Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Firefox is hijacked! Help!


  • This topic is locked This topic is locked
63 replies to this topic

#1 Jayson.T

Jayson.T

  • Members
  • 37 posts
  • OFFLINE
  •  
  • Local time:06:00 AM

Posted 30 October 2009 - 07:34 PM

Hello,

Yesterday Firefox would divert my Google searches to this address "67.201.36.16". This is really weird because whenever I try to do a search or visit a site, my browser gets diverted to another website. Sometimes it takes a few attempt to get to where I'm going. I tried various programs to get rid of whatever is causing the trouble (avast, AVG, spyware terminator, etc). I used a few programs and saved some text files to see if someone can help me. I'm going crazy!

OTL

OTL Extras logfile created on: 10/30/2009 7:50:40 PM - Run 1
OTL by OldTimer - Version 3.1.1.4 Folder = E:\
Windows Vista Home Basic Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
Internet Explorer (Version = 7.0.6002.18005)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

2.00 Gb Total Physical Memory | 1.36 Gb Available Physical Memory | 68.22% Memory free
4.00 Gb Paging File | 4.00 Gb Available in Paging File | 100.00% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 232.88 Gb Total Space | 34.03 Gb Free Space | 14.61% Space Free | Partition Type: NTFS
Drive D: | 465.76 Gb Total Space | 256.59 Gb Free Space | 55.09% Space Free | Partition Type: NTFS
Drive E: | 596.17 Gb Total Space | 74.10 Gb Free Space | 12.43% Space Free | Partition Type: NTFS
Drive F: | 465.76 Gb Total Space | 179.03 Gb Free Space | 38.44% Space Free | Partition Type: NTFS
G: Drive not present or media not loaded
H: Drive not present or media not loaded
Drive I: | 465.65 Gb Total Space | 162.43 Gb Free Space | 34.88% Space Free | Partition Type: FAT32

Computer Name: JAYSON-PC
Current User Name: Jayson
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: All users
Company Name Whitelist: On
Skip Microsoft Files: On
File Age = 14 Days
Output = Standard
Quick Scan

========== Extra Registry (SafeList) ==========


========== File Associations ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.chm [@ = chm.file] -- "%SystemRoot%\hh.exe" %1
.cpl [@ = cplfile] -- C:\Windows\System32\control.exe (Microsoft Corporation)
.hlp [@ = hlpfile] -- C:\Windows\winhlp32.exe (Microsoft Corporation)
.html [@ = Reg Error: Value error.] -- Reg Error: Key error. File not found

[HKEY_USERS\S-1-5-21-176149683-1902691030-2524617907-1000\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation)

========== Shell Spawning ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %* File not found
chm.file [open] -- "%SystemRoot%\hh.exe" %1 File not found
cmdfile [open] -- "%1" %* File not found
comfile [open] -- "%1" %* File not found
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %* File not found
helpfile [open] -- Reg Error: Key error.
hlpfile [open] -- %SystemRoot%\winhlp32.exe %1 (Microsoft Corporation)
htmlfile [edit] -- "C:\Program Files\Microsoft Office\Office12\msohtmed.exe" %1 (Microsoft Corporation)
htmlfile [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" -nohome (Microsoft Corporation)
htmlfile [opennew] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
htmlfile [print] -- "C:\Program Files\Microsoft Office\Office12\msohtmed.exe" /p %1 (Microsoft Corporation)
http [open] -- "C:\Program Files\Mozilla Firefox\firefox.exe" -requestPending -osint -url "%1" (Mozilla Corporation)
https [open] -- "C:\Program Files\Mozilla Firefox\firefox.exe" -requestPending -osint -url "%1" (Mozilla Corporation)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %* File not found
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1" File not found
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l (Microsoft Corporation)
scrfile [open] -- "%1" /S File not found
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1 File not found
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [OneNote.Open] -- C:\PROGRA~1\MICROS~3\Office12\ONENOTE.EXE "%L" (Microsoft Corporation)
Directory [Winamp.Bookmark] -- "C:\Program Files\Winamp\winamp.exe" /BOOKMARK "%1" (Nullsoft)
Directory [Winamp.Enqueue] -- "C:\Program Files\Winamp\winamp.exe" /ADD "%1" (Nullsoft)
Directory [Winamp.Play] -- "C:\Program Files\Winamp\winamp.exe" "%1" (Nullsoft)
Folder [open] -- %SystemRoot%\Explorer.exe /separate,/idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /separate,/e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Applications\iexplore.exe [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
CLSID\{871C5380-42A0-1069-A2EA-08002B30309D} [OpenHomePage] -- "C:\Program Files\Internet Explorer\iexplore.exe" (Microsoft Corporation)

========== Security Center Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
"VistaSp1" = Reg Error: Unknown registry data type -- File not found
"VistaSp2" = Reg Error: Unknown registry data type -- File not found

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1

========== Authorized Applications List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]
"C:\Program Files\Logitech\Logitech Harmony Remote Software 7\HarmonyRemote.exe" = C:\Program Files\Logitech\Logitech Harmony Remote Software 7\HarmonyRemote.exe:*:Enabled:Logitech Harmony Remote Software 7 -- ()

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"C:\Program Files\Logitech\Logitech Harmony Remote Software 7\HarmonyRemote.exe" = C:\Program Files\Logitech\Logitech Harmony Remote Software 7\HarmonyRemote.exe:*:Enabled:Logitech Harmony Remote Software 7 -- ()


========== Vista Active Open Ports Exception List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{3C8A840F-A286-4E7A-B4D3-23209DF0C47D}" = lport=6004 | protocol=17 | dir=in | app=c:\program files\microsoft office\office12\outlook.exe |

========== Vista Active Application Exception List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{19BA3E8D-C184-4C11-8C21-3B1C3FF13464}" = dir=in | app=c:\program files\avg\avg8\avgemc.exe |
"{1BEFF9BB-2380-45C3-A6D5-DD54B4FADC66}" = protocol=6 | dir=in | app=c:\program files\logitech\desktop messenger\8876480\program\logitechdesktopmessenger.exe |
"{206FE632-421D-4574-A3F9-4BC8ECC9AB6C}" = protocol=17 | dir=in | app=c:\program files\logitech\desktop messenger\8876480\program\logitechdesktopmessenger.exe |
"{2880837D-1B09-4A0E-B5D0-CF7C9454FCB2}" = protocol=6 | dir=in | app=c:\program files\microsoft office\office12\onenote.exe |
"{350100E3-81EC-4F11-A332-63967AD09EFE}" = protocol=6 | dir=in | app=c:\program files\logitech\desktop messenger\8876480\program\logitechdesktopmessenger.exe |
"{3BD2C652-A331-46E6-B68E-6AF6A20F9D26}" = protocol=6 | dir=in | app=c:\program files\microsoft office\office12\groove.exe |
"{5E43A3AF-883C-488F-9253-0505E60F064A}" = dir=in | app=c:\program files\avg\avg8\avgupd.exe |
"{868D6A05-F0FF-4185-B911-78290889FB4B}" = protocol=17 | dir=in | app=c:\program files\apexdc++\apexdc.exe |
"{8E1B90C4-455C-4198-BD59-BB25C3F6D1A7}" = protocol=17 | dir=in | app=c:\program files\logitech\desktop messenger\8876480\program\logitechdesktopmessenger.exe |
"{967A34B7-2DB9-4018-AE1F-EA0ECFBEA097}" = dir=in | app=c:\program files\avg\avg9\avgnsx.exe |
"{A636903D-B633-4038-97C0-CB1DED67DDEF}" = protocol=6 | dir=in | app=c:\program files\apexdc++\apexdc.exe |
"{A85E0A5C-D61E-4FBD-9E4D-DAEFF3BDCBE1}" = protocol=6 | dir=in | app=c:\program files\logitech\desktop messenger\8876480\program\logitechdesktopmessenger.exe |
"{A9746ED2-9A0E-48B7-92BD-2B0D21A9E57E}" = protocol=17 | dir=in | app=c:\program files\microsoft office\office12\groove.exe |
"{AE6BDACE-30FC-4AD6-A3B3-1BE9857471BF}" = protocol=17 | dir=in | app=c:\program files\microsoft office\office12\onenote.exe |
"{F98B755B-B78D-4DA3-9DF5-692C05B8ABD3}" = protocol=17 | dir=in | app=c:\program files\logitech\desktop messenger\8876480\program\logitechdesktopmessenger.exe |
"TCP Query User{2ED97CCF-90DA-43DF-ABCA-4CB1E1B55533}C:\program files\azureus\azureus.exe" = protocol=6 | dir=in | app=c:\program files\azureus\azureus.exe |
"UDP Query User{15BA97AA-1597-44FF-94DF-139BDA125635}C:\program files\azureus\azureus.exe" = protocol=17 | dir=in | app=c:\program files\azureus\azureus.exe |

========== HKEY_LOCAL_MACHINE Uninstall List ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{0217E1D1-BCEF-4A61-AF6D-F7740F65A066}" = Pivot Software
"{03EF7BEF-2971-86E6-01B7-A1CF2A8E46EF}" = CCC Help Polish
"{0DEA342C-15CB-4F52-97B6-06A9C4B9C06F}" = SDK
"{13F3917B56CD4C25848BDC69916971BB}" = DivX Converter
"{15733AD1-1CEF-459A-9245-0924FC63BDD5}" = HP My Display
"{18D10072035C4515918F7E37EAFAACFC}" = AutoUpdate
"{1E99F5D7-4262-4C7C-9135-F066E7485811}" = System Requirements Lab
"{235D42FE-12E5-3FC1-EB60-5C47FA8F11A0}" = CCC Help Russian
"{27CC6AB1-E72B-4179-AF1A-EAE507EBAF51}_is1" = ConvertHelper 2.2
"{309CB654-D22D-00A2-AC81-33DD15BE2A57}" = Catalyst Control Center Graphics Full Existing
"{3193874E-D54E-D5F3-5FA1-72754556CA97}" = CCC Help Greek
"{3248F0A8-6813-11D6-A77B-00B0D0160030}" = Java™ 6 Update 3
"{331703D6-85B7-0895-0779-3961F1EFFF50}" = CCC Help Chinese Traditional
"{350568BE-FACA-410A-E6D1-CA9C56A6121E}" = Catalyst Control Center Graphics Previews Vista
"{3900B777-6C28-656D-084B-4935A8F06121}" = Catalyst Control Center Localization All
"{3FC7CBBC4C1E11DCA1A752EA55D89593}" = DivX Version Checker
"{4160A4F1-6E56-939F-68B8-000E3504B1FF}" = CCC Help Danish
"{4394DC3A-5DAC-4C80-A86E-FF462D0AD653}" = Windows 7 Upgrade Advisor Beta
"{47017FA8-0013-158A-0D6B-EB45FF271B16}" = ccc-utility
"{4A16B718-2D0A-2454-5C06-F417D8451111}" = Catalyst Control Center Core Implementation
"{4CADC6E3-9F87-24A9-077C-D794F1B053B2}" = CCC Help Thai
"{50F26BDF-663A-8B7F-3DA9-F827EACE1C75}" = CCC Help Norwegian
"{5AAEF314-CE99-2F9B-EA5D-5F92EDDA6F63}" = Catalyst Control Center Graphics Light
"{5C6F884D-680C-448B-B4C9-22296EE1B206}" = Logitech Harmony Remote Software 7
"{5EE7D259-D137-4438-9A5F-42F432EC0421}" = VC80CRTRedist - 8.0.50727.4053
"{6EE1247E-DFA0-0263-C11C-83C469B3ABF8}" = CCC Help German
"{6EF12580-7754-DF7C-0269-E808ECEED486}" = CCC Help Chinese Standard
"{763D327B-967F-8065-0A01-ECC8EAE1B447}" = CCC Help Dutch
"{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
"{7B63B2922B174135AFC0E1377DD81EC2}" = DivX Codec
"{837b34e3-7c30-493c-8f6a-2b0f04e2912c}" = Microsoft Visual C++ 2005 Redistributable
"{8471021C-F529-43DE-84DF-3612E10F58C4}" = Remote Control USB Driver
"{8492247F-41D8-0CC1-12A1-597713B6C93C}" = Catalyst Control Center Graphics Full New
"{852E9957-9BD1-74E4-1DD9-FF343A80330E}" = CCC Help Czech
"{8654A489-C4BC-E04C-3958-8F5E04FFD070}" = CCC Help Spanish
"{8833FFB6-5B0C-4764-81AA-06DFEED9A476}" = Realtek 8136 8168 8169 Ethernet Driver
"{8ADFC4160D694100B5B8A22DE9DCABD9}" = DivX Player
"{900B1197-53F5-4F46-A882-2CFFFE2EEDCB}" = Logitech Desktop Messenger
"{90120000-0015-0409-0000-0000000FF1CE}" = Microsoft Office Access MUI (English) 2007
"{90120000-0016-0409-0000-0000000FF1CE}" = Microsoft Office Excel MUI (English) 2007
"{90120000-0018-0409-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (English) 2007
"{90120000-0019-0409-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (English) 2007
"{90120000-001A-0409-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (English) 2007
"{90120000-001B-0409-0000-0000000FF1CE}" = Microsoft Office Word MUI (English) 2007
"{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007
"{90120000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2007
"{90120000-001F-0C0A-0000-0000000FF1CE}" = Microsoft Office Proof (Spanish) 2007
"{90120000-002C-0409-0000-0000000FF1CE}" = Microsoft Office Proofing (English) 2007
"{90120000-0044-0409-0000-0000000FF1CE}" = Microsoft Office InfoPath MUI (English) 2007
"{90120000-006E-0409-0000-0000000FF1CE}" = Microsoft Office Shared MUI (English) 2007
"{90120000-00A1-0409-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (English) 2007
"{90120000-00BA-0409-0000-0000000FF1CE}" = Microsoft Office Groove MUI (English) 2007
"{90120000-0114-0409-0000-0000000FF1CE}" = Microsoft Office Groove Setup Metadata MUI (English) 2007
"{90120000-0115-0409-0000-0000000FF1CE}" = Microsoft Office Shared Setup Metadata MUI (English) 2007
"{90120000-0117-0409-0000-0000000FF1CE}" = Microsoft Office Access Setup Metadata MUI (English) 2007
"{91120000-002E-0000-0000-0000000FF1CE}" = Microsoft Office Ultimate 2007
"{A96E97134CA649888820BCDE5E300BBD}" = H.264 Decoder
"{AAC389499AEF40428987B3D30CFC76C9}" = MKV Splitter
"{AB4DD959-B40F-0ADC-2DDC-ACD27B0A63A7}" = CCC Help Portuguese
"{AC76BA86-7AD7-1033-7B44-A92000000001}" = Adobe Reader 9.2
"{AEF9DC35ADDF4825B049ACBFD1C6EB37}" = AAC Decoder
"{B13A7C41581B411290FBC0395694E2A9}" = DivX Converter
"{B7050CBDB2504B34BC2A9CA0A692CC29}" = DivX Web Player
"{B78D05B8-A2CB-AFB5-EBE8-6D511CDE9D71}" = CCC Help French
"{BC60C9D1-F090-401A-92C3-AB3589AE408E}" = CCC Help Japanese
"{BE11147E-3214-946D-7FF1-8B21F61B1E7C}" = CCC Help Hungarian
"{C15B6175-689A-4D97-A42C-7225353F60A7}" = Linksys Updater
"{C2A9C74C-8B70-3A42-886B-2DD589566E9E}" = CCC Help Italian
"{C3B0668C-8D6F-EF3B-8EC4-EFA20CA9032F}" = CCC Help Turkish
"{C3CBE4AD-CC84-484F-8E44-CFB303BFDA4D}" = SRS Audio Sandbox
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{D33109EB-CD82-BD75-EC71-26EDC457F8DA}" = Skins
"{DB0A8A2A-4EA7-4FE3-802E-8A6DEE32696C}_is1" = Orban/Coding Technologies AAC/aacPlus Player Plugin™ 1.0
"{E06C8E13-7A8C-434C-8548-34BC4762212D}" = Logitech Harmony Remote Software 7
"{E0DB10D1-51D9-EB84-0CA0-6F8A612D6244}" = Catalyst Control Center InstallProxy
"{EC8753CB-C602-04A8-769C-D3C6CBBE7D13}" = CCC Help Finnish
"{EDAAC628-5477-1019-5614-3313AADC9B99}" = ATI Catalyst Install Manager
"{EEF26926-C79F-F45C-614A-DACDA01CBE7A}" = CCC Help English
"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
"{F2BF53B2-7399-67FC-951F-C969FC2E2669}" = CCC Help Korean
"{F65E63DB-41E6-8642-4B08-391A5EFB04DE}" = ccc-core-static
"{F7617C85-9A67-D1CD-2EC3-6D5EB8E96174}" = CCC Help Swedish
"8461-7759-5462-8226" = Vuze
"AC3Filter" = AC3Filter (remove only)
"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin
"Adobe Shockwave Player" = Adobe Shockwave Player
"ApexDC++" = ApexDC++ 1.2.1
"Ask Toolbar_is1" = Vuze Toolbar
"avast!" = avast! Antivirus
"AVG9Uninstall" = AVG Free 9.0
"CanonMyPrinter" = Canon Utilities My Printer
"CCleaner" = CCleaner
"CDisplay_is1" = CDisplay 1.8
"CToolbar_UNINSTALL" = Crawler Toolbar with Web Security Guard
"DivX Plus DirectShow Filters" = DivX Plus DirectShow Filters
"FLV Player" = FLV Player 2.0, build 24
"GOM Player" = GOM Player
"KLiteCodecPack_is1" = K-Lite Codec Pack 5.1.6 (Full)
"MagicDisc 2.7.106" = MagicDisc 2.7.106
"Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"Mozilla Firefox (3.5.4)" = Mozilla Firefox (3.5.4)
"Spyware Terminator_is1" = Spyware Terminator
"SpywareBlaster_is1" = SpywareBlaster 4.2
"ULTIMATER" = Microsoft Office Ultimate 2007
"VLC media player" = VideoLAN VLC media player 0.8.6a
"Winamp" = Winamp
"WinPcapInst" = WinPcap 4.0.2
"WinRAR archiver" = WinRAR archiver
"Yahoo! Companion" = Yahoo! Toolbar
"Zoomquilt Screensaver.scr" = Zoomquilt Screensaver

========== Last 10 Event Log Errors ==========

[ Application Events ]
Error - 10/29/2009 4:34:03 PM | Computer Name = Jayson-PC | Source = Windows Search Service | ID = 3013
Description =

Error - 10/29/2009 4:34:03 PM | Computer Name = Jayson-PC | Source = Windows Search Service | ID = 3013
Description =

Error - 10/29/2009 10:29:56 PM | Computer Name = Jayson-PC | Source = Application Hang | ID = 1002
Description = The program setup.exe version 9.0.0.698 stopped interacting with Windows
and was closed. To see if more information about the problem is available, check
the problem history in the Problem Reports and Solutions control panel. Process
ID: ca0 Start Time: 01ca5907e35245ae Termination Time: 16

Error - 10/30/2009 3:42:36 AM | Computer Name = Jayson-PC | Source = Application Error | ID = 1000
Description = Faulting application iexplore.exe, version 7.0.6002.18005, time stamp
0x49e01e78, faulting module ctbr.dll_unloaded, version 0.0.0.0, time stamp 0x49830fa8,
exception code 0xc0000005, fault offset 0x0374f024, process id 0x1028, application
start time 0x01ca59342542f395.

Error - 10/30/2009 3:42:52 AM | Computer Name = Jayson-PC | Source = Application Error | ID = 1000
Description = Faulting application iexplore.exe, version 7.0.6002.18005, time stamp
0x49e01e78, faulting module ctbr.dll_unloaded, version 0.0.0.0, time stamp 0x49830fa8,
exception code 0xc0000005, fault offset 0x0371f024, process id 0xad4, application
start time 0x01ca593468532a15.

Error - 10/30/2009 3:46:35 AM | Computer Name = Jayson-PC | Source = Application Error | ID = 1000
Description = Faulting application iexplore.exe, version 7.0.6002.18005, time stamp
0x49e01e78, faulting module ctbr.dll_unloaded, version 0.0.0.0, time stamp 0x49830fa8,
exception code 0xc0000005, fault offset 0x0462f024, process id 0x10ac, application
start time 0x01ca593499d69455.

Error - 10/30/2009 3:48:37 AM | Computer Name = Jayson-PC | Source = Application Error | ID = 1000
Description = Faulting application iexplore.exe, version 7.0.6002.18005, time stamp
0x49e01e78, faulting module ctbr.dll_unloaded, version 0.0.0.0, time stamp 0x49830fa8,
exception code 0xc0000005, fault offset 0x0450f024, process id 0x1040, application
start time 0x01ca593493486af5.

Error - 10/30/2009 3:48:58 AM | Computer Name = Jayson-PC | Source = Application Error | ID = 1000
Description = Faulting application iexplore.exe, version 7.0.6002.18005, time stamp
0x49e01e78, faulting module ctbr.dll_unloaded, version 0.0.0.0, time stamp 0x49830fa8,
exception code 0xc0000005, fault offset 0x042df024, process id 0x15c8, application
start time 0x01ca5935676b2665.

Error - 10/30/2009 3:49:07 AM | Computer Name = Jayson-PC | Source = Application Error | ID = 1000
Description = Faulting application iexplore.exe, version 7.0.6002.18005, time stamp
0x49e01e78, faulting module ctbr.dll_unloaded, version 0.0.0.0, time stamp 0x49830fa8,
exception code 0xc0000005, fault offset 0x037bf024, process id 0x176c, application
start time 0x01ca59351fb92d35.

Error - 10/30/2009 4:01:28 AM | Computer Name = Jayson-PC | Source = Application Error | ID = 1000
Description = Faulting application Maxthon.exe, version 2.5.9.2246, time stamp 0x4ae16f36,
faulting module Maxthon.exe, version 2.5.9.2246, time stamp 0x4ae16f36, exception
code 0xc0000005, fault offset 0x000292c8, process id 0x110c, application start time
0x01ca593616e01c95.

[ System Events ]
Error - 10/15/2009 10:10:30 PM | Computer Name = Jayson-PC | Source = Service Control Manager | ID = 7000
Description =

Error - 10/18/2009 7:38:30 PM | Computer Name = Jayson-PC | Source = EventLog | ID = 6008
Description = The previous system shutdown at 7:37:03 PM on 10/18/2009 was unexpected.

Error - 10/28/2009 7:42:34 PM | Computer Name = Jayson-PC | Source = EventLog | ID = 6008
Description = The previous system shutdown at 7:39:34 PM on 10/28/2009 was unexpected.

Error - 10/29/2009 7:40:19 AM | Computer Name = Jayson-PC | Source = Service Control Manager | ID = 7034
Description =

Error - 10/29/2009 3:02:35 PM | Computer Name = Jayson-PC | Source = EventLog | ID = 6008
Description = The previous system shutdown at 3:00:18 PM on 10/29/2009 was unexpected.

Error - 10/29/2009 3:12:37 PM | Computer Name = Jayson-PC | Source = EventLog | ID = 6008
Description = The previous system shutdown at 3:10:08 PM on 10/29/2009 was unexpected.

Error - 10/29/2009 10:12:38 PM | Computer Name = Jayson-PC | Source = Service Control Manager | ID = 7024
Description =

Error - 10/29/2009 10:12:38 PM | Computer Name = Jayson-PC | Source = Service Control Manager | ID = 7001
Description =

Error - 10/29/2009 10:21:14 PM | Computer Name = Jayson-PC | Source = WinDefend | ID = 2004
Description = %%827 has encountered an error trying to load signatures and will
attempt reverting back to a known-good set of signatures. Signatures Attempted: %%824

Error
Code: 0x8050a001 Error description: The program can't find definition files that
help detect unwanted software. Check for updates to the definition files, and then
try again. For information on installing updates, see Help and Support. Signatures
loading: %%825 Loading signature version: 1.69.18.0 Loading engine version: 1.1.5101.0

Error - 10/30/2009 4:44:54 PM | Computer Name = Jayson-PC | Source = EventLog | ID = 6008
Description = The previous system shutdown at 4:42:25 PM on 10/30/2009 was unexpected.


< End of report >

OTL logfile created on: 10/30/2009 7:50:40 PM - Run 1
OTL by OldTimer - Version 3.1.1.4 Folder = E:\
Windows Vista Home Basic Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
Internet Explorer (Version = 7.0.6002.18005)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

2.00 Gb Total Physical Memory | 1.36 Gb Available Physical Memory | 68.22% Memory free
4.00 Gb Paging File | 4.00 Gb Available in Paging File | 100.00% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 232.88 Gb Total Space | 34.03 Gb Free Space | 14.61% Space Free | Partition Type: NTFS
Drive D: | 465.76 Gb Total Space | 256.59 Gb Free Space | 55.09% Space Free | Partition Type: NTFS
Drive E: | 596.17 Gb Total Space | 74.10 Gb Free Space | 12.43% Space Free | Partition Type: NTFS
Drive F: | 465.76 Gb Total Space | 179.03 Gb Free Space | 38.44% Space Free | Partition Type: NTFS
G: Drive not present or media not loaded
H: Drive not present or media not loaded
Drive I: | 465.65 Gb Total Space | 162.43 Gb Free Space | 34.88% Space Free | Partition Type: FAT32

Computer Name: JAYSON-PC
Current User Name: Jayson
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: All users
Company Name Whitelist: On
Skip Microsoft Files: On
File Age = 14 Days
Output = Standard
Quick Scan

========== Processes (SafeList) ==========

PRC - [2009/10/30 19:48:47 | 00,526,336 | ---- | M] (OldTimer Tools) -- E:\OTL.exe
PRC - [2009/10/29 22:33:42 | 02,010,904 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG9\avgtray.exe
PRC - [2009/10/29 22:33:30 | 00,906,520 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG9\avgemc.exe
PRC - [2009/10/29 22:33:25 | 00,285,392 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG9\avgwdsvc.exe
PRC - [2009/10/29 08:43:03 | 01,055,000 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG9\avgchsvx.exe
PRC - [2009/10/29 08:43:01 | 00,600,344 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG9\avgnsx.exe
PRC - [2009/10/29 08:43:00 | 00,502,040 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG9\avgrsx.exe
PRC - [2009/10/29 08:42:58 | 00,702,744 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG9\avgcsrvx.exe
PRC - [2009/10/29 08:42:58 | 00,702,744 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG9\avgcsrvx.exe
PRC - [2009/10/16 16:07:56 | 00,908,280 | ---- | M] (Mozilla Corporation) -- C:\Program Files\Mozilla Firefox\firefox.exe
PRC - [2009/10/05 21:22:44 | 00,067,128 | ---- | M] (Logitech Inc.) -- C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe
PRC - [2009/10/04 18:16:37 | 07,758,840 | ---- | M] (http://cryptload.info) -- E:\CryptLoad_1.1.6\CryptLoad_1.1.6\CryptLoad.exe
PRC - [2009/10/03 23:27:24 | 00,540,672 | ---- | M] (Crawler.com) -- C:\Program Files\Spyware Terminator\sp_rsser.exe
PRC - [2009/10/03 23:27:22 | 02,233,856 | ---- | M] (Crawler.com) -- C:\Program Files\Spyware Terminator\SpywareTerminatorShield.Exe
PRC - [2009/10/03 18:40:38 | 03,215,360 | ---- | M] (SRS Labs, Inc.) -- E:\misc\SRSSSC.exe
PRC - [2009/09/15 06:56:48 | 00,081,000 | ---- | M] (ALWIL Software) -- C:\Program Files\Alwil Software\Avast4\ashDisp.exe
PRC - [2009/09/15 06:56:43 | 00,138,680 | ---- | M] (ALWIL Software) -- C:\Program Files\Alwil Software\Avast4\ashServ.exe
PRC - [2009/09/15 06:56:28 | 00,254,040 | ---- | M] (ALWIL Software) -- C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
PRC - [2009/09/15 06:54:13 | 00,352,920 | ---- | M] (ALWIL Software) -- C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
PRC - [2009/09/15 06:49:40 | 00,018,752 | ---- | M] (ALWIL Software) -- C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
PRC - [2009/08/27 16:23:48 | 02,457,600 | ---- | M] (Trend Micro Inc.) -- E:\RootkitBuster_2.80.1071\RootkitBuster.exe
PRC - [2009/07/21 02:10:00 | 01,983,816 | ---- | M] (CANON INC.) -- C:\Program Files\Canon\MyPrinter\BJMYPRT.EXE
PRC - [2009/06/03 15:47:36 | 00,348,160 | ---- | M] (AMD) -- C:\Windows\System32\atieclxx.exe
PRC - [2009/06/03 15:47:06 | 00,176,128 | ---- | M] (AMD) -- C:\Windows\System32\atiesrxx.exe
PRC - [2009/06/02 06:29:34 | 07,518,752 | ---- | M] (Realtek Semiconductor) -- C:\Program Files\Realtek\Audio\HDA\RtHDVCpl.exe
PRC - [2009/04/22 17:38:50 | 00,065,536 | ---- | M] (Advanced Micro Devices Inc.) -- C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
PRC - [2009/04/22 17:37:16 | 00,065,536 | ---- | M] (ATI Technologies Inc.) -- C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CCC.exe
PRC - [2009/04/10 23:28:04 | 01,233,920 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Windows Sidebar\sidebar.exe
PRC - [2009/04/10 23:27:38 | 02,926,592 | ---- | M] (Microsoft Corporation) -- C:\Windows\explorer.exe
PRC - [2009/04/02 12:47:04 | 00,234,888 | ---- | M] () -- C:\Program Files\AskBarDis\bar\bin\ASKUpgrade.exe
PRC - [2009/04/02 12:47:02 | 00,464,264 | ---- | M] () -- C:\Program Files\AskBarDis\bar\bin\AskService.exe
PRC - [2008/07/14 14:45:16 | 00,336,384 | ---- | M] (Portrait Displays, Inc) -- C:\Program Files\Portrait Displays\HP My Display\dthtml.exe
PRC - [2008/07/14 14:43:04 | 00,069,632 | ---- | M] () -- C:\Program Files\Common Files\Portrait Displays\Shared\DTSRVC.exe
PRC - [2008/07/14 14:42:56 | 00,114,688 | ---- | M] (Portrait Displays Inc.) -- C:\Program Files\Common Files\Portrait Displays\Shared\HookManager.exe
PRC - [2008/01/18 23:38:40 | 01,008,184 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Windows Defender\MSASCui.exe
PRC - [2008/01/15 10:28:20 | 00,204,800 | ---- | M] () -- C:\Program Files\Linksys\Linksys Updater\bin\LinksysUpdater.exe
PRC - [2007/09/25 01:11:35 | 00,132,496 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe
PRC - [2007/09/24 22:30:28 | 00,135,168 | ---- | M] (Sun Microsystems, Inc.) -- C:\Windows\System32\java.exe
PRC - [2007/02/09 13:17:30 | 00,694,008 | ---- | M] () -- C:\Program Files\Portrait Displays\Pivot Software\Floater.exe
PRC - [2007/02/09 13:17:26 | 00,694,008 | ---- | M] () -- C:\Program Files\Portrait Displays\Pivot Software\wpCtrl.exe


========== Win32 Services (SafeList) ==========

SRV - [2009/10/29 22:33:30 | 00,906,520 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG9\avgemc.exe
SRV - [2009/10/29 22:33:25 | 00,285,392 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG9\avgwdsvc.exe
SRV - [2009/10/03 23:27:24 | 00,540,672 | ---- | M] (Crawler.com) -- C:\Program Files\Spyware Terminator\sp_rsser.exe
SRV - [2009/09/15 06:56:43 | 00,138,680 | ---- | M] (ALWIL Software) -- C:\Program Files\Alwil Software\Avast4\ashServ.exe
SRV - [2009/09/15 06:56:28 | 00,254,040 | ---- | M] (ALWIL Software) -- C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
SRV - [2009/09/15 06:54:13 | 00,352,920 | ---- | M] (ALWIL Software) -- C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
SRV - [2009/09/15 06:49:40 | 00,018,752 | ---- | M] (ALWIL Software) -- C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
SRV - [2009/06/03 15:47:06 | 00,176,128 | ---- | M] (AMD) -- C:\Windows\System32\atiesrxx.exe
SRV - [2009/04/10 23:28:26 | 01,017,856 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\wevtsvc.dll
SRV - [2009/04/02 12:47:04 | 00,234,888 | ---- | M] () -- C:\Program Files\AskBarDis\bar\bin\ASKUpgrade.exe
SRV - [2009/04/02 12:47:02 | 00,464,264 | ---- | M] () -- C:\Program Files\AskBarDis\bar\bin\AskService.exe
SRV - [2009/03/29 21:42:16 | 00,066,368 | ---- | M] (Microsoft Corporation) -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
SRV - [2009/02/18 11:39:22 | 00,043,904 | ---- | M] (Microsoft Corporation) -- C:\Windows\Microsoft.NET\Framework\v3.0\WPF\PresentationFontCache.exe
SRV - [2009/02/18 11:38:44 | 00,879,448 | ---- | M] (Microsoft Corporation) -- C:\Windows\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe
SRV - [2009/02/18 11:38:44 | 00,129,880 | ---- | M] (Microsoft Corporation) -- C:\Windows\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe
SRV - [2008/07/14 14:43:04 | 00,069,632 | ---- | M] () -- C:\Program Files\Common Files\Portrait Displays\Shared\DTSRVC.exe
SRV - [2008/01/18 23:38:26 | 00,272,952 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Windows Defender\MpSvc.dll
SRV - [2008/01/18 23:33:40 | 00,896,512 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Windows Media Player\wmpnetwk.exe
SRV - [2008/01/15 10:28:20 | 00,204,800 | ---- | M] () -- C:\Program Files\Linksys\Linksys Updater\bin\LinksysUpdater.exe
SRV - [2007/11/06 16:22:26 | 00,092,792 | ---- | M] (CACE Technologies) -- C:\Program Files\WinPcap\rpcapd.exe
SRV - [2006/10/26 19:49:34 | 00,441,136 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE
SRV - [2006/10/26 14:03:08 | 00,145,184 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE


========== Modules (SafeList) ==========

MOD - [2009/10/30 19:48:47 | 00,526,336 | ---- | M] (OldTimer Tools) -- E:\OTL.exe
MOD - [2009/10/29 22:34:21 | 00,012,464 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Windows\System32\avgrsstx.dll
MOD - [2009/07/17 09:54:43 | 00,071,680 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\atl.dll
MOD - [2009/04/10 23:28:26 | 01,077,248 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\vssapi.dll
MOD - [2009/04/10 23:28:26 | 00,142,336 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\spp.dll
MOD - [2009/04/10 23:28:20 | 00,079,872 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\authz.dll
MOD - [2009/04/10 23:21:40 | 01,686,016 | ---- | M] (Microsoft Corporation) -- C:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.6002.18005_none_5cb72f96088b0de0\comctl32.dll
MOD - [2008/01/18 23:37:14 | 00,183,296 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\xmllite.dll
MOD - [2008/01/18 23:36:50 | 00,069,120 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\vsstrace.dll
MOD - [2008/01/18 23:36:36 | 00,040,960 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\srclient.dll


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL = [binary data]
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Extensions Off Page = about:NoAdd-ons
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Security Risk Page = about:SecurityRisk
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157


IE - HKU\.DEFAULT\..\URLSearchHook: {A3BC75A2-1F87-4686-AA43-5347D756017C} - C:\Program Files\AVG\AVG9\Toolbar\IEToolbar.dll ()
IE - HKU\.DEFAULT\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-18\..\URLSearchHook: {A3BC75A2-1F87-4686-AA43-5347D756017C} - C:\Program Files\AVG\AVG9\Toolbar\IEToolbar.dll ()
IE - HKU\S-1-5-18\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0



IE - HKU\S-1-5-21-176149683-1902691030-2524617907-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\system32\blank.htm
IE - HKU\S-1-5-21-176149683-1902691030-2524617907-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
IE - HKU\S-1-5-21-176149683-1902691030-2524617907-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
IE - HKU\S-1-5-21-176149683-1902691030-2524617907-1000\SOFTWARE\Microsoft\Internet Explorer\Main,StartPageCache = 1
IE - HKU\S-1-5-21-176149683-1902691030-2524617907-1000\..\URLSearchHook: {A3BC75A2-1F87-4686-AA43-5347D756017C} - C:\Program Files\AVG\AVG9\Toolbar\IEToolbar.dll ()
IE - HKU\S-1-5-21-176149683-1902691030-2524617907-1000\..\URLSearchHook: {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll (Yahoo! Inc.)
IE - HKU\S-1-5-21-176149683-1902691030-2524617907-1000\S-1-5-21-176149683-1902691030-2524617907-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

========== FireFox ==========

FF - prefs.js..browser.startup.homepage: "http://www.yahoo.com/"
FF - prefs.js..extensions.enabledItems: {DCBD1271-D228-4082-9FBC-36D9B7660B03}:1.1.8
FF - prefs.js..extensions.enabledItems: {d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}:1.1.1
FF - prefs.js..extensions.enabledItems: {3f963a5b-e555-4543-90e2-c3908898db71}:9.0.0.696
FF - prefs.js..extensions.enabledItems: {b9db16a4-6edc-47ec-a1f4-b86292ed211d}:4.6.4
FF - prefs.js..extensions.enabledItems: {c0c9a2c7-2e5c-4447-bc53-97718bc91e1b}:1.8
FF - prefs.js..extensions.enabledItems: {c50ca3c4-5656-43c2-a061-13e717f73fc8}:3.0.5
FF - prefs.js..extensions.enabledItems: firedownload@mozilla.org:1.1.7
FF - prefs.js..extensions.enabledItems: {77b819fa-95ad-4f2c-ac7c-486b356188a9}:1.5.20090525
FF - prefs.js..extensions.enabledItems: {20a82645-c095-46ed-80e3-08825760534b}:0.0.0
FF - prefs.js..extensions.enabledItems: {35106bca-6c78-48c7-ac28-56df30b51d2d}:1.2.3
FF - prefs.js..extensions.enabledItems: enquiries@retailmenot.com:2.3
FF - prefs.js..extensions.enabledItems: {972ce4c6-7e08-4474-a285-3208198ce6fd}:3.5.4


FF - HKLM\software\mozilla\Firefox\Extensions\\avg@igeared: C:\Program Files\AVG\AVG9\Toolbar\Firefox\avg@igeared [2009/10/29 22:34:10 | 00,000,000 | ---D | M]
FF - HKLM\software\mozilla\Firefox\Extensions\\{20a82645-c095-46ed-80e3-08825760534b}: C:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\ File not found
FF - HKLM\software\mozilla\Firefox\Extensions\\{3f963a5b-e555-4543-90e2-c3908898db71}: C:\Program Files\AVG\AVG9\Firefox [2009/10/29 22:33:20 | 00,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.5.4\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2009/10/30 04:01:58 | 00,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.5.4\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2009/10/30 04:01:46 | 00,000,000 | ---D | M]

C:\Users\Jayson\AppData\Roaming\Mozilla\Extensions -> [2009/10/03 00:39:37 | 00,000,000 | ---D | M] --
C:\Users\Jayson\AppData\Roaming\Mozilla\Extensions\{ec8030f7-c20a-464f-9b0e-13a3a9e97384} -> [2009/10/03 00:39:37 | 00,000,000 | ---D | M] --
C:\Users\Jayson\AppData\Roaming\Mozilla\Firefox\Profiles\s0073huz.default\extensions -> [2009/10/30 17:56:26 | 00,000,000 | ---D | M] --
C:\Users\Jayson\AppData\Roaming\Mozilla\Firefox\Profiles\s0073huz.default\extensions\{35106bca-6c78-48c7-ac28-56df30b51d2d} -> [2009/10/03 21:33:56 | 00,000,000 | ---D | M] --
C:\Users\Jayson\AppData\Roaming\Mozilla\Firefox\Profiles\s0073huz.default\extensions\{635abd67-4fe9-1b23-4f01-e679fa7484c1} -> [2009/10/29 22:33:15 | 00,000,000 | ---D | M] --
C:\Users\Jayson\AppData\Roaming\Mozilla\Firefox\Profiles\s0073huz.default\extensions\{77b819fa-95ad-4f2c-ac7c-486b356188a9} -> [2009/10/03 01:23:14 | 00,000,000 | ---D | M] --
C:\Users\Jayson\AppData\Roaming\Mozilla\Firefox\Profiles\s0073huz.default\extensions\{b9db16a4-6edc-47ec-a1f4-b86292ed211d} -> [2009/10/08 19:40:31 | 00,000,000 | ---D | M] --
C:\Users\Jayson\AppData\Roaming\Mozilla\Firefox\Profiles\s0073huz.default\extensions\{b9db16a4-6edc-47ec-a1f4-b86292ed211d}-trash -> [2009/10/08 19:40:31 | 00,000,000 | ---D | M] --
C:\Users\Jayson\AppData\Roaming\Mozilla\Firefox\Profiles\s0073huz.default\extensions\{c0c9a2c7-2e5c-4447-bc53-97718bc91e1b} -> [2009/10/13 22:29:07 | 00,000,000 | ---D | M] --
C:\Users\Jayson\AppData\Roaming\Mozilla\Firefox\Profiles\s0073huz.default\extensions\{c50ca3c4-5656-43c2-a061-13e717f73fc8} -> [2009/10/12 22:10:15 | 00,000,000 | ---D | M] --
C:\Users\Jayson\AppData\Roaming\Mozilla\Firefox\Profiles\s0073huz.default\extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d} -> [2009/10/03 22:00:30 | 00,000,000 | ---D | M] --
C:\Users\Jayson\AppData\Roaming\Mozilla\Firefox\Profiles\s0073huz.default\extensions\{DCBD1271-D228-4082-9FBC-36D9B7660B03} -> [2009/10/03 01:23:14 | 00,000,000 | ---D | M] --
C:\Users\Jayson\AppData\Roaming\Mozilla\Firefox\Profiles\s0073huz.default\extensions\{DDC359D1-844A-42a7-9AA1-88A850A938A8}(126) -> [2009/10/28 22:32:57 | 00,000,000 | ---D | M] --
C:\Users\Jayson\AppData\Roaming\Mozilla\Firefox\Profiles\s0073huz.default\extensions\enquiries@retailmenot.com -> [2009/10/08 20:03:28 | 00,000,000 | ---D | M] --
C:\Users\Jayson\AppData\Roaming\Mozilla\Firefox\Profiles\s0073huz.default\extensions\firedownload@mozilla.org -> [2009/10/04 14:33:19 | 00,000,000 | ---D | M] --
C:\Program Files\Mozilla Firefox\extensions -> [2009/10/30 04:02:13 | 00,000,000 | ---D | M] --
C:\Program Files\Mozilla Firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd} -> [2009/10/30 04:01:48 | 00,000,000 | ---D | M] --
[2009/10/16 16:08:14 | 00,023,544 | ---- | M] (Mozilla Foundation) -- C:\Program Files\Mozilla Firefox\components\browserdirprovider.dll
[2009/10/16 16:08:15 | 00,137,208 | ---- | M] (Mozilla Foundation) -- C:\Program Files\Mozilla Firefox\components\brwsrcmp.dll
[2009/10/16 16:08:16 | 00,065,016 | ---- | M] (mozilla.org) -- C:\Program Files\Mozilla Firefox\plugins\npnul32.dll
[2009/10/16 13:58:44 | 00,001,394 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\amazondotcom.xml
[2009/10/16 13:58:44 | 00,002,193 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\answers.xml
[2009/10/16 13:58:44 | 00,001,534 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\creativecommons.xml
[2009/10/16 13:58:44 | 00,002,344 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\eBay.xml
[2009/10/16 13:58:44 | 00,002,371 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\google.xml
[2009/10/16 13:58:44 | 00,001,178 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\wikipedia.xml
[2009/10/16 13:58:44 | 00,000,792 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\yahoo.xml

O1 HOSTS File: (327720 bytes) - C:\Windows\System32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O1 - Hosts: ::1 localhost
O1 - Hosts: 127.0.0.1 www.007guard.com
O1 - Hosts: 127.0.0.1 007guard.com
O1 - Hosts: 127.0.0.1 008i.com
O1 - Hosts: 127.0.0.1 www.008k.com
O1 - Hosts: 127.0.0.1 008k.com
O1 - Hosts: 127.0.0.1 www.00hq.com
O1 - Hosts: 127.0.0.1 00hq.com
O1 - Hosts: 127.0.0.1 010402.com
O1 - Hosts: 127.0.0.1 www.032439.com
O1 - Hosts: 127.0.0.1 032439.com
O1 - Hosts: 127.0.0.1 www.0scan.com
O1 - Hosts: 127.0.0.1 0scan.com
O1 - Hosts: 127.0.0.1 1000gratisproben.com
O1 - Hosts: 127.0.0.1 www.1000gratisproben.com
O1 - Hosts: 127.0.0.1 1001namen.com
O1 - Hosts: 127.0.0.1 www.1001namen.com
O1 - Hosts: 127.0.0.1 100888290cs.com
O1 - Hosts: 127.0.0.1 www.100888290cs.com
O1 - Hosts: 127.0.0.1 www.100sexlinks.com
O1 - Hosts: 127.0.0.1 100sexlinks.com
O1 - Hosts: 127.0.0.1 10sek.com
O1 - Hosts: 127.0.0.1 www.10sek.com
O1 - Hosts: 127.0.0.1 www.1-2005-search.com
O1 - Hosts: 11213 more lines...
O2 - BHO: (&Yahoo! Toolbar Helper) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll (Yahoo! Inc.)
O2 - BHO: (Adobe PDF Link Helper) - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll (Adobe Systems Incorporated)
O2 - BHO: () - {1CB20BF0-BBAE-40A7-93F4-6435FF3D0411} - C:\Program Files\Crawler\Toolbar\ctbr.dll (Crawler.com)
O2 - BHO: (AskBar BHO) - {201f27d4-3704-41d6-89c1-aa35e39143ed} - C:\Program Files\AskBarDis\bar\bin\askBar.dll (Ask.com)
O2 - BHO: (AVG Safe Search) - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG9\avgssie.dll (AVG Technologies CZ, s.r.o.)
O2 - BHO: (SSVHelper Class) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll (Sun Microsystems, Inc.)
O2 - BHO: (AVG Security Toolbar BHO) - {A3BC75A2-1F87-4686-AA43-5347D756017C} - C:\Program Files\AVG\AVG9\Toolbar\IEToolbar.dll ()
O2 - BHO: (SingleInstance Class) - {FDAD4DA1-61A2-4FD8-9C17-86F7AC245081} - C:\Program Files\Yahoo!\Companion\Installs\cpn\YTSingleInstance.dll (Yahoo! Inc)
O3 - HKLM\..\Toolbar: (Ask Toolbar) - {3041d03e-fd4b-44e0-b742-2d9b88305f98} - C:\Program Files\AskBarDis\bar\bin\askBar.dll (Ask.com)
O3 - HKLM\..\Toolbar: (&Crawler Toolbar) - {4B3803EA-5230-4DC3-A7FC-33638F3D3542} - C:\Program Files\Crawler\Toolbar\ctbr.dll (Crawler.com)
O3 - HKLM\..\Toolbar: (AVG Security Toolbar) - {CCC7A320-B3CA-4199-B1A6-9F516DD69829} - C:\Program Files\AVG\AVG9\Toolbar\IEToolbar.dll ()
O3 - HKLM\..\Toolbar: (Yahoo! Toolbar) - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll (Yahoo! Inc.)
O3 - HKU\S-1-5-21-176149683-1902691030-2524617907-1000\..\Toolbar\WebBrowser: (Ask Toolbar) - {3041D03E-FD4B-44E0-B742-2D9B88305F98} - C:\Program Files\AskBarDis\bar\bin\askBar.dll (Ask.com)
O3 - HKU\S-1-5-21-176149683-1902691030-2524617907-1000\..\Toolbar\WebBrowser: (&Crawler Toolbar) - {4B3803EA-5230-4DC3-A7FC-33638F3D3542} - C:\Program Files\Crawler\Toolbar\ctbr.dll (Crawler.com)
O3 - HKU\S-1-5-21-176149683-1902691030-2524617907-1000\..\Toolbar\WebBrowser: (AVG Security Toolbar) - {CCC7A320-B3CA-4199-B1A6-9F516DD69829} - C:\Program Files\AVG\AVG9\Toolbar\IEToolbar.dll ()
O4 - HKLM..\Run: [Adobe ARM] C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe (Adobe Systems Incorporated)
O4 - HKLM..\Run: [Adobe Reader Speed Launcher] C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe (Adobe Systems Incorporated)
O4 - HKLM..\Run: [avast!] C:\Program Files\Alwil Software\Avast4\ashDisp.exe (ALWIL Software)
O4 - HKLM..\Run: [AVG9_TRAY] C:\Program Files\AVG\AVG9\avgtray.exe (AVG Technologies CZ, s.r.o.)
O4 - HKLM..\Run: [CanonMyPrinter] C:\Program Files\Canon\MyPrinter\BJMyPrt.exe (CANON INC.)
O4 - HKLM..\Run: [DT HPW] C:\Program Files\Portrait Displays\HP My Display\DTHtml.exe (Portrait Displays, Inc)
O4 - HKLM..\Run: [PivotSoftware] C:\Program Files\Portrait Displays\Pivot Software\wpctrl.exe ()
O4 - HKLM..\Run: [RtHDVCpl] C:\Program Files\Realtek\Audio\HDA\RtHDVCpl.exe (Realtek Semiconductor)
O4 - HKLM..\Run: [Skytel] C:\Program Files\Realtek\Audio\HDA\SkyTel.exe (Realtek Semiconductor Corp.)
O4 - HKLM..\Run: [SpywareTerminator] C:\Program Files\Spyware Terminator\SpywareTerminatorShield.exe (Crawler.com)
O4 - HKLM..\Run: [StartCCC] C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe (Advanced Micro Devices, Inc.)
O4 - HKLM..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe (Sun Microsystems, Inc.)
O4 - HKLM..\Run: [Windows Defender] C:\Program Files\Windows Defender\MSASCui.exe (Microsoft Corporation)
O4 - HKU\S-1-5-19..\Run: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe (Microsoft Corporation)
O4 - HKU\S-1-5-19..\Run: [WindowsWelcomeCenter] C:\Windows\System32\oobefldr.dll (Microsoft Corporation)
O4 - HKU\S-1-5-20..\Run: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe (Microsoft Corporation)
O4 - HKU\S-1-5-20..\Run: [WindowsWelcomeCenter] C:\Windows\System32\oobefldr.dll (Microsoft Corporation)
O4 - HKU\S-1-5-21-176149683-1902691030-2524617907-1000..\Run: [ccleaner] C:\Program Files\CCleaner\ccleaner.exe (Piriform Ltd)
O4 - HKU\S-1-5-21-176149683-1902691030-2524617907-1000..\Run: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe (Microsoft Corporation)
O4 - HKU\S-1-5-21-176149683-1902691030-2524617907-1000..\Run: [SRS Audio Sandbox] E:\misc\SRSSSC.exe (SRS Labs, Inc.)
O4 - HKLM..\RunOnce: [Malwarebytes' Anti-Malware] C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe (Malwarebytes Corporation)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: BindDirectlyToPropertySetStorage = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 2
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableInstallerDetection = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLUA = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableSecureUIAPaths = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableVirtualization = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: PromptOnSecureDesktop = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ValidateAdminCodeSignatures = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: dontdisplaylastusername = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: legalnoticecaption =
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: legalnoticetext =
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: scforceoption = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: shutdownwithoutlogon = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: undockwithoutlogon = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: FilterAdministratorToken = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableUIADesktopToggle = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats: CF_TEXT = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats: CF_BITMAP = 2
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats: CF_OEMTEXT = 7
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats: CF_DIB = 8
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats: CF_PALETTE = 9
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats: CF_UNICODETEXT = 13
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats: CF_DIBV5 = 17
O8 - Extra context menu item: Crawler Search - File not found
O8 - Extra context menu item: E&xport to Microsoft Excel - C:\Program Files\Microsoft Office\Office12\EXCEL.EXE (Microsoft Corporation)
O9 - Extra Button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - Reg Error: Value error. File not found
O9 - Extra 'Tools' menuitem : S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - Reg Error: Value error. File not found
O9 - Extra Button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\Program Files\Microsoft Office\Office12\REFIEBAR.DLL (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000002 [] - C:\Windows\System32\NapiNSP.dll (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000003 [] - C:\Windows\System32\pnrpnsp.dll (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000004 [] - C:\Windows\System32\pnrpnsp.dll (Microsoft Corporation)
O13 - gopher Prefix: missing
O15 - HKLM\..Trusted Domains: 57 domain(s) and sub-domain(s) not assigned to a zone.
O15 - HKU\.DEFAULT\..Trusted Domains: 57 domain(s) and sub-domain(s) not assigned to a zone.
O15 - HKU\S-1-5-18\..Trusted Domains: 57 domain(s) and sub-domain(s) not assigned to a zone.
O15 - HKU\S-1-5-21-176149683-1902691030-2524617907-1000\..Trusted Domains: 64 domain(s) and sub-domain(s) not assigned to a zone.
O16 - DPF: {85D1F3B2-2A21-11D7-97B9-0010DC2A6243} http://live.amsterdamlivexxx.com/cab/securelogin-devel.cab (SecureLogin class)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Java Plug-in 1.6.0_03)
O16 - DPF: {CAFEEFAC-0016-0000-0003-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Java Plug-in 1.6.0_03)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Java Plug-in 1.6.0_03)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://fpdownload2.macromedia.com/get/shoc...ash/swflash.cab (Shockwave Flash Object)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 68.87.68.166 68.87.74.166
O18 - Protocol\Handler\bwfile-8876480 {9462A756-7B47-47BC-8C80-C34B9B80B32B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\GAPlugProtocol-8876480.dll (Logitech Inc.)
O18 - Protocol\Handler\grooveLocalGWS {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files\Microsoft Office\Office12\GrooveSystemServices.dll (Microsoft Corporation)
O18 - Protocol\Handler\linkscanner {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG9\avgpp.dll (AVG Technologies CZ, s.r.o.)
O18 - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - C:\Program Files\Common Files\microsoft shared\Help\hxds.dll (Microsoft Corporation)
O18 - Protocol\Handler\tbr {4D25FB7A-8902-4291-960E-9ADA051CFBBF} - C:\Program Files\Crawler\Toolbar\ctbr.dll (Crawler.com)
O18 - Protocol\Filter\text/xml {807563E5-5146-11D5-A672-00B0D022E945} - C:\Program Files\Common Files\microsoft shared\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation)
O20 - AppInit_DLLs: (avgrsstx.dll) - C:\Windows\System32\avgrsstx.dll (AVG Technologies CZ, s.r.o.)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O31 - SafeBoot: AlternateShell - cmd.exe
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2006/09/18 17:43:36 | 00,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck) - File not found
O34 - HKLM BootExecute: (autochk) - C:\Windows\System32\autochk.exe (Microsoft Corporation)
O34 - HKLM BootExecute: (*) - File not found
O35 - comfile [open] -- "%1" %* File not found
O35 - exefile [open] -- "%1" %* File not found

NetSvcs: FastUserSwitchingCompatibility - File not found
NetSvcs: Ias - C:\Windows\System32\ias [2009/10/03 20:36:26 | 00,000,000 | ---D | M]
NetSvcs: Irmon - C:\Windows\System32\irmon.dll (Microsoft Corporation)
NetSvcs: Nla - File not found
NetSvcs: Ntmssvc - File not found
NetSvcs: NWCWorkstation - File not found
NetSvcs: Nwsapagent - File not found
NetSvcs: SRService - File not found
NetSvcs: Wmi - C:\Windows\System32\wmi.dll (Microsoft Corporation)
NetSvcs: WmdmPmSp - File not found
NetSvcs: LogonHours - File not found
NetSvcs: PCAudit - File not found
NetSvcs: helpsvc - File not found
NetSvcs: uploadmgr - File not found

========== Files/Folders - Created Within 14 Days ==========

[2009/10/30 19:41:26 | 00,000,000 | ---D | C] -- C:\Users\Jayson\AppData\Roaming\Malwarebytes
[2009/10/30 19:41:15 | 00,038,224 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbamswissarmy.sys
[2009/10/30 19:41:13 | 00,019,160 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbam.sys
[2009/10/30 19:41:13 | 00,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes
[2009/10/30 19:41:13 | 00,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes
[2009/10/30 19:41:12 | 00,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware
[2009/10/30 18:22:37 | 00,160,272 | ---- | C] (Trend Micro Inc.) -- C:\Windows\System32\drivers\tmcomm.sys
[2009/10/30 04:01:41 | 00,000,000 | ---D | C] -- C:\Program Files\Mozilla Firefox
[2009/10/30 03:53:45 | 00,000,000 | ---D | C] -- C:\Users\Jayson\AppData\Roaming\MxBoost
[2009/10/29 21:23:36 | 00,000,000 | ---D | C] -- C:\Program Files\Trend Micro
[2009/10/29 18:35:14 | 00,000,000 | ---D | C] -- C:\Program Files\SmartPopupBlocker
[2009/10/29 08:44:05 | 00,000,000 | -H-D | C] -- C:\$AVG
[2009/10/29 08:42:28 | 00,000,000 | ---D | C] -- C:\ProgramData\avg9
[2009/10/29 08:42:28 | 00,000,000 | ---D | C] -- C:\ProgramData\avg9
[2009/10/29 07:07:11 | 00,000,000 | ---D | C] -- C:\Program Files\Spyware Doctor
[2009/10/17 08:41:12 | 00,000,000 | ---D | C] -- C:\Users\Jayson\AppData\Local\Microsoft Corporation
[2009/10/17 08:39:23 | 00,000,000 | ---D | C] -- C:\Program Files\Microsoft Windows 7 Upgrade Advisor
[2008/01/25 17:07:18 | 00,382,352 | ---- | C] (Sun Microsystems, Inc.) -- C:\Program Files\jre-6u3-windows-i586-p-iftw.exe
[2008/01/25 16:28:49 | 00,318,904 | ---- | C] (Microsoft Corporation) -- C:\Program Files\wmpfirefoxplugin (2).exe
[2008/01/24 18:53:20 | 08,705,840 | ---- | C] (Nullsoft, Inc.) -- C:\Program Files\winamp552_full_emusic-7plus_en-us.exe
[2008/01/24 18:29:13 | 17,924,611 | ---- | C] ( ) -- C:\Program Files\klmcodec370(2).exe
[2008/01/24 18:25:35 | 17,924,611 | ---- | C] ( ) -- C:\Program Files\klmcodec370.exe
[2008/01/24 18:17:58 | 02,625,445 | ---- | C] ( ) -- C:\Program Files\klcodec365b.exe
[2008/01/24 17:19:28 | 00,318,904 | ---- | C] (Microsoft Corporation) -- C:\Program Files\wmpfirefoxplugin.exe
[2008/01/23 20:54:56 | 01,491,592 | ---- | C] (Adobe Systems Incorporated) -- C:\Program Files\install_flash_player.exe
[2008/01/23 20:10:36 | 07,467,056 | ---- | C] (Safer Networking Ltd. ) -- C:\Program Files\spybotsd15.exe
[2008/01/23 20:10:27 | 02,566,736 | ---- | C] (Javacool Software LLC ) -- C:\Program Files\spywareblastersetup351.exe

========== Files - Modified Within 14 Days ==========

[2009/10/30 19:50:08 | 00,000,420 | -H-- | M] () -- C:\Windows\tasks\User_Feed_Synchronization-{92D61703-833E-4108-BBC4-4DCEBE96C73A}.job
[2009/10/30 19:49:57 | 05,505,024 | -HS- | M] () -- C:\Users\Jayson\ntuser.dat
[2009/10/30 19:41:18 | 00,000,818 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes' Anti-Malware.lnk
[2009/10/30 19:27:13 | 00,000,733 | ---- | M] () -- C:\Windows\System32\BIN_STRSBW.SPT
[2009/10/30 18:44:58 | 00,004,432 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
[2009/10/30 18:44:58 | 00,004,432 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
[2009/10/30 18:22:37 | 00,160,272 | ---- | M] (Trend Micro Inc.) -- C:\Windows\System32\drivers\tmcomm.sys
[2009/10/30 16:52:20 | 00,690,960 | ---- | M] () -- C:\Windows\System32\PerfStringBackup.INI
[2009/10/30 16:52:20 | 00,595,446 | ---- | M] () -- C:\Windows\System32\perfh009.dat
[2009/10/30 16:52:20 | 00,101,144 | ---- | M] () -- C:\Windows\System32\perfc009.dat
[2009/10/30 16:45:09 | 00,000,006 | -H-- | M] () -- C:\Windows\tasks\SA.DAT
[2009/10/30 16:44:51 | 00,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2009/10/30 16:44:36 | 32,196,44416 | -HS- | M] () -- C:\hiberfil.sys
[2009/10/30 04:07:27 | 00,524,288 | -HS- | M] () -- C:\Users\Jayson\ntuser.dat{66a71f0f-c4f7-11de-9ce5-0014d11a507a}.TMContainer00000000000000000001.regtrans-ms
[2009/10/30 04:07:27 | 00,065,536 | -HS- | M] () -- C:\Users\Jayson\ntuser.dat{66a71f0f-c4f7-11de-9ce5-0014d11a507a}.TM.blf
[2009/10/30 04:07:15 | 02,491,587 | -H-- | M] () -- C:\Users\Jayson\AppData\Local\IconCache.db
[2009/10/30 04:02:03 | 00,001,724 | ---- | M] () -- C:\Users\Public\Desktop\Mozilla Firefox.lnk
[2009/10/29 22:37:22 | 00,524,288 | -HS- | M] () -- C:\Users\Jayson\ntuser.dat{66a71f0f-c4f7-11de-9ce5-0014d11a507a}.TMContainer00000000000000000002.regtrans-ms
[2009/10/29 22:34:22 | 00,001,647 | ---- | M] () -- C:\Users\Public\Desktop\AVG Free 9.0.lnk
[2009/10/29 22:34:21 | 00,113,461 | ---- | M] () -- C:\Windows\System32\drivers\Avg\iavichjw.avm
[2009/10/29 22:34:21 | 00,028,424 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Windows\System32\drivers\avgmfx86.sys
[2009/10/29 22:34:21 | 00,012,464 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Windows\System32\avgrsstx.dll
[2009/10/29 22:34:20 | 44,405,492 | ---- | M] () -- C:\Windows\System32\drivers\Avg\incavi.avm
[2009/10/29 22:34:17 | 00,067,810 | ---- | M] () -- C:\Windows\System32\drivers\Avg\microavi.avg
[2009/10/29 22:33:37 | 00,360,584 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Windows\System32\drivers\avgtdix.sys
[2009/10/29 22:33:37 | 00,333,192 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Windows\System32\drivers\avgldx86.sys
[2009/10/29 22:21:19 | 00,001,670 | ---- | M] () -- C:\Users\Jayson\Desktop\CCleaner.lnk
[2009/10/29 22:12:08 | 00,370,304 | ---- | M] () -- C:\Windows\System32\FNTCACHE.DAT
[2009/10/29 22:05:29 | 00,524,288 | -HS- | M] () -- C:\Users\Jayson\NTUSER.DAT{d8932e6d-6a6f-11db-b6ab-a038f15a5785}.TMContainer00000000000000000001.regtrans-ms
[2009/10/29 22:05:29 | 00,065,536 | -HS- | M] () -- C:\Users\Jayson\NTUSER.DAT{d8932e6d-6a6f-11db-b6ab-a038f15a5785}.TM.blf
[2009/10/29 08:43:37 | 00,012,464 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Windows\System32\avgrsstx(146).dll
[2009/10/28 19:44:21 | 00,099,864 | ---- | M] () -- C:\Users\Jayson\AppData\Local\GDIPFONTCACHEV1.DAT
[2009/10/25 02:46:00 | 00,000,454 | ---- | M] () -- C:\Windows\tasks\Driver Robot.job
[2009/10/25 01:42:00 | 00,216,576 | ---- | M] () -- C:\Users\Jayson\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2009/10/22 18:46:25 | 00,000,098 | ---- | M] () -- C:\Users\Jayson\webct_upload_applet.properties
[2009/10/17 11:06:41 | 00,000,935 | ---- | M] () -- C:\Users\Public\Desktop\DivX Player.lnk
[2009/10/17 11:06:22 | 00,000,971 | ---- | M] () -- C:\Users\Public\Desktop\DivX Converter.lnk
[2009/10/17 11:05:48 | 00,001,550 | ---- | M] () -- C:\Users\Jayson\Desktop\DivX Movies.lnk
[2009/10/17 08:39:24 | 00,002,046 | ---- | M] () -- C:\Users\Jayson\Desktop\Windows 7 Upgrade Advisor Beta.lnk

========== Files Created - No Company Name ==========

[2009/10/30 19:41:18 | 00,000,818 | ---- | C] () -- C:\Users\Public\Desktop\Malwarebytes' Anti-Malware.lnk
[2009/10/30 04:02:03 | 00,001,724 | ---- | C] () -- C:\Users\Public\Desktop\Mozilla Firefox.lnk
[2009/10/29 22:34:22 | 00,001,647 | ---- | C] () -- C:\Users\Public\Desktop\AVG Free 9.0.lnk
[2009/10/29 22:11:48 | 00,524,288 | -HS- | C] () -- C:\Users\Jayson\ntuser.dat{66a71f0f-c4f7-11de-9ce5-0014d11a507a}.TMContainer00000000000000000002.regtrans-ms
[2009/10/29 22:11:47 | 00,524,288 | -HS- | C] () -- C:\Users\Jayson\ntuser.dat{66a71f0f-c4f7-11de-9ce5-0014d11a507a}.TMContainer00000000000000000001.regtrans-ms
[2009/10/29 22:11:47 | 00,065,536 | -HS- | C] () -- C:\Users\Jayson\ntuser.dat{66a71f0f-c4f7-11de-9ce5-0014d11a507a}.TM.blf
[2009/10/17 11:06:41 | 00,000,935 | ---- | C] () -- C:\Users\Public\Desktop\DivX Player.lnk
[2009/10/17 11:06:22 | 00,000,971 | ---- | C] () -- C:\Users\Public\Desktop\DivX Converter.lnk
[2009/10/17 11:05:48 | 00,001,550 | ---- | C] () -- C:\Users\Jayson\Desktop\DivX Movies.lnk
[2009/10/17 08:39:24 | 00,002,046 | ---- | C] () -- C:\Users\Jayson\Desktop\Windows 7 Upgrade Advisor Beta.lnk
[2009/10/05 22:22:32 | 00,000,012 | ---- | C] () -- C:\Windows\dirsaver.ini
[2009/10/03 21:06:42 | 00,117,248 | ---- | C] () -- C:\Windows\System32\EhStorAuthn.dll
[2009/10/03 21:06:34 | 00,019,944 | ---- | C] () -- C:\Windows\System32\drivers\atapi.sys
[2009/10/03 19:35:03 | 00,073,728 | ---- | C] () -- C:\Windows\System32\RtNicProp32.dll
[2009/10/03 19:33:21 | 00,000,010 | ---- | C] () -- C:\Windows\GSetup.ini
[2009/10/03 04:31:11 | 00,002,304 | ---- | C] () -- C:\Windows\System32\Machnm32.sys
[2009/10/03 01:59:49 | 00,178,176 | ---- | C] () -- C:\Windows\System32\unrar.dll
[2009/10/03 01:59:49 | 00,000,038 | ---- | C] () -- C:\Windows\avisplitter.ini
[2009/10/03 01:59:48 | 00,881,664 | ---- | C] () -- C:\Windows\System32\xvidcore.dll
[2009/10/03 01:59:48 | 00,205,824 | ---- | C] () -- C:\Windows\System32\xvidvfw.dll
[2009/10/03 01:59:47 | 00,085,504 | ---- | C] () -- C:\Windows\System32\ff_vfw.dll
[2009/10/03 01:59:47 | 00,000,547 | ---- | C] () -- C:\Windows\System32\ff_vfw.dll.manifest
[2009/10/03 01:28:15 | 00,142,592 | ---- | C] () -- C:\Windows\System32\drivers\sp_rsdrv2.sys
[2009/10/03 01:27:01 | 00,047,360 | ---- | C] () -- C:\Windows\System32\drivers\Surroundhp_kern_i386.sys
[2009/10/03 01:27:01 | 00,047,104 | ---- | C] () -- C:\Windows\System32\drivers\tshd4_kern_i386.sys
[2009/10/03 01:27:01 | 00,042,112 | ---- | C] () -- C:\Windows\System32\drivers\csiidecoder_kern_i386.sys
[2009/10/03 01:27:01 | 00,039,808 | ---- | C] () -- C:\Windows\System32\drivers\SRS_SSCFilter_i386.sys
[2009/06/03 15:46:00 | 00,159,744 | ---- | C] () -- C:\Windows\System32\atitmmxx.dll
[2008/02/18 18:44:22 | 00,000,680 | ---- | C] () -- C:\Users\Jayson\AppData\Local\d3d9caps.dat
[2008/01/24 18:26:45 | 02,744,083 | ---- | C] () -- C:\Program Files\flac-1.2.1a (2).exe
[2008/01/24 18:23:05 | 02,744,083 | ---- | C] () -- C:\Program Files\flac-1.2.1a.exe
[2008/01/23 20:53:18 | 05,934,460 | ---- | C] () -- C:\Program Files\Zoomquilt_II_Screensaver.zip
[2008/01/23 20:51:50 | 01,656,611 | ---- | C] () -- C:\Program Files\ZoomQuilt.zip
[2008/01/23 20:21:53 | 00,000,954 | ---- | C] () -- C:\Program Files\WM Converter.lnk
[2008/01/23 19:44:06 | 04,129,768 | ---- | C] () -- C:\Program Files\DCPlusPlus-0.699.exe
[2008/01/23 19:43:36 | 03,547,505 | ---- | C] () -- C:\Program Files\sdc21.7z
[2008/01/23 19:42:48 | 03,682,150 | ---- | C] () -- C:\Program Files\sdc211(2).7z
[2008/01/23 19:42:13 | 03,682,150 | ---- | C] () -- C:\Program Files\sdc211.7z
[2008/01/23 19:41:16 | 01,158,444 | ---- | C] () -- C:\Program Files\setup.zip
[2008/01/23 19:25:15 | 00,216,576 | ---- | C] () -- C:\Users\Jayson\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2008/01/23 18:43:25 | 02,491,587 | -H-- | C] () -- C:\Users\Jayson\AppData\Local\IconCache.db
[2008/01/23 17:44:46 | 00,099,864 | ---- | C] () -- C:\Users\Jayson\AppData\Local\GDIPFONTCACHEV1.DAT
[2007/11/06 16:19:28 | 00,053,299 | ---- | C] () -- C:\Windows\System32\pthreadVC.dll
[2006/11/02 08:48:00 | 00,000,174 | -HS- | C] () -- C:\Program Files\desktop.ini
[2006/11/02 08:35:51 | 00,037,665 | ---- | C] () -- C:\Windows\Fonts\GlobalUserInterface.CompositeFont
[2006/11/02 08:35:51 | 00,029,779 | ---- | C] () -- C:\Windows\Fonts\GlobalSerif.CompositeFont
[2006/11/02 08:35:51 | 00,026,489 | ---- | C] () -- C:\Windows\Fonts\GlobalSansSerif.CompositeFont
[2006/11/02 08:35:51 | 00,026,040 | ---- | C] () -- C:\Windows\Fonts\GlobalMonospace.CompositeFont
[2006/11/02 06:23:31 | 00,000,219 | ---- | C] () -- C:\Windows\win.ini
[2006/11/02 06:23:31 | 00,000,219 | ---- | C] () -- C:\Windows\system.ini
[2006/11/02 03:40:29 | 00,013,750 | ---- | C] () -- C:\Windows\System32\pacerprf.ini

========== LOP Check ==========

[2009/10/03 01:09:16 | 00,000,000 | ---D | M] -- C:\Users\Jayson\AppData\Roaming\Application Data
[2009/10/03 19:45:16 | 00,000,000 | ---D | M] -- C:\Users\Jayson\AppData\Roaming\ATI
[2009/10/29 08:05:07 | 00,000,000 | ---D | M] -- C:\Users\Jayson\AppData\Roaming\Azureus
[2009/10/03 04:01:00 | 00,000,000 | ---D | M] -- C:\Users\Jayson\AppData\Roaming\Blitware
[2009/10/03 04:39:36 | 00,000,000 | ---D | M] -- C:\Users\Jayson\AppData\Roaming\DisplayTune
[2009/10/12 15:25:06 | 00,000,000 | ---D | M] -- C:\Users\Jayson\AppData\Roaming\GRETECH
[2009/10/30 04:01:27 | 00,000,000 | ---D | M] -- C:\Users\Jayson\AppData\Roaming\MxBoost
[2009/10/29 22:09:01 | 00,000,000 | ---D | M] -- C:\Users\Jayson\AppData\Roaming\Spyware Terminator
[2009/10/14 20:59:34 | 00,000,000 | ---D | M] -- C:\Users\Jayson\AppData\Roaming\SystemRequirementsLab
[2009/10/25 02:46:00 | 00,000,454 | ---- | M] () -- C:\Windows\Tasks\Driver Robot.job
[2009/10/30 16:45:09 | 00,000,006 | -H-- | M] () -- C:\Windows\Tasks\SA.DAT
[2009/10/30 04:07:31 | 00,013,750 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT
[2009/10/30 19:50:08 | 00,000,420 | -H-- | M] () -- C:\Windows\Tasks\User_Feed_Synchronization-{92D61703-833E-4108-BBC4-4DCEBE96C73A}.job

========== Purity Check ==========



========== Custom Scans ==========


< %systemdrive%\*.exe >

< %systemroot%\system32\drivers\*.sys >
[2008/01/18 21:53:28 | 00,053,376 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\drivers\1394bus.sys
[2009/04/10 23:32:48 | 00,265,688 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\drivers\acpi.sys
[2006/11/02 05:51:38 | 00,420,968 | ---- | M] (Adaptec, Inc.) -- C:\Windows\System32\drivers\adp94xx.sys
[2006/11/02 05:51:32 | 00,297,576 | ---- | M] (Adaptec, Inc.) -- C:\Windows\System32\drivers\adpahci.sys
[2006/11/02 05:50:35 | 00,098,408 | ---- | M] (Adaptec, Inc.) -- C:\Windows\System32\drivers\adpu160m.sys
[2006/11/02 05:51:00 | 00,147,048 | ---- | M] (Adaptec, Inc.) -- C:\Windows\System32\drivers\adpu320.sys
[2009/04/10 21:47:04 | 00,273,920 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\drivers\afd.sys
[2006/11/02 05:49:52 | 00,053,864 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\drivers\AGP440.sys
[2006/11/02 05:49:20 | 00,014,952 | ---- | M] (Acer Laboratories Inc.) -- C:\Windows\System32\drivers\aliide.sys
[2006/11/02 05:49:59 | 00,054,888 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\drivers\AMDAGP.SYS
[2006/11/02 05:49:26 | 00,015,464 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\drivers\amdide.sys
[2006/11/02 04:30:18 | 00,038,912 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\drivers\amdk7.sys
[2006/11/02 04:30:18 | 00,040,960 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\drivers\amdk8.sys
[2006/11/02 05:50:09 | 00,067,688 | ---- | M] (Adaptec, Inc.) -- C:\Windows\System32\drivers\arc.sys
[2006/11/02 05:50:10 | 00,067,688 | ---- | M] (Adaptec, Inc.) -- C:\Windows\System32\drivers\arcsas.sys
[2009/09/15 06:55:19 | 00,020,560 | ---- | M] (ALWIL Software) -- C:\Windows\System32\drivers\aswFsBlk.sys
[2009/09/15 06:55:09 | 00,053,328 | ---- | M] (ALWIL Software) -- C:\Windows\System32\drivers\aswMonFlt.sys
[2009/09/15 06:54:21 | 00,023,152 | ---- | M] (ALWIL Software) -- C:\Windows\System32\drivers\aswRdr.sys
[2009/09/15 06:55:30 | 00,114,768 | ---- | M] (ALWIL Software) -- C:\Windows\System32\drivers\aswSP.sys
[2009/09/15 06:54:30 | 00,052,368 | ---- | M] (ALWIL Software) -- C:\Windows\System32\drivers\aswTdi.sys
[2008/01/18 21:56:30 | 00,017,408 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\drivers\asyncmac.sys
[2009/04/10 23:32:28 | 00,019,944 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\drivers\atapi(252).sys
[2009/04/10 23:32:28 | 00,019,944 | ---- | M] () -- C:\Windows\System32\drivers\atapi.sys
[2009/04/10 23:32:44 | 00,109,032 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\drivers\ataport.sys
[2009/06/03 17:01:34 | 04,989,952 | ---- | M] (ATI Technologies Inc.) -- C:\Windows\System32\drivers\atikmdag.sys
[2009/10/29 22:33:37 | 00,333,192 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Windows\System32\drivers\avgldx86.sys
[2009/10/29 22:34:21 | 00,028,424 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Windows\System32\drivers\avgmfx86.sys
[2009/10/29 22:33:37 | 00,360,584 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Windows\System32\drivers\avgtdix.sys
[2006/11/02 05:49:47 | 00,025,192 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\drivers\battc.sys
[2008/01/18 21:53:32 | 00,012,288 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\drivers\bdasup.sys
[2008/01/18 21:49:12 | 00,006,144 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\drivers\beep.sys
[2008/01/18 21:28:28 | 00,069,632 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\drivers\bowser.sys
[2006/11/02 04:24:45 | 00,013,568 | ---- | M] (Brother Industries, Ltd.) -- C:\Windows\System32\drivers\BrFiltLo.sys
[2006/11/02 04:24:46 | 00,005,248 | ---- | M] (Brother Industries, Ltd.) -- C:\Windows\System32\drivers\BrFiltUp.sys
[2009/04/10 22:42:56 | 00,093,696 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\drivers\bridge.sys
[2006/11/02 04:25:24 | 00,071,808 | ---- | M] (Brother Industries Ltd.) -- C:\Windows\System32\drivers\BrSerId.sys
[2006/11/02 04:24:44 | 00,062,336 | ---- | M] (Brother Industries Ltd.) -- C:\Windows\System32\drivers\BrSerWdm.sys
[2006/11/02 04:24:44 | 00,012,160 | ---- | M] (Brother Industries Ltd.) -- C:\Windows\System32\drivers\BrUsbMdm.sys
[2006/11/02 04:24:47 | 00,011,904 | ---- | M] (Brother Industries Ltd.) -- C:\Windows\System32\drivers\BrUsbSer.sys
[2006/11/02 04:55:23 | 00,039,936 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\drivers\bthmodem.sys
[2008/01/18 21:28:04 | 00,070,144 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\drivers\cdfs.sys
[2009/04/10 21:39:18 | 00,067,072 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\drivers\cdrom.sys
[2006/11/02 04:55:08 | 00,035,328 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\drivers\circlass.sys
[2009/04/10 23:32:44 | 00,125,928 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\drivers\Classpnp.sys
[2006/11/02 05:49:28 | 00,016,488 | ---- | M] (CMD Technology, Inc.) -- C:\Windows\System32\drivers\cmdide.sys
[2006/11/02 05:49:32 | 00,018,280 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\drivers\compbatt.sys
[2009/04/10 23:32:32 | 00,035,304 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\drivers\crashdmp.sys
[2006/11/02 05:49:43 | 00,022,632 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\drivers\crcdisk.sys
[2006/11/02 04:30:18 | 00,038,912 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\drivers\crusoe.sys
[2007/07/26 09:25:08 | 00,042,112 | ---- | M] () -- C:\Windows\System32\drivers\csiidecoder_kern_i386.sys
[2009/04/10 21:14:14 | 00,075,264 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\drivers\dfsc.sys
[2009/04/10 23:32:32 | 00,053,736 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\drivers\disk.sys
[2009/04/10 21:39:12 | 00,019,456 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\drivers\Diskdump.sys
[2006/11/02 05:50:11 | 00,071,272 | ---- | M] (Adaptec, Inc.) -- C:\Windows\System32\drivers\djsvs.sys
[2008/01/18 22:53:04 | 00,130,048 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\drivers\drmk.sys
[2008/01/18 21:53:18 | 00,005,632 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\drivers\drmkaud.sys
[2009/04/10 23:32:30 | 00,027,624 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\drivers\Dumpata.sys
[2008/01/18 21:36:14 | 00,013,312 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\drivers\dxapi.sys
[2009/04/10 21:23:24 | 00,076,288 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\drivers\dxg.sys
[2009/04/10 21:23:50 | 00,626,176 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\drivers\dxgkrnl.sys
[2006/11/02 03:30:54 | 00,117,760 | ---- | M] (Intel Corporation) -- C:\Windows\System32\drivers\E1G60I32.sys
[2009/04/10 23:32:44 | 00,141,288 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\drivers\ecache.sys
[2006/11/02 05:51:34 | 00,316,520 | ---- | M] (Emulex) -- C:\Windows\System32\drivers\elxstor.sys
[2009/04/10 21:13:54 | 00,136,704 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\drivers\exfat.sys
[2009/04/10 21:13:54 | 00,142,848 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\drivers\fastfat.sys
[2008/01/18 21:49:38 | 00,025,088 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\drivers\fdc.sys
[2008/01/18 23:42:32 | 00,058,936 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\drivers\fileinfo.sys
[2008/01/18 21:30:24 | 00,027,648 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\drivers\filetrace.sys
[2008/01/18 21:49:38 | 00,020,480 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\drivers\flpydisk.sys
[2009/04/10 23:32:48 | 00,190,424 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\drivers\fltMgr.sys
[2008/01/18 21:27:58 | 00,012,800 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\drivers\fs_rec.sys
[2009/04/10 23:32:44 | 00,099,816 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\drivers\FWPKCLNT.SYS
[2006/11/02 05:50:04 | 00,058,984 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\drivers\GAGP30KX.SYS
[2009/04/10 21:42:44 | 00,561,152 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\drivers\hdaudbus.sys
[2009/04/10 21:43:04 | 00,236,544 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\drivers\HdAudio.sys
[2006/11/02 04:55:22 | 00,029,184 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\drivers\hidbth.sys
[2009/04/10 21:42:50 | 00,039,424 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\drivers\hidclass.sys
[2006/11/02 04:55:01 | 00,021,504 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\drivers\hidir.sys
[2008/01/18 21:53:18 | 00,025,472 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\drivers\hidparse.sys
[2009/04/10 21:42:50 | 00,012,800 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\drivers\hidusb.sys
[2006/11/02 05:50:10 | 00,037,480 | ---- | M] (Hewlett-Packard Company) -- C:\Windows\System32\drivers\HpCISSs.sys
[2009/04/10 21:45:34 | 00,401,408 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\drivers\http.sys
[2006/11/02 05:49:25 | 00,016,488 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\drivers\i2omgmt.sys
[2006/11/02 05:49:49 | 00,027,752 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\drivers\i2omp.sys
[2008/01/18 21:49:20 | 00,054,784 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\drivers\i8042prt.sys
[2006/11/02 05:51:25 | 00,232,040 | ---- | M] (Intel Corporation) -- C:\Windows\System32\drivers\iaStorV.sys
[2006/11/02 05:50:17 | 00,041,576 | ---- | M] (Intel Corp./ICP vortex GmbH) -- C:\Windows\System32\drivers\iirsp.sys
[2006/11/02 05:49:24 | 00,014,952 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\drivers\intelide.sys
[2006/11/02 04:30:18 | 00,039,424 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\drivers\intelppm.sys
[2008/01/18 21:56:24 | 00,047,616 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\drivers\ipfltdrv.sys
[2006/11/02 04:42:03 | 00,065,536 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\drivers\IPMIDrv.sys
[2008/01/18 21:56:30 | 00,100,864 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\drivers\ipnat.sys
[2008/01/18 21:55:28 | 00,095,744 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\drivers\irda.sys
[2008/01/18 21:55:20 | 00,013,312 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\drivers\irenum.sys
[2006/11/02 05:50:24 | 00,047,208 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\drivers\isapnp.sys
[2006/11/02 05:50:07 | 00,035,944 | ---- | M] (Integrated Technology Express, Inc.) -- C:\Windows\System32\drivers\iteatapi.sys
[2006/11/02 05:50:09 | 00,035,944 | ---- | M] (Integrated Technology Express, Inc.) -- C:\Windows\System32\drivers\iteraid.sys
[2008/01/18 23:41:54 | 00,035,384 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\drivers\kbdclass.sys
[2006/11/02 04:51:12 | 00,015,872 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\drivers\kbdhid.sys
[2009/04/10 21:38:50 | 00,149,504 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\drivers\ks.sys
[2009/06/15 19:15:25 | 00,439,864 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\drivers\ksecdd.sys
[2008/01/18 21:55:04 | 00,047,104 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\drivers\lltdio.sys
[2006/11/02 05:50:04 | 00,065,640 | ---- | M] (LSI Logic) -- C:\Windows\System32\drivers\lsi_fc.sys
[2006/11/02 05:50:05 | 00,065,640 | ---- | M] (LSI Logic) -- C:\Windows\System32\drivers\lsi_sas.sys
[2006/11/02 05:50:10 | 00,065,640 | ---- | M] (LSI Logic) -- C:\Windows\System32\drivers\lsi_scsi.sys
[2008/01/18 21:30:38 | 00,084,480 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\drivers\luafv.sys
[2009/09/10 14:53:50 | 00,019,160 | ---- | M] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbam.sys
[2009/09/10 14:54:06 | 00,038,224 | ---- | M] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbamswissarmy.sys
[2008/01/18 21:50:00 | 00,018,944 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\drivers\mcd.sys
[2009/02/24 18:42:14 | 00,116,736 | ---- | M] (MagicISO, Inc.) -- C:\Windows\System32\drivers\mcdbus.sys
[2006/11/02 05:49:53 | 00,028,776 | ---- | M] (LSI Logic Corporation) -- C:\Windows\System32\drivers\megasas.sys
[2008/01/18 21:57:18 | 00,031,744 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\drivers\modem.sys
[2008/01/18 21:52:20 | 00,041,984 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\drivers\monitor.sys
[2008/01/18 23:41:54 | 00,034,360 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\drivers\mouclass.sys
[2008/01/18 21:49:18 | 00,015,872 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\drivers\mouhid.sys
[2008/01/18 23:42:30 | 00,057,400 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\drivers\mountmgr.sys
[2006/11/02 05:50:16 | 00,078,952 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\drivers\mpio.sys
[2008/01/18 21:54:48 | 00,064,000 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\drivers\mpsdrv.sys
[2006/11/02 05:49:59 | 00,033,384 | ---- | M] (LSI Logic Corporation) -- C:\Windows\System32\drivers\Mraid35x.sys
[2009/04/10 21:14:42 | 00,114,688 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\drivers\mrxdav.sys
[2009/04/10 21:14:30 | 00,105,984 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\drivers\mrxsmb.sys
[2009/04/10 21:14:38 | 00,212,992 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\drivers\mrxsmb10.sys
[2009/04/10 21:14:30 | 00,079,360 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\drivers\mrxsmb20.sys
[2006/11/02 05:49:44 | 00,023,144 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\drivers\msahci.sys
[2006/11/02 05:50:17 | 00,080,488 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\drivers\msdsm.sys
[2008/01/18 21:28:10 | 00,022,528 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\drivers\msfs.sys
[2008/01/18 23:41:16 | 00,016,440 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\drivers\msisadrv.sys
[2009/04/10 23:32:48 | 00,180,712 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\drivers\msiscsi.sys
[2008/01/18 21:49:22 | 00,008,192 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\drivers\mskssrv.sys
[2008/01/18 21:49:20 | 00,005,888 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\drivers\mspclock.sys
[2008/01/18 21:49:20 | 00,005,504 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\drivers\mspqm.sys
[2009/04/10 23:32:48 | 00,161,752 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\drivers\msrpc.sys
[2008/01/18 23:41:50 | 00,031,288 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\drivers\mssmbios.sys
[2008/01/18 21:49:20 | 00,006,016 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\drivers\mstee.sys
[2009/04/10 23:32:32 | 00,048,104 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\drivers\mup.sys
[2009/04/10 23:32:50 | 00,527,848 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\drivers\ndis.sys
[2008/01/18 21:56:26 | 00,020,992 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\drivers\ndistapi.sys
[2008/01/18 21:55:42 | 00,016,896 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\drivers\ndisuio.sys
[2009/04/10 21:46:34 | 00,121,344 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\drivers\ndiswan.sys
[2008/01/18 21:56:30 | 00,049,664 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\drivers\ndproxy.sys
[2008/01/18 21:55:46 | 00,035,840 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\drivers\netbios.sys
[2009/04/10 21:45:38 | 00,185,856 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\drivers\netbt.sys
[2009/04/10 23:32:48 | 00,223,208 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\drivers\netio.sys
[2006/11/02 05:50:19 | 00,045,160 | ---- | M] (IBM Corporation) -- C:\Windows\System32\drivers\nfrd960.sys
[2007/11/06 16:22:06 | 00,034,064 | ---- | M] (CACE Technologies) -- C:\Windows\System32\drivers\npf.sys
[2009/04/10 21:14:02 | 00,035,328 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\drivers\npfs.sys
[2008/01/18 21:55:52 | 00,016,384 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\drivers\nsiproxy.sys
[2009/04/10 23:32:50 | 01,083,880 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\drivers\ntfs.sys
[2006/11/02 03:36:50 | 00,020,608 | ---- | M] (N-trig Innovative Technologies) -- C:\Windows\System32\drivers\ntrigdigi.sys
[2008/01/18 21:49:14 | 00,004,608 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\drivers\null.sys
[2006/11/02 05:50:24 | 00,088,680 | ---- | M] (NVIDIA Corporation) -- C:\Windows\System32\drivers\nvraid.sys
[2006/11/02 05:50:13 | 00,040,040 | ---- | M] (NVIDIA Corporation) -- C:\Windows\System32\drivers\nvstor.sys
[2006/11/02 05:50:40 | 00,106,600 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\drivers\NV_AGP.SYS
[2009/04/10 21:43:30 | 00,148,480 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\drivers\nwifi.sys
[2009/04/10 21:43:06 | 00,062,208 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\drivers\ohci1394.sys
[2009/04/10 21:45:52 | 00,072,192 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\drivers\pacer.sys
[2008/01/18 21:49:34 | 00,079,360 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\drivers\parport.sys
[2009/04/10 23:32:32 | 00,054,248 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\drivers\partmgr.sys
[2008/01/18 21:49:30 | 00,008,704 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\drivers\parvdm.sys
[2009/04/10 23:32:56 | 00,149,480 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\drivers\pci.sys
[2009/04/10 23:32:50 | 00,014,312 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\drivers\pciide.sys
[2009/04/10 23:32:54 | 00,043,496 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\drivers\pciidex.sys
[2006/11/02 05:51:12 | 00,167,528 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\drivers\pcmcia.sys
[2006/11/16 17:20:48 | 00,015,920 | ---- | M] (Portrait Displays, Inc.) -- C:\Windows\System32\drivers\PdiPorts.sys
[2006/11/02 05:04:35 | 00,878,080 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\drivers\PEAuth.sys
[2009/04/10 21:42:52 | 00,167,936 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\drivers\portcls.sys
[2008/01/18 21:27:22 | 00,040,960 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\drivers\processr.sys
[2006/11/02 05:51:45 | 00,900,712 | ---- | M] (QLogic Corporation) -- C:\Windows\System32\drivers\ql2300.sys
[2006/11/02 05:50:35 | 00,106,088 | ---- | M] (QLogic Corporation) -- C:\Windows\System32\drivers\ql40xx.sys
[2008/01/18 21:56:08 | 00,031,232 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\drivers\qwavedrv.sys
[2008/01/18 21:56:32 | 00,011,776 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\drivers\rasacd.sys
[2008/01/18 21:56:36 | 00,076,288 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\drivers\rasl2tp.sys
[2009/04/10 21:46:32 | 00,041,472 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\drivers\raspppoe.sys
[2008/01/18 21:56:36 | 00,062,976 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\drivers\raspptp.sys
[2009/04/10 21:46:42 | 00,069,120 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\drivers\rassstp.sys
[2009/04/10 21:14:30 | 00,225,280 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\drivers\rdbss.sys
[2008/01/18 22:01:10 | 00,006,144 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\drivers\RDPCDD.sys
[2006/11/02 05:03:00 | 00,242,688 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\drivers\rdpdr.sys
[2008/01/18 22:01:10 | 00,006,144 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\drivers\RDPENCDD.sys
[2009/04/10 21:51:28 | 00,180,736 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\drivers\rdpwd.sys
[2009/04/10 21:45:26 | 00,113,664 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\drivers\rmcast.sys
[2009/04/10 21:46:08 | 00,033,280 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\drivers\RNDISMP.sys
[2008/01/18 21:57:16 | 00,008,192 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\drivers\rootmdm.sys
[2008/01/18 21:55:04 | 00,060,416 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\drivers\rspndr.sys
[2009/05/20 21:04:40 | 00,157,536 | ---- | M] (Realtek Semiconductor Corp.) -- C:\Windows\System32\drivers\RtHDMIV.sys
[2009/06/02 06:04:56 | 02,364,960 | ---- | M] (Realtek Semiconductor Corp.) -- C:\Windows\System32\drivers\RTKVHDA.sys
[2009/09/02 03:09:24 | 00,176,128 | ---- | M] (Realtek ) -- C:\Windows\System32\drivers\Rtlh86.sys
[2006/11/02 05:50:16 | 00,076,392 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\drivers\sbp2port.sys
[2008/01/18 23:42:12 | 00,142,904 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\drivers\scsiport.sys
[2006/11/02 02:37:21 | 00,020,480 | ---- | M] (Macrovision Corporation, Macrovision Europe Limited, and Macrovision Japan and Asia K.K.) -- C:\Windows\System32\drivers\secdrv.sys
[2008/01/18 21:49:30 | 00,017,920 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\drivers\serenum.sys
[2008/01/18 21:49:36 | 00,083,456 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\drivers\serial.sys
[2008/01/18 21:49:18 | 00,019,968 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\drivers\sermouse.sys
[2006/11/02 04:51:38 | 00,013,312 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\drivers\sffdisk.sys
[2006/11/02 04:51:40 | 00,012,800 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\drivers\sffp_mmc.sys
[2006/11/02 04:51:40 | 00,012,800 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\drivers\sffp_sd.sys
[2006/11/02 04:51:40 | 00,013,312 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\drivers\sfloppy.sys
[2007/10/03 22:55:08 | 00,080,424 | ---- | M] (Silicon Image, Inc) -- C:\Windows\System32\drivers\SI3132.sys
[2007/10/03 22:55:28 | 00,015,400 | ---- | M] (Silicon Image, Inc) -- C:\Windows\System32\drivers\SiRemFil.sys
[2006/11/02 05:49:51 | 00,053,352 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\drivers\SISAGP.SYS
[2006/11/02 05:50:10 | 00,038,504 | ---- | M] (Silicon Integrated Systems Corp.) -- C:\Windows\System32\drivers\sisraid2.sys
[2006/11/02 05:50:16 | 00,071,784 | ---- | M] (Silicon Integrated Systems) -- C:\Windows\System32\drivers\sisraid4.sys
[2007/10/03 22:55:36 | 00,019,240 | ---- | M] (Silicon Image, Inc) -- C:\Windows\System32\drivers\SiWinAcc.sys
[2009/04/10 21:45:24 | 00,066,560 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\drivers\smb.sys
[2008/01/18 21:49:32 | 00,017,408 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\drivers\smclib.sys
[2008/01/18 23:41:32 | 00,021,048 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\drivers\spldr.sys
[2009/04/10 19:52:42 | 00,684,032 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\drivers\spsys.sys
[2009/10/03 23:27:24 | 00,142,592 | ---- | M] () -- C:\Windows\System32\drivers\sp_rsdrv2.sys
[2007/07/26 09:25:12 | 00,039,808 | ---- | M] () -- C:\Windows\System32\drivers\SRS_SSCFilter_i386.sys
[2009/04/10 21:15:22 | 00,288,768 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\drivers\srv.sys
[2009/09/14 05:29:50 | 00,144,896 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\drivers\srv2.sys
[2009/04/10 21:15:04 | 00,098,816 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\drivers\srvnet.sys
[2009/04/10 23:32:56 | 00,122,344 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\drivers\Storport.sys
[2009/04/10 21:42:48 | 00,052,992 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\drivers\stream.sys
[2007/07/26 09:25:06 | 00,047,360 | ---- | M] () -- C:\Windows\System32\drivers\Surroundhp_kern_i386.sys
[2008/01/18 23:41:16 | 00,015,288 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\drivers\swenum.sys
[2006/11/02 05:50:05 | 00,035,944 | ---- | M] (LSI Logic) -- C:\Windows\System32\drivers\symc8xx.sys
[2006/11/02 05:49:56 | 00,031,848 | ---- | M] (LSI Logic) -- C:\Windows\System32\drivers\sym_hi.sys
[2006/11/02 05:50:03 | 00,034,920 | ---- | M] (LSI Logic) -- C:\Windows\System32\drivers\sym_u3.sys
[2008/01/18 21:49:58 | 00,024,576 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\drivers\tape.sys
[2009/08/14 12:27:34 | 00,904,776 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\drivers\tcpip.sys
[2009/08/14 09:48:21 | 00,030,720 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\drivers\tcpipreg.sys
[2008/01/18 21:57:12 | 00,020,992 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\drivers\tdi.sys
[2008/01/18 22:01:08 | 00,017,920 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\drivers\tdpipe.sys
[2008/01/18 22:01:10 | 00,029,184 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\drivers\tdtcp.sys
[2009/04/10 21:45:58 | 00,072,192 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\drivers\tdx.sys
[2009/04/10 23:32:54 | 00,053,224 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\drivers\termdd.sys
[2009/10/30 18:22:37 | 00,160,272 | ---- | M] (Trend Micro Inc.) -- C:\Windows\System32\drivers\tmcomm.sys
[2007/07/26 09:25:06 | 00,047,104 | ---- | M] () -- C:\Windows\System32\drivers\tshd4_kern_i386.sys
[2008/01/18 22:01:16 | 00,023,552 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\drivers\tssecsrv.sys
[2008/01/18 21:55:42 | 00,015,360 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\drivers\TUNMP.SYS
[2008/01/18 21:55:52 | 00,023,040 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\drivers\tunnel.sys
[2006/11/02 05:49:59 | 00,056,936 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\drivers\UAGP35.SYS
[2009/04/10 21:14:00 | 00,226,816 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\drivers\udfs.sys
[2006/11/02 05:50:04 | 00,058,472 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\drivers\ULIAGPKX.SYS
[2006/11/02 05:51:25 | 00,235,112 | ---- | M] (ULi Electronics Inc.) -- C:\Windows\System32\drivers\uliahci.sys
[2006/11/02 05:50:35 | 00,098,408 | ---- | M] (Promise Technology, Inc.) -- C:\Windows\System32\drivers\ulsata.sys
[2006/11/02 05:50:45 | 00,115,816 | ---- | M] (Promise Technology, Inc.) -- C:\Windows\System32\drivers\ulsata2.sys
[2008/01/18 21:53:42 | 00,034,816 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\drivers\umbus.sys
[2008/01/18 21:53:40 | 00,007,680 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\drivers\umpass.sys
[2009/04/10 21:46:10 | 00,015,872 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\drivers\usb8023.sys
[2009/04/10 21:42:58 | 00,025,856 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\drivers\USBCAMD.sys
[2009/04/10 21:42:58 | 00,025,856 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\drivers\USBCAMD2.sys
[2008/01/18 21:53:30 | 00,073,216 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\drivers\usbccgp.sys
[2006/11/02 04:55:09 | 00,068,608 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\drivers\usbcir.sys
[2008/01/18 21:53:18 | 00,005,888 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\drivers\usbd.sys
[2009/04/10 21:42:54 | 00,039,936 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\drivers\usbehci.sys
[2009/04/10 21:43:18 | 00,196,096 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\drivers\usbhub.sys
[2009/04/10 21:42:54 | 00,019,456 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\drivers\usbohci.sys
[2009/04/10 21:42:58 | 00,226,304 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\drivers\usbport.sys
[2008/01/18 22:14:42 | 00,018,944 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\drivers\usbprint.sys
[2008/01/18 22:14:10 | 00,035,328 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\drivers\usbscan.sys
[2009/04/10 21:42:56 | 00,065,536 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\drivers\USBSTOR.SYS
[2006/11/02 04:55:05 | 00,022,528 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\drivers\usbuhci.sys
[2008/01/18 21:52:08 | 00,025,088 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\drivers\vga.sys
[2006/11/02 04:53:56 | 00,026,112 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\drivers\vgapnp.sys
[2006/11/02 05:49:52 | 00,054,376 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\drivers\VIAAGP.SYS
[2006/11/02 04:30:19 | 00,039,424 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\drivers\viac7.sys
[2006/11/02 05:49:30 | 00,017,512 | ---- | M] (VIA Technologies, Inc.) -- C:\Windows\System32\drivers\viaide.sys
[2008/01/18 21:52:14 | 00,110,080 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\drivers\videoprt.sys
[2008/01/18 23:42:20 | 00,052,792 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\drivers\volmgr.sys
[2009/04/10 23:33:04 | 00,292,840 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\drivers\volmgrx.sys
[2009/04/10 23:32:56 | 00,226,280 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\drivers\volsnap.sys
[2006/11/02 05:50:41 | 00,112,232 | ---- | M] (VIA Technologies Inc.,Ltd) -- C:\Windows\System32\drivers\vsmraid.sys
[2006/11/02 04:52:52 | 00,020,608 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\drivers\wacompen.sys
[2008/01/18 21:56:32 | 00,062,464 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\drivers\wanarp.sys
[2009/04/10 21:22:48 | 00,033,280 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\drivers\watchdog.sys
[2006/11/02 05:49:38 | 00,019,560 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\drivers\wd.sys
[2008/01/18 23:43:28 | 00,503,864 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\drivers\Wdf01000.sys
[2008/01/18 23:42:00 | 00,035,896 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\drivers\WdfLdr.sys
[2008/01/18 21:32:48 | 00,011,264 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\drivers\wmiacpi.sys
[2008/01/18 23:41:22 | 00,017,976 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\drivers\wmilib.sys
[2007/07/26 09:25:06 | 00,032,000 | ---- | M] (SRS Labs, Inc.) -- C:\Windows\System32\drivers\wowhd_kern_i386.sys
[2008/01/18 21:56:50 | 00,015,872 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\drivers\ws2ifsl.sys
[2008/01/18 21:52:52 | 00,051,200 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\drivers\WUDFPf.sys
[2008/01/18 21:53:06 | 00,083,328 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\drivers\WUDFRd.sys

========== Alternate Data Streams ==========

@Alternate Data Stream - 184 bytes -> C:\ProgramData\TEMP:DFC5A2B2
@Alternate Data Stream - 131 bytes -> C:\ProgramData\TEMP:5C321E34
@Alternate Data Stream - 114 bytes -> C:\ProgramData\TEMP:A8ADE5D8
< End of report >


Trend rootkiller

ROOTREPEAL © AD, 2007-2009
==================================================
Scan Start Time: 2009/10/30 20:03
Program Version: Version 1.3.5.0
Windows Version: Windows Vista SP2
==================================================

Drivers
-------------------
Name: dump_atapi.sys
Image Path: C:\Windows\System32\Drivers\dump_atapi.sys
Address: 0x93400000 Size: 32768 File Visible: No Signed: -
Status: -

Name: dump_dumpata.sys
Image Path: C:\Windows\System32\Drivers\dump_dumpata.sys
Address: 0x8A7DD000 Size: 45056 File Visible: No Signed: -
Status: -

Name: rootrepeal.sys
Image Path: C:\Windows\system32\drivers\rootrepeal.sys
Address: 0xAD64F000 Size: 49152 File Visible: No Signed: -
Status: -

Hidden/Locked Files
-------------------
Path: C:\hiberfil.sys
Status: Locked to the Windows API!

Path: C:\System Volume Information\{3808876b-c176-4e48-b7ae-04046e6cc752}
Status: Locked to the Windows API!

Path: C:\System Volume Information\{66A71~1
Status: Locked to the Windows API!

Path: C:\System Volume Information\{6ad8fedb-c4f9-11de-879a-0014d11a507a}{3808876b-c176-4e48-b7ae-04046e6cc752}
Status: Locked to the Windows API!

Path: C:\System Volume Information\{6ad8fff6-c4f9-11de-879a-0014d11a507a}{3808876b-c176-4e48-b7ae-04046e6cc752}
Status: Locked to the Windows API!

Path: C:\System Volume Information\{6ad8fffd-c4f9-11de-879a-0014d11a507a}{3808876b-c176-4e48-b7ae-04046e6cc752}
Status: Locked to the Windows API!

Path: C:\System Volume Information\{89a5277b-b8a7-11de-a0de-0014d11a507a}{3808876b-c176-4e48-b7ae-04046e6cc752}
Status: Locked to the Windows API!

Path: C:\System Volume Information\{89a52788-b8a7-11de-a0de-0014d11a507a}{3808876b-c176-4e48-b7ae-04046e6cc752}
Status: Locked to the Windows API!

Path: C:\System Volume Information\{89a527ff-b8a7-11de-a0de-0014d11a507a}{3808876b-c176-4e48-b7ae-04046e6cc752}
Status: Locked to the Windows API!

Path: C:\System Volume Information\{dfd6511c-c4be-11de-bf65-0014d11a507a}{3808876b-c176-4e48-b7ae-04046e6cc752}
Status: Locked to the Windows API!

Path: C:\System Volume Information\{f0715c38-c480-11de-9f1b-0014d11a507a}{3808876b-c176-4e48-b7ae-04046e6cc752}
Status: Locked to the Windows API!

Path: C:\System Volume Information\{89a528f4-b8a7-11de-a0de-0014d11a507a}{3808876b-c176-4e48-b7ae-04046e6cc752}
Status: Locked to the Windows API!

Path: C:\System Volume Information\{3f203ef4-bc3f-11de-a1fb-0014d11a507a}{3808876b-c176-4e48-b7ae-04046e6cc752}
Status: Locked to the Windows API!

Path: C:\System Volume Information\{3f2043c8-bc3f-11de-a1fb-0014d11a507a}{3808876b-c176-4e48-b7ae-04046e6cc752}
Status: Locked to the Windows API!

Path: C:\System Volume Information\{3f20441b-bc3f-11de-a1fb-0014d11a507a}{3808876b-c176-4e48-b7ae-04046e6cc752}
Status: Locked to the Windows API!

Path: C:\System Volume Information\{3f204e13-bc3f-11de-a1fb-0014d11a507a}{3808876b-c176-4e48-b7ae-04046e6cc752}
Status: Locked to the Windows API!

Path: C:\System Volume Information\{3f20518b-bc3f-11de-a1fb-0014d11a507a}{3808876b-c176-4e48-b7ae-04046e6cc752}
Status: Locked to the Windows API!

Path: C:\System Volume Information\{4f44d235-c41c-11de-ad67-0014d11a507a}{3808876b-c176-4e48-b7ae-04046e6cc752}
Status: Locked to the Windows API!

Path: c:\downloads\directlinks\northlanders_021__2009___steam-dcp_.cbr
Status: Allocation size mismatch (API: 10354688, Raw: 0)

Path: c:\downloads\directlinks\northlanders_021__2009___steam-dcp_.cbr.info
Status: Allocation size mismatch (API: 8, Raw: 0)

Path: C:\ProgramData\avg9\Log\avgchjwsrv.log
Status: Locked to the Windows API!

Path: C:\ProgramData\avg9\Log\avgcore.log
Status: Locked to the Windows API!

Path: C:\ProgramData\avg9\Log\avgrs.log
Status: Locked to the Windows API!

Path: C:\ProgramData\avg9\Log\avgui.log
Status: Locked to the Windows API!

Path: C:\Users\Jayson\Documents\My Videos
Status: Locked to the Windows API!

Path: C:\Windows\System32\wbem\CLFSUN~1.MOF
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\Catalogs\x86_policy.8.0.microsoft.vc80.atl_1fc8b3b9a1e18e3b_8.0.50727.4053_none_4ddfc6cd11929a02.cat
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\Catalogs\x86_microsoft.vc80.mfc_1fc8b3b9a1e18e3b_8.0.50727.762_none_0c178a139ee2a7ed.cat
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\Catalogs\x86_policy.8.0.microsoft.vc80.crt_1fc8b3b9a1e18e3b_8.0.50727.42_none_5c4003bc63e949f6.cat
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\Catalogs\x86_microsoft.vc80.openmp_1fc8b3b9a1e18e3b_8.0.50727.762_none_7b33aa7d218504d2.cat
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\Catalogs\x86_policy.8.0.microsoft.vc80.mfcloc_1fc8b3b9a1e18e3b_8.0.50727.762_none_8dd7dea5d5a7a18a.cat
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\Catalogs\x86_policy.8.0.microsoft.vc80.atl_1fc8b3b9a1e18e3b_8.0.50727.762_none_8e053e8c6967ba9d.cat
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\Catalogs\x86_microsoft.vc80.crt_1fc8b3b9a1e18e3b_8.0.50727.4053_none_d08d7da0442a985d.cat
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\Catalogs\x86_policy.8.0.microsoft.vc80.openmp_1fc8b3b9a1e18e3b_8.0.50727.762_none_abac38a907ee8801.cat
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\Catalogs\x86_policy.8.0.microsoft.vc80.openmp_1fc8b3b9a1e18e3b_8.0.50727.4053_none_6b86c0e9b0196766.cat
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\Catalogs\x86_microsoft.vc80.mfc_1fc8b3b9a1e18e3b_8.0.50727.4053_none_cbf21254470d8752.cat
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\Catalogs\x86_policy.9.0.microsoft.vc90.crt_1fc8b3b9a1e18e3b_9.0.21022.8_none_60a5df56e60dc5df.cat
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\Catalogs\x86_microsoft.vc80.mfcloc_1fc8b3b9a1e18e3b_8.0.50727.762_none_43efccf17831d131.cat
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\Catalogs\x86_policy.8.0.microsoft.vc80.atl_1fc8b3b9a1e18e3b_8.0.50727.42_none_58b19c2866332652.cat
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\Catalogs\x86_policy.8.0.microsoft.vc80.mfcloc_1fc8b3b9a1e18e3b_8.0.50727.4053_none_4db266e67dd280ef.cat
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\Catalogs\x86_policy.8.0.microsoft.vc80.crt_1fc8b3b9a1e18e3b_8.0.50727.762_none_9193a620671dde41.cat
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\Catalogs\x86_microsoft.vc80.crt_1fc8b3b9a1e18e3b_8.0.50727.762_none_10b2f55f9bffb8f8.cat
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\Catalogs\x86_microsoft.vc80.atl_1fc8b3b9a1e18e3b_8.0.50727.42_none_dc990e4797f81af1.cat
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\Catalogs\x86_microsoft.vc80.openmp_1fc8b3b9a1e18e3b_8.0.50727.4053_none_3b0e32bdc9afe437.cat
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\Catalogs\x86_policy.8.0.microsoft.vc80.mfc_1fc8b3b9a1e18e3b_8.0.50727.42_none_54c11df268b7c6d9.cat
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\Catalogs\x86_microsoft.vc80.mfc_1fc8b3b9a1e18e3b_8.0.50727.42_none_d6c3e7af9bae13a2.cat
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\Catalogs\x86_microsoft.vc80.mfcloc_1fc8b3b9a1e18e3b_8.0.50727.4053_none_03ca5532205cb096.cat
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\Catalogs\x86_policy.8.0.microsoft.vc80.mfcloc_1fc8b3b9a1e18e3b_8.0.50727.42_none_58843c41d2730d3f.cat
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\Catalogs\x86_policy.8.0.microsoft.vc80.crt_1fc8b3b9a1e18e3b_8.0.50727.4053_none_516e2e610f48bda6.cat
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\Catalogs\x86_policy.8.0.microsoft.vc80.mfc_1fc8b3b9a1e18e3b_8.0.50727.762_none_8a14c0566bec5b24.cat
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\Catalogs\x86_microsoft.vc80.crt_1fc8b3b9a1e18e3b_8.0.50727.42_none_db5f52fb98cb24ad.cat
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\Catalogs\x86_microsoft.vc80.mfcloc_1fc8b3b9a1e18e3b_8.0.50727.42_none_0e9c2a8d74fd3ce6.cat
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\Catalogs\x86_microsoft.vc80.atl_1fc8b3b9a1e18e3b_8.0.50727.762_none_11ecb0ab9b2caf3c.cat
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\Catalogs\x86_microsoft.vc90.crt_1fc8b3b9a1e18e3b_9.0.21022.8_none_bcb86ed6ac711f91.cat
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\Catalogs\x86_microsoft.vc80.atl_1fc8b3b9a1e18e3b_8.0.50727.4053_none_d1c738ec43578ea1.cat
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\Catalogs\x86_policy.8.0.microsoft.vc80.mfc_1fc8b3b9a1e18e3b_8.0.50727.4053_none_49ef489714173a89.cat
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\x86_microsoft-windows-m..-downlevelmanifests_31bf3856ad364e35_6.0.6002.18005_none_04642e8a80bb8b27\MIFF44~1.MAN
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\x86_microsoft-windows-m..-downlevelmanifests_31bf3856ad364e35_6.0.6002.18005_none_04642e8a80bb8b27\MI7A16~1.MAN
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\x86_microsoft-windows-m..-downlevelmanifests_31bf3856ad364e35_6.0.6002.18005_none_04642e8a80bb8b27\MI2DAF~1.MAN
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\x86_microsoft-windows-m..-downlevelmanifests_31bf3856ad364e35_6.0.6002.18005_none_04642e8a80bb8b27\MICROS~2.MAN
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\x86_microsoft-windows-m..-downlevelmanifests_31bf3856ad364e35_6.0.6002.18005_none_04642e8a80bb8b27\MICROS~4.MAN
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\x86_microsoft-windows-m..-downlevelmanifests_31bf3856ad364e35_6.0.6002.18005_none_04642e8a80bb8b27\TERMIN~4.MAN
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\x86_microsoft-windows-m..-downlevelmanifests_31bf3856ad364e35_6.0.6002.18005_none_04642e8a80bb8b27\MICROS~1.MAN
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\x86_microsoft-windows-m..-downlevelmanifests_31bf3856ad364e35_6.0.6002.18005_none_04642e8a80bb8b27\MI3779~1.MAN
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\x86_microsoft-windows-m..-downlevelmanifests_31bf3856ad364e35_6.0.6002.18005_none_04642e8a80bb8b27\MICROS~3.MAN
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\x86_microsoft-windows-mail-app_31bf3856ad364e35_6.0.6001.18000_none_f1582d884fb532fb\GREENB~1.HTM
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\x86_microsoft-windows-mail-app_31bf3856ad364e35_6.0.6001.18000_none_f1582d884fb532fb\ORANGE~1.HTM
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\x86_microsoft-windows-mail-app_31bf3856ad364e35_6.0.6001.18000_none_f1582d884fb532fb\SHADES~1.HTM
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\x86_microsoft-windows-mail-app_31bf3856ad364e35_6.0.6002.18005_none_f343a6944cd6fe47\GREENB~1.HTM
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\x86_microsoft-windows-mail-app_31bf3856ad364e35_6.0.6002.18005_none_f343a6944cd6fe47\ORANGE~1.HTM
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\x86_microsoft-windows-mail-app_31bf3856ad364e35_6.0.6002.18005_none_f343a6944cd6fe47\SHADES~1.HTM
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\x86_microsoft-windows-shell-comctl32-v5_31bf3856ad364e35_6.0.6001.18000_none_399c1f00d7f7837a\comctl32(153).dll
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\x86_microsoft-windows-slc-component-sku-ocur_31bf3856ad364e35_6.0.6002.18005_none_1a3913896b7e0bf6\SECURI~3.XRM
Status: Locked to the Windows API!

Path: c:\windows\winsxs\x86_microsoft-windows-slc-component-sku-ocur_31bf3856ad364e35_6.0.6002.18005_none_1a3913896b7e0bf6\security-licensing-slc-component-sku-ocur-ppdlic.xrm-ms
Status: Allocation size mismatch (API: 16384, Raw: 4096)

Path: C:\Windows\winsxs\x86_microsoft-windows-slc-component-sku-ocur_31bf3856ad364e35_6.0.6002.18005_none_1a3913896b7e0bf6\SECURI~2.XRM
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\x86_netfx-data_perf_ini_b03f5f7f11d50a3a_6.0.6001.18000_none_c1ee53f025fbd6a3\_DATAP~4.INI
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\x86_netfx-data_perf_ini_b03f5f7f11d50a3a_6.0.6002.18005_none_c1c9d92c264d6ab7\_DATAP~4.INI
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\x86_microsoft-windows-commonlog_31bf3856ad364e35_6.0.6000.16609_none_7ca55ea12a5d5913\CLFSUN~1.MOF
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\x86_microsoft-windows-commonlog_31bf3856ad364e35_6.0.6000.20734_none_7d098a364397cdfd\CLFSUN~1.MOF
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\x86_microsoft-windows-commonlog_31bf3856ad364e35_6.0.6001.18000_none_7e829aad278c05f5\CLFSUN~1.MOF
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\x86_microsoft-windows-commonlog_31bf3856ad364e35_6.0.6002.18005_none_806e13b924add141\CLFSUN~1.MOF
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\x86_policy.1.2.microsof..op.security.azroles_31bf3856ad364e35_6.0.6000.16386_none_ea83414c2e75b887\Microsoft.Interop.Security.AzRoles.config
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\x86_microsoft-windows-n..xcorecomp.resources_31bf3856ad364e35_6.0.6001.18000_en-us_0382b64f92506f7c\_DATAO~1.INI
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\x86_microsoft-windows-n..xcorecomp.resources_31bf3856ad364e35_6.0.6001.18000_en-us_0382b64f92506f7c\_DATAP~2.INI
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\x86_microsoft-windows-n..xcorecomp.resources_31bf3856ad364e35_6.0.6002.18005_en-us_056e2f5b8f723ac8\_DATAO~1.INI
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\x86_microsoft-windows-n..xcorecomp.resources_31bf3856ad364e35_6.0.6002.18005_en-us_056e2f5b8f723ac8\_DATAP~2.INI
Status: Locked to the Windows API!

Path: C:\Program Files\Common Files\microsoft shared\Stationery\GREENB~1.HTM
Status: Locked to the Windows API!

Path: C:\Program Files\Common Files\microsoft shared\Stationery\ORANGE~1.HTM
Status: Locked to the Windows API!

Path: C:\Program Files\Common Files\microsoft shared\Stationery\SHADES~1.HTM
Status: Locked to the Windows API!

Path: C:\Windows\System32\licensing\ppdlic\SECURI~1.XRM
Status: Locked to the Windows API!

Path: C:\Windows\System32\migwiz\dlmanifests\MICROS~3.MAN
Status: Locked to the Windows API!

Path: C:\Windows\System32\migwiz\dlmanifests\MICROS~2.MAN
Status: Locked to the Windows API!

Path: C:\Windows\System32\migwiz\dlmanifests\MI7A16~1.MAN
Status: Locked to the Windows API!

Path: C:\Windows\System32\migwiz\dlmanifests\MI2DAF~1.MAN
Status: Locked to the Windows API!

Path: C:\Windows\System32\migwiz\dlmanifests\MICROS~1.MAN
Status: Locked to the Windows API!

Path: C:\Windows\System32\migwiz\dlmanifests\MICROS~4.MAN
Status: Locked to the Windows API!

Path: C:\Windows\System32\migwiz\dlmanifests\MI3779~1.MAN
Status: Locked to the Windows API!

Path: C:\Windows\System32\migwiz\dlmanifests\MIFF44~1.MAN
Status: Locked to the Windows API!

Path: C:\Windows\System32\migwiz\dlmanifests\TERMIN~4.MAN
Status: Locked to the Windows API!

Path: C:\Windows\System32\wbem\Logs\WMITracing.log
Status: Locked to the Windows API!

Path: C:\Windows\inf\.NET Data Provider for Oracle\0409\_DATAO~1.INI
Status: Locked to the Windows API!

Path: C:\Windows\inf\.NET Data Provider for SqlServer\0000\_DATAP~4.INI
Status: Locked to the Windows API!

Path: C:\Windows\inf\.NET Data Provider for SqlServer\0409\_DATAP~2.INI
Status: Locked to the Windows API!

Path: C:\Windows.old.000\Users\Jayson\Documents\My Videos
Status: Locked to the Windows API!

Path: C:\Windows.old.000\Windows\winsxs\x86_policy.1.2.microsof..op.security.azroles_31bf3856ad364e35_6.0.6000.16386_none_ea83414c2e75b887\Microsoft.Interop.Security.AzRoles.config
Status: Locked to the Windows API!

Path: C:\Windows\assembly\GAC_32\Policy.1.2.Microsoft.Interop.Security.AzRoles\6.0.6000.16386__31bf3856ad364e35\Microsoft.Interop.Security.AzRoles.config
Status: Locked to the Windows API!

Path: C:\Windows\assembly\GAC_32\PresentationCore\3.0.0.0__31bf3856ad364e35\PRESEN~1.CON
Status: Locked to the Windows API!

Path: C:\Windows\Microsoft.NET\Framework\v3.0\WPF\PRESEN~1.CON
Status: Locked to the Windows API!

Path: C:\Windows\System32\licensing\channels\OCUR\SECURI~3.XRM
Status: Locked to the Windows API!

Path: C:\Windows\System32\licensing\channels\OCUR\SECURI~2.XRM
Status: Locked to the Windows API!

Path: C:\Windows.old.000\Windows\assembly\GAC_32\Policy.1.2.Microsoft.Interop.Security.AzRoles\6.0.6000.16386__31bf3856ad364e35\Microsoft.Interop.Security.AzRoles.config
Status: Locked to the Windows API!

Path: c:\users\jayson\appdata\local\mozilla\firefox\profiles\s0073huz.default\cache\_cache_001_
Status: Allocation size mismatch (API: 393216, Raw: 8192)

Path: c:\users\jayson\appdata\local\mozilla\firefox\profiles\s0073huz.default\cache\_cache_002_
Status: Allocation size mismatch (API: 262144, Raw: 4096)

Path: c:\users\jayson\appdata\local\mozilla\firefox\profiles\s0073huz.default\cache\_cache_003_
Status: Allocation size mismatch (API: 589824, Raw: 4096)

Processes
-------------------
Path: System
PID: 4 Status: Locked to the Windows API!

Path: C:\Windows\System32\audiodg.exe
PID: 1652 Status: Locked to the Windows API!

SSDT
-------------------
#: 048 Function Name: NtClose
Status: Hooked by "C:\Windows\system32\drivers\sp_rsdrv2.sys" at address 0x9391388e

#: 060 Function Name: NtCreateFile
Status: Hooked by "C:\Windows\system32\drivers\sp_rsdrv2.sys" at address 0x939130ec

#: 064 Function Name: NtCreateKey
Status: Hooked by "C:\Windows\system32\drivers\sp_rsdrv2.sys" at address 0x93912dce

#: 075 Function Name: NtCreateSection
Status: Hooked by "C:\Windows\system32\drivers\sp_rsdrv2.sys" at address 0x93914938

#: 123 Function Name: NtDeleteKey
Status: Hooked by "C:\Windows\system32\drivers\sp_rsdrv2.sys" at address 0x93912ed8

#: 126 Function Name: NtDeleteValueKey
Status: Hooked by "C:\Windows\system32\drivers\sp_rsdrv2.sys" at address 0x93912fc2

#: 165 Function Name: NtLoadDriver
Status: Hooked by "C:\Windows\system32\drivers\sp_rsdrv2.sys" at address 0x93913bbc

#: 186 Function Name: NtOpenFile
Status: Hooked by "C:\Windows\system32\drivers\sp_rsdrv2.sys" at address 0x939133f4

#: 301 Function Name: NtSetInformationFile
Status: Hooked by "C:\Windows\system32\drivers\sp_rsdrv2.sys" at address 0x93913526

#: 324 Function Name: NtSetValueKey
Status: Hooked by "C:\Windows\system32\drivers\sp_rsdrv2.sys" at address 0x93912bfc

#: 334 Function Name: NtTerminateProcess
Status: Hooked by "C:\Windows\system32\drivers\sp_rsdrv2.sys" at address 0x93913b04

#: 355 Function Name: NtWriteFile
Status: Hooked by "C:\Windows\system32\drivers\sp_rsdrv2.sys" at address 0x9391370c

==EOF==

I hope this helps!

BC AdBot (Login to Remove)

 


#2 Farbar

Farbar

    Just Curious


  • Security Developer
  • 21,716 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:The Netherlands
  • Local time:01:00 PM

Posted 31 October 2009 - 07:55 AM

Hi Jayson.T,

Welcome to BC HijackThis forum. I am farbar. I am going to assist you with your problem.

Please refrain from making any changes to your system (scanning or running other tools, updating Windows, installing applications, removing files, etc.) from now on as it might interfere with our fixes. Please let me know in your next reply if you agree with this.
  • I do not recommend that you have more than one anti virus product installed and running on your computer at a time. The reason for this is that if both products have their automatic (Real-Time) protection switched on, then those products which do not encrypt the virus strings within them can cause other anti virus products to cause "false alarms". It can also lead to a clash as both products fight for access to files which are opened again this is the resident/automatic protection. In general terms, the two programs may conflict and cause:
    1) False Alarms: When the anti virus software tells you that your PC has a virus when it actually doesn't.
    2) System Performance Problems: Your system may lock up due to both products attempting to access the same file at the same time.
    Therefore please go to add/remove in the control panel and remove either AVG or Avast.

  • Open your Malwarebytes' Anti-Malware.
    • First update it, to do that under the Update tab press "Check for Updates".
    • Under Scanner tab select "Perform Quick Scan", then click Scan.
    • When the scan is complete, click OK, then Show Results to view the results.
    • Make sure that everything is checked, and click Remove Selected.
    • When disinfection is completed, a log will open in Notepad and you may be prompted to Restart.(See Extra Note)
    • The log is automatically saved by MBAM and can be viewed by clicking the Logs tab in MBAM.
    • Copy&Paste the MBAM log.
    Extra Note:
    If MBAM encounters a file that is difficult to remove,you will be presented with 1 of 2 prompts,click OK to either and let MBAM proceed with the disinfection process,if asked to restart the computer,please do so immediately.


  • Download ComboFix from one of these locations:

    Link 1
    Link 2
    Link 3

    * IMPORTANT !!! Save ComboFix.exe to your Desktop

    • Disable your AntiVirus and AntiSpyware applications. They may otherwise interfere with our tools. (Information on A/V control HERE)
    • Double click on ComboFix.exe & follow the prompts.
    When finished, it shall produce a log for you. Please copy and paste the C:\ComboFix.txt in your next reply.


#3 Jayson.T

Jayson.T
  • Topic Starter

  • Members
  • 37 posts
  • OFFLINE
  •  
  • Local time:06:00 AM

Posted 31 October 2009 - 06:39 PM

Hi Farbar,

I really appreciate your help! Of course I'll do whatever you ask.

I don't know if this matters, but I have Vista Home Basic. I ran Malwarebytes' Anti-Malware but the results came back clean. There was nothing in the log! Yet I still get redirected when I do a Google search or visit a website like yahoo or facebook.

I installed ComboFix onto my desktop as you instructed. It told me to reboot because it came across rootkits. However, once the computer rebooted the ComboFix did nothing - the program never came back on. Did I do something wrong?

By the way, I uninstalled AVG.

#4 Farbar

Farbar

    Just Curious


  • Security Developer
  • 21,716 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:The Netherlands
  • Local time:01:00 PM

Posted 31 October 2009 - 07:13 PM

Thanks for the feedback.

Please post the MBAM log anyway.

I'm aware of your OS as it is on the log you have already posted. You did nothing wrong and sometime it happens that something prevent ComboFix on reboot to run, specially on Vista. Please run it again.

#5 Jayson.T

Jayson.T
  • Topic Starter

  • Members
  • 37 posts
  • OFFLINE
  •  
  • Local time:06:00 AM

Posted 31 October 2009 - 07:29 PM

I retried ComboFix, but the same problem occurred. Also, here's the second log for MBAM:

Malwarebytes' Anti-Malware 1.41
Database version: 3072
Windows 6.0.6002 Service Pack 2

10/31/2009 8:27:12 PM
mbam-log-2009-10-31 (20-27-12).txt

Scan type: Quick Scan
Objects scanned: 91216
Time elapsed: 4 minute(s), 12 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 0

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
(No malicious items detected)

#6 Farbar

Farbar

    Just Curious


  • Security Developer
  • 21,716 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:The Netherlands
  • Local time:01:00 PM

Posted 01 November 2009 - 06:51 AM

  • Please perform the following scan:
    • Download DDS by sUBs from the following links. Save it to your desktop.
    • DDS.scr
    • DDS.pif
  • Double click on the DDS icon, allow it to run. When done it will open two logs:
    • DDS.txt
    • Attach.txt
  • Copy and paste the logs to your reply.

Download GMER Rootkit Scanner from here or here.
  • Extract the contents of the zipped file to desktop.
  • Temporarily disable any real-time active protection so your security program drivers will not conflict with gmer's driver.
  • Click on this link to see a list of programs that should be disabled.
  • Disconnect from the Internet and close all running programs.
  • Double click GMER.exe. If asked to allow gmer.sys driver to load, please consent .
  • If it gives you a warning about rootkit activity and asks if you want to run scan...click on NO.
  • In the right panel, you will see several boxes that have been checked. Make sure the following are unchecked:
    • Sections
    • IAT/EAT
    • Drives/Partition other than C:\ drive (C:\ drive should remain checked)
  • Then click the Scan button & wait for it to begin. (Please be patient as it can take some time to complete).
  • When the scan is finished, you will see the scan button appears again. Click Save to save the scan results to your Desktop.
  • Save the file as gmer.log and copy/paste the contents in your next reply.


#7 Jayson.T

Jayson.T
  • Topic Starter

  • Members
  • 37 posts
  • OFFLINE
  •  
  • Local time:06:00 AM

Posted 01 November 2009 - 10:11 AM

Hello,

Here are the scan results from DDS:


DDS (Ver_09-10-26.01) - NTFSx86
Run by Jayson at 8:45:11.61 on Sun 11/01/2009
Internet Explorer: 7.0.6002.18005
Microsoft® Windows Vista™ Home Basic 6.0.6002.2.1252.1.1033.18.3070.1553 [GMT -5:00]

SP: Windows Defender *enabled* (Updated) {D68DDC3A-831F-4FAE-9E44-DA132C1ACF46}

============== Running Processes ===============

C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\svchost.exe -k rpcss
C:\Windows\system32\atiesrxx.exe
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\SLsvc.exe
C:\Windows\system32\atieclxx.exe
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\svchost.exe -k NetworkService
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Windows\system32\Dwm.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\Windows\Explorer.EXE
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\taskeng.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Windows\system32\taskeng.exe
C:\Program Files\AskBarDis\bar\bin\AskService.exe
C:\Program Files\AskBarDis\bar\bin\ASKUpgrade.exe
C:\Program Files\Spyware Doctor\BDT\BDTUpdateService.exe
C:\Program Files\Common Files\Portrait Displays\Shared\DTSRVC.exe
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\Program Files\Spyware Doctor\pctsAuxs.exe
C:\Windows\system32\svchost.exe -k imgsvc
C:\Windows\System32\svchost.exe -k WerSvcGroup
C:\Windows\system32\SearchIndexer.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe
C:\Program Files\Canon\MyPrinter\BJMYPRT.EXE
C:\Program Files\Portrait Displays\Pivot Software\wpCtrl.exe
C:\Program Files\Portrait Displays\HP My Display\dthtml.exe
C:\Program Files\Realtek\Audio\HDA\RtHDVCpl.exe
C:\Program Files\Alwil Software\Avast4\ashDisp.exe
C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
C:\Program Files\Windows Sidebar\sidebar.exe
E:\misc\SRSSSC.exe
C:\Program Files\Portrait Displays\Pivot Software\floater.exe
C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe
C:\Program Files\Common Files\Portrait Displays\Shared\HookManager.exe
C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CCC.exe
C:\Program Files\Windows Defender\MSASCui.exe
C:\Windows\System32\svchost.exe -k secsvcs
C:\Program Files\Spyware Doctor\pctsSvc.exe
C:\Program Files\Spyware Doctor\pctsTray.exe
C:\Program Files\Spyware Doctor\TFEngine\TFService.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Windows\system32\SearchProtocolHost.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Windows\system32\msfeedssync.exe
C:\Users\Jayson\Desktop\dds.scr
C:\Windows\system32\wbem\wmiprvse.exe

============== Pseudo HJT Report ===============

uURLSearchHooks: Yahoo! Toolbar: {ef99bd32-c1fb-11d2-892f-0090271d4f88} - c:\program files\yahoo!\companion\installs\cpn\yt.dll
mURLSearchHooks: H - No File
BHO: &Yahoo! Toolbar Helper: {02478d38-c3f9-4efb-9b51-7695eca05670} - c:\program files\yahoo!\companion\installs\cpn\yt.dll
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll
BHO: : {1cb20bf0-bbae-40a7-93f4-6435ff3d0411} - c:\progra~1\crawler\toolbar\ctbr.dll
BHO: AskBar BHO: {201f27d4-3704-41d6-89c1-aa35e39143ed} - c:\program files\askbardis\bar\bin\askBar.dll
BHO: PC Tools Browser Guard BHO: {2a0f3d1b-0909-4ff4-b272-609cce6054e7} - c:\program files\spyware doctor\bdt\PCTBrowserDefender.dll
BHO: AVG Safe Search: {3ca2f312-6f6e-4b53-a66e-4e65e497c8c0} - c:\program files\avg\avg9\avgssie.dll
BHO: SSVHelper Class: {761497bb-d6f0-462c-b6eb-d4daf1d92d43} - c:\program files\java\jre1.6.0_03\bin\ssv.dll
BHO: SingleInstance Class: {fdad4da1-61a2-4fd8-9c17-86f7ac245081} - c:\program files\yahoo!\companion\installs\cpn\YTSingleInstance.dll
TB: Yahoo! Toolbar: {ef99bd32-c1fb-11d2-892f-0090271d4f88} - c:\program files\yahoo!\companion\installs\cpn\yt.dll
TB: {CCC7A320-B3CA-4199-B1A6-9F516DD69829} - No File
TB: &Crawler Toolbar: {4b3803ea-5230-4dc3-a7fc-33638f3d3542} - c:\progra~1\crawler\toolbar\ctbr.dll
TB: Ask Toolbar: {3041d03e-fd4b-44e0-b742-2d9b88305f98} - c:\program files\askbardis\bar\bin\askBar.dll
TB: PC Tools Browser Guard: {472734ea-242a-422b-adf8-83d1e48cc825} - c:\program files\spyware doctor\bdt\PCTBrowserDefender.dll
uRun: [Sidebar] c:\program files\windows sidebar\sidebar.exe /autoRun
uRun: [SRS Audio Sandbox] e:\misc\SRSSSC.exe /hideme
mRun: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide
mRun: [StartCCC] "c:\program files\ati technologies\ati.ace\core-static\CLIStart.exe" MSRun
mRun: [SunJavaUpdateSched] "c:\program files\java\jre1.6.0_03\bin\jusched.exe"
mRun: [CanonMyPrinter] c:\program files\canon\myprinter\BJMyPrt.exe /logon
mRun: [PivotSoftware] "c:\program files\portrait displays\pivot software\wpctrl.exe"
mRun: [DT HPW] c:\program files\portrait displays\hp my display\DTHtml.exe -startup_folder
mRun: [RtHDVCpl] c:\program files\realtek\audio\hda\RtHDVCpl.exe
mRun: [Skytel] c:\program files\realtek\audio\hda\Skytel.exe
mRun: [avast!] c:\progra~1\alwils~1\avast4\ashDisp.exe
mRun: [Adobe Reader Speed Launcher] "c:\program files\adobe\reader 9.0\reader\Reader_sl.exe"
mRun: [Adobe ARM] "c:\program files\common files\adobe\arm\1.0\AdobeARM.exe"
mRun: [ISTray] "c:\program files\spyware doctor\pctsTray.exe"
StartupFolder: c:\progra~2\micros~1\windows\startm~1\programs\startup\logite~1.lnk - c:\program files\logitech\desktop messenger\8876480\program\LogitechDesktopMessenger.exe
mPolicies-explorer: BindDirectlyToPropertySetStorage = 0 (0x0)
mPolicies-system: EnableUIADesktopToggle = 0 (0x0)
IE: Crawler Search - tbr:iemenu
IE: E&xport to Microsoft Excel - c:\progra~1\micros~3\office12\EXCEL.EXE/3000
IE: {2670000A-7350-4f3c-8081-5663EE0C6C49}
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~3\office12\REFIEBAR.DLL
LSP: c:\program files\common files\pc tools\lsp\PCTLsp.dll
DPF: {85D1F3B2-2A21-11D7-97B9-0010DC2A6243} - hxxp://live.amsterdamlivexxx.com/cab/securelogin-devel.cab
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_03-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0003-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_03-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_03-windows-i586.cab
DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
Handler: bwfile-8876480 - {9462A756-7B47-47BC-8C80-C34B9B80B32B} - c:\program files\logitech\desktop messenger\8876480\program\GAPlugProtocol-8876480.dll
Handler: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - c:\progra~1\micros~3\office12\GR99D3~1.DLL
Handler: tbr - {4D25FB7A-8902-4291-960E-9ADA051CFBBF} - c:\progra~1\crawler\toolbar\ctbr.dll

================= FIREFOX ===================

FF - ProfilePath - c:\users\jayson\appdata\roaming\mozilla\firefox\profiles\s0073huz.default\
FF - prefs.js: browser.startup.homepage - hxxp://www.yahoo.com/
FF - component: c:\users\jayson\appdata\roaming\mozilla\firefox\profiles\s0073huz.default\extensions\firedownload@mozilla.org\components\firedownload.dll
FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\microsoft.net\framework\v3.5\windows presentation foundation\dotnetassistantextension\

---- FIREFOX POLICIES ----
FF - user.js: yahoo.homepage.dontask - truec:\program files\mozilla firefox\greprefs\security-prefs.js - pref("security.ssl3.rsa_seed_sha", true);

============= SERVICES / DRIVERS ===============

R0 PCTCore;PCTools KDS;c:\windows\system32\drivers\PCTCore.sys [2009-10-31 207280]
R0 TfFsMon;TfFsMon;c:\windows\system32\drivers\TfFsMon.sys [2009-10-31 51984]
R0 TfSysMon;TfSysMon;c:\windows\system32\drivers\TfSysMon.sys [2009-10-31 59664]
R1 aswSP;avast! Self Protection;c:\windows\system32\drivers\aswSP.sys [2009-10-10 114768]
R1 pctgntdi;pctgntdi;c:\windows\system32\drivers\pctgntdi.sys [2009-10-31 229304]
R2 AMD External Events Utility;AMD External Events Utility;c:\windows\system32\atiesrxx.exe [2009-6-3 176128]
R2 ASKService;ASKService;c:\program files\askbardis\bar\bin\AskService.exe [2009-10-6 464264]
R2 ASKUpgrade;ASKUpgrade;c:\program files\askbardis\bar\bin\ASKUpgrade.exe [2009-10-6 234888]
R2 aswFsBlk;aswFsBlk;c:\windows\system32\drivers\aswFsBlk.sys [2009-10-10 20560]
R2 aswMonFlt;aswMonFlt;c:\windows\system32\drivers\aswMonFlt.sys [2008-4-18 53328]
R2 Browser Defender Update Service;Browser Defender Update Service;c:\program files\spyware doctor\bdt\BDTUpdateService.exe [2009-10-31 112592]
R2 sdAuxService;PC Tools Auxiliary Service;c:\program files\spyware doctor\pctsAuxs.exe [2009-10-31 358600]
R3 pctplsg;pctplsg;c:\windows\system32\drivers\pctplsg.sys [2009-10-31 70408]
R3 TfNetMon;TfNetMon;c:\windows\system32\drivers\TfNetMon.sys [2009-10-31 33552]
R3 ThreatFire;ThreatFire;c:\program files\spyware doctor\tfengine\tfservice.exe service --> c:\program files\spyware doctor\tfengine\TFService.exe service [?]
S3 NPF;NetGroup Packet Filter Driver;c:\windows\system32\drivers\npf.sys [2007-11-6 34064]

=============== Created Last 30 ================

2009-11-01 00:01:54 80424 ----a-w- c:\windows\system32\drivers\SI3132.sys
2009-10-31 22:11:45 2 --shatr- c:\windows\winstart.bat
2009-10-31 22:11:18 0 d-----w- c:\program files\UnHackMe
2009-10-31 21:38:40 0 d-----w- c:\program files\Sophos
2009-10-31 21:24:43 36 ---h--r- c:\windows\sued.dat
2009-10-31 21:23:48 0 d-----w- c:\program files\SpyWall
2009-10-31 17:37:27 98816 ----a-w- c:\windows\sed.exe
2009-10-31 17:37:27 77312 ----a-w- c:\windows\MBR.exe
2009-10-31 17:37:27 236544 ----a-w- c:\windows\PEV.exe
2009-10-31 17:37:27 161792 ----a-w- c:\windows\SWREG.exe
2009-10-31 12:29:44 0 d-----w- c:\program files\common files\Scanner
2009-10-31 06:00:46 59664 --s---w- c:\windows\system32\drivers\TfSysMon.sys
2009-10-31 06:00:46 51984 --s---w- c:\windows\system32\drivers\TfFsMon.sys
2009-10-31 06:00:46 33552 --s---w- c:\windows\system32\drivers\TfNetMon.sys
2009-10-31 05:54:39 882 ----a-w- c:\windows\RegSDImport.xml
2009-10-31 05:54:39 767952 ----a-w- c:\windows\BDTSupport.dll
2009-10-31 05:54:38 880 ----a-w- c:\windows\RegISSImport.xml
2009-10-31 05:54:38 149456 ----a-w- c:\windows\SGDetectionTool.dll
2009-10-31 05:54:38 131 ----a-w- c:\windows\IDB.zip
2009-10-31 05:54:37 165840 ----a-w- c:\windows\PCTBDRes.dll
2009-10-31 05:54:37 1636304 ----a-w- c:\windows\PCTBDCore.dll
2009-10-31 05:54:37 1152470 ----a-w- c:\windows\UDB.zip
2009-10-31 05:53:59 97208 ----a-w- c:\windows\system32\drivers\pctwfpfilter.sys
2009-10-31 05:53:59 7387 ----a-w- c:\windows\system32\drivers\pctgntdi.cat
2009-10-31 05:53:59 229304 ----a-w- c:\windows\system32\drivers\pctgntdi.sys
2009-10-31 05:53:45 7383 ----a-w- c:\windows\system32\drivers\pctcore.cat
2009-10-31 05:53:44 87784 ----a-w- c:\windows\system32\drivers\PCTAppEvent.sys
2009-10-31 05:53:44 7412 ----a-w- c:\windows\system32\drivers\PCTAppEvent.cat
2009-10-31 05:53:44 207280 ----a-w- c:\windows\system32\drivers\PCTCore.sys
2009-10-31 05:53:21 7383 ----a-w- c:\windows\system32\drivers\pctplsg.cat
2009-10-31 05:53:21 70408 ----a-w- c:\windows\system32\drivers\pctplsg.sys
2009-10-31 05:52:55 0 d-----w- c:\users\jayson\appdata\roaming\PC Tools
2009-10-31 05:52:55 0 d-----w- c:\programdata\PC Tools
2009-10-31 05:52:55 0 d-----w- c:\program files\common files\PC Tools
2009-10-30 23:41:26 0 d-----w- c:\users\jayson\appdata\roaming\Malwarebytes
2009-10-30 23:41:15 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2009-10-30 23:41:13 19160 ----a-w- c:\windows\system32\drivers\mbam.sys
2009-10-30 23:41:13 0 d-----w- c:\programdata\Malwarebytes
2009-10-30 23:41:12 0 d-----w- c:\program files\Malwarebytes' Anti-Malware
2009-10-30 07:53:45 0 d-----w- c:\users\jayson\appdata\roaming\MxBoost
2009-10-30 02:24:49 310784 ----a-w- c:\windows\system32\unregmp2.exe
2009-10-30 02:24:42 8147456 ----a-w- c:\windows\system32\wmploc.DLL
2009-10-30 02:11:48 524288 --sha-w- c:\users\jayson\ntuser.dat{66a71f0f-c4f7-11de-9ce5-0014d11a507a}.TMContainer00000000000000000002.regtrans-ms
2009-10-30 02:11:47 65536 --sha-w- c:\users\jayson\ntuser.dat{66a71f0f-c4f7-11de-9ce5-0014d11a507a}.TM.blf
2009-10-30 02:11:47 524288 --sha-w- c:\users\jayson\ntuser.dat{66a71f0f-c4f7-11de-9ce5-0014d11a507a}.TMContainer00000000000000000001.regtrans-ms
2009-10-30 01:23:36 0 d-----w- c:\program files\Trend Micro
2009-10-29 22:35:14 0 d-----w- c:\program files\SmartPopupBlocker
2009-10-29 12:44:05 0 d--h--w- C:\$AVG
2009-10-29 12:42:28 0 d-----w- c:\programdata\avg9
2009-10-29 11:07:11 0 d-----w- c:\program files\Spyware Doctor
2009-10-17 12:39:23 0 d-----w- c:\program files\Microsoft Windows 7 Upgrade Advisor
2009-10-16 02:10:29 0 d-----w- c:\programdata\Adobe
2009-10-15 00:59:38 0 d-----w- c:\program files\SystemRequirementsLab
2009-10-13 22:31:56 218624 ----a-w- c:\windows\system32\msv1_0.dll
2009-10-13 22:31:40 834048 ----a-w- c:\windows\system32\wininet.dll
2009-10-13 22:31:16 78336 ----a-w- c:\windows\system32\ieencode.dll
2009-10-13 22:30:48 3548216 ----a-w- c:\windows\system32\ntoskrnl.exe
2009-10-13 22:30:47 3600456 ----a-w- c:\windows\system32\ntkrnlpa.exe
2009-10-13 22:30:38 60928 ----a-w- c:\windows\system32\msasn1.dll
2009-10-13 22:30:33 144896 ----a-w- c:\windows\system32\drivers\srv2.sys
2009-10-13 22:30:30 604672 ----a-w- c:\windows\system32\WMSPDMOD.DLL
2009-10-10 15:49:19 499712 ----a-w- c:\windows\system32\MSVCP71.dll
2009-10-10 15:49:19 348160 ----a-w- c:\windows\system32\MSVCR71.dll
2009-10-10 15:49:19 1060864 ----a-w- c:\windows\system32\MFC71.dll
2009-10-10 15:05:37 0 d--h--w- c:\programdata\CanonBJ
2009-10-10 15:04:53 215040 ----a-w- c:\windows\system32\CNMLM95.DLL
2009-10-08 01:59:38 98 ----a-w- c:\users\jayson\webct_upload_applet.properties
2009-10-07 03:23:50 0 d-----w- c:\programdata\Azureus
2009-10-07 03:23:03 0 d-----w- c:\program files\AskBarDis
2009-10-06 02:22:32 12 ----a-w- c:\windows\dirsaver.ini
2009-10-06 02:22:03 2598148 ----a-w- c:\windows\Zoomquilt Screensaver.scr
2009-10-06 01:25:20 0 d-----w- c:\users\jayson\Logitech
2009-10-06 01:22:34 127034 ------r- c:\windows\bwUnin-8.1.1.50-8876480SL.exe
2009-10-05 20:43:26 0 ---ha-w- c:\windows\system32\drivers\Msft_User_WpdFs_01_00_00.Wdf
2009-10-04 22:40:12 0 d-----w- c:\windows\pss
2009-10-04 22:34:06 116736 ----a-w- c:\windows\system32\drivers\mcdbus.sys
2009-10-04 18:16:02 0 d-----w- c:\program files\WinPcap
2009-10-04 11:20:20 0 d-----w- c:\program files\ConvertHelper
2009-10-04 11:18:53 0 d-----w- c:\users\jayson\dwhelper
2009-10-04 04:00:09 0 d-----w- c:\windows\PCHEALTH
2009-10-04 03:45:45 113 ----a-w- c:\windows\system32\BIN_STRSBW.SPT
2009-10-04 03:20:08 0 d-----w- c:\programdata\Spybot - Search & Destroy
2009-10-04 01:17:27 0 d-----w- c:\windows\system32\eu-ES
2009-10-04 01:17:27 0 d-----w- c:\windows\system32\ca-ES
2009-10-04 01:17:22 0 d-----w- c:\windows\system32\vi-VN
2009-10-04 01:14:11 0 d-----w- c:\windows\system32\SPReview
2009-10-04 01:06:59 97792 ----a-w- c:\windows\system32\oleprn.dll
2009-10-04 01:05:59 744448 ----a-w- c:\windows\system32\wbem\wbemcore.dll
2009-10-04 01:04:07 0 d-----w- c:\windows\system32\EventProviders
2009-10-04 00:58:42 0 d-----w- c:\windows\SHELLNEW
2009-10-04 00:58:24 0 d-----w- c:\programdata\Microsoft Help
2009-10-04 00:13:00 193024 ----a-w- c:\windows\system32\recdisc.exe
2009-10-04 00:12:59 6656 ----a-w- c:\windows\system32\sdspres.dll
2009-10-04 00:12:35 28160 ----a-w- c:\windows\system32\sxproxy.dll
2009-10-04 00:10:59 19968 ----a-w- c:\windows\system32\perfnet.dll
2009-10-04 00:07:25 6656 ----a-w- c:\windows\system32\kbd106n.dll
2009-10-04 00:05:42 196608 ----a-w- c:\windows\SPInstall.etl
2009-10-03 23:45:16 0 d-----w- c:\programdata\ATI
2009-10-03 23:44:42 0 ----a-w- c:\windows\ativpsrm.bin
2009-10-03 23:39:35 442368 ----a-w- c:\windows\system32\ATIDEMGX.dll
2009-10-03 23:39:33 18333 ----a-w- c:\windows\atiogl.xml
2009-10-03 23:38:52 0 d-sh--w- c:\windows\Installer
2009-10-03 23:38:23 0 d-----w- c:\program files\ATI Technologies
2009-10-03 23:38:21 0 d-----w- c:\program files\ATI
2009-10-03 23:35:45 319456 ----a-w- c:\windows\DIFxAPI.dll
2009-10-03 23:35:38 2897440 ----a-w- c:\windows\system32\RtkAPO.dll
2009-10-03 23:35:30 0 d--h--w- c:\program files\Temp
2009-10-03 23:35:03 73728 ----a-w- c:\windows\system32\RtNicProp32.dll
2009-10-03 23:34:53 0 d-----w- c:\program files\Realtek
2009-10-03 23:33:21 203328 ----a-r- c:\windows\GSetup.exe
2009-10-03 23:33:21 10 ----a-w- c:\windows\GSetup.ini
2009-10-03 22:01:05 0 d-----w- c:\users\jayson\appdata\roaming\Azureus
2009-10-03 21:21:57 551456 ----a-w- c:\windows\system32\RTSndMgr.cpl
2009-10-03 21:21:57 2364960 ----a-w- c:\windows\system32\drivers\RTKVHDA.sys
2009-10-03 21:21:56 290304 ----a-w- c:\windows\system32\RP3DHT32.dll
2009-10-03 21:21:56 290304 ----a-w- c:\windows\system32\RP3DAA32.dll
2009-10-03 21:21:55 1933312 ----a-w- c:\windows\system32\MaxxAudioEQ.dll
2009-10-03 21:21:55 159744 ----a-w- c:\windows\system32\MaxxAudioAPO20.dll
2009-10-03 21:21:55 126976 ----a-w- c:\windows\system32\MaxxAudioAPO.dll
2009-10-03 21:21:54 159232 ----a-w- c:\windows\system32\FMAPO.dll
2009-10-03 21:21:53 142848 ----a-w- c:\windows\system32\AERTACap.dll
2009-10-03 21:21:53 125952 ----a-w- c:\windows\system32\AERTARen.dll
2009-10-03 21:21:48 540672 ------r- c:\windows\RtlExUpd.dll
2009-10-03 12:01:35 0 d-----w- c:\windows\Panther
2009-10-03 08:39:34 0 d-----w- c:\users\jayson\appdata\roaming\DisplayTune
2009-10-03 08:31:43 15920 ----a-w- c:\windows\system32\drivers\PdiPorts.sys
2009-10-03 08:31:11 2304 ----a-w- c:\windows\system32\Machnm32.sys
2009-10-03 08:01:00 0 d-----w- c:\users\jayson\appdata\roaming\Blitware
2009-10-03 07:53:44 0 d-----w- C:\Windows.old.000
2009-10-03 07:52:44 0 d-----w- C:\$WINDOWS.~LS
2009-10-03 07:05:34 2048 ----a-w- c:\windows\system32\tzres.dll
2009-10-03 06:05:42 623616 ----a-w- c:\windows\system32\localspl.dll
2009-10-03 06:04:55 2868224 ----a-w- c:\windows\system32\mf.dll
2009-10-03 06:02:14 195440 ------w- c:\windows\system32\MpSigStub.exe
2009-10-03 06:01:53 784896 ----a-w- c:\windows\system32\rpcrt4.dll
2009-10-03 05:59:49 38 ----a-w- c:\windows\avisplitter.ini
2009-10-03 05:59:49 178176 ----a-w- c:\windows\system32\unrar.dll
2009-10-03 05:59:48 881664 ----a-w- c:\windows\system32\xvidcore.dll
2009-10-03 05:59:48 839680 ----a-w- c:\windows\system32\lameACM.acm
2009-10-03 05:59:48 414 ----a-w- c:\windows\system32\lame_acm.xml
2009-10-03 05:59:48 217088 ----a-w- c:\windows\system32\yv12vfw.dll
2009-10-03 05:59:48 205824 ----a-w- c:\windows\system32\xvidvfw.dll
2009-10-03 05:59:48 118784 ----a-w- c:\windows\system32\ac3acm.acm
2009-10-03 05:59:47 85504 ----a-w- c:\windows\system32\ff_vfw.dll
2009-10-03 05:59:47 547 ----a-w- c:\windows\system32\ff_vfw.dll.manifest
2009-10-03 05:53:59 1524736 ----a-w- c:\windows\system32\wucltux.dll
2009-10-03 05:53:41 83456 ----a-w- c:\windows\system32\wudriver.dll
2009-10-03 05:53:31 31232 ----a-w- c:\windows\system32\wuapp.exe
2009-10-03 05:53:31 162064 ----a-w- c:\windows\system32\wuwebv.dll
2009-10-03 05:37:30 0 d-----w- c:\programdata\SRS Labs
2009-10-03 05:27:01 47360 ----a-w- c:\windows\system32\drivers\Surroundhp_kern_i386.sys
2009-10-03 05:27:01 47104 ----a-w- c:\windows\system32\drivers\tshd4_kern_i386.sys
2009-10-03 05:27:01 42112 ----a-w- c:\windows\system32\drivers\csiidecoder_kern_i386.sys
2009-10-03 05:27:01 39808 ----a-w- c:\windows\system32\drivers\SRS_SSCFilter_i386.sys
2009-10-03 05:27:01 32000 ----a-w- c:\windows\system32\drivers\wowhd_kern_i386.sys
2009-10-03 05:19:13 0 d---a-w- c:\programdata\TEMP
2009-10-03 05:11:13 0 d-----w- c:\program files\common files\DivX Shared
2009-10-03 05:09:16 0 d-----w- c:\users\jayson\appdata\roaming\Application Data
2009-10-03 05:07:56 0 d-----w- c:\program files\common files\PX Storage Engine
2009-10-03 05:04:35 0 d-----w- c:\program files\Orban
2009-10-03 05:04:14 0 d-----w- c:\program files\AC3Filter
2009-10-03 05:04:04 0 d-----w- c:\program files\VideoLAN
2009-10-03 05:02:44 0 d-----w- c:\program files\ffdshow
2009-10-03 04:56:42 0 d-----w- c:\programdata\Linksys
2009-10-03 04:56:35 69632 ----a-w- c:\windows\system32\javacpl.cpl
2009-10-03 04:38:08 0 d-----w- c:\programdata\Yahoo! Companion
2009-10-03 04:38:06 12464 ----a-w- c:\windows\system32\avgrsstx(146).dll
2009-10-03 04:38:06 0 d-----w- c:\program files\Yahoo!
2009-10-03 04:36:41 0 d-----w- c:\program files\ApexDC++
2009-10-03 04:28:41 80 --sh--w- c:\users\jayson\desktop.ini

==================== Find3M ====================

2009-10-10 15:06:38 51200 ----a-w- c:\windows\inf\infpub.dat
2009-10-10 15:06:38 143360 ----a-w- c:\windows\inf\infstrng.dat
2009-10-10 15:06:37 86016 ----a-w- c:\windows\inf\infstor.dat
2009-10-04 04:10:03 174 --sh--w- c:\program files\desktop.ini
2009-10-04 01:17:12 665600 ----a-w- c:\windows\inf\drvindex.dat
2009-10-04 01:13:14 37665 ----a-w- c:\windows\fonts\GlobalUserInterface.CompositeFont
2009-10-04 00:25:37 101888 ----a-w- c:\windows\system32\ifxcardm.dll
2009-10-04 00:25:23 82432 ----a-w- c:\windows\system32\axaltocm.dll
2009-09-25 16:41:26 856064 ----a-w- c:\windows\system32\divx_xx0c.dll
2009-09-25 16:41:26 856064 ----a-w- c:\windows\system32\divx_xx07.dll
2009-09-25 16:41:26 847872 ----a-w- c:\windows\system32\divx_xx0a.dll
2009-09-25 16:41:26 843776 ----a-w- c:\windows\system32\divx_xx16.dll
2009-09-25 16:41:26 839680 ----a-w- c:\windows\system32\divx_xx11.dll
2009-09-25 16:41:26 696320 ----a-w- c:\windows\system32\DivX.dll
2009-09-15 10:55:09 53328 ----a-w- c:\windows\system32\drivers\aswMonFlt.sys
2009-08-29 00:27:49 4240384 ----a-w- c:\windows\system32\GameUXLegacyGDFs.dll
2009-08-29 00:14:38 28672 ----a-w- c:\windows\system32\Apphlpdm.dll
2009-08-14 15:53:34 17920 ----a-w- c:\windows\system32\netevent.dll
2009-08-14 13:49:20 9728 ----a-w- c:\windows\system32\TCPSVCS.EXE
2009-08-14 13:49:18 17920 ----a-w- c:\windows\system32\ROUTE.EXE
2009-08-14 13:49:18 11264 ----a-w- c:\windows\system32\MRINFO.EXE
2009-08-14 13:49:15 27136 ----a-w- c:\windows\system32\NETSTAT.EXE
2009-08-14 13:49:14 8704 ----a-w- c:\windows\system32\HOSTNAME.EXE
2009-08-14 13:49:14 19968 ----a-w- c:\windows\system32\ARP.EXE
2009-08-14 13:49:13 10240 ----a-w- c:\windows\system32\finger.exe
2009-08-14 13:48:02 105984 ----a-w- c:\windows\system32\netiohlp.dll
2008-01-25 21:07:17 382352 ----a-w- c:\program files\jre-6u3-windows-i586-p-iftw.exe
2008-01-25 20:28:48 318904 ----a-w- c:\program files\wmpfirefoxplugin (2).exe
2008-01-24 22:53:31 8705840 ----a-w- c:\program files\winamp552_full_emusic-7plus_en-us.exe
2008-01-24 22:37:33 17924611 ----a-w- c:\program files\klmcodec370(2).exe
2008-01-24 22:26:44 2744083 ----a-w- c:\program files\flac-1.2.1a (2).exe
2008-01-24 22:26:31 17924611 ----a-w- c:\program files\klmcodec370.exe
2008-01-24 22:23:09 2744083 ----a-w- c:\program files\flac-1.2.1a.exe
2008-01-24 22:18:26 2625445 ----a-w- c:\program files\klcodec365b.exe
2008-01-24 21:19:26 318904 ----a-w- c:\program files\wmpfirefoxplugin.exe
2008-01-24 00:54:57 1491592 ----a-w- c:\program files\install_flash_player.exe
2008-01-24 00:53:32 5934460 ----a-w- c:\program files\Zoomquilt_II_Screensaver.zip
2008-01-24 00:51:54 1656611 ----a-w- c:\program files\ZoomQuilt.zip
2008-01-24 00:21:53 954 ----a-w- c:\program files\WM Converter.lnk
2008-01-24 00:11:40 2566736 ----a-w- c:\program files\spywareblastersetup351.exe
2008-01-24 00:10:58 7467056 ----a-w- c:\program files\spybotsd15.exe
2008-01-23 23:44:12 4129768 ----a-w- c:\program files\DCPlusPlus-0.699.exe
2008-01-23 23:43:42 3547505 ----a-w- c:\program files\sdc21.7z
2008-01-23 23:42:52 3682150 ----a-w- c:\program files\sdc211(2).7z
2008-01-23 23:42:20 3682150 ----a-w- c:\program files\sdc211.7z
2008-01-23 23:41:10 1158444 ----a-w- c:\program files\setup.zip
2006-11-02 12:39:34 30674 ----a-w- c:\windows\inf\perflib\0409\perfd.dat
2006-11-02 12:39:34 30674 ----a-w- c:\windows\inf\perflib\0409\perfc.dat
2006-11-02 12:39:34 287440 ----a-w- c:\windows\inf\perflib\0409\perfi.dat
2006-11-02 12:39:34 287440 ----a-w- c:\windows\inf\perflib\0409\perfh.dat
2006-11-02 09:20:21 287440 ----a-w- c:\windows\inf\perflib\0000\perfi.dat
2006-11-02 09:20:21 287440 ----a-w- c:\windows\inf\perflib\0000\perfh.dat
2006-11-02 09:20:19 30674 ----a-w- c:\windows\inf\perflib\0000\perfd.dat
2006-11-02 09:20:19 30674 ----a-w- c:\windows\inf\perflib\0000\perfc.dat

============= FINISH: 8:49:46.18 ===============



UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
IF REQUESTED, ZIP IT UP & ATTACH IT

DDS (Ver_09-10-26.01)

Microsoft® Windows Vista™ Home Basic
Boot Device: \Device\HarddiskVolume4
Install Date: 10/3/2009 7:17:10 AM
System Uptime: 10/31/2009 8:03:10 PM (12 hours ago)

Motherboard: Gigabyte Technology Co., Ltd. | | GA-MA785GM-US2H
Processor: AMD Athlon™ II X2 250 Processor | Socket M2 | 3000/200mhz

==== Disk Partitions =========================

A: is Removable
C: is FIXED (NTFS) - 233 GiB total, 33.894 GiB free.
D: is FIXED (NTFS) - 466 GiB total, 256.178 GiB free.
E: is FIXED (NTFS) - 596 GiB total, 74.208 GiB free.
F: is FIXED (NTFS) - 466 GiB total, 179.033 GiB free.
G: is CDROM ()
H: is CDROM ()
I: is FIXED (FAT32) - 466 GiB total, 162.027 GiB free.
J: is CDROM ()

==== Disabled Device Manager Items =============

==== System Restore Points ===================


==== Installed Programs ======================

AAC Decoder
AC3Filter (remove only)
Adobe Flash Player 10 ActiveX
Adobe Flash Player 10 Plugin
Adobe Reader 9.2
Adobe Shockwave Player
ApexDC++ 1.2.1
ATI Catalyst Install Manager
AutoUpdate
avast! Antivirus
Browser Defender 2.0.6.10
Canon Utilities My Printer
Catalyst Control Center Core Implementation
Catalyst Control Center Graphics Full Existing
Catalyst Control Center Graphics Full New
Catalyst Control Center Graphics Light
Catalyst Control Center Graphics Previews Vista
Catalyst Control Center InstallProxy
Catalyst Control Center Localization All
ccc-core-static
ccc-utility
CCC Help Chinese Standard
CCC Help Chinese Traditional
CCC Help Czech
CCC Help Danish
CCC Help Dutch
CCC Help English
CCC Help Finnish
CCC Help French
CCC Help German
CCC Help Greek
CCC Help Hungarian
CCC Help Italian
CCC Help Japanese
CCC Help Korean
CCC Help Norwegian
CCC Help Polish
CCC Help Portuguese
CCC Help Russian
CCC Help Spanish
CCC Help Swedish
CCC Help Thai
CCC Help Turkish
CCleaner
CDisplay 1.8
ConvertHelper 2.2
Crawler Toolbar with Web Security Guard
DivX Codec
DivX Converter
DivX Player
DivX Plus DirectShow Filters
DivX Version Checker
DivX Web Player
FLV Player 2.0, build 24
GOM Player
H.264 Decoder
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB953595)
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB958484)
HP My Display
Java™ 6 Update 3
K-Lite Codec Pack 5.1.6 (Full)
Linksys Updater
Logitech Desktop Messenger
Logitech Harmony Remote Software 7
MagicDisc 2.7.106
Malwarebytes' Anti-Malware
Microsoft .NET Framework 3.5 SP1
Microsoft Office Access MUI (English) 2007
Microsoft Office Access Setup Metadata MUI (English) 2007
Microsoft Office Excel MUI (English) 2007
Microsoft Office Groove MUI (English) 2007
Microsoft Office Groove Setup Metadata MUI (English) 2007
Microsoft Office InfoPath MUI (English) 2007
Microsoft Office OneNote MUI (English) 2007
Microsoft Office Outlook MUI (English) 2007
Microsoft Office PowerPoint MUI (English) 2007
Microsoft Office Proof (English) 2007
Microsoft Office Proof (French) 2007
Microsoft Office Proof (Spanish) 2007
Microsoft Office Proofing (English) 2007
Microsoft Office Publisher MUI (English) 2007
Microsoft Office Shared MUI (English) 2007
Microsoft Office Shared Setup Metadata MUI (English) 2007
Microsoft Office Ultimate 2007
Microsoft Office Word MUI (English) 2007
Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
Microsoft Visual C++ 2005 Redistributable
Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
MKV Splitter
Mozilla Firefox (3.5.4)
Orban/Coding Technologies AAC/aacPlus Player Plugin™ 1.0
Pivot Software
Realtek 8136 8168 8169 Ethernet Driver
Realtek High Definition Audio Driver
Remote Control USB Driver
SDK
Security Update for 2007 Microsoft Office System (KB951944)
Skins
Sophos Anti-Rootkit 1.5.0
Spyware Doctor 7.0
SpywareBlaster 4.2
SRS Audio Sandbox
System Requirements Lab
Update for 2007 Microsoft Office System (KB967642)
Update for Microsoft .NET Framework 3.5 SP1 (KB963707)
Update for Microsoft Office 2007 Help for Common Features (KB963673)
Update for Microsoft Office Access 2007 Help (KB963663)
Update for Microsoft Office Excel 2007 Help (KB963678)
Update for Microsoft Office Infopath 2007 Help (KB963662)
Update for Microsoft Office OneNote 2007 Help (KB963670)
Update for Microsoft Office Outlook 2007 Help (KB963677)
Update for Microsoft Office Powerpoint 2007 Help (KB963669)
Update for Microsoft Office Publisher 2007 Help (KB963667)
Update for Microsoft Office Script Editor Help (KB963671)
Update for Microsoft Office Word 2007 Help (KB963665)
Update for Outlook 2007 Junk Email Filter (KB974810)
VC80CRTRedist - 8.0.50727.4053
VideoLAN VLC media player 0.8.6a
Vuze
Vuze Toolbar
Winamp
Windows 7 Upgrade Advisor Beta
Windows Media Player Firefox Plugin
WinPcap 4.0.2
WinRAR archiver
Yahoo! Toolbar
Zoomquilt Screensaver

==== End Of File ===========================

GMER 1.0.15.15163 - http://www.gmer.net
Rootkit scan 2009-11-01 10:08:12
Windows 6.0.6002 Service Pack 2
Running: gmer.exe; Driver: C:\Users\Jayson\AppData\Local\Temp\uxryqpoc.sys


---- System - GMER 1.0.15 ----

SSDT \SystemRoot\system32\drivers\PCTCore.sys (PC Tools KDS Core Driver/PC Tools) ZwCreateProcess [0x80791CDC]
SSDT \SystemRoot\system32\drivers\PCTCore.sys (PC Tools KDS Core Driver/PC Tools) ZwCreateProcessEx [0x80791ECE]
SSDT \SystemRoot\system32\drivers\TfSysMon.sys (ThreatFire System Monitor/PC Tools) ZwTerminateProcess [0x807DBB30]
SSDT \SystemRoot\system32\drivers\PCTCore.sys (PC Tools KDS Core Driver/PC Tools) ZwCreateUserProcess [0x807920D6]

---- Devices - GMER 1.0.15 ----

Device Ntfs.sys (NT File System Driver/Microsoft Corporation)
Device fastfat.SYS (Fast FAT File System Driver/Microsoft Corporation)

AttachedDevice \Driver\tdx \Device\Tcp pctgntdi.sys

Device \Driver\PCTSDInjDriver32 \Device\PCTSDInjDriver32 PCTSDInj32.sys

AttachedDevice \Driver\tdx \Device\Udp aswTdi.SYS (avast! TDI Filter Driver/ALWIL Software)
AttachedDevice fltmgr.sys (Microsoft Filesystem Filter Manager/Microsoft Corporation)

---- Registry - GMER 1.0.15 ----

Reg HKLM\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\Interfaces\{7E632260-0946-429F-B130-85B7F7978AD8}@LeaseObtainedTime 1257083939
Reg HKLM\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\Interfaces\{7E632260-0946-429F-B130-85B7F7978AD8}@T1 1257083949
Reg HKLM\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\Interfaces\{7E632260-0946-429F-B130-85B7F7978AD8}@T2 1257083956
Reg HKLM\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\Interfaces\{7E632260-0946-429F-B130-85B7F7978AD8}@LeaseTerminatesTime 1257083959

---- EOF - GMER 1.0.15 ----

#8 Farbar

Farbar

    Just Curious


  • Security Developer
  • 21,716 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:The Netherlands
  • Local time:01:00 PM

Posted 01 November 2009 - 10:33 AM

Thanks for the logs.

We are trying to run Combofix once more, with some preparations.
  • I see on the log Ask Toolbar is installed on your computer:

    This program is known to be bundled with adware/spyware. You may read more about Ask Toolbars here:
    http://www.benedelman.org/spyware/ask-toolbars/

    To uninstall Ask Toolbar:

    Click "start" on the taskbar and then click on the "Control Panel" icon.
    Please doubleclick the "Add or Remove Programs" icon.
    A list of programs installed will be "populated" this may take a bit of time.
    If they exist, uninstall the following by clicking on the following entries and selecting "remove":

    Ask Toolbar or Vuze toolbar

    Also remove the folder in bold (if present) only after uninstalling Ask Toolbar:
    C:\Program Files\AskBar
    c:\program files\askbardis

  • We need to disable your Windows Defender Real-time Protection as it may interfere with the fixes that we need to make.
    • Go to Start > Control Panel > Windows Defender.
    • Open Windows Defender.
    • Click on Tools, Options.
    • At the bottom of the Window Defender's page, under Administrator Options uncheck "use Windows Defender" and then Save.
    • Click Close.
    Note:When everything is done and your log is clean again, you can enable it again.

  • Please go to Add/Remove Programs and uninstall Spyware Doctor. After we are done you may install it if you wanted to.

  • Delete the copy of combofix and Download a fresh copy from the same links given.

  • Right click on the avast! icon in system tray and choose (Stop On-Access Protection)

  • Now run ComboFix and tell me exactly what happens if you couldn't.


#9 Farbar

Farbar

    Just Curious


  • Security Developer
  • 21,716 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:The Netherlands
  • Local time:01:00 PM

Posted 01 November 2009 - 10:39 AM

Please don't miss my previous post.

Before running combofix please do this also:

I see on the log the Crawler Toolbar is installed on your computer:

This program is an open to debate toolbar which might be related to adware or is installed without informed consent of the user. You may read more about Crawler Toolbar HERE and HERE

Please uninstall the following:

Crawler Toolbar with Web Security Guard

Also remove the folder in bold: C:\Program Files\Crawler

#10 Jayson.T

Jayson.T
  • Topic Starter

  • Members
  • 37 posts
  • OFFLINE
  •  
  • Local time:06:00 AM

Posted 01 November 2009 - 11:54 AM

I deleted all the programs you asked, and followed all of your instructions (ask toolbar, crawler, turning off and uninstalling, etc.).

When I use ComboFix, it says it found rootkit activity and needs to reboot. But nothing happens after the reboot. I appreciate your time and help!

#11 Farbar

Farbar

    Just Curious


  • Security Developer
  • 21,716 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:The Netherlands
  • Local time:01:00 PM

Posted 01 November 2009 - 12:30 PM

Thanks for your feedback.

Lets try something else:
  • Start in Safe Mode Using the F8 key:
    • Restart the computer.
    • As soon as the BIOS is loaded begin tapping the F8 key until the boot menu appears.
    • Use the arrow keys to select the Safe Mode menu item.
    • Press the Enter key.
    • Log to your usual account.
  • Now run ComboFix. When it wanted to reboot, instead of booting to normal mode use F8 method once more to reboot to safe mode and see if ComboFix produces a log. You may wait a while (a couple of minutes) until Combofix starts to run again.


#12 Jayson.T

Jayson.T
  • Topic Starter

  • Members
  • 37 posts
  • OFFLINE
  •  
  • Local time:06:00 AM

Posted 01 November 2009 - 07:49 PM

Sorry I didn't post sooner, I just arrived home. I will try your suggestion soon. Thank you!

#13 Farbar

Farbar

    Just Curious


  • Security Developer
  • 21,716 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:The Netherlands
  • Local time:01:00 PM

Posted 02 November 2009 - 01:22 AM

Please take your time. :(

#14 Jayson.T

Jayson.T
  • Topic Starter

  • Members
  • 37 posts
  • OFFLINE
  •  
  • Local time:06:00 AM

Posted 02 November 2009 - 06:28 PM

Hi Farbar,

I did as you instructed and Windows rebooted each time I tried to use the program. Here's the message: "A problem has been detected and Windows has been shut down to prevent damage to your computer." Technical information: stop: ox0000008E (OXC0000005, OX822BC749, OXAB089C, OX00000000)

#15 Farbar

Farbar

    Just Curious


  • Security Developer
  • 21,716 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:The Netherlands
  • Local time:01:00 PM

Posted 02 November 2009 - 06:45 PM

Have you downloaded a fresh copy of Combofix just before running it?




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users