Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

hi all - please help - malwere spywere good stuff bad stuff what is what?


  • This topic is locked This topic is locked
16 replies to this topic

#1 nimm-1033

nimm-1033

  • Members
  • 9 posts
  • OFFLINE
  •  
  • Local time:12:49 PM

Posted 08 September 2009 - 08:26 PM

im new here i hope i have posted this in the right place(if not please can someone move it for me -mods?)

i thought i had been doing the right stuff ive been running my avast as my anti virus also using Malwarebytes and super anti spyware, but my firefox browser keeps hanging and the pc sounds like its doing things when its not so i thought id join up and get some help lol

i read the guidlines but im not sure what a log is ? this came from notepad (i hope that makes sense im not very good at this stuff ) so i did some reading and found myself this SmitfraudFix and hijackThis. now i have this

SmitFraudFix v2.423

Scan done at 1:52:15.74, 09/09/2009
Run from C:\Program Files\Mozilla Firefox\SmitfraudFix
OS: Microsoft Windows [Version 6.0.6001] - Windows_NT
The filesystem type is NTFS
Fix run in normal mode

»»»»»»»»»»»»»»»»»»»»»»»» Process

C:\Windows\system32\csrss.exe
C:\Windows\system32\wininit.exe
C:\Windows\system32\csrss.exe
C:\Windows\system32\services.exe
C:\Windows\system32\lsass.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe
C:\Windows\system32\nvvsvc.exe
C:\Windows\system32\winlogon.exe
C:\Windows\system32\svchost.exe
C:\Windows\System32\svchost.exe
C:\Windows\System32\svchost.exe
C:\Windows\System32\svchost.exe
C:\Windows\system32\svchost.exe
C:\Windows\system32\svchost.exe
C:\Windows\system32\SLsvc.exe
C:\Windows\system32\svchost.exe
C:\Windows\system32\rundll32.exe
C:\Windows\system32\svchost.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\Windows\system32\Dwm.exe
C:\Windows\system32\svchost.exe
C:\Windows\system32\taskeng.exe
C:\Windows\system32\taskeng.exe
C:\Windows\system32\svchost.exe
C:\Windows\System32\WinService.exe
C:\Program Files\O2\bin\sprtsvc.exe
C:\Windows\system32\svchost.exe
C:\Windows\System32\svchost.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
C:\Windows\system32\SearchIndexer.exe
C:\Windows\system32\WUDFHost.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
C:\Windows\System32\alg.exe
C:\Program Files\Hewlett-Packard\On-Screen OSD Indicator\OSD.exe
C:\Windows\system32\schtasks.exe
C:\Program Files\Alwil Software\Avast4\ashDisp.exe
C:\Program Files\O2\bin\sprtcmd.exe
C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe
C:\Windows\RtHDVCpl.exe
C:\Windows\System32\rundll32.exe
C:\Program Files\NETGEAR\WG111v2\WG111v2.exe
C:\Program Files\Windows Media Player\wmpnscfg.exe
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\Windows\System32\spoolsv.exe
C:\Windows\System32\mobsync.exe
C:\Program Files\Mozilla Firefox\firefox.exe
c:\Program Files\Hewlett-Packard\HP Health Check\hphc_service.exe
C:\hp\kbd\kbd.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\Users\lise\Downloads\fsbl.exe
C:\Windows\explorer.exe
C:\Windows\system32\rundll32.exe
C:\Windows\system32\cmd.exe
C:\Windows\notepad.exe
C:\Windows\explorer.exe
C:\Program Files\Easy SpyRemover\EasySpyRemover.exe
C:\Windows\system32\SearchProtocolHost.exe
C:\Windows\notepad.exe
C:\Users\lise\Downloads\removewin32induca.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\wbem\wmiprvse.exe

»»»»»»»»»»»»»»»»»»»»»»»» hosts


»»»»»»»»»»»»»»»»»»»»»»»» C:\


»»»»»»»»»»»»»»»»»»»»»»»» C:\Windows


»»»»»»»»»»»»»»»»»»»»»»»» C:\Windows\system


»»»»»»»»»»»»»»»»»»»»»»»» C:\Windows\Web


»»»»»»»»»»»»»»»»»»»»»»»» C:\Windows\system32


»»»»»»»»»»»»»»»»»»»»»»»» C:\Windows\system32\LogFiles


»»»»»»»»»»»»»»»»»»»»»»»» C:\Users\lise


»»»»»»»»»»»»»»»»»»»»»»»» C:\Users\lise\AppData\Local\Temp


»»»»»»»»»»»»»»»»»»»»»»»» C:\Users\lise\Application Data


»»»»»»»»»»»»»»»»»»»»»»»» Start Menu


»»»»»»»»»»»»»»»»»»»»»»»» C:\Users\lise\FAVORI~1


»»»»»»»»»»»»»»»»»»»»»»»» Desktop


»»»»»»»»»»»»»»»»»»»»»»»» C:\Program Files


»»»»»»»»»»»»»»»»»»»»»»»» Corrupted keys


»»»»»»»»»»»»»»»»»»»»»»»» Desktop Components



»»»»»»»»»»»»»»»»»»»»»»»» o4Patch
!!!Attention, following keys are not inevitably infected!!!

o4Patch
Credits: Malware Analysis & Diagnostic
Code: S!Ri



»»»»»»»»»»»»»»»»»»»»»»»» IEDFix
!!!Attention, following keys are not inevitably infected!!!

IEDFix
Credits: Malware Analysis & Diagnostic
Code: S!Ri



»»»»»»»»»»»»»»»»»»»»»»»» Agent.OMZ.Fix
!!!Attention, following keys are not inevitably infected!!!

Agent.OMZ.Fix
Credits: Malware Analysis & Diagnostic
Code: S!Ri


»»»»»»»»»»»»»»»»»»»»»»»» VACFix
!!!Attention, following keys are not inevitably infected!!!

VACFix
Credits: Malware Analysis & Diagnostic
Code: S!Ri


»»»»»»»»»»»»»»»»»»»»»»»» 404Fix
!!!Attention, following keys are not inevitably infected!!!

404Fix
Credits: Malware Analysis & Diagnostic
Code: S!Ri


»»»»»»»»»»»»»»»»»»»»»»»» Sharedtaskscheduler
!!!Attention, following keys are not inevitably infected!!!

SrchSTS.exe by S!Ri
Search SharedTaskScheduler's .dll


»»»»»»»»»»»»»»»»»»»»»»»» AppInit_DLLs
!!!Attention, following keys are not inevitably infected!!!

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
"AppInit_DLLs"=""
"LoadAppInit_DLLs"=dword:00000001


»»»»»»»»»»»»»»»»»»»»»»»» Winlogon
!!!Attention, following keys are not inevitably infected!!!

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon]
"Userinit"="C:\\Windows\\system32\\userinit.exe,"

»»»»»»»»»»»»»»»»»»»»»»»» RK

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon]




»»»»»»»»»»»»»»»»»»»»»»»» DNS

Description: NETGEAR WG111v2 54Mbps Wireless USB 2.0 Adapter #3
DNS Server Search Order: 192.168.1.254

HKLM\SYSTEM\CCS\Services\Tcpip\..\{5075FFEC-2EC2-4D0D-A619-B0934754B1F2}: DhcpNameServer=192.168.1.254
HKLM\SYSTEM\CCS\Services\Tcpip\..\{A7589EC9-22CA-45FE-8763-0705315980C8}: DhcpNameServer=192.168.1.254
HKLM\SYSTEM\CS1\Services\Tcpip\..\{5075FFEC-2EC2-4D0D-A619-B0934754B1F2}: DhcpNameServer=192.168.1.254
HKLM\SYSTEM\CS1\Services\Tcpip\..\{A7589EC9-22CA-45FE-8763-0705315980C8}: DhcpNameServer=192.168.1.254
HKLM\SYSTEM\CS3\Services\Tcpip\..\{5075FFEC-2EC2-4D0D-A619-B0934754B1F2}: DhcpNameServer=192.168.1.254
HKLM\SYSTEM\CS3\Services\Tcpip\..\{A7589EC9-22CA-45FE-8763-0705315980C8}: DhcpNameServer=192.168.1.254
HKLM\SYSTEM\CCS\Services\Tcpip\Parameters: DhcpNameServer=192.168.1.254
HKLM\SYSTEM\CS1\Services\Tcpip\Parameters: DhcpNameServer=192.168.1.254
HKLM\SYSTEM\CS3\Services\Tcpip\Parameters: DhcpNameServer=192.168.1.254


»»»»»»»»»»»»»»»»»»»»»»»» Scanning for wininet.dll infection


»»»»»»»»»»»»»»»»»»»»»»»» End

and this

SmitFraudFix v2.423

Scan done at 1:39:41.66, 09/09/2009
Run from C:\Program Files\Mozilla Firefox\SmitfraudFix
OS: Microsoft Windows [Version 6.0.6001] - Windows_NT
The filesystem type is NTFS
Fix run in normal mode

»»»»»»»»»»»»»»»»»»»»»»»» DNS Before Fix

Description: NETGEAR WG111v2 54Mbps Wireless USB 2.0 Adapter #3
DNS Server Search Order: 192.168.1.254

HKLM\SYSTEM\CCS\Services\Tcpip\..\{5075FFEC-2EC2-4D0D-A619-B0934754B1F2}: DhcpNameServer=192.168.1.254
HKLM\SYSTEM\CCS\Services\Tcpip\..\{A7589EC9-22CA-45FE-8763-0705315980C8}: DhcpNameServer=192.168.1.254
HKLM\SYSTEM\CS1\Services\Tcpip\..\{5075FFEC-2EC2-4D0D-A619-B0934754B1F2}: DhcpNameServer=192.168.1.254
HKLM\SYSTEM\CS1\Services\Tcpip\..\{A7589EC9-22CA-45FE-8763-0705315980C8}: DhcpNameServer=192.168.1.254
HKLM\SYSTEM\CS3\Services\Tcpip\..\{5075FFEC-2EC2-4D0D-A619-B0934754B1F2}: DhcpNameServer=192.168.1.254
HKLM\SYSTEM\CS3\Services\Tcpip\..\{A7589EC9-22CA-45FE-8763-0705315980C8}: DhcpNameServer=192.168.1.254
HKLM\SYSTEM\CCS\Services\Tcpip\Parameters: DhcpNameServer=192.168.1.254
HKLM\SYSTEM\CS1\Services\Tcpip\Parameters: DhcpNameServer=192.168.1.254
HKLM\SYSTEM\CS3\Services\Tcpip\Parameters: DhcpNameServer=192.168.1.254

»»»»»»»»»»»»»»»»»»»»»»»» DNS After Fix

Description: NETGEAR WG111v2 54Mbps Wireless USB 2.0 Adapter #3
DNS Server Search Order: 192.168.1.254

HKLM\SYSTEM\CCS\Services\Tcpip\..\{5075FFEC-2EC2-4D0D-A619-B0934754B1F2}: DhcpNameServer=192.168.1.254
HKLM\SYSTEM\CCS\Services\Tcpip\..\{A7589EC9-22CA-45FE-8763-0705315980C8}: DhcpNameServer=192.168.1.254
HKLM\SYSTEM\CS1\Services\Tcpip\..\{5075FFEC-2EC2-4D0D-A619-B0934754B1F2}: DhcpNameServer=192.168.1.254
HKLM\SYSTEM\CS1\Services\Tcpip\..\{A7589EC9-22CA-45FE-8763-0705315980C8}: DhcpNameServer=192.168.1.254
HKLM\SYSTEM\CS3\Services\Tcpip\..\{5075FFEC-2EC2-4D0D-A619-B0934754B1F2}: DhcpNameServer=192.168.1.254
HKLM\SYSTEM\CS3\Services\Tcpip\..\{A7589EC9-22CA-45FE-8763-0705315980C8}: DhcpNameServer=192.168.1.254
HKLM\SYSTEM\CCS\Services\Tcpip\Parameters: DhcpNameServer=192.168.1.254
HKLM\SYSTEM\CS1\Services\Tcpip\Parameters: DhcpNameServer=192.168.1.254
HKLM\SYSTEM\CS3\Services\Tcpip\Parameters: DhcpNameServer=192.168.1.254

and also this

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 01:54:05, on 09/09/2009
Platform: Windows Vista SP1 (WinNT 6.00.1905)
MSIE: Internet Explorer v8.00 (8.00.6001.18813)
Boot mode: Normal

Running processes:
C:\Windows\system32\Dwm.exe
C:\Windows\system32\taskeng.exe
C:\Program Files\Hewlett-Packard\On-Screen OSD Indicator\OSD.exe
C:\Windows\system32\schtasks.exe
C:\Program Files\Alwil Software\Avast4\ashDisp.exe
C:\Program Files\O2\bin\sprtcmd.exe
C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe
C:\Windows\RtHDVCpl.exe
C:\Windows\System32\rundll32.exe
C:\Program Files\NETGEAR\WG111v2\WG111v2.exe
C:\Program Files\Windows Media Player\wmpnscfg.exe
C:\Windows\System32\mobsync.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\hp\kbd\kbd.exe
C:\Users\lise\Downloads\fsbl.exe
C:\Windows\explorer.exe
C:\Windows\system32\rundll32.exe
C:\Windows\system32\cmd.exe
C:\Windows\notepad.exe
C:\Windows\explorer.exe
C:\Program Files\Easy SpyRemover\EasySpyRemover.exe
C:\Windows\notepad.exe
C:\Users\lise\Downloads\removewin32induca.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Windows\system32\cmd.exe
C:\Windows\notepad.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

please can anyone help me i have no idea what any of this means at all or what to do next.

thanks in advance

Lise

BC AdBot (Login to Remove)

 


#2 pwgib

pwgib

  • Malware Response Team
  • 2,956 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:God's Country
  • Local time:07:49 AM

Posted 23 September 2009 - 06:53 AM

Hello and welcome to Bleeping Computer

We apologize for the delay in responding to your request for help. Here at Bleeping Computer we get overwhelmed at times, and we are trying our best to keep up. Please note that your topic was not intentionally overlooked. Our mission is to help everyone in need, but sometimes it takes just a little longer to get to every request for help. No one is ignored here.

If you have since resolved the original problem you were having, we would appreciate you letting us know. If not please perform the following steps below so we can have a look at the current condition of your machine.

If you have not done so, include a clear description of the problems you're having, along with any steps you may have performed so far.

Upon completing the steps below another staff member will review and take the steps necessary with you to get your machine back in working order clean and free of malware.

If you have already posted a DDS log, please do so again, as your situation may have changed.
Use the 'Add Reply' and add the new log to this thread.


Thanks and again sorry for the delay.

We need to see some information about what is happening in your machine. Please perform the following scan:
  • Download DDS by sUBs from one of the following links. Save it to your desktop.
  • Double click on the DDS icon, allow it to run.
  • A small box will open, with an explaination about the tool. No input is needed, the scan is running.
  • Notepad will open with the results.
  • Follow the instructions that pop up for posting the results.
  • Close the program window, and delete the program from your desktop.
Please note: You may have to disable any script protection running if the scan fails to run. After downloading the tool, disconnect from the internet and disable all antivirus protection. Run the scan, enable your A/V and reconnect to the internet.

Information on A/V control HERE
PW

#3 nimm-1033

nimm-1033
  • Topic Starter

  • Members
  • 9 posts
  • OFFLINE
  •  
  • Local time:12:49 PM

Posted 26 September 2009 - 05:33 PM

hi Pw

thanks for your reply and your help my pc knowlage is quite basic so im sorry in advance .

so far i have uninstalled all the programs i dont use anymore defraged the hard drive and run avast, malwerebytes superantispywere, i also tryed to clean it wiith a program called CC cleaner but it all got a bit complecated and i am not quite sure if i removed anything (sorry). i also tryeed a program called rubotted but it didnt make any sence to me- so i think i have uninstalled it again . at this time im still getting major probs and i cannot now access emails through firefox as it just loops round the loging on pages for both hotmail and yahoo.

i also get firefox hang for no apparent rason if there is one tab open or 100 it makes noi difference, then it seems to come back on by its self. i randomly get dissconected from the internet at anytime (have been in contact with o2 and there is no probs there end) also when i scan with avast it has over 700 files it says it cant scann as they are password protceted - i dont have any password protected files but i also cant seem to get it to save these items to a log (sorry)

here are the reports so far - one is so big i think it might need zipped but i dont know how to so i have just saved it at the moment. thanks for your time and help.
Lise.


DDS (Ver_09-09-24.01) - NTFSx86
Run by lise at 23:11:35.92 on 25/09/2009
Internet Explorer: 8.0.6001.18813 BrowserJavaVersion: 1.6.0_16
Microsoft® Windows Vista™ Home Premium 6.0.6001.1.1252.44.1033.18.3070.1646 [GMT 1:00]

SP: Windows Defender *enabled* (Updated) {D68DDC3A-831F-4FAE-9E44-DA132C1ACF46}
SP: SUPERAntiSpyware *disabled* (Updated) {222A897C-5018-402e-943F-7E7AC8560DA7}

============== Running Processes ===============

C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\nvvsvc.exe
C:\Windows\system32\svchost.exe -k rpcss
C:\Windows\System32\svchost.exe -k secsvcs
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k GPSvcGroup
C:\Windows\system32\SLsvc.exe
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\nvvsvc.exe
C:\Windows\system32\svchost.exe -k NetworkService
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Windows\system32\taskeng.exe
C:\Windows\system32\taskeng.exe
C:\Program Files\Hewlett-Packard\On-Screen OSD Indicator\OSD.exe
C:\Windows\system32\schtasks.exe
C:\Program Files\Alwil Software\Avast4\ashDisp.exe
C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe
C:\Program Files\Java\jre6\bin\jusched.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\hp\support\hpsysdrv.exe
C:\Program Files\HP\HP Software Update\hpwuSchd2.exe
C:\Program Files\Windows Live\Messenger\msnmsgr.exe
C:\Program Files\Sony Ericsson\Sony Ericsson PC Suite\SEPCSuite.exe
C:\Windows\ehome\ehtray.exe
C:\Windows\System32\spool\drivers\w32x86\3\E_FATIEGE.EXE
C:\Program Files\Olympus\DeviceDetector\DevDtct2.exe
C:\Windows\ehome\ehmsas.exe
C:\Program Files\NETGEAR\WG111v2\WG111v2.exe
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\Windows\System32\WinService.exe
C:\Program Files\O2\bin\sprtsvc.exe
C:\Program Files\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
C:\Windows\system32\svchost.exe -k imgsvc
C:\Windows\System32\svchost.exe -k WerSvcGroup
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
C:\Windows\system32\SearchIndexer.exe
C:\Windows\system32\WUDFHost.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
C:\Program Files\Windows Live\Contacts\wlcomm.exe
C:\Windows\System32\mobsync.exe
C:\Windows\System32\alg.exe
C:\Program Files\Windows Media Player\wmpnscfg.exe
C:\Program Files\Windows Media Player\wmpnetwk.exe
c:\Program Files\Hewlett-Packard\HP Health Check\hphc_service.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Windows\system32\Macromed\Flash\FlashUtil9c.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Windows\system32\DllHost.exe
C:\Windows\system32\DllHost.exe
C:\Users\lise\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\PVHSSDLR\dds[1].pif
C:\Windows\system32\wbem\wmiprvse.exe

============== Pseudo HJT Report ===============

uStart Page = hxxp://co120w.col120.mail.live.com/default.aspx?wa=wsignin1.0
mURLSearchHooks: H - No File
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll
BHO: {5C255C8A-E604-49b4-9D64-90988571CECB} - No File
BHO: {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - No File
BHO: Groove GFS Browser Helper: {72853161-30c5-4d22-b7f9-0bbc1d38a37e} - c:\program files\microsoft office\office12\GrooveShellExtensions.dll
BHO: Windows Live ID Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - c:\program files\common files\microsoft shared\windows

live\WindowsLiveLogin.dll
BHO: Java™ Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
TB: {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - No File
TB: DAEMON Tools Toolbar: {32099aac-c132-4136-9e9a-4e364a424e17} - c:\program files\daemon tools toolbar\DTToolbar.dll
TB: {CCC7A320-B3CA-4199-B1A6-9F516DD69829} - No File
TB: {A057A204-BACC-4D26-9990-79A187E2698E} - No File
uRun: [SUPERAntiSpyware] c:\program files\superantispyware\SUPERAntiSpyware.exe
uRun: [Power2GoExpress] NA
uRun: [msnmsgr] "c:\program files\windows live\messenger\msnmsgr.exe" /background
uRun: [Sony Ericsson PC Suite] "c:\program files\sony ericsson\sony ericsson pc suite\SEPCSuite.exe" /systray /nologon
uRun: [ehTray.exe] c:\windows\ehome\ehTray.exe
uRun: [EPSON Stylus SX400 Series] c:\windows\system32\spool\drivers\w32x86\3\e_fatiege.exe /fu "c:\windows\temp\E_S225E.tmp" /EF "HKCU"
mRun: [OsdMaestro] "c:\program files\hewlett-packard\on-screen osd indicator\OSD.exe"
mRun: [HP Health Check Scheduler] [ProgramFilesFolder]Hewlett-Packard\HP Health Check\HPHC_Scheduler.exe
mRun: [SunJavaUpdateReg] "c:\windows\system32\jureg.exe"
mRun: [<NO NAME>]
mRun: [QuickTime Task] "c:\program files\quicktime\QTTask.exe" -atboottime
mRun: [avast!] c:\progra~1\alwils~1\avast4\ashDisp.exe
mRun: [O2] "c:\program files\o2\bin\sprtcmd.exe" /P O2
mRun: [GrooveMonitor] "c:\program files\microsoft office\office12\GrooveMonitor.exe"
mRun: [SunJavaUpdateSched] "c:\program files\java\jre6\bin\jusched.exe"
mRun: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide
mRun: [TkBellExe] "c:\program files\common files\real\update_ob\realsched.exe" -osboot
mRun: [hpsysdrv] c:\hp\support\hpsysdrv.exe
mRun: [HP Software Update] c:\program files\hp\hp software update\HPWuSchd2.exe
mRun: [Malwarebytes Anti-Malware (reboot)] "c:\program files\malwarebytes' anti-malware\mbam.exe" /runcleanupscript
StartupFolder: c:\users\lise\appdata\roaming\micros~1\windows\startm~1\programs\startup\onenot~1.lnk - c:\program files\microsoft office\office12

\ONENOTEM.EXE
StartupFolder: c:\progra~2\micros~1\windows\startm~1\programs\startup\device~1.lnk - c:\program files\olympus\devicedetector\DevDtct2.exe
StartupFolder: c:\progra~2\micros~1\windows\startm~1\programs\startup\netgea~1.lnk - c:\program files\netgear\wg111v2\WG111v2.exe
mPolicies-system: EnableUIADesktopToggle = 0 (0x0)
IE: E&xport to Microsoft Excel - c:\progra~1\micros~3\office12\EXCEL.EXE/3000
IE: Open using &Advanced JPEG Compressor - c:\program files\advanced jpeg compressor\ajcieex.htm
IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - c:\progra~1\micros~3\office12\ONBttnIE.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~3\office12\REFIEBAR.DLL
Trusted Zone: o2.co.uk\*.broadband
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_16-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0016-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_16-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_16-windows-i586.cab
Handler: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - c:\program files\microsoft office\office12\GrooveSystemServices.dll
Notify: !SASWinLogon - c:\program files\superantispyware\SASWINLO.dll
SEH: Groove GFS Stub Execution Hook: {b5a7f190-dda6-4420-b3ba-52453494e6cd} - c:\program files\microsoft office\office12\GrooveShellExtensions.dll
SEH: SABShellExecuteHook Class: {5ae067d3-9afb-48e0-853a-ebb7f4a000da} - c:\program files\superantispyware\SASSEH.DLL

================= FIREFOX ===================

FF - ProfilePath - c:\users\lise\appdata\roaming\mozilla\firefox\profiles\ln00y8we.default\
FF - prefs.js: browser.startup.homepage - hxxp://www.hotukdeals.com/
FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\microsoft.net\framework\v3.5\windows

presentation foundation\dotnetassistantextension\
FF - HiddenExtension: Java Console: No Registry Reference - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0016-ABCDEFFEDCBA}

============= SERVICES / DRIVERS ===============

R0 SCMNdisP;General NDIS Protocol Driver;c:\windows\system32\drivers\SCMNdisP.sys [2008-3-30 21728]
R1 aswSP;avast! Self Protection;c:\windows\system32\drivers\aswSP.sys [2009-8-28 114768]
R1 SASDIFSV;SASDIFSV;c:\program files\superantispyware\sasdifsv.sys [2009-8-5 9968]
R1 SASKUTIL;SASKUTIL;c:\program files\superantispyware\SASKUTIL.SYS [2009-8-5 74480]
R2 aswFsBlk;aswFsBlk;c:\windows\system32\drivers\aswFsBlk.sys [2009-8-28 20560]
R2 aswMonFlt;aswMonFlt;c:\windows\system32\drivers\aswMonFlt.sys [2009-8-28 53328]
R2 SCM_Service;SCM_Service;c:\windows\system32\WinService.exe [2008-3-30 180224]
R2 sprtsvc_O2;SupportSoft Sprocket Service (O2);c:\program files\o2\bin\sprtsvc.exe [2007-6-7 202280]
R2 SSPORT;SSPORT;c:\windows\system32\drivers\SSPORT.sys [2006-12-8 5120]
R2 Stereo Service;NVIDIA Stereoscopic 3D Driver Service;c:\program files\nvidia corporation\3d vision\nvSCPAPISvr.exe [2009-8-17 239648]
R2 wlidsvc;Windows Live ID Sign-in Assistant;c:\program files\common files\microsoft shared\windows live\WLIDSVC.EXE [2009-3-30 1533808]
R3 RTL8187;NETGEAR WG111v2 54Mbps Wireless USB 2.0 Adapter Vista Driver;c:\windows\system32\drivers\wg111v2.sys [2008-3-30 288768]
R3 SASENUM;SASENUM;c:\program files\superantispyware\SASENUM.SYS [2009-8-5 7408]
S3 s115bus;Sony Ericsson Device 115 driver (WDM);c:\windows\system32\drivers\s115bus.sys [2007-4-23 83208]
S3 s115mdfl;Sony Ericsson Device 115 USB WMC Modem Filter;c:\windows\system32\drivers\s115mdfl.sys [2007-4-23 15112]
S3 s115mdm;Sony Ericsson Device 115 USB WMC Modem Driver;c:\windows\system32\drivers\s115mdm.sys [2007-4-23 108680]
S3 s115mgmt;Sony Ericsson Device 115 USB WMC Device Management Drivers (WDM);c:\windows\system32\drivers\s115mgmt.sys [2007-4-23 100488]
S3 s115obex;Sony Ericsson Device 115 USB WMC OBEX Interface;c:\windows\system32\drivers\s115obex.sys [2007-4-23 98568]
S3 s3017bus;Sony Ericsson Device 3017 driver (WDM);c:\windows\system32\drivers\s3017bus.sys [2008-6-23 83880]
S3 s3017mdfl;Sony Ericsson Device 3017 USB WMC Modem Filter;c:\windows\system32\drivers\s3017mdfl.sys [2008-6-23 15016]
S3 s3017mdm;Sony Ericsson Device 3017 USB WMC Modem Driver;c:\windows\system32\drivers\s3017mdm.sys [2008-6-23 110632]
S3 s3017mgmt;Sony Ericsson Device 3017 USB WMC Device Management Drivers (WDM);c:\windows\system32\drivers\s3017mgmt.sys [2008-6-23 104616]
S3 s3017nd5;Sony Ericsson Device 3017 USB Ethernet Emulation SEMC3017 (NDIS);c:\windows\system32\drivers\s3017nd5.sys [2008-6-23 25512]
S3 s3017obex;Sony Ericsson Device 3017 USB WMC OBEX Interface;c:\windows\system32\drivers\s3017obex.sys [2008-6-23 100648]
S3 s3017unic;Sony Ericsson Device 3017 USB Ethernet Emulation SEMC3017 (WDM);c:\windows\system32\drivers\s3017unic.sys [2008-6-23 110120]

=============== Created Last 30 ================

2009-09-21 22:55 <DIR> --d----- c:\programdata\BVRP Software
2009-09-21 14:59 8,192 a------- c:\windows\system32\E_DCINST.DLL
2009-09-21 14:59 78,848 a------- c:\windows\system32\E_FD4BEGE.DLL
2009-09-21 13:59 <DIR> --d----- c:\programdata\UDL
2009-09-21 13:59 <DIR> --d----- c:\progra~2\UDL
2009-09-21 13:55 <DIR> --d----- c:\program files\ABBYY FineReader 6.0 Sprint
2009-09-21 13:51 86,528 a------- c:\windows\system32\E_FLBEGE.DLL
2009-09-21 13:51 <DIR> --d----- c:\programdata\EPSON
2009-09-21 13:51 <DIR> --d----- c:\progra~2\EPSON
2009-09-21 13:50 71,680 a------- c:\windows\system32\escwiad.dll
2009-09-21 13:50 <DIR> --d----- c:\program files\epson
2009-09-21 13:50 25 a------- c:\windows\CDE SX400DEFGIPS.ini
2009-09-12 00:48 <DIR> --d----- c:\users\lise\.housecall6.6
2009-09-12 00:45 411,368 a------- c:\windows\system32\deploytk.dll
2009-09-09 03:31 897,608 a------- c:\windows\system32\drivers\tcpip.sys
2009-09-09 03:31 104,960 a------- c:\windows\system32\netiohlp.dll
2009-09-09 03:31 27,136 a------- c:\windows\system32\NETSTAT.EXE
2009-09-09 03:31 19,968 a------- c:\windows\system32\ARP.EXE
2009-09-09 03:31 10,240 a------- c:\windows\system32\finger.exe
2009-09-09 03:31 9,728 a------- c:\windows\system32\TCPSVCS.EXE
2009-09-09 03:31 8,704 a------- c:\windows\system32\HOSTNAME.EXE
2009-09-09 03:31 17,920 a------- c:\windows\system32\ROUTE.EXE
2009-09-09 03:31 11,264 a------- c:\windows\system32\MRINFO.EXE
2009-09-09 03:31 17,920 a------- c:\windows\system32\netevent.dll
2009-09-09 03:29 2,868,224 a------- c:\windows\system32\mf.dll
2009-09-09 03:29 2,501,921 a------- c:\windows\system32\wlan.tmf
2009-09-09 03:29 293,376 a------- c:\windows\system32\wlanmsm.dll
2009-09-09 03:29 302,592 a------- c:\windows\system32\wlansec.dll
2009-09-09 03:29 127,488 a------- c:\windows\system32\L2SecHC.dll
2009-09-09 03:29 513,024 a------- c:\windows\system32\wlansvc.dll
2009-09-09 03:21 <DIR> --d----- c:\program files\NVIDIA Corporation
2009-09-09 03:20 32,784 a------- c:\programdata\nvModes.dat
2009-09-09 03:20 32,784 a------- c:\progra~2\nvModes.dat
2009-09-09 03:15 <DIR> --d----- C:\NVIDIA
2009-09-09 01:53 <DIR> --d----- c:\program files\Trend Micro
2009-09-09 01:35 2,646 a------- c:\windows\system32\tmp.reg
2009-09-03 22:38 56 a---h--- c:\programdata\ezsidmv.dat
2009-09-03 22:38 56 a---h--- c:\progra~2\ezsidmv.dat
2009-09-03 22:37 <DIR> --d----- c:\programdata\Skype
2009-08-31 22:53 <DIR> --d----- c:\windows\Samsung
2009-08-31 18:10 2,048 a------- c:\windows\system32\tzres.dll
2009-08-31 17:50 1,638,912 a------- c:\windows\system32\mshtml.tlb
2009-08-31 17:50 71,680 a------- c:\windows\system32\iesetup.dll
2009-08-31 17:50 915,456 a------- c:\windows\system32\wininet.dll
2009-08-31 17:50 57,667 a------- c:\windows\system32\ieuinit.inf
2009-08-31 17:49 133,632 a------- c:\windows\system32\ieUnatt.exe
2009-08-31 17:49 1,469,440 a------- c:\windows\system32\inetcpl.cpl
2009-08-31 17:49 109,056 a------- c:\windows\system32\iesysprep.dll
2009-08-31 17:40 420,352 a------- c:\windows\system32\vbscript.dll
2009-08-31 17:40 385,024 a------- c:\windows\system32\html.iec
2009-08-31 17:40 169,472 a------- c:\windows\system32\iexpress.exe
2009-08-31 17:40 45,568 a------- c:\windows\system32\mshta.exe
2009-08-31 17:40 109,568 a------- c:\windows\system32\PDMSetup.exe
2009-08-31 17:40 107,520 a------- c:\windows\system32\RegisterIEPKEYs.exe
2009-08-31 17:40 107,008 a------- c:\windows\system32\SetIEInstalledDate.exe
2009-08-31 17:40 103,936 a------- c:\windows\system32\SetDepNx.exe
2009-08-30 11:33 <DIR> --d----- c:\users\lise\Office Genuine Advantage
2009-08-28 11:26 4,984 a------- c:\windows\system32\drivers\nvphy.bin
2009-08-28 11:18 <DIR> --d----- c:\windows\pss
2009-08-28 11:12 <DIR> --d----- c:\program files\CCleaner
2009-08-28 11:09 289,792 a------- c:\windows\system32\atmfd.dll
2009-08-28 11:09 156,672 a------- c:\windows\system32\t2embed.dll
2009-08-28 11:09 72,704 a------- c:\windows\system32\fontsub.dll
2009-08-28 11:09 10,240 a------- c:\windows\system32\dciman32.dll
2009-08-28 11:09 71,680 a------- c:\windows\system32\atl.dll
2009-08-28 11:09 160,256 a------- c:\windows\system32\wkssvc.dll
2009-08-28 11:08 2,066,432 a------- c:\windows\system32\mstscax.dll
2009-08-28 11:08 91,136 a------- c:\windows\system32\avifil32.dll
2009-08-28 11:07 499,712 a------- c:\windows\system32\kerberos.dll
2009-08-28 11:07 1,256,448 a------- c:\windows\system32\lsasrv.dll
2009-08-28 11:07 270,848 a------- c:\windows\system32\schannel.dll
2009-08-28 11:07 213,504 a------- c:\windows\system32\msv1_0.dll
2009-08-28 11:07 175,104 a------- c:\windows\system32\wdigest.dll
2009-08-28 11:07 439,896 a------- c:\windows\system32\drivers\ksecdd.sys
2009-08-28 11:07 72,704 a------- c:\windows\system32\secur32.dll
2009-08-28 11:07 9,728 a------- c:\windows\system32\lsass.exe
2009-08-28 11:06 313,344 a------- c:\windows\system32\wmpdxm.dll
2009-08-28 11:06 7,680 a------- c:\windows\system32\spwmp.dll
2009-08-28 11:06 8,147,456 a------- c:\windows\system32\wmploc.DLL
2009-08-28 11:06 4,096 a------- c:\windows\system32\msdxm.ocx
2009-08-28 11:06 4,096 a------- c:\windows\system32\dxmasf.dll
2009-08-28 11:06 43,520 a------- c:\windows\system32\msdxm.tlb
2009-08-28 11:06 18,432 a------- c:\windows\system32\amcompat.tlb
2009-08-28 11:06 784,896 a------- c:\windows\system32\rpcrt4.dll
2009-08-28 11:02 <DIR> --d----- c:\program files\Windows Installer Clean Up
2009-08-28 11:01 <DIR> --d----- c:\program files\MSECACHE
2009-08-28 10:55 53,328 a------- c:\windows\system32\drivers\aswMonFlt.sys

==================== Find3M ====================

2009-09-22 00:24 8,442 a------- c:\users\lise\appdata\roaming\wklnhst.dat
2009-09-21 15:00 143,360 a------- c:\windows\inf\infstor.dat
2009-09-21 15:00 86,016 a------- c:\windows\inf\infpub.dat
2009-09-21 15:00 143,360 a------- c:\windows\inf\infstrng.dat
2009-09-10 14:54 38,224 a------- c:\windows\system32\drivers\mbamswissarmy.sys
2009-09-10 14:53 19,160 a------- c:\windows\system32\drivers\mbam.sys
2009-08-31 17:36 319,456 a------- c:\windows\DIFxAPI.dll
2009-08-17 02:42 2,505,248 a------- c:\windows\system32\nvcpluir.dll
2009-08-17 02:42 2,173,472 a------- c:\windows\system32\nvcplui.exe
2009-08-17 02:42 1,411,616 a------- c:\windows\system32\nvsvsr.dll
2009-08-17 02:42 1,346,080 a------- c:\windows\system32\nvsvs.dll
2009-08-17 00:57 10,858,496 a------- c:\windows\system32\nvoglv32.dll
2009-08-17 00:57 9,545,152 a------- c:\windows\system32\drivers\nvlddmkm.sys
2009-08-17 00:57 7,569,920 a------- c:\windows\system32\nvd3dum.dll
2009-08-17 00:57 3,298,304 a------- c:\windows\system32\nvwgf2um.dll
2009-08-17 00:57 2,169,376 a------- c:\windows\system32\nvcuvid.dll
2009-08-17 00:57 1,985,536 a------- c:\windows\system32\nvcuda.dll
2009-08-17 00:57 1,706,528 a------- c:\windows\system32\nvcuvenc.dll
2009-08-17 00:57 1,044,992 a------- c:\windows\system32\nvapi.dll
2009-08-17 00:57 485,920 a------- c:\windows\system32\nvudisp.exe
2009-08-17 00:57 155,648 a------- c:\windows\system32\nvcod162.dll
2009-08-17 00:57 155,648 a------- c:\windows\system32\nvcod.dll
2009-08-17 00:57 4,224 a------- c:\windows\system32\drivers\nvBridge.kmd
2009-08-11 12:35 485,920 a------- c:\windows\system32\NVUNINST.EXE
2009-08-03 15:07 403,816 a------- c:\windows\system32\OGACheckControl.dll
2009-08-03 15:07 322,928 a------- c:\windows\system32\OGAAddin.dll
2009-08-03 15:07 230,768 a------- c:\windows\system32\OGAEXEC.exe
2009-07-26 16:44 48,448 a------- c:\windows\system32\sirenacm.dll
2009-04-14 14:31 174 a--sh--- c:\program files\desktop.ini
2009-04-14 14:21 665,600 a------- c:\windows\inf\drvindex.dat
2006-11-02 13:42 287,440 a------- c:\windows\inf\perflib\0409\perfi.dat
2006-11-02 13:42 287,440 a------- c:\windows\inf\perflib\0409\perfh.dat
2006-11-02 13:42 30,674 a------- c:\windows\inf\perflib\0409\perfd.dat
2006-11-02 13:42 30,674 a------- c:\windows\inf\perflib\0409\perfc.dat
2006-11-02 10:20 287,440 a------- c:\windows\inf\perflib\0000\perfi.dat
2006-11-02 10:20 287,440 a------- c:\windows\inf\perflib\0000\perfh.dat
2006-11-02 10:20 30,674 a------- c:\windows\inf\perflib\0000\perfd.dat
2006-11-02 10:20 30,674 a------- c:\windows\inf\perflib\0000\perfc.dat
2009-06-05 10:40 16,384 a--sh--- c:\windows\serviceprofiles\localservice\appdata\local\microsoft\windows\history\history.ie5\index.dat
2009-06-05 10:40 32,768 a--sh--- c:\windows\serviceprofiles\localservice\appdata\local\microsoft\windows\temporary internet files\content.ie5

\index.dat
2009-06-05 10:40 16,384 a--sh--- c:\windows\serviceprofiles\localservice\appdata\roaming\microsoft\windows\cookies\index.dat
2008-04-17 20:39 22 a--sh--- c:\windows\sminst\HPCD.sys
2008-01-16 02:38 8,192 a--sh--- c:\windows\users\default\NTUSER.DAT

============= FINISH: 23:12:54.40 ===============

avast! Antirootkit, version 1.0
Scan started: 25 September 2009 20:53:38

Process [0]
Process [4]
Process C:\Windows\System32\smss.exe [456]
Process C:\Windows\System32\csrss.exe [524]
Process C:\Windows\System32\wininit.exe [584]
Process C:\Windows\System32\csrss.exe [596]
Process C:\Windows\System32\services.exe [628]
Process C:\Windows\System32\lsass.exe [640]
Process C:\Windows\System32\lsm.exe [656]
Process C:\Windows\System32\svchost.exe [800]
Process C:\Windows\System32\nvvsvc.exe [860]
Process C:\Windows\System32\svchost.exe [888]
Process C:\Windows\System32\svchost.exe [940]
Process C:\Windows\System32\svchost.exe [980]
Process C:\Windows\System32\svchost.exe [1016]
Process C:\Windows\System32\svchost.exe [1036]
Process C:\Windows\System32\winlogon.exe [1104]
Process C:\Windows\System32\audiodg.exe [1172]
Process C:\Windows\System32\svchost.exe [1216]
Process C:\Windows\System32\SLsvc.exe [1256]
Process C:\Windows\System32\svchost.exe [1316]
Process C:\Windows\System32\nvvsvc.exe [1408]
Process C:\Windows\System32\svchost.exe [1496]
Process C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe [1692]
Process C:\Program Files\Alwil Software\Avast4\ashServ.exe [1712]
Process C:\Windows\System32\dwm.exe [1828]
Process C:\Windows\explorer.exe [1876]
Process C:\Windows\System32\spoolsv.exe [644]
Process C:\Windows\System32\svchost.exe [1032]
Process C:\Windows\System32\taskeng.exe [1160]
Process C:\Windows\System32\taskeng.exe [1796]
Process C:\Program Files\Hewlett-Packard\On-Screen OSD Indicator\OSD.exe [2528]
Process C:\Windows\System32\schtasks.exe [2640]
Process C:\Program Files\Alwil Software\Avast4\ashDisp.exe [2668]
Process C:\Program Files\O2\bin\sprtcmd.exe [2680]
Process C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe [2688]
Process C:\Program Files\Java\jre6\bin\jusched.exe [2716]
Process C:\Program Files\Common Files\Real\Update_OB\realsched.exe [2744]
Process C:\hp\support\hpsysdrv.exe [2768]
Process C:\Program Files\HP\HP Software Update\hpwuSchd2.exe [2788]
Process C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe [2832]
Process C:\Program Files\Windows Live\Messenger\msnmsgr.exe [2840]
Process C:\Program Files\Sony Ericsson\Sony Ericsson PC Suite\SEPCSuite.exe [2852]
Process C:\Windows\ehome\ehtray.exe [2860]
Process C:\Windows\System32\spool\drivers\w32x86\3\E_FATIEGE.EXE [2868]
Process C:\Program Files\Olympus\DeviceDetector\DevDtct2.exe [2884]
Process C:\Windows\ehome\ehmsas.exe [2896]
Process C:\Program Files\NETGEAR\WG111v2\WG111v2.exe [2908]
Process C:\Windows\System32\svchost.exe [3136]
Process C:\Windows\System32\WinService.exe [3160]
Process C:\Program Files\O2\bin\sprtsvc.exe [3336]
Process C:\Program Files\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe [3408]
Process C:\Windows\System32\svchost.exe [3444]
Process C:\Windows\System32\svchost.exe [3476]
Process C:\Program Files\Common Files\microsoft shared\Windows Live\WLIDSVC.EXE [3496]
Process C:\Windows\System32\SearchIndexer.exe [3580]
Process C:\Windows\System32\WUDFHost.exe [3948]
Process C:\Program Files\Common Files\microsoft shared\Windows Live\WLIDSVCM.EXE [3992]
Process C:\Program Files\Windows Live\Contacts\wlcomm.exe [3620]
Process C:\Program Files\Alwil Software\Avast4\ashWebSv.exe [2732]
Process C:\Windows\System32\mobsync.exe [2940]
Process C:\Windows\System32\alg.exe [1824]
Process C:\Program Files\Windows Media Player\wmpnscfg.exe [4780]
Process C:\Program Files\Windows Media Player\wmpnetwk.exe [4864]
Process C:\Program Files\Hewlett-Packard\HP Health Check\HPHC_Service.exe [4724]
Disk 0 MBR
File C:\Windows\system32\Drivers\1394bus.sys
File C:\Windows\system32\Drivers\acpi.sys
File C:\Windows\system32\Drivers\adp94xx.sys
File C:\Windows\system32\Drivers\adpahci.sys
File C:\Windows\system32\Drivers\adpu160m.sys
File C:\Windows\system32\Drivers\adpu320.sys
File C:\Windows\system32\Drivers\afd.sys
File C:\Windows\system32\Drivers\AGP440.sys
File C:\Windows\system32\Drivers\aliide.sys
File C:\Windows\system32\Drivers\AMDAGP.SYS
File C:\Windows\system32\Drivers\amdide.sys
File C:\Windows\system32\Drivers\amdk7.sys
File C:\Windows\system32\Drivers\amdk8.sys
File C:\Windows\system32\Drivers\arc.sys
File C:\Windows\system32\Drivers\arcsas.sys
File C:\Windows\system32\Drivers\aswFsBlk.sys
File C:\Windows\system32\Drivers\aswMonFlt.sys
File C:\Windows\system32\Drivers\aswRdr.sys
File C:\Windows\system32\Drivers\aswSP.sys
File C:\Windows\system32\Drivers\aswTdi.sys
File C:\Windows\system32\Drivers\asyncmac.sys
File C:\Windows\system32\Drivers\atapi.sys
File C:\Windows\system32\Drivers\ataport.sys
File C:\Windows\system32\Drivers\battc.sys
File C:\Windows\system32\Drivers\bdasup.sys
File C:\Windows\system32\Drivers\beep.sys
File C:\Windows\system32\Drivers\bowser.sys
File C:\Windows\system32\Drivers\BrFiltLo.sys
File C:\Windows\system32\Drivers\BrFiltUp.sys
File C:\Windows\system32\Drivers\bridge.sys
File C:\Windows\system32\Drivers\BrSerId.sys
File C:\Windows\system32\Drivers\BrSerWdm.sys
File C:\Windows\system32\Drivers\BrUsbMdm.sys
File C:\Windows\system32\Drivers\BrUsbSer.sys
File C:\Windows\system32\Drivers\bthmodem.sys
File C:\Windows\system32\Drivers\cdfs.sys
File C:\Windows\system32\Drivers\cdrom.sys
File C:\Windows\system32\Drivers\circlass.sys
File C:\Windows\system32\Drivers\Classpnp.sys
File C:\Windows\system32\Drivers\cmdide.sys
File C:\Windows\system32\Drivers\compbatt.sys
File C:\Windows\system32\Drivers\crashdmp.sys
File C:\Windows\system32\Drivers\crcdisk.sys
File C:\Windows\system32\Drivers\crusoe.sys
File C:\Windows\system32\Drivers\dfsc.sys
File C:\Windows\system32\Drivers\DgivEcp.sys
File C:\Windows\system32\Drivers\disk.sys
File C:\Windows\system32\Drivers\Diskdump.sys
File C:\Windows\system32\Drivers\djsvs.sys
File C:\Windows\system32\Drivers\drmk.sys
File C:\Windows\system32\Drivers\drmkaud.sys
File C:\Windows\system32\Drivers\Dumpata.sys
File C:\Windows\system32\Drivers\DW90USB.SYS
File C:\Windows\system32\Drivers\dxapi.sys
File C:\Windows\system32\Drivers\dxg.sys
File C:\Windows\system32\Drivers\dxgkrnl.sys
File C:\Windows\system32\Drivers\E1G60I32.sys
File C:\Windows\system32\Drivers\ecache.sys
File C:\Windows\system32\Drivers\elxstor.sys
File C:\Windows\system32\Drivers\en-US
File C:\Windows\system32\Drivers\en-US\acpi.sys.mui
File C:\Windows\system32\Drivers\en-US\afd.sys.mui
File C:\Windows\system32\Drivers\en-US\AGP440.sys.mui
File C:\Windows\system32\Drivers\en-US\AMDAGP.SYS.mui
File C:\Windows\system32\Drivers\en-US\amdide.sys.mui
File C:\Windows\system32\Drivers\en-US\amdk7.sys.mui
File C:\Windows\system32\Drivers\en-US\amdk8.sys.mui
File C:\Windows\system32\Drivers\en-US\ati2mpad.sys.mui
File C:\Windows\system32\Drivers\en-US\ati2mtag.sys.mui
File C:\Windows\system32\Drivers\en-US\atikmdag.sys.mui
File C:\Windows\system32\Drivers\en-US\b57nd60x.sys.mui
File C:\Windows\system32\Drivers\en-US\battc.sys.mui
File C:\Windows\system32\Drivers\en-US\bcm4sbxp.sys.mui
File C:\Windows\system32\Drivers\en-US\BrParwdm.sys.mui
File C:\Windows\system32\Drivers\en-US\BrSerId.sys.mui
File C:\Windows\system32\Drivers\en-US\bthpan.sys.mui
File C:\Windows\system32\Drivers\en-US\bthport.sys.mui
File C:\Windows\system32\Drivers\en-US\cmbp0wdm.sys.mui
File C:\Windows\system32\Drivers\en-US\crusoe.sys.mui
File C:\Windows\system32\Drivers\en-US\cxbp0wdm.sys.mui
File C:\Windows\system32\Drivers\en-US\Dot4usb.sys.mui
File C:\Windows\system32\Drivers\en-US\dxgkrnl.sys.mui
File C:\Windows\system32\Drivers\en-US\e100b325.sys.mui
File C:\Windows\system32\Drivers\en-US\e1e6032.sys.mui
File C:\Windows\system32\Drivers\en-US\E1G60I32.sys.mui
File C:\Windows\system32\Drivers\en-US\fltmgr.sys.mui
File C:\Windows\system32\Drivers\en-US\GAGP30KX.SYS.mui
File C:\Windows\system32\Drivers\en-US\gpr400.sys.mui
File C:\Windows\system32\Drivers\en-US\grserial.sys.mui
File C:\Windows\system32\Drivers\en-US\hidbth.sys.mui
File C:\Windows\system32\Drivers\en-US\http.sys.mui
File C:\Windows\system32\Drivers\en-US\i8042prt.sys.mui
File C:\Windows\system32\Drivers\en-US\intelppm.sys.mui
File C:\Windows\system32\Drivers\en-US\IPMIDrv.sys.mui
File C:\Windows\system32\Drivers\en-US\ipnat.sys.mui
File C:\Windows\system32\Drivers\en-US\isapnp.sys.mui
File C:\Windows\system32\Drivers\en-US\kbdclass.sys.mui
File C:\Windows\system32\Drivers\en-US\kbdhid.sys.mui
File C:\Windows\system32\Drivers\en-US\ltmdmnt.sys.mui
File C:\Windows\system32\Drivers\en-US\luafv.sys.mui
File C:\Windows\system32\Drivers\en-US\modem.sys.mui
File C:\Windows\system32\Drivers\en-US\mouclass.sys.mui
File C:\Windows\system32\Drivers\en-US\mouhid.sys.mui
File C:\Windows\system32\Drivers\en-US\mpio.sys.mui
File C:\Windows\system32\Drivers\en-US\msdsm.sys.mui
File C:\Windows\system32\Drivers\en-US\mssmbios.sys.mui
File C:\Windows\system32\Drivers\en-US\ntfs.sys.mui
File C:\Windows\system32\Drivers\en-US\ntrigdigi.sys.mui
File C:\Windows\system32\Drivers\en-US\nv4_mini.sys.mui
File C:\Windows\system32\Drivers\en-US\NV_AGP.SYS.mui
File C:\Windows\system32\Drivers\en-US\ohci1394.sys.mui
File C:\Windows\system32\Drivers\en-US\pacer.sys.mui
File C:\Windows\system32\Drivers\en-US\parport.sys.mui
File C:\Windows\system32\Drivers\en-US\parvdm.sys.mui
File C:\Windows\system32\Drivers\en-US\pci.sys.mui
File C:\Windows\system32\Drivers\en-US\pcmcia.sys.mui
File C:\Windows\system32\Drivers\en-US\pnpmem.sys.mui
File C:\Windows\system32\Drivers\en-US\processr.sys.mui
File C:\Windows\system32\Drivers\en-US\pscr.sys.mui
File C:\Windows\system32\Drivers\en-US\qwavedrv.sys.mui
File C:\Windows\system32\Drivers\en-US\RNDISMP.sys.mui
File C:\Windows\system32\Drivers\en-US\rndismpx.sys.mui
File C:\Windows\system32\Drivers\en-US\scmstcs.sys.mui
File C:\Windows\system32\Drivers\en-US\SCR111.sys.mui
File C:\Windows\system32\Drivers\en-US\scsiport.sys.mui
File C:\Windows\system32\Drivers\en-US\serial.sys.mui
File C:\Windows\system32\Drivers\en-US\sermouse.sys.mui
File C:\Windows\system32\Drivers\en-US\serscan.sys.mui
File C:\Windows\system32\Drivers\en-US\SISAGP.SYS.mui
File C:\Windows\system32\Drivers\en-US\srv.sys.mui
File C:\Windows\system32\Drivers\en-US\stcusb.sys.mui
File C:\Windows\system32\Drivers\en-US\tpm.sys.mui
File C:\Windows\system32\Drivers\en-US\UAGP35.SYS.mui
File C:\Windows\system32\Drivers\en-US\ULIAGPKX.SYS.mui
File C:\Windows\system32\Drivers\en-US\umbus.sys.mui
File C:\Windows\system32\Drivers\en-US\VIAAGP.SYS.mui
File C:\Windows\system32\Drivers\en-US\viac7.sys.mui
File C:\Windows\system32\Drivers\en-US\volsnap.sys.mui
File C:\Windows\system32\Drivers\en-US\wacompen.sys.mui
File C:\Windows\system32\Drivers\en-US\wd.sys.mui
File C:\Windows\system32\Drivers\en-US\wdf01000.sys.mui
File C:\Windows\system32\Drivers\en-US\yk60x86.sys.mui
File C:\Windows\system32\Drivers\etc
File C:\Windows\system32\Drivers\etc\hosts
File C:\Windows\system32\Drivers\etc\hosts.ics
File C:\Windows\system32\Drivers\etc\lmhosts.sam
File C:\Windows\system32\Drivers\etc\networks
File C:\Windows\system32\Drivers\etc\protocol
File C:\Windows\system32\Drivers\etc\services
File C:\Windows\system32\Drivers\exfat.sys
File C:\Windows\system32\Drivers\fastfat.sys
File C:\Windows\system32\Drivers\fdc.sys
File C:\Windows\system32\Drivers\fileinfo.sys
File C:\Windows\system32\Drivers\filetrace.sys
File C:\Windows\system32\Drivers\flpydisk.sys
File C:\Windows\system32\Drivers\fltMgr.sys
File C:\Windows\system32\Drivers\fs_rec.sys
File C:\Windows\system32\Drivers\FWPKCLNT.SYS
File C:\Windows\system32\Drivers\GAGP30KX.SYS
File C:\Windows\system32\Drivers\gm.dls
File C:\Windows\system32\Drivers\gmreadme.txt
File C:\Windows\system32\Drivers\hdaudbus.sys
File C:\Windows\system32\Drivers\HdAudio.sys
File C:\Windows\system32\Drivers\hidbth.sys
File C:\Windows\system32\Drivers\hidclass.sys
File C:\Windows\system32\Drivers\hidir.sys
File C:\Windows\system32\Drivers\hidparse.sys
File C:\Windows\system32\Drivers\hidusb.sys
File C:\Windows\system32\Drivers\HpCISSs.sys
File C:\Windows\system32\Drivers\http.sys
File C:\Windows\system32\Drivers\i2omgmt.sys
File C:\Windows\system32\Drivers\i2omp.sys
File C:\Windows\system32\Drivers\i8042prt.sys
File C:\Windows\system32\Drivers\iaStorV.sys
File C:\Windows\system32\Drivers\iirsp.sys
File C:\Windows\system32\Drivers\intelide.sys
File C:\Windows\system32\Drivers\intelppm.sys
File C:\Windows\system32\Drivers\ipfltdrv.sys
File C:\Windows\system32\Drivers\IPMIDrv.sys
File C:\Windows\system32\Drivers\ipnat.sys
File C:\Windows\system32\Drivers\irda.sys
File C:\Windows\system32\Drivers\irenum.sys
File C:\Windows\system32\Drivers\isapnp.sys
File C:\Windows\system32\Drivers\iteatapi.sys
File C:\Windows\system32\Drivers\iteraid.sys
File C:\Windows\system32\Drivers\kbdclass.sys
File C:\Windows\system32\Drivers\kbdhid.sys
File C:\Windows\system32\Drivers\ks.sys
File C:\Windows\system32\Drivers\ksecdd.sys
File C:\Windows\system32\Drivers\lltdio.sys
File C:\Windows\system32\Drivers\lsi_fc.sys
File C:\Windows\system32\Drivers\lsi_sas.sys
File C:\Windows\system32\Drivers\lsi_scsi.sys
File C:\Windows\system32\Drivers\luafv.sys
File C:\Windows\system32\Drivers\mbam.sys
File C:\Windows\system32\Drivers\mbamswissarmy.sys
File C:\Windows\system32\Drivers\mcd.sys
File C:\Windows\system32\Drivers\megasas.sys
File C:\Windows\system32\Drivers\modem.sys
File C:\Windows\system32\Drivers\monitor.sys
File C:\Windows\system32\Drivers\mouclass.sys
File C:\Windows\system32\Drivers\mouhid.sys
File C:\Windows\system32\Drivers\mountmgr.sys
File C:\Windows\system32\Drivers\mpio.sys
File C:\Windows\system32\Drivers\mpsdrv.sys
File C:\Windows\system32\Drivers\Mraid35x.sys
File C:\Windows\system32\Drivers\mrxdav.sys
File C:\Windows\system32\Drivers\mrxsmb.sys
File C:\Windows\system32\Drivers\mrxsmb10.sys
File C:\Windows\system32\Drivers\mrxsmb20.sys
File C:\Windows\system32\Drivers\msahci.sys
File C:\Windows\system32\Drivers\msdsm.sys
File C:\Windows\system32\Drivers\msfs.sys
File C:\Windows\system32\Drivers\MsftWdf_Kernel_01007_Inbox_Critical.Wdf
File C:\Windows\system32\Drivers\Msft_User_WpdFs_01_00_00.Wdf
File C:\Windows\system32\Drivers\Msft_User_WpdMtpDr_01_00_00.Wdf
File C:\Windows\system32\Drivers\msisadrv.sys
File C:\Windows\system32\Drivers\msiscsi.sys
File C:\Windows\system32\Drivers\mskssrv.sys
File C:\Windows\system32\Drivers\mspclock.sys
File C:\Windows\system32\Drivers\mspqm.sys
File C:\Windows\system32\Drivers\msrpc.sys
File C:\Windows\system32\Drivers\mssmbios.sys
File C:\Windows\system32\Drivers\mstee.sys
File C:\Windows\system32\Drivers\mup.sys
File C:\Windows\system32\Drivers\ndis.sys
File C:\Windows\system32\Drivers\ndistapi.sys
File C:\Windows\system32\Drivers\ndisuio.sys
File C:\Windows\system32\Drivers\ndiswan.sys
File C:\Windows\system32\Drivers\ndproxy.sys
File C:\Windows\system32\Drivers\netbios.sys
File C:\Windows\system32\Drivers\netbt.sys
File C:\Windows\system32\Drivers\netio.sys
File C:\Windows\system32\Drivers\nfrd960.sys
File C:\Windows\system32\Drivers\npfs.sys
File C:\Windows\system32\Drivers\nsiproxy.sys
File C:\Windows\system32\Drivers\ntfs.sys
File C:\Windows\system32\Drivers\ntrigdigi.sys
File C:\Windows\system32\Drivers\null.sys
File C:\Windows\system32\Drivers\nvBridge.kmd
File C:\Windows\system32\Drivers\nvlddmkm.sys
File C:\Windows\system32\Drivers\nvmfdx32.sys
File C:\Windows\system32\Drivers\nvphy.bin
File C:\Windows\system32\Drivers\nvraid.sys
File C:\Windows\system32\Drivers\nvstor.sys
File C:\Windows\system32\Drivers\nvstor32.sys
File C:\Windows\system32\Drivers\NV_AGP.SYS
File C:\Windows\system32\Drivers\nwifi.sys
File C:\Windows\system32\Drivers\ohci1394.sys
File C:\Windows\system32\Drivers\pacer.sys
File C:\Windows\system32\Drivers\parport.sys
File C:\Windows\system32\Drivers\partmgr.sys
File C:\Windows\system32\Drivers\parvdm.sys
File C:\Windows\system32\Drivers\pci.sys
File C:\Windows\system32\Drivers\pciide.sys
File C:\Windows\system32\Drivers\pciidex.sys
File C:\Windows\system32\Drivers\pcmcia.sys
File C:\Windows\system32\Drivers\PEAuth.sys
File C:\Windows\system32\Drivers\portcls.sys
File C:\Windows\system32\Drivers\processr.sys
File C:\Windows\system32\Drivers\PS2.sys
File C:\Windows\system32\Drivers\ql2300.sys
File C:\Windows\system32\Drivers\ql40xx.sys
File C:\Windows\system32\Drivers\qwavedrv.sys
File C:\Windows\system32\Drivers\rasacd.sys
File C:\Windows\system32\Drivers\rasl2tp.sys
File C:\Windows\system32\Drivers\raspppoe.sys
File C:\Windows\system32\Drivers\raspptp.sys
File C:\Windows\system32\Drivers\rassstp.sys
File C:\Windows\system32\Drivers\rdbss.sys
File C:\Windows\system32\Drivers\RDPCDD.sys
File C:\Windows\system32\Drivers\rdpdr.sys
File C:\Windows\system32\Drivers\RDPENCDD.sys
File C:\Windows\system32\Drivers\rdpwd.sys
File C:\Windows\system32\Drivers\rmcast.sys
File C:\Windows\system32\Drivers\RNDISMP.sys
File C:\Windows\system32\Drivers\rootmdm.sys
File C:\Windows\system32\Drivers\rspndr.sys
File C:\Windows\system32\Drivers\RTKVHDA.sys
File C:\Windows\system32\Drivers\s115bus.sys
File C:\Windows\system32\Drivers\s115cm.sys
File C:\Windows\system32\Drivers\s115cmnt.sys
File C:\Windows\system32\Drivers\s115mdfl.sys
File C:\Windows\system32\Drivers\s115mdm.sys
File C:\Windows\system32\Drivers\s115mgmt.sys
File C:\Windows\system32\Drivers\s115obex.sys
File C:\Windows\system32\Drivers\s115wh.sys
File C:\Windows\system32\Drivers\s115whnt.sys
File C:\Windows\system32\Drivers\s116bus.sys
File C:\Windows\system32\Drivers\s116cm.sys
File C:\Windows\system32\Drivers\s116cmnt.sys
File C:\Windows\system32\Drivers\s116cr.sys
File C:\Windows\system32\Drivers\s116mdfl.sys
File C:\Windows\system32\Drivers\s116mdm.sys
File C:\Windows\system32\Drivers\s116mgmt.sys
File C:\Windows\system32\Drivers\s116nd5.sys
File C:\Windows\system32\Drivers\s116obex.sys
File C:\Windows\system32\Drivers\s116unic.sys
File C:\Windows\system32\Drivers\s116wh.sys
File C:\Windows\system32\Drivers\s116whnt.sys
File C:\Windows\system32\Drivers\s3017bus.sys
File C:\Windows\system32\Drivers\s3017cm.sys
File C:\Windows\system32\Drivers\s3017cmnt.sys
File C:\Windows\system32\Drivers\s3017cr.sys
File C:\Windows\system32\Drivers\s3017mdfl.sys
File C:\Windows\system32\Drivers\s3017mdm.sys
File C:\Windows\system32\Drivers\s3017mgmt.sys
File C:\Windows\system32\Drivers\s3017nd5.sys
File C:\Windows\system32\Drivers\s3017obex.sys
File C:\Windows\system32\Drivers\s3017unic.sys
File C:\Windows\system32\Drivers\s3017wh.sys
File C:\Windows\system32\Drivers\s3017whnt.sys
File C:\Windows\system32\Drivers\sbp2port.sys
File C:\Windows\system32\Drivers\SCMNdisP.sys
File C:\Windows\system32\Drivers\scsiport.sys
File C:\Windows\system32\Drivers\SE27bus.sys
File C:\Windows\system32\Drivers\SE27cm.sys
File C:\Windows\system32\Drivers\SE27cmnt.sys
File C:\Windows\system32\Drivers\SE27mdfl.sys
File C:\Windows\system32\Drivers\SE27mdm.sys
File C:\Windows\system32\Drivers\SE27wh.sys
File C:\Windows\system32\Drivers\SE27whnt.sys
File C:\Windows\system32\Drivers\secdrv.sys
File C:\Windows\system32\Drivers\serenum.sys
File C:\Windows\system32\Drivers\serial.sys
File C:\Windows\system32\Drivers\sermouse.sys
File C:\Windows\system32\Drivers\sffdisk.sys
File C:\Windows\system32\Drivers\sffp_mmc.sys
File C:\Windows\system32\Drivers\sffp_sd.sys
File C:\Windows\system32\Drivers\sfloppy.sys
File C:\Windows\system32\Drivers\SISAGP.SYS
File C:\Windows\system32\Drivers\sisraid2.sys
File C:\Windows\system32\Drivers\sisraid4.sys
File C:\Windows\system32\Drivers\smb.sys
File C:\Windows\system32\Drivers\smclib.sys
File C:\Windows\system32\Drivers\spldr.sys
File C:\Windows\system32\Drivers\spsys.sys
File C:\Windows\system32\Drivers\sptd.sys
File C:\Windows\system32\Drivers\srv.sys
File C:\Windows\system32\Drivers\srv2.sys
File C:\Windows\system32\Drivers\srvnet.sys
File C:\Windows\system32\Drivers\SSPORT.sys
File C:\Windows\system32\Drivers\ss_bus.sys
File C:\Windows\system32\Drivers\ss_cm.sys
File C:\Windows\system32\Drivers\ss_cmnt.sys
File C:\Windows\system32\Drivers\ss_mdfl.sys
File C:\Windows\system32\Drivers\ss_mdm.sys
File C:\Windows\system32\Drivers\ss_wh.sys
File C:\Windows\system32\Drivers\ss_whnt.sys
File C:\Windows\system32\Drivers\StarOpen.sys
File C:\Windows\system32\Drivers\Storport.sys
File C:\Windows\system32\Drivers\stream.sys
File C:\Windows\system32\Drivers\swenum.sys
File C:\Windows\system32\Drivers\symc8xx.sys
File C:\Windows\system32\Drivers\sym_hi.sys
File C:\Windows\system32\Drivers\sym_u3.sys
File C:\Windows\system32\Drivers\tape.sys
File C:\Windows\system32\Drivers\tcpip.sys
File C:\Windows\system32\Drivers\tcpipreg.sys
File C:\Windows\system32\Drivers\tdi.sys
File C:\Windows\system32\Drivers\tdpipe.sys
File C:\Windows\system32\Drivers\tdtcp.sys
File C:\Windows\system32\Drivers\tdx.sys
File C:\Windows\system32\Drivers\termdd.sys
File C:\Windows\system32\Drivers\tssecsrv.sys
File C:\Windows\system32\Drivers\TUNMP.SYS
File C:\Windows\system32\Drivers\tunnel.sys
File C:\Windows\system32\Drivers\UAGP35.SYS
File C:\Windows\system32\Drivers\udfs.sys
File C:\Windows\system32\Drivers\ULIAGPKX.SYS
File C:\Windows\system32\Drivers\uliahci.sys
File C:\Windows\system32\Drivers\ulsata.sys
File C:\Windows\system32\Drivers\ulsata2.sys
File C:\Windows\system32\Drivers\umbus.sys
File C:\Windows\system32\Drivers\UMDF
File C:\Windows\system32\Drivers\UMDF\en-US
File C:\Windows\system32\Drivers\UMDF\en-US\WpdMtpDr.dll.mui
File C:\Windows\system32\Drivers\UMDF\Msft_User_WpdFs_01_00_00.Wdf
File C:\Windows\system32\Drivers\UMDF\Msft_User_WpdMtpDr_01_00_00.Wdf
File C:\Windows\system32\Drivers\UMDF\WpdFs.dll
File C:\Windows\system32\Drivers\UMDF\WpdMtpDr.dll
File C:\Windows\system32\Drivers\umpass.sys
File C:\Windows\system32\Drivers\usb8023.sys
File C:\Windows\system32\Drivers\USBCAMD.sys
File C:\Windows\system32\Drivers\USBCAMD2.sys
File C:\Windows\system32\Drivers\usbccgp.sys
File C:\Windows\system32\Drivers\usbcir.sys
File C:\Windows\system32\Drivers\usbd.sys
File C:\Windows\system32\Drivers\usbehci.sys
File C:\Windows\system32\Drivers\usbhub.sys
File C:\Windows\system32\Drivers\usbohci.sys
File C:\Windows\system32\Drivers\usbport.sys
File C:\Windows\system32\Drivers\usbprint.sys
File C:\Windows\system32\Drivers\usbscan.sys
File C:\Windows\system32\Drivers\USBSTOR.SYS
File C:\Windows\system32\Drivers\usbuhci.sys
File C:\Windows\system32\Drivers\vga.sys
File C:\Windows\system32\Drivers\vgapnp.sys
File C:\Windows\system32\Drivers\VIAAGP.SYS
File C:\Windows\system32\Drivers\viac7.sys
File C:\Windows\system32\Drivers\viaide.sys
File C:\Windows\system32\Drivers\videoprt.sys
File C:\Windows\system32\Drivers\VNUSB.sys
File C:\Windows\system32\Drivers\volmgr.sys
File C:\Windows\system32\Drivers\volmgrx.sys
File C:\Windows\system32\Drivers\volsnap.sys
File C:\Windows\system32\Drivers\vsmraid.sys
File C:\Windows\system32\Drivers\wacompen.sys
File C:\Windows\system32\Drivers\wanarp.sys
File C:\Windows\system32\Drivers\watchdog.sys
File C:\Windows\system32\Drivers\wd.sys
File C:\Windows\system32\Drivers\Wdf01000.sys
File C:\Windows\system32\Drivers\WdfLdr.sys
File C:\Windows\system32\Drivers\wg111v2.sys
File C:\Windows\system32\Drivers\wmiacpi.sys
File C:\Windows\system32\Drivers\wmilib.sys
File C:\Windows\system32\Drivers\WpdUsb.sys
File C:\Windows\system32\Drivers\ws2ifsl.sys
File C:\Windows\system32\Drivers\WUDFPf.sys
File C:\Windows\system32\Drivers\WUDFRd.sys
Service .NET CLR Data [???]
Service .NET CLR Networking [???]
Service .NET Data Provider for Oracle [???]
Service .NET Data Provider for SqlServer [???]
Service .NETFramework [???]
Service ACPI [C:\Windows\system32\drivers\acpi.sys]
Service Adobe LM Service [C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe]
Service adp94xx [C:\Windows\system32\drivers\adp94xx.sys]
Service adpahci [C:\Windows\system32\drivers\adpahci.sys]
Service adpu160m [C:\Windows\system32\drivers\adpu160m.sys]
Service adpu320 [C:\Windows\system32\drivers\adpu320.sys]
Service adsi [???]
Service AeLookupSvc [C:\Windows\System32\aelupsvc.dll]
Service AFD [C:\Windows\system32\drivers\afd.sys]
Service agp440 [C:\Windows\system32\drivers\agp440.sys]
Service aic78xx [C:\Windows\system32\drivers\djsvs.sys]
Service ALG [C:\Windows\System32\alg.exe]
Service aliide [C:\Windows\system32\drivers\aliide.sys]
Service amdagp [C:\Windows\system32\drivers\amdagp.sys]
Service amdide [C:\Windows\system32\drivers\amdide.sys]
Service AmdK7 [C:\Windows\system32\drivers\amdk7.sys]
Service AmdK8 [C:\Windows\system32\drivers\amdk8.sys]
Service Appinfo [C:\Windows\System32\appinfo.dll]
Service arc [C:\Windows\system32\drivers\arc.sys]
Service arcsas [C:\Windows\system32\drivers\arcsas.sys]
Service aswFsBlk [C:\Windows\system32\DRIVERS\aswFsBlk.sys]
Service aswMonFlt [C:\Windows\system32\DRIVERS\aswMonFlt.sys]
Service aswRdr [C:\Windows\System32\Drivers\aswRdr.sys]
Service aswSP [C:\Windows\System32\Drivers\aswSP.sys]
Service aswTdi [C:\Windows\System32\Drivers\aswTdi.sys]
Service aswUpdSv [C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe]
Service AsyncMac [C:\Windows\system32\DRIVERS\asyncmac.sys]
Service atapi [C:\Windows\system32\drivers\atapi.sys]
Service AudioEndpointBuilder [C:\Windows\System32\Audiosrv.dll]
Service Audiosrv [C:\Windows\System32\Audiosrv.dll]
Service avast! Antivirus [C:\Program Files\Alwil Software\Avast4\ashServ.exe]
Service avast! Mail Scanner [C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe]
Service avast! Web Scanner [C:\Program Files\Alwil Software\Avast4\ashWebSv.exe]
Service BattC [???]
Service Beep [C:\Windows\System32\Drivers\Beep.sys]
Service BFE [C:\Windows\System32\bfe.dll]
Service BITS [C:\Windows\System32\qmgr.dll]
Service blbdrive [C:\Windows\system32\drivers\blbdrive.sys]
Service bowser [C:\Windows\system32\DRIVERS\bowser.sys]
Service BrFiltLo [C:\Windows\system32\drivers\brfiltlo.sys]
Service BrFiltUp [C:\Windows\system32\drivers\brfiltup.sys]
Service Browser [C:\Windows\System32\browser.dll]
Service Brserid [C:\Windows\system32\drivers\brserid.sys]
Service BrSerWdm [C:\Windows\system32\drivers\brserwdm.sys]
Service BrUsbMdm [C:\Windows\system32\drivers\brusbmdm.sys]
Service BrUsbSer [C:\Windows\system32\drivers\brusbser.sys]
Service BTHMODEM [C:\Windows\system32\drivers\bthmodem.sys]
Service cdfs [C:\Windows\system32\DRIVERS\cdfs.sys]
Service cdrom [C:\Windows\system32\DRIVERS\cdrom.sys]
Service CertPropSvc [C:\Windows\System32\certprop.dll]
Service circlass [C:\Windows\system32\drivers\circlass.sys]
Service CLFS [C:\Windows\System32\CLFS.sys]
Service clr_optimization_v2.0.50727_32 [C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe]
Service cmdide [C:\Windows\system32\drivers\cmdide.sys]
Service Compbatt [C:\Windows\system32\drivers\compbatt.sys]
Service COMSysApp [C:\Windows\system32\dllhost.exe]
Service crcdisk [C:\Windows\system32\drivers\crcdisk.sys]
Service Crusoe [C:\Windows\system32\drivers\crusoe.sys]
Service crypt32 [???]
Service CryptSvc [C:\Windows\system32\cryptsvc.dll]
Service DCLocator [???]
Service DcomLaunch [C:\Windows\system32\rpcss.dll]
Service DfsC [C:\Windows\System32\Drivers\dfsc.sys]
Service DFSR [C:\Windows\system32\DFSR.exe]
Service DgiVecp [C:\Windows\system32\Drivers\DgiVecp.sys]
Service Dhcp [C:\Windows\System32\dhcpcsvc.dll]
Service disk [C:\Windows\system32\drivers\disk.sys]
Service Dnscache [C:\Windows\System32\dnsrslvr.dll]
Service dot3svc [C:\Windows\System32\dot3svc.dll]
Service DPS [C:\Windows\system32\dps.dll]
Service drmkaud [C:\Windows\system32\drivers\drmkaud.sys]
Service DXGKrnl [C:\Windows\System32\drivers\dxgkrnl.sys]
Service E1G60 [C:\Windows\system32\DRIVERS\E1G60I32.sys]
Service EapHost [C:\Windows\System32\eapsvc.dll]
Service Ecache [C:\Windows\System32\drivers\ecache.sys]
Service ehRecvr [C:\Windows\ehome\ehRecvr.exe]
Service ehSched [C:\Windows\ehome\ehsched.exe]
Service ehstart [C:\Windows\ehome\ehstart.dll]
Service elxstor [C:\Windows\system32\drivers\elxstor.sys]
Service EmdCache [???]
Service EMDMgmt [C:\Windows\system32\emdmgmt.dll]
Service ESENT [???]
Service Eventlog [C:\Windows\System32\wevtsvc.dll]
Service EventSystem [C:\Windows\system32\es.dll]
Service exfat [C:\Windows\System32\Drivers\exfat.sys]
Service fastfat [C:\Windows\System32\Drivers\fastfat.sys]
Service fdc [C:\Windows\system32\DRIVERS\fdc.sys]
Service fdPHost [C:\Windows\system32\fdPHost.dll]
Service FDResPub [C:\Windows\system32\fdrespub.dll]
Service FileInfo [C:\Windows\system32\drivers\fileinfo.sys]
Service Filetrace [C:\Windows\system32\drivers\filetrace.sys]
Service flpydisk [C:\Windows\system32\DRIVERS\flpydisk.sys]
Service FltMgr [C:\Windows\system32\drivers\fltmgr.sys]
Service FontCache3.0.0.0 [C:\Windows\Microsoft.Net\Framework\v3.0\WPF\PresentationFontCache.exe]
Service Fs_Rec [C:\Windows\System32\Drivers\Fs_Rec.sys]
Service gagp30kx [C:\Windows\system32\drivers\gagp30kx.sys]
Service GameConsoleService [C:\Program Files\HP Games\My HP Game Console\GameConsoleService.exe]
Service gpsvc [C:\Windows\System32\gpsvc.dll]
Service HdAudAddService [C:\Windows\system32\drivers\HdAudio.sys]
Service HDAudBus [C:\Windows\system32\DRIVERS\HDAudBus.sys]
Service HidBth [C:\Windows\system32\drivers\hidbth.sys]
Service HidIr [C:\Windows\system32\drivers\hidir.sys]
Service hidserv [C:\Windows\system32\hidserv.dll]
Service HidUsb [C:\Windows\system32\drivers\hidusb.sys]
Service hkmsvc [C:\Windows\system32\kmsvc.dll]
Service HP Health Check Service [c:\Program Files\Hewlett-Packard\HP Health Check\hphc_service.exe]
Service HpCISSs [C:\Windows\system32\drivers\hpcisss.sys]
Service HTTP [C:\Windows\system32\drivers\HTTP.sys]
Service i2omp [C:\Windows\system32\drivers\i2omp.sys]
Service i8042prt [C:\Windows\system32\DRIVERS\i8042prt.sys]
Service iaStorV [C:\Windows\system32\drivers\iastorv.sys]
Service IDriverT [C:\Program Files\Common Files\InstallShield\Driver\1150\Intel 32\IDriverT.exe]
Service idsvc [C:\Windows\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe]
Service iirsp [C:\Windows\system32\drivers\iirsp.sys]
Service IKEEXT [C:\Windows\System32\ikeext.dll]
Service inetaccs [???]
Service IntcAzAudAddService [C:\Windows\system32\drivers\RTKVHDA.sys]
Service intelide [C:\Windows\system32\drivers\intelide.sys]
Service intelppm [C:\Windows\system32\DRIVERS\intelppm.sys]
Service IPBusEnum [C:\Windows\system32\ipbusenum.dll]
Service IpFilterDriver [C:\Windows\system32\DRIVERS\ipfltdrv.sys]
Service iphlpsvc [C:\Windows\System32\iphlpsvc.dll]
Service IpInIp [C:\Windows\system32\DRIVERS\ipinip.sys]
Service IPMIDRV [C:\Windows\system32\drivers\ipmidrv.sys]
Service IPNAT [C:\Windows\system32\DRIVERS\ipnat.sys]
Service IRENUM [C:\Windows\system32\drivers\irenum.sys]
Service isapnp [C:\Windows\system32\drivers\isapnp.sys]
Service iScsiPrt [C:\Windows\system32\DRIVERS\msiscsi.sys]
Service iteatapi [C:\Windows\system32\drivers\iteatapi.sys]
Service iteraid [C:\Windows\system32\drivers\iteraid.sys]
Service kbdclass [C:\Windows\system32\DRIVERS\kbdclass.sys]
Service kbdhid [C:\Windows\system32\drivers\kbdhid.sys]
Service KeyIso [C:\Windows\system32\lsass.exe]
Service KSecDD [C:\Windows\System32\Drivers\ksecdd.sys]
Service KtmRm [C:\Windows\system32\msdtckrm.dll]
Service LanmanServer [C:\Windows\system32\srvsvc.dll]
Service LanmanWorkstation [C:\Windows\System32\wkssvc.dll]
Service ldap [???]
Service lltdio [C:\Windows\system32\DRIVERS\lltdio.sys]
Service lltdsvc [C:\Windows\System32\lltdsvc.dll]
Service lmhosts [C:\Windows\System32\lmhsvc.dll]
Service Lsa [???]
Service LSI_FC [C:\Windows\system32\drivers\lsi_fc.sys]
Service LSI_SAS [C:\Windows\system32\drivers\lsi_sas.sys]
Service LSI_SCSI [C:\Windows\system32\drivers\lsi_scsi.sys]
Service luafv [C:\Windows\system32\drivers\luafv.sys]
Service Macromedia Licensing Service [C:\Program Files\Common Files\Macromedia Shared\Service\Macromedia

Licensing.exe]
Service Mcx2Svc [C:\Windows\system32\Mcx2Svc.dll]
Service megasas [C:\Windows\system32\drivers\megasas.sys]
Service Microsoft Office Groove Audit Service [C:\Program Files\Microsoft Office\Office12

\GrooveAuditService.exe]
Service MMCSS [C:\Windows\system32\mmcss.dll]
Service Modem [C:\Windows\system32\drivers\modem.sys]
Service monitor [C:\Windows\system32\DRIVERS\monitor.sys]
Service mouclass [C:\Windows\system32\DRIVERS\mouclass.sys]
Service mouhid [C:\Windows\system32\drivers\mouhid.sys]
Service MountMgr [C:\Windows\System32\drivers\mountmgr.sys]
Service mpio [C:\Windows\system32\drivers\mpio.sys]
Service mpsdrv [C:\Windows\System32\drivers\mpsdrv.sys]
Service MpsSvc [C:\Windows\system32\mpssvc.dll]
Service Mraid35x [C:\Windows\system32\drivers\mraid35x.sys]
Service MRxDAV [C:\Windows\system32\drivers\mrxdav.sys]
Service mrxsmb [C:\Windows\system32\DRIVERS\mrxsmb.sys]
Service mrxsmb10 [C:\Windows\system32\DRIVERS\mrxsmb10.sys]
Service mrxsmb20 [C:\Windows\system32\DRIVERS\mrxsmb20.sys]
Service msahci [C:\Windows\system32\drivers\msahci.sys]
Service msdsm [C:\Windows\system32\drivers\msdsm.sys]
Service MSDTC [C:\Windows\System32\msdtc.exe]
Service MSDTC Bridge 3.0.0.0 [???]
Service Msfs [C:\Windows\System32\Drivers\Msfs.sys]
Service msisadrv [C:\Windows\system32\drivers\msisadrv.sys]
Service MSiSCSI [C:\Windows\system32\iscsiexe.dll]
Service msiserver [C:\Windows\system32\msiexec]
Service MSKSSRV [C:\Windows\system32\drivers\MSKSSRV.sys]
Service MSPCLOCK [C:\Windows\system32\drivers\MSPCLOCK.sys]
Service MSPQM [C:\Windows\system32\drivers\MSPQM.sys]
Service MsRPC [C:\Windows\System32\Drivers\MsRPC.sys]
Service MSSCNTRS [???]
Service mssmbios [C:\Windows\system32\DRIVERS\mssmbios.sys]
Service MSTEE [C:\Windows\system32\drivers\MSTEE.sys]
Service Mup [C:\Windows\System32\Drivers\mup.sys]
Service napagent [C:\Windows\system32\qagentRT.dll]
Service NativeWifiP [C:\Windows\system32\DRIVERS\nwifi.sys]
Service NDIS [C:\Windows\system32\drivers\ndis.sys]
Service NdisTapi [C:\Windows\system32\DRIVERS\ndistapi.sys]
Service Ndisuio [C:\Windows\system32\DRIVERS\ndisuio.sys]
Service NdisWan [C:\Windows\system32\DRIVERS\ndiswan.sys]
Service NDProxy [C:\Windows\System32\Drivers\NDProxy.sys]
Service NetBIOS [C:\Windows\system32\DRIVERS\netbios.sys]
Service netbt [C:\Windows\System32\DRIVERS\netbt.sys]
Service Netlogon [C:\Windows\system32\lsass.exe]
Service Netman [C:\Windows\System32\netman.dll]
Service netprofm [C:\Windows\System32\netprofm.dll]
Service NetTcpPortSharing [C:\Windows\Microsoft.NET\Framework\v3.0\Windows Communication

Foundation\SMSvcHost.exe]
Service nfrd960 [C:\Windows\system32\drivers\nfrd960.sys]
Service NlaSvc [C:\Windows\System32\nlasvc.dll]
Service NMIndexingService [C:\Program Files\Common Files\Nero\Lib\NMIndexingService.exe]
Service Npfs [C:\Windows\System32\Drivers\Npfs.sys]
Service nsi [C:\Windows\system32\nsisvc.dll]
Service nsiproxy [C:\Windows\system32\drivers\nsiproxy.sys]
Service NTDS [???]
Service Ntfs [C:\Windows\System32\Drivers\Ntfs.sys]
Service ntrigdigi [C:\Windows\system32\drivers\ntrigdigi.sys]
Service Null [C:\Windows\System32\Drivers\Null.sys]
Service NVENETFD [C:\Windows\system32\DRIVERS\nvmfdx32.sys]
Service nvlddmkm [C:\Windows\system32\DRIVERS\nvlddmkm.sys]
Service nvraid [C:\Windows\system32\drivers\nvraid.sys]
Service nvstor [C:\Windows\system32\drivers\nvstor.sys]
Service nvstor32 [C:\Windows\system32\DRIVERS\nvstor32.sys]
Service nvsvc [C:\Windows\system32\nvvsvc.exe]
Service nv_agp [C:\Windows\system32\drivers\nv_agp.sys]
Service NwlnkFlt [C:\Windows\system32\DRIVERS\nwlnkflt.sys]
Service NwlnkFwd [C:\Windows\system32\DRIVERS\nwlnkfwd.sys]
Service odserv [C:\Program Files\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE]
Service ohci1394 [C:\Windows\system32\DRIVERS\ohci1394.sys]
Service ose [C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE]
Service Outlook [???]
Service p2pimsvc [C:\Windows\system32\p2psvc.dll]
Service p2psvc [C:\Windows\system32\p2psvc.dll]
Service Parport [C:\Windows\system32\drivers\parport.sys]
Service partmgr [C:\Windows\System32\drivers\partmgr.sys]
Service Parvdm [C:\Windows\system32\drivers\parvdm.sys]
Service PcaSvc [C:\Windows\System32\pcasvc.dll]
Service PcdrNdisuio [C:\Windows\system32\DRIVERS\pcdrndisuio.sys]
Service pci [C:\Windows\system32\drivers\pci.sys]
Service pciide [C:\Windows\system32\drivers\pciide.sys]
Service pcmcia [C:\Windows\system32\drivers\pcmcia.sys]
Service PEAUTH [C:\Windows\system32\drivers\peauth.sys]
Service PerfDisk [???]
Service PerfNet [???]
Service PerfOS [???]
Service PerfProc [???]
Service pla [C:\Windows\system32\pla.dll]
Service PlugPlay [C:\Windows\system32\umpnpmgr.dll]
Service PNRPAutoReg [C:\Windows\system32\p2psvc.dll]
Service PNRPsvc [C:\Windows\system32\p2psvc.dll]
Service PolicyAgent [C:\Windows\System32\ipsecsvc.dll]
Service PortProxy [???]
Service PptpMiniport [C:\Windows\system32\DRIVERS\raspptp.sys]
Service Processor [C:\Windows\system32\DRIVERS\processr.sys]
Service ProfSvc [C:\Windows\system32\profsvc.dll]
Service ProtectedStorage [C:\Windows\system32\lsass.exe]
Service Ps2 [C:\Windows\system32\DRIVERS\PS2.sys]
Service PSched [C:\Windows\system32\DRIVERS\pacer.sys]
Service ql2300 [C:\Windows\system32\drivers\ql2300.sys]
Service ql40xx [C:\Windows\system32\drivers\ql40xx.sys]
Service QWAVE [C:\Windows\system32\qwave.dll]
Service QWAVEdrv [C:\Windows\system32\drivers\qwavedrv.sys]
Service RasAcd [C:\Windows\System32\DRIVERS\rasacd.sys]
Service RasAuto [C:\Windows\System32\rasauto.dll]
Service Rasl2tp [C:\Windows\system32\DRIVERS\rasl2tp.sys]
Service RasMan [C:\Windows\System32\rasmans.dll]
Service RasPppoe [C:\Windows\system32\DRIVERS\raspppoe.sys]
Service RasSstp [C:\Windows\system32\DRIVERS\rassstp.sys]
Service rdbss [C:\Windows\system32\DRIVERS\rdbss.sys]
Service RDPCDD [C:\Windows\System32\DRIVERS\RDPCDD.sys]
Service RDPDD [???]
Service rdpdr [C:\Windows\system32\drivers\rdpdr.sys]
Service RDPENCDD [C:\Windows\system32\drivers\rdpencdd.sys]
Service RDPNP [???]
Service RDPWD [C:\Windows\System32\Drivers\RDPWD.sys]
Service RemoteAccess [C:\Windows\System32\mprdim.dll]
Service RemoteRegistry [C:\Windows\system32\regsvc.dll]
Service RpcLocator [C:\Windows\system32\locator.exe]
Service RpcSs [C:\Windows\system32\rpcss.dll]
Service rspndr [C:\Windows\system32\DRIVERS\rspndr.sys]
Service RTL8187 [C:\Windows\system32\DRIVERS\wg111v2.sys]
Service s115bus [C:\Windows\system32\DRIVERS\s115bus.sys]
Service s115mdfl [C:\Windows\system32\DRIVERS\s115mdfl.sys]
Service s115mdm [C:\Windows\system32\DRIVERS\s115mdm.sys]
Service s115mgmt [C:\Windows\system32\DRIVERS\s115mgmt.sys]
Service s115obex [C:\Windows\system32\DRIVERS\s115obex.sys]
Service s116bus [C:\Windows\system32\DRIVERS\s116bus.sys]
Service s116mdfl [C:\Windows\system32\DRIVERS\s116mdfl.sys]
Service s116mdm [C:\Windows\system32\DRIVERS\s116mdm.sys]
Service s116mgmt [C:\Windows\system32\DRIVERS\s116mgmt.sys]
Service s116nd5 [C:\Windows\system32\DRIVERS\s116nd5.sys]
Service s116obex [C:\Windows\system32\DRIVERS\s116obex.sys]
Service s116unic [C:\Windows\system32\DRIVERS\s116unic.sys]
Service s3017bus [C:\Windows\system32\DRIVERS\s3017bus.sys]
Service s3017mdfl [C:\Windows\system32\DRIVERS\s3017mdfl.sys]
Service s3017mdm [C:\Windows\system32\DRIVERS\s3017mdm.sys]
Service s3017mgmt [C:\Windows\system32\DRIVERS\s3017mgmt.sys]
Service s3017nd5 [C:\Windows\system32\DRIVERS\s3017nd5.sys]
Service s3017obex [C:\Windows\system32\DRIVERS\s3017obex.sys]
Service s3017unic [C:\Windows\system32\DRIVERS\s3017unic.sys]
Service SamSs [C:\Windows\system32\lsass.exe]
Service SASDIFSV [C:\Program Files\SUPERAntiSpyware\SASDIFSV.SYS]
Service SASENUM [C:\Program Files\SUPERAntiSpyware\SASENUM.SYS]
Service SASKUTIL [C:\Program Files\SUPERAntiSpyware\SASKUTIL.sys]
Service sbp2port [C:\Windows\system32\drivers\sbp2port.sys]
Service SBSDWSCService [???]
Service SCardSvr [C:\Windows\System32\SCardSvr.dll]
Service Schedule [C:\Windows\system32\schedsvc.dll]
Service SCMNdisP [C:\Windows\system32\DRIVERS\scmndisp.sys]
Service SCM_Service [C:\Windows\System32\WinService.exe]
Service SCPolicySvc [C:\Windows\System32\certprop.dll]
Service SDRSVC [C:\Windows\System32\SDRSVC.dll]
Service SE27bus [C:\Windows\system32\DRIVERS\SE27bus.sys]
Service SE27mdfl [C:\Windows\system32\DRIVERS\SE27mdfl.sys]
Service SE27mdm [C:\Windows\system32\DRIVERS\SE27mdm.sys]
Service secdrv [C:\Windows\System32\Drivers\secdrv.sys]
Service seclogon [C:\Windows\system32\seclogon.dll]
Service SENS [C:\Windows\System32\sens.dll]
Service Serenum [C:\Windows\system32\drivers\serenum.sys]
Service Serial [C:\Windows\system32\drivers\serial.sys]
Service sermouse [C:\Windows\system32\drivers\sermouse.sys]
Service ServiceModelEndpoint 3.0.0.0 [???]
Service ServiceModelOperation 3.0.0.0 [???]
Service ServiceModelService 3.0.0.0 [???]
Service SessionEnv [C:\Windows\system32\sessenv.dll]
Service sffdisk [C:\Windows\system32\drivers\sffdisk.sys]
Service sffp_mmc [C:\Windows\system32\drivers\sffp_mmc.sys]
Service sffp_sd [C:\Windows\system32\drivers\sffp_sd.sys]
Service sfloppy [C:\Windows\system32\drivers\sfloppy.sys]
Service SharedAccess [C:\Windows\System32\ipnathlp.dll]
Service ShellHWDetection [C:\Windows\System32\shsvcs.dll]
Service sisagp [C:\Windows\system32\drivers\sisagp.sys]
Service SiSRaid2 [C:\Windows\system32\drivers\sisraid2.sys]
Service SiSRaid4 [C:\Windows\system32\drivers\sisraid4.sys]
Service slsvc [C:\Windows\system32\SLsvc.exe]
Service SLUINotify [C:\Windows\system32\SLUINotify.dll]
Service Smb [C:\Windows\system32\DRIVERS\smb.sys]
Service SMSvcHost 3.0.0.0 [???]
Service SNMPTRAP [C:\Windows\System32\snmptrap.exe]
Service spldr [C:\Windows\System32\Drivers\spldr.sys]
Service Spooler [C:\Windows\System32\spoolsv.exe]
Service sprtsvc_O2 [C:\Program Files\O2\bin\sprtsvc.exe]
Service sptd [C:\Windows\System32\Drivers\sptd.sys]
Service srv [C:\Windows\System32\DRIVERS\srv.sys]
Service srv2 [C:\Windows\System32\DRIVERS\srv2.sys]
Service srvnet [C:\Windows\System32\DRIVERS\srvnet.sys]
Service SSDPSRV [C:\Windows\System32\ssdpsrv.dll]
Service SSPORT [C:\Windows\system32\Drivers\SSPORT.sys]
Service SstpSvc [C:\Windows\system32\sstpsvc.dll]
Service ss_bus [C:\Windows\system32\DRIVERS\ss_bus.sys]
Service ss_mdfl [C:\Windows\system32\DRIVERS\ss_mdfl.sys]
Service ss_mdm [C:\Windows\system32\DRIVERS\ss_mdm.sys]
Service StarOpen [C:\Windows\System32\Drivers\StarOpen.sys]
Service Stereo Service [C:\Program Files\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe]
Service stisvc [C:\Windows\System32\wiaservc.dll]
Service SupportSoft RemoteAssist [C:\Program Files\Common Files\Supportsoft\bin\ssrc.exe]
Service swenum [C:\Windows\system32\DRIVERS\swenum.sys]
Service swprv [C:\Windows\System32\swprv.dll]
Service Symc8xx [C:\Windows\system32\drivers\symc8xx.sys]
Service SymIM [C:\Windows\system32\DRIVERS\SymIM.sys]
Service SymIMMP [C:\Windows\system32\DRIVERS\SymIM.sys]
Service Sym_hi [C:\Windows\system32\drivers\sym_hi.sys]
Service Sym_u3 [C:\Windows\system32\drivers\sym_u3.sys]
Service SysMain [C:\Windows\system32\sysmain.dll]
Service TabletInputService [C:\Windows\System32\TabSvc.dll]
Service TapiSrv [C:\Windows\System32\tapisrv.dll]
Service TBS [C:\Windows\System32\tbssvc.dll]
Service Tcpip [C:\Windows\System32\drivers\tcpip.sys]
Service Tcpip6 [C:\Windows\system32\DRIVERS\tcpip.sys]
Service tcpipreg [C:\Windows\System32\drivers\tcpipreg.sys]
Service TDPIPE [C:\Windows\system32\drivers\tdpipe.sys]
Service TDTCP [C:\Windows\system32\drivers\tdtcp.sys]
Service tdx [C:\Windows\system32\DRIVERS\tdx.sys]
Service TermDD [C:\Windows\system32\DRIVERS\termdd.sys]
Service TermService [C:\Windows\System32\termsrv.dll]
Service Themes [C:\Windows\system32\shsvcs.dll]
Service THREADORDER [C:\Windows\system32\mmcss.dll]
Service TMPassthruMP [C:\Windows\system32\DRIVERS\TMPassthru.sys]
Service TrkWks [C:\Windows\System32\trkwks.dll]
Service TrustedInstaller [C:\Windows\servicing\TrustedInstaller.exe]
Service TSDDD [???]
Service tssecsrv [C:\Windows\System32\DRIVERS\tssecsrv.sys]
Service tunmp [C:\Windows\system32\DRIVERS\tunmp.sys]
Service tunnel [C:\Windows\system32\DRIVERS\tunnel.sys]
Service uagp35 [C:\Windows\system32\drivers\uagp35.sys]
Service udfs [C:\Windows\system32\DRIVERS\udfs.sys]
Service UGatherer [???]
Service UGTHRSVC [???]
Service UI0Detect [C:\Windows\system32\UI0Detect.exe]
Service uliagpkx [C:\Windows\system32\drivers\uliagpkx.sys]
Service uliahci [C:\Windows\system32\drivers\uliahci.sys]
Service UlSata [C:\Windows\system32\drivers\ulsata.sys]
Service ulsata2 [C:\Windows\system32\drivers\ulsata2.sys]
Service umbus [C:\Windows\system32\DRIVERS\umbus.sys]
Service upnphost [C:\Windows\System32\upnphost.dll]
Service usb [???]
Service usbccgp [C:\Windows\system32\DRIVERS\usbccgp.sys]
Service usbcir [C:\Windows\system32\drivers\usbcir.sys]
Service usbehci [C:\Windows\system32\DRIVERS\usbehci.sys]
Service usbhub [C:\Windows\system32\DRIVERS\usbhub.sys]
Service usbohci [C:\Windows\system32\DRIVERS\usbohci.sys]
Service usbprint [C:\Windows\system32\DRIVERS\usbprint.sys]
Service usbscan [C:\Windows\system32\DRIVERS\usbscan.sys]
Service USBSTOR [C:\Windows\system32\DRIVERS\USBSTOR.SYS]
Service usbuhci [C:\Windows\system32\DRIVERS\usbuhci.sys]
Service UxSms [C:\Windows\System32\uxsms.dll]
Service vds [C:\Windows\System32\vds.exe]
Service vga [C:\Windows\system32\DRIVERS\vgapnp.sys]
Service VgaSave [C:\Windows\System32\drivers\vga.sys]
Service viaagp [C:\Windows\system32\drivers\viaagp.sys]
Service ViaC7 [C:\Windows\system32\drivers\viac7.sys]
Service viaide [C:\Windows\system32\drivers\viaide.sys]
Service VNUSB [C:\Windows\system32\DRIVERS\VNUSB.sys]
Service volmgr [C:\Windows\system32\drivers\volmgr.sys]
Service volmgrx [C:\Windows\System32\drivers\volmgrx.sys]
Service volsnap [C:\Windows\system32\drivers\volsnap.sys]
Service vsmraid [C:\Windows\system32\drivers\vsmraid.sys]
Service VSS [C:\Windows\system32\vssvc.exe]
Service W32Time [C:\Windows\system32\w32time.dll]
Service W3SVC [???]
Service WacomPen [C:\Windows\system32\drivers\wacompen.sys]
Service Wanarp [C:\Windows\system32\DRIVERS\wanarp.sys]
Service Wanarpv6 [C:\Windows\system32\DRIVERS\wanarp.sys]
Service wcncsvc [C:\Windows\System32\wcncsvc.dll]
Service WcsPlugInService [C:\Windows\System32\WcsPlugInService.dll]
Service Wd [C:\Windows\system32\drivers\wd.sys]
Service Wdf01000 [C:\Windows\system32\drivers\Wdf01000.sys]
Service WdiServiceHost [C:\Windows\system32\wdi.dll]
Service WdiSystemHost [C:\Windows\system32\wdi.dll]
Service WebClient [C:\Windows\System32\webclnt.dll]
Service Wecsvc [C:\Windows\system32\wecsvc.dll]
Service wercplsupport [C:\Windows\System32\wercplsupport.dll]
Service WerSvc [C:\Windows\System32\WerSvc.dll]
Service WinDefend [C:\Program Files\Windows Defender\mpsvc.dll]
Service Windows Workflow Foundation 3.0.0.0 [???]
Service WinHttpAutoProxySvc [C:\Windows\system32\winhttp.dll]
Service Winmgmt [C:\Windows\system32\wbem\WMIsvc.dll]
Service WinRM [C:\Windows\system32\WsmSvc.dll]
Service Winsock [C:\Windows\System32\Drivers\Winsock.sys]
Service WinSock2 [???]
Service Wlansvc [C:\Windows\System32\wlansvc.dll]
Service wlidsvc [C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE]
Service WmiAcpi [C:\Windows\system32\drivers\wmiacpi.sys]
Service WmiApRpl [???]
Service wmiApSrv [C:\Windows\system32\wbem\WmiApSrv.exe]
Service WMPNetworkSvc [C:\Program Files\Windows Media Player\wmpnetwk.exe]
Service WPCSvc [C:\Windows\System32\wpcsvc.dll]
Service WPDBusEnum [C:\Windows\system32\wpdbusenum.dll]
Service WpdUsb [C:\Windows\system32\DRIVERS\wpdusb.sys]
Service ws2ifsl [C:\Windows\system32\drivers\ws2ifsl.sys]
Service wscsvc [C:\Windows\System32\wscsvc.dll]
Service WSearch [C:\Windows\system32\SearchIndexer.exe]
Service WSearchIdxPi [???]
Service wuauserv [C:\Windows\system32\wuaueng.dll]
Service WUDFRd [C:\Windows\system32\DRIVERS\WUDFRd.sys]
Service wudfsvc [C:\Windows\System32\WUDFSvc.dll]
Service xmlprov [???]
Service {155777F7-2FE9-4131-996E-AD60BA5581C0} [???]
Service {4E635BCF-E5D7-47D3-BDF3-B1F53ACB9ADB} [???]
Service {5075FFEC-2EC2-4D0D-A619-B0934754B1F2} [???]
Service {652A2E72-A716-4774-9E50-6AF21A3A3D3B} [???]
Service {A7589EC9-22CA-45FE-8763-0705315980C8} [???]
Service {F37E63FB-F486-4127-80F4-5A617D309783} [???]

Scan finished: 25 September 2009 20:54:30
Hidden files found: 0
Hidden registry items found: 0
Hidden processes found: 0
Hidden services found: 0
Hidden boot sectors


Malwarebytes' Anti-Malware 1.41
Database version: 2787
Windows 6.0.6001 Service Pack 1

26/09/2009 00:28:45
mbam-log-2009-09-26 (00-28-45).txt

Scan type: Full Scan (C:\|D:\|K:\|M:\|)
Objects scanned: 353058
Time elapsed: 1 hour(s), 11 minute(s), 20 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 0

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
(No malicious items detected)



Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 01:54:05, on 09/09/2009
Platform: Windows Vista SP1 (WinNT 6.00.1905)
MSIE: Internet Explorer v8.00 (8.00.6001.18813)
Boot mode: Normal

Running processes:
C:\Windows\system32\Dwm.exe
C:\Windows\system32\taskeng.exe
C:\Program Files\Hewlett-Packard\On-Screen OSD Indicator\OSD.exe
C:\Windows\system32\schtasks.exe
C:\Program Files\Alwil Software\Avast4\ashDisp.exe
C:\Program Files\O2\bin\sprtcmd.exe
C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe
C:\Windows\RtHDVCpl.exe
C:\Windows\System32\rundll32.exe
C:\Program Files\NETGEAR\WG111v2\WG111v2.exe
C:\Program Files\Windows Media Player\wmpnscfg.exe
C:\Windows\System32\mobsync.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\hp\kbd\kbd.exe
C:\Users\lise\Downloads\fsbl.exe
C:\Windows\explorer.exe
C:\Windows\system32\rundll32.exe
C:\Windows\system32\cmd.exe
C:\Windows\notepad.exe
C:\Windows\explorer.exe
C:\Program Files\Easy SpyRemover\EasySpyRemover.exe
C:\Windows\notepad.exe
C:\Users\lise\Downloads\removewin32induca.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Windows\system32\cmd.exe
C:\Windows\notepad.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157

#4 nimm-1033

nimm-1033
  • Topic Starter

  • Members
  • 9 posts
  • OFFLINE
  •  
  • Local time:12:49 PM

Posted 30 September 2009 - 06:08 PM

hi sorry to post again now i have lost my desktop icons and start menu my pc slowd down so much i tried to open the task manager and it took ages to open it i have a file called svchost.exe host prosess that is using 65,308k of memory for one thing, and there is lots of these with the same name but they say local,system network services, all im running is msn firefox browser and winap , please help anyone ??

i also have a file called dwm.exe now taking up 29.760 mem im not sure if this means anything but i cant get them to stop it and i cant open any other programs or tabs at the moment --- :(

#5 extremeboy

extremeboy

  • Malware Response Team
  • 12,975 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:08:49 AM

Posted 02 October 2009 - 03:27 PM

Hello.

Since it's been a while, please read the guide here: http://www.bleepingcomputer.com/forums/t/34773/preparation-guide-for-use-before-using-malware-removal-tools-and-requesting-help/

Follow the instructions number 6 and 7 to post the DDS logs and RootRepeal logs.

Post both of those in your next reply for my review please. Also, give me an update of the condition of your system.

Thanks.

~Extremeboy
Note: Please do not PM me asking for help, instead please post it in the correct forum requesting for help. Help requests via the PM system will be ignored.

If I'm helping you and I don't reply within 48 hours please feel free to send me a PM.

The help you receive here is always free but if you wish to show your appreciation, you may wish to Posted Image.

#6 nimm-1033

nimm-1033
  • Topic Starter

  • Members
  • 9 posts
  • OFFLINE
  •  
  • Local time:12:49 PM

Posted 05 October 2009 - 05:58 AM

hi thanks for your reply and your time i really appreciate it. here are the DDS logs the Root-repeal has been running for 2days now is that normal ?

sit-rep as follows
first time i tried to run the Root-repeal i had a full system crash out - before i could get the error code it was gone
so far i am on a go slow totally unable to gain email access through Firefox to hot mail or yahoo,
random Firefox disconnection - not seaming dependent on how many/few tabs i have open, also if i attempt to close and indavidual tab it just flicers and wond close right away-or at all sometimes
random system shutdowns but before i can right down the error messages on the blue screen they are gone
re ran Avast before i got your reply and it keeps saying there is a "win32:Trojan-gen in some of my files these were moved to an external hd (for safety before i realized that the whole pc may have been compromised- will any of this destroy or endanger my photos or videos that i have ? ), it also says it cant scan over 700 files as they are password protected . none of my PC files are password protected i just don't understand - i am unable to save this list of files as each time i try to my PC stops responding and it just hangs there.

also i am not sure if its relevant but if i was logged in to my catalog site it will randomly log me out and send me to the home page even if i am in the middle of doing things -
also randomly and occasionally get adult site pop ups, or emoticon pop ups when im on eBay or looking at clothing sites, - this is not regular tho



DDS (Ver_09-09-29.01) - NTFSx86
Run by lise at 15:35:57.10 on 03/10/2009
Internet Explorer: 8.0.6001.18813 BrowserJavaVersion: 1.6.0_16
Microsoft® Windows Vista™ Home Premium 6.0.6001.1.1252.44.1033.18.3070.1678 [GMT 1:00]

SP: Windows Defender *enabled* (Updated) {D68DDC3A-831F-4FAE-9E44-DA132C1ACF46}
SP: SUPERAntiSpyware *enabled* (Updated) {222A897C-5018-402e-943F-7E7AC8560DA7}

============== Running Processes ===============

C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\nvvsvc.exe
C:\Windows\system32\svchost.exe -k rpcss
C:\Windows\System32\svchost.exe -k secsvcs
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k GPSvcGroup
C:\Windows\system32\SLsvc.exe
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\svchost.exe -k NetworkService
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Windows\system32\taskeng.exe
C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\Windows\System32\WinService.exe
C:\Program Files\O2\bin\sprtsvc.exe
C:\Program Files\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
C:\Windows\system32\svchost.exe -k imgsvc
C:\Windows\System32\svchost.exe -k WerSvcGroup
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
C:\Windows\system32\SearchIndexer.exe
C:\Windows\system32\WUDFHost.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\Windows\System32\alg.exe
C:\Program Files\Windows Media Player\wmpnetwk.exe
c:\Program Files\Hewlett-Packard\HP Health Check\hphc_service.exe
C:\Windows\system32\LogonUI.exe
C:\Windows\system32\taskeng.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Windows Media Player\wmpnscfg.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Windows Live\Messenger\msnmsgr.exe
C:\Program Files\Windows Live\Contacts\wlcomm.exe
C:\Windows\system32\Macromed\Flash\FlashUtil9c.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Windows\system32\SearchProtocolHost.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Windows\system32\DllHost.exe
C:\Windows\system32\DllHost.exe
C:\Users\lise\Desktop\dds.scr
C:\Windows\system32\wbem\wmiprvse.exe

============== Pseudo HJT Report ===============

uStart Page = hxxp://co120w.col120.mail.live.com/default.aspx?wa=wsignin1.0
mURLSearchHooks: H - No File
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll
BHO: {5C255C8A-E604-49b4-9D64-90988571CECB} - No File
BHO: {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - No File
BHO: Groove GFS Browser Helper: {72853161-30c5-4d22-b7f9-0bbc1d38a37e} - c:\program files\microsoft office\office12\GrooveShellExtensions.dll
BHO: Windows Live ID Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - c:\program files\common files\microsoft shared\windows live\WindowsLiveLogin.dll
BHO: Java™ Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
TB: {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - No File
TB: DAEMON Tools Toolbar: {32099aac-c132-4136-9e9a-4e364a424e17} - c:\program files\daemon tools toolbar\DTToolbar.dll
TB: {CCC7A320-B3CA-4199-B1A6-9F516DD69829} - No File
TB: {A057A204-BACC-4D26-9990-79A187E2698E} - No File
uRun: [Power2GoExpress] NA
uRun: [msnmsgr] "c:\program files\windows live\messenger\msnmsgr.exe" /background
uRun: [ehTray.exe] c:\windows\ehome\ehTray.exe
uRun: [EPSON Stylus SX400 Series] c:\windows\system32\spool\drivers\w32x86\3\e_fatiege.exe /fu "c:\windows\temp\E_S225E.tmp" /EF "HKCU"
mRun: [OsdMaestro] "c:\program files\hewlett-packard\on-screen osd indicator\OSD.exe"
mRun: [HP Health Check Scheduler] [ProgramFilesFolder]Hewlett-Packard\HP Health Check\HPHC_Scheduler.exe
mRun: [SunJavaUpdateReg] "c:\windows\system32\jureg.exe"
mRun: [<NO NAME>]
mRun: [QuickTime Task] "c:\program files\quicktime\QTTask.exe" -atboottime
mRun: [avast!] c:\progra~1\alwils~1\avast4\ashDisp.exe
mRun: [O2] "c:\program files\o2\bin\sprtcmd.exe" /P O2
mRun: [GrooveMonitor] "c:\program files\microsoft office\office12\GrooveMonitor.exe"
mRun: [SunJavaUpdateSched] "c:\program files\java\jre6\bin\jusched.exe"
mRun: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide
mRun: [TkBellExe] "c:\program files\common files\real\update_ob\realsched.exe" -osboot
mRun: [hpsysdrv] c:\hp\support\hpsysdrv.exe
mRun: [HP Software Update] c:\program files\hp\hp software update\HPWuSchd2.exe
mRun: [Malwarebytes Anti-Malware (reboot)] "c:\program files\malwarebytes' anti-malware\mbam.exe" /runcleanupscript
StartupFolder: c:\users\lise\appdata\roaming\micros~1\windows\startm~1\programs\startup\onenot~1.lnk - c:\program files\microsoft office\office12\ONENOTEM.EXE
StartupFolder: c:\progra~2\micros~1\windows\startm~1\programs\startup\device~1.lnk - c:\program files\olympus\devicedetector\DevDtct2.exe
StartupFolder: c:\progra~2\micros~1\windows\startm~1\programs\startup\netgea~1.lnk - c:\program files\netgear\wg111v2\WG111v2.exe
mPolicies-system: EnableUIADesktopToggle = 0 (0x0)
IE: E&xport to Microsoft Excel - c:\progra~1\micros~3\office12\EXCEL.EXE/3000
IE: Open using &Advanced JPEG Compressor - c:\program files\advanced jpeg compressor\ajcieex.htm
IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - c:\progra~1\micros~3\office12\ONBttnIE.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~3\office12\REFIEBAR.DLL
Trusted Zone: o2.co.uk\*.broadband
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_16-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0016-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_16-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_16-windows-i586.cab
Handler: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - c:\program files\microsoft office\office12\GrooveSystemServices.dll
Notify: !SASWinLogon - c:\program files\superantispyware\SASWINLO.dll
SEH: Groove GFS Stub Execution Hook: {b5a7f190-dda6-4420-b3ba-52453494e6cd} - c:\program files\microsoft office\office12\GrooveShellExtensions.dll
SEH: SABShellExecuteHook Class: {5ae067d3-9afb-48e0-853a-ebb7f4a000da} - c:\program files\superantispyware\SASSEH.DLL

================= FIREFOX ===================

FF - ProfilePath - c:\users\lise\appdata\roaming\mozilla\firefox\profiles\ln00y8we.default\
FF - prefs.js: browser.startup.homepage - hxxp://www.hotukdeals.com/
FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\microsoft.net\framework\v3.5\windows presentation foundation\dotnetassistantextension\
FF - HiddenExtension: Java Console: No Registry Reference - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0016-ABCDEFFEDCBA}

============= SERVICES / DRIVERS ===============

R0 SCMNdisP;General NDIS Protocol Driver;c:\windows\system32\drivers\SCMNdisP.sys [2008-3-30 21728]
R1 aswSP;avast! Self Protection;c:\windows\system32\drivers\aswSP.sys [2009-8-28 114768]
R1 SASDIFSV;SASDIFSV;c:\program files\superantispyware\sasdifsv.sys [2009-8-5 9968]
R1 SASKUTIL;SASKUTIL;c:\program files\superantispyware\SASKUTIL.SYS [2009-8-5 74480]
R2 aswFsBlk;aswFsBlk;c:\windows\system32\drivers\aswFsBlk.sys [2009-8-28 20560]
R2 aswMonFlt;aswMonFlt;c:\windows\system32\drivers\aswMonFlt.sys [2009-8-28 53328]
R2 SCM_Service;SCM_Service;c:\windows\system32\WinService.exe [2008-3-30 180224]
R2 sprtsvc_O2;SupportSoft Sprocket Service (O2);c:\program files\o2\bin\sprtsvc.exe [2007-6-7 202280]
R2 SSPORT;SSPORT;c:\windows\system32\drivers\SSPORT.sys [2006-12-8 5120]
R2 Stereo Service;NVIDIA Stereoscopic 3D Driver Service;c:\program files\nvidia corporation\3d vision\nvSCPAPISvr.exe [2009-8-17 239648]
R2 wlidsvc;Windows Live ID Sign-in Assistant;c:\program files\common files\microsoft shared\windows live\WLIDSVC.EXE [2009-3-30 1533808]
R3 RTL8187;NETGEAR WG111v2 54Mbps Wireless USB 2.0 Adapter Vista Driver;c:\windows\system32\drivers\wg111v2.sys [2008-3-30 288768]
R3 SASENUM;SASENUM;c:\program files\superantispyware\SASENUM.SYS [2009-8-5 7408]
S3 s115bus;Sony Ericsson Device 115 driver (WDM);c:\windows\system32\drivers\s115bus.sys [2007-4-23 83208]
S3 s115mdfl;Sony Ericsson Device 115 USB WMC Modem Filter;c:\windows\system32\drivers\s115mdfl.sys [2007-4-23 15112]
S3 s115mdm;Sony Ericsson Device 115 USB WMC Modem Driver;c:\windows\system32\drivers\s115mdm.sys [2007-4-23 108680]
S3 s115mgmt;Sony Ericsson Device 115 USB WMC Device Management Drivers (WDM);c:\windows\system32\drivers\s115mgmt.sys [2007-4-23 100488]
S3 s115obex;Sony Ericsson Device 115 USB WMC OBEX Interface;c:\windows\system32\drivers\s115obex.sys [2007-4-23 98568]
S3 s3017bus;Sony Ericsson Device 3017 driver (WDM);c:\windows\system32\drivers\s3017bus.sys [2008-6-23 83880]
S3 s3017mdfl;Sony Ericsson Device 3017 USB WMC Modem Filter;c:\windows\system32\drivers\s3017mdfl.sys [2008-6-23 15016]
S3 s3017mdm;Sony Ericsson Device 3017 USB WMC Modem Driver;c:\windows\system32\drivers\s3017mdm.sys [2008-6-23 110632]
S3 s3017mgmt;Sony Ericsson Device 3017 USB WMC Device Management Drivers (WDM);c:\windows\system32\drivers\s3017mgmt.sys [2008-6-23 104616]
S3 s3017nd5;Sony Ericsson Device 3017 USB Ethernet Emulation SEMC3017 (NDIS);c:\windows\system32\drivers\s3017nd5.sys [2008-6-23 25512]
S3 s3017obex;Sony Ericsson Device 3017 USB WMC OBEX Interface;c:\windows\system32\drivers\s3017obex.sys [2008-6-23 100648]
S3 s3017unic;Sony Ericsson Device 3017 USB Ethernet Emulation SEMC3017 (WDM);c:\windows\system32\drivers\s3017unic.sys [2008-6-23 110120]

=============== Created Last 30 ================

2009-10-01 01:10 283,809,079 a------- c:\windows\MEMORY.DMP
2009-09-21 22:55 <DIR> --d----- c:\programdata\BVRP Software
2009-09-21 14:59 8,192 a------- c:\windows\system32\E_DCINST.DLL
2009-09-21 14:59 78,848 a------- c:\windows\system32\E_FD4BEGE.DLL
2009-09-21 13:59 <DIR> --d----- c:\programdata\UDL
2009-09-21 13:59 <DIR> --d----- c:\progra~2\UDL
2009-09-21 13:55 <DIR> --d----- c:\program files\ABBYY FineReader 6.0 Sprint
2009-09-21 13:51 86,528 a------- c:\windows\system32\E_FLBEGE.DLL
2009-09-21 13:51 <DIR> --d----- c:\programdata\EPSON
2009-09-21 13:51 <DIR> --d----- c:\progra~2\EPSON
2009-09-21 13:50 71,680 a------- c:\windows\system32\escwiad.dll
2009-09-21 13:50 <DIR> --d----- c:\program files\epson
2009-09-21 13:50 25 a------- c:\windows\CDE SX400DEFGIPS.ini
2009-09-12 00:48 <DIR> --d----- c:\users\lise\.housecall6.6
2009-09-12 00:45 411,368 a------- c:\windows\system32\deploytk.dll
2009-09-09 03:31 897,608 a------- c:\windows\system32\drivers\tcpip.sys
2009-09-09 03:31 104,960 a------- c:\windows\system32\netiohlp.dll
2009-09-09 03:31 27,136 a------- c:\windows\system32\NETSTAT.EXE
2009-09-09 03:31 19,968 a------- c:\windows\system32\ARP.EXE
2009-09-09 03:31 10,240 a------- c:\windows\system32\finger.exe
2009-09-09 03:31 9,728 a------- c:\windows\system32\TCPSVCS.EXE
2009-09-09 03:31 8,704 a------- c:\windows\system32\HOSTNAME.EXE
2009-09-09 03:31 17,920 a------- c:\windows\system32\ROUTE.EXE
2009-09-09 03:31 11,264 a------- c:\windows\system32\MRINFO.EXE
2009-09-09 03:31 17,920 a------- c:\windows\system32\netevent.dll
2009-09-09 03:29 2,868,224 a------- c:\windows\system32\mf.dll
2009-09-09 03:29 2,501,921 a------- c:\windows\system32\wlan.tmf
2009-09-09 03:29 293,376 a------- c:\windows\system32\wlanmsm.dll
2009-09-09 03:29 302,592 a------- c:\windows\system32\wlansec.dll
2009-09-09 03:29 127,488 a------- c:\windows\system32\L2SecHC.dll
2009-09-09 03:29 513,024 a------- c:\windows\system32\wlansvc.dll
2009-09-09 03:21 <DIR> --d----- c:\program files\NVIDIA Corporation
2009-09-09 03:20 32,784 a------- c:\programdata\nvModes.dat
2009-09-09 03:20 32,784 a------- c:\progra~2\nvModes.dat
2009-09-09 03:15 <DIR> --d----- C:\NVIDIA
2009-09-09 01:53 <DIR> --d----- c:\program files\Trend Micro
2009-09-09 01:35 2,646 a------- c:\windows\system32\tmp.reg
2009-09-03 22:38 56 a---h--- c:\programdata\ezsidmv.dat
2009-09-03 22:38 56 a---h--- c:\progra~2\ezsidmv.dat
2009-09-03 22:37 <DIR> --d----- c:\programdata\Skype

==================== Find3M ====================

2009-10-03 03:16 8,520 a------- c:\users\lise\appdata\roaming\wklnhst.dat
2009-09-21 15:00 143,360 a------- c:\windows\inf\infstor.dat
2009-09-21 15:00 86,016 a------- c:\windows\inf\infpub.dat
2009-09-21 15:00 143,360 a------- c:\windows\inf\infstrng.dat
2009-09-10 14:54 38,224 a------- c:\windows\system32\drivers\mbamswissarmy.sys
2009-09-10 14:53 19,160 a------- c:\windows\system32\drivers\mbam.sys
2009-08-31 17:36 319,456 a------- c:\windows\DIFxAPI.dll
2009-08-17 17:05 53,328 a------- c:\windows\system32\drivers\aswMonFlt.sys
2009-08-17 02:42 2,505,248 a------- c:\windows\system32\nvcpluir.dll
2009-08-17 02:42 2,173,472 a------- c:\windows\system32\nvcplui.exe
2009-08-17 02:42 1,411,616 a------- c:\windows\system32\nvsvsr.dll
2009-08-17 02:42 1,346,080 a------- c:\windows\system32\nvsvs.dll
2009-08-17 00:57 10,858,496 a------- c:\windows\system32\nvoglv32.dll
2009-08-17 00:57 9,545,152 a------- c:\windows\system32\drivers\nvlddmkm.sys
2009-08-17 00:57 7,569,920 a------- c:\windows\system32\nvd3dum.dll
2009-08-17 00:57 3,298,304 a------- c:\windows\system32\nvwgf2um.dll
2009-08-17 00:57 2,169,376 a------- c:\windows\system32\nvcuvid.dll
2009-08-17 00:57 1,985,536 a------- c:\windows\system32\nvcuda.dll
2009-08-17 00:57 1,706,528 a------- c:\windows\system32\nvcuvenc.dll
2009-08-17 00:57 1,044,992 a------- c:\windows\system32\nvapi.dll
2009-08-17 00:57 485,920 a------- c:\windows\system32\nvudisp.exe
2009-08-17 00:57 155,648 a------- c:\windows\system32\nvcod162.dll
2009-08-17 00:57 155,648 a------- c:\windows\system32\nvcod.dll
2009-08-17 00:57 4,224 a------- c:\windows\system32\drivers\nvBridge.kmd
2009-08-11 12:35 485,920 a------- c:\windows\system32\NVUNINST.EXE
2009-08-03 15:07 403,816 a------- c:\windows\system32\OGACheckControl.dll
2009-08-03 15:07 322,928 a------- c:\windows\system32\OGAAddin.dll
2009-08-03 15:07 230,768 a------- c:\windows\system32\OGAEXEC.exe
2009-07-26 16:44 48,448 a------- c:\windows\system32\sirenacm.dll
2009-07-21 22:52 915,456 a------- c:\windows\system32\wininet.dll
2009-07-21 22:47 109,056 a------- c:\windows\system32\iesysprep.dll
2009-07-21 22:47 71,680 a------- c:\windows\system32\iesetup.dll
2009-07-21 21:13 133,632 a------- c:\windows\system32\ieUnatt.exe
2009-07-17 15:35 71,680 a------- c:\windows\system32\atl.dll
2009-07-14 14:00 313,344 a------- c:\windows\system32\wmpdxm.dll
2009-07-14 13:59 4,096 a------- c:\windows\system32\dxmasf.dll
2009-07-14 13:58 7,680 a------- c:\windows\system32\spwmp.dll
2009-07-14 11:59 8,147,456 a------- c:\windows\system32\wmploc.DLL
2009-04-14 14:31 174 a--sh--- c:\program files\desktop.ini
2009-04-14 14:21 665,600 a------- c:\windows\inf\drvindex.dat
2006-11-02 13:42 287,440 a------- c:\windows\inf\perflib\0409\perfi.dat
2006-11-02 13:42 287,440 a------- c:\windows\inf\perflib\0409\perfh.dat
2006-11-02 13:42 30,674 a------- c:\windows\inf\perflib\0409\perfd.dat
2006-11-02 13:42 30,674 a------- c:\windows\inf\perflib\0409\perfc.dat
2006-11-02 10:20 287,440 a------- c:\windows\inf\perflib\0000\perfi.dat
2006-11-02 10:20 287,440 a------- c:\windows\inf\perflib\0000\perfh.dat
2006-11-02 10:20 30,674 a------- c:\windows\inf\perflib\0000\perfd.dat
2006-11-02 10:20 30,674 a------- c:\windows\inf\perflib\0000\perfc.dat
2009-06-05 10:40 16,384 a--sh--- c:\windows\serviceprofiles\localservice\appdata\local\microsoft\windows\history\history.ie5\index.dat
2009-06-05 10:40 32,768 a--sh--- c:\windows\serviceprofiles\localservice\appdata\local\microsoft\windows\temporary internet files\content.ie5\index.dat
2009-06-05 10:40 16,384 a--sh--- c:\windows\serviceprofiles\localservice\appdata\roaming\microsoft\windows\cookies\index.dat
2008-04-17 20:39 22 a--sh--- c:\windows\sminst\HPCD.sys
2008-01-16 02:38 8,192 a--sh--- c:\windows\users\default\NTUSER.DAT

============= FINISH: 15:37:52.06 ===============

Attached Files


Edited by nimm-1033, 05 October 2009 - 06:01 AM.


#7 extremeboy

extremeboy

  • Malware Response Team
  • 12,975 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:08:49 AM

Posted 05 October 2009 - 03:07 PM

Hello.

Thanks for letting me know.

Let's try GMER.


Download and Run Scan with GMER

We will use GMER to scan for rootkits.This version will download a zip file you will need to extract first. If you use this mirror, please extract the zip file to your desktop. Unzip/extract the file to its own folder. (Click here for information on how to do this if not sure. Win 2000 users click here.
  • Close any and all open programs, as this process may crash your computer.
  • Double click Posted Image or Posted Image on your desktop.
  • When you have done this, close all running programs.
    There is a small chance this application may crash your computer so save any work you have open.
  • Double-click on Gmer.exe to start the program. Right-click and select Run As Administrator... if you are using Vista
  • Allow the gmer.sys driver to load if asked.
    If it detects rootkit activity, you will receive a prompt (refer below) to run a full scan. Click NO..
    Posted Image
  • In the right panel, you will see several boxes that have been checked. Please UNCHECK the following:
    • Sections
    • IAT/EAT
    • Registry
    • Drives/Partition other than Systemdrive (typically C:\)
    • Show all (Don't miss this one!)
  • Click on Posted Image and wait for the scan to finish.
  • If you see a rootkit warning window, click OK.
  • Push Posted Image and save the logfile to your desktop.
  • Copy and Paste the contents of that file in your next post.

If GMER doesn't work in Normal Mode try running it in Safe Mode

Note: Do Not run any program while GMER is running
*Note*: Rootkit scans often produce false positives. Do NOT take any actions on "<--- ROOKIT" entries

Post the results if possible. If it doesn't work let me know what occurred.

Thanks.

~EXtremeboy
Note: Please do not PM me asking for help, instead please post it in the correct forum requesting for help. Help requests via the PM system will be ignored.

If I'm helping you and I don't reply within 48 hours please feel free to send me a PM.

The help you receive here is always free but if you wish to show your appreciation, you may wish to Posted Image.

#8 nimm-1033

nimm-1033
  • Topic Starter

  • Members
  • 9 posts
  • OFFLINE
  •  
  • Local time:12:49 PM

Posted 06 October 2009 - 04:52 PM

Hi EXtremeboy thanks for your help and time, :(

the first time i ran the program it crashed and i got blue screen but i couldn't get the error message before it went away, any how here is the log that i saved after i got it to run -

GMER 1.0.15.15125 - http://www.gmer.net
Rootkit scan 2009-10-06 22:44:17
Windows 6.0.6001 Service Pack 1
Running: izr0wwum.exe; Driver: C:\Users\lise\AppData\Local\Temp\kwldapow.sys


---- System - GMER 1.0.15 ----

INT 0x51 ? 84B8DBF8
INT 0x62 ? 84B8CBF8
INT 0x72 ? 84B8CBF8
INT 0x73 ? 870A9F00
INT 0x82 ? 84B8DBF8
INT 0x83 ? 870A9F00

---- Devices - GMER 1.0.15 ----

Device \FileSystem\Ntfs \Ntfs 84B931F8
Device \FileSystem\fastfat \FatCdrom 8859A1F8
Device \Driver\volmgr \Device\VolMgrControl 84B8F1F8
Device \Driver\sptd \Device\41412579 spyy.sys
Device \Driver\usbohci \Device\USBPDO-0 870C61F8
Device \Driver\usbehci \Device\USBPDO-1 870C71F8
Device \Driver\PCI_PNP0572 \Device\00000055 spyy.sys

AttachedDevice \Driver\tdx \Device\Tcp aswTdi.SYS (avast! TDI Filter Driver/ALWIL Software)

Device \Driver\nvstor32 \Device\00000062 84B921F8
Device \Driver\nvstor32 \Device\00000063 84B921F8
Device \Driver\USBSTOR \Device\00000070 882881F8
Device \Driver\volmgr \Device\HarddiskVolume1 84B8F1F8
Device \Driver\volmgr \Device\HarddiskVolume2 84B8F1F8
Device \Driver\cdrom \Device\CdRom0 872471F8
Device \Driver\volmgr \Device\HarddiskVolume3 84B8F1F8
Device \Driver\cdrom \Device\CdRom1 872471F8
Device \Driver\atapi \Device\Ide\IdePort0 84B911F8
Device \Driver\atapi \Device\Ide\IdePort1 84B911F8
Device \Driver\volmgr \Device\HarddiskVolume4 84B8F1F8
Device \Driver\volmgr \Device\HarddiskVolume5 84B8F1F8
Device \Driver\volmgr \Device\HarddiskVolume6 84B8F1F8
Device \Driver\volmgr \Device\HarddiskVolume7 84B8F1F8
Device \Driver\netbt \Device\NetBt_Wins_Export 882421F8
Device \Driver\Smb \Device\NetbiosSmb 882B21F8
Device \Driver\nvstor32 \Device\RaidPort0 84B921F8

AttachedDevice \Driver\tdx \Device\Udp aswTdi.SYS (avast! TDI Filter Driver/ALWIL Software)

Device \Driver\nvstor32 \Device\RaidPort1 84B921F8
Device \Driver\USBSTOR \Device\0000006a 882881F8
Device \Driver\iScsiPrt \Device\RaidPort2 871CD1F8
Device \Driver\USBSTOR \Device\0000006b 882881F8
Device \Driver\usbohci \Device\USBFDO-0 870C61F8
Device \Driver\USBSTOR \Device\0000006c 882881F8
Device \Driver\USBSTOR \Device\0000006d 882881F8
Device \Driver\usbehci \Device\USBFDO-1 870C71F8
Device \Driver\USBSTOR \Device\0000006e 882881F8
Device \Driver\USBSTOR \Device\0000006f 882881F8
Device \Driver\netbt \Device\NetBT_Tcpip_{652A2E72-A716-4774-9E50-6AF21A3A3D3B} 882421F8
Device \Driver\netbt \Device\NetBT_Tcpip_{5075FFEC-2EC2-4D0D-A619-B0934754B1F2} 882421F8
Device \Driver\avh4lp2g \Device\Scsi\avh4lp2g1 871C51F8
Device \Driver\avh4lp2g \Device\Scsi\avh4lp2g1Port5Path0Target0Lun0 871C51F8
Device \FileSystem\fastfat \Fat 8859A1F8

AttachedDevice \FileSystem\fastfat \Fat fltmgr.sys (Microsoft Filesystem Filter Manager/Microsoft Corporation)
AttachedDevice \FileSystem\fastfat \Fat fltmgr.sys (Microsoft Filesystem Filter Manager/Microsoft Corporation)

Device \FileSystem\cdfs \Cdfs 885701F8

---- EOF - GMER 1.0.15 ----

#9 extremeboy

extremeboy

  • Malware Response Team
  • 12,975 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:08:49 AM

Posted 06 October 2009 - 04:57 PM

Hello.

We'll start with Combofix.

Please visit this webpage for instructions for downloading and running ComboFix:

http://www.bleepingcomputer.com/combofix/how-to-use-combofix

* Ensure you have disabled all anti virus and anti malware programs so they do not interfere with the running of ComboFix. Refer to this page on instructions on doing so.

Please include the C:\ComboFix.txt in your next reply for further review.
Note: Please do not PM me asking for help, instead please post it in the correct forum requesting for help. Help requests via the PM system will be ignored.

If I'm helping you and I don't reply within 48 hours please feel free to send me a PM.

The help you receive here is always free but if you wish to show your appreciation, you may wish to Posted Image.

#10 nimm-1033

nimm-1033
  • Topic Starter

  • Members
  • 9 posts
  • OFFLINE
  •  
  • Local time:12:49 PM

Posted 06 October 2009 - 09:26 PM

hi again

here you go -

ComboFix 09-10-06.03 - lise 07/10/2009 3:02.1.4 - NTFSx86
Microsoft® Windows Vista™ Home Premium 6.0.6001.1.1252.44.1033.18.3070.1736 [GMT 1:00]
Running from: c:\users\lise\Desktop\ComboFix.exe
SP: Windows Defender *enabled* (Updated) {D68DDC3A-831F-4FAE-9E44-DA132C1ACF46}
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\$recycle.bin\S-1-5-21-1046387610-3232659887-153465472-500
c:\$recycle.bin\S-1-5-21-2152478756-3922319563-605102323-500
c:\$recycle.bin\S-1-5-21-2193048587-3190209422-3113932004-500
c:\windows\system32\404Fix.exe
c:\windows\system32\Agent.OMZ.Fix.exe
c:\windows\system32\dumphive.exe
c:\windows\system32\IEDFix.C.exe
c:\windows\system32\IEDFix.exe
c:\windows\system32\o4Patch.exe
c:\windows\system32\Process.exe
c:\windows\system32\SrchSTS.exe
c:\windows\system32\tmp.reg
c:\windows\system32\VACFix.exe
c:\windows\system32\VCCLSID.exe
c:\windows\system32\WS2Fix.exe
M:\autorun.inf

.
((((((((((((((((((((((((( Files Created from 2009-09-07 to 2009-10-07 )))))))))))))))))))))))))))))))
.

2009-10-07 02:10 . 2009-10-07 02:10 -------- d-----w- c:\users\lise\AppData\Local\temp
2009-10-07 02:10 . 2009-10-07 02:10 -------- d-----w- c:\users\Default\AppData\Local\temp
2009-09-21 21:55 . 2009-09-21 21:55 -------- d-----w- c:\programdata\BVRP Software
2009-09-21 13:59 . 2007-04-10 00:06 8192 ----a-w- c:\windows\system32\E_DCINST.DLL
2009-09-21 13:59 . 2007-12-07 01:01 78848 ----a-w- c:\windows\system32\E_FD4BEGE.DLL
2009-09-21 12:59 . 2009-09-21 12:59 -------- d-----w- c:\programdata\UDL
2009-09-21 12:55 . 2009-09-21 12:56 -------- d-----w- c:\program files\ABBYY FineReader 6.0 Sprint
2009-09-21 12:51 . 2007-12-07 11:08 86528 ----a-w- c:\windows\system32\E_FLBEGE.DLL
2009-09-21 12:51 . 2009-09-21 12:53 -------- d-----w- c:\programdata\EPSON
2009-09-21 12:50 . 2009-09-21 12:57 -------- d-----w- c:\program files\epson
2009-09-21 12:50 . 2007-07-12 23:00 71680 ----a-w- c:\windows\system32\escwiad.dll
2009-09-11 23:48 . 2009-09-11 23:52 -------- d-----w- c:\users\lise\.housecall6.6
2009-09-11 23:45 . 2009-09-11 23:44 411368 ----a-w- c:\windows\system32\deploytk.dll
2009-09-09 02:31 . 2009-08-14 17:07 897608 ----a-w- c:\windows\system32\drivers\tcpip.sys
2009-09-09 02:31 . 2009-08-14 16:29 104960 ----a-w- c:\windows\system32\netiohlp.dll
2009-09-09 02:31 . 2009-08-14 14:16 9728 ----a-w- c:\windows\system32\TCPSVCS.EXE
2009-09-09 02:31 . 2009-08-14 14:16 27136 ----a-w- c:\windows\system32\NETSTAT.EXE
2009-09-09 02:31 . 2009-08-14 14:16 19968 ----a-w- c:\windows\system32\ARP.EXE
2009-09-09 02:31 . 2009-08-14 14:16 8704 ----a-w- c:\windows\system32\HOSTNAME.EXE
2009-09-09 02:31 . 2009-08-14 14:16 10240 ----a-w- c:\windows\system32\finger.exe
2009-09-09 02:31 . 2009-08-14 14:16 17920 ----a-w- c:\windows\system32\ROUTE.EXE
2009-09-09 02:31 . 2009-08-14 14:16 11264 ----a-w- c:\windows\system32\MRINFO.EXE
2009-09-09 02:31 . 2009-08-14 16:29 17920 ----a-w- c:\windows\system32\netevent.dll
2009-09-09 02:29 . 2009-06-10 12:11 2868224 ----a-w- c:\windows\system32\mf.dll
2009-09-09 02:29 . 2009-07-11 19:32 293376 ----a-w- c:\windows\system32\wlanmsm.dll
2009-09-09 02:29 . 2009-07-11 19:32 302592 ----a-w- c:\windows\system32\wlansec.dll
2009-09-09 02:29 . 2009-07-11 19:29 127488 ----a-w- c:\windows\system32\L2SecHC.dll
2009-09-09 02:29 . 2009-07-11 19:32 513024 ----a-w- c:\windows\system32\wlansvc.dll
2009-09-09 02:21 . 2009-09-09 02:21 -------- d-----w- c:\program files\NVIDIA Corporation
2009-09-09 02:15 . 2009-09-09 02:15 -------- d-----w- C:\NVIDIA
2009-09-09 00:53 . 2009-09-20 13:29 -------- d-----w- c:\program files\Trend Micro
2009-09-08 23:01 . 2009-09-08 23:01 -------- d-----w- c:\users\lise\AppData\Roaming\Talkback

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-10-07 02:01 . 2009-08-23 19:38 -------- d-----w- c:\program files\SUPERAntiSpyware
2009-10-07 01:58 . 2009-10-07 02:01 318976 ----a-w- c:\windows\system32\CF4609.exe
2009-10-06 09:33 . 2008-01-16 02:20 -------- d-----w- c:\programdata\NVIDIA
2009-10-06 09:33 . 2009-09-09 02:20 32784 ----a-w- c:\programdata\nvModes.dat
2009-10-03 02:16 . 2008-04-01 21:55 8520 ----a-w- c:\users\lise\AppData\Roaming\wklnhst.dat
2009-09-21 21:52 . 2008-01-16 02:17 -------- d--h--w- c:\program files\InstallShield Installation Information
2009-09-21 13:53 . 2008-03-20 13:46 111512 ----a-w- c:\users\lise\AppData\Local\GDIPFONTCACHEV1.DAT
2009-09-21 13:00 . 2008-01-16 02:17 -------- d-----w- c:\program files\Common Files\InstallShield
2009-09-20 13:46 . 2009-05-22 22:56 -------- d-----w- c:\users\lise\AppData\Roaming\Samsung
2009-09-20 13:24 . 2009-06-29 00:19 -------- d-----w- c:\program files\Microsoft
2009-09-20 13:23 . 2008-06-06 18:44 -------- d-----w- c:\program files\MagicISO
2009-09-13 01:34 . 2009-08-23 19:48 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2009-09-11 23:43 . 2008-01-16 02:29 -------- d-----w- c:\program files\Java
2009-09-10 13:54 . 2009-08-23 19:48 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2009-09-10 13:53 . 2009-08-23 19:48 19160 ----a-w- c:\windows\system32\drivers\mbam.sys
2009-09-09 02:35 . 2008-05-01 19:25 -------- d-----w- c:\programdata\Microsoft Help
2009-09-07 19:44 . 2009-03-16 15:46 -------- d-----w- c:\users\lise\AppData\Roaming\CyberLink
2009-09-07 13:33 . 2008-01-16 02:28 -------- d---a-w- c:\program files\Common Files\LightScribe
2009-09-07 12:33 . 2009-09-03 21:37 -------- d-----w- c:\programdata\Skype
2009-09-07 09:32 . 2009-09-03 21:38 -------- d-----w- c:\users\lise\AppData\Roaming\skypePM
2009-09-03 21:38 . 2009-09-03 21:38 56 ---ha-w- c:\programdata\ezsidmv.dat
2009-08-31 21:54 . 2009-05-22 20:26 -------- d-----w- c:\program files\Samsung
2009-08-31 17:06 . 2008-01-16 02:31 -------- d-----w- c:\program files\Microsoft Works
2009-08-31 16:38 . 2008-01-16 02:05 -------- d-----w- c:\program files\Hewlett-Packard
2009-08-31 16:36 . 2008-01-16 02:17 319456 ----a-w- c:\windows\DIFxAPI.dll
2009-08-28 10:47 . 2006-11-02 11:18 -------- d-----w- c:\program files\Windows Mail
2009-08-28 10:12 . 2009-08-28 10:12 -------- d-----w- c:\program files\CCleaner
2009-08-28 10:11 . 2009-08-28 10:01 -------- d-----w- c:\program files\MSECACHE
2009-08-28 10:02 . 2009-08-28 10:02 -------- d-----w- c:\program files\Windows Installer Clean Up
2009-08-24 23:44 . 2009-05-04 23:45 -------- d-----w- c:\program files\Lavasoft
2009-08-24 23:44 . 2008-11-19 23:13 -------- d-----w- c:\programdata\Lavasoft
2009-08-24 14:39 . 2009-05-05 00:17 -------- d-----w- c:\program files\Windows Live Safety Center
2009-08-24 02:32 . 2009-08-24 02:32 -------- d-----w- c:\programdata\WindowsSearch
2009-08-23 19:48 . 2009-08-23 19:48 -------- d-----w- c:\users\lise\AppData\Roaming\Malwarebytes
2009-08-23 19:48 . 2009-08-23 19:48 -------- d-----w- c:\programdata\Malwarebytes
2009-08-23 19:39 . 2009-08-23 19:39 -------- d-----w- c:\programdata\SUPERAntiSpyware.com
2009-08-19 21:32 . 2009-07-01 16:33 54 ----a-w- c:\windows\system32\rp_stats.dat
2009-08-19 21:32 . 2009-07-01 16:33 39 ----a-w- c:\windows\system32\rp_rules.dat
2009-08-17 16:10 . 2009-08-28 09:55 1279456 ----a-w- c:\windows\system32\aswBoot.exe
2009-08-17 16:05 . 2009-08-28 09:56 114768 ----a-w- c:\windows\system32\drivers\aswSP.sys
2009-08-17 16:05 . 2009-08-28 09:56 20560 ----a-w- c:\windows\system32\drivers\aswFsBlk.sys
2009-08-17 16:05 . 2009-08-28 09:55 53328 ----a-w- c:\windows\system32\drivers\aswMonFlt.sys
2009-08-17 16:04 . 2009-08-28 09:56 51376 ----a-w- c:\windows\system32\drivers\aswTdi.sys
2009-08-17 16:04 . 2009-08-28 09:56 23152 ----a-w- c:\windows\system32\drivers\aswRdr.sys
2009-08-17 16:02 . 2009-08-28 09:56 97480 ----a-w- c:\windows\system32\AvastSS.scr
2009-08-17 01:42 . 2009-08-17 01:42 2505248 ----a-w- c:\windows\system32\nvcpluir.dll
2009-08-17 01:42 . 2009-08-17 01:42 2173472 ----a-w- c:\windows\system32\nvcplui.exe
2009-08-17 01:42 . 2009-08-17 01:42 1411616 ----a-w- c:\windows\system32\nvsvsr.dll
2009-08-17 01:42 . 2009-08-17 01:42 1346080 ----a-w- c:\windows\system32\nvsvs.dll
2009-08-16 23:57 . 2009-08-16 23:57 9545152 ----a-w- c:\windows\system32\drivers\nvlddmkm.sys
2009-08-16 23:57 . 2009-08-16 23:57 485920 ----a-w- c:\windows\system32\nvudisp.exe
2009-08-16 23:57 . 2009-08-16 23:57 4224 ----a-w- c:\windows\system32\drivers\nvBridge.kmd
2009-08-16 23:57 . 2009-08-16 23:57 3298304 ----a-w- c:\windows\system32\nvwgf2um.dll
2009-08-16 23:57 . 2009-08-16 23:57 2169376 ----a-w- c:\windows\system32\nvcuvid.dll
2009-08-16 23:57 . 2009-08-16 23:57 1985536 ----a-w- c:\windows\system32\nvcuda.dll
2009-08-16 23:57 . 2009-08-16 23:57 1706528 ----a-w- c:\windows\system32\nvcuvenc.dll
2009-08-16 23:57 . 2009-08-16 23:57 155648 ----a-w- c:\windows\system32\nvcod162.dll
2009-08-16 23:57 . 2009-08-16 23:57 155648 ----a-w- c:\windows\system32\nvcod.dll
2009-08-16 23:57 . 2009-08-16 23:57 10858496 ----a-w- c:\windows\system32\nvoglv32.dll
2009-08-16 23:57 . 2008-10-16 01:03 7569920 ----a-w- c:\windows\system32\nvd3dum.dll
2009-08-16 23:57 . 2008-01-10 18:57 1044992 ----a-w- c:\windows\system32\nvapi.dll
2009-08-11 11:35 . 2008-04-21 22:45 485920 ----a-w- c:\windows\system32\NVUNINST.EXE
2009-08-03 14:07 . 2009-08-03 14:07 403816 ----a-w- c:\windows\system32\OGACheckControl.dll
2009-08-03 14:07 . 2009-08-03 14:07 322928 ----a-w- c:\windows\system32\OGAAddin.dll
2009-08-03 14:07 . 2009-08-03 14:07 230768 ----a-w- c:\windows\system32\OGAEXEC.exe
2009-07-26 15:44 . 2009-07-26 15:44 48448 ----a-w- c:\windows\system32\sirenacm.dll
2009-07-21 21:52 . 2009-08-31 16:50 915456 ----a-w- c:\windows\system32\wininet.dll
2009-07-21 21:47 . 2009-08-31 16:49 109056 ----a-w- c:\windows\system32\iesysprep.dll
2009-07-21 21:47 . 2009-08-31 16:50 71680 ----a-w- c:\windows\system32\iesetup.dll
2009-07-21 20:13 . 2009-08-31 16:49 133632 ----a-w- c:\windows\system32\ieUnatt.exe
2009-07-21 09:43 . 2009-07-21 09:43 6791819 ----a-w- c:\users\Public\CRUNCHED.zip
2009-07-17 14:35 . 2009-08-28 10:09 71680 ----a-w- c:\windows\system32\atl.dll
2009-07-14 13:00 . 2009-08-28 10:06 313344 ----a-w- c:\windows\system32\wmpdxm.dll
2009-07-14 12:59 . 2009-08-28 10:06 4096 ----a-w- c:\windows\system32\dxmasf.dll
2009-07-14 12:58 . 2009-08-28 10:06 7680 ----a-w- c:\windows\system32\spwmp.dll
2009-07-14 10:59 . 2009-08-28 10:06 8147456 ----a-w- c:\windows\system32\wmploc.DLL
2008-04-17 19:39 . 2008-04-17 19:39 22 --sha-w- c:\windows\SMINST\HPCD.sys
2008-01-16 01:38 . 2008-01-16 01:32 8192 --sha-w- c:\windows\Users\Default\NTUSER.DAT
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Power2GoExpress"="NA" [X]
"msnmsgr"="c:\program files\Windows Live\Messenger\msnmsgr.exe" [2009-07-26 3883856]
"ehTray.exe"="c:\windows\ehome\ehTray.exe" [2008-01-19 125952]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"OsdMaestro"="c:\program files\Hewlett-Packard\On-Screen OSD Indicator\OSD.exe" [2007-02-15 118784]
"SunJavaUpdateReg"="c:\windows\system32\jureg.exe" [2007-04-07 54936]
"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2007-10-19 286720]
"avast!"="c:\progra~1\ALWILS~1\Avast4\ashDisp.exe" [2009-08-17 81000]
"O2"="c:\program files\O2\bin\sprtcmd.exe" [2008-03-28 198184]
"GrooveMonitor"="c:\program files\Microsoft Office\Office12\GrooveMonitor.exe" [2008-10-25 31072]
"SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2009-09-11 149280]
"Windows Defender"="c:\program files\Windows Defender\MSASCui.exe" [2008-01-19 1008184]
"TkBellExe"="c:\program files\Common Files\Real\Update_OB\realsched.exe" [2008-11-03 185872]
"hpsysdrv"="c:\hp\support\hpsysdrv.exe" [2007-04-18 65536]
"HP Software Update"="c:\program files\HP\HP Software Update\HPWuSchd2.exe" [2007-05-08 54840]
"Malwarebytes Anti-Malware (reboot)"="c:\program files\Malwarebytes' Anti-Malware\mbam.exe" [2009-09-10 1312080]

c:\users\lise\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
OneNote 2007 Screen Clipper and Launcher.lnk - c:\program files\Microsoft Office\Office12\ONENOTEM.EXE [2008-10-25 98696]

c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
Device Detector 3.lnk - c:\program files\Olympus\DeviceDetector\DevDtct2.exe [2009-8-5 118784]
NETGEAR WG111v2 Smart Wizard.lnk - c:\program files\NETGEAR\WG111v2\WG111v2.exe [2008-3-30 1261568]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableUIADesktopToggle"= 0 (0x0)

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WinDefend]
@="Service"

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
"DisableMonitoring"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\FirewallRules]
"{71B5599F-D288-4639-89A0-C6F5783AB1D9}"= c:\program files\Cyberlink\PowerDirector\PDR.EXE:CyberLink PowerDirector
"{51A1F9AE-792B-4890-9D35-15E738BE681D}"= UDP:12440:BitComet 12440 TCP
"{8E2229A0-5384-4A07-818F-1F4374C891CE}"= TCP:12440:BitComet 12440 UDP
"TCP Query User{F610FD6E-308F-4503-9F2F-71CA097488CE}c:\\program files\\bitcomet\\bitcomet.exe"= UDP:c:\program files\bitcomet\bitcomet.exe:BitComet - a BitTorrent Client
"UDP Query User{4D1C4BDE-F022-444B-9326-7602E86E0F63}c:\\program files\\bitcomet\\bitcomet.exe"= TCP:c:\program files\bitcomet\bitcomet.exe:BitComet - a BitTorrent Client
"{21CC7D69-A224-4257-9E6B-8F0A05856A31}"= TCP:6004|c:\program files\Microsoft Office\Office12\outlook.exe:Microsoft Office Outlook
"{35A0A9AB-0B3B-48C9-BBAD-C10463527840}"= UDP:c:\program files\Microsoft Office\Office12\GROOVE.EXE:Microsoft Office Groove
"{A5031908-4B7E-4E0E-9A1B-1461F06C27F2}"= TCP:c:\program files\Microsoft Office\Office12\GROOVE.EXE:Microsoft Office Groove
"{522E75E8-41A3-47BF-8BBE-B332822403F6}"= UDP:c:\program files\Microsoft Office\Office12\ONENOTE.EXE:Microsoft Office OneNote
"{F5292BD0-424F-456E-A078-93AF0B5F3587}"= TCP:c:\program files\Microsoft Office\Office12\ONENOTE.EXE:Microsoft Office OneNote
"TCP Query User{8F281344-9DDE-4383-99D8-DF1B444E7B26}c:\\program files\\internet explorer\\iexplore.exe"= UDP:c:\program files\internet explorer\iexplore.exe:Internet Explorer
"UDP Query User{66410F4B-A9F7-4A82-B6FB-B7C725F1973E}c:\\program files\\internet explorer\\iexplore.exe"= TCP:c:\program files\internet explorer\iexplore.exe:Internet Explorer
"TCP Query User{CA6D898D-9620-4B0D-81C4-C63FF9F0FA10}c:\\program files\\videolan\\vlc\\vlc.exe"= UDP:c:\program files\videolan\vlc\vlc.exe:VLC media player
"UDP Query User{E5F4C487-D60E-4FEA-B16B-FB4D1D4C06A6}c:\\program files\\videolan\\vlc\\vlc.exe"= TCP:c:\program files\videolan\vlc\vlc.exe:VLC media player
"{2B9F2243-EC8A-4F0B-B87F-F81E1EB96121}"= UDP:c:\program files\Sony Ericsson\Sony Ericsson Media Manager\MediaManager.exe:Sony Ericsson Media Manager 1.1
"{3002A7E3-3A72-45B1-B794-21C528167273}"= TCP:c:\program files\Sony Ericsson\Sony Ericsson Media Manager\MediaManager.exe:Sony Ericsson Media Manager 1.1
"TCP Query User{34BE562F-84DB-4DF6-A4CD-79DB5E719DC6}c:\\program files\\sony ericsson\\update service\\update service.exe"= UDP:c:\program files\sony ericsson\update service\update service.exe:Update Service
"UDP Query User{630FF08E-1AFC-45F0-B82D-309E722E7DC7}c:\\program files\\sony ericsson\\update service\\update service.exe"= TCP:c:\program files\sony ericsson\update service\update service.exe:Update Service
"{3D54BECC-F191-4D0A-9C6B-0A21D0A1C534}"= UDP:c:\users\lise\AppData\Local\Temp\RarSFX0\HIW\recover.exe:Thomson Recovery Tool
"{86AC4AE4-7BA7-4263-9861-0FFAC8B1D2C5}"= TCP:c:\users\lise\AppData\Local\Temp\RarSFX0\HIW\recover.exe:Thomson Recovery Tool
"{006899C1-66CD-4D53-AFB6-DF3786FBEFE1}"= UDP:c:\program files\O2\bin\wificfg.exe:sprtcmd.exe
"{1E8DBBF9-F3EB-4C10-AA11-704943243F1F}"= TCP:c:\program files\O2\bin\wificfg.exe:sprtcmd.exe
"{00C4419C-1631-4D6C-A078-72C781FAE7B5}"= UDP:c:\program files\O2\agent\bin\bcont.exe:bcont.exe
"{B8D44B83-824C-4CA6-9363-309F789A3B84}"= TCP:c:\program files\O2\agent\bin\bcont.exe:bcont.exe
"{618F2915-BC2F-4507-B899-86AA84FD751F}"= UDP:c:\program files\Common Files\SupportSoft\bin\ssrc.exe:ssrc.exe
"{0F27C653-92F8-441E-B61F-C49D1E1D3009}"= TCP:c:\program files\Common Files\SupportSoft\bin\ssrc.exe:ssrc.exe
"{C81C322B-1126-4B72-993C-B78F6904F2DB}"= UDP:c:\program files\O2\agent\bin\bcont_nm.exe:bcont_nm.exe
"{8E5243E3-4509-4B8D-97AF-0BE98B223825}"= TCP:c:\program files\O2\agent\bin\bcont_nm.exe:bcont_nm.exe
"TCP Query User{8D143C06-BB89-4D09-90E6-B01B65F0BF59}c:\\program files\\bitcomet\\bitcomet.exe"= UDP:c:\program files\bitcomet\bitcomet.exe:BitComet - a BitTorrent Client
"UDP Query User{D812827C-E07B-47FE-9476-8220C123B207}c:\\program files\\bitcomet\\bitcomet.exe"= TCP:c:\program files\bitcomet\bitcomet.exe:BitComet - a BitTorrent Client

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\StandardProfile]
"EnableFirewall"= 0 (0x0)

R0 SCMNdisP;General NDIS Protocol Driver;c:\windows\System32\drivers\SCMNdisP.sys [30/03/2008 19:02 21728]
R1 aswSP;avast! Self Protection;c:\windows\System32\drivers\aswSP.sys [28/08/2009 10:56 114768]
R2 aswFsBlk;aswFsBlk;c:\windows\System32\drivers\aswFsBlk.sys [28/08/2009 10:56 20560]
R2 aswMonFlt;aswMonFlt;c:\windows\System32\drivers\aswMonFlt.sys [28/08/2009 10:55 53328]
R2 SCM_Service;SCM_Service;c:\windows\System32\WinService.exe [30/03/2008 19:02 180224]
R2 sprtsvc_O2;SupportSoft Sprocket Service (O2);c:\program files\O2\bin\sprtsvc.exe [07/06/2007 16:19 202280]
R2 SSPORT;SSPORT;c:\windows\System32\drivers\SSPORT.sys [08/12/2006 08:05 5120]
R2 Stereo Service;NVIDIA Stereoscopic 3D Driver Service;c:\program files\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe [17/08/2009 01:32 239648]
R3 RTL8187;NETGEAR WG111v2 54Mbps Wireless USB 2.0 Adapter Vista Driver;c:\windows\System32\drivers\wg111v2.sys [30/03/2008 19:02 288768]
S2 wlidsvc;Windows Live ID Sign-in Assistant;c:\program files\Common Files\microsoft shared\Windows Live\WLIDSVC.EXE [30/03/2009 16:28 1533808]
S3 s115bus;Sony Ericsson Device 115 driver (WDM);c:\windows\System32\drivers\s115bus.sys [23/04/2007 14:54 83208]
S3 s115mdfl;Sony Ericsson Device 115 USB WMC Modem Filter;c:\windows\System32\drivers\s115mdfl.sys [23/04/2007 14:54 15112]
S3 s115mdm;Sony Ericsson Device 115 USB WMC Modem Driver;c:\windows\System32\drivers\s115mdm.sys [23/04/2007 14:54 108680]
S3 s115mgmt;Sony Ericsson Device 115 USB WMC Device Management Drivers (WDM);c:\windows\System32\drivers\s115mgmt.sys [23/04/2007 14:54 100488]
S3 s115obex;Sony Ericsson Device 115 USB WMC OBEX Interface;c:\windows\System32\drivers\s115obex.sys [23/04/2007 14:54 98568]
S3 s3017bus;Sony Ericsson Device 3017 driver (WDM);c:\windows\System32\drivers\s3017bus.sys [23/06/2008 23:47 83880]
S3 s3017mdfl;Sony Ericsson Device 3017 USB WMC Modem Filter;c:\windows\System32\drivers\s3017mdfl.sys [23/06/2008 23:47 15016]
S3 s3017mdm;Sony Ericsson Device 3017 USB WMC Modem Driver;c:\windows\System32\drivers\s3017mdm.sys [23/06/2008 23:47 110632]
S3 s3017mgmt;Sony Ericsson Device 3017 USB WMC Device Management Drivers (WDM);c:\windows\System32\drivers\s3017mgmt.sys [23/06/2008 23:47 104616]
S3 s3017nd5;Sony Ericsson Device 3017 USB Ethernet Emulation SEMC3017 (NDIS);c:\windows\System32\drivers\s3017nd5.sys [23/06/2008 23:47 25512]
S3 s3017obex;Sony Ericsson Device 3017 USB WMC OBEX Interface;c:\windows\System32\drivers\s3017obex.sys [23/06/2008 23:47 100648]
S3 s3017unic;Sony Ericsson Device 3017 USB Ethernet Emulation SEMC3017 (WDM);c:\windows\System32\drivers\s3017unic.sys [23/06/2008 23:47 110120]

--- Other Services/Drivers In Memory ---

*Deregistered* - kwldapow
*Deregistered* - SASDIFSV

[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\>{60B49E34-C7CC-11D0-8953-00A0C90347FF}]
"c:\windows\System32\rundll32.exe" "c:\windows\System32\iedkcs32.dll",BrandIEActiveSetup SIGNUP
.
Contents of the 'Scheduled Tasks' folder
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://co120w.col120.mail.live.com/default.aspx?wa=wsignin1.0
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~3\Office12\EXCEL.EXE/3000
IE: Open using &Advanced JPEG Compressor - c:\program files\Advanced JPEG Compressor\ajcieex.htm
Trusted Zone: o2.co.uk\*.broadband
FF - ProfilePath - c:\users\lise\AppData\Roaming\Mozilla\Firefox\Profiles\ln00y8we.default\
FF - prefs.js: browser.startup.homepage - hxxp://www.hotukdeals.com/
FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\
.
- - - - ORPHANS REMOVED - - - -

Toolbar-{CCC7A320-B3CA-4199-B1A6-9F516DD69829} - (no file)
WebBrowser-{CCC7A320-B3CA-4199-B1A6-9F516DD69829} - (no file)
HKLM-Run-HP Health Check Scheduler - [ProgramFilesFolder]Hewlett-Packard\HP Health Check\HPHC_Scheduler.exe



**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-10-07 03:10
Windows 6.0.6001 Service Pack 1 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
--------------------- LOCKED REGISTRY KEYS ---------------------

[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000

[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000

[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0002\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000

[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0003\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000

[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0004\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000

[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0005\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000

[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0006\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000

[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0007\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000

[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0008\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000

[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0009\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000

[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0010\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
Completion time: 2009-10-07 3:12
ComboFix-quarantined-files.txt 2009-10-07 02:12

Pre-Run: 101,236,957,184 bytes free
Post-Run: 103,294,464,000 bytes free

327 --- E O F --- 2009-09-09 02:42

#11 extremeboy

extremeboy

  • Malware Response Team
  • 12,975 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:08:49 AM

Posted 07 October 2009 - 03:05 PM

Hello.

That looks pretty good.

Please continue with the following...

Download and Run FlashDisinfector
  • Please download Flash_Disinfector.exe by sUBs and save it to your desktop.
  • Double-click Flash_Disinfector.exe to run it and follow any prompts that may appear.
  • The utility may ask you to insert your flash drive and/or other removable drives including your mobile phone. Please do so and allow the utility to clean up those drives as well.
  • Wait until it has finished scanning and then exit the program.
  • Reboot your computer when done.
Note: Flash_Disinfector will create a hidden file named autorun.inf in each partition and every USB drive plugged in when you ran it. Don't delete this folder. It will help protect your drives from future infection.

Download and run MalwareBytes Anti-Malware

Please download Malwarebytes Anti-Malware and save it to your desktop.
alternate download link 1
  • Make sure you are connected to the Internet.
  • Double-click on Download_mbam-setup.exe to install the application.
  • When the installation begins, follow the prompts and do not make any changes to default settings.
  • When installation has finished, make sure you leave both of these checked:
    • Update Malwarebytes' Anti-Malware
    • Launch Malwarebytes' Anti-Malware
  • Then click Finish.
  • MBAM will automatically start and you will be asked to update the program before performing a scan. If an update is found, the program will automatically update itself. Press the OK button to close that box and continue. If you encounter any problems while downloading the updates, manually download them from here and just double-click on mbam-rules.exe to install.
  • On the Scanner tab:
    • Make sure the "Perform Quick Scan" option is selected.
    • Then click on the Scan button.
  • If asked to select the drives to scan, leave all the drives selected and click on the Start Scan button.
  • The scan will begin and "Scan in progress" will show at the top. It may take some time to complete so please be patient.
  • When the scan is finished, a message box will say "The scan completed successfully. Click 'Show Results' to display all objects found".
  • Click OK to close the message box and continue with the removal process.
  • Back at the main Scanner screen, click on the Show Results button to see a list of any malware that was found.
  • Make sure that everything is checked, and click Remove Selected.
  • When removal is completed, a log report will open in Notepad and you may be prompted to restart your computer. (see Note below)
  • The log is automatically saved and can be viewed by clicking the Logs tab in MBAM.
  • Copy and paste the contents of that report in your next reply and exit MBAM.
Note: If MBAM encounters a file that is difficult to remove, you will be presented with 1 of 2 prompts. Click OK to either and let MBAM proceed with the disinfection process. If asked to restart the computer, please do so immediately. Failure to reboot will prevent MBAM from removing all the malware.

For complete or visual instructions on installing and running Malwarebytes Anti-Malware please read this link

Download and run OTL
  • Download OTL by OldTimer and save it to your desktop.
  • Double click on the Posted Image icon on your desktop. If you are using Vista, please right-click and select run as administrator
  • Click the "Scan All Users" checkbox.
  • Push the Posted Image button.
  • It will now begin to scan, please be paitent while it scans.
  • Two reports will open once it's done.
  • Please copy and paste them in your next reply:
  • OTL.txt <-- Will be opened
  • Extras.txt <-- Will be minimized

How's your system running now? Better?

With Regards,
Extremeboy
Note: Please do not PM me asking for help, instead please post it in the correct forum requesting for help. Help requests via the PM system will be ignored.

If I'm helping you and I don't reply within 48 hours please feel free to send me a PM.

The help you receive here is always free but if you wish to show your appreciation, you may wish to Posted Image.

#12 nimm-1033

nimm-1033
  • Topic Starter

  • Members
  • 9 posts
  • OFFLINE
  •  
  • Local time:12:49 PM

Posted 07 October 2009 - 09:01 PM

Hi Extremeboy you are a PC Ninja !

Sit rep

so far i have only had Firefox hang on me once and explorer crashed out on start up(different times),
as i type the text seems to have lag between what i type and whta comes up on screen
have you ever seen/herd of avast giving a red pop up saying that your trial period is coming to an end and to click to resolve the problem? it pops up in the bottom right corner of the desk top after boot up for a few minuets at a time-- i haven't clicked it but i thought id ask you it just in case-
have also randomly lost sound - cheeked the speakers are plugged in etc.
still cannot access hotmail through firefox i get this every time

= Error symbol The Windows Live Network is unavailable from this site for one of the following reasons:


* This site may be experiencing a problem
* The site may not be a member of the Windows Live Network

You can:

* You can sign in or sign up at other sites on the Windows Live Network, or try again later at this site.

Q

is there any chance that this could have passed onto my external hard drives as i had been backing up my photos videos etc because i thought the PC was shot.? can any of this stuff destroy or damage my photos ? i really do appreciate your time and help thanks so very much. :(
Lise

here are the logs form to night -

Malwarebytes' Anti-Malware 1.41
Database version: 2922
Windows 6.0.6001 Service Pack 1

08/10/2009 02:34:27
mbam-log-2009-10-08 (02-34-27).txt

Scan type: Quick Scan
Objects scanned: 92922
Time elapsed: 4 minute(s), 16 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 0

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
(No malicious items detected)




OTL logfile created on: 08/10/2009 02:37:34 - Run 1
OTL by OldTimer - Version 3.0.18.4 Folder = C:\Users\lise\Downloads
Windows Vista Home Premium Edition Service Pack 1 (Version = 6.0.6001) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18813)
Locale: 00000809 | Country: United Kingdom | Language: ENG | Date Format: dd/MM/yyyy

2.00 Gb Total Physical Memory | 1.57 Gb Available Physical Memory | 78.68% Memory free
4.00 Gb Paging File | 4.00 Gb Available in Paging File | 100.00% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 287.82 Gb Total Space | 95.66 Gb Free Space | 33.24% Space Free | Partition Type: NTFS
Drive D: | 10.27 Gb Total Space | 1.01 Gb Free Space | 9.86% Space Free | Partition Type: NTFS
Drive E: | 277.74 Mb Total Space | 0.00 Mb Free Space | 0.00% Space Free | Partition Type: CDFS
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded
Drive K: | 465.65 Gb Total Space | 419.95 Gb Free Space | 90.19% Space Free | Partition Type: FAT32
Drive M: | 465.65 Gb Total Space | 381.16 Gb Free Space | 81.86% Space Free | Partition Type: FAT32

Computer Name: LISE-PC
Current User Name: lise
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: All users
Company Name Whitelist: Off
Skip Microsoft Files: Off
File Age = 30 Days
Output = Standard

========== Processes (SafeList) ==========

PRC - [2009/08/17 02:41:48 | 00,215,584 | ---- | M] (NVIDIA Corporation) -- C:\Windows\System32\nvvsvc.exe
PRC - [2009/08/17 02:41:48 | 00,215,584 | ---- | M] (NVIDIA Corporation) -- C:\Windows\System32\nvvsvc.exe
PRC - [2009/08/17 16:58:55 | 00,018,752 | ---- | M] (ALWIL Software) -- C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
PRC - [2009/08/17 17:07:17 | 00,138,680 | ---- | M] (ALWIL Software) -- C:\Program Files\Alwil Software\Avast4\ashServ.exe
PRC - [2008/10/29 07:29:41 | 02,927,104 | ---- | M] (Microsoft Corporation) -- C:\Windows\Explorer.EXE
PRC - [2007/02/15 12:59:00 | 00,118,784 | ---- | M] (OsdMaestro) -- C:\Program Files\Hewlett-Packard\On-Screen OSD Indicator\OSD.exe
PRC - [2008/01/19 08:33:27 | 00,151,552 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\schtasks.exe
PRC - [2009/08/17 17:07:23 | 00,081,000 | ---- | M] (ALWIL Software) -- C:\Program Files\Alwil Software\Avast4\ashDisp.exe
PRC - [2008/03/28 22:47:46 | 00,198,184 | ---- | M] (SupportSoft, Inc.) -- C:\Program Files\O2\bin\sprtcmd.exe
PRC - [2008/10/25 11:44:34 | 00,031,072 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe
PRC - [2009/09/12 00:44:12 | 00,149,280 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\Java\jre6\bin\jusched.exe
PRC - [2008/11/03 22:16:58 | 00,185,872 | ---- | M] (RealNetworks, Inc.) -- C:\Program Files\Common Files\Real\Update_OB\realsched.exe
PRC - [2007/04/18 16:01:34 | 00,065,536 | ---- | M] (Hewlett-Packard Company) -- C:\hp\support\hpsysdrv.exe
PRC - [2007/05/08 16:24:20 | 00,054,840 | ---- | M] (Hewlett-Packard) -- C:\Program Files\HP\HP Software Update\hpwuSchd2.exe
PRC - [2009/07/26 16:44:34 | 03,883,856 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Windows Live\Messenger\msnmsgr.exe
PRC - [2008/01/19 08:33:09 | 00,125,952 | ---- | M] (Microsoft Corporation) -- C:\Windows\ehome\ehtray.exe
PRC - [2007/02/22 18:32:12 | 00,118,784 | ---- | M] (OLYMPUS IMAGING CORP.) -- C:\Program Files\Olympus\DeviceDetector\DevDtct2.exe
PRC - [2008/01/19 08:33:09 | 00,037,376 | ---- | M] (Microsoft Corporation) -- C:\Windows\ehome\ehmsas.exe
PRC - [2007/09/13 16:35:08 | 01,261,568 | ---- | M] () -- C:\Program Files\NETGEAR\WG111v2\WG111v2.exe
PRC - [2009/02/06 17:07:48 | 00,027,512 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Windows Live\Contacts\wlcomm.exe
PRC - [2007/07/17 15:48:16 | 00,180,224 | ---- | M] () -- C:\Windows\System32\WinService.exe
PRC - [2007/06/07 16:19:40 | 00,202,280 | R--- | M] (SupportSoft, Inc.) -- C:\Program Files\O2\bin\sprtsvc.exe
PRC - [2009/08/17 01:32:00 | 00,239,648 | ---- | M] (NVIDIA Corporation) -- C:\Program Files\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
PRC - [2009/03/30 16:28:36 | 01,533,808 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
PRC - [2008/01/19 08:33:40 | 00,142,336 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\WUDFHost.exe
PRC - [2009/03/30 16:28:36 | 00,183,152 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
PRC - [2009/08/17 17:04:21 | 00,352,920 | ---- | M] (ALWIL Software) -- C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
PRC - [2008/01/19 08:33:15 | 00,095,744 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\mobsync.exe
PRC - [2008/01/19 08:33:39 | 00,202,240 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Windows Media Player\wmpnscfg.exe
PRC - [2008/01/19 08:33:39 | 00,896,512 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Windows Media Player\wmpnetwk.exe
PRC - [2009/07/30 12:26:38 | 00,908,280 | ---- | M] (Mozilla Corporation) -- C:\Program Files\Mozilla Firefox\firefox.exe
PRC - [2007/09/20 02:30:52 | 00,065,536 | ---- | M] (Hewlett-Packard) -- c:\Program Files\Hewlett-Packard\HP Health Check\hphc_service.exe
PRC - [2009/09/10 14:53:56 | 01,312,080 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe
PRC - [2009/10/08 02:35:45 | 00,520,704 | ---- | M] (OldTimer Tools) -- C:\Users\lise\Downloads\OTL.exe

========== Win32 Services (SafeList) ==========

SRV - [2008/03/30 20:19:36 | 00,072,704 | ---- | M] (Adobe Systems) -- C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe -- (Adobe LM Service [On_Demand | Stopped])
SRV - [2009/08/17 16:58:55 | 00,018,752 | ---- | M] (ALWIL Software) -- C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe -- (aswUpdSv [Auto | Running])
SRV - [2009/08/17 17:07:17 | 00,138,680 | ---- | M] (ALWIL Software) -- C:\Program Files\Alwil Software\Avast4\ashServ.exe -- (avast! Antivirus [Auto | Running])
SRV - [2009/08/17 17:07:01 | 00,254,040 | ---- | M] (ALWIL Software) -- C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe -- (avast! Mail Scanner [On_Demand | Stopped])
SRV - [2009/08/17 17:04:21 | 00,352,920 | ---- | M] (ALWIL Software) -- C:\Program Files\Alwil Software\Avast4\ashWebSv.exe -- (avast! Web Scanner [On_Demand | Running])
SRV - [2008/07/27 19:00:25 | 00,069,632 | ---- | M] (Microsoft Corporation) -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32 [On_Demand | Stopped])
SRV - [2008/01/19 08:33:09 | 00,292,352 | ---- | M] (Microsoft Corporation) -- C:\Windows\ehome\ehRecvr.exe -- (ehRecvr [On_Demand | Stopped])
SRV - [2006/11/02 13:35:29 | 00,131,072 | ---- | M] (Microsoft Corporation) -- C:\Windows\ehome\ehsched.exe -- (ehSched [On_Demand | Stopped])
SRV - [2006/11/02 13:35:29 | 00,013,312 | ---- | M] (Microsoft Corporation) -- C:\Windows\ehome\ehstart.dll -- (ehstart [Auto | Stopped])
SRV - [2008/01/19 08:36:53 | 01,013,760 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\wevtsvc.dll -- (Eventlog [Auto | Running])
SRV - [2008/06/20 02:18:04 | 00,046,104 | ---- | M] (Microsoft Corporation) -- C:\Windows\Microsoft.Net\Framework\v3.0\WPF\PresentationFontCache.exe -- (FontCache3.0.0.0 [On_Demand | Stopped])
SRV - [2007/07/24 00:33:06 | 00,181,800 | ---- | M] (WildTangent, Inc.) -- C:\Program Files\HP Games\My HP Game Console\GameConsoleService.exe -- (GameConsoleService [On_Demand | Stopped])
SRV - [2007/09/20 02:30:52 | 00,065,536 | ---- | M] (Hewlett-Packard) -- c:\Program Files\Hewlett-Packard\HP Health Check\hphc_service.exe -- (HP Health Check Service [Auto | Running])
SRV - [2005/11/14 02:06:04 | 00,069,632 | ---- | M] (Macrovision Corporation) -- C:\Program Files\Common Files\InstallShield\Driver\1150\Intel 32\IDriverT.exe -- (IDriverT [On_Demand | Stopped])
SRV - [2008/06/20 02:17:49 | 00,881,664 | ---- | M] (Microsoft Corporation) -- C:\Windows\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe -- (idsvc [Unknown | Stopped])
SRV - [2008/04/03 15:15:34 | 00,068,096 | ---- | M] () -- C:\Program Files\Common Files\Macromedia Shared\Service\Macromedia Licensing.exe -- (Macromedia Licensing Service [On_Demand | Stopped])
SRV - [2008/10/25 11:44:08 | 00,065,888 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Microsoft Office\Office12\GrooveAuditService.exe -- (Microsoft Office Groove Audit Service [On_Demand | Stopped])
SRV - [2008/06/20 02:17:50 | 00,132,096 | ---- | M] (Microsoft Corporation) -- C:\Windows\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe -- (NetTcpPortSharing [Disabled | Stopped])
SRV - [2008/02/28 17:07:48 | 00,529,704 | ---- | M] (Nero AG) -- C:\Program Files\Common Files\Nero\Lib\NMIndexingService.exe -- (NMIndexingService [On_Demand | Stopped])
SRV - [2009/08/17 02:41:48 | 00,215,584 | ---- | M] (NVIDIA Corporation) -- C:\Windows\System32\nvvsvc.exe -- (nvsvc [Auto | Running])
SRV - [2008/11/04 01:06:28 | 00,441,712 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE -- (odserv [On_Demand | Stopped])
SRV - [2006/10/26 14:03:08 | 00,145,184 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE -- (ose [On_Demand | Stopped])
SRV - [2007/07/17 15:48:16 | 00,180,224 | ---- | M] () -- C:\Windows\System32\WinService.exe -- (SCM_Service [Auto | Running])
SRV - [2007/06/07 16:19:40 | 00,202,280 | R--- | M] (SupportSoft, Inc.) -- C:\Program Files\O2\bin\sprtsvc.exe -- (sprtsvc_O2 [Auto | Running])
SRV - [2009/08/17 01:32:00 | 00,239,648 | ---- | M] (NVIDIA Corporation) -- C:\Program Files\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe -- (Stereo Service [Auto | Running])
SRV - [2007/07/27 05:39:32 | 00,382,320 | ---- | M] (SupportSoft, Inc.) -- C:\Program Files\Common Files\Supportsoft\bin\ssrc.exe -- (SupportSoft RemoteAssist [On_Demand | Stopped])
SRV - [2008/01/19 08:38:24 | 00,272,952 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Windows Defender\mpsvc.dll -- (WinDefend [Auto | Running])
SRV - [2009/03/30 16:28:36 | 01,533,808 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE -- (wlidsvc [Auto | Running])
SRV - [2008/01/19 08:33:39 | 00,896,512 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Windows Media Player\wmpnetwk.exe -- (WMPNetworkSvc [On_Demand | Running])

========== Driver Services (SafeList) ==========

DRV - [2006/11/02 10:51:38 | 00,420,968 | ---- | M] (Adaptec, Inc.) -- C:\Windows\system32\drivers\adp94xx.sys -- (adp94xx [Disabled | Stopped])
DRV - [2006/11/02 10:51:32 | 00,297,576 | ---- | M] (Adaptec, Inc.) -- C:\Windows\system32\drivers\adpahci.sys -- (adpahci [Disabled | Stopped])
DRV - [2006/11/02 10:50:35 | 00,098,408 | ---- | M] (Adaptec, Inc.) -- C:\Windows\system32\drivers\adpu160m.sys -- (adpu160m [Disabled | Stopped])
DRV - [2006/11/02 10:51:00 | 00,147,048 | ---- | M] (Adaptec, Inc.) -- C:\Windows\system32\drivers\adpu320.sys -- (adpu320 [Disabled | Stopped])
DRV - [2006/11/02 10:50:11 | 00,071,272 | ---- | M] (Adaptec, Inc.) -- C:\Windows\system32\drivers\djsvs.sys -- (aic78xx [Disabled | Stopped])
DRV - [2008/01/16 02:32:43 | 00,017,592 | ---- | M] (Acer Laboratories Inc.) -- C:\Windows\system32\drivers\aliide.sys -- (aliide [Disabled | Stopped])
DRV - [2006/11/02 10:50:09 | 00,067,688 | ---- | M] (Adaptec, Inc.) -- C:\Windows\system32\drivers\arc.sys -- (arc [Disabled | Stopped])
DRV - [2006/11/02 10:50:10 | 00,067,688 | ---- | M] (Adaptec, Inc.) -- C:\Windows\system32\drivers\arcsas.sys -- (arcsas [Disabled | Stopped])
DRV - [2009/08/17 17:05:37 | 00,020,560 | ---- | M] (ALWIL Software) -- C:\Windows\System32\DRIVERS\aswFsBlk.sys -- (aswFsBlk [Auto | Running])
DRV - [2009/08/17 17:05:24 | 00,053,328 | ---- | M] (ALWIL Software) -- C:\Windows\System32\DRIVERS\aswMonFlt.sys -- (aswMonFlt [Auto | Running])
DRV - [2009/08/17 17:04:29 | 00,023,152 | ---- | M] (ALWIL Software) -- C:\Windows\System32\drivers\aswRdr.sys -- (aswRdr [System | Running])
DRV - [2009/08/17 17:05:52 | 00,114,768 | ---- | M] (ALWIL Software) -- C:\Windows\System32\drivers\aswSP.sys -- (aswSP [System | Running])
DRV - [2009/08/17 17:04:40 | 00,051,376 | ---- | M] (ALWIL Software) -- C:\Windows\System32\drivers\aswTdi.sys -- (aswTdi [System | Running])
DRV - [2006/11/02 09:24:45 | 00,013,568 | ---- | M] (Brother Industries, Ltd.) -- C:\Windows\system32\drivers\brfiltlo.sys -- (BrFiltLo [On_Demand | Stopped])
DRV - [2006/11/02 09:24:46 | 00,005,248 | ---- | M] (Brother Industries, Ltd.) -- C:\Windows\system32\drivers\brfiltup.sys -- (BrFiltUp [On_Demand | Stopped])
DRV - [2006/11/02 09:25:24 | 00,071,808 | ---- | M] (Brother Industries Ltd.) -- C:\Windows\system32\drivers\brserid.sys -- (Brserid [Disabled | Stopped])
DRV - [2006/11/02 09:24:44 | 00,062,336 | ---- | M] (Brother Industries Ltd.) -- C:\Windows\system32\drivers\brserwdm.sys -- (BrSerWdm [Disabled | Stopped])
DRV - [2006/11/02 09:24:44 | 00,012,160 | ---- | M] (Brother Industries Ltd.) -- C:\Windows\system32\drivers\brusbmdm.sys -- (BrUsbMdm [Disabled | Stopped])
DRV - [2006/11/02 09:24:47 | 00,011,904 | ---- | M] (Brother Industries Ltd.) -- C:\Windows\system32\drivers\brusbser.sys -- (BrUsbSer [On_Demand | Stopped])
DRV - [2008/01/16 02:32:42 | 00,019,128 | ---- | M] (CMD Technology, Inc.) -- C:\Windows\system32\drivers\cmdide.sys -- (cmdide [Disabled | Stopped])
DRV - [2006/12/08 18:33:20 | 00,041,984 | ---- | M] (Samsung Electronics Co., Ltd.) -- C:\Windows\System32\Drivers\DgiVecp.sys -- (DgiVecp [Auto | Stopped])
DRV - [2006/11/02 08:30:54 | 00,117,760 | ---- | M] (Intel Corporation) -- C:\Windows\System32\DRIVERS\E1G60I32.sys -- (E1G60 [On_Demand | Stopped])
DRV - [2006/11/02 10:51:34 | 00,316,520 | ---- | M] (Emulex) -- C:\Windows\system32\drivers\elxstor.sys -- (elxstor [Disabled | Stopped])
DRV - [2006/11/02 10:50:10 | 00,037,480 | ---- | M] (Hewlett-Packard Company) -- C:\Windows\system32\drivers\hpcisss.sys -- (HpCISSs [Disabled | Stopped])
DRV - [2006/11/02 10:51:25 | 00,232,040 | ---- | M] (Intel Corporation) -- C:\Windows\system32\drivers\iastorv.sys -- (iaStorV [Disabled | Stopped])
DRV - [2006/11/02 10:50:17 | 00,041,576 | ---- | M] (Intel Corp./ICP vortex GmbH) -- C:\Windows\system32\drivers\iirsp.sys -- (iirsp [Disabled | Stopped])
DRV - [2008/01/15 19:19:04 | 02,047,576 | ---- | M] (Realtek Semiconductor Corp.) -- C:\Windows\System32\drivers\RTKVHDA.sys -- (IntcAzAudAddService [On_Demand | Running])
DRV - [2006/11/02 10:50:07 | 00,035,944 | ---- | M] (Integrated Technology Express, Inc.) -- C:\Windows\system32\drivers\iteatapi.sys -- (iteatapi [Disabled | Stopped])
DRV - [2006/11/02 10:50:09 | 00,035,944 | ---- | M] (Integrated Technology Express, Inc.) -- C:\Windows\system32\drivers\iteraid.sys -- (iteraid [Disabled | Stopped])
DRV - [2006/11/02 10:50:04 | 00,065,640 | ---- | M] (LSI Logic) -- C:\Windows\system32\drivers\lsi_fc.sys -- (LSI_FC [Disabled | Stopped])
DRV - [2006/11/02 10:50:05 | 00,065,640 | ---- | M] (LSI Logic) -- C:\Windows\system32\drivers\lsi_sas.sys -- (LSI_SAS [Disabled | Stopped])
DRV - [2006/11/02 10:50:10 | 00,065,640 | ---- | M] (LSI Logic) -- C:\Windows\system32\drivers\lsi_scsi.sys -- (LSI_SCSI [Disabled | Stopped])
DRV - [2006/11/02 10:49:53 | 00,028,776 | ---- | M] (LSI Logic Corporation) -- C:\Windows\system32\drivers\megasas.sys -- (megasas [Disabled | Stopped])
DRV - [2006/11/02 10:49:59 | 00,033,384 | ---- | M] (LSI Logic Corporation) -- C:\Windows\system32\drivers\mraid35x.sys -- (Mraid35x [Disabled | Stopped])
DRV - [2006/11/02 10:50:19 | 00,045,160 | ---- | M] (IBM Corporation) -- C:\Windows\system32\drivers\nfrd960.sys -- (nfrd960 [Disabled | Stopped])
DRV - [2006/11/02 08:36:50 | 00,020,608 | ---- | M] (N-trig Innovative Technologies) -- C:\Windows\system32\drivers\ntrigdigi.sys -- (ntrigdigi [Disabled | Stopped])
DRV - [2008/08/01 19:51:14 | 01,052,704 | ---- | M] (NVIDIA Corporation) -- C:\Windows\System32\DRIVERS\nvmfdx32.sys -- (NVENETFD [On_Demand | Running])
DRV - [2009/08/17 00:57:00 | 09,545,152 | ---- | M] (NVIDIA Corporation) -- C:\Windows\System32\DRIVERS\nvlddmkm.sys -- (nvlddmkm [On_Demand | Running])
DRV - [2006/11/02 10:50:24 | 00,088,680 | ---- | M] (NVIDIA Corporation) -- C:\Windows\system32\drivers\nvraid.sys -- (nvraid [Disabled | Stopped])
DRV - [2006/11/02 10:50:13 | 00,040,040 | ---- | M] (NVIDIA Corporation) -- C:\Windows\system32\drivers\nvstor.sys -- (nvstor [Disabled | Stopped])
DRV - [2007/10/26 12:51:22 | 00,110,624 | ---- | M] (NVIDIA Corporation) -- C:\Windows\system32\DRIVERS\nvstor32.sys -- (nvstor32 [Boot | Running])
DRV - [2005/12/12 18:27:00 | 00,019,072 | ---- | M] (Hewlett-Packard Company) -- C:\Windows\System32\DRIVERS\PS2.sys -- (Ps2 [On_Demand | Running])
DRV - [2006/11/02 10:51:45 | 00,900,712 | ---- | M] (QLogic Corporation) -- C:\Windows\system32\drivers\ql2300.sys -- (ql2300 [Disabled | Stopped])
DRV - [2006/11/02 10:50:35 | 00,106,088 | ---- | M] (QLogic Corporation) -- C:\Windows\system32\drivers\ql40xx.sys -- (ql40xx [Disabled | Stopped])
DRV - [2007/12/26 10:46:00 | 00,288,768 | ---- | M] (NETGEAR Inc.) -- C:\Windows\System32\DRIVERS\wg111v2.sys -- (RTL8187 [On_Demand | Running])
DRV - [2007/04/23 14:54:46 | 00,083,208 | ---- | M] (MCCI Corporation) -- C:\Windows\System32\DRIVERS\s115bus.sys -- (s115bus [On_Demand | Stopped])
DRV - [2007/04/23 14:54:48 | 00,015,112 | ---- | M] (MCCI Corporation) -- C:\Windows\System32\DRIVERS\s115mdfl.sys -- (s115mdfl [On_Demand | Stopped])
DRV - [2007/04/23 14:54:48 | 00,108,680 | ---- | M] (MCCI Corporation) -- C:\Windows\System32\DRIVERS\s115mdm.sys -- (s115mdm [On_Demand | Stopped])
DRV - [2007/04/23 14:54:50 | 00,100,488 | ---- | M] (MCCI Corporation) -- C:\Windows\System32\DRIVERS\s115mgmt.sys -- (s115mgmt [On_Demand | Stopped])
DRV - [2007/04/23 14:54:50 | 00,098,568 | ---- | M] (MCCI Corporation) -- C:\Windows\System32\DRIVERS\s115obex.sys -- (s115obex [On_Demand | Stopped])
DRV - [2007/04/03 12:57:42 | 00,083,336 | ---- | M] (MCCI Corporation) -- C:\Windows\System32\DRIVERS\s116bus.sys -- (s116bus [On_Demand | Stopped])
DRV - [2007/04/03 12:57:48 | 00,015,112 | ---- | M] (MCCI Corporation) -- C:\Windows\System32\DRIVERS\s116mdfl.sys -- (s116mdfl [On_Demand | Stopped])
DRV - [2007/04/03 12:57:48 | 00,108,680 | ---- | M] (MCCI Corporation) -- C:\Windows\System32\DRIVERS\s116mdm.sys -- (s116mdm [On_Demand | Stopped])
DRV - [2007/04/03 12:57:50 | 00,100,488 | ---- | M] (MCCI Corporation) -- C:\Windows\System32\DRIVERS\s116mgmt.sys -- (s116mgmt [On_Demand | Stopped])
DRV - [2007/04/03 12:57:52 | 00,023,176 | ---- | M] (MCCI Corporation) -- C:\Windows\System32\DRIVERS\s116nd5.sys -- (s116nd5 [On_Demand | Stopped])
DRV - [2007/04/03 12:57:52 | 00,098,696 | ---- | M] (MCCI Corporation) -- C:\Windows\System32\DRIVERS\s116obex.sys -- (s116obex [On_Demand | Stopped])
DRV - [2007/04/03 12:57:54 | 00,099,080 | ---- | M] (MCCI Corporation) -- C:\Windows\System32\DRIVERS\s116unic.sys -- (s116unic [On_Demand | Stopped])
DRV - [2007/12/10 14:22:14 | 00,083,880 | ---- | M] (MCCI Corporation) -- C:\Windows\System32\DRIVERS\s3017bus.sys -- (s3017bus [On_Demand | Stopped])
DRV - [2007/12/10 14:22:18 | 00,015,016 | ---- | M] (MCCI Corporation) -- C:\Windows\System32\DRIVERS\s3017mdfl.sys -- (s3017mdfl [On_Demand | Stopped])
DRV - [2007/12/10 14:22:18 | 00,110,632 | ---- | M] (MCCI Corporation) -- C:\Windows\System32\DRIVERS\s3017mdm.sys -- (s3017mdm [On_Demand | Stopped])
DRV - [2007/12/10 14:22:20 | 00,104,616 | ---- | M] (MCCI Corporation) -- C:\Windows\System32\DRIVERS\s3017mgmt.sys -- (s3017mgmt [On_Demand | Stopped])
DRV - [2007/12/10 14:22:20 | 00,025,512 | ---- | M] (MCCI Corporation) -- C:\Windows\System32\DRIVERS\s3017nd5.sys -- (s3017nd5 [On_Demand | Stopped])
DRV - [2007/12/10 14:22:22 | 00,100,648 | ---- | M] (MCCI Corporation) -- C:\Windows\System32\DRIVERS\s3017obex.sys -- (s3017obex [On_Demand | Stopped])
DRV - [2007/12/10 14:22:22 | 00,110,120 | ---- | M] (MCCI Corporation) -- C:\Windows\System32\DRIVERS\s3017unic.sys -- (s3017unic [On_Demand | Stopped])
DRV - [2007/01/19 03:20:54 | 00,021,728 | ---- | M] (Windows ® Codename Longhorn DDK provider) -- C:\Windows\system32\DRIVERS\scmndisp.sys -- (SCMNdisP [Boot | Running])
DRV - [2006/05/15 14:35:36 | 00,061,600 | ---- | M] (MCCI) -- C:\Windows\System32\DRIVERS\SE27bus.sys -- (SE27bus [On_Demand | Stopped])
DRV - [2006/05/15 14:35:42 | 00,009,360 | ---- | M] (MCCI) -- C:\Windows\System32\DRIVERS\SE27mdfl.sys -- (SE27mdfl [On_Demand | Stopped])
DRV - [2006/05/15 14:35:42 | 00,097,184 | ---- | M] (MCCI) -- C:\Windows\System32\DRIVERS\SE27mdm.sys -- (SE27mdm [On_Demand | Stopped])
DRV - [2006/11/02 07:37:21 | 00,020,480 | ---- | M] (Macrovision Corporation, Macrovision Europe Limited, and Macrovision Japan and Asia K.K.) -- C:\Windows\System32\drivers\secdrv.sys -- (secdrv [Auto | Running])
DRV - [2006/11/02 10:50:10 | 00,038,504 | ---- | M] (Silicon Integrated Systems Corp.) -- C:\Windows\system32\drivers\sisraid2.sys -- (SiSRaid2 [Disabled | Stopped])
DRV - [2006/11/02 10:50:16 | 00,071,784 | ---- | M] (Silicon Integrated Systems) -- C:\Windows\system32\drivers\sisraid4.sys -- (SiSRaid4 [Disabled | Stopped])
DRV - [2008/10/08 23:13:13 | 00,717,296 | ---- | M] () -- C:\Windows\System32\Drivers\sptd.sys -- (sptd [Boot | Running])
DRV - [2006/12/08 18:33:22 | 00,005,120 | ---- | M] (Samsung Electronics) -- C:\Windows\System32\Drivers\SSPORT.sys -- (SSPORT [Auto | Running])
DRV - [2007/05/02 11:11:16 | 00,083,592 | ---- | M] (MCCI Corporation) -- C:\Windows\System32\DRIVERS\ss_bus.sys -- (ss_bus [On_Demand | Stopped])
DRV - [2007/05/02 11:11:18 | 00,015,112 | ---- | M] (MCCI Corporation) -- C:\Windows\System32\DRIVERS\ss_mdfl.sys -- (ss_mdfl [On_Demand | Stopped])
DRV - [2007/05/02 11:11:18 | 00,109,704 | ---- | M] (MCCI Corporation) -- C:\Windows\System32\DRIVERS\ss_mdm.sys -- (ss_mdm [On_Demand | Stopped])
DRV - [2009/05/22 21:40:24 | 00,005,632 | ---- | M] () -- C:\Windows\System32\drivers\StarOpen.sys -- (StarOpen [System | Running])
DRV - [2006/11/02 10:50:05 | 00,035,944 | ---- | M] (LSI Logic) -- C:\Windows\system32\drivers\symc8xx.sys -- (Symc8xx [Disabled | Stopped])
DRV - [2006/11/02 10:49:56 | 00,031,848 | ---- | M] (LSI Logic) -- C:\Windows\system32\drivers\sym_hi.sys -- (Sym_hi [Disabled | Stopped])
DRV - [2006/11/02 10:50:03 | 00,034,920 | ---- | M] (LSI Logic) -- C:\Windows\system32\drivers\sym_u3.sys -- (Sym_u3 [Disabled | Stopped])
DRV - [2006/11/02 10:51:25 | 00,235,112 | ---- | M] (ULi Electronics Inc.) -- C:\Windows\system32\drivers\uliahci.sys -- (uliahci [Disabled | Stopped])
DRV - [2006/11/02 10:50:35 | 00,098,408 | ---- | M] (Promise Technology, Inc.) -- C:\Windows\system32\drivers\ulsata.sys -- (UlSata [Disabled | Stopped])
DRV - [2006/11/02 10:50:45 | 00,115,816 | ---- | M] (Promise Technology, Inc.) -- C:\Windows\system32\drivers\ulsata2.sys -- (ulsata2 [Disabled | Stopped])
DRV - [2008/01/16 02:32:43 | 00,020,152 | ---- | M] (VIA Technologies, Inc.) -- C:\Windows\system32\drivers\viaide.sys -- (viaide [Disabled | Stopped])
DRV - [2006/04/07 17:06:38 | 00,038,496 | ---- | M] (OLYMPUS IMAGING CORP.) -- C:\Windows\System32\DRIVERS\VNUSB.sys -- (VNUSB [On_Demand | Stopped])
DRV - [2006/11/02 10:50:41 | 00,112,232 | ---- | M] (VIA Technologies Inc.,Ltd) -- C:\Windows\system32\drivers\vsmraid.sys -- (vsmraid [Disabled | Stopped])
DRV - [2009/09/10 14:54:06 | 00,038,224 | ---- | M] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbamswissarmy.sys -- (MBAMSwissArmy [On_Demand | Running])

========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL = [binary data]
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Extensions Off Page = about:NoAdd-ons
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\System32\blank.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Security Risk Page = about:SecurityRisk
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,CustomizeSearch = http://ie.search.msn.com/{SUB_RFC1766}/srchasst/srchcust.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = http://ie.search.msn.com/{SUB_RFC1766}/srchasst/srchasst.htm


IE - HKU\.DEFAULT\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft.com/isapi/redir.dll?p...amp;ar=iesearch
IE - HKU\.DEFAULT\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.microsoft.com/isapi/redir.dll?p...&ar=msnhome
IE - HKU\.DEFAULT\..\URLSearchHook: {A3BC75A2-1F87-4686-AA43-5347D756017C} - Reg Error: Key error. File not found
IE - HKU\.DEFAULT\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-18\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft.com/isapi/redir.dll?p...amp;ar=iesearch
IE - HKU\S-1-5-18\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.microsoft.com/isapi/redir.dll?p...&ar=msnhome
IE - HKU\S-1-5-18\..\URLSearchHook: {A3BC75A2-1F87-4686-AA43-5347D756017C} - Reg Error: Key error. File not found
IE - HKU\S-1-5-18\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0



IE - HKU\S-1-5-21-1046387610-3232659887-153465472-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\system32\blank.htm
IE - HKU\S-1-5-21-1046387610-3232659887-153465472-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft.com/isapi/redir.dll?p...amp;ar=iesearch
IE - HKU\S-1-5-21-1046387610-3232659887-153465472-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://co120w.col120.mail.live.com/default...x?wa=wsignin1.0
IE - HKU\S-1-5-21-1046387610-3232659887-153465472-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = http://uk.msn.com/?ocid=iehp
IE - HKU\S-1-5-21-1046387610-3232659887-153465472-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = en-gb
IE - HKU\S-1-5-21-1046387610-3232659887-153465472-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = E7 94 6A 8C 4F 3C CA 01 [binary data]
IE - HKU\S-1-5-21-1046387610-3232659887-153465472-1000\SOFTWARE\Microsoft\Internet Explorer\Main,StartPageCache = 1
IE - HKU\S-1-5-21-1046387610-3232659887-153465472-1000\S-1-5-21-1046387610-3232659887-153465472-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

========== FireFox ==========

FF - prefs.js..browser.startup.homepage: "http://www.hotukdeals.com/"
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0016-ABCDEFFEDCBA}:6.0.16
FF - prefs.js..extensions.enabledItems: {972ce4c6-7e08-4474-a285-3208198ce6fd}:3.5.2

FF - HKLM\software\mozilla\Firefox\Extensions\\{20a82645-c095-46ed-80e3-08825760534b}: c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\ [2009/08/28 11:38:54 | 00,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.5.2\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2009/09/09 12:48:09 | 00,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.5.2\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2009/09/12 00:45:18 | 00,000,000 | ---D | M]

[2008/08/27 14:39:13 | 00,000,000 | ---D | M] -- C:\Users\lise\AppData\Roaming\mozilla\Extensions
[2008/08/27 14:39:13 | 00,000,000 | ---D | M] -- C:\Users\lise\AppData\Roaming\mozilla\Extensions\{ec8030f7-c20a-464f-9b0e-13a3a9e97384}
[2009/08/17 23:31:49 | 00,000,000 | ---D | M] -- C:\Users\lise\AppData\Roaming\mozilla\Firefox\Profiles\ln00y8we.default\extensions
[2009/09/12 00:45:23 | 00,000,000 | ---D | M] -- C:\Program Files\mozilla firefox\extensions
[2009/09/09 12:48:09 | 00,000,000 | ---D | M] -- C:\Program Files\mozilla firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
[2009/09/07 01:19:31 | 00,000,000 | ---D | M] -- C:\Program Files\mozilla firefox\extensions\{B13721C7-F507-4982-B2E5-502A71474FED}
[2009/09/12 00:45:24 | 00,000,000 | ---D | M] -- C:\Program Files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0016-ABCDEFFEDCBA}
[2009/07/30 12:26:53 | 00,023,544 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\browserdirprovider.dll
[2009/07/30 12:26:54 | 00,137,208 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\brwsrcmp.dll
[2009/09/12 00:44:15 | 00,411,368 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\mozilla firefox\plugins\npdeploytk.dll
[2009/02/06 12:44:28 | 01,447,296 | ---- | M] (Microsoft Corporation) -- C:\Program Files\mozilla firefox\plugins\npLegitCheckPlugin.dll
[2009/07/30 12:26:55 | 00,065,016 | ---- | M] (mozilla.org) -- C:\Program Files\mozilla firefox\plugins\npnul32.dll
[2006/10/26 20:12:16 | 00,016,192 | ---- | M] (Microsoft Corporation) -- C:\Program Files\mozilla firefox\plugins\NPOFF12.DLL
[2008/06/11 22:45:28 | 00,103,792 | ---- | M] (Adobe Systems Inc.) -- C:\Program Files\mozilla firefox\plugins\nppdf32.dll
[2008/11/03 22:17:06 | 00,144,960 | ---- | M] (RealNetworks, Inc.) -- C:\Program Files\mozilla firefox\plugins\nppl3260.dll
[2009/05/05 00:44:33 | 00,131,072 | ---- | M] (Apple Inc.) -- C:\Program Files\mozilla firefox\plugins\npqtplugin.dll
[2009/05/05 00:44:33 | 00,131,072 | ---- | M] (Apple Inc.) -- C:\Program Files\mozilla firefox\plugins\npqtplugin2.dll
[2009/05/05 00:44:33 | 00,131,072 | ---- | M] (Apple Inc.) -- C:\Program Files\mozilla firefox\plugins\npqtplugin3.dll
[2009/05/05 00:44:33 | 00,131,072 | ---- | M] (Apple Inc.) -- C:\Program Files\mozilla firefox\plugins\npqtplugin4.dll
[2009/05/05 00:44:33 | 00,131,072 | ---- | M] (Apple Inc.) -- C:\Program Files\mozilla firefox\plugins\npqtplugin5.dll
[2009/05/05 00:44:33 | 00,131,072 | ---- | M] (Apple Inc.) -- C:\Program Files\mozilla firefox\plugins\npqtplugin6.dll
[2009/05/05 00:44:33 | 00,131,072 | ---- | M] (Apple Inc.) -- C:\Program Files\mozilla firefox\plugins\npqtplugin7.dll
[2008/11/03 22:17:15 | 00,008,192 | ---- | M] (RealNetworks, Inc.) -- C:\Program Files\mozilla firefox\plugins\nprjplug.dll
[2008/11/03 22:17:03 | 00,094,208 | ---- | M] (RealNetworks, Inc.) -- C:\Program Files\mozilla firefox\plugins\nprpjplug.dll
[2008/09/15 11:52:06 | 00,376,832 | ---- | M] ( ) -- C:\Program Files\mozilla firefox\plugins\npsnapfish.dll
[2009/07/30 08:24:20 | 00,001,394 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\amazondotcom.xml
[2009/07/30 08:24:20 | 00,002,193 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\answers.xml
[2009/07/30 08:24:20 | 00,001,534 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\creativecommons.xml
[2009/07/30 08:24:20 | 00,002,344 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\eBay.xml
[2009/07/30 08:24:20 | 00,002,371 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\google.xml
[2009/07/30 08:24:20 | 00,001,178 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\wikipedia.xml
[2009/07/30 08:24:20 | 00,000,792 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\yahoo.xml

O1 HOSTS File: (761 bytes) - C:\Windows\System32\drivers\etc\Hosts
O1 - Hosts: 127.0.0.1 localhost
O1 - Hosts: ::1 localhost
O2 - BHO: (Adobe PDF Link Helper) - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll (Adobe Systems Incorporated)
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - No CLSID value found.
O2 - BHO: (no name) - {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - No CLSID value found.
O2 - BHO: (Groove GFS Browser Helper) - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll (Microsoft Corporation)
O2 - BHO: (Windows Live ID Sign-in Helper) - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corporation)
O2 - BHO: (Java™ Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll (Sun Microsystems, Inc.)
O3 - HKLM\..\Toolbar: (DAEMON Tools Toolbar) - {32099AAC-C132-4136-9E9A-4E364A424E17} - C:\Program Files\DAEMON Tools Toolbar\DTToolbar.dll ()
O3 - HKLM\..\Toolbar: (no name) - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - No CLSID value found.
O3 - HKU\S-1-5-21-1046387610-3232659887-153465472-1000\..\Toolbar\WebBrowser: (DAEMON Tools Toolbar) - {32099AAC-C132-4136-9E9A-4E364A424E17} - C:\Program Files\DAEMON Tools Toolbar\DTToolbar.dll ()
O4 - HKLM..\Run: [avast!] C:\Program Files\Alwil Software\Avast4\ashDisp.exe (ALWIL Software)
O4 - HKLM..\Run: [GrooveMonitor] C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe (Microsoft Corporation)
O4 - HKLM..\Run: [HP Software Update] C:\Program Files\HP\HP Software Update\HPWuSchd2.exe (Hewlett-Packard)
O4 - HKLM..\Run: [hpsysdrv] c:\hp\support\hpsysdrv.exe (Hewlett-Packard Company)
O4 - HKLM..\Run: [Malwarebytes Anti-Malware (reboot)] C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe (Malwarebytes Corporation)
O4 - HKLM..\Run: [O2] C:\Program Files\O2\bin\sprtcmd.exe (SupportSoft, Inc.)
O4 - HKLM..\Run: [OsdMaestro] C:\Program Files\Hewlett-Packard\On-Screen OSD Indicator\OSD.exe (OsdMaestro)
O4 - HKLM..\Run: [QuickTime Task] C:\Program Files\QuickTime\QTTask.exe (Apple Inc.)
O4 - HKLM..\Run: [SunJavaUpdateReg] C:\Windows\System32\jureg.exe (Sun Microsystems, Inc.)
O4 - HKLM..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre6\bin\jusched.exe (Sun Microsystems, Inc.)
O4 - HKLM..\Run: [TkBellExe] C:\Program Files\Common Files\Real\Update_OB\realsched.exe (RealNetworks, Inc.)
O4 - HKLM..\Run: [Windows Defender] C:\Program Files\Windows Defender\MSASCui.exe (Microsoft Corporation)
O4 - HKU\S-1-5-21-1046387610-3232659887-153465472-1000..\Run: [ehTray.exe] C:\Windows\ehome\ehTray.exe (Microsoft Corporation)
O4 - HKU\S-1-5-21-1046387610-3232659887-153465472-1000..\Run: [msnmsgr] C:\Program Files\Windows Live\Messenger\msnmsgr.exe (Microsoft Corporation)
O4 - HKU\S-1-5-21-1046387610-3232659887-153465472-1000..\Run: [Power2GoExpress] File not found
O4 - HKLM..\RunOnce: [Malwarebytes' Anti-Malware] C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe (Malwarebytes Corporation)
O4 - Startup: C:\Users\lise\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OneNote 2007 Screen Clipper and Launcher.lnk = C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE (Microsoft Corporation)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 2
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableInstallerDetection = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLUA = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableSecureUIAPaths = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableVirtualization = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: PromptOnSecureDesktop = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ValidateAdminCodeSignatures = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: dontdisplaylastusername = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: legalnoticecaption =
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: legalnoticetext =
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: scforceoption = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: shutdownwithoutlogon = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: undockwithoutlogon = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: FilterAdministratorToken = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableUIADesktopToggle = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats: CF_TEXT = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats: CF_BITMAP = 2
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats: CF_OEMTEXT = 7
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats: CF_DIB = 8
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats: CF_PALETTE = 9
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats: CF_UNICODETEXT = 13
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats: CF_DIBV5 = 17
O7 - HKU\.DEFAULT\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-18\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-19\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-20\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-21-1046387610-3232659887-153465472-1000\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-21-1046387610-3232659887-153465472-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O7 - HKU\S-1-5-21-1046387610-3232659887-153465472-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = FF FF FF FF [binary data]
O7 - HKU\S-1-5-21-1046387610-3232659887-153465472-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 36
O7 - HKU\S-1-5-21-1046387610-3232659887-153465472-1000_Classes\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O8 - Extra context menu item: E&xport to Microsoft Excel - C:\Program Files\Microsoft Office\Office12\EXCEL.EXE (Microsoft Corporation)
O8 - Extra context menu item: Open using &Advanced JPEG Compressor - C:\Program Files\Advanced JPEG Compressor\ajcieex.htm ()
O9 - Extra Button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office\Office12\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office\Office12\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra Button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\Program Files\Microsoft Office\Office12\REFIEBAR.DLL (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000001 [] - C:\Windows\System32\NLAapi.dll (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000002 [] - C:\Windows\System32\napinsp.dll (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000003 [] - C:\Windows\System32\pnrpnsp.dll (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000004 [] - C:\Windows\System32\pnrpnsp.dll (Microsoft Corporation)
O15 - HKU\.DEFAULT\..Trusted Ranges: Range1 ([http] in Local intranet)
O15 - HKU\S-1-5-18\..Trusted Ranges: Range1 ([http] in Local intranet)
O15 - HKU\S-1-5-21-1046387610-3232659887-153465472-1000\..Trusted Domains: o2.co.uk ([*.broadband] http in Trusted sites)
O15 - HKU\S-1-5-21-1046387610-3232659887-153465472-1000\..Trusted Domains: o2.co.uk ([*.broadband] https in Trusted sites)
O15 - HKU\S-1-5-21-1046387610-3232659887-153465472-1000\..Trusted Domains: 34 domain(s) and sub-domain(s) not assigned to a zone.
O15 - HKU\S-1-5-21-1046387610-3232659887-153465472-1000\..Trusted Ranges: Range1 ([http] in Local intranet)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Java Plug-in 1.6.0_16)
O16 - DPF: {CAFEEFAC-0016-0000-0016-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Java Plug-in 1.6.0_16)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Java Plug-in 1.6.0_16)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.254
O18 - Protocol\Handler\grooveLocalGWS {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files\Microsoft Office\Office12\GrooveSystemServices.dll (Microsoft Corporation)
O18 - Protocol\Handler\livecall {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files\Windows Live\Messenger\msgrapp.14.0.8089.0726.dll (Microsoft Corporation)
O18 - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - C:\Program Files\Common Files\Microsoft Shared\Help\hxds.dll (Microsoft Corporation)
O18 - Protocol\Handler\ms-itss {0A9007C0-4076-11D3-8789-0000F8105754} - C:\Program Files\Common Files\Microsoft Shared\Information Retrieval\msitss.dll (Microsoft Corporation)
O18 - Protocol\Handler\msnim {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files\Windows Live\Messenger\msgrapp.14.0.8089.0726.dll (Microsoft Corporation)
O18 - Protocol\Filter: - text/xml - C:\Program Files\Common Files\microsoft shared\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\Windows\Explorer.exe (Microsoft Corporation)
O28 - HKLM ShellExecuteHooks: {AEB6717E-7E19-11d0-97EE-00C04FD91972} - Reg Error: Key error. File not found
O28 - HKLM ShellExecuteHooks: {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll (Microsoft Corporation)
O31 - SafeBoot: AlternateShell - cmd.exe
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2008/01/16 03:28:51 | 00,000,074 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O32 - AutoRun File - [2009/10/08 02:13:25 | 00,000,000 | RHSD | M] - C:\autorun.inf -- [ NTFS ]
O32 - AutoRun File - [2009/10/08 02:13:25 | 00,000,000 | RHSD | M] - D:\autorun.inf -- [ NTFS ]
O32 - AutoRun File - [2007/04/19 03:37:34 | 00,000,029 | R--- | M] () - E:\AUTORUN.INF -- [ CDFS ]
O32 - AutoRun File - [2008/10/24 13:30:10 | 00,000,088 | R--- | M] () - K:\autorun.inf -- [ FAT32 ]
O32 - AutoRun File - [2009/10/08 02:13:26 | 00,000,000 | RHSD | M] - M:\autorun.inf -- [ FAT32 ]
O33 - MountPoints2\{f9efd5eb-4082-11de-9009-001e8cb65115}\Shell\AutoRun\command - "" = K:\Toshiba\more4you.exe -- [2008/12/10 20:19:22 | 10,929,464 | ---- | M] (TOSHIBA)
O33 - MountPoints2\K\Shell\AutoRun\command - "" = K:\Toshiba\more4you.exe -- [2008/12/10 20:19:22 | 10,929,464 | ---- | M] (TOSHIBA)
O34 - HKLM BootExecute: (autocheck) - File not found
O34 - HKLM BootExecute: (autochk) - C:\Windows\System32\autochk.exe (Microsoft Corporation)
O34 - HKLM BootExecute: (*) - File not found
O35 - comfile [open] -- "%1" %* File not found
O35 - exefile [open] -- "%1" %* File not found

========== Files/Folders - Created Within 30 Days ==========

[2009/09/21 22:55:09 | 00,000,000 | ---D | C] -- C:\ProgramData\BVRP Software
[2009/09/21 13:51:17 | 00,000,000 | ---D | C] -- C:\ProgramData\EPSON
[2009/09/21 13:59:02 | 00,000,000 | ---D | C] -- C:\ProgramData\UDL
[2009/09/09 00:01:43 | 00,000,000 | ---D | C] -- C:\Users\lise\AppData\Roaming\Talkback
[2009/10/07 03:12:22 | 00,000,000 | ---D | C] -- C:\Users\lise\AppData\Local\temp
[2009/09/21 13:55:47 | 00,000,000 | ---D | C] -- C:\Program Files\ABBYY FineReader 6.0 Sprint
[2009/09/21 13:50:39 | 00,000,000 | ---D | C] -- C:\Program Files\epson
[2009/09/09 03:21:30 | 00,000,000 | ---D | C] -- C:\Program Files\NVIDIA Corporation
[2009/09/09 01:53:43 | 00,000,000 | ---D | C] -- C:\Program Files\Trend Micro
[2009/10/08 02:13:25 | 00,000,000 | RHSD | C] -- C:\autorun.inf
[2009/10/07 03:12:23 | 00,000,000 | ---D | C] -- C:\Windows\temp
[2009/10/07 03:12:21 | 00,000,000 | -HSD | C] -- C:\$RECYCLE.BIN
[2009/10/07 03:01:48 | 00,000,000 | ---D | C] -- C:\ComboFix
[2009/10/07 03:01:27 | 00,212,480 | ---- | C] (SteelWerX) -- C:\Windows\SWXCACLS.exe
[2009/10/07 03:01:27 | 00,161,792 | ---- | C] (SteelWerX) -- C:\Windows\SWREG.exe
[2009/10/07 03:01:27 | 00,136,704 | ---- | C] (SteelWerX) -- C:\Windows\SWSC.exe
[2009/10/07 03:01:27 | 00,031,232 | ---- | C] (NirSoft) -- C:\Windows\NIRCMD.exe
[2009/10/07 03:01:21 | 00,000,000 | ---D | C] -- C:\Windows\ERDNT
[2009/10/07 03:01:20 | 00,318,976 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\CF4609.exe
[2009/10/07 03:00:49 | 00,000,000 | ---D | C] -- C:\Config.Msi
[2009/10/07 02:58:36 | 00,000,000 | ---D | C] -- C:\Qoobox
[2009/10/06 16:44:22 | 00,000,000 | ---D | C] -- C:\Users\lise\Desktop\NewCheckoutOrderConfirmationView_files
[2009/10/06 11:22:32 | 00,000,000 | ---D | C] -- C:\Users\lise\Desktop\protx_success.asp_files
[2009/10/05 17:16:58 | 00,000,000 | ---D | C] -- C:\Users\lise\Desktop\payment.asp_files
[2009/10/03 18:45:43 | 00,000,000 | ---D | C] -- C:\Users\lise\Desktop\Dani Phone
[2009/10/03 15:37:45 | 00,472,064 | ---- | C] ( ) -- C:\Users\lise\Desktop\RootRepeal.exe
[2009/09/21 14:59:32 | 00,008,192 | ---- | C] (SEIKO EPSON CORP.) -- C:\Windows\System32\E_DCINST.DLL
[2009/09/21 14:59:31 | 00,078,848 | ---- | C] (SEIKO EPSON CORPORATION) -- C:\Windows\System32\E_FD4BEGE.DLL
[2009/09/21 13:54:03 | 00,501,912 | ---- | C] (SEIKO EPSON CORPORATION) -- C:\Windows\System32\PICSDK2.dll
[2009/09/21 13:54:03 | 00,080,024 | ---- | C] (SEIKO EPSON CORPORATION) -- C:\Windows\System32\PICSDK.dll
[2009/09/21 13:54:02 | 00,120,992 | ---- | C] (SEIKO EPSON CORPORATION) -- C:\Windows\System32\EpPicPrt.dll
[2009/09/21 13:54:02 | 00,108,704 | ---- | C] (SEIKO EPSON CORPORATION) -- C:\Windows\System32\PICEntry.dll
[2009/09/21 13:54:02 | 00,071,840 | ---- | C] (SEIKO EPSON CORPORATION) -- C:\Windows\System32\EPPicMgr.dll
[2009/09/21 13:51:46 | 00,086,528 | ---- | C] (SEIKO EPSON CORPORATION) -- C:\Windows\System32\E_FLBEGE.DLL
[2009/09/21 13:50:39 | 00,071,680 | ---- | C] (SEIKO EPSON CORP.) -- C:\Windows\System32\escwiad.dll
[2009/09/20 02:28:22 | 00,000,000 | ---D | C] -- C:\Users\lise\Desktop\ProcessPayment.ice_files
[2009/09/12 00:45:18 | 00,411,368 | ---- | C] (Sun Microsystems, Inc.) -- C:\Windows\System32\deploytk.dll
[2009/09/12 00:45:18 | 00,149,280 | ---- | C] (Sun Microsystems, Inc.) -- C:\Windows\System32\javaws.exe
[2009/09/12 00:45:18 | 00,145,184 | ---- | C] (Sun Microsystems, Inc.) -- C:\Windows\System32\javaw.exe
[2009/09/12 00:45:18 | 00,145,184 | ---- | C] (Sun Microsystems, Inc.) -- C:\Windows\System32\java.exe
[2009/09/11 12:34:37 | 00,000,000 | ---D | C] -- C:\Users\lise\Desktop\pgeorderresult.aspx_files
[2009/09/09 03:31:42 | 00,897,608 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\drivers\tcpip.sys
[2009/09/09 03:31:40 | 00,104,960 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\netiohlp.dll
[2009/09/09 03:31:39 | 00,027,136 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\NETSTAT.EXE
[2009/09/09 03:31:39 | 00,019,968 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ARP.EXE
[2009/09/09 03:31:39 | 00,010,240 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\finger.exe
[2009/09/09 03:31:39 | 00,009,728 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\TCPSVCS.EXE
[2009/09/09 03:31:39 | 00,008,704 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\HOSTNAME.EXE
[2009/09/09 03:31:38 | 00,017,920 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ROUTE.EXE
[2009/09/09 03:31:38 | 00,011,264 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\MRINFO.EXE
[2009/09/09 03:31:37 | 00,017,920 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\netevent.dll
[2009/09/09 03:29:18 | 02,386,944 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\WMVCORE.DLL
[2009/09/09 03:29:17 | 02,868,224 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mf.dll
[2009/09/09 03:29:05 | 00,293,376 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wlanmsm.dll
[2009/09/09 03:29:04 | 00,302,592 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wlansec.dll
[2009/09/09 03:29:04 | 00,127,488 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\L2SecHC.dll
[2009/09/09 03:29:03 | 00,513,024 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wlansvc.dll
[2009/09/09 03:25:51 | 00,726,528 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\jscript.dll
[2009/09/09 03:15:55 | 00,000,000 | ---D | C] -- C:\NVIDIA
[2009/09/08 16:32:53 | 00,000,000 | ---D | C] -- C:\Users\lise\Desktop\viewbooking.asp_files

========== Files - Modified Within 30 Days ==========

[2009/10/08 02:29:09 | 00,000,820 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes' Anti-Malware.lnk
[2009/10/08 02:17:38 | 00,032,784 | ---- | M] () -- C:\ProgramData\nvModes.dat
[2009/10/08 02:17:37 | 00,032,784 | ---- | M] () -- C:\ProgramData\nvModes.001
[2009/10/08 02:17:30 | 00,000,006 | -H-- | M] () -- C:\Windows\tasks\SA.DAT
[2009/10/08 02:17:28 | 00,003,696 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
[2009/10/08 02:17:28 | 00,003,696 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
[2009/10/08 02:17:24 | 00,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2009/10/08 02:15:23 | 03,980,163 | -H-- | M] () -- C:\Users\lise\AppData\Local\IconCache.db
[2009/10/07 03:10:41 | 00,000,215 | ---- | M] () -- C:\Windows\system.ini
[2009/10/07 02:58:33 | 00,318,976 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\CF4609.exe
[2009/10/07 02:53:08 | 03,327,765 | R--- | M] () -- C:\Users\lise\Desktop\ComboFix.exe
[2009/10/06 16:44:31 | 00,083,511 | ---- | M] () -- C:\Users\lise\Desktop\NewCheckoutOrderConfirmationView.htm
[2009/10/06 11:22:33 | 00,050,879 | ---- | M] () -- C:\Users\lise\Desktop\protx_success.asp.htm
[2009/10/06 03:42:26 | 00,000,015 | ---- | M] () -- C:\Users\lise\Desktop\settings.dat
[2009/10/06 00:11:48 | 00,290,816 | ---- | M] () -- C:\Users\lise\Desktop\izr0wwum.exe
[2009/10/05 17:17:04 | 00,026,914 | ---- | M] () -- C:\Users\lise\Desktop\payment.asp.htm
[2009/10/04 23:51:23 | 00,025,600 | ---- | M] () -- C:\Users\lise\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2009/10/03 15:41:05 | 29,858,3351 | ---- | M] () -- C:\Windows\MEMORY.DMP
[2009/10/03 15:39:11 | 00,472,064 | ---- | M] ( ) -- C:\Users\lise\Desktop\RootRepeal.exe
[2009/10/03 15:35:52 | 00,361,369 | ---- | M] () -- C:\Users\lise\Desktop\dds.scr
[2009/10/03 03:16:18 | 00,008,520 | ---- | M] () -- C:\Users\lise\AppData\Roaming\wklnhst.dat
[2009/09/28 06:02:09 | 00,021,875 | ---- | M] () -- C:\Users\lise\Desktop\Hi Orla.docx
[2009/09/26 19:03:19 | 00,023,436 | ---- | M] () -- C:\Users\lise\Desktop\pgeorderresult.aspx.htm
[2009/09/25 12:37:18 | 00,017,955 | ---- | M] () -- C:\Users\lise\Desktop\o2complaint.docx
[2009/09/25 12:06:46 | 00,634,890 | ---- | M] () -- C:\Windows\System32\PerfStringBackup.INI
[2009/09/25 12:06:46 | 00,607,342 | ---- | M] () -- C:\Windows\System32\perfh009.dat
[2009/09/25 12:06:46 | 00,043,544 | ---- | M] () -- C:\Windows\System32\perfc009.dat
[2009/09/25 01:31:28 | 00,011,976 | ---- | M] () -- C:\Users\lise\Documents\Hi Nicola.docx
[2009/09/21 22:52:59 | 00,392,592 | ---- | M] () -- C:\Windows\System32\FNTCACHE.DAT
[2009/09/21 14:53:25 | 00,111,512 | ---- | M] () -- C:\Users\lise\AppData\Local\GDIPFONTCACHEV1.DAT
[2009/09/21 14:02:28 | 00,002,067 | ---- | M] () -- C:\Users\Public\Desktop\EPSON File Manager.lnk
[2009/09/21 13:53:53 | 00,002,018 | ---- | M] () -- C:\Users\Public\Desktop\EPSON Stylus SX200_SX400_TX200_TX400 Manual.lnk
[2009/09/21 13:50:40 | 00,000,767 | ---- | M] () -- C:\Users\Public\Desktop\EPSON Scan.lnk
[2009/09/21 13:50:19 | 00,000,025 | ---- | M] () -- C:\Windows\CDE SX400DEFGIPS.ini
[2009/09/20 02:28:24 | 00,031,524 | ---- | M] () -- C:\Users\lise\Desktop\ProcessPayment.ice.htm
[2009/09/19 14:18:05 | 00,000,162 | -H-- | M] () -- C:\Users\lise\Desktop\~$complaint.docx
[2009/09/16 11:54:11 | 00,452,913 | ---- | M] () -- C:\Users\lise\Desktop\the_hsc_complaints_procedure_directions__ni__2009.pdf
[2009/09/14 02:12:36 | 00,229,888 | ---- | M] () -- C:\Windows\PEV.exe
[2009/09/12 00:44:10 | 00,149,280 | ---- | M] (Sun Microsystems, Inc.) -- C:\Windows\System32\javaws.exe
[2009/09/12 00:44:10 | 00,145,184 | ---- | M] (Sun Microsystems, Inc.) -- C:\Windows\System32\javaw.exe
[2009/09/12 00:44:09 | 00,145,184 | ---- | M] (Sun Microsystems, Inc.) -- C:\Windows\System32\java.exe
[2009/09/12 00:44:08 | 00,411,368 | ---- | M] (Sun Microsystems, Inc.) -- C:\Windows\System32\deploytk.dll
[2009/09/10 14:54:06 | 00,038,224 | ---- | M] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbamswissarmy.sys
[2009/09/10 14:53:50 | 00,019,160 | ---- | M] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbam.sys
[2009/09/09 12:48:10 | 00,001,726 | ---- | M] () -- C:\Users\Public\Desktop\Mozilla Firefox.lnk
[2009/09/09 01:53:43 | 00,001,876 | ---- | M] () -- C:\Users\lise\Desktop\HijackThis.lnk
[2009/09/08 23:55:00 | 00,360,030 | ---- | M] () -- C:\Users\lise\Desktop\bookmarks.html
[2009/09/08 23:54:34 | 00,167,304 | ---- | M] () -- C:\Users\lise\Desktop\Bookmarks 2009-09-08.json
[2009/09/08 16:33:02 | 00,053,586 | ---- | M] () -- C:\Users\lise\Desktop\viewbooking.asp.htm

========== Files - No Company Name ==========
[2009/10/07 03:01:27 | 00,229,888 | ---- | C] () -- C:\Windows\PEV.exe
[2009/10/07 03:01:27 | 00,098,816 | ---- | C] () -- C:\Windows\sed.exe
[2009/10/07 03:01:27 | 00,080,412 | ---- | C] () -- C:\Windows\grep.exe
[2009/10/07 03:01:27 | 00,068,096 | ---- | C] () -- C:\Windows\zip.exe
[2009/10/07 02:52:50 | 03,327,765 | R--- | C] () -- C:\Users\lise\Desktop\ComboFix.exe
[2009/10/06 16:44:22 | 00,083,511 | ---- | C] () -- C:\Users\lise\Desktop\NewCheckoutOrderConfirmationView.htm
[2009/10/06 11:22:31 | 00,050,879 | ---- | C] () -- C:\Users\lise\Desktop\protx_success.asp.htm
[2009/10/06 00:09:53 | 00,290,816 | ---- | C] () -- C:\Users\lise\Desktop\izr0wwum.exe
[2009/10/05 17:16:56 | 00,026,914 | ---- | C] () -- C:\Users\lise\Desktop\payment.asp.htm
[2009/10/03 16:29:55 | 00,000,015 | ---- | C] () -- C:\Users\lise\Desktop\settings.dat
[2009/10/03 15:30:39 | 00,361,369 | ---- | C] () -- C:\Users\lise\Desktop\dds.scr
[2009/10/01 01:10:19 | 29,858,3351 | ---- | C] () -- C:\Windows\MEMORY.DMP
[2009/09/28 06:02:08 | 00,021,875 | ---- | C] () -- C:\Users\lise\Desktop\Hi Orla.docx
[2009/09/25 01:31:28 | 00,011,976 | ---- | C] () -- C:\Users\lise\Documents\Hi Nicola.docx
[2009/09/21 14:02:28 | 00,002,067 | ---- | C] () -- C:\Users\Public\Desktop\EPSON File Manager.lnk
[2009/09/21 13:54:03 | 00,000,097 | ---- | C] () -- C:\Windows\System32\PICSDK.ini
[2009/09/21 13:54:02 | 00,111,932 | ---- | C] () -- C:\Windows\System32\EPPICPrinterDB.dat
[2009/09/21 13:54:02 | 00,031,053 | ---- | C] () -- C:\Windows\System32\EPPICPattern131.dat
[2009/09/21 13:54:02 | 00,027,417 | ---- | C] () -- C:\Windows\System32\EPPICPattern121.dat
[2009/09/21 13:54:02 | 00,026,154 | ---- | C] () -- C:\Windows\System32\EPPICPattern1.dat
[2009/09/21 13:54:02 | 00,024,903 | ---- | C] () -- C:\Windows\System32\EPPICPattern3.dat
[2009/09/21 13:54:02 | 00,021,390 | ---- | C] () -- C:\Windows\System32\EPPICPattern5.dat
[2009/09/21 13:54:02 | 00,020,148 | ---- | C] () -- C:\Windows\System32\EPPICPattern2.dat
[2009/09/21 13:54:02 | 00,013,732 | ---- | C] () -- C:\Windows\System32\EPPICLocal_EN.cfg
[2009/09/21 13:54:02 | 00,011,811 | ---- | C] () -- C:\Windows\System32\EPPICPattern4.dat
[2009/09/21 13:54:02 | 00,006,442 | ---- | C] () -- C:\Windows\System32\EPPICLocal_IT.cfg
[2009/09/21 13:54:02 | 00,006,347 | ---- | C] () -- C:\Windows\System32\EPPICLocal_PT.cfg
[2009/09/21 13:54:02 | 00,006,347 | ---- | C] () -- C:\Windows\System32\EPPICLocal_BP.cfg
[2009/09/21 13:54:02 | 00,006,335 | ---- | C] () -- C:\Windows\System32\EPPICLocal_GE.cfg
[2009/09/21 13:54:02 | 00,006,195 | ---- | C] () -- C:\Windows\System32\EPPICLocal_FR.cfg
[2009/09/21 13:54:02 | 00,006,195 | ---- | C] () -- C:\Windows\System32\EPPICLocal_CF.cfg
[2009/09/21 13:54:02 | 00,006,122 | ---- | C] () -- C:\Windows\System32\EPPICLocal_DU.cfg
[2009/09/21 13:54:02 | 00,006,103 | ---- | C] () -- C:\Windows\System32\EPPICLocal_ES.cfg
[2009/09/21 13:54:02 | 00,005,817 | ---- | C] () -- C:\Windows\System32\EPPICLocal_KO.cfg
[2009/09/21 13:54:02 | 00,005,436 | ---- | C] () -- C:\Windows\System32\EPPICLocal_SC.cfg
[2009/09/21 13:54:02 | 00,004,943 | ---- | C] () -- C:\Windows\System32\EPPICPattern6.dat
[2009/09/21 13:54:02 | 00,002,889 | ---- | C] () -- C:\Windows\System32\EPPICLocal_RU.cfg
[2009/09/21 13:54:02 | 00,002,426 | ---- | C] () -- C:\Windows\System32\EPPICLocal_TC.cfg
[2009/09/21 13:54:02 | 00,001,146 | ---- | C] () -- C:\Windows\System32\EPPICPresetData_DU.dat
[2009/09/21 13:54:02 | 00,001,139 | ---- | C] () -- C:\Windows\System32\EPPICPresetData_PT.dat
[2009/09/21 13:54:02 | 00,001,139 | ---- | C] () -- C:\Windows\System32\EPPICPresetData_BP.dat
[2009/09/21 13:54:02 | 00,001,136 | ---- | C] () -- C:\Windows\System32\EPPICPresetData_ES.dat
[2009/09/21 13:54:02 | 00,001,129 | ---- | C] () -- C:\Windows\System32\EPPICPresetData_FR.dat
[2009/09/21 13:54:02 | 00,001,129 | ---- | C] () -- C:\Windows\System32\EPPICPresetData_CF.dat
[2009/09/21 13:54:02 | 00,001,120 | ---- | C] () -- C:\Windows\System32\EPPICPresetData_IT.dat
[2009/09/21 13:54:02 | 00,001,107 | ---- | C] () -- C:\Windows\System32\EPPICPresetData_GE.dat
[2009/09/21 13:54:02 | 00,001,104 | ---- | C] () -- C:\Windows\System32\EPPICPresetData_EN.dat
[2009/09/21 13:53:53 | 00,002,018 | ---- | C] () -- C:\Users\Public\Desktop\EPSON Stylus SX200_SX400_TX200_TX400 Manual.lnk
[2009/09/21 13:50:40 | 00,000,767 | ---- | C] () -- C:\Users\Public\Desktop\EPSON Scan.lnk
[2009/09/21 13:50:19 | 00,000,025 | ---- | C] () -- C:\Windows\CDE SX400DEFGIPS.ini
[2009/09/20 14:20:15 | 00,001,798 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Device Detector 3.lnk
[2009/09/20 14:20:15 | 00,001,113 | ---- | C] () -- C:\Users\lise\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OneNote 2007 Screen Clipper and Launcher.lnk
[2009/09/20 02:28:21 | 00,031,524 | ---- | C] () -- C:\Users\lise\Desktop\ProcessPayment.ice.htm
[2009/09/19 14:18:05 | 00,000,162 | -H-- | C] () -- C:\Users\lise\Desktop\~$complaint.docx
[2009/09/19 14:18:04 | 00,017,955 | ---- | C] () -- C:\Users\lise\Desktop\o2complaint.docx
[2009/09/16 11:54:11 | 00,452,913 | ---- | C] () -- C:\Users\lise\Desktop\the_hsc_complaints_procedure_directions__ni__2009.pdf
[2009/09/11 12:34:36 | 00,023,436 | ---- | C] () -- C:\Users\lise\Desktop\pgeorderresult.aspx.htm
[2009/09/09 12:42:35 | 00,032,784 | ---- | C] () -- C:\ProgramData\nvModes.001
[2009/09/09 03:29:09 | 02,501,921 | ---- | C] () -- C:\Windows\System32\wlan.tmf
[2009/09/09 03:20:55 | 00,032,784 | ---- | C] () -- C:\ProgramData\nvModes.dat
[2009/09/09 02:48:19 | 00,000,820 | ---- | C] () -- C:\Users\Public\Desktop\Malwarebytes' Anti-Malware.lnk
[2009/09/09 01:53:43 | 00,001,876 | ---- | C] () -- C:\Users\lise\Desktop\HijackThis.lnk
[2009/09/08 23:55:00 | 00,360,030 | ---- | C] () -- C:\Users\lise\Desktop\bookmarks.html
[2009/09/08 23:54:33 | 00,167,304 | ---- | C] () -- C:\Users\lise\Desktop\Bookmarks 2009-09-08.json
[2009/09/08 16:32:52 | 00,053,586 | ---- | C] () -- C:\Users\lise\Desktop\viewbooking.asp.htm
[2009/09/03 22:38:52 | 00,000,056 | -H-- | C] () -- C:\ProgramData\ezsidmv.dat
[2009/08/05 11:53:43 | 00,114,688 | ---- | C] () -- C:\Windows\System32\OdiOlDVR.dll
[2009/08/05 11:53:43 | 00,053,248 | ---- | C] () -- C:\Windows\System32\OdiAPI.dll
[2009/08/03 15:07:42 | 00,403,816 | ---- | C] () -- C:\Windows\System32\OGACheckControl.dll
[2009/07/19 11:29:21 | 00,000,124 | ---- | C] () -- C:\Windows\Readiris.ini
[2009/07/19 11:29:18 | 00,023,040 | ---- | C] () -- C:\Windows\System32\irisco32.dll
[2009/06/05 10:19:27 | 00,000,728 | ---- | C] () -- C:\Windows\{4507868A-A9CD-4ECC-BD54-0EAB6EE81D42}_WiseFW.ini
[2009/05/26 02:41:02 | 03,980,163 | -H-- | C] () -- C:\Users\lise\AppData\Local\IconCache.db
[2009/05/22 21:41:14 | 00,000,000 | ---- | C] () -- C:\ProgramData\LauncherAccess.dt
[2009/05/22 21:26:30 | 00,005,632 | ---- | C] () -- C:\Windows\System32\drivers\StarOpen.sys
[2009/05/05 01:14:13 | 00,000,258 | RHS- | C] () -- C:\ProgramData\ntuser.pol
[2008/11/03 22:18:32 | 00,000,024 | ---- | C] () -- C:\Windows\cdplayer.ini
[2008/10/08 23:13:13 | 00,717,296 | ---- | C] () -- C:\Windows\System32\drivers\sptd.sys
[2008/04/21 23:47:18 | 00,001,356 | ---- | C] () -- C:\Users\lise\AppData\Local\d3d9caps.dat
[2008/04/01 22:55:11 | 00,008,520 | ---- | C] () -- C:\Users\lise\AppData\Roaming\wklnhst.dat
[2008/03/30 22:11:58 | 00,025,600 | ---- | C] () -- C:\Users\lise\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2008/03/20 14:46:25 | 00,111,512 | ---- | C] () -- C:\Users\lise\AppData\Local\GDIPFONTCACHEV1.DAT
[2008/01/16 03:21:38 | 00,000,342 | ---- | C] () -- C:\ProgramData\hpzinstall.log
[2008/01/16 03:02:11 | 00,327,680 | ---- | C] () -- C:\Windows\System32\pythoncom25.dll
[2008/01/16 03:02:11 | 00,102,400 | ---- | C] () -- C:\Windows\System32\pywintypes25.dll
[2007/06/27 08:00:00 | 01,777,664 | ---- | C] () -- C:\Windows\System32\ZHP1600R.DLL
[2007/06/27 08:00:00 | 00,749,568 | ---- | C] () -- C:\Windows\System32\AGI1600.DLL
[2007/01/08 07:52:00 | 00,011,264 | ---- | C] () -- C:\Windows\System32\sssegfilter.dll
[2007/01/08 07:51:58 | 00,217,088 | ---- | C] () -- C:\Windows\System32\ssminidriver.dll
[2007/01/08 07:51:58 | 00,027,136 | ---- | C] () -- C:\Windows\System32\ssimgfilter.dll
[2007/01/08 07:51:56 | 00,010,752 | ---- | C] () -- C:\Windows\System32\sserrhandler.dll
[2006/12/04 01:25:14 | 00,022,723 | ---- | C] () -- C:\Windows\System32\suge1l3.dll
[2006/11/02 13:50:50 | 00,000,174 | -HS- | C] () -- C:\Program Files\desktop.ini
[2006/11/02 13:35:32 | 00,005,632 | ---- | C] () -- C:\Windows\System32\sysprepMCE.dll
[2006/11/02 11:23:31 | 00,000,219 | ---- | C] () -- C:\Windows\win.ini
[2006/11/02 11:23:31 | 00,000,215 | ---- | C] () -- C:\Windows\system.ini
[2006/11/02 08:40:29 | 00,013,750 | ---- | C] () -- C:\Windows\System32\pacerprf.ini
< End of report >


OTL Extras logfile created on: 08/10/2009 02:37:34 - Run 1
OTL by OldTimer - Version 3.0.18.4 Folder = C:\Users\lise\Downloads
Windows Vista Home Premium Edition Service Pack 1 (Version = 6.0.6001) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18813)
Locale: 00000809 | Country: United Kingdom | Language: ENG | Date Format: dd/MM/yyyy

2.00 Gb Total Physical Memory | 1.57 Gb Available Physical Memory | 78.68% Memory free
4.00 Gb Paging File | 4.00 Gb Available in Paging File | 100.00% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 287.82 Gb Total Space | 95.66 Gb Free Space | 33.24% Space Free | Partition Type: NTFS
Drive D: | 10.27 Gb Total Space | 1.01 Gb Free Space | 9.86% Space Free | Partition Type: NTFS
Drive E: | 277.74 Mb Total Space | 0.00 Mb Free Space | 0.00% Space Free | Partition Type: CDFS
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded
Drive K: | 465.65 Gb Total Space | 419.95 Gb Free Space | 90.19% Space Free | Partition Type: FAT32
Drive M: | 465.65 Gb Total Space | 381.16 Gb Free Space | 81.86% Space Free | Partition Type: FAT32

Computer Name: LISE-PC
Current User Name: lise
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: All users
Company Name Whitelist: Off
Skip Microsoft Files: Off
File Age = 30 Days
Output = Standard

========== Extra Registry (SafeList) ==========


========== File Associations ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.chm [@ = chm.file] -- C:\Windows\hh.exe (Microsoft Corporation)
.hlp [@ = hlpfile] -- C:\Windows\winhlp32.exe (Microsoft Corporation)
.html [@ = htmlfile] -- C:\Program Files\Internet Explorer\IEXPLORE.EXE (Microsoft Corporation)

[HKEY_USERS\S-1-5-21-1046387610-3232659887-153465472-1000\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation)

========== Shell Spawning ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %* File not found
chm.file [open] -- "%SystemRoot%\hh.exe" %1 (Microsoft Corporation)
cmdfile [open] -- "%1" %* File not found
comfile [open] -- "%1" %* File not found
exefile [open] -- "%1" %* File not found
helpfile [open] -- Reg Error: Key error.
hlpfile [open] -- %SystemRoot%\winhlp32.exe %1 (Microsoft Corporation)
htmlfile [edit] -- "C:\Program Files\Microsoft Office\Office12\msohtmed.exe" %1 (Microsoft Corporation)
htmlfile [open] -- "C:\Program Files\Internet Explorer\IEXPLORE.EXE" -nohome (Microsoft Corporation)
htmlfile [opennew] -- "C:\Program Files\Internet Explorer\IEXPLORE.EXE" %1 (Microsoft Corporation)
http [open] -- "C:\Program Files\Internet Explorer\IEXPLORE.EXE" -nohome (Microsoft Corporation)
https [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" -nohome (Microsoft Corporation)
piffile [open] -- "%1" %* File not found
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1" File not found
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l (Microsoft Corporation)
scrfile [open] -- "%1" /S File not found
txtfile [edit] -- Reg Error: Key error.
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [OneNote.Open] -- C:\PROGRA~1\MICROS~3\Office12\ONENOTE.EXE "%L" (Microsoft Corporation)
Directory [Winamp.Bookmark] -- "C:\Program Files\Winamp\winamp.exe" /BOOKMARK "%1" (Nullsoft)
Directory [Winamp.Enqueue] -- "C:\Program Files\Winamp\winamp.exe" /ADD "%1" (Nullsoft)
Directory [Winamp.Play] -- "C:\Program Files\Winamp\winamp.exe" "%1" (Nullsoft)
Folder [open] -- %SystemRoot%\Explorer.exe /separate,/idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /separate,/e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Applications\iexplore.exe [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
CLSID\{871C5380-42A0-1069-A2EA-08002B30309D} [OpenHomePage] -- "C:\Program Files\Internet Explorer\iexplore.exe" (Microsoft Corporation)

========== Security Center Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1
"FirewallDisableNotify" = 0
"AntiVirusDisableNotify" = 0

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
"DisableMonitoring" = 1

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]
"DisableMonitoring" = 1

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]
"DisableMonitoring" = 1

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
"VistaSp1" = Reg Error: Unknown registry data type -- File not found

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1

========== Authorized Applications List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]


========== Vista Active Open Ports Exception List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{0058E55C-3C10-497F-A3C9-86F8159B4A7A}" = rport=139 | protocol=6 | dir=out | app=system |
"{0C04E8E5-33BC-49DD-A0D4-11F71F98769E}" = rport=445 | protocol=6 | dir=out | app=system |
"{21CC7D69-A224-4257-9E6B-8F0A05856A31}" = lport=6004 | protocol=17 | dir=in | app=c:\program files\microsoft office\office12\outlook.exe |
"{265F6819-5F9C-46AA-A3B8-AD5A33052DA8}" = lport=547 | protocol=17 | dir=in | svc=sharedaccess | app=%systemroot%\system32\svchost.exe |
"{2FF1AF7A-0E97-4407-BD84-A0CBD09BCCFA}" = lport=137 | protocol=17 | dir=in | app=system |
"{3203C59C-9CCC-4EC3-9560-B53B71C83FC2}" = lport=2869 | protocol=6 | dir=in | app=system |
"{35FB490B-DD2C-46A4-9E77-14155114FC53}" = lport=53 | protocol=17 | dir=in | svc=sharedaccess | app=%systemroot%\system32\svchost.exe |
"{432D71A4-9493-45D7-AE55-31B040273BFA}" = lport=138 | protocol=17 | dir=in | app=system |
"{4EDE14C6-3A98-49AD-B002-8D975EE8E87E}" = rport=138 | protocol=17 | dir=out | app=system |
"{51A1F9AE-792B-4890-9D35-15E738BE681D}" = lport=12440 | protocol=6 | dir=in | name=bitcomet 12440 tcp |
"{6E6CE707-8E5C-4AE1-A3E1-393DFB50CA35}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{74C2DFDA-C738-433A-9E38-B8EB6969A292}" = lport=2869 | protocol=6 | dir=in | app=system |
"{816191D2-38E5-4C7F-ABE4-65351F852283}" = lport=67 | protocol=17 | dir=in | svc=sharedaccess | app=%systemroot%\system32\svchost.exe |
"{8E2229A0-5384-4A07-818F-1F4374C891CE}" = lport=12440 | protocol=17 | dir=in | name=bitcomet 12440 udp |
"{8E44700D-0F93-418B-8E31-CF93B18E5ACC}" = lport=rpc | protocol=6 | dir=in | svc=spooler | app=%systemroot%\system32\spoolsv.exe |
"{9832229D-F151-4859-A33B-311DA3D8E23B}" = lport=139 | protocol=6 | dir=in | app=system |
"{9AB86E7F-BE7A-4650-BE16-DC621EC18A68}" = lport=68 | protocol=17 | dir=in | svc=sharedaccess | app=%systemroot%\system32\svchost.exe |
"{C3548F38-8DF4-4048-8EFB-66CC6A6CFCB8}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=svchost.exe |
"{D099C2A5-412A-45BC-9EF5-5B31A75DE39D}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{D4E4C133-CD65-4D10-B58D-530C2C408BC3}" = rport=137 | protocol=17 | dir=out | app=system |
"{EF8B660B-D71E-4F23-B559-5754C94C29B0}" = rport=2869 | protocol=6 | dir=out | app=system |
"{F57433FD-6C71-4ABC-9440-71A649C6FE1C}" = lport=rpc-epmap | protocol=6 | dir=in | svc=rpcss | name=@firewallapi.dll,-28539 |
"{F60D5793-3C82-4EAB-9652-9B108C81B75C}" = lport=445 | protocol=6 | dir=in | app=system |

========== Vista Active Application Exception List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{006899C1-66CD-4D53-AFB6-DF3786FBEFE1}" = protocol=6 | dir=in | app=c:\program files\o2\bin\wificfg.exe |
"{00C4419C-1631-4D6C-A078-72C781FAE7B5}" = protocol=6 | dir=in | app=c:\program files\o2\agent\bin\bcont.exe |
"{0766D34D-9197-44EC-9C4D-D37B3E133C31}" = protocol=58 | dir=out | name=@firewallapi.dll,-28546 |
"{086C21B2-1D74-430B-83F5-9A4DACFEF10A}" = dir=in | app=c:\program files\windows live\messenger\wlcsdk.exe |
"{0D8DC040-9219-4F04-8696-987C1C1F1ED2}" = protocol=1 | dir=in | name=@firewallapi.dll,-28543 |
"{0F27C653-92F8-441E-B61F-C49D1E1D3009}" = protocol=17 | dir=in | app=c:\program files\common files\supportsoft\bin\ssrc.exe |
"{1021AA56-1227-44D7-9D75-DD723BDA50C3}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe |
"{1087C5BC-675A-46BA-9C3F-8D9A4634257B}" = protocol=58 | dir=in | name=@hnetcfg.dll,-148 |
"{1D62CD6B-0E79-40B2-9BB4-8FF91FA31FFE}" = protocol=1 | dir=out | name=@firewallapi.dll,-28544 |
"{1E8DBBF9-F3EB-4C10-AA11-704943243F1F}" = protocol=17 | dir=in | app=c:\program files\o2\bin\wificfg.exe |
"{2B9F2243-EC8A-4F0B-B87F-F81E1EB96121}" = protocol=6 | dir=in | app=c:\program files\sony ericsson\sony ericsson media manager\mediamanager.exe |
"{3002A7E3-3A72-45B1-B794-21C528167273}" = protocol=17 | dir=in | app=c:\program files\sony ericsson\sony ericsson media manager\mediamanager.exe |
"{35A0A9AB-0B3B-48C9-BBAD-C10463527840}" = protocol=6 | dir=in | app=c:\program files\microsoft office\office12\groove.exe |
"{3D54BECC-F191-4D0A-9C6B-0A21D0A1C534}" = protocol=6 | dir=in | app=c:\users\lise\appdata\local\temp\rarsfx0\hiw\recover.exe |
"{522E75E8-41A3-47BF-8BBE-B332822403F6}" = protocol=6 | dir=in | app=c:\program files\microsoft office\office12\onenote.exe |
"{618F2915-BC2F-4507-B899-86AA84FD751F}" = protocol=6 | dir=in | app=c:\program files\common files\supportsoft\bin\ssrc.exe |
"{71B5599F-D288-4639-89A0-C6F5783AB1D9}" = dir=in | app=c:\program files\cyberlink\powerdirector\pdr.exe |
"{86AC4AE4-7BA7-4263-9861-0FFAC8B1D2C5}" = protocol=17 | dir=in | app=c:\users\lise\appdata\local\temp\rarsfx0\hiw\recover.exe |
"{8E5243E3-4509-4B8D-97AF-0BE98B223825}" = protocol=17 | dir=in | app=c:\program files\o2\agent\bin\bcont_nm.exe |
"{9BD354FB-B56C-4022-B0BF-F8A131614456}" = protocol=58 | dir=in | name=@firewallapi.dll,-28545 |
"{A5031908-4B7E-4E0E-9A1B-1461F06C27F2}" = protocol=17 | dir=in | app=c:\program files\microsoft office\office12\groove.exe |
"{B8D44B83-824C-4CA6-9363-309F789A3B84}" = protocol=17 | dir=in | app=c:\program files\o2\agent\bin\bcont.exe |
"{C4D78485-0878-4425-826C-982B6E6772BF}" = dir=out | svc=sharedaccess | app=%systemroot%\system32\svchost.exe |
"{C81C322B-1126-4B72-993C-B78F6904F2DB}" = protocol=6 | dir=in | app=c:\program files\o2\agent\bin\bcont_nm.exe |
"{CE38D34E-22AE-4929-A2A7-975B138B9451}" = dir=in | app=c:\program files\windows live\messenger\msnmsgr.exe |
"{F5292BD0-424F-456E-A078-93AF0B5F3587}" = protocol=17 | dir=in | app=c:\program files\microsoft office\office12\onenote.exe |
"TCP Query User{34BE562F-84DB-4DF6-A4CD-79DB5E719DC6}C:\program files\sony ericsson\update service\update service.exe" = protocol=6 | dir=in | app=c:\program files\sony ericsson\update service\update service.exe |
"TCP Query User{63595E50-C1A6-44EC-BF14-B1249D3010A9}E:\software\o2\utilities\o2 static ip tool\staticiptool.exe" = protocol=6 | dir=in | app=e:\software\o2\utilities\o2 static ip tool\staticiptool.exe |
"TCP Query User{8D143C06-BB89-4D09-90E6-B01B65F0BF59}C:\program files\bitcomet\bitcomet.exe" = protocol=6 | dir=in | app=c:\program files\bitcomet\bitcomet.exe |
"TCP Query User{8F281344-9DDE-4383-99D8-DF1B444E7B26}C:\program files\internet explorer\iexplore.exe" = protocol=6 | dir=in | app=c:\program files\internet explorer\iexplore.exe |
"TCP Query User{CA6D898D-9620-4B0D-81C4-C63FF9F0FA10}C:\program files\videolan\vlc\vlc.exe" = protocol=6 | dir=in | app=c:\program files\videolan\vlc\vlc.exe |
"TCP Query User{F610FD6E-308F-4503-9F2F-71CA097488CE}C:\program files\bitcomet\bitcomet.exe" = protocol=6 | dir=in | app=c:\program files\bitcomet\bitcomet.exe |
"UDP Query User{44DC7E52-C949-4A38-803A-B32A453C2982}E:\software\o2\utilities\o2 static ip tool\staticiptool.exe" = protocol=17 | dir=in | app=e:\software\o2\utilities\o2 static ip tool\staticiptool.exe |
"UDP Query User{4D1C4BDE-F022-444B-9326-7602E86E0F63}C:\program files\bitcomet\bitcomet.exe" = protocol=17 | dir=in | app=c:\program files\bitcomet\bitcomet.exe |
"UDP Query User{630FF08E-1AFC-45F0-B82D-309E722E7DC7}C:\program files\sony ericsson\update service\update service.exe" = protocol=17 | dir=in | app=c:\program files\sony ericsson\update service\update service.exe |
"UDP Query User{66410F4B-A9F7-4A82-B6FB-B7C725F1973E}C:\program files\internet explorer\iexplore.exe" = protocol=17 | dir=in | app=c:\program files\internet explorer\iexplore.exe |
"UDP Query User{D812827C-E07B-47FE-9476-8220C123B207}C:\program files\bitcomet\bitcomet.exe" = protocol=17 | dir=in | app=c:\program files\bitcomet\bitcomet.exe |
"UDP Query User{E5F4C487-D60E-4FEA-B16B-FB4D1D4C06A6}C:\program files\videolan\vlc\vlc.exe" = protocol=17 | dir=in | app=c:\program files\videolan\vlc\vlc.exe |

========== HKEY_LOCAL_MACHINE Uninstall List ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{00203668-8170-44A0-BE44-B632FA4D780F}" = Adobe AIR
"{0096A731-71DB-4969-AF1A-651698B246A5}" = Sony Ericsson Media Manager 1.1
"{05BB2EC5-6BEF-4DDC-9E75-BEE7B161157A}" = Macromedia Dreamweaver MX 2004
"{0A2C5854-557E-48C8-835A-3B9F074BDCAA}" = Python 2.5
"{10A44844-4465-456E-8C97-80BDD4F68845}" = Windows Live ID Sign-in Assistant
"{11BB336F-0E58-4977-B866-F24FA334616B}" = HP Active Support Library
"{121634B0-2F4B-11D3-ADA3-00C04F52DD52}" = Windows Installer Clean Up
"{12A76360-388E-4B27-ABEB-D5FC5378DD2A}" = HPPhotoSmartPhotobookWebPack1
"{14D08502-FEE4-40E5-90D3-8A967A1D8BA2}" = Readiris Pro 10
"{15BC8CD0-A65B-47D0-A2DD-90A824590FA8}" = Microsoft Works
"{1FBF6C24-C1FD-4101-A42B-0C564F9E8E79}" = CyberLink DVD Suite Deluxe
"{20C45B32-5AB6-46A4-94EF-58950CAF05E5}" = EPSON Attach To Email
"{22B775E7-6C42-4FC5-8E10-9A5E3257BD94}" = MSVCRT
"{236BB7C4-4419-42FD-0409-1E257A25E34D}" = Adobe Photoshop CS2
"{254C37AA-6B72-4300-84F6-98A82419187E}" = Hewlett-Packard Active Check
"{26A24AE4-039D-4CA4-87B4-2F83216016FF}" = Java™ 6 Update 16
"{2A88F1BF-7041-4E42-84B1-6B4ACB83AC64}" = EPSON Scan Assistant
"{2FFE93F0-BB72-4E52-8761-354D1AAA9387}" = Sony Ericsson PC Suite 4.010.00
"{34BFB099-07B2-4E95-A673-7362D60866A2}" = PSSWCORE
"{3B4E636E-9D65-4D67-BA61-189800823F52}" = Windows Live Communications Platform
"{40BF1E83-20EB-11D8-97C5-0009C5020658}" = Power2Go
"{4102037D-E8E0-48E0-B203-E521D194FB71}" = NETGEAR WG111v2 wireless USB 2.0 adapter
"{42EDF895-158C-484E-A7F2-42B90759F281}" = Camera RAW Plug-In for EPSON Creativity Suite
"{4507868A-A9CD-4ECC-BD54-0EAB6EE81D42}" = O2 Broadband Assistant
"{46CBBDF8-55B5-40DB-B459-7B848394309C}" = EPSON File Manager
"{4817189D-1785-4627-A33C-39FD90919300}" = The Sims 2 Pets
"{56C049BE-79E9-4502-BEA7-9754A3E60F9B}" = neroxml
"{5B09BD67-4C99-46A1-8161-B7208CE18121}" = QuickTime
"{64EEA791-0271-4B53-00AC-2BF05F5FBEF6}" = The Sims™ Castaway Stories
"{669D4A35-146B-4314-89F1-1AC3D7B88367}" = Hewlett-Packard Asset Agent for Health Check
"{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable
"{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
"{77DCDCE3-2DED-62F3-8154-05E745472D07}" = Acrobat.com
"{786C5747-1033-0000-B58E-000000000001}" = Adobe Stock Photos 1.0
"{7B3577F5-1D82-4C9B-008B-69D026FD8BCA}" = The Sims 2 Open For Business
"{81128EE8-8EAD-4DB0-85C6-17C2CE50FF71}" = Windows Live Essentials
"{8A8F8391-4C2C-4BE1-A984-CD4A5A546467}" = EPSON Easy Photo Print
"{90120000-0015-0409-0000-0000000FF1CE}" = Microsoft Office Access MUI (English) 2007
"{90120000-0015-0409-0000-0000000FF1CE}_ENTERPRISE_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0016-0409-0000-0000000FF1CE}" = Microsoft Office Excel MUI (English) 2007
"{90120000-0016-0409-0000-0000000FF1CE}_ENTERPRISE_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0018-0409-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (English) 2007
"{90120000-0018-0409-0000-0000000FF1CE}_ENTERPRISE_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0019-0409-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (English) 2007
"{90120000-0019-0409-0000-0000000FF1CE}_ENTERPRISE_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-001A-0409-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (English) 2007
"{90120000-001A-0409-0000-0000000FF1CE}_ENTERPRISE_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-001B-0409-0000-0000000FF1CE}" = Microsoft Office Word MUI (English) 2007
"{90120000-001B-0409-0000-0000000FF1CE}_ENTERPRISE_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007
"{90120000-001F-0409-0000-0000000FF1CE}_ENTERPRISE_{ABDDE972-355B-4AF1-89A8-DA50B7B5C045}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2007
"{90120000-001F-040C-0000-0000000FF1CE}_ENTERPRISE_{F580DDD5-8D37-4998-968E-EBB76BB86787}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-001F-0C0A-0000-0000000FF1CE}" = Microsoft Office Proof (Spanish) 2007
"{90120000-001F-0C0A-0000-0000000FF1CE}_ENTERPRISE_{187308AB-5FA7-4F14-9AB9-D290383A10D9}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-0020-0409-0000-0000000FF1CE}" = Compatibility Pack for the 2007 Office system
"{90120000-002C-0409-0000-0000000FF1CE}" = Microsoft Office Proofing (English) 2007
"{90120000-0030-0000-0000-0000000FF1CE}" = Microsoft Office Enterprise 2007
"{90120000-0030-0000-0000-0000000FF1CE}_ENTERPRISE_{0B36C6D6-F5D8-4EAF-BF94-4376A230AD5B}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0044-0409-0000-0000000FF1CE}" = Microsoft Office InfoPath MUI (English) 2007
"{90120000-0044-0409-0000-0000000FF1CE}_ENTERPRISE_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-006E-0409-0000-0000000FF1CE}" = Microsoft Office Shared MUI (English) 2007
"{90120000-006E-0409-0000-0000000FF1CE}_ENTERPRISE_{DE5A002D-8122-4278-A7EE-3121E7EA254E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-00A1-0409-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (English) 2007
"{90120000-00A1-0409-0000-0000000FF1CE}_ENTERPRISE_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-00BA-0409-0000-0000000FF1CE}" = Microsoft Office Groove MUI (English) 2007
"{90120000-00BA-0409-0000-0000000FF1CE}_ENTERPRISE_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0114-0409-0000-0000000FF1CE}" = Microsoft Office Groove Setup Metadata MUI (English) 2007
"{90120000-0114-0409-0000-0000000FF1CE}_ENTERPRISE_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0115-0409-0000-0000000FF1CE}" = Microsoft Office Shared Setup Metadata MUI (English) 2007
"{90120000-0115-0409-0000-0000000FF1CE}_ENTERPRISE_{DE5A002D-8122-4278-A7EE-3121E7EA254E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0117-0409-0000-0000000FF1CE}" = Microsoft Office Access Setup Metadata MUI (English) 2007
"{90120000-0117-0409-0000-0000000FF1CE}_ENTERPRISE_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{95120000-00AF-0409-0000-0000000FF1CE}" = Microsoft Office PowerPoint Viewer 2007 (English)
"{95120000-00B9-0409-0000-0000000FF1CE}" = Microsoft Application Error Reporting
"{9885A11E-60E4-417C-B58B-8B31B21C0B8A}" = HP Easy Setup - Frontend
"{9C244239-ED8E-40f1-937F-51C706CD2160}" = The Sims™ 2 Deluxe
"{9DBA770F-BF73-4D39-B1DF-6035D95268FC}" = HP Customer Feedback
"{A5BA14E0-7384-11D4-BAE7-00409631A2C8}" = Macromedia Extension Manager
"{A85FD55B-891B-4314-97A5-EA96C0BD80B5}" = Windows Live Messenger
"{AC76BA86-7AD7-1033-7B44-A90000000001}" = Adobe Reader 9
"{ACF60000-22B9-4CE9-98D6-2CCF359BAC07}" = ABBYY FineReader 6.0 Sprint
"{AFAD41A9-9687-48A3-848F-693C11451433}" = HP Customer Experience Enhancements
"{B2544A03-10D0-4E5E-BA69-0362FFC20D18}" = OGA Notifier 2.0.0048.0
"{B74D4E10-1033-0000-0000-000000000001}" = Adobe Bridge 1.0
"{B74F042E-E1B9-4A5B-8D46-387BB172F0A4}" = Apple Software Update
"{BAD0FA60-09CF-4411-AE6A-C2844C8812FA}" = HP Photosmart Essential 2.5
"{BE282C23-5484-47FF-B2C1-EBEA5C891033}" = Nero 8
"{C59C179C-668D-49A9-B6EA-0121CCFC1243}" = LabelPrint
"{CB099890-1D5F-11D5-9EA9-0050BAE317E1}" = PowerDirector
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{E08DC77E-D09A-4e36-8067-D6DBBCC5F8DC}" = VideoToolkit01
"{e96b3d28-47d6-43cc-98fd-7069eeab6b11}" = HP Total Care Advisor
"{E9787678-1033-0000-8E67-000000000001}" = Adobe Help Center 1.0
"{ECA2B21B-A180-4775-B93F-6E404E36A8CC}" = MSRuntime Libraries
"{F0E12BBA-AD66-4022-A453-A1C8A0C4D570}" = Microsoft Choice Guard
"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
"{F333A33D-125C-32A2-8DCE-5C5D14231E27}" = Visual C++ 2008 x86 Runtime - (v9.0.30729)
"{F333A33D-125C-32A2-8DCE-5C5D14231E27}.vc_x86runtime_30729_01" = Visual C++ 2008 x86 Runtime - v9.0.30729.01
"{F6BD194C-4190-4D73-B1B1-C48C99921BFE}" = Windows Live Call
"{FB91E774-867B-4567-ACE7-8144EF036068}" = Olympus Digital Wave Player
"{FE0646A7-19D0-41B4-A2BB-2C35D644270D}" = Windows Live OneCare safety scanner
"{FE57DE70-95DE-4B64-9266-84DA811053DB}" = HP Update
"Adobe Flash Player ActiveX" = Adobe Flash Player ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin
"Adobe Photoshop CS2 - {236BB7C4-4419-42FD-0409-1E257A25E34D}" = Adobe Photoshop CS2
"Advanced JPEG Compressor_is1" = Advanced JPEG Compressor 5.0
"avast!" = avast! Antivirus
"BitComet" = BitComet 0.70
"CCleaner" = CCleaner (remove only)
"CDex" = CDex extraction audio
"com.adobe.mauby.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1" = Acrobat.com
"DAEMON Tools Toolbar" = DAEMON Tools Toolbar
"ENTERPRISE" = Microsoft Office Enterprise 2007
"EPSON Scanner" = EPSON Scan
"EPSON Stylus SX200_SX400_TX200_TX400 User’s Guide" = EPSON Stylus SX200_SX400_TX200_TX400 Manual
"EPSON Stylus SX400 Series" = EPSON Stylus SX400 Series Printer Uninstall
"HijackThis" = HijackThis 2.0.2
"HP Photosmart Essential" = HP Photosmart Essential 2.5
"InstallShield_{20C45B32-5AB6-46A4-94EF-58950CAF05E5}" = EPSON Attach To Email
"InstallShield_{CB099890-1D5F-11D5-9EA9-0050BAE317E1}" = PowerDirector
"Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"Mozilla Firefox (3.5.2)" = Mozilla Firefox (3.5.2)
"Network Play System (Patching)" = Network Play System (Patching)
"NVIDIA Drivers" = NVIDIA Drivers
"NVIDIAStereo" = NVIDIA Stereoscopic 3D Driver
"OfficeTrial" = Microsoft Office Home and Student 60 day trial
"OsdMaestro" = HP On-Screen Cap/Num/Scroll Lock Indicator
"RealPlayer 6.0" = RealPlayer
"SAMSUNG Mobile Modem" = SAMSUNG Mobile Modem Driver Set
"Samsung Mobile phone USB driver" = Samsung Mobile phone USB driver Software
"SAMSUNG Mobile USB Modem" = SAMSUNG Mobile USB Modem Software
"SAMSUNG Mobile USB Modem 1.0" = SAMSUNG Mobile USB Modem 1.0 Software
"The Sims" = The Sims
"Update Service" = Update Service
"VLC media player" = VideoLAN VLC media player 0.8.6e
"WildTangent hp Master Uninstall" = My HP Games
"Winamp" = Winamp
"WinLiveSuite_Wave3" = Windows Live Essentials
"WinRAR archiver" = WinRAR archiver

========== Last 10 Event Log Errors ==========

[ Antivirus Events ]
Error - 17/04/2009 15:25:05 | Computer Name = lise-PC | Source = avast! | ID = 33554522
Description = AAVM - initialization error: AavmStart: avworkInitialize failed, 0000A438.


Error - 18/04/2009 06:25:28 | Computer Name = lise-PC | Source = avast! | ID = 33554522
Description = AAVM - initialization error: AavmStart: avworkInitialize failed, 0000A438.


Error - 18/04/2009 15:18:36 | Computer Name = lise-PC | Source = avast! | ID = 33554522
Description = AAVM - initialization error: AavmStart: avworkInitialize failed, 0000A438.


Error - 19/04/2009 07:06:07 | Computer Name = lise-PC | Source = avast! | ID = 33554522
Description = AAVM - initialization error: AavmStart: avworkInitialize failed, 0000A438.


Error - 19/04/2009 15:04:02 | Computer Name = lise-PC | Source = avast! | ID = 33554522
Description = AAVM - initialization error: AavmStart: avworkInitialize failed, 0000A438.


Error - 13/09/2009 06:14:19 | Computer Name = lise-PC | Source = avast! | ID = 33554522
Description = Error in aswChestS: chest s_NewFile Error 112.

Error - 13/09/2009 06:14:19 | Computer Name = lise-PC | Source = avast! | ID = 33554522
Description = Error in aswChestC: chestAddFile Error 112.

Error - 13/09/2009 08:38:23 | Computer Name = lise-PC | Source = avast! | ID = 33554522
Description = Error in aswChestS: chest s_NewFile Error 112.

Error - 13/09/2009 08:38:23 | Computer Name = lise-PC | Source = avast! | ID = 33554522
Description = Error in aswChestC: chestAddFile Error 112.

Error - 15/09/2009 05:32:55 | Computer Name = lise-PC | Source = avast! | ID = 33554522
Description = AAVM - scanning error: x_AavmCheckFileDirectEx: avfilesScanReal of
C:\Program Files\Common Files\microsoft shared\DW\DW20.EXE failed, 00000005.

[ Application Events ]
Error - 21/09/2009 08:59:52 | Computer Name = lise-PC | Source = VSS | ID = 8194
Description =

Error - 21/09/2009 09:00:41 | Computer Name = lise-PC | Source = VSS | ID = 8194
Description =

Error - 21/09/2009 09:01:07 | Computer Name = lise-PC | Source = VSS | ID = 8194
Description =

Error - 21/09/2009 09:02:37 | Computer Name = lise-PC | Source = VSS | ID = 8194
Description =

Error - 21/09/2009 09:03:04 | Computer Name = lise-PC | Source = VSS | ID = 8194
Description =

Error - 21/09/2009 10:02:15 | Computer Name = lise-PC | Source = VSS | ID = 8194
Description =

Error - 21/09/2009 10:03:42 | Computer Name = lise-PC | Source = VSS | ID = 8194
Description =

Error - 21/09/2009 10:04:25 | Computer Name = lise-PC | Source = VSS | ID = 8194
Description =

Error - 21/09/2009 22:51:23 | Computer Name = lise-PC | Source = Application Hang | ID = 1002
Description = The program SUPERAntiSpyware.exe version 4.27.0.1002 stopped interacting
with Windows and was closed. To see if more information about the problem is available,
check the problem history in the Problem Reports and Solutions control panel. Process
ID: 940 Start Time: 01ca3b0602cb9266 Termination Time: 60000

Error - 24/09/2009 17:12:53 | Computer Name = lise-PC | Source = Application Error | ID = 1000
Description = Faulting application iexplore.exe, version 8.0.6001.18813, time stamp
0x4a6621ae, faulting module wmphoto.dll, version 6.0.6001.18000, time stamp 0x4791a813,
exception code 0xc0000005, fault offset 0x0000ab99, process id 0x724, application
start time 0x01ca3d5bc4c44769.

[ OSession Events ]
Error - 02/05/2008 08:30:20 | Computer Name = lise-PC | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 0, Application Name: Microsoft Office Word, Application Version:
12.0.4518.1014, Microsoft Office Version: 12.0.4518.1014. This session lasted 8788
seconds with 1020 seconds of active time. This session ended with a crash.

Error - 17/09/2009 22:57:58 | Computer Name = lise-PC | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 0, Application Name: Microsoft Office Word, Application Version:
12.0.6504.5000, Microsoft Office Version: 12.0.6425.1000. This session lasted 7319
seconds with 0 seconds of active time. This session ended with a crash.

[ System Events ]
Error - 07/10/2009 03:59:28 | Computer Name = lise-PC | Source = Service Control Manager | ID = 7000
Description =

Error - 07/10/2009 11:48:08 | Computer Name = lise-PC | Source = HTTP | ID = 15016
Description =

Error - 07/10/2009 11:49:24 | Computer Name = lise-PC | Source = Service Control Manager | ID = 7000
Description =

Error - 07/10/2009 11:49:24 | Computer Name = lise-PC | Source = Service Control Manager | ID = 7000
Description =

Error - 07/10/2009 17:37:26 | Computer Name = lise-PC | Source = HTTP | ID = 15016
Description =

Error - 07/10/2009 17:38:40 | Computer Name = lise-PC | Source = Service Control Manager | ID = 7000
Description =

Error - 07/10/2009 17:38:40 | Computer Name = lise-PC | Source = Service Control Manager | ID = 7000
Description =

Error - 07/10/2009 21:17:30 | Computer Name = lise-PC | Source = HTTP | ID = 15016
Description =

Error - 07/10/2009 21:18:32 | Computer Name = lise-PC | Source = Service Control Manager | ID = 7000
Description =

Error - 07/10/2009 21:18:32 | Computer Name = lise-PC | Source = Service Control Manager | ID = 7000
Description =


< End of report >

Edited by nimm-1033, 08 October 2009 - 05:06 AM.


#13 extremeboy

extremeboy

  • Malware Response Team
  • 12,975 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:08:49 AM

Posted 08 October 2009 - 05:00 PM

Hello.

have you ever seen/herd of avast giving a red pop up saying that your trial period is coming to an end and to click to resolve the problem? it pops up in the bottom right corner of the desk top after boot up for a few minuets at a time-- i haven't clicked it but i thought id ask you it just in case-

Perhaps it is indeed expired, you may need to "re-new" it to get the new key.

have also randomly lost sound - cheeked the speakers are plugged in etc.

What do you mean by random lost sounds? Please explain further on that.

so far i have only had Firefox hang on me once and explorer crashed out on start up(different times),

Let me know if it continues to happen.

as i type the text seems to have lag between what i type and whta comes up on screen

I had this problem before, I forgot what was the exact culprit though. It could of been the connection, site or just how much memory your computer has.

till cannot access hotmail through firefox i get this every time

Run ATFCleaner...

Download and Run ATFCleaner

Please download ATF Cleaner by Atribune. This program will clear out temporary files and settings. You will likely be logged out of the forum where you are recieving help.
  • Double-click ATF-Cleaner.exe to run the program.
  • Under Main Select Files to Delete choose: Select All.
  • Click the Empty Selected button.
If you use Firefox browser also...
  • Click Firefox at the top and choose: Select All
  • Click the Empty Selected button.
    NOTE: If you would like to keep your saved passwords, please click No at the prompt.
If you use Opera browser also...
  • Click Opera at the top and choose: Select All
  • Click the Empty Selected button.
    NOTE: If you would like to keep your saved passwords, please click No at the prompt.
Then go to the hotmail.com website, and tell me if you get that message WHEN you go on that site OR when you try to LOG IN?

is there any chance that this could have passed onto my external hard drives as i had been backing up my photos videos etc because i thought the PC was shot.? can any of this stuff destroy or damage my photos ?

Yes, it's possible that your external hard-drive may be infected, but your photos should all be fine.

----

Peer-to-Peer Programs Warning

Your log shows that you are using so called peer-to-peer or file-sharing programs (in your case BitComet 0.70). These programs allow to share files between users as the name(s) suggest. In today's world cyber crime has come to an enormous dimension and any means is used to infect personal computers to make use of their stored data or machine power for further propagation of the malware files. A popular means is the use of file-sharing tools as a tremendous amount of prospective victims can be reached through it.

It is therefore possible to be infected by downloading manipulated files via peer-to-peer tools and thus suggested to be used with intense care. Some further readings on this subject, along the included links, are as follows: File-Sharing, otherwise known as Peer To Peer and Risks of File-Sharing Technology.

It is also important to note that sharing entertainment files and proprietary software infringes the copyright laws in many countries over the world and you are putting yourself at risk of being indicted through organizations watching over the rights of the authors of such files (i.e. the RIAA for music files, or the MPAA for movie files in the USA) or the authors of the files themselves.

Naturally there are also legal ways to use these services, such as downloading Linux distributions or office suites such as "Open Office."

It is your decision whether or not you wish to keep your program(s) but I suggest you remove it via add/remove. However, please refrain from using them until your computer has been declared clean.

Run ESET Online Scan
  • Hold down Control and click on the following link to open ESET OnlineScan in a new window.
    ESET OnlineScan
  • Click the Posted Image button.
  • For alternate browsers only: (Microsoft Internet Explorer users can skip these steps)
    • Click on Posted Image to download the ESET Smart Installer. Save it to your desktop.
    • Double click on the Posted Image icon on your desktop.
  • Check Posted Image
  • Click the Posted Image button.
  • Accept any security warnings from your browser.
  • Check Posted Image
  • Push the Start button.
  • ESET will then download updates for itself, install itself, and begin scanning your computer. Please be patient as this can take some time.
  • When the scan completes, push Posted Image
  • Push Posted Image, and save the file to your desktop using a unique name, such as ESETScan. Include the contents of this report in your next reply.
  • Push the Posted Image button.
  • Push Posted Image
You can refer to this animation by neomage if needed.

Take a new DDS run afterward and post back with both the DDS and Attach logs in your next reply. Also, let me know how your computer is running and if you have any more problems, issues or symptoms left.

Thanks.

With Regards,
Extremeboy
Note: Please do not PM me asking for help, instead please post it in the correct forum requesting for help. Help requests via the PM system will be ignored.

If I'm helping you and I don't reply within 48 hours please feel free to send me a PM.

The help you receive here is always free but if you wish to show your appreciation, you may wish to Posted Image.

#14 nimm-1033

nimm-1033
  • Topic Starter

  • Members
  • 9 posts
  • OFFLINE
  •  
  • Local time:12:49 PM

Posted 12 October 2009 - 09:12 PM

having connection prbs cant seem to stay online more then a few mins 02 sending new hardware update u asap

Lise

#15 extremeboy

extremeboy

  • Malware Response Team
  • 12,975 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:08:49 AM

Posted 13 October 2009 - 03:34 PM

Hello.

If your connection have problems, then download and run this scanner instead..

Download and Run Kaspersky Virus Removal Tool

I suggest you read over the instructions and then print/save the instructions onto notepad or somewhere so you can have a reference and follow the instructions correctly when in Safe Mode; since you won't have access to this page anymore
  • Please download Kaspersky Virus-Removal Tool and save it to your desktop.
  • Alternate Download Mirror 2
  • Reboot your computer into SafeMode.
    You can do this by restarting your computer and continually tapping the F8 key until a menu appears. Then, use your up arrow key to highlight SafeMode then hit enter. Additional instructions can be found over here
  • Please disable all anti-malware protection before running this tool. Refer to this page if you are not sure how.
  • Double click the installer on your desktop and follow the prompts. Kaspersky Virus Removal Tool will open after the installation. If you are using Vista, please right-click and select run as administrator
  • Click Next to continue.
  • It will by default install it to your desktop folder. Click Next.
  • Hit Ok at the prompt for scanning in Safe Mode.
  • It will then open a box There will be a tab that says Automatic scan.
  • Under Automatic scan make sure these are checked.
  • System Memory
  • Startup Objects
  • Disk Boot Sectors.
  • My Computer.
  • Also any other drives (Removable that you may have)
After that click on Security level then choose Customize then click on the tab that says Heuristic Analyzer then choose Enable Deep rootkit search then choose ok. Then choose OK again then you are back to the main screen.
  • Then click on Scan at the to right hand Corner. Please be patient while the scan completes. It may take a while.
  • It will automatically Neutralize any objects found.
  • If some objects are left un-neutralized then click the button that says Neutralize all
  • If it says it cannot be Neutralized then chooose The delete option when prompted.
  • When the scan is finished, click the Report... button in the lower middle, select Save to file..., and save it onto your desktop as "KasReport".
  • Close out of the program. When asked to uninstall, select Yes. <- Make sure you have save the log file on your desktop before uninstalling it.
  • Attach back with the KasReport in your next reply please.

Note: Please do not PM me asking for help, instead please post it in the correct forum requesting for help. Help requests via the PM system will be ignored.

If I'm helping you and I don't reply within 48 hours please feel free to send me a PM.

The help you receive here is always free but if you wish to show your appreciation, you may wish to Posted Image.




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users