BleepingComputer.com: Verifying my system is clean after using tdsskiller

Jump to content

Forum Guidelines

Posted Image Read the following topic before creating a new topic in this forum. It contains instructions on the what we would like you to post, which will enable us to help you more quickly.

Preparation Guide For Use Before Using Malware Removal Tools and Requesting Help


Posted Image Unfortunately, with the amount of logs we receive per day, the average response time is 5 days. I want to assure you, though, that your topic will be looked at and responded to. So please be patient.


Posted Image DO NOT RUN ComboFix unless requested to.


Posted Image Only members of the Malware Response Team or Moderators are allowed to help people with logs. Anyone else should refrain from posting to another user's log.


Posted Image When posting a log please put the type of infection you have in the topic title. IE: Winfixer, Virtumonde, WinTools, WebSearch, Home Search Assistant, etc.


Posted Image Do not bump your topic. We try to resolve logs on a first come/first served basis. By bumping your log you will be pushed back in line due to the new date of your bump.
  • 2 Pages +
  • 1
  • 2
  • You cannot start a new topic
  • This topic is locked

Verifying my system is clean after using tdsskiller

#1 User is offline   Aironet 

  • New Member
  • Pip
  • Find Topics
  • Group: Members
  • Posts: 13
  • Joined: 13-June 11

Posted 13 June 2011 - 08:42 PM

I was told by a friend that I needed to run tdsskiller.exe to remove the rootkit. It removed the rootkit and I haven't noticed any problems since. I'd like to have more knowledgeable people review my system to make sure the rootkit is gone and no other viruses exist. Thanks!

.
DDS (Ver_2011-06-03.01) - NTFSx86
Internet Explorer: 8.0.7601.17514 BrowserJavaVersion: 1.6.0_24
Run by Joel at 23:35:41 on 2011-06-14
Microsoft Windows 7 Ultimate 6.1.7601.1.1252.1.1033.18.3070.2226 [GMT -7:00]
.
AV: ESET NOD32 Antivirus 4.2 *Disabled/Updated* {77DEAFED-8149-104B-25A1-21771CA47CD1}
SP: ESET NOD32 Antivirus 4.2 *Disabled/Updated* {CCBF4E09-A773-1FC5-1F11-1A056723366C}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
============== Running Processes ===============
.
C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\svchost.exe -k RPCSS
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
C:\Windows\system32\svchost.exe -k AxInstSVGroup
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\DU Meter\DUMeterSvc.exe
C:\Windows\system32\Dwm.exe
C:\Program Files\ESET\ESET NOD32 Antivirus\ekrn.exe
C:\Windows\Explorer.EXE
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Program Files\Sandboxie\SbieSvc.exe
C:\Windows\system32\sppsvc.exe
C:\Windows\system32\svchost.exe -k imgsvc
C:\Program Files\TeamViewer\Version6\TeamViewer_Service.exe
C:\ProgramData\TVersity\Media Server\MediaServer.exe
C:\Windows\system32\taskhost.exe
C:\Windows\system32\taskeng.exe
C:\Program Files\Common Files\Java\Java Update\jusched.exe
C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe
C:\Windows\System32\CtHelper.exe
C:\Program Files\uTorrent\uTorrent.exe
C:\Program Files\Sandboxie\SbieCtrl.exe
C:\PROGRA~1\DUMETE~1\DUMeter.exe
C:\Windows\system32\SearchIndexer.exe
C:\Windows\System32\svchost.exe -k secsvcs
C:\Windows\system32\SearchProtocolHost.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Windows\System32\svchost.exe -k LocalServicePeerNet
C:\Windows\system32\DllHost.exe
C:\Windows\system32\DllHost.exe
C:\Windows\system32\conhost.exe
C:\Windows\system32\wbem\wmiprvse.exe
.
============== Pseudo HJT Report ===============
.
uStart Page = hxxp://www.bing.com/?pc=ZUGO&form=ZGAPHP
uInternet Settings,ProxyOverride = *.local
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll
BHO: Groove GFS Browser Helper: {72853161-30c5-4d22-b7f9-0bbc1d38a37e} - c:\program files\microsoft office\office12\GrooveShellExtensions.dll
TB: {D4027C7F-154A-4066-A1AD-4243D8127440} - No File
uRun: [uTorrent] "c:\program files\utorrent\uTorrent.exe"
uRun: [SandboxieControl] "c:\program files\sandboxie\SbieCtrl.exe"
uRun: [DU Meter] c:\program files\du meter\DUMeter.exe
mRun: [SunJavaUpdateSched] "c:\program files\common files\java\java update\jusched.exe"
mRun: [egui] "c:\program files\eset\eset nod32 antivirus\egui.exe" /hide /waitservice
mRun: [CTxfiHlp] CTXFIHLP.EXE
mRun: [CTHelper] CTHELPER.EXE
mRun: [Adobe Reader Speed Launcher] "c:\program files\adobe\reader 10.0\reader\Reader_sl.exe"
mRun: [Adobe ARM] "c:\program files\common files\adobe\arm\1.0\AdobeARM.exe"
mPolicies-system: ConsentPromptBehaviorAdmin = 5 (0x5)
mPolicies-system: ConsentPromptBehaviorUser = 3 (0x3)
mPolicies-system: EnableUIADesktopToggle = 0 (0x0)
IE: E&xport to Microsoft Excel - c:\progra~1\micros~2\office12\EXCEL.EXE/3000
IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - c:\progra~1\micros~2\office12\ONBttnIE.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~2\office12\REFIEBAR.DLL
DPF: {814EA0DA-E0D9-4AA4-833C-A1A6D38E79E9} - hxxp://das.microsoft.com/activate/cab/x86/i486/NTANSI/retail/DASAct.cab
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cab
TCP: DhcpNameServer = 192.168.1.1
TCP: Interfaces\{36FAE3F3-7142-459C-97F4-AC8A1C28965A} : DhcpNameServer = 192.168.1.1
Handler: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - c:\program files\microsoft office\office12\GrooveSystemServices.dll
.
================= FIREFOX ===================
.
FF - ProfilePath - c:\users\joel\appdata\roaming\mozilla\firefox\profiles\o38gkor2.default\
FF - prefs.js: browser.search.defaulturl - hxxp://slirsredirect.search.aol.com/slirs_http/sredir?sredir=2706&invocationType=&query=
FF - prefs.js: browser.search.selectedEngine - Google
FF - prefs.js: browser.startup.homepage - hxxp://www.google.com/
FF - prefs.js: keyword.URL - hxxp://www.google.com/search?q=
FF - prefs.js: network.proxy.ftp - 66.29.36.93
FF - prefs.js: network.proxy.ftp_port - 554
FF - prefs.js: network.proxy.gopher - 66.29.36.93
FF - prefs.js: network.proxy.gopher_port - 554
FF - prefs.js: network.proxy.http_port - 554
FF - prefs.js: network.proxy.socks - 66.29.36.93
FF - prefs.js: network.proxy.socks_port - 554
FF - prefs.js: network.proxy.ssl - 66.29.36.93
FF - prefs.js: network.proxy.ssl_port - 554
FF - prefs.js: network.proxy.type - 0
FF - plugin: c:\program files\google\google earth\plugin\npgeplugin.dll
FF - plugin: c:\program files\google\update\1.3.21.57\npGoogleUpdate3.dll
FF - plugin: c:\program files\java\jre6\bin\new_plugin\npdeployJava1.dll
FF - plugin: c:\program files\microsoft silverlight\4.0.60310.0\npctrlui.dll
FF - plugin: c:\program files\microsoft\office live\npOLW.dll
FF - plugin: c:\program files\mozilla firefox\plugins\npdeployJava1.dll
FF - plugin: c:\program files\mozilla firefox\plugins\npdnu.dll
FF - plugin: c:\program files\mozilla firefox\plugins\npdnupdater2.dll
FF - plugin: c:\program files\veetle\player\npvlc.dll
FF - plugin: c:\program files\veetle\plugins\npVeetle.dll
FF - plugin: c:\program files\veetle\vlcbroadcast\npvbp.dll
FF - plugin: c:\users\joel\appdata\local\google\update\1.3.21.57\npGoogleUpdate3.dll
FF - plugin: c:\users\joel\appdata\roaming\move networks\plugins\npqmp071706000001.dll
FF - plugin: c:\users\joel\appdata\roaming\mozilla\plugins\npoctoshape.dll
.
---- FIREFOX POLICIES ----
FF - user.js: network.proxy.http -
user_pref(network.proxy.http_port,);
FF - user.js: network.proxy.no_proxies_on -
FF - user.js: network.proxy.type - 0
FF - user.js: network.protocol-handler.warn-external.dnupdate - false);user_pref(yahoo.homepage.dontask, true
.
============= SERVICES / DRIVERS ===============
.
R2 {1BA31E5A-C098-42d8-8F88-3C9F78A2FDDC};Power Control [2010/08/01 05:47:03];c:\program files\cyberlink\powerdvd10\navfilter\000.fcl [2010-6-28 87536]
R2 DUMeterSvc;DU Meter Service;c:\program files\du meter\DUMeterSvc.exe [2010-2-20 1411616]
R2 eamonm;eamonm;c:\windows\system32\drivers\eamonm.sys [2010-7-29 136632]
R2 ekrn;ESET Service;c:\program files\eset\eset nod32 antivirus\ekrn.exe [2010-8-12 810144]
R2 epfwwfpr;epfwwfpr;c:\windows\system32\drivers\epfwwfpr.sys [2010-7-29 96920]
R2 TeamViewer6;TeamViewer 6;c:\program files\teamviewer\version6\TeamViewer_Service.exe [2011-6-8 2337144]
R3 b57nd60x;Broadcom NetXtreme Gigabit Ethernet - NDIS 6.0;c:\windows\system32\drivers\b57nd60x.sys [2009-7-13 229888]
R3 COMMONFX.SYS;COMMONFX.SYS;c:\windows\system32\drivers\COMMONFX.sys [2009-3-4 99352]
R3 CTAUDFX.SYS;CTAUDFX.SYS;c:\windows\system32\drivers\CTAUDFX.sys [2009-3-4 555032]
R3 CTSBLFX.SYS;CTSBLFX.SYS;c:\windows\system32\drivers\CTSBLFX.sys [2009-3-4 566296]
R3 DUMeterDrv;Hagel Technologies DU Meter traffic accounting driver;c:\program files\du meter\DUMetr32.sys [2010-9-13 19368]
R3 GenericMount;Generic Mount Driver;c:\windows\system32\drivers\GenericMount.sys [2009-9-21 46192]
R3 SbieDrv;SbieDrv;c:\program files\sandboxie\SbieDrv.sys [2010-10-17 124648]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\microsoft.net\framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
S2 gupdate;Google Update Service (gupdate);c:\program files\google\update\GoogleUpdate.exe [2010-7-21 136176]
S3 COMMONFX;COMMONFX;c:\windows\system32\drivers\COMMONFX.sys [2009-3-4 99352]
S3 Creative Audio Engine Licensing Service;Creative Audio Engine Licensing Service;c:\program files\common files\creative labs shared\service\CTAELicensing.exe [2010-2-7 79360]
S3 CTAUDFX;CTAUDFX;c:\windows\system32\drivers\CTAUDFX.sys [2009-3-4 555032]
S3 CTERFXFX.SYS;CTERFXFX.SYS;c:\windows\system32\drivers\CTERFXFX.sys [2009-3-4 100888]
S3 CTERFXFX;CTERFXFX;c:\windows\system32\drivers\CTERFXFX.sys [2009-3-4 100888]
S3 CTSBLFX;CTSBLFX;c:\windows\system32\drivers\CTSBLFX.sys [2009-3-4 566296]
S3 DKRtWrt;DKRtWrt;c:\windows\system32\drivers\DKRtWrt.sys [2011-3-3 46256]
S3 gupdatem;Google Update Service (gupdatem);c:\program files\google\update\GoogleUpdate.exe [2010-7-21 136176]
S3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;c:\windows\system32\drivers\rdpvideominiport.sys [2011-2-22 15872]
S3 Symantec SymSnap VSS Provider;Symantec SymSnap VSS Provider;c:\windows\system32\dllhost.exe [2009-7-13 7168]
S3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\TsUsbFlt.sys [2011-2-22 52224]
S4 GenericMount Helper Service;GenericMount Helper Service;c:\program files\norton ghost\shared\drivers\GenericMountHelper.exe [2009-9-21 1571336]
S4 PCToolsSSDMonitorSvc;PC Tools Startup and Shutdown Monitor service;c:\program files\common files\pc tools\smonitor\StartManSvc.exe [2010-1-2 583640]
S4 SymSnapService;SymSnapService;c:\program files\norton ghost\shared\drivers\SymSnapService.exe [2009-9-21 1964528]
.
=============== Created Last 30 ================
.
2011-06-15 06:33:11 -------- d--h--w- c:\windows\AxInstSV
2011-06-15 05:33:45 6962000 ----a-w- c:\programdata\microsoft\windows defender\definition updates\{e31ed862-e1d2-4f7b-a633-a5c791ecdadf}\mpengine.dll
2011-06-12 21:48:57 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2011-06-12 21:48:52 20952 ----a-w- c:\windows\system32\drivers\mbam.sys
2011-06-10 08:18:03 -------- d-----w- C:\$RECYCLE.BIN
2011-06-10 08:15:08 -------- d-----w- c:\users\joel\appdata\local\temp
2011-06-10 08:04:39 98816 ----a-w- c:\windows\sed.exe
2011-06-10 08:04:39 518144 ----a-w- c:\windows\SWREG.exe
2011-06-10 08:04:39 256512 ----a-w- c:\windows\PEV.exe
2011-06-10 08:04:39 208896 ----a-w- c:\windows\MBR.exe
2011-06-10 05:30:33 -------- d-----w- c:\programdata\SecTaskMan
2011-06-09 14:09:48 -------- d-----w- c:\program files\FileMaker
2011-06-09 09:33:20 -------- d-----w- c:\users\joel\appdata\roaming\FileMaker Pro Advanced
2011-06-09 09:31:34 -------- d-----w- c:\users\joel\appdata\local\FileMaker
2011-06-09 06:36:15 0 ----a-w- c:\users\joel\appdata\local\Tbacodobuvogep.bin
2011-06-09 05:30:44 -------- d-----w- c:\users\joel\appdata\roaming\PeerNetworking
2011-06-07 09:05:05 -------- d-----w- c:\programdata\Canopus
2011-05-24 23:32:21 -------- d-----w- c:\users\joel\appdata\local\Octoshape
2011-05-24 15:06:08 -------- d-----w- c:\users\joel\appdata\roaming\Octoshape
2011-05-16 22:01:52 404640 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
.
==================== Find3M ====================
.
2011-04-09 06:02:25 3967872 ----a-w- c:\windows\system32\ntkrnlpa.exe
2011-04-09 06:02:25 3912576 ----a-w- c:\windows\system32\ntoskrnl.exe
2011-03-25 02:58:37 258560 ----a-w- c:\windows\system32\drivers\usbhub.sys
2011-03-25 02:58:07 284672 ----a-w- c:\windows\system32\drivers\usbport.sys
2011-03-25 02:58:06 75776 ----a-w- c:\windows\system32\drivers\usbccgp.sys
2011-03-25 02:57:58 43008 ----a-w- c:\windows\system32\drivers\usbehci.sys
2011-03-25 02:57:56 24064 ----a-w- c:\windows\system32\drivers\usbuhci.sys
2011-03-25 02:57:53 5888 ----a-w- c:\windows\system32\drivers\usbd.sys
.
============= FINISH: 23:38:08.34 ===============

EDIT: Posts merged ~Budapest

This post has been edited by Budapest: 17 June 2011 - 06:48 PM

#2 User is offline   SweetTech 

  • Agent ST
  • PipPipPipPipPipPip
  • Find Topics
  • Group: Malware Response Team
  • Posts: 12,662
  • Joined: 15-March 09
  • Gender:Male
  • Location:Antarctica

Posted 21 June 2011 - 02:05 PM

Hello and welcome to the forums!

My secret agent name on the forums is SweetTech (you can call me ST for short), it's a pleasure to meet you. :)

I am very sorry for the delay in responding, but as you can see we are at the moment being flooded with logs which, when paired with the never-ending shortage of helpers, resulted in the delayed responding to your thread.

I would be glad to take a look at your log and help you with solving any malware problems.

If you have since resolved the issues you were originally experiencing, or have received help elsewhere, please inform me so that this topic can be closed.

If you have not, please adhere to the guidelines below and then follow instructions as outlined further below:

  • Logs from malware removal programs (OTL is one of them) can take some time to analyze. I need you to be patient while I analyze any logs you post. Please remember, I am a volunteer, and I do have a life outside of these forums.

  • Please make sure to carefully read any instruction that I give you. Attention to detail is important! Since I cannot see or directly interact with your computer I am dependent on you to "be my eyes" and provide as much information as you can regarding the current state of your computer.

  • If you're not sure, or if something unexpected happens, do NOT continue! Stop and ask!

  • In Windows Vista and Windows 7, all tools need to be started by right clicking and selecting Run as Administrator!

  • If I instruct you to download a specific tool in which you already have, please delete the copy that you have and re-download the tool. The reason I ask you to do this is because these tools are updated fairly regularly.

  • Do not do things I do not ask for, such as running a spyware scan on your computer. The one thing that you should always do, is to make sure sure that your anti-virus definitions are up-to-date!

  • Please do not use the Attachment feature for any log file. Do a Copy/Paste of the entire contents of the log file and submit it inside your post.

  • I am going to stick with you until ALL malware is gone from your system. I would appreciate it if you would do the same. From this point, we're in this together ;)
    Because of this, you must reply within three days     failure to reply will result in the topic being closed!

  • Lastly, I am no magician. I will try very hard to fix your issues, but no promises can be made. Also be aware that some infections are so severe that you might need to resort to reformatting and reinstalling your operating system.
    Don't worry, this only happens in severe cases, but it sadly does happen. Be prepared to back up your data. Have means of backing up your data available.


____________________________________________________

Please post the TDSSKiller log for me to review. It can be located in your C:\ drive

Rootkit UnHooker (RkU)
Please download Rootkit Unhooker from one of the following links and save it to your desktop.

In order to use this tool if you downloaded from either of the second two links, you will need to extract the RKUnhookerLE.exe file using a program capable of extracing ZIP and RAR compressed files. If you don't have an extraction program, you can downlaod, install and use the free 7-zip utility.

  • Double-click on RKUnhookerLE.exe to start the program.
    Vista/Windows 7 users right-click and select Run As Administrator.
  • Click the Report tab, then click Scan.
  • Check Drivers, Stealth Code, and uncheck the rest.
  • Click OK.
  • Wait until it's finished and then go to File > Save Report.
  • Save the report to your Desktop.
  • Copy and paste the contents of the report into your next reply.

-- Note: You may get this warning...just ignore it, click OK and continue: "Rootkit Unhooker has detected a parasite inside itself! It is recommended to remove parasite, okay?".



NEXT:


Running OTL

We need to create a FULL OTL Report
  • Please download OTL from here:

  • Save it to your desktop.
  • Double click on the Posted Image icon on your desktop.
  • Click the "Scan All Users" checkbox.
  • Change the "Extra Registry" option to "SafeList"
  • Push the Posted Image button.
  • Two reports will open, copy and paste them in a reply here:
    • OTL.txt <-- Will be opened
    • Extras.txt <-- Will be minimized


NEXT:


Please provide an update on how things are running in your next reply.
Have I helped you? If you'd like to assist in the fight against malware, click here Posted Image


The instructions seen in this post have been specifically tailored to this user and the issues they are experiencing with their computer. If you think you have a similar problem, please first read this topic, and then begin your own, new thread. I do not offer private support via Private Message.

#3 User is offline   Aironet 

  • New Member
  • Pip
  • Find Topics
  • Group: Members
  • Posts: 13
  • Joined: 13-June 11

Posted 22 June 2011 - 01:28 AM

Hi ST, Thanks so much for taking the time to help me. I can't seem to find the tdsskiller log from the scan the removed the rootkit (maybe i deleted it by accident). I ran a new scan, hopefully that will suffice. My computer seems to be running nicely. Before running tdsskiller the first time I noticed svchost.exe using 50% of my cpu quite regularly. Now my cpu usage is always low when my computer is idling.

TDSSKiller

2011/06/21 23:09:47.0473 3148 TDSS rootkit removing tool 2.5.5.0 Jun 16 2011 15:25:15
2011/06/21 23:09:48.0165 3148 ================================================================================
2011/06/21 23:09:48.0165 3148 SystemInfo:
2011/06/21 23:09:48.0165 3148
2011/06/21 23:09:48.0165 3148 OS Version: 6.1.7601 ServicePack: 1.0
2011/06/21 23:09:48.0165 3148 Product type: Workstation
2011/06/21 23:09:48.0165 3148 ComputerName: JOEL-PC
2011/06/21 23:09:48.0165 3148 UserName: Joel
2011/06/21 23:09:48.0165 3148 Windows directory: C:\Windows
2011/06/21 23:09:48.0165 3148 System windows directory: C:\Windows
2011/06/21 23:09:48.0165 3148 Processor architecture: Intel x86
2011/06/21 23:09:48.0165 3148 Number of processors: 2
2011/06/21 23:09:48.0166 3148 Page size: 0x1000
2011/06/21 23:09:48.0166 3148 Boot type: Normal boot
2011/06/21 23:09:48.0166 3148 ================================================================================
2011/06/21 23:09:49.0096 3148 Initialize success
2011/06/21 23:09:58.0056 2944 ================================================================================
2011/06/21 23:09:58.0056 2944 Scan started
2011/06/21 23:09:58.0056 2944 Mode: Manual;
2011/06/21 23:09:58.0056 2944 ================================================================================
2011/06/21 23:09:59.0345 2944 1394ohci (1b133875b8aa8ac48969bd3458afe9f5) C:\Windows\system32\drivers\1394ohci.sys
2011/06/21 23:09:59.0436 2944 ACPI (cea80c80bed809aa0da6febc04733349) C:\Windows\system32\drivers\ACPI.sys
2011/06/21 23:09:59.0543 2944 AcpiPmi (1efbc664abff416d1d07db115dcb264f) C:\Windows\system32\drivers\acpipmi.sys
2011/06/21 23:09:59.0667 2944 adp94xx (21e785ebd7dc90a06391141aac7892fb) C:\Windows\system32\DRIVERS\adp94xx.sys
2011/06/21 23:09:59.0731 2944 adpahci (0c676bc278d5b59ff5abd57bbe9123f2) C:\Windows\system32\DRIVERS\adpahci.sys
2011/06/21 23:09:59.0782 2944 adpu320 (7c7b5ee4b7b822ec85321fe23a27db33) C:\Windows\system32\DRIVERS\adpu320.sys
2011/06/21 23:09:59.0883 2944 AFD (9ebbba55060f786f0fcaa3893bfa2806) C:\Windows\system32\drivers\afd.sys
2011/06/21 23:09:59.0987 2944 agp440 (507812c3054c21cef746b6ee3d04dd6e) C:\Windows\system32\drivers\agp440.sys
2011/06/21 23:10:00.0205 2944 aic78xx (8b30250d573a8f6b4bd23195160d8707) C:\Windows\system32\DRIVERS\djsvs.sys
2011/06/21 23:10:00.0283 2944 aliide (0d40bcf52ea90fc7df2aeab6503dea44) C:\Windows\system32\drivers\aliide.sys
2011/06/21 23:10:00.0320 2944 amdagp (3c6600a0696e90a463771c7422e23ab5) C:\Windows\system32\drivers\amdagp.sys
2011/06/21 23:10:00.0371 2944 amdide (cd5914170297126b6266860198d1d4f0) C:\Windows\system32\drivers\amdide.sys
2011/06/21 23:10:00.0425 2944 AmdK8 (00dda200d71bac534bf56a9db5dfd666) C:\Windows\system32\DRIVERS\amdk8.sys
2011/06/21 23:10:00.0471 2944 AmdPPM (3cbf30f5370fda40dd3e87df38ea53b6) C:\Windows\system32\DRIVERS\amdppm.sys
2011/06/21 23:10:00.0558 2944 amdsata (d320bf87125326f996d4904fe24300fc) C:\Windows\system32\drivers\amdsata.sys
2011/06/21 23:10:00.0606 2944 amdsbs (ea43af0c423ff267355f74e7a53bdaba) C:\Windows\system32\DRIVERS\amdsbs.sys
2011/06/21 23:10:00.0688 2944 amdxata (46387fb17b086d16dea267d5be23a2f2) C:\Windows\system32\drivers\amdxata.sys
2011/06/21 23:10:00.0762 2944 AppID (aea177f783e20150ace5383ee368da19) C:\Windows\system32\drivers\appid.sys
2011/06/21 23:10:00.0865 2944 arc (2932004f49677bd84dbc72edb754ffb3) C:\Windows\system32\DRIVERS\arc.sys
2011/06/21 23:10:00.0924 2944 arcsas (5d6f36c46fd283ae1b57bd2e9feb0bc7) C:\Windows\system32\DRIVERS\arcsas.sys
2011/06/21 23:10:00.0987 2944 AsyncMac (add2ade1c2b285ab8378d2daaf991481) C:\Windows\system32\DRIVERS\asyncmac.sys
2011/06/21 23:10:01.0063 2944 atapi (338c86357871c167a96ab976519bf59e) C:\Windows\system32\drivers\atapi.sys
2011/06/21 23:10:01.0258 2944 atikmdag (712d8a95e45b070114c5309ada7358ff) C:\Windows\system32\drivers\atikmdag.sys
2011/06/21 23:10:01.0470 2944 b06bdrv (1a231abec60fd316ec54c66715543cec) C:\Windows\system32\DRIVERS\bxvbdx.sys
2011/06/21 23:10:01.0545 2944 b57nd60x (bd8869eb9cde6bbe4508d869929869ee) C:\Windows\system32\DRIVERS\b57nd60x.sys
2011/06/21 23:10:01.0636 2944 Beep (505506526a9d467307b3c393dedaf858) C:\Windows\system32\drivers\Beep.sys
2011/06/21 23:10:01.0737 2944 blbdrive (2287078ed48fcfc477b05b20cf38f36f) C:\Windows\system32\DRIVERS\blbdrive.sys
2011/06/21 23:10:01.0827 2944 bowser (8f2da3028d5fcbd1a060a3de64cd6506) C:\Windows\system32\DRIVERS\bowser.sys
2011/06/21 23:10:01.0894 2944 BrFiltLo (9f9acc7f7ccde8a15c282d3f88b43309) C:\Windows\system32\DRIVERS\BrFiltLo.sys
2011/06/21 23:10:01.0941 2944 BrFiltUp (56801ad62213a41f6497f96dee83755a) C:\Windows\system32\DRIVERS\BrFiltUp.sys
2011/06/21 23:10:02.0060 2944 Brserid (845b8ce732e67f3b4133164868c666ea) C:\Windows\System32\Drivers\Brserid.sys
2011/06/21 23:10:02.0104 2944 BrSerWdm (203f0b1e73adadbbb7b7b1fabd901f6b) C:\Windows\System32\Drivers\BrSerWdm.sys
2011/06/21 23:10:02.0145 2944 BrUsbMdm (bd456606156ba17e60a04e18016ae54b) C:\Windows\System32\Drivers\BrUsbMdm.sys
2011/06/21 23:10:02.0187 2944 BrUsbSer (af72ed54503f717a43268b3cc5faec2e) C:\Windows\System32\Drivers\BrUsbSer.sys
2011/06/21 23:10:02.0229 2944 BTHMODEM (ed3df7c56ce0084eb2034432fc56565a) C:\Windows\system32\DRIVERS\bthmodem.sys
2011/06/21 23:10:02.0527 2944 cdfs (77ea11b065e0a8ab902d78145ca51e10) C:\Windows\system32\DRIVERS\cdfs.sys
2011/06/21 23:10:02.0629 2944 cdrom (be167ed0fdb9c1fa1133953c18d5a6c9) C:\Windows\system32\DRIVERS\cdrom.sys
2011/06/21 23:10:02.0686 2944 circlass (3fe3fe94a34df6fb06e6418d0f6a0060) C:\Windows\system32\DRIVERS\circlass.sys
2011/06/21 23:10:02.0751 2944 CLFS (635181e0e9bbf16871bf5380d71db02d) C:\Windows\system32\CLFS.sys
2011/06/21 23:10:02.0844 2944 CmBatt (dea805815e587dad1dd2c502220b5616) C:\Windows\system32\DRIVERS\CmBatt.sys
2011/06/21 23:10:02.0919 2944 cmdide (c537b1db64d495b9b4717b4d6d9edbf2) C:\Windows\system32\drivers\cmdide.sys
2011/06/21 23:10:03.0001 2944 CNG (1b675691ed940766149c93e8f4488d68) C:\Windows\system32\Drivers\cng.sys
2011/06/21 23:10:03.0098 2944 COMMONFX (22f8692fd3e017ead334945b3199b0e3) C:\Windows\system32\drivers\COMMONFX.SYS
2011/06/21 23:10:03.0204 2944 COMMONFX.SYS (22f8692fd3e017ead334945b3199b0e3) C:\Windows\System32\drivers\COMMONFX.SYS
2011/06/21 23:10:03.0271 2944 Compbatt (a6023d3823c37043986713f118a89bee) C:\Windows\system32\DRIVERS\compbatt.sys
2011/06/21 23:10:03.0376 2944 CompositeBus (cbe8c58a8579cfe5fccf809e6f114e89) C:\Windows\system32\drivers\CompositeBus.sys
2011/06/21 23:10:03.0454 2944 crcdisk (2c4ebcfc84a9b44f209dff6c6e6c61d1) C:\Windows\system32\DRIVERS\crcdisk.sys
2011/06/21 23:10:03.0603 2944 CSC (3c2177a897b4ca2788c6fb0c3fd81d4b) C:\Windows\system32\drivers\csc.sys
2011/06/21 23:10:03.0703 2944 CT20XUT.DLL (6191a973461852a09d643609e1d5f7c6) C:\Windows\system32\CT20XUT.DLL
2011/06/21 23:10:03.0786 2944 ctac32k (aa7e939bc07965a807c6ac2f1d4d22b7) C:\Windows\system32\drivers\ctac32k.sys
2011/06/21 23:10:03.0870 2944 ctaud2k (79e7abbf928d8a8002ebba0985905dc1) C:\Windows\system32\drivers\ctaud2k.sys
2011/06/21 23:10:03.0977 2944 CTAUDFX (6d98048890b44191e0daed4639a9f18c) C:\Windows\system32\drivers\CTAUDFX.SYS
2011/06/21 23:10:04.0135 2944 CTAUDFX.SYS (6d98048890b44191e0daed4639a9f18c) C:\Windows\System32\drivers\CTAUDFX.SYS
2011/06/21 23:10:04.0212 2944 ctdvda2k (a216c8698c4406a031af6f867afe4f92) C:\Windows\system32\drivers\ctdvda2k.sys
2011/06/21 23:10:04.0313 2944 CTEAPSFX.DLL (6a57f82009563aee8826f117e1d3c72c) C:\Windows\system32\CTEAPSFX.DLL
2011/06/21 23:10:04.0378 2944 CTEDSPFX.DLL (c8ac1ffaeadd655193d7b1811a572d8d) C:\Windows\system32\CTEDSPFX.DLL
2011/06/21 23:10:04.0437 2944 CTEDSPIO.DLL (44495d9daf675257d00b25b041ee6667) C:\Windows\system32\CTEDSPIO.DLL
2011/06/21 23:10:04.0494 2944 CTEDSPSY.DLL (8e90b1762cb42e2fc76dac9210c83c66) C:\Windows\system32\CTEDSPSY.DLL
2011/06/21 23:10:04.0603 2944 CTERFXFX (5192225e2adfd36d0fc7d61b8e0bae87) C:\Windows\system32\drivers\CTERFXFX.SYS
2011/06/21 23:10:04.0704 2944 CTERFXFX.SYS (5192225e2adfd36d0fc7d61b8e0bae87) C:\Windows\System32\drivers\CTERFXFX.SYS
2011/06/21 23:10:04.0781 2944 CTEXFIFX.DLL (2c48e9d8ca703964463f27ae341115b7) C:\Windows\system32\CTEXFIFX.DLL
2011/06/21 23:10:04.0871 2944 CTHWIUT.DLL (f7657c598e7c29c6683c1e4a8dd68884) C:\Windows\system32\CTHWIUT.DLL
2011/06/21 23:10:04.0920 2944 ctprxy2k (ce3395b054b641e454c8861020ff1d82) C:\Windows\system32\drivers\ctprxy2k.sys
2011/06/21 23:10:04.0987 2944 CTSBLFX (8750c640d3068861117fa9166b8aecde) C:\Windows\system32\drivers\CTSBLFX.SYS
2011/06/21 23:10:05.0137 2944 CTSBLFX.SYS (8750c640d3068861117fa9166b8aecde) C:\Windows\System32\drivers\CTSBLFX.SYS
2011/06/21 23:10:05.0205 2944 ctsfm2k (01b9017d05d82b6fbcd5cecce93f3aa7) C:\Windows\system32\drivers\ctsfm2k.sys
2011/06/21 23:10:05.0319 2944 DfsC (f024449c97ec1e464aaffda18593db88) C:\Windows\system32\Drivers\dfsc.sys
2011/06/21 23:10:05.0370 2944 discache (1a050b0274bfb3890703d490f330c0da) C:\Windows\system32\drivers\discache.sys
2011/06/21 23:10:05.0437 2944 Disk (565003f326f99802e68ca78f2a68e9ff) C:\Windows\system32\DRIVERS\disk.sys
2011/06/21 23:10:05.0551 2944 DKRtWrt (8e6c1d4d00e81b0199f41fa6dccee79b) C:\Windows\system32\DRIVERS\DKRtWrt.sys
2011/06/21 23:10:05.0642 2944 drmkaud (b918e7c5f9bf77202f89e1a9539f2eb4) C:\Windows\system32\drivers\drmkaud.sys
2011/06/21 23:10:05.0717 2944 DUMeterDrv (6ab2768b0bf9f5647c1b35f8e754348d) C:\Program Files\DU Meter\DUMETR32.SYS
2011/06/21 23:10:05.0874 2944 DXGKrnl (23f5d28378a160352ba8f817bd8c71cb) C:\Windows\System32\drivers\dxgkrnl.sys
2011/06/21 23:10:05.0967 2944 E1G60 (22ef8965101685add128f03a2b03ce16) C:\Windows\system32\DRIVERS\E1G60I32.sys
2011/06/21 23:10:06.0091 2944 eamonm (73ce42907cf42bfb91bcd27fe7c7a7af) C:\Windows\system32\DRIVERS\eamonm.sys
2011/06/21 23:10:06.0231 2944 ebdrv (024e1b5cac09731e4d868e64dbfb4ab0) C:\Windows\system32\DRIVERS\evbdx.sys
2011/06/21 23:10:06.0398 2944 ehdrv (7d300a43a7bd8769e0f901bf9e1ae367) C:\Windows\system32\DRIVERS\ehdrv.sys
2011/06/21 23:10:06.0558 2944 ElbyCDIO (309ac30471a0f1c3a89dee1c81230576) C:\Windows\system32\Drivers\ElbyCDIO.sys
2011/06/21 23:10:06.0685 2944 elxstor (0ed67910c8c326796faa00b2bf6d9d3c) C:\Windows\system32\DRIVERS\elxstor.sys
2011/06/21 23:10:06.0774 2944 emupia (71b09041642de925e6150eb525dcc3bf) C:\Windows\system32\drivers\emupia2k.sys
2011/06/21 23:10:06.0847 2944 epfwwfpr (96f9030ca15a8d2e8d44e53c1f0e842d) C:\Windows\system32\DRIVERS\epfwwfpr.sys
2011/06/21 23:10:06.0911 2944 ErrDev (8fc3208352dd3912c94367a206ab3f11) C:\Windows\system32\drivers\errdev.sys
2011/06/21 23:10:06.0998 2944 exfat (2dc9108d74081149cc8b651d3a26207f) C:\Windows\system32\drivers\exfat.sys
2011/06/21 23:10:07.0052 2944 fastfat (7e0ab74553476622fb6ae36f73d97d35) C:\Windows\system32\drivers\fastfat.sys
2011/06/21 23:10:07.0103 2944 fdc (e817a017f82df2a1f8cfdbda29388b29) C:\Windows\system32\DRIVERS\fdc.sys
2011/06/21 23:10:07.0191 2944 FileInfo (6cf00369c97f3cf563be99be983d13d8) C:\Windows\system32\drivers\fileinfo.sys
2011/06/21 23:10:07.0237 2944 Filetrace (42c51dc94c91da21cb9196eb64c45db9) C:\Windows\system32\drivers\filetrace.sys
2011/06/21 23:10:07.0294 2944 flpydisk (87907aa70cb3c56600f1c2fb8841579b) C:\Windows\system32\DRIVERS\flpydisk.sys
2011/06/21 23:10:07.0349 2944 FltMgr (7520ec808e0c35e0ee6f841294316653) C:\Windows\system32\drivers\fltmgr.sys
2011/06/21 23:10:07.0461 2944 FsDepends (1a16b57943853e598cff37fe2b8cbf1d) C:\Windows\system32\drivers\FsDepends.sys
2011/06/21 23:10:07.0503 2944 Fs_Rec (a574b4360e438977038aae4bf60d79a2) C:\Windows\system32\drivers\Fs_Rec.sys
2011/06/21 23:10:07.0570 2944 fvevol (8a73e79089b282100b9393b644cb853b) C:\Windows\system32\DRIVERS\fvevol.sys
2011/06/21 23:10:07.0629 2944 gagp30kx (65ee0c7a58b65e74ae05637418153938) C:\Windows\system32\DRIVERS\gagp30kx.sys
2011/06/21 23:10:07.0709 2944 GEARAspiWDM (8182ff89c65e4d38b2de4bb0fb18564e) C:\Windows\system32\DRIVERS\GEARAspiWDM.sys
2011/06/21 23:10:07.0766 2944 GenericMount (29c3d2a2398b980a73043fa3688e2f30) C:\Windows\system32\DRIVERS\GenericMount.sys
2011/06/21 23:10:07.0884 2944 giveio (77ebf3e9386daa51551af429052d88d0) C:\Windows\system32\giveio.sys
2011/06/21 23:10:08.0011 2944 ha10kx2k (2e37c43fb534f1d85dcf552d5b2af9ba) C:\Windows\system32\drivers\ha10kx2k.sys
2011/06/21 23:10:08.0093 2944 hap16v2k (607b73dc2a69a98c7f10b5702d947319) C:\Windows\system32\drivers\hap16v2k.sys
2011/06/21 23:10:08.0156 2944 hap17v2k (f674eeaa2d1ed14606aedfed65c34893) C:\Windows\system32\drivers\hap17v2k.sys
2011/06/21 23:10:08.0222 2944 hcw85cir (c44e3c2bab6837db337ddee7544736db) C:\Windows\system32\drivers\hcw85cir.sys
2011/06/21 23:10:08.0320 2944 HDAudBus (9036377b8a6c15dc2eec53e489d159b5) C:\Windows\system32\drivers\HDAudBus.sys
2011/06/21 23:10:08.0379 2944 HidBatt (1d58a7f3e11a9731d0eaaaa8405acc36) C:\Windows\system32\DRIVERS\HidBatt.sys
2011/06/21 23:10:08.0422 2944 HidBth (89448f40e6df260c206a193a4683ba78) C:\Windows\system32\DRIVERS\hidbth.sys
2011/06/21 23:10:08.0471 2944 HidIr (cf50b4cf4a4f229b9f3c08351f99ca5e) C:\Windows\system32\DRIVERS\hidir.sys
2011/06/21 23:10:08.0564 2944 HidUsb (10c19f8290891af023eaec0832e1eb4d) C:\Windows\system32\drivers\hidusb.sys
2011/06/21 23:10:08.0645 2944 HpSAMD (295fdc419039090eb8b49ffdbb374549) C:\Windows\system32\drivers\HpSAMD.sys
2011/06/21 23:10:08.0788 2944 HTTP (871917b07a141bff43d76d8844d48106) C:\Windows\system32\drivers\HTTP.sys
2011/06/21 23:10:08.0875 2944 hwpolicy (0c4e035c7f105f1299258c90886c64c5) C:\Windows\system32\drivers\hwpolicy.sys
2011/06/21 23:10:08.0965 2944 i8042prt (f151f0bdc47f4a28b1b20a0818ea36d6) C:\Windows\system32\drivers\i8042prt.sys
2011/06/21 23:10:09.0131 2944 iaStorV (5cd5f9a5444e6cdcb0ac89bd62d8b76e) C:\Windows\system32\drivers\iaStorV.sys
2011/06/21 23:10:09.0210 2944 iirsp (4173ff5708f3236cf25195fecd742915) C:\Windows\system32\DRIVERS\iirsp.sys
2011/06/21 23:10:09.0316 2944 intelide (a0f12f2c9ba6c72f3987ce780e77c130) C:\Windows\system32\drivers\intelide.sys
2011/06/21 23:10:09.0371 2944 intelppm (3b514d27bfc4accb4037bc6685f766e0) C:\Windows\system32\DRIVERS\intelppm.sys
2011/06/21 23:10:09.0429 2944 IpFilterDriver (709d1761d3b19a932ff0238ea6d50200) C:\Windows\system32\DRIVERS\ipfltdrv.sys
2011/06/21 23:10:09.0519 2944 IPMIDRV (4bd7134618c1d2a27466a099062547bf) C:\Windows\system32\drivers\IPMIDrv.sys
2011/06/21 23:10:09.0563 2944 IPNAT (a5fa468d67abcdaa36264e463a7bb0cd) C:\Windows\system32\drivers\ipnat.sys
2011/06/21 23:10:09.0629 2944 IRENUM (42996cff20a3084a56017b7902307e9f) C:\Windows\system32\drivers\irenum.sys
2011/06/21 23:10:09.0680 2944 isapnp (1f32bb6b38f62f7df1a7ab7292638a35) C:\Windows\system32\drivers\isapnp.sys
2011/06/21 23:10:09.0724 2944 iScsiPrt (cb7a9abb12b8415bce5d74994c7ba3ae) C:\Windows\system32\drivers\msiscsi.sys
2011/06/21 23:10:09.0789 2944 kbdclass (adef52ca1aeae82b50df86b56413107e) C:\Windows\system32\drivers\kbdclass.sys
2011/06/21 23:10:09.0861 2944 kbdhid (9e3ced91863e6ee98c24794d05e27a71) C:\Windows\system32\drivers\kbdhid.sys
2011/06/21 23:10:09.0966 2944 KSecDD (412cea1aa78cc02a447f5c9e62b32ff1) C:\Windows\system32\Drivers\ksecdd.sys
2011/06/21 23:10:10.0024 2944 KSecPkg (26c046977e85b95036453d7b88ba1820) C:\Windows\system32\Drivers\ksecpkg.sys
2011/06/21 23:10:10.0121 2944 lltdio (f7611ec07349979da9b0ae1f18ccc7a6) C:\Windows\system32\DRIVERS\lltdio.sys
2011/06/21 23:10:10.0224 2944 LSI_FC (eb119a53ccf2acc000ac71b065b78fef) C:\Windows\system32\DRIVERS\lsi_fc.sys
2011/06/21 23:10:10.0305 2944 LSI_SAS (8ade1c877256a22e49b75d1cc9161f9c) C:\Windows\system32\DRIVERS\lsi_sas.sys
2011/06/21 23:10:10.0351 2944 LSI_SAS2 (dc9dc3d3daa0e276fd2ec262e38b11e9) C:\Windows\system32\DRIVERS\lsi_sas2.sys
2011/06/21 23:10:10.0397 2944 LSI_SCSI (0a036c7d7cab643a7f07135ac47e0524) C:\Windows\system32\DRIVERS\lsi_scsi.sys
2011/06/21 23:10:10.0453 2944 luafv (6703e366cc18d3b6e534f5cf7df39cee) C:\Windows\system32\drivers\luafv.sys
2011/06/21 23:10:10.0548 2944 MBAMProtector (3d2c13377763eeac0ca6fb46f57217ed) C:\Windows\system32\drivers\mbam.sys
2011/06/21 23:10:10.0604 2944 megasas (0fff5b045293002ab38eb1fd1fc2fb74) C:\Windows\system32\DRIVERS\megasas.sys
2011/06/21 23:10:10.0658 2944 MegaSR (dcbab2920c75f390caf1d29f675d03d6) C:\Windows\system32\DRIVERS\MegaSR.sys
2011/06/21 23:10:10.0796 2944 Modem (f001861e5700ee84e2d4e52c712f4964) C:\Windows\system32\drivers\modem.sys
2011/06/21 23:10:10.0868 2944 monitor (79d10964de86b292320e9dfe02282a23) C:\Windows\system32\DRIVERS\monitor.sys
2011/06/21 23:10:10.0950 2944 mouclass (fb18cc1d4c2e716b6b903b0ac0cc0609) C:\Windows\system32\drivers\mouclass.sys
2011/06/21 23:10:11.0004 2944 mouhid (2c388d2cd01c9042596cf3c8f3c7b24d) C:\Windows\system32\DRIVERS\mouhid.sys
2011/06/21 23:10:11.0076 2944 mountmgr (fc8771f45ecccfd89684e38842539b9b) C:\Windows\system32\drivers\mountmgr.sys
2011/06/21 23:10:11.0160 2944 mpio (2d699fb6e89ce0d8da14ecc03b3edfe0) C:\Windows\system32\drivers\mpio.sys
2011/06/21 23:10:11.0204 2944 mpsdrv (ad2723a7b53dd1aacae6ad8c0bfbf4d0) C:\Windows\system32\drivers\mpsdrv.sys
2011/06/21 23:10:11.0287 2944 MRxDAV (ceb46ab7c01c9f825f8cc6babc18166a) C:\Windows\system32\drivers\mrxdav.sys
2011/06/21 23:10:11.0399 2944 mrxsmb (5d16c921e3671636c0eba3bbaac5fd25) C:\Windows\system32\DRIVERS\mrxsmb.sys
2011/06/21 23:10:11.0459 2944 mrxsmb10 (a70c828a93cce4c11617f6249f4d87fc) C:\Windows\system32\DRIVERS\mrxsmb10.sys
2011/06/21 23:10:11.0515 2944 mrxsmb20 (b81f204d146000be76651a50670a5e9e) C:\Windows\system32\DRIVERS\mrxsmb20.sys
2011/06/21 23:10:11.0591 2944 msahci (012c5f4e9349e711e11e0f19a8589f0a) C:\Windows\system32\drivers\msahci.sys
2011/06/21 23:10:11.0673 2944 msdsm (55055f8ad8be27a64c831322a780a228) C:\Windows\system32\drivers\msdsm.sys
2011/06/21 23:10:11.0761 2944 Msfs (daefb28e3af5a76abcc2c3078c07327f) C:\Windows\system32\drivers\Msfs.sys
2011/06/21 23:10:11.0829 2944 mshidkmdf (3e1e5767043c5af9367f0056295e9f84) C:\Windows\System32\drivers\mshidkmdf.sys
2011/06/21 23:10:11.0883 2944 msisadrv (0a4e5757ae09fa9622e3158cc1aef114) C:\Windows\system32\drivers\msisadrv.sys
2011/06/21 23:10:11.0968 2944 MSKSSRV (8c0860d6366aaffb6c5bb9df9448e631) C:\Windows\system32\drivers\MSKSSRV.sys
2011/06/21 23:10:12.0020 2944 MSPCLOCK (3ea8b949f963562cedbb549eac0c11ce) C:\Windows\system32\drivers\MSPCLOCK.sys
2011/06/21 23:10:12.0073 2944 MSPQM (f456e973590d663b1073e9c463b40932) C:\Windows\system32\drivers\MSPQM.sys
2011/06/21 23:10:12.0114 2944 MsRPC (0e008fc4819d238c51d7c93e7b41e560) C:\Windows\system32\drivers\MsRPC.sys
2011/06/21 23:10:12.0154 2944 mssmbios (fc6b9ff600cc585ea38b12589bd4e246) C:\Windows\system32\drivers\mssmbios.sys
2011/06/21 23:10:12.0209 2944 MSTEE (b42c6b921f61a6e55159b8be6cd54a36) C:\Windows\system32\drivers\MSTEE.sys
2011/06/21 23:10:12.0253 2944 MTConfig (33599130f44e1f34631cea241de8ac84) C:\Windows\system32\DRIVERS\MTConfig.sys
2011/06/21 23:10:12.0321 2944 Mup (159fad02f64e6381758c990f753bcc80) C:\Windows\system32\Drivers\mup.sys
2011/06/21 23:10:12.0397 2944 NativeWifiP (26384429fcd85d83746f63e798ab1480) C:\Windows\system32\DRIVERS\nwifi.sys
2011/06/21 23:10:12.0476 2944 NDIS (e7c54812a2aaf43316eb6930c1ffa108) C:\Windows\system32\drivers\ndis.sys
2011/06/21 23:10:12.0598 2944 NdisCap (0e1787aa6c9191d3d319e8bafe86f80c) C:\Windows\system32\DRIVERS\ndiscap.sys
2011/06/21 23:10:12.0645 2944 NdisTapi (e4a8aec125a2e43a9e32afeea7c9c888) C:\Windows\system32\DRIVERS\ndistapi.sys
2011/06/21 23:10:12.0733 2944 Ndisuio (d8a65dafb3eb41cbb622745676fcd072) C:\Windows\system32\DRIVERS\ndisuio.sys
2011/06/21 23:10:12.0806 2944 NdisWan (38fbe267e7e6983311179230facb1017) C:\Windows\system32\DRIVERS\ndiswan.sys
2011/06/21 23:10:12.0884 2944 NDProxy (a4bdc541e69674fbff1a8ff00be913f2) C:\Windows\system32\drivers\NDProxy.sys
2011/06/21 23:10:12.0968 2944 NetBIOS (80b275b1ce3b0e79909db7b39af74d51) C:\Windows\system32\DRIVERS\netbios.sys
2011/06/21 23:10:13.0025 2944 NetBT (280122ddcf04b378edd1ad54d71c1e54) C:\Windows\system32\DRIVERS\netbt.sys
2011/06/21 23:10:13.0183 2944 nfrd960 (1d85c4b390b0ee09c7a46b91efb2c097) C:\Windows\system32\DRIVERS\nfrd960.sys
2011/06/21 23:10:13.0264 2944 NPF (b9730495e0cf674680121e34bd95a73b) C:\Windows\system32\drivers\npf.sys
2011/06/21 23:10:13.0319 2944 Npfs (1db262a9f8c087e8153d89bef3d2235f) C:\Windows\system32\drivers\Npfs.sys
2011/06/21 23:10:13.0370 2944 nsiproxy (e9a0a4d07e53d8fea2bb8387a3293c58) C:\Windows\system32\drivers\nsiproxy.sys
2011/06/21 23:10:13.0482 2944 Ntfs (81189c3d7763838e55c397759d49007a) C:\Windows\system32\drivers\Ntfs.sys
2011/06/21 23:10:13.0553 2944 Null (f9756a98d69098dca8945d62858a812c) C:\Windows\system32\drivers\Null.sys
2011/06/21 23:10:13.0651 2944 nvraid (b3e25ee28883877076e0e1ff877d02e0) C:\Windows\system32\drivers\nvraid.sys
2011/06/21 23:10:13.0711 2944 nvstor (4380e59a170d88c4f1022eff6719a8a4) C:\Windows\system32\drivers\nvstor.sys
2011/06/21 23:10:13.0780 2944 nv_agp (5a0983915f02bae73267cc2a041f717d) C:\Windows\system32\drivers\nv_agp.sys
2011/06/21 23:10:13.0852 2944 ohci1394 (08a70a1f2cdde9bb49b885cb817a66eb) C:\Windows\system32\drivers\ohci1394.sys
2011/06/21 23:10:13.0962 2944 ossrv (e852a590216f0da2b94df5a937585554) C:\Windows\system32\drivers\ctoss2k.sys
2011/06/21 23:10:14.0064 2944 Parport (2ea877ed5dd9713c5ac74e8ea7348d14) C:\Windows\system32\DRIVERS\parport.sys
2011/06/21 23:10:14.0129 2944 partmgr (bf8f6af06da75b336f07e23aef97d93b) C:\Windows\system32\drivers\partmgr.sys
2011/06/21 23:10:14.0178 2944 Parvdm (eb0a59f29c19b86479d36b35983daadc) C:\Windows\system32\DRIVERS\parvdm.sys
2011/06/21 23:10:14.0291 2944 pci (673e55c3498eb970088e812ea820aa8f) C:\Windows\system32\drivers\pci.sys
2011/06/21 23:10:14.0365 2944 pciide (afe86f419014db4e5593f69ffe26ce0a) C:\Windows\system32\drivers\pciide.sys
2011/06/21 23:10:14.0423 2944 pcmcia (f396431b31693e71e8a80687ef523506) C:\Windows\system32\DRIVERS\pcmcia.sys
2011/06/21 23:10:14.0541 2944 pcouffin (5b6c11de7e839c05248ced8825470fef) C:\Windows\system32\Drivers\pcouffin.sys
2011/06/21 23:10:14.0595 2944 pcw (250f6b43d2b613172035c6747aeeb19f) C:\Windows\system32\drivers\pcw.sys
2011/06/21 23:10:14.0713 2944 PEAUTH (9e0104ba49f4e6973749a02bf41344ed) C:\Windows\system32\drivers\peauth.sys
2011/06/21 23:10:14.0907 2944 PptpMiniport (631e3e205ad6d86f2aed6a4a8e69f2db) C:\Windows\system32\DRIVERS\raspptp.sys
2011/06/21 23:10:14.0960 2944 Processor (85b1e3a0c7585bc4aae6899ec6fcf011) C:\Windows\system32\DRIVERS\processr.sys
2011/06/21 23:10:15.0054 2944 Profos (0979354e88070d8e4dfa1739f9413e1d) C:\PROGRA~1\Softwin\BITDEF~1\profos.sys
2011/06/21 23:10:15.0243 2944 Psched (6270ccae2a86de6d146529fe55b3246a) C:\Windows\system32\DRIVERS\pacer.sys
2011/06/21 23:10:15.0349 2944 ql2300 (ab95ecf1f6659a60ddc166d8315b0751) C:\Windows\system32\DRIVERS\ql2300.sys
2011/06/21 23:10:15.0429 2944 ql40xx (b4dd51dd25182244b86737dc51af2270) C:\Windows\system32\DRIVERS\ql40xx.sys
2011/06/21 23:10:15.0487 2944 QWAVEdrv (584078ca1b95ca72df2a27c336f9719d) C:\Windows\system32\drivers\qwavedrv.sys
2011/06/21 23:10:15.0529 2944 RasAcd (30a81b53c766d0133bb86d234e5556ab) C:\Windows\system32\DRIVERS\rasacd.sys
2011/06/21 23:10:15.0632 2944 RasAgileVpn (57ec4aef73660166074d8f7f31c0d4fd) C:\Windows\system32\DRIVERS\AgileVpn.sys
2011/06/21 23:10:15.0696 2944 Rasl2tp (d9f91eafec2815365cbe6d167e4e332a) C:\Windows\system32\DRIVERS\rasl2tp.sys
2011/06/21 23:10:15.0787 2944 RasPppoe (0fe8b15916307a6ac12bfb6a63e45507) C:\Windows\system32\DRIVERS\raspppoe.sys
2011/06/21 23:10:15.0835 2944 RasSstp (44101f495a83ea6401d886e7fd70096b) C:\Windows\system32\DRIVERS\rassstp.sys
2011/06/21 23:10:15.0909 2944 rdbss (d528bc58a489409ba40334ebf96a311b) C:\Windows\system32\DRIVERS\rdbss.sys
2011/06/21 23:10:16.0003 2944 rdpbus (0d8f05481cb76e70e1da06ee9f0da9df) C:\Windows\system32\DRIVERS\rdpbus.sys
2011/06/21 23:10:16.0051 2944 RDPCDD (23dae03f29d253ae74c44f99e515f9a1) C:\Windows\system32\DRIVERS\RDPCDD.sys
2011/06/21 23:10:16.0144 2944 RDPDR (b973fcfc50dc1434e1970a146f7e3885) C:\Windows\system32\drivers\rdpdr.sys
2011/06/21 23:10:16.0194 2944 RDPENCDD (5a53ca1598dd4156d44196d200c94b8a) C:\Windows\system32\drivers\rdpencdd.sys
2011/06/21 23:10:16.0253 2944 RDPREFMP (44b0a53cd4f27d50ed461dae0c0b4e1f) C:\Windows\system32\drivers\rdprefmp.sys
2011/06/21 23:10:16.0402 2944 RdpVideoMiniport (68a0387f58e226deee23d9715955572a) C:\Windows\system32\drivers\rdpvideominiport.sys
2011/06/21 23:10:16.0508 2944 RDPWD (288b06960d78428ff89e811632684e20) C:\Windows\system32\drivers\RDPWD.sys
2011/06/21 23:10:16.0602 2944 rdyboost (518395321dc96fe2c9f0e96ac743b656) C:\Windows\system32\drivers\rdyboost.sys
2011/06/21 23:10:16.0703 2944 rspndr (032b0d36ad92b582d869879f5af5b928) C:\Windows\system32\DRIVERS\rspndr.sys
2011/06/21 23:10:16.0769 2944 s3cap (7fa7f2e249a5dcbb7970630e15e1f482) C:\Windows\system32\drivers\vms3cap.sys
2011/06/21 23:10:16.0901 2944 SbieDrv (0e37b22d506d09f349885049db34f0dc) C:\Program Files\Sandboxie\SbieDrv.sys
2011/06/21 23:10:17.0054 2944 sbp2port (05d860da1040f111503ac416ccef2bca) C:\Windows\system32\drivers\sbp2port.sys
2011/06/21 23:10:17.0146 2944 scfilter (0693b5ec673e34dc147e195779a4dcf6) C:\Windows\system32\DRIVERS\scfilter.sys
2011/06/21 23:10:17.0271 2944 secdrv (90a3935d05b494a5a39d37e71f09a677) C:\Windows\system32\drivers\secdrv.sys
2011/06/21 23:10:17.0365 2944 Serenum (9ad8b8b515e3df6acd4212ef465de2d1) C:\Windows\system32\DRIVERS\serenum.sys
2011/06/21 23:10:17.0457 2944 Serial (5fb7fcea0490d821f26f39cc5ea3d1e2) C:\Windows\system32\DRIVERS\serial.sys
2011/06/21 23:10:17.0533 2944 sermouse (79bffb520327ff916a582dfea17aa813) C:\Windows\system32\DRIVERS\sermouse.sys
2011/06/21 23:10:17.0637 2944 sffdisk (9f976e1eb233df46fce808d9dea3eb9c) C:\Windows\system32\drivers\sffdisk.sys
2011/06/21 23:10:17.0687 2944 sffp_mmc (932a68ee27833cfd57c1639d375f2731) C:\Windows\system32\drivers\sffp_mmc.sys
2011/06/21 23:10:17.0736 2944 sffp_sd (6d4ccaedc018f1cf52866bbbaa235982) C:\Windows\system32\drivers\sffp_sd.sys
2011/06/21 23:10:17.0778 2944 sfloppy (db96666cc8312ebc45032f30b007a547) C:\Windows\system32\DRIVERS\sfloppy.sys
2011/06/21 23:10:17.0858 2944 sisagp (2565cac0dc9fe0371bdce60832582b2e) C:\Windows\system32\drivers\sisagp.sys
2011/06/21 23:10:17.0911 2944 SiSRaid2 (a9f0486851becb6dda1d89d381e71055) C:\Windows\system32\DRIVERS\SiSRaid2.sys
2011/06/21 23:10:17.0976 2944 SiSRaid4 (3727097b55738e2f554972c3be5bc1aa) C:\Windows\system32\DRIVERS\sisraid4.sys
2011/06/21 23:10:18.0021 2944 Smb (3e21c083b8a01cb70ba1f09303010fce) C:\Windows\system32\DRIVERS\smb.sys
2011/06/21 23:10:18.0121 2944 smwdm (c80b84e4843b33da56a806e1a1275ba0) C:\Windows\system32\drivers\smwdm.sys
2011/06/21 23:10:18.0217 2944 speedfan (5d6401db90ec81b71f8e2c5c8f0fef23) C:\Windows\system32\speedfan.sys
2011/06/21 23:10:18.0299 2944 spldr (95cf1ae7527fb70f7816563cbc09d942) C:\Windows\system32\drivers\spldr.sys
2011/06/21 23:10:18.0444 2944 sptd (cdddec541bc3c96f91ecb48759673505) C:\Windows\System32\Drivers\sptd.sys
2011/06/21 23:10:18.0589 2944 srv (e4c2764065d66ea1d2d3ebc28fe99c46) C:\Windows\system32\DRIVERS\srv.sys
2011/06/21 23:10:18.0651 2944 srv2 (03f0545bd8d4c77fa0ae1ceedfcc71ab) C:\Windows\system32\DRIVERS\srv2.sys
2011/06/21 23:10:18.0708 2944 srvnet (be6bd660caa6f291ae06a718a4fa8abc) C:\Windows\system32\DRIVERS\srvnet.sys
2011/06/21 23:10:18.0817 2944 stexstor (db32d325c192b801df274bfd12a7e72b) C:\Windows\system32\DRIVERS\stexstor.sys
2011/06/21 23:10:18.0905 2944 storflt (472af0311073dceceaa8fa18ba2bdf89) C:\Windows\system32\drivers\vmstorfl.sys
2011/06/21 23:10:18.0979 2944 storvsc (dcaffd62259e0bdb433dd67b5bb37619) C:\Windows\system32\drivers\storvsc.sys
2011/06/21 23:10:19.0029 2944 swenum (e58c78a848add9610a4db6d214af5224) C:\Windows\system32\drivers\swenum.sys
2011/06/21 23:10:19.0105 2944 symsnap (a5cf31080e99718949bcc38c83f13452) C:\Windows\system32\DRIVERS\symsnap.sys
2011/06/21 23:10:19.0298 2944 Tcpip (24326784df8f3d5f5bbb9f878ce33c14) C:\Windows\system32\drivers\tcpip.sys
2011/06/21 23:10:19.0456 2944 TCPIP6 (24326784df8f3d5f5bbb9f878ce33c14) C:\Windows\system32\DRIVERS\tcpip.sys
2011/06/21 23:10:19.0521 2944 tcpipreg (cca24162e055c3714ce5a88b100c64ed) C:\Windows\system32\drivers\tcpipreg.sys
2011/06/21 23:10:19.0624 2944 TDPIPE (1cb91b2bd8f6dd367dfc2ef26fd751b2) C:\Windows\system32\drivers\tdpipe.sys
2011/06/21 23:10:19.0675 2944 TDTCP (2c10395baa4847f83042813c515cc289) C:\Windows\system32\drivers\tdtcp.sys
2011/06/21 23:10:19.0726 2944 tdx (b459575348c20e8121d6039da063c704) C:\Windows\system32\DRIVERS\tdx.sys
2011/06/21 23:10:19.0795 2944 TermDD (04dbf4b01ea4bf25a9a3e84affac9b20) C:\Windows\system32\drivers\termdd.sys
2011/06/21 23:10:19.0926 2944 truecrypt (aceb4f4f83b895e15c8c1a2f55009783) C:\Windows\system32\drivers\truecrypt.sys
2011/06/21 23:10:20.0017 2944 tssecsrv (254bb140eee3c59d6114c1a86b636877) C:\Windows\system32\DRIVERS\tssecsrv.sys
2011/06/21 23:10:20.0117 2944 TsUsbFlt (fd1d6c73e6333be727cbcc6054247654) C:\Windows\system32\drivers\tsusbflt.sys
2011/06/21 23:10:20.0257 2944 tunnel (b2fa25d9b17a68bb93d58b0556e8c90d) C:\Windows\system32\DRIVERS\tunnel.sys
2011/06/21 23:10:20.0328 2944 uagp35 (750fbcb269f4d7dd2e420c56b795db6d) C:\Windows\system32\DRIVERS\uagp35.sys
2011/06/21 23:10:20.0411 2944 udfs (ee43346c7e4b5e63e54f927babbb32ff) C:\Windows\system32\DRIVERS\udfs.sys
2011/06/21 23:10:20.0532 2944 uliagpkx (44e8048ace47befbfdc2e9be4cbc8880) C:\Windows\system32\drivers\uliagpkx.sys
2011/06/21 23:10:20.0594 2944 umbus (d295bed4b898f0fd999fcfa9b32b071b) C:\Windows\system32\DRIVERS\umbus.sys
2011/06/21 23:10:20.0650 2944 UmPass (7550ad0c6998ba1cb4843e920ee0feac) C:\Windows\system32\DRIVERS\umpass.sys
2011/06/21 23:10:20.0759 2944 USBAAPL (5c2bdc152bbab34f36473deaf7713f22) C:\Windows\system32\Drivers\usbaapl.sys
2011/06/21 23:10:20.0841 2944 usbbus (5353218b3265e3b8190335059f697a11) C:\Windows\system32\DRIVERS\lgusbbus.sys
2011/06/21 23:10:20.0917 2944 usbccgp (bd9c55d7023c5de374507acc7a14e2ac) C:\Windows\system32\DRIVERS\usbccgp.sys
2011/06/21 23:10:21.0020 2944 usbcir (04ec7cec62ec3b6d9354eee93327fc82) C:\Windows\system32\drivers\usbcir.sys
2011/06/21 23:10:21.0070 2944 UsbDiag (7dd3eefc62a1ef44e5f940fa651ed9ed) C:\Windows\system32\DRIVERS\lgusbdiag.sys
2011/06/21 23:10:21.0138 2944 usbehci (f92de757e4b7ce9c07c5e65423f3ae3b) C:\Windows\system32\DRIVERS\usbehci.sys
2011/06/21 23:10:21.0240 2944 usbhub (8dc94aec6a7e644a06135ae7506dc2e9) C:\Windows\system32\DRIVERS\usbhub.sys
2011/06/21 23:10:21.0286 2944 USBModem (083031a78822eccbd7510bccd3e20d4c) C:\Windows\system32\DRIVERS\lgusbmodem.sys
2011/06/21 23:10:21.0345 2944 usbohci (a6fb7957ea7afb1165991e54ce934b74) C:\Windows\system32\DRIVERS\usbohci.sys
2011/06/21 23:10:21.0394 2944 usbprint (797d862fe0875e75c7cc4c1ad7b30252) C:\Windows\system32\DRIVERS\usbprint.sys
2011/06/21 23:10:21.0469 2944 USBSTOR (f991ab9cc6b908db552166768176896a) C:\Windows\system32\drivers\USBSTOR.SYS
2011/06/21 23:10:21.0548 2944 usbuhci (68df884cf41cdada664beb01daf67e3d) C:\Windows\system32\DRIVERS\usbuhci.sys
2011/06/21 23:10:21.0688 2944 vdrvroot (a059c4c3edb09e07d21a8e5c0aabd3cb) C:\Windows\system32\drivers\vdrvroot.sys
2011/06/21 23:10:21.0770 2944 vga (17c408214ea61696cec9c66e388b14f3) C:\Windows\system32\DRIVERS\vgapnp.sys
2011/06/21 23:10:21.0836 2944 VgaSave (8e38096ad5c8570a6f1570a61e251561) C:\Windows\System32\drivers\vga.sys
2011/06/21 23:10:21.0955 2944 vhdmp (5461686cca2fda57b024547733ab42e3) C:\Windows\system32\drivers\vhdmp.sys
2011/06/21 23:10:22.0030 2944 viaagp (c829317a37b4bea8f39735d4b076e923) C:\Windows\system32\drivers\viaagp.sys
2011/06/21 23:10:22.0078 2944 ViaC7 (e02f079a6aa107f06b16549c6e5c7b74) C:\Windows\system32\DRIVERS\viac7.sys
2011/06/21 23:10:22.0126 2944 viaide (e43574f6a56a0ee11809b48c09e4fd3c) C:\Windows\system32\drivers\viaide.sys
2011/06/21 23:10:22.0187 2944 vmbus (c2f2911156fdc7817c52829c86da494e) C:\Windows\system32\drivers\vmbus.sys
2011/06/21 23:10:22.0277 2944 VMBusHID (d4d77455211e204f370d08f4963063ce) C:\Windows\system32\drivers\VMBusHID.sys
2011/06/21 23:10:22.0393 2944 vncmirror (3b8f222b23917c041e4da29ccc57e7d0) C:\Windows\system32\DRIVERS\vncmirror.sys
2011/06/21 23:10:22.0444 2944 volmgr (4c63e00f2f4b5f86ab48a58cd990f212) C:\Windows\system32\drivers\volmgr.sys
2011/06/21 23:10:22.0500 2944 volmgrx (b5bb72067ddddbbfb04b2f89ff8c3c87) C:\Windows\system32\drivers\volmgrx.sys
2011/06/21 23:10:22.0558 2944 volsnap (f497f67932c6fa693d7de2780631cfe7) C:\Windows\system32\drivers\volsnap.sys
2011/06/21 23:10:22.0623 2944 VProEventMonitor (ef3506b04eb9124240b35148eaacbaa5) C:\Windows\system32\DRIVERS\vproeventmonitor.sys
2011/06/21 23:10:22.0763 2944 vwifibus (90567b1e658001e79d7c8bbd3dde5aa6) C:\Windows\System32\drivers\vwifibus.sys
2011/06/21 23:10:22.0828 2944 WacomPen (de3721e89c653aa281428c8a69745d90) C:\Windows\system32\DRIVERS\wacompen.sys
2011/06/21 23:10:22.0895 2944 WANARP (3c3c78515f5ab448b022bdf5b8ffdd2e) C:\Windows\system32\DRIVERS\wanarp.sys
2011/06/21 23:10:22.0919 2944 Wanarpv6 (3c3c78515f5ab448b022bdf5b8ffdd2e) C:\Windows\system32\DRIVERS\wanarp.sys
2011/06/21 23:10:23.0011 2944 Wd (1112a9badacb47b7c0bb0392e3158dff) C:\Windows\system32\DRIVERS\wd.sys
2011/06/21 23:10:23.0079 2944 Wdf01000 (9950e3d0f08141c7e89e64456ae7dc73) C:\Windows\system32\drivers\Wdf01000.sys
2011/06/21 23:10:23.0211 2944 WfpLwf (8b9a943f3b53861f2bfaf6c186168f79) C:\Windows\system32\DRIVERS\wfplwf.sys
2011/06/21 23:10:23.0275 2944 WimFltr (090a2b8f055343815556a01f725f6c35) C:\Windows\system32\DRIVERS\wimfltr.sys
2011/06/21 23:10:23.0319 2944 WIMMount (5cf95b35e59e2a38023836fff31be64c) C:\Windows\system32\drivers\wimmount.sys
2011/06/21 23:10:23.0474 2944 WinUsb (a67e5f9a400f3bd1be3d80613b45f708) C:\Windows\system32\DRIVERS\WinUsb.sys
2011/06/21 23:10:23.0532 2944 WmiAcpi (0217679b8fca58714c3bf2726d2ca84e) C:\Windows\system32\drivers\wmiacpi.sys
2011/06/21 23:10:23.0630 2944 ws2ifsl (6db3276587b853bf886b69528fdb048c) C:\Windows\system32\drivers\ws2ifsl.sys
2011/06/21 23:10:23.0750 2944 WudfPf (e714a1c0354636837e20ccbf00888ee7) C:\Windows\system32\drivers\WudfPf.sys
2011/06/21 23:10:23.0836 2944 WUDFRd (1023ee888c9b47178c5293ed5336ab69) C:\Windows\system32\DRIVERS\WUDFRd.sys
2011/06/21 23:10:24.0006 2944 {1BA31E5A-C098-42d8-8F88-3C9F78A2FDDC} (74ec37b9eaf9fca015b933a526825c7a) C:\Program Files\CyberLink\PowerDVD10\NavFilter\000.fcl
2011/06/21 23:10:24.0053 2944 MBR (0x1B8) (a36c5e4f47e84449ff07ed3517b43a31) \Device\Harddisk1\DR1
2011/06/21 23:10:24.0080 2944 MBR (0x1B8) (8f558eb6672622401da993e1e865c861) \Device\Harddisk0\DR0
2011/06/21 23:10:24.0098 2944 ================================================================================
2011/06/21 23:10:24.0099 2944 Scan finished
2011/06/21 23:10:24.0099 2944 ================================================================================
2011/06/21 23:10:24.0119 2544 Detected object count: 0
2011/06/21 23:10:24.0119 2544 Actual detected object count: 0

Rootkit Unhooker

RkU Version: 3.8.389.593, Type LE (SR2)
==============================================
OS Name: Windows 7
Version 6.1.7601 (Service Pack 1)
Number of processors #2
==============================================
>Drivers
==============================================
0x92C2B000 C:\Windows\system32\drivers\atikmdag.sys 4538368 bytes (ATI Technologies Inc., ATI Radeon Kernel Mode Driver)
0x82C00000 C:\Windows\system32\ntoskrnl.exe 4206592 bytes (Microsoft Corporation, NT Kernel & System)
0x82C00000 PnpManager 4206592 bytes
0x82C00000 RAW 4206592 bytes
0x82C00000 WMIxWDM 4206592 bytes
0x93430000 Win32k 2416640 bytes
0x93430000 C:\Windows\System32\win32k.sys 2416640 bytes (Microsoft Corporation, Multi-User Win32 Driver)
0x8C039000 C:\Windows\System32\drivers\tcpip.sys 1351680 bytes (Microsoft Corporation, TCP/IP Driver)
0x8BC64000 C:\Windows\System32\Drivers\Ntfs.sys 1241088 bytes (Microsoft Corporation, NT File System Driver)
0x92AD1000 C:\Windows\system32\drivers\ha10kx2k.sys 1089536 bytes (Creative Technology Ltd, Creative EMU10KX HAL (WDM))
0x9307F000 C:\Windows\System32\drivers\dxgkrnl.sys 749568 bytes (Microsoft Corporation, DirectX Graphics Kernel)
0x8BE45000 C:\Windows\system32\drivers\ndis.sys 749568 bytes (Microsoft Corporation, NDIS 6.20 driver)
0x838E5000 C:\Windows\system32\CI.dll 700416 bytes (Microsoft Corporation, Code Integrity Module)
0x93ED9000 C:\Windows\system32\DRIVERS\eamonm.sys 679936 bytes (ESET, Amon monitor)
0x93C36000 C:\Windows\system32\drivers\ctac32k.sys 638976 bytes (Creative Technology Ltd, Creative AC3 SW Decoder Device Driver (WDM))
0x9D597000 C:\Windows\system32\drivers\peauth.sys 618496 bytes (Microsoft Corporation, Protected Environment Authentication and Authorization Export Driver)
0x93CED000 C:\Windows\System32\drivers\CTSBLFX.SYS 581632 bytes (Creative Technology Ltd, Creative SB FX Plug-in)
0x93D7B000 C:\Windows\System32\drivers\CTAUDFX.SYS 569344 bytes (Creative Technology Ltd, Creative SB FX Plug-in)
0x9D43F000 C:\Windows\system32\drivers\HTTP.sys 544768 bytes (Microsoft Corporation, HTTP Protocol Stack)
0x83805000 C:\Windows\system32\mcupdate_GenuineIntel.dll 544768 bytes (Microsoft Corporation, Intel Microcode Update Library)
0x93210000 C:\Windows\system32\drivers\ctaud2k.sys 524288 bytes (Creative Technology Ltd, Creative WDM Audio Device Driver)
0x83990000 C:\Windows\system32\drivers\Wdf01000.sys 462848 bytes (Microsoft Corporation, Kernel Mode Driver Framework Runtime)
0x928D7000 C:\Windows\system32\drivers\csc.sys 409600 bytes (Microsoft Corporation, Windows Client Side Caching Driver)
0x8BDD1000 C:\Windows\System32\Drivers\cng.sys 380928 bytes (Microsoft Corporation, Kernel Cryptography, Next Generation)
0x8BF5F000 C:\Windows\system32\drivers\afd.sys 368640 bytes (Microsoft Corporation, Ancillary Function Driver for WinSock)
0x9D76D000 C:\Windows\System32\DRIVERS\srv.sys 335872 bytes (Microsoft Corporation, Server driver)
0x9D71D000 C:\Windows\System32\DRIVERS\srv2.sys 327680 bytes (Microsoft Corporation, Smb 2.0 Server driver)
0x936C0000 C:\Windows\System32\ATMFD.DLL 315392 bytes (Adobe Systems Incorporated, Windows NT OpenType/Type 1 Font Driver)
0x931B6000 C:\Windows\system32\DRIVERS\USBPORT.SYS 307200 bytes (Microsoft Corporation, USB 1.1 & 2.0 Port Driver)
0x83AD1000 C:\Windows\System32\drivers\volmgrx.sys 307200 bytes (Microsoft Corporation, Volume Manager Extension Driver)
0x83A0F000 C:\Windows\system32\drivers\ACPI.sys 294912 bytes (Microsoft Corporation, ACPI Driver for NT)
0x92A62000 C:\Windows\system32\DRIVERS\usbhub.sys 278528 bytes (Microsoft Corporation, Default Hub Driver for USB)
0x838A3000 C:\Windows\system32\CLFS.SYS 270336 bytes (Microsoft Corporation, Common Log File System Driver)
0x92871000 C:\Windows\system32\DRIVERS\rdbss.sys 266240 bytes (Microsoft Corporation, Redirected Drive Buffering SubSystem Driver)
0x93375000 C:\Windows\system32\drivers\smwdm.sys 262144 bytes (Analog Devices, Inc., SoundMAX Integrated Digital Audio )
0x8C1BD000 C:\Windows\system32\drivers\volsnap.sys 258048 bytes (Microsoft Corporation, Volume Shadow Copy Driver)
0x8BEFC000 C:\Windows\system32\drivers\NETIO.SYS 253952 bytes (Microsoft Corporation, Network I/O Subsystem)
0x9316F000 C:\Windows\system32\DRIVERS\b57nd60x.sys 245760 bytes (Broadcom Corporation, Broadcom NetXtreme Gigabit Ethernet NDIS6.x Unified Driver.)
0x9D512000 C:\Windows\system32\DRIVERS\mrxsmb10.sys 241664 bytes (Microsoft Corporation, Longhorn SMB Downlevel SubRdr)
0x93136000 C:\Windows\System32\drivers\dxgmms1.sys 233472 bytes (Microsoft Corporation, DirectX Graphics MMS)
0x83003000 ACPI_HAL 225280 bytes
0x83003000 C:\Windows\system32\halmacpi.dll 225280 bytes (Microsoft Corporation, Hardware Abstraction Layer DLL)
0x9282B000 C:\Windows\System32\drivers\truecrypt.sys 217088 bytes (TrueCrypt Foundation, TrueCrypt Driver)
0x9330C000 C:\Windows\system32\drivers\ctoss2k.sys 212992 bytes (Creative Technology Ltd., Creative OS Services Driver (WDM))
0x83BC2000 C:\Windows\system32\drivers\fltmgr.sys 212992 bytes (Microsoft Corporation, Microsoft Filesystem Filter Manager)
0x932D8000 C:\Windows\system32\drivers\ks.sys 212992 bytes (Microsoft Corporation, Kernel CSA Library)
0x8C24C000 C:\Windows\System32\DRIVERS\fvevol.sys 204800 bytes (Microsoft Corporation, BitLocker Drive Encryption Driver)
0x8C3C1000 C:\Windows\System32\DRIVERS\netbt.sys 204800 bytes (Microsoft Corporation, MBT Transport driver)
0x9D40D000 C:\Windows\System32\Drivers\RDPWD.SYS 204800 bytes (Microsoft Corporation, RDP Terminal Stack Driver)
0x8C183000 C:\Windows\System32\drivers\fwpkclnt.sys 200704 bytes (Microsoft Corporation, FWP/IPsec Kernel-Mode API)
0x8BC00000 C:\Windows\system32\drivers\emupia2k.sys 192512 bytes (Creative Technology Ltd, E-mu Plug-in Architecture Driver (WDM))
0x93290000 C:\Windows\system32\drivers\portcls.sys 192512 bytes (Microsoft Corporation, Port Class (Class Driver for Port/Miniport Devices))
0x93348000 C:\Windows\system32\drivers\1394ohci.sys 184320 bytes (Microsoft Corporation, 1394 OpenHCI Driver)
0x8C206000 C:\Windows\System32\drivers\rdyboost.sys 184320 bytes (Microsoft Corporation, ReadyBoost Driver)
0x9D6F1000 C:\Program Files\CyberLink\PowerDVD10\NavFilter\000.fcl 180224 bytes (CyberLink Corp., -)
0x92AA6000 C:\Windows\system32\drivers\hap16v2k.sys 176128 bytes (Creative Technology Ltd, Creative EMU10KX-P16v HAL (WDM))
0x8BD93000 C:\Windows\System32\Drivers\msrpc.sys 176128 bytes (Microsoft Corporation, Kernel Remote Procedure Call Provider)
0x93FBC000 C:\Windows\System32\Drivers\fastfat.SYS 172032 bytes (Microsoft Corporation, Fast FAT File System Driver)
0x83A73000 C:\Windows\system32\drivers\pci.sys 172032 bytes (Microsoft Corporation, NT Plug and Play PCI Enumerator)
0x83B47000 C:\Windows\system32\drivers\vmbus.sys 172032 bytes (Microsoft Corporation, Virtual Machine Bus)
0x92800000 C:\Windows\system32\drivers\ctsfm2k.sys 167936 bytes (Creative Technology Ltd, SoundFont® Manager (WDM))
0x8C28F000 C:\Windows\system32\DRIVERS\CLASSPNP.SYS 151552 bytes (Microsoft Corporation, SCSI Class System Dll)
0x8BF3A000 C:\Windows\System32\Drivers\ksecpkg.sys 151552 bytes (Microsoft Corporation, Kernel Security Support Provider Interface Packages)
0x9D7BF000 C:\Windows\System32\drivers\rdpdr.sys 151552 bytes (Microsoft Corporation, Microsoft RDP Device redirector)
0x83B8C000 C:\Windows\system32\drivers\ataport.SYS 143360 bytes (Microsoft Corporation, ATAPI Driver Extension)
0x9D4EF000 C:\Windows\system32\DRIVERS\mrxsmb.sys 143360 bytes (Microsoft Corporation, Windows NT SMB Minirdr)
0x929C9000 C:\Windows\system32\DRIVERS\ndiswan.sys 139264 bytes (Microsoft Corporation, MS PPP Framing Driver (Strong Encryption))
0x9D638000 C:\Program Files\Sandboxie\SbieDrv.sys 135168 bytes (SANDBOXIE L.T.D, Sandboxie Kernel Mode Driver)
0x9D659000 C:\Windows\System32\DRIVERS\srvnet.sys 135168 bytes (Microsoft Corporation, Server Network driver)
0x8BC43000 C:\Windows\system32\DRIVERS\symsnap.sys 135168 bytes (StorageCraft, StorageCraft Volume Snap-Shot)
0x92961000 C:\Windows\system32\DRIVERS\tunnel.sys 135168 bytes (Microsoft Corporation, Microsoft Tunnel Interface Driver)
0x8C33F000 C:\Windows\System32\drivers\VIDEOPRT.SYS 135168 bytes (Microsoft Corporation, Video Port Driver)
0x8C2E7000 C:\Windows\system32\DRIVERS\cdrom.sys 126976 bytes (Microsoft Corporation, SCSI CD-ROM Driver)
0x8C314000 C:\Windows\system32\DRIVERS\ehdrv.sys 126976 bytes (ESET, ESET Helper driver)
0x8C000000 C:\Windows\system32\DRIVERS\pacer.sys 126976 bytes (Microsoft Corporation, QoS Packet Scheduler)
0x93710000 C:\Windows\System32\cdd.dll 122880 bytes (Microsoft Corporation, Canonical Display Driver)
0x93CD2000 C:\Windows\System32\drivers\COMMONFX.SYS 110592 bytes (Creative Technology Ltd, Creative Common FX Plug-in)
0x93EBE000 C:\Windows\system32\drivers\luafv.sys 110592 bytes (Microsoft Corporation, LUA File Virtualization Filter Driver)
0x9D54D000 C:\Windows\system32\DRIVERS\mrxsmb20.sys 110592 bytes (Microsoft Corporation, Longhorn SMB 2.0 Redirector)
0x8BFB9000 C:\Windows\system32\DRIVERS\serial.sys 106496 bytes (Microsoft Corporation, Serial Device Driver)
0x93F7F000 C:\Windows\system32\drivers\WudfPf.sys 106496 bytes (Microsoft Corporation, Windows Driver Foundation - User-mode Driver Framework Platform Driver)
0x9D4C4000 C:\Windows\system32\DRIVERS\bowser.sys 102400 bytes (Microsoft Corporation, NT Lan Manager Datagram Receiver Driver)
0x932BF000 C:\Windows\system32\drivers\drmk.sys 102400 bytes (Microsoft Corporation, Microsoft Trusted Audio Drivers)
0x9D56F000 C:\Windows\system32\DRIVERS\epfwwfpr.sys 102400 bytes (ESET, ESET Personal Firewall driver)
0x9293B000 C:\Windows\System32\Drivers\dfsc.sys 98304 bytes (Microsoft Corporation, DFS Namespace Client Driver)
0x933C0000 C:\Windows\system32\drivers\i8042prt.sys 98304 bytes (Microsoft Corporation, i8042 Port Driver)
0x933E5000 C:\Windows\system32\DRIVERS\parport.sys 98304 bytes (Microsoft Corporation, Parallel Port Driver)
0x929A6000 C:\Windows\system32\DRIVERS\rasl2tp.sys 98304 bytes (Microsoft Corporation, RAS L2TP mini-port/call-manager driver)
0x929EB000 C:\Windows\system32\DRIVERS\raspppoe.sys 98304 bytes (Microsoft Corporation, RAS PPPoE mini-port/call-manager driver)
0x92A03000 C:\Windows\system32\DRIVERS\raspptp.sys 94208 bytes (Microsoft Corporation, Peer-to-Peer Tunneling Protocol)
0x92A1A000 C:\Windows\system32\DRIVERS\rassstp.sys 94208 bytes (Microsoft Corporation, RAS SSTP Miniport Call Manager)
0x8C39E000 C:\Windows\system32\DRIVERS\tdx.sys 94208 bytes (Microsoft Corporation, TDI Translation Driver)
0x93E54000 C:\Windows\system32\DRIVERS\usbccgp.sys 94208 bytes (Microsoft Corporation, USB Common Class Generic Parent Driver)
0x83B31000 C:\Windows\System32\drivers\mountmgr.sys 90112 bytes (Microsoft Corporation, Mount Point Manager)
0x93E78000 C:\Windows\system32\drivers\HIDCLASS.SYS 77824 bytes (Microsoft Corporation, Hid Class Library)
0x8BDBE000 C:\Windows\System32\Drivers\ksecdd.sys 77824 bytes (Microsoft Corporation, Kernel Security Support Provider Interface)
0x93FA9000 C:\Windows\system32\DRIVERS\rspndr.sys 77824 bytes (Microsoft Corporation, Link-Layer Topology Responder Driver for NDIS 6)
0x8BFD3000 C:\Windows\system32\DRIVERS\wanarp.sys 77824 bytes (Microsoft Corporation, MS Remote Access and Routing ARP Driver)
0x83B71000 00000128 73728 bytes
0x92994000 C:\Windows\system32\DRIVERS\AgileVpn.sys 73728 bytes (Microsoft Corporation, RAS Agile Vpn Miniport Call Manager)
0x92982000 C:\Windows\system32\DRIVERS\intelppm.sys 73728 bytes (Microsoft Corporation, Processor Device Driver)
0x9D4DD000 C:\Windows\System32\drivers\mpsdrv.sys 73728 bytes (Microsoft Corporation, Microsoft Protection Service Driver)
0x83B71000 C:\Windows\system32\drivers\winhv.sys 73728 bytes (Microsoft Corporation, Windows Hypervisor Interface Driver)
0x8C27E000 C:\Windows\system32\DRIVERS\disk.sys 69632 bytes (Microsoft Corporation, PnP Disk Driver)
0x93E43000 C:\Windows\System32\Drivers\dump_dumpfve.sys 69632 bytes
0x8BC32000 C:\Windows\system32\drivers\fileinfo.sys 69632 bytes (Microsoft Corporation, FileInfo Filter Driver)
0x93E10000 C:\Windows\System32\Drivers\NDProxy.SYS 69632 bytes (Microsoft Corporation, NDIS Proxy)
0x83A9D000 C:\Windows\System32\drivers\partmgr.sys 69632 bytes (Microsoft Corporation, Partition Management Driver)
0x8388A000 C:\Windows\system32\PSHED.dll 69632 bytes (Microsoft Corporation, Platform Specific Hardware Error Driver)
0x92860000 C:\Windows\system32\drivers\termdd.sys 69632 bytes (Microsoft Corporation, Remote Desktop Server Driver)
0x93F99000 C:\Windows\system32\DRIVERS\lltdio.sys 65536 bytes (Microsoft Corporation, Link-Layer Topology Mapper I/O Driver)
0x8C233000 C:\Windows\System32\Drivers\mup.sys 65536 bytes (Microsoft Corporation, Multiple UNC Provider Driver)
0x83AC1000 C:\Windows\system32\drivers\volmgr.sys 65536 bytes (Microsoft Corporation, Volume Manager Driver)
0x9D588000 C:\Windows\system32\drivers\npf.sys 61440 bytes (CACE Technologies, Inc., npf.sys (NT5/6 x86) Kernel Driver)
0x93201000 C:\Windows\system32\DRIVERS\usbehci.sys 61440 bytes (Microsoft Corporation, EHCI eUSB Miniport Driver)
0x92953000 C:\Windows\system32\DRIVERS\blbdrive.sys 57344 bytes (Microsoft Corporation, BLB Drive Driver)
0x8C01F000 C:\Windows\system32\DRIVERS\netbios.sys 57344 bytes (Microsoft Corporation, NetBIOS interface driver)
0x8C390000 C:\Windows\System32\Drivers\Npfs.SYS 57344 bytes (Microsoft Corporation, NPFS Driver)
0x83B23000 C:\Windows\system32\drivers\PCIIDEX.SYS 57344 bytes (Microsoft Corporation, PCI IDE Bus Driver Extension)
0x8BE2E000 C:\Windows\System32\drivers\pcw.sys 57344 bytes (Microsoft Corporation, Performance Counters for Windows Driver)
0x92A54000 C:\Windows\system32\DRIVERS\umbus.sys 57344 bytes (Microsoft Corporation, User-Mode Bus Enumerator)
0x83A01000 C:\Windows\system32\drivers\WDFLDR.SYS 57344 bytes (Microsoft Corporation, Kernel Mode Driver Framework Loader)
0x92C10000 C:\Windows\system32\drivers\CompositeBus.sys 53248 bytes (Microsoft Corporation, Multi-Transport Composite Bus Enumerator)
0x93E21000 C:\Windows\System32\Drivers\crashdmp.sys 53248 bytes (Microsoft Corporation, Crash Dump Driver)
0x933D8000 C:\Windows\system32\drivers\kbdclass.sys 53248 bytes (Microsoft Corporation, Keyboard Class Driver)
0x92A47000 C:\Windows\system32\drivers\mouclass.sys 53248 bytes (Microsoft Corporation, Mouse Class Driver)
0x9D67A000 C:\Windows\System32\drivers\tcpipreg.sys 53248 bytes (Microsoft Corporation, TCP/IP Registry Compatibility Driver)
0x9D400000 C:\Windows\System32\DRIVERS\tssecsrv.sys 53248 bytes (Microsoft Corporation, TS Security Filter Driver)
0x8C360000 C:\Windows\System32\drivers\watchdog.sys 53248 bytes (Microsoft Corporation, Watchdog Driver)
0x928CB000 C:\Windows\System32\drivers\discache.sys 49152 bytes (Microsoft Corporation, System Indexer/Cache Driver)
0x93E92000 C:\Windows\system32\drivers\kbdhid.sys 49152 bytes (Microsoft Corporation, HID Keyboard Filter Driver)
0x92A31000 C:\Windows\System32\Drivers\pcouffin.sys 49152 bytes (VSO Software, low level access layer for CD/DVD/BD devices)
0x8C3B5000 C:\Windows\system32\DRIVERS\TDI.SYS 49152 bytes (Microsoft Corporation, TDI Wrapper)
0x8C333000 C:\Windows\System32\drivers\vga.sys 49152 bytes (Microsoft Corporation, VGA/Super VGA Video Driver)
0x83AB6000 C:\Windows\system32\DRIVERS\BATTC.SYS 45056 bytes (Microsoft Corporation, Battery Class Driver)
0x93E2E000 C:\Windows\System32\Drivers\dump_dumpata.sys 45056 bytes
0x933B5000 C:\Windows\system32\DRIVERS\fdc.sys 45056 bytes (Microsoft Corporation, Floppy Disk Controller Driver)
0x93E6D000 C:\Windows\system32\drivers\hidusb.sys 45056 bytes (Microsoft Corporation, USB Miniport Driver for Input Devices)
0x93EB3000 C:\Windows\system32\DRIVERS\monitor.sys 45056 bytes (Microsoft Corporation, Monitor Driver)
0x93E9E000 C:\Windows\system32\DRIVERS\mouhid.sys 45056 bytes (Microsoft Corporation, HID Mouse Filter Driver)
0x8C385000 C:\Windows\System32\Drivers\Msfs.SYS 45056 bytes (Microsoft Corporation, Mailslot driver)
0x929BE000 C:\Windows\system32\DRIVERS\ndistapi.sys 45056 bytes (Microsoft Corporation, NDIS 3.0 connection wrapper driver)
0x9D7EC000 C:\Windows\system32\drivers\tdtcp.sys 45056 bytes (Microsoft Corporation, TCP Transport Driver)
0x931AB000 C:\Windows\system32\DRIVERS\usbuhci.sys 45056 bytes (Microsoft Corporation, UHCI USB Miniport Driver)
0x83A68000 C:\Windows\system32\drivers\vdrvroot.sys 45056 bytes (Microsoft Corporation, Virtual Drive Root Enumerator)
0x93FE6000 C:\Windows\system32\DRIVERS\DKRtWrt.sys 40960 bytes (Diskeeper Corporation, Diskeeper IntelliWrite Mini-Filter Driver)
0x93E39000 C:\Windows\System32\Drivers\dump_msahci.sys 40960 bytes
0x93EA9000 C:\Windows\System32\drivers\Dxapi.sys 40960 bytes (Microsoft Corporation, DirectX API Driver)
0x93E06000 C:\Windows\system32\DRIVERS\flpydisk.sys 40960 bytes (Microsoft Corporation, Floppy Driver)
0x92C1D000 C:\Windows\system32\DRIVERS\GenericMount.sys 40960 bytes (Symantec Corporation, Symantec Corporation Generic Mount)
0x83BAF000 C:\Windows\system32\drivers\msahci.sys 40960 bytes (Microsoft Corporation, MS AHCI 1.0 Standard Driver)
0x928BC000 C:\Windows\system32\drivers\mssmbios.sys 40960 bytes (Microsoft Corporation, System Management BIOS Driver)
0x928B2000 C:\Windows\system32\drivers\nsiproxy.sys 40960 bytes (Microsoft Corporation, NSI Proxy)
0x92A3D000 C:\Windows\system32\DRIVERS\rdpbus.sys 40960 bytes (Microsoft Corporation, Microsoft RDP Bus Device driver)
0x9D62E000 C:\Windows\System32\Drivers\secdrv.SYS 40960 bytes (Macrovision Corporation, Macrovision Europe Limited, and Macrovision Japan and Asia K.K., Macrovision SECURITY Driver)
0x92C00000 C:\Windows\system32\DRIVERS\serenum.sys 40960 bytes (Microsoft Corporation, Serial Port Enumerator)
0x83BB9000 C:\Windows\system32\drivers\amdxata.sys 36864 bytes (Advanced Micro Devices, Storage Filter Driver)
0x83B83000 C:\Windows\system32\drivers\atapi.sys 36864 bytes (Microsoft Corporation, ATAPI IDE Miniport Driver)
0x9D69C000 C:\Windows\System32\Drivers\BlackBox.SYS 36864 bytes (RKU Driver)
0x8BE3C000 C:\Windows\System32\Drivers\Fs_Rec.sys 36864 bytes (Microsoft Corporation, File System Recognizer Driver)
0x93690000 C:\Windows\System32\TSDDD.dll 36864 bytes (Microsoft Corporation, Framebuffer Display Driver)
0x8C1B4000 C:\Windows\system32\drivers\vmstorfl.sys 36864 bytes (Microsoft Corporation, Virtual Storage Filter Driver)
0x83A57000 C:\Windows\system32\drivers\WMILIB.SYS 36864 bytes (Microsoft Corporation, WMILIB WMI support library Dll)
0x8389B000 C:\Windows\system32\BOOTVID.dll 32768 bytes (Microsoft Corporation, VGA Boot Driver)
0x83AAE000 C:\Windows\system32\DRIVERS\compbatt.sys 32768 bytes (Microsoft Corporation, Composite Battery Driver)
0x93340000 C:\Windows\system32\drivers\ctprxy2k.sys 32768 bytes (Creative Technology Ltd, Creative Proxy Device Driver (WDM))
0x9D7E4000 C:\Program Files\DU Meter\DUMETR32.SYS 32768 bytes (Hagel Technologies Ltd., DU Meter network traffic accounting driver)
0x8C243000 C:\Windows\System32\drivers\hwpolicy.sys 32768 bytes (Microsoft Corporation, Hardware Policy Driver)
0x80BA8000 C:\Windows\system32\kdcom.dll 32768 bytes (Microsoft Corporation, Serial Kernel Debugger)
0x83A60000 C:\Windows\system32\drivers\msisadrv.sys 32768 bytes (Microsoft Corporation, ISA Driver)
0x8C36D000 C:\Windows\System32\DRIVERS\RDPCDD.sys 32768 bytes (Microsoft Corporation, RDP Miniport)
0x8C375000 C:\Windows\system32\drivers\rdpencdd.sys 32768 bytes (Microsoft Corporation, RDP Encoder Miniport)
0x8C37D000 C:\Windows\system32\drivers\rdprefmp.sys 32768 bytes (Microsoft Corporation, RDP Reflector Driver Miniport)
0x8C1FC000 C:\Windows\System32\Drivers\spldr.sys 32768 bytes (Microsoft Corporation, loader for security processor)
0x8C30D000 C:\Windows\System32\Drivers\Beep.SYS 28672 bytes (Microsoft Corporation, BEEP Driver)
0x93E8B000 C:\Windows\system32\drivers\HIDPARSE.SYS 28672 bytes (Microsoft Corporation, Hid Parsing Library)
0x83B1C000 C:\Windows\system32\drivers\intelide.sys 28672 bytes (Microsoft Corporation, Intel PCI IDE Driver)
0x8C306000 C:\Windows\System32\Drivers\Null.SYS 28672 bytes (Microsoft Corporation, NULL Driver)
0x9D568000 C:\Windows\system32\DRIVERS\parvdm.sys 28672 bytes (Microsoft Corporation, VDM Parallel Driver)
0x8C3F3000 C:\Windows\system32\DRIVERS\wfplwf.sys 28672 bytes (Microsoft Corporation, WFP NDIS 6.20 Lightweight Filter Driver)
0x92C0A000 C:\Windows\system32\DRIVERS\GEARAspiWDM.sys 24576 bytes (GEAR Software Inc., CD DVD Filter)
0x928C6000 C:\Windows\System32\Drivers\ElbyCDIO.sys 20480 bytes (Elaborate Bytes AG, ElbyCD Windows NT/2000/XP I/O driver)
0x9D7F7000 C:\Windows\system32\drivers\mbam.sys 16384 bytes (Malwarebytes Corporation, Malwarebytes' Anti-Malware)
0x8C204000 C:\Windows\system32\speedfan.sys 8192 bytes (Windows ® 2000 DDK provider, SpeedFan Device Driver)
0x92C27000 C:\Windows\system32\drivers\swenum.sys 8192 bytes (Microsoft Corporation, Plug and Play Software Device Enumerator)
0x93E6B000 C:\Windows\system32\DRIVERS\USBD.SYS 8192 bytes (Microsoft Corporation, Universal Serial Bus Driver)
0x8C24B000 C:\Windows\system32\giveio.sys 4096 bytes
==============================================
>Stealth
==============================================
0x8688AF13 Unknown page with executable code, 237 bytes
0x867B0DA4 Unknown page with executable code, 604 bytes
0x867B8D46 Unknown page with executable code, 698 bytes

OTL

OTL logfile created on: 6/21/2011 11:21:27 PM - Run 1
OTL by OldTimer - Version 3.2.24.1 Folder = C:\Users\Joel\Desktop
Ultimate Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 8.0.7601.17514)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

3.00 Gb Total Physical Memory | 1.69 Gb Available Physical Memory | 56.20% Memory free
5.99 Gb Paging File | 4.75 Gb Available in Paging File | 79.33% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 149.00 Gb Total Space | 46.97 Gb Free Space | 31.53% Space Free | Partition Type: NTFS
Drive D: | 279.44 Gb Total Space | 54.92 Gb Free Space | 19.65% Space Free | Partition Type: NTFS

Computer Name: JOEL-PC | User Name: Joel | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2011/06/21 23:19:11 | 000,579,072 | ---- | M] (OldTimer Tools) -- C:\Users\Joel\Desktop\OTL.exe
PRC - [2011/06/06 12:55:28 | 000,064,952 | ---- | M] (Adobe Systems Incorporated) -- C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe
PRC - [2011/06/01 05:44:54 | 002,337,144 | ---- | M] (TeamViewer GmbH) -- C:\Program Files\TeamViewer\Version6\TeamViewer_Service.exe
PRC - [2011/05/29 09:11:28 | 000,366,640 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe
PRC - [2011/05/05 16:22:48 | 000,924,632 | ---- | M] (Mozilla Corporation) -- C:\Program Files\Mozilla Firefox\firefox.exe
PRC - [2011/03/28 19:26:10 | 000,399,736 | ---- | M] (BitTorrent, Inc.) -- C:\Program Files\uTorrent\uTorrent.exe
PRC - [2011/02/24 22:30:54 | 002,616,320 | ---- | M] (Microsoft Corporation) -- C:\Windows\explorer.exe
PRC - [2010/12/20 11:06:32 | 001,734,480 | ---- | M] (Diskeeper Corporation) -- C:\Program Files\Diskeeper Corporation\Diskeeper\DkService.exe
PRC - [2010/11/24 13:33:26 | 000,921,600 | ---- | M] () -- C:\ProgramData\TVersity\Media Server\MediaServer.exe
PRC - [2010/11/20 05:17:47 | 000,049,152 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\taskhost.exe
PRC - [2010/10/17 15:42:40 | 000,404,200 | ---- | M] (SANDBOXIE L.T.D) -- C:\Program Files\Sandboxie\SbieCtrl.exe
PRC - [2010/10/17 15:42:38 | 000,075,496 | ---- | M] (SANDBOXIE L.T.D) -- C:\Program Files\Sandboxie\SbieSvc.exe
PRC - [2010/08/21 21:58:11 | 001,411,616 | ---- | M] (Hagel Technologies Ltd.) -- C:\Program Files\DU Meter\DUMeterSvc.exe
PRC - [2010/08/21 21:58:04 | 002,931,744 | ---- | M] (Hagel Technologies Ltd.) -- C:\Program Files\DU Meter\DUMeter.exe
PRC - [2010/08/12 15:16:26 | 000,810,144 | ---- | M] (ESET) -- C:\Program Files\ESET\ESET NOD32 Antivirus\ekrn.exe
PRC - [2010/08/12 15:16:12 | 002,215,064 | ---- | M] (ESET) -- C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe
PRC - [2009/07/13 18:14:41 | 000,354,304 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\StikyNot.exe
PRC - [2009/03/04 13:45:36 | 000,019,456 | ---- | M] (Creative Technology Ltd) -- C:\Windows\System32\CtHelper.exe


========== Modules (SafeList) ==========

MOD - [2011/06/21 23:19:11 | 000,579,072 | ---- | M] (OldTimer Tools) -- C:\Users\Joel\Desktop\OTL.exe
MOD - [2010/11/20 04:55:09 | 001,680,896 | ---- | M] (Microsoft Corporation) -- C:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2\comctl32.dll


========== Win32 Services (SafeList) ==========

SRV - File not found [Disabled | Stopped] -- -- (XNDJ)
SRV - File not found [Disabled | Stopped] -- -- (V)
SRV - File not found [Disabled | Stopped] -- -- (PYCIV)
SRV - File not found [Disabled | Stopped] -- -- (IJIBJJOEYUGEA)
SRV - [2011/06/06 12:55:28 | 000,064,952 | ---- | M] (Adobe Systems Incorporated) [Auto | Running] -- C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe -- (AdobeARMservice)
SRV - [2011/06/01 05:44:54 | 002,337,144 | ---- | M] (TeamViewer GmbH) [Auto | Running] -- C:\Program Files\TeamViewer\Version6\TeamViewer_Service.exe -- (TeamViewer6)
SRV - [2011/05/29 09:11:28 | 000,366,640 | ---- | M] (Malwarebytes Corporation) [Auto | Running] -- C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe -- (MBAMService)
SRV - [2010/12/20 11:06:32 | 001,734,480 | ---- | M] (Diskeeper Corporation) [Auto | Running] -- C:\Program Files\Diskeeper Corporation\Diskeeper\DkService.exe -- (Diskeeper)
SRV - [2010/11/24 13:33:26 | 000,921,600 | ---- | M] () [Auto | Running] -- C:\ProgramData\TVersity\Media Server\MediaServer.exe -- (TVersityMediaServer)
SRV - [2010/10/17 15:42:38 | 000,075,496 | ---- | M] (SANDBOXIE L.T.D) [Auto | Running] -- C:\Program Files\Sandboxie\SbieSvc.exe -- (SbieSvc)
SRV - [2010/08/21 21:58:11 | 001,411,616 | ---- | M] (Hagel Technologies Ltd.) [Auto | Running] -- C:\Program Files\DU Meter\DUMeterSvc.exe -- (DUMeterSvc)
SRV - [2010/08/12 15:18:40 | 000,033,584 | ---- | M] (ESET) [Auto | Stopped] -- C:\Program Files\ESET\ESET NOD32 Antivirus\EHttpSrv.exe -- (EhttpSrv)
SRV - [2010/08/12 15:16:26 | 000,810,144 | ---- | M] (ESET) [Auto | Running] -- C:\Program Files\ESET\ESET NOD32 Antivirus\ekrn.exe -- (ekrn)
SRV - [2010/02/07 13:35:09 | 000,079,360 | ---- | M] (Creative Labs) [On_Demand | Stopped] -- C:\Program Files\Common Files\Creative Labs Shared\Service\CTAELicensing.exe -- (Creative Audio Engine Licensing Service)
SRV - [2009/11/25 16:42:18 | 000,583,640 | ---- | M] (PC Tools) [Disabled | Stopped] -- C:\Program Files\Common Files\PC Tools\sMonitor\StartManSvc.exe -- (PCToolsSSDMonitorSvc)
SRV - [2009/10/20 11:19:48 | 000,117,264 | ---- | M] (CACE Technologies, Inc.) [On_Demand | Stopped] -- C:\Program Files\WinPcap\rpcapd.exe -- (rpcapd) Remote Packet Capture Protocol v.0 (experimental)
SRV - [2009/10/01 22:32:04 | 004,584,288 | ---- | M] (Symantec Corporation) [Disabled | Stopped] -- C:\Program Files\Norton Ghost\Agent\VProSvc.exe -- (Norton Ghost)
SRV - [2009/09/21 21:25:34 | 001,571,336 | ---- | M] (Symantec) [Disabled | Stopped] -- C:\Program Files\Norton Ghost\Shared\Drivers\GenericMountHelper.exe -- (GenericMount Helper Service)
SRV - [2009/09/21 21:19:20 | 001,964,528 | ---- | M] (Symantec) [Disabled | Stopped] -- C:\Program Files\Norton Ghost\Shared\Drivers\SymSnapService.exe -- (SymSnapService)
SRV - [2009/07/13 18:16:13 | 000,025,088 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\sensrsvc.dll -- (SensrSvc)
SRV - [2009/07/13 18:16:12 | 001,004,544 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\PeerDistSvc.dll -- (PeerDistSvc)
SRV - [2009/07/13 18:15:41 | 000,680,960 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
SRV - [2007/09/12 19:27:24 | 002,999,664 | ---- | M] (Symantec Corporation) [Disabled | Stopped] -- C:\Program Files\Symantec\LiveUpdate\LuComServer_3_2.EXE -- (LiveUpdate)


========== Driver Services (SafeList) ==========

DRV - [2011/05/29 09:11:20 | 000,022,712 | ---- | M] (Malwarebytes Corporation) [File_System | On_Demand | Running] -- C:\Windows\System32\drivers\mbam.sys -- (MBAMProtector)
DRV - [2010/11/20 05:30:15 | 000,175,360 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\system32\drivers\vmbus.sys -- (vmbus)
DRV - [2010/11/20 05:30:15 | 000,040,704 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\system32\drivers\vmstorfl.sys -- (storflt)
DRV - [2010/11/20 05:30:15 | 000,028,032 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\drivers\storvsc.sys -- (storvsc)
DRV - [2010/11/20 03:24:41 | 000,052,224 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\TsUsbFlt.sys -- (TsUsbFlt)
DRV - [2010/11/20 03:21:14 | 000,015,872 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\rdpvideominiport.sys -- (RdpVideoMiniport)
DRV - [2010/11/20 02:59:44 | 000,035,968 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\winusb.sys -- (WinUsb)
DRV - [2010/11/20 02:14:45 | 000,017,920 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\drivers\VMBusHID.sys -- (VMBusHID)
DRV - [2010/11/20 02:14:41 | 000,005,632 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\drivers\vms3cap.sys -- (s3cap)
DRV - [2010/10/17 15:42:34 | 000,124,648 | ---- | M] (SANDBOXIE L.T.D) [Kernel | On_Demand | Running] -- C:\Program Files\Sandboxie\SbieDrv.sys -- (SbieDrv)
DRV - [2010/08/19 12:13:50 | 000,019,368 | ---- | M] (Hagel Technologies Ltd.) [Kernel | On_Demand | Running] -- C:\Program Files\DU Meter\DUMetr32.sys -- (DUMeterDrv)
DRV - [2010/07/29 14:31:26 | 000,136,632 | ---- | M] (ESET) [File_System | Auto | Running] -- C:\Windows\System32\drivers\eamonm.sys -- (eamonm)
DRV - [2010/07/29 14:31:26 | 000,115,008 | ---- | M] (ESET) [Kernel | System | Running] -- C:\Windows\System32\drivers\ehdrv.sys -- (ehdrv)
DRV - [2010/07/29 14:31:26 | 000,096,920 | ---- | M] (ESET) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\epfwwfpr.sys -- (epfwwfpr)
DRV - [2010/07/12 18:03:35 | 000,223,440 | ---- | M] (TrueCrypt Foundation) [Kernel | System | Running] -- C:\Windows\System32\drivers\truecrypt.sys -- (truecrypt)
DRV - [2010/06/28 22:50:22 | 000,087,536 | ---- | M] (CyberLink Corp.) [2010/08/01 05:47:03] [Kernel | Auto | Running] -- C:\Program Files\CyberLink\PowerDVD10\NavFilter\000.fcl -- ({1BA31E5A-C098-42d8-8F88-3C9F78A2FDDC})
DRV - [2010/03/10 11:29:26 | 000,046,256 | ---- | M] (Diskeeper Corporation) [File_System | On_Demand | Running] -- C:\Windows\System32\drivers\DKRtWrt.sys -- (DKRtWrt)
DRV - [2010/01/02 18:50:43 | 000,691,696 | ---- | M] (Duplex Secure Ltd.) [Kernel | Disabled | Stopped] -- C:\Windows\System32\Drivers\sptd.sys -- (sptd)
DRV - [2009/10/20 11:19:44 | 000,050,704 | ---- | M] (CACE Technologies, Inc.) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\npf.sys -- (NPF)
DRV - [2009/10/01 23:03:40 | 000,131,000 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\System32\drivers\WimFltr.sys -- (WimFltr)
DRV - [2009/09/21 21:40:14 | 000,015,096 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\vproeventmonitor.sys -- (VProEventMonitor)
DRV - [2009/09/21 21:26:10 | 000,046,192 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\GenericMount.sys -- (GenericMount)
DRV - [2009/09/21 21:20:42 | 000,138,592 | ---- | M] (StorageCraft) [File_System | Boot | Running] -- C:\Windows\system32\DRIVERS\symsnap.sys -- (symsnap)
DRV - [2009/07/25 00:21:14 | 000,004,608 | ---- | M] (RealVNC Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\vncmirror.sys -- (vncmirror)
DRV - [2009/07/13 15:09:17 | 004,194,816 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Running] -- C:\Windows\system32\drivers\atikmdag.sys -- (atikmdag)
DRV - [2009/03/04 15:46:56 | 000,189,464 | ---- | M] (Creative Technology Ltd) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\haP17v2k.sys -- (hap17v2k)
DRV - [2009/03/04 15:46:48 | 000,162,840 | ---- | M] (Creative Technology Ltd) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\haP16v2k.sys -- (hap16v2k)
DRV - [2009/03/04 15:46:38 | 000,798,744 | ---- | M] (Creative Technology Ltd) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\ha10kx2k.sys -- (ha10kx2k)
DRV - [2009/03/04 15:46:26 | 000,092,696 | ---- | M] (Creative Technology Ltd) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\emupia2k.sys -- (emupia)
DRV - [2009/03/04 15:46:00 | 000,157,208 | ---- | M] (Creative Technology Ltd) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\ctsfm2k.sys -- (ctsfm2k)
DRV - [2009/03/04 15:45:46 | 000,014,360 | ---- | M] (Creative Technology Ltd) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\ctprxy2k.sys -- (ctprxy2k)
DRV - [2009/03/04 15:45:34 | 000,127,512 | ---- | M] (Creative Technology Ltd.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\ctoss2k.sys -- (ossrv)
DRV - [2009/03/04 15:44:54 | 000,347,080 | ---- | M] (Creative Technology Ltd) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\ctdvda2k.sys -- (ctdvda2k)
DRV - [2009/03/04 15:44:38 | 000,528,408 | ---- | M] (Creative Technology Ltd) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\ctaud2k.sys -- (ctaud2k) Creative Audio Driver (WDM)
DRV - [2009/03/04 15:44:26 | 000,511,000 | ---- | M] (Creative Technology Ltd) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\ctac32k.sys -- (ctac32k)
DRV - [2009/03/04 15:42:56 | 000,100,888 | ---- | M] (Creative Technology Ltd) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\CTERFXFX.SYS -- (CTERFXFX.SYS)
DRV - [2009/03/04 15:42:56 | 000,100,888 | ---- | M] (Creative Technology Ltd) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\CTERFXFX.sys -- (CTERFXFX)
DRV - [2009/03/04 15:42:42 | 000,566,296 | ---- | M] (Creative Technology Ltd) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\CTSBLFX.SYS -- (CTSBLFX.SYS)
DRV - [2009/03/04 15:42:42 | 000,566,296 | ---- | M] (Creative Technology Ltd) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\CTSBLFX.sys -- (CTSBLFX)
DRV - [2009/03/04 15:42:30 | 000,555,032 | ---- | M] (Creative Technology Ltd) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\CTAUDFX.SYS -- (CTAUDFX.SYS)
DRV - [2009/03/04 15:42:30 | 000,555,032 | ---- | M] (Creative Technology Ltd) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\CTAUDFX.sys -- (CTAUDFX)
DRV - [2009/03/04 15:42:16 | 000,099,352 | ---- | M] (Creative Technology Ltd) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\COMMONFX.SYS -- (COMMONFX.SYS)
DRV - [2009/03/04 15:42:16 | 000,099,352 | ---- | M] (Creative Technology Ltd) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\COMMONFX.sys -- (COMMONFX)
DRV - [2007/04/12 09:10:26 | 000,164,608 | ---- | M] (Creative Technology Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\CT20XUT.DLL -- (CT20XUT.DLL)
DRV - [2007/04/12 09:10:26 | 000,066,816 | ---- | M] (Creative Technology Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\CTHWIUT.DLL -- (CTHWIUT.DLL)
DRV - [2007/04/12 09:10:24 | 001,317,632 | ---- | M] (Creative Technology Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\CTEXFIFX.DLL -- (CTEXFIFX.DLL)
DRV - [2007/04/12 09:10:22 | 000,323,328 | ---- | M] (Creative Technology Ltd) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\CTEDSPSY.DLL -- (CTEDSPSY.DLL)
DRV - [2007/04/12 09:10:22 | 000,128,768 | ---- | M] (Creative Technology Ltd) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\CTEDSPIO.DLL -- (CTEDSPIO.DLL)
DRV - [2007/04/12 09:10:20 | 000,280,320 | ---- | M] (Creative Technology Ltd) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\CTEDSPFX.DLL -- (CTEDSPFX.DLL)
DRV - [2007/04/12 09:10:18 | 000,168,192 | ---- | M] (Creative Technology Ltd) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\CTEAPSFX.DLL -- (CTEAPSFX.DLL)
DRV - [2006/09/24 06:28:46 | 000,005,248 | ---- | M] (Windows ® 2000 DDK provider) [Kernel | Boot | Running] -- C:\Windows\system32\speedfan.sys -- (speedfan)
DRV - [2006/06/21 12:36:18 | 000,013,184 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\Program Files\Softwin\BitDefender Antirootkit\profos.sys -- (Profos)
DRV - [2005/06/24 18:36:16 | 000,039,036 | ---- | M] (LG Electronics Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\lgusbmodem.sys -- (USBModem)
DRV - [2005/05/26 11:01:36 | 000,038,144 | ---- | M] (LG Electronics Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\lgusbdiag.sys -- (UsbDiag)
DRV - [2005/05/26 11:01:18 | 000,021,344 | ---- | M] (LG Electronics Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\lgusbbus.sys -- (usbbus)
DRV - [1996/04/03 12:33:26 | 000,005,248 | ---- | M] () [Kernel | Boot | Running] -- C:\Windows\system32\giveio.sys -- (giveio)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========



IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0



IE - HKU\S-1-5-21-3382357653-3275850264-2365083677-1001\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.bing.com/?pc=ZUGO&form=ZGAPHP
IE - HKU\S-1-5-21-3382357653-3275850264-2365083677-1001\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = en-us
IE - HKU\S-1-5-21-3382357653-3275850264-2365083677-1001\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = CB B4 90 40 03 21 CC 01 [binary data]
IE - HKU\S-1-5-21-3382357653-3275850264-2365083677-1001\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-21-3382357653-3275850264-2365083677-1001\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local

========== FireFox ==========

FF - prefs.js..browser.search.defaultenginename: "Yahoo"
FF - prefs.js..browser.search.defaulturl: "http://slirsredirect.search.aol.com/slirs_http/sredir?sredir=2706&invocationType=&query="
FF - prefs.js..browser.search.order.1: "Yahoo"
FF - prefs.js..browser.search.param.yahoo-fr: "megaup"
FF - prefs.js..browser.search.param.yahoo-fr-cjkt: "megaup"
FF - prefs.js..browser.search.selectedEngine: "Rotten Tomatoes"
FF - prefs.js..browser.search.useDBForOrder: true
FF - prefs.js..browser.startup.homepage: "http://www.google.com/"
FF - prefs.js..extensions.enabledItems: {e4a8a97b-f2ed-450b-b12d-ee082ba24781}:0.9.1
FF - prefs.js..extensions.enabledItems: {aff87fa2-a58e-4edd-b852-0a20203c1e17}:0.8
FF - prefs.js..extensions.enabledItems: moveplayer@movenetworks.com:7
FF - prefs.js..extensions.enabledItems: {B17C1C5A-04B1-11DB-9804-B622A1EF5492}:1.2.1
FF - prefs.js..extensions.enabledItems: {46551EC9-40F0-4e47-8E18-8E5CF550CFB8}:1.1.1
FF - prefs.js..extensions.enabledItems: {19503e42-ca3c-4c27-b1e2-9cdb2170ee34}:1.2.6
FF - prefs.js..extensions.enabledItems: apptabs@frankyan.com:0.6.2
FF - prefs.js..extensions.enabledItems: vshareus@toolbar:1.0.0
FF - prefs.js..extensions.enabledItems: {635abd67-4fe9-1b23-4f01-e679fa7484c1}:1.6.6.20090220
FF - prefs.js..extensions.enabledItems: {d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}:1.3.6
FF - prefs.js..extensions.enabledItems: {8f8fe09b-0bd3-4470-bc1b-8cad42b8203a}:0.16
FF - prefs.js..keyword.URL: "http://www.google.com/search?q="
FF - prefs.js..network.proxy.backup.ftp: "66.29.36.93"
FF - prefs.js..network.proxy.backup.ftp_port: 554
FF - prefs.js..network.proxy.backup.gopher: "66.29.36.93"
FF - prefs.js..network.proxy.backup.gopher_port: 554
FF - prefs.js..network.proxy.backup.socks: "66.29.36.93"
FF - prefs.js..network.proxy.backup.socks_port: 554
FF - prefs.js..network.proxy.backup.ssl: "66.29.36.93"
FF - prefs.js..network.proxy.backup.ssl_port: 554
FF - prefs.js..network.proxy.ftp: "66.29.36.93"
FF - prefs.js..network.proxy.ftp_port: 554
FF - prefs.js..network.proxy.gopher: "66.29.36.93"
FF - prefs.js..network.proxy.gopher_port: 554
FF - prefs.js..network.proxy.http_port: 554
FF - prefs.js..network.proxy.share_proxy_settings: true
FF - prefs.js..network.proxy.socks: "66.29.36.93"
FF - prefs.js..network.proxy.socks_port: 554
FF - prefs.js..network.proxy.ssl: "66.29.36.93"
FF - prefs.js..network.proxy.ssl_port: 554
FF - prefs.js..network.proxy.type: 0

FF - user.js..network.proxy.http: ""
FF - user.js..network.proxy.http_port:
FF - user.js..network.proxy.no_proxies_on: ""
FF - user.js..network.proxy.type: 0

FF - HKLM\software\mozilla\Mozilla Firefox 4.0.1\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2011/05/05 16:22:56 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 4.0.1\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2011/06/15 02:16:35 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 4.0b3\extensions\\Components: C:\Program Files\Mozilla Firefox 4.0 Beta 2\components [2010/10/29 21:35:01 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 4.0b3\extensions\\Plugins: C:\Program Files\Mozilla Firefox 4.0 Beta 2\plugins
FF - HKLM\software\mozilla\Thunderbird\Extensions\\eplgTb@eset.com: C:\Program Files\ESET\ESET NOD32 Antivirus\Mozilla Thunderbird [2011/01/04 08:57:30 | 000,000,000 | ---D | M]

[2010/02/16 05:28:46 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Joel\AppData\Roaming\Mozilla\Extensions
[2010/02/16 05:28:46 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Joel\AppData\Roaming\Mozilla\Extensions\mozswing@mozswing.org
[2011/06/16 19:00:48 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Joel\AppData\Roaming\Mozilla\Firefox\Profiles\o38gkor2.default\extensions
[2011/05/15 14:40:09 | 000,000,000 | ---D | M] (Live HTTP Headers) -- C:\Users\Joel\AppData\Roaming\Mozilla\Firefox\Profiles\o38gkor2.default\extensions\{8f8fe09b-0bd3-4470-bc1b-8cad42b8203a}
[2010/08/31 16:06:36 | 000,000,000 | ---D | M] (gTranslate) -- C:\Users\Joel\AppData\Roaming\Mozilla\Firefox\Profiles\o38gkor2.default\extensions\{aff87fa2-a58e-4edd-b852-0a20203c1e17}
[2010/08/31 16:06:28 | 000,000,000 | ---D | M] (Password Exporter) -- C:\Users\Joel\AppData\Roaming\Mozilla\Firefox\Profiles\o38gkor2.default\extensions\{B17C1C5A-04B1-11DB-9804-B622A1EF5492}
[2011/06/08 23:36:05 | 000,000,000 | ---D | M] (Search Toolbar) -- C:\Users\Joel\AppData\Roaming\Mozilla\Firefox\Profiles\o38gkor2.default\extensions\searchtoolbar@zugo.com
[2011/06/08 23:36:07 | 000,001,919 | ---- | M] () -- C:\Users\Joel\AppData\Roaming\Mozilla\Firefox\Profiles\o38gkor2.default\searchplugins\bing-zugo.xml
[2007/05/23 08:03:04 | 000,000,884 | ---- | M] () -- C:\Users\Joel\AppData\Roaming\Mozilla\Firefox\Profiles\o38gkor2.default\searchplugins\OiNK.xml
[2011/06/17 14:35:50 | 000,002,307 | ---- | M] () -- C:\Users\Joel\AppData\Roaming\Mozilla\Firefox\Profiles\o38gkor2.default\searchplugins\rotten-tomatoes.xml
[2009/05/08 01:43:42 | 000,001,196 | ---- | M] () -- C:\Users\Joel\AppData\Roaming\Mozilla\Firefox\Profiles\o38gkor2.default\searchplugins\winamp-search.xml
[2011/05/08 10:51:45 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions
[2011/05/06 18:36:28 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}
[2011/05/08 10:51:45 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA}
File not found (No name found) --
[2010/05/17 13:51:47 | 000,000,000 | ---D | M] (Move Media Player) -- C:\USERS\JOEL\APPDATA\ROAMING\MOVE NETWORKS
() (No name found) -- C:\USERS\JOEL\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\O38GKOR2.DEFAULT\EXTENSIONS\{19503E42-CA3C-4C27-B1E2-9CDB2170EE34}.XPI
() (No name found) -- C:\USERS\JOEL\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\O38GKOR2.DEFAULT\EXTENSIONS\{46551EC9-40F0-4E47-8E18-8E5CF550CFB8}.XPI
() (No name found) -- C:\USERS\JOEL\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\O38GKOR2.DEFAULT\EXTENSIONS\{A0D7CCB3-214D-498B-B4AA-0E8FDA9A7BF7}.XPI
() (No name found) -- C:\USERS\JOEL\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\O38GKOR2.DEFAULT\EXTENSIONS\{D10D0BF8-F5B5-C8B4-A8B2-2B9879E08C5D}.XPI
() (No name found) -- C:\USERS\JOEL\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\O38GKOR2.DEFAULT\EXTENSIONS\{E4A8A97B-F2ED-450B-B12D-EE082BA24781}.XPI
[2011/05/05 16:22:48 | 000,142,296 | ---- | M] (Mozilla Foundation) -- C:\Program Files\Mozilla Firefox\components\browsercomps.dll
[2011/02/02 21:40:24 | 000,472,808 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\Mozilla Firefox\plugins\npdeployJava1.dll
[2011/06/09 01:41:56 | 000,001,919 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\bing-zugo.xml
[2011/05/05 16:22:51 | 000,002,252 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\bing.xml.old

O1 HOSTS File: ([2011/06/10 01:17:57 | 000,000,027 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O3 - HKU\.DEFAULT\..\Toolbar\WebBrowser: (no name) - {9D425283-D487-4337-BAB6-AB8354A81457} - No CLSID value found.
O3 - HKU\S-1-5-18\..\Toolbar\WebBrowser: (no name) - {9D425283-D487-4337-BAB6-AB8354A81457} - No CLSID value found.
O3 - HKU\S-1-5-21-3382357653-3275850264-2365083677-1001\..\Toolbar\WebBrowser: (no name) - {D4027C7F-154A-4066-A1AD-4243D8127440} - No CLSID value found.
O4 - HKLM..\Run: [CTHelper] C:\Windows\System32\CtHelper.exe (Creative Technology Ltd)
O4 - HKLM..\Run: [CTxfiHlp] C:\Windows\System32\Ctxfihlp.exe (Creative Technology Ltd)
O4 - HKLM..\Run: [egui] C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe (ESET)
O4 - HKLM..\Run: [Malwarebytes' Anti-Malware] C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe (Malwarebytes Corporation)
O4 - HKLM..\Run: [Malwarebytes' Anti-Malware (reboot)] C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe (Malwarebytes Corporation)
O4 - HKU\S-1-5-21-3382357653-3275850264-2365083677-1001..\Run: [DU Meter] C:\Program Files\DU Meter\DUMeter.exe (Hagel Technologies Ltd.)
O4 - HKU\S-1-5-21-3382357653-3275850264-2365083677-1001..\Run: [RESTART_STICKY_NOTES] C:\Windows\System32\StikyNot.exe (Microsoft Corporation)
O4 - HKU\S-1-5-21-3382357653-3275850264-2365083677-1001..\Run: [SandboxieControl] C:\Program Files\Sandboxie\SbieCtrl.exe (SANDBOXIE L.T.D)
O4 - HKU\S-1-5-21-3382357653-3275850264-2365083677-1001..\Run: [uTorrent] C:\Program Files\uTorrent\uTorrent.exe (BitTorrent, Inc.)
O4 - HKLM..\RunOnceEx: [Flags] Reg Error: Invalid data type. File not found
O4 - HKLM..\RunOnceEx: [Title] File not found
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O7 - HKU\.DEFAULT\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = [binary data]
O7 - HKU\S-1-5-18\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = [binary data]
O7 - HKU\S-1-5-19\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-20\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-21-3382357653-3275850264-2365083677-1001\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-21-3382357653-3275850264-2365083677-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O10 - NameSpace_Catalog5\Catalog_Entries\000000000005 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O16 - DPF: {814EA0DA-E0D9-4AA4-833C-A1A6D38E79E9} http://das.microsoft.com/activate/cab/x86/i486/NTANSI/retail/DASAct.cab (DASWebDownload Class)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cab (Java Plug-in 1.6.0_24)
O16 - DPF: {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cab (Java Plug-in 1.6.0_24)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cab (Java Plug-in 1.6.0_24)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\System32\SystemPropertiesPerformance.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (/pagefile) - File not found
O28 - HKLM ShellExecuteHooks: {AEB6717E-7E19-11d0-97EE-00C04FD91972} - Reg Error: Key error. File not found
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2009/06/10 14:42:20 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O34 - HKLM BootExecute: (autocheck autocheck ??) - File not found
O34 - HKLM BootExecute: (autocheck ???) - File not found
O34 - HKLM BootExecute: (autocheck ?_?_g) - File not found
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = ComFile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKU\S-1-5-21-3382357653-3275850264-2365083677-1001\...com [@ = comfile] -- Reg Error: Value error. File not found

========== Files/Folders - Created Within 30 Days ==========

[2011/06/21 23:19:11 | 000,579,072 | ---- | C] (OldTimer Tools) -- C:\Users\Joel\Desktop\OTL.exe
[2011/06/21 23:09:14 | 001,441,584 | ---- | C] (Kaspersky Lab ZAO) -- C:\Users\Joel\Desktop\TDSSKiller.exe
[2011/06/21 04:39:14 | 000,000,000 | ---D | C] -- C:\Users\Joel\AppData\Local\Apps
[2011/06/20 04:12:52 | 000,000,000 | ---D | C] -- C:\Program Files\DVBPortal
[2011/06/16 06:20:58 | 000,000,000 | ---D | C] -- C:\Users\Joel\Documents\RegRun2
[2011/06/16 06:20:46 | 000,000,000 | ---D | C] -- C:\Program Files\UnHackMe
[2011/06/16 03:40:49 | 000,000,000 | ---D | C] -- C:\ProgramData\Windows Genuine Advantage
[2011/06/16 03:28:59 | 000,000,000 | ---D | C] -- C:\Users\Joel\AppData\Local\Supremus Corporation
[2011/06/16 03:28:52 | 000,000,000 | ---D | C] -- C:\Program Files\Windows Updates Downloader
[2011/06/16 00:46:48 | 000,123,904 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\poqexec.exe
[2011/06/16 00:18:23 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\CCleaner
[2011/06/15 16:32:35 | 000,599,552 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msfeeds.dll
[2011/06/15 16:32:34 | 000,176,640 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieui.dll
[2011/06/15 16:32:31 | 000,048,128 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\jsproxy.dll
[2011/06/15 16:32:30 | 001,638,912 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mshtml.tlb
[2011/06/15 16:32:12 | 000,161,792 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\d3d10_1.dll
[2011/06/15 16:31:46 | 000,027,008 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\drivers\Diskdump.sys
[2011/06/12 14:48:57 | 000,039,984 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbamswissarmy.sys
[2011/06/12 14:48:57 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware
[2011/06/12 14:48:52 | 000,022,712 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbam.sys
[2011/06/10 01:23:39 | 000,000,000 | ---D | C] -- C:\Windows\temp
[2011/06/10 01:18:03 | 000,000,000 | ---D | C] -- C:\$RECYCLE.BIN
[2011/06/10 01:15:08 | 000,000,000 | ---D | C] -- C:\Users\Joel\AppData\Local\temp
[2011/06/09 22:30:33 | 000,000,000 | ---D | C] -- C:\ProgramData\SecTaskMan
[2011/06/09 08:02:40 | 000,000,000 | ---D | C] -- C:\Users\Joel\AppData\Roaming\FileMaker
[2011/06/09 07:09:48 | 000,000,000 | ---D | C] -- C:\Program Files\FileMaker
[2011/06/09 02:33:20 | 000,000,000 | ---D | C] -- C:\Users\Joel\AppData\Roaming\FileMaker Pro Advanced
[2011/06/09 02:31:34 | 000,000,000 | ---D | C] -- C:\Users\Joel\AppData\Local\FileMaker
[2011/06/09 02:31:23 | 000,000,000 | ---D | C] -- C:\Users\Joel\AppData\Roaming\Leadertech
[2011/06/09 00:29:32 | 000,000,000 | ---D | C] -- C:\Windows\Sun
[2011/06/08 22:30:44 | 000,000,000 | ---D | C] -- C:\Users\Joel\AppData\Roaming\PeerNetworking
[2011/06/07 02:05:05 | 000,000,000 | ---D | C] -- C:\ProgramData\Canopus
[2011/06/03 10:41:10 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Earth
[2011/05/24 16:32:21 | 000,000,000 | ---D | C] -- C:\Users\Joel\AppData\Local\Octoshape
[2011/05/24 08:06:15 | 000,000,000 | ---D | C] -- C:\Users\Joel\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Octoshape Streaming Services
[2011/05/24 08:06:08 | 000,000,000 | ---D | C] -- C:\Users\Joel\AppData\Roaming\Octoshape
[2011/05/24 01:29:14 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\calibre - E-book Management
[2011/02/22 18:57:40 | 000,266,240 | ---- | C] (Intel Corporation) -- C:\Users\Joel\AppData\Local\ocarizevul.dll
[2010/01/27 04:19:20 | 000,047,360 | ---- | C] (VSO Software) -- C:\Users\Joel\AppData\Roaming\pcouffin.sys
[2009/03/04 13:46:18 | 000,010,752 | ---- | C] ( ) -- C:\Windows\System32\a3d.dll
[2009/03/04 13:25:42 | 000,010,240 | ---- | C] ( ) -- C:\Windows\System32\killapps.exe

========== Files - Modified Within 30 Days ==========

[2011/06/21 23:19:11 | 000,579,072 | ---- | M] (OldTimer Tools) -- C:\Users\Joel\Desktop\OTL.exe
[2011/06/21 23:19:03 | 038,774,550 | ---- | M] () -- C:\Users\Joel\Desktop\2011.Wimbledon.Roger.Federer.Tennischannel.Interview.June22.mkv
[2011/06/21 23:15:30 | 000,139,264 | ---- | M] () -- C:\Users\Joel\Desktop\RKUnhookerLE.EXE
[2011/06/21 22:46:00 | 000,000,904 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-3382357653-3275850264-2365083677-1001UA.job
[2011/06/21 22:37:00 | 000,000,882 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2011/06/21 18:52:20 | 000,017,136 | ---- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2011/06/21 18:52:20 | 000,017,136 | ---- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2011/06/21 18:47:20 | 000,002,498 | ---- | M] () -- C:\Windows\System32\tversity.cookies
[2011/06/21 18:47:20 | 000,000,878 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2011/06/21 18:46:55 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2011/06/21 18:46:53 | 2414,473,216 | -HS- | M] () -- C:\hiberfil.sys
[2011/06/21 10:03:13 | 000,032,448 | ---- | M] () -- C:\Windows\System32\BMXStateBkp-{00000004-00000000-00000002-00001102-00000004-10031102}.rfx
[2011/06/21 10:03:13 | 000,032,448 | ---- | M] () -- C:\Windows\System32\BMXState-{00000004-00000000-00000002-00001102-00000004-10031102}.rfx
[2011/06/21 10:03:13 | 000,031,680 | ---- | M] () -- C:\Windows\System32\BMXCtrlState-{00000004-00000000-00000002-00001102-00000004-10031102}.rfx
[2011/06/21 10:03:13 | 000,031,680 | ---- | M] () -- C:\Windows\System32\BMXBkpCtrlState-{00000004-00000000-00000002-00001102-00000004-10031102}.rfx
[2011/06/21 10:03:13 | 000,011,564 | ---- | M] () -- C:\Windows\System32\DVCState-{00000004-00000000-00000002-00001102-00000004-10031102}.rfx
[2011/06/21 08:59:34 | 000,000,852 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-3382357653-3275850264-2365083677-1001Core.job
[2011/06/21 00:12:48 | 000,635,002 | ---- | M] () -- C:\Windows\System32\perfh009.dat
[2011/06/21 00:12:48 | 000,111,300 | ---- | M] () -- C:\Windows\System32\perfc009.dat
[2011/06/17 14:56:54 | 000,000,129 | ---- | M] () -- C:\Users\Joel\jagex_runescape_preferences2.dat
[2011/06/17 14:56:54 | 000,000,046 | ---- | M] () -- C:\Users\Joel\jagex_runescape_preferences.dat
[2011/06/16 15:28:52 | 001,441,584 | ---- | M] (Kaspersky Lab ZAO) -- C:\Users\Joel\Desktop\TDSSKiller.exe
[2011/06/16 07:34:45 | 000,001,722 | ---- | M] () -- C:\Windows\Sandboxie.ini
[2011/06/16 06:21:00 | 000,002,577 | ---- | M] () -- C:\Windows\System32\config.nt
[2011/06/16 06:21:00 | 000,001,688 | ---- | M] () -- C:\Windows\System32\autoexec.nt
[2011/06/16 06:21:00 | 000,000,002 | RHS- | M] () -- C:\Windows\winstart.bat
[2011/06/15 04:13:05 | 000,000,000 | ---- | M] () -- C:\Windows\System32\AU
[2011/06/14 23:34:38 | 000,404,640 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\System32\FlashPlayerCPLApp.cpl
[2011/06/13 17:50:34 | 000,000,176 | ---- | M] () -- C:\Users\Joel\defogger_reenable
[2011/06/10 07:07:39 | 000,053,248 | ---- | M] () -- C:\Users\Joel\Documents\invoice - Copy.fp7
[2011/06/10 01:17:57 | 000,000,027 | ---- | M] () -- C:\Windows\System32\drivers\etc\hosts
[2011/06/09 08:03:32 | 000,001,322 | ---- | M] () -- C:\Users\Joel\Application Data\Microsoft\Internet Explorer\Quick Launch\Launch FileMaker Pro Advanced.lnk
[2011/06/09 01:39:04 | 000,000,120 | ---- | M] () -- C:\Users\Joel\AppData\Local\Jjitulasejadaz.dat
[2011/06/09 01:13:56 | 000,000,000 | ---- | M] () -- C:\Users\Joel\AppData\Local\Tbacodobuvogep.bin
[2011/06/09 00:05:19 | 000,068,116 | ---- | M] () -- C:\Users\Joel\AppData\Local\RAContactHistory.xml
[2011/06/08 18:03:44 | 000,052,736 | ---- | M] () -- C:\Users\Joel\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2011/06/05 11:17:38 | 000,000,085 | -HS- | M] () -- C:\ProgramData\.zreglib
[2011/06/02 06:01:22 | 000,000,120 | ---- | M] () -- C:\Users\Joel\AppData\Roaming\FixVTS.ini
[2011/05/29 09:11:30 | 000,039,984 | ---- | M] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbamswissarmy.sys
[2011/05/29 09:11:20 | 000,022,712 | ---- | M] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbam.sys
[2011/05/27 19:53:58 | 001,638,912 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\mshtml.tlb
[2011/05/24 19:14:10 | 000,222,080 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\MpSigStub.exe

========== Files Created - No Company Name ==========

[2011/06/21 23:16:36 | 038,774,550 | ---- | C] () -- C:\Users\Joel\Desktop\2011.Wimbledon.Roger.Federer.Tennischannel.Interview.June22.mkv
[2011/06/21 23:15:29 | 000,139,264 | ---- | C] () -- C:\Users\Joel\Desktop\RKUnhookerLE.EXE
[2011/06/21 02:25:31 | 008,108,325 | ---- | C] () -- C:\Users\Joel\Desktop\My Life And Game.pdf
[2011/06/20 04:12:52 | 000,002,933 | ---- | C] () -- C:\Users\Joel\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\TSConverter.lnk
[2011/06/16 06:21:00 | 000,000,002 | RHS- | C] () -- C:\Windows\winstart.bat
[2011/06/15 04:13:05 | 000,000,000 | ---- | C] () -- C:\Windows\System32\AU
[2011/06/15 02:16:35 | 000,002,441 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Reader X.lnk
[2011/06/13 17:50:11 | 000,000,176 | ---- | C] () -- C:\Users\Joel\defogger_reenable
[2011/06/10 07:11:27 | 000,053,248 | ---- | C] () -- C:\Users\Joel\Documents\invoice - Copy.fp7
[2011/06/09 08:03:32 | 000,001,322 | ---- | C] () -- C:\Users\Joel\Application Data\Microsoft\Internet Explorer\Quick Launch\Launch FileMaker Pro Advanced.lnk
[2011/06/09 08:03:26 | 000,002,717 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\FileMaker Pro Advanced.lnk
[2011/06/08 23:36:15 | 000,000,120 | ---- | C] () -- C:\Users\Joel\AppData\Local\Jjitulasejadaz.dat
[2011/06/08 23:36:15 | 000,000,000 | ---- | C] () -- C:\Users\Joel\AppData\Local\Tbacodobuvogep.bin
[2011/06/08 22:50:16 | 000,001,136 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\TeamViewer 6.lnk
[2011/06/08 22:31:00 | 000,068,116 | ---- | C] () -- C:\Users\Joel\AppData\Local\RAContactHistory.xml
[2011/04/18 00:13:38 | 000,000,362 | RHS- | C] () -- C:\ProgramData\ntuser.pol
[2011/02/22 18:58:50 | 000,080,896 | ---- | C] () -- C:\Windows\System32\RDVGHelper.exe
[2011/02/22 18:55:31 | 000,066,048 | ---- | C] () -- C:\Windows\System32\PrintBrmUi.exe
[2011/02/01 16:48:06 | 000,819,200 | ---- | C] () -- C:\Windows\System32\xvidcore.dll
[2011/02/01 16:48:06 | 000,180,224 | ---- | C] () -- C:\Windows\System32\xvidvfw.dll
[2010/12/06 06:58:56 | 002,496,715 | ---- | C] () -- C:\Windows\System32\abgx360.exe
[2010/11/03 04:01:45 | 000,354,304 | ---- | C] () -- C:\Windows\System32\pythoncom27.dll
[2010/11/03 04:01:45 | 000,110,592 | ---- | C] () -- C:\Windows\System32\pywintypes27.dll
[2010/09/29 17:51:59 | 000,000,043 | ---- | C] () -- C:\Windows\MezzmoMediaServer.INI
[2010/09/13 16:45:57 | 000,002,727 | ---- | C] () -- C:\Windows\System32\SpoonUninstall-dBpoweramp DirectShow Decoder.dat
[2010/09/10 13:16:18 | 000,000,559 | ---- | C] () -- C:\Users\Joel\AppData\Roaming\AutoGK.ini
[2010/08/27 22:36:01 | 000,003,173 | ---- | C] () -- C:\Windows\System32\SpoonUninstall-dBpoweramp Windows Media Audio 10 Codec.dat
[2010/08/23 18:32:02 | 000,000,085 | -HS- | C] () -- C:\ProgramData\.zreglib
[2010/07/21 19:05:23 | 000,000,049 | ---- | C] () -- C:\Windows\CoolRead.ini
[2010/07/13 03:18:40 | 000,003,610 | ---- | C] () -- C:\Windows\System32\SpoonUninstall-dBpoweramp m4a Nero AAC Encoder.dat
[2010/07/13 03:18:24 | 000,003,280 | ---- | C] () -- C:\Windows\System32\SpoonUninstall-dBpoweramp m4a Codec.dat
[2010/07/13 03:18:10 | 000,003,164 | ---- | C] () -- C:\Windows\System32\SpoonUninstall-dBpoweramp m4a Utilities.dat
[2010/07/13 03:14:02 | 000,003,317 | ---- | C] () -- C:\Windows\System32\SpoonUninstall-dBpoweramp AAC Encoder.dat
[2010/07/13 03:09:16 | 000,002,433 | ---- | C] () -- C:\Windows\System32\SpoonUninstall-dBpoweramp Batch Ripper.dat
[2010/07/13 03:09:02 | 000,005,877 | ---- | C] () -- C:\Windows\System32\SpoonUninstall-dBpoweramp CD Writer.dat
[2010/07/13 03:08:07 | 000,012,485 | ---- | C] () -- C:\Windows\System32\SpoonUninstall-dBpoweramp DSP Effects.dat
[2010/07/13 03:07:58 | 000,229,752 | ---- | C] () -- C:\Windows\System32\SpoonUninstall.exe
[2010/07/13 03:07:58 | 000,015,596 | ---- | C] () -- C:\Windows\System32\SpoonUninstall-dBpoweramp Music Converter.dat
[2010/07/12 23:35:46 | 000,000,046 | ---- | C] () -- C:\Windows\System32\DonationCoder_urlsnooper_InstallInfo.dat
[2010/06/25 00:01:32 | 000,037,270 | ---- | C] () -- C:\Windows\System32\OggDSUninst.exe
[2010/06/24 22:55:13 | 000,165,368 | ---- | C] () -- C:\Windows\Video Cleaner Pro Uninstaller.exe
[2010/06/02 02:07:26 | 000,000,092 | ---- | C] () -- C:\Users\Joel\AppData\Local\fusioncache.dat
[2010/05/27 16:31:28 | 000,000,177 | ---- | C] () -- C:\Windows\wininit.ini
[2010/04/27 03:11:54 | 000,000,050 | ---- | C] () -- C:\Windows\MegaManager.INI
[2010/04/22 23:34:00 | 000,001,722 | ---- | C] () -- C:\Windows\Sandboxie.ini
[2010/04/08 18:04:42 | 000,000,120 | ---- | C] () -- C:\Users\Joel\AppData\Roaming\FixVTS.ini
[2010/03/23 03:34:40 | 000,000,918 | ---- | C] () -- C:\Users\Joel\AppData\Roaming\coreavc.ini
[2010/03/11 22:24:08 | 000,000,033 | ---- | C] () -- C:\Windows\DownloadStudioScheduleMonitor.INI
[2010/03/05 13:18:29 | 000,001,189 | ---- | C] () -- C:\Users\Joel\AppData\Roaming\vso_ts_preview.xml
[2010/02/03 07:56:52 | 000,146,432 | ---- | C] () -- C:\Windows\System32\APOMngr.DLL
[2010/02/03 07:56:52 | 000,072,704 | ---- | C] () -- C:\Windows\System32\CmdRtr.DLL
[2010/01/27 04:19:20 | 000,007,887 | ---- | C] () -- C:\Users\Joel\AppData\Roaming\pcouffin.cat
[2010/01/27 04:19:20 | 000,001,144 | ---- | C] () -- C:\Users\Joel\AppData\Roaming\pcouffin.inf
[2010/01/12 15:44:28 | 000,034,308 | ---- | C] () -- C:\Windows\System32\BASSMOD.dll
[2010/01/04 19:10:58 | 000,327,168 | ---- | C] () -- C:\Windows\System32\cutil32.dll
[2010/01/03 02:39:35 | 000,052,736 | ---- | C] () -- C:\Users\Joel\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2010/01/03 00:23:59 | 000,007,680 | ---- | C] () -- C:\Windows\System32\ff_vfw.dll
[2009/12/31 21:45:20 | 000,007,601 | ---- | C] () -- C:\Users\Joel\AppData\Local\Resmon.ResmonCfg
[2009/12/31 21:13:36 | 000,000,000 | ---- | C] () -- C:\Windows\ativpsrm.bin
[2009/12/31 21:13:36 | 000,000,000 | ---- | C] () -- C:\Windows\System32\atiicdxx.dat
[2009/10/20 11:19:30 | 000,053,299 | ---- | C] () -- C:\Windows\System32\pthreadVC.dll
[2009/07/13 21:57:37 | 000,067,584 | --S- | C] () -- C:\Windows\bootstat.dat
[2009/07/13 21:33:53 | 003,772,984 | ---- | C] () -- C:\Windows\System32\FNTCACHE.DAT
[2009/07/13 19:05:48 | 000,635,002 | ---- | C] () -- C:\Windows\System32\perfh009.dat
[2009/07/13 19:05:48 | 000,291,294 | ---- | C] () -- C:\Windows\System32\perfi009.dat
[2009/07/13 19:05:48 | 000,111,300 | ---- | C] () -- C:\Windows\System32\perfc009.dat
[2009/07/13 19:05:48 | 000,031,548 | ---- | C] () -- C:\Windows\System32\perfd009.dat
[2009/07/13 19:05:05 | 000,000,741 | ---- | C] () -- C:\Windows\System32\NOISE.DAT
[2009/07/13 19:04:11 | 000,215,943 | ---- | C] () -- C:\Windows\System32\dssec.dat
[2009/07/13 16:55:01 | 000,043,131 | ---- | C] () -- C:\Windows\mib.bin
[2009/07/13 16:51:43 | 000,073,728 | ---- | C] () -- C:\Windows\System32\BthpanContextHandler.dll
[2009/07/13 16:42:10 | 000,064,000 | ---- | C] () -- C:\Windows\System32\BWContextHandler.dll
[2009/07/13 16:11:12 | 000,151,808 | ---- | C] () -- C:\Windows\System32\bezitfox.dat
[2009/07/13 16:11:12 | 000,136,960 | ---- | C] () -- C:\Windows\System32\qxhxxsyx.dat
[2009/07/13 16:11:12 | 000,034,048 | ---- | C] () -- C:\Windows\System32\cgndrihq.dat
[2009/06/10 14:26:10 | 000,673,088 | ---- | C] () -- C:\Windows\System32\mlang.dat
[2009/03/14 20:12:45 | 000,131,072 | ---- | C] () -- C:\Windows\System32\ms-lcoordm.dll
[2009/03/04 14:15:26 | 000,049,697 | ---- | C] () -- C:\Windows\System32\instwdm.ini
[2009/03/04 14:15:24 | 000,000,054 | ---- | C] () -- C:\Windows\System32\ctzapxx.ini
[2009/03/04 13:47:28 | 000,043,520 | ---- | C] () -- C:\Windows\System32\CTBurst.dll
[2009/03/04 13:45:38 | 000,037,888 | ---- | C] () -- C:\Windows\System32\psconv.exe
[2009/03/04 13:33:58 | 000,386,852 | ---- | C] () -- C:\Windows\System32\ctdnlstr.dat
[2009/03/04 13:33:58 | 000,051,787 | ---- | C] () -- C:\Windows\System32\ctdlang.dat
[2009/03/04 13:28:54 | 000,013,312 | ---- | C] () -- C:\Windows\System32\regplib.exe
[2009/03/04 13:28:12 | 000,149,838 | ---- | C] () -- C:\Windows\System32\ctbas2w.dat
[2009/03/04 13:26:24 | 000,274,587 | ---- | C] () -- C:\Windows\System32\ctsbas2w.dat
[2009/03/04 13:25:50 | 000,313,207 | ---- | C] () -- C:\Windows\System32\ctstatic.dat
[2009/03/04 13:25:50 | 000,053,932 | ---- | C] () -- C:\Windows\System32\ctdaught.dat
[2009/03/04 13:25:48 | 000,005,120 | ---- | C] () -- C:\Windows\System32\enlocstr.exe
[2008/04/22 18:28:38 | 000,009,841 | ---- | C] () -- C:\Windows\System32\mswlnoorem.dll
[2007/08/13 21:45:02 | 000,077,824 | ---- | C] () -- C:\Windows\System32\ctmmactl.dll
[2007/04/12 09:10:28 | 000,105,728 | ---- | C] () -- C:\Windows\System32\APOMgrH.dll
[2007/04/09 13:19:36 | 000,241,084 | ---- | C] () -- C:\Windows\System32\CTSBASW.DAT
[2007/04/09 13:19:36 | 000,115,166 | ---- | C] () -- C:\Windows\System32\CTBASICW.DAT
[2006/10/02 18:25:18 | 000,000,307 | ---- | C] () -- C:\Windows\System32\kill.ini
[2003/09/16 08:52:28 | 000,147,456 | ---- | C] () -- C:\Windows\System32\vorbis.dll
[2003/09/16 08:43:31 | 000,884,736 | ---- | C] () -- C:\Windows\System32\vorbisenc.dll
[2003/09/16 08:41:43 | 000,045,056 | ---- | C] () -- C:\Windows\System32\ogg.dll
[2002/10/15 15:54:04 | 000,153,088 | ---- | C] () -- C:\Windows\System32\unrar.dll
[1996/04/03 12:33:26 | 000,005,248 | ---- | C] () -- C:\Windows\System32\giveio.sys

========== Alternate Data Streams ==========

@Alternate Data Stream - 368 bytes -> C:\Users\Joel\AppData\Local\desktop.ini:722b2b1c349a06abf0e866180e5a7e63
@Alternate Data Stream - 203 bytes -> C:\ProgramData\TEMP:E6E3D650
@Alternate Data Stream - 154 bytes -> C:\ProgramData\TEMP:D1B5B4F1

< End of report >

OTL Extras logfile created on: 6/21/2011 11:21:27 PM - Run 1
OTL by OldTimer - Version 3.2.24.1 Folder = C:\Users\Joel\Desktop
Ultimate Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 8.0.7601.17514)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

3.00 Gb Total Physical Memory | 1.69 Gb Available Physical Memory | 56.20% Memory free
5.99 Gb Paging File | 4.75 Gb Available in Paging File | 79.33% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 149.00 Gb Total Space | 46.97 Gb Free Space | 31.53% Space Free | Partition Type: NTFS
Drive D: | 279.44 Gb Total Space | 54.92 Gb Free Space | 19.65% Space Free | Partition Type: NTFS

Computer Name: JOEL-PC | User Name: Joel | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Extra Registry (SafeList) ==========


========== File Associations ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\System32\control.exe (Microsoft Corporation)
.hlp [@ = hlpfile] -- C:\Windows\winhlp32.exe (Microsoft Corporation)

[HKEY_USERS\S-1-5-21-3382357653-3275850264-2365083677-1001\SOFTWARE\Classes\<extension>]
.bat [@ = batfile] -- Reg Error: Value error. File not found
.cmd [@ = cmdfile] -- Reg Error: Value error. File not found
.com [@ = comfile] -- Reg Error: Value error. File not found
.html [@ = FirefoxHTML] -- C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation)
.pif [@ = piffile] -- Reg Error: Value error. File not found
.vbs [@ = VBSFile] -- Reg Error: Value error. File not found

========== Shell Spawning ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
hlpfile [open] -- %SystemRoot%\winhlp32.exe %1 (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [AddToPlaylistVLC] -- "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" ()
Directory [Browse with &IrfanView] -- "C:\Program Files\IrfanView\i_view32.exe" "%1 /thumbs" (Irfan Skiljan)
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [MediaMonkey.1Play] -- "C:\Program Files\MediaMonkey\MediaMonkey.exe" "%1" (Ventis Media Inc.)
Directory [MediaMonkey.2PlayNext] -- "C:\Program Files\MediaMonkey\MediaMonkey.exe" /NEXT "%1" (Ventis Media Inc.)
Directory [MediaMonkey.3Enqueue] -- "C:\Program Files\MediaMonkey\MediaMonkey.exe" /ADD "%1" (Ventis Media Inc.)
Directory [PlayWithVLC] -- "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" ()
Directory [TVersity] -- "C:\ProgramData\TVersity\Media Server\GUILaunch.exe" -type "folder" -url "%1" -title "" -tags "" ()
Directory [Winamp.Bookmark] -- "C:\Program Files\Winamp\winamp.exe" /BOOKMARK "%1" (Nullsoft, Inc.)
Directory [Winamp.Enqueue] -- "C:\Program Files\Winamp\winamp.exe" /ADD "%1" (Nullsoft, Inc.)
Directory [Winamp.Play] -- "C:\Program Files\Winamp\winamp.exe" "%1" (Nullsoft, Inc.)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

========== Security Center Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1
"FirewallDisableNotify" = 0
"AntiVirusDisableNotify" = 0
"UpdatesDisableNotify" = 0

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"VistaSp1" = Reg Error: Unknown registry data type -- File not found
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]

========== System Restore Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]
"DisableSR" = 0

========== Firewall Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile]

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\StandardProfile]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
"DoNotAllowExceptions" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1

========== Authorized Applications List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"C:\Program Files\River Past\Video Cleaner Pro\VideoCleaner.exe" = C:\Program Files\River Past\Video Cleaner Pro\VideoCleaner.exe:*:Enabled:River Past Video Cleaner Pro -- (River Past Corporation)


========== HKEY_LOCAL_MACHINE Uninstall List ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{002D9D5E-29BA-3E6D-9BC4-3D7D6DBC735C}" = Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148
"{033E378E-6AD3-4AD5-BDEB-CBD69B31046C}" = Microsoft_VC90_ATL_x86
"{0761C9A8-8F3A-4216-B4A7-B7AFBF24A24A}" = HiJackThis
"{08D2E121-7F6A-43EB-97FD-629B44903403}" = Microsoft_VC90_CRT_x86
"{0F3647F8-E51D-4FCC-8862-9A8D0C5ACF25}" = Microsoft_VC80_ATL_x86
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{20c31435-2a0a-4580-be8b-ac06fc243ca4}" = Python 2.7
"{21AE04E8-EBF6-40DB-9AA9-B7A80C5D057D}" = mkv2vob
"{2624B969-7135-4EB1-B0F6-2D8C397B45F7}_is1" = Media Player Classic - Home Cinema v1.4.2499.0
"{26A24AE4-039D-4CA4-87B4-2F83216017FF}" = Java™ 6 Update 24
"{2A981294-F14C-4F0F-9627-D793270922F8}" = Bonjour
"{2F8BA3FD-1FA9-4279-B696-712ABB12F09F}" = SmartSound Quicktracks 5
"{308B6AEA-DE50-4666-996D-0FA461719D6B}" = Apple Mobile Device Support
"{342126E1-173C-4585-BFBE-3EBDD20E3E9E}" = Mobipocket Reader 6.2
"{3C3901C5-3455-3E0A-A214-0B093A5070A6}" = Microsoft .NET Framework 4 Client Profile
"{47FDEFC7-BFE6-FD75-41D1-28DD572BD2D9}" = ATI Catalyst Install Manager
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{584A1ECC-00AB-4FCC-B6AE-172741F32ABC}_is1" = DVD Rebuilder
"{635FED5B-2C6D-49BE-87E6-7A6FCD22BC5A}" = Microsoft_VC90_MFC_x86
"{69FDFBB6-351D-4B8C-89D8-867DC9D0A2A4}" = Windows Media Player Firefox Plugin
"{6A70D9E8-C51B-4196-BD1F-137E6EF6AEBB}" = Canopus ProCoder 2
"{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable
"{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
"{84DDA651-FA15-4DF2-8AE8-E98FA329B1CD}" = System Requirements Lab for Intel
"{86CE85E6-DBAC-3FFD-B977-E4B79F83C909}" = Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570
"{870815CA-6B60-47B6-88DD-A67F42D2F03E}" = GPL MPEG-1/2 DirectShow Decoder Filter
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8C20787A-7402-4FA7-BF25-6E5750930FDC}" = PowerDVD
"{8D273DE5-ABFA-4BD0-A9D7-EE9C971438C4}_is1" = PDF-Viewer
"{90120000-0015-0409-0000-0000000FF1CE}" = Microsoft Office Access MUI (English) 2007
"{90120000-0015-0409-0000-0000000FF1CE}_ENTERPRISE_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = 2007 Microsoft Office Suite Service Pack 2 (SP2)
"{90120000-0016-0409-0000-0000000FF1CE}" = Microsoft Office Excel MUI (English) 2007
"{90120000-0016-0409-0000-0000000FF1CE}_ENTERPRISE_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = 2007 Microsoft Office Suite Service Pack 2 (SP2)
"{90120000-0018-0409-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (English) 2007
"{90120000-0018-0409-0000-0000000FF1CE}_ENTERPRISE_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = 2007 Microsoft Office Suite Service Pack 2 (SP2)
"{90120000-0019-0409-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (English) 2007
"{90120000-0019-0409-0000-0000000FF1CE}_ENTERPRISE_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = 2007 Microsoft Office Suite Service Pack 2 (SP2)
"{90120000-001A-0409-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (English) 2007
"{90120000-001A-0409-0000-0000000FF1CE}_ENTERPRISE_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = 2007 Microsoft Office Suite Service Pack 2 (SP2)
"{90120000-001B-0409-0000-0000000FF1CE}" = Microsoft Office Word MUI (English) 2007
"{90120000-001B-0409-0000-0000000FF1CE}_ENTERPRISE_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = 2007 Microsoft Office Suite Service Pack 2 (SP2)
"{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007
"{90120000-001F-0409-0000-0000000FF1CE}_ENTERPRISE_{ABDDE972-355B-4AF1-89A8-DA50B7B5C045}" = 2007 Microsoft Office Suite Service Pack 2 (SP2)
"{90120000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2007
"{90120000-001F-040C-0000-0000000FF1CE}_ENTERPRISE_{F580DDD5-8D37-4998-968E-EBB76BB86787}" = 2007 Microsoft Office Suite Service Pack 2 (SP2)
"{90120000-001F-0C0A-0000-0000000FF1CE}" = Microsoft Office Proof (Spanish) 2007
"{90120000-001F-0C0A-0000-0000000FF1CE}_ENTERPRISE_{187308AB-5FA7-4F14-9AB9-D290383A10D9}" = 2007 Microsoft Office Suite Service Pack 2 (SP2)
"{90120000-002C-0409-0000-0000000FF1CE}" = Microsoft Office Proofing (English) 2007
"{90120000-0030-0000-0000-0000000FF1CE}" = Microsoft Office Enterprise 2007
"{90120000-0030-0000-0000-0000000FF1CE}_ENTERPRISE_{0B36C6D6-F5D8-4EAF-BF94-4376A230AD5B}" = 2007 Microsoft Office Suite Service Pack 2 (SP2)
"{90120000-0030-0000-0000-0000000FF1CE}_ENTERPRISE_{3D019598-7B59-447A-80AE-815B703B84FF}" = Security Update for Microsoft Office system 2007 (972581)
"{90120000-0044-0409-0000-0000000FF1CE}" = Microsoft Office InfoPath MUI (English) 2007
"{90120000-0044-0409-0000-0000000FF1CE}_ENTERPRISE_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = 2007 Microsoft Office Suite Service Pack 2 (SP2)
"{90120000-006E-0409-0000-0000000FF1CE}" = Microsoft Office Shared MUI (English) 2007
"{90120000-006E-0409-0000-0000000FF1CE}_ENTERPRISE_{DE5A002D-8122-4278-A7EE-3121E7EA254E}" = 2007 Microsoft Office Suite Service Pack 2 (SP2)
"{90120000-00A1-0409-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (English) 2007
"{90120000-00A1-0409-0000-0000000FF1CE}_ENTERPRISE_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = 2007 Microsoft Office Suite Service Pack 2 (SP2)
"{90120000-00BA-0409-0000-0000000FF1CE}" = Microsoft Office Groove MUI (English) 2007
"{90120000-00BA-0409-0000-0000000FF1CE}_ENTERPRISE_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = 2007 Microsoft Office Suite Service Pack 2 (SP2)
"{90120000-0114-0409-0000-0000000FF1CE}" = Microsoft Office Groove Setup Metadata MUI (English) 2007
"{90120000-0114-0409-0000-0000000FF1CE}_ENTERPRISE_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = 2007 Microsoft Office Suite Service Pack 2 (SP2)
"{90120000-0115-0409-0000-0000000FF1CE}" = Microsoft Office Shared Setup Metadata MUI (English) 2007
"{90120000-0115-0409-0000-0000000FF1CE}_ENTERPRISE_{DE5A002D-8122-4278-A7EE-3121E7EA254E}" = 2007 Microsoft Office Suite Service Pack 2 (SP2)
"{90120000-0117-0409-0000-0000000FF1CE}" = Microsoft Office Access Setup Metadata MUI (English) 2007
"{90120000-0117-0409-0000-0000000FF1CE}_ENTERPRISE_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = 2007 Microsoft Office Suite Service Pack 2 (SP2)
"{92D58719-BBC1-4CC3-A08B-56C9E884CC2C}" = Microsoft_VC80_CRT_x86
"{95120000-00B9-0409-0000-0000000FF1CE}" = Microsoft Application Error Reporting
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{AC76BA86-7AD7-1033-7B44-AA1000000001}" = Adobe Reader X (10.1.0)
"{AFE499B5-FCC4-45E6-A1A5-3C51AE0E539B}" = Mobipocket Creator 4.2
"{AFF7E080-1974-45BF-9310-10DE1A1F5ED0}" = Adobe AIR
"{B0255743-165B-4BD5-8DA8-37DFB9930015}" = Norton Ghost
"{B0B46A1F-EC96-44A4-A9FB-62FE33BAF7DE}" = Rapidshare Auto Downloader 4.1
"{B3FED300-806C-11E0-A0D0-B8AC6F97B88E}" = Google Earth
"{B4092C6D-E886-4CB2-BA68-FE5A88D31DE6}_is1" = Spybot - Search & Destroy
"{B6D38690-755E-4F40-A35A-23F8BC2B86AC}" = Microsoft_VC90_MFCLOC_x86
"{B763CDE9-3E9C-4F19-BCAF-773D48ECD9F1}" = DownloadStudio
"{B8A2869E-30CA-40C5-9CF8-BD7354E57EF8}" = SmartSound Common Data
"{C41300B9-185D-475E-BFEC-39EF732F19B1}" = Apple Software Update
"{C53BECC0-C579-44F8-A995-E97FACB04DFC}" = FileMaker Pro 11 Advanced
"{C53BECC0-C579-44F8-A995-E97FACB04DFC}_FileMaker" = FileMaker Pro 11 Advanced
"{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}" = Microsoft .NET Framework 1.1
"{D02EDDE7-B5C5-40A2-AF57-73A3278F4EEB}" = ESET NOD32 Antivirus
"{D0957BCD-AE33-42B1-82F6-B2D4B3C6E2A4}" = Diskeeper 2010
"{D1A19B02-817E-4296-A45B-07853FD74D57}" = Microsoft_VC80_MFC_x86
"{D1FDF320-7B11-4D60-B058-FB950C240CD9}" = DownloadStudio
"{D3673B4D-438B-4E74-9A74-E9E9583B14A5}" = calibre
"{D92BBB52-82FF-42ED-8A3C-4E062F944AB7}" = Microsoft_VC80_MFCLOC_x86
"{DB6AB705-C9BD-40E3-8929-2EA57F36A4FF}_is1" = ConvertXtoDVD 4.0.12.327
"{DE1DDAC8-0451-4F16-B63D-B72FBCBC9BF6}" = Febooti fileTweak Hash and CRC
"{DEC235ED-58A4-4517-A278-C41E8DAEAB3B}" = CyberLink PowerDVD 10
"{E7004147-2CCA-431C-AA05-2AB166B9785D}" = QuickTime
"{EE6097DD-05F4-4178-9719-D3170BF098E8}" = Apple Application Support
"{F40BBEC7-C2A4-4A00-9B24-7A055A2C5262}" = Microsoft Office Live Add-in 1.5
"{FA61D601-A0FC-48BD-AE7A-54946BCD7FB6}_is1" = BitPim 1.0.7
"{FAE36873-1941-4076-A9A5-48812B5EA0B7}" = iTunes
"{FC6B78BE-922F-45D4-9D47-D10C494658F6}" = TSConverter
"{FE0646A7-19D0-41B4-A2BB-2C35D644270D}" = Windows Live OneCare safety scanner
"4092-2816-3317-2888" = MarkelSoft Dupe Eliminator for iTunes 9.2
"7-Zip" = 7-Zip 4.65
"8461-7759-5462-8226" = Vuze
"A24B23EB-0632-4D92-B087-011CAE348023" = Sigil
"abgx360" = abgx360 v1.0.5
"AC3File_is1" = AC3File 0.6b
"AC3Filter_is1" = AC3Filter 1.63b
"Adobe AIR" = Adobe AIR
"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin
"All ATI Software" = ATI - Software Uninstall Utility
"Any Video Converter_is1" = Any Video Converter 3.2.2
"AudioCS" = Creative Audio Console
"AutoGK" = Auto Gordian Knot 2.55
"Avidemux 2.5" = Avidemux 2.5
"AviSynth" = AviSynth 2.5
"BeLight" = BeLight
"Bitrate Viewer" = Bitrate Viewer 2.1.1
"Briz Video Joiner_is1" = Briz Video Joiner
"CCleaner" = CCleaner
"CDisplay_is1" = CDisplay 1.8
"Cinema Craft Encoder SP2" = Cinema Craft Encoder SP2
"CloneDVD2" = CloneDVD2
"Combined Community Codec Pack_is1" = Combined Community Codec Pack 2009-09-09
"CoreAVC Professional Edition" = CoreAVC Professional Edition (remove only)
"dBpoweramp AAC Encoder" = dBpoweramp AAC Encoder
"dBpoweramp Batch Ripper" = dBpoweramp Batch Ripper
"dBpoweramp CD Writer" = dBpoweramp CD Writer
"dBpoweramp DirectShow Decoder" = dBpoweramp DirectShow Decoder
"dBpoweramp DSP Effects" = dBpoweramp DSP Effects
"dBpoweramp m4a Codec" = dBpoweramp m4a Codec
"dBpoweramp m4a Nero AAC Encoder" = dBpoweramp m4a Nero AAC Encoder
"dBpoweramp m4a Utilities" = dBpoweramp m4a Utilities
"dBpoweramp Music Converter" = dBpoweramp Music Converter
"dBpoweramp Windows Media Audio 10 Codec" = dBpoweramp Windows Media Audio 10 Codec
"DUMeter3_is1" = DU Meter
"DVD Decrypter" = DVD Decrypter (Remove Only)
"DVD Identifier_is1" = DVD Identifier
"DVD Shrink_is1" = DVD Shrink 3.2
"DVDFab 6_is1" = DVDFab 6.1.2.0 (23/10/2009)
"DVDInfoPro_is1" = DVDInfoPro
"ENTERPRISE" = Microsoft Office Enterprise 2007
"Exact Audio Copy" = Exact Audio Copy 0.99pb5
"ExtractNow_is1" = ExtractNow
"ffdshow_is1" = ffdshow [rev 1723] [2007-12-24]
"FitDay_is1" = FitDay PC version 1.0
"foobar2000" = foobar2000 v1.0
"Forte Agent" = Forté Agent
"FTPRush_is1" = FTPRush 1.0.0.612 Unicode
"Gordian Knot" = Gordian Knot Rip Pack 0.35.0
"GrabIt_is1" = GrabIt 1.7.2 Beta 4 (build 997)
"HaaliMkx" = Haali Media Splitter
"HD Tune Pro_is1" = HD Tune Pro 4.50
"HijackThis" = HijackThis 2.0.2
"ImgBurn" = ImgBurn
"InstallShield_{2F8BA3FD-1FA9-4279-B696-712ABB12F09F}" = SmartSound Quicktracks 5
"InstallShield_{8C20787A-7402-4FA7-BF25-6E5750930FDC}" = CyberLink PowerDVD 10
"InstallShield_{B8A2869E-30CA-40C5-9CF8-BD7354E57EF8}" = SmartSound Common Data
"IrfanView" = IrfanView (remove only)
"JDownloader" = JDownloader
"jZip" = jZip
"LimeWire" = LimeWire PRO 5.4.7
"LiveUpdate" = LiveUpdate 3.2 (Symantec Corporation)
"MakeMKV" = MakeMKV v1.5.6_beta
"Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware version 1.51.0.1200
"MediaInfo" = MediaInfo 0.7.44
"MediaMonkey_is1" = MediaMonkey 3.2
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"Mimo" = Mimo
"mIRC" = mIRC
"MKVtoolnix" = MKVtoolnix 4.3.0
"MozBackup" = MozBackup 1.4.10
"Mozilla Firefox (4.0b3)" = Mozilla Firefox (4.0b3)
"Mozilla Firefox 4.0.1 (x86 en-US)" = Mozilla Firefox 4.0.1 (x86 en-US)
"NewsLeecher_is1" = NewsLeecher v4.0 Final
"OggDS" = Direct Show Ogg Vorbis Filter (remove only)
"OpenAL" = OpenAL
"PC Wizard 2009_is1" = PC Wizard 2009.1.9111
"PDFRead" = PDFRead 1.8.2
"pycrypto-py2.7" = Python 2.7 pycrypto-2.1.0
"pywin32-py2.7" = Python 2.7 pywin32-214
"QuickPar" = QuickPar 0.9
"QuickSFV" = QuickSFV (Remove only)
"RadLight PVA DirectShow filter" = RadLight PVA DirectShow filter (remove only)
"Recover My Files_is1" = Recover My Files
"Registry Mechanic_is1" = Registry Mechanic 9.0
"Sandboxie" = Sandboxie 3.50
"SoftwareUpdUtility" = Download Updater (AOL LLC)
"SopCast" = SopCast 3.2.9
"Sophos-AntiRootkit" = Sophos Anti-Rootkit 1.3.1
"SpeedFan" = SpeedFan (remove only)
"TeamViewer 6" = TeamViewer 6
"TFTPUtil" = TFTPUtil GUI Installer
"The KMPlayer" = The KMPlayer (remove only)
"TrueCrypt" = TrueCrypt
"TVersity Codec Pack" = TVersity Codec Pack 1.4
"TVersity Media Server" = TVersity Media Server 1.9.3
"URLSnooper 2_is1" = URL Snooper v2.28.01
"uTorrent" = µTorrent
"Veetle TV" = Veetle TV 0.9.18
"Video Cleaner Pro" = River Past Video Cleaner Pro
"Videora iPod Converter" = Videora iPod Converter 5.04
"VLC media player" = VLC media player 1.1.8
"VobSub" = VobSub v2.23 (Remove Only)
"Winamp" = Winamp
"Windows Live OneCare safety scanner" = Windows Live OneCare safety scanner
"WinGimp-2.0_is1" = GIMP 2.6.11
"WinPcapInst" = WinPcap 4.1.1
"WinRAR archiver" = WinRAR archiver
"WMV9_VCM" = Microsoft Windows Media Video 9 VCM
"XviD MPEG4 Video Codec" = XviD MPEG4 Video Codec (remove only)
"Xvid_is1" = Xvid 1.2.2 final uninstall

========== HKEY_USERS Uninstall List ==========

[HKEY_USERS\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]

========== HKEY_USERS Uninstall List ==========

[HKEY_USERS\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]

========== HKEY_USERS Uninstall List ==========

[HKEY_USERS\S-1-5-21-3382357653-3275850264-2365083677-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"FlashMute" = FlashMute
"Google Chrome" = Google Chrome
"Move Media Player" = Move Media Player
"Octoshape Streaming Services" = Octoshape Streaming Services

========== Last 10 Event Log Errors ==========

[ Application Events ]
Error - 4/18/2011 10:59:30 AM | Computer Name = Joel-PC | Source = VSS | ID = 12293
Description =

Error - 4/18/2011 10:59:30 AM | Computer Name = Joel-PC | Source = Diskeeper | ID = 5
Description = Diskeeper Control Center - ERROR Unable to check the VSS Shadow Copy
status for volume C:\ .

Error - 4/18/2011 10:59:30 AM | Computer Name = Joel-PC | Source = VSS | ID = 12293
Description =

Error - 4/18/2011 10:59:30 AM | Computer Name = Joel-PC | Source = Diskeeper | ID = 5
Description = Diskeeper Control Center - ERROR Unable to check the VSS Shadow Copy
status for volume D:\ .

Error - 4/18/2011 12:19:43 PM | Computer Name = Joel-PC | Source = SideBySide | ID = 16842815
Description = Activation context generation failed for "c:\program files\mozbackup\dll\DelZip179.dll".Error
in manifest or policy file "c:\program files\mozbackup\dll\DelZip179.dll" on line
8. The value "*" of attribute "language" in element "assemblyIdentity" is invalid.

Error - 4/18/2011 12:20:34 PM | Computer Name = Joel-PC | Source = SideBySide | ID = 16842815
Description = Activation context generation failed for "c:\program files\spybot
- search & destroy\DelZip179.dll".Error in manifest or policy file "c:\program files\spybot
- search & destroy\DelZip179.dll" on line 8. The value "*" of attribute "language"
in element "assemblyIdentity" is invalid.

Error - 4/18/2011 1:19:46 PM | Computer Name = Joel-PC | Source = VSS | ID = 12293
Description =

Error - 4/18/2011 1:19:46 PM | Computer Name = Joel-PC | Source = Diskeeper | ID = 5
Description = Diskeeper Control Center - ERROR Unable to check the VSS Shadow Copy
status for volume {DD8877C6-F68C-11DE-9722-001111180546}:\ .

Error - 4/18/2011 1:30:05 PM | Computer Name = Joel-PC | Source = VSS | ID = 12293
Description =

Error - 4/18/2011 1:30:05 PM | Computer Name = Joel-PC | Source = Diskeeper | ID = 5
Description = Diskeeper Control Center - ERROR Unable to check the VSS Shadow Copy
status for volume I:\ .

[ Media Center Events ]
Error - 2/4/2010 8:37:28 AM | Computer Name = Joel-PC | Source = MCUpdate | ID = 0
Description = 4:37:22 AM - Error connecting to the internet. 4:37:22 AM - Unable
to contact server..

Error - 6/8/2011 9:57:59 AM | Computer Name = Joel-PC | Source = MCUpdate | ID = 0
Description = 6:57:59 AM - Failed to retrieve Directory (Error: The underlying connection
was closed: An unexpected error occurred on a receive.)

[ OSession Events ]
Error - 5/18/2011 4:48:04 AM | Computer Name = Joel-PC | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 0, Application Name: Microsoft Office Word, Application Version:
12.0.6545.5000, Microsoft Office Version: 12.0.6425.1000. This session lasted 3
seconds with 0 seconds of active time. This session ended with a crash.

[ System Events ]
Error - 6/19/2011 11:44:22 PM | Computer Name = Joel-PC | Source = volsnap | ID = 393252
Description = The shadow copies of volume C: were aborted because the shadow copy
storage could not grow due to a user imposed limit.

Error - 6/20/2011 9:11:50 AM | Computer Name = Joel-PC | Source = Service Control Manager | ID = 7031
Description = The Apple Mobile Device service terminated unexpectedly. It has done
this 1 time(s). The following corrective action will be taken in 60000 milliseconds:
Restart the service.

Error - 6/20/2011 9:12:01 AM | Computer Name = Joel-PC | Source = Service Control Manager | ID = 7034
Description = The MBAMService service terminated unexpectedly. It has done this
1 time(s).

Error - 6/20/2011 9:12:07 AM | Computer Name = Joel-PC | Source = Service Control Manager | ID = 7034
Description = The Sandboxie Service service terminated unexpectedly. It has done
this 1 time(s).

Error - 6/20/2011 8:35:22 PM | Computer Name = Joel-PC | Source = volsnap | ID = 393252
Description = The shadow copies of volume C: were aborted because the shadow copy
storage could not grow due to a user imposed limit.

Error - 6/20/2011 10:28:05 PM | Computer Name = Joel-PC | Source = volsnap | ID = 393252
Description = The shadow copies of volume C: were aborted because the shadow copy
storage could not grow due to a user imposed limit.

Error - 6/21/2011 5:55:33 AM | Computer Name = Joel-PC | Source = volsnap | ID = 393252
Description = The shadow copies of volume C: were aborted because the shadow copy
storage could not grow due to a user imposed limit.

Error - 6/21/2011 9:47:23 PM | Computer Name = Joel-PC | Source = Service Control Manager | ID = 7026
Description = The following boot-start or system-start driver(s) failed to load:
vsmraid

Error - 6/21/2011 10:18:24 PM | Computer Name = Joel-PC | Source = volsnap | ID = 393252
Description = The shadow copies of volume C: were aborted because the shadow copy
storage could not grow due to a user imposed limit.

Error - 6/22/2011 12:51:53 AM | Computer Name = Joel-PC | Source = volsnap | ID = 393252
Description = The shadow copies of volume C: were aborted because the shadow copy
storage could not grow due to a user imposed limit.


< End of report >

This post has been edited by Aironet: 22 June 2011 - 01:40 AM

#4 User is offline   SweetTech 

  • Agent ST
  • PipPipPipPipPipPip
  • Find Topics
  • Group: Malware Response Team
  • Posts: 12,662
  • Joined: 15-March 09
  • Gender:Male
  • Location:Antarctica

Posted 22 June 2011 - 11:23 AM

Hi!

Did you set these proxies in Firefox?

FF - prefs.js..network.proxy.backup.ftp: "66.29.36.93"
FF - prefs.js..network.proxy.backup.ftp_port: 554
FF - prefs.js..network.proxy.backup.gopher: "66.29.36.93"
FF - prefs.js..network.proxy.backup.gopher_port: 554
FF - prefs.js..network.proxy.backup.socks: "66.29.36.93"
FF - prefs.js..network.proxy.backup.socks_port: 554
FF - prefs.js..network.proxy.backup.ssl: "66.29.36.93"
FF - prefs.js..network.proxy.backup.ssl_port: 554
FF - prefs.js..network.proxy.ftp: "66.29.36.93"
FF - prefs.js..network.proxy.ftp_port: 554
FF - prefs.js..network.proxy.gopher: "66.29.36.93"
FF - prefs.js..network.proxy.gopher_port: 554
FF - prefs.js..network.proxy.http_port: 554
FF - prefs.js..network.proxy.share_proxy_settings: true
FF - prefs.js..network.proxy.socks: "66.29.36.93"
FF - prefs.js..network.proxy.socks_port: 554
FF - prefs.js..network.proxy.ssl: "66.29.36.93"
FF - prefs.js..network.proxy.ssl_port: 554
FF - prefs.js..network.proxy.type: 0


If you don't use Symantec then remove it.

Remove Norton Tool

ONLY if you don't have an active subscription, use below link to uninstall Norton.

Please click HERE and follow the instructions to download and run the Norton Removal Tool for your own version.

It is strongly recommended that you run only one anti-virus program at a time. Having more than one anti-virus program active in memory uses additional resources and can result in program conflicts and false virus alerts.


NEXT:


We need to remove a program. To do this please do the following:
For Vista Users:
  • Click on Start > Control Panel and double click on Programs and Features.
  • Locate LiveUpdate 3.2 and click on the Uninstall button to uninstall it.
  • Repeat for Norton Ghost <-- If you do not use it then remove it.
  • Close Control Panel when done.



NEXT:




I'm also going to script out the remaining Norton files, so if you plan on keeping the Norton Ghost, don't run this script below.

OTL Fix

We need to run an OTL Fix
  • Please reopen Posted Image on your desktop.
  • Copy and Paste the following code into the Posted Image textbox.
    :Services
:OTL
SRV - File not found [Disabled | Stopped] -- -- (XNDJ)
SRV - File not found [Disabled | Stopped] -- -- (V)
SRV - File not found [Disabled | Stopped] -- -- (PYCIV)
SRV - File not found [Disabled | Stopped] -- -- (IJIBJJOEYUGEA)
SRV - [2009/10/01 22:32:04 | 004,584,288 | ---- | M] (Symantec Corporation) [Disabled | Stopped] -- C:\Program Files\Norton Ghost\Agent\VProSvc.exe -- (Norton Ghost)
SRV - [2009/09/21 21:25:34 | 001,571,336 | ---- | M] (Symantec) [Disabled | Stopped] -- C:\Program Files\Norton Ghost\Shared\Drivers\GenericMountHelper.exe -- (GenericMount Helper Service)
SRV - [2009/09/21 21:19:20 | 001,964,528 | ---- | M] (Symantec) [Disabled | Stopped] -- C:\Program Files\Norton Ghost\Shared\Drivers\SymSnapService.exe -- (SymSnapService)
SRV - [2007/09/12 19:27:24 | 002,999,664 | ---- | M] (Symantec Corporation) [Disabled | Stopped] -- C:\Program Files\Symantec\LiveUpdate\LuComServer_3_2.EXE -- (LiveUpdate)
DRV - [2009/09/21 21:40:14 | 000,015,096 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\vproeventmonitor.sys -- (VProEventMonitor)
DRV - [2009/09/21 21:26:10 | 000,046,192 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\GenericMount.sys -- (GenericMount)
[2011/05/06 18:36:28 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}
[2011/05/08 10:51:45 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA}
O3 - HKU\.DEFAULT\..\Toolbar\WebBrowser: (no name) - {9D425283-D487-4337-BAB6-AB8354A81457} - No CLSID value found.
O3 - HKU\S-1-5-18\..\Toolbar\WebBrowser: (no name) - {9D425283-D487-4337-BAB6-AB8354A81457} - No CLSID value found.
O3 - HKU\S-1-5-21-3382357653-3275850264-2365083677-1001\..\Toolbar\WebBrowser: (no name) - {D4027C7F-154A-4066-A1AD-4243D8127440} - No CLSID value found.
O4 - HKLM..\RunOnceEx: [Flags] Reg Error: Invalid data type. File not found
O4 - HKLM..\RunOnceEx: [Title] File not found
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cab (Java Plug-in 1.6.0_24)
O16 - DPF: {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cab (Java Plug-in 1.6.0_24)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cab (Java Plug-in 1.6.0_24)
O28 - HKLM ShellExecuteHooks: {AEB6717E-7E19-11d0-97EE-00C04FD91972} - Reg Error: Key error. File not found
O34 - HKLM BootExecute: (autocheck ???) - File not found
O34 - HKLM BootExecute: (autocheck ?_?_g) - File not found
O37 - HKU\S-1-5-21-3382357653-3275850264-2365083677-1001\...com [@ = comfile] -- Reg Error: Value error. File not found
[2011/02/22 18:57:40 | 000,266,240 | ---- | C] (Intel Corporation) -- C:\Users\Joel\AppData\Local\ocarizevul.dll
[2011/06/09 01:39:04 | 000,000,120 | ---- | M] () -- C:\Users\Joel\AppData\Local\Jjitulasejadaz.dat
[2011/06/09 01:13:56 | 000,000,000 | ---- | M] () -- C:\Users\Joel\AppData\Local\Tbacodobuvogep.bin
[2011/06/08 23:36:15 | 000,000,120 | ---- | C] () -- C:\Users\Joel\AppData\Local\Jjitulasejadaz.dat
[2011/06/08 23:36:15 | 000,000,000 | ---- | C] () -- C:\Users\Joel\AppData\Local\Tbacodobuvogep.bin
[2009/07/13 16:11:12 | 000,151,808 | ---- | C] () -- C:\Windows\System32\bezitfox.dat
[2009/07/13 16:11:12 | 000,136,960 | ---- | C] () -- C:\Windows\System32\qxhxxsyx.dat
[2009/07/13 16:11:12 | 000,034,048 | ---- | C] () -- C:\Windows\System32\cgndrihq.dat
@Alternate Data Stream - 368 bytes -> C:\Users\Joel\AppData\Local\desktop.ini:722b2b1c349a06abf0e866180e5a7e63
@Alternate Data Stream - 203 bytes -> C:\ProgramData\TEMP:E6E3D650
@Alternate Data Stream - 154 bytes -> C:\ProgramData\TEMP:D1B5B4F1

:Reg

:Files
C:\Program Files\Symantec\
ipconfig /flushdns /c
:Commands
[purity]
[resethosts]
[CreateRestorePoint]

  • Push Posted Image
  • OTL may ask to reboot the machine. Please do so if asked.
  • Click the OK button.
  • A report will open. Copy and Paste that report in your next reply.
  • If the machine reboots, the log will be located at C:\_OTL\MovedFiles\mmddyyyy_hhmmss.log, where mmddyyyy_hhmmss is the date of the tool run.



NEXT:



Running ComboFix
Download Combofix from either of the links below, and save it to your desktop.

Link 1
Link 2

**Note: It is important that it is saved directly to your desktop**

--------------------------------------------------------------------
IMPORTANT - Disable your AntiVirus and AntiSpyware applications, usually via a right click on the System Tray icon. They may otherwise interfere with our tools. If you have difficulty properly disabling your protective programs, refer to this link here

Note: If AVG or CA Internet Security Suite is installed, you must remove these programs before using Combofix. If for some reason these applications will not uninstall, try uninstalling with AppRemover by Opswat.
--------------------------------------------------------------------

Double click on ComboFix.exe & follow the prompts.
    When finished, it will produce a report for you.
  • Please post the C:\ComboFix.txt for further review.

Have I helped you? If you'd like to assist in the fight against malware, click here Posted Image


The instructions seen in this post have been specifically tailored to this user and the issues they are experiencing with their computer. If you think you have a similar problem, please first read this topic, and then begin your own, new thread. I do not offer private support via Private Message.

#5 User is offline   Aironet 

  • New Member
  • Pip
  • Find Topics
  • Group: Members
  • Posts: 13
  • Joined: 13-June 11

Posted 22 June 2011 - 12:30 PM

No I don't remember setting those proxies in firefox. That's strange because I'm not using a proxy and haven't for a long time. Also, I decided to uninstall Norton Ghost because I use the backup feature that comes with Windows 7.

OTL Fix

========== SERVICES/DRIVERS ==========
========== OTL ==========
Service XNDJ stopped successfully!
Service XNDJ deleted successfully!
Service V stopped successfully!
Service V deleted successfully!
Service PYCIV stopped successfully!
Service PYCIV deleted successfully!
Service IJIBJJOEYUGEA stopped successfully!
Service IJIBJJOEYUGEA deleted successfully!
Error: No service named Norton Ghost was found to stop!
Service\Driver key Norton Ghost not found.
File C:\Program Files\Norton Ghost\Agent\VProSvc.exe not found.
Error: No service named GenericMount Helper Service was found to stop!
Service\Driver key GenericMount Helper Service not found.
File C:\Program Files\Norton Ghost\Shared\Drivers\GenericMountHelper.exe not found.
Error: No service named SymSnapService was found to stop!
Service\Driver key SymSnapService not found.
File C:\Program Files\Norton Ghost\Shared\Drivers\SymSnapService.exe not found.
Error: No service named LiveUpdate was found to stop!
Service\Driver key LiveUpdate not found.
File C:\Program Files\Symantec\LiveUpdate\LuComServer_3_2.EXE not found.
Error: No service named VProEventMonitor was found to stop!
Service\Driver key VProEventMonitor not found.
File C:\Windows\System32\drivers\vproeventmonitor.sys not found.
Service GenericMount stopped successfully!
Service GenericMount deleted successfully!
C:\Windows\System32\drivers\GenericMount.sys moved successfully.
C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}\chrome\locale\zh-TW\ffjcext folder moved successfully.
C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}\chrome\locale\zh-TW folder moved successfully.
C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}\chrome\locale\zh-CN\ffjcext folder moved successfully.
C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}\chrome\locale\zh-CN folder moved successfully.
C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}\chrome\locale\sv-SE\ffjcext folder moved successfully.
C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}\chrome\locale\sv-SE folder moved successfully.
C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}\chrome\locale\ko-KR\ffjcext folder moved successfully.
C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}\chrome\locale\ko-KR folder moved successfully.
C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}\chrome\locale\ja-JP\ffjcext folder moved successfully.
C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}\chrome\locale\ja-JP folder moved successfully.
C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}\chrome\locale\it-IT\ffjcext folder moved successfully.
C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}\chrome\locale\it-IT folder moved successfully.
C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}\chrome\locale\fr-FR\ffjcext folder moved successfully.
C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}\chrome\locale\fr-FR folder moved successfully.
C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}\chrome\locale\es-ES\ffjcext folder moved successfully.
C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}\chrome\locale\es-ES folder moved successfully.
C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}\chrome\locale\en-US\ffjcext folder moved successfully.
C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}\chrome\locale\en-US folder moved successfully.
C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}\chrome\locale\de-DE\ffjcext folder moved successfully.
C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}\chrome\locale\de-DE folder moved successfully.
C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}\chrome\locale folder moved successfully.
C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}\chrome\content\ffjcext folder moved successfully.
C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}\chrome\content folder moved successfully.
C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}\chrome folder moved successfully.
C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA} folder moved successfully.
C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA}\chrome\locale\zh-TW\ffjcext folder moved successfully.
C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA}\chrome\locale\zh-TW folder moved successfully.
C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA}\chrome\locale\zh-CN\ffjcext folder moved successfully.
C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA}\chrome\locale\zh-CN folder moved successfully.
C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA}\chrome\locale\sv-SE\ffjcext folder moved successfully.
C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA}\chrome\locale\sv-SE folder moved successfully.
C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA}\chrome\locale\ko-KR\ffjcext folder moved successfully.
C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA}\chrome\locale\ko-KR folder moved successfully.
C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA}\chrome\locale\ja-JP\ffjcext folder moved successfully.
C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA}\chrome\locale\ja-JP folder moved successfully.
C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA}\chrome\locale\it-IT\ffjcext folder moved successfully.
C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA}\chrome\locale\it-IT folder moved successfully.
C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA}\chrome\locale\fr-FR\ffjcext folder moved successfully.
C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA}\chrome\locale\fr-FR folder moved successfully.
C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA}\chrome\locale\es-ES\ffjcext folder moved successfully.
C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA}\chrome\locale\es-ES folder moved successfully.
C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA}\chrome\locale\en-US\ffjcext folder moved successfully.
C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA}\chrome\locale\en-US folder moved successfully.
C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA}\chrome\locale\de-DE\ffjcext folder moved successfully.
C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA}\chrome\locale\de-DE folder moved successfully.
C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA}\chrome\locale folder moved successfully.
C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA}\chrome\content\ffjcext folder moved successfully.
C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA}\chrome\content folder moved successfully.
C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA}\chrome folder moved successfully.
C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA} folder moved successfully.
Registry value HKEY_USERS\.DEFAULT\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{9D425283-D487-4337-BAB6-AB8354A81457} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{9D425283-D487-4337-BAB6-AB8354A81457}\ not found.
Registry value HKEY_USERS\S-1-5-18\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{9D425283-D487-4337-BAB6-AB8354A81457} not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{9D425283-D487-4337-BAB6-AB8354A81457}\ not found.
Registry value HKEY_USERS\S-1-5-21-3382357653-3275850264-2365083677-1001\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{D4027C7F-154A-4066-A1AD-4243D8127440} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{D4027C7F-154A-4066-A1AD-4243D8127440}\ not found.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\RunOnceEx\\Flags deleted successfully.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\RunOnceEx\\Title deleted successfully.
Starting removal of ActiveX control {8AD9C840-044E-11D1-B3E9-00805F499D93}
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{8AD9C840-044E-11D1-B3E9-00805F499D93}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{8AD9C840-044E-11D1-B3E9-00805F499D93}\ deleted successfully.
Registry key HKEY_CURRENT_USER\SOFTWARE\Classes\CLSID\{8AD9C840-044E-11D1-B3E9-00805F499D93}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{8AD9C840-044E-11D1-B3E9-00805F499D93}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{8AD9C840-044E-11D1-B3E9-00805F499D93}\ not found.
Starting removal of ActiveX control {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA}
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA}\ deleted successfully.
Registry key HKEY_CURRENT_USER\SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA}\ not found.
Starting removal of ActiveX control {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA}
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA}\ not found.
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks\\{AEB6717E-7E19-11d0-97EE-00C04FD91972} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{AEB6717E-7E19-11d0-97EE-00C04FD91972}\ not found.
Registry value HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Session manager\\BootExecute:autocheck ??? deleted successfully.
Registry value HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Session manager\\BootExecute:autocheck ?_?_g deleted successfully.
Registry key HKEY_USERS\S-1-5-21-3382357653-3275850264-2365083677-1001_Classes\.com\ deleted successfully.
Registry key HKEY_USERS\S-1-5-21-3382357653-3275850264-2365083677-1001_Classes\comfile\ deleted successfully.
HKEY_LOCAL_MACHINE\Software\Classes\.com\\|comfile /E : value set successfully!
C:\Users\Joel\AppData\Local\ocarizevul.dll moved successfully.
C:\Users\Joel\AppData\Local\Jjitulasejadaz.dat moved successfully.
C:\Users\Joel\AppData\Local\Tbacodobuvogep.bin moved successfully.
File C:\Users\Joel\AppData\Local\Jjitulasejadaz.dat not found.
File C:\Users\Joel\AppData\Local\Tbacodobuvogep.bin not found.
C:\Windows\System32\bezitfox.dat moved successfully.
C:\Windows\System32\qxhxxsyx.dat moved successfully.
C:\Windows\System32\cgndrihq.dat moved successfully.
ADS C:\Users\Joel\AppData\Local\desktop.ini:722b2b1c349a06abf0e866180e5a7e63 deleted successfully.
ADS C:\ProgramData\TEMP:E6E3D650 deleted successfully.
ADS C:\ProgramData\TEMP:D1B5B4F1 deleted successfully.
========== REGISTRY ==========
========== FILES ==========
Folder C:\Program Files\Symantec not found.
< ipconfig /flushdns /c >
Windows IP Configuration
Successfully flushed the DNS Resolver Cache.
C:\Users\Joel\Desktop\cmd.bat deleted successfully.
C:\Users\Joel\Desktop\cmd.txt deleted successfully.
========== COMMANDS ==========
C:\Windows\System32\drivers\etc\Hosts moved successfully.
HOSTS file reset successfully


OTL by OldTimer - Version 3.2.24.1 log created on 06222011_100315


Combofix

ComboFix 11-06-22.01 - Joel 06/22/2011 10:08:44.4.2 - x86
Microsoft Windows 7 Ultimate 6.1.7601.1.1252.1.1033.18.3070.1643 [GMT -7:00]
Running from: c:\users\Joel\Desktop\ComboFix.exe
AV: ESET NOD32 Antivirus 4.2 *Disabled/Updated* {77DEAFED-8149-104B-25A1-21771CA47CD1}
SP: ESET NOD32 Antivirus 4.2 *Disabled/Updated* {CCBF4E09-A773-1FC5-1F11-1A056723366C}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
((((((((((((((((((((((((( Files Created from 2011-05-22 to 2011-06-22 )))))))))))))))))))))))))))))))
.
.
2011-06-22 17:16 . 2011-06-22 17:16 -------- d-----w- c:\users\Public\AppData\Local\temp
2011-06-22 17:16 . 2011-06-22 17:16 -------- d-----w- c:\users\Default\AppData\Local\temp
2011-06-22 17:03 . 2011-06-22 17:03 -------- d-----w- C:\_OTL
2011-06-22 15:21 . 2011-06-22 15:21 -------- d-----w- c:\users\Joel\DoctorWeb
2011-06-22 10:02 . 2011-06-22 17:00 -------- d-----w- c:\users\Mcx1-JOEL-PC
2011-06-21 16:55 . 2011-06-07 15:55 7074640 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{8B00C5F4-D421-46F8-A5AF-D0777389D8FF}\mpengine.dll
2011-06-21 11:39 . 2011-06-21 11:39 -------- d-----w- c:\users\Joel\AppData\Local\Apps
2011-06-20 11:12 . 2011-06-20 11:12 -------- d-----w- c:\program files\DVBPortal
2011-06-16 13:21 . 2011-06-16 13:21 2 --shatr- c:\windows\winstart.bat
2011-06-16 13:20 . 2011-06-16 13:52 -------- d-----w- c:\program files\UnHackMe
2011-06-16 10:28 . 2011-06-16 10:28 -------- d-----w- c:\users\Joel\AppData\Local\Supremus Corporation
2011-06-16 10:28 . 2011-06-16 10:38 -------- d-----w- c:\program files\Windows Updates Downloader
2011-06-16 07:46 . 2011-04-09 05:56 123904 ----a-w- c:\windows\system32\poqexec.exe
2011-06-15 23:31 . 2011-05-03 04:30 741376 ----a-w- c:\windows\system32\inetcomm.dll
2011-06-15 23:31 . 2011-02-25 05:34 571904 ----a-w- c:\windows\system32\oleaut32.dll
2011-06-15 23:31 . 2011-04-29 04:57 759296 ----a-w- c:\program files\Common Files\Microsoft Shared\VGX\VGX.dll
2011-06-15 23:31 . 2011-04-22 19:14 27008 ----a-w- c:\windows\system32\drivers\Diskdump.sys
2011-06-15 23:29 . 2011-04-27 02:17 223744 ----a-w- c:\windows\system32\drivers\mrxsmb10.sys
2011-06-15 23:29 . 2011-04-27 02:17 96768 ----a-w- c:\windows\system32\drivers\mrxsmb20.sys
2011-06-15 23:29 . 2011-04-27 02:17 123904 ----a-w- c:\windows\system32\drivers\mrxsmb.sys
2011-06-12 21:48 . 2011-05-29 16:11 39984 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2011-06-12 21:48 . 2011-05-29 16:11 22712 ----a-w- c:\windows\system32\drivers\mbam.sys
2011-06-10 08:15 . 2011-06-22 17:16 -------- d-----w- c:\users\Joel\AppData\Local\temp
2011-06-10 05:30 . 2011-06-16 13:20 -------- d-----w- c:\programdata\SecTaskMan
2011-06-09 15:02 . 2011-06-09 15:02 -------- d-----w- c:\users\Joel\AppData\Roaming\FileMaker
2011-06-09 14:09 . 2011-06-10 14:12 -------- d-----w- c:\program files\FileMaker
2011-06-09 09:33 . 2011-06-09 09:33 -------- d-----w- c:\users\Joel\AppData\Roaming\FileMaker Pro Advanced
2011-06-09 09:31 . 2011-06-09 09:31 -------- d-----w- c:\users\Joel\AppData\Local\FileMaker
2011-06-09 09:31 . 2011-06-09 09:31 -------- d-----w- c:\users\Joel\AppData\Roaming\Leadertech
2011-06-09 07:29 . 2011-06-09 07:29 -------- d-----w- c:\windows\Sun
2011-06-09 05:30 . 2011-06-09 05:30 -------- d-----w- c:\users\Joel\AppData\Roaming\PeerNetworking
2011-06-07 09:05 . 2011-06-07 09:05 -------- d-----w- c:\programdata\Canopus
2011-06-06 19:55 . 2011-06-06 19:55 183696 ----a-w- c:\program files\Mozilla Firefox\plugins\nppdf32.dll
2011-06-06 19:55 . 2011-06-06 19:55 183696 ----a-w- c:\program files\Internet Explorer\Plugins\nppdf32.dll
2011-05-24 23:32 . 2011-05-24 23:32 -------- d-----w- c:\users\Joel\AppData\Local\Octoshape
2011-05-24 15:06 . 2011-05-24 15:06 -------- d-----w- c:\users\Joel\AppData\Roaming\Octoshape
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2011-06-15 06:34 . 2011-05-16 22:01 404640 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2011-05-25 02:14 . 2009-10-14 09:58 222080 ------w- c:\windows\system32\MpSigStub.exe
2011-04-18 07:09 . 2010-01-04 09:32 4283672 ----a-w- c:\programdata\Microsoft\eHome\Packages\MCEClientUX\UpdateableMarkup\markup.dll
2011-04-18 07:08 . 2011-04-18 07:08 42776 ----a-w- c:\programdata\Microsoft\eHome\Packages\MCEClientUX\dSM-2\StartResources.dll
2011-04-18 07:08 . 2010-02-27 20:37 539968 ----a-w- c:\programdata\Microsoft\eHome\Packages\MCESpotlight\MCESpotlight-2\SpotlightResources.dll
2011-04-09 06:02 . 2011-05-11 04:54 3967872 ----a-w- c:\windows\system32\ntkrnlpa.exe
2011-04-09 06:02 . 2011-05-11 04:54 3912576 ----a-w- c:\windows\system32\ntoskrnl.exe
2011-03-25 02:58 . 2011-05-11 04:54 258560 ----a-w- c:\windows\system32\drivers\usbhub.sys
2011-03-25 02:58 . 2011-05-11 04:54 284672 ----a-w- c:\windows\system32\drivers\usbport.sys
2011-03-25 02:58 . 2011-05-11 04:54 75776 ----a-w- c:\windows\system32\drivers\usbccgp.sys
2011-03-25 02:57 . 2011-05-11 04:54 43008 ----a-w- c:\windows\system32\drivers\usbehci.sys
2011-03-25 02:57 . 2011-05-11 04:54 24064 ----a-w- c:\windows\system32\drivers\usbuhci.sys
2011-03-25 02:57 . 2011-05-11 04:54 5888 ----a-w- c:\windows\system32\drivers\usbd.sys
2011-05-05 23:22 . 2011-05-05 23:22 142296 ----a-w- c:\program files\mozilla firefox\components\browsercomps.dll
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"uTorrent"="c:\program files\uTorrent\uTorrent.exe" [2011-03-29 399736]
"SandboxieControl"="c:\program files\Sandboxie\SbieCtrl.exe" [2010-10-17 404200]
"DU Meter"="c:\program files\DU Meter\DUMeter.exe" [2010-08-22 2931744]
"RESTART_STICKY_NOTES"="c:\windows\System32\StikyNot.exe" [2009-07-14 354304]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2010-10-29 249064]
"egui"="c:\program files\ESET\ESET NOD32 Antivirus\egui.exe" [2010-08-12 2215064]
"CTxfiHlp"="CTXFIHLP.EXE" [2007-04-09 19968]
"CTHelper"="CTHELPER.EXE" [2009-03-04 19456]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2011-06-06 937920]
"Malwarebytes' Anti-Malware"="c:\program files\Malwarebytes' Anti-Malware\mbamgui.exe" [2011-05-29 449584]
"Malwarebytes' Anti-Malware (reboot)"="c:\program files\Malwarebytes' Anti-Malware\mbam.exe" [2011-05-29 1047656]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"mixer3"=wdmaud.drv
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]
BootExecute REG_MULTI_SZ autocheck autochk *\0autocheck autocheck ??
.
[HKLM\~\startupfolder\C:^Users^Joel^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^LimeWire On Startup.lnk]
backup=c:\windows\pss\LimeWire On Startup.lnk.Startup
backupExtension=.Startup
.
R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]
R2 gupdate;Google Update Service (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [2010-07-22 136176]
R3 COMMONFX;COMMONFX;c:\windows\system32\drivers\COMMONFX.SYS [2009-03-04 99352]
R3 Creative Audio Engine Licensing Service;Creative Audio Engine Licensing Service;c:\program files\Common Files\Creative Labs Shared\Service\CTAELicensing.exe [2010-02-07 79360]
R3 CTAUDFX;CTAUDFX;c:\windows\system32\drivers\CTAUDFX.SYS [2009-03-04 555032]
R3 CTERFXFX.SYS;CTERFXFX.SYS;c:\windows\System32\drivers\CTERFXFX.SYS [2009-03-04 100888]
R3 CTERFXFX;CTERFXFX;c:\windows\system32\drivers\CTERFXFX.SYS [2009-03-04 100888]
R3 CTSBLFX;CTSBLFX;c:\windows\system32\drivers\CTSBLFX.SYS [2009-03-04 566296]
R3 gupdatem;Google Update Service (gupdatem);c:\program files\Google\Update\GoogleUpdate.exe [2010-07-22 136176]
R3 MEMSWEEP2;MEMSWEEP2;c:\windows\system32\AF03.tmp [x]
R3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;c:\windows\system32\drivers\rdpvideominiport.sys [2010-11-20 15872]
R3 Synth3dVsc;Synth3dVsc;c:\windows\system32\drivers\synth3dvsc.sys [x]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [2010-11-20 52224]
R3 tsusbhub;tsusbhub;c:\windows\system32\drivers\tsusbhub.sys [x]
R3 VGPU;VGPU;c:\windows\system32\drivers\rdvgkmd.sys [x]
R4 PCToolsSSDMonitorSvc;PC Tools Startup and Shutdown Monitor service;c:\program files\Common Files\PC Tools\sMonitor\StartManSvc.exe [2009-11-25 583640]
R4 sptd;sptd;c:\windows\System32\Drivers\sptd.sys [2010-01-03 691696]
S1 ehdrv;ehdrv;c:\windows\system32\DRIVERS\ehdrv.sys [2010-07-29 115008]
S2 {1BA31E5A-C098-42d8-8F88-3C9F78A2FDDC};Power Control [2010/08/01 05:47];c:\program files\CyberLink\PowerDVD10\NavFilter\000.fcl [2010-06-29 05:50 87536]
S2 AdobeARMservice;Adobe Acrobat Update Service;c:\program files\Common Files\Adobe\ARM\1.0\armsvc.exe [2011-06-06 64952]
S2 DUMeterSvc;DU Meter Service;c:\program files\DU Meter\DUMeterSvc.exe [2010-08-22 1411616]
S2 eamonm;eamonm;c:\windows\system32\DRIVERS\eamonm.sys [2010-07-29 136632]
S2 ekrn;ESET Service;c:\program files\ESET\ESET NOD32 Antivirus\ekrn.exe [2010-08-12 810144]
S2 epfwwfpr;epfwwfpr;c:\windows\system32\DRIVERS\epfwwfpr.sys [2010-07-29 96920]
S2 MBAMService;MBAMService;c:\program files\Malwarebytes' Anti-Malware\mbamservice.exe [2011-05-29 366640]
S2 NPF;NetGroup Packet Filter Driver;c:\windows\system32\drivers\npf.sys [2009-10-20 50704]
S2 TeamViewer6;TeamViewer 6;c:\program files\TeamViewer\Version6\TeamViewer_Service.exe [2011-06-01 2337144]
S3 COMMONFX.SYS;COMMONFX.SYS;c:\windows\System32\drivers\COMMONFX.SYS [2009-03-04 99352]
S3 CTAUDFX.SYS;CTAUDFX.SYS;c:\windows\System32\drivers\CTAUDFX.SYS [2009-03-04 555032]
S3 CTSBLFX.SYS;CTSBLFX.SYS;c:\windows\System32\drivers\CTSBLFX.SYS [2009-03-04 566296]
S3 DKRtWrt;DKRtWrt;c:\windows\system32\DRIVERS\DKRtWrt.sys [2010-03-10 46256]
S3 DUMeterDrv;Hagel Technologies DU Meter traffic accounting driver;c:\program files\DU Meter\DUMETR32.SYS [2010-08-19 19368]
S3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [2011-05-29 22712]
.
.
NETSVCS REQUIRES REPAIRS - current entries shown
AeLookupSvc
CertPropSvc
SCPolicySvc
lanmanserver
gpsvc
IKEEXT
AudioSrv
FastUserSwitchingCompatibility
Ias
Irmon
Nla
Ntmssvc
NWCWorkstation
Rasauto
Rasman
Remoteaccess
SENS
Sharedaccess
SRService
Tapisrv
Wmi
WmdmPmSp
TermService
wuauserv
BITS
ShellHWDetection
LogonHours
PCAudit
helpsvc
uploadmgr
iphlpsvc
seclogon
AppInfo
msiscsi
MMCSS
wercplsupport
EapHost
ProfSvc
schedule
hkmsvc
SessionEnv
winmgmt
browser
Themes
BDESVC
AppMgmt
4
???
0
???
0
???
3
???
3
???
.
???
-
???
,
???
/
???
0
???
/
???
/
???
???
/
???
0
???
???
2
???
2
???
???
3
???
-
???
H
???
I
???
>
???
>
???
-
???
L
???
3
???
0
???
/
???
-
???
8
???
L
???
L
???
???
F
???
H
???
/
???
???
H
???
???
/
???
0
???
/
?d?
0
???
H
???
???
K
???
J
???
???
K
???
J
???
L
???
wtbvijvv
???
M
???
C
???
D
???
C
???
I
???
B
???
?
???
>
???
=
???
@
???
C
???
D
???
7
???
9
???
@
???

???
+
??o
???
???

???
H
???
;
???
<
???
???
F
???
A
???

???
=
???

???
=
???
<
???

???
A
???
<
???
=
??+
4
??¦
;
???
4
???
=
???
<
???
H
???
7
???
4
???
6
.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost - NetSvcs
.
.
Contents of the 'Scheduled Tasks' folder
.
2011-06-22 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-07-22 00:32]
.
2011-06-22 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-07-22 00:32]
.
2011-06-22 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3382357653-3275850264-2365083677-1001Core.job
- c:\users\Joel\AppData\Local\Google\Update\GoogleUpdate.exe [2011-04-30 15:27]
.
2011-06-22 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3382357653-3275850264-2365083677-1001UA.job
- c:\users\Joel\AppData\Local\Google\Update\GoogleUpdate.exe [2011-04-30 15:27]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.bing.com/?pc=ZUGO&form=ZGAPHP
uInternet Settings,ProxyOverride = *.local
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000
TCP: DhcpNameServer = 192.168.1.1
FF - ProfilePath - c:\users\Joel\AppData\Roaming\Mozilla\Firefox\Profiles\o38gkor2.default\
FF - prefs.js: browser.search.defaulturl - hxxp://slirsredirect.search.aol.com/slirs_http/sredir?sredir=2706&invocationType=&query=
FF - prefs.js: browser.search.selectedEngine - Rotten Tomatoes
FF - prefs.js: browser.startup.homepage - hxxp://www.google.com/
FF - prefs.js: keyword.URL - hxxp://www.google.com/search?q=
FF - prefs.js: network.proxy.ftp - 66.29.36.93
FF - prefs.js: network.proxy.ftp_port - 554
FF - prefs.js: network.proxy.gopher - 66.29.36.93
FF - prefs.js: network.proxy.gopher_port - 554
FF - prefs.js: network.proxy.http_port - 554
FF - prefs.js: network.proxy.socks - 66.29.36.93
FF - prefs.js: network.proxy.socks_port - 554
FF - prefs.js: network.proxy.ssl - 66.29.36.93
FF - prefs.js: network.proxy.ssl_port - 554
FF - prefs.js: network.proxy.type - 0
FF - user.js: network.proxy.http -
user_pref(network.proxy.http_port,);
FF - user.js: network.proxy.no_proxies_on -
FF - user.js: network.proxy.type - 0
FF - user.js: network.protocol-handler.warn-external.dnupdate - false);user_pref(yahoo.homepage.dontask, true
.
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\services\DUMeterSvc]
"ImagePath"="c:\program files\DU Meter\DUMeterSvc.exe /startedbyscm:E1F6D4BE-40E33354-DUMeterService"
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\services\MEMSWEEP2]
"ImagePath"="\??\c:\windows\system32\AF03.tmp"
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\services\{1BA31E5A-C098-42d8-8F88-3C9F78A2FDDC}]
"ImagePath"="\??\c:\program files\CyberLink\PowerDVD10\NavFilter\000.fcl"
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
Completion time: 2011-06-22 10:20:08
ComboFix-quarantined-files.txt 2011-06-22 17:20
.
Pre-Run: 46,796,689,408 bytes free
Post-Run: 46,619,774,976 bytes free
.
- - End Of File - - DC2A77EC89DDC69EB65A0A678F4E1256

#6 User is offline   SweetTech 

  • Agent ST
  • PipPipPipPipPipPip
  • Find Topics
  • Group: Malware Response Team
  • Posts: 12,662
  • Joined: 15-March 09
  • Gender:Male
  • Location:Antarctica

Posted 22 June 2011 - 12:37 PM

Hi!

Open notepad by going to START > RUN and type notepad.exe in the box that appears. In the window that pops up please copy and paste the following:

@echo off
swreg query hklm\system\currentcontrolset\services /s |(
SED -r "/^HK|^ +ImagePath.*-k netsvcs/I!d" |(
SED -r ":a; $!N;s/\n.*\t.*/\t/;ta;P;D" |(
SED -r "/.*\\(.*)\t/!d; s//\1/"
)))>Log.txt
Start Notepad Log.txt


In Notepad click on the "File" menu > Save As... Under "File name" type fix.bat and Change "Save as type" to All Files, save it to a place you will remember.

Posted Image

Double click on fix.bat

Please post the Log.txt in your next reply.
Have I helped you? If you'd like to assist in the fight against malware, click here Posted Image


The instructions seen in this post have been specifically tailored to this user and the issues they are experiencing with their computer. If you think you have a similar problem, please first read this topic, and then begin your own, new thread. I do not offer private support via Private Message.

#7 User is offline   Aironet 

  • New Member
  • Pip
  • Find Topics
  • Group: Members
  • Posts: 13
  • Joined: 13-June 11

Posted 22 June 2011 - 12:39 PM

AeLookupSvc
Appinfo
AppMgmt
BDESVC
BITS
Browser
CertPropSvc
EapHost
gpsvc
hkmsvc
IKEEXT
iphlpsvc
LanmanServer
MMCSS
MSiSCSI
ProfSvc
RasAuto
RasMan
RemoteAccess
Schedule
SCPolicySvc
seclogon
SENS
SessionEnv
SharedAccess
ShellHWDetection
Themes
wercplsupport
Winmgmt
wuauserv

#8 User is offline   SweetTech 

  • Agent ST
  • PipPipPipPipPipPip
  • Find Topics
  • Group: Malware Response Team
  • Posts: 12,662
  • Joined: 15-March 09
  • Gender:Male
  • Location:Antarctica

Posted 22 June 2011 - 01:44 PM

Hi!

I need for you to do the following:

Press the Windows key + R

This should launch the Run Dialog box.

Copy/Paste the bolded entry below followed by ENTER:

regedit /e "%userprofile%\desktop\look.txt" "HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost"

Note: You should see a warning from User Account Control asking permission for Registry Editor to run. Please allow it to run.

You should see a new file on your desktop called look.txt

Please post the contents of that file in your next reply.
Have I helped you? If you'd like to assist in the fight against malware, click here Posted Image


The instructions seen in this post have been specifically tailored to this user and the issues they are experiencing with their computer. If you think you have a similar problem, please first read this topic, and then begin your own, new thread. I do not offer private support via Private Message.

#9 User is offline   Aironet 

  • New Member
  • Pip
  • Find Topics
  • Group: Members
  • Posts: 13
  • Joined: 13-June 11

Posted 22 June 2011 - 09:38 PM

Here it is

Windows Registry Editor Version 5.00

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost]
"RPCSS"=hex(7):52,00,70,00,63,00,45,00,70,00,74,00,4d,00,61,00,70,00,70,00,65,\
00,72,00,00,00,52,00,70,00,63,00,53,00,73,00,00,00,00,00
"defragsvc"=hex(7):64,00,65,00,66,00,72,00,61,00,67,00,73,00,76,00,63,00,00,00,\
00,00
"LocalSystemNetworkRestricted"=hex(7):55,00,78,00,53,00,6d,00,73,00,00,00,57,\
00,64,00,69,00,53,00,79,00,73,00,74,00,65,00,6d,00,48,00,6f,00,73,00,74,00,\
00,00,4e,00,65,00,74,00,6d,00,61,00,6e,00,00,00,74,00,72,00,6b,00,77,00,6b,\
00,73,00,00,00,41,00,75,00,64,00,69,00,6f,00,45,00,6e,00,64,00,70,00,6f,00,\
69,00,6e,00,74,00,42,00,75,00,69,00,6c,00,64,00,65,00,72,00,00,00,57,00,55,\
00,44,00,46,00,53,00,76,00,63,00,00,00,49,00,50,00,42,00,75,00,73,00,45,00,\
6e,00,75,00,6d,00,00,00,64,00,6f,00,74,00,33,00,73,00,76,00,63,00,00,00,68,\
00,69,00,64,00,73,00,65,00,72,00,76,00,00,00,69,00,72,00,6d,00,6f,00,6e,00,\
00,00,73,00,79,00,73,00,6d,00,61,00,69,00,6e,00,00,00,57,00,50,00,44,00,42,\
00,75,00,73,00,45,00,6e,00,75,00,6d,00,00,00,68,00,6f,00,6d,00,65,00,67,00,\
72,00,6f,00,75,00,70,00,6c,00,69,00,73,00,74,00,65,00,6e,00,65,00,72,00,00,\
00,54,00,61,00,62,00,6c,00,65,00,74,00,49,00,6e,00,70,00,75,00,74,00,53,00,\
65,00,72,00,76,00,69,00,63,00,65,00,00,00,50,00,63,00,61,00,53,00,76,00,63,\
00,00,00,77,00,6c,00,61,00,6e,00,73,00,76,00,63,00,00,00,43,00,73,00,63,00,\
53,00,65,00,72,00,76,00,69,00,63,00,65,00,00,00,55,00,6d,00,52,00,64,00,70,\
00,53,00,65,00,72,00,76,00,69,00,63,00,65,00,00,00,00,00
"LocalService"=hex(7):6e,00,73,00,69,00,00,00,57,00,64,00,69,00,53,00,65,00,72,\
00,76,00,69,00,63,00,65,00,48,00,6f,00,73,00,74,00,00,00,77,00,33,00,32,00,\
74,00,69,00,6d,00,65,00,00,00,45,00,76,00,65,00,6e,00,74,00,53,00,79,00,73,\
00,74,00,65,00,6d,00,00,00,52,00,65,00,6d,00,6f,00,74,00,65,00,52,00,65,00,\
67,00,69,00,73,00,74,00,72,00,79,00,00,00,57,00,69,00,6e,00,48,00,74,00,74,\
00,70,00,41,00,75,00,74,00,6f,00,50,00,72,00,6f,00,78,00,79,00,53,00,76,00,\
63,00,00,00,73,00,70,00,70,00,75,00,69,00,6e,00,6f,00,74,00,69,00,66,00,79,\
00,00,00,54,00,48,00,52,00,45,00,41,00,44,00,4f,00,52,00,44,00,45,00,52,00,\
00,00,6e,00,65,00,74,00,70,00,72,00,6f,00,66,00,6d,00,00,00,6c,00,6c,00,74,\
00,64,00,73,00,76,00,63,00,00,00,66,00,64,00,70,00,68,00,6f,00,73,00,74,00,\
00,00,53,00,73,00,74,00,70,00,53,00,76,00,63,00,00,00,57,00,65,00,62,00,43,\
00,6c,00,69,00,65,00,6e,00,74,00,00,00,00,00
"netsvcs"=hex(7):41,00,65,00,4c,00,6f,00,6f,00,6b,00,75,00,70,00,53,00,76,00,\
63,00,00,00,43,00,65,00,72,00,74,00,50,00,72,00,6f,00,70,00,53,00,76,00,63,\
00,00,00,53,00,43,00,50,00,6f,00,6c,00,69,00,63,00,79,00,53,00,76,00,63,00,\
00,00,6c,00,61,00,6e,00,6d,00,61,00,6e,00,73,00,65,00,72,00,76,00,65,00,72,\
00,00,00,67,00,70,00,73,00,76,00,63,00,00,00,49,00,4b,00,45,00,45,00,58,00,\
54,00,00,00,41,00,75,00,64,00,69,00,6f,00,53,00,72,00,76,00,00,00,46,00,61,\
00,73,00,74,00,55,00,73,00,65,00,72,00,53,00,77,00,69,00,74,00,63,00,68,00,\
69,00,6e,00,67,00,43,00,6f,00,6d,00,70,00,61,00,74,00,69,00,62,00,69,00,6c,\
00,69,00,74,00,79,00,00,00,49,00,61,00,73,00,00,00,49,00,72,00,6d,00,6f,00,\
6e,00,00,00,4e,00,6c,00,61,00,00,00,4e,00,74,00,6d,00,73,00,73,00,76,00,63,\
00,00,00,4e,00,57,00,43,00,57,00,6f,00,72,00,6b,00,73,00,74,00,61,00,74,00,\
69,00,6f,00,6e,00,00,00,52,00,61,00,73,00,61,00,75,00,74,00,6f,00,00,00,52,\
00,61,00,73,00,6d,00,61,00,6e,00,00,00,52,00,65,00,6d,00,6f,00,74,00,65,00,\
61,00,63,00,63,00,65,00,73,00,73,00,00,00,53,00,45,00,4e,00,53,00,00,00,53,\
00,68,00,61,00,72,00,65,00,64,00,61,00,63,00,63,00,65,00,73,00,73,00,00,00,\
53,00,52,00,53,00,65,00,72,00,76,00,69,00,63,00,65,00,00,00,54,00,61,00,70,\
00,69,00,73,00,72,00,76,00,00,00,57,00,6d,00,69,00,00,00,57,00,6d,00,64,00,\
6d,00,50,00,6d,00,53,00,70,00,00,00,54,00,65,00,72,00,6d,00,53,00,65,00,72,\
00,76,00,69,00,63,00,65,00,00,00,77,00,75,00,61,00,75,00,73,00,65,00,72,00,\
76,00,00,00,42,00,49,00,54,00,53,00,00,00,53,00,68,00,65,00,6c,00,6c,00,48,\
00,57,00,44,00,65,00,74,00,65,00,63,00,74,00,69,00,6f,00,6e,00,00,00,4c,00,\
6f,00,67,00,6f,00,6e,00,48,00,6f,00,75,00,72,00,73,00,00,00,50,00,43,00,41,\
00,75,00,64,00,69,00,74,00,00,00,68,00,65,00,6c,00,70,00,73,00,76,00,63,00,\
00,00,75,00,70,00,6c,00,6f,00,61,00,64,00,6d,00,67,00,72,00,00,00,69,00,70,\
00,68,00,6c,00,70,00,73,00,76,00,63,00,00,00,73,00,65,00,63,00,6c,00,6f,00,\
67,00,6f,00,6e,00,00,00,41,00,70,00,70,00,49,00,6e,00,66,00,6f,00,00,00,6d,\
00,73,00,69,00,73,00,63,00,73,00,69,00,00,00,4d,00,4d,00,43,00,53,00,53,00,\
00,00,77,00,65,00,72,00,63,00,70,00,6c,00,73,00,75,00,70,00,70,00,6f,00,72,\
00,74,00,00,00,45,00,61,00,70,00,48,00,6f,00,73,00,74,00,00,00,50,00,72,00,\
6f,00,66,00,53,00,76,00,63,00,00,00,73,00,63,00,68,00,65,00,64,00,75,00,6c,\
00,65,00,00,00,68,00,6b,00,6d,00,73,00,76,00,63,00,00,00,53,00,65,00,73,00,\
73,00,69,00,6f,00,6e,00,45,00,6e,00,76,00,00,00,77,00,69,00,6e,00,6d,00,67,\
00,6d,00,74,00,00,00,62,00,72,00,6f,00,77,00,73,00,65,00,72,00,00,00,54,00,\
68,00,65,00,6d,00,65,00,73,00,00,00,42,00,44,00,45,00,53,00,56,00,43,00,00,\
00,41,00,70,00,70,00,4d,00,67,00,6d,00,74,00,00,00,34,00,00,00,3f,00,3f,00,\
3f,00,00,00,30,00,00,00,3f,00,3f,00,3f,00,00,00,30,00,00,00,3f,00,3f,00,3f,\
00,00,00,33,00,00,00,3f,00,3f,00,3f,00,00,00,33,00,00,00,3f,00,3f,00,3f,00,\
00,00,2e,00,00,00,3f,00,3f,00,3f,00,00,00,2d,00,00,00,3f,00,3f,00,3f,00,00,\
00,2c,00,00,00,3f,00,3f,00,3f,00,00,00,2f,00,00,00,3f,00,3f,00,3f,00,00,00,\
30,00,00,00,3f,00,3f,00,3f,00,00,00,2f,00,00,00,3f,00,3f,00,3f,00,00,00,2f,\
00,00,00,3f,00,3f,00,3f,00,00,00,3f,00,3f,00,3f,00,00,00,2f,00,00,00,3f,00,\
3f,00,3f,00,00,00,30,00,00,00,3f,00,3f,00,3f,00,00,00,3f,00,3f,00,3f,00,00,\
00,32,00,00,00,3f,00,3f,00,3f,00,00,00,32,00,00,00,3f,00,3f,00,3f,00,00,00,\
3f,00,3f,00,3f,00,00,00,33,00,00,00,3f,00,3f,00,3f,00,00,00,2d,00,00,00,3f,\
00,3f,00,3f,00,00,00,48,00,00,00,3f,00,3f,00,3f,00,00,00,49,00,00,00,3f,00,\
3f,00,3f,00,00,00,3e,00,00,00,3f,00,3f,00,3f,00,00,00,3e,00,00,00,3f,00,3f,\
00,3f,00,00,00,2d,00,00,00,3f,00,3f,00,3f,00,00,00,4c,00,00,00,3f,00,3f,00,\
3f,00,00,00,33,00,00,00,3f,00,3f,00,3f,00,00,00,30,00,00,00,3f,00,3f,00,3f,\
00,00,00,2f,00,00,00,3f,00,3f,00,3f,00,00,00,2d,00,00,00,3f,00,3f,00,3f,00,\
00,00,38,00,00,00,3f,00,3f,00,3f,00,00,00,4c,00,00,00,3f,00,3f,00,3f,00,00,\
00,4c,00,00,00,3f,00,3f,00,3f,00,00,00,3f,00,3f,00,3f,00,00,00,46,00,00,00,\
3f,00,3f,00,3f,00,00,00,48,00,00,00,3f,00,3f,00,3f,00,00,00,2f,00,00,00,3f,\
00,3f,00,3f,00,00,00,3f,00,3f,00,3f,00,00,00,48,00,00,00,3f,00,3f,00,3f,00,\
00,00,3f,00,3f,00,3f,00,00,00,2f,00,00,00,3f,00,3f,00,3f,00,00,00,30,00,00,\
00,3f,00,3f,00,3f,00,00,00,2f,00,00,00,3f,00,64,00,3f,00,00,00,30,00,00,00,\
3f,00,3f,00,3f,00,00,00,48,00,00,00,3f,00,3f,00,3f,00,00,00,3f,00,3f,00,3f,\
00,00,00,4b,00,00,00,3f,00,3f,00,3f,00,00,00,4a,00,00,00,3f,00,3f,00,3f,00,\
00,00,3f,00,3f,00,3f,00,00,00,4b,00,00,00,3f,00,3f,00,3f,00,00,00,4a,00,00,\
00,3f,00,3f,00,3f,00,00,00,4c,00,00,00,3f,00,3f,00,3f,00,00,00,77,00,74,00,\
62,00,76,00,69,00,6a,00,76,00,76,00,00,00,3f,00,3f,00,3f,00,00,00,4d,00,00,\
00,3f,00,3f,00,3f,00,00,00,43,00,00,00,3f,00,3f,00,3f,00,00,00,44,00,00,00,\
3f,00,3f,00,3f,00,00,00,43,00,00,00,3f,00,3f,00,3f,00,00,00,49,00,00,00,3f,\
00,3f,00,3f,00,00,00,42,00,00,00,3f,00,3f,00,3f,00,00,00,3f,00,00,00,3f,00,\
3f,00,3f,00,00,00,3e,00,00,00,3f,00,3f,00,3f,00,00,00,3d,00,00,00,3f,00,3f,\
00,3f,00,00,00,40,00,00,00,3f,00,3f,00,3f,00,00,00,43,00,00,00,3f,00,3f,00,\
3f,00,00,00,44,00,00,00,3f,00,3f,00,3f,00,00,00,37,00,00,00,3f,00,3f,00,3f,\
00,00,00,39,00,00,00,3f,00,3f,00,3f,00,00,00,40,00,00,00,3f,00,3f,00,3f,00,\
00,00,20,00,00,00,3f,00,3f,00,3f,00,00,00,2b,00,00,00,3f,00,3f,00,6f,00,00,\
00,3f,00,3f,00,3f,00,00,00,3f,00,3f,00,3f,00,00,00,1f,00,00,00,3f,00,3f,00,\
3f,00,00,00,48,00,00,00,3f,00,3f,00,3f,00,00,00,3b,00,00,00,3f,00,3f,00,3f,\
00,00,00,3c,00,00,00,3f,00,3f,00,3f,00,00,00,3f,00,3f,00,3f,00,00,00,46,00,\
00,00,3f,00,3f,00,3f,00,00,00,41,00,00,00,3f,00,3f,00,3f,00,00,00,1c,00,00,\
00,3f,00,3f,00,3f,00,00,00,3d,00,00,00,3f,00,3f,00,3f,00,00,00,1d,00,00,00,\
3f,00,3f,00,3f,00,00,00,3d,00,00,00,3f,00,3f,00,3f,00,00,00,3c,00,00,00,3f,\
00,3f,00,3f,00,00,00,1f,00,00,00,3f,00,3f,00,3f,00,00,00,41,00,00,00,3f,00,\
3f,00,3f,00,00,00,3c,00,00,00,3f,00,3f,00,3f,00,00,00,3d,00,00,00,3f,00,3f,\
00,2b,00,00,00,34,00,00,00,3f,00,3f,00,a6,00,00,00,3b,00,00,00,3f,00,3f,00,\
3f,00,00,00,34,00,00,00,3f,00,3f,00,3f,00,00,00,3d,00,00,00,3f,00,3f,00,3f,\
00,00,00,3c,00,00,00,3f,00,3f,00,3f,00,00,00,48,00,00,00,3f,00,3f,00,3f,00,\
00,00,37,00,00,00,3f,00,3f,00,3f,00,00,00,34,00,00,00,3f,00,3f,00,3f,00,00,\
00,36,00,00,00,00,00
"WerSvcGroup"=hex(7):77,00,65,00,72,00,73,00,76,00,63,00,00,00,00,00
"LocalServiceNoNetwork"=hex(7):44,00,50,00,53,00,00,00,50,00,4c,00,41,00,00,00,\
42,00,46,00,45,00,00,00,6d,00,70,00,73,00,73,00,76,00,63,00,00,00,57,00,77,\
00,61,00,6e,00,53,00,76,00,63,00,00,00,00,00
"termsvcs"=hex(7):54,00,65,00,72,00,6d,00,53,00,65,00,72,00,76,00,69,00,63,00,\
65,00,00,00,00,00
"swprv"=hex(7):73,00,77,00,70,00,72,00,76,00,00,00,00,00
"LocalServiceNetworkRestricted"=hex(7):44,00,48,00,43,00,50,00,00,00,65,00,76,\
00,65,00,6e,00,74,00,6c,00,6f,00,67,00,00,00,41,00,75,00,64,00,69,00,6f,00,\
53,00,72,00,76,00,00,00,42,00,74,00,68,00,48,00,46,00,53,00,72,00,76,00,00,\
00,4c,00,6d,00,48,00,6f,00,73,00,74,00,73,00,00,00,77,00,73,00,63,00,73,00,\
76,00,63,00,00,00,68,00,6f,00,6d,00,65,00,67,00,72,00,6f,00,75,00,70,00,70,\
00,72,00,6f,00,76,00,69,00,64,00,65,00,72,00,00,00,57,00,50,00,43,00,53,00,\
76,00,63,00,00,00,00,00
"LocalServicePeerNet"=hex(7):50,00,4e,00,52,00,50,00,53,00,76,00,63,00,00,00,\
70,00,32,00,70,00,69,00,6d,00,73,00,76,00,63,00,00,00,70,00,32,00,70,00,73,\
00,76,00,63,00,00,00,50,00,6e,00,72,00,70,00,41,00,75,00,74,00,6f,00,52,00,\
65,00,67,00,00,00,00,00
"NetworkServiceAndNoImpersonation"=hex(7):4b,00,74,00,6d,00,52,00,6d,00,00,00,\
00,00
"regsvc"=hex(7):52,00,65,00,6d,00,6f,00,74,00,65,00,52,00,65,00,67,00,69,00,73,\
00,74,00,72,00,79,00,00,00,00,00
"LocalServiceAndNoImpersonation"=hex(7):53,00,53,00,44,00,50,00,53,00,52,00,56,\
00,00,00,75,00,70,00,6e,00,70,00,68,00,6f,00,73,00,74,00,00,00,53,00,43,00,\
61,00,72,00,64,00,53,00,76,00,72,00,00,00,54,00,42,00,53,00,00,00,46,00,6f,\
00,6e,00,74,00,43,00,61,00,63,00,68,00,65,00,00,00,66,00,64,00,72,00,65,00,\
73,00,70,00,75,00,62,00,00,00,41,00,70,00,70,00,49,00,44,00,53,00,76,00,63,\
00,00,00,51,00,57,00,41,00,56,00,45,00,00,00,77,00,63,00,6e,00,63,00,73,00,\
76,00,63,00,00,00,4d,00,63,00,78,00,32,00,53,00,76,00,63,00,00,00,53,00,65,\
00,6e,00,73,00,72,00,53,00,76,00,63,00,00,00,00,00
"DcomLaunch"=hex(7):50,00,6f,00,77,00,65,00,72,00,00,00,50,00,6c,00,75,00,67,\
00,50,00,6c,00,61,00,79,00,00,00,44,00,63,00,6f,00,6d,00,4c,00,61,00,75,00,\
6e,00,63,00,68,00,00,00,00,00
"NetworkServiceNetworkRestricted"=hex(7):50,00,6f,00,6c,00,69,00,63,00,79,00,\
41,00,67,00,65,00,6e,00,74,00,00,00,00,00
"NetworkService"=hex(7):43,00,72,00,79,00,70,00,74,00,53,00,76,00,63,00,00,00,\
44,00,48,00,43,00,50,00,00,00,54,00,65,00,72,00,6d,00,53,00,65,00,72,00,76,\
00,69,00,63,00,65,00,00,00,44,00,4e,00,53,00,43,00,61,00,63,00,68,00,65,00,\
00,00,6c,00,61,00,6e,00,6d,00,61,00,6e,00,77,00,6f,00,72,00,6b,00,73,00,74,\
00,61,00,74,00,69,00,6f,00,6e,00,00,00,4e,00,61,00,70,00,41,00,67,00,65,00,\
6e,00,74,00,00,00,6e,00,6c,00,61,00,73,00,76,00,63,00,00,00,57,00,69,00,6e,\
00,52,00,4d,00,00,00,57,00,45,00,43,00,53,00,56,00,43,00,00,00,54,00,61,00,\
70,00,69,00,73,00,72,00,76,00,00,00,00,00
"sdrsvc"=hex(7):73,00,64,00,72,00,73,00,76,00,63,00,00,00,00,00
"WbioSvcGroup"=hex(7):57,00,62,00,69,00,6f,00,53,00,72,00,76,00,63,00,00,00,00,\
00
"imgsvc"=hex(7):53,00,74,00,69,00,53,00,76,00,63,00,00,00,00,00
"wcssvc"=hex(7):57,00,63,00,73,00,50,00,6c,00,75,00,67,00,49,00,6e,00,53,00,65,\
00,72,00,76,00,69,00,63,00,65,00,00,00,00,00
"AxInstSVGroup"=hex(7):41,00,78,00,49,00,6e,00,73,00,74,00,53,00,56,00,00,00,\
00,00
"secsvcs"=hex(7):57,00,69,00,6e,00,44,00,65,00,66,00,65,00,6e,00,64,00,00,00,\
00,00
"bthsvcs"=hex(7):62,00,74,00,68,00,73,00,65,00,72,00,76,00,00,00,00,00
"PeerDist"=hex(7):50,00,65,00,65,00,72,00,44,00,69,00,73,00,74,00,53,00,76,00,\
63,00,00,00,00,00

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost\AxInstSVGroup]
"ImpersonationLevel"=dword:00000003
"CoInitializeSecurityParam"=dword:00000000

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost\defragsvc]
"CoInitializeSecurityParam"=dword:00000000

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost\LocalService]
"AuthenticationCapabilities"=dword:00002000
"CoInitializeSecurityParam"=dword:00000001

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost\LocalServiceAndNoImpersonation]
"AuthenticationCapabilities"=dword:00002000
"CoInitializeSecurityParam"=dword:00000001

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost\LocalServiceNetworkRestricted]
"CoInitializeSecurityParam"=dword:00000001
"DefaultRpcStackSize"=dword:00000040

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost\LocalServiceNoNetwork]
"CoInitializeSecurityParam"=dword:00000001

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost\LocalSystemNetworkRestricted]
"CoInitializeSecurityParam"=dword:00000001

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost\netsvcs]
"AuthenticationCapabilities"=dword:00003020
"CoInitializeSecurityParam"=dword:00000001

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost\NetworkService]
"CoInitializeSecurityParam"=dword:00000001
"DefaultRpcStackSize"=dword:0000001c

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost\NetworkServiceRemoteDesktopHyperVAgent]
"CoInitializeSecurityParam"=dword:00000001
"AuthenticationCapabilities"=dword:00002000
"AuthenticationLevel"=dword:00000006

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost\NetworkServiceRemoteDesktopPublishing]
"CoInitializeSecurityParam"=dword:00000001
"AuthenticationCapabilities"=dword:00002000
"AuthenticationLevel"=dword:00000006

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost\SDRSVC]
"CoInitializeSecurityParam"=dword:00000000

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost\swprv]
"CoInitializeSecurityParam"=dword:00000000

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost\termsvcs]
"CoInitializeSecurityParam"=dword:00000001

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost\wcssvc]
"CoInitializeSecurityParam"=dword:00000001
"CoInitializeSecurityAppID"="{CD11FAB6-1C0E-45e1-BA31-5C6008EF2607}"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost\wercplsupport]
"AuthenticationCapabilities"=dword:00003020
"CoInitializeSecurityParam"=dword:00000001

#10 User is offline   SweetTech 

  • Agent ST
  • PipPipPipPipPipPip
  • Find Topics
  • Group: Malware Response Team
  • Posts: 12,662
  • Joined: 15-March 09
  • Gender:Male
  • Location:Antarctica

Posted 23 June 2011 - 09:22 AM

Hi!

Thanks for that registry export.

Back-Up Registry
First, we need to backup your registry:
Please go to Start > Run
Paste in the following line:

regedit /e c:\registrybackup.reg


Click OK.
It won't appear to be doing anything, that's normal.
Your mouse pointer may turn to an hour glass for a minute.
Please continue when it no longer has the hour glass.


NEXT:



Open Notepad

Click Start > Run type notepad into the run box click OK
Click Format and make certain that Word Wrap is NOT checked.

Copy the text inside of the code box, Press Ctrl+C (or right click on the highlighted section and choose 'copy')

Now paste the copied text into the open notepad. Press CTRL+V (or right click and choose 'paste')

Note: There must be NO blank lines in front of the pasted text, but ensure that there is a blank line at the end of the text, otherwise the registry merge will not work.

REGEDIT4

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost]
"netsvcs"=hex(7):41,65,4c,6f,6f,6b,75,70,53,76,63,00,43,65,72,74,50,72,6f,70,\
  53,76,63,00,53,43,50,6f,6c,69,63,79,53,76,63,00,6c,61,6e,6d,61,6e,73,65,72,\
  76,65,72,00,67,70,73,76,63,00,49,4b,45,45,58,54,00,41,75,64,69,6f,53,72,76,\
  00,46,61,73,74,55,73,65,72,53,77,69,74,63,68,69,6e,67,43,6f,6d,70,61,74,69,\
  62,69,6c,69,74,79,00,49,61,73,00,49,72,6d,6f,6e,00,4e,6c,61,00,4e,74,6d,73,\
  73,76,63,00,4e,57,43,57,6f,72,6b,73,74,61,74,69,6f,6e,00,4e,77,73,61,70,61,\
  67,65,6e,74,00,52,61,73,61,75,74,6f,00,52,61,73,6d,61,6e,00,52,65,6d,6f,74,\
  65,61,63,63,65,73,73,00,53,45,4e,53,00,53,68,61,72,65,64,61,63,63,65,73,73,\
  00,53,52,53,65,72,76,69,63,65,00,54,61,70,69,73,72,76,00,57,6d,69,00,57,6d,\
  64,6d,50,6d,53,70,00,54,65,72,6d,53,65,72,76,69,63,65,00,77,75,61,75,73,65,\
  72,76,00,42,49,54,53,00,53,68,65,6c,6c,48,57,44,65,74,65,63,74,69,6f,6e,00,\
  4c,6f,67,6f,6e,48,6f,75,72,73,00,50,43,41,75,64,69,74,00,68,65,6c,70,73,76,\
  63,00,75,70,6c,6f,61,64,6d,67,72,00,69,70,68,6c,70,73,76,63,00,73,65,63,6c,\
  6f,67,6f,6e,00,41,70,70,49,6e,66,6f,00,6d,73,69,73,63,73,69,00,4d,4d,43,53,\
  53,00,77,65,72,63,70,6c,73,75,70,70,6f,72,74,00,45,61,70,48,6f,73,74,00,50,\
  72,6f,66,53,76,63,00,73,63,68,65,64,75,6c,65,00,68,6b,6d,73,76,63,00,53,65,\
  73,73,69,6f,6e,45,6e,76,00,77,69,6e,6d,67,6d,74,00,62,72,6f,77,73,65,72,00,\
  54,68,65,6d,65,73,00,42,44,45,53,56,43,00,41,70,70,4d,67,6d,74,00,00


Now go to File > and click Save As,
From the drop down menu at the top of the box choose Desktop as the location to save this file.
Go down to the File Name box and type in fixme.reg as the file name, then choose All Files as the save as file type.
Then click the save button.
Once you have clicked the save button, close Notepad.

You should now see a file on your desktop that looks like this:

Posted Image

Locate the fixme.reg icon on your desktop and double click it, an information box will pop up asking if you want to merge the information in the file into the registry, click YES.

Once the file has run, the information will have merged with your registry so you can delete fixme.reg from your desktop as you won't be needing it anymore.


Please run a new scan with ComboFix after running the above Registry fix.
Have I helped you? If you'd like to assist in the fight against malware, click here Posted Image


The instructions seen in this post have been specifically tailored to this user and the issues they are experiencing with their computer. If you think you have a similar problem, please first read this topic, and then begin your own, new thread. I do not offer private support via Private Message.

#11 User is offline   Aironet 

  • New Member
  • Pip
  • Find Topics
  • Group: Members
  • Posts: 13
  • Joined: 13-June 11

Posted 23 June 2011 - 09:55 AM

ComboFix 11-06-22.05 - Joel 06/23/2011 7:41.5.2 - x86
Microsoft Windows 7 Ultimate 6.1.7601.1.1252.1.1033.18.3070.1873 [GMT -7:00]
Running from: c:\users\Joel\Desktop\ComboFix.exe
AV: ESET NOD32 Antivirus 4.2 *Disabled/Updated* {77DEAFED-8149-104B-25A1-21771CA47CD1}
SP: ESET NOD32 Antivirus 4.2 *Disabled/Updated* {CCBF4E09-A773-1FC5-1F11-1A056723366C}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
* Created a new restore point
.
.
((((((((((((((((((((((((( Files Created from 2011-05-23 to 2011-06-23 )))))))))))))))))))))))))))))))
.
.
2011-06-23 14:48 . 2011-06-23 14:48 -------- d-----w- c:\users\Public\AppData\Local\temp
2011-06-23 14:48 . 2011-06-23 14:48 -------- d-----w- c:\users\Default\AppData\Local\temp
2011-06-23 14:33 . 2011-06-23 14:33 237969774 ----a-w- C:\registrybackup.reg
2011-06-22 17:03 . 2011-06-22 17:03 -------- d-----w- C:\_OTL
2011-06-22 15:21 . 2011-06-22 15:21 -------- d-----w- c:\users\Joel\DoctorWeb
2011-06-22 10:02 . 2011-06-22 17:20 -------- d-----w- c:\users\Mcx1-JOEL-PC
2011-06-21 16:55 . 2011-06-07 15:55 7074640 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{8B00C5F4-D421-46F8-A5AF-D0777389D8FF}\mpengine.dll
2011-06-21 11:39 . 2011-06-21 11:39 -------- d-----w- c:\users\Joel\AppData\Local\Apps
2011-06-20 11:12 . 2011-06-20 11:12 -------- d-----w- c:\program files\DVBPortal
2011-06-16 13:21 . 2011-06-16 13:21 2 --shatr- c:\windows\winstart.bat
2011-06-16 13:20 . 2011-06-16 13:52 -------- d-----w- c:\program files\UnHackMe
2011-06-16 10:28 . 2011-06-16 10:28 -------- d-----w- c:\users\Joel\AppData\Local\Supremus Corporation
2011-06-16 10:28 . 2011-06-16 10:38 -------- d-----w- c:\program files\Windows Updates Downloader
2011-06-16 07:46 . 2011-04-09 05:56 123904 ----a-w- c:\windows\system32\poqexec.exe
2011-06-15 23:31 . 2011-05-03 04:30 741376 ----a-w- c:\windows\system32\inetcomm.dll
2011-06-15 23:31 . 2011-02-25 05:34 571904 ----a-w- c:\windows\system32\oleaut32.dll
2011-06-15 23:31 . 2011-04-29 04:57 759296 ----a-w- c:\program files\Common Files\Microsoft Shared\VGX\VGX.dll
2011-06-15 23:31 . 2011-04-22 19:14 27008 ----a-w- c:\windows\system32\drivers\Diskdump.sys
2011-06-15 23:29 . 2011-04-27 02:17 223744 ----a-w- c:\windows\system32\drivers\mrxsmb10.sys
2011-06-15 23:29 . 2011-04-27 02:17 96768 ----a-w- c:\windows\system32\drivers\mrxsmb20.sys
2011-06-15 23:29 . 2011-04-27 02:17 123904 ----a-w- c:\windows\system32\drivers\mrxsmb.sys
2011-06-12 21:48 . 2011-05-29 16:11 39984 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2011-06-12 21:48 . 2011-05-29 16:11 22712 ----a-w- c:\windows\system32\drivers\mbam.sys
2011-06-10 08:15 . 2011-06-23 14:48 -------- d-----w- c:\users\Joel\AppData\Local\temp
2011-06-10 05:30 . 2011-06-16 13:20 -------- d-----w- c:\programdata\SecTaskMan
2011-06-09 15:02 . 2011-06-09 15:02 -------- d-----w- c:\users\Joel\AppData\Roaming\FileMaker
2011-06-09 14:09 . 2011-06-10 14:12 -------- d-----w- c:\program files\FileMaker
2011-06-09 09:33 . 2011-06-09 09:33 -------- d-----w- c:\users\Joel\AppData\Roaming\FileMaker Pro Advanced
2011-06-09 09:31 . 2011-06-09 09:31 -------- d-----w- c:\users\Joel\AppData\Local\FileMaker
2011-06-09 09:31 . 2011-06-09 09:31 -------- d-----w- c:\users\Joel\AppData\Roaming\Leadertech
2011-06-09 07:29 . 2011-06-09 07:29 -------- d-----w- c:\windows\Sun
2011-06-09 05:30 . 2011-06-09 05:30 -------- d-----w- c:\users\Joel\AppData\Roaming\PeerNetworking
2011-06-07 09:05 . 2011-06-07 09:05 -------- d-----w- c:\programdata\Canopus
2011-06-06 19:55 . 2011-06-06 19:55 183696 ----a-w- c:\program files\Mozilla Firefox\plugins\nppdf32.dll
2011-06-06 19:55 . 2011-06-06 19:55 183696 ----a-w- c:\program files\Internet Explorer\Plugins\nppdf32.dll
2011-05-24 23:32 . 2011-05-24 23:32 -------- d-----w- c:\users\Joel\AppData\Local\Octoshape
2011-05-24 15:06 . 2011-05-24 15:06 -------- d-----w- c:\users\Joel\AppData\Roaming\Octoshape
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2011-06-15 06:34 . 2011-05-16 22:01 404640 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2011-05-25 02:14 . 2009-10-14 09:58 222080 ------w- c:\windows\system32\MpSigStub.exe
2011-04-18 07:09 . 2010-01-04 09:32 4283672 ----a-w- c:\programdata\Microsoft\eHome\Packages\MCEClientUX\UpdateableMarkup\markup.dll
2011-04-18 07:08 . 2011-04-18 07:08 42776 ----a-w- c:\programdata\Microsoft\eHome\Packages\MCEClientUX\dSM-2\StartResources.dll
2011-04-18 07:08 . 2010-02-27 20:37 539968 ----a-w- c:\programdata\Microsoft\eHome\Packages\MCESpotlight\MCESpotlight-2\SpotlightResources.dll
2011-04-09 06:02 . 2011-05-11 04:54 3967872 ----a-w- c:\windows\system32\ntkrnlpa.exe
2011-04-09 06:02 . 2011-05-11 04:54 3912576 ----a-w- c:\windows\system32\ntoskrnl.exe
2011-05-05 23:22 . 2011-05-05 23:22 142296 ----a-w- c:\program files\mozilla firefox\components\browsercomps.dll
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"uTorrent"="c:\program files\uTorrent\uTorrent.exe" [2011-03-29 399736]
"SandboxieControl"="c:\program files\Sandboxie\SbieCtrl.exe" [2010-10-17 404200]
"DU Meter"="c:\program files\DU Meter\DUMeter.exe" [2010-08-22 2931744]
"RESTART_STICKY_NOTES"="c:\windows\System32\StikyNot.exe" [2009-07-14 354304]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2010-10-29 249064]
"egui"="c:\program files\ESET\ESET NOD32 Antivirus\egui.exe" [2010-08-12 2215064]
"CTxfiHlp"="CTXFIHLP.EXE" [2007-04-09 19968]
"CTHelper"="CTHELPER.EXE" [2009-03-04 19456]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2011-06-06 937920]
"Malwarebytes' Anti-Malware"="c:\program files\Malwarebytes' Anti-Malware\mbamgui.exe" [2011-05-29 449584]
"Malwarebytes' Anti-Malware (reboot)"="c:\program files\Malwarebytes' Anti-Malware\mbam.exe" [2011-05-29 1047656]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"mixer3"=wdmaud.drv
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]
BootExecute REG_MULTI_SZ autocheck autochk *\0autocheck autocheck ??
.
[HKLM\~\startupfolder\C:^Users^Joel^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^LimeWire On Startup.lnk]
backup=c:\windows\pss\LimeWire On Startup.lnk.Startup
backupExtension=.Startup
.
R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]
R2 gupdate;Google Update Service (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [2010-07-22 136176]
R3 COMMONFX;COMMONFX;c:\windows\system32\drivers\COMMONFX.SYS [2009-03-04 99352]
R3 Creative Audio Engine Licensing Service;Creative Audio Engine Licensing Service;c:\program files\Common Files\Creative Labs Shared\Service\CTAELicensing.exe [2010-02-07 79360]
R3 CTAUDFX;CTAUDFX;c:\windows\system32\drivers\CTAUDFX.SYS [2009-03-04 555032]
R3 CTERFXFX.SYS;CTERFXFX.SYS;c:\windows\System32\drivers\CTERFXFX.SYS [2009-03-04 100888]
R3 CTERFXFX;CTERFXFX;c:\windows\system32\drivers\CTERFXFX.SYS [2009-03-04 100888]
R3 CTSBLFX;CTSBLFX;c:\windows\system32\drivers\CTSBLFX.SYS [2009-03-04 566296]
R3 gupdatem;Google Update Service (gupdatem);c:\program files\Google\Update\GoogleUpdate.exe [2010-07-22 136176]
R3 MEMSWEEP2;MEMSWEEP2;c:\windows\system32\AF03.tmp [x]
R3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;c:\windows\system32\drivers\rdpvideominiport.sys [2010-11-20 15872]
R3 Synth3dVsc;Synth3dVsc;c:\windows\system32\drivers\synth3dvsc.sys [x]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [2010-11-20 52224]
R3 tsusbhub;tsusbhub;c:\windows\system32\drivers\tsusbhub.sys [x]
R3 VGPU;VGPU;c:\windows\system32\drivers\rdvgkmd.sys [x]
R4 PCToolsSSDMonitorSvc;PC Tools Startup and Shutdown Monitor service;c:\program files\Common Files\PC Tools\sMonitor\StartManSvc.exe [2009-11-25 583640]
R4 sptd;sptd;c:\windows\System32\Drivers\sptd.sys [2010-01-03 691696]
S1 ehdrv;ehdrv;c:\windows\system32\DRIVERS\ehdrv.sys [2010-07-29 115008]
S2 {1BA31E5A-C098-42d8-8F88-3C9F78A2FDDC};Power Control [2010/08/01 05:47];c:\program files\CyberLink\PowerDVD10\NavFilter\000.fcl [2010-06-29 05:50 87536]
S2 AdobeARMservice;Adobe Acrobat Update Service;c:\program files\Common Files\Adobe\ARM\1.0\armsvc.exe [2011-06-06 64952]
S2 DUMeterSvc;DU Meter Service;c:\program files\DU Meter\DUMeterSvc.exe [2010-08-22 1411616]
S2 eamonm;eamonm;c:\windows\system32\DRIVERS\eamonm.sys [2010-07-29 136632]
S2 ekrn;ESET Service;c:\program files\ESET\ESET NOD32 Antivirus\ekrn.exe [2010-08-12 810144]
S2 epfwwfpr;epfwwfpr;c:\windows\system32\DRIVERS\epfwwfpr.sys [2010-07-29 96920]
S2 MBAMService;MBAMService;c:\program files\Malwarebytes' Anti-Malware\mbamservice.exe [2011-05-29 366640]
S2 NPF;NetGroup Packet Filter Driver;c:\windows\system32\drivers\npf.sys [2009-10-20 50704]
S2 TeamViewer6;TeamViewer 6;c:\program files\TeamViewer\Version6\TeamViewer_Service.exe [2011-06-01 2337144]
S3 COMMONFX.SYS;COMMONFX.SYS;c:\windows\System32\drivers\COMMONFX.SYS [2009-03-04 99352]
S3 CTAUDFX.SYS;CTAUDFX.SYS;c:\windows\System32\drivers\CTAUDFX.SYS [2009-03-04 555032]
S3 CTSBLFX.SYS;CTSBLFX.SYS;c:\windows\System32\drivers\CTSBLFX.SYS [2009-03-04 566296]
S3 DKRtWrt;DKRtWrt;c:\windows\system32\DRIVERS\DKRtWrt.sys [2010-03-10 46256]
S3 DUMeterDrv;Hagel Technologies DU Meter traffic accounting driver;c:\program files\DU Meter\DUMETR32.SYS [2010-08-19 19368]
S3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [2011-05-29 22712]
.
.
Contents of the 'Scheduled Tasks' folder
.
2011-06-23 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-07-22 00:32]
.
2011-06-23 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-07-22 00:32]
.
2011-06-22 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3382357653-3275850264-2365083677-1001Core.job
- c:\users\Joel\AppData\Local\Google\Update\GoogleUpdate.exe [2011-04-30 15:27]
.
2011-06-23 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3382357653-3275850264-2365083677-1001UA.job
- c:\users\Joel\AppData\Local\Google\Update\GoogleUpdate.exe [2011-04-30 15:27]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.bing.com/?pc=ZUGO&form=ZGAPHP
uInternet Settings,ProxyOverride = *.local
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000
TCP: DhcpNameServer = 192.168.1.1
FF - ProfilePath - c:\users\Joel\AppData\Roaming\Mozilla\Firefox\Profiles\o38gkor2.default\
FF - prefs.js: browser.search.defaulturl - hxxp://slirsredirect.search.aol.com/slirs_http/sredir?sredir=2706&invocationType=&query=
FF - prefs.js: browser.search.selectedEngine - Rotten Tomatoes
FF - prefs.js: browser.startup.homepage - hxxp://www.google.com/
FF - prefs.js: keyword.URL - hxxp://www.google.com/search?q=
FF - prefs.js: network.proxy.ftp - 66.29.36.93
FF - prefs.js: network.proxy.ftp_port - 554
FF - prefs.js: network.proxy.gopher - 66.29.36.93
FF - prefs.js: network.proxy.gopher_port - 554
FF - prefs.js: network.proxy.http_port - 554
FF - prefs.js: network.proxy.socks - 66.29.36.93
FF - prefs.js: network.proxy.socks_port - 554
FF - prefs.js: network.proxy.ssl - 66.29.36.93
FF - prefs.js: network.proxy.ssl_port - 554
FF - prefs.js: network.proxy.type - 0
FF - user.js: network.proxy.http -
user_pref(network.proxy.http_port,);
FF - user.js: network.proxy.no_proxies_on -
FF - user.js: network.proxy.type - 0
FF - user.js: network.protocol-handler.warn-external.dnupdate - false);user_pref(yahoo.homepage.dontask, true
.
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\services\DUMeterSvc]
"ImagePath"="c:\program files\DU Meter\DUMeterSvc.exe /startedbyscm:E1F6D4BE-40E33354-DUMeterService"
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\services\MEMSWEEP2]
"ImagePath"="\??\c:\windows\system32\AF03.tmp"
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\services\{1BA31E5A-C098-42d8-8F88-3C9F78A2FDDC}]
"ImagePath"="\??\c:\program files\CyberLink\PowerDVD10\NavFilter\000.fcl"
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
Completion time: 2011-06-23 07:53:27
ComboFix-quarantined-files.txt 2011-06-23 14:53
ComboFix2.txt 2011-06-22 17:20
.
Pre-Run: 37,182,824,448 bytes free
Post-Run: 37,014,368,256 bytes free
.
- - End Of File - - 18FEEA11DA8ABC486D5A31C0D33C370A

#12 User is offline   SweetTech 

  • Agent ST
  • PipPipPipPipPipPip
  • Find Topics
  • Group: Malware Response Team
  • Posts: 12,662
  • Joined: 15-March 09
  • Gender:Male
  • Location:Antarctica

Posted 23 June 2011 - 11:04 AM

Hi!

Great job! Your logs are looking better. How are things running?

Malwarebytes' Anti-Malware

I see that you have Malwarebytes' Anti-Malware installed on your computer could you please do a scan using these settings:

  • Open Malwarebytes' Anti-Malware
  • Select the Update tab
  • Click Check for Updates
  • After the update have been completed, Select the Scanner tab.
  • Select Perform quick scan, then click on Scan
  • Leave the default options as it is and click on Start Scan
  • When done, you will be prompted. Click OK, then click on Show Results
  • Checked (ticked) all items and click on Remove Selected
  • After it has removed the items, Notepad will open. Please post this log in your next reply. You can also find the log in the Logs tab. The bottom most log is the latest

Extra Note: If MBAM encounters a file that is difficult to remove, you will be presented with 1 of 2 prompts, click OK to either and let MBAM proceed with the disinfection process, if asked to restart the computer, please do so immediately.



NEXT:



ESET Online Scanner
I'd like us to scan your machine with ESET Online Scan

Note: It is recommended to disable on-board anti-virus program and anti-spyware programs while performing scans so there are no conflicts and it will speed up scan time.
Please don't go surfing while your resident protection is disabled!
Once the scan is finished remember to re-enable your anti-virus along with your anti-spyware programs.


  • Hold down Control and click on the following link to open ESET OnlineScan in a new window.
    ESET OnlineScan
  • Click the Posted Image button.
  • For alternate browsers only: (Microsoft Internet Explorer users can skip these steps)
    • Click on Posted Image to download the ESET Smart Installer. Save it to your desktop.
    • Double click on the Posted Image icon on your desktop.

  • Check Posted Image
  • Click the Posted Image button.
  • Accept any security warnings from your browser.
  • Check Posted Image
  • Make sure that the option "Remove found threats" is Unchecked
  • When the Computer scan settings display shows, click the Advanced option, the place a check next to the following (if it is not already checked):
    • Enable Anti-Stealth technology

  • Push the Start button.
  • ESET will then download updates for itself, install itself, and begin
    scanning your computer. Please be patient as this can take some time.
  • When the scan completes, push Posted Image
  • Push Posted Image, and save the file to your desktop using a unique name, such as
    ESETScan. Include the contents of this report in your next reply.
  • Push the Posted Image button.
  • Push Posted Image



NEXT:



Security Check
Download Security Check by screen317 from here or here.
  • Save it to your Desktop.
  • Double click SecurityCheck.exe and follow the onscreen instructions inside of the black box.
  • A Notepad document should open automatically called checkup.txt; please post the contents of that document.

Have I helped you? If you'd like to assist in the fight against malware, click here Posted Image


The instructions seen in this post have been specifically tailored to this user and the issues they are experiencing with their computer. If you think you have a similar problem, please first read this topic, and then begin your own, new thread. I do not offer private support via Private Message.

#13 User is offline   Aironet 

  • New Member
  • Pip
  • Find Topics
  • Group: Members
  • Posts: 13
  • Joined: 13-June 11

Posted 23 June 2011 - 11:27 AM

Everything is running very nicely! Thanks for your great help. I will run those tools but I was just curious about the registry changes we made to netsvcs. What exactly did that fix do? If it's difficult to explain you don't need to answer.

#14 User is offline   SweetTech 

  • Agent ST
  • PipPipPipPipPipPip
  • Find Topics
  • Group: Malware Response Team
  • Posts: 12,662
  • Joined: 15-March 09
  • Gender:Male
  • Location:Antarctica

Posted 23 June 2011 - 11:42 AM

Hi!


Quote

Everything is running very nicely! Thanks for your great help. I will run those tools but I was just curious about the registry changes we made to netsvcs. What exactly did that fix do? If it's difficult to explain you don't need to answer.
Glad to hear that things are running great!

Your netsvcs entries had become corrupted, and required a fix, to remove the corrupted entries from it.
Have I helped you? If you'd like to assist in the fight against malware, click here Posted Image


The instructions seen in this post have been specifically tailored to this user and the issues they are experiencing with their computer. If you think you have a similar problem, please first read this topic, and then begin your own, new thread. I do not offer private support via Private Message.

#15 User is offline   Aironet 

  • New Member
  • Pip
  • Find Topics
  • Group: Members
  • Posts: 13
  • Joined: 13-June 11

Posted 23 June 2011 - 01:59 PM

Malware Bytes

Malwarebytes' Anti-Malware 1.51.0.1200
www.malwarebytes.org

Database version: 6928

Windows 6.1.7601 Service Pack 1
Internet Explorer 8.0.7601.17514

6/23/2011 9:33:00 AM
mbam-log-2011-06-23 (09-33-00).txt

Scan type: Quick scan
Objects scanned: 165075
Time elapsed: 3 minute(s), 55 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 0

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
(No malicious items detected)


ESET OnlineScan

C:\_OTL\MovedFiles\06222011_100315\C_Users\Joel\AppData\Local\ocarizevul.dll a variant of Win32/Kryptik.OSA trojan

Security Check

Results of screen317's Security Check version 0.99.15
Windows 7 Service Pack 1 (UAC is enabled)
Internet Explorer 8
``````````````````````````````
Antivirus/Firewall Check:
Windows Firewall Enabled!
ESET NOD32 Antivirus
ESET Online Scanner v3
WMI entry may not exist for antivirus; attempting automatic update.
```````````````````````````````
Anti-malware/Other Utilities Check:
Malwarebytes' Anti-Malware
HijackThis 2.0.2
CCleaner
River Past Video Cleaner Pro
Java™ 6 Update 24
Out of date Java installed!
Adobe Flash Player 10.3.181.26
Adobe Reader X (10.1.0)
````````````````````````````````
Process Check:
objlist.exe by Laurent
Malwarebytes' Anti-Malware mbamservice.exe
``````````End of Log````````````

Share this topic:


  • 2 Pages +
  • 1
  • 2
  • You cannot start a new topic
  • This topic is locked

1 User(s) are reading this topic
0 members, 1 guests, 0 anonymous users