Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Infected with cs102175 Redirect on Windows 7


  • This topic is locked This topic is locked
8 replies to this topic

#1 MagnumVP

MagnumVP

  • Members
  • 9 posts
  • OFFLINE
  •  
  • Local time:08:50 PM

Posted 27 January 2010 - 04:44 PM

The browser will redirect to cs102175.com along with other sites when I search through Google. If I refresh the same page the "hover over" reverts back to the actual link and not the redirect.

The RootRepeal pops up errors when I attempt to run it that read; FOPS - DeviceIoControl Error! Error Code = 0xc0000024 Extended Into (0x000000dc)

Here is the DDS.txt log. See attached for attach.zip.

--------------------------------------------------------


DDS (Ver_09-12-01.01) - NTFSx86
Run by MagnumVP at 13:21:53.25 on Wed 01/27/2010
Internet Explorer: 8.0.7600.16385 BrowserJavaVersion: 1.6.0_16
Microsoft Windows 7 Ultimate 6.1.7600.0.1252.1.1033.18.3574.2497 [GMT -8:00]


============== Running Processes ===============

C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\svchost.exe -k RPCSS
c:\Program Files\Microsoft Security Essentials\MsMpEng.exe
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\mdm.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
C:\Windows\system32\SearchIndexer.exe
C:\Windows\system32\svchost.exe -k bthsvcs
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
C:\Windows\system32\taskhost.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Program Files\Microsoft Security Essentials\msseces.exe
C:\Windows\System32\rundll32.exe
C:\Windows\system32\WUDFHost.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Windows\system32\WUDFHost.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Users\MagnumVP\Desktop\RootRepeal(2).exe
C:\Windows\system32\NOTEPAD.EXE
c:\Program Files\Microsoft Security Essentials\MpCmdRun.exe
C:\Windows\system32\DllHost.exe
C:\Windows\system32\DllHost.exe
C:\Users\MagnumVP\Desktop\dds.scr
C:\Windows\system32\conhost.exe
C:\Windows\system32\wbem\wmiprvse.exe

============== Pseudo HJT Report ===============

uStart Page = about:blank
uWindow Title = Microsoft Internet Explorer
BHO: {5C255C8A-E604-49b4-9D64-90988571CECB} - No File
BHO: Windows Live ID Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - c:\program files\common files\microsoft shared\windows live\WindowsLiveLogin.dll
BHO: Java™ Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
uRun: [googletalk] c:\users\MagnumVP\appdata\roaming\google\google talk\googletalk.exe /autostart
uRun: [msnmsgr] "c:\program files\windows live\messenger\msnmsgr.exe" /background
mRun: [MSSE] "c:\program files\microsoft security essentials\msseces.exe" -hide
StartupFolder: c:\users\MagnumVP\appdata\roaming\micros~1\windows\startm~1\programs\startup\dropbox.lnk - c:\users\MagnumVP\appdata\roaming\dropbox\bin\Dropbox.exe
uPolicies-explorer: ForceClassicControlPanel = 1 (0x1)
uPolicies-explorer: NoSMConfigurePrograms = 1 (0x1)
uPolicies-explorer: NoDesktopCleanupWizard = 1 (0x1)
uPolicies-explorer: NoRecentDocsNetHood = 1 (0x1)
mPolicies-system: ConsentPromptBehaviorAdmin = 5 (0x5)
mPolicies-system: ConsentPromptBehaviorUser = 3 (0x3)
mPolicies-system: EnableUIADesktopToggle = 0 (0x0)
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\mife82~1\web2~1\office12\REFIEBAR.DLL
DPF: {166B1BCA-3F9C-11CF-8075-444553540000} - hxxp://download.macromedia.com/pub/shockwave/cabs/director/sw.cab
DPF: {17492023-C23A-453E-A040-C7C580BBF700} - hxxp://download.microsoft.com/download/C/0/C/C0CBBA88-A6F2-48D9-9B0E-1719D1177202/LegitCheckControl.cab
DPF: {5AE58FCF-6F6A-49B2-B064-02492C66E3F4} - hxxp://catalog.update.microsoft.com/v7/site/ClientControl/en/x86/MuCatalogWebControl.cab?1260399479311
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_16-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0016-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_16-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_16-windows-i586.cab
DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
Handler: intu-help-qb1 - {9B0F96C7-2E4B-433e-ABF3-043BA1B54AE3} - c:\program files\intuit\quickbooks 2008\HelpAsyncPluggableProtocol.dll
Handler: qbwc - {FC598A64-626C-4447-85B8-53150405FD57} - c:\windows\system32\mscoree.dll
Notify: igfxcui - igfxdev.dll

================= FIREFOX ===================

FF - ProfilePath - c:\users\MagnumVP\appdata\roaming\mozilla\firefox\profiles\ui82m6hr.default\
FF - plugin: c:\program files\microsoft\office live\npOLW.dll
FF - plugin: c:\program files\windows live\photo gallery\NPWLPG.dll

---- FIREFOX POLICIES ----
c:\program files\mozilla firefox\greprefs\all.js - pref("ui.use_native_colors", true);
c:\program files\mozilla firefox\greprefs\all.js - pref("ui.use_native_popup_windows", false);
c:\program files\mozilla firefox\greprefs\all.js - pref("browser.enable_click_image_resizing", true);
c:\program files\mozilla firefox\greprefs\all.js - pref("accessibility.browsewithcaret_shortcut.enabled", true);
c:\program files\mozilla firefox\greprefs\all.js - pref("javascript.options.mem.high_water_mark", 32);
c:\program files\mozilla firefox\greprefs\all.js - pref("javascript.options.mem.gc_frequency", 1600);
c:\program files\mozilla firefox\greprefs\all.js - pref("network.auth.force-generic-ntlm", false);
c:\program files\mozilla firefox\greprefs\all.js - pref("svg.smil.enabled", false);
c:\program files\mozilla firefox\greprefs\all.js - pref("ui.trackpoint_hack.enabled", -1);
c:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.debug", false);
c:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.agedWeight", 2);
c:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.bucketSize", 1);
c:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.maxTimeGroupings", 25);
c:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.timeGroupingSize", 604800);
c:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.boundaryWeight", 25);
c:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.prefixWeight", 5);
c:\program files\mozilla firefox\greprefs\all.js - pref("html5.enable", false);
c:\program files\mozilla firefox\greprefs\security-prefs.js - pref("security.ssl3.rsa_seed_sha", true);
c:\program files\mozilla firefox\defaults\pref\firefox-branding.js - pref("app.update.download.backgroundInterval", 600);
c:\program files\mozilla firefox\defaults\pref\firefox-branding.js - pref("app.update.url.manual", "http://www.firefox.com");
c:\program files\mozilla firefox\defaults\pref\firefox-branding.js - pref("browser.search.param.yahoo-fr-ja", "mozff");
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.name", "chrome://browser/locale/browser.properties");
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.description", "chrome://browser/locale/browser.properties");
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("xpinstall.whitelist.add", "addons.mozilla.org");
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("xpinstall.whitelist.add.36", "getpersonas.com");
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("lightweightThemes.update.enabled", true);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("browser.allTabs.previews", false);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("plugins.hide_infobar_for_outdated_plugin", false);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("plugins.update.notifyUser", false);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("toolbar.customization.usesheet", false);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("browser.taskbar.previews.enable", false);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("browser.taskbar.previews.max", 20);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("browser.taskbar.previews.cachetime", 20);

============= SERVICES / DRIVERS ===============

R1 MpFilter;Microsoft Malware Protection Driver;c:\windows\system32\drivers\MpFilter.sys [2009-6-18 142832]
R3 b57nd60x;Broadcom NetXtreme Gigabit Ethernet - NDIS 6.0;c:\windows\system32\drivers\b57nd60x.sys [2009-7-13 229888]
R3 MpNWMon;Microsoft Malware Protection Network Driver;c:\windows\system32\drivers\MpNWMon.sys [2009-6-18 42480]
R3 netw5v32;Intel® Wireless WiFi Link 5000 Series Adapter Driver for Windows Vista 32 Bit;c:\windows\system32\drivers\NETw5v32.sys [2009-11-18 6000640]
S1 SWIPsec;SonicWALL IPsec Driver;c:\windows\system32\drivers\SWIPsec.sys [2009-8-25 87064]
S3 apusbsnt;Sierra Wireless USB Modem Device Driver;c:\windows\system32\drivers\apusbsnt.sys [2006-8-24 40832]
S3 SWGVCSvc;SonicWALL Global VPN Client Service;c:\program files\sonicwall\sonicwall global vpn client\SWGVCSvc.exe [2009-3-5 227352]
S3 SWVNIC;SonicWALL Virtual Miniport;c:\windows\system32\drivers\SWVNIC.sys [2009-3-4 21016]
S4 AdobeActiveFileMonitor7.0;Adobe Active File Monitor V7;c:\program files\adobe\photoshop elements 7.0\PhotoshopElementsFileAgent.exe [2008-9-16 169312]
S4 AdobeActiveFileMonitor8.0;Adobe Active File Monitor V8;c:\program files\adobe\elements organizer 8.0\PhotoshopElementsFileAgent.exe [2009-9-6 169312]
S4 TomTomHOMEService;TomTomHOMEService;c:\program files\tomtom home 2\TomTomHOMEService.exe [2009-8-19 92008]

=============== Created Last 30 ================

2010-01-27 21:12:43 0 d-----w- C:\HJT
2010-01-22 19:00:13 977920 ----a-w- c:\windows\system32\wininet.dll
2010-01-22 17:10:25 23 ----a-w- c:\windows\.prj
2010-01-22 17:03:09 598288 ----a-w- c:\windows\system32\temp.004
2010-01-22 17:03:09 402481 ----a-w- c:\windows\system32\temp.006
2010-01-22 17:03:09 174352 ----a-w- c:\windows\system32\temp.007
2010-01-22 17:03:09 164112 ----a-w- c:\windows\system32\temp.005
2010-01-22 17:03:08 266293 ----a-w- c:\windows\system32\temp.001
2010-01-22 17:03:08 17920 ----a-w- c:\windows\system32\temp.002
2010-01-22 17:03:08 147728 ----a-w- c:\windows\system32\temp.000
2010-01-22 17:03:08 1409024 ----a-w- c:\windows\system32\temp.003
2010-01-22 16:59:55 0 d-----w- c:\users\MagnumVP\appdata\roaming\CoffeeCup Software
2010-01-22 16:59:13 18944 ----a-w- c:\windows\system32\BORLNDMM.DLL
2010-01-22 16:59:10 0 d-----w- c:\program files\CoffeeCup Software
2010-01-21 20:47:49 0 d-----w- c:\programdata\eSellerate
2010-01-21 20:41:19 0 d-----w- c:\users\MagnumVP\appdata\roaming\Internet Owl
2010-01-14 20:38:56 70656 ----a-w- c:\windows\system32\fontsub.dll
2010-01-14 20:38:56 108544 ----a-w- c:\windows\system32\t2embed.dll

==================== Find3M ====================

2010-01-14 19:12:06 181120 ------w- c:\windows\system32\MpSigStub.exe
2009-12-10 18:02:31 91264 ----a-w- c:\windows\fonts\MPDorset-Bold.ttf
2009-12-10 18:02:31 38784 ----a-w- c:\windows\fonts\Decker.ttf
2009-12-10 18:02:31 38248 ----a-w- c:\windows\fonts\DeckerI.ttf
2009-12-10 18:02:31 154520 ----a-w- c:\windows\fonts\MPPeony.ttf
2009-12-10 18:02:31 143044 ----a-w- c:\windows\fonts\MPPalisade-Bold.ttf
2009-12-10 18:02:31 137400 ----a-w- c:\windows\fonts\MPPalisade-Regular.ttf
2009-12-10 18:02:31 130944 ----a-w- c:\windows\fonts\MPBaxter.ttf
2009-12-10 18:02:31 110352 ----a-w- c:\windows\fonts\MPDorset-Regular.ttf
2009-07-14 04:56:42 31548 ----a-w- c:\windows\inf\perflib\0409\perfd.dat
2009-07-14 04:56:42 31548 ----a-w- c:\windows\inf\perflib\0409\perfc.dat
2009-07-14 04:56:42 291294 ----a-w- c:\windows\inf\perflib\0409\perfi.dat
2009-07-14 04:56:42 291294 ----a-w- c:\windows\inf\perflib\0409\perfh.dat
2009-07-14 04:41:57 174 --sha-w- c:\program files\desktop.ini
2009-07-14 00:34:40 291294 ----a-w- c:\windows\inf\perflib\0000\perfi.dat
2009-07-14 00:34:40 291294 ----a-w- c:\windows\inf\perflib\0000\perfh.dat
2009-07-14 00:34:38 31548 ----a-w- c:\windows\inf\perflib\0000\perfd.dat
2009-07-14 00:34:38 31548 ----a-w- c:\windows\inf\perflib\0000\perfc.dat
2009-06-10 21:26:35 9633792 --sha-r- c:\windows\fonts\StaticCache.dat
2009-08-28 15:51:41 16384 --sha-w- c:\windows\serviceprofiles\networkservice\appdata\local\microsoft\windows\history\history.ie5\index.dat
2009-08-28 15:51:41 32768 --sha-w- c:\windows\serviceprofiles\networkservice\appdata\local\microsoft\windows\temporary internet files\content.ie5\index.dat
2009-08-28 15:51:41 16384 --sha-w- c:\windows\serviceprofiles\networkservice\appdata\roaming\microsoft\windows\cookies\index.dat
2009-08-28 15:51:41 245760 --sha-w- c:\windows\serviceprofiles\networkservice\appdata\roaming\microsoft\windows\ietldcache\index.dat
2009-07-14 01:14:45 396800 --sha-w- c:\windows\winsxs\x86_microsoft-windows-mail-app_31bf3856ad364e35_6.1.7600.16385_none_f12e83abb108c86c\WinMail.exe

============= FINISH: 13:22:04.40 ===============

Attached Files


Edited by MagnumVP, 27 January 2010 - 06:06 PM.


BC AdBot (Login to Remove)

 


#2 MagnumVP

MagnumVP
  • Topic Starter

  • Members
  • 9 posts
  • OFFLINE
  •  
  • Local time:08:50 PM

Posted 27 January 2010 - 04:55 PM

Based on previous post, I have already rad the OTL and Extras. See below for information.

OLT.txt File

-------------------------------------

OTL logfile created on: 1/27/2010 1:48:50 PM - Run 1
OTL by OldTimer - Version 3.1.27.0 Folder = C:\Users\MagnumVP\Desktop
Ultimate Edition (Version = 6.1.7600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.7600.16385)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

3.00 Gb Total Physical Memory | 3.00 Gb Available Physical Memory | 73.00% Memory free
7.00 Gb Paging File | 6.00 Gb Available in Paging File | 86.00% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 297.91 Gb Total Space | 248.81 Gb Free Space | 83.52% Space Free | Partition Type: NTFS
D: Drive not present or media not loaded
Drive E: | 465.76 Gb Total Space | 155.19 Gb Free Space | 33.32% Space Free | Partition Type: NTFS
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded

Computer Name: DELLPC
Current User Name: MagnumVP
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: Current user
Company Name Whitelist: Off
Skip Microsoft Files: Off
File Age = 30 Days
Output = Standard

========== Processes (SafeList) ==========

PRC - [2010/01/27 13:47:57 | 00,548,864 | ---- | M] (OldTimer Tools) -- C:\Users\MagnumVP\Desktop\OTL.exe
PRC - [2009/11/12 16:33:00 | 00,545,568 | ---- | M] (Apple Inc.) -- C:\Program Files\iPod\bin\iPodService.exe
PRC - [2009/09/13 17:52:50 | 01,048,392 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Microsoft Security Essentials\msseces.exe
PRC - [2009/08/02 21:35:50 | 02,613,248 | ---- | M] (Microsoft Corporation) -- C:\Windows\explorer.exe
PRC - [2009/07/13 17:14:50 | 00,195,584 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\WUDFHost.exe
PRC - [2009/07/13 17:14:42 | 00,049,152 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\taskhost.exe
PRC - [2009/07/09 11:22:18 | 00,144,712 | ---- | M] (Apple Inc.) -- C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
PRC - [2009/07/02 16:36:52 | 00,017,904 | ---- | M] (Microsoft Corporation) -- c:\Program Files\Microsoft Security Essentials\MsMpEng.exe
PRC - [2009/03/30 15:28:36 | 01,533,808 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Common Files\microsoft shared\Windows Live\WLIDSVC.EXE
PRC - [2009/03/30 15:28:36 | 00,183,152 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Common Files\microsoft shared\Windows Live\WLIDSVCM.EXE


========== Modules (SafeList) ==========

MOD - [2010/01/27 13:47:57 | 00,548,864 | ---- | M] (OldTimer Tools) -- C:\Users\MagnumVP\Desktop\OTL.exe
MOD - [2009/07/13 17:16:15 | 00,099,840 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\sspicli.dll
MOD - [2009/07/13 17:16:13 | 00,092,160 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\sechost.dll
MOD - [2009/07/13 17:16:12 | 00,031,744 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\profapi.dll
MOD - [2009/07/13 17:15:35 | 00,288,256 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\KernelBase.dll
MOD - [2009/07/13 17:15:13 | 00,067,072 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\dwmapi.dll
MOD - [2009/07/13 17:15:11 | 00,064,512 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\devobj.dll
MOD - [2009/07/13 17:15:07 | 00,036,864 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\cryptbase.dll
MOD - [2009/07/13 17:15:02 | 00,145,920 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\cfgmgr32.dll
MOD - [2009/07/13 17:03:50 | 01,680,896 | ---- | M] (Microsoft Corporation) -- C:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7600.16385_none_421189da2b7fabfc\comctl32.dll


========== Win32 Services (SafeList) ==========

SRV - [2009/12/02 09:01:47 | 00,867,080 | ---- | M] (Acresso Software Inc.) [On_Demand | Stopped] -- C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe -- (FLEXnet Licensing Service)
SRV - [2009/11/12 16:33:00 | 00,545,568 | ---- | M] (Apple Inc.) [On_Demand | Running] -- C:\Program Files\iPod\bin\iPodService.exe -- (iPod Service)
SRV - [2009/09/06 06:06:20 | 00,169,312 | ---- | M] (Adobe Systems Incorporated) [Disabled | Stopped] -- C:\Program Files\Adobe\Elements Organizer 8.0\PhotoshopElementsFileAgent.exe -- (AdobeActiveFileMonitor8.0)
SRV - [2009/09/04 12:17:00 | 00,447,216 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\ZuneWlanCfgSvc.exe -- (ZuneWlanCfgSvc)
SRV - [2009/09/04 12:16:54 | 05,893,360 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- c:\Program Files\Zune\ZuneNss.exe -- (ZuneNetworkSvc)
SRV - [2009/08/19 07:37:40 | 00,092,008 | ---- | M] (TomTom) [Disabled | Stopped] -- C:\Program Files\TomTom HOME 2\TomTomHOMEService.exe -- (TomTomHOMEService)
SRV - [2009/07/13 17:16:21 | 00,185,856 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\wwansvc.dll -- (WwanSvc)
SRV - [2009/07/13 17:16:17 | 00,151,552 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\wbiosrvc.dll -- (WbioSrvc)
SRV - [2009/07/13 17:16:17 | 00,119,808 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\System32\umpo.dll -- (Power)
SRV - [2009/07/13 17:16:16 | 00,037,376 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\System32\themeservice.dll -- (Themes)
SRV - [2009/07/13 17:16:15 | 00,053,760 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\sppuinotify.dll -- (sppuinotify)
SRV - [2009/07/13 17:16:13 | 00,043,520 | ---- | M] (Microsoft Corporation) [Unknown | Running] -- C:\Windows\System32\RpcEpMap.dll -- (RpcEptMapper)
SRV - [2009/07/13 17:16:13 | 00,025,088 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\sensrsvc.dll -- (SensrSvc)
SRV - [2009/07/13 17:16:12 | 01,004,544 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\PeerDistSvc.dll -- (PeerDistSvc)
SRV - [2009/07/13 17:16:12 | 00,269,824 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\pnrpsvc.dll -- (PNRPsvc)
SRV - [2009/07/13 17:16:12 | 00,269,824 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\pnrpsvc.dll -- (p2pimsvc)
SRV - [2009/07/13 17:16:12 | 00,165,376 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\provsvc.dll -- (HomeGroupProvider)
SRV - [2009/07/13 17:16:12 | 00,020,480 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\pnrpauto.dll -- (PNRPAutoReg)
SRV - [2009/07/13 17:15:41 | 00,680,960 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
SRV - [2009/07/13 17:15:36 | 00,194,560 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\ListSvc.dll -- (HomeGroupListener)
SRV - [2009/07/13 17:15:21 | 00,797,696 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\FntCache.dll -- (FontCache)
SRV - [2009/07/13 17:15:11 | 00,253,440 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\System32\dhcpcore.dll -- (Dhcp)
SRV - [2009/07/13 17:15:10 | 00,218,624 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\defragsvc.dll -- (defragsvc)
SRV - [2009/07/13 17:14:59 | 00,076,800 | ---- | M] (Microsoft Corporation) [Unknown | Stopped] -- C:\Windows\System32\bdesvc.dll -- (BDESVC)
SRV - [2009/07/13 17:14:58 | 00,088,064 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\AxInstSv.dll -- (AxInstSV) ActiveX Installer (AxInstSV)
SRV - [2009/07/13 17:14:53 | 00,027,648 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\appidsvc.dll -- (AppIDSvc)
SRV - [2009/07/13 17:14:29 | 03,179,520 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\System32\sppsvc.exe -- (sppsvc)
SRV - [2009/07/09 11:22:18 | 00,144,712 | ---- | M] (Apple Inc.) [Auto | Running] -- C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe -- (Apple Mobile Device)
SRV - [2009/07/02 16:36:52 | 00,017,904 | ---- | M] (Microsoft Corporation) [Auto | Running] -- c:\Program Files\Microsoft Security Essentials\MsMpEng.exe -- (MsMpSvc)
SRV - [2009/03/30 15:28:36 | 01,533,808 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE -- (wlidsvc)
SRV - [2009/03/05 22:57:56 | 00,227,352 | ---- | M] (SonicWALL, Inc.) [On_Demand | Stopped] -- C:\Program Files\SonicWALL\SonicWALL Global VPN Client\SWGVCSvc.exe -- (SWGVCSvc)
SRV - [2008/11/04 00:06:28 | 00,441,712 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE -- (odserv)
SRV - [2008/09/16 12:03:18 | 00,169,312 | ---- | M] (Adobe Systems Incorporated) [Disabled | Stopped] -- C:\Program Files\Adobe\Photoshop Elements 7.0\PhotoshopElementsFileAgent.exe -- (AdobeActiveFileMonitor7.0)
SRV - [2008/02/27 04:24:12 | 00,020,480 | ---- | M] (Intuit) [Disabled | Stopped] -- C:\Program Files\Common Files\Intuit\QuickBooks\QBCFMonitorService.exe -- (QBCFMonitorService)
SRV - [2007/05/24 06:08:44 | 00,061,440 | ---- | M] (Intuit Inc.) [Disabled | Stopped] -- C:\Program Files\Common Files\Intuit\QuickBooks\FCS\Intuit.QuickBooks.FCS.exe -- (QBFCService)
SRV - [2006/10/26 13:03:08 | 00,145,184 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE -- (ose)


========== Driver Services (SafeList) ==========

DRV - [2009/09/25 12:49:51 | 00,217,664 | ---- | M] (TrueCrypt Foundation) [Kernel | System | Running] -- C:\Windows\System32\drivers\truecrypt.sys -- (truecrypt)
DRV - [2009/09/23 12:18:14 | 04,808,192 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\igdkmd32.sys -- (igfx)
DRV - [2009/09/15 12:34:14 | 06,000,640 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\NETw5v32.sys -- (netw5v32) Intel®
DRV - [2009/09/09 17:19:16 | 00,069,664 | ---- | M] (O2Micro) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\oz776.sys -- (guardian2)
DRV - [2009/08/28 18:42:52 | 00,040,448 | ---- | M] (Apple, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\usbaapl.sys -- (USBAAPL)
DRV - [2009/07/13 17:26:21 | 00,015,952 | ---- | M] (CMD Technology, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\cmdide.sys -- (cmdide)
DRV - [2009/07/13 17:26:17 | 00,297,552 | ---- | M] (Adaptec, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\adpahci.sys -- (adpahci)
DRV - [2009/07/13 17:26:15 | 00,422,976 | ---- | M] (Adaptec, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\adp94xx.sys -- (adp94xx)
DRV - [2009/07/13 17:26:15 | 00,159,312 | ---- | M] (AMD Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\amdsbs.sys -- (amdsbs)
DRV - [2009/07/13 17:26:15 | 00,146,512 | ---- | M] (Adaptec, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\adpu320.sys -- (adpu320)
DRV - [2009/07/13 17:26:15 | 00,086,608 | ---- | M] (Adaptec, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\arcsas.sys -- (arcsas)
DRV - [2009/07/13 17:26:15 | 00,079,952 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\amdsata.sys -- (amdsata)
DRV - [2009/07/13 17:26:15 | 00,076,368 | ---- | M] (Adaptec, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\arc.sys -- (arc)
DRV - [2009/07/13 17:26:15 | 00,023,616 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\system32\DRIVERS\amdxata.sys -- (amdxata)
DRV - [2009/07/13 17:26:15 | 00,014,400 | ---- | M] (Acer Laboratories Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\aliide.sys -- (aliide)
DRV - [2009/07/13 17:20:44 | 00,142,416 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\nvstor.sys -- (nvstor)
DRV - [2009/07/13 17:20:44 | 00,117,312 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\nvraid.sys -- (nvraid)
DRV - [2009/07/13 17:20:44 | 00,044,624 | ---- | M] (IBM Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\nfrd960.sys -- (nfrd960)
DRV - [2009/07/13 17:20:37 | 00,089,168 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\lsi_sas.sys -- (LSI_SAS)
DRV - [2009/07/13 17:20:36 | 00,332,352 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\iaStorV.sys -- (iaStorV)
DRV - [2009/07/13 17:20:36 | 00,235,584 | ---- | M] (LSI Corporation, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\MegaSR.sys -- (MegaSR)
DRV - [2009/07/13 17:20:36 | 00,133,200 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\System32\Drivers\ksecpkg.sys -- (KSecPkg)
DRV - [2009/07/13 17:20:36 | 00,096,848 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\lsi_scsi.sys -- (LSI_SCSI)
DRV - [2009/07/13 17:20:36 | 00,095,824 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\lsi_fc.sys -- (LSI_FC)
DRV - [2009/07/13 17:20:36 | 00,054,864 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\lsi_sas2.sys -- (LSI_SAS2)
DRV - [2009/07/13 17:20:36 | 00,041,040 | ---- | M] (Intel Corp./ICP vortex GmbH) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\iirsp.sys -- (iirsp)
DRV - [2009/07/13 17:20:36 | 00,030,800 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\megasas.sys -- (megasas)
DRV - [2009/07/13 17:20:36 | 00,013,904 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\System32\drivers\hwpolicy.sys -- (hwpolicy)
DRV - [2009/07/13 17:20:28 | 00,453,712 | ---- | M] (Emulex) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\elxstor.sys -- (elxstor)
DRV - [2009/07/13 17:20:28 | 00,070,720 | ---- | M] (Adaptec, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\djsvs.sys -- (aic78xx)
DRV - [2009/07/13 17:20:28 | 00,067,152 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\HpSAMD.sys -- (HpSAMD)
DRV - [2009/07/13 17:20:28 | 00,046,160 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\System32\drivers\fsdepends.sys -- (FsDepends)
DRV - [2009/07/13 17:19:11 | 00,141,904 | ---- | M] (VIA Technologies Inc.,Ltd) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\vsmraid.sys -- (vsmraid)
DRV - [2009/07/13 17:19:10 | 00,175,824 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\vmbus.sys -- (vmbus)
DRV - [2009/07/13 17:19:10 | 00,159,824 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\vhdmp.sys -- (vhdmp)
DRV - [2009/07/13 17:19:10 | 00,040,896 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\system32\DRIVERS\vmstorfl.sys -- (storflt)
DRV - [2009/07/13 17:19:10 | 00,032,832 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\system32\DRIVERS\vdrvroot.sys -- (vdrvroot)
DRV - [2009/07/13 17:19:10 | 00,028,224 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\storvsc.sys -- (storvsc)
DRV - [2009/07/13 17:19:10 | 00,019,008 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\System32\drivers\wimmount.sys -- (WIMMount)
DRV - [2009/07/13 17:19:10 | 00,016,976 | ---- | M] (VIA Technologies, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\viaide.sys -- (viaide)
DRV - [2009/07/13 17:19:04 | 01,383,488 | ---- | M] (QLogic Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\ql2300.sys -- (ql2300)
DRV - [2009/07/13 17:19:04 | 00,173,648 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\System32\drivers\rdyboost.sys -- (rdyboost)
DRV - [2009/07/13 17:19:04 | 00,106,064 | ---- | M] (QLogic Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\ql40xx.sys -- (ql40xx)
DRV - [2009/07/13 17:19:04 | 00,077,888 | ---- | M] (Silicon Integrated Systems) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\sisraid4.sys -- (SiSRaid4)
DRV - [2009/07/13 17:19:04 | 00,043,088 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\System32\drivers\pcw.sys -- (pcw)
DRV - [2009/07/13 17:19:04 | 00,040,016 | ---- | M] (Silicon Integrated Systems Corp.) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\SiSRaid2.sys -- (SiSRaid2)
DRV - [2009/07/13 17:19:04 | 00,021,072 | ---- | M] (Promise Technology) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\stexstor.sys -- (stexstor)
DRV - [2009/07/13 17:17:54 | 00,369,568 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\System32\Drivers\cng.sys -- (CNG)
DRV - [2009/07/13 16:57:25 | 00,272,128 | ---- | M] (Brother Industries Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\Drivers\Brserid.sys -- (Brserid) Brother MFC Serial Port Interface Driver (WDM)
DRV - [2009/07/13 16:02:41 | 00,018,944 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\rdpbus.sys -- (rdpbus)
DRV - [2009/07/13 16:01:41 | 00,007,168 | ---- | M] (Microsoft Corporation) [Kernel | System | Running] -- C:\Windows\System32\drivers\RDPREFMP.sys -- (RDPREFMP)
DRV - [2009/07/13 15:55:00 | 00,049,152 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\agilevpn.sys -- (RasAgileVpn) WAN Miniport (IKEv2)
DRV - [2009/07/13 15:53:51 | 00,009,728 | ---- | M] (Microsoft Corporation) [Kernel | System | Running] -- C:\Windows\System32\drivers\wfplwf.sys -- (WfpLwf)
DRV - [2009/07/13 15:52:44 | 00,027,136 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\ndiscap.sys -- (NdisCap)
DRV - [2009/07/13 15:52:02 | 00,019,968 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\vwifibus.sys -- (vwifibus)
DRV - [2009/07/13 15:52:00 | 00,163,328 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\1394ohci.sys -- (1394ohci)
DRV - [2009/07/13 15:51:35 | 00,008,192 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\umpass.sys -- (UmPass)
DRV - [2009/07/13 15:51:11 | 00,034,944 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\winusb.sys -- (WinUsb)
DRV - [2009/07/13 15:51:08 | 00,004,096 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\mshidkmdf.sys -- (mshidkmdf)
DRV - [2009/07/13 15:46:55 | 00,012,288 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\MTConfig.sys -- (MTConfig)
DRV - [2009/07/13 15:45:26 | 00,031,232 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\CompositeBus.sys -- (CompositeBus)
DRV - [2009/07/13 15:36:52 | 00,050,176 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\drivers\appid.sys -- (AppID)
DRV - [2009/07/13 15:33:50 | 00,026,624 | ---- | M] (Microsoft Corporation) [Kernel | Unknown | Running] -- C:\Windows\System32\drivers\scfilter.sys -- (scfilter)
DRV - [2009/07/13 15:28:47 | 00,005,632 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\vms3cap.sys -- (s3cap)
DRV - [2009/07/13 15:28:45 | 00,017,920 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\VMBusHID.sys -- (VMBusHID)
DRV - [2009/07/13 15:24:05 | 00,032,256 | ---- | M] (Microsoft Corporation) [Kernel | System | Running] -- C:\Windows\System32\drivers\discache.sys -- (discache)
DRV - [2009/07/13 15:19:21 | 00,021,504 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\HidBatt.sys -- (HidBatt)
DRV - [2009/07/13 15:16:36 | 00,009,728 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\acpipmi.sys -- (AcpiPmi)
DRV - [2009/07/13 15:11:04 | 00,052,736 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\amdppm.sys -- (AmdPPM)
DRV - [2009/07/13 14:54:14 | 00,026,624 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\drivers\hcw85cir.sys -- (hcw85cir)
DRV - [2009/07/13 14:53:33 | 00,012,160 | ---- | M] (Brother Industries Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\Drivers\BrUsbMdm.sys -- (BrUsbMdm)
DRV - [2009/07/13 14:53:33 | 00,011,904 | ---- | M] (Brother Industries Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\Drivers\BrUsbSer.sys -- (BrUsbSer)
DRV - [2009/07/13 14:53:32 | 00,062,336 | ---- | M] (Brother Industries Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\Drivers\BrSerWdm.sys -- (BrSerWdm)
DRV - [2009/07/13 14:53:28 | 00,013,568 | ---- | M] (Brother Industries, Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\BrFiltLo.sys -- (BrFiltLo)
DRV - [2009/07/13 14:53:28 | 00,005,248 | ---- | M] (Brother Industries, Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\BrFiltUp.sys -- (BrFiltUp)
DRV - [2009/07/13 14:02:49 | 00,229,888 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\b57nd60x.sys -- (b57nd60x)
DRV - [2009/07/13 14:02:48 | 03,100,160 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\evbdx.sys -- (ebdrv)
DRV - [2009/07/13 14:02:48 | 00,430,080 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\bxvbdx.sys -- (b06bdrv)
DRV - [2009/07/13 12:50:20 | 00,020,480 | ---- | M] (Macrovision Corporation, Macrovision Europe Limited, and Macrovision Japan and Asia K.K.) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\secdrv.sys -- (secdrv)
DRV - [2009/06/18 17:48:04 | 00,142,832 | ---- | M] (Microsoft Corporation) [File_System | System | Running] -- C:\Windows\System32\drivers\MpFilter.sys -- (MpFilter)
DRV - [2009/06/18 17:48:04 | 00,042,480 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Running] -- C:\Windows\System32\drivers\MpNWMon.sys -- (MpNWMon)
DRV - [2009/05/18 13:17:00 | 00,026,600 | ---- | M] (GEAR Software Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\GEARAspiWDM.sys -- (GEARAspiWDM)
DRV - [2009/03/05 22:58:12 | 00,087,064 | ---- | M] (SonicWALL, Inc.) [Kernel | System | Stopped] -- C:\Windows\System32\drivers\SWIPsec.sys -- (SWIPsec)
DRV - [2009/03/04 17:03:32 | 00,021,016 | ---- | M] (SonicWALL, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\SWVNIC.sys -- (SWVNIC)
DRV - [2009/02/24 17:42:14 | 00,116,736 | ---- | M] (MagicISO, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\mcdbus.sys -- (mcdbus)
DRV - [2008/11/16 17:39:44 | 00,131,984 | ---- | M] (Deterministic Networks, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\dne2000.sys -- (DNE)
DRV - [2008/06/16 03:00:00 | 00,044,944 | ---- | M] (Sonic Solutions) [Kernel | Boot | Running] -- C:\Windows\System32\Drivers\PxHelp20.sys -- (PxHelp20)
DRV - [2007/08/10 10:08:48 | 00,024,456 | ---- | M] () [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\swmsflt.sys -- (swmsflt)
DRV - [2006/08/24 15:56:58 | 00,040,832 | ---- | M] (Sierra Wireless America, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\apusbsnt.sys -- (apusbsnt)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========


IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = about:blank
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = http://www.msn.com/defaultc.aspx
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = en-us
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 3F 43 3A 16 E7 2D CA 01 [binary data]
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

========== FireFox ==========

FF - prefs.js..extensions.enabledItems: {d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}:1.1.3
FF - prefs.js..extensions.enabledItems: {b9db16a4-6edc-47ec-a1f4-b86292ed211d}:4.7
FF - prefs.js..extensions.enabledItems: {73a6fe31-595d-460b-a920-fcc0f8843232}:1.9.9.39

FF - HKLM\software\mozilla\Mozilla Firefox 3.6\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2010/01/22 09:57:09 | 00,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.6\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2010/01/22 09:57:09 | 00,000,000 | ---D | M]
FF - HKLM\software\mozilla\Thunderbird\Extensions\\eplgTb@eset.com: C:\Program Files\ESET\ESET NOD32 Antivirus\Mozilla Thunderbird

[2010/01/22 11:27:03 | 00,000,000 | ---D | M] -- C:\Users\MagnumVP\AppData\Roaming\mozilla\Extensions
[2010/01/27 10:39:30 | 00,000,000 | ---D | M] -- C:\Users\MagnumVP\AppData\Roaming\mozilla\Firefox\Profiles\ui82m6hr.default\extensions
[2010/01/22 11:27:45 | 00,000,000 | ---D | M] (NoScript) -- C:\Users\MagnumVP\AppData\Roaming\mozilla\Firefox\Profiles\ui82m6hr.default\extensions\{73a6fe31-595d-460b-a920-fcc0f8843232}
[2010/01/22 11:27:45 | 00,000,000 | ---D | M] (DownloadHelper) -- C:\Users\MagnumVP\AppData\Roaming\mozilla\Firefox\Profiles\ui82m6hr.default\extensions\{b9db16a4-6edc-47ec-a1f4-b86292ed211d}
[2010/01/22 11:27:45 | 00,000,000 | ---D | M] (Adblock Plus) -- C:\Users\MagnumVP\AppData\Roaming\mozilla\Firefox\Profiles\ui82m6hr.default\extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}
[2010/01/22 11:26:58 | 00,000,000 | ---D | M] -- C:\Program Files\Mozilla Firefox\extensions

O1 HOSTS File: ([2010/01/27 13:21:42 | 00,000,021 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - No CLSID value found.
O2 - BHO: (Java™ Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll (Sun Microsystems, Inc.)
O4 - HKLM..\Run: [MSSE] c:\Program Files\Microsoft Security Essentials\msseces.exe (Microsoft Corporation)
O4 - HKCU..\Run: [googletalk] C:\Users\MagnumVP\AppData\Roaming\Google\Google Talk\googletalk.exe (Google)
O4 - Startup: C:\Users\MagnumVP\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk = C:\Users\MagnumVP\AppData\Roaming\Dropbox\bin\Dropbox.exe ()
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Infodelivery present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoSMConfigurePrograms = 1
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoComputersNearMe = 1
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoNetHood = 1
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDesktopCleanupWizard = 1
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoRecentDocsNetHood = 1
O9 - Extra Button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\Program Files\Microsoft Expression\Web 2\Office12\REFIEBAR.DLL (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000008 [] - C:\Program Files\Common Files\microsoft shared\Windows Live\WLIDNSP.DLL (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000009 [] - C:\Program Files\Common Files\microsoft shared\Windows Live\WLIDNSP.DLL (Microsoft Corporation)
O13 - gopher Prefix: missing
O15 - HKLM\..Trusted Domains: cdiweb ([]https in Trusted sites)
O15 - HKLM\..Trusted Domains: cdiwss ([]http in Trusted sites)
O15 - HKLM\..Trusted Domains: emailarchive ([]https in Trusted sites)
O15 - HKLM\..Trusted Domains: Intranet ([]http in Trusted sites)
O15 - HKLM\..Trusted Domains: webmail ([]https in Trusted sites)
O15 - HKCU\..Trusted Domains: cdiweb ([]https in Trusted sites)
O15 - HKCU\..Trusted Domains: cdiwss ([]http in Trusted sites)
O15 - HKCU\..Trusted Domains: emailarchive ([]https in Trusted sites)
O15 - HKCU\..Trusted Domains: Intranet ([]http in Trusted sites)
O15 - HKCU\..Trusted Domains: webmail ([]https in Trusted sites)
O16 - DPF: {166B1BCA-3F9C-11CF-8075-444553540000} http://download.macromedia.com/pub/shockwa...director/sw.cab (Reg Error: Key error.)
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} http://download.microsoft.com/download/C/0...heckControl.cab (Windows Genuine Advantage Validation Tool)
O16 - DPF: {5AE58FCF-6F6A-49B2-B064-02492C66E3F4} http://catalog.update.microsoft.com/v7/sit...b?1260399479311 (MUCatalogWebControl Class)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Java Plug-in 1.6.0_16)
O16 - DPF: {CAFEEFAC-0016-0000-0016-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Java Plug-in 1.6.0_16)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Java Plug-in 1.6.0_16)
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab (Reg Error: Key error.)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.20.200
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: Domain = DCDOMAIN.local
O18 - Protocol\Handler\intu-help-qb1 {9B0F96C7-2E4B-433e-ABF3-043BA1B54AE3} - C:\Program Files\Intuit\QuickBooks 2008\HelpAsyncPluggableProtocol.dll (TODO: <Company name>)
O18 - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - C:\Program Files\Common Files\microsoft shared\Help\hxds.dll (Microsoft Corporation)
O18 - Protocol\Filter\text/xml {807563E5-5146-11D5-A672-00B0D022E945} - C:\Program Files\Common Files\microsoft shared\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\System32\SystemPropertiesPerformance.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (/pagefile) - File not found
O20 - Winlogon\Notify\igfxcui: DllName - igfxdev.dll - C:\Windows\System32\igfxdev.dll (Intel Corporation)
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - CLSID or File not found.
O30 - LSA: Security Packages - (pku2u) - C:\Windows\System32\pku2u.dll (Microsoft Corporation)
O30 - LSA: Security Packages - (livessp) - C:\Windows\System32\livessp.dll (Microsoft Corporation)
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2009/06/10 13:42:20 | 00,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O35 - comfile [open] -- "%1" %*
O35 - exefile [open] -- "%1" %*

========== Files/Folders - Created Within 30 Days ==========

[2010/01/27 13:47:57 | 00,548,864 | ---- | C] (OldTimer Tools) -- C:\Users\MagnumVP\Desktop\OTL.exe
[2010/01/27 13:15:50 | 00,472,064 | ---- | C] ( ) -- C:\Users\MagnumVP\Desktop\RootRepeal(2).exe
[2010/01/27 13:12:43 | 00,000,000 | ---D | C] -- C:\HJT
[2010/01/27 09:25:32 | 00,000,000 | ---D | C] -- C:\Users\MagnumVP\AppData\Local\Apps
[2010/01/22 11:00:14 | 00,064,512 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msfeedsbs.dll
[2010/01/22 11:00:13 | 00,381,440 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iedkcs32.dll
[2010/01/22 09:03:09 | 00,598,288 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\temp.004
[2010/01/22 09:03:09 | 00,402,481 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\temp.006
[2010/01/22 09:03:09 | 00,174,352 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\temp.007
[2010/01/22 09:03:09 | 00,164,112 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\temp.005
[2010/01/22 09:03:08 | 01,409,024 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\temp.003
[2010/01/22 09:03:08 | 00,266,293 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\temp.001
[2010/01/22 09:03:08 | 00,147,728 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\temp.000
[2010/01/22 09:03:08 | 00,017,920 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\temp.002
[2010/01/22 08:59:55 | 00,000,000 | ---D | C] -- C:\Users\MagnumVP\Documents\CoffeeCup Software
[2010/01/22 08:59:55 | 00,000,000 | ---D | C] -- C:\Users\MagnumVP\AppData\Roaming\CoffeeCup Software
[2010/01/22 08:59:13 | 00,018,944 | ---- | C] (Inprise Corporation) -- C:\Windows\System32\BORLNDMM.DLL
[2010/01/22 08:59:10 | 00,000,000 | ---D | C] -- C:\Program Files\CoffeeCup Software
[2010/01/21 14:21:20 | 00,000,000 | ---D | C] -- C:\Users\MagnumVP\Desktop\Bat2Exe
[2010/01/21 12:47:49 | 00,000,000 | ---D | C] -- C:\ProgramData\eSellerate
[2010/01/21 12:45:57 | 00,000,000 | ---D | C] -- C:\Users\MagnumVP\AppData\Local\nvmcsctools
[2010/01/21 12:41:19 | 00,000,000 | ---D | C] -- C:\Users\MagnumVP\AppData\Roaming\Internet Owl
[2010/01/20 14:40:50 | 00,000,000 | ---D | C] -- C:\Users\MagnumVP\Desktop\VBS2EXE
[2010/01/14 12:38:56 | 00,108,544 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\t2embed.dll
[2010/01/14 12:38:56 | 00,070,656 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\fontsub.dll
[2010/01/12 17:46:52 | 00,000,000 | ---D | C] -- C:\Users\MagnumVP\Desktop\Swim
[2010/01/06 15:16:17 | 00,000,000 | ---D | C] -- C:\Users\MagnumVP\Desktop\linksys
[2009/12/28 20:00:44 | 00,000,000 | ---D | C] -- C:\Users\MagnumVP\Desktop\Scrabble2009
[2009/12/28 14:32:32 | 00,000,000 | ---D | C] -- C:\Users\MagnumVP\Desktop\New folder
[2009/12/28 14:31:22 | 00,000,000 | ---D | C] -- C:\Users\MagnumVP\Desktop\Verne E. Hongola Account Statements

========== Files - Modified Within 30 Days ==========

[2010/01/27 13:50:02 | 04,718,592 | -HS- | M] () -- C:\Users\MagnumVP\NTUSER.DAT
[2010/01/27 13:47:57 | 00,548,864 | ---- | M] (OldTimer Tools) -- C:\Users\MagnumVP\Desktop\OTL.exe
[2010/01/27 13:42:57 | 00,004,232 | ---- | M] () -- C:\Users\MagnumVP\Desktop\Attach.zip
[2010/01/27 13:17:21 | 00,144,622 | ---- | M] () -- C:\Users\MagnumVP\Desktop\RootRepeal(2).dmp
[2010/01/27 13:16:11 | 00,000,000 | ---- | M] () -- C:\Users\MagnumVP\Desktop\settings.dat
[2010/01/27 13:15:52 | 00,472,064 | ---- | M] ( ) -- C:\Users\MagnumVP\Desktop\RootRepeal(2).exe
[2010/01/27 13:13:32 | 00,524,288 | ---- | M] () -- C:\Users\MagnumVP\Desktop\dds.scr
[2010/01/27 13:12:50 | 00,000,882 | ---- | M] () -- C:\Users\MagnumVP\Desktop\HijackThis.exe - Shortcut.lnk
[2010/01/27 13:02:46 | 00,002,266 | RHS- | M] () -- C:\Users\MagnumVP\ntuser.pol
[2010/01/27 12:18:50 | 00,022,693 | RHS- | M] () -- C:\ProgramData\ntuser.pol
[2010/01/27 09:20:50 | 00,713,888 | ---- | M] () -- C:\Windows\System32\PerfStringBackup.INI
[2010/01/27 09:20:50 | 00,615,360 | ---- | M] () -- C:\Windows\System32\perfh009.dat
[2010/01/27 09:20:50 | 00,103,702 | ---- | M] () -- C:\Windows\System32\perfc009.dat
[2010/01/27 07:16:25 | 00,014,592 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2010/01/27 07:16:25 | 00,014,592 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2010/01/27 07:09:19 | 00,000,006 | -H-- | M] () -- C:\Windows\tasks\SA.DAT
[2010/01/27 07:09:15 | 00,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2010/01/26 14:26:59 | 06,004,765 | -H-- | M] () -- C:\Users\MagnumVP\AppData\Local\IconCache.db
[2010/01/25 10:18:07 | 00,001,990 | -H-- | M] () -- C:\Users\MagnumVP\Documents\Default.rdp
[2010/01/22 09:57:10 | 00,001,845 | ---- | M] () -- C:\Users\Public\Desktop\Mozilla Firefox.lnk
[2010/01/22 09:10:25 | 00,000,023 | ---- | M] () -- C:\Windows\.prj
[2010/01/22 09:10:19 | 00,071,263 | ---- | M] () -- C:\Users\MagnumVP\Desktop\us_map.gif
[2010/01/22 09:08:04 | 00,001,353 | ---- | M] () -- C:\Users\MagnumVP\Desktop\index.html
[2010/01/22 08:06:03 | 00,015,446 | ---- | M] () -- C:\Users\MagnumVP\Desktop\us_map.jpg
[2010/01/14 11:12:06 | 00,181,120 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\MpSigStub.exe
[2010/01/14 07:24:38 | 18,249,8002 | ---- | M] () -- C:\Windows\MEMORY.DMP
[2010/01/12 16:56:03 | 37,237,1456 | ---- | M] () -- C:\Users\MagnumVP\Desktop\Total Immersion Freestyle.avi
[2010/01/12 10:27:34 | 00,317,877 | ---- | M] () -- C:\Users\MagnumVP\Documents\tsmmc.msc
[2010/01/10 23:12:38 | 00,381,440 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\iedkcs32.dll
[2010/01/06 12:57:53 | 00,001,136 | ---- | M] () -- C:\Users\Public\Desktop\Paint.NET.lnk
[2010/01/04 14:47:00 | 00,331,751 | ---- | M] () -- C:\Users\MagnumVP\Desktop\Lightening.jpg
[2009/12/28 19:59:45 | 23,589,0688 | ---- | M] () -- C:\Users\MagnumVP\Desktop\Scrabble2009.iso

========== Files Created - No Company Name ==========

[2010/01/27 13:17:20 | 00,144,622 | ---- | C] () -- C:\Users\MagnumVP\Desktop\RootRepeal(2).dmp
[2010/01/27 13:16:11 | 00,000,000 | ---- | C] () -- C:\Users\MagnumVP\Desktop\settings.dat
[2010/01/27 13:15:44 | 00,004,232 | ---- | C] () -- C:\Users\MagnumVP\Desktop\Attach.zip
[2010/01/27 13:13:31 | 00,524,288 | ---- | C] () -- C:\Users\MagnumVP\Desktop\dds.scr
[2010/01/27 13:12:50 | 00,000,882 | ---- | C] () -- C:\Users\MagnumVP\Desktop\HijackThis.exe - Shortcut.lnk
[2010/01/22 09:57:10 | 00,001,845 | ---- | C] () -- C:\Users\Public\Desktop\Mozilla Firefox.lnk
[2010/01/22 09:10:25 | 00,000,023 | ---- | C] () -- C:\Windows\.prj
[2010/01/22 09:10:19 | 00,071,263 | ---- | C] () -- C:\Users\MagnumVP\Desktop\us_map.gif
[2010/01/22 09:08:04 | 00,001,353 | ---- | C] () -- C:\Users\MagnumVP\Desktop\index.html
[2010/01/22 08:01:38 | 00,015,446 | ---- | C] () -- C:\Users\MagnumVP\Desktop\us_map.jpg
[2010/01/12 20:25:31 | 37,237,1456 | ---- | C] () -- C:\Users\MagnumVP\Desktop\Total Immersion Freestyle.avi
[2010/01/06 12:57:53 | 00,001,136 | ---- | C] () -- C:\Users\Public\Desktop\Paint.NET.lnk
[2010/01/04 14:47:00 | 00,331,751 | ---- | C] () -- C:\Users\MagnumVP\Desktop\Lightening.jpg
[2009/12/28 19:59:41 | 23,589,0688 | ---- | C] () -- C:\Users\MagnumVP\Desktop\Scrabble2009.iso
[2009/11/17 11:28:42 | 00,005,579 | ---- | C] () -- C:\Users\MagnumVP\AppData\Roaming\default.lsso
[2009/11/05 07:35:28 | 00,000,318 | ---- | C] () -- C:\Windows\WPE PRO.INI
[2009/10/16 10:03:09 | 00,000,008 | RHS- | C] () -- C:\ProgramData\C7B7584B79.sys
[2009/10/16 10:03:07 | 00,002,568 | -HS- | C] () -- C:\ProgramData\KGyGaAvL.sys
[2009/09/25 13:53:38 | 00,000,600 | ---- | C] () -- C:\Users\MagnumVP\AppData\Local\PUTTY.RND
[2009/09/24 09:28:55 | 00,000,009 | -HS- | C] () -- C:\Users\MagnumVP\AppData\Local\systemCurUses
[2009/09/24 09:28:55 | 00,000,006 | -HS- | C] () -- C:\Users\MagnumVP\AppData\Local\systemHdID
[2009/09/18 22:46:52 | 00,027,648 | ---- | C] () -- C:\Windows\System32\AVSredirect.dll
[2009/09/16 13:49:33 | 00,012,800 | ---- | C] () -- C:\Users\MagnumVP\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2009/09/07 19:00:08 | 00,087,552 | ---- | C] () -- C:\Windows\System32\cpwmon2k.dll
[2009/08/31 07:51:56 | 00,000,162 | ---- | C] () -- C:\Windows\ODBC.INI
[2009/08/25 08:33:55 | 00,140,288 | ---- | C] () -- C:\Windows\System32\igfxtvcx.dll
[2009/08/25 08:32:19 | 00,022,693 | RHS- | C] () -- C:\ProgramData\ntuser.pol
[2009/08/03 14:07:42 | 00,403,816 | ---- | C] () -- C:\Windows\System32\OGACheckControl.dll
[2009/07/13 15:51:43 | 00,073,728 | ---- | C] () -- C:\Windows\System32\BthpanContextHandler.dll
[2009/07/13 15:42:10 | 00,064,000 | ---- | C] () -- C:\Windows\System32\BWContextHandler.dll
[2007/08/10 10:08:48 | 00,024,456 | ---- | C] () -- C:\Windows\System32\drivers\swmsflt.sys
[2006/09/18 13:37:50 | 00,000,530 | ---- | C] () -- C:\Windows\System32\tx12_ic.ini
[2006/09/18 13:37:48 | 00,667,280 | ---- | C] () -- C:\Windows\System32\tx12.dll
< End of report >

---------------------------------------

Extras.txt file

---------------------------------------

OTL Extras logfile created on: 1/27/2010 1:48:50 PM - Run 1
OTL by OldTimer - Version 3.1.27.0 Folder = C:\Users\MagnumVP\Desktop
Ultimate Edition (Version = 6.1.7600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.7600.16385)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

3.00 Gb Total Physical Memory | 3.00 Gb Available Physical Memory | 73.00% Memory free
7.00 Gb Paging File | 6.00 Gb Available in Paging File | 86.00% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 297.91 Gb Total Space | 248.81 Gb Free Space | 83.52% Space Free | Partition Type: NTFS
D: Drive not present or media not loaded
Drive E: | 465.76 Gb Total Space | 155.19 Gb Free Space | 33.32% Space Free | Partition Type: NTFS
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded

Computer Name: DELLPC
Current User Name: MagnumVP
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: Current user
Company Name Whitelist: Off
Skip Microsoft Files: Off
File Age = 30 Days
Output = Standard

========== Extra Registry (SafeList) ==========


========== File Associations ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\System32\control.exe (Microsoft Corporation)
.hlp [@ = hlpfile] -- C:\Windows\winhlp32.exe (Microsoft Corporation)
.html [@ = htmlfile] -- C:\Program Files\Internet Explorer\iexplore.exe (Microsoft Corporation)

[HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation)

========== Shell Spawning ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
hlpfile [open] -- %SystemRoot%\winhlp32.exe %1 (Microsoft Corporation)
htmlfile [edit] -- "C:\Program Files\Microsoft Office\Office12\msohtmed.exe" %1 (Microsoft Corporation)
htmlfile [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" -nohome (Microsoft Corporation)
htmlfile [opennew] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
htmlfile [print] -- "C:\Program Files\Microsoft Office\Office12\msohtmed.exe" /p %1 (Microsoft Corporation)
http [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" -nohome (Microsoft Corporation)
https [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" -nohome (Microsoft Corporation)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l (Microsoft Corporation)
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [AddToPlaylistVLC] -- "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" ()
Directory [Browse with &IrfanView] -- "C:\Program Files\IrfanView\i_view32.exe" "%1 /thumbs" (Irfan Skiljan)
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [PlayWithVLC] -- "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" ()
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Applications\iexplore.exe [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
CLSID\{871C5380-42A0-1069-A2EA-08002B30309D} [OpenHomePage] -- "C:\Program Files\Internet Explorer\iexplore.exe" (Microsoft Corporation)

========== Security Center Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"VistaSp1" = Reg Error: Unknown registry data type -- File not found
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1

========== Authorized Applications List ==========


========== HKEY_LOCAL_MACHINE Uninstall List ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{0076E1AC-9E7B-4B9F-A62A-4CC9511AD8E3}" = Zune Language Pack (FR)
"{10A44844-4465-456E-8C97-80BDD4F68845}" = Windows Live ID Sign-in Assistant
"{1451DE6B-ABE1-4F62-BE9A-B363A17588A2}" = QuickTime
"{17DFE37C-064E-4834-AD8F-A4B2B4DF68F8}" = Adobe Photoshop Elements 8.0
"{205C6BDD-7B73-42DE-8505-9A093F35A238}" = Windows Live Upload Tool
"{22B775E7-6C42-4FC5-8E10-9A5E3257BD94}" = MSVCRT
"{26A24AE4-039D-4CA4-87B4-2F83216016FF}" = Java™ 6 Update 16
"{2EA870FA-585F-4187-903D-CB9FFD21E2E0}" = DHTML Editing Component
"{3577E42B-3347-4EB8-BFDA-D36E8ED3C519}" = Windows 7 USB/DVD Download Tool
"{388C130B-0079-46B4-A0D5-DC2DD7A89A7B}" = Citrix XenApp Plugin for Hosted Apps
"{3B4E636E-9D65-4D67-BA61-189800823F52}" = Windows Live Communications Platform
"{3FA365DF-2D68-45ED-8F83-8C8A33E65143}" = Apple Application Support
"{40624553-811E-400E-B69B-38D8926A66BD}" = SonicWALL Global VPN Client
"{48B3FB4D-CE22-488C-8E9F-24EBB77EAC0F}" = Microsoft Security Essentials
"{4F77F6EE-2C99-49F7-940A-2E9C208C3BE1}" = Paint.NET v3.5.2
"{52D862F9-F281-41B5-8806-58D4ABB8159E}" = DameWare NT Utilities
"{5A3F6A80-7913-475E-8B96-477A952CFA43}" = SupportSoft Assisted Service
"{69FDFBB6-351D-4B8C-89D8-867DC9D0A2A4}" = Windows Media Player Firefox Plugin
"{716E0306-8318-4364-8B8F-0CC4E9376BAC}" = MSXML 4.0 SP2 Parser and SDK
"{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable
"{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
"{7E265513-8CDA-4631-B696-F40D983F3B07}_is1" = CDBurnerXP
"{81128EE8-8EAD-4DB0-85C6-17C2CE50FF71}" = Windows Live Essentials
"{84EBDF39-4B33-49D7-A0BD-EB6E2C4E81C1}" = Windows Live Sync
"{888FFC82-688D-46AB-A776-B417885432B6}" = Zune
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8ECB8220-F423-4BEB-9596-97033C533702}" = QuickBooks Premier: Accountant Edition 2008
"{8F3C31C5-9C3A-4AA8-8EFA-71290A7AD533}" = TomTom HOME Visual Studio Merge Modules
"{90120000-0011-0000-0000-0000000FF1CE}" = Microsoft Office Professional Plus 2007
"{90120000-0011-0000-0000-0000000FF1CE}_PROPLUS_{0B36C6D6-F5D8-4EAF-BF94-4376A230AD5B}" = 2007 Microsoft Office Suite Service Pack 2 (SP2)
"{90120000-0011-0000-0000-0000000FF1CE}_PROPLUS_{3D019598-7B59-447A-80AE-815B703B84FF}" = Security Update for Microsoft Office system 2007 (972581)
"{90120000-0015-0409-0000-0000000FF1CE}" = Microsoft Office Access MUI (English) 2007
"{90120000-0015-0409-0000-0000000FF1CE}_PROPLUS_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = 2007 Microsoft Office Suite Service Pack 2 (SP2)
"{90120000-0016-0409-0000-0000000FF1CE}" = Microsoft Office Excel MUI (English) 2007
"{90120000-0016-0409-0000-0000000FF1CE}_PROPLUS_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = 2007 Microsoft Office Suite Service Pack 2 (SP2)
"{90120000-0018-0409-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (English) 2007
"{90120000-0018-0409-0000-0000000FF1CE}_PROPLUS_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = 2007 Microsoft Office Suite Service Pack 2 (SP2)
"{90120000-0019-0409-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (English) 2007
"{90120000-0019-0409-0000-0000000FF1CE}_PROPLUS_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = 2007 Microsoft Office Suite Service Pack 2 (SP2)
"{90120000-001A-0409-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (English) 2007
"{90120000-001A-0409-0000-0000000FF1CE}_PROPLUS_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = 2007 Microsoft Office Suite Service Pack 2 (SP2)
"{90120000-001B-0409-0000-0000000FF1CE}" = Microsoft Office Word MUI (English) 2007
"{90120000-001B-0409-0000-0000000FF1CE}_PROPLUS_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = 2007 Microsoft Office Suite Service Pack 2 (SP2)
"{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007
"{90120000-001F-0409-0000-0000000FF1CE}_PROPLUS_{ABDDE972-355B-4AF1-89A8-DA50B7B5C045}" = 2007 Microsoft Office Suite Service Pack 2 (SP2)
"{90120000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2007
"{90120000-001F-040C-0000-0000000FF1CE}_PROPLUS_{F580DDD5-8D37-4998-968E-EBB76BB86787}" = 2007 Microsoft Office Suite Service Pack 2 (SP2)
"{90120000-001F-0C0A-0000-0000000FF1CE}" = Microsoft Office Proof (Spanish) 2007
"{90120000-001F-0C0A-0000-0000000FF1CE}_PROPLUS_{187308AB-5FA7-4F14-9AB9-D290383A10D9}" = 2007 Microsoft Office Suite Service Pack 2 (SP2)
"{90120000-0020-0409-0000-0000000FF1CE}" = Compatibility Pack for the 2007 Office system
"{90120000-002C-0409-0000-0000000FF1CE}" = Microsoft Office Proofing (English) 2007
"{90120000-0044-0409-0000-0000000FF1CE}" = Microsoft Office InfoPath MUI (English) 2007
"{90120000-0044-0409-0000-0000000FF1CE}_PROPLUS_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = 2007 Microsoft Office Suite Service Pack 2 (SP2)
"{90120000-0045-0000-0000-0000000FF1CE}" = Microsoft Expression Web 2
"{90120000-0045-0000-0000-0000000FF1CE}_XWeb_{3D019598-7B59-447A-80AE-815B703B84FF}" = Security Update for Microsoft Office system 2007 (972581)
"{90120000-0045-0409-0000-0000000FF1CE}" = Microsoft Expression Web 2 MUI (English)
"{90120000-0051-0000-0000-0000000FF1CE}" = Microsoft Office Visio Professional 2007
"{90120000-0051-0000-0000-0000000FF1CE}_VISPRO_{0FD405D3-CAF8-4CA6-8BFD-911D2F8A6585}" = Microsoft Office Visio 2007 Service Pack 2 (SP2)
"{90120000-0051-0000-0000-0000000FF1CE}_VISPRO_{3D019598-7B59-447A-80AE-815B703B84FF}" = Security Update for Microsoft Office system 2007 (972581)
"{90120000-0054-0409-0000-0000000FF1CE}" = Microsoft Office Visio MUI (English) 2007
"{90120000-0054-0409-0000-0000000FF1CE}_VISPRO_{519D9F45-CBF4-4E57-B419-11F196CCA8AE}" = Microsoft Office Visio 2007 Service Pack 2 (SP2)
"{90120000-006E-0409-0000-0000000FF1CE}" = Microsoft Office Shared MUI (English) 2007
"{90120000-006E-0409-0000-0000000FF1CE}_PROPLUS_{DE5A002D-8122-4278-A7EE-3121E7EA254E}" = 2007 Microsoft Office Suite Service Pack 2 (SP2)
"{90120000-0115-0409-0000-0000000FF1CE}" = Microsoft Office Shared Setup Metadata MUI (English) 2007
"{90120000-0115-0409-0000-0000000FF1CE}_PROPLUS_{DE5A002D-8122-4278-A7EE-3121E7EA254E}" = 2007 Microsoft Office Suite Service Pack 2 (SP2)
"{90120000-0117-0409-0000-0000000FF1CE}" = Microsoft Office Access Setup Metadata MUI (English) 2007
"{90120000-0117-0409-0000-0000000FF1CE}_PROPLUS_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = 2007 Microsoft Office Suite Service Pack 2 (SP2)
"{95120000-00B9-0409-0000-0000000FF1CE}" = Microsoft Application Error Reporting
"{A0A77CDC-2419-4D5C-AD2C-E09E5926B806}" = Microsoft Antimalware
"{A2BCA9F1-566C-4805-97D1-7FDC93386723}" = Adobe AIR
"{A6FDF86A-F541-4E7B-AEA0-8849A2A700D5}" = iTunes
"{A85FD55B-891B-4314-97A5-EA96C0BD80B5}" = Windows Live Messenger
"{AADEA55D-C834-4BCB-98A3-4B8D1C18F4EE}" = Apple Mobile Device Support
"{AE3CF174-872C-46C6-B9F6-C0593F3BC7B8}" = Microsoft Office Live Add-in 1.4
"{B2544A03-10D0-4E5E-BA69-0362FFC20D18}" = OGA Notifier 2.0.0048.0
"{C069720D-D6D5-4B02-9CCD-7C2FDA07EAC1}" = Microsoft Expression Studio 2
"{C552184B-E4BE-479E-9A4A-6E51ED46ABE7}" = LiveUpload to Facebook
"{CB6075D9-F912-40AE-BEA6-E590DA24F16B}" = Adobe Photoshop Elements 7.0
"{D6C75F0B-3BC1-4FC9-B8C5-3F7E8ED059CA}" = Windows Live Photo Gallery
"{E3465A39-810E-4153-8348-F171475EC981}" = Jalbum
"{EE4ACABF-531E-419A-9225-B8E0FA4955AF}" = Zune Language Pack (ES)
"{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}" = Microsoft SQL Server 2005 Compact Edition [ENU]
"{F0E12BBA-AD66-4022-A453-A1C8A0C4D570}" = Microsoft Choice Guard
"{F6BD194C-4190-4D73-B1B1-C48C99921BFE}" = Windows Live Call
"Adobe AIR" = Adobe AIR
"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin
"Adobe Photoshop Elements 7" = Adobe Photoshop Elements 7.0
"Adobe Photoshop Elements 8.0" = Adobe Photoshop Elements 8.0
"CATVids_is1" = CATVids v8
"CutePDF Writer Installation" = CutePDF Writer 2.8
"ExpressionStudio_2.0.133.0" = Microsoft Expression Studio 2
"FileZilla Client" = FileZilla Client 3.3.1
"Foxit Reader" = Foxit Reader
"HDMI" = Intel® Graphics Media Accelerator Driver
"iArt_is1" = iArt 3
"IrfanView" = IrfanView (remove only)
"Magic ISO Maker v5.5 (build 0265)" = Magic ISO Maker v5.5 (build 0265)
"MagicDisc 2.7.106" = MagicDisc 2.7.106
"Microsoft Security Essentials" = Microsoft Security Essentials
"Mozilla Firefox (3.6)" = Mozilla Firefox (3.6)
"MyPublisher" = MyPublisher
"Notepad++" = Notepad++
"PROPLUS" = Microsoft Office Professional Plus 2007
"SystemRequirementsLab" = System Requirements Lab
"TomTom HOME" = TomTom HOME 2.7.1.1812
"TrueCrypt" = TrueCrypt
"TVWiz" = Intel® TV Wizard
"VISPRO" = Microsoft Office Visio Professional 2007
"VLC media player" = VLC media player 1.0.2
"WavePad" = WavePad Uninstall
"WinLiveSuite_Wave3" = Windows Live Essentials
"WinRAR archiver" = WinRAR archiver
"Xilisoft DVD Ripper Ultimate 5" = Xilisoft DVD Ripper Ultimate
"Xilisoft HD Video Converter" = Xilisoft HD Video Converter
"XWeb" = Microsoft Expression Web 2
"Zune" = Zune

========== HKEY_CURRENT_USER Uninstall List ==========

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{226b64e8-dc75-4eea-a6c8-abcb496320f2}-Google Talk" = Google Talk (remove only)
"Dropbox" = Dropbox

========== Last 10 Event Log Errors ==========

Error reading Event Logs: The Event Service is not operating properly or the Event Logs are corrupt!

< End of report >


#3 MagnumVP

MagnumVP
  • Topic Starter

  • Members
  • 9 posts
  • OFFLINE
  •  
  • Local time:08:50 PM

Posted 27 January 2010 - 05:32 PM

Here is the Germ.log

GMER 1.0.15.15281 - http://www.gmer.net
Rootkit scan 2010-01-27 14:31:01
Windows 6.1.7600
Running: germ.exe; Driver: C:\Users\MagnumVP\AppData\Local\Temp\awldypow.sys


---- System - GMER 1.0.15 ----

INT 0x1F \SystemRoot\system32\halmacpi.dll (Hardware Abstraction Layer DLL/Microsoft Corporation) 82C32AF8
INT 0x37 \SystemRoot\system32\halmacpi.dll (Hardware Abstraction Layer DLL/Microsoft Corporation) 82C32104
INT 0xC1 \SystemRoot\system32\halmacpi.dll (Hardware Abstraction Layer DLL/Microsoft Corporation) 82C323F4
INT 0xD1 \SystemRoot\system32\halmacpi.dll (Hardware Abstraction Layer DLL/Microsoft Corporation) 82C1B2D8
INT 0xD2 \SystemRoot\system32\halmacpi.dll (Hardware Abstraction Layer DLL/Microsoft Corporation) 82C1A898
INT 0xDF \SystemRoot\system32\halmacpi.dll (Hardware Abstraction Layer DLL/Microsoft Corporation) 82C321DC
INT 0xE1 \SystemRoot\system32\halmacpi.dll (Hardware Abstraction Layer DLL/Microsoft Corporation) 82C32958
INT 0xE3 \SystemRoot\system32\halmacpi.dll (Hardware Abstraction Layer DLL/Microsoft Corporation) 82C326F8
INT 0xFD \SystemRoot\system32\halmacpi.dll (Hardware Abstraction Layer DLL/Microsoft Corporation) 82C32F2C
INT 0xFE \SystemRoot\system32\halmacpi.dll (Hardware Abstraction Layer DLL/Microsoft Corporation) 82C331A8

---- Devices - GMER 1.0.15 ----

Device \Driver\BTHUSB \Device\0000008f bthport.sys (Bluetooth Bus Driver/Microsoft Corporation)
Device \Driver\ACPI_HAL \Device\00000054 halmacpi.dll (Hardware Abstraction Layer DLL/Microsoft Corporation)

AttachedDevice \Driver\volmgr \Device\HarddiskVolume1 fvevol.sys (BitLocker Drive Encryption Driver/Microsoft Corporation)
AttachedDevice \Driver\volmgr \Device\HarddiskVolume2 fvevol.sys (BitLocker Drive Encryption Driver/Microsoft Corporation)
AttachedDevice \Driver\volmgr \Device\HarddiskVolume3 fvevol.sys (BitLocker Drive Encryption Driver/Microsoft Corporation)
AttachedDevice \Driver\volmgr \Device\HarddiskVolume4 fvevol.sys (BitLocker Drive Encryption Driver/Microsoft Corporation)

Device \Driver\BTHUSB \Device\0000008d bthport.sys (Bluetooth Bus Driver/Microsoft Corporation)

AttachedDevice \FileSystem\fastfat \Fat fltmgr.sys (Microsoft Filesystem Filter Manager/Microsoft Corporation)

---- Registry - GMER 1.0.15 ----

Reg HKLM\SYSTEM\CurrentControlSet\services\BTHPORT\Parameters\Keys\00218683963f
Reg HKLM\SYSTEM\ControlSet002\services\BTHPORT\Parameters\Keys\00218683963f (not active ControlSet)

---- EOF - GMER 1.0.15 ----

#4 MagnumVP

MagnumVP
  • Topic Starter

  • Members
  • 9 posts
  • OFFLINE
  •  
  • Local time:08:50 PM

Posted 27 January 2010 - 06:11 PM

Here is the TDSSkiller.txt

-----------------------------

14:35:43:985 2752 TDSS rootkit removing tool 2.2.2 Jan 13 2010 08:42:25
14:35:43:985 2752 ================================================================================
14:35:43:985 2752 SystemInfo:

14:35:43:985 2752 OS Version: 6.1.7600 ServicePack: 0.0
14:35:43:985 2752 Product type: Workstation
14:35:43:985 2752 ComputerName: DELLPC
14:35:43:985 2752 UserName: MagnumVP
14:35:43:985 2752 Windows directory: C:\Windows
14:35:43:985 2752 Processor architecture: Intel x86
14:35:43:985 2752 Number of processors: 2
14:35:43:985 2752 Page size: 0x1000
14:35:43:985 2752 Boot type: Normal boot
14:35:43:985 2752 ================================================================================
14:35:43:985 2752 UnloadDriverW: NtUnloadDriver error 2
14:35:43:985 2752 ForceUnloadDriverW: UnloadDriverW(klmd21) error 2
14:35:43:985 2752 MyNtCreateFileW: NtCreateFile(\??\C:\Windows\system32\drivers\klmd.sys) returned status 00000000
14:35:44:032 2752 UtilityInit: KLMD drop and load success
14:35:44:032 2752 KLMD_OpenDevice: Trying to open KLMD Device(KLMD201000)
14:35:44:032 2752 UtilityInit: KLMD open success
14:35:44:032 2752 UtilityInit: Initialize success
14:35:44:032 2752
14:35:44:032 2752 Scanning Services ...
14:35:44:032 2752 CreateRegParser: Registry parser init started
14:35:44:032 2752 CreateRegParser: DisableWow64Redirection error
14:35:44:032 2752 wfopen_ex: Trying to open file C:\Windows\system32\config\system
14:35:44:032 2752 MyNtCreateFileW: NtCreateFile(\??\C:\Windows\system32\config\system) returned status C0000043
14:35:44:032 2752 wfopen_ex: MyNtCreateFileW error 32 (C0000043)
14:35:44:032 2752 wfopen_ex: Trying to KLMD file open
14:35:44:032 2752 KLMD_CreateFileW: Trying to open file C:\Windows\system32\config\system
14:35:44:032 2752 wfopen_ex: File opened ok (Flags 2)
14:35:44:032 2752 CreateRegParser: HIVE_ADAPTER(C:\Windows\system32\config\system) init success: 18114A8
14:35:44:032 2752 wfopen_ex: Trying to open file C:\Windows\system32\config\software
14:35:44:048 2752 MyNtCreateFileW: NtCreateFile(\??\C:\Windows\system32\config\software) returned status C0000043
14:35:44:048 2752 wfopen_ex: MyNtCreateFileW error 32 (C0000043)
14:35:44:048 2752 wfopen_ex: Trying to KLMD file open
14:35:44:048 2752 KLMD_CreateFileW: Trying to open file C:\Windows\system32\config\software
14:35:44:048 2752 wfopen_ex: File opened ok (Flags 2)
14:35:44:048 2752 CreateRegParser: HIVE_ADAPTER(C:\Windows\system32\config\software) init success: 1811320
14:35:44:048 2752 CreateRegParser: EnableWow64Redirection error
14:35:44:048 2752 CreateRegParser: RegParser init completed
14:35:44:781 2752 GetAdvancedServicesInfo: Raw services enum returned 463 services
14:35:44:781 2752 fclose_ex: Trying to close file C:\Windows\system32\config\system
14:35:44:796 2752 fclose_ex: Trying to close file C:\Windows\system32\config\software
14:35:44:812 2752
14:35:44:812 2752 Scanning Kernel memory ...
14:35:44:812 2752 KLMD_GetSystemObjectAddressByNameW: Trying to get system object address by name \Driver\Disk
14:35:44:812 2752 DetectCureTDL3: \Driver\Disk PDRIVER_OBJECT: 86512D00
14:35:44:812 2752 DetectCureTDL3: KLMD_GetDeviceObjectList returned 2 DevObjects
14:35:44:812 2752
14:35:44:812 2752 DetectCureTDL3: DEVICE_OBJECT: 87222AC8
14:35:44:812 2752 KLMD_GetLowerDeviceObject: Trying to get lower device object for 87222AC8
14:35:44:812 2752 DetectCureTDL3: DEVICE_OBJECT: 8572F2E0
14:35:44:812 2752 KLMD_GetLowerDeviceObject: Trying to get lower device object for 8572F2E0
14:35:44:812 2752 KLMD_ReadMem: Trying to ReadMemory 0x8572F2E0[0x38]
14:35:44:812 2752 DetectCureTDL3: DRIVER_OBJECT: 8573B990
14:35:44:812 2752 KLMD_ReadMem: Trying to ReadMemory 0x8573B990[0xA8]
14:35:44:812 2752 KLMD_ReadMem: Trying to ReadMemory 0x86C6DE88[0x1E]
14:35:44:812 2752 DetectCureTDL3: DRIVER_OBJECT name: \Driver\USBSTOR, Driver Name: USBSTOR
14:35:44:812 2752 DetectCureTDL3: IrpHandler (0) addr: 9202AA02
14:35:44:812 2752 DetectCureTDL3: IrpHandler (1) addr: 82D00437
14:35:44:812 2752 DetectCureTDL3: IrpHandler (2) addr: 9202AA7A
14:35:44:812 2752 DetectCureTDL3: IrpHandler (3) addr: 9202AAF2
14:35:44:812 2752 DetectCureTDL3: IrpHandler (4) addr: 9202AAF2
14:35:44:812 2752 DetectCureTDL3: IrpHandler (5) addr: 82D00437
14:35:44:812 2752 DetectCureTDL3: IrpHandler (6) addr: 82D00437
14:35:44:812 2752 DetectCureTDL3: IrpHandler (7) addr: 82D00437
14:35:44:812 2752 DetectCureTDL3: IrpHandler (8) addr: 82D00437
14:35:44:812 2752 DetectCureTDL3: IrpHandler (9) addr: 82D00437
14:35:44:812 2752 DetectCureTDL3: IrpHandler (10) addr: 82D00437
14:35:44:812 2752 DetectCureTDL3: IrpHandler (11) addr: 82D00437
14:35:44:812 2752 DetectCureTDL3: IrpHandler (12) addr: 82D00437
14:35:44:812 2752 DetectCureTDL3: IrpHandler (13) addr: 82D00437
14:35:44:812 2752 DetectCureTDL3: IrpHandler (14) addr: 9202A5FE
14:35:44:812 2752 DetectCureTDL3: IrpHandler (15) addr: 9201D656
14:35:44:812 2752 DetectCureTDL3: IrpHandler (16) addr: 82D00437
14:35:44:812 2752 DetectCureTDL3: IrpHandler (17) addr: 82D00437
14:35:44:812 2752 DetectCureTDL3: IrpHandler (18) addr: 82D00437
14:35:44:812 2752 DetectCureTDL3: IrpHandler (19) addr: 82D00437
14:35:44:812 2752 DetectCureTDL3: IrpHandler (20) addr: 82D00437
14:35:44:812 2752 DetectCureTDL3: IrpHandler (21) addr: 82D00437
14:35:44:812 2752 DetectCureTDL3: IrpHandler (22) addr: 920289BA
14:35:44:812 2752 DetectCureTDL3: IrpHandler (23) addr: 9202588E
14:35:44:812 2752 DetectCureTDL3: IrpHandler (24) addr: 82D00437
14:35:44:812 2752 DetectCureTDL3: IrpHandler (25) addr: 82D00437
14:35:44:812 2752 DetectCureTDL3: IrpHandler (26) addr: 82D00437
14:35:44:812 2752 KLMD_ReadMem: Trying to ReadMemory 0x9201FEA2[0x400]
14:35:44:812 2752 TDL3_StartIoHookDetect: CheckParameters: 4, 92024000, 0
14:35:44:812 2752 TDL3_FileDetect: Processing driver: USBSTOR
14:35:44:812 2752 TDL3_FileDetect: Processing driver file: C:\Windows\system32\DRIVERS\USBSTOR.SYS
14:35:44:812 2752 KLMD_CreateFileW: Trying to open file C:\Windows\system32\DRIVERS\USBSTOR.SYS
14:35:44:828 2752 TDL3_FileDetect: C:\Windows\system32\DRIVERS\USBSTOR.SYS - Verdict: Clean
14:35:44:828 2752
14:35:44:828 2752 DetectCureTDL3: DEVICE_OBJECT: 86513948
14:35:44:828 2752 KLMD_GetLowerDeviceObject: Trying to get lower device object for 86513948
14:35:44:828 2752 DetectCureTDL3: DEVICE_OBJECT: 86426908
14:35:44:828 2752 KLMD_GetLowerDeviceObject: Trying to get lower device object for 86426908
14:35:44:828 2752 KLMD_ReadMem: Trying to ReadMemory 0x86426908[0x38]
14:35:44:828 2752 DetectCureTDL3: DRIVER_OBJECT: 86037758
14:35:44:828 2752 KLMD_ReadMem: Trying to ReadMemory 0x86037758[0xA8]
14:35:44:828 2752 KLMD_ReadMem: Trying to ReadMemory 0x85FFCFB0[0x1A]
14:35:44:828 2752 DetectCureTDL3: DRIVER_OBJECT name: \Driver\atapi, Driver Name: atapi
14:35:44:828 2752 DetectCureTDL3: IrpHandler (0) addr: 833C98C4
14:35:44:828 2752 DetectCureTDL3: IrpHandler (1) addr: 82D00437
14:35:44:828 2752 DetectCureTDL3: IrpHandler (2) addr: 833C98C4
14:35:44:828 2752 DetectCureTDL3: IrpHandler (3) addr: 82D00437
14:35:44:828 2752 DetectCureTDL3: IrpHandler (4) addr: 82D00437
14:35:44:828 2752 DetectCureTDL3: IrpHandler (5) addr: 82D00437
14:35:44:828 2752 DetectCureTDL3: IrpHandler (6) addr: 82D00437
14:35:44:828 2752 DetectCureTDL3: IrpHandler (7) addr: 82D00437
14:35:44:828 2752 DetectCureTDL3: IrpHandler (8) addr: 82D00437
14:35:44:828 2752 DetectCureTDL3: IrpHandler (9) addr: 82D00437
14:35:44:828 2752 DetectCureTDL3: IrpHandler (10) addr: 82D00437
14:35:44:828 2752 DetectCureTDL3: IrpHandler (11) addr: 82D00437
14:35:44:828 2752 DetectCureTDL3: IrpHandler (12) addr: 82D00437
14:35:44:828 2752 DetectCureTDL3: IrpHandler (13) addr: 82D00437
14:35:44:828 2752 DetectCureTDL3: IrpHandler (14) addr: 833B547C
14:35:44:828 2752 DetectCureTDL3: IrpHandler (15) addr: 833B544E
14:35:44:828 2752 DetectCureTDL3: IrpHandler (16) addr: 82D00437
14:35:44:828 2752 DetectCureTDL3: IrpHandler (17) addr: 82D00437
14:35:44:828 2752 DetectCureTDL3: IrpHandler (18) addr: 82D00437
14:35:44:828 2752 DetectCureTDL3: IrpHandler (19) addr: 82D00437
14:35:44:828 2752 DetectCureTDL3: IrpHandler (20) addr: 82D00437
14:35:44:828 2752 DetectCureTDL3: IrpHandler (21) addr: 82D00437
14:35:44:828 2752 DetectCureTDL3: IrpHandler (22) addr: 833B54AA
14:35:44:828 2752 DetectCureTDL3: IrpHandler (23) addr: 833C4DB2
14:35:44:828 2752 DetectCureTDL3: IrpHandler (24) addr: 82D00437
14:35:44:828 2752 DetectCureTDL3: IrpHandler (25) addr: 82D00437
14:35:44:828 2752 DetectCureTDL3: IrpHandler (26) addr: 82D00437
14:35:44:828 2752 TDL3_FileDetect: Processing driver: atapi
14:35:44:828 2752 TDL3_FileDetect: Processing driver file: C:\Windows\system32\DRIVERS\atapi.sys
14:35:44:828 2752 KLMD_CreateFileW: Trying to open file C:\Windows\system32\DRIVERS\atapi.sys
14:35:44:828 2752 TDL3_FileDetect: C:\Windows\system32\DRIVERS\atapi.sys - Verdict: Clean
14:35:44:828 2752
14:35:44:828 2752 Completed
14:35:44:828 2752
14:35:44:828 2752 Results:
14:35:44:828 2752 Memory objects infected / cured / cured on reboot: 0 / 0 / 0
14:35:44:828 2752 Registry objects infected / cured / cured on reboot: 0 / 0 / 0
14:35:44:828 2752 File objects infected / cured / cured on reboot: 0 / 0 / 0
14:35:44:828 2752
14:35:44:828 2752 MyNtCreateFileW: NtCreateFile(\??\C:\Windows\system32\drivers\klmd.sys) returned status 00000000
14:35:44:828 2752 UtilityDeinit: KLMD(ARK) unloaded successfully


#5 MagnumVP

MagnumVP
  • Topic Starter

  • Members
  • 9 posts
  • OFFLINE
  •  
  • Local time:08:50 PM

Posted 27 January 2010 - 06:40 PM

MalwareBytes and SpyBot shows nothing infected on a full scan.

When I attempt to run the Kapersky Free Online Scanner, it doesn't exist.. for now.

http://www.kaspersky.com/virusscanner

Any help is greatly appreciated.

#6 MagnumVP

MagnumVP
  • Topic Starter

  • Members
  • 9 posts
  • OFFLINE
  •  
  • Local time:08:50 PM

Posted 28 January 2010 - 10:18 AM

Why do I get no love from this forum? I've done everything asked, but still no response.

===========

Hello

While we understand your frustration at having to wait, please note that Bleeping Computer deals with several hundred requests for assistance such as yours on a daily basis. As a result, our backlog is quite large as are other comparable sites that help others with malware issues. Although our HJT Team members work on hundreds of requests each day, they are all volunteers who work logs when they can and are able to do so. No one is paid by Bleeping Computer for their assistance to our members.

Further, our malware removal staff is comprised of team members with various levels of skill and expertise to deal with thousands of malware variants, some more complex than others. Although we try to take DDS/HJT logs in order (starting with the oldest), it is often the skill level of the particular helper and sometimes the operating system that dictates which logs get selected first. Some infections are more complicated than others and require a higher skill level to remove. Without that skill level attempted removal could result in disastrous results. In other instances, the helper may not be familiar with the operating system that you are using, since they use another. In either case, neither of us want someone to assist you who is not familiar with your issue and attempt to fix it.

We ask that once you have posted your log and are waiting, please DO NOT "bump" your thread or make further replies until it has been responded to by a member of the HJT Team. The reason we ask this or do not respond to your requests is because that would remove you from the active queue that Techs and Staff have access to. The malware staff checks the forum for postings that have 0 replies as this makes it easier for them to identify those who have not been helped. If you post another response, there will be 1 reply. A team member, looking for a new log to work may assume another HJT Team member is already assisting you and not open the thread to respond.

That is why I have made an edit to your last post, instead of a reply. Please do not multiple post here, as that only pushes you further down the queue and causes confusion to the staff.

Please be patient. It may take several days, up to two weeks perhaps less, to get a response but your log will be reviewed and answered as soon as possible. I advise checking your topic once a day for responses as the e-mail notification system is unreliable.

Thank you for understanding.

Orange Blossom ~ forum moderator

Edited by Orange Blossom, 31 January 2010 - 10:38 AM.


#7 Blind Faith

Blind Faith

  • Malware Response Team
  • 4,101 posts
  • OFFLINE
  •  
  • Gender:Female
  • Local time:07:50 AM

Posted 03 February 2010 - 02:11 PM

Hello and welcome to Bleeping Computer! welcome.gif

We apologize for the delay in responding to your request for help. Here at Bleeping Computer we get overwhelmed at times, and we are trying our best to keep up. Please note that your topic was not intentionally overlooked. Our mission is to help everyone in need, but sometimes it takes just a little longer to get to every request for help. No one is ignored here.

If you have since resolved the original problem you were having, we would appreciate you letting us know. If not please perform the following steps below so we can have a look at the current condition of your machine.

If you have not done so, include a clear description of the problems you're having, along with any steps you may have performed so far.

Upon completing the steps below another staff member will review and take the steps necessary with you to get your machine back in working order clean and free of malware.

If you have already posted a DDS log, please do so again, as your situation may have changed.
Use the 'Add Reply' and add the new log to this thread.


Thanks and again sorry for the delay.

We need to see some information about what is happening in your machine. Please perform the following scan:
  • Download DDS by sUBs from one of the following links. Save it to your desktop.
  • Double click on the DDS icon, allow it to run.
  • A small box will open, with an explaination about the tool. No input is needed, the scan is running.
  • Notepad will open with the results.
  • Follow the instructions that pop up for posting the results.
  • Close the program window, and delete the program from your desktop.
Please note: You may have to disable any script protection running if the scan fails to run. After downloading the tool, disconnect from the internet and disable all antivirus protection. Run the scan, enable your A/V and reconnect to the internet.

Information on A/V control HERE



Elle
Can you hear it?It's all around!

Tomar ki manè acchè?
Yadi thakè, tahalè
Ki kshama kartè paro
?



If I haven't replied in 48 hours, please feel free to send me a PM.



Posted Image

#8 MagnumVP

MagnumVP
  • Topic Starter

  • Members
  • 9 posts
  • OFFLINE
  •  
  • Local time:08:50 PM

Posted 04 February 2010 - 01:03 AM

Thank you for the response, however I was unable to wait any longer since it was my work computer and I did not want to compromise the office network. To fix it I images what I had, wiped and started over. Any documents or files that I need I extract from the image.

#9 schrauber

schrauber

    Mr.Mechanic


  • Malware Response Team
  • 24,794 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Munich,Germany
  • Local time:05:50 AM

Posted 04 February 2010 - 12:01 PM

Since this issue appears to be resolved ... this Topic has been closed.

If your the topic starter, and need this topic reopened, please contact me via pm with the address of the thread.

Everyone else please begin a New Topic.
regards,
schrauber

Posted Image
Posted Image

If I've not posted back within 48 hrs., feel free to send a PM with your topic link. Thank you!

If I have helped you then please consider donating to continue the fight against malware Posted Image




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users