit.Win32.ZAccess.c(iScsiPrt) - User select action: Cure
2011/06/06 14:39:13.0891 1348 Smb (43475501e39ea75334d7c0d499992fa1) C:\Windows\system32\DRIVERS\smb.sys
2011/06/06 14:39:13.0891 1348 Suspicious file (Forged): C:\Windows\system32\DRIVERS\smb.sys. Real md5: 43475501e39ea75334d7c0d499992fa1, Fake md5: 031e6bcd53c9b2b9ace111eafec347b6
2011/06/06 14:39:14.0063 1348 Backup copy found, using it..
2011/06/06 14:39:14.0078 1348 C:\Windows\system32\DRIVERS\smb.sys - will be cured after reboot
2011/06/06 14:39:14.0078 1348 Rootkit.Win32.ZAccess.c(Smb) - User select action: Cure

Rootkit Unhooker report
RkU Version: 3.8.389.593, Type LE (SR2)
==============================================
OS Name: Windows Vista
Version 6.0.6001 (Service Pack 1)
Number of processors #1
==============================================
>Drivers
==============================================
0x8BE05000 C:\Windows\system32\DRIVERS\igdkmd32.sys 7065600 bytes (Intel Corporation, Intel Graphics Kernel Mode Driver)
0x82205000 C:\Windows\system32\ntkrnlpa.exe 3903488 bytes (Microsoft Corporation, NT Kernel & System)
0x82205000 PnpManager 3903488 bytes
0x82205000 RAW 3903488 bytes
0x82205000 WMIxWDM 3903488 bytes
0x95A00000 Win32k 2109440 bytes
0x95A00000 C:\Windows\System32\win32k.sys 2109440 bytes (Microsoft Corporation, Multi-User Win32 Driver)
0x88002000 C:\Windows\System32\Drivers\Ntfs.sys 1110016 bytes (Microsoft Corporation, NT File System Driver)
0x87C7D000 C:\Windows\system32\drivers\ndis.sys 1093632 bytes (Microsoft Corporation, NDIS 6.0 wrapper driver)
0x87E05000 C:\Windows\System32\drivers\tcpip.sys 954368 bytes (Microsoft Corporation, TCP/IP Driver)
0x804CE000 C:\Windows\system32\CI.dll 917504 bytes (Microsoft Corporation, Code Integrity Module)
0xAB605000 C:\Windows\system32\drivers\peauth.sys 909312 bytes (Microsoft Corporation, Protected Environment Authentication and Authorization Export Driver)
0xAA4C9000 C:\Windows\system32\drivers\spsys.sys 716800 bytes (Microsoft Corporation, security processor)
0x8C4C2000 C:\Windows\System32\drivers\dxgkrnl.sys 651264 bytes (Microsoft Corporation, DirectX Graphics Kernel)
0x8060E000 C:\Windows\system32\drivers\Wdf01000.sys 507904 bytes (Microsoft Corporation, WDF Dynamic)
0x87C0C000 C:\Windows\System32\Drivers\ksecdd.sys 462848 bytes (Microsoft Corporation, Kernel Security Support Provider Interface)
0x8D904000 C:\Windows\system32\drivers\HTTP.sys 446464 bytes (Microsoft Corporation, HTTP Protocol Stack)
0x80414000 C:\Windows\system32\mcupdate_GenuineIntel.dll 393216 bytes (Microsoft Corporation, Intel Microcode Update Library)
0xAA47A000 C:\Windows\System32\DRIVERS\srv.sys 323584 bytes (Microsoft Corporation, Server driver)
0x80733000 C:\Windows\System32\drivers\volmgrx.sys 303104 bytes (Microsoft Corporation, Volume Manager Extension Driver)
0x8CB34000 C:\Windows\system32\drivers\afd.sys 294912 bytes (Microsoft Corporation, Ancillary Function Driver for WinSock)
0x8CA77000 C:\Windows\system32\DRIVERS\avgtdix.sys 290816 bytes (AVG Technologies CZ, s.r.o., AVG Network connection watcher)
0x80697000 C:\Windows\system32\drivers\acpi.sys 286720 bytes (Microsoft Corporation, ACPI Driver for NT)
0x8048D000 C:\Windows\system32\CLFS.SYS 266240 bytes (Microsoft Corporation, Common Log File System Driver)
0x8C588000 C:\Windows\system32\DRIVERS\USBPORT.SYS 253952 bytes (Microsoft Corporation, USB 1.1 & 2.0 Port Driver)
0x8D824000 C:\Windows\system32\DRIVERS\avgldx86.sys 245760 bytes (AVG Technologies CZ, s.r.o., AVG AVI Loader Driver)
0x8CBB3000 C:\Windows\system32\DRIVERS\rdbss.sys 245760 bytes (Microsoft Corporation, Redirected Drive Buffering SubSystem Driver)
0x87DB3000 C:\Windows\system32\drivers\NETIO.SYS 237568 bytes (Microsoft Corporation, Network I/O Subsystem)
0xAA401000 C:\Windows\system32\DRIVERS\mrxsmb10.sys 233472 bytes (Microsoft Corporation, Longhorn SMB Downlevel SubRdr)
0x88111000 C:\Windows\system32\drivers\volsnap.sys 233472 bytes (Microsoft Corporation, Volume Shadow Copy Driver)
0x805BE000 C:\Windows\system32\DRIVERS\usbhub.sys 212992 bytes (Microsoft Corporation, Default Hub Driver for USB)
0x825BE000 ACPI_HAL 208896 bytes
0x825BE000 C:\Windows\system32\hal.dll 208896 bytes (Microsoft Corporation, Hardware Abstraction Layer DLL)
0x807C8000 C:\Windows\system32\drivers\fltmgr.sys 204800 bytes (Microsoft Corporation, Microsoft Filesystem Filter Manager)
0x8CABE000 C:\Windows\System32\DRIVERS\netbt.sys 204800 bytes (Microsoft Corporation, MBT Transport driver)
0x87D88000 C:\Windows\system32\drivers\msrpc.sys 176128 bytes (Microsoft Corporation, Kernel Remote Procedure Call Provider)
0x87FAE000 C:\Windows\system32\DRIVERS\ks.sys 172032 bytes (Microsoft Corporation, Kernel CSA Library)
0xAA452000 C:\Windows\System32\DRIVERS\srv2.sys 163840 bytes (Microsoft Corporation, Smb 2.0 Server driver)
0x88161000 C:\Windows\System32\drivers\ecache.sys 159744 bytes (Microsoft Corporation, Special Memory Device Cache)
0x806EE000 C:\Windows\system32\drivers\pci.sys 159744 bytes (Microsoft Corporation, NT Plug and Play PCI Enumerator)
0x87F43000 C:\Windows\system32\DRIVERS\ndiswan.sys 143360 bytes (Microsoft Corporation, MS PPP Framing Driver (Strong Encryption))
0x88199000 C:\Windows\system32\drivers\CLASSPNP.SYS 135168 bytes (Microsoft Corporation, SCSI Class System Dll)
0x8CA03000 C:\Windows\System32\drivers\VIDEOPRT.SYS 135168 bytes (Microsoft Corporation, Video Port Driver)
0xAB706000 C:\Windows\system32\DRIVERS\AVGIDSDriver.Sys 131072 bytes (AVG Technologies CZ, s.r.o. , IDS Application Activity Monitor Driver.)
0x8D9BC000 C:\Windows\system32\drivers\mrxdav.sys 131072 bytes (Microsoft Corporation, Windows NT WebDav Minirdr)
0x8D9DC000 C:\Windows\system32\DRIVERS\mrxsmb.sys 126976 bytes (Microsoft Corporation, Windows NT SMB Minirdr)
0x807AA000 C:\Windows\system32\drivers\ataport.SYS 122880 bytes (Microsoft Corporation, ATAPI Driver Extension)
0x8D971000 C:\Windows\System32\DRIVERS\srvnet.sys 118784 bytes (Microsoft Corporation, Server Network driver)
0x87EEE000 C:\Windows\System32\drivers\fwpkclnt.sys 110592 bytes (Microsoft Corporation, FWP/IPsec Kernel-Mode API)
0x8D899000 C:\Windows\system32\drivers\luafv.sys 110592 bytes (Microsoft Corporation, LUA File Virtualization Filter Driver)
0x8D98E000 C:\Windows\system32\DRIVERS\bowser.sys 102400 bytes (Microsoft Corporation, NT Lan Manager Datagram Receiver Driver)
0xAA43A000 C:\Windows\system32\DRIVERS\mrxsmb20.sys 98304 bytes (Microsoft Corporation, Longhorn SMB 2.0 Redirector)
0x8D80D000 C:\Windows\System32\Drivers\dfsc.sys 94208 bytes (Microsoft Corporation, DFS Namespace Client Driver)
0x87F21000 C:\Windows\system32\DRIVERS\rasl2tp.sys 94208 bytes (Microsoft Corporation, RAS L2TP mini-port/call-manager driver)
0x8CB7C000 C:\Windows\system32\DRIVERS\pacer.sys 90112 bytes (Microsoft Corporation, QoS Packet Scheduler)
0x8CA56000 C:\Windows\system32\DRIVERS\tdx.sys 90112 bytes (Microsoft Corporation, TDI Translation Driver)
0xAB739000 C:\Windows\system32\drivers\72927408.sys 86016 bytes
0x8D9A7000 C:\Windows\System32\drivers\mpsdrv.sys 86016 bytes (Microsoft Corporation, Microsoft Protection Service Driver)
0x87F89000 C:\Windows\system32\DRIVERS\rassstp.sys 86016 bytes (Microsoft Corporation, RAS SSTP Miniport Call Manager)
0x87F75000 C:\Windows\system32\DRIVERS\raspptp.sys 81920 bytes (Microsoft Corporation, Peer-to-Peer Tunneling Protocol)
0x8CB20000 C:\Windows\system32\DRIVERS\smb.sys 81920 bytes (Microsoft Corporation, SMB Transport driver)
0x8C5D5000 C:\Windows\system32\DRIVERS\i8042prt.sys 77824 bytes (Microsoft Corporation, i8042 Port Driver)
0x8D8F1000 C:\Windows\system32\DRIVERS\rspndr.sys 77824 bytes (Microsoft Corporation, Link-Layer Topology Responder Driver for NDIS 6)
0x8CBA0000 C:\Windows\system32\DRIVERS\wanarp.sys 77824 bytes (Microsoft Corporation, MS Remote Access and Routing ARP Driver)
0x88188000 C:\Windows\system32\drivers\disk.sys 69632 bytes (Microsoft Corporation, PnP Disk Driver)
0x88188000 C:\Windows\system32\drivers\disk.sys 69632 bytes (Microsoft Corporation, PnP Disk Driver)
0x87FEF000 C:\Windows\System32\Drivers\NDProxy.SYS 69632 bytes (Microsoft Corporation, NDIS Proxy)
0x80474000 C:\Windows\system32\PSHED.dll 69632 bytes (Microsoft Corporation, Platform Specific Hardware Error Driver)
0x805AE000 C:\Windows\system32\drivers\fileinfo.sys 65536 bytes (Microsoft Corporation, FileInfo Filter Driver)
0x8D8E1000 C:\Windows\system32\DRIVERS\lltdio.sys 65536 bytes (Microsoft Corporation, Link-Layer Topology Mapper I/O Driver)
0x80792000 C:\Windows\System32\drivers\mountmgr.sys 65536 bytes (Microsoft Corporation, Mount Point Manager)
0x87F9E000 C:\Windows\system32\DRIVERS\termdd.sys 65536 bytes (Microsoft Corporation, Terminal Server Driver)
0x87F12000 C:\Windows\system32\DRIVERS\intelppm.sys 61440 bytes (Microsoft Corporation, Processor Device Driver)
0x8D88A000 C:\Windows\system32\DRIVERS\monitor.sys 61440 bytes (Microsoft Corporation, Monitor Driver)
0x88152000 C:\Windows\System32\Drivers\mup.sys 61440 bytes (Microsoft Corporation, Multiple UNC Provider driver)
0x80715000 C:\Windows\System32\drivers\partmgr.sys 61440 bytes (Microsoft Corporation, Partition Management Driver)
0x87F66000 C:\Windows\system32\DRIVERS\raspppoe.sys 61440 bytes (Microsoft Corporation, RAS PPPoE mini-port/call-manager driver)
0x8C56E000 C:\Windows\system32\DRIVERS\Rtlh86.sys 61440 bytes (Realtek Corporation, Realtek 8101/8168/8169 NDIS6 32-bit Driver)
0x8C5C6000 C:\Windows\system32\DRIVERS\usbehci.sys 61440 bytes (Microsoft Corporation, EHCI eUSB Miniport Driver)
0x80724000 C:\Windows\system32\drivers\volmgr.sys 61440 bytes (Microsoft Corporation, Volume Manager Driver)
0x95C40000 C:\Windows\System32\cdd.dll 57344 bytes (Microsoft Corporation, Canonical Display Driver)
0x8CB92000 C:\Windows\system32\DRIVERS\netbios.sys 57344 bytes (Microsoft Corporation, NetBIOS interface driver)
0x8CA3F000 C:\Windows\System32\Drivers\Npfs.SYS 57344 bytes (Microsoft Corporation, NPFS Driver)
0x80784000 C:\Windows\system32\drivers\PCIIDEX.SYS 57344 bytes (Microsoft Corporation, PCI IDE Bus Driver Extension)
0x8D860000 C:\Windows\System32\Drivers\crashdmp.sys 53248 bytes (Microsoft Corporation, Crash Dump Driver)
0x87FE2000 C:\Windows\system32\DRIVERS\umbus.sys 53248 bytes (Microsoft Corporation, User-Mode Bus Enumerator)
0x8C561000 C:\Windows\System32\drivers\watchdog.sys 53248 bytes (Microsoft Corporation, Watchdog Driver)
0x8068A000 C:\Windows\system32\drivers\WDFLDR.SYS 53248 bytes (Microsoft Corporation, WDFLDR)
0x87DED000 C:\Windows\system32\DRIVERS\avgmfx86.sys 49152 bytes (AVG Technologies CZ, s.r.o., AVG Resident Shield Minifilter Driver)
0xAB6ED000 C:\Windows\System32\drivers\tcpipreg.sys 49152 bytes (Microsoft Corporation, TCP/IP Registry Compatibility Driver)
0x805F2000 C:\Windows\System32\drivers\vga.sys 49152 bytes (Microsoft Corporation, VGA/Super VGA Video Driver)
!!!!!!!!!!!Hidden driver: 0x8CAFE000 2151257232 45056 bytes
0x8D86D000 C:\Windows\System32\Drivers\dump_dumpata.sys 45056 bytes
0x8C5E8000 C:\Windows\system32\DRIVERS\kbdclass.sys 45056 bytes (Microsoft Corporation, Keyboard Class Driver)
0x8C5F3000 C:\Windows\system32\DRIVERS\mouclass.sys 45056 bytes (Microsoft Corporation, Mouse Class Driver)
0x8CA34000 C:\Windows\System32\Drivers\Msfs.SYS 45056 bytes (Microsoft Corporation, Mailslot driver)
0x87F38000 C:\Windows\system32\DRIVERS\ndistapi.sys 45056 bytes (Microsoft Corporation, NDIS 3.0 connection wrapper driver)
0x8CA6C000 C:\Windows\system32\DRIVERS\TDI.SYS 45056 bytes (Microsoft Corporation, TDI Wrapper)
0x881EE000 C:\Windows\system32\DRIVERS\tunnel.sys 45056 bytes (Microsoft Corporation, Microsoft Tunnel Interface Driver)
0x8C57D000 C:\Windows\system32\DRIVERS\usbuhci.sys 45056 bytes (Microsoft Corporation, UHCI USB Miniport Driver)
0x8D880000 C:\Windows\System32\drivers\Dxapi.sys 40960 bytes (Microsoft Corporation, DirectX API Driver)
0x87FD8000 C:\Windows\system32\DRIVERS\mssmbios.sys 40960 bytes (Microsoft Corporation, System Management BIOS Driver)
0x8CBEF000 C:\Windows\system32\drivers\nsiproxy.sys 40960 bytes (Microsoft Corporation, NSI Proxy)
0x80600000 C:\Windows\System32\Drivers\PxHelp20.sys 40960 bytes (Sonic Solutions, Px Engine Device Driver for Windows 2000/XP)
0xAB6E3000 C:\Windows\System32\Drivers\secdrv.SYS 40960 bytes (Macrovision Corporation, Macrovision Europe Limited, and Macrovision Japan and Asia K.K., Macrovision SECURITY Driver)
0xAB760000 C:\Windows\System32\Drivers\BlackBox.SYS 36864 bytes (RKU Driver)
0x881BA000 C:\Windows\system32\drivers\crcdisk.sys 36864 bytes (Microsoft Corporation, Disk Block Verification Filter Driver)
0x87C00000 C:\Windows\System32\Drivers\Fs_Rec.SYS 36864 bytes (Microsoft Corporation, File System Recognizer Driver)
0x8CA4D000 C:\Windows\System32\DRIVERS\rasacd.sys 36864 bytes (Microsoft Corporation, RAS Automatic Connection Driver)
0x95C20000 C:\Windows\System32\TSDDD.dll 36864 bytes (Microsoft Corporation, Framebuffer Display Driver)
0x87F09000 C:\Windows\system32\DRIVERS\tunmp.sys 36864 bytes (Microsoft Corporation, Microsoft Tunnel Interface Driver)
0x806DD000 C:\Windows\system32\drivers\WMILIB.SYS 36864 bytes (Microsoft Corporation, WMILIB WMI support library Dll)
0x807A2000 C:\Windows\system32\drivers\atapi.sys 32768 bytes (Microsoft Corporation, ATAPI IDE Miniport Driver)
0x80485000 C:\Windows\system32\BOOTVID.dll 32768 bytes (Microsoft Corporation, VGA Boot Driver)
0x8D878000 C:\Windows\System32\Drivers\dump_atapi.sys 32768 bytes
0x8040C000 C:\Windows\system32\kdcom.dll 32768 bytes (Microsoft Corporation, Kernel Debugger HW Extension DLL)
0x806E6000 C:\Windows\system32\drivers\msisadrv.sys 32768 bytes (Microsoft Corporation, ISA Driver)
0x8CA24000 C:\Windows\System32\DRIVERS\RDPCDD.sys 32768 bytes (Microsoft Corporation, RDP Miniport)
0x8CA2C000 C:\Windows\system32\drivers\rdpencdd.sys 32768 bytes (Microsoft Corporation, RDP Miniport)
0x8814A000 C:\Windows\System32\Drivers\spldr.sys 32768 bytes (Microsoft Corporation, loader for security processor)
0xAB6F9000 C:\Windows\system32\DRIVERS\xaudio.sys 32768 bytes (Conexant Systems, Inc., Modem Audio Device Driver)
0x881C3000 C:\Windows\system32\DRIVERS\avgrkx86.sys 28672 bytes (AVG Technologies CZ, s.r.o., AVG Anti-Rootkit Driver)
0x87DF9000 C:\Windows\System32\Drivers\Beep.SYS 28672 bytes (Microsoft Corporation, BEEP Driver)
0x8077D000 C:\Windows\system32\drivers\intelide.sys 28672 bytes (Microsoft Corporation, Intel PCI IDE Driver)
0x881F9000 C:\Windows\System32\Drivers\Null.SYS 28672 bytes (Microsoft Corporation, NULL Driver)
0xAA578000 C:\Windows\system32\DRIVERS\AVGIDSShim.Sys 24576 bytes (AVG Technologies CZ, s.r.o. , IDS Application Activity Monitor Loader Driver.)
0xAB701000 C:\Windows\system32\DRIVERS\AVGIDSFilter.Sys 20480 bytes (AVG Technologies CZ, s.r.o. , IDS Application Activity Monitor Filter Driver.)
0x881CA000 C:\Windows\system32\DRIVERS\AVGIDSEH.Sys 16384 bytes (AVG Technologies CZ, s.r.o. , IDS Application Activity Monitor Helper Driver.)
0xAA580000 C:\Windows\system32\DRIVERS\mdmxsdk.sys 16384 bytes (Conexant, Diagnostic Interface x86 Driver)
0xAA57E000 C:\Windows\System32\Drivers\MCSTRM.SYS 8192 bytes (RealNetworks, Inc., RealNetworks Virtual Path Manager®)
0x8C5FE000 C:\Windows\system32\DRIVERS\swenum.sys 8192 bytes (Microsoft Corporation, Plug and Play Software Device Enumerator)
0x8CAF68B0 unknown_irp_handler 1872 bytes
==============================================
>Stealth
==============================================
0x8CB03580 Unknown thread object [ ETHREAD 0x85D57B68 ] TID: 296, 600 bytes
0x8CAF7710 Unknown thread object [ ETHREAD 0x85D7DD78 ] TID: 300, 600 bytes

OTL
OTL logfile created on: 6/6/2011 2:50:36 PM - Run 1
OTL by OldTimer - Version 3.2.23.0 Folder = C:\Users\owner\Desktop
Windows Vista Home Basic Edition Service Pack 1 (Version = 6.0.6001) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.19048)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

1.99 Gb Total Physical Memory | 1.26 Gb Available Physical Memory | 63.04% Memory free
4.23 Gb Paging File | 3.25 Gb Available in Paging File | 76.70% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 179.24 Gb Total Space | 15.57 Gb Free Space | 8.68% Space Free | Partition Type: NTFS
Drive D: | 7.07 Gb Total Space | 0.87 Gb Free Space | 12.28% Space Free | Partition Type: NTFS

Computer Name: OWNER-PC | User Name: owner | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2011/06/06 14:48:50 | 000,580,096 | ---- | M] (OldTimer Tools) -- C:\Users\owner\Desktop\OTL.exe
PRC - [2011/05/22 08:54:58 | 000,273,544 | ---- | M] (RealNetworks, Inc.) -- C:\Program Files\Real\realplayer\Update\realsched.exe
PRC - [2011/04/29 13:35:59 | 000,924,632 | ---- | M] (Mozilla Corporation) -- C:\Program Files\Mozilla Firefox\firefox.exe
PRC - [2011/04/18 17:40:08 | 002,334,560 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG10\avgtray.exe
PRC - [2011/03/21 17:10:00 | 001,230,704 | ---- | M] () -- C:\Program Files\DivX\DivX Update\DivXUpdate.exe
PRC - [2011/02/10 07:55:18 | 001,148,256 | ---- | M] () -- C:\Program Files\AVG\AVG10\Identity Protection\Agent\Bin\AVGIDSMonitor.exe
PRC - [2009/01/26 15:31:16 | 002,144,088 | RHS- | M] (Safer Networking Limited) -- C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
PRC - [2008/10/29 02:29:41 | 002,927,104 | ---- | M] (Microsoft Corporation) -- C:\Windows\explorer.exe
PRC - [2006/11/20 07:34:52 | 000,155,648 | ---- | M] (OsdMaestro) -- C:\Program Files\Hewlett-Packard\On-Screen OSD Indicator\OSD.exe
PRC - [2006/10/10 12:44:20 | 000,034,520 | ---- | M] (Hewlett Packard) -- C:\Program Files\Compaq Connections\3572475\Program\Compaq Connections.exe
PRC - [2006/09/28 09:42:24 | 000,065,536 | ---- | M] (Hewlett-Packard Company) -- C:\hp\support\hpsysdrv.exe

========== Modules (SafeList) ==========

MOD - [2011/06/06 14:48:50 | 000,580,096 | ---- | M] (OldTimer Tools) -- C:\Users\owner\Desktop\OTL.exe
MOD - [2010/08/31 11:39:57 | 001,684,480 | ---- | M] (Microsoft Corporation) -- C:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.6001.18523_none_5cdd65e20837faf2\comctl32.dll

========== Win32 Services (SafeList) ==========

SRV - File not found [Auto | Stopped] -- -- (XAudioService)
SRV - File not found [Auto | Stopped] -- -- (SBSDWSCService)
SRV - File not found [Auto | Stopped] -- -- (LightScribeService)
SRV - File not found [On_Demand | Stopped] -- -- (iPod Service)
SRV - File not found [Auto | Stopped] -- -- (CLTNetCnService)
SRV - File not found [Auto | Stopped] -- -- (Bonjour Service)
SRV - File not found [Auto | Stopped] -- -- (aawservice)
SRV - [2011/05/30 11:33:54 | 001,025,352 | ---- | M] () [On_Demand | Stopped] -- C:\Program Files\AVG\AVG10\Toolbar\ToolbarBroker.exe -- (AVG Security Toolbar Service)
SRV - [2011/05/13 14:29:44 | 000,403,240 | ---- | M] (Valve Corporation) [On_Demand | Stopped] -- C:\Program Files\Common Files\Steam\SteamService.exe -- (Steam Client Service)
SRV - [2011/04/18 17:39:42 | 007,398,752 | ---- | M] (AVG Technologies CZ, s.r.o.) [Auto | Stopped] -- C:\Program Files\AVG\AVG10\Identity Protection\Agent\Bin\AVGIDSAgent.exe -- (AVGIDSAgent)
SRV - [2011/02/08 05:33:42 | 000,269,520 | ---- | M] (AVG Technologies CZ, s.r.o.) [Auto | Stopped] -- C:\Program Files\AVG\AVG10\avgwdsvc.exe -- (avgwd)
SRV - [2011/01/03 15:21:00 | 000,129,440 | ---- | M] (Futuremark Corporation) [On_Demand | Stopped] -- C:\Program Files\Common Files\Futuremark Shared\Futuremark SystemInfo\FMSISvc.exe -- (Futuremark SystemInfo Service)
SRV - [2008/01/19 03:38:24 | 000,272,952 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)

========== Driver Services (SafeList) ==========

DRV - [2011/06/06 14:39:14 | 000,066,560 | ---- | M] () [Kernel | System | Running] -- C:\Windows\System32\drivers\tsk77B5.tmp -- (Smb) Message-oriented TCP/IP and TCP/IPv6 Protocol (SMB session)
DRV - [2011/06/05 09:35:51 | 000,134,144 | ---- | M] () [Kernel | System | Stopped] -- C:\Windows\System32\drivers\cdrom.sys -- (cdrom)
DRV - [2011/06/05 09:31:47 | 000,362,608 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\msiscsi.sys -- (iScsiPrt)
DRV - [2011/04/14 21:28:18 | 000,134,480 | ---- | M] (AVG Technologies CZ, s.r.o. ) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\AVGIDSDriver.sys -- (AVGIDSDriver)
DRV - [2011/04/05 00:59:56 | 000,297,168 | ---- | M] (AVG Technologies CZ, s.r.o.) [Kernel | System | Running] -- C:\Windows\System32\drivers\avgtdix.sys -- (Avgtdix)
DRV - [2011/03/16 16:03:20 | 000,032,592 | ---- | M] (AVG Technologies CZ, s.r.o.) [File_System | Boot | Running] -- C:\Windows\system32\DRIVERS\avgrkx86.sys -- (Avgrkx86)
DRV - [2011/03/01 14:25:18 | 000,034,896 | ---- | M] (AVG Technologies CZ, s.r.o.) [File_System | System | Running] -- C:\Windows\System32\drivers\avgmfx86.sys -- (Avgmfx86)
DRV - [2011/02/22 08:12:38 | 000,022,992 | ---- | M] (AVG Technologies CZ, s.r.o. ) [Kernel | Boot | Running] -- C:\Windows\system32\DRIVERS\AVGIDSEH.Sys -- (AVGIDSEH)
DRV - [2011/02/10 07:53:30 | 000,028,624 | ---- | M] (AVG Technologies CZ, s.r.o. ) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\AVGIDSShim.sys -- (AVGIDSShim)
DRV - [2011/02/10 07:53:28 | 000,024,144 | ---- | M] (AVG Technologies CZ, s.r.o. ) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\AVGIDSFilter.sys -- (AVGIDSFilter)
DRV - [2011/01/07 06:41:46 | 000,248,656 | ---- | M] (AVG Technologies CZ, s.r.o.) [Kernel | System | Running] -- C:\Windows\System32\drivers\avgldx86.sys -- (Avgldx86)
DRV - [2008/08/06 00:46:56 | 000,717,296 | ---- | M] (Duplex Secure Ltd.) [Kernel | Disabled | Stopped] -- C:\Windows\System32\Drivers\sptd.sys -- (sptd)
DRV - [2008/05/08 05:03:18 | 000,980,992 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\HSX_DP.sys -- (HSF_DP)
DRV - [2007/10/18 07:36:54 | 000,008,704 | ---- | M] (Conexant Systems, Inc.) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\XAudio.sys -- (XAudio)
DRV - [2007/07/29 23:12:06 | 000,008,413 | ---- | M] (RealNetworks, Inc.) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\mcstrm.sys -- (MCSTRM)
DRV - [2006/11/02 03:30:56 | 000,044,544 | ---- | M] (Realtek Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\Rtlh86.sys -- (RTL8169)
DRV - [2004/04/26 23:31:04 | 000,474,304 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\lvcd.sys -- (QCDonner) Logitech QuickCam Express(PID_0840)

========== Standard Registry (SafeList) ==========

========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.yahoo.com/
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/

IE - HKU\.DEFAULT\..\URLSearchHook: {A3BC75A2-1F87-4686-AA43-5347D756017C} - C:\Program Files\AVG\AVG10\Toolbar\IEToolbar.dll ()
IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-18\..\URLSearchHook: {A3BC75A2-1F87-4686-AA43-5347D756017C} - C:\Program Files\AVG\AVG10\Toolbar\IEToolbar.dll ()
IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-21-3194001091-2031638830-979600221-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/
IE - HKU\S-1-5-21-3194001091-2031638830-979600221-1000\SOFTWARE\Microsoft\Internet Explorer\Main,StartPageCache = 1
IE - HKU\S-1-5-21-3194001091-2031638830-979600221-1000\..\URLSearchHook: {A3BC75A2-1F87-4686-AA43-5347D756017C} - C:\Program Files\AVG\AVG10\Toolbar\IEToolbar.dll ()
IE - HKU\S-1-5-21-3194001091-2031638830-979600221-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

========== FireFox ==========

FF - prefs.js..browser.search.defaultenginename: "AVG Secure Search"
FF - prefs.js..browser.search.selectedEngine: "AVG Secure Search"
FF - prefs.js..browser.startup.homepage: "http://www.yahoo.com/"
FF - prefs.js..extensions.enabledItems: {4DC70064-89E2-4a55-8FC6-E8CDEAE3612C}:0.6.7
FF - prefs.js..extensions.enabledItems: {a7c6cf7f-112c-4500-a7ea-39801a327e5f}:1.0.10
FF - prefs.js..extensions.enabledItems: firebug@software.joehewitt.com:1.6.2
FF - prefs.js..extensions.enabledItems: {ABDE892B-13A8-4d1b-88E6-365A6E755758}:14.0.1
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}:6.0.20
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}:6.0.21
FF - prefs.js..extensions.enabledItems: avg@igeared:6.103.018.001
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}:6.0.22
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA}:6.0.23
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA}:6.0.24
FF - prefs.js..extensions.enabledItems: {1E73965B-8B48-48be-9C8D-68B920ABC1C4}:10.0.0.1209
FF - prefs.js..keyword.URL: "http://search.avg.com/route/?d=4debb26e&v=7.005.030.004&i=23&tp=ab&iy=&ychte=us&lng=en-US&q="

FF - HKLM\software\mozilla\Firefox\Extensions\\{ABDE892B-13A8-4d1b-88E6-365A6E755758}: C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\Firefox\Ext [2011/05/22 08:55:54 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Firefox\Extensions\\{1E73965B-8B48-48be-9C8D-68B920ABC1C4}: C:\Program Files\AVG\AVG10\Firefox4\ [2011/06/05 12:44:08 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Firefox\Extensions\\avg@igeared: C:\Program Files\AVG\AVG10\Toolbar\Firefox\avg@igeared [2011/06/05 12:44:29 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 4.0.1\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2011/05/22 08:55:34 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 4.0.1\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2011/05/22 08:56:51 | 000,000,000 | ---D | M]

[2008/08/30 18:23:20 | 000,000,000 | ---D | M] (No name found) -- C:\Users\owner\AppData\Roaming\Mozilla\Extensions
[2011/06/03 08:56:19 | 000,000,000 | ---D | M] (No name found) -- C:\Users\owner\AppData\Roaming\Mozilla\Firefox\Profiles\j7aa5u9e.default\extensions
[2010/05/07 09:14:36 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Users\owner\AppData\Roaming\Mozilla\Firefox\Profiles\j7aa5u9e.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}
[2010/02/11 20:38:22 | 000,000,000 | ---D | M] (Ad blocker) -- C:\Users\owner\AppData\Roaming\Mozilla\Firefox\Profiles\j7aa5u9e.default\extensions\{4DC70064-89E2-4a55-8FC6-E8CDEAE3612C}
[2009/02/23 18:03:06 | 000,000,000 | ---D | M] (Move Media Player) -- C:\Users\owner\AppData\Roaming\Mozilla\Firefox\Profiles\j7aa5u9e.default\extensions\moveplayer@movenetworks.com
[2011/04/16 12:23:21 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions
[2010/04/26 10:41:49 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}
[2010/08/26 10:20:39 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}
[2010/10/28 09:06:09 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}
[2011/01/27 09:48:09 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA}
[2011/02/26 11:18:44 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA}
File not found (No name found) --
[2011/06/05 12:44:08 | 000,000,000 | ---D | M] (AVG Safe Search) -- C:\PROGRAM FILES\AVG\AVG10\FIREFOX4
[2011/06/05 12:44:29 | 000,000,000 | ---D | M] ("urn:mozilla:install-manifest" em:id="avg@igeared" em:name="AVG Security Toolbar" em:version="7.005.030.004" em:displayname="AVG Security Toolbar" em:iconURL="chrome://tavgp/skin/logo.ico" em:creator="AVG Technologies" em:description="AVG Security Toolbar" em:homepageURL="http://www.avg.com" >) -- C:\PROGRAM FILES\AVG\AVG10\TOOLBAR\FIREFOX\AVG@IGEARED
[2011/05/22 08:55:54 | 000,000,000 | ---D | M] (RealPlayer Browser Record Plugin) -- C:\PROGRAMDATA\REAL\REALPLAYER\BROWSERRECORDPLUGIN\FIREFOX\EXT
() (No name found) -- C:\USERS\OWNER\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\J7AA5U9E.DEFAULT\EXTENSIONS\{A7C6CF7F-112C-4500-A7EA-39801A327E5F}.XPI
() (No name found) -- C:\USERS\OWNER\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\J7AA5U9E.DEFAULT\EXTENSIONS\FIREBUG@SOFTWARE.JOEHEWITT.COM.XPI
[2011/04/29 13:35:59 | 000,142,296 | ---- | M] (Mozilla Foundation) -- C:\Program Files\Mozilla Firefox\components\browsercomps.dll
[2011/02/02 22:40:24 | 000,472,808 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\Mozilla Firefox\plugins\npdeployJava1.dll
[2010/01/01 04:00:00 | 000,002,252 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\bing.xml

O1 HOSTS File: ([2011/05/30 20:43:22 | 000,000,698 | R--- | M]) - C:\Windows\System32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O2 - BHO: (Yahoo! Toolbar Helper) - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll (Yahoo! Inc.)
O2 - BHO: (Adobe PDF Reader Link Helper) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated)
O2 - BHO: (RealPlayer Download and Record Plugin for Internet Explorer) - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\IE\rpbrowserrecordplugin.dll (RealPlayer)
O2 - BHO: (AVG Safe Search) - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG10\avgssie.dll (AVG Technologies CZ, s.r.o.)
O2 - BHO: (Spybot-S&D IE Protection) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
O2 - BHO: (AVG Security Toolbar BHO) - {A3BC75A2-1F87-4686-AA43-5347D756017C} - C:\Program Files\AVG\AVG10\Toolbar\IEToolbar.dll ()
O2 - BHO: (Google Toolbar Helper) - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\Program Files\Google\GoogleToolbar1.dll (Google Inc.)
O3 - HKLM\..\Toolbar: (&Google) - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\Program Files\Google\GoogleToolbar1.dll (Google Inc.)
O3 - HKLM\..\Toolbar: (AVG Security Toolbar) - {CCC7A320-B3CA-4199-B1A6-9F516DD69829} - C:\Program Files\AVG\AVG10\Toolbar\IEToolbar.dll ()
O3 - HKLM\..\Toolbar: (Yahoo! Toolbar) - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll (Yahoo! Inc.)
O3 - HKU\S-1-5-21-3194001091-2031638830-979600221-1000\..\Toolbar\WebBrowser: (&Google) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - c:\Program Files\Google\GoogleToolbar1.dll (Google Inc.)
O3 - HKU\S-1-5-21-3194001091-2031638830-979600221-1000\..\Toolbar\WebBrowser: (AVG Security Toolbar) - {CCC7A320-B3CA-4199-B1A6-9F516DD69829} - C:\Program Files\AVG\AVG10\Toolbar\IEToolbar.dll ()
O4 - HKLM..\Run: [] File not found
O4 - HKLM..\Run: [AVG_TRAY] C:\Program Files\AVG\AVG10\avgtray.exe (AVG Technologies CZ, s.r.o.)
O4 - HKLM..\Run: [DivXUpdate] C:\Program Files\DivX\DivX Update\DivXUpdate.exe ()
O4 - HKLM..\Run: [DXM6Patch_981116] C:\Windows\p_981116.exe (Microsoft Corporation)
O4 - HKLM..\Run: [hpsysdrv] c:\hp\support\hpsysdrv.exe (Hewlett-Packard Company)
O4 - HKLM..\Run: [Malwarebytes Anti-Malware (reboot)] C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe (Malwarebytes Corporation)
O4 - HKLM..\Run: [Malwarebytes' Anti-Malware (reboot)] C:\Users\owner\Desktop\Mailwarebytes' Anti-Malware\mcam.exe (Malwarebytes Corporation)
O4 - HKLM..\Run: [OsdMaestro] C:\Program Files\Hewlett-Packard\On-Screen OSD Indicator\OSD.exe (OsdMaestro)
O4 - HKLM..\Run: [RtHDVCpl] File not found
O4 - HKLM..\Run: [TkBellExe] c:\program files\real\realplayer\Update\realsched.exe (RealNetworks, Inc.)
O4 - HKLM..\Run: [Windows Defender] C:\Program Files\Windows Defender\MSASCui.exe (Microsoft Corporation)
O4 - HKU\S-1-5-19..\Run: [WindowsWelcomeCenter] C:\Windows\System32\oobefldr.dll (Microsoft Corporation)
O4 - HKU\S-1-5-20..\Run: [WindowsWelcomeCenter] C:\Windows\System32\oobefldr.dll (Microsoft Corporation)
O4 - HKU\S-1-5-21-3194001091-2031638830-979600221-1000..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe (Safer Networking Limited)
O4 - HKU\S-1-5-21-3194001091-2031638830-979600221-1000..\Run: [updateMgr] C:\Program Files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe (Adobe Systems Incorporated)
O4 - HKLM..\RunOnce: [AvgUninstallURL] C:\Windows\System32\cmd.exe (Microsoft Corporation)
O4 - HKLM..\RunOnce: [Launcher] C:\Windows\SMINST\Launcher.exe (soft thinks)
O9 - Extra 'Tools' menuitem : Spybot - Search && Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000007 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O10 - Protocol_Catalog9\Catalog_Entries\000000000001 - File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000002 - File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000003 - File not found
O13 - gopher Prefix: missing
O15 - HKU\.DEFAULT\..Trusted Ranges: Range1 ([http] in Local intranet)
O15 - HKU\S-1-5-18\..Trusted Ranges: Range1 ([http] in Local intranet)
O15 - HKU\S-1-5-21-3194001091-2031638830-979600221-1000\..Trusted Ranges: Range1 ([http] in Local intranet)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cab (Java Plug-in 1.6.0_24)
O16 - DPF: {CAFEEFAC-0016-0000-0003-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_03-windows-i586.cab (Java Plug-in 1.6.0_03)
O16 - DPF: {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_07-windows-i586.cab (Java Plug-in 1.6.0_07)
O16 - DPF: {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cab (Java Plug-in 1.6.0_24)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cab (Java Plug-in 1.6.0_24)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1
O18 - Protocol\Handler\avgsecuritytoolbar {F2DDE6B2-9684-4A55-86D4-E255E237B77C} - C:\Program Files\AVG\AVG10\Toolbar\IEToolbar.dll ()
O18 - Protocol\Handler\linkscanner {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG10\avgpp.dll (AVG Technologies CZ, s.r.o.)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O24 - Desktop WallPaper: C:\Users\owner\AppData\Roaming\Microsoft\Windows Photo Gallery\Windows Photo Gallery Wallpaper.jpg
O24 - Desktop BackupWallPaper: C:\Users\owner\AppData\Roaming\Microsoft\Windows Photo Gallery\Windows Photo Gallery Wallpaper.jpg
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2006/09/18 17:43:36 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O33 - MountPoints2\{17b5615f-0926-11e0-8ec0-001921d5c8be}\Shell - "" = AutoRun
O33 - MountPoints2\{17b5615f-0926-11e0-8ec0-001921d5c8be}\Shell\AutoRun\command - "" = G:\LaunchU3.exe -a
O33 - MountPoints2\{1c59ba3b-fdb7-11dc-b11a-001921d5c8be}\Shell - "" = AutoRun
O33 - MountPoints2\{1c59ba3b-fdb7-11dc-b11a-001921d5c8be}\Shell\AutoRun\command - "" = H:\LaunchU3.exe -a
O33 - MountPoints2\{62c6df80-0351-11de-88c1-001921d5c8be}\Shell - "" = AutoRun
O33 - MountPoints2\{62c6df80-0351-11de-88c1-001921d5c8be}\Shell\AutoRun\command - "" = G:\LaunchU3.exe -a
O33 - MountPoints2\{92e3f40d-22d7-11df-9ed6-001921d5c8be}\Shell - "" = AutoRun
O33 - MountPoints2\{92e3f40d-22d7-11df-9ed6-001921d5c8be}\Shell\AutoRun\command - "" = F:\LaunchU3.exe -a
O33 - MountPoints2\{a6ba34da-13c7-11dc-a2af-001921d5c8be}\Shell - "" = AutoRun
O33 - MountPoints2\{a6ba34da-13c7-11dc-a2af-001921d5c8be}\Shell\AutoRun\command - "" = H:\LaunchU3.exe -a
O33 - MountPoints2\G\Shell\AutoRun\command - "" = G:\setup.exe
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O34 - HKLM BootExecute: (lsdelete) - C:\Windows\System32\lsdelete.exe ()
O34 - HKLM BootExecute: (C:\PROGRA~1\AVG\AVG10\avgchsvx.exe /sync) - C:\Program Files\AVG\AVG10\avgchsvx.exe (AVG Technologies CZ, s.r.o.)
O34 - HKLM BootExecute: (C:\PROGRA~1\AVG\AVG10\avgrsx.exe /sync /restart) - C:\Program Files\AVG\AVG10\avgrsx.exe (AVG Technologies CZ, s.r.o.)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

========== Files/Folders - Created Within 30 Days ==========

[2011/06/06 14:48:50 | 000,580,096 | ---- | C] (OldTimer Tools) -- C:\Users\owner\Desktop\OTL.exe
[2011/06/06 14:39:14 | 000,093,744 | ---- | C] (Kaspersky Lab, GERT) -- C:\Windows\System32\drivers\83394721.sys
[2011/06/05 13:11:58 | 000,000,000 | ---D | C] -- C:\Users\owner\AppData\Local\AVG Security Toolbar
[2011/06/05 13:11:00 | 000,000,000 | -H-D | C] -- C:\$AVG
[2011/06/05 12:44:29 | 000,000,000 | ---D | C] -- C:\ProgramData\AVG Security Toolbar
[2011/06/05 12:44:10 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AVG 2011
[2011/06/05 12:43:02 | 000,000,000 | ---D | C] -- C:\Windows\System32\drivers\AVG
[2011/06/05 08:47:59 | 000,404,640 | ---- | C] (Adobe Systems Incorporated) -- C:\Windows\System32\FlashPlayerCPLApp.cpl
[2011/05/30 21:02:41 | 000,000,000 | -H-D | C] -- C:\Program Files\Temp
[2011/05/30 12:44:45 | 000,000,000 | ---D | C] -- C:\Program Files\Trend Micro
[2011/05/30 12:44:45 | 000,000,000 | ---D | C] -- C:\Users\owner\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\HiJackThis
[2011/05/30 10:02:20 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Spybot - Search & Destroy
[2011/05/30 10:02:16 | 000,000,000 | ---D | C] -- C:\ProgramData\Spybot - Search & Destroy
[2011/05/30 10:02:16 | 000,000,000 | ---D | C] -- C:\Program Files\Spybot - Search & Destroy
[2011/05/30 09:09:44 | 000,040,112 | ---- | C] (AVAST Software) -- C:\Windows\avastSS.scr
[2011/05/30 09:09:32 | 000,000,000 | ---D | C] -- C:\ProgramData\AVAST Software
[2011/05/28 20:46:18 | 000,000,000 | ---D | C] -- C:\Users\owner\Desktop\Mailwarebytes' Anti-Malware
[2011/05/25 07:10:16 | 001,431,344 | ---- | C] (Kaspersky Lab ZAO) -- C:\Users\owner\Desktop\TDSSKiller.exe
[2011/05/22 08:56:06 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\xing shared
[2011/05/11 15:07:25 | 000,000,000 | ---D | C] -- C:\Users\owner\Desktop\Games
[2007/12/26 15:52:14 | 000,047,360 | ---- | C] (VSO Software) -- C:\Users\owner\AppData\Roaming\pcouffin.sys
[1 C:\Windows\System32\drivers\*.tmp files -> C:\Windows\System32\drivers\*.tmp -> ]
[1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2011/06/06 14:55:14 | 000,000,418 | -H-- | M] () -- C:\Windows\tasks\User_Feed_Synchronization-{A4815508-1AB6-4DE1-8DD5-626283A9294C}.job
[2011/06/06 14:48:50 | 000,580,096 | ---- | M] (OldTimer Tools) -- C:\Users\owner\Desktop\OTL.exe
[2011/06/06 14:43:08 | 000,139,264 | ---- | M] () -- C:\Users\owner\Desktop\RKUnhookerLE.EXE
[2011/06/06 14:39:14 | 000,093,744 | ---- | M] (Kaspersky Lab, GERT) -- C:\Windows\System32\drivers\83394721.sys
[2011/06/06 14:27:50 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2011/06/06 11:16:06 | 000,137,289 | ---- | M] () -- C:\Users\owner\Documents\Journal 2011.rtf
[2011/06/06 11:14:59 | 000,000,908 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-3194001091-2031638830-979600221-1000UA.job
[2011/06/06 10:35:34 | 000,003,552 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
[2011/06/06 10:35:34 | 000,003,552 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
[2011/06/06 09:15:00 | 000,000,856 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-3194001091-2031638830-979600221-1000Core.job
[2011/06/06 08:35:21 | 2138,431,488 | -HS- | M] () -- C:\hiberfil.sys
[2011/06/06 00:16:25 | 000,002,048 | ---- | M] () -- C:\Users\owner\Desktop\Google Chrome.lnk
[2011/06/06 00:16:25 | 000,002,010 | ---- | M] () -- C:\Users\owner\Application Data\Microsoft\Internet Explorer\Quick Launch\Google Chrome.lnk
[2011/06/05 18:54:33 | 190,180,574 | ---- | M] () -- C:\Windows\MEMORY.DMP
[2011/06/05 12:52:03 | 117,270,103 | ---- | M] () -- C:\Windows\System32\drivers\AVG\incavi.avm
[2011/06/05 12:44:16 | 000,000,836 | ---- | M] () -- C:\Users\Public\Desktop\AVG 2011.lnk
[2011/06/05 10:48:55 | 001,431,344 | ---- | M] (Kaspersky Lab ZAO) -- C:\Users\owner\Desktop\TDSSKiller.exe
[2011/06/05 10:47:00 | 000,243,200 | ---- | M] () -- C:\Users\owner\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2011/06/05 09:43:24 | 000,024,210 | ---- | M] () -- C:\Users\owner\Documents\cc_20110605_094321.reg
[2011/06/05 09:35:51 | 000,134,144 | ---- | M] () -- C:\Windows\System32\drivers\cdrom.sys
[2011/06/05 09:31:47 | 000,362,608 | ---- | M] () -- C:\Windows\System32\drivers\msiscsi.sys
[2011/06/05 08:47:59 | 000,404,640 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\System32\FlashPlayerCPLApp.cpl
[2011/06/04 20:25:36 | 000,605,012 | ---- | M] () -- C:\Windows\System32\perfh009.dat
[2011/06/04 20:25:36 | 000,108,738 | ---- | M] () -- C:\Windows\System32\perfc009.dat
[2011/05/31 13:38:02 | 000,302,592 | ---- | M] () -- C:\Users\owner\Desktop\gmer.exe
[2011/05/31 13:36:05 | 000,000,733 | ---- | M] () -- C:\Users\owner\Desktop\gmer - Shortcut.lnk
[2011/05/31 13:10:15 | 000,000,020 | ---- | M] () -- C:\Users\owner\defogger_reenable
[2011/05/31 10:51:22 | 000,319,456 | ---- | M] (Microsoft Corporation) -- C:\Windows\DIFxAPI.dll
[2011/05/31 09:59:41 | 000,007,278 | ---- | M] () -- C:\Users\owner\Documents\cc_20110531_095938.reg
[2011/05/31 00:10:44 | 000,000,000 | ---- | M] () -- C:\Users\owner\AppData\Local\prvlcl.dat
[2011/05/30 17:59:56 | 000,000,286 | ---- | M] () -- C:\Windows\tasks\RealUpgradeScheduledTaskS-1-5-21-3194001091-2031638830-979600221-1000.job
[2011/05/30 17:23:43 | 000,000,036 | ---- | M] () -- C:\Users\owner\AppData\Local\housecall.guid.cache
[2011/05/30 14:05:05 | 000,002,523 | ---- | M] () -- C:\Users\owner\Desktop\HiJackThis.lnk
[2011/05/30 11:59:58 | 000,001,370 | ---- | M] () -- C:\Users\owner\Documents\cc_20110530_115953.reg
[2011/05/30 11:20:19 | 000,002,577 | ---- | M] () -- C:\Windows\System32\config.nt
[2011/05/30 11:18:45 | 000,001,356 | ---- | M] () -- C:\Users\owner\AppData\Local\d3d9caps.dat
[2011/05/30 10:02:21 | 000,001,061 | ---- | M] () -- C:\Users\owner\Desktop\Spybot - Search & Destroy.lnk
[2011/05/30 09:26:52 | 000,005,352 | ---- | M] () -- C:\Users\owner\Documents\cc_20110530_092648.reg
[2011/05/28 22:22:04 | 000,054,016 | ---- | M] () -- C:\Windows\System32\drivers\mlkfk.sys
[2011/05/28 20:41:12 | 000,011,170 | -HS- | M] () -- C:\Users\owner\AppData\Local\245337r41f060nm5sc34053da45p08wb8sf13d412u
[2011/05/28 20:41:12 | 000,011,170 | -HS- | M] () -- C:\ProgramData\245337r41f060nm5sc34053da45p08wb8sf13d412u
[2011/05/24 19:14:10 | 000,222,080 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\MpSigStub.exe
[2011/05/24 13:18:39 | 000,006,232 | ---- | M] () -- C:\Users\owner\Documents\cc_20110524_131835.reg
[2011/05/22 08:56:35 | 000,000,847 | ---- | M] () -- C:\Users\Public\Desktop\RealPlayer.lnk
[2011/05/22 08:55:33 | 000,198,848 | ---- | M] (RealNetworks, Inc.) -- C:\Windows\System32\rmoc3260.dll
[2011/05/22 08:55:08 | 000,006,656 | ---- | M] (RealNetworks, Inc.) -- C:\Windows\System32\pndx5016.dll
[2011/05/22 08:55:08 | 000,005,632 | ---- | M] (RealNetworks, Inc.) -- C:\Windows\System32\pndx5032.dll
[2011/05/22 08:55:04 | 000,272,896 | ---- | M] (Progressive Networks) -- C:\Windows\System32\pncrt.dll
[2011/05/11 15:14:03 | 000,870,128 | ---- | M] () -- C:\Windows\System32\mcs.rma
[2011/05/11 15:14:03 | 000,000,004 | ---- | M] () -- C:\Windows\System32\5F9E69
[2011/05/10 08:10:59 | 000,040,112 | ---- | M] (AVAST Software) -- C:\Windows\avastSS.scr
[1 C:\Windows\System32\drivers\*.tmp files -> C:\Windows\System32\drivers\*.tmp -> ]
[1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]

========== Files Created - No Company Name ==========

[2099/01/01 12:00:00 | 000,006,456 | -H-- | C] () -- C:\ProgramData\jutezawo
[2011/06/06 14:43:06 | 000,139,264 | ---- | C] () -- C:\Users\owner\Desktop\RKUnhookerLE.EXE
[2011/06/05 12:52:03 | 117,270,103 | ---- | C] () -- C:\Windows\System32\drivers\AVG\incavi.avm
[2011/06/05 12:44:16 | 000,000,836 | ---- | C] () -- C:\Users\Public\Desktop\AVG 2011.lnk
[2011/06/05 09:43:23 | 000,024,210 | ---- | C] () -- C:\Users\owner\Documents\cc_20110605_094321.reg
[2011/06/05 09:40:35 | 2138,431,488 | -HS- | C] () -- C:\hiberfil.sys
[2011/05/31 13:36:05 | 000,000,733 | ---- | C] () -- C:\Users\owner\Desktop\gmer - Shortcut.lnk
[2011/05/31 13:10:04 | 000,000,020 | ---- | C] () -- C:\Users\owner\defogger_reenable
[2011/05/31 09:59:40 | 000,007,278 | ---- | C] () -- C:\Users\owner\Documents\cc_20110531_095938.reg
[2011/05/30 17:56:35 | 000,000,286 | ---- | C] () -- C:\Windows\tasks\RealUpgradeScheduledTaskS-1-5-21-3194001091-2031638830-979600221-1000.job
[2011/05/30 17:23:43 | 000,000,036 | ---- | C] () -- C:\Users\owner\AppData\Local\housecall.guid.cache
[2011/05/30 12:44:45 | 000,002,523 | ---- | C] () -- C:\Users\owner\Desktop\HiJackThis.lnk
[2011/05/30 11:59:55 | 000,001,370 | ---- | C] () -- C:\Users\owner\Documents\cc_20110530_115953.reg
[2011/05/30 10:02:21 | 000,001,061 | ---- | C] () -- C:\Users\owner\Desktop\Spybot - Search & Destroy.lnk
[2011/05/30 09:26:50 | 000,005,352 | ---- | C] () -- C:\Users\owner\Documents\cc_20110530_092648.reg
[2011/05/29 22:09:14 | 190,180,574 | ---- | C] () -- C:\Windows\MEMORY.DMP
[2011/05/29 12:32:00 | 000,302,592 | ---- | C] () -- C:\Users\owner\Desktop\gmer.exe
[2011/05/28 22:22:04 | 000,054,016 | ---- | C] () -- C:\Windows\System32\drivers\mlkfk.sys
[2011/05/28 20:03:14 | 000,011,170 | -HS- | C] () -- C:\Users\owner\AppData\Local\245337r41f060nm5sc34053da45p08wb8sf13d412u
[2011/05/28 20:03:14 | 000,011,170 | -HS- | C] () -- C:\ProgramData\245337r41f060nm5sc34053da45p08wb8sf13d412u
[2011/05/24 13:18:36 | 000,006,232 | ---- | C] () -- C:\Users\owner\Documents\cc_20110524_131835.reg
[2011/05/22 08:56:35 | 000,000,847 | ---- | C] () -- C:\Users\Public\Desktop\RealPlayer.lnk
[2011/01/15 01:51:03 | 000,106,605 | ---- | C] () -- C:\Windows\System32\StructuredQuerySchema.bin
[2011/01/15 01:51:03 | 000,018,904 | ---- | C] () -- C:\Windows\System32\StructuredQuerySchemaTrivial.bin
[2010/03/11 10:01:30 | 000,000,118 | ---- | C] () -- C:\Windows\System32\MRT.INI
[2009/07/24 09:03:01 | 000,000,000 | ---- | C] () -- C:\Users\owner\AppData\Local\prvlcl.dat
[2009/05/25 13:23:39 | 000,020,992 | ---- | C] () -- C:\Windows\jestertb.dll
[2008/10/24 20:27:28 | 000,001,356 | ---- | C] () -- C:\Users\owner\AppData\Local\d3d9caps.dat
[2008/10/19 20:01:34 | 000,056,832 | ---- | C] () -- C:\Windows\System32\iyvu9_32.dll
[2008/09/29 21:02:03 | 000,362,608 | ---- | C] () -- C:\Windows\System32\drivers\msiscsi.sys
[2008/09/29 20:59:34 | 000,134,144 | ---- | C] () -- C:\Windows\System32\drivers\cdrom.sys
[2008/06/18 21:51:06 | 000,147,456 | ---- | C] () -- C:\Windows\System32\igfxCoIn_v1504.dll
[2007/12/26 15:53:12 | 000,000,014 | ---- | C] () -- C:\Windows\System32\systeminfo3.dll
[2007/12/26 15:52:14 | 000,081,920 | ---- | C] () -- C:\Users\owner\AppData\Roaming\ezpinst.exe
[2007/12/26 15:52:14 | 000,007,176 | ---- | C] () -- C:\Users\owner\AppData\Roaming\pcouffin.cat
[2007/12/26 15:52:14 | 000,001,144 | ---- | C] () -- C:\Users\owner\AppData\Roaming\pcouffin.inf
[2007/08/30 00:37:36 | 000,010,240 | ---- | C] () -- C:\Windows\System32\vidx16.dll
[2007/08/30 00:34:25 | 000,000,536 | ---- | C] () -- C:\Windows\_delis32.ini
[2007/08/24 12:46:48 | 000,147,456 | ---- | C] () -- C:\Windows\System32\igfxCoIn_v1322.dll
[2007/07/07 12:43:06 | 000,106,991 | ---- | C] () -- C:\Windows\hpqins13.dat.temp
[2007/06/15 19:29:51 | 000,524,288 | ---- | C] () -- C:\Windows\System32\xvidcore.dll
[2007/06/15 19:29:51 | 000,139,264 | ---- | C] () -- C:\Windows\System32\xvidvfw.dll
[2007/05/30 16:38:50 | 000,000,000 | ---- | C] () -- C:\Windows\nsreg.dat
[2007/05/26 09:35:56 | 000,106,559 | ---- | C] () -- C:\Windows\hpqins13.dat
[2007/05/20 20:42:39 | 000,000,515 | ---- | C] () -- C:\Windows\SIERRA.INI
[2007/05/20 20:41:53 | 000,000,000 | ---- | C] () -- C:\Windows\System32\SIntfNT.dll
[2007/05/20 20:41:53 | 000,000,000 | ---- | C] () -- C:\Windows\System32\SIntf32.dll
[2007/05/20 20:41:53 | 000,000,000 | ---- | C] () -- C:\Windows\System32\SIntf16.dll
[2007/05/16 13:10:59 | 000,001,424 | ---- | C] () -- C:\Users\owner\AppData\Roaming\wklnhst.dat
[2007/05/15 11:06:55 | 000,077,824 | ---- | C] () -- C:\Windows\System32\hpzids01.dll
[2007/05/15 10:37:25 | 000,243,200 | ---- | C] () -- C:\Users\owner\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2007/04/13 15:19:52 | 000,007,680 | ---- | C] () -- C:\Windows\System32\lsdelete.exe
[2007/03/26 09:13:11 | 000,061,440 | ---- | C] () -- C:\Windows\System32\OsdRemove.exe
[2007/03/26 09:10:40 | 000,327,680 | ---- | C] () -- C:\Windows\System32\pythoncom24.dll
[2007/03/26 09:10:40 | 000,102,400 | ---- | C] () -- C:\Windows\System32\pywintypes24.dll
[2007/03/26 09:02:29 | 000,204,800 | ---- | C] () -- C:\Windows\System32\igfxCoIn_v1132.dll
[2007/03/06 11:49:42 | 000,204,800 | ---- | C] () -- C:\Windows\System32\igfxCoIn_v1227.dll
[2007/01/10 07:56:34 | 000,000,000 | ---- | C] () -- C:\Windows\System32\px.ini
[2006/11/02 08:53:49 | 000,067,584 | --S- | C] () -- C:\Windows\bootstat.dat
[2006/11/02 08:44:53 | 000,349,880 | ---- | C] () -- C:\Windows\System32\FNTCACHE.DAT
[2006/11/02 06:33:01 | 000,605,012 | ---- | C] () -- C:\Windows\System32\perfh009.dat
[2006/11/02 06:33:01 | 000,287,440 | ---- | C] () -- C:\Windows\System32\perfi009.dat
[2006/11/02 06:33:01 | 000,108,738 | ---- | C] () -- C:\Windows\System32\perfc009.dat
[2006/11/02 06:33:01 | 000,030,674 | ---- | C] () -- C:\Windows\System32\perfd009.dat
[2006/11/02 06:23:21 | 000,215,943 | ---- | C] () -- C:\Windows\System32\dssec.dat
[2006/11/02 04:58:30 | 000,043,131 | ---- | C] () -- C:\Windows\mib.bin
[2006/11/02 04:19:00 | 000,000,741 | ---- | C] () -- C:\Windows\System32\NOISE.DAT
[2006/11/02 03:40:29 | 000,013,750 | ---- | C] () -- C:\Windows\System32\pacerprf.ini
[2006/11/02 03:25:31 | 000,673,088 | ---- | C] () -- C:\Windows\System32\mlang.dat
[2006/08/11 02:00:40 | 000,520,192 | ---- | C] () -- C:\Windows\System32\CddbPlaylist2Roxio.dll
[2006/08/11 02:00:40 | 000,204,800 | ---- | C] () -- C:\Windows\System32\CddbFileTaggerRoxio.dll
[2004/03/26 09:56:40 | 000,017,191 | ---- | C] () -- C:\Windows\System32\lvcoinst.ini

========== Alternate Data Streams ==========

@Alternate Data Stream - 64 bytes -> C:\Users\owner\Documents\auto_cookies.mod:TOC.WMV

< End of report >

OTL Extras logfile created on: 6/6/2011 2:50:37 PM - Run 1
OTL by OldTimer - Version 3.2.23.0 Folder = C:\Users\owner\Desktop
Windows Vista Home Basic Edition Service Pack 1 (Version = 6.0.6001) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.19048)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

1.99 Gb Total Physical Memory | 1.26 Gb Available Physical Memory | 63.04% Memory free
4.23 Gb Paging File | 3.25 Gb Available in Paging File | 76.70% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 179.24 Gb Total Space | 15.57 Gb Free Space | 8.68% Space Free | Partition Type: NTFS
Drive D: | 7.07 Gb Total Space | 0.87 Gb Free Space | 12.28% Space Free | Partition Type: NTFS

Computer Name: OWNER-PC | User Name: owner | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Extra Registry (SafeList) ==========

========== File Associations ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\System32\control.exe (Microsoft Corporation)
.hlp [@ = hlpfile] -- C:\Windows\winhlp32.exe (Microsoft Corporation)

[HKEY_USERS\S-1-5-21-3194001091-2031638830-979600221-1000\SOFTWARE\Classes\<extension>]
.bat [@ = batfile] -- Reg Error: Key error. File not found
.html [@ = FirefoxHTML] -- C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation)

========== Shell Spawning ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
hlpfile [open] -- %SystemRoot%\winhlp32.exe %1 (Microsoft Corporation)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [FinePix] -- "C:\Program Files\FinePixViewer\FinePixViewer.exe" "%1" (FUJI PHOTO FILM CO.,LTD.)
Directory [FinePixPrint] -- "C:\Program Files\FinePixViewer\FinePixViewer.exe" /p "%1" (FUJI PHOTO FILM CO.,LTD.)
Folder [open] -- %SystemRoot%\Explorer.exe /separate,/idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /separate,/e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

========== Security Center Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
"DisableMonitoring" = 1

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]
"DisableMonitoring" = 1

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]
"DisableMonitoring" = 1

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
"VistaSp1" = Reg Error: Unknown registry data type -- File not found

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]

========== Firewall Settings ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1

========== Authorized Applications List ==========

========== Vista Active Open Ports Exception List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]

========== Vista Active Application Exception List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{05F88A5B-B9E8-435E-A75D-66B885E55503}" = protocol=17 | dir=in | app=c:\program files\utorrent\utorrent.exe |
"{07A6F87B-D62F-44E9-BD31-D55C9085652F}" = protocol=17 | dir=in | app=c:\program files\yahoo!\messenger\yahoomessenger.exe |
"{0BD9EF86-5CA7-464C-A7A6-EF5178253177}" = protocol=17 | dir=in | app=c:\program files\steam\steamapps\common\empire total war\empire.exe |
"{1DA82AE0-5CD4-4B53-B50D-01E35EC9E826}" = protocol=6 | dir=in | app=c:\program files\lucasarts\star wars jk ii jedi outcast\gamedata\jk2mp.exe |
"{34C071C5-DC0C-4715-B93A-56C89C319D78}" = dir=in | app=c:\program files\hp\dvdplay\dpservice.exe |
"{38F62F9B-274D-4794-BA12-27AEA089DE3E}" = protocol=17 | dir=in | app=c:\program files\microsoft office\office12\onenote.exe |
"{3A288DAD-A927-4E69-9AD2-B9C791ABC9C9}" = protocol=6 | dir=in | app=c:\program files\lucasarts\star wars republic commando\gamedata\system\swrepubliccommando.exe |
"{3FFF3B9B-CF7A-4723-BCCD-4BE921B8F83A}" = protocol=17 | dir=in | app=c:\program files\avg\avg10\avgnsx.exe |
"{40187AB2-C78E-4E7C-A2A2-A515C3808497}" = protocol=17 | dir=in | app=c:\program files\compaq connections\3572475\program\compaq connections.exe |
"{40C77028-2A3B-4C43-9812-5CAE1F0BA77F}" = protocol=6 | dir=in | app=c:\program files\earthlink totalaccess\taskpanl.exe |
"{44ED36C1-9243-4963-A14B-975F95CC1212}" = protocol=6 | dir=in | app=c:\program files\yahoo!\messenger\yserver.exe |
"{5446C54C-C18B-4115-8393-0088019EE788}" = protocol=6 | dir=in | app=c:\program files\utorrent\utorrent.exe |
"{58D0BFB6-F168-497A-9D9A-4A87AB5F8C8A}" = protocol=17 | dir=in | app=c:\program files\avg\avg10\avgemcx.exe |
"{6CEB8930-E2A3-48FF-B158-EA2B4BC1BC44}" = protocol=6 | dir=in | app=c:\program files\compaq connections\3572475\program\compaq connections.exe |
"{70D8BC78-D18C-47CB-B51F-D117C8EFA811}" = protocol=17 | dir=in | app=c:\program files\earthlink totalaccess\taskpanl.exe |
"{7A768BC0-32DB-4F5B-870F-C9B86D9871EC}" = protocol=6 | dir=in | app=c:\program files\earthlink totalaccess\taskpanl.exe |
"{80156346-8703-40DB-8010-1B04B2BDA8A4}" = protocol=17 | dir=in | app=c:\program files\lucasarts\star wars jk ii jedi outcast\gamedata\jk2mp.exe |
"{967E8397-6D6F-4A3A-9459-B2C4859D0A03}" = protocol=17 | dir=in | app=c:\program files\earthlink totalaccess\taskpanl.exe |
"{97535D18-DABD-40A0-83AF-6377C108A782}" = protocol=6 | dir=in | app=c:\program files\compaq connections\3572475\program\compaq connections.exe |
"{9D213195-5206-4B5A-B6AB-DE8EE7AFABEF}" = protocol=6 | dir=in | app=c:\program files\microsoft office\office12\onenote.exe |
"{A24F7576-480A-479A-B9B1-377E7DBEB640}" = protocol=6 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe |
"{A4E4E561-303E-4EA9-BF94-758D70F33231}" = protocol=6 | dir=in | app=c:\program files\earthlink totalaccess\taskpanl.exe |
"{A5340123-55F2-496A-910E-951984A99333}" = protocol=6 | dir=in | app=c:\program files\avg\avg10\avgnsx.exe |
"{AFEE7457-DF86-4106-BC71-441D3F50B1B0}" = protocol=6 | dir=in | app=c:\program files\avg\avg10\avgmfapx.exe |
"{B10871C7-DD47-4C59-8A4F-ECEE388A6E44}" = protocol=17 | dir=in | app=c:\program files\compaq connections\3572475\program\compaq connections.exe |
"{B34B2749-EFF6-4B6D-ABF7-7F5BE2812C5C}" = protocol=17 | dir=in | app=c:\program files\yahoo!\messenger\yserver.exe |
"{C2165DBC-F17D-4BA6-A7AA-FC5CDF32BD41}" = protocol=6 | dir=in | app=c:\program files\lucasarts\star wars battlefront\gamedata\battlefront.exe |
"{C57CD915-EC4D-4E09-9372-6B19D1CE72C0}" = protocol=6 | dir=in | app=c:\program files\avg\avg10\avgemcx.exe |
"{DD209C7C-CB2A-4C7D-AECE-44E4D47F8D87}" = protocol=17 | dir=in | app=c:\program files\earthlink totalaccess\taskpanl.exe |
"{DDF3A07D-AEAA-4489-904C-42E4469AB988}" = protocol=6 | dir=in | app=c:\program files\yahoo!\messenger\yahoomessenger.exe |
"{E848D19E-3B93-4676-9F29-C99C2574A324}" = protocol=17 | dir=in | app=c:\program files\lucasarts\star wars republic commando\gamedata\system\swrepubliccommando.exe |
"{EBCBB047-5472-4530-A837-827735D26FB8}" = protocol=6 | dir=in | app=c:\program files\steam\steamapps\common\empire total war\empire.exe |
"{ED4E5324-100C-4103-9295-DAB6BAC0C3CC}" = dir=in | app=c:\program files\itunes\itunes.exe |
"{F20FE8DF-EEF4-4826-BFF1-E20BD13ADA02}" = protocol=17 | dir=in | app=c:\program files\avg\avg10\avgmfapx.exe |
"{F2570D28-AF71-465D-A866-C3D5AD826246}" = protocol=17 | dir=in | app=c:\program files\compaq connections\3572475\program\compaq connections.exe |
"{F507E614-FF5F-471F-8ACF-F95AEA9FF263}" = dir=in | app=c:\program files\compaq connections\3572475\program\compaq connections |
"{F733A935-FB50-4492-A2B8-BD28EB3B7132}" = protocol=17 | dir=in | app=c:\program files\lucasarts\star wars battlefront\gamedata\battlefront.exe |
"{FA1199D9-859E-4BE1-9C4D-AC1D2CEC2C6C}" = dir=in | app=c:\program files\hp\dvdplay\dvdplay.exe |
"{FE86A49D-EB25-4B84-913D-7F117E2EE3F7}" = protocol=17 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe |
"{FF355254-8BBF-443C-8926-087F99603A82}" = protocol=6 | dir=in | app=c:\program files\compaq connections\3572475\program\compaq connections.exe |
"TCP Query User{002072CF-EEB4-449B-8D2F-6B0ABD20FCA4}C:\program files\avg\avg10\toolbar\toolbarbroker.exe" = protocol=6 | dir=in | app=c:\program files\avg\avg10\toolbar\toolbarbroker.exe |
"TCP Query User{03D2C92F-228D-4B6E-9483-1D95F0C001DF}C:\program files\veoh networks\veoh\veohclient.exe" = protocol=6 | dir=in | app=c:\program files\veoh networks\veoh\veohclient.exe |
"TCP Query User{0AB58355-035F-4A36-A0F5-8DD6B549EB6E}C:\users\owner\appdata\local\temp\rarsfx1\fact.exe" = protocol=6 | dir=in | app=c:\users\owner\appdata\local\temp\rarsfx1\fact.exe |
"TCP Query User{202AAFF2-FC7A-4C1D-8FA7-DE128E353373}C:\users\owner\desktop\tdsskiller.exe" = protocol=6 | dir=in | app=c:\users\owner\desktop\tdsskiller.exe |
"TCP Query User{2143F716-6C74-41C8-B2A3-CD06F5415F63}C:\program files\real\realupgrade\realupgrade.exe" = protocol=6 | dir=in | app=c:\program files\real\realupgrade\realupgrade.exe |
"TCP Query User{2B3AAFBF-AC31-4091-B68C-1DCE383BDBF2}C:\program files\hewlett-packard\hp advisor\hpadvisor.exe" = protocol=6 | dir=in | app=c:\program files\hewlett-packard\hp advisor\hpadvisor.exe |
"TCP Query User{2D6797BD-DCFE-4CC1-B87E-B80B156F8115}C:\program files\orbitdownloader\orbitnet.exe" = protocol=6 | dir=in | app=c:\program files\orbitdownloader\orbitnet.exe |
"TCP Query User{2D8D0F3A-D2D1-4E46-9E45-D84A761AA3EB}C:\program files\steam\steam.exe" = protocol=6 | dir=in | app=c:\program files\steam\steam.exe |
"TCP Query User{2EA992D5-91C4-4002-B8F3-061E462E4A92}C:\program files\common files\java\java update\jusched.exe" = protocol=6 | dir=in | app=c:\program files\common files\java\java update\jusched.exe |
"TCP Query User{31472591-7925-4E6D-BAB7-3D61FA2B3C62}C:\program files\mozilla firefox\plugin-container.exe" = protocol=6 | dir=in | app=c:\program files\mozilla firefox\plugin-container.exe |
"TCP Query User{3154ED76-AD94-4C9F-8D09-20762C4B8027}C:\users\owner\appdata\local\temp\7zsfab2.tmp\setup.exe" = protocol=6 | dir=in | app=c:\users\owner\appdata\local\temp\7zsfab2.tmp\setup.exe |
"TCP Query User{400F32D1-0DCE-40EB-9A66-6BCF88F72C2F}C:\program files\apple software update\softwareupdate.exe" = protocol=6 | dir=in | app=c:\program files\apple software update\softwareupdate.exe |
"TCP Query User{42EB9DEB-5032-4CC5-9C96-6102F1933A2C}C:\sierra\empire earth - the art of conquest\ee-aoc.exe" = protocol=6 | dir=in | app=c:\sierra\empire earth - the art of conquest\ee-aoc.exe |
"TCP Query User{466EDFD3-7514-4DCD-A86D-414679161343}C:\users\owner\appdata\local\google\update\googleupdate.exe" = protocol=6 | dir=in | app=c:\users\owner\appdata\local\google\update\googleupdate.exe |
"TCP Query User{5397C499-66CF-4A65-86A0-DFBD28030C7B}C:\program files\utorrent\utorrent.exe" = protocol=6 | dir=in | app=c:\program files\utorrent\utorrent.exe |
"TCP Query User{568A1FC3-BAA2-4B9E-A359-382099C6CA1D}C:\users\owner\appdata\local\temp\housecall\housecall.bin" = protocol=6 | dir=in | app=c:\users\owner\appdata\local\temp\housecall\housecall.bin |
"TCP Query User{5B17BA8C-57AE-4C8E-896E-201C20E60FB1}C:\windows\explorer.exe" = protocol=6 | dir=in | app=c:\windows\explorer.exe |
"TCP Query User{5CC31C4E-4878-46D6-AAD6-FDC33FC6F17E}C:\program files\java\jre6\bin\java.exe" = protocol=6 | dir=in | app=c:\program files\java\jre6\bin\java.exe |
"TCP Query User{5CCD8D93-8082-4779-A7A9-E886277703CB}C:\program files\divx\divx to go\divxtogolauncher.exe" = protocol=6 | dir=in | app=c:\program files\divx\divx to go\divxtogolauncher.exe |
"TCP Query User{6352A846-C067-408B-9DEA-B511C329F878}C:\windows\system32\werfault.exe" = protocol=6 | dir=in | app=c:\windows\system32\werfault.exe |
"TCP Query User{69F7BF6E-22D6-4D40-A7E2-52FA44326CB6}C:\program files\common files\java\java update\jaucheck.exe" = protocol=6 | dir=in | app=c:\program files\common files\java\java update\jaucheck.exe |
"TCP Query User{719A7240-0A90-4CEC-950A-893E3504CE95}C:\program files\internet explorer\iexplore.exe" = protocol=6 | dir=in | app=c:\program files\internet explorer\iexplore.exe |
"TCP Query User{818052D2-A032-45A1-9793-B5A6F35484CE}C:\program files\mozilla firefox\firefox.exe" = protocol=6 | dir=in | app=c:\program files\mozilla firefox\firefox.exe |
"TCP Query User{879ECE1A-48F0-4554-A4B3-B1E4A877EA8B}C:\program files\redlightcenter\redlightcenter\redlightcenter.exe" = protocol=6 | dir=in | app=c:\program files\redlightcenter\redlightcenter\redlightcenter.exe |
"TCP Query User{88A510BB-8B00-4C82-9255-AE0C63BE1A88}C:\program files\adobe\acrobat 7.0\reader\acrord32.exe" = protocol=6 | dir=in | app=c:\program files\adobe\acrobat 7.0\reader\acrord32.exe |
"TCP Query User{8E820EBB-0ADE-4370-B0C4-A9CE29349997}C:\program files\yahoo!\messenger\yserver.exe" = protocol=6 | dir=in | app=c:\program files\yahoo!\messenger\yserver.exe |
"TCP Query User{91288B65-6DA3-4A39-A9AB-1B3A5FD20630}C:\users\owner\appdata\local\vis.exe" = protocol=6 | dir=in | app=c:\users\owner\appdata\local\vis.exe |
"TCP Query User{93CAC32B-CC6E-4CBB-89DF-5198F0117D62}C:\program files\avast software\avast\avastui.exe" = protocol=6 | dir=in | app=c:\program files\avast software\avast\avastui.exe |
"TCP Query User{9689EC46-0933-47D9-97E2-51E064270DD7}C:\users\owner\appdata\local\temp\is-po694.tmp\spybotsd162.tmp" = protocol=6 | dir=in | app=c:\users\owner\appdata\local\temp\is-po694.tmp\spybotsd162.tmp |
"TCP Query User{9BFB400B-8FE5-42F6-9D43-CA384B55EF81}C:\program files\spybot - search & destroy\sdupdate.exe" = protocol=6 | dir=in | app=c:\program files\spybot - search & destroy\sdupdate.exe |
"TCP Query User{9C4B34A9-9567-485C-B6BC-B484A40EDA66}C:\users\owner\desktop\xthirteen.com.exe" = protocol=6 | dir=in | app=c:\users\owner\desktop\xthirteen.com.exe |
"TCP Query User{A41E2BA8-D1F9-465F-8FE7-1BD9D17773F4}C:\windows\system32\msfeedssync.exe" = protocol=6 | dir=in | app=c:\windows\system32\msfeedssync.exe |
"TCP Query User{A671AA7D-C18D-4F28-829D-E023E334F555}C:\users\owner\appdata\local\google\chrome\application\chrome.exe" = protocol=6 | dir=in | app=c:\users\owner\appdata\local\google\chrome\application\chrome.exe |
"TCP Query User{B1E1F28C-60C9-448D-ADF9-577C3437ABDE}C:\program files\yahoo!\messenger\yahoomessenger.exe" = protocol=6 | dir=in | app=c:\program files\yahoo!\messenger\yahoomessenger.exe |
"TCP Query User{B35D4311-092B-4FDB-9E67-69D75744CE1E}C:\program files\veoh networks\veoh\veohclient.exe" = protocol=6 | dir=in | app=c:\program files\veoh networks\veoh\veohclient.exe |
"TCP Query User{B7B4B83B-CF3D-475E-930A-FB8A645C5192}C:\users\owner\downloads\tdsskiller(1)\tdsskiller.exe" = protocol=6 | dir=in | app=c:\users\owner\downloads\tdsskiller(1)\tdsskiller.exe |
"TCP Query User{B877E949-D70A-48AE-9172-DC85EF3A6A1A}C:\program files\internet explorer\iexplore.exe" = protocol=6 | dir=in | app=c:\program files\internet explorer\iexplore.exe |
"TCP Query User{BB543874-AD7F-4863-B5C7-7945A91503E0}C:\program files\divx\divx plus player\divx plus player.exe" = protocol=6 | dir=in | app=c:\program files\divx\divx plus player\divx plus player.exe |
"TCP Query User{C7F7ADFD-D3F6-4B31-B268-CEBB26D03D0E}C:\windows\system32\wercon.exe" = protocol=6 | dir=in | app=c:\windows\system32\wercon.exe |
"TCP Query User{C8EA0FE6-D925-4F5C-9635-36E23AE40369}C:\windows\system32\macromed\flash\flashutil10n_plugin.exe" = protocol=6 | dir=in | app=c:\windows\system32\macromed\flash\flashutil10n_plugin.exe |
"TCP Query User{CBDD0221-FEFC-4C60-9ECB-287832B18B74}C:\program files\rhapsody\rhapsody.exe" = protocol=6 | dir=in | app=c:\program files\rhapsody\rhapsody.exe |
"TCP Query User{D4789283-A4FC-4A08-B079-44D347615C0D}C:\windows\microsoft.net\framework\v2.0.50727\dw20.exe" = protocol=6 | dir=in | app=c:\windows\microsoft.net\framework\v2.0.50727\dw20.exe |
"TCP Query User{D670D87A-F366-46A2-8357-35BE17106067}C:\windows\system32\wermgr.exe" = protocol=6 | dir=in | app=c:\windows\system32\wermgr.exe |
"TCP Query User{DEB46EA3-A4B5-4D4B-8BC4-90B510E8CA3B}C:\users\owner\desktop\mailwarebytes' anti-malware\mcam.exe" = protocol=6 | dir=in | app=c:\users\owner\desktop\mailwarebytes' anti-malware\mcam.exe |
"TCP Query User{DEEECE96-EFC8-471E-851A-7C280411C8C2}C:\program files\hewlett-packard\sdp\ceement\hpcee.exe" = protocol=6 | dir=in | app=c:\program files\hewlett-packard\sdp\ceement\hpcee.exe |
"TCP Query User{E2DB35AF-1458-4878-BFA6-AE47163456F3}C:\program files\hewlett-packard\hp advisor\versionmanagercheck.exe" = protocol=6 | dir=in | app=c:\program files\hewlett-packard\hp advisor\versionmanagercheck.exe |
"TCP Query User{EE27D218-9B31-47CA-8633-257054F6F7C6}C:\program files\mozilla firefox\firefox.exe" = protocol=6 | dir=in | app=c:\program files\mozilla firefox\firefox.exe |
"TCP Query User{EF0C6F36-F228-4439-AE04-0E5A2388AB82}C:\sierra\empire earth - the art of conquest\ee-aoc.exe" = protocol=6 | dir=in | app=c:\sierra\empire earth - the art of conquest\ee-aoc.exe |
"TCP Query User{EF513F55-2283-4C56-9C80-73C502E25DAA}C:\program files\divx\divx update\divxupdate.exe" = protocol=6 | dir=in | app=c:\program files\divx\divx update\divxupdate.exe |
"TCP Query User{FFF3277B-2CAE-40D8-8659-294C09B87004}C:\program files\avira\antivir desktop\avnotify.exe" = protocol=6 | dir=in | app=c:\program files\avira\antivir desktop\avnotify.exe |
"UDP Query User{0229F5E8-3384-4E54-95E5-B4553CC75BA6}C:\windows\system32\wercon.exe" = protocol=17 | dir=in | app=c:\windows\system32\wercon.exe |
"UDP Query User{057D2F41-0578-4D6A-8386-6EA370E28AC6}C:\users\owner\appdata\local\vis.exe" = protocol=17 | dir=in | app=c:\users\owner\appdata\local\vis.exe |
"UDP Query User{08BAF676-BA08-498A-BD1A-1F80054E9BC1}C:\program files\redlightcenter\redlightcenter\redlightcenter.exe" = protocol=17 | dir=in | app=c:\program files\redlightcenter\redlightcenter\redlightcenter.exe |
"UDP Query User{099C0C33-431B-4C4C-AA53-5DC46ADE7B83}C:\users\owner\desktop\tdsskiller.exe" = protocol=17 | dir=in | app=c:\users\owner\desktop\tdsskiller.exe |
"UDP Query User{0A6509DE-99D7-42A8-AA93-9ED735EDFBFC}C:\program files\orbitdownloader\orbitnet.exe" = protocol=17 | dir=in | app=c:\program files\orbitdownloader\orbitnet.exe |
"UDP Query User{163161B7-6AE6-4946-ADA7-ABAE432FB49C}C:\program files\apple software update\softwareupdate.exe" = protocol=17 | dir=in | app=c:\program files\apple software update\softwareupdate.exe |
"UDP Query User{17BDCF98-2AF4-453E-9472-AD791D884030}C:\program files\avast software\avast\avastui.exe" = protocol=17 | dir=in | app=c:\program files\avast software\avast\avastui.exe |
"UDP Query User{18751F51-46BD-4F1E-9CD9-87C4FDA62270}C:\program files\utorrent\utorrent.exe" = protocol=17 | dir=in | app=c:\program files\utorrent\utorrent.exe |
"UDP Query User{241FDC20-665F-47C8-8F63-28B9CDAFB2D4}C:\program files\mozilla firefox\firefox.exe" = protocol=17 | dir=in | app=c:\program files\mozilla firefox\firefox.exe |
"UDP Query User{293927ED-E77D-4FBD-B325-D2BB0AB8760D}C:\program files\common files\java\java update\jusched.exe" = protocol=17 | dir=in | app=c:\program files\common files\java\java update\jusched.exe |
"UDP Query User{2B335902-4452-4DE5-9DE4-4D76A65094F4}C:\program files\hewlett-packard\hp advisor\hpadvisor.exe" = protocol=17 | dir=in | app=c:\program files\hewlett-packard\hp advisor\hpadvisor.exe |
"UDP Query User{2D47556D-5A06-4BFB-8ED5-F92C8FBA8457}C:\program files\java\jre6\bin\java.exe" = protocol=17 | dir=in | app=c:\program files\java\jre6\bin\java.exe |
"UDP Query User{341357B3-3276-4BE9-8069-B986BE38407A}C:\windows\microsoft.net\framework\v2.0.50727\dw20.exe" = protocol=17 | dir=in | app=c:\windows\microsoft.net\framework\v2.0.50727\dw20.exe |
"UDP Query User{36B1AC2E-A4A1-45EA-A3D5-4A2692EE3C01}C:\users\owner\desktop\xthirteen.com.exe" = protocol=17 | dir=in | app=c:\users\owner\desktop\xthirteen.com.exe |
"UDP Query User{3D5AA5B6-B268-4127-84FC-08723AFD6D84}C:\sierra\empire earth - the art of conquest\ee-aoc.exe" = protocol=17 | dir=in | app=c:\sierra\empire earth - the art of conquest\ee-aoc.exe |
"UDP Query User{4325E0E5-277F-4805-BB3B-5E7E84A4179A}C:\users\owner\appdata\local\google\update\googleupdate.exe" = protocol=17 | dir=in | app=c:\users\owner\appdata\local\google\update\googleupdate.exe |
"UDP Query User{4C1AF7AF-3ADA-4628-833B-507B20533D15}C:\users\owner\desktop\mailwarebytes' anti-malware\mcam.exe" = protocol=17 | dir=in | app=c:\users\owner\desktop\mailwarebytes' anti-malware\mcam.exe |
"UDP Query User{4FAE1107-796A-4B9D-AF9E-BFBDBB5FC6C3}C:\users\owner\appdata\local\google\chrome\application\chrome.exe" = protocol=17 | dir=in | app=c:\users\owner\appdata\local\google\chrome\application\chrome.exe |
"UDP Query User{54AC19D1-753D-4190-BD25-6BCC124EE825}C:\program files\mozilla firefox\firefox.exe" = protocol=17 | dir=in | app=c:\program files\mozilla firefox\firefox.exe |
"UDP Query User{5F44E8C5-2CD1-4DF3-A7D0-E96A56F52B5A}C:\sierra\empire earth - the art of conquest\ee-aoc.exe" = protocol=17 | dir=in | app=c:\sierra\empire earth - the art of conquest\ee-aoc.exe |
"UDP Query User{5FEB8F12-4A49-4250-806F-77313CF438AA}C:\program files\hewlett-packard\hp advisor\versionmanagercheck.exe" = protocol=17 | dir=in | app=c:\program files\hewlett-packard\hp advisor\versionmanagercheck.exe |
"UDP Query User{61D178B7-C2F2-442F-9D00-DDE6DD3A850B}C:\users\owner\downloads\tdsskiller(1)\tdsskiller.exe" = protocol=17 | dir=in | app=c:\users\owner\downloads\tdsskiller(1)\tdsskiller.exe |
"UDP Query User{6408EEAD-E3AE-44A3-AFD4-73757B2C50A5}C:\program files\internet explorer\iexplore.exe" = protocol=17 | dir=in | app=c:\program files\internet explorer\iexplore.exe |
"UDP Query User{6A5F5A99-9721-45EF-BE60-485CDE003857}C:\program files\real\realupgrade\realupgrade.exe" = protocol=17 | dir=in | app=c:\program files\real\realupgrade\realupgrade.exe |
"UDP Query User{6D6A6A57-8825-4B4F-90ED-2C7D41B3603B}C:\program files\common files\java\java update\jaucheck.exe" = protocol=17 | dir=in | app=c:\program files\common files\java\java update\jaucheck.exe |
"UDP Query User{734201CD-85CD-4616-86B9-AEEAA459C9E5}C:\windows\system32\msfeedssync.exe" = protocol=17 | dir=in | app=c:\windows\system32\msfeedssync.exe |
"UDP Query User{74887BF8-7FB6-4798-BC90-89B1D0C9C274}C:\users\owner\appdata\local\temp\rarsfx1\fact.exe" = protocol=17 | dir=in | app=c:\users\owner\appdata\local\temp\rarsfx1\fact.exe |
"UDP Query User{76D9479C-82D0-440D-AEF4-977DEC9544B7}C:\program files\veoh networks\veoh\veohclient.exe" = protocol=17 | dir=in | app=c:\program files\veoh networks\veoh\veohclient.exe |
"UDP Query User{7D5FBF02-5C71-41AA-BD6B-0E229DAFF86D}C:\windows\system32\wermgr.exe" = protocol=17 | dir=in | app=c:\windows\system32\wermgr.exe |
"UDP Query User{89DCE003-4CFF-498B-AA93-5234DDAD8873}C:\program files\steam\steam.exe" = protocol=17 | dir=in | app=c:\program files\steam\steam.exe |
"UDP Query User{902C840F-0006-495E-AEF3-26ABF8E7C08F}C:\windows\explorer.exe" = protocol=17 | dir=in | app=c:\windows\explorer.exe |
"UDP Query User{97725227-A69A-4745-8C8F-E69889BBDEB7}C:\windows\system32\werfault.exe" = protocol=17 | dir=in | app=c:\windows\system32\werfault.exe |
"UDP Query User{A82019F1-0E70-4D5D-8005-6929F91425B3}C:\program files\mozilla firefox\plugin-container.exe" = protocol=17 | dir=in | app=c:\program files\mozilla firefox\plugin-container.exe |
"UDP Query User{A9DC5819-7F88-4A79-A1AB-0EA42FAC6AFE}C:\windows\system32\macromed\flash\flashutil10n_plugin.exe" = protocol=17 | dir=in | app=c:\windows\system32\macromed\flash\flashutil10n_plugin.exe |
"UDP Query User{B504B358-5CC8-4FD6-8DC1-99D31A98B511}C:\program files\divx\divx plus player\divx plus player.exe" = protocol=17 | dir=in | app=c:\program files\divx\divx plus player\divx plus player.exe |
"UDP Query User{C5FA7E9B-9F03-4C78-A3ED-1B233DFC009B}C:\program files\adobe\acrobat 7.0\reader\acrord32.exe" = protocol=17 | dir=in | app=c:\program files\adobe\acrobat 7.0\reader\acrord32.exe |
"UDP Query User{D03F384C-52AE-423E-B500-24C1E39818ED}C:\program files\yahoo!\messenger\yserver.exe" = protocol=17 | dir=in | app=c:\program files\yahoo!\messenger\yserver.exe |
"UDP Query User{D295AF8E-9038-43C6-8375-152167D29C90}C:\program files\divx\divx to go\divxtogolauncher.exe" = protocol=17 | dir=in | app=c:\program files\divx\divx to go\divxtogolauncher.exe |
"UDP Query User{D70C98B8-F842-4CD1-BC33-ED01E40A5A86}C:\program files\spybot - search & destroy\sdupdate.exe" = protocol=17 | dir=in | app=c:\program files\spybot - search & destroy\sdupdate.exe |
"UDP Query User{DC5DDF19-D666-4D0C-859A-6683679CD902}C:\users\owner\appdata\local\temp\housecall\housecall.bin" = protocol=17 | dir=in | app=c:\users\owner\appdata\local\temp\housecall\housecall.bin |
"UDP Query User{DCE8B8C5-16E9-4A3A-A15E-0412DE77FF2B}C:\users\owner\appdata\local\temp\7zsfab2.tmp\setup.exe" = protocol=17 | dir=in | app=c:\users\owner\appdata\local\temp\7zsfab2.tmp\setup.exe |
"UDP Query User{DD88D5DC-FF89-4A3A-8D80-67006F4A4B90}C:\program files\divx\divx update\divxupdate.exe" = protocol=17 | dir=in | app=c:\program files\divx\divx update\divxupdate.exe |
"UDP Query User{DFB483F1-16DE-48DB-B0BA-B0A6FD760250}C:\program files\avg\avg10\toolbar\toolbarbroker.exe" = protocol=17 | dir=in | app=c:\program files\avg\avg10\toolbar\toolbarbroker.exe |
"UDP Query User{E3A4BB58-3779-4EFC-A5E4-53ED5918E80F}C:\program files\yahoo!\messenger\yahoomessenger.exe" = protocol=17 | dir=in | app=c:\program files\yahoo!\messenger\yahoomessenger.exe |
"UDP Query User{E5C0C738-AABB-44CB-8309-5653D20D682B}C:\program files\veoh networks\veoh\veohclient.exe" = protocol=17 | dir=in | app=c:\program files\veoh networks\veoh\veohclient.exe |
"UDP Query User{E7B172EC-FAE2-4AB0-A94C-39B8DE3B4A38}C:\users\owner\appdata\local\temp\is-po694.tmp\spybotsd162.tmp" = protocol=17 | dir=in | app=c:\users\owner\appdata\local\temp\is-po694.tmp\spybotsd162.tmp |
"UDP Query User{EA072027-A5FE-48A4-9E0F-59D306B0C233}C:\program files\hewlett-packard\sdp\ceement\hpcee.exe" = protocol=17 | dir=in | app=c:\program files\hewlett-packard\sdp\ceement\hpcee.exe |
"UDP Query User{EE6B79A8-B4C1-4E9E-B514-65304A45556C}C:\program files\avira\antivir desktop\avnotify.exe" = protocol=17 | dir=in | app=c:\program files\avira\antivir desktop\avnotify.exe |
"UDP Query User{F15C4D29-94CF-482F-82D1-A6F9C3756F0B}C:\program files\internet explorer\iexplore.exe" = protocol=17 | dir=in | app=c:\program files\internet explorer\iexplore.exe |
"UDP Query User{FA4D4950-1A80-449D-8485-59F5E1B96C33}C:\program files\rhapsody\rhapsody.exe" = protocol=17 | dir=in | app=c:\program files\rhapsody\rhapsody.exe |

========== HKEY_LOCAL_MACHINE Uninstall List ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{0280F0D8-1542-4DAA-913C-8529E2A3835D}" = The Longest Journey
"{0394CDC8-FABD-4ed8-B104-03393876DFDF}" = Roxio Creator Tools
"{048298C9-A4D3-490B-9FF9-AB023A9238F3}" = Steam
"{0D397393-9B50-4c52-84D5-77E344289F87}" = Roxio Creator Data
"{0E6AB9FC-76C2-431B-9C06-6C1CFFFEA8EB}" = Ad-Aware 2007
"{11F93B4B-48F0-4A4E-AE77-DFA96A99664B}" = Roxio Creator EasyArchive
"{13F3917B56CD4C25848BDC69916971BB}" = DivX Converter
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{2157961D-0507-44A8-BCF2-1EE2D439E8DF}" = Civilization III Complete Edition
"{22DE1881-9D24-4981-B5CC-EC7E9F2F4D52}" = Rhapsody Player Engine
"{2318C2B1-4965-11d4-9B18-009027A5CD4F}" = Google Toolbar for Internet Explorer
"{236BB7C4-4419-42FD-0409-1E257A25E34D}" = Adobe Photoshop CS2
"{23DA4222-E517-42B3-8F97-9CFD49E2A732}" = AVG 2011
"{2447500B-22D7-47BD-9B13-1A927F43A267}" = Empire Earth
"{24ED4D80-8294-11D5-96CD-0040266301AD}" = FinePixViewer Ver.4.2
"{26A24AE4-039D-4CA4-87B4-2F83216011FF}" = Java™ 6 Update 24
"{28C2DED6-325B-4CC7-983A-1777C8F7FBAB}" = RealUpgrade 1.1
"{294BB21B-0091-492F-87D2-A9192DA3E448}" = System Requirements Lab for Intel
"{2DFF31F9-7893-4922-AF66-C9A1EB4EBB31}" = Rhapsody Player Engine
"{3248F0A8-6813-11D6-A77B-00B0D0160030}" = Java™ 6 Update 3
"{3248F0A8-6813-11D6-A77B-00B0D0160070}" = Java™ 6 Update 7
"{3C3901C5-3455-3E0A-A214-0B093A5070A6}" = Microsoft .NET Framework 4 Client Profile
"{3FC7CBBC4C1E11DCA1A752EA55D89593}" = DivX Version Checker
"{40F7AED3-0C7D-4582-99F6-484A515C73F2}" = HP Easy Setup - Frontend
"{4377F918-E6C9-4ECA-A7F5-754B310B7ED8}" = Sid Meier's Civilization 4
"{45A66726-69BC-466B-A7A4-12FCBA4883D7}" = HiJackThis
"{45D707E9-F3C4-11D9-A373-0050BAE317E1}" = DVD Play
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{57752979-A1C9-4C02-856B-FBB27AC4E02C}" = QuickTime
"{5EE7D259-D137-4438-9A5F-42F432EC0421}" = VC80CRTRedist - 8.0.50727.4053
"{619CDD8A-14B6-43a1-AB6C-0F4EE48CE048}" = Roxio Creator Copy
"{65DA2EC9-0642-47E9-AAE2-B5267AA14D75}" = Activation Assistant for the 2007 Microsoft Office suites
"{6675CA7F-E51B-4F6A-99D4-F8F0124C6EAA}" = Roxio Express Labeler 3
"{6956856F-B6B3-4BE0-BA0B-8F495BE32033}" = Apple Software Update
"{69FDFBB6-351D-4B8C-89D8-867DC9D0A2A4}" = Windows Media Player Firefox Plugin
"{6D52C408-B09A-4520-9B18-475B81D393F1}" = Microsoft Works
"{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable
"{75E71ADD-042C-4F30-BFAC-A9EC42351313}" = Python 2.4.3
"{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
"{7770E71B-2D43-4800-9CB3-5B6CAAEBEBEA}" = RealNetworks - Microsoft Visual C++ 2008 Runtime
"{786C5747-1033-0000-B58E-000000000001}" = Adobe Stock Photos 1.0
"{7B478ACE-8512-4A46-ACB2-69D83DF2F6C7}" = Digital Voice Recorder
"{824D3839-DAA1-4315-A822-7AE3E620E528}" = VideoToolkit01
"{837b34e3-7c30-493c-8f6a-2b0f04e2912c}" = Microsoft Visual C++ 2005 Redistributable
"{8389382B-53BA-4A87-8854-91E3D80A5AC7}" = HP Photosmart Essential2.01
"{83FFCFC7-88C6-41c6-8752-958A45325C82}" = Roxio Creator Audio
"{853A4763-6643-4604-8D64-28BDD8925F4C}" = Apple Application Support
"{8681B1E6-CD96-46EF-9065-CE0D1085ED99}" = Star Wars JK II Jedi Outcast
"{86CE85E6-DBAC-3FFD-B977-E4B79F83C909}" = Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570
"{8EDBA74D-0686-4C99-BFDD-F894678E5B39}" = Adobe Common File Installer
"{90120000-0016-0409-0000-0000000FF1CE}" = Microsoft Office Excel MUI (English) 2007
"{90120000-0016-0409-0000-0000000FF1CE}_HOMESTUDENTR_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0018-0409-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (English) 2007
"{90120000-0018-0409-0000-0000000FF1CE}_HOMESTUDENTR_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-001B-0409-0000-0000000FF1CE}" = Microsoft Office Word MUI (English) 2007
"{90120000-001B-0409-0000-0000000FF1CE}_HOMESTUDENTR_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007
"{90120000-001F-0409-0000-0000000FF1CE}_HOMESTUDENTR_{ABDDE972-355B-4AF1-89A8-DA50B7B5C045}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2007
"{90120000-001F-040C-0000-0000000FF1CE}_HOMESTUDENTR_{F580DDD5-8D37-4998-968E-EBB76BB86787}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-001F-0C0A-0000-0000000FF1CE}" = Microsoft Office Proof (Spanish) 2007
"{90120000-001F-0C0A-0000-0000000FF1CE}_HOMESTUDENTR_{187308AB-5FA7-4F14-9AB9-D290383A10D9}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-002C-0409-0000-0000000FF1CE}" = Microsoft Office Proofing (English) 2007
"{90120000-006E-0409-0000-0000000FF1CE}" = Microsoft Office Shared MUI (English) 2007
"{90120000-006E-0409-0000-0000000FF1CE}_HOMESTUDENTR_{DE5A002D-8122-4278-A7EE-3121E7EA254E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-00A1-0409-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (English) 2007
"{90120000-00A1-0409-0000-0000000FF1CE}_HOMESTUDENTR_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0115-0409-0000-0000000FF1CE}" = Microsoft Office Shared Setup Metadata MUI (English) 2007
"{90120000-0115-0409-0000-0000000FF1CE}_HOMESTUDENTR_{DE5A002D-8122-4278-A7EE-3121E7EA254E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{91120000-002F-0000-0000-0000000FF1CE}" = Microsoft Office Home and Student 2007
"{91120000-002F-0000-0000-0000000FF1CE}_HOMESTUDENTR_{0B36C6D6-F5D8-4EAF-BF94-4376A230AD5B}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{91120000-002F-0000-0000-0000000FF1CE}_HOMESTUDENTR_{3D019598-7B59-447A-80AE-815B703B84FF}" = Security Update for Microsoft Office system 2007 (972581)
"{934E9442-D305-4ACF-AD87-A6C11D677CB9}" = ImageMixer VCD2 for FinePix
"{95774351-6087-3A3B-8CA8-70BEE49D2BD5}" = Google Gears
"{9DBA770F-BF73-4D39-B1DF-6035D95268FC}" = HP Customer Feedback
"{a0fe116e-9a8a-466f-aee0-625cb7c207e3}" = Microsoft Visual C++ 2005 Redistributable - KB2467175
"{A3BC1DBD-64D6-4EBC-0091-24C811662D40}" = Madden NFL 08
"{A87B11AC-4344-4E5D-8B12-8F471A87DAD9}" = LightScribe 1.4.136.1
"{AB5E289E-76BF-4251-9F3F-9B763F681AE0}" = HP Customer Experience Enhancements
"{AC76BA86-7AD7-1033-7B44-A70900000002}" = Adobe Reader 7.0.9
"{B13A7C41581B411290FBC0395694E2A9}" = DivX Converter
"{B4092C6D-E886-4CB2-BA68-FE5A88D31DE6}_is1" = Spybot - Search & Destroy
"{B49C924C-A651-4378-94F6-5D9BF44A959F}" = Empire Earth - The Art of Conquest
"{B74D4E10-1033-0000-0000-000000000001}" = Adobe Bridge 1.0
"{BEE64C14-BEF1-4610-8A68-A16EAA47B882}" = Futuremark SystemInfo
"{C2E4B5BD-32DB-4817-A060-341AB17C3F90}" = Bonjour
"{C79CB9C7-10A4-4814-8402-F574672C2192}" = Star Wars Battlefront
"{C8B0680B-CDAE-4809-9F91-387B6DE00F7C}" = Roxio Creator Basic v9
"{CACAEB5F-174D-4C7C-AC56-A33289A807CA}" = Apple Mobile Device Support
"{CBFEEA43-2B94-44AF-8325-B413E62D2A5D}" = HP Total Care Advisor
"{CC40FA96-9445-4EF4-8DDB-5DADF5F01BA8}" = AVG 2011
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{CFBCE791-2D53-4FCE-B3FB-D6E01F4112E8}" = Sid Meier's Civilization 4
"{D680C913-5955-469D-9D88-C1940F7506D6}" = RAW FILE CONVERTER LE
"{DBEA1034-5882-4A88-8033-81C4EF0CFA29}" = Google Toolbar for Internet Explorer
"{DFAE9340-E8BB-4433-9A08-C8334DAFE1B9}" = Star Wars Republic Commando
"{E40CE517-0D42-4198-96B4-C8232B257EB5}" = Data Lifeguard Diagnostic for Windows
"{E4A02A3F-4F8A-4D94-BB99-68BC1D1CF6DB}" = Roxio MyDVD Basic v9
"{E9787678-1033-0000-8E67-000000000001}" = Adobe Help Center 1.0
"{F59A9E08-A6A4-4ACF-91F2-D0344956C30B}" = iTunes
"{F72E2DDC-3DB8-4190-A21D-63883D955FE7}" = PSSWCORE
"{F94234DB-FD06-42C3-B88D-6FC4DC9F988C}" = HP Easy Setup - Core
"AC3Filter" = AC3Filter (remove only)
"AceHTML Freeware" = AceHTML Freeware
"Activation Assistant for the 2007 Microsoft Office suites" = Activation Assistant for the 2007 Microsoft Office suites
"Adobe Flash Player ActiveX" = Adobe Flash Player ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin
"Adobe Photoshop CS2 - {236BB7C4-4419-42FD-0409-1E257A25E34D}" = Adobe Photoshop CS2
"Age of Empires Gold 1.0" = Microsoft Age of Empires Gold
"AVG" = AVG 2011
"AVS Update Manager_is1" = AVS Update Manager 1.0
"AVS4YOU Software Navigator_is1" = AVS4YOU Software Navigator 1.4
"AVS4YOU Video Converter 6_is1" = AVS Video Converter 6
"BN_DesktopReader" = NOOK for PC
"CCleaner" = CCleaner
"CNXT_MODEM_PCI_VEN_14F1&DEV_2F20&SUBSYS_200C14F1" = Soft Data Fax Modem with SmartCP
"DebugMode Wax 2.0" = DebugMode Wax 2.0
"DivX Plus DirectShow Filters" = DivX Plus DirectShow Filters
"DivX Setup.divx.com" = DivX Setup
"FLV Player1.33" = FLV Player
"FLVPlayer" = FLV Player 1.3.3
"HDMI" = Intel® Graphics Media Accelerator Driver
"HOMESTUDENTR" = Microsoft Office Home and Student 2007
"HP Photosmart Essential" = HP Photosmart Essential 2.01
"HPOOVClient-3572475 Uninstaller" = Compaq Connections (remove only)
"InstallShield_{2157961D-0507-44A8-BCF2-1EE2D439E8DF}" = Civilization III Complete Edition
"Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"Mozilla Firefox 4.0.1 (x86 en-US)" = Mozilla Firefox 4.0.1 (x86 en-US)
"Nvu_is1" = Nvu 1.0PR
"OsdMaestro" = HP On-Screen Caps/Num/Scroll Lock Indicator
"PC-Doctor 5 for Windows" = Hardware Diagnostic Tools
"RealPlayer 12.0" = RealPlayer
"Rhapsody" = Rhapsody
"Steam App 10500" = Empire: Total War
"Switch" = Switch Sound File Converter
"WildTangent hpdesktop Master Uninstall" = My HP Games
"WinGimp-2.0_is1" = GIMP 2.6.6
"WinRAR archiver" = WinRAR archiver
"Yahoo! Companion" = Yahoo! Toolbar for Internet Explorer
"Yahoo! Messenger" = Yahoo! Messenger
"Yahoo! Toolbar" = Yahoo! Toolbar

========== HKEY_USERS Uninstall List ==========

[HKEY_USERS\S-1-5-21-3194001091-2031638830-979600221-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"Google Chrome" = Google Chrome
"Move Networks Player - IE" = Move Networks Media Player for Internet Explorer
"uTorrent" = µTorrent

========== Last 10 Event Log Errors ==========

[ Application Events ]
Error - 6/1/2011 8:16:59 PM | Computer Name = owner-PC | Source = Application Error | ID = 1000
Description = Faulting application iPodService.exe, version 10.2.2.14, time stamp
0x4db7c5d2, faulting module unknown, version 0.0.0.0, time stamp 0x00000000, exception
code 0xc0000005, fault offset 0x0043879e, process id 0x3c0, application start time
0x01cc20ba63520010.

Error - 6/2/2011 5:42:20 PM | Computer Name = owner-PC | Source = Application Error | ID = 1000
Description = Faulting application avguard.exe, version 10.0.1.58, time stamp 0x4d6253fb,
faulting module unknown, version 0.0.0.0, time stamp 0x00000000, exception code
0xc0000005, fault offset 0x0042b24f, process id 0x100, application start time 0x01cc216df2f9326a.

Error - 6/2/2011 5:42:25 PM | Computer Name = owner-PC | Source = Application Error | ID = 1000
Description = Faulting application mDNSResponder.exe, version 2.0.5.0, time stamp
0x4d9cf41b, faulting module unknown, version 0.0.0.0, time stamp 0x00000000, exception
code 0xc0000005, fault offset 0x004332a8, process id 0x174, application start time
0x01cc216df65482ca.

Error - 6/2/2011 5:44:27 PM | Computer Name = owner-PC | Source = Application Error | ID = 1000
Description = Faulting application avguard.exe, version 10.0.1.58, time stamp 0x4d6253fb,
faulting module unknown, version 0.0.0.0, time stamp 0x00000000, exception code
0xc0000005, fault offset 0x0042b24f, process id 0x7c8, application start time 0x01cc216e3f29f52a.

Error - 6/2/2011 9:44:42 PM | Computer Name = owner-PC | Source = Application Error | ID = 1000
Description = Faulting application avguard.exe, version 10.0.1.58, time stamp 0x4d6253fb,
faulting module unknown, version 0.0.0.0, time stamp 0x00000000, exception code
0xc0000005, fault offset 0x0042b24f, process id 0x7fc, application start time 0x01cc218fcee51c6c.

Error - 6/2/2011 9:44:48 PM | Computer Name = owner-PC | Source = Application Error | ID = 1000
Description = Faulting application mDNSResponder.exe, version 2.0.5.0, time stamp
0x4d9cf41b, faulting module unknown, version 0.0.0.0, time stamp 0x00000000, exception
code 0xc0000005, fault offset 0x004332a8, process id 0x160, application start time
0x01cc218fd2ab8aac.

Error - 6/2/2011 9:46:53 PM | Computer Name = owner-PC | Source = Application Error | ID = 1000
Description = Faulting application avguard.exe, version 10.0.1.58, time stamp 0x4d6253fb,
faulting module unknown, version 0.0.0.0, time stamp 0x00000000, exception code
0xc0000005, fault offset 0x0042b24f, process id 0x928, application start time 0x01cc21901d18082c.

Error - 6/3/2011 8:42:58 AM | Computer Name = owner-PC | Source = Application Error | ID = 1000
Description = Faulting application avguard.exe, version 10.0.1.58, time stamp 0x4d6253fb,
faulting module unknown, version 0.0.0.0, time stamp 0x00000000, exception code
0xc0000005, fault offset 0x0042b24f, process id 0x7a8, application start time 0x01cc21ebc4358652.

Error - 6/3/2011 8:43:04 AM | Computer Name = owner-PC | Source = Application Error | ID = 1000
Description = Faulting application mDNSResponder.exe, version 2.0.5.0, time stamp
0x4d9cf41b, faulting module unknown, version 0.0.0.0, time stamp 0x00000000, exception
code 0xc0000005, fault offset 0x004332a8, process id 0x100, application start time
0x01cc21ebc81d47d2.

Error - 6/3/2011 8:45:19 AM | Computer Name = owner-PC | Source = Application Error | ID = 1000
Description = Faulting application avguard.exe, version 10.0.1.58, time stamp 0x4d6253fb,
faulting module unknown, version 0.0.0.0, time stamp 0x00000000, exception code
0xc0000005, fault offset 0x0042b24f, process id 0xebc, application start time 0x01cc21ec1854bdf2.

[ System Events ]
Error - 6/5/2011 11:16:31 PM | Computer Name = owner-PC | Source = Dhcp | ID = 1002
Description = The IP address lease 192.168.1.7 for the Network Card with network
address 001921D5C8BE has been denied by the DHCP server 0.0.0.0 (The DHCP Server
sent a DHCPNACK message).

Error - 6/6/2011 8:35:31 AM | Computer Name = owner-PC | Source = HTTP | ID = 15016
Description =

Error - 6/6/2011 8:35:53 AM | Computer Name = owner-PC | Source = Service Control Manager | ID = 7000
Description =

Error - 6/6/2011 8:35:53 AM | Computer Name = owner-PC | Source = Service Control Manager | ID = 7000
Description =

Error - 6/6/2011 8:35:53 AM | Computer Name = owner-PC | Source = Service Control Manager | ID = 7000
Description =

Error - 6/6/2011 8:35:57 AM | Computer Name = owner-PC | Source = Service Control Manager | ID = 7009
Description =

Error - 6/6/2011 8:35:57 AM | Computer Name = owner-PC | Source = Service Control Manager | ID = 7000
Description =

Error - 6/6/2011 8:35:57 AM | Computer Name = owner-PC | Source = Service Control Manager | ID = 7000
Description =

Error - 6/6/2011 8:35:57 AM | Computer Name = owner-PC | Source = Service Control Manager | ID = 7026
Description =

Error - 6/6/2011 2:27:49 PM | Computer Name = owner-PC | Source = Dhcp | ID = 1002
Description = The IP address lease 192.168.1.4 for the Network Card with network
address 001921D5C8BE has been denied by the DHCP server 0.0.0.0 (The DHCP Server
sent a DHCPNACK message).

< End of report >

#4 SweetTech

Agent ST

Group: Malware Response Team
Posts: 12,662
Joined: 15-March 09
Gender:Male
Location:Antarctica

Posted 06 June 2011 - 02:29 PM

Ho Pyrosteria,

No problem!

Thanks for that information regarding switching back to AVG. We're going to have to uninstall this in a little while, so that we can run a more powerful tool.

I realize this post may seem quite long, but some of the instructions are for using removal tools. Take your time, and if you have any questions, please ask.

Looks like TDSSKiller found something.

Please yield the following warning;

Posted Image

One or more of the identified infections is a backdoor trojan and password stealer.

This type of infection allows hackers to access and remotely control your computer, log keystrokes, steal critical system information, and download and execute files without your knowledge.
If you do any banking or other financial transactions on the PC or if it contains any other sensitive information, then from a clean computer, change all passwords where applicable.
It would also be wise to contact those same financial institutions to appraise them of your situation.

I highly suggest you take a look at the two links provided below:
1. How Do I Handle Possible Identify Theft, Internet Fraud, and CC Fraud?
2. When should I re-format? How should I reinstall?

We can still clean this machine but I can't guarantee that it will be 100% secure afterwards. Let me know what you decide to do. If you decide to go through with the cleanup, please proceed with the following steps.

NEXT:

Disable SpyBot TeaTimer
We need to disable Spybot S&D's "TeaTimer"
TeaTimer works by preventing ANY changes to the system. It will attempt to undo any fixes we run, because it blocks these fixes from running.

In order to safeguard your system from problems that can be brought on by a half finished fix, we need to disable TeaTimer. We can reenable it when we're done if you like.

Open SpyBot Search and Destroy by going to Start -> All Programs -> Spybot Search and Destroy -> Spybot Search and Destroy.
If prompted with a legal dialog, accept the warning.
Click and then on "Advanced Mode"
You may be presented with a warning dialog. If so, press
Click on
Click on
Uncheck this checkbox:
Close/Exit Spybot Search and Destroy

NEXT:

We need to remove a program. To do this please do the following:
For Vista Users:

Click on Start > Control Panel and double click on Programs and Features.
Locate AVG and click on the Uninstall button to uninstall it.
Close Control Panel when done.

NEXT:

We need to temporarily remove your Anti-Virus, as it interes with the fix I want to run. You can reinstall it again later. If you are not happy about doing this, please let me know before proceding

Download AppRemover and run it.

Click Next >>
Posted Image

Ensure "Remove Security Application" is collected and click Next >>
Posted Image

AppRemover will scan all the security applications on your PC
Posted Image

Select Any AVG entries from the applications offered and click Next >> twice.
Posted Image

Follow any further on-screen instructions. If asked to reboot,please do so.

Note: Please do not browse the internet or open any email attachments until your Anti-Virus is re-installed

NEXT:

AVG Removal Tool

Download and save AVG Removal Tool to your desktop

Run it to remove AVG. After this, please restart your computer.

NEXT:

avast! Uninstall Utility

Sometimes it's not possible to uninstall avast! the standard way - using the ADD/REMOVE PROGRAMS in control panel. In this case, you can use our uninstallation utility aswClear.

Download aswClear.exe on to your desktop
Start Windows in Safe Mode
Open (execute) the uninstall utility = aswClear.exe
If you installed avast! in a different folder than the default, browse for it. Note: Be careful! The content of any folder you choose will be deleted!
Click REMOVE
Restart your computer

NEXT:

OTL Fix

We need to run an OTL Fix

Please reopen on your desktop.

Copy and Paste the following code into the Posted Image

textbox.

:Services
:OTL
PRC - [2011/04/18 17:40:08 | 002,334,560 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG10\avgtray.exe
PRC - [2011/02/10 07:55:18 | 001,148,256 | ---- | M] () -- C:\Program Files\AVG\AVG10\Identity Protection\Agent\Bin\AVGIDSMonitor.exe
SRV - File not found [Auto | Stopped] -- -- (XAudioService)
SRV - File not found [Auto | Stopped] -- -- (SBSDWSCService)
SRV - File not found [Auto | Stopped] -- -- (LightScribeService)
SRV - File not found [On_Demand | Stopped] -- -- (iPod Service)
SRV - File not found [Auto | Stopped] -- -- (CLTNetCnService)
SRV - File not found [Auto | Stopped] -- -- (Bonjour Service)
SRV - File not found [Auto | Stopped] -- -- (aawservice)
SRV - [2011/05/30 11:33:54 | 001,025,352 | ---- | M] () [On_Demand | Stopped] -- C:\Program Files\AVG\AVG10\Toolbar\ToolbarBroker.exe -- (AVG Security Toolbar Service)
SRV - [2011/04/18 17:39:42 | 007,398,752 | ---- | M] (AVG Technologies CZ, s.r.o.) [Auto | Stopped] -- C:\Program Files\AVG\AVG10\Identity Protection\Agent\Bin\AVGIDSAgent.exe -- (AVGIDSAgent)
SRV - [2011/02/08 05:33:42 | 000,269,520 | ---- | M] (AVG Technologies CZ, s.r.o.) [Auto | Stopped] -- C:\Program Files\AVG\AVG10\avgwdsvc.exe -- (avgwd)
DRV - [2011/04/14 21:28:18 | 000,134,480 | ---- | M] (AVG Technologies CZ, s.r.o. ) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\AVGIDSDriver.sys -- (AVGIDSDriver)
DRV - [2011/04/05 00:59:56 | 000,297,168 | ---- | M] (AVG Technologies CZ, s.r.o.) [Kernel | System | Running] -- C:\Windows\System32\drivers\avgtdix.sys -- (Avgtdix)
DRV - [2011/03/16 16:03:20 | 000,032,592 | ---- | M] (AVG Technologies CZ, s.r.o.) [File_System | Boot | Running] -- C:\Windows\system32\DRIVERS\avgrkx86.sys -- (Avgrkx86)
DRV - [2011/03/01 14:25:18 | 000,034,896 | ---- | M] (AVG Technologies CZ, s.r.o.) [File_System | System | Running] -- C:\Windows\System32\drivers\avgmfx86.sys -- (Avgmfx86)
DRV - [2011/02/22 08:12:38 | 000,022,992 | ---- | M] (AVG Technologies CZ, s.r.o. ) [Kernel | Boot | Running] -- C:\Windows\system32\DRIVERS\AVGIDSEH.Sys -- (AVGIDSEH)
DRV - [2011/02/10 07:53:30 | 000,028,624 | ---- | M] (AVG Technologies CZ, s.r.o. ) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\AVGIDSShim.sys -- (AVGIDSShim)
DRV - [2011/02/10 07:53:28 | 000,024,144 | ---- | M] (AVG Technologies CZ, s.r.o. ) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\AVGIDSFilter.sys -- (AVGIDSFilter)
DRV - [2011/01/07 06:41:46 | 000,248,656 | ---- | M] (AVG Technologies CZ, s.r.o.) [Kernel | System | Running] -- C:\Windows\System32\drivers\avgldx86.sys -- (Avgldx86)
IE - HKU\S-1-5-21-3194001091-2031638830-979600221-1000\..\URLSearchHook: {A3BC75A2-1F87-4686-AA43-5347D756017C} - C:\Program Files\AVG\AVG10\Toolbar\IEToolbar.dll ()
FF - prefs.js..browser.search.defaultenginename: "AVG Secure Search"
FF - prefs.js..browser.search.selectedEngine: "AVG Secure Search"
FF - prefs.js..extensions.enabledItems: avg@igeared:6.103.018.001
FF - prefs.js..keyword.URL: "http://search.avg.com/route/?d=4debb26e&v=7.005.030.004&i=23&tp=ab&iy=&ychte=us&lng=en-US&q="
FF - HKLM\software\mozilla\Firefox\Extensions\\{1E73965B-8B48-48be-9C8D-68B920ABC1C4}: C:\Program Files\AVG\AVG10\Firefox4\ [2011/06/05 12:44:08 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Firefox\Extensions\\avg@igeared: C:\Program Files\AVG\AVG10\Toolbar\Firefox\avg@igeared [2011/06/05 12:44:29 | 000,000,000 | ---D | M]
[2011/06/05 12:44:08 | 000,000,000 | ---D | M] (AVG Safe Search) -- C:\PROGRAM FILES\AVG\AVG10\FIREFOX4
O2 - BHO: (AVG Safe Search) - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG10\avgssie.dll (AVG Technologies CZ, s.r.o.)
O2 - BHO: (AVG Security Toolbar BHO) - {A3BC75A2-1F87-4686-AA43-5347D756017C} - C:\Program Files\AVG\AVG10\Toolbar\IEToolbar.dll ()
O3 - HKLM\..\Toolbar: (AVG Security Toolbar) - {CCC7A320-B3CA-4199-B1A6-9F516DD69829} - C:\Program Files\AVG\AVG10\Toolbar\IEToolbar.dll ()
O4 - HKLM..\Run: [] File not found
O4 - HKLM..\Run: [AVG_TRAY] C:\Program Files\AVG\AVG10\avgtray.exe (AVG Technologies CZ, s.r.o.)
O4 - HKLM..\Run: [RtHDVCpl] File not found
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cab (Java Plug-in 1.6.0_24)
O16 - DPF: {CAFEEFAC-0016-0000-0003-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_03-windows-i586.cab (Java Plug-in 1.6.0_03)
O16 - DPF: {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_07-windows-i586.cab (Java Plug-in 1.6.0_07)
O16 - DPF: {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cab (Java Plug-in 1.6.0_24)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cab (Java Plug-in 1.6.0_24)
O18 - Protocol\Handler\avgsecuritytoolbar {F2DDE6B2-9684-4A55-86D4-E255E237B77C} - C:\Program Files\AVG\AVG10\Toolbar\IEToolbar.dll ()
O18 - Protocol\Handler\linkscanner {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG10\avgpp.dll (AVG Technologies CZ, s.r.o.)
O33 - MountPoints2\{17b5615f-0926-11e0-8ec0-001921d5c8be}\Shell - "" = AutoRun
O33 - MountPoints2\{17b5615f-0926-11e0-8ec0-001921d5c8be}\Shell\AutoRun\command - "" = G:\LaunchU3.exe -a
O33 - MountPoints2\{1c59ba3b-fdb7-11dc-b11a-001921d5c8be}\Shell - "" = AutoRun
O33 - MountPoints2\{1c59ba3b-fdb7-11dc-b11a-001921d5c8be}\Shell\AutoRun\command - "" = H:\LaunchU3.exe -a
O33 - MountPoints2\{62c6df80-0351-11de-88c1-001921d5c8be}\Shell - "" = AutoRun
O33 - MountPoints2\{62c6df80-0351-11de-88c1-001921d5c8be}\Shell\AutoRun\command - "" = G:\LaunchU3.exe -a
O33 - MountPoints2\{92e3f40d-22d7-11df-9ed6-001921d5c8be}\Shell - "" = AutoRun
O33 - MountPoints2\{92e3f40d-22d7-11df-9ed6-001921d5c8be}\Shell\AutoRun\command - "" = F:\LaunchU3.exe -a
O33 - MountPoints2\{a6ba34da-13c7-11dc-a2af-001921d5c8be}\Shell - "" = AutoRun
O33 - MountPoints2\{a6ba34da-13c7-11dc-a2af-001921d5c8be}\Shell\AutoRun\command - "" = H:\LaunchU3.exe -a
O33 - MountPoints2\G\Shell\AutoRun\command - "" = G:\setup.exe
O34 - HKLM BootExecute: (C:\PROGRA~1\AVG\AVG10\avgchsvx.exe /sync) - C:\Program Files\AVG\AVG10\avgchsvx.exe (AVG Technologies CZ, s.r.o.)
O34 - HKLM BootExecute: (C:\PROGRA~1\AVG\AVG10\avgrsx.exe /sync /restart) - C:\Program Files\AVG\AVG10\avgrsx.exe (AVG Technologies CZ, s.r.o.)
[2011/06/05 13:11:58 | 000,000,000 | ---D | C] -- C:\Users\owner\AppData\Local\AVG Security Toolbar
[2011/06/05 13:11:00 | 000,000,000 | -H-D | C] -- C:\$AVG
[2011/06/05 12:44:29 | 000,000,000 | ---D | C] -- C:\ProgramData\AVG Security Toolbar
[2011/06/05 12:44:10 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AVG 2011
[2011/05/30 09:09:44 | 000,040,112 | ---- | C] (AVAST Software) -- C:\Windows\avastSS.scr
[2011/05/30 09:09:32 | 000,000,000 | ---D | C] -- C:\ProgramData\AVAST Software
[2011/06/05 12:52:03 | 117,270,103 | ---- | M] () -- C:\Windows\System32\drivers\AVG\incavi.avm
[2011/06/05 12:44:16 | 000,000,836 | ---- | M] () -- C:\Users\Public\Desktop\AVG 2011.lnk
[2011/05/28 20:41:12 | 000,011,170 | -HS- | M] () -- C:\Users\owner\AppData\Local\245337r41f060nm5sc34053da45p08wb8sf13d412u
[2011/05/28 20:41:12 | 000,011,170 | -HS- | M] () -- C:\ProgramData\245337r41f060nm5sc34053da45p08wb8sf13d412u
[2011/05/11 15:14:03 | 000,870,128 | ---- | M] () -- C:\Windows\System32\mcs.rma
[2011/05/11 15:14:03 | 000,000,004 | ---- | M] () -- C:\Windows\System32\5F9E69
[2011/05/10 08:10:59 | 000,040,112 | ---- | M] (AVAST Software) -- C:\Windows\avastSS.scr
[2099/01/01 12:00:00 | 000,006,456 | -H-- | C] () -- C:\ProgramData\jutezawo
[2011/06/05 12:52:03 | 117,270,103 | ---- | C] () -- C:\Windows\System32\drivers\AVG\incavi.avm
[2011/06/05 12:44:16 | 000,000,836 | ---- | C] () -- C:\Users\Public\Desktop\AVG 2011.lnk
[2011/05/30 17:23:43 | 000,000,036 | ---- | C] () -- C:\Users\owner\AppData\Local\housecall.guid.cache
[2011/05/28 20:03:14 | 000,011,170 | -HS- | C] () -- C:\Users\owner\AppData\Local\245337r41f060nm5sc34053da45p08wb8sf13d412u
[2011/05/28 20:03:14 | 000,011,170 | -HS- | C] () -- C:\ProgramData\245337r41f060nm5sc34053da45p08wb8sf13d412u
@Alternate Data Stream - 64 bytes -> C:\Users\owner\Documents\auto_cookies.mod:TOC.WMV

:Reg

:Files
ipconfig /flushdns /c
:Commands
[purity]
[resethosts]
[CreateRestorePoint]

Push
OTL may ask to reboot the machine. Please do so if asked.
Click the OK button.
A report will open. Copy and Paste that report in your next reply.
If the machine reboots, the log will be located at C:\_OTL\MovedFiles\mmddyyyy_hhmmss.log, where mmddyyyy_hhmmss is the date of the tool run.

NEXT:

Running ComboFix
Download Combofix from either of the links below, and save it to your desktop.

Link 1
Link 2

**Note: It is important that it is saved directly to your desktop**

--------------------------------------------------------------------
IMPORTANT - Disable your AntiVirus and AntiSpyware applications, usually via a right click on the System Tray icon. They may otherwise interfere with our tools. If you have difficulty properly disabling your protective programs, refer to this link here

Note: If AVG or CA Internet Security Suite is installed, you must remove these programs before using Combofix. If for some reason these applications will not uninstall, try uninstalling with AppRemover by Opswat.
--------------------------------------------------------------------

Double click on ComboFix.exe & follow the prompts.

Please post the C:\ComboFix.txt for further review.

#5 Pyrosteria

New Member

Group: Members
Posts: 13
Joined: 31-May 11

Posted 06 June 2011 - 09:54 PM

I went through all the steps and here are the logs you requested:

OTL

========== SERVICES/DRIVERS ==========
========== OTL ==========
No active process named avgtray.exe was found!
No active process named AVGIDSMonitor.exe was found!
Service XAudioService stopped successfully!
Service XAudioService deleted successfully!
Service SBSDWSCService stopped successfully!
Service SBSDWSCService deleted successfully!
Service LightScribeService stopped successfully!
Service LightScribeService deleted successfully!
Service iPod Service stopped successfully!
Service iPod Service deleted successfully!
Service CLTNetCnService stopped successfully!
Service CLTNetCnService deleted successfully!
Service Bonjour Service stopped successfully!
Service Bonjour Service deleted successfully!
Service aawservice stopped successfully!
Service aawservice deleted successfully!
Error: No service named AVG Security Toolbar Service was found to stop!
Service\Driver key AVG Security Toolbar Service not found.
File C:\Program Files\AVG\AVG10\Toolbar\ToolbarBroker.exe not found.
Error: No service named AVGIDSAgent was found to stop!
Service\Driver key AVGIDSAgent not found.
File C:\Program Files\AVG\AVG10\Identity Protection\Agent\Bin\AVGIDSAgent.exe not found.
Error: No service named avgwd was found to stop!
Service\Driver key avgwd not found.
File C:\Program Files\AVG\AVG10\avgwdsvc.exe not found.
Error: No service named AVGIDSDriver was found to stop!
Service\Driver key AVGIDSDriver not found.
File C:\Windows\System32\drivers\AVGIDSDriver.sys not found.
Error: No service named Avgtdix was found to stop!
Service\Driver key Avgtdix not found.
File C:\Windows\System32\drivers\avgtdix.sys not found.
Error: No service named Avgrkx86 was found to stop!
Service\Driver key Avgrkx86 not found.
File C:\Windows\system32\DRIVERS\avgrkx86.sys not found.
Error: No service named Avgmfx86 was found to stop!
Service\Driver key Avgmfx86 not found.
File C:\Windows\System32\drivers\avgmfx86.sys not found.
Error: No service named AVGIDSEH was found to stop!
Service\Driver key AVGIDSEH not found.
File C:\Windows\system32\DRIVERS\AVGIDSEH.Sys not found.
Error: No service named AVGIDSShim was found to stop!
Service\Driver key AVGIDSShim not found.
File C:\Windows\System32\drivers\AVGIDSShim.sys not found.
Error: No service named AVGIDSFilter was found to stop!
Service\Driver key AVGIDSFilter not found.
File C:\Windows\System32\drivers\AVGIDSFilter.sys not found.
Error: No service named Avgldx86 was found to stop!
Service\Driver key Avgldx86 not found.
File C:\Windows\System32\drivers\avgldx86.sys not found.
Registry value HKEY_USERS\S-1-5-21-3194001091-2031638830-979600221-1000\Software\Microsoft\Internet Explorer\URLSearchHooks\\{A3BC75A2-1F87-4686-AA43-5347D756017C} not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{A3BC75A2-1F87-4686-AA43-5347D756017C}\ not found.
File C:\Program Files\AVG\AVG10\Toolbar\IEToolbar.dll not found.
Prefs.js: "AVG Secure Search" removed from browser.search.defaultenginename
Prefs.js: "AVG Secure Search" removed from browser.search.selectedEngine
Prefs.js: avg@igeared:6.103.018.001 removed from extensions.enabledItems
Prefs.js: "http://search.avg.com/route/?d=4debb26e&v=7.005.030.004&i=23&tp=ab&iy=&ychte=us&lng=en-US&q=" removed from keyword.URL
Registry value HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{1E73965B-8B48-48be-9C8D-68B920ABC1C4} not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{1E73965B-8B48-48be-9C8D-68B920ABC1C4}\ not found.
C:\Program Files\AVG\AVG10\Firefox4\Components folder moved successfully.
C:\Program Files\AVG\AVG10\Firefox4 folder moved successfully.
Registry value HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\avg@igeared not found.
C:\Program Files\AVG\AVG10\Toolbar\Firefox\avg@igeared\components folder moved successfully.
C:\Program Files\AVG\AVG10\Toolbar\Firefox\avg@igeared folder moved successfully.
Folder C:\PROGRAM FILES\AVG\AVG10\FIREFOX4\ not found.
Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{3CA2F312-6F6E-4B53-A66E-4E65E497C8C0}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{3CA2F312-6F6E-4B53-A66E-4E65E497C8C0}\ not found.
File C:\Program Files\AVG\AVG10\avgssie.dll not found.
Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{A3BC75A2-1F87-4686-AA43-5347D756017C}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{A3BC75A2-1F87-4686-AA43-5347D756017C}\ not found.
File C:\Program Files\AVG\AVG10\Toolbar\IEToolbar.dll not found.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Toolbar\\{CCC7A320-B3CA-4199-B1A6-9F516DD69829} not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{CCC7A320-B3CA-4199-B1A6-9F516DD69829}\ not found.
File C:\Program Files\AVG\AVG10\Toolbar\IEToolbar.dll not found.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\\ deleted successfully.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\\AVG_TRAY not found.
File C:\Program Files\AVG\AVG10\avgtray.exe not found.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\\RtHDVCpl deleted successfully.
Starting removal of ActiveX control {8AD9C840-044E-11D1-B3E9-00805F499D93}
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{8AD9C840-044E-11D1-B3E9-00805F499D93}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{8AD9C840-044E-11D1-B3E9-00805F499D93}\ deleted successfully.
Registry key HKEY_CURRENT_USER\SOFTWARE\Classes\CLSID\{8AD9C840-044E-11D1-B3E9-00805F499D93}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{8AD9C840-044E-11D1-B3E9-00805F499D93}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{8AD9C840-044E-11D1-B3E9-00805F499D93}\ not found.
Starting removal of ActiveX control {CAFEEFAC-0016-0000-0003-ABCDEFFEDCBA}
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{CAFEEFAC-0016-0000-0003-ABCDEFFEDCBA}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0003-ABCDEFFEDCBA}\ deleted successfully.
Registry key HKEY_CURRENT_USER\SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0003-ABCDEFFEDCBA}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{CAFEEFAC-0016-0000-0003-ABCDEFFEDCBA}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0003-ABCDEFFEDCBA}\ not found.
Starting removal of ActiveX control {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA}
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA}\ deleted successfully.
Registry key HKEY_CURRENT_USER\SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA}\ not found.
Starting removal of ActiveX control {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA}
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA}\ deleted successfully.
Registry key HKEY_CURRENT_USER\SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA}\ not found.
Starting removal of ActiveX control {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA}
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA}\ not found.
File C:\Program Files\AVG\AVG10\Toolbar\IEToolbar.dll not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PROTOCOLS\Handler\avgsecuritytoolbar\ not found.
File C:\Program Files\AVG\AVG10\Toolbar\IEToolbar.dll not found.
File C:\Program Files\AVG\AVG10\avgpp.dll not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PROTOCOLS\Handler\linkscanner\ not found.
File C:\Program Files\AVG\AVG10\avgpp.dll not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{17b5615f-0926-11e0-8ec0-001921d5c8be}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{17b5615f-0926-11e0-8ec0-001921d5c8be}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{17b5615f-0926-11e0-8ec0-001921d5c8be}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{17b5615f-0926-11e0-8ec0-001921d5c8be}\ not found.
File G:\LaunchU3.exe -a not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{1c59ba3b-fdb7-11dc-b11a-001921d5c8be}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{1c59ba3b-fdb7-11dc-b11a-001921d5c8be}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{1c59ba3b-fdb7-11dc-b11a-001921d5c8be}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{1c59ba3b-fdb7-11dc-b11a-001921d5c8be}\ not found.
File H:\LaunchU3.exe -a not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{62c6df80-0351-11de-88c1-001921d5c8be}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{62c6df80-0351-11de-88c1-001921d5c8be}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{62c6df80-0351-11de-88c1-001921d5c8be}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{62c6df80-0351-11de-88c1-001921d5c8be}\ not found.
File G:\LaunchU3.exe -a not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{92e3f40d-22d7-11df-9ed6-001921d5c8be}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{92e3f40d-22d7-11df-9ed6-001921d5c8be}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{92e3f40d-22d7-11df-9ed6-001921d5c8be}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{92e3f40d-22d7-11df-9ed6-001921d5c8be}\ not found.
File F:\LaunchU3.exe -a not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{a6ba34da-13c7-11dc-a2af-001921d5c8be}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{a6ba34da-13c7-11dc-a2af-001921d5c8be}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{a6ba34da-13c7-11dc-a2af-001921d5c8be}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{a6ba34da-13c7-11dc-a2af-001921d5c8be}\ not found.
File H:\LaunchU3.exe -a not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\G\ deleted successfully.
File G:\setup.exe not found.
Registry value HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Session manager\\BootExecute:C:\PROGRA~1\AVG\AVG10\avgchsvx.exe /sync deleted successfully.
File C:\Program Files\AVG\AVG10\avgchsvx.exe not found.
Registry value HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Session manager\\BootExecute:C:\PROGRA~1\AVG\AVG10\avgrsx.exe /sync /restart deleted successfully.
File C:\Program Files\AVG\AVG10\avgrsx.exe not found.
Folder C:\Users\owner\AppData\Local\AVG Security Toolbar\ not found.
Folder C:\$AVG\ not found.
Folder C:\ProgramData\AVG Security Toolbar\ not found.
Folder C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AVG 2011\ not found.
C:\Windows\avastSS.scr moved successfully.
C:\ProgramData\AVAST Software\Avast\sounds\1033 folder moved successfully.
C:\ProgramData\AVAST Software\Avast\sounds folder moved successfully.
C:\ProgramData\AVAST Software\Avast\report folder moved successfully.
C:\ProgramData\AVAST Software\Avast\moved folder moved successfully.
C:\ProgramData\AVAST Software\Avast\log folder moved successfully.
C:\ProgramData\AVAST Software\Avast\journal folder moved successfully.
C:\ProgramData\AVAST Software\Avast\integ folder moved successfully.
C:\ProgramData\AVAST Software\Avast\HtmlData folder moved successfully.
C:\ProgramData\AVAST Software\Avast\fw folder moved successfully.
C:\ProgramData\AVAST Software\Avast\chest folder moved successfully.
C:\ProgramData\AVAST Software\Avast\backup folder moved successfully.
C:\ProgramData\AVAST Software\Avast folder moved successfully.
C:\ProgramData\AVAST Software folder moved successfully.
File C:\Windows\System32\drivers\AVG\incavi.avm not found.
File C:\Users\Public\Desktop\AVG 2011.lnk not found.
C:\Users\owner\AppData\Local\245337r41f060nm5sc34053da45p08wb8sf13d412u moved successfully.
C:\ProgramData\245337r41f060nm5sc34053da45p08wb8sf13d412u moved successfully.
C:\Windows\System32\mcs.rma moved successfully.
C:\Windows\System32\5F9E69 moved successfully.
File C:\Windows\avastSS.scr not found.
C:\ProgramData\jutezawo moved successfully.
File C:\Windows\System32\drivers\AVG\incavi.avm not found.
File C:\Users\Public\Desktop\AVG 2011.lnk not found.
C:\Users\owner\AppData\Local\housecall.guid.cache moved successfully.
File C:\Users\owner\AppData\Local\245337r41f060nm5sc34053da45p08wb8sf13d412u not found.
File C:\ProgramData\245337r41f060nm5sc34053da45p08wb8sf13d412u not found.
ADS C:\Users\owner\Documents\auto_cookies.mod:TOC.WMV deleted successfully.
========== REGISTRY ==========
========== FILES ==========
< ipconfig /flushdns /c >
Windows IP Configuration
Successfully flushed the DNS Resolver Cache.
C:\Users\owner\Desktop\cmd.bat deleted successfully.
C:\Users\owner\Desktop\cmd.txt deleted successfully.
========== COMMANDS ==========
C:\Windows\System32\drivers\etc\Hosts moved successfully.
HOSTS file reset successfully

OTL by OldTimer - Version 3.2.23.0 log created on 06062011_215831

ComboFix

ComboFix 11-06-06.02 - owner 06/06/2011 22:21:54.1.1 - x86
Microsoft® Windows Vista™ Home Basic 6.0.6001.1.1252.1.1033.18.2039.1227 [GMT -4:00]
Running from: c:\users\owner\Desktop\ComboFix.exe
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
* Created a new restore point
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\windows\assembly\GAC_MSIL\desktop.ini
c:\windows\Downloaded Program Files\f3initialsetup1.0.1.0.inf
c:\windows\jestertb.dll
c:\windows\system32\Drivers\mlkfk.sys
.
Infected copy of c:\windows\system32\drivers\cdrom.sys was found and disinfected
Restored copy from - c:\windows\SoftwareDistribution\Download\bcfed137e95e2bc1b83ef80262a82b16\x86_cdrom.inf_31bf3856ad364e35_6.0.6002.18005_none_6194d4eea0e93596\cdrom.sys
.
.
((((((((((((((((((((((((( Files Created from 2011-05-07 to 2011-06-07 )))))))))))))))))))))))))))))))
.
.
2011-06-07 02:30 . 2011-06-07 02:30 -------- d-----w- c:\users\Default\AppData\Local\temp
2011-06-07 01:58 . 2011-06-07 01:58 -------- d-----w- C:\_OTL
2011-06-05 12:47 . 2011-06-05 12:47 404640 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2011-06-03 17:57 . 2011-05-24 23:12 6962000 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{8E109EB6-E555-4EE4-B9AD-47E7F25E5615}\mpengine.dll
2011-05-31 01:02 . 2011-05-31 14:51 -------- d--h--w- c:\program files\Temp
2011-05-30 16:44 . 2011-05-30 16:44 388096 ----a-r- c:\users\owner\AppData\Roaming\Microsoft\Installer\{45A66726-69BC-466B-A7A4-12FCBA4883D7}\HiJackThis.exe
2011-05-30 16:44 . 2011-05-30 16:44 -------- d-----w- c:\program files\Trend Micro
2011-05-30 14:02 . 2011-06-05 19:56 -------- d-----w- c:\program files\Spybot - Search & Destroy
2011-05-30 14:02 . 2011-05-30 15:00 -------- d-----w- c:\programdata\Spybot - Search & Destroy
2011-05-22 12:56 . 2011-05-22 12:56 -------- d-----w- c:\program files\Common Files\xing shared
2011-05-11 12:09 . 2011-04-07 12:01 2409784 ----a-w- c:\program files\Windows Mail\OESpamFilter.dat
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2011-06-07 01:17 . 2008-09-30 01:00 66560 ----a-w- c:\windows\system32\drivers\smb.sys
2011-06-05 16:34 . 2008-09-30 01:01 121344 ----a-w- c:\windows\system32\drivers\ndiswan.sys
2011-06-05 13:31 . 2008-09-30 01:02 362608 ----a-w- c:\windows\system32\drivers\msiscsi.sys
2011-05-31 17:11 . 2008-09-30 01:00 184320 ----a-w- c:\windows\system32\drivers\netbt.sys
2011-05-31 14:51 . 2007-03-26 13:16 319456 ----a-w- c:\windows\DIFxAPI.dll
2011-05-24 23:14 . 2009-10-03 05:50 222080 ------w- c:\windows\system32\MpSigStub.exe
2011-05-22 12:54 . 2007-03-26 13:24 499712 ----a-w- c:\windows\system32\msvcp71.dll
2011-05-22 12:54 . 2007-03-26 13:10 348160 ----a-w- c:\windows\system32\msvcr71.dll
2011-04-06 20:20 . 2011-04-06 20:20 91424 ----a-w- c:\windows\system32\dnssd.dll
2011-04-06 20:20 . 2011-04-06 20:20 75040 ----a-w- c:\windows\system32\jdns_sd.dll
2011-04-06 20:20 . 2011-04-06 20:20 197920 ----a-w- c:\windows\system32\dnssdX.dll
2011-04-06 20:20 . 2011-04-06 20:20 107808 ----a-w- c:\windows\system32\dns-sd.exe
2011-03-10 16:12 . 2011-04-13 16:23 1161728 ----a-w- c:\windows\system32\mfc42u.dll
2011-03-10 16:12 . 2011-04-13 16:23 1136640 ----a-w- c:\windows\system32\mfc42.dll
2011-04-29 17:35 . 2011-04-16 16:23 142296 ----a-w- c:\program files\mozilla firefox\components\browsercomps.dll
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2008-01-19 1233920]
"updateMgr"="c:\program files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe" [2006-03-30 313472]
"WMPNSCFG"="c:\program files\Windows Media Player\WMPNSCFG.exe" [2008-01-19 202240]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"hpsysdrv"="c:\hp\support\hpsysdrv.exe" [2006-09-28 65536]
"OsdMaestro"="c:\program files\Hewlett-Packard\On-Screen OSD Indicator\OSD.exe" [2006-11-20 155648]
"DXM6Patch_981116"="c:\windows\p_981116.exe" [1998-11-30 497376]
"Malwarebytes Anti-Malware (reboot)"="c:\program files\Malwarebytes' Anti-Malware\mbam.exe" [2010-04-29 1090952]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2008-06-19 141848]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2008-06-19 166424]
"Persistence"="c:\windows\system32\igfxpers.exe" [2008-06-19 133656]
"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2010-11-29 421888]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2010-10-29 249064]
"DivXUpdate"="c:\program files\DivX\DivX Update\DivXUpdate.exe" [2011-03-21 1230704]
"Malwarebytes' Anti-Malware (reboot)"="c:\users\owner\Desktop\Mailwarebytes' Anti-Malware\mcam.exe" [2010-12-20 963976]
"TkBellExe"="c:\program files\real\realplayer\Update\realsched.exe" [2011-05-22 273544]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce]
"AvgUninstallURL"="start http:" [X]
"Launcher"="c:\windows\SMINST\launcher.exe" [2006-11-24 44136]
.
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
Compaq Connections.lnk - c:\program files\Compaq Connections\3572475\Program\Compaq Connections.exe [2007-3-26 34520]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DPService]
2007-12-18 17:18 90112 ----a-w- c:\program files\HP\DVDPlay\DPService.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper]
2011-04-27 05:22 421160 ----a-w- c:\program files\iTunes\iTunesHelper.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Steam]
2011-01-01 18:25 1242448 ----a-w- c:\program files\Steam\Steam.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring]
"DisableMonitoring"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
"DisableMonitoring"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
"DisableMonitoring"=dword:00000001
.
R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]
R3 cpuz135;cpuz135;c:\windows\TEMP\cpuz135\cpuz135_x32.sys [x]
R3 Futuremark SystemInfo Service;Futuremark SystemInfo Service;c:\program files\Common Files\Futuremark Shared\Futuremark SystemInfo\FMSISvc.exe [2011-01-03 129440]
R3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;c:\windows\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe [2010-03-18 753504]
R4 sptd;sptd;c:\windows\System32\Drivers\sptd.sys [2008-08-06 717296]
.
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
LocalServiceNoNetwork REG_MULTI_SZ PLA DPS BFE mpssvc
.
Contents of the 'Scheduled Tasks' folder
.
2011-06-06 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3194001091-2031638830-979600221-1000Core.job
- c:\users\owner\AppData\Local\Google\Update\GoogleUpdate.exe [2008-09-16 14:56]
.
2011-06-07 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3194001091-2031638830-979600221-1000UA.job
- c:\users\owner\AppData\Local\Google\Update\GoogleUpdate.exe [2008-09-16 14:56]
.
2008-10-25 c:\windows\Tasks\HPCeeScheduleForowner.job
- c:\program files\hewlett-packard\sdp\ceement\HPCEE.exe [2007-03-26 22:04]
.
2011-05-30 c:\windows\Tasks\RealUpgradeScheduledTaskS-1-5-21-3194001091-2031638830-979600221-1000.job
- c:\program files\Real\RealUpgrade\realupgrade.exe [2011-03-29 14:47]
.
2011-06-07 c:\windows\Tasks\User_Feed_Synchronization-{A4815508-1AB6-4DE1-8DD5-626283A9294C}.job
- c:\windows\system32\msfeedssync.exe [2011-04-13 04:43]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.yahoo.com/
mStart Page = hxxp://www.yahoo.com/
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~3\Office12\EXCEL.EXE/3000
TCP: DhcpNameServer = 192.168.1.1
FF - ProfilePath - c:\users\owner\AppData\Roaming\Mozilla\Firefox\Profiles\j7aa5u9e.default\
FF - prefs.js: browser.search.selectedEngine -
FF - prefs.js: browser.startup.homepage - hxxp://www.yahoo.com/
FF - user.js: yahoo.homepage.dontask - true
.
- - - - ORPHANS REMOVED - - - -
.
SafeBoot-04270794.sys
SafeBoot-30187271.sys
SafeBoot-55804030.sys
SafeBoot-59427404.sys
SafeBoot-aawservice
.
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2011-06-06 22:32
Windows 6.0.6001 Service Pack 1 NTFS
.
scanning hidden processes ...
.
scanning hidden autostart entries ...
.
scanning hidden files ...
.
scan completed successfully
hidden files: 0
.
**************************************************************************
.
[HKEY_LOCAL_MACHINE\system\ControlSet002\Services\.cdrom]
"ImagePath"="\*"
.
[HKEY_LOCAL_MACHINE\system\ControlSet002\Services\.HDAudBus]
"ImagePath"="\*"
.
[HKEY_LOCAL_MACHINE\system\ControlSet002\Services\.HSXHWBS2]
"ImagePath"="\*"
.
[HKEY_LOCAL_MACHINE\system\ControlSet002\Services\.msiscsi]
"ImagePath"="\*"
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_LOCAL_MACHINE\system\ControlSet002\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
--------------------- DLLs Loaded Under Running Processes ---------------------
.
- - - - - - - > 'Explorer.exe'(2568)
c:\program files\Hewlett-Packard\HP Advisor\Pillars\Market\MLDeskBand.dll
.
------------------------ Other Running Processes ------------------------
.
c:\program files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
c:\program files\Windows Media Player\wmpnetwk.exe
c:\windows\system32\igfxsrvc.exe
.
**************************************************************************
.
Completion time: 2011-06-06 22:39:14 - machine was rebooted
ComboFix-quarantined-files.txt 2011-06-07 02:39
.
Pre-Run: 21,928,452,096 bytes free
Post-Run: 22,089,072,640 bytes free
.
- - End Of File - - FAF27B341F7F3C5CFC139E6E86F8B701

Again, thanks for the help!

#6 SweetTech

Agent ST

Group: Malware Response Team
Posts: 12,662
Joined: 15-March 09
Gender:Male
Location:Antarctica

Posted 07 June 2011 - 01:50 PM

Hi!

No problem!

Please run through these scans and be sure to let me know how things are running in your next reply;

Malwarebytes' Anti-Malware

I see that you have Malwarebytes' Anti-Malware installed on your computer could you please do a scan using these settings:

Open Malwarebytes' Anti-Malware
Select the Update tab
Click Check for Updates
After the update have been completed, Select the Scanner tab.
Select Perform quick scan, then click on Scan
Leave the default options as it is and click on Start Scan
When done, you will be prompted. Click OK, then click on Show Results
Checked (ticked) all items and click on Remove Selected
After it has removed the items, Notepad will open. Please post this log in your next reply. You can also find the log in the Logs tab. The bottom most log is the latest

Extra Note: If MBAM encounters a file that is difficult to remove, you will be presented with 1 of 2 prompts, click OK to either and let MBAM proceed with the disinfection process, if asked to restart the computer, please do so immediately.

NEXT:

ESET Online Scanner
I'd like us to scan your machine with ESET Online Scan

Note: It is recommended to disable on-board anti-virus program and anti-spyware programs while performing scans so there are no conflicts and it will speed up scan time.
Please don't go surfing while your resident protection is disabled!
Once the scan is finished remember to re-enable your anti-virus along with your anti-spyware programs.

Hold down Control and click on the following link to open ESET OnlineScan in a new window.
ESET OnlineScan
Click the button.
For alternate browsers only: (Microsoft Internet Explorer users can skip these steps)
- Click on to download the ESET Smart Installer. Save it to your desktop.
- Double click on the icon on your desktop.
Check
Click the button.
Accept any security warnings from your browser.
Check
Make sure that the option "Remove found threats" is Unchecked
When the Computer scan settings display shows, click the Advanced option, the place a check next to the following (if it is not already checked):
- Enable Anti-Stealth technology
Push the Start button.
ESET will then download updates for itself, install itself, and begin
scanning your computer. Please be patient as this can take some time.
When the scan completes, push
Push , and save the file to your desktop using a unique name, such as
ESETScan. Include the contents of this report in your next reply.
Push the button.
Push

NEXT:

Security Check
Download Security Check by screen317 from here or here.

Save it to your Desktop.
Double click SecurityCheck.exe and follow the onscreen instructions inside of the black box.
A Notepad document should open automatically called checkup.txt; please post the contents of that document.

#7 Pyrosteria

New Member

Group: Members
Posts: 13
Joined: 31-May 11

Posted 07 June 2011 - 07:34 PM

I finished the scans. The computer seems to be running okay from what I can tell. The google redirects have stopped. It says I have no audio device installed which I assume was caused by the trojan/s.

MBAM

Malwarebytes' Anti-Malware 1.51.0.1200
www.malwarebytes.org

Database version: 6803

Windows 6.0.6001 Service Pack 1
Internet Explorer 8.0.6001.19048

6/7/2011 4:49:34 PM
mbam-log-2011-06-07 (16-49-34).txt

Scan type: Quick scan
Objects scanned: 156617
Time elapsed: 3 minute(s), 28 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 1
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 1

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\iScsiPrt (Backdoor.ZAccess) -> Quarantined and deleted successfully.

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
c:\Windows\System32\drivers\msiscsi.sys (Backdoor.ZAccess) -> Quarantined and deleted successfully.

ESETScan
C:\Qoobox\Quarantine\C\Windows\System32\drivers\cdrom.sys.vir Win32/Rootkit.Agent.NUS trojan
C:\Users\owner\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\12\1dd6a40c-76033291 multiple threats
C:\Users\owner\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\14\598a308e-584021db Java/TrojanDownloader.OpenStream.NCA trojan
C:\Users\owner\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\20\7bb99554-767b96e7 Java/TrojanDownloader.Agent.NBL trojan
C:\Users\owner\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\29\7adbb65d-3c671fe0 Java/TrojanDownloader.Agent.NBK trojan
C:\Users\owner\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\30\50f9da5e-7fac3909-temp multiple threats
C:\Users\owner\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\33\30feb821-31c4138e Java/TrojanDownloader.Agent.NBK trojan
C:\Users\owner\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\43\68eab3ab-644f8fb0 multiple threats
C:\Users\owner\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\49\1eff1eb1-142e10f6 Java/TrojanDownloader.Agent.NBL trojan
C:\Users\owner\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\52\31bba1f4-64ebd9b3 Java/TrojanDownloader.Agent.NBL trojan
C:\Users\owner\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\52\e649f74-430106cc multiple threats
C:\Users\owner\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\58\fa8f07a-4db575f1 probably a variant of Win32/Agent.DYXWUMY trojan
C:\Users\owner\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\60\e8267fc-12103bb2 probably a variant of Win32/Agent.LMMBFXF trojan
C:\Users\owner\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\63\3246f93f-6724916d a variant of Java/TrojanDownloader.Agent.NAA trojan
C:\Users\owner\Desktop\random\FlashDrive2g\Budget\RockBrigadeThruWk11_files\ff2_data\iframe3_data\ff2_data\ff2_data_002\i.js HTML/Iframe.B.Gen virus

Security Check
Results of screen317's Security Check version 0.99.12
Windows Vista Service Pack 1 (UAC is enabled)
Out of date service pack!!
Internet Explorer 8
``````````````````````````````
Antivirus/Firewall Check:
Windows Firewall Disabled!
ESET Online Scanner v3
WMI entry may not exist for antivirus; attempting automatic update.
```````````````````````````````
Anti-malware/Other Utilities Check:
Ad-Aware
Malwarebytes' Anti-Malware
CCleaner
Java™ 6 Update 24
Java™ 6 Update 3
Java™ 6 Update 7
Out of date Java installed!
Adobe Flash Player 10.3.181.14
Adobe Reader 7.0.9
Out of date Adobe Reader installed!
````````````````````````````````
Process Check:
objlist.exe by Laurent
Ad-Aware AAWService.exe is disabled!
Ad-Aware AAWTray.exe is disabled!
``````````End of Log````````````

#8 SweetTech

Agent ST

Group: Malware Response Team
Posts: 12,662
Joined: 15-March 09
Gender:Male
Location:Antarctica

Posted 07 June 2011 - 08:27 PM

Hi Pyrosteria!

Yes, it's most likely related to the infection you have/had.

I'm going to ask that you run some additional scans for me. Some of them you've already run through, but I want to ensure that we've gotten all of this infection removed. I'm going to bed shortly, so I'll check up on you in the morning.

Do this;

OTL Fix

We need to run an OTL Fix

Please reopen on your desktop.

Copy and Paste the following code into the Posted Image

textbox.

:Services
:OTL

:Reg

:Files
C:\Users\owner\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\12\1dd6a40c-76033291
C:\Users\owner\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\14\598a308e-584021db
C:\Users\owner\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\20\7bb99554-767b96e7
C:\Users\owner\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\29\7adbb65d-3c671fe0
C:\Users\owner\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\30\50f9da5e-7fac3909-temp
C:\Users\owner\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\33\30feb821-31c4138e
C:\Users\owner\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\43\68eab3ab-644f8fb0
C:\Users\owner\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\49\1eff1eb1-142e10f6
C:\Users\owner\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\52\31bba1f4-64ebd9b3
C:\Users\owner\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\52\e649f74-430106cc
C:\Users\owner\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\58\fa8f07a-4db575f1
C:\Users\owner\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\60\e8267fc-12103bb2
C:\Users\owner\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\63\3246f93f-6724916d
C:\Users\owner\Desktop\random\FlashDrive2g\Budget\RockBrigadeThruWk11_files\ff2_data\iframe3_data\ff2_data\ff2_data_002\i.js
ipconfig /flushdns /c
:Commands
[purity]
[resethosts]
[CreateRestorePoint]
[emptytemp]
[EMPTYFLASH]

Push
OTL may ask to reboot the machine. Please do so if asked.
Click the OK button.
A report will open. Copy and Paste that report in your next reply.
If the machine reboots, the log will be located at C:\_OTL\MovedFiles\mmddyyyy_hhmmss.log, where mmddyyyy_hhmmss is the date of the tool run.

NEXT:

Running TDSSKiller

Please read carefully and follow these steps.

Download TDSSKiller and save it to your Desktop.
Extract its contents to your desktop.
Once extracted, open the TDSSKiller folder and doubleclick on TDSSKiller.exe to run the application, then on Start Scan.
If an infected file is detected, the default action will be Cure, click on Continue.
If a suspicious file is detected, the default action will be Skip, click on Continue.
It may ask you to reboot the computer to complete the process. Click on Reboot Now.
If no reboot is require, click on Report. A log file should appear. Please copy and paste the contents of that file here.
If a reboot is required, the report can also be found in your root directory, (usually C:\ folder) in the form of "TDSSKiller.[Version]_[Date]_[Time]_log.txt". Please copy and paste the contents of that file here.

NEXT:

Malwarebytes' Anti-Malware

I see that you have Malwarebytes' Anti-Malware installed on your computer could you please do a scan using these settings:

Open Malwarebytes' Anti-Malware
Select the Update tab
Click Check for Updates
After the update have been completed, Select the Scanner tab.
Select Perform quick scan, then click on Scan
Leave the default options as it is and click on Start Scan
When done, you will be prompted. Click OK, then click on Show Results
Checked (ticked) all items and click on Remove Selected
After it has removed the items, Notepad will open. Please post this log in your next reply. You can also find the log in the Logs tab. The bottom most log is the latest

Extra Note: If MBAM encounters a file that is difficult to remove, you will be presented with 1 of 2 prompts, click OK to either and let MBAM proceed with the disinfection process, if asked to restart the computer, please do so immediately.

NEXT:

Running ComboFix

Delete the currnent copy of ComboFix from your desktop and download a fresh copy from one of the links below;

Download Combofix from either of the links below, and save it to your desktop.

Link 1
Link 2

**Note: It is important that it is saved directly to your desktop**

--------------------------------------------------------------------
IMPORTANT - Disable your AntiVirus and AntiSpyware applications, usually via a right click on the System Tray icon. They may otherwise interfere with our tools. If you have difficulty properly disabling your protective programs, refer to this link here

Note: If AVG or CA Internet Security Suite is installed, you must remove these programs before using Combofix. If for some reason these applications will not uninstall, try uninstalling with AppRemover by Opswat.
--------------------------------------------------------------------

Double click on ComboFix.exe & follow the prompts.

Please post the C:\ComboFix.txt for further review.

#9 Pyrosteria

New Member

Group: Members
Posts: 13
Joined: 31-May 11

Posted 07 June 2011 - 09:51 PM

Good morning, ST! Things are looking good thanks to your help. :thumbup2:

OTL
All processes killed
========== SERVICES/DRIVERS ==========
========== OTL ==========
========== REGISTRY ==========
========== FILES ==========
C:\Users\owner\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\12\1dd6a40c-76033291 moved successfully.
C:\Users\owner\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\14\598a308e-584021db moved successfully.
C:\Users\owner\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\20\7bb99554-767b96e7 moved successfully.
C:\Users\owner\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\29\7adbb65d-3c671fe0 moved successfully.
C:\Users\owner\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\30\50f9da5e-7fac3909-temp moved successfully.
C:\Users\owner\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\33\30feb821-31c4138e moved successfully.
C:\Users\owner\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\43\68eab3ab-644f8fb0 moved successfully.
C:\Users\owner\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\49\1eff1eb1-142e10f6 moved successfully.
C:\Users\owner\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\52\31bba1f4-64ebd9b3 moved successfully.
C:\Users\owner\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\52\e649f74-430106cc moved successfully.
C:\Users\owner\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\58\fa8f07a-4db575f1 moved successfully.
C:\Users\owner\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\60\e8267fc-12103bb2 moved successfully.
C:\Users\owner\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\63\3246f93f-6724916d moved successfully.
C:\Users\owner\Desktop\random\FlashDrive2g\Budget\RockBrigadeThruWk11_files\ff2_data\iframe3_data\ff2_data\ff2_data_002\i.js moved successfully.
< ipconfig /flushdns /c >
Windows IP Configuration
Successfully flushed the DNS Resolver Cache.
C:\Users\owner\Desktop\cmd.bat deleted successfully.
C:\Users\owner\Desktop\cmd.txt deleted successfully.
========== COMMANDS ==========
C:\Windows\System32\drivers\etc\Hosts moved successfully.
HOSTS file reset successfully

[EMPTYTEMP]

User: All Users

User: Default
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 67 bytes

User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes

User: owner
->Temp folder emptied: 98571 bytes
->Temporary Internet Files folder emptied: 1229284 bytes
->Java cache emptied: 66645394 bytes
->FireFox cache emptied: 136170959 bytes
->Google Chrome cache emptied: 5902127 bytes
->Flash cache emptied: 28403 bytes

User: Public
->Temp folder emptied: 0 bytes

%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 0 bytes
RecycleBin emptied: 0 bytes

Total Files Cleaned = 200.00 mb

[EMPTYFLASH]

User: All Users

User: Default

User: Default User

User: owner
->Flash cache emptied: 0 bytes

User: Public

Total Flash Files Cleaned = 0.00 mb

OTL by OldTimer - Version 3.2.23.0 log created on 06072011_220003

Files\Folders moved on Reboot...

Registry entries deleted on Reboot...

TDSSKiller
2011/06/07 22:07:58.0134 3932 TDSS rootkit removing tool 2.5.4.0 Jun 7 2011 17:31:48
2011/06/07 22:07:58.0665 3932 ================================================================================
2011/06/07 22:07:58.0665 3932 SystemInfo:
2011/06/07 22:07:58.0665 3932
2011/06/07 22:07:58.0665 3932 OS Version: 6.0.6001 ServicePack: 1.0
2011/06/07 22:07:58.0665 3932 Product type: Workstation
2011/06/07 22:07:58.0665 3932 ComputerName: OWNER-PC
2011/06/07 22:07:58.0665 3932 UserName: owner
2011/06/07 22:07:58.0665 3932 Windows directory: C:\Windows
2011/06/07 22:07:58.0665 3932 System windows directory: C:\Windows
2011/06/07 22:07:58.0665 3932 Processor architecture: Intel x86
2011/06/07 22:07:58.0665 3932 Number of processors: 1
2011/06/07 22:07:58.0665 3932 Page size: 0x1000
2011/06/07 22:07:58.0665 3932 Boot type: Normal boot
2011/06/07 22:07:58.0665 3932 ================================================================================
2011/06/07 22:07:59.0429 3932 Initialize success
2011/06/07 22:08:16.0418 2144 ================================================================================
2011/06/07 22:08:16.0418 2144 Scan started
2011/06/07 22:08:16.0418 2144 Mode: Manual;
2011/06/07 22:08:16.0418 2144 ================================================================================
2011/06/07 22:08:17.0073 2144 ACPI (fcb8c7210f0135e24c6580f7f649c73c) C:\Windows\system32\drivers\acpi.sys
2011/06/07 22:08:17.0166 2144 adp94xx (2edc5bbac6c651ece337bde8ed97c9fb) C:\Windows\system32\drivers\adp94xx.sys
2011/06/07 22:08:17.0276 2144 adpahci (b84088ca3cdca97da44a984c6ce1ccad) C:\Windows\system32\drivers\adpahci.sys
2011/06/07 22:08:17.0338 2144 adpu160m (7880c67bccc27c86fd05aa2afb5ea469) C:\Windows\system32\drivers\adpu160m.sys
2011/06/07 22:08:17.0385 2144 adpu320 (9ae713f8e30efc2abccd84904333df4d) C:\Windows\system32\drivers\adpu320.sys
2011/06/07 22:08:17.0541 2144 AFD (763e172a55177e478cb419f88fd0ba03) C:\Windows\system32\drivers\afd.sys
2011/06/07 22:08:17.0603 2144 agp440 (ef23439cdd587f64c2c1b8825cead7d8) C:\Windows\system32\drivers\agp440.sys
2011/06/07 22:08:17.0666 2144 aic78xx (ae1fdf7bf7bb6c6a70f67699d880592a) C:\Windows\system32\drivers\djsvs.sys
2011/06/07 22:08:17.0775 2144 aliide (90395b64600ebb4552e26e178c94b2e4) C:\Windows\system32\drivers\aliide.sys
2011/06/07 22:08:17.0853 2144 amdagp (2b13e304c9dfdfa5eb582f6a149fa2c7) C:\Windows\system32\drivers\amdagp.sys
2011/06/07 22:08:17.0915 2144 amdide (0577df1d323fe75a739c787893d300ea) C:\Windows\system32\drivers\amdide.sys
2011/06/07 22:08:17.0962 2144 AmdK7 (dc487885bcef9f28eece6fac0e5ddfc5) C:\Windows\system32\drivers\amdk7.sys
2011/06/07 22:08:18.0056 2144 AmdK8 (0ca0071da4315b00fc1328ca86b425da) C:\Windows\system32\drivers\amdk8.sys
2011/06/07 22:08:18.0165 2144 arc (5f673180268bb1fdb69c99b6619fe379) C:\Windows\system32\drivers\arc.sys
2011/06/07 22:08:18.0212 2144 arcsas (957f7540b5e7f602e44648c7de5a1c05) C:\Windows\system32\drivers\arcsas.sys
2011/06/07 22:08:18.0321 2144 AsyncMac (53b202abee6455406254444303e87be1) C:\Windows\system32\DRIVERS\asyncmac.sys
2011/06/07 22:08:18.0399 2144 atapi (2d9c903dc76a66813d350a562de40ed9) C:\Windows\system32\drivers\atapi.sys
2011/06/07 22:08:18.0539 2144 Beep (67e506b75bd5326a3ec7b70bd014dfb6) C:\Windows\system32\drivers\Beep.sys
2011/06/07 22:08:18.0680 2144 bowser (8153396d5551276227fa146900f734e6) C:\Windows\system32\DRIVERS\bowser.sys
2011/06/07 22:08:18.0789 2144 BrFiltLo (9f9acc7f7ccde8a15c282d3f88b43309) C:\Windows\system32\drivers\brfiltlo.sys
2011/06/07 22:08:18.0851 2144 BrFiltUp (56801ad62213a41f6497f96dee83755a) C:\Windows\system32\drivers\brfiltup.sys
2011/06/07 22:08:19.0007 2144 Brserid (b304e75cff293029eddf094246747113) C:\Windows\system32\drivers\brserid.sys
2011/06/07 22:08:19.0070 2144 BrSerWdm (203f0b1e73adadbbb7b7b1fabd901f6b) C:\Windows\system32\drivers\brserwdm.sys
2011/06/07 22:08:19.0132 2144 BrUsbMdm (bd456606156ba17e60a04e18016ae54b) C:\Windows\system32\drivers\brusbmdm.sys
2011/06/07 22:08:19.0179 2144 BrUsbSer (af72ed54503f717a43268b3cc5faec2e) C:\Windows\system32\drivers\brusbser.sys
2011/06/07 22:08:19.0257 2144 BTHMODEM (ad07c1ec6665b8b35741ab91200c6b68) C:\Windows\system32\drivers\bthmodem.sys
2011/06/07 22:08:19.0366 2144 cdfs (7add03e75beb9e6dd102c3081d29840a) C:\Windows\system32\DRIVERS\cdfs.sys
2011/06/07 22:08:19.0444 2144 cdrom (6b4bffb9becd728097024276430db314) C:\Windows\system32\DRIVERS\cdrom.sys
2011/06/07 22:08:19.0522 2144 circlass (da8e0afc7baa226c538ef53ac2f90897) C:\Windows\system32\drivers\circlass.sys
2011/06/07 22:08:19.0584 2144 CLFS (465745561c832b29f7c48b488aab3842) C:\Windows\system32\CLFS.sys
2011/06/07 22:08:19.0725 2144 cmdide (45201046c776ffdaf3fc8a0029c581c8) C:\Windows\system32\drivers\cmdide.sys
2011/06/07 22:08:19.0756 2144 Compbatt (82b8c91d327cfecf76cb58716f7d4997) C:\Windows\system32\drivers\compbatt.sys
2011/06/07 22:08:19.0850 2144 crcdisk (2a213ae086bbec5e937553c7d9a2b22c) C:\Windows\system32\drivers\crcdisk.sys
2011/06/07 22:08:19.0990 2144 Crusoe (22a7f883508176489f559ee745b5bf5d) C:\Windows\system32\drivers\crusoe.sys
2011/06/07 22:08:20.0068 2144 DfsC (9e635ae5e8ad93e2b5989e2e23679f97) C:\Windows\system32\Drivers\dfsc.sys
2011/06/07 22:08:20.0162 2144 disk (64109e623abd6955c8fb110b592e68b7) C:\Windows\system32\drivers\disk.sys
2011/06/07 22:08:20.0286 2144 drmkaud (97fef831ab90bee128c9af390e243f80) C:\Windows\system32\drivers\drmkaud.sys
2011/06/07 22:08:20.0349 2144 DXGKrnl (85f33880b8cfb554bd3d9ccdb486845a) C:\Windows\System32\drivers\dxgkrnl.sys
2011/06/07 22:08:20.0458 2144 E1G60 (f88fb26547fd2ce6d0a5af2985892c48) C:\Windows\system32\DRIVERS\E1G60I32.sys
2011/06/07 22:08:20.0583 2144 Ecache (dd2cd259d83d8b72c02c5f2331ff9d68) C:\Windows\system32\drivers\ecache.sys
2011/06/07 22:08:20.0661 2144 elxstor (e8f3f21a71720c84bcf423b80028359f) C:\Windows\system32\drivers\elxstor.sys
2011/06/07 22:08:20.0817 2144 exfat (0d858eb20589a34efb25695acaa6aa2d) C:\Windows\system32\drivers\exfat.sys
2011/06/07 22:08:20.0879 2144 fastfat (3c489390c2e2064563727752af8eab9e) C:\Windows\system32\drivers\fastfat.sys
2011/06/07 22:08:20.0973 2144 fdc (63bdada84951b9c03e641800e176898a) C:\Windows\system32\DRIVERS\fdc.sys
2011/06/07 22:08:21.0082 2144 FileInfo (a8c0139a884861e3aae9cfe73b208a9f) C:\Windows\system32\drivers\fileinfo.sys
2011/06/07 22:08:21.0144 2144 Filetrace (0ae429a696aecbc5970e3cf2c62635ae) C:\Windows\system32\drivers\filetrace.sys
2011/06/07 22:08:21.0191 2144 flpydisk (6603957eff5ec62d25075ea8ac27de68) C:\Windows\system32\DRIVERS\flpydisk.sys
2011/06/07 22:08:21.0254 2144 FltMgr (05ea53afe985443011e36dab07343b46) C:\Windows\system32\drivers\fltmgr.sys
2011/06/07 22:08:21.0363 2144 Fs_Rec (65ea8b77b5851854f0c55c43fa51a198) C:\Windows\system32\drivers\Fs_Rec.sys
2011/06/07 22:08:21.0425 2144 gagp30kx (4e1cd0a45c50a8882616cae5bf82f3c5) C:\Windows\system32\drivers\gagp30kx.sys
2011/06/07 22:08:21.0488 2144 GEARAspiWDM (8182ff89c65e4d38b2de4bb0fb18564e) C:\Windows\system32\DRIVERS\GEARAspiWDM.sys
2011/06/07 22:08:21.0566 2144 HdAudAddService (cb04c744be0a61b1d648faed182c3b59) C:\Windows\system32\drivers\HdAudio.sys
2011/06/07 22:08:21.0706 2144 HidBth (1338520e78d90154ed6be8f84de5fceb) C:\Windows\system32\drivers\hidbth.sys
2011/06/07 22:08:21.0753 2144 HidIr (ff3160c3a2445128c5a6d9b076da519e) C:\Windows\system32\drivers\hidir.sys
2011/06/07 22:08:21.0815 2144 HidUsb (3c64042b95e583b366ba4e5d2450235e) C:\Windows\system32\drivers\hidusb.sys
2011/06/07 22:08:21.0862 2144 HpCISSs (df353b401001246853763c4b7aaa6f50) C:\Windows\system32\drivers\hpcisss.sys
2011/06/07 22:08:22.0018 2144 HSF_DP (88749fbf8beb18c90e7d6626c8c1910b) C:\Windows\system32\DRIVERS\HSX_DP.sys
2011/06/07 22:08:22.0127 2144 HTTP (33b02459e86d0a2b86a6b9fe19139390) C:\Windows\system32\drivers\HTTP.sys
2011/06/07 22:08:22.0236 2144 i2omp (324c2152ff2c61abae92d09f3cca4d63) C:\Windows\system32\drivers\i2omp.sys
2011/06/07 22:08:22.0283 2144 i8042prt (22d56c8184586b7a1f6fa60be5f5a2bd) C:\Windows\system32\DRIVERS\i8042prt.sys
2011/06/07 22:08:22.0361 2144 iaStorV (c957bf4b5d80b46c5017bf0101e6c906) C:\Windows\system32\drivers\iastorv.sys
2011/06/07 22:08:22.0533 2144 igfx (e5490aea3b791c454e9933bf749ca3d8) C:\Windows\system32\DRIVERS\igdkmd32.sys
2011/06/07 22:08:22.0673 2144 iirsp (2d077bf86e843f901d8db709c95b49a5) C:\Windows\system32\drivers\iirsp.sys
2011/06/07 22:08:22.0767 2144 intelide (83aa759f3189e6370c30de5dc5590718) C:\Windows\system32\drivers\intelide.sys
2011/06/07 22:08:22.0829 2144 intelppm (224191001e78c89dfa78924c3ea595ff) C:\Windows\system32\DRIVERS\intelppm.sys
2011/06/07 22:08:22.0954 2144 IpFilterDriver (62c265c38769b864cb25b4bcf62df6c3) C:\Windows\system32\DRIVERS\ipfltdrv.sys
2011/06/07 22:08:23.0063 2144 IPMIDRV (40f34f8aba2a015d780e4b09138b6c17) C:\Windows\system32\drivers\ipmidrv.sys
2011/06/07 22:08:23.0126 2144 IPNAT (8793643a67b42cec66490b2a0cf92d68) C:\Windows\system32\DRIVERS\ipnat.sys
2011/06/07 22:08:23.0250 2144 IRENUM (109c0dfb82c3632fbd11949b73aeeac9) C:\Windows\system32\drivers\irenum.sys
2011/06/07 22:08:23.0313 2144 isapnp (350fca7e73cf65bcef43fae1e4e91293) C:\Windows\system32\drivers\isapnp.sys
2011/06/07 22:08:23.0344 2144 iteatapi (bced60d16156e428f8df8cf27b0df150) C:\Windows\system32\drivers\iteatapi.sys
2011/06/07 22:08:23.0453 2144 iteraid (06fa654504a498c30adca8bec4e87e7e) C:\Windows\system32\drivers\iteraid.sys
2011/06/07 22:08:23.0516 2144 kbdclass (37605e0a8cf00cbba538e753e4344c6e) C:\Windows\system32\DRIVERS\kbdclass.sys
2011/06/07 22:08:23.0578 2144 kbdhid (d2600cb17b7408b4a83f231dc9a11ac3) C:\Windows\system32\drivers\kbdhid.sys
2011/06/07 22:08:23.0718 2144 KSecDD (7a0cf7908b6824d6a2a1d313e5ae3dca) C:\Windows\system32\Drivers\ksecdd.sys
2011/06/07 22:08:23.0812 2144 lltdio (d1c5883087a0c3f1344d9d55a44901f6) C:\Windows\system32\DRIVERS\lltdio.sys
2011/06/07 22:08:23.0906 2144 LSI_FC (a2262fb9f28935e862b4db46438c80d2) C:\Windows\system32\drivers\lsi_fc.sys
2011/06/07 22:08:24.0030 2144 LSI_SAS (30d73327d390f72a62f32c103daf1d6d) C:\Windows\system32\drivers\lsi_sas.sys
2011/06/07 22:08:24.0077 2144 LSI_SCSI (e1e36fefd45849a95f1ab81de0159fe3) C:\Windows\system32\drivers\lsi_scsi.sys
2011/06/07 22:08:24.0155 2144 luafv (8f5c7426567798e62a3b3614965d62cc) C:\Windows\system32\drivers\luafv.sys
2011/06/07 22:08:24.0264 2144 MBAMSwissArmy (b309912717c29fc67e1ba4730a82b6dd) C:\Windows\system32\drivers\mbamswissarmy.sys
2011/06/07 22:08:24.0374 2144 MCSTRM (5bb01b9f582259d1fb7653c5c1da3653) C:\Windows\system32\drivers\MCSTRM.sys
2011/06/07 22:08:24.0420 2144 mdmxsdk (0cea2d0d3fa284b85ed5b68365114f76) C:\Windows\system32\DRIVERS\mdmxsdk.sys
2011/06/07 22:08:24.0530 2144 megasas (d153b14fc6598eae8422a2037553adce) C:\Windows\system32\drivers\megasas.sys
2011/06/07 22:08:24.0608 2144 Modem (e13b5ea0f51ba5b1512ec671393d09ba) C:\Windows\system32\drivers\modem.sys
2011/06/07 22:08:24.0654 2144 monitor (0a9bb33b56e294f686abb7c1e4e2d8a8) C:\Windows\system32\DRIVERS\monitor.sys
2011/06/07 22:08:24.0826 2144 mouclass (5bf6a1326a335c5298477754a506d263) C:\Windows\system32\DRIVERS\mouclass.sys
2011/06/07 22:08:24.0888 2144 mouhid (a3a6dff7e9e757db3df51a833bc28885) C:\Windows\system32\drivers\mouhid.sys
2011/06/07 22:08:24.0951 2144 MountMgr (bdafc88aa6b92f7842416ea6a48e1600) C:\Windows\system32\drivers\mountmgr.sys
2011/06/07 22:08:25.0060 2144 mpio (583a41f26278d9e0ea548163d6139397) C:\Windows\system32\drivers\mpio.sys
2011/06/07 22:08:25.0122 2144 mpsdrv (22241feba9b2defa669c8cb0a8dd7d2e) C:\Windows\system32\drivers\mpsdrv.sys
2011/06/07 22:08:25.0185 2144 Mraid35x (4fbbb70d30fd20ec51f80061703b001e) C:\Windows\system32\drivers\mraid35x.sys
2011/06/07 22:08:25.0294 2144 MRxDAV (ae3de84536b6799d2267443cec8edbb9) C:\Windows\system32\drivers\mrxdav.sys
2011/06/07 22:08:25.0372 2144 mrxsmb (cc752d233ef39875ca6885d9415ba869) C:\Windows\system32\DRIVERS\mrxsmb.sys
2011/06/07 22:08:25.0403 2144 mrxsmb10 (9049dddd4bd27d43d82f5968f1da76e4) C:\Windows\system32\DRIVERS\mrxsmb10.sys
2011/06/07 22:08:25.0512 2144 mrxsmb20 (91dc069b6831ef564e7d8c97eaf0343e) C:\Windows\system32\DRIVERS\mrxsmb20.sys
2011/06/07 22:08:25.0559 2144 msahci (742aed7939e734c36b7e8d6228ce26b7) C:\Windows\system32\drivers\msahci.sys
2011/06/07 22:08:25.0622 2144 msdsm (3fc82a2ae4cc149165a94699183d3028) C:\Windows\system32\drivers\msdsm.sys
2011/06/07 22:08:25.0778 2144 Msfs (a9927f4a46b816c92f461acb90cf8515) C:\Windows\system32\drivers\Msfs.sys
2011/06/07 22:08:25.0840 2144 msisadrv (0f400e306f385c56317357d6dea56f62) C:\Windows\system32\drivers\msisadrv.sys
2011/06/07 22:08:25.0918 2144 MSKSSRV (d8c63d34d9c9e56c059e24ec7185cc07) C:\Windows\system32\drivers\MSKSSRV.sys
2011/06/07 22:08:25.0996 2144 MSPCLOCK (1d373c90d62ddb641d50e55b9e78d65e) C:\Windows\system32\drivers\MSPCLOCK.sys
2011/06/07 22:08:26.0043 2144 MSPQM (b572da05bf4e098d4bba3a4734fb505b) C:\Windows\system32\drivers\MSPQM.sys
2011/06/07 22:08:26.0105 2144 MsRPC (b5614aecb05a9340aa0fb55bf561cc63) C:\Windows\system32\drivers\MsRPC.sys
2011/06/07 22:08:26.0183 2144 mssmbios (e384487cb84be41d09711c30ca79646c) C:\Windows\system32\DRIVERS\mssmbios.sys
2011/06/07 22:08:26.0277 2144 MSTEE (7199c1eec1e4993caf96b8c0a26bd58a) C:\Windows\system32\drivers\MSTEE.sys
2011/06/07 22:08:26.0324 2144 Mup (6dfd1d322de55b0b7db7d21b90bec49c) C:\Windows\system32\Drivers\mup.sys
2011/06/07 22:08:26.0402 2144 NativeWifiP (3c21ce48ff529bb73dadb98770b54025) C:\Windows\system32\DRIVERS\nwifi.sys
2011/06/07 22:08:26.0480 2144 NDIS (9bdc71790fa08f0a0b5f10462b1bd0b1) C:\Windows\system32\drivers\ndis.sys
2011/06/07 22:08:26.0573 2144 NdisTapi (0e186e90404980569fb449ba7519ae61) C:\Windows\system32\DRIVERS\ndistapi.sys
2011/06/07 22:08:26.0636 2144 Ndisuio (d6973aa34c4d5d76c0430b181c3cd389) C:\Windows\system32\DRIVERS\ndisuio.sys
2011/06/07 22:08:26.0714 2144 NdisWan (3d14c3b3496f88890d431e8aa022a411) C:\Windows\system32\DRIVERS\ndiswan.sys
2011/06/07 22:08:26.0823 2144 NDProxy (71dab552b41936358f3b541ae5997fb3) C:\Windows\system32\drivers\NDProxy.sys
2011/06/07 22:08:26.0885 2144 NetBIOS (bcd093a5a6777cf626434568dc7dba78) C:\Windows\system32\DRIVERS\netbios.sys
2011/06/07 22:08:26.0932 2144 netbt (7c5fee5b1c5728507cd96fb4a13e7a02) C:\Windows\system32\DRIVERS\netbt.sys
2011/06/07 22:08:27.0104 2144 nfrd960 (2e7fb731d4790a1bc6270accefacb36e) C:\Windows\system32\drivers\nfrd960.sys
2011/06/07 22:08:27.0166 2144 Npfs (ecb5003f484f9ed6c608d6d6c7886cbb) C:\Windows\system32\drivers\Npfs.sys
2011/06/07 22:08:27.0244 2144 nsiproxy (609773e344a97410ce4ebf74a8914fcf) C:\Windows\system32\drivers\nsiproxy.sys
2011/06/07 22:08:27.0384 2144 Ntfs (b4effe29eb4f15538fd8a9681108492d) C:\Windows\system32\drivers\Ntfs.sys
2011/06/07 22:08:27.0447 2144 ntrigdigi (e875c093aec0c978a90f30c9e0dfbb72) C:\Windows\system32\drivers\ntrigdigi.sys
2011/06/07 22:08:27.0572 2144 Null (c5dbbcda07d780bda9b685df333bb41e) C:\Windows\system32\drivers\Null.sys
2011/06/07 22:08:27.0634 2144 nvraid (e69e946f80c1c31c53003bfbf50cbb7c) C:\Windows\system32\drivers\nvraid.sys
2011/06/07 22:08:27.0681 2144 nvstor (9e0ba19a28c498a6d323d065db76dffc) C:\Windows\system32\drivers\nvstor.sys
2011/06/07 22:08:27.0774 2144 nv_agp (07c186427eb8fcc3d8d7927187f260f7) C:\Windows\system32\drivers\nv_agp.sys
2011/06/07 22:08:27.0899 2144 ohci1394 (be32da025a0be1878f0ee8d6d9386cd5) C:\Windows\system32\drivers\ohci1394.sys
2011/06/07 22:08:27.0993 2144 Parport (0fa9b5055484649d63c303fe404e5f4d) C:\Windows\system32\drivers\parport.sys
2011/06/07 22:08:28.0071 2144 partmgr (3b38467e7c3daed009dfe359e17f139f) C:\Windows\system32\drivers\partmgr.sys
2011/06/07 22:08:28.0149 2144 Parvdm (4f9a6a8a31413180d0fcb279ad5d8112) C:\Windows\system32\drivers\parvdm.sys
2011/06/07 22:08:28.0227 2144 pci (01b94418deb235dff777cc80076354b4) C:\Windows\system32\drivers\pci.sys
2011/06/07 22:08:28.0274 2144 pciide (3b1901e401473e03eb8c874271e50c26) C:\Windows\system32\drivers\pciide.sys
2011/06/07 22:08:28.0320 2144 pcmcia (e6f3fb1b86aa519e7698ad05e58b04e5) C:\Windows\system32\drivers\pcmcia.sys
2011/06/07 22:08:28.0430 2144 pcouffin (02aaafb7ba137ce5ddabcdf8090954d9) C:\Windows\system32\Drivers\pcouffin.sys
2011/06/07 22:08:28.0508 2144 PEAUTH (6349f6ed9c623b44b52ea3c63c831a92) C:\Windows\system32\drivers\peauth.sys
2011/06/07 22:08:28.0710 2144 PptpMiniport (ecfffaec0c1ecd8dbc77f39070ea1db1) C:\Windows\system32\DRIVERS\raspptp.sys
2011/06/07 22:08:28.0773 2144 Processor (0e3cef5d28b40cf273281d620c50700a) C:\Windows\system32\drivers\processr.sys
2011/06/07 22:08:28.0866 2144 PSched (bfef604508a0ed1eae2a73e872555ffb) C:\Windows\system32\DRIVERS\pacer.sys
2011/06/07 22:08:28.0944 2144 PxHelp20 (40fedd328f98245ad201cf5f9f311724) C:\Windows\system32\Drivers\PxHelp20.sys
2011/06/07 22:08:29.0022 2144 QCDonner (b1ad87b4c97b6b59fcd075001e76865f) C:\Windows\system32\DRIVERS\LVCD.sys
2011/06/07 22:08:29.0100 2144 ql2300 (ccdac889326317792480c0a67156a1ec) C:\Windows\system32\drivers\ql2300.sys
2011/06/07 22:08:29.0194 2144 ql40xx (81a7e5c076e59995d54bc1ed3a16e60b) C:\Windows\system32\drivers\ql40xx.sys
2011/06/07 22:08:29.0272 2144 QWAVEdrv (9f5e0e1926014d17486901c88eca2db7) C:\Windows\system32\drivers\qwavedrv.sys
2011/06/07 22:08:29.0319 2144 RasAcd (147d7f9c556d259924351feb0de606c3) C:\Windows\system32\DRIVERS\rasacd.sys
2011/06/07 22:08:29.0381 2144 Rasl2tp (a214adbaf4cb47dd2728859ef31f26b0) C:\Windows\system32\DRIVERS\rasl2tp.sys
2011/06/07 22:08:29.0490 2144 RasPppoe (3e9d9b048107b40d87b97df2e48e0744) C:\Windows\system32\DRIVERS\raspppoe.sys
2011/06/07 22:08:29.0537 2144 RasSstp (a7d141684e9500ac928a772ed8e6b671) C:\Windows\system32\DRIVERS\rassstp.sys
2011/06/07 22:08:29.0584 2144 rdbss (6e1c5d0457622f9ee35f683110e93d14) C:\Windows\system32\DRIVERS\rdbss.sys
2011/06/07 22:08:29.0662 2144 RDPCDD (89e59be9a564262a3fb6c4f4f1cd9899) C:\Windows\system32\DRIVERS\RDPCDD.sys
2011/06/07 22:08:29.0756 2144 rdpdr (e8bd98d46f2ed77132ba927fccb47d8b) C:\Windows\system32\drivers\rdpdr.sys
2011/06/07 22:08:29.0802 2144 RDPENCDD (9d91fe5286f748862ecffa05f8a0710c) C:\Windows\system32\drivers\rdpencdd.sys
2011/06/07 22:08:29.0880 2144 RDPWD (e1c18f4097a5abcec941dc4b2f99db7e) C:\Windows\system32\drivers\RDPWD.sys
2011/06/07 22:08:30.0036 2144 rspndr (9c508f4074a39e8b4b31d27198146fad) C:\Windows\system32\DRIVERS\rspndr.sys
2011/06/07 22:08:30.0114 2144 RTL8169 (283392af1860ecdb5e0f8ebd7f3d72df) C:\Windows\system32\DRIVERS\Rtlh86.sys
2011/06/07 22:08:30.0208 2144 sbp2port (3ce8f073a557e172b330109436984e30) C:\Windows\system32\drivers\sbp2port.sys
2011/06/07 22:08:30.0348 2144 secdrv (90a3935d05b494a5a39d37e71f09a677) C:\Windows\system32\drivers\secdrv.sys
2011/06/07 22:08:30.0426 2144 Serenum (68e44e331d46f0fb38f0863a84cd1a31) C:\Windows\system32\drivers\serenum.sys
2011/06/07 22:08:30.0473 2144 Serial (c70d69a918b178d3c3b06339b40c2e1b) C:\Windows\system32\drivers\serial.sys
2011/06/07 22:08:30.0520 2144 sermouse (8af3d28a879bf75db53a0ee7a4289624) C:\Windows\system32\drivers\sermouse.sys
2011/06/07 22:08:30.0660 2144 sffdisk (103b79418da647736ee95645f305f68a) C:\Windows\system32\drivers\sffdisk.sys
2011/06/07 22:08:30.0723 2144 sffp_mmc (8fd08a310645fe872eeec6e08c6bf3ee) C:\Windows\system32\drivers\sffp_mmc.sys
2011/06/07 22:08:30.0770 2144 sffp_sd (9cfa05fcfcb7124e69cfc812b72f9614) C:\Windows\system32\drivers\sffp_sd.sys
2011/06/07 22:08:30.0816 2144 sfloppy (46ed8e91793b2e6f848015445a0ac188) C:\Windows\system32\drivers\sfloppy.sys
2011/06/07 22:08:30.0926 2144 sisagp (d2a595d6eebeeaf4334f8e50efbc9931) C:\Windows\system32\drivers\sisagp.sys
2011/06/07 22:08:30.0988 2144 SiSRaid2 (cedd6f4e7d84e9f98b34b3fe988373aa) C:\Windows\system32\drivers\sisraid2.sys
2011/06/07 22:08:31.0035 2144 SiSRaid4 (df843c528c4f69d12ce41ce462e973a7) C:\Windows\system32\drivers\sisraid4.sys
2011/06/07 22:08:31.0191 2144 Smb (031e6bcd53c9b2b9ace111eafec347b6) C:\Windows\system32\DRIVERS\smb.sys
2011/06/07 22:08:31.0300 2144 spldr (7aebdeef071fe28b0eef2cdd69102bff) C:\Windows\system32\drivers\spldr.sys
2011/06/07 22:08:31.0425 2144 sptd (71e276f6d189413266ea22171806597b) C:\Windows\System32\Drivers\sptd.sys
2011/06/07 22:08:31.0487 2144 srv (2252aef839b1093d16761189f45af885) C:\Windows\system32\DRIVERS\srv.sys
2011/06/07 22:08:31.0581 2144 srv2 (96512f4a30b741e7d33a7936b9abbc20) C:\Windows\system32\DRIVERS\srv2.sys
2011/06/07 22:08:31.0674 2144 srvnet (1c69e33e0e23626da5a34ca5ba0dd990) C:\Windows\system32\DRIVERS\srvnet.sys
2011/06/07 22:08:31.0830 2144 swenum (7ba58ecf0c0a9a69d44b3dca62becf56) C:\Windows\system32\DRIVERS\swenum.sys
2011/06/07 22:08:31.0924 2144 Symc8xx (192aa3ac01df071b541094f251deed10) C:\Windows\system32\drivers\symc8xx.sys
2011/06/07 22:08:32.0002 2144 Sym_hi (8c8eb8c76736ebaf3b13b633b2e64125) C:\Windows\system32\drivers\sym_hi.sys
2011/06/07 22:08:32.0064 2144 Sym_u3 (8072af52b5fd103bbba387a1e49f62cb) C:\Windows\system32\drivers\sym_u3.sys
2011/06/07 22:08:32.0236 2144 Tcpip (782568ab6a43160a159b6215b70bcce9) C:\Windows\system32\drivers\tcpip.sys
2011/06/07 22:08:32.0314 2144 Tcpip6 (782568ab6a43160a159b6215b70bcce9) C:\Windows\system32\DRIVERS\tcpip.sys
2011/06/07 22:08:32.0423 2144 tcpipreg (d4a2e4a4b011f3a883af77315a5ae76b) C:\Windows\system32\drivers\tcpipreg.sys
2011/06/07 22:08:32.0486 2144 TDPIPE (5dcf5e267be67a1ae926f2df77fbcc56) C:\Windows\system32\drivers\tdpipe.sys
2011/06/07 22:08:32.0548 2144 TDTCP (389c63e32b3cefed425b61ed92d3f021) C:\Windows\system32\drivers\tdtcp.sys
2011/06/07 22:08:32.0642 2144 tdx (d09276b1fab033ce1d40dcbdf303d10f) C:\Windows\system32\DRIVERS\tdx.sys
2011/06/07 22:08:32.0704 2144 TermDD (a048056f5e1a96a9bf3071b91741a5aa) C:\Windows\system32\DRIVERS\termdd.sys
2011/06/07 22:08:32.0844 2144 tssecsrv (dcf0f056a2e4f52287264f5ab29cf206) C:\Windows\system32\DRIVERS\tssecsrv.sys
2011/06/07 22:08:32.0922 2144 tunmp (caecc0120ac49e3d2f758b9169872d38) C:\Windows\system32\DRIVERS\tunmp.sys
2011/06/07 22:08:32.0969 2144 tunnel (6042505ff6fa9ac1ef7684d0e03b6940) C:\Windows\system32\DRIVERS\tunnel.sys
2011/06/07 22:08:33.0032 2144 uagp35 (c3ade15414120033a36c0f293d4a4121) C:\Windows\system32\drivers\uagp35.sys
2011/06/07 22:08:33.0172 2144 udfs (8b5088058fa1d1cd897a2113ccff6c58) C:\Windows\system32\DRIVERS\udfs.sys
2011/06/07 22:08:33.0266 2144 uliagpkx (75e6890ebfce0841d3291b02e7a8bdb0) C:\Windows\system32\drivers\uliagpkx.sys
2011/06/07 22:08:33.0375 2144 uliahci (3cd4ea35a6221b85dcc25daa46313f8d) C:\Windows\system32\drivers\uliahci.sys
2011/06/07 22:08:33.0437 2144 UlSata (8514d0e5cd0534467c5fc61be94a569f) C:\Windows\system32\drivers\ulsata.sys
2011/06/07 22:08:33.0484 2144 ulsata2 (38c3c6e62b157a6bc46594fada45c62b) C:\Windows\system32\drivers\ulsata2.sys
2011/06/07 22:08:33.0609 2144 umbus (32cff9f809ae9aed85464492bf3e32d2) C:\Windows\system32\DRIVERS\umbus.sys
2011/06/07 22:08:33.0687 2144 USBAAPL (d4fb6ecc60a428564ba8768b0e23c0fc) C:\Windows\system32\Drivers\usbaapl.sys
2011/06/07 22:08:33.0734 2144 usbccgp (8bd3ae150d97ba4e633c6c5c51b41ae1) C:\Windows\system32\drivers\usbccgp.sys
2011/06/07 22:08:33.0843 2144 usbcir (e9476e6c486e76bc4898074768fb7131) C:\Windows\system32\drivers\usbcir.sys
2011/06/07 22:08:33.0874 2144 usbehci (cebe90821810e76320155beba722fcf9) C:\Windows\system32\DRIVERS\usbehci.sys
2011/06/07 22:08:33.0936 2144 usbhub (cc6b28e4ce39951357963119ce47b143) C:\Windows\system32\DRIVERS\usbhub.sys
2011/06/07 22:08:34.0092 2144 usbohci (38dbc7dd6cc5a72011f187425384388b) C:\Windows\system32\drivers\usbohci.sys
2011/06/07 22:08:34.0139 2144 usbprint (e75c4b5269091d15a2e7dc0b6d35f2f5) C:\Windows\system32\DRIVERS\usbprint.sys
2011/06/07 22:08:34.0638 2144 USBSTOR (87ba6b83c5d19b69160968d07d6e2982) C:\Windows\system32\DRIVERS\USBSTOR.SYS
2011/06/07 22:08:34.0716 2144 usbuhci (814d653efc4d48be3b04a307eceff56f) C:\Windows\system32\DRIVERS\usbuhci.sys
2011/06/07 22:08:35.0091 2144 vga (7d92be0028ecdedec74617009084b5ef) C:\Windows\system32\DRIVERS\vgapnp.sys
2011/06/07 22:08:35.0278 2144 VgaSave (2e93ac0a1d8c79d019db6c51f036636c) C:\Windows\System32\drivers\vga.sys
2011/06/07 22:08:35.0372 2144 viaagp (045d9961e591cf0674a920b6ba3ba5cb) C:\Windows\system32\drivers\viaagp.sys
2011/06/07 22:08:35.0418 2144 ViaC7 (56a4de5f02f2e88182b0981119b4dd98) C:\Windows\system32\drivers\viac7.sys
2011/06/07 22:08:35.0512 2144 viaide (fd2e3175fcada350c7ab4521dca187ec) C:\Windows\system32\drivers\viaide.sys
2011/06/07 22:08:35.0652 2144 volmgr (69503668ac66c77c6cd7af86fbdf8c43) C:\Windows\system32\drivers\volmgr.sys
2011/06/07 22:08:35.0808 2144 volmgrx (98f5ffe6316bd74e9e2c97206c190196) C:\Windows\system32\drivers\volmgrx.sys
2011/06/07 22:08:36.0058 2144 volsnap (d8b4a53dd2769f226b3eb374374987c9) C:\Windows\system32\drivers\volsnap.sys
2011/06/07 22:08:36.0308 2144 vsmraid (d984439746d42b30fc65a4c3546c6829) C:\Windows\system32\drivers\vsmraid.sys
2011/06/07 22:08:36.0495 2144 WacomPen (48dfee8f1af7c8235d4e626f0c4fe031) C:\Windows\system32\drivers\wacompen.sys
2011/06/07 22:08:36.0713 2144 Wanarp (55201897378cca7af8b5efd874374a26) C:\Windows\system32\DRIVERS\wanarp.sys
2011/06/07 22:08:36.0744 2144 Wanarpv6 (55201897378cca7af8b5efd874374a26) C:\Windows\system32\DRIVERS\wanarp.sys
2011/06/07 22:08:37.0010 2144 Wd (afc5ad65b991c1e205cf25cfdbf7a6f4) C:\Windows\system32\drivers\wd.sys
2011/06/07 22:08:37.0212 2144 Wdf01000 (b6f0a7ad6d4bd325fbcd8bac96cd8d96) C:\Windows\system32\drivers\Wdf01000.sys
2011/06/07 22:08:37.0415 2144 winachsf (72cc6a8ca7891031d6380db5025c773c) C:\Windows\system32\DRIVERS\HSX_CNXT.sys
2011/06/07 22:08:37.0618 2144 WmiAcpi (701a9f884a294327e9141d73746ee279) C:\Windows\system32\drivers\wmiacpi.sys
2011/06/07 22:08:37.0743 2144 WpdUsb (0cec23084b51b8288099eb710224e955) C:\Windows\system32\DRIVERS\wpdusb.sys
2011/06/07 22:08:37.0899 2144 ws2ifsl (e3a3cb253c0ec2494d4a61f5e43a389c) C:\Windows\system32\drivers\ws2ifsl.sys
2011/06/07 22:08:38.0148 2144 WUDFRd (ac13cb789d93412106b0fb6c7eb2bcb6) C:\Windows\system32\DRIVERS\WUDFRd.sys
2011/06/07 22:08:38.0336 2144 XAudio (dab33cfa9dd24251aaa389ff36b64d4b) C:\Windows\system32\DRIVERS\xaudio.sys
2011/06/07 22:08:38.0398 2144 MBR (0x1B8) (8913823ff508ccf109db74b636c301da) \Device\Harddisk0\DR0
2011/06/07 22:08:38.0445 2144 ================================================================================
2011/06/07 22:08:38.0445 2144 Scan finished
2011/06/07 22:08:38.0445 2144 ================================================================================
2011/06/07 22:08:38.0476 1196 Detected object count: 0
2011/06/07 22:08:38.0476 1196 Actual detected object count: 0

MBAM
Malwarebytes' Anti-Malware 1.51.0.1200
www.malwarebytes.org

Database version: 6804

Windows 6.0.6001 Service Pack 1
Internet Explorer 8.0.6001.19048

6/7/2011 10:16:40 PM
mbam-log-2011-06-07 (22-16-40).txt

Scan type: Quick scan
Objects scanned: 156700
Time elapsed: 3 minute(s), 4 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 0

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
(No malicious items detected)

ComboFix
ComboFix 11-06-06.07 - owner 06/07/2011 22:22:04.2.1 - x86
Microsoft® Windows Vista™ Home Basic 6.0.6001.1.1252.1.1033.18.2039.1239 [GMT -4:00]
Running from: c:\users\owner\Desktop\ComboFix.exe
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
* Created a new restore point
.
.
((((((((((((((((((((((((( Files Created from 2011-05-08 to 2011-06-08 )))))))))))))))))))))))))))))))
.
.
2011-06-08 02:31 . 2011-06-08 02:31 -------- d-----w- c:\users\owner\AppData\Local\temp
2011-06-08 02:31 . 2011-06-08 02:31 -------- d-----w- c:\users\Default\AppData\Local\temp
2011-06-07 01:58 . 2011-06-07 01:58 -------- d-----w- C:\_OTL
2011-06-05 12:47 . 2011-06-05 12:47 404640 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2011-06-03 17:57 . 2011-05-24 23:12 6962000 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{8E109EB6-E555-4EE4-B9AD-47E7F25E5615}\mpengine.dll
2011-05-31 01:02 . 2011-05-31 14:51 -------- d--h--w- c:\program files\Temp
2011-05-30 16:44 . 2011-05-30 16:44 388096 ----a-r- c:\users\owner\AppData\Roaming\Microsoft\Installer\{45A66726-69BC-466B-A7A4-12FCBA4883D7}\HiJackThis.exe
2011-05-30 16:44 . 2011-05-30 16:44 -------- d-----w- c:\program files\Trend Micro
2011-05-30 14:02 . 2011-06-05 19:56 -------- d-----w- c:\program files\Spybot - Search & Destroy
2011-05-30 14:02 . 2011-05-30 15:00 -------- d-----w- c:\programdata\Spybot - Search & Destroy
2011-05-22 12:56 . 2011-05-22 12:56 -------- d-----w- c:\program files\Common Files\xing shared
2011-05-11 12:09 . 2011-04-07 12:01 2409784 ----a-w- c:\program files\Windows Mail\OESpamFilter.dat
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2011-06-07 01:17 . 2008-09-30 01:00 66560 ----a-w- c:\windows\system32\drivers\smb.sys
2011-06-05 16:34 . 2008-09-30 01:01 121344 ----a-w- c:\windows\system32\drivers\ndiswan.sys
2011-05-31 17:11 . 2008-09-30 01:00 184320 ----a-w- c:\windows\system32\drivers\netbt.sys
2011-05-31 14:51 . 2007-03-26 13:16 319456 ----a-w- c:\windows\DIFxAPI.dll
2011-05-29 13:11 . 2010-03-05 02:48 39984 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2011-05-29 13:11 . 2010-03-05 02:48 22712 ----a-w- c:\windows\system32\drivers\mbam.sys
2011-05-24 23:14 . 2009-10-03 05:50 222080 ------w- c:\windows\system32\MpSigStub.exe
2011-05-22 12:54 . 2007-03-26 13:24 499712 ----a-w- c:\windows\system32\msvcp71.dll
2011-05-22 12:54 . 2007-03-26 13:10 348160 ----a-w- c:\windows\system32\msvcr71.dll
2011-04-06 20:20 . 2011-04-06 20:20 91424 ----a-w- c:\windows\system32\dnssd.dll
2011-04-06 20:20 . 2011-04-06 20:20 75040 ----a-w- c:\windows\system32\jdns_sd.dll
2011-04-06 20:20 . 2011-04-06 20:20 197920 ----a-w- c:\windows\system32\dnssdX.dll
2011-04-06 20:20 . 2011-04-06 20:20 107808 ----a-w- c:\windows\system32\dns-sd.exe
2011-03-10 16:12 . 2011-04-13 16:23 1161728 ----a-w- c:\windows\system32\mfc42u.dll
2011-03-10 16:12 . 2011-04-13 16:23 1136640 ----a-w- c:\windows\system32\mfc42.dll
2011-04-29 17:35 . 2011-04-16 16:23 142296 ----a-w- c:\program files\mozilla firefox\components\browsercomps.dll
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2008-01-19 1233920]
"updateMgr"="c:\program files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe" [2006-03-30 313472]
"WMPNSCFG"="c:\program files\Windows Media Player\WMPNSCFG.exe" [2008-01-19 202240]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"hpsysdrv"="c:\hp\support\hpsysdrv.exe" [2006-09-28 65536]
"OsdMaestro"="c:\program files\Hewlett-Packard\On-Screen OSD Indicator\OSD.exe" [2006-11-20 155648]
"DXM6Patch_981116"="c:\windows\p_981116.exe" [1998-11-30 497376]
"Malwarebytes Anti-Malware (reboot)"="c:\program files\Malwarebytes' Anti-Malware\mbam.exe" [2011-05-29 1047656]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2008-06-19 141848]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2008-06-19 166424]
"Persistence"="c:\windows\system32\igfxpers.exe" [2008-06-19 133656]
"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2010-11-29 421888]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2010-10-29 249064]
"DivXUpdate"="c:\program files\DivX\DivX Update\DivXUpdate.exe" [2011-03-21 1230704]
"Malwarebytes' Anti-Malware (reboot)"="c:\program files\Malwarebytes' Anti-Malware\mbam.exe" [2011-05-29 1047656]
"TkBellExe"="c:\program files\real\realplayer\Update\realsched.exe" [2011-05-22 273544]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce]
"AvgUninstallURL"="start http:" [X]
"Launcher"="c:\windows\SMINST\launcher.exe" [2006-11-24 44136]
.
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
Compaq Connections.lnk - c:\program files\Compaq Connections\3572475\Program\Compaq Connections.exe [2007-3-26 34520]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DPService]
2007-12-18 17:18 90112 ----a-w- c:\program files\HP\DVDPlay\DPService.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper]
2011-04-27 05:22 421160 ----a-w- c:\program files\iTunes\iTunesHelper.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Steam]
2011-01-01 18:25 1242448 ----a-w- c:\program files\Steam\Steam.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring]
"DisableMonitoring"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
"DisableMonitoring"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
"DisableMonitoring"=dword:00000001
.
R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]
R3 cpuz135;cpuz135;c:\windows\TEMP\cpuz135\cpuz135_x32.sys [x]
R3 Futuremark SystemInfo Service;Futuremark SystemInfo Service;c:\program files\Common Files\Futuremark Shared\Futuremark SystemInfo\FMSISvc.exe [2011-01-03 129440]
R3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;c:\windows\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe [2010-03-18 753504]
R4 sptd;sptd;c:\windows\System32\Drivers\sptd.sys [2008-08-06 717296]
.
.
--- Other Services/Drivers In Memory ---
.
*NewlyCreated* - 48057177
*Deregistered* - 48057177
*Deregistered* - MBAMSwissArmy
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
LocalServiceNoNetwork REG_MULTI_SZ PLA DPS BFE mpssvc
.
Contents of the 'Scheduled Tasks' folder
.
2011-06-07 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3194001091-2031638830-979600221-1000Core.job
- c:\users\owner\AppData\Local\Google\Update\GoogleUpdate.exe [2008-09-16 14:56]
.
2011-06-08 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3194001091-2031638830-979600221-1000UA.job
- c:\users\owner\AppData\Local\Google\Update\GoogleUpdate.exe [2008-09-16 14:56]
.
2008-10-25 c:\windows\Tasks\HPCeeScheduleForowner.job
- c:\program files\hewlett-packard\sdp\ceement\HPCEE.exe [2007-03-26 22:04]
.
2011-05-30 c:\windows\Tasks\RealUpgradeScheduledTaskS-1-5-21-3194001091-2031638830-979600221-1000.job
- c:\program files\Real\RealUpgrade\realupgrade.exe [2011-03-29 14:47]
.
2011-06-07 c:\windows\Tasks\User_Feed_Synchronization-{A4815508-1AB6-4DE1-8DD5-626283A9294C}.job
- c:\windows\system32\msfeedssync.exe [2011-04-13 04:43]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.yahoo.com/
mStart Page = hxxp://www.yahoo.com/
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~3\Office12\EXCEL.EXE/3000
TCP: DhcpNameServer = 192.168.1.1
FF - ProfilePath - c:\users\owner\AppData\Roaming\Mozilla\Firefox\Profiles\j7aa5u9e.default\
FF - prefs.js: browser.search.selectedEngine -
FF - prefs.js: browser.startup.homepage - hxxp://www.yahoo.com/
FF - user.js: yahoo.homepage.dontask - true
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2011-06-07 22:31
Windows 6.0.6001 Service Pack 1 NTFS
.
scanning hidden processes ...
.
scanning hidden autostart entries ...
.
scanning hidden files ...
.
scan completed successfully
hidden files: 0
.
**************************************************************************
.
[HKEY_LOCAL_MACHINE\system\ControlSet002\Services\.cdrom]
"ImagePath"="\*"
.
[HKEY_LOCAL_MACHINE\system\ControlSet002\Services\.HDAudBus]
"ImagePath"="\*"
.
[HKEY_LOCAL_MACHINE\system\ControlSet002\Services\.HSXHWBS2]
"ImagePath"="\*"
.
[HKEY_LOCAL_MACHINE\system\ControlSet002\Services\.msiscsi]
"ImagePath"="\*"
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_LOCAL_MACHINE\system\ControlSet002\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
--------------------- DLLs Loaded Under Running Processes ---------------------
.
- - - - - - - > 'Explorer.exe'(1116)
c:\program files\Hewlett-Packard\HP Advisor\Pillars\Market\MLDeskBand.dll
.
Completion time: 2011-06-07 22:34:09
ComboFix-quarantined-files.txt 2011-06-08 02:34
ComboFix2.txt 2011-06-07 02:39
.
Pre-Run: 22,107,881,472 bytes free
Post-Run: 22,073,364,480 bytes free
.
- - End Of File - - 6537F627985C3A58C3C4CA6A521B60BA

#10 SweetTech

Agent ST

Group: Malware Response Team
Posts: 12,662
Joined: 15-March 09
Gender:Male
Location:Antarctica

Posted 08 June 2011 - 09:10 AM

Good Morning Pyrosteria!

Your logs are looking better. How are things running?

Java Outdated

Important Note: Your version of Java is out of date. Older versions have vulnerabilities that malicious sites can use to exploit and infect your system.

Please follow these steps to remove older version Java components and update:

Download the latest version of Java Runtime Environment (JRE) Version 6 and save it to your desktop.
Look for "Java Platform, Standard Edition".
Click the "Download JRE" button to the right.
Read the License Agreement, and then check the box that says: "Accept License Agreement".
From the list, select your OS and Platform (32-bit or 64-bit).
If a download for an Offline Installation is available, it is recommended to choose that and save the file to your desktop.
Close any programs you may have running - especially your web browser.

Go to

> Control Panel, double-click on Add/Remove Programs or Programs and Features in Vista/Windows 7 and remove all older versions of Java.

Check (highlight) any item with Java Runtime Environment (JRE or J2SE) in the name.
Click the Remove or Change/Remove button and follow the onscreen instructions for the Java uninstaller.
Repeat as many times as necessary to remove each Java versions.
Reboot your computer once all Java components are removed.
Then from your desktop double-click on jre-6u26-windows-i586.exe to install the newest version.
If using Windows 7 or Vista and the installer refuses to launch due to insufficient user permissions, then Run As Administrator.
When the Java Setup - Welcome window opens, click the Install > button.
If offered to install a Toolbar, just uncheck the box before continuing unless you want it.
The McAfee Security Scan Plus tool is installed by default unless you uncheck the McAfee installation box when updating Java.

-- Starting with Java 6u10, the uninstaller incorporated in each new release uses Enhanced Auto update to automatically remove the previous version when updating to a later update release. It will not remove older versions, so they will need to be removed manually.
-- Java is updated frequently. If you want to be automatically notified of future updates, just turn on the Java Automatic Update feature and you will not have to remember to update when Java releases a new version.

Note: The Java Quick Starter (JQS.exe) adds a service to improve the initial startup time of Java applets and applications but it's not necessary.
To disable the JQS service if you don't want to use it:

Go to Start > Control Panel > Java > Advanced > Miscellaneous and uncheck the box for Java Quick Starter.
Click Ok and reboot your computer.

NEXT

Update Adobe Reader
Earlier versions of Adobe Reader have known security flaws so it is recommended that you update your copy

Go to Start > Control Panel > Add/Remove Programs
Remove ALL instances of Adobe Reader
Re-boot your computer as required.
Once ALL versions of Adobe Reader have been uninstalled, visit: <<here>> and download the latest version of Adobe Reader

Alternative Option: after uninstalling Adobe Reader, you could try installing Foxit Reader from >here< Foxit Reader has fewer add-ons therefore loads more quickly.

NEXT:

OTL Custom Scan

We need to run an OTL Custom Scan

Please reopen on your desktop.
Copy and Paste the following code into the textbox.

netsvcs
drivers32
hklm\software\clients\startmenuinternet|command /rs
%USERPROFILE%\AppData\Local\Google\Chrome\User Data\*.* /s
HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate\AU
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\Auto Update\Results\Install|LastSuccessTime /rs
Push the button.
A report will open. Copy and Paste that report in your next reply.

NEXT:

What outstanding issues (if any) are you still experiencing with your computer?

#11 Pyrosteria

New Member

Group: Members
Posts: 13
Joined: 31-May 11

Posted 08 June 2011 - 10:27 AM

Hi ST!

Besides the no sound issue, my computer seems to be running pretty well. :thumbup2:

OTL logfile created on: 6/8/2011 11:06:11 AM - Run 2
OTL by OldTimer - Version 3.2.23.0 Folder = C:\Users\owner\Desktop
Windows Vista Home Basic Edition Service Pack 1 (Version = 6.0.6001) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.19048)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

1.99 Gb Total Physical Memory | 1.24 Gb Available Physical Memory | 62.20% Memory free
4.23 Gb Paging File | 3.54 Gb Available in Paging File | 83.73% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 179.24 Gb Total Space | 20.85 Gb Free Space | 11.63% Space Free | Partition Type: NTFS
Drive D: | 7.07 Gb Total Space | 0.87 Gb Free Space | 12.28% Space Free | Partition Type: NTFS

Computer Name: OWNER-PC | User Name: owner | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2011/06/06 14:48:50 | 000,580,096 | ---- | M] (OldTimer Tools) -- C:\Users\owner\Desktop\OTL.exe
PRC - [2011/05/22 08:54:58 | 000,273,544 | ---- | M] (RealNetworks, Inc.) -- C:\Program Files\Real\realplayer\Update\realsched.exe
PRC - [2011/04/29 13:35:59 | 000,924,632 | ---- | M] (Mozilla Corporation) -- C:\Program Files\Mozilla Firefox\firefox.exe
PRC - [2011/03/21 17:10:00 | 001,230,704 | ---- | M] () -- C:\Program Files\DivX\DivX Update\DivXUpdate.exe
PRC - [2008/10/29 02:29:41 | 002,927,104 | ---- | M] (Microsoft Corporation) -- C:\Windows\explorer.exe
PRC - [2006/11/20 07:34:52 | 000,155,648 | ---- | M] (OsdMaestro) -- C:\Program Files\Hewlett-Packard\On-Screen OSD Indicator\OSD.exe
PRC - [2006/10/10 12:44:20 | 000,034,520 | ---- | M] (Hewlett Packard) -- C:\Program Files\Compaq Connections\3572475\Program\Compaq Connections.exe
PRC - [2006/09/28 09:42:24 | 000,065,536 | ---- | M] (Hewlett-Packard Company) -- C:\hp\support\hpsysdrv.exe

========== Modules (SafeList) ==========

MOD - [2011/06/06 14:48:50 | 000,580,096 | ---- | M] (OldTimer Tools) -- C:\Users\owner\Desktop\OTL.exe
MOD - [2010/08/31 11:39:57 | 001,684,480 | ---- | M] (Microsoft Corporation) -- C:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.6001.18523_none_5cdd65e20837faf2\comctl32.dll

========== Win32 Services (SafeList) ==========

SRV - [2011/05/13 14:29:44 | 000,403,240 | ---- | M] (Valve Corporation) [On_Demand | Stopped] -- C:\Program Files\Common Files\Steam\SteamService.exe -- (Steam Client Service)
SRV - [2011/01/03 15:21:00 | 000,129,440 | ---- | M] (Futuremark Corporation) [On_Demand | Stopped] -- C:\Program Files\Common Files\Futuremark Shared\Futuremark SystemInfo\FMSISvc.exe -- (Futuremark SystemInfo Service)
SRV - [2008/01/19 03:38:24 | 000,272,952 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)

========== Driver Services (SafeList) ==========

DRV - [2008/08/06 00:46:56 | 000,717,296 | ---- | M] (Duplex Secure Ltd.) [Kernel | Disabled | Stopped] -- C:\Windows\System32\Drivers\sptd.sys -- (sptd)
DRV - [2008/05/08 05:03:18 | 000,980,992 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\HSX_DP.sys -- (HSF_DP)
DRV - [2007/10/18 07:36:54 | 000,008,704 | ---- | M] (Conexant Systems, Inc.) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\XAudio.sys -- (XAudio)
DRV - [2007/07/29 23:12:06 | 000,008,413 | ---- | M] (RealNetworks, Inc.) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\mcstrm.sys -- (MCSTRM)
DRV - [2006/11/02 03:30:56 | 000,044,544 | ---- | M] (Realtek Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\Rtlh86.sys -- (RTL8169)
DRV - [2004/04/26 23:31:04 | 000,474,304 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\lvcd.sys -- (QCDonner) Logitech QuickCam Express(PID_0840)

========== Standard Registry (SafeList) ==========

========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,StartPageCache = 1
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

========== FireFox ==========

FF - prefs.js..browser.search.defaultenginename: ""
FF - prefs.js..browser.search.selectedEngine: ""
FF - prefs.js..browser.startup.homepage: "http://www.yahoo.com/"

FF - HKLM\software\mozilla\Firefox\Extensions\\{ABDE892B-13A8-4d1b-88E6-365A6E755758}: C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\Firefox\Ext [2011/05/22 08:55:54 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 4.0.1\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2011/05/22 08:55:34 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 4.0.1\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2011/06/08 10:38:35 | 000,000,000 | ---D | M]

[2008/08/30 18:23:20 | 000,000,000 | ---D | M] (No name found) -- C:\Users\owner\AppData\Roaming\Mozilla\Extensions
[2011/06/03 08:56:19 | 000,000,000 | ---D | M] (No name found) -- C:\Users\owner\AppData\Roaming\Mozilla\Firefox\Profiles\j7aa5u9e.default\extensions
[2010/05/07 09:14:36 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Users\owner\AppData\Roaming\Mozilla\Firefox\Profiles\j7aa5u9e.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}
[2010/02/11 20:38:22 | 000,000,000 | ---D | M] (Ad blocker) -- C:\Users\owner\AppData\Roaming\Mozilla\Firefox\Profiles\j7aa5u9e.default\extensions\{4DC70064-89E2-4a55-8FC6-E8CDEAE3612C}
[2009/02/23 18:03:06 | 000,000,000 | ---D | M] (Move Media Player) -- C:\Users\owner\AppData\Roaming\Mozilla\Firefox\Profiles\j7aa5u9e.default\extensions\moveplayer@movenetworks.com
[2011/06/08 10:33:38 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions
[2010/04/26 10:41:49 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}
[2010/08/26 10:20:39 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}
[2010/10/28 09:06:09 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}
[2011/01/27 09:48:09 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA}
[2011/06/08 10:33:38 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA}
File not found (No name found) --
[2011/05/22 08:55:54 | 000,000,000 | ---D | M] (RealPlayer Browser Record Plugin) -- C:\PROGRAMDATA\REAL\REALPLAYER\BROWSERRECORDPLUGIN\FIREFOX\EXT
() (No name found) -- C:\USERS\OWNER\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\J7AA5U9E.DEFAULT\EXTENSIONS\{A7C6CF7F-112C-4500-A7EA-39801A327E5F}.XPI
() (No name found) -- C:\USERS\OWNER\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\J7AA5U9E.DEFAULT\EXTENSIONS\FIREBUG@SOFTWARE.JOEHEWITT.COM.XPI
[2011/04/29 13:35:59 | 000,142,296 | ---- | M] (Mozilla Foundation) -- C:\Program Files\Mozilla Firefox\components\browsercomps.dll
[2011/06/08 10:33:27 | 000,476,904 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\Mozilla Firefox\plugins\npdeployJava1.dll
[2010/01/01 04:00:00 | 000,002,252 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\bing.xml

O1 HOSTS File: ([2011/06/07 22:00:05 | 000,000,098 | ---- | M]) - C:\Windows\System32\drivers\etc\Hosts
O1 - Hosts: 127.0.0.1 localhost
O1 - Hosts: ::1 localhost
O2 - BHO: (Yahoo! Toolbar Helper) - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll (Yahoo! Inc.)
O2 - BHO: (RealPlayer Download and Record Plugin for Internet Explorer) - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\IE\rpbrowserrecordplugin.dll (RealPlayer)
O2 - BHO: (Google Toolbar Helper) - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\Program Files\Google\GoogleToolbar1.dll (Google Inc.)
O3 - HKLM\..\Toolbar: (&Google) - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\Program Files\Google\GoogleToolbar1.dll (Google Inc.)
O3 - HKLM\..\Toolbar: (Yahoo! Toolbar) - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll (Yahoo! Inc.)
O3 - HKCU\..\Toolbar\WebBrowser: (&Google) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - c:\Program Files\Google\GoogleToolbar1.dll (Google Inc.)
O4 - HKLM..\Run: [DivXUpdate] C:\Program Files\DivX\DivX Update\DivXUpdate.exe ()
O4 - HKLM..\Run: [DXM6Patch_981116] C:\Windows\p_981116.exe (Microsoft Corporation)
O4 - HKLM..\Run: [hpsysdrv] c:\hp\support\hpsysdrv.exe (Hewlett-Packard Company)
O4 - HKLM..\Run: [Malwarebytes Anti-Malware (reboot)] C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe (Malwarebytes Corporation)
O4 - HKLM..\Run: [Malwarebytes' Anti-Malware (reboot)] C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe (Malwarebytes Corporation)
O4 - HKLM..\Run: [OsdMaestro] C:\Program Files\Hewlett-Packard\On-Screen OSD Indicator\OSD.exe (OsdMaestro)
O4 - HKLM..\Run: [TkBellExe] c:\program files\real\realplayer\Update\realsched.exe (RealNetworks, Inc.)
O4 - HKCU..\Run: [updateMgr] File not found
O4 - HKLM..\RunOnce: [AvgUninstallURL] C:\Windows\System32\cmd.exe (Microsoft Corporation)
O4 - HKLM..\RunOnce: [Launcher] C:\Windows\SMINST\Launcher.exe (soft thinks)
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O10 - NameSpace_Catalog5\Catalog_Entries\000000000007 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O15 - HKCU\..Trusted Ranges: Range1 ([http] in Local intranet)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab (Java Plug-in 1.6.0_26)
O16 - DPF: {CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab (Java Plug-in 1.6.0_26)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab (Java Plug-in 1.6.0_26)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O24 - Desktop WallPaper: C:\Users\owner\AppData\Roaming\Microsoft\Windows Photo Gallery\Windows Photo Gallery Wallpaper.jpg
O24 - Desktop BackupWallPaper: C:\Users\owner\AppData\Roaming\Microsoft\Windows Photo Gallery\Windows Photo Gallery Wallpaper.jpg
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2006/09/18 17:43:36 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O34 - HKLM BootExecute: (lsdelete) - C:\Windows\System32\lsdelete.exe ()
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKCU\...com [@ = ComFile] -- Reg Error: Key error. File not found

NetSvcs: FastUserSwitchingCompatibility - File not found
NetSvcs: Ias - File not found
NetSvcs: Nla - File not found
NetSvcs: Ntmssvc - File not found
NetSvcs: NWCWorkstation - File not found
NetSvcs: Nwsapagent - File not found
NetSvcs: SRService - File not found
NetSvcs: WmdmPmSp - File not found
NetSvcs: LogonHours - File not found
NetSvcs: PCAudit - File not found
NetSvcs: helpsvc - File not found
NetSvcs: uploadmgr - File not found

Drivers32: msacm.ac3acm - C:\Windows\System32\AC3ACM.acm (fccHandler)
Drivers32: msacm.ac3filter - C:\Windows\System32\ac3filter.acm ()
Drivers32: msacm.alf2cd - C:\Windows\System32\alf2cd.acm (NCT Company)
Drivers32: msacm.l3acm - C:\Windows\System32\l3codeca.acm (Fraunhofer Institut Integrierte Schaltungen IIS)
Drivers32: msacm.scg726 - C:\Windows\System32\Scg726.acm (SHARP Corporation)
Drivers32: msacm.voxacm160 - C:\Windows\System32\vct3216.acm (Voxware, Inc.)
Drivers32: MSVideo - C:\Windows\System32\vfwwdm32.dll (Microsoft Corporation)
Drivers32: MSVideo8 - C:\Windows\System32\vfwwdm32.dll (Microsoft Corporation)
Drivers32: vidc.cvid - C:\Windows\System32\iccvid.dll (Radius Inc.)
Drivers32: vidc.DIVX - C:\Windows\System32\DivX.dll (DivX, Inc.)
Drivers32: vidc.dvsd - C:\Windows\System32\mcdvd_32.dll (MainConcept)
Drivers32: VIDC.I420 - C:\Windows\System32\lvcodec2.dll (Logitech Inc.)
Drivers32: VIDC.IV41 - C:\Windows\System32\ir41_32.ax (Intel Corporation)
Drivers32: vidc.xvid - C:\Windows\System32\xvidvfw.dll ()
Drivers32: vidc.yv12 - C:\Windows\System32\DivX.dll (DivX, Inc.)

========== Files/Folders - Created Within 30 Days ==========

[2011/06/08 11:02:43 | 000,000,000 | ---D | C] -- C:\Program Files\Foxit Software
[2011/06/08 10:38:34 | 000,000,000 | -HSD | C] -- C:\Config.Msi
[2011/06/08 10:33:56 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Java
[2011/06/07 22:34:11 | 000,000,000 | ---D | C] -- C:\Windows\temp
[2011/06/07 22:34:11 | 000,000,000 | ---D | C] -- C:\Users\owner\AppData\Local\temp
[2011/06/07 22:33:20 | 000,000,000 | -HSD | C] -- C:\$RECYCLE.BIN
[2011/06/07 22:18:38 | 004,114,696 | R--- | C] (Swearware) -- C:\Users\owner\Desktop\ComboFix.exe
[2011/06/07 17:32:48 | 001,437,488 | ---- | C] (Kaspersky Lab ZAO) -- C:\Users\owner\Desktop\TDSSKiller.exe
[2011/06/07 16:59:08 | 000,000,000 | ---D | C] -- C:\Program Files\ESET
[2011/06/07 16:57:26 | 002,322,184 | ---- | C] (ESET) -- C:\Users\owner\Desktop\esetsmartinstaller_enu.exe
[2011/06/06 22:19:33 | 000,518,144 | ---- | C] (SteelWerX) -- C:\Windows\SWREG.exe
[2011/06/06 22:19:33 | 000,406,528 | ---- | C] (SteelWerX) -- C:\Windows\SWSC.exe
[2011/06/06 22:19:33 | 000,060,416 | ---- | C] (NirSoft) -- C:\Windows\NIRCMD.exe
[2011/06/06 22:19:27 | 000,000,000 | ---D | C] -- C:\Windows\ERDNT
[2011/06/06 22:19:23 | 000,000,000 | ---D | C] -- C:\Qoobox
[2011/06/06 21:58:31 | 000,000,000 | ---D | C] -- C:\_OTL
[2011/06/06 21:47:48 | 000,306,736 | ---- | C] (AVAST Software) -- C:\Users\owner\Desktop\aswclear.exe
[2011/06/06 21:34:02 | 000,718,104 | ---- | C] (AVG Technologies CZ, s.r.o.) -- C:\Users\owner\Desktop\avgremover.exe
[2011/06/06 21:27:36 | 006,443,144 | ---- | C] (OPSWAT, Inc.) -- C:\Users\owner\Desktop\AppRemover.exe
[2011/06/06 14:48:50 | 000,580,096 | ---- | C] (OldTimer Tools) -- C:\Users\owner\Desktop\OTL.exe
[2011/05/30 21:02:41 | 000,000,000 | -H-D | C] -- C:\Program Files\Temp
[2011/05/30 12:44:45 | 000,000,000 | ---D | C] -- C:\Program Files\Trend Micro
[2011/05/30 12:44:45 | 000,000,000 | ---D | C] -- C:\Users\owner\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\HiJackThis
[2011/05/30 10:02:20 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Spybot - Search & Destroy
[2011/05/30 10:02:16 | 000,000,000 | ---D | C] -- C:\ProgramData\Spybot - Search & Destroy
[2011/05/30 10:02:16 | 000,000,000 | ---D | C] -- C:\Program Files\Spybot - Search & Destroy
[2011/05/28 20:46:18 | 000,000,000 | ---D | C] -- C:\Users\owner\Desktop\Mailwarebytes' Anti-Malware
[2011/05/22 08:56:06 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\xing shared
[2011/05/11 15:07:25 | 000,000,000 | ---D | C] -- C:\Users\owner\Desktop\Games
[2007/12/26 15:52:14 | 000,047,360 | ---- | C] (VSO Software) -- C:\Users\owner\AppData\Roaming\pcouffin.sys

========== Files - Modified Within 30 Days ==========

[2011/06/08 11:02:48 | 000,000,937 | ---- | M] () -- C:\Users\Public\Desktop\Foxit Reader 5.0.lnk
[2011/06/08 10:40:34 | 000,003,552 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
[2011/06/08 10:40:34 | 000,003,552 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
[2011/06/08 10:40:24 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2011/06/08 10:40:21 | 2138,431,488 | -HS- | M] () -- C:\hiberfil.sys
[2011/06/08 10:15:00 | 000,000,908 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-3194001091-2031638830-979600221-1000UA.job
[2011/06/08 09:17:32 | 000,002,048 | ---- | M] () -- C:\Users\owner\Desktop\Google Chrome.lnk
[2011/06/08 09:17:32 | 000,002,010 | ---- | M] () -- C:\Users\owner\Application Data\Microsoft\Internet Explorer\Quick Launch\Google Chrome.lnk
[2011/06/08 09:15:00 | 000,000,856 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-3194001091-2031638830-979600221-1000Core.job
[2011/06/08 09:07:06 | 000,000,418 | -H-- | M] () -- C:\Windows\tasks\User_Feed_Synchronization-{A4815508-1AB6-4DE1-8DD5-626283A9294C}.job
[2011/06/07 22:18:16 | 004,114,696 | R--- | M] (Swearware) -- C:\Users\owner\Desktop\ComboFix.exe
[2011/06/07 22:06:43 | 001,437,488 | ---- | M] (Kaspersky Lab ZAO) -- C:\Users\owner\Desktop\TDSSKiller.exe
[2011/06/07 22:00:05 | 000,000,098 | ---- | M] () -- C:\Windows\System32\drivers\etc\Hosts
[2011/06/07 20:30:16 | 000,243,200 | ---- | M] () -- C:\Users\owner\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2011/06/07 20:14:23 | 000,879,092 | ---- | M] () -- C:\Users\owner\Desktop\SecurityCheck.exe
[2011/06/07 16:58:01 | 002,322,184 | ---- | M] (ESET) -- C:\Users\owner\Desktop\esetsmartinstaller_enu.exe
[2011/06/07 10:49:13 | 000,138,128 | ---- | M] () -- C:\Users\owner\Documents\Journal 2011.rtf
[2011/06/06 21:51:48 | 000,002,577 | ---- | M] () -- C:\Windows\System32\config.nt
[2011/06/06 21:47:50 | 000,306,736 | ---- | M] (AVAST Software) -- C:\Users\owner\Desktop\aswclear.exe
[2011/06/06 21:34:03 | 000,718,104 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Users\owner\Desktop\avgremover.exe
[2011/06/06 21:27:56 | 006,443,144 | ---- | M] (OPSWAT, Inc.) -- C:\Users\owner\Desktop\AppRemover.exe
[2011/06/06 14:48:50 | 000,580,096 | ---- | M] (OldTimer Tools) -- C:\Users\owner\Desktop\OTL.exe
[2011/06/06 14:43:08 | 000,139,264 | ---- | M] () -- C:\Users\owner\Desktop\RKUnhookerLE.EXE
[2011/06/05 18:54:33 | 190,180,574 | ---- | M] () -- C:\Windows\MEMORY.DMP
[2011/06/05 09:43:24 | 000,024,210 | ---- | M] () -- C:\Users\owner\Documents\cc_20110605_094321.reg
[2011/06/04 20:25:36 | 000,605,012 | ---- | M] () -- C:\Windows\System32\perfh009.dat
[2011/06/04 20:25:36 | 000,108,738 | ---- | M] () -- C:\Windows\System32\perfc009.dat
[2011/05/31 13:38:02 | 000,302,592 | ---- | M] () -- C:\Users\owner\Desktop\gmer.exe
[2011/05/31 13:36:05 | 000,000,733 | ---- | M] () -- C:\Users\owner\Desktop\gmer - Shortcut.lnk
[2011/05/31 13:10:15 | 000,000,020 | ---- | M] () -- C:\Users\owner\defogger_reenable
[2011/05/31 09:59:41 | 000,007,278 | ---- | M] () -- C:\Users\owner\Documents\cc_20110531_095938.reg
[2011/05/31 00:10:44 | 000,000,000 | ---- | M] () -- C:\Users\owner\AppData\Local\prvlcl.dat
[2011/05/30 17:59:56 | 000,000,286 | ---- | M] () -- C:\Windows\tasks\RealUpgradeScheduledTaskS-1-5-21-3194001091-2031638830-979600221-1000.job
[2011/05/30 14:05:05 | 000,002,523 | ---- | M] () -- C:\Users\owner\Desktop\HiJackThis.lnk
[2011/05/30 11:59:58 | 000,001,370 | ---- | M] () -- C:\Users\owner\Documents\cc_20110530_115953.reg
[2011/05/30 11:18:45 | 000,001,356 | ---- | M] () -- C:\Users\owner\AppData\Local\d3d9caps.dat
[2011/05/30 10:02:21 | 000,001,061 | ---- | M] () -- C:\Users\owner\Desktop\Spybot - Search & Destroy.lnk
[2011/05/30 09:26:52 | 000,005,352 | ---- | M] () -- C:\Users\owner\Documents\cc_20110530_092648.reg
[2011/05/29 09:11:30 | 000,039,984 | ---- | M] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbamswissarmy.sys
[2011/05/29 09:11:20 | 000,022,712 | ---- | M] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbam.sys
[2011/05/24 13:18:39 | 000,006,232 | ---- | M] () -- C:\Users\owner\Documents\cc_20110524_131835.reg
[2011/05/22 08:56:35 | 000,000,847 | ---- | M] () -- C:\Users\Public\Desktop\RealPlayer.lnk
[2011/05/22 08:55:04 | 000,272,896 | ---- | M] (Progressive Networks) -- C:\Windows\System32\pncrt.dll

========== Files Created - No Company Name ==========

[2011/06/08 11:02:48 | 000,000,937 | ---- | C] () -- C:\Users\Public\Desktop\Foxit Reader 5.0.lnk
[2011/06/07 20:14:22 | 000,879,092 | ---- | C] () -- C:\Users\owner\Desktop\SecurityCheck.exe
[2011/06/06 22:19:33 | 000,256,512 | ---- | C] () -- C:\Windows\PEV.exe
[2011/06/06 22:19:33 | 000,208,896 | ---- | C] () -- C:\Windows\MBR.exe
[2011/06/06 22:19:33 | 000,098,816 | ---- | C] () -- C:\Windows\sed.exe
[2011/06/06 22:19:33 | 000,080,412 | ---- | C] () -- C:\Windows\grep.exe
[2011/06/06 22:19:33 | 000,068,096 | ---- | C] () -- C:\Windows\zip.exe
[2011/06/06 21:52:34 | 2138,431,488 | -HS- | C] () -- C:\hiberfil.sys
[2011/06/06 14:43:06 | 000,139,264 | ---- | C] () -- C:\Users\owner\Desktop\RKUnhookerLE.EXE
[2011/06/05 09:43:23 | 000,024,210 | ---- | C] () -- C:\Users\owner\Documents\cc_20110605_094321.reg
[2011/05/31 13:36:05 | 000,000,733 | ---- | C] () -- C:\Users\owner\Desktop\gmer - Shortcut.lnk
[2011/05/31 13:10:04 | 000,000,020 | ---- | C] () -- C:\Users\owner\defogger_reenable
[2011/05/31 09:59:40 | 000,007,278 | ---- | C] () -- C:\Users\owner\Documents\cc_20110531_095938.reg
[2011/05/30 17:56:35 | 000,000,286 | ---- | C] () -- C:\Windows\tasks\RealUpgradeScheduledTaskS-1-5-21-3194001091-2031638830-979600221-1000.job
[2011/05/30 12:44:45 | 000,002,523 | ---- | C] () -- C:\Users\owner\Desktop\HiJackThis.lnk
[2011/05/30 11:59:55 | 000,001,370 | ---- | C] () -- C:\Users\owner\Documents\cc_20110530_115953.reg
[2011/05/30 10:02:21 | 000,001,061 | ---- | C] () -- C:\Users\owner\Desktop\Spybot - Search & Destroy.lnk
[2011/05/30 09:26:50 | 000,005,352 | ---- | C] () -- C:\Users\owner\Documents\cc_20110530_092648.reg
[2011/05/29 22:09:14 | 190,180,574 | ---- | C] () -- C:\Windows\MEMORY.DMP
[2011/05/29 12:32:00 | 000,302,592 | ---- | C] () -- C:\Users\owner\Desktop\gmer.exe
[2011/05/24 13:18:36 | 000,006,232 | ---- | C] () -- C:\Users\owner\Documents\cc_20110524_131835.reg
[2011/05/22 08:56:35 | 000,000,847 | ---- | C] () -- C:\Users\Public\Desktop\RealPlayer.lnk
[2011/01/15 01:51:03 | 000,106,605 | ---- | C] () -- C:\Windows\System32\StructuredQuerySchema.bin
[2011/01/15 01:51:03 | 000,018,904 | ---- | C] () -- C:\Windows\System32\StructuredQuerySchemaTrivial.bin
[2010/03/11 10:01:30 | 000,000,118 | ---- | C] () -- C:\Windows\System32\MRT.INI
[2009/07/24 09:03:01 | 000,000,000 | ---- | C] () -- C:\Users\owner\AppData\Local\prvlcl.dat
[2008/10/24 20:27:28 | 000,001,356 | ---- | C] () -- C:\Users\owner\AppData\Local\d3d9caps.dat
[2008/10/19 20:01:34 | 000,056,832 | ---- | C] () -- C:\Windows\System32\iyvu9_32.dll
[2008/06/18 21:51:06 | 000,147,456 | ---- | C] () -- C:\Windows\System32\igfxCoIn_v1504.dll
[2007/12/26 15:53:12 | 000,000,014 | ---- | C] () -- C:\Windows\System32\systeminfo3.dll
[2007/12/26 15:52:14 | 000,081,920 | ---- | C] () -- C:\Users\owner\AppData\Roaming\ezpinst.exe
[2007/12/26 15:52:14 | 000,007,176 | ---- | C] () -- C:\Users\owner\AppData\Roaming\pcouffin.cat
[2007/12/26 15:52:14 | 000,001,144 | ---- | C] () -- C:\Users\owner\AppData\Roaming\pcouffin.inf
[2007/08/30 00:37:36 | 000,010,240 | ---- | C] () -- C:\Windows\System32\vidx16.dll
[2007/08/30 00:34:25 | 000,000,536 | ---- | C] () -- C:\Windows\_delis32.ini
[2007/08/24 12:46:48 | 000,147,456 | ---- | C] () -- C:\Windows\System32\igfxCoIn_v1322.dll
[2007/07/07 12:43:06 | 000,106,991 | ---- | C] () -- C:\Windows\hpqins13.dat.temp
[2007/06/15 19:29:51 | 000,524,288 | ---- | C] () -- C:\Windows\System32\xvidcore.dll
[2007/06/15 19:29:51 | 000,139,264 | ---- | C] () -- C:\Windows\System32\xvidvfw.dll
[2007/05/30 16:38:50 | 000,000,000 | ---- | C] () -- C:\Windows\nsreg.dat
[2007/05/26 09:35:56 | 000,106,559 | ---- | C] () -- C:\Windows\hpqins13.dat
[2007/05/20 20:42:39 | 000,000,515 | ---- | C] () -- C:\Windows\SIERRA.INI
[2007/05/20 20:41:53 | 000,000,000 | ---- | C] () -- C:\Windows\System32\SIntfNT.dll
[2007/05/20 20:41:53 | 000,000,000 | ---- | C] () -- C:\Windows\System32\SIntf32.dll
[2007/05/20 20:41:53 | 000,000,000 | ---- | C] () -- C:\Windows\System32\SIntf16.dll
[2007/05/16 13:10:59 | 000,001,424 | ---- | C] () -- C:\Users\owner\AppData\Roaming\wklnhst.dat
[2007/05/15 11:06:55 | 000,077,824 | ---- | C] () -- C:\Windows\System32\hpzids01.dll
[2007/05/15 10:37:25 | 000,243,200 | ---- | C] () -- C:\Users\owner\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2007/04/13 15:19:52 | 000,007,680 | ---- | C] () -- C:\Windows\System32\lsdelete.exe
[2007/03/26 09:13:11 | 000,061,440 | ---- | C] () -- C:\Windows\System32\OsdRemove.exe
[2007/03/26 09:10:40 | 000,327,680 | ---- | C] () -- C:\Windows\System32\pythoncom24.dll
[2007/03/26 09:10:40 | 000,102,400 | ---- | C] () -- C:\Windows\System32\pywintypes24.dll
[2007/03/26 09:02:29 | 000,204,800 | ---- | C] () -- C:\Windows\System32\igfxCoIn_v1132.dll
[2007/03/06 11:49:42 | 000,204,800 | ---- | C] () -- C:\Windows\System32\igfxCoIn_v1227.dll
[2007/01/10 07:56:34 | 000,000,000 | ---- | C] () -- C:\Windows\System32\px.ini
[2006/11/02 08:53:49 | 000,067,584 | --S- | C] () -- C:\Windows\bootstat.dat
[2006/11/02 08:44:53 | 000,349,880 | ---- | C] () -- C:\Windows\System32\FNTCACHE.DAT
[2006/11/02 06:33:01 | 000,605,012 | ---- | C] () -- C:\Windows\System32\perfh009.dat
[2006/11/02 06:33:01 | 000,287,440 | ---- | C] () -- C:\Windows\System32\perfi009.dat
[2006/11/02 06:33:01 | 000,108,738 | ---- | C] () -- C:\Windows\System32\perfc009.dat
[2006/11/02 06:33:01 | 000,030,674 | ---- | C] () -- C:\Windows\System32\perfd009.dat
[2006/11/02 06:23:21 | 000,215,943 | ---- | C] () -- C:\Windows\System32\dssec.dat
[2006/11/02 04:58:30 | 000,043,131 | ---- | C] () -- C:\Windows\mib.bin
[2006/11/02 04:19:00 | 000,000,741 | ---- | C] () -- C:\Windows\System32\NOISE.DAT
[2006/11/02 03:40:29 | 000,013,750 | ---- | C] () -- C:\Windows\System32\pacerprf.ini
[2006/11/02 03:25:31 | 000,673,088 | ---- | C] () -- C:\Windows\System32\mlang.dat
[2006/08/11 02:00:40 | 000,520,192 | ---- | C] () -- C:\Windows\System32\CddbPlaylist2Roxio.dll
[2006/08/11 02:00:40 | 000,204,800 | ---- | C] () -- C:\Windows\System32\CddbFileTaggerRoxio.dll
[2004/03/26 09:56:40 | 000,017,191 | ---- | C] () -- C:\Windows\System32\lvcoinst.ini

========== LOP Check ==========

[2010/10/27 09:21:44 | 000,000,000 | ---D | M] -- C:\Users\owner\AppData\Roaming\AVG10
[2011/02/08 23:52:51 | 000,000,000 | ---D | M] -- C:\Users\owner\AppData\Roaming\Barnes & Noble
[2008/08/06 00:46:27 | 000,000,000 | ---D | M] -- C:\Users\owner\AppData\Roaming\DAEMON Tools
[2007/05/16 20:55:55 | 000,000,000 | ---D | M] -- C:\Users\owner\AppData\Roaming\FUJIFILM
[2008/09/15 14:03:13 | 000,000,000 | ---D | M] -- C:\Users\owner\AppData\Roaming\GrabPro
[2009/06/01 19:04:51 | 000,000,000 | ---D | M] -- C:\Users\owner\AppData\Roaming\gtk-2.0
[2008/08/06 00:14:09 | 000,000,000 | ---D | M] -- C:\Users\owner\AppData\Roaming\Leadertech
[2008/08/06 22:01:39 | 000,000,000 | ---D | M] -- C:\Users\owner\AppData\Roaming\My Games
[2009/02/24 22:18:22 | 000,000,000 | ---D | M] -- C:\Users\owner\AppData\Roaming\NCH Swift Sound
[2009/05/17 15:48:26 | 000,000,000 | ---D | M] -- C:\Users\owner\AppData\Roaming\Nvu
[2008/09/16 00:40:16 | 000,000,000 | ---D | M] -- C:\Users\owner\AppData\Roaming\Orbit
[2008/08/11 00:51:11 | 000,000,000 | ---D | M] -- C:\Users\owner\AppData\Roaming\Poser 7
[2011/01/14 22:09:59 | 000,000,000 | ---D | M] -- C:\Users\owner\AppData\Roaming\SystemRequirementsLab
[2007/05/27 09:24:10 | 000,000,000 | ---D | M] -- C:\Users\owner\AppData\Roaming\Template
[2011/01/01 15:55:43 | 000,000,000 | ---D | M] -- C:\Users\owner\AppData\Roaming\The Creative Assembly
[2009/05/18 10:11:58 | 000,000,000 | ---D | M] -- C:\Users\owner\AppData\Roaming\uTorrent
[2008/02/09 23:49:48 | 000,000,000 | ---D | M] -- C:\Users\owner\AppData\Roaming\Vso
[2007/05/21 16:33:45 | 000,000,000 | ---D | M] -- C:\Users\owner\AppData\Roaming\WinBatch
[2011/06/08 10:39:48 | 000,032,562 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT
[2011/06/08 09:07:06 | 000,000,418 | -H-- | M] () -- C:\Windows\Tasks\User_Feed_Synchronization-{A4815508-1AB6-4DE1-8DD5-626283A9294C}.job

========== Purity Check ==========

========== Custom Scans ==========

< hklm\software\clients\startmenuinternet|command /rs >
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\InstallInfo\\HideIconsCommand: "C:\Program Files\Mozilla Firefox\uninstall\helper.exe" /HideShortcuts [2011/04/29 13:36:01 | 000,711,672 | ---- | M] (Mozilla Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\InstallInfo\\ShowIconsCommand: "C:\Program Files\Mozilla Firefox\uninstall\helper.exe" /ShowShortcuts [2011/04/29 13:36:01 | 000,711,672 | ---- | M] (Mozilla Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\InstallInfo\\ReinstallCommand: "C:\Program Files\Mozilla Firefox\uninstall\helper.exe" /SetAsDefaultAppGlobal [2011/04/29 13:36:01 | 000,711,672 | ---- | M] (Mozilla Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\shell\open\command\\: firefox.exe
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\shell\properties\command\\: "C:\Program Files\Mozilla Firefox\firefox.exe" -preferences [2011/04/29 13:35:59 | 000,924,632 | ---- | M] (Mozilla Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\shell\safemode\command\\: firefox.exe -safe-mode
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\InstallInfo\\HideIconsCommand: "C:\Windows\system32\ie4uinit.exe" -hide [2011/02/22 00:43:42 | 000,173,568 | ---- | M] (Microsoft Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\InstallInfo\\ShowIconsCommand: "C:\Windows\system32\ie4uinit.exe" -show [2011/02/22 00:43:42 | 000,173,568 | ---- | M] (Microsoft Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\InstallInfo\\ReinstallCommand: "C:\Windows\system32\ie4uinit.exe" -reinstall [2011/02/22 00:43:42 | 000,173,568 | ---- | M] (Microsoft Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\shell\naom\command\\: "C:\Program Files\Internet Explorer\iexplore.exe" -extoff [2011/02/22 02:21:12 | 000,638,232 | ---- | M] (Microsoft Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\shell\open\command\\: "C:\Program Files\Internet Explorer\iexplore.exe" [2011/02/22 02:21:12 | 000,638,232 | ---- | M] (Microsoft Corporation)

< %USERPROFILE%\AppData\Local\Google\Chrome\User Data\*.* /s >
[2011/05/28 20:10:42 | 000,007,366 | ---- | M] () -- C:\Users\owner\AppData\Local\Google\Chrome\User Data\Local State
[2011/04/25 17:20:17 | 005,555,760 | ---- | M] () -- C:\Users\owner\AppData\Local\Google\Chrome\User Data\Safe Browsing Bloom
[2011/04/25 17:20:19 | 002,134,565 | ---- | M] () -- C:\Users\owner\AppData\Local\Google\Chrome\User Data\Safe Browsing Bloom Filter 2
[1 C:\Users\owner\AppData\Local\Google\Chrome\User Data\*.tmp files -> C:\Users\owner\AppData\Local\Google\Chrome\User Data\*.tmp -> ]
[2011/05/28 20:38:59 | 000,053,248 | ---- | M] () -- C:\Users\owner\AppData\Local\Google\Chrome\User Data\Default\Archived History
[2011/05/28 20:38:59 | 000,000,512 | ---- | M] () -- C:\Users\owner\AppData\Local\Google\Chrome\User Data\Default\Archived History-journal
[2011/04/15 13:11:33 | 000,020,242 | ---- | M] () -- C:\Users\owner\AppData\Local\Google\Chrome\User Data\Default\Bookmarks
[2011/04/15 13:11:33 | 000,020,242 | ---- | M] () -- C:\Users\owner\AppData\Local\Google\Chrome\User Data\Default\Bookmarks.bak
[2011/05/28 20:39:35 | 001,165,312 | ---- | M] () -- C:\Users\owner\AppData\Local\Google\Chrome\User Data\Default\Cookies
[2011/05/28 20:40:25 | 000,001,614 | ---- | M] () -- C:\Users\owner\AppData\Local\Google\Chrome\User Data\Default\Current Session
[2011/05/28 20:40:30 | 000,000,008 | ---- | M] () -- C:\Users\owner\AppData\Local\Google\Chrome\User Data\Default\Current Tabs
[2010/06/07 08:50:20 | 000,006,144 | ---- | M] () -- C:\Users\owner\AppData\Local\Google\Chrome\User Data\Default\Extension Cookies
[2011/05/28 20:07:54 | 000,854,016 | ---- | M] () -- C:\Users\owner\AppData\Local\Google\Chrome\User Data\Default\Favicons
[2011/05/28 20:39:15 | 084,365,312 | ---- | M] () -- C:\Users\owner\AppData\Local\Google\Chrome\User Data\Default\History
[2011/05/28 20:39:40 | 000,036,864 | ---- | M] () -- C:\Users\owner\AppData\Local\Google\Chrome\User Data\Default\History Index 2011-05
[2011/05/28 20:39:41 | 000,012,824 | ---- | M] () -- C:\Users\owner\AppData\Local\Google\Chrome\User Data\Default\History Index 2011-05-journal
[2011/04/21 22:27:11 | 000,026,624 | ---- | M] () -- C:\Users\owner\AppData\Local\Google\Chrome\User Data\Default\Login Data
[2011/05/28 20:39:09 | 000,025,100 | ---- | M] () -- C:\Users\owner\AppData\Local\Google\Chrome\User Data\Default\Preferences
[2011/05/24 13:17:03 | 000,000,000 | ---- | M] () -- C:\Users\owner\AppData\Local\Google\Chrome\User Data\Default\Thumbnails
[2011/05/28 20:08:21 | 000,380,928 | ---- | M] () -- C:\Users\owner\AppData\Local\Google\Chrome\User Data\Default\Top Sites
[2011/05/28 20:40:30 | 000,131,072 | ---- | M] () -- C:\Users\owner\AppData\Local\Google\Chrome\User Data\Default\Visited Links
[2011/05/30 15:15:06 | 000,329,728 | ---- | M] () -- C:\Users\owner\AppData\Local\Google\Chrome\User Data\Default\Web Data
[2011/05/28 20:38:59 | 000,006,680 | ---- | M] () -- C:\Users\owner\AppData\Local\Google\Chrome\User Data\Default\Web Data-journal
[2011/05/24 13:16:38 | 000,009,216 | ---- | M] () -- C:\Users\owner\AppData\Local\Google\Chrome\User Data\Default\databases\Databases.db
[2011/05/28 20:07:07 | 000,000,217 | ---- | M] () -- C:\Users\owner\AppData\Local\Google\Chrome\User Data\Default\Extensions\jfmjfhklogoienhpfnppmbcbjfjnkonk\1.4_0\background.html
[2011/05/28 20:07:07 | 000,003,879 | ---- | M] () -- C:\Users\owner\AppData\Local\Google\Chrome\User Data\Default\Extensions\jfmjfhklogoienhpfnppmbcbjfjnkonk\1.4_0\contentscript.js
[2011/05/28 20:07:08 | 000,000,640 | ---- | M] () -- C:\Users\owner\AppData\Local\Google\Chrome\User Data\Default\Extensions\jfmjfhklogoienhpfnppmbcbjfjnkonk\1.4_0\manifest.json
[2011/05/28 20:07:07 | 000,001,766 | ---- | M] () -- C:\Users\owner\AppData\Local\Google\Chrome\User Data\Default\Extensions\jmfkcklnlgedgbglfkkgedjfmejoahla\10.0.0.1374_0\background.html
[2011/05/28 20:07:10 | 000,000,984 | ---- | M] () -- C:\Users\owner\AppData\Local\Google\Chrome\User Data\Default\Extensions\jmfkcklnlgedgbglfkkgedjfmejoahla\10.0.0.1374_0\manifest.json
[2011/05/28 20:07:07 | 000,006,273 | ---- | M] () -- C:\Users\owner\AppData\Local\Google\Chrome\User Data\Default\Extensions\jmfkcklnlgedgbglfkkgedjfmejoahla\10.0.0.1374_0\content\avgls-inline.js
[2011/05/28 20:07:07 | 000,013,424 | ---- | M] () -- C:\Users\owner\AppData\Local\Google\Chrome\User Data\Default\Extensions\jmfkcklnlgedgbglfkkgedjfmejoahla\10.0.0.1374_0\content\flyover.js
[2011/05/28 20:07:07 | 000,001,302 | ---- | M] () -- C:\Users\owner\AppData\Local\Google\Chrome\User Data\Default\Extensions\jmfkcklnlgedgbglfkkgedjfmejoahla\10.0.0.1374_0\content\interstitial-block.html
[2011/05/28 20:07:07 | 000,078,601 | ---- | M] () -- C:\Users\owner\AppData\Local\Google\Chrome\User Data\Default\Extensions\jmfkcklnlgedgbglfkkgedjfmejoahla\10.0.0.1374_0\content\jquery-1.4.4.min.js
[2011/05/28 20:07:07 | 000,090,729 | ---- | M] () -- C:\Users\owner\AppData\Local\Google\Chrome\User Data\Default\Extensions\jmfkcklnlgedgbglfkkgedjfmejoahla\10.0.0.1374_0\content\searchengine.js
[2011/05/28 20:07:07 | 000,013,513 | ---- | M] () -- C:\Users\owner\AppData\Local\Google\Chrome\User Data\Default\Extensions\jmfkcklnlgedgbglfkkgedjfmejoahla\10.0.0.1374_0\content\searchshield.js
[2011/05/28 20:07:10 | 000,016,328 | ---- | M] () -- C:\Users\owner\AppData\Local\Google\Chrome\User Data\Default\Extensions\jmfkcklnlgedgbglfkkgedjfmejoahla\10.0.0.1374_0\content\Icons\128x128.png
[2011/05/28 20:07:10 | 000,000,790 | ---- | M] () -- C:\Users\owner\AppData\Local\Google\Chrome\User Data\Default\Extensions\jmfkcklnlgedgbglfkkgedjfmejoahla\10.0.0.1374_0\content\Icons\16x16.png
[2011/05/28 20:07:10 | 000,004,310 | ---- | M] () -- C:\Users\owner\AppData\Local\Google\Chrome\User Data\Default\Extensions\jmfkcklnlgedgbglfkkgedjfmejoahla\10.0.0.1374_0\content\Icons\48x48.png
[2011/05/28 20:07:07 | 000,006,455 | ---- | M] () -- C:\Users\owner\AppData\Local\Google\Chrome\User Data\Default\Extensions\jmfkcklnlgedgbglfkkgedjfmejoahla\10.0.0.1374_0\content\Icons\64x64.png
[2011/05/28 20:07:07 | 000,000,303 | ---- | M] () -- C:\Users\owner\AppData\Local\Google\Chrome\User Data\Default\Extensions\jmfkcklnlgedgbglfkkgedjfmejoahla\10.0.0.1374_0\content\Icons\background_middle_gray.gif
[2011/05/28 20:07:07 | 000,000,610 | ---- | M] () -- C:\Users\owner\AppData\Local\Google\Chrome\User Data\Default\Extensions\jmfkcklnlgedgbglfkkgedjfmejoahla\10.0.0.1374_0\content\Icons\background_middle_green.gif
[2011/05/28 20:07:07 | 000,000,773 | ---- | M] () -- C:\Users\owner\AppData\Local\Google\Chrome\User Data\Default\Extensions\jmfkcklnlgedgbglfkkgedjfmejoahla\10.0.0.1374_0\content\Icons\background_middle_orange.gif
[2011/05/28 20:07:07 | 000,001,332 | ---- | M] () -- C:\Users\owner\AppData\Local\Google\Chrome\User Data\Default\Extensions\jmfkcklnlgedgbglfkkgedjfmejoahla\10.0.0.1374_0\content\Icons\background_middle_red.gif
[2011/05/28 20:07:07 | 000,000,974 | ---- | M] () -- C:\Users\owner\AppData\Local\Google\Chrome\User Data\Default\Extensions\jmfkcklnlgedgbglfkkgedjfmejoahla\10.0.0.1374_0\content\Icons\background_middle_yellow.gif
[2011/05/28 20:07:07 | 000,000,303 | ---- | M] () -- C:\Users\owner\AppData\Local\Google\Chrome\User Data\Default\Extensions\jmfkcklnlgedgbglfkkgedjfmejoahla\10.0.0.1374_0\content\Icons\background_top_gray.gif
[2011/05/28 20:07:07 | 000,000,159 | ---- | M] () -- C:\Users\owner\AppData\Local\Google\Chrome\User Data\Default\Extensions\jmfkcklnlgedgbglfkkgedjfmejoahla\10.0.0.1374_0\content\Icons\background_top_green.gif
[2011/05/28 20:07:07 | 000,000,204 | ---- | M] () -- C:\Users\owner\AppData\Local\Google\Chrome\User Data\Default\Extensions\jmfkcklnlgedgbglfkkgedjfmejoahla\10.0.0.1374_0\content\Icons\background_top_orange.gif
[2011/05/28 20:07:07 | 000,000,959 | ---- | M] () -- C:\Users\owner\AppData\Local\Google\Chrome\User Data\Default\Extensions\jmfkcklnlgedgbglfkkgedjfmejoahla\10.0.0.1374_0\content\Icons\background_top_red.gif
[2011/05/28 20:07:07 | 000,000,217 | ---- | M] () -- C:\Users\owner\AppData\Local\Google\Chrome\User Data\Default\Extensions\jmfkcklnlgedgbglfkkgedjfmejoahla\10.0.0.1374_0\content\Icons\background_top_yellow.gif
[2011/05/28 20:07:07 | 000,001,932 | ---- | M] () -- C:\Users\owner\AppData\Local\Google\Chrome\User Data\Default\Extensions\jmfkcklnlgedgbglfkkgedjfmejoahla\10.0.0.1374_0\content\Icons\block-doc.gif
[2011/05/28 20:07:07 | 000,000,394 | ---- | M] () -- C:\Users\owner\AppData\Local\Google\Chrome\User Data\Default\Extensions\jmfkcklnlgedgbglfkkgedjfmejoahla\10.0.0.1374_0\content\Icons\blocked.gif
[2011/05/28 20:07:07 | 000,001,060 | ---- | M] () -- C:\Users\owner\AppData\Local\Google\Chrome\User Data\Default\Extensions\jmfkcklnlgedgbglfkkgedjfmejoahla\10.0.0.1374_0\content\Icons\blocked12.png
[2011/05/28 20:07:07 | 000,000,333 | ---- | M] () -- C:\Users\owner\AppData\Local\Google\Chrome\User Data\Default\Extensions\jmfkcklnlgedgbglfkkgedjfmejoahla\10.0.0.1374_0\content\Icons\border_bottom_gray.gif
[2011/05/28 20:07:08 | 000,000,454 | ---- | M] () -- C:\Users\owner\AppData\Local\Google\Chrome\User Data\Default\Extensions\jmfkcklnlgedgbglfkkgedjfmejoahla\10.0.0.1374_0\content\Icons\border_bottom_green.gif
[2011/05/28 20:07:08 | 000,000,617 | ---- | M] () -- C:\Users\owner\AppData\Local\Google\Chrome\User Data\Default\Extensions\jmfkcklnlgedgbglfkkgedjfmejoahla\10.0.0.1374_0\content\Icons\border_bottom_orange.gif
[2011/05/28 20:07:08 | 000,000,099 | ---- | M] () -- C:\Users\owner\AppData\Local\Google\Chrome\User Data\Default\Extensions\jmfkcklnlgedgbglfkkgedjfmejoahla\10.0.0.1374_0\content\Icons\border_bottom_red.gif
[2011/05/28 20:07:08 | 000,000,626 | ---- | M] () -- C:\Users\owner\AppData\Local\Google\Chrome\User Data\Default\Extensions\jmfkcklnlgedgbglfkkgedjfmejoahla\10.0.0.1374_0\content\Icons\border_bottom_yellow.gif
[2011/05/28 20:07:08 | 000,000,471 | ---- | M] () -- C:\Users\owner\AppData\Local\Google\Chrome\User Data\Default\Extensions\jmfkcklnlgedgbglfkkgedjfmejoahla\10.0.0.1374_0\content\Icons\border_top_gray.gif
[2011/05/28 20:07:08 | 000,000,820 | ---- | M] () -- C:\Users\owner\AppData\Local\Google\Chrome\User Data\Default\Extensions\jmfkcklnlgedgbglfkkgedjfmejoahla\10.0.0.1374_0\content\Icons\border_top_green.gif
[2011/05/28 20:07:08 | 000,000,446 | ---- | M] () -- C:\Users\owner\AppData\Local\Google\Chrome\User Data\Default\Extensions\jmfkcklnlgedgbglfkkgedjfmejoahla\10.0.0.1374_0\content\Icons\border_top_orange.gif
[2011/05/28 20:07:08 | 000,000,484 | ---- | M] () -- C:\Users\owner\AppData\Local\Google\Chrome\User Data\Default\Extensions\jmfkcklnlgedgbglfkkgedjfmejoahla\10.0.0.1374_0\content\Icons\border_top_red.gif
[2011/05/28 20:07:08 | 000,000,336 | ---- | M] () -- C:\Users\owner\AppData\Local\Google\Chrome\User Data\Default\Extensions\jmfkcklnlgedgbglfkkgedjfmejoahla\10.0.0.1374_0\content\Icons\border_top_yellow.gif
[2011/05/28 20:07:08 | 000,000,339 | ---- | M] () -- C:\Users\owner\AppData\Local\Google\Chrome\User Data\Default\Extensions\jmfkcklnlgedgbglfkkgedjfmejoahla\10.0.0.1374_0\content\Icons\box_bottom_red.gif
[2011/05/28 20:07:08 | 000,000,520 | ---- | M] () -- C:\Users\owner\AppData\Local\Google\Chrome\User Data\Default\Extensions\jmfkcklnlgedgbglfkkgedjfmejoahla\10.0.0.1374_0\content\Icons\box_top_red.gif
[2011/05/28 20:07:08 | 000,000,364 | ---- | M] () -- C:\Users\owner\AppData\Local\Google\Chrome\User Data\Default\Extensions\jmfkcklnlgedgbglfkkgedjfmejoahla\10.0.0.1374_0\content\Icons\caution.gif
[2011/05/28 20:07:08 | 000,000,523 | ---- | M] () -- C:\Users\owner\AppData\Local\Google\Chrome\User Data\Default\Extensions\jmfkcklnlgedgbglfkkgedjfmejoahla\10.0.0.1374_0\content\Icons\caution12.png
[2011/05/28 20:07:08 | 000,000,586 | ---- | M] () -- C:\Users\owner\AppData\Local\Google\Chrome\User Data\Default\Extensions\jmfkcklnlgedgbglfkkgedjfmejoahla\10.0.0.1374_0\content\Icons\click_here_gray.gif
[2011/05/28 20:07:08 | 000,001,418 | ---- | M] () -- C:\Users\owner\AppData\Local\Google\Chrome\User Data\Default\Extensions\jmfkcklnlgedgbglfkkgedjfmejoahla\10.0.0.1374_0\content\Icons\click_here_green.gif
[2011/05/28 20:07:08 | 000,001,268 | ---- | M] () -- C:\Users\owner\AppData\Local\Google\Chrome\User Data\Default\Extensions\jmfkcklnlgedgbglfkkgedjfmejoahla\10.0.0.1374_0\content\Icons\click_here_orange.gif
[2011/05/28 20:07:08 | 000,001,333 | ---- | M] () -- C:\Users\owner\AppData\Local\Google\Chrome\User Data\Default\Extensions\jmfkcklnlgedgbglfkkgedjfmejoahla\10.0.0.1374_0\content\Icons\click_here_red.gif
[2011/05/28 20:07:08 | 000,001,368 | ---- | M] () -- C:\Users\owner\AppData\Local\Google\Chrome\User Data\Default\Extensions\jmfkcklnlgedgbglfkkgedjfmejoahla\10.0.0.1374_0\content\Icons\click_here_yellow.gif
[2011/05/28 20:07:08 | 000,002,455 | ---- | M] () -- C:\Users\owner\AppData\Local\Google\Chrome\User Data\Default\Extensions\jmfkcklnlgedgbglfkkgedjfmejoahla\10.0.0.1374_0\content\Icons\clock.gif
[2011/05/28 20:07:08 | 000,000,429 | ---- | M] () -- C:\Users\owner\AppData\Local\Google\Chrome\User Data\Default\Extensions\jmfkcklnlgedgbglfkkgedjfmejoahla\10.0.0.1374_0\content\Icons\clock12.png
[2011/05/28 20:07:08 | 000,002,229 | ---- | M] () -- C:\Users\owner\AppData\Local\Google\Chrome\User Data\Default\Extensions\jmfkcklnlgedgbglfkkgedjfmejoahla\10.0.0.1374_0\content\Icons\icons_blocked.gif
[2011/05/28 20:07:08 | 000,002,364 | ---- | M] () -- C:\Users\owner\AppData\Local\Google\Chrome\User Data\Default\Extensions\jmfkcklnlgedgbglfkkgedjfmejoahla\10.0.0.1374_0\content\Icons\icons_caution.gif
[2011/05/28 20:07:08 | 000,000,613 | ---- | M] () -- C:\Users\owner\AppData\Local\Google\Chrome\User Data\Default\Extensions\jmfkcklnlgedgbglfkkgedjfmejoahla\10.0.0.1374_0\content\Icons\icons_close.gif
[2011/05/28 20:07:08 | 000,002,314 | ---- | M] () -- C:\Users\owner\AppData\Local\Google\Chrome\User Data\Default\Extensions\jmfkcklnlgedgbglfkkgedjfmejoahla\10.0.0.1374_0\content\Icons\icons_safe.gif
[2011/05/28 20:07:08 | 000,001,662 | ---- | M] () -- C:\Users\owner\AppData\Local\Google\Chrome\User Data\Default\Extensions\jmfkcklnlgedgbglfkkgedjfmejoahla\10.0.0.1374_0\content\Icons\icons_unknown.gif
[2011/05/28 20:07:08 | 000,002,344 | ---- | M] () -- C:\Users\owner\AppData\Local\Google\Chrome\User Data\Default\Extensions\jmfkcklnlgedgbglfkkgedjfmejoahla\10.0.0.1374_0\content\Icons\icons_warning.gif
[2011/05/28 20:07:08 | 000,001,683 | ---- | M] () -- C:\Users\owner\AppData\Local\Google\Chrome\User Data\Default\Extensions\jmfkcklnlgedgbglfkkgedjfmejoahla\10.0.0.1374_0\content\Icons\LS_Logo_Results.gif
[2011/05/28 20:07:08 | 000,000,362 | ---- | M] () -- C:\Users\owner\AppData\Local\Google\Chrome\User Data\Default\Extensions\jmfkcklnlgedgbglfkkgedjfmejoahla\10.0.0.1374_0\content\Icons\safe.gif
[2011/05/28 20:07:08 | 000,000,564 | ---- | M] () -- C:\Users\owner\AppData\Local\Google\Chrome\User Data\Default\Extensions\jmfkcklnlgedgbglfkkgedjfmejoahla\10.0.0.1374_0\content\Icons\safe12.png
[2011/05/28 20:07:08 | 000,000,389 | ---- | M] () -- C:\Users\owner\AppData\Local\Google\Chrome\User Data\Default\Extensions\jmfkcklnlgedgbglfkkgedjfmejoahla\10.0.0.1374_0\content\Icons\unknown.gif
[2011/05/28 20:07:08 | 000,004,322 | ---- | M] () -- C:\Users\owner\AppData\Local\Google\Chrome\User Data\Default\Extensions\jmfkcklnlgedgbglfkkgedjfmejoahla\10.0.0.1374_0\content\Icons\vrsn-secured-lsfo.gif
[2011/05/28 20:07:08 | 000,000,374 | ---- | M] () -- C:\Users\owner\AppData\Local\Google\Chrome\User Data\Default\Extensions\jmfkcklnlgedgbglfkkgedjfmejoahla\10.0.0.1374_0\content\Icons\warning.gif
[2011/05/28 20:07:08 | 000,000,555 | ---- | M] () -- C:\Users\owner\AppData\Local\Google\Chrome\User Data\Default\Extensions\jmfkcklnlgedgbglfkkgedjfmejoahla\10.0.0.1374_0\content\Icons\warning12.png
[2011/05/28 20:07:07 | 001,753,440 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Users\owner\AppData\Local\Google\Chrome\User Data\Default\Extensions\jmfkcklnlgedgbglfkkgedjfmejoahla\10.0.0.1374_0\plugins\avgnpss.dll
[2011/05/28 20:07:07 | 001,859,424 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Users\owner\AppData\Local\Google\Chrome\User Data\Default\Extensions\jmfkcklnlgedgbglfkkgedjfmejoahla\10.0.0.1374_0\plugins\avgxpl.dll
[2010/10/28 10:58:02 | 000,003,072 | ---- | M] () -- C:\Users\owner\AppData\Local\Google\Chrome\User Data\Default\Local Storage\chrome-extension_eemcgdkfndhakfknompkggombfjjjeno_0.localstorage
[2010/10/12 19:12:22 | 000,003,072 | ---- | M] () -- C:\Users\owner\AppData\Local\Google\Chrome\User Data\Default\Local Storage\https_cim.meebo.com_0.localstorage
[2011/04/17 14:18:28 | 000,003,072 | ---- | M] () -- C:\Users\owner\AppData\Local\Google\Chrome\User Data\Default\Local Storage\https_www.amazon.com_0.localstorage
[2011/04/09 15:53:07 | 000,003,072 | ---- | M] () -- C:\Users\owner\AppData\Local\Google\Chrome\User Data\Default\Local Storage\https_www.meebo.com_0.localstorage
[2009/11/21 13:34:54 | 000,017,408 | ---- | M] () -- C:\Users\owner\AppData\Local\Google\Chrome\User Data\Default\Plugin Data\Google Gears\localserver.db
[2008/09/16 11:01:20 | 000,019,456 | ---- | M] () -- C:\Users\owner\AppData\Local\Google\Chrome\User Data\Default\Plugin Data\Google Gears\permissions.db
[2010/09/10 08:33:00 | 000,000,000 | ---- | M] () -- C:\Users\owner\AppData\Local\Google\Chrome\User Data\Default\User StyleSheets\Custom.css

< HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate\AU >

< HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\Auto Update\Results\Install|LastSuccessTime /rs >
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\Auto Update\Results\Install\\LastSuccessTime: 2011-06-03 17:57:18

< End of report >

#12 SweetTech

Agent ST

Group: Malware Response Team
Posts: 12,662
Joined: 15-March 09
Gender:Male
Location:Antarctica

Posted 08 June 2011 - 10:48 AM

Hi!

I may ask that you post in the Windows forum and see what the techs have to say about the no sound issue and see if they can get the sound back.

OTL Fix

We need to run an OTL Fix

Please reopen on your desktop.

Copy and Paste the following code into the Posted Image

textbox.

:Services
:OTL
[2011/05/31 00:10:44 | 000,000,000 | ---- | M] () -- C:\Users\owner\AppData\Local\prvlcl.dat
:Files
ipconfig /flushdns /c
:Commands
[CreateRestorePoint]
[emptytemp]
[EMPTYFLASH]

Push
OTL may ask to reboot the machine. Please do so if asked.
Click the OK button.
A report will open. Copy and Paste that report in your next reply.
If the machine reboots, the log will be located at C:\_OTL\MovedFiles\mmddyyyy_hhmmss.log, where mmddyyyy_hhmmss is the date of the tool run.

#13 Pyrosteria

New Member

Group: Members
Posts: 13
Joined: 31-May 11

Posted 08 June 2011 - 12:36 PM

Here's the OTL report:

All processes killed
========== SERVICES/DRIVERS ==========
========== OTL ==========
C:\Users\owner\AppData\Local\prvlcl.dat moved successfully.
========== FILES ==========
< ipconfig /flushdns /c >
Windows IP Configuration
Successfully flushed the DNS Resolver Cache.
C:\Users\owner\Desktop\cmd.bat deleted successfully.
C:\Users\owner\Desktop\cmd.txt deleted successfully.
========== COMMANDS ==========

[EMPTYTEMP]

User: All Users

User: Default
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes

User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes

User: owner
->Temp folder emptied: 274179 bytes
->Temporary Internet Files folder emptied: 208459 bytes
->Java cache emptied: 0 bytes
->FireFox cache emptied: 98782414 bytes
->Google Chrome cache emptied: 0 bytes
->Flash cache emptied: 3372 bytes

User: Public
->Temp folder emptied: 0 bytes

%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 43 bytes
RecycleBin emptied: 0 bytes

Total Files Cleaned = 95.00 mb

[EMPTYFLASH]

User: All Users

User: Default

User: Default User

User: owner
->Flash cache emptied: 0 bytes

User: Public

Total Flash Files Cleaned = 0.00 mb

OTL by OldTimer - Version 3.2.23.0 log created on 06082011_124550

Files\Folders moved on Reboot...

Registry entries deleted on Reboot...

I'll go ahead and post in the Windows forum about the sound problem. :wink:

#14 SweetTech

Agent ST

Group: Malware Response Team
Posts: 12,662
Joined: 15-March 09
Gender:Male
Location:Antarctica

Posted 08 June 2011 - 12:39 PM

Hi,

Before I have you post in the Windows forum please make your way through this post;

Your logs appear to be clean, so if you have no further issues with your computer, then please proceed with the following housekeeping procedures outlined below.

Time for some housekeeping
The following will implement some cleanup procedures as well as reset System Restore points:

Click Start > Run and copy/paste the following bolded text into the Run box and click OK: ComboFix /Uninstall

NEXT:

OTL Fix

We need to run an OTL Fix

Please reopen on your desktop.
Copy and Paste the following code into the textbox.
```
:Commands
[ClearAllRestorePoints]
```
Push
OTL may ask to reboot the machine. Please do so if asked.
Click the OK button.
A report will open. Copy and Paste that report in your next reply.

NEXT:

OTL Clean-Up

We Need to Clean Up our Mess
Our work on your machine has left considerable leftovers on your box. Let's clean those up real quick:

Reopen on your desktop.
Click on
You will be prompted to reboot your system. Please do so.

If you still have any tools or logs leftover on your computer you can go ahead and delete those off of your computer now.

NEXT:

All Clean Speech

===> Make sure you've re-enabled any Security Programs that we may have disabled during the malware removal process. <===

Below I have included a number of recommendations for how to protect your computer against malware infections.

Updated Anti-Virus Program
It's essential that you have an updated anti-virus program running on your computer. You don't want to run more than one as it can cause program conflicts, as well as false positives

You can view an excellent list of Free Security Software programs that has been compiled by GeekstoGo.

Avoid P2P Programs

Remember that no matter how clean the program you're using for peer-to-peer filesharing may be, it offers no guarantees regarding the cleanliness of files you may choose to download. All files available via p2p filesharing carry a high risk, particularly those that offer you illegitimate methods of using legitimate software programs without paying for them. Some further readings on this subject, along the included links, are as follows: File-Sharing, otherwise known as Peer To Peer and Risks of File-Sharing Technology.

If you have any of these programs installed then I highly suggest you uninstall them.

NOTE: Take care when answering any questions posed by an uninstaller. Some questions may be worded to deceive you into keeping the program.

Internet Browsers

Many of the users that I assist here on the forums, ask me which programs they can use to prevent themselves from getting infected again in the future. The best answer I can give you is too practice safe browsing.

Please consider using an alternative browser such as Google Chrome or Opera. They are both much more secure than Internet Explorer, immune to almost all known browser hijackers, and also have great built-in pop-up blockers.

I also suggest you make your Internet Explore more secure.

Make Internet Explorer more secure

Click Start > Run
Type Inetcpl.cpl & click OK
Click on the Security tab
Click Reset all zones to default level
Make sure the Internet Zone is selected & Click Custom level
In the ActiveX section, set the first two options ("Download signed and unsigned ActiveX controls) to "Prompt", and ("Initialize and Script ActiveX controls not marked as safe") to "Disable".
Next Click OK, then Apply button and then OK to exit the Internet Properties page.

Extra Goodies

It is good security practice to change your passwords to all your online accounts on a fairly regular basis, this is especially true after an infection. Refer to this Microsoft article
Strong passwords: How to create and use them then consider a password keeper, to keep all your passwords safe.
Keep Windows updated by regularly checking their website at: http://windowsupdate.microsoft.com/
This will ensure your computer has always the latest security updates available installed on your computer.
You should run an updated scan with MalwareBytes' Anti-Malware weekly. Instructions are included below:
- Open Malwarebytes' Anti-Malware
- Select the Update tab
- Click Check for Updates
Be weary of e-mails from unknown senders. Keep the following in mind as well: If it's to good to be true, then it more than likely is.
FileHippo Update Checker is an extremely helpful program that will tell you which of your programs need to be updated. Its important to keep programs up to date so that malware doesn't exploit any old security flaws.
WOT, Web of Trust, warns you about risky websites that try to scam visitors, deliver malware or send spam. Protect your computer against online threats by using WOT as your front-line layer of protection when browsing or searching in unfamiliar territory. WOT's color-coded icons show you ratings for 21 million websites, helping you avoid the dangerous sites:
- Green to go
- Yellow for caution
- Red to stop
WOT has an addon available for Chrome and Opera.
Keep a backup of your important files - Now, more than ever, it's especially important to protect your digital files and memories. This article is full of good information on alternatives for home backup solutions.
In light of your recent issue, I'm sure you'd like to avoid any future infections. Please take a look at these well written articles:

**Be very wary with any security software that is advertised in popups or in other ways. They are not only usually of no use, but often have malware in them.

Thank you for your patience, and performing all of the procedures requested.

Please respond one last time so we can consider the thread resolved and close it, thank-you.

Cheers,
SweetTech.