Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Unknown infection, Repeated Redirect Attempts


  • This topic is locked This topic is locked
12 replies to this topic

#1 Mister Sam

Mister Sam

  • Members
  • 7 posts
  • OFFLINE
  •  
  • Local time:11:46 PM

Posted 07 August 2010 - 05:00 PM

Hey, I'm new here, just looking to get rid of a virus that I picked up while messing around downloading beta drivers for my laptop. I downloaded SOMEthing bad, started getting redirects on google, then everywhere. Installed nod32, which removed a few things, but every two seconds notifies me of a redirect attempt. Now, I am having troubles even operating it, because of BSOD's while running these utilities (took me a few tries to get a complete set of logs) and when I disabled my virus protection for a few seconds, I immediately got one of those fake antivirus programs "helpfully scanning my computer". so I have included two logs that microsoft thought might be helpful for the BSOD's and the other information requested as well.


DDS (Ver_10-03-17.01) - NTFSx86
Run by Sam at 17:08:22.63 on Sat 08/07/2010
Internet Explorer: 8.0.7600.16385
Microsoft Windows 7 Ultimate 6.1.7600.0.1252.1.1033.18.2687.1470 [GMT -4:00]


============== Running Processes ===============

C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\nvvsvc.exe
C:\Windows\system32\svchost.exe -k RPCSS
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\AUDIODG.EXE
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\rundll32.exe
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Windows\system32\taskhost.exe
C:\Program Files\ESET\ESET NOD32 Antivirus\ekrn.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Program Files\Common Files\Logishrd\LVMVFM\LVPrcSrv.exe
C:\Program Files\Logitech\LWS\Webcam Software\LWS.exe
C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe
C:\Windows\System32\rundll32.exe
C:\Windows\Temp\obuc.tmp\setup.exe
C:\Windows\System32\svchost.exe -k HPZ12
C:\Windows\System32\svchost.exe -k HPZ12
C:\Windows\system32\svchost.exe -k imgsvc
C:\Windows\system32\DRIVERS\xaudio.exe
C:\Program Files\Common Files\microsoft shared\ink\pl-PL\operacyjnytipresx.exe
C:\Program Files\Digsby\lib\digsby-app.exe
C:\Program Files\Java\jre6\bin\javaw.exe
C:\Windows\system32\SearchIndexer.exe
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
c:\program files\common files\system\ado\en-us\microsoftmsader15.exe
C:\Windows\System32\svchost.exe -k LocalServicePeerNet
c:\program files\common files\system\msadc\el-gr\msdaremroperating.exe
c:\program files\microsoft games\hearts\de-de\betriebssystemhearts.exe
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\Windows\system32\svchost.exe -k HPService
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Windows\System32\svchost.exe -k secsvcs
C:\PROGRA~1\MEDIAM~1\MEDIAM~2.EXE
C:\Windows\system32\wuauclt.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Windows\system32\SearchProtocolHost.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Users\Sam\Desktop\dds.scr
C:\Windows\system32\conhost.exe

============== Pseudo HJT Report ===============

BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll
BHO: Digsby Donates: {998a3c0c-8914-4d2a-ae36-bfa2e5ae6d5d} - c:\program files\digsby donates\ShoppingBHO.dll
BHO: Java™ Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
mRun: [Adobe Reader Speed Launcher] "c:\program files\adobe\reader 9.0\reader\Reader_sl.exe"
mRun: [Adobe ARM] "c:\program files\common files\adobe\arm\1.0\AdobeARM.exe"
mRun: [LWS] c:\program files\logitech\lws\webcam software\LWS.exe -hide
mRun: [egui] "c:\program files\eset\eset nod32 antivirus\egui.exe" /hide /waitservice
mRun: [NvCplDaemon] RUNDLL32.EXE c:\windows\system32\NvCpl.dll,NvStartup
mRun: [NvMediaCenter] RUNDLL32.EXE c:\windows\system32\NvMcTray.dll,NvTaskbarInit
mRun: [setup] c:\windows\temp\obuc.tmp\setup.exe
mRun: [tipresxSystem] c:\program files\common files\microsoft shared\ink\pl-pl\operacyjnytipresx.exe
mRunServices: [setup] c:\windows\temp\obuc.tmp\setup.exe
mRunServices: [msaddsrmsadcer] c:\program files\common files\system\msadc\el-gr\msdaremroperating.exe
mRunServices: [heartsBetriebssystem] c:\program files\microsoft games\hearts\de-de\betriebssystemhearts.exe
mRunServices: [TorrentuTorrent] c:\program files\utorrent\utorrenttorrent.exe
mRunServices: [Microsoftmsader15] c:\program files\common files\system\ado\en-us\microsoftmsader15.exe
mRunServices: [vListFileIO10.1] c:\program files\cryptic comet\solium infernum\xtras\bitsvlist3.7.exe
mRunServices: [tipresxWindows] c:\program files\common files\microsoft shared\ink\pl-pl\operacyjnytipresx.exe
StartupFolder: c:\users\sam\appdata\roaming\micros~1\windows\startm~1\programs\startup\digsby.lnk - c:\program files\digsby\digsby.exe
StartupFolder: c:\users\sam\appdata\roaming\micros~1\windows\startm~1\programs\startup\jdownl~1.lnk - c:\users\sam\downloads\jdownloader 0.8.9\JDownloader.exe
StartupFolder: c:\users\sam\appdata\roaming\micros~1\windows\startm~1\programs\startup\rivatu~1.lnk - c:\program files\rivatuner v2.24 msi master overclocking arena 2009 edition\RivaTunerWrapper.exe
mPolicies-system: ConsentPromptBehaviorAdmin = 0 (0x0)
mPolicies-system: ConsentPromptBehaviorUser = 3 (0x3)
mPolicies-system: EnableLUA = 0 (0x0)
mPolicies-system: EnableUIADesktopToggle = 0 (0x0)
mPolicies-system: PromptOnSecureDesktop = 0 (0x0)
IE: E&xport to Microsoft Excel - c:\progra~1\micros~2\office12\EXCEL.EXE/3000
IE: {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - {CAFEEFAC-0016-0000-0013-ABCDEFFEDCBC} - c:\program files\java\jre6\bin\ssv.dll
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_13-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0013-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_13-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_13-windows-i586.cab
DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - c:\progra~1\common~1\skype\SKYPE4~1.DLL

================= FIREFOX ===================

FF - ProfilePath - c:\users\sam\appdata\roaming\mozilla\firefox\profiles\97axlzq1.default\
FF - component: c:\program files\mozilla firefox\extensions\{ab2ce124-6272-4b12-94a9-7303c7397bd1}\components\SkypeFfComponent.dll
FF - component: c:\users\sam\appdata\roaming\mozilla\firefox\profiles\97axlzq1.default\extensions\afom@idevfh\components\npAFOM.dll
FF - plugin: c:\program files\google\update\1.2.183.29\npGoogleOneClick8.dll
FF - plugin: c:\users\sam\appdata\locallow\unity\webplayer\loader\npUnity3D32.dll

---- FIREFOX POLICIES ----
c:\program files\mozilla firefox\greprefs\all.js - pref("ui.use_native_colors", true);
c:\program files\mozilla firefox\greprefs\all.js - pref("ui.use_native_popup_windows", false);
c:\program files\mozilla firefox\greprefs\all.js - pref("browser.enable_click_image_resizing", true);
c:\program files\mozilla firefox\greprefs\all.js - pref("accessibility.browsewithcaret_shortcut.enabled", true);
c:\program files\mozilla firefox\greprefs\all.js - pref("javascript.options.mem.high_water_mark", 32);
c:\program files\mozilla firefox\greprefs\all.js - pref("javascript.options.mem.gc_frequency", 1600);
c:\program files\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.lu", true);
c:\program files\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.nu", true);
c:\program files\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.nz", true);
c:\program files\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgbaam7a8h", true);
c:\program files\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgberp4a5d4ar", true);
c:\program files\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--p1ai", true);
c:\program files\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgbayh7gpa", true);
c:\program files\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.tel", true);
c:\program files\mozilla firefox\greprefs\all.js - pref("network.auth.force-generic-ntlm", false);
c:\program files\mozilla firefox\greprefs\all.js - pref("network.proxy.type", 5);
c:\program files\mozilla firefox\greprefs\all.js - pref("network.buffer.cache.count", 24);
c:\program files\mozilla firefox\greprefs\all.js - pref("network.buffer.cache.size", 4096);
c:\program files\mozilla firefox\greprefs\all.js - pref("dom.ipc.plugins.timeoutSecs", 45);
c:\program files\mozilla firefox\greprefs\all.js - pref("svg.smil.enabled", false);
c:\program files\mozilla firefox\greprefs\all.js - pref("ui.trackpoint_hack.enabled", -1);
c:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.debug", false);
c:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.agedWeight", 2);
c:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.bucketSize", 1);
c:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.maxTimeGroupings", 25);
c:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.timeGroupingSize", 604800);
c:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.boundaryWeight", 25);
c:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.prefixWeight", 5);
c:\program files\mozilla firefox\greprefs\all.js - pref("accelerometer.enabled", true);
c:\program files\mozilla firefox\greprefs\all.js - pref("html5.enable", false);
c:\program files\mozilla firefox\greprefs\security-prefs.js - pref("security.ssl.allow_unrestricted_renego_everywhere__temporarily_available_pref", true);
c:\program files\mozilla firefox\greprefs\security-prefs.js - pref("security.ssl.renego_unrestricted_hosts", "");
c:\program files\mozilla firefox\greprefs\security-prefs.js - pref("security.ssl.treat_unsafe_negotiation_as_broken", false);
c:\program files\mozilla firefox\greprefs\security-prefs.js - pref("security.ssl.require_safe_negotiation", false);
c:\program files\mozilla firefox\greprefs\security-prefs.js - pref("security.ssl3.rsa_seed_sha", true);
c:\program files\mozilla firefox\defaults\pref\firefox-branding.js - pref("app.update.download.backgroundInterval", 600);
c:\program files\mozilla firefox\defaults\pref\firefox-branding.js - pref("app.update.url.manual", "http://www.firefox.com");
c:\program files\mozilla firefox\defaults\pref\firefox-branding.js - pref("browser.search.param.yahoo-fr-ja", "mozff");
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.name", "chrome://browser/locale/browser.properties");
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.description", "chrome://browser/locale/browser.properties");
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("xpinstall.whitelist.add", "addons.mozilla.org");
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("xpinstall.whitelist.add.36", "getpersonas.com");
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("lightweightThemes.update.enabled", true);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("browser.allTabs.previews", false);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("plugins.hide_infobar_for_outdated_plugin", false);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("plugins.update.notifyUser", false);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("toolbar.customization.usesheet", false);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled.nptest.dll", true);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled.npswf32.dll", true);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled.npctrl.dll", true);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled.npqtplugin.dll", true);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled", false);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("browser.taskbar.previews.enable", false);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("browser.taskbar.previews.max", 20);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("browser.taskbar.previews.cachetime", 20);

============= SERVICES / DRIVERS ===============

R1 vwififlt;Virtual WiFi Filter Driver;c:\windows\system32\drivers\vwififlt.sys [2009-7-13 48128]
R2 eamonm;eamonm;c:\windows\system32\drivers\eamonm.sys [2010-6-24 136120]
R2 ekrn;ESET Service;c:\program files\eset\eset nod32 antivirus\ekrn.exe [2010-6-24 810144]
R2 epfwwfpr;epfwwfpr;c:\windows\system32\drivers\epfwwfpr.sys [2010-4-28 96896]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\microsoft.net\framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
S2 gupdate1ca9f7463c53bfc;Google Update Service (gupdate1ca9f7463c53bfc);c:\program files\google\update\GoogleUpdate.exe [2010-1-27 133104]
S3 b57nd60x;Broadcom NetXtreme Gigabit Ethernet - NDIS 6.0;c:\windows\system32\drivers\b57nd60x.sys [2009-7-13 229888]
S3 SrvHsfHDA;SrvHsfHDA;c:\windows\system32\drivers\VSTAZL3.SYS [2009-7-13 207360]
S3 SrvHsfV92;SrvHsfV92;c:\windows\system32\drivers\VSTDPV3.SYS [2009-7-13 980992]
S3 SrvHsfWinac;SrvHsfWinac;c:\windows\system32\drivers\VSTCNXT3.SYS [2009-7-13 661504]
S3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\wat\WatAdminSvc.exe [2010-2-23 1343400]

=============== Created Last 30 ================

2010-08-07 20:46:43 0 ----a-w- c:\users\sam\defogger_reenable
2010-08-02 08:25:40 0 d-----w- c:\programdata\Blizzard Entertainment
2010-08-02 08:25:40 0 d-----w- c:\program files\StarCraft II
2010-08-02 08:25:40 0 d-----w- c:\program files\common files\Blizzard Entertainment
2010-07-28 23:45:58 142416 ----a-w- c:\windows\system32\drivers\yqadxupj.sys
2010-07-28 10:41:05 0 d-----w- c:\windows\system32\MpEngineStore
2010-07-28 10:17:21 174 ----a-w- c:\windows\system32\MRT.INI
2010-07-28 10:13:26 797216 ----a-w- c:\windows\system32\nvcplui.exe
2010-07-28 10:13:26 1108512 ----a-w- c:\windows\system32\nvcpluir.dll
2010-07-28 10:13:25 420384 ----a-w- c:\windows\system32\nvcpl.cpl
2010-07-28 09:52:38 453152 ----a-w- c:\windows\system32\NVUNINST.EXE
2010-07-28 08:25:58 0 d-----w- C:\6c27a364b56f68833a31841522
2010-07-28 08:25:31 0 d-----w- C:\SwSetup
2010-07-15 02:54:58 0 d-----w- c:\programdata\ESET
2010-07-15 02:54:58 0 d-----w- c:\program files\ESET

==================== Find3M ====================

2010-07-14 21:15:50 208144 ---ha-w- c:\windows\system32\mlfcache.dat
2010-06-24 13:04:14 136120 ----a-w- c:\windows\system32\drivers\eamonm.sys
2010-05-27 07:24:13 34304 ----a-w- c:\windows\system32\atmlib.dll
2010-05-27 03:49:37 293888 ----a-w- c:\windows\system32\atmfd.dll
2010-05-21 18:14:28 221568 ------w- c:\windows\system32\MpSigStub.exe
2010-05-21 05:18:06 977920 ----a-w- c:\windows\system32\wininet.dll
2010-05-15 02:03:24 539232 ----a-w- c:\windows\system32\LVUI2RC.dll
2010-05-15 02:03:12 543328 ----a-w- c:\windows\system32\LVUI2.dll
2010-05-15 01:59:54 203360 ----a-w- c:\windows\system32\lvci1301783.dll
2010-05-15 01:59:32 416352 ----a-w- c:\windows\system32\lvcodec2.dll
2010-05-15 01:56:06 10830680 ----a-w- c:\windows\system32\LogiDPP.dll
2010-05-15 01:56:06 102744 ----a-w- c:\windows\system32\LogiDPPApp.exe
2010-05-15 01:55:58 290648 ----a-w- c:\windows\system32\DevManagerCore.dll
2010-05-15 01:46:48 37518 ----a-w- c:\windows\system32\Repository.reg
2009-09-12 04:33:12 31548 ----a-w- c:\windows\inf\perflib\0411\perfd.dat
2009-09-12 04:33:12 31548 ----a-w- c:\windows\inf\perflib\0411\perfc.dat
2009-09-12 04:33:12 141988 ----a-w- c:\windows\inf\perflib\0411\perfi.dat
2009-09-12 04:33:12 141988 ----a-w- c:\windows\inf\perflib\0411\perfh.dat
2009-09-12 04:23:55 45182 ----a-w- c:\windows\inf\perflib\0408\perfd.dat
2009-09-12 04:23:55 45182 ----a-w- c:\windows\inf\perflib\0408\perfc.dat
2009-09-12 04:23:55 369984 ----a-w- c:\windows\inf\perflib\0408\perfi.dat
2009-09-12 04:23:55 369984 ----a-w- c:\windows\inf\perflib\0408\perfh.dat
2009-09-12 04:14:18 42056 ----a-w- c:\windows\inf\perflib\0401\perfd.dat
2009-09-12 04:14:18 42056 ----a-w- c:\windows\inf\perflib\0401\perfc.dat
2009-09-12 04:14:18 289060 ----a-w- c:\windows\inf\perflib\0401\perfi.dat
2009-09-12 04:14:18 289060 ----a-w- c:\windows\inf\perflib\0401\perfh.dat
2009-09-12 04:06:03 39446 ----a-w- c:\windows\inf\perflib\0419\perfd.dat
2009-09-12 04:06:03 39446 ----a-w- c:\windows\inf\perflib\0419\perfc.dat
2009-09-12 04:06:03 336704 ----a-w- c:\windows\inf\perflib\0419\perfi.dat
2009-09-12 04:06:03 336704 ----a-w- c:\windows\inf\perflib\0419\perfh.dat
2009-09-12 03:57:25 41390 ----a-w- c:\windows\inf\perflib\0c0a\perfd.dat
2009-09-12 03:57:25 41390 ----a-w- c:\windows\inf\perflib\0c0a\perfc.dat
2009-09-12 03:57:25 341432 ----a-w- c:\windows\inf\perflib\0c0a\perfi.dat
2009-09-12 03:57:25 341432 ----a-w- c:\windows\inf\perflib\0c0a\perfh.dat
2009-09-12 03:49:58 37534 ----a-w- c:\windows\inf\perflib\0410\perfd.dat
2009-09-12 03:49:58 37534 ----a-w- c:\windows\inf\perflib\0410\perfc.dat
2009-09-12 03:49:58 335478 ----a-w- c:\windows\inf\perflib\0410\perfi.dat
2009-09-12 03:49:58 335478 ----a-w- c:\windows\inf\perflib\0410\perfh.dat
2009-09-12 03:42:31 31548 ----a-w- c:\windows\inf\perflib\0404\perfd.dat
2009-09-12 03:42:31 31548 ----a-w- c:\windows\inf\perflib\0404\perfc.dat
2009-09-12 03:42:31 117840 ----a-w- c:\windows\inf\perflib\0404\perfi.dat
2009-09-12 03:42:31 117840 ----a-w- c:\windows\inf\perflib\0404\perfh.dat
2009-09-12 03:34:47 31548 ----a-w- c:\windows\inf\perflib\0412\perfd.dat
2009-09-12 03:34:47 31548 ----a-w- c:\windows\inf\perflib\0412\perfc.dat
2009-09-12 03:34:47 157694 ----a-w- c:\windows\inf\perflib\0412\perfi.dat
2009-09-12 03:34:47 157694 ----a-w- c:\windows\inf\perflib\0412\perfh.dat
2009-09-12 03:28:05 38160 ----a-w- c:\windows\inf\perflib\040c\perfd.dat
2009-09-12 03:28:05 38160 ----a-w- c:\windows\inf\perflib\040c\perfc.dat
2009-09-12 03:28:05 344522 ----a-w- c:\windows\inf\perflib\040c\perfi.dat
2009-09-12 03:28:05 344522 ----a-w- c:\windows\inf\perflib\040c\perfh.dat
2009-09-12 03:21:49 31548 ----a-w- c:\windows\inf\perflib\0804\perfd.dat
2009-09-12 03:21:49 31548 ----a-w- c:\windows\inf\perflib\0804\perfc.dat
2009-09-12 03:21:49 111310 ----a-w- c:\windows\inf\perflib\0804\perfi.dat
2009-09-12 03:21:49 111310 ----a-w- c:\windows\inf\perflib\0804\perfh.dat
2009-09-12 03:15:06 36156 ----a-w- c:\windows\inf\perflib\0414\perfd.dat
2009-09-12 03:15:06 36156 ----a-w- c:\windows\inf\perflib\0414\perfc.dat
2009-09-12 03:15:06 298300 ----a-w- c:\windows\inf\perflib\0414\perfi.dat
2009-09-12 03:15:06 298300 ----a-w- c:\windows\inf\perflib\0414\perfh.dat
2009-09-12 03:08:46 38104 ----a-w- c:\windows\inf\perflib\0407\perfd.dat
2009-09-12 03:08:46 38104 ----a-w- c:\windows\inf\perflib\0407\perfc.dat
2009-09-12 03:08:46 295922 ----a-w- c:\windows\inf\perflib\0407\perfi.dat
2009-09-12 03:08:46 295922 ----a-w- c:\windows\inf\perflib\0407\perfh.dat
2009-07-14 04:56:42 31548 ----a-w- c:\windows\inf\perflib\0409\perfd.dat
2009-07-14 04:56:42 31548 ----a-w- c:\windows\inf\perflib\0409\perfc.dat
2009-07-14 04:56:42 291294 ----a-w- c:\windows\inf\perflib\0409\perfi.dat
2009-07-14 04:56:42 291294 ----a-w- c:\windows\inf\perflib\0409\perfh.dat
2009-07-14 04:41:57 174 --sha-w- c:\program files\desktop.ini
2009-07-14 00:34:40 291294 ----a-w- c:\windows\inf\perflib\0000\perfi.dat
2009-07-14 00:34:40 291294 ----a-w- c:\windows\inf\perflib\0000\perfh.dat
2009-07-14 00:34:38 31548 ----a-w- c:\windows\inf\perflib\0000\perfd.dat
2009-07-14 00:34:38 31548 ----a-w- c:\windows\inf\perflib\0000\perfc.dat
2003-08-05 15:41:44 53248 ----a-w- c:\windows\inf\ap561.exe
2002-11-26 20:24:58 32768 ----a-w- c:\windows\inf\Remove561.exe
2002-11-22 19:56:52 118784 ----a-w- c:\windows\inf\ShowBmp.exe
2002-10-29 22:07:44 36864 ----a-w- c:\windows\inf\Setup8a.exe
2002-10-01 18:43:32 119798 ----a-w- c:\windows\inf\spca561.sys
2009-06-10 21:26:35 9633792 --sha-r- c:\windows\fonts\StaticCache.dat
2010-02-23 22:05:53 245760 --sha-w- c:\windows\serviceprofiles\networkservice\appdata\roaming\microsoft\windows\ietldcache\index.dat
2009-07-14 01:14:45 396800 --sha-w- c:\windows\winsxs\x86_microsoft-windows-mail-app_31bf3856ad364e35_6.1.7600.16385_none_f12e83abb108c86c\WinMail.exe

============= FINISH: 17:10:57.19 ===============

***BSOD MEMORY DUMP***

Well it turns out I can't upload this type of file. If my helper wants to see them, I can provide them through megaupload, email, or rapidshare.

Attached Files



BC AdBot (Login to Remove)

 


#2 JSntgRvr

JSntgRvr

    Master Surgeon General


  • Malware Response Team
  • 11,635 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto Rico
  • Local time:11:46 PM

Posted 07 August 2010 - 05:53 PM

Hi, Mister Sam smile.gif

welcome.gif

Please read carefully and follow these steps.
  • Download TDSSKiller and save it to your Desktop.
  • Extract its contents to your desktop.
  • Once extracted, open the TDSSKiller folder and doubleclick on TDSSKiller.exe to run the application, then on Start Scan.




  • If an infected file is detected, the default action will be Cure, click on Continue.




  • If a suspicious file is detected, the default action will be Skip, click on Continue.




  • It may ask you to reboot the computer to complete the process. Click on Reboot Now.




  • If no reboot is require, click on Report. A log file should appear. Please copy and paste the contents of that file here.
  • If a reboot is required, the report can also be found in your root directory, (usually C:\ folder) in the form of "TDSSKiller.[Version]_[Date]_[Time]_log.txt". Please copy and paste the contents of that file here.

No request for help throughout private messaging will be attended.

If I have helped you, consider making a donation to help me continue the fight against Malware!
btn_donate_SM.gif


#3 Mister Sam

Mister Sam
  • Topic Starter

  • Members
  • 7 posts
  • OFFLINE
  •  
  • Local time:11:46 PM

Posted 07 August 2010 - 06:12 PM

Here are the results: My computer is showing these security center alerts every once and a while saying it needs to block suspicions spyware screen.grab.j.exe, Risk: High, trojan, EDIT: And I am also still getting these eset warnings that say ADDRESS Blocked: followed by a really long url and a different IP every time, and I haven't made any response, and here's the log:

2010/08/07 19:01:57.0848 TDSS rootkit removing tool 2.4.1.0 Aug 4 2010 15:06:41
2010/08/07 19:01:57.0848 ================================================================================
2010/08/07 19:01:57.0848 SystemInfo:
2010/08/07 19:01:57.0848
2010/08/07 19:01:57.0848 OS Version: 6.1.7600 ServicePack: 0.0
2010/08/07 19:01:57.0848 Product type: Workstation
2010/08/07 19:01:57.0848 ComputerName: SAM-LAPTOP
2010/08/07 19:01:57.0848 UserName: Sam
2010/08/07 19:01:57.0848 Windows directory: C:\Windows
2010/08/07 19:01:57.0848 System windows directory: C:\Windows
2010/08/07 19:01:57.0848 Processor architecture: Intel x86
2010/08/07 19:01:57.0848 Number of processors: 2
2010/08/07 19:01:57.0848 Page size: 0x1000
2010/08/07 19:01:57.0848 Boot type: Normal boot
2010/08/07 19:01:57.0848 ================================================================================
2010/08/07 19:01:59.0018 Initialize success
2010/08/07 19:02:05.0227 ================================================================================
2010/08/07 19:02:05.0227 Scan started
2010/08/07 19:02:05.0227 Mode: Manual;
2010/08/07 19:02:05.0227 ================================================================================
2010/08/07 19:02:06.0397 1394ohci (6d2aca41739bfe8cb86ee8e85f29697d) C:\Windows\system32\DRIVERS\1394ohci.sys
2010/08/07 19:02:06.0459 ACPI (f0e07d144c8685b8774bc32fc8da4df0) C:\Windows\system32\DRIVERS\ACPI.sys
2010/08/07 19:02:06.0522 AcpiPmi (98d81ca942d19f7d9153b095162ac013) C:\Windows\system32\DRIVERS\acpipmi.sys
2010/08/07 19:02:06.0725 adp94xx (21e785ebd7dc90a06391141aac7892fb) C:\Windows\system32\DRIVERS\adp94xx.sys
2010/08/07 19:02:06.0771 adpahci (0c676bc278d5b59ff5abd57bbe9123f2) C:\Windows\system32\DRIVERS\adpahci.sys
2010/08/07 19:02:06.0818 adpu320 (7c7b5ee4b7b822ec85321fe23a27db33) C:\Windows\system32\DRIVERS\adpu320.sys
2010/08/07 19:02:07.0052 AFD (ddc040fdb01ef1712a6b13e52afb104c) C:\Windows\system32\drivers\afd.sys
2010/08/07 19:02:07.0099 agp440 (507812c3054c21cef746b6ee3d04dd6e) C:\Windows\system32\DRIVERS\agp440.sys
2010/08/07 19:02:07.0161 aic78xx (8b30250d573a8f6b4bd23195160d8707) C:\Windows\system32\DRIVERS\djsvs.sys
2010/08/07 19:02:07.0395 aliide (0d40bcf52ea90fc7df2aeab6503dea44) C:\Windows\system32\DRIVERS\aliide.sys
2010/08/07 19:02:07.0442 amdagp (3c6600a0696e90a463771c7422e23ab5) C:\Windows\system32\DRIVERS\amdagp.sys
2010/08/07 19:02:07.0536 amdide (cd5914170297126b6266860198d1d4f0) C:\Windows\system32\DRIVERS\amdide.sys
2010/08/07 19:02:07.0707 AmdK8 (00dda200d71bac534bf56a9db5dfd666) C:\Windows\system32\DRIVERS\amdk8.sys
2010/08/07 19:02:07.0739 AmdPPM (3cbf30f5370fda40dd3e87df38ea53b6) C:\Windows\system32\DRIVERS\amdppm.sys
2010/08/07 19:02:07.0817 amdsata (2101a86c25c154f8314b24ef49d7fbc2) C:\Windows\system32\DRIVERS\amdsata.sys
2010/08/07 19:02:07.0863 amdsbs (ea43af0c423ff267355f74e7a53bdaba) C:\Windows\system32\DRIVERS\amdsbs.sys
2010/08/07 19:02:08.0019 amdxata (b81c2b5616f6420a9941ea093a92b150) C:\Windows\system32\DRIVERS\amdxata.sys
2010/08/07 19:02:08.0082 AppID (feb834c02ce1e84b6a38f953ca067706) C:\Windows\system32\drivers\appid.sys
2010/08/07 19:02:08.0550 arc (2932004f49677bd84dbc72edb754ffb3) C:\Windows\system32\DRIVERS\arc.sys
2010/08/07 19:02:08.0612 arcsas (5d6f36c46fd283ae1b57bd2e9feb0bc7) C:\Windows\system32\DRIVERS\arcsas.sys
2010/08/07 19:02:08.0675 AsyncMac (add2ade1c2b285ab8378d2daaf991481) C:\Windows\system32\DRIVERS\asyncmac.sys
2010/08/07 19:02:08.0706 atapi (338c86357871c167a96ab976519bf59e) C:\Windows\system32\DRIVERS\atapi.sys
2010/08/07 19:02:08.0987 b06bdrv (1a231abec60fd316ec54c66715543cec) C:\Windows\system32\DRIVERS\bxvbdx.sys
2010/08/07 19:02:09.0065 b57nd60x (bd8869eb9cde6bbe4508d869929869ee) C:\Windows\system32\DRIVERS\b57nd60x.sys
2010/08/07 19:02:09.0314 BCM43XX (f9ce9b5e049efc66b8e6c73c18ee8438) C:\Windows\system32\DRIVERS\bcmwl6.sys
2010/08/07 19:02:09.0579 Beep (505506526a9d467307b3c393dedaf858) C:\Windows\system32\drivers\Beep.sys
2010/08/07 19:02:09.0673 blbdrive (2287078ed48fcfc477b05b20cf38f36f) C:\Windows\system32\DRIVERS\blbdrive.sys
2010/08/07 19:02:09.0720 bowser (fcafaef6798d7b51ff029f99a9898961) C:\Windows\system32\DRIVERS\bowser.sys
2010/08/07 19:02:09.0845 BrFiltLo (9f9acc7f7ccde8a15c282d3f88b43309) C:\Windows\system32\DRIVERS\BrFiltLo.sys
2010/08/07 19:02:09.0923 BrFiltUp (56801ad62213a41f6497f96dee83755a) C:\Windows\system32\DRIVERS\BrFiltUp.sys
2010/08/07 19:02:10.0001 Brserid (845b8ce732e67f3b4133164868c666ea) C:\Windows\System32\Drivers\Brserid.sys
2010/08/07 19:02:10.0032 BrSerWdm (203f0b1e73adadbbb7b7b1fabd901f6b) C:\Windows\System32\Drivers\BrSerWdm.sys
2010/08/07 19:02:10.0157 BrUsbMdm (bd456606156ba17e60a04e18016ae54b) C:\Windows\System32\Drivers\BrUsbMdm.sys
2010/08/07 19:02:10.0235 BrUsbSer (af72ed54503f717a43268b3cc5faec2e) C:\Windows\System32\Drivers\BrUsbSer.sys
2010/08/07 19:02:10.0297 BTHMODEM (ed3df7c56ce0084eb2034432fc56565a) C:\Windows\system32\DRIVERS\bthmodem.sys
2010/08/07 19:02:10.0391 CA561 (50ded7c73e0fb40693edab8cad7c46e7) C:\Windows\system32\Drivers\SPCA561.SYS
2010/08/07 19:02:10.0578 cdfs (77ea11b065e0a8ab902d78145ca51e10) C:\Windows\system32\DRIVERS\cdfs.sys
2010/08/07 19:02:10.0625 cdrom (ba6e70aa0e6091bc39de29477d866a77) C:\Windows\system32\DRIVERS\cdrom.sys
2010/08/07 19:02:10.0703 circlass (3fe3fe94a34df6fb06e6418d0f6a0060) C:\Windows\system32\DRIVERS\circlass.sys
2010/08/07 19:02:10.0905 CLFS (635181e0e9bbf16871bf5380d71db02d) C:\Windows\system32\CLFS.sys
2010/08/07 19:02:11.0046 CmBatt (dea805815e587dad1dd2c502220b5616) C:\Windows\system32\DRIVERS\CmBatt.sys
2010/08/07 19:02:11.0155 cmdide (c537b1db64d495b9b4717b4d6d9edbf2) C:\Windows\system32\DRIVERS\cmdide.sys
2010/08/07 19:02:11.0202 CNG (1b675691ed940766149c93e8f4488d68) C:\Windows\system32\Drivers\cng.sys
2010/08/07 19:02:11.0311 CnxtHdAudService (a4d44ab8423791db757b38150ec599a4) C:\Windows\system32\drivers\CHDRT32.sys
2010/08/07 19:02:11.0483 Compbatt (a6023d3823c37043986713f118a89bee) C:\Windows\system32\DRIVERS\compbatt.sys
2010/08/07 19:02:11.0529 CompositeBus (f1724ba27e97d627f808fb0ba77a28a6) C:\Windows\system32\DRIVERS\CompositeBus.sys
2010/08/07 19:02:11.0592 crcdisk (2c4ebcfc84a9b44f209dff6c6e6c61d1) C:\Windows\system32\DRIVERS\crcdisk.sys
2010/08/07 19:02:11.0810 CSC (27c9490bdd0ae48911ab8cf1932591ed) C:\Windows\system32\drivers\csc.sys
2010/08/07 19:02:11.0873 dc3d (33e7ab50f87f97abd9057205e27cb182) C:\Windows\system32\DRIVERS\dc3d.sys
2010/08/07 19:02:11.0982 DfsC (8e09e52ee2e3ceb199ef3dd99cf9e3fb) C:\Windows\system32\Drivers\dfsc.sys
2010/08/07 19:02:12.0153 discache (1a050b0274bfb3890703d490f330c0da) C:\Windows\system32\drivers\discache.sys
2010/08/07 19:02:12.0216 Disk (565003f326f99802e68ca78f2a68e9ff) C:\Windows\system32\DRIVERS\disk.sys
2010/08/07 19:02:12.0341 drmkaud (b918e7c5f9bf77202f89e1a9539f2eb4) C:\Windows\system32\drivers\drmkaud.sys
2010/08/07 19:02:12.0497 DXGKrnl (8b6c3464d7fac176500061dbfff42ad4) C:\Windows\System32\drivers\dxgkrnl.sys
2010/08/07 19:02:12.0575 eamonm (7cc490e35663a9deaf7020b26b74e64f) C:\Windows\system32\DRIVERS\eamonm.sys
2010/08/07 19:02:13.0027 ebdrv (024e1b5cac09731e4d868e64dbfb4ab0) C:\Windows\system32\DRIVERS\evbdx.sys
2010/08/07 19:02:13.0292 ehdrv (299a7ce452023a99a65d0d28f3b2bbf6) C:\Windows\system32\DRIVERS\ehdrv.sys
2010/08/07 19:02:13.0448 ElbyCDFL (075d91e4de09a6f1ede77c341803d454) C:\Windows\system32\Drivers\ElbyCDFL.sys
2010/08/07 19:02:13.0635 ElbyCDIO (178cc9403816c082d22a1d47fa1f9c85) C:\Windows\system32\Drivers\ElbyCDIO.sys
2010/08/07 19:02:13.0854 elxstor (0ed67910c8c326796faa00b2bf6d9d3c) C:\Windows\system32\DRIVERS\elxstor.sys
2010/08/07 19:02:13.0916 epfwwfpr (176cf1575b6bcb9263a5903d088f7423) C:\Windows\system32\DRIVERS\epfwwfpr.sys
2010/08/07 19:02:14.0010 ErrDev (8fc3208352dd3912c94367a206ab3f11) C:\Windows\system32\DRIVERS\errdev.sys
2010/08/07 19:02:14.0166 exfat (2dc9108d74081149cc8b651d3a26207f) C:\Windows\system32\drivers\exfat.sys
2010/08/07 19:02:14.0244 fastfat (7e0ab74553476622fb6ae36f73d97d35) C:\Windows\system32\drivers\fastfat.sys
2010/08/07 19:02:14.0431 fdc (e817a017f82df2a1f8cfdbda29388b29) C:\Windows\system32\DRIVERS\fdc.sys
2010/08/07 19:02:14.0509 FileInfo (6cf00369c97f3cf563be99be983d13d8) C:\Windows\system32\drivers\fileinfo.sys
2010/08/07 19:02:14.0587 Filetrace (42c51dc94c91da21cb9196eb64c45db9) C:\Windows\system32\drivers\filetrace.sys
2010/08/07 19:02:14.0649 flpydisk (87907aa70cb3c56600f1c2fb8841579b) C:\Windows\system32\DRIVERS\flpydisk.sys
2010/08/07 19:02:14.0868 FltMgr (7520ec808e0c35e0ee6f841294316653) C:\Windows\system32\drivers\fltmgr.sys
2010/08/07 19:02:14.0961 FsDepends (1a16b57943853e598cff37fe2b8cbf1d) C:\Windows\system32\drivers\FsDepends.sys
2010/08/07 19:02:14.0993 Fs_Rec (a574b4360e438977038aae4bf60d79a2) C:\Windows\system32\drivers\Fs_Rec.sys
2010/08/07 19:02:15.0102 fvevol (dafbd9fe39197495aed6d51f3b85b5d2) C:\Windows\system32\DRIVERS\fvevol.sys
2010/08/07 19:02:15.0227 gagp30kx (65ee0c7a58b65e74ae05637418153938) C:\Windows\system32\DRIVERS\gagp30kx.sys
2010/08/07 19:02:15.0398 HBtnKey (7dad592a4d28092d584cfb4deef1373d) C:\Windows\system32\DRIVERS\cpqbttn.sys
2010/08/07 19:02:15.0476 hcw85cir (c44e3c2bab6837db337ddee7544736db) C:\Windows\system32\drivers\hcw85cir.sys
2010/08/07 19:02:15.0554 HdAudAddService (3530cad25deba7dc7de8bb51632cbc5f) C:\Windows\system32\drivers\HdAudio.sys
2010/08/07 19:02:15.0726 HDAudBus (717a2207fd6f13ad3e664c7d5a43c7bf) C:\Windows\system32\DRIVERS\HDAudBus.sys
2010/08/07 19:02:15.0866 HidBatt (1d58a7f3e11a9731d0eaaaa8405acc36) C:\Windows\system32\DRIVERS\HidBatt.sys
2010/08/07 19:02:15.0960 HidBth (89448f40e6df260c206a193a4683ba78) C:\Windows\system32\DRIVERS\hidbth.sys
2010/08/07 19:02:16.0209 HidIr (cf50b4cf4a4f229b9f3c08351f99ca5e) C:\Windows\system32\DRIVERS\hidir.sys
2010/08/07 19:02:16.0350 HidUsb (25072fb35ac90b25f9e4e3bacf774102) C:\Windows\system32\DRIVERS\hidusb.sys
2010/08/07 19:02:16.0506 HpSAMD (295fdc419039090eb8b49ffdbb374549) C:\Windows\system32\DRIVERS\HpSAMD.sys
2010/08/07 19:02:16.0709 HSF_DPV (1882827f41dee51c70e24c567c35bfb5) C:\Windows\system32\DRIVERS\HSX_DPV.sys
2010/08/07 19:02:16.0833 HSXHWAZL (a44ddf3ba83e4664bf4de9220097578c) C:\Windows\system32\DRIVERS\HSXHWAZL.sys
2010/08/07 19:02:16.0958 HTTP (c531c7fd9e8b62021112787c4e2c5a5a) C:\Windows\system32\drivers\HTTP.sys
2010/08/07 19:02:17.0005 hwpolicy (8305f33cde89ad6c7a0763ed0b5a8d42) C:\Windows\system32\drivers\hwpolicy.sys
2010/08/07 19:02:17.0130 i8042prt (f151f0bdc47f4a28b1b20a0818ea36d6) C:\Windows\system32\DRIVERS\i8042prt.sys
2010/08/07 19:02:17.0239 iaStorV (934af4d7c5f457b9f0743f4299b77b67) C:\Windows\system32\DRIVERS\iaStorV.sys
2010/08/07 19:02:17.0301 iirsp (4173ff5708f3236cf25195fecd742915) C:\Windows\system32\DRIVERS\iirsp.sys
2010/08/07 19:02:17.0442 intelide (a0f12f2c9ba6c72f3987ce780e77c130) C:\Windows\system32\DRIVERS\intelide.sys
2010/08/07 19:02:17.0551 intelppm (3b514d27bfc4accb4037bc6685f766e0) C:\Windows\system32\DRIVERS\intelppm.sys
2010/08/07 19:02:17.0598 IpFilterDriver (709d1761d3b19a932ff0238ea6d50200) C:\Windows\system32\DRIVERS\ipfltdrv.sys
2010/08/07 19:02:17.0707 IPMIDRV (e4454b6c37d7ffd5649611f6496308a7) C:\Windows\system32\DRIVERS\IPMIDrv.sys
2010/08/07 19:02:17.0738 IPNAT (a5fa468d67abcdaa36264e463a7bb0cd) C:\Windows\system32\drivers\ipnat.sys
2010/08/07 19:02:17.0863 IRENUM (42996cff20a3084a56017b7902307e9f) C:\Windows\system32\drivers\irenum.sys
2010/08/07 19:02:17.0894 isapnp (1f32bb6b38f62f7df1a7ab7292638a35) C:\Windows\system32\DRIVERS\isapnp.sys
2010/08/07 19:02:18.0003 iScsiPrt (ed46c223ae46c6866ab77cdc41c404b7) C:\Windows\system32\DRIVERS\msiscsi.sys
2010/08/07 19:02:18.0113 kbdclass (adef52ca1aeae82b50df86b56413107e) C:\Windows\system32\DRIVERS\kbdclass.sys
2010/08/07 19:02:18.0175 kbdhid (3d9f0ebf350edcfd6498057301455964) C:\Windows\system32\DRIVERS\kbdhid.sys
2010/08/07 19:02:18.0284 KSecDD (e36a061ec11b373826905b21be10948f) C:\Windows\system32\Drivers\ksecdd.sys
2010/08/07 19:02:18.0362 KSecPkg (365c6154bbbc5377173f1ca7bfb6cc59) C:\Windows\system32\Drivers\ksecpkg.sys
2010/08/07 19:02:18.0549 lltdio (f7611ec07349979da9b0ae1f18ccc7a6) C:\Windows\system32\DRIVERS\lltdio.sys
2010/08/07 19:02:18.0721 LSI_FC (eb119a53ccf2acc000ac71b065b78fef) C:\Windows\system32\DRIVERS\lsi_fc.sys
2010/08/07 19:02:18.0752 LSI_SAS (8ade1c877256a22e49b75d1cc9161f9c) C:\Windows\system32\DRIVERS\lsi_sas.sys
2010/08/07 19:02:18.0877 LSI_SAS2 (dc9dc3d3daa0e276fd2ec262e38b11e9) C:\Windows\system32\DRIVERS\lsi_sas2.sys
2010/08/07 19:02:18.0924 LSI_SCSI (0a036c7d7cab643a7f07135ac47e0524) C:\Windows\system32\DRIVERS\lsi_scsi.sys
2010/08/07 19:02:19.0033 luafv (6703e366cc18d3b6e534f5cf7df39cee) C:\Windows\system32\drivers\luafv.sys
2010/08/07 19:02:19.0127 lvpopflt (af280405c10f0d20f37670b7432e5c2f) C:\Windows\system32\DRIVERS\lvpopflt.sys
2010/08/07 19:02:19.0189 LVPr2Mon (8be71d7edb8c7494913722059f760dd0) C:\Windows\system32\DRIVERS\LVPr2Mon.sys
2010/08/07 19:02:19.0314 LVRS (e52f5a2cadcf08d07f559962f807a0a2) C:\Windows\system32\DRIVERS\lvrs.sys
2010/08/07 19:02:19.0704 LVUVC (c3d02260beb2b48dea1efdfca91e4b69) C:\Windows\system32\DRIVERS\lvuvc.sys
2010/08/07 19:02:20.0016 mdmxsdk (0cea2d0d3fa284b85ed5b68365114f76) C:\Windows\system32\DRIVERS\mdmxsdk.sys
2010/08/07 19:02:20.0094 megasas (0fff5b045293002ab38eb1fd1fc2fb74) C:\Windows\system32\DRIVERS\megasas.sys
2010/08/07 19:02:20.0141 MegaSR (dcbab2920c75f390caf1d29f675d03d6) C:\Windows\system32\DRIVERS\MegaSR.sys
2010/08/07 19:02:20.0203 Modem (f001861e5700ee84e2d4e52c712f4964) C:\Windows\system32\drivers\modem.sys
2010/08/07 19:02:20.0328 monitor (79d10964de86b292320e9dfe02282a23) C:\Windows\system32\DRIVERS\monitor.sys
2010/08/07 19:02:20.0437 mouclass (fb18cc1d4c2e716b6b903b0ac0cc0609) C:\Windows\system32\DRIVERS\mouclass.sys
2010/08/07 19:02:20.0484 mouhid (2c388d2cd01c9042596cf3c8f3c7b24d) C:\Windows\system32\DRIVERS\mouhid.sys
2010/08/07 19:02:20.0609 mountmgr (921c18727c5920d6c0300736646931c2) C:\Windows\system32\drivers\mountmgr.sys
2010/08/07 19:02:20.0655 mpio (2af5997438c55fb79d33d015c30e1974) C:\Windows\system32\DRIVERS\mpio.sys
2010/08/07 19:02:20.0780 mpsdrv (ad2723a7b53dd1aacae6ad8c0bfbf4d0) C:\Windows\system32\drivers\mpsdrv.sys
2010/08/07 19:02:20.0858 MRxDAV (b1be47008d20e43da3adc37c24cdb89d) C:\Windows\system32\drivers\mrxdav.sys
2010/08/07 19:02:21.0014 mrxsmb (f1b6aa08497ea86ca6ef6f7a08b0bfb8) C:\Windows\system32\DRIVERS\mrxsmb.sys
2010/08/07 19:02:21.0077 mrxsmb10 (5613358b4050f46f5a9832da8050d6e4) C:\Windows\system32\DRIVERS\mrxsmb10.sys
2010/08/07 19:02:21.0108 mrxsmb20 (25c9792778d80feb4c8201e62281bfdf) C:\Windows\system32\DRIVERS\mrxsmb20.sys
2010/08/07 19:02:21.0201 msahci (4326d168944123f38dd3b2d9c37a0b12) C:\Windows\system32\DRIVERS\msahci.sys
2010/08/07 19:02:21.0326 msdsm (455029c7174a2dbb03dba8a0d8bddd9a) C:\Windows\system32\DRIVERS\msdsm.sys
2010/08/07 19:02:21.0404 Msfs (daefb28e3af5a76abcc2c3078c07327f) C:\Windows\system32\drivers\Msfs.sys
2010/08/07 19:02:21.0435 mshidkmdf (3e1e5767043c5af9367f0056295e9f84) C:\Windows\System32\drivers\mshidkmdf.sys
2010/08/07 19:02:21.0467 msisadrv (0a4e5757ae09fa9622e3158cc1aef114) C:\Windows\system32\DRIVERS\msisadrv.sys
2010/08/07 19:02:21.0654 MSKSSRV (8c0860d6366aaffb6c5bb9df9448e631) C:\Windows\system32\drivers\MSKSSRV.sys
2010/08/07 19:02:21.0685 MSPCLOCK (3ea8b949f963562cedbb549eac0c11ce) C:\Windows\system32\drivers\MSPCLOCK.sys
2010/08/07 19:02:21.0732 MSPQM (f456e973590d663b1073e9c463b40932) C:\Windows\system32\drivers\MSPQM.sys
2010/08/07 19:02:21.0763 MsRPC (0e008fc4819d238c51d7c93e7b41e560) C:\Windows\system32\drivers\MsRPC.sys
2010/08/07 19:02:21.0810 mssmbios (fc6b9ff600cc585ea38b12589bd4e246) C:\Windows\system32\DRIVERS\mssmbios.sys
2010/08/07 19:02:21.0857 MSTEE (b42c6b921f61a6e55159b8be6cd54a36) C:\Windows\system32\drivers\MSTEE.sys
2010/08/07 19:02:22.0013 MTConfig (33599130f44e1f34631cea241de8ac84) C:\Windows\system32\DRIVERS\MTConfig.sys
2010/08/07 19:02:22.0059 Mup (159fad02f64e6381758c990f753bcc80) C:\Windows\system32\Drivers\mup.sys
2010/08/07 19:02:22.0169 NativeWifiP (26384429fcd85d83746f63e798ab1480) C:\Windows\system32\DRIVERS\nwifi.sys
2010/08/07 19:02:22.0371 NDIS (23759d175a0a9baaf04d05047bc135a8) C:\Windows\system32\drivers\ndis.sys
2010/08/07 19:02:22.0449 NdisCap (0e1787aa6c9191d3d319e8bafe86f80c) C:\Windows\system32\DRIVERS\ndiscap.sys
2010/08/07 19:02:22.0481 NdisTapi (e4a8aec125a2e43a9e32afeea7c9c888) C:\Windows\system32\DRIVERS\ndistapi.sys
2010/08/07 19:02:22.0652 Ndisuio (b30ae7f2b6d7e343b0df32e6c08fce75) C:\Windows\system32\DRIVERS\ndisuio.sys
2010/08/07 19:02:22.0699 NdisWan (267c415eadcbe53c9ca873dee39cf3a4) C:\Windows\system32\DRIVERS\ndiswan.sys
2010/08/07 19:02:22.0730 NDProxy (af7e7c63dcef3f8772726f86039d6eb4) C:\Windows\system32\drivers\NDProxy.sys
2010/08/07 19:02:22.0933 NetBIOS (80b275b1ce3b0e79909db7b39af74d51) C:\Windows\system32\DRIVERS\netbios.sys
2010/08/07 19:02:22.0995 NetBT (dd52a733bf4ca5af84562a5e2f963b91) C:\Windows\system32\DRIVERS\netbt.sys
2010/08/07 19:02:23.0089 nfrd960 (1d85c4b390b0ee09c7a46b91efb2c097) C:\Windows\system32\DRIVERS\nfrd960.sys
2010/08/07 19:02:23.0229 NPF (b9730495e0cf674680121e34bd95a73b) C:\Windows\system32\drivers\npf.sys
2010/08/07 19:02:23.0323 Npfs (1db262a9f8c087e8153d89bef3d2235f) C:\Windows\system32\drivers\Npfs.sys
2010/08/07 19:02:23.0370 nsiproxy (e9a0a4d07e53d8fea2bb8387a3293c58) C:\Windows\system32\drivers\nsiproxy.sys
2010/08/07 19:02:23.0463 Ntfs (3795dcd21f740ee799fb7223234215af) C:\Windows\system32\drivers\Ntfs.sys
2010/08/07 19:02:23.0619 NuidFltr (cf7e041663119e09d2e118521ada9300) C:\Windows\system32\DRIVERS\NuidFltr.sys
2010/08/07 19:02:23.0697 Null (f9756a98d69098dca8945d62858a812c) C:\Windows\system32\drivers\Null.sys
2010/08/07 19:02:23.0791 NVENETFD (b5e37e31c053bc9950455a257526514b) C:\Windows\system32\DRIVERS\nvm62x32.sys
2010/08/07 19:02:24.0275 nvlddmkm (05b288b25c2ebd9a4e9e5114ae790876) C:\Windows\system32\DRIVERS\nvlddmkm.sys
2010/08/07 19:02:24.0587 nvraid (3f3d04b1d08d43c16ea7963954ec768d) C:\Windows\system32\DRIVERS\nvraid.sys
2010/08/07 19:02:24.0649 nvstor (fcc8ed8b939ec2a923cc90f7eeb12954) C:\Windows\system32\DRIVERS\nvstor.sys
2010/08/07 19:02:24.0649 Suspicious file (Forged): C:\Windows\system32\DRIVERS\nvstor.sys. Real md5: fcc8ed8b939ec2a923cc90f7eeb12954, Fake md5: c99f251a5de63c6f129cf71933aced0f
2010/08/07 19:02:24.0649 nvstor - detected Rootkit.Win32.TDSS.tdl3 (0)
2010/08/07 19:02:24.0696 nv_agp (5a0983915f02bae73267cc2a041f717d) C:\Windows\system32\DRIVERS\nv_agp.sys
2010/08/07 19:02:24.0789 ohci1394 (08a70a1f2cdde9bb49b885cb817a66eb) C:\Windows\system32\DRIVERS\ohci1394.sys
2010/08/07 19:02:24.0930 Parport (2ea877ed5dd9713c5ac74e8ea7348d14) C:\Windows\system32\DRIVERS\parport.sys
2010/08/07 19:02:24.0977 partmgr (ff4218952b51de44fe910953a3e686b9) C:\Windows\system32\drivers\partmgr.sys
2010/08/07 19:02:25.0070 Parvdm (eb0a59f29c19b86479d36b35983daadc) C:\Windows\system32\DRIVERS\parvdm.sys
2010/08/07 19:02:25.0164 pci (c858cb77c577780ecc456a892e7e7d0f) C:\Windows\system32\DRIVERS\pci.sys
2010/08/07 19:02:25.0211 pciide (afe86f419014db4e5593f69ffe26ce0a) C:\Windows\system32\DRIVERS\pciide.sys
2010/08/07 19:02:25.0320 pcmcia (f396431b31693e71e8a80687ef523506) C:\Windows\system32\DRIVERS\pcmcia.sys
2010/08/07 19:02:25.0413 pcw (250f6b43d2b613172035c6747aeeb19f) C:\Windows\system32\drivers\pcw.sys
2010/08/07 19:02:25.0460 PEAUTH (9e0104ba49f4e6973749a02bf41344ed) C:\Windows\system32\drivers\peauth.sys
2010/08/07 19:02:25.0803 PptpMiniport (631e3e205ad6d86f2aed6a4a8e69f2db) C:\Windows\system32\DRIVERS\raspptp.sys
2010/08/07 19:02:25.0897 Processor (85b1e3a0c7585bc4aae6899ec6fcf011) C:\Windows\system32\DRIVERS\processr.sys
2010/08/07 19:02:26.0053 Psched (6270ccae2a86de6d146529fe55b3246a) C:\Windows\system32\DRIVERS\pacer.sys
2010/08/07 19:02:26.0256 ql2300 (ab95ecf1f6659a60ddc166d8315b0751) C:\Windows\system32\DRIVERS\ql2300.sys
2010/08/07 19:02:26.0334 ql40xx (b4dd51dd25182244b86737dc51af2270) C:\Windows\system32\DRIVERS\ql40xx.sys
2010/08/07 19:02:26.0505 QWAVEdrv (584078ca1b95ca72df2a27c336f9719d) C:\Windows\system32\drivers\qwavedrv.sys
2010/08/07 19:02:26.0537 RasAcd (30a81b53c766d0133bb86d234e5556ab) C:\Windows\system32\DRIVERS\rasacd.sys
2010/08/07 19:02:26.0615 RasAgileVpn (57ec4aef73660166074d8f7f31c0d4fd) C:\Windows\system32\DRIVERS\AgileVpn.sys
2010/08/07 19:02:26.0677 Rasl2tp (d9f91eafec2815365cbe6d167e4e332a) C:\Windows\system32\DRIVERS\rasl2tp.sys
2010/08/07 19:02:26.0849 RasPppoe (0fe8b15916307a6ac12bfb6a63e45507) C:\Windows\system32\DRIVERS\raspppoe.sys
2010/08/07 19:02:26.0880 RasSstp (44101f495a83ea6401d886e7fd70096b) C:\Windows\system32\DRIVERS\rassstp.sys
2010/08/07 19:02:26.0927 rdbss (835d7e81bf517a3b72384bdcc85e1ce6) C:\Windows\system32\DRIVERS\rdbss.sys
2010/08/07 19:02:26.0973 rdpbus (0d8f05481cb76e70e1da06ee9f0da9df) C:\Windows\system32\DRIVERS\rdpbus.sys
2010/08/07 19:02:27.0020 RDPCDD (1e016846895b15a99f9a176a05029075) C:\Windows\system32\DRIVERS\RDPCDD.sys
2010/08/07 19:02:27.0098 RDPDR (c5ff95883ffef704d50c40d21cfb3ab5) C:\Windows\system32\drivers\rdpdr.sys
2010/08/07 19:02:27.0270 RDPENCDD (5a53ca1598dd4156d44196d200c94b8a) C:\Windows\system32\drivers\rdpencdd.sys
2010/08/07 19:02:27.0317 RDPREFMP (44b0a53cd4f27d50ed461dae0c0b4e1f) C:\Windows\system32\drivers\rdprefmp.sys
2010/08/07 19:02:27.0363 RDPWD (801371ba9782282892d00aadb08ee367) C:\Windows\system32\drivers\RDPWD.sys
2010/08/07 19:02:27.0426 rdyboost (4ea225bf1cf05e158853f30a99ca29a7) C:\Windows\system32\drivers\rdyboost.sys
2010/08/07 19:02:27.0613 rimmptsk (ea885e7a56f1be1f14c372337c42fe48) C:\Windows\system32\DRIVERS\rimmptsk.sys
2010/08/07 19:02:27.0691 rimsptsk (d7e09bc852684a7b1fc0f74fe090d45a) C:\Windows\system32\DRIVERS\rimsptsk.sys
2010/08/07 19:02:27.0753 rismxdp (b0a7494a9ba7909efac64e05d3f160db) C:\Windows\system32\DRIVERS\rixdptsk.sys
2010/08/07 19:02:28.0003 rspndr (032b0d36ad92b582d869879f5af5b928) C:\Windows\system32\DRIVERS\rspndr.sys
2010/08/07 19:02:28.0065 s3cap (5423d8437051e89dd34749f242c98648) C:\Windows\system32\DRIVERS\vms3cap.sys
2010/08/07 19:02:28.0190 sbp2port (34ee0c44b724e3e4ce2eff29126de5b5) C:\Windows\system32\DRIVERS\sbp2port.sys
2010/08/07 19:02:28.0284 scfilter (a95c54b2ac3cc9c73fcdf9e51a1d6b51) C:\Windows\system32\DRIVERS\scfilter.sys
2010/08/07 19:02:28.0409 sdbus (aa826e35f6d28a8e5d1efeb337f24ba2) C:\Windows\system32\DRIVERS\sdbus.sys
2010/08/07 19:02:28.0533 secdrv (90a3935d05b494a5a39d37e71f09a677) C:\Windows\system32\drivers\secdrv.sys
2010/08/07 19:02:28.0705 Serenum (9ad8b8b515e3df6acd4212ef465de2d1) C:\Windows\system32\DRIVERS\serenum.sys
2010/08/07 19:02:28.0814 Serial (5fb7fcea0490d821f26f39cc5ea3d1e2) C:\Windows\system32\DRIVERS\serial.sys
2010/08/07 19:02:28.0845 sermouse (79bffb520327ff916a582dfea17aa813) C:\Windows\system32\DRIVERS\sermouse.sys
2010/08/07 19:02:28.0955 sffdisk (9f976e1eb233df46fce808d9dea3eb9c) C:\Windows\system32\DRIVERS\sffdisk.sys
2010/08/07 19:02:29.0017 sffp_mmc (932a68ee27833cfd57c1639d375f2731) C:\Windows\system32\DRIVERS\sffp_mmc.sys
2010/08/07 19:02:29.0111 sffp_sd (a0708bbd07d245c06ff9de549ca47185) C:\Windows\system32\DRIVERS\sffp_sd.sys
2010/08/07 19:02:29.0251 sfloppy (db96666cc8312ebc45032f30b007a547) C:\Windows\system32\DRIVERS\sfloppy.sys
2010/08/07 19:02:29.0329 sisagp (2565cac0dc9fe0371bdce60832582b2e) C:\Windows\system32\DRIVERS\sisagp.sys
2010/08/07 19:02:29.0376 SiSRaid2 (a9f0486851becb6dda1d89d381e71055) C:\Windows\system32\DRIVERS\SiSRaid2.sys
2010/08/07 19:02:29.0485 SiSRaid4 (3727097b55738e2f554972c3be5bc1aa) C:\Windows\system32\DRIVERS\sisraid4.sys
2010/08/07 19:02:29.0610 Smb (3e21c083b8a01cb70ba1f09303010fce) C:\Windows\system32\DRIVERS\smb.sys
2010/08/07 19:02:29.0813 spldr (95cf1ae7527fb70f7816563cbc09d942) C:\Windows\system32\drivers\spldr.sys
2010/08/07 19:02:29.0953 srv (50a83ca406c808bd35ac9141a0c7618f) C:\Windows\system32\DRIVERS\srv.sys
2010/08/07 19:02:30.0062 srv2 (dce7e10feaabd4cae95948b3de5340bb) C:\Windows\system32\DRIVERS\srv2.sys
2010/08/07 19:02:30.0265 SrvHsfHDA (e00fdfaff025e94f9821153750c35a6d) C:\Windows\system32\DRIVERS\VSTAZL3.SYS
2010/08/07 19:02:30.0359 SrvHsfV92 (ceb4e3b6890e1e42dca6694d9e59e1a0) C:\Windows\system32\DRIVERS\VSTDPV3.SYS
2010/08/07 19:02:30.0593 SrvHsfWinac (bc0c7ea89194c299f051c24119000e17) C:\Windows\system32\DRIVERS\VSTCNXT3.SYS
2010/08/07 19:02:30.0671 srvnet (bd1433a32792fd0dc450479094fc435a) C:\Windows\system32\DRIVERS\srvnet.sys
2010/08/07 19:02:30.0889 stexstor (db32d325c192b801df274bfd12a7e72b) C:\Windows\system32\DRIVERS\stexstor.sys
2010/08/07 19:02:30.0951 StillCam (edb05bd63148796f23ea78506404a538) C:\Windows\system32\DRIVERS\serscan.sys
2010/08/07 19:02:31.0061 storflt (957e346ca948668f2496a6ccf6ff82cc) C:\Windows\system32\DRIVERS\vmstorfl.sys
2010/08/07 19:02:31.0139 storvsc (d5751969dc3e4b88bf482ac8ec9fe019) C:\Windows\system32\DRIVERS\storvsc.sys
2010/08/07 19:02:31.0279 swenum (e58c78a848add9610a4db6d214af5224) C:\Windows\system32\DRIVERS\swenum.sys
2010/08/07 19:02:31.0404 SynTP (f5d926807bd9bc0af68f9376144de425) C:\Windows\system32\DRIVERS\SynTP.sys
2010/08/07 19:02:31.0700 Tcpip (2cc3d75488abd3ec628bbb9a4fc84efc) C:\Windows\system32\drivers\tcpip.sys
2010/08/07 19:02:31.0856 TCPIP6 (2cc3d75488abd3ec628bbb9a4fc84efc) C:\Windows\system32\DRIVERS\tcpip.sys
2010/08/07 19:02:32.0043 tcpipreg (e64444523add154f86567c469bc0b17f) C:\Windows\system32\drivers\tcpipreg.sys
2010/08/07 19:02:32.0090 TDPIPE (1875c1490d99e70e449e3afae9fcbadf) C:\Windows\system32\drivers\tdpipe.sys
2010/08/07 19:02:32.0137 TDTCP (7551e91ea999ee9a8e9c331d5a9c31f3) C:\Windows\system32\drivers\tdtcp.sys
2010/08/07 19:02:32.0184 tdx (cb39e896a2a83702d1737bfd402b3542) C:\Windows\system32\DRIVERS\tdx.sys
2010/08/07 19:02:32.0277 TermDD (c36f41ee20e6999dbf4b0425963268a5) C:\Windows\system32\DRIVERS\termdd.sys
2010/08/07 19:02:32.0465 tssecsrv (98ae6fa07d12cb4ec5cf4a9bfa5f4242) C:\Windows\system32\DRIVERS\tssecsrv.sys
2010/08/07 19:02:32.0574 tunnel (3e461d890a97f9d4c168f5fda36e1d00) C:\Windows\system32\DRIVERS\tunnel.sys
2010/08/07 19:02:32.0621 uagp35 (750fbcb269f4d7dd2e420c56b795db6d) C:\Windows\system32\DRIVERS\uagp35.sys
2010/08/07 19:02:32.0761 udfs (09cc3e16f8e5ee7168e01cf8fcbe061a) C:\Windows\system32\DRIVERS\udfs.sys
2010/08/07 19:02:32.0855 uliagpkx (44e8048ace47befbfdc2e9be4cbc8880) C:\Windows\system32\DRIVERS\uliagpkx.sys
2010/08/07 19:02:32.0948 umbus (049b3a50b3d646baeeee9eec9b0668dc) C:\Windows\system32\DRIVERS\umbus.sys
2010/08/07 19:02:33.0011 UmPass (7550ad0c6998ba1cb4843e920ee0feac) C:\Windows\system32\DRIVERS\umpass.sys
2010/08/07 19:02:33.0135 usbaudio (2436a42aab4ad48a9b714e5b0f344627) C:\Windows\system32\drivers\usbaudio.sys
2010/08/07 19:02:33.0182 usbccgp (8455c4ed038efd09e99327f9d2d48ffa) C:\Windows\system32\DRIVERS\usbccgp.sys
2010/08/07 19:02:33.0276 usbcir (04ec7cec62ec3b6d9354eee93327fc82) C:\Windows\system32\DRIVERS\usbcir.sys
2010/08/07 19:02:33.0354 usbehci (ff32d4f3ec3c68b2ca61782c7964f54e) C:\Windows\system32\DRIVERS\usbehci.sys
2010/08/07 19:02:33.0432 usbhub (b0dfc7b484e0ca0c27bda5433b82d94a) C:\Windows\system32\DRIVERS\usbhub.sys
2010/08/07 19:02:33.0463 usbohci (a6fb7957ea7afb1165991e54ce934b74) C:\Windows\system32\DRIVERS\usbohci.sys
2010/08/07 19:02:33.0572 usbprint (797d862fe0875e75c7cc4c1ad7b30252) C:\Windows\system32\DRIVERS\usbprint.sys
2010/08/07 19:02:33.0619 USBSTOR (d8889d56e0d27e57ed4591837fe71d27) C:\Windows\system32\DRIVERS\USBSTOR.SYS
2010/08/07 19:02:33.0713 usbuhci (78780c3ebce17405b1ccd07a3a8a7d72) C:\Windows\system32\DRIVERS\usbuhci.sys
2010/08/07 19:02:33.0822 VClone (1cdaa48cb2f7744b8d25650e050766a5) C:\Windows\system32\DRIVERS\VClone.sys
2010/08/07 19:02:33.0869 vdrvroot (a059c4c3edb09e07d21a8e5c0aabd3cb) C:\Windows\system32\DRIVERS\vdrvroot.sys
2010/08/07 19:02:33.0993 vga (17c408214ea61696cec9c66e388b14f3) C:\Windows\system32\DRIVERS\vgapnp.sys
2010/08/07 19:02:34.0071 VgaSave (8e38096ad5c8570a6f1570a61e251561) C:\Windows\System32\drivers\vga.sys
2010/08/07 19:02:34.0118 vhdmp (3be6e1f3a4f1afec8cee0d7883f93583) C:\Windows\system32\DRIVERS\vhdmp.sys
2010/08/07 19:02:34.0227 viaagp (c829317a37b4bea8f39735d4b076e923) C:\Windows\system32\DRIVERS\viaagp.sys
2010/08/07 19:02:34.0305 ViaC7 (e02f079a6aa107f06b16549c6e5c7b74) C:\Windows\system32\DRIVERS\viac7.sys
2010/08/07 19:02:34.0352 viaide (e43574f6a56a0ee11809b48c09e4fd3c) C:\Windows\system32\DRIVERS\viaide.sys
2010/08/07 19:02:34.0399 vmbus (379b349f65f453d2a6e75ea6b7448e49) C:\Windows\system32\DRIVERS\vmbus.sys
2010/08/07 19:02:34.0493 VMBusHID (ec2bbab4b84d0738c6c83d2234dc36fe) C:\Windows\system32\DRIVERS\VMBusHID.sys
2010/08/07 19:02:34.0602 volmgr (384e5a2aa49934295171e499f86ba6f3) C:\Windows\system32\DRIVERS\volmgr.sys
2010/08/07 19:02:34.0664 volmgrx (b5bb72067ddddbbfb04b2f89ff8c3c87) C:\Windows\system32\drivers\volmgrx.sys
2010/08/07 19:02:34.0789 volsnap (58df9d2481a56edde167e51b334d44fd) C:\Windows\system32\DRIVERS\volsnap.sys
2010/08/07 19:02:34.0883 vsmraid (9dfa0cc2f8855a04816729651175b631) C:\Windows\system32\DRIVERS\vsmraid.sys
2010/08/07 19:02:34.0945 vwifibus (90567b1e658001e79d7c8bbd3dde5aa6) C:\Windows\system32\DRIVERS\vwifibus.sys
2010/08/07 19:02:35.0070 vwififlt (7090d3436eeb4e7da3373090a23448f7) C:\Windows\system32\DRIVERS\vwififlt.sys
2010/08/07 19:02:35.0132 WacomPen (de3721e89c653aa281428c8a69745d90) C:\Windows\system32\DRIVERS\wacompen.sys
2010/08/07 19:02:35.0226 WANARP (692a712062146e96d28ba0b7d75de31b) C:\Windows\system32\DRIVERS\wanarp.sys
2010/08/07 19:02:35.0241 Wanarpv6 (692a712062146e96d28ba0b7d75de31b) C:\Windows\system32\DRIVERS\wanarp.sys
2010/08/07 19:02:35.0413 Wd (1112a9badacb47b7c0bb0392e3158dff) C:\Windows\system32\DRIVERS\wd.sys
2010/08/07 19:02:35.0460 Wdf01000 (9950e3d0f08141c7e89e64456ae7dc73) C:\Windows\system32\drivers\Wdf01000.sys
2010/08/07 19:02:35.0631 WfpLwf (8b9a943f3b53861f2bfaf6c186168f79) C:\Windows\system32\DRIVERS\wfplwf.sys
2010/08/07 19:02:35.0709 WIMMount (5cf95b35e59e2a38023836fff31be64c) C:\Windows\system32\drivers\wimmount.sys
2010/08/07 19:02:35.0803 winachsf (e096ffb754f1e45ae1bddac1275ae2c5) C:\Windows\system32\DRIVERS\HSX_CNXT.sys
2010/08/07 19:02:36.0053 WinUsb (30fc6e5448d0cbaaa95280eeef7fedae) C:\Windows\system32\DRIVERS\WinUsb.sys
2010/08/07 19:02:36.0162 WmiAcpi (0217679b8fca58714c3bf2726d2ca84e) C:\Windows\system32\DRIVERS\wmiacpi.sys
2010/08/07 19:02:36.0255 ws2ifsl (6db3276587b853bf886b69528fdb048c) C:\Windows\system32\drivers\ws2ifsl.sys
2010/08/07 19:02:36.0349 WudfPf (6f9b6c0c93232cff47d0f72d6db1d21e) C:\Windows\system32\drivers\WudfPf.sys
2010/08/07 19:02:36.0474 WUDFRd (f91ff1e51fca30b3c3981db7d5924252) C:\Windows\system32\DRIVERS\WUDFRd.sys
2010/08/07 19:02:36.0599 XAudio (19e7c173b6242ad7521e537ae54768bf) C:\Windows\system32\DRIVERS\xaudio.sys
2010/08/07 19:02:36.0770 xusb21 (c26c68bcbac1f33f890c226769759209) C:\Windows\system32\DRIVERS\xusb21.sys
2010/08/07 19:02:36.0833 ================================================================================
2010/08/07 19:02:36.0833 Scan finished
2010/08/07 19:02:36.0833 ================================================================================
2010/08/07 19:02:36.0864 Detected object count: 1
2010/08/07 19:02:43.0977 nvstor (fcc8ed8b939ec2a923cc90f7eeb12954) C:\Windows\system32\DRIVERS\nvstor.sys
2010/08/07 19:02:43.0977 Suspicious file (Forged): C:\Windows\system32\DRIVERS\nvstor.sys. Real md5: fcc8ed8b939ec2a923cc90f7eeb12954, Fake md5: c99f251a5de63c6f129cf71933aced0f
2010/08/07 19:02:44.0102 Backup copy found, using it..
2010/08/07 19:02:44.0196 C:\Windows\system32\DRIVERS\nvstor.sys - will be cured after reboot
2010/08/07 19:02:44.0196 Rootkit.Win32.TDSS.tdl3(nvstor) - User select action: Cure
2010/08/07 19:03:24.0896 Deinitialize success

Edited by Mister Sam, 07 August 2010 - 06:26 PM.


#4 JSntgRvr

JSntgRvr

    Master Surgeon General


  • Malware Response Team
  • 11,635 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto Rico
  • Local time:11:46 PM

Posted 07 August 2010 - 07:03 PM

There are a few suspicious files running. We got one down a few to go.

Please download Malwarebytes' Anti-Malware from Here. Never download Malwarebytes' Anti-Malware from other sources.

Double Click mbam-setup.exe to install the application.
  • Make sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes' Anti-Malware, then click Finish.
  • If an update is found, it will download and install the latest version.
  • Once the program has loaded, select "Perform Quick Scan", then click Scan.
  • The scan may take some time to finish,so please be patient.
  • When the scan is complete, click OK, then Show Results to view the results.
  • Make sure that everything is checked, and click Remove Selected.
  • When disinfection is completed, a log will open in Notepad and you may be prompted to Restart.(See Extra Note)
  • The log is automatically saved by MBAM and can be viewed by clicking the Logs tab in MBAM.
  • Copy&Paste the entire report in your next reply.
Extra Note:

If MBAM encounters a file that is difficult to remove,you will be presented with 1 of 2 prompts,click OK to either and let MBAM proceed with the disinfection process. If asked to restart the computer, please do so immediatly.

Please download ComboFix from Here or Here to your Desktop.

**Note: In the event you already have Combofix, this is a new version that I need you to download. It is important that it is saved directly to your desktop**
  1. Please, never rename Combofix unless instructed.
  2. Close any open browsers.
  3. Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.
    -----------------------------------------------------------
    • Very Important! Temporarily disable your anti-virus, script blocking and any anti-malware real-time protection before performing a scan. They can interfere with ComboFix or remove some of its embedded files which may cause "unpredictable results".
    • Click on this link to see a list of programs that should be disabled. The list is not all inclusive. If yours is not listed and you don't know how to disable it, please ask.
      -----------------------------------------------------------
    • Close any open browsers.
    • WARNING: Combofix will disconnect your machine from the Internet as soon as it starts
    • Please do not attempt to re-connect your machine back to the Internet until Combofix has completely finished.
    • If there is no internet connection after running Combofix, then restart your computer to restore back your connection.
    -----------------------------------------------------------
  4. Double click on combofix.exe & follow the prompts.
  5. Install the Recovery Console if prompted.
  6. When finished, it will produce a report for you.
  7. Please post the "C:\ComboFix.txt" .
**Note: Do not mouseclick combofix's window while it's running. That may cause it to stall**

Note: ComboFix may reset a number of Internet Explorer's settings, including making it the default browser.
Note: Combofix prevents autorun of ALL CDs, floppies and USB devices to assist with malware removal & increase security.

Please do not install any new programs or update anything (always allow your antivirus/antispyware to update) unless told to do so while we are fixing your problem. If combofix alerts to a new version and offers to update, please let it. It is essential we always use the latest version.

No request for help throughout private messaging will be attended.

If I have helped you, consider making a donation to help me continue the fight against Malware!
btn_donate_SM.gif


#5 Mister Sam

Mister Sam
  • Topic Starter

  • Members
  • 7 posts
  • OFFLINE
  •  
  • Local time:11:46 PM

Posted 07 August 2010 - 10:44 PM

Malwarebytes' Anti-Malware 1.46
www.malwarebytes.org

Database version: 4404

Windows 6.1.7600
Internet Explorer 8.0.7600.16385

8/7/2010 11:44:12 PM
mbam-log-2010-08-07 (23-44-12).txt

Scan type: Quick scan
Objects scanned: 132664
Time elapsed: 11 minute(s), 43 second(s)

Memory Processes Infected: 1
Memory Modules Infected: 0
Registry Keys Infected: 1
Registry Values Infected: 1
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 72

Memory Processes Infected:
C:\Users\Sam\AppData\Local\Temp\m.248D3.tmp.exe (Trojan.FakeAlert) -> Unloaded process successfully.

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Uninstall\Desktop Security (Rogue.DesktopSecurity) -> Quarantined and deleted successfully.

Registry Values Infected:
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\hvhfp9usddwr (Trojan.FakeAlert) -> Quarantined and deleted successfully.

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
C:\Users\Sam\AppData\Local\Temp\jofcdks.exe (Rogue.DesktopSecurity) -> Quarantined and deleted successfully.
C:\Users\Sam\AppData\Local\Temp\kgn.exe (Rogue.DesktopSecurity) -> Quarantined and deleted successfully.
C:\Users\Sam\AppData\Local\Temp\kilslmd.exex (Rogue.DesktopSecurity) -> Quarantined and deleted successfully.
C:\Users\Sam\AppData\Local\Temp\kjdh_gf_jjdhgd.exe (Rogue.DesktopSecurity) -> Quarantined and deleted successfully.
C:\Users\Sam\AppData\Local\Temp\kjh102k3.exe (Rogue.DesktopSecurity) -> Quarantined and deleted successfully.
C:\Users\Sam\AppData\Local\Temp\kock.exe (Rogue.DesktopSecurity) -> Quarantined and deleted successfully.
C:\Users\Sam\AppData\Local\Temp\poertd.exe (Rogue.DesktopSecurity) -> Quarantined and deleted successfully.
C:\Users\Sam\AppData\Local\Temp\ppddfcfux.exxe (Rogue.DesktopSecurity) -> Quarantined and deleted successfully.
C:\Users\Sam\AppData\Local\Temp\pswwg3c.exe (Rogue.DesktopSecurity) -> Quarantined and deleted successfully.
C:\Users\Sam\AppData\Local\Temp\02c9c3c35bdx5.exe (Rogue.DesktopSecurity) -> Quarantined and deleted successfully.
C:\Users\Sam\AppData\Local\Temp\17dkf.exe (Rogue.DesktopSecurity) -> Quarantined and deleted successfully.
C:\Users\Sam\AppData\Local\Temp\472a10e2ebxd9.exe (Rogue.DesktopSecurity) -> Quarantined and deleted successfully.
C:\Users\Sam\AppData\Local\Temp\56493.exe (Rogue.DesktopSecurity) -> Quarantined and deleted successfully.
C:\Users\Sam\AppData\Local\Temp\8gmsed-bd.exe (Rogue.DesktopSecurity) -> Quarantined and deleted successfully.
C:\Users\Sam\AppData\Local\Temp\warsddd_w.exe (Rogue.DesktopSecurity) -> Quarantined and deleted successfully.
C:\Users\Sam\AppData\Local\Temp\htfad4.exe (Rogue.DesktopSecurity) -> Quarantined and deleted successfully.
C:\Users\Sam\AppData\Local\Temp\hvipws9.exe (Rogue.DesktopSecurity) -> Quarantined and deleted successfully.
C:\Users\Sam\AppData\Local\Temp\jdhellwo3.exe (Rogue.DesktopSecurity) -> Quarantined and deleted successfully.
C:\Users\Sam\AppData\Local\Temp\wqefqw7e.exe (Rogue.DesktopSecurity) -> Quarantined and deleted successfully.
C:\Users\Sam\AppData\Local\Temp\wrcud12.exe (Rogue.DesktopSecurity) -> Quarantined and deleted successfully.
C:\Users\Sam\AppData\Local\Temp\wrfwe_di.exe (Rogue.DesktopSecurity) -> Quarantined and deleted successfully.
C:\Users\Sam\AppData\Local\Temp\aqfitrlxi2.exe (Rogue.DesktopSecurity) -> Quarantined and deleted successfully.
C:\Users\Sam\AppData\Local\Temp\backd-efq.exe (Rogue.DesktopSecurity) -> Quarantined and deleted successfully.
C:\Users\Sam\AppData\Local\Temp\brdss.exe (Rogue.DesktopSecurity) -> Quarantined and deleted successfully.
C:\Users\Sam\AppData\Local\Temp\bzqa43d.exe (Rogue.DesktopSecurity) -> Quarantined and deleted successfully.
C:\Users\Sam\AppData\Local\Temp\gedx_ae09.exe (Rogue.DesktopSecurity) -> Quarantined and deleted successfully.
C:\Users\Sam\AppData\Local\Temp\gpupz2a.exe (Rogue.DesktopSecurity) -> Quarantined and deleted successfully.
C:\Users\Sam\AppData\Local\Temp\hardwh.exe (Rogue.DesktopSecurity) -> Quarantined and deleted successfully.
C:\Users\Sam\AppData\Local\Temp\hhbboll_2.exe (Rogue.DesktopSecurity) -> Quarantined and deleted successfully.
C:\Users\Sam\AppData\Local\Temp\hiphop.exe (Rogue.DesktopSecurity) -> Quarantined and deleted successfully.
C:\Users\Sam\AppData\Local\Temp\hodeme.exe (Rogue.DesktopSecurity) -> Quarantined and deleted successfully.
C:\Users\Sam\AppData\Local\Temp\cocksucker.exe (Rogue.DesktopSecurity) -> Quarantined and deleted successfully.
C:\Users\Sam\AppData\Local\Temp\cosock.exe (Rogue.DesktopSecurity) -> Quarantined and deleted successfully.
C:\Users\Sam\AppData\Local\Temp\cunifuc.exe (Rogue.DesktopSecurity) -> Quarantined and deleted successfully.
C:\Users\Sam\AppData\Local\Temp\dc_3.exe (Rogue.DesktopSecurity) -> Quarantined and deleted successfully.
C:\Users\Sam\AppData\Local\Temp\dd10x10.exe (Rogue.DesktopSecurity) -> Quarantined and deleted successfully.
C:\Users\Sam\AppData\Local\Temp\ddhelp.exe (Rogue.DesktopSecurity) -> Quarantined and deleted successfully.
C:\Users\Sam\AppData\Local\Temp\ddoll3342.exe (Rogue.DesktopSecurity) -> Quarantined and deleted successfully.
C:\Users\Sam\AppData\Local\Temp\snowif.exe (Rogue.DesktopSecurity) -> Quarantined and deleted successfully.
C:\Users\Sam\AppData\Local\Temp\ae0965a7157cd.exe (Rogue.DesktopSecurity) -> Quarantined and deleted successfully.
C:\Users\Sam\AppData\Local\Temp\al3erfa3.exe (Rogue.DesktopSecurity) -> Quarantined and deleted successfully.
C:\Users\Sam\AppData\Local\Temp\aler3fa.exe (Rogue.DesktopSecurity) -> Quarantined and deleted successfully.
C:\Users\Sam\AppData\Local\Temp\alerfa.exe (Rogue.DesktopSecurity) -> Quarantined and deleted successfully.
C:\Users\Sam\AppData\Local\Temp\alerfa322.exe (Rogue.DesktopSecurity) -> Quarantined and deleted successfully.
C:\Users\Sam\AppData\Local\Temp\ploper.exe (Rogue.DesktopSecurity) -> Quarantined and deleted successfully.
C:\Users\Sam\AppData\Local\Temp\ds7hw.exe (Rogue.DesktopSecurity) -> Quarantined and deleted successfully.
C:\Users\Sam\AppData\Local\Temp\eelnvd13.exe (Rogue.DesktopSecurity) -> Quarantined and deleted successfully.
C:\Users\Sam\AppData\Local\Temp\eephilpe.exe (Rogue.DesktopSecurity) -> Quarantined and deleted successfully.
C:\Users\Sam\AppData\Local\Temp\exppdf_w.exe (Rogue.DesktopSecurity) -> Quarantined and deleted successfully.
C:\Users\Sam\AppData\Local\Temp\rator.exe (Rogue.DesktopSecurity) -> Quarantined and deleted successfully.
C:\Users\Sam\AppData\Local\Temp\rtfme.exe (Rogue.DesktopSecurity) -> Quarantined and deleted successfully.
C:\Users\Sam\AppData\Local\Temp\safe.exe (Rogue.DesktopSecurity) -> Quarantined and deleted successfully.
C:\Users\Sam\AppData\Local\Temp\fe.exe (Rogue.DesktopSecurity) -> Quarantined and deleted successfully.
C:\Users\Sam\AppData\Local\Temp\format.exe (Rogue.DesktopSecurity) -> Quarantined and deleted successfully.
C:\Users\Sam\AppData\Local\Temp\sycre.exe (Rogue.DesktopSecurity) -> Quarantined and deleted successfully.
C:\Users\Sam\AppData\Local\Temp\test.exe (Rogue.DesktopSecurity) -> Quarantined and deleted successfully.
C:\Users\Sam\AppData\Local\Temp\timem.exe (Rogue.DesktopSecurity) -> Quarantined and deleted successfully.
C:\Users\Sam\AppData\Local\Temp\destroyer.exe (Rogue.DesktopSecurity) -> Quarantined and deleted successfully.
C:\Users\Sam\AppData\Local\Temp\dkfjd93.exe (Rogue.DesktopSecurity) -> Quarantined and deleted successfully.
C:\Users\Sam\AppData\Local\Temp\qwedvor.exe (Rogue.DesktopSecurity) -> Quarantined and deleted successfully.
C:\Users\Sam\AppData\Local\Temp\qwklrvjhqlkj.exe (Rogue.DesktopSecurity) -> Quarantined and deleted successfully.
C:\Users\Sam\AppData\Local\Temp\r0life.exe (Rogue.DesktopSecurity) -> Quarantined and deleted successfully.
C:\Users\Sam\AppData\Local\Temp\wergfq.exe (Rogue.DesktopSecurity) -> Quarantined and deleted successfully.
C:\Users\Sam\AppData\Local\Temp\winlogoff.exe (Rogue.DesktopSecurity) -> Quarantined and deleted successfully.
C:\Users\Sam\AppData\Local\Temp\lols.exe (Rogue.DesktopSecurity) -> Quarantined and deleted successfully.
C:\Users\Sam\AppData\Local\Temp\lorsk.exe (Rogue.DesktopSecurity) -> Quarantined and deleted successfully.
C:\Windows\System32\certstore.dat (Trojan.Agent) -> Quarantined and deleted successfully.
C:\Users\Sam\AppData\Local\Temp\m.248D3.tmp.exe (Trojan.FakeAlert) -> Quarantined and deleted successfully.
C:\Users\Sam\AppData\Roaming\Desktop Security\securityhelper.exe (Rogue.DesktopSecurity) -> Quarantined and deleted successfully.
C:\Users\Sam\AppData\Roaming\Desktop Security\taskmgr.dll (Rogue.DesktopSecurity) -> Quarantined and deleted successfully.
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Desktop Security.LNK (Rogue.DesktopSecurity) -> Quarantined and deleted successfully.
C:\Users\Sam\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Desktop Security.LNK (Rogue.DesktopSecurity) -> Quarantined and deleted successfully.


#6 Mister Sam

Mister Sam
  • Topic Starter

  • Members
  • 7 posts
  • OFFLINE
  •  
  • Local time:11:46 PM

Posted 07 August 2010 - 11:53 PM

ComboFix 10-08-07.01 - Sam 08/08/2010 0:20.2.2 - x86
Microsoft Windows 7 Ultimate 6.1.7600.0.1252.1.1033.18.2687.1800 [GMT -4:00]
Running from: c:\users\Sam\Desktop\ComboFix.exe
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\users\Sam\AppData\Local\key.exe
c:\users\Sam\AppData\Local\Keygenerator.exe
c:\windows\pthreadGC2.dll

.
((((((((((((((((((((((((( Files Created from 2010-07-08 to 2010-08-08 )))))))))))))))))))))))))))))))
.

2010-08-08 04:31 . 2010-08-08 04:31 -------- d-----w- c:\users\Default\AppData\Local\temp
2010-08-08 04:18 . 2010-08-08 04:19 -------- d-----w- C:\32788R22FWJFW
2010-08-08 02:39 . 2010-08-08 02:39 -------- d-----w- c:\users\Sam\AppData\Roaming\Malwarebytes
2010-08-08 02:39 . 2010-04-29 19:39 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2010-08-08 02:39 . 2010-08-08 02:39 -------- d-----w- c:\programdata\Malwarebytes
2010-08-08 02:39 . 2010-04-29 19:39 20952 ----a-w- c:\windows\system32\drivers\mbam.sys
2010-08-08 02:39 . 2010-08-08 03:30 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2010-08-07 21:21 . 2010-08-08 03:44 -------- d-----w- c:\users\Sam\AppData\Roaming\Desktop Security
2010-08-02 08:25 . 2010-08-03 16:02 -------- d-----w- c:\program files\StarCraft II
2010-08-02 08:25 . 2010-08-02 09:23 -------- d-----w- c:\programdata\Blizzard Entertainment
2010-08-02 08:25 . 2010-08-02 09:10 -------- d-----w- c:\program files\Common Files\Blizzard Entertainment
2010-07-28 23:45 . 2010-07-28 23:45 142416 ----a-w- c:\windows\system32\drivers\yqadxupj.sys
2010-07-28 10:41 . 2010-07-28 23:46 -------- d-----w- c:\windows\system32\MpEngineStore
2010-07-28 10:13 . 2009-03-06 15:52 797216 ----a-w- c:\windows\system32\nvcplui.exe
2010-07-28 10:13 . 2009-03-06 15:52 1108512 ----a-w- c:\windows\system32\nvcpluir.dll
2010-07-28 10:06 . 2010-07-28 10:06 -------- d-----w- c:\program files\Microsoft.NET
2010-07-28 09:52 . 2009-02-04 09:45 453152 ----a-w- c:\windows\system32\NVUNINST.EXE
2010-07-28 08:25 . 2010-07-28 08:27 -------- d-----w- C:\6c27a364b56f68833a31841522
2010-07-28 08:25 . 2010-07-28 08:41 -------- d-----w- C:\SwSetup
2010-07-27 18:46 . 2010-07-27 18:46 -------- d-----w- c:\users\Sam\AppData\Local\Apps
2010-07-21 21:27 . 2010-07-21 21:27 -------- d-----w- c:\program files\Common Files\Skype
2010-07-15 03:28 . 2010-07-15 03:28 -------- d-----w- c:\users\Sam\AppData\Local\ESET
2010-07-15 02:54 . 2010-07-15 02:54 -------- d-----w- c:\program files\ESET

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-08-07 23:04 . 2009-06-10 21:19 142416 ----a-w- c:\windows\system32\drivers\nvstor.sys
2010-08-07 22:56 . 2010-08-07 22:56 0 ---ha-w- c:\windows\system32\drivers\Msft_User_WpdFs_01_09_00.Wdf
2010-08-07 19:55 . 2010-08-07 21:21 1611776 ----a-w- c:\users\Sam\AppData\Roaming\Desktop Security\Desktop Security 2010.exe
2010-08-07 11:23 . 2009-11-21 06:03 -------- d-----w- c:\program files\uTorrent
2010-08-05 19:31 . 2010-06-01 02:39 -------- d-----w- c:\program files\Digsby
2010-08-05 03:51 . 2010-02-01 05:40 -------- d-----w- c:\program files\Battle for Wesnoth 1.7.12-1.8beta5
2010-08-03 06:48 . 2009-09-12 22:19 -------- d-----w- c:\users\Sam\AppData\Roaming\vlc
2010-08-03 05:34 . 2009-10-23 05:50 188152 ----a-w- c:\users\Sam\AppData\Roaming\Mozilla\Firefox\Profiles\97axlzq1.default\FlashGot.exe
2010-08-02 10:00 . 2010-01-27 19:07 -------- d-----w- c:\users\Sam\AppData\Roaming\Skype
2010-08-02 09:23 . 2010-08-02 09:23 47364 ----a-w- c:\programdata\Blizzard Entertainment\Battle.net\Cache\Download\Scan.dll
2010-08-02 04:01 . 2010-01-27 19:09 -------- d-----w- c:\users\Sam\AppData\Roaming\skypePM
2010-07-28 10:40 . 2009-09-12 10:17 -------- d-----w- c:\programdata\NVIDIA
2010-07-27 06:34 . 2009-09-13 00:16 -------- d-----w- c:\program files\MediaMonkey
2010-07-20 01:31 . 2010-01-08 06:37 -------- d-----w- c:\program files\Steam
2010-07-15 02:14 . 2009-09-12 15:46 119024 ----a-w- c:\users\Sam\AppData\Local\GDIPFONTCACHEV1.DAT
2010-07-14 21:15 . 2010-06-14 03:42 208144 ---ha-w- c:\windows\system32\mlfcache.dat
2010-07-11 00:01 . 2009-09-14 00:25 -------- d-----w- c:\programdata\Microsoft Help
2010-07-11 00:00 . 2009-07-14 04:52 -------- d-----w- c:\program files\MSBuild
2010-06-30 15:07 . 2009-07-14 02:37 -------- d-----w- c:\program files\Windows Mail
2010-06-30 14:48 . 2010-06-30 14:48 -------- d-----w- c:\programdata\LogiShrd
2010-06-30 14:45 . 2010-06-30 14:40 -------- d-----w- c:\program files\Common Files\logishrd
2010-06-30 14:44 . 2010-06-30 14:44 -------- d-----w- c:\users\Sam\AppData\Roaming\Leadertech
2010-06-30 14:44 . 2010-06-30 14:44 53248 ----a-r- c:\users\Sam\AppData\Roaming\Microsoft\Installer\{3EE9BCAE-E9A9-45E5-9B1C-83A4D357E05C}\ARPPRODUCTICON.exe
2010-06-30 14:44 . 2010-06-30 14:43 -------- d-----w- c:\program files\Logitech
2010-06-30 14:43 . 2010-06-30 14:43 -------- d-----w- c:\programdata\Logitech
2010-06-30 14:43 . 2010-06-30 14:43 -------- d-----w- c:\program files\Common Files\LWS
2010-06-24 13:04 . 2010-06-24 13:04 136120 ----a-w- c:\windows\system32\drivers\eamonm.sys
2010-06-21 02:31 . 2010-02-15 17:27 -------- d-----w- c:\program files\Common Files\InstallShield
2010-06-21 02:28 . 2010-02-15 17:29 -------- d--h--w- c:\program files\InstallShield Installation Information
2010-05-27 07:24 . 2010-06-21 02:25 34304 ----a-w- c:\windows\system32\atmlib.dll
2010-05-27 03:49 . 2010-06-21 02:25 293888 ----a-w- c:\windows\system32\atmfd.dll
2010-05-21 18:14 . 2009-10-03 21:54 221568 ------w- c:\windows\system32\MpSigStub.exe
2010-05-21 05:18 . 2010-06-21 02:30 977920 ----a-w- c:\windows\system32\wininet.dll
2010-05-17 04:13 . 2010-01-30 23:11 38784 ----a-w- c:\users\Sam\AppData\Roaming\Macromedia\Flash Player\www.macromedia.com\bin\airappinstaller\airappinstaller.exe
2010-05-17 04:13 . 2010-01-30 23:10 38784 ----a-w- c:\users\Default\AppData\Roaming\Macromedia\Flash Player\www.macromedia.com\bin\airappinstaller\airappinstaller.exe
2010-05-15 02:04 . 2010-05-15 02:04 6842592 ----a-w- c:\windows\system32\drivers\lvuvc.sys
2010-05-15 02:03 . 2010-05-15 02:03 539232 ----a-w- c:\windows\system32\LVUI2RC.dll
2010-05-15 02:03 . 2010-05-15 02:03 543328 ----a-w- c:\windows\system32\LVUI2.dll
2010-05-15 02:02 . 2010-05-15 02:02 276448 ----a-w- c:\windows\system32\drivers\lvrs.sys
2010-05-15 02:02 . 2010-05-15 02:02 114784 ----a-w- c:\windows\system32\drivers\lvpopflt.sys
2010-05-15 01:59 . 2010-05-15 01:59 203360 ----a-w- c:\windows\system32\lvci1301783.dll
2010-05-15 01:59 . 2010-05-15 01:59 416352 ----a-w- c:\windows\system32\lvcodec2.dll
2010-05-15 01:56 . 2010-05-15 01:56 10830680 ----a-w- c:\windows\system32\LogiDPP.dll
2010-05-15 01:56 . 2010-05-15 01:56 102744 ----a-w- c:\windows\system32\LogiDPPApp.exe
2010-05-15 01:55 . 2010-05-15 01:55 290648 ----a-w- c:\windows\system32\DevManagerCore.dll
2010-05-15 01:46 . 2010-05-15 01:46 37518 ----a-w- c:\windows\system32\Repository.reg
2010-05-12 20:42 . 2010-05-12 20:42 46904 ----a-w- c:\programdata\Logitech\LWS\PrivacyShades\LWS_PrivacyShade_Uninstall.exe
2009-05-01 21:02 . 2009-05-01 21:02 1044480 ----a-w- c:\program files\mozilla firefox\plugins\libdivx.dll
2009-05-01 21:02 . 2009-05-01 21:02 200704 ----a-w- c:\program files\mozilla firefox\plugins\ssldivx.dll
2009-06-10 21:26 . 2009-07-14 02:04 9633792 --sha-r- c:\windows\Fonts\StaticCache.dat
2009-07-14 01:14 . 2009-07-13 23:42 396800 --sha-w- c:\windows\winsxs\x86_microsoft-windows-mail-app_31bf3856ad364e35_6.1.7600.16385_none_f12e83abb108c86c\WinMail.exe
.

------- Sigcheck -------

[-] 2010-03-14 . 7BD7F45FF37FA0669CD32CA0EF46E22C . 811520 . . [6.1.7600.16385] . . c:\windows\System32\user32.dll
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{998A3C0C-8914-4D2A-AE36-BFA2E5AE6D5D}]
2010-06-01 02:40 638976 ----a-w- c:\program files\Digsby Donates\ShoppingBHO.dll

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Desktop Security"="c:\users\Sam\AppData\Roaming\Desktop Security\Desktop Security 2010.exe" [2010-08-07 1611776]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2010-06-20 35760]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2010-06-09 976832]
"LWS"="c:\program files\Logitech\LWS\Webcam Software\LWS.exe" [2010-05-07 165208]
"egui"="c:\program files\ESET\ESET NOD32 Antivirus\egui.exe" [2010-06-24 2202704]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2009-03-06 13605408]
"NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2009-03-06 92704]
"tipresxSystem"="c:\program files\Common Files\microsoft shared\ink\pl-PL\operacyjnytipresx.exe" [2010-08-07 163328]

c:\users\Sam\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
Digsby.lnk - c:\program files\Digsby\digsby.exe [2010-3-3 141488]
JDownloader.exe.lnk - c:\users\Sam\Downloads\JDownloader 0.8.9\JDownloader.exe [2009-10-21 214528]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 0 (0x0)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableLUA"= 0 (0x0)
"EnableUIADesktopToggle"= 0 (0x0)
"PromptOnSecureDesktop"= 0 (0x0)

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"aux1"=wdmaud.drv

[HKLM\~\startupfolder\C:^Users^Sam^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^JDownloader.lnk]
path=c:\users\Sam\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\JDownloader.lnk
backup=c:\windows\pss\JDownloader.lnk.Startup
backupExtension=.Startup

[HKLM\~\startupfolder\C:^Users^Sam^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^OneNote 2007 Screen Clipper and Launcher.lnk]
path=c:\users\Sam\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OneNote 2007 Screen Clipper and Launcher.lnk
backup=c:\windows\pss\OneNote 2007 Screen Clipper and Launcher.lnk.Startup
backupExtension=.Startup

[HKLM\~\startupfolder\C:^Users^Sam^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^Pidgin.lnk]
path=c:\users\Sam\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Pidgin.lnk
backup=c:\windows\pss\Pidgin.lnk.Startup
backupExtension=.Startup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe ARM]
2010-06-09 08:06 976832 ----a-w- c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher]
2010-06-20 02:04 35760 ----a-w- c:\program files\Adobe\Reader 9.0\Reader\reader_sl.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\CloneCDTray]
2006-09-28 19:21 57344 ----a-w- c:\program files\SlySoft\CloneCD\CloneCDTray.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NvCplDaemon]
2009-03-06 15:52 13605408 ----a-w- c:\windows\System32\nvcpl.dll

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NvMediaCenter]
2009-03-06 15:52 92704 ----a-w- c:\windows\System32\nvmctray.dll

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Sidebar]
2009-07-14 01:14 1173504 ----a-w- c:\program files\Windows Sidebar\sidebar.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Skype]
2010-05-13 21:57 26192168 ----a-r- c:\program files\Skype\Phone\Skype.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Steam]
2010-07-20 01:30 1238352 ----a-w- c:\program files\Steam\Steam.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
2009-09-12 20:05 148888 ----a-w- c:\program files\Java\jre6\bin\jusched.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SynTPEnh]
2008-03-28 09:05 1045800 ----a-w- c:\program files\Synaptics\SynTP\SynTPEnh.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\VirtualCloneDrive]
2009-05-26 22:31 85160 ----a-w- c:\program files\Elaborate Bytes\VirtualCloneDrive\VCDDaemon.exe

R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]
R2 gupdate1ca9f7463c53bfc;Google Update Service (gupdate1ca9f7463c53bfc);c:\program files\Google\Update\GoogleUpdate.exe [2010-01-27 133104]
R3 dc3d;MS Hardware Device Detection Driver (HID);c:\windows\system32\DRIVERS\dc3d.sys [2009-11-04 17408]
R3 SrvHsfHDA;SrvHsfHDA;c:\windows\system32\DRIVERS\VSTAZL3.SYS [2009-07-13 207360]
R3 SrvHsfV92;SrvHsfV92;c:\windows\system32\DRIVERS\VSTDPV3.SYS [2009-07-13 980992]
R3 SrvHsfWinac;SrvHsfWinac;c:\windows\system32\DRIVERS\VSTCNXT3.SYS [2009-07-13 661504]
R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe [2010-02-23 1343400]
S1 ehdrv;ehdrv;c:\windows\system32\DRIVERS\ehdrv.sys [2010-04-28 114984]
S1 vwififlt;Virtual WiFi Filter Driver;c:\windows\system32\DRIVERS\vwififlt.sys [2009-07-13 48128]
S2 eamonm;eamonm;c:\windows\system32\DRIVERS\eamonm.sys [2010-06-24 136120]
S2 ekrn;ESET Service;c:\program files\ESET\ESET NOD32 Antivirus\ekrn.exe [2010-06-24 810144]
S2 epfwwfpr;epfwwfpr;c:\windows\system32\DRIVERS\epfwwfpr.sys [2010-04-28 96896]
S2 NPF;NetGroup Packet Filter Driver;c:\windows\system32\drivers\npf.sys [2009-10-20 50704]


[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
HPZ12 REG_MULTI_SZ Pml Driver HPZ12 Net Driver HPZ12
HPService REG_MULTI_SZ HPSLPSVC
.
Contents of the 'Scheduled Tasks' folder

2010-08-08 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-01-27 17:15]

2010-08-08 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-01-27 17:15]
.
.
------- Supplementary Scan -------
.
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000
FF - ProfilePath - c:\users\Sam\AppData\Roaming\Mozilla\Firefox\Profiles\97axlzq1.default\
FF - prefs.js: browser.search.selectedEngine - LL - Search Links
FF - component: c:\program files\Mozilla Firefox\extensions\{AB2CE124-6272-4b12-94A9-7303C7397BD1}\components\SkypeFfComponent.dll
FF - component: c:\users\Sam\AppData\Roaming\Mozilla\Firefox\Profiles\97axlzq1.default\extensions\afom@idevfh\components\npAFOM.dll
FF - plugin: c:\program files\Google\Update\1.2.183.29\npGoogleOneClick8.dll
FF - plugin: c:\users\Sam\AppData\LocalLow\Unity\WebPlayer\loader\npUnity3D32.dll

---- FIREFOX POLICIES ----
c:\program files\Mozilla Firefox\greprefs\all.js - pref("ui.use_native_colors", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.lu", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.nu", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.nz", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgbaam7a8h", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgberp4a5d4ar", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--p1ai", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgbayh7gpa", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.tel", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.auth.force-generic-ntlm", false);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.proxy.type", 5);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.buffer.cache.count", 24);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.buffer.cache.size", 4096);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("dom.ipc.plugins.timeoutSecs", 45);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("svg.smil.enabled", false);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("accelerometer.enabled", true);
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.allow_unrestricted_renego_everywhere__temporarily_available_pref", true);
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.renego_unrestricted_hosts", "");
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.treat_unsafe_negotiation_as_broken", false);
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.require_safe_negotiation", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.name", "chrome://browser/locale/browser.properties");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.description", "chrome://browser/locale/browser.properties");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("plugins.update.notifyUser", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled.nptest.dll", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled.npswf32.dll", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled.npctrl.dll", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled.npqtplugin.dll", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled", false);
.
- - - - ORPHANS REMOVED - - - -

SafeBoot-klmdb.sys
MSConfigStartUp-GrooveMonitor - c:\program files\Microsoft Office\Office12\GrooveMonitor.exe


.
--------------------- LOCKED REGISTRY KEYS ---------------------

[HKEY_USERS\S-1-5-21-2673954322-904985209-1117478257-1001\Software\SecuROM\!CAUTION! NEVER A OR CHANGE ANY KEY*]
"??"=hex:ba,ea,76,08,93,f4,49,7c,2f,95,1c,a2,3f,db,6f,b8,47,53,e4,02,c8,74,1a,
21,c5,2b,0e,b5,dc,c8,07,c4,c6,6b,be,6c,21,30,6a,cc,d7,71,1c,40,3f,07,6c,72,\
"??"=hex:bc,dd,9c,a5,aa,70,13,fa,c3,1c,65,40,79,9e,2c,3c

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
Completion time: 2010-08-08 00:37:14
ComboFix-quarantined-files.txt 2010-08-08 04:37

Pre-Run: 19,088,293,888 bytes free
Post-Run: 19,609,116,672 bytes free

- - End Of File - - 70ADFCAE5434864AB9BE2B7DF1EEA69F


#7 Mister Sam

Mister Sam
  • Topic Starter

  • Members
  • 7 posts
  • OFFLINE
  •  
  • Local time:11:46 PM

Posted 08 August 2010 - 12:59 AM

Oh and no more Nod32 warnings for redirecgts! woohoo!

#8 JSntgRvr

JSntgRvr

    Master Surgeon General


  • Malware Response Team
  • 11,635 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto Rico
  • Local time:11:46 PM

Posted 08 August 2010 - 08:59 AM

There is a file failing its signature, User32.dll. It is a core file.
  • Copy the entire contents of the Quote Box below to Notepad.
  • Name the file as CFScript.txt
  • Change the Save as Type to All Files
  • and Save it on the desktop
QUOTE
Registry::
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Desktop Security"=-

Folder::
c:\users\Sam\AppData\Roaming\Desktop Security

RegLock::
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]




Once saved, referring to the picture above, drag CFScript.txt into ComboFix.exe, and post back the resulting report.

Download OTL to your Desktop
  • Double click on the icon to run it. Make sure all other windows are closed and to let it run uninterrupted.
  • OTL should now start. Change the following settings
    • Change Drivers to All
    • Change Standard Registry to All
    • Under File Scans, change File age to 30
  • Under the Custom Scan box paste this in


    /md5start
    User32.dll
    /md5stop

  • Click the Run Scan button. Do not change any settings unless otherwise told to do so. The scan wont take long.
    • When the scan completes, it will open two notepad windows. OTL.Txt and Extras.Txt (first run only). These are saved in the same location as OTL.
    • Please post the contents of these files in your next reply.

No request for help throughout private messaging will be attended.

If I have helped you, consider making a donation to help me continue the fight against Malware!
btn_donate_SM.gif


#9 Mister Sam

Mister Sam
  • Topic Starter

  • Members
  • 7 posts
  • OFFLINE
  •  
  • Local time:11:46 PM

Posted 09 August 2010 - 04:41 PM

OTL logfile created on: 8/9/2010 5:30:59 PM - Run 1
OTL by OldTimer - Version 3.2.9.1 Folder = C:\Users\Sam\Desktop
Ultimate Edition (Version = 6.1.7600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.7600.16385)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

3.00 Gb Total Physical Memory | 1.00 Gb Available Physical Memory | 52.00% Memory free
5.00 Gb Paging File | 4.00 Gb Available in Paging File | 78.00% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 140.87 Gb Total Space | 12.45 Gb Free Space | 8.84% Space Free | Partition Type: NTFS
Drive D: | 8.17 Gb Total Space | 1.73 Gb Free Space | 21.21% Space Free | Partition Type: NTFS
E: Drive not present or media not loaded
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded

Computer Name: SAM-LAPTOP
Current User Name: Sam
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: Current user
Company Name Whitelist: Off
Skip Microsoft Files: Off
File Age = 30 Days
Output = Standard

========== Processes (SafeList) ==========

PRC - [2010/08/09 17:12:54 | 000,574,976 | ---- | M] (OldTimer Tools) -- C:\Users\Sam\Desktop\OTL.exe
PRC - [2010/06/24 09:27:12 | 000,810,144 | ---- | M] (ESET) -- C:\Program Files\ESET\ESET NOD32 Antivirus\ekrn.exe
PRC - [2010/06/24 09:27:06 | 002,202,704 | ---- | M] (ESET) -- C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe
PRC - [2010/05/07 18:35:22 | 000,165,208 | ---- | M] (Logitech Inc.) -- C:\Program Files\Logitech\LWS\Webcam Software\LWS.exe
PRC - [2009/10/31 01:45:39 | 002,614,272 | ---- | M] (Microsoft Corporation) -- C:\Windows\explorer.exe
PRC - [2009/09/12 16:05:02 | 000,144,792 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\Java\jre6\bin\javaw.exe
PRC - [2009/07/13 21:14:42 | 000,049,152 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\taskhost.exe
PRC - [2009/07/13 21:14:41 | 000,354,304 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\StikyNot.exe
PRC - [2004/04/20 14:03:44 | 001,575,936 | ---- | M] (David Ayton) -- C:\Program Files\CDisplay\CDisplay.exe


========== Modules (SafeList) ==========

MOD - [2010/08/09 17:12:54 | 000,574,976 | ---- | M] (OldTimer Tools) -- C:\Users\Sam\Desktop\OTL.exe
MOD - [2009/07/13 21:16:15 | 000,099,840 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\sspicli.dll
MOD - [2009/07/13 21:16:13 | 000,092,160 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\sechost.dll
MOD - [2009/07/13 21:16:13 | 000,050,688 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\samcli.dll
MOD - [2009/07/13 21:16:12 | 000,031,744 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\profapi.dll
MOD - [2009/07/13 21:16:03 | 000,022,016 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\netutils.dll
MOD - [2009/07/13 21:15:35 | 000,288,256 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\KernelBase.dll
MOD - [2009/07/13 21:15:11 | 000,064,512 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\devobj.dll
MOD - [2009/07/13 21:15:07 | 000,036,864 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\cryptbase.dll
MOD - [2009/07/13 21:15:02 | 000,145,920 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\cfgmgr32.dll
MOD - [2009/07/13 21:14:10 | 000,095,232 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\msscript.ocx
MOD - [2009/07/13 21:03:50 | 001,680,896 | ---- | M] (Microsoft Corporation) -- C:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7600.16385_none_421189da2b7fabfc\comctl32.dll


========== Win32 Services (SafeList) ==========

SRV - File not found [Auto | Stopped] -- C:\Windows\System32\FastUv32.dll -- (FastUserSwitchingCompatibility)
SRV - [2010/06/24 09:27:54 | 000,033,584 | ---- | M] (ESET) [On_Demand | Stopped] -- C:\Program Files\ESET\ESET NOD32 Antivirus\EHttpSrv.exe -- (EhttpSrv)
SRV - [2010/06/24 09:27:12 | 000,810,144 | ---- | M] (ESET) [Auto | Running] -- C:\Program Files\ESET\ESET NOD32 Antivirus\ekrn.exe -- (ekrn)
SRV - [2010/05/07 18:47:32 | 000,162,648 | ---- | M] (Logitech Inc.) [Auto | Stopped] -- C:\Program Files\Common Files\Logishrd\LVMVFM\LVPrcSrv.exe -- (LVPrcSrv)
SRV - [2010/03/18 13:16:28 | 000,130,384 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32)
SRV - [2010/02/23 17:53:33 | 001,343,400 | ---- | M] (Microsoft Corporation) [Unknown | Stopped] -- C:\Windows\System32\Wat\WatAdminSvc.exe -- (WatAdminSvc)
SRV - [2009/10/20 14:19:48 | 000,117,264 | ---- | M] (CACE Technologies, Inc.) [On_Demand | Stopped] -- C:\Program Files\WinPcap\rpcapd.exe -- (rpcapd) Remote Packet Capture Protocol v.0 (experimental)
SRV - [2009/07/16 18:04:16 | 000,316,664 | ---- | M] (Valve Corporation) [On_Demand | Stopped] -- C:\Program Files\Common Files\Steam\SteamService.exe -- (Steam Client Service)
SRV - [2009/07/13 21:16:21 | 000,185,856 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\wwansvc.dll -- (WwanSvc)
SRV - [2009/07/13 21:16:17 | 000,151,552 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\wbiosrvc.dll -- (WbioSrvc)
SRV - [2009/07/13 21:16:17 | 000,119,808 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\System32\umpo.dll -- (Power)
SRV - [2009/07/13 21:16:16 | 000,037,376 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\System32\themeservice.dll -- (Themes)
SRV - [2009/07/13 21:16:15 | 000,053,760 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\sppuinotify.dll -- (sppuinotify)
SRV - [2009/07/13 21:16:13 | 000,043,520 | ---- | M] (Microsoft Corporation) [Unknown | Running] -- C:\Windows\System32\RpcEpMap.dll -- (RpcEptMapper)
SRV - [2009/07/13 21:16:13 | 000,025,088 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\sensrsvc.dll -- (SensrSvc)
SRV - [2009/07/13 21:16:12 | 001,004,544 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\PeerDistSvc.dll -- (PeerDistSvc)
SRV - [2009/07/13 21:16:12 | 000,269,824 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Windows\System32\pnrpsvc.dll -- (PNRPsvc)
SRV - [2009/07/13 21:16:12 | 000,269,824 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Windows\System32\pnrpsvc.dll -- (p2pimsvc)
SRV - [2009/07/13 21:16:12 | 000,165,376 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Windows\System32\provsvc.dll -- (HomeGroupProvider)
SRV - [2009/07/13 21:16:12 | 000,020,480 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\pnrpauto.dll -- (PNRPAutoReg)
SRV - [2009/07/13 21:15:41 | 000,680,960 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
SRV - [2009/07/13 21:15:36 | 000,194,560 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\ListSvc.dll -- (HomeGroupListener)
SRV - [2009/07/13 21:15:21 | 000,797,696 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\FntCache.dll -- (FontCache)
SRV - [2009/07/13 21:15:11 | 000,253,440 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\System32\dhcpcore.dll -- (Dhcp)
SRV - [2009/07/13 21:15:10 | 000,218,624 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\defragsvc.dll -- (defragsvc)
SRV - [2009/07/13 21:14:59 | 000,076,800 | ---- | M] (Microsoft Corporation) [Unknown | Stopped] -- C:\Windows\System32\bdesvc.dll -- (BDESVC)
SRV - [2009/07/13 21:14:58 | 000,088,064 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\AxInstSv.dll -- (AxInstSV) ActiveX Installer (AxInstSV)
SRV - [2009/07/13 21:14:53 | 000,027,648 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\appidsvc.dll -- (AppIDSvc)
SRV - [2009/07/13 21:14:29 | 003,179,520 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\sppsvc.exe -- (sppsvc)


========== Driver Services (All) ==========

DRV - File not found [Kernel | On_Demand | Running] -- C:\Users\Sam\AppData\Local\Temp\catchme.sys -- (catchme)
DRV - [2010/08/07 19:04:16 | 000,142,416 | ---- | M] (NVIDIA Corporation) [Kernel | Boot | Running] -- C:\Windows\system32\DRIVERS\nvstor.sys -- (nvstor)
DRV - [2010/06/24 09:04:14 | 000,136,120 | ---- | M] (ESET) [File_System | Auto | Running] -- C:\Windows\System32\drivers\eamonm.sys -- (eamonm)
DRV - [2010/05/14 22:04:02 | 006,842,592 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\lvuvc.sys -- (LVUVC) Logitech Webcam C260(UVC)
DRV - [2010/05/14 22:02:26 | 000,276,448 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\lvrs.sys -- (LVRS)
DRV - [2010/05/14 22:02:14 | 000,114,784 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\lvpopflt.sys -- (lvpopflt)
DRV - [2010/05/07 18:43:30 | 000,025,824 | ---- | M] () [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\LVPr2Mon.sys -- (LVPr2Mon)
DRV - [2010/04/28 08:17:46 | 000,114,984 | ---- | M] (ESET) [Kernel | System | Running] -- C:\Windows\System32\drivers\ehdrv.sys -- (ehdrv)
DRV - [2010/04/28 08:17:46 | 000,096,896 | ---- | M] (ESET) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\epfwwfpr.sys -- (epfwwfpr)
DRV - [2010/02/27 03:32:26 | 000,221,696 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Running] -- C:\Windows\System32\drivers\mrxsmb10.sys -- (mrxsmb10)
DRV - [2010/02/27 03:32:12 | 000,095,744 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Running] -- C:\Windows\System32\drivers\mrxsmb20.sys -- (mrxsmb20)
DRV - [2010/02/27 03:32:05 | 000,123,392 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Running] -- C:\Windows\System32\drivers\mrxsmb.sys -- (mrxsmb)
DRV - [2009/12/11 03:44:02 | 000,133,720 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\System32\Drivers\ksecpkg.sys -- (KSecPkg)
DRV - [2009/12/08 04:05:40 | 000,310,784 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Running] -- C:\Windows\System32\drivers\srv.sys -- (srv)
DRV - [2009/12/08 04:05:09 | 000,113,664 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Running] -- C:\Windows\System32\drivers\srvnet.sys -- (srvnet)
DRV - [2009/11/04 03:59:00 | 000,017,408 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\dc3d.sys -- (dc3d) MS Hardware Device Detection Driver (HID)
DRV - [2009/10/24 00:00:07 | 000,258,560 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\system32\DRIVERS\usbhub.sys -- (usbhub)
DRV - [2009/10/23 23:58:55 | 000,041,984 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\system32\DRIVERS\usbehci.sys -- (usbehci)
DRV - [2009/10/20 14:19:44 | 000,050,704 | ---- | M] (CACE Technologies, Inc.) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\npf.sys -- (NPF)
DRV - [2009/10/09 22:57:31 | 000,012,800 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\sffp_sd.sys -- (sffp_sd)
DRV - [2009/10/09 22:31:24 | 000,084,992 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\system32\DRIVERS\sdbus.sys -- (sdbus)
DRV - [2009/10/02 00:06:59 | 000,728,648 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\dxgkrnl.sys -- (DXGKrnl)
DRV - [2009/09/26 01:58:35 | 000,194,488 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\System32\DRIVERS\fvevol.sys -- (fvevol)
DRV - [2009/08/13 23:09:58 | 000,060,160 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\xusb21.sys -- (xusb21)
DRV - [2009/07/13 21:26:21 | 000,249,408 | ---- | M] (Microsoft Corporation) [Kernel | Unknown | Running] -- C:\Windows\System32\clfs.sys -- (CLFS) Common Log (CLFS)
DRV - [2009/07/13 21:26:21 | 000,019,024 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\system32\DRIVERS\compbatt.sys -- (Compbatt)
DRV - [2009/07/13 21:26:21 | 000,015,952 | ---- | M] (CMD Technology, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\cmdide.sys -- (cmdide)
DRV - [2009/07/13 21:26:17 | 000,297,552 | ---- | M] (Adaptec, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\adpahci.sys -- (adpahci)
DRV - [2009/07/13 21:26:15 | 000,422,976 | ---- | M] (Adaptec, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\adp94xx.sys -- (adp94xx)
DRV - [2009/07/13 21:26:15 | 000,274,496 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\system32\DRIVERS\ACPI.sys -- (ACPI)
DRV - [2009/07/13 21:26:15 | 000,159,312 | ---- | M] (AMD Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\amdsbs.sys -- (amdsbs)
DRV - [2009/07/13 21:26:15 | 000,146,512 | ---- | M] (Adaptec, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\adpu320.sys -- (adpu320)
DRV - [2009/07/13 21:26:15 | 000,086,608 | ---- | M] (Adaptec, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\arcsas.sys -- (arcsas)
DRV - [2009/07/13 21:26:15 | 000,079,952 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\amdsata.sys -- (amdsata)
DRV - [2009/07/13 21:26:15 | 000,076,368 | ---- | M] (Adaptec, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\arc.sys -- (arc)
DRV - [2009/07/13 21:26:15 | 000,053,312 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\amdagp.sys -- (amdagp)
DRV - [2009/07/13 21:26:15 | 000,053,312 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\agp440.sys -- (agp440)
DRV - [2009/07/13 21:26:15 | 000,023,616 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\system32\DRIVERS\amdxata.sys -- (amdxata)
DRV - [2009/07/13 21:26:15 | 000,021,584 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\system32\DRIVERS\atapi.sys -- (atapi)
DRV - [2009/07/13 21:26:15 | 000,014,912 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\amdide.sys -- (amdide)
DRV - [2009/07/13 21:26:15 | 000,014,400 | ---- | M] (Acer Laboratories Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\aliide.sys -- (aliide)
DRV - [2009/07/13 21:20:45 | 000,153,680 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\system32\DRIVERS\pci.sys -- (pci)
DRV - [2009/07/13 21:20:45 | 000,012,368 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\system32\DRIVERS\pciide.sys -- (pciide)
DRV - [2009/07/13 21:20:44 | 001,210,432 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Running] -- C:\Windows\System32\drivers\ntfs.sys -- (Ntfs)
DRV - [2009/07/13 21:20:44 | 000,710,720 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\system32\drivers\ndis.sys -- (NDIS)
DRV - [2009/07/13 21:20:44 | 000,186,960 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\msiscsi.sys -- (iScsiPrt)
DRV - [2009/07/13 21:20:44 | 000,162,896 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\msrpc.sys -- (MsRPC)
DRV - [2009/07/13 21:20:44 | 000,130,624 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\mpio.sys -- (mpio)
DRV - [2009/07/13 21:20:44 | 000,117,312 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\nvraid.sys -- (nvraid)
DRV - [2009/07/13 21:20:44 | 000,115,792 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\msdsm.sys -- (msdsm)
DRV - [2009/07/13 21:20:44 | 000,105,024 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\nv_agp.sys -- (nv_agp)
DRV - [2009/07/13 21:20:44 | 000,078,416 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\System32\drivers\mountmgr.sys -- (mountmgr)
DRV - [2009/07/13 21:20:44 | 000,056,912 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\System32\drivers\partmgr.sys -- (partmgr)
DRV - [2009/07/13 21:20:44 | 000,049,728 | ---- | M] (Microsoft Corporation) [File_System | Boot | Running] -- C:\Windows\System32\Drivers\mup.sys -- (Mup)
DRV - [2009/07/13 21:20:44 | 000,044,624 | ---- | M] (IBM Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\nfrd960.sys -- (nfrd960)
DRV - [2009/07/13 21:20:44 | 000,041,552 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\mouclass.sys -- (mouclass)
DRV - [2009/07/13 21:20:44 | 000,028,240 | ---- | M] (Microsoft Corporation) [Kernel | System | Running] -- C:\Windows\System32\drivers\mssmbios.sys -- (mssmbios)
DRV - [2009/07/13 21:20:44 | 000,027,712 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\msahci.sys -- (msahci)
DRV - [2009/07/13 21:20:43 | 000,013,888 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\system32\DRIVERS\msisadrv.sys -- (msisadrv)
DRV - [2009/07/13 21:20:37 | 000,089,168 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\lsi_sas.sys -- (LSI_SAS)
DRV - [2009/07/13 21:20:36 | 000,332,352 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\iaStorV.sys -- (iaStorV)
DRV - [2009/07/13 21:20:36 | 000,235,584 | ---- | M] (LSI Corporation, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\MegaSR.sys -- (MegaSR)
DRV - [2009/07/13 21:20:36 | 000,096,848 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\lsi_scsi.sys -- (LSI_SCSI)
DRV - [2009/07/13 21:20:36 | 000,095,824 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\lsi_fc.sys -- (LSI_FC)
DRV - [2009/07/13 21:20:36 | 000,067,664 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\System32\Drivers\ksecdd.sys -- (KSecDD)
DRV - [2009/07/13 21:20:36 | 000,054,864 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\lsi_sas2.sys -- (LSI_SAS2)
DRV - [2009/07/13 21:20:36 | 000,046,656 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\isapnp.sys -- (isapnp)
DRV - [2009/07/13 21:20:36 | 000,042,576 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\kbdclass.sys -- (kbdclass)
DRV - [2009/07/13 21:20:36 | 000,041,040 | ---- | M] (Intel Corp./ICP vortex GmbH) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\iirsp.sys -- (iirsp)
DRV - [2009/07/13 21:20:36 | 000,030,800 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\megasas.sys -- (megasas)
DRV - [2009/07/13 21:20:36 | 000,015,424 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\intelide.sys -- (intelide)
DRV - [2009/07/13 21:20:36 | 000,013,904 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\System32\drivers\hwpolicy.sys -- (hwpolicy)
DRV - [2009/07/13 21:20:28 | 000,453,712 | ---- | M] (Emulex) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\elxstor.sys -- (elxstor)
DRV - [2009/07/13 21:20:28 | 000,198,208 | ---- | M] (Microsoft Corporation) [File_System | Boot | Running] -- C:\Windows\system32\drivers\fltmgr.sys -- (FltMgr)
DRV - [2009/07/13 21:20:28 | 000,070,720 | ---- | M] (Adaptec, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\djsvs.sys -- (aic78xx)
DRV - [2009/07/13 21:20:28 | 000,067,152 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\HpSAMD.sys -- (HpSAMD)
DRV - [2009/07/13 21:20:28 | 000,058,448 | ---- | M] (Microsoft Corporation) [File_System | Boot | Running] -- C:\Windows\system32\drivers\fileinfo.sys -- (FileInfo)
DRV - [2009/07/13 21:20:28 | 000,057,936 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\gagp30kx.sys -- (gagp30kx)
DRV - [2009/07/13 21:20:28 | 000,046,160 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\System32\drivers\fsdepends.sys -- (FsDepends)
DRV - [2009/07/13 21:20:28 | 000,022,096 | ---- | M] (Microsoft Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\system32\DRIVERS\crcdisk.sys -- (crcdisk)
DRV - [2009/07/13 21:20:27 | 000,057,424 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\system32\DRIVERS\disk.sys -- (Disk)
DRV - [2009/07/13 21:19:11 | 000,297,040 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\System32\drivers\volmgrx.sys -- (volmgrx)
DRV - [2009/07/13 21:19:11 | 000,141,904 | ---- | M] (VIA Technologies Inc.,Ltd) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\vsmraid.sys -- (vsmraid)
DRV - [2009/07/13 21:19:11 | 000,057,424 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\uliagpkx.sys -- (uliagpkx)
DRV - [2009/07/13 21:19:11 | 000,019,024 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\wd.sys -- (Wd)
DRV - [2009/07/13 21:19:10 | 001,285,712 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\tcpip.sys -- (TCPIP6)
DRV - [2009/07/13 21:19:10 | 001,285,712 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\System32\drivers\tcpip.sys -- (Tcpip)
DRV - [2009/07/13 21:19:10 | 000,445,008 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\system32\drivers\Wdf01000.sys -- (Wdf01000)
DRV - [2009/07/13 21:19:10 | 000,245,328 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\system32\DRIVERS\volsnap.sys -- (volsnap)
DRV - [2009/07/13 21:19:10 | 000,175,824 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\vmbus.sys -- (vmbus)
DRV - [2009/07/13 21:19:10 | 000,159,824 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\vhdmp.sys -- (vhdmp)
DRV - [2009/07/13 21:19:10 | 000,055,888 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\uagp35.sys -- (uagp35)
DRV - [2009/07/13 21:19:10 | 000,053,328 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\viaagp.sys -- (viaagp)
DRV - [2009/07/13 21:19:10 | 000,053,312 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\system32\DRIVERS\volmgr.sys -- (volmgr)
DRV - [2009/07/13 21:19:10 | 000,051,776 | ---- | M] (Microsoft Corporation) [Kernel | System | Running] -- C:\Windows\System32\drivers\termdd.sys -- (TermDD)
DRV - [2009/07/13 21:19:10 | 000,040,896 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\system32\DRIVERS\vmstorfl.sys -- (storflt)
DRV - [2009/07/13 21:19:10 | 000,032,832 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\system32\DRIVERS\vdrvroot.sys -- (vdrvroot)
DRV - [2009/07/13 21:19:10 | 000,028,224 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\storvsc.sys -- (storvsc)
DRV - [2009/07/13 21:19:10 | 000,019,008 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\System32\drivers\wimmount.sys -- (WIMMount)
DRV - [2009/07/13 21:19:10 | 000,016,976 | ---- | M] (VIA Technologies, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\viaide.sys -- (viaide)
DRV - [2009/07/13 21:19:10 | 000,012,240 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\swenum.sys -- (swenum)
DRV - [2009/07/13 21:19:04 | 001,383,488 | ---- | M] (QLogic Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\ql2300.sys -- (ql2300)
DRV - [2009/07/13 21:19:04 | 000,173,648 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\System32\drivers\rdyboost.sys -- (rdyboost)
DRV - [2009/07/13 21:19:04 | 000,106,064 | ---- | M] (QLogic Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\ql40xx.sys -- (ql40xx)
DRV - [2009/07/13 21:19:04 | 000,085,568 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\sbp2port.sys -- (sbp2port)
DRV - [2009/07/13 21:19:04 | 000,077,888 | ---- | M] (Silicon Integrated Systems) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\sisraid4.sys -- (SiSRaid4)
DRV - [2009/07/13 21:19:04 | 000,043,088 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\System32\drivers\pcw.sys -- (pcw)
DRV - [2009/07/13 21:19:04 | 000,040,016 | ---- | M] (Silicon Integrated Systems Corp.) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\SiSRaid2.sys -- (SiSRaid2)
DRV - [2009/07/13 21:19:04 | 000,021,072 | ---- | M] (Promise Technology) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\stexstor.sys -- (stexstor)
DRV - [2009/07/13 21:19:03 | 000,180,288 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\pcmcia.sys -- (pcmcia)
DRV - [2009/07/13 21:19:03 | 000,052,304 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\sisagp.sys -- (sisagp)
DRV - [2009/07/13 21:19:03 | 000,017,472 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\System32\drivers\spldr.sys -- (spldr)
DRV - [2009/07/13 21:17:54 | 000,369,568 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\System32\Drivers\cng.sys -- (CNG)
DRV - [2009/07/13 20:57:25 | 000,272,128 | ---- | M] (Brother Industries Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\Drivers\Brserid.sys -- (Brserid) Brother MFC Serial Port Interface Driver (WDM)
DRV - [2009/07/13 20:41:15 | 000,586,752 | ---- | M] (Microsoft Corporation) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\PEAuth.sys -- (PEAUTH)
DRV - [2009/07/13 20:17:06 | 000,019,968 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\usbprint.sys -- (usbprint)
DRV - [2009/07/13 20:14:46 | 000,009,216 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\serscan.sys -- (StillCam)
DRV - [2009/07/13 20:02:58 | 000,133,120 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\rdpdr.sys -- (RDPDR)
DRV - [2009/07/13 20:02:41 | 000,018,944 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\rdpbus.sys -- (rdpbus)
DRV - [2009/07/13 20:01:55 | 000,177,152 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\rdpwd.sys -- (RDPWD)
DRV - [2009/07/13 20:01:51 | 000,030,208 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\tssecsrv.sys -- (tssecsrv)
DRV - [2009/07/13 20:01:41 | 000,007,168 | ---- | M] (Microsoft Corporation) [Kernel | System | Running] -- C:\Windows\System32\drivers\RDPREFMP.sys -- (RDPREFMP)
DRV - [2009/07/13 20:01:40 | 000,006,656 | ---- | M] (Microsoft Corporation) [Kernel | System | Running] -- C:\Windows\System32\drivers\RDPCDD.sys -- (RDPCDD)
DRV - [2009/07/13 20:01:39 | 000,006,656 | ---- | M] (Microsoft Corporation) [Kernel | System | Running] -- C:\Windows\System32\drivers\RDPENCDD.sys -- (RDPENCDD)
DRV - [2009/07/13 20:01:37 | 000,024,064 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\tdtcp.sys -- (TDTCP)
DRV - [2009/07/13 20:01:37 | 000,017,920 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\tdpipe.sys -- (TDPIPE)
DRV - [2009/07/13 19:55:24 | 000,031,744 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\modem.sys -- (Modem)
DRV - [2009/07/13 19:55:02 | 000,063,488 | ---- | M] (Microsoft Corporation) [Kernel | System | Running] -- C:\Windows\System32\drivers\wanarp.sys -- (Wanarpv6)
DRV - [2009/07/13 19:55:02 | 000,063,488 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\wanarp.sys -- (WANARP)
DRV - [2009/07/13 19:55:02 | 000,016,384 | ---- | M] (Microsoft Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\ws2ifsl.sys -- (ws2ifsl)
DRV - [2009/07/13 19:55:00 | 000,049,152 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\agilevpn.sys -- (RasAgileVpn) WAN Miniport (IKEv2)
DRV - [2009/07/13 19:54:58 | 000,075,264 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\rassstp.sys -- (RasSstp) WAN Miniport (SSTP)
DRV - [2009/07/13 19:54:53 | 000,077,824 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\raspppoe.sys -- (RasPppoe)
DRV - [2009/07/13 19:54:48 | 000,073,728 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\raspptp.sys -- (PptpMiniport) WAN Miniport (PPTP)
DRV - [2009/07/13 19:54:46 | 000,017,920 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\asyncmac.sys -- (AsyncMac)
DRV - [2009/07/13 19:54:40 | 000,011,776 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\rasacd.sys -- (RasAcd)
DRV - [2009/07/13 19:54:35 | 000,118,784 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\ndiswan.sys -- (NdisWan)
DRV - [2009/07/13 19:54:34 | 000,078,848 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\rasl2tp.sys -- (Rasl2tp) WAN Miniport (L2TP)
DRV - [2009/07/13 19:54:29 | 000,101,888 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\ipnat.sys -- (IPNAT)
DRV - [2009/07/13 19:54:29 | 000,058,880 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\ipfltdrv.sys -- (IpFilterDriver)
DRV - [2009/07/13 19:54:27 | 000,048,128 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\ndproxy.sys -- (NDProxy)
DRV - [2009/07/13 19:54:24 | 000,020,992 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\ndistapi.sys -- (NdisTapi)
DRV - [2009/07/13 19:54:14 | 000,034,816 | ---- | M] (Microsoft Corporation) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\tcpipreg.sys -- (tcpipreg)
DRV - [2009/07/13 19:54:13 | 000,031,744 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\drivers\qwavedrv.sys -- (QWAVEdrv)
DRV - [2009/07/13 19:54:03 | 000,108,544 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\tunnel.sys -- (tunnel)
DRV - [2009/07/13 19:53:58 | 000,104,448 | ---- | M] (Microsoft Corporation) [Kernel | System | Running] -- C:\Windows\System32\drivers\pacer.sys -- (Psched)
DRV - [2009/07/13 19:53:54 | 000,036,352 | ---- | M] (Microsoft Corporation) [File_System | System | Running] -- C:\Windows\System32\drivers\netbios.sys -- (NetBIOS)
DRV - [2009/07/13 19:53:51 | 000,045,568 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\ndisuio.sys -- (Ndisuio)
DRV - [2009/07/13 19:53:51 | 000,009,728 | ---- | M] (Microsoft Corporation) [Kernel | System | Running] -- C:\Windows\System32\drivers\wfplwf.sys -- (WfpLwf)
DRV - [2009/07/13 19:53:41 | 000,071,168 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\smb.sys -- (Smb) Message-oriented TCP/IP and TCP/IPv6 Protocol (SMB session)
DRV - [2009/07/13 19:53:27 | 000,013,824 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\irenum.sys -- (IRENUM)
DRV - [2009/07/13 19:53:20 | 000,060,928 | ---- | M] (Microsoft Corporation) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\rspndr.sys -- (rspndr)
DRV - [2009/07/13 19:53:19 | 000,048,128 | ---- | M] (Microsoft Corporation) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\lltdio.sys -- (lltdio)
DRV - [2009/07/13 19:52:53 | 000,060,416 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\mpsdrv.sys -- (mpsdrv)
DRV - [2009/07/13 19:52:44 | 000,027,136 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\ndiscap.sys -- (NdisCap)
DRV - [2009/07/13 19:52:04 | 000,048,128 | ---- | M] (Microsoft Corporation) [Kernel | System | Running] -- C:\Windows\System32\drivers\vwififlt.sys -- (vwififlt)
DRV - [2009/07/13 19:52:03 | 000,267,264 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\nwifi.sys -- (NativeWifiP)
DRV - [2009/07/13 19:52:02 | 000,019,968 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\vwifibus.sys -- (vwifibus)
DRV - [2009/07/13 19:52:00 | 000,163,328 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\1394ohci.sys -- (1394ohci)
DRV - [2009/07/13 19:51:47 | 000,304,128 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\HdAudio.sys -- (HdAudAddService)
DRV - [2009/07/13 19:51:39 | 000,039,936 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\umbus.sys -- (umbus)
DRV - [2009/07/13 19:51:35 | 000,008,192 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\umpass.sys -- (UmPass)
DRV - [2009/07/13 19:51:34 | 000,056,320 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\bthmodem.sys -- (BTHMODEM)
DRV - [2009/07/13 19:51:33 | 000,091,136 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\hidbth.sys -- (HidBth)
DRV - [2009/07/13 19:51:31 | 000,075,264 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\usbccgp.sys -- (usbccgp)
DRV - [2009/07/13 19:51:29 | 000,062,464 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\ohci1394.sys -- (ohci1394) 1394 OHCI Compliant Host Controller (Legacy)
DRV - [2009/07/13 19:51:23 | 000,080,640 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\USBAUDIO.sys -- (usbaudio) USB Audio Driver (WDM)
DRV - [2009/07/13 19:51:19 | 000,074,752 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\USBSTOR.SYS -- (USBSTOR)
DRV - [2009/07/13 19:51:18 | 000,086,016 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\usbcir.sys -- (usbcir) eHome Infrared Receiver (USBCIR)
DRV - [2009/07/13 19:51:17 | 000,037,888 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\circlass.sys -- (circlass)
DRV - [2009/07/13 19:51:14 | 000,020,480 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\system32\DRIVERS\usbohci.sys -- (usbohci)
DRV - [2009/07/13 19:51:11 | 000,034,944 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\winusb.sys -- (WinUsb)
DRV - [2009/07/13 19:51:10 | 000,024,064 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\usbuhci.sys -- (usbuhci)
DRV - [2009/07/13 19:51:08 | 000,004,096 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\mshidkmdf.sys -- (mshidkmdf)
DRV - [2009/07/13 19:51:05 | 000,037,888 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\hidir.sys -- (HidIr)
DRV - [2009/07/13 19:51:04 | 000,024,064 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\hidusb.sys -- (HidUsb)
DRV - [2009/07/13 19:50:57 | 000,005,120 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\drmkaud.sys -- (drmkaud)
DRV - [2009/07/13 19:50:56 | 000,108,544 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\hdaudbus.sys -- (HDAudBus)
DRV - [2009/07/13 19:50:45 | 000,132,224 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\WUDFRd.sys -- (WUDFRd)
DRV - [2009/07/13 19:50:17 | 000,092,672 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\WUDFPf.sys -- (WudfPf)
DRV - [2009/07/13 19:46:55 | 000,012,288 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\MTConfig.sys -- (MTConfig)
DRV - [2009/07/13 19:46:53 | 000,021,632 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\wacompen.sys -- (WacomPen)
DRV - [2009/07/13 19:45:52 | 000,013,824 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\sfloppy.sys -- (sfloppy)
DRV - [2009/07/13 19:45:52 | 000,012,288 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\sffp_mmc.sys -- (sffp_mmc)
DRV - [2009/07/13 19:45:52 | 000,011,264 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\sffdisk.sys -- (sffdisk)
DRV - [2009/07/13 19:45:45 | 000,025,088 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\fdc.sys -- (fdc)
DRV - [2009/07/13 19:45:45 | 000,019,968 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\flpydisk.sys -- (flpydisk)
DRV - [2009/07/13 19:45:35 | 000,079,360 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\parport.sys -- (Parport)
DRV - [2009/07/13 19:45:33 | 000,083,456 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\serial.sys -- (Serial)
DRV - [2009/07/13 19:45:29 | 000,008,704 | ---- | M] (Microsoft Corporation) [Kernel | Auto | Stopped] -- C:\Windows\system32\DRIVERS\parvdm.sys -- (Parvdm)
DRV - [2009/07/13 19:45:28 | 000,017,920 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\serenum.sys -- (Serenum)
DRV - [2009/07/13 19:45:26 | 000,031,232 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\CompositeBus.sys -- (CompositeBus)
DRV - [2009/07/13 19:45:09 | 000,028,160 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\kbdhid.sys -- (kbdhid)
DRV - [2009/07/13 19:45:08 | 000,026,112 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\mouhid.sys -- (mouhid)
DRV - [2009/07/13 19:45:08 | 000,019,968 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\sermouse.sys -- (sermouse)
DRV - [2009/07/13 19:45:08 | 000,008,320 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\mskssrv.sys -- (MSKSSRV)
DRV - [2009/07/13 19:45:08 | 000,006,144 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\mstee.sys -- (MSTEE)
DRV - [2009/07/13 19:45:08 | 000,005,888 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\mspclock.sys -- (MSPCLOCK)
DRV - [2009/07/13 19:45:07 | 000,005,504 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\mspqm.sys -- (MSPQM)
DRV - [2009/07/13 19:45:01 | 000,006,144 | ---- | M] (Microsoft Corporation) [Kernel | System | Running] -- C:\Windows\System32\drivers\beep.sys -- (Beep)
DRV - [2009/07/13 19:36:52 | 000,050,176 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\drivers\appid.sys -- (AppID)
DRV - [2009/07/13 19:33:50 | 000,026,624 | ---- | M] (Microsoft Corporation) [Kernel | Unknown | Stopped] -- C:\Windows\System32\drivers\scfilter.sys -- (scfilter)
DRV - [2009/07/13 19:30:59 | 000,065,536 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\IPMIDrv.sys -- (IPMIDRV)
DRV - [2009/07/13 19:28:47 | 000,005,632 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\vms3cap.sys -- (s3cap)
DRV - [2009/07/13 19:28:45 | 000,017,920 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\VMBusHID.sys -- (VMBusHID)
DRV - [2009/07/13 19:25:59 | 000,023,552 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\monitor.sys -- (monitor)
DRV - [2009/07/13 19:25:51 | 000,025,088 | ---- | M] (Microsoft Corporation) [Kernel | System | Running] -- C:\Windows\System32\drivers\vga.sys -- (VgaSave)
DRV - [2009/07/13 19:25:49 | 000,026,112 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\vgapnp.sys -- (vga)
DRV - [2009/07/13 19:24:05 | 000,032,256 | ---- | M] (Microsoft Corporation) [Kernel | System | Running] -- C:\Windows\System32\drivers\discache.sys -- (discache)
DRV - [2009/07/13 19:23:04 | 000,035,328 | ---- | M] (Microsoft Corporation) [Kernel | System | Running] -- C:\Windows\System32\drivers\blbdrive.sys -- (blbdrive)
DRV - [2009/07/13 19:19:21 | 000,021,504 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\HidBatt.sys -- (HidBatt)
DRV - [2009/07/13 19:19:19 | 000,007,168 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\errdev.sys -- (ErrDev)
DRV - [2009/07/13 19:19:18 | 000,014,080 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\CmBatt.sys -- (CmBatt)
DRV - [2009/07/13 19:19:17 | 000,011,264 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\wmiacpi.sys -- (WmiAcpi)
DRV - [2009/07/13 19:16:36 | 000,009,728 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\acpipmi.sys -- (AcpiPmi)
DRV - [2009/07/13 19:15:45 | 000,086,528 | ---- | M] (Microsoft Corporation) [File_System | Auto | Running] -- C:\Windows\system32\drivers\luafv.sys -- (luafv)
DRV - [2009/07/13 19:15:29 | 000,028,160 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\System32\drivers\filetrace.sys -- (Filetrace)
DRV - [2009/07/13 19:15:13 | 000,387,584 | ---- | M] (Microsoft Corporation) [Kernel | System | Running] -- C:\Windows\System32\drivers\csc.sys -- (CSC)
DRV - [2009/07/13 19:14:55 | 000,306,688 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Running] -- C:\Windows\System32\drivers\srv2.sys -- (srv2)
DRV - [2009/07/13 19:14:29 | 000,241,664 | ---- | M] (Microsoft Corporation) [File_System | System | Running] -- C:\Windows\System32\drivers\rdbss.sys -- (rdbss)
DRV - [2009/07/13 19:14:26 | 000,115,712 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\system32\drivers\mrxdav.sys -- (MRxDAV)
DRV - [2009/07/13 19:14:22 | 000,069,632 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Running] -- C:\Windows\System32\drivers\bowser.sys -- (bowser)
DRV - [2009/07/13 19:14:17 | 000,078,336 | ---- | M] (Microsoft Corporation) [File_System | System | Running] -- C:\Windows\System32\drivers\dfsc.sys -- (DfsC)
DRV - [2009/07/13 19:14:09 | 000,246,784 | ---- | M] (Microsoft Corporation) [File_System | Disabled | Stopped] -- C:\Windows\System32\drivers\udfs.sys -- (udfs)
DRV - [2009/07/13 19:14:03 | 000,142,336 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\System32\drivers\exfat.sys -- (exfat)
DRV - [2009/07/13 19:14:02 | 000,148,480 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\System32\drivers\fastfat.sys -- (fastfat)
DRV - [2009/07/13 19:12:59 | 000,513,024 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\http.sys -- (HTTP)
DRV - [2009/07/13 19:12:38 | 000,338,944 | ---- | M] (Microsoft Corporation) [Kernel | System | Running] -- C:\Windows\system32\drivers\afd.sys -- (AFD)
DRV - [2009/07/13 19:12:21 | 000,187,904 | ---- | M] (Microsoft Corporation) [Kernel | System | Running] -- C:\Windows\System32\drivers\netbt.sys -- (NetBT)
DRV - [2009/07/13 19:12:11 | 000,074,240 | ---- | M] (Microsoft Corporation) [Kernel | System | Running] -- C:\Windows\System32\drivers\tdx.sys -- (tdx)
DRV - [2009/07/13 19:12:08 | 000,016,896 | ---- | M] (Microsoft Corporation) [Kernel | System | Running] -- C:\Windows\System32\drivers\nsiproxy.sys -- (nsiproxy)
DRV - [2009/07/13 19:11:32 | 000,035,328 | ---- | M] (Microsoft Corporation) [File_System | System | Running] -- C:\Windows\System32\drivers\npfs.sys -- (Npfs)
DRV - [2009/07/13 19:11:26 | 000,108,544 | ---- | M] (Microsoft Corporation) [Kernel | System | Running] -- C:\Windows\System32\drivers\cdrom.sys -- (cdrom)
DRV - [2009/07/13 19:11:26 | 000,022,528 | ---- | M] (Microsoft Corporation) [File_System | System | Running] -- C:\Windows\System32\drivers\msfs.sys -- (Msfs)
DRV - [2009/07/13 19:11:24 | 000,080,896 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\i8042prt.sys -- (i8042prt)
DRV - [2009/07/13 19:11:15 | 000,070,656 | ---- | M] (Microsoft Corporation) [File_System | Disabled | Stopped] -- C:\Windows\System32\drivers\cdfs.sys -- (cdfs)
DRV - [2009/07/13 19:11:12 | 000,004,608 | ---- | M] (Microsoft Corporation) [Kernel | System | Running] -- C:\Windows\System32\drivers\null.sys -- (Null)
DRV - [2009/07/13 19:11:04 | 000,055,296 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\amdk8.sys -- (AmdK8)
DRV - [2009/07/13 19:11:04 | 000,053,760 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\intelppm.sys -- (intelppm)
DRV - [2009/07/13 19:11:04 | 000,052,736 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\viac7.sys -- (ViaC7)
DRV - [2009/07/13 19:11:04 | 000,052,736 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\amdppm.sys -- (AmdPPM)
DRV - [2009/07/13 19:11:04 | 000,052,224 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\processr.sys -- (Processor)
DRV - [2009/07/13 18:54:14 | 000,026,624 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\drivers\hcw85cir.sys -- (hcw85cir)
DRV - [2009/07/13 18:53:33 | 000,012,160 | ---- | M] (Brother Industries Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\Drivers\BrUsbMdm.sys -- (BrUsbMdm)
DRV - [2009/07/13 18:53:33 | 000,011,904 | ---- | M] (Brother Industries Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\Drivers\BrUsbSer.sys -- (BrUsbSer)
DRV - [2009/07/13 18:53:32 | 000,062,336 | ---- | M] (Brother Industries Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\Drivers\BrSerWdm.sys -- (BrSerWdm)
DRV - [2009/07/13 18:53:28 | 000,013,568 | ---- | M] (Brother Industries, Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\BrFiltLo.sys -- (BrFiltLo)
DRV - [2009/07/13 18:53:28 | 000,005,248 | ---- | M] (Brother Industries, Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\BrFiltUp.sys -- (BrFiltUp)
DRV - [2009/07/13 18:13:46 | 000,980,992 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\VSTDPV3.SYS -- (SrvHsfV92)
DRV - [2009/07/13 18:13:45 | 000,661,504 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\VSTCNXT3.SYS -- (SrvHsfWinac)
DRV - [2009/07/13 18:13:45 | 000,207,360 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\VSTAZL3.SYS -- (SrvHsfHDA)
DRV - [2009/07/13 18:02:52 | 000,347,264 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\nvm62x32.sys -- (NVENETFD)
DRV - [2009/07/13 18:02:49 | 000,229,888 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\b57nd60x.sys -- (b57nd60x)
DRV - [2009/07/13 18:02:48 | 003,100,160 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\evbdx.sys -- (ebdrv)
DRV - [2009/07/13 18:02:48 | 000,430,080 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\bxvbdx.sys -- (b06bdrv)
DRV - [2009/07/13 16:50:20 | 000,020,480 | ---- | M] (Macrovision Corporation, Macrovision Europe Limited, and Macrovision Japan and Asia K.K.) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\secdrv.sys -- (secdrv)
DRV - [2009/07/08 00:45:32 | 002,506,232 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\BCMWL6.SYS -- (BCM43XX)
DRV - [2009/05/22 19:08:32 | 000,029,696 | ---- | M] (Elaborate Bytes AG) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\VClone.sys -- (VClone)
DRV - [2009/05/09 02:14:20 | 000,014,736 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\nuidfltr.sys -- (NuidFltr)
DRV - [2009/04/20 15:38:54 | 000,009,344 | ---- | M] (Hewlett-Packard Development Company, L.P.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\CPQBttn.sys -- (HBtnKey)
DRV - [2009/03/06 11:52:00 | 007,545,088 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\nvlddmkm.sys -- (nvlddmkm)
DRV - [2009/02/17 13:11:30 | 000,024,232 | ---- | M] (Elaborate Bytes AG) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\ElbyCDIO.sys -- (ElbyCDIO)
DRV - [2008/11/05 17:20:24 | 000,048,128 | ---- | M] (REDC) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\rimmptsk.sys -- (rimmptsk)
DRV - [2008/10/11 09:56:00 | 000,045,056 | ---- | M] (REDC) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\rimsptsk.sys -- (rimsptsk)
DRV - [2008/07/29 09:41:36 | 000,038,400 | ---- | M] (REDC) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\rixdptsk.sys -- (rismxdp)
DRV - [2008/03/28 05:06:00 | 000,199,472 | ---- | M] (Synaptics, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\SynTP.sys -- (SynTP)
DRV - [2008/03/03 08:10:44 | 000,182,272 | ---- | M] (Conexant Systems Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\CHDRT32.sys -- (CnxtHdAudService)
DRV - [2007/07/10 09:27:56 | 000,008,704 | ---- | M] (Conexant Systems, Inc.) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\XAudio.sys -- (XAudio)
DRV - [2007/06/20 06:29:56 | 000,984,064 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\HSX_DPV.sys -- (HSF_DPV)
DRV - [2007/06/20 06:28:34 | 000,208,896 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\HSXHWAZL.sys -- (HSXHWAZL)
DRV - [2007/06/20 06:28:22 | 000,660,480 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\HSX_CNXT.sys -- (winachsf)
DRV - [2006/12/26 08:54:35 | 000,034,760 | ---- | M] (SlySoft, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\ElbyCDFL.sys -- (ElbyCDFL)
DRV - [2006/06/18 18:26:58 | 000,012,672 | ---- | M] (Conexant) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\mdmxsdk.sys -- (mdmxsdk)
DRV - [2002/10/01 14:43:32 | 000,119,798 | ---- | M] (SP) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\spca561.sys -- (CA561) ICatch (VI)


========== Standard Registry (All) ==========


========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL = [binary data]
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Extensions Off Page = about:NoAdd-ons
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\System32\blank.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Security Risk Page = about:SecurityRisk
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,CustomizeSearch = http://ie.search.msn.com/{SUB_RFC1766}/srchasst/srchcust.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = http://ie.search.msn.com/{SUB_RFC1766}/srchasst/srchasst.htm

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\system32\blank.htm
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft.com/isapi/redir.dll?p...amp;ar=iesearch
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = en-us
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = B0 65 21 9E 17 F6 CA 01 [binary data]
IE - HKCU\..\URLSearchHook: {CFBFAE00-17A6-11D0-99CB-00C04FD64497} - C:\Windows\System32\ieframe.dll (Microsoft Corporation)
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

========== FireFox ==========

FF - prefs.js..browser.search.selectedEngine: "LL - Search Links"
FF - prefs.js..browser.search.useDBForOrder: true
FF - prefs.js..extensions.enabledItems: {d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}:1.2.1
FF - prefs.js..extensions.enabledItems: {D4DD63FA-01E4-46a7-B6B1-EDAB7D6AD389}:0.9.7
FF - prefs.js..extensions.enabledItems: {19503e42-ca3c-4c27-b1e2-9cdb2170ee34}:1.2.1.29
FF - prefs.js..extensions.enabledItems: {e4a8a97b-f2ed-450b-b12d-ee082ba24781}:0.8.20100408.6
FF - prefs.js..extensions.enabledItems: afom@idevfh:2.0
FF - prefs.js..extensions.enabledItems: {AB2CE124-6272-4b12-94A9-7303C7397BD1}:4.2.0.5198
FF - prefs.js..extensions.enabledItems: {972ce4c6-7e08-4474-a285-3208198ce6fd}:3.6.8

FF - HKLM\software\mozilla\Mozilla Firefox 3.6.8\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2010/08/02 04:50:10 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.6.8\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2010/07/24 16:04:51 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Thunderbird\Extensions\\eplgTb@eset.com: C:\Program Files\ESET\ESET NOD32 Antivirus\Mozilla Thunderbird [2010/07/14 22:55:01 | 000,000,000 | ---D | M]

[2009/09/12 16:16:08 | 000,000,000 | ---D | M] -- C:\Users\Sam\AppData\Roaming\Mozilla\Extensions
[2009/09/12 16:16:08 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Sam\AppData\Roaming\Mozilla\Extensions\{ec8030f7-c20a-464f-9b0e-13a3a9e97384}
[2010/08/08 18:58:38 | 000,000,000 | ---D | M] -- C:\Users\Sam\AppData\Roaming\Mozilla\Firefox\Profiles\97axlzq1.default\extensions
[2010/08/03 01:34:44 | 000,000,000 | ---D | M] (FlashGot) -- C:\Users\Sam\AppData\Roaming\Mozilla\Firefox\Profiles\97axlzq1.default\extensions\{19503e42-ca3c-4c27-b1e2-9cdb2170ee34}
[2010/07/22 15:14:37 | 000,000,000 | ---D | M] (Adblock Plus) -- C:\Users\Sam\AppData\Roaming\Mozilla\Firefox\Profiles\97axlzq1.default\extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}
[2010/07/22 15:14:37 | 000,000,000 | ---D | M] (Download Statusbar) -- C:\Users\Sam\AppData\Roaming\Mozilla\Firefox\Profiles\97axlzq1.default\extensions\{D4DD63FA-01E4-46a7-B6B1-EDAB7D6AD389}
[2010/05/02 23:24:51 | 000,000,000 | ---D | M] (Greasemonkey) -- C:\Users\Sam\AppData\Roaming\Mozilla\Firefox\Profiles\97axlzq1.default\extensions\{e4a8a97b-f2ed-450b-b12d-ee082ba24781}
[2010/07/02 19:29:51 | 000,000,000 | ---D | M] -- C:\Users\Sam\AppData\Roaming\Mozilla\Firefox\Profiles\97axlzq1.default\extensions\afom@idevfh
[2010/08/09 01:08:39 | 000,002,356 | ---- | M] () -- C:\Users\Sam\AppData\Roaming\Mozilla\Firefox\Profiles\97axlzq1.default\searchplugins\eti---search-links.xml
[2010/08/09 01:08:39 | 000,001,945 | ---- | M] () -- C:\Users\Sam\AppData\Roaming\Mozilla\Firefox\Profiles\97axlzq1.default\searchplugins\ninjavideo.xml
[2009/09/25 23:21:30 | 000,001,720 | ---- | M] () -- C:\Users\Sam\AppData\Roaming\Mozilla\Firefox\Profiles\97axlzq1.default\searchplugins\youtube-video-search.xml
[2010/08/08 18:58:38 | 000,000,000 | ---D | M] -- C:\Program Files\Mozilla Firefox\extensions
[2010/07/24 16:04:51 | 000,000,000 | ---D | M] (Default) -- C:\Program Files\Mozilla Firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
[2010/07/21 17:53:35 | 000,000,000 | ---D | M] (Skype extension for Firefox) -- C:\Program Files\Mozilla Firefox\extensions\{AB2CE124-6272-4b12-94A9-7303C7397BD1}
[2010/07/24 16:04:47 | 000,023,512 | ---- | M] (Mozilla Foundation) -- C:\Program Files\Mozilla Firefox\components\browserdirprovider.dll
[2010/07/24 16:04:47 | 000,138,712 | ---- | M] (Mozilla Foundation) -- C:\Program Files\Mozilla Firefox\components\brwsrcmp.dll
[2009/05/01 17:02:48 | 001,044,480 | ---- | M] (The OpenSSL Project, http://www.openssl.org/) -- C:\Program Files\Mozilla Firefox\plugins\libdivx.dll
[2009/05/12 14:46:20 | 001,650,992 | ---- | M] (DivX,Inc.) -- C:\Program Files\Mozilla Firefox\plugins\npdivx32.dll
[2010/07/24 16:04:49 | 000,064,984 | ---- | M] (mozilla.org) -- C:\Program Files\Mozilla Firefox\plugins\npnul32.dll
[2010/06/19 15:34:11 | 000,103,864 | ---- | M] (Adobe Systems Inc.) -- C:\Program Files\Mozilla Firefox\plugins\nppdf32.dll
[2009/05/01 17:02:48 | 000,200,704 | ---- | M] (The OpenSSL Project, http://www.openssl.org/) -- C:\Program Files\Mozilla Firefox\plugins\ssldivx.dll
[2010/01/15 20:13:03 | 000,001,394 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\amazondotcom.xml
[2010/01/15 20:13:03 | 000,002,193 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\answers.xml
[2010/01/15 20:13:03 | 000,001,534 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\creativecommons.xml
[2010/01/15 20:13:03 | 000,002,344 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\eBay.xml
[2010/01/15 20:13:03 | 000,002,371 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\google.xml
[2010/01/15 20:13:03 | 000,001,178 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\wikipedia.xml
[2010/01/15 20:13:03 | 000,001,096 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\yahoo.xml

O1 HOSTS File: ([2010/08/09 17:25:23 | 000,000,027 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O2 - BHO: (Adobe PDF Link Helper) - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll (Adobe Systems Incorporated)
O2 - BHO: (Digsby Donates) - {998A3C0C-8914-4D2A-AE36-BFA2E5AE6D5D} - C:\Program Files\Digsby Donates\ShoppingBHO.dll (Freecause Inc.)
O2 - BHO: (Java™ Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll (Sun Microsystems, Inc.)
O4 - HKLM..\Run: [Adobe ARM] C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe (Adobe Systems Incorporated)
O4 - HKLM..\Run: [Adobe Reader Speed Launcher] C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe (Adobe Systems Incorporated)
O4 - HKLM..\Run: [egui] C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe (ESET)
O4 - HKLM..\Run: [LWS] C:\Program Files\Logitech\LWS\Webcam Software\LWS.exe (Logitech Inc.)
O4 - HKLM..\Run: [NvCplDaemon] C:\Windows\System32\NvCpl.DLL (NVIDIA Corporation)
O4 - HKLM..\Run: [NvMediaCenter] C:\Windows\System32\NvMcTray.DLL (NVIDIA Corporation)
O4 - HKLM..\Run: [tipresxSystem] C:\Program Files\Common Files\microsoft shared\ink\pl-PL\operacyjnytipresx.exe ()
O4 - HKCU..\Run: [RESTART_STICKY_NOTES] C:\Windows\System32\StikyNot.exe (Microsoft Corporation)
O4 - Startup: C:\Users\Sam\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Digsby.lnk = C:\Program Files\Digsby\digsby.exe ()
O4 - Startup: C:\Users\Sam\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\JDownloader.exe.lnk = C:\Users\Sam\Downloads\JDownloader 0.8.9\JDownloader.exe (AppWork UG (haftungsbeschränkt))
O4 - Startup: C:\Users\Sam\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\RivaTuner.lnk = C:\Program Files\RivaTuner v2.24 MSI Master Overclocking Arena 2009 edition\RivaTunerWrapper.exe File not found
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableInstallerDetection = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLUA = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableSecureUIAPaths = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableUIADesktopToggle = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableVirtualization = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: PromptOnSecureDesktop = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ValidateAdminCodeSignatures = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: dontdisplaylastusername = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: legalnoticecaption =
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: legalnoticetext =
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: scforceoption = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: shutdownwithoutlogon = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: undockwithoutlogon = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: FilterAdministratorToken = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: DisableRegistryTools = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats: CF_TEXT = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats: CF_BITMAP = 2
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats: CF_OEMTEXT = 7
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats: CF_DIB = 8
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats: CF_PALETTE = 9
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats: CF_UNICODETEXT = 13
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats: CF_DIBV5 = 17
O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O9 - Extra 'Tools' menuitem : Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre6\bin\ssv.dll (Sun Microsystems, Inc.)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000001 [] - C:\Windows\System32\nlaapi.dll (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000002 [] - C:\Windows\System32\mswsock.dll (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000003 [] - C:\Windows\System32\winrnr.dll (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000004 [] - C:\Windows\System32\NapiNSP.dll (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000005 [] - C:\Windows\System32\pnrpnsp.dll (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000006 [] - C:\Windows\System32\pnrpnsp.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000001 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000002 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000003 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000004 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000005 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000006 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000007 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000008 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000009 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000010 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000011 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000012 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000013 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000014 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000015 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000016 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000017 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000018 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000019 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000020 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000021 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000022 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000023 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000024 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000025 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000026 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000027 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000028 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Java Plug-in 1.6.0_13)
O16 - DPF: {CAFEEFAC-0016-0000-0013-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Java Plug-in 1.6.0_13)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Java Plug-in 1.6.0_13)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://fpdownload2.macromedia.com/get/shoc...ash/swflash.cab (Shockwave Flash Object)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 68.87.71.230 68.87.73.246
O18 - Protocol\Handler\about {3050F406-98B5-11CF-BB82-00AA00BDCE0B} - C:\Windows\System32\mshtml.dll (Microsoft Corporation)
O18 - Protocol\Handler\cdl {3dd53d40-7b8b-11D0-b013-00aa0059ce02} - C:\Windows\System32\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Handler\dvd {12D51199-0DB5-46FE-A120-47A3D7D937CC} - C:\Windows\System32\MSVidCtl.dll (Microsoft Corporation)
O18 - Protocol\Handler\file {79eac9e7-baf9-11ce-8c82-00aa004ba90b} - C:\Windows\System32\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Handler\ftp {79eac9e3-baf9-11ce-8c82-00aa004ba90b} - C:\Windows\System32\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Handler\gopher {79eac9e4-baf9-11ce-8c82-00aa004ba90b} - C:\Windows\System32\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Handler\http {79eac9e2-baf9-11ce-8c82-00aa004ba90b} - C:\Windows\System32\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Handler\https {79eac9e5-baf9-11ce-8c82-00aa004ba90b} - C:\Windows\System32\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Handler\its {9D148291-B9C8-11D0-A4CC-0000F80149F6} - C:\Windows\System32\itss.dll (Microsoft Corporation)
O18 - Protocol\Handler\javascript {3050F3B2-98B5-11CF-BB82-00AA00BDCE0B} - C:\Windows\System32\mshtml.dll (Microsoft Corporation)
O18 - Protocol\Handler\local {79eac9e7-baf9-11ce-8c82-00aa004ba90b} - C:\Windows\System32\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Handler\mailto {3050f3DA-98B5-11CF-BB82-00AA00BDCE0B} - C:\Windows\System32\mshtml.dll (Microsoft Corporation)
O18 - Protocol\Handler\mhtml {05300401-BCBC-11d0-85E3-00C04FD85AB4} - C:\Windows\System32\inetcomm.dll (Microsoft Corporation)
O18 - Protocol\Handler\mk {79eac9e6-baf9-11ce-8c82-00aa004ba90b} - C:\Windows\System32\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Handler\ms-its {9D148291-B9C8-11D0-A4CC-0000F80149F6} - C:\Windows\System32\itss.dll (Microsoft Corporation)
O18 - Protocol\Handler\res {3050F3BC-98B5-11CF-BB82-00AA00BDCE0B} - C:\Windows\System32\mshtml.dll (Microsoft Corporation)
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O18 - Protocol\Handler\tv {CBD30858-AF45-11D2-B6D6-00C04FBBDE6E} - C:\Windows\System32\MSVidCtl.dll (Microsoft Corporation)
O18 - Protocol\Handler\vbscript {3050F3B2-98B5-11CF-BB82-00AA00BDCE0B} - C:\Windows\System32\mshtml.dll (Microsoft Corporation)
O18 - Protocol\Filter\application/octet-stream {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - C:\Windows\System32\mscoree.dll (Microsoft Corporation)
O18 - Protocol\Filter\application/x-complus {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - C:\Windows\System32\mscoree.dll (Microsoft Corporation)
O18 - Protocol\Filter\application/x-msdownload {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - C:\Windows\System32\mscoree.dll (Microsoft Corporation)
O18 - Protocol\Filter\deflate {8f6b0360-b80d-11d0-a9b3-006097942311} - C:\Windows\System32\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Filter\gzip {8f6b0360-b80d-11d0-a9b3-006097942311} - C:\Windows\System32\urlmon.dll (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\System32\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\System32\SystemPropertiesPerformance.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (/pagefile) - File not found
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - C:\Windows\System32\webcheck.dll (Microsoft Corporation)
O28 - HKLM ShellExecuteHooks: {AEB6717E-7E19-11d0-97EE-00C04FD91972} - Reg Error: Key error. File not found
O29 - HKLM SecurityProviders - (credssp.dll) - C:\Windows\System32\credssp.dll (Microsoft Corporation)
O30 - LSA: Authentication Packages - (msv1_0) - C:\Windows\System32\msv1_0.dll (Microsoft Corporation)
O30 - LSA: Security Packages - (kerberos) - C:\Windows\System32\kerberos.dll (Microsoft Corporation)
O30 - LSA: Security Packages - (msv1_0) - C:\Windows\System32\msv1_0.dll (Microsoft Corporation)
O30 - LSA: Security Packages - (schannel) - C:\Windows\System32\schannel.dll (Microsoft Corporation)
O30 - LSA: Security Packages - (wdigest) - C:\Windows\System32\wdigest.dll (Microsoft Corporation)
O30 - LSA: Security Packages - (tspkg) - C:\Windows\System32\tspkg.dll (Microsoft Corporation)
O30 - LSA: Security Packages - (pku2u) - C:\Windows\System32\pku2u.dll (Microsoft Corporation)
O31 - SafeBoot: AlternateShell - cmd.exe
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2009/06/10 17:42:20 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O32 - AutoRun File - [2005/09/11 11:18:54 | 000,000,340 | -HS- | M] () - D:\AUTOMODE -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = ComFile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

========== Files/Folders - Created Within 30 Days ==========

[2010/08/09 17:29:23 | 000,000,000 | -HSD | C] -- C:\$RECYCLE.BIN
[2010/08/09 17:14:10 | 000,212,480 | ---- | C] (SteelWerX) -- C:\Windows\SWXCACLS.exe
[2010/08/09 17:14:08 | 000,000,000 | ---D | C] -- C:\32788R22FWJFW
[2010/08/09 17:12:39 | 000,574,976 | ---- | C] (OldTimer Tools) -- C:\Users\Sam\Desktop\OTL.exe
[2010/08/07 23:47:25 | 000,161,792 | ---- | C] (SteelWerX) -- C:\Windows\SWREG.exe
[2010/08/07 23:47:25 | 000,136,704 | ---- | C] (SteelWerX) -- C:\Windows\SWSC.exe
[2010/08/07 23:47:25 | 000,031,232 | ---- | C] (NirSoft) -- C:\Windows\NIRCMD.exe
[2010/08/07 23:47:19 | 000,000,000 | ---D | C] -- C:\Windows\ERDNT
[2010/08/07 23:46:53 | 000,000,000 | ---D | C] -- C:\Qoobox
[2010/08/07 22:39:36 | 000,000,000 | ---D | C] -- C:\Users\Sam\AppData\Roaming\Malwarebytes
[2010/08/07 22:39:28 | 000,038,224 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbamswissarmy.sys
[2010/08/07 22:39:27 | 000,020,952 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbam.sys
[2010/08/07 22:39:27 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes
[2010/08/07 22:39:26 | 000,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware
[2010/08/02 04:25:40 | 000,000,000 | ---D | C] -- C:\Users\Sam\Documents\StarCraft II
[2010/08/02 04:25:40 | 000,000,000 | ---D | C] -- C:\Program Files\StarCraft II
[2010/08/02 04:25:40 | 000,000,000 | ---D | C] -- C:\ProgramData\Blizzard Entertainment
[2010/08/02 04:25:40 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Blizzard Entertainment
[2010/07/28 19:45:58 | 000,142,416 | ---- | C] (NVIDIA Corporation) -- C:\Windows\System32\drivers\yqadxupj.sys
[2010/07/28 06:41:05 | 000,000,000 | ---D | C] -- C:\Windows\System32\MpEngineStore
[2010/07/28 06:13:26 | 001,108,512 | ---- | C] (NVIDIA Corporation) -- C:\Windows\System32\nvcpluir.dll
[2010/07/28 06:13:26 | 000,797,216 | ---- | C] (NVIDIA Corporation) -- C:\Windows\System32\nvcplui.exe
[2010/07/28 06:13:25 | 000,420,384 | ---- | C] (NVIDIA Corporation) -- C:\Windows\System32\nvcpl.cpl
[2010/07/28 06:06:09 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft.NET
[2010/07/28 05:52:38 | 000,453,152 | ---- | C] (NVIDIA Corporation) -- C:\Windows\System32\NVUNINST.EXE
[2010/07/28 04:25:58 | 000,000,000 | ---D | C] -- C:\6c27a364b56f68833a31841522
[2010/07/28 04:25:31 | 000,000,000 | ---D | C] -- C:\SwSetup
[2010/07/27 14:46:26 | 000,000,000 | ---D | C] -- C:\Users\Sam\AppData\Local\Apps
[2010/07/21 17:27:51 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Skype
[2010/07/14 23:28:59 | 000,000,000 | ---D | C] -- C:\Users\Sam\AppData\Local\ESET
[2010/07/14 22:54:58 | 000,000,000 | ---D | C] -- C:\ProgramData\ESET
[2010/07/14 22:54:58 | 000,000,000 | ---D | C] -- C:\Program Files\ESET

========== Files - Modified Within 30 Days ==========

[2010/08/09 17:31:38 | 002,359,296 | -HS- | M] () -- C:\Users\Sam\NTUSER.DAT
[2010/08/09 17:25:29 | 000,000,215 | ---- | M] () -- C:\Windows\system.ini
[2010/08/09 17:25:23 | 000,000,027 | ---- | M] () -- C:\Windows\System32\drivers\etc\hosts
[2010/08/09 17:12:54 | 000,574,976 | ---- | M] (OldTimer Tools) -- C:\Users\Sam\Desktop\OTL.exe
[2010/08/09 17:10:11 | 000,000,886 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2010/08/09 17:10:10 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2010/08/08 20:56:00 | 000,000,882 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2010/08/08 00:01:40 | 000,000,006 | -H-- | M] () -- C:\Windows\tasks\SA.DAT
[2010/08/08 00:01:24 | 2112,835,584 | -HS- | M] () -- C:\hiberfil.sys
[2010/08/07 23:37:27 | 003,816,812 | R--- | M] () -- C:\Users\Sam\Desktop\ComboFix.exe
[2010/08/07 23:34:20 | 008,381,016 | ---- | M] () -- C:\Windows\System32\PerfStringBackup.INI
[2010/08/07 23:34:20 | 000,702,600 | ---- | M] () -- C:\Windows\System32\perfh00C.dat
[2010/08/07 23:34:20 | 000,701,624 | ---- | M] () -- C:\Windows\System32\perfh00A.dat
[2010/08/07 23:34:20 | 000,697,278 | ---- | M] () -- C:\Windows\System32\perfh010.dat
[2010/08/07 23:34:20 | 000,684,128 | ---- | M] () -- C:\Windows\System32\perfh019.dat
[2010/08/07 23:34:20 | 000,652,006 | ---- | M] () -- C:\Windows\System32\perfh007.dat
[2010/08/07 23:34:20 | 000,624,178 | ---- | M] () -- C:\Windows\System32\perfh009.dat
[2010/08/07 23:34:20 | 000,559,940 | ---- | M] () -- C:\Windows\System32\perfh008.dat
[2010/08/07 23:34:20 | 000,456,756 | ---- | M] () -- C:\Windows\System32\perfh014.dat
[2010/08/07 23:34:20 | 000,442,656 | ---- | M] () -- C:\Windows\System32\perfh001.dat
[2010/08/07 23:34:20 | 000,407,906 | ---- | M] () -- C:\Windows\System32\perfh012.dat
[2010/08/07 23:34:20 | 000,396,688 | ---- | M] () -- C:\Windows\System32\perfh011.dat
[2010/08/07 23:34:20 | 000,386,040 | ---- | M] () -- C:\Windows\System32\prfh0404.dat
[2010/08/07 23:34:20 | 000,369,938 | ---- | M] () -- C:\Windows\System32\prfh0804.dat
[2010/08/07 23:34:20 | 000,137,196 | ---- | M] () -- C:\Windows\System32\perfc00A.dat
[2010/08/07 23:34:20 | 000,132,650 | ---- | M] () -- C:\Windows\System32\perfc019.dat
[2010/08/07 23:34:20 | 000,130,274 | ---- | M] () -- C:\Windows\System32\perfc00C.dat
[2010/08/07 23:34:20 | 000,129,674 | ---- | M] () -- C:\Windows\System32\perfc007.dat
[2010/08/07 23:34:20 | 000,127,278 | ---- | M] () -- C:\Windows\System32\perfc010.dat
[2010/08/07 23:34:20 | 000,106,522 | ---- | M] () -- C:\Windows\System32\perfc011.dat
[2010/08/07 23:34:20 | 000,106,522 | ---- | M] () -- C:\Windows\System32\perfc009.dat
[2010/08/07 23:34:20 | 000,104,810 | ---- | M] () -- C:\Windows\System32\perfc012.dat
[2010/08/07 23:34:20 | 000,104,382 | ---- | M] () -- C:\Windows\System32\prfc0804.dat
[2010/08/07 23:34:20 | 000,099,468 | ---- | M] () -- C:\Windows\System32\prfc0404.dat
[2010/08/07 23:34:20 | 000,089,570 | ---- | M] () -- C:\Windows\System32\perfc008.dat
[2010/08/07 23:34:20 | 000,079,118 | ---- | M] () -- C:\Windows\System32\perfc001.dat
[2010/08/07 23:34:20 | 000,077,230 | ---- | M] () -- C:\Windows\System32\perfc014.dat
[2010/08/07 23:25:13 | 001,143,604 | -H-- | M] () -- C:\Users\Sam\AppData\Local\IconCache.db
[2010/08/07 19:04:16 | 000,142,416 | ---- | M] (NVIDIA Corporation) -- C:\Windows\System32\drivers\nvstor.sys
[2010/08/07 18:56:07 | 000,000,000 | -H-- | M] () -- C:\Windows\System32\drivers\Msft_User_WpdFs_01_09_00.Wdf
[2010/08/07 17:25:23 | 000,211,806 | ---- | M] () -- C:\Users\Sam\Desktop\WER-72134-0.sysdata.xml
[2010/08/07 17:20:07 | 000,142,864 | ---- | M] () -- C:\Users\Sam\Desktop\080710-41823-01.dmp
[2010/08/07 16:46:43 | 000,000,000 | ---- | M] () -- C:\Users\Sam\defogger_reenable
[2010/08/07 16:45:37 | 000,525,824 | ---- | M] () -- C:\Users\Sam\Desktop\dds.scr
[2010/08/03 12:02:00 | 000,001,380 | ---- | M] () -- C:\Users\Sam\Desktop\StarCraft II.exe - Shortcut.lnk
[2010/08/02 16:54:59 | 000,032,160 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2010/08/02 16:54:57 | 000,032,160 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2010/07/31 20:10:07 | 000,001,269 | ---- | M] () -- C:\Users\Sam\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\RivaTuner.lnk
[2010/07/28 19:45:58 | 000,142,416 | ---- | M] (NVIDIA Corporation) -- C:\Windows\System32\drivers\yqadxupj.sys
[2010/07/28 06:17:21 | 000,000,174 | ---- | M] () -- C:\Windows\System32\MRT.INI
[2010/07/27 01:07:16 | 000,000,943 | ---- | M] () -- C:\Users\Public\Desktop\MediaMonkey.lnk
[2010/07/18 23:36:04 | 000,000,878 | ---- | M] () -- C:\Users\Sam\AppData\Roaming\coreavc.ini
[2010/07/18 18:58:26 | 000,001,355 | ---- | M] () -- C:\Users\Sam\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\JDownloader.exe.lnk
[2010/07/14 23:15:41 | 000,001,984 | ---- | M] () -- C:\Users\Public\Desktop\Adobe Reader 9.lnk
[2010/07/14 22:14:37 | 000,119,024 | ---- | M] () -- C:\Users\Sam\AppData\Local\GDIPFONTCACHEV1.DAT
[2010/07/14 17:15:50 | 000,208,144 | -H-- | M] () -- C:\Windows\System32\mlfcache.dat
[2010/07/11 21:09:17 | 000,446,152 | ---- | M] () -- C:\Windows\System32\FNTCACHE.DAT
[2010/07/10 18:22:14 | 000,000,554 | ---- | M] () -- C:\Windows\win.ini

========== Files Created - No Company Name ==========

[2010/08/07 23:47:25 | 000,256,512 | ---- | C] () -- C:\Windows\PEV.exe
[2010/08/07 23:47:25 | 000,098,816 | ---- | C] () -- C:\Windows\sed.exe
[2010/08/07 23:47:25 | 000,080,412 | ---- | C] () -- C:\Windows\grep.exe
[2010/08/07 23:47:25 | 000,077,312 | ---- | C] () -- C:\Windows\MBR.exe
[2010/08/07 23:47:25 | 000,068,096 | ---- | C] () -- C:\Windows\zip.exe
[2010/08/07 23:36:21 | 003,816,812 | R--- | C] () -- C:\Users\Sam\Desktop\ComboFix.exe
[2010/08/07 18:56:07 | 000,000,000 | -H-- | C] () -- C:\Windows\System32\drivers\Msft_User_WpdFs_01_09_00.Wdf
[2010/08/07 17:25:23 | 000,211,806 | ---- | C] () -- C:\Users\Sam\Desktop\WER-72134-0.sysdata.xml
[2010/08/07 17:24:46 | 000,142,864 | ---- | C] () -- C:\Users\Sam\Desktop\080710-41823-01.dmp
[2010/08/07 16:49:41 | 000,293,376 | ---- | C] () -- C:\Users\Sam\Desktop\gmer.exe
[2010/08/07 16:46:43 | 000,000,000 | ---- | C] () -- C:\Users\Sam\defogger_reenable
[2010/08/07 16:44:57 | 000,525,824 | ---- | C] () -- C:\Users\Sam\Desktop\dds.scr
[2010/08/03 12:02:00 | 000,001,380 | ---- | C] () -- C:\Users\Sam\Desktop\StarCraft II.exe - Shortcut.lnk
[2010/07/28 06:17:21 | 000,000,174 | ---- | C] () -- C:\Windows\System32\MRT.INI
[2010/07/28 03:56:47 | 000,001,269 | ---- | C] () -- C:\Users\Sam\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\RivaTuner.lnk
[2010/07/27 01:07:16 | 000,000,943 | ---- | C] () -- C:\Users\Public\Desktop\MediaMonkey.lnk
[2010/07/18 18:58:26 | 000,001,355 | ---- | C] () -- C:\Users\Sam\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\JDownloader.exe.lnk
[2010/06/20 22:31:47 | 000,014,385 | ---- | C] () -- C:\Windows\Tw561a.ini
[2010/06/20 22:31:47 | 000,000,081 | ---- | C] () -- C:\Windows\Setup8a.ini
[2010/05/14 21:56:06 | 010,830,680 | ---- | C] () -- C:\Windows\System32\LogiDPP.dll
[2010/05/14 21:55:58 | 000,290,648 | ---- | C] () -- C:\Windows\System32\DevManagerCore.dll
[2010/05/14 21:47:00 | 000,090,071 | ---- | C] () -- C:\Windows\System32\lvcoinst.ini
[2010/05/07 18:46:36 | 000,014,168 | ---- | C] () -- C:\Windows\System32\drivers\iKeyLFT2.dll
[2010/05/07 18:43:30 | 000,025,824 | ---- | C] () -- C:\Windows\System32\drivers\LVPr2Mon.sys
[2009/10/20 14:19:30 | 000,053,299 | ---- | C] () -- C:\Windows\System32\pthreadVC.dll
[2009/09/20 06:11:42 | 000,122,368 | ---- | C] () -- C:\Windows\lua5.1.dll
[2009/07/13 19:51:43 | 000,073,728 | ---- | C] () -- C:\Windows\System32\BthpanContextHandler.dll
[2009/07/13 19:42:10 | 000,064,000 | ---- | C] () -- C:\Windows\System32\BWContextHandler.dll
[2009/07/13 03:04:28 | 009,277,440 | ---- | C] () -- C:\Windows\avcodec-52.dll
[2009/07/13 03:04:28 | 000,751,104 | ---- | C] () -- C:\Windows\avformat-52.dll
[2009/07/13 03:04:28 | 000,218,624 | ---- | C] () -- C:\Windows\swscale-0.dll
[2009/07/13 03:04:28 | 000,070,144 | ---- | C] () -- C:\Windows\avutil-50.dll
[2006/03/09 19:58:00 | 001,060,424 | ---- | C] () -- C:\Windows\System32\WdfCoInstaller01000.dll
[2004/02/20 16:36:34 | 000,416,256 | ---- | C] () -- C:\Windows\exchndl.dll

========== Custom Scans ==========



< MD5 for: USER32.DLL >
[2009/07/13 21:16:17 | 000,811,520 | ---- | M] (Microsoft Corporation) MD5=34B7E222E81FAFA885F0C5F2CFA56861 -- C:\Windows\winsxs\x86_microsoft-windows-user32_31bf3856ad364e35_6.1.7600.16385_none_cd0ec264ceb014a3\user32.dll
[2010/03/14 03:23:21 | 000,811,520 | ---- | M] (Microsoft Corporation) MD5=7BD7F45FF37FA0669CD32CA0EF46E22C -- C:\Windows\System32\user32.dll
< End of report >

OTL Extras logfile created on: 8/9/2010 5:30:59 PM - Run 1
OTL by OldTimer - Version 3.2.9.1 Folder = C:\Users\Sam\Desktop
Ultimate Edition (Version = 6.1.7600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.7600.16385)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

3.00 Gb Total Physical Memory | 1.00 Gb Available Physical Memory | 52.00% Memory free
5.00 Gb Paging File | 4.00 Gb Available in Paging File | 78.00% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 140.87 Gb Total Space | 12.45 Gb Free Space | 8.84% Space Free | Partition Type: NTFS
Drive D: | 8.17 Gb Total Space | 1.73 Gb Free Space | 21.21% Space Free | Partition Type: NTFS
E: Drive not present or media not loaded
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded

Computer Name: SAM-LAPTOP
Current User Name: Sam
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: Current user
Company Name Whitelist: Off
Skip Microsoft Files: Off
File Age = 30 Days
Output = Standard

========== Extra Registry (SafeList) ==========


========== File Associations ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\System32\control.exe (Microsoft Corporation)
.hlp [@ = hlpfile] -- C:\Windows\winhlp32.exe (Microsoft Corporation)

[HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation)

========== Shell Spawning ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
hlpfile [open] -- %SystemRoot%\winhlp32.exe %1 (Microsoft Corporation)
htmlfile [edit] -- Reg Error: Key error.
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l (Microsoft Corporation)
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [AddToPlaylistVLC] -- "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" ()
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [MediaMonkey.1Play] -- "C:\Program Files\MediaMonkey\MediaMonkey.exe" "%1" (Ventis Media Inc.)
Directory [MediaMonkey.2PlayNext] -- "C:\Program Files\MediaMonkey\MediaMonkey.exe" /NEXT "%1" (Ventis Media Inc.)
Directory [MediaMonkey.3Enqueue] -- "C:\Program Files\MediaMonkey\MediaMonkey.exe" /ADD "%1" (Ventis Media Inc.)
Directory [PlayWithVLC] -- "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" ()
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

========== Security Center Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1
"FirewallDisableNotify" = 0
"AntiVirusDisableNotify" = 0
"UpdatesDisableNotify" = 0

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"VistaSp1" = Reg Error: Unknown registry data type -- File not found
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]

========== Authorized Applications List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]


========== HKEY_LOCAL_MACHINE Uninstall List ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{048298C9-A4D3-490B-9FF9-AB023A9238F3}" = Steam
"{0791A9FF-ED33-4BC0-9D5C-8B615D65C619}" = ESET NOD32 Antivirus
"{08610298-29AE-445B-B37D-EFBE05802967}" = LWS Pictures And Video
"{0C34B801-6AEC-4667-B053-03A67E2D0415}" = Apple Application Support
"{0F367CA3-3B2F-43F9-A44A-25A8EE69E45D}" = Scan
"{138A4072-9E64-46BD-B5F9-DB2BB395391F}" = LWS VideoEffects
"{15634701-BACE-4449-8B25-1567DA8C9FD3}" = CameraHelperMsi
"{1651216E-E7AD-4250-92A1-FB8ED61391C9}" = LWS Help_main
"{1DAFF305-A88A-40AC-A882-EB2C6F53AF94}" = League of Legends
"{203F2870-8644-4972-9E14-9E191A6C09C0}" = Solium Infernum
"{21DF0294-6B9D-4741-AB6F-B2ABFBD2387E}" = LWS YouTube Plugin
"{26A24AE4-039D-4CA4-87B4-2F83216013FF}" = Java™ 6 Update 13
"{287ECFA4-719A-2143-A09B-D6A12DE54E40}" = Acrobat.com
"{3C3901C5-3455-3E0A-A214-0B093A5070A6}" = Microsoft .NET Framework 4 Client Profile
"{3EE9BCAE-E9A9-45E5-9B1C-83A4D357E05C}" = erLT
"{6956856F-B6B3-4BE0-BA0B-8F495BE32033}" = Apple Software Update
"{6BBA26E9-AB03-4FE7-831A-3535584CA002}" = Toolbox
"{6F76EC3C-34B1-436E-97FB-48C58D7BEDCD}" = LWS Gallery
"{71E66D3F-A009-44AB-8784-75E2819BA4BA}" = LWS Motion Detection
"{767CC44C-9BBC-438D-BAD3-FD4595DD148B}" = VC80CRTRedist - 8.0.50727.762
"{83C8FA3C-F4EA-46C4-8392-D3CE353738D6}" = LWS Launcher
"{8937D274-C281-42E4-8CDB-A0B2DF979189}" = LWS Webcam Software
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{92127AF5-FDD8-4ADF-BC40-C356C9EE0B7D}" = 32 Bit HP CIO Components Installer
"{981029E0-7FC9-4CF3-AB39-6F133621921A}" = Skype Toolbars
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{9DAEA76B-E50F-4272-A595-0124E826553D}" = LWS WLM Plugin
"{A088AF9D-0B94-4C33-B327-E5B494CE810B}" = PS_AIO_05_C309_Software_Min
"{A2BCA9F1-566C-4805-97D1-7FDC93386723}" = Adobe AIR
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{A9B54408-EF50-4821-B8A2-F597A657112A}" = HP Photosmart C309a All-In-One Driver 13.0 Rel .5
"{AC76BA86-7AD7-1033-7B44-A93000000001}" = Adobe Reader 9.3.3
"{B2455727-ED8F-4643-8A6E-F4AB8DE3633D}" = Network
"{B7050CBDB2504B34BC2A9CA0A692CC29}" = DivX Web Player
"{D103C4BA-F905-437A-8049-DB24763BBE36}" = Skype™ 4.2
"{D40EB009-0499-459c-A8AF-C9C110766215}" = Logitech Webcam Software
"{EED027B7-0DB6-404B-8F45-6DFEE34A0441}" = LWS Video Mask Maker
"{F1CBC6F7-D82D-4DC5-B81C-9A14F418593A}_is1" = WC3Banlist
"{F48C6EA5-3B43-11D6-86A6-0050BA0259A2}" = Philips PC Camera
"{FF167195-9EE4-46C0-8CD7-FBA3457E88AB}" = LWS Facebook
"Abe's Oddysee_is1" = Abe's Oddysee
"abgx360" = abgx360 v1.0.2
"Adobe AIR" = Adobe AIR
"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin
"Adobe Shockwave Player" = Adobe Shockwave Player 11.5
"Battle for Wesnoth 1.7.12-1.8beta5" = Battle for Wesnoth 1.7.12-1.8beta5
"CDisplay_is1" = CDisplay 1.8
"CloneCD" = CloneCD
"CNXT_HDAUDIO" = Conexant HD Audio
"CNXT_MODEM_HDA_HSF" = HDAUDIO Soft Data Fax Modem with SmartCP
"Combined Community Codec Pack_is1" = Combined Community Codec Pack 2009-09-09
"CoreAVC Professional Edition" = CoreAVC Professional Edition (remove only)
"Digsby" = Digsby
"Digsby Donates" = Digsby Donates
"Electricsheep Screensaver" = Electricsheep Screensaver 2.7b19
"Google Chrome" = Google Chrome
"GTK 2.0" = GTK+ Runtime 2.14.7 rev a (remove only)
"LameACM" = Lame ACM MP3 Codec
"Machinarium" = Machinarium
"Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware
"Marvel Vs" = Marvel Vs
"MediaMonkey_is1" = MediaMonkey 3.2
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"Mozilla Firefox (3.6.8)" = Mozilla Firefox (3.6.8)
"NVIDIA Drivers" = NVIDIA Drivers
"OpenAL" = OpenAL
"Pidgin" = Pidgin
"SopCast" = SopCast 3.2.4
"StarCraft II" = StarCraft II
"SynTPDeinstKey" = Synaptics Pointing Device Driver
"uTorrent" = µTorrent
"VirtualCloneDrive" = VirtualCloneDrive
"VLC media player" = VLC media player 1.0.1
"Warcraft III" = Warcraft III
"WinPcapInst" = WinPcap 4.1.1
"WinRAR archiver" = WinRAR archiver

========== HKEY_CURRENT_USER Uninstall List ==========

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"UnityWebPlayer" = Unity Web Player
"Warcraft III" = Warcraft III: All Products

========== Last 10 Event Log Errors ==========

[ Application Events ]
Error - 8/9/2010 4:02:18 AM | Computer Name = Sam-Laptop | Source = Microsoft-Windows-CAPI2 | ID = 4107
Description = Failed extract of third-party root list from auto update cab at: <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab>
with error: A required certificate is not within its validity period when verifying
against the current system clock or the timestamp in the signed file. .

Error - 8/9/2010 5:09:48 AM | Computer Name = Sam-Laptop | Source = Microsoft-Windows-CAPI2 | ID = 4107
Description = Failed extract of third-party root list from auto update cab at: <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab>
with error: A required certificate is not within its validity period when verifying
against the current system clock or the timestamp in the signed file. .

Error - 8/9/2010 6:14:15 AM | Computer Name = Sam-Laptop | Source = Microsoft-Windows-CAPI2 | ID = 4107
Description = Failed extract of third-party root list from auto update cab at: <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab>
with error: A required certificate is not within its validity period when verifying
against the current system clock or the timestamp in the signed file. .

Error - 8/9/2010 7:14:17 AM | Computer Name = Sam-Laptop | Source = Microsoft-Windows-CAPI2 | ID = 4107
Description = Failed extract of third-party root list from auto update cab at: <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab>
with error: A required certificate is not within its validity period when verifying
against the current system clock or the timestamp in the signed file. .

Error - 8/9/2010 8:00:55 AM | Computer Name = Sam-Laptop | Source = Microsoft-Windows-CAPI2 | ID = 4107
Description = Failed extract of third-party root list from auto update cab at: <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab>
with error: A required certificate is not within its validity period when verifying
against the current system clock or the timestamp in the signed file. .

Error - 8/9/2010 9:12:13 AM | Computer Name = Sam-Laptop | Source = Microsoft-Windows-CAPI2 | ID = 4107
Description = Failed extract of third-party root list from auto update cab at: <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab>
with error: A required certificate is not within its validity period when verifying
against the current system clock or the timestamp in the signed file. .

Error - 8/9/2010 10:04:27 AM | Computer Name = Sam-Laptop | Source = Microsoft-Windows-CAPI2 | ID = 4107
Description = Failed extract of third-party root list from auto update cab at: <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab>
with error: A required certificate is not within its validity period when verifying
against the current system clock or the timestamp in the signed file. .

Error - 8/9/2010 11:07:45 AM | Computer Name = Sam-Laptop | Source = Microsoft-Windows-CAPI2 | ID = 4107
Description = Failed extract of third-party root list from auto update cab at: <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab>
with error: A required certificate is not within its validity period when verifying
against the current system clock or the timestamp in the signed file. .

Error - 8/9/2010 12:13:32 PM | Computer Name = Sam-Laptop | Source = Microsoft-Windows-CAPI2 | ID = 4107
Description = Failed extract of third-party root list from auto update cab at: <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab>
with error: A required certificate is not within its validity period when verifying
against the current system clock or the timestamp in the signed file. .

Error - 8/9/2010 5:13:05 PM | Computer Name = Sam-Laptop | Source = Microsoft-Windows-CAPI2 | ID = 4107
Description = Failed extract of third-party root list from auto update cab at: <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab>
with error: A required certificate is not within its validity period when verifying
against the current system clock or the timestamp in the signed file. .

[ System Events ]
Error - 8/8/2010 12:01:38 AM | Computer Name = Sam-Laptop | Source = EventLog | ID = 6008
Description = The previous system shutdown at 11:58:14 PM on ?8/?7/?2010 was unexpected.

Error - 8/8/2010 12:01:41 AM | Computer Name = Sam-Laptop | Source = Service Control Manager | ID = 7023
Description = The Network Security service terminated with the following error:
%%126

Error - 8/8/2010 12:19:06 AM | Computer Name = Sam-Laptop | Source = Service Control Manager | ID = 7034
Description = The Process Monitor service terminated unexpectedly. It has done
this 1 time(s).

Error - 8/8/2010 12:19:33 AM | Computer Name = Sam-Laptop | Source = Service Control Manager | ID = 7034
Description = The XAudioService service terminated unexpectedly. It has done this
1 time(s).

Error - 8/8/2010 12:19:49 AM | Computer Name = Sam-Laptop | Source = Service Control Manager | ID = 7030
Description = The PEVSystemStart service is marked as an interactive service. However,
the system is configured to not allow interactive services. This service may not
function properly.

Error - 8/8/2010 12:31:22 AM | Computer Name = Sam-Laptop | Source = Service Control Manager | ID = 7030
Description = The PEVSystemStart service is marked as an interactive service. However,
the system is configured to not allow interactive services. This service may not
function properly.

Error - 8/8/2010 12:36:34 AM | Computer Name = Sam-Laptop | Source = volsnap | ID = 393252
Description = The shadow copies of volume C: were aborted because the shadow copy
storage could not grow due to a user imposed limit.

Error - 8/8/2010 2:08:31 AM | Computer Name = Sam-Laptop | Source = Service Control Manager | ID = 7024
Description = The HomeGroup Listener service terminated with service-specific error
%%-2147023143.

Error - 8/9/2010 5:15:13 PM | Computer Name = Sam-Laptop | Source = Service Control Manager | ID = 7030
Description = The PEVSystemStart service is marked as an interactive service. However,
the system is configured to not allow interactive services. This service may not
function properly.

Error - 8/9/2010 5:25:26 PM | Computer Name = Sam-Laptop | Source = Service Control Manager | ID = 7030
Description = The PEVSystemStart service is marked as an interactive service. However,
the system is configured to not allow interactive services. This service may not
function properly.


< End of report >

ComboFix 10-08-07.01 - Sam 08/09/2010 17:15:24.3.2 - x86
Microsoft Windows 7 Ultimate 6.1.7600.0.1252.1.1033.18.2687.1515 [GMT -4:00]
Running from: c:\users\Sam\Desktop\ComboFix.exe
Command switches used :: c:\users\Sam\Desktop\cfscript.txt
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\users\Sam\AppData\Roaming\Desktop Security
c:\users\Sam\AppData\Roaming\Desktop Security\Desktop Security 2010.exe

.
((((((((((((((((((((((((( Files Created from 2010-07-09 to 2010-08-09 )))))))))))))))))))))))))))))))
.

2010-08-09 21:25 . 2010-08-09 21:25 -------- d-----w- c:\users\Public\AppData\Local\temp
2010-08-09 21:25 . 2010-08-09 21:25 -------- d-----w- c:\users\Default\AppData\Local\temp
2010-08-09 21:14 . 2010-08-09 21:14 -------- d-----w- C:\32788R22FWJFW
2010-08-08 02:39 . 2010-08-08 02:39 -------- d-----w- c:\users\Sam\AppData\Roaming\Malwarebytes
2010-08-08 02:39 . 2010-04-29 19:39 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2010-08-08 02:39 . 2010-08-08 02:39 -------- d-----w- c:\programdata\Malwarebytes
2010-08-08 02:39 . 2010-04-29 19:39 20952 ----a-w- c:\windows\system32\drivers\mbam.sys
2010-08-08 02:39 . 2010-08-08 03:30 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2010-08-02 09:23 . 2010-08-02 09:23 47364 ----a-w- c:\programdata\Blizzard Entertainment\Battle.net\Cache\Download\Scan.dll
2010-08-02 08:25 . 2010-08-03 16:02 -------- d-----w- c:\program files\StarCraft II
2010-08-02 08:25 . 2010-08-02 09:23 -------- d-----w- c:\programdata\Blizzard Entertainment
2010-08-02 08:25 . 2010-08-02 09:10 -------- d-----w- c:\program files\Common Files\Blizzard Entertainment
2010-07-28 23:45 . 2010-07-28 23:45 142416 ----a-w- c:\windows\system32\drivers\yqadxupj.sys
2010-07-28 10:41 . 2010-07-28 23:46 -------- d-----w- c:\windows\system32\MpEngineStore
2010-07-28 10:13 . 2009-03-06 15:52 797216 ----a-w- c:\windows\system32\nvcplui.exe
2010-07-28 10:13 . 2009-03-06 15:52 1108512 ----a-w- c:\windows\system32\nvcpluir.dll
2010-07-28 10:06 . 2010-07-28 10:06 -------- d-----w- c:\program files\Microsoft.NET
2010-07-28 09:52 . 2009-02-04 09:45 453152 ----a-w- c:\windows\system32\NVUNINST.EXE
2010-07-28 08:25 . 2010-07-28 08:27 -------- d-----w- C:\6c27a364b56f68833a31841522
2010-07-28 08:25 . 2010-07-28 08:41 -------- d-----w- C:\SwSetup
2010-07-27 18:46 . 2010-07-27 18:46 -------- d-----w- c:\users\Sam\AppData\Local\Apps
2010-07-21 21:27 . 2010-07-21 21:27 -------- d-----w- c:\program files\Common Files\Skype
2010-07-15 03:28 . 2010-07-15 03:28 -------- d-----w- c:\users\Sam\AppData\Local\ESET
2010-07-15 02:54 . 2010-07-15 02:54 -------- d-----w- c:\program files\ESET

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-08-09 00:22 . 2009-09-12 22:19 -------- d-----w- c:\users\Sam\AppData\Roaming\vlc
2010-08-07 23:04 . 2009-06-10 21:19 142416 ----a-w- c:\windows\system32\drivers\nvstor.sys
2010-08-07 22:56 . 2010-08-07 22:56 0 ---ha-w- c:\windows\system32\drivers\Msft_User_WpdFs_01_09_00.Wdf
2010-08-07 11:23 . 2009-11-21 06:03 -------- d-----w- c:\program files\uTorrent
2010-08-05 19:31 . 2010-06-01 02:39 -------- d-----w- c:\program files\Digsby
2010-08-05 03:51 . 2010-02-01 05:40 -------- d-----w- c:\program files\Battle for Wesnoth 1.7.12-1.8beta5
2010-08-03 05:34 . 2009-10-23 05:50 188152 ----a-w- c:\users\Sam\AppData\Roaming\Mozilla\Firefox\Profiles\97axlzq1.default\FlashGot.exe
2010-08-02 10:00 . 2010-01-27 19:07 -------- d-----w- c:\users\Sam\AppData\Roaming\Skype
2010-08-02 04:01 . 2010-01-27 19:09 -------- d-----w- c:\users\Sam\AppData\Roaming\skypePM
2010-07-28 10:40 . 2009-09-12 10:17 -------- d-----w- c:\programdata\NVIDIA
2010-07-27 06:34 . 2009-09-13 00:16 -------- d-----w- c:\program files\MediaMonkey
2010-07-20 01:31 . 2010-01-08 06:37 -------- d-----w- c:\program files\Steam
2010-07-15 02:14 . 2009-09-12 15:46 119024 ----a-w- c:\users\Sam\AppData\Local\GDIPFONTCACHEV1.DAT
2010-07-14 21:15 . 2010-06-14 03:42 208144 ---ha-w- c:\windows\system32\mlfcache.dat
2010-07-11 00:01 . 2009-09-14 00:25 -------- d-----w- c:\programdata\Microsoft Help
2010-07-11 00:00 . 2009-07-14 04:52 -------- d-----w- c:\program files\MSBuild
2010-06-30 15:07 . 2009-07-14 02:37 -------- d-----w- c:\program files\Windows Mail
2010-06-30 14:48 . 2010-06-30 14:48 -------- d-----w- c:\programdata\LogiShrd
2010-06-30 14:45 . 2010-06-30 14:40 -------- d-----w- c:\program files\Common Files\logishrd
2010-06-30 14:44 . 2010-06-30 14:44 -------- d-----w- c:\users\Sam\AppData\Roaming\Leadertech
2010-06-30 14:44 . 2010-06-30 14:44 53248 ----a-r- c:\users\Sam\AppData\Roaming\Microsoft\Installer\{3EE9BCAE-E9A9-45E5-9B1C-83A4D357E05C}\ARPPRODUCTICON.exe
2010-06-30 14:44 . 2010-06-30 14:43 -------- d-----w- c:\program files\Logitech
2010-06-30 14:43 . 2010-06-30 14:43 -------- d-----w- c:\programdata\Logitech
2010-06-30 14:43 . 2010-06-30 14:43 -------- d-----w- c:\program files\Common Files\LWS
2010-06-24 13:04 . 2010-06-24 13:04 136120 ----a-w- c:\windows\system32\drivers\eamonm.sys
2010-06-21 02:31 . 2010-02-15 17:27 -------- d-----w- c:\program files\Common Files\InstallShield
2010-06-21 02:28 . 2010-02-15 17:29 -------- d--h--w- c:\program files\InstallShield Installation Information
2010-05-27 07:24 . 2010-06-21 02:25 34304 ----a-w- c:\windows\system32\atmlib.dll
2010-05-27 03:49 . 2010-06-21 02:25 293888 ----a-w- c:\windows\system32\atmfd.dll
2010-05-21 18:14 . 2009-10-03 21:54 221568 ------w- c:\windows\system32\MpSigStub.exe
2010-05-21 05:18 . 2010-06-21 02:30 977920 ----a-w- c:\windows\system32\wininet.dll
2010-05-17 04:13 . 2010-01-30 23:11 38784 ----a-w- c:\users\Sam\AppData\Roaming\Macromedia\Flash Player\www.macromedia.com\bin\airappinstaller\airappinstaller.exe
2010-05-17 04:13 . 2010-01-30 23:10 38784 ----a-w- c:\users\Default\AppData\Roaming\Macromedia\Flash Player\www.macromedia.com\bin\airappinstaller\airappinstaller.exe
2010-05-15 02:04 . 2010-05-15 02:04 6842592 ----a-w- c:\windows\system32\drivers\lvuvc.sys
2010-05-15 02:03 . 2010-05-15 02:03 539232 ----a-w- c:\windows\system32\LVUI2RC.dll
2010-05-15 02:03 . 2010-05-15 02:03 543328 ----a-w- c:\windows\system32\LVUI2.dll
2010-05-15 02:02 . 2010-05-15 02:02 276448 ----a-w- c:\windows\system32\drivers\lvrs.sys
2010-05-15 02:02 . 2010-05-15 02:02 114784 ----a-w- c:\windows\system32\drivers\lvpopflt.sys
2010-05-15 01:59 . 2010-05-15 01:59 203360 ----a-w- c:\windows\system32\lvci1301783.dll
2010-05-15 01:59 . 2010-05-15 01:59 416352 ----a-w- c:\windows\system32\lvcodec2.dll
2010-05-15 01:56 . 2010-05-15 01:56 10830680 ----a-w- c:\windows\system32\LogiDPP.dll
2010-05-15 01:56 . 2010-05-15 01:56 102744 ----a-w- c:\windows\system32\LogiDPPApp.exe
2010-05-15 01:55 . 2010-05-15 01:55 290648 ----a-w- c:\windows\system32\DevManagerCore.dll
2010-05-15 01:46 . 2010-05-15 01:46 37518 ----a-w- c:\windows\system32\Repository.reg
2010-05-12 20:42 . 2010-05-12 20:42 46904 ----a-w- c:\programdata\Logitech\LWS\PrivacyShades\LWS_PrivacyShade_Uninstall.exe
2009-05-01 21:02 . 2009-05-01 21:02 1044480 ----a-w- c:\program files\mozilla firefox\plugins\libdivx.dll
2009-05-01 21:02 . 2009-05-01 21:02 200704 ----a-w- c:\program files\mozilla firefox\plugins\ssldivx.dll
2009-06-10 21:26 . 2009-07-14 02:04 9633792 --sha-r- c:\windows\Fonts\StaticCache.dat
2009-07-14 01:14 . 2009-07-13 23:42 396800 --sha-w- c:\windows\winsxs\x86_microsoft-windows-mail-app_31bf3856ad364e35_6.1.7600.16385_none_f12e83abb108c86c\WinMail.exe
.

------- Sigcheck -------

[-] 2010-03-14 . 7BD7F45FF37FA0669CD32CA0EF46E22C . 811520 . . [6.1.7600.16385] . . c:\windows\System32\user32.dll
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{998A3C0C-8914-4D2A-AE36-BFA2E5AE6D5D}]
2010-06-01 02:40 638976 ----a-w- c:\program files\Digsby Donates\ShoppingBHO.dll

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"RESTART_STICKY_NOTES"="c:\windows\system32\StikyNot.exe" [2009-07-14 354304]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2010-06-20 35760]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2010-06-09 976832]
"LWS"="c:\program files\Logitech\LWS\Webcam Software\LWS.exe" [2010-05-07 165208]
"egui"="c:\program files\ESET\ESET NOD32 Antivirus\egui.exe" [2010-06-24 2202704]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2009-03-06 13605408]
"NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2009-03-06 92704]
"tipresxSystem"="c:\program files\Common Files\microsoft shared\ink\pl-PL\operacyjnytipresx.exe" [2010-08-07 163328]

c:\users\Sam\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
Digsby.lnk - c:\program files\Digsby\digsby.exe [2010-3-3 141488]
JDownloader.exe.lnk - c:\users\Sam\Downloads\JDownloader 0.8.9\JDownloader.exe [2009-10-21 214528]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 0 (0x0)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableLUA"= 0 (0x0)
"EnableUIADesktopToggle"= 0 (0x0)
"PromptOnSecureDesktop"= 0 (0x0)

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"aux1"=wdmaud.drv

[HKLM\~\startupfolder\C:^Users^Sam^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^JDownloader.lnk]
path=c:\users\Sam\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\JDownloader.lnk
backup=c:\windows\pss\JDownloader.lnk.Startup
backupExtension=.Startup

[HKLM\~\startupfolder\C:^Users^Sam^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^OneNote 2007 Screen Clipper and Launcher.lnk]
path=c:\users\Sam\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OneNote 2007 Screen Clipper and Launcher.lnk
backup=c:\windows\pss\OneNote 2007 Screen Clipper and Launcher.lnk.Startup
backupExtension=.Startup

[HKLM\~\startupfolder\C:^Users^Sam^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^Pidgin.lnk]
path=c:\users\Sam\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Pidgin.lnk
backup=c:\windows\pss\Pidgin.lnk.Startup
backupExtension=.Startup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe ARM]
2010-06-09 08:06 976832 ----a-w- c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher]
2010-06-20 02:04 35760 ----a-w- c:\program files\Adobe\Reader 9.0\Reader\reader_sl.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\CloneCDTray]
2006-09-28 19:21 57344 ----a-w- c:\program files\SlySoft\CloneCD\CloneCDTray.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NvCplDaemon]
2009-03-06 15:52 13605408 ----a-w- c:\windows\System32\nvcpl.dll

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NvMediaCenter]
2009-03-06 15:52 92704 ----a-w- c:\windows\System32\nvmctray.dll

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Sidebar]
2009-07-14 01:14 1173504 ----a-w- c:\program files\Windows Sidebar\sidebar.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Skype]
2010-05-13 21:57 26192168 ----a-r- c:\program files\Skype\Phone\Skype.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Steam]
2010-07-20 01:30 1238352 ----a-w- c:\program files\Steam\Steam.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
2009-09-12 20:05 148888 ----a-w- c:\program files\Java\jre6\bin\jusched.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SynTPEnh]
2008-03-28 09:05 1045800 ----a-w- c:\program files\Synaptics\SynTP\SynTPEnh.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\VirtualCloneDrive]
2009-05-26 22:31 85160 ----a-w- c:\program files\Elaborate Bytes\VirtualCloneDrive\VCDDaemon.exe

R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]
R2 gupdate1ca9f7463c53bfc;Google Update Service (gupdate1ca9f7463c53bfc);c:\program files\Google\Update\GoogleUpdate.exe [2010-01-27 133104]
R3 dc3d;MS Hardware Device Detection Driver (HID);c:\windows\system32\DRIVERS\dc3d.sys [2009-11-04 17408]
R3 SrvHsfHDA;SrvHsfHDA;c:\windows\system32\DRIVERS\VSTAZL3.SYS [2009-07-13 207360]
R3 SrvHsfV92;SrvHsfV92;c:\windows\system32\DRIVERS\VSTDPV3.SYS [2009-07-13 980992]
R3 SrvHsfWinac;SrvHsfWinac;c:\windows\system32\DRIVERS\VSTCNXT3.SYS [2009-07-13 661504]
R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe [2010-02-23 1343400]
S1 ehdrv;ehdrv;c:\windows\system32\DRIVERS\ehdrv.sys [2010-04-28 114984]
S1 vwififlt;Virtual WiFi Filter Driver;c:\windows\system32\DRIVERS\vwififlt.sys [2009-07-13 48128]
S2 eamonm;eamonm;c:\windows\system32\DRIVERS\eamonm.sys [2010-06-24 136120]
S2 ekrn;ESET Service;c:\program files\ESET\ESET NOD32 Antivirus\ekrn.exe [2010-06-24 810144]
S2 epfwwfpr;epfwwfpr;c:\windows\system32\DRIVERS\epfwwfpr.sys [2010-04-28 96896]
S2 NPF;NetGroup Packet Filter Driver;c:\windows\system32\drivers\npf.sys [2009-10-20 50704]


--- Other Services/Drivers In Memory ---

*Deregistered* - klmd24

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
HPZ12 REG_MULTI_SZ Pml Driver HPZ12 Net Driver HPZ12
HPService REG_MULTI_SZ HPSLPSVC
.
Contents of the 'Scheduled Tasks' folder

2010-08-09 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-01-27 17:15]

2010-08-09 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-01-27 17:15]
.
.
------- Supplementary Scan -------
.
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000
FF - ProfilePath - c:\users\Sam\AppData\Roaming\Mozilla\Firefox\Profiles\97axlzq1.default\
FF - prefs.js: browser.search.selectedEngine - LL - Search Links
FF - component: c:\program files\Mozilla Firefox\extensions\{AB2CE124-6272-4b12-94A9-7303C7397BD1}\components\SkypeFfComponent.dll
FF - component: c:\users\Sam\AppData\Roaming\Mozilla\Firefox\Profiles\97axlzq1.default\extensions\afom@idevfh\components\npAFOM.dll
FF - plugin: c:\program files\Google\Update\1.2.183.29\npGoogleOneClick8.dll
FF - plugin: c:\users\Sam\AppData\LocalLow\Unity\WebPlayer\loader\npUnity3D32.dll

---- FIREFOX POLICIES ----
c:\program files\Mozilla Firefox\greprefs\all.js - pref("ui.use_native_colors", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.lu", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.nu", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.nz", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgbaam7a8h", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgberp4a5d4ar", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--p1ai", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgbayh7gpa", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.tel", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.auth.force-generic-ntlm", false);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.proxy.type", 5);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.buffer.cache.count", 24);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.buffer.cache.size", 4096);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("dom.ipc.plugins.timeoutSecs", 45);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("svg.smil.enabled", false);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("accelerometer.enabled", true);
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.allow_unrestricted_renego_everywhere__temporarily_available_pref", true);
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.renego_unrestricted_hosts", "");
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.treat_unsafe_negotiation_as_broken", false);
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.require_safe_negotiation", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.name", "chrome://browser/locale/browser.properties");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.description", "chrome://browser/locale/browser.properties");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("plugins.update.notifyUser", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled.nptest.dll", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled.npswf32.dll", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled.npctrl.dll", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled.npqtplugin.dll", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled", false);
.
.
--------------------- LOCKED REGISTRY KEYS ---------------------

[HKEY_USERS\S-1-5-21-2673954322-904985209-1117478257-1001\Software\SecuROM\!CAUTION! NEVER A OR CHANGE ANY KEY*]
"??"=hex:ba,ea,76,08,93,f4,49,7c,2f,95,1c,a2,3f,db,6f,b8,47,53,e4,02,c8,74,1a,
21,c5,2b,0e,b5,dc,c8,07,c4,c6,6b,be,6c,21,30,6a,cc,d7,71,1c,40,3f,07,6c,72,\
"??"=hex:bc,dd,9c,a5,aa,70,13,fa,c3,1c,65,40,79,9e,2c,3c
.
Completion time: 2010-08-09 17:29:20
ComboFix-quarantined-files.txt 2010-08-09 21:29
ComboFix2.txt 2010-08-08 04:37

Pre-Run: 13,354,831,872 bytes free
Post-Run: 13,302,661,120 bytes free

- - End Of File - - D81645719CEED3E04CF79BA18E428D0C



#10 JSntgRvr

JSntgRvr

    Master Surgeon General


  • Malware Response Team
  • 11,635 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto Rico
  • Local time:11:46 PM

Posted 09 August 2010 - 05:37 PM

Les try to replace the User32.dll file.
  • Copy the entire contents of the Code Box below to Notepad.
  • Name the file as CFScript.txt
  • Change the Save as Type to All Files
  • and Save it on the desktop
[codebox]FCopy::
C:\Windows\winsxs\x86_microsoft-windows-user32_31bf3856ad364e35_6.1.7600.16385_none_cd0ec264ceb014a3\user32.dll|C:\Windows\System32\user32.dll[/codebox]



Once saved, referring to the picture above, drag CFScript.txt into ComboFix.exe, and post back the resulting report.

Edited by JSntgRvr, 09 August 2010 - 05:39 PM.

No request for help throughout private messaging will be attended.

If I have helped you, consider making a donation to help me continue the fight against Malware!
btn_donate_SM.gif


#11 Mister Sam

Mister Sam
  • Topic Starter

  • Members
  • 7 posts
  • OFFLINE
  •  
  • Local time:11:46 PM

Posted 09 August 2010 - 08:21 PM

ComboFix 10-08-07.01 - Sam 08/09/2010 20:37:44.4.2 - x86
Microsoft Windows 7 Ultimate 6.1.7600.0.1252.1.1033.18.2687.1355 [GMT -4:00]
Running from: c:\users\Sam\Desktop\ComboFix.exe
Command switches used :: c:\users\Sam\Desktop\CFScript.txt
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

.
--------------- FCopy ---------------

c:\windows\winsxs\x86_microsoft-windows-user32_31bf3856ad364e35_6.1.7600.16385_none_cd0ec264ceb014a3\user32.dll --> c:\windows\System32\user32.dll
.
((((((((((((((((((((((((( Files Created from 2010-07-10 to 2010-08-10 )))))))))))))))))))))))))))))))
.

2010-08-10 00:44 . 2010-08-10 00:44 -------- d-----w- c:\users\Public\AppData\Local\temp
2010-08-10 00:44 . 2010-08-10 00:44 -------- d-----w- c:\users\Default\AppData\Local\temp
2010-08-10 00:36 . 2010-08-10 00:36 -------- d-----w- C:\32788R22FWJFW
2010-08-08 02:39 . 2010-08-08 02:39 -------- d-----w- c:\users\Sam\AppData\Roaming\Malwarebytes
2010-08-08 02:39 . 2010-04-29 19:39 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2010-08-08 02:39 . 2010-08-08 02:39 -------- d-----w- c:\programdata\Malwarebytes
2010-08-08 02:39 . 2010-04-29 19:39 20952 ----a-w- c:\windows\system32\drivers\mbam.sys
2010-08-08 02:39 . 2010-08-08 03:30 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2010-08-02 09:23 . 2010-08-02 09:23 47364 ----a-w- c:\programdata\Blizzard Entertainment\Battle.net\Cache\Download\Scan.dll
2010-08-02 08:25 . 2010-08-03 16:02 -------- d-----w- c:\program files\StarCraft II
2010-08-02 08:25 . 2010-08-02 09:23 -------- d-----w- c:\programdata\Blizzard Entertainment
2010-08-02 08:25 . 2010-08-02 09:10 -------- d-----w- c:\program files\Common Files\Blizzard Entertainment
2010-07-28 23:45 . 2010-07-28 23:45 142416 ----a-w- c:\windows\system32\drivers\yqadxupj.sys
2010-07-28 10:41 . 2010-07-28 23:46 -------- d-----w- c:\windows\system32\MpEngineStore
2010-07-28 10:13 . 2009-03-06 15:52 797216 ----a-w- c:\windows\system32\nvcplui.exe
2010-07-28 10:13 . 2009-03-06 15:52 1108512 ----a-w- c:\windows\system32\nvcpluir.dll
2010-07-28 10:06 . 2010-07-28 10:06 -------- d-----w- c:\program files\Microsoft.NET
2010-07-28 09:52 . 2009-02-04 09:45 453152 ----a-w- c:\windows\system32\NVUNINST.EXE
2010-07-28 08:25 . 2010-07-28 08:27 -------- d-----w- C:\6c27a364b56f68833a31841522
2010-07-28 08:25 . 2010-07-28 08:41 -------- d-----w- C:\SwSetup
2010-07-27 18:46 . 2010-07-27 18:46 -------- d-----w- c:\users\Sam\AppData\Local\Apps
2010-07-21 21:27 . 2010-07-21 21:27 -------- d-----w- c:\program files\Common Files\Skype
2010-07-15 03:28 . 2010-07-15 03:28 -------- d-----w- c:\users\Sam\AppData\Local\ESET
2010-07-15 02:54 . 2010-07-15 02:54 -------- d-----w- c:\program files\ESET

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-08-09 00:22 . 2009-09-12 22:19 -------- d-----w- c:\users\Sam\AppData\Roaming\vlc
2010-08-07 23:04 . 2009-06-10 21:19 142416 ----a-w- c:\windows\system32\drivers\nvstor.sys
2010-08-07 22:56 . 2010-08-07 22:56 0 ---ha-w- c:\windows\system32\drivers\Msft_User_WpdFs_01_09_00.Wdf
2010-08-07 11:23 . 2009-11-21 06:03 -------- d-----w- c:\program files\uTorrent
2010-08-05 19:31 . 2010-06-01 02:39 -------- d-----w- c:\program files\Digsby
2010-08-05 03:51 . 2010-02-01 05:40 -------- d-----w- c:\program files\Battle for Wesnoth 1.7.12-1.8beta5
2010-08-03 05:34 . 2009-10-23 05:50 188152 ----a-w- c:\users\Sam\AppData\Roaming\Mozilla\Firefox\Profiles\97axlzq1.default\FlashGot.exe
2010-08-02 10:00 . 2010-01-27 19:07 -------- d-----w- c:\users\Sam\AppData\Roaming\Skype
2010-08-02 04:01 . 2010-01-27 19:09 -------- d-----w- c:\users\Sam\AppData\Roaming\skypePM
2010-07-28 10:40 . 2009-09-12 10:17 -------- d-----w- c:\programdata\NVIDIA
2010-07-27 06:34 . 2009-09-13 00:16 -------- d-----w- c:\program files\MediaMonkey
2010-07-20 01:31 . 2010-01-08 06:37 -------- d-----w- c:\program files\Steam
2010-07-15 02:14 . 2009-09-12 15:46 119024 ----a-w- c:\users\Sam\AppData\Local\GDIPFONTCACHEV1.DAT
2010-07-14 21:15 . 2010-06-14 03:42 208144 ---ha-w- c:\windows\system32\mlfcache.dat
2010-07-11 00:01 . 2009-09-14 00:25 -------- d-----w- c:\programdata\Microsoft Help
2010-07-11 00:00 . 2009-07-14 04:52 -------- d-----w- c:\program files\MSBuild
2010-06-30 15:07 . 2009-07-14 02:37 -------- d-----w- c:\program files\Windows Mail
2010-06-30 14:48 . 2010-06-30 14:48 -------- d-----w- c:\programdata\LogiShrd
2010-06-30 14:45 . 2010-06-30 14:40 -------- d-----w- c:\program files\Common Files\logishrd
2010-06-30 14:44 . 2010-06-30 14:44 -------- d-----w- c:\users\Sam\AppData\Roaming\Leadertech
2010-06-30 14:44 . 2010-06-30 14:44 53248 ----a-r- c:\users\Sam\AppData\Roaming\Microsoft\Installer\{3EE9BCAE-E9A9-45E5-9B1C-83A4D357E05C}\ARPPRODUCTICON.exe
2010-06-30 14:44 . 2010-06-30 14:43 -------- d-----w- c:\program files\Logitech
2010-06-30 14:43 . 2010-06-30 14:43 -------- d-----w- c:\programdata\Logitech
2010-06-30 14:43 . 2010-06-30 14:43 -------- d-----w- c:\program files\Common Files\LWS
2010-06-24 13:04 . 2010-06-24 13:04 136120 ----a-w- c:\windows\system32\drivers\eamonm.sys
2010-06-21 02:31 . 2010-02-15 17:27 -------- d-----w- c:\program files\Common Files\InstallShield
2010-06-21 02:28 . 2010-02-15 17:29 -------- d--h--w- c:\program files\InstallShield Installation Information
2010-05-27 07:24 . 2010-06-21 02:25 34304 ----a-w- c:\windows\system32\atmlib.dll
2010-05-27 03:49 . 2010-06-21 02:25 293888 ----a-w- c:\windows\system32\atmfd.dll
2010-05-21 18:14 . 2009-10-03 21:54 221568 ------w- c:\windows\system32\MpSigStub.exe
2010-05-21 05:18 . 2010-06-21 02:30 977920 ----a-w- c:\windows\system32\wininet.dll
2010-05-17 04:13 . 2010-01-30 23:11 38784 ----a-w- c:\users\Sam\AppData\Roaming\Macromedia\Flash Player\www.macromedia.com\bin\airappinstaller\airappinstaller.exe
2010-05-17 04:13 . 2010-01-30 23:10 38784 ----a-w- c:\users\Default\AppData\Roaming\Macromedia\Flash Player\www.macromedia.com\bin\airappinstaller\airappinstaller.exe
2010-05-15 02:04 . 2010-05-15 02:04 6842592 ----a-w- c:\windows\system32\drivers\lvuvc.sys
2010-05-15 02:03 . 2010-05-15 02:03 539232 ----a-w- c:\windows\system32\LVUI2RC.dll
2010-05-15 02:03 . 2010-05-15 02:03 543328 ----a-w- c:\windows\system32\LVUI2.dll
2010-05-15 02:02 . 2010-05-15 02:02 276448 ----a-w- c:\windows\system32\drivers\lvrs.sys
2010-05-15 02:02 . 2010-05-15 02:02 114784 ----a-w- c:\windows\system32\drivers\lvpopflt.sys
2010-05-15 01:59 . 2010-05-15 01:59 203360 ----a-w- c:\windows\system32\lvci1301783.dll
2010-05-15 01:59 . 2010-05-15 01:59 416352 ----a-w- c:\windows\system32\lvcodec2.dll
2010-05-15 01:56 . 2010-05-15 01:56 10830680 ----a-w- c:\windows\system32\LogiDPP.dll
2010-05-15 01:56 . 2010-05-15 01:56 102744 ----a-w- c:\windows\system32\LogiDPPApp.exe
2010-05-15 01:55 . 2010-05-15 01:55 290648 ----a-w- c:\windows\system32\DevManagerCore.dll
2010-05-15 01:46 . 2010-05-15 01:46 37518 ----a-w- c:\windows\system32\Repository.reg
2010-05-12 20:42 . 2010-05-12 20:42 46904 ----a-w- c:\programdata\Logitech\LWS\PrivacyShades\LWS_PrivacyShade_Uninstall.exe
2009-05-01 21:02 . 2009-05-01 21:02 1044480 ----a-w- c:\program files\mozilla firefox\plugins\libdivx.dll
2009-05-01 21:02 . 2009-05-01 21:02 200704 ----a-w- c:\program files\mozilla firefox\plugins\ssldivx.dll
2009-06-10 21:26 . 2009-07-14 02:04 9633792 --sha-r- c:\windows\Fonts\StaticCache.dat
2009-07-14 01:14 . 2009-07-13 23:42 396800 --sha-w- c:\windows\winsxs\x86_microsoft-windows-mail-app_31bf3856ad364e35_6.1.7600.16385_none_f12e83abb108c86c\WinMail.exe
.

((((((((((((((((((((((((((((( SnapShot@2010-08-09_21.25.29 )))))))))))))))))))))))))))))))))))))))))
.
- 2009-09-12 10:24 . 2010-08-09 21:13 32768 c:\windows\ServiceProfiles\LocalService\AppData\Local\Temp\Temporary Internet Files\Content.IE5\index.dat
+ 2009-09-12 10:24 . 2010-08-10 00:01 32768 c:\windows\ServiceProfiles\LocalService\AppData\Local\Temp\Temporary Internet Files\Content.IE5\index.dat
+ 2009-09-12 10:24 . 2010-08-10 00:01 16384 c:\windows\ServiceProfiles\LocalService\AppData\Local\Temp\History\History.IE5\index.dat
- 2009-09-12 10:24 . 2010-08-09 21:13 16384 c:\windows\ServiceProfiles\LocalService\AppData\Local\Temp\History\History.IE5\index.dat
- 2009-09-12 10:24 . 2010-08-09 21:13 16384 c:\windows\ServiceProfiles\LocalService\AppData\Local\Temp\Cookies\index.dat
+ 2009-09-12 10:24 . 2010-08-10 00:01 16384 c:\windows\ServiceProfiles\LocalService\AppData\Local\Temp\Cookies\index.dat
+ 2009-09-12 02:46 . 2010-08-10 00:01 32768 c:\windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
- 2009-09-12 02:46 . 2010-08-09 21:13 32768 c:\windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{998A3C0C-8914-4D2A-AE36-BFA2E5AE6D5D}]
2010-06-01 02:40 638976 ----a-w- c:\program files\Digsby Donates\ShoppingBHO.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2010-06-20 35760]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2010-06-09 976832]
"LWS"="c:\program files\Logitech\LWS\Webcam Software\LWS.exe" [2010-05-07 165208]
"egui"="c:\program files\ESET\ESET NOD32 Antivirus\egui.exe" [2010-06-24 2202704]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2009-03-06 13605408]
"NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2009-03-06 92704]
"tipresxSystem"="c:\program files\Common Files\microsoft shared\ink\pl-PL\operacyjnytipresx.exe" [2010-08-07 163328]

c:\users\Sam\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
Digsby.lnk - c:\program files\Digsby\digsby.exe [2010-3-3 141488]
JDownloader.exe.lnk - c:\users\Sam\Downloads\JDownloader 0.8.9\JDownloader.exe [2009-10-21 214528]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 0 (0x0)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableLUA"= 0 (0x0)
"EnableUIADesktopToggle"= 0 (0x0)
"PromptOnSecureDesktop"= 0 (0x0)

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"aux1"=wdmaud.drv

[HKLM\~\startupfolder\C:^Users^Sam^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^JDownloader.lnk]
path=c:\users\Sam\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\JDownloader.lnk
backup=c:\windows\pss\JDownloader.lnk.Startup
backupExtension=.Startup

[HKLM\~\startupfolder\C:^Users^Sam^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^OneNote 2007 Screen Clipper and Launcher.lnk]
path=c:\users\Sam\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OneNote 2007 Screen Clipper and Launcher.lnk
backup=c:\windows\pss\OneNote 2007 Screen Clipper and Launcher.lnk.Startup
backupExtension=.Startup

[HKLM\~\startupfolder\C:^Users^Sam^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^Pidgin.lnk]
path=c:\users\Sam\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Pidgin.lnk
backup=c:\windows\pss\Pidgin.lnk.Startup
backupExtension=.Startup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe ARM]
2010-06-09 08:06 976832 ----a-w- c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher]
2010-06-20 02:04 35760 ----a-w- c:\program files\Adobe\Reader 9.0\Reader\reader_sl.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\CloneCDTray]
2006-09-28 19:21 57344 ----a-w- c:\program files\SlySoft\CloneCD\CloneCDTray.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NvCplDaemon]
2009-03-06 15:52 13605408 ----a-w- c:\windows\System32\nvcpl.dll

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NvMediaCenter]
2009-03-06 15:52 92704 ----a-w- c:\windows\System32\nvmctray.dll

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Sidebar]
2009-07-14 01:14 1173504 ----a-w- c:\program files\Windows Sidebar\sidebar.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Skype]
2010-05-13 21:57 26192168 ----a-r- c:\program files\Skype\Phone\Skype.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Steam]
2010-07-20 01:30 1238352 ----a-w- c:\program files\Steam\Steam.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
2009-09-12 20:05 148888 ----a-w- c:\program files\Java\jre6\bin\jusched.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SynTPEnh]
2008-03-28 09:05 1045800 ----a-w- c:\program files\Synaptics\SynTP\SynTPEnh.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\VirtualCloneDrive]
2009-05-26 22:31 85160 ----a-w- c:\program files\Elaborate Bytes\VirtualCloneDrive\VCDDaemon.exe

R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]
R2 gupdate1ca9f7463c53bfc;Google Update Service (gupdate1ca9f7463c53bfc);c:\program files\Google\Update\GoogleUpdate.exe [2010-01-27 133104]
R3 dc3d;MS Hardware Device Detection Driver (HID);c:\windows\system32\DRIVERS\dc3d.sys [2009-11-04 17408]
R3 SrvHsfHDA;SrvHsfHDA;c:\windows\system32\DRIVERS\VSTAZL3.SYS [2009-07-13 207360]
R3 SrvHsfV92;SrvHsfV92;c:\windows\system32\DRIVERS\VSTDPV3.SYS [2009-07-13 980992]
R3 SrvHsfWinac;SrvHsfWinac;c:\windows\system32\DRIVERS\VSTCNXT3.SYS [2009-07-13 661504]
R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe [2010-02-23 1343400]
S1 ehdrv;ehdrv;c:\windows\system32\DRIVERS\ehdrv.sys [2010-04-28 114984]
S1 vwififlt;Virtual WiFi Filter Driver;c:\windows\system32\DRIVERS\vwififlt.sys [2009-07-13 48128]
S2 eamonm;eamonm;c:\windows\system32\DRIVERS\eamonm.sys [2010-06-24 136120]
S2 ekrn;ESET Service;c:\program files\ESET\ESET NOD32 Antivirus\ekrn.exe [2010-06-24 810144]
S2 epfwwfpr;epfwwfpr;c:\windows\system32\DRIVERS\epfwwfpr.sys [2010-04-28 96896]
S2 NPF;NetGroup Packet Filter Driver;c:\windows\system32\drivers\npf.sys [2009-10-20 50704]


--- Other Services/Drivers In Memory ---

*Deregistered* - klmd24

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
HPZ12 REG_MULTI_SZ Pml Driver HPZ12 Net Driver HPZ12
HPService REG_MULTI_SZ HPSLPSVC
.
Contents of the 'Scheduled Tasks' folder

2010-08-09 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-01-27 17:15]

2010-08-09 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-01-27 17:15]
.
.
------- Supplementary Scan -------
.
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000
FF - ProfilePath - c:\users\Sam\AppData\Roaming\Mozilla\Firefox\Profiles\97axlzq1.default\
FF - prefs.js: browser.search.selectedEngine - YouTube Video Search
FF - component: c:\program files\Mozilla Firefox\extensions\{AB2CE124-6272-4b12-94A9-7303C7397BD1}\components\SkypeFfComponent.dll
FF - component: c:\users\Sam\AppData\Roaming\Mozilla\Firefox\Profiles\97axlzq1.default\extensions\afom@idevfh\components\npAFOM.dll
FF - plugin: c:\program files\Google\Update\1.2.183.29\npGoogleOneClick8.dll
FF - plugin: c:\users\Sam\AppData\LocalLow\Unity\WebPlayer\loader\npUnity3D32.dll

---- FIREFOX POLICIES ----
c:\program files\Mozilla Firefox\greprefs\all.js - pref("ui.use_native_colors", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.lu", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.nu", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.nz", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgbaam7a8h", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgberp4a5d4ar", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--p1ai", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgbayh7gpa", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.tel", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.auth.force-generic-ntlm", false);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.proxy.type", 5);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.buffer.cache.count", 24);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.buffer.cache.size", 4096);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("dom.ipc.plugins.timeoutSecs", 45);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("svg.smil.enabled", false);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("accelerometer.enabled", true);
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.allow_unrestricted_renego_everywhere__temporarily_available_pref", true);
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.renego_unrestricted_hosts", "");
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.treat_unsafe_negotiation_as_broken", false);
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.require_safe_negotiation", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.name", "chrome://browser/locale/browser.properties");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.description", "chrome://browser/locale/browser.properties");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("plugins.update.notifyUser", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled.nptest.dll", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled.npswf32.dll", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled.npctrl.dll", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled.npqtplugin.dll", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled", false);
.
.
--------------------- LOCKED REGISTRY KEYS ---------------------

[HKEY_USERS\S-1-5-21-2673954322-904985209-1117478257-1001\Software\SecuROM\!CAUTION! NEVER A OR CHANGE ANY KEY*]
"??"=hex:ba,ea,76,08,93,f4,49,7c,2f,95,1c,a2,3f,db,6f,b8,47,53,e4,02,c8,74,1a,
21,c5,2b,0e,b5,dc,c8,07,c4,c6,6b,be,6c,21,30,6a,cc,d7,71,1c,40,3f,07,6c,72,\
"??"=hex:bc,dd,9c,a5,aa,70,13,fa,c3,1c,65,40,79,9e,2c,3c
.
Completion time: 2010-08-09 20:49:44
ComboFix-quarantined-files.txt 2010-08-10 00:49
ComboFix2.txt 2010-08-09 21:29
ComboFix3.txt 2010-08-08 04:37

Pre-Run: 13,375,873,024 bytes free
Post-Run: 13,323,005,952 bytes free

- - End Of File - - F5FE2EC8F85CC90CFF090E6007866A10


#12 JSntgRvr

JSntgRvr

    Master Surgeon General


  • Malware Response Team
  • 11,635 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto Rico
  • Local time:11:46 PM

Posted 12 August 2010 - 11:13 PM

Sorry for the delayed response, but I did not received a notification. The fix was successful.

How is the computer doing?

No request for help throughout private messaging will be attended.

If I have helped you, consider making a donation to help me continue the fight against Malware!
btn_donate_SM.gif


#13 JSntgRvr

JSntgRvr

    Master Surgeon General


  • Malware Response Team
  • 11,635 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto Rico
  • Local time:11:46 PM

Posted 15 August 2010 - 12:02 PM

Since this issue appears to be resolved ... this Topic has been closed. Glad we could help.

If you're the topic starter, and need this topic reopened, please contact a staff member with the address of the thread.

Everyone else please begin a New Topic.

No request for help throughout private messaging will be attended.

If I have helped you, consider making a donation to help me continue the fight against Malware!
btn_donate_SM.gif





0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users