Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

soundsofopera.com + videocop.com redirections (system wide)


  • This topic is locked This topic is locked
15 replies to this topic

#1 sqybuzz

sqybuzz

  • Members
  • 10 posts
  • OFFLINE
  •  
  • Local time:06:01 PM

Posted 11 August 2010 - 11:53 PM

While browsing the net with any given browser, intermittently, I am either redirected from a site soundsofopera.com to an affiliate program, including videocop.com. Also, firefox redirects to a blank page and hangs on websites with Google Analytics installed. I have installed and scanned my PC with multiple spyware/adware programs such as Adaware, Spybot, Malwarebytes and my resident Symantec End Point Protection with no detections.

Please note GMER freezes my video so I can't give you a log from it. If I can get it to run somehow, I will post an update with the GMER log.

Thank you in advance!


DDS (Ver_10-03-17.01) - NTFSx86
Run by BIOS at 21:28:59.79 on Wed 08/11/2010
Internet Explorer: 7.0.6002.18005 BrowserJavaVersion: 1.6.0_21
AV: Symantec Endpoint Protection *On-access scanning enabled* (Updated) {FB06448E-52B8-493A-90F3-E43226D3305C}
SP: Symantec Endpoint Protection *enabled* (Updated) {6C85A515-B91D-4D2B-AF18-40984A4A8493}
FW: Symantec Endpoint Protection *enabled* {BE898FE3-CD0B-4014-85A9-03DB9923DDB6}

============== Running Processes ===============


============== Pseudo HJT Report ===============

uStart Page = hxxp://www.google.com/
uInternet Settings,ProxyServer = 208.98.45.34:52931
uInternet Settings,ProxyOverride = local
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll
BHO: Adobe PDF Conversion Toolbar Helper: {ae7cd045-e861-484f-8273-0445ee161910} - c:\program files\adobe\acrobat 8.0\acrobat\AcroIEFavClient.dll
BHO: Java™ Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
BHO: FlashFXP Helper for Internet Explorer: {e5a1691b-d188-4419-ad02-90002030b8ee} - c:\progra~1\flashfxp\IEFlash.dll
TB: Adobe PDF: {47833539-d0c5-4125-9fa8-0819e2eaac93} - c:\program files\adobe\acrobat 8.0\acrobat\AcroIEFavClient.dll
uRun: [Steam] "c:\program files\steam\Steam.exe" -silent
uRun: [Sidebar] c:\program files\windows sidebar\sidebar.exe /autoRun
mRun: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide
mRun: [StartCCC] "c:\program files\ati technologies\ati.ace\core-static\CLIStart.exe"
mRun: [Broadcom Wireless Manager UI] c:\windows\system32\WLTRAY.exe
mRun: [Adobe Reader Speed Launcher] "c:\program files\adobe\reader 9.0\reader\Reader_sl.exe"
mRun: [Adobe ARM] "c:\program files\common files\adobe\arm\1.0\AdobeARM.exe"
mRun: [ccApp] "c:\program files\common files\symantec shared\ccApp.exe"
mRun: [Acrobat Assistant 8.0] "c:\program files\adobe\acrobat 8.0\acrobat\Acrotray.exe"
mRun: [SigmatelSysTrayApp] c:\program files\sigmatel\c-major audio\wdm\sttray.exe
mRun: [SunJavaUpdateSched] "c:\program files\common files\java\java update\jusched.exe"
mPolicies-explorer: BindDirectlyToPropertySetStorage = 0 (0x0)
mPolicies-system: EnableUIADesktopToggle = 0 (0x0)
IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - c:\progra~1\micros~2\office12\ONBttnIE.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~2\office12\REFIEBAR.DLL
LSP: c:\windows\system32\HMIPCore.dll
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_21-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_21-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_21-windows-i586.cab
DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - c:\progra~1\common~1\skype\SKYPE4~1.DLL

================= FIREFOX ===================

FF - ProfilePath - c:\users\bios\appdata\roaming\mozilla\firefox\profiles\hvuh5y4l.default\
FF - prefs.js: browser.startup.homepage - hxxp://www.google.com
FF - prefs.js: keyword.URL - hxxp://www.google.com/search?ie=UTF-8&oe=UTF-8&sourceid=navclient&gfns=1&q=
FF - prefs.js: network.proxy.type - 0
FF - plugin: c:\program files\java\jre6\bin\new_plugin\npdeployJava1.dll
FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\microsoft.net\framework\v3.5\windows presentation foundation\dotnetassistantextension\
FF - HiddenExtension: Java Console: No Registry Reference - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}
FF - HiddenExtension: Java Console: No Registry Reference - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}

---- FIREFOX POLICIES ----
c:\program files\mozilla firefox\greprefs\all.js - pref("ui.use_native_colors", true);
c:\program files\mozilla firefox\greprefs\all.js - pref("ui.use_native_popup_windows", false);
c:\program files\mozilla firefox\greprefs\all.js - pref("browser.enable_click_image_resizing", true);
c:\program files\mozilla firefox\greprefs\all.js - pref("accessibility.browsewithcaret_shortcut.enabled", true);
c:\program files\mozilla firefox\greprefs\all.js - pref("javascript.options.mem.high_water_mark", 32);
c:\program files\mozilla firefox\greprefs\all.js - pref("javascript.options.mem.gc_frequency", 1600);
c:\program files\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.lu", true);
c:\program files\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.nu", true);
c:\program files\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.nz", true);
c:\program files\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgbaam7a8h", true);
c:\program files\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgberp4a5d4ar", true);
c:\program files\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--p1ai", true);
c:\program files\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgbayh7gpa", true);
c:\program files\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.tel", true);
c:\program files\mozilla firefox\greprefs\all.js - pref("network.auth.force-generic-ntlm", false);
c:\program files\mozilla firefox\greprefs\all.js - pref("network.proxy.type", 5);
c:\program files\mozilla firefox\greprefs\all.js - pref("network.buffer.cache.count", 24);
c:\program files\mozilla firefox\greprefs\all.js - pref("network.buffer.cache.size", 4096);
c:\program files\mozilla firefox\greprefs\all.js - pref("dom.ipc.plugins.timeoutSecs", 45);
c:\program files\mozilla firefox\greprefs\all.js - pref("svg.smil.enabled", false);
c:\program files\mozilla firefox\greprefs\all.js - pref("ui.trackpoint_hack.enabled", -1);
c:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.debug", false);
c:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.agedWeight", 2);
c:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.bucketSize", 1);
c:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.maxTimeGroupings", 25);
c:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.timeGroupingSize", 604800);
c:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.boundaryWeight", 25);
c:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.prefixWeight", 5);
c:\program files\mozilla firefox\greprefs\all.js - pref("accelerometer.enabled", true);
c:\program files\mozilla firefox\greprefs\all.js - pref("html5.enable", false);
c:\program files\mozilla firefox\greprefs\security-prefs.js - pref("security.ssl.allow_unrestricted_renego_everywhere__temporarily_available_pref", true);
c:\program files\mozilla firefox\greprefs\security-prefs.js - pref("security.ssl.renego_unrestricted_hosts", "");
c:\program files\mozilla firefox\greprefs\security-prefs.js - pref("security.ssl.treat_unsafe_negotiation_as_broken", false);
c:\program files\mozilla firefox\greprefs\security-prefs.js - pref("security.ssl.require_safe_negotiation", false);
c:\program files\mozilla firefox\greprefs\security-prefs.js - pref("security.ssl3.rsa_seed_sha", true);
c:\program files\mozilla firefox\defaults\pref\firefox-branding.js - pref("app.update.download.backgroundInterval", 600);
c:\program files\mozilla firefox\defaults\pref\firefox-branding.js - pref("app.update.url.manual", "http://www.firefox.com");
c:\program files\mozilla firefox\defaults\pref\firefox-branding.js - pref("browser.search.param.yahoo-fr-ja", "mozff");
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.name", "chrome://browser/locale/browser.properties");
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.description", "chrome://browser/locale/browser.properties");
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("xpinstall.whitelist.add", "addons.mozilla.org");
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("xpinstall.whitelist.add.36", "getpersonas.com");
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("lightweightThemes.update.enabled", true);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("browser.allTabs.previews", false);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("plugins.hide_infobar_for_outdated_plugin", false);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("plugins.update.notifyUser", false);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("toolbar.customization.usesheet", false);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled.nptest.dll", true);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled.npswf32.dll", true);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled.npctrl.dll", true);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled.npqtplugin.dll", true);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled", false);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("browser.taskbar.previews.enable", false);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("browser.taskbar.previews.max", 20);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("browser.taskbar.previews.cachetime", 20);

============= SERVICES / DRIVERS ===============


=============== Created Last 30 ================

2010-08-11 23:54:37 0 d-sh--w- C:\$RECYCLE.BIN
2010-08-11 23:12:26 0 d-----w- C:\etavaresCF
2010-08-11 22:03:51 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2010-08-11 22:03:49 20952 ----a-w- c:\windows\system32\drivers\mbam.sys
2010-08-11 22:03:49 0 d-----w- c:\program files\Malwarebytes' Anti-Malware
2010-08-08 08:22:02 15880 ----a-w- c:\windows\system32\lsdelete.exe
2010-08-08 07:02:31 64288 ----a-w- c:\windows\system32\drivers\Lbd.sys
2010-08-08 07:00:06 0 dc-h--w- c:\programdata\{BD986C1B-72EC-4B82-B47B-6CAC4E6F494E}
2010-08-08 06:59:18 0 d-----w- c:\program files\Lavasoft
2010-08-04 04:38:50 98816 ----a-w- c:\windows\sed.exe
2010-08-04 04:38:50 77312 ----a-w- c:\windows\MBR.exe
2010-08-04 04:38:50 256512 ----a-w- c:\windows\PEV.exe
2010-08-04 04:38:50 161792 ----a-w- c:\windows\SWREG.exe
2010-07-31 01:19:18 0 d-----w- c:\windows\system32\eu-ES
2010-07-31 01:19:18 0 d-----w- c:\windows\system32\ca-ES
2010-07-31 01:19:16 0 d-----w- c:\windows\system32\vi-VN
2010-07-31 01:03:10 0 d-----w- c:\windows\system32\EventProviders
2010-07-30 21:20:17 0 d-----w- c:\programdata\SUPERAntiSpyware.com
2010-07-30 15:26:00 377344 ----a-w- c:\windows\system32\winhttp.dll
2010-07-30 05:37:09 0 d-----w- c:\users\bios\appdata\roaming\Malwarebytes
2010-07-30 05:37:00 0 d-----w- c:\programdata\Malwarebytes
2010-07-28 00:25:16 0 d-----w- c:\programdata\Spybot - Search & Destroy
2010-07-28 00:25:16 0 d-----w- c:\program files\Spybot - Search & Destroy
2010-07-26 02:25:47 0 d-----w- c:\program files\common files\Steam
2010-07-26 02:25:38 0 d-----w- c:\program files\Steam
2010-07-21 00:53:08 95024 ----a-w- c:\windows\system32\drivers\SBREDrv.sys
2010-07-21 00:46:15 0 d-----w- c:\programdata\Lavasoft
2010-07-19 20:38:21 499712 ----a-w- c:\windows\system32\kerberos.dll
2010-07-19 20:38:21 270848 ----a-w- c:\windows\system32\schannel.dll
2010-07-15 20:23:59 99840 ----a-w- c:\windows\system32\ulib.dll
2010-07-15 02:31:47 452440 ----a-w- c:\windows\system32\d3dx10_40.dll
2010-07-15 02:31:47 2036576 ----a-w- c:\windows\system32\D3DCompiler_40.dll
2010-07-15 02:31:46 4379984 ----a-w- c:\windows\system32\D3DX9_40.dll
2010-07-15 02:31:29 266088 ----a-w- c:\windows\system32\xactengine2_8.dll

==================== Find3M ====================

2010-07-31 01:28:04 86016 ----a-w- c:\windows\inf\infstor.dat
2010-07-31 01:28:04 51200 ----a-w- c:\windows\inf\infpub.dat
2010-07-31 01:28:04 143360 ----a-w- c:\windows\inf\infstrng.dat
2010-07-31 01:19:14 665600 ----a-w- c:\windows\inf\drvindex.dat
2010-07-31 01:10:02 37665 ----a-w- c:\windows\fonts\GlobalUserInterface.CompositeFont
2010-07-17 12:00:04 423656 ----a-w- c:\windows\system32\deployJava1.dll
2010-06-16 20:33:40 32768 ----a-w- c:\windows\system32\drivers\taphss.sys
2010-06-01 05:34:13 108144 ----a-w- c:\windows\system32\CmdLineExt.dll
2010-05-27 06:51:10 48 ---ha-w- c:\programdata\ezsidmv.dat
2010-05-26 17:06:41 34304 ----a-w- c:\windows\system32\atmlib.dll
2010-05-26 14:47:41 289792 ----a-w- c:\windows\system32\atmfd.dll
2008-01-21 02:43:21 174 --sha-w- c:\program files\desktop.ini
2006-11-02 12:42:02 30674 ----a-w- c:\windows\inf\perflib\0409\perfd.dat
2006-11-02 12:42:02 30674 ----a-w- c:\windows\inf\perflib\0409\perfc.dat
2006-11-02 12:42:02 287440 ----a-w- c:\windows\inf\perflib\0409\perfi.dat
2006-11-02 12:42:02 287440 ----a-w- c:\windows\inf\perflib\0409\perfh.dat
2006-11-02 09:20:21 287440 ----a-w- c:\windows\inf\perflib\0000\perfi.dat
2006-11-02 09:20:21 287440 ----a-w- c:\windows\inf\perflib\0000\perfh.dat
2006-11-02 09:20:19 30674 ----a-w- c:\windows\inf\perflib\0000\perfd.dat
2006-11-02 09:20:19 30674 ----a-w- c:\windows\inf\perflib\0000\perfc.dat

============= FINISH: 21:29:32.27 ===============

It looks like it didn't attach my file. Let's try it again.Attached File  Attach.txt   3.6KB   6 downloads

No luck with GMER. It crashes at scanning: \device\harddisk\volumeshadowcopy1

Problem signature:
Problem Event Name: APPCRASH
Application Name: gmer.exe
Application Version: 1.0.15.15281
Application Timestamp: 4b2763f0
Fault Module Name: gmer.exe
Fault Module Version: 1.0.15.15281
Fault Module Timestamp: 4b2763f0
Exception Code: c0000005
Exception Offset: 0000c4b1
OS Version: 6.0.6002.2.2.0.768.3
Locale ID: 1033
Additional Information 1: 1439
Additional Information 2: e4cac7376c6d85ae5925b14ce432d25c
Additional Information 3: 30fc
Additional Information 4: f86656890715834639595cc3d492ab48

EDIT: Posts merged ~BP

Edited by Budapest, 12 August 2010 - 05:30 AM.


BC AdBot (Login to Remove)

 


#2 myrti

myrti

    Sillyberry


  • Malware Study Hall Admin
  • 33,766 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:At home
  • Local time:01:01 AM

Posted 19 August 2010 - 06:30 AM

Hello and welcome to Bleeping Computer

We apologize for the delay in responding to your request for help. Here at Bleeping Computer we get overwhelmed at times, and we are trying our best to keep up. Please note that your topic was not intentionally overlooked. Our mission is to help everyone in need, but sometimes it takes just a little longer to get to every request for help. No one is ignored here.

If you have since resolved the original problem you were having, we would appreciate you letting us know. If not please perform the following steps below so we can have a look at the current condition of your machine.

Please include a clear description of the problems you're having, along with any steps you may have performed so far.

Please refrain from running tools or applying updates other than those we suggest while we are cleaning up your computer. The reason for this is so we know what is going on with the machine at any time. Some programs can interfere with others and hamper the recovery process.

Even if you have already provided information about your PC, we need a new log to see what has changed since you originally posted your problem.
We need to create an OTL Report
  1. Please download OTL from one of the following mirrors:
  2. Save it to your desktop.
  3. Double click on the icon on your desktop.
  4. Click the "Scan All Users" checkbox.
  5. In the custom scan box paste the following:
    CODE
    msconfig
    safebootminimal
    activex
    drivers32
    netsvcs
    %SYSTEMDRIVE%\*.exe
    /md5start
    eventlog.dll
    scecli.dll
    netlogon.dll
    cngaudit.dll
    sceclt.dll
    ntelogon.dll
    logevent.dll
    iaStor.sys
    nvstor.sys
    atapi.sys
    IdeChnDr.sys
    viasraid.sys
    AGP440.sys
    vaxscsi.sys
    nvatabus.sys
    viamraid.sys
    nvata.sys
    nvgts.sys
    iastorv.sys
    ViPrt.sys
    eNetHook.dll
    ahcix86.sys
    KR10N.sys
    nvstor32.sys
    ahcix86s.sys
    nvrd32.sys
    symmpi.sys
    adp3132.sys
    mv61xx.sys
    nvraid.sys
    /md5stop
    %systemroot%\*. /mp /s
    %systemroot%\system32\*.dll /lockedfiles
    %systemroot%\Tasks\*.job /lockedfiles
    %systemroot%\system32\drivers\*.sys /lockedfiles
    %systemroot%\System32\config\*.sav
    %systemroot%\system32\drivers\*.sys /90
  6. Push the button.
  7. Two reports will open, copy and paste them in a reply here:
    • OTL.txt <-- Will be opened
    • Extra.txt<--Will be minimized

In the upper right hand corner of the topic you will see a button called Options. If you click on this in the drop-down menu you can choose Track this topic. I suggest you do this and select Immediate E-Mail notification and click on Proceed. This way you will be advised when we respond to your topic and facilitate the cleaning of your machine.

After 5 days if a topic is not replied to we assume it has been abandoned and it is closed.

regards myrti

is that a bird?  a plane? nooo it's the flying blueberry!

If I have been helping you and haven't replied in 2 days, feel free to shoot me a PM! Please don't send help request via PM, unless I am already helping you. Use the forums!

 

Follow BleepingComputer on: Facebook | Twitter | Google+


#3 sqybuzz

sqybuzz
  • Topic Starter

  • Members
  • 10 posts
  • OFFLINE
  •  
  • Local time:06:01 PM

Posted 19 August 2010 - 01:50 PM

Hello and thank you for taking the time to help me! I ran the scan and there was no extras log that showed. So here is the OTL.txt.

Another symptom is that when I type in a domain in the address bar with certain keywords, it triggers the redirect as well.


OTL logfile created on: 8/19/2010 11:22:36 AM - Run 3
OTL by OldTimer - Version 3.2.9.1 Folder = C:\Users\BIOS\Desktop
Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
Internet Explorer (Version = 7.0.6002.18005)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

3.00 Gb Total Physical Memory | 2.00 Gb Available Physical Memory | 54.00% Memory free
6.00 Gb Paging File | 4.00 Gb Available in Paging File | 72.00% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 683.57 Gb Total Space | 511.52 Gb Free Space | 74.83% Space Free | Partition Type: NTFS
Drive D: | 15.00 Gb Total Space | 10.13 Gb Free Space | 67.55% Space Free | Partition Type: NTFS
E: Drive not present or media not loaded
Drive F: | 5.51 Gb Total Space | 0.00 Gb Free Space | 0.00% Space Free | Partition Type: UDF
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded
Drive L: | 7.47 Gb Total Space | 3.48 Gb Free Space | 46.55% Space Free | Partition Type: FAT32

Computer Name: BIOS-PC
Current User Name: BIOS
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: All users
Company Name Whitelist: Off
Skip Microsoft Files: Off
File Age = 30 Days
Output = Minimal

========== Processes (SafeList) ==========

PRC - C:\Users\BIOS\Desktop\OTL.exe (OldTimer Tools)
PRC - C:\Program Files\Lavasoft\Ad-Aware\AAWTray.exe (Lavasoft)
PRC - C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe (Lavasoft)
PRC - C:\Program Files\Mozilla Firefox\plugin-container.exe (Mozilla Corporation)
PRC - C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation)
PRC - C:\Windows\System32\atieclxx.exe (AMD)
PRC - C:\Windows\System32\atiesrxx.exe (AMD)
PRC - C:\Program Files\TheBestSpinner\TheBestSpinner.exe ()
PRC - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe (Macrovision Europe Ltd.)
PRC - C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe (Apple Inc.)
PRC - C:\Program Files\Hide My IP\HideMyIpSrv.exe ()
PRC - C:\Program Files\Symantec\Symantec Endpoint Protection\SmcGui.exe (Symantec Corporation)
PRC - C:\Program Files\Symantec\Symantec Endpoint Protection\Smc.exe (Symantec Corporation)
PRC - C:\Program Files\Symantec\Symantec Endpoint Protection\Rtvscan.exe (Symantec Corporation)
PRC - C:\Windows\explorer.exe (Microsoft Corporation)
PRC - C:\Program Files\Common Files\Symantec Shared\ccApp.exe (Symantec Corporation)
PRC - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe (Symantec Corporation)
PRC - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\Acrotray.exe (Adobe Systems Inc.)
PRC - C:\Program Files\FlashFXP\FlashFXP.exe (IniCom Networks, Inc.)
PRC - C:\Windows\System32\stacsv.exe (SigmaTel, Inc.)
PRC - C:\Program Files\SigmaTel\C-Major Audio\WDM\sttray.exe (SigmaTel, Inc.)


========== Modules (SafeList) ==========

MOD - C:\Users\BIOS\Desktop\OTL.exe (OldTimer Tools)
MOD - C:\Windows\System32\WindowsCodecs.dll (Microsoft Corporation)
MOD - C:\Windows\System32\EhStorShell.dll (Microsoft Corporation)
MOD - C:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.6002.18005_none_5cb72f96088b0de0\comctl32.dll (Microsoft Corporation)
MOD - C:\Windows\System32\msscript.ocx (Microsoft Corporation)


========== Win32 Services (SafeList) ==========

SRV - (CUDDJHOL) -- C:\Users\BIOS\AppData\Local\Temp\CUDDJHOL.exe (Sysinternals - www.sysinternals.com)
SRV - (TOOTHGQOH) -- C:\Users\BIOS\AppData\Local\Temp\TOOTHGQOH.exe (Sysinternals - www.sysinternals.com)
SRV - (Lavasoft Ad-Aware Service) -- C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe (Lavasoft)
SRV - (Steam Client Service) -- C:\Program Files\Common Files\Steam\SteamService.exe (Valve Corporation)
SRV - (AMD External Events Utility) -- C:\Windows\System32\atiesrxx.exe (AMD)
SRV - (FLEXnet Licensing Service) -- C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe (Macrovision Europe Ltd.)
SRV - (Apple Mobile Device) -- C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe (Apple Inc.)
SRV - (HideMyIpSRV) -- C:\Program Files\Hide My IP\HideMyIpSrv.exe ()
SRV - (SmcService) -- C:\Program Files\Symantec\Symantec Endpoint Protection\Smc.exe (Symantec Corporation)
SRV - (Symantec AntiVirus) -- C:\Program Files\Symantec\Symantec Endpoint Protection\Rtvscan.exe (Symantec Corporation)
SRV - (SNAC) -- C:\Program Files\Symantec\Symantec Endpoint Protection\SNAC.EXE (Symantec Corporation)
SRV - (ccSetMgr) -- C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe (Symantec Corporation)
SRV - (ccEvtMgr) -- C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe (Symantec Corporation)
SRV - (LiveUpdate) -- C:\Program Files\Symantec\LiveUpdate\LuComServer_3_3.EXE (Symantec Corporation)
SRV - (WinDefend) -- C:\Program Files\Windows Defender\MpSvc.dll (Microsoft Corporation)
SRV - (STacSV) -- C:\Windows\System32\stacsv.exe (SigmaTel, Inc.)


========== Driver Services (SafeList) ==========

DRV - (NwlnkFwd) -- C:\Windows\System32\DRIVERS\nwlnkfwd.sys File not found
DRV - (NwlnkFlt) -- C:\Windows\System32\DRIVERS\nwlnkflt.sys File not found
DRV - (MEMSWEEP2) -- C:\Windows\System32\1A99.tmp File not found
DRV - (mcdbus) -- C:\Windows\System32\DRIVERS\mcdbus.sys File not found
DRV - (IpInIp) -- C:\Windows\System32\DRIVERS\ipinip.sys File not found
DRV - (catchme) -- C:\Users\BIOS\AppData\Local\Temp\catchme.sys File not found
DRV - (BCM42RLY) -- C:\Windows\System32\drivers\BCM42RLY.sys File not found
DRV - (NAVEX15) -- C:\ProgramData\Symantec\Definitions\VirusDefs\20100819.003\NAVEX15.SYS (Symantec Corporation)
DRV - (NAVENG) -- C:\ProgramData\Symantec\Definitions\VirusDefs\20100819.003\NAVENG.SYS (Symantec Corporation)
DRV - (Lbd) -- C:\Windows\system32\DRIVERS\Lbd.sys (Lavasoft AB)
DRV - (atikmdag) -- C:\Windows\System32\drivers\atikmdag.sys (ATI Technologies Inc.)
DRV - (amdkmdag) -- C:\Windows\System32\drivers\atikmdag.sys (ATI Technologies Inc.)
DRV - (amdkmdap) -- C:\Windows\System32\drivers\atikmpag.sys (Advanced Micro Devices, Inc.)
DRV - (taphss) -- C:\Windows\System32\drivers\taphss.sys (AnchorFree Inc)
DRV - (WpsHelper) -- C:\Windows\System32\drivers\WpsHelper.sys (Symantec Corporation)
DRV - (SymEvent) -- C:\Windows\System32\drivers\SYMEVENT.SYS (Symantec Corporation)
DRV - (eeCtrl) -- C:\Program Files\Common Files\Symantec Shared\EENGINE\eeCtrl.sys (Symantec Corporation)
DRV - (EraserUtilRebootDrv) -- C:\Program Files\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys (Symantec Corporation)
DRV - (AtiHdmiService) -- C:\Windows\System32\drivers\AtiHdmi.sys (ATI Technologies, Inc.)
DRV - (WPS) -- C:\Windows\System32\drivers\WPSDRVnt.sys (Symantec Corporation)
DRV - (WinUsb) -- C:\Windows\System32\drivers\winusb.sys (Microsoft Corporation)
DRV - (SRTSPL) -- C:\Windows\System32\drivers\srtspl.sys (Symantec Corporation)
DRV - (SRTSP) -- C:\Windows\System32\drivers\srtsp.sys (Symantec Corporation)
DRV - (SRTSPX) -- C:\Windows\System32\drivers\srtspx.sys (Symantec Corporation)
DRV - (COH_Mon) -- C:\Windows\System32\drivers\COH_Mon.sys (Symantec Corporation)
DRV - (Teefer2) -- C:\Windows\System32\drivers\Teefer2.sys (Symantec Corporation)
DRV - (SPBBCDrv) -- C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCDrv.sys (Symantec Corporation)
DRV - (SYMTDI) -- C:\Windows\System32\Drivers\SYMTDI.SYS (Symantec Corporation)
DRV - (SYMREDRV) -- C:\Windows\System32\Drivers\SYMREDRV.SYS (Symantec Corporation)
DRV - (MegaSR) -- C:\Windows\system32\drivers\megasr.sys (LSI Corporation, Inc.)
DRV - (adpu320) -- C:\Windows\system32\drivers\adpu320.sys (Adaptec, Inc.)
DRV - (megasas) -- C:\Windows\system32\drivers\megasas.sys (LSI Corporation)
DRV - (adpu160m) -- C:\Windows\system32\drivers\adpu160m.sys (Adaptec, Inc.)
DRV - (SiSRaid4) -- C:\Windows\system32\drivers\sisraid4.sys (Silicon Integrated Systems)
DRV - (HpCISSs) -- C:\Windows\system32\drivers\hpcisss.sys (Hewlett-Packard Company)
DRV - (VST_DPV) -- C:\Windows\System32\drivers\VSTDPV3.SYS (Conexant Systems, Inc.)
DRV - (winachsf) -- C:\Windows\System32\drivers\VSTCNXT3.SYS (Conexant Systems, Inc.)
DRV - (adpahci) -- C:\Windows\system32\drivers\adpahci.sys (Adaptec, Inc.)
DRV - (VSTHWBS2) -- C:\Windows\System32\drivers\VSTBS23.SYS (Conexant Systems, Inc.)
DRV - (e1express) Intel® -- C:\Windows\System32\drivers\e1e6032.sys (Intel Corporation)
DRV - (LSI_SAS) -- C:\Windows\system32\drivers\lsi_sas.sys (LSI Logic)
DRV - (ql2300) -- C:\Windows\system32\drivers\ql2300.sys (QLogic Corporation)
DRV - (E1G60) Intel® -- C:\Windows\System32\drivers\E1G60I32.sys (Intel Corporation)
DRV - (arcsas) -- C:\Windows\system32\drivers\arcsas.sys (Adaptec, Inc.)
DRV - (iaStorV) -- C:\Windows\system32\drivers\iastorv.sys (Intel Corporation)
DRV - (vsmraid) -- C:\Windows\system32\drivers\vsmraid.sys (VIA Technologies Inc.,Ltd)
DRV - (ulsata2) -- C:\Windows\system32\drivers\ulsata2.sys (Promise Technology, Inc.)
DRV - (LSI_SCSI) -- C:\Windows\system32\drivers\lsi_scsi.sys (LSI Logic)
DRV - (LSI_FC) -- C:\Windows\system32\drivers\lsi_fc.sys (LSI Logic)
DRV - (arc) -- C:\Windows\system32\drivers\arc.sys (Adaptec, Inc.)
DRV - (elxstor) -- C:\Windows\system32\drivers\elxstor.sys (Emulex)
DRV - (adp94xx) -- C:\Windows\system32\drivers\adp94xx.sys (Adaptec, Inc.)
DRV - (nvraid) -- C:\Windows\system32\drivers\nvraid.sys (NVIDIA Corporation)
DRV - (nvstor) -- C:\Windows\system32\drivers\nvstor.sys (NVIDIA Corporation)
DRV - (uliahci) -- C:\Windows\system32\drivers\uliahci.sys (ULi Electronics Inc.)
DRV - (viaide) -- C:\Windows\system32\drivers\viaide.sys (VIA Technologies, Inc.)
DRV - (cmdide) -- C:\Windows\system32\drivers\cmdide.sys (CMD Technology, Inc.)
DRV - (aliide) -- C:\Windows\system32\drivers\aliide.sys (Acer Laboratories Inc.)
DRV - (BCM43XX) -- C:\Windows\System32\drivers\BCMWL6.SYS (Broadcom Corp.)
DRV - (BCM43XV) -- C:\Windows\System32\drivers\BCMWL6.SYS (Broadcom Corp.)
DRV - (STHDA) -- C:\Windows\System32\drivers\stwrt.sys (SigmaTel, Inc.)
DRV - (ql40xx) -- C:\Windows\system32\drivers\ql40xx.sys (QLogic Corporation)
DRV - (UlSata) -- C:\Windows\system32\drivers\ulsata.sys (Promise Technology, Inc.)
DRV - (nfrd960) -- C:\Windows\system32\drivers\nfrd960.sys (IBM Corporation)
DRV - (iirsp) -- C:\Windows\system32\drivers\iirsp.sys (Intel Corp./ICP vortex GmbH)
DRV - (aic78xx) -- C:\Windows\system32\drivers\djsvs.sys (Adaptec, Inc.)
DRV - (iteraid) -- C:\Windows\system32\drivers\iteraid.sys (Integrated Technology Express, Inc.)
DRV - (iteatapi) -- C:\Windows\system32\drivers\iteatapi.sys (Integrated Technology Express, Inc.)
DRV - (Symc8xx) -- C:\Windows\system32\drivers\symc8xx.sys (LSI Logic)
DRV - (Sym_u3) -- C:\Windows\system32\drivers\sym_u3.sys (LSI Logic)
DRV - (Mraid35x) -- C:\Windows\system32\drivers\mraid35x.sys (LSI Logic Corporation)
DRV - (Sym_hi) -- C:\Windows\system32\drivers\sym_hi.sys (LSI Logic)
DRV - (Brserid) Brother MFC Serial Port Interface Driver (WDM) -- C:\Windows\system32\drivers\brserid.sys (Brother Industries Ltd.)
DRV - (BrUsbSer) -- C:\Windows\system32\drivers\brusbser.sys (Brother Industries Ltd.)
DRV - (BrFiltUp) -- C:\Windows\system32\drivers\brfiltup.sys (Brother Industries, Ltd.)
DRV - (BrFiltLo) -- C:\Windows\system32\drivers\brfiltlo.sys (Brother Industries, Ltd.)
DRV - (BrSerWdm) -- C:\Windows\system32\drivers\brserwdm.sys (Brother Industries Ltd.)
DRV - (BrUsbMdm) -- C:\Windows\system32\drivers\brusbmdm.sys (Brother Industries Ltd.)
DRV - (ntrigdigi) -- C:\Windows\system32\drivers\ntrigdigi.sys (N-trig Innovative Technologies)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm


IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0



IE - HKU\S-1-5-21-2499015947-3588977296-2606158687-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.com/
IE - HKU\S-1-5-21-2499015947-3588977296-2606158687-1000\SOFTWARE\Microsoft\Internet Explorer\Main,StartPageCache = 1
IE - HKU\S-1-5-21-2499015947-3588977296-2606158687-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-21-2499015947-3588977296-2606158687-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = local
IE - HKU\S-1-5-21-2499015947-3588977296-2606158687-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyServer" = 208.98.19.64:52931

========== FireFox ==========

FF - prefs.js..browser.startup.homepage: "http://www.google.com"
FF - prefs.js..extensions.enabledItems: seotoolbar@seobook.com:1.0.18
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}:6.0.20
FF - prefs.js..extensions.enabledItems: {d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}:1.2.1
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}:6.0.21
FF - prefs.js..keyword.URL: "http://www.google.com/search?ie=UTF-8&oe=UTF-8&sourceid=navclient&gfns=1&q="
FF - prefs.js..network.proxy.type: 1

FF - HKLM\software\mozilla\Mozilla Firefox 3.6.8\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2010/07/25 23:55:42 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.6.8\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2010/08/06 11:01:44 | 000,000,000 | ---D | M]

[2010/05/26 23:31:15 | 000,000,000 | ---D | M] -- C:\Users\BIOS\AppData\Roaming\Mozilla\Extensions
[2010/08/18 13:36:34 | 000,000,000 | ---D | M] -- C:\Users\BIOS\AppData\Roaming\Mozilla\Firefox\Profiles\hvuh5y4l.default\extensions
[2010/07/04 22:38:23 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Users\BIOS\AppData\Roaming\Mozilla\Firefox\Profiles\hvuh5y4l.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}
[2010/07/31 21:13:30 | 000,000,000 | ---D | M] (Adblock Plus) -- C:\Users\BIOS\AppData\Roaming\Mozilla\Firefox\Profiles\hvuh5y4l.default\extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}
[2010/06/25 20:44:32 | 000,000,000 | ---D | M] -- C:\Users\BIOS\AppData\Roaming\Mozilla\Firefox\Profiles\hvuh5y4l.default\extensions\seotoolbar@seobook.com
[2010/08/09 11:15:40 | 000,000,000 | ---D | M] -- C:\Program Files\Mozilla Firefox\extensions
[2010/05/29 21:48:28 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}
[2010/08/09 11:15:40 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}
[2010/07/17 05:00:04 | 000,423,656 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\Mozilla Firefox\plugins\npdeployJava1.dll

O1 HOSTS File: ([2010/08/11 16:17:50 | 000,000,027 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O2 - BHO: (Adobe PDF Conversion Toolbar Helper) - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O2 - BHO: (FlashFXP Helper for Internet Explorer) - {E5A1691B-D188-4419-AD02-90002030B8EE} - C:\Program Files\FlashFXP\IEFlash.dll (IniCom Networks, Inc.)
O3 - HKLM\..\Toolbar: (Adobe PDF) - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O3 - HKU\S-1-5-21-2499015947-3588977296-2606158687-1000\..\Toolbar\WebBrowser: (Adobe PDF) - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O4 - HKLM..\Run: [Acrobat Assistant 8.0] C:\Program Files\Adobe\Acrobat 8.0\Acrobat\Acrotray.exe (Adobe Systems Inc.)
O4 - HKLM..\Run: [ATICustomerCare] C:\Program Files\ATI\ATICustomerCare\ATICustomerCare.exe (Advanced Micro Devices, Inc.)
O4 - HKLM..\Run: [ccApp] C:\Program Files\Common Files\Symantec Shared\ccApp.exe (Symantec Corporation)
O4 - HKLM..\Run: [SigmatelSysTrayApp] C:\Program Files\SigmaTel\C-Major Audio\WDM\sttray.exe (SigmaTel, Inc.)
O4 - HKLM..\Run: [StartCCC] C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe (Advanced Micro Devices, Inc.)
O4 - HKLM..\Run: [Windows Defender] C:\Program Files\Windows Defender\MSASCui.exe (Microsoft Corporation)
O4 - HKU\S-1-5-21-2499015947-3588977296-2606158687-1000..\Run: [Steam] C:\Program Files\Steam\Steam.exe (Valve Corporation)
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O7 - HKU\.DEFAULT\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-18\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-19\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-20\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-21-2499015947-3588977296-2606158687-1000\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-21-2499015947-3588977296-2606158687-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O9 - Extra Button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office\Office12\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office\Office12\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra Button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\Program Files\Microsoft Office\Office12\REFIEBAR.DLL (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000005 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O10 - Protocol_Catalog9\Catalog_Entries\000000000001 - C:\Windows\System32\HMIPCore.dll (My Privacy Tools, Inc.)
O10 - Protocol_Catalog9\Catalog_Entries\000000000002 - C:\Windows\System32\HMIPCore.dll (My Privacy Tools, Inc.)
O10 - Protocol_Catalog9\Catalog_Entries\000000000003 - C:\Windows\System32\HMIPCore.dll (My Privacy Tools, Inc.)
O10 - Protocol_Catalog9\Catalog_Entries\000000000004 - C:\Windows\System32\HMIPCore.dll (My Privacy Tools, Inc.)
O10 - Protocol_Catalog9\Catalog_Entries\000000000015 - C:\Windows\System32\HMIPCore.dll (My Privacy Tools, Inc.)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Java Plug-in 1.6.0_21)
O16 - DPF: {CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Java Plug-in 1.6.0_21)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Java Plug-in 1.6.0_21)
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab (Reg Error: Key error.)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1 213.109.64.109 213.109.73.42
O18 - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - C:\Program Files\Common Files\microsoft shared\Help\hxds.dll (Microsoft Corporation)
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O18 - Protocol\Filter\text/xml {807563E5-5146-11D5-A672-00B0D022E945} - C:\Program Files\Common Files\microsoft shared\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O24 - Desktop WallPaper: C:\Windows\Web\Wallpaper\img24.jpg
O24 - Desktop BackupWallPaper: C:\Windows\Web\Wallpaper\img24.jpg
O28 - HKLM ShellExecuteHooks: {AEB6717E-7E19-11d0-97EE-00C04FD91972} - Reg Error: Key error. File not found
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2006/09/18 14:43:36 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O32 - AutoRun File - [2008/09/08 14:13:25 | 000,000,058 | R--- | M] () - F:\autorun.inf -- [ UDF ]
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O34 - HKLM BootExecute: (lsdelete) - C:\Windows\System32\lsdelete.exe ()
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

========== Files/Folders - Created Within 30 Days ==========

[2010/08/19 10:39:09 | 000,575,488 | ---- | C] (OldTimer Tools) -- C:\Users\BIOS\Desktop\OTL(2).exe
[2010/08/18 20:48:37 | 000,000,000 | ---D | C] -- C:\Users\BIOS\AppData\Local\Fallout3
[2010/08/18 14:55:26 | 000,000,000 | ---D | C] -- C:\Users\BIOS\Desktop\blu_cigs
[2010/08/17 22:06:42 | 000,000,000 | ---D | C] -- C:\Program Files\Sophos
[2010/08/16 18:58:05 | 000,000,000 | ---D | C] -- C:\Program Files\Bethesda Softworks
[2010/08/16 18:55:19 | 000,000,000 | ---D | C] -- C:\Windows\System32\xlive
[2010/08/15 11:11:06 | 000,000,000 | ---D | C] -- C:\Windows\Minidump
[2010/08/14 20:01:24 | 000,000,000 | ---D | C] -- C:\ProgramData\ATI
[2010/08/14 19:52:13 | 000,000,000 | ---D | C] -- C:\ProgramData\WindowsSearch
[2010/08/14 19:47:48 | 000,000,000 | ---D | C] -- C:\ATI
[2010/08/14 19:23:58 | 002,106,216 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\D3DCompiler_43.dll
[2010/08/14 19:23:58 | 000,527,192 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\XAudio2_7.dll
[2010/08/14 19:23:58 | 000,239,960 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\xactengine3_7.dll
[2010/08/14 19:23:58 | 000,074,072 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\XAPOFX1_5.dll
[2010/08/14 19:23:57 | 001,998,168 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\D3DX9_43.dll
[2010/08/14 19:23:57 | 001,868,128 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\d3dcsx_43.dll
[2010/08/14 19:23:57 | 000,470,880 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\d3dx10_43.dll
[2010/08/14 19:23:57 | 000,248,672 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\d3dx11_43.dll
[2010/08/14 19:07:09 | 000,000,000 | ---D | C] -- C:\Users\BIOS\AppData\Local\PunkBuster
[2010/08/14 19:07:04 | 000,000,000 | ---D | C] -- C:\Users\BIOS\Documents\BFBC2
[2010/08/14 18:42:57 | 000,000,000 | ---D | C] -- C:\Program Files\Electronic Arts
[2010/08/14 11:32:38 | 000,574,976 | ---- | C] (OldTimer Tools) -- C:\Users\BIOS\Desktop\OTL.exe
[2010/08/14 11:15:02 | 001,642,496 | ---- | C] (Chilkat Software, Inc.) -- C:\Windows\System32\ChilkatMail_v7_9.dll
[2010/08/14 11:15:02 | 000,180,224 | ---- | C] (Intel Corporation) -- C:\Windows\System32\ijl11.dll
[2010/08/12 21:03:18 | 000,000,000 | ---D | C] -- C:\32788R22FWJFW
[2010/08/11 16:54:37 | 000,000,000 | -HSD | C] -- C:\$RECYCLE.BIN
[2010/08/11 16:54:34 | 000,000,000 | ---D | C] -- C:\Users\BIOS\AppData\Local\Temp
[2010/08/11 16:39:33 | 000,081,920 | ---- | C] (Radius Inc.) -- C:\Windows\System32\iccvid.dll
[2010/08/11 16:39:25 | 000,193,024 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iepeers.dll
[2010/08/11 16:39:24 | 000,078,336 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieencode.dll
[2010/08/11 16:39:23 | 000,380,928 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieapfltr.dll
[2010/08/11 16:39:13 | 002,037,760 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\win32k.sys
[2010/08/11 16:39:12 | 000,036,864 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\rtutils.dll
[2010/08/11 16:39:01 | 003,600,768 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ntkrnlpa.exe
[2010/08/11 16:38:58 | 003,548,040 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ntoskrnl.exe
[2010/08/11 16:17:03 | 000,000,000 | ---D | C] -- C:\Windows\temp
[2010/08/11 16:11:59 | 000,212,480 | ---- | C] (SteelWerX) -- C:\Windows\SWXCACLS.exe
[2010/08/11 15:03:51 | 000,038,224 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbamswissarmy.sys
[2010/08/11 15:03:49 | 000,020,952 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbam.sys
[2010/08/11 15:03:49 | 000,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware
[2010/08/10 10:49:49 | 000,000,000 | ---D | C] -- C:\Users\BIOS\Desktop\New Folder (2)
[2010/08/09 11:16:41 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Java
[2010/08/09 11:15:39 | 000,153,376 | ---- | C] (Sun Microsystems, Inc.) -- C:\Windows\System32\javaws.exe
[2010/08/09 11:15:39 | 000,145,184 | ---- | C] (Sun Microsystems, Inc.) -- C:\Windows\System32\javaw.exe
[2010/08/09 11:15:39 | 000,145,184 | ---- | C] (Sun Microsystems, Inc.) -- C:\Windows\System32\java.exe
[2010/08/08 00:02:31 | 000,064,288 | ---- | C] (Lavasoft AB) -- C:\Windows\System32\drivers\Lbd.sys
[2010/08/08 00:00:06 | 000,000,000 | -H-D | C] -- C:\ProgramData\{BD986C1B-72EC-4B82-B47B-6CAC4E6F494E}
[2010/08/07 23:59:18 | 000,000,000 | ---D | C] -- C:\Program Files\Lavasoft
[2010/08/03 21:40:22 | 000,031,232 | ---- | C] (NirSoft) -- C:\Windows\NIRCMD.exe
[2010/08/03 21:38:50 | 000,161,792 | ---- | C] (SteelWerX) -- C:\Windows\SWREG.exe
[2010/08/03 21:38:50 | 000,136,704 | ---- | C] (SteelWerX) -- C:\Windows\SWSC.exe
[2010/08/03 21:38:21 | 000,000,000 | ---D | C] -- C:\Windows\ERDNT
[2010/08/03 21:37:44 | 000,000,000 | ---D | C] -- C:\Qoobox
[2010/08/03 12:16:02 | 000,000,000 | ---D | C] -- C:\Users\BIOS\AppData\Roaming\Opera
[2010/08/03 12:16:02 | 000,000,000 | ---D | C] -- C:\Users\BIOS\AppData\Local\Opera
[2010/08/03 12:15:52 | 000,000,000 | ---D | C] -- C:\Program Files\Opera
[2010/07/30 18:19:18 | 000,000,000 | ---D | C] -- C:\Windows\System32\eu-ES
[2010/07/30 18:19:18 | 000,000,000 | ---D | C] -- C:\Windows\System32\ca-ES
[2010/07/30 18:19:16 | 000,000,000 | ---D | C] -- C:\Windows\System32\vi-VN
[2010/07/30 18:03:10 | 000,000,000 | ---D | C] -- C:\Windows\System32\EventProviders
[2010/07/30 17:16:17 | 000,000,000 | ---D | C] -- C:\Users\BIOS\Desktop\backups
[2010/07/30 17:14:59 | 000,388,608 | ---- | C] (Trend Micro Inc.) -- C:\Users\BIOS\Desktop\HijackThis.exe
[2010/07/30 14:50:44 | 000,000,000 | ---D | C] -- C:\Users\BIOS\AppData\Local\Adobe
[2010/07/30 14:20:17 | 000,000,000 | ---D | C] -- C:\ProgramData\SUPERAntiSpyware.com
[2010/07/29 22:37:09 | 000,000,000 | ---D | C] -- C:\Users\BIOS\AppData\Roaming\Malwarebytes
[2010/07/29 22:37:00 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes
[2010/07/27 17:25:16 | 000,000,000 | ---D | C] -- C:\ProgramData\Spybot - Search & Destroy
[2010/07/27 17:25:16 | 000,000,000 | ---D | C] -- C:\Program Files\Spybot - Search & Destroy
[2010/07/25 19:25:47 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Steam
[2010/07/25 19:25:38 | 000,000,000 | ---D | C] -- C:\Program Files\Steam
[2010/07/20 17:53:08 | 000,095,024 | ---- | C] (Sunbelt Software) -- C:\Windows\System32\drivers\SBREDrv.sys
[2010/07/20 17:47:39 | 000,000,000 | ---D | C] -- C:\Users\BIOS\AppData\Local\Sunbelt Software
[2010/07/20 17:46:15 | 000,000,000 | ---D | C] -- C:\ProgramData\Lavasoft
[1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2010/08/19 11:23:14 | 007,864,320 | -HS- | M] () -- C:\Users\BIOS\NTUSER.DAT
[2010/08/19 10:39:11 | 000,575,488 | ---- | M] (OldTimer Tools) -- C:\Users\BIOS\Desktop\OTL(2).exe
[2010/08/19 10:32:32 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2010/08/19 02:11:46 | 000,003,616 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
[2010/08/19 02:11:46 | 000,003,616 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
[2010/08/18 15:30:46 | 000,006,656 | ---- | M] () -- C:\Users\BIOS\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2010/08/18 13:40:15 | 000,000,416 | -H-- | M] () -- C:\Windows\tasks\User_Feed_Synchronization-{4C85487F-5F2B-4011-88BA-1B14BCA19970}.job
[2010/08/18 10:41:23 | 003,001,336 | ---- | M] () -- C:\Users\BIOS\Desktop\backup-8.18.2010_13-22-10_services.tar.gz
[2010/08/18 10:27:47 | 000,000,740 | ---- | M] () -- C:\Users\BIOS\Application Data\Microsoft\Internet Explorer\Quick Launch\Opera.lnk
[2010/08/18 10:27:47 | 000,000,716 | ---- | M] () -- C:\Users\Public\Desktop\Opera.lnk
[2010/08/18 10:16:03 | 000,690,960 | ---- | M] () -- C:\Windows\System32\PerfStringBackup.INI
[2010/08/18 10:16:03 | 000,582,792 | ---- | M] () -- C:\Windows\System32\perfh009.dat
[2010/08/18 10:16:03 | 000,096,864 | ---- | M] () -- C:\Windows\System32\perfc009.dat
[2010/08/18 10:11:55 | 000,000,006 | -H-- | M] () -- C:\Windows\tasks\SA.DAT
[2010/08/18 10:11:34 | 3219,050,496 | -HS- | M] () -- C:\hiberfil.sys
[2010/08/17 22:37:14 | 000,524,288 | -HS- | M] () -- C:\Users\BIOS\NTUSER.DAT{c0bcf361-a95f-11df-a08b-002219058294}.TMContainer00000000000000000002.regtrans-ms
[2010/08/17 22:37:14 | 000,524,288 | -HS- | M] () -- C:\Users\BIOS\NTUSER.DAT{c0bcf361-a95f-11df-a08b-002219058294}.TMContainer00000000000000000001.regtrans-ms
[2010/08/17 22:37:14 | 000,065,536 | -HS- | M] () -- C:\Users\BIOS\NTUSER.DAT{c0bcf361-a95f-11df-a08b-002219058294}.TM.blf
[2010/08/17 22:37:02 | 002,912,823 | -H-- | M] () -- C:\Users\BIOS\AppData\Local\IconCache.db
[2010/08/16 14:52:24 | 000,139,128 | ---- | M] () -- C:\Windows\System32\drivers\PnkBstrK.sys
[2010/08/16 14:52:15 | 000,215,128 | ---- | M] () -- C:\Windows\System32\PnkBstrB.xtr
[2010/08/16 00:26:49 | 000,524,288 | -HS- | M] () -- C:\Users\BIOS\NTUSER.DAT{3a539871-6a70-11db-887c-d362bd253390}.TMContainer00000000000000000001.regtrans-ms
[2010/08/16 00:26:49 | 000,065,536 | -HS- | M] () -- C:\Users\BIOS\NTUSER.DAT{3a539871-6a70-11db-887c-d362bd253390}.TM.blf
[2010/08/15 22:23:27 | 000,000,293 | ---- | M] () -- C:\Users\BIOS\Desktop\ITS A WAR.lnk
[2010/08/15 11:10:51 | 417,657,012 | ---- | M] () -- C:\Windows\MEMORY.DMP
[2010/08/14 19:58:02 | 000,001,935 | ---- | M] () -- C:\Users\Public\Desktop\Play The Lord of the Rings Online™ - FREE for 10 Days!.lnk
[2010/08/14 18:54:21 | 000,138,056 | ---- | M] () -- C:\Users\BIOS\AppData\Roaming\PnkBstrK.sys
[2010/08/14 18:54:04 | 002,434,856 | ---- | M] () -- C:\Windows\System32\pbsvc_bc2.exe
[2010/08/14 15:28:33 | 000,109,627 | ---- | M] () -- C:\Users\BIOS\Desktop\1814973.jpg
[2010/08/14 11:32:39 | 000,574,976 | ---- | M] (OldTimer Tools) -- C:\Users\BIOS\Desktop\OTL.exe
[2010/08/14 11:15:02 | 000,001,588 | ---- | M] () -- C:\Users\BIOS\Desktop\SENuke.lnk
[2010/08/14 10:54:24 | 001,713,856 | ---- | M] () -- C:\Windows\System32\FNTCACHE.DAT
[2010/08/11 16:17:55 | 000,000,215 | ---- | M] () -- C:\Windows\system.ini
[2010/08/11 16:17:50 | 000,000,027 | ---- | M] () -- C:\Windows\System32\drivers\etc\hosts
[2010/08/11 16:11:51 | 003,816,460 | R--- | M] () -- C:\Users\BIOS\Desktop\etavaresCF.exe
[2010/08/11 15:03:55 | 000,000,820 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes' Anti-Malware.lnk
[2010/08/08 00:00:04 | 000,001,009 | ---- | M] () -- C:\Users\Public\Desktop\Ad-Aware.lnk
[2010/08/04 09:36:25 | 000,400,684 | ---- | M] () -- C:\Users\BIOS\Desktop\RafordReport.zip
[2010/07/30 18:31:07 | 000,000,945 | ---- | M] () -- C:\Users\BIOS\Application Data\Microsoft\Internet Explorer\Quick Launch\Launch Internet Explorer Browser.lnk
[2010/07/29 22:33:27 | 000,388,608 | ---- | M] (Trend Micro Inc.) -- C:\Users\BIOS\Desktop\HijackThis.exe
[2010/07/28 15:56:11 | 000,000,806 | ---- | M] () -- C:\Users\BIOS\Desktop\CCleaner.lnk
[2010/07/26 15:05:19 | 000,102,400 | ---- | M] () -- C:\Users\BIOS\Documents\home mortgage.msam
[2010/07/26 11:22:48 | 000,019,681 | ---- | M] () -- C:\Users\BIOS\Desktop\tripadvisor_trc.png
[2010/07/25 19:37:30 | 000,000,215 | ---- | M] () -- C:\Users\BIOS\Desktop\Supreme Commander 2.url
[2010/07/25 19:32:16 | 000,000,788 | ---- | M] () -- C:\Users\Public\Desktop\Steam.lnk
[2010/07/20 17:53:08 | 000,095,024 | ---- | M] (Sunbelt Software) -- C:\Windows\System32\drivers\SBREDrv.sys
[1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]

========== Files Created - No Company Name ==========

[2010/08/18 14:53:30 | 000,006,656 | ---- | C] () -- C:\Users\BIOS\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2010/08/18 10:22:40 | 003,001,336 | ---- | C] () -- C:\Users\BIOS\Desktop\backup-8.18.2010_13-22-10_services.tar.gz
[2010/08/16 10:58:22 | 000,524,288 | -HS- | C] () -- C:\Users\BIOS\NTUSER.DAT{c0bcf361-a95f-11df-a08b-002219058294}.TMContainer00000000000000000002.regtrans-ms
[2010/08/16 10:58:22 | 000,524,288 | -HS- | C] () -- C:\Users\BIOS\NTUSER.DAT{c0bcf361-a95f-11df-a08b-002219058294}.TMContainer00000000000000000001.regtrans-ms
[2010/08/16 10:58:22 | 000,065,536 | -HS- | C] () -- C:\Users\BIOS\NTUSER.DAT{c0bcf361-a95f-11df-a08b-002219058294}.TM.blf
[2010/08/15 22:23:27 | 000,000,293 | ---- | C] () -- C:\Users\BIOS\Desktop\ITS A WAR.lnk
[2010/08/15 11:10:51 | 417,657,012 | ---- | C] () -- C:\Windows\MEMORY.DMP
[2010/08/14 19:58:02 | 000,001,935 | ---- | C] () -- C:\Users\Public\Desktop\Play The Lord of the Rings Online™ - FREE for 10 Days!.lnk
[2010/08/14 19:07:13 | 000,215,128 | ---- | C] () -- C:\Windows\System32\PnkBstrB.xtr
[2010/08/14 18:54:21 | 000,139,128 | ---- | C] () -- C:\Windows\System32\drivers\PnkBstrK.sys
[2010/08/14 18:54:21 | 000,138,056 | ---- | C] () -- C:\Users\BIOS\AppData\Roaming\PnkBstrK.sys
[2010/08/14 18:54:05 | 000,215,128 | ---- | C] () -- C:\Windows\System32\PnkBstrB.exe
[2010/08/14 18:54:04 | 002,434,856 | ---- | C] () -- C:\Windows\System32\pbsvc_bc2.exe
[2010/08/14 18:54:04 | 000,075,064 | ---- | C] () -- C:\Windows\System32\PnkBstrA.exe
[2010/08/14 15:28:33 | 000,109,627 | ---- | C] () -- C:\Users\BIOS\Desktop\1814973.jpg
[2010/08/11 21:33:34 | 000,293,376 | ---- | C] () -- C:\Users\BIOS\Desktop\gmer.exe
[2010/08/11 15:03:55 | 000,000,820 | ---- | C] () -- C:\Users\Public\Desktop\Malwarebytes' Anti-Malware.lnk
[2010/08/08 01:22:02 | 000,015,880 | ---- | C] () -- C:\Windows\System32\lsdelete.exe
[2010/08/08 00:00:04 | 000,001,009 | ---- | C] () -- C:\Users\Public\Desktop\Ad-Aware.lnk
[2010/08/04 09:36:25 | 000,400,684 | ---- | C] () -- C:\Users\BIOS\Desktop\RafordReport.zip
[2010/08/03 21:38:50 | 000,256,512 | ---- | C] () -- C:\Windows\PEV.exe
[2010/08/03 21:38:50 | 000,098,816 | ---- | C] () -- C:\Windows\sed.exe
[2010/08/03 21:38:50 | 000,080,412 | ---- | C] () -- C:\Windows\grep.exe
[2010/08/03 21:38:50 | 000,077,312 | ---- | C] () -- C:\Windows\MBR.exe
[2010/08/03 21:38:50 | 000,068,096 | ---- | C] () -- C:\Windows\zip.exe
[2010/08/03 21:35:21 | 003,816,460 | R--- | C] () -- C:\Users\BIOS\Desktop\etavaresCF.exe
[2010/08/03 12:15:55 | 000,000,740 | ---- | C] () -- C:\Users\BIOS\Application Data\Microsoft\Internet Explorer\Quick Launch\Opera.lnk
[2010/08/03 12:15:55 | 000,000,716 | ---- | C] () -- C:\Users\Public\Desktop\Opera.lnk
[2010/07/30 14:48:59 | 3219,050,496 | -HS- | C] () -- C:\hiberfil.sys
[2010/07/26 11:22:48 | 000,019,681 | ---- | C] () -- C:\Users\BIOS\Desktop\tripadvisor_trc.png
[2010/07/25 19:37:30 | 000,000,215 | ---- | C] () -- C:\Users\BIOS\Desktop\Supreme Commander 2.url
[2010/07/25 19:25:39 | 000,000,788 | ---- | C] () -- C:\Users\Public\Desktop\Steam.lnk
[2010/07/15 13:24:21 | 000,117,248 | ---- | C] () -- C:\Windows\System32\EhStorAuthn.dll
[2010/07/06 18:14:26 | 000,023,040 | ---- | C] () -- C:\Windows\System32\atitmpxx.dll
[2010/05/28 22:38:42 | 000,000,510 | ---- | C] () -- C:\Windows\ODBC.INI
[2010/05/26 22:48:24 | 000,876,544 | ---- | C] () -- C:\Windows\System32\TEACico2.dll
[2010/05/26 22:44:40 | 000,054,784 | ---- | C] () -- C:\Windows\System32\bcmwlrmt.dll
[2007/11/26 21:56:28 | 000,151,415 | ---- | C] () -- C:\Windows\System32\xlive.dll.cat
[2006/11/02 05:35:32 | 000,005,632 | ---- | C] () -- C:\Windows\System32\sysprepMCE.dll
[2006/11/02 00:40:29 | 000,013,750 | ---- | C] () -- C:\Windows\System32\pacerprf.ini

========== Custom Scans ==========


< %SYSTEMDRIVE%\*.exe >


< MD5 for: AGP440.SYS >
[2008/01/20 19:23:01 | 000,056,376 | ---- | M] (Microsoft Corporation) MD5=13F9E33747E6B41A3FF305C37DB0D360 -- C:\Windows\ERDNT\cache\AGP440.sys
[2008/01/20 19:23:01 | 000,056,376 | ---- | M] (Microsoft Corporation) MD5=13F9E33747E6B41A3FF305C37DB0D360 -- C:\Windows\System32\drivers\AGP440.sys
[2008/01/20 19:23:01 | 000,056,376 | ---- | M] (Microsoft Corporation) MD5=13F9E33747E6B41A3FF305C37DB0D360 -- C:\Windows\System32\DriverStore\FileRepository\machine.inf_51b95d75\AGP440.sys
[2008/01/20 19:23:01 | 000,056,376 | ---- | M] (Microsoft Corporation) MD5=13F9E33747E6B41A3FF305C37DB0D360 -- C:\Windows\System32\DriverStore\FileRepository\machine.inf_f750e484\AGP440.sys
[2008/01/20 19:23:01 | 000,056,376 | ---- | M] (Microsoft Corporation) MD5=13F9E33747E6B41A3FF305C37DB0D360 -- C:\Windows\winsxs\x86_machine.inf_31bf3856ad364e35_6.0.6001.18000_none_ba12ed3bbeb0d97a\AGP440.sys
[2008/01/20 19:23:01 | 000,056,376 | ---- | M] (Microsoft Corporation) MD5=13F9E33747E6B41A3FF305C37DB0D360 -- C:\Windows\winsxs\x86_machine.inf_31bf3856ad364e35_6.0.6002.18005_none_bbfe6647bbd2a4c6\AGP440.sys
[2006/11/02 02:49:52 | 000,053,864 | ---- | M] (Microsoft Corporation) MD5=EF23439CDD587F64C2C1B8825CEAD7D8 -- C:\Windows\System32\DriverStore\FileRepository\machine.inf_920a2c1f\AGP440.sys

< MD5 for: ATAPI.SYS >
[2009/04/10 23:32:26 | 000,019,944 | ---- | M] (Microsoft Corporation) MD5=1F05B78AB91C9075565A9D8A4B880BC4 -- C:\Windows\System32\DriverStore\FileRepository\mshdc.inf_b12d8e84\atapi.sys
[2009/04/10 23:32:26 | 000,019,944 | ---- | M] (Microsoft Corporation) MD5=1F05B78AB91C9075565A9D8A4B880BC4 -- C:\Windows\winsxs\x86_mshdc.inf_31bf3856ad364e35_6.0.6002.18005_none_df23a1261eab99e8\atapi.sys
[2008/01/20 19:23:00 | 000,021,560 | ---- | M] (Microsoft Corporation) MD5=2D9C903DC76A66813D350A562DE40ED9 -- C:\Windows\ERDNT\cache\atapi.sys
[2008/01/20 19:23:00 | 000,021,560 | ---- | M] (Microsoft Corporation) MD5=2D9C903DC76A66813D350A562DE40ED9 -- C:\Windows\System32\drivers\atapi.sys
[2008/01/20 19:23:00 | 000,021,560 | ---- | M] (Microsoft Corporation) MD5=2D9C903DC76A66813D350A562DE40ED9 -- C:\Windows\System32\DriverStore\FileRepository\mshdc.inf_cc18792d\atapi.sys
[2008/01/20 19:23:00 | 000,021,560 | ---- | M] (Microsoft Corporation) MD5=2D9C903DC76A66813D350A562DE40ED9 -- C:\Windows\winsxs\x86_mshdc.inf_31bf3856ad364e35_6.0.6001.18000_none_dd38281a2189ce9c\atapi.sys
[2006/11/02 02:49:36 | 000,019,048 | ---- | M] (Microsoft Corporation) MD5=4F4FCB8B6EA06784FB6D475B7EC7300F -- C:\Windows\System32\DriverStore\FileRepository\mshdc.inf_c6c2e699\atapi.sys

< MD5 for: CNGAUDIT.DLL >
[2006/11/02 02:46:03 | 000,011,776 | ---- | M] (Microsoft Corporation) MD5=7F15B4953378C8B5161D65C26D5FED4D -- C:\Windows\ERDNT\cache\cngaudit.dll
[2006/11/02 02:46:03 | 000,011,776 | ---- | M] (Microsoft Corporation) MD5=7F15B4953378C8B5161D65C26D5FED4D -- C:\Windows\System32\cngaudit.dll
[2006/11/02 02:46:03 | 000,011,776 | ---- | M] (Microsoft Corporation) MD5=7F15B4953378C8B5161D65C26D5FED4D -- C:\Windows\winsxs\x86_microsoft-windows-cngaudit-dll_31bf3856ad364e35_6.0.6000.16386_none_e62d292932a96ce6\cngaudit.dll

< MD5 for: IASTOR.SYS >
[2007/07/26 19:02:44 | 000,305,688 | ---- | M] (Intel Corporation) MD5=BDC361489A7F22E568060FA6FB3C960E -- C:\DELL\drivers\R165147\IaStor.sys
[2007/12/11 01:43:48 | 000,308,248 | ---- | M] (Intel Corporation) MD5=E5A0034847537EAEE3C00349D5C34C5F -- C:\Drivers\storage\R173412\IaStor.sys

< MD5 for: IASTORV.SYS >
[2008/01/20 19:23:23 | 000,235,064 | ---- | M] (Intel Corporation) MD5=54155EA1B0DF185878E0FC9EC3AC3A14 -- C:\Windows\System32\drivers\iaStorV.sys
[2008/01/20 19:23:23 | 000,235,064 | ---- | M] (Intel Corporation) MD5=54155EA1B0DF185878E0FC9EC3AC3A14 -- C:\Windows\System32\DriverStore\FileRepository\iastorv.inf_c9df7691\iaStorV.sys
[2008/01/20 19:23:23 | 000,235,064 | ---- | M] (Intel Corporation) MD5=54155EA1B0DF185878E0FC9EC3AC3A14 -- C:\Windows\winsxs\x86_iastorv.inf_31bf3856ad364e35_6.0.6001.18000_none_af11527887c7fa8f\iaStorV.sys
[2006/11/02 02:51:25 | 000,232,040 | ---- | M] (Intel Corporation) MD5=C957BF4B5D80B46C5017BF0101E6C906 -- C:\Windows\System32\DriverStore\FileRepository\iastorv.inf_37cdafa4\iaStorV.sys

< MD5 for: NETLOGON.DLL >
[2009/04/10 23:28:23 | 000,592,896 | ---- | M] (Microsoft Corporation) MD5=95DAECF0FB120A7B5DA679CC54E37DDE -- C:\Windows\ERDNT\cache\netlogon.dll
[2009/04/10 23:28:23 | 000,592,896 | ---- | M] (Microsoft Corporation) MD5=95DAECF0FB120A7B5DA679CC54E37DDE -- C:\Windows\System32\netlogon.dll
[2009/04/10 23:28:23 | 000,592,896 | ---- | M] (Microsoft Corporation) MD5=95DAECF0FB120A7B5DA679CC54E37DDE -- C:\Windows\winsxs\x86_microsoft-windows-security-netlogon_31bf3856ad364e35_6.0.6002.18005_none_ffa3304f351bb3a3\netlogon.dll
[2008/01/20 19:24:05 | 000,592,384 | ---- | M] (Microsoft Corporation) MD5=A8EFC0B6E75B789F7FD3BA5025D4E37F -- C:\Windows\winsxs\x86_microsoft-windows-security-netlogon_31bf3856ad364e35_6.0.6001.18000_none_fdb7b74337f9e857\netlogon.dll

< MD5 for: NVRAID.SYS >
[2008/01/20 19:23:21 | 000,102,968 | ---- | M] (NVIDIA Corporation) MD5=2EDF9E7751554B42CBB60116DE727101 -- C:\Windows\System32\drivers\nvraid.sys
[2008/01/20 19:23:21 | 000,102,968 | ---- | M] (NVIDIA Corporation) MD5=2EDF9E7751554B42CBB60116DE727101 -- C:\Windows\System32\DriverStore\FileRepository\nvraid.inf_31c3d71d\nvraid.sys
[2008/01/20 19:23:21 | 000,102,968 | ---- | M] (NVIDIA Corporation) MD5=2EDF9E7751554B42CBB60116DE727101 -- C:\Windows\winsxs\x86_nvraid.inf_31bf3856ad364e35_6.0.6001.18000_none_39dac327befea467\nvraid.sys
[2006/11/02 02:50:24 | 000,088,680 | ---- | M] (NVIDIA Corporation) MD5=E69E946F80C1C31C53003BFBF50CBB7C -- C:\Windows\System32\DriverStore\FileRepository\nvraid.inf_733654ff\nvraid.sys

< MD5 for: NVSTOR.SYS >
[2006/11/02 02:50:13 | 000,040,040 | ---- | M] (NVIDIA Corporation) MD5=9E0BA19A28C498A6D323D065DB76DFFC -- C:\Windows\System32\DriverStore\FileRepository\nvraid.inf_733654ff\nvstor.sys
[2008/01/20 19:23:21 | 000,045,112 | ---- | M] (NVIDIA Corporation) MD5=ABED0C09758D1D97DB0042DBB2688177 -- C:\Windows\System32\drivers\nvstor.sys
[2008/01/20 19:23:21 | 000,045,112 | ---- | M] (NVIDIA Corporation) MD5=ABED0C09758D1D97DB0042DBB2688177 -- C:\Windows\System32\DriverStore\FileRepository\nvraid.inf_31c3d71d\nvstor.sys
[2008/01/20 19:23:21 | 000,045,112 | ---- | M] (NVIDIA Corporation) MD5=ABED0C09758D1D97DB0042DBB2688177 -- C:\Windows\winsxs\x86_nvraid.inf_31bf3856ad364e35_6.0.6001.18000_none_39dac327befea467\nvstor.sys

< MD5 for: SCECLI.DLL >
[2008/01/20 19:24:50 | 000,177,152 | ---- | M] (Microsoft Corporation) MD5=28B84EB538F7E8A0FE8B9299D591E0B9 -- C:\Windows\winsxs\x86_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.0.6001.18000_none_380de25bd91b6f12\scecli.dll
[2009/04/10 23:28:24 | 000,177,152 | ---- | M] (Microsoft Corporation) MD5=8FC182167381E9915651267044105EE1 -- C:\Windows\ERDNT\cache\scecli.dll
[2009/04/10 23:28:24 | 000,177,152 | ---- | M] (Microsoft Corporation) MD5=8FC182167381E9915651267044105EE1 -- C:\Windows\System32\scecli.dll
[2009/04/10 23:28:24 | 000,177,152 | ---- | M] (Microsoft Corporation) MD5=8FC182167381E9915651267044105EE1 -- C:\Windows\winsxs\x86_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.0.6002.18005_none_39f95b67d63d3a5e\scecli.dll

< %systemroot%\*. /mp /s >

< %systemroot%\system32\*.dll /lockedfiles >
[2007/12/08 14:34:10 | 000,054,784 | ---- | M] () Unable to obtain MD5 -- C:\Windows\System32\bcmwlrmt.dll
[2008/01/20 19:24:26 | 000,347,136 | ---- | M] (Microsoft Corporation) Unable to obtain MD5 -- C:\Windows\System32\dxtmsft.dll
[2008/01/20 19:24:26 | 000,214,528 | ---- | M] (Microsoft Corporation) Unable to obtain MD5 -- C:\Windows\System32\dxtrans.dll
[2009/04/22 15:24:50 | 000,049,480 | ---- | M] (Symantec Corporation) Unable to obtain MD5 -- C:\Windows\System32\FwsVpn.dll
[2009/04/10 23:27:47 | 000,241,128 | ---- | M] (Microsoft Corporation) Unable to obtain MD5 -- C:\Windows\System32\rsaenh.dll
[2009/04/10 23:28:23 | 000,228,352 | ---- | M] (Microsoft Corporation) Unable to obtain MD5 -- C:\Windows\System32\SLC.dll
[2009/04/22 15:25:46 | 000,107,848 | ---- | M] (Symantec Corporation) Unable to obtain MD5 -- C:\Windows\System32\SymVPN.dll

< %systemroot%\Tasks\*.job /lockedfiles >

< %systemroot%\system32\drivers\*.sys /lockedfiles >
[2008/10/14 12:24:18 | 000,049,536 | ---- | M] (Symantec Corporation) Unable to obtain MD5 -- C:\Windows\System32\drivers\Teefer2.sys
[2009/04/22 15:26:04 | 000,042,312 | ---- | M] (Symantec Corporation) Unable to obtain MD5 -- C:\Windows\System32\drivers\WPSDRVnt.sys
[2010/06/02 19:59:06 | 000,161,920 | ---- | M] (Symantec Corporation) Unable to obtain MD5 -- C:\Windows\System32\drivers\WpsHelper.sys

< %systemroot%\System32\config\*.sav >
[2008/01/20 20:14:18 | 016,846,848 | ---- | M] () -- C:\Windows\System32\config\COMPONENTS.SAV
[2008/01/20 20:14:08 | 000,106,496 | ---- | M] () -- C:\Windows\System32\config\DEFAULT.SAV
[2008/01/20 20:14:18 | 000,020,480 | ---- | M] () -- C:\Windows\System32\config\SECURITY.SAV
[2006/11/02 03:34:08 | 010,133,504 | ---- | M] () -- C:\Windows\System32\config\SOFTWARE.SAV
[2006/11/02 03:34:08 | 001,826,816 | ---- | M] () -- C:\Windows\System32\config\SYSTEM.SAV

< %systemroot%\system32\drivers\*.sys /90 >
[2010/07/06 19:29:16 | 005,882,368 | ---- | M] (ATI Technologies Inc.) -- C:\Windows\System32\drivers\atikmdag.sys
[2010/07/06 18:15:24 | 000,210,944 | ---- | M] (Advanced Micro Devices, Inc.) -- C:\Windows\System32\drivers\atikmpag.sys
[2010/07/12 01:55:39 | 000,064,288 | ---- | M] (Lavasoft AB) -- C:\Windows\System32\drivers\Lbd.sys
[2010/08/16 14:52:24 | 000,139,128 | ---- | M] () -- C:\Windows\System32\drivers\PnkBstrK.sys
[2010/07/20 17:53:08 | 000,095,024 | ---- | M] (Sunbelt Software) -- C:\Windows\System32\drivers\SBREDrv.sys
[2010/06/18 08:04:57 | 000,302,080 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\drivers\srv.sys
[2010/06/18 08:04:44 | 000,144,896 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\drivers\srv2.sys
[2010/05/28 12:04:13 | 000,123,952 | ---- | M] (Symantec Corporation) -- C:\Windows\System32\drivers\SYMEVENT.SYS
[2010/06/16 13:33:40 | 000,032,768 | ---- | M] (AnchorFree Inc) -- C:\Windows\System32\drivers\taphss.sys
[2010/06/16 09:04:57 | 000,905,088 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\drivers\tcpip.sys
[2010/06/02 19:59:06 | 000,161,920 | ---- | M] (Symantec Corporation) -- C:\Windows\System32\drivers\WpsHelper.sys
< End of report >

Edited by sqybuzz, 19 August 2010 - 02:37 PM.


#4 myrti

myrti

    Sillyberry


  • Malware Study Hall Admin
  • 33,766 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:At home
  • Local time:01:01 AM

Posted 19 August 2010 - 03:42 PM

Hi,

please post a log from rootkit unooker next:

Please download Rootkit Unhooker and save it to your Desktop
  • Double-click on RKUnhookerLE to run it
  • Click the Report tab, then click Scan
  • Check Drivers, Stealth, and uncheck the rest
  • Click OK
  • Wait until it's finished and then go to File > Save Report
  • Save the report to your Desktop
Copy the entire contents of the report and paste it in a reply here.

Note** you may get this warning it is ok, just ignore

"Rootkit Unhooker has detected a parasite inside itself!
It is recommended to remove parasite, okay?"


regards myrti

is that a bird?  a plane? nooo it's the flying blueberry!

If I have been helping you and haven't replied in 2 days, feel free to shoot me a PM! Please don't send help request via PM, unless I am already helping you. Use the forums!

 

Follow BleepingComputer on: Facebook | Twitter | Google+


#5 sqybuzz

sqybuzz
  • Topic Starter

  • Members
  • 10 posts
  • OFFLINE
  •  
  • Local time:06:01 PM

Posted 19 August 2010 - 04:37 PM

RkU Version: 3.8.388.590, Type LE (SR2)
==============================================
OS Name: Windows Vista
Version 6.0.6002 (Service Pack 2)
Number of processors #4
==============================================
>Drivers
==============================================
0x8E00D000 C:\Windows\system32\DRIVERS\atikmdag.sys 6205440 bytes (ATI Technologies Inc., ATI Radeon Kernel Mode Driver)
0x81E0C000 C:\Windows\system32\ntkrnlpa.exe 3903488 bytes (Microsoft Corporation, NT Kernel & System)
0x81E0C000 PnpManager 3903488 bytes
0x81E0C000 RAW 3903488 bytes
0x81E0C000 WMIxWDM 3903488 bytes
0x9D840000 Win32k 2109440 bytes
0x9D840000 C:\Windows\System32\win32k.sys 2109440 bytes (Microsoft Corporation, Multi-User Win32 Driver)
0x8F09F000 C:\PROGRA~2\Symantec\DEFINI~1\VIRUSD~1\20100819.003\NAVEX15.SYS 1359872 bytes (Symantec Corporation, AV Engine)
0x8A605000 C:\Windows\System32\Drivers\Ntfs.sys 1114112 bytes (Microsoft Corporation, NT File System Driver)
0x8A205000 C:\Windows\system32\drivers\ndis.sys 1093632 bytes (Microsoft Corporation, NDIS 6.0 wrapper driver)
0x8EA06000 C:\Windows\system32\DRIVERS\VSTDPV3.SYS 1064960 bytes (Conexant Systems, Inc., HSF_DP driver)
0x8E80B000 C:\Windows\system32\DRIVERS\bcmwl6.sys 1056768 bytes (Broadcom Corp., Broadcom 802.11 Network Adapter wireless driver)
0x8A40B000 C:\Windows\System32\drivers\tcpip.sys 958464 bytes (Microsoft Corporation, TCP/IP Driver)
0x806D6000 C:\Windows\system32\CI.dll 917504 bytes (Microsoft Corporation, Code Integrity Module)
0xA66C3000 C:\Windows\system32\drivers\peauth.sys 909312 bytes (Microsoft Corporation, Protected Environment Authentication and Authorization Export Driver)
0x8EB0A000 C:\Windows\system32\DRIVERS\VSTCNXT3.SYS 733184 bytes (Conexant Systems, Inc., HSF_CNXT driver)
0xA2202000 C:\Windows\system32\drivers\spsys.sys 720896 bytes (Microsoft Corporation, security processor)
0x96957000 C:\Windows\System32\Drivers\dump_iaStorV.sys 659456 bytes
0x82602000 C:\Windows\system32\drivers\iastorv.sys 659456 bytes (Intel Corporation, Intel Matrix Storage Manager driver (base))
0x8E606000 C:\Windows\System32\drivers\dxgkrnl.sys 651264 bytes (Microsoft Corporation, DirectX Graphics Kernel)
0x8E6B1000 C:\Windows\system32\DRIVERS\HDAudBus.sys 577536 bytes (Microsoft Corporation, High Definition Audio Bus Driver)
0x8240C000 C:\Windows\system32\drivers\Wdf01000.sys 507904 bytes (Microsoft Corporation, WDF Dynamic)
0x826F4000 C:\Windows\System32\Drivers\ksecdd.sys 462848 bytes (Microsoft Corporation, Kernel Security Support Provider Interface)
0x8060C000 C:\Windows\system32\mcupdate_GenuineIntel.dll 458752 bytes (Microsoft Corporation, Intel Microcode Update Library)
0xA2338000 C:\Windows\system32\drivers\HTTP.sys 446464 bytes (Microsoft Corporation, HTTP Protocol Stack)
0x9598E000 C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCDrv.sys 434176 bytes (Symantec Corporation, SPBBC Driver)
0x96855000 C:\Program Files\Common Files\Symantec Shared\EENGINE\eeCtrl.sys 385024 bytes (Symantec Corporation, Symantec Eraser Control Driver)
0x8F002000 C:\Windows\system32\drivers\stwrt.sys 339968 bytes (SigmaTel, Inc., NDRC)
0xA6648000 C:\Windows\System32\DRIVERS\srv.sys 319488 bytes (Microsoft Corporation, Server driver)
0x9DA90000 C:\Windows\System32\ATMFD.DLL 311296 bytes (Adobe Systems Incorporated, Windows NT OpenType/Type 1 Font Driver)
0x8F055000 C:\Windows\System32\Drivers\SRTSP.SYS 303104 bytes (Symantec Corporation, Symantec AutoProtect)
0x82531000 C:\Windows\System32\drivers\volmgrx.sys 303104 bytes (Microsoft Corporation, Volume Manager Extension Driver)
0x958D4000 C:\Windows\system32\drivers\afd.sys 294912 bytes (Microsoft Corporation, Ancillary Function Driver for WinSock)
0x8E99F000 C:\Windows\system32\DRIVERS\VSTBS23.SYS 294912 bytes (Conexant Systems, Inc., HSF_HWB2 WDM driver)
0x82495000 C:\Windows\system32\drivers\acpi.sys 286720 bytes (Microsoft Corporation, ACPI Driver for NT)
0x80695000 C:\Windows\system32\CLFS.SYS 266240 bytes (Microsoft Corporation, Common Log File System Driver)
0x8E797000 C:\Windows\system32\DRIVERS\storport.sys 266240 bytes (Microsoft Corporation, Microsoft Storage Port Driver)
0x8E952000 C:\Windows\system32\DRIVERS\USBPORT.SYS 253952 bytes (Microsoft Corporation, USB 1.1 & 2.0 Port Driver)
0x9680F000 C:\Windows\system32\DRIVERS\rdbss.sys 245760 bytes (Microsoft Corporation, Redirected Drive Buffering SubSystem Driver)
0x8A33B000 C:\Windows\system32\drivers\NETIO.SYS 241664 bytes (Microsoft Corporation, Network I/O Subsystem)
0x9690F000 C:\Windows\system32\DRIVERS\udfs.sys 241664 bytes (Microsoft Corporation, UDF File System Driver)
0x8E90D000 C:\Windows\system32\DRIVERS\e1e6032.sys 237568 bytes (Intel Corporation, Intel® PRO/1000 Adapter NDIS 6 deserialized driver)
0x8A5B1000 C:\Windows\system32\DRIVERS\atikmpag.sys 233472 bytes (Advanced Micro Devices, Inc., AMD multi-vendor Miniport Driver)
0x8A56B000 C:\Windows\system32\DRIVERS\mrxsmb10.sys 233472 bytes (Microsoft Corporation, Longhorn SMB Downlevel SubRdr)
0x8A715000 C:\Windows\system32\drivers\volsnap.sys 233472 bytes (Microsoft Corporation, Volume Shadow Copy Driver)
0x8A3BE000 C:\Windows\system32\DRIVERS\teefer2.sys 221184 bytes (Symantec Corporation, Symantec CMC Firewall Teefer2)
0x82772000 C:\Windows\system32\DRIVERS\usbhub.sys 217088 bytes (Microsoft Corporation, Default Hub Driver for USB)
0x821C5000 ACPI_HAL 208896 bytes
0x821C5000 C:\Windows\system32\hal.dll 208896 bytes (Microsoft Corporation, Hardware Abstraction Layer DLL)
0x826A3000 C:\Windows\system32\drivers\fltmgr.sys 204800 bytes (Microsoft Corporation, Microsoft Filesystem Filter Manager)
0x9591C000 C:\Windows\System32\DRIVERS\netbt.sys 204800 bytes (Microsoft Corporation, MBT Transport driver)
0x8E768000 C:\Windows\system32\DRIVERS\msiscsi.sys 192512 bytes (Microsoft Corporation, Microsoft iSCSI Initiator Driver)
0x95884000 C:\Windows\System32\Drivers\SYMTDI.SYS 188416 bytes (Symantec Corporation, Network Dispatch Driver)
0x8258B000 C:\Windows\system32\drivers\portcls.sys 184320 bytes (Microsoft Corporation, Port Class (Class Driver for Port/Miniport Devices))
0x8A310000 C:\Windows\system32\drivers\msrpc.sys 176128 bytes (Microsoft Corporation, Kernel Remote Procedure Call Provider)
0x8E73E000 C:\Windows\system32\DRIVERS\ks.sys 172032 bytes (Microsoft Corporation, Kernel CSA Library)
0xA22C2000 C:\Windows\system32\DRIVERS\nwifi.sys 172032 bytes (Microsoft Corporation, NativeWiFi Miniport Driver)
0x968E7000 C:\Windows\System32\Drivers\fastfat.SYS 163840 bytes (Microsoft Corporation, Fast FAT File System Driver)
0x8A765000 C:\Windows\System32\drivers\ecache.sys 159744 bytes (Microsoft Corporation, Special Memory Device Cache)
0x824EC000 C:\Windows\system32\drivers\pci.sys 159744 bytes (Microsoft Corporation, NT Plug and Play PCI Enumerator)
0xA6621000 C:\Windows\System32\DRIVERS\srv2.sys 159744 bytes (Microsoft Corporation, Smb 2.0 Server driver)
0xA6696000 C:\Windows\system32\drivers\WpsHelper.sys 159744 bytes (Symantec Corporation, Symantec Intrusion Detection - WpsHelper)
0xA67CD000 C:\Windows\system32\DRIVERS\ipnat.sys 155648 bytes (Microsoft Corporation, IP Network Address Translator)
0x827D6000 C:\Windows\system32\drivers\drmk.sys 151552 bytes (Microsoft Corporation, Microsoft Kernel DRM Descrambler Filter)
0x825B8000 C:\Windows\system32\Drivers\SYMEVENT.SYS 151552 bytes (Symantec Corporation, Symantec Event Library)
0x8A376000 C:\Windows\system32\DRIVERS\ndiswan.sys 143360 bytes (Microsoft Corporation, MS PPP Framing Driver (Strong Encryption))
0x8A79D000 C:\Windows\system32\drivers\CLASSPNP.SYS 135168 bytes (Microsoft Corporation, SCSI Class System Dll)
0x8A52B000 C:\Windows\system32\drivers\mrxdav.sys 135168 bytes (Microsoft Corporation, Windows NT WebDav Minirdr)
0x9581B000 C:\Windows\System32\drivers\VIDEOPRT.SYS 135168 bytes (Microsoft Corporation, Video Port Driver)
0x8A54C000 C:\Windows\system32\DRIVERS\mrxsmb.sys 126976 bytes (Microsoft Corporation, Windows NT SMB Minirdr)
0x827B8000 C:\Windows\system32\drivers\AtiHdmi.sys 122880 bytes (ATI Technologies, Inc., ATI High Definition Audio Function Driver)
0x968B3000 C:\Program Files\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys 118784 bytes (Symantec Corporation, Symantec Eraser Utility Driver)
0xA23A5000 C:\Windows\System32\DRIVERS\srvnet.sys 118784 bytes (Microsoft Corporation, Server Network driver)
0x8A4F5000 C:\Windows\System32\drivers\fwpkclnt.sys 110592 bytes (Microsoft Corporation, FWP/IPsec Kernel-Mode API)
0x8A510000 C:\Windows\system32\drivers\luafv.sys 110592 bytes (Microsoft Corporation, LUA File Virtualization Filter Driver)
0xA23C2000 C:\Windows\system32\DRIVERS\bowser.sys 102400 bytes (Microsoft Corporation, NT Lan Manager Datagram Receiver Driver)
0x8EBE8000 C:\Windows\system32\DRIVERS\cdrom.sys 98304 bytes (Microsoft Corporation, SCSI CD-ROM Driver)
0xA6609000 C:\Windows\system32\DRIVERS\mrxsmb20.sys 98304 bytes (Microsoft Corporation, Longhorn SMB 2.0 Redirector)
0x968D0000 C:\Windows\System32\Drivers\dfsc.sys 94208 bytes (Microsoft Corporation, DFS Namespace Client Driver)
0x8E7D8000 C:\Windows\system32\DRIVERS\rasl2tp.sys 94208 bytes (Microsoft Corporation, RAS L2TP mini-port/call-manager driver)
0x825DD000 C:\Windows\system32\DRIVERS\usbccgp.sys 94208 bytes (Microsoft Corporation, USB Common Class Generic Parent Driver)
0xA67B7000 C:\Windows\system32\DRIVERS\cdfs.sys 90112 bytes (Microsoft Corporation, CD-ROM File System Driver)
0x95957000 C:\Windows\system32\DRIVERS\pacer.sys 90112 bytes (Microsoft Corporation, QoS Packet Scheduler)
0x9586E000 C:\Windows\system32\DRIVERS\tdx.sys 90112 bytes (Microsoft Corporation, TDI Translation Driver)
0xA23DB000 C:\Windows\System32\drivers\mpsdrv.sys 86016 bytes (Microsoft Corporation, Microsoft Protection Service Driver)
0x8A399000 C:\Windows\system32\DRIVERS\rassstp.sys 86016 bytes (Microsoft Corporation, RAS SSTP Miniport Call Manager)
0x807D8000 C:\Windows\system32\DRIVERS\USBSTOR.SYS 86016 bytes (Microsoft Corporation, USB Mass Storage Class Driver)
0xA2311000 C:\Windows\system32\DRIVERS\WUDFRd.sys 86016 bytes (Microsoft Corporation, Windows Driver Foundation - User-mode Driver Framework Reflector)
0x8F1EB000 C:\PROGRA~2\Symantec\DEFINI~1\VIRUSD~1\20100819.003\NAVENG.SYS 81920 bytes (Symantec Corporation, AV Engine)
0x8A5EA000 C:\Windows\system32\DRIVERS\raspptp.sys 81920 bytes (Microsoft Corporation, Peer-to-Peer Tunneling Protocol)
0x958C0000 C:\Windows\system32\DRIVERS\smb.sys 81920 bytes (Microsoft Corporation, SMB Transport driver)
0xA22F6000 C:\Windows\system32\DRIVERS\rspndr.sys 77824 bytes (Microsoft Corporation, Link-Layer Topology Responder Driver for NDIS 6)
0x9597B000 C:\Windows\system32\DRIVERS\wanarp.sys 77824 bytes (Microsoft Corporation, MS Remote Access and Routing ARP Driver)
0xA2326000 C:\Windows\system32\DRIVERS\WUDFPf.sys 73728 bytes (Microsoft Corporation, Windows Driver Foundation - User-mode Driver Framework Platform Driver)
0x8A78C000 C:\Windows\system32\drivers\disk.sys 69632 bytes (Microsoft Corporation, PnP Disk Driver)
0x827A7000 C:\Windows\System32\Drivers\NDProxy.SYS 69632 bytes (Microsoft Corporation, NDIS Proxy)
0x8067C000 C:\Windows\system32\PSHED.dll 69632 bytes (Microsoft Corporation, Platform Specific Hardware Error Driver)
0x826D5000 C:\Windows\system32\drivers\fileinfo.sys 65536 bytes (Microsoft Corporation, FileInfo Filter Driver)
0x807C8000 C:\Windows\system32\DRIVERS\HIDCLASS.SYS 65536 bytes (Microsoft Corporation, Hid Class Library)
0xA22B2000 C:\Windows\system32\DRIVERS\lltdio.sys 65536 bytes (Microsoft Corporation, Link-Layer Topology Mapper I/O Driver)
0x8257B000 C:\Windows\System32\drivers\mountmgr.sys 65536 bytes (Microsoft Corporation, Mount Point Manager)
0x8EBCA000 C:\Windows\system32\DRIVERS\ohci1394.sys 65536 bytes (Microsoft Corporation, 1394 OpenHCI Port Driver)
0x8A3AE000 C:\Windows\system32\DRIVERS\termdd.sys 65536 bytes (Microsoft Corporation, Terminal Server Driver)
0x8A7E8000 C:\Windows\system32\DRIVERS\intelppm.sys 61440 bytes (Microsoft Corporation, Processor Device Driver)
0x826E5000 C:\Windows\system32\DRIVERS\Lbd.sys 61440 bytes (Lavasoft AB, Boot Driver)
0x95800000 C:\Windows\system32\DRIVERS\monitor.sys 61440 bytes (Microsoft Corporation, Monitor Driver)
0x8A756000 C:\Windows\System32\Drivers\mup.sys 61440 bytes (Microsoft Corporation, Multiple UNC Provider driver)
0x82513000 C:\Windows\System32\drivers\partmgr.sys 61440 bytes (Microsoft Corporation, Partition Management Driver)
0x8E7EF000 C:\Windows\system32\DRIVERS\raspppoe.sys 61440 bytes (Microsoft Corporation, RAS PPPoE mini-port/call-manager driver)
0x8E990000 C:\Windows\system32\DRIVERS\usbehci.sys 61440 bytes (Microsoft Corporation, EHCI eUSB Miniport Driver)
0x82522000 C:\Windows\system32\drivers\volmgr.sys 61440 bytes (Microsoft Corporation, Volume Manager Driver)
0x8EBDA000 C:\Windows\system32\DRIVERS\1394BUS.SYS 57344 bytes (Microsoft Corporation, 1394 Bus Device Driver)
0x9DA80000 C:\Windows\System32\cdd.dll 57344 bytes (Microsoft Corporation, Canonical Display Driver)
0x9596D000 C:\Windows\system32\DRIVERS\netbios.sys 57344 bytes (Microsoft Corporation, NetBIOS interface driver)
0x95857000 C:\Windows\System32\Drivers\Npfs.SYS 57344 bytes (Microsoft Corporation, NPFS Driver)
0x958B2000 C:\Windows\system32\drivers\wpsdrvnt.sys 57344 bytes (Symantec Corporation, Symantec CMC Firewall WPS)
0x9694A000 C:\Windows\System32\Drivers\crashdmp.sys 53248 bytes (Microsoft Corporation, Crash Dump Driver)
0x8EBBD000 C:\Windows\system32\drivers\modem.sys 53248 bytes (Microsoft Corporation, Modem Device Driver)
0x82765000 C:\Windows\system32\DRIVERS\umbus.sys 53248 bytes (Microsoft Corporation, User-Mode Bus Enumerator)
0x82488000 C:\Windows\system32\drivers\WDFLDR.SYS 53248 bytes (Microsoft Corporation, WDFLDR)
0xA67AB000 C:\Windows\System32\drivers\tcpipreg.sys 49152 bytes (Microsoft Corporation, TCP/IP Registry Compatibility Driver)
0x9580F000 C:\Windows\System32\drivers\vga.sys 49152 bytes (Microsoft Corporation, VGA/Super VGA Video Driver)
0x8E6A5000 C:\Windows\System32\drivers\watchdog.sys 49152 bytes (Microsoft Corporation, Watchdog Driver)
0x8E800000 C:\Windows\system32\DRIVERS\kbdclass.sys 45056 bytes (Microsoft Corporation, Keyboard Class Driver)
0x8E000000 C:\Windows\system32\DRIVERS\mouclass.sys 45056 bytes (Microsoft Corporation, Mouse Class Driver)
0x9584C000 C:\Windows\System32\Drivers\Msfs.SYS 45056 bytes (Microsoft Corporation, Mailslot driver)
0x8E9F2000 C:\Windows\system32\DRIVERS\ndistapi.sys 45056 bytes (Microsoft Corporation, NDIS 3.0 connection wrapper driver)
0x8E9E7000 C:\Windows\system32\DRIVERS\TDI.SYS 45056 bytes (Microsoft Corporation, TDI Wrapper)
0x8A7D4000 C:\Windows\system32\DRIVERS\tunnel.sys 45056 bytes (Microsoft Corporation, Microsoft Tunnel Interface Driver)
0x8E947000 C:\Windows\system32\DRIVERS\usbuhci.sys 45056 bytes (Microsoft Corporation, UHCI USB Miniport Driver)
0x96800000 C:\Windows\System32\drivers\Dxapi.sys 40960 bytes (Microsoft Corporation, DirectX API Driver)
0x8A400000 C:\Windows\system32\DRIVERS\mssmbios.sys 40960 bytes (Microsoft Corporation, System Management BIOS Driver)
0xA22EC000 C:\Windows\system32\DRIVERS\ndisuio.sys 40960 bytes (Microsoft Corporation, NDIS User mode I/O driver)
0x9684B000 C:\Windows\system32\drivers\nsiproxy.sys 40960 bytes (Microsoft Corporation, NSI Proxy)
0xA67A1000 C:\Windows\System32\Drivers\secdrv.SYS 40960 bytes (Macrovision Corporation, Macrovision Europe Limited, and Macrovision Japan and Asia K.K., Macrovision SECURITY Driver)
0x82400000 C:\Windows\System32\Drivers\SRTSPX.SYS 40960 bytes (Symantec Corporation, Symantec AutoProtect)
0x8A7BE000 C:\Windows\system32\drivers\crcdisk.sys 36864 bytes (Microsoft Corporation, Disk Block Verification Filter Driver)
0x807ED000 C:\Windows\System32\Drivers\Fs_Rec.SYS 36864 bytes (Microsoft Corporation, File System Recognizer Driver)
0x8A7F7000 C:\Windows\system32\DRIVERS\hidusb.sys 36864 bytes (Microsoft Corporation, USB Miniport Driver for Input Devices)
0x8A3F4000 C:\Windows\system32\DRIVERS\kbdhid.sys 36864 bytes (Microsoft Corporation, HID Keyboard Filter Driver)
0xA67F3000 C:\Windows\System32\Drivers\Normandy.SYS 36864 bytes (RKU Driver)
0x95865000 C:\Windows\System32\DRIVERS\rasacd.sys 36864 bytes (Microsoft Corporation, RAS Automatic Connection Driver)
0x9DA60000 C:\Windows\System32\TSDDD.dll 36864 bytes (Microsoft Corporation, Framebuffer Display Driver)
0x8A7DF000 C:\Windows\system32\DRIVERS\tunmp.sys 36864 bytes (Microsoft Corporation, Microsoft Tunnel Interface Driver)
0x824DB000 C:\Windows\system32\drivers\WMILIB.SYS 36864 bytes (Microsoft Corporation, WMILIB WMI support library Dll)
0x9594E000 C:\Windows\system32\drivers\ws2ifsl.sys 36864 bytes (Microsoft Corporation, Winsock2 IFS Layer)
0x8068D000 C:\Windows\system32\BOOTVID.dll 32768 bytes (Microsoft Corporation, VGA Boot Driver)
0x825F4000 C:\Windows\system32\DRIVERS\mouhid.sys 32768 bytes (Microsoft Corporation, HID Mouse Filter Driver)
0x824E4000 C:\Windows\system32\drivers\msisadrv.sys 32768 bytes (Microsoft Corporation, ISA Driver)
0x9583C000 C:\Windows\System32\DRIVERS\RDPCDD.sys 32768 bytes (Microsoft Corporation, RDP Miniport)
0x95844000 C:\Windows\system32\drivers\rdpencdd.sys 32768 bytes (Microsoft Corporation, RDP Miniport)
0x8A74E000 C:\Windows\System32\Drivers\spldr.sys 32768 bytes (Microsoft Corporation, loader for security processor)
0xA2309000 C:\Windows\system32\DRIVERS\WinUSB.SYS 32768 bytes (Microsoft Corporation, Windows USB Class Driver BETA)
0x807B6000 C:\Windows\System32\Drivers\Beep.SYS 28672 bytes (Microsoft Corporation, BEEP Driver)
0x8E5F8000 C:\Windows\system32\DRIVERS\HIDPARSE.SYS 28672 bytes (Microsoft Corporation, Hid Parsing Library)
0x80605000 C:\Windows\system32\kdcom.dll 28672 bytes (Microsoft Corporation, Kernel Debugger HW Extension DLL)
0x807F6000 C:\Windows\System32\Drivers\Null.SYS 28672 bytes (Microsoft Corporation, NULL Driver)
0xA66BD000 C:\Windows\System32\Drivers\SYMREDRV.SYS 24576 bytes (Symantec Corporation, Redirector Filter Driver)
0x8EA00000 C:\Windows\system32\DRIVERS\swenum.sys 8192 bytes (Microsoft Corporation, Plug and Play Software Device Enumerator)
0x8F000000 C:\Windows\system32\DRIVERS\USBD.SYS 8192 bytes (Microsoft Corporation, Universal Serial Bus Driver)
==============================================
>Stealth
==============================================
0x06D60000 Hidden Image-->CLI.Aspect.Radeon3D.Graphics.Wizard.dll [ EPROCESS 0x88B636F0 ] PID: 5708, 102400 bytes
0x07280000 Hidden Image-->CLI.Aspect.DisplaysOptions.Graphics.Dashboard.dll [ EPROCESS 0x88B636F0 ] PID: 5708, 102400 bytes
0x009D0000 Hidden Image-->CLI.Foundation.dll [ EPROCESS 0x88B636F0 ] PID: 5708, 110592 bytes
0x062E0000 Hidden Image-->CLI.Aspect.MMVideo.Graphics.Runtime.dll [ EPROCESS 0x88B636F0 ] PID: 5708, 110592 bytes
0x00700000 Hidden Image-->MOM.Implementation.dll [ EPROCESS 0x88C13BB0 ] PID: 2952, 118784 bytes
0x00AD0000 Hidden Image-->MOM.Implementation.dll [ EPROCESS 0x88B636F0 ] PID: 5708, 118784 bytes
0x08430000 Hidden Image-->CLI.Component.Dashboard.dll [ EPROCESS 0x88B636F0 ] PID: 5708, 1232896 bytes
0x08B50000 Hidden Image-->CLI.Aspect.DisplaysManager2.Graphics.Dashboard.dll [ EPROCESS 0x88B636F0 ] PID: 5708, 1306624 bytes
0x04800000 Hidden Image-->CLI.Caste.Graphics.Shared.dll [ EPROCESS 0x88B636F0 ] PID: 5708, 167936 bytes
0x08870000 Hidden Image-->CLI.Aspect.DisplaysManager2.Graphics.Wizard.dll [ EPROCESS 0x88B636F0 ] PID: 5708, 1716224 bytes
0x079B0000 Hidden Image-->CLI.Aspect.TransCode.Graphics.Dashboard.dll [ EPROCESS 0x88B636F0 ] PID: 5708, 192512 bytes
0x078B0000 Hidden Image-->CLI.Aspect.InfoCentre.Graphics.Dashboard.dll [ EPROCESS 0x88B636F0 ] PID: 5708, 208896 bytes
0x06F20000 Hidden Image-->CLI.Aspect.InfoCentre.Graphics.Wizard.dll [ EPROCESS 0x88B636F0 ] PID: 5708, 217088 bytes
0x07230000 Hidden Image-->CLI.Aspect.CrossDisplay.Graphics.Dashboard.dll [ EPROCESS 0x88B636F0 ] PID: 5708, 282624 bytes
0x00A50000 Hidden Image-->MOM.Foundation.dll [ EPROCESS 0x88C13BB0 ] PID: 2952, 28672 bytes
0x00A80000 Hidden Image-->LOG.Foundation.Implementation.Private.dll [ EPROCESS 0x88C13BB0 ] PID: 2952, 28672 bytes
0x00490000 Hidden Image-->MOM.Foundation.dll [ EPROCESS 0x88B636F0 ] PID: 5708, 28672 bytes
0x004A0000 Hidden Image-->LOG.Foundation.Implementation.Private.dll [ EPROCESS 0x88B636F0 ] PID: 5708, 28672 bytes
0x00B70000 Hidden Image-->CLI.Component.Runtime.Shared.dll [ EPROCESS 0x88B636F0 ] PID: 5708, 28672 bytes
0x00EF0000 Hidden Image-->AEM.Server.Shared.dll [ EPROCESS 0x88B636F0 ] PID: 5708, 28672 bytes
0x00F50000 Hidden Image-->AEM.Plugin.WinMessages.Shared.dll [ EPROCESS 0x88B636F0 ] PID: 5708, 28672 bytes
0x00F40000 Hidden Image-->AEM.Plugin.Hotkeys.Shared.dll [ EPROCESS 0x88B636F0 ] PID: 5708, 28672 bytes
0x00F30000 Hidden Image-->AEM.Plugin.DPPE.Shared.dll [ EPROCESS 0x88B636F0 ] PID: 5708, 28672 bytes
0x04000000 Hidden Image-->DEM.Foundation.dll [ EPROCESS 0x88B636F0 ] PID: 5708, 28672 bytes
0x04010000 Hidden Image-->DEM.Graphics.dll [ EPROCESS 0x88B636F0 ] PID: 5708, 28672 bytes
0x041E0000 Hidden Image-->DEM.Graphics.I0709.dll [ EPROCESS 0x88B636F0 ] PID: 5708, 28672 bytes
0x04860000 Hidden Image-->AEM.Actions.CCAA.Shared.dll [ EPROCESS 0x88B636F0 ] PID: 5708, 28672 bytes
0x04830000 Hidden Image-->AEM.Plugin.GD.Shared.dll [ EPROCESS 0x88B636F0 ] PID: 5708, 28672 bytes
0x04870000 Hidden Image-->ResourceManagement.Foundation.Private.dll [ EPROCESS 0x88B636F0 ] PID: 5708, 28672 bytes
0x048B0000 Hidden Image-->DEM.Graphics.I0804.dll [ EPROCESS 0x88B636F0 ] PID: 5708, 28672 bytes
0x04D70000 Hidden Image-->CLI.Caste.Graphics.Runtime.Shared.Private.dll [ EPROCESS 0x88B636F0 ] PID: 5708, 28672 bytes
0x05200000 Hidden Image-->CLI.Aspect.HotkeysHandling.Graphics.Runtime.dll [ EPROCESS 0x88B636F0 ] PID: 5708, 28672 bytes
0x05B30000 Hidden Image-->CLI.Aspect.Welcome.Graphics.Shared.dll [ EPROCESS 0x88B636F0 ] PID: 5708, 28672 bytes
0x05740000 Hidden Image-->CLI.Aspect.HotkeysHandling.Graphics.Shared.dll [ EPROCESS 0x88B636F0 ] PID: 5708, 28672 bytes
0x057E0000 Hidden Image-->DEM.Graphics.I0912.dll [ EPROCESS 0x88B636F0 ] PID: 5708, 28672 bytes
0x059F0000 Hidden Image-->DEM.Graphics.I0706.dll [ EPROCESS 0x88B636F0 ] PID: 5708, 28672 bytes
0x06070000 Hidden Image-->DEM.Graphics.I0712.dll [ EPROCESS 0x88B636F0 ] PID: 5708, 28672 bytes
0x06450000 Hidden Image-->DEM.Graphics.I0812.dll [ EPROCESS 0x88B636F0 ] PID: 5708, 28672 bytes
0x066D0000 Hidden Image-->DEM.Graphics.I0805.dll [ EPROCESS 0x88B636F0 ] PID: 5708, 28672 bytes
0x066B0000 Hidden Image-->DEM.Graphics.I0906.dll [ EPROCESS 0x88B636F0 ] PID: 5708, 28672 bytes
0x06720000 Hidden Image-->DEM.Graphics.I0703.dll [ EPROCESS 0x88B636F0 ] PID: 5708, 28672 bytes
0x069C0000 Hidden Image-->atixclib.dll [ EPROCESS 0x88B636F0 ] PID: 5708, 28672 bytes
0x06AE0000 Hidden Image-->CLI.Component.Runtime.Extension.EEU.dll [ EPROCESS 0x88B636F0 ] PID: 5708, 28672 bytes
0x06B20000 Hidden Image-->AEM.Plugin.REG.Shared.dll [ EPROCESS 0x88B636F0 ] PID: 5708, 28672 bytes
0x06B90000 Hidden Image-->AEM.Plugin.EEU.Shared.dll [ EPROCESS 0x88B636F0 ] PID: 5708, 28672 bytes
0x06B40000 Hidden Image-->CLI.Caste.HydraVision.Shared.dll [ EPROCESS 0x88B636F0 ] PID: 5708, 28672 bytes
0x06B80000 Hidden Image-->APM.Foundation.dll [ EPROCESS 0x88B636F0 ] PID: 5708, 28672 bytes
0x06D20000 Hidden Image-->CLI.Component.Client.Shared.dll [ EPROCESS 0x88B636F0 ] PID: 5708, 28672 bytes
0x06BA0000 Hidden Image-->CLI.Caste.Graphics.Wizard.Shared.dll [ EPROCESS 0x88B636F0 ] PID: 5708, 28672 bytes
0x06D30000 Hidden Image-->CLI.Component.Wizard.Shared.dll [ EPROCESS 0x88B636F0 ] PID: 5708, 28672 bytes
0x06D90000 Hidden Image-->CLI.Caste.HydraVision.Wizard.dll [ EPROCESS 0x88B636F0 ] PID: 5708, 28672 bytes
0x07180000 Hidden Image-->Branding.dll [ EPROCESS 0x88B636F0 ] PID: 5708, 28672 bytes
0x07170000 Hidden Image-->CLI.Component.Dashboard.Shared.Private.dll [ EPROCESS 0x88B636F0 ] PID: 5708, 28672 bytes
0x071D0000 Hidden Image-->CLI.Caste.Graphics.Dashboard.Shared.dll [ EPROCESS 0x88B636F0 ] PID: 5708, 28672 bytes
0x076A0000 Hidden Image-->CLI.Caste.HydraVision.Dashboard.dll [ EPROCESS 0x88B636F0 ] PID: 5708, 28672 bytes
0x07950000 Hidden Image-->CLI.Aspect.Radeon3D.Graphics.Dashboard.dll [ EPROCESS 0x88B636F0 ] PID: 5708, 364544 bytes
0x00C30000 Hidden Image-->NEWAEM.Foundation.dll [ EPROCESS 0x88C13BB0 ] PID: 2952, 36864 bytes
0x00AF0000 Hidden Image-->CLI.Foundation.XManifest.dll [ EPROCESS 0x88B636F0 ] PID: 5708, 36864 bytes
0x00CD0000 Hidden Image-->NEWAEM.Foundation.dll [ EPROCESS 0x88B636F0 ] PID: 5708, 36864 bytes
0x04DA0000 Hidden Image-->CLI.Aspect.DisplaysColour2.Graphics.Shared.dll [ EPROCESS 0x88B636F0 ] PID: 5708, 36864 bytes
0x06B30000 Hidden Image-->CLI.Caste.HydraVision.Runtime.dll [ EPROCESS 0x88B636F0 ] PID: 5708, 36864 bytes
0x05720000 Hidden Image-->CLI.Aspect.DisplaysOptions.Graphics.Shared.dll [ EPROCESS 0x88B636F0 ] PID: 5708, 36864 bytes
0x05710000 Hidden Image-->CLI.Aspect.TransCode.Graphics.Runtime.dll [ EPROCESS 0x88B636F0 ] PID: 5708, 36864 bytes
0x05730000 Hidden Image-->CLI.Aspect.Welcome.Graphics.Runtime.dll [ EPROCESS 0x88B636F0 ] PID: 5708, 36864 bytes
0x061A0000 Hidden Image-->CLI.Aspect.CustomFormats.Graphics.Shared.dll [ EPROCESS 0x88B636F0 ] PID: 5708, 36864 bytes
0x06DA0000 Hidden Image-->CLI.Component.Dashboard.Shared.dll [ EPROCESS 0x88B636F0 ] PID: 5708, 36864 bytes
0x06D50000 Hidden Image-->CLI.Component.Wizard.Shared.Private.dll [ EPROCESS 0x88B636F0 ] PID: 5708, 36864 bytes
0x05410000 Hidden Image-->WLTRAY.EXE [ EPROCESS 0x887E8888 ] PID: 12, 3821568 bytes
0x04180000 Hidden Image-->CLI.Caste.Graphics.Runtime.dll [ EPROCESS 0x88B636F0 ] PID: 5708, 389120 bytes
0x078F0000 Hidden Image-->CLI.Aspect.DeviceDFP.Graphics.Dashboard.dll [ EPROCESS 0x88B636F0 ] PID: 5708, 389120 bytes
0x072A0000 Hidden Image-->CLI.Aspect.DeviceCRT.Graphics.Dashboard.dll [ EPROCESS 0x88B636F0 ] PID: 5708, 405504 bytes
0x06BB0000 Hidden Image-->CLI.Component.Wizard.dll [ EPROCESS 0x88B636F0 ] PID: 5708, 413696 bytes
0x06EB0000 Hidden Image-->CLI.Aspect.MMVideo.Graphics.Wizard.dll [ EPROCESS 0x88B636F0 ] PID: 5708, 421888 bytes
0x00730000 Hidden Image-->LOG.Foundation.dll [ EPROCESS 0x88C13BB0 ] PID: 2952, 45056 bytes
0x00750000 Hidden Image-->LOG.Foundation.Private.dll [ EPROCESS 0x88C13BB0 ] PID: 2952, 45056 bytes
0x00C20000 Hidden Image-->CCC.Implementation.dll [ EPROCESS 0x88C13BB0 ] PID: 2952, 45056 bytes
0x00460000 Hidden Image-->CCC.Implementation.dll [ EPROCESS 0x88B636F0 ] PID: 5708, 45056 bytes
0x00480000 Hidden Image-->LOG.Foundation.dll [ EPROCESS 0x88B636F0 ] PID: 5708, 45056 bytes
0x00A20000 Hidden Image-->LOG.Foundation.Private.dll [ EPROCESS 0x88B636F0 ] PID: 5708, 45056 bytes
0x00B90000 Hidden Image-->ATICCCom.dll [ EPROCESS 0x88B636F0 ] PID: 5708, 45056 bytes
0x04D60000 Hidden Image-->CLI.Aspect.DeviceLCD.Graphics.Runtime.dll [ EPROCESS 0x88B636F0 ] PID: 5708, 45056 bytes
0x04D90000 Hidden Image-->CLI.Aspect.DeviceLCD.Graphics.Shared.dll [ EPROCESS 0x88B636F0 ] PID: 5708, 45056 bytes
0x04020000 Hidden Image-->ATIDEMGX.dll [ EPROCESS 0x88B636F0 ] PID: 5708, 487424 bytes
0x01D60000 Hidden Image-->msvcm80.dll [ EPROCESS 0x887E8888 ] PID: 12, 507904 bytes
0x04660000 Hidden Image-->msvcm80.dll [ EPROCESS 0x88C04D90 ] PID: 2744, 507904 bytes
0x00B60000 Hidden Image-->CLI.Foundation.Private.dll [ EPROCESS 0x88B636F0 ] PID: 5708, 53248 bytes
0x00BA0000 Hidden Image-->AEM.Server.dll [ EPROCESS 0x88B636F0 ] PID: 5708, 53248 bytes
0x00F00000 Hidden Image-->AEM.Plugin.Source.Kit.Server.dll [ EPROCESS 0x88B636F0 ] PID: 5708, 53248 bytes
0x00F70000 Hidden Image-->DEM.Graphics.I0601.dll [ EPROCESS 0x88B636F0 ] PID: 5708, 53248 bytes
0x04C40000 Hidden Image-->CLI.Aspect.DeviceCRT.Graphics.Runtime.dll [ EPROCESS 0x88B636F0 ] PID: 5708, 53248 bytes
0x04C30000 Hidden Image-->CLI.Aspect.DisplaysOptions.Graphics.Runtime.dll [ EPROCESS 0x88B636F0 ] PID: 5708, 53248 bytes
0x04D80000 Hidden Image-->CLI.Aspect.DisplaysColour2.Graphics.Runtime.dll [ EPROCESS 0x88B636F0 ] PID: 5708, 53248 bytes
0x06430000 Hidden Image-->CLI.Aspect.DeviceCV.Graphics.Shared.dll [ EPROCESS 0x88B636F0 ] PID: 5708, 53248 bytes
0x061C0000 Hidden Image-->CLI.Aspect.TransCode.Graphics.Shared.dll [ EPROCESS 0x88B636F0 ] PID: 5708, 53248 bytes
0x06B10000 Hidden Image-->CLI.Caste.Graphics.Wizard.dll [ EPROCESS 0x88B636F0 ] PID: 5708, 53248 bytes
0x06B00000 Hidden Image-->CLI.Component.Client.Shared.Private.dll [ EPROCESS 0x88B636F0 ] PID: 5708, 53248 bytes
0x06A40000 Hidden Image-->CLI.Component.Systemtray.dll [ EPROCESS 0x88B636F0 ] PID: 5708, 585728 bytes
0x07AB0000 Hidden Image-->CLI.Aspect.DisplaysColour2.Graphics.Dashboard.dll [ EPROCESS 0x88B636F0 ] PID: 5708, 585728 bytes
0x00B50000 Hidden Image-->CLI.Component.Runtime.Shared.Private.dll [ EPROCESS 0x88B636F0 ] PID: 5708, 61440 bytes
0x05A20000 Hidden Image-->CLI.Aspect.DeviceDFP.Graphics.Shared.dll [ EPROCESS 0x88B636F0 ] PID: 5708, 61440 bytes
0x06060000 Hidden Image-->CLI.Aspect.DeviceCRT.Graphics.Shared.dll [ EPROCESS 0x88B636F0 ] PID: 5708, 61440 bytes
0x06440000 Hidden Image-->CLI.Aspect.DeviceProperty.Graphics.Shared.dll [ EPROCESS 0x88B636F0 ] PID: 5708, 61440 bytes
0x066C0000 Hidden Image-->CLI.Aspect.DeviceProperty.Graphics.Runtime.dll [ EPROCESS 0x88B636F0 ] PID: 5708, 61440 bytes
0x08C90000 Hidden Image-->CLI.Aspect.OverDrive5.Graphics.Dashboard.dll [ EPROCESS 0x88B636F0 ] PID: 5708, 667648 bytes
0x00B30000 Hidden Image-->CLI.Component.Runtime.dll [ EPROCESS 0x88B636F0 ] PID: 5708, 69632 bytes
0x00B10000 Hidden Image-->CLI.Component.SkinFactory.dll [ EPROCESS 0x88B636F0 ] PID: 5708, 69632 bytes
0x06040000 Hidden Image-->CLI.Aspect.OverDrive5.Graphics.Shared.dll [ EPROCESS 0x88B636F0 ] PID: 5708, 69632 bytes
0x06590000 Hidden Image-->CLI.Aspect.Radeon3D.Graphics.Shared.dll [ EPROCESS 0x88B636F0 ] PID: 5708, 69632 bytes
0x06B50000 Hidden Image-->APM.Server.dll [ EPROCESS 0x88B636F0 ] PID: 5708, 69632 bytes
0x079F0000 Hidden Image-->ResourceManagement.Foundation.Implementation.dll [ EPROCESS 0x88B636F0 ] PID: 5708, 749568 bytes
0x01140000 Hidden Image-->bcmwlrmt.dll [ EPROCESS 0x887E8888 ] PID: 12, 77824 bytes
0x047E0000 Hidden Image-->bcmwlrmt.dll [ EPROCESS 0x88C04D90 ] PID: 2744, 77824 bytes
0x00840000 Hidden Image-->LOG.Foundation.Implementation.dll [ EPROCESS 0x88C13BB0 ] PID: 2952, 77824 bytes
0x009F0000 Hidden Image-->LOG.Foundation.Implementation.dll [ EPROCESS 0x88B636F0 ] PID: 5708, 77824 bytes
0x051B0000 Hidden Image-->CLI.Aspect.DeviceDFP.Graphics.Runtime.dll [ EPROCESS 0x88B636F0 ] PID: 5708, 77824 bytes
0x057B0000 Hidden Image-->CLI.Aspect.Radeon3D.Graphics.Runtime.dll [ EPROCESS 0x88B636F0 ] PID: 5708, 77824 bytes
0x06180000 Hidden Image-->CLI.Aspect.DeviceCV.Graphics.Runtime.dll [ EPROCESS 0x88B636F0 ] PID: 5708, 77824 bytes
0x06400000 Hidden Image-->CLI.Aspect.DeviceTV.Graphics.Shared.dll [ EPROCESS 0x88B636F0 ] PID: 5708, 77824 bytes
0x06570000 Hidden Image-->CLI.Aspect.MMVideo.Graphics.Shared.dll [ EPROCESS 0x88B636F0 ] PID: 5708, 77824 bytes
0x07550000 Hidden Image-->CLI.Aspect.Welcome.Graphics.Dashboard.dll [ EPROCESS 0x88B636F0 ] PID: 5708, 77824 bytes
0x00CB0000 Hidden Image-->ADL.Foundation.dll [ EPROCESS 0x88B636F0 ] PID: 5708, 86016 bytes
0x051D0000 Hidden Image-->CLI.Aspect.OverDrive5.Graphics.Runtime.dll [ EPROCESS 0x88B636F0 ] PID: 5708, 86016 bytes
0x05A00000 Hidden Image-->CLI.Aspect.DeviceTV.Graphics.Runtime.dll [ EPROCESS 0x88B636F0 ] PID: 5708, 86016 bytes
0x071B0000 Hidden Image-->CLI.Caste.Graphics.Dashboard.dll [ EPROCESS 0x88B636F0 ] PID: 5708, 86016 bytes
0x07EC0000 Hidden Image-->CLI.Aspect.MMVideo.Graphics.Dashboard.dll [ EPROCESS 0x88B636F0 ] PID: 5708, 888832 bytes


#6 myrti

myrti

    Sillyberry


  • Malware Study Hall Admin
  • 33,766 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:At home
  • Local time:01:01 AM

Posted 20 August 2010 - 06:26 AM

Hi,

please run a scan with mbrcheck too:
Please download MBRCheck.exe to your desktop.
  1. Double click to run it
  2. It will prompt you with some text
  3. Left click on title bar (where program name and path is written)
  4. From menu chose Edit -> Select All
  5. Now just click Enter key on keyboard to copy selected text
  6. Now paste that text here for me.

regards myrti

is that a bird?  a plane? nooo it's the flying blueberry!

If I have been helping you and haven't replied in 2 days, feel free to shoot me a PM! Please don't send help request via PM, unless I am already helping you. Use the forums!

 

Follow BleepingComputer on: Facebook | Twitter | Google+


#7 sqybuzz

sqybuzz
  • Topic Starter

  • Members
  • 10 posts
  • OFFLINE
  •  
  • Local time:06:01 PM

Posted 20 August 2010 - 11:07 AM

MBRCheck, version 1.2.3
© 2010, AD

Command-line:
Windows Version: Windows Vista Home Premium Edition
Windows Information: Service Pack 2 (build 6002), 32-bit
Base Board Manufacturer: Dell Inc.
BIOS Manufacturer: Dell Inc.
System Manufacturer: Dell Inc.
System Product Name: Dell XPS420
Logical Drives Mask: 0x00000bfc

\\.\C: --> \\.\PhysicalDrive0 at offset 0x00000003`c3f00000 (NTFS)
\\.\D: --> \\.\PhysicalDrive0 at offset 0x00000000`03f00000 (NTFS)

Size Device Name MBR Status
--------------------------------------------
698 GB \\.\PhysicalDrive0 Windows Vista MBR code detected
SHA1: 8DF43F2BDE2D9451948FA14B5279969C777A7979


Done!
Press ENTER to exit...


#8 myrti

myrti

    Sillyberry


  • Malware Study Hall Admin
  • 33,766 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:At home
  • Local time:01:01 AM

Posted 20 August 2010 - 12:00 PM

Hi

please run this fix:

Run OTL
  • Under the Custom Scans/Fixes box at the bottom, paste in the following
    CODE
    :otl
    O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1 213.109.64.109 213.109.73.42
    :files
    C:\Windows\tasks\at*.job
    :commands
    [emtpytemp]
  • Then click the Run Fix button at the top
  • Let the program run unhindered, when done it will say "Fix Complete press ok to open the log"
  • Please post that log in your next reply.

    Note: If a file or folder cannot be moved immediately you may be asked to reboot the machine to finish the move process.
    If you are asked to reboot the machine choose Yes. In this case, after the reboot, open Notepad (Start->All Programs->Accessories->Notepad), click File->Open, in the File Name box enter *.log and press the Enter key, navigate to the C:\_OTL\MovedFiles folder, and open the newest .log file present, and copy/paste the contents of that document back here in your next post.
================================Follow up scan=================================
  • Double click on OTL to run it. Make sure all other windows are closed and to let it run uninterrupted.
  • When the window appears, underneath Output at the top change it to Minimal Output.
  • Under the Standard Registry box change it to All.
  • Click the Run Scan button. Do not change any settings unless otherwise told to do so. The scan wont take long.
    • When the scan completes, it will open one notepad window. OTL.Txt a This is saved in the same location as OTL.
    • Please copy (Edit->Select All, Edit->Copy) the contents of this file and post it with your next reply.

Let me know how that works out.

regards myrti

is that a bird?  a plane? nooo it's the flying blueberry!

If I have been helping you and haven't replied in 2 days, feel free to shoot me a PM! Please don't send help request via PM, unless I am already helping you. Use the forums!

 

Follow BleepingComputer on: Facebook | Twitter | Google+


#9 sqybuzz

sqybuzz
  • Topic Starter

  • Members
  • 10 posts
  • OFFLINE
  •  
  • Local time:06:01 PM

Posted 20 August 2010 - 01:31 PM

========== OTL ==========
HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\Tcpip\Parameters\\DhcpNameServer| /E : value set successfully!
========== FILES ==========
File\Folder C:\Windows\tasks\at*.job not found.
========== COMMANDS ==========
Error: Unable to interpret <[emtpytemp]> in the current context!

OTL by OldTimer - Version 3.2.9.1 log created on 08202010_112754

OTL logfile created on: 8/20/2010 11:29:26 AM - Run 4
OTL by OldTimer - Version 3.2.9.1 Folder = C:\Users\BIOS\Desktop
Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
Internet Explorer (Version = 7.0.6002.18005)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

3.00 Gb Total Physical Memory | 2.00 Gb Available Physical Memory | 55.00% Memory free
6.00 Gb Paging File | 4.00 Gb Available in Paging File | 72.00% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 683.57 Gb Total Space | 513.89 Gb Free Space | 75.18% Space Free | Partition Type: NTFS
Drive D: | 15.00 Gb Total Space | 10.13 Gb Free Space | 67.55% Space Free | Partition Type: NTFS
E: Drive not present or media not loaded
Drive F: | 5.51 Gb Total Space | 0.00 Gb Free Space | 0.00% Space Free | Partition Type: UDF
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded
Drive L: | 7.47 Gb Total Space | 3.48 Gb Free Space | 46.55% Space Free | Partition Type: FAT32

Computer Name: BIOS-PC
Current User Name: BIOS
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: Current user
Company Name Whitelist: Off
Skip Microsoft Files: Off
File Age = 30 Days
Output = Minimal

========== Processes (SafeList) ==========

PRC - C:\Users\BIOS\Desktop\OTL.exe (OldTimer Tools)
PRC - C:\Program Files\Lavasoft\Ad-Aware\AAWTray.exe (Lavasoft)
PRC - C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe (Lavasoft)
PRC - C:\Program Files\Opera\opera.exe (Opera Software)
PRC - C:\Program Files\Mozilla Firefox\plugin-container.exe (Mozilla Corporation)
PRC - C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation)
PRC - C:\Windows\System32\atieclxx.exe (AMD)
PRC - C:\Windows\System32\atiesrxx.exe (AMD)
PRC - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe (Macrovision Europe Ltd.)
PRC - C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe (Apple Inc.)
PRC - C:\Program Files\Hide My IP\HideMyIpSrv.exe ()
PRC - C:\Program Files\Symantec\Symantec Endpoint Protection\SmcGui.exe (Symantec Corporation)
PRC - C:\Program Files\Symantec\Symantec Endpoint Protection\Smc.exe (Symantec Corporation)
PRC - C:\Program Files\Symantec\Symantec Endpoint Protection\Rtvscan.exe (Symantec Corporation)
PRC - C:\Windows\explorer.exe (Microsoft Corporation)
PRC - C:\Program Files\Common Files\Symantec Shared\ccApp.exe (Symantec Corporation)
PRC - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe (Symantec Corporation)
PRC - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\Acrotray.exe (Adobe Systems Inc.)
PRC - C:\Windows\System32\stacsv.exe (SigmaTel, Inc.)
PRC - C:\Program Files\SigmaTel\C-Major Audio\WDM\sttray.exe (SigmaTel, Inc.)


========== Modules (SafeList) ==========

MOD - C:\Users\BIOS\Desktop\OTL.exe (OldTimer Tools)
MOD - C:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.6002.18005_none_5cb72f96088b0de0\comctl32.dll (Microsoft Corporation)
MOD - C:\Windows\System32\msscript.ocx (Microsoft Corporation)


========== Win32 Services (SafeList) ==========

SRV - (CUDDJHOL) -- C:\Users\BIOS\AppData\Local\Temp\CUDDJHOL.exe (Sysinternals - www.sysinternals.com)
SRV - (TOOTHGQOH) -- C:\Users\BIOS\AppData\Local\Temp\TOOTHGQOH.exe (Sysinternals - www.sysinternals.com)
SRV - (Lavasoft Ad-Aware Service) -- C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe (Lavasoft)
SRV - (Steam Client Service) -- C:\Program Files\Common Files\Steam\SteamService.exe (Valve Corporation)
SRV - (AMD External Events Utility) -- C:\Windows\System32\atiesrxx.exe (AMD)
SRV - (FLEXnet Licensing Service) -- C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe (Macrovision Europe Ltd.)
SRV - (Apple Mobile Device) -- C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe (Apple Inc.)
SRV - (HideMyIpSRV) -- C:\Program Files\Hide My IP\HideMyIpSrv.exe ()
SRV - (SmcService) -- C:\Program Files\Symantec\Symantec Endpoint Protection\Smc.exe (Symantec Corporation)
SRV - (Symantec AntiVirus) -- C:\Program Files\Symantec\Symantec Endpoint Protection\Rtvscan.exe (Symantec Corporation)
SRV - (SNAC) -- C:\Program Files\Symantec\Symantec Endpoint Protection\SNAC.EXE (Symantec Corporation)
SRV - (ccSetMgr) -- C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe (Symantec Corporation)
SRV - (ccEvtMgr) -- C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe (Symantec Corporation)
SRV - (LiveUpdate) -- C:\Program Files\Symantec\LiveUpdate\LuComServer_3_3.EXE (Symantec Corporation)
SRV - (WinDefend) -- C:\Program Files\Windows Defender\MpSvc.dll (Microsoft Corporation)
SRV - (STacSV) -- C:\Windows\System32\stacsv.exe (SigmaTel, Inc.)


========== Driver Services (SafeList) ==========

DRV - (NwlnkFwd) -- C:\Windows\System32\DRIVERS\nwlnkfwd.sys File not found
DRV - (NwlnkFlt) -- C:\Windows\System32\DRIVERS\nwlnkflt.sys File not found
DRV - (MEMSWEEP2) -- C:\Windows\System32\1A99.tmp File not found
DRV - (mcdbus) -- C:\Windows\System32\DRIVERS\mcdbus.sys File not found
DRV - (IpInIp) -- C:\Windows\System32\DRIVERS\ipinip.sys File not found
DRV - (catchme) -- C:\Users\BIOS\AppData\Local\Temp\catchme.sys File not found
DRV - (BCM42RLY) -- C:\Windows\System32\drivers\BCM42RLY.sys File not found
DRV - (Lavasoft Kernexplorer) -- C:\Program Files\Lavasoft\Ad-Aware\kernexplorer.sys ()
DRV - (NAVEX15) -- C:\ProgramData\Symantec\Definitions\VirusDefs\20100819.019\NAVEX15.SYS (Symantec Corporation)
DRV - (NAVENG) -- C:\ProgramData\Symantec\Definitions\VirusDefs\20100819.019\NAVENG.SYS (Symantec Corporation)
DRV - (Lbd) -- C:\Windows\system32\DRIVERS\Lbd.sys (Lavasoft AB)
DRV - (atikmdag) -- C:\Windows\System32\drivers\atikmdag.sys (ATI Technologies Inc.)
DRV - (amdkmdag) -- C:\Windows\System32\drivers\atikmdag.sys (ATI Technologies Inc.)
DRV - (amdkmdap) -- C:\Windows\System32\drivers\atikmpag.sys (Advanced Micro Devices, Inc.)
DRV - (taphss) -- C:\Windows\System32\drivers\taphss.sys (AnchorFree Inc)
DRV - (WpsHelper) -- C:\Windows\System32\drivers\WpsHelper.sys (Symantec Corporation)
DRV - (SymEvent) -- C:\Windows\System32\drivers\SYMEVENT.SYS (Symantec Corporation)
DRV - (eeCtrl) -- C:\Program Files\Common Files\Symantec Shared\EENGINE\eeCtrl.sys (Symantec Corporation)
DRV - (EraserUtilRebootDrv) -- C:\Program Files\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys (Symantec Corporation)
DRV - (AtiHdmiService) -- C:\Windows\System32\drivers\AtiHdmi.sys (ATI Technologies, Inc.)
DRV - (WPS) -- C:\Windows\System32\drivers\WPSDRVnt.sys (Symantec Corporation)
DRV - (WinUsb) -- C:\Windows\System32\drivers\winusb.sys (Microsoft Corporation)
DRV - (SRTSPL) -- C:\Windows\System32\drivers\srtspl.sys (Symantec Corporation)
DRV - (SRTSP) -- C:\Windows\System32\drivers\srtsp.sys (Symantec Corporation)
DRV - (SRTSPX) -- C:\Windows\System32\drivers\srtspx.sys (Symantec Corporation)
DRV - (COH_Mon) -- C:\Windows\System32\drivers\COH_Mon.sys (Symantec Corporation)
DRV - (Teefer2) -- C:\Windows\System32\drivers\Teefer2.sys (Symantec Corporation)
DRV - (SPBBCDrv) -- C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCDrv.sys (Symantec Corporation)
DRV - (SYMTDI) -- C:\Windows\System32\Drivers\SYMTDI.SYS (Symantec Corporation)
DRV - (SYMREDRV) -- C:\Windows\System32\Drivers\SYMREDRV.SYS (Symantec Corporation)
DRV - (MegaSR) -- C:\Windows\system32\drivers\megasr.sys (LSI Corporation, Inc.)
DRV - (adpu320) -- C:\Windows\system32\drivers\adpu320.sys (Adaptec, Inc.)
DRV - (megasas) -- C:\Windows\system32\drivers\megasas.sys (LSI Corporation)
DRV - (adpu160m) -- C:\Windows\system32\drivers\adpu160m.sys (Adaptec, Inc.)
DRV - (SiSRaid4) -- C:\Windows\system32\drivers\sisraid4.sys (Silicon Integrated Systems)
DRV - (HpCISSs) -- C:\Windows\system32\drivers\hpcisss.sys (Hewlett-Packard Company)
DRV - (VST_DPV) -- C:\Windows\System32\drivers\VSTDPV3.SYS (Conexant Systems, Inc.)
DRV - (winachsf) -- C:\Windows\System32\drivers\VSTCNXT3.SYS (Conexant Systems, Inc.)
DRV - (adpahci) -- C:\Windows\system32\drivers\adpahci.sys (Adaptec, Inc.)
DRV - (VSTHWBS2) -- C:\Windows\System32\drivers\VSTBS23.SYS (Conexant Systems, Inc.)
DRV - (e1express) Intel® -- C:\Windows\System32\drivers\e1e6032.sys (Intel Corporation)
DRV - (LSI_SAS) -- C:\Windows\system32\drivers\lsi_sas.sys (LSI Logic)
DRV - (ql2300) -- C:\Windows\system32\drivers\ql2300.sys (QLogic Corporation)
DRV - (E1G60) Intel® -- C:\Windows\System32\drivers\E1G60I32.sys (Intel Corporation)
DRV - (arcsas) -- C:\Windows\system32\drivers\arcsas.sys (Adaptec, Inc.)
DRV - (iaStorV) -- C:\Windows\system32\drivers\iastorv.sys (Intel Corporation)
DRV - (vsmraid) -- C:\Windows\system32\drivers\vsmraid.sys (VIA Technologies Inc.,Ltd)
DRV - (ulsata2) -- C:\Windows\system32\drivers\ulsata2.sys (Promise Technology, Inc.)
DRV - (LSI_SCSI) -- C:\Windows\system32\drivers\lsi_scsi.sys (LSI Logic)
DRV - (LSI_FC) -- C:\Windows\system32\drivers\lsi_fc.sys (LSI Logic)
DRV - (arc) -- C:\Windows\system32\drivers\arc.sys (Adaptec, Inc.)
DRV - (elxstor) -- C:\Windows\system32\drivers\elxstor.sys (Emulex)
DRV - (adp94xx) -- C:\Windows\system32\drivers\adp94xx.sys (Adaptec, Inc.)
DRV - (nvraid) -- C:\Windows\system32\drivers\nvraid.sys (NVIDIA Corporation)
DRV - (nvstor) -- C:\Windows\system32\drivers\nvstor.sys (NVIDIA Corporation)
DRV - (uliahci) -- C:\Windows\system32\drivers\uliahci.sys (ULi Electronics Inc.)
DRV - (viaide) -- C:\Windows\system32\drivers\viaide.sys (VIA Technologies, Inc.)
DRV - (cmdide) -- C:\Windows\system32\drivers\cmdide.sys (CMD Technology, Inc.)
DRV - (aliide) -- C:\Windows\system32\drivers\aliide.sys (Acer Laboratories Inc.)
DRV - (BCM43XX) -- C:\Windows\System32\drivers\BCMWL6.SYS (Broadcom Corp.)
DRV - (BCM43XV) -- C:\Windows\System32\drivers\BCMWL6.SYS (Broadcom Corp.)
DRV - (STHDA) -- C:\Windows\System32\drivers\stwrt.sys (SigmaTel, Inc.)
DRV - (ql40xx) -- C:\Windows\system32\drivers\ql40xx.sys (QLogic Corporation)
DRV - (UlSata) -- C:\Windows\system32\drivers\ulsata.sys (Promise Technology, Inc.)
DRV - (nfrd960) -- C:\Windows\system32\drivers\nfrd960.sys (IBM Corporation)
DRV - (iirsp) -- C:\Windows\system32\drivers\iirsp.sys (Intel Corp./ICP vortex GmbH)
DRV - (aic78xx) -- C:\Windows\system32\drivers\djsvs.sys (Adaptec, Inc.)
DRV - (iteraid) -- C:\Windows\system32\drivers\iteraid.sys (Integrated Technology Express, Inc.)
DRV - (iteatapi) -- C:\Windows\system32\drivers\iteatapi.sys (Integrated Technology Express, Inc.)
DRV - (Symc8xx) -- C:\Windows\system32\drivers\symc8xx.sys (LSI Logic)
DRV - (Sym_u3) -- C:\Windows\system32\drivers\sym_u3.sys (LSI Logic)
DRV - (Mraid35x) -- C:\Windows\system32\drivers\mraid35x.sys (LSI Logic Corporation)
DRV - (Sym_hi) -- C:\Windows\system32\drivers\sym_hi.sys (LSI Logic)
DRV - (Brserid) Brother MFC Serial Port Interface Driver (WDM) -- C:\Windows\system32\drivers\brserid.sys (Brother Industries Ltd.)
DRV - (BrUsbSer) -- C:\Windows\system32\drivers\brusbser.sys (Brother Industries Ltd.)
DRV - (BrFiltUp) -- C:\Windows\system32\drivers\brfiltup.sys (Brother Industries, Ltd.)
DRV - (BrFiltLo) -- C:\Windows\system32\drivers\brfiltlo.sys (Brother Industries, Ltd.)
DRV - (BrSerWdm) -- C:\Windows\system32\drivers\brserwdm.sys (Brother Industries Ltd.)
DRV - (BrUsbMdm) -- C:\Windows\system32\drivers\brusbmdm.sys (Brother Industries Ltd.)
DRV - (ntrigdigi) -- C:\Windows\system32\drivers\ntrigdigi.sys (N-trig Innovative Technologies)


========== Standard Registry (All) ==========


========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL = [binary data]
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Extensions Off Page = about:NoAdd-ons
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Security Risk Page = about:SecurityRisk
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,CustomizeSearch = http://ie.search.msn.com/{SUB_RFC1766}/srchasst/srchcust.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = http://ie.search.msn.com/{SUB_RFC1766}/srchasst/srchasst.htm

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\system32\blank.htm
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft.com/isapi/redir.dll?p...amp;ar=iesearch
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.com/
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,StartPageCache = 1
IE - HKCU\..\URLSearchHook: {CFBFAE00-17A6-11D0-99CB-00C04FD64497} - C:\Windows\System32\ieframe.dll (Microsoft Corporation)
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = local
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyServer" = 208.98.19.64:52931

========== FireFox ==========

FF - prefs.js..browser.startup.homepage: "http://www.google.com"
FF - prefs.js..extensions.enabledItems: seotoolbar@seobook.com:1.0.18
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}:6.0.20
FF - prefs.js..extensions.enabledItems: {20a82645-c095-46ed-80e3-08825760534b}:1.2.1
FF - prefs.js..extensions.enabledItems: {d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}:1.2.1
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}:6.0.21
FF - prefs.js..extensions.enabledItems: {972ce4c6-7e08-4474-a285-3208198ce6fd}:3.6.8
FF - prefs.js..keyword.URL: "http://www.google.com/search?ie=UTF-8&oe=UTF-8&sourceid=navclient&gfns=1&q="
FF - prefs.js..network.proxy.type: 1

FF - HKLM\software\mozilla\Firefox\Extensions\\{20a82645-c095-46ed-80e3-08825760534b}: c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\ [2010/07/03 18:19:35 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.6.8\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2010/07/25 23:55:42 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.6.8\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2010/08/06 11:01:44 | 000,000,000 | ---D | M]

[2010/05/26 23:31:15 | 000,000,000 | ---D | M] -- C:\Users\BIOS\AppData\Roaming\Mozilla\Extensions
[2010/05/26 23:31:15 | 000,000,000 | ---D | M] (No name found) -- C:\Users\BIOS\AppData\Roaming\Mozilla\Extensions\{ec8030f7-c20a-464f-9b0e-13a3a9e97384}
[2010/08/19 13:42:31 | 000,000,000 | ---D | M] -- C:\Users\BIOS\AppData\Roaming\Mozilla\Firefox\Profiles\hvuh5y4l.default\extensions
[2010/07/04 22:38:23 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Users\BIOS\AppData\Roaming\Mozilla\Firefox\Profiles\hvuh5y4l.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}
[2010/07/31 21:13:30 | 000,000,000 | ---D | M] (Adblock Plus) -- C:\Users\BIOS\AppData\Roaming\Mozilla\Firefox\Profiles\hvuh5y4l.default\extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}
[2010/06/25 20:44:32 | 000,000,000 | ---D | M] -- C:\Users\BIOS\AppData\Roaming\Mozilla\Firefox\Profiles\hvuh5y4l.default\extensions\seotoolbar@seobook.com
[2010/08/09 11:15:40 | 000,000,000 | ---D | M] -- C:\Program Files\Mozilla Firefox\extensions
[2010/07/25 23:55:42 | 000,000,000 | ---D | M] (Default) -- C:\Program Files\Mozilla Firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
[2010/05/29 21:48:28 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}
[2010/08/09 11:15:40 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}
[2010/07/25 23:55:40 | 000,023,512 | ---- | M] (Mozilla Foundation) -- C:\Program Files\Mozilla Firefox\components\browserdirprovider.dll
[2010/07/25 23:55:40 | 000,138,712 | ---- | M] (Mozilla Foundation) -- C:\Program Files\Mozilla Firefox\components\brwsrcmp.dll
[2010/07/17 05:00:04 | 000,423,656 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\Mozilla Firefox\plugins\npdeployJava1.dll
[2010/07/25 23:55:41 | 000,064,984 | ---- | M] (mozilla.org) -- C:\Program Files\Mozilla Firefox\plugins\npnul32.dll
[2006/10/26 20:12:16 | 000,016,192 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Mozilla Firefox\plugins\NPOFF12.DLL
[2008/10/14 21:33:29 | 000,095,600 | ---- | M] (Adobe Systems Inc.) -- C:\Program Files\Mozilla Firefox\plugins\nppdf32.dll
[2010/04/01 08:56:18 | 000,001,394 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\amazondotcom.xml
[2010/04/01 08:56:18 | 000,002,193 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\answers.xml
[2010/04/01 08:56:18 | 000,001,534 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\creativecommons.xml
[2010/04/01 08:56:18 | 000,002,344 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\eBay.xml
[2010/04/01 08:56:18 | 000,002,371 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\google.xml
[2010/04/01 08:56:18 | 000,001,178 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\wikipedia.xml
[2010/04/01 08:56:18 | 000,001,096 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\yahoo.xml

O1 HOSTS File: ([2010/08/11 16:17:50 | 000,000,027 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O2 - BHO: (Adobe PDF Link Helper) - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll (Adobe Systems Incorporated)
O2 - BHO: (Adobe PDF Conversion Toolbar Helper) - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O2 - BHO: (Java™ Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll (Sun Microsystems, Inc.)
O2 - BHO: (FlashFXP Helper for Internet Explorer) - {E5A1691B-D188-4419-AD02-90002030B8EE} - C:\Program Files\FlashFXP\IEFlash.dll (IniCom Networks, Inc.)
O3 - HKLM\..\Toolbar: (Adobe PDF) - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O3 - HKCU\..\Toolbar\WebBrowser: (Adobe PDF) - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O4 - HKLM..\Run: [Acrobat Assistant 8.0] C:\Program Files\Adobe\Acrobat 8.0\Acrobat\Acrotray.exe (Adobe Systems Inc.)
O4 - HKLM..\Run: [Adobe ARM] C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe (Adobe Systems Incorporated)
O4 - HKLM..\Run: [Adobe Reader Speed Launcher] C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe (Adobe Systems Incorporated)
O4 - HKLM..\Run: [ATICustomerCare] C:\Program Files\ATI\ATICustomerCare\ATICustomerCare.exe (Advanced Micro Devices, Inc.)
O4 - HKLM..\Run: [Broadcom Wireless Manager UI] C:\Windows\System32\WLTRAY.EXE (Dell Inc.)
O4 - HKLM..\Run: [ccApp] C:\Program Files\Common Files\Symantec Shared\ccApp.exe (Symantec Corporation)
O4 - HKLM..\Run: [SigmatelSysTrayApp] C:\Program Files\SigmaTel\C-Major Audio\WDM\sttray.exe (SigmaTel, Inc.)
O4 - HKLM..\Run: [StartCCC] C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe (Advanced Micro Devices, Inc.)
O4 - HKLM..\Run: [SunJavaUpdateSched] C:\Program Files\Common Files\Java\Java Update\jusched.exe (Sun Microsystems, Inc.)
O4 - HKLM..\Run: [Windows Defender] C:\Program Files\Windows Defender\MSASCui.exe (Microsoft Corporation)
O4 - HKCU..\Run: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe (Microsoft Corporation)
O4 - HKCU..\Run: [Steam] C:\Program Files\Steam\Steam.exe (Valve Corporation)
O4 - HKCU..\RunOnce: [FlashPlayerUpdate] C:\Windows\System32\Macromed\Flash\FlashUtil10h_Plugin.exe (Adobe Systems, Inc.)
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: BindDirectlyToPropertySetStorage = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 2
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableInstallerDetection = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLUA = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableSecureUIAPaths = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableVirtualization = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: PromptOnSecureDesktop = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ValidateAdminCodeSignatures = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: dontdisplaylastusername = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: legalnoticecaption =
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: legalnoticetext =
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: scforceoption = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: shutdownwithoutlogon = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: undockwithoutlogon = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: FilterAdministratorToken = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableUIADesktopToggle = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: DisableRegistryTools = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats: CF_TEXT = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats: CF_BITMAP = 2
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats: CF_OEMTEXT = 7
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats: CF_DIB = 8
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats: CF_PALETTE = 9
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats: CF_UNICODETEXT = 13
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats: CF_DIBV5 = 17
O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: disableregistrytools = 0
O9 - Extra Button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office\Office12\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office\Office12\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra Button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\Program Files\Microsoft Office\Office12\REFIEBAR.DLL (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000001 [] - C:\Windows\System32\nlaapi.dll (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000002 [] - C:\Windows\System32\NapiNSP.dll (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000003 [] - C:\Windows\System32\pnrpnsp.dll (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000004 [] - C:\Windows\System32\pnrpnsp.dll (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000005 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000006 [] - C:\Windows\System32\mswsock.dll (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000007 [] - C:\Windows\System32\winrnr.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000001 - C:\Windows\System32\HMIPCore.dll (My Privacy Tools, Inc.)
O10 - Protocol_Catalog9\Catalog_Entries\000000000002 - C:\Windows\System32\HMIPCore.dll (My Privacy Tools, Inc.)
O10 - Protocol_Catalog9\Catalog_Entries\000000000003 - C:\Windows\System32\HMIPCore.dll (My Privacy Tools, Inc.)
O10 - Protocol_Catalog9\Catalog_Entries\000000000004 - C:\Windows\System32\HMIPCore.dll (My Privacy Tools, Inc.)
O10 - Protocol_Catalog9\Catalog_Entries\000000000005 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000006 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000007 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000008 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000009 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000010 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000011 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000012 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000013 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000014 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000015 - C:\Windows\System32\HMIPCore.dll (My Privacy Tools, Inc.)
O10 - Protocol_Catalog9\Catalog_Entries\000000000016 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000017 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000018 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000019 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000020 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000021 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000022 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000023 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000024 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000025 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000026 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000027 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000028 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000029 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Java Plug-in 1.6.0_21)
O16 - DPF: {CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Java Plug-in 1.6.0_21)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Java Plug-in 1.6.0_21)
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab (Reg Error: Key error.)
O18 - Protocol\Handler\about {3050F406-98B5-11CF-BB82-00AA00BDCE0B} - C:\Windows\System32\mshtml.dll (Microsoft Corporation)
O18 - Protocol\Handler\cdl {3dd53d40-7b8b-11D0-b013-00aa0059ce02} - C:\Windows\System32\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Handler\dvd {12D51199-0DB5-46FE-A120-47A3D7D937CC} - C:\Windows\System32\MSVidCtl.dll (Microsoft Corporation)
O18 - Protocol\Handler\file {79eac9e7-baf9-11ce-8c82-00aa004ba90b} - C:\Windows\System32\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Handler\ftp {79eac9e3-baf9-11ce-8c82-00aa004ba90b} - C:\Windows\System32\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Handler\gopher {79eac9e4-baf9-11ce-8c82-00aa004ba90b} - C:\Windows\System32\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Handler\http {79eac9e2-baf9-11ce-8c82-00aa004ba90b} - C:\Windows\System32\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Handler\http\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\http\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\https {79eac9e5-baf9-11ce-8c82-00aa004ba90b} - C:\Windows\System32\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Handler\https\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\https\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\its {9D148291-B9C8-11D0-A4CC-0000F80149F6} - C:\Windows\System32\itss.dll (Microsoft Corporation)
O18 - Protocol\Handler\javascript {3050F3B2-98B5-11CF-BB82-00AA00BDCE0B} - C:\Windows\System32\mshtml.dll (Microsoft Corporation)
O18 - Protocol\Handler\local {79eac9e7-baf9-11ce-8c82-00aa004ba90b} - C:\Windows\System32\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Handler\mailto {3050f3DA-98B5-11CF-BB82-00AA00BDCE0B} - C:\Windows\System32\mshtml.dll (Microsoft Corporation)
O18 - Protocol\Handler\mhtml {05300401-BCBC-11d0-85E3-00C04FD85AB4} - C:\Windows\System32\inetcomm.dll (Microsoft Corporation)
O18 - Protocol\Handler\mk {79eac9e6-baf9-11ce-8c82-00aa004ba90b} - C:\Windows\System32\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp - No CLSID value found
O18 - Protocol\Handler\msdaipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - C:\Program Files\Common Files\microsoft shared\Help\hxds.dll (Microsoft Corporation)
O18 - Protocol\Handler\ms-its {9D148291-B9C8-11D0-A4CC-0000F80149F6} - C:\Windows\System32\itss.dll (Microsoft Corporation)
O18 - Protocol\Handler\res {3050F3BC-98B5-11CF-BB82-00AA00BDCE0B} - C:\Windows\System32\mshtml.dll (Microsoft Corporation)
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O18 - Protocol\Handler\tv {CBD30858-AF45-11D2-B6D6-00C04FBBDE6E} - C:\Windows\System32\MSVidCtl.dll (Microsoft Corporation)
O18 - Protocol\Handler\vbscript {3050F3B2-98B5-11CF-BB82-00AA00BDCE0B} - C:\Windows\System32\mshtml.dll (Microsoft Corporation)
O18 - Protocol\Filter\application/octet-stream {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - C:\Windows\System32\mscoree.dll (Microsoft Corporation)
O18 - Protocol\Filter\application/x-complus {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - C:\Windows\System32\mscoree.dll (Microsoft Corporation)
O18 - Protocol\Filter\application/x-msdownload {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - C:\Windows\System32\mscoree.dll (Microsoft Corporation)
O18 - Protocol\Filter\deflate {8f6b0360-b80d-11d0-a9b3-006097942311} - C:\Windows\System32\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Filter\gzip {8f6b0360-b80d-11d0-a9b3-006097942311} - C:\Windows\System32\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Filter\text/xml {807563E5-5146-11D5-A672-00B0D022E945} - C:\Program Files\Common Files\microsoft shared\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\System32\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (rundll32 shell32) - C:\Windows\System32\shell32.dll (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (Control_RunDLL "sysdm.cpl") - C:\Windows\System32\sysdm.cpl (Microsoft Corporation)
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - C:\Windows\System32\webcheck.dll (Microsoft Corporation)
O22 - SharedTaskScheduler: {8C7461EF-2B13-11d2-BE35-3078302C2030} - Component Categories cache daemon - C:\Windows\System32\browseui.dll (Microsoft Corporation)
O24 - Desktop WallPaper: C:\Windows\Web\Wallpaper\img24.jpg
O24 - Desktop BackupWallPaper: C:\Windows\Web\Wallpaper\img24.jpg
O28 - HKLM ShellExecuteHooks: {AEB6717E-7E19-11d0-97EE-00C04FD91972} - Reg Error: Key error. File not found
O29 - HKLM SecurityProviders - (credssp.dll) - C:\Windows\System32\credssp.dll (Microsoft Corporation)
O30 - LSA: Authentication Packages - (msv1_0) - C:\Windows\System32\msv1_0.dll (Microsoft Corporation)
O30 - LSA: Security Packages - (kerberos) - C:\Windows\System32\kerberos.dll (Microsoft Corporation)
O30 - LSA: Security Packages - (msv1_0) - C:\Windows\System32\msv1_0.dll (Microsoft Corporation)
O30 - LSA: Security Packages - (schannel) - C:\Windows\System32\schannel.dll (Microsoft Corporation)
O30 - LSA: Security Packages - (wdigest) - C:\Windows\System32\wdigest.dll (Microsoft Corporation)
O30 - LSA: Security Packages - (tspkg) - C:\Windows\System32\tspkg.dll (Microsoft Corporation)
O31 - SafeBoot: AlternateShell - cmd.exe
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2006/09/18 14:43:36 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O32 - AutoRun File - [2008/09/08 14:13:25 | 000,000,058 | R--- | M] () - F:\autorun.inf -- [ UDF ]
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O34 - HKLM BootExecute: (lsdelete) - C:\Windows\System32\lsdelete.exe ()
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

========== Files/Folders - Created Within 30 Days ==========

[2010/08/20 11:27:54 | 000,000,000 | ---D | C] -- C:\_OTL
[2010/08/19 10:39:09 | 000,575,488 | ---- | C] (OldTimer Tools) -- C:\Users\BIOS\Desktop\OTL(2).exe
[2010/08/18 20:48:37 | 000,000,000 | ---D | C] -- C:\Users\BIOS\AppData\Local\Fallout3
[2010/08/18 14:55:26 | 000,000,000 | ---D | C] -- C:\Users\BIOS\Desktop\blu_cigs
[2010/08/17 22:06:42 | 000,000,000 | ---D | C] -- C:\Program Files\Sophos
[2010/08/16 18:58:05 | 000,000,000 | ---D | C] -- C:\Program Files\Bethesda Softworks
[2010/08/16 18:55:19 | 000,000,000 | ---D | C] -- C:\Windows\System32\xlive
[2010/08/15 11:11:06 | 000,000,000 | ---D | C] -- C:\Windows\Minidump
[2010/08/14 20:01:24 | 000,000,000 | ---D | C] -- C:\ProgramData\ATI
[2010/08/14 19:52:13 | 000,000,000 | ---D | C] -- C:\ProgramData\WindowsSearch
[2010/08/14 19:47:48 | 000,000,000 | ---D | C] -- C:\ATI
[2010/08/14 19:23:58 | 002,106,216 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\D3DCompiler_43.dll
[2010/08/14 19:23:58 | 000,527,192 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\XAudio2_7.dll
[2010/08/14 19:23:58 | 000,239,960 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\xactengine3_7.dll
[2010/08/14 19:23:58 | 000,074,072 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\XAPOFX1_5.dll
[2010/08/14 19:23:57 | 001,998,168 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\D3DX9_43.dll
[2010/08/14 19:23:57 | 001,868,128 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\d3dcsx_43.dll
[2010/08/14 19:23:57 | 000,470,880 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\d3dx10_43.dll
[2010/08/14 19:23:57 | 000,248,672 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\d3dx11_43.dll
[2010/08/14 19:07:09 | 000,000,000 | ---D | C] -- C:\Users\BIOS\AppData\Local\PunkBuster
[2010/08/14 19:07:04 | 000,000,000 | ---D | C] -- C:\Users\BIOS\Documents\BFBC2
[2010/08/14 18:42:57 | 000,000,000 | ---D | C] -- C:\Program Files\Electronic Arts
[2010/08/14 11:32:38 | 000,574,976 | ---- | C] (OldTimer Tools) -- C:\Users\BIOS\Desktop\OTL.exe
[2010/08/14 11:15:02 | 001,642,496 | ---- | C] (Chilkat Software, Inc.) -- C:\Windows\System32\ChilkatMail_v7_9.dll
[2010/08/14 11:15:02 | 000,180,224 | ---- | C] (Intel Corporation) -- C:\Windows\System32\ijl11.dll
[2010/08/12 21:03:18 | 000,000,000 | ---D | C] -- C:\32788R22FWJFW
[2010/08/11 16:54:37 | 000,000,000 | -HSD | C] -- C:\$RECYCLE.BIN
[2010/08/11 16:54:34 | 000,000,000 | ---D | C] -- C:\Users\BIOS\AppData\Local\Temp
[2010/08/11 16:39:33 | 000,081,920 | ---- | C] (Radius Inc.) -- C:\Windows\System32\iccvid.dll
[2010/08/11 16:39:25 | 000,193,024 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iepeers.dll
[2010/08/11 16:39:24 | 000,078,336 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieencode.dll
[2010/08/11 16:39:23 | 000,380,928 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieapfltr.dll
[2010/08/11 16:39:13 | 002,037,760 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\win32k.sys
[2010/08/11 16:39:12 | 000,036,864 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\rtutils.dll
[2010/08/11 16:39:01 | 003,600,768 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ntkrnlpa.exe
[2010/08/11 16:38:58 | 003,548,040 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ntoskrnl.exe
[2010/08/11 16:17:03 | 000,000,000 | ---D | C] -- C:\Windows\temp
[2010/08/11 16:11:59 | 000,212,480 | ---- | C] (SteelWerX) -- C:\Windows\SWXCACLS.exe
[2010/08/11 15:03:51 | 000,038,224 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbamswissarmy.sys
[2010/08/11 15:03:49 | 000,020,952 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbam.sys
[2010/08/11 15:03:49 | 000,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware
[2010/08/10 10:49:49 | 000,000,000 | ---D | C] -- C:\Users\BIOS\Desktop\New Folder (2)
[2010/08/09 11:16:41 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Java
[2010/08/09 11:15:39 | 000,153,376 | ---- | C] (Sun Microsystems, Inc.) -- C:\Windows\System32\javaws.exe
[2010/08/09 11:15:39 | 000,145,184 | ---- | C] (Sun Microsystems, Inc.) -- C:\Windows\System32\javaw.exe
[2010/08/09 11:15:39 | 000,145,184 | ---- | C] (Sun Microsystems, Inc.) -- C:\Windows\System32\java.exe
[2010/08/08 00:02:31 | 000,064,288 | ---- | C] (Lavasoft AB) -- C:\Windows\System32\drivers\Lbd.sys
[2010/08/08 00:00:06 | 000,000,000 | -H-D | C] -- C:\ProgramData\{BD986C1B-72EC-4B82-B47B-6CAC4E6F494E}
[2010/08/07 23:59:18 | 000,000,000 | ---D | C] -- C:\Program Files\Lavasoft
[2010/08/03 21:40:22 | 000,031,232 | ---- | C] (NirSoft) -- C:\Windows\NIRCMD.exe
[2010/08/03 21:38:50 | 000,161,792 | ---- | C] (SteelWerX) -- C:\Windows\SWREG.exe
[2010/08/03 21:38:50 | 000,136,704 | ---- | C] (SteelWerX) -- C:\Windows\SWSC.exe
[2010/08/03 21:38:21 | 000,000,000 | ---D | C] -- C:\Windows\ERDNT
[2010/08/03 21:37:44 | 000,000,000 | ---D | C] -- C:\Qoobox
[2010/08/03 12:16:02 | 000,000,000 | ---D | C] -- C:\Users\BIOS\AppData\Roaming\Opera
[2010/08/03 12:16:02 | 000,000,000 | ---D | C] -- C:\Users\BIOS\AppData\Local\Opera
[2010/08/03 12:15:52 | 000,000,000 | ---D | C] -- C:\Program Files\Opera
[2010/07/30 18:19:18 | 000,000,000 | ---D | C] -- C:\Windows\System32\eu-ES
[2010/07/30 18:19:18 | 000,000,000 | ---D | C] -- C:\Windows\System32\ca-ES
[2010/07/30 18:19:16 | 000,000,000 | ---D | C] -- C:\Windows\System32\vi-VN
[2010/07/30 18:03:10 | 000,000,000 | ---D | C] -- C:\Windows\System32\EventProviders
[2010/07/30 17:16:17 | 000,000,000 | ---D | C] -- C:\Users\BIOS\Desktop\backups
[2010/07/30 17:14:59 | 000,388,608 | ---- | C] (Trend Micro Inc.) -- C:\Users\BIOS\Desktop\HijackThis.exe
[2010/07/30 14:50:44 | 000,000,000 | ---D | C] -- C:\Users\BIOS\AppData\Local\Adobe
[2010/07/30 14:20:17 | 000,000,000 | ---D | C] -- C:\ProgramData\SUPERAntiSpyware.com
[2010/07/29 22:37:09 | 000,000,000 | ---D | C] -- C:\Users\BIOS\AppData\Roaming\Malwarebytes
[2010/07/29 22:37:00 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes
[2010/07/27 17:25:16 | 000,000,000 | ---D | C] -- C:\ProgramData\Spybot - Search & Destroy
[2010/07/27 17:25:16 | 000,000,000 | ---D | C] -- C:\Program Files\Spybot - Search & Destroy
[2010/07/25 19:25:47 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Steam
[2010/07/25 19:25:38 | 000,000,000 | ---D | C] -- C:\Program Files\Steam
[1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2010/08/20 11:27:32 | 007,864,320 | -HS- | M] () -- C:\Users\BIOS\NTUSER.DAT
[2010/08/20 11:06:05 | 000,003,616 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
[2010/08/20 11:06:05 | 000,003,616 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
[2010/08/20 09:06:30 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2010/08/19 14:21:34 | 000,000,416 | -H-- | M] () -- C:\Windows\tasks\User_Feed_Synchronization-{4C85487F-5F2B-4011-88BA-1B14BCA19970}.job
[2010/08/19 10:39:11 | 000,575,488 | ---- | M] (OldTimer Tools) -- C:\Users\BIOS\Desktop\OTL(2).exe
[2010/08/18 15:30:46 | 000,006,656 | ---- | M] () -- C:\Users\BIOS\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2010/08/18 10:41:23 | 003,001,336 | ---- | M] () -- C:\Users\BIOS\Desktop\backup-8.18.2010_13-22-10_services.tar.gz
[2010/08/18 10:27:47 | 000,000,740 | ---- | M] () -- C:\Users\BIOS\Application Data\Microsoft\Internet Explorer\Quick Launch\Opera.lnk
[2010/08/18 10:27:47 | 000,000,716 | ---- | M] () -- C:\Users\Public\Desktop\Opera.lnk
[2010/08/18 10:16:03 | 000,690,960 | ---- | M] () -- C:\Windows\System32\PerfStringBackup.INI
[2010/08/18 10:16:03 | 000,582,792 | ---- | M] () -- C:\Windows\System32\perfh009.dat
[2010/08/18 10:16:03 | 000,096,864 | ---- | M] () -- C:\Windows\System32\perfc009.dat
[2010/08/18 10:11:55 | 000,000,006 | -H-- | M] () -- C:\Windows\tasks\SA.DAT
[2010/08/18 10:11:34 | 3219,050,496 | -HS- | M] () -- C:\hiberfil.sys
[2010/08/17 22:37:14 | 000,524,288 | -HS- | M] () -- C:\Users\BIOS\NTUSER.DAT{c0bcf361-a95f-11df-a08b-002219058294}.TMContainer00000000000000000002.regtrans-ms
[2010/08/17 22:37:14 | 000,524,288 | -HS- | M] () -- C:\Users\BIOS\NTUSER.DAT{c0bcf361-a95f-11df-a08b-002219058294}.TMContainer00000000000000000001.regtrans-ms
[2010/08/17 22:37:14 | 000,065,536 | -HS- | M] () -- C:\Users\BIOS\NTUSER.DAT{c0bcf361-a95f-11df-a08b-002219058294}.TM.blf
[2010/08/17 22:37:02 | 002,912,823 | -H-- | M] () -- C:\Users\BIOS\AppData\Local\IconCache.db
[2010/08/16 14:52:24 | 000,139,128 | ---- | M] () -- C:\Windows\System32\drivers\PnkBstrK.sys
[2010/08/16 14:52:15 | 000,215,128 | ---- | M] () -- C:\Windows\System32\PnkBstrB.xtr
[2010/08/16 00:26:49 | 000,524,288 | -HS- | M] () -- C:\Users\BIOS\NTUSER.DAT{3a539871-6a70-11db-887c-d362bd253390}.TMContainer00000000000000000001.regtrans-ms
[2010/08/16 00:26:49 | 000,065,536 | -HS- | M] () -- C:\Users\BIOS\NTUSER.DAT{3a539871-6a70-11db-887c-d362bd253390}.TM.blf
[2010/08/15 22:23:27 | 000,000,293 | ---- | M] () -- C:\Users\BIOS\Desktop\ITS A WAR.lnk
[2010/08/15 11:10:51 | 417,657,012 | ---- | M] () -- C:\Windows\MEMORY.DMP
[2010/08/14 19:58:02 | 000,001,935 | ---- | M] () -- C:\Users\Public\Desktop\Play The Lord of the Rings Online™ - FREE for 10 Days!.lnk
[2010/08/14 18:54:21 | 000,138,056 | ---- | M] () -- C:\Users\BIOS\AppData\Roaming\PnkBstrK.sys
[2010/08/14 18:54:04 | 002,434,856 | ---- | M] () -- C:\Windows\System32\pbsvc_bc2.exe
[2010/08/14 15:28:33 | 000,109,627 | ---- | M] () -- C:\Users\BIOS\Desktop\1814973.jpg
[2010/08/14 11:32:39 | 000,574,976 | ---- | M] (OldTimer Tools) -- C:\Users\BIOS\Desktop\OTL.exe
[2010/08/14 11:15:02 | 000,001,588 | ---- | M] () -- C:\Users\BIOS\Desktop\SENuke.lnk
[2010/08/14 10:54:24 | 001,713,856 | ---- | M] () -- C:\Windows\System32\FNTCACHE.DAT
[2010/08/11 16:17:55 | 000,000,215 | ---- | M] () -- C:\Windows\system.ini
[2010/08/11 16:17:50 | 000,000,027 | ---- | M] () -- C:\Windows\System32\drivers\etc\hosts
[2010/08/11 16:11:51 | 003,816,460 | R--- | M] () -- C:\Users\BIOS\Desktop\etavaresCF.exe
[2010/08/11 15:03:55 | 000,000,820 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes' Anti-Malware.lnk
[2010/08/08 00:00:04 | 000,001,009 | ---- | M] () -- C:\Users\Public\Desktop\Ad-Aware.lnk
[2010/08/04 09:36:25 | 000,400,684 | ---- | M] () -- C:\Users\BIOS\Desktop\RafordReport.zip
[2010/07/30 18:31:07 | 000,000,945 | ---- | M] () -- C:\Users\BIOS\Application Data\Microsoft\Internet Explorer\Quick Launch\Launch Internet Explorer Browser.lnk
[2010/07/29 22:33:27 | 000,388,608 | ---- | M] (Trend Micro Inc.) -- C:\Users\BIOS\Desktop\HijackThis.exe
[2010/07/28 15:56:11 | 000,000,806 | ---- | M] () -- C:\Users\BIOS\Desktop\CCleaner.lnk
[2010/07/26 15:05:19 | 000,102,400 | ---- | M] () -- C:\Users\BIOS\Documents\home mortgage.msam
[2010/07/26 11:22:48 | 000,019,681 | ---- | M] () -- C:\Users\BIOS\Desktop\tripadvisor_trc.png
[2010/07/25 19:37:30 | 000,000,215 | ---- | M] () -- C:\Users\BIOS\Desktop\Supreme Commander 2.url
[2010/07/25 19:32:16 | 000,000,788 | ---- | M] () -- C:\Users\Public\Desktop\Steam.lnk
[1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]

========== Files Created - No Company Name ==========

[2010/08/18 14:53:30 | 000,006,656 | ---- | C] () -- C:\Users\BIOS\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2010/08/18 10:22:40 | 003,001,336 | ---- | C] () -- C:\Users\BIOS\Desktop\backup-8.18.2010_13-22-10_services.tar.gz
[2010/08/16 10:58:22 | 000,524,288 | -HS- | C] () -- C:\Users\BIOS\NTUSER.DAT{c0bcf361-a95f-11df-a08b-002219058294}.TMContainer00000000000000000002.regtrans-ms
[2010/08/16 10:58:22 | 000,524,288 | -HS- | C] () -- C:\Users\BIOS\NTUSER.DAT{c0bcf361-a95f-11df-a08b-002219058294}.TMContainer00000000000000000001.regtrans-ms
[2010/08/16 10:58:22 | 000,065,536 | -HS- | C] () -- C:\Users\BIOS\NTUSER.DAT{c0bcf361-a95f-11df-a08b-002219058294}.TM.blf
[2010/08/15 22:23:27 | 000,000,293 | ---- | C] () -- C:\Users\BIOS\Desktop\ITS A WAR.lnk
[2010/08/15 11:10:51 | 417,657,012 | ---- | C] () -- C:\Windows\MEMORY.DMP
[2010/08/14 19:58:02 | 000,001,935 | ---- | C] () -- C:\Users\Public\Desktop\Play The Lord of the Rings Online™ - FREE for 10 Days!.lnk
[2010/08/14 19:07:13 | 000,215,128 | ---- | C] () -- C:\Windows\System32\PnkBstrB.xtr
[2010/08/14 18:54:21 | 000,139,128 | ---- | C] () -- C:\Windows\System32\drivers\PnkBstrK.sys
[2010/08/14 18:54:21 | 000,138,056 | ---- | C] () -- C:\Users\BIOS\AppData\Roaming\PnkBstrK.sys
[2010/08/14 18:54:05 | 000,215,128 | ---- | C] () -- C:\Windows\System32\PnkBstrB.exe
[2010/08/14 18:54:04 | 002,434,856 | ---- | C] () -- C:\Windows\System32\pbsvc_bc2.exe
[2010/08/14 18:54:04 | 000,075,064 | ---- | C] () -- C:\Windows\System32\PnkBstrA.exe
[2010/08/14 15:28:33 | 000,109,627 | ---- | C] () -- C:\Users\BIOS\Desktop\1814973.jpg
[2010/08/11 21:33:34 | 000,293,376 | ---- | C] () -- C:\Users\BIOS\Desktop\gmer.exe
[2010/08/11 15:03:55 | 000,000,820 | ---- | C] () -- C:\Users\Public\Desktop\Malwarebytes' Anti-Malware.lnk
[2010/08/08 01:22:02 | 000,015,880 | ---- | C] () -- C:\Windows\System32\lsdelete.exe
[2010/08/08 00:00:04 | 000,001,009 | ---- | C] () -- C:\Users\Public\Desktop\Ad-Aware.lnk
[2010/08/04 09:36:25 | 000,400,684 | ---- | C] () -- C:\Users\BIOS\Desktop\RafordReport.zip
[2010/08/03 21:38:50 | 000,256,512 | ---- | C] () -- C:\Windows\PEV.exe
[2010/08/03 21:38:50 | 000,098,816 | ---- | C] () -- C:\Windows\sed.exe
[2010/08/03 21:38:50 | 000,080,412 | ---- | C] () -- C:\Windows\grep.exe
[2010/08/03 21:38:50 | 000,077,312 | ---- | C] () -- C:\Windows\MBR.exe
[2010/08/03 21:38:50 | 000,068,096 | ---- | C] () -- C:\Windows\zip.exe
[2010/08/03 21:35:21 | 003,816,460 | R--- | C] () -- C:\Users\BIOS\Desktop\etavaresCF.exe
[2010/08/03 12:15:55 | 000,000,740 | ---- | C] () -- C:\Users\BIOS\Application Data\Microsoft\Internet Explorer\Quick Launch\Opera.lnk
[2010/08/03 12:15:55 | 000,000,716 | ---- | C] () -- C:\Users\Public\Desktop\Opera.lnk
[2010/07/30 14:48:59 | 3219,050,496 | -HS- | C] () -- C:\hiberfil.sys
[2010/07/26 11:22:48 | 000,019,681 | ---- | C] () -- C:\Users\BIOS\Desktop\tripadvisor_trc.png
[2010/07/25 19:37:30 | 000,000,215 | ---- | C] () -- C:\Users\BIOS\Desktop\Supreme Commander 2.url
[2010/07/25 19:25:39 | 000,000,788 | ---- | C] () -- C:\Users\Public\Desktop\Steam.lnk
[2010/07/15 13:24:21 | 000,117,248 | ---- | C] () -- C:\Windows\System32\EhStorAuthn.dll
[2010/07/06 18:14:26 | 000,023,040 | ---- | C] () -- C:\Windows\System32\atitmpxx.dll
[2010/05/28 22:38:42 | 000,000,510 | ---- | C] () -- C:\Windows\ODBC.INI
[2010/05/26 22:48:24 | 000,876,544 | ---- | C] () -- C:\Windows\System32\TEACico2.dll
[2010/05/26 22:44:40 | 000,054,784 | ---- | C] () -- C:\Windows\System32\bcmwlrmt.dll
[2007/11/26 21:56:28 | 000,151,415 | ---- | C] () -- C:\Windows\System32\xlive.dll.cat
[2006/11/02 05:35:32 | 000,005,632 | ---- | C] () -- C:\Windows\System32\sysprepMCE.dll
[2006/11/02 00:40:29 | 000,013,750 | ---- | C] () -- C:\Windows\System32\pacerprf.ini
< End of report >


#10 myrti

myrti

    Sillyberry


  • Malware Study Hall Admin
  • 33,766 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:At home
  • Local time:01:01 AM

Posted 20 August 2010 - 01:38 PM

Hi,

did that fix the redirects?

regards myrti

is that a bird?  a plane? nooo it's the flying blueberry!

If I have been helping you and haven't replied in 2 days, feel free to shoot me a PM! Please don't send help request via PM, unless I am already helping you. Use the forums!

 

Follow BleepingComputer on: Facebook | Twitter | Google+


#11 sqybuzz

sqybuzz
  • Topic Starter

  • Members
  • 10 posts
  • OFFLINE
  •  
  • Local time:06:01 PM

Posted 20 August 2010 - 01:40 PM

I went to a site I couldn't load before and it loaded just fine. I was too suspecting it was a DNS issue. I'll keep and eye on it for a bit and let you know. Thank you so much!!

#12 myrti

myrti

    Sillyberry


  • Malware Study Hall Admin
  • 33,766 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:At home
  • Local time:01:01 AM

Posted 20 August 2010 - 01:44 PM

hi,

happy to hear that. :)Please run a scan with Eset to check for leftovers:
  1. Hold down Control and click on the following link to open ESET OnlineScan in a new window.
    ESET OnlineScan
  2. Click the button.
  3. For alternate browsers only: (Microsoft Internet Explorer users can skip these steps)
    1. Click on to download the ESET Smart Installer. Save it to your desktop.
    2. Double click on the icon on your desktop.
  4. Check
  5. Click the button.
  6. Accept any security warnings from your browser.
  7. Check
  8. Push the Start button.
  9. ESET will then download updates for itself, install itself, and begin scanning your computer. Please be patient as this can take some time.
  10. When the scan completes, push
  11. Push , and save the file to your desktop using a unique name, such as ESETScan. Include the contents of this report in your next reply.
  12. Push the button.
  13. Push

regards myrti

is that a bird?  a plane? nooo it's the flying blueberry!

If I have been helping you and haven't replied in 2 days, feel free to shoot me a PM! Please don't send help request via PM, unless I am already helping you. Use the forums!

 

Follow BleepingComputer on: Facebook | Twitter | Google+


#13 sqybuzz

sqybuzz
  • Topic Starter

  • Members
  • 10 posts
  • OFFLINE
  •  
  • Local time:06:01 PM

Posted 21 August 2010 - 08:58 PM

I'm sorry I spoke too soon. I was just redirected to: hxxp://comannet.com/continuecpapage.html when I was checking yahoo weather. Also when I replied to this thread a popup to hxxp://67.201.36.16/nolink.html loaded. I will run the eset scan meanwhile.

Also: hxxp://results.googleadservices.com/

Edited by myrti, 25 August 2010 - 03:13 AM.
disabled links


#14 sqybuzz

sqybuzz
  • Topic Starter

  • Members
  • 10 posts
  • OFFLINE
  •  
  • Local time:06:01 PM

Posted 22 August 2010 - 12:05 AM

ESET SCAN RESULTS

C:\Users\BIOS\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\2\2ccbb382-1df4bd79 multiple threats deleted - quarantined


#15 myrti

myrti

    Sillyberry


  • Malware Study Hall Admin
  • 33,766 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:At home
  • Local time:01:01 AM

Posted 25 August 2010 - 03:14 AM

Hi,

it could be that your router is infected:
Router Reset
  • Please read this: Malware Silently Alters Wireless Router Settings

  • Consult this link to find out what is the default username and password of your router and note down them: Route Passwords

  • Then rest your router to it's factory default settings:

    QUOTE
    "If your machine has been infected by one of these Zlob/DNSchanger Trojans, and your router settings have been altered, I would strongly recommend that you reset the router to its default configuration. Usually, this can be done by inserting something tiny like a paper clip end or pencil tip into a small hole labeled "reset" located on the back of the router. Press and hold down the small button inside until the lights on the front of the router blink off and then on again (usually about 10 seconds)"


  • This is the difficult part.
    First get to the routers server. To do that type http:\\192.168.1.1 in the address bar and click Enter. You get the log in window.
    Fill in the password you have already found and you will get the configuration page.
    Configure the router to allow you to connect to your ISP server. In some routers it is done by a setup wizard. But you have to fill in the log in password your ISP has initially given to you.
    You can also call your ISP if you don't have your initial password.
    Don't forget to change the routers default password and set a strong password. Note down the password and keep it somewhere for future reference.

  • Please make sure of the following settings:
    • Go to start => Control panel => Double-click Network and Sharing Center.
    • In the left window select Manage network Connection.
    • In the right window right-click Local Area connection and select Properties .
    • Internet Protocol Version 6 (IP6v) should be checked. Double-click on it: Make sure of the following settings:
    • The option Obtain an IP address automatically should be checked.
    • The option Obtain DNS server address automatically should be checked.
    • Click OK.
    • Internet Protocol Version 4 (IP4v) should be checked. Double-click on it.[list]
    • The option Obtain an IP address automatically should be checked.
    • The option Obtain DNS server address automatically should be checked.
  • Click OK twice.
  • If you should change any setting reboot the computer.

Please observe and let me know if the redirects stop.
regards myrti

Edited by myrti, 25 August 2010 - 03:14 AM.

is that a bird?  a plane? nooo it's the flying blueberry!

If I have been helping you and haven't replied in 2 days, feel free to shoot me a PM! Please don't send help request via PM, unless I am already helping you. Use the forums!

 

Follow BleepingComputer on: Facebook | Twitter | Google+





0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users