Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Every Hour Redirection in FIreFox


  • This topic is locked This topic is locked
19 replies to this topic

#1 Metroidn1f

Metroidn1f

  • Members
  • 16 posts
  • OFFLINE
  •  
  • Local time:03:21 AM

Posted 06 June 2010 - 09:45 AM

This is the second time I have had this. The first time I got so fed up with it I re formatted my computer, but I don't want to do that now. Ever hour, if I am in firefox, I will get redirected to a page. Sometimes also, if I do a google search and I click a link, I will get redirected to a page that I did not request. Here is my HiJackThis Log.

Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 10:44:31 AM, on 06/06/2010
Platform: Windows 7 (WinNT 6.00.3504)
MSIE: Internet Explorer v8.00 (8.00.7600.16385)
Boot mode: Normal

Running processes:
C:\Windows\system32\taskhost.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Program Files\AVG\AVG9\avgtray.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Program Files\Windows Live\Messenger\msnmsgr.exe
C:\Program Files\AIM\aim.exe
C:\Program Files\AVG\AVG9\Identity Protection\agent\bin\avgidsmonitor.exe
C:\Windows\system32\conhost.exe
C:\Program Files\Java\jre6\bin\javaw.exe
C:\Program Files\Common Files\Adobe\OOBE\PDApp\UWA\AAM Updates Notifier.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Trend Micro\HiJackThis\HiJackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
R3 - URLSearchHook: AVG Security Toolbar BHO - {A3BC75A2-1F87-4686-AA43-5347D756017C} - C:\Program Files\AVG\AVG9\Toolbar\IEToolbar.dll
O2 - BHO: ContributeBHO Class - {074C1DC5-9320-4A9A-947D-C042949C6216} - C:\Program Files\Adobe\Adobe Contribute CS5\Plugins\IEPlugin\contributeieplugin.dll
O2 - BHO: BitComet ClickCapture - {39F7E362-828A-4B5A-BCAF-5B79BFDFEA60} - C:\Program Files\BitComet\tools\BitCometBHO_1.4.4.13.dll
O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG9\avgssie.dll
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - (no file)
O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\PROGRA~1\MICROS~3\Office14\GROOVEEX.DLL
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: AVG Security Toolbar BHO - {A3BC75A2-1F87-4686-AA43-5347D756017C} - C:\Program Files\AVG\AVG9\Toolbar\IEToolbar.dll
O2 - BHO: URLRedirectionBHO - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\PROGRA~1\MICROS~3\Office14\URLREDIR.DLL
O2 - BHO: Java™ Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O3 - Toolbar: Contribute Toolbar - {517BDDE4-E3A7-4570-B21E-2B52B6139FC7} - C:\Program Files\Adobe\Adobe Contribute CS5\Plugins\IEPlugin\contributeieplugin.dll
O3 - Toolbar: AVG Security Toolbar - {CCC7A320-B3CA-4199-B1A6-9F516DD69829} - C:\Program Files\AVG\AVG9\Toolbar\IEToolbar.dll
O4 - HKLM\..\Run: [AVG9_TRAY] C:\PROGRA~1\AVG\AVG9\avgtray.exe
O4 - HKCU\..\Run: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\Windows Live\Messenger\msnmsgr.exe" /background
O4 - HKCU\..\Run: [Aim] "C:\Program Files\AIM\aim.exe" /d locale=en-CA
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-19\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-20\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'NETWORK SERVICE')
O8 - Extra context menu item: &D&ownload &with BitComet - res://C:\Program Files\BitComet\BitComet.exe/AddLink.htm
O8 - Extra context menu item: &D&ownload all video with BitComet - res://C:\Program Files\BitComet\BitComet.exe/AddVideo.htm
O8 - Extra context menu item: &D&ownload all with BitComet - res://C:\Program Files\BitComet\BitComet.exe/AddAllLink.htm
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~3\Office14\EXCEL.EXE/3000
O8 - Extra context menu item: Se&nd to OneNote - res://C:\PROGRA~1\MICROS~3\Office14\ONBttnIE.dll/105
O9 - Extra button: (no name) - {2670000A-7350-4f3c-8081-5663EE0C6C49} - (no file)
O9 - Extra button: (no name) - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - (no file)
O9 - Extra button: BitComet - {D18A0B52-D63C-4ed0-AFC6-C1E3DC1AF43A} - res://C:\Program Files\BitComet\tools\BitCometBHO_1.4.4.13.dll/206 (file missing)
O18 - Protocol: AutorunsDisabled - (no CLSID) - (no file)
O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG9\avgpp.dll
O18 - Filter hijack: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - C:\Program Files\Common Files\Microsoft Shared\OFFICE14\MSOXMLMF.DLL
O20 - AppInit_DLLs: avgrsstx.dll
O23 - Service: AVG Security Toolbar Service - Unknown owner - C:\Program Files\AVG\AVG9\Toolbar\ToolbarBroker.exe
O23 - Service: AVG E-mail Scanner (avg9emc) - AVG Technologies CZ, s.r.o. - C:\Program Files\AVG\AVG9\avgemc.exe
O23 - Service: AVG WatchDog (avg9wd) - AVG Technologies CZ, s.r.o. - C:\Program Files\AVG\AVG9\avgwdsvc.exe
O23 - Service: AVG Firewall (avgfws9) - AVG Technologies CZ, s.r.o. - C:\Program Files\AVG\AVG9\avgfws9.exe
O23 - Service: AVG9IDSAgent (AVGIDSAgent) - AVG Technologies CZ, s.r.o. - C:\Program Files\AVG\AVG9\Identity Protection\Agent\Bin\AVGIDSAgent.exe
O23 - Service: NVIDIA Display Driver Service (nvsvc) - NVIDIA Corporation - C:\Windows\system32\nvvsvc.exe
O23 - Service: Adobe SwitchBoard (SwitchBoard) - Adobe Systems Incorporated - C:\Program Files\Common Files\Adobe\SwitchBoard\SwitchBoard.exe

--
End of file - 6140 bytes


BC AdBot (Login to Remove)

 


#2 Metroidn1f

Metroidn1f
  • Topic Starter

  • Members
  • 16 posts
  • OFFLINE
  •  
  • Local time:03:21 AM

Posted 06 June 2010 - 10:02 AM

Here is an OTL Log.

OTL logfile created on: 06/06/2010 11:00:02 AM - Run 4
OTL by OldTimer - Version 3.2.5.2 Folder = C:\Users\Metroidn1f\Desktop
Ultimate Edition (Version = 6.1.7600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.7600.16385)
Locale: 00001009 | Country: Canada | Language: ENC | Date Format: dd/MM/yyyy

3.00 Gb Total Physical Memory | 2.00 Gb Available Physical Memory | 56.00% Memory free
6.00 Gb Paging File | 5.00 Gb Available in Paging File | 73.00% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 298.09 Gb Total Space | 225.37 Gb Free Space | 75.61% Space Free | Partition Type: NTFS
D: Drive not present or media not loaded
E: Drive not present or media not loaded
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded

Computer Name: METROIDN1F-PC
Current User Name: Metroidn1f
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: All users
Company Name Whitelist: On
Skip Microsoft Files: On
File Age = 90 Days
Output = Standard
Quick Scan

========== Processes (SafeList) ==========

PRC - [2010/06/03 21:01:18 | 000,332,800 | ---- | M] (MiniTech) -- C:\Users\Metroidn1f\My Documents\Apps\MiniCoder\MiniCOder.exe
PRC - [2010/06/03 20:59:11 | 006,375,424 | ---- | M] () -- C:\Users\Metroidn1f\My Documents\Apps\MiniCoder\Tools\x264\x264.exe
PRC - [2010/06/01 19:04:41 | 000,571,392 | ---- | M] (OldTimer Tools) -- C:\Users\Metroidn1f\Desktop\OTL.exe
PRC - [2010/06/01 09:12:33 | 002,065,248 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG9\avgtray.exe
PRC - [2010/06/01 09:12:32 | 000,620,896 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG9\avgnsx.exe
PRC - [2010/06/01 09:12:32 | 000,515,424 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG9\avgrsx.exe
PRC - [2010/06/01 09:12:28 | 002,331,544 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG9\avgfws9.exe
PRC - [2010/06/01 09:12:27 | 000,722,784 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG9\avgcsrvx.exe
PRC - [2010/06/01 09:12:25 | 001,101,152 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG9\avgchsvx.exe
PRC - [2010/05/21 11:36:28 | 003,824,472 | ---- | M] (AOL Inc.) -- C:\Program Files\AIM\aim.exe
PRC - [2010/05/20 21:50:16 | 000,145,184 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\Java\jre6\bin\javaw.exe
PRC - [2010/05/20 21:34:12 | 000,310,224 | ---- | M] (Adobe Systems Incorporated) -- C:\Program Files\Common Files\Adobe\OOBE\PDApp\UWA\AAM Updates Notifier.exe
PRC - [2010/05/20 20:56:01 | 000,916,760 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG9\avgemc.exe
PRC - [2010/05/20 20:56:00 | 000,836,888 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG9\avgam.exe
PRC - [2010/05/20 20:56:00 | 000,308,064 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG9\avgwdsvc.exe
PRC - [2010/05/20 20:55:56 | 000,596,488 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG9\Identity Protection\Agent\Bin\AVGIDSMonitor.exe
PRC - [2010/05/20 20:55:55 | 005,888,008 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG9\Identity Protection\Agent\Bin\AVGIDSAgent.exe
PRC - [2010/04/01 13:58:04 | 000,910,296 | ---- | M] (Mozilla Corporation) -- C:\Program Files\Mozilla Firefox\firefox.exe
PRC - [2009/10/31 01:45:39 | 002,614,272 | ---- | M] (Microsoft Corporation) -- C:\Windows\explorer.exe
PRC - [2009/07/13 21:14:42 | 000,049,152 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\taskhost.exe
PRC - [2009/07/13 21:14:15 | 000,271,360 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\conhost.exe


========== Modules (SafeList) ==========

MOD - [2010/06/01 19:04:41 | 000,571,392 | ---- | M] (OldTimer Tools) -- C:\Users\Metroidn1f\Desktop\OTL.exe
MOD - [2010/05/20 20:56:16 | 000,012,464 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Windows\System32\avgrsstx.dll
MOD - [2009/07/13 21:16:15 | 000,099,840 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\sspicli.dll
MOD - [2009/07/13 21:16:13 | 000,092,160 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\sechost.dll
MOD - [2009/07/13 21:16:13 | 000,050,688 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\samcli.dll
MOD - [2009/07/13 21:16:12 | 000,031,744 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\profapi.dll
MOD - [2009/07/13 21:16:03 | 000,022,016 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\netutils.dll
MOD - [2009/07/13 21:15:35 | 000,288,256 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\KernelBase.dll
MOD - [2009/07/13 21:15:13 | 000,067,072 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\dwmapi.dll
MOD - [2009/07/13 21:15:11 | 000,064,512 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\devobj.dll
MOD - [2009/07/13 21:15:07 | 000,036,864 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\cryptbase.dll
MOD - [2009/07/13 21:15:02 | 000,145,920 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\cfgmgr32.dll
MOD - [2009/07/13 21:14:10 | 000,095,232 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\msscript.ocx
MOD - [2009/07/13 21:03:50 | 001,680,896 | ---- | M] (Microsoft Corporation) -- C:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7600.16385_none_421189da2b7fabfc\comctl32.dll


========== Win32 Services (SafeList) ==========

SRV - [2010/06/01 09:12:28 | 002,331,544 | ---- | M] (AVG Technologies CZ, s.r.o.) [Auto | Running] -- C:\Program Files\AVG\AVG9\avgfws9.exe -- (avgfws9)
SRV - [2010/05/21 08:28:27 | 001,343,400 | ---- | M] (Microsoft Corporation) [Unknown | Stopped] -- C:\Windows\System32\Wat\WatAdminSvc.exe -- (WatAdminSvc)
SRV - [2010/05/20 20:56:01 | 000,916,760 | ---- | M] (AVG Technologies CZ, s.r.o.) [Auto | Running] -- C:\Program Files\AVG\AVG9\avgemc.exe -- (avg9emc)
SRV - [2010/05/20 20:56:00 | 000,308,064 | ---- | M] (AVG Technologies CZ, s.r.o.) [Auto | Running] -- C:\Program Files\AVG\AVG9\avgwdsvc.exe -- (avg9wd)
SRV - [2010/05/20 20:55:55 | 005,888,008 | ---- | M] (AVG Technologies CZ, s.r.o.) [Auto | Running] -- C:\Program Files\AVG\AVG9\Identity Protection\Agent\Bin\AVGIDSAgent.exe -- (AVGIDSAgent)
SRV - [2010/04/19 10:25:46 | 000,430,152 | ---- | M] () [On_Demand | Stopped] -- C:\Program Files\AVG\AVG9\Toolbar\ToolbarBroker.exe -- (AVG Security Toolbar Service)
SRV - [2010/02/19 13:37:14 | 000,517,096 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Program Files\Common Files\Adobe\SwitchBoard\SwitchBoard.exe -- (SwitchBoard)
SRV - [2010/01/21 17:51:12 | 030,963,576 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Microsoft Office\Office14\GROOVE.EXE -- (Microsoft SharePoint Workspace Audit Service)
SRV - [2010/01/09 20:37:50 | 004,640,000 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE -- (osppsvc)
SRV - [2009/07/13 21:16:21 | 000,185,856 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\wwansvc.dll -- (WwanSvc)
SRV - [2009/07/13 21:16:17 | 000,151,552 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\wbiosrvc.dll -- (WbioSrvc)
SRV - [2009/07/13 21:16:17 | 000,119,808 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\System32\umpo.dll -- (Power)
SRV - [2009/07/13 21:16:16 | 000,037,376 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\System32\themeservice.dll -- (Themes)
SRV - [2009/07/13 21:16:15 | 000,053,760 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\sppuinotify.dll -- (sppuinotify)
SRV - [2009/07/13 21:16:13 | 000,043,520 | ---- | M] (Microsoft Corporation) [Unknown | Running] -- C:\Windows\System32\RpcEpMap.dll -- (RpcEptMapper)
SRV - [2009/07/13 21:16:13 | 000,025,088 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\sensrsvc.dll -- (SensrSvc)
SRV - [2009/07/13 21:16:12 | 001,004,544 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\PeerDistSvc.dll -- (PeerDistSvc)
SRV - [2009/07/13 21:16:12 | 000,269,824 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\pnrpsvc.dll -- (PNRPsvc)
SRV - [2009/07/13 21:16:12 | 000,269,824 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\pnrpsvc.dll -- (p2pimsvc)
SRV - [2009/07/13 21:16:12 | 000,165,376 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Windows\System32\provsvc.dll -- (HomeGroupProvider)
SRV - [2009/07/13 21:16:12 | 000,020,480 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\pnrpauto.dll -- (PNRPAutoReg)
SRV - [2009/07/13 21:15:41 | 000,680,960 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
SRV - [2009/07/13 21:15:36 | 000,194,560 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\ListSvc.dll -- (HomeGroupListener)
SRV - [2009/07/13 21:15:21 | 000,797,696 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\FntCache.dll -- (FontCache)
SRV - [2009/07/13 21:15:11 | 000,253,440 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\System32\dhcpcore.dll -- (Dhcp)
SRV - [2009/07/13 21:15:10 | 000,218,624 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\defragsvc.dll -- (defragsvc)
SRV - [2009/07/13 21:14:59 | 000,076,800 | ---- | M] (Microsoft Corporation) [Unknown | Stopped] -- C:\Windows\System32\bdesvc.dll -- (BDESVC)
SRV - [2009/07/13 21:14:58 | 000,088,064 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\AxInstSv.dll -- (AxInstSV) ActiveX Installer (AxInstSV)
SRV - [2009/07/13 21:14:53 | 000,027,648 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\appidsvc.dll -- (AppIDSvc)
SRV - [2009/07/13 21:14:29 | 003,179,520 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\System32\sppsvc.exe -- (sppsvc)


========== Driver Services (SafeList) ==========

DRV - [2010/06/01 09:12:32 | 000,242,896 | ---- | M] (AVG Technologies CZ, s.r.o.) [Kernel | System | Running] -- C:\Windows\System32\drivers\avgtdix.sys -- (AvgTdiX)
DRV - [2010/06/01 09:12:32 | 000,029,584 | ---- | M] (AVG Technologies CZ, s.r.o.) [File_System | System | Running] -- C:\Windows\System32\drivers\avgmfx86.sys -- (AvgMfx86)
DRV - [2010/05/20 20:56:15 | 000,025,096 | ---- | M] (AVG Technologies CZ, s.r.o. ) [Kernel | Boot | Running] -- C:\Windows\System32\Drivers\AVGIDSwx.sys -- (AVGIDSErHrw7x)
DRV - [2010/05/20 20:56:14 | 000,052,872 | ---- | M] (AVG Technologies CZ, s.r.o.) [File_System | Boot | Running] -- C:\Windows\System32\Drivers\avgrkx86.sys -- (AvgRkx86)
DRV - [2010/05/20 20:56:08 | 000,216,200 | ---- | M] (AVG Technologies CZ, s.r.o.) [Kernel | System | Running] -- C:\Windows\System32\drivers\avgldx86.sys -- (AvgLdx86)
DRV - [2010/05/20 20:55:59 | 000,122,376 | ---- | M] (AVG Technologies CZ, s.r.o. ) [Kernel | On_Demand | Running] -- C:\Program Files\AVG\AVG9\Identity Protection\Agent\Driver\Platform_WIN7\AVGIDSDriver.sys -- (AVGIDSDriverw7x)
DRV - [2010/05/20 20:55:57 | 000,030,216 | ---- | M] (AVG Technologies CZ, s.r.o. ) [Kernel | On_Demand | Running] -- C:\Program Files\AVG\AVG9\Identity Protection\Agent\Driver\Platform_WIN7\AVGIDSFilter.sys -- (AVGIDSFilterw7x)
DRV - [2010/05/20 20:55:56 | 000,020,488 | ---- | M] (AVG Technologies CZ, s.r.o. ) [Kernel | On_Demand | Running] -- C:\Program Files\AVG\AVG9\Identity Protection\Agent\Driver\Platform_WIN7\AVGIDSShim.sys -- (AVGIDSShimw7x)
DRV - [2010/05/20 20:55:47 | 000,024,856 | ---- | M] (AVG Technologies CZ, s.r.o.) [Kernel | System | Running] -- C:\Windows\System32\drivers\avgfwd6x.sys -- (Avgfwfd)
DRV - [2010/04/03 22:55:32 | 011,573,800 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\nvlddmkm.sys -- (nvlddmkm)
DRV - [2009/12/17 18:25:12 | 000,026,024 | ---- | M] (Elaborate Bytes AG) [Kernel | System | Running] -- C:\Windows\System32\drivers\ElbyCDIO.sys -- (ElbyCDIO)
DRV - [2009/12/11 03:44:02 | 000,133,720 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\System32\Drivers\ksecpkg.sys -- (KSecPkg)
DRV - [2009/09/28 09:22:00 | 000,315,392 | ---- | M] () [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\yk62x86.sys -- (yukonw7)
DRV - [2009/08/09 17:25:56 | 000,029,696 | ---- | M] (Elaborate Bytes AG) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\VClone.sys -- (VClone)
DRV - [2009/07/13 21:26:21 | 000,015,952 | ---- | M] (CMD Technology, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\cmdide.sys -- (cmdide)
DRV - [2009/07/13 21:26:17 | 000,297,552 | ---- | M] (Adaptec, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\adpahci.sys -- (adpahci)
DRV - [2009/07/13 21:26:15 | 000,422,976 | ---- | M] (Adaptec, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\adp94xx.sys -- (adp94xx)
DRV - [2009/07/13 21:26:15 | 000,159,312 | ---- | M] (AMD Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\amdsbs.sys -- (amdsbs)
DRV - [2009/07/13 21:26:15 | 000,146,512 | ---- | M] (Adaptec, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\adpu320.sys -- (adpu320)
DRV - [2009/07/13 21:26:15 | 000,086,608 | ---- | M] (Adaptec, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\arcsas.sys -- (arcsas)
DRV - [2009/07/13 21:26:15 | 000,079,952 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\amdsata.sys -- (amdsata)
DRV - [2009/07/13 21:26:15 | 000,076,368 | ---- | M] (Adaptec, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\arc.sys -- (arc)
DRV - [2009/07/13 21:26:15 | 000,023,616 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\system32\DRIVERS\amdxata.sys -- (amdxata)
DRV - [2009/07/13 21:26:15 | 000,014,400 | ---- | M] (Acer Laboratories Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\aliide.sys -- (aliide)
DRV - [2009/07/13 21:20:44 | 000,142,416 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\nvstor.sys -- (nvstor)
DRV - [2009/07/13 21:20:44 | 000,117,312 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\nvraid.sys -- (nvraid)
DRV - [2009/07/13 21:20:44 | 000,044,624 | ---- | M] (IBM Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\nfrd960.sys -- (nfrd960)
DRV - [2009/07/13 21:20:37 | 000,089,168 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\lsi_sas.sys -- (LSI_SAS)
DRV - [2009/07/13 21:20:36 | 000,332,352 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\iaStorV.sys -- (iaStorV)
DRV - [2009/07/13 21:20:36 | 000,235,584 | ---- | M] (LSI Corporation, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\MegaSR.sys -- (MegaSR)
DRV - [2009/07/13 21:20:36 | 000,096,848 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\lsi_scsi.sys -- (LSI_SCSI)
DRV - [2009/07/13 21:20:36 | 000,095,824 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\lsi_fc.sys -- (LSI_FC)
DRV - [2009/07/13 21:20:36 | 000,054,864 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\lsi_sas2.sys -- (LSI_SAS2)
DRV - [2009/07/13 21:20:36 | 000,041,040 | ---- | M] (Intel Corp./ICP vortex GmbH) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\iirsp.sys -- (iirsp)
DRV - [2009/07/13 21:20:36 | 000,030,800 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\megasas.sys -- (megasas)
DRV - [2009/07/13 21:20:36 | 000,013,904 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\System32\drivers\hwpolicy.sys -- (hwpolicy)
DRV - [2009/07/13 21:20:28 | 000,453,712 | ---- | M] (Emulex) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\elxstor.sys -- (elxstor)
DRV - [2009/07/13 21:20:28 | 000,070,720 | ---- | M] (Adaptec, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\djsvs.sys -- (aic78xx)
DRV - [2009/07/13 21:20:28 | 000,067,152 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\HpSAMD.sys -- (HpSAMD)
DRV - [2009/07/13 21:20:28 | 000,046,160 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\System32\drivers\fsdepends.sys -- (FsDepends)
DRV - [2009/07/13 21:19:11 | 000,141,904 | ---- | M] (VIA Technologies Inc.,Ltd) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\vsmraid.sys -- (vsmraid)
DRV - [2009/07/13 21:19:10 | 000,175,824 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\vmbus.sys -- (vmbus)
DRV - [2009/07/13 21:19:10 | 000,159,824 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\vhdmp.sys -- (vhdmp)
DRV - [2009/07/13 21:19:10 | 000,040,896 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\system32\DRIVERS\vmstorfl.sys -- (storflt)
DRV - [2009/07/13 21:19:10 | 000,032,832 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\system32\DRIVERS\vdrvroot.sys -- (vdrvroot)
DRV - [2009/07/13 21:19:10 | 000,028,224 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\storvsc.sys -- (storvsc)
DRV - [2009/07/13 21:19:10 | 000,019,008 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\System32\drivers\wimmount.sys -- (WIMMount)
DRV - [2009/07/13 21:19:10 | 000,016,976 | ---- | M] (VIA Technologies, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\viaide.sys -- (viaide)
DRV - [2009/07/13 21:19:04 | 001,383,488 | ---- | M] (QLogic Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\ql2300.sys -- (ql2300)
DRV - [2009/07/13 21:19:04 | 000,173,648 | ---- | M] () [Kernel | Boot | Running] -- C:\Windows\System32\drivers\rdyboost.sys -- (rdyboost)
DRV - [2009/07/13 21:19:04 | 000,106,064 | ---- | M] (QLogic Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\ql40xx.sys -- (ql40xx)
DRV - [2009/07/13 21:19:04 | 000,077,888 | ---- | M] (Silicon Integrated Systems) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\sisraid4.sys -- (SiSRaid4)
DRV - [2009/07/13 21:19:04 | 000,043,088 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\System32\drivers\pcw.sys -- (pcw)
DRV - [2009/07/13 21:19:04 | 000,040,016 | ---- | M] (Silicon Integrated Systems Corp.) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\SiSRaid2.sys -- (SiSRaid2)
DRV - [2009/07/13 21:19:04 | 000,021,072 | ---- | M] (Promise Technology) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\stexstor.sys -- (stexstor)
DRV - [2009/07/13 21:17:54 | 000,369,568 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\System32\Drivers\cng.sys -- (CNG)
DRV - [2009/07/13 20:57:25 | 000,272,128 | ---- | M] (Brother Industries Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\Drivers\Brserid.sys -- (Brserid) Brother MFC Serial Port Interface Driver (WDM)
DRV - [2009/07/13 20:02:41 | 000,018,944 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\rdpbus.sys -- (rdpbus)
DRV - [2009/07/13 20:01:41 | 000,007,168 | ---- | M] (Microsoft Corporation) [Kernel | System | Running] -- C:\Windows\System32\drivers\RDPREFMP.sys -- (RDPREFMP)
DRV - [2009/07/13 19:55:00 | 000,049,152 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\agilevpn.sys -- (RasAgileVpn) WAN Miniport (IKEv2)
DRV - [2009/07/13 19:53:51 | 000,009,728 | ---- | M] (Microsoft Corporation) [Kernel | System | Running] -- C:\Windows\System32\drivers\wfplwf.sys -- (WfpLwf)
DRV - [2009/07/13 19:52:44 | 000,027,136 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\ndiscap.sys -- (NdisCap)
DRV - [2009/07/13 19:52:02 | 000,019,968 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\vwifibus.sys -- (vwifibus)
DRV - [2009/07/13 19:52:00 | 000,163,328 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\1394ohci.sys -- (1394ohci)
DRV - [2009/07/13 19:51:35 | 000,008,192 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\umpass.sys -- (UmPass)
DRV - [2009/07/13 19:51:08 | 000,004,096 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\mshidkmdf.sys -- (mshidkmdf)
DRV - [2009/07/13 19:46:55 | 000,012,288 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\MTConfig.sys -- (MTConfig)
DRV - [2009/07/13 19:45:26 | 000,031,232 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\CompositeBus.sys -- (CompositeBus)
DRV - [2009/07/13 19:36:52 | 000,050,176 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\drivers\appid.sys -- (AppID)
DRV - [2009/07/13 19:33:50 | 000,026,624 | ---- | M] (Microsoft Corporation) [Kernel | Unknown | Stopped] -- C:\Windows\System32\drivers\scfilter.sys -- (scfilter)
DRV - [2009/07/13 19:28:47 | 000,005,632 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\vms3cap.sys -- (s3cap)
DRV - [2009/07/13 19:28:45 | 000,017,920 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\VMBusHID.sys -- (VMBusHID)
DRV - [2009/07/13 19:24:05 | 000,032,256 | ---- | M] (Microsoft Corporation) [Kernel | System | Running] -- C:\Windows\System32\drivers\discache.sys -- (discache)
DRV - [2009/07/13 19:19:21 | 000,021,504 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\HidBatt.sys -- (HidBatt)
DRV - [2009/07/13 19:16:36 | 000,009,728 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\acpipmi.sys -- (AcpiPmi)
DRV - [2009/07/13 19:11:04 | 000,052,736 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\amdppm.sys -- (AmdPPM)
DRV - [2009/07/13 18:54:14 | 000,026,624 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\drivers\hcw85cir.sys -- (hcw85cir)
DRV - [2009/07/13 18:53:33 | 000,012,160 | ---- | M] (Brother Industries Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\Drivers\BrUsbMdm.sys -- (BrUsbMdm)
DRV - [2009/07/13 18:53:33 | 000,011,904 | ---- | M] (Brother Industries Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\Drivers\BrUsbSer.sys -- (BrUsbSer)
DRV - [2009/07/13 18:53:32 | 000,062,336 | ---- | M] (Brother Industries Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\Drivers\BrSerWdm.sys -- (BrSerWdm)
DRV - [2009/07/13 18:53:28 | 000,013,568 | ---- | M] (Brother Industries, Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\BrFiltLo.sys -- (BrFiltLo)
DRV - [2009/07/13 18:53:28 | 000,005,248 | ---- | M] (Brother Industries, Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\BrFiltUp.sys -- (BrFiltUp)
DRV - [2009/07/13 18:02:49 | 000,229,888 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\b57nd60x.sys -- (b57nd60x)
DRV - [2009/07/13 18:02:48 | 003,100,160 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\evbdx.sys -- (ebdrv)
DRV - [2009/07/13 18:02:48 | 000,430,080 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\bxvbdx.sys -- (b06bdrv)
DRV - [2007/09/25 10:59:46 | 000,015,152 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\Program Files\MediaCoder\SysInfo.sys -- (CrystalSysInfo)
DRV - [2007/04/09 09:50:34 | 000,009,600 | ---- | M] (Waytech Development, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\UsbFltr.sys -- (UsbFltr)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========



IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0



IE - HKU\S-1-5-21-4080727517-2682401025-2720948171-1001\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = http://ca.msn.com/?lang=en-ca&OCID=iehp
IE - HKU\S-1-5-21-4080727517-2682401025-2720948171-1001\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = en-ca
IE - HKU\S-1-5-21-4080727517-2682401025-2720948171-1001\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 91 D9 B8 90 78 F8 CA 01 [binary data]
IE - HKU\S-1-5-21-4080727517-2682401025-2720948171-1001\..\URLSearchHook: {A3BC75A2-1F87-4686-AA43-5347D756017C} - C:\Program Files\AVG\AVG9\Toolbar\IEToolbar.dll ()
IE - HKU\S-1-5-21-4080727517-2682401025-2720948171-1001\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

========== FireFox ==========

FF - prefs.js..browser.startup.homepage: "http://www.youtube.com"
FF - prefs.js..extensions.enabledItems: {B042753D-F57E-4e8e-A01B-7379A6D4CEFB}:1.21
FF - prefs.js..extensions.enabledItems: {3f963a5b-e555-4543-90e2-c3908898db71}:9.0.0.825
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}:6.0.20
FF - prefs.js..extensions.enabledItems: {01A8CA0A-4C96-465b-A49B-65C46FAD54F9}:6.0
FF - prefs.js..extensions.enabledItems: {b9db16a4-6edc-47ec-a1f4-b86292ed211d}:4.7.3
FF - prefs.js..extensions.enabledItems: {d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}:1.2


FF - HKLM\software\mozilla\Firefox\Extensions\\{3f963a5b-e555-4543-90e2-c3908898db71}: C:\Program Files\AVG\AVG9\Firefox [2010/06/02 15:02:58 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Firefox\Extensions\\avg@igeared: C:\Program Files\AVG\AVG9\Toolbar\Firefox\avg@igeared [2010/05/20 20:56:06 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Firefox\Extensions\\{01A8CA0A-4C96-465b-A49B-65C46FAD54F9}: C:\Program Files\Adobe\Adobe Contribute CS5\Plugins\FirefoxPlugin\{01A8CA0A-4C96-465b-A49B-65C46FAD54F9} [2010/05/20 22:29:56 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.6.3\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2010/05/23 11:53:09 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.6.3\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2010/05/27 21:15:19 | 000,000,000 | ---D | M]

[2010/06/03 20:16:01 | 000,000,000 | ---D | M] -- C:\Users\Metroidn1f\AppData\Roaming\Mozilla\Extensions
[2010/06/03 20:16:01 | 000,000,000 | ---D | M] -- C:\Users\Metroidn1f\AppData\Roaming\Mozilla\Extensions\MediaCoder
[2010/06/05 10:53:21 | 000,000,000 | ---D | M] -- C:\Users\Metroidn1f\AppData\Roaming\Mozilla\Firefox\Profiles\byrk88sh.default\extensions
[2010/06/02 15:04:13 | 000,000,000 | ---D | M] (BitComet Video Downloader) -- C:\Users\Metroidn1f\AppData\Roaming\Mozilla\Firefox\Profiles\byrk88sh.default\extensions\{B042753D-F57E-4e8e-A01B-7379A6D4CEFB}
[2010/06/02 15:04:13 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Metroidn1f\AppData\Roaming\Mozilla\Firefox\Profiles\byrk88sh.default\extensions\{B042753D-F57E-4e8e-A01B-7379A6D4CEFB}-trash
[2010/05/21 15:42:53 | 000,000,000 | ---D | M] (DownloadHelper) -- C:\Users\Metroidn1f\AppData\Roaming\Mozilla\Firefox\Profiles\byrk88sh.default\extensions\{b9db16a4-6edc-47ec-a1f4-b86292ed211d}
[2010/05/21 16:50:15 | 000,000,000 | ---D | M] (Adblock Plus) -- C:\Users\Metroidn1f\AppData\Roaming\Mozilla\Firefox\Profiles\byrk88sh.default\extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}
[2010/06/05 10:53:21 | 000,000,000 | ---D | M] -- C:\Program Files\Mozilla Firefox\extensions
[2010/05/20 21:50:28 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}
[2010/02/21 06:22:32 | 000,712,704 | ---- | M] (BitComet) -- C:\Program Files\Mozilla Firefox\plugins\npBitCometAgent.dll
[2010/03/27 18:06:04 | 000,067,032 | ---- | M] (Adobe Systems, Inc.) -- C:\Program Files\Mozilla Firefox\plugins\npContribute.dll
[2010/05/20 21:50:17 | 000,411,368 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\Mozilla Firefox\plugins\npdeployJava1.dll
[2010/01/12 16:03:50 | 000,063,488 | ---- | M] (Nullsoft, Inc.) -- C:\Program Files\Mozilla Firefox\plugins\npwachk.dll

O1 HOSTS File: ([2010/05/20 22:31:04 | 000,001,412 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts
O1 - Hosts: 0.0.0.0 localhost
O1 - Hosts: 127.0.0.1 activate.adobe.com
O1 - Hosts: 127.0.0.1 practivate.adobe.com
O1 - Hosts: 127.0.0.1 ereg.adobe.com
O1 - Hosts: 127.0.0.1 activate.wip3.adobe.com
O1 - Hosts: 127.0.0.1 wip3.adobe.com
O1 - Hosts: 127.0.0.1 3dns-3.adobe.com
O1 - Hosts: 127.0.0.1 3dns-2.adobe.com
O1 - Hosts: 127.0.0.1 adobe-dns.adobe.com
O1 - Hosts: 127.0.0.1 adobe-dns-2.adobe.com
O1 - Hosts: 127.0.0.1 adobe-dns-3.adobe.com
O1 - Hosts: 127.0.0.1 ereg.wip3.adobe.com
O1 - Hosts: 127.0.0.1 activate-sea.adobe.com
O1 - Hosts: 127.0.0.1 wwis-dubc1-vip60.adobe.com
O1 - Hosts: 127.0.0.1 activate-sjc0.adobe.com
O2 - BHO: (ContributeBHO Class) - {074C1DC5-9320-4A9A-947D-C042949C6216} - C:\Program Files\Adobe\Adobe Contribute CS5\Plugins\IEPlugin\contributeieplugin.dll (Adobe Systems, Inc.)
O2 - BHO: (BitComet Helper) - {39F7E362-828A-4B5A-BCAF-5B79BFDFEA60} - C:\Program Files\BitComet\tools\BitCometBHO_1.4.4.13.dll (BitComet)
O2 - BHO: (AVG Safe Search) - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG9\avgssie.dll (AVG Technologies CZ, s.r.o.)
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - No CLSID value found.
O2 - BHO: (Groove GFS Browser Helper) - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files\Microsoft Office\Office14\GROOVEEX.DLL (Microsoft Corporation)
O2 - BHO: (AVG Security Toolbar BHO) - {A3BC75A2-1F87-4686-AA43-5347D756017C} - C:\Program Files\AVG\AVG9\Toolbar\IEToolbar.dll ()
O2 - BHO: (Office Document Cache Handler) - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation)
O3 - HKLM\..\Toolbar: (Contribute Toolbar) - {517BDDE4-E3A7-4570-B21E-2B52B6139FC7} - C:\Program Files\Adobe\Adobe Contribute CS5\Plugins\IEPlugin\contributeieplugin.dll (Adobe Systems, Inc.)
O3 - HKLM\..\Toolbar: (AVG Security Toolbar) - {CCC7A320-B3CA-4199-B1A6-9F516DD69829} - C:\Program Files\AVG\AVG9\Toolbar\IEToolbar.dll ()
O3 - HKU\S-1-5-21-4080727517-2682401025-2720948171-1001\..\Toolbar\WebBrowser: (AVG Security Toolbar) - {CCC7A320-B3CA-4199-B1A6-9F516DD69829} - C:\Program Files\AVG\AVG9\Toolbar\IEToolbar.dll ()
O4 - HKLM..\Run: [AVG9_TRAY] C:\Program Files\AVG\AVG9\avgtray.exe (AVG Technologies CZ, s.r.o.)
O4 - HKU\S-1-5-21-4080727517-2682401025-2720948171-1001..\Run: [Aim] C:\Program Files\AIM\aim.exe (AOL Inc.)
O4 - HKU\S-1-5-19..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (Microsoft Corporation)
O4 - HKU\S-1-5-20..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (Microsoft Corporation)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLUA = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: PromptOnSecureDesktop = 0
O7 - HKU\S-1-5-21-4080727517-2682401025-2720948171-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O8 - Extra context menu item: &D&ownload &with BitComet - C:\Program Files\BitComet\BitComet.exe (www.BitComet.com)
O8 - Extra context menu item: &D&ownload all video with BitComet - C:\Program Files\BitComet\BitComet.exe (www.BitComet.com)
O8 - Extra context menu item: &D&ownload all with BitComet - C:\Program Files\BitComet\BitComet.exe (www.BitComet.com)
O8 - Extra context menu item: E&xport to Microsoft Excel - C:\Program Files\Microsoft Office\Office14\EXCEL.EXE (Microsoft Corporation)
O8 - Extra context menu item: Se&nd to OneNote - C:\Program Files\Microsoft Office\Office14\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra Button: BitComet - {D18A0B52-D63C-4ed0-AFC6-C1E3DC1AF43A} - C:\Program Files\BitComet\tools\BitCometBHO_1.4.4.13.dll (BitComet)
O13 - gopher Prefix: missing
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Java Plug-in 1.6.0_20)
O16 - DPF: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Java Plug-in 1.6.0_20)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Java Plug-in 1.6.0_20)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.2.1
O18 - Protocol\Handler\AutorunsDisabled - No CLSID value found
O18 - Protocol\Handler\AutorunsDisabled\avgsecuritytoolbar {F2DDE6B2-9684-4A55-86D4-E255E237B77C} - C:\Program Files\AVG\AVG9\Toolbar\IEToolbar.dll ()
O18 - Protocol\Handler\linkscanner {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG9\avgpp.dll (AVG Technologies CZ, s.r.o.)
O18 - Protocol\Handler\livecall {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files\Windows Live\Messenger\msgrapp.14.0.8117.0416.dll (Microsoft Corporation)
O18 - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - C:\Program Files\Common Files\microsoft shared\Help\hxds.dll (Microsoft Corporation)
O18 - Protocol\Handler\msnim {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files\Windows Live\Messenger\msgrapp.14.0.8117.0416.dll (Microsoft Corporation)
O18 - Protocol\Filter\text/xml {807573E5-5146-11D5-A672-00B0D022E945} - C:\Program Files\Common Files\microsoft shared\OFFICE14\MSOXMLMF.DLL (Microsoft Corporation)
O20 - AppInit_DLLs: (avgrsstx.dll) - C:\Windows\System32\avgrsstx.dll (AVG Technologies CZ, s.r.o.)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\System32\SystemPropertiesPerformance.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (/pagefile) - File not found
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - CLSID or File not found.
O28 - HKLM ShellExecuteHooks: {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\Program Files\Microsoft Office\Office14\GROOVEEX.DLL (Microsoft Corporation)
O30 - LSA: Security Packages - (pku2u) - C:\Windows\System32\pku2u.dll (Microsoft Corporation)
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2009/06/10 17:42:20 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

========== Files/Folders - Created Within 90 Days ==========

[2010/06/05 17:14:52 | 000,000,000 | ---D | C] -- C:\Users\Metroidn1f\AppData\Roaming\ImgBurn
[2010/06/05 17:08:31 | 000,000,000 | ---D | C] -- C:\Program Files\ImgBurn
[2010/06/05 17:07:54 | 004,614,113 | ---- | C] (LIGHTNING UK!) -- C:\Users\Metroidn1f\Desktop\SetupImgBurn_2.5.1.0.exe
[2010/06/04 15:05:57 | 000,000,000 | ---D | C] -- C:\Users\Metroidn1f\Desktop\Metroidn1f
[2010/06/03 22:18:33 | 000,000,000 | ---D | C] -- C:\Program Files\CCleaner
[2010/06/03 21:56:07 | 000,000,000 | ---D | C] -- C:\Users\Metroidn1f\fontconfig
[2010/06/03 21:46:01 | 000,000,000 | ---D | C] -- C:\Users\Metroidn1f\.smplayer
[2010/06/03 21:04:46 | 000,000,000 | ---D | C] -- C:\ProgramData\StaxRip
[2010/06/03 20:15:59 | 000,000,000 | ---D | C] -- C:\Users\Metroidn1f\AppData\Roaming\Broad Intelligence
[2010/06/03 20:15:59 | 000,000,000 | ---D | C] -- C:\Users\Metroidn1f\AppData\Local\Broad Intelligence
[2010/06/03 20:13:02 | 000,000,000 | ---D | C] -- C:\Program Files\MediaCoder
[2010/06/03 17:48:53 | 000,000,000 | ---D | C] -- C:\Users\Metroidn1f\AppData\Local\HandBrake
[2010/06/03 17:48:44 | 000,000,000 | ---D | C] -- C:\Users\Metroidn1f\AppData\Roaming\HandBrake
[2010/06/03 17:48:40 | 000,000,000 | ---D | C] -- C:\Program Files\Handbrake
[2010/06/03 17:16:20 | 000,000,000 | ---D | C] -- C:\Users\Metroidn1f\AppData\Roaming\avidemux
[2010/06/03 15:36:55 | 000,000,000 | ---D | C] -- C:\Users\Metroidn1f\Desktop\hiscorepersonal.ws_files
[2010/06/03 15:12:17 | 000,000,000 | ---D | C] -- C:\.jagex_cache_32
[2010/06/02 19:07:48 | 000,000,000 | ---D | C] -- C:\Users\Metroidn1f\Documents\bleeped Batch Files
[2010/06/01 19:04:13 | 000,571,392 | ---- | C] (OldTimer Tools) -- C:\Users\Metroidn1f\Desktop\OTL.exe
[2010/06/01 17:47:30 | 000,000,000 | ---D | C] -- C:\Users\Metroidn1f\AppData\Roaming\Malwarebytes
[2010/06/01 17:47:18 | 000,038,224 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbamswissarmy.sys
[2010/06/01 17:47:18 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes
[2010/06/01 17:47:17 | 000,020,952 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbam.sys
[2010/06/01 17:47:17 | 000,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware
[2010/06/01 16:24:19 | 000,000,000 | ---D | C] -- C:\Program Files\Trend Micro
[2010/05/31 20:34:43 | 000,000,000 | ---D | C] -- C:\Temp
[2010/05/31 20:34:13 | 000,000,000 | ---D | C] -- C:\Program Files\Haali
[2010/05/31 20:30:20 | 000,929,792 | ---- | C] (ArcSoft) -- C:\Windows\System32\dtsdecoderdll.dll
[2010/05/31 20:30:20 | 000,536,652 | ---- | C] (ArcSoft Inc.) -- C:\Windows\System32\ASAudioHD.ax
[2010/05/31 20:30:20 | 000,285,184 | ---- | C] (ArcSoft Inc.) -- C:\Windows\System32\MagUIEngine.dll
[2010/05/31 20:30:20 | 000,106,496 | ---- | C] (ArcSoft Inc.) -- C:\Windows\System32\checkactivate.dll
[2010/05/31 20:30:20 | 000,092,672 | ---- | C] (ArcSoft Inc.) -- C:\Windows\System32\MagUIInter.dll
[2010/05/31 20:30:20 | 000,055,808 | ---- | C] (ArcSoft Inc.) -- C:\Windows\System32\MagPCMac.dll
[2010/05/31 20:30:20 | 000,035,328 | ---- | C] (ArcSoft Inc.) -- C:\Windows\System32\MagCore.dll
[2010/05/31 20:30:19 | 000,417,792 | ---- | C] (Gabest) -- C:\Windows\System32\FLVSplitter.ax
[2010/05/31 19:37:30 | 000,000,000 | ---D | C] -- C:\Users\Metroidn1f\AppData\Local\TechSmith
[2010/05/31 19:37:24 | 000,000,000 | ---D | C] -- C:\Users\Metroidn1f\Documents\Camtasia Studio
[2010/05/27 21:15:29 | 000,000,000 | ---D | C] -- C:\Users\Metroidn1f\AppData\Roaming\acccore
[2010/05/27 21:15:27 | 000,000,000 | ---D | C] -- C:\Users\Metroidn1f\AppData\Local\AOL
[2010/05/27 21:15:27 | 000,000,000 | ---D | C] -- C:\Users\Metroidn1f\AppData\Local\AIM
[2010/05/27 21:15:23 | 000,000,000 | ---D | C] -- C:\ProgramData\AIM
[2010/05/27 21:15:19 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Software Update Utility
[2010/05/27 21:15:19 | 000,000,000 | ---D | C] -- C:\Program Files\AIM
[2010/05/27 21:15:17 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\AOL
[2010/05/27 13:26:46 | 000,000,000 | ---D | C] -- C:\Users\Metroidn1f\AppData\Local\www.doom9.net
[2010/05/27 13:26:32 | 000,000,000 | ---D | C] -- C:\Program Files\AviSynth 2.5
[2010/05/27 13:24:53 | 000,000,000 | ---D | C] -- C:\Program Files\MeGUI
[2010/05/27 13:03:02 | 000,000,000 | ---D | C] -- C:\Users\Metroidn1f\AppData\Roaming\mkvtoolnix
[2010/05/27 12:45:27 | 000,000,000 | ---D | C] -- C:\Users\Metroidn1f\Documents\Apps
[2010/05/26 21:50:02 | 000,000,000 | ---D | C] -- C:\Windows\System32\QuickTime
[2010/05/26 21:49:41 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\TechSmith Shared
[2010/05/26 21:49:40 | 000,000,000 | ---D | C] -- C:\ProgramData\TechSmith
[2010/05/26 21:49:40 | 000,000,000 | ---D | C] -- C:\Program Files\TechSmith
[2010/05/26 20:24:48 | 000,000,000 | ---D | C] -- C:\Users\Metroidn1f\Documents\My Received Files
[2010/05/26 15:50:50 | 000,060,273 | ---- | C] (Open Source Software community project) -- C:\Windows\System32\pthreadGC2.dll
[2010/05/26 15:49:37 | 000,000,000 | ---D | C] -- C:\Program Files\AVS4YOU
[2010/05/25 22:52:23 | 000,000,000 | ---D | C] -- C:\Program Files\Unlocker
[2010/05/25 22:26:54 | 000,000,000 | ---D | C] -- C:\Users\Metroidn1f\AppData\Roaming\AVS4YOU
[2010/05/25 22:24:37 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\AVSMedia
[2010/05/25 22:24:34 | 000,000,000 | ---D | C] -- C:\ProgramData\AVS4YOU
[2010/05/25 16:28:18 | 000,000,000 | ---D | C] -- C:\Users\Metroidn1f\Desktop\Project
[2010/05/25 00:30:41 | 000,000,000 | ---D | C] -- C:\Users\Metroidn1f\.idlerc
[2010/05/24 22:58:58 | 000,000,000 | ---D | C] -- C:\Python26
[2010/05/24 22:53:19 | 000,000,000 | -HSD | C] -- C:\Config.Msi
[2010/05/24 22:51:05 | 000,000,000 | ---D | C] -- C:\Program Files\Universal Extractor
[2010/05/24 20:31:23 | 000,000,000 | ---D | C] -- C:\Fraps
[2010/05/24 18:14:19 | 000,000,000 | ---D | C] -- C:\Users\Metroidn1f\Desktop\Runescape
[2010/05/24 17:40:48 | 000,000,000 | ---D | C] -- C:\Users\Metroidn1f\AppData\Roaming\Notepad++
[2010/05/24 17:40:48 | 000,000,000 | ---D | C] -- C:\Program Files\Notepad++
[2010/05/23 11:53:09 | 000,000,000 | ---D | C] -- C:\Program Files\Winamp Detect
[2010/05/23 11:52:59 | 000,000,000 | ---D | C] -- C:\Users\Metroidn1f\AppData\Roaming\Winamp
[2010/05/23 11:52:59 | 000,000,000 | ---D | C] -- C:\Program Files\Winamp
[2010/05/22 20:34:53 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\DESIGNER
[2010/05/22 20:33:58 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft Synchronization Services
[2010/05/22 20:33:18 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft.NET
[2010/05/22 20:33:18 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft Sync Framework
[2010/05/22 20:33:18 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft SQL Server Compact Edition
[2010/05/22 20:31:49 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft Visual Studio 8
[2010/05/22 20:31:01 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft Analysis Services
[2010/05/22 20:30:43 | 000,000,000 | ---D | C] -- C:\Users\Metroidn1f\AppData\Local\Microsoft Help
[2010/05/22 20:30:39 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft Office
[2010/05/22 20:30:38 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft Help
[2010/05/22 20:30:30 | 000,000,000 | RH-D | C] -- C:\MSOCache
[2010/05/22 18:12:15 | 000,000,000 | ---D | C] -- C:\ProgramData\boost_interprocess
[2010/05/22 17:51:11 | 000,000,000 | ---D | C] -- C:\Users\Metroidn1f\AppData\Roaming\TigerPlayer
[2010/05/22 17:50:40 | 000,000,000 | ---D | C] -- C:\ProgramData\Apple Computer
[2010/05/22 17:50:39 | 000,000,000 | ---D | C] -- C:\Program Files\MpcStar
[2010/05/22 17:15:04 | 000,000,000 | ---D | C] -- C:\Users\Metroidn1f\Tracing
[2010/05/22 17:14:35 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft
[2010/05/22 17:14:24 | 000,000,000 | ---D | C] -- C:\Users\Public\Documents\microsoft
[2010/05/22 17:14:18 | 000,000,000 | ---D | C] -- C:\Program Files\Windows Live SkyDrive
[2010/05/22 17:14:01 | 000,000,000 | ---D | C] -- C:\Program Files\Windows Live
[2010/05/22 17:13:42 | 000,000,000 | ---D | C] -- C:\Windows\PCHEALTH
[2010/05/22 17:12:15 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Windows Live
[2010/05/21 18:04:49 | 000,839,680 | ---- | C] (http://www.mp3dev.org/) -- C:\Windows\System32\lameACM.acm
[2010/05/21 18:04:49 | 000,630,784 | ---- | C] (On2.com) -- C:\Windows\System32\vp7vfw.dll
[2010/05/21 18:04:49 | 000,438,272 | ---- | C] (On2.com) -- C:\Windows\System32\vp6vfw.dll
[2010/05/21 18:04:49 | 000,413,760 | ---- | C] (Hacked with Joy !) -- C:\Windows\System32\DivXc32f.dll
[2010/05/21 18:04:49 | 000,413,760 | ---- | C] (Hacked with Joy !) -- C:\Windows\System32\DivXc32.dll
[2010/05/21 18:04:49 | 000,287,744 | ---- | C] (Kristal StudioDFileDescription) -- C:\Windows\System32\divxa32.acm
[2010/05/21 18:04:49 | 000,217,088 | ---- | C] (www.helixcommunity.org) -- C:\Windows\System32\yv12vfw.dll
[2010/05/21 18:04:49 | 000,151,552 | ---- | C] (fccHandler) -- C:\Windows\System32\ac3acm.acm
[2010/05/21 18:04:49 | 000,039,936 | ---- | C] (Disappearing Inc.) -- C:\Windows\System32\huffyuv.dll
[2010/05/21 18:04:48 | 000,090,112 | ---- | C] (DivX, Inc.) -- C:\Windows\System32\dpl100.dll
[2010/05/21 18:04:47 | 000,685,056 | ---- | C] (DivX, Inc.) -- C:\Windows\System32\divx.dll
[2010/05/21 18:04:45 | 000,000,000 | ---D | C] -- C:\Program Files\K-Lite Codec Pack
[2010/05/21 17:02:22 | 000,000,000 | ---D | C] -- C:\Program Files\Webteh
[2010/05/21 17:02:22 | 000,000,000 | ---D | C] -- C:\Users\Metroidn1f\AppData\Roaming\BSplayer PRO
[2010/05/21 16:27:05 | 000,000,000 | ---D | C] -- C:\ProgramData\NVIDIA
[2010/05/21 16:26:30 | 000,000,000 | ---D | C] -- C:\Program Files\NVIDIA Corporation
[2010/05/21 16:06:58 | 000,000,000 | ---D | C] -- C:\Windows\.jagex_cache_32
[2010/05/21 16:06:04 | 000,000,000 | ---D | C] -- C:\Users\Metroidn1f\Documents\RSBot
[2010/05/21 15:48:12 | 000,000,000 | ---D | C] -- C:\Users\Metroidn1f\AppData\Local\ElevatedDiagnostics
[2010/05/21 15:44:09 | 000,000,000 | ---D | C] -- C:\Users\Metroidn1f\dwhelper
[2010/05/21 14:57:45 | 000,000,000 | ---D | C] -- C:\Windows\System32\Wat
[2010/05/20 23:26:05 | 000,000,000 | ---D | C] -- C:\ProgramData\regid.1986-12.com.adobe
[2010/05/20 23:07:47 | 000,000,000 | ---D | C] -- C:\Windows\pss
[2010/05/20 23:05:25 | 000,000,000 | ---D | C] -- C:\Windows\Panther
[2010/05/20 23:05:10 | 000,000,000 | -HSD | C] -- C:\Boot
[2010/05/20 22:02:45 | 000,000,000 | ---D | C] -- C:\ProgramData\ALM
[2010/05/20 21:53:13 | 000,000,000 | ---D | C] -- C:\Users\Metroidn1f\Adobe Flash Builder 4
[2010/05/20 21:50:56 | 000,000,000 | ---D | C] -- C:\Windows\Sun
[2010/05/20 21:50:49 | 000,000,000 | ---D | C] -- C:\ProgramData\Sun
[2010/05/20 21:50:48 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Java
[2010/05/20 21:50:15 | 000,000,000 | ---D | C] -- C:\Program Files\Java
[2010/05/20 21:47:28 | 000,000,000 | ---D | C] -- C:\Users\Public\Documents\Adobe
[2010/05/20 21:43:24 | 000,000,000 | ---D | C] -- C:\Program Files\Adobe Media Player
[2010/05/20 21:42:55 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\PX Storage Engine
[2010/05/20 21:42:55 | 000,000,000 | ---D | C] -- C:\Program Files\My Company Name
[2010/05/20 21:40:31 | 000,000,000 | ---D | C] -- C:\Windows\System32\Macromed
[2010/05/20 21:40:23 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Adobe AIR
[2010/05/20 21:40:20 | 000,000,000 | ---D | C] -- C:\Program Files\Adobe
[2010/05/20 21:34:42 | 000,000,000 | ---D | C] -- C:\Users\Metroidn1f\AppData\Roaming\Macromedia
[2010/05/20 21:34:41 | 000,000,000 | ---D | C] -- C:\ProgramData\Adobe
[2010/05/20 21:34:32 | 000,000,000 | ---D | C] -- C:\Users\Metroidn1f\AppData\Roaming\Adobe
[2010/05/20 21:34:31 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Adobe
[2010/05/20 21:34:06 | 000,000,000 | ---D | C] -- C:\Users\Metroidn1f\AppData\Local\Adobe
[2010/05/20 21:18:21 | 000,000,000 | -H-D | C] -- C:\$AVG
[2010/05/20 21:17:11 | 000,000,000 | -H-D | C] -- C:\Windows\PIF
[2010/05/20 21:06:28 | 000,000,000 | ---D | C] -- C:\Program Files\Elaborate Bytes
[2010/05/20 21:02:34 | 000,000,000 | ---D | C] -- C:\Users\Metroidn1f\AppData\Local\AVG Security Toolbar
[2010/05/20 20:56:16 | 000,012,464 | ---- | C] (AVG Technologies CZ, s.r.o.) -- C:\Windows\System32\avgrsstx.dll
[2010/05/20 20:56:15 | 000,025,096 | ---- | C] (AVG Technologies CZ, s.r.o. ) -- C:\Windows\System32\drivers\AVGIDSwx.sys
[2010/05/20 20:56:14 | 000,242,896 | ---- | C] (AVG Technologies CZ, s.r.o.) -- C:\Windows\System32\drivers\avgtdix.sys
[2010/05/20 20:56:14 | 000,052,872 | ---- | C] (AVG Technologies CZ, s.r.o.) -- C:\Windows\System32\drivers\avgrkx86.sys
[2010/05/20 20:56:08 | 000,216,200 | ---- | C] (AVG Technologies CZ, s.r.o.) -- C:\Windows\System32\drivers\avgldx86.sys
[2010/05/20 20:56:08 | 000,029,584 | ---- | C] (AVG Technologies CZ, s.r.o.) -- C:\Windows\System32\drivers\avgmfx86.sys
[2010/05/20 20:56:07 | 000,000,000 | ---D | C] -- C:\Windows\System32\drivers\Avg
[2010/05/20 20:56:06 | 000,000,000 | ---D | C] -- C:\ProgramData\AVG Security Toolbar
[2010/05/20 20:55:47 | 000,024,856 | ---- | C] (AVG Technologies CZ, s.r.o.) -- C:\Windows\System32\drivers\avgfwd6x.sys
[2010/05/20 20:55:47 | 000,000,000 | ---D | C] -- C:\Program Files\AVG
[2010/05/20 20:55:45 | 000,000,000 | ---D | C] -- C:\ProgramData\avg9
[2010/05/20 20:46:06 | 000,000,000 | -HSD | C] -- C:\Windows\Installer
[2010/05/20 20:16:16 | 000,000,000 | ---D | C] -- C:\Users\Metroidn1f\AppData\Roaming\WinRAR
[2010/05/20 20:15:28 | 000,000,000 | ---D | C] -- C:\Program Files\WinRAR
[2010/05/20 20:05:55 | 000,000,000 | ---D | C] -- C:\Downloads
[2010/05/20 20:05:55 | 000,000,000 | ---D | C] -- C:\Users\Metroidn1f\AppData\Roaming\BitComet
[2010/05/20 20:02:04 | 000,000,000 | ---D | C] -- C:\Program Files\BitComet
[2010/05/20 20:01:08 | 000,000,000 | ---D | C] -- C:\Users\Metroidn1f\AppData\Roaming\Mozilla
[2010/05/20 20:01:08 | 000,000,000 | ---D | C] -- C:\Users\Metroidn1f\AppData\Local\Mozilla
[2010/05/20 20:01:01 | 000,000,000 | ---D | C] -- C:\Program Files\Mozilla Firefox
[2010/05/20 19:55:46 | 000,000,000 | R--D | C] -- C:\Users\Metroidn1f\Searches
[2010/05/20 19:55:38 | 000,000,000 | ---D | C] -- C:\Users\Metroidn1f\AppData\Roaming\Identities
[2010/05/20 19:55:36 | 000,000,000 | R--D | C] -- C:\Users\Metroidn1f\Contacts
[2010/05/20 19:55:31 | 000,000,000 | ---D | C] -- C:\Users\Metroidn1f\AppData\Local\VirtualStore
[2010/05/20 19:55:30 | 000,000,000 | --SD | C] -- C:\Users\Metroidn1f\AppData\Roaming\Microsoft
[2010/05/20 19:55:30 | 000,000,000 | R--D | C] -- C:\Users\Metroidn1f\Videos
[2010/05/20 19:55:30 | 000,000,000 | R--D | C] -- C:\Users\Metroidn1f\Saved Games
[2010/05/20 19:55:30 | 000,000,000 | R--D | C] -- C:\Users\Metroidn1f\Pictures
[2010/05/20 19:55:30 | 000,000,000 | R--D | C] -- C:\Users\Metroidn1f\Music
[2010/05/20 19:55:30 | 000,000,000 | R--D | C] -- C:\Users\Metroidn1f\Links
[2010/05/20 19:55:30 | 000,000,000 | R--D | C] -- C:\Users\Metroidn1f\Favorites
[2010/05/20 19:55:30 | 000,000,000 | R--D | C] -- C:\Users\Metroidn1f\Downloads
[2010/05/20 19:55:30 | 000,000,000 | R--D | C] -- C:\Users\Metroidn1f\My Documents
[2010/05/20 19:55:30 | 000,000,000 | R--D | C] -- C:\Users\Metroidn1f\Desktop
[2010/05/20 19:55:30 | 000,000,000 | -HSD | C] -- C:\Users\Metroidn1f\AppData\Local\Temporary Internet Files
[2010/05/20 19:55:30 | 000,000,000 | -HSD | C] -- C:\Users\Metroidn1f\Templates
[2010/05/20 19:55:30 | 000,000,000 | -HSD | C] -- C:\Users\Metroidn1f\Start Menu
[2010/05/20 19:55:30 | 000,000,000 | -HSD | C] -- C:\Users\Metroidn1f\SendTo
[2010/05/20 19:55:30 | 000,000,000 | -HSD | C] -- C:\Users\Metroidn1f\Recent
[2010/05/20 19:55:30 | 000,000,000 | -HSD | C] -- C:\Users\Metroidn1f\PrintHood
[2010/05/20 19:55:30 | 000,000,000 | -HSD | C] -- C:\Users\Metroidn1f\NetHood
[2010/05/20 19:55:30 | 000,000,000 | -HSD | C] -- C:\Users\Metroidn1f\Documents\My Videos
[2010/05/20 19:55:30 | 000,000,000 | -HSD | C] -- C:\Users\Metroidn1f\Documents\My Pictures
[2010/05/20 19:55:30 | 000,000,000 | -HSD | C] -- C:\Users\Metroidn1f\Documents\My Music
[2010/05/20 19:55:30 | 000,000,000 | -HSD | C] -- C:\Users\Metroidn1f\My Documents
[2010/05/20 19:55:30 | 000,000,000 | -HSD | C] -- C:\Users\Metroidn1f\Local Settings
[2010/05/20 19:55:30 | 000,000,000 | -HSD | C] -- C:\Users\Metroidn1f\AppData\Local\History
[2010/05/20 19:55:30 | 000,000,000 | -HSD | C] -- C:\Users\Metroidn1f\Cookies
[2010/05/20 19:55:30 | 000,000,000 | -HSD | C] -- C:\Users\Metroidn1f\Application Data
[2010/05/20 19:55:30 | 000,000,000 | -HSD | C] -- C:\Users\Metroidn1f\AppData\Local\Application Data
[2010/05/20 19:55:30 | 000,000,000 | -H-D | C] -- C:\Users\Metroidn1f\AppData
[2010/05/20 19:55:30 | 000,000,000 | ---D | C] -- C:\Users\Metroidn1f\AppData\Local\Temp
[2010/05/20 19:55:30 | 000,000,000 | ---D | C] -- C:\Users\Metroidn1f\AppData\Local\Microsoft
[2010/05/20 19:55:30 | 000,000,000 | ---D | C] -- C:\Users\Metroidn1f\AppData\Roaming\Media Center Programs
[2010/05/20 19:55:15 | 000,000,000 | -HSD | C] -- C:\Recovery
[2010/05/20 19:55:10 | 000,000,000 | ---D | C] -- C:\Windows\SoftwareDistribution
[2010/05/20 19:06:33 | 000,000,000 | ---D | C] -- C:\Windows\Prefetch
[2010/05/20 19:05:56 | 000,000,000 | -HSD | C] -- C:\System Volume Information
[2010/04/03 22:55:32 | 000,056,424 | ---- | C] (Khronos Group) -- C:\Windows\System32\OpenCL.dll
[2010/03/31 01:15:22 | 000,086,016 | ---- | C] (Beepa P/L) -- C:\Windows\System32\frapsvid.dll
[2010/03/19 21:52:08 | 002,145,280 | ---- | C] (Python Software Foundation) -- C:\Windows\System32\python26.dll

========== Files - Modified Within 90 Days ==========

[2010/06/06 11:00:57 | 001,835,008 | -HS- | M] () -- C:\Users\Metroidn1f\NTUSER.DAT
[2010/06/06 09:18:25 | 000,717,892 | ---- | M] () -- C:\Windows\System32\PerfStringBackup.INI
[2010/06/06 09:18:25 | 000,622,110 | ---- | M] () -- C:\Windows\System32\perfh009.dat
[2010/06/06 09:18:25 | 000,108,232 | ---- | M] () -- C:\Windows\System32\perfc009.dat
[2010/06/06 09:17:10 | 000,014,224 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2010/06/06 09:17:10 | 000,014,224 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2010/06/06 09:13:41 | 060,763,240 | ---- | M] () -- C:\Windows\System32\drivers\Avg\incavi.avm
[2010/06/06 09:13:09 | 000,000,116 | ---- | M] () -- C:\Users\Metroidn1f\Desktop\WorldWideMinerSettings.ini
[2010/06/06 09:12:57 | 000,000,087 | ---- | M] () -- C:\Users\Metroidn1f\jagex_runescape_preferences2.dat
[2010/06/06 09:11:24 | 000,000,042 | ---- | M] () -- C:\Users\Metroidn1f\jagex_runescape_preferences.dat
[2010/06/06 09:09:54 | 000,000,006 | -H-- | M] () -- C:\Windows\tasks\SA.DAT
[2010/06/06 09:09:47 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2010/06/06 09:09:42 | 2616,844,288 | -HS- | M] () -- C:\hiberfil.sys
[2010/06/06 01:17:29 | 002,613,602 | -H-- | M] () -- C:\Users\Metroidn1f\AppData\Local\IconCache.db
[2010/06/05 17:08:38 | 000,001,815 | ---- | M] () -- C:\Users\Public\Desktop\ImgBurn.lnk
[2010/06/05 17:08:16 | 004,614,113 | ---- | M] (LIGHTNING UK!) -- C:\Users\Metroidn1f\Desktop\SetupImgBurn_2.5.1.0.exe
[2010/06/05 11:01:14 | 002,326,482 | ---- | M] () -- C:\Users\Metroidn1f\Desktop\Lucy Sweet 16.png
[2010/06/05 11:01:01 | 000,000,132 | ---- | M] () -- C:\Users\Metroidn1f\AppData\Roaming\Adobe PNG Format CS5 Prefs
[2010/06/05 10:54:59 | 000,099,178 | ---- | M] () -- C:\Users\Metroidn1f\Desktop\Steph2.jpg
[2010/06/05 10:54:45 | 000,104,814 | ---- | M] () -- C:\Users\Metroidn1f\Desktop\Steph.jpg
[2010/06/04 17:12:03 | 000,594,556 | ---- | M] () -- C:\Windows\System32\drivers\Avg\iavifw.avm
[2010/06/04 16:00:56 | 000,242,219 | ---- | M] () -- C:\Users\Metroidn1f\Desktop\Image044.jpg
[2010/06/04 15:25:10 | 000,154,626 | ---- | M] () -- C:\Users\Metroidn1f\Desktop\Lucy Sweet 16..jpg
[2010/06/04 15:07:51 | 014,098,432 | ---- | M] () -- C:\Users\Metroidn1f\Desktop\python-3.1.2.msi
[2010/06/04 08:23:53 | 000,824,681 | ---- | M] () -- C:\Users\Metroidn1f\Desktop\RSIT.exe
[2010/06/04 08:23:21 | 000,525,824 | ---- | M] () -- C:\Users\Metroidn1f\Desktop\dds.scr
[2010/06/04 08:07:22 | 001,381,423 | ---- | M] () -- C:\Users\Metroidn1f\Desktop\RSBot-119.jar
[2010/06/03 23:28:08 | 000,005,874 | ---- | M] () -- C:\Users\Metroidn1f\Desktop\1275622083_playback_play.png
[2010/06/03 19:54:24 | 000,000,005 | ---- | M] () -- C:\Users\Metroidn1f\Desktop\start.bat
[2010/06/03 19:53:39 | 000,000,000 | RHS- | M] () -- C:\MSDOS.SYS
[2010/06/03 19:53:39 | 000,000,000 | RHS- | M] () -- C:\IO.SYS
[2010/06/03 17:05:04 | 139,747,735 | ---- | M] () -- C:\Users\Metroidn1f\Desktop\65451991948_1080.mov
[2010/06/03 16:11:51 | 003,369,466 | ---- | M] () -- C:\Users\Metroidn1f\Desktop\FFmpeg-0.5.1-svn-22140.7z
[2010/06/03 15:36:58 | 000,025,731 | ---- | M] () -- C:\Users\Metroidn1f\Desktop\hiscorepersonal.ws.htm
[2010/06/03 15:30:03 | 000,006,656 | ---- | M] () -- C:\Users\Metroidn1f\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2010/06/03 08:06:49 | 000,035,206 | ---- | M] () -- C:\Users\Metroidn1f\Desktop\test2.bat
[2010/06/03 08:06:19 | 000,070,414 | ---- | M] () -- C:\Users\Metroidn1f\Desktop\test.bat
[2010/06/02 16:33:03 | 001,346,718 | ---- | M] () -- C:\Users\Metroidn1f\Desktop\RSBot-118.jar
[2010/06/01 19:04:41 | 000,571,392 | ---- | M] (OldTimer Tools) -- C:\Users\Metroidn1f\Desktop\OTL.exe
[2010/06/01 18:48:09 | 000,007,635 | ---- | M] () -- C:\Users\Metroidn1f\AppData\Local\Resmon.ResmonCfg
[2010/06/01 15:27:05 | 000,595,499 | ---- | M] () -- C:\Users\Metroidn1f\Desktop\Autoruns.zip
[2010/06/01 09:12:32 | 000,242,896 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Windows\System32\drivers\avgtdix.sys
[2010/06/01 09:12:32 | 000,029,584 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Windows\System32\drivers\avgmfx86.sys
[2010/05/31 20:29:43 | 027,008,872 | ---- | M] () -- C:\Users\Metroidn1f\Desktop\RipBot264v1.15.1.7z
[2010/05/27 21:15:27 | 000,000,350 | -H-- | M] () -- C:\IPH.PH
[2010/05/27 19:47:14 | 211,227,500 | ---- | M] () -- C:\Users\Metroidn1f\Desktop\Me solving the rubiks cube 40 Ready.avi
[2010/05/27 12:49:48 | 000,000,132 | ---- | M] () -- C:\Users\Metroidn1f\AppData\Roaming\Adobe BMP Format CS5 Prefs
[2010/05/27 12:31:57 | 000,000,237 | ---- | M] () -- C:\ProgramData\nvUnsupRes.dat
[2010/05/26 17:28:39 | 000,160,046 | ---- | M] () -- C:\Users\Metroidn1f\Desktop\Me.png
[2010/05/25 06:27:18 | 000,000,088 | ---- | M] () -- C:\Users\Metroidn1f\AppData\Roaming\RSBot Accounts.ini
[2010/05/24 20:33:00 | 000,108,032 | ---- | M] () -- C:\Windows\System32\ff_vfw.dll
[2010/05/24 20:33:00 | 000,050,688 | ---- | M] () -- C:\Windows\System32\ff_acm.acm
[2010/05/24 10:56:48 | 000,000,020 | ---- | M] () -- C:\Windows\System32\SYSTEM
[2010/05/23 12:24:03 | 000,109,392 | ---- | M] () -- C:\Users\Metroidn1f\AppData\Local\GDIPFONTCACHEV1.DAT
[2010/05/23 09:08:45 | 003,767,000 | ---- | M] () -- C:\Windows\System32\FNTCACHE.DAT
[2010/05/22 20:31:17 | 000,000,478 | ---- | M] () -- C:\Windows\win.ini
[2010/05/21 21:53:53 | 001,340,171 | ---- | M] () -- C:\Users\Metroidn1f\Desktop\RSBot.jar
[2010/05/21 19:22:47 | 000,000,000 | ---- | M] () -- C:\Users\Metroidn1f\jagex__preferences3.dat
[2010/05/20 23:05:12 | 000,008,192 | RHS- | M] () -- C:\BOOTSECT.BAK
[2010/05/20 20:56:16 | 000,012,464 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Windows\System32\avgrsstx.dll
[2010/05/20 20:56:15 | 000,025,096 | ---- | M] (AVG Technologies CZ, s.r.o. ) -- C:\Windows\System32\drivers\AVGIDSwx.sys
[2010/05/20 20:56:14 | 000,052,872 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Windows\System32\drivers\avgrkx86.sys
[2010/05/20 20:56:08 | 000,216,200 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Windows\System32\drivers\avgldx86.sys
[2010/05/20 20:56:08 | 000,113,461 | ---- | M] () -- C:\Windows\System32\drivers\Avg\iavichjw.avm
[2010/05/20 20:55:47 | 000,024,856 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Windows\System32\drivers\avgfwd6x.sys
[2010/05/20 20:51:18 | 000,000,003 | RHS- | M] () -- C:\win7ldr
[2010/05/20 20:51:18 | 000,000,003 | ---- | M] () -- C:\Windows\7Loader.TAG
[2010/05/20 20:50:44 | 000,203,316 | RHS- | M] () -- C:\grldr
[2010/05/20 20:47:47 | 000,524,288 | -HS- | M] () -- C:\Users\Metroidn1f\NTUSER.DAT{6cced2f1-6e01-11de-8bed-001e0bcd1824}.TMContainer00000000000000000002.regtrans-ms
[2010/05/20 20:47:47 | 000,524,288 | -HS- | M] () -- C:\Users\Metroidn1f\NTUSER.DAT{6cced2f1-6e01-11de-8bed-001e0bcd1824}.TMContainer00000000000000000001.regtrans-ms
[2010/05/20 20:47:47 | 000,065,536 | -HS- | M] () -- C:\Users\Metroidn1f\NTUSER.DAT{6cced2f1-6e01-11de-8bed-001e0bcd1824}.TM.blf
[2010/05/20 19:55:30 | 000,000,020 | -HS- | M] () -- C:\Users\Metroidn1f\ntuser.ini
[2010/05/20 19:09:48 | 000,042,045 | ---- | M] () -- C:\Windows\System32\license.rtf
[2010/05/20 19:07:24 | 000,000,000 | -H-- | M] () -- C:\Windows\System32\drivers\Msft_User_WpdFs_01_09_00.Wdf
[2010/04/29 15:39:38 | 000,038,224 | ---- | M] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbamswissarmy.sys
[2010/04/29 15:39:26 | 000,020,952 | ---- | M] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbam.sys
[2010/04/16 14:00:00 | 000,000,038 | ---- | M] () -- C:\Windows\avisplitter.ini
[2010/04/07 12:15:48 | 003,297,280 | ---- | M] () -- C:\Windows\System32\x264vfw.dll
[2010/04/03 22:55:32 | 000,056,424 | ---- | M] (Khronos Group) -- C:\Windows\System32\OpenCL.dll
[2010/04/03 22:55:32 | 000,007,772 | ---- | M] () -- C:\Windows\System32\nvinfo.pb
[2010/04/03 18:26:56 | 000,276,196 | ---- | M] () -- C:\Windows\System32\NvApps.xml
[2010/04/03 18:26:56 | 000,066,714 | ---- | M] () -- C:\Windows\System32\NvwsApps.xml
[2010/03/31 01:15:22 | 000,086,016 | ---- | M] (Beepa P/L) -- C:\Windows\System32\frapsvid.dll
[2010/03/19 21:52:08 | 002,145,280 | ---- | M] (Python Software Foundation) -- C:\Windows\System32\python26.dll
[2010/03/15 05:31:48 | 000,165,376 | ---- | M] () -- C:\Windows\System32\unrar.dll

========== Files Created - No Company Name ==========

[2010/06/05 17:08:38 | 000,001,815 | ---- | C] () -- C:\Users\Public\Desktop\ImgBurn.lnk
[2010/06/05 11:01:01 | 002,326,482 | ---- | C] () -- C:\Users\Metroidn1f\Desktop\Lucy Sweet 16.png
[2010/06/05 10:54:57 | 000,099,178 | ---- | C] () -- C:\Users\Metroidn1f\Desktop\Steph2.jpg
[2010/06/05 10:54:39 | 000,104,814 | ---- | C] () -- C:\Users\Metroidn1f\Desktop\Steph.jpg
[2010/06/05 10:49:06 | 000,242,219 | ---- | C] () -- C:\Users\Metroidn1f\Desktop\Image044.jpg
[2010/06/05 10:48:56 | 000,154,626 | ---- | C] () -- C:\Users\Metroidn1f\Desktop\Lucy Sweet 16..jpg
[2010/06/04 15:06:44 | 014,098,432 | ---- | C] () -- C:\Users\Metroidn1f\Desktop\python-3.1.2.msi
[2010/06/04 08:23:36 | 000,824,681 | ---- | C] () -- C:\Users\Metroidn1f\Desktop\RSIT.exe
[2010/06/04 08:22:55 | 000,525,824 | ---- | C] () -- C:\Users\Metroidn1f\Desktop\dds.scr
[2010/06/04 08:07:20 | 001,381,423 | ---- | C] () -- C:\Users\Metroidn1f\Desktop\RSBot-119.jar
[2010/06/03 23:28:05 | 000,005,874 | ---- | C] () -- C:\Users\Metroidn1f\Desktop\1275622083_playback_play.png
[2010/06/03 19:54:24 | 000,000,005 | ---- | C] () -- C:\Users\Metroidn1f\Desktop\start.bat
[2010/06/03 19:53:39 | 000,000,000 | RHS- | C] () -- C:\MSDOS.SYS
[2010/06/03 19:53:39 | 000,000,000 | RHS- | C] () -- C:\IO.SYS
[2010/06/03 17:03:11 | 139,747,735 | ---- | C] () -- C:\Users\Metroidn1f\Desktop\65451991948_1080.mov
[2010/06/03 16:11:48 | 003,369,466 | ---- | C] () -- C:\Users\Metroidn1f\Desktop\FFmpeg-0.5.1-svn-22140.7z
[2010/06/03 15:36:55 | 000,025,731 | ---- | C] () -- C:\Users\Metroidn1f\Desktop\hiscorepersonal.ws.htm
[2010/06/02 18:40:55 | 000,035,206 | ---- | C] () -- C:\Users\Metroidn1f\Desktop\test2.bat
[2010/06/02 18:40:47 | 000,070,414 | ---- | C] () -- C:\Users\Metroidn1f\Desktop\test.bat
[2010/06/02 16:33:01 | 001,346,718 | ---- | C] () -- C:\Users\Metroidn1f\Desktop\RSBot-118.jar
[2010/06/01 18:48:09 | 000,007,635 | ---- | C] () -- C:\Users\Metroidn1f\AppData\Local\Resmon.ResmonCfg
[2010/06/01 15:26:43 | 000,595,499 | ---- | C] () -- C:\Users\Metroidn1f\Desktop\Autoruns.zip
[2010/05/31 20:32:50 | 000,050,688 | ---- | C] () -- C:\Windows\System32\ff_acm.acm
[2010/05/31 20:28:36 | 027,008,872 | ---- | C] () -- C:\Users\Metroidn1f\Desktop\RipBot264v1.15.1.7z
[2010/05/27 21:15:02 | 000,000,350 | -H-- | C] () -- C:\IPH.PH
[2010/05/27 19:30:56 | 211,227,500 | ---- | C] () -- C:\Users\Metroidn1f\Desktop\Me solving the rubiks cube 40 Ready.avi
[2010/05/27 12:49:32 | 000,000,132 | ---- | C] () -- C:\Users\Metroidn1f\AppData\Roaming\Adobe BMP Format CS5 Prefs
[2010/05/27 12:25:12 | 000,000,237 | ---- | C] () -- C:\ProgramData\nvUnsupRes.dat
[2010/05/26 21:55:34 | 000,006,656 | ---- | C] () -- C:\Users\Metroidn1f\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2010/05/26 17:28:39 | 000,000,132 | ---- | C] () -- C:\Users\Metroidn1f\AppData\Roaming\Adobe PNG Format CS5 Prefs
[2010/05/26 17:28:37 | 000,160,046 | ---- | C] () -- C:\Users\Metroidn1f\Desktop\Me.png
[2010/05/24 10:56:48 | 000,000,020 | ---- | C] () -- C:\Windows\System32\SYSTEM
[2010/05/22 19:02:26 | 000,000,116 | ---- | C] () -- C:\Users\Metroidn1f\Desktop\WorldWideMinerSettings.ini
[2010/05/21 21:53:47 | 001,340,171 | ---- | C] () -- C:\Users\Metroidn1f\Desktop\RSBot.jar
[2010/05/21 19:22:47 | 000,000,087 | ---- | C] () -- C:\Users\Metroidn1f\jagex_runescape_preferences2.dat
[2010/05/21 19:22:47 | 000,000,000 | ---- | C] () -- C:\Users\Metroidn1f\jagex__preferences3.dat
[2010/05/21 18:04:50 | 000,165,376 | ---- | C] () -- C:\Windows\System32\unrar.dll
[2010/05/21 18:04:50 | 000,000,038 | ---- | C] () -- C:\Windows\avisplitter.ini
[2010/05/21 18:04:49 | 003,297,280 | ---- | C] () -- C:\Windows\System32\x264vfw.dll
[2010/05/21 18:04:49 | 000,000,414 | ---- | C] () -- C:\Windows\System32\lame_acm.xml
[2010/05/21 18:04:48 | 003,596,288 | ---- | C] () -- C:\Windows\System32\qt-dx331.dll
[2010/05/21 18:04:48 | 000,881,664 | ---- | C] () -- C:\Windows\System32\xvidcore.dll
[2010/05/21 18:04:48 | 000,205,824 | ---- | C] () -- C:\Windows\System32\xvidvfw.dll
[2010/05/21 18:04:47 | 000,108,032 | ---- | C] () -- C:\Windows\System32\ff_vfw.dll
[2010/05/21 18:04:47 | 000,000,547 | ---- | C] () -- C:\Windows\System32\ff_vfw.dll.manifest
[2010/05/21 16:07:15 | 000,000,088 | ---- | C] () -- C:\Users\Metroidn1f\AppData\Roaming\RSBot Accounts.ini
[2010/05/21 16:06:59 | 000,000,042 | ---- | C] () -- C:\Users\Metroidn1f\jagex_runescape_preferences.dat
[2010/05/20 23:05:12 | 000,008,192 | RHS- | C] () -- C:\BOOTSECT.BAK
[2010/05/20 23:05:11 | 000,383,562 | RHS- | C] () -- C:\bootmgr
[2010/05/20 20:56:08 | 000,594,556 | ---- | C] () -- C:\Windows\System32\drivers\Avg\iavifw.avm
[2010/05/20 20:56:08 | 000,113,461 | ---- | C] () -- C:\Windows\System32\drivers\Avg\iavichjw.avm
[2010/05/20 20:56:07 | 060,763,240 | ---- | C] () -- C:\Windows\System32\drivers\Avg\incavi.avm
[2010/05/20 20:51:18 | 000,203,316 | RHS- | C] () -- C:\grldr
[2010/05/20 20:51:18 | 000,000,003 | RHS- | C] () -- C:\win7ldr
[2010/05/20 20:51:18 | 000,000,003 | ---- | C] () -- C:\Windows\7Loader.TAG
[2010/05/20 19:55:30 | 001,835,008 | -HS- | C] () -- C:\Users\Metroidn1f\NTUSER.DAT
[2010/05/20 19:55:30 | 000,524,288 | -HS- | C] () -- C:\Users\Metroidn1f\NTUSER.DAT{6cced2f1-6e01-11de-8bed-001e0bcd1824}.TMContainer00000000000000000002.regtrans-ms
[2010/05/20 19:55:30 | 000,524,288 | -HS- | C] () -- C:\Users\Metroidn1f\NTUSER.DAT{6cced2f1-6e01-11de-8bed-001e0bcd1824}.TMContainer00000000000000000001.regtrans-ms
[2010/05/20 19:55:30 | 000,262,144 | -HS- | C] () -- C:\Users\Metroidn1f\ntuser.dat.LOG1
[2010/05/20 19:55:30 | 000,065,536 | -HS- | C] () -- C:\Users\Metroidn1f\NTUSER.DAT{6cced2f1-6e01-11de-8bed-001e0bcd1824}.TM.blf
[2010/05/20 19:55:30 | 000,000,020 | -HS- | C] () -- C:\Users\Metroidn1f\ntuser.ini
[2010/05/20 19:55:30 | 000,000,000 | -HS- | C] () -- C:\Users\Metroidn1f\ntuser.dat.LOG2
[2010/05/20 19:07:24 | 000,000,000 | -H-- | C] () -- C:\Windows\System32\drivers\Msft_User_WpdFs_01_09_00.Wdf
[2010/05/20 19:05:56 | 2616,844,288 | -HS- | C] () -- C:\hiberfil.sys
[2010/04/03 22:55:32 | 000,007,772 | ---- | C] () -- C:\Windows\System32\nvinfo.pb
[2010/04/03 18:26:56 | 000,276,196 | ---- | C] () -- C:\Windows\System32\NvApps.xml
[2010/04/03 18:26:56 | 000,066,714 | ---- | C] () -- C:\Windows\System32\NvwsApps.xml
[2009/09/28 09:22:00 | 000,315,392 | ---- | C] () -- C:\Windows\System32\drivers\yk62x86.sys
[2009/07/13 19:51:43 | 000,073,728 | ---- | C] () -- C:\Windows\System32\BthpanContextHandler.dll
[2009/07/13 19:42:10 | 000,064,000 | ---- | C] () -- C:\Windows\System32\BWContextHandler.dll
[2009/07/13 19:22:02 | 000,173,648 | ---- | C] () -- C:\Windows\System32\drivers\rdyboost.sys

========== LOP Check ==========

[2010/05/27 21:15:51 | 000,000,000 | ---D | M] -- C:\Users\Metroidn1f\AppData\Roaming\acccore
[2010/06/03 17:46:36 | 000,000,000 | ---D | M] -- C:\Users\Metroidn1f\AppData\Roaming\avidemux
[2010/06/02 15:04:35 | 000,000,000 | ---D | M] -- C:\Users\Metroidn1f\AppData\Roaming\BitComet
[2010/06/03 20:15:59 | 000,000,000 | ---D | M] -- C:\Users\Metroidn1f\AppData\Roaming\Broad Intelligence
[2010/05/22 18:24:05 | 000,000,000 | ---D | M] -- C:\Users\Metroidn1f\AppData\Roaming\BSplayer PRO
[2010/06/03 17:48:48 | 000,000,000 | ---D | M] -- C:\Users\Metroidn1f\AppData\Roaming\HandBrake
[2010/06/05 17:14:58 | 000,000,000 | ---D | M] -- C:\Users\Metroidn1f\AppData\Roaming\ImgBurn
[2010/05/27 13:03:02 | 000,000,000 | ---D | M] -- C:\Users\Metroidn1f\AppData\Roaming\mkvtoolnix
[2010/05/24 17:41:11 | 000,000,000 | ---D | M] -- C:\Users\Metroidn1f\AppData\Roaming\Notepad++
[2010/05/22 18:12:29 | 000,000,000 | ---D | M] -- C:\Users\Metroidn1f\AppData\Roaming\TigerPlayer
[2010/06/06 01:17:44 | 000,006,670 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT

========== Purity Check ==========


< End of report >


#3 Metroidn1f

Metroidn1f
  • Topic Starter

  • Members
  • 16 posts
  • OFFLINE
  •  
  • Local time:03:21 AM

Posted 06 June 2010 - 10:07 AM

Here is my DDS log, as well it is has an attachment called Attach in .zip format. The .Zip file is compressed at "Store".


DDS (Ver_10-03-17.01) - NTFSx86
Run by Metroidn1f at 11:02:36.61 on 06/06/2010
Internet Explorer: 8.0.7600.16385 BrowserJavaVersion: 1.6.0_20
Microsoft Windows 7 Ultimate 6.1.7600.0.1252.2.1033.18.3327.1853 [GMT -4:00]


============== Running Processes ===============

C:\Windows\system32\wininit.exe
C:\Program Files\AVG\AVG9\avgchsvx.exe
C:\Program Files\AVG\AVG9\avgrsx.exe
C:\Windows\system32\lsm.exe
C:\Program Files\AVG\AVG9\avgcsrvx.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\nvvsvc.exe
C:\Windows\system32\svchost.exe -k RPCSS
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\nvvsvc.exe
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\System32\spoolsv.exe
C:\Program Files\AVG\AVG9\Identity Protection\Agent\Bin\AVGIDSAgent.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Program Files\AVG\AVG9\avgwdsvc.exe
C:\Program Files\AVG\AVG9\avgfws9.exe
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Program Files\AVG\AVG9\avgemc.exe
C:\Program Files\AVG\AVG9\avgam.exe
C:\Program Files\AVG\AVG9\avgnsx.exe
C:\Program Files\AVG\AVG9\avgcsrvx.exe
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\Windows\system32\taskhost.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Program Files\AVG\AVG9\avgtray.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Program Files\Windows Live\Messenger\msnmsgr.exe
C:\Program Files\AIM\aim.exe
C:\Program Files\AVG\AVG9\avgcsrvx.exe
C:\Program Files\AVG\AVG9\Identity Protection\agent\bin\avgidsmonitor.exe
C:\Windows\system32\conhost.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Windows\system32\SearchIndexer.exe
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Program Files\Java\jre6\bin\javaw.exe
C:\Program Files\Common Files\Adobe\OOBE\PDApp\UWA\AAM Updates Notifier.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Users\Metroidn1f\Documents\Apps\MiniCoder\MiniCOder.exe
C:\Users\Metroidn1f\Documents\Apps\MiniCoder\Tools\x264\x264.exe
C:\Windows\system32\conhost.exe
C:\Users\Metroidn1f\Desktop\dds.scr
C:\Windows\system32\conhost.exe

============== Pseudo HJT Report ===============

uURLSearchHooks: AVG Security Toolbar BHO: {a3bc75a2-1f87-4686-aa43-5347d756017c} - c:\program files\avg\avg9\toolbar\IEToolbar.dll
BHO: ContributeBHO Class: {074c1dc5-9320-4a9a-947d-c042949c6216} - c:\program files\adobe\adobe contribute cs5\plugins\ieplugin\contributeieplugin.dll
BHO: BitComet Helper: {39f7e362-828a-4b5a-bcaf-5b79bfdfea60} - c:\program files\bitcomet\tools\BitCometBHO_1.4.4.13.dll
BHO: AVG Safe Search: {3ca2f312-6f6e-4b53-a66e-4e65e497c8c0} - c:\program files\avg\avg9\avgssie.dll
BHO: {5C255C8A-E604-49b4-9D64-90988571CECB} - No File
BHO: Groove GFS Browser Helper: {72853161-30c5-4d22-b7f9-0bbc1d38a37e} - c:\progra~1\micros~3\office14\GROOVEEX.DLL
BHO: Windows Live Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - c:\program files\common files\microsoft shared\windows live\WindowsLiveLogin.dll
BHO: AVG Security Toolbar BHO: {a3bc75a2-1f87-4686-aa43-5347d756017c} - c:\program files\avg\avg9\toolbar\IEToolbar.dll
BHO: Office Document Cache Handler: {b4f3a835-0e21-4959-ba22-42b3008e02ff} - c:\progra~1\micros~3\office14\URLREDIR.DLL
BHO: Java™ Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
TB: Contribute Toolbar: {517bdde4-e3a7-4570-b21e-2b52b6139fc7} - c:\program files\adobe\adobe contribute cs5\plugins\ieplugin\contributeieplugin.dll
TB: AVG Security Toolbar: {ccc7a320-b3ca-4199-b1a6-9f516dd69829} - c:\program files\avg\avg9\toolbar\IEToolbar.dll
uRun: [Sidebar] c:\program files\windows sidebar\sidebar.exe /autoRun
uRun: [msnmsgr] "c:\program files\windows live\messenger\msnmsgr.exe" /background
uRun: [Aim] "c:\program files\aim\aim.exe" /d locale=en-CA
mRun: [AVG9_TRAY] c:\progra~1\avg\avg9\avgtray.exe
mPolicies-system: ConsentPromptBehaviorAdmin = 0 (0x0)
mPolicies-system: ConsentPromptBehaviorUser = 3 (0x3)
mPolicies-system: EnableLUA = 0 (0x0)
mPolicies-system: EnableUIADesktopToggle = 0 (0x0)
mPolicies-system: PromptOnSecureDesktop = 0 (0x0)
IE: &D&ownload &with BitComet - c:\program files\bitcomet\BitComet.exe/AddLink.htm
IE: &D&ownload all video with BitComet - c:\program files\bitcomet\BitComet.exe/AddVideo.htm
IE: &D&ownload all with BitComet - c:\program files\bitcomet\BitComet.exe/AddAllLink.htm
IE: E&xport to Microsoft Excel - c:\progra~1\micros~3\office14\EXCEL.EXE/3000
IE: Se&nd to OneNote - c:\progra~1\micros~3\office14\ONBttnIE.dll/105
IE: {D18A0B52-D63C-4ed0-AFC6-C1E3DC1AF43A} - res://c:\program files\bitcomet\tools\BitCometBHO_1.4.4.13.dll/206
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab
Filter: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - c:\program files\common files\microsoft shared\office14\MSOXMLMF.DLL
Handler: AutorunsDisabled\avgsecuritytoolbar - {F2DDE6B2-9684-4A55-86D4-E255E237B77C} - c:\program files\avg\avg9\toolbar\IEToolbar.dll
Handler: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - c:\program files\avg\avg9\avgpp.dll
AppInit_DLLs: avgrsstx.dll
SEH: Groove GFS Stub Execution Hook: {b5a7f190-dda6-4420-b3ba-52453494e6cd} - c:\progra~1\micros~3\office14\GROOVEEX.DLL
Hosts: 0.0.0.0 localhost

================= FIREFOX ===================

FF - ProfilePath - c:\users\metroi~1\appdata\roaming\mozilla\firefox\profiles\byrk88sh.default\
FF - prefs.js: browser.startup.homepage - hxxp://www.youtube.com
FF - component: c:\program files\adobe\adobe contribute cs5\plugins\firefoxplugin\{01a8ca0a-4c96-465b-a49b-65c46fad54f9}\components\Contribute.dll
FF - component: c:\program files\avg\avg9\firefox\components\avgssff.dll
FF - component: c:\users\metroidn1f\appdata\roaming\mozilla\firefox\profiles\byrk88sh.default\extensions\{b042753d-f57e-4e8e-a01b-7379a6d4cefb}\components\IBitCometExtension.dll
FF - plugin: c:\progra~1\micros~3\office14\NPAUTHZ.DLL
FF - plugin: c:\progra~1\micros~3\office14\NPSPWRAP.DLL
FF - plugin: c:\program files\java\jre6\bin\new_plugin\npdeployJava1.dll
FF - plugin: c:\program files\k-lite codec pack\real\browser\plugins\nppl3260.dll
FF - plugin: c:\program files\k-lite codec pack\real\browser\plugins\nprpjplug.dll
FF - plugin: c:\program files\mozilla firefox\plugins\npContribute.dll
FF - plugin: c:\program files\mozilla firefox\plugins\npdnu.dll
FF - plugin: c:\program files\mozilla firefox\plugins\npdnupdater2.dll
FF - plugin: c:\program files\mozilla firefox\plugins\npwachk.dll
FF - plugin: c:\program files\mpcstar\codecs\real\browser\plugins\nppl3260.dll
FF - plugin: c:\program files\mpcstar\codecs\real\browser\plugins\nprpjplug.dll
FF - HiddenExtension: Java Console: No Registry Reference - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}

---- FIREFOX POLICIES ----
FF - user.js: network.protocol-handler.warn-external.dnupdate - falsec:\program files\mozilla firefox\greprefs\all.js - pref("ui.use_native_colors", true);
c:\program files\mozilla firefox\greprefs\all.js - pref("ui.use_native_popup_windows", false);
c:\program files\mozilla firefox\greprefs\all.js - pref("browser.enable_click_image_resizing", true);
c:\program files\mozilla firefox\greprefs\all.js - pref("accessibility.browsewithcaret_shortcut.enabled", true);
c:\program files\mozilla firefox\greprefs\all.js - pref("javascript.options.mem.high_water_mark", 32);
c:\program files\mozilla firefox\greprefs\all.js - pref("javascript.options.mem.gc_frequency", 1600);
c:\program files\mozilla firefox\greprefs\all.js - pref("network.auth.force-generic-ntlm", false);
c:\program files\mozilla firefox\greprefs\all.js - pref("svg.smil.enabled", false);
c:\program files\mozilla firefox\greprefs\all.js - pref("ui.trackpoint_hack.enabled", -1);
c:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.debug", false);
c:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.agedWeight", 2);
c:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.bucketSize", 1);
c:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.maxTimeGroupings", 25);
c:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.timeGroupingSize", 604800);
c:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.boundaryWeight", 25);
c:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.prefixWeight", 5);
c:\program files\mozilla firefox\greprefs\all.js - pref("html5.enable", false);
c:\program files\mozilla firefox\greprefs\security-prefs.js - pref("security.ssl.allow_unrestricted_renego_everywhere__temporarily_available_pref", true);
c:\program files\mozilla firefox\greprefs\security-prefs.js - pref("security.ssl.renego_unrestricted_hosts", "");
c:\program files\mozilla firefox\greprefs\security-prefs.js - pref("security.ssl.treat_unsafe_negotiation_as_broken", false);
c:\program files\mozilla firefox\greprefs\security-prefs.js - pref("security.ssl.require_safe_negotiation", false);
c:\program files\mozilla firefox\greprefs\security-prefs.js - pref("security.ssl3.rsa_seed_sha", true);
c:\program files\mozilla firefox\defaults\pref\firefox-branding.js - pref("app.update.download.backgroundInterval", 600);
c:\program files\mozilla firefox\defaults\pref\firefox-branding.js - pref("app.update.url.manual", "http://www.firefox.com");
c:\program files\mozilla firefox\defaults\pref\firefox-branding.js - pref("browser.search.param.yahoo-fr-ja", "mozff");
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.name", "chrome://browser/locale/browser.properties");
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.description", "chrome://browser/locale/browser.properties");
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("xpinstall.whitelist.add", "addons.mozilla.org");
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("xpinstall.whitelist.add.36", "getpersonas.com");
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("lightweightThemes.update.enabled", true);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("browser.allTabs.previews", false);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("plugins.hide_infobar_for_outdated_plugin", false);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("plugins.update.notifyUser", false);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("toolbar.customization.usesheet", false);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("browser.taskbar.previews.enable", false);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("browser.taskbar.previews.max", 20);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("browser.taskbar.previews.cachetime", 20);

============= SERVICES / DRIVERS ===============

R0 AVGIDSErHrw7x;AVG9IDSErHr;c:\windows\system32\drivers\AVGIDSwx.sys [2010-5-20 25096]
R0 AvgRkx86;avgrkx86.sys;c:\windows\system32\drivers\avgrkx86.sys [2010-5-20 52872]
R1 Avgfwfd;AVG network filter service;c:\windows\system32\drivers\avgfwd6x.sys [2010-5-20 24856]
R1 AvgLdx86;AVG AVI Loader Driver x86;c:\windows\system32\drivers\avgldx86.sys [2010-5-20 216200]
R1 AvgMfx86;AVG On-access Scanner Minifilter Driver x86;c:\windows\system32\drivers\avgmfx86.sys [2010-5-20 29584]
R1 AvgTdiX;AVG Network Redirector;c:\windows\system32\drivers\avgtdix.sys [2010-5-20 242896]
R2 avg9emc;AVG E-mail Scanner;c:\program files\avg\avg9\avgemc.exe [2010-5-20 916760]
R2 avg9wd;AVG WatchDog;c:\program files\avg\avg9\avgwdsvc.exe [2010-5-20 308064]
R2 avgfws9;AVG Firewall;c:\program files\avg\avg9\avgfws9.exe [2010-6-1 2331544]
R2 AVGIDSAgent;AVG9IDSAgent;c:\program files\avg\avg9\identity protection\agent\bin\AVGIDSAgent.exe [2010-5-20 5888008]
R3 AVGIDSDriverw7x;AVG9IDSDriver;c:\program files\avg\avg9\identity protection\agent\driver\platform_win7\AVGIDSDriver.sys [2010-5-20 122376]
R3 AVGIDSFilterw7x;AVG9IDSFilter;c:\program files\avg\avg9\identity protection\agent\driver\platform_win7\AVGIDSFilter.sys [2010-5-20 30216]
R3 AVGIDSShimw7x;AVG9IDSShim;c:\program files\avg\avg9\identity protection\agent\driver\platform_win7\AVGIDSShim.sys [2010-5-20 20488]
R3 UsbFltr;WayTech USB Filter Driver1;c:\windows\system32\drivers\UsbFltr.sys [2007-4-9 9600]
R3 yukonw7;NDIS6.2 Miniport Driver for Marvell Yukon Ethernet Controller;c:\windows\system32\drivers\yk62x86.sys [2009-9-28 315392]
S3 AVG Security Toolbar Service;AVG Security Toolbar Service;c:\program files\avg\avg9\toolbar\ToolbarBroker.exe [2010-5-20 430152]
S3 b57nd60x;Broadcom NetXtreme Gigabit Ethernet - NDIS 6.0;c:\windows\system32\drivers\b57nd60x.sys [2009-7-13 229888]
S3 Microsoft SharePoint Workspace Audit Service;Microsoft SharePoint Workspace Audit Service;c:\program files\microsoft office\office14\GROOVE.EXE [2010-1-21 30963576]
S3 osppsvc;Office Software Protection Platform;c:\program files\common files\microsoft shared\officesoftwareprotectionplatform\OSPPSVC.EXE [2010-1-9 4640000]
S3 SwitchBoard;Adobe SwitchBoard;c:\program files\common files\adobe\switchboard\SwitchBoard.exe [2010-2-19 517096]
S3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\wat\WatAdminSvc.exe [2010-5-21 1343400]

=============== Created Last 30 ================

2010-06-04 02:18:33 0 d-----w- c:\program files\CCleaner
2010-06-04 01:56:07 0 d-----w- c:\users\metroidn1f\fontconfig
2010-06-04 01:46:01 0 d-----w- c:\users\metroidn1f\.smplayer
2010-06-04 01:04:46 0 d-----w- c:\programdata\StaxRip
2010-06-04 00:15:59 0 d-----w- c:\users\metroi~1\appdata\roaming\Broad Intelligence
2010-06-04 00:13:02 0 d-----w- c:\program files\MediaCoder
2010-06-03 21:48:44 0 d-----w- c:\users\metroi~1\appdata\roaming\HandBrake
2010-06-03 21:48:40 0 d-----w- c:\program files\Handbrake
2010-06-03 21:16:20 0 d-----w- c:\users\metroi~1\appdata\roaming\avidemux
2010-06-03 19:12:17 0 d-----w- C:\.jagex_cache_32
2010-06-01 21:47:30 0 d-----w- c:\users\metroi~1\appdata\roaming\Malwarebytes
2010-06-01 21:47:18 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2010-06-01 21:47:18 0 d-----w- c:\programdata\Malwarebytes
2010-06-01 21:47:17 20952 ----a-w- c:\windows\system32\drivers\mbam.sys
2010-06-01 21:47:17 0 d-----w- c:\program files\Malwarebytes' Anti-Malware
2010-06-01 20:24:19 0 d-----w- c:\program files\Trend Micro
2010-06-01 11:58:53 0 d-----w- c:\temp\RipBot264temp
2010-06-01 00:34:43 0 d-----w- C:\Temp
2010-06-01 00:34:13 0 d-----w- c:\program files\Haali
2010-06-01 00:32:50 50688 ----a-w- c:\windows\system32\ff_acm.acm
2010-06-01 00:30:20 929792 ----a-w- c:\windows\system32\dtsdecoderdll.dll
2010-06-01 00:30:20 92672 ----a-w- c:\windows\system32\MagUIInter.dll
2010-06-01 00:30:20 55808 ----a-w- c:\windows\system32\MagPCMac.dll
2010-06-01 00:30:20 536652 ----a-w- c:\windows\system32\ASAudioHD.ax
2010-06-01 00:30:20 35328 ----a-w- c:\windows\system32\MagCore.dll
2010-06-01 00:30:20 285184 ----a-w- c:\windows\system32\MagUIEngine.dll
2010-06-01 00:30:20 106496 ----a-w- c:\windows\system32\checkactivate.dll
2010-06-01 00:30:19 417792 ----a-w- c:\windows\system32\FLVSplitter.ax
2010-05-28 01:15:23 0 d-----w- c:\programdata\AIM
2010-05-28 01:15:19 0 d-----w- c:\program files\common files\Software Update Utility
2010-05-28 01:15:19 0 d-----w- c:\program files\AIM
2010-05-28 01:15:17 0 d-----w- c:\program files\common files\AOL
2010-05-28 01:15:02 350 ---ha-w- C:\IPH.PH
2010-05-27 17:26:32 0 d-----w- c:\program files\AviSynth 2.5
2010-05-27 17:24:53 0 d-----w- c:\program files\MeGUI
2010-05-27 17:03:02 0 d-----w- c:\users\metroi~1\appdata\roaming\mkvtoolnix
2010-05-27 16:25:12 237 ----a-w- c:\programdata\nvUnsupRes.dat
2010-05-27 01:50:05 411480 ----a-w- c:\windows\system32\tsccvid.dll
2010-05-27 01:50:02 0 d-----w- c:\windows\system32\QuickTime
2010-05-27 01:49:41 0 d-----w- c:\program files\common files\TechSmith Shared
2010-05-27 01:49:40 0 d-----w- c:\programdata\TechSmith
2010-05-26 19:50:50 60273 ----a-w- c:\windows\system32\pthreadGC2.dll
2010-05-26 19:49:37 0 d-----w- c:\program files\AVS4YOU
2010-05-26 19:08:10 2048 ----a-w- c:\windows\system32\tzres.dll
2010-05-26 02:52:23 0 d-----w- c:\program files\Unlocker
2010-05-26 02:26:54 0 d-----w- c:\users\metroi~1\appdata\roaming\AVS4YOU
2010-05-26 02:24:37 0 d-----w- c:\program files\common files\AVSMedia
2010-05-26 02:24:34 974848 ----a-w- c:\windows\system32\mfc70.dll
2010-05-26 02:24:34 487424 ----a-w- c:\windows\system32\msvcp70.dll
2010-05-26 02:24:34 344064 ----a-w- c:\windows\system32\msvcr70.dll
2010-05-26 02:24:34 24576 ----a-w- c:\windows\system32\msxml3a.dll
2010-05-26 02:24:34 0 d-----w- c:\programdata\AVS4YOU
2010-05-25 04:30:41 0 d-----w- c:\users\metroidn1f\.idlerc
2010-05-25 02:58:58 0 d-----w- C:\Python26
2010-05-25 02:51:05 0 d-----w- c:\program files\Universal Extractor
2010-05-25 00:31:23 0 d-----w- C:\Fraps
2010-05-24 14:56:48 20 ----a-w- c:\windows\system32\SYSTEM
2010-05-23 15:53:33 2414360 ----a-w- c:\windows\system32\d3dx9_31.dll
2010-05-23 15:53:33 1892184 ----a-w- c:\windows\system32\D3DX9_42.dll
2010-05-23 15:53:09 0 d-----w- c:\program files\Winamp Detect
2010-05-23 00:33:58 0 d-----w- c:\program files\Microsoft Synchronization Services
2010-05-23 00:33:18 0 d-----w- c:\program files\Microsoft SQL Server Compact Edition
2010-05-23 00:31:49 0 d-----w- c:\program files\Microsoft Visual Studio 8
2010-05-23 00:31:01 0 d-----w- c:\program files\Microsoft Analysis Services
2010-05-23 00:30:38 0 d-----w- c:\programdata\Microsoft Help
2010-05-22 22:12:15 0 d-----w- c:\programdata\boost_interprocess
2010-05-22 21:51:11 0 d-----w- c:\users\metroi~1\appdata\roaming\TigerPlayer
2010-05-22 21:50:40 0 d-----w- c:\programdata\Apple Computer
2010-05-22 21:50:39 0 d-----w- c:\program files\MpcStar
2010-05-22 21:15:04 0 d-----w- c:\users\metroidn1f\Tracing
2010-05-22 21:14:35 0 d-----w- c:\program files\Microsoft
2010-05-22 21:14:18 0 d-----w- c:\program files\Windows Live SkyDrive
2010-05-22 21:13:42 0 d-----w- c:\windows\PCHEALTH
2010-05-22 21:12:15 0 d-----w- c:\program files\common files\Windows Live
2010-05-21 23:22:47 87 ----a-w- c:\users\metroidn1f\jagex_runescape_preferences2.dat
2010-05-21 23:22:47 0 ----a-w- c:\users\metroidn1f\jagex__preferences3.dat
2010-05-21 22:04:45 0 d-----w- c:\program files\K-Lite Codec Pack
2010-05-21 21:02:22 0 d-----w- c:\users\metroi~1\appdata\roaming\BSplayer PRO
2010-05-21 21:02:22 0 d-----w- c:\program files\Webteh
2010-05-21 20:27:05 0 d-----w- c:\programdata\NVIDIA
2010-05-21 20:26:30 0 d-----w- c:\program files\NVIDIA Corporation
2010-05-21 20:25:38 12800 ----a-w- c:\windows\system32\drivers\sffp_sd.sys
2010-05-21 20:06:59 42 ----a-w- c:\users\metroidn1f\jagex_runescape_preferences.dat
2010-05-21 20:06:58 0 d-----w- c:\windows\.jagex_cache_32
2010-05-21 19:44:09 0 d-----w- c:\users\metroidn1f\dwhelper
2010-05-21 18:57:45 0 d-----w- c:\windows\system32\Wat
2010-05-21 12:30:08 257024 ----a-w- c:\windows\system32\msv1_0.dll
2010-05-21 12:26:03 194488 ----a-w- c:\windows\system32\drivers\fvevol.sys
2010-05-21 12:26:00 977920 ----a-w- c:\windows\system32\wininet.dll
2010-05-21 03:26:05 0 d-----w- c:\programdata\regid.1986-12.com.adobe
2010-05-21 03:07:47 0 d-----w- c:\windows\pss
2010-05-21 03:05:25 0 d-----w- c:\windows\Panther
2010-05-21 03:05:12 8192 --sha-r- C:\BOOTSECT.BAK
2010-05-21 03:05:11 383562 --sha-r- C:\bootmgr
2010-05-21 03:05:10 0 d-sh--w- C:\Boot
2010-05-21 02:02:45 0 d-----w- c:\programdata\ALM
2010-05-21 01:53:13 0 d-----w- c:\users\metroidn1f\Adobe Flash Builder 4
2010-05-21 01:50:49 0 d-----w- c:\programdata\Sun
2010-05-21 01:50:26 411368 ----a-w- c:\windows\system32\deployJava1.dll
2010-05-21 01:42:55 0 d-----w- c:\program files\My Company Name
2010-05-21 01:42:55 0 d-----w- c:\program files\common files\PX Storage Engine
2010-05-21 01:34:41 0 d-----w- c:\programdata\Adobe
2010-05-21 01:18:21 0 d--h--w- C:\$AVG
2010-05-21 01:17:11 0 d--h--w- c:\windows\PIF
2010-05-21 01:06:28 0 d-----w- c:\program files\Elaborate Bytes
2010-05-21 00:56:16 12464 ----a-w- c:\windows\system32\avgrsstx.dll
2010-05-21 00:56:15 25096 ----a-w- c:\windows\system32\drivers\AVGIDSwx.sys
2010-05-21 00:56:14 52872 ----a-w- c:\windows\system32\drivers\avgrkx86.sys
2010-05-21 00:56:14 242896 ----a-w- c:\windows\system32\drivers\avgtdix.sys
2010-05-21 00:56:08 216200 ----a-w- c:\windows\system32\drivers\avgldx86.sys
2010-05-21 00:56:07 0 d-----w- c:\windows\system32\drivers\Avg
2010-05-21 00:56:06 0 d-----w- c:\programdata\AVG Security Toolbar
2010-05-21 00:55:47 24856 ----a-w- c:\windows\system32\drivers\avgfwd6x.sys
2010-05-21 00:55:47 0 d-----w- c:\program files\AVG
2010-05-21 00:55:45 0 d-----w- c:\programdata\avg9
2010-05-21 00:51:18 3 --sha-r- C:\win7ldr
2010-05-21 00:51:18 3 ----a-w- c:\windows\7Loader.TAG
2010-05-21 00:51:18 203316 --sha-r- C:\grldr
2010-05-21 00:46:06 0 d-sh--w- c:\windows\Installer
2010-05-21 00:11:54 221568 ------w- c:\windows\system32\MpSigStub.exe
2010-05-21 00:05:55 0 d-----w- c:\users\metroi~1\appdata\roaming\BitComet
2010-05-21 00:05:55 0 d-----w- C:\Downloads
2010-05-21 00:02:04 0 d-----w- c:\program files\BitComet
2010-05-20 23:59:46 717892 ----a-w- c:\windows\system32\PerfStringBackup.INI
2010-05-20 23:59:20 0 d-----w- c:\windows\system32\wbem\Performance
2010-05-20 23:56:29 172032 ----a-w- c:\windows\system32\wintrust.dll
2010-05-20 23:56:28 132608 ----a-w- c:\windows\system32\cabview.dll
2010-05-20 23:07:24 0 ---ha-w- c:\windows\system32\drivers\Msft_User_WpdFs_01_09_00.Wdf

==================== Find3M ====================

2010-05-25 00:33:00 108032 ----a-w- c:\windows\system32\ff_vfw.dll
2010-04-17 02:12:18 48464 ----a-w- c:\windows\system32\sirenacm.dll
2010-04-07 16:15:48 3297280 ----a-w- c:\windows\system32\x264vfw.dll
2010-04-03 22:27:00 985704 ----a-w- c:\windows\system32\nvsvc.dll
2010-04-03 22:27:00 66664 ----a-w- c:\windows\system32\nvshext.dll
2010-04-03 22:27:00 13683816 ----a-w- c:\windows\system32\nvcpl.dll
2010-04-03 22:27:00 129640 ----a-w- c:\windows\system32\nvvsvc.exe
2010-04-03 22:27:00 110696 ----a-w- c:\windows\system32\nvmctray.dll
2010-03-31 05:15:22 86016 ----a-w- c:\windows\system32\frapsvid.dll
2010-03-20 01:52:08 2145280 ----a-w- c:\windows\system32\python26.dll
2010-03-15 09:31:48 165376 ----a-w- c:\windows\system32\unrar.dll
2010-03-08 21:33:56 427520 ----a-w- c:\windows\system32\vbscript.dll
2009-07-14 04:56:42 31548 ----a-w- c:\windows\inf\perflib\0409\perfd.dat
2009-07-14 04:56:42 31548 ----a-w- c:\windows\inf\perflib\0409\perfc.dat
2009-07-14 04:56:42 291294 ----a-w- c:\windows\inf\perflib\0409\perfi.dat
2009-07-14 04:56:42 291294 ----a-w- c:\windows\inf\perflib\0409\perfh.dat
2009-07-14 04:41:57 174 --sha-w- c:\program files\desktop.ini
2009-07-14 00:34:40 291294 ----a-w- c:\windows\inf\perflib\0000\perfi.dat
2009-07-14 00:34:40 291294 ----a-w- c:\windows\inf\perflib\0000\perfh.dat
2009-07-14 00:34:38 31548 ----a-w- c:\windows\inf\perflib\0000\perfd.dat
2009-07-14 00:34:38 31548 ----a-w- c:\windows\inf\perflib\0000\perfc.dat
2009-06-10 21:26:35 9633792 --sha-r- c:\windows\fonts\StaticCache.dat
2009-07-14 01:14:45 396800 --sha-w- c:\windows\winsxs\x86_microsoft-windows-mail-app_31bf3856ad364e35_6.1.7600.16385_none_f12e83abb108c86c\WinMail.exe

============= FINISH: 11:03:37.67 ===============

Attached Files



#4 Metroidn1f

Metroidn1f
  • Topic Starter

  • Members
  • 16 posts
  • OFFLINE
  •  
  • Local time:03:21 AM

Posted 06 June 2010 - 10:11 AM

I was going to post a log from RSIT, but it did not work. I got a variable error. The Variable was not declared, I will run it again to see what line it was on. Line 2563. Also, the first time I ran it, AVG Internet Security found it as malware I believe it was. I set it to be allow. The second time that I ran it, it did not report anything. If you could post a different link to RSIT so I can download it again if it is required for the log to be seen, just go ahead. If there is any other tools that you need me to run, just post them up and I will run them.

EDIT: 4 bumps removed. Do not bump your topic. We try to resolve logs on a first come/first served basis. By bumping your log you will be pushed back in line due to the new date of your bump. ~BP

Edited by Budapest, 06 June 2010 - 10:47 PM.


#5 schrauber

schrauber

    Mr.Mechanic


  • Malware Response Team
  • 24,794 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Munich,Germany
  • Local time:08:21 AM

Posted 09 June 2010 - 01:14 PM

Hello and welcome to Bleeping Computer

We apologize for the delay in responding to your request for help. Here at Bleeping Computer we get overwhelmed at times, and we are trying our best to keep up. Please note that your topic was not intentionally overlooked. Our mission is to help everyone in need, but sometimes it takes just a little longer to get to every request for help. No one is ignored here.

If you have since resolved the original problem you were having, we would appreciate you letting us know. If not please perform the following steps below so we can have a look at the current condition of your machine.

If you have not done so, include a clear description of the problems you're having, along with any steps you may have performed so far.

Upon completing the steps below another staff member will review and take the steps necessary with you to get your machine back in working order clean and free of malware.

If you have already posted a DDS log, please do so again, as your situation may have changed.
Use the 'Add Reply' and add the new log to this thread.


Thanks and again sorry for the delay.

We need to see some information about what is happening in your machine. Please perform the following scan:
  • Download DDS by sUBs from one of the following links. Save it to your desktop.
  • Double click on the DDS icon, allow it to run.
  • A small box will open, with an explaination about the tool. No input is needed, the scan is running.
  • Notepad will open with the results.
  • Follow the instructions that pop up for posting the results.
  • Close the program window, and delete the program from your desktop.
Please note: You may have to disable any script protection running if the scan fails to run. After downloading the tool, disconnect from the internet and disable all antivirus protection. Run the scan, enable your A/V and reconnect to the internet.

Information on A/V control HERE



Please download GMER from one of the following locations and save it to your desktop:
  • Main Mirror
    This version will download a randomly named file (Recommended)
  • Zipped Mirror
    This version will download a zip file you will need to extract first. If you use this mirror, please extract the zip file to your desktop.
  • Disconnect from the Internet and close all running programs.
  • Temporarily disable any real-time active protection so your security programs will not conflict with gmer's driver.
  • Double-click on the randomly named GMER file (i.e. n7gmo46c.exe) and allow the gmer.sys driver to load if asked.
  • Note: If you downloaded the zipped version, extract the file to its own folder such as C:\gmer and then double-click on gmer.exe.


  • GMER will open to the Rootkit/Malware tab and perform an automatic quick scan when first run. (do not use the computer while the scan is in progress)
  • If you receive a WARNING!!! about rootkit activity and are asked to fully scan your system...click NO.
  • Now click the Scan button. If you see a rootkit warning window, click OK.
  • When the scan is finished, click the Save... button to save the scan results to your Desktop. Save the file as gmer.log.
  • Click the Copy button and paste the results into your next reply.
  • Exit GMER and re-enable all active protection when done.
-- If you encounter any problems, try running GMER in Safe Mode.
regards,
schrauber

Posted Image
Posted Image

If I've not posted back within 48 hrs., feel free to send a PM with your topic link. Thank you!

If I have helped you then please consider donating to continue the fight against malware Posted Image

#6 Metroidn1f

Metroidn1f
  • Topic Starter

  • Members
  • 16 posts
  • OFFLINE
  •  
  • Local time:03:21 AM

Posted 11 June 2010 - 06:01 PM


DDS (Ver_10-03-17.01) - NTFSx86
Run by Metroidn1f at 18:58:09.24 on 11/06/2010
Internet Explorer: 8.0.7600.16385 BrowserJavaVersion: 1.6.0_20
Microsoft Windows 7 Ultimate 6.1.7600.0.1252.2.1033.18.3327.2068 [GMT -4:00]


============== Running Processes ===============

C:\Windows\system32\wininit.exe
C:\Program Files\AVG\AVG9\avgchsvx.exe
C:\Program Files\AVG\AVG9\avgrsx.exe
C:\Windows\system32\lsm.exe
C:\Program Files\AVG\AVG9\avgcsrvx.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\nvvsvc.exe
C:\Windows\system32\svchost.exe -k RPCSS
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\nvvsvc.exe
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\System32\spoolsv.exe
C:\Program Files\AVG\AVG9\Identity Protection\Agent\Bin\AVGIDSAgent.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Program Files\AVG\AVG9\avgwdsvc.exe
C:\Program Files\AVG\AVG9\avgfws9.exe
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Program Files\AVG\AVG9\avgemc.exe
C:\Program Files\AVG\AVG9\avgam.exe
C:\Program Files\AVG\AVG9\avgnsx.exe
C:\Program Files\AVG\AVG9\avgcsrvx.exe
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\Program Files\AVG\AVG9\avgcsrvx.exe
C:\Windows\system32\taskhost.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Program Files\AVG\AVG9\avgtray.exe
C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Program Files\Windows Live\Messenger\msnmsgr.exe
C:\Program Files\AIM\aim.exe
C:\Program Files\AVG\AVG9\Identity Protection\agent\bin\avgidsmonitor.exe
C:\Windows\system32\conhost.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Windows\system32\SearchIndexer.exe
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Program Files\Common Files\Adobe\OOBE\PDApp\UWA\AAM Updates Notifier.exe
C:\Program Files\Java\jre6\bin\javaw.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Users\Metroidn1f\Desktop\dds.scr
C:\Windows\system32\conhost.exe

============== Pseudo HJT Report ===============

uURLSearchHooks: AVG Security Toolbar BHO: {a3bc75a2-1f87-4686-aa43-5347d756017c} - c:\program files\avg\avg9\toolbar\IEToolbar.dll
BHO: ContributeBHO Class: {074c1dc5-9320-4a9a-947d-c042949c6216} - c:\program files\adobe\adobe contribute cs5\plugins\ieplugin\contributeieplugin.dll
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll
BHO: BitComet Helper: {39f7e362-828a-4b5a-bcaf-5b79bfdfea60} - c:\program files\bitcomet\tools\BitCometBHO_1.4.4.13.dll
BHO: AVG Safe Search: {3ca2f312-6f6e-4b53-a66e-4e65e497c8c0} - c:\program files\avg\avg9\avgssie.dll
BHO: {5C255C8A-E604-49b4-9D64-90988571CECB} - No File
BHO: Groove GFS Browser Helper: {72853161-30c5-4d22-b7f9-0bbc1d38a37e} - c:\progra~1\micros~3\office14\GROOVEEX.DLL
BHO: Windows Live Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - c:\program files\common files\microsoft shared\windows live\WindowsLiveLogin.dll
BHO: AVG Security Toolbar BHO: {a3bc75a2-1f87-4686-aa43-5347d756017c} - c:\program files\avg\avg9\toolbar\IEToolbar.dll
BHO: Office Document Cache Handler: {b4f3a835-0e21-4959-ba22-42b3008e02ff} - c:\progra~1\micros~3\office14\URLREDIR.DLL
BHO: Java™ Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
TB: Contribute Toolbar: {517bdde4-e3a7-4570-b21e-2b52b6139fc7} - c:\program files\adobe\adobe contribute cs5\plugins\ieplugin\contributeieplugin.dll
TB: AVG Security Toolbar: {ccc7a320-b3ca-4199-b1a6-9f516dd69829} - c:\program files\avg\avg9\toolbar\IEToolbar.dll
uRun: [Sidebar] c:\program files\windows sidebar\sidebar.exe /autoRun
uRun: [msnmsgr] "c:\program files\windows live\messenger\msnmsgr.exe" /background
uRun: [Aim] "c:\program files\aim\aim.exe" /d locale=en-CA
uRunOnce: [FlashPlayerUpdate] c:\windows\system32\macromed\flash\NPSWF32_FlashUtil.exe -p
mRun: [AVG9_TRAY] c:\progra~1\avg\avg9\avgtray.exe
mRun: [Adobe Reader Speed Launcher] "c:\program files\adobe\reader 9.0\reader\Reader_sl.exe"
mRun: [Adobe ARM] "c:\program files\common files\adobe\arm\1.0\AdobeARM.exe"
mPolicies-system: ConsentPromptBehaviorAdmin = 0 (0x0)
mPolicies-system: ConsentPromptBehaviorUser = 3 (0x3)
mPolicies-system: EnableLUA = 0 (0x0)
mPolicies-system: EnableUIADesktopToggle = 0 (0x0)
mPolicies-system: PromptOnSecureDesktop = 0 (0x0)
IE: &D&ownload &with BitComet - c:\program files\bitcomet\BitComet.exe/AddLink.htm
IE: &D&ownload all video with BitComet - c:\program files\bitcomet\BitComet.exe/AddVideo.htm
IE: &D&ownload all with BitComet - c:\program files\bitcomet\BitComet.exe/AddAllLink.htm
IE: E&xport to Microsoft Excel - c:\progra~1\micros~3\office14\EXCEL.EXE/3000
IE: Se&nd to OneNote - c:\progra~1\micros~3\office14\ONBttnIE.dll/105
IE: {D18A0B52-D63C-4ed0-AFC6-C1E3DC1AF43A} - res://c:\program files\bitcomet\tools\BitCometBHO_1.4.4.13.dll/206
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab
Filter: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - c:\program files\common files\microsoft shared\office14\MSOXMLMF.DLL
Handler: AutorunsDisabled\avgsecuritytoolbar - {F2DDE6B2-9684-4A55-86D4-E255E237B77C} - c:\program files\avg\avg9\toolbar\IEToolbar.dll
Handler: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - c:\program files\avg\avg9\avgpp.dll
AppInit_DLLs: avgrsstx.dll
SEH: Groove GFS Stub Execution Hook: {b5a7f190-dda6-4420-b3ba-52453494e6cd} - c:\progra~1\micros~3\office14\GROOVEEX.DLL
Hosts: 0.0.0.0 localhost

================= FIREFOX ===================

FF - ProfilePath - c:\users\metroi~1\appdata\roaming\mozilla\firefox\profiles\byrk88sh.default\
FF - prefs.js: browser.startup.homepage - hxxp://www.youtube.com
FF - component: c:\program files\adobe\adobe contribute cs5\plugins\firefoxplugin\{01a8ca0a-4c96-465b-a49b-65c46fad54f9}\components\Contribute.dll
FF - component: c:\program files\avg\avg9\firefox\components\avgssff.dll
FF - component: c:\users\metroidn1f\appdata\roaming\mozilla\firefox\profiles\byrk88sh.default\extensions\{b042753d-f57e-4e8e-a01b-7379a6d4cefb}\components\IBitCometExtension.dll
FF - plugin: c:\progra~1\micros~3\office14\NPAUTHZ.DLL
FF - plugin: c:\progra~1\micros~3\office14\NPSPWRAP.DLL
FF - plugin: c:\program files\java\jre6\bin\new_plugin\npdeployJava1.dll
FF - plugin: c:\program files\k-lite codec pack\real\browser\plugins\nppl3260.dll
FF - plugin: c:\program files\k-lite codec pack\real\browser\plugins\nprpjplug.dll
FF - plugin: c:\program files\mozilla firefox\plugins\npContribute.dll
FF - plugin: c:\program files\mozilla firefox\plugins\npdnu.dll
FF - plugin: c:\program files\mozilla firefox\plugins\npdnupdater2.dll
FF - plugin: c:\program files\mozilla firefox\plugins\npwachk.dll
FF - plugin: c:\program files\mpcstar\codecs\real\browser\plugins\nppl3260.dll
FF - plugin: c:\program files\mpcstar\codecs\real\browser\plugins\nprpjplug.dll
FF - HiddenExtension: Java Console: No Registry Reference - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}

---- FIREFOX POLICIES ----
FF - user.js: network.protocol-handler.warn-external.dnupdate - falsec:\program files\mozilla firefox\greprefs\all.js - pref("ui.use_native_colors", true);
c:\program files\mozilla firefox\greprefs\all.js - pref("ui.use_native_popup_windows", false);
c:\program files\mozilla firefox\greprefs\all.js - pref("browser.enable_click_image_resizing", true);
c:\program files\mozilla firefox\greprefs\all.js - pref("accessibility.browsewithcaret_shortcut.enabled", true);
c:\program files\mozilla firefox\greprefs\all.js - pref("javascript.options.mem.high_water_mark", 32);
c:\program files\mozilla firefox\greprefs\all.js - pref("javascript.options.mem.gc_frequency", 1600);
c:\program files\mozilla firefox\greprefs\all.js - pref("network.auth.force-generic-ntlm", false);
c:\program files\mozilla firefox\greprefs\all.js - pref("svg.smil.enabled", false);
c:\program files\mozilla firefox\greprefs\all.js - pref("ui.trackpoint_hack.enabled", -1);
c:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.debug", false);
c:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.agedWeight", 2);
c:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.bucketSize", 1);
c:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.maxTimeGroupings", 25);
c:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.timeGroupingSize", 604800);
c:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.boundaryWeight", 25);
c:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.prefixWeight", 5);
c:\program files\mozilla firefox\greprefs\all.js - pref("html5.enable", false);
c:\program files\mozilla firefox\greprefs\security-prefs.js - pref("security.ssl.allow_unrestricted_renego_everywhere__temporarily_available_pref", true);
c:\program files\mozilla firefox\greprefs\security-prefs.js - pref("security.ssl.renego_unrestricted_hosts", "");
c:\program files\mozilla firefox\greprefs\security-prefs.js - pref("security.ssl.treat_unsafe_negotiation_as_broken", false);
c:\program files\mozilla firefox\greprefs\security-prefs.js - pref("security.ssl.require_safe_negotiation", false);
c:\program files\mozilla firefox\greprefs\security-prefs.js - pref("security.ssl3.rsa_seed_sha", true);
c:\program files\mozilla firefox\defaults\pref\firefox-branding.js - pref("app.update.download.backgroundInterval", 600);
c:\program files\mozilla firefox\defaults\pref\firefox-branding.js - pref("app.update.url.manual", "http://www.firefox.com");
c:\program files\mozilla firefox\defaults\pref\firefox-branding.js - pref("browser.search.param.yahoo-fr-ja", "mozff");
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.name", "chrome://browser/locale/browser.properties");
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.description", "chrome://browser/locale/browser.properties");
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("xpinstall.whitelist.add", "addons.mozilla.org");
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("xpinstall.whitelist.add.36", "getpersonas.com");
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("lightweightThemes.update.enabled", true);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("browser.allTabs.previews", false);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("plugins.hide_infobar_for_outdated_plugin", false);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("plugins.update.notifyUser", false);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("toolbar.customization.usesheet", false);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("browser.taskbar.previews.enable", false);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("browser.taskbar.previews.max", 20);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("browser.taskbar.previews.cachetime", 20);

============= SERVICES / DRIVERS ===============

R0 AVGIDSErHrw7x;AVG9IDSErHr;c:\windows\system32\drivers\AVGIDSwx.sys [2010-5-20 25096]
R0 AvgRkx86;avgrkx86.sys;c:\windows\system32\drivers\avgrkx86.sys [2010-5-20 52872]
R1 Avgfwfd;AVG network filter service;c:\windows\system32\drivers\avgfwd6x.sys [2010-5-20 24856]
R1 AvgLdx86;AVG AVI Loader Driver x86;c:\windows\system32\drivers\avgldx86.sys [2010-5-20 216200]
R1 AvgMfx86;AVG On-access Scanner Minifilter Driver x86;c:\windows\system32\drivers\avgmfx86.sys [2010-5-20 29584]
R1 AvgTdiX;AVG Network Redirector;c:\windows\system32\drivers\avgtdix.sys [2010-5-20 242896]
R2 avg9emc;AVG E-mail Scanner;c:\program files\avg\avg9\avgemc.exe [2010-5-20 916760]
R2 avg9wd;AVG WatchDog;c:\program files\avg\avg9\avgwdsvc.exe [2010-5-20 308064]
R2 avgfws9;AVG Firewall;c:\program files\avg\avg9\avgfws9.exe [2010-6-1 2331544]
R2 AVGIDSAgent;AVG9IDSAgent;c:\program files\avg\avg9\identity protection\agent\bin\AVGIDSAgent.exe [2010-5-20 5888008]
R3 AVGIDSDriverw7x;AVG9IDSDriver;c:\program files\avg\avg9\identity protection\agent\driver\platform_win7\AVGIDSDriver.sys [2010-5-20 122376]
R3 AVGIDSFilterw7x;AVG9IDSFilter;c:\program files\avg\avg9\identity protection\agent\driver\platform_win7\AVGIDSFilter.sys [2010-5-20 30216]
R3 AVGIDSShimw7x;AVG9IDSShim;c:\program files\avg\avg9\identity protection\agent\driver\platform_win7\AVGIDSShim.sys [2010-5-20 20488]
R3 UsbFltr;WayTech USB Filter Driver1;c:\windows\system32\drivers\UsbFltr.sys [2007-4-9 9600]
R3 yukonw7;NDIS6.2 Miniport Driver for Marvell Yukon Ethernet Controller;c:\windows\system32\drivers\yk62x86.sys [2009-9-28 315392]
S3 AVG Security Toolbar Service;AVG Security Toolbar Service;c:\program files\avg\avg9\toolbar\ToolbarBroker.exe [2010-5-20 430152]
S3 b57nd60x;Broadcom NetXtreme Gigabit Ethernet - NDIS 6.0;c:\windows\system32\drivers\b57nd60x.sys [2009-7-13 229888]
S3 Microsoft SharePoint Workspace Audit Service;Microsoft SharePoint Workspace Audit Service;c:\program files\microsoft office\office14\GROOVE.EXE [2010-1-21 30963576]
S3 osppsvc;Office Software Protection Platform;c:\program files\common files\microsoft shared\officesoftwareprotectionplatform\OSPPSVC.EXE [2010-1-9 4640000]
S3 SwitchBoard;Adobe SwitchBoard;c:\program files\common files\adobe\switchboard\SwitchBoard.exe [2010-2-19 517096]
S3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\wat\WatAdminSvc.exe [2010-5-21 1343400]

=============== Created Last 30 ================

2010-06-08 19:38:54 32 ----a-w- C:\Miley Cyrus Read.mp4
2010-06-07 22:35:07 0 d-----w- c:\programdata\WinZip
2010-06-07 20:18:35 0 ----a-w- c:\windows\MSYS.INI
2010-06-07 19:54:55 0 d-----w- C:\BeSweet
2010-06-07 19:44:59 0 d-----w- C:\eac3to
2010-06-07 17:38:13 0 d-----w- c:\programdata\NOS
2010-06-07 00:59:13 0 d---a-w- C:\ffmpeg4
2010-06-07 00:21:11 0 d-----w- C:\ffmpeg2
2010-06-07 00:01:24 0 d-----w- C:\ffmpeg
2010-06-06 23:52:33 0 d-----w- C:\FFmpeg-svn-22140
2010-06-06 20:33:37 0 d-----w- c:\program files\MKVtoolnix
2010-06-04 02:18:33 0 d-----w- c:\program files\CCleaner
2010-06-04 01:56:07 0 d-----w- c:\users\metroidn1f\fontconfig
2010-06-04 01:46:01 0 d-----w- c:\users\metroidn1f\.smplayer
2010-06-04 01:04:46 0 d-----w- c:\programdata\StaxRip
2010-06-04 00:15:59 0 d-----w- c:\users\metroi~1\appdata\roaming\Broad Intelligence
2010-06-04 00:13:02 0 d-----w- c:\program files\MediaCoder
2010-06-03 21:48:44 0 d-----w- c:\users\metroi~1\appdata\roaming\HandBrake
2010-06-03 21:48:40 0 d-----w- c:\program files\Handbrake
2010-06-03 21:16:20 0 d-----w- c:\users\metroi~1\appdata\roaming\avidemux
2010-06-03 19:12:17 0 d-----w- C:\.jagex_cache_32
2010-06-01 21:47:30 0 d-----w- c:\users\metroi~1\appdata\roaming\Malwarebytes
2010-06-01 21:47:18 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2010-06-01 21:47:18 0 d-----w- c:\programdata\Malwarebytes
2010-06-01 21:47:17 20952 ----a-w- c:\windows\system32\drivers\mbam.sys
2010-06-01 21:47:17 0 d-----w- c:\program files\Malwarebytes' Anti-Malware
2010-06-01 20:24:19 0 d-----w- c:\program files\Trend Micro
2010-06-01 11:58:53 0 d-----w- c:\temp\RipBot264temp
2010-06-01 00:34:43 0 d-----w- C:\Temp
2010-06-01 00:34:13 0 d-----w- c:\program files\Haali
2010-06-01 00:32:50 50688 ----a-w- c:\windows\system32\ff_acm.acm
2010-06-01 00:30:20 929792 ----a-w- c:\windows\system32\dtsdecoderdll.dll
2010-06-01 00:30:20 92672 ----a-w- c:\windows\system32\MagUIInter.dll
2010-06-01 00:30:20 55808 ----a-w- c:\windows\system32\MagPCMac.dll
2010-06-01 00:30:20 536652 ----a-w- c:\windows\system32\ASAudioHD.ax
2010-06-01 00:30:20 35328 ----a-w- c:\windows\system32\MagCore.dll
2010-06-01 00:30:20 285184 ----a-w- c:\windows\system32\MagUIEngine.dll
2010-06-01 00:30:20 106496 ----a-w- c:\windows\system32\checkactivate.dll
2010-06-01 00:30:19 417792 ----a-w- c:\windows\system32\FLVSplitter.ax
2010-05-28 01:15:23 0 d-----w- c:\programdata\AIM
2010-05-28 01:15:19 0 d-----w- c:\program files\common files\Software Update Utility
2010-05-28 01:15:19 0 d-----w- c:\program files\AIM
2010-05-28 01:15:17 0 d-----w- c:\program files\common files\AOL
2010-05-28 01:15:02 350 ---ha-w- C:\IPH.PH
2010-05-27 17:26:32 0 d-----w- c:\program files\AviSynth 2.5
2010-05-27 17:24:53 0 d-----w- c:\program files\MeGUI
2010-05-27 17:03:02 0 d-----w- c:\users\metroi~1\appdata\roaming\mkvtoolnix
2010-05-27 16:25:12 237 ----a-w- c:\programdata\nvUnsupRes.dat
2010-05-27 01:50:05 411480 ----a-w- c:\windows\system32\tsccvid.dll
2010-05-27 01:50:02 0 d-----w- c:\windows\system32\QuickTime
2010-05-27 01:49:41 0 d-----w- c:\program files\common files\TechSmith Shared
2010-05-27 01:49:40 0 d-----w- c:\programdata\TechSmith
2010-05-26 19:50:50 60273 ----a-w- c:\windows\system32\pthreadGC2.dll
2010-05-26 19:49:37 0 d-----w- c:\program files\AVS4YOU
2010-05-26 19:08:10 2048 ----a-w- c:\windows\system32\tzres.dll
2010-05-26 02:52:23 0 d-----w- c:\program files\Unlocker
2010-05-26 02:26:54 0 d-----w- c:\users\metroi~1\appdata\roaming\AVS4YOU
2010-05-26 02:24:37 0 d-----w- c:\program files\common files\AVSMedia
2010-05-26 02:24:34 974848 ----a-w- c:\windows\system32\mfc70.dll
2010-05-26 02:24:34 487424 ----a-w- c:\windows\system32\msvcp70.dll
2010-05-26 02:24:34 344064 ----a-w- c:\windows\system32\msvcr70.dll
2010-05-26 02:24:34 24576 ----a-w- c:\windows\system32\msxml3a.dll
2010-05-26 02:24:34 0 d-----w- c:\programdata\AVS4YOU
2010-05-25 04:30:41 0 d-----w- c:\users\metroidn1f\.idlerc
2010-05-25 02:58:58 0 d-----w- C:\Python26
2010-05-25 02:51:05 0 d-----w- c:\program files\Universal Extractor
2010-05-25 00:31:23 0 d-----w- C:\Fraps
2010-05-24 14:56:48 20 ----a-w- c:\windows\system32\SYSTEM
2010-05-23 15:53:33 2414360 ----a-w- c:\windows\system32\d3dx9_31.dll
2010-05-23 15:53:33 1892184 ----a-w- c:\windows\system32\D3DX9_42.dll
2010-05-23 15:53:09 0 d-----w- c:\program files\Winamp Detect
2010-05-23 00:33:58 0 d-----w- c:\program files\Microsoft Synchronization Services
2010-05-23 00:33:18 0 d-----w- c:\program files\Microsoft SQL Server Compact Edition
2010-05-23 00:31:49 0 d-----w- c:\program files\Microsoft Visual Studio 8
2010-05-23 00:31:01 0 d-----w- c:\program files\Microsoft Analysis Services
2010-05-23 00:30:38 0 d-----w- c:\programdata\Microsoft Help
2010-05-22 22:12:15 0 d-----w- c:\programdata\boost_interprocess
2010-05-22 21:51:11 0 d-----w- c:\users\metroi~1\appdata\roaming\TigerPlayer
2010-05-22 21:50:40 0 d-----w- c:\programdata\Apple Computer
2010-05-22 21:50:39 0 d-----w- c:\program files\MpcStar
2010-05-22 21:15:04 0 d-----w- c:\users\metroidn1f\Tracing
2010-05-22 21:14:35 0 d-----w- c:\program files\Microsoft
2010-05-22 21:14:18 0 d-----w- c:\program files\Windows Live SkyDrive
2010-05-22 21:13:42 0 d-----w- c:\windows\PCHEALTH
2010-05-22 21:12:15 0 d-----w- c:\program files\common files\Windows Live
2010-05-21 23:22:47 87 ----a-w- c:\users\metroidn1f\jagex_runescape_preferences2.dat
2010-05-21 23:22:47 0 ----a-w- c:\users\metroidn1f\jagex__preferences3.dat
2010-05-21 22:04:45 0 d-----w- c:\program files\K-Lite Codec Pack
2010-05-21 21:02:22 0 d-----w- c:\users\metroi~1\appdata\roaming\BSplayer PRO
2010-05-21 21:02:22 0 d-----w- c:\program files\Webteh
2010-05-21 20:27:05 0 d-----w- c:\programdata\NVIDIA
2010-05-21 20:26:30 0 d-----w- c:\program files\NVIDIA Corporation
2010-05-21 20:25:38 12800 ----a-w- c:\windows\system32\drivers\sffp_sd.sys
2010-05-21 20:06:59 45 ----a-w- c:\users\metroidn1f\jagex_runescape_preferences.dat
2010-05-21 20:06:58 0 d-----w- c:\windows\.jagex_cache_32
2010-05-21 19:44:09 0 d-----w- c:\users\metroidn1f\dwhelper
2010-05-21 18:57:45 0 d-----w- c:\windows\system32\Wat
2010-05-21 12:30:08 257024 ----a-w- c:\windows\system32\msv1_0.dll
2010-05-21 12:26:03 194488 ----a-w- c:\windows\system32\drivers\fvevol.sys
2010-05-21 12:26:00 977920 ----a-w- c:\windows\system32\wininet.dll
2010-05-21 03:26:05 0 d-----w- c:\programdata\regid.1986-12.com.adobe
2010-05-21 03:07:47 0 d-----w- c:\windows\pss
2010-05-21 03:05:25 0 d-----w- c:\windows\Panther
2010-05-21 03:05:12 8192 --sha-r- C:\BOOTSECT.BAK
2010-05-21 03:05:11 383562 --sha-r- C:\bootmgr
2010-05-21 03:05:10 0 d-sh--w- C:\Boot
2010-05-21 02:02:45 0 d-----w- c:\programdata\ALM
2010-05-21 01:53:13 0 d-----w- c:\users\metroidn1f\Adobe Flash Builder 4
2010-05-21 01:50:49 0 d-----w- c:\programdata\Sun
2010-05-21 01:50:26 411368 ----a-w- c:\windows\system32\deployJava1.dll
2010-05-21 01:42:55 0 d-----w- c:\program files\My Company Name
2010-05-21 01:42:55 0 d-----w- c:\program files\common files\PX Storage Engine
2010-05-21 01:34:41 0 d-----w- c:\programdata\Adobe
2010-05-21 01:18:21 0 d--h--w- C:\$AVG
2010-05-21 01:17:11 0 d--h--w- c:\windows\PIF
2010-05-21 01:06:28 0 d-----w- c:\program files\Elaborate Bytes
2010-05-21 00:56:16 12464 ----a-w- c:\windows\system32\avgrsstx.dll
2010-05-21 00:56:15 25096 ----a-w- c:\windows\system32\drivers\AVGIDSwx.sys
2010-05-21 00:56:14 52872 ----a-w- c:\windows\system32\drivers\avgrkx86.sys
2010-05-21 00:56:14 242896 ----a-w- c:\windows\system32\drivers\avgtdix.sys
2010-05-21 00:56:08 216200 ----a-w- c:\windows\system32\drivers\avgldx86.sys
2010-05-21 00:56:07 0 d-----w- c:\windows\system32\drivers\Avg
2010-05-21 00:56:06 0 d-----w- c:\programdata\AVG Security Toolbar
2010-05-21 00:55:47 24856 ----a-w- c:\windows\system32\drivers\avgfwd6x.sys
2010-05-21 00:55:47 0 d-----w- c:\program files\AVG
2010-05-21 00:55:45 0 d-----w- c:\programdata\avg9
2010-05-21 00:51:18 3 --sha-r- C:\win7ldr
2010-05-21 00:51:18 3 ----a-w- c:\windows\7Loader.TAG
2010-05-21 00:51:18 203316 --sha-r- C:\grldr
2010-05-21 00:46:06 0 d-sh--w- c:\windows\Installer
2010-05-21 00:11:54 221568 ------w- c:\windows\system32\MpSigStub.exe
2010-05-21 00:05:55 0 d-----w- c:\users\metroi~1\appdata\roaming\BitComet
2010-05-21 00:05:55 0 d-----w- C:\Downloads
2010-05-21 00:02:04 0 d-----w- c:\program files\BitComet
2010-05-20 23:59:46 717892 ----a-w- c:\windows\system32\PerfStringBackup.INI
2010-05-20 23:59:20 0 d-----w- c:\windows\system32\wbem\Performance
2010-05-20 23:56:29 172032 ----a-w- c:\windows\system32\wintrust.dll
2010-05-20 23:56:28 132608 ----a-w- c:\windows\system32\cabview.dll
2010-05-20 23:07:24 0 ---ha-w- c:\windows\system32\drivers\Msft_User_WpdFs_01_09_00.Wdf

==================== Find3M ====================

2010-05-25 00:33:00 108032 ----a-w- c:\windows\system32\ff_vfw.dll
2010-04-17 02:12:18 48464 ----a-w- c:\windows\system32\sirenacm.dll
2010-04-07 16:15:48 3297280 ----a-w- c:\windows\system32\x264vfw.dll
2010-04-03 22:27:00 985704 ----a-w- c:\windows\system32\nvsvc.dll
2010-04-03 22:27:00 66664 ----a-w- c:\windows\system32\nvshext.dll
2010-04-03 22:27:00 13683816 ----a-w- c:\windows\system32\nvcpl.dll
2010-04-03 22:27:00 129640 ----a-w- c:\windows\system32\nvvsvc.exe
2010-04-03 22:27:00 110696 ----a-w- c:\windows\system32\nvmctray.dll
2010-03-31 05:15:22 86016 ----a-w- c:\windows\system32\frapsvid.dll
2010-03-20 01:52:08 2145280 ----a-w- c:\windows\system32\python26.dll
2010-03-15 09:31:48 165376 ----a-w- c:\windows\system32\unrar.dll
2009-07-14 04:56:42 31548 ----a-w- c:\windows\inf\perflib\0409\perfd.dat
2009-07-14 04:56:42 31548 ----a-w- c:\windows\inf\perflib\0409\perfc.dat
2009-07-14 04:56:42 291294 ----a-w- c:\windows\inf\perflib\0409\perfi.dat
2009-07-14 04:56:42 291294 ----a-w- c:\windows\inf\perflib\0409\perfh.dat
2009-07-14 04:41:57 174 --sha-w- c:\program files\desktop.ini
2009-07-14 00:34:40 291294 ----a-w- c:\windows\inf\perflib\0000\perfi.dat
2009-07-14 00:34:40 291294 ----a-w- c:\windows\inf\perflib\0000\perfh.dat
2009-07-14 00:34:38 31548 ----a-w- c:\windows\inf\perflib\0000\perfd.dat
2009-07-14 00:34:38 31548 ----a-w- c:\windows\inf\perflib\0000\perfc.dat
2009-06-10 21:26:35 9633792 --sha-r- c:\windows\fonts\StaticCache.dat
2009-07-14 01:14:45 396800 --sha-w- c:\windows\winsxs\x86_microsoft-windows-mail-app_31bf3856ad364e35_6.1.7600.16385_none_f12e83abb108c86c\WinMail.exe

============= FINISH: 18:59:10.11 ===============

Attached Files



#7 Metroidn1f

Metroidn1f
  • Topic Starter

  • Members
  • 16 posts
  • OFFLINE
  •  
  • Local time:03:21 AM

Posted 11 June 2010 - 06:16 PM





















GMER 1.0.15.15281 - http://www.gmer.net
Rootkit scan 2010-06-11 19:14:44
Windows 6.1.7600
Running: gmer.exe; Driver: C:\Users\METROI~1\AppData\Local\Temp\kflyipod.sys


---- System - GMER 1.0.15 ----

SSDT \??\C:\Program Files\AVG\AVG9\Identity Protection\Agent\Driver\Platform_WIN7\AVGIDSShim.sys ZwOpenProcess [0x9252A730]
SSDT \??\C:\Program Files\AVG\AVG9\Identity Protection\Agent\Driver\Platform_WIN7\AVGIDSShim.sys ZwTerminateProcess [0x9252A7E0]
SSDT \??\C:\Program Files\AVG\AVG9\Identity Protection\Agent\Driver\Platform_WIN7\AVGIDSShim.sys ZwTerminateThread [0x9252A880]
SSDT \??\C:\Program Files\AVG\AVG9\Identity Protection\Agent\Driver\Platform_WIN7\AVGIDSShim.sys ZwWriteVirtualMemory [0x9252A920]

INT 0x1F \SystemRoot\system32\halmacpi.dll (Hardware Abstraction Layer DLL/Microsoft Corporation) 8282AAF8
INT 0x37 \SystemRoot\system32\halmacpi.dll (Hardware Abstraction Layer DLL/Microsoft Corporation) 8282A104
INT 0xC1 \SystemRoot\system32\halmacpi.dll (Hardware Abstraction Layer DLL/Microsoft Corporation) 8282A3F4
INT 0xD1 \SystemRoot\system32\halmacpi.dll (Hardware Abstraction Layer DLL/Microsoft Corporation) 82812634
INT 0xD2 \SystemRoot\system32\halmacpi.dll (Hardware Abstraction Layer DLL/Microsoft Corporation) 82812898
INT 0xDF \SystemRoot\system32\halmacpi.dll (Hardware Abstraction Layer DLL/Microsoft Corporation) 8282A1DC
INT 0xE1 \SystemRoot\system32\halmacpi.dll (Hardware Abstraction Layer DLL/Microsoft Corporation) 8282A958
INT 0xE3 \SystemRoot\system32\halmacpi.dll (Hardware Abstraction Layer DLL/Microsoft Corporation) 8282A6F8
INT 0xFD \SystemRoot\system32\halmacpi.dll (Hardware Abstraction Layer DLL/Microsoft Corporation) 8282AF2C
INT 0xFE \SystemRoot\system32\halmacpi.dll (Hardware Abstraction Layer DLL/Microsoft Corporation) 8282B1A8

---- Kernel code sections - GMER 1.0.15 ----

.text ntkrnlpa.exe!ZwSaveKeyEx + 13AD 8288A599 1 Byte [06]
.text ntkrnlpa.exe!KiDispatchInterrupt + 5A2 828AEF52 19 Bytes [E0, 0F, BA, F0, 07, 73, 09, ...] {LOOPNZ 0x11; MOV EDX, 0x97307f0; MOV CR4, EAX; OR AL, 0x80; MOV CR4, EAX; RET ; MOV ECX, CR3}
.text ntkrnlpa.exe!RtlSidHashLookup + 4E8 828B69F8 4 Bytes [30, A7, 52, 92]
.text ntkrnlpa.exe!RtlSidHashLookup + 7B8 828B6CC8 8 Bytes [E0, A7, 52, 92, 80, A8, 52, ...]
.text ntkrnlpa.exe!RtlSidHashLookup + 82C 828B6D3C 4 Bytes [20, A9, 52, 92]
.rsrc C:\Windows\System32\drivers\rdyboost.sys entry point in ".rsrc" section [0x8B972014]
.text peauth.sys 9D496C9D 28 Bytes [55, 87, 3F, 60, CB, 83, A3, ...]
.text peauth.sys 9D496CC1 28 Bytes [55, 87, 3F, 60, CB, 83, A3, ...]
PAGE peauth.sys 9D49CB9B 72 Bytes [CE, BD, D1, 0F, 42, B0, 91, ...]
PAGE peauth.sys 9D49CBEC 111 Bytes [A7, 32, DC, 48, 91, 05, 0F, ...]
PAGE peauth.sys 9D49D02C 102 Bytes [D6, F5, 55, F3, E7, 94, D4, ...]

---- User code sections - GMER 1.0.15 ----

.text C:\Windows\system32\svchost.exe[1268] ntdll.dll!NtProtectVirtualMemory 77D75360 5 Bytes JMP 003F000A
.text C:\Windows\system32\svchost.exe[1268] ntdll.dll!NtWriteVirtualMemory 77D75EE0 5 Bytes JMP 0040000A
.text C:\Windows\system32\svchost.exe[1268] ntdll.dll!KiUserExceptionDispatcher 77D76448 5 Bytes JMP 003E000A
.text C:\Windows\system32\svchost.exe[1268] ole32.dll!CoCreateInstance 767657FC 5 Bytes JMP 004A000A
.text C:\Windows\system32\svchost.exe[1268] USER32.dll!GetCursorPos 7691C198 5 Bytes JMP 00F3000A
.text C:\Windows\Explorer.EXE[2988] ntdll.dll!NtProtectVirtualMemory 77D75360 5 Bytes JMP 001C000A
.text C:\Windows\Explorer.EXE[2988] ntdll.dll!NtWriteVirtualMemory 77D75EE0 5 Bytes JMP 001D000A
.text C:\Windows\Explorer.EXE[2988] ntdll.dll!KiUserExceptionDispatcher 77D76448 5 Bytes JMP 001B000A
.text C:\Program Files\Mozilla Firefox\firefox.exe[5500] ntdll.dll!NtProtectVirtualMemory 77D75360 5 Bytes JMP 004F000A
.text C:\Program Files\Mozilla Firefox\firefox.exe[5500] ntdll.dll!NtWriteVirtualMemory 77D75EE0 5 Bytes JMP 005E000A
.text C:\Program Files\Mozilla Firefox\firefox.exe[5500] ntdll.dll!KiUserExceptionDispatcher 77D76448 5 Bytes JMP 0049000A

---- User IAT/EAT - GMER 1.0.15 ----

IAT C:\Windows\Explorer.EXE[2988] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipAlloc] [749B2494] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7600.16385_none_72fc7cbf861225ca\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\Explorer.EXE[2988] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdiplusStartup] [74995624] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7600.16385_none_72fc7cbf861225ca\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\Explorer.EXE[2988] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdiplusShutdown] [749956E2] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7600.16385_none_72fc7cbf861225ca\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\Explorer.EXE[2988] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipFree] [749B250F] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7600.16385_none_72fc7cbf861225ca\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\Explorer.EXE[2988] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipDeleteGraphics] [749A8573] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7600.16385_none_72fc7cbf861225ca\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\Explorer.EXE[2988] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipDisposeImage] [749A4D27] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7600.16385_none_72fc7cbf861225ca\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\Explorer.EXE[2988] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipGetImageWidth] [749A50CE] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7600.16385_none_72fc7cbf861225ca\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\Explorer.EXE[2988] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipGetImageHeight] [749A51A3] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7600.16385_none_72fc7cbf861225ca\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\Explorer.EXE[2988] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipCreateBitmapFromHBITMAP] [749A66D0] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7600.16385_none_72fc7cbf861225ca\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\Explorer.EXE[2988] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipCreateFromHDC] [749A82CA] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7600.16385_none_72fc7cbf861225ca\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\Explorer.EXE[2988] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipSetCompositingMode] [749A8819] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7600.16385_none_72fc7cbf861225ca\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\Explorer.EXE[2988] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipSetInterpolationMode] [749A907A] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7600.16385_none_72fc7cbf861225ca\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\Explorer.EXE[2988] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipDrawImageRectI] [749AE21D] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7600.16385_none_72fc7cbf861225ca\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\Explorer.EXE[2988] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipCloneImage] [749A4C59] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7600.16385_none_72fc7cbf861225ca\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)

---- Devices - GMER 1.0.15 ----

AttachedDevice \FileSystem\Ntfs \Ntfs AVGIDSFilter.sys
AttachedDevice \Driver\tdx \Device\Tcp avgtdix.sys (AVG Network connection watcher/AVG Technologies CZ, s.r.o.)
AttachedDevice \Driver\volmgr \Device\HarddiskVolume1 fvevol.sys (BitLocker Drive Encryption Driver/Microsoft Corporation)
AttachedDevice \Driver\volmgr \Device\HarddiskVolume2 fvevol.sys (BitLocker Drive Encryption Driver/Microsoft Corporation)
AttachedDevice \Driver\volmgr \Device\HarddiskVolume3 fvevol.sys (BitLocker Drive Encryption Driver/Microsoft Corporation)
AttachedDevice \Driver\volmgr \Device\HarddiskVolume4 fvevol.sys (BitLocker Drive Encryption Driver/Microsoft Corporation)
AttachedDevice \Driver\volmgr \Device\HarddiskVolume5 fvevol.sys (BitLocker Drive Encryption Driver/Microsoft Corporation)

Device \Driver\ACPI_HAL \Device\0000004a halmacpi.dll (Hardware Abstraction Layer DLL/Microsoft Corporation)

AttachedDevice \Driver\tdx \Device\Udp avgtdix.sys (AVG Network connection watcher/AVG Technologies CZ, s.r.o.)
AttachedDevice \Driver\tdx \Device\RawIp avgtdix.sys (AVG Network connection watcher/AVG Technologies CZ, s.r.o.)

Device -> \Driver\atapi \Device\Harddisk0\DR0 862FCEC5

---- Files - GMER 1.0.15 ----

File C:\Windows\System32\drivers\rdyboost.sys suspicious modification
File C:\Windows\system32\drivers\atapi.sys suspicious modification

---- EOF - GMER 1.0.15 ----


#8 schrauber

schrauber

    Mr.Mechanic


  • Malware Response Team
  • 24,794 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Munich,Germany
  • Local time:08:21 AM

Posted 12 June 2010 - 04:06 AM

Hello, Metroidn1f
Welcome to the Bleeping Computer Forums. My name is Thomas (Tom is fine), and I will be helping you fixing your problems.

If you do not make a reply in 4-5 days, we will have to close your topic.

You may want to keep the link to this topic in your favourites. Alternatively, you can click the button at the top bar of this topic and Track this Topic. The topics you are tracking can be found here.

Please take note of some guidelines for this fix:
  • Refrain from making any changes to your computer including installing/uninstall programs, deleting files, modifying the registry, and running scanners or tools. Doing so could cause changes to the directions I have to give you and prolong the time required. Further more, you should not be taking any advice relating to this computer from any other source throughout the course of this fix.
  • If you do not understand any step(s) provided, please do not hesitate to ask before continuing. I would much rather clarify instructions or explain them differently than have something important broken.
  • Even if things appear to be better, it might not mean we are finished. Please continue to follow my instructions and reply back until I give you the "all clean". We do not want to clean you part-way, only to have the system re-infect itself.
  • Please reply using the button in the lower right hand corner of your screen. Do not start a new topic. The logs that you post should be pasted directly into the reply. Only attach them if requested or if they do not fit into the post.
  • Old topics are closed after 3 days with no reply, and working topics are closed after 5 days. If for any reason you cannot complete instructions within that time, that's fine, just post back here so that we know you're still here.
  • Please set your system to show all files.
    Click Start, open My Computer, select the Tools menu and click Folder Options.
    Select the View Tab. Under the Hidden files and folders heading, select Show hidden files and folders.
    Uncheck: Hide file extensions for known file types
    Uncheck the Hide protected operating system files (recommended) option.
    Click Yes to confirm.






Please go here and have a look how you can disable your security software.

Download Combofix from any of the links below but rename it to before saving it to your desktop.

Link 1
Link 2



--------------------------------------------------------------------

Double click on the renamed Combofix.exe & follow the prompts.
    When finished, it will produce a report for you.
  • As part of it's process, ComboFix will check to see if the Microsoft Windows Recovery Console is installed. With malware infections being as they are today, it's strongly recommended to have this pre-installed on your machine before doing any malware removal. It will allow you to boot up into a special recovery/repair mode that will allow us to more easily help you should your computer have a problem after an attempted removal of malware.
  • Follow the prompts to allow ComboFix to download and install the Microsoft Windows Recovery Console, and when prompted, agree to the End-User License Agreement to install the Microsoft Windows Recovery Console.
**Please note: If the Microsoft Windows Recovery Console is already installed, ComboFix will continue it's malware removal procedures.



Once the Microsoft Windows Recovery Console is installed using ComboFix, you should see the following message:



Click on Yes, to continue scanning for malware.

When finished, it will produce a log for you. Please include the C:\ComboFix.txt in your next reply.

This tool is not a toy and not for everyday use.
ComboFix SHOULD NOT be used unless requested by a forum helper


If you need help, see this link:
http://www.bleepingcomputer.com/combofix/how-to-use-combofix
regards,
schrauber

Posted Image
Posted Image

If I've not posted back within 48 hrs., feel free to send a PM with your topic link. Thank you!

If I have helped you then please consider donating to continue the fight against malware Posted Image

#9 Metroidn1f

Metroidn1f
  • Topic Starter

  • Members
  • 16 posts
  • OFFLINE
  •  
  • Local time:03:21 AM

Posted 12 June 2010 - 08:33 PM

Do I have to disable my AVG 9.0? I know how, even though that one link did not help me because I have the Internet Security. Do I need to totally disable every component that AVG has enabled? When I ran the combobox. I got a warning for the file nircmd and I either had the choice to quarantine or allow. I don't know exactly what the file was called, but it was something like that. It would not stop telling me about it until I executed both of the processes.

#10 Metroidn1f

Metroidn1f
  • Topic Starter

  • Members
  • 16 posts
  • OFFLINE
  •  
  • Local time:03:21 AM

Posted 13 June 2010 - 03:40 PM

ComboFix 10-06-12.03 - Metroidn1f 13/06/2010 10:50:03.1.2 - x86
Microsoft Windows 7 Ultimate 6.1.7600.0.1252.2.1033.18.3327.2247 [GMT -4:00]
Running from: c:\users\Metroidn1f\Desktop\schrauber.exe
* Created a new restore point
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\windows\7Loader.TAG
c:\windows\system32\system

.
((((((((((((((((((((((((( Files Created from 2010-05-13 to 2010-06-13 )))))))))))))))))))))))))))))))
.

2010-06-13 14:57 . 2010-06-13 14:57 -------- d-----w- c:\users\Default\AppData\Local\temp
2010-06-07 22:35 . 2010-06-07 22:36 -------- d-----w- c:\programdata\WinZip
2010-06-07 21:01 . 2010-06-13 06:27 0 ----a-w- c:\users\Metroidn1f\AppData\Local\prvlcl.dat
2010-06-07 19:54 . 2010-06-07 19:55 -------- d-----w- C:\BeSweet
2010-06-07 19:44 . 2010-06-07 19:50 -------- d-----w- C:\eac3to
2010-06-07 17:38 . 2010-06-07 17:38 86016 ----a-w- c:\programdata\NOS\Adobe_Downloads\arh.exe
2010-06-07 17:38 . 2010-06-08 12:45 -------- d-----w- c:\programdata\NOS
2010-06-07 00:59 . 2010-06-07 01:05 -------- d---a-w- C:\ffmpeg4
2010-06-07 00:21 . 2010-06-07 00:21 -------- d-----w- C:\ffmpeg2
2010-06-07 00:01 . 2010-06-07 00:35 -------- d-----w- C:\ffmpeg
2010-06-06 23:52 . 2010-06-06 23:52 -------- d-----w- C:\FFmpeg-svn-22140
2010-06-06 20:33 . 2010-06-06 20:49 -------- d-----w- c:\program files\MKVtoolnix
2010-06-06 15:07 . 2010-06-06 15:07 -------- d-----w- C:\rsit
2010-06-05 21:14 . 2010-06-05 21:14 -------- d-----w- c:\users\Metroidn1f\AppData\Roaming\ImgBurn
2010-06-05 21:08 . 2010-06-05 21:08 -------- d-----w- c:\program files\ImgBurn
2010-06-04 02:18 . 2010-06-04 02:18 -------- d-----w- c:\program files\CCleaner
2010-06-04 01:56 . 2010-06-04 01:56 -------- d-----w- c:\users\Metroidn1f\fontconfig
2010-06-04 01:46 . 2010-06-04 02:08 -------- d-----w- c:\users\Metroidn1f\.smplayer
2010-06-04 01:04 . 2010-06-06 00:08 -------- d-----w- c:\programdata\StaxRip
2010-06-04 00:15 . 2010-06-04 00:15 -------- d-----w- c:\users\Metroidn1f\AppData\Roaming\Broad Intelligence
2010-06-04 00:15 . 2010-06-04 00:15 -------- d-----w- c:\users\Metroidn1f\AppData\Local\Broad Intelligence
2010-06-04 00:13 . 2010-06-06 19:49 -------- d-----w- c:\program files\MediaCoder
2010-06-03 21:48 . 2010-06-03 21:48 -------- d-----w- c:\users\Metroidn1f\AppData\Local\HandBrake
2010-06-03 21:48 . 2010-06-03 21:48 -------- d-----w- c:\users\Metroidn1f\AppData\Roaming\HandBrake
2010-06-03 21:48 . 2010-06-03 21:48 -------- d-----w- c:\program files\Handbrake
2010-06-03 21:16 . 2010-06-03 21:46 -------- d-----w- c:\users\Metroidn1f\AppData\Roaming\avidemux
2010-06-03 19:12 . 2010-06-03 19:12 -------- d-----w- C:\.jagex_cache_32
2010-06-02 19:04 . 2010-05-12 20:47 1440768 ----a-w- c:\users\Metroidn1f\AppData\Roaming\Mozilla\Firefox\Profiles\byrk88sh.default\extensions\{B042753D-F57E-4e8e-A01B-7379A6D4CEFB}\components\IBitCometExtension.dll
2010-06-01 21:47 . 2010-06-01 21:47 -------- d-----w- c:\users\Metroidn1f\AppData\Roaming\Malwarebytes
2010-06-01 21:47 . 2010-06-01 21:47 -------- d-----w- c:\programdata\Malwarebytes
2010-06-01 21:47 . 2010-04-29 19:39 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2010-06-01 21:47 . 2010-06-01 21:47 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2010-06-01 21:47 . 2010-04-29 19:39 20952 ----a-w- c:\windows\system32\drivers\mbam.sys
2010-06-01 20:24 . 2010-06-06 15:09 -------- d-----w- c:\program files\Trend Micro
2010-06-01 20:24 . 2010-06-01 20:24 388096 ----a-r- c:\users\Metroidn1f\AppData\Roaming\Microsoft\Installer\{45A66726-69BC-466B-A7A4-12FCBA4883D7}\HiJackThis.exe
2010-06-01 11:58 . 2010-06-02 03:35 -------- d-----w- c:\temp\RipBot264temp
2010-06-01 00:34 . 2010-06-01 11:58 -------- d-----w- C:\Temp
2010-06-01 00:34 . 2010-06-01 00:34 -------- d-----w- c:\program files\Haali
2010-06-01 00:30 . 2009-08-12 15:55 929792 ----a-w- c:\windows\system32\dtsdecoderdll.dll
2010-06-01 00:30 . 2008-11-28 14:36 55808 ----a-w- c:\windows\system32\MagPCMac.dll
2010-06-01 00:30 . 2008-11-28 14:36 92672 ----a-w- c:\windows\system32\MagUIInter.dll
2010-06-01 00:30 . 2008-11-28 14:36 35328 ----a-w- c:\windows\system32\MagCore.dll
2010-06-01 00:30 . 2008-11-28 14:36 285184 ----a-w- c:\windows\system32\MagUIEngine.dll
2010-06-01 00:30 . 2008-04-15 16:40 106496 ----a-w- c:\windows\system32\checkactivate.dll
2010-05-31 23:37 . 2010-05-31 23:37 -------- d-----w- c:\users\Metroidn1f\AppData\Local\TechSmith
2010-05-28 01:15 . 2010-05-28 01:15 -------- d-----w- c:\users\Metroidn1f\AppData\Roaming\acccore
2010-05-28 01:15 . 2010-05-28 01:15 -------- d-----w- c:\users\Metroidn1f\AppData\Local\AOL
2010-05-28 01:15 . 2010-05-28 01:15 -------- d-----w- c:\users\Metroidn1f\AppData\Local\AIM
2010-05-28 01:15 . 2010-05-28 01:15 -------- d-----w- c:\programdata\AIM
2010-05-28 01:15 . 2010-05-28 01:15 -------- d-----w- c:\program files\AIM
2010-05-28 01:15 . 2010-05-28 01:15 -------- d-----w- c:\program files\Common Files\Software Update Utility
2010-05-28 01:15 . 2010-05-28 01:15 -------- d-----w- c:\program files\Common Files\AOL
2010-05-27 17:26 . 2010-05-27 17:26 -------- d-----w- c:\users\Metroidn1f\AppData\Local\www.doom9.net
2010-05-27 17:26 . 2010-05-27 17:26 -------- d-----w- c:\program files\AviSynth 2.5
2010-05-27 17:24 . 2010-05-29 01:36 -------- d-----w- c:\program files\MeGUI
2010-05-27 17:03 . 2010-05-27 17:03 -------- d-----w- c:\users\Metroidn1f\AppData\Roaming\mkvtoolnix
2010-05-27 01:50 . 2010-03-04 21:27 411480 ----a-w- c:\windows\system32\tsccvid.dll
2010-05-27 01:50 . 2010-05-27 01:50 -------- d-----w- c:\windows\system32\QuickTime
2010-05-27 01:49 . 2010-05-27 01:49 -------- d-----w- c:\program files\Common Files\TechSmith Shared
2010-05-27 01:49 . 2010-05-27 01:49 -------- d-----w- c:\programdata\TechSmith
2010-05-27 01:49 . 2010-05-27 01:49 -------- d-----w- c:\program files\TechSmith
2010-05-26 19:50 . 2008-07-23 17:28 60273 ----a-w- c:\windows\system32\pthreadGC2.dll
2010-05-26 19:49 . 2010-05-26 19:50 -------- d-----w- c:\program files\AVS4YOU
2010-05-26 19:08 . 2010-04-23 07:13 2048 ----a-w- c:\windows\system32\tzres.dll
2010-05-26 02:52 . 2010-05-26 02:52 -------- d-----w- c:\program files\Unlocker
2010-05-26 02:26 . 2010-05-26 02:26 -------- d-----w- c:\users\Metroidn1f\AppData\Roaming\AVS4YOU
2010-05-26 02:24 . 2010-05-26 19:43 -------- d-----w- c:\program files\Common Files\AVSMedia
2010-05-26 02:24 . 2010-05-26 02:26 -------- d-----w- c:\programdata\AVS4YOU
2010-05-26 02:24 . 2008-08-13 14:22 974848 ----a-w- c:\windows\system32\mfc70.dll
2010-05-26 02:24 . 2008-08-13 14:22 487424 ----a-w- c:\windows\system32\msvcp70.dll
2010-05-26 02:24 . 2008-08-13 14:22 344064 ----a-w- c:\windows\system32\msvcr70.dll
2010-05-26 02:24 . 2008-08-13 14:22 24576 ----a-w- c:\windows\system32\msxml3a.dll
2010-05-25 04:30 . 2010-05-25 04:31 -------- d-----w- c:\users\Metroidn1f\.idlerc
2010-05-25 02:58 . 2010-05-26 02:30 -------- d-----w- C:\Python26
2010-05-25 02:51 . 2010-05-25 02:51 -------- d-----w- c:\program files\Universal Extractor
2010-05-25 00:31 . 2010-05-25 00:34 -------- d-----w- C:\Fraps
2010-05-24 21:40 . 2010-05-24 21:41 -------- d-----w- c:\users\Metroidn1f\AppData\Roaming\Notepad++
2010-05-24 21:40 . 2010-05-24 21:40 -------- d-----w- c:\program files\Notepad++
2010-05-23 15:53 . 2009-09-04 21:29 1892184 ----a-w- c:\windows\system32\D3DX9_42.dll
2010-05-23 15:53 . 2006-09-28 20:05 2414360 ----a-w- c:\windows\system32\d3dx9_31.dll
2010-05-23 15:53 . 2010-05-23 15:53 -------- d-----w- c:\program files\Winamp Detect
2010-05-23 15:52 . 2010-05-23 16:01 -------- d-----w- c:\users\Metroidn1f\AppData\Roaming\Winamp
2010-05-23 15:52 . 2010-05-23 15:55 -------- d-----w- c:\program files\Winamp
2010-05-23 00:33 . 2010-05-23 00:33 -------- d-----w- c:\program files\Microsoft Synchronization Services
2010-05-23 00:33 . 2010-05-23 00:33 -------- d-----w- c:\program files\Microsoft.NET
2010-05-23 00:33 . 2010-05-23 00:33 -------- d-----w- c:\program files\Microsoft Sync Framework
2010-05-23 00:33 . 2010-05-23 00:33 -------- d-----w- c:\program files\Microsoft SQL Server Compact Edition
2010-05-23 00:31 . 2010-05-23 00:31 -------- d-----w- c:\program files\Microsoft Visual Studio 8
2010-05-23 00:31 . 2010-05-23 00:31 -------- d-----w- c:\program files\Microsoft Analysis Services
2010-05-23 00:30 . 2010-05-23 00:30 -------- d-----w- c:\users\Metroidn1f\AppData\Local\Microsoft Help
2010-05-23 00:30 . 2010-05-23 00:40 -------- d-----w- c:\programdata\Microsoft Help
2010-05-23 00:30 . 2010-05-23 00:30 -------- d-----r- C:\MSOCache
2010-05-22 22:12 . 2010-06-08 18:50 -------- d-----w- c:\programdata\boost_interprocess
2010-05-22 21:51 . 2010-05-22 22:12 -------- d-----w- c:\users\Metroidn1f\AppData\Roaming\TigerPlayer
2010-05-22 21:50 . 2010-05-22 21:50 -------- d-----w- c:\programdata\Apple Computer
2010-05-22 21:50 . 2010-06-04 03:47 -------- d-----w- c:\program files\MpcStar
2010-05-22 21:15 . 2010-06-13 13:48 -------- d-----w- c:\users\Metroidn1f\Tracing
2010-05-22 21:14 . 2010-05-22 21:14 -------- d-----w- c:\program files\Microsoft
2010-05-22 21:14 . 2010-05-22 21:14 -------- d-----w- c:\program files\Windows Live SkyDrive
2010-05-22 21:14 . 2010-05-22 21:14 -------- d-----w- c:\program files\Windows Live
2010-05-22 21:13 . 2010-05-22 21:13 -------- d-----w- c:\windows\PCHEALTH
2010-05-22 21:12 . 2010-05-22 21:12 -------- d-----w- c:\program files\Common Files\Windows Live
2010-05-21 23:22 . 2010-06-13 02:06 87 ----a-w- c:\users\Metroidn1f\jagex_runescape_preferences2.dat
2010-05-21 23:22 . 2010-05-21 23:22 0 ----a-w- c:\users\Metroidn1f\jagex__preferences3.dat
2010-05-21 21:03 . 2009-08-12 01:21 90112 ----a-w- c:\users\Metroidn1f\AppData\Roaming\BSplayer PRO\AC3 Filter\spdif_test.exe
2010-05-21 21:02 . 2010-02-23 21:01 1185871 ----a-w- c:\users\Metroidn1f\AppData\Roaming\BSplayer PRO\FFDShow\unins000.exe
2010-05-21 20:27 . 2010-05-21 20:27 -------- d-----w- c:\programdata\NVIDIA
2010-05-21 20:26 . 2010-05-21 20:26 -------- d-----w- c:\program files\NVIDIA Corporation
2010-05-21 20:25 . 2009-10-10 02:57 12800 ----a-w- c:\windows\system32\drivers\sffp_sd.sys
2010-05-21 20:06 . 2010-06-13 02:04 45 ----a-w- c:\users\Metroidn1f\jagex_runescape_preferences.dat
2010-05-21 20:06 . 2010-06-12 00:56 -------- d-----w- c:\windows\.jagex_cache_32
2010-05-21 19:50 . 2010-05-21 20:34 38784 ----a-w- c:\users\Metroidn1f\AppData\Roaming\Macromedia\Flash Player\www.macromedia.com\bin\airappinstaller\airappinstaller.exe
2010-05-21 19:48 . 2010-05-21 19:48 -------- d-----w- c:\users\Metroidn1f\AppData\Local\ElevatedDiagnostics
2010-05-21 19:44 . 2010-06-03 21:02 -------- d-----w- c:\users\Metroidn1f\dwhelper
2010-05-21 19:12 . 2010-05-21 19:12 0 ----a-w- c:\programdata\AVG Security Toolbar\IEToolbar.dll
2010-05-21 18:57 . 2010-05-21 18:57 -------- d-----w- c:\windows\system32\Wat
2010-05-21 12:30 . 2009-09-10 05:52 257024 ----a-w- c:\windows\system32\msv1_0.dll
2010-05-21 12:26 . 2009-09-26 05:58 194488 ----a-w- c:\windows\system32\drivers\fvevol.sys
2010-05-21 12:26 . 2010-02-23 07:56 977920 ----a-w- c:\windows\system32\wininet.dll
2010-05-21 03:26 . 2010-05-21 03:26 -------- d-----w- c:\programdata\regid.1986-12.com.adobe
2010-05-21 03:05 . 2010-05-20 23:55 -------- d-----w- c:\windows\Panther
2010-05-21 03:05 . 2010-05-21 03:05 -------- d-----w- C:\Boot
2010-05-21 02:02 . 2010-05-21 02:02 -------- d-----w- c:\programdata\ALM
2010-05-21 01:53 . 2010-05-21 01:53 -------- d-----w- c:\users\Metroidn1f\Adobe Flash Builder 4
2010-05-21 01:50 . 2010-05-21 01:50 -------- d-----w- c:\windows\Sun

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-06-01 22:29 . 2010-05-21 00:02 -------- d-----w- c:\program files\BitComet
2010-05-27 16:31 . 2010-05-27 16:25 237 ----a-w- c:\programdata\nvUnsupRes.dat
2010-05-25 00:33 . 2010-05-21 22:04 108032 ----a-w- c:\windows\system32\ff_vfw.dll
2010-05-23 00:34 . 2009-07-14 04:52 -------- d-----w- c:\program files\MSBuild
2010-05-22 22:24 . 2010-05-21 21:02 -------- d-----w- c:\users\Metroidn1f\AppData\Roaming\BSplayer PRO
2010-05-21 22:05 . 2010-05-21 22:04 -------- d-----w- c:\program files\K-Lite Codec Pack
2010-05-21 21:02 . 2010-05-21 21:02 -------- d-----w- c:\program files\Webteh
2010-05-21 18:57 . 2009-07-14 02:37 -------- d-----w- c:\program files\Windows Mail
2010-05-21 00:02 . 2010-05-21 00:02 1036288 ----a-w- c:\users\Metroidn1f\AppData\Roaming\Mozilla\Firefox\Profiles\byrk88sh.default\extensions\{B042753D-F57E-4e8e-A01B-7379A6D4CEFB}-trash\components\IBitCometExtension.dll
2010-05-20 23:07 . 2010-05-20 23:07 0 ---ha-w- c:\windows\system32\drivers\Msft_User_WpdFs_01_09_00.Wdf
2010-04-17 02:12 . 2010-04-17 02:12 48464 ----a-w- c:\windows\system32\sirenacm.dll
2010-04-07 16:15 . 2010-05-21 22:04 3297280 ----a-w- c:\windows\system32\x264vfw.dll
2010-04-03 22:27 . 2010-04-03 22:27 985704 ----a-w- c:\windows\system32\nvsvc.dll
2010-04-03 22:27 . 2010-04-03 22:27 66664 ----a-w- c:\windows\system32\nvshext.dll
2010-04-03 22:27 . 2010-04-03 22:27 13683816 ----a-w- c:\windows\system32\nvcpl.dll
2010-04-03 22:27 . 2010-04-03 22:27 129640 ----a-w- c:\windows\system32\nvvsvc.exe
2010-04-03 22:27 . 2010-04-03 22:27 110696 ----a-w- c:\windows\system32\nvmctray.dll
2010-03-31 05:15 . 2010-03-31 05:15 86016 ----a-w- c:\windows\system32\frapsvid.dll
2010-03-24 18:17 . 2010-03-24 08:04 952768 ----a-w- c:\programdata\Adobe\Reader\9.3\ARM\10606\AdobeARM.exe
2010-03-24 18:17 . 2010-03-24 08:04 70584 ----a-w- c:\programdata\Adobe\Reader\9.3\ARM\10606\AdobeExtractFiles.dll
2010-03-24 18:17 . 2010-03-24 08:04 326056 ----a-w- c:\programdata\Adobe\Reader\9.3\ARM\10606\ReaderUpdater.exe
2010-03-24 18:17 . 2010-03-24 08:04 326056 ----a-w- c:\programdata\Adobe\Reader\9.3\ARM\10606\AcrobatUpdater.exe
2010-03-22 18:52 . 2010-05-21 21:03 697690 ----a-w- c:\users\Metroidn1f\AppData\Roaming\BSplayer PRO\AC3 Filter\unins000.exe
2010-03-20 01:52 . 2010-03-20 01:52 2145280 ----a-w- c:\windows\system32\python26.dll
2009-06-10 21:26 . 2009-07-14 02:04 9633792 --sha-r- c:\windows\Fonts\StaticCache.dat
2009-07-14 01:14 . 2009-07-13 23:42 396800 --sha-w- c:\windows\winsxs\x86_microsoft-windows-mail-app_31bf3856ad364e35_6.1.7600.16385_none_f12e83abb108c86c\WinMail.exe
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks]
"{A3BC75A2-1F87-4686-AA43-5347D756017C}"= "c:\program files\AVG\AVG9\Toolbar\IEToolbar.dll" [2010-04-19 2117704]

[HKEY_CLASSES_ROOT\clsid\{a3bc75a2-1f87-4686-aa43-5347d756017c}]

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{A3BC75A2-1F87-4686-AA43-5347D756017C}]
2010-04-19 14:25 2117704 ----a-w- c:\program files\AVG\AVG9\Toolbar\IEToolbar.dll

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{B4F3A835-0E21-4959-BA22-42B3008E02FF}]
2010-01-16 12:59 561552 ----a-w- c:\progra~1\MICROS~3\Office14\URLREDIR.DLL

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
"{CCC7A320-B3CA-4199-B1A6-9F516DD69829}"= "c:\program files\AVG\AVG9\Toolbar\IEToolbar.dll" [2010-04-19 2117704]

[HKEY_CLASSES_ROOT\clsid\{ccc7a320-b3ca-4199-b1a6-9f516dd69829}]

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\Webbrowser]
"{CCC7A320-B3CA-4199-B1A6-9F516DD69829}"= "c:\program files\AVG\AVG9\Toolbar\IEToolbar.dll" [2010-04-19 2117704]

[HKEY_CLASSES_ROOT\clsid\{ccc7a320-b3ca-4199-b1a6-9f516dd69829}]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2009-07-14 1173504]
"msnmsgr"="c:\program files\Windows Live\Messenger\msnmsgr.exe" [2010-04-17 3872080]
"Aim"="c:\program files\AIM\aim.exe" [2010-05-21 3824472]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"AVG9_TRAY"="c:\progra~1\AVG\AVG9\avgtray.exe" [2010-06-01 2065248]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2009-12-22 35760]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2010-03-24 952768]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 0 (0x0)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableLUA"= 0 (0x0)
"EnableUIADesktopToggle"= 0 (0x0)
"PromptOnSecureDesktop"= 0 (0x0)

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"AppInit_DLLs"=c:\windows\System32\avgrsstx.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"aux"=wdmaud.drv

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AdobeAAMUpdater-1.0]
2010-03-06 07:44 500208 ------w- c:\program files\Common Files\Adobe\OOBE\PDApp\UWA\updaterstartuputility.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AdobeCS5ServiceManager]
2010-02-22 08:57 406992 ----a-w- c:\program files\Common Files\Adobe\CS5ServiceManager\CS5ServiceManager.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BCSSync]
2010-01-21 21:22 91520 ----a-w- c:\program files\Microsoft Office\Office14\BCSSync.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
2010-02-18 15:43 248040 ----a-w- c:\program files\Common Files\Java\Java Update\jusched.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SwitchBoard]
2010-02-19 17:37 517096 ----a-w- c:\program files\Common Files\Adobe\SwitchBoard\SwitchBoard.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\UnlockerAssistant]
2010-03-09 02:52 15872 ----a-w- c:\program files\Unlocker\UnlockerAssistant.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\VirtualCloneDrive]
2009-06-17 11:44 85160 ----a-w- c:\program files\Elaborate Bytes\VirtualCloneDrive\VCDDaemon.exe

R3 AVG Security Toolbar Service;AVG Security Toolbar Service;c:\program files\AVG\AVG9\Toolbar\ToolbarBroker.exe [2010-04-19 430152]
R3 Microsoft SharePoint Workspace Audit Service;Microsoft SharePoint Workspace Audit Service;c:\program files\Microsoft Office\Office14\GROOVE.EXE [2010-01-21 30963576]
R3 osppsvc;Office Software Protection Platform;c:\program files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE [2010-01-10 4640000]
R3 SwitchBoard;Adobe SwitchBoard;c:\program files\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [2010-02-19 517096]
R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe [2010-05-21 1343400]
S0 AVGIDSErHrw7x;AVG9IDSErHr;c:\windows\System32\Drivers\AVGIDSwx.sys [2010-05-21 25096]
S0 AvgRkx86;avgrkx86.sys;c:\windows\System32\Drivers\avgrkx86.sys [2010-05-21 52872]
S1 Avgfwfd;AVG network filter service;c:\windows\system32\DRIVERS\avgfwd6x.sys [2010-05-21 24856]
S1 AvgLdx86;AVG AVI Loader Driver x86;c:\windows\system32\Drivers\avgldx86.sys [2010-05-21 216200]
S1 AvgTdiX;AVG Network Redirector;c:\windows\system32\Drivers\avgtdix.sys [2010-06-01 242896]
S2 avg9emc;AVG E-mail Scanner;c:\program files\AVG\AVG9\avgemc.exe [2010-05-21 916760]
S2 avg9wd;AVG WatchDog;c:\program files\AVG\AVG9\avgwdsvc.exe [2010-05-21 308064]
S2 avgfws9;AVG Firewall;c:\program files\AVG\AVG9\avgfws9.exe [2010-06-01 2331544]
S2 AVGIDSAgent;AVG9IDSAgent;c:\program files\AVG\AVG9\Identity Protection\Agent\Bin\AVGIDSAgent.exe AVGIDSAgent [x]
S3 AVGIDSDriverw7x;AVG9IDSDriver;c:\program files\AVG\AVG9\Identity Protection\Agent\Driver\Platform_WIN7\AVGIDSDriver.sys [2010-05-21 122376]
S3 AVGIDSFilterw7x;AVG9IDSFilter;c:\program files\AVG\AVG9\Identity Protection\Agent\Driver\Platform_WIN7\AVGIDSFilter.sys [2010-05-21 30216]
S3 AVGIDSShimw7x;AVG9IDSShim;c:\program files\AVG\AVG9\Identity Protection\Agent\Driver\Platform_WIN7\AVGIDSShim.sys [2010-05-21 20488]
S3 UsbFltr;WayTech USB Filter Driver1;c:\windows\system32\Drivers\UsbFltr.sys [2007-04-09 9600]
S3 yukonw7;NDIS6.2 Miniport Driver for Marvell Yukon Ethernet Controller;c:\windows\system32\DRIVERS\yk62x86.sys [2009-09-28 315392]

.
.
------- Supplementary Scan -------
.
IE: &D&ownload &with BitComet - c:\program files\BitComet\BitComet.exe/AddLink.htm
IE: &D&ownload all video with BitComet - c:\program files\BitComet\BitComet.exe/AddVideo.htm
IE: &D&ownload all with BitComet - c:\program files\BitComet\BitComet.exe/AddAllLink.htm
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~3\Office14\EXCEL.EXE/3000
IE: Se&nd to OneNote - c:\progra~1\MICROS~3\Office14\ONBttnIE.dll/105
Filter: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - c:\program files\Common Files\microsoft shared\OFFICE14\MSOXMLMF.DLL
Handler: AutorunsDisabled\avgsecuritytoolbar - {F2DDE6B2-9684-4A55-86D4-E255E237B77C} - c:\program files\AVG\AVG9\Toolbar\IEToolbar.dll
FF - ProfilePath - c:\users\Metroidn1f\AppData\Roaming\Mozilla\Firefox\Profiles\byrk88sh.default\
FF - prefs.js: browser.startup.homepage - hxxp://www.youtube.com
FF - component: c:\program files\Adobe\Adobe Contribute CS5\Plugins\FirefoxPlugin\{01A8CA0A-4C96-465b-A49B-65C46FAD54F9}\components\Contribute.dll
FF - component: c:\program files\AVG\AVG9\Firefox\components\avgssff.dll
FF - component: c:\users\Metroidn1f\AppData\Roaming\Mozilla\Firefox\Profiles\byrk88sh.default\extensions\{B042753D-F57E-4e8e-A01B-7379A6D4CEFB}\components\IBitCometExtension.dll
FF - plugin: c:\progra~1\MICROS~3\Office14\NPAUTHZ.DLL
FF - plugin: c:\progra~1\MICROS~3\Office14\NPSPWRAP.DLL
FF - plugin: c:\program files\Java\jre6\bin\new_plugin\npdeployJava1.dll
FF - plugin: c:\program files\K-Lite Codec Pack\Real\browser\plugins\nppl3260.dll
FF - plugin: c:\program files\K-Lite Codec Pack\Real\browser\plugins\nprpjplug.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\npContribute.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\npdnupdater2.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\npwachk.dll
FF - plugin: c:\program files\MpcStar\Codecs\Real\browser\plugins\nppl3260.dll
FF - plugin: c:\program files\MpcStar\Codecs\Real\browser\plugins\nprpjplug.dll

---- FIREFOX POLICIES ----
FF - user.js: network.protocol-handler.warn-external.dnupdate - falsec:\program files\Mozilla Firefox\greprefs\all.js - pref("ui.use_native_colors", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.auth.force-generic-ntlm", false);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("svg.smil.enabled", false);
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.allow_unrestricted_renego_everywhere__temporarily_available_pref", true);
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.renego_unrestricted_hosts", "");
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.treat_unsafe_negotiation_as_broken", false);
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.require_safe_negotiation", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.name", "chrome://browser/locale/browser.properties");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.description", "chrome://browser/locale/browser.properties");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("plugins.update.notifyUser", false);
.

**************************************************************************

Stealth MBR rootkit/Mebroot/Sinowal detector 0.3.7 by Gmer, http://www.gmer.net

device: opened successfully
user: MBR read successfully
called modules: ntkrnlpa.exe CLASSPNP.SYS disk.sys ACPI.sys halmacpi.dll >>UNKNOWN [0x860FAEC5]<<
kernel: MBR read successfully
detected MBR rootkit hooks:
IoDeviceObjectType -> DumpProcedure -> 0x53706341
SecurityProcedure -> 0x8c605570
QueryNameProcedure -> 0x260026
user & kernel MBR OK

**************************************************************************
.
--------------------- LOCKED REGISTRY KEYS ---------------------

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil10g_ActiveX.exe,-101"

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]
"Enabled"=dword:00000001

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]
@="c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil10g_ActiveX.exe"

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]
@Denied: (A 2) (Everyone)
@="IFlashBroker4"

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
Completion time: 2010-06-13 11:01:04
ComboFix-quarantined-files.txt 2010-06-13 15:01

Pre-Run: 235,162,484,736 bytes free
Post-Run: 235,372,048,384 bytes free

- - End Of File - - 94032CD43F881C58D1F2ED6578F04D5D


#11 schrauber

schrauber

    Mr.Mechanic


  • Malware Response Team
  • 24,794 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Munich,Germany
  • Local time:08:21 AM

Posted 14 June 2010 - 03:07 PM

Hi,

  • Download TDSSKiller and save it to your Desktop.
  • Extract its contents to your desktop and make sure TDSSKiller.exe (the contents of the zipped file) is on the Desktop itself, not within a folder on the desktop.
  • Go to Start > Run (Or you can hold down your Windows key and press R) and copy and paste the following into the text field. (make sure you include the quote marks) Then press OK.

    "%userprofile%\Desktop\TDSSKiller.exe" -l C:\TDSSKiller.txt -v

  • If it says "Hidden service detected" DO NOT type anything in. Just press Enter on your keyboard to not do anything to the file.
  • When it is done, a log file should be created on your C: drive called "TDSSKiller.txt" please copy and paste the contents of that file here.

regards,
schrauber

Posted Image
Posted Image

If I've not posted back within 48 hrs., feel free to send a PM with your topic link. Thank you!

If I have helped you then please consider donating to continue the fight against malware Posted Image

#12 Metroidn1f

Metroidn1f
  • Topic Starter

  • Members
  • 16 posts
  • OFFLINE
  •  
  • Local time:03:21 AM

Posted 14 June 2010 - 08:26 PM

21:10:30:194 2628 TDSS rootkit removing tool 2.3.2.0 May 31 2010 10:39:48
21:10:30:194 2628 ================================================================================
21:10:30:194 2628 SystemInfo:

21:10:30:194 2628 OS Version: 6.1.7600 ServicePack: 0.0
21:10:30:194 2628 Product type: Workstation
21:10:30:194 2628 ComputerName: METROIDN1F-PC
21:10:30:204 2628 UserName: Metroidn1f
21:10:30:204 2628 Windows directory: C:\Windows
21:10:30:204 2628 Processor architecture: Intel x86
21:10:30:204 2628 Number of processors: 2
21:10:30:204 2628 Page size: 0x1000
21:10:30:204 2628 Boot type: Normal boot
21:10:30:204 2628 ================================================================================
21:10:30:584 2628 Initialize success
21:10:30:584 2628
21:10:30:584 2628 Scanning Services ...
21:10:31:434 2628 Raw services enum returned 453 services
21:10:31:434 2628
21:10:31:434 2628 Scanning Drivers ...
21:10:32:304 2628 1394ohci (6d2aca41739bfe8cb86ee8e85f29697d) C:\Windows\system32\DRIVERS\1394ohci.sys
21:10:32:324 2628 ACPI (f0e07d144c8685b8774bc32fc8da4df0) C:\Windows\system32\DRIVERS\ACPI.sys
21:10:32:354 2628 AcpiPmi (98d81ca942d19f7d9153b095162ac013) C:\Windows\system32\DRIVERS\acpipmi.sys
21:10:32:394 2628 adp94xx (21e785ebd7dc90a06391141aac7892fb) C:\Windows\system32\DRIVERS\adp94xx.sys
21:10:32:434 2628 adpahci (0c676bc278d5b59ff5abd57bbe9123f2) C:\Windows\system32\DRIVERS\adpahci.sys
21:10:32:454 2628 adpu320 (7c7b5ee4b7b822ec85321fe23a27db33) C:\Windows\system32\DRIVERS\adpu320.sys
21:10:32:484 2628 AFD (ddc040fdb01ef1712a6b13e52afb104c) C:\Windows\system32\drivers\afd.sys
21:10:32:514 2628 agp440 (507812c3054c21cef746b6ee3d04dd6e) C:\Windows\system32\DRIVERS\agp440.sys
21:10:32:544 2628 aic78xx (8b30250d573a8f6b4bd23195160d8707) C:\Windows\system32\DRIVERS\djsvs.sys
21:10:32:574 2628 aliide (0d40bcf52ea90fc7df2aeab6503dea44) C:\Windows\system32\DRIVERS\aliide.sys
21:10:32:594 2628 amdagp (3c6600a0696e90a463771c7422e23ab5) C:\Windows\system32\DRIVERS\amdagp.sys
21:10:32:604 2628 amdide (cd5914170297126b6266860198d1d4f0) C:\Windows\system32\DRIVERS\amdide.sys
21:10:32:694 2628 AmdK8 (00dda200d71bac534bf56a9db5dfd666) C:\Windows\system32\DRIVERS\amdk8.sys
21:10:32:714 2628 AmdPPM (3cbf30f5370fda40dd3e87df38ea53b6) C:\Windows\system32\DRIVERS\amdppm.sys
21:10:32:734 2628 amdsata (2101a86c25c154f8314b24ef49d7fbc2) C:\Windows\system32\DRIVERS\amdsata.sys
21:10:32:764 2628 amdsbs (ea43af0c423ff267355f74e7a53bdaba) C:\Windows\system32\DRIVERS\amdsbs.sys
21:10:32:784 2628 amdxata (b81c2b5616f6420a9941ea093a92b150) C:\Windows\system32\DRIVERS\amdxata.sys
21:10:32:814 2628 AppID (feb834c02ce1e84b6a38f953ca067706) C:\Windows\system32\drivers\appid.sys
21:10:32:834 2628 arc (2932004f49677bd84dbc72edb754ffb3) C:\Windows\system32\DRIVERS\arc.sys
21:10:32:854 2628 arcsas (5d6f36c46fd283ae1b57bd2e9feb0bc7) C:\Windows\system32\DRIVERS\arcsas.sys
21:10:32:874 2628 AsyncMac (add2ade1c2b285ab8378d2daaf991481) C:\Windows\system32\DRIVERS\asyncmac.sys
21:10:32:894 2628 atapi (338c86357871c167a96ab976519bf59e) C:\Windows\system32\DRIVERS\atapi.sys
21:10:32:924 2628 Avgfwfd (26a4640a8f16f8ce39b93329c83bb15a) C:\Windows\system32\DRIVERS\avgfwd6x.sys
21:10:32:974 2628 AVGIDSDriverw7x (c4949261d3cd41e55cc1709ea69dc1d3) C:\Program Files\AVG\AVG9\Identity Protection\Agent\Driver\Platform_WIN7\AVGIDSDriver.sys
21:10:33:004 2628 AVGIDSErHrw7x (acf047a432811c179edcb3e5178f9652) C:\Windows\system32\Drivers\AVGIDSwx.sys
21:10:33:014 2628 AVGIDSFilterw7x (dc51e4b1b97e372e6c45c97df034b9d9) C:\Program Files\AVG\AVG9\Identity Protection\Agent\Driver\Platform_WIN7\AVGIDSFilter.sys
21:10:33:024 2628 AVGIDSShimw7x (8ba3b6e7326477d5873cfb6faa1cbc87) C:\Program Files\AVG\AVG9\Identity Protection\Agent\Driver\Platform_WIN7\AVGIDSShim.sys
21:10:33:044 2628 AvgLdx86 (9c0a7e6d3cb9a8a7ad4e4575d9a42e94) C:\Windows\system32\Drivers\avgldx86.sys
21:10:33:084 2628 AvgMfx86 (53b3f979930a786a614d29cafe99f645) C:\Windows\system32\Drivers\avgmfx86.sys
21:10:33:104 2628 AvgRkx86 (5bbcd8646074a3af4ee9b321d12c2b64) C:\Windows\system32\Drivers\avgrkx86.sys
21:10:33:124 2628 AvgTdiX (6e11bbc8dc5af836adc9c5f682fa3186) C:\Windows\system32\Drivers\avgtdix.sys
21:10:33:164 2628 b06bdrv (1a231abec60fd316ec54c66715543cec) C:\Windows\system32\DRIVERS\bxvbdx.sys
21:10:33:204 2628 b57nd60x (bd8869eb9cde6bbe4508d869929869ee) C:\Windows\system32\DRIVERS\b57nd60x.sys
21:10:33:234 2628 Beep (505506526a9d467307b3c393dedaf858) C:\Windows\system32\drivers\Beep.sys
21:10:33:254 2628 blbdrive (2287078ed48fcfc477b05b20cf38f36f) C:\Windows\system32\DRIVERS\blbdrive.sys
21:10:33:264 2628 bowser (fcafaef6798d7b51ff029f99a9898961) C:\Windows\system32\DRIVERS\bowser.sys
21:10:33:294 2628 BrFiltLo (9f9acc7f7ccde8a15c282d3f88b43309) C:\Windows\system32\DRIVERS\BrFiltLo.sys
21:10:33:314 2628 BrFiltUp (56801ad62213a41f6497f96dee83755a) C:\Windows\system32\DRIVERS\BrFiltUp.sys
21:10:33:364 2628 Brserid (845b8ce732e67f3b4133164868c666ea) C:\Windows\System32\Drivers\Brserid.sys
21:10:33:384 2628 BrSerWdm (203f0b1e73adadbbb7b7b1fabd901f6b) C:\Windows\System32\Drivers\BrSerWdm.sys
21:10:33:414 2628 BrUsbMdm (bd456606156ba17e60a04e18016ae54b) C:\Windows\System32\Drivers\BrUsbMdm.sys
21:10:33:434 2628 BrUsbSer (af72ed54503f717a43268b3cc5faec2e) C:\Windows\System32\Drivers\BrUsbSer.sys
21:10:33:454 2628 BTHMODEM (ed3df7c56ce0084eb2034432fc56565a) C:\Windows\system32\DRIVERS\bthmodem.sys
21:10:33:524 2628 cdfs (77ea11b065e0a8ab902d78145ca51e10) C:\Windows\system32\DRIVERS\cdfs.sys
21:10:33:554 2628 cdrom (ba6e70aa0e6091bc39de29477d866a77) C:\Windows\system32\DRIVERS\cdrom.sys
21:10:33:584 2628 circlass (3fe3fe94a34df6fb06e6418d0f6a0060) C:\Windows\system32\DRIVERS\circlass.sys
21:10:33:624 2628 CLFS (635181e0e9bbf16871bf5380d71db02d) C:\Windows\system32\CLFS.sys
21:10:33:704 2628 CmBatt (dea805815e587dad1dd2c502220b5616) C:\Windows\system32\DRIVERS\CmBatt.sys
21:10:33:724 2628 cmdide (c537b1db64d495b9b4717b4d6d9edbf2) C:\Windows\system32\DRIVERS\cmdide.sys
21:10:33:744 2628 CNG (1b675691ed940766149c93e8f4488d68) C:\Windows\system32\Drivers\cng.sys
21:10:33:774 2628 Compbatt (a6023d3823c37043986713f118a89bee) C:\Windows\system32\DRIVERS\compbatt.sys
21:10:33:804 2628 CompositeBus (f1724ba27e97d627f808fb0ba77a28a6) C:\Windows\system32\DRIVERS\CompositeBus.sys
21:10:33:824 2628 crcdisk (2c4ebcfc84a9b44f209dff6c6e6c61d1) C:\Windows\system32\DRIVERS\crcdisk.sys
21:10:33:904 2628 CrystalSysInfo (f054744f67576a01139885173392502b) C:\Program Files\MediaCoder\SysInfo.sys
21:10:33:964 2628 CSC (27c9490bdd0ae48911ab8cf1932591ed) C:\Windows\system32\drivers\csc.sys
21:10:33:984 2628 DfsC (8e09e52ee2e3ceb199ef3dd99cf9e3fb) C:\Windows\system32\Drivers\dfsc.sys
21:10:34:004 2628 discache (1a050b0274bfb3890703d490f330c0da) C:\Windows\system32\drivers\discache.sys
21:10:34:024 2628 Disk (565003f326f99802e68ca78f2a68e9ff) C:\Windows\system32\DRIVERS\disk.sys
21:10:34:054 2628 drmkaud (b918e7c5f9bf77202f89e1a9539f2eb4) C:\Windows\system32\drivers\drmkaud.sys
21:10:34:094 2628 DXGKrnl (8b6c3464d7fac176500061dbfff42ad4) C:\Windows\System32\drivers\dxgkrnl.sys
21:10:34:184 2628 ebdrv (024e1b5cac09731e4d868e64dbfb4ab0) C:\Windows\system32\DRIVERS\evbdx.sys
21:10:34:284 2628 ElbyCDIO (44996a2addd2db7454f2ca40b67d8941) C:\Windows\system32\Drivers\ElbyCDIO.sys
21:10:34:324 2628 elxstor (0ed67910c8c326796faa00b2bf6d9d3c) C:\Windows\system32\DRIVERS\elxstor.sys
21:10:34:354 2628 ErrDev (8fc3208352dd3912c94367a206ab3f11) C:\Windows\system32\DRIVERS\errdev.sys
21:10:34:384 2628 exfat (2dc9108d74081149cc8b651d3a26207f) C:\Windows\system32\drivers\exfat.sys
21:10:34:414 2628 fastfat (7e0ab74553476622fb6ae36f73d97d35) C:\Windows\system32\drivers\fastfat.sys
21:10:34:434 2628 fdc (e817a017f82df2a1f8cfdbda29388b29) C:\Windows\system32\DRIVERS\fdc.sys
21:10:34:454 2628 FileInfo (6cf00369c97f3cf563be99be983d13d8) C:\Windows\system32\drivers\fileinfo.sys
21:10:34:474 2628 Filetrace (42c51dc94c91da21cb9196eb64c45db9) C:\Windows\system32\drivers\filetrace.sys
21:10:34:494 2628 flpydisk (87907aa70cb3c56600f1c2fb8841579b) C:\Windows\system32\DRIVERS\flpydisk.sys
21:10:34:524 2628 FltMgr (7520ec808e0c35e0ee6f841294316653) C:\Windows\system32\drivers\fltmgr.sys
21:10:34:544 2628 FsDepends (1a16b57943853e598cff37fe2b8cbf1d) C:\Windows\system32\drivers\FsDepends.sys
21:10:34:554 2628 Fs_Rec (a574b4360e438977038aae4bf60d79a2) C:\Windows\system32\drivers\Fs_Rec.sys
21:10:34:594 2628 fvevol (dafbd9fe39197495aed6d51f3b85b5d2) C:\Windows\system32\DRIVERS\fvevol.sys
21:10:34:614 2628 gagp30kx (65ee0c7a58b65e74ae05637418153938) C:\Windows\system32\DRIVERS\gagp30kx.sys
21:10:34:704 2628 hcw85cir (c44e3c2bab6837db337ddee7544736db) C:\Windows\system32\drivers\hcw85cir.sys
21:10:34:734 2628 HdAudAddService (3530cad25deba7dc7de8bb51632cbc5f) C:\Windows\system32\drivers\HdAudio.sys
21:10:34:754 2628 HDAudBus (717a2207fd6f13ad3e664c7d5a43c7bf) C:\Windows\system32\DRIVERS\HDAudBus.sys
21:10:34:784 2628 HidBatt (1d58a7f3e11a9731d0eaaaa8405acc36) C:\Windows\system32\DRIVERS\HidBatt.sys
21:10:34:804 2628 HidBth (89448f40e6df260c206a193a4683ba78) C:\Windows\system32\DRIVERS\hidbth.sys
21:10:34:884 2628 HidIr (cf50b4cf4a4f229b9f3c08351f99ca5e) C:\Windows\system32\DRIVERS\hidir.sys
21:10:34:924 2628 HidUsb (25072fb35ac90b25f9e4e3bacf774102) C:\Windows\system32\DRIVERS\hidusb.sys
21:10:34:944 2628 HpSAMD (295fdc419039090eb8b49ffdbb374549) C:\Windows\system32\DRIVERS\HpSAMD.sys
21:10:34:974 2628 HTTP (c531c7fd9e8b62021112787c4e2c5a5a) C:\Windows\system32\drivers\HTTP.sys
21:10:35:014 2628 hwpolicy (8305f33cde89ad6c7a0763ed0b5a8d42) C:\Windows\system32\drivers\hwpolicy.sys
21:10:35:024 2628 i8042prt (f151f0bdc47f4a28b1b20a0818ea36d6) C:\Windows\system32\DRIVERS\i8042prt.sys
21:10:35:054 2628 iaStorV (934af4d7c5f457b9f0743f4299b77b67) C:\Windows\system32\DRIVERS\iaStorV.sys
21:10:35:084 2628 iirsp (4173ff5708f3236cf25195fecd742915) C:\Windows\system32\DRIVERS\iirsp.sys
21:10:35:114 2628 intelide (a0f12f2c9ba6c72f3987ce780e77c130) C:\Windows\system32\DRIVERS\intelide.sys
21:10:35:134 2628 intelppm (3b514d27bfc4accb4037bc6685f766e0) C:\Windows\system32\DRIVERS\intelppm.sys
21:10:35:144 2628 IpFilterDriver (709d1761d3b19a932ff0238ea6d50200) C:\Windows\system32\DRIVERS\ipfltdrv.sys
21:10:35:164 2628 IPMIDRV (e4454b6c37d7ffd5649611f6496308a7) C:\Windows\system32\DRIVERS\IPMIDrv.sys
21:10:35:194 2628 IPNAT (a5fa468d67abcdaa36264e463a7bb0cd) C:\Windows\system32\drivers\ipnat.sys
21:10:35:214 2628 IRENUM (42996cff20a3084a56017b7902307e9f) C:\Windows\system32\drivers\irenum.sys
21:10:35:234 2628 isapnp (1f32bb6b38f62f7df1a7ab7292638a35) C:\Windows\system32\DRIVERS\isapnp.sys
21:10:35:264 2628 iScsiPrt (ed46c223ae46c6866ab77cdc41c404b7) C:\Windows\system32\DRIVERS\msiscsi.sys
21:10:35:294 2628 kbdclass (adef52ca1aeae82b50df86b56413107e) C:\Windows\system32\DRIVERS\kbdclass.sys
21:10:35:304 2628 kbdhid (3d9f0ebf350edcfd6498057301455964) C:\Windows\system32\DRIVERS\kbdhid.sys
21:10:35:334 2628 klmd23 (67e1faa88fb397b3d56909d7e04f4dd3) C:\Windows\system32\drivers\klmd.sys
21:10:35:344 2628 KSecDD (e36a061ec11b373826905b21be10948f) C:\Windows\system32\Drivers\ksecdd.sys
21:10:35:394 2628 KSecPkg (365c6154bbbc5377173f1ca7bfb6cc59) C:\Windows\system32\Drivers\ksecpkg.sys
21:10:35:404 2628 lltdio (f7611ec07349979da9b0ae1f18ccc7a6) C:\Windows\system32\DRIVERS\lltdio.sys
21:10:35:434 2628 LSI_FC (eb119a53ccf2acc000ac71b065b78fef) C:\Windows\system32\DRIVERS\lsi_fc.sys
21:10:35:444 2628 LSI_SAS (8ade1c877256a22e49b75d1cc9161f9c) C:\Windows\system32\DRIVERS\lsi_sas.sys
21:10:35:474 2628 LSI_SAS2 (dc9dc3d3daa0e276fd2ec262e38b11e9) C:\Windows\system32\DRIVERS\lsi_sas2.sys
21:10:35:494 2628 LSI_SCSI (0a036c7d7cab643a7f07135ac47e0524) C:\Windows\system32\DRIVERS\lsi_scsi.sys
21:10:35:524 2628 luafv (6703e366cc18d3b6e534f5cf7df39cee) C:\Windows\system32\drivers\luafv.sys
21:10:35:544 2628 megasas (0fff5b045293002ab38eb1fd1fc2fb74) C:\Windows\system32\DRIVERS\megasas.sys
21:10:35:574 2628 MegaSR (dcbab2920c75f390caf1d29f675d03d6) C:\Windows\system32\DRIVERS\MegaSR.sys
21:10:35:604 2628 Modem (f001861e5700ee84e2d4e52c712f4964) C:\Windows\system32\drivers\modem.sys
21:10:35:684 2628 monitor (79d10964de86b292320e9dfe02282a23) C:\Windows\system32\DRIVERS\monitor.sys
21:10:35:694 2628 mouclass (fb18cc1d4c2e716b6b903b0ac0cc0609) C:\Windows\system32\DRIVERS\mouclass.sys
21:10:35:704 2628 mouhid (2c388d2cd01c9042596cf3c8f3c7b24d) C:\Windows\system32\DRIVERS\mouhid.sys
21:10:35:714 2628 mountmgr (921c18727c5920d6c0300736646931c2) C:\Windows\system32\drivers\mountmgr.sys
21:10:35:744 2628 mpio (2af5997438c55fb79d33d015c30e1974) C:\Windows\system32\DRIVERS\mpio.sys
21:10:35:754 2628 mpsdrv (ad2723a7b53dd1aacae6ad8c0bfbf4d0) C:\Windows\system32\drivers\mpsdrv.sys
21:10:35:774 2628 MRxDAV (b1be47008d20e43da3adc37c24cdb89d) C:\Windows\system32\drivers\mrxdav.sys
21:10:35:804 2628 mrxsmb (f1b6aa08497ea86ca6ef6f7a08b0bfb8) C:\Windows\system32\DRIVERS\mrxsmb.sys
21:10:35:834 2628 mrxsmb10 (5613358b4050f46f5a9832da8050d6e4) C:\Windows\system32\DRIVERS\mrxsmb10.sys
21:10:35:864 2628 mrxsmb20 (25c9792778d80feb4c8201e62281bfdf) C:\Windows\system32\DRIVERS\mrxsmb20.sys
21:10:35:894 2628 msahci (4326d168944123f38dd3b2d9c37a0b12) C:\Windows\system32\DRIVERS\msahci.sys
21:10:35:914 2628 msdsm (455029c7174a2dbb03dba8a0d8bddd9a) C:\Windows\system32\DRIVERS\msdsm.sys
21:10:35:944 2628 Msfs (daefb28e3af5a76abcc2c3078c07327f) C:\Windows\system32\drivers\Msfs.sys
21:10:35:964 2628 mshidkmdf (3e1e5767043c5af9367f0056295e9f84) C:\Windows\System32\drivers\mshidkmdf.sys
21:10:35:974 2628 msisadrv (0a4e5757ae09fa9622e3158cc1aef114) C:\Windows\system32\DRIVERS\msisadrv.sys
21:10:35:994 2628 MSKSSRV (8c0860d6366aaffb6c5bb9df9448e631) C:\Windows\system32\drivers\MSKSSRV.sys
21:10:36:014 2628 MSPCLOCK (3ea8b949f963562cedbb549eac0c11ce) C:\Windows\system32\drivers\MSPCLOCK.sys
21:10:36:034 2628 MSPQM (f456e973590d663b1073e9c463b40932) C:\Windows\system32\drivers\MSPQM.sys
21:10:36:054 2628 MsRPC (0e008fc4819d238c51d7c93e7b41e560) C:\Windows\system32\drivers\MsRPC.sys
21:10:36:064 2628 mssmbios (fc6b9ff600cc585ea38b12589bd4e246) C:\Windows\system32\DRIVERS\mssmbios.sys
21:10:36:084 2628 MSTEE (b42c6b921f61a6e55159b8be6cd54a36) C:\Windows\system32\drivers\MSTEE.sys
21:10:36:104 2628 MTConfig (33599130f44e1f34631cea241de8ac84) C:\Windows\system32\DRIVERS\MTConfig.sys
21:10:36:114 2628 Mup (159fad02f64e6381758c990f753bcc80) C:\Windows\system32\Drivers\mup.sys
21:10:36:144 2628 NativeWifiP (26384429fcd85d83746f63e798ab1480) C:\Windows\system32\DRIVERS\nwifi.sys
21:10:36:164 2628 NDIS (23759d175a0a9baaf04d05047bc135a8) C:\Windows\system32\drivers\ndis.sys
21:10:36:194 2628 NdisCap (0e1787aa6c9191d3d319e8bafe86f80c) C:\Windows\system32\DRIVERS\ndiscap.sys
21:10:36:204 2628 NdisTapi (e4a8aec125a2e43a9e32afeea7c9c888) C:\Windows\system32\DRIVERS\ndistapi.sys
21:10:36:224 2628 Ndisuio (b30ae7f2b6d7e343b0df32e6c08fce75) C:\Windows\system32\DRIVERS\ndisuio.sys
21:10:36:244 2628 NdisWan (267c415eadcbe53c9ca873dee39cf3a4) C:\Windows\system32\DRIVERS\ndiswan.sys
21:10:36:254 2628 NDProxy (af7e7c63dcef3f8772726f86039d6eb4) C:\Windows\system32\drivers\NDProxy.sys
21:10:36:274 2628 NetBIOS (80b275b1ce3b0e79909db7b39af74d51) C:\Windows\system32\DRIVERS\netbios.sys
21:10:36:284 2628 NetBT (dd52a733bf4ca5af84562a5e2f963b91) C:\Windows\system32\DRIVERS\netbt.sys
21:10:36:314 2628 nfrd960 (1d85c4b390b0ee09c7a46b91efb2c097) C:\Windows\system32\DRIVERS\nfrd960.sys
21:10:36:334 2628 Npfs (1db262a9f8c087e8153d89bef3d2235f) C:\Windows\system32\drivers\Npfs.sys
21:10:36:344 2628 nsiproxy (e9a0a4d07e53d8fea2bb8387a3293c58) C:\Windows\system32\drivers\nsiproxy.sys
21:10:36:374 2628 Ntfs (3795dcd21f740ee799fb7223234215af) C:\Windows\system32\drivers\Ntfs.sys
21:10:36:424 2628 Null (f9756a98d69098dca8945d62858a812c) C:\Windows\system32\drivers\Null.sys
21:10:36:654 2628 nvlddmkm (c8cb6135884cbc2a10225c4c3cef0f95) C:\Windows\system32\DRIVERS\nvlddmkm.sys
21:10:36:894 2628 nvraid (3f3d04b1d08d43c16ea7963954ec768d) C:\Windows\system32\DRIVERS\nvraid.sys
21:10:36:914 2628 nvstor (c99f251a5de63c6f129cf71933aced0f) C:\Windows\system32\DRIVERS\nvstor.sys
21:10:36:944 2628 nv_agp (5a0983915f02bae73267cc2a041f717d) C:\Windows\system32\DRIVERS\nv_agp.sys
21:10:36:964 2628 ohci1394 (08a70a1f2cdde9bb49b885cb817a66eb) C:\Windows\system32\DRIVERS\ohci1394.sys
21:10:36:984 2628 Parport (2ea877ed5dd9713c5ac74e8ea7348d14) C:\Windows\system32\DRIVERS\parport.sys
21:10:37:004 2628 partmgr (ff4218952b51de44fe910953a3e686b9) C:\Windows\system32\drivers\partmgr.sys
21:10:37:024 2628 Parvdm (eb0a59f29c19b86479d36b35983daadc) C:\Windows\system32\DRIVERS\parvdm.sys
21:10:37:034 2628 pci (c858cb77c577780ecc456a892e7e7d0f) C:\Windows\system32\DRIVERS\pci.sys
21:10:37:044 2628 pciide (afe86f419014db4e5593f69ffe26ce0a) C:\Windows\system32\DRIVERS\pciide.sys
21:10:37:074 2628 pcmcia (f396431b31693e71e8a80687ef523506) C:\Windows\system32\DRIVERS\pcmcia.sys
21:10:37:084 2628 pcw (250f6b43d2b613172035c6747aeeb19f) C:\Windows\system32\drivers\pcw.sys
21:10:37:124 2628 PEAUTH (9e0104ba49f4e6973749a02bf41344ed) C:\Windows\system32\drivers\peauth.sys
21:10:37:154 2628 PptpMiniport (631e3e205ad6d86f2aed6a4a8e69f2db) C:\Windows\system32\DRIVERS\raspptp.sys
21:10:37:184 2628 Processor (85b1e3a0c7585bc4aae6899ec6fcf011) C:\Windows\system32\DRIVERS\processr.sys
21:10:37:204 2628 Psched (6270ccae2a86de6d146529fe55b3246a) C:\Windows\system32\DRIVERS\pacer.sys
21:10:37:234 2628 PxHelp20 (40fedd328f98245ad201cf5f9f311724) C:\Windows\system32\Drivers\PxHelp20.sys
21:10:37:284 2628 ql2300 (ab95ecf1f6659a60ddc166d8315b0751) C:\Windows\system32\DRIVERS\ql2300.sys
21:10:37:334 2628 ql40xx (b4dd51dd25182244b86737dc51af2270) C:\Windows\system32\DRIVERS\ql40xx.sys
21:10:37:354 2628 QWAVEdrv (584078ca1b95ca72df2a27c336f9719d) C:\Windows\system32\drivers\qwavedrv.sys
21:10:37:384 2628 RasAcd (30a81b53c766d0133bb86d234e5556ab) C:\Windows\system32\DRIVERS\rasacd.sys
21:10:37:414 2628 RasAgileVpn (57ec4aef73660166074d8f7f31c0d4fd) C:\Windows\system32\DRIVERS\AgileVpn.sys
21:10:37:424 2628 Rasl2tp (d9f91eafec2815365cbe6d167e4e332a) C:\Windows\system32\DRIVERS\rasl2tp.sys
21:10:37:434 2628 RasPppoe (0fe8b15916307a6ac12bfb6a63e45507) C:\Windows\system32\DRIVERS\raspppoe.sys
21:10:37:454 2628 RasSstp (44101f495a83ea6401d886e7fd70096b) C:\Windows\system32\DRIVERS\rassstp.sys
21:10:37:464 2628 rdbss (835d7e81bf517a3b72384bdcc85e1ce6) C:\Windows\system32\DRIVERS\rdbss.sys
21:10:37:494 2628 rdpbus (0d8f05481cb76e70e1da06ee9f0da9df) C:\Windows\system32\DRIVERS\rdpbus.sys
21:10:37:514 2628 RDPCDD (1e016846895b15a99f9a176a05029075) C:\Windows\system32\DRIVERS\RDPCDD.sys
21:10:37:554 2628 RDPDR (c5ff95883ffef704d50c40d21cfb3ab5) C:\Windows\system32\drivers\rdpdr.sys
21:10:37:584 2628 RDPENCDD (5a53ca1598dd4156d44196d200c94b8a) C:\Windows\system32\drivers\rdpencdd.sys
21:10:37:604 2628 RDPREFMP (44b0a53cd4f27d50ed461dae0c0b4e1f) C:\Windows\system32\drivers\rdprefmp.sys
21:10:37:694 2628 RDPWD (801371ba9782282892d00aadb08ee367) C:\Windows\system32\drivers\RDPWD.sys
21:10:37:724 2628 rdyboost (0f427efe2c19a43aa2fe1c1a75072521) C:\Windows\system32\drivers\rdyboost.sys
21:10:37:724 2628 Suspicious file (Forged): C:\Windows\system32\drivers\rdyboost.sys. Real md5: 0f427efe2c19a43aa2fe1c1a75072521, Fake md5: 8efab8aecd1152fb0a67573795d979f7
21:10:37:724 2628 File "C:\Windows\system32\drivers\rdyboost.sys" infected by TDSS rootkit ... 21:10:39:954 2628 Backup copy not found, trying to cure infected file..
21:10:39:954 2628 Cure success, using it..
21:10:39:964 2628 will be cured on next reboot
21:10:40:044 2628 rspndr (032b0d36ad92b582d869879f5af5b928) C:\Windows\system32\DRIVERS\rspndr.sys
21:10:40:084 2628 s3cap (5423d8437051e89dd34749f242c98648) C:\Windows\system32\DRIVERS\vms3cap.sys
21:10:40:104 2628 sbp2port (34ee0c44b724e3e4ce2eff29126de5b5) C:\Windows\system32\DRIVERS\sbp2port.sys
21:10:40:134 2628 scfilter (a95c54b2ac3cc9c73fcdf9e51a1d6b51) C:\Windows\system32\DRIVERS\scfilter.sys
21:10:40:144 2628 secdrv (90a3935d05b494a5a39d37e71f09a677) C:\Windows\system32\drivers\secdrv.sys
21:10:40:154 2628 Serenum (9ad8b8b515e3df6acd4212ef465de2d1) C:\Windows\system32\DRIVERS\serenum.sys
21:10:40:174 2628 Serial (5fb7fcea0490d821f26f39cc5ea3d1e2) C:\Windows\system32\DRIVERS\serial.sys
21:10:40:204 2628 sermouse (79bffb520327ff916a582dfea17aa813) C:\Windows\system32\DRIVERS\sermouse.sys
21:10:40:224 2628 sffdisk (9f976e1eb233df46fce808d9dea3eb9c) C:\Windows\system32\DRIVERS\sffdisk.sys
21:10:40:244 2628 sffp_mmc (932a68ee27833cfd57c1639d375f2731) C:\Windows\system32\DRIVERS\sffp_mmc.sys
21:10:40:254 2628 sffp_sd (a0708bbd07d245c06ff9de549ca47185) C:\Windows\system32\DRIVERS\sffp_sd.sys
21:10:40:274 2628 sfloppy (db96666cc8312ebc45032f30b007a547) C:\Windows\system32\DRIVERS\sfloppy.sys
21:10:40:304 2628 sisagp (2565cac0dc9fe0371bdce60832582b2e) C:\Windows\system32\DRIVERS\sisagp.sys
21:10:40:324 2628 SiSRaid2 (a9f0486851becb6dda1d89d381e71055) C:\Windows\system32\DRIVERS\SiSRaid2.sys
21:10:40:354 2628 SiSRaid4 (3727097b55738e2f554972c3be5bc1aa) C:\Windows\system32\DRIVERS\sisraid4.sys
21:10:40:374 2628 Smb (3e21c083b8a01cb70ba1f09303010fce) C:\Windows\system32\DRIVERS\smb.sys
21:10:40:394 2628 spldr (95cf1ae7527fb70f7816563cbc09d942) C:\Windows\system32\drivers\spldr.sys
21:10:40:444 2628 srv (50a83ca406c808bd35ac9141a0c7618f) C:\Windows\system32\DRIVERS\srv.sys
21:10:40:474 2628 srv2 (dce7e10feaabd4cae95948b3de5340bb) C:\Windows\system32\DRIVERS\srv2.sys
21:10:40:494 2628 srvnet (bd1433a32792fd0dc450479094fc435a) C:\Windows\system32\DRIVERS\srvnet.sys
21:10:40:514 2628 stexstor (db32d325c192b801df274bfd12a7e72b) C:\Windows\system32\DRIVERS\stexstor.sys
21:10:40:554 2628 storflt (957e346ca948668f2496a6ccf6ff82cc) C:\Windows\system32\DRIVERS\vmstorfl.sys
21:10:40:584 2628 storvsc (d5751969dc3e4b88bf482ac8ec9fe019) C:\Windows\system32\DRIVERS\storvsc.sys
21:10:40:604 2628 swenum (e58c78a848add9610a4db6d214af5224) C:\Windows\system32\DRIVERS\swenum.sys
21:10:40:704 2628 Tcpip (2cc3d75488abd3ec628bbb9a4fc84efc) C:\Windows\system32\drivers\tcpip.sys
21:10:40:774 2628 TCPIP6 (2cc3d75488abd3ec628bbb9a4fc84efc) C:\Windows\system32\DRIVERS\tcpip.sys
21:10:40:794 2628 tcpipreg (e64444523add154f86567c469bc0b17f) C:\Windows\system32\drivers\tcpipreg.sys
21:10:40:824 2628 TDPIPE (1875c1490d99e70e449e3afae9fcbadf) C:\Windows\system32\drivers\tdpipe.sys
21:10:40:844 2628 TDTCP (7551e91ea999ee9a8e9c331d5a9c31f3) C:\Windows\system32\drivers\tdtcp.sys
21:10:40:864 2628 tdx (cb39e896a2a83702d1737bfd402b3542) C:\Windows\system32\DRIVERS\tdx.sys
21:10:40:874 2628 TermDD (c36f41ee20e6999dbf4b0425963268a5) C:\Windows\system32\DRIVERS\termdd.sys
21:10:40:894 2628 tssecsrv (98ae6fa07d12cb4ec5cf4a9bfa5f4242) C:\Windows\system32\DRIVERS\tssecsrv.sys
21:10:40:924 2628 tunnel (3e461d890a97f9d4c168f5fda36e1d00) C:\Windows\system32\DRIVERS\tunnel.sys
21:10:40:954 2628 uagp35 (750fbcb269f4d7dd2e420c56b795db6d) C:\Windows\system32\DRIVERS\uagp35.sys
21:10:40:984 2628 udfs (09cc3e16f8e5ee7168e01cf8fcbe061a) C:\Windows\system32\DRIVERS\udfs.sys
21:10:41:014 2628 uliagpkx (44e8048ace47befbfdc2e9be4cbc8880) C:\Windows\system32\DRIVERS\uliagpkx.sys
21:10:41:024 2628 umbus (049b3a50b3d646baeeee9eec9b0668dc) C:\Windows\system32\DRIVERS\umbus.sys
21:10:41:044 2628 UmPass (7550ad0c6998ba1cb4843e920ee0feac) C:\Windows\system32\DRIVERS\umpass.sys
21:10:41:054 2628 usbccgp (8455c4ed038efd09e99327f9d2d48ffa) C:\Windows\system32\DRIVERS\usbccgp.sys
21:10:41:084 2628 usbcir (04ec7cec62ec3b6d9354eee93327fc82) C:\Windows\system32\DRIVERS\usbcir.sys
21:10:41:094 2628 usbehci (1c333bfd60f2fed2c7ad5daf533cb742) C:\Windows\system32\DRIVERS\usbehci.sys
21:10:41:134 2628 UsbFltr (1d6a4fa75af0400d3f99642c271f3255) C:\Windows\system32\Drivers\UsbFltr.sys
21:10:41:154 2628 usbhub (ee6ef93ccfa94fae8c6ab298273d8ae2) C:\Windows\system32\DRIVERS\usbhub.sys
21:10:41:164 2628 usbohci (a6fb7957ea7afb1165991e54ce934b74) C:\Windows\system32\DRIVERS\usbohci.sys
21:10:41:184 2628 usbprint (797d862fe0875e75c7cc4c1ad7b30252) C:\Windows\system32\DRIVERS\usbprint.sys
21:10:41:214 2628 usbscan (576096ccbc07e7c4ea4f5e6686d6888f) C:\Windows\system32\DRIVERS\usbscan.sys
21:10:41:234 2628 USBSTOR (d8889d56e0d27e57ed4591837fe71d27) C:\Windows\system32\DRIVERS\USBSTOR.SYS
21:10:41:254 2628 usbuhci (78780c3ebce17405b1ccd07a3a8a7d72) C:\Windows\system32\DRIVERS\usbuhci.sys
21:10:41:294 2628 VClone (94d73b62e458fb56c9ce60aa96d914f9) C:\Windows\system32\DRIVERS\VClone.sys
21:10:41:304 2628 vdrvroot (a059c4c3edb09e07d21a8e5c0aabd3cb) C:\Windows\system32\DRIVERS\vdrvroot.sys
21:10:41:334 2628 vga (17c408214ea61696cec9c66e388b14f3) C:\Windows\system32\DRIVERS\vgapnp.sys
21:10:41:344 2628 VgaSave (8e38096ad5c8570a6f1570a61e251561) C:\Windows\System32\drivers\vga.sys
21:10:41:374 2628 vhdmp (3be6e1f3a4f1afec8cee0d7883f93583) C:\Windows\system32\DRIVERS\vhdmp.sys
21:10:41:384 2628 viaagp (c829317a37b4bea8f39735d4b076e923) C:\Windows\system32\DRIVERS\viaagp.sys
21:10:41:414 2628 ViaC7 (e02f079a6aa107f06b16549c6e5c7b74) C:\Windows\system32\DRIVERS\viac7.sys
21:10:41:444 2628 viaide (e43574f6a56a0ee11809b48c09e4fd3c) C:\Windows\system32\DRIVERS\viaide.sys
21:10:41:474 2628 vmbus (379b349f65f453d2a6e75ea6b7448e49) C:\Windows\system32\DRIVERS\vmbus.sys
21:10:41:504 2628 VMBusHID (ec2bbab4b84d0738c6c83d2234dc36fe) C:\Windows\system32\DRIVERS\VMBusHID.sys
21:10:41:514 2628 volmgr (384e5a2aa49934295171e499f86ba6f3) C:\Windows\system32\DRIVERS\volmgr.sys
21:10:41:534 2628 volmgrx (b5bb72067ddddbbfb04b2f89ff8c3c87) C:\Windows\system32\drivers\volmgrx.sys
21:10:41:564 2628 volsnap (58df9d2481a56edde167e51b334d44fd) C:\Windows\system32\DRIVERS\volsnap.sys
21:10:41:604 2628 vsmraid (9dfa0cc2f8855a04816729651175b631) C:\Windows\system32\DRIVERS\vsmraid.sys
21:10:41:684 2628 vwifibus (90567b1e658001e79d7c8bbd3dde5aa6) C:\Windows\System32\drivers\vwifibus.sys
21:10:41:704 2628 WacomPen (de3721e89c653aa281428c8a69745d90) C:\Windows\system32\DRIVERS\wacompen.sys
21:10:41:714 2628 WANARP (692a712062146e96d28ba0b7d75de31b) C:\Windows\system32\DRIVERS\wanarp.sys
21:10:41:714 2628 Wanarpv6 (692a712062146e96d28ba0b7d75de31b) C:\Windows\system32\DRIVERS\wanarp.sys
21:10:41:734 2628 Wd (1112a9badacb47b7c0bb0392e3158dff) C:\Windows\system32\DRIVERS\wd.sys
21:10:41:754 2628 Wdf01000 (9950e3d0f08141c7e89e64456ae7dc73) C:\Windows\system32\drivers\Wdf01000.sys
21:10:41:774 2628 WfpLwf (8b9a943f3b53861f2bfaf6c186168f79) C:\Windows\system32\DRIVERS\wfplwf.sys
21:10:41:784 2628 WIMMount (5cf95b35e59e2a38023836fff31be64c) C:\Windows\system32\drivers\wimmount.sys
21:10:41:804 2628 WmiAcpi (0217679b8fca58714c3bf2726d2ca84e) C:\Windows\system32\DRIVERS\wmiacpi.sys
21:10:41:824 2628 ws2ifsl (6db3276587b853bf886b69528fdb048c) C:\Windows\system32\drivers\ws2ifsl.sys
21:10:41:854 2628 WudfPf (6f9b6c0c93232cff47d0f72d6db1d21e) C:\Windows\system32\drivers\WudfPf.sys
21:10:41:864 2628 WUDFRd (f91ff1e51fca30b3c3981db7d5924252) C:\Windows\system32\DRIVERS\WUDFRd.sys
21:10:41:904 2628 yukonw7 (30b73eb97218a16cbc6de535782a1b35) C:\Windows\system32\DRIVERS\yk62x86.sys
21:10:41:914 2628 Reboot required for cure complete..
21:10:42:154 2628 Cure on reboot scheduled successfully
21:10:42:154 2628
21:10:42:154 2628 Completed
21:10:42:164 2628
21:10:42:164 2628 Results:
21:10:42:164 2628 Registry objects infected / cured / cured on reboot: 0 / 0 / 0
21:10:42:164 2628 File objects infected / cured / cured on reboot: 1 / 0 / 1
21:10:42:164 2628
21:10:42:164 2628 KLMD(ARK) unloaded successfully


#13 schrauber

schrauber

    Mr.Mechanic


  • Malware Response Team
  • 24,794 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Munich,Germany
  • Local time:08:21 AM

Posted 15 June 2010 - 11:17 PM

Hi,



Go to Start => Run and copy/paste the following line and click OK.

cmd /c mbr.exe -t >log.txt&start log.txt

A log file opens. Please post the content to your reply.







Please download Malwarebytes Anti-Malware and save it to your desktop.
alternate download link 1
alternate download link 2

MBAM may "make changes to your registry" as part of its disinfection routine. If using other security programs that detect registry changes (ie Spybot's Teatimer), they may interfere or alert you. Temporarily disable such programs or permit them to allow the changes.
  • Make sure you are connected to the Internet.
  • Double-click on mbam-setup.exe to install the application.
  • When the installation begins, follow the prompts and do not make any changes to default settings.
  • When installation has finished, make sure you leave both of these checked:
    • Update Malwarebytes' Anti-Malware
    • Launch Malwarebytes' Anti-Malware
  • Then click Finish.
MBAM will automatically start and you will be asked to update the program before performing a scan.
  • If an update is found, the program will automatically update itself. Press the OK button to close that box and continue.
  • If you encounter any problems while downloading the definition updates, manually download them from here and just double-click on mbam-rules.exe to install.
On the Scanner tab:
  • Make sure the "Perform Quick Scan" option is selected.
  • Then click on the Scan button.
  • If asked to select the drives to scan, leave all the drives selected and click on the Start Scan button.
  • The scan will begin and "Scan in progress" will show at the top. It may take some time to complete so please be patient.
  • When the scan is finished, a message box will say "The scan completed successfully. Click 'Show Results' to display all objects found".
  • Click OK to close the message box and continue with the removal process.
Back at the main Scanner screen:
  • Click on the Show Results button to see a list of any malware that was found.
  • Make sure that everything is checked, and click Remove Selected.
  • When removal is completed, a log report will open in Notepad.
  • The log is automatically saved and can be viewed by clicking the Logs tab in MBAM.
  • Copy and paste the contents of that report in your next reply. Be sure to post the complete log to include the top portion which shows MBAM's database version and your operating system.
  • Exit MBAM when done.
Note: If MBAM encounters a file that is difficult to remove, you will be asked to reboot your computer so MBAM can proceed with the disinfection process. If asked to restart the computer, please do so immediately. Failure to reboot normally (not into safe mode) will prevent MBAM from removing all the malware.






I'd like us to scan your machine with ESET OnlineScan
  • Hold down Control and click on the following link to open ESET OnlineScan in a new window.
    ESET OnlineScan
  • Click the button.
  • For alternate browsers only: (Microsoft Internet Explorer users can skip these steps)
    • Click on to download the ESET Smart Installer. Save it to your desktop.
    • Double click on the icon on your desktop.
  • Check
  • Click the button.
  • Accept any security warnings from your browser.
  • Check
  • Push the Start button.
  • ESET will then download updates for itself, install itself, and begin scanning your computer. Please be patient as this can take some time.
  • When the scan completes, push
  • Push , and save the file to your desktop using a unique name, such as ESETScan. Include the contents of this report in your next reply.
  • Push the button.
  • Push
A log file will be saved here: C:\Program Files\ESET\ESET Online Scanner\log.txt





  1. Please download OTL from one of the following mirrors:
  2. Save it to your desktop.
  3. Double click on the icon on your desktop.
  4. Under the Custom Scan box paste this in
    netsvcs
    %SYSTEMDRIVE%\*.exe
    /md5start
    eventlog.dll
    scecli.dll
    netlogon.dll
    cngaudit.dll
    sceclt.dll
    ntelogon.dll
    logevent.dll
    iaStor.sys
    nvstor.sys
    atapi.sys
    IdeChnDr.sys
    viasraid.sys
    AGP440.sys
    vaxscsi.sys
    nvatabus.sys
    viamraid.sys
    nvata.sys
    nvgts.sys
    iastorv.sys
    ViPrt.sys
    eNetHook.dll
    ahcix86.sys
    KR10N.sys
    nvstor32.sys
    ahcix86s.sys
    nvrd32.sys
    symmpi.sys
    adp3132.sys
    mv61xx.sys
    /md5stop
    %systemroot%\*. /mp /s
    CREATERESTOREPOINT
    %systemroot%\system32\*.dll /lockedfiles
    %systemroot%\Tasks\*.job /lockedfiles
    %systemroot%\system32\drivers\*.sys /lockedfiles
    %systemroot%\System32\config\*.sav
    %systemdrive%\*.sys /90 /md5
  5. Push the Quick Scan button.
  6. Two reports will open, copy and paste them in a reply here:
    • OTL.txt <-- Will be opened
    • Extra.txt <-- Will be minimized

regards,
schrauber

Posted Image
Posted Image

If I've not posted back within 48 hrs., feel free to send a PM with your topic link. Thank you!

If I have helped you then please consider donating to continue the fight against malware Posted Image

#14 Metroidn1f

Metroidn1f
  • Topic Starter

  • Members
  • 16 posts
  • OFFLINE
  •  
  • Local time:03:21 AM

Posted 16 June 2010 - 04:51 PM

There was no extra file from the OTL.

Stealth MBR rootkit/Mebroot/Sinowal detector 0.3.7 by Gmer, http://www.gmer.net

device: opened successfully
user: MBR read successfully
called modules: ntkrnlpa.exe CLASSPNP.SYS disk.sys ACPI.sys halmacpi.dll ataport.SYS pciide.sys PCIIDEX.SYS atapi.sys
kernel: MBR read successfully
user & kernel MBR OK

Malwarebytes' Anti-Malware 1.46
www.malwarebytes.org

Database version: 4162

Windows 6.1.7600
Internet Explorer 8.0.7600.16385

16/06/2010 3:20:47 PM
mbam-log-2010-06-16 (15-20-47).txt

Scan type: Quick scan
Objects scanned: 134377
Time elapsed: 4 minute(s), 12 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 0

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
(No malicious items detected)


C:\Users\Metroidn1f\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\12\5175238c-42714397 probably a variant of Java/TrojanDownloader.Agent.AF trojan deleted - quarantined
C:\Windows\System32\config\systemprofile\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\28\25477dc-3e100d1a a variant of Java/Exploit.Agent.NAC trojan deleted - quarantined
C:\Windows\System32\config\systemprofile\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\56\5edfe4f8-4ef58e24 multiple threats deleted - quarantined


OTL logfile created on: 16/06/2010 5:22:18 PM - Run 5
OTL by OldTimer - Version 3.2.5.2 Folder = C:\Users\Metroidn1f\Desktop
Ultimate Edition (Version = 6.1.7600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.7600.16385)
Locale: 00001009 | Country: Canada | Language: ENC | Date Format: dd/MM/yyyy

3.00 Gb Total Physical Memory | 2.00 Gb Available Physical Memory | 54.00% Memory free
6.00 Gb Paging File | 5.00 Gb Available in Paging File | 74.00% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 298.09 Gb Total Space | 153.37 Gb Free Space | 51.45% Space Free | Partition Type: NTFS
D: Drive not present or media not loaded
E: Drive not present or media not loaded
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded

Computer Name: METROIDN1F-PC
Current User Name: Metroidn1f
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: All users
Company Name Whitelist: On
Skip Microsoft Files: On
File Age = 90 Days
Output = Standard
Quick Scan

========== Processes (SafeList) ==========

PRC - [2010/06/01 19:04:41 | 000,571,392 | ---- | M] (OldTimer Tools) -- C:\Users\Metroidn1f\Desktop\OTL.exe
PRC - [2010/06/01 09:12:33 | 002,065,248 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG9\avgtray.exe
PRC - [2010/06/01 09:12:32 | 000,620,896 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG9\avgnsx.exe
PRC - [2010/06/01 09:12:32 | 000,515,424 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG9\avgrsx.exe
PRC - [2010/06/01 09:12:28 | 002,331,544 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG9\avgfws9.exe
PRC - [2010/06/01 09:12:27 | 000,722,784 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG9\avgcsrvx.exe
PRC - [2010/06/01 09:12:25 | 001,101,152 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG9\avgchsvx.exe
PRC - [2010/05/21 11:36:28 | 003,824,472 | ---- | M] (AOL Inc.) -- C:\Program Files\AIM\aim.exe
PRC - [2010/05/20 21:34:12 | 000,310,224 | ---- | M] (Adobe Systems Incorporated) -- C:\Program Files\Common Files\Adobe\OOBE\PDApp\UWA\AAM Updates Notifier.exe
PRC - [2010/05/20 20:56:01 | 000,916,760 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG9\avgemc.exe
PRC - [2010/05/20 20:56:00 | 000,836,888 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG9\avgam.exe
PRC - [2010/05/20 20:56:00 | 000,308,064 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG9\avgwdsvc.exe
PRC - [2010/05/20 20:55:56 | 000,596,488 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG9\Identity Protection\Agent\Bin\AVGIDSMonitor.exe
PRC - [2010/05/20 20:55:55 | 005,888,008 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG9\Identity Protection\Agent\Bin\AVGIDSAgent.exe
PRC - [2010/04/16 18:36:42 | 000,026,480 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Windows Live\Contacts\wlcomm.exe
PRC - [2010/04/01 13:58:04 | 000,910,296 | ---- | M] (Mozilla Corporation) -- C:\Program Files\Mozilla Firefox\firefox.exe
PRC - [2010/01/21 17:20:06 | 001,422,168 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Microsoft Office\Office14\WINWORD.EXE
PRC - [2010/01/09 20:37:50 | 004,640,000 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Common Files\microsoft shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE
PRC - [2009/10/31 01:45:39 | 002,614,272 | ---- | M] (Microsoft Corporation) -- C:\Windows\explorer.exe
PRC - [2009/07/13 21:14:42 | 000,049,152 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\taskhost.exe
PRC - [2009/07/13 21:14:15 | 000,271,360 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\conhost.exe


========== Modules (SafeList) ==========

MOD - [2010/06/01 19:04:41 | 000,571,392 | ---- | M] (OldTimer Tools) -- C:\Users\Metroidn1f\Desktop\OTL.exe
MOD - [2009/07/13 21:16:15 | 000,099,840 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\sspicli.dll
MOD - [2009/07/13 21:16:13 | 000,092,160 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\sechost.dll
MOD - [2009/07/13 21:16:13 | 000,050,688 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\samcli.dll
MOD - [2009/07/13 21:16:12 | 000,031,744 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\profapi.dll
MOD - [2009/07/13 21:16:03 | 000,022,016 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\netutils.dll
MOD - [2009/07/13 21:15:35 | 000,288,256 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\KernelBase.dll
MOD - [2009/07/13 21:15:13 | 000,067,072 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\dwmapi.dll
MOD - [2009/07/13 21:15:11 | 000,064,512 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\devobj.dll
MOD - [2009/07/13 21:15:07 | 000,036,864 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\cryptbase.dll
MOD - [2009/07/13 21:15:02 | 000,145,920 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\cfgmgr32.dll
MOD - [2009/07/13 21:14:10 | 000,095,232 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\msscript.ocx
MOD - [2009/07/13 21:03:50 | 001,680,896 | ---- | M] (Microsoft Corporation) -- C:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7600.16385_none_421189da2b7fabfc\comctl32.dll


========== Win32 Services (SafeList) ==========

SRV - [2010/06/01 09:12:28 | 002,331,544 | ---- | M] (AVG Technologies CZ, s.r.o.) [Auto | Running] -- C:\Program Files\AVG\AVG9\avgfws9.exe -- (avgfws9)
SRV - [2010/05/21 08:28:27 | 001,343,400 | ---- | M] (Microsoft Corporation) [Unknown | Stopped] -- C:\Windows\System32\Wat\WatAdminSvc.exe -- (WatAdminSvc)
SRV - [2010/05/20 20:56:01 | 000,916,760 | ---- | M] (AVG Technologies CZ, s.r.o.) [Auto | Running] -- C:\Program Files\AVG\AVG9\avgemc.exe -- (avg9emc)
SRV - [2010/05/20 20:56:00 | 000,308,064 | ---- | M] (AVG Technologies CZ, s.r.o.) [Auto | Running] -- C:\Program Files\AVG\AVG9\avgwdsvc.exe -- (avg9wd)
SRV - [2010/05/20 20:55:55 | 005,888,008 | ---- | M] (AVG Technologies CZ, s.r.o.) [Auto | Running] -- C:\Program Files\AVG\AVG9\Identity Protection\Agent\Bin\AVGIDSAgent.exe -- (AVGIDSAgent)
SRV - [2010/04/19 10:25:46 | 000,430,152 | ---- | M] () [On_Demand | Stopped] -- C:\Program Files\AVG\AVG9\Toolbar\ToolbarBroker.exe -- (AVG Security Toolbar Service)
SRV - [2010/02/19 13:37:14 | 000,517,096 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Program Files\Common Files\Adobe\SwitchBoard\SwitchBoard.exe -- (SwitchBoard)
SRV - [2010/01/21 17:51:12 | 030,963,576 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Microsoft Office\Office14\GROOVE.EXE -- (Microsoft SharePoint Workspace Audit Service)
SRV - [2010/01/09 20:37:50 | 004,640,000 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE -- (osppsvc)
SRV - [2009/07/13 21:16:21 | 000,185,856 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\wwansvc.dll -- (WwanSvc)
SRV - [2009/07/13 21:16:17 | 000,151,552 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\wbiosrvc.dll -- (WbioSrvc)
SRV - [2009/07/13 21:16:17 | 000,119,808 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\System32\umpo.dll -- (Power)
SRV - [2009/07/13 21:16:16 | 000,037,376 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\System32\themeservice.dll -- (Themes)
SRV - [2009/07/13 21:16:15 | 000,053,760 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\sppuinotify.dll -- (sppuinotify)
SRV - [2009/07/13 21:16:13 | 000,043,520 | ---- | M] (Microsoft Corporation) [Unknown | Running] -- C:\Windows\System32\RpcEpMap.dll -- (RpcEptMapper)
SRV - [2009/07/13 21:16:13 | 000,025,088 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\sensrsvc.dll -- (SensrSvc)
SRV - [2009/07/13 21:16:12 | 001,004,544 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\PeerDistSvc.dll -- (PeerDistSvc)
SRV - [2009/07/13 21:16:12 | 000,269,824 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\pnrpsvc.dll -- (PNRPsvc)
SRV - [2009/07/13 21:16:12 | 000,269,824 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\pnrpsvc.dll -- (p2pimsvc)
SRV - [2009/07/13 21:16:12 | 000,165,376 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Windows\System32\provsvc.dll -- (HomeGroupProvider)
SRV - [2009/07/13 21:16:12 | 000,020,480 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\pnrpauto.dll -- (PNRPAutoReg)
SRV - [2009/07/13 21:15:41 | 000,680,960 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
SRV - [2009/07/13 21:15:36 | 000,194,560 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\ListSvc.dll -- (HomeGroupListener)
SRV - [2009/07/13 21:15:21 | 000,797,696 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\FntCache.dll -- (FontCache)
SRV - [2009/07/13 21:15:11 | 000,253,440 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\System32\dhcpcore.dll -- (Dhcp)
SRV - [2009/07/13 21:15:10 | 000,218,624 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\defragsvc.dll -- (defragsvc)
SRV - [2009/07/13 21:14:59 | 000,076,800 | ---- | M] (Microsoft Corporation) [Unknown | Stopped] -- C:\Windows\System32\bdesvc.dll -- (BDESVC)
SRV - [2009/07/13 21:14:58 | 000,088,064 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\AxInstSv.dll -- (AxInstSV) ActiveX Installer (AxInstSV)
SRV - [2009/07/13 21:14:53 | 000,027,648 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\appidsvc.dll -- (AppIDSvc)
SRV - [2009/07/13 21:14:29 | 003,179,520 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\System32\sppsvc.exe -- (sppsvc)


========== Driver Services (SafeList) ==========

DRV - [2010/06/14 21:13:40 | 000,173,648 | ---- | M] () [Kernel | Boot | Running] -- C:\Windows\System32\drivers\rdyboost.sys -- (rdyboost)
DRV - [2010/06/01 09:12:32 | 000,242,896 | ---- | M] (AVG Technologies CZ, s.r.o.) [Kernel | System | Running] -- C:\Windows\System32\drivers\avgtdix.sys -- (AvgTdiX)
DRV - [2010/06/01 09:12:32 | 000,029,584 | ---- | M] (AVG Technologies CZ, s.r.o.) [File_System | System | Running] -- C:\Windows\System32\drivers\avgmfx86.sys -- (AvgMfx86)
DRV - [2010/05/20 20:56:15 | 000,025,096 | ---- | M] (AVG Technologies CZ, s.r.o. ) [Kernel | Boot | Running] -- C:\Windows\System32\Drivers\AVGIDSwx.sys -- (AVGIDSErHrw7x)
DRV - [2010/05/20 20:56:14 | 000,052,872 | ---- | M] (AVG Technologies CZ, s.r.o.) [File_System | Boot | Running] -- C:\Windows\System32\Drivers\avgrkx86.sys -- (AvgRkx86)
DRV - [2010/05/20 20:56:08 | 000,216,200 | ---- | M] (AVG Technologies CZ, s.r.o.) [Kernel | System | Running] -- C:\Windows\System32\drivers\avgldx86.sys -- (AvgLdx86)
DRV - [2010/05/20 20:55:59 | 000,122,376 | ---- | M] (AVG Technologies CZ, s.r.o. ) [Kernel | On_Demand | Running] -- C:\Program Files\AVG\AVG9\Identity Protection\Agent\Driver\Platform_WIN7\AVGIDSDriver.sys -- (AVGIDSDriverw7x)
DRV - [2010/05/20 20:55:57 | 000,030,216 | ---- | M] (AVG Technologies CZ, s.r.o. ) [Kernel | On_Demand | Running] -- C:\Program Files\AVG\AVG9\Identity Protection\Agent\Driver\Platform_WIN7\AVGIDSFilter.sys -- (AVGIDSFilterw7x)
DRV - [2010/05/20 20:55:56 | 000,020,488 | ---- | M] (AVG Technologies CZ, s.r.o. ) [Kernel | On_Demand | Running] -- C:\Program Files\AVG\AVG9\Identity Protection\Agent\Driver\Platform_WIN7\AVGIDSShim.sys -- (AVGIDSShimw7x)
DRV - [2010/05/20 20:55:47 | 000,024,856 | ---- | M] (AVG Technologies CZ, s.r.o.) [Kernel | System | Running] -- C:\Windows\System32\drivers\avgfwd6x.sys -- (Avgfwfd)
DRV - [2010/04/03 22:55:32 | 011,573,800 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\nvlddmkm.sys -- (nvlddmkm)
DRV - [2009/12/17 18:25:12 | 000,026,024 | ---- | M] (Elaborate Bytes AG) [Kernel | System | Running] -- C:\Windows\System32\drivers\ElbyCDIO.sys -- (ElbyCDIO)
DRV - [2009/12/11 03:44:02 | 000,133,720 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\System32\Drivers\ksecpkg.sys -- (KSecPkg)
DRV - [2009/09/28 09:22:00 | 000,315,392 | ---- | M] () [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\yk62x86.sys -- (yukonw7)
DRV - [2009/08/09 17:25:56 | 000,029,696 | ---- | M] (Elaborate Bytes AG) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\VClone.sys -- (VClone)
DRV - [2009/07/13 21:26:21 | 000,015,952 | ---- | M] (CMD Technology, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\cmdide.sys -- (cmdide)
DRV - [2009/07/13 21:26:17 | 000,297,552 | ---- | M] (Adaptec, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\adpahci.sys -- (adpahci)
DRV - [2009/07/13 21:26:15 | 000,422,976 | ---- | M] (Adaptec, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\adp94xx.sys -- (adp94xx)
DRV - [2009/07/13 21:26:15 | 000,159,312 | ---- | M] (AMD Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\amdsbs.sys -- (amdsbs)
DRV - [2009/07/13 21:26:15 | 000,146,512 | ---- | M] (Adaptec, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\adpu320.sys -- (adpu320)
DRV - [2009/07/13 21:26:15 | 000,086,608 | ---- | M] (Adaptec, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\arcsas.sys -- (arcsas)
DRV - [2009/07/13 21:26:15 | 000,079,952 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\amdsata.sys -- (amdsata)
DRV - [2009/07/13 21:26:15 | 000,076,368 | ---- | M] (Adaptec, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\arc.sys -- (arc)
DRV - [2009/07/13 21:26:15 | 000,023,616 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\system32\DRIVERS\amdxata.sys -- (amdxata)
DRV - [2009/07/13 21:26:15 | 000,014,400 | ---- | M] (Acer Laboratories Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\aliide.sys -- (aliide)
DRV - [2009/07/13 21:20:44 | 000,142,416 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\nvstor.sys -- (nvstor)
DRV - [2009/07/13 21:20:44 | 000,117,312 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\nvraid.sys -- (nvraid)
DRV - [2009/07/13 21:20:44 | 000,044,624 | ---- | M] (IBM Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\nfrd960.sys -- (nfrd960)
DRV - [2009/07/13 21:20:37 | 000,089,168 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\lsi_sas.sys -- (LSI_SAS)
DRV - [2009/07/13 21:20:36 | 000,332,352 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\iaStorV.sys -- (iaStorV)
DRV - [2009/07/13 21:20:36 | 000,235,584 | ---- | M] (LSI Corporation, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\MegaSR.sys -- (MegaSR)
DRV - [2009/07/13 21:20:36 | 000,096,848 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\lsi_scsi.sys -- (LSI_SCSI)
DRV - [2009/07/13 21:20:36 | 000,095,824 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\lsi_fc.sys -- (LSI_FC)
DRV - [2009/07/13 21:20:36 | 000,054,864 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\lsi_sas2.sys -- (LSI_SAS2)
DRV - [2009/07/13 21:20:36 | 000,041,040 | ---- | M] (Intel Corp./ICP vortex GmbH) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\iirsp.sys -- (iirsp)
DRV - [2009/07/13 21:20:36 | 000,030,800 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\megasas.sys -- (megasas)
DRV - [2009/07/13 21:20:36 | 000,013,904 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\System32\drivers\hwpolicy.sys -- (hwpolicy)
DRV - [2009/07/13 21:20:28 | 000,453,712 | ---- | M] (Emulex) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\elxstor.sys -- (elxstor)
DRV - [2009/07/13 21:20:28 | 000,070,720 | ---- | M] (Adaptec, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\djsvs.sys -- (aic78xx)
DRV - [2009/07/13 21:20:28 | 000,067,152 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\HpSAMD.sys -- (HpSAMD)
DRV - [2009/07/13 21:20:28 | 000,046,160 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\System32\drivers\fsdepends.sys -- (FsDepends)
DRV - [2009/07/13 21:19:11 | 000,141,904 | ---- | M] (VIA Technologies Inc.,Ltd) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\vsmraid.sys -- (vsmraid)
DRV - [2009/07/13 21:19:10 | 000,175,824 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\vmbus.sys -- (vmbus)
DRV - [2009/07/13 21:19:10 | 000,159,824 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\vhdmp.sys -- (vhdmp)
DRV - [2009/07/13 21:19:10 | 000,040,896 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\system32\DRIVERS\vmstorfl.sys -- (storflt)
DRV - [2009/07/13 21:19:10 | 000,032,832 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\system32\DRIVERS\vdrvroot.sys -- (vdrvroot)
DRV - [2009/07/13 21:19:10 | 000,028,224 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\storvsc.sys -- (storvsc)
DRV - [2009/07/13 21:19:10 | 000,019,008 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\System32\drivers\wimmount.sys -- (WIMMount)
DRV - [2009/07/13 21:19:10 | 000,016,976 | ---- | M] (VIA Technologies, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\viaide.sys -- (viaide)
DRV - [2009/07/13 21:19:04 | 001,383,488 | ---- | M] (QLogic Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\ql2300.sys -- (ql2300)
DRV - [2009/07/13 21:19:04 | 000,106,064 | ---- | M] (QLogic Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\ql40xx.sys -- (ql40xx)
DRV - [2009/07/13 21:19:04 | 000,077,888 | ---- | M] (Silicon Integrated Systems) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\sisraid4.sys -- (SiSRaid4)
DRV - [2009/07/13 21:19:04 | 000,043,088 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\System32\drivers\pcw.sys -- (pcw)
DRV - [2009/07/13 21:19:04 | 000,040,016 | ---- | M] (Silicon Integrated Systems Corp.) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\SiSRaid2.sys -- (SiSRaid2)
DRV - [2009/07/13 21:19:04 | 000,021,072 | ---- | M] (Promise Technology) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\stexstor.sys -- (stexstor)
DRV - [2009/07/13 21:17:54 | 000,369,568 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\System32\Drivers\cng.sys -- (CNG)
DRV - [2009/07/13 20:57:25 | 000,272,128 | ---- | M] (Brother Industries Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\Drivers\Brserid.sys -- (Brserid) Brother MFC Serial Port Interface Driver (WDM)
DRV - [2009/07/13 20:02:41 | 000,018,944 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\rdpbus.sys -- (rdpbus)
DRV - [2009/07/13 20:01:41 | 000,007,168 | ---- | M] (Microsoft Corporation) [Kernel | System | Running] -- C:\Windows\System32\drivers\RDPREFMP.sys -- (RDPREFMP)
DRV - [2009/07/13 19:55:00 | 000,049,152 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\agilevpn.sys -- (RasAgileVpn) WAN Miniport (IKEv2)
DRV - [2009/07/13 19:53:51 | 000,009,728 | ---- | M] (Microsoft Corporation) [Kernel | System | Running] -- C:\Windows\System32\drivers\wfplwf.sys -- (WfpLwf)
DRV - [2009/07/13 19:52:44 | 000,027,136 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\ndiscap.sys -- (NdisCap)
DRV - [2009/07/13 19:52:02 | 000,019,968 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\vwifibus.sys -- (vwifibus)
DRV - [2009/07/13 19:52:00 | 000,163,328 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\1394ohci.sys -- (1394ohci)
DRV - [2009/07/13 19:51:35 | 000,008,192 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\umpass.sys -- (UmPass)
DRV - [2009/07/13 19:51:08 | 000,004,096 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\mshidkmdf.sys -- (mshidkmdf)
DRV - [2009/07/13 19:46:55 | 000,012,288 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\MTConfig.sys -- (MTConfig)
DRV - [2009/07/13 19:45:26 | 000,031,232 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\CompositeBus.sys -- (CompositeBus)
DRV - [2009/07/13 19:36:52 | 000,050,176 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\drivers\appid.sys -- (AppID)
DRV - [2009/07/13 19:33:50 | 000,026,624 | ---- | M] (Microsoft Corporation) [Kernel | Unknown | Stopped] -- C:\Windows\System32\drivers\scfilter.sys -- (scfilter)
DRV - [2009/07/13 19:28:47 | 000,005,632 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\vms3cap.sys -- (s3cap)
DRV - [2009/07/13 19:28:45 | 000,017,920 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\VMBusHID.sys -- (VMBusHID)
DRV - [2009/07/13 19:24:05 | 000,032,256 | ---- | M] (Microsoft Corporation) [Kernel | System | Running] -- C:\Windows\System32\drivers\discache.sys -- (discache)
DRV - [2009/07/13 19:19:21 | 000,021,504 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\HidBatt.sys -- (HidBatt)
DRV - [2009/07/13 19:16:36 | 000,009,728 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\acpipmi.sys -- (AcpiPmi)
DRV - [2009/07/13 19:11:04 | 000,052,736 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\amdppm.sys -- (AmdPPM)
DRV - [2009/07/13 18:54:14 | 000,026,624 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\drivers\hcw85cir.sys -- (hcw85cir)
DRV - [2009/07/13 18:53:33 | 000,012,160 | ---- | M] (Brother Industries Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\Drivers\BrUsbMdm.sys -- (BrUsbMdm)
DRV - [2009/07/13 18:53:33 | 000,011,904 | ---- | M] (Brother Industries Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\Drivers\BrUsbSer.sys -- (BrUsbSer)
DRV - [2009/07/13 18:53:32 | 000,062,336 | ---- | M] (Brother Industries Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\Drivers\BrSerWdm.sys -- (BrSerWdm)
DRV - [2009/07/13 18:53:28 | 000,013,568 | ---- | M] (Brother Industries, Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\BrFiltLo.sys -- (BrFiltLo)
DRV - [2009/07/13 18:53:28 | 000,005,248 | ---- | M] (Brother Industries, Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\BrFiltUp.sys -- (BrFiltUp)
DRV - [2009/07/13 18:02:49 | 000,229,888 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\b57nd60x.sys -- (b57nd60x)
DRV - [2009/07/13 18:02:48 | 003,100,160 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\evbdx.sys -- (ebdrv)
DRV - [2009/07/13 18:02:48 | 000,430,080 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\bxvbdx.sys -- (b06bdrv)
DRV - [2007/09/25 10:59:46 | 000,015,152 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\Program Files\MediaCoder\SysInfo.sys -- (CrystalSysInfo)
DRV - [2007/04/09 09:50:34 | 000,009,600 | ---- | M] (Waytech Development, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\UsbFltr.sys -- (UsbFltr)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========



IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0



IE - HKU\S-1-5-21-4080727517-2682401025-2720948171-1001\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = http://ca.msn.com/?lang=en-ca&OCID=iehp
IE - HKU\S-1-5-21-4080727517-2682401025-2720948171-1001\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = en-ca
IE - HKU\S-1-5-21-4080727517-2682401025-2720948171-1001\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = FB D4 62 D5 FF 0A CB 01 [binary data]
IE - HKU\S-1-5-21-4080727517-2682401025-2720948171-1001\..\URLSearchHook: {A3BC75A2-1F87-4686-AA43-5347D756017C} - C:\Program Files\AVG\AVG9\Toolbar\IEToolbar.dll ()
IE - HKU\S-1-5-21-4080727517-2682401025-2720948171-1001\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

========== FireFox ==========

FF - prefs.js..browser.startup.homepage: "http://www.youtube.com"
FF - prefs.js..extensions.enabledItems: {B042753D-F57E-4e8e-A01B-7379A6D4CEFB}:1.21
FF - prefs.js..extensions.enabledItems: {3f963a5b-e555-4543-90e2-c3908898db71}:9.0.0.825
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}:6.0.20
FF - prefs.js..extensions.enabledItems: {01A8CA0A-4C96-465b-A49B-65C46FAD54F9}:6.0
FF - prefs.js..extensions.enabledItems: {b9db16a4-6edc-47ec-a1f4-b86292ed211d}:4.7.3
FF - prefs.js..extensions.enabledItems: {d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}:1.2


FF - HKLM\software\mozilla\Firefox\Extensions\\{3f963a5b-e555-4543-90e2-c3908898db71}: C:\Program Files\AVG\AVG9\Firefox [2010/06/02 15:02:58 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Firefox\Extensions\\avg@igeared: C:\Program Files\AVG\AVG9\Toolbar\Firefox\avg@igeared [2010/05/20 20:56:06 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Firefox\Extensions\\{01A8CA0A-4C96-465b-A49B-65C46FAD54F9}: C:\Program Files\Adobe\Adobe Contribute CS5\Plugins\FirefoxPlugin\{01A8CA0A-4C96-465b-A49B-65C46FAD54F9} [2010/05/20 22:29:56 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.6.3\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2010/06/14 18:31:01 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.6.3\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2010/06/08 08:45:52 | 000,000,000 | ---D | M]

[2010/06/03 20:16:01 | 000,000,000 | ---D | M] -- C:\Users\Metroidn1f\AppData\Roaming\Mozilla\Extensions
[2010/06/03 20:16:01 | 000,000,000 | ---D | M] -- C:\Users\Metroidn1f\AppData\Roaming\Mozilla\Extensions\MediaCoder
[2010/06/16 15:15:38 | 000,000,000 | ---D | M] -- C:\Users\Metroidn1f\AppData\Roaming\Mozilla\Firefox\Profiles\byrk88sh.default\extensions
[2010/06/02 15:04:13 | 000,000,000 | ---D | M] (BitComet Video Downloader) -- C:\Users\Metroidn1f\AppData\Roaming\Mozilla\Firefox\Profiles\byrk88sh.default\extensions\{B042753D-F57E-4e8e-A01B-7379A6D4CEFB}
[2010/06/02 15:04:13 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Metroidn1f\AppData\Roaming\Mozilla\Firefox\Profiles\byrk88sh.default\extensions\{B042753D-F57E-4e8e-A01B-7379A6D4CEFB}-trash
[2010/05/21 15:42:53 | 000,000,000 | ---D | M] (DownloadHelper) -- C:\Users\Metroidn1f\AppData\Roaming\Mozilla\Firefox\Profiles\byrk88sh.default\extensions\{b9db16a4-6edc-47ec-a1f4-b86292ed211d}
[2010/05/21 16:50:15 | 000,000,000 | ---D | M] (Adblock Plus) -- C:\Users\Metroidn1f\AppData\Roaming\Mozilla\Firefox\Profiles\byrk88sh.default\extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}
[2010/06/16 15:15:38 | 000,000,000 | ---D | M] -- C:\Program Files\Mozilla Firefox\extensions
[2010/05/20 21:50:28 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}
[2010/02/21 06:22:32 | 000,712,704 | ---- | M] (BitComet) -- C:\Program Files\Mozilla Firefox\plugins\npBitCometAgent.dll
[2010/03/27 18:06:04 | 000,067,032 | ---- | M] (Adobe Systems, Inc.) -- C:\Program Files\Mozilla Firefox\plugins\npContribute.dll
[2010/05/20 21:50:17 | 000,411,368 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\Mozilla Firefox\plugins\npdeployJava1.dll
[2010/01/12 16:03:50 | 000,063,488 | ---- | M] (Nullsoft, Inc.) -- C:\Program Files\Mozilla Firefox\plugins\npwachk.dll

O1 HOSTS File: ([2010/06/13 10:57:56 | 000,000,027 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O2 - BHO: (ContributeBHO Class) - {074C1DC5-9320-4A9A-947D-C042949C6216} - C:\Program Files\Adobe\Adobe Contribute CS5\Plugins\IEPlugin\contributeieplugin.dll (Adobe Systems, Inc.)
O2 - BHO: (BitComet Helper) - {39F7E362-828A-4B5A-BCAF-5B79BFDFEA60} - C:\Program Files\BitComet\tools\BitCometBHO_1.4.4.13.dll (BitComet)
O2 - BHO: (AVG Safe Search) - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG9\avgssie.dll (AVG Technologies CZ, s.r.o.)
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - No CLSID value found.
O2 - BHO: (Groove GFS Browser Helper) - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files\Microsoft Office\Office14\GROOVEEX.DLL (Microsoft Corporation)
O2 - BHO: (AVG Security Toolbar BHO) - {A3BC75A2-1F87-4686-AA43-5347D756017C} - C:\Program Files\AVG\AVG9\Toolbar\IEToolbar.dll ()
O2 - BHO: (Office Document Cache Handler) - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation)
O3 - HKLM\..\Toolbar: (Contribute Toolbar) - {517BDDE4-E3A7-4570-B21E-2B52B6139FC7} - C:\Program Files\Adobe\Adobe Contribute CS5\Plugins\IEPlugin\contributeieplugin.dll (Adobe Systems, Inc.)
O3 - HKLM\..\Toolbar: (AVG Security Toolbar) - {CCC7A320-B3CA-4199-B1A6-9F516DD69829} - C:\Program Files\AVG\AVG9\Toolbar\IEToolbar.dll ()
O3 - HKU\S-1-5-21-4080727517-2682401025-2720948171-1001\..\Toolbar\WebBrowser: (AVG Security Toolbar) - {CCC7A320-B3CA-4199-B1A6-9F516DD69829} - C:\Program Files\AVG\AVG9\Toolbar\IEToolbar.dll ()
O4 - HKLM..\Run: [AVG9_TRAY] C:\Program Files\AVG\AVG9\avgtray.exe (AVG Technologies CZ, s.r.o.)
O4 - HKU\S-1-5-21-4080727517-2682401025-2720948171-1001..\Run: [Aim] C:\Program Files\AIM\aim.exe (AOL Inc.)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLUA = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: PromptOnSecureDesktop = 0
O7 - HKU\.DEFAULT\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-18\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-19\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-20\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-21-4080727517-2682401025-2720948171-1001\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-21-4080727517-2682401025-2720948171-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-21-4080727517-2682401025-2720948171-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O8 - Extra context menu item: &D&ownload &with BitComet - C:\Program Files\BitComet\BitComet.exe (www.BitComet.com)
O8 - Extra context menu item: &D&ownload all video with BitComet - C:\Program Files\BitComet\BitComet.exe (www.BitComet.com)
O8 - Extra context menu item: &D&ownload all with BitComet - C:\Program Files\BitComet\BitComet.exe (www.BitComet.com)
O8 - Extra context menu item: E&xport to Microsoft Excel - C:\Program Files\Microsoft Office\Office14\EXCEL.EXE (Microsoft Corporation)
O8 - Extra context menu item: Se&nd to OneNote - C:\Program Files\Microsoft Office\Office14\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra Button: BitComet - {D18A0B52-D63C-4ed0-AFC6-C1E3DC1AF43A} - C:\Program Files\BitComet\tools\BitCometBHO_1.4.4.13.dll (BitComet)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Java Plug-in 1.6.0_20)
O16 - DPF: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Java Plug-in 1.6.0_20)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Java Plug-in 1.6.0_20)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.2.1
O18 - Protocol\Handler\AutorunsDisabled - No CLSID value found
O18 - Protocol\Handler\AutorunsDisabled\avgsecuritytoolbar {F2DDE6B2-9684-4A55-86D4-E255E237B77C} - C:\Program Files\AVG\AVG9\Toolbar\IEToolbar.dll ()
O18 - Protocol\Handler\linkscanner {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG9\avgpp.dll (AVG Technologies CZ, s.r.o.)
O18 - Protocol\Handler\livecall {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files\Windows Live\Messenger\msgrapp.14.0.8117.0416.dll (Microsoft Corporation)
O18 - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - C:\Program Files\Common Files\microsoft shared\Help\hxds.dll (Microsoft Corporation)
O18 - Protocol\Handler\msnim {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files\Windows Live\Messenger\msgrapp.14.0.8117.0416.dll (Microsoft Corporation)
O18 - Protocol\Filter\text/xml {807573E5-5146-11D5-A672-00B0D022E945} - C:\Program Files\Common Files\microsoft shared\OFFICE14\MSOXMLMF.DLL (Microsoft Corporation)
O20 - AppInit_DLLs: (C:\Windows\System32\avgrsstx.dll) - C:\Windows\System32\avgrsstx.dll (AVG Technologies CZ, s.r.o.)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\System32\SystemPropertiesPerformance.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (/pagefile) - File not found
O28 - HKLM ShellExecuteHooks: {AEB6717E-7E19-11d0-97EE-00C04FD91972} - Reg Error: Key error. File not found
O28 - HKLM ShellExecuteHooks: {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\Program Files\Microsoft Office\Office14\GROOVEEX.DLL (Microsoft Corporation)
O30 - LSA: Security Packages - (pku2u) - C:\Windows\System32\pku2u.dll (Microsoft Corporation)
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2009/06/10 17:42:20 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = ComFile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

========== Files/Folders - Created Within 90 Days ==========

[2010/06/16 15:21:35 | 000,000,000 | ---D | C] -- C:\Program Files\ESET
[2010/06/15 17:56:49 | 000,000,000 | ---D | C] -- C:\Videos
[2010/06/15 16:16:26 | 000,000,000 | ---D | C] -- C:\Users\Metroidn1f\Desktop\Metroidn1f-Encoder
[2010/06/15 14:00:19 | 000,000,000 | ---D | C] -- C:\Program Files\7-Zip
[2010/06/14 18:33:03 | 000,998,736 | ---- | C] (Kaspersky Lab) -- C:\Users\Metroidn1f\Desktop\TDSSKiller.exe
[2010/06/14 12:07:34 | 000,000,000 | ---D | C] -- C:\ProgramData\Hewlett-Packard
[2010/06/13 21:42:59 | 000,000,000 | ---D | C] -- C:\Users\Metroidn1f\AppData\Local\Microsoft_Corporation
[2010/06/13 21:28:21 | 000,000,000 | ---D | C] -- C:\Users\Metroidn1f\Desktop\cmd
[2010/06/13 21:09:30 | 000,000,000 | ---D | C] -- C:\Users\Metroidn1f\Desktop\New folder
[2010/06/13 11:01:11 | 000,000,000 | -HSD | C] -- C:\$RECYCLE.BIN
[2010/06/13 11:01:08 | 000,000,000 | ---D | C] -- C:\Windows\temp
[2010/06/13 10:43:40 | 000,161,792 | ---- | C] (SteelWerX) -- C:\Windows\SWREG.exe
[2010/06/13 10:43:40 | 000,136,704 | ---- | C] (SteelWerX) -- C:\Windows\SWSC.exe
[2010/06/13 10:43:40 | 000,031,232 | ---- | C] (NirSoft) -- C:\Windows\NIRCMD.exe
[2010/06/13 10:43:24 | 000,000,000 | ---D | C] -- C:\Windows\ERDNT
[2010/06/13 10:42:12 | 000,000,000 | ---D | C] -- C:\Qoobox
[2010/06/13 10:41:44 | 000,212,480 | ---- | C] (SteelWerX) -- C:\Windows\SWXCACLS.exe
[2010/06/07 18:35:07 | 000,000,000 | ---D | C] -- C:\ProgramData\WinZip
[2010/06/07 18:35:06 | 000,000,000 | ---D | C] -- C:\Program Files\WinZip
[2010/06/07 17:42:43 | 000,000,000 | ---D | C] -- C:\Users\Metroidn1f\Desktop\ffmpeg
[2010/06/07 15:54:55 | 000,000,000 | ---D | C] -- C:\BeSweet
[2010/06/07 15:44:59 | 000,000,000 | ---D | C] -- C:\eac3to
[2010/06/07 13:38:13 | 000,000,000 | ---D | C] -- C:\ProgramData\NOS
[2010/06/06 20:59:13 | 000,000,000 | ---D | C] -- C:\ffmpeg4
[2010/06/06 20:21:11 | 000,000,000 | ---D | C] -- C:\ffmpeg2
[2010/06/06 20:01:24 | 000,000,000 | ---D | C] -- C:\ffmpeg
[2010/06/06 19:52:33 | 000,000,000 | ---D | C] -- C:\FFmpeg-svn-22140
[2010/06/06 16:33:37 | 000,000,000 | ---D | C] -- C:\Program Files\MKVtoolnix
[2010/06/06 16:33:11 | 005,798,942 | ---- | C] (Moritz Bunkus) -- C:\Users\Metroidn1f\Desktop\mkvtoolnix-unicode-4.0.0-setup.exe
[2010/06/06 16:15:57 | 000,000,000 | ---D | C] -- C:\Users\Metroidn1f\Desktop\MiniCOder
[2010/06/06 16:15:28 | 000,332,800 | ---- | C] (MiniTech) -- C:\Users\Metroidn1f\Desktop\MiniCOder.exe
[2010/06/06 12:27:07 | 000,000,000 | ---D | C] -- C:\Users\Metroidn1f\Desktop\~Metroidn1f
[2010/06/06 11:30:46 | 000,000,000 | ---D | C] -- C:\Users\Metroidn1f\Desktop\YouTube
[2010/06/06 11:07:58 | 000,000,000 | ---D | C] -- C:\rsit
[2010/06/05 17:14:52 | 000,000,000 | ---D | C] -- C:\Users\Metroidn1f\AppData\Roaming\ImgBurn
[2010/06/05 17:08:31 | 000,000,000 | ---D | C] -- C:\Program Files\ImgBurn
[2010/06/04 15:05:57 | 000,000,000 | ---D | C] -- C:\Users\Metroidn1f\Desktop\Metroidn1f
[2010/06/03 22:18:33 | 000,000,000 | ---D | C] -- C:\Program Files\CCleaner
[2010/06/03 21:56:07 | 000,000,000 | ---D | C] -- C:\Users\Metroidn1f\fontconfig
[2010/06/03 21:46:01 | 000,000,000 | ---D | C] -- C:\Users\Metroidn1f\.smplayer
[2010/06/03 21:04:46 | 000,000,000 | ---D | C] -- C:\ProgramData\StaxRip
[2010/06/03 20:15:59 | 000,000,000 | ---D | C] -- C:\Users\Metroidn1f\AppData\Roaming\Broad Intelligence
[2010/06/03 20:15:59 | 000,000,000 | ---D | C] -- C:\Users\Metroidn1f\AppData\Local\Broad Intelligence
[2010/06/03 20:13:02 | 000,000,000 | ---D | C] -- C:\Program Files\MediaCoder
[2010/06/03 17:48:53 | 000,000,000 | ---D | C] -- C:\Users\Metroidn1f\AppData\Local\HandBrake
[2010/06/03 17:48:44 | 000,000,000 | ---D | C] -- C:\Users\Metroidn1f\AppData\Roaming\HandBrake
[2010/06/03 17:48:40 | 000,000,000 | ---D | C] -- C:\Program Files\Handbrake
[2010/06/03 17:16:20 | 000,000,000 | ---D | C] -- C:\Users\Metroidn1f\AppData\Roaming\avidemux
[2010/06/03 15:36:55 | 000,000,000 | ---D | C] -- C:\Users\Metroidn1f\Desktop\hiscorepersonal.ws_files
[2010/06/03 15:12:17 | 000,000,000 | ---D | C] -- C:\.jagex_cache_32
[2010/06/02 19:07:48 | 000,000,000 | ---D | C] -- C:\Users\Metroidn1f\Documents\bleeped Batch Files
[2010/06/01 19:04:13 | 000,571,392 | ---- | C] (OldTimer Tools) -- C:\Users\Metroidn1f\Desktop\OTL.exe
[2010/06/01 17:47:30 | 000,000,000 | ---D | C] -- C:\Users\Metroidn1f\AppData\Roaming\Malwarebytes
[2010/06/01 17:47:18 | 000,038,224 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbamswissarmy.sys
[2010/06/01 17:47:18 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes
[2010/06/01 17:47:17 | 000,020,952 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbam.sys
[2010/06/01 17:47:17 | 000,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware
[2010/06/01 16:24:19 | 000,000,000 | ---D | C] -- C:\Program Files\Trend Micro
[2010/05/31 20:34:43 | 000,000,000 | ---D | C] -- C:\Temp
[2010/05/31 20:34:13 | 000,000,000 | ---D | C] -- C:\Program Files\Haali
[2010/05/31 20:30:20 | 000,929,792 | ---- | C] (ArcSoft) -- C:\Windows\System32\dtsdecoderdll.dll
[2010/05/31 20:30:20 | 000,536,652 | ---- | C] (ArcSoft Inc.) -- C:\Windows\System32\ASAudioHD.ax
[2010/05/31 20:30:20 | 000,285,184 | ---- | C] (ArcSoft Inc.) -- C:\Windows\System32\MagUIEngine.dll
[2010/05/31 20:30:20 | 000,106,496 | ---- | C] (ArcSoft Inc.) -- C:\Windows\System32\checkactivate.dll
[2010/05/31 20:30:20 | 000,092,672 | ---- | C] (ArcSoft Inc.) -- C:\Windows\System32\MagUIInter.dll
[2010/05/31 20:30:20 | 000,055,808 | ---- | C] (ArcSoft Inc.) -- C:\Windows\System32\MagPCMac.dll
[2010/05/31 20:30:20 | 000,035,328 | ---- | C] (ArcSoft Inc.) -- C:\Windows\System32\MagCore.dll
[2010/05/31 20:30:19 | 000,417,792 | ---- | C] (Gabest) -- C:\Windows\System32\FLVSplitter.ax
[2010/05/31 19:37:30 | 000,000,000 | ---D | C] -- C:\Users\Metroidn1f\AppData\Local\TechSmith
[2010/05/31 19:37:24 | 000,000,000 | ---D | C] -- C:\Users\Metroidn1f\Documents\Camtasia Studio
[2010/05/27 21:15:29 | 000,000,000 | ---D | C] -- C:\Users\Metroidn1f\AppData\Roaming\acccore
[2010/05/27 21:15:27 | 000,000,000 | ---D | C] -- C:\Users\Metroidn1f\AppData\Local\AOL
[2010/05/27 21:15:27 | 000,000,000 | ---D | C] -- C:\Users\Metroidn1f\AppData\Local\AIM
[2010/05/27 21:15:23 | 000,000,000 | ---D | C] -- C:\ProgramData\AIM
[2010/05/27 21:15:19 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Software Update Utility
[2010/05/27 21:15:19 | 000,000,000 | ---D | C] -- C:\Program Files\AIM
[2010/05/27 21:15:17 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\AOL
[2010/05/27 13:26:46 | 000,000,000 | ---D | C] -- C:\Users\Metroidn1f\AppData\Local\www.doom9.net
[2010/05/27 13:26:32 | 000,000,000 | ---D | C] -- C:\Program Files\AviSynth 2.5
[2010/05/27 13:24:53 | 000,000,000 | ---D | C] -- C:\Program Files\MeGUI
[2010/05/27 13:03:02 | 000,000,000 | ---D | C] -- C:\Users\Metroidn1f\AppData\Roaming\mkvtoolnix
[2010/05/27 12:45:27 | 000,000,000 | ---D | C] -- C:\Users\Metroidn1f\Documents\Apps
[2010/05/26 21:50:02 | 000,000,000 | ---D | C] -- C:\Windows\System32\QuickTime
[2010/05/26 21:49:41 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\TechSmith Shared
[2010/05/26 21:49:40 | 000,000,000 | ---D | C] -- C:\ProgramData\TechSmith
[2010/05/26 21:49:40 | 000,000,000 | ---D | C] -- C:\Program Files\TechSmith
[2010/05/26 20:24:48 | 000,000,000 | ---D | C] -- C:\Users\Metroidn1f\Documents\My Received Files
[2010/05/26 15:50:50 | 000,060,273 | ---- | C] (Open Source Software community project) -- C:\Windows\System32\pthreadGC2.dll
[2010/05/26 15:49:37 | 000,000,000 | ---D | C] -- C:\Program Files\AVS4YOU
[2010/05/25 22:52:23 | 000,000,000 | ---D | C] -- C:\Program Files\Unlocker
[2010/05/25 22:26:54 | 000,000,000 | ---D | C] -- C:\Users\Metroidn1f\AppData\Roaming\AVS4YOU
[2010/05/25 22:24:37 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\AVSMedia
[2010/05/25 22:24:34 | 000,000,000 | ---D | C] -- C:\ProgramData\AVS4YOU
[2010/05/25 16:28:18 | 000,000,000 | ---D | C] -- C:\Users\Metroidn1f\Desktop\Project
[2010/05/25 00:30:41 | 000,000,000 | ---D | C] -- C:\Users\Metroidn1f\.idlerc
[2010/05/24 22:58:58 | 000,000,000 | ---D | C] -- C:\Python26
[2010/05/24 22:53:19 | 000,000,000 | ---D | C] -- C:\Config.Msi
[2010/05/24 22:51:05 | 000,000,000 | ---D | C] -- C:\Program Files\Universal Extractor
[2010/05/24 20:31:23 | 000,000,000 | ---D | C] -- C:\Fraps
[2010/05/24 18:14:19 | 000,000,000 | ---D | C] -- C:\Users\Metroidn1f\Desktop\Runescape
[2010/05/24 17:40:48 | 000,000,000 | ---D | C] -- C:\Users\Metroidn1f\AppData\Roaming\Notepad++
[2010/05/24 17:40:48 | 000,000,000 | ---D | C] -- C:\Program Files\Notepad++
[2010/05/23 11:53:09 | 000,000,000 | ---D | C] -- C:\Program Files\Winamp Detect
[2010/05/23 11:52:59 | 000,000,000 | ---D | C] -- C:\Users\Metroidn1f\AppData\Roaming\Winamp
[2010/05/23 11:52:59 | 000,000,000 | ---D | C] -- C:\Program Files\Winamp
[2010/05/22 20:34:53 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\DESIGNER
[2010/05/22 20:33:58 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft Synchronization Services
[2010/05/22 20:33:18 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft.NET
[2010/05/22 20:33:18 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft Sync Framework
[2010/05/22 20:33:18 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft SQL Server Compact Edition
[2010/05/22 20:31:49 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft Visual Studio 8
[2010/05/22 20:31:01 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft Analysis Services
[2010/05/22 20:30:43 | 000,000,000 | ---D | C] -- C:\Users\Metroidn1f\AppData\Local\Microsoft Help
[2010/05/22 20:30:39 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft Office
[2010/05/22 20:30:38 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft Help
[2010/05/22 20:30:30 | 000,000,000 | RH-D | C] -- C:\MSOCache
[2010/05/22 18:12:15 | 000,000,000 | ---D | C] -- C:\ProgramData\boost_interprocess
[2010/05/22 17:51:11 | 000,000,000 | ---D | C] -- C:\Users\Metroidn1f\AppData\Roaming\TigerPlayer
[2010/05/22 17:50:40 | 000,000,000 | ---D | C] -- C:\ProgramData\Apple Computer
[2010/05/22 17:50:39 | 000,000,000 | ---D | C] -- C:\Program Files\MpcStar
[2010/05/22 17:15:04 | 000,000,000 | ---D | C] -- C:\Users\Metroidn1f\Tracing
[2010/05/22 17:14:35 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft
[2010/05/22 17:14:24 | 000,000,000 | ---D | C] -- C:\Users\Public\Documents\microsoft
[2010/05/22 17:14:18 | 000,000,000 | ---D | C] -- C:\Program Files\Windows Live SkyDrive
[2010/05/22 17:14:01 | 000,000,000 | ---D | C] -- C:\Program Files\Windows Live
[2010/05/22 17:13:42 | 000,000,000 | ---D | C] -- C:\Windows\PCHEALTH
[2010/05/22 17:12:15 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Windows Live
[2010/05/21 18:04:49 | 000,839,680 | ---- | C] (http://www.mp3dev.org/) -- C:\Windows\System32\lameACM.acm
[2010/05/21 18:04:49 | 000,630,784 | ---- | C] (On2.com) -- C:\Windows\System32\vp7vfw.dll
[2010/05/21 18:04:49 | 000,438,272 | ---- | C] (On2.com) -- C:\Windows\System32\vp6vfw.dll
[2010/05/21 18:04:49 | 000,413,760 | ---- | C] (Hacked with Joy !) -- C:\Windows\System32\DivXc32f.dll
[2010/05/21 18:04:49 | 000,413,760 | ---- | C] (Hacked with Joy !) -- C:\Windows\System32\DivXc32.dll
[2010/05/21 18:04:49 | 000,287,744 | ---- | C] (Kristal StudioDFileDescription) -- C:\Windows\System32\divxa32.acm
[2010/05/21 18:04:49 | 000,217,088 | ---- | C] (www.helixcommunity.org) -- C:\Windows\System32\yv12vfw.dll
[2010/05/21 18:04:49 | 000,151,552 | ---- | C] (fccHandler) -- C:\Windows\System32\ac3acm.acm
[2010/05/21 18:04:49 | 000,039,936 | ---- | C] (Disappearing Inc.) -- C:\Windows\System32\huffyuv.dll
[2010/05/21 18:04:48 | 000,090,112 | ---- | C] (DivX, Inc.) -- C:\Windows\System32\dpl100.dll
[2010/05/21 18:04:47 | 000,685,056 | ---- | C] (DivX, Inc.) -- C:\Windows\System32\divx.dll
[2010/05/21 18:04:45 | 000,000,000 | ---D | C] -- C:\Program Files\K-Lite Codec Pack
[2010/05/21 17:02:22 | 000,000,000 | ---D | C] -- C:\Program Files\Webteh
[2010/05/21 17:02:22 | 000,000,000 | ---D | C] -- C:\Users\Metroidn1f\AppData\Roaming\BSplayer PRO
[2010/05/21 16:27:05 | 000,000,000 | ---D | C] -- C:\ProgramData\NVIDIA
[2010/05/21 16:26:30 | 000,000,000 | ---D | C] -- C:\Program Files\NVIDIA Corporation
[2010/05/21 16:06:58 | 000,000,000 | ---D | C] -- C:\Windows\.jagex_cache_32
[2010/05/21 16:06:04 | 000,000,000 | ---D | C] -- C:\Users\Metroidn1f\Documents\RSBot
[2010/05/21 15:48:12 | 000,000,000 | ---D | C] -- C:\Users\Metroidn1f\AppData\Local\ElevatedDiagnostics
[2010/05/21 15:44:09 | 000,000,000 | ---D | C] -- C:\Users\Metroidn1f\dwhelper
[2010/05/21 14:57:45 | 000,000,000 | ---D | C] -- C:\Windows\System32\Wat
[2010/05/20 23:26:05 | 000,000,000 | ---D | C] -- C:\ProgramData\regid.1986-12.com.adobe
[2010/05/20 23:07:47 | 000,000,000 | ---D | C] -- C:\Windows\pss
[2010/05/20 23:05:25 | 000,000,000 | ---D | C] -- C:\Windows\Panther
[2010/05/20 23:05:10 | 000,000,000 | ---D | C] -- C:\Boot
[2010/05/20 22:02:45 | 000,000,000 | ---D | C] -- C:\ProgramData\ALM
[2010/05/20 21:53:13 | 000,000,000 | ---D | C] -- C:\Users\Metroidn1f\Adobe Flash Builder 4
[2010/05/20 21:50:56 | 000,000,000 | ---D | C] -- C:\Windows\Sun
[2010/05/20 21:50:49 | 000,000,000 | ---D | C] -- C:\ProgramData\Sun
[2010/05/20 21:50:48 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Java
[2010/05/20 21:50:15 | 000,000,000 | ---D | C] -- C:\Program Files\Java
[2010/05/20 21:47:28 | 000,000,000 | ---D | C] -- C:\Users\Public\Documents\Adobe
[2010/05/20 21:43:24 | 000,000,000 | ---D | C] -- C:\Program Files\Adobe Media Player
[2010/05/20 21:42:55 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\PX Storage Engine
[2010/05/20 21:42:55 | 000,000,000 | ---D | C] -- C:\Program Files\My Company Name
[2010/05/20 21:40:31 | 000,000,000 | ---D | C] -- C:\Windows\System32\Macromed
[2010/05/20 21:40:23 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Adobe AIR
[2010/05/20 21:40:20 | 000,000,000 | ---D | C] -- C:\Program Files\Adobe
[2010/05/20 21:34:42 | 000,000,000 | ---D | C] -- C:\Users\Metroidn1f\AppData\Roaming\Macromedia
[2010/05/20 21:34:41 | 000,000,000 | ---D | C] -- C:\ProgramData\Adobe
[2010/05/20 21:34:32 | 000,000,000 | ---D | C] -- C:\Users\Metroidn1f\AppData\Roaming\Adobe
[2010/05/20 21:34:31 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Adobe
[2010/05/20 21:34:06 | 000,000,000 | ---D | C] -- C:\Users\Metroidn1f\AppData\Local\Adobe
[2010/05/20 21:18:21 | 000,000,000 | ---D | C] -- C:\$AVG
[2010/05/20 21:17:11 | 000,000,000 | -H-D | C] -- C:\Windows\PIF
[2010/05/20 21:06:28 | 000,000,000 | ---D | C] -- C:\Program Files\Elaborate Bytes
[2010/05/20 21:02:34 | 000,000,000 | ---D | C] -- C:\Users\Metroidn1f\AppData\Local\AVG Security Toolbar
[2010/05/20 20:56:16 | 000,012,464 | ---- | C] (AVG Technologies CZ, s.r.o.) -- C:\Windows\System32\avgrsstx.dll
[2010/05/20 20:56:15 | 000,025,096 | ---- | C] (AVG Technologies CZ, s.r.o. ) -- C:\Windows\System32\drivers\AVGIDSwx.sys
[2010/05/20 20:56:14 | 000,242,896 | ---- | C] (AVG Technologies CZ, s.r.o.) -- C:\Windows\System32\drivers\avgtdix.sys
[2010/05/20 20:56:14 | 000,052,872 | ---- | C] (AVG Technologies CZ, s.r.o.) -- C:\Windows\System32\drivers\avgrkx86.sys
[2010/05/20 20:56:08 | 000,216,200 | ---- | C] (AVG Technologies CZ, s.r.o.) -- C:\Windows\System32\drivers\avgldx86.sys
[2010/05/20 20:56:08 | 000,029,584 | ---- | C] (AVG Technologies CZ, s.r.o.) -- C:\Windows\System32\drivers\avgmfx86.sys
[2010/05/20 20:56:07 | 000,000,000 | ---D | C] -- C:\Windows\System32\drivers\Avg
[2010/05/20 20:56:06 | 000,000,000 | ---D | C] -- C:\ProgramData\AVG Security Toolbar
[2010/05/20 20:55:47 | 000,024,856 | ---- | C] (AVG Technologies CZ, s.r.o.) -- C:\Windows\System32\drivers\avgfwd6x.sys
[2010/05/20 20:55:47 | 000,000,000 | ---D | C] -- C:\Program Files\AVG
[2010/05/20 20:55:45 | 000,000,000 | ---D | C] -- C:\ProgramData\avg9
[2010/05/20 20:46:06 | 000,000,000 | -HSD | C] -- C:\Windows\Installer
[2010/05/20 20:16:16 | 000,000,000 | ---D | C] -- C:\Users\Metroidn1f\AppData\Roaming\WinRAR
[2010/05/20 20:15:28 | 000,000,000 | ---D | C] -- C:\Program Files\WinRAR
[2010/05/20 20:05:55 | 000,000,000 | ---D | C] -- C:\Downloads
[2010/05/20 20:05:55 | 000,000,000 | ---D | C] -- C:\Users\Metroidn1f\AppData\Roaming\BitComet
[2010/05/20 20:02:04 | 000,000,000 | ---D | C] -- C:\Program Files\BitComet
[2010/05/20 20:01:08 | 000,000,000 | ---D | C] -- C:\Users\Metroidn1f\AppData\Roaming\Mozilla
[2010/05/20 20:01:08 | 000,000,000 | ---D | C] -- C:\Users\Metroidn1f\AppData\Local\Mozilla
[2010/05/20 20:01:01 | 000,000,000 | ---D | C] -- C:\Program Files\Mozilla Firefox
[2010/05/20 19:55:46 | 000,000,000 | R--D | C] -- C:\Users\Metroidn1f\Searches
[2010/05/20 19:55:38 | 000,000,000 | ---D | C] -- C:\Users\Metroidn1f\AppData\Roaming\Identities
[2010/05/20 19:55:36 | 000,000,000 | R--D | C] -- C:\Users\Metroidn1f\Contacts
[2010/05/20 19:55:31 | 000,000,000 | ---D | C] -- C:\Users\Metroidn1f\AppData\Local\VirtualStore
[2010/05/20 19:55:30 | 000,000,000 | --SD | C] -- C:\Users\Metroidn1f\AppData\Roaming\Microsoft
[2010/05/20 19:55:30 | 000,000,000 | R--D | C] -- C:\Users\Metroidn1f\Videos
[2010/05/20 19:55:30 | 000,000,000 | R--D | C] -- C:\Users\Metroidn1f\Saved Games
[2010/05/20 19:55:30 | 000,000,000 | R--D | C] -- C:\Users\Metroidn1f\Pictures
[2010/05/20 19:55:30 | 000,000,000 | R--D | C] -- C:\Users\Metroidn1f\Music
[2010/05/20 19:55:30 | 000,000,000 | R--D | C] -- C:\Users\Metroidn1f\Links
[2010/05/20 19:55:30 | 000,000,000 | R--D | C] -- C:\Users\Metroidn1f\Favorites
[2010/05/20 19:55:30 | 000,000,000 | R--D | C] -- C:\Users\Metroidn1f\Downloads
[2010/05/20 19:55:30 | 000,000,000 | R--D | C] -- C:\Users\Metroidn1f\My Documents
[2010/05/20 19:55:30 | 000,000,000 | R--D | C] -- C:\Users\Metroidn1f\Desktop
[2010/05/20 19:55:30 | 000,000,000 | -HSD | C] -- C:\Users\Metroidn1f\AppData\Local\Temporary Internet Files
[2010/05/20 19:55:30 | 000,000,000 | -HSD | C] -- C:\Users\Metroidn1f\Templates
[2010/05/20 19:55:30 | 000,000,000 | -HSD | C] -- C:\Users\Metroidn1f\Start Menu
[2010/05/20 19:55:30 | 000,000,000 | -HSD | C] -- C:\Users\Metroidn1f\SendTo
[2010/05/20 19:55:30 | 000,000,000 | -HSD | C] -- C:\Users\Metroidn1f\Recent
[2010/05/20 19:55:30 | 000,000,000 | -HSD | C] -- C:\Users\Metroidn1f\PrintHood
[2010/05/20 19:55:30 | 000,000,000 | -HSD | C] -- C:\Users\Metroidn1f\NetHood
[2010/05/20 19:55:30 | 000,000,000 | -HSD | C] -- C:\Users\Metroidn1f\Documents\My Videos
[2010/05/20 19:55:30 | 000,000,000 | -HSD | C] -- C:\Users\Metroidn1f\Documents\My Pictures
[2010/05/20 19:55:30 | 000,000,000 | -HSD | C] -- C:\Users\Metroidn1f\Documents\My Music
[2010/05/20 19:55:30 | 000,000,000 | -HSD | C] -- C:\Users\Metroidn1f\My Documents
[2010/05/20 19:55:30 | 000,000,000 | -HSD | C] -- C:\Users\Metroidn1f\Local Settings
[2010/05/20 19:55:30 | 000,000,000 | -HSD | C] -- C:\Users\Metroidn1f\AppData\Local\History
[2010/05/20 19:55:30 | 000,000,000 | -HSD | C] -- C:\Users\Metroidn1f\Cookies
[2010/05/20 19:55:30 | 000,000,000 | -HSD | C] -- C:\Users\Metroidn1f\Application Data
[2010/05/20 19:55:30 | 000,000,000 | -HSD | C] -- C:\Users\Metroidn1f\AppData\Local\Application Data
[2010/05/20 19:55:30 | 000,000,000 | -H-D | C] -- C:\Users\Metroidn1f\AppData
[2010/05/20 19:55:30 | 000,000,000 | ---D | C] -- C:\Users\Metroidn1f\AppData\Local\Temp
[2010/05/20 19:55:30 | 000,000,000 | ---D | C] -- C:\Users\Metroidn1f\AppData\Local\Microsoft
[2010/05/20 19:55:30 | 000,000,000 | ---D | C] -- C:\Users\Metroidn1f\AppData\Roaming\Media Center Programs
[2010/05/20 19:55:15 | 000,000,000 | ---D | C] -- C:\Recovery
[2010/05/20 19:55:10 | 000,000,000 | ---D | C] -- C:\Windows\SoftwareDistribution
[2010/05/20 19:06:33 | 000,000,000 | ---D | C] -- C:\Windows\Prefetch
[2010/05/20 19:05:56 | 000,000,000 | -HSD | C] -- C:\System Volume Information
[2010/04/03 22:55:32 | 000,056,424 | ---- | C] (Khronos Group) -- C:\Windows\System32\OpenCL.dll
[2010/03/31 01:15:22 | 000,086,016 | ---- | C] (Beepa P/L) -- C:\Windows\System32\frapsvid.dll
[2010/03/19 21:52:08 | 002,145,280 | ---- | C] (Python Software Foundation) -- C:\Windows\System32\python26.dll

========== Files - Modified Within 90 Days ==========

[2010/06/16 17:21:58 | 003,145,728 | -HS- | M] () -- C:\Users\Metroidn1f\NTUSER.DAT
[2010/06/16 17:12:08 | 061,137,456 | ---- | M] () -- C:\Windows\System32\drivers\Avg\incavi.avm
[2010/06/16 16:58:57 | 000,000,162 | -H-- | M] () -- C:\Users\Metroidn1f\Documents\~$glish Culminating Task.docx
[2010/06/16 16:37:26 | 000,717,892 | ---- | M] () -- C:\Windows\System32\PerfStringBackup.INI
[2010/06/16 16:37:26 | 000,622,110 | ---- | M] () -- C:\Windows\System32\perfh009.dat
[2010/06/16 16:37:26 | 000,108,232 | ---- | M] () -- C:\Windows\System32\perfc009.dat
[2010/06/16 16:27:14 | 000,000,000 | ---- | M] () -- C:\Users\Metroidn1f\AppData\Local\prvlcl.dat
[2010/06/16 15:21:29 | 002,672,312 | ---- | M] () -- C:\Users\Metroidn1f\Desktop\esetsmartinstaller_enu.exe
[2010/06/16 15:11:31 | 000,014,224 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2010/06/16 15:11:31 | 000,014,224 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2010/06/16 15:04:56 | 003,767,000 | ---- | M] () -- C:\Windows\System32\FNTCACHE.DAT
[2010/06/16 15:04:14 | 000,000,006 | -H-- | M] () -- C:\Windows\tasks\SA.DAT
[2010/06/16 15:04:11 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2010/06/16 15:03:46 | 2616,844,288 | -HS- | M] () -- C:\hiberfil.sys
[2010/06/15 23:18:23 | 003,988,657 | -H-- | M] () -- C:\Users\Metroidn1f\AppData\Local\IconCache.db
[2010/06/15 17:43:41 | 000,000,362 | RHS- | M] () -- C:\ProgramData\ntuser.pol
[2010/06/15 12:57:28 | 000,017,198 | ---- | M] () -- C:\Users\Metroidn1f\Documents\English Culminating Task.docx
[2010/06/14 21:13:40 | 000,173,648 | ---- | M] () -- C:\Windows\System32\drivers\rdyboost.sys
[2010/06/14 20:05:53 | 000,013,312 | ---- | M] () -- C:\Users\Metroidn1f\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2010/06/14 12:09:37 | 000,648,622 | ---- | M] () -- C:\Users\Metroidn1f\Documents\Science Culminating Task.docx
[2010/06/13 21:22:16 | 000,013,906 | ---- | M] () -- C:\Users\Metroidn1f\Desktop\BootSect.dll
[2010/06/13 10:58:09 | 000,000,215 | ---- | M] () -- C:\Windows\system.ini
[2010/06/13 10:57:56 | 000,000,027 | ---- | M] () -- C:\Windows\System32\drivers\etc\hosts
[2010/06/13 10:40:44 | 003,706,828 | R--- | M] () -- C:\Users\Metroidn1f\Desktop\schrauber.exe
[2010/06/13 10:14:38 | 025,944,496 | ---- | M] () -- C:\Users\Metroidn1f\Desktop\Pur moment de beat box _ Joseph Poolpo.flv
[2010/06/12 22:06:16 | 000,000,087 | ---- | M] () -- C:\Users\Metroidn1f\jagex_runescape_preferences2.dat
[2010/06/12 22:04:35 | 000,000,045 | ---- | M] () -- C:\Users\Metroidn1f\jagex_runescape_preferences.dat
[2010/06/11 22:24:51 | 000,000,116 | ---- | M] () -- C:\Users\Metroidn1f\Desktop\WorldWideMinerSettings.ini
[2010/06/11 18:53:46 | 000,000,805 | ---- | M] () -- C:\Users\Metroidn1f\Desktop\errorlog.zip
[2010/06/11 18:41:38 | 000,000,000 | ---- | M] () -- C:\Users\Metroidn1f\Desktop\MIley Cyrus - Party In The U.S.A. - Official Music Video HD.mp4
[2010/06/11 18:10:36 | 000,596,720 | ---- | M] () -- C:\Windows\System32\drivers\Avg\iavifw.avm
[2010/06/09 08:23:06 | 001,398,322 | ---- | M] () -- C:\Users\Metroidn1f\Desktop\RSBot-121.jar
[2010/06/08 08:46:39 | 001,398,700 | ---- | M] () -- C:\Users\Metroidn1f\Desktop\RSBot-120.jar
[2010/06/07 17:48:01 | 000,000,050 | ---- | M] () -- C:\Users\Metroidn1f\Desktop\test.bat
[2010/06/07 17:19:15 | 000,000,000 | ---- | M] () -- C:\Windows\MSYS.INI
[2010/06/07 13:39:01 | 000,000,975 | ---- | M] () -- C:\Users\Public\Desktop\Acrobat_com.lnk
[2010/06/06 16:33:21 | 005,798,942 | ---- | M] (Moritz Bunkus) -- C:\Users\Metroidn1f\Desktop\mkvtoolnix-unicode-4.0.0-setup.exe
[2010/06/06 11:07:29 | 035,953,860 | ---- | M] () -- C:\Users\Metroidn1f\Desktop\Me solving the rubiks cube 40 Ready_output.mp4
[2010/06/05 11:01:14 | 002,326,482 | ---- | M] () -- C:\Users\Metroidn1f\Desktop\Lucy Sweet 16.png
[2010/06/05 11:01:01 | 000,000,132 | ---- | M] () -- C:\Users\Metroidn1f\AppData\Roaming\Adobe PNG Format CS5 Prefs
[2010/06/05 10:54:59 | 000,099,178 | ---- | M] () -- C:\Users\Metroidn1f\Desktop\Steph2.jpg
[2010/06/05 10:54:45 | 000,104,814 | ---- | M] () -- C:\Users\Metroidn1f\Desktop\Steph.jpg
[2010/06/04 16:00:56 | 000,242,219 | ---- | M] () -- C:\Users\Metroidn1f\Desktop\Image044.jpg
[2010/06/04 15:25:10 | 000,154,626 | ---- | M] () -- C:\Users\Metroidn1f\Desktop\Lucy Sweet 16..jpg
[2010/06/04 15:07:51 | 014,098,432 | ---- | M] () -- C:\Users\Metroidn1f\Desktop\python-3.1.2.msi
[2010/06/04 08:23:53 | 000,824,681 | ---- | M] () -- C:\Users\Metroidn1f\Desktop\RSIT.exe
[2010/06/04 08:23:21 | 000,525,824 | ---- | M] () -- C:\Users\Metroidn1f\Desktop\dds.scr
[2010/06/04 08:07:22 | 001,381,423 | ---- | M] () -- C:\Users\Metroidn1f\Desktop\RSBot-119.jar
[2010/06/03 23:28:08 | 000,005,874 | ---- | M] () -- C:\Users\Metroidn1f\Desktop\1275622083_playback_play.png
[2010/06/03 21:01:18 | 000,332,800 | ---- | M] (MiniTech) -- C:\Users\Metroidn1f\Desktop\MiniCOder.exe
[2010/06/03 19:54:24 | 000,000,005 | ---- | M] () -- C:\Users\Metroidn1f\Desktop\start.bat
[2010/06/03 19:53:39 | 000,000,000 | RHS- | M] () -- C:\MSDOS.SYS
[2010/06/03 19:53:39 | 000,000,000 | RHS- | M] () -- C:\IO.SYS
[2010/06/03 17:05:04 | 139,747,735 | ---- | M] () -- C:\Users\Metroidn1f\Desktop\65451991948_1080.mov
[2010/06/03 15:36:58 | 000,025,731 | ---- | M] () -- C:\Users\Metroidn1f\Desktop\hiscorepersonal.ws.htm
[2010/06/02 16:33:03 | 001,346,718 | ---- | M] () -- C:\Users\Metroidn1f\Desktop\RSBot-118.jar
[2010/06/01 19:04:41 | 000,571,392 | ---- | M] (OldTimer Tools) -- C:\Users\Metroidn1f\Desktop\OTL.exe
[2010/06/01 18:48:09 | 000,007,635 | ---- | M] () -- C:\Users\Metroidn1f\AppData\Local\Resmon.ResmonCfg
[2010/06/01 15:27:05 | 000,595,499 | ---- | M] () -- C:\Users\Metroidn1f\Desktop\Autoruns.zip
[2010/06/01 09:12:32 | 000,242,896 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Windows\System32\drivers\avgtdix.sys
[2010/06/01 09:12:32 | 000,029,584 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Windows\System32\drivers\avgmfx86.sys
[2010/05/31 20:29:43 | 027,008,872 | ---- | M] () -- C:\Users\Metroidn1f\Desktop\RipBot264v1.15.1.7z
[2010/05/31 10:41:12 | 000,998,736 | ---- | M] (Kaspersky Lab) -- C:\Users\Metroidn1f\Desktop\TDSSKiller.exe
[2010/05/27 21:15:27 | 000,000,350 | -H-- | M] () -- C:\IPH.PH
[2010/05/27 19:47:14 | 211,227,500 | ---- | M] () -- C:\Users\Metroidn1f\Desktop\Me solving the rubiks cube 40 Ready.avi
[2010/05/27 12:49:48 | 000,000,132 | ---- | M] () -- C:\Users\Metroidn1f\AppData\Roaming\Adobe BMP Format CS5 Prefs
[2010/05/27 12:31:57 | 000,000,237 | ---- | M] () -- C:\ProgramData\nvUnsupRes.dat
[2010/05/26 17:28:39 | 000,160,046 | ---- | M] () -- C:\Users\Metroidn1f\Desktop\Me.png
[2010/05/25 06:27:18 | 000,000,088 | ---- | M] () -- C:\Users\Metroidn1f\AppData\Roaming\RSBot Accounts.ini
[2010/05/24 20:33:00 | 000,108,032 | ---- | M] () -- C:\Windows\System32\ff_vfw.dll
[2010/05/24 20:33:00 | 000,050,688 | ---- | M] () -- C:\Windows\System32\ff_acm.acm
[2010/05/23 12:24:03 | 000,109,392 | ---- | M] () -- C:\Users\Metroidn1f\AppData\Local\GDIPFONTCACHEV1.DAT
[2010/05/22 20:31:17 | 000,000,478 | ---- | M] () -- C:\Windows\win.ini
[2010/05/21 21:53:53 | 001,340,171 | ---- | M] () -- C:\Users\Metroidn1f\Desktop\RSBot.jar
[2010/05/21 19:22:47 | 000,000,000 | ---- | M] () -- C:\Users\Metroidn1f\jagex__preferences3.dat
[2010/05/20 23:05:12 | 000,008,192 | RHS- | M] () -- C:\BOOTSECT.BAK
[2010/05/20 20:56:16 | 000,012,464 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Windows\System32\avgrsstx.dll
[2010/05/20 20:56:15 | 000,025,096 | ---- | M] (AVG Technologies CZ, s.r.o. ) -- C:\Windows\System32\drivers\AVGIDSwx.sys
[2010/05/20 20:56:14 | 000,052,872 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Windows\System32\drivers\avgrkx86.sys
[2010/05/20 20:56:08 | 000,216,200 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Windows\System32\drivers\avgldx86.sys
[2010/05/20 20:56:08 | 000,113,461 | ---- | M] () -- C:\Windows\System32\drivers\Avg\iavichjw.avm
[2010/05/20 20:55:47 | 000,024,856 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Windows\System32\drivers\avgfwd6x.sys
[2010/05/20 20:51:18 | 000,000,003 | RHS- | M] () -- C:\win7ldr
[2010/05/20 20:50:44 | 000,203,316 | RHS- | M] () -- C:\grldr
[2010/05/20 20:47:47 | 000,524,288 | -HS- | M] () -- C:\Users\Metroidn1f\NTUSER.DAT{6cced2f1-6e01-11de-8bed-001e0bcd1824}.TMContainer00000000000000000002.regtrans-ms
[2010/05/20 20:47:47 | 000,524,288 | -HS- | M] () -- C:\Users\Metroidn1f\NTUSER.DAT{6cced2f1-6e01-11de-8bed-001e0bcd1824}.TMContainer00000000000000000001.regtrans-ms
[2010/05/20 20:47:47 | 000,065,536 | -HS- | M] () -- C:\Users\Metroidn1f\NTUSER.DAT{6cced2f1-6e01-11de-8bed-001e0bcd1824}.TM.blf
[2010/05/20 19:55:30 | 000,000,020 | -HS- | M] () -- C:\Users\Metroidn1f\ntuser.ini
[2010/05/20 19:09:48 | 000,042,045 | ---- | M] () -- C:\Windows\System32\license.rtf
[2010/05/20 19:07:24 | 000,000,000 | -H-- | M] () -- C:\Windows\System32\drivers\Msft_User_WpdFs_01_09_00.Wdf
[2010/04/29 15:39:38 | 000,038,224 | ---- | M] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbamswissarmy.sys
[2010/04/29 15:39:26 | 000,020,952 | ---- | M] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbam.sys
[2010/04/26 15:58:12 | 000,256,512 | ---- | M] () -- C:\Windows\PEV.exe
[2010/04/16 14:00:00 | 000,000,038 | ---- | M] () -- C:\Windows\avisplitter.ini
[2010/04/07 12:15:48 | 003,297,280 | ---- | M] () -- C:\Windows\System32\x264vfw.dll
[2010/04/03 22:55:32 | 000,056,424 | ---- | M] (Khronos Group) -- C:\Windows\System32\OpenCL.dll
[2010/04/03 22:55:32 | 000,007,772 | ---- | M] () -- C:\Windows\System32\nvinfo.pb
[2010/04/03 18:26:56 | 000,276,196 | ---- | M] () -- C:\Windows\System32\NvApps.xml
[2010/04/03 18:26:56 | 000,066,714 | ---- | M] () -- C:\Windows\System32\NvwsApps.xml
[2010/03/31 01:15:22 | 000,086,016 | ---- | M] (Beepa P/L) -- C:\Windows\System32\frapsvid.dll
[2010/03/19 21:52:08 | 002,145,280 | ---- | M] (Python Software Foundation) -- C:\Windows\System32\python26.dll

========== Files Created - No Company Name ==========

[2010/06/16 16:58:57 | 000,000,162 | -H-- | C] () -- C:\Users\Metroidn1f\Documents\~$glish Culminating Task.docx
[2010/06/16 15:21:27 | 002,672,312 | ---- | C] () -- C:\Users\Metroidn1f\Desktop\esetsmartinstaller_enu.exe
[2010/06/16 15:08:18 | 000,000,315 | ---- | C] () -- C:\Users\Metroidn1f\mbr.log
[2010/06/16 15:08:18 | 000,000,315 | ---- | C] () -- C:\Users\Metroidn1f\log.txt
[2010/06/15 17:43:39 | 000,000,362 | RHS- | C] () -- C:\ProgramData\ntuser.pol
[2010/06/15 12:57:26 | 000,017,198 | ---- | C] () -- C:\Users\Metroidn1f\Documents\English Culminating Task.docx
[2010/06/14 12:06:28 | 000,648,622 | ---- | C] () -- C:\Users\Metroidn1f\Documents\Science Culminating Task.docx
[2010/06/13 21:20:53 | 000,013,906 | ---- | C] () -- C:\Users\Metroidn1f\Desktop\BootSect.dll
[2010/06/13 10:43:40 | 000,256,512 | ---- | C] () -- C:\Windows\PEV.exe
[2010/06/13 10:43:40 | 000,098,816 | ---- | C] () -- C:\Windows\sed.exe
[2010/06/13 10:43:40 | 000,080,412 | ---- | C] () -- C:\Windows\grep.exe
[2010/06/13 10:43:40 | 000,077,312 | ---- | C] () -- C:\Windows\MBR.exe
[2010/06/13 10:43:40 | 000,068,096 | ---- | C] () -- C:\Windows\zip.exe
[2010/06/13 10:40:23 | 003,706,828 | R--- | C] () -- C:\Users\Metroidn1f\Desktop\schrauber.exe
[2010/06/13 10:06:22 | 025,944,496 | ---- | C] () -- C:\Users\Metroidn1f\Desktop\Pur moment de beat box _ Joseph Poolpo.flv
[2010/06/11 19:01:54 | 000,293,376 | ---- | C] () -- C:\Users\Metroidn1f\Desktop\gmer.exe
[2010/06/11 18:52:50 | 000,000,805 | ---- | C] () -- C:\Users\Metroidn1f\Desktop\errorlog.zip
[2010/06/11 18:29:52 | 000,000,000 | ---- | C] () -- C:\Users\Metroidn1f\Desktop\MIley Cyrus - Party In The U.S.A. - Official Music Video HD.mp4
[2010/06/09 08:23:04 | 001,398,322 | ---- | C] () -- C:\Users\Metroidn1f\Desktop\RSBot-121.jar
[2010/06/08 08:46:36 | 001,398,700 | ---- | C] () -- C:\Users\Metroidn1f\Desktop\RSBot-120.jar
[2010/06/07 17:48:01 | 000,000,050 | ---- | C] () -- C:\Users\Metroidn1f\Desktop\test.bat
[2010/06/07 17:01:43 | 000,000,000 | ---- | C] () -- C:\Users\Metroidn1f\AppData\Local\prvlcl.dat
[2010/06/07 16:18:35 | 000,000,000 | ---- | C] () -- C:\Windows\MSYS.INI
[2010/06/07 13:39:01 | 000,000,975 | ---- | C] () -- C:\Users\Public\Desktop\Acrobat_com.lnk
[2010/06/06 11:07:29 | 035,953,860 | ---- | C] () -- C:\Users\Metroidn1f\Desktop\Me solving the rubiks cube 40 Ready_output.mp4
[2010/06/05 11:01:01 | 002,326,482 | ---- | C] () -- C:\Users\Metroidn1f\Desktop\Lucy Sweet 16.png
[2010/06/05 10:54:57 | 000,099,178 | ---- | C] () -- C:\Users\Metroidn1f\Desktop\Steph2.jpg
[2010/06/05 10:54:39 | 000,104,814 | ---- | C] () -- C:\Users\Metroidn1f\Desktop\Steph.jpg
[2010/06/05 10:49:06 | 000,242,219 | ---- | C] () -- C:\Users\Metroidn1f\Desktop\Image044.jpg
[2010/06/05 10:48:56 | 000,154,626 | ---- | C] () -- C:\Users\Metroidn1f\Desktop\Lucy Sweet 16..jpg
[2010/06/04 15:06:44 | 014,098,432 | ---- | C] () -- C:\Users\Metroidn1f\Desktop\python-3.1.2.msi
[2010/06/04 08:23:36 | 000,824,681 | ---- | C] () -- C:\Users\Metroidn1f\Desktop\RSIT.exe
[2010/06/04 08:22:55 | 000,525,824 | ---- | C] () -- C:\Users\Metroidn1f\Desktop\dds.scr
[2010/06/04 08:07:20 | 001,381,423 | ---- | C] () -- C:\Users\Metroidn1f\Desktop\RSBot-119.jar
[2010/06/03 23:28:05 | 000,005,874 | ---- | C] () -- C:\Users\Metroidn1f\Desktop\1275622083_playback_play.png
[2010/06/03 19:54:24 | 000,000,005 | ---- | C] () -- C:\Users\Metroidn1f\Desktop\start.bat
[2010/06/03 19:53:39 | 000,000,000 | RHS- | C] () -- C:\MSDOS.SYS
[2010/06/03 19:53:39 | 000,000,000 | RHS- | C] () -- C:\IO.SYS
[2010/06/03 17:03:11 | 139,747,735 | ---- | C] () -- C:\Users\Metroidn1f\Desktop\65451991948_1080.mov
[2010/06/03 15:36:55 | 000,025,731 | ---- | C] () -- C:\Users\Metroidn1f\Desktop\hiscorepersonal.ws.htm
[2010/06/02 16:33:01 | 001,346,718 | ---- | C] () -- C:\Users\Metroidn1f\Desktop\RSBot-118.jar
[2010/06/01 18:48:09 | 000,007,635 | ---- | C] () -- C:\Users\Metroidn1f\AppData\Local\Resmon.ResmonCfg
[2010/06/01 15:26:43 | 000,595,499 | ---- | C] () -- C:\Users\Metroidn1f\Desktop\Autoruns.zip
[2010/05/31 20:32:50 | 000,050,688 | ---- | C] () -- C:\Windows\System32\ff_acm.acm
[2010/05/31 20:28:36 | 027,008,872 | ---- | C] () -- C:\Users\Metroidn1f\Desktop\RipBot264v1.15.1.7z
[2010/05/27 21:15:02 | 000,000,350 | -H-- | C] () -- C:\IPH.PH
[2010/05/27 19:30:56 | 211,227,500 | ---- | C] () -- C:\Users\Metroidn1f\Desktop\Me solving the rubiks cube 40 Ready.avi
[2010/05/27 12:49:32 | 000,000,132 | ---- | C] () -- C:\Users\Metroidn1f\AppData\Roaming\Adobe BMP Format CS5 Prefs
[2010/05/27 12:25:12 | 000,000,237 | ---- | C] () -- C:\ProgramData\nvUnsupRes.dat
[2010/05/26 21:55:34 | 000,013,312 | ---- | C] () -- C:\Users\Metroidn1f\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2010/05/26 17:28:39 | 000,000,132 | ---- | C] () -- C:\Users\Metroidn1f\AppData\Roaming\Adobe PNG Format CS5 Prefs
[2010/05/26 17:28:37 | 000,160,046 | ---- | C] () -- C:\Users\Metroidn1f\Desktop\Me.png
[2010/05/22 19:02:26 | 000,000,116 | ---- | C] () -- C:\Users\Metroidn1f\Desktop\WorldWideMinerSettings.ini
[2010/05/21 21:53:47 | 001,340,171 | ---- | C] () -- C:\Users\Metroidn1f\Desktop\RSBot.jar
[2010/05/21 19:22:47 | 000,000,087 | ---- | C] () -- C:\Users\Metroidn1f\jagex_runescape_preferences2.dat
[2010/05/21 19:22:47 | 000,000,000 | ---- | C] () -- C:\Users\Metroidn1f\jagex__preferences3.dat
[2010/05/21 18:04:50 | 000,165,376 | ---- | C] () -- C:\Windows\System32\unrar.dll
[2010/05/21 18:04:50 | 000,000,038 | ---- | C] () -- C:\Windows\avisplitter.ini
[2010/05/21 18:04:49 | 003,297,280 | ---- | C] () -- C:\Windows\System32\x264vfw.dll
[2010/05/21 18:04:49 | 000,000,414 | ---- | C] () -- C:\Windows\System32\lame_acm.xml
[2010/05/21 18:04:48 | 003,596,288 | ---- | C] () -- C:\Windows\System32\qt-dx331.dll
[2010/05/21 18:04:48 | 000,881,664 | ---- | C] () -- C:\Windows\System32\xvidcore.dll
[2010/05/21 18:04:48 | 000,205,824 | ---- | C] () -- C:\Windows\System32\xvidvfw.dll
[2010/05/21 18:04:47 | 000,108,032 | ---- | C] () -- C:\Windows\System32\ff_vfw.dll
[2010/05/21 18:04:47 | 000,000,547 | ---- | C] () -- C:\Windows\System32\ff_vfw.dll.manifest
[2010/05/21 16:07:15 | 000,000,088 | ---- | C] () -- C:\Users\Metroidn1f\AppData\Roaming\RSBot Accounts.ini
[2010/05/21 16:06:59 | 000,000,045 | ---- | C] () -- C:\Users\Metroidn1f\jagex_runescape_preferences.dat
[2010/05/20 23:05:12 | 000,008,192 | RHS- | C] () -- C:\BOOTSECT.BAK
[2010/05/20 23:05:11 | 000,383,562 | RHS- | C] () -- C:\bootmgr
[2010/05/20 20:56:08 | 000,596,720 | ---- | C] () -- C:\Windows\System32\drivers\Avg\iavifw.avm
[2010/05/20 20:56:08 | 000,113,461 | ---- | C] () -- C:\Windows\System32\drivers\Avg\iavichjw.avm
[2010/05/20 20:56:07 | 061,137,456 | ---- | C] () -- C:\Windows\System32\drivers\Avg\incavi.avm
[2010/05/20 20:51:18 | 000,203,316 | RHS- | C] () -- C:\grldr
[2010/05/20 20:51:18 | 000,000,003 | RHS- | C] () -- C:\win7ldr
[2010/05/20 19:55:30 | 003,145,728 | -HS- | C] () -- C:\Users\Metroidn1f\NTUSER.DAT
[2010/05/20 19:55:30 | 000,524,288 | -HS- | C] () -- C:\Users\Metroidn1f\NTUSER.DAT{6cced2f1-6e01-11de-8bed-001e0bcd1824}.TMContainer00000000000000000002.regtrans-ms
[2010/05/20 19:55:30 | 000,524,288 | -HS- | C] () -- C:\Users\Metroidn1f\NTUSER.DAT{6cced2f1-6e01-11de-8bed-001e0bcd1824}.TMContainer00000000000000000001.regtrans-ms
[2010/05/20 19:55:30 | 000,262,144 | -HS- | C] () -- C:\Users\Metroidn1f\ntuser.dat.LOG1
[2010/05/20 19:55:30 | 000,065,536 | -HS- | C] () -- C:\Users\Metroidn1f\NTUSER.DAT{6cced2f1-6e01-11de-8bed-001e0bcd1824}.TM.blf
[2010/05/20 19:55:30 | 000,000,020 | -HS- | C] () -- C:\Users\Metroidn1f\ntuser.ini
[2010/05/20 19:55:30 | 000,000,000 | -HS- | C] () -- C:\Users\Metroidn1f\ntuser.dat.LOG2
[2010/05/20 19:07:24 | 000,000,000 | -H-- | C] () -- C:\Windows\System32\drivers\Msft_User_WpdFs_01_09_00.Wdf
[2010/05/20 19:05:56 | 2616,844,288 | -HS- | C] () -- C:\hiberfil.sys
[2010/04/03 22:55:32 | 000,007,772 | ---- | C] () -- C:\Windows\System32\nvinfo.pb
[2010/04/03 18:26:56 | 000,276,196 | ---- | C] () -- C:\Windows\System32\NvApps.xml
[2010/04/03 18:26:56 | 000,066,714 | ---- | C] () -- C:\Windows\System32\NvwsApps.xml
[2009/09/28 09:22:00 | 000,315,392 | ---- | C] () -- C:\Windows\System32\drivers\yk62x86.sys
[2009/07/13 19:51:43 | 000,073,728 | ---- | C] () -- C:\Windows\System32\BthpanContextHandler.dll
[2009/07/13 19:42:10 | 000,064,000 | ---- | C] () -- C:\Windows\System32\BWContextHandler.dll
[2009/07/13 19:22:02 | 000,173,648 | ---- | C] () -- C:\Windows\System32\drivers\rdyboost.sys

========== LOP Check ==========

[2010/05/27 21:15:51 | 000,000,000 | ---D | M] -- C:\Users\Metroidn1f\AppData\Roaming\acccore
[2010/06/03 17:46:36 | 000,000,000 | ---D | M] -- C:\Users\Metroidn1f\AppData\Roaming\avidemux
[2010/06/15 23:15:43 | 000,000,000 | ---D | M] -- C:\Users\Metroidn1f\AppData\Roaming\BitComet
[2010/06/03 20:15:59 | 000,000,000 | ---D | M] -- C:\Users\Metroidn1f\AppData\Roaming\Broad Intelligence
[2010/05/22 18:24:05 | 000,000,000 | ---D | M] -- C:\Users\Metroidn1f\AppData\Roaming\BSplayer PRO
[2010/06/03 17:48:48 | 000,000,000 | ---D | M] -- C:\Users\Metroidn1f\AppData\Roaming\HandBrake
[2010/06/05 17:14:58 | 000,000,000 | ---D | M] -- C:\Users\Metroidn1f\AppData\Roaming\ImgBurn
[2010/05/27 13:03:02 | 000,000,000 | ---D | M] -- C:\Users\Metroidn1f\AppData\Roaming\mkvtoolnix
[2010/05/24 17:41:11 | 000,000,000 | ---D | M] -- C:\Users\Metroidn1f\AppData\Roaming\Notepad++
[2010/05/22 18:12:29 | 000,000,000 | ---D | M] -- C:\Users\Metroidn1f\AppData\Roaming\TigerPlayer
[2010/06/06 01:17:44 | 000,009,948 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT

========== Purity Check ==========



========== Custom Scans ==========


< %SYSTEMDRIVE%\*.exe >


< MD5 for: AGP440.SYS >
[2009/07/13 21:26:15 | 000,053,312 | ---- | M] (Microsoft Corporation) MD5=507812C3054C21CEF746B6EE3D04DD6E -- C:\Windows\ERDNT\cache\AGP440.sys
[2009/07/13 21:26:15 | 000,053,312 | ---- | M] (Microsoft Corporation) MD5=507812C3054C21CEF746B6EE3D04DD6E -- C:\Windows\System32\drivers\AGP440.sys
[2009/07/13 21:26:15 | 000,053,312 | ---- | M] (Microsoft Corporation) MD5=507812C3054C21CEF746B6EE3D04DD6E -- C:\Windows\System32\DriverStore\FileRepository\machine.inf_x86_neutral_65848c2d7375a720\AGP440.sys
[2009/07/13 21:26:15 | 000,053,312 | ---- | M] (Microsoft Corporation) MD5=507812C3054C21CEF746B6EE3D04DD6E -- C:\Windows\winsxs\x86_machine.inf_31bf3856ad364e35_6.1.7600.16385_none_b9e9435f20046eeb\AGP440.sys

< MD5 for: ATAPI.SYS >
[2009/07/13 21:26:15 | 000,021,584 | ---- | M] (Microsoft Corporation) MD5=338C86357871C167A96AB976519BF59E -- C:\Windows\ERDNT\cache\atapi.sys
[2009/07/13 21:26:15 | 000,021,584 | ---- | M] (Microsoft Corporation) MD5=338C86357871C167A96AB976519BF59E -- C:\Windows\System32\drivers\atapi.sys
[2009/07/13 21:26:15 | 000,021,584 | ---- | M] (Microsoft Corporation) MD5=338C86357871C167A96AB976519BF59E -- C:\Windows\System32\DriverStore\FileRepository\mshdc.inf_x86_neutral_f64b9c35a3a5be81\atapi.sys
[2009/07/13 21:26:15 | 000,021,584 | ---- | M] (Microsoft Corporation) MD5=338C86357871C167A96AB976519BF59E -- C:\Windows\winsxs\x86_mshdc.inf_31bf3856ad364e35_6.1.7600.16385_none_dd0e7e3d82dd640d\atapi.sys

< MD5 for: CNGAUDIT.DLL >
[2009/07/13 21:15:06 | 000,012,288 | ---- | M] (Microsoft Corporation) MD5=50BA656134F78AF64E4DD3C8B6FEFD7E -- C:\Windows\ERDNT\cache\cngaudit.dll
[2009/07/13 21:15:06 | 000,012,288 | ---- | M] (Microsoft Corporation) MD5=50BA656134F78AF64E4DD3C8B6FEFD7E -- C:\Windows\System32\cngaudit.dll
[2009/07/13 21:15:06 | 000,012,288 | ---- | M] (Microsoft Corporation) MD5=50BA656134F78AF64E4DD3C8B6FEFD7E -- C:\Windows\winsxs\x86_microsoft-windows-cngaudit-dll_31bf3856ad364e35_6.1.7600.16385_none_e83a414890e8132b\cngaudit.dll

< MD5 for: IASTORV.SYS >
[2009/07/13 21:20:36 | 000,332,352 | ---- | M] (Intel Corporation) MD5=934AF4D7C5F457B9F0743F4299B77B67 -- C:\Windows\System32\drivers\iaStorV.sys
[2009/07/13 21:20:36 | 000,332,352 | ---- | M] (Intel Corporation) MD5=934AF4D7C5F457B9F0743F4299B77B67 -- C:\Windows\System32\DriverStore\FileRepository\iastorv.inf_x86_neutral_18cccb83b34e1453\iaStorV.sys
[2009/07/13 21:20:36 | 000,332,352 | ---- | M] (Intel Corporation) MD5=934AF4D7C5F457B9F0743F4299B77B67 -- C:\Windows\winsxs\x86_iastorv.inf_31bf3856ad364e35_6.1.7600.16385_none_aee7a89be91b9000\iaStorV.sys

< MD5 for: NETLOGON.DLL >
[2009/07/13 21:16:02 | 000,563,712 | ---- | M] (Microsoft Corporation) MD5=EAA75D9000B71F10EEC04D2AE6C60E81 -- C:\Windows\ERDNT\cache\netlogon.dll
[2009/07/13 21:16:02 | 000,563,712 | ---- | M] (Microsoft Corporation) MD5=EAA75D9000B71F10EEC04D2AE6C60E81 -- C:\Windows\System32\netlogon.dll
[2009/07/13 21:16:02 | 000,563,712 | ---- | M] (Microsoft Corporation) MD5=EAA75D9000B71F10EEC04D2AE6C60E81 -- C:\Windows\winsxs\x86_microsoft-windows-security-netlogon_31bf3856ad364e35_6.1.7600.16385_none_fd8e0d66994d7dc8\netlogon.dll

< MD5 for: NVSTOR.SYS >
[2009/07/13 21:20:44 | 000,142,416 | ---- | M] (NVIDIA Corporation) MD5=C99F251A5DE63C6F129CF71933ACED0F -- C:\Windows\System32\drivers\nvstor.sys
[2009/07/13 21:20:44 | 000,142,416 | ---- | M] (NVIDIA Corporation) MD5=C99F251A5DE63C6F129CF71933ACED0F -- C:\Windows\System32\DriverStore\FileRepository\nvraid.inf_x86_neutral_5bde3fe2945bce9e\nvstor.sys
[2009/07/13 21:20:44 | 000,142,416 | ---- | M] (NVIDIA Corporation) MD5=C99F251A5DE63C6F129CF71933ACED0F -- C:\Windows\winsxs\x86_nvraid.inf_31bf3856ad364e35_6.1.7600.16385_none_39b1194b205239d8\nvstor.sys

< MD5 for: SCECLI.DLL >
[2009/07/13 21:16:13 | 000,175,616 | ---- | M] (Microsoft Corporation) MD5=26073302DAEA83CC5B944C546D6B47D2 -- C:\Windows\ERDNT\cache\scecli.dll
[2009/07/13 21:16:13 | 000,175,616 | ---- | M] (Microsoft Corporation) MD5=26073302DAEA83CC5B944C546D6B47D2 -- C:\Windows\System32\scecli.dll
[2009/07/13 21:16:13 | 000,175,616 | ---- | M] (Microsoft Corporation) MD5=26073302DAEA83CC5B944C546D6B47D2 -- C:\Windows\winsxs\x86_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.1.7600.16385_none_37e4387f3a6f0483\scecli.dll

< %systemroot%\*. /mp /s >

< %systemroot%\system32\*.dll /lockedfiles >
[2009/07/13 21:15:13 | 000,346,112 | ---- | M] (Microsoft Corporation) Unable to obtain MD5 -- C:\Windows\System32\dxtmsft.dll
[2009/07/13 21:15:13 | 000,215,552 | ---- | M] (Microsoft Corporation) Unable to obtain MD5 -- C:\Windows\System32\dxtrans.dll
[2009/07/13 21:15:28 | 000,186,368 | ---- | M] (Microsoft Corporation) Unable to obtain MD5 -- C:\Windows\System32\iepeers.dll
[2009/07/13 21:15:36 | 000,226,816 | ---- | M] (Microsoft Corporation) Unable to obtain MD5 -- C:\Windows\System32\LocationApi.dll

< %systemroot%\Tasks\*.job /lockedfiles >

< %systemroot%\system32\drivers\*.sys /lockedfiles >

< %systemroot%\System32\config\*.sav >

< %systemdrive%\*.sys /90 /md5 >
[2010/06/16 15:03:46 | 2616,844,288 | -HS- | M] () Unable to obtain MD5 -- C:\hiberfil.sys
[2010/06/03 19:53:39 | 000,000,000 | RHS- | M] () MD5=D41D8CD98F00B204E9800998ECF8427E -- C:\IO.SYS
[2010/06/03 19:53:39 | 000,000,000 | RHS- | M] () MD5=D41D8CD98F00B204E9800998ECF8427E -- C:\MSDOS.SYS
[2010/06/16 15:03:46 | 3489,128,448 | -HS- | M] () Unable to obtain MD5 -- C:\pagefile.sys
< End of report >


#15 schrauber

schrauber

    Mr.Mechanic


  • Malware Response Team
  • 24,794 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Munich,Germany
  • Local time:08:21 AM

Posted 19 June 2010 - 05:44 AM

Hi,

please open OTL, set the extra registry tab to use safe list and hit the run scan button, post back with the 2 logfiles.

How is it running now?
regards,
schrauber

Posted Image
Posted Image

If I've not posted back within 48 hrs., feel free to send a PM with your topic link. Thank you!

If I have helped you then please consider donating to continue the fight against malware Posted Image




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users