Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

cdrom.sys suspicious modification


  • This topic is locked This topic is locked
5 replies to this topic

#1 Imhotep is Invisible

Imhotep is Invisible

  • Members
  • 9 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:06:19 AM

Posted 01 May 2010 - 06:05 AM

Hi there,

I've been advised to post on this forum after a rootkit issue shown as "cdrom.sys suspicious modification" was identified from running GMER. I have been running MBAM and SuperAntispyware which has not cleared all of the problems I have had. The original post is here:

http://www.bleepingcomputer.com/forums/t/312808/persistent-malware-problems-google-links-redirecting-and-pages-popping-up-in-browser/

My original post of the problem in this topic was as follows:

"I've been having some persistent malware infection problems lately on this shared PC which runs Vista, usually it's the "vista defender" malware which shows up as "ave.exe" in processes. I've been using rkill to end the process and Malwarebytes to remove the infection which seems to keep coming back. After a while, it caused a problem whereby Microsoft Host Processes kept crashing minutes after Vista booting up so I rolled back the PC by a month and this seems to have stopped that problem.

However I'm still finding that from time to time, I'm getting browsers (both Firefox and Opera) opening up new webpages with seemingly random links as well as redirecting me to irrelevent sites when clicking links from google searches. Not only that, but only now after the rollback is AVG Antivirus starting to flag 5 processes which it can't remove as "Trojan Horse Dropper.Generic2.CVC".

These files all appear in a folder called vjvi.tmp and are called svchost.exe (no spaces), svchost .exe (1 space), svchost .exe (2 spaces), svchost .exe (3 spaces) and svchost .exe (4 spaces - this one is actually stated as Trojan Horse SHeur3.src). All I know about svchost is that it's an important windows file and that it's usually in the system folder and also that it isn't unusual to have several of these files running at once. If I run RKill at the moment, it stops two versions of C:\Windows\system32\DllHost.exe - I'm not sure where my problems lie at the moment but I'm stuck for ideas at the moment on what to do."

The following contains text from the DDS file:

________________________


DDS (Ver_10-03-17.01) - NTFSx86
Run by Stephen at 11:38:02.76 on 01/05/2010
Internet Explorer: 8.0.6001.18904 BrowserJavaVersion: 1.6.0_16
Microsoft® Windows Vista™ Home Premium 6.0.6002.2.1252.44.1033.18.3326.2088 [GMT 1:00]

SP: Windows Defender *enabled* (Updated) {D68DDC3A-831F-4FAE-9E44-DA132C1ACF46}
SP: SUPERAntiSpyware *disabled* (Updated) {222A897C-5018-402e-943F-7E7AC8560DA7}

============== Running Processes ===============

C:\Windows\system32\wininit.exe
C:\Program Files\AVG\AVG9\avgchsvx.exe
C:\Program Files\AVG\AVG9\avgrsx.exe
C:\Windows\system32\lsm.exe
C:\Program Files\AVG\AVG9\avgcsrvx.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\svchost.exe -k rpcss
C:\Windows\system32\Ati2evxx.exe
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\AUDIODG.EXE
C:\Windows\system32\svchost.exe -k GPSvcGroup
C:\Windows\system32\SLsvc.exe
C:\Windows\system32\svchost.exe -k LocalService
C:\Program Files\Dell\DellDock\DockLogin.exe
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\System32\ZoneLabs\vsmon.exe
C:\Windows\system32\Ati2evxx.exe
C:\Program Files\CheckPoint\ZAForceField\IswSvc.exe
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Program Files\AVG\AVG9\avgwdsvc.exe
C:\Program Files\Sony Ericsson\Sony Ericsson PC Suite\SupServ.exe
C:\Windows\system32\PnkBstrA.exe
C:\Windows\system32\PnkBstrB.exe
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\Program Files\AVG\AVG9\avgnsx.exe
C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
C:\Windows\system32\svchost.exe -k imgsvc
C:\Windows\System32\svchost.exe -k WerSvcGroup
C:\Windows\system32\SearchIndexer.exe
C:\Windows\system32\WUDFHost.exe
C:\Program Files\Dell Support Center\bin\sprtsvc.exe
C:\Program Files\CheckPoint\ZAForceField\ForceField.exe
C:\Windows\system32\taskeng.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Program Files\VIA\VIAudioi\VDeck\VDeck.exe
C:\Program Files\CyberLink\PowerDVD DX\PDVDDXSrv.exe
C:\Program Files\Thomson\SpeedTouch USB\dragdiag.exe
C:\Program Files\AVG\AVG9\avgtray.exe
C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
C:\Program Files\Java\jre6\bin\jusched.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Program Files\Windows Media Player\wmpnscfg.exe
C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\Windows\system32\wbem\unsecapp.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CCC.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Windows\system32\NOTEPAD.EXE
C:\Users\Stephen\Desktop\Defogger.exe
C:\Windows\system32\SearchProtocolHost.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Windows\system32\DllHost.exe
C:\Windows\system32\DllHost.exe
C:\Users\Stephen\Desktop\dds.scr
C:\Windows\system32\wbem\wmiprvse.exe

============== Pseudo HJT Report ===============

uURLSearchHooks: AVG Security Toolbar BHO: {a3bc75a2-1f87-4686-aa43-5347d756017c} - c:\program files\avg\avg9\toolbar\IEToolbar.dll
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll
BHO: AVG Safe Search: {3ca2f312-6f6e-4b53-a66e-4e65e497c8c0} - c:\program files\avg\avg9\avgssie.dll
BHO: {5C255C8A-E604-49b4-9D64-90988571CECB} - No File
BHO: Search Helper: {6ebf7485-159f-4bff-a14f-b9e3aac4465b} - c:\program files\microsoft\search enhancement pack\search helper\SEPsearchhelperie.dll
BHO: ZoneAlarm Toolbar Registrar: {8a4a36c2-0535-4d2c-bd3d-496cb7eed6e3} - c:\program files\checkpoint\zaforcefield\trustchecker\bin\TrustCheckerIEPlugin.dll
BHO: Windows Live Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - c:\program files\common files\microsoft shared\windows live\WindowsLiveLogin.dll
BHO: AVG Security Toolbar BHO: {a3bc75a2-1f87-4686-aa43-5347d756017c} - c:\program files\avg\avg9\toolbar\IEToolbar.dll
BHO: Java™ Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
BHO: Windows Live Toolbar Helper: {e15a8dc0-8516-42a1-81ea-dc94ec1acf10} - c:\program files\windows live\toolbar\wltcore.dll
TB: AVG Security Toolbar: {ccc7a320-b3ca-4199-b1a6-9f516dd69829} - c:\program files\avg\avg9\toolbar\IEToolbar.dll
TB: ZoneAlarm Toolbar: {ee2ac4e5-b0b0-4ec6-88a9-bca1a32ab107} - c:\program files\checkpoint\zaforcefield\trustchecker\bin\TrustCheckerIEPlugin.dll
TB: &Windows Live Toolbar: {21fa44ef-376d-4d53-9b0f-8a89d3229068} - c:\program files\windows live\toolbar\wltcore.dll
uRun: [Sidebar] c:\program files\windows sidebar\sidebar.exe /autoRun
uRun: [WMPNSCFG] c:\program files\windows media player\WMPNSCFG.exe
mRun: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide
mRun: [HDAudDeck] c:\program files\via\viaudioi\vdeck\VDeck.exe -r
mRun: [StartCCC] "c:\program files\ati technologies\ati.ace\core-static\CLIStart.exe" MSRun
mRun: [Adobe Reader Speed Launcher] "c:\program files\adobe\reader 9.0\reader\Reader_sl.exe"
mRun: []
mRun: [Microsoft Default Manager] "c:\program files\microsoft\search enhancement pack\default manager\DefMgr.exe" -resume
mRun: [PDVDDXSrv] "c:\program files\cyberlink\powerdvd dx\PDVDDXSrv.exe"
mRun: [dellsupportcenter] "c:\program files\dell support center\bin\sprtcmd.exe" /P dellsupportcenter
mRun: [SpeedTouch USB Diagnostics] "c:\program files\thomson\speedtouch usb\Dragdiag.exe" /icon
mRun: [QuickTime Task] "c:\program files\quicktime\QTTask.exe" -atboottime
mRun: [AVG9_TRAY] c:\progra~1\avg\avg9\avgtray.exe
mRun: [ZoneAlarm Client] "c:\program files\zone labs\zonealarm\zlclient.exe"
mRun: [ISW] "c:\program files\checkpoint\zaforcefield\ForceField.exe" /icon="hidden"
mRun: [SunJavaUpdateSched] "c:\program files\java\jre6\bin\jusched.exe"
mRun: [Malwarebytes Anti-Malware (reboot)] "c:\program files\malwarebytes' anti-malware\mbam.exe" /runcleanupscript
StartupFolder: c:\progra~2\micros~1\windows\startm~1\programs\startup\adobeg~1.lnk - c:\program files\common files\adobe\calibration\Adobe Gamma Loader.exe
StartupFolder: c:\progra~2\micros~1\windows\startm~1\programs\startup\micros~1.lnk - c:\program files\microsoft office\office\OSA9.EXE
mPolicies-explorer: BindDirectlyToPropertySetStorage = 0 (0x0)
mPolicies-system: EnableUIADesktopToggle = 0 (0x0)
IE: {4EAFEF58-EEFA-4116-983D-03B49BCBFFFE} - c:\program files\paltalk messenger\Paltalk.exe
IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - c:\program files\windows live\writer\WriterBrowserExtension.dll
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_16-windows-i586.cab
DPF: {C8AEB218-8B7A-4E15-AC17-0EE8D99B80EB} - hxxp://archives.gametap.com/static/cab_headless/GameTapWebUpdater.cab
DPF: {CAFEEFAC-0016-0000-0016-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_16-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_16-windows-i586.cab
TCP: {05F1B9A8-8888-4F3E-B37D-96716D6EAD79} = 212.139.132.22 212.139.132.23
Handler: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - c:\program files\avg\avg9\avgpp.dll
Notify: !SASWinLogon - c:\program files\superantispyware\SASWINLO.dll
Notify: GoToAssist - c:\program files\citrix\gotoassist\514\G2AWinLogon.dll
AppInit_DLLs: avgrsstx.dll
SEH: SABShellExecuteHook Class: {5ae067d3-9afb-48e0-853a-ebb7f4a000da} - c:\program files\superantispyware\SASSEH.DLL

================= FIREFOX ===================

FF - ProfilePath - c:\users\stephen\appdata\roaming\mozilla\firefox\profiles\fcoyx5nj.default\
FF - prefs.js: browser.search.defaulturl - hxxp://search.live.com/results.aspx?FORM=DLCDF7&PC=MDDC&q=
FF - prefs.js: browser.search.selectedEngine - Yahoo! Search
FF - prefs.js: keyword.URL - hxxp://uk.yhs.search.yahoo.com/avg/search?fr=yhs-avg&type=yahoo_avg_hs2-tb-web_uk&p=
FF - component: c:\program files\avg\avg9\firefox\components\avgssff.dll
FF - component: c:\program files\avg\avg9\toolbar\firefox\avg@igeared\components\IGeared_tavgp_xputils2.dll
FF - component: c:\program files\avg\avg9\toolbar\firefox\avg@igeared\components\IGeared_tavgp_xputils3.dll
FF - component: c:\program files\avg\avg9\toolbar\firefox\avg@igeared\components\IGeared_tavgp_xputils35.dll
FF - component: c:\program files\avg\avg9\toolbar\firefox\avg@igeared\components\xpavgtbapi.dll
FF - component: c:\program files\checkpoint\zaforcefield\trustchecker\components\TrustCheckerMozillaPlugin.dll
FF - component: c:\users\stephen\appdata\roaming\mozilla\firefox\profiles\fcoyx5nj.default\extensions\{e001c731-5e37-4538-a5cb-8168736a2360}\components\qscanff.dll
FF - plugin: c:\program files\gametap web player\bin\release\npGameTapWebPlayer.dll
FF - plugin: c:\program files\google\google earth\plugin\npgeplugin.dll
FF - plugin: c:\program files\google\update\1.2.183.23\npGoogleOneClick8.dll
FF - plugin: c:\program files\opera\program\plugins\np_gp.dll
FF - plugin: c:\program files\windows live\photo gallery\NPWLPG.dll
FF - plugin: c:\users\stephen\appdata\roaming\mozilla\firefox\profiles\fcoyx5nj.default\extensions\{e001c731-5e37-4538-a5cb-8168736a2360}\plugins\npqscan.dll
FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\microsoft.net\framework\v3.5\windows presentation foundation\dotnetassistantextension\
FF - HiddenExtension: Java Console: No Registry Reference - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0016-ABCDEFFEDCBA}

---- FIREFOX POLICIES ----
c:\program files\mozilla firefox\greprefs\security-prefs.js - pref("security.ssl.allow_unrestricted_renego_everywhere__temporarily_available_pref", true);
c:\program files\mozilla firefox\greprefs\security-prefs.js - pref("security.ssl.renego_unrestricted_hosts", "");
c:\program files\mozilla firefox\greprefs\security-prefs.js - pref("security.ssl.treat_unsafe_negotiation_as_broken", false);
c:\program files\mozilla firefox\greprefs\security-prefs.js - pref("security.ssl.require_safe_negotiation", false);
c:\program files\mozilla firefox\greprefs\security-prefs.js - pref("security.ssl3.rsa_seed_sha", true);

============= SERVICES / DRIVERS ===============

R1 AvgLdx86;AVG Free AVI Loader Driver x86;c:\windows\system32\drivers\avgldx86.sys [2009-12-15 216200]
R1 AvgMfx86;AVG Free On-access Scanner Minifilter Driver x86;c:\windows\system32\drivers\avgmfx86.sys [2009-12-15 29512]
R1 AvgTdiX;AVG Free Network Redirector;c:\windows\system32\drivers\avgtdix.sys [2009-12-15 242896]
R1 SASDIFSV;SASDIFSV;c:\program files\superantispyware\sasdifsv.sys [2010-2-17 12872]
R1 SASKUTIL;SASKUTIL;c:\program files\superantispyware\SASKUTIL.SYS [2010-2-17 66632]
R2 {1E444BE9-B8EC-4ce6-8C2B-6536FB7F4FB7};Power Control [2009/08/05 15:57:48];c:\program files\cyberlink\powerdvd dx\000.fcl [2009-8-5 87536]
R2 avg9wd;AVG Free WatchDog;c:\program files\avg\avg9\avgwdsvc.exe [2010-3-12 308064]
R2 DockLoginService;Dock Login Service;c:\program files\dell\delldock\DockLogin.exe [2008-12-18 155648]
R2 ISWKL;ZoneAlarm Toolbar ISWKL;c:\program files\checkpoint\zaforcefield\ISWKL.sys [2009-10-14 25208]
R2 IswSvc;ZoneAlarm Toolbar IswSvc;c:\program files\checkpoint\zaforcefield\ISWSVC.exe [2009-10-14 476528]
R2 OMSI download service;Sony Ericsson OMSI download service;c:\program files\sony ericsson\sony ericsson pc suite\SupServ.exe [2010-2-27 90112]
R3 VIAHdAudAddService;VIA High Definition Audio Driver Service;c:\windows\system32\drivers\viahduaa.sys [2009-8-6 1009152]
S2 gupdate;Google Update Service (gupdate);c:\program files\google\update\GoogleUpdate.exe [2010-1-30 135664]
S2 RoxLiveShare10;LiveShare P2P Server 10;c:\program files\common files\roxio shared\10.0\sharedcom\RoxLiveShare10.exe [2008-5-14 309744]
S2 RoxWatch10;Roxio Hard Drive Watcher 10;c:\program files\common files\roxio shared\10.0\sharedcom\RoxWatch10.exe [2008-5-14 166384]
S2 SessionLauncher;SessionLauncher;c:\users\admini~1\appdata\local\temp\dx9\sessionlauncher.exe --> c:\users\admini~1\appdata\local\temp\dx9\SessionLauncher.exe [?]
S3 FontCache;Windows Font Cache Service;c:\windows\system32\svchost.exe -k LocalServiceAndNoImpersonation [2008-1-21 21504]
S3 RoxMediaDB10;RoxMediaDB10;c:\program files\common files\roxio shared\10.0\sharedcom\RoxMediaDB10.exe [2008-5-14 1120752]
S3 SASENUM;SASENUM;c:\program files\superantispyware\SASENUM.SYS [2010-2-17 12872]
S3 SE1008mdm;Sony Ericsson SE1008 Mobile Device Full USB Driver;c:\windows\system32\drivers\SE1008mdm.sys [2009-2-12 58536]
S3 ST330;ST330;c:\windows\system32\drivers\st330.sys [2009-10-21 30464]
S3 STBUS;STBUS;c:\windows\system32\drivers\stbus.sys [2009-10-21 12672]

=============== Created Last 30 ================

2010-05-01 10:36:56 0 ----a-w- c:\users\stephen\defogger_reenable
2010-04-30 21:08:10 0 d-----w- c:\programdata\WindowsSearch
2010-04-27 18:27:46 54016 ----a-w- c:\windows\system32\drivers\fgcbqll.sys
2010-04-27 16:33:45 0 d-----w- c:\programdata\avG
2010-04-26 21:14:30 0 d-----w- c:\programdata\SUPERAntiSpyware.com
2010-04-26 21:14:21 0 d-----w- c:\users\stephen\appdata\roaming\SUPERAntiSpyware.com
2010-04-26 21:14:21 0 d-----w- c:\program files\SUPERAntiSpyware
2010-04-26 21:13:20 0 d-----w- c:\program files\common files\Wise Installation Wizard
2010-04-26 18:55:25 79360 ----a-w- c:\windows\system32\drivers\mrxsmb20.sys
2010-04-26 18:55:25 212992 ----a-w- c:\windows\system32\drivers\mrxsmb10.sys
2010-04-26 18:55:25 106496 ----a-w- c:\windows\system32\drivers\mrxsmb.sys
2010-04-26 18:55:14 3600776 ----a-w- c:\windows\system32\ntkrnlpa.exe
2010-04-26 18:55:14 3548040 ----a-w- c:\windows\system32\ntoskrnl.exe
2010-04-26 18:55:06 420352 ----a-w- c:\windows\system32\vbscript.dll
2010-04-26 18:41:57 98304 ----a-w- c:\windows\system32\cabview.dll
2010-04-26 18:26:20 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2010-04-26 18:26:17 20952 ----a-w- c:\windows\system32\drivers\mbam.sys
2010-04-25 22:39:32 0 d-sh--w- c:\users\stephen\appdata\roaming\lowsec
2010-04-23 20:53:58 0 d-----w- c:\windows\pss
2010-04-23 20:44:27 3407872 ----a-w- c:\windows\ocsetup_install_MicrosoftWindowsPowerShell.etl
2010-04-23 20:44:26 0 d-----w- c:\program files\Microsoft ATS
2010-04-23 17:50:35 0 d-----w- c:\program files\Trend Micro
2010-04-23 12:22:39 112 ----a-w- c:\programdata\5it12s5a.dat
2010-04-21 10:24:47 0 d-----w- c:\users\stephen\appdata\roaming\7C077197D6697FF7B785855D0641E404
2010-04-20 05:46:22 12464 ----a-w- c:\windows\system32\avgrsstx(447).dll
2010-04-20 05:46:09 0 d-----w- c:\programdata\AVG Security Toolbar(125)
2010-04-14 20:56:11 0 d-----w- c:\program files\PC Connectivity Solution
2010-04-14 20:56:05 0 d-----w- c:\programdata\Installations
2010-04-14 20:41:28 0 d-----w- C:\x64
2010-04-14 20:41:19 0 d-----w- C:\x32
2010-04-14 20:39:20 0 d-----w- c:\users\stephen\appdata\roaming\WinBatch
2010-04-13 22:24:19 172032 ----a-w- c:\windows\system32\wintrust.dll
2010-04-13 22:24:19 172032 ----a-w- c:\windows\system32\wintrust(516).dll
2010-04-13 12:38:52 0 d-----w- c:\users\stephen\appdata\roaming\QuickScan
2010-04-05 17:13:30 0 d-----w- c:\users\stephen\appdata\roaming\OpenOffice.org
2010-04-04 17:43:02 0 d-----w- c:\users\stephen\appdata\roaming\Malwarebytes
2010-04-04 17:42:54 0 d-----w- c:\programdata\Malwarebytes
2010-04-04 17:42:54 0 d-----w- c:\program files\Malwarebytes' Anti-Malware
2010-04-02 12:32:22 0 d-----w- c:\program files\HP

==================== Find3M ====================

2010-04-30 10:06:45 138376 ----a-w- c:\windows\system32\drivers\PnkBstrK.sys
2010-04-30 10:06:36 202448 ----a-w- c:\windows\system32\PnkBstrB.exe
2010-04-27 14:56:04 67072 ----a-w- c:\windows\system32\drivers\cdrom.sys
2010-04-26 18:46:21 242896 ----a-w- c:\windows\system32\drivers\avgtdix.sys
2010-03-26 12:48:31 51200 ----a-w- c:\windows\inf\infpub.dat
2010-03-26 12:48:31 143360 ----a-w- c:\windows\inf\infstrng.dat
2010-03-26 12:48:30 143360 ----a-w- c:\windows\inf\infstor.dat
2010-03-12 09:04:05 12464 ----a-w- c:\windows\system32\avgrsstx.dll
2010-03-12 09:03:43 216200 ----a-w- c:\windows\system32\drivers\avgldx86.sys
2010-03-04 13:50:14 261152 ----a-w- c:\windows\system32\drivers\Rtlh86.sys
2010-02-27 20:25:22 148736 ----a-w- c:\programdata\hpe425.dll
2010-02-23 06:39:13 916480 ----a-w- c:\windows\system32\wininet.dll
2010-02-23 06:39:13 916480 ----a-w- c:\windows\system32\wininet(515).dll
2010-02-23 06:39:00 1209344 ----a-w- c:\windows\system32\urlmon(506).dll
2010-02-23 06:33:45 71680 ----a-w- c:\windows\system32\iesetup.dll
2010-02-23 06:33:45 1985536 ----a-w- c:\windows\system32\iertutil(476).dll
2010-02-23 06:33:45 109056 ----a-w- c:\windows\system32\iesysprep.dll
2010-02-23 04:55:36 133632 ----a-w- c:\windows\system32\ieUnatt.exe
2010-02-20 23:06:41 24064 ----a-w- c:\windows\system32\nshhttp.dll
2010-02-20 23:05:14 30720 ----a-w- c:\windows\system32\httpapi.dll
2010-02-18 13:30:03 200704 ----a-w- c:\windows\system32\iphlpsvc.dll
2010-02-12 20:48:11 14087960 ----a-w- C:\pal_install_r17716.exe
2010-02-12 10:32:56 293376 ----a-w- c:\windows\system32\browserchoice.exe
2010-02-03 12:24:36 94208 ----a-w- c:\windows\system32\RTNUninst32.dll
2009-11-18 06:11:37 665600 ----a-w- c:\windows\inf\drvindex.dat
2008-01-21 02:43:21 174 --sha-w- c:\program files\desktop.ini
2006-11-02 12:42:02 30674 ----a-w- c:\windows\inf\perflib\0409\perfd.dat
2006-11-02 12:42:02 30674 ----a-w- c:\windows\inf\perflib\0409\perfc.dat
2006-11-02 12:42:02 287440 ----a-w- c:\windows\inf\perflib\0409\perfi.dat
2006-11-02 12:42:02 287440 ----a-w- c:\windows\inf\perflib\0409\perfh.dat
2006-11-02 09:20:21 287440 ----a-w- c:\windows\inf\perflib\0000\perfi.dat
2006-11-02 09:20:21 287440 ----a-w- c:\windows\inf\perflib\0000\perfh.dat
2006-11-02 09:20:19 30674 ----a-w- c:\windows\inf\perflib\0000\perfd.dat
2006-11-02 09:20:19 30674 ----a-w- c:\windows\inf\perflib\0000\perfc.dat
2009-11-03 18:35:36 245760 --sha-w- c:\windows\serviceprofiles\networkservice\appdata\roaming\microsoft\windows\ietldcache\index.dat
2009-12-01 07:09:01 16384 --sha-w- c:\windows\system32\config\systemprofile\appdata\local\microsoft\feeds cache\index.dat
2009-12-01 07:09:01 16384 --sha-w- c:\windows\system32\config\systemprofile\appdata\roaming\microsoft\windows\iecompatcache\index.dat
2009-12-01 07:09:01 16384 --sha-w- c:\windows\system32\config\systemprofile\appdata\roaming\microsoft\windows\privacie\index.dat
2009-10-23 11:20:59 8192 --sha-w- c:\windows\users\default\NTUSER.DAT

============= FINISH: 11:39:05.58 ===============

Thanks for all help in advance.

Attached Files


Edited by Imhotep is Invisible, 01 May 2010 - 06:17 AM.


BC AdBot (Login to Remove)

 


#2 Elise

Elise

    Bleepin' Blonde


  • Malware Study Hall Admin
  • 60,833 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:Romania
  • Local time:08:19 AM

Posted 04 May 2010 - 12:02 PM

Hello ,
And welcome.gif to the Bleeping Computer Malware Removal Forum
. My name is Elise and I'll be glad to help you with your computer problems.


I will be working on your malware issues, this may or may not solve other issues you may have with your machine.

Please note that whatever repairs we make, are for fixing your computer problems only and by no means should be used on another computer.
  • The cleaning process is not instant. Logs can take some time to research, so please be patient with me. I know that you need your computer working as quickly as possible, and I will work hard to help see that happen.
  • Please reply using the Add/Reply button in the lower right hand corner of your screen. Do not start a new topic.
  • The logs that you post should be pasted directly into the reply. Only attach them if requested or if they do not fit into the post.
  • Unfortunately, if I do not hear back from you within 5 days, I will be forced to close your topic. If you still need help after I have closed your topic, send me or a moderator a personal message with the address of the thread or feel free to create a new one.
You may want to keep the link to this topic in your favorites. Alternatively, you can click the button at the top bar of this topic and Track this Topic, where you can choose email notifications. The topics you are tracking are shown here.
-----------------------------------------------------------

If you have since resolved the original problem you were having, we would appreciate you letting us know. If not please perform the following steps below so we can have a look at the current condition of your machine.

If you have not done so, include a clear description of the problems you're having, along with any steps you may have performed so far.

If you have already posted a log, please do so again, as your situation may have changed.
Use the 'Add Reply' and add the new log to this thread.

We need to see some information about what is happening in your machine. Please perform the following scan:
  • Please download OTL from one of the following mirrors:
  • Save it to your desktop.
  • Double click on the icon on your desktop.
  • Click the "Scan All Users" checkbox.
  • Push the button.
  • Two reports will open, copy and paste them in a reply here:
    • OTListIt.txt <-- Will be opened
    • Extra.txt <-- Will be minimized

Please download GMER from one of the following locations and save it to your desktop:
  • Main Mirror
    This version will download a randomly named file (Recommended)
  • Zipped Mirror
    This version will download a zip file you will need to extract first. If you use this mirror, please extract the zip file to your desktop.
  • Disconnect from the Internet and close all running programs.
  • Temporarily disable any real-time active protection so your security programs will not conflict with gmer's driver.
  • Double-click on the randomly named GMER file (i.e. n7gmo46c.exe) and allow the gmer.sys driver to load if asked.
  • Note: If you downloaded the zipped version, extract the file to its own folder such as C:\gmer and then double-click on gmer.exe.


  • GMER will open to the Rootkit/Malware tab and perform an automatic quick scan when first run. (do not use the computer while the scan is in progress)
  • If you receive a WARNING!!! about rootkit activity and are asked to fully scan your system...click NO.
  • Now click the Scan button. If you see a rootkit warning window, click OK.
  • When the scan is finished, click the Save... button to save the scan results to your Desktop. Save the file as gmer.log.
  • Click the Copy button and paste the results into your next reply.
  • Exit GMER and re-enable all active protection when done.
-- If you encounter any problems, try running GMER in Safe Mode.

-------------------------------------------------------------
In the meantime please, do NOT install any new programs or update anything unless told to do so while we are fixing your problem

If you still need help, please include the following in your next reply
  • A detailed description of your problems
  • A new OTL log (don't forget extra.txt)
  • GMER log

Thanks and again sorry for the delay.

regards, Elise


"Now faith is the substance of things hoped for, the evidence of things not seen."

 

Follow BleepingComputer on: Facebook | Twitter | Google+ | lockerdome

 

Malware analyst @ Emsisoft


#3 Imhotep is Invisible

Imhotep is Invisible
  • Topic Starter

  • Members
  • 9 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:06:19 AM

Posted 04 May 2010 - 02:27 PM

Hi, thanks for your response :)

My problem is pretty much the same as it was in the first post. What keeps happening is that any browser I use will open extra tabs and go to seemingly random websites. Also, "Microsoft Host Processes" will close after a period of time online in order to, as it says, protect the computer which causes loss of internet connection. Although I was getting persistent malware infections of programs like Vista Defender, I haven't had one for over a week now so that side of things may be sorted but it may just be Microsoft Host Processes is forcing a loss of network connection before they occur, I don't know.

_________________________

First off, here's the OTL log
_________________________

OTL logfile created on: 04/05/2010 19:25:28 - Run 1
OTL by OldTimer - Version 3.2.4.1 Folder = C:\Users\Stephen\Desktop
Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18904)
Locale: 00000809 | Country: United Kingdom | Language: ENG | Date Format: dd/MM/yyyy

3.00 Gb Total Physical Memory | 2.00 Gb Available Physical Memory | 67.00% Memory free
7.00 Gb Paging File | 6.00 Gb Available in Paging File | 83.00% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 450.68 Gb Total Space | 308.56 Gb Free Space | 68.46% Space Free | Partition Type: NTFS
Drive D: | 15.00 Gb Total Space | 9.42 Gb Free Space | 62.78% Space Free | Partition Type: NTFS
E: Drive not present or media not loaded
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded

Computer Name: HOME-PC
Current User Name: Stephen
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: All users
Company Name Whitelist: Off
Skip Microsoft Files: Off
File Age = 30 Days
Output = Standard

========== Processes (SafeList) ==========

PRC - [2010/05/04 19:24:59 | 000,570,880 | ---- | M] (OldTimer Tools) -- C:\Users\Stephen\Desktop\OTL.exe
PRC - [2010/04/26 19:46:22 | 002,064,736 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG9\avgtray.exe
PRC - [2010/04/26 19:46:21 | 000,620,896 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG9\avgnsx.exe
PRC - [2010/04/26 19:45:52 | 001,101,152 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG9\avgchsvx.exe
PRC - [2010/03/12 10:04:06 | 000,508,184 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG9\avgrsx.exe
PRC - [2010/03/12 10:04:04 | 000,308,064 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG9\avgwdsvc.exe
PRC - [2010/03/12 10:03:43 | 000,710,424 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG9\avgcsrvx.exe
PRC - [2009/11/22 16:44:16 | 002,384,240 | ---- | M] (Check Point Software Technologies LTD) -- C:\Windows\System32\ZoneLabs\vsmon.exe
PRC - [2009/11/22 16:42:50 | 001,037,192 | ---- | M] (Check Point Software Technologies LTD) -- C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
PRC - [2009/10/16 21:07:56 | 000,908,280 | ---- | M] (Mozilla Corporation) -- C:\Program Files\Mozilla Firefox\firefox.exe
PRC - [2009/10/14 14:30:26 | 000,476,528 | ---- | M] (Check Point Software Technologies) -- C:\Program Files\CheckPoint\ZAForceField\ISWSVC.exe
PRC - [2009/10/14 14:30:06 | 000,730,480 | ---- | M] (Check Point Software Technologies) -- C:\Program Files\CheckPoint\ZAForceField\ForceField.exe
PRC - [2009/06/03 13:46:38 | 000,206,064 | ---- | M] (SupportSoft, Inc.) -- C:\Program Files\Dell Support Center\bin\sprtcmd.exe
PRC - [2009/06/03 13:46:38 | 000,201,968 | ---- | M] (SupportSoft, Inc.) -- C:\Program Files\Dell Support Center\bin\sprtsvc.exe
PRC - [2009/05/19 12:36:18 | 000,240,512 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
PRC - [2009/04/30 12:23:26 | 000,090,112 | ---- | M] () -- C:\Program Files\Sony Ericsson\Sony Ericsson PC Suite\SupServ.exe
PRC - [2009/04/28 06:50:10 | 017,145,856 | ---- | M] (VIA) -- C:\Program Files\VIA\VIAudioi\VDeck\VDeck.exe
PRC - [2009/04/11 07:28:15 | 000,117,248 | ---- | M] () -- \\?\C:\Windows\System32\wbem\WMIADAP.EXE
PRC - [2009/04/11 07:27:36 | 002,926,592 | ---- | M] (Microsoft Corporation) -- C:\Windows\explorer.exe
PRC - [2009/04/11 07:27:20 | 000,088,576 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\audiodg.exe
PRC - [2009/02/04 20:26:38 | 000,128,232 | ---- | M] (CyberLink Corp.) -- C:\Program Files\CyberLink\PowerDVD DX\PDVDDXSrv.exe
PRC - [2008/12/18 13:05:28 | 000,155,648 | ---- | M] (Stardock Corporation) -- C:\Program Files\Dell\DellDock\DockLogin.exe
PRC - [2004/01/26 11:38:38 | 000,866,816 | ---- | M] (THOMSON Telecom Belgium) -- C:\Program Files\Thomson\SpeedTouch USB\dragdiag.exe


========== Modules (SafeList) ==========

MOD - [2010/05/04 19:24:59 | 000,570,880 | ---- | M] (OldTimer Tools) -- C:\Users\Stephen\Desktop\OTL.exe
MOD - [2009/12/15 14:41:05 | 000,632,656 | ---- | M] (Microsoft Corporation) -- C:\Windows\winsxs\x86_microsoft.vc80.crt_1fc8b3b9a1e18e3b_8.0.50727.4053_none_d08d7da0442a985d\msvcr80.dll
MOD - [2009/12/15 14:41:05 | 000,554,832 | ---- | M] (Microsoft Corporation) -- C:\Windows\winsxs\x86_microsoft.vc80.crt_1fc8b3b9a1e18e3b_8.0.50727.4053_none_d08d7da0442a985d\msvcp80.dll
MOD - [2009/10/14 14:30:36 | 000,628,080 | ---- | M] (Check Point Software Technologies) -- C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll
MOD - [2009/04/11 07:21:38 | 001,686,016 | ---- | M] (Microsoft Corporation) -- C:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.6002.18005_none_5cb72f96088b0de0\comctl32.dll
MOD - [2008/01/21 03:24:37 | 000,110,592 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\msscript.ocx


========== Win32 Services (SafeList) ==========

SRV - File not found [Auto | Stopped] -- -- (SessionLauncher)
SRV - [2010/03/12 10:04:04 | 000,308,064 | ---- | M] (AVG Technologies CZ, s.r.o.) [Auto | Running] -- C:\Program Files\AVG\AVG9\avgwdsvc.exe -- (avg9wd)
SRV - [2009/12/17 17:37:52 | 000,067,360 | ---- | M] (NOS Microsystems Ltd.) [On_Demand | Stopped] -- C:\Program Files\NOS\bin\getPlus_Helper.dll -- (getPlusHelper) getPlus®
SRV - [2009/11/22 16:44:16 | 002,384,240 | ---- | M] (Check Point Software Technologies LTD) [Auto | Running] -- C:\Windows\System32\ZoneLabs\vsmon.exe -- (vsmon)
SRV - [2009/10/14 14:30:26 | 000,476,528 | ---- | M] (Check Point Software Technologies) [Auto | Running] -- C:\Program Files\CheckPoint\ZAForceField\IswSvc.exe -- (IswSvc)
SRV - [2009/09/25 02:27:04 | 000,793,088 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\FntCache.dll -- (FontCache)
SRV - [2009/08/05 14:47:46 | 000,016,680 | ---- | M] (Citrix Online, a division of Citrix Systems, Inc.) [On_Demand | Stopped] -- C:\Program Files\Citrix\GoToAssist\514\g2aservice.exe -- (GoToAssist)
SRV - [2009/06/03 13:46:38 | 000,201,968 | ---- | M] (SupportSoft, Inc.) [Auto | Running] -- C:\Program Files\Dell Support Center\bin\sprtsvc.exe -- (sprtsvc_DellSupportCenter) SupportSoft Sprocket Service (DellSupportCenter)
SRV - [2009/05/19 12:36:18 | 000,240,512 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe -- (SeaPort)
SRV - [2009/04/30 12:23:26 | 000,090,112 | ---- | M] () [Auto | Running] -- C:\Program Files\Sony Ericsson\Sony Ericsson PC Suite\SupServ.exe -- (OMSI download service)
SRV - [2008/12/18 13:05:28 | 000,155,648 | ---- | M] (Stardock Corporation) [Auto | Running] -- C:\Program Files\Dell\DellDock\DockLogin.exe -- (DockLoginService)
SRV - [2008/05/14 09:32:18 | 000,309,744 | ---- | M] (Sonic Solutions) [Auto | Stopped] -- C:\Program Files\Common Files\Roxio Shared\10.0\SharedCOM\RoxLiveShare10.exe -- (RoxLiveShare10)
SRV - [2008/05/14 09:32:10 | 000,166,384 | ---- | M] (Sonic Solutions) [Auto | Stopped] -- C:\Program Files\Common Files\Roxio Shared\10.0\SharedCOM\RoxWatch10.exe -- (RoxWatch10)
SRV - [2008/05/14 09:31:38 | 001,120,752 | ---- | M] (Sonic Solutions) [On_Demand | Stopped] -- C:\Program Files\Common Files\Roxio Shared\10.0\SharedCOM\RoxMediaDB10.exe -- (RoxMediaDB10)
SRV - [2008/01/21 03:23:32 | 000,272,952 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)


========== Driver Services (SafeList) ==========

DRV - [2010/04/26 19:46:21 | 000,242,896 | ---- | M] (AVG Technologies CZ, s.r.o.) [Kernel | System | Running] -- C:\Windows\System32\Drivers\avgtdix.sys -- (AvgTdiX)
DRV - [2010/03/12 10:04:05 | 000,029,512 | ---- | M] (AVG Technologies CZ, s.r.o.) [File_System | System | Running] -- C:\Windows\System32\Drivers\avgmfx86.sys -- (AvgMfx86)
DRV - [2010/03/12 10:03:43 | 000,216,200 | ---- | M] (AVG Technologies CZ, s.r.o.) [Kernel | System | Running] -- C:\Windows\System32\Drivers\avgldx86.sys -- (AvgLdx86)
DRV - [2010/03/04 14:50:14 | 000,261,152 | ---- | M] (Realtek ) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\Rtlh86.sys -- (RTL8169)
DRV - [2010/02/17 11:25:50 | 000,012,872 | ---- | M] (SUPERAdBlocker.com and SUPERAntiSpyware.com) [Kernel | System | Running] -- C:\Program Files\SUPERAntiSpyware\sasdifsv.sys -- (SASDIFSV)
DRV - [2010/02/17 11:15:58 | 000,066,632 | ---- | M] (SUPERAdBlocker.com and SUPERAntiSpyware.com) [Kernel | System | Running] -- C:\Program Files\SUPERAntiSpyware\SASKUTIL.SYS -- (SASKUTIL)
DRV - [2010/02/17 11:15:58 | 000,012,872 | R--- | M] ( SUPERAdBlocker.com and SUPERAntiSpyware.com) [Kernel | On_Demand | Stopped] -- C:\Program Files\SUPERAntiSpyware\SASENUM.SYS -- (SASENUM)
DRV - [2009/12/24 11:49:54 | 000,271,360 | ---- | M] () [Kernel | Auto | Running] -- C:\Windows\System32\drivers\atksgt.sys -- (atksgt)
DRV - [2009/12/24 11:49:54 | 000,018,048 | ---- | M] () [Kernel | Auto | Running] -- C:\Windows\System32\drivers\lirsgt.sys -- (lirsgt)
DRV - [2009/11/22 16:44:20 | 000,446,664 | ---- | M] (Check Point Software Technologies LTD) [Kernel | System | Running] -- C:\Windows\System32\drivers\vsdatant.sys -- (Vsdatant)
DRV - [2009/10/29 20:49:30 | 000,024,576 | ---- | M] (Exent Technologies Ltd.) [Kernel | Auto | Running] -- C:\Program Files\GameTap Web Player\bin\release\X4HSX32.sys -- (X4HSX32)
DRV - [2009/10/21 14:59:17 | 000,030,464 | ---- | M] (THOMSON Telecom Belgium) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\st330.sys -- (ST330)
DRV - [2009/10/21 14:59:17 | 000,012,672 | ---- | M] (THOMSON Telecom Belgium) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\stbus.sys -- (STBUS)
DRV - [2009/10/14 14:30:02 | 000,025,208 | ---- | M] (Check Point Software Technologies) [Kernel | Auto | Running] -- C:\Program Files\CheckPoint\ZAForceField\ISWKL.sys -- (ISWKL)
DRV - [2009/05/26 14:58:20 | 004,385,280 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\atikmdag.sys -- (R300)
DRV - [2009/05/26 14:58:20 | 004,385,280 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\atikmdag.sys -- (atikmdag)
DRV - [2009/04/28 19:24:58 | 001,009,152 | ---- | M] (VIA Technologies, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\viahduaa.sys -- (VIAHdAudAddService)
DRV - [2009/02/12 10:23:18 | 000,058,536 | ---- | M] (Sony Ericsson) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\SE1008mdm.sys -- (SE1008mdm)
DRV - [2009/02/04 20:26:38 | 000,087,536 | ---- | M] (CyberLink Corp.) [2009/08/05 15:57:48] [Kernel | Auto | Running] -- C:\Program Files\CyberLink\PowerDVD DX\000.fcl -- ({1E444BE9-B8EC-4ce6-8C2B-6536FB7F4FB7})
DRV - [2009/01/13 12:12:14 | 000,184,848 | ---- | M] (Advanced Micro Devices, Inc) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\ahcix86s.sys -- (ahcix86s)
DRV - [2008/10/09 16:42:42 | 000,017,408 | ---- | M] (Windows ® Codename Longhorn DDK provider) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\KMWDFILTER.sys -- (KMWDFILTER)
DRV - [2008/01/21 03:23:27 | 000,386,616 | ---- | M] (LSI Corporation, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\megasr.sys -- (MegaSR)
DRV - [2008/01/21 03:23:27 | 000,149,560 | ---- | M] (Adaptec, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\adpu320.sys -- (adpu320)
DRV - [2008/01/21 03:23:27 | 000,031,288 | ---- | M] (LSI Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\megasas.sys -- (megasas)
DRV - [2008/01/21 03:23:26 | 000,101,432 | ---- | M] (Adaptec, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\adpu160m.sys -- (adpu160m)
DRV - [2008/01/21 03:23:26 | 000,074,808 | ---- | M] (Silicon Integrated Systems) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\sisraid4.sys -- (SiSRaid4)
DRV - [2008/01/21 03:23:26 | 000,040,504 | ---- | M] (Hewlett-Packard Company) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\hpcisss.sys -- (HpCISSs)
DRV - [2008/01/21 03:23:25 | 000,300,600 | ---- | M] (Adaptec, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\adpahci.sys -- (adpahci)
DRV - [2008/01/21 03:23:25 | 000,220,672 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\e1e6032.sys -- (e1express) Intel®
DRV - [2008/01/21 03:23:25 | 000,089,656 | ---- | M] (LSI Logic) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\lsi_sas.sys -- (LSI_SAS)
DRV - [2008/01/21 03:23:24 | 001,122,360 | ---- | M] (QLogic Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\ql2300.sys -- (ql2300)
DRV - [2008/01/21 03:23:24 | 000,118,784 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\E1G60I32.sys -- (E1G60) Intel®
DRV - [2008/01/21 03:23:24 | 000,079,928 | ---- | M] (Adaptec, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\arcsas.sys -- (arcsas)
DRV - [2008/01/21 03:23:23 | 000,235,064 | ---- | M] (Intel Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\iastorv.sys -- (iaStorV)
DRV - [2008/01/21 03:23:23 | 000,130,616 | ---- | M] (VIA Technologies Inc.,Ltd) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\vsmraid.sys -- (vsmraid)
DRV - [2008/01/21 03:23:23 | 000,115,816 | ---- | M] (Promise Technology, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\ulsata2.sys -- (ulsata2)
DRV - [2008/01/21 03:23:23 | 000,096,312 | ---- | M] (LSI Logic) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\lsi_scsi.sys -- (LSI_SCSI)
DRV - [2008/01/21 03:23:23 | 000,096,312 | ---- | M] (LSI Logic) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\lsi_fc.sys -- (LSI_FC)
DRV - [2008/01/21 03:23:23 | 000,079,416 | ---- | M] (Adaptec, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\arc.sys -- (arc)
DRV - [2008/01/21 03:23:22 | 000,342,584 | ---- | M] (Emulex) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\elxstor.sys -- (elxstor)
DRV - [2008/01/21 03:23:21 | 000,422,968 | ---- | M] (Adaptec, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\adp94xx.sys -- (adp94xx)
DRV - [2008/01/21 03:23:21 | 000,102,968 | ---- | M] (NVIDIA Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\nvraid.sys -- (nvraid)
DRV - [2008/01/21 03:23:21 | 000,045,112 | ---- | M] (NVIDIA Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\nvstor.sys -- (nvstor)
DRV - [2008/01/21 03:23:20 | 000,238,648 | ---- | M] (ULi Electronics Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\uliahci.sys -- (uliahci)
DRV - [2008/01/21 03:23:00 | 000,020,024 | ---- | M] (VIA Technologies, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\viaide.sys -- (viaide)
DRV - [2008/01/21 03:23:00 | 000,019,000 | ---- | M] (CMD Technology, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\cmdide.sys -- (cmdide)
DRV - [2008/01/21 03:23:00 | 000,017,464 | ---- | M] (Acer Laboratories Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\aliide.sys -- (aliide)
DRV - [2006/11/02 10:50:35 | 000,106,088 | ---- | M] (QLogic Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\ql40xx.sys -- (ql40xx)
DRV - [2006/11/02 10:50:35 | 000,098,408 | ---- | M] (Promise Technology, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\ulsata.sys -- (UlSata)
DRV - [2006/11/02 10:50:19 | 000,045,160 | ---- | M] (IBM Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\nfrd960.sys -- (nfrd960)
DRV - [2006/11/02 10:50:17 | 000,041,576 | ---- | M] (Intel Corp./ICP vortex GmbH) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\iirsp.sys -- (iirsp)
DRV - [2006/11/02 10:50:11 | 000,071,272 | ---- | M] (Adaptec, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\djsvs.sys -- (aic78xx)
DRV - [2006/11/02 10:50:09 | 000,035,944 | ---- | M] (Integrated Technology Express, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\iteraid.sys -- (iteraid)
DRV - [2006/11/02 10:50:07 | 000,035,944 | ---- | M] (Integrated Technology Express, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\iteatapi.sys -- (iteatapi)
DRV - [2006/11/02 10:50:05 | 000,035,944 | ---- | M] (LSI Logic) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\symc8xx.sys -- (Symc8xx)
DRV - [2006/11/02 10:50:03 | 000,034,920 | ---- | M] (LSI Logic) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\sym_u3.sys -- (Sym_u3)
DRV - [2006/11/02 10:49:59 | 000,033,384 | ---- | M] (LSI Logic Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\mraid35x.sys -- (Mraid35x)
DRV - [2006/11/02 10:49:56 | 000,031,848 | ---- | M] (LSI Logic) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\sym_hi.sys -- (Sym_hi)
DRV - [2006/11/02 09:25:24 | 000,071,808 | ---- | M] (Brother Industries Ltd.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\brserid.sys -- (Brserid) Brother MFC Serial Port Interface Driver (WDM)
DRV - [2006/11/02 09:24:47 | 000,011,904 | ---- | M] (Brother Industries Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\drivers\brusbser.sys -- (BrUsbSer)
DRV - [2006/11/02 09:24:46 | 000,005,248 | ---- | M] (Brother Industries, Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\drivers\brfiltup.sys -- (BrFiltUp)
DRV - [2006/11/02 09:24:45 | 000,013,568 | ---- | M] (Brother Industries, Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\drivers\brfiltlo.sys -- (BrFiltLo)
DRV - [2006/11/02 09:24:44 | 000,062,336 | ---- | M] (Brother Industries Ltd.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\brserwdm.sys -- (BrSerWdm)
DRV - [2006/11/02 09:24:44 | 000,012,160 | ---- | M] (Brother Industries Ltd.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\brusbmdm.sys -- (BrUsbMdm)
DRV - [2006/11/02 08:36:50 | 000,020,608 | ---- | M] (N-trig Innovative Technologies) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\ntrigdigi.sys -- (ntrigdigi)
DRV - [2003/12/08 12:53:02 | 000,070,688 | ---- | M] (THOMSON) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\alcaudsl.sys -- (alcaudsl)
DRV - [2003/12/08 11:53:48 | 000,053,600 | ---- | M] (THOMSON) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\alcan5wn.sys -- (alcan5wn) SpeedTouch USB ADSL PPP Networking Driver (NDISWAN)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://g.uk.msn.com/USCON/2


IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0



IE - HKU\S-1-5-21-3036995302-1807666143-3651402527-1002\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://g.uk.msn.com/USCON/2
IE - HKU\S-1-5-21-3036995302-1807666143-3651402527-1002\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://g.uk.msn.com/USCON/2
IE - HKU\S-1-5-21-3036995302-1807666143-3651402527-1002\..\URLSearchHook: {A3BC75A2-1F87-4686-AA43-5347D756017C} - C:\Program Files\AVG\AVG9\Toolbar\IEToolbar.dll ()
IE - HKU\S-1-5-21-3036995302-1807666143-3651402527-1002\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

========== FireFox ==========

FF - prefs.js..browser.search.defaultenginename: "Yahoo! Search"
FF - prefs.js..browser.search.defaulturl: "http://search.live.com/results.aspx?FORM=DLCDF7&PC=MDDC&q="
FF - prefs.js..browser.search.selectedEngine: "Yahoo! Search"
FF - prefs.js..browser.search.useDBForOrder: true
FF - prefs.js..extensions.enabledItems: {3f963a5b-e555-4543-90e2-c3908898db71}:9.0.0.783
FF - prefs.js..extensions.enabledItems: avg@igeared:4.002.023.004
FF - prefs.js..extensions.enabledItems: {d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}:1.2
FF - prefs.js..extensions.enabledItems: {e001c731-5e37-4538-a5cb-8168736a2360}:0.9.9.19
FF - prefs.js..extensions.enabledItems: en-GB@dictionaries.addons.mozilla.org:1.19
FF - prefs.js..extensions.enabledItems: {b1df372d-8b32-4c7d-b6b4-9c5b78cf6fb1}:0.87
FF - prefs.js..extensions.enabledItems: flashkiller@joli.clic:1.2.1
FF - prefs.js..extensions.enabledItems: {3d7eb24f-2740-49df-8937-200b1cc08f8a}:1.5.13
FF - prefs.js..extensions.enabledItems: multilinks@plugin:2.0.0.17
FF - prefs.js..extensions.enabledItems: {51a291a4-e036-40f4-924c-b0c888fca6e8}:2.3b
FF - prefs.js..extensions.enabledItems: {FFB96CC1-7EB3-449D-B827-DB661701C6BB}:1.5.53.4
FF - prefs.js..keyword.URL: "http://uk.yhs.search.yahoo.com/avg/search?fr=yhs-avg&type=yahoo_avg_hs2-tb-web_uk&p="

FF - HKLM\software\mozilla\Firefox\Extensions\\{3f963a5b-e555-4543-90e2-c3908898db71}: C:\Program Files\AVG\AVG9\Firefox [2010/04/26 19:45:31 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Firefox\Extensions\\avg@igeared: C:\Program Files\AVG\AVG9\Toolbar\Firefox\avg@igeared [2010/04/26 19:10:12 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Firefox\Extensions\\{FFB96CC1-7EB3-449D-B827-DB661701C6BB}: C:\Program Files\CheckPoint\ZAForceField\TrustChecker [2010/02/16 19:04:01 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.5.4\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2010/05/01 20:18:23 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.5.4\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2010/05/01 20:18:23 | 000,000,000 | ---D | M]

[2010/03/04 21:01:36 | 000,000,000 | ---D | M] -- C:\Users\Stephen\AppData\Roaming\mozilla\Extensions
[2010/05/04 07:05:12 | 000,000,000 | ---D | M] -- C:\Users\Stephen\AppData\Roaming\mozilla\Firefox\Profiles\fcoyx5nj.default\extensions
[2010/04/30 20:12:45 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Users\Stephen\AppData\Roaming\mozilla\Firefox\Profiles\fcoyx5nj.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}
[2010/04/27 08:53:04 | 000,000,000 | ---D | M] (Flashblock) -- C:\Users\Stephen\AppData\Roaming\mozilla\Firefox\Profiles\fcoyx5nj.default\extensions\{3d7eb24f-2740-49df-8937-200b1cc08f8a}
[2010/05/04 05:30:53 | 000,000,000 | ---D | M] (Supermode for utopia.lv) -- C:\Users\Stephen\AppData\Roaming\mozilla\Firefox\Profiles\fcoyx5nj.default\extensions\{51a291a4-e036-40f4-924c-b0c888fca6e8}
[2010/04/04 18:20:56 | 000,000,000 | ---D | M] (IE Tab) -- C:\Users\Stephen\AppData\Roaming\mozilla\Firefox\Profiles\fcoyx5nj.default\extensions\{77b819fa-95ad-4f2c-ac7c-486b356188a9}
[2010/04/30 20:12:43 | 000,000,000 | ---D | M] (FirefoxAdKiller) -- C:\Users\Stephen\AppData\Roaming\mozilla\Firefox\Profiles\fcoyx5nj.default\extensions\{b1df372d-8b32-4c7d-b6b4-9c5b78cf6fb1}
[2010/04/30 20:12:44 | 000,000,000 | ---D | M] (Adblock Plus) -- C:\Users\Stephen\AppData\Roaming\mozilla\Firefox\Profiles\fcoyx5nj.default\extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}
[2010/04/30 20:12:45 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Stephen\AppData\Roaming\mozilla\Firefox\Profiles\fcoyx5nj.default\extensions\{e001c731-5e37-4538-a5cb-8168736a2360}
[2010/03/06 14:18:57 | 000,000,000 | ---D | M] -- C:\Users\Stephen\AppData\Roaming\mozilla\Firefox\Profiles\fcoyx5nj.default\extensions\en-GB@dictionaries.addons.mozilla.org
[2010/04/29 05:59:57 | 000,000,000 | ---D | M] -- C:\Users\Stephen\AppData\Roaming\mozilla\Firefox\Profiles\fcoyx5nj.default\extensions\flashkiller@joli.clic
[2010/05/01 20:25:05 | 000,000,000 | ---D | M] -- C:\Users\Stephen\AppData\Roaming\mozilla\Firefox\Profiles\fcoyx5nj.default\extensions\multilinks@plugin
[2010/03/04 21:25:38 | 000,001,863 | ---- | M] () -- C:\Users\Stephen\AppData\Roaming\Mozilla\FireFox\Profiles\fcoyx5nj.default\searchplugins\live-search.xml
[2010/05/01 20:18:23 | 000,000,000 | ---D | M] -- C:\Program Files\Mozilla Firefox\extensions

O1 HOSTS File: ([2006/09/18 22:41:30 | 000,000,761 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O1 - Hosts: ::1 localhost
O2 - BHO: (AVG Safe Search) - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG9\avgssie.dll (AVG Technologies CZ, s.r.o.)
O2 - BHO: (Search Helper) - {6EBF7485-159F-4bff-A14F-B9E3AAC4465B} - C:\Program Files\Microsoft\Search Enhancement Pack\Search Helper\SEPsearchhelperie.dll (Microsoft Corporation)
O2 - BHO: (ZoneAlarm Toolbar Registrar) - {8A4A36C2-0535-4D2C-BD3D-496CB7EED6E3} - C:\Program Files\CheckPoint\ZAForceField\Trustchecker\bin\TrustCheckerIEPlugin.dll (Check Point Software Technologies)
O2 - BHO: (Windows Live Toolbar Helper) - {E15A8DC0-8516-42A1-81EA-DC94EC1ACF10} - C:\Program Files\Windows Live\Toolbar\wltcore.dll (Microsoft Corporation)
O3 - HKLM\..\Toolbar: (&Windows Live Toolbar) - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - C:\Program Files\Windows Live\Toolbar\wltcore.dll (Microsoft Corporation)
O3 - HKLM\..\Toolbar: (AVG Security Toolbar) - {CCC7A320-B3CA-4199-B1A6-9F516DD69829} - C:\Program Files\AVG\AVG9\Toolbar\IEToolbar.dll ()
O3 - HKLM\..\Toolbar: (ZoneAlarm Toolbar) - {EE2AC4E5-B0B0-4EC6-88A9-BCA1A32AB107} - C:\Program Files\CheckPoint\ZAForceField\Trustchecker\bin\TrustCheckerIEPlugin.dll (Check Point Software Technologies)
O3 - HKU\S-1-5-21-3036995302-1807666143-3651402527-1002\..\Toolbar\WebBrowser: (&Windows Live Toolbar) - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - C:\Program Files\Windows Live\Toolbar\wltcore.dll (Microsoft Corporation)
O3 - HKU\S-1-5-21-3036995302-1807666143-3651402527-1002\..\Toolbar\WebBrowser: (AVG Security Toolbar) - {CCC7A320-B3CA-4199-B1A6-9F516DD69829} - C:\Program Files\AVG\AVG9\Toolbar\IEToolbar.dll ()
O3 - HKU\S-1-5-21-3036995302-1807666143-3651402527-1002\..\Toolbar\WebBrowser: (ZoneAlarm Toolbar) - {EE2AC4E5-B0B0-4EC6-88A9-BCA1A32AB107} - C:\Program Files\CheckPoint\ZAForceField\Trustchecker\bin\TrustCheckerIEPlugin.dll (Check Point Software Technologies)
O4 - HKLM..\Run: [] File not found
O4 - HKLM..\Run: [AVG9_TRAY] C:\Program Files\AVG\AVG9\avgtray.exe (AVG Technologies CZ, s.r.o.)
O4 - HKLM..\Run: [dellsupportcenter] C:\Program Files\Dell Support Center\bin\sprtcmd.exe (SupportSoft, Inc.)
O4 - HKLM..\Run: [HDAudDeck] C:\Program Files\VIA\VIAudioi\VDeck\VDeck.exe (VIA)
O4 - HKLM..\Run: [ISW] C:\Program Files\CheckPoint\ZAForceField\ForceField.exe (Check Point Software Technologies)
O4 - HKLM..\Run: [Malwarebytes Anti-Malware (reboot)] C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe (Malwarebytes Corporation)
O4 - HKLM..\Run: [Microsoft Default Manager] C:\Program Files\Microsoft\Search Enhancement Pack\Default Manager\DefMgr.exe (Microsoft Corporation)
O4 - HKLM..\Run: [PDVDDXSrv] C:\Program Files\CyberLink\PowerDVD DX\PDVDDXSrv.exe (CyberLink Corp.)
O4 - HKLM..\Run: [SpeedTouch USB Diagnostics] C:\Program Files\Thomson\SpeedTouch USB\Dragdiag.exe (THOMSON Telecom Belgium)
O4 - HKLM..\Run: [StartCCC] C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe (Advanced Micro Devices, Inc.)
O4 - HKLM..\Run: [Windows Defender] C:\Program Files\Windows Defender\MSASCui.exe (Microsoft Corporation)
O4 - HKLM..\Run: [ZoneAlarm Client] C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe (Check Point Software Technologies LTD)
O4 - HKU\S-1-5-19..\Run: [WindowsWelcomeCenter] C:\Windows\System32\oobefldr.dll (Microsoft Corporation)
O4 - HKU\S-1-5-20..\Run: [WindowsWelcomeCenter] C:\Windows\System32\oobefldr.dll (Microsoft Corporation)
O4 - Startup: C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dell Dock First Run.lnk = C:\Program Files\Dell\DellDock\DellDock.exe (Stardock Corporation)
O4 - Startup: C:\Users\Default User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dell Dock First Run.lnk = C:\Program Files\Dell\DellDock\DellDock.exe (Stardock Corporation)
O7 - HKU\S-1-5-21-3036995302-1807666143-3651402527-1002\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O9 - Extra Button: Blog This - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : &Blog This in Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll (Microsoft Corporation)
O9 - Extra Button: PalTalk - {4EAFEF58-EEFA-4116-983D-03B49BCBFFFE} - C:\Program Files\Paltalk Messenger\paltalk.exe (AVM Software Inc.)
O13 - gopher Prefix: missing
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Java Plug-in 1.6.0_16)
O16 - DPF: {C8AEB218-8B7A-4E15-AC17-0EE8D99B80EB} http://archives.gametap.com/static/cab_hea...pWebUpdater.cab (GameTap Web Updater)
O16 - DPF: {CAFEEFAC-0016-0000-0016-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Java Plug-in 1.6.0_16)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Java Plug-in 1.6.0_16)
O18 - Protocol\Handler\linkscanner {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG9\avgpp.dll (AVG Technologies CZ, s.r.o.)
O18 - Protocol\Handler\wlmailhtml {03C514A3-1EFB-4856-9F99-10D7BE1653C0} - C:\Program Files\Windows Live\Mail\mailcomm.dll (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20 - Winlogon\Notify\!SASWinLogon: DllName - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll (SUPERAntiSpyware.com)
O20 - Winlogon\Notify\GoToAssist: DllName - C:\Program Files\Citrix\GoToAssist\514\G2AWinLogon.dll - C:\Program Files\Citrix\GoToAssist\514\g2awinlogon.dll (Citrix Online, a division of Citrix Systems, Inc.)
O24 - Desktop WallPaper: C:\Windows\Web\Wallpaper\img19.jpg
O24 - Desktop BackupWallPaper: C:\Windows\Web\Wallpaper\img19.jpg
O28 - HKLM ShellExecuteHooks: {5AE067D3-9AFB-48E0-853A-EBB7F4A000DA} - C:\Program Files\SUPERAntiSpyware\SASSEH.DLL (SuperAdBlocker.com)
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2006/09/18 22:43:36 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

========== Files/Folders - Created Within 30 Days ==========

[2010/05/04 19:24:53 | 000,570,880 | ---- | C] (OldTimer Tools) -- C:\Users\Stephen\Desktop\OTL.exe
[2010/04/30 22:08:10 | 000,000,000 | ---D | C] -- C:\ProgramData\WindowsSearch
[2010/04/28 05:35:33 | 000,000,000 | ---D | C] -- C:\Users\Stephen\AppData\Local\Adobe
[2010/04/27 17:33:45 | 000,000,000 | ---D | C] -- C:\Users\Stephen\AppData\Local\avG
[2010/04/27 17:33:45 | 000,000,000 | ---D | C] -- C:\ProgramData\avG
[2010/04/26 22:14:30 | 000,000,000 | ---D | C] -- C:\ProgramData\SUPERAntiSpyware.com
[2010/04/26 22:14:21 | 000,000,000 | ---D | C] -- C:\Users\Stephen\AppData\Roaming\SUPERAntiSpyware.com
[2010/04/26 22:14:21 | 000,000,000 | ---D | C] -- C:\Program Files\SUPERAntiSpyware
[2010/04/26 22:13:20 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Wise Installation Wizard
[2010/04/26 19:55:14 | 003,600,776 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ntkrnlpa.exe
[2010/04/26 19:55:14 | 003,548,040 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ntoskrnl.exe
[2010/04/26 19:55:06 | 000,420,352 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\vbscript.dll
[2010/04/26 19:54:47 | 000,611,840 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mstime.dll
[2010/04/26 19:54:47 | 000,594,432 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msfeeds.dll
[2010/04/26 19:54:47 | 000,387,584 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iedkcs32.dll
[2010/04/26 19:54:46 | 001,469,440 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\inetcpl.cpl
[2010/04/26 19:54:46 | 000,164,352 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieui.dll
[2010/04/26 19:54:45 | 000,184,320 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iepeers.dll
[2010/04/26 19:54:45 | 000,133,632 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieUnatt.exe
[2010/04/26 19:54:45 | 000,055,296 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msfeedsbs.dll
[2010/04/26 19:54:44 | 000,173,056 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ie4uinit.exe
[2010/04/26 19:54:44 | 000,109,056 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iesysprep.dll
[2010/04/26 19:54:44 | 000,071,680 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iesetup.dll
[2010/04/26 19:54:44 | 000,025,600 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\jsproxy.dll
[2010/04/26 19:54:44 | 000,013,312 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msfeedssync.exe
[2010/04/26 19:54:43 | 001,638,912 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mshtml.tlb
[2010/04/26 19:54:43 | 000,055,808 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iernonce.dll
[2010/04/26 19:54:34 | 000,220,672 | ---- | C] (Fraunhofer Institut Integrierte Schaltungen IIS) -- C:\Windows\System32\l3codecp.acm
[2010/04/26 19:54:34 | 000,062,464 | ---- | C] (Fraunhofer Institut Integrierte Schaltungen IIS) -- C:\Windows\System32\l3codeca.acm
[2010/04/26 19:26:20 | 000,038,224 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbamswissarmy.sys
[2010/04/26 19:26:17 | 000,020,952 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbam.sys
[2010/04/26 19:23:12 | 005,918,776 | ---- | C] (Malwarebytes Corporation ) -- C:\Users\Stephen\Desktop\mbam-setup-1.45.exe
[2010/04/25 23:39:32 | 000,000,000 | -HSD | C] -- C:\Users\Stephen\AppData\Roaming\lowsec
[2010/04/23 21:53:58 | 000,000,000 | ---D | C] -- C:\Windows\pss
[2010/04/23 21:47:34 | 000,000,000 | ---D | C] -- C:\Users\Stephen\AppData\Local\ElevatedDiagnostics
[2010/04/23 21:44:26 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft ATS
[2010/04/23 18:50:35 | 000,000,000 | ---D | C] -- C:\Program Files\Trend Micro
[2010/04/23 18:50:09 | 000,000,000 | ---D | C] -- C:\Users\Stephen\AppData\Roaming\InstallShield
[2010/04/22 06:06:05 | 000,000,000 | ---D | C] -- C:\Users\Stephen\AppData\Local\VirtualStore
[2010/04/21 11:24:47 | 000,000,000 | ---D | C] -- C:\Users\Stephen\AppData\Roaming\7C077197D6697FF7B785855D0641E404
[2010/04/20 06:48:18 | 000,000,000 | ---D | C] -- C:\Users\Stephen\AppData\Local\AVG Security Toolbar
[2010/04/20 06:46:22 | 000,012,464 | ---- | C] (AVG Technologies CZ, s.r.o.) -- C:\Windows\System32\avgrsstx(447).dll
[2010/04/20 06:46:09 | 000,000,000 | ---D | C] -- C:\ProgramData\AVG Security Toolbar(125)
[2010/04/14 22:06:10 | 000,000,000 | ---D | C] -- C:\Users\Stephen\Documents\Bluetooth
[2010/04/14 21:56:11 | 000,000,000 | ---D | C] -- C:\Program Files\PC Connectivity Solution
[2010/04/14 21:56:05 | 000,000,000 | ---D | C] -- C:\ProgramData\Installations
[2010/04/14 21:41:28 | 000,000,000 | ---D | C] -- C:\x64
[2010/04/14 21:41:19 | 000,000,000 | ---D | C] -- C:\x32
[2010/04/14 21:39:20 | 000,000,000 | ---D | C] -- C:\Users\Stephen\AppData\Roaming\WinBatch
[2010/04/13 23:24:19 | 000,172,032 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wintrust(516).dll
[2010/04/13 13:38:52 | 000,000,000 | ---D | C] -- C:\Users\Stephen\AppData\Roaming\QuickScan
[2010/04/05 18:13:30 | 000,000,000 | ---D | C] -- C:\Users\Stephen\AppData\Roaming\OpenOffice.org

========== Files - Modified Within 30 Days ==========

[2010/05/04 19:25:15 | 001,835,008 | -HS- | M] () -- C:\Users\Stephen\ntuser.dat
[2010/05/04 19:24:59 | 000,570,880 | ---- | M] (OldTimer Tools) -- C:\Users\Stephen\Desktop\OTL.exe
[2010/05/04 19:21:09 | 000,000,878 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2010/05/04 19:20:59 | 000,000,006 | -H-- | M] () -- C:\Windows\tasks\SA.DAT
[2010/05/04 19:20:57 | 000,003,616 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
[2010/05/04 19:20:57 | 000,003,616 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
[2010/05/04 19:20:54 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2010/05/04 19:20:49 | 3488,735,232 | -HS- | M] () -- C:\hiberfil.sys
[2010/05/04 18:37:29 | 000,524,288 | -HS- | M] () -- C:\Users\Stephen\NTUSER.DAT{3a539871-6a70-11db-887c-d362bd253390}.TMContainer00000000000000000001.regtrans-ms
[2010/05/04 18:37:29 | 000,065,536 | -HS- | M] () -- C:\Users\Stephen\NTUSER.DAT{3a539871-6a70-11db-887c-d362bd253390}.TM.blf
[2010/05/04 18:27:05 | 000,690,960 | ---- | M] () -- C:\Windows\System32\PerfStringBackup.INI
[2010/05/04 18:27:05 | 000,599,942 | ---- | M] () -- C:\Windows\System32\perfh009.dat
[2010/05/04 18:27:05 | 000,105,448 | ---- | M] () -- C:\Windows\System32\perfc009.dat
[2010/05/04 18:05:34 | 000,000,000 | ---- | M] () -- C:\Users\Stephen\AppData\Local\prvlcl.dat
[2010/05/04 18:02:00 | 000,000,882 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2010/05/04 09:03:03 | 059,541,867 | ---- | M] () -- C:\Windows\System32\drivers\Avg\incavi.avm
[2010/05/03 22:28:48 | 000,138,376 | ---- | M] () -- C:\Windows\System32\drivers\PnkBstrK.sys
[2010/05/03 21:11:31 | 001,900,277 | -H-- | M] () -- C:\Users\Stephen\AppData\Local\IconCache.db
[2010/05/03 15:57:43 | 000,001,798 | ---- | M] () -- C:\Users\Stephen\Desktop\Homecall Broadband (2).lnk
[2010/05/03 11:14:27 | 000,007,512 | ---- | M] () -- C:\Users\Stephen\AppData\Local\d3d9caps.dat
[2010/05/01 20:18:24 | 000,001,726 | ---- | M] () -- C:\Users\Public\Desktop\Mozilla Firefox.lnk
[2010/05/01 11:22:28 | 000,525,824 | ---- | M] () -- C:\Users\Stephen\Desktop\dds.scr
[2010/05/01 11:21:46 | 000,050,477 | ---- | M] () -- C:\Users\Stephen\Desktop\Defogger.exe
[2010/04/30 23:19:39 | 241,626,175 | ---- | M] () -- C:\Windows\MEMORY.DMP
[2010/04/30 06:03:14 | 000,356,408 | ---- | M] () -- C:\Windows\System32\FNTCACHE.DAT
[2010/04/29 15:39:38 | 000,038,224 | ---- | M] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbamswissarmy.sys
[2010/04/29 15:39:26 | 000,020,952 | ---- | M] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbam.sys
[2010/04/27 19:27:46 | 000,054,016 | ---- | M] () -- C:\Windows\System32\drivers\fgcbqll.sys
[2010/04/27 19:12:23 | 000,000,354 | ---- | M] () -- C:\Users\Stephen\Desktop\fix.reg
[2010/04/27 19:07:33 | 000,010,322 | -HS- | M] () -- C:\Users\Stephen\AppData\Local\c7vdif
[2010/04/27 19:07:33 | 000,010,322 | -HS- | M] () -- C:\ProgramData\c7vdif
[2010/04/27 07:09:11 | 000,002,075 | ---- | M] () -- C:\Users\Public\Desktop\Google Earth.lnk
[2010/04/27 06:55:23 | 000,000,716 | ---- | M] () -- C:\Users\Public\Desktop\Opera.lnk
[2010/04/26 22:14:23 | 000,000,904 | ---- | M] () -- C:\Users\Public\Desktop\SUPERAntiSpyware Free Edition.lnk
[2010/04/26 20:48:30 | 000,363,520 | ---- | M] () -- C:\Users\Stephen\Desktop\rkill.exe
[2010/04/26 19:46:21 | 000,242,896 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Windows\System32\drivers\avgtdix.sys
[2010/04/26 19:26:27 | 000,000,820 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes' Anti-Malware.lnk
[2010/04/26 19:25:45 | 005,918,776 | ---- | M] (Malwarebytes Corporation ) -- C:\Users\Stephen\Desktop\mbam-setup-1.45.exe
[2010/04/26 19:21:33 | 000,000,258 | RHS- | M] () -- C:\ProgramData\ntuser.pol
[2010/04/26 17:52:16 | 000,000,112 | ---- | M] () -- C:\ProgramData\5it12s5a.dat
[2010/04/26 17:37:35 | 000,011,890 | -HS- | M] () -- C:\Users\Stephen\AppData\Local\vf833a5xcC
[2010/04/26 17:37:35 | 000,011,890 | -HS- | M] () -- C:\ProgramData\vf833a5xcC
[2010/04/26 15:00:47 | 000,010,754 | -HS- | M] () -- C:\Users\Stephen\AppData\Local\gN6jFf2kO7Q7
[2010/04/26 15:00:47 | 000,010,754 | -HS- | M] () -- C:\ProgramData\gN6jFf2kO7Q7
[2010/04/26 10:09:04 | 000,009,948 | -HS- | M] () -- C:\Users\Stephen\AppData\Local\53YQ5yXeP
[2010/04/26 10:09:04 | 000,009,948 | -HS- | M] () -- C:\ProgramData\53YQ5yXeP
[2010/04/25 08:06:31 | 000,013,266 | -HS- | M] () -- C:\Users\Stephen\AppData\Local\f1pKdvbneJkm
[2010/04/25 08:06:31 | 000,013,266 | -HS- | M] () -- C:\ProgramData\f1pKdvbneJkm
[2010/04/23 21:44:35 | 003,407,872 | ---- | M] () -- C:\Windows\ocsetup_install_MicrosoftWindowsPowerShell.etl
[2010/04/23 18:27:38 | 000,000,032 | --S- | M] () -- C:\Users\Stephen\AppData\Local\2471744496.dat
[2010/04/22 21:08:08 | 000,010,710 | -HS- | M] () -- C:\Users\Stephen\AppData\Local\7Q21kc
[2010/04/22 21:08:08 | 000,010,710 | -HS- | M] () -- C:\ProgramData\7Q21kc
[2010/04/21 20:50:46 | 000,012,248 | -HS- | M] () -- C:\Users\Stephen\AppData\Local\LqB0St6ge8
[2010/04/21 20:50:46 | 000,012,248 | -HS- | M] () -- C:\ProgramData\LqB0St6ge8
[2010/04/20 06:46:23 | 000,012,464 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Windows\System32\avgrsstx(447).dll
[2010/04/14 20:09:07 | 000,026,112 | ---- | M] () -- C:\Users\Stephen\Desktop\[name removed].doc
[2010/04/11 09:19:27 | 000,010,456 | -HS- | M] () -- C:\Users\Stephen\AppData\Local\0CMR8yFmkXh
[2010/04/11 09:19:27 | 000,010,456 | -HS- | M] () -- C:\ProgramData\0CMR8yFmkXh
[2010/04/05 20:38:38 | 000,021,504 | ---- | M] () -- C:\Users\Stephen\Desktop\[name removed].doc
[2010/04/05 20:05:10 | 000,020,992 | ---- | M] () -- C:\Users\Stephen\Documents\[name removed].doc

========== Files Created - No Company Name ==========

[2010/05/03 15:57:43 | 000,001,798 | ---- | C] () -- C:\Users\Stephen\Desktop\Homecall Broadband (2).lnk
[2010/05/02 17:44:50 | 3488,735,232 | -HS- | C] () -- C:\hiberfil.sys
[2010/05/01 20:18:24 | 000,001,726 | ---- | C] () -- C:\Users\Public\Desktop\Mozilla Firefox.lnk
[2010/05/01 11:22:23 | 000,525,824 | ---- | C] () -- C:\Users\Stephen\Desktop\dds.scr
[2010/05/01 11:21:45 | 000,050,477 | ---- | C] () -- C:\Users\Stephen\Desktop\Defogger.exe
[2010/04/27 19:27:46 | 000,054,016 | ---- | C] () -- C:\Windows\System32\drivers\fgcbqll.sys
[2010/04/27 19:12:23 | 000,000,354 | ---- | C] () -- C:\Users\Stephen\Desktop\fix.reg
[2010/04/27 17:32:45 | 000,010,322 | -HS- | C] () -- C:\Users\Stephen\AppData\Local\c7vdif
[2010/04/27 17:32:45 | 000,010,322 | -HS- | C] () -- C:\ProgramData\c7vdif
[2010/04/27 07:09:11 | 000,002,075 | ---- | C] () -- C:\Users\Public\Desktop\Google Earth.lnk
[2010/04/27 06:55:23 | 000,000,716 | ---- | C] () -- C:\Users\Public\Desktop\Opera.lnk
[2010/04/26 22:14:23 | 000,000,904 | ---- | C] () -- C:\Users\Public\Desktop\SUPERAntiSpyware Free Edition.lnk
[2010/04/26 20:48:25 | 000,363,520 | ---- | C] () -- C:\Users\Stephen\Desktop\rkill.exe
[2010/04/26 19:26:27 | 000,000,820 | ---- | C] () -- C:\Users\Public\Desktop\Malwarebytes' Anti-Malware.lnk
[2010/04/26 19:21:33 | 000,000,258 | RHS- | C] () -- C:\ProgramData\ntuser.pol
[2010/04/26 15:12:03 | 000,011,890 | -HS- | C] () -- C:\Users\Stephen\AppData\Local\vf833a5xcC
[2010/04/26 15:12:03 | 000,011,890 | -HS- | C] () -- C:\ProgramData\vf833a5xcC
[2010/04/26 13:48:54 | 000,010,754 | -HS- | C] () -- C:\Users\Stephen\AppData\Local\gN6jFf2kO7Q7
[2010/04/26 13:48:54 | 000,010,754 | -HS- | C] () -- C:\ProgramData\gN6jFf2kO7Q7
[2010/04/26 06:43:39 | 000,009,948 | -HS- | C] () -- C:\Users\Stephen\AppData\Local\53YQ5yXeP
[2010/04/26 06:43:39 | 000,009,948 | -HS- | C] () -- C:\ProgramData\53YQ5yXeP
[2010/04/25 03:45:50 | 000,013,266 | -HS- | C] () -- C:\Users\Stephen\AppData\Local\f1pKdvbneJkm
[2010/04/25 03:45:50 | 000,013,266 | -HS- | C] () -- C:\ProgramData\f1pKdvbneJkm
[2010/04/23 21:44:27 | 003,407,872 | ---- | C] () -- C:\Windows\ocsetup_install_MicrosoftWindowsPowerShell.etl
[2010/04/23 18:27:38 | 000,000,032 | --S- | C] () -- C:\Users\Stephen\AppData\Local\2471744496.dat
[2010/04/23 13:22:39 | 000,000,112 | ---- | C] () -- C:\ProgramData\5it12s5a.dat
[2010/04/22 19:34:25 | 000,010,710 | -HS- | C] () -- C:\Users\Stephen\AppData\Local\7Q21kc
[2010/04/22 19:34:25 | 000,010,710 | -HS- | C] () -- C:\ProgramData\7Q21kc
[2010/04/21 20:48:06 | 000,012,248 | -HS- | C] () -- C:\Users\Stephen\AppData\Local\LqB0St6ge8
[2010/04/21 20:48:06 | 000,012,248 | -HS- | C] () -- C:\ProgramData\LqB0St6ge8
[2010/04/11 08:59:09 | 000,010,456 | -HS- | C] () -- C:\Users\Stephen\AppData\Local\0CMR8yFmkXh
[2010/04/11 08:59:09 | 000,010,456 | -HS- | C] () -- C:\ProgramData\0CMR8yFmkXh
[2010/04/05 20:10:06 | 000,026,112 | ---- | C] () -- C:\Users\Stephen\Desktop\[name removed].doc
[2010/04/05 20:07:05 | 000,021,504 | ---- | C] () -- C:\Users\Stephen\Desktop\[name removed].doc
[2010/04/05 18:22:03 | 000,020,992 | ---- | C] () -- C:\Users\Stephen\Documents\[name removed].doc
[2009/12/24 11:49:54 | 000,271,360 | ---- | C] () -- C:\Windows\System32\drivers\atksgt.sys
[2009/12/24 11:49:54 | 000,018,048 | ---- | C] () -- C:\Windows\System32\drivers\lirsgt.sys
[2009/12/20 16:44:50 | 000,138,376 | ---- | C] () -- C:\Windows\System32\drivers\PnkBstrK.sys
[2009/12/19 22:16:22 | 000,000,819 | ---- | C] () -- C:\Windows\CoDUO.INI
[2009/12/19 22:06:40 | 000,000,766 | ---- | C] () -- C:\Windows\CoD.INI
[2009/12/03 10:27:28 | 000,080,416 | ---- | C] () -- C:\Windows\System32\RtNicProp32.dll
[2009/11/03 17:05:25 | 000,000,376 | ---- | C] () -- C:\Windows\ODBC.INI
[2009/10/23 14:10:21 | 000,117,248 | ---- | C] () -- C:\Windows\System32\EhStorAuthn.dll
[2009/10/23 12:26:06 | 000,005,606 | ---- | C] () -- C:\Windows\System32\stci.dll
[2009/08/06 00:17:39 | 000,159,744 | ---- | C] () -- C:\Windows\System32\atitmmxx.dll
[2009/08/03 16:07:42 | 000,403,816 | ---- | C] () -- C:\Windows\System32\OGACheckControl.dll
[2006/11/02 13:35:32 | 000,005,632 | ---- | C] () -- C:\Windows\System32\sysprepMCE.dll
[2006/11/02 08:40:29 | 000,013,750 | ---- | C] () -- C:\Windows\System32\pacerprf.ini
< End of report >

_____________

Extras log next
_____________

OTL Extras logfile created on: 04/05/2010 19:25:28 - Run 1
OTL by OldTimer - Version 3.2.4.1 Folder = C:\Users\Stephen\Desktop
Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18904)
Locale: 00000809 | Country: United Kingdom | Language: ENG | Date Format: dd/MM/yyyy

3.00 Gb Total Physical Memory | 2.00 Gb Available Physical Memory | 67.00% Memory free
7.00 Gb Paging File | 6.00 Gb Available in Paging File | 83.00% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 450.68 Gb Total Space | 308.56 Gb Free Space | 68.46% Space Free | Partition Type: NTFS
Drive D: | 15.00 Gb Total Space | 9.42 Gb Free Space | 62.78% Space Free | Partition Type: NTFS
E: Drive not present or media not loaded
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded

Computer Name: HOME-PC
Current User Name: Stephen
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: All users
Company Name Whitelist: Off
Skip Microsoft Files: Off
File Age = 30 Days
Output = Standard

========== Extra Registry (SafeList) ==========


========== File Associations ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\System32\control.exe (Microsoft Corporation)
.hlp [@ = hlpfile] -- C:\Windows\winhlp32.exe (Microsoft Corporation)

[HKEY_USERS\S-1-5-21-3036995302-1807666143-3651402527-1002\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation)

========== Shell Spawning ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
hlpfile [open] -- %SystemRoot%\winhlp32.exe %1 (Microsoft Corporation)
htmlfile [edit] -- Reg Error: Key error.
htmlfile [print] -- rundll32.exe %windir%\system32\mshtml.dll,PrintHTML "%1"
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l (Microsoft Corporation)
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [AddToPlaylistVLC] -- "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" ()
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [PlayWithVLC] -- "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" ()
Directory [Winamp.Bookmark] -- "C:\Program Files\Winamp\winamp.exe" /BOOKMARK "%1" (Nullsoft)
Directory [Winamp.Enqueue] -- "C:\Program Files\Winamp\winamp.exe" /ADD "%1" (Nullsoft)
Directory [Winamp.Play] -- "C:\Program Files\Winamp\winamp.exe" "%1" (Nullsoft)
Folder [open] -- %SystemRoot%\Explorer.exe /separate,/idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /separate,/e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

========== Security Center Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
"VistaSp1" = Reg Error: Unknown registry data type -- File not found
"VistaSp2" = Reg Error: Unknown registry data type -- File not found

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"EnableFirewall" = 0
"DisableNotifications" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 0
"DisableNotifications" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"EnableFirewall" = 0
"DisableNotifications" = 0

========== Authorized Applications List ==========


========== Vista Active Open Ports Exception List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{3841CCB5-6EA4-4D19-A314-9273C29A763D}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=svchost.exe |
"{3A8CF36B-9B74-42C5-8D8A-E60A3A3D884B}" = lport=445 | protocol=6 | dir=in | app=system |
"{4CF772B6-87C8-467C-880A-D8A8000AFEFE}" = lport=rpc | protocol=6 | dir=in | svc=spooler | app=%systemroot%\system32\spoolsv.exe |
"{5E97E5DE-A9BC-47AB-9263-59EA7B6D9E87}" = rport=139 | protocol=6 | dir=out | app=system |
"{8AD26E46-BF22-4FD5-AD3B-B2EAE3678024}" = rport=137 | protocol=17 | dir=out | app=system |
"{A4032446-1D92-4228-9899-FFB8C4B16C24}" = lport=138 | protocol=17 | dir=in | app=system |
"{B0F07AB2-CEDB-4A14-B79D-C2279D8F7E02}" = lport=139 | protocol=6 | dir=in | app=system |
"{DE8AFA87-E648-4C01-B12A-BF41592F860D}" = lport=2869 | protocol=6 | dir=in | app=system |
"{E29AB3FD-4CA0-4E9D-AD75-2893DBDE4B38}" = lport=137 | protocol=17 | dir=in | app=system |
"{E823E287-4D5D-42BD-B44B-B840C6AD1C7C}" = lport=rpc-epmap | protocol=6 | dir=in | svc=rpcss | name=@firewallapi.dll,-28539 |
"{E95D9279-1D66-4FFE-B828-A7BD4ED7C783}" = rport=138 | protocol=17 | dir=out | app=system |
"{FCD8BF49-919A-4BB9-86AD-B7A45A936644}" = rport=445 | protocol=6 | dir=out | app=system |

========== Vista Active Application Exception List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{042BE5C2-6AED-402C-8CA4-EF2147AC74C4}" = protocol=6 | dir=in | app=c:\program files\spotify\spotify.exe |
"{1EBBDB19-69A9-448A-8783-30F5EB55C69E}" = dir=in | app=c:\program files\cyberlink\powerdvd dx\powerdvd.exe |
"{3893332F-DE38-48A8-97E4-C104A3A7FE2E}" = protocol=17 | dir=in | app=c:\program files\atari\neverwinter nights 2\nwn2main_amdxp.exe |
"{5B5293E2-BA6E-436C-9B53-5AAED70A8334}" = protocol=6 | dir=in | app=c:\program files\atari\neverwinter nights 2\nwupdate.exe |
"{5E165EA9-1A3A-40B5-ACDE-11BCDB60D93A}" = protocol=6 | dir=in | app=c:\program files\atari\neverwinter nights 2\nwn2main_amdxp.exe |
"{62E719CA-8AA8-4689-89F0-898A8254816A}" = dir=in | app=c:\program files\avg\avg9\avgnsx.exe |
"{68C68E75-2B42-4237-8645-BCE467C27594}" = protocol=58 | dir=out | name=@firewallapi.dll,-28546 |
"{69AB7CB0-B576-4512-9176-F7BA43C2117B}" = protocol=6 | dir=in | app=c:\program files\atari\neverwinter nights 2\nwn2main.exe |
"{7444C45C-C813-4653-AEE2-4EE56DA08D34}" = dir=in | app=c:\program files\cyberlink\powerdvd dx\pdvddxsrv.exe |
"{7662A31E-B258-47EB-8DC9-CAB87FBE9CB4}" = protocol=6 | dir=in | app=e:\vista\installer.exe |
"{7E65726F-F440-4F07-AB33-2ACB4C83BB1B}" = protocol=6 | dir=in | app=c:\program files\opera\opera.exe |
"{8715760A-E2A3-4F52-B1E4-B049E16B5030}" = protocol=1 | dir=out | name=@firewallapi.dll,-28544 |
"{8A99DE3D-3E38-4B6F-8284-EB82AB85ECF2}" = protocol=17 | dir=in | app=e:\vista\installer.exe |
"{8DB19111-1D67-48D7-9ADE-070BB6BD7A36}" = protocol=6 | dir=in | app=c:\program files\dna\btdna.exe |
"{91AD548A-DDB3-4B8B-90B8-B17142D69076}" = dir=in | app=c:\program files\windows live\messenger\msnmsgr.exe |
"{94F598F6-75CB-480D-8DE6-E6C9D2941399}" = protocol=6 | dir=in | app=c:\program files\atari\neverwinter nights 2\nwn2server.exe |
"{9D8FBEAA-FF3D-42BD-AD28-B669E3E0E30B}" = protocol=17 | dir=in | app=c:\program files\microsoft games\dungeon siege 2\dungeonsiege2.exe |
"{9F6000E1-9E5C-41B2-BCAB-EDFF56589023}" = dir=in | app=c:\program files\avg\avg9\avgupd.exe |
"{A4B44658-7AD8-4C08-877C-CE0A4C23449C}" = protocol=58 | dir=in | name=@firewallapi.dll,-28545 |
"{B9909401-431E-4FDA-9562-1A7DB1181D09}" = protocol=6 | dir=in | app=c:\program files\microsoft games\dungeon siege 2\dungeonsiege2.exe |
"{C5A49232-879E-485C-B39E-F1BEB4BB748D}" = dir=in | app=c:\program files\windows live\sync\windowslivesync.exe |
"{C970FEEA-BF74-44CD-8318-6C50CDB36971}" = protocol=1 | dir=in | name=@firewallapi.dll,-28543 |
"{D8C1ECAB-4386-4DD6-ADE7-3A90092A6CD6}" = protocol=17 | dir=in | app=c:\program files\atari\neverwinter nights 2\nwn2server.exe |
"{D9066227-06D0-41B2-AED3-FDF3E945B4E7}" = protocol=17 | dir=in | app=c:\program files\atari\neverwinter nights 2\nwupdate.exe |
"{E4672280-EAB6-40C1-BDF5-D7569F91D981}" = protocol=17 | dir=in | app=c:\program files\dna\btdna.exe |
"{F685042E-65F8-4F81-97C2-E5E1EC65BAC3}" = protocol=17 | dir=in | app=c:\program files\atari\neverwinter nights 2\nwn2main.exe |
"{F7FFF501-758A-42B0-96ED-A2F33EC6BBC1}" = protocol=17 | dir=in | app=c:\program files\opera\opera.exe |
"{FE1E8BE7-1447-4670-BD6F-A2A40426DFD0}" = protocol=17 | dir=in | app=c:\program files\spotify\spotify.exe |
"TCP Query User{1887E818-57BE-4ADB-BCCF-8A5B119420D2}C:\program files\speedtouch\dr speedtouch\drst.exe" = protocol=6 | dir=in | app=c:\program files\speedtouch\dr speedtouch\drst.exe |
"UDP Query User{7A705689-E0E0-431F-A9FF-2A20E960A6C5}C:\program files\speedtouch\dr speedtouch\drst.exe" = protocol=17 | dir=in | app=c:\program files\speedtouch\dr speedtouch\drst.exe |

========== HKEY_LOCAL_MACHINE Uninstall List ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{00020409-78E1-11D2-B60F-006097C998E7}" = Microsoft Office 2000 SR-1 Standard
"{00203668-8170-44A0-BE44-B632FA4D780F}" = Adobe AIR
"{02B244A2-7F6A-42E8-A36F-8C385D7A1625}" = Gothic III
"{04D5E56E-F323-27F2-C075-EF1AE9A3CF2B}" = Catalyst Control Center Graphics Light
"{055EE59D-217B-43A7-ABFF-507B966405D8}" = ATI Catalyst Control Center
"{07288267-318E-9B78-B04E-984F9149EE24}" = Catalyst Control Center Graphics Previews Common
"{08C0729E-3E50-11DF-9D81-005056806466}" = Google Earth
"{08E81ABD-79F7-49C2-881F-FD6CB0975693}" = Roxio Creator Data
"{095B1DCF-5E8B-47EC-9B18-481918A731DB}" = Microsoft Default Manager
"{098122AB-C605-4853-B441-C0A4EB359B75}" = DirectXInstallService
"{0B23ACC5-88A6-FEE4-0131-8777A1BA0B68}" = Catalyst Control Center Graphics Previews Vista
"{0C34B801-6AEC-4667-B053-03A67E2D0415}" = Apple Application Support
"{0CD81D7E-94E2-D230-E37E-C9B16E90D01C}" = CCC Help Italian
"{14592A8E-4DA6-4338-A9D5-E16449647EC3}" = Championship Manager 2010 (September Data Patch)
"{15BC8CD0-A65B-47D0-A2DD-90A824590FA8}" = Microsoft Works
"{16A7FAD8-EE4F-C413-8359-833A3B2D39FB}" = CCC Help Portuguese
"{178832DE-9DE0-4C87-9F82-9315A9B03985}" = Windows Live Writer
"{18364179-C5E5-F826-E2FC-D99D575AF997}" = Catalyst Control Center Localization All
"{1F54DAFA-9261-4A62-B59D-6C9F26B48FE4}" = Roxio Creator Tools
"{205C6BDD-7B73-42DE-8505-9A093F35A238}" = Windows Live Upload Tool
"{20D4A895-748C-4D88-871C-FDB1695B0169}" = Platform
"{22B775E7-6C42-4FC5-8E10-9A5E3257BD94}" = MSVCRT
"{26A24AE4-039D-4CA4-87B4-2F83216016FF}" = Java™ 6 Update 16
"{2DA9DFFA-768B-4403-BEFA-9E45A80258CD}" = Driving Test Success ROAD SIGNS
"{2FFE93F0-BB72-4E52-8761-354D1AAA9387}" = Sony Ericsson PC Suite 6.011.00
"{30465B6C-B53F-49A1-9EBA-A3F187AD502E}" = Roxio Update Manager
"{3138EAD3-700B-4A10-B617-B3F8096EE30D}" = Dell Edoc Viewer
"{3B4E636E-9D65-4D67-BA61-189800823F52}" = Windows Live Communications Platform
"{421F51A8-A9A0-44AC-9D65-E7099DA63C51}" = xVideoServiceThief
"{47C72DA6-E7AC-984C-5475-15A65F9B41BE}" = Catalyst Control Center Graphics Full New
"{4A918155-6399-4673-0D08-85A0DBEC1389}" = CCC Help Chinese Traditional
"{4CBA3D4C-8F51-4D60-B27E-F6B641C571E7}" = Microsoft Search Enhancement Pack
"{537791BE-B032-D116-0C59-13541E17BFEA}" = CCC Help English
"{5CA7899B-FFEC-4254-A05B-448420831F37}" = Championship Manager 2010
"{6412CECE-8172-4BE5-935B-6CECACD2CA87}" = Windows Live Mail
"{6675CA7F-E51B-4F6A-99D4-F8F0124C6EAA}" = Roxio Express Labeler
"{66DAE8D7-D5F7-462F-5815-102EE4B191C4}" = CCC Help Korean
"{6811CAA0-BF12-11D4-9EA1-0050BAE317E1}" = PowerDVD DX
"{6956856F-B6B3-4BE0-BA0B-8F495BE32033}" = Apple Software Update
"{69FDFBB6-351D-4B8C-89D8-867DC9D0A2A4}" = Windows Media Player Firefox Plugin
"{73A4F29F-31AC-4EBD-AA1B-0CC5F18C8F83}" = Roxio Creator Audio
"{763B809A-6874-5979-CD69-39491392262C}" = Catalyst Control Center InstallProxy
"{77DCDCE3-2DED-62F3-8154-05E745472D07}" = Acrobat.com
"{7C503E58-B2BC-11D5-978A-0050BA84F5F7}" = Neverwinter Nights
"{7DB9F1E5-9ACB-410D-A7DC-7A3D023CE045}" = Dell Getting Started Guide
"{7FE440D8-8F16-24CA-81B6-7DEB4D6BF92D}" = CCC Help Hungarian
"{81128EE8-8EAD-4DB0-85C6-17C2CE50FF71}" = Windows Live Essentials
"{837b34e3-7c30-493c-8f6a-2b0f04e2912c}" = Microsoft Visual C++ 2005 Redistributable
"{84EBDF39-4B33-49D7-A0BD-EB6E2C4E81C1}" = Windows Live Sync
"{86C0E2A3-1EDA-4F01-A43D-80DA8642813C}_is1" = GameTap Web Player
"{88D3B829-DBA4-D839-33BF-9A5794CC21EB}" = CCC Help Chinese Standard
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8A74E887-8F0F-4017-AF53-CBA42211AAA5}" = Microsoft Sync Framework Runtime Native v1.0 (x86)
"{8D337F77-BE7F-41A2-A7CB-D5A63FD7049B}" = Roxio CinePlayer Decoder Pack
"{8D49D55D-9837-4E0E-AE3B-05C7BEC5CD1F}" = Opera 10.51
"{90120000-0020-0409-0000-0000000FF1CE}" = Compatibility Pack for the 2007 Office system
"{9044B9A5-B7D7-3EA2-B20B-49A47853D62F}" = CCC Help Spanish
"{9422C8EA-B0C6-4197-B8FC-DC797658CA00}" = Windows Live Sign-in Assistant
"{95120000-00AF-0409-0000-0000000FF1CE}" = Microsoft Office PowerPoint Viewer 2007 (English)
"{95120000-00B9-0409-0000-0000000FF1CE}" = Microsoft Application Error Reporting
"{97BBECCF-B1FD-4010-8D4B-EFC9E3CCEECF}" = Driver Whiz
"{995F1E2E-F542-4310-8E1D-9926F5A279B3}" = Windows Live Toolbar
"{9BBB19C0-1FE1-4A4E-B25F-C9E1B0497EC5}" = Shaiya(US)
"{A429C2AE-EBF1-4F81-A221-1C115CAADDAD}" = QuickTime
"{A49F249F-0C91-497F-86DF-B2585E8E76B7}" = Microsoft Visual C++ 2005 Redistributable
"{A662E280-64A8-4CF5-8407-13D0808602B3}" = Call of Duty - United Offensive
"{A69D7B32-2BE9-42BF-B576-69B5E0FF7394}" = Catalyst Control Center - Branding
"{A7F37935-A880-8657-79CE-F98BF3A358E1}" = CCC Help Turkish
"{A85FD55B-891B-4314-97A5-EA96C0BD80B5}" = Windows Live Messenger
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{AC76BA86-7AD7-1033-7B44-A90000000001}" = Adobe Reader 9
"{B2544A03-10D0-4E5E-BA69-0362FFC20D18}" = OGA Notifier 2.0.0048.0
"{B297076F-905F-7E13-57EF-7D254EBB7589}" = CCC Help Japanese
"{B5FDA445-CAC4-4BA6-A8FB-A7212BD439DE}" = Microsoft XML Parser
"{B6A26DE5-F2B5-4D58-9570-4FC760E00FCD}" = Roxio Creator Copy
"{B935C985-A17F-484B-8470-09E4FC27DC26}" = Dell-eBay
"{BB2CB14A-F3A3-4BBF-9111-EBC82049ABA6}" = Roxio Creator Premier
"{BD64AF4A-8C80-4152-AD77-FCDDF05208AB}" = Microsoft Sync Framework Services Native v1.0 (x86)
"{CDDCBBF1-2703-46BC-938B-BCC81A1EEAAA}" = SUPERAntiSpyware Free Edition
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{CE6D39E2-D4CB-4C49-ABD9-8724B095D1EF}" = Dr SpeedTouch
"{CE7CB214-DB11-4B5D-A6AF-3B4ED47C68B7}" = Microsoft Game Studios Common Redistributables Pack 1
"{CF5C7154-98F4-4D44-A58C-8BC19751CCCC}" = Roxio Creator Premier 10
"{D1B8C6AC-C4F8-E8AF-E157-AF3E16B97903}" = CCC Help French
"{D41FAAA9-8048-4906-86B2-9AADEA1FA0B7}" = SpeedTouch USB Software
"{D6C75F0B-3BC1-4FC9-B8C5-3F7E8ED059CA}" = Windows Live Photo Gallery
"{DC702FC1-4746-CD99-0578-02839474C2F8}" = Skins
"{DCCB7F99-84DC-6558-1406-AB775DD202BD}" = ccc-utility
"{E2883E8F-472F-4fb0-9522-AC9BF37916A7}" = Adobe Download Manager
"{E2DFE069-083E-4631-9B6C-43C48E991DE5}" = Junk Mail filter update
"{E3BFEE55-39E2-4BE0-B966-89FE583822C1}" = Dell Support Center (Support Software)
"{E59145A6-2D21-9E5C-6551-ACA2539CDE50}" = ccc-core-static
"{E6B87DC4-2B3D-4483-ADFF-E483BF718991}" = OpenOffice.org 3.1
"{E89371A0-2FCD-F518-EECB-09AB27724CEE}" = CCC Help German
"{EC877639-07AB-495C-BFD1-D63AF9140810}" = Roxio Activation Module
"{ED06F22F-DADB-E713-2E49-EEB154950285}" = Catalyst Control Center Graphics Full Existing
"{ED439A64-F018-4DD4-8BA5-328D85AB09AB}" = Roxio Creator Premier
"{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}" = Microsoft SQL Server 2005 Compact Edition [ENU]
"{F0E12BBA-AD66-4022-A453-A1C8A0C4D570}" = Microsoft Choice Guard
"{F20C1251-1D0A-4944-B2AE-678581B33B19}" = Neverwinter Nights 2
"{F6706DF9-B0B6-8496-F302-BF511197A32F}" = Catalyst Control Center Core Implementation
"{F6BD194C-4190-4D73-B1B1-C48C99921BFE}" = Windows Live Call
"{F6CB42B9-F033-4152-8813-FF11DA8E6A78}" = Dell Dock
"7-Zip" = 7-Zip 4.65
"Adobe AIR" = Adobe AIR
"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin
"Adobe Photoshop 7.0" = Adobe Photoshop 7.0
"Adobe Shockwave Player" = Adobe Shockwave Player 11.5
"Amazon MP3 Downloader" = Amazon MP3 Downloader 1.0.9
"AVG9Uninstall" = AVG Free 9.0
"Call of Duty Game of the Year Edition" = Call of Duty Game of the Year Edition
"com.adobe.mauby.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1" = Acrobat.com
"Continuum_is1" = Continuum 0.40
"Driving Test Success - All Tests_is1" = Driving Test Success - All Tests (2009-2010)
"DungeonSiege2" = Dungeon Siege 2
"Freelancer 1.0" = Freelancer
"Google Chrome" = Google Chrome
"GoToAssist" = GoToAssist 8.0.0.514
"GTK 2.0" = GTK+ Runtime 2.14.7 rev a (remove only)
"InstallShield_{20D4A895-748C-4D88-871C-FDB1695B0169}" = VIA Platform Device Manager
"InstallShield_{A662E280-64A8-4CF5-8407-13D0808602B3}" = Call of Duty - United Offensive
"Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"Mozilla Firefox (3.5.4)" = Mozilla Firefox (3.5.4)
"PalTalk8.2" = PaltalkScene
"Pidgin" = Pidgin
"Sony Ericsson W395© driver" = Sony Ericsson W395© driver v3.5.3.0
"Spotify" = Spotify
"Switch" = Switch Sound File Converter
"VLC media player" = VLC media player 1.0.3
"Winamp" = Winamp
"WinLiveSuite_Wave3" = Windows Live Essentials
"ZoneAlarm" = ZoneAlarm
"ZoneAlarm Toolbar" = ZoneAlarm Toolbar

========== Last 10 Event Log Errors ==========

[ Application Events ]
Error - 13/02/2010 03:08:06 | Computer Name = Home-PC | Source = WinMgmt | ID = 10
Description =

Error - 13/02/2010 03:10:23 | Computer Name = Home-PC | Source = RasClient | ID = 20227
Description =

Error - 13/02/2010 06:34:06 | Computer Name = Home-PC | Source = RasClient | ID = 20227
Description =

Error - 13/02/2010 06:34:13 | Computer Name = Home-PC | Source = WinMgmt | ID = 10
Description =

Error - 13/02/2010 14:48:02 | Computer Name = Home-PC | Source = WinMgmt | ID = 10
Description =

Error - 13/02/2010 14:58:31 | Computer Name = Home-PC | Source = RasClient | ID = 20227
Description =

Error - 13/02/2010 15:45:09 | Computer Name = Home-PC | Source = RasClient | ID = 20227
Description =

Error - 13/02/2010 15:45:38 | Computer Name = Home-PC | Source = WinMgmt | ID = 10
Description =

Error - 13/02/2010 16:00:42 | Computer Name = Home-PC | Source = Application Error | ID = 1000
Description = Faulting application drst.exe, version 1.1.0.10, time stamp 0x3f8e802a,
faulting module ntdll.dll, version 6.0.6002.18005, time stamp 0x49e03821, exception
code 0xc0000005, fault offset 0x00066592, process id 0x4ec, application start time
0x01caace72d6f6275.

Error - 13/02/2010 16:00:59 | Computer Name = Home-PC | Source = RasClient | ID = 20227
Description =

[ System Events ]
Error - 04/05/2010 01:54:07 | Computer Name = Home-PC | Source = Service Control Manager | ID = 7000
Description =

Error - 04/05/2010 02:26:06 | Computer Name = Home-PC | Source = Service Control Manager | ID = 7000
Description =

Error - 04/05/2010 02:47:42 | Computer Name = Home-PC | Source = Service Control Manager | ID = 7032
Description =

Error - 04/05/2010 02:50:21 | Computer Name = Home-PC | Source = Service Control Manager | ID = 7000
Description =

Error - 04/05/2010 04:09:24 | Computer Name = Home-PC | Source = Service Control Manager | ID = 7032
Description =

Error - 04/05/2010 04:14:37 | Computer Name = Home-PC | Source = Service Control Manager | ID = 7000
Description =

Error - 04/05/2010 06:36:11 | Computer Name = Home-PC | Source = Service Control Manager | ID = 7032
Description =

Error - 04/05/2010 12:51:13 | Computer Name = Home-PC | Source = Service Control Manager | ID = 7000
Description =

Error - 04/05/2010 13:23:54 | Computer Name = Home-PC | Source = Service Control Manager | ID = 7000
Description =

Error - 04/05/2010 14:21:16 | Computer Name = Home-PC | Source = Service Control Manager | ID = 7000
Description =


< End of report >
______________________

I am attaching a fresh GMER log as it will not fit into this response.

Attached Files

  • Attached File  gmer.log   149.92KB   7 downloads


#4 Elise

Elise

    Bleepin' Blonde


  • Malware Study Hall Admin
  • 60,833 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:Romania
  • Local time:08:19 AM

Posted 04 May 2010 - 02:52 PM

Hello again,

BACKDOOR WARNING
------------------------------
One or more of the identified infections is known to use a backdoor.

This allows hackers to remotely control your computer, steal critical system information and download and execute files.

I would advice you to disconnect this PC from the Internet immediately. If you do any banking or other financial transactions on the PC or if it should contain any other sensitive information, please get to a known clean computer and change all passwords where applicable, and it would be wise to contact those same financial institutions to apprise them of your situation.

Though the infection has been identified and can be killed, because of it's backdoor functionality, your PC is very likely compromised and there is no way to be sure your computer can ever again be trusted. Many experts in the security community believe that once infected with this type of trojan, the best course of action would be a reformat and reinstall of the OS. Please read these for more information:

How Do I Handle Possible Identify Theft, Internet Fraud and CC Fraud?
When Should I Format, How Should I Reinstall

We can still clean this machine but I can't guarantee that it will be 100% secure afterwards. Let me know what you decide to do. If you decide to go through with the cleanup, please proceed with the following steps.


COMBOFIX
---------------
Please download ComboFix from one of these locations:
  • Disable your AntiVirus and AntiSpyware applications, usually via a right click on the System Tray icon. They may otherwise interfere with our tools. (Click on this link to see a list of programs that should be disabled. The list is not all inclusive.)
  • Double click on Combofix.exe and follow the prompts.
  • As part of it's process, ComboFix will check to see if the Microsoft Windows Recovery Console is installed. With malware infections being as they are today, it's strongly recommended to have this pre-installed on your machine before doing any malware removal. It will allow you to boot up into a special recovery/repair mode that will allow us to more easily help you should your computer have a problem after an attempted removal of malware.
  • Follow the prompts to allow ComboFix to download and install the Microsoft Windows Recovery Console, and when prompted, agree to the End-User License Agreement to install the Microsoft Windows Recovery Console.
**Please note: If the Microsoft Windows Recovery Console is already installed, or if you are running Vista, ComboFix will continue it's malware removal procedures.



Once the Microsoft Windows Recovery Console is installed using ComboFix, you should see the following message:



Click on Yes, to continue scanning for malware.

When finished, it shall produce a log for you. Please include the C:\ComboFix.txt in your next reply.

regards, Elise


"Now faith is the substance of things hoped for, the evidence of things not seen."

 

Follow BleepingComputer on: Facebook | Twitter | Google+ | lockerdome

 

Malware analyst @ Emsisoft


#5 Imhotep is Invisible

Imhotep is Invisible
  • Topic Starter

  • Members
  • 9 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:06:19 AM

Posted 05 May 2010 - 09:35 AM

Hi there. I'm gonna go with the reformat and reinstall option to be on the safe side. Thanks to everyone who has helped with this issue in either of my threads. T'is much appreciated thumbup2.gif

#6 Elise

Elise

    Bleepin' Blonde


  • Malware Study Hall Admin
  • 60,833 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:Romania
  • Local time:08:19 AM

Posted 05 May 2010 - 12:01 PM

You are welcome smile.gif

I am now closing this thread. If you need it reopened, please send me a PM.

Everyone else, please start a new topic.

regards, Elise


"Now faith is the substance of things hoped for, the evidence of things not seen."

 

Follow BleepingComputer on: Facebook | Twitter | Google+ | lockerdome

 

Malware analyst @ Emsisoft





0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users