Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

virus redirecting browser to www.google-analytics.com


  • This topic is locked This topic is locked
22 replies to this topic

#1 PopcornSuicide

PopcornSuicide

  • Members
  • 9 posts
  • OFFLINE
  •  
  • Local time:08:58 PM

Posted 20 July 2010 - 07:09 AM

Hello to whoever eventually reads this. I'm experiencing a problem when trying to browse certain sites where after starting to load up the original page, I am redirected to a blank white page with 'waiting for www.google-analytics.com...' that never finishes loading. Other random unrelated webpages are sometimes there, but www.google-analytics.com appears to be the most common. I've tried scanning with various anti-virus and anti-spyware programs that have not shown any infections. Some of these anti-virus and anti-spyware programs are also unable to update despite an internet connection and certain anti-virus and anti-spyware product homepages fail to load at all. I had problems getting a GMER log, as the program kept freezing and i had to restart my computer in order to continue working on it. And as a minor issue, webpages fail to remember my login details and I am forced to manually type them in each time I close and reopen my browser. I would really appreciate the help and thanks in advance for taking some time out to read this.


DDS (Ver_10-03-17.01) - NTFSx86
Run by kennett at 20:50:32.93 on Tue 07/20/2010
Internet Explorer: 7.0.6000.16830 BrowserJavaVersion: 1.6.0_20
Microsoft® Windows Vista™ Home Premium 6.0.6000.0.1252.1.1033.18.2045.1085 [GMT 10:00]

AV: AVG Internet Security *On-access scanning enabled* (Updated) {17DDD097-36FF-435F-9E1B-52D74245D6BF}
AV: avast! Antivirus *On-access scanning enabled* (Updated) {7591DB91-41F0-48A3-B128-1A293FD8233D}
SP: AVG Internet Security *enabled* (Updated) {17DDD097-36FF-435F-9E1B-52D74245D6BF}
SP: Windows Defender *enabled* (Outdated) {D68DDC3A-831F-4FAE-9E44-DA132C1ACF46}
SP: avast! Antivirus *enabled* (Updated) {7591DB91-41F0-48A3-B128-1A293FD8233D}

============== Running Processes ===============

C:\Windows\system32\wininit.exe
C:\Program Files\AVG\AVG9\avgchsvx.exe
C:\Program Files\AVG\AVG9\avgrsx.exe
C:\Windows\system32\lsm.exe
C:\Program Files\AVG\AVG9\avgcsrvx.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\nvvsvc.exe
C:\Windows\system32\svchost.exe -k rpcss
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\SLsvc.exe
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\rundll32.exe
C:\Windows\system32\svchost.exe -k NetworkService
C:\Program Files\Alwil Software\Avast5\AvastSvc.exe
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Windows\system32\Dwm.exe
C:\Windows\system32\taskeng.exe
C:\Windows\Explorer.EXE
C:\Windows\System32\svchost.exe -k Akamai
C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
C:\Program Files\AVG\AVG9\avgwdsvc.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Windows\system32\svchost.exe -k bthsvcs
C:\Program Files\BurnAware Professional\nmsaccessu.exe
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\Windows\system32\STacSV.exe
C:\Program Files\AVG\AVG9\avgam.exe
C:\Program Files\AVG\AVG9\avgnsx.exe
C:\Windows\system32\svchost.exe -k imgsvc
C:\Windows\System32\svchost.exe -k WerSvcGroup
C:\Windows\system32\SearchIndexer.exe
C:\Windows\system32\DRIVERS\xaudio.exe
C:\Windows\system32\taskeng.exe
C:\Program Files\AVG\AVG9\avgcsrvx.exe
C:\Windows\System32\rundll32.exe
C:\Windows\System32\rundll32.exe
C:\Windows\OEM02Mon.exe
C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe
C:\Program Files\Common Files\Java\Java Update\jusched.exe
C:\Windows\sttray.exe
C:\Program Files\AVG\AVG9\avgtray.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Alwil Software\Avast5\AvastUI.exe
C:\Program Files\Dell\Dell Webcam Manager\DellWMgr.exe
C:\Windows\ehome\ehtray.exe
C:\Program Files\Windows Media Player\wmpnscfg.exe
C:\Windows\ehome\ehmsas.exe
C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe
C:\Program Files\SpywareGuard\sgmain.exe
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\Program Files\WIDCOMM\Bluetooth Software\BtStackServer.exe
C:\Program Files\SpywareGuard\sgbhp.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Windows\system32\wuauclt.exe
C:\Windows\system32\taskeng.exe
C:\Windows\servicing\TrustedInstaller.exe
C:\Windows\system32\SearchProtocolHost.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Windows\system32\DllHost.exe
C:\Windows\system32\DllHost.exe
C:\Users\kennett\Desktop\dds.scr
C:\Windows\system32\wbem\wmiprvse.exe

============== Pseudo HJT Report ===============

uStart Page = hxxp://www.ninemsn.com.au/
uWindow Title = Internet Explorer provided by Dell
uDefault_Page_URL = hxxp://www.google.com.au/ig/dell?hl=en&client=dell-row&channel=au&ibd=2071213
uInternet Settings,ProxyOverride = *.local
BHO: AVG Safe Search: {3ca2f312-6f6e-4b53-a66e-4e65e497c8c0} - c:\program files\avg\avg9\avgssie.dll
BHO: SpywareGuardDLBLOCK.CBrowserHelper: {4a368e80-174f-4872-96b5-0b27ddd11db2} - c:\program files\spywareguard\dlprotect.dll
BHO: {5C255C8A-E604-49b4-9D64-90988571CECB} - No File
BHO: Groove GFS Browser Helper: {72853161-30c5-4d22-b7f9-0bbc1d38a37e} - c:\progra~1\micros~2\office12\GRA8E1~1.DLL
BHO: Windows Live Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - c:\program files\common files\microsoft shared\windows live\WindowsLiveLogin.dll
BHO: Java™ Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
uRun: [DELL Webcam Manager] "c:\program files\dell\dell webcam manager\DellWMgr.exe" /s
uRun: [EPSON T40W Series] c:\windows\system32\spool\drivers\w32x86\3\e_fatielp.exe /fu "c:\windows\temp\E_SA9A9.tmp" /EF "HKCU"
uRun: [ehTray.exe] c:\windows\ehome\ehTray.exe
uRun: [EA Core] "c:\program files\electronic arts\eadm\Core.exe" -silent
uRun: [WMPNSCFG] c:\program files\windows media player\WMPNSCFG.exe
mRun: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide
mRun: [NvCplDaemon] RUNDLL32.EXE c:\windows\system32\NvCpl.dll,NvStartup
mRun: [NvMediaCenter] RUNDLL32.EXE c:\windows\system32\NvMcTray.dll,NvTaskbarInit
mRun: [NVHotkey] rundll32.exe c:\windows\system32\nvHotkey.dll,Start
mRun: [OEM02Mon.exe] c:\windows\OEM02Mon.exe
mRun: [GrooveMonitor] "c:\program files\microsoft office\office12\GrooveMonitor.exe"
mRun: [SunJavaUpdateSched] "c:\program files\common files\java\java update\jusched.exe"
mRun: [SigmatelSysTrayApp] sttray.exe
mRun: [AVG9_TRAY] c:\progra~1\avg\avg9\avgtray.exe
mRun: [QuickTime Task] "c:\program files\quicktime\QTTask.exe" -atboottime
mRun: [iTunesHelper] "c:\program files\itunes\iTunesHelper.exe"
mRun: [avast5] c:\progra~1\alwils~1\avast5\avastUI.exe /nogui
StartupFolder: c:\users\kennett\appdata\roaming\micros~1\windows\startm~1\programs\startup\spywar~1.lnk - c:\program files\spywareguard\sgmain.exe
StartupFolder: c:\progra~2\micros~1\windows\startm~1\programs\startup\blueto~1.lnk - c:\program files\widcomm\bluetooth software\BTTray.exe
IE: E&xport to Microsoft Excel - c:\progra~1\micros~2\office12\EXCEL.EXE/3000
IE: Send image to &Bluetooth Device... - c:\program files\widcomm\bluetooth software\btsendto_ie_ctx.htm
IE: Send page to &Bluetooth Device... - c:\program files\widcomm\bluetooth software\btsendto_ie.htm
IE: {CCA281CA-C863-46ef-9331-5C8D4460577F} - c:\program files\widcomm\bluetooth software\btsendto_ie.htm
IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - c:\progra~1\micros~2\office12\ONBttnIE.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~2\office12\REFIEBAR.DLL
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab
TCP: {0108F17E-774A-449C-B12F-F44F3536A605} = 192.168.1.1
TCP: {AC4A3680-3606-4625-9FDB-656F1EC0F5F5} = 192.168.1.1
Handler: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - c:\progra~1\micros~2\office12\GR99D3~1.DLL
Handler: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - c:\program files\avg\avg9\avgpp.dll
AppInit_DLLs: avgrsstx.dll
SEH: Groove GFS Stub Execution Hook: {b5a7f190-dda6-4420-b3ba-52453494e6cd} - c:\progra~1\micros~2\office12\GRA8E1~1.DLL
SEH: SpywareGuard.Handler: {81559c35-8464-49f7-bb0e-07a383bef910} - c:\program files\spywareguard\spywareguard.dll

================= FIREFOX ===================

FF - ProfilePath - c:\users\kennett\appdata\roaming\mozilla\firefox\profiles\t4jel9xq.default\
FF - prefs.js: browser.startup.homepage - hxxp://www.ninemsn.com.au/
FF - component: c:\program files\avg\avg9\firefox\components\avgssff.dll
FF - plugin: c:\program files\mozilla firefox\plugins\npbyond.dll
FF - plugin: c:\program files\mozilla firefox\plugins\npdeployJava1.dll
FF - HiddenExtension: Java Console: No Registry Reference - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0015-ABCDEFFEDCBA}
FF - HiddenExtension: Java Console: No Registry Reference - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0019-ABCDEFFEDCBA}
FF - HiddenExtension: Java Console: No Registry Reference - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}

============= SERVICES / DRIVERS ===============

R0 AvgRkx86;avgrkx86.sys;c:\windows\system32\drivers\avgrkx86.sys [2010-3-6 161800]
R1 aswSP;aswSP;c:\windows\system32\drivers\aswSP.sys [2010-7-19 165456]
R1 AvgLdx86;AVG AVI Loader Driver x86;c:\windows\system32\drivers\avgldx86.sys [2010-3-6 333192]
R1 AvgMfx86;AVG On-access Scanner Minifilter Driver x86;c:\windows\system32\drivers\avgmfx86.sys [2010-3-6 28424]
R1 AvgTdiX;AVG Network Redirector;c:\windows\system32\drivers\avgtdix.sys [2010-3-6 360584]
R2 Akamai;Akamai NetSession Interface;c:\windows\system32\svchost.exe -k Akamai [2006-11-2 22016]
R2 aswFsBlk;aswFsBlk;c:\windows\system32\drivers\aswFsBlk.sys [2010-7-19 17744]
R2 aswMonFlt;aswMonFlt;c:\windows\system32\drivers\aswMonFlt.sys [2010-7-19 50256]
R2 avast! Antivirus;avast! Antivirus;c:\program files\alwil software\avast5\AvastSvc.exe [2010-7-19 40384]
R2 avg9wd;AVG WatchDog;c:\program files\avg\avg9\avgwdsvc.exe [2010-3-6 285392]
R3 avast! Mail Scanner;avast! Mail Scanner;c:\program files\alwil software\avast5\AvastSvc.exe [2010-7-19 40384]
R3 avast! Web Scanner;avast! Web Scanner;c:\program files\alwil software\avast5\AvastSvc.exe [2010-7-19 40384]
R3 PPJoyBus;Parallel Port Joystick Bus device driver;c:\windows\system32\drivers\PPJoyBus.sys [2002-8-8 11330]
R3 PPortJoystick;Parallel Port Joystick device driver;c:\windows\system32\drivers\PPortJoy.sys [2003-6-8 21922]

=============== Created Last 30 ================

2010-07-20 10:48:46 0 ----a-w- c:\users\kennett\defogger_reenable
2010-07-20 10:29:11 0 d-s---w- C:\ComboFix
2010-07-20 10:06:16 0 d-----w- c:\users\kennett\appdata\roaming\Malwarebytes
2010-07-20 10:06:07 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2010-07-20 10:06:06 20952 ----a-w- c:\windows\system32\drivers\mbam.sys
2010-07-20 10:06:06 0 d-----w- c:\programdata\Malwarebytes
2010-07-20 10:06:06 0 d-----w- c:\program files\Malwarebytes' Anti-Malware
2010-07-20 09:56:35 0 d-----w- c:\program files\Trend Micro
2010-07-20 08:36:53 86016 ----a-w- c:\windows\unvise32.exe
2010-07-19 13:18:12 50256 ----a-w- c:\windows\system32\drivers\aswMonFlt.sys
2010-07-19 13:13:44 38848 ----a-w- c:\windows\avastSS.scr
2010-07-19 13:13:14 0 d-----w- c:\programdata\Alwil Software
2010-07-19 12:59:17 0 d-----w- c:\program files\SpywareGuard
2010-07-19 12:55:43 411368 ----a-w- c:\windows\system32\deployJava1.dll
2010-07-19 11:17:42 0 d-----w- c:\programdata\Kaspersky Lab
2010-07-19 11:17:42 0 d-----w- c:\program files\Kaspersky Lab
2010-07-19 10:42:29 0 d-----w- c:\program files\common files\PC Tools
2010-07-19 10:38:32 0 ---ha-w- C:\ProgramData.LOG2
2010-07-19 10:38:32 0 ---ha-w- C:\ProgramData.LOG1
2010-07-19 06:12:19 0 d-----w- c:\users\kennett\appdata\roaming\CleanMyPC Software
2010-07-19 06:11:17 0 d-----w- c:\program files\CleanMyPC
2010-07-16 12:31:38 0 d-----w- c:\program files\Parallel Port Joystick
2010-07-16 11:25:54 0 d-----w- c:\programdata\FrontLine Registry Cleaner
2010-07-16 11:22:49 0 d-----w- C:\$RECYCLE(0).BIN

==================== Find3M ====================

2010-07-20 10:31:20 28029 ----a-w- c:\programdata\nvModes.dat
2010-07-20 10:29:48 2978 ----a-w- c:\windows\bthservsdp.dat
2010-07-20 08:36:14 86016 ----a-w- c:\windows\inf\infstrng.dat
2010-07-20 08:36:14 51200 ----a-w- c:\windows\inf\infpub.dat
2010-07-20 08:36:13 86016 ----a-w- c:\windows\inf\infstor.dat
2010-05-18 06:35:16 91424 ----a-w- c:\windows\system32\dnssd.dll
2010-05-18 06:35:16 107808 ----a-w- c:\windows\system32\dns-sd.exe
2009-04-04 06:25:36 665600 ----a-w- c:\windows\inf\drvindex.dat
2009-04-04 06:22:19 174 --sha-w- c:\program files\desktop.ini
2006-11-02 12:42:02 30674 ----a-w- c:\windows\inf\perflib\0409\perfd.dat
2006-11-02 12:42:02 30674 ----a-w- c:\windows\inf\perflib\0409\perfc.dat
2006-11-02 12:42:02 287440 ----a-w- c:\windows\inf\perflib\0409\perfi.dat
2006-11-02 12:42:02 287440 ----a-w- c:\windows\inf\perflib\0409\perfh.dat
2006-11-02 09:20:21 287440 ----a-w- c:\windows\inf\perflib\0000\perfi.dat
2006-11-02 09:20:21 287440 ----a-w- c:\windows\inf\perflib\0000\perfh.dat
2006-11-02 09:20:19 30674 ----a-w- c:\windows\inf\perflib\0000\perfd.dat
2006-11-02 09:20:19 30674 ----a-w- c:\windows\inf\perflib\0000\perfc.dat
2007-12-12 23:23:41 76 --sha-r- c:\windows\CT4CET.bin
2009-04-25 13:56:20 16384 --sha-w- c:\windows\serviceprofiles\localservice\appdata\local\microsoft\windows\history\history.ie5\index.dat
2009-04-25 13:56:20 32768 --sha-w- c:\windows\serviceprofiles\localservice\appdata\local\microsoft\windows\temporary internet files\content.ie5\index.dat
2009-04-25 13:56:20 16384 --sha-w- c:\windows\serviceprofiles\localservice\appdata\roaming\microsoft\windows\cookies\index.dat
2007-02-21 19:49:52 8192 --sha-w- c:\windows\users\default\NTUSER.DAT

============= FINISH: 20:51:29.82 ===============

Attached Files



BC AdBot (Login to Remove)

 


#2 aommaster

aommaster

    I !<3 malware


  • Malware Response Team
  • 5,289 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Dubai
  • Local time:02:58 PM

Posted 27 July 2010 - 02:46 AM

Hello, PopcornSuicide.
My name is aommaster and I will be helping you with your log.

I apologize for the delay in response we get overwhelmed at times but we are trying our best to keep up.
If you have since resolved the original problem you were having, I would appreciate you letting us know. If not please perform the following below so I can have a look at the current condition of your machine.

Thanks

Should you still require assistance, please take note of the points below:
  • Please track this topic by either adding it to your favourites or clicking the Options button at the top of this thread and then Track this topic.
  • Please disable word-wrap before posting logs. This can be done by clicking Format and un-ticking the word-wrap feature in notepad.
  • The logs that you post should be copied and pasted directly into the reply. Only attach them if requested or if they do not fit into the post.
  • If you do not reply within 5 days, I will have to close your topic. Should you not be able to meet this, please notify me so that I will leave the topic open.
  • Please do not install, update, or run any programs for the duration of the fix.
  • If you do not understand the instructions I provide, please don't hesitate to ask. That's what I'm here for smile.gif
  • Please continue to reply to this topic until I give you the all clean. Just because there are no symptoms of infection doesn't mean that the computer is clean.
  • If you are running Vista, please run all the fixes as an administrator. This is done by right-clicking the program and clicking "Run as Administrator".

Please do the following so I can take a look at the current state of your system.
We need to run Defogger
  1. Please download DeFogger to your desktop.
  2. Double click DeFogger to run the tool.
  3. The application window will appear
  4. Click the Disable button to disable your CD Emulation drivers
  5. Click Yes to continue
  6. A 'Finished!' message will appear
  7. Click OK
  8. DeFogger will now ask to reboot the machine - click OK
Note: If you receive an error message while running DeFogger, please post the log defogger_disable which will appear on your desktop.
Do not re-enable these drivers until the end of the fix.

We need to run RSIT
  1. Download random's system information tool (RSIT) by random/random and save it to your desktop.
  2. Double click on RSIT.exe.
  3. Click Continue at the disclaimer screen.
  4. Once it has finished, two logs will open. Please post the contents of both log.txt (<<will be maximized) and info.txt (<<will be minimized)

NEXT:
We need to run an Anti-Rootkit (ARK) scan
  1. Download GMER and save to your desktop. Note that the file will be randomly named to prevent active malware from stopping the download.
  2. Close all other open programs as there is a slight chance your computer will crash.
  3. Double click the GMER program. Your security programs may detect GMER's driver trying to load. Allow it.
  4. You may see a warning saying "GMER has detected rootkit activity". If so, select NO.
  5. Make sure all options are checked except:
    • IAT/EAT
    • Drives/Partition other than Systemdrive, which is typically C:\
    • Show All (This is important, so do not miss it.)
    Note: If GMER crashes or hangs, please retry running a scan. Only this time, in addition to the options mentioned above, uncheck Devices as well.
  6. When the scan is complete, click Save and save the log onto your desktop.

If GMER crashes, hangs or blue-screens, do the following
  1. Please Download Rootkit Unhooker Save it to your desktop.
  2. Now double-click on RKUnhookerLE.exe to run it.
  3. Click the Report tab, then click Scan.
  4. Check (Tick) Drivers, Stealth,. Uncheck the rest. then Click OK.
  5. Wait till the scanner has finished and then click File, Save Report.
  6. Save the report somewhere where you can find it. Click Close.
Copy the entire contents of the report and paste it in a reply here.
Note:You may get this warning. If so, please ignore it.
"Rootkit Unhooker has detected a parasite inside itself! It is recommended to remove parasite, okay?"


In your next reply, please include the following:
  • Log.txt
  • info.txt
  • gmer.log/RKUnhooker log

My website: http://aommaster.com
unite_blue.png
Please do not send me PM's requesting for help. The forums are there for a reason : )
If I am helping you and do not respond to your thread for 48 hours, please send me a PM


#3 PopcornSuicide

PopcornSuicide
  • Topic Starter

  • Members
  • 9 posts
  • OFFLINE
  •  
  • Local time:08:58 PM

Posted 27 July 2010 - 10:12 PM

Thanks for helping me with this, it really is appreciated. I had to run Rootkit Unhooker instead of GMER because it kept hanging. Here's my logs.

Logfile of random's system information tool 1.08 (written by random/random)
Run by kennett at 2010-07-28 12:17:25
Microsoft® Windows Vista™ Home Premium
System drive C: has 5 GB (5%) free of 111 GB
Total RAM: 2045 MB (48% free)

Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 12:23:48 PM, on 7/28/2010
Platform: Windows Vista (WinNT 6.00.1904)
MSIE: Internet Explorer v7.00 (7.00.6000.16830)
Boot mode: Normal

Running processes:
C:\Windows\system32\Dwm.exe
C:\Windows\system32\taskeng.exe
C:\Windows\Explorer.EXE
C:\Windows\System32\rundll32.exe
C:\Windows\System32\rundll32.exe
C:\Windows\OEM02Mon.exe
C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe
C:\Program Files\Common Files\Java\Java Update\jusched.exe
C:\Windows\sttray.exe
C:\Program Files\AVG\AVG9\avgtray.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Alwil Software\Avast5\AvastUI.exe
C:\Program Files\Dell\Dell Webcam Manager\DellWMgr.exe
C:\Windows\ehome\ehtray.exe
C:\Program Files\Windows Media Player\wmpnscfg.exe
C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe
C:\Windows\ehome\ehmsas.exe
C:\Program Files\SpywareGuard\sgmain.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\SpywareGuard\sgbhp.exe
C:\Program Files\WIDCOMM\Bluetooth Software\BtStackServer.exe
C:\Windows\system32\wuauclt.exe
C:\Users\kennett\Downloads\RSIT.exe
C:\Program Files\trend micro\kennett.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.ninemsn.com.au/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Internet Explorer provided by Dell
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O1 - Hosts: ::1 localhost
O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG9\avgssie.dll
O2 - BHO: SpywareGuard Download Protection - {4A368E80-174F-4872-96B5-0B27DDD11DB2} - C:\Program Files\SpywareGuard\dlprotect.dll
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - (no file)
O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\PROGRA~1\MICROS~2\Office12\GRA8E1~1.DLL
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Java™ Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O4 - HKLM\..\Run: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\Windows\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\Windows\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [NVHotkey] rundll32.exe C:\Windows\system32\nvHotkey.dll,Start
O4 - HKLM\..\Run: [OEM02Mon.exe] C:\Windows\OEM02Mon.exe
O4 - HKLM\..\Run: [GrooveMonitor] "C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Common Files\Java\Java Update\jusched.exe"
O4 - HKLM\..\Run: [SigmatelSysTrayApp] sttray.exe
O4 - HKLM\..\Run: [AVG9_TRAY] C:\PROGRA~1\AVG\AVG9\avgtray.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [avast5] C:\PROGRA~1\ALWILS~1\Avast5\avastUI.exe /nogui
O4 - HKCU\..\Run: [DELL Webcam Manager] "C:\Program Files\DELL\DELL Webcam Manager\DellWMgr.exe" /s
O4 - HKCU\..\Run: [EPSON T40W Series] C:\Windows\system32\spool\DRIVERS\W32X86\3\E_FATIELP.EXE /FU "C:\Windows\TEMP\E_SA9A9.tmp" /EF "HKCU"
O4 - HKCU\..\Run: [ehTray.exe] C:\Windows\ehome\ehTray.exe
O4 - HKCU\..\Run: [EA Core] "C:\Program Files\Electronic Arts\EADM\Core.exe" -silent
O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'NETWORK SERVICE')
O4 - Startup: SpywareGuard.lnk = C:\Program Files\SpywareGuard\sgmain.exe
O4 - Global Startup: Bluetooth.lnk = ?
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
O8 - Extra context menu item: Send image to &Bluetooth Device... - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm
O8 - Extra context menu item: Send page to &Bluetooth Device... - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
O9 - Extra button: @btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
O9 - Extra 'Tools' menuitem: @btrez.dll,-12650 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
O17 - HKLM\System\CCS\Services\Tcpip\..\{0108F17E-774A-449C-B12F-F44F3536A605}: NameServer = 192.168.1.1
O17 - HKLM\System\CCS\Services\Tcpip\..\{AC4A3680-3606-4625-9FDB-656F1EC0F5F5}: NameServer = 192.168.1.1
O17 - HKLM\System\CS1\Services\Tcpip\..\{0108F17E-774A-449C-B12F-F44F3536A605}: NameServer = 192.168.1.1
O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\PROGRA~1\MICROS~2\Office12\GR99D3~1.DLL
O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG9\avgpp.dll
O20 - AppInit_DLLs: avgrsstx.dll
O22 - SharedTaskScheduler: Component Categories cache daemon - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\Windows\system32\browseui.dll
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
O23 - Service: avast! Antivirus - AVAST Software - C:\Program Files\Alwil Software\Avast5\AvastSvc.exe
O23 - Service: avast! Mail Scanner - AVAST Software - C:\Program Files\Alwil Software\Avast5\AvastSvc.exe
O23 - Service: avast! Web Scanner - AVAST Software - C:\Program Files\Alwil Software\Avast5\AvastSvc.exe
O23 - Service: AVG WatchDog (avg9wd) - AVG Technologies CZ, s.r.o. - C:\Program Files\AVG\AVG9\avgwdsvc.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: FLEXnet Licensing Service - Acresso Software Inc. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: NMSAccessU - Unknown owner - C:\Program Files\BurnAware Professional\nmsaccessu.exe
O23 - Service: NVIDIA Display Driver Service (nvsvc) - NVIDIA Corporation - C:\Windows\system32\nvvsvc.exe
O23 - Service: SigmaTel Audio Service (STacSV) - SigmaTel, Inc. - C:\Windows\system32\STacSV.exe
O23 - Service: Steam Client Service - Valve Corporation - C:\Program Files\Common Files\Steam\SteamService.exe
O23 - Service: XAudioService - Conexant Systems, Inc. - C:\Windows\system32\DRIVERS\xaudio.exe

--
End of file - 8150 bytes

======Registry dump======

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{3CA2F312-6F6E-4B53-A66E-4E65E497C8C0}]
AVG Safe Search - C:\Program Files\AVG\AVG9\avgssie.dll [2010-03-06 1484056]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{4A368E80-174F-4872-96B5-0B27DDD11DB2}]
SpywareGuardDLBLOCK.CBrowserHelper - C:\Program Files\SpywareGuard\dlprotect.dll [2003-08-02 192512]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{5C255C8A-E604-49b4-9D64-90988571CECB}]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{72853161-30C5-4D22-B7F9-0BBC1D38A37E}]
Groove GFS Browser Helper - C:\PROGRA~1\MICROS~2\Office12\GRA8E1~1.DLL [2006-10-27 2210608]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{9030D464-4C02-4ABF-8ECC-5164760863C6}]
Windows Live Sign-in Helper - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2009-01-22 408448]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{DBC80044-A445-435b-BC74-9C25C1C588A9}]
Java™ Plug-In 2 SSV Helper - C:\Program Files\Java\jre6\bin\jp2ssv.dll [2010-06-29 41760]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
"Windows Defender"=C:\Program Files\Windows Defender\MSASCui.exe [2009-04-01 1006264]
"NvCplDaemon"=C:\Windows\system32\NvCpl.dll [2008-06-09 13543968]
"NvMediaCenter"=C:\Windows\system32\NvMcTray.dll [2008-06-09 92704]
"NVHotkey"=C:\Windows\system32\nvHotkey.dll [2008-06-09 96800]
"OEM02Mon.exe"=C:\Windows\OEM02Mon.exe [2007-02-02 36864]
"GrooveMonitor"=C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe [2006-10-27 31016]
"SunJavaUpdateSched"=C:\Program Files\Common Files\Java\Java Update\jusched.exe [2010-02-18 248040]
"SigmatelSysTrayApp"=C:\Windows\sttray.exe [2007-03-06 303104]
"AVG9_TRAY"=C:\PROGRA~1\AVG\AVG9\avgtray.exe [2010-03-06 2033432]
"QuickTime Task"=C:\Program Files\QuickTime\QTTask.exe [2010-03-17 421888]
"iTunesHelper"=C:\Program Files\iTunes\iTunesHelper.exe [2010-06-15 141624]
"avast5"=C:\PROGRA~1\ALWILS~1\Avast5\avastUI.exe [2010-06-29 2837864]

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
"DELL Webcam Manager"=C:\Program Files\DELL\DELL Webcam Manager\DellWMgr.exe [2007-07-27 118784]
"EPSON T40W Series"=C:\Windows\system32\spool\DRIVERS\W32X86\3\E_FATIELP.EXE [2008-03-13 188928]
"ehTray.exe"=C:\Windows\ehome\ehTray.exe [2006-11-02 125440]
"EA Core"=C:\Program Files\Electronic Arts\EADM\Core.exe -silent []
"WMPNSCFG"=C:\Program Files\Windows Media Player\WMPNSCFG.exe [2006-11-02 201728]

C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup
Bluetooth.lnk - C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe

C:\Users\kennett\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup
SpywareGuard.lnk - C:\Program Files\SpywareGuard\sgmain.exe

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
"AppInit_DLLs"="avgrsstx.dll"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks]
"{B5A7F190-DDA6-4420-B3BA-52453494E6CD}"=C:\PROGRA~1\MICROS~2\Office12\GRA8E1~1.DLL [2006-10-27 2210608]
"{81559C35-8464-49F7-BB0E-07A383BEF910}"=C:\Program Files\SpywareGuard\spywareguard.dll [2003-08-02 126976]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"dontdisplaylastusername"=0
"legalnoticecaption"=
"legalnoticetext"=
"shutdownwithoutlogon"=1
"undockwithoutlogon"=1

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]

======List of files/folders created in the last 3 months======

2010-07-28 12:17:25 ----D---- C:\rsit
2010-07-20 20:31:58 ----D---- C:\Windows\ERDNT
2010-07-20 20:29:11 ----SD---- C:\ComboFix
2010-07-20 20:24:58 ----D---- C:\32788R22FWJFW
2010-07-20 20:06:16 ----D---- C:\Users\kennett\AppData\Roaming\Malwarebytes
2010-07-20 20:06:07 ----A---- C:\Windows\system32\drivers\mbamswissarmy.sys
2010-07-20 20:06:06 ----D---- C:\ProgramData\Malwarebytes
2010-07-20 20:06:06 ----D---- C:\Program Files\Malwarebytes' Anti-Malware
2010-07-20 20:06:06 ----A---- C:\Windows\system32\drivers\mbam.sys
2010-07-20 19:56:35 ----D---- C:\Program Files\Trend Micro
2010-07-20 19:51:38 ----RASH---- C:\MSDOS.SYS
2010-07-20 19:51:38 ----RASH---- C:\IO.SYS
2010-07-20 18:36:53 ----A---- C:\Windows\unvise32.exe
2010-07-19 23:18:19 ----A---- C:\Windows\system32\drivers\aswSP.sys
2010-07-19 23:18:19 ----A---- C:\Windows\system32\drivers\aswFsBlk.sys
2010-07-19 23:18:17 ----A---- C:\Windows\system32\drivers\aswRdr.sys
2010-07-19 23:18:15 ----A---- C:\Windows\system32\drivers\aswTdi.sys
2010-07-19 23:18:12 ----A---- C:\Windows\system32\drivers\aswMonFlt.sys
2010-07-19 23:13:44 ----A---- C:\Windows\system32\aswBoot.exe
2010-07-19 23:13:14 ----D---- C:\ProgramData\Alwil Software
2010-07-19 23:13:14 ----D---- C:\Program Files\Alwil Software
2010-07-19 22:59:17 ----D---- C:\Program Files\SpywareGuard
2010-07-19 22:55:43 ----A---- C:\Windows\system32\javaws.exe
2010-07-19 22:55:43 ----A---- C:\Windows\system32\deployJava1.dll
2010-07-19 22:55:42 ----A---- C:\Windows\system32\javaw.exe
2010-07-19 22:55:42 ----A---- C:\Windows\system32\java.exe
2010-07-19 21:17:42 ----D---- C:\ProgramData\Kaspersky Lab
2010-07-19 21:17:42 ----D---- C:\Program Files\Kaspersky Lab
2010-07-19 20:42:29 ----D---- C:\Program Files\Common Files\PC Tools
2010-07-19 16:12:19 ----D---- C:\Users\kennett\AppData\Roaming\CleanMyPC Software
2010-07-19 16:11:17 ----D---- C:\Program Files\CleanMyPC
2010-07-16 22:31:38 ----D---- C:\Program Files\Parallel Port Joystick
2010-07-16 21:25:54 ----D---- C:\ProgramData\FrontLine Registry Cleaner
2010-07-16 21:22:49 ----D---- C:\$RECYCLE(0).BIN
2010-07-16 21:22:44 ----D---- C:\Windows\temp
2010-07-16 21:22:43 ----A---- C:\ComboFix.txt
2010-07-16 20:49:54 ----D---- C:\Qoobox
2010-05-18 16:35:16 ----A---- C:\Windows\system32\dns-sd.exe
2010-05-18 16:35:16 ----A---- C:\Windows\system32\dnssd.dll
2010-05-04 20:56:21 ----D---- C:\Program Files\Guitar Pro 5
2010-05-04 18:23:44 ----D---- C:\Program Files\Common Files\Akamai
2010-05-03 20:04:15 ----D---- C:\Users\kennett\AppData\Roaming\Guitar Pro 6
2010-05-03 20:04:15 ----D---- C:\ProgramData\Guitar Pro 6
2010-05-03 20:02:09 ----D---- C:\Program Files\Guitar Pro 6
2010-04-29 17:26:57 ----A---- C:\Windows\system32\GEARAspi.dll
2010-04-29 17:26:57 ----A---- C:\Windows\system32\drivers\GEARAspiWDM.sys
2010-04-29 17:25:47 ----D---- C:\ProgramData\{429CAD59-35B1-4DBC-BB6D-1DB246563521}
2010-04-29 17:25:47 ----D---- C:\Program Files\iTunes

======List of files/folders modified in the last 3 months======

2010-07-28 12:19:55 ----D---- C:\Windows\Prefetch
2010-07-28 12:15:46 ----D---- C:\Windows\system32\drivers\Avg
2010-07-27 21:52:43 ----D---- C:\Users\kennett\AppData\Roaming\uTorrent
2010-07-25 12:20:43 ----SHD---- C:\System Volume Information
2010-07-20 21:51:05 ----D---- C:\Windows\system32\catroot2
2010-07-20 20:48:46 ----D---- C:\Program Files\Mozilla Firefox
2010-07-20 20:32:28 ----D---- C:\Windows
2010-07-20 20:16:04 ----SD---- C:\Windows\Downloaded Program Files
2010-07-20 20:06:07 ----D---- C:\Windows\system32\drivers
2010-07-20 20:06:06 ----RD---- C:\Program Files
2010-07-20 20:06:06 ----HD---- C:\ProgramData
2010-07-20 18:36:14 ----D---- C:\Windows\inf
2010-07-20 18:33:43 ----D---- C:\Windows\system32\Tasks
2010-07-20 18:32:54 ----D---- C:\Windows\System32
2010-07-19 23:15:05 ----SHD---- C:\Windows\Installer
2010-07-19 23:15:04 ----D---- C:\Windows\winsxs
2010-07-19 23:00:48 ----AD---- C:\ProgramData\TEMP
2010-07-19 22:58:45 ----D---- C:\Program Files\SpywareBlaster
2010-07-19 22:55:38 ----D---- C:\Program Files\Java
2010-07-19 22:46:33 ----D---- C:\Windows\system32\wbem
2010-07-19 22:45:43 ----D---- C:\Windows\system32\config
2010-07-19 22:45:18 ----D---- C:\Windows\Tasks
2010-07-19 22:45:18 ----D---- C:\Windows\system32\spool
2010-07-19 22:45:18 ----D---- C:\Windows\system32\en-US
2010-07-19 22:45:18 ----D---- C:\Windows\AppPatch
2010-07-19 22:45:17 ----D---- C:\Windows\system32\drivers\etc
2010-07-19 22:45:17 ----D---- C:\Windows\system32\CodeIntegrity
2010-07-19 22:45:06 ----SHD---- C:\$Recycle.Bin
2010-07-19 22:45:02 ----D---- C:\Windows\registration
2010-07-19 21:20:14 ----D---- C:\Windows\system32\catroot
2010-07-19 20:49:26 ----D---- C:\Program Files\Spyware Doctor
2010-07-19 20:42:29 ----D---- C:\Program Files\Common Files
2010-07-19 20:38:32 ----RD---- C:\Users
2010-07-12 18:19:17 ----D---- C:\Program Files\Steam
2010-07-05 19:53:07 ----D---- C:\Program Files\iPod
2010-07-05 19:46:04 ----D---- C:\Program Files\Bonjour
2010-07-05 19:20:56 ----D---- C:\Program Files\Common Files\Steam
2010-07-03 18:42:21 ----A---- C:\Users\kennett\AppData\Roaming\burnaware.ini
2010-07-03 18:41:56 ----D---- C:\Users\kennett\AppData\Roaming\Vso
2010-06-20 22:49:47 ----A---- C:\Windows\system32\PerfStringBackup.INI
2010-06-14 10:58:46 ----D---- C:\Users\kennett\AppData\Roaming\Adobe
2010-06-14 10:58:14 ----D---- C:\ProgramData\Electronic Arts
2010-06-02 11:09:30 ----D---- C:\Windows\Minidump
2010-05-11 14:40:50 ----D---- C:\Program Files\Autodesk
2010-05-11 14:39:30 ----D---- C:\ProgramData\Autodesk
2010-05-04 20:56:22 ----RSD---- C:\Windows\Fonts
2010-04-29 17:26:54 ----DC---- C:\Windows\system32\DRVSTORE
2010-04-29 17:24:16 ----D---- C:\Program Files\QuickTime
2010-04-29 17:21:01 ----D---- C:\Program Files\Apple Software Update

======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R0 AvgRkx86;avgrkx86.sys; C:\Windows\System32\Drivers\avgrkx86.sys [2010-03-06 161800]
R1 aswRdr;aswRdr; C:\Windows\system32\drivers\aswRdr.sys [2010-06-29 23376]
R1 aswSP;aswSP; C:\Windows\system32\drivers\aswSP.sys [2010-06-29 165456]
R1 aswTdi;avast! Network Shield Support; C:\Windows\system32\drivers\aswTdi.sys [2010-06-29 46672]
R1 AvgLdx86;AVG AVI Loader Driver x86; C:\Windows\System32\Drivers\avgldx86.sys [2010-03-06 333192]
R1 AvgMfx86;AVG On-access Scanner Minifilter Driver x86; C:\Windows\System32\Drivers\avgmfx86.sys [2010-03-06 28424]
R1 AvgTdiX;AVG Network Redirector; C:\Windows\System32\Drivers\avgtdix.sys [2010-03-06 360584]
R2 aswFsBlk;aswFsBlk; C:\Windows\system32\drivers\aswFsBlk.sys [2010-06-29 17744]
R2 aswMonFlt;aswMonFlt; \??\C:\Windows\system32\drivers\aswMonFlt.sys [2010-06-29 50256]
R2 mdmxsdk;mdmxsdk; C:\Windows\system32\DRIVERS\mdmxsdk.sys [2006-06-20 12672]
R2 rimmptsk;rimmptsk; C:\Windows\system32\DRIVERS\rimmptsk.sys [2006-11-27 32256]
R2 rimsptsk;rimsptsk; C:\Windows\system32\DRIVERS\rimsptsk.sys [2006-11-27 43520]
R2 rismxdp;Ricoh xD-Picture Card Driver; C:\Windows\system32\DRIVERS\rixdptsk.sys [2006-11-27 37376]
R2 XAudio;XAudio; C:\Windows\system32\DRIVERS\xaudio.sys [2006-08-05 8192]
R3 bcm4sbxp;Broadcom 440x 10/100 Integrated Controller XP Driver; C:\Windows\system32\DRIVERS\bcm4sbxp.sys [2006-11-21 45568]
R3 BthEnum;Bluetooth Enumerator Service; C:\Windows\system32\DRIVERS\BthEnum.sys [2009-04-01 19456]
R3 BthPan;Bluetooth Device (Personal Area Network); C:\Windows\system32\DRIVERS\bthpan.sys [2006-11-02 92160]
R3 BTHUSB;Bluetooth Radio USB Driver; C:\Windows\System32\Drivers\BTHUSB.sys [2009-04-01 29184]
R3 btwaudio;Bluetooth Audio Device Service; C:\Windows\system32\drivers\btwaudio.sys [2006-11-07 78128]
R3 btwavdt;Bluetooth AVDT; C:\Windows\system32\drivers\btwavdt.sys [2006-11-07 80176]
R3 btwrchid;btwrchid; C:\Windows\system32\DRIVERS\btwrchid.sys [2006-11-07 16560]
R3 GEARAspiWDM;GEAR ASPI Filter Driver; C:\Windows\system32\DRIVERS\GEARAspiWDM.sys [2009-05-18 26600]
R3 HSF_DPV;HSF_DPV; C:\Windows\system32\DRIVERS\HSX_DPV.sys [2006-11-03 986624]
R3 HssDrv;Hotspot Shield Helper Miniport; C:\Windows\system32\DRIVERS\HssDrv.sys [2009-07-02 33840]
R3 HSXHWAZL;HSXHWAZL; C:\Windows\system32\DRIVERS\HSXHWAZL.sys [2006-11-03 206848]
R3 NETw3v32;Intel® PRO/Wireless 3945ABG Adapter Driver for Windows Vista 32 Bit; C:\Windows\system32\DRIVERS\NETw3v32.sys [2006-11-02 1781760]
R3 nvlddmkm;nvlddmkm; C:\Windows\system32\DRIVERS\nvlddmkm.sys [2008-06-09 7522624]
R3 OEM02Dev;Creative Camera OEM002 Driver; C:\Windows\system32\DRIVERS\OEM02Dev.sys [2007-08-29 235520]
R3 OEM02Vfx;Creative Camera OEM002 Video VFX Driver; C:\Windows\system32\DRIVERS\OEM02Vfx.sys [2007-08-29 7424]
R3 PPJoyBus;Parallel Port Joystick Bus device driver; C:\Windows\system32\drivers\PPJoyBus.sys [2003-08-10 11330]
R3 PPortJoystick;Parallel Port Joystick device driver; C:\Windows\system32\drivers\PPortJoy.sys [2003-08-10 21922]
R3 RFCOMM;Bluetooth Device (RFCOMM Protocol TDI); C:\Windows\system32\DRIVERS\rfcomm.sys [2006-11-02 49664]
R3 sdbus;sdbus; C:\Windows\system32\DRIVERS\sdbus.sys [2009-04-01 82432]
R3 STHDA;SigmaTel High Definition Audio CODEC; C:\Windows\system32\drivers\stwrt.sys [2007-03-06 323584]
R3 winachsf;winachsf; C:\Windows\system32\DRIVERS\HSX_CNXT.sys [2006-11-03 659968]
S3 BTHPORT;Bluetooth Port Driver; C:\Windows\System32\Drivers\BTHport.sys [2009-04-01 220160]
S3 DFUBTUSB;WIDCOMM USB Bluetooth Driver in DFU State; C:\Windows\System32\Drivers\frmupgr.sys []
S3 drmkaud;Microsoft Kernel DRM Audio Descrambler; C:\Windows\system32\drivers\drmkaud.sys [2006-11-02 5632]
S3 HdAudAddService;Microsoft 1.1 UAA Function Driver for High Definition Audio Service; C:\Windows\system32\drivers\HdAudio.sys [2006-11-02 235520]
S3 HSFHWAZL;HSFHWAZL; C:\Windows\system32\DRIVERS\VSTAZL3.SYS [2006-11-02 200704]
S3 MSKSSRV;Microsoft Streaming Service Proxy; C:\Windows\system32\drivers\MSKSSRV.sys [2006-11-02 8192]
S3 MSPCLOCK;Microsoft Streaming Clock Proxy; C:\Windows\system32\drivers\MSPCLOCK.sys [2006-11-02 5888]
S3 MSPQM;Microsoft Streaming Quality Manager Proxy; C:\Windows\system32\drivers\MSPQM.sys [2006-11-02 5504]
S3 MSTEE;Microsoft Streaming Tee/Sink-to-Sink Converter; C:\Windows\system32\drivers\MSTEE.sys [2006-11-02 6016]
S3 Pcouffin;Low level access layer for CD devices; C:\Windows\System32\Drivers\Pcouffin.sys []
S3 tap0901;TAP-Win32 Adapter V9; C:\Windows\system32\DRIVERS\tap0901.sys [2009-07-23 28592]
S3 tapvpn;TAP VPN Adapter; C:\Windows\system32\DRIVERS\tapvpn.sys [2008-01-24 27136]
S3 UMPass;Microsoft UMPass Driver; C:\Windows\system32\DRIVERS\umpass.sys [2006-11-02 7168]
S3 USBAAPL;Apple Mobile USB Driver; C:\Windows\System32\Drivers\usbaapl.sys [2010-04-19 41984]
S3 usbvideo;USB Video Device (WDM); C:\Windows\System32\Drivers\usbvideo.sys [2006-11-02 132352]
S3 WpdUsb;WpdUsb; C:\Windows\system32\DRIVERS\wpdusb.sys [2006-11-02 39936]
S3 WUDFRd;WUDFRd; C:\Windows\system32\DRIVERS\WUDFRd.sys [2006-11-02 82560]
S4 sptd;sptd; C:\Windows\System32\Drivers\sptd.sys [2009-05-09 721904]

======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R2 Akamai;Akamai NetSession Interface; C:\Windows\System32\svchost.exe [2006-11-02 22016]
R2 Apple Mobile Device;Apple Mobile Device; C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe [2010-06-10 144176]
R2 avast! Antivirus;avast! Antivirus; C:\Program Files\Alwil Software\Avast5\AvastSvc.exe [2010-06-29 40384]
R2 avg9wd;AVG WatchDog; C:\Program Files\AVG\AVG9\avgwdsvc.exe [2010-03-06 285392]
R2 Bonjour Service;Bonjour Service; C:\Program Files\Bonjour\mDNSResponder.exe [2010-05-18 345376]
R2 BthServ;@%SystemRoot%\System32\bthserv.dll,-101; C:\Windows\system32\svchost.exe [2006-11-02 22016]
R2 NMSAccessU;NMSAccessU; C:\Program Files\BurnAware Professional\nmsaccessu.exe [2008-05-03 71096]
R2 nvsvc;NVIDIA Display Driver Service; C:\Windows\system32\nvvsvc.exe [2008-06-09 196608]
R2 STacSV;SigmaTel Audio Service; C:\Windows\system32\STacSV.exe [2007-03-06 90112]
R2 XAudioService;XAudioService; C:\Windows\system32\DRIVERS\xaudio.exe [2006-08-04 386560]
R3 avast! Mail Scanner;avast! Mail Scanner; C:\Program Files\Alwil Software\Avast5\AvastSvc.exe [2010-06-29 40384]
R3 avast! Web Scanner;avast! Web Scanner; C:\Program Files\Alwil Software\Avast5\AvastSvc.exe [2010-06-29 40384]
R3 iPod Service;iPod Service; C:\Program Files\iPod\bin\iPodService.exe [2010-06-15 540472]
S3 FLEXnet Licensing Service;FLEXnet Licensing Service; C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe [2009-07-09 655624]
S3 Microsoft Office Groove Audit Service;Microsoft Office Groove Audit Service; C:\Program Files\Microsoft Office\Office12\GrooveAuditService.exe [2006-10-27 65824]
S3 odserv;Microsoft Office Diagnostics Service; C:\Program Files\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE [2006-10-26 441136]
S3 ose;Office Source Engine; C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE [2006-10-26 145184]
S3 Steam Client Service;Steam Client Service; C:\Program Files\Common Files\Steam\SteamService.exe [2010-07-03 395048]

-----------------EOF-----------------

info.txt logfile of random's system information tool 1.08 2010-07-28 12:23:50

======Uninstall list======

#1 DVD Ripper 8.1.1-->C:\Program Files\No1 DVD Ripper\uninst.exe
-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{88564CEF-20A5-4EF2-A05F-309F2EBA9B06}\setup.exe" -l0x9
-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{A1A5BA3E-9ABF-4037-820B-6151022B8ACB}\setup.exe" -l0x9
-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{A82F10CB-18B5-4EAC-AEF2-FA49CD565626}\setup.exe" -l0x9
-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{D5BA7C09-E523-478C-9C37-A1D86C76383E}\setup.exe" -l0x9
-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{F6366726-BA44-4D6A-8ECE-476E2E616AD1}\setup.exe" -l0x9
Adobe CMaps CS4-->MsiExec.exe /I{94D398EB-D2FD-4FD1-B8C4-592635E8A191}
Adobe Color EU Extra Settings CS4-->MsiExec.exe /I{5570C7F0-43D0-4916-8A9E-AEDD52FA86F4}
Adobe Color JA Extra Settings CS4-->MsiExec.exe /I{0D6013AB-A0C7-41DC-973C-E93129C9A29F}
Adobe Color NA Recommended Settings CS4-->MsiExec.exe /I{00ADFB20-AE75-46F4-AD2C-F48B15AC3100}
Adobe Flash Player 10 ActiveX-->C:\Windows\system32\Macromed\Flash\uninstall_activeX.exe
Adobe Flash Player 10 Plugin-->C:\Windows\system32\Macromed\Flash\uninstall_plugin.exe
Adobe PDF Library Files CS4-->MsiExec.exe /I{F93C84A6-0DC6-42AF-89FA-776F7C377353}
Adobe Type Support CS4-->MsiExec.exe /I{820D3F45-F6EE-4AAF-81EF-CE21FF21D230}
AdobeColorCommonSetCMYK-->MsiExec.exe /I{E5FCED12-3E77-4C0E-A305-5AEB38A52A70}
Advanced Audio FX Engine-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{88564CEF-20A5-4EF2-A05F-309F2EBA9B06}\setup.exe" -l0x9 /remove
Advanced Video FX Engine-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{D5BA7C09-E523-478C-9C37-A1D86C76383E}\setup.exe" -l0x9 /remove
Akamai NetSession Interface-->C:\Program Files\Common Files\Akamai\uninstall.exe
Apple Application Support-->MsiExec.exe /I{B2D328BE-45AD-4D92-96F9-2151490A203E}
Apple Mobile Device Support-->MsiExec.exe /I{85991ED2-010C-4930-96FA-52F43C2CE98A}
Apple Software Update-->MsiExec.exe /I{C41300B9-185D-475E-BFEC-39EF732F19B1}
avast! Free Antivirus-->C:\Program Files\Alwil Software\Avast5\aswRunDll.exe "C:\Program Files\Alwil Software\Avast5\Setup\setiface.dll" RunSetup
AVG 9.0-->C:\Program Files\AVG\AVG9\setup.exe /UNINSTALL
Bonjour-->MsiExec.exe /X{0CB9668D-F979-4F31-B8B8-67FE90F929F8}
Broadcom 440x 10/100 Integrated Controller-->MsiExec.exe /X{612B9183-67A9-4B44-9877-2F059E35B86A}
BurnAware Professional 2.1.7-->"C:\Program Files\BurnAware Professional\unins000.exe"
Call of Duty® - World at War™ 1.1 Patch-->C:\Program Files\InstallShield Installation Information\{AFAE2B15-89A0-4215-A030-F7B5B478886B}\setup.exe -runfromtemp -l0x0409
Call of Duty® - World at War™ 1.2 Patch-->C:\Program Files\InstallShield Installation Information\{2BF0AE92-C3BC-4112-9066-1546342B1FAE}\setup.exe -runfromtemp -l0x0409
Call of Duty® - World at War™ 1.3 Patch-->C:\Program Files\InstallShield Installation Information\{149464D9-B06F-4505-9968-FD1206F67AD3}\setup.exe -runfromtemp -l0x0409
Call of Duty® - World at War™ 1.4 Patch-->C:\Program Files\InstallShield Installation Information\{9F01A67B-7D67-482F-9D4F-D5980A440FD4}\setup.exe -runfromtemp -l0x0409
Conexant HDA D330 MDC V.92 Modem-->C:\Program Files\CONEXANT\CNXT_MODEM_HDAUDIO_VEN_14F1&DEV_2C06&SUBSYS_14F1000F\HXFSETUP.EXE -U -Idel000fz.inf
ConvertXtoDVD 4.0.3.313-->"C:\Program Files\VSO\ConvertX\4\unins000.exe"
DAEMON Tools Toolbar-->C:\Program Files\DAEMON Tools Toolbar\uninst.exe
Dell Resource CD-->MsiExec.exe /X{42929F0F-CE14-47AF-9FC7-FF297A603021}
DELL Webcam Center-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{A1A5BA3E-9ABF-4037-820B-6151022B8ACB}\setup.exe" -l0x9 /remove
DELL Webcam Manager-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{F6366726-BA44-4D6A-8ECE-476E2E616AD1}\setup.exe" -l0x9 /remove
DivX Codec-->C:\Program Files\DivX\DivXCodecUninstall.exe /CODEC
DivX Web Player-->C:\Program Files\DivX\DivXWebPlayerUninstall.exe /PLUGIN
EPSON Stylus Office B40W_T40W Manual-->C:\Program Files\EPSON\TPMANUAL\ESOB40W_T40W\ENG\USE_G\DOCUNINS.EXE
EPSON T40W Series Printer Uninstall-->C:\Windows\system32\spool\DRIVERS\W32X86\3\E_FINSELP.EXE /R /APD /P:"EPSON T40W Series"
GCFScape 1.7.3-->"C:\Program Files\GCFScape\unins000.exe"
Guitar Pro 5.2-->"C:\Program Files\Guitar Pro 5\unins000.exe"
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB953595)-->C:\Windows\system32\msiexec.exe /package {CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9} /uninstall /qb+ REBOOTPROMPT=""
iTunes-->MsiExec.exe /I{7AB3A249-FB81-416B-917A-A2A10E74C503}
Java™ 6 Update 20-->MsiExec.exe /X{26A24AE4-039D-4CA4-87B4-2F83216013FF}
Killing Floor-->"C:\Program Files\Steam\steam.exe" steam://uninstall/1250
Laptop Integrated Webcam Driver (1.00.10.0320) -->C:\Windows\CtDrvIns.exe -uninstall -script OEM002.uns -plugin OEM02Pin.dll -pluginres OEM02Pin.crl -nodisconprompt
LG USB Modem driver-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\10\00\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{C3ABE126-2BB2-4246-BFE1-6797679B3579}\setup.exe" -l0x9 LG -removeonly
Live! Cam Avatar v1.0-->C:\Program Files\InstallShield Installation Information\{1D5E29AD-39A9-4D0A-A8B6-46A6FCD8C995}\setup.exe -runfromtemp -l0x0009 -removeonly /remove
Malwarebytes' Anti-Malware-->"C:\Program Files\Malwarebytes' Anti-Malware\unins000.exe"
Microsoft .NET Framework 3.5 SP1-->C:\Windows\Microsoft.NET\Framework\v3.5\Microsoft .NET Framework 3.5 SP1\setup.exe
Microsoft .NET Framework 3.5 SP1-->MsiExec.exe /I{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}
Microsoft Choice Guard-->MsiExec.exe /X{F0E12BBA-AD66-4022-A453-A1C8A0C4D570}
Microsoft Office Access MUI (English) 2007-->MsiExec.exe /X{90120000-0015-0409-0000-0000000FF1CE}
Microsoft Office Access Setup Metadata MUI (English) 2007-->MsiExec.exe /X{90120000-0117-0409-0000-0000000FF1CE}
Microsoft Office Enterprise 2007-->"C:\Program Files\Common Files\Microsoft Shared\OFFICE12\Office Setup Controller\setup.exe" /uninstall ENTERPRISE /dll OSETUP.DLL
Microsoft Office Enterprise 2007-->MsiExec.exe /X{90120000-0030-0000-0000-0000000FF1CE}
Microsoft Office Excel MUI (English) 2007-->MsiExec.exe /X{90120000-0016-0409-0000-0000000FF1CE}
Microsoft Office Groove MUI (English) 2007-->MsiExec.exe /X{90120000-00BA-0409-0000-0000000FF1CE}
Microsoft Office Groove Setup Metadata MUI (English) 2007-->MsiExec.exe /X{90120000-0114-0409-0000-0000000FF1CE}
Microsoft Office InfoPath MUI (English) 2007-->MsiExec.exe /X{90120000-0044-0409-0000-0000000FF1CE}
Microsoft Office OneNote MUI (English) 2007-->MsiExec.exe /X{90120000-00A1-0409-0000-0000000FF1CE}
Microsoft Office Outlook MUI (English) 2007-->MsiExec.exe /X{90120000-001A-0409-0000-0000000FF1CE}
Microsoft Office PowerPoint MUI (English) 2007-->MsiExec.exe /X{90120000-0018-0409-0000-0000000FF1CE}
Microsoft Office Proof (English) 2007-->MsiExec.exe /X{90120000-001F-0409-0000-0000000FF1CE}
Microsoft Office Proof (French) 2007-->MsiExec.exe /X{90120000-001F-040C-0000-0000000FF1CE}
Microsoft Office Proof (Spanish) 2007-->MsiExec.exe /X{90120000-001F-0C0A-0000-0000000FF1CE}
Microsoft Office Proofing (English) 2007-->MsiExec.exe /X{90120000-002C-0409-0000-0000000FF1CE}
Microsoft Office Publisher MUI (English) 2007-->MsiExec.exe /X{90120000-0019-0409-0000-0000000FF1CE}
Microsoft Office Shared MUI (English) 2007-->MsiExec.exe /X{90120000-006E-0409-0000-0000000FF1CE}
Microsoft Office Shared Setup Metadata MUI (English) 2007-->MsiExec.exe /X{90120000-0115-0409-0000-0000000FF1CE}
Microsoft Office Word MUI (English) 2007-->MsiExec.exe /X{90120000-001B-0409-0000-0000000FF1CE}
Microsoft Visual C++ 2005 Redistributable-->MsiExec.exe /X{837b34e3-7c30-493c-8f6a-2b0f04e2912c}
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30411-->MsiExec.exe /X{5DA8F6CD-C70E-39D8-8430-3D9808D6BD17}
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17-->MsiExec.exe /X{9A25302D-30C0-39D9-BD6F-21E6EC160475}
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148-->MsiExec.exe /X{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}
Microsoft WSE 3.0 Runtime-->MsiExec.exe /X{E3E71D07-CD27-46CB-8448-16D4FB29AA13}
Mozilla Firefox (3.0.19)-->C:\Program Files\Mozilla Firefox\uninstall\helper.exe
MSVCRT-->MsiExec.exe /I{22B775E7-6C42-4FC5-8E10-9A5E3257BD94}
NVIDIA Drivers-->C:\Windows\system32\NVUNINST.EXE UninstallGUI
Parallel Port Joystick-->C:\Windows\unvise32.exe C:\Program Files\Parallel Port Joystick\uninstal.log
PDF Settings CS4-->MsiExec.exe /I{35D94F92-1D3A-43C5-8605-EA268B1A7BD9}
QuickTime-->MsiExec.exe /I{28BE306E-5DA6-4F9C-BDB0-DBA3C8C6FFFD}
SigmaTel Audio-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\10\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{A462213D-EED4-42C2-9A60-7BDD4D4B0B17}\setup.exe" -l0x9 -remove -removeonly
SpywareBlaster 4.3-->"C:\Program Files\SpywareBlaster\unins000.exe"
SpywareGuard v2.2-->"C:\Program Files\SpywareGuard\unins000.exe"
Steam-->MsiExec.exe /X{048298C9-A4D3-490B-9FF9-AB023A9238F3}
System Requirements Lab-->C:\Program Files\SystemRequirementsLab\Uninstall.exe
The Sims™ 3-->"C:\Program Files\InstallShield Installation Information\{C05D8CDB-417D-4335-A38C-A0659EDFD6B8}\Sims3Setup.exe" -runfromtemp -l0x0009 -removeonly
Torchlight-->"C:\Program Files\Steam\steam.exe" steam://uninstall/41500
VC80CRTRedist - 8.0.50727.762-->MsiExec.exe /I{767CC44C-9BBC-438D-BAD3-FD4595DD148B}
WIDCOMM Bluetooth Software 6.0.1.3100-->MsiExec.exe /X{A13E07E1-A423-44FB-9DEE-B24C75C1BAF2}
Windows Live Call-->MsiExec.exe /I{F6BD194C-4190-4D73-B1B1-C48C99921BFE}
Windows Live Communications Platform-->MsiExec.exe /I{ED00D08A-3C5F-488D-93A0-A04F21F23956}
Windows Live Essentials-->C:\Program Files\Windows Live\Installer\wlarp.exe
Windows Live Essentials-->MsiExec.exe /I{81128EE8-8EAD-4DB0-85C6-17C2CE50FF71}
Windows Live Messenger-->MsiExec.exe /X{A85FD55B-891B-4314-97A5-EA96C0BD80B5}
Windows Live Sign-in Assistant-->MsiExec.exe /I{45338B07-A236-4270-9A77-EBB4115517B5}
Windows Live Upload Tool-->MsiExec.exe /I{205C6BDD-7B73-42DE-8505-9A093F35A238}
Windows Media Player Firefox Plugin-->MsiExec.exe /I{69FDFBB6-351D-4B8C-89D8-867DC9D0A2A4}
WinRAR archiver-->C:\Program Files\WinRAR\uninstall.exe

======Security center information======

AV: AVG Internet Security
AV: avast! Antivirus
AS: AVG Internet Security (disabled)
AS: Windows Defender (outdated)
AS: avast! Antivirus

======System event log======

Computer Name: PopcornSuicide
Event Code: 4226
Message: TCP/IP has reached the security limit imposed on the number of concurrent TCP connect attempts.
Record Number: 119306
Source Name: Tcpip
Time Written: 20100727104913.888997-000
Event Type: Warning
User:

Computer Name: PopcornSuicide
Event Code: 4226
Message: TCP/IP has reached the security limit imposed on the number of concurrent TCP connect attempts.
Record Number: 119309
Source Name: Tcpip
Time Written: 20100727114108.946997-000
Event Type: Warning
User:

Computer Name: PopcornSuicide
Event Code: 4001
Message: WLAN AutoConfig service has successfully stopped.

Record Number: 119333
Source Name: Microsoft-Windows-WLAN-AutoConfig
Time Written: 20100727125619.843000-000
Event Type: Warning
User: NT AUTHORITY\SYSTEM

Computer Name: PopcornSuicide
Event Code: 4
Message: Broadcom 440x 10/100 Integrated Controller: The network link is down. Check to make sure the network cable is properly connected.
Record Number: 119340
Source Name: bcm4sbxp
Time Written: 20100728020427.744484-000
Event Type: Warning
User:

Computer Name: PopcornSuicide
Event Code: 7000
Message: The Parallel port driver service failed to start due to the following error:
The service cannot be started, either because it is disabled or because it has no enabled devices associated with it.
Record Number: 119390
Source Name: Service Control Manager
Time Written: 20100728020614.000000-000
Event Type: Error
User:

=====Application event log=====

Computer Name: PopcornSuicide
Event Code: 11
Message: Failed extract of third-party root list from auto update cab at: <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab> with error: A required certificate is not within its validity period when verifying against the current system clock or the timestamp in the signed file.
.
Record Number: 23247
Source Name: Microsoft-Windows-CAPI2
Time Written: 20100725055600.000000-000
Event Type: Error
User:

Computer Name: PopcornSuicide
Event Code: 11
Message: Failed extract of third-party root list from auto update cab at: <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab> with error: A required certificate is not within its validity period when verifying against the current system clock or the timestamp in the signed file.
.
Record Number: 23310
Source Name: Microsoft-Windows-CAPI2
Time Written: 20100727082402.000000-000
Event Type: Error
User:

Computer Name: PopcornSuicide
Event Code: 11
Message: Failed extract of third-party root list from auto update cab at: <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab> with error: A required certificate is not within its validity period when verifying against the current system clock or the timestamp in the signed file.
.
Record Number: 23311
Source Name: Microsoft-Windows-CAPI2
Time Written: 20100727115152.000000-000
Event Type: Error
User:

Computer Name: PopcornSuicide
Event Code: 11
Message: Failed extract of third-party root list from auto update cab at: <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab> with error: A required certificate is not within its validity period when verifying against the current system clock or the timestamp in the signed file.
.
Record Number: 23312
Source Name: Microsoft-Windows-CAPI2
Time Written: 20100727125350.000000-000
Event Type: Error
User:

Computer Name: PopcornSuicide
Event Code: 11
Message: Failed extract of third-party root list from auto update cab at: <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab> with error: A required certificate is not within its validity period when verifying against the current system clock or the timestamp in the signed file.
.
Record Number: 23334
Source Name: Microsoft-Windows-CAPI2
Time Written: 20100728021514.000000-000
Event Type: Error
User:

=====Security event log=====

Computer Name: PopcornSuicide
Event Code: 5032
Message: Windows Firewall was unable to notify the user that it blocked an application from accepting incoming connections on the network.

Error Code: 2
Record Number: 47437
Source Name: Microsoft-Windows-Security-Auditing
Time Written: 20100728020535.218992-000
Event Type: Audit Failure
User:

Computer Name: PopcornSuicide
Event Code: 5032
Message: Windows Firewall was unable to notify the user that it blocked an application from accepting incoming connections on the network.

Error Code: 2
Record Number: 47438
Source Name: Microsoft-Windows-Security-Auditing
Time Written: 20100728020535.218992-000
Event Type: Audit Failure
User:

Computer Name: PopcornSuicide
Event Code: 4648
Message: A logon was attempted using explicit credentials.

Subject:
Security ID: S-1-5-18
Account Name: POPCORNSUICIDE$
Account Domain: WORKGROUP
Logon ID: 0x3e7
Logon GUID: {00000000-0000-0000-0000-000000000000}

Account Whose Credentials Were Used:
Account Name: SYSTEM
Account Domain: NT AUTHORITY
Logon GUID: {00000000-0000-0000-0000-000000000000}

Target Server:
Target Server Name: localhost
Additional Information: localhost

Process Information:
Process ID: 0x2b4
Process Name: C:\Windows\System32\services.exe

Network Information:
Network Address: -
Port: -

This event is generated when a process attempts to log on an account by explicitly specifying that account’s credentials. This most commonly occurs in batch-type configurations such as scheduled tasks, or when using the RUNAS command.
Record Number: 47439
Source Name: Microsoft-Windows-Security-Auditing
Time Written: 20100728021455.085892-000
Event Type: Audit Success
User:

Computer Name: PopcornSuicide
Event Code: 4624
Message: An account was successfully logged on.

Subject:
Security ID: S-1-5-18
Account Name: POPCORNSUICIDE$
Account Domain: WORKGROUP
Logon ID: 0x3e7

Logon Type: 5

New Logon:
Security ID: S-1-5-18
Account Name: SYSTEM
Account Domain: NT AUTHORITY
Logon ID: 0x3e7
Logon GUID: {00000000-0000-0000-0000-000000000000}

Process Information:
Process ID: 0x2b4
Process Name: C:\Windows\System32\services.exe

Network Information:
Workstation Name:
Source Network Address: -
Source Port: -

Detailed Authentication Information:
Logon Process: Advapi
Authentication Package: Negotiate
Transited Services: -
Package Name (NTLM only): -
Key Length: 0

This event is generated when a logon session is created. It is generated on the computer that was accessed.

The subject fields indicate the account on the local system which requested the logon. This is most commonly a service such as the Server service, or a local process such as Winlogon.exe or Services.exe.

The logon type field indicates the kind of logon that occurred. The most common types are 2 (interactive) and 3 (network).

The New Logon fields indicate the account for whom the new logon was created, i.e. the account that was logged on.

The network fields indicate where a remote logon request originated. Workstation name is not always available and may be left blank in some cases.

The authentication information fields provide detailed information about this specific logon request.
- Logon GUID is a unique identifier that can be used to correlate this event with a KDC event.
- Transited services indicate which intermediate services have participated in this logon request.
- Package name indicates which sub-protocol was used among the NTLM protocols.
- Key length indicates the length of the generated session key. This will be 0 if no session key was requested.
Record Number: 47440
Source Name: Microsoft-Windows-Security-Auditing
Time Written: 20100728021455.085892-000
Event Type: Audit Success
User:

Computer Name: PopcornSuicide
Event Code: 4672
Message: Special privileges assigned to new logon.

Subject:
Security ID: S-1-5-18
Account Name: SYSTEM
Account Domain: NT AUTHORITY
Logon ID: 0x3e7

Privileges: SeAssignPrimaryTokenPrivilege
SeTcbPrivilege
SeSecurityPrivilege
SeTakeOwnershipPrivilege
SeLoadDriverPrivilege
SeBackupPrivilege
SeRestorePrivilege
SeDebugPrivilege
SeAuditPrivilege
SeSystemEnvironmentPrivilege
SeImpersonatePrivilege
Record Number: 47441
Source Name: Microsoft-Windows-Security-Auditing
Time Written: 20100728021455.085892-000
Event Type: Audit Success
User:

======Environment variables======

"ComSpec"=%SystemRoot%\system32\cmd.exe
"FP_NO_HOST_CHECK"=NO
"OS"=Windows_NT
"Path"=%SystemRoot%\system32;%SystemRoot%;%SystemRoot%\System32\Wbem;C:\Program Files\Common Files\DivX Shared\;C:\Program Files\Common Files\Autodesk Shared\;C:\Program Files\QuickTime\QTSystem\
"PATHEXT"=.COM;.EXE;.BAT;.CMD;.VBS;.VBE;.JS;.JSE;.WSF;.WSH;.MSC
"PROCESSOR_ARCHITECTURE"=x86
"TEMP"=%SystemRoot%\TEMP
"TMP"=%SystemRoot%\TEMP
"USERNAME"=SYSTEM
"windir"=%SystemRoot%
"PROCESSOR_LEVEL"=6
"PROCESSOR_IDENTIFIER"=x86 Family 6 Model 15 Stepping 13, GenuineIntel
"PROCESSOR_REVISION"=0f0d
"NUMBER_OF_PROCESSORS"=2
"asl.log"=Destination=file;OnFirstLog=command,environment
"CLASSPATH"=.;C:\Program Files\Java\jre6\lib\ext\QTJava.zip
"QTJAVA"=C:\Program Files\Java\jre6\lib\ext\QTJava.zip

-----------------EOF-----------------

RkU Version: 3.8.388.590, Type LE (SR2)
==============================================
OS Name: Windows Vista
Version 6.0.6000
Number of processors #2
==============================================
>Drivers
==============================================
0x8B0D3000 C:\Windows\system32\DRIVERS\nvlddmkm.sys 7524352 bytes (NVIDIA Corporation, NVIDIA Compatible Windows Vista Kernel Mode Driver, Version 175.97 )
0x81C00000 C:\Windows\system32\ntkrnlpa.exe 3805184 bytes (Microsoft Corporation, NT Kernel & System)
0x81C00000 PnpManager 3805184 bytes
0x81C00000 RAW 3805184 bytes
0x81C00000 WMIxWDM 3805184 bytes
0x93A00000 Win32k 2097152 bytes
0x93A00000 C:\Windows\System32\win32k.sys 2097152 bytes (Microsoft Corporation, Multi-User Win32 Driver)
0x8BA40000 C:\Windows\system32\DRIVERS\NETw3v32.sys 1835008 bytes (Intel® Corporation, Intel® Wireless LAN Driver)
0x81ABF000 C:\Windows\System32\Drivers\Ntfs.sys 1081344 bytes (Microsoft Corporation, NT File System Driver)
0x8063D000 C:\Windows\system32\drivers\ndis.sys 1064960 bytes (Microsoft Corporation, NDIS 6.0 wrapper driver)
0x8C047000 C:\Windows\system32\DRIVERS\HSX_DPV.sys 1060864 bytes (Conexant Systems, Inc., HSF_DP driver)
0x8051F000 C:\Windows\system32\CI.dll 921600 bytes (Microsoft Corporation, Code Integrity Module)
0xA6D22000 C:\Windows\system32\drivers\peauth.sys 909312 bytes (Microsoft Corporation, Protected Environment Authentication and Authorization Export Driver)
0x8BE03000 C:\Windows\System32\drivers\tcpip.sys 856064 bytes (Microsoft Corporation, TCP/IP Driver)
0x8BF93000 C:\Windows\system32\DRIVERS\HSX_CNXT.sys 737280 bytes (Conexant Systems, Inc., HSF_CNXT driver)
0x8B036000 C:\Windows\System32\drivers\dxgkrnl.sys 643072 bytes (Microsoft Corporation, DirectX Graphics Kernel)
0x9A6F2000 C:\Windows\system32\drivers\spsys.sys 581632 bytes (Microsoft Corporation, security processor)
0x8DC2F000 C:\Windows\system32\drivers\btwaudio.sys 503808 bytes (Broadcom Corporation., Bluetooth Audio Device)
0x804A4000 C:\Windows\system32\drivers\Wdf01000.sys 503808 bytes (Microsoft Corporation, WDF Dynamic)
0x81A55000 C:\Windows\System32\Drivers\ksecdd.sys 434176 bytes (Microsoft Corporation, Kernel Security Support Provider Interface)
0x8DCAA000 C:\Windows\system32\drivers\btwavdt.sys 417792 bytes (Broadcom Corporation., Broadcom Bluetooth AVDT Service)
0x9D19A000 C:\Windows\system32\drivers\HTTP.sys 417792 bytes (Microsoft Corporation, HTTP Protocol Stack)
0x80266000 C:\Windows\system32\mcupdate_GenuineIntel.dll 393216 bytes (Microsoft Corporation, Intel Microcode Update Library)
0x8C55D000 C:\Windows\System32\Drivers\avgtdix.sys 356352 bytes (AVG Technologies CZ, s.r.o., AVG Network connection watcher)
0x8C1AC000 C:\Windows\system32\drivers\stwrt.sys 344064 bytes (SigmaTel, Inc., NDRC)
0x8AF1B000 C:\Windows\system32\DRIVERS\rixdptsk.sys 331776 bytes (REDC, RICOH XD SM Driver)
0x8CBB0000 C:\Windows\System32\Drivers\avgldx86.sys 327680 bytes (AVG Technologies CZ, s.r.o., AVG AVI Loader Driver)
0x9D3B4000 C:\Windows\System32\DRIVERS\srv.sys 311296 bytes (Microsoft Corporation, Server driver)
0x807A8000 C:\Windows\System32\drivers\volmgrx.sys 303104 bytes (Microsoft Corporation, Volume Manager Extension Driver)
0x8C4E4000 C:\Windows\system32\drivers\afd.sys 290816 bytes (Microsoft Corporation, Ancillary Function Driver for WinSock)
0x80461000 C:\Windows\system32\drivers\acpi.sys 274432 bytes (Microsoft Corporation, ACPI Driver for NT)
0x8AE85000 C:\Windows\system32\DRIVERS\storport.sys 262144 bytes (Microsoft Corporation, Microsoft Storage Port Driver)
0x8C14A000 C:\Windows\system32\DRIVERS\HSXHWAZL.sys 249856 bytes (Conexant Systems, Inc., HSF_HWAZL WDM driver)
0x8A853000 C:\Windows\system32\DRIVERS\USBPORT.SYS 249856 bytes (Microsoft Corporation, USB 1.1 & 2.0 Port Driver)
0x8021A000 C:\Windows\system32\CLFS.SYS 241664 bytes (Microsoft Corporation, Common Log File System Driver)
0x8C472000 C:\Windows\system32\DRIVERS\rdbss.sys 241664 bytes (Microsoft Corporation, Redirected Drive Buffering SubSystem Driver)
0x8CA8F000 C:\Windows\System32\Drivers\bthport.sys 237568 bytes (Microsoft Corporation, Bluetooth Bus Driver)
0x8C400000 C:\Windows\system32\DRIVERS\OEM02Dev.sys 237568 bytes (Creative Technology Ltd., Video Capture Device Driver)
0x9D103000 C:\Windows\system32\DRIVERS\mrxsmb10.sys 233472 bytes (Microsoft Corporation, Longhorn SMB Downlevel SubRdr)
0x81BC7000 C:\Windows\system32\drivers\NETIO.SYS 233472 bytes (Microsoft Corporation, Network I/O Subsystem)
0x81A1F000 C:\Windows\system32\drivers\volsnap.sys 221184 bytes (Microsoft Corporation, Volume Shadow Copy Driver)
0x81FA1000 ACPI_HAL 212992 bytes
0x81FA1000 C:\Windows\system32\hal.dll 212992 bytes (Microsoft Corporation, Hardware Abstraction Layer DLL)
0x8BA0C000 C:\Windows\system32\DRIVERS\usbhub.sys 212992 bytes (Microsoft Corporation, Default Hub Driver for USB)
0x8C52B000 C:\Windows\System32\DRIVERS\netbt.sys 204800 bytes (Microsoft Corporation, MBT Transport driver)
0x80751000 C:\Windows\system32\drivers\fltmgr.sys 200704 bytes (Microsoft Corporation, Microsoft Filesystem Filter Manager)
0xA4208000 C:\Windows\System32\Drivers\RDPWD.SYS 188416 bytes (Microsoft Corporation, RDP Terminal Stack Driver)
0x8BC13000 C:\Windows\system32\drivers\portcls.sys 184320 bytes (Microsoft Corporation, Port Class (Class Driver for Port/Miniport Devices))
0x8AEC5000 C:\Windows\system32\DRIVERS\msiscsi.sys 176128 bytes (Microsoft Corporation, Microsoft iSCSI Initiator Driver)
0x80612000 C:\Windows\system32\drivers\msrpc.sys 176128 bytes (Microsoft Corporation, Kernel Remote Procedure Call Provider)
0x9A630000 C:\Windows\system32\DRIVERS\nwifi.sys 176128 bytes (Microsoft Corporation, NativeWiFi Miniport Driver)
0x8B00C000 C:\Windows\system32\DRIVERS\ks.sys 172032 bytes (Microsoft Corporation, Kernel CSA Library)
0x8E198000 C:\Windows\System32\Drivers\fastfat.SYS 163840 bytes (Microsoft Corporation, Fast FAT File System Driver)
0x8DC08000 C:\Windows\System32\Drivers\aswSP.SYS 159744 bytes (ALWIL Software, avast! self protection module)
0x87783000 C:\Windows\System32\Drivers\avgrkx86.sys 155648 bytes (AVG Technologies CZ, s.r.o., AVG Anti-Rootkit Driver)
0x8C187000 C:\Windows\system32\drivers\drmk.sys 151552 bytes (Microsoft Corporation, Microsoft Kernel DRM Descrambler Filter)
0x877DB000 C:\Windows\System32\drivers\ecache.sys 151552 bytes (Microsoft Corporation, Special Memory Device Cache)
0x80425000 C:\Windows\system32\drivers\pci.sys 151552 bytes (Microsoft Corporation, NT Plug and Play PCI Enumerator)
0x9D0CD000 C:\Windows\System32\DRIVERS\srv2.sys 147456 bytes (Microsoft Corporation, Smb 2.0 Server driver)
0x8AE4B000 C:\Windows\system32\DRIVERS\ndiswan.sys 143360 bytes (Microsoft Corporation, MS PPP Framing Driver (Strong Encryption))
0x877A9000 C:\Windows\system32\drivers\CLASSPNP.SYS 135168 bytes (Microsoft Corporation, SCSI Class System Dll)
0x8BF02000 C:\Windows\System32\drivers\VIDEOPRT.SYS 135168 bytes (Microsoft Corporation, Video Port Driver)
0x9D00D000 C:\Windows\system32\drivers\mrxdav.sys 131072 bytes (Microsoft Corporation, Windows NT WebDav Minirdr)
0x80782000 C:\Windows\system32\drivers\ataport.SYS 122880 bytes (Microsoft Corporation, ATAPI Driver Extension)
0x9D13C000 C:\Windows\system32\DRIVERS\mrxsmb.sys 122880 bytes (Microsoft Corporation, Windows NT SMB Minirdr)
0x99475000 C:\Windows\system32\drivers\luafv.sys 110592 bytes (Microsoft Corporation, LUA File Virtualization Filter Driver)
0x9B021000 C:\Windows\System32\DRIVERS\srvnet.sys 110592 bytes (Microsoft Corporation, Server Network driver)
0x8CA64000 C:\Windows\system32\DRIVERS\bthpan.sys 106496 bytes (Microsoft Corporation, Bluetooth Personal Area Networking)
0x9D041000 C:\Windows\system32\DRIVERS\bowser.sys 102400 bytes (Microsoft Corporation, NT Lan Manager Datagram Receiver Driver)
0x8C5E7000 C:\Windows\System32\drivers\fwpkclnt.sys 102400 bytes (Microsoft Corporation, FWP/IPsec Kernel-Mode API)
0x8AEF0000 C:\Windows\system32\DRIVERS\cdrom.sys 98304 bytes (Microsoft Corporation, SCSI CD-ROM Driver)
0x8AF8E000 C:\Windows\system32\DRIVERS\sdbus.sys 98304 bytes (Microsoft Corporation, SecureDigital Bus Driver)
0x9945E000 C:\Windows\system32\drivers\aswMonFlt.sys 94208 bytes (ALWIL Software, avast! File System Minifilter for Windows 2003/Vista)
0x8C451000 C:\Windows\System32\Drivers\dfsc.sys 94208 bytes (Microsoft Corporation, DFS Client MUP Surrogate Driver)
0x8AE6E000 C:\Windows\system32\DRIVERS\rasl2tp.sys 94208 bytes (Microsoft Corporation, RAS L2TP mini-port/call-manager driver)
0x8C43A000 C:\Windows\system32\DRIVERS\usbccgp.sys 94208 bytes (Microsoft Corporation, USB Common Class Generic Parent Driver)
0xA42ED000 C:\Windows\system32\DRIVERS\cdfs.sys 90112 bytes (Microsoft Corporation, CD-ROM File System Driver)
0x8C4CE000 C:\Windows\system32\DRIVERS\pacer.sys 90112 bytes (Microsoft Corporation, QoS Packet Scheduler)
0x8C5D2000 C:\Windows\system32\DRIVERS\tdx.sys 86016 bytes (Microsoft Corporation, TDI Translation Driver)
0x9D02D000 C:\Windows\System32\drivers\mpsdrv.sys 81920 bytes (Microsoft Corporation, Microsoft Protection Service Driver)
0x8AF6C000 C:\Windows\system32\DRIVERS\rimsptsk.sys 81920 bytes (REDC, RICOH MS Driver)
0x8C5B4000 C:\Windows\system32\DRIVERS\smb.sys 81920 bytes (Microsoft Corporation, SMB Transport driver)
0x8AF08000 C:\Windows\system32\DRIVERS\i8042prt.sys 77824 bytes (Microsoft Corporation, i8042 Port Driver)
0x8AE38000 C:\Windows\system32\DRIVERS\raspptp.sys 77824 bytes (Microsoft Corporation, Peer-to-Peer Tunneling Protocol)
0x9B1ED000 C:\Windows\system32\DRIVERS\rspndr.sys 77824 bytes (Microsoft Corporation, Link-Layer Topology Responder Driver for NDIS 6)
0x8C4AD000 C:\Windows\system32\DRIVERS\wanarp.sys 77824 bytes (Microsoft Corporation, MS Remote Access and Routing ARP Driver)
0x8AFB4000 C:\Windows\system32\DRIVERS\HDAudBus.sys 73728 bytes (Microsoft Corporation, High Definition Audio Bus Driver)
0x9D0F1000 C:\Windows\system32\DRIVERS\mrxsmb20.sys 73728 bytes (Microsoft Corporation, Longhorn SMB 2.0 Redirector)
0x877CA000 C:\Windows\system32\drivers\disk.sys 69632 bytes (Microsoft Corporation, PnP Disk Driver)
0x8CA7E000 C:\Windows\system32\DRIVERS\rfcomm.sys 69632 bytes (Microsoft Corporation, Bluetooth RFCOMM Driver)
0x88130000 C:\Windows\system32\DRIVERS\bcm4sbxp.sys 65536 bytes (Broadcom Corporation, Broadcom Corporation NDIS 5.1 ethernet driver)
0x80741000 C:\Windows\system32\drivers\fileinfo.sys 65536 bytes (Microsoft Corporation, FileInfo Filter Driver)
0x88100000 C:\Windows\system32\drivers\HIDCLASS.SYS 65536 bytes (Microsoft Corporation, Hid Class Library)
0x88080000 C:\Windows\system32\DRIVERS\HssDrv.sys 65536 bytes (AnchorFree Inc., Hotspot Shield Routing Driver)
0x96A20000 C:\Windows\system32\DRIVERS\lltdio.sys 65536 bytes (Microsoft Corporation, Link-Layer Topology Mapper I/O Driver)
0x8040B000 C:\Windows\System32\drivers\mountmgr.sys 65536 bytes (Microsoft Corporation, Mount Point Manager)
0x880E0000 C:\Windows\System32\Drivers\NDProxy.SYS 65536 bytes (Microsoft Corporation, NDIS Proxy)
0x880C0000 C:\Windows\system32\DRIVERS\ohci1394.sys 65536 bytes (Microsoft Corporation, 1394 OpenHCI Port Driver)
0x8DDB5000 C:\Windows\system32\DRIVERS\monitor.sys 61440 bytes (Microsoft Corporation, Monitor Driver)
0x81A01000 C:\Windows\System32\Drivers\mup.sys 61440 bytes (Microsoft Corporation, Multiple UNC Provider driver)
0x81A10000 C:\Windows\System32\drivers\partmgr.sys 61440 bytes (Microsoft Corporation, Partition Management Driver)
0x881D4000 C:\Windows\system32\DRIVERS\raspppoe.sys 61440 bytes (Microsoft Corporation, RAS PPPoE mini-port/call-manager driver)
0x8AE1C000 C:\Windows\system32\DRIVERS\termdd.sys 61440 bytes (Microsoft Corporation, Terminal Server Driver)
0x8044A000 C:\Windows\system32\drivers\volmgr.sys 61440 bytes (Microsoft Corporation, Volume Manager Driver)
0x8AFA6000 C:\Windows\system32\DRIVERS\1394BUS.SYS 57344 bytes (Microsoft Corporation, 1394 Bus Device Driver)
0x96E10000 C:\Windows\System32\cdd.dll 57344 bytes (Microsoft Corporation, Canonical Display Driver)
0x884F5000 C:\Windows\system32\DRIVERS\intelppm.sys 57344 bytes (Microsoft Corporation, Processor Device Driver)
0x8C4C0000 C:\Windows\system32\DRIVERS\netbios.sys 57344 bytes (Microsoft Corporation, NetBIOS interface driver)
0x8BED4000 C:\Windows\System32\Drivers\Npfs.SYS 57344 bytes (Microsoft Corporation, NPFS Driver)
0x807F2000 C:\Windows\system32\drivers\PCIIDEX.SYS 57344 bytes (Microsoft Corporation, PCI IDE Bus Driver Extension)
0x8AF80000 C:\Windows\system32\DRIVERS\rimmptsk.sys 57344 bytes (REDC, RICOH MMC Driver)
0x8859B000 C:\Windows\system32\DRIVERS\usbehci.sys 57344 bytes (Microsoft Corporation, EHCI eUSB Miniport Driver)
0x8BD57000 C:\Windows\System32\Drivers\crashdmp.sys 53248 bytes (Microsoft Corporation, Crash Dump Driver)
0x8BD30000 C:\Windows\system32\drivers\modem.sys 53248 bytes (Microsoft Corporation, Modem Device Driver)
0x8AE2B000 C:\Windows\system32\DRIVERS\umbus.sys 53248 bytes (Microsoft Corporation, User-Mode Bus Enumerator)
0x8850B000 C:\Windows\System32\drivers\watchdog.sys 53248 bytes (Microsoft Corporation, Watchdog Driver)
0x8020D000 C:\Windows\system32\drivers\WDFLDR.SYS 53248 bytes (Microsoft Corporation, WDFLDR)
0x8CAEF000 C:\Windows\System32\Drivers\BTHUSB.sys 49152 bytes (Microsoft Corporation, Bluetooth Miniport Driver)
0x8CAFB000 C:\Windows\system32\DRIVERS\hidbth.sys 49152 bytes (Microsoft Corporation, Bluetooth Miniport Driver for HID Devices)
0x8CAD7000 C:\Windows\System32\DRIVERS\tssecsrv.sys 49152 bytes (Microsoft Corporation, TS Security Filter Driver)
0x8AFF0000 C:\Windows\System32\drivers\vga.sys 49152 bytes (Microsoft Corporation, VGA/Super VGA Video Driver)
0x8A92E000 C:\Windows\System32\Drivers\dump_dumpata.sys 45056 bytes
0x8A8E1000 C:\Windows\system32\DRIVERS\kbdclass.sys 45056 bytes (Microsoft Corporation, Keyboard Class Driver)
0x8A8D6000 C:\Windows\system32\DRIVERS\mouclass.sys 45056 bytes (Microsoft Corporation, Mouse Class Driver)
0x8A902000 C:\Windows\System32\Drivers\Msfs.SYS 45056 bytes (Microsoft Corporation, Mailslot driver)
0x8A8F7000 C:\Windows\system32\DRIVERS\ndistapi.sys 45056 bytes (Microsoft Corporation, NDIS 3.0 connection wrapper driver)
0x8A944000 C:\Windows\System32\drivers\tcpipreg.sys 45056 bytes (Microsoft Corporation, TCP/IP Registry Compatibility Driver)
0x8A8EC000 C:\Windows\system32\DRIVERS\TDI.SYS 45056 bytes (Microsoft Corporation, TDI Wrapper)
0x8A939000 C:\Windows\system32\drivers\tdtcp.sys 45056 bytes (Microsoft Corporation, TCP Transport Driver)
0x8A8C0000 C:\Windows\system32\DRIVERS\tunnel.sys 45056 bytes (Microsoft Corporation, Microsoft Tunnel Interface Driver)
0x8A8CB000 C:\Windows\system32\DRIVERS\usbuhci.sys 45056 bytes (Microsoft Corporation, UHCI USB Miniport Driver)
0x8C5C8000 C:\Windows\System32\Drivers\aswTdi.SYS 40960 bytes (ALWIL Software, avast! TDI Filter Driver)
0x8041B000 C:\Windows\system32\DRIVERS\BATTC.SYS 40960 bytes (Microsoft Corporation, Battery Class Driver)
0x8CBA6000 C:\Windows\system32\DRIVERS\BthEnum.sys 40960 bytes (Microsoft Corporation, Bluetooth Bus Extender)
0x8E0F8000 C:\Windows\System32\drivers\Dxapi.sys 40960 bytes (Microsoft Corporation, DirectX API Driver)
0x8AE12000 C:\Windows\system32\DRIVERS\mssmbios.sys 40960 bytes (Microsoft Corporation, System Management BIOS Driver)
0x8E120000 C:\Windows\system32\DRIVERS\ndisuio.sys 40960 bytes (Microsoft Corporation, NDIS User mode I/O driver)
0x8C468000 C:\Windows\system32\drivers\nsiproxy.sys 40960 bytes (Microsoft Corporation, NSI Proxy)
0x8E184000 C:\Windows\System32\Drivers\secdrv.SYS 40960 bytes (Macrovision Corporation, Macrovision Europe Limited, and Macrovision Japan and Asia K.K., Macrovision SECURITY Driver)
0x80601000 C:\Windows\system32\drivers\crcdisk.sys 36864 bytes (Microsoft Corporation, Disk Block Verification Filter Driver)
0x8A9A6000 C:\Windows\System32\Drivers\Fs_Rec.SYS 36864 bytes (Microsoft Corporation, File System Recognizer Driver)
0x8A9EE000 C:\Windows\system32\DRIVERS\hidusb.sys 36864 bytes (Microsoft Corporation, USB Miniport Driver for Input Devices)
0x8A9F7000 C:\Windows\system32\DRIVERS\kbdhid.sys 36864 bytes (Microsoft Corporation, HID Keyboard Filter Driver)
0x9C2C0000 C:\Windows\System32\Drivers\Normandy.SYS 36864 bytes (RKU Driver)
0x8025D000 C:\Windows\system32\PSHED.dll 36864 bytes (Microsoft Corporation, Platform Specific Hardware Error Driver)
0x8A9B8000 C:\Windows\System32\DRIVERS\rasacd.sys 36864 bytes (Microsoft Corporation, RAS Automatic Connection Driver)
0x96E00000 C:\Windows\System32\TSDDD.dll 36864 bytes (Microsoft Corporation, Framebuffer Display Driver)
0x8A970000 C:\Windows\system32\DRIVERS\tunmp.sys 36864 bytes (Microsoft Corporation, Microsoft Tunnel Interface Driver)
0x8A98B000 C:\Windows\system32\DRIVERS\wmiacpi.sys 36864 bytes (Microsoft Corporation, Windows Management Interface for ACPI)
0x80204000 C:\Windows\system32\drivers\WMILIB.SYS 36864 bytes (Microsoft Corporation, WMILIB WMI support library Dll)
0x8A9E5000 C:\Windows\system32\drivers\ws2ifsl.sys 36864 bytes (Microsoft Corporation, Winsock2 IFS Layer)
0x807A0000 C:\Windows\system32\drivers\atapi.sys 32768 bytes (Microsoft Corporation, ATAPI IDE Miniport Driver)
0x80255000 C:\Windows\system32\BOOTVID.dll 32768 bytes (Microsoft Corporation, VGA Boot Driver)
0x88578000 C:\Windows\System32\Drivers\dump_atapi.sys 32768 bytes
0x802C6000 C:\Windows\system32\kdcom.dll 32768 bytes (Microsoft Corporation, Kernel Debugger HW Extension DLL)
0x88570000 C:\Windows\system32\DRIVERS\mouhid.sys 32768 bytes (Microsoft Corporation, HID Mouse Filter Driver)
0x80459000 C:\Windows\system32\drivers\msisadrv.sys 32768 bytes (Microsoft Corporation, ISA Driver)
0x88588000 C:\Windows\System32\DRIVERS\RDPCDD.sys 32768 bytes (Microsoft Corporation, RDP Miniport)
0x88590000 C:\Windows\system32\drivers\rdpencdd.sys 32768 bytes (Microsoft Corporation, RDP Miniport)
0x8060A000 C:\Windows\System32\Drivers\spldr.sys 32768 bytes (Microsoft Corporation, loader for security processor)
0x9B0C7000 C:\Windows\system32\DRIVERS\xaudio.sys 32768 bytes (Conexant Systems, Inc., Modem Audio Device Driver)
0x8AFDB000 C:\Windows\System32\Drivers\Beep.SYS 28672 bytes (Microsoft Corporation, BEEP Driver)
0x8AFC6000 C:\Windows\system32\drivers\HIDPARSE.SYS 28672 bytes (Microsoft Corporation, Hid Parsing Library)
0x80404000 C:\Windows\system32\drivers\intelide.sys 28672 bytes (Microsoft Corporation, Intel PCI IDE Driver)
0x8AFD4000 C:\Windows\System32\Drivers\Null.SYS 28672 bytes (Microsoft Corporation, NULL Driver)
0x88444000 C:\Windows\System32\Drivers\avgmfx86.sys 24576 bytes (AVG Technologies CZ, s.r.o., AVG Resident Shield Minifilter Driver)
0x8841A000 C:\Windows\system32\DRIVERS\GEARAspiWDM.sys 24576 bytes (GEAR Software Inc., CD DVD Filter)
0x8A835000 C:\Windows\System32\Drivers\aswRdr.SYS 20480 bytes (ALWIL Software, avast! TDI RDR Driver)
0x8A821000 C:\Windows\system32\drivers\PPortJoy.sys 20480 bytes (Deon van der Westhuysen, Parallel Port Joystick Driver)
0x884CC000 C:\Windows\system32\DRIVERS\CmBatt.sys 16384 bytes (Microsoft Corporation, Control Method Battery Driver)
0xA1632000 C:\Windows\system32\DRIVERS\mdmxsdk.sys 16384 bytes (Conexant, Diagnostic Interface x86 Driver)
0x8A896000 C:\Windows\System32\Drivers\aswFsBlk.SYS 12288 bytes (ALWIL Software, avast! File System Access Blocking Driver)
0x8A8BA000 C:\Windows\system32\DRIVERS\btwrchid.sys 12288 bytes (Broadcom Corporation., Bluetooth Remote Control HID Minidriver)
0x80201000 C:\Windows\system32\DRIVERS\compbatt.sys 12288 bytes (Microsoft Corporation, Composite Battery Driver)
0x8A899000 C:\Windows\system32\drivers\PPJoyBus.sys 12288 bytes (Deon van der Westhuysen, Parallel Port Joystick Bus Enumerator)
0x88494000 C:\Windows\system32\DRIVERS\OEM02Vfx.sys 8192 bytes (EyePower Games Pte. Ltd., Advanced Video FX Filter
Driver (Win2K based))
0x8847C000 C:\Windows\system32\DRIVERS\swenum.sys 8192 bytes (Microsoft Corporation, Plug and Play Software Device Enumerator)
0x8849A000 C:\Windows\system32\DRIVERS\USBD.SYS 8192 bytes (Microsoft Corporation, Universal Serial Bus Driver)
==============================================
>Stealth
==============================================


#4 aommaster

aommaster

    I !<3 malware


  • Malware Response Team
  • 5,289 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Dubai
  • Local time:02:58 PM

Posted 27 July 2010 - 11:44 PM

Hello, PopcornSuicide.
It appears that you have previous run Combofix. Please post up the results of the combofix log located at c:\Combofix.txt

Also, I would like to bring to your attention Combofix's disclaimer:
QUOTE
You should not run ComboFix unless you are specifically asked to by a helper. Also, due to the power of this tool it is strongly advised that you do not attempt to act upon any of the information displayed by ComboFix without supervision from someone who has been properly trained. If you do so, it may lead to problems with the normal functionality of your computer.

Running Combofix without a helper's instructions can render your computer unbootable. See this topic for more information on Combofix. If you are getting help elsewhere, let me know so we can avoid confusion.


In your next reply, please include the following:
  • Combofix.txt

My website: http://aommaster.com
unite_blue.png
Please do not send me PM's requesting for help. The forums are there for a reason : )
If I am helping you and do not respond to your thread for 48 hours, please send me a PM


#5 PopcornSuicide

PopcornSuicide
  • Topic Starter

  • Members
  • 9 posts
  • OFFLINE
  •  
  • Local time:08:58 PM

Posted 28 July 2010 - 08:12 AM

Here's the Combofix.txt log:

ComboFix 10-07-15.03 - kennett 07/16/2010 21:09:49.1.2 - x86
Microsoft® Windows Vista™ Home Premium 6.0.6000.0.1252.1.1033.18.2045.1250 [GMT 10:00]
Running from: c:\users\kennett\Downloads\ComboFix.exe
Command switches used :: c:\users\kennett\Downloads\cfscript.txt
AV: AVG Internet Security *On-access scanning disabled* (Updated) {17DDD097-36FF-435F-9E1B-52D74245D6BF}
SP: AVG Internet Security *enabled* (Updated) {17DDD097-36FF-435F-9E1B-52D74245D6BF}
SP: Windows Defender *enabled* (Outdated) {D68DDC3A-831F-4FAE-9E44-DA132C1ACF46}

FILE ::
"c:\program files\AdvancedVirusRemover\PAVRM.exe"
"c:\windows\system32\AVR09.exe"
"c:\windows\system32\winhelper.dll"
"c:\windows\system32\winupdate.exe"
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\install.exe
c:\users\kennett\AppData\Roaming\inst.exe
c:\windows\system32\drivers\gxvxcepthjuslwfcdmbdmpaiujnejntvlhpcy.sys.vir
c:\windows\system32\gxvxccounter
c:\windows\xpsp1hfm.log

.
((((((((((((((((((((((((( Files Created from 2010-06-16 to 2010-07-16 )))))))))))))))))))))))))))))))
.

2010-07-16 11:19 . 2010-07-16 11:20 -------- d-----w- c:\users\kennett\AppData\Local\temp
2010-07-16 11:19 . 2010-07-16 11:19 -------- d-----w- c:\users\Mcx1\AppData\Local\temp
2010-07-16 11:19 . 2010-07-16 11:19 -------- d-----w- c:\users\Default\AppData\Local\temp
2010-07-16 11:06 . 2010-07-16 11:07 -------- d-----w- C:\32788R22FWJFW
2010-07-16 11:03 . 2010-07-16 11:03 -------- d-----w- c:\users\kennett\AppData\Roaming\AVG9
2010-07-16 06:18 . 2010-07-16 06:20 -------- d-----w- c:\users\kennett\AppData\Local\Google
2010-07-05 09:39 . 2010-07-05 09:39 72504 ----a-w- c:\programdata\Apple Computer\Installer Cache\iTunes 9.2.0.61\SetupAdmin.exe

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-07-16 11:20 . 2010-05-04 08:23 -------- d-----w- c:\program files\Common Files\Akamai
2010-07-16 10:54 . 2009-04-27 11:26 28029 ----a-w- c:\programdata\nvModes.dat
2010-07-16 10:52 . 2008-07-17 10:39 1401 ----a-w- c:\windows\bthservsdp.dat
2010-07-12 08:19 . 2008-07-17 10:05 -------- d-----w- c:\program files\Steam
2010-07-05 09:53 . 2010-04-29 07:25 -------- d-----w- c:\program files\iTunes
2010-07-05 09:53 . 2008-07-17 10:01 -------- d-----w- c:\program files\iPod
2010-07-05 09:46 . 2008-07-17 09:35 -------- d-----w- c:\program files\Bonjour
2010-07-05 09:20 . 2008-07-17 09:44 -------- d-----w- c:\program files\Common Files\Steam
2010-07-03 08:41 . 2009-12-09 07:19 -------- d-----w- c:\users\kennett\AppData\Roaming\Vso
2010-07-03 06:53 . 2008-07-17 11:52 -------- d-----w- c:\users\kennett\AppData\Roaming\uTorrent
2010-06-14 00:58 . 2009-06-11 15:05 -------- d-----w- c:\programdata\Electronic Arts
2010-05-25 09:15 . 2010-05-25 09:15 47124 ----a-w- c:\users\kennett\AppData\Local\prvlcl.dat
2010-05-18 06:35 . 2010-05-18 06:35 91424 ----a-w- c:\windows\system32\dnssd.dll
2010-05-18 06:35 . 2010-05-18 06:35 107808 ----a-w- c:\windows\system32\dns-sd.exe
2010-05-04 10:58 . 2008-07-17 08:45 100264 ----a-w- c:\users\kennett\AppData\Local\GDIPFONTCACHEV1.DAT
2010-04-25 01:11 . 2010-04-25 01:11 658184 ----a-w- c:\programdata\Microsoft\eHome\Packages\MCESpotlight\MCESpotlight\SpotlightResources.dll
2010-04-19 10:47 . 2010-04-19 10:47 3062048 ----a-w- c:\windows\system32\usbaaplrc.dll
2010-04-19 10:47 . 2010-04-19 10:47 41984 ----a-w- c:\windows\system32\drivers\usbaapl.sys
2007-12-12 23:23 . 2008-07-17 09:28 76 --sha-r- c:\windows\CT4CET.bin
2007-02-21 19:49 . 2007-02-21 19:49 8192 --sha-w- c:\windows\Users\Default\NTUSER.DAT
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"DELL Webcam Manager"="c:\program files\DELL\DELL Webcam Manager\DellWMgr.exe" [2007-07-27 118784]
"ehTray.exe"="c:\windows\ehome\ehTray.exe" [2006-11-02 125440]
"WMPNSCFG"="c:\program files\Windows Media Player\WMPNSCFG.exe" [2006-11-02 201728]
"Google Update"="c:\users\kennett\AppData\Local\Google\Update\GoogleUpdate.exe" [2010-07-16 136176]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Windows Defender"="c:\program files\Windows Defender\MSASCui.exe" [2009-04-01 1006264]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2008-06-08 13543968]
"NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2008-06-08 92704]
"NVHotkey"="c:\windows\system32\nvHotkey.dll" [2008-06-08 96800]
"OEM02Mon.exe"="c:\windows\OEM02Mon.exe" [2007-02-01 36864]
"GrooveMonitor"="c:\program files\Microsoft Office\Office12\GrooveMonitor.exe" [2006-10-26 31016]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2010-02-18 248040]
"SigmatelSysTrayApp"="sttray.exe" [2007-03-06 303104]
"AVG9_TRAY"="c:\progra~1\AVG\AVG9\avgtray.exe" [2010-03-06 2033432]
"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2010-03-17 421888]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2010-06-15 141624]

c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
Bluetooth.lnk - c:\program files\WIDCOMM\Bluetooth Software\BTTray.exe [2006-11-3 703280]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"AppInit_DLLs"=c:\windows\System32\avgrsstx.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"mixer"=wdmaud.drv

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WinDefend]
@="Service"

R4 sptd;sptd;c:\windows\system32\Drivers\sptd.sys [2009-05-09 721904]
S0 AvgRkx86;avgrkx86.sys;c:\windows\System32\Drivers\avgrkx86.sys [2010-03-06 161800]
S1 AvgLdx86;AVG AVI Loader Driver x86;c:\windows\System32\Drivers\avgldx86.sys [2010-03-06 333192]
S1 AvgTdiX;AVG Network Redirector;c:\windows\System32\Drivers\avgtdix.sys [2010-03-06 360584]
S2 Akamai;Akamai NetSession Interface;c:\windows\System32\svchost.exe [2006-11-02 22016]
S2 avg9wd;AVG WatchDog;c:\program files\AVG\AVG9\avgwdsvc.exe [2010-03-06 285392]


[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
bthsvcs REG_MULTI_SZ BthServ
Akamai REG_MULTI_SZ Akamai
.
Contents of the 'Scheduled Tasks' folder

2010-07-16 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-260096083-894070482-4272455902-1000Core.job
- c:\users\kennett\AppData\Local\Google\Update\GoogleUpdate.exe [2010-07-16 06:18]

2010-07-16 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-260096083-894070482-4272455902-1000UA.job
- c:\users\kennett\AppData\Local\Google\Update\GoogleUpdate.exe [2010-07-16 06:18]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.ninemsn.com.au/
uInternet Settings,ProxyOverride = *.local
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000
IE: Send image to &Bluetooth Device... - c:\program files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm
IE: Send page to &Bluetooth Device... - c:\program files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
TCP: {0108F17E-774A-449C-B12F-F44F3536A605} = 192.168.1.1
TCP: {AC4A3680-3606-4625-9FDB-656F1EC0F5F5} = 192.168.1.1
FF - ProfilePath - c:\users\kennett\AppData\Roaming\Mozilla\Firefox\Profiles\t4jel9xq.default\
FF - prefs.js: browser.startup.homepage - hxxp://www.ninemsn.com.au/
FF - component: c:\program files\AVG\AVG9\Firefox\components\avgssff.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\np-mswmp.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\npbyond.dll
FF - plugin: c:\users\kennett\AppData\Local\Google\Update\1.2.183.29\npGoogleOneClick8.dll
.
- - - - ORPHANS REMOVED - - - -

HKCU-Run-EA Core - c:\program files\Electronic Arts\EADM\Core.exe
AddRemove-DAEMON Tools Toolbar - c:\program files\DAEMON Tools Toolbar\uninst.exe



**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2010-07-16 21:20
Windows 6.0.6000 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
--------------------- LOCKED REGISTRY KEYS ---------------------

[HKEY_USERS\S-1-5-21-260096083-894070482-4272455902-1000\Software\SecuROM\License information*]
"datasecu"=hex:c2,d3,fb,ce,09,7c,37,53,98,bb,32,37,a8,91,62,ac,09,86,02,cc,db,
41,8a,af,a7,b1,d9,6f,ad,50,f4,17,17,0c,58,f9,50,d5,5d,b4,35,23,a5,77,39,6f,\
"rkeysecu"=hex:d3,d3,61,7c,8a,33,ef,04,94,6c,7f,e4,8c,fb,ab,15

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
Completion time: 2010-07-16 21:22:43
ComboFix-quarantined-files.txt 2010-07-16 11:22

Pre-Run: 2,225,881,088 bytes free
Post-Run: 7,608,537,088 bytes free

- - End Of File - - 2E6F1C0CEFFB06F9288B68BE6B1C2A4C


#6 aommaster

aommaster

    I !<3 malware


  • Malware Response Team
  • 5,289 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Dubai
  • Local time:02:58 PM

Posted 28 July 2010 - 02:07 PM

Hi!

Combofix logs indicate that you ran a CFScript. Are you being helped elsewhere?

I recognize this CFScript from the site here, and I'd like to give you a heads up about this.

CFScripts are meant to be user-specific. It is dangerous to run a CFScript not provided to you by a trained helper, as they could severely damage your computer.

Also, the site recommends registry cleaners. Please be aware that bleepingcomputer staff do not recommend the usage of registry cleaners / tools due to the following facts:
  • Registry tools can cause irreparable damage to your Operating System
  • Registry tools can, as a result of the above, render your pc to be inoperable.
This is done, assuming that the major audience here at this board might be inexperienced users and thus a suggested safeguard from our side.

Now, it also appears that the site has hosted Combofix from its own servers, which means that the copy is very likely outdated. Please delete the copy of combofix you have with you and we'll run a fresh copy of combofix.
  1. Temporarily disable your anti-virus, script blocking and any anti-malware real-time protection before performing a scan.
    They can interfere with ComboFix or remove some of its embedded files which may cause "unpredictable results". For more details, please check this thread
  2. Please download ComboFix from one of these locations:
    Link 1
    Link 2
    ** IMPORTANT !!! Save ComboFix.exe to your Desktop
  3. Double click on ComboFix.exe & follow the prompts.
  4. When finished, it will produce a log for you. Please include the C:\ComboFix.txt in your next reply.
**A word of warning: Neither I nor sUBs are responsible for any damage you may have caused your machine by running ComboFix on your own.
**This tool is not a toy and not for everyday use.
**ComboFix SHOULD NOT be used unless requested by a forum helper


Also, are you still having those redirects? Any other problems with your system?

My website: http://aommaster.com
unite_blue.png
Please do not send me PM's requesting for help. The forums are there for a reason : )
If I am helping you and do not respond to your thread for 48 hours, please send me a PM


#7 aommaster

aommaster

    I !<3 malware


  • Malware Response Team
  • 5,289 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Dubai
  • Local time:02:58 PM

Posted 31 July 2010 - 03:25 AM

Hello PopcornSuicide
Are you still with us?

My website: http://aommaster.com
unite_blue.png
Please do not send me PM's requesting for help. The forums are there for a reason : )
If I am helping you and do not respond to your thread for 48 hours, please send me a PM


#8 aommaster

aommaster

    I !<3 malware


  • Malware Response Team
  • 5,289 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Dubai
  • Local time:02:58 PM

Posted 02 August 2010 - 02:00 AM

Due to lack of feedback, this topic has been closed. If you need this topic reopened, please send me a PM with the address of this thread. This applies only to the original topic starter. Everyone else please begin a New Topic.

My website: http://aommaster.com
unite_blue.png
Please do not send me PM's requesting for help. The forums are there for a reason : )
If I am helping you and do not respond to your thread for 48 hours, please send me a PM


#9 aommaster

aommaster

    I !<3 malware


  • Malware Response Team
  • 5,289 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Dubai
  • Local time:02:58 PM

Posted 05 August 2010 - 02:47 AM

Topic reopened as per user's request.

My website: http://aommaster.com
unite_blue.png
Please do not send me PM's requesting for help. The forums are there for a reason : )
If I am helping you and do not respond to your thread for 48 hours, please send me a PM


#10 PopcornSuicide

PopcornSuicide
  • Topic Starter

  • Members
  • 9 posts
  • OFFLINE
  •  
  • Local time:08:58 PM

Posted 05 August 2010 - 06:30 AM

Hey, thanks again for reopening the thread. I'm still having the same problems. Still getting redirected and having to sign in everywhere every time I close and reopen my browser. Here's the latest combofix log:

ComboFix 10-08-04.05 - kennett 08/05/2010 21:20:56.2.2 - x86
Microsoft® Windows Vista™ Home Premium 6.0.6000.0.1252.1.1033.18.2045.885 [GMT 10:00]
Running from: c:\users\kennett\Desktop\ComboFix.exe
AV: avast! Antivirus *On-access scanning disabled* (Updated) {7591DB91-41F0-48A3-B128-1A293FD8233D}
SP: avast! Antivirus *disabled* (Updated) {7591DB91-41F0-48A3-B128-1A293FD8233D}
SP: Windows Defender *enabled* (Outdated) {D68DDC3A-831F-4FAE-9E44-DA132C1ACF46}
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\users\kennett\AppData\Roaming\inst.exe
c:\windows\system32\drivers\gxvxcepthjuslwfcdmbdmpaiujnejntvlhpcy.sys.vir

.
((((((((((((((((((((((((( Files Created from 2010-07-05 to 2010-08-05 )))))))))))))))))))))))))))))))
.

2010-08-05 11:27 . 2010-08-05 11:27 -------- d-----w- c:\users\TEMP\AppData\Local\temp
2010-08-05 11:27 . 2010-08-05 11:27 -------- d-----w- c:\users\Public\AppData\Local\temp
2010-08-05 11:27 . 2010-08-05 11:27 -------- d-----w- c:\users\Mcx1\AppData\Local\temp
2010-08-05 11:27 . 2010-08-05 11:27 -------- d-----w- c:\users\Default\AppData\Local\temp
2010-08-05 11:19 . 2010-08-05 11:20 -------- d-----w- C:\32788R22FWJFW
2010-07-28 03:06 . 2010-07-28 03:06 -------- d-----w- c:\windows\system32\MustBeRandomlyNamed
2010-07-28 02:17 . 2010-07-28 02:23 -------- d-----w- C:\rsit
2010-07-20 10:06 . 2010-07-20 10:06 -------- d-----w- c:\users\kennett\AppData\Roaming\Malwarebytes
2010-07-20 10:06 . 2010-04-29 05:39 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2010-07-20 10:06 . 2010-07-20 10:06 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2010-07-20 10:06 . 2010-07-20 10:06 -------- d-----w- c:\programdata\Malwarebytes
2010-07-20 10:06 . 2010-04-29 05:39 20952 ----a-w- c:\windows\system32\drivers\mbam.sys
2010-07-20 09:56 . 2010-07-28 02:23 -------- d-----w- c:\program files\Trend Micro
2010-07-20 08:36 . 1999-12-17 00:13 86016 ----a-w- c:\windows\unvise32.exe
2010-07-19 13:18 . 2010-06-28 20:37 165456 ----a-w- c:\windows\system32\drivers\aswSP.sys
2010-07-19 13:18 . 2010-06-28 20:32 17744 ----a-w- c:\windows\system32\drivers\aswFsBlk.sys
2010-07-19 13:18 . 2010-06-28 20:33 23376 ----a-w- c:\windows\system32\drivers\aswRdr.sys
2010-07-19 13:18 . 2010-06-28 20:37 46672 ----a-w- c:\windows\system32\drivers\aswTdi.sys
2010-07-19 13:18 . 2010-06-28 20:32 50256 ----a-w- c:\windows\system32\drivers\aswMonFlt.sys
2010-07-19 13:13 . 2010-06-28 20:57 38848 ----a-w- c:\windows\avastSS.scr
2010-07-19 13:13 . 2010-06-28 20:57 165032 ----a-w- c:\windows\system32\aswBoot.exe
2010-07-19 13:13 . 2010-07-19 13:13 -------- d-----w- c:\programdata\Alwil Software
2010-07-19 13:13 . 2010-07-19 13:13 -------- d-----w- c:\program files\Alwil Software
2010-07-19 12:59 . 2010-07-19 13:00 -------- d-----w- c:\program files\SpywareGuard
2010-07-19 12:55 . 2010-04-12 07:29 411368 ----a-w- c:\windows\system32\deployJava1.dll
2010-07-19 11:17 . 2010-07-19 11:21 -------- d-----w- c:\programdata\Kaspersky Lab
2010-07-19 11:17 . 2010-07-19 11:17 -------- d-----w- c:\program files\Kaspersky Lab
2010-07-19 10:42 . 2010-07-19 10:49 -------- d-----w- c:\program files\Common Files\PC Tools
2010-07-19 06:12 . 2010-07-19 06:12 -------- d-----w- c:\users\kennett\AppData\Roaming\CleanMyPC Software
2010-07-19 06:11 . 2010-07-19 06:11 -------- d-----w- c:\program files\CleanMyPC
2010-07-16 12:31 . 2010-07-20 08:36 -------- d-----w- c:\program files\Parallel Port Joystick
2010-07-16 11:25 . 2010-07-16 11:25 -------- d-----w- c:\programdata\FrontLine Registry Cleaner
2010-07-16 11:22 . 2010-07-16 11:22 -------- d-----w- C:\$RECYCLE(0).BIN
2010-07-16 11:22 . 2010-07-19 12:34 -------- d-----w- c:\users\kennett\AppData\Local\temp(123)
2010-07-16 06:18 . 2010-07-16 06:20 -------- d-----w- c:\users\kennett\AppData\Local\Google

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-08-05 11:27 . 2010-05-04 08:23 -------- d-----w- c:\program files\Common Files\Akamai
2010-08-05 11:06 . 2009-04-27 11:26 28029 ----a-w- c:\programdata\nvModes.dat
2010-08-05 11:02 . 2008-07-17 10:39 2978 ----a-w- c:\windows\bthservsdp.dat
2010-07-27 11:52 . 2008-07-17 11:52 -------- d-----w- c:\users\kennett\AppData\Roaming\uTorrent
2010-07-19 12:58 . 2009-06-30 04:14 -------- d-----w- c:\program files\SpywareBlaster
2010-07-19 12:55 . 2008-07-17 10:01 -------- d-----w- c:\program files\Java
2010-07-19 12:45 . 2010-04-29 07:25 -------- d-----w- c:\program files\iTunes
2010-07-19 10:49 . 2008-07-17 10:04 -------- d-----w- c:\program files\Spyware Doctor
2010-07-12 08:19 . 2008-07-17 10:05 -------- d-----w- c:\program files\Steam
2010-07-05 09:53 . 2008-07-17 10:01 -------- d-----w- c:\program files\iPod
2010-07-05 09:46 . 2008-07-17 09:35 -------- d-----w- c:\program files\Bonjour
2010-07-05 09:39 . 2010-07-05 09:39 72504 ----a-w- c:\programdata\Apple Computer\Installer Cache\iTunes 9.2.0.61\SetupAdmin.exe
2010-07-05 09:20 . 2008-07-17 09:44 -------- d-----w- c:\program files\Common Files\Steam
2010-07-03 08:41 . 2009-12-09 07:19 -------- d-----w- c:\users\kennett\AppData\Roaming\Vso
2010-06-14 00:58 . 2009-06-11 15:05 -------- d-----w- c:\programdata\Electronic Arts
2010-05-25 09:15 . 2010-05-25 09:15 47124 ----a-w- c:\users\kennett\AppData\Local\prvlcl.dat
2010-05-18 06:35 . 2010-05-18 06:35 91424 ----a-w- c:\windows\system32\dnssd.dll
2010-05-18 06:35 . 2010-05-18 06:35 107808 ----a-w- c:\windows\system32\dns-sd.exe
2007-12-12 23:23 . 2008-07-17 09:28 76 --sha-r- c:\windows\CT4CET.bin
2007-02-21 19:49 . 2007-02-21 19:49 8192 --sha-w- c:\windows\Users\Default\NTUSER.DAT
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"DELL Webcam Manager"="c:\program files\DELL\DELL Webcam Manager\DellWMgr.exe" [2007-07-27 118784]
"ehTray.exe"="c:\windows\ehome\ehTray.exe" [2006-11-02 125440]
"EA Core"="c:\program files\Electronic Arts\EADM\Core.exe" [BU]
"WMPNSCFG"="c:\program files\Windows Media Player\WMPNSCFG.exe" [2006-11-02 201728]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Windows Defender"="c:\program files\Windows Defender\MSASCui.exe" [2009-04-01 1006264]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2008-06-08 13543968]
"NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2008-06-08 92704]
"NVHotkey"="c:\windows\system32\nvHotkey.dll" [2008-06-08 96800]
"OEM02Mon.exe"="c:\windows\OEM02Mon.exe" [2007-02-01 36864]
"GrooveMonitor"="c:\program files\Microsoft Office\Office12\GrooveMonitor.exe" [2006-10-26 31016]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2010-02-18 248040]
"SigmatelSysTrayApp"="sttray.exe" [2007-03-06 303104]
"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2010-03-17 421888]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2010-06-15 141624]
"avast5"="c:\progra~1\ALWILS~1\Avast5\avastUI.exe" [2010-06-28 2837864]

c:\users\kennett\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
SpywareGuard.lnk - c:\program files\SpywareGuard\sgmain.exe [2003-8-29 360448]

c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
Bluetooth.lnk - c:\program files\WIDCOMM\Bluetooth Software\BTTray.exe [2006-11-3 703280]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"mixer"=wdmaud.drv

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WinDefend]
@="Service"

R4 sptd;sptd;c:\windows\system32\Drivers\sptd.sys [2009-05-09 721904]
S1 aswSP;aswSP; [x]
S2 Akamai;Akamai NetSession Interface;c:\windows\System32\svchost.exe [2006-11-02 22016]
S2 aswFsBlk;aswFsBlk; [x]
S2 aswMonFlt;aswMonFlt;c:\windows\system32\drivers\aswMonFlt.sys [2010-06-28 50256]
S3 PPJoyBus;Parallel Port Joystick Bus device driver;c:\windows\system32\drivers\PPJoyBus.sys [2003-08-10 11330]
S3 PPortJoystick;Parallel Port Joystick device driver;c:\windows\system32\drivers\PPortJoy.sys [2003-08-10 21922]


[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
bthsvcs REG_MULTI_SZ BthServ
Akamai REG_MULTI_SZ Akamai
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.ninemsn.com.au/
uInternet Settings,ProxyOverride = *.local
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000
IE: Send image to &Bluetooth Device... - c:\program files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm
IE: Send page to &Bluetooth Device... - c:\program files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
TCP: {0108F17E-774A-449C-B12F-F44F3536A605} = 192.168.1.1
TCP: {AC4A3680-3606-4625-9FDB-656F1EC0F5F5} = 192.168.1.1
FF - ProfilePath - c:\users\kennett\AppData\Roaming\Mozilla\Firefox\Profiles\t4jel9xq.default\
FF - prefs.js: browser.startup.homepage - hxxp://www.ninemsn.com.au/
FF - plugin: c:\program files\Mozilla Firefox\plugins\np-mswmp.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\npbyond.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\npdeployJava1.dll
.

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2010-08-05 21:27
Windows 6.0.6000 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
--------------------- LOCKED REGISTRY KEYS ---------------------

[HKEY_USERS\S-1-5-21-260096083-894070482-4272455902-1000\Software\SecuROM\License information*]
"datasecu"=hex:c2,d3,fb,ce,09,7c,37,53,98,bb,32,37,a8,91,62,ac,09,86,02,cc,db,
41,8a,af,a7,b1,d9,6f,ad,50,f4,17,17,0c,58,f9,50,d5,5d,b4,35,23,a5,77,39,6f,\
"rkeysecu"=hex:d3,d3,61,7c,8a,33,ef,04,94,6c,7f,e4,8c,fb,ab,15

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
Completion time: 2010-08-05 21:29:36
ComboFix-quarantined-files.txt 2010-08-05 11:29
ComboFix2.txt 2010-08-05 11:15

Pre-Run: 6,056,140,800 bytes free
Post-Run: 6,030,520,320 bytes free

- - End Of File - - 8F9C503CF0EEDA2296E12863606DB491


#11 aommaster

aommaster

    I !<3 malware


  • Malware Response Team
  • 5,289 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Dubai
  • Local time:02:58 PM

Posted 05 August 2010 - 12:43 PM

Hello, PopcornSuicide.
No problem smile.gif
Backdoor warning!

One or more of the identified infections is a backdoor trojan.

This allows hackers to remotely control your computer, steal critical system information and download and execute files.

I would advise you to disconnect this PC from the Internet immediately. If you do any banking or other financial transactions on the PC or if it should contain any other sensitive information, please get to a known clean computer and change all passwords where applicable, and it would be wise to contact those same financial institutions to apprise them of your situation.

Though the trojan has been identified and can be killed, because of it's backdoor functionality, your PC is very likely compromised and there is no way to be sure your computer can ever again be trusted. Many experts in the security community believe that once infected with this type of trojan, the best course of action would be a reformat and reinstall of the OS. Please read these for more information:

How Do I Handle Possible Identify Theft, Internet Fraud and CC Fraud?

It is dangerous and incorrect to assume the computer is secure even if the malware appears to have been removed.
In most cases, a reformat and clean install of the Operating System is the best solution for your (and probably other's) safety. Making this decision is based on what the computer is used for, and what information can be accessed from it. For more information, please read these references very carefully:
When should I re-format? How should I reinstall?
Help: I Got Hacked. Now What Do I Do?
Help: I Got Hacked. Now What Do I Do? Part II
Where to draw the line? When to recommend a format and reinstall?


Again, if you would like me to attempt to clean it, I will be happy to do so. But if you do make that decision, I will do my best to help you clean the computer of any infections, but you must understand that once a machine has been taken over by this type of malware, I cannot guarantee that it will be 100% secure even after disinfection or that the removal will be successful. Should you have any questions, please feel free to ask.

Please let me know what you decide to do. If you decide to continue with the fix, please proceed with the steps below.




We need to run a Combofix script
  1. Close any open browsers.
  2. Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.
  3. Open notepad and copy/paste the text in the codebox below into it. Do not copy the word "code".
    CODE
    http://www.bleepingcomputer.com/forums/t/333197/virus-redirecting-browser-to-wwwgoogle-analyticscom/
    Collect::
    c:\windows\unvise32.exe
  4. Save this as CFScript.txt, in the same location as ComboFix.exe
  5. Now, drag and drop CFScript into ComboFix.exe
  6. When finished, it shall produce a log for you at C:\ComboFix.txt which I will require in your next reply.
NEXT:

We need to run TDSSKiller
  1. Download TDSSKiller and save it to your Desktop.
  2. Extract its contents to your desktop and make sure TDSSKiller.exe (the contents of the zipped file) is on the Desktop itself, not within a folder on the desktop.
  3. Double click TDSSKiller.exe
  4. Press Start Scan
  5. If Malicious objects are found then ensure Cure is selected
  6. Click Continue > Reboot now
  7. Copy and paste the log in your next reply
    Note:A copy of the log will be saved automatically to the root of the drive (typically C:\)
NEXT:

We need to run an MBAM Scan
  1. Please download Malwarebytes Anti-Malware and save it to your desktop.
    alternate download link 1
    alternate download link 2
  2. Make sure you are connected to the Internet.
  3. Double-click on Download_mbam-setup.exe to install the application.
  4. When the installation begins, follow the prompts and do not make any changes to default settings.
  5. When installation has finished, make sure you leave both of these checked:
    • Update Malwarebytes' Anti-Malware
    • Launch Malwarebytes' Anti-Malware
  6. Then click Finish.
  7. Run MBAM and you will be asked to update the program before performing a scan.
    If an update is found, the program will automatically update itself. Press the OK button to close that box and continue.
    If you encounter any problems while downloading the updates, manually download them from here
    and just double-click on mbam-rules.exe to install.
  8. On the Scanner tab:
    • Make sure the "Perform Quick Scan" option is selected.
    • Then click on the Scan button.
  9. If asked to select the drives to scan, leave all the drives selected and click on the Start Scan button.
  10. The scan will begin and "Scan in progress" will show at the top. It may take some time to complete so please be patient.
  11. When the scan is finished, a message box will say "The scan completed successfully. Click 'Show Results' to display all objects found".
  12. Click OK to close the message box and continue with the removal process.
  13. Back at the main Scanner screen, click on the Show Results button to see a list of any malware that was found.
  14. Make sure that everything is checked, and click Remove Selected.
  15. When removal is completed, a log report will open in Notepad and you may be prompted to restart your computer. (see Note below)
  16. The log is automatically saved and can be viewed by clicking the Logs tab in MBAM.
  17. Copy and paste the contents of that report in your next reply and exit MBAM.

Note: If MBAM encounters a file that is difficult to remove, you will be presented with 1 of 2 prompts. Click OK to either and let MBAM proceed with the disinfection process.
If asked to restart the computer, please do so immediately. Failure to reboot will prevent MBAM from removing all the malware.



In your next reply, please include the following:
  • ComboFix.txt
  • TDSSKiller.txt
  • MBAM Log

Edited by aommaster, 05 August 2010 - 12:44 PM.

My website: http://aommaster.com
unite_blue.png
Please do not send me PM's requesting for help. The forums are there for a reason : )
If I am helping you and do not respond to your thread for 48 hours, please send me a PM


#12 PopcornSuicide

PopcornSuicide
  • Topic Starter

  • Members
  • 9 posts
  • OFFLINE
  •  
  • Local time:08:58 PM

Posted 06 August 2010 - 02:46 AM

Hey there, I did everything required but I was unable to update malwarebyte anti-malware, the webpage given for manual updating wasn't loading in my browser either. But I did run a scan with the version I had and did manage to find 3 infected items. Here's the logs:

ComboFix 10-08-05.02 - kennett 08/06/2010 16:27:36.3.2 - x86
Microsoft® Windows Vista™ Home Premium 6.0.6000.0.1252.1.1033.18.2045.1271 [GMT 10:00]
Running from: c:\users\kennett\Desktop\ComboFix.exe
Command switches used :: c:\users\kennett\Desktop\CFScript.txt
AV: avast! Antivirus *On-access scanning disabled* (Updated) {7591DB91-41F0-48A3-B128-1A293FD8233D}
SP: avast! Antivirus *disabled* (Updated) {7591DB91-41F0-48A3-B128-1A293FD8233D}
SP: Windows Defender *enabled* (Outdated) {D68DDC3A-831F-4FAE-9E44-DA132C1ACF46}

file zipped: c:\windows\unvise32.exe
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\windows\unvise32.exe

.
((((((((((((((((((((((((( Files Created from 2010-07-06 to 2010-08-06 )))))))))))))))))))))))))))))))
.

2010-08-06 06:35 . 2010-08-06 06:35 -------- d-----w- c:\users\TEMP\AppData\Local\temp
2010-08-06 06:35 . 2010-08-06 06:35 -------- d-----w- c:\users\Public\AppData\Local\temp
2010-08-06 06:35 . 2010-08-06 06:35 -------- d-----w- c:\users\Mcx1\AppData\Local\temp
2010-08-06 06:35 . 2010-08-06 06:35 -------- d-----w- c:\users\Default\AppData\Local\temp
2010-08-06 06:25 . 2010-08-06 06:25 -------- d-----w- C:\32788R22FWJFW
2010-07-28 03:06 . 2010-07-28 03:06 -------- d-----w- c:\windows\system32\MustBeRandomlyNamed
2010-07-28 02:17 . 2010-07-28 02:23 -------- d-----w- C:\rsit
2010-07-20 10:06 . 2010-07-20 10:06 -------- d-----w- c:\users\kennett\AppData\Roaming\Malwarebytes
2010-07-20 10:06 . 2010-04-29 05:39 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2010-07-20 10:06 . 2010-07-20 10:06 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2010-07-20 10:06 . 2010-07-20 10:06 -------- d-----w- c:\programdata\Malwarebytes
2010-07-20 10:06 . 2010-04-29 05:39 20952 ----a-w- c:\windows\system32\drivers\mbam.sys
2010-07-20 09:56 . 2010-07-28 02:23 -------- d-----w- c:\program files\Trend Micro
2010-07-19 13:18 . 2010-06-28 20:37 165456 ----a-w- c:\windows\system32\drivers\aswSP.sys
2010-07-19 13:18 . 2010-06-28 20:32 17744 ----a-w- c:\windows\system32\drivers\aswFsBlk.sys
2010-07-19 13:18 . 2010-06-28 20:33 23376 ----a-w- c:\windows\system32\drivers\aswRdr.sys
2010-07-19 13:18 . 2010-06-28 20:37 46672 ----a-w- c:\windows\system32\drivers\aswTdi.sys
2010-07-19 13:18 . 2010-06-28 20:32 50256 ----a-w- c:\windows\system32\drivers\aswMonFlt.sys
2010-07-19 13:13 . 2010-06-28 20:57 38848 ----a-w- c:\windows\avastSS.scr
2010-07-19 13:13 . 2010-06-28 20:57 165032 ----a-w- c:\windows\system32\aswBoot.exe
2010-07-19 13:13 . 2010-07-19 13:13 -------- d-----w- c:\programdata\Alwil Software
2010-07-19 13:13 . 2010-07-19 13:13 -------- d-----w- c:\program files\Alwil Software
2010-07-19 12:59 . 2010-07-19 13:00 -------- d-----w- c:\program files\SpywareGuard
2010-07-19 12:55 . 2010-04-12 07:29 411368 ----a-w- c:\windows\system32\deployJava1.dll
2010-07-19 11:17 . 2010-07-19 11:21 -------- d-----w- c:\programdata\Kaspersky Lab
2010-07-19 11:17 . 2010-07-19 11:17 -------- d-----w- c:\program files\Kaspersky Lab
2010-07-19 10:42 . 2010-07-19 10:49 -------- d-----w- c:\program files\Common Files\PC Tools
2010-07-19 06:12 . 2010-07-19 06:12 -------- d-----w- c:\users\kennett\AppData\Roaming\CleanMyPC Software
2010-07-19 06:11 . 2010-07-19 06:11 -------- d-----w- c:\program files\CleanMyPC
2010-07-16 12:31 . 2010-07-20 08:36 -------- d-----w- c:\program files\Parallel Port Joystick
2010-07-16 11:25 . 2010-07-16 11:25 -------- d-----w- c:\programdata\FrontLine Registry Cleaner
2010-07-16 11:22 . 2010-07-16 11:22 -------- d-----w- C:\$RECYCLE(0).BIN
2010-07-16 11:22 . 2010-07-19 12:34 -------- d-----w- c:\users\kennett\AppData\Local\temp(123)
2010-07-16 06:18 . 2010-07-16 06:20 -------- d-----w- c:\users\kennett\AppData\Local\Google

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-08-06 06:36 . 2010-05-04 08:23 -------- d-----w- c:\program files\Common Files\Akamai
2010-08-06 06:24 . 2009-04-27 11:26 28029 ----a-w- c:\programdata\nvModes.dat
2010-08-05 13:19 . 2008-07-17 10:39 2978 ----a-w- c:\windows\bthservsdp.dat
2010-07-27 11:52 . 2008-07-17 11:52 -------- d-----w- c:\users\kennett\AppData\Roaming\uTorrent
2010-07-19 12:58 . 2009-06-30 04:14 -------- d-----w- c:\program files\SpywareBlaster
2010-07-19 12:55 . 2008-07-17 10:01 -------- d-----w- c:\program files\Java
2010-07-19 12:45 . 2010-04-29 07:25 -------- d-----w- c:\program files\iTunes
2010-07-19 10:49 . 2008-07-17 10:04 -------- d-----w- c:\program files\Spyware Doctor
2010-07-12 08:19 . 2008-07-17 10:05 -------- d-----w- c:\program files\Steam
2010-07-05 09:53 . 2008-07-17 10:01 -------- d-----w- c:\program files\iPod
2010-07-05 09:46 . 2008-07-17 09:35 -------- d-----w- c:\program files\Bonjour
2010-07-05 09:39 . 2010-07-05 09:39 72504 ----a-w- c:\programdata\Apple Computer\Installer Cache\iTunes 9.2.0.61\SetupAdmin.exe
2010-07-05 09:20 . 2008-07-17 09:44 -------- d-----w- c:\program files\Common Files\Steam
2010-07-03 08:41 . 2009-12-09 07:19 -------- d-----w- c:\users\kennett\AppData\Roaming\Vso
2010-06-14 00:58 . 2009-06-11 15:05 -------- d-----w- c:\programdata\Electronic Arts
2010-05-25 09:15 . 2010-05-25 09:15 47124 ----a-w- c:\users\kennett\AppData\Local\prvlcl.dat
2010-05-18 06:35 . 2010-05-18 06:35 91424 ----a-w- c:\windows\system32\dnssd.dll
2010-05-18 06:35 . 2010-05-18 06:35 107808 ----a-w- c:\windows\system32\dns-sd.exe
2007-12-12 23:23 . 2008-07-17 09:28 76 --sha-r- c:\windows\CT4CET.bin
2007-02-21 19:49 . 2007-02-21 19:49 8192 --sha-w- c:\windows\Users\Default\NTUSER.DAT
.

((((((((((((((((((((((((((((( SnapShot@2010-08-05_11.11.13 )))))))))))))))))))))))))))))))))))))))))
.
+ 2009-04-01 00:57 . 2010-08-06 06:20 42846 c:\windows\System32\WDI\ShutdownPerformanceDiagnostics_SystemData.bin
+ 2010-08-06 06:17 . 2010-08-06 06:17 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.dat
- 2010-08-05 11:03 . 2010-08-05 11:03 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.dat
+ 2010-08-06 06:17 . 2010-08-06 06:17 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat
- 2010-08-05 11:03 . 2010-08-05 11:03 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"DELL Webcam Manager"="c:\program files\DELL\DELL Webcam Manager\DellWMgr.exe" [2007-07-27 118784]
"ehTray.exe"="c:\windows\ehome\ehTray.exe" [2006-11-02 125440]
"EA Core"="c:\program files\Electronic Arts\EADM\Core.exe" [BU]
"WMPNSCFG"="c:\program files\Windows Media Player\WMPNSCFG.exe" [2006-11-02 201728]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Windows Defender"="c:\program files\Windows Defender\MSASCui.exe" [2009-04-01 1006264]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2008-06-08 13543968]
"NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2008-06-08 92704]
"NVHotkey"="c:\windows\system32\nvHotkey.dll" [2008-06-08 96800]
"OEM02Mon.exe"="c:\windows\OEM02Mon.exe" [2007-02-01 36864]
"GrooveMonitor"="c:\program files\Microsoft Office\Office12\GrooveMonitor.exe" [2006-10-26 31016]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2010-02-18 248040]
"SigmatelSysTrayApp"="sttray.exe" [2007-03-06 303104]
"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2010-03-17 421888]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2010-06-15 141624]
"avast5"="c:\progra~1\ALWILS~1\Avast5\avastUI.exe" [2010-06-28 2837864]

c:\users\kennett\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
SpywareGuard.lnk - c:\program files\SpywareGuard\sgmain.exe [2003-8-29 360448]

c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
Bluetooth.lnk - c:\program files\WIDCOMM\Bluetooth Software\BTTray.exe [2006-11-3 703280]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"mixer"=wdmaud.drv

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WinDefend]
@="Service"

R4 sptd;sptd;c:\windows\system32\Drivers\sptd.sys [2009-05-09 721904]
S1 aswSP;aswSP; [x]
S2 Akamai;Akamai NetSession Interface;c:\windows\System32\svchost.exe [2006-11-02 22016]
S2 aswFsBlk;aswFsBlk; [x]
S2 aswMonFlt;aswMonFlt;c:\windows\system32\drivers\aswMonFlt.sys [2010-06-28 50256]
S3 PPJoyBus;Parallel Port Joystick Bus device driver;c:\windows\system32\drivers\PPJoyBus.sys [2003-08-10 11330]
S3 PPortJoystick;Parallel Port Joystick device driver;c:\windows\system32\drivers\PPortJoy.sys [2003-08-10 21922]


[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
bthsvcs REG_MULTI_SZ BthServ
Akamai REG_MULTI_SZ Akamai
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.ninemsn.com.au/
uInternet Settings,ProxyOverride = *.local
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000
IE: Send image to &Bluetooth Device... - c:\program files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm
IE: Send page to &Bluetooth Device... - c:\program files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
TCP: {0108F17E-774A-449C-B12F-F44F3536A605} = 192.168.1.1
TCP: {AC4A3680-3606-4625-9FDB-656F1EC0F5F5} = 192.168.1.1
FF - ProfilePath - c:\users\kennett\AppData\Roaming\Mozilla\Firefox\Profiles\t4jel9xq.default\
FF - prefs.js: browser.startup.homepage - hxxp://www.ninemsn.com.au/
FF - plugin: c:\program files\Mozilla Firefox\plugins\np-mswmp.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\npbyond.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\npdeployJava1.dll
.
- - - - ORPHANS REMOVED - - - -

AddRemove-Parallel Port Joystick - c:\windows\unvise32.exe



**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2010-08-06 16:35
Windows 6.0.6000 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
--------------------- LOCKED REGISTRY KEYS ---------------------

[HKEY_USERS\S-1-5-21-260096083-894070482-4272455902-1000\Software\SecuROM\License information*]
"datasecu"=hex:c2,d3,fb,ce,09,7c,37,53,98,bb,32,37,a8,91,62,ac,09,86,02,cc,db,
41,8a,af,a7,b1,d9,6f,ad,50,f4,17,17,0c,58,f9,50,d5,5d,b4,35,23,a5,77,39,6f,\
"rkeysecu"=hex:d3,d3,61,7c,8a,33,ef,04,94,6c,7f,e4,8c,fb,ab,15

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
Completion time: 2010-08-06 16:38:14
ComboFix-quarantined-files.txt 2010-08-06 06:38
ComboFix2.txt 2010-08-05 11:29
ComboFix3.txt 2010-08-05 11:15

Pre-Run: 5,655,666,688 bytes free
Post-Run: 5,623,758,848 bytes free

- - End Of File - - 9E2CD819E98E3848F452C081395A3A02
Upload was successful

2010/08/06 16:45:55.0760 TDSS rootkit removing tool 2.4.1.0 Aug 4 2010 15:06:41
2010/08/06 16:45:55.0760 ================================================================================
2010/08/06 16:45:55.0760 SystemInfo:
2010/08/06 16:45:55.0760
2010/08/06 16:45:55.0760 OS Version: 6.0.6000 ServicePack: 0.0
2010/08/06 16:45:55.0761 Product type: Workstation
2010/08/06 16:45:55.0761 ComputerName: POPCORNSUICIDE
2010/08/06 16:45:55.0761 UserName: kennett
2010/08/06 16:45:55.0761 Windows directory: C:\Windows
2010/08/06 16:45:55.0761 System windows directory: C:\Windows
2010/08/06 16:45:55.0761 Processor architecture: Intel x86
2010/08/06 16:45:55.0761 Number of processors: 2
2010/08/06 16:45:55.0761 Page size: 0x1000
2010/08/06 16:45:55.0761 Boot type: Normal boot
2010/08/06 16:45:55.0761 ================================================================================
2010/08/06 16:45:56.0131 Initialize success
2010/08/06 16:46:03.0208 ================================================================================
2010/08/06 16:46:03.0208 Scan started
2010/08/06 16:46:03.0208 Mode: Manual;
2010/08/06 16:46:03.0208 ================================================================================
2010/08/06 16:46:04.0153 ACPI (84fc6df81212d16be5c4f441682feccc) C:\Windows\system32\drivers\acpi.sys
2010/08/06 16:46:04.0196 adp94xx (2edc5bbac6c651ece337bde8ed97c9fb) C:\Windows\system32\drivers\adp94xx.sys
2010/08/06 16:46:04.0221 adpahci (b84088ca3cdca97da44a984c6ce1ccad) C:\Windows\system32\drivers\adpahci.sys
2010/08/06 16:46:04.0248 adpu160m (7880c67bccc27c86fd05aa2afb5ea469) C:\Windows\system32\drivers\adpu160m.sys
2010/08/06 16:46:04.0271 adpu320 (9ae713f8e30efc2abccd84904333df4d) C:\Windows\system32\drivers\adpu320.sys
2010/08/06 16:46:04.0311 AFD (5d24caf8efd924a875698ff28384db8b) C:\Windows\system32\drivers\afd.sys
2010/08/06 16:46:04.0353 agp440 (8b10ce1c1f9f1d47e4deb1a547a00cd4) C:\Windows\system32\drivers\agp440.sys
2010/08/06 16:46:04.0376 aic78xx (ae1fdf7bf7bb6c6a70f67699d880592a) C:\Windows\system32\drivers\djsvs.sys
2010/08/06 16:46:04.0496 aliide (dc67a153fdb8105b25d05334b5e1d8e2) C:\Windows\system32\drivers\aliide.sys
2010/08/06 16:46:04.0521 amdagp (848f27e5b27c1c253f6cefdc1a5d8f21) C:\Windows\system32\drivers\amdagp.sys
2010/08/06 16:46:04.0536 amdide (835c4c3355088298a5ebd818fa31430f) C:\Windows\system32\drivers\amdide.sys
2010/08/06 16:46:04.0556 AmdK7 (dc487885bcef9f28eece6fac0e5ddfc5) C:\Windows\system32\drivers\amdk7.sys
2010/08/06 16:46:04.0578 AmdK8 (0ca0071da4315b00fc1328ca86b425da) C:\Windows\system32\drivers\amdk8.sys
2010/08/06 16:46:04.0671 arc (5f673180268bb1fdb69c99b6619fe379) C:\Windows\system32\drivers\arc.sys
2010/08/06 16:46:04.0701 arcsas (957f7540b5e7f602e44648c7de5a1c05) C:\Windows\system32\drivers\arcsas.sys
2010/08/06 16:46:04.0796 aswFsBlk (0c0b08847f2f24baa7bd43d8f2c6c8b0) C:\Windows\system32\drivers\aswFsBlk.sys
2010/08/06 16:46:04.0846 aswMonFlt (effc39a1edf04e83a42279d9daa696a7) C:\Windows\system32\drivers\aswMonFlt.sys
2010/08/06 16:46:04.0881 aswRdr (f385ffd39165453fda96736aa3edfd9d) C:\Windows\system32\drivers\aswRdr.sys
2010/08/06 16:46:04.0898 aswSP (45adea26bf613a54fed64ecdd12e58a7) C:\Windows\system32\drivers\aswSP.sys
2010/08/06 16:46:04.0916 aswTdi (c4ee975c87176f1900662d2874233c7f) C:\Windows\system32\drivers\aswTdi.sys
2010/08/06 16:46:04.0948 AsyncMac (e86cf7ce67d5de898f27ef884dc357d8) C:\Windows\system32\DRIVERS\asyncmac.sys
2010/08/06 16:46:04.0976 atapi (b35cfcef838382ab6490b321c87edf17) C:\Windows\system32\drivers\atapi.sys
2010/08/06 16:46:05.0111 bcm4sbxp (cd4646067cc7dcba1907fa0acf7e3966) C:\Windows\system32\DRIVERS\bcm4sbxp.sys
2010/08/06 16:46:05.0158 Beep (ac3dd1708b22761ebd7cbe14dcc3b5d7) C:\Windows\system32\drivers\Beep.sys
2010/08/06 16:46:05.0243 bowser (913cd06fbe9105ce6077e90fd4418561) C:\Windows\system32\DRIVERS\bowser.sys
2010/08/06 16:46:05.0271 BrFiltLo (9f9acc7f7ccde8a15c282d3f88b43309) C:\Windows\system32\drivers\brfiltlo.sys
2010/08/06 16:46:05.0301 BrFiltUp (56801ad62213a41f6497f96dee83755a) C:\Windows\system32\drivers\brfiltup.sys
2010/08/06 16:46:05.0328 Brserid (b304e75cff293029eddf094246747113) C:\Windows\system32\drivers\brserid.sys
2010/08/06 16:46:05.0346 BrSerWdm (203f0b1e73adadbbb7b7b1fabd901f6b) C:\Windows\system32\drivers\brserwdm.sys
2010/08/06 16:46:05.0421 BrUsbMdm (bd456606156ba17e60a04e18016ae54b) C:\Windows\system32\drivers\brusbmdm.sys
2010/08/06 16:46:05.0441 BrUsbSer (af72ed54503f717a43268b3cc5faec2e) C:\Windows\system32\drivers\brusbser.sys
2010/08/06 16:46:05.0478 BthEnum (cf97c2d6a011ee9403b42191b5f95ba8) C:\Windows\system32\DRIVERS\BthEnum.sys
2010/08/06 16:46:05.0498 BTHMODEM (ad07c1ec6665b8b35741ab91200c6b68) C:\Windows\system32\DRIVERS\bthmodem.sys
2010/08/06 16:46:05.0526 BthPan (b8c3d9ddf85fd197c3e5f849fef71144) C:\Windows\system32\DRIVERS\bthpan.sys
2010/08/06 16:46:05.0571 BTHPORT (b4ce8000aab30a9ab16cd0fb3db4d7cf) C:\Windows\system32\Drivers\BTHport.sys
2010/08/06 16:46:05.0596 BTHUSB (9a4ddc8544c1459aa2a118a8858dade3) C:\Windows\system32\Drivers\BTHUSB.sys
2010/08/06 16:46:05.0638 btwaudio (4a28e7bd365377d0512b7ef8c7596d2c) C:\Windows\system32\drivers\btwaudio.sys
2010/08/06 16:46:05.0658 btwavdt (5ffde57253d665067b0886612817eb11) C:\Windows\system32\drivers\btwavdt.sys
2010/08/06 16:46:05.0743 btwrchid (ab07dc8b05c31a4f95fc73019be9db15) C:\Windows\system32\DRIVERS\btwrchid.sys
2010/08/06 16:46:05.0878 cdfs (6c3a437fc873c6f6a4fc620b6888cb86) C:\Windows\system32\DRIVERS\cdfs.sys
2010/08/06 16:46:05.0903 cdrom (8d1866e61af096ae8b582454f5e4d303) C:\Windows\system32\DRIVERS\cdrom.sys
2010/08/06 16:46:05.0923 circlass (da8e0afc7baa226c538ef53ac2f90897) C:\Windows\system32\drivers\circlass.sys
2010/08/06 16:46:05.0961 CLFS (1b84fd0937d3b99af9ba38ddff3daf54) C:\Windows\system32\CLFS.sys
2010/08/06 16:46:06.0053 CmBatt (ed97ad3df1b9005989eaf149bf06c821) C:\Windows\system32\DRIVERS\CmBatt.sys
2010/08/06 16:46:06.0086 cmdide (e79cbb2195e965f6e3256e2c1b23fd1c) C:\Windows\system32\drivers\cmdide.sys
2010/08/06 16:46:06.0123 Compbatt (722936afb75a7f509662b69b5632f48a) C:\Windows\system32\DRIVERS\compbatt.sys
2010/08/06 16:46:06.0138 crcdisk (2a213ae086bbec5e937553c7d9a2b22c) C:\Windows\system32\drivers\crcdisk.sys
2010/08/06 16:46:06.0158 Crusoe (22a7f883508176489f559ee745b5bf5d) C:\Windows\system32\drivers\crusoe.sys
2010/08/06 16:46:06.0191 DfsC (a7179de59ae269ab70345527894ccd7c) C:\Windows\system32\Drivers\dfsc.sys
2010/08/06 16:46:06.0248 disk (841af4c4d41d3e3b2f244e976b0f7963) C:\Windows\system32\drivers\disk.sys
2010/08/06 16:46:06.0281 drmkaud (ee472cd2c01f6f8e8aa1fa06ffef61b6) C:\Windows\system32\drivers\drmkaud.sys
2010/08/06 16:46:06.0326 DXGKrnl (334988883de69adb27e2cf9f9715bbdb) C:\Windows\System32\drivers\dxgkrnl.sys
2010/08/06 16:46:06.0401 E1G60 (f88fb26547fd2ce6d0a5af2985892c48) C:\Windows\system32\DRIVERS\E1G60I32.sys
2010/08/06 16:46:06.0461 Ecache (0efc7531b936ee57fdb4e837664c509f) C:\Windows\system32\drivers\ecache.sys
2010/08/06 16:46:06.0498 elxstor (e8f3f21a71720c84bcf423b80028359f) C:\Windows\system32\drivers\elxstor.sys
2010/08/06 16:46:06.0536 fastfat (84a317cb0b3954d3768cdcd018dbf670) C:\Windows\system32\drivers\fastfat.sys
2010/08/06 16:46:06.0558 fdc (63bdada84951b9c03e641800e176898a) C:\Windows\system32\DRIVERS\fdc.sys
2010/08/06 16:46:06.0591 FileInfo (65773d6115c037ffd7ef8280ae85eb9d) C:\Windows\system32\drivers\fileinfo.sys
2010/08/06 16:46:06.0608 Filetrace (c226dd0de060745f3e042f58dcf78402) C:\Windows\system32\drivers\filetrace.sys
2010/08/06 16:46:06.0653 flpydisk (6603957eff5ec62d25075ea8ac27de68) C:\Windows\system32\DRIVERS\flpydisk.sys
2010/08/06 16:46:06.0671 FltMgr (a6a8da7ae4d53394ab22ac3ab6d3f5d3) C:\Windows\system32\drivers\fltmgr.sys
2010/08/06 16:46:06.0713 Fs_Rec (66a078591208baa210c7634b11eb392c) C:\Windows\system32\drivers\Fs_Rec.sys
2010/08/06 16:46:06.0778 gagp30kx (4e1cd0a45c50a8882616cae5bf82f3c5) C:\Windows\system32\drivers\gagp30kx.sys
2010/08/06 16:46:06.0833 GEARAspiWDM (8182ff89c65e4d38b2de4bb0fb18564e) C:\Windows\system32\DRIVERS\GEARAspiWDM.sys
2010/08/06 16:46:06.0866 HdAudAddService (cb04c744be0a61b1d648faed182c3b59) C:\Windows\system32\drivers\HdAudio.sys
2010/08/06 16:46:06.0893 HDAudBus (0db613a7e427b5663563677796fd5258) C:\Windows\system32\DRIVERS\HDAudBus.sys
2010/08/06 16:46:06.0918 HidBth (1338520e78d90154ed6be8f84de5fceb) C:\Windows\system32\DRIVERS\hidbth.sys
2010/08/06 16:46:06.0936 HidIr (ff3160c3a2445128c5a6d9b076da519e) C:\Windows\system32\drivers\hidir.sys
2010/08/06 16:46:06.0966 HidUsb (3c64042b95e583b366ba4e5d2450235e) C:\Windows\system32\DRIVERS\hidusb.sys
2010/08/06 16:46:06.0991 HpCISSs (df353b401001246853763c4b7aaa6f50) C:\Windows\system32\drivers\hpcisss.sys
2010/08/06 16:46:07.0021 HSFHWAZL (46d67209550973257601a533e2ac5785) C:\Windows\system32\DRIVERS\VSTAZL3.SYS
2010/08/06 16:46:07.0076 HSF_DPV (e9e589c9ab799f52e18f057635a2b362) C:\Windows\system32\DRIVERS\HSX_DPV.sys
2010/08/06 16:46:07.0171 HssDrv (6e38ac4eae059412b80af2263c004fd0) C:\Windows\system32\DRIVERS\HssDrv.sys
2010/08/06 16:46:07.0218 HSXHWAZL (7845d2385f4dc7dfb3ccaf0c2fa4948e) C:\Windows\system32\DRIVERS\HSXHWAZL.sys
2010/08/06 16:46:07.0271 HTTP (f31d27ccf514549a17e79bebe01b40b6) C:\Windows\system32\drivers\HTTP.sys
2010/08/06 16:46:07.0293 i2omp (324c2152ff2c61abae92d09f3cca4d63) C:\Windows\system32\drivers\i2omp.sys
2010/08/06 16:46:07.0338 i8042prt (1c9ee072baa3abb460b91d7ee9152660) C:\Windows\system32\DRIVERS\i8042prt.sys
2010/08/06 16:46:07.0368 iaStorV (c957bf4b5d80b46c5017bf0101e6c906) C:\Windows\system32\drivers\iastorv.sys
2010/08/06 16:46:07.0393 iirsp (2d077bf86e843f901d8db709c95b49a5) C:\Windows\system32\drivers\iirsp.sys
2010/08/06 16:46:07.0451 intelide (988981c840084f480ba9e3319cebde1b) C:\Windows\system32\drivers\intelide.sys
2010/08/06 16:46:07.0536 intelppm (ce44cc04262f28216dd4341e9e36a16f) C:\Windows\system32\DRIVERS\intelppm.sys
2010/08/06 16:46:07.0578 IpFilterDriver (880c6f86cc3f551b8fea2c11141268c0) C:\Windows\system32\DRIVERS\ipfltdrv.sys
2010/08/06 16:46:07.0606 IPMIDRV (40f34f8aba2a015d780e4b09138b6c17) C:\Windows\system32\drivers\ipmidrv.sys
2010/08/06 16:46:07.0631 IPNAT (10077c35845101548037df04fd1a420b) C:\Windows\system32\DRIVERS\ipnat.sys
2010/08/06 16:46:07.0666 IRENUM (a82f328f4792304184642d6d397bb1e3) C:\Windows\system32\drivers\irenum.sys
2010/08/06 16:46:07.0688 isapnp (2f8ece2699e7e2070545e9b0960a8ed2) C:\Windows\system32\drivers\isapnp.sys
2010/08/06 16:46:07.0708 iScsiPrt (4dca456d4d5723f8fa9c6760d240b0df) C:\Windows\system32\DRIVERS\msiscsi.sys
2010/08/06 16:46:07.0726 iteatapi (bced60d16156e428f8df8cf27b0df150) C:\Windows\system32\drivers\iteatapi.sys
2010/08/06 16:46:07.0751 iteraid (06fa654504a498c30adca8bec4e87e7e) C:\Windows\system32\drivers\iteraid.sys
2010/08/06 16:46:07.0778 kbdclass (b076b2ab806b3f696dab21375389101c) C:\Windows\system32\DRIVERS\kbdclass.sys
2010/08/06 16:46:07.0881 kbdhid (ed61dbc6603f612b7338283edbacbc4b) C:\Windows\system32\DRIVERS\kbdhid.sys
2010/08/06 16:46:07.0931 KSecDD (11d0bc1f2afd8abbb5a3dc47a042de54) C:\Windows\system32\Drivers\ksecdd.sys
2010/08/06 16:46:07.0971 lltdio (fd015b4f95daa2b712f0e372a116fbad) C:\Windows\system32\DRIVERS\lltdio.sys
2010/08/06 16:46:08.0006 LSI_FC (a2262fb9f28935e862b4db46438c80d2) C:\Windows\system32\drivers\lsi_fc.sys
2010/08/06 16:46:08.0023 LSI_SAS (30d73327d390f72a62f32c103daf1d6d) C:\Windows\system32\drivers\lsi_sas.sys
2010/08/06 16:46:08.0058 LSI_SCSI (e1e36fefd45849a95f1ab81de0159fe3) C:\Windows\system32\drivers\lsi_scsi.sys
2010/08/06 16:46:08.0096 luafv (42885bb44b6e065b8575a8dd6c430c52) C:\Windows\system32\drivers\luafv.sys
2010/08/06 16:46:08.0211 mdmxsdk (0cea2d0d3fa284b85ed5b68365114f76) C:\Windows\system32\DRIVERS\mdmxsdk.sys
2010/08/06 16:46:08.0233 megasas (d153b14fc6598eae8422a2037553adce) C:\Windows\system32\drivers\megasas.sys
2010/08/06 16:46:08.0266 Modem (21755967298a46fb6adfec9db6012211) C:\Windows\system32\drivers\modem.sys
2010/08/06 16:46:08.0291 monitor (7446e104a5fe5987ca9e4983fbac4f97) C:\Windows\system32\DRIVERS\monitor.sys
2010/08/06 16:46:08.0318 mouclass (5fba13c1a1841b0885d316ed3589489d) C:\Windows\system32\DRIVERS\mouclass.sys
2010/08/06 16:46:08.0341 mouhid (b569b5c5d3bde545df3a6af512cccdba) C:\Windows\system32\DRIVERS\mouhid.sys
2010/08/06 16:46:08.0353 MountMgr (01f1e5a3e4877c931cbb31613fec16a6) C:\Windows\system32\drivers\mountmgr.sys
2010/08/06 16:46:08.0373 mpio (583a41f26278d9e0ea548163d6139397) C:\Windows\system32\drivers\mpio.sys
2010/08/06 16:46:08.0406 mpsdrv (6e7a7f0c1193ee5648443fe2d4b789ec) C:\Windows\system32\drivers\mpsdrv.sys
2010/08/06 16:46:08.0428 Mraid35x (4fbbb70d30fd20ec51f80061703b001e) C:\Windows\system32\drivers\mraid35x.sys
2010/08/06 16:46:08.0456 MRxDAV (1d8828b98ee309d65e006f0829e280e5) C:\Windows\system32\drivers\mrxdav.sys
2010/08/06 16:46:08.0538 mrxsmb (529b64f9735d27fef1b8ea1678f8c79e) C:\Windows\system32\DRIVERS\mrxsmb.sys
2010/08/06 16:46:08.0561 mrxsmb10 (2bbd3970018270d2c6a0b069f568154e) C:\Windows\system32\DRIVERS\mrxsmb10.sys
2010/08/06 16:46:08.0581 mrxsmb20 (30a67c7d8b80281028916ded6a64aec9) C:\Windows\system32\DRIVERS\mrxsmb20.sys
2010/08/06 16:46:08.0608 msahci (d420bc42a637ac3cc4f411220549c0dc) C:\Windows\system32\drivers\msahci.sys
2010/08/06 16:46:08.0638 msdsm (3fc82a2ae4cc149165a94699183d3028) C:\Windows\system32\drivers\msdsm.sys
2010/08/06 16:46:08.0676 Msfs (729eafefd4e7417165f353a18dbe947d) C:\Windows\system32\drivers\Msfs.sys
2010/08/06 16:46:08.0701 msisadrv (5f454a16a5146cd91a176d70f0cfa3ec) C:\Windows\system32\drivers\msisadrv.sys
2010/08/06 16:46:08.0731 MSKSSRV (892cedefa7e0ffe7be8da651b651d047) C:\Windows\system32\drivers\MSKSSRV.sys
2010/08/06 16:46:08.0758 MSPCLOCK (ae2cb1da69b2676b4cee2a501af5871c) C:\Windows\system32\drivers\MSPCLOCK.sys
2010/08/06 16:46:08.0776 MSPQM (f910da84fa90c44a3addb7cd874463fd) C:\Windows\system32\drivers\MSPQM.sys
2010/08/06 16:46:08.0873 MsRPC (84571c0ae07647ba38d493f5f0015df7) C:\Windows\system32\drivers\MsRPC.sys
2010/08/06 16:46:08.0901 mssmbios (4385c80ede885e25492d408cad91bd6f) C:\Windows\system32\DRIVERS\mssmbios.sys
2010/08/06 16:46:08.0923 MSTEE (c826dd1373f38afd9ca46ec3c436a14e) C:\Windows\system32\drivers\MSTEE.sys
2010/08/06 16:46:08.0943 Mup (fa7aa70050cf5e2d15de00941e5665e5) C:\Windows\system32\Drivers\mup.sys
2010/08/06 16:46:08.0996 NativeWifiP (6da4a0fc7c0e83df0cb3cfd0a514c3bc) C:\Windows\system32\DRIVERS\nwifi.sys
2010/08/06 16:46:09.0033 NDIS (227c11e1e7cf6ef8afb2a238d209760c) C:\Windows\system32\drivers\ndis.sys
2010/08/06 16:46:09.0148 NdisTapi (81659cdcbd0f9a9e07e6878ad8c78d3f) C:\Windows\system32\DRIVERS\ndistapi.sys
2010/08/06 16:46:09.0193 Ndisuio (5de5ee546bf40838ebe0e01cb629df64) C:\Windows\system32\DRIVERS\ndisuio.sys
2010/08/06 16:46:09.0226 NdisWan (397402adcbb8946223a1950101f6cd94) C:\Windows\system32\DRIVERS\ndiswan.sys
2010/08/06 16:46:09.0253 NDProxy (1b24fa907af283199a81b3bb37e5e526) C:\Windows\system32\drivers\NDProxy.sys
2010/08/06 16:46:09.0281 NetBIOS (356dbb9f98e8dc1028dd3092fceeb877) C:\Windows\system32\DRIVERS\netbios.sys
2010/08/06 16:46:09.0308 netbt (e3a168912e7eefc3bd3b814720d68b41) C:\Windows\system32\DRIVERS\netbt.sys
2010/08/06 16:46:09.0391 NETw3v32 (a15f219208843a5a210c8cb391384453) C:\Windows\system32\DRIVERS\NETw3v32.sys
2010/08/06 16:46:09.0483 nfrd960 (2e7fb731d4790a1bc6270accefacb36e) C:\Windows\system32\drivers\nfrd960.sys
2010/08/06 16:46:09.0516 Npfs (4f9832beb9fafd8ceb0e541f1323b26e) C:\Windows\system32\drivers\Npfs.sys
2010/08/06 16:46:09.0541 nsiproxy (b488dfec274de1fc9d653870ef2587be) C:\Windows\system32\drivers\nsiproxy.sys
2010/08/06 16:46:09.0603 Ntfs (37430aa7a66d7a63407adc2c0d05e9f6) C:\Windows\system32\drivers\Ntfs.sys
2010/08/06 16:46:09.0633 ntrigdigi (e875c093aec0c978a90f30c9e0dfbb72) C:\Windows\system32\drivers\ntrigdigi.sys
2010/08/06 16:46:09.0648 Null (ec5efb3c60f1b624648344a328bce596) C:\Windows\system32\drivers\Null.sys
2010/08/06 16:46:09.0863 nvlddmkm (440690da4358d9682dbcc56da7d419ab) C:\Windows\system32\DRIVERS\nvlddmkm.sys
2010/08/06 16:46:10.0003 nvraid (e69e946f80c1c31c53003bfbf50cbb7c) C:\Windows\system32\drivers\nvraid.sys
2010/08/06 16:46:10.0026 nvstor (9e0ba19a28c498a6d323d065db76dffc) C:\Windows\system32\drivers\nvstor.sys
2010/08/06 16:46:10.0066 nv_agp (055081fd5076401c1ee1bcab08d81911) C:\Windows\system32\drivers\nv_agp.sys
2010/08/06 16:46:10.0156 OEM02Dev (9d20fa5d8875f6063aa5e1c44446f698) C:\Windows\system32\DRIVERS\OEM02Dev.sys
2010/08/06 16:46:10.0178 OEM02Vfx (86326062a90494bdd79ce383511d7d69) C:\Windows\system32\DRIVERS\OEM02Vfx.sys
2010/08/06 16:46:10.0203 ohci1394 (be32da025a0be1878f0ee8d6d9386cd5) C:\Windows\system32\DRIVERS\ohci1394.sys
2010/08/06 16:46:10.0251 Parport (0fa9b5055484649d63c303fe404e5f4d) C:\Windows\system32\drivers\parport.sys
2010/08/06 16:46:10.0343 partmgr (555a5b2c8022983bc7467bc925b222ee) C:\Windows\system32\drivers\partmgr.sys
2010/08/06 16:46:10.0363 Parvdm (4f9a6a8a31413180d0fcb279ad5d8112) C:\Windows\system32\drivers\parvdm.sys
2010/08/06 16:46:10.0386 pci (1085d75657807e0e8b32f9e19a1647c3) C:\Windows\system32\drivers\pci.sys
2010/08/06 16:46:10.0418 pciide (b2fc76090ef1003463ccb07cabb35cff) C:\Windows\system32\drivers\pciide.sys
2010/08/06 16:46:10.0451 pcmcia (e6f3fb1b86aa519e7698ad05e58b04e5) C:\Windows\system32\drivers\pcmcia.sys
2010/08/06 16:46:10.0518 PEAUTH (6349f6ed9c623b44b52ea3c63c831a92) C:\Windows\system32\drivers\peauth.sys
2010/08/06 16:46:10.0673 PPJoyBus (09a88b59ac787bdca15861cd7f7a6e18) C:\Windows\system32\drivers\PPJoyBus.sys
2010/08/06 16:46:10.0706 PPortJoystick (77281e386f96765062d85791f9e6a011) C:\Windows\system32\drivers\PPortJoy.sys
2010/08/06 16:46:10.0746 PptpMiniport (6c359ac71d7b550a0d41f9db4563ce05) C:\Windows\system32\DRIVERS\raspptp.sys
2010/08/06 16:46:10.0768 Processor (0e3cef5d28b40cf273281d620c50700a) C:\Windows\system32\drivers\processr.sys
2010/08/06 16:46:10.0808 PSched (2c8bae55247c4e09352e870292e4d1ab) C:\Windows\system32\DRIVERS\pacer.sys
2010/08/06 16:46:10.0858 ql2300 (ccdac889326317792480c0a67156a1ec) C:\Windows\system32\drivers\ql2300.sys
2010/08/06 16:46:10.0953 ql40xx (81a7e5c076e59995d54bc1ed3a16e60b) C:\Windows\system32\drivers\ql40xx.sys
2010/08/06 16:46:10.0978 QWAVEdrv (d2b3e2b7426dc23e185fbc73c8936c12) C:\Windows\system32\drivers\qwavedrv.sys
2010/08/06 16:46:11.0001 RasAcd (bd7b30f55b3649506dd8b3d38f571d2a) C:\Windows\system32\DRIVERS\rasacd.sys
2010/08/06 16:46:11.0038 Rasl2tp (88587dd843e2059848995b407b67f6cf) C:\Windows\system32\DRIVERS\rasl2tp.sys
2010/08/06 16:46:11.0066 RasPppoe (ccf4e9c6cbbac81437f88cb2ae0b6c96) C:\Windows\system32\DRIVERS\raspppoe.sys
2010/08/06 16:46:11.0101 rdbss (54129c5d9581bbec8bd1ebd3ba813f47) C:\Windows\system32\DRIVERS\rdbss.sys
2010/08/06 16:46:11.0123 RDPCDD (794585276b5d7fca9f3fc15543f9f0b9) C:\Windows\system32\DRIVERS\RDPCDD.sys
2010/08/06 16:46:11.0153 rdpdr (0245418224cfa77bf4b41c2fe0622258) C:\Windows\system32\drivers\rdpdr.sys
2010/08/06 16:46:11.0171 RDPENCDD (980b56e2e273e19d3a9d72d5c420f008) C:\Windows\system32\drivers\rdpencdd.sys
2010/08/06 16:46:11.0201 RDPWD (8830e790a74a96605faba74f9665bb3c) C:\Windows\system32\drivers\RDPWD.sys
2010/08/06 16:46:11.0276 RFCOMM (7ec90c316177ba3f1bce92005264b447) C:\Windows\system32\DRIVERS\rfcomm.sys
2010/08/06 16:46:11.0308 rimmptsk (d85e3fa9f5b1f29bb4ed185c450d1470) C:\Windows\system32\DRIVERS\rimmptsk.sys
2010/08/06 16:46:11.0341 rimsptsk (db8eb01c58c9fada00c70b1775278ae0) C:\Windows\system32\DRIVERS\rimsptsk.sys
2010/08/06 16:46:11.0366 rismxdp (6c1f93c0760c9f79a1869d07233df39d) C:\Windows\system32\DRIVERS\rixdptsk.sys
2010/08/06 16:46:11.0403 rspndr (97e939d2128fec5d5a3e6e79b290a2f4) C:\Windows\system32\DRIVERS\rspndr.sys
2010/08/06 16:46:11.0428 sbp2port (3ce8f073a557e172b330109436984e30) C:\Windows\system32\drivers\sbp2port.sys
2010/08/06 16:46:11.0471 sdbus (7b3973cc28b8aa3e9e2e5d53e720e2c9) C:\Windows\system32\DRIVERS\sdbus.sys
2010/08/06 16:46:11.0506 secdrv (90a3935d05b494a5a39d37e71f09a677) C:\Windows\system32\drivers\secdrv.sys
2010/08/06 16:46:11.0531 Serenum (68e44e331d46f0fb38f0863a84cd1a31) C:\Windows\system32\drivers\serenum.sys
2010/08/06 16:46:11.0548 Serial (c70d69a918b178d3c3b06339b40c2e1b) C:\Windows\system32\drivers\serial.sys
2010/08/06 16:46:11.0628 sermouse (450accd77ec5cea720c1cdb9e26b953b) C:\Windows\system32\drivers\sermouse.sys
2010/08/06 16:46:11.0663 sffdisk (51cf56aa8bcc241f134b420b8f850406) C:\Windows\system32\drivers\sffdisk.sys
2010/08/06 16:46:11.0678 sffp_mmc (96ded8b20c734ac41641ce275250e55d) C:\Windows\system32\drivers\sffp_mmc.sys
2010/08/06 16:46:11.0691 sffp_sd (8b08cab1267b2c377883fc9e56981f90) C:\Windows\system32\drivers\sffp_sd.sys
2010/08/06 16:46:11.0706 sfloppy (46ed8e91793b2e6f848015445a0ac188) C:\Windows\system32\drivers\sfloppy.sys
2010/08/06 16:46:11.0733 sisagp (08072b2fb92477fc813271a84b3a8698) C:\Windows\system32\drivers\sisagp.sys
2010/08/06 16:46:11.0763 SiSRaid2 (cedd6f4e7d84e9f98b34b3fe988373aa) C:\Windows\system32\drivers\sisraid2.sys
2010/08/06 16:46:11.0786 SiSRaid4 (df843c528c4f69d12ce41ce462e973a7) C:\Windows\system32\drivers\sisraid4.sys
2010/08/06 16:46:11.0816 Smb (ac0d90738adb51a6fd12ff00874a2162) C:\Windows\system32\DRIVERS\smb.sys
2010/08/06 16:46:11.0843 spldr (426f9b029aa9162ceccf65369457d046) C:\Windows\system32\drivers\spldr.sys
2010/08/06 16:46:11.0906 sptd (d15da1ba189770d93eea2d7e18f95af9) C:\Windows\system32\Drivers\sptd.sys
2010/08/06 16:46:11.0986 srv (c962e98179e54b769028c025c7e470a5) C:\Windows\system32\DRIVERS\srv.sys
2010/08/06 16:46:12.0013 srv2 (e8c4d5bca3c7b5c2a040052aa467b5bf) C:\Windows\system32\DRIVERS\srv2.sys
2010/08/06 16:46:12.0038 srvnet (cd11a0767e82dd8b1a3a26d305dbec0f) C:\Windows\system32\DRIVERS\srvnet.sys
2010/08/06 16:46:12.0106 STHDA (3cfea727795243364bb6a7f9a091faa3) C:\Windows\system32\drivers\stwrt.sys
2010/08/06 16:46:12.0148 swenum (3b80b4383c9bce13279c8482734b32b2) C:\Windows\system32\DRIVERS\swenum.sys
2010/08/06 16:46:12.0183 Symc8xx (192aa3ac01df071b541094f251deed10) C:\Windows\system32\drivers\symc8xx.sys
2010/08/06 16:46:12.0203 Sym_hi (8c8eb8c76736ebaf3b13b633b2e64125) C:\Windows\system32\drivers\sym_hi.sys
2010/08/06 16:46:12.0263 Sym_u3 (8072af52b5fd103bbba387a1e49f62cb) C:\Windows\system32\drivers\sym_u3.sys
2010/08/06 16:46:12.0308 tap0901 (34f1bcb847a924a161422f106a79b9ff) C:\Windows\system32\DRIVERS\tap0901.sys
2010/08/06 16:46:12.0361 tapvpn (27a2c318cd28cfb3eb2200fd96af1e58) C:\Windows\system32\DRIVERS\tapvpn.sys
2010/08/06 16:46:12.0416 Tcpip (5df77458aa92fdb36fce79c60f74ab5d) C:\Windows\system32\drivers\tcpip.sys
2010/08/06 16:46:12.0456 Tcpip6 (5df77458aa92fdb36fce79c60f74ab5d) C:\Windows\system32\DRIVERS\tcpip.sys
2010/08/06 16:46:12.0488 tcpipreg (5ce0c4a7b12d0067dad527d72b68c726) C:\Windows\system32\drivers\tcpipreg.sys
2010/08/06 16:46:12.0506 TDPIPE (964248aef49c31fa6a93201a73ffaf50) C:\Windows\system32\drivers\tdpipe.sys
2010/08/06 16:46:12.0523 TDTCP (7d2c1ae1648a60fce4aa0f7982e419d3) C:\Windows\system32\drivers\tdtcp.sys
2010/08/06 16:46:12.0578 tdx (ab4fde8af4a0270a46a001c08cbce1c2) C:\Windows\system32\DRIVERS\tdx.sys
2010/08/06 16:46:12.0601 TermDD (2c549bd9dd091fbfaa0a2a48e82ec2fb) C:\Windows\system32\DRIVERS\termdd.sys
2010/08/06 16:46:12.0648 tssecsrv (29f0eca726f0d51f7e048bdb0b372f29) C:\Windows\system32\DRIVERS\tssecsrv.sys
2010/08/06 16:46:12.0693 tunmp (a858917785681743c512950fdfa14db7) C:\Windows\system32\DRIVERS\tunmp.sys
2010/08/06 16:46:12.0721 tunnel (29f1d1d888ee61d20d5662e72aa34129) C:\Windows\system32\DRIVERS\tunnel.sys
2010/08/06 16:46:12.0741 uagp35 (c3ade15414120033a36c0f293d4a4121) C:\Windows\system32\drivers\uagp35.sys
2010/08/06 16:46:12.0768 udfs (6348da98707ceda8a0dfb05820e17732) C:\Windows\system32\DRIVERS\udfs.sys
2010/08/06 16:46:12.0816 uliagpkx (6d72ef05921abdf59fc45c7ebfe7e8dd) C:\Windows\system32\drivers\uliagpkx.sys
2010/08/06 16:46:12.0848 uliahci (3cd4ea35a6221b85dcc25daa46313f8d) C:\Windows\system32\drivers\uliahci.sys
2010/08/06 16:46:12.0871 UlSata (8514d0e5cd0534467c5fc61be94a569f) C:\Windows\system32\drivers\ulsata.sys
2010/08/06 16:46:12.0933 ulsata2 (38c3c6e62b157a6bc46594fada45c62b) C:\Windows\system32\drivers\ulsata2.sys
2010/08/06 16:46:12.0953 umbus (3fb78f1d1dd86d87bececd9dffa24dd9) C:\Windows\system32\DRIVERS\umbus.sys
2010/08/06 16:46:12.0973 UMPass (08ea9c0247f391af4d4a16885a1c159d) C:\Windows\system32\DRIVERS\umpass.sys
2010/08/06 16:46:13.0038 USBAAPL (4b8a9c16b6d9258ed99c512aecb8c555) C:\Windows\system32\Drivers\usbaapl.sys
2010/08/06 16:46:13.0056 usbccgp (8bd3ae150d97ba4e633c6c5c51b41ae1) C:\Windows\system32\DRIVERS\usbccgp.sys
2010/08/06 16:46:13.0091 usbcir (e9476e6c486e76bc4898074768fb7131) C:\Windows\system32\drivers\usbcir.sys
2010/08/06 16:46:13.0133 usbehci (63fe924d8a1113c3ba6750693fbec7d3) C:\Windows\system32\DRIVERS\usbehci.sys
2010/08/06 16:46:13.0161 usbhub (5edec5510592c905e91817707dce62a2) C:\Windows\system32\DRIVERS\usbhub.sys
2010/08/06 16:46:13.0203 usbohci (38dbc7dd6cc5a72011f187425384388b) C:\Windows\system32\drivers\usbohci.sys
2010/08/06 16:46:13.0226 usbprint (b51e52acf758be00ef3a58ea452fe360) C:\Windows\system32\DRIVERS\usbprint.sys
2010/08/06 16:46:13.0311 USBSTOR (7887ce56934e7f104e98c975f47353c5) C:\Windows\system32\DRIVERS\USBSTOR.SYS
2010/08/06 16:46:13.0331 usbuhci (325dbbacb8a36af9988ccf40eac228cc) C:\Windows\system32\DRIVERS\usbuhci.sys
2010/08/06 16:46:13.0348 usbvideo (0a6b81f01bc86399482e27e6fda7b33b) C:\Windows\system32\Drivers\usbvideo.sys
2010/08/06 16:46:13.0398 vga (7d92be0028ecdedec74617009084b5ef) C:\Windows\system32\DRIVERS\vgapnp.sys
2010/08/06 16:46:13.0423 VgaSave (17a8f877314e4067f8c8172cc6d9101c) C:\Windows\System32\drivers\vga.sys
2010/08/06 16:46:13.0441 viaagp (d5929a28bdff4367a12caf06af901971) C:\Windows\system32\drivers\viaagp.sys
2010/08/06 16:46:13.0456 ViaC7 (56a4de5f02f2e88182b0981119b4dd98) C:\Windows\system32\drivers\viac7.sys
2010/08/06 16:46:13.0483 viaide (f3b4762eb85a2aff4999401f14c3262b) C:\Windows\system32\drivers\viaide.sys
2010/08/06 16:46:13.0511 volmgr (103e84c95832d0ed93507997cc7b54e8) C:\Windows\system32\drivers\volmgr.sys
2010/08/06 16:46:13.0546 volmgrx (294da8d3f965f6a8db934a83c7b461ff) C:\Windows\system32\drivers\volmgrx.sys
2010/08/06 16:46:13.0573 volsnap (80dc0c9bcb579ed9815001a4d37cbfd5) C:\Windows\system32\drivers\volsnap.sys
2010/08/06 16:46:13.0631 vsmraid (d984439746d42b30fc65a4c3546c6829) C:\Windows\system32\drivers\vsmraid.sys
2010/08/06 16:46:13.0673 WacomPen (48dfee8f1af7c8235d4e626f0c4fe031) C:\Windows\system32\drivers\wacompen.sys
2010/08/06 16:46:13.0701 Wanarp (6798c1209a53b5a0ded8d437c45145ff) C:\Windows\system32\DRIVERS\wanarp.sys
2010/08/06 16:46:13.0706 Wanarpv6 (6798c1209a53b5a0ded8d437c45145ff) C:\Windows\system32\DRIVERS\wanarp.sys
2010/08/06 16:46:13.0738 Wd (afc5ad65b991c1e205cf25cfdbf7a6f4) C:\Windows\system32\drivers\wd.sys
2010/08/06 16:46:13.0783 Wdf01000 (7b5f66e4a2219c7d9daf9e738480e534) C:\Windows\system32\drivers\Wdf01000.sys
2010/08/06 16:46:13.0881 winachsf (4daca8f07537d4d7e3534bb99294aa26) C:\Windows\system32\DRIVERS\HSX_CNXT.sys
2010/08/06 16:46:13.0993 WmiAcpi (17eac0d023a65fa9b02114cc2baacad5) C:\Windows\system32\DRIVERS\wmiacpi.sys
2010/08/06 16:46:14.0061 WpdUsb (2d27171b16a577ef14c1273668753485) C:\Windows\system32\DRIVERS\wpdusb.sys
2010/08/06 16:46:14.0106 ws2ifsl (84620aecdcfd2a7a14e6263927d8c0ed) C:\Windows\system32\drivers\ws2ifsl.sys
2010/08/06 16:46:14.0156 WUDFRd (a2aafcc8a204736296d937c7c545b53f) C:\Windows\system32\DRIVERS\WUDFRd.sys
2010/08/06 16:46:14.0181 XAudio (5a7ff9a18ff6d7e0527fe3abf9204ef8) C:\Windows\system32\DRIVERS\xaudio.sys
2010/08/06 16:46:14.0218 ================================================================================
2010/08/06 16:46:14.0218 Scan finished
2010/08/06 16:46:14.0218 ================================================================================

Malwarebytes' Anti-Malware 1.46
www.malwarebytes.org

Database version: 4052

Windows 6.0.6000
Internet Explorer 7.0.6000.16830

8/6/2010 5:39:04 PM
mbam-log-2010-08-06 (17-39-04).txt

Scan type: Quick scan
Objects scanned: 132973
Time elapsed: 5 minute(s), 43 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 3

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
C:\Users\kennett\Documents\My Music\My Music.url (Trojan.Zlob) -> Quarantined and deleted successfully.
C:\Users\kennett\Documents\My Pictures\My Pictures.url (Trojan.Zlob) -> Quarantined and deleted successfully.
C:\Users\kennett\Documents\My Videos\My Video.url (Trojan.Zlob) -> Quarantined and deleted successfully.


#13 aommaster

aommaster

    I !<3 malware


  • Malware Response Team
  • 5,289 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Dubai
  • Local time:02:58 PM

Posted 06 August 2010 - 11:47 AM

Hello, PopcornSuicide.
Interesting... nothing seems to be showing on the combofix log. I'm assuming you're still getting redirected? If so, please proceed with the following.

We need to run MBRCheck
  1. Please download MBRCheck from one of these locations:
    Link 1
    Link 2
    Link 3
  2. Double click MBRCheck.exe to run
  3. A report called MBRcheck will be on your desktop once the program is done
  4. Please copy and paste that into your reply

NEXT:

We need to run a custom OTL scan
  1. Please download OTL
  2. Save it to your desktop.
  3. Please run OTL on your desktop.
  4. Copy and Paste the following code into the Custom Scans/Fixes textbox. Do not copy the word "code".
    CODE
    netsvcs
    %SYSTEMDRIVE%\*.*
    %systemroot%\*. /mp /s
    %systemroot%\system32\*.dll /lockedfiles
    %systemroot%\Tasks\*.job /lockedfiles
    %systemroot%\System32\config\*.sav
    %systemroot%\system32\drivers\*.sys /90
  5. Click the Run Scan button
  6. A report will open. Copy and Paste that report in your next reply.

In your next reply, please include the following:
  • MBRCheck Log
  • OTL Log

My website: http://aommaster.com
unite_blue.png
Please do not send me PM's requesting for help. The forums are there for a reason : )
If I am helping you and do not respond to your thread for 48 hours, please send me a PM


#14 PopcornSuicide

PopcornSuicide
  • Topic Starter

  • Members
  • 9 posts
  • OFFLINE
  •  
  • Local time:08:58 PM

Posted 08 August 2010 - 02:32 AM

Hey there, still getting the redirects and unable to store login info. Here's the latest logs:

MBRCheck, version 1.2.3
© 2010, AD

Command-line:
Windows Version: Windows Vista Home Premium Edition
Windows Information: (build 6000), 32-bit
Base Board Manufacturer: Dell Inc.
BIOS Manufacturer: Dell Inc.
System Manufacturer: Dell Inc.
System Product Name: Inspiron 1520
Logical Drives Mask: 0x0000000c

Kernel Drivers (total 169):
0x81C00000 \SystemRoot\system32\ntkrnlpa.exe
0x81FA1000 \SystemRoot\system32\hal.dll
0x802C6000 \SystemRoot\system32\kdcom.dll
0x80266000 \SystemRoot\system32\mcupdate_GenuineIntel.dll
0x8025D000 \SystemRoot\system32\PSHED.dll
0x80255000 \SystemRoot\system32\BOOTVID.dll
0x8021A000 \SystemRoot\system32\CLFS.SYS
0x8051F000 \SystemRoot\system32\CI.dll
0x804A4000 \SystemRoot\system32\drivers\Wdf01000.sys
0x8020D000 \SystemRoot\system32\drivers\WDFLDR.SYS
0x80461000 \SystemRoot\system32\drivers\acpi.sys
0x80204000 \SystemRoot\system32\drivers\WMILIB.SYS
0x80459000 \SystemRoot\system32\drivers\msisadrv.sys
0x8044A000 \SystemRoot\system32\drivers\volmgr.sys
0x80425000 \SystemRoot\system32\drivers\pci.sys
0x80201000 \SystemRoot\system32\DRIVERS\compbatt.sys
0x8041B000 \SystemRoot\system32\DRIVERS\BATTC.SYS
0x8040B000 \SystemRoot\System32\drivers\mountmgr.sys
0x80404000 \SystemRoot\system32\drivers\intelide.sys
0x807F2000 \SystemRoot\system32\drivers\PCIIDEX.SYS
0x807A8000 \SystemRoot\System32\drivers\volmgrx.sys
0x807A0000 \SystemRoot\system32\drivers\atapi.sys
0x80782000 \SystemRoot\system32\drivers\ataport.SYS
0x80751000 \SystemRoot\system32\drivers\fltmgr.sys
0x80741000 \SystemRoot\system32\drivers\fileinfo.sys
0x8063D000 \SystemRoot\system32\drivers\ndis.sys
0x80612000 \SystemRoot\system32\drivers\msrpc.sys
0x81BC7000 \SystemRoot\system32\drivers\NETIO.SYS
0x81ABF000 \SystemRoot\System32\Drivers\Ntfs.sys
0x81A55000 \SystemRoot\System32\Drivers\ksecdd.sys
0x81A1F000 \SystemRoot\system32\drivers\volsnap.sys
0x8060A000 \SystemRoot\System32\Drivers\spldr.sys
0x81A10000 \SystemRoot\System32\drivers\partmgr.sys
0x81A01000 \SystemRoot\System32\Drivers\mup.sys
0x877DB000 \SystemRoot\System32\drivers\ecache.sys
0x877CA000 \SystemRoot\system32\drivers\disk.sys
0x877A9000 \SystemRoot\system32\drivers\CLASSPNP.SYS
0x80601000 \SystemRoot\system32\drivers\crcdisk.sys
0x8B150000 \SystemRoot\system32\DRIVERS\tunnel.sys
0x89D32000 \SystemRoot\system32\DRIVERS\tunmp.sys
0x8843E000 \SystemRoot\system32\DRIVERS\intelppm.sys
0x8B8D3000 \SystemRoot\system32\DRIVERS\nvlddmkm.sys
0x8B0B3000 \SystemRoot\System32\drivers\dxgkrnl.sys
0x88431000 \SystemRoot\System32\drivers\watchdog.sys
0x8B15B000 \SystemRoot\system32\DRIVERS\usbuhci.sys
0x89C03000 \SystemRoot\system32\DRIVERS\USBPORT.SYS
0x89CD2000 \SystemRoot\system32\DRIVERS\usbehci.sys
0x89CC0000 \SystemRoot\system32\DRIVERS\HDAudBus.sys
0x8B713000 \SystemRoot\system32\DRIVERS\NETw3v32.sys
0x88111000 \SystemRoot\system32\DRIVERS\bcm4sbxp.sys
0x880D1000 \SystemRoot\system32\DRIVERS\ohci1394.sys
0x8B0A5000 \SystemRoot\system32\DRIVERS\1394BUS.SYS
0x8B08D000 \SystemRoot\system32\DRIVERS\sdbus.sys
0x8B07F000 \SystemRoot\system32\DRIVERS\rimmptsk.sys
0x8B06B000 \SystemRoot\system32\DRIVERS\rimsptsk.sys
0x8B01A000 \SystemRoot\system32\DRIVERS\rixdptsk.sys
0x8B007000 \SystemRoot\system32\DRIVERS\i8042prt.sys
0x8B166000 \SystemRoot\system32\DRIVERS\mouclass.sys
0x8B171000 \SystemRoot\system32\DRIVERS\kbdclass.sys
0x8B6FB000 \SystemRoot\system32\DRIVERS\cdrom.sys
0x8851D000 \SystemRoot\system32\DRIVERS\GEARAspiWDM.sys
0x89C4C000 \SystemRoot\system32\DRIVERS\CmBatt.sys
0x89D3B000 \SystemRoot\system32\DRIVERS\wmiacpi.sys
0x8B6D0000 \SystemRoot\system32\DRIVERS\msiscsi.sys
0x8B690000 \SystemRoot\system32\DRIVERS\storport.sys
0x8B17C000 \SystemRoot\system32\DRIVERS\TDI.SYS
0x89CA7000 \SystemRoot\system32\drivers\PPJoyBus.sys
0x880F1000 \SystemRoot\system32\DRIVERS\HssDrv.sys
0x8B679000 \SystemRoot\system32\DRIVERS\rasl2tp.sys
0x8B187000 \SystemRoot\system32\DRIVERS\ndistapi.sys
0x8B656000 \SystemRoot\system32\DRIVERS\ndiswan.sys
0x881F1000 \SystemRoot\system32\DRIVERS\raspppoe.sys
0x8B643000 \SystemRoot\system32\DRIVERS\raspptp.sys
0x8B634000 \SystemRoot\system32\DRIVERS\termdd.sys
0x885D0000 \SystemRoot\system32\DRIVERS\swenum.sys
0x8B60A000 \SystemRoot\system32\DRIVERS\ks.sys
0x8840C000 \SystemRoot\system32\DRIVERS\mssmbios.sys
0x89CB3000 \SystemRoot\system32\DRIVERS\umbus.sys
0x8C0FC000 \SystemRoot\system32\DRIVERS\usbhub.sys
0x89DC9000 \SystemRoot\system32\drivers\PPortJoy.sys
0x88161000 \SystemRoot\system32\drivers\HIDCLASS.SYS
0x88453000 \SystemRoot\system32\drivers\HIDPARSE.SYS
0x88131000 \SystemRoot\System32\Drivers\NDProxy.SYS
0x8C36C000 \SystemRoot\system32\drivers\stwrt.sys
0x8C33F000 \SystemRoot\system32\drivers\portcls.sys
0x8C007000 \SystemRoot\system32\drivers\drmk.sys
0x8C302000 \SystemRoot\system32\DRIVERS\HSXHWAZL.sys
0x8C4FD000 \SystemRoot\system32\DRIVERS\HSX_DPV.sys
0x8C24E000 \SystemRoot\system32\DRIVERS\HSX_CNXT.sys
0x8C130000 \SystemRoot\system32\drivers\modem.sys
0x89D4D000 \SystemRoot\System32\Drivers\Fs_Rec.SYS
0x884A0000 \SystemRoot\System32\Drivers\Null.SYS
0x884A7000 \SystemRoot\System32\Drivers\Beep.SYS
0x88400000 \SystemRoot\System32\drivers\vga.sys
0x8C22D000 \SystemRoot\System32\drivers\VIDEOPRT.SYS
0x8854E000 \SystemRoot\System32\DRIVERS\RDPCDD.sys
0x88556000 \SystemRoot\system32\drivers\rdpencdd.sys
0x8B192000 \SystemRoot\System32\Drivers\Msfs.SYS
0x8C4EF000 \SystemRoot\System32\Drivers\Npfs.SYS
0x89D5F000 \SystemRoot\System32\DRIVERS\rasacd.sys
0x8C41E000 \SystemRoot\System32\drivers\tcpip.sys
0x8C405000 \SystemRoot\System32\drivers\fwpkclnt.sys
0x8C7EB000 \SystemRoot\system32\DRIVERS\tdx.sys
0x88427000 \SystemRoot\System32\Drivers\aswTdi.SYS
0x8C7D7000 \SystemRoot\system32\DRIVERS\smb.sys
0x8C7A5000 \SystemRoot\System32\DRIVERS\netbt.sys
0x8C75E000 \SystemRoot\system32\drivers\afd.sys
0x89DE2000 \SystemRoot\System32\Drivers\aswRdr.SYS
0x89D95000 \SystemRoot\system32\drivers\ws2ifsl.sys
0x8C748000 \SystemRoot\system32\DRIVERS\pacer.sys
0x8C721000 \SystemRoot\system32\DRIVERS\usbccgp.sys
0x885D8000 \SystemRoot\system32\DRIVERS\USBD.SYS
0x8C6E7000 \SystemRoot\system32\DRIVERS\OEM02Dev.sys
0x885BC000 \SystemRoot\system32\DRIVERS\OEM02Vfx.sys
0x8C6D9000 \SystemRoot\system32\DRIVERS\netbios.sys
0x8C6C6000 \SystemRoot\system32\DRIVERS\wanarp.sys
0x8C68B000 \SystemRoot\system32\DRIVERS\rdbss.sys
0x8B600000 \SystemRoot\system32\drivers\nsiproxy.sys
0x8C674000 \SystemRoot\System32\Drivers\dfsc.sys
0x8C64D000 \SystemRoot\System32\Drivers\aswSP.SYS
0x8C201000 \SystemRoot\System32\Drivers\BTHUSB.sys
0x8D8F6000 \SystemRoot\System32\Drivers\bthport.sys
0x8C13D000 \SystemRoot\System32\Drivers\crashdmp.sys
0x8B19D000 \SystemRoot\System32\Drivers\dump_dumpata.sys
0x88586000 \SystemRoot\System32\Drivers\dump_atapi.sys
0x89D83000 \SystemRoot\system32\DRIVERS\hidusb.sys
0x8857E000 \SystemRoot\system32\DRIVERS\mouhid.sys
0x8D896000 \SystemRoot\system32\DRIVERS\rfcomm.sys
0x8C603000 \SystemRoot\system32\DRIVERS\BthEnum.sys
0x8D87C000 \SystemRoot\system32\DRIVERS\bthpan.sys
0x8D854000 \SystemRoot\System32\Drivers\fastfat.SYS
0x8D930000 \SystemRoot\system32\DRIVERS\hidbth.sys
0x9339A000 \SystemRoot\system32\drivers\btwavdt.sys
0x9331F000 \SystemRoot\system32\drivers\btwaudio.sys
0x89C92000 \SystemRoot\system32\DRIVERS\btwrchid.sys
0x89D20000 \SystemRoot\system32\DRIVERS\kbdhid.sys
0x93E00000 \SystemRoot\System32\win32k.sys
0x8D84A000 \SystemRoot\System32\drivers\Dxapi.sys
0x8D8A7000 \SystemRoot\system32\DRIVERS\monitor.sys
0x96A00000 \SystemRoot\System32\TSDDD.dll
0x96A10000 \SystemRoot\System32\cdd.dll
0x97CD5000 \SystemRoot\system32\drivers\luafv.sys
0x97CBE000 \??\C:\Windows\system32\drivers\aswMonFlt.sys
0x89C89000 \SystemRoot\System32\Drivers\aswFsBlk.SYS
0x99280000 \SystemRoot\system32\drivers\spsys.sys
0x98C10000 \SystemRoot\system32\DRIVERS\lltdio.sys
0x99935000 \SystemRoot\system32\DRIVERS\nwifi.sys
0x99960000 \SystemRoot\system32\DRIVERS\ndisuio.sys
0x98C2D000 \SystemRoot\system32\DRIVERS\rspndr.sys
0x9B011000 \SystemRoot\system32\drivers\HTTP.sys
0x9C1A5000 \SystemRoot\System32\DRIVERS\srvnet.sys
0x9C18C000 \SystemRoot\system32\DRIVERS\bowser.sys
0x9C178000 \SystemRoot\System32\drivers\mpsdrv.sys
0x9C158000 \SystemRoot\system32\drivers\mrxdav.sys
0x9C13A000 \SystemRoot\system32\DRIVERS\mrxsmb.sys
0x9C101000 \SystemRoot\system32\DRIVERS\mrxsmb10.sys
0x9C0EF000 \SystemRoot\system32\DRIVERS\mrxsmb20.sys
0x9C0CB000 \SystemRoot\System32\DRIVERS\srv2.sys
0x9C03F000 \SystemRoot\System32\DRIVERS\srv.sys
0x97D7C000 \SystemRoot\system32\DRIVERS\mdmxsdk.sys
0xA4122000 \SystemRoot\system32\drivers\peauth.sys
0x99992000 \SystemRoot\System32\Drivers\secdrv.SYS
0x88020000 \SystemRoot\System32\drivers\tcpipreg.sys
0x9B197000 \SystemRoot\system32\DRIVERS\xaudio.sys
0x8B1EA000 \SystemRoot\system32\drivers\tdtcp.sys
0x8D9C0000 \SystemRoot\System32\DRIVERS\tssecsrv.sys
0xA51D2000 \SystemRoot\System32\Drivers\RDPWD.SYS
0x9EC04000 \SystemRoot\system32\DRIVERS\cdfs.sys
0x77860000 \Windows\System32\ntdll.dll

Processes (total 64):
0 System Idle Process
4 System
476 C:\Windows\System32\smss.exe
552 csrss.exe
600 C:\Windows\System32\wininit.exe
612 csrss.exe
644 C:\Windows\System32\services.exe
656 C:\Windows\System32\lsass.exe
664 C:\Windows\System32\lsm.exe
804 C:\Windows\System32\svchost.exe
860 C:\Windows\System32\nvvsvc.exe
888 C:\Windows\System32\svchost.exe
928 C:\Windows\System32\svchost.exe
976 C:\Windows\System32\svchost.exe
1004 C:\Windows\System32\svchost.exe
1016 C:\Windows\System32\svchost.exe
1092 C:\Windows\System32\audiodg.exe
1132 C:\Windows\System32\winlogon.exe
1168 C:\Windows\System32\SLsvc.exe
1216 C:\Windows\System32\svchost.exe
1388 C:\Windows\System32\svchost.exe
1484 C:\Windows\System32\rundll32.exe
1620 C:\Program Files\Alwil Software\Avast5\AvastSvc.exe
1936 C:\Windows\System32\spoolsv.exe
1960 C:\Windows\System32\svchost.exe
1160 C:\Windows\System32\dwm.exe
1412 C:\Windows\System32\taskeng.exe
1596 C:\Windows\explorer.exe
2204 C:\Program Files\Windows Defender\MSASCui.exe
2244 C:\Windows\System32\rundll32.exe
2288 C:\Windows\System32\rundll32.exe
2312 C:\Windows\OEM02Mon.exe
2328 C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe
2348 C:\Program Files\Common Files\Java\Java Update\jusched.exe
2380 C:\Windows\sttray.exe
2408 C:\Program Files\iTunes\iTunesHelper.exe
2416 C:\Program Files\Alwil Software\Avast5\AvastUI.exe
2424 C:\Program Files\Dell\Dell Webcam Manager\DellWMgr.exe
2440 C:\Windows\ehome\ehtray.exe
2448 C:\Program Files\Windows Media Player\wmpnscfg.exe
2484 C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe
2496 C:\Program Files\SpywareGuard\sgmain.exe
2572 C:\Windows\ehome\ehmsas.exe
2580 C:\Program Files\Mozilla Firefox\firefox.exe
2716 C:\Program Files\SpywareGuard\sgbhp.exe
3128 C:\Windows\System32\svchost.exe
3160 C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
3176 C:\Program Files\Bonjour\mDNSResponder.exe
3196 C:\Windows\System32\svchost.exe
3304 C:\Program Files\BurnAware Professional\nmsaccessu.exe
3412 C:\Windows\System32\svchost.exe
3500 C:\Windows\System32\stacsv.exe
3584 C:\Windows\System32\svchost.exe
3620 C:\Windows\System32\svchost.exe
3664 C:\Windows\System32\SearchIndexer.exe
3708 C:\Windows\System32\drivers\XAudio.exe
4068 C:\Program Files\WIDCOMM\Bluetooth Software\BTStackServer.exe
2068 C:\Program Files\Windows Media Player\wmpnetwk.exe
1360 C:\Windows\System32\taskeng.exe
1356 C:\Program Files\iPod\bin\iPodService.exe
3840 C:\Windows\System32\wuauclt.exe
2992 C:\Windows\System32\SearchProtocolHost.exe
2252 C:\Windows\System32\SearchFilterHost.exe
3040 C:\Users\kennett\Desktop\MBRCheck.exe

\\.\C: --> \\.\PhysicalDrive0 at offset 0x00000000`02f10c00 (NTFS)

PhysicalDrive0 Model Number: HitachiHTS722012K9A300, Rev: DCCOCA1H

Size Device Name MBR Status
--------------------------------------------
111 GB \\.\PhysicalDrive0 Windows 2008 MBR code detected
SHA1: 8DF43F2BDE2D9451948FA14B5279969C777A7979


Done!

OTL logfile created on: 8/8/2010 5:23:09 PM - Run 1
OTL by OldTimer - Version 3.2.9.1 Folder = C:\Users\kennett\Desktop
Windows Vista Home Premium Edition (Version = 6.0.6000) - Type = NTWorkstation
Internet Explorer (Version = 7.0.6000.16830)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

2.00 Gb Total Physical Memory | 1.00 Gb Available Physical Memory | 60.00% Memory free
4.00 Gb Paging File | 3.00 Gb Available in Paging File | 79.00% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 108.74 Gb Total Space | 5.65 Gb Free Space | 5.19% Space Free | Partition Type: NTFS
D: Drive not present or media not loaded
E: Drive not present or media not loaded
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded

Computer Name: POPCORNSUICIDE
Current User Name: kennett
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: Current user
Company Name Whitelist: Off
Skip Microsoft Files: Off
File Age = 30 Days
Output = Standard

========== Processes (SafeList) ==========

PRC - [2010/08/08 17:22:21 | 000,574,976 | ---- | M] (OldTimer Tools) -- C:\Users\kennett\Desktop\OTL.exe
PRC - [2010/06/29 06:57:18 | 002,837,864 | ---- | M] (AVAST Software) -- C:\Program Files\Alwil Software\Avast5\AvastUI.exe
PRC - [2010/06/29 06:57:15 | 000,040,384 | ---- | M] (AVAST Software) -- C:\Program Files\Alwil Software\Avast5\AvastSvc.exe
PRC - [2010/06/10 21:03:08 | 000,144,176 | ---- | M] (Apple Inc.) -- C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
PRC - [2010/04/20 23:03:08 | 000,307,672 | ---- | M] (Mozilla Corporation) -- C:\Program Files\Mozilla Firefox\firefox.exe
PRC - [2009/04/01 14:00:46 | 001,006,264 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Windows Defender\MSASCui.exe
PRC - [2009/04/01 13:48:52 | 002,923,520 | ---- | M] (Microsoft Corporation) -- C:\Windows\explorer.exe
PRC - [2008/05/03 11:31:46 | 000,071,096 | ---- | M] () -- C:\Program Files\BurnAware Professional\nmsaccessu.exe
PRC - [2007/07/27 18:43:34 | 000,118,784 | ---- | M] (Creative Technology Ltd.) -- C:\Program Files\Dell\Dell Webcam Manager\DellWMgr.exe
PRC - [2007/03/06 11:38:28 | 000,090,112 | ---- | M] (SigmaTel, Inc.) -- C:\Windows\System32\stacsv.exe
PRC - [2007/03/06 11:37:30 | 000,303,104 | ---- | M] (SigmaTel, Inc.) -- C:\Windows\sttray.exe
PRC - [2007/02/02 01:00:00 | 000,036,864 | ---- | M] (Creative Technology Ltd.) -- C:\Windows\OEM02Mon.exe
PRC - [2006/11/03 17:55:50 | 000,703,280 | ---- | M] (Broadcom Corporation.) -- C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe
PRC - [2006/11/03 17:55:48 | 001,583,920 | ---- | M] (Broadcom Corporation.) -- C:\Program Files\WIDCOMM\Bluetooth Software\BTStackServer.exe
PRC - [2003/08/29 19:05:35 | 000,360,448 | ---- | M] () -- C:\Program Files\SpywareGuard\sgmain.exe
PRC - [2003/08/29 11:14:56 | 000,233,472 | ---- | M] () -- C:\Program Files\SpywareGuard\sgbhp.exe


========== Modules (SafeList) ==========

MOD - [2010/08/08 17:22:21 | 000,574,976 | ---- | M] (OldTimer Tools) -- C:\Users\kennett\Desktop\OTL.exe
MOD - [2006/11/02 19:44:49 | 000,110,592 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\msscript.ocx
MOD - [2006/11/02 19:38:57 | 001,648,128 | ---- | M] (Microsoft Corporation) -- C:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.6000.16386_none_5d07289e07e1d100\comctl32.dll


========== Win32 Services (SafeList) ==========

SRV - [2010/07/03 18:44:26 | 000,395,048 | ---- | M] (Valve Corporation) [On_Demand | Stopped] -- C:\Program Files\Common Files\Steam\SteamService.exe -- (Steam Client Service)
SRV - [2010/06/29 06:57:15 | 000,040,384 | ---- | M] (AVAST Software) [On_Demand | Running] -- C:\Program Files\Alwil Software\Avast5\AvastSvc.exe -- (avast! Web Scanner)
SRV - [2010/06/29 06:57:15 | 000,040,384 | ---- | M] (AVAST Software) [On_Demand | Running] -- C:\Program Files\Alwil Software\Avast5\AvastSvc.exe -- (avast! Mail Scanner)
SRV - [2010/06/29 06:57:15 | 000,040,384 | ---- | M] (AVAST Software) [Auto | Running] -- C:\Program Files\Alwil Software\Avast5\AvastSvc.exe -- (avast! Antivirus)
SRV - [2010/06/28 15:29:08 | 002,561,624 | ---- | M] () [Auto | Running] -- c:\Program Files\Common Files\Akamai\rswin_3725.dll -- (Akamai)
SRV - [2010/06/10 21:03:08 | 000,144,176 | ---- | M] (Apple Inc.) [Auto | Running] -- C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe -- (Apple Mobile Device)
SRV - [2009/07/09 14:18:45 | 000,655,624 | ---- | M] (Acresso Software Inc.) [On_Demand | Stopped] -- C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe -- (FLEXnet Licensing Service)
SRV - [2009/04/01 14:00:46 | 000,265,912 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
SRV - [2008/05/03 11:31:46 | 000,071,096 | ---- | M] () [Auto | Running] -- C:\Program Files\BurnAware Professional\nmsaccessu.exe -- (NMSAccessU)
SRV - [2007/03/06 11:38:28 | 000,090,112 | ---- | M] (SigmaTel, Inc.) [Auto | Running] -- C:\Windows\System32\stacsv.exe -- (STacSV)


========== Driver Services (SafeList) ==========

DRV - File not found [Kernel | On_Demand | Stopped] -- C:\Windows\System32\Drivers\Pcouffin.sys -- (Pcouffin)
DRV - File not found [Kernel | On_Demand | Stopped] -- C:\Windows\System32\DRIVERS\nwlnkfwd.sys -- (NwlnkFwd)
DRV - File not found [Kernel | On_Demand | Stopped] -- C:\Windows\System32\DRIVERS\nwlnkflt.sys -- (NwlnkFlt)
DRV - File not found [Kernel | On_Demand | Stopped] -- C:\Windows\System32\DRIVERS\ipinip.sys -- (IpInIp)
DRV - File not found [Kernel | On_Demand | Stopped] -- C:\Windows\System32\Drivers\frmupgr.sys -- (DFUBTUSB)
DRV - File not found [Kernel | On_Demand | Stopped] -- C:\Users\kennett\AppData\Local\Temp\catchme.sys -- (catchme)
DRV - File not found [Kernel | Disabled | Stopped] -- C:\Windows\System32\drivers\blbdrive.sys -- (blbdrive)
DRV - [2010/06/29 06:37:52 | 000,046,672 | ---- | M] (ALWIL Software) [Kernel | System | Running] -- C:\Windows\System32\drivers\aswTdi.sys -- (aswTdi)
DRV - [2010/06/29 06:37:30 | 000,165,456 | ---- | M] (ALWIL Software) [Kernel | System | Running] -- C:\Windows\System32\drivers\aswSP.sys -- (aswSP)
DRV - [2010/06/29 06:33:13 | 000,023,376 | ---- | M] (ALWIL Software) [Kernel | System | Running] -- C:\Windows\System32\drivers\aswRdr.sys -- (aswRdr)
DRV - [2010/06/29 06:32:56 | 000,050,256 | ---- | M] (ALWIL Software) [File_System | Auto | Running] -- C:\Windows\System32\drivers\aswMonFlt.sys -- (aswMonFlt)
DRV - [2010/06/29 06:32:33 | 000,017,744 | ---- | M] (ALWIL Software) [File_System | Auto | Running] -- C:\Windows\System32\drivers\aswFsBlk.sys -- (aswFsBlk)
DRV - [2009/07/23 05:13:20 | 000,028,592 | ---- | M] (The OpenVPN Project) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\tap0901.sys -- (tap0901)
DRV - [2009/07/02 12:34:30 | 000,033,840 | ---- | M] (AnchorFree Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\HssDrv.sys -- (HssDrv)
DRV - [2009/05/09 23:32:39 | 000,721,904 | ---- | M] (Duplex Secure Ltd.) [Kernel | Disabled | Stopped] -- C:\Windows\System32\drivers\sptd.sys -- (sptd)
DRV - [2008/06/09 06:23:00 | 007,522,624 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\nvlddmkm.sys -- (nvlddmkm)
DRV - [2008/01/24 07:25:32 | 000,027,136 | ---- | M] (The OpenVPN Project) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\tapvpn.sys -- (tapvpn)
DRV - [2007/12/13 16:57:43 | 000,020,152 | ---- | M] (VIA Technologies, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\viaide.sys -- (viaide)
DRV - [2007/12/13 16:57:43 | 000,019,128 | ---- | M] (CMD Technology, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\cmdide.sys -- (cmdide)
DRV - [2007/12/13 16:57:43 | 000,017,592 | ---- | M] (Acer Laboratories Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\aliide.sys -- (aliide)
DRV - [2007/08/29 15:55:06 | 000,007,424 | ---- | M] (EyePower Games Pte. Ltd.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\OEM02Vfx.sys -- (OEM02Vfx)
DRV - [2007/08/29 15:54:56 | 000,235,520 | ---- | M] (Creative Technology Ltd.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\OEM02Dev.sys -- (OEM02Dev)
DRV - [2007/03/06 11:38:52 | 000,323,584 | ---- | M] (SigmaTel, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\stwrt.sys -- (STHDA)
DRV - [2006/11/27 17:48:46 | 000,037,376 | ---- | M] (REDC) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\rixdptsk.sys -- (rismxdp)
DRV - [2006/11/27 17:48:44 | 000,043,520 | ---- | M] (REDC) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\rimsptsk.sys -- (rimsptsk)
DRV - [2006/11/27 17:48:44 | 000,032,256 | ---- | M] (REDC) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\rimmptsk.sys -- (rimmptsk)
DRV - [2006/11/21 22:25:44 | 000,045,568 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\bcm4sbxp.sys -- (bcm4sbxp)
DRV - [2006/11/07 11:37:16 | 000,078,128 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\btwaudio.sys -- (btwaudio)
DRV - [2006/11/07 09:13:52 | 000,016,560 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\btwrchid.sys -- (btwrchid)
DRV - [2006/11/07 09:13:50 | 000,080,176 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\btwavdt.sys -- (btwavdt)
DRV - [2006/11/03 12:43:30 | 000,986,624 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\HSX_DPV.sys -- (HSF_DPV)
DRV - [2006/11/03 12:42:18 | 000,206,848 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\HSXHWAZL.sys -- (HSXHWAZL)
DRV - [2006/11/03 12:42:08 | 000,659,968 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\HSX_CNXT.sys -- (winachsf)
DRV - [2006/11/02 19:51:45 | 000,900,712 | ---- | M] (QLogic Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\ql2300.sys -- (ql2300)
DRV - [2006/11/02 19:51:38 | 000,420,968 | ---- | M] (Adaptec, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\adp94xx.sys -- (adp94xx)
DRV - [2006/11/02 19:51:34 | 000,316,520 | ---- | M] (Emulex) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\elxstor.sys -- (elxstor)
DRV - [2006/11/02 19:51:32 | 000,297,576 | ---- | M] (Adaptec, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\adpahci.sys -- (adpahci)
DRV - [2006/11/02 19:51:25 | 000,235,112 | ---- | M] (ULi Electronics Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\uliahci.sys -- (uliahci)
DRV - [2006/11/02 19:51:25 | 000,232,040 | ---- | M] (Intel Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\iastorv.sys -- (iaStorV)
DRV - [2006/11/02 19:51:00 | 000,147,048 | ---- | M] (Adaptec, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\adpu320.sys -- (adpu320)
DRV - [2006/11/02 19:50:45 | 000,115,816 | ---- | M] (Promise Technology, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\ulsata2.sys -- (ulsata2)
DRV - [2006/11/02 19:50:41 | 000,112,232 | ---- | M] (VIA Technologies Inc.,Ltd) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\vsmraid.sys -- (vsmraid)
DRV - [2006/11/02 19:50:35 | 000,106,088 | ---- | M] (QLogic Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\ql40xx.sys -- (ql40xx)
DRV - [2006/11/02 19:50:35 | 000,098,408 | ---- | M] (Promise Technology, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\ulsata.sys -- (UlSata)
DRV - [2006/11/02 19:50:35 | 000,098,408 | ---- | M] (Adaptec, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\adpu160m.sys -- (adpu160m)
DRV - [2006/11/02 19:50:24 | 000,088,680 | ---- | M] (NVIDIA Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\nvraid.sys -- (nvraid) NVIDIA nForce™
DRV - [2006/11/02 19:50:19 | 000,045,160 | ---- | M] (IBM Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\nfrd960.sys -- (nfrd960)
DRV - [2006/11/02 19:50:17 | 000,041,576 | ---- | M] (Intel Corp./ICP vortex GmbH) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\iirsp.sys -- (iirsp)
DRV - [2006/11/02 19:50:16 | 000,071,784 | ---- | M] (Silicon Integrated Systems) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\sisraid4.sys -- (SiSRaid4)
DRV - [2006/11/02 19:50:13 | 000,040,040 | ---- | M] (NVIDIA Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\nvstor.sys -- (nvstor)
DRV - [2006/11/02 19:50:11 | 000,071,272 | ---- | M] (Adaptec, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\djsvs.sys -- (aic78xx)
DRV - [2006/11/02 19:50:10 | 000,067,688 | ---- | M] (Adaptec, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\arcsas.sys -- (arcsas)
DRV - [2006/11/02 19:50:10 | 000,065,640 | ---- | M] (LSI Logic) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\lsi_scsi.sys -- (LSI_SCSI)
DRV - [2006/11/02 19:50:10 | 000,038,504 | ---- | M] (Silicon Integrated Systems Corp.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\sisraid2.sys -- (SiSRaid2)
DRV - [2006/11/02 19:50:10 | 000,037,480 | ---- | M] (Hewlett-Packard Company) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\hpcisss.sys -- (HpCISSs)
DRV - [2006/11/02 19:50:09 | 000,067,688 | ---- | M] (Adaptec, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\arc.sys -- (arc)
DRV - [2006/11/02 19:50:09 | 000,035,944 | ---- | M] (Integrated Technology Express, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\iteraid.sys -- (iteraid)
DRV - [2006/11/02 19:50:07 | 000,035,944 | ---- | M] (Integrated Technology Express, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\iteatapi.sys -- (iteatapi)
DRV - [2006/11/02 19:50:05 | 000,065,640 | ---- | M] (LSI Logic) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\lsi_sas.sys -- (LSI_SAS)
DRV - [2006/11/02 19:50:05 | 000,035,944 | ---- | M] (LSI Logic) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\symc8xx.sys -- (Symc8xx)
DRV - [2006/11/02 19:50:04 | 000,065,640 | ---- | M] (LSI Logic) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\lsi_fc.sys -- (LSI_FC)
DRV - [2006/11/02 19:50:03 | 000,034,920 | ---- | M] (LSI Logic) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\sym_u3.sys -- (Sym_u3)
DRV - [2006/11/02 19:49:59 | 000,033,384 | ---- | M] (LSI Logic Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\mraid35x.sys -- (Mraid35x)
DRV - [2006/11/02 19:49:56 | 000,031,848 | ---- | M] (LSI Logic) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\sym_hi.sys -- (Sym_hi)
DRV - [2006/11/02 19:49:53 | 000,028,776 | ---- | M] (LSI Logic Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\megasas.sys -- (megasas)
DRV - [2006/11/02 18:55:22 | 000,007,168 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\umpass.sys -- (UMPass)
DRV - [2006/11/02 18:25:24 | 000,071,808 | ---- | M] (Brother Industries Ltd.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\brserid.sys -- (Brserid) Brother MFC Serial Port Interface Driver (WDM)
DRV - [2006/11/02 18:24:47 | 000,011,904 | ---- | M] (Brother Industries Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\drivers\brusbser.sys -- (BrUsbSer)
DRV - [2006/11/02 18:24:46 | 000,005,248 | ---- | M] (Brother Industries, Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\drivers\brfiltup.sys -- (BrFiltUp)
DRV - [2006/11/02 18:24:45 | 000,013,568 | ---- | M] (Brother Industries, Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\drivers\brfiltlo.sys -- (BrFiltLo)
DRV - [2006/11/02 18:24:44 | 000,062,336 | ---- | M] (Brother Industries Ltd.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\brserwdm.sys -- (BrSerWdm)
DRV - [2006/11/02 18:24:44 | 000,012,160 | ---- | M] (Brother Industries Ltd.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\brusbmdm.sys -- (BrUsbMdm)
DRV - [2006/11/02 17:41:49 | 000,200,704 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\VSTAZL3.SYS -- (HSFHWAZL)
DRV - [2006/11/02 17:36:50 | 000,020,608 | ---- | M] (N-trig Innovative Technologies) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\ntrigdigi.sys -- (ntrigdigi)
DRV - [2006/11/02 17:30:54 | 001,781,760 | ---- | M] (Intel® Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\NETw3v32.sys -- (NETw3v32) Intel®
DRV - [2006/11/02 17:30:54 | 000,117,760 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\E1G60I32.sys -- (E1G60) Intel®
DRV - [2006/08/05 10:39:10 | 000,008,192 | ---- | M] (Conexant Systems, Inc.) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\XAudio.sys -- (XAudio)
DRV - [2003/08/10 10:10:18 | 000,021,922 | ---- | M] (Deon van der Westhuysen) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\PPortJoy.sys -- (PPortJoystick)
DRV - [2003/08/10 10:10:17 | 000,011,330 | ---- | M] (Deon van der Westhuysen) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\PPJoyBus.sys -- (PPJoyBus)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.ninemsn.com.au/
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,StartPageCache = 1
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local

========== FireFox ==========

FF - prefs.js..browser.startup.homepage: "http://www.ninemsn.com.au/"
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}:6.0.20
FF - prefs.js..network.proxy.no_proxies_on: "*.local"

FF - HKLM\software\mozilla\Mozilla Firefox 3.0.19\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2010/04/29 17:24:17 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.0.19\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2010/07/19 22:55:43 | 000,000,000 | ---D | M]

[2009/04/26 13:48:23 | 000,000,000 | ---D | M] -- C:\Users\kennett\AppData\Roaming\mozilla\Extensions
[2009/09/15 15:44:54 | 000,000,000 | ---D | M] -- C:\Users\kennett\AppData\Roaming\mozilla\Firefox\Profiles\t4jel9xq.default\extensions
[2010/07/19 23:03:32 | 000,000,000 | ---D | M] -- C:\Program Files\Mozilla Firefox\extensions
[2010/07/19 22:55:45 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}
[2010/03/06 13:11:20 | 000,000,000 | ---D | M] -- C:\Program Files\Mozilla Firefox\extensions\linkfilter@kaspersky.ru
[2008/07/09 07:07:06 | 000,040,960 | ---- | M] (BYOND) -- C:\Program Files\Mozilla Firefox\plugins\npbyond.dll
[2010/04/12 17:29:19 | 000,411,368 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\Mozilla Firefox\plugins\npdeployJava1.dll

O1 HOSTS File: ([2010/08/06 16:35:37 | 000,000,027 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O2 - BHO: (AVG Safe Search) - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG9\avgssie.dll File not found
O2 - BHO: (SpywareGuardDLBLOCK.CBrowserHelper) - {4A368E80-174F-4872-96B5-0B27DDD11DB2} - C:\Program Files\SpywareGuard\dlprotect.dll ()
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - No CLSID value found.
O2 - BHO: (Groove GFS Browser Helper) - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll (Microsoft Corporation)
O4 - HKLM..\Run: [avast5] C:\Program Files\Alwil Software\Avast5\AvastUI.exe (AVAST Software)
O4 - HKLM..\Run: [NvCplDaemon] C:\Windows\System32\NvCpl.DLL (NVIDIA Corporation)
O4 - HKLM..\Run: [NVHotkey] C:\Windows\System32\nvHotkey.DLL (NVIDIA Corporation)
O4 - HKLM..\Run: [NvMediaCenter] C:\Windows\System32\NvMcTray.DLL (NVIDIA Corporation)
O4 - HKLM..\Run: [OEM02Mon.exe] C:\Windows\OEM02Mon.exe (Creative Technology Ltd.)
O4 - HKLM..\Run: [SigmatelSysTrayApp] C:\Windows\sttray.exe (SigmaTel, Inc.)
O4 - HKLM..\Run: [Windows Defender] C:\Program Files\Windows Defender\MSASCui.exe (Microsoft Corporation)
O4 - HKCU..\Run: [DELL Webcam Manager] C:\Program Files\DELL\DELL Webcam Manager\DellWMgr.exe (Creative Technology Ltd.)
O4 - HKCU..\Run: [EA Core] C:\Program Files\Electronic Arts\EADM\Core.exe File not found
O4 - Startup: C:\Users\kennett\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\SpywareGuard.lnk = C:\Program Files\SpywareGuard\sgmain.exe ()
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O8 - Extra context menu item: E&xport to Microsoft Excel - C:\Program Files\Microsoft Office\Office12\EXCEL.EXE (Microsoft Corporation)
O8 - Extra context menu item: Send image to &Bluetooth Device... - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm ()
O8 - Extra context menu item: Send page to &Bluetooth Device... - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm ()
O9 - Extra Button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office\Office12\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office\Office12\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra Button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\Program Files\Microsoft Office\Office12\REFIEBAR.DLL (Microsoft Corporation)
O9 - Extra Button: @btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm ()
O9 - Extra 'Tools' menuitem : @btrez.dll,-12650 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm ()
O10 - NameSpace_Catalog5\Catalog_Entries\000000000008 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Java Plug-in 1.6.0_20)
O18 - Protocol\Handler\grooveLocalGWS {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files\Microsoft Office\Office12\GrooveSystemServices.dll (Microsoft Corporation)
O18 - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - C:\Program Files\Common Files\microsoft shared\Help\hxds.dll (Microsoft Corporation)
O18 - Protocol\Filter\text/xml {807563E5-5146-11D5-A672-00B0D022E945} - C:\Program Files\Common Files\microsoft shared\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O24 - Desktop WallPaper: C:\Users\kennett\AppData\Roaming\Mozilla\Firefox\Desktop Background.bmp
O24 - Desktop BackupWallPaper: C:\Users\kennett\AppData\Roaming\Mozilla\Firefox\Desktop Background.bmp
O28 - HKLM ShellExecuteHooks: {81559C35-8464-49F7-BB0E-07A383BEF910} - C:\Program Files\SpywareGuard\spywareguard.dll ()
O28 - HKLM ShellExecuteHooks: {AEB6717E-7E19-11d0-97EE-00C04FD91972} - Reg Error: Key error. File not found
O28 - HKLM ShellExecuteHooks: {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll (Microsoft Corporation)
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2006/09/19 07:43:36 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = ComFile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

NetSvcs: FastUserSwitchingCompatibility - File not found
NetSvcs: Ias - File not found
NetSvcs: Nla - File not found
NetSvcs: Ntmssvc - File not found
NetSvcs: NWCWorkstation - File not found
NetSvcs: Nwsapagent - File not found
NetSvcs: SRService - File not found
NetSvcs: Wmi - C:\Windows\System32\wmi.dll (Microsoft Corporation)
NetSvcs: WmdmPmSp - File not found
NetSvcs: LogonHours - File not found
NetSvcs: PCAudit - File not found
NetSvcs: helpsvc - File not found
NetSvcs: uploadmgr - File not found

========== Files/Folders - Created Within 30 Days ==========

[2010/08/08 17:22:19 | 000,574,976 | ---- | C] (OldTimer Tools) -- C:\Users\kennett\Desktop\OTL.exe
[2010/08/06 16:45:24 | 001,196,368 | ---- | C] (Kaspersky Lab ZAO) -- C:\Users\kennett\Desktop\TDSSKiller.exe
[2010/08/06 16:39:03 | 000,000,000 | -HSD | C] -- C:\$RECYCLE.BIN
[2010/08/06 16:38:58 | 000,000,000 | ---D | C] -- C:\Windows\temp
[2010/08/06 16:25:27 | 000,000,000 | ---D | C] -- C:\32788R22FWJFW
[2010/08/05 21:06:50 | 000,161,792 | ---- | C] (SteelWerX) -- C:\Windows\SWREG.exe
[2010/08/05 21:06:50 | 000,031,232 | ---- | C] (NirSoft) -- C:\Windows\NIRCMD.exe
[2010/08/05 21:06:49 | 000,212,480 | ---- | C] (SteelWerX) -- C:\Windows\SWXCACLS.exe
[2010/08/05 21:06:49 | 000,136,704 | ---- | C] (SteelWerX) -- C:\Windows\SWSC.exe
[2010/07/28 13:06:03 | 000,000,000 | ---D | C] -- C:\Windows\System32\MustBeRandomlyNamed
[2010/07/28 12:17:25 | 000,000,000 | ---D | C] -- C:\rsit
[2010/07/20 20:31:58 | 000,000,000 | ---D | C] -- C:\Windows\ERDNT
[2010/07/20 20:06:16 | 000,000,000 | ---D | C] -- C:\Users\kennett\AppData\Roaming\Malwarebytes
[2010/07/20 20:06:07 | 000,038,224 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbamswissarmy.sys
[2010/07/20 20:06:06 | 000,020,952 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbam.sys
[2010/07/20 20:06:06 | 000,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware
[2010/07/20 20:06:06 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes
[2010/07/20 19:56:35 | 000,000,000 | ---D | C] -- C:\Program Files\Trend Micro
[2010/07/19 23:18:19 | 000,165,456 | ---- | C] (ALWIL Software) -- C:\Windows\System32\drivers\aswSP.sys
[2010/07/19 23:18:19 | 000,017,744 | ---- | C] (ALWIL Software) -- C:\Windows\System32\drivers\aswFsBlk.sys
[2010/07/19 23:18:17 | 000,023,376 | ---- | C] (ALWIL Software) -- C:\Windows\System32\drivers\aswRdr.sys
[2010/07/19 23:18:15 | 000,046,672 | ---- | C] (ALWIL Software) -- C:\Windows\System32\drivers\aswTdi.sys
[2010/07/19 23:18:12 | 000,050,256 | ---- | C] (ALWIL Software) -- C:\Windows\System32\drivers\aswMonFlt.sys
[2010/07/19 23:13:44 | 000,165,032 | ---- | C] (AVAST Software) -- C:\Windows\System32\aswBoot.exe
[2010/07/19 23:13:44 | 000,038,848 | ---- | C] (ALWIL Software) -- C:\Windows\avastSS.scr
[2010/07/19 23:13:14 | 000,000,000 | ---D | C] -- C:\ProgramData\Alwil Software
[2010/07/19 23:13:14 | 000,000,000 | ---D | C] -- C:\Program Files\Alwil Software
[2010/07/19 22:59:17 | 000,000,000 | ---D | C] -- C:\Program Files\SpywareGuard
[2010/07/19 22:55:43 | 000,411,368 | ---- | C] (Sun Microsystems, Inc.) -- C:\Windows\System32\deployJava1.dll
[2010/07/19 22:55:43 | 000,153,376 | ---- | C] (Sun Microsystems, Inc.) -- C:\Windows\System32\javaws.exe
[2010/07/19 22:55:42 | 000,145,184 | ---- | C] (Sun Microsystems, Inc.) -- C:\Windows\System32\javaw.exe
[2010/07/19 22:55:42 | 000,145,184 | ---- | C] (Sun Microsystems, Inc.) -- C:\Windows\System32\java.exe
[2010/07/19 21:17:42 | 000,000,000 | ---D | C] -- C:\ProgramData\Kaspersky Lab
[2010/07/19 21:17:42 | 000,000,000 | ---D | C] -- C:\Program Files\Kaspersky Lab
[2010/07/19 20:42:29 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\PC Tools
[2010/07/19 16:12:19 | 000,000,000 | ---D | C] -- C:\Users\kennett\AppData\Roaming\CleanMyPC Software
[2010/07/19 16:11:17 | 000,000,000 | ---D | C] -- C:\Program Files\CleanMyPC
[2010/07/16 22:31:38 | 000,000,000 | ---D | C] -- C:\Program Files\Parallel Port Joystick
[2010/07/16 21:25:54 | 000,000,000 | ---D | C] -- C:\ProgramData\FrontLine Registry Cleaner
[2010/07/16 21:22:49 | 000,000,000 | ---D | C] -- C:\$RECYCLE(0).BIN
[2010/07/16 21:22:44 | 000,000,000 | ---D | C] -- C:\Users\kennett\AppData\Local\temp(123)
[2010/07/16 20:49:54 | 000,000,000 | ---D | C] -- C:\Qoobox
[2010/07/16 16:18:34 | 000,000,000 | ---D | C] -- C:\Users\kennett\AppData\Local\Google
[2010/07/12 20:39:00 | 000,000,000 | ---D | C] -- C:\Users\kennett\Documents\ZSNES
[2008/07/17 21:05:40 | 001,224,704 | ---- | C] ( ) -- C:\Windows\System32\dlbtserv.dll
[2008/07/17 21:05:40 | 000,995,328 | ---- | C] ( ) -- C:\Windows\System32\dlbtusb1.dll
[2008/07/17 21:05:40 | 000,696,320 | ---- | C] ( ) -- C:\Windows\System32\dlbthbn3.dll
[2008/07/17 21:05:40 | 000,643,072 | ---- | C] ( ) -- C:\Windows\System32\dlbtpmui.dll
[2008/07/17 21:05:40 | 000,585,728 | ---- | C] ( ) -- C:\Windows\System32\dlbtlmpm.dll
[2008/07/17 21:05:40 | 000,413,696 | ---- | C] ( ) -- C:\Windows\System32\dlbtinpa.dll
[2008/07/17 21:05:40 | 000,397,312 | ---- | C] ( ) -- C:\Windows\System32\dlbtiesc.dll
[2008/07/17 21:05:40 | 000,163,840 | ---- | C] ( ) -- C:\Windows\System32\dlbtprox.dll
[2008/07/17 21:05:40 | 000,094,208 | ---- | C] ( ) -- C:\Windows\System32\dlbtpplc.dll
[2008/07/17 21:05:39 | 000,684,032 | ---- | C] ( ) -- C:\Windows\System32\dlbtcomc.dll
[2008/07/17 21:05:39 | 000,421,888 | ---- | C] ( ) -- C:\Windows\System32\dlbtcomm.dll

========== Files - Modified Within 30 Days ==========

[2010/08/14 19:02:28 | 000,157,071 | ---- | M] () -- C:\Users\kennett\Documents\application forms.pdf
[2010/08/08 17:22:42 | 007,602,176 | -HS- | M] () -- C:\Users\kennett\ntuser.dat
[2010/08/08 17:22:21 | 000,574,976 | ---- | M] (OldTimer Tools) -- C:\Users\kennett\Desktop\OTL.exe
[2010/08/08 17:19:29 | 000,080,384 | ---- | M] () -- C:\Users\kennett\Desktop\MBRCheck.exe
[2010/08/08 16:42:07 | 000,028,029 | ---- | M] () -- C:\ProgramData\nvModes.dat
[2010/08/08 16:42:07 | 000,028,029 | ---- | M] () -- C:\ProgramData\nvModes.001
[2010/08/08 16:41:56 | 000,000,006 | -H-- | M] () -- C:\Windows\tasks\SA.DAT
[2010/08/08 16:41:54 | 000,003,552 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
[2010/08/08 16:41:53 | 000,003,552 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
[2010/08/08 16:41:46 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2010/08/08 16:41:43 | 2145,431,552 | -HS- | M] () -- C:\hiberfil.sys
[2010/08/08 12:43:43 | 000,059,058 | ---- | M] () -- C:\Users\kennett\Documents\enrol.pdf
[2010/08/07 13:00:41 | 000,002,978 | ---- | M] () -- C:\Windows\bthservsdp.dat
[2010/08/07 13:00:25 | 001,803,815 | -H-- | M] () -- C:\Users\kennett\AppData\Local\IconCache.db
[2010/08/06 16:35:43 | 000,000,215 | ---- | M] () -- C:\Windows\system.ini
[2010/08/06 16:35:37 | 000,000,027 | ---- | M] () -- C:\Windows\System32\drivers\etc\hosts
[2010/08/06 16:25:20 | 003,815,943 | R--- | M] () -- C:\Users\kennett\Desktop\ComboFix.exe
[2010/08/04 15:07:42 | 001,196,368 | ---- | M] (Kaspersky Lab ZAO) -- C:\Users\kennett\Desktop\TDSSKiller.exe
[2010/07/20 20:48:46 | 000,000,000 | ---- | M] () -- C:\Users\kennett\defogger_reenable
[2010/07/20 20:33:19 | 000,017,920 | ---- | M] () -- C:\Users\kennett\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2010/07/20 20:06:09 | 000,000,860 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes' Anti-Malware.lnk
[2010/07/20 19:51:38 | 000,000,000 | RHS- | M] () -- C:\MSDOS.SYS
[2010/07/20 19:51:38 | 000,000,000 | RHS- | M] () -- C:\IO.SYS
[2010/07/19 23:18:20 | 000,001,882 | ---- | M] () -- C:\Users\Public\Desktop\avast! Free Antivirus.lnk
[2010/07/19 23:18:12 | 000,002,577 | ---- | M] () -- C:\Windows\System32\config.nt
[2010/07/19 22:59:17 | 000,000,838 | ---- | M] () -- C:\Users\kennett\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\SpywareGuard.lnk
[2010/07/19 22:59:17 | 000,000,802 | ---- | M] () -- C:\Users\kennett\Desktop\SpywareGuard.lnk
[2010/07/19 22:57:43 | 000,000,854 | ---- | M] () -- C:\Users\kennett\Desktop\SpywareBlaster.lnk
[2010/07/19 22:45:50 | 007,602,176 | -HS- | M] () -- C:\Users\kennett\ntuser.dat_previous
[2010/07/19 16:14:22 | 016,418,923 | ---- | M] () -- C:\Users\kennett\Documents\Backup.cab
[2010/07/16 23:20:17 | 000,004,787 | ---- | M] () -- C:\Users\kennett\Documents\Wii.PIE

========== Files Created - No Company Name ==========

[2010/08/14 19:02:28 | 000,157,071 | ---- | C] () -- C:\Users\kennett\Documents\application forms.pdf
[2010/08/08 17:19:28 | 000,080,384 | ---- | C] () -- C:\Users\kennett\Desktop\MBRCheck.exe
[2010/08/08 12:43:43 | 000,059,058 | ---- | C] () -- C:\Users\kennett\Documents\enrol.pdf
[2010/08/05 21:06:50 | 000,256,512 | ---- | C] () -- C:\Windows\PEV.exe
[2010/08/05 21:06:50 | 000,080,412 | ---- | C] () -- C:\Windows\grep.exe
[2010/08/05 21:06:50 | 000,077,312 | ---- | C] () -- C:\Windows\MBR.exe
[2010/08/05 21:06:50 | 000,068,096 | ---- | C] () -- C:\Windows\zip.exe
[2010/08/05 21:06:49 | 000,098,816 | ---- | C] () -- C:\Windows\sed.exe
[2010/07/29 18:33:31 | 003,815,943 | R--- | C] () -- C:\Users\kennett\Desktop\ComboFix.exe
[2010/07/20 20:48:46 | 000,000,000 | ---- | C] () -- C:\Users\kennett\defogger_reenable
[2010/07/20 20:06:09 | 000,000,860 | ---- | C] () -- C:\Users\Public\Desktop\Malwarebytes' Anti-Malware.lnk
[2010/07/20 19:51:38 | 000,000,000 | RHS- | C] () -- C:\MSDOS.SYS
[2010/07/20 19:51:38 | 000,000,000 | RHS- | C] () -- C:\IO.SYS
[2010/07/19 23:18:20 | 000,001,882 | ---- | C] () -- C:\Users\Public\Desktop\avast! Free Antivirus.lnk
[2010/07/19 22:59:17 | 000,000,838 | ---- | C] () -- C:\Users\kennett\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\SpywareGuard.lnk
[2010/07/19 22:59:17 | 000,000,802 | ---- | C] () -- C:\Users\kennett\Desktop\SpywareGuard.lnk
[2010/07/19 22:57:43 | 000,000,854 | ---- | C] () -- C:\Users\kennett\Desktop\SpywareBlaster.lnk
[2010/07/19 16:14:22 | 016,418,923 | ---- | C] () -- C:\Users\kennett\Documents\Backup.cab
[2010/07/16 22:50:23 | 000,004,787 | ---- | C] () -- C:\Users\kennett\Documents\Wii.PIE
[2009/10/28 21:20:22 | 000,006,656 | ---- | C] () -- C:\Windows\System32\stacutil.dll
[2009/07/21 00:01:10 | 000,057,344 | ---- | C] () -- C:\Windows\System32\ff_vfw.dll
[2009/07/21 00:01:10 | 000,000,547 | ---- | C] () -- C:\Windows\System32\ff_vfw.dll.manifest
[2009/05/13 21:36:13 | 000,000,097 | ---- | C] () -- C:\Windows\System32\PICSDK.ini
[2008/07/17 21:07:58 | 000,022,328 | ---- | C] () -- C:\Windows\System32\drivers\PnkBstrK.sys
[2008/07/17 21:06:17 | 000,999,424 | ---- | C] () -- C:\Windows\System32\WLIHVUI.dll
[2008/07/17 21:06:16 | 001,060,424 | ---- | C] () -- C:\Windows\System32\WdfCoInstaller01000.dll
[2008/07/17 21:06:10 | 003,596,288 | ---- | C] () -- C:\Windows\System32\qt-dx331.dll
[2008/07/17 21:06:09 | 000,000,000 | ---- | C] () -- C:\Windows\System32\px.ini
[2008/07/17 21:05:55 | 002,463,976 | ---- | C] () -- C:\Windows\System32\NPSWF32.dll
[2008/07/17 21:05:41 | 000,000,416 | ---- | C] () -- C:\Windows\System32\dtu100.dll.manifest
[2008/07/17 21:05:40 | 000,434,176 | ---- | C] () -- C:\Windows\System32\dlbtutil.dll
[2008/07/17 21:05:40 | 000,176,128 | ---- | C] () -- C:\Windows\System32\dlbtinsb.dll
[2008/07/17 21:05:40 | 000,159,744 | ---- | C] () -- C:\Windows\System32\dlbtins.dll
[2008/07/17 21:05:40 | 000,135,168 | ---- | C] () -- C:\Windows\System32\dlbtjswr.dll
[2008/07/17 21:05:40 | 000,106,496 | ---- | C] () -- C:\Windows\System32\dlbtinsr.dll
[2008/07/17 21:05:40 | 000,086,016 | ---- | C] () -- C:\Windows\System32\dlbtcub.dll
[2008/07/17 21:05:40 | 000,073,728 | ---- | C] () -- C:\Windows\System32\dlbtcu.dll
[2008/07/17 21:05:40 | 000,040,960 | ---- | C] () -- C:\Windows\System32\dlbtvs.dll
[2008/07/17 21:05:40 | 000,036,864 | ---- | C] () -- C:\Windows\System32\dlbtcur.dll
[2008/07/17 21:05:39 | 000,344,064 | ---- | C] () -- C:\Windows\System32\dlbtcoin.dll
[2008/07/17 21:05:39 | 000,069,632 | ---- | C] () -- C:\Windows\System32\dlbtcfg.dll
[2008/07/17 21:05:39 | 000,061,440 | ---- | C] () -- C:\Windows\System32\dlbtcnv4.dll
[2008/07/17 21:05:34 | 000,043,520 | ---- | C] () -- C:\Windows\System32\CmdLineExt03.dll
[2008/07/17 21:05:33 | 000,520,192 | ---- | C] () -- C:\Windows\System32\CddbPlaylist2Roxio.dll
[2008/07/17 21:05:33 | 000,204,800 | ---- | C] () -- C:\Windows\System32\CddbFileTaggerRoxio.dll
[2008/07/17 21:05:18 | 000,159,744 | ---- | C] () -- C:\Windows\System32\atitmmxx.dll
[2008/07/17 19:28:57 | 000,000,067 | ---- | C] () -- C:\Windows\Easy Avi Divx Xvid to DVD Burner.INI
[2008/07/17 18:52:51 | 000,016,480 | ---- | C] () -- C:\Windows\System32\rixdicon.dll
[2007/06/28 20:54:10 | 000,180,224 | ---- | C] () -- C:\Windows\System32\xvidvfw.dll
[2007/06/28 20:52:18 | 000,765,952 | ---- | C] () -- C:\Windows\System32\xvidcore.dll
[2006/11/03 17:25:56 | 000,389,120 | ---- | C] () -- C:\Windows\System32\btwhidcs.dll
[2006/11/02 22:35:32 | 000,005,632 | ---- | C] () -- C:\Windows\System32\sysprepMCE.dll
[2006/11/02 17:40:29 | 000,013,750 | ---- | C] () -- C:\Windows\System32\pacerprf.ini
[2001/11/14 12:56:00 | 001,802,240 | ---- | C] () -- C:\Windows\System32\lcppn21.dll

========== Custom Scans ==========


< %SYSTEMDRIVE%\*.* >
[2006/09/19 07:43:36 | 000,000,024 | ---- | M] () -- C:\autoexec.bat
[2006/11/02 19:53:57 | 000,438,840 | RHS- | M] () -- C:\bootmgr
[2010/08/06 16:38:56 | 000,011,526 | ---- | M] () -- C:\ComboFix.txt
[2006/09/19 07:43:37 | 000,000,010 | ---- | M] () -- C:\config.sys
[2010/08/08 16:41:43 | 2145,431,552 | -HS- | M] () -- C:\hiberfil.sys
[2010/07/20 19:51:38 | 000,000,000 | RHS- | M] () -- C:\IO.SYS
[2010/08/06 17:39:35 | 000,001,169 | ---- | M] () -- C:\mbam-log-2010-08-06 (17-39-04).txt
[2010/07/20 19:51:38 | 000,000,000 | RHS- | M] () -- C:\MSDOS.SYS
[2010/08/08 16:41:41 | 2459,357,184 | -HS- | M] () -- C:\pagefile.sys
[2010/07/19 20:38:32 | 000,000,000 | -H-- | M] () -- C:\ProgramData.LOG1
[2010/07/19 20:38:32 | 000,000,000 | -H-- | M] () -- C:\ProgramData.LOG2
[2010/08/06 16:47:07 | 000,060,240 | ---- | M] () -- C:\TDSSKiller log.txt

< %systemroot%\*. /mp /s >

< %systemroot%\system32\*.dll /lockedfiles >
[2006/11/02 19:47:18 | 000,228,968 | ---- | M] (Microsoft Corporation) Unable to obtain MD5 -- C:\Windows\System32\rsaenh.dll
[2009/04/01 13:41:16 | 000,223,232 | ---- | M] (Microsoft Corporation) Unable to obtain MD5 -- C:\Windows\System32\SLC.dll

< %systemroot%\Tasks\*.job /lockedfiles >

< %systemroot%\System32\config\*.sav >
[2006/11/02 20:34:05 | 000,008,192 | ---- | M] () -- C:\Windows\System32\config\COMPONENTS.SAV
[2006/11/02 20:34:05 | 000,020,480 | ---- | M] () -- C:\Windows\System32\config\DEFAULT.SAV
[2006/11/02 20:34:05 | 000,008,192 | ---- | M] () -- C:\Windows\System32\config\SECURITY.SAV
[2006/11/02 20:34:08 | 010,133,504 | ---- | M] () -- C:\Windows\System32\config\SOFTWARE.SAV
[2006/11/02 20:34:08 | 001,826,816 | ---- | M] () -- C:\Windows\System32\config\SYSTEM.SAV

< %systemroot%\system32\drivers\*.sys /90 >
[2010/06/29 06:32:33 | 000,017,744 | ---- | M] (ALWIL Software) -- C:\Windows\System32\drivers\aswFsBlk.sys
[2010/06/29 06:32:56 | 000,050,256 | ---- | M] (ALWIL Software) -- C:\Windows\System32\drivers\aswMonFlt.sys
[2010/06/29 06:33:13 | 000,023,376 | ---- | M] (ALWIL Software) -- C:\Windows\System32\drivers\aswRdr.sys
[2010/06/29 06:37:30 | 000,165,456 | ---- | M] (ALWIL Software) -- C:\Windows\System32\drivers\aswSP.sys
[2010/06/29 06:37:52 | 000,046,672 | ---- | M] (ALWIL Software) -- C:\Windows\System32\drivers\aswTdi.sys

========== Alternate Data Streams ==========

@Alternate Data Stream - 76 bytes -> C:\Users\kennett\Documents\Temp Internet Files:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Users\kennett\Documents\Incomplete:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Users\kennett\Documents\Downloads:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Users\kennett\Documents\Dell Webcam Center:Roxio EMC Stream
@Alternate Data Stream - 205 bytes -> C:\ProgramData\TEMP:DFC5A2B2
@Alternate Data Stream - 119 bytes -> C:\ProgramData\TEMP:CB0AACC9
@Alternate Data Stream - 118 bytes -> C:\ProgramData\TEMP:5C321E34
@Alternate Data Stream - 114 bytes -> C:\ProgramData\TEMP:A8ADE5D8
@Alternate Data Stream - 101 bytes -> C:\ProgramData\TEMP:661DFA1C
< End of report >


#15 aommaster

aommaster

    I !<3 malware


  • Malware Response Team
  • 5,289 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Dubai
  • Local time:02:58 PM

Posted 08 August 2010 - 02:56 AM

Hi!

Are you using a router to connect to the internet?

My website: http://aommaster.com
unite_blue.png
Please do not send me PM's requesting for help. The forums are there for a reason : )
If I am helping you and do not respond to your thread for 48 hours, please send me a PM





0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users