Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

trojan horse cryptic.cm


  • This topic is locked This topic is locked
15 replies to this topic

#1 chefbrad

chefbrad

  • Members
  • 85 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:02:42 PM

Posted 04 April 2010 - 10:28 AM

Hello! Thank you for your time. I'm having problems with a trojan horse. My computer and browser are running slow and AVG has not been able to get rid of it. I tried to run the gmer program however when I try to run it Windows crashes and I have to shut down the computer. I tried twice and decided to post the info I have. Thanks for your help!


DDS (Ver_10-03-17.01) - NTFSx86
Run by Brad at 10:56:17.10 on Sun 04/04/2010
Internet Explorer: 8.0.6001.18702 BrowserJavaVersion: 1.6.0_18
Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.2046.1192 [GMT -4:00]

AV: AVG Internet Security *On-access scanning enabled* (Updated) {17DDD097-36FF-435F-9E1B-52D74245D6BF}
FW: AVG Firewall *enabled* {8decf618-9569-4340-b34a-d78d28969b66}

============== Running Processes ===============

C:\WINDOWS\system32\svchost -k DcomLaunch
svchost.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
C:\WINDOWS\system32\svchost.exe -k WudfServiceGroup
C:\Program Files\AVG\AVG9\avgchsvx.exe
C:\Program Files\AVG\AVG9\avgrsx.exe
svchost.exe
C:\Program Files\AVG\AVG9\avgcsrvx.exe
svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\AVG\AVG9\Identity Protection\Agent\Bin\AVGIDSAgent.exe
C:\Program Files\Creative\Sound Blaster Live! 24-bit\Surround Mixer\CTSysVol.exe
C:\WINDOWS\system32\dla\tfswctrl.exe
C:\Program Files\Common Files\Seagate\Schedule2\schedhlp.exe
C:\PROGRA~1\AVG\AVG9\avgtray.exe
C:\Program Files\Common Files\Java\Java Update\jusched.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Common Files\Pure Networks Shared\Platform\nmctxth.exe
C:\Program Files\AVG\AVG9\Identity Protection\agent\bin\avgidsmonitor.exe
svchost.exe
C:\Program Files\Common Files\Acronis\Schedule2\schedul2.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\AVG\AVG9\avgwdsvc.exe
C:\Program Files\AVG\AVG9\avgfws9.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\WINDOWS\system32\FsUsbExService.Exe
C:\Program Files\AVG\AVG9\avgam.exe
C:\Program Files\AVG\AVG9\avgnsx.exe
C:\WINDOWS\system32\svchost.exe -k hpdevmgmt
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\Common Files\Motive\McciCMService.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\WINDOWS\System32\svchost.exe -k HPZ12
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\IoctlSvc.exe
C:\Program Files\Sony\PMB\PMBDeviceInfoProvider.exe
C:\WINDOWS\System32\svchost.exe -k HPZ12
C:\WINDOWS\system32\tcpsvcs.exe
C:\WINDOWS\system32\svchost.exe -k imgsvc
C:\WINDOWS\system32\MsPMSPSv.exe
C:\Program Files\Common Files\Pure Networks Shared\Platform\nmsrvc.exe
C:\Program Files\AVG\AVG9\avgcsrvx.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Documents and Settings\Brad\Desktop\dds.scr

============== Pseudo HJT Report ===============

uStart Page = hxxp://www.windstream.net/wind/portal/index.aspx
uSearchMigratedDefaultURL = hxxp://search.live.com/results.aspx?q={searchTerms}&src={referrer:source?}
uInternet Settings,ProxyOverride = 127.0.0.1;localhost;*.local
uURLSearchHooks: AVG Security Toolbar BHO: {a3bc75a2-1f87-4686-aa43-5347d756017c} - c:\program files\avg\avg9\toolbar\IEToolbar.dll
BHO: AutorunsDisabled - No File
BHO: AVG Safe Search: {3ca2f312-6f6e-4b53-a66e-4e65e497c8c0} - c:\program files\avg\avg9\avgssie.dll
BHO: DriveLetterAccess: {5ca3d70e-1895-11cf-8e15-001234567890} - c:\windows\system32\dla\tfswshx.dll
BHO: AVG Security Toolbar BHO: {a3bc75a2-1f87-4686-aa43-5347d756017c} - c:\program files\avg\avg9\toolbar\IEToolbar.dll
BHO: Java™ Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
BHO: JQSIEStartDetectorImpl Class: {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - c:\program files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
TB: AVG Security Toolbar: {ccc7a320-b3ca-4199-b1a6-9f516dd69829} - c:\program files\avg\avg9\toolbar\IEToolbar.dll
EB: {FE54FA40-D68C-11d2-98FA-00C0F0318AFE} - No File
mRun: [CTSysVol] "c:\program files\creative\sound blaster live! 24-bit\surround mixer\CTSysVol.exe" /r
mRun: [dla] c:\windows\system32\dla\tfswctrl.exe
mRun: [AppleSyncNotifier] c:\program files\common files\apple\mobile device support\bin\AppleSyncNotifier.exe
mRun: [Acronis Scheduler2 Service] "c:\program files\common files\seagate\schedule2\schedhlp.exe"
mRun: [AVG9_TRAY] c:\progra~1\avg\avg9\avgtray.exe
mRun: [SunJavaUpdateSched] "c:\program files\common files\java\java update\jusched.exe"
mRun: [iTunesHelper] "c:\program files\itunes\iTunesHelper.exe"
mRun: [NPSStartup]
mRun: [NvCplDaemon] RUNDLL32.EXE c:\windows\system32\NvCpl.dll,NvStartup
mRun: [nmctxth] "c:\program files\common files\pure networks shared\platform\nmctxth.exe"
StartupFolder: c:\docume~1\brad\startm~1\programs\startup\autoru~1\gozone~1.lnk - c:\program files\gozone\GoZone_iSync.exe
StartupFolder: c:\docume~1\brad\startm~1\programs\startup\autoru~1\lex18d~1.lnk - c:\program files\lex 18 desktop weather\liveonline_3342343.exe
StartupFolder: c:\docume~1\brad\startm~1\programs\startup\autoru~1\logite~1.lnk - c:\program files\common files\logishrd\ereg\setpoint\eReg.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\autoru~1\adober~1.lnk - c:\program files\adobe\acrobat 7.0\reader\reader_sl.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\autoru~1\alltel~1.lnk - c:\program files\alltel dsl check-up center\bin\matcli.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\autoru~1\digita~1.lnk - c:\program files\digital line detect\DLG.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\autoru~1\hpdigi~1.lnk - c:\program files\hp\digital imaging\bin\hpqtra08.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\autoru~1\logite~2.lnk - c:\program files\logitech\desktop messenger\8876480\program\LDMConf.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\autoru~1\logite~1.lnk - c:\program files\logitech\setpoint\SetPoint.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\autoru~1\window~1.lnk - c:\program files\msn toolbar suite\ds\02.05.0001.1119\en-us\bin\WindowsSearch.exe
uPolicies-system: EnableProfileQuota = 1 (0x1)
mPolicies-system: EnableLinkedConnections = 1 (0x1)
IE: &MSN Search - c:\program files\msn toolbar suite\tb\02.05.0001.1119\en-us\msntb.dll/search.htm
IE: E&xport to Microsoft Excel - c:\progra~1\micros~2\office11\EXCEL.EXE/3000
IE: Open in new background tab - c:\program files\msn toolbar suite\tab\02.05.0001.1119\en-us\msntabres.dll/229?7ef2e66cc26744b0a35df2ddda322a39
IE: Open in new foreground tab - c:\program files\msn toolbar suite\tab\02.05.0001.1119\en-us\msntabres.dll/230?7ef2e66cc26744b0a35df2ddda322a39
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
IE: {CD67F990-D8E9-11d2-98FE-00C0F0318AFE}
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
IE: {58ECB495-38F0-49cb-A538-10282ABF65E7} - {E763472E-A716-4CD9-89BD-DBDA6122F741} - c:\program files\hp\smart web printing\hpswp_extensions.dll
IE: {700259D7-1666-479a-93B1-3250410481E8} - {A93C41D8-01F8-4F8B-B14C-DE20B117E636} - c:\program files\hp\smart web printing\hpswp_extensions.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~2\office11\REFIEBAR.DLL
Trusted Zone: alltel.com\care
DPF: Microsoft XML Parser for Java - file://c:\windows\java\classes\xmldso.cab
DPF: {01A88BB1-1174-41EC-ACCB-963509EAE56B} - hxxps://support.dell.com/systemprofiler/SysPro.CAB
DPF: {02BF25D5-8C17-4B23-BC80-D3488ABDDC6B} - hxxp://a1540.g.akamai.net/7/1540/52/20061205/qtinstall.info.apple.com/qtactivex/qtplugin.cab
DPF: {05CA9FB0-3E3E-4B36-BF41-0E3A5CAA8CD8} - hxxp://download.microsoft.com/download/e/7/3/e7345c16-80aa-4488-ae10-9ac6be844f99/OGAControl.cab
DPF: {0742B9EF-8C83-41CA-BFBA-830A59E23533} - hxxps://support.microsoft.com/OAS/ActiveX/MSDcode.cab
DPF: {1239CC52-59EF-4DFA-8C61-90FFA846DF7E} - hxxp://www.musicnotes.com/download/mnviewer.cab
DPF: {17492023-C23A-453E-A040-C7C580BBF700} - hxxp://go.microsoft.com/fwlink/?linkid=39204
DPF: {321FB770-1FBE-4BFE-BDC1-6F622D4FA499} - hxxps://activation.alltel.com/wizlet/ALLTEL/static/controls/WebflowActiveXInstaller_2-0-0.cab
DPF: {3E68E405-C6DE-49FF-83AE-41EE9F4C36CE} - hxxp://office.microsoft.com/officeupdate/content/opuc2.cab
DPF: {46C66BBD-E667-4DAD-9682-58050E7C9FDC} - hxxp://www.cdpass.com/cdkey/CDPass.cab
DPF: {48DD0448-9209-4F81-9F6D-D83562940134} - hxxp://lads.myspace.com/upload/MySpaceUploader1006.cab
DPF: {4A3CF76B-EC7A-405D-A67D-8DC6B52AB35B} - hxxp://aolcc.aol.com/computercheckup/qdiagcc.cab
DPF: {4ED9DDF0-7479-4BBE-9335-5A1EDB1D8A21} - hxxp://download.mcafee.com/molbin/shared/mcinsctl/4,0,0,101/mcinsctl.cab
DPF: {56762DEC-6B0D-4AB4-A8AD-989993B5D08B} - hxxp://www.eset.eu/buxus/docs/OnlineScanner.cab
DPF: {5D637FAD-E202-48D1-8F18-5B9C459BD1E3} - hxxp://www.winkflash.com/photo/loaders/ImageUploader5.cab
DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} - hxxp://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1130593343250
DPF: {6E5E167B-1566-4316-B27F-0DDAB3484CF7} - hxxp://www.winkflash.com/photo/loaders/ImageUploader4.cab
DPF: {72C9EA8F-8965-40C2-ABAD-D460A5815F86} - hxxp://host.oddcast.com/hostClientIE.cab
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_18-windows-i586.cab
DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} - hxxp://fpdownload.macromedia.com/get/flashplayer/current/polarbear/ultrashim.cab
DPF: {A8F2B9BD-A6A0-486A-9744-18920D898429} - hxxp://www.sibelius.com/download/software/win/ActiveXPlugin.cab
DPF: {B1E2B96C-12FE-45E2-BEF1-44A219113CDD} - hxxp://www.superadblocker.com/activex/sabspx.cab
DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} - hxxp://cdn2.zone.msn.com/binFramework/v10/ZIntro.cab34246.cab
DPF: {BCC0FF27-31D9-4614-A68E-C18E1ADA4389} - hxxp://download.mcafee.com/molbin/shared/mcgdmgr/1,0,0,26/mcgdmgr.cab
DPF: {C7DB51B4-BCF7-4923-8874-7F1A0DC92277} - hxxp://office.microsoft.com/officeupdate/content/opuc4.cab
DPF: {CAFEEFAC-0014-0002-0003-ABCDEFFEDCBA} - hxxp://java.sun.com/products/plugin/autodl/jinstall-142-windows-i586.cab
DPF: {CAFEEFAC-0015-0000-0006-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.5.0/jinstall-1_5_0_06-windows-i586.cab
DPF: {CAFEEFAC-0015-0000-0009-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.5.0/jinstall-1_5_0_09-windows-i586.cab
DPF: {CAFEEFAC-0015-0000-0011-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.5.0/jinstall-1_5_0_11-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0001-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_01-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0003-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_03-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_07-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0018-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_18-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_18-windows-i586.cab
DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://fpdownload2.macromedia.com/get/flashplayer/current/swflash.cab
DPF: {D68217F4-1DF9-45C1-BFA6-61DBD5464527} - hxxp://209.90.101.200/cabs/zinst.cab
DPF: {E06E2E99-0AA1-11D4-ABA6-0060082AA75C} -
DPF: {E5D419D6-A846-4514-9FAD-97E826C84822} - hxxp://fdl.msn.com/zone/datafiles/heartbeat.cab
DPF: {EBF85371-A38F-485B-B28F-0B4C82D25937} - hxxp://update.hpphoto.com/download/HPSWUpdate.ocx
DPF: {FFBB3F3B-0A5A-4106-BE53-DFE1E2340CB1} - hxxp://dlm.tools.akamai.com/dlmanager/versions/activex/dlm-activex-2.2.1.6.cab
Handler: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - c:\program files\avg\avg9\avgpp.dll
Handler: pure-go - {4746C79A-2042-4332-8650-48966E44ABA8} - c:\program files\common files\pure networks shared\platform\puresp4.dll
Notify: AutorunsDisabled - c:\program files\superantispyware\SASWINLO.dll
Notify: avgrsstarter - avgrsstx.dll
Notify: igfxcui - igfxdev.dll
SecurityProviders: msapsspc.dll, schannel.dll, digest.dll, msnsspc.dll, zwebauth.dll
LSA: Authentication Packages = msv1_0 relog_ap

================= FIREFOX ===================

FF - ProfilePath - c:\docume~1\brad\applic~1\mozilla\firefox\profiles\5wo5dy23.default\
FF - prefs.js: browser.search.selectedEngine - Google
FF - prefs.js: browser.startup.homepage - hxxp://www.windstream.net/wind/portal/index.aspx
FF - component: c:\program files\avg\avg9\firefox\components\avgssff.dll
FF - component: c:\program files\avg\avg9\toolbar\firefox\avg@igeared\components\IGeared_tavgp_xputils2.dll
FF - component: c:\program files\avg\avg9\toolbar\firefox\avg@igeared\components\IGeared_tavgp_xputils3.dll
FF - component: c:\program files\avg\avg9\toolbar\firefox\avg@igeared\components\IGeared_tavgp_xputils35.dll
FF - component: c:\program files\avg\avg9\toolbar\firefox\avg@igeared\components\xpavgtbapi.dll
FF - plugin: c:\documents and settings\brad\application data\mozilla\firefox\profiles\5wo5dy23.default\extensions\moveplayer@movenetworks.com\platform\winnt_x86-msvc\plugins\npmnqmp071303000006.dll
FF - plugin: c:\program files\mozilla firefox\plugins\npCouponPrinter.dll
FF - plugin: c:\program files\mozilla firefox\plugins\npmusicn.dll
FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\microsoft.net\framework\v3.5\windows presentation foundation\dotnetassistantextension\
FF - HiddenExtension: Java Console: No Registry Reference - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0003-ABCDEFFEDCBA}
FF - HiddenExtension: Java Console: No Registry Reference - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA}
FF - HiddenExtension: Java Console: No Registry Reference - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0014-ABCDEFFEDCBA}
FF - HiddenExtension: Java Console: No Registry Reference - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0015-ABCDEFFEDCBA}
FF - HiddenExtension: Java Console: No Registry Reference - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA}
FF - HiddenExtension: Java Console: No Registry Reference - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0018-ABCDEFFEDCBA}

---- FIREFOX POLICIES ----
c:\program files\mozilla firefox\greprefs\all.js - pref("ui.use_native_colors", true);
c:\program files\mozilla firefox\greprefs\all.js - pref("ui.use_native_popup_windows", false);
c:\program files\mozilla firefox\greprefs\all.js - pref("browser.enable_click_image_resizing", true);
c:\program files\mozilla firefox\greprefs\all.js - pref("accessibility.browsewithcaret_shortcut.enabled", true);
c:\program files\mozilla firefox\greprefs\all.js - pref("javascript.options.mem.high_water_mark", 32);
c:\program files\mozilla firefox\greprefs\all.js - pref("javascript.options.mem.gc_frequency", 1600);
c:\program files\mozilla firefox\greprefs\all.js - pref("network.auth.force-generic-ntlm", false);
c:\program files\mozilla firefox\greprefs\all.js - pref("svg.smil.enabled", false);
c:\program files\mozilla firefox\greprefs\all.js - pref("ui.trackpoint_hack.enabled", -1);
c:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.debug", false);
c:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.agedWeight", 2);
c:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.bucketSize", 1);
c:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.maxTimeGroupings", 25);
c:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.timeGroupingSize", 604800);
c:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.boundaryWeight", 25);
c:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.prefixWeight", 5);
c:\program files\mozilla firefox\greprefs\all.js - pref("html5.enable", false);
c:\program files\mozilla firefox\greprefs\security-prefs.js - pref("security.ssl.allow_unrestricted_renego_everywhere__temporarily_available_pref", true);
c:\program files\mozilla firefox\greprefs\security-prefs.js - pref("security.ssl.renego_unrestricted_hosts", "");
c:\program files\mozilla firefox\greprefs\security-prefs.js - pref("security.ssl.treat_unsafe_negotiation_as_broken", false);
c:\program files\mozilla firefox\greprefs\security-prefs.js - pref("security.ssl.require_safe_negotiation", false);
c:\program files\mozilla firefox\greprefs\security-prefs.js - pref("security.ssl3.rsa_seed_sha", true);
c:\program files\mozilla firefox\defaults\pref\firefox-branding.js - pref("app.update.download.backgroundInterval", 600);
c:\program files\mozilla firefox\defaults\pref\firefox-branding.js - pref("app.update.url.manual", "http://www.firefox.com");
c:\program files\mozilla firefox\defaults\pref\firefox-branding.js - pref("browser.search.param.yahoo-fr-ja", "mozff");
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.name", "chrome://browser/locale/browser.properties");
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.description", "chrome://browser/locale/browser.properties");
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("xpinstall.whitelist.add", "addons.mozilla.org");
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("xpinstall.whitelist.add.36", "getpersonas.com");
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("lightweightThemes.update.enabled", true);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("browser.allTabs.previews", false);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("plugins.hide_infobar_for_outdated_plugin", false);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("plugins.update.notifyUser", false);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("toolbar.customization.usesheet", false);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("browser.taskbar.previews.enable", false);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("browser.taskbar.previews.max", 20);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("browser.taskbar.previews.cachetime", 20);

============= SERVICES / DRIVERS ===============

R0 AVGIDSErHrxpx;AVG9IDSErHr;c:\windows\system32\drivers\AVGIDSxx.sys [2009-10-28 25096]
R0 AvgRkx86;avgrkx86.sys;c:\windows\system32\drivers\avgrkx86.sys [2008-11-7 52872]
R0 tdrpman140;Acronis Try&Decide and Restore Points filter (build 140);c:\windows\system32\drivers\tdrpm140.sys [2008-10-25 971168]
R1 AvgLdx86;AVG AVI Loader Driver x86;c:\windows\system32\drivers\avgldx86.sys [2008-11-7 216200]
R1 AvgMfx86;AVG On-access Scanner Minifilter Driver x86;c:\windows\system32\drivers\avgmfx86.sys [2007-2-26 29512]
R1 AvgTdiX;AVG8 Network Redirector;c:\windows\system32\drivers\avgtdix.sys [2008-11-7 242696]
R2 avg9wd;AVG WatchDog;c:\program files\avg\avg9\avgwdsvc.exe [2010-3-5 308064]
R2 avgfws9;AVG Firewall;c:\program files\avg\avg9\avgfws9.exe [2010-3-5 2325816]
R2 AVGIDSAgent;AVG9IDSAgent;c:\program files\avg\avg9\identity protection\agent\bin\AVGIDSAgent.exe [2010-3-5 5888008]
R2 FsUsbExService;FsUsbExService;c:\windows\system32\FsUsbExService.Exe [2010-2-13 233472]
R2 PMBDeviceInfoProvider;PMBDeviceInfoProvider;c:\program files\sony\pmb\PMBDeviceInfoProvider.exe [2009-10-24 360224]
R3 Avgfwdx;Avgfwdx;c:\windows\system32\drivers\avgfwdx.sys [2009-3-4 30104]
R3 AVGIDSDriverxpx;AVG9IDSDriver;c:\program files\avg\avg9\identity protection\agent\driver\platform_xp\AVGIDSDriver.sys [2009-10-28 122376]
R3 AVGIDSFilterxpx;AVG9IDSFilter;c:\program files\avg\avg9\identity protection\agent\driver\platform_xp\AVGIDSFilter.sys [2009-10-28 30216]
R3 AVGIDSShimxpx;AVG9IDSShim;c:\program files\avg\avg9\identity protection\agent\driver\platform_xp\AVGIDSShim.sys [2009-10-28 26120]
R3 FsUsbExDisk;FsUsbExDisk;c:\windows\system32\FsUsbExDisk.Sys [2010-2-13 36608]
R3 P0630VID;Creative WebCam Live!;c:\windows\system32\drivers\P0630Vid.sys [2005-12-27 91841]
S3 Avgfwfd;AVG network filter service;c:\windows\system32\drivers\avgfwdx.sys [2009-3-4 30104]
S3 ggflt;SEMC USB Flash Driver Filter;c:\windows\system32\drivers\ggflt.sys [2008-7-14 13224]
S3 RoxMediaDB11;RoxMediaDB11;c:\program files\common files\roxio shared\11.0\sharedcom\RoxMediaDB11.exe [2009-5-20 1128944]
S3 s0016bus;Sony Ericsson Device 0016 driver (WDM);c:\windows\system32\drivers\s0016bus.sys [2008-12-2 89256]
S3 s0016mdfl;Sony Ericsson Device 0016 USB WMC Modem Filter;c:\windows\system32\drivers\s0016mdfl.sys [2008-12-2 15016]
S3 s0016mdm;Sony Ericsson Device 0016 USB WMC Modem Driver;c:\windows\system32\drivers\s0016mdm.sys [2008-12-2 120744]
S3 s0016mgmt;Sony Ericsson Device 0016 USB WMC Device Management Drivers (WDM);c:\windows\system32\drivers\s0016mgmt.sys [2008-12-2 114216]
S3 s0016nd5;Sony Ericsson Device 0016 USB Ethernet Emulation SEMC0016 (NDIS);c:\windows\system32\drivers\s0016nd5.sys [2008-12-2 25512]
S3 s0016obex;Sony Ericsson Device 0016 USB WMC OBEX Interface;c:\windows\system32\drivers\s0016obex.sys [2008-12-2 110632]
S3 s0016unic;Sony Ericsson Device 0016 USB Ethernet Emulation SEMC0016 (WDM);c:\windows\system32\drivers\s0016unic.sys [2008-12-2 115752]
S3 s0017bus;Sony Ericsson Device 0017 driver (WDM);c:\windows\system32\drivers\s0017bus.sys [2008-12-2 90536]
S3 s0017mdfl;Sony Ericsson Device 0017 USB WMC Modem Filter;c:\windows\system32\drivers\s0017mdfl.sys [2008-12-2 15016]
S3 s0017mdm;Sony Ericsson Device 0017 USB WMC Modem Driver;c:\windows\system32\drivers\s0017mdm.sys [2008-12-2 122152]
S3 s0017mgmt;Sony Ericsson Device 0017 USB WMC Device Management Drivers (WDM);c:\windows\system32\drivers\s0017mgmt.sys [2008-12-2 115496]
S3 s0017nd5;Sony Ericsson Device 0017 USB Ethernet Emulation SEMC0017 (NDIS);c:\windows\system32\drivers\s0017nd5.sys [2008-12-2 25768]
S3 s0017obex;Sony Ericsson Device 0017 USB WMC OBEX Interface;c:\windows\system32\drivers\s0017obex.sys [2008-12-2 111912]
S3 s0017unic;Sony Ericsson Device 0017 USB Ethernet Emulation SEMC0017 (WDM);c:\windows\system32\drivers\s0017unic.sys [2008-12-2 117672]
S3 s1018bus;Sony Ericsson Device 1018 driver (WDM);c:\windows\system32\drivers\s1018bus.sys [2008-12-2 90408]
S3 s1018mdfl;Sony Ericsson Device 1018 USB WMC Modem Filter;c:\windows\system32\drivers\s1018mdfl.sys [2008-12-2 15016]
S3 s1018mdm;Sony Ericsson Device 1018 USB WMC Modem Driver;c:\windows\system32\drivers\s1018mdm.sys [2008-12-2 122024]
S3 s1018mgmt;Sony Ericsson Device 1018 USB WMC Device Management Drivers (WDM);c:\windows\system32\drivers\s1018mgmt.sys [2008-12-2 115368]
S3 s1018nd5;Sony Ericsson Device 1018 USB Ethernet Emulation (NDIS);c:\windows\system32\drivers\s1018nd5.sys [2008-12-2 25768]
S3 s1018obex;Sony Ericsson Device 1018 USB WMC OBEX Interface;c:\windows\system32\drivers\s1018obex.sys [2008-12-2 111784]
S3 s1018unic;Sony Ericsson Device 1018 USB Ethernet Emulation (WDM);c:\windows\system32\drivers\s1018unic.sys [2008-12-2 117544]
S4 LinksysUpdater;Linksys Updater;c:\program files\linksys\linksys updater\bin\LinksysUpdater.exe [2008-6-26 204800]

=============== Created Last 30 ================

2010-04-04 14:54:09 0 ----a-w- c:\documents and settings\brad\defogger_reenable
2010-03-28 15:48:23 0 d-----w- c:\docume~1\brad\applic~1\Uniblue
2010-03-21 17:39:06 0 d-----w- c:\program files\common files\Sony Shared
2010-03-13 02:30:07 0 d-sh--w- c:\windows\Installer
2010-03-11 03:13:47 479752 ----a-w- c:\windows\system32\XAudio2_0.dll
2010-03-11 03:13:46 238088 ----a-w- c:\windows\system32\xactengine3_0.dll
2010-03-11 03:13:44 25608 ----a-w- c:\windows\system32\X3DAudio1_3.dll
2010-03-11 03:13:42 462864 ----a-w- c:\windows\system32\d3dx10_37.dll
2010-03-11 03:13:42 1420824 ----a-w- c:\windows\system32\D3DCompiler_37.dll
2010-03-11 03:13:41 3786760 ----a-w- c:\windows\system32\D3DX9_37.dll
2010-03-11 03:08:25 186407 ----a-w- c:\windows\system32\nvapps.nvb
2010-03-11 02:41:18 81920 ------r- c:\windows\bwUnin-6.1.4.61-8876480L.exe
2010-03-11 02:40:41 0 d-----w- c:\program files\common files\Logitech
2010-03-11 02:37:45 12160 ----a-w- c:\windows\system32\drivers\mouhid.sys
2010-03-11 02:37:45 12160 ----a-w- c:\windows\system32\dllcache\mouhid.sys
2010-03-10 18:50:21 3558912 ------w- c:\windows\system32\dllcache\moviemk.exe

==================== Find3M ====================

2010-03-30 04:46:30 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2010-03-30 04:45:52 20824 ----a-w- c:\windows\system32\drivers\mbam.sys
2010-03-07 15:29:21 297 ----a-w- c:\program files\Jawbreak.svg
2010-03-05 08:35:37 242696 ----a-w- c:\windows\system32\drivers\avgtdix.sys
2010-03-05 08:35:34 12464 ----a-w- c:\windows\system32\avgrsstx.dll
2010-03-05 08:35:23 25096 ----a-w- c:\windows\system32\drivers\AVGIDSxx.sys
2010-03-05 08:34:02 216200 ----a-w- c:\windows\system32\drivers\avgldx86.sys
2010-03-05 08:33:52 52872 ----a-w- c:\windows\system32\drivers\avgrkx86.sys
2010-02-25 15:54:36 11070976 ----a-w- c:\windows\system32\dllcache\ieframe.dll
2010-02-24 09:54:25 173056 ----a-w- c:\windows\system32\dllcache\ie4uinit.exe
2010-02-13 19:07:21 25512 ----a-w- c:\windows\system32\drivers\ggsemc.sys
2010-02-13 19:07:21 13224 ----a-w- c:\windows\system32\drivers\ggflt.sys
2009-10-31 21:53:53 2133430 ----a-w- c:\program files\SharePod.zip
2009-10-27 02:47:05 425984 ----a-w- c:\program files\gozone_isync.exe
2009-07-01 04:35:23 1766984 ----a-w- c:\program files\TryWoW.exe
2008-12-27 17:12:15 204496 -c--a-w- c:\program files\StartUpLite.exe
2008-05-02 02:02:47 3558791 -c--a-w- c:\program files\youtubedownloader.exe
2006-07-18 19:17:42 355840 ----a-w- c:\program files\Jawbreaker 1.10.exe
2006-07-10 18:22:08 398912 ----a-w- c:\program files\autoruns.exe
2005-02-24 03:55:14 1130496 -c--a-w- c:\program files\Elf Bowling.exe
2009-07-16 21:57:11 16384 --sha-w- c:\windows\system32\config\systemprofile\ietldcache\index.dat
2008-08-21 11:15:49 32768 -csha-w- c:\windows\system32\config\systemprofile\local settings\history\history.ie5\mshist012008082120080822\index.dat

============= FINISH: 10:58:30.70 ===============


BC AdBot (Login to Remove)

 


#2 syler

syler

  • Malware Response Team
  • 8,150 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Warrington, UK
  • Local time:08:42 PM

Posted 04 April 2010 - 11:07 AM

Hi chefbrad,


We need to create an OTL Report
  1. Please download OTL from one of the following mirrors:
  2. Save it to your desktop.
  3. Double click on the icon on your desktop.
  4. Click the "Scan All Users" checkbox.
    Under the Custom Scans/Fixes box at the bottom, paste in the following bold text.
    %systemroot%\system32\*.dll /lockedfiles
    %systemroot%\Tasks\*.job /lockedfiles
    %SYSTEMDRIVE%\*.exe
    netsvcs
    msconfig
    /md5start
    proquota.exe
    sfcfiles.dll
    eventlog.dll
    scecli.dll
    netlogon.dll
    cngaudit.dll
    sceclt.dll
    ntelogon.dll
    logevent.dll
    iaStor.sys
    nvstor.sys
    atapi.sys
    nvatabus.sys
    viamraid.sys
    nvata.sys
    iastorv.sys
    /md5stop
    CREATERESTOREPOINT

  5. Push the button.
  6. Two reports will open, copy and paste them in a reply here:
    • OTL.txt <-- Will be opened
    • Extra.txt <-- Will be minimized



Download and Run MBR Rootkit Scan
  • Please download MBR Rootkit Detector and save it on your desktop.
  • Go to Start >> Run then copy and paste the following line into the run box
    "%userprofile%\desktop\mbr.exe" -t

  • Select Run when you recieve a Security Warning
  • The process is automatic, a black DOS window will appear and disappear suddenly. This is normal.
  • A log file will the be created on your desktop where you ran mbr.exe
  • Copy and paste the contents of mbr.log on your next reply.


Then please post back here with the following logs:
  • OTL.txt
  • Extra.txt
  • mbr.log

Thanks

unite.jpg


#3 chefbrad

chefbrad
  • Topic Starter

  • Members
  • 85 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:02:42 PM

Posted 04 April 2010 - 11:36 AM

When I Ran the OTL it did not produce an Extra.txt file.

OTL logfile created on: 4/4/2010 12:21:53 PM - Run 2
OTL by OldTimer - Version 3.2.1.0 Folder = C:\Documents and Settings\Brad\Desktop
Windows XP Home Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

2.00 Gb Total Physical Memory | 1.00 Gb Available Physical Memory | 63.00% Memory free
3.00 Gb Paging File | 2.00 Gb Available in Paging File | 75.00% Paging File free
Paging file location(s): C:\pagefile.sys 756 1512 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 285.34 Gb Total Space | 67.29 Gb Free Space | 23.58% Space Free | Partition Type: NTFS
D: Drive not present or media not loaded
E: Drive not present or media not loaded
Drive F: | 35.84 Gb Total Space | 7.50 Gb Free Space | 20.93% Space Free | Partition Type: NTFS
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded

Computer Name: DEBRAD
Current User Name: Brad
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: All users
Company Name Whitelist: Off
Skip Microsoft Files: Off
File Age = 30 Days
Output = Standard

========== Processes (SafeList) ==========

PRC - [2010/04/04 12:14:50 | 000,561,664 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Brad\Desktop\OTL.exe
PRC - [2010/04/04 11:06:20 | 000,910,296 | ---- | M] (Mozilla Corporation) -- C:\Program Files\Mozilla Firefox\firefox.exe
PRC - [2010/03/30 08:43:30 | 002,064,224 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG9\avgtray.exe
PRC - [2010/03/30 08:43:27 | 001,101,152 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG9\avgchsvx.exe
PRC - [2010/03/05 04:35:34 | 000,508,184 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG9\avgrsx.exe
PRC - [2010/03/05 04:35:33 | 000,617,752 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG9\avgnsx.exe
PRC - [2010/03/05 04:35:28 | 000,308,064 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG9\avgwdsvc.exe
PRC - [2010/03/05 04:35:21 | 005,888,008 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG9\Identity Protection\Agent\Bin\AVGIDSAgent.exe
PRC - [2010/03/05 04:35:21 | 000,596,488 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG9\Identity Protection\Agent\Bin\AVGIDSMonitor.exe
PRC - [2010/03/05 04:34:05 | 002,325,816 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG9\avgfws9.exe
PRC - [2010/03/05 04:34:01 | 000,710,424 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG9\avgcsrvx.exe
PRC - [2010/03/05 04:33:50 | 000,836,888 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG9\avgam.exe
PRC - [2009/10/24 04:18:54 | 000,360,224 | ---- | M] (Sony Corporation) -- C:\Program Files\Sony\PMB\PMBDeviceInfoProvider.exe
PRC - [2009/02/19 10:34:32 | 000,233,472 | ---- | M] (Teruten) -- C:\WINDOWS\SYSTEM32\FsUsbExService.Exe
PRC - [2008/10/03 22:39:54 | 000,554,264 | ---- | M] (Acronis) -- C:\Program Files\Common Files\Acronis\Schedule2\schedul2.exe
PRC - [2008/05/16 06:11:44 | 000,648,504 | ---- | M] (Pure Networks, Inc.) -- C:\Program Files\Common Files\Pure Networks Shared\Platform\nmsrvc.exe
PRC - [2008/05/16 06:11:44 | 000,648,504 | ---- | M] (Pure Networks, Inc.) -- C:\Program Files\Common Files\Pure Networks Shared\Platform\nmctxth.exe
PRC - [2008/04/13 20:12:19 | 001,033,728 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe
PRC - [2007/04/19 22:29:56 | 000,149,024 | ---- | M] (Acronis) -- C:\Program Files\Common Files\Seagate\Schedule2\schedhlp.exe
PRC - [2004/08/04 07:00:00 | 000,019,456 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\SYSTEM32\TCPSVCS.EXE
PRC - [2003/09/17 12:43:36 | 000,057,344 | ---- | M] (Creative Technology Ltd) -- C:\Program Files\Creative\Sound Blaster Live! 24-bit\Surround Mixer\CTSysVol.exe


========== Modules (SafeList) ==========

MOD - [2010/04/04 12:14:50 | 000,561,664 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Brad\Desktop\OTL.exe


========== Win32 Services (SafeList) ==========

SRV - File not found [On_Demand | Stopped] -- -- (NMIndexingService)
SRV - [2010/03/05 04:35:28 | 000,308,064 | ---- | M] (AVG Technologies CZ, s.r.o.) [Auto | Running] -- C:\Program Files\AVG\AVG9\avgwdsvc.exe -- (avg9wd)
SRV - [2010/03/05 04:35:21 | 005,888,008 | ---- | M] (AVG Technologies CZ, s.r.o.) [Auto | Running] -- C:\Program Files\AVG\AVG9\Identity Protection\Agent\Bin\AVGIDSAgent.exe -- (AVGIDSAgent)
SRV - [2010/03/05 04:34:05 | 002,325,816 | ---- | M] (AVG Technologies CZ, s.r.o.) [Auto | Running] -- C:\Program Files\AVG\AVG9\avgfws9.exe -- (avgfws9)
SRV - [2009/10/24 04:18:54 | 000,360,224 | ---- | M] (Sony Corporation) [Auto | Running] -- C:\Program Files\Sony\PMB\PMBDeviceInfoProvider.exe -- (PMBDeviceInfoProvider)
SRV - [2009/09/23 13:38:18 | 000,935,208 | ---- | M] (Nero AG) [Disabled | Stopped] -- C:\Program Files\Common Files\Nero\Nero BackItUp 4\NBService.exe -- (Nero BackItUp Scheduler 4.0)
SRV - [2009/05/20 04:35:38 | 001,128,944 | ---- | M] (Sonic Solutions) [On_Demand | Stopped] -- C:\Program Files\Common Files\Roxio Shared\11.0\SharedCOM\RoxMediaDB11.exe -- (RoxMediaDB11)
SRV - [2009/02/19 10:34:32 | 000,233,472 | ---- | M] (Teruten) [Auto | Running] -- C:\WINDOWS\SYSTEM32\FsUsbExService.Exe -- (FsUsbExService)
SRV - [2008/10/03 22:39:54 | 000,554,264 | ---- | M] (Acronis) [Auto | Running] -- C:\Program Files\Common Files\Acronis\Schedule2\schedul2.exe -- (AcrSch2Svc)
SRV - [2008/06/26 12:52:42 | 000,204,800 | ---- | M] () [Disabled | Stopped] -- C:\Program Files\Linksys\Linksys Updater\bin\LinksysUpdater.exe -- (LinksysUpdater)
SRV - [2008/05/16 06:11:44 | 000,648,504 | ---- | M] (Pure Networks, Inc.) [Auto | Running] -- C:\Program Files\Common Files\Pure Networks Shared\Platform\nmsrvc.exe -- (nmservice)
SRV - [2008/04/13 20:12:02 | 000,105,472 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\WINDOWS\SYSTEM32\p2pgasvc.dll -- (p2pgasvc)
SRV - [2008/04/07 10:17:30 | 000,430,592 | ---- | M] (Nokia.) [On_Demand | Stopped] -- C:\Program Files\PC Connectivity Solution\ServiceLayer.exe -- (ServiceLayer)
SRV - [2006/12/22 07:31:50 | 000,108,712 | ---- | M] () [Disabled | Stopped] -- C:\Program Files\Adobe\Photoshop Elements 5.0\PhotoshopElementsFileAgent.exe -- (AdobeActiveFileMonitor5.0)
SRV - [2004/08/04 07:00:00 | 000,019,456 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\WINDOWS\SYSTEM32\TCPSVCS.EXE -- (SimpTcp)


========== Driver Services (SafeList) ==========

DRV - [2010/03/05 04:35:37 | 000,242,696 | ---- | M] (AVG Technologies CZ, s.r.o.) [Kernel | System | Running] -- C:\WINDOWS\System32\Drivers\avgtdix.sys -- (AvgTdiX)
DRV - [2010/03/05 04:35:34 | 000,029,512 | ---- | M] (AVG Technologies CZ, s.r.o.) [File_System | System | Running] -- C:\WINDOWS\System32\Drivers\avgmfx86.sys -- (AvgMfx86)
DRV - [2010/03/05 04:35:23 | 000,122,376 | ---- | M] (AVG Technologies CZ, s.r.o. ) [Kernel | On_Demand | Running] -- C:\Program Files\AVG\AVG9\Identity Protection\Agent\Driver\Platform_XP\AVGIDSDriver.sys -- (AVGIDSDriverxpx)
DRV - [2010/03/05 04:35:23 | 000,030,216 | ---- | M] (AVG Technologies CZ, s.r.o. ) [Kernel | On_Demand | Running] -- C:\Program Files\AVG\AVG9\Identity Protection\Agent\Driver\Platform_XP\AVGIDSFilter.sys -- (AVGIDSFilterxpx)
DRV - [2010/03/05 04:35:23 | 000,026,120 | ---- | M] (AVG Technologies CZ, s.r.o. ) [Kernel | On_Demand | Running] -- C:\Program Files\AVG\AVG9\Identity Protection\Agent\Driver\Platform_XP\AVGIDSShim.sys -- (AVGIDSShimxpx)
DRV - [2010/03/05 04:35:23 | 000,025,096 | ---- | M] (AVG Technologies CZ, s.r.o. ) [Kernel | Boot | Running] -- C:\WINDOWS\System32\Drivers\AVGIDSxx.sys -- (AVGIDSErHrxpx)
DRV - [2010/03/05 04:34:02 | 000,216,200 | ---- | M] (AVG Technologies CZ, s.r.o.) [Kernel | System | Running] -- C:\WINDOWS\System32\Drivers\avgldx86.sys -- (AvgLdx86)
DRV - [2010/03/05 04:33:52 | 000,052,872 | ---- | M] (AVG Technologies CZ, s.r.o.) [File_System | Boot | Running] -- C:\WINDOWS\System32\Drivers\avgrkx86.sys -- (AvgRkx86)
DRV - [2010/02/13 15:07:21 | 000,025,512 | ---- | M] (Sony Ericsson Mobile Communications) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\SYSTEM32\DRIVERS\ggsemc.sys -- (ggsemc)
DRV - [2010/02/13 15:07:21 | 000,013,224 | ---- | M] (Sony Ericsson Mobile Communications) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\SYSTEM32\DRIVERS\ggflt.sys -- (ggflt)
DRV - [2009/10/28 07:12:05 | 000,030,104 | ---- | M] (AVG Technologies CZ, s.r.o.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\SYSTEM32\DRIVERS\avgfwdx.sys -- (Avgfwfd)
DRV - [2009/10/28 07:12:05 | 000,030,104 | ---- | M] (AVG Technologies CZ, s.r.o.) [Kernel | On_Demand | Running] -- C:\WINDOWS\SYSTEM32\DRIVERS\avgfwdx.sys -- (Avgfwdx)
DRV - [2009/06/17 12:56:24 | 000,079,248 | ---- | M] (Logitech, Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\SYSTEM32\DRIVERS\LMouKE.Sys -- (LMouKE)
DRV - [2009/06/17 12:55:26 | 000,063,248 | ---- | M] (Logitech, Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\SYSTEM32\DRIVERS\L8042mou.Sys -- (L8042mou)
DRV - [2009/04/22 15:26:18 | 000,528,256 | ---- | M] (eMPIA Technology, Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\SYSTEM32\DRIVERS\emOEM.sys -- (USB28xxOEM)
DRV - [2009/04/22 15:25:54 | 000,566,784 | ---- | M] (eMPIA Technology, Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\SYSTEM32\DRIVERS\emBDA.sys -- (USB28xxBGA)
DRV - [2009/02/19 10:34:30 | 000,036,608 | ---- | M] () [Kernel | On_Demand | Running] -- C:\WINDOWS\SYSTEM32\FsUsbExDisk.Sys -- (FsUsbExDisk)
DRV - [2008/10/25 15:27:42 | 000,971,168 | ---- | M] (Acronis) [Kernel | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\tdrpm140.sys -- (tdrpman140) Acronis Try&Decide and Restore Points filter (build 140)
DRV - [2008/10/25 15:27:38 | 000,540,000 | ---- | M] (Acronis) [Kernel | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\timntr.sys -- (timounter)
DRV - [2008/10/25 15:27:38 | 000,044,704 | ---- | M] (Acronis) [File_System | Auto | Running] -- C:\WINDOWS\SYSTEM32\DRIVERS\tifsfilt.sys -- (tifsfilter)
DRV - [2008/10/25 15:27:19 | 000,134,272 | ---- | M] (Acronis) [Kernel | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\snman380.sys -- (snapman380) Acronis Snapshots Manager (Build 380)
DRV - [2008/06/20 07:08:27 | 000,225,856 | ---- | M] (Microsoft Corporation) [Kernel | System | Running] -- C:\WINDOWS\SYSTEM32\DRIVERS\tcpip6.sys -- (Tcpip6)
DRV - [2008/06/04 09:34:08 | 000,122,024 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\SYSTEM32\DRIVERS\s1018mdm.sys -- (s1018mdm)
DRV - [2008/06/04 09:34:08 | 000,115,368 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\SYSTEM32\DRIVERS\s1018mgmt.sys -- (s1018mgmt) Sony Ericsson Device 1018 USB WMC Device Management Drivers (WDM)
DRV - [2008/06/04 09:34:08 | 000,090,408 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\SYSTEM32\DRIVERS\s1018bus.sys -- (s1018bus) Sony Ericsson Device 1018 driver (WDM)
DRV - [2008/06/04 09:34:08 | 000,025,768 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\SYSTEM32\DRIVERS\s1018nd5.sys -- (s1018nd5) Sony Ericsson Device 1018 USB Ethernet Emulation (NDIS)
DRV - [2008/06/04 09:34:06 | 000,117,544 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\SYSTEM32\DRIVERS\s1018unic.sys -- (s1018unic) Sony Ericsson Device 1018 USB Ethernet Emulation (WDM)
DRV - [2008/06/04 09:34:06 | 000,111,784 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\SYSTEM32\DRIVERS\s1018obex.sys -- (s1018obex)
DRV - [2008/06/04 09:34:06 | 000,015,016 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\SYSTEM32\DRIVERS\s1018mdfl.sys -- (s1018mdfl)
DRV - [2008/05/27 12:41:46 | 000,122,152 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\SYSTEM32\DRIVERS\s0017mdm.sys -- (s0017mdm)
DRV - [2008/05/27 12:41:46 | 000,117,672 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\SYSTEM32\DRIVERS\s0017unic.sys -- (s0017unic) Sony Ericsson Device 0017 USB Ethernet Emulation SEMC0017 (WDM)
DRV - [2008/05/27 12:41:46 | 000,111,912 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\SYSTEM32\DRIVERS\s0017obex.sys -- (s0017obex)
DRV - [2008/05/27 12:41:46 | 000,090,536 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\SYSTEM32\DRIVERS\s0017bus.sys -- (s0017bus) Sony Ericsson Device 0017 driver (WDM)
DRV - [2008/05/27 12:41:46 | 000,015,016 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\SYSTEM32\DRIVERS\s0017mdfl.sys -- (s0017mdfl)
DRV - [2008/05/27 12:41:44 | 000,115,496 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\SYSTEM32\DRIVERS\s0017mgmt.sys -- (s0017mgmt) Sony Ericsson Device 0017 USB WMC Device Management Drivers (WDM)
DRV - [2008/05/27 12:41:44 | 000,025,768 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\SYSTEM32\DRIVERS\s0017nd5.sys -- (s0017nd5) Sony Ericsson Device 0017 USB Ethernet Emulation SEMC0017 (NDIS)
DRV - [2008/05/16 14:31:00 | 006,557,408 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\SYSTEM32\DRIVERS\nv4_mini.sys -- (nv)
DRV - [2008/05/16 13:33:14 | 000,115,752 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\SYSTEM32\DRIVERS\s0016unic.sys -- (s0016unic) Sony Ericsson Device 0016 USB Ethernet Emulation SEMC0016 (WDM)
DRV - [2008/05/16 13:33:14 | 000,025,512 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\SYSTEM32\DRIVERS\s0016nd5.sys -- (s0016nd5) Sony Ericsson Device 0016 USB Ethernet Emulation SEMC0016 (NDIS)
DRV - [2008/05/16 13:33:14 | 000,015,016 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\SYSTEM32\DRIVERS\s0016mdfl.sys -- (s0016mdfl)
DRV - [2008/05/16 13:33:12 | 000,120,744 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\SYSTEM32\DRIVERS\s0016mdm.sys -- (s0016mdm)
DRV - [2008/05/16 13:33:12 | 000,114,216 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\SYSTEM32\DRIVERS\s0016mgmt.sys -- (s0016mgmt) Sony Ericsson Device 0016 USB WMC Device Management Drivers (WDM)
DRV - [2008/05/16 13:33:12 | 000,110,632 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\SYSTEM32\DRIVERS\s0016obex.sys -- (s0016obex)
DRV - [2008/05/16 13:33:12 | 000,089,256 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\SYSTEM32\DRIVERS\s0016bus.sys -- (s0016bus) Sony Ericsson Device 0016 driver (WDM)
DRV - [2008/05/16 06:10:32 | 000,023,992 | ---- | M] (Pure Networks, Inc.) [Kernel | Auto | Running] -- C:\WINDOWS\SYSTEM32\DRIVERS\pnarp.sys -- (pnarp)
DRV - [2008/05/16 06:10:30 | 000,025,272 | ---- | M] (Pure Networks, Inc.) [Kernel | Auto | Running] -- C:\WINDOWS\SYSTEM32\DRIVERS\purendis.sys -- (purendis)
DRV - [2008/04/13 15:45:12 | 000,060,032 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\SYSTEM32\DRIVERS\USBAUDIO.sys -- (usbaudio) USB Audio Driver (WDM)
DRV - [2008/04/13 14:56:06 | 000,088,320 | ---- | M] (Microsoft Corporation) [Kernel | Auto | Running] -- C:\WINDOWS\SYSTEM32\DRIVERS\nwlnkipx.sys -- (NwlnkIpx)
DRV - [2008/04/13 14:46:22 | 000,015,232 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\SYSTEM32\DRIVERS\MPE.sys -- (MPE)
DRV - [2008/04/13 14:36:39 | 000,043,008 | ---- | M] (Advanced Micro Devices, Inc.) [Kernel | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\amdagp.sys -- (amdagp)
DRV - [2008/04/13 14:36:39 | 000,040,960 | ---- | M] (Silicon Integrated Systems Corporation) [Kernel | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\sisagp.sys -- (sisagp)
DRV - [2007/11/16 21:34:21 | 000,019,712 | ---- | M] (Printing Communications Assoc., Inc. (PCAUSA)) [Kernel | On_Demand | Stopped] -- C:\Program Files\Common Files\Motive\MREMP50.sys -- (MREMP50)
DRV - [2007/11/16 21:34:21 | 000,018,304 | ---- | M] (Printing Communications Assoc., Inc. (PCAUSA)) [Kernel | On_Demand | Stopped] -- C:\Program Files\Common Files\Motive\MRESP50.sys -- (MRESP50)
DRV - [2007/09/17 16:53:26 | 000,021,632 | ---- | M] (Nokia) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\SYSTEM32\DRIVERS\pccsmcfd.sys -- (pccsmcfd)
DRV - [2007/07/03 17:58:20 | 000,106,792 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\SYSTEM32\DRIVERS\sscdmdm.sys -- (sscdmdm)
DRV - [2007/07/03 17:57:24 | 000,011,944 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\SYSTEM32\DRIVERS\sscdmdfl.sys -- (sscdmdfl)
DRV - [2007/07/03 17:54:24 | 000,080,552 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\SYSTEM32\DRIVERS\sscdbus.sys -- (sscdbus) SAMSUNG USB Composite Device driver (WDM)
DRV - [2007/06/25 11:43:38 | 000,098,344 | ---- | M] (MCCI Corporation) [Kernel | Disabled | Stopped] -- C:\WINDOWS\SYSTEM32\DRIVERS\s117obex.sys -- (s117obex)
DRV - [2007/06/25 11:43:36 | 000,108,456 | ---- | M] (MCCI Corporation) [Kernel | Disabled | Stopped] -- C:\WINDOWS\SYSTEM32\DRIVERS\s117mdm.sys -- (s117mdm)
DRV - [2007/06/25 11:43:36 | 000,100,264 | ---- | M] (MCCI Corporation) [Kernel | Disabled | Stopped] -- C:\WINDOWS\SYSTEM32\DRIVERS\s117mgmt.sys -- (s117mgmt) Sony Ericsson Device 117 USB WMC Device Management Drivers (WDM)
DRV - [2007/06/25 11:43:36 | 000,098,856 | ---- | M] (MCCI Corporation) [Kernel | Disabled | Stopped] -- C:\WINDOWS\SYSTEM32\DRIVERS\s117unic.sys -- (s117unic) Sony Ericsson Device 117 USB Ethernet Emulation SEMC117 (WDM)
DRV - [2007/06/25 11:43:36 | 000,022,952 | ---- | M] (MCCI Corporation) [Kernel | Disabled | Stopped] -- C:\WINDOWS\SYSTEM32\DRIVERS\s117nd5.sys -- (s117nd5) Sony Ericsson Device 117 USB Ethernet Emulation SEMC117 (NDIS)
DRV - [2007/06/25 11:43:26 | 000,014,888 | ---- | M] (MCCI Corporation) [Kernel | Disabled | Stopped] -- C:\WINDOWS\SYSTEM32\DRIVERS\s117mdfl.sys -- (s117mdfl)
DRV - [2007/06/25 11:43:22 | 000,082,984 | ---- | M] (MCCI Corporation) [Kernel | Disabled | Stopped] -- C:\WINDOWS\SYSTEM32\DRIVERS\s117bus.sys -- (s117bus) Sony Ericsson Device 117 driver (WDM)
DRV - [2007/04/03 13:59:42 | 000,099,080 | ---- | M] (MCCI Corporation) [Kernel | Disabled | Stopped] -- C:\WINDOWS\SYSTEM32\DRIVERS\s616unic.sys -- (s616unic) Sony Ericsson Device 616 USB Ethernet Emulation SEMC616 (WDM)
DRV - [2007/04/03 13:59:42 | 000,098,568 | ---- | M] (MCCI Corporation) [Kernel | Disabled | Stopped] -- C:\WINDOWS\SYSTEM32\DRIVERS\s616obex.sys -- (s616obex)
DRV - [2007/04/03 13:59:42 | 000,023,176 | ---- | M] (MCCI Corporation) [Kernel | Disabled | Stopped] -- C:\WINDOWS\SYSTEM32\DRIVERS\s616nd5.sys -- (s616nd5) Sony Ericsson Device 616 USB Ethernet Emulation SEMC616 (NDIS)
DRV - [2007/04/03 13:59:40 | 000,100,360 | ---- | M] (MCCI Corporation) [Kernel | Disabled | Stopped] -- C:\WINDOWS\SYSTEM32\DRIVERS\s616mgmt.sys -- (s616mgmt) Sony Ericsson Device 616 USB WMC Device Management Drivers (WDM)
DRV - [2007/04/03 13:59:38 | 000,108,680 | ---- | M] (MCCI Corporation) [Kernel | Disabled | Stopped] -- C:\WINDOWS\SYSTEM32\DRIVERS\s616mdm.sys -- (s616mdm)
DRV - [2007/04/03 13:59:36 | 000,015,112 | ---- | M] (MCCI Corporation) [Kernel | Disabled | Stopped] -- C:\WINDOWS\SYSTEM32\DRIVERS\s616mdfl.sys -- (s616mdfl)
DRV - [2007/04/03 13:59:30 | 000,083,208 | ---- | M] (MCCI Corporation) [Kernel | Disabled | Stopped] -- C:\WINDOWS\SYSTEM32\DRIVERS\s616bus.sys -- (s616bus) Sony Ericsson Device 616 driver (WDM)
DRV - [2006/02/17 22:17:46 | 000,086,368 | R--- | M] (MCCI) [Kernel | Disabled | Stopped] -- C:\WINDOWS\SYSTEM32\DRIVERS\z525obex.sys -- (z525obex)
DRV - [2006/02/17 22:17:44 | 000,088,560 | R--- | M] (MCCI) [Kernel | Disabled | Stopped] -- C:\WINDOWS\SYSTEM32\DRIVERS\z525mgmt.sys -- (z525mgmt) Sony Ericsson Z525 USB WMC Device Management Drivers (WDM)
DRV - [2006/02/17 22:17:38 | 000,097,056 | R--- | M] (MCCI) [Kernel | Disabled | Stopped] -- C:\WINDOWS\SYSTEM32\DRIVERS\z525mdm.sys -- (z525mdm)
DRV - [2006/02/17 22:17:36 | 000,009,264 | R--- | M] (MCCI) [Kernel | Disabled | Stopped] -- C:\WINDOWS\SYSTEM32\DRIVERS\z525mdfl.sys -- (z525mdfl)
DRV - [2006/02/17 22:17:32 | 000,061,536 | R--- | M] (MCCI) [Kernel | Disabled | Stopped] -- C:\WINDOWS\SYSTEM32\DRIVERS\z525bus.sys -- (z525bus) Sony Ericsson Z525 Driver driver (WDM)
DRV - [2005/06/05 21:44:05 | 000,091,841 | R--- | M] (Creative Technology Ltd.) [Kernel | On_Demand | Running] -- C:\WINDOWS\SYSTEM32\DRIVERS\P0630Vid.sys -- (P0630VID)
DRV - [2004/12/01 04:22:00 | 000,087,488 | ---- | M] (Sonic Solutions) [Kernel | Boot | Running] -- C:\WINDOWS\system32\drivers\drvmcdb.sys -- (drvmcdb)
DRV - [2004/11/23 03:56:00 | 000,040,480 | ---- | M] (Sonic Solutions) [File_System | Auto | Running] -- C:\WINDOWS\SYSTEM32\DRIVERS\drvnddm.sys -- (drvnddm)
DRV - [2004/11/22 19:36:40 | 000,018,003 | ---- | M] (Motive, Inc.) [Kernel | On_Demand | Stopped] -- c:\Program Files\Common Files\Motive\MRENDIS5.sys -- (MRENDIS5)
DRV - [2004/11/16 02:05:00 | 000,100,603 | ---- | M] (Sonic Solutions) [File_System | Auto | Running] -- C:\WINDOWS\SYSTEM32\dla\tfsnudfa.sys -- (tfsnudfa)
DRV - [2004/11/16 02:05:00 | 000,098,714 | ---- | M] (Sonic Solutions) [File_System | Auto | Running] -- C:\WINDOWS\SYSTEM32\dla\tfsnudf.sys -- (tfsnudf)
DRV - [2004/11/16 02:05:00 | 000,086,554 | ---- | M] (Sonic Solutions) [File_System | Auto | Running] -- C:\WINDOWS\SYSTEM32\dla\tfsnifs.sys -- (tfsnifs)
DRV - [2004/11/16 02:05:00 | 000,034,843 | ---- | M] (Sonic Solutions) [File_System | Auto | Running] -- C:\WINDOWS\SYSTEM32\dla\tfsncofs.sys -- (tfsncofs)
DRV - [2004/11/16 02:05:00 | 000,025,883 | ---- | M] (Sonic Solutions) [File_System | Auto | Running] -- C:\WINDOWS\SYSTEM32\dla\tfsnboio.sys -- (tfsnboio)
DRV - [2004/11/16 02:05:00 | 000,015,227 | ---- | M] (Sonic Solutions) [File_System | Auto | Running] -- C:\WINDOWS\SYSTEM32\dla\tfsnopio.sys -- (tfsnopio)
DRV - [2004/11/16 02:05:00 | 000,006,363 | ---- | M] (Sonic Solutions) [File_System | Auto | Running] -- C:\WINDOWS\SYSTEM32\dla\tfsnpool.sys -- (tfsnpool)
DRV - [2004/11/16 02:05:00 | 000,004,123 | ---- | M] (Sonic Solutions) [File_System | Auto | Running] -- C:\WINDOWS\SYSTEM32\dla\tfsndrct.sys -- (tfsndrct)
DRV - [2004/11/16 02:05:00 | 000,002,239 | ---- | M] (Sonic Solutions) [File_System | Auto | Running] -- C:\WINDOWS\SYSTEM32\dla\tfsndres.sys -- (tfsndres)
DRV - [2004/08/04 07:00:00 | 000,063,232 | ---- | M] (Microsoft Corporation) [Kernel | Auto | Running] -- C:\WINDOWS\SYSTEM32\DRIVERS\NWLNKNB.SYS -- (NwlnkNb)
DRV - [2004/08/04 07:00:00 | 000,055,936 | ---- | M] (Microsoft Corporation) [Kernel | Auto | Running] -- C:\WINDOWS\SYSTEM32\DRIVERS\NWLNKSPX.SYS -- (NwlnkSpx)
DRV - [2004/07/14 12:29:04 | 000,005,627 | ---- | M] (Sonic Solutions) [File_System | System | Running] -- C:\WINDOWS\SYSTEM32\DRIVERS\sscdbhk5.sys -- (sscdbhk5)
DRV - [2004/07/14 12:28:50 | 000,023,545 | ---- | M] (Sonic Solutions) [File_System | System | Running] -- C:\WINDOWS\SYSTEM32\DRIVERS\ssrtln.sys -- (ssrtln)
DRV - [2004/06/09 14:16:00 | 000,840,960 | ---- | M] (Creative Technology Ltd.) [Kernel | On_Demand | Running] -- C:\WINDOWS\SYSTEM32\DRIVERS\P17.sys -- (P17)
DRV - [2003/11/17 17:59:20 | 000,212,224 | ---- | M] (Conexant Systems, Inc.) [Kernel | Disabled | Stopped] -- C:\WINDOWS\SYSTEM32\DRIVERS\HSFHWBS2.sys -- (HSFHWBS2)
DRV - [2003/11/17 17:58:02 | 000,680,704 | ---- | M] (Conexant Systems, Inc.) [Kernel | Disabled | Stopped] -- C:\WINDOWS\SYSTEM32\DRIVERS\HSF_CNXT.sys -- (winachsf)
DRV - [2003/11/17 17:56:26 | 001,042,432 | ---- | M] (Conexant Systems, Inc.) [Kernel | Disabled | Stopped] -- C:\WINDOWS\SYSTEM32\DRIVERS\HSF_DP.sys -- (HSF_DP)
DRV - [2003/09/22 10:48:00 | 000,130,192 | ---- | M] (Creative Technology Ltd) [Kernel | On_Demand | Running] -- C:\WINDOWS\SYSTEM32\DRIVERS\ctsfm2k.sys -- (ctsfm2k)
DRV - [2003/09/22 10:47:00 | 000,178,672 | ---- | M] (Creative Technology Ltd.) [Kernel | On_Demand | Running] -- C:\WINDOWS\SYSTEM32\DRIVERS\ctoss2k.sys -- (ossrv)
DRV - [2003/03/05 14:19:00 | 000,015,840 | ---- | M] (Creative Technology Ltd.) [Kernel | Auto | Running] -- C:\WINDOWS\SYSTEM32\DRIVERS\Pfmodnt.sys -- (PfModNT)
DRV - [2002/11/08 15:45:06 | 000,017,217 | ---- | M] (Dell Computer Corporation) [Kernel | System | Running] -- C:\WINDOWS\SYSTEM32\DRIVERS\omci.sys -- (omci)
DRV - [2002/07/26 15:19:08 | 000,016,509 | ---- | M] (Palm, Inc.) [Kernel | Disabled | Stopped] -- C:\WINDOWS\SYSTEM32\DRIVERS\PalmUSBD.sys -- (PalmUSBD)
DRV - [2001/08/17 16:07:44 | 000,019,072 | ---- | M] (Adaptec, Inc.) [Kernel | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\sparrow.sys -- (Sparrow)
DRV - [2001/08/17 16:07:42 | 000,030,688 | ---- | M] (LSI Logic) [Kernel | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\sym_u3.sys -- (sym_u3)
DRV - [2001/08/17 16:07:40 | 000,028,384 | ---- | M] (LSI Logic) [Kernel | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\sym_hi.sys -- (sym_hi)
DRV - [2001/08/17 16:07:36 | 000,032,640 | ---- | M] (LSI Logic) [Kernel | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\symc8xx.sys -- (symc8xx)
DRV - [2001/08/17 16:07:34 | 000,016,256 | ---- | M] (Symbios Logic Inc.) [Kernel | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\symc810.sys -- (symc810)
DRV - [2001/08/17 15:57:38 | 000,016,128 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\SYSTEM32\DRIVERS\MODEMCSA.sys -- (MODEMCSA)
DRV - [2001/08/17 15:52:22 | 000,036,736 | ---- | M] (Promise Technology, Inc.) [Kernel | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\ultra.sys -- (ultra)
DRV - [2001/08/17 15:52:20 | 000,045,312 | ---- | M] (QLogic Corporation) [Kernel | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\ql12160.sys -- (ql12160)
DRV - [2001/08/17 15:52:20 | 000,040,320 | ---- | M] (QLogic Corporation) [Kernel | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\ql1080.sys -- (ql1080)
DRV - [2001/08/17 15:52:18 | 000,049,024 | ---- | M] (QLogic Corporation) [Kernel | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\ql1280.sys -- (ql1280)
DRV - [2001/08/17 15:52:16 | 000,179,584 | ---- | M] (Mylex Corporation) [Kernel | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\dac2w2k.sys -- (dac2w2k)
DRV - [2001/08/17 15:52:12 | 000,017,280 | ---- | M] (American Megatrends Inc.) [Kernel | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\mraid35x.sys -- (mraid35x)
DRV - [2001/08/17 15:52:00 | 000,026,496 | ---- | M] (Advanced System Products, Inc.) [Kernel | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\asc.sys -- (asc)
DRV - [2001/08/17 15:51:58 | 000,014,848 | ---- | M] (Advanced System Products, Inc.) [Kernel | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\asc3550.sys -- (asc3550)
DRV - [2001/08/17 15:51:56 | 000,005,248 | ---- | M] (Acer Laboratories Inc.) [Kernel | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\aliide.sys -- (AliIde)
DRV - [2001/08/17 15:51:54 | 000,006,656 | ---- | M] (CMD Technology, Inc.) [Kernel | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\cmdide.sys -- (CmdIde)
DRV - [2001/05/07 06:56:02 | 000,019,805 | R--- | M] (Thesycon GmbH, Germany) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\SYSTEM32\DRIVERS\usbio.sys -- (USBIO) USBIO Driver (usbio.sys)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========



IE - HKU\.DEFAULT\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.dell4me.com/myway
IE - HKU\.DEFAULT\SOFTWARE\Microsoft\Internet Explorer\Main,First Home Page = http://www.dell4me.com/myway
IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-18\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.dell4me.com/myway
IE - HKU\S-1-5-18\SOFTWARE\Microsoft\Internet Explorer\Main,First Home Page = http://www.dell4me.com/myway
IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0



IE - HKU\S-1-5-21-1118273687-2202621647-3972606896-1007\SOFTWARE\Microsoft\Internet Explorer\Main,SearchMigratedDefaultName = Live Search
IE - HKU\S-1-5-21-1118273687-2202621647-3972606896-1007\SOFTWARE\Microsoft\Internet Explorer\Main,SearchMigratedDefaultURL = http://search.live.com/results.aspx?q={sea...ferrer:source?}
IE - HKU\S-1-5-21-1118273687-2202621647-3972606896-1007\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.windstream.net/wind/portal/index.aspx
IE - HKU\S-1-5-21-1118273687-2202621647-3972606896-1007\..\URLSearchHook: {A3BC75A2-1F87-4686-AA43-5347D756017C} - C:\Program Files\AVG\AVG9\Toolbar\IEToolbar.dll ()
IE - HKU\S-1-5-21-1118273687-2202621647-3972606896-1007\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-21-1118273687-2202621647-3972606896-1007\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = 127.0.0.1;localhost;*.local

========== FireFox ==========

FF - prefs.js..browser.search.defaultengine: "Ask.com"
FF - prefs.js..browser.search.defaultenginename: "Ask.com"
FF - prefs.js..browser.search.order.1: "Ask.com"
FF - prefs.js..browser.search.selectedEngine: "Google"
FF - prefs.js..browser.search.useDBForOrder: true
FF - prefs.js..browser.startup.homepage: "http://www.windstream.net/wind/portal/index.aspx"
FF - prefs.js..extensions.enabledItems: {3f963a5b-e555-4543-90e2-c3908898db71}:9.0.0.783
FF - prefs.js..extensions.enabledItems: avg@igeared:4.002.023.004
FF - prefs.js..extensions.enabledItems: jqs@sun.com:1.0
FF - prefs.js..extensions.enabledItems: FFToolbar@upromise:6.2.2.1363
FF - prefs.js..network.proxy.no_proxies_on: "127.0.0.1,localhost"

FF - HKLM\software\mozilla\Firefox\Extensions\\{3f963a5b-e555-4543-90e2-c3908898db71}: C:\Program Files\AVG\AVG9\Firefox [2010/03/05 08:03:45 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Firefox\Extensions\\avg@igeared: C:\Program Files\AVG\AVG9\Toolbar\Firefox\avg@igeared [2010/03/20 11:18:27 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.6.3\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2010/04/04 11:06:30 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.6.3\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2010/04/04 11:06:30 | 000,000,000 | ---D | M]

[2008/11/06 17:43:37 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Brad\Application Data\Mozilla\Extensions
[2010/04/04 11:08:26 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Brad\Application Data\Mozilla\Firefox\Profiles\5wo5dy23.default\extensions
[2009/09/01 19:35:00 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Documents and Settings\Brad\Application Data\Mozilla\Firefox\Profiles\5wo5dy23.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}
[2010/02/01 08:48:00 | 000,000,000 | ---D | M] (Download Statusbar) -- C:\Documents and Settings\Brad\Application Data\Mozilla\Firefox\Profiles\5wo5dy23.default\extensions\{D4DD63FA-01E4-46a7-B6B1-EDAB7D6AD389}
[2010/01/28 19:31:13 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Brad\Application Data\Mozilla\Firefox\Profiles\5wo5dy23.default\extensions\autopager@mozilla.org
[2009/10/10 08:06:18 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Brad\Application Data\Mozilla\Firefox\Profiles\5wo5dy23.default\extensions\FFToolbar@upromise
[2010/01/28 19:31:28 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Brad\Application Data\Mozilla\Firefox\Profiles\5wo5dy23.default\extensions\ilab@intuit
[2009/04/30 21:10:50 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Brad\Application Data\Mozilla\Firefox\Profiles\5wo5dy23.default\extensions\moveplayer@movenetworks.com
[2010/01/07 08:19:50 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Brad\Application Data\Mozilla\Firefox\Profiles\5wo5dy23.default\extensions\piclens@cooliris.com
[2010/01/28 19:31:24 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Brad\Application Data\Mozilla\Firefox\Profiles\5wo5dy23.default\extensions\twitternotifier@naan.net
[2010/03/12 15:41:11 | 000,002,256 | ---- | M] () -- C:\Documents and Settings\Brad\Application Data\Mozilla\Firefox\Profiles\5wo5dy23.default\searchplugins\askcom.xml
[2010/04/03 15:48:33 | 000,001,614 | ---- | M] () -- C:\Documents and Settings\Brad\Application Data\Mozilla\Firefox\Profiles\5wo5dy23.default\searchplugins\rob-thomas.xml
[2010/04/04 11:08:26 | 000,000,000 | ---D | M] -- C:\Program Files\Mozilla Firefox\extensions
[2008/06/18 02:43:04 | 000,086,016 | ---- | M] (Coupons, Inc.) -- C:\Program Files\Mozilla Firefox\plugins\npCouponPrinter.dll
[2009/05/23 15:26:02 | 000,283,952 | ---- | M] (Musicnotes, Inc.) -- C:\Program Files\Mozilla Firefox\plugins\npmusicn.dll

O1 HOSTS File: ([2008/12/26 10:24:23 | 000,000,027 | ---- | M]) - C:\WINDOWS\SYSTEM32\DRIVERS\ETC\hosts
O1 - Hosts: 127.0.0.1 localhost
O2 - BHO: (AVG Safe Search) - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG9\avgssie.dll (AVG Technologies CZ, s.r.o.)
O2 - BHO: (DriveLetterAccess) - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\SYSTEM32\dla\tfswshx.dll (Sonic Solutions)
O2 - BHO: (AVG Security Toolbar BHO) - {A3BC75A2-1F87-4686-AA43-5347D756017C} - C:\Program Files\AVG\AVG9\Toolbar\IEToolbar.dll ()
O2 - BHO: (no name) - AutorunsDisabled - No CLSID value found.
O3 - HKLM\..\Toolbar: (AVG Security Toolbar) - {CCC7A320-B3CA-4199-B1A6-9F516DD69829} - C:\Program Files\AVG\AVG9\Toolbar\IEToolbar.dll ()
O3 - HKU\S-1-5-21-1118273687-2202621647-3972606896-1007\..\Toolbar\ShellBrowser: (no name) - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - No CLSID value found.
O3 - HKU\S-1-5-21-1118273687-2202621647-3972606896-1007\..\Toolbar\WebBrowser: (AVG Security Toolbar) - {CCC7A320-B3CA-4199-B1A6-9F516DD69829} - C:\Program Files\AVG\AVG9\Toolbar\IEToolbar.dll ()
O4 - HKLM..\Run: [Acronis Scheduler2 Service] C:\Program Files\Common Files\Seagate\Schedule2\schedhlp.exe (Acronis)
O4 - HKLM..\Run: [AppleSyncNotifier] C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe (Apple Inc.)
O4 - HKLM..\Run: [AVG9_TRAY] C:\Program Files\AVG\AVG9\avgtray.exe (AVG Technologies CZ, s.r.o.)
O4 - HKLM..\Run: [CTSysVol] C:\Program Files\Creative\Sound Blaster Live! 24-bit\Surround Mixer\CTSysVol.exe (Creative Technology Ltd)
O4 - HKLM..\Run: [nmctxth] C:\Program Files\Common Files\Pure Networks Shared\Platform\nmctxth.exe (Pure Networks, Inc.)
O4 - HKLM..\Run: [NPSStartup] File not found
O4 - HKLM..\Run: [NvCplDaemon] C:\WINDOWS\System32\NvCpl.DLL (NVIDIA Corporation)
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\AutorunsDisabled [2010/03/11 07:53:39 | 000,000,000 | -H-D | M]
O4 - Startup: C:\Documents and Settings\Brad\Start Menu\Programs\Startup\AutorunsDisabled [2009/10/26 07:44:00 | 000,000,000 | -H-D | M]
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoCDBurning = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLinkedConnections = 1
O7 - HKU\.DEFAULT\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKU\S-1-5-18\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKU\S-1-5-19\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-20\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-21-1118273687-2202621647-3972606896-1007\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-21-1118273687-2202621647-3972606896-1007\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKU\S-1-5-21-1118273687-2202621647-3972606896-1007\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKU\S-1-5-21-1118273687-2202621647-3972606896-1007\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O7 - HKU\S-1-5-21-1118273687-2202621647-3972606896-1007\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableProfileQuota = 1
O8 - Extra context menu item: &MSN Search - C:\Program Files\MSN Toolbar Suite\TB\02.05.0001.1119\en-us\msntb.dll (Microsoft Corporation)
O8 - Extra context menu item: Open in new background tab - C:\Program Files\MSN Toolbar Suite\TAB\02.05.0001.1119\en-us\msntabres.dll (Microsoft Corporation)
O8 - Extra context menu item: Open in new foreground tab - C:\Program Files\MSN Toolbar Suite\TAB\02.05.0001.1119\en-us\msntabres.dll (Microsoft Corporation)
O9 - Extra Button: HP Clipbook - {58ECB495-38F0-49cb-A538-10282ABF65E7} - C:\Program Files\HP\Smart Web Printing\hpswp_extensions.dll (Hewlett-Packard Co.)
O9 - Extra Button: HP Smart Select - {700259D7-1666-479a-93B1-3250410481E8} - C:\Program Files\HP\Smart Web Printing\hpswp_extensions.dll (Hewlett-Packard Co.)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000006 [] - C:\WINDOWS\SYSTEM32\nwprovau.dll (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000007 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O15 - HKU\S-1-5-21-1118273687-2202621647-3972606896-1007\..Trusted Domains: alltel.com ([care] http in Trusted sites)
O15 - HKU\S-1-5-21-1118273687-2202621647-3972606896-1007\..Trusted Domains: alltel.com ([care] https in Trusted sites)
O15 - HKU\S-1-5-21-1118273687-2202621647-3972606896-1007\..Trusted Domains: aol.com ([objects] * is out of zone range - 5)
O16 - DPF: {01A88BB1-1174-41EC-ACCB-963509EAE56B} https://support.dell.com/systemprofiler/SysPro.CAB (SysProWmi Class)
O16 - DPF: {02BF25D5-8C17-4B23-BC80-D3488ABDDC6B} http://a1540.g.akamai.net/7/1540/52/200612...ex/qtplugin.cab (QuickTime Object)
O16 - DPF: {05CA9FB0-3E3E-4B36-BF41-0E3A5CAA8CD8} http://download.microsoft.com/download/e/7.../OGAControl.cab (Office Genuine Advantage Validation Tool)
O16 - DPF: {0742B9EF-8C83-41CA-BFBA-830A59E23533} https://support.microsoft.com/OAS/ActiveX/MSDcode.cab (Microsoft Data Collection Control)
O16 - DPF: {1239CC52-59EF-4DFA-8C61-90FFA846DF7E} http://www.musicnotes.com/download/mnviewer.cab (Musicnotes Viewer)
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} http://go.microsoft.com/fwlink/?linkid=39204 (Windows Genuine Advantage Validation Tool)
O16 - DPF: {321FB770-1FBE-4BFE-BDC1-6F622D4FA499} https://activation.alltel.com/wizlet/ALLTEL...aller_2-0-0.cab (Reg Error: Value error.)
O16 - DPF: {3E68E405-C6DE-49FF-83AE-41EE9F4C36CE} http://office.microsoft.com/officeupdate/content/opuc2.cab (Office Update Installation Engine)
O16 - DPF: {46C66BBD-E667-4DAD-9682-58050E7C9FDC} http://www.cdpass.com/cdkey/CDPass.cab (CDPass Class)
O16 - DPF: {48DD0448-9209-4F81-9F6D-D83562940134} http://lads.myspace.com/upload/MySpaceUploader1006.cab (MySpace Uploader Control)
O16 - DPF: {4A3CF76B-EC7A-405D-A67D-8DC6B52AB35B} http://aolcc.aol.com/computercheckup/qdiagcc.cab (QDiagAOLCCUpdateObj Class)
O16 - DPF: {4ED9DDF0-7479-4BBE-9335-5A1EDB1D8A21} http://download.mcafee.com/molbin/shared/m...01/mcinsctl.cab (Reg Error: Key error.)
O16 - DPF: {56762DEC-6B0D-4AB4-A8AD-989993B5D08B} http://www.eset.eu/buxus/docs/OnlineScanner.cab (OnlineScanner Control)
O16 - DPF: {5D637FAD-E202-48D1-8F18-5B9C459BD1E3} http://www.winkflash.com/photo/loaders/ImageUploader5.cab (Image Uploader Control)
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} http://update.microsoft.com/microsoftupdat...b?1130593343250 (MUWebControl Class)
O16 - DPF: {6E5E167B-1566-4316-B27F-0DDAB3484CF7} http://www.winkflash.com/photo/loaders/ImageUploader4.cab (Image Uploader Control)
O16 - DPF: {72C9EA8F-8965-40C2-ABAD-D460A5815F86} http://host.oddcast.com/hostClientIE.cab (hostCntrlIE Class)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Java Plug-in 1.6.0_18)
O16 - DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} http://fpdownload.macromedia.com/get/flash...r/ultrashim.cab (Reg Error: Key error.)
O16 - DPF: {A8F2B9BD-A6A0-486A-9744-18920D898429} http://www.sibelius.com/download/software/...tiveXPlugin.cab (ScorchPlugin Class)
O16 - DPF: {B1E2B96C-12FE-45E2-BEF1-44A219113CDD} http://www.superadblocker.com/activex/sabspx.cab (SABScanProcesses Class)
O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} http://cdn2.zone.msn.com/binFramework/v10/...ro.cab34246.cab (ZoneIntro Class)
O16 - DPF: {BCC0FF27-31D9-4614-A68E-C18E1ADA4389} http://download.mcafee.com/molbin/shared/m...,26/mcgdmgr.cab (Reg Error: Key error.)
O16 - DPF: {C7DB51B4-BCF7-4923-8874-7F1A0DC92277} http://office.microsoft.com/officeupdate/content/opuc4.cab (Office Update Installation Engine)
O16 - DPF: {CAFEEFAC-0014-0002-0003-ABCDEFFEDCBA} http://java.sun.com/products/plugin/autodl...indows-i586.cab (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-0015-0000-0006-ABCDEFFEDCBA} http://java.sun.com/update/1.5.0/jinstall-...indows-i586.cab (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-0015-0000-0009-ABCDEFFEDCBA} http://java.sun.com/update/1.5.0/jinstall-...indows-i586.cab (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-0015-0000-0011-ABCDEFFEDCBA} http://java.sun.com/update/1.5.0/jinstall-...indows-i586.cab (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-0016-0000-0001-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-0016-0000-0003-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-0016-0000-0018-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Java Plug-in 1.6.0_18)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Java Plug-in 1.6.0_18)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://fpdownload2.macromedia.com/get/flas...ent/swflash.cab (Shockwave Flash Object)
O16 - DPF: {D68217F4-1DF9-45C1-BFA6-61DBD5464527} http://209.90.101.200/cabs/zinst.cab (Genealogy Browser)
O16 - DPF: {E06E2E99-0AA1-11D4-ABA6-0060082AA75C} (Reg Error: Value error.)
O16 - DPF: {E5D419D6-A846-4514-9FAD-97E826C84822} http://fdl.msn.com/zone/datafiles/heartbeat.cab (Reg Error: Key error.)
O16 - DPF: {EBF85371-A38F-485B-B28F-0B4C82D25937} http://update.hpphoto.com/download/HPSWUpdate.ocx (CUpdateCtl Object)
O16 - DPF: {FFBB3F3B-0A5A-4106-BE53-DFE1E2340CB1} http://dlm.tools.akamai.com/dlmanager/vers...vex-2.2.1.6.cab (DownloadManager Control)
O16 - DPF: Microsoft XML Parser for Java file://C:\WINDOWS\Java\classes\xmldso.cab (Reg Error: Key error.)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.254.254
O18 - Protocol\Handler\linkscanner {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG9\avgpp.dll (AVG Technologies CZ, s.r.o.)
O18 - Protocol\Handler\msnim {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files\MSN Messenger\msgrapp.dll (Microsoft Corporation)
O18 - Protocol\Handler\pure-go {4746C79A-2042-4332-8650-48966E44ABA8} - C:\Program Files\Common Files\Pure Networks Shared\Platform\puresp4.dll (Pure Networks, Inc.)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - Winlogon\Notify\AutorunsDisabled: DllName - Reg Error: Value error. - Reg Error: Value error. File not found
O20 - Winlogon\Notify\avgrsstarter: DllName - avgrsstx.dll - C:\WINDOWS\System32\avgrsstx.dll (AVG Technologies CZ, s.r.o.)
O20 - Winlogon\Notify\igfxcui: DllName - igfxdev.dll - C:\WINDOWS\System32\igfxdev.dll (Intel Corporation)
O24 - Desktop Components:0 () -
O24 - Desktop WallPaper: C:\Documents and Settings\Brad\My Documents\My Pictures\3-15-2010\aaron.bmp
O24 - Desktop BackupWallPaper: C:\Documents and Settings\Brad\My Documents\My Pictures\3-15-2010\aaron.bmp
O29 - HKLM SecurityProviders - (zwebauth.dll) - C:\WINDOWS\System32\ZWebAuth.dll ()
O30 - LSA: Authentication Packages - (relog_ap) - C:\WINDOWS\System32\relog_ap.dll (Acronis)
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2004/08/10 15:04:08 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O33 - MountPoints2\{6d95edf7-c3d4-11de-ba57-001111c5b80e}\Shell\AutoRun - "" = Auto&Play
O33 - MountPoints2\{6d95edf7-c3d4-11de-ba57-001111c5b80e}\Shell\AutoRun\command - "" = G:\autorun.exe -- File not found
O33 - MountPoints2\{6d95edf7-c3d4-11de-ba57-001111c5b80e}\Shell\phone\command - "" = G:\autorun.exe -- File not found
O33 - MountPoints2\{86d206ea-b1de-11dd-b1e2-001111c5b80e}\Shell - "" = AutoRun
O33 - MountPoints2\{86d206ea-b1de-11dd-b1e2-001111c5b80e}\Shell\AutoRun - "" = Auto&Play
O33 - MountPoints2\{86d206ea-b1de-11dd-b1e2-001111c5b80e}\Shell\AutoRun\command - "" = G:\LaunchU3.exe -- File not found
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKU\S-1-5-21-1118273687-2202621647-3972606896-1007\...com [@ = ComFile] -- Reg Error: Key error. File not found
O37 - HKU\S-1-5-21-1118273687-2202621647-3972606896-1007\...exe [@ = exefile] -- Reg Error: Key error. File not found

NetSvcs: 6to4 - File not found
NetSvcs: Ias - C:\WINDOWS\SYSTEM32\IAS [2005/02/06 11:30:32 | 000,000,000 | ---D | M]
NetSvcs: Iprip - C:\WINDOWS\SYSTEM32\iprip.dll (Microsoft Corporation)
NetSvcs: Irmon - File not found
NetSvcs: NWCWorkstation - File not found
NetSvcs: Wmi - C:\WINDOWS\SYSTEM32\wmi.dll (Microsoft Corporation)
NetSvcs: WmdmPmSp - File not found

MsConfig - StartUpReg: CleanSetup - hkey= - key= - C:\WINDOWS\System32\cmd.exe (Microsoft Corporation)
MsConfig - StartUpReg: KernelFaultCheck - hkey= - key= - Reg Error: Value error. File not found
MsConfig - StartUpReg: Malwarebytes' Anti-Malware - hkey= - key= - C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe (Malwarebytes Corporation)
MsConfig - StartUpReg: NvCplDaemon - hkey= - key= - Reg Error: Value error. File not found
MsConfig - StartUpReg: QuickTime Task - hkey= - key= - C:\Program Files\QuickTime\qttask.exe (Apple Inc.)
MsConfig - State: "system.ini" - 0
MsConfig - State: "win.ini" - 0
MsConfig - State: "bootini" - 0
MsConfig - State: "services" - 0
MsConfig - State: "startup" - 0

CREATERESTOREPOINT
Restore point Set: OTL Restore Point (17746534284132352)

========== Files/Folders - Created Within 30 Days ==========

[2010/04/04 12:14:50 | 000,561,664 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\Brad\Desktop\OTL.exe
[2010/04/04 09:05:25 | 000,000,000 | ---D | M] -- C:\Documents and Settings\NetworkService\Application Data\Macromedia
[2010/04/04 09:05:19 | 000,000,000 | ---D | M] -- C:\Documents and Settings\NetworkService\Application Data\Adobe
[2010/04/04 09:05:09 | 000,000,000 | ---D | M] -- C:\Documents and Settings\NetworkService\Local Settings\Application Data\Adobe
[2010/03/29 05:36:51 | 000,000,000 | RH-D | C] -- C:\Documents and Settings\Brad\Recent
[2010/03/28 11:48:23 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Brad\Application Data\Uniblue
[2010/03/24 17:28:42 | 213,816,312 | ---- | C] (Nero AG) -- C:\Documents and Settings\Brad\Desktop\Nero-9.4.26.0b_update(2).exe
[2010/03/23 22:06:15 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Brad\Local Settings\Application Data\Nero
[2010/03/23 17:55:41 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Brad\Local Settings\Application Data\Nero_AG
[2010/03/22 18:49:43 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Brad\My Documents\Nero Collections
[2010/03/21 13:45:11 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Brad\My Documents\Phone Backup
[2010/03/21 13:43:34 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Brad\Application Data\Sony
[2010/03/21 13:43:34 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Sony
[2010/03/21 13:41:02 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Brad\Local Settings\Application Data\Sony
[2010/03/21 13:39:06 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Sony Shared
[2010/03/21 13:14:34 | 360,541,416 | ---- | C] (Nero AG) -- C:\Documents and Settings\Brad\Desktop\Nero_BackItUpAndBurn-1.2.17b.exe
[2010/03/14 23:35:57 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Brad\Application Data\Nero
[2010/03/14 23:17:51 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Nero
[2010/03/12 22:30:07 | 000,000,000 | -HSD | C] -- C:\WINDOWS\Installer
[2010/03/11 21:16:48 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Ahead
[2010/03/10 23:13:47 | 000,479,752 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\XAudio2_0.dll
[2010/03/10 23:13:46 | 000,238,088 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\xactengine3_0.dll
[2010/03/10 23:13:44 | 000,025,608 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\X3DAudio1_3.dll
[2010/03/10 23:13:42 | 001,420,824 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\D3DCompiler_37.dll
[2010/03/10 23:13:42 | 000,462,864 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\d3dx10_37.dll
[2010/03/10 23:13:41 | 003,786,760 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\D3DX9_37.dll
[2010/03/10 22:40:42 | 000,155,648 | ---- | C] (Immersion Corporation) -- C:\WINDOWS\System32\ifc21.dll
[2010/03/10 22:40:42 | 000,094,208 | ---- | C] (Immersion Corporation) -- C:\WINDOWS\System32\FEELIT.DLL
[2010/03/10 22:40:41 | 000,104,960 | ---- | C] (Logitech Inc.) -- C:\WINDOWS\System32\COMNCTR.DLL
[2010/03/10 22:40:41 | 000,097,792 | ---- | C] (Logitech Inc.) -- C:\WINDOWS\System32\LGUICOM.DLL
[2010/03/10 22:40:41 | 000,016,896 | ---- | C] (Logitech, Inc.) -- C:\WINDOWS\System32\LMOUSE32.DLL
[2010/03/10 22:40:41 | 000,003,568 | ---- | C] (Logitech, Inc.) -- C:\WINDOWS\System32\LMOUSE16.DLL
[2010/03/10 22:40:41 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Logitech
[2010/03/10 22:40:37 | 000,000,000 | ---D | C] -- C:\Program Files\Logitech
[2010/03/10 22:40:36 | 000,152,064 | ---- | C] (Logitech Inc.) -- C:\WINDOWS\System32\lmoufrc.dll
[2010/03/10 22:40:36 | 000,070,798 | ---- | C] (Logitech, Inc.) -- C:\WINDOWS\System32\drivers\lmouflt2.sys
[2010/03/10 22:40:36 | 000,023,372 | ---- | C] (Logitech, Inc.) -- C:\WINDOWS\System32\LCOINST.DLL
[2010/03/10 22:40:36 | 000,019,968 | ---- | C] (Logitech Inc.) -- C:\WINDOWS\LOGI_MWX.EXE
[2010/03/10 22:40:35 | 000,051,486 | ---- | C] (Logitech, Inc.) -- C:\WINDOWS\System32\drivers\L8042PR2.SYS
[2010/03/10 22:40:35 | 000,037,884 | ---- | C] (Logitech, Inc.) -- C:\WINDOWS\System32\drivers\LHIDUSB.SYS
[2010/03/10 22:40:35 | 000,025,502 | ---- | C] (Logitech, Inc.) -- C:\WINDOWS\System32\drivers\LHIDFLT2.SYS
[2010/03/10 22:40:35 | 000,014,092 | ---- | C] (Logitech, Inc.) -- C:\WINDOWS\System32\drivers\LCCFLTR.SYS
[2010/03/10 22:37:45 | 000,012,160 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\mouhid.sys
[2010/03/10 14:50:21 | 003,558,912 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\moviemk.exe
[2009/10/21 22:11:10 | 000,425,984 | ---- | C] (Virgin HealthMiles Inc.) -- C:\Program Files\gozone_isync.exe
[2009/08/16 21:06:32 | 000,000,000 | ---D | M] -- C:\Documents and Settings\LocalService\Application Data\Roxio
[2009/07/31 17:00:51 | 000,000,000 | ---D | M] -- C:\Documents and Settings\NetworkService\Local Settings\Application Data\Microsoft
[2009/07/25 19:09:16 | 000,000,000 | ---D | M] -- C:\Documents and Settings\LocalService\Local Settings\Application Data\ICS
[2009/07/01 00:35:21 | 001,766,984 | ---- | C] (Blizzard Entertainment) -- C:\Program Files\TryWoW.exe
[2009/03/18 16:09:25 | 000,000,000 | ---D | M] -- C:\Documents and Settings\LocalService\Application Data\Xfire
[2009/03/15 17:01:57 | 000,000,000 | ---D | M] -- C:\Documents and Settings\NetworkService\Application Data\Xfire
[2008/12/27 13:12:14 | 000,204,496 | ---- | C] (Malwarebytes) -- C:\Program Files\StartUpLite.exe
[2008/08/23 13:04:15 | 000,355,840 | ---- | C] (Kurylo Dmytro aka KDI) -- C:\Program Files\Jawbreaker 1.10.exe
[2008/07/06 14:49:33 | 000,000,000 | ---D | M] -- C:\Documents and Settings\LocalService\Local Settings\Application Data\Microsoft
[2008/01/21 09:53:17 | 001,130,496 | ---- | C] (NVision Design, Inc.) -- C:\Program Files\Elf Bowling.exe
[2007/08/30 22:21:04 | 000,000,000 | ---D | M] -- C:\Documents and Settings\NetworkService\Local Settings\Application Data\Apple
[2007/06/07 14:26:41 | 000,398,912 | ---- | C] (Sysinternals - www.sysinternals.com) -- C:\Program Files\autoruns.exe
[2007/02/26 20:40:34 | 000,000,000 | --SD | M] -- C:\Documents and Settings\NetworkService\Application Data\Microsoft
[2007/02/26 20:40:34 | 000,000,000 | --SD | M] -- C:\Documents and Settings\LocalService\Application Data\Microsoft
[2005/02/09 23:14:21 | 000,000,000 | ---D | M] -- C:\Documents and Settings\LocalService\Application Data\McAfee.com Personal Firewall
[1980/01/01 02:00:00 | 000,065,536 | ---- | C] ( ) -- C:\WINDOWS\System32\A3d.dll
[13 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2010/04/04 12:14:50 | 000,561,664 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Brad\Desktop\OTL.exe
[2010/04/04 12:13:52 | 000,000,000 | ---- | M] () -- C:\Documents and Settings\Brad\Local Settings\Application Data\prvlcl.dat
[2010/04/04 11:22:11 | 000,001,314 | ---- | M] () -- C:\WINDOWS\WIN.INI
[2010/04/04 11:22:03 | 000,006,309 | ---- | M] () -- C:\Documents and Settings\Brad\Desktop\Attach.zip
[2010/04/04 11:13:43 | 000,002,206 | ---- | M] () -- C:\WINDOWS\System32\WPA.DBL
[2010/04/04 11:12:51 | 000,178,561 | ---- | M] () -- C:\WINDOWS\System32\nvapps.xml
[2010/04/04 11:11:37 | 000,000,006 | -H-- | M] () -- C:\WINDOWS\tasks\SA.DAT
[2010/04/04 11:11:31 | 000,002,048 | --S- | M] () -- C:\WINDOWS\BOOTSTAT.DAT
[2010/04/04 11:11:29 | 2145,538,048 | -HS- | M] () -- C:\hiberfil.sys
[2010/04/04 10:54:09 | 000,000,000 | ---- | M] () -- C:\Documents and Settings\Brad\defogger_reenable
[2010/04/04 10:08:07 | 002,359,350 | ---- | M] () -- C:\Documents and Settings\Brad\Desktop\infection.bmp
[2010/04/04 09:44:09 | 000,284,915 | ---- | M] () -- C:\Documents and Settings\Brad\Desktop\gmer.zip
[2010/04/04 09:42:16 | 000,525,824 | ---- | M] () -- C:\Documents and Settings\Brad\Desktop\dds.scr
[2010/04/04 09:41:43 | 000,050,477 | ---- | M] () -- C:\Documents and Settings\Brad\Desktop\Defogger.exe
[2010/04/04 09:25:06 | 015,728,640 | ---- | M] () -- C:\Documents and Settings\Brad\NTUSER.DAT
[2010/04/04 09:25:06 | 000,000,278 | -HS- | M] () -- C:\Documents and Settings\Brad\NTUSER.INI
[2010/04/04 08:21:51 | 058,520,744 | ---- | M] () -- C:\WINDOWS\System32\drivers\Avg\incavi.avm
[2010/04/03 23:15:04 | 000,000,211 | ---- | M] () -- C:\Documents and Settings\Brad\Application Data\default.rss
[2010/04/03 23:14:22 | 000,000,069 | ---- | M] () -- C:\WINDOWS\NeroDigital.ini
[2010/04/02 06:57:26 | 000,575,862 | ---- | M] () -- C:\WINDOWS\System32\drivers\Avg\iavifw.avm
[2010/03/30 08:19:04 | 000,000,284 | ---- | M] () -- C:\WINDOWS\tasks\AppleSoftwareUpdate.job
[2010/03/30 00:46:30 | 000,038,224 | ---- | M] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbamswissarmy.sys
[2010/03/30 00:45:52 | 000,020,824 | ---- | M] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys
[2010/03/28 14:11:36 | 000,000,000 | ---- | M] () -- C:\Documents and Settings\Brad\Desktop\Nero-9.4.26.0_update.exe
[2010/03/27 15:29:28 | 000,001,548 | ---- | M] () -- C:\Documents and Settings\Brad\Desktop\CCleaner.lnk
[2010/03/26 17:05:40 | 000,002,839 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Nero BackItUp.lnk
[2010/03/24 17:33:12 | 213,816,312 | ---- | M] (Nero AG) -- C:\Documents and Settings\Brad\Desktop\Nero-9.4.26.0b_update(2).exe
[2010/03/23 21:38:20 | 000,000,072 | ---- | M] () -- C:\WINDOWS\SBWIN.INI
[2010/03/22 18:49:43 | 000,000,000 | ---- | M] () -- C:\Documents and Settings\Brad\Application Data\downloads.m3u
[2010/03/22 17:17:21 | 000,027,136 | ---- | M] () -- C:\Documents and Settings\Brad\My Documents\Daily jobs for boys.doc
[2010/03/21 15:53:40 | 000,330,688 | ---- | M] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2010/03/21 13:46:58 | 360,541,416 | ---- | M] (Nero AG) -- C:\Documents and Settings\Brad\Desktop\Nero_BackItUpAndBurn-1.2.17b.exe
[2010/03/21 13:41:03 | 000,101,368 | ---- | M] () -- C:\Documents and Settings\Brad\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
[2010/03/21 13:39:10 | 000,001,969 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Sony Ericsson Media Manager 1.2.lnk
[2010/03/21 13:24:22 | 000,002,007 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Adobe Photoshop Album Starter Edition 3.2.lnk
[2010/03/14 23:18:52 | 000,002,327 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Nero StartSmart.lnk
[2010/03/14 22:30:15 | 000,445,370 | ---- | M] () -- C:\WINDOWS\System32\PERFH009.DAT
[2010/03/14 22:30:15 | 000,072,576 | ---- | M] () -- C:\WINDOWS\System32\PERFC009.DAT
[2010/03/14 22:30:14 | 000,528,580 | ---- | M] () -- C:\WINDOWS\System32\PerfStringBackup.INI
[2010/03/10 22:41:18 | 000,081,920 | R--- | M] () -- C:\WINDOWS\bwUnin-6.1.4.61-8876480L.exe
[2010/03/10 21:26:35 | 000,001,324 | ---- | M] () -- C:\WINDOWS\System32\d3d9caps.dat
[2010/03/07 11:29:21 | 000,000,297 | ---- | M] () -- C:\Program Files\Jawbreak.svg
[13 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]

========== Files Created - No Company Name ==========

[2010/04/04 11:22:03 | 000,006,309 | ---- | C] () -- C:\Documents and Settings\Brad\Desktop\Attach.zip
[2010/04/04 10:54:09 | 000,000,000 | ---- | C] () -- C:\Documents and Settings\Brad\defogger_reenable
[2010/04/04 10:08:07 | 002,359,350 | ---- | C] () -- C:\Documents and Settings\Brad\Desktop\infection.bmp
[2010/04/04 09:44:08 | 000,284,915 | ---- | C] () -- C:\Documents and Settings\Brad\Desktop\gmer.zip
[2010/04/04 09:42:16 | 000,525,824 | ---- | C] () -- C:\Documents and Settings\Brad\Desktop\dds.scr
[2010/04/04 09:41:37 | 000,050,477 | ---- | C] () -- C:\Documents and Settings\Brad\Desktop\Defogger.exe
[2010/03/28 14:11:36 | 000,000,000 | ---- | C] () -- C:\Documents and Settings\Brad\Desktop\Nero-9.4.26.0_update.exe
[2010/03/22 18:49:43 | 000,000,000 | ---- | C] () -- C:\Documents and Settings\Brad\Application Data\downloads.m3u
[2010/03/22 17:17:21 | 000,027,136 | ---- | C] () -- C:\Documents and Settings\Brad\My Documents\Daily jobs for boys.doc
[2010/03/21 15:59:19 | 000,002,839 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Nero BackItUp.lnk
[2010/03/21 13:39:10 | 000,001,969 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Sony Ericsson Media Manager 1.2.lnk
[2010/03/21 13:24:20 | 000,002,007 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Adobe Photoshop Album Starter Edition 3.2.lnk
[2010/03/14 23:18:52 | 000,002,327 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Nero StartSmart.lnk
[2010/03/10 23:17:36 | 2145,538,048 | -HS- | C] () -- C:\hiberfil.sys
[2010/03/10 23:08:25 | 000,186,407 | ---- | C] () -- C:\WINDOWS\System32\nvapps.nvb
[2010/03/10 22:41:18 | 000,081,920 | R--- | C] () -- C:\WINDOWS\bwUnin-6.1.4.61-8876480L.exe
[2010/02/13 19:18:41 | 000,110,592 | ---- | C] () -- C:\WINDOWS\System32\FsUsbExDevice.Dll
[2010/02/13 19:18:41 | 000,036,608 | ---- | C] () -- C:\WINDOWS\System32\FsUsbExDisk.Sys
[2010/02/13 19:18:27 | 000,002,528 | ---- | C] () -- C:\Documents and Settings\Brad\Application Data\$_hpcst$.hpc
[2010/01/05 18:50:25 | 000,000,000 | ---- | C] () -- C:\Documents and Settings\Brad\Local Settings\Application Data\prvlcl.dat
[2009/10/31 17:53:52 | 002,133,430 | ---- | C] () -- C:\Program Files\SharePod.zip
[2009/08/21 21:50:18 | 001,238,944 | ---- | C] () -- C:\Documents and Settings\LocalService\Local Settings\Application Data\FontCache3.0.0.0.dat
[2009/08/16 20:19:42 | 000,001,606 | ---- | C] () -- C:\WINDOWS\TVEpaDrv.ini
[2009/08/16 20:19:21 | 000,363,520 | ---- | C] () -- C:\WINDOWS\System32\PsisDecd.dll
[2009/07/18 13:55:26 | 000,019,504 | ---- | C] () -- C:\Documents and Settings\Brad\hs_err_pid3196.log
[2009/07/07 19:55:12 | 000,041,808 | ---- | C] () -- C:\WINDOWS\System32\xfcodec.dll
[2009/03/15 17:02:56 | 000,043,520 | ---- | C] () -- C:\WINDOWS\System32\CmdLineExt03.dll
[2009/01/23 09:06:26 | 000,000,211 | ---- | C] () -- C:\Documents and Settings\Brad\Application Data\default.rss
[2009/01/21 19:13:40 | 000,000,023 | ---- | C] () -- C:\WINDOWS\MixBKS.INI
[2009/01/19 01:04:04 | 000,004,757 | ---- | C] () -- C:\WINDOWS\Irremote.ini
[2008/08/23 13:04:23 | 000,000,297 | ---- | C] () -- C:\Program Files\Jawbreak.svg
[2008/07/04 00:07:15 | 000,000,000 | ---- | C] () -- C:\WINDOWS\mngui.INI
[2008/05/01 22:02:46 | 003,558,791 | ---- | C] () -- C:\Program Files\youtubedownloader.exe
[2008/03/23 17:59:38 | 000,000,069 | ---- | C] () -- C:\WINDOWS\NeroDigital.ini
[2008/03/23 17:57:48 | 000,000,136 | ---- | C] () -- C:\Documents and Settings\Brad\default.pls
[2008/02/11 10:39:26 | 000,253,952 | ---- | C] () -- C:\WINDOWS\System32\OnlineScannerDLLA.dll
[2008/02/11 10:39:18 | 000,237,568 | ---- | C] () -- C:\WINDOWS\System32\OnlineScannerDLLW.dll
[2008/02/08 14:53:46 | 000,110,592 | ---- | C] () -- C:\WINDOWS\System32\OnlineScannerLang.dll
[2007/12/24 15:49:29 | 000,000,000 | ---- | C] () -- C:\WINDOWS\hpqEmlSz.INI
[2007/12/24 15:18:26 | 000,002,135 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\hpzinstall.log
[2007/11/29 23:43:04 | 000,908,288 | ---- | C] () -- C:\WINDOWS\System32\libxml2_CW.dll
[2007/10/25 18:26:10 | 000,005,632 | ---- | C] () -- C:\WINDOWS\System32\drivers\StarOpen.sys
[2007/08/25 17:33:12 | 000,006,273 | ---- | C] () -- C:\Documents and Settings\Brad\_GEAREXT.WO_IDENT.TXT
[2007/07/27 15:49:02 | 000,225,355 | ---- | C] () -- C:\WINDOWS\System32\lnod32apiW.dll
[2007/07/27 15:49:02 | 000,196,683 | ---- | C] () -- C:\WINDOWS\System32\lnod32apiA.dll
[2007/03/24 18:47:52 | 000,151,552 | ---- | C] () -- C:\WINDOWS\System32\libexpat.dll
[2007/03/05 14:34:28 | 000,676,224 | ---- | C] () -- C:\WINDOWS\System32\OGACheckControl.DLL
[2006/11/24 23:10:02 | 000,003,654 | ---- | C] () -- C:\WINDOWS\System32\drivers\Sonyhcp.dll
[2006/11/07 21:14:13 | 000,001,365 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\QTSBandwidthCache
[2006/10/30 19:14:37 | 000,684,032 | ---- | C] () -- C:\WINDOWS\System32\libeay32.dll
[2006/10/30 19:14:36 | 000,155,648 | ---- | C] () -- C:\WINDOWS\System32\ssleay32.dll
[2006/08/21 22:25:41 | 000,000,215 | ---- | C] () -- C:\WINDOWS\CTWave32.ini
[2006/07/08 15:05:50 | 000,000,130 | ---- | C] () -- C:\WINDOWS\Z.ini
[2006/03/27 18:12:51 | 000,000,004 | ---- | C] () -- C:\WINDOWS\msoffice.ini
[2006/03/16 21:46:39 | 000,197,120 | ---- | C] () -- C:\WINDOWS\patchw32.dll
[2006/01/13 21:31:19 | 000,000,028 | ---- | C] () -- C:\WINDOWS\atid.ini
[2006/01/12 20:06:31 | 000,034,475 | ---- | C] () -- C:\WINDOWS\cdPlayer.ini
[2006/01/10 18:35:47 | 000,006,048 | ---- | C] () -- C:\WINDOWS\System32\MCC16.dll
[2005/12/27 18:43:22 | 000,000,104 | ---- | C] () -- C:\Documents and Settings\Brad\LgDSetup.log
[2005/12/09 12:32:37 | 000,016,973 | ---- | C] () -- C:\WINDOWS\System32\ZWebAuth.dll
[2005/12/05 20:25:22 | 000,139,264 | ---- | C] () -- C:\WINDOWS\System32\lnod32umc.dll
[2005/12/05 13:37:10 | 000,106,496 | ---- | C] () -- C:\WINDOWS\System32\lnod32upd.dll
[2005/11/24 18:32:06 | 000,684,032 | ---- | C] () -- C:\WINDOWS\libeay32.dll
[2005/11/24 18:32:06 | 000,155,648 | ---- | C] () -- C:\WINDOWS\ssleay32.dll
[2005/09/21 20:32:51 | 000,000,086 | ---- | C] () -- C:\WINDOWS\webica.ini
[2005/07/20 22:07:00 | 001,703,936 | ---- | C] () -- C:\WINDOWS\System32\nvwdmcpl.dll
[2005/07/20 22:07:00 | 001,486,848 | ---- | C] () -- C:\WINDOWS\System32\nview.dll
[2005/07/20 22:07:00 | 001,019,904 | ---- | C] () -- C:\WINDOWS\System32\nvwimg.dll
[2005/07/20 22:07:00 | 000,540,672 | ---- | C] () -- C:\WINDOWS\System32\nvhwvid.dll
[2005/07/20 22:07:00 | 000,466,944 | ---- | C] () -- C:\WINDOWS\System32\nvshell.dll
[2005/07/20 22:07:00 | 000,286,720 | ---- | C] () -- C:\WINDOWS\System32\nvnt4cpl.dll
[2005/06/24 14:50:59 | 000,000,865 | ---- | C] () -- C:\WINDOWS\hegames.ini
[2005/06/21 12:07:45 | 000,000,478 | ---- | C] () -- C:\WINDOWS\iScreensaver.ini
[2005/05/09 15:15:59 | 000,000,035 | ---- | C] () -- C:\WINDOWS\A6W.INI
[2005/05/01 19:09:56 | 000,000,132 | ---- | C] () -- C:\WINDOWS\Tiny_Run.ini
[2005/02/23 00:32:55 | 000,121,856 | ---- | C] () -- C:\Documents and Settings\Brad\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2005/02/13 19:24:03 | 000,000,000 | ---- | C] () -- C:\WINDOWS\SETUP32.INI
[2005/02/13 01:40:30 | 000,000,127 | ---- | C] () -- C:\Documents and Settings\Brad\Local Settings\Application Data\fusioncache.dat
[2005/02/10 21:38:05 | 000,000,916 | ---- | C] () -- C:\WINDOWS\dellstat.ini
[2005/02/09 23:13:30 | 015,728,640 | ---- | C] () -- C:\Documents and Settings\Brad\NTUSER.DAT
[2005/02/09 23:13:30 | 000,001,024 | -H-- | C] () -- C:\Documents and Settings\Brad\ntuser.dat.LOG
[2005/02/09 23:13:30 | 000,000,278 | -HS- | C] () -- C:\Documents and Settings\Brad\NTUSER.INI
[2005/02/09 23:12:21 | 000,262,144 | ---- | C] () -- C:\Documents and Settings\All Users\NTUSER.DAT
[2005/02/09 23:12:21 | 000,001,024 | -H-- | C] () -- C:\Documents and Settings\All Users\NTUSER.DAT.LOG
[2005/02/06 12:14:39 | 000,000,061 | ---- | C] () -- C:\WINDOWS\smscfg.ini
[2005/02/06 12:08:15 | 000,000,452 | ---- | C] () -- C:\WINDOWS\wininit.ini
[2005/02/06 12:05:08 | 000,000,376 | ---- | C] () -- C:\WINDOWS\ODBC.INI
[2005/02/06 12:02:52 | 000,000,231 | ---- | C] () -- C:\WINDOWS\AC3API.INI
[2005/02/06 12:02:41 | 000,003,278 | ---- | C] () -- C:\WINDOWS\System32\LudaP17.ini
[2005/02/06 12:02:41 | 000,000,029 | ---- | C] () -- C:\WINDOWS\System32\ctzapxx.ini
[2005/02/06 12:02:35 | 000,000,072 | ---- | C] () -- C:\WINDOWS\SBWIN.INI
[2005/02/06 11:32:36 | 000,000,519 | ---- | C] () -- C:\WINDOWS\System32\OEMINFO.INI
[2004/09/16 00:03:14 | 000,000,000 | ---- | C] () -- C:\WINDOWS\System32\px.ini
[2004/09/01 17:35:06 | 000,000,254 | ---- | C] () -- C:\WINDOWS\System32\DLBUPLC.INI
[2004/08/10 15:13:12 | 000,000,882 | ---- | C] () -- C:\WINDOWS\ORUN32.INI
[2003/03/27 17:28:44 | 000,004,955 | ---- | C] () -- C:\WINDOWS\System32\DProg.ini
[2003/01/07 17:05:08 | 000,002,695 | ---- | C] () -- C:\WINDOWS\System32\OUTLPERF.INI
[2000/04/12 15:24:10 | 000,338,944 | ---- | C] () -- C:\WINDOWS\System32\LFFPX7.DLL
[2000/04/11 20:44:56 | 000,085,504 | ---- | C] () -- C:\WINDOWS\System32\lame_enc.dll
[1999/01/27 14:39:06 | 000,065,024 | ---- | C] () -- C:\WINDOWS\System32\indounin.dll
[1997/09/30 14:30:02 | 000,122,880 | ---- | C] () -- C:\WINDOWS\System32\LFKODAK.DLL
[1997/06/13 08:56:08 | 000,056,832 | ---- | C] () -- C:\WINDOWS\System32\Iyvu9_32.dll
[1980/01/01 02:00:00 | 000,060,928 | ---- | C] () -- C:\WINDOWS\System32\P17.dll
[1980/01/01 02:00:00 | 000,053,248 | ---- | C] () -- C:\WINDOWS\System32\P17CPI.dll
[1980/01/01 02:00:00 | 000,012,288 | ---- | C] () -- C:\WINDOWS\System32\e100bmsg.dll

========== Custom Scans ==========


< %systemroot%\system32\*.dll /lockedfiles >

< %systemroot%\Tasks\*.job /lockedfiles >

< %SYSTEMDRIVE%\*.exe >
[2005/12/05 19:50:56 | 000,010,920 | ---- | M] () -- C:\aolconnfix.exe
[2007/07/16 17:04:17 | 024,265,736 | ---- | M] (Microsoft) -- C:\dotnetfx.exe
[2007/07/16 17:06:02 | 010,703,680 | ---- | M] (Microsoft Corporation) -- C:\NDP1.1sp1-KB867460-X86.exe
[2007/07/16 17:07:21 | 009,249,736 | ---- | M] (Microsoft Corporation) -- C:\ndp1.1sp1-kb928366-x86_20112ef50011e0de2c0e3378139245d81a178b15.exe


< MD5 for: ATAPI.SYS >
[2004/08/04 07:00:00 | 018,738,937 | ---- | M] () .cab file -- C:\I386\sp2.cab:atapi.sys
[2004/08/04 07:00:00 | 018,738,937 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\I386\sp2.cab:atapi.sys
[2008/08/21 06:58:35 | 023,852,652 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\I386\sp3.cab:atapi.sys
[2008/08/21 06:58:35 | 023,852,652 | ---- | M] () .cab file -- C:\WINDOWS\ServicePackFiles\i386\sp3.cab:atapi.sys
[2008/04/13 14:40:30 | 000,096,512 | ---- | M] (Microsoft Corporation) MD5=9F3A2F5AA6875C72BF062C712CFA2674 -- C:\WINDOWS\ServicePackFiles\i386\atapi.sys
[2008/04/13 14:40:30 | 000,096,512 | ---- | M] (Microsoft Corporation) MD5=9F3A2F5AA6875C72BF062C712CFA2674 -- C:\WINDOWS\SYSTEM32\DRIVERS\atapi.sys
[2004/08/04 00:59:44 | 000,095,360 | ---- | M] (Microsoft Corporation) MD5=CDFE4411A69C224BD1D11B2DA92DAC51 -- C:\I386\atapi.sys
[2004/08/04 00:59:44 | 000,095,360 | ---- | M] (Microsoft Corporation) MD5=CDFE4411A69C224BD1D11B2DA92DAC51 -- C:\WINDOWS\$NtServicePackUninstall$\atapi.sys
[2004/08/04 00:59:44 | 000,095,360 | ---- | M] (Microsoft Corporation) MD5=CDFE4411A69C224BD1D11B2DA92DAC51 -- C:\WINDOWS\SYSTEM32\ReinstallBackups\0005\DriverFiles\i386\atapi.sys
[2004/08/04 00:59:44 | 000,095,360 | ---- | M] (Microsoft Corporation) MD5=CDFE4411A69C224BD1D11B2DA92DAC51 -- C:\WINDOWS\SYSTEM32\ReinstallBackups\0013\DriverFiles\i386\atapi.sys

< MD5 for: EVENTLOG.DLL >
[2008/04/13 20:11:53 | 000,056,320 | ---- | M] (Microsoft Corporation) MD5=6D4FEB43EE538FC5428CC7F0565AA656 -- C:\WINDOWS\ServicePackFiles\i386\eventlog.dll
[2008/04/13 20:11:53 | 000,056,320 | ---- | M] (Microsoft Corporation) MD5=6D4FEB43EE538FC5428CC7F0565AA656 -- C:\WINDOWS\SYSTEM32\eventlog.dll
[2004/08/04 07:00:00 | 000,055,808 | ---- | M] (Microsoft Corporation) MD5=82B24CB70E5944E6E34662205A2A5B78 -- C:\I386\EVENTLOG.DLL
[2004/08/04 07:00:00 | 000,055,808 | ---- | M] (Microsoft Corporation) MD5=82B24CB70E5944E6E34662205A2A5B78 -- C:\WINDOWS\$NtServicePackUninstall$\eventlog.dll

< MD5 for: NETLOGON.DLL >
[2008/04/13 20:12:01 | 000,407,040 | ---- | M] (Microsoft Corporation) MD5=1B7F071C51B77C272875C3A23E1E4550 -- C:\WINDOWS\ServicePackFiles\i386\netlogon.dll
[2008/04/13 20:12:01 | 000,407,040 | ---- | M] (Microsoft Corporation) MD5=1B7F071C51B77C272875C3A23E1E4550 -- C:\WINDOWS\SYSTEM32\netlogon.dll
[2004/08/04 07:00:00 | 000,407,040 | ---- | M] (Microsoft Corporation) MD5=96353FCECBA774BB8DA74A1C6507015A -- C:\I386\NETLOGON.DLL
[2004/08/04 07:00:00 | 000,407,040 | ---- | M] (Microsoft Corporation) MD5=96353FCECBA774BB8DA74A1C6507015A -- C:\WINDOWS\$NtServicePackUninstall$\netlogon.dll

< MD5 for: PROQUOTA.EXE >
[2004/08/04 07:00:00 | 000,050,176 | ---- | M] (Microsoft Corporation) MD5=4D9D45A4370E0C2AD00C362B7118E2A4 -- C:\I386\PROQUOTA.EXE
[2004/08/04 07:00:00 | 000,050,176 | ---- | M] (Microsoft Corporation) MD5=4D9D45A4370E0C2AD00C362B7118E2A4 -- C:\WINDOWS\$NtServicePackUninstall$\proquota.exe
[2008/04/13 20:12:32 | 000,050,176 | ---- | M] (Microsoft Corporation) MD5=F6465A2EEF75468988A4FCF124148FA8 -- C:\WINDOWS\ServicePackFiles\i386\proquota.exe

< MD5 for: SCECLI.DLL >
[2004/08/04 07:00:00 | 000,180,224 | ---- | M] (Microsoft Corporation) MD5=0F78E27F563F2AAF74B91A49E2ABF19A -- C:\I386\SCECLI.DLL
[2004/08/04 07:00:00 | 000,180,224 | ---- | M] (Microsoft Corporation) MD5=0F78E27F563F2AAF74B91A49E2ABF19A -- C:\WINDOWS\$NtServicePackUninstall$\scecli.dll
[2008/04/13 20:12:05 | 000,181,248 | ---- | M] (Microsoft Corporation) MD5=A86BB5E61BF3E39B62AB4C7E7085A084 -- C:\WINDOWS\ServicePackFiles\i386\scecli.dll
[2008/04/13 20:12:05 | 000,181,248 | ---- | M] (Microsoft Corporation) MD5=A86BB5E61BF3E39B62AB4C7E7085A084 -- C:\WINDOWS\SYSTEM32\scecli.dll

< MD5 for: SFCFILES.DLL >
[2004/08/04 07:00:00 | 001,580,544 | ---- | M] (Microsoft Corporation) MD5=30A609E00BD1D4FFC49D6B5A432BE7F2 -- C:\I386\SFCFILES.DLL
[2004/08/04 07:00:00 | 001,580,544 | ---- | M] (Microsoft Corporation) MD5=30A609E00BD1D4FFC49D6B5A432BE7F2 -- C:\WINDOWS\$NtServicePackUninstall$\sfcfiles.dll
[2008/04/13 20:12:05 | 001,614,848 | ---- | M] (Microsoft Corporation) MD5=9DD07AF82244867CA36681EA2D29CE79 -- C:\WINDOWS\ServicePackFiles\i386\sfcfiles.dll
[2008/04/13 20:12:05 | 001,614,848 | ---- | M] (Microsoft Corporation) MD5=9DD07AF82244867CA36681EA2D29CE79 -- C:\WINDOWS\SYSTEM32\sfcfiles.dll

========== Alternate Data Streams ==========

@Alternate Data Stream - 88 bytes -> C:\Program Files\gozone_isync.exe:SummaryInformation
@Alternate Data Stream - 133 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:588B60C7
@Alternate Data Stream - 132 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:5EC637CB
@Alternate Data Stream - 125 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:5C321E34
< End of report >


Stealth MBR rootkit/Mebroot/Sinowal detector 0.3.7 by Gmer, http://www.gmer.net

device: opened successfully
user: MBR read successfully
called modules: ntoskrnl.exe CLASSPNP.SYS disk.sys >>UNKNOWN [0x8AFEAD6B]<<
kernel: MBR read successfully
user & kernel MBR OK



Thanks again!


#4 syler

syler

  • Malware Response Team
  • 8,150 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Warrington, UK
  • Local time:08:42 PM

Posted 04 April 2010 - 12:28 PM

Can you tell me how the computer is running? also are you having any problems like browser redirects?

  • Go to Start >> Run
  • Copy and paste the following command line into the Run box, then click OK.
cmd /c copy C:\WINDOWS\ServicePackFiles\i386\proquota.exe C:\WINDOWS\System32\proquota.exe
  • The command prompt should pop for a second then disappear.



Run OTL
  • Under the Custom Scans/Fixes box at the bottom, paste in the following

    CODE
    :OTL
    SRV - File not found [On_Demand | Stopped] -- -- (NMIndexingService)
    O3 - HKU\S-1-5-21-1118273687-2202621647-3972606896-1007\..\Toolbar\ShellBrowser: (no name) - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - No CLSID value found.
    O4 - HKLM..\Run: [NPSStartup] File not found
    O7 - HKU\S-1-5-21-1118273687-2202621647-3972606896-1007\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableProfileQuota = 1
    O16 - DPF: {321FB770-1FBE-4BFE-BDC1-6F622D4FA499} https://activation.alltel.com/wizlet/ALLTEL...aller_2-0-0.cab  (Reg Error: Value error.)
    O16 - DPF: {4ED9DDF0-7479-4BBE-9335-5A1EDB1D8A21} http://download.mcafee.com/molbin/shared/m...01/mcinsctl.cab  (Reg Error: Key error.)
    O16 - DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} http://fpdownload.macromedia.com/get/flash...r/ultrashim.cab  (Reg Error: Key error.)
    O16 - DPF: {BCC0FF27-31D9-4614-A68E-C18E1ADA4389} http://download.mcafee.com/molbin/shared/m...,26/mcgdmgr.cab  (Reg Error: Key error.)
    O16 - DPF: {CAFEEFAC-0014-0002-0003-ABCDEFFEDCBA} http://java.sun.com/products/plugin/autodl...indows-i586.cab  (Reg Error: Key error.)
    O16 - DPF: {CAFEEFAC-0015-0000-0006-ABCDEFFEDCBA} http://java.sun.com/update/1.5.0/jinstall-...indows-i586.cab (Reg Error: Key error.)
    O16 - DPF: {CAFEEFAC-0015-0000-0009-ABCDEFFEDCBA} http://java.sun.com/update/1.5.0/jinstall-...indows-i586.cab (Reg Error: Key error.)
    O16 - DPF: {CAFEEFAC-0015-0000-0011-ABCDEFFEDCBA} http://java.sun.com/update/1.5.0/jinstall-...indows-i586.cab (Reg Error: Key error.)
    O16 - DPF: {CAFEEFAC-0016-0000-0001-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Reg Error: Key error.)
    O16 - DPF: {CAFEEFAC-0016-0000-0003-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Reg Error: Key error.)
    O16 - DPF: {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Reg Error: Key error.)
    O16 - DPF: {46C66BBD-E667-4DAD-9682-58050E7C9FDC} http://www.cdpass.com/cdkey/CDPass.cab (CDPass Class)
    O16 - DPF: {D68217F4-1DF9-45C1-BFA6-61DBD5464527} http://209.90.101.200/cabs/zinst.cab (Genealogy Browser)
    O16 - DPF: {E06E2E99-0AA1-11D4-ABA6-0060082AA75C} (Reg Error: Value error.)
    O16 - DPF: {E5D419D6-A846-4514-9FAD-97E826C84822} http://fdl.msn.com/zone/datafiles/heartbeat.cab (Reg Error: Key error.)
    O16 - DPF: Microsoft XML Parser for Java file://C:\WINDOWS\Java\classes\xmldso.cab (Reg Error: Key error.)
    O33 - MountPoints2\{6d95edf7-c3d4-11de-ba57-001111c5b80e}\Shell\AutoRun - "" = Auto&Play
    O33 - MountPoints2\{6d95edf7-c3d4-11de-ba57-001111c5b80e}\Shell\AutoRun\command - "" = G:\autorun.exe -- File not found
    O33 - MountPoints2\{6d95edf7-c3d4-11de-ba57-001111c5b80e}\Shell\phone\command - "" = G:\autorun.exe -- File not found
    O33 - MountPoints2\{86d206ea-b1de-11dd-b1e2-001111c5b80e}\Shell - "" = AutoRun
    O33 - MountPoints2\{86d206ea-b1de-11dd-b1e2-001111c5b80e}\Shell\AutoRun - "" = Auto&Play
    O33 - MountPoints2\{86d206ea-b1de-11dd-b1e2-001111c5b80e}\Shell\AutoRun\command - "" = G:\LaunchU3.exe -- File not found
    O37 - HKU\S-1-5-21-1118273687-2202621647-3972606896-1007\...com [@ = ComFile] -- Reg Error: Key error. File not found
    O37 - HKU\S-1-5-21-1118273687-2202621647-3972606896-1007\...exe [@ = exefile] -- Reg Error: Key error. File not found
    MsConfig - StartUpReg: KernelFaultCheck - hkey= - key= - Reg Error: Value error. File not found
    MsConfig - StartUpReg: NvCplDaemon - hkey= - key= - Reg Error: Value error. File not found
    :Commands
    [purity]
    [emptytemp]
    [emptyflash]

  • Then click the Run Fix button at the top
  • Let the program run unhindered, reboot when it is done
  • You will get a log that shows the results of the fix. Please post it.
  • Then also run a new OTL scan without the bold text, and post the new OTL log.


  • Go to Kaspersky and Download TDSSKiller.zip.
  • Extract the contents of TDSSKiller.zip to your Desktop.
  • Double click on TDSSKiller.exe to run it.
  • If it finds something and asks you what to do, follow the instructions to type in "delete".
  • When done, a log file should be created on your C: drive called TDSSKiller.txt(with time+date appended) please post this log in your next reply.


Then please post back here with the following logs:
  • New OTL log
  • TDSSKiller.txt

Thanks

unite.jpg


#5 chefbrad

chefbrad
  • Topic Starter

  • Members
  • 85 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:02:42 PM

Posted 04 April 2010 - 01:01 PM

I have not noticed any browser redirects; however, the browser has been slow as well as the computer itself.

All processes killed
========== OTL ==========
Service NMIndexingService stopped successfully!
Service NMIndexingService deleted successfully!
Registry value HKEY_USERS\S-1-5-21-1118273687-2202621647-3972606896-1007\Software\Microsoft\Internet Explorer\Toolbar\ShellBrowser\\{BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0}\ not found.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\\NPSStartup deleted successfully.
Registry value HKEY_USERS\S-1-5-21-1118273687-2202621647-3972606896-1007\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\\EnableProfileQuota deleted successfully.
Starting removal of ActiveX control {321FB770-1FBE-4BFE-BDC1-6F622D4FA499}
C:\WINDOWS\Downloaded Program Files\WebflowActiveXInstaller_DSR.inf moved successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{321FB770-1FBE-4BFE-BDC1-6F622D4FA499}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{321FB770-1FBE-4BFE-BDC1-6F622D4FA499}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{321FB770-1FBE-4BFE-BDC1-6F622D4FA499}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{321FB770-1FBE-4BFE-BDC1-6F622D4FA499}\ not found.
Starting removal of ActiveX control {4ED9DDF0-7479-4BBE-9335-5A1EDB1D8A21}
C:\WINDOWS\Downloaded Program Files\mcinsctl.inf moved successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{4ED9DDF0-7479-4BBE-9335-5A1EDB1D8A21}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{4ED9DDF0-7479-4BBE-9335-5A1EDB1D8A21}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{4ED9DDF0-7479-4BBE-9335-5A1EDB1D8A21}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{4ED9DDF0-7479-4BBE-9335-5A1EDB1D8A21}\ not found.
Starting removal of ActiveX control {8FFBE65D-2C9C-4669-84BD-5829DC0B603C}
C:\WINDOWS\Downloaded Program Files\erma.inf moved successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{8FFBE65D-2C9C-4669-84BD-5829DC0B603C}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{8FFBE65D-2C9C-4669-84BD-5829DC0B603C}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{8FFBE65D-2C9C-4669-84BD-5829DC0B603C}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{8FFBE65D-2C9C-4669-84BD-5829DC0B603C}\ not found.
Starting removal of ActiveX control {BCC0FF27-31D9-4614-A68E-C18E1ADA4389}
C:\WINDOWS\Downloaded Program Files\McGDMgr.inf moved successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{BCC0FF27-31D9-4614-A68E-C18E1ADA4389}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{BCC0FF27-31D9-4614-A68E-C18E1ADA4389}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{BCC0FF27-31D9-4614-A68E-C18E1ADA4389}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{BCC0FF27-31D9-4614-A68E-C18E1ADA4389}\ not found.
Starting removal of ActiveX control {CAFEEFAC-0014-0002-0003-ABCDEFFEDCBA}
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{CAFEEFAC-0014-0002-0003-ABCDEFFEDCBA}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-0014-0002-0003-ABCDEFFEDCBA}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Classes\CLSID\{CAFEEFAC-0014-0002-0003-ABCDEFFEDCBA}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{CAFEEFAC-0014-0002-0003-ABCDEFFEDCBA}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-0014-0002-0003-ABCDEFFEDCBA}\ not found.
Starting removal of ActiveX control {CAFEEFAC-0015-0000-0006-ABCDEFFEDCBA}
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{CAFEEFAC-0015-0000-0006-ABCDEFFEDCBA}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-0015-0000-0006-ABCDEFFEDCBA}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Classes\CLSID\{CAFEEFAC-0015-0000-0006-ABCDEFFEDCBA}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{CAFEEFAC-0015-0000-0006-ABCDEFFEDCBA}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-0015-0000-0006-ABCDEFFEDCBA}\ not found.
Starting removal of ActiveX control {CAFEEFAC-0015-0000-0009-ABCDEFFEDCBA}
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{CAFEEFAC-0015-0000-0009-ABCDEFFEDCBA}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-0015-0000-0009-ABCDEFFEDCBA}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Classes\CLSID\{CAFEEFAC-0015-0000-0009-ABCDEFFEDCBA}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{CAFEEFAC-0015-0000-0009-ABCDEFFEDCBA}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-0015-0000-0009-ABCDEFFEDCBA}\ not found.
Starting removal of ActiveX control {CAFEEFAC-0015-0000-0011-ABCDEFFEDCBA}
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{CAFEEFAC-0015-0000-0011-ABCDEFFEDCBA}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-0015-0000-0011-ABCDEFFEDCBA}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Classes\CLSID\{CAFEEFAC-0015-0000-0011-ABCDEFFEDCBA}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{CAFEEFAC-0015-0000-0011-ABCDEFFEDCBA}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-0015-0000-0011-ABCDEFFEDCBA}\ not found.
Starting removal of ActiveX control {CAFEEFAC-0016-0000-0001-ABCDEFFEDCBA}
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{CAFEEFAC-0016-0000-0001-ABCDEFFEDCBA}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0001-ABCDEFFEDCBA}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0001-ABCDEFFEDCBA}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{CAFEEFAC-0016-0000-0001-ABCDEFFEDCBA}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0001-ABCDEFFEDCBA}\ not found.
Starting removal of ActiveX control {CAFEEFAC-0016-0000-0003-ABCDEFFEDCBA}
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{CAFEEFAC-0016-0000-0003-ABCDEFFEDCBA}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0003-ABCDEFFEDCBA}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0003-ABCDEFFEDCBA}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{CAFEEFAC-0016-0000-0003-ABCDEFFEDCBA}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0003-ABCDEFFEDCBA}\ not found.
Starting removal of ActiveX control {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA}
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA}\ not found.
Starting removal of ActiveX control {46C66BBD-E667-4DAD-9682-58050E7C9FDC}
Registry error reading value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{46C66BBD-E667-4DAD-9682-58050E7C9FDC}\DownloadInformation\\INF .
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{46C66BBD-E667-4DAD-9682-58050E7C9FDC}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{46C66BBD-E667-4DAD-9682-58050E7C9FDC}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{46C66BBD-E667-4DAD-9682-58050E7C9FDC}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{46C66BBD-E667-4DAD-9682-58050E7C9FDC}\ not found.
Starting removal of ActiveX control {D68217F4-1DF9-45C1-BFA6-61DBD5464527}
C:\WINDOWS\Downloaded Program Files\zinst.inf moved successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{D68217F4-1DF9-45C1-BFA6-61DBD5464527}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{D68217F4-1DF9-45C1-BFA6-61DBD5464527}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{D68217F4-1DF9-45C1-BFA6-61DBD5464527}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{D68217F4-1DF9-45C1-BFA6-61DBD5464527}\ not found.
Starting removal of ActiveX control {E06E2E99-0AA1-11D4-ABA6-0060082AA75C}
C:\Program Files\WebEx\ieatgpc.inf moved successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{E06E2E99-0AA1-11D4-ABA6-0060082AA75C}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{E06E2E99-0AA1-11D4-ABA6-0060082AA75C}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{E06E2E99-0AA1-11D4-ABA6-0060082AA75C}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{E06E2E99-0AA1-11D4-ABA6-0060082AA75C}\ not found.
Starting removal of ActiveX control {E5D419D6-A846-4514-9FAD-97E826C84822}
C:\WINDOWS\Downloaded Program Files\heartbeat.inf moved successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{E5D419D6-A846-4514-9FAD-97E826C84822}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{E5D419D6-A846-4514-9FAD-97E826C84822}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{E5D419D6-A846-4514-9FAD-97E826C84822}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{E5D419D6-A846-4514-9FAD-97E826C84822}\ not found.
File oft XML Parser for Java file://C:\WINDOWS\Java\classes\xmldso.cab not found.
Starting removal of ActiveX control Microsoft XML Parser for Java
Registry error reading value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\Microsoft XML Parser for Java\DownloadInformation\\INF .
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\Microsoft XML Parser for Java\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\Microsoft XML Parser for Java\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{6d95edf7-c3d4-11de-ba57-001111c5b80e}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{6d95edf7-c3d4-11de-ba57-001111c5b80e}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{6d95edf7-c3d4-11de-ba57-001111c5b80e}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{6d95edf7-c3d4-11de-ba57-001111c5b80e}\ not found.
File G:\autorun.exe not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{6d95edf7-c3d4-11de-ba57-001111c5b80e}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{6d95edf7-c3d4-11de-ba57-001111c5b80e}\ not found.
File G:\autorun.exe not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{86d206ea-b1de-11dd-b1e2-001111c5b80e}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{86d206ea-b1de-11dd-b1e2-001111c5b80e}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{86d206ea-b1de-11dd-b1e2-001111c5b80e}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{86d206ea-b1de-11dd-b1e2-001111c5b80e}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{86d206ea-b1de-11dd-b1e2-001111c5b80e}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{86d206ea-b1de-11dd-b1e2-001111c5b80e}\ not found.
File G:\LaunchU3.exe not found.
Registry key HKEY_USERS\S-1-5-21-1118273687-2202621647-3972606896-1007_Classes\.com\ deleted successfully.
HKEY_LOCAL_MACHINE\Software\Classes\.com\\|comfile /E : value set successfully!
Registry key HKEY_USERS\S-1-5-21-1118273687-2202621647-3972606896-1007_Classes\.exe\ deleted successfully.
HKEY_LOCAL_MACHINE\Software\Classes\.exe\\|exefile /E : value set successfully!
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\StartUpReg\KernelFaultCheck\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\StartUpReg\NvCplDaemon\ deleted successfully.
========== COMMANDS ==========

[EMPTYTEMP]

User: All Users

User: Application Data

User: Brad
->Temp folder emptied: 2374545963 bytes
->Temporary Internet Files folder emptied: 30517808 bytes
->Java cache emptied: 0 bytes
->FireFox cache emptied: 37382643 bytes
->Apple Safari cache emptied: 2983268 bytes
->Flash cache emptied: 61232 bytes

User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 33170 bytes

User: LocalService
->Temp folder emptied: 66016 bytes
->Temporary Internet Files folder emptied: 33170 bytes

User: log

User: NetworkService
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 70383418 bytes
->Flash cache emptied: 3790 bytes

User: Owner

%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 16156219 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32\dllcache .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 30966379 bytes
%systemroot%\system32\config\systemprofile\Local Settings\Temp folder emptied: 12993242 bytes
%systemroot%\system32\config\systemprofile\Local Settings\Temporary Internet Files folder emptied: 33170 bytes
RecycleBin emptied: 180247 bytes

Total Files Cleaned = 2,457.00 mb


[EMPTYFLASH]

User: All Users

User: Application Data

User: Brad
->Flash cache emptied: 0 bytes

User: Default User

User: LocalService

User: log

User: NetworkService
->Flash cache emptied: 0 bytes

User: Owner

Total Flash Files Cleaned = 0.00 mb


OTL by OldTimer - Version 3.2.1.0 log created on 04042010_133225

Files\Folders moved on Reboot...

Registry entries deleted on Reboot...

New OTL:

OTL logfile created on: 4/4/2010 1:41:57 PM - Run 3
OTL by OldTimer - Version 3.2.1.0 Folder = C:\Documents and Settings\Brad\Desktop
Windows XP Home Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

2.00 Gb Total Physical Memory | 1.00 Gb Available Physical Memory | 65.00% Memory free
3.00 Gb Paging File | 2.00 Gb Available in Paging File | 77.00% Paging File free
Paging file location(s): C:\pagefile.sys 756 1512 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 285.34 Gb Total Space | 69.60 Gb Free Space | 24.39% Space Free | Partition Type: NTFS
D: Drive not present or media not loaded
E: Drive not present or media not loaded
Drive F: | 35.84 Gb Total Space | 7.50 Gb Free Space | 20.93% Space Free | Partition Type: NTFS
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded

Computer Name: DEBRAD
Current User Name: Brad
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: Current user
Company Name Whitelist: Off
Skip Microsoft Files: Off
File Age = 30 Days
Output = Standard

========== Processes (SafeList) ==========

PRC - [2010/04/04 12:14:50 | 000,561,664 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Brad\Desktop\OTL.exe
PRC - [2010/04/04 11:06:20 | 000,910,296 | ---- | M] (Mozilla Corporation) -- C:\Program Files\Mozilla Firefox\firefox.exe
PRC - [2010/03/30 08:43:30 | 002,064,224 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG9\avgtray.exe
PRC - [2010/03/30 08:43:27 | 001,101,152 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG9\avgchsvx.exe
PRC - [2010/03/05 04:35:34 | 000,508,184 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG9\avgrsx.exe
PRC - [2010/03/05 04:35:33 | 000,617,752 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG9\avgnsx.exe
PRC - [2010/03/05 04:35:28 | 000,308,064 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG9\avgwdsvc.exe
PRC - [2010/03/05 04:35:21 | 005,888,008 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG9\Identity Protection\Agent\Bin\AVGIDSAgent.exe
PRC - [2010/03/05 04:35:21 | 000,596,488 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG9\Identity Protection\Agent\Bin\AVGIDSMonitor.exe
PRC - [2010/03/05 04:34:05 | 002,325,816 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG9\avgfws9.exe
PRC - [2010/03/05 04:34:01 | 000,710,424 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG9\avgcsrvx.exe
PRC - [2010/03/05 04:33:50 | 000,836,888 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG9\avgam.exe
PRC - [2009/10/24 04:18:54 | 000,360,224 | ---- | M] (Sony Corporation) -- C:\Program Files\Sony\PMB\PMBDeviceInfoProvider.exe
PRC - [2009/02/19 10:34:32 | 000,233,472 | ---- | M] (Teruten) -- C:\WINDOWS\SYSTEM32\FsUsbExService.Exe
PRC - [2008/10/03 22:39:54 | 000,554,264 | ---- | M] (Acronis) -- C:\Program Files\Common Files\Acronis\Schedule2\schedul2.exe
PRC - [2008/05/16 06:11:44 | 000,648,504 | ---- | M] (Pure Networks, Inc.) -- C:\Program Files\Common Files\Pure Networks Shared\Platform\nmsrvc.exe
PRC - [2008/05/16 06:11:44 | 000,648,504 | ---- | M] (Pure Networks, Inc.) -- C:\Program Files\Common Files\Pure Networks Shared\Platform\nmctxth.exe
PRC - [2008/04/13 20:12:19 | 001,033,728 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe
PRC - [2007/04/19 22:29:56 | 000,149,024 | ---- | M] (Acronis) -- C:\Program Files\Common Files\Seagate\Schedule2\schedhlp.exe
PRC - [2004/08/04 07:00:00 | 000,019,456 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\SYSTEM32\TCPSVCS.EXE
PRC - [2003/09/17 12:43:36 | 000,057,344 | ---- | M] (Creative Technology Ltd) -- C:\Program Files\Creative\Sound Blaster Live! 24-bit\Surround Mixer\CTSysVol.exe


========== Modules (SafeList) ==========

MOD - [2010/04/04 12:14:50 | 000,561,664 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Brad\Desktop\OTL.exe


========== Win32 Services (SafeList) ==========

SRV - [2010/03/05 04:35:28 | 000,308,064 | ---- | M] (AVG Technologies CZ, s.r.o.) [Auto | Running] -- C:\Program Files\AVG\AVG9\avgwdsvc.exe -- (avg9wd)
SRV - [2010/03/05 04:35:21 | 005,888,008 | ---- | M] (AVG Technologies CZ, s.r.o.) [Auto | Running] -- C:\Program Files\AVG\AVG9\Identity Protection\Agent\Bin\AVGIDSAgent.exe -- (AVGIDSAgent)
SRV - [2010/03/05 04:34:05 | 002,325,816 | ---- | M] (AVG Technologies CZ, s.r.o.) [Auto | Running] -- C:\Program Files\AVG\AVG9\avgfws9.exe -- (avgfws9)
SRV - [2009/10/24 04:18:54 | 000,360,224 | ---- | M] (Sony Corporation) [Auto | Running] -- C:\Program Files\Sony\PMB\PMBDeviceInfoProvider.exe -- (PMBDeviceInfoProvider)
SRV - [2009/09/23 13:38:18 | 000,935,208 | ---- | M] (Nero AG) [Disabled | Stopped] -- C:\Program Files\Common Files\Nero\Nero BackItUp 4\NBService.exe -- (Nero BackItUp Scheduler 4.0)
SRV - [2009/05/20 04:35:38 | 001,128,944 | ---- | M] (Sonic Solutions) [On_Demand | Stopped] -- C:\Program Files\Common Files\Roxio Shared\11.0\SharedCOM\RoxMediaDB11.exe -- (RoxMediaDB11)
SRV - [2009/02/19 10:34:32 | 000,233,472 | ---- | M] (Teruten) [Auto | Running] -- C:\WINDOWS\SYSTEM32\FsUsbExService.Exe -- (FsUsbExService)
SRV - [2008/10/03 22:39:54 | 000,554,264 | ---- | M] (Acronis) [Auto | Running] -- C:\Program Files\Common Files\Acronis\Schedule2\schedul2.exe -- (AcrSch2Svc)
SRV - [2008/06/26 12:52:42 | 000,204,800 | ---- | M] () [Disabled | Stopped] -- C:\Program Files\Linksys\Linksys Updater\bin\LinksysUpdater.exe -- (LinksysUpdater)
SRV - [2008/05/16 06:11:44 | 000,648,504 | ---- | M] (Pure Networks, Inc.) [Auto | Running] -- C:\Program Files\Common Files\Pure Networks Shared\Platform\nmsrvc.exe -- (nmservice)
SRV - [2008/04/13 20:12:02 | 000,105,472 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\WINDOWS\SYSTEM32\p2pgasvc.dll -- (p2pgasvc)
SRV - [2008/04/07 10:17:30 | 000,430,592 | ---- | M] (Nokia.) [On_Demand | Stopped] -- C:\Program Files\PC Connectivity Solution\ServiceLayer.exe -- (ServiceLayer)
SRV - [2006/12/22 07:31:50 | 000,108,712 | ---- | M] () [Disabled | Stopped] -- C:\Program Files\Adobe\Photoshop Elements 5.0\PhotoshopElementsFileAgent.exe -- (AdobeActiveFileMonitor5.0)
SRV - [2004/08/04 07:00:00 | 000,019,456 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\WINDOWS\SYSTEM32\TCPSVCS.EXE -- (SimpTcp)


========== Driver Services (SafeList) ==========

DRV - [2010/03/05 04:35:37 | 000,242,696 | ---- | M] (AVG Technologies CZ, s.r.o.) [Kernel | System | Running] -- C:\WINDOWS\System32\Drivers\avgtdix.sys -- (AvgTdiX)
DRV - [2010/03/05 04:35:34 | 000,029,512 | ---- | M] (AVG Technologies CZ, s.r.o.) [File_System | System | Running] -- C:\WINDOWS\System32\Drivers\avgmfx86.sys -- (AvgMfx86)
DRV - [2010/03/05 04:35:23 | 000,122,376 | ---- | M] (AVG Technologies CZ, s.r.o. ) [Kernel | On_Demand | Running] -- C:\Program Files\AVG\AVG9\Identity Protection\Agent\Driver\Platform_XP\AVGIDSDriver.sys -- (AVGIDSDriverxpx)
DRV - [2010/03/05 04:35:23 | 000,030,216 | ---- | M] (AVG Technologies CZ, s.r.o. ) [Kernel | On_Demand | Running] -- C:\Program Files\AVG\AVG9\Identity Protection\Agent\Driver\Platform_XP\AVGIDSFilter.sys -- (AVGIDSFilterxpx)
DRV - [2010/03/05 04:35:23 | 000,026,120 | ---- | M] (AVG Technologies CZ, s.r.o. ) [Kernel | On_Demand | Running] -- C:\Program Files\AVG\AVG9\Identity Protection\Agent\Driver\Platform_XP\AVGIDSShim.sys -- (AVGIDSShimxpx)
DRV - [2010/03/05 04:35:23 | 000,025,096 | ---- | M] (AVG Technologies CZ, s.r.o. ) [Kernel | Boot | Running] -- C:\WINDOWS\System32\Drivers\AVGIDSxx.sys -- (AVGIDSErHrxpx)
DRV - [2010/03/05 04:34:02 | 000,216,200 | ---- | M] (AVG Technologies CZ, s.r.o.) [Kernel | System | Running] -- C:\WINDOWS\System32\Drivers\avgldx86.sys -- (AvgLdx86)
DRV - [2010/03/05 04:33:52 | 000,052,872 | ---- | M] (AVG Technologies CZ, s.r.o.) [File_System | Boot | Running] -- C:\WINDOWS\System32\Drivers\avgrkx86.sys -- (AvgRkx86)
DRV - [2010/02/13 15:07:21 | 000,025,512 | ---- | M] (Sony Ericsson Mobile Communications) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\SYSTEM32\DRIVERS\ggsemc.sys -- (ggsemc)
DRV - [2010/02/13 15:07:21 | 000,013,224 | ---- | M] (Sony Ericsson Mobile Communications) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\SYSTEM32\DRIVERS\ggflt.sys -- (ggflt)
DRV - [2009/10/28 07:12:05 | 000,030,104 | ---- | M] (AVG Technologies CZ, s.r.o.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\SYSTEM32\DRIVERS\avgfwdx.sys -- (Avgfwfd)
DRV - [2009/10/28 07:12:05 | 000,030,104 | ---- | M] (AVG Technologies CZ, s.r.o.) [Kernel | On_Demand | Running] -- C:\WINDOWS\SYSTEM32\DRIVERS\avgfwdx.sys -- (Avgfwdx)
DRV - [2009/06/17 12:56:24 | 000,079,248 | ---- | M] (Logitech, Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\SYSTEM32\DRIVERS\LMouKE.Sys -- (LMouKE)
DRV - [2009/06/17 12:55:26 | 000,063,248 | ---- | M] (Logitech, Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\SYSTEM32\DRIVERS\L8042mou.Sys -- (L8042mou)
DRV - [2009/04/22 15:26:18 | 000,528,256 | ---- | M] (eMPIA Technology, Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\SYSTEM32\DRIVERS\emOEM.sys -- (USB28xxOEM)
DRV - [2009/04/22 15:25:54 | 000,566,784 | ---- | M] (eMPIA Technology, Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\SYSTEM32\DRIVERS\emBDA.sys -- (USB28xxBGA)
DRV - [2009/02/19 10:34:30 | 000,036,608 | ---- | M] () [Kernel | On_Demand | Running] -- C:\WINDOWS\SYSTEM32\FsUsbExDisk.Sys -- (FsUsbExDisk)
DRV - [2008/10/25 15:27:42 | 000,971,168 | ---- | M] (Acronis) [Kernel | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\tdrpm140.sys -- (tdrpman140) Acronis Try&Decide and Restore Points filter (build 140)
DRV - [2008/10/25 15:27:38 | 000,540,000 | ---- | M] (Acronis) [Kernel | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\timntr.sys -- (timounter)
DRV - [2008/10/25 15:27:38 | 000,044,704 | ---- | M] (Acronis) [File_System | Auto | Running] -- C:\WINDOWS\SYSTEM32\DRIVERS\tifsfilt.sys -- (tifsfilter)
DRV - [2008/10/25 15:27:19 | 000,134,272 | ---- | M] (Acronis) [Kernel | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\snman380.sys -- (snapman380) Acronis Snapshots Manager (Build 380)
DRV - [2008/06/20 07:08:27 | 000,225,856 | ---- | M] (Microsoft Corporation) [Kernel | System | Running] -- C:\WINDOWS\SYSTEM32\DRIVERS\tcpip6.sys -- (Tcpip6)
DRV - [2008/06/04 09:34:08 | 000,122,024 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\SYSTEM32\DRIVERS\s1018mdm.sys -- (s1018mdm)
DRV - [2008/06/04 09:34:08 | 000,115,368 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\SYSTEM32\DRIVERS\s1018mgmt.sys -- (s1018mgmt) Sony Ericsson Device 1018 USB WMC Device Management Drivers (WDM)
DRV - [2008/06/04 09:34:08 | 000,090,408 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\SYSTEM32\DRIVERS\s1018bus.sys -- (s1018bus) Sony Ericsson Device 1018 driver (WDM)
DRV - [2008/06/04 09:34:08 | 000,025,768 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\SYSTEM32\DRIVERS\s1018nd5.sys -- (s1018nd5) Sony Ericsson Device 1018 USB Ethernet Emulation (NDIS)
DRV - [2008/06/04 09:34:06 | 000,117,544 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\SYSTEM32\DRIVERS\s1018unic.sys -- (s1018unic) Sony Ericsson Device 1018 USB Ethernet Emulation (WDM)
DRV - [2008/06/04 09:34:06 | 000,111,784 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\SYSTEM32\DRIVERS\s1018obex.sys -- (s1018obex)
DRV - [2008/06/04 09:34:06 | 000,015,016 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\SYSTEM32\DRIVERS\s1018mdfl.sys -- (s1018mdfl)
DRV - [2008/05/27 12:41:46 | 000,122,152 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\SYSTEM32\DRIVERS\s0017mdm.sys -- (s0017mdm)
DRV - [2008/05/27 12:41:46 | 000,117,672 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\SYSTEM32\DRIVERS\s0017unic.sys -- (s0017unic) Sony Ericsson Device 0017 USB Ethernet Emulation SEMC0017 (WDM)
DRV - [2008/05/27 12:41:46 | 000,111,912 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\SYSTEM32\DRIVERS\s0017obex.sys -- (s0017obex)
DRV - [2008/05/27 12:41:46 | 000,090,536 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\SYSTEM32\DRIVERS\s0017bus.sys -- (s0017bus) Sony Ericsson Device 0017 driver (WDM)
DRV - [2008/05/27 12:41:46 | 000,015,016 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\SYSTEM32\DRIVERS\s0017mdfl.sys -- (s0017mdfl)
DRV - [2008/05/27 12:41:44 | 000,115,496 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\SYSTEM32\DRIVERS\s0017mgmt.sys -- (s0017mgmt) Sony Ericsson Device 0017 USB WMC Device Management Drivers (WDM)
DRV - [2008/05/27 12:41:44 | 000,025,768 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\SYSTEM32\DRIVERS\s0017nd5.sys -- (s0017nd5) Sony Ericsson Device 0017 USB Ethernet Emulation SEMC0017 (NDIS)
DRV - [2008/05/16 14:31:00 | 006,557,408 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\SYSTEM32\DRIVERS\nv4_mini.sys -- (nv)
DRV - [2008/05/16 13:33:14 | 000,115,752 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\SYSTEM32\DRIVERS\s0016unic.sys -- (s0016unic) Sony Ericsson Device 0016 USB Ethernet Emulation SEMC0016 (WDM)
DRV - [2008/05/16 13:33:14 | 000,025,512 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\SYSTEM32\DRIVERS\s0016nd5.sys -- (s0016nd5) Sony Ericsson Device 0016 USB Ethernet Emulation SEMC0016 (NDIS)
DRV - [2008/05/16 13:33:14 | 000,015,016 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\SYSTEM32\DRIVERS\s0016mdfl.sys -- (s0016mdfl)
DRV - [2008/05/16 13:33:12 | 000,120,744 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\SYSTEM32\DRIVERS\s0016mdm.sys -- (s0016mdm)
DRV - [2008/05/16 13:33:12 | 000,114,216 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\SYSTEM32\DRIVERS\s0016mgmt.sys -- (s0016mgmt) Sony Ericsson Device 0016 USB WMC Device Management Drivers (WDM)
DRV - [2008/05/16 13:33:12 | 000,110,632 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\SYSTEM32\DRIVERS\s0016obex.sys -- (s0016obex)
DRV - [2008/05/16 13:33:12 | 000,089,256 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\SYSTEM32\DRIVERS\s0016bus.sys -- (s0016bus) Sony Ericsson Device 0016 driver (WDM)
DRV - [2008/05/16 06:10:32 | 000,023,992 | ---- | M] (Pure Networks, Inc.) [Kernel | Auto | Running] -- C:\WINDOWS\SYSTEM32\DRIVERS\pnarp.sys -- (pnarp)
DRV - [2008/05/16 06:10:30 | 000,025,272 | ---- | M] (Pure Networks, Inc.) [Kernel | Auto | Running] -- C:\WINDOWS\SYSTEM32\DRIVERS\purendis.sys -- (purendis)
DRV - [2008/04/13 15:45:12 | 000,060,032 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\SYSTEM32\DRIVERS\USBAUDIO.sys -- (usbaudio) USB Audio Driver (WDM)
DRV - [2008/04/13 14:56:06 | 000,088,320 | ---- | M] (Microsoft Corporation) [Kernel | Auto | Running] -- C:\WINDOWS\SYSTEM32\DRIVERS\nwlnkipx.sys -- (NwlnkIpx)
DRV - [2008/04/13 14:46:22 | 000,015,232 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\SYSTEM32\DRIVERS\MPE.sys -- (MPE)
DRV - [2008/04/13 14:36:39 | 000,043,008 | ---- | M] (Advanced Micro Devices, Inc.) [Kernel | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\amdagp.sys -- (amdagp)
DRV - [2008/04/13 14:36:39 | 000,040,960 | ---- | M] (Silicon Integrated Systems Corporation) [Kernel | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\sisagp.sys -- (sisagp)
DRV - [2007/11/16 21:34:21 | 000,019,712 | ---- | M] (Printing Communications Assoc., Inc. (PCAUSA)) [Kernel | On_Demand | Stopped] -- C:\Program Files\Common Files\Motive\MREMP50.sys -- (MREMP50)
DRV - [2007/11/16 21:34:21 | 000,018,304 | ---- | M] (Printing Communications Assoc., Inc. (PCAUSA)) [Kernel | On_Demand | Stopped] -- C:\Program Files\Common Files\Motive\MRESP50.sys -- (MRESP50)
DRV - [2007/09/17 16:53:26 | 000,021,632 | ---- | M] (Nokia) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\SYSTEM32\DRIVERS\pccsmcfd.sys -- (pccsmcfd)
DRV - [2007/07/03 17:58:20 | 000,106,792 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\SYSTEM32\DRIVERS\sscdmdm.sys -- (sscdmdm)
DRV - [2007/07/03 17:57:24 | 000,011,944 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\SYSTEM32\DRIVERS\sscdmdfl.sys -- (sscdmdfl)
DRV - [2007/07/03 17:54:24 | 000,080,552 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\SYSTEM32\DRIVERS\sscdbus.sys -- (sscdbus) SAMSUNG USB Composite Device driver (WDM)
DRV - [2007/06/25 11:43:38 | 000,098,344 | ---- | M] (MCCI Corporation) [Kernel | Disabled | Stopped] -- C:\WINDOWS\SYSTEM32\DRIVERS\s117obex.sys -- (s117obex)
DRV - [2007/06/25 11:43:36 | 000,108,456 | ---- | M] (MCCI Corporation) [Kernel | Disabled | Stopped] -- C:\WINDOWS\SYSTEM32\DRIVERS\s117mdm.sys -- (s117mdm)
DRV - [2007/06/25 11:43:36 | 000,100,264 | ---- | M] (MCCI Corporation) [Kernel | Disabled | Stopped] -- C:\WINDOWS\SYSTEM32\DRIVERS\s117mgmt.sys -- (s117mgmt) Sony Ericsson Device 117 USB WMC Device Management Drivers (WDM)
DRV - [2007/06/25 11:43:36 | 000,098,856 | ---- | M] (MCCI Corporation) [Kernel | Disabled | Stopped] -- C:\WINDOWS\SYSTEM32\DRIVERS\s117unic.sys -- (s117unic) Sony Ericsson Device 117 USB Ethernet Emulation SEMC117 (WDM)
DRV - [2007/06/25 11:43:36 | 000,022,952 | ---- | M] (MCCI Corporation) [Kernel | Disabled | Stopped] -- C:\WINDOWS\SYSTEM32\DRIVERS\s117nd5.sys -- (s117nd5) Sony Ericsson Device 117 USB Ethernet Emulation SEMC117 (NDIS)
DRV - [2007/06/25 11:43:26 | 000,014,888 | ---- | M] (MCCI Corporation) [Kernel | Disabled | Stopped] -- C:\WINDOWS\SYSTEM32\DRIVERS\s117mdfl.sys -- (s117mdfl)
DRV - [2007/06/25 11:43:22 | 000,082,984 | ---- | M] (MCCI Corporation) [Kernel | Disabled | Stopped] -- C:\WINDOWS\SYSTEM32\DRIVERS\s117bus.sys -- (s117bus) Sony Ericsson Device 117 driver (WDM)
DRV - [2007/04/03 13:59:42 | 000,099,080 | ---- | M] (MCCI Corporation) [Kernel | Disabled | Stopped] -- C:\WINDOWS\SYSTEM32\DRIVERS\s616unic.sys -- (s616unic) Sony Ericsson Device 616 USB Ethernet Emulation SEMC616 (WDM)
DRV - [2007/04/03 13:59:42 | 000,098,568 | ---- | M] (MCCI Corporation) [Kernel | Disabled | Stopped] -- C:\WINDOWS\SYSTEM32\DRIVERS\s616obex.sys -- (s616obex)
DRV - [2007/04/03 13:59:42 | 000,023,176 | ---- | M] (MCCI Corporation) [Kernel | Disabled | Stopped] -- C:\WINDOWS\SYSTEM32\DRIVERS\s616nd5.sys -- (s616nd5) Sony Ericsson Device 616 USB Ethernet Emulation SEMC616 (NDIS)
DRV - [2007/04/03 13:59:40 | 000,100,360 | ---- | M] (MCCI Corporation) [Kernel | Disabled | Stopped] -- C:\WINDOWS\SYSTEM32\DRIVERS\s616mgmt.sys -- (s616mgmt) Sony Ericsson Device 616 USB WMC Device Management Drivers (WDM)
DRV - [2007/04/03 13:59:38 | 000,108,680 | ---- | M] (MCCI Corporation) [Kernel | Disabled | Stopped] -- C:\WINDOWS\SYSTEM32\DRIVERS\s616mdm.sys -- (s616mdm)
DRV - [2007/04/03 13:59:36 | 000,015,112 | ---- | M] (MCCI Corporation) [Kernel | Disabled | Stopped] -- C:\WINDOWS\SYSTEM32\DRIVERS\s616mdfl.sys -- (s616mdfl)
DRV - [2007/04/03 13:59:30 | 000,083,208 | ---- | M] (MCCI Corporation) [Kernel | Disabled | Stopped] -- C:\WINDOWS\SYSTEM32\DRIVERS\s616bus.sys -- (s616bus) Sony Ericsson Device 616 driver (WDM)
DRV - [2006/02/17 22:17:46 | 000,086,368 | R--- | M] (MCCI) [Kernel | Disabled | Stopped] -- C:\WINDOWS\SYSTEM32\DRIVERS\z525obex.sys -- (z525obex)
DRV - [2006/02/17 22:17:44 | 000,088,560 | R--- | M] (MCCI) [Kernel | Disabled | Stopped] -- C:\WINDOWS\SYSTEM32\DRIVERS\z525mgmt.sys -- (z525mgmt) Sony Ericsson Z525 USB WMC Device Management Drivers (WDM)
DRV - [2006/02/17 22:17:38 | 000,097,056 | R--- | M] (MCCI) [Kernel | Disabled | Stopped] -- C:\WINDOWS\SYSTEM32\DRIVERS\z525mdm.sys -- (z525mdm)
DRV - [2006/02/17 22:17:36 | 000,009,264 | R--- | M] (MCCI) [Kernel | Disabled | Stopped] -- C:\WINDOWS\SYSTEM32\DRIVERS\z525mdfl.sys -- (z525mdfl)
DRV - [2006/02/17 22:17:32 | 000,061,536 | R--- | M] (MCCI) [Kernel | Disabled | Stopped] -- C:\WINDOWS\SYSTEM32\DRIVERS\z525bus.sys -- (z525bus) Sony Ericsson Z525 Driver driver (WDM)
DRV - [2005/06/05 21:44:05 | 000,091,841 | R--- | M] (Creative Technology Ltd.) [Kernel | On_Demand | Running] -- C:\WINDOWS\SYSTEM32\DRIVERS\P0630Vid.sys -- (P0630VID)
DRV - [2004/12/01 04:22:00 | 000,087,488 | ---- | M] (Sonic Solutions) [Kernel | Boot | Running] -- C:\WINDOWS\system32\drivers\drvmcdb.sys -- (drvmcdb)
DRV - [2004/11/23 03:56:00 | 000,040,480 | ---- | M] (Sonic Solutions) [File_System | Auto | Running] -- C:\WINDOWS\SYSTEM32\DRIVERS\drvnddm.sys -- (drvnddm)
DRV - [2004/11/22 19:36:40 | 000,018,003 | ---- | M] (Motive, Inc.) [Kernel | On_Demand | Stopped] -- c:\Program Files\Common Files\Motive\MRENDIS5.sys -- (MRENDIS5)
DRV - [2004/11/16 02:05:00 | 000,100,603 | ---- | M] (Sonic Solutions) [File_System | Auto | Running] -- C:\WINDOWS\SYSTEM32\dla\tfsnudfa.sys -- (tfsnudfa)
DRV - [2004/11/16 02:05:00 | 000,098,714 | ---- | M] (Sonic Solutions) [File_System | Auto | Running] -- C:\WINDOWS\SYSTEM32\dla\tfsnudf.sys -- (tfsnudf)
DRV - [2004/11/16 02:05:00 | 000,086,554 | ---- | M] (Sonic Solutions) [File_System | Auto | Running] -- C:\WINDOWS\SYSTEM32\dla\tfsnifs.sys -- (tfsnifs)
DRV - [2004/11/16 02:05:00 | 000,034,843 | ---- | M] (Sonic Solutions) [File_System | Auto | Running] -- C:\WINDOWS\SYSTEM32\dla\tfsncofs.sys -- (tfsncofs)
DRV - [2004/11/16 02:05:00 | 000,025,883 | ---- | M] (Sonic Solutions) [File_System | Auto | Running] -- C:\WINDOWS\SYSTEM32\dla\tfsnboio.sys -- (tfsnboio)
DRV - [2004/11/16 02:05:00 | 000,015,227 | ---- | M] (Sonic Solutions) [File_System | Auto | Running] -- C:\WINDOWS\SYSTEM32\dla\tfsnopio.sys -- (tfsnopio)
DRV - [2004/11/16 02:05:00 | 000,006,363 | ---- | M] (Sonic Solutions) [File_System | Auto | Running] -- C:\WINDOWS\SYSTEM32\dla\tfsnpool.sys -- (tfsnpool)
DRV - [2004/11/16 02:05:00 | 000,004,123 | ---- | M] (Sonic Solutions) [File_System | Auto | Running] -- C:\WINDOWS\SYSTEM32\dla\tfsndrct.sys -- (tfsndrct)
DRV - [2004/11/16 02:05:00 | 000,002,239 | ---- | M] (Sonic Solutions) [File_System | Auto | Running] -- C:\WINDOWS\SYSTEM32\dla\tfsndres.sys -- (tfsndres)
DRV - [2004/08/04 07:00:00 | 000,063,232 | ---- | M] (Microsoft Corporation) [Kernel | Auto | Running] -- C:\WINDOWS\SYSTEM32\DRIVERS\NWLNKNB.SYS -- (NwlnkNb)
DRV - [2004/08/04 07:00:00 | 000,055,936 | ---- | M] (Microsoft Corporation) [Kernel | Auto | Running] -- C:\WINDOWS\SYSTEM32\DRIVERS\NWLNKSPX.SYS -- (NwlnkSpx)
DRV - [2004/07/14 12:29:04 | 000,005,627 | ---- | M] (Sonic Solutions) [File_System | System | Running] -- C:\WINDOWS\SYSTEM32\DRIVERS\sscdbhk5.sys -- (sscdbhk5)
DRV - [2004/07/14 12:28:50 | 000,023,545 | ---- | M] (Sonic Solutions) [File_System | System | Running] -- C:\WINDOWS\SYSTEM32\DRIVERS\ssrtln.sys -- (ssrtln)
DRV - [2004/06/09 14:16:00 | 000,840,960 | ---- | M] (Creative Technology Ltd.) [Kernel | On_Demand | Running] -- C:\WINDOWS\SYSTEM32\DRIVERS\P17.sys -- (P17)
DRV - [2003/11/17 17:59:20 | 000,212,224 | ---- | M] (Conexant Systems, Inc.) [Kernel | Disabled | Stopped] -- C:\WINDOWS\SYSTEM32\DRIVERS\HSFHWBS2.sys -- (HSFHWBS2)
DRV - [2003/11/17 17:58:02 | 000,680,704 | ---- | M] (Conexant Systems, Inc.) [Kernel | Disabled | Stopped] -- C:\WINDOWS\SYSTEM32\DRIVERS\HSF_CNXT.sys -- (winachsf)
DRV - [2003/11/17 17:56:26 | 001,042,432 | ---- | M] (Conexant Systems, Inc.) [Kernel | Disabled | Stopped] -- C:\WINDOWS\SYSTEM32\DRIVERS\HSF_DP.sys -- (HSF_DP)
DRV - [2003/09/22 10:48:00 | 000,130,192 | ---- | M] (Creative Technology Ltd) [Kernel | On_Demand | Running] -- C:\WINDOWS\SYSTEM32\DRIVERS\ctsfm2k.sys -- (ctsfm2k)
DRV - [2003/09/22 10:47:00 | 000,178,672 | ---- | M] (Creative Technology Ltd.) [Kernel | On_Demand | Running] -- C:\WINDOWS\SYSTEM32\DRIVERS\ctoss2k.sys -- (ossrv)
DRV - [2003/03/05 14:19:00 | 000,015,840 | ---- | M] (Creative Technology Ltd.) [Kernel | Auto | Running] -- C:\WINDOWS\SYSTEM32\DRIVERS\Pfmodnt.sys -- (PfModNT)
DRV - [2002/11/08 15:45:06 | 000,017,217 | ---- | M] (Dell Computer Corporation) [Kernel | System | Running] -- C:\WINDOWS\SYSTEM32\DRIVERS\omci.sys -- (omci)
DRV - [2002/07/26 15:19:08 | 000,016,509 | ---- | M] (Palm, Inc.) [Kernel | Disabled | Stopped] -- C:\WINDOWS\SYSTEM32\DRIVERS\PalmUSBD.sys -- (PalmUSBD)
DRV - [2001/08/17 16:07:44 | 000,019,072 | ---- | M] (Adaptec, Inc.) [Kernel | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\sparrow.sys -- (Sparrow)
DRV - [2001/08/17 16:07:42 | 000,030,688 | ---- | M] (LSI Logic) [Kernel | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\sym_u3.sys -- (sym_u3)
DRV - [2001/08/17 16:07:40 | 000,028,384 | ---- | M] (LSI Logic) [Kernel | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\sym_hi.sys -- (sym_hi)
DRV - [2001/08/17 16:07:36 | 000,032,640 | ---- | M] (LSI Logic) [Kernel | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\symc8xx.sys -- (symc8xx)
DRV - [2001/08/17 16:07:34 | 000,016,256 | ---- | M] (Symbios Logic Inc.) [Kernel | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\symc810.sys -- (symc810)
DRV - [2001/08/17 15:57:38 | 000,016,128 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\SYSTEM32\DRIVERS\MODEMCSA.sys -- (MODEMCSA)
DRV - [2001/08/17 15:52:22 | 000,036,736 | ---- | M] (Promise Technology, Inc.) [Kernel | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\ultra.sys -- (ultra)
DRV - [2001/08/17 15:52:20 | 000,045,312 | ---- | M] (QLogic Corporation) [Kernel | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\ql12160.sys -- (ql12160)
DRV - [2001/08/17 15:52:20 | 000,040,320 | ---- | M] (QLogic Corporation) [Kernel | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\ql1080.sys -- (ql1080)
DRV - [2001/08/17 15:52:18 | 000,049,024 | ---- | M] (QLogic Corporation) [Kernel | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\ql1280.sys -- (ql1280)
DRV - [2001/08/17 15:52:16 | 000,179,584 | ---- | M] (Mylex Corporation) [Kernel | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\dac2w2k.sys -- (dac2w2k)
DRV - [2001/08/17 15:52:12 | 000,017,280 | ---- | M] (American Megatrends Inc.) [Kernel | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\mraid35x.sys -- (mraid35x)
DRV - [2001/08/17 15:52:00 | 000,026,496 | ---- | M] (Advanced System Products, Inc.) [Kernel | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\asc.sys -- (asc)
DRV - [2001/08/17 15:51:58 | 000,014,848 | ---- | M] (Advanced System Products, Inc.) [Kernel | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\asc3550.sys -- (asc3550)
DRV - [2001/08/17 15:51:56 | 000,005,248 | ---- | M] (Acer Laboratories Inc.) [Kernel | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\aliide.sys -- (AliIde)
DRV - [2001/08/17 15:51:54 | 000,006,656 | ---- | M] (CMD Technology, Inc.) [Kernel | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\cmdide.sys -- (CmdIde)
DRV - [2001/05/07 06:56:02 | 000,019,805 | R--- | M] (Thesycon GmbH, Germany) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\SYSTEM32\DRIVERS\usbio.sys -- (USBIO) USBIO Driver (usbio.sys)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========


IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,SearchMigratedDefaultName = Live Search
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,SearchMigratedDefaultURL = http://search.live.com/results.aspx?q={sea...ferrer:source?}
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.windstream.net/wind/portal/index.aspx
IE - HKCU\..\URLSearchHook: {A3BC75A2-1F87-4686-AA43-5347D756017C} - C:\Program Files\AVG\AVG9\Toolbar\IEToolbar.dll ()
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = 127.0.0.1;localhost;*.local

========== FireFox ==========

FF - prefs.js..browser.search.defaultengine: "Ask.com"
FF - prefs.js..browser.search.defaultenginename: "Ask.com"
FF - prefs.js..browser.search.order.1: "Ask.com"
FF - prefs.js..browser.search.selectedEngine: "Google"
FF - prefs.js..browser.search.useDBForOrder: true
FF - prefs.js..browser.startup.homepage: "http://www.windstream.net/wind/portal/index.aspx"
FF - prefs.js..extensions.enabledItems: {3f963a5b-e555-4543-90e2-c3908898db71}:9.0.0.783
FF - prefs.js..extensions.enabledItems: avg@igeared:4.002.023.004
FF - prefs.js..extensions.enabledItems: jqs@sun.com:1.0
FF - prefs.js..extensions.enabledItems: FFToolbar@upromise:6.2.2.1363
FF - prefs.js..network.proxy.no_proxies_on: "127.0.0.1,localhost"

FF - HKLM\software\mozilla\Firefox\Extensions\\{3f963a5b-e555-4543-90e2-c3908898db71}: C:\Program Files\AVG\AVG9\Firefox [2010/03/05 08:03:45 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Firefox\Extensions\\avg@igeared: C:\Program Files\AVG\AVG9\Toolbar\Firefox\avg@igeared [2010/03/20 11:18:27 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.6.3\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2010/04/04 11:06:30 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.6.3\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2010/04/04 11:06:30 | 000,000,000 | ---D | M]

[2008/11/06 17:43:37 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Brad\Application Data\Mozilla\Extensions
[2010/04/04 11:08:26 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Brad\Application Data\Mozilla\Firefox\Profiles\5wo5dy23.default\extensions
[2009/09/01 19:35:00 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Documents and Settings\Brad\Application Data\Mozilla\Firefox\Profiles\5wo5dy23.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}
[2010/02/01 08:48:00 | 000,000,000 | ---D | M] (Download Statusbar) -- C:\Documents and Settings\Brad\Application Data\Mozilla\Firefox\Profiles\5wo5dy23.default\extensions\{D4DD63FA-01E4-46a7-B6B1-EDAB7D6AD389}
[2010/01/28 19:31:13 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Brad\Application Data\Mozilla\Firefox\Profiles\5wo5dy23.default\extensions\autopager@mozilla.org
[2009/10/10 08:06:18 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Brad\Application Data\Mozilla\Firefox\Profiles\5wo5dy23.default\extensions\FFToolbar@upromise
[2010/01/28 19:31:28 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Brad\Application Data\Mozilla\Firefox\Profiles\5wo5dy23.default\extensions\ilab@intuit
[2009/04/30 21:10:50 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Brad\Application Data\Mozilla\Firefox\Profiles\5wo5dy23.default\extensions\moveplayer@movenetworks.com
[2010/01/07 08:19:50 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Brad\Application Data\Mozilla\Firefox\Profiles\5wo5dy23.default\extensions\piclens@cooliris.com
[2010/01/28 19:31:24 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Brad\Application Data\Mozilla\Firefox\Profiles\5wo5dy23.default\extensions\twitternotifier@naan.net
[2010/03/12 15:41:11 | 000,002,256 | ---- | M] () -- C:\Documents and Settings\Brad\Application Data\Mozilla\Firefox\Profiles\5wo5dy23.default\searchplugins\askcom.xml
[2010/04/03 15:48:33 | 000,001,614 | ---- | M] () -- C:\Documents and Settings\Brad\Application Data\Mozilla\Firefox\Profiles\5wo5dy23.default\searchplugins\rob-thomas.xml
[2010/04/04 11:08:26 | 000,000,000 | ---D | M] -- C:\Program Files\Mozilla Firefox\extensions
[2008/06/18 02:43:04 | 000,086,016 | ---- | M] (Coupons, Inc.) -- C:\Program Files\Mozilla Firefox\plugins\npCouponPrinter.dll
[2009/05/23 15:26:02 | 000,283,952 | ---- | M] (Musicnotes, Inc.) -- C:\Program Files\Mozilla Firefox\plugins\npmusicn.dll

O1 HOSTS File: ([2008/12/26 10:24:23 | 000,000,027 | ---- | M]) - C:\WINDOWS\SYSTEM32\DRIVERS\ETC\hosts
O1 - Hosts: 127.0.0.1 localhost
O2 - BHO: (AVG Safe Search) - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG9\avgssie.dll (AVG Technologies CZ, s.r.o.)
O2 - BHO: (DriveLetterAccess) - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\SYSTEM32\dla\tfswshx.dll (Sonic Solutions)
O2 - BHO: (AVG Security Toolbar BHO) - {A3BC75A2-1F87-4686-AA43-5347D756017C} - C:\Program Files\AVG\AVG9\Toolbar\IEToolbar.dll ()
O2 - BHO: (no name) - AutorunsDisabled - No CLSID value found.
O3 - HKLM\..\Toolbar: (AVG Security Toolbar) - {CCC7A320-B3CA-4199-B1A6-9F516DD69829} - C:\Program Files\AVG\AVG9\Toolbar\IEToolbar.dll ()
O3 - HKCU\..\Toolbar\WebBrowser: (AVG Security Toolbar) - {CCC7A320-B3CA-4199-B1A6-9F516DD69829} - C:\Program Files\AVG\AVG9\Toolbar\IEToolbar.dll ()
O4 - HKLM..\Run: [Acronis Scheduler2 Service] C:\Program Files\Common Files\Seagate\Schedule2\schedhlp.exe (Acronis)
O4 - HKLM..\Run: [AppleSyncNotifier] C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe (Apple Inc.)
O4 - HKLM..\Run: [AVG9_TRAY] C:\Program Files\AVG\AVG9\avgtray.exe (AVG Technologies CZ, s.r.o.)
O4 - HKLM..\Run: [CTSysVol] C:\Program Files\Creative\Sound Blaster Live! 24-bit\Surround Mixer\CTSysVol.exe (Creative Technology Ltd)
O4 - HKLM..\Run: [nmctxth] C:\Program Files\Common Files\Pure Networks Shared\Platform\nmctxth.exe (Pure Networks, Inc.)
O4 - HKLM..\Run: [NvCplDaemon] C:\WINDOWS\System32\NvCpl.DLL (NVIDIA Corporation)
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\AutorunsDisabled [2010/03/11 07:53:39 | 000,000,000 | -H-D | M]
O4 - Startup: C:\Documents and Settings\Brad\Start Menu\Programs\Startup\AutorunsDisabled [2009/10/26 07:44:00 | 000,000,000 | -H-D | M]
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoCDBurning = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLinkedConnections = 1
O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O8 - Extra context menu item: &MSN Search - C:\Program Files\MSN Toolbar Suite\TB\02.05.0001.1119\en-us\msntb.dll (Microsoft Corporation)
O8 - Extra context menu item: Open in new background tab - C:\Program Files\MSN Toolbar Suite\TAB\02.05.0001.1119\en-us\msntabres.dll (Microsoft Corporation)
O8 - Extra context menu item: Open in new foreground tab - C:\Program Files\MSN Toolbar Suite\TAB\02.05.0001.1119\en-us\msntabres.dll (Microsoft Corporation)
O9 - Extra Button: HP Clipbook - {58ECB495-38F0-49cb-A538-10282ABF65E7} - C:\Program Files\HP\Smart Web Printing\hpswp_extensions.dll (Hewlett-Packard Co.)
O9 - Extra Button: HP Smart Select - {700259D7-1666-479a-93B1-3250410481E8} - C:\Program Files\HP\Smart Web Printing\hpswp_extensions.dll (Hewlett-Packard Co.)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000006 [] - C:\WINDOWS\SYSTEM32\nwprovau.dll (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000007 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O15 - HKCU\..Trusted Domains: alltel.com ([care] http in Trusted sites)
O15 - HKCU\..Trusted Domains: alltel.com ([care] https in Trusted sites)
O15 - HKCU\..Trusted Domains: aol.com ([objects] * is out of zone range - 5)
O16 - DPF: {01A88BB1-1174-41EC-ACCB-963509EAE56B} https://support.dell.com/systemprofiler/SysPro.CAB (SysProWmi Class)
O16 - DPF: {02BF25D5-8C17-4B23-BC80-D3488ABDDC6B} http://a1540.g.akamai.net/7/1540/52/200612...ex/qtplugin.cab (QuickTime Object)
O16 - DPF: {05CA9FB0-3E3E-4B36-BF41-0E3A5CAA8CD8} http://download.microsoft.com/download/e/7.../OGAControl.cab (Office Genuine Advantage Validation Tool)
O16 - DPF: {0742B9EF-8C83-41CA-BFBA-830A59E23533} https://support.microsoft.com/OAS/ActiveX/MSDcode.cab (Microsoft Data Collection Control)
O16 - DPF: {1239CC52-59EF-4DFA-8C61-90FFA846DF7E} http://www.musicnotes.com/download/mnviewer.cab (Musicnotes Viewer)
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} http://go.microsoft.com/fwlink/?linkid=39204 (Windows Genuine Advantage Validation Tool)
O16 - DPF: {3E68E405-C6DE-49FF-83AE-41EE9F4C36CE} http://office.microsoft.com/officeupdate/content/opuc2.cab (Office Update Installation Engine)
O16 - DPF: {48DD0448-9209-4F81-9F6D-D83562940134} http://lads.myspace.com/upload/MySpaceUploader1006.cab (MySpace Uploader Control)
O16 - DPF: {4A3CF76B-EC7A-405D-A67D-8DC6B52AB35B} http://aolcc.aol.com/computercheckup/qdiagcc.cab (QDiagAOLCCUpdateObj Class)
O16 - DPF: {56762DEC-6B0D-4AB4-A8AD-989993B5D08B} http://www.eset.eu/buxus/docs/OnlineScanner.cab (OnlineScanner Control)
O16 - DPF: {5D637FAD-E202-48D1-8F18-5B9C459BD1E3} http://www.winkflash.com/photo/loaders/ImageUploader5.cab (Image Uploader Control)
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} http://update.microsoft.com/microsoftupdat...b?1130593343250 (MUWebControl Class)
O16 - DPF: {6E5E167B-1566-4316-B27F-0DDAB3484CF7} http://www.winkflash.com/photo/loaders/ImageUploader4.cab (Image Uploader Control)
O16 - DPF: {72C9EA8F-8965-40C2-ABAD-D460A5815F86} http://host.oddcast.com/hostClientIE.cab (hostCntrlIE Class)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Java Plug-in 1.6.0_18)
O16 - DPF: {A8F2B9BD-A6A0-486A-9744-18920D898429} http://www.sibelius.com/download/software/...tiveXPlugin.cab (ScorchPlugin Class)
O16 - DPF: {B1E2B96C-12FE-45E2-BEF1-44A219113CDD} http://www.superadblocker.com/activex/sabspx.cab (SABScanProcesses Class)
O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} http://cdn2.zone.msn.com/binFramework/v10/...ro.cab34246.cab (ZoneIntro Class)
O16 - DPF: {C7DB51B4-BCF7-4923-8874-7F1A0DC92277} http://office.microsoft.com/officeupdate/content/opuc4.cab (Office Update Installation Engine)
O16 - DPF: {CAFEEFAC-0016-0000-0018-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Java Plug-in 1.6.0_18)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Java Plug-in 1.6.0_18)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://fpdownload2.macromedia.com/get/flas...ent/swflash.cab (Shockwave Flash Object)
O16 - DPF: {EBF85371-A38F-485B-B28F-0B4C82D25937} http://update.hpphoto.com/download/HPSWUpdate.ocx (CUpdateCtl Object)
O16 - DPF: {FFBB3F3B-0A5A-4106-BE53-DFE1E2340CB1} http://dlm.tools.akamai.com/dlmanager/vers...vex-2.2.1.6.cab (DownloadManager Control)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.254.254
O18 - Protocol\Handler\linkscanner {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG9\avgpp.dll (AVG Technologies CZ, s.r.o.)
O18 - Protocol\Handler\msnim {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files\MSN Messenger\msgrapp.dll (Microsoft Corporation)
O18 - Protocol\Handler\pure-go {4746C79A-2042-4332-8650-48966E44ABA8} - C:\Program Files\Common Files\Pure Networks Shared\Platform\puresp4.dll (Pure Networks, Inc.)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - Winlogon\Notify\AutorunsDisabled: DllName - Reg Error: Value error. - Reg Error: Value error. File not found
O20 - Winlogon\Notify\avgrsstarter: DllName - avgrsstx.dll - C:\WINDOWS\System32\avgrsstx.dll (AVG Technologies CZ, s.r.o.)
O20 - Winlogon\Notify\igfxcui: DllName - igfxdev.dll - C:\WINDOWS\System32\igfxdev.dll (Intel Corporation)
O24 - Desktop Components:0 () -
O24 - Desktop WallPaper: C:\Documents and Settings\Brad\My Documents\My Pictures\3-15-2010\aaron.bmp
O24 - Desktop BackupWallPaper: C:\Documents and Settings\Brad\My Documents\My Pictures\3-15-2010\aaron.bmp
O29 - HKLM SecurityProviders - (zwebauth.dll) - C:\WINDOWS\System32\ZWebAuth.dll ()
O30 - LSA: Authentication Packages - (relog_ap) - C:\WINDOWS\System32\relog_ap.dll (Acronis)
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2004/08/10 15:04:08 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

========== Files/Folders - Created Within 30 Days ==========

[2010/04/04 13:32:25 | 000,000,000 | ---D | C] -- C:\_OTL
[2010/04/04 13:30:44 | 000,050,176 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\proquota.exe
[2010/04/04 13:30:44 | 000,050,176 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\proquota.exe
[2010/04/04 12:14:50 | 000,561,664 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\Brad\Desktop\OTL.exe
[2010/04/04 09:05:25 | 000,000,000 | ---D | M] -- C:\Documents and Settings\NetworkService\Application Data\Macromedia
[2010/04/04 09:05:19 | 000,000,000 | ---D | M] -- C:\Documents and Settings\NetworkService\Application Data\Adobe
[2010/04/04 09:05:09 | 000,000,000 | ---D | M] -- C:\Documents and Settings\NetworkService\Local Settings\Application Data\Adobe
[2010/03/29 05:36:51 | 000,000,000 | RH-D | C] -- C:\Documents and Settings\Brad\Recent
[2010/03/28 11:48:23 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Brad\Application Data\Uniblue
[2010/03/24 17:28:42 | 213,816,312 | ---- | C] (Nero AG) -- C:\Documents and Settings\Brad\Desktop\Nero-9.4.26.0b_update(2).exe
[2010/03/23 22:06:15 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Brad\Local Settings\Application Data\Nero
[2010/03/23 17:55:41 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Brad\Local Settings\Application Data\Nero_AG
[2010/03/22 18:49:43 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Brad\My Documents\Nero Collections
[2010/03/21 13:45:11 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Brad\My Documents\Phone Backup
[2010/03/21 13:43:34 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Brad\Application Data\Sony
[2010/03/21 13:43:34 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Sony
[2010/03/21 13:41:02 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Brad\Local Settings\Application Data\Sony
[2010/03/21 13:39:06 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Sony Shared
[2010/03/21 13:14:34 | 360,541,416 | ---- | C] (Nero AG) -- C:\Documents and Settings\Brad\Desktop\Nero_BackItUpAndBurn-1.2.17b.exe
[2010/03/14 23:35:57 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Brad\Application Data\Nero
[2010/03/14 23:17:51 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Nero
[2010/03/12 22:30:07 | 000,000,000 | -HSD | C] -- C:\WINDOWS\Installer
[2010/03/11 21:16:48 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Ahead
[2010/03/10 23:13:47 | 000,479,752 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\XAudio2_0.dll
[2010/03/10 23:13:46 | 000,238,088 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\xactengine3_0.dll
[2010/03/10 23:13:44 | 000,025,608 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\X3DAudio1_3.dll
[2010/03/10 23:13:42 | 001,420,824 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\D3DCompiler_37.dll
[2010/03/10 23:13:42 | 000,462,864 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\d3dx10_37.dll
[2010/03/10 23:13:41 | 003,786,760 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\D3DX9_37.dll
[2010/03/10 22:40:42 | 000,155,648 | ---- | C] (Immersion Corporation) -- C:\WINDOWS\System32\ifc21.dll
[2010/03/10 22:40:42 | 000,094,208 | ---- | C] (Immersion Corporation) -- C:\WINDOWS\System32\FEELIT.DLL
[2010/03/10 22:40:41 | 000,104,960 | ---- | C] (Logitech Inc.) -- C:\WINDOWS\System32\COMNCTR.DLL
[2010/03/10 22:40:41 | 000,097,792 | ---- | C] (Logitech Inc.) -- C:\WINDOWS\System32\LGUICOM.DLL
[2010/03/10 22:40:41 | 000,016,896 | ---- | C] (Logitech, Inc.) -- C:\WINDOWS\System32\LMOUSE32.DLL
[2010/03/10 22:40:41 | 000,003,568 | ---- | C] (Logitech, Inc.) -- C:\WINDOWS\System32\LMOUSE16.DLL
[2010/03/10 22:40:41 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Logitech
[2010/03/10 22:40:37 | 000,000,000 | ---D | C] -- C:\Program Files\Logitech
[2010/03/10 22:40:36 | 000,152,064 | ---- | C] (Logitech Inc.) -- C:\WINDOWS\System32\lmoufrc.dll
[2010/03/10 22:40:36 | 000,070,798 | ---- | C] (Logitech, Inc.) -- C:\WINDOWS\System32\drivers\lmouflt2.sys
[2010/03/10 22:40:36 | 000,023,372 | ---- | C] (Logitech, Inc.) -- C:\WINDOWS\System32\LCOINST.DLL
[2010/03/10 22:40:36 | 000,019,968 | ---- | C] (Logitech Inc.) -- C:\WINDOWS\LOGI_MWX.EXE
[2010/03/10 22:40:35 | 000,051,486 | ---- | C] (Logitech, Inc.) -- C:\WINDOWS\System32\drivers\L8042PR2.SYS
[2010/03/10 22:40:35 | 000,037,884 | ---- | C] (Logitech, Inc.) -- C:\WINDOWS\System32\drivers\LHIDUSB.SYS
[2010/03/10 22:40:35 | 000,025,502 | ---- | C] (Logitech, Inc.) -- C:\WINDOWS\System32\drivers\LHIDFLT2.SYS
[2010/03/10 22:40:35 | 000,014,092 | ---- | C] (Logitech, Inc.) -- C:\WINDOWS\System32\drivers\LCCFLTR.SYS
[2010/03/10 22:37:45 | 000,012,160 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\mouhid.sys
[2010/03/10 14:50:21 | 003,558,912 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\moviemk.exe
[2009/10/21 22:11:10 | 000,425,984 | ---- | C] (Virgin HealthMiles Inc.) -- C:\Program Files\gozone_isync.exe
[2009/08/16 21:06:32 | 000,000,000 | ---D | M] -- C:\Documents and Settings\LocalService\Application Data\Roxio
[2009/07/31 17:00:51 | 000,000,000 | ---D | M] -- C:\Documents and Settings\NetworkService\Local Settings\Application Data\Microsoft
[2009/07/25 19:09:16 | 000,000,000 | ---D | M] -- C:\Documents and Settings\LocalService\Local Settings\Application Data\ICS
[2009/07/01 00:35:21 | 001,766,984 | ---- | C] (Blizzard Entertainment) -- C:\Program Files\TryWoW.exe
[2009/03/18 16:09:25 | 000,000,000 | ---D | M] -- C:\Documents and Settings\LocalService\Application Data\Xfire
[2009/03/15 17:01:57 | 000,000,000 | ---D | M] -- C:\Documents and Settings\NetworkService\Application Data\Xfire
[2008/12/27 13:12:14 | 000,204,496 | ---- | C] (Malwarebytes) -- C:\Program Files\StartUpLite.exe
[2008/08/23 13:04:15 | 000,355,840 | ---- | C] (Kurylo Dmytro aka KDI) -- C:\Program Files\Jawbreaker 1.10.exe
[2008/07/06 14:49:33 | 000,000,000 | ---D | M] -- C:\Documents and Settings\LocalService\Local Settings\Application Data\Microsoft
[2008/01/21 09:53:17 | 001,130,496 | ---- | C] (NVision Design, Inc.) -- C:\Program Files\Elf Bowling.exe
[2007/08/30 22:21:04 | 000,000,000 | ---D | M] -- C:\Documents and Settings\NetworkService\Local Settings\Application Data\Apple
[2007/06/07 14:26:41 | 000,398,912 | ---- | C] (Sysinternals - www.sysinternals.com) -- C:\Program Files\autoruns.exe
[2007/02/26 20:40:34 | 000,000,000 | --SD | M] -- C:\Documents and Settings\NetworkService\Application Data\Microsoft
[2007/02/26 20:40:34 | 000,000,000 | --SD | M] -- C:\Documents and Settings\LocalService\Application Data\Microsoft
[2005/02/09 23:14:21 | 000,000,000 | ---D | M] -- C:\Documents and Settings\LocalService\Application Data\McAfee.com Personal Firewall
[1980/01/01 02:00:00 | 000,065,536 | ---- | C] ( ) -- C:\WINDOWS\System32\A3d.dll

========== Files - Modified Within 30 Days ==========

[2010/04/04 13:44:49 | 000,154,469 | ---- | M] () -- C:\Documents and Settings\Brad\Desktop\tdsskiller.zip
[2010/04/04 13:40:47 | 015,728,640 | ---- | M] () -- C:\Documents and Settings\Brad\NTUSER.DAT
[2010/04/04 13:39:28 | 000,178,561 | ---- | M] () -- C:\WINDOWS\System32\nvapps.xml
[2010/04/04 13:38:33 | 000,002,206 | ---- | M] () -- C:\WINDOWS\System32\WPA.DBL
[2010/04/04 13:37:27 | 000,000,006 | -H-- | M] () -- C:\WINDOWS\tasks\SA.DAT
[2010/04/04 13:37:22 | 000,002,048 | --S- | M] () -- C:\WINDOWS\BOOTSTAT.DAT
[2010/04/04 13:37:20 | 2145,538,048 | -HS- | M] () -- C:\hiberfil.sys
[2010/04/04 13:36:19 | 000,000,278 | -HS- | M] () -- C:\Documents and Settings\Brad\NTUSER.INI
[2010/04/04 12:30:32 | 000,077,312 | ---- | M] () -- C:\Documents and Settings\Brad\Desktop\mbr.exe
[2010/04/04 12:14:50 | 000,561,664 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Brad\Desktop\OTL.exe
[2010/04/04 12:13:52 | 000,000,000 | ---- | M] () -- C:\Documents and Settings\Brad\Local Settings\Application Data\prvlcl.dat
[2010/04/04 11:22:11 | 000,001,314 | ---- | M] () -- C:\WINDOWS\WIN.INI
[2010/04/04 11:22:03 | 000,006,309 | ---- | M] () -- C:\Documents and Settings\Brad\Desktop\Attach.zip
[2010/04/04 10:54:09 | 000,000,000 | ---- | M] () -- C:\Documents and Settings\Brad\defogger_reenable
[2010/04/04 10:08:07 | 002,359,350 | ---- | M] () -- C:\Documents and Settings\Brad\Desktop\infection.bmp
[2010/04/04 09:44:09 | 000,284,915 | ---- | M] () -- C:\Documents and Settings\Brad\Desktop\gmer.zip
[2010/04/04 09:42:16 | 000,525,824 | ---- | M] () -- C:\Documents and Settings\Brad\Desktop\dds.scr
[2010/04/04 09:41:43 | 000,050,477 | ---- | M] () -- C:\Documents and Settings\Brad\Desktop\Defogger.exe
[2010/04/04 08:21:51 | 058,520,744 | ---- | M] () -- C:\WINDOWS\System32\drivers\Avg\incavi.avm
[2010/04/03 23:15:04 | 000,000,211 | ---- | M] () -- C:\Documents and Settings\Brad\Application Data\default.rss
[2010/04/03 23:14:22 | 000,000,069 | ---- | M] () -- C:\WINDOWS\NeroDigital.ini
[2010/04/02 06:57:26 | 000,575,862 | ---- | M] () -- C:\WINDOWS\System32\drivers\Avg\iavifw.avm
[2010/03/30 08:19:04 | 000,000,284 | ---- | M] () -- C:\WINDOWS\tasks\AppleSoftwareUpdate.job
[2010/03/30 00:46:30 | 000,038,224 | ---- | M] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbamswissarmy.sys
[2010/03/30 00:45:52 | 000,020,824 | ---- | M] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys
[2010/03/28 14:11:36 | 000,000,000 | ---- | M] () -- C:\Documents and Settings\Brad\Desktop\Nero-9.4.26.0_update.exe
[2010/03/27 15:29:28 | 000,001,548 | ---- | M] () -- C:\Documents and Settings\Brad\Desktop\CCleaner.lnk
[2010/03/26 17:05:40 | 000,002,839 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Nero BackItUp.lnk
[2010/03/24 17:33:12 | 213,816,312 | ---- | M] (Nero AG) -- C:\Documents and Settings\Brad\Desktop\Nero-9.4.26.0b_update(2).exe
[2010/03/23 21:38:20 | 000,000,072 | ---- | M] () -- C:\WINDOWS\SBWIN.INI
[2010/03/22 18:49:43 | 000,000,000 | ---- | M] () -- C:\Documents and Settings\Brad\Application Data\downloads.m3u
[2010/03/22 17:17:21 | 000,027,136 | ---- | M] () -- C:\Documents and Settings\Brad\My Documents\Daily jobs for boys.doc
[2010/03/21 15:53:40 | 000,330,688 | ---- | M] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2010/03/21 13:46:58 | 360,541,416 | ---- | M] (Nero AG) -- C:\Documents and Settings\Brad\Desktop\Nero_BackItUpAndBurn-1.2.17b.exe
[2010/03/21 13:41:03 | 000,101,368 | ---- | M] () -- C:\Documents and Settings\Brad\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
[2010/03/21 13:39:10 | 000,001,969 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Sony Ericsson Media Manager 1.2.lnk
[2010/03/21 13:24:22 | 000,002,007 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Adobe Photoshop Album Starter Edition 3.2.lnk
[2010/03/14 23:18:52 | 000,002,327 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Nero StartSmart.lnk
[2010/03/14 22:30:15 | 000,445,370 | ---- | M] () -- C:\WINDOWS\System32\PERFH009.DAT
[2010/03/14 22:30:15 | 000,072,576 | ---- | M] () -- C:\WINDOWS\System32\PERFC009.DAT
[2010/03/14 22:30:14 | 000,528,580 | ---- | M] () -- C:\WINDOWS\System32\PerfStringBackup.INI
[2010/03/10 22:41:18 | 000,081,920 | R--- | M] () -- C:\WINDOWS\bwUnin-6.1.4.61-8876480L.exe
[2010/03/10 21:26:35 | 000,001,324 | ---- | M] () -- C:\WINDOWS\System32\d3d9caps.dat
[2010/03/07 11:29:21 | 000,000,297 | ---- | M] () -- C:\Program Files\Jawbreak.svg

========== Files Created - No Company Name ==========

[2010/04/04 12:30:32 | 000,077,312 | ---- | C] () -- C:\Documents and Settings\Brad\Desktop\mbr.exe
[2010/04/04 11:22:03 | 000,006,309 | ---- | C] () -- C:\Documents and Settings\Brad\Desktop\Attach.zip
[2010/04/04 10:54:09 | 000,000,000 | ---- | C] () -- C:\Documents and Settings\Brad\defogger_reenable
[2010/04/04 10:08:07 | 002,359,350 | ---- | C] () -- C:\Documents and Settings\Brad\Desktop\infection.bmp
[2010/04/04 09:44:08 | 000,284,915 | ---- | C] () -- C:\Documents and Settings\Brad\Desktop\gmer.zip
[2010/04/04 09:42:16 | 000,525,824 | ---- | C] () -- C:\Documents and Settings\Brad\Desktop\dds.scr
[2010/04/04 09:41:37 | 000,050,477 | ---- | C] () -- C:\Documents and Settings\Brad\Desktop\Defogger.exe
[2010/03/28 14:11:36 | 000,000,000 | ---- | C] () -- C:\Documents and Settings\Brad\Desktop\Nero-9.4.26.0_update.exe
[2010/03/22 18:49:43 | 000,000,000 | ---- | C] () -- C:\Documents and Settings\Brad\Application Data\downloads.m3u
[2010/03/22 17:17:21 | 000,027,136 | ---- | C] () -- C:\Documents and Settings\Brad\My Documents\Daily jobs for boys.doc
[2010/03/21 15:59:19 | 000,002,839 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Nero BackItUp.lnk
[2010/03/21 13:39:10 | 000,001,969 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Sony Ericsson Media Manager 1.2.lnk
[2010/03/21 13:24:20 | 000,002,007 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Adobe Photoshop Album Starter Edition 3.2.lnk
[2010/03/14 23:18:52 | 000,002,327 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Nero StartSmart.lnk
[2010/03/10 23:17:36 | 2145,538,048 | -HS- | C] () -- C:\hiberfil.sys
[2010/03/10 23:08:25 | 000,186,407 | ---- | C] () -- C:\WINDOWS\System32\nvapps.nvb
[2010/03/10 22:41:18 | 000,081,920 | R--- | C] () -- C:\WINDOWS\bwUnin-6.1.4.61-8876480L.exe
[2010/02/13 19:18:41 | 000,110,592 | ---- | C] () -- C:\WINDOWS\System32\FsUsbExDevice.Dll
[2010/02/13 19:18:41 | 000,036,608 | ---- | C] () -- C:\WINDOWS\System32\FsUsbExDisk.Sys
[2010/02/13 19:18:27 | 000,002,528 | ---- | C] () -- C:\Documents and Settings\Brad\Application Data\$_hpcst$.hpc
[2010/01/05 18:50:25 | 000,000,000 | ---- | C] () -- C:\Documents and Settings\Brad\Local Settings\Application Data\prvlcl.dat
[2009/10/31 17:53:52 | 002,133,430 | ---- | C] () -- C:\Program Files\SharePod.zip
[2009/08/21 21:50:18 | 001,238,944 | ---- | C] () -- C:\Documents and Settings\LocalService\Local Settings\Application Data\FontCache3.0.0.0.dat
[2009/08/16 20:19:42 | 000,001,606 | ---- | C] () -- C:\WINDOWS\TVEpaDrv.ini
[2009/08/16 20:19:21 | 000,363,520 | ---- | C] () -- C:\WINDOWS\System32\PsisDecd.dll
[2009/07/18 13:55:26 | 000,019,504 | ---- | C] () -- C:\Documents and Settings\Brad\hs_err_pid3196.log
[2009/07/07 19:55:12 | 000,041,808 | ---- | C] () -- C:\WINDOWS\System32\xfcodec.dll
[2009/03/15 17:02:56 | 000,043,520 | ---- | C] () -- C:\WINDOWS\System32\CmdLineExt03.dll
[2009/01/23 09:06:26 | 000,000,211 | ---- | C] () -- C:\Documents and Settings\Brad\Application Data\default.rss
[2009/01/21 19:13:40 | 000,000,023 | ---- | C] () -- C:\WINDOWS\MixBKS.INI
[2009/01/19 01:04:04 | 000,004,757 | ---- | C] () -- C:\WINDOWS\Irremote.ini
[2008/08/23 13:04:23 | 000,000,297 | ---- | C] () -- C:\Program Files\Jawbreak.svg
[2008/07/04 00:07:15 | 000,000,000 | ---- | C] () -- C:\WINDOWS\mngui.INI
[2008/05/01 22:02:46 | 003,558,791 | ---- | C] () -- C:\Program Files\youtubedownloader.exe
[2008/03/23 17:59:38 | 000,000,069 | ---- | C] () -- C:\WINDOWS\NeroDigital.ini
[2008/03/23 17:57:48 | 000,000,136 | ---- | C] () -- C:\Documents and Settings\Brad\default.pls
[2008/02/11 10:39:26 | 000,253,952 | ---- | C] () -- C:\WINDOWS\System32\OnlineScannerDLLA.dll
[2008/02/11 10:39:18 | 000,237,568 | ---- | C] () -- C:\WINDOWS\System32\OnlineScannerDLLW.dll
[2008/02/08 14:53:46 | 000,110,592 | ---- | C] () -- C:\WINDOWS\System32\OnlineScannerLang.dll
[2007/12/24 15:49:29 | 000,000,000 | ---- | C] () -- C:\WINDOWS\hpqEmlSz.INI
[2007/12/24 15:18:26 | 000,002,135 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\hpzinstall.log
[2007/11/29 23:43:04 | 000,908,288 | ---- | C] () -- C:\WINDOWS\System32\libxml2_CW.dll
[2007/10/25 18:26:10 | 000,005,632 | ---- | C] () -- C:\WINDOWS\System32\drivers\StarOpen.sys
[2007/08/25 17:33:12 | 000,006,273 | ---- | C] () -- C:\Documents and Settings\Brad\_GEAREXT.WO_IDENT.TXT
[2007/07/27 15:49:02 | 000,225,355 | ---- | C] () -- C:\WINDOWS\System32\lnod32apiW.dll
[2007/07/27 15:49:02 | 000,196,683 | ---- | C] () -- C:\WINDOWS\System32\lnod32apiA.dll
[2007/03/24 18:47:52 | 000,151,552 | ---- | C] () -- C:\WINDOWS\System32\libexpat.dll
[2007/03/05 14:34:28 | 000,676,224 | ---- | C] () -- C:\WINDOWS\System32\OGACheckControl.DLL
[2006/11/24 23:10:02 | 000,003,654 | ---- | C] () -- C:\WINDOWS\System32\drivers\Sonyhcp.dll
[2006/11/07 21:14:13 | 000,001,365 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\QTSBandwidthCache
[2006/10/30 19:14:37 | 000,684,032 | ---- | C] () -- C:\WINDOWS\System32\libeay32.dll
[2006/10/30 19:14:36 | 000,155,648 | ---- | C] () -- C:\WINDOWS\System32\ssleay32.dll
[2006/08/21 22:25:41 | 000,000,215 | ---- | C] () -- C:\WINDOWS\CTWave32.ini
[2006/07/08 15:05:50 | 000,000,130 | ---- | C] () -- C:\WINDOWS\Z.ini
[2006/03/27 18:12:51 | 000,000,004 | ---- | C] () -- C:\WINDOWS\msoffice.ini
[2006/03/16 21:46:39 | 000,197,120 | ---- | C] () -- C:\WINDOWS\patchw32.dll
[2006/01/13 21:31:19 | 000,000,028 | ---- | C] () -- C:\WINDOWS\atid.ini
[2006/01/12 20:06:31 | 000,034,475 | ---- | C] () -- C:\WINDOWS\cdPlayer.ini
[2006/01/10 18:35:47 | 000,006,048 | ---- | C] () -- C:\WINDOWS\System32\MCC16.dll
[2005/12/27 18:43:22 | 000,000,104 | ---- | C] () -- C:\Documents and Settings\Brad\LgDSetup.log
[2005/12/09 12:32:37 | 000,016,973 | ---- | C] () -- C:\WINDOWS\System32\ZWebAuth.dll
[2005/12/05 20:25:22 | 000,139,264 | ---- | C] () -- C:\WINDOWS\System32\lnod32umc.dll
[2005/12/05 13:37:10 | 000,106,496 | ---- | C] () -- C:\WINDOWS\System32\lnod32upd.dll
[2005/11/24 18:32:06 | 000,684,032 | ---- | C] () -- C:\WINDOWS\libeay32.dll
[2005/11/24 18:32:06 | 000,155,648 | ---- | C] () -- C:\WINDOWS\ssleay32.dll
[2005/09/21 20:32:51 | 000,000,086 | ---- | C] () -- C:\WINDOWS\webica.ini
[2005/07/20 22:07:00 | 001,703,936 | ---- | C] () -- C:\WINDOWS\System32\nvwdmcpl.dll
[2005/07/20 22:07:00 | 001,486,848 | ---- | C] () -- C:\WINDOWS\System32\nview.dll
[2005/07/20 22:07:00 | 001,019,904 | ---- | C] () -- C:\WINDOWS\System32\nvwimg.dll
[2005/07/20 22:07:00 | 000,540,672 | ---- | C] () -- C:\WINDOWS\System32\nvhwvid.dll
[2005/07/20 22:07:00 | 000,466,944 | ---- | C] () -- C:\WINDOWS\System32\nvshell.dll
[2005/07/20 22:07:00 | 000,286,720 | ---- | C] () -- C:\WINDOWS\System32\nvnt4cpl.dll
[2005/06/24 14:50:59 | 000,000,865 | ---- | C] () -- C:\WINDOWS\hegames.ini
[2005/06/21 12:07:45 | 000,000,478 | ---- | C] () -- C:\WINDOWS\iScreensaver.ini
[2005/05/09 15:15:59 | 000,000,035 | ---- | C] () -- C:\WINDOWS\A6W.INI
[2005/05/01 19:09:56 | 000,000,132 | ---- | C] () -- C:\WINDOWS\Tiny_Run.ini
[2005/02/23 00:32:55 | 000,121,856 | ---- | C] () -- C:\Documents and Settings\Brad\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2005/02/13 19:24:03 | 000,000,000 | ---- | C] () -- C:\WINDOWS\SETUP32.INI
[2005/02/13 01:40:30 | 000,000,127 | ---- | C] () -- C:\Documents and Settings\Brad\Local Settings\Application Data\fusioncache.dat
[2005/02/10 21:38:05 | 000,000,916 | ---- | C] () -- C:\WINDOWS\dellstat.ini
[2005/02/09 23:13:30 | 015,728,640 | ---- | C] () -- C:\Documents and Settings\Brad\NTUSER.DAT
[2005/02/09 23:13:30 | 000,001,024 | -H-- | C] () -- C:\Documents and Settings\Brad\ntuser.dat.LOG
[2005/02/09 23:13:30 | 000,000,278 | -HS- | C] () -- C:\Documents and Settings\Brad\NTUSER.INI
[2005/02/09 23:12:21 | 000,262,144 | ---- | C] () -- C:\Documents and Settings\All Users\NTUSER.DAT
[2005/02/09 23:12:21 | 000,001,024 | -H-- | C] () -- C:\Documents and Settings\All Users\NTUSER.DAT.LOG
[2005/02/06 12:14:39 | 000,000,061 | ---- | C] () -- C:\WINDOWS\smscfg.ini
[2005/02/06 12:08:15 | 000,000,452 | ---- | C] () -- C:\WINDOWS\wininit.ini
[2005/02/06 12:05:08 | 000,000,376 | ---- | C] () -- C:\WINDOWS\ODBC.INI
[2005/02/06 12:02:52 | 000,000,231 | ---- | C] () -- C:\WINDOWS\AC3API.INI
[2005/02/06 12:02:41 | 000,003,278 | ---- | C] () -- C:\WINDOWS\System32\LudaP17.ini
[2005/02/06 12:02:41 | 000,000,029 | ---- | C] () -- C:\WINDOWS\System32\ctzapxx.ini
[2005/02/06 12:02:35 | 000,000,072 | ---- | C] () -- C:\WINDOWS\SBWIN.INI
[2005/02/06 11:32:36 | 000,000,519 | ---- | C] () -- C:\WINDOWS\System32\OEMINFO.INI
[2004/09/16 00:03:14 | 000,000,000 | ---- | C] () -- C:\WINDOWS\System32\px.ini
[2004/09/01 17:35:06 | 000,000,254 | ---- | C] () -- C:\WINDOWS\System32\DLBUPLC.INI
[2004/08/10 15:13:12 | 000,000,882 | ---- | C] () -- C:\WINDOWS\ORUN32.INI
[2003/03/27 17:28:44 | 000,004,955 | ---- | C] () -- C:\WINDOWS\System32\DProg.ini
[2003/01/07 17:05:08 | 000,002,695 | ---- | C] () -- C:\WINDOWS\System32\OUTLPERF.INI
[2000/04/12 15:24:10 | 000,338,944 | ---- | C] () -- C:\WINDOWS\System32\LFFPX7.DLL
[2000/04/11 20:44:56 | 000,085,504 | ---- | C] () -- C:\WINDOWS\System32\lame_enc.dll
[1999/01/27 14:39:06 | 000,065,024 | ---- | C] () -- C:\WINDOWS\System32\indounin.dll
[1997/09/30 14:30:02 | 000,122,880 | ---- | C] () -- C:\WINDOWS\System32\LFKODAK.DLL
[1997/06/13 08:56:08 | 000,056,832 | ---- | C] () -- C:\WINDOWS\System32\Iyvu9_32.dll
[1980/01/01 02:00:00 | 000,060,928 | ---- | C] () -- C:\WINDOWS\System32\P17.dll
[1980/01/01 02:00:00 | 000,053,248 | ---- | C] () -- C:\WINDOWS\System32\P17CPI.dll
[1980/01/01 02:00:00 | 000,012,288 | ---- | C] () -- C:\WINDOWS\System32\e100bmsg.dll

========== Alternate Data Streams ==========

@Alternate Data Stream - 88 bytes -> C:\Program Files\gozone_isync.exe:SummaryInformation
@Alternate Data Stream - 133 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:588B60C7
@Alternate Data Stream - 132 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:5EC637CB
@Alternate Data Stream - 125 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:5C321E34
< End of report >


TDSSKiller:

13:47:09:171 5484 TDSS rootkit removing tool 2.2.8.1 Mar 22 2010 10:43:04
13:47:09:171 5484 ================================================================================
13:47:09:171 5484 SystemInfo:

13:47:09:171 5484 OS Version: 5.1.2600 ServicePack: 3.0
13:47:09:171 5484 Product type: Workstation
13:47:09:171 5484 ComputerName: DEBRAD
13:47:09:171 5484 UserName: Brad
13:47:09:171 5484 Windows directory: C:\WINDOWS
13:47:09:171 5484 Processor architecture: Intel x86
13:47:09:171 5484 Number of processors: 2
13:47:09:171 5484 Page size: 0x1000
13:47:09:171 5484 Boot type: Normal boot
13:47:09:171 5484 ================================================================================
13:47:09:187 5484 UnloadDriverW: NtUnloadDriver error 2
13:47:09:187 5484 ForceUnloadDriverW: UnloadDriverW(klmd21) error 2
13:47:09:265 5484 wfopen_ex: Trying to open file C:\WINDOWS\system32\config\system
13:47:09:265 5484 wfopen_ex: MyNtCreateFileW error 32 (C0000043)
13:47:09:265 5484 wfopen_ex: Trying to KLMD file open
13:47:09:265 5484 wfopen_ex: File opened ok (Flags 2)
13:47:09:265 5484 wfopen_ex: Trying to open file C:\WINDOWS\system32\config\software
13:47:09:265 5484 wfopen_ex: MyNtCreateFileW error 32 (C0000043)
13:47:09:281 5484 wfopen_ex: Trying to KLMD file open
13:47:09:281 5484 wfopen_ex: File opened ok (Flags 2)
13:47:09:281 5484 Initialize success
13:47:09:281 5484
13:47:09:281 5484 Scanning Services ...
13:47:09:656 5484 Raw services enum returned 475 services
13:47:09:671 5484
13:47:09:671 5484 Scanning Kernel memory ...
13:47:09:671 5484 Devices to scan: 11
13:47:09:671 5484
13:47:09:671 5484 Driver Name: Disk
13:47:09:671 5484 IRP_MJ_CREATE : F76BDBB0
13:47:09:671 5484 IRP_MJ_CREATE_NAMED_PIPE : 804F9759
13:47:09:671 5484 IRP_MJ_CLOSE : F76BDBB0
13:47:09:671 5484 IRP_MJ_READ : F76B7D1F
13:47:09:671 5484 IRP_MJ_WRITE : F76B7D1F
13:47:09:671 5484 IRP_MJ_QUERY_INFORMATION : 804F9759
13:47:09:671 5484 IRP_MJ_SET_INFORMATION : 804F9759
13:47:09:671 5484 IRP_MJ_QUERY_EA : 804F9759
13:47:09:671 5484 IRP_MJ_SET_EA : 804F9759
13:47:09:671 5484 IRP_MJ_FLUSH_BUFFERS : F76B82E2
13:47:09:671 5484 IRP_MJ_QUERY_VOLUME_INFORMATION : 804F9759
13:47:09:671 5484 IRP_MJ_SET_VOLUME_INFORMATION : 804F9759
13:47:09:671 5484 IRP_MJ_DIRECTORY_CONTROL : 804F9759
13:47:09:671 5484 IRP_MJ_FILE_SYSTEM_CONTROL : 804F9759
13:47:09:671 5484 IRP_MJ_DEVICE_CONTROL : F76B83BB
13:47:09:671 5484 IRP_MJ_INTERNAL_DEVICE_CONTROL : F76BBF28
13:47:09:671 5484 IRP_MJ_SHUTDOWN : F76B82E2
13:47:09:671 5484 IRP_MJ_LOCK_CONTROL : 804F9759
13:47:09:671 5484 IRP_MJ_CLEANUP : 804F9759
13:47:09:671 5484 IRP_MJ_CREATE_MAILSLOT : 804F9759
13:47:09:671 5484 IRP_MJ_QUERY_SECURITY : 804F9759
13:47:09:671 5484 IRP_MJ_SET_SECURITY : 804F9759
13:47:09:671 5484 IRP_MJ_POWER : F76B9C82
13:47:09:671 5484 IRP_MJ_SYSTEM_CONTROL : F76BE99E
13:47:09:671 5484 IRP_MJ_DEVICE_CHANGE : 804F9759
13:47:09:671 5484 IRP_MJ_QUERY_QUOTA : 804F9759
13:47:09:671 5484 IRP_MJ_SET_QUOTA : 804F9759
13:47:09:718 5484 C:\WINDOWS\system32\DRIVERS\disk.sys - Verdict: 1
13:47:09:718 5484
13:47:09:718 5484 Driver Name: USBSTOR
13:47:09:718 5484 IRP_MJ_CREATE : B3A22218
13:47:09:718 5484 IRP_MJ_CREATE_NAMED_PIPE : 804F9759
13:47:09:718 5484 IRP_MJ_CLOSE : B3A22218
13:47:09:718 5484 IRP_MJ_READ : B3A2223C
13:47:09:718 5484 IRP_MJ_WRITE : B3A2223C
13:47:09:718 5484 IRP_MJ_QUERY_INFORMATION : 804F9759
13:47:09:718 5484 IRP_MJ_SET_INFORMATION : 804F9759
13:47:09:718 5484 IRP_MJ_QUERY_EA : 804F9759
13:47:09:718 5484 IRP_MJ_SET_EA : 804F9759
13:47:09:718 5484 IRP_MJ_FLUSH_BUFFERS : 804F9759
13:47:09:718 5484 IRP_MJ_QUERY_VOLUME_INFORMATION : 804F9759
13:47:09:718 5484 IRP_MJ_SET_VOLUME_INFORMATION : 804F9759
13:47:09:718 5484 IRP_MJ_DIRECTORY_CONTROL : 804F9759
13:47:09:718 5484 IRP_MJ_FILE_SYSTEM_CONTROL : 804F9759
13:47:09:718 5484 IRP_MJ_DEVICE_CONTROL : B3A22180
13:47:09:718 5484 IRP_MJ_INTERNAL_DEVICE_CONTROL : B3A1D9E6
13:47:09:718 5484 IRP_MJ_SHUTDOWN : 804F9759
13:47:09:718 5484 IRP_MJ_LOCK_CONTROL : 804F9759
13:47:09:718 5484 IRP_MJ_CLEANUP : 804F9759
13:47:09:718 5484 IRP_MJ_CREATE_MAILSLOT : 804F9759
13:47:09:718 5484 IRP_MJ_QUERY_SECURITY : 804F9759
13:47:09:718 5484 IRP_MJ_SET_SECURITY : 804F9759
13:47:09:718 5484 IRP_MJ_POWER : B3A215F0
13:47:09:718 5484 IRP_MJ_SYSTEM_CONTROL : B3A1FA6E
13:47:09:718 5484 IRP_MJ_DEVICE_CHANGE : 804F9759
13:47:09:718 5484 IRP_MJ_QUERY_QUOTA : 804F9759
13:47:09:718 5484 IRP_MJ_SET_QUOTA : 804F9759
13:47:09:718 5484 C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS - Verdict: 1
13:47:09:718 5484
13:47:09:718 5484 Driver Name: Disk
13:47:09:718 5484 IRP_MJ_CREATE : F76BDBB0
13:47:09:718 5484 IRP_MJ_CREATE_NAMED_PIPE : 804F9759
13:47:09:718 5484 IRP_MJ_CLOSE : F76BDBB0
13:47:09:718 5484 IRP_MJ_READ : F76B7D1F
13:47:09:718 5484 IRP_MJ_WRITE : F76B7D1F
13:47:09:718 5484 IRP_MJ_QUERY_INFORMATION : 804F9759
13:47:09:718 5484 IRP_MJ_SET_INFORMATION : 804F9759
13:47:09:718 5484 IRP_MJ_QUERY_EA : 804F9759
13:47:09:718 5484 IRP_MJ_SET_EA : 804F9759
13:47:09:718 5484 IRP_MJ_FLUSH_BUFFERS : F76B82E2
13:47:09:718 5484 IRP_MJ_QUERY_VOLUME_INFORMATION : 804F9759
13:47:09:718 5484 IRP_MJ_SET_VOLUME_INFORMATION : 804F9759
13:47:09:718 5484 IRP_MJ_DIRECTORY_CONTROL : 804F9759
13:47:09:718 5484 IRP_MJ_FILE_SYSTEM_CONTROL : 804F9759
13:47:09:718 5484 IRP_MJ_DEVICE_CONTROL : F76B83BB
13:47:09:718 5484 IRP_MJ_INTERNAL_DEVICE_CONTROL : F76BBF28
13:47:09:718 5484 IRP_MJ_SHUTDOWN : F76B82E2
13:47:09:718 5484 IRP_MJ_LOCK_CONTROL : 804F9759
13:47:09:718 5484 IRP_MJ_CLEANUP : 804F9759
13:47:09:718 5484 IRP_MJ_CREATE_MAILSLOT : 804F9759
13:47:09:718 5484 IRP_MJ_QUERY_SECURITY : 804F9759
13:47:09:718 5484 IRP_MJ_SET_SECURITY : 804F9759
13:47:09:718 5484 IRP_MJ_POWER : F76B9C82
13:47:09:718 5484 IRP_MJ_SYSTEM_CONTROL : F76BE99E
13:47:09:718 5484 IRP_MJ_DEVICE_CHANGE : 804F9759
13:47:09:718 5484 IRP_MJ_QUERY_QUOTA : 804F9759
13:47:09:718 5484 IRP_MJ_SET_QUOTA : 804F9759
13:47:09:718 5484 C:\WINDOWS\system32\DRIVERS\disk.sys - Verdict: 1
13:47:09:718 5484
13:47:09:718 5484 Driver Name: Disk
13:47:09:718 5484 IRP_MJ_CREATE : F76BDBB0
13:47:09:718 5484 IRP_MJ_CREATE_NAMED_PIPE : 804F9759
13:47:09:718 5484 IRP_MJ_CLOSE : F76BDBB0
13:47:09:718 5484 IRP_MJ_READ : F76B7D1F
13:47:09:718 5484 IRP_MJ_WRITE : F76B7D1F
13:47:09:718 5484 IRP_MJ_QUERY_INFORMATION : 804F9759
13:47:09:718 5484 IRP_MJ_SET_INFORMATION : 804F9759
13:47:09:718 5484 IRP_MJ_QUERY_EA : 804F9759
13:47:09:718 5484 IRP_MJ_SET_EA : 804F9759
13:47:09:718 5484 IRP_MJ_FLUSH_BUFFERS : F76B82E2
13:47:09:718 5484 IRP_MJ_QUERY_VOLUME_INFORMATION : 804F9759
13:47:09:718 5484 IRP_MJ_SET_VOLUME_INFORMATION : 804F9759
13:47:09:718 5484 IRP_MJ_DIRECTORY_CONTROL : 804F9759
13:47:09:718 5484 IRP_MJ_FILE_SYSTEM_CONTROL : 804F9759
13:47:09:718 5484 IRP_MJ_DEVICE_CONTROL : F76B83BB
13:47:09:718 5484 IRP_MJ_INTERNAL_DEVICE_CONTROL : F76BBF28
13:47:09:718 5484 IRP_MJ_SHUTDOWN : F76B82E2
13:47:09:718 5484 IRP_MJ_LOCK_CONTROL : 804F9759
13:47:09:718 5484 IRP_MJ_CLEANUP : 804F9759
13:47:09:718 5484 IRP_MJ_CREATE_MAILSLOT : 804F9759
13:47:09:718 5484 IRP_MJ_QUERY_SECURITY : 804F9759
13:47:09:718 5484 IRP_MJ_SET_SECURITY : 804F9759
13:47:09:718 5484 IRP_MJ_POWER : F76B9C82
13:47:09:718 5484 IRP_MJ_SYSTEM_CONTROL : F76BE99E
13:47:09:718 5484 IRP_MJ_DEVICE_CHANGE : 804F9759
13:47:09:718 5484 IRP_MJ_QUERY_QUOTA : 804F9759
13:47:09:718 5484 IRP_MJ_SET_QUOTA : 804F9759
13:47:09:734 5484 C:\WINDOWS\system32\DRIVERS\disk.sys - Verdict: 1
13:47:09:734 5484
13:47:09:734 5484 Driver Name: Disk
13:47:09:734 5484 IRP_MJ_CREATE : F76BDBB0
13:47:09:734 5484 IRP_MJ_CREATE_NAMED_PIPE : 804F9759
13:47:09:734 5484 IRP_MJ_CLOSE : F76BDBB0
13:47:09:734 5484 IRP_MJ_READ : F76B7D1F
13:47:09:734 5484 IRP_MJ_WRITE : F76B7D1F
13:47:09:734 5484 IRP_MJ_QUERY_INFORMATION : 804F9759
13:47:09:734 5484 IRP_MJ_SET_INFORMATION : 804F9759
13:47:09:734 5484 IRP_MJ_QUERY_EA : 804F9759
13:47:09:734 5484 IRP_MJ_SET_EA : 804F9759
13:47:09:734 5484 IRP_MJ_FLUSH_BUFFERS : F76B82E2
13:47:09:734 5484 IRP_MJ_QUERY_VOLUME_INFORMATION : 804F9759
13:47:09:734 5484 IRP_MJ_SET_VOLUME_INFORMATION : 804F9759
13:47:09:734 5484 IRP_MJ_DIRECTORY_CONTROL : 804F9759
13:47:09:734 5484 IRP_MJ_FILE_SYSTEM_CONTROL : 804F9759
13:47:09:734 5484 IRP_MJ_DEVICE_CONTROL : F76B83BB
13:47:09:734 5484 IRP_MJ_INTERNAL_DEVICE_CONTROL : F76BBF28
13:47:09:734 5484 IRP_MJ_SHUTDOWN : F76B82E2
13:47:09:734 5484 IRP_MJ_LOCK_CONTROL : 804F9759
13:47:09:734 5484 IRP_MJ_CLEANUP : 804F9759
13:47:09:734 5484 IRP_MJ_CREATE_MAILSLOT : 804F9759
13:47:09:734 5484 IRP_MJ_QUERY_SECURITY : 804F9759
13:47:09:734 5484 IRP_MJ_SET_SECURITY : 804F9759
13:47:09:734 5484 IRP_MJ_POWER : F76B9C82
13:47:09:734 5484 IRP_MJ_SYSTEM_CONTROL : F76BE99E
13:47:09:734 5484 IRP_MJ_DEVICE_CHANGE : 804F9759
13:47:09:734 5484 IRP_MJ_QUERY_QUOTA : 804F9759
13:47:09:734 5484 IRP_MJ_SET_QUOTA : 804F9759
13:47:09:734 5484 C:\WINDOWS\system32\DRIVERS\disk.sys - Verdict: 1
13:47:09:734 5484
13:47:09:734 5484 Driver Name: Disk
13:47:09:734 5484 IRP_MJ_CREATE : F76BDBB0
13:47:09:734 5484 IRP_MJ_CREATE_NAMED_PIPE : 804F9759
13:47:09:734 5484 IRP_MJ_CLOSE : F76BDBB0
13:47:09:734 5484 IRP_MJ_READ : F76B7D1F
13:47:09:734 5484 IRP_MJ_WRITE : F76B7D1F
13:47:09:734 5484 IRP_MJ_QUERY_INFORMATION : 804F9759
13:47:09:734 5484 IRP_MJ_SET_INFORMATION : 804F9759
13:47:09:734 5484 IRP_MJ_QUERY_EA : 804F9759
13:47:09:734 5484 IRP_MJ_SET_EA : 804F9759
13:47:09:734 5484 IRP_MJ_FLUSH_BUFFERS : F76B82E2
13:47:09:734 5484 IRP_MJ_QUERY_VOLUME_INFORMATION : 804F9759
13:47:09:734 5484 IRP_MJ_SET_VOLUME_INFORMATION : 804F9759
13:47:09:734 5484 IRP_MJ_DIRECTORY_CONTROL : 804F9759
13:47:09:734 5484 IRP_MJ_FILE_SYSTEM_CONTROL : 804F9759
13:47:09:734 5484 IRP_MJ_DEVICE_CONTROL : F76B83BB
13:47:09:734 5484 IRP_MJ_INTERNAL_DEVICE_CONTROL : F76BBF28
13:47:09:734 5484 IRP_MJ_SHUTDOWN : F76B82E2
13:47:09:734 5484 IRP_MJ_LOCK_CONTROL : 804F9759
13:47:09:734 5484 IRP_MJ_CLEANUP : 804F9759
13:47:09:734 5484 IRP_MJ_CREATE_MAILSLOT : 804F9759
13:47:09:734 5484 IRP_MJ_QUERY_SECURITY : 804F9759
13:47:09:734 5484 IRP_MJ_SET_SECURITY : 804F9759
13:47:09:734 5484 IRP_MJ_POWER : F76B9C82
13:47:09:734 5484 IRP_MJ_SYSTEM_CONTROL : F76BE99E
13:47:09:734 5484 IRP_MJ_DEVICE_CHANGE : 804F9759
13:47:09:734 5484 IRP_MJ_QUERY_QUOTA : 804F9759
13:47:09:734 5484 IRP_MJ_SET_QUOTA : 804F9759
13:47:09:734 5484 C:\WINDOWS\system32\DRIVERS\disk.sys - Verdict: 1
13:47:09:734 5484
13:47:09:734 5484 Driver Name: Disk
13:47:09:734 5484 IRP_MJ_CREATE : F76BDBB0
13:47:09:734 5484 IRP_MJ_CREATE_NAMED_PIPE : 804F9759
13:47:09:734 5484 IRP_MJ_CLOSE : F76BDBB0
13:47:09:734 5484 IRP_MJ_READ : F76B7D1F
13:47:09:734 5484 IRP_MJ_WRITE : F76B7D1F
13:47:09:734 5484 IRP_MJ_QUERY_INFORMATION : 804F9759
13:47:09:734 5484 IRP_MJ_SET_INFORMATION : 804F9759
13:47:09:734 5484 IRP_MJ_QUERY_EA : 804F9759
13:47:09:734 5484 IRP_MJ_SET_EA : 804F9759
13:47:09:734 5484 IRP_MJ_FLUSH_BUFFERS : F76B82E2
13:47:09:734 5484 IRP_MJ_QUERY_VOLUME_INFORMATION : 804F9759
13:47:09:734 5484 IRP_MJ_SET_VOLUME_INFORMATION : 804F9759
13:47:09:734 5484 IRP_MJ_DIRECTORY_CONTROL : 804F9759
13:47:09:734 5484 IRP_MJ_FILE_SYSTEM_CONTROL : 804F9759
13:47:09:734 5484 IRP_MJ_DEVICE_CONTROL : F76B83BB
13:47:09:734 5484 IRP_MJ_INTERNAL_DEVICE_CONTROL : F76BBF28
13:47:09:734 5484 IRP_MJ_SHUTDOWN : F76B82E2
13:47:09:734 5484 IRP_MJ_LOCK_CONTROL : 804F9759
13:47:09:734 5484 IRP_MJ_CLEANUP : 804F9759
13:47:09:734 5484 IRP_MJ_CREATE_MAILSLOT : 804F9759
13:47:09:734 5484 IRP_MJ_QUERY_SECURITY : 804F9759
13:47:09:734 5484 IRP_MJ_SET_SECURITY : 804F9759
13:47:09:734 5484 IRP_MJ_POWER : F76B9C82
13:47:09:734 5484 IRP_MJ_SYSTEM_CONTROL : F76BE99E
13:47:09:734 5484 IRP_MJ_DEVICE_CHANGE : 804F9759
13:47:09:734 5484 IRP_MJ_QUERY_QUOTA : 804F9759
13:47:09:734 5484 IRP_MJ_SET_QUOTA : 804F9759
13:47:09:734 5484 C:\WINDOWS\system32\DRIVERS\disk.sys - Verdict: 1
13:47:09:734 5484
13:47:09:734 5484 Driver Name: Disk
13:47:09:734 5484 IRP_MJ_CREATE : F76BDBB0
13:47:09:734 5484 IRP_MJ_CREATE_NAMED_PIPE : 804F9759
13:47:09:734 5484 IRP_MJ_CLOSE : F76BDBB0
13:47:09:734 5484 IRP_MJ_READ : F76B7D1F
13:47:09:734 5484 IRP_MJ_WRITE : F76B7D1F
13:47:09:734 5484 IRP_MJ_QUERY_INFORMATION : 804F9759
13:47:09:734 5484 IRP_MJ_SET_INFORMATION : 804F9759
13:47:09:734 5484 IRP_MJ_QUERY_EA : 804F9759
13:47:09:734 5484 IRP_MJ_SET_EA : 804F9759
13:47:09:734 5484 IRP_MJ_FLUSH_BUFFERS : F76B82E2
13:47:09:734 5484 IRP_MJ_QUERY_VOLUME_INFORMATION : 804F9759
13:47:09:734 5484 IRP_MJ_SET_VOLUME_INFORMATION : 804F9759
13:47:09:734 5484 IRP_MJ_DIRECTORY_CONTROL : 804F9759
13:47:09:734 5484 IRP_MJ_FILE_SYSTEM_CONTROL : 804F9759
13:47:09:734 5484 IRP_MJ_DEVICE_CONTROL : F76B83BB
13:47:09:734 5484 IRP_MJ_INTERNAL_DEVICE_CONTROL : F76BBF28
13:47:09:734 5484 IRP_MJ_SHUTDOWN : F76B82E2
13:47:09:734 5484 IRP_MJ_LOCK_CONTROL : 804F9759
13:47:09:734 5484 IRP_MJ_CLEANUP : 804F9759
13:47:09:734 5484 IRP_MJ_CREATE_MAILSLOT : 804F9759
13:47:09:734 5484 IRP_MJ_QUERY_SECURITY : 804F9759
13:47:09:734 5484 IRP_MJ_SET_SECURITY : 804F9759
13:47:09:734 5484 IRP_MJ_POWER : F76B9C82
13:47:09:734 5484 IRP_MJ_SYSTEM_CONTROL : F76BE99E
13:47:09:734 5484 IRP_MJ_DEVICE_CHANGE : 804F9759
13:47:09:734 5484 IRP_MJ_QUERY_QUOTA : 804F9759
13:47:09:750 5484 IRP_MJ_SET_QUOTA : 804F9759
13:47:09:750 5484 C:\WINDOWS\system32\DRIVERS\disk.sys - Verdict: 1
13:47:09:750 5484
13:47:09:750 5484 Driver Name: Disk
13:47:09:750 5484 IRP_MJ_CREATE : F76BDBB0
13:47:09:750 5484 IRP_MJ_CREATE_NAMED_PIPE : 804F9759
13:47:09:750 5484 IRP_MJ_CLOSE : F76BDBB0
13:47:09:750 5484 IRP_MJ_READ : F76B7D1F
13:47:09:750 5484 IRP_MJ_WRITE : F76B7D1F
13:47:09:750 5484 IRP_MJ_QUERY_INFORMATION : 804F9759
13:47:09:750 5484 IRP_MJ_SET_INFORMATION : 804F9759
13:47:09:750 5484 IRP_MJ_QUERY_EA : 804F9759
13:47:09:750 5484 IRP_MJ_SET_EA : 804F9759
13:47:09:750 5484 IRP_MJ_FLUSH_BUFFERS : F76B82E2
13:47:09:750 5484 IRP_MJ_QUERY_VOLUME_INFORMATION : 804F9759
13:47:09:750 5484 IRP_MJ_SET_VOLUME_INFORMATION : 804F9759
13:47:09:750 5484 IRP_MJ_DIRECTORY_CONTROL : 804F9759
13:47:09:750 5484 IRP_MJ_FILE_SYSTEM_CONTROL : 804F9759
13:47:09:750 5484 IRP_MJ_DEVICE_CONTROL : F76B83BB
13:47:09:750 5484 IRP_MJ_INTERNAL_DEVICE_CONTROL : F76BBF28
13:47:09:750 5484 IRP_MJ_SHUTDOWN : F76B82E2
13:47:09:750 5484 IRP_MJ_LOCK_CONTROL : 804F9759
13:47:09:750 5484 IRP_MJ_CLEANUP : 804F9759
13:47:09:750 5484 IRP_MJ_CREATE_MAILSLOT : 804F9759
13:47:09:750 5484 IRP_MJ_QUERY_SECURITY : 804F9759
13:47:09:750 5484 IRP_MJ_SET_SECURITY : 804F9759
13:47:09:750 5484 IRP_MJ_POWER : F76B9C82
13:47:09:750 5484 IRP_MJ_SYSTEM_CONTROL : F76BE99E
13:47:09:750 5484 IRP_MJ_DEVICE_CHANGE : 804F9759
13:47:09:750 5484 IRP_MJ_QUERY_QUOTA : 804F9759
13:47:09:750 5484 IRP_MJ_SET_QUOTA : 804F9759
13:47:09:750 5484 C:\WINDOWS\system32\DRIVERS\disk.sys - Verdict: 1
13:47:09:750 5484
13:47:09:750 5484 Driver Name: atapi
13:47:09:750 5484 IRP_MJ_CREATE : F74B26F2
13:47:09:750 5484 IRP_MJ_CREATE_NAMED_PIPE : 804F9759
13:47:09:750 5484 IRP_MJ_CLOSE : F74B26F2
13:47:09:750 5484 IRP_MJ_READ : 804F9759
13:47:09:750 5484 IRP_MJ_WRITE : 804F9759
13:47:09:750 5484 IRP_MJ_QUERY_INFORMATION : 804F9759
13:47:09:750 5484 IRP_MJ_SET_INFORMATION : 804F9759
13:47:09:750 5484 IRP_MJ_QUERY_EA : 804F9759
13:47:09:750 5484 IRP_MJ_SET_EA : 804F9759
13:47:09:750 5484 IRP_MJ_FLUSH_BUFFERS : 804F9759
13:47:09:750 5484 IRP_MJ_QUERY_VOLUME_INFORMATION : 804F9759
13:47:09:750 5484 IRP_MJ_SET_VOLUME_INFORMATION : 804F9759
13:47:09:750 5484 IRP_MJ_DIRECTORY_CONTROL : 804F9759
13:47:09:750 5484 IRP_MJ_FILE_SYSTEM_CONTROL : 804F9759
13:47:09:750 5484 IRP_MJ_DEVICE_CONTROL : F74B2712
13:47:09:750 5484 IRP_MJ_INTERNAL_DEVICE_CONTROL : F74AE852
13:47:09:750 5484 IRP_MJ_SHUTDOWN : 804F9759
13:47:09:750 5484 IRP_MJ_LOCK_CONTROL : 804F9759
13:47:09:750 5484 IRP_MJ_CLEANUP : 804F9759
13:47:09:750 5484 IRP_MJ_CREATE_MAILSLOT : 804F9759
13:47:09:750 5484 IRP_MJ_QUERY_SECURITY : 804F9759
13:47:09:750 5484 IRP_MJ_SET_SECURITY : 804F9759
13:47:09:750 5484 IRP_MJ_POWER : F74B273C
13:47:09:750 5484 IRP_MJ_SYSTEM_CONTROL : F74B9336
13:47:09:750 5484 IRP_MJ_DEVICE_CHANGE : 804F9759
13:47:09:750 5484 IRP_MJ_QUERY_QUOTA : 804F9759
13:47:09:750 5484 IRP_MJ_SET_QUOTA : 804F9759
13:47:09:750 5484 C:\WINDOWS\system32\DRIVERS\atapi.sys - Verdict: 1
13:47:09:750 5484
13:47:09:750 5484 Driver Name: atapi
13:47:09:750 5484 IRP_MJ_CREATE : 8AFE8D6B
13:47:09:750 5484 IRP_MJ_CREATE_NAMED_PIPE : 8AFE8D6B
13:47:09:750 5484 IRP_MJ_CLOSE : 8AFE8D6B
13:47:09:750 5484 IRP_MJ_READ : 8AFE8D6B
13:47:09:750 5484 IRP_MJ_WRITE : 8AFE8D6B
13:47:09:750 5484 IRP_MJ_QUERY_INFORMATION : 8AFE8D6B
13:47:09:750 5484 IRP_MJ_SET_INFORMATION : 8AFE8D6B
13:47:09:750 5484 IRP_MJ_QUERY_EA : 8AFE8D6B
13:47:09:750 5484 IRP_MJ_SET_EA : 8AFE8D6B
13:47:09:750 5484 IRP_MJ_FLUSH_BUFFERS : 8AFE8D6B
13:47:09:750 5484 IRP_MJ_QUERY_VOLUME_INFORMATION : 8AFE8D6B
13:47:09:750 5484 IRP_MJ_SET_VOLUME_INFORMATION : 8AFE8D6B
13:47:09:750 5484 IRP_MJ_DIRECTORY_CONTROL : 8AFE8D6B
13:47:09:750 5484 IRP_MJ_FILE_SYSTEM_CONTROL : 8AFE8D6B
13:47:09:750 5484 IRP_MJ_DEVICE_CONTROL : 8AFE8D6B
13:47:09:750 5484 IRP_MJ_INTERNAL_DEVICE_CONTROL : 8AFE8D6B
13:47:09:750 5484 IRP_MJ_SHUTDOWN : 8AFE8D6B
13:47:09:750 5484 IRP_MJ_LOCK_CONTROL : 8AFE8D6B
13:47:09:750 5484 IRP_MJ_CLEANUP : 8AFE8D6B
13:47:09:750 5484 IRP_MJ_CREATE_MAILSLOT : 8AFE8D6B
13:47:09:750 5484 IRP_MJ_QUERY_SECURITY : 8AFE8D6B
13:47:09:750 5484 IRP_MJ_SET_SECURITY : 8AFE8D6B
13:47:09:750 5484 IRP_MJ_POWER : 8AFE8D6B
13:47:09:750 5484 IRP_MJ_SYSTEM_CONTROL : 8AFE8D6B
13:47:09:750 5484 IRP_MJ_DEVICE_CHANGE : 8AFE8D6B
13:47:09:750 5484 IRP_MJ_QUERY_QUOTA : 8AFE8D6B
13:47:09:750 5484 IRP_MJ_SET_QUOTA : 8AFE8D6B
13:47:09:750 5484 Driver "atapi" infected by TDSS rootkit!
13:47:09:750 5484 C:\WINDOWS\system32\DRIVERS\atapi.sys - Verdict: 1
13:47:09:750 5484 File "C:\WINDOWS\system32\DRIVERS\atapi.sys" infected by TDSS rootkit ... 13:47:09:750 5484 Processing driver file: C:\WINDOWS\system32\DRIVERS\atapi.sys
13:47:09:750 5484 ProcessDirEnumEx: FindFirstFile(C:\WINDOWS\system32\DriverStore\FileRepository\*) error 3
13:47:09:828 5484 vfvi6
13:47:09:921 5484 !dsvbh1
13:47:10:421 5484 dsvbh2
13:47:10:437 5484 fdfb2
13:47:10:437 5484 Backup copy found, using it..
13:47:10:500 5484 will be cured on next reboot
13:47:10:500 5484 Reboot required for cure complete..
13:47:10:515 5484 Cure on reboot scheduled successfully
13:47:10:515 5484
13:47:10:515 5484 Completed
13:47:10:515 5484
13:47:10:515 5484 Results:
13:47:10:515 5484 Memory objects infected / cured / cured on reboot: 1 / 0 / 0
13:47:10:515 5484 Registry objects infected / cured / cured on reboot: 0 / 0 / 0
13:47:10:515 5484 File objects infected / cured / cured on reboot: 1 / 0 / 1
13:47:10:515 5484
13:47:10:515 5484 fclose_ex: Trying to close file C:\WINDOWS\system32\config\system
13:47:10:515 5484 fclose_ex: Trying to close file C:\WINDOWS\system32\config\software
13:47:10:515 5484 UnloadDriverW: NtUnloadDriver error 1
13:47:10:531 5484 KLMD(ARK) unloaded successfully

the tdsskiller found an infection and cured on reboot

#6 syler

syler

  • Malware Response Team
  • 8,150 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Warrington, UK
  • Local time:08:42 PM

Posted 04 April 2010 - 04:39 PM

Thats good it looks like TDSSKiller has taken out the main threat, you should notice some improvment in performance now,
please let me know how the computer is running.

Run the MBR Rootkit Detector again, as you did before and post the new mbr.log.


Your version of Java is out of date. Older versions have vulnerabilities that malicious sites can use to exploit and infect your system. Please follow these steps to remove older version Java components and update:
  • Download the latest version of Java Runtime Environment (JRE) Version 6 and save it to your desktop.
  • Look for "JDK 6 Update 19 (JDK or JRE)".
  • Click the "Download JRE" button to the right.
  • Select your Platform: "Windows".
  • Select your Language: "Multi-language".
  • Read the License Agreement, and then check the box that says: "Accept License Agreement".
  • Click Continue and the page will refresh.
  • Under Required Files, check the box for Windows Offline Installation, click the link below it and save the file to your desktop.
  • Close any programs you may have running - especially your web browser.
Go to Start > Settings > Control Panel, double-click on Add/Remove Programs and remove all older versions of Java.
  • Check (highlight) any item with Java Runtime Environment (JRE or J2SE) in the name.
  • Click the Remove or Change/Remove button and follow the onscreen instructions for the Java uninstaller.
  • Repeat as many times as necessary to remove each Java versions.
  • Reboot your computer once all Java components are removed.
  • Then from your desktop double-click on jre-6u19-windows-i586.exe to install the newest version.
  • If using Windows Vista and the installer refuses to launch due to insufficient user permissions, then Run As Administrator.
  • When the Java Setup - Welcome window opens, click the Install > button.
  • If offered to install a Toolbar, just uncheck the box before continuing unless you want it.
-- Starting with Java 6u10, the uninstaller incorporated in each new release uses Enhanced Auto update to automatically remove the previous version when updating to a later update release. It will not remove older versions, so they will need to be removed manually.
-- Java is updated frequently. If you want to be automatically notified of future updates, just turn on the Java Automatic Update feature and you will not have to remember to update when Java releases a new version.


Note: The Java Quick Starter (JQS.exe) adds a service to improve the initial startup time of Java applets and applications. To disable the JQS service if you don't want to use it, go to Start > Control Panel > Java > Advanced > Miscellaneous and uncheck the box for Java Quick Starter. Click Ok and reboot your computer.



Please do a scan with ESET OnlineScan

Note: If you run this in a browser other than IE you will be asked to download and install esetsmartinstaller_enu.exe
  • Click the button.
  • Check
  • Click the button.
  • Accept any security warnings from your browser and allow it to install the ActiveX control.
  • Check
  • Push the Start button.
  • ESET will then download updates for itself, install itself, and begin scanning your computer. Please be patient as this can take some time.
  • When the scan completes, push
  • Push , and save the file to your desktop using a unique name, such as ESETScan. Include the contents of this report in your next reply.
  • Push the button.
  • Push


Then in your next reply, please let me know if you are having any more problems and post back here with the following logs:
  • mbr.log
  • ESET report
  • New DDS log

Thanks

unite.jpg


#7 chefbrad

chefbrad
  • Topic Starter

  • Members
  • 85 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:02:42 PM

Posted 04 April 2010 - 05:20 PM

I'm still working on my scans; however, I'm having trouble removing the old versions of Java. I attached the error screen i receive when I try to remove them.

#8 syler

syler

  • Malware Response Team
  • 8,150 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Warrington, UK
  • Local time:08:42 PM

Posted 04 April 2010 - 05:32 PM

No problem, you can run JavaRa that should clean it all up.

Please download JavaRa and unzip it to your desktop.
Then Print these instructions as you won't have Internet access during this particular phase.

Close any instances of Internet Explorer before continuing
  • Double-click on JavaRa.exe to start the program.
  • From the drop-down menu, choose English or the appropriate language...and click on Select.
  • JavaRa will open; Select Remove Older Versions, click yes, then ok.
  • A logfile will pop up, you can close it.
  • Now select Additional Tasks and check the following:
    Remove Useless JRE Files
    Remove Startup Entry
  • Click Go then ok to all the prompts, once done restart your computer.

unite.jpg


#9 chefbrad

chefbrad
  • Topic Starter

  • Members
  • 85 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:02:42 PM

Posted 04 April 2010 - 07:00 PM

The ESET scan is taking quite a long time. I checked to Scan Archives, but not to remove threats. Should I have?

#10 chefbrad

chefbrad
  • Topic Starter

  • Members
  • 85 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:02:42 PM

Posted 04 April 2010 - 11:06 PM

Here are the logs you requested. I'm still having trouble installing the new Java. When I run the installation I get an error. "The feature you are trying to use ison a network resource that is unavailable." Then it wants me to look for "jre1.6.0_14-c.msi" Let me know what you think. Thanks again!

DDS log:


DDS (Ver_10-03-17.01) - NTFSx86
Run by Brad at 23:50:08.15 on Sun 04/04/2010
Internet Explorer: 8.0.6001.18702 BrowserJavaVersion: 1.6.0_18
Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.2046.1363 [GMT -4:00]

AV: AVG Internet Security *On-access scanning enabled* (Updated) {17DDD097-36FF-435F-9E1B-52D74245D6BF}
FW: AVG Firewall *enabled* {8decf618-9569-4340-b34a-d78d28969b66}

============== Running Processes ===============

C:\WINDOWS\system32\svchost -k DcomLaunch
svchost.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
C:\WINDOWS\system32\svchost.exe -k WudfServiceGroup
C:\Program Files\AVG\AVG9\avgchsvx.exe
C:\Program Files\AVG\AVG9\avgrsx.exe
C:\Program Files\AVG\AVG9\avgcsrvx.exe
svchost.exe
svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\AVG\AVG9\Identity Protection\Agent\Bin\AVGIDSAgent.exe
C:\Program Files\Creative\Sound Blaster Live! 24-bit\Surround Mixer\CTSysVol.exe
C:\WINDOWS\system32\dla\tfswctrl.exe
C:\Program Files\Common Files\Seagate\Schedule2\schedhlp.exe
C:\PROGRA~1\AVG\AVG9\avgtray.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Common Files\Pure Networks Shared\Platform\nmctxth.exe
C:\Program Files\AVG\AVG9\Identity Protection\agent\bin\avgidsmonitor.exe
svchost.exe
C:\Program Files\Common Files\Acronis\Schedule2\schedul2.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\AVG\AVG9\avgwdsvc.exe
C:\Program Files\AVG\AVG9\avgfws9.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\WINDOWS\system32\FsUsbExService.Exe
C:\WINDOWS\system32\svchost.exe -k hpdevmgmt
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\Common Files\Motive\McciCMService.exe
C:\Program Files\AVG\AVG9\avgam.exe
C:\Program Files\AVG\AVG9\avgnsx.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\WINDOWS\System32\svchost.exe -k HPZ12
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\IoctlSvc.exe
C:\Program Files\Sony\PMB\PMBDeviceInfoProvider.exe
C:\WINDOWS\System32\svchost.exe -k HPZ12
C:\WINDOWS\system32\tcpsvcs.exe
C:\WINDOWS\system32\svchost.exe -k imgsvc
C:\WINDOWS\system32\MsPMSPSv.exe
C:\Program Files\Common Files\Pure Networks Shared\Platform\nmsrvc.exe
C:\Program Files\AVG\AVG9\avgcsrvx.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\WINDOWS\system32\igfxsrvc.exe
C:\WINDOWS\explorer.exe
C:\Documents and Settings\Brad\Desktop\dds.scr

============== Pseudo HJT Report ===============

uStart Page = hxxp://www.windstream.net/wind/portal/index.aspx
uSearchMigratedDefaultURL = hxxp://search.live.com/results.aspx?q={searchTerms}&src={referrer:source?}
uInternet Settings,ProxyOverride = 127.0.0.1;localhost;*.local
uURLSearchHooks: AVG Security Toolbar BHO: {a3bc75a2-1f87-4686-aa43-5347d756017c} - c:\program files\avg\avg9\toolbar\IEToolbar.dll
BHO: AutorunsDisabled - No File
BHO: AVG Safe Search: {3ca2f312-6f6e-4b53-a66e-4e65e497c8c0} - c:\program files\avg\avg9\avgssie.dll
BHO: DriveLetterAccess: {5ca3d70e-1895-11cf-8e15-001234567890} - c:\windows\system32\dla\tfswshx.dll
BHO: AVG Security Toolbar BHO: {a3bc75a2-1f87-4686-aa43-5347d756017c} - c:\program files\avg\avg9\toolbar\IEToolbar.dll
BHO: Java™ Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
BHO: JQSIEStartDetectorImpl Class: {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - c:\program files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
TB: AVG Security Toolbar: {ccc7a320-b3ca-4199-b1a6-9f516dd69829} - c:\program files\avg\avg9\toolbar\IEToolbar.dll
EB: {FE54FA40-D68C-11d2-98FA-00C0F0318AFE} - No File
mRun: [CTSysVol] "c:\program files\creative\sound blaster live! 24-bit\surround mixer\CTSysVol.exe" /r
mRun: [dla] c:\windows\system32\dla\tfswctrl.exe
mRun: [AppleSyncNotifier] c:\program files\common files\apple\mobile device support\bin\AppleSyncNotifier.exe
mRun: [Acronis Scheduler2 Service] "c:\program files\common files\seagate\schedule2\schedhlp.exe"
mRun: [AVG9_TRAY] c:\progra~1\avg\avg9\avgtray.exe
mRun: [iTunesHelper] "c:\program files\itunes\iTunesHelper.exe"
mRun: [NvCplDaemon] RUNDLL32.EXE c:\windows\system32\NvCpl.dll,NvStartup
mRun: [nmctxth] "c:\program files\common files\pure networks shared\platform\nmctxth.exe"
mRun: [SunJavaUpdateSched] "c:\program files\common files\java\java update\jusched.exe"
StartupFolder: c:\docume~1\brad\startm~1\programs\startup\autoru~1\gozone~1.lnk - c:\program files\gozone\GoZone_iSync.exe
StartupFolder: c:\docume~1\brad\startm~1\programs\startup\autoru~1\lex18d~1.lnk - c:\program files\lex 18 desktop weather\liveonline_3342343.exe
StartupFolder: c:\docume~1\brad\startm~1\programs\startup\autoru~1\logite~1.lnk - c:\program files\common files\logishrd\ereg\setpoint\eReg.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\autoru~1\adober~1.lnk - c:\program files\adobe\acrobat 7.0\reader\reader_sl.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\autoru~1\alltel~1.lnk - c:\program files\alltel dsl check-up center\bin\matcli.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\autoru~1\digita~1.lnk - c:\program files\digital line detect\DLG.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\autoru~1\hpdigi~1.lnk - c:\program files\hp\digital imaging\bin\hpqtra08.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\autoru~1\logite~2.lnk - c:\program files\logitech\desktop messenger\8876480\program\LDMConf.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\autoru~1\logite~1.lnk - c:\program files\logitech\setpoint\SetPoint.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\autoru~1\window~1.lnk - c:\program files\msn toolbar suite\ds\02.05.0001.1119\en-us\bin\WindowsSearch.exe
mPolicies-system: EnableLinkedConnections = 1 (0x1)
IE: &MSN Search - c:\program files\msn toolbar suite\tb\02.05.0001.1119\en-us\msntb.dll/search.htm
IE: E&xport to Microsoft Excel - c:\progra~1\micros~2\office11\EXCEL.EXE/3000
IE: Open in new background tab - c:\program files\msn toolbar suite\tab\02.05.0001.1119\en-us\msntabres.dll/229?7ef2e66cc26744b0a35df2ddda322a39
IE: Open in new foreground tab - c:\program files\msn toolbar suite\tab\02.05.0001.1119\en-us\msntabres.dll/230?7ef2e66cc26744b0a35df2ddda322a39
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
IE: {CD67F990-D8E9-11d2-98FE-00C0F0318AFE}
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
IE: {58ECB495-38F0-49cb-A538-10282ABF65E7} - {E763472E-A716-4CD9-89BD-DBDA6122F741} - c:\program files\hp\smart web printing\hpswp_extensions.dll
IE: {700259D7-1666-479a-93B1-3250410481E8} - {A93C41D8-01F8-4F8B-B14C-DE20B117E636} - c:\program files\hp\smart web printing\hpswp_extensions.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~2\office11\REFIEBAR.DLL
Trusted Zone: alltel.com\care
DPF: {01A88BB1-1174-41EC-ACCB-963509EAE56B} - hxxps://support.dell.com/systemprofiler/SysPro.CAB
DPF: {02BF25D5-8C17-4B23-BC80-D3488ABDDC6B} - hxxp://a1540.g.akamai.net/7/1540/52/20061205/qtinstall.info.apple.com/qtactivex/qtplugin.cab
DPF: {05CA9FB0-3E3E-4B36-BF41-0E3A5CAA8CD8} - hxxp://download.microsoft.com/download/e/7/3/e7345c16-80aa-4488-ae10-9ac6be844f99/OGAControl.cab
DPF: {0742B9EF-8C83-41CA-BFBA-830A59E23533} - hxxps://support.microsoft.com/OAS/ActiveX/MSDcode.cab
DPF: {1239CC52-59EF-4DFA-8C61-90FFA846DF7E} - hxxp://www.musicnotes.com/download/mnviewer.cab
DPF: {17492023-C23A-453E-A040-C7C580BBF700} - hxxp://go.microsoft.com/fwlink/?linkid=39204
DPF: {3E68E405-C6DE-49FF-83AE-41EE9F4C36CE} - hxxp://office.microsoft.com/officeupdate/content/opuc2.cab
DPF: {48DD0448-9209-4F81-9F6D-D83562940134} - hxxp://lads.myspace.com/upload/MySpaceUploader1006.cab
DPF: {4A3CF76B-EC7A-405D-A67D-8DC6B52AB35B} - hxxp://aolcc.aol.com/computercheckup/qdiagcc.cab
DPF: {56762DEC-6B0D-4AB4-A8AD-989993B5D08B} - hxxp://www.eset.eu/buxus/docs/OnlineScanner.cab
DPF: {5D637FAD-E202-48D1-8F18-5B9C459BD1E3} - hxxp://www.winkflash.com/photo/loaders/ImageUploader5.cab
DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} - hxxp://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1130593343250
DPF: {6E5E167B-1566-4316-B27F-0DDAB3484CF7} - hxxp://www.winkflash.com/photo/loaders/ImageUploader4.cab
DPF: {72C9EA8F-8965-40C2-ABAD-D460A5815F86} - hxxp://host.oddcast.com/hostClientIE.cab
DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} - hxxp://download.eset.com/special/eos/OnlineScanner.cab
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_18-windows-i586.cab
DPF: {A8F2B9BD-A6A0-486A-9744-18920D898429} - hxxp://www.sibelius.com/download/software/win/ActiveXPlugin.cab
DPF: {B1E2B96C-12FE-45E2-BEF1-44A219113CDD} - hxxp://www.superadblocker.com/activex/sabspx.cab
DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} - hxxp://cdn2.zone.msn.com/binFramework/v10/ZIntro.cab34246.cab
DPF: {C7DB51B4-BCF7-4923-8874-7F1A0DC92277} - hxxp://office.microsoft.com/officeupdate/content/opuc4.cab
DPF: {CAFEEFAC-0016-0000-0018-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_18-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_18-windows-i586.cab
DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://fpdownload2.macromedia.com/get/flashplayer/current/swflash.cab
DPF: {EBF85371-A38F-485B-B28F-0B4C82D25937} - hxxp://update.hpphoto.com/download/HPSWUpdate.ocx
DPF: {FFBB3F3B-0A5A-4106-BE53-DFE1E2340CB1} - hxxp://dlm.tools.akamai.com/dlmanager/versions/activex/dlm-activex-2.2.1.6.cab
Handler: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - c:\program files\avg\avg9\avgpp.dll
Handler: pure-go - {4746C79A-2042-4332-8650-48966E44ABA8} - c:\program files\common files\pure networks shared\platform\puresp4.dll
Notify: AutorunsDisabled - c:\program files\superantispyware\SASWINLO.dll
Notify: avgrsstarter - avgrsstx.dll
Notify: igfxcui - igfxdev.dll
SecurityProviders: msapsspc.dll, schannel.dll, digest.dll, msnsspc.dll, zwebauth.dll
LSA: Authentication Packages = msv1_0 relog_ap

================= FIREFOX ===================

FF - ProfilePath - c:\docume~1\brad\applic~1\mozilla\firefox\profiles\5wo5dy23.default\
FF - prefs.js: browser.search.selectedEngine - Google
FF - prefs.js: browser.startup.homepage - hxxp://www.windstream.net/wind/portal/index.aspx
FF - component: c:\program files\avg\avg9\firefox\components\avgssff.dll
FF - component: c:\program files\avg\avg9\toolbar\firefox\avg@igeared\components\IGeared_tavgp_xputils2.dll
FF - component: c:\program files\avg\avg9\toolbar\firefox\avg@igeared\components\IGeared_tavgp_xputils3.dll
FF - component: c:\program files\avg\avg9\toolbar\firefox\avg@igeared\components\IGeared_tavgp_xputils35.dll
FF - component: c:\program files\avg\avg9\toolbar\firefox\avg@igeared\components\xpavgtbapi.dll
FF - plugin: c:\program files\mozilla firefox\plugins\npCouponPrinter.dll
FF - plugin: c:\program files\mozilla firefox\plugins\npmusicn.dll
FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\microsoft.net\framework\v3.5\windows presentation foundation\dotnetassistantextension\
FF - HiddenExtension: Java Console: No Registry Reference - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0003-ABCDEFFEDCBA}
FF - HiddenExtension: Java Console: No Registry Reference - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA}
FF - HiddenExtension: Java Console: No Registry Reference - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0014-ABCDEFFEDCBA}
FF - HiddenExtension: Java Console: No Registry Reference - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0015-ABCDEFFEDCBA}
FF - HiddenExtension: Java Console: No Registry Reference - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA}
FF - HiddenExtension: Java Console: No Registry Reference - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0018-ABCDEFFEDCBA}

---- FIREFOX POLICIES ----
c:\program files\mozilla firefox\greprefs\all.js - pref("ui.use_native_colors", true);
c:\program files\mozilla firefox\greprefs\all.js - pref("ui.use_native_popup_windows", false);
c:\program files\mozilla firefox\greprefs\all.js - pref("browser.enable_click_image_resizing", true);
c:\program files\mozilla firefox\greprefs\all.js - pref("accessibility.browsewithcaret_shortcut.enabled", true);
c:\program files\mozilla firefox\greprefs\all.js - pref("javascript.options.mem.high_water_mark", 32);
c:\program files\mozilla firefox\greprefs\all.js - pref("javascript.options.mem.gc_frequency", 1600);
c:\program files\mozilla firefox\greprefs\all.js - pref("network.auth.force-generic-ntlm", false);
c:\program files\mozilla firefox\greprefs\all.js - pref("svg.smil.enabled", false);
c:\program files\mozilla firefox\greprefs\all.js - pref("ui.trackpoint_hack.enabled", -1);
c:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.debug", false);
c:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.agedWeight", 2);
c:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.bucketSize", 1);
c:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.maxTimeGroupings", 25);
c:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.timeGroupingSize", 604800);
c:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.boundaryWeight", 25);
c:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.prefixWeight", 5);
c:\program files\mozilla firefox\greprefs\all.js - pref("html5.enable", false);
c:\program files\mozilla firefox\greprefs\security-prefs.js - pref("security.ssl.allow_unrestricted_renego_everywhere__temporarily_available_pref", true);
c:\program files\mozilla firefox\greprefs\security-prefs.js - pref("security.ssl.renego_unrestricted_hosts", "");
c:\program files\mozilla firefox\greprefs\security-prefs.js - pref("security.ssl.treat_unsafe_negotiation_as_broken", false);
c:\program files\mozilla firefox\greprefs\security-prefs.js - pref("security.ssl.require_safe_negotiation", false);
c:\program files\mozilla firefox\greprefs\security-prefs.js - pref("security.ssl3.rsa_seed_sha", true);
c:\program files\mozilla firefox\defaults\pref\firefox-branding.js - pref("app.update.download.backgroundInterval", 600);
c:\program files\mozilla firefox\defaults\pref\firefox-branding.js - pref("app.update.url.manual", "http://www.firefox.com");
c:\program files\mozilla firefox\defaults\pref\firefox-branding.js - pref("browser.search.param.yahoo-fr-ja", "mozff");
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.name", "chrome://browser/locale/browser.properties");
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.description", "chrome://browser/locale/browser.properties");
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("xpinstall.whitelist.add", "addons.mozilla.org");
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("xpinstall.whitelist.add.36", "getpersonas.com");
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("lightweightThemes.update.enabled", true);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("browser.allTabs.previews", false);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("plugins.hide_infobar_for_outdated_plugin", false);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("plugins.update.notifyUser", false);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("toolbar.customization.usesheet", false);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("browser.taskbar.previews.enable", false);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("browser.taskbar.previews.max", 20);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("browser.taskbar.previews.cachetime", 20);

============= SERVICES / DRIVERS ===============

R0 AVGIDSErHrxpx;AVG9IDSErHr;c:\windows\system32\drivers\AVGIDSxx.sys [2009-10-28 25096]
R0 AvgRkx86;avgrkx86.sys;c:\windows\system32\drivers\avgrkx86.sys [2008-11-7 52872]
R0 tdrpman140;Acronis Try&Decide and Restore Points filter (build 140);c:\windows\system32\drivers\tdrpm140.sys [2008-10-25 971168]
R1 AvgLdx86;AVG AVI Loader Driver x86;c:\windows\system32\drivers\avgldx86.sys [2008-11-7 216200]
R1 AvgMfx86;AVG On-access Scanner Minifilter Driver x86;c:\windows\system32\drivers\avgmfx86.sys [2007-2-26 29512]
R1 AvgTdiX;AVG8 Network Redirector;c:\windows\system32\drivers\avgtdix.sys [2008-11-7 242696]
R2 avg9wd;AVG WatchDog;c:\program files\avg\avg9\avgwdsvc.exe [2010-3-5 308064]
R2 avgfws9;AVG Firewall;c:\program files\avg\avg9\avgfws9.exe [2010-3-5 2325816]
R2 AVGIDSAgent;AVG9IDSAgent;c:\program files\avg\avg9\identity protection\agent\bin\AVGIDSAgent.exe [2010-3-5 5888008]
R2 FsUsbExService;FsUsbExService;c:\windows\system32\FsUsbExService.Exe [2010-2-13 233472]
R2 PMBDeviceInfoProvider;PMBDeviceInfoProvider;c:\program files\sony\pmb\PMBDeviceInfoProvider.exe [2009-10-24 360224]
R3 Avgfwdx;Avgfwdx;c:\windows\system32\drivers\avgfwdx.sys [2009-3-4 30104]
R3 AVGIDSDriverxpx;AVG9IDSDriver;c:\program files\avg\avg9\identity protection\agent\driver\platform_xp\AVGIDSDriver.sys [2009-10-28 122376]
R3 AVGIDSFilterxpx;AVG9IDSFilter;c:\program files\avg\avg9\identity protection\agent\driver\platform_xp\AVGIDSFilter.sys [2009-10-28 30216]
R3 AVGIDSShimxpx;AVG9IDSShim;c:\program files\avg\avg9\identity protection\agent\driver\platform_xp\AVGIDSShim.sys [2009-10-28 26120]
R3 FsUsbExDisk;FsUsbExDisk;c:\windows\system32\FsUsbExDisk.Sys [2010-2-13 36608]
R3 P0630VID;Creative WebCam Live!;c:\windows\system32\drivers\P0630Vid.sys [2005-12-27 91841]
S3 Avgfwfd;AVG network filter service;c:\windows\system32\drivers\avgfwdx.sys [2009-3-4 30104]
S3 ggflt;SEMC USB Flash Driver Filter;c:\windows\system32\drivers\ggflt.sys [2008-7-14 13224]
S3 RoxMediaDB11;RoxMediaDB11;c:\program files\common files\roxio shared\11.0\sharedcom\RoxMediaDB11.exe [2009-5-20 1128944]
S3 s0016bus;Sony Ericsson Device 0016 driver (WDM);c:\windows\system32\drivers\s0016bus.sys [2008-12-2 89256]
S3 s0016mdfl;Sony Ericsson Device 0016 USB WMC Modem Filter;c:\windows\system32\drivers\s0016mdfl.sys [2008-12-2 15016]
S3 s0016mdm;Sony Ericsson Device 0016 USB WMC Modem Driver;c:\windows\system32\drivers\s0016mdm.sys [2008-12-2 120744]
S3 s0016mgmt;Sony Ericsson Device 0016 USB WMC Device Management Drivers (WDM);c:\windows\system32\drivers\s0016mgmt.sys [2008-12-2 114216]
S3 s0016nd5;Sony Ericsson Device 0016 USB Ethernet Emulation SEMC0016 (NDIS);c:\windows\system32\drivers\s0016nd5.sys [2008-12-2 25512]
S3 s0016obex;Sony Ericsson Device 0016 USB WMC OBEX Interface;c:\windows\system32\drivers\s0016obex.sys [2008-12-2 110632]
S3 s0016unic;Sony Ericsson Device 0016 USB Ethernet Emulation SEMC0016 (WDM);c:\windows\system32\drivers\s0016unic.sys [2008-12-2 115752]
S3 s0017bus;Sony Ericsson Device 0017 driver (WDM);c:\windows\system32\drivers\s0017bus.sys [2008-12-2 90536]
S3 s0017mdfl;Sony Ericsson Device 0017 USB WMC Modem Filter;c:\windows\system32\drivers\s0017mdfl.sys [2008-12-2 15016]
S3 s0017mdm;Sony Ericsson Device 0017 USB WMC Modem Driver;c:\windows\system32\drivers\s0017mdm.sys [2008-12-2 122152]
S3 s0017mgmt;Sony Ericsson Device 0017 USB WMC Device Management Drivers (WDM);c:\windows\system32\drivers\s0017mgmt.sys [2008-12-2 115496]
S3 s0017nd5;Sony Ericsson Device 0017 USB Ethernet Emulation SEMC0017 (NDIS);c:\windows\system32\drivers\s0017nd5.sys [2008-12-2 25768]
S3 s0017obex;Sony Ericsson Device 0017 USB WMC OBEX Interface;c:\windows\system32\drivers\s0017obex.sys [2008-12-2 111912]
S3 s0017unic;Sony Ericsson Device 0017 USB Ethernet Emulation SEMC0017 (WDM);c:\windows\system32\drivers\s0017unic.sys [2008-12-2 117672]
S3 s1018bus;Sony Ericsson Device 1018 driver (WDM);c:\windows\system32\drivers\s1018bus.sys [2008-12-2 90408]
S3 s1018mdfl;Sony Ericsson Device 1018 USB WMC Modem Filter;c:\windows\system32\drivers\s1018mdfl.sys [2008-12-2 15016]
S3 s1018mdm;Sony Ericsson Device 1018 USB WMC Modem Driver;c:\windows\system32\drivers\s1018mdm.sys [2008-12-2 122024]
S3 s1018mgmt;Sony Ericsson Device 1018 USB WMC Device Management Drivers (WDM);c:\windows\system32\drivers\s1018mgmt.sys [2008-12-2 115368]
S3 s1018nd5;Sony Ericsson Device 1018 USB Ethernet Emulation (NDIS);c:\windows\system32\drivers\s1018nd5.sys [2008-12-2 25768]
S3 s1018obex;Sony Ericsson Device 1018 USB WMC OBEX Interface;c:\windows\system32\drivers\s1018obex.sys [2008-12-2 111784]
S3 s1018unic;Sony Ericsson Device 1018 USB Ethernet Emulation (WDM);c:\windows\system32\drivers\s1018unic.sys [2008-12-2 117544]
S4 LinksysUpdater;Linksys Updater;c:\program files\linksys\linksys updater\bin\LinksysUpdater.exe [2008-6-26 204800]

=============== Created Last 30 ================

2010-04-05 03:03:08 0 d-----w- c:\documents and settings\brad\.SunDownloadManager
2010-04-04 22:10:58 0 d-----w- c:\program files\ESET
2010-04-04 17:32:25 0 d-----w- C:\_OTL
2010-04-04 17:30:44 50176 ----a-w- c:\windows\system32\proquota.exe
2010-04-04 17:30:44 50176 ----a-w- c:\windows\system32\dllcache\proquota.exe
2010-04-04 14:54:09 0 ----a-w- c:\documents and settings\brad\defogger_reenable
2010-03-28 15:48:23 0 d-----w- c:\docume~1\brad\applic~1\Uniblue
2010-03-21 17:39:06 0 d-----w- c:\program files\common files\Sony Shared
2010-03-13 02:30:07 0 d-sh--w- c:\windows\Installer
2010-03-11 03:13:47 479752 ----a-w- c:\windows\system32\XAudio2_0.dll
2010-03-11 03:13:46 238088 ----a-w- c:\windows\system32\xactengine3_0.dll
2010-03-11 03:13:44 25608 ----a-w- c:\windows\system32\X3DAudio1_3.dll
2010-03-11 03:13:42 462864 ----a-w- c:\windows\system32\d3dx10_37.dll
2010-03-11 03:13:42 1420824 ----a-w- c:\windows\system32\D3DCompiler_37.dll
2010-03-11 03:13:41 3786760 ----a-w- c:\windows\system32\D3DX9_37.dll
2010-03-11 03:08:25 186407 ----a-w- c:\windows\system32\nvapps.nvb
2010-03-11 02:41:18 81920 ------r- c:\windows\bwUnin-6.1.4.61-8876480L.exe
2010-03-11 02:40:41 0 d-----w- c:\program files\common files\Logitech
2010-03-11 02:37:45 12160 ----a-w- c:\windows\system32\drivers\mouhid.sys
2010-03-11 02:37:45 12160 ----a-w- c:\windows\system32\dllcache\mouhid.sys
2010-03-10 18:50:21 3558912 ------w- c:\windows\system32\dllcache\moviemk.exe

==================== Find3M ====================

2010-04-04 17:48:53 96512 ----a-w- c:\windows\system32\drivers\atapi.sys
2010-03-30 04:46:30 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2010-03-30 04:45:52 20824 ----a-w- c:\windows\system32\drivers\mbam.sys
2010-03-07 15:29:21 297 ----a-w- c:\program files\Jawbreak.svg
2010-03-05 08:35:37 242696 ----a-w- c:\windows\system32\drivers\avgtdix.sys
2010-03-05 08:35:34 12464 ----a-w- c:\windows\system32\avgrsstx.dll
2010-03-05 08:35:23 25096 ----a-w- c:\windows\system32\drivers\AVGIDSxx.sys
2010-03-05 08:34:02 216200 ----a-w- c:\windows\system32\drivers\avgldx86.sys
2010-03-05 08:33:52 52872 ----a-w- c:\windows\system32\drivers\avgrkx86.sys
2010-02-25 15:54:36 11070976 ----a-w- c:\windows\system32\dllcache\ieframe.dll
2010-02-24 09:54:25 173056 ----a-w- c:\windows\system32\dllcache\ie4uinit.exe
2010-02-13 19:07:21 25512 ----a-w- c:\windows\system32\drivers\ggsemc.sys
2010-02-13 19:07:21 13224 ----a-w- c:\windows\system32\drivers\ggflt.sys
2009-10-31 21:53:53 2133430 ----a-w- c:\program files\SharePod.zip
2009-10-27 02:47:05 425984 ----a-w- c:\program files\gozone_isync.exe
2009-07-01 04:35:23 1766984 ----a-w- c:\program files\TryWoW.exe
2008-12-27 17:12:15 204496 -c--a-w- c:\program files\StartUpLite.exe
2008-05-02 02:02:47 3558791 -c--a-w- c:\program files\youtubedownloader.exe
2006-07-18 19:17:42 355840 ----a-w- c:\program files\Jawbreaker 1.10.exe
2006-07-10 18:22:08 398912 ----a-w- c:\program files\autoruns.exe
2005-02-24 03:55:14 1130496 -c--a-w- c:\program files\Elf Bowling.exe
2009-07-16 21:57:11 16384 --sha-w- c:\windows\system32\config\systemprofile\ietldcache\index.dat
2008-08-21 11:15:49 32768 -csha-w- c:\windows\system32\config\systemprofile\local settings\history\history.ie5\mshist012008082120080822\index.dat

============= FINISH: 23:50:57.90 ===============

MBR log:

Stealth MBR rootkit/Mebroot/Sinowal detector 0.3.7 by Gmer, http://www.gmer.net

device: opened successfully
user: MBR read successfully
called modules: ntoskrnl.exe CLASSPNP.SYS disk.sys tsk17.tmp hal.dll pciide.sys PCIIDEX.SYS
kernel: MBR read successfully
user & kernel MBR OK

ESET report:

C:\Documents and Settings\Brad\Desktop\Nero_BackItUpAndBurn-1.2.17b.exe Win32/Toolbar.AskSBar application
C:\I386\GTDownDE_87.ocx probably a variant of Win32/Adware.Agent application


#11 syler

syler

  • Malware Response Team
  • 8,150 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Warrington, UK
  • Local time:08:42 PM

Posted 05 April 2010 - 07:24 AM

You can start a new topic in the XP forum about your Java issue, can you tell me how the computer is running now?

unite.jpg


#12 chefbrad

chefbrad
  • Topic Starter

  • Members
  • 85 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:02:42 PM

Posted 05 April 2010 - 05:43 PM

It seems to be running much better. Thank you!

#13 syler

syler

  • Malware Response Team
  • 8,150 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Warrington, UK
  • Local time:08:42 PM

Posted 06 April 2010 - 08:16 AM

Your logs look fine to me now.


Download and Run OTC

We will now remove the tools we used during this fix using OTC.
  • Download OTC by OldTimer and save it to your desktop.
  • Double click icon to start the program. If you are using Vista, please right-click and choose run as administrator
  • Then Click the big button.
  • You will get a prompt saying "Begin Cleanup Process". Please select Yes.
  • Restart your computer when prompted.


Cleaning and creating restore points
  • Click Start, right click My Computer and select properties.
  • Select the System Restore tab then check the box "Turn off System Restore".
  • Click Apply then Ok, then restart your computer
  • Now follow these steps again, but instead of checking "Turn off System Restore" Uncheck it.
Now that you have cleaned out you restore points you need to set a new restore point
  • Go to Start > Programs > Accessories > System Tools and click "System Restore".
  • Select "Create a restore point" then click Next.
  • Type a name under Restore point description then click Create.
Additional instructions can be found here if needed.

Note: This does not need to be done on a regular basis.


Congratulations! You now appear clean! thumbup.gif

Now that you are clean, please follow these simple steps in order to keep your computer clean and secure:

Keeping Windows updated
It is extremely important to keep windows up to date with the latest service pack and patches. This will prevent you
from getting the malware which uses vulnerabilities found in windows to exploit your computer. The easiest way to
do this this is by making sure that Automatic Updates are always enabled.

To do this Click on Start >> Control Panel >> Automatic updates and click Automatic (recommended) then Apply and Ok

Update your AntiVirus Software
It is imperative that you update your Antivirus software at least once a week (Even more if you wish). If you do not
update your antivirus software then it will not be able to catch any of the new variants that may come out. If you
use a commercial antivirus program you must make sure you keep renewing your subscription. Otherwise, once your
subscription runs out, you may not be able to update the programs virus definitions.

Make sure all programs are updated
It is also possible for other programs on your computer to have security vulnerability that can allow malware to infect you.
Therefore, it is also a good idea to check for the latest versions of commonly installed applications that are regularly
patched to fix vulnerabilities. You can check these by visiting Calendar of Updates or you can install Secunia PSI.

Install an AntiSpyware Program
It is recommended that you have an Anti Spyware program installed alongside your Ani Virus, to add an extra layer of protection.
You should update and scan with it as you would with your Anti Virus, Most Anti Spyware programs don't have active protection,
unless you have a paid version, so in that case you can have more than one installed for scanning purposes but you also don't
want to bloat your computer with these programs, so I would recommend having no more than two installed.

SuperAntiSpyware
Spybot - Search & Destroy
Ad-aware

Install Sanboxie
Sandboxie is a great program to help protect you against malware, working inside Sandboxie will basically mean that, what you are doing
will not make a permenant changes to your system, unless you allow it too. So you can be surfing the web inside Sandboxie then if you
happen to stumble upon a bad site and get infected, you can simply delete the Sanbox and all is gone. Having said that, it can not be
considered 100% secure as no program can be, but it can be a great help and is an excellent program. You can find a download link and
more information about the program here.

Secure your browsing
Firefox is generally considered to be a lot safer that Internet Explorer, I would recommend that you install Firefox and install
some addons that will make the browser even safer. You can download the latest version of Firefox here, if you already
have firefox these are some good addons.

Recommended addons
NoScript
Adblock Plus
WOT

Install SpywareBlaster
SpywareBlaster will added a large list of programs and sites into your Internet Explorer settings that will protect you
from running and downloading known malicious programs. You can find a tutorial and download link here.

Use MVPS hosts file
Using a custom host file like the MVPS HOSTS file can help to block ads, banners, 3rd party Cookies,
3rd party page counters, web bugs, and even most hijackers. It doesn't use up any extra system resources
and may even speed up the loading of web pages. You can download and find instructions here.


Follow this list and your potential for being infected again will reduce dramatically.

Happy surfing smile.gif
Syler

unite.jpg


#14 chefbrad

chefbrad
  • Topic Starter

  • Members
  • 85 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:02:42 PM

Posted 06 April 2010 - 04:43 PM

Thank you for your help!

#15 syler

syler

  • Malware Response Team
  • 8,150 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Warrington, UK
  • Local time:08:42 PM

Posted 07 April 2010 - 09:18 AM

Your very welcome smile.gif

unite.jpg





0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users