Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Trojan horse Patched_c.IWO


  • This topic is locked This topic is locked
26 replies to this topic

#1 hobyman

hobyman

  • Members
  • 13 posts
  • OFFLINE
  •  
  • Local time:05:22 PM

Posted 08 September 2010 - 02:19 AM

Hello there. My AVG 9.0 has alerted me that I have an infection of "Patched_c.IWO" in c:\windows\system32\wininit.exe. I've run Malware (full, paid version) and no infections are found. AVG is unable to remove the infection because the file is white-listed. Please assist. Thanks!



DDS (Ver_10-03-17.01) - NTFSx86
Run by User at 23:53:30.78 on Tue 09/07/2010
Internet Explorer: 8.0.7600.16385 BrowserJavaVersion: 1.6.0_18
Microsoft Windows 7 Ultimate 6.1.7600.0.1252.1.1033.18.3071.1789 [GMT -7:00]


============== Running Processes ===============

C:\Windows\system32\wininit.exe
C:\Program Files\AVG\AVG9\avgchsvx.exe
C:\Program Files\AVG\AVG9\avgrsx.exe
C:\Program Files\AVG\AVG9\avgcsrvx.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\nvvsvc.exe
C:\Windows\system32\svchost.exe -k RPCSS
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Program Files\Creative\Shared Files\CTAudSvc.exe
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\nvvsvc.exe
C:\Windows\system32\svchost.exe -k NetworkService
C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Windows\system32\taskhost.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\AVG\AVG9\avgwdsvc.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Program Files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe
C:\Program Files\Adobe\Acrobat 9.0\Acrobat\acrotray.exe
C:\Windows\SOUNDMAN.EXE
C:\Program Files\OO Software\Defrag\oodag.exe
C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe
C:\Program Files\OO Software\Defrag\oodtray.exe
C:\Program Files\Google\Google Talk\googletalk.exe
C:\Program Files\Common Files\Java\Java Update\jusched.exe
C:\Program Files\AVG\AVG9\avgtray.exe
C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe
C:\Program Files\CyberLink\Shared files\RichVideo.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Windows\system32\svchost.exe -k imgsvc
C:\Program Files\AVG\AVG9\avgnsx.exe
C:\Windows\system32\wbem\unsecapp.exe
C:\Program Files\PeerBlock\peerblock.exe
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\Windows\system32\wbem\wmiprvse.exe
C:\Windows\system32\WUDFHost.exe
C:\Users\User\AppData\Local\Apps\2.0\Z6R1L6E0.0YW\LHY18LDN.OXZ\curs..tion_eee711038731a406_0004.0000_172b37d8269e5e48\CurseClient.exe
C:\Windows\system32\SearchIndexer.exe
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\Windows\System32\svchost.exe -k LocalServicePeerNet
C:\Users\User\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Program Files\Lavasoft\Ad-Aware\AAWTray.exe
C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe
C:\Users\User\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\User\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Program Files\Common Files\Java\Java Update\jucheck.exe
C:\Users\User\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\User\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\User\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\User\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\User\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Windows\system32\AUDIODG.EXE
C:\Windows\system32\SearchProtocolHost.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Users\User\Downloads\dds.scr
C:\Windows\system32\conhost.exe
C:\Windows\system32\wbem\wmiprvse.exe

============== Pseudo HJT Report ===============

uInternet Settings,ProxyOverride = <local>
uInternet Settings,ProxyServer = http=127.0.0.1:6522
BHO: {0B1B0D47-95F7-4bad-9309-A945B655AE61} - No File
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll
BHO: AVG Safe Search: {3ca2f312-6f6e-4b53-a66e-4e65e497c8c0} - c:\program files\avg\avg9\avgssie.dll
BHO: Groove GFS Browser Helper: {72853161-30c5-4d22-b7f9-0bbc1d38a37e} - c:\program files\microsoft office\office12\GrooveShellExtensions.dll
BHO: Adobe PDF Conversion Toolbar Helper: {ae7cd045-e861-484f-8273-0445ee161910} - c:\program files\common files\adobe\acrobat\activex\AcroIEFavClient.dll
BHO: Java™ Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
BHO: SmartSelect Class: {f4971ee7-daa0-4053-9964-665d8ee6a077} - c:\program files\common files\adobe\acrobat\activex\AcroIEFavClient.dll
TB: Adobe PDF: {47833539-d0c5-4125-9fa8-0819e2eaac93} - c:\program files\common files\adobe\acrobat\activex\AcroIEFavClient.dll
TB: NaturalReader.IEbar: {bcbf738c-4891-4b9a-959a-c6bf7f608c3a} - c:\program files\naturalsoft\naturalreader7\NVRIEbar.dll
TB: {D4027C7F-154A-4066-A1AD-4243D8127440} - No File
uRun: [Sidebar] c:\program files\windows sidebar\sidebar.exe /autoRun
uRun: [Google Update] "c:\users\user\appdata\local\google\update\GoogleUpdate.exe" /c
uRun: [PeerBlock] c:\program files\peerblock\peerblock.exe
mRun: [<NO NAME>]
mRun: [Acrobat Assistant 8.0] "c:\program files\adobe\acrobat 9.0\acrobat\Acrotray.exe"
mRun: [SoundMan] SOUNDMAN.EXE
mRun: [GrooveMonitor] "c:\program files\microsoft office\office12\GrooveMonitor.exe"
mRun: [OODefragTray] c:\program files\oo software\defrag\oodtray.exe
mRun: [UpdatePDRShortCut] "c:\program files\cyberlink\powerdirector\muitransfer\muistartmenu.exe" "c:\program files\cyberlink\powerdirector" updatewithcreateonce "software\cyberlink\powerdirector\8.0"
mRun: [googletalk] c:\program files\google\google talk\googletalk.exe /autostart
mRun: [SunJavaUpdateSched] "c:\program files\common files\java\java update\jusched.exe"
mRun: [AVG9_TRAY] c:\progra~1\avg\avg9\avgtray.exe
mRun: [Malwarebytes' Anti-Malware] "c:\program files\malwarebytes' anti-malware\mbamgui.exe" /starttray
StartupFolder: c:\users\user\appdata\roaming\microsoft\windows\start menu\programs\startup\CurseClientStartup.ccip
mPolicies-system: ConsentPromptBehaviorAdmin = 0 (0x0)
mPolicies-system: ConsentPromptBehaviorUser = 3 (0x3)
mPolicies-system: EnableLUA = 0 (0x0)
mPolicies-system: EnableUIADesktopToggle = 0 (0x0)
mPolicies-system: PromptOnSecureDesktop = 0 (0x0)
IE: Append Link Target to Existing PDF - c:\program files\common files\adobe\acrobat\activex\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
IE: Append to Existing PDF - c:\program files\common files\adobe\acrobat\activex\AcroIEFavClient.dll/AcroIEAppend.html
IE: Convert Link Target to Adobe PDF - c:\program files\common files\adobe\acrobat\activex\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
IE: Convert to Adobe PDF - c:\program files\common files\adobe\acrobat\activex\AcroIEFavClient.dll/AcroIECapture.html
IE: E&xport to Microsoft Excel - c:\progra~1\micros~2\office12\EXCEL.EXE/3000
IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - c:\progra~1\micros~2\office12\ONBttnIE.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~2\office12\REFIEBAR.DLL
DPF: {0067DBFC-A752-458C-AE6E-B9C7E63D4824} - hxxp://www.logitech.com/devicedetector/plugins/LogitechDeviceDetection32.cab
DPF: {83A4D5A6-E2C1-4EDD-AD48-1A1C50BD06EF} - hxxp://www.bearbook.com/WebResource.axd?d=3LyxKpRiDMO9WBglmpCrXqANufuc6xt4cWD3JwC0hTC36uMCOPYsETjQK-yIn8gndxqQSmjbfLcv265-9M15L-o4aSFQhBwWFVergK51b601&t=634187939332716250
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_18-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0018-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_18-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_18-windows-i586.cab
Handler: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - c:\program files\microsoft office\office12\GrooveSystemServices.dll
Handler: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - c:\program files\avg\avg9\avgpp.dll
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - c:\progra~1\common~1\skype\SKYPE4~1.DLL
AppInit_DLLs: acaptuser32.dll,avgrsstx.dll
SEH: Groove GFS Stub Execution Hook: {b5a7f190-dda6-4420-b3ba-52453494e6cd} - c:\program files\microsoft office\office12\GrooveShellExtensions.dll

================= FIREFOX ===================

FF - ProfilePath - c:\users\user\appdata\roaming\mozilla\firefox\profiles\46oz1h7i.default\
FF - prefs.js: browser.startup.homepage - hxxp://www.wow.com/
FF - prefs.js: keyword.URL - hxxp://www.google.com/search?ie=UTF-8&oe=UTF-8&sourceid=navclient&gfns=1&q=
FF - component: c:\program files\avg\avg9\firefox\components\avgssff.dll
FF - component: c:\program files\mozilla firefox\extensions\{ab2ce124-6272-4b12-94a9-7303c7397bd1}\components\SkypeFfComponent.dll
FF - plugin: c:\program files\google\google earth\plugin\npgeplugin.dll
FF - plugin: c:\program files\google\update\1.2.183.29\npGoogleOneClick8.dll
FF - plugin: c:\program files\mozilla firefox\plugins\npdnu.dll
FF - plugin: c:\program files\mozilla firefox\plugins\npdnupdater2.dll
FF - plugin: c:\program files\mozilla firefox\plugins\npwachk.dll
FF - plugin: c:\users\user\appdata\local\google\update\1.2.183.29\npGoogleOneClick8.dll
FF - HiddenExtension: Java Console: No Registry Reference - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0018-ABCDEFFEDCBA}

---- FIREFOX POLICIES ----
FF - user.js: network.protocol-handler.warn-external.dnupdate - false
FF - user.js: search.clsid - {061B59D8-D826-4C4D-8FDE-2925E844AD93}
FF - user.js: search.sid - 15101055100
FF - user.js: extensions.newAddons - falsec:\program files\mozilla firefox\greprefs\all.js - pref("ui.use_native_colors", true);
c:\program files\mozilla firefox\greprefs\all.js - pref("ui.use_native_popup_windows", false);
c:\program files\mozilla firefox\greprefs\all.js - pref("browser.enable_click_image_resizing", true);
c:\program files\mozilla firefox\greprefs\all.js - pref("accessibility.browsewithcaret_shortcut.enabled", true);
c:\program files\mozilla firefox\greprefs\all.js - pref("javascript.options.mem.high_water_mark", 32);
c:\program files\mozilla firefox\greprefs\all.js - pref("javascript.options.mem.gc_frequency", 1600);
c:\program files\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.lu", true);
c:\program files\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.nu", true);
c:\program files\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.nz", true);
c:\program files\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgbaam7a8h", true);
c:\program files\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgberp4a5d4ar", true);
c:\program files\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--p1ai", true);
c:\program files\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgbayh7gpa", true);
c:\program files\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.tel", true);
c:\program files\mozilla firefox\greprefs\all.js - pref("network.auth.force-generic-ntlm", false);
c:\program files\mozilla firefox\greprefs\all.js - pref("network.proxy.type", 5);
c:\program files\mozilla firefox\greprefs\all.js - pref("network.buffer.cache.count", 24);
c:\program files\mozilla firefox\greprefs\all.js - pref("network.buffer.cache.size", 4096);
c:\program files\mozilla firefox\greprefs\all.js - pref("dom.ipc.plugins.timeoutSecs", 45);
c:\program files\mozilla firefox\greprefs\all.js - pref("svg.smil.enabled", false);
c:\program files\mozilla firefox\greprefs\all.js - pref("ui.trackpoint_hack.enabled", -1);
c:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.debug", false);
c:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.agedWeight", 2);
c:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.bucketSize", 1);
c:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.maxTimeGroupings", 25);
c:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.timeGroupingSize", 604800);
c:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.boundaryWeight", 25);
c:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.prefixWeight", 5);
c:\program files\mozilla firefox\greprefs\all.js - pref("accelerometer.enabled", true);
c:\program files\mozilla firefox\greprefs\all.js - pref("html5.enable", false);
c:\program files\mozilla firefox\greprefs\security-prefs.js - pref("security.ssl.allow_unrestricted_renego_everywhere__temporarily_available_pref", true);
c:\program files\mozilla firefox\greprefs\security-prefs.js - pref("security.ssl.renego_unrestricted_hosts", "");
c:\program files\mozilla firefox\greprefs\security-prefs.js - pref("security.ssl.treat_unsafe_negotiation_as_broken", false);
c:\program files\mozilla firefox\greprefs\security-prefs.js - pref("security.ssl.require_safe_negotiation", false);
c:\program files\mozilla firefox\greprefs\security-prefs.js - pref("security.ssl3.rsa_seed_sha", true);
c:\program files\mozilla firefox\defaults\pref\firefox-branding.js - pref("app.update.download.backgroundInterval", 600);
c:\program files\mozilla firefox\defaults\pref\firefox-branding.js - pref("app.update.url.manual", "http://www.firefox.com");
c:\program files\mozilla firefox\defaults\pref\firefox-branding.js - pref("browser.search.param.yahoo-fr-ja", "mozff");
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.name", "chrome://browser/locale/browser.properties");
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.description", "chrome://browser/locale/browser.properties");
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("xpinstall.whitelist.add", "addons.mozilla.org");
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("xpinstall.whitelist.add.36", "getpersonas.com");
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("lightweightThemes.update.enabled", true);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("browser.allTabs.previews", false);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("plugins.hide_infobar_for_outdated_plugin", false);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("plugins.update.notifyUser", false);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("toolbar.customization.usesheet", false);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled.nptest.dll", true);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled.npswf32.dll", true);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled.npctrl.dll", true);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled.npqtplugin.dll", true);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled", false);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("browser.taskbar.previews.enable", false);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("browser.taskbar.previews.max", 20);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("browser.taskbar.previews.cachetime", 20);

============= SERVICES / DRIVERS ===============

R0 Lbd;Lbd;c:\windows\system32\drivers\Lbd.sys [2010-6-6 64288]
R1 AvgLdx86;AVG Free AVI Loader Driver x86;c:\windows\system32\drivers\avgldx86.sys [2010-8-19 216400]
R1 AvgMfx86;AVG Free On-access Scanner Minifilter Driver x86;c:\windows\system32\drivers\avgmfx86.sys [2010-8-19 29584]
R1 AvgTdiX;AVG Free Network Redirector;c:\windows\system32\drivers\avgtdix.sys [2010-8-19 243024]
R2 avg9wd;AVG Free WatchDog;c:\program files\avg\avg9\avgwdsvc.exe [2010-8-19 308136]
R2 Lavasoft Ad-Aware Service;Lavasoft Ad-Aware Service;c:\program files\lavasoft\ad-aware\AAWService.exe [2010-2-4 1352832]
R2 MBAMService;MBAMService;c:\program files\malwarebytes' anti-malware\mbamservice.exe [2010-8-21 304464]
R3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [2010-8-21 20952]
R3 pbfilter;pbfilter;c:\program files\peerblock\pbfilter.sys [2010-8-15 16472]
S2 gupdate;Google Update Service (gupdate);c:\program files\google\update\GoogleUpdate.exe [2010-5-17 136176]
S3 b57nd60x;Broadcom NetXtreme Gigabit Ethernet - NDIS 6.0;c:\windows\system32\drivers\b57nd60x.sys [2009-7-13 229888]
S3 Creative ALchemy AL6 Licensing Service;Creative ALchemy AL6 Licensing Service;c:\program files\common files\creative labs shared\service\AL6Licensing.exe [2010-4-12 79360]
S3 Creative Audio Engine Licensing Service;Creative Audio Engine Licensing Service;c:\program files\common files\creative labs shared\service\CTAELicensing.exe [2010-4-12 79360]
S3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\wat\WatAdminSvc.exe [2010-6-2 1343400]
S3 WRfiltv;WRfiltv;c:\windows\system32\drivers\WRfiltv.sys [2010-4-12 17920]

=============== Created Last 30 ================

2010-09-08 06:52:48 0 ----a-w- c:\users\user\defogger_reenable
2010-09-08 04:15:20 0 d-----w- c:\program files\Sophos
2010-08-25 23:18:52 0 d--h--w- C:\$AVG
2010-08-25 23:18:32 0 d-----w- c:\programdata\Update
2010-08-21 21:51:57 0 d-----w- c:\users\user\appdata\roaming\Malwarebytes
2010-08-21 21:51:50 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2010-08-21 21:51:49 20952 ----a-w- c:\windows\system32\drivers\mbam.sys
2010-08-21 21:51:49 0 d-----w- c:\programdata\Malwarebytes
2010-08-21 21:51:49 0 d-----w- c:\program files\Malwarebytes' Anti-Malware
2010-08-19 19:31:38 12536 ----a-w- c:\windows\system32\avgrsstx.dll
2010-08-19 19:31:36 243024 ----a-w- c:\windows\system32\drivers\avgtdix.sys
2010-08-19 19:31:34 216400 ----a-w- c:\windows\system32\drivers\avgldx86.sys
2010-08-19 19:31:28 0 d-----w- c:\windows\system32\drivers\Avg
2010-08-19 19:29:49 65536 --sha-w- c:\users\user\ntuser.dat{08a2b40c-abc8-11df-91cf-c55eaca8e1e0}.TM.blf
2010-08-19 19:29:49 524288 --sha-w- c:\users\user\ntuser.dat{08a2b40c-abc8-11df-91cf-c55eaca8e1e0}.TMContainer00000000000000000002.regtrans-ms
2010-08-19 19:29:49 524288 --sha-w- c:\users\user\ntuser.dat{08a2b40c-abc8-11df-91cf-c55eaca8e1e0}.TMContainer00000000000000000001.regtrans-ms
2010-08-19 19:02:13 0 d-----w- c:\program files\AVG
2010-08-19 19:02:12 0 d-----w- c:\programdata\avg9
2010-08-19 18:35:24 5 ----a-w- C:\zrpt.xml
2010-08-16 05:53:47 0 d-----w- c:\program files\PeerBlock
2010-08-16 05:45:51 0 d-----w- c:\program files\PeerGuardian2

==================== Find3M ====================

2009-07-14 04:56:42 31548 ----a-w- c:\windows\inf\perflib\0409\perfd.dat
2009-07-14 04:56:42 31548 ----a-w- c:\windows\inf\perflib\0409\perfc.dat
2009-07-14 04:56:42 291294 ----a-w- c:\windows\inf\perflib\0409\perfi.dat
2009-07-14 04:56:42 291294 ----a-w- c:\windows\inf\perflib\0409\perfh.dat
2009-07-14 04:41:57 174 --sha-w- c:\program files\desktop.ini
2009-07-14 00:34:40 291294 ----a-w- c:\windows\inf\perflib\0000\perfi.dat
2009-07-14 00:34:40 291294 ----a-w- c:\windows\inf\perflib\0000\perfh.dat
2009-07-14 00:34:38 31548 ----a-w- c:\windows\inf\perflib\0000\perfd.dat
2009-07-14 00:34:38 31548 ----a-w- c:\windows\inf\perflib\0000\perfc.dat
2009-06-10 21:26:35 9633792 --sha-r- c:\windows\fonts\StaticCache.dat
2010-06-03 16:35:16 245760 --sha-w- c:\windows\serviceprofiles\localservice\appdata\roaming\microsoft\windows\ietldcache\index.dat
2010-02-18 04:57:08 245760 --sha-w- c:\windows\serviceprofiles\networkservice\appdata\roaming\microsoft\windows\ietldcache\index.dat
2009-07-14 01:14:45 396800 --sha-w- c:\windows\winsxs\x86_microsoft-windows-mail-app_31bf3856ad364e35_6.1.7600.16385_none_f12e83abb108c86c\WinMail.exe

============= FINISH: 23:54:16.51 ===============

Attached Files



BC AdBot (Login to Remove)

 


#2 etavares

etavares

    Bleepin' Remover


  • Malware Response Team
  • 15,514 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:08:22 PM

Posted 13 September 2010 - 06:28 PM

Hello and welcome to Bleeping Computer

We apologize for the delay in responding to your request for help. Here at Bleeping Computer we get overwhelmed at times, and we are trying our best to keep up. Please note that your topic was not intentionally overlooked. Our mission is to help everyone in need, but sometimes it takes just a little longer to get to every request for help. No one is ignored here.

If you have since resolved the original problem you were having, we would appreciate you letting us know. If not please perform the following steps below so we can have a look at the current condition of your machine.

If you have not done so, include a clear description of the problems you're having, along with any steps you may have performed so far.

Please refrain from running tools or applying updates other than those we suggest while we are cleaning up your computer. The reason for this is so we know what is going on with the machine at any time. Some programs can interfere with others and hamper the recovery process. Please also continue to work with me until I give you the all clear. Even if your computer appears to act better, you may still be infected.

Even if you have already provided information about your PC, we need a new log to see what has changed since you originally posted your problem.

Once we start working together, please reply back within 3 days or this thread may be closed so we can help others who are waiting.

We need to create an OTL report,
  • Please download OTL from this link.
  • Save it to your desktop.
  • Double click on the icon on your desktop.
  • Click the "Scan All Users" checkbox.
  • Under the Custom Scan box paste this in:

    netsvcs
    msconfig
    drivers32 /all
    %systemroot%\system32\*.dll /lockedfiles
    %systemroot%\system32\*.sys /90
    %systemroot%\Tasks\*.job /lockedfiles
    %systemroot%\System32\config\*.sav
    %SYSTEMDRIVE%\*.*
    %systemroot%\system32\Spool\prtprocs\w32x86\*.dll
    %systemroot%\*. /mp /s
    /md5start
    eventlog.dll
    scecli.dll
    netlogon.dll
    cngaudit.dll
    sceclt.dll
    ntelogon.dll
    logevent.dll
    iaStor.sys
    nvstor.sys
    atapi.sys
    IdeChnDr.sys
    viasraid.sys
    AGP440.sys
    vaxscsi.sys
    nvatabus.sys
    viamraid.sys
    nvata.sys
    nvgts.sys
    iastorv.sys
    ViPrt.sys
    eNetHook.dll
    ahcix86.sys
    KR10N.sys
    nvstor32
    ahcix86s.sys
    nvrd32.sys
    user32.dll
    ws2_32.dll
    /md5stop
    %systemroot%\*. /mp /s
    HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate\AU
    CREATERESTOREPOINT

  • Click the Quick Scan button.
  • The scan should take a few minutes.
  • Please copy and paste both logs in your reply.


In your reply, please post both OTL logs.


If I don't respond within 2 days, please feel free to PM me.
Please don't ask for help via PM. The forums are there for a reason. Please post in the forums so others may benefit as well.

Posted Image
Unified Network of Instructors and Trusted Eliminators
 


#3 hobyman

hobyman
  • Topic Starter

  • Members
  • 13 posts
  • OFFLINE
  •  
  • Local time:05:22 PM

Posted 13 September 2010 - 07:35 PM

Hello there. Since the initial post, I began getting blue screens of death until finally, my computer would no longer boot into windows. The computer restored itself to an earlier configuration and I'm no longer being alerted to infections of 'Trojan Horse Patched_c.IWO,' though Malwarebytes still alerts me to spyware activity from seupd.exe and then quarantines the file. I've attached the two new OTL logs. Thanks for your help!


OTL logfile created on: 9/13/2010 5:20:52 PM - Run 1
OTL by OldTimer - Version 3.2.12.0 Folder = C:\Users\User\Desktop
Ultimate Edition (Version = 6.1.7600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.7600.16385)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

3.00 Gb Total Physical Memory | 1.00 Gb Available Physical Memory | 48.00% Memory free
6.00 Gb Paging File | 4.00 Gb Available in Paging File | 70.00% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 232.79 Gb Total Space | 2.23 Gb Free Space | 0.96% Space Free | Partition Type: NTFS
D: Drive not present or media not loaded
E: Drive not present or media not loaded
Drive F: | 7.45 Gb Total Space | 0.90 Gb Free Space | 12.08% Space Free | Partition Type: FAT32
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded

Computer Name: USER-PC
Current User Name: User
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: All users
Company Name Whitelist: On
Skip Microsoft Files: On
File Age = 90 Days
Output = Standard
Quick Scan

========== Processes (SafeList) ==========

PRC - [2010/09/13 17:19:50 | 000,576,000 | ---- | M] (OldTimer Tools) -- C:\Users\User\Desktop\OTL.exe
PRC - [2010/09/10 12:46:21 | 002,969,496 | ---- | M] () -- C:\Program Files\Pando Networks\Media Booster\PMB.exe
PRC - [2010/09/09 15:50:22 | 000,328,568 | ---- | M] (BitTorrent, Inc.) -- C:\Program Files\uTorrent\uTorrent.exe
PRC - [2010/08/19 12:31:28 | 001,101,152 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG9\avgchsvx.exe
PRC - [2010/08/19 12:31:28 | 000,723,296 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG9\avgcsrvx.exe
PRC - [2010/08/19 12:31:28 | 000,620,896 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG9\avgnsx.exe
PRC - [2010/08/19 12:31:28 | 000,515,424 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG9\avgrsx.exe
PRC - [2010/08/19 12:31:27 | 002,065,760 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG9\avgtray.exe
PRC - [2010/08/19 12:31:27 | 000,308,136 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG9\avgwdsvc.exe
PRC - [2010/08/17 18:58:17 | 000,945,720 | ---- | M] (Google Inc.) -- C:\Users\User\AppData\Local\Google\Chrome\Application\chrome.exe
PRC - [2010/04/29 15:39:34 | 000,304,464 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe
PRC - [2010/04/29 15:39:32 | 000,437,584 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe
PRC - [2010/04/03 16:44:26 | 000,640,440 | ---- | M] (Adobe Systems Inc.) -- C:\Program Files\Adobe\Acrobat 9.0\Acrobat\acrotray.exe
PRC - [2010/01/11 15:21:52 | 000,490,216 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\Common Files\Java\Java Update\jucheck.exe
PRC - [2009/10/30 22:45:39 | 002,614,272 | ---- | M] (Microsoft Corporation) -- C:\Windows\explorer.exe
PRC - [2009/10/07 01:47:34 | 000,154,136 | ---- | M] (Logitech Inc.) -- C:\Program Files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe
PRC - [2009/09/28 02:02:42 | 001,529,432 | ---- | M] (PeerBlock, LLC) -- C:\Program Files\PeerBlock\peerblock.exe
PRC - [2009/09/12 00:34:12 | 001,488,128 | ---- | M] (O&O Software GmbH) -- C:\Program Files\OO Software\Defrag\oodag.exe
PRC - [2009/09/12 00:34:00 | 002,524,416 | ---- | M] (O&O Software GmbH) -- C:\Program Files\OO Software\Defrag\oodtray.exe
PRC - [2009/08/28 19:45:56 | 000,286,720 | ---- | M] (Creative Technology Ltd) -- C:\Program Files\Creative\Shared Files\CTAudSvc.exe
PRC - [2009/07/13 18:14:42 | 000,049,152 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\taskhost.exe
PRC - [2009/04/14 07:43:42 | 000,604,704 | ---- | M] (Realtek Semiconductor Corp.) -- C:\Windows\SOUNDMAN.EXE
PRC - [2007/01/01 14:22:02 | 003,739,648 | ---- | M] (Google) -- C:\Program Files\Google\Google Talk\googletalk.exe


========== Modules (SafeList) ==========

MOD - [2010/09/13 17:19:50 | 000,576,000 | ---- | M] (OldTimer Tools) -- C:\Users\User\Desktop\OTL.exe
MOD - [2010/08/19 12:31:38 | 000,012,536 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Windows\System32\avgrsstx.dll
MOD - [2009/07/13 18:16:15 | 000,099,840 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\sspicli.dll
MOD - [2009/07/13 18:16:13 | 000,092,160 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\sechost.dll
MOD - [2009/07/13 18:16:12 | 000,031,744 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\profapi.dll
MOD - [2009/07/13 18:15:35 | 000,288,256 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\KernelBase.dll
MOD - [2009/07/13 18:15:13 | 000,067,072 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\dwmapi.dll
MOD - [2009/07/13 18:15:11 | 000,064,512 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\devobj.dll
MOD - [2009/07/13 18:15:07 | 000,036,864 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\cryptbase.dll
MOD - [2009/07/13 18:15:02 | 000,145,920 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\cfgmgr32.dll
MOD - [2009/07/13 18:14:10 | 000,095,232 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\msscript.ocx
MOD - [2009/07/13 18:03:50 | 001,680,896 | ---- | M] (Microsoft Corporation) -- C:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7600.16385_none_421189da2b7fabfc\comctl32.dll


========== Win32 Services (SafeList) ==========

SRV - [2010/08/19 12:31:27 | 000,308,136 | ---- | M] (AVG Technologies CZ, s.r.o.) [Auto | Running] -- C:\Program Files\AVG\AVG9\avgwdsvc.exe -- (avg9wd)
SRV - [2010/06/02 17:07:07 | 001,343,400 | ---- | M] (Microsoft Corporation) [Unknown | Stopped] -- C:\Windows\System32\Wat\WatAdminSvc.exe -- (WatAdminSvc)
SRV - [2010/04/29 15:39:34 | 000,304,464 | ---- | M] (Malwarebytes Corporation) [Auto | Running] -- C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe -- (MBAMService)
SRV - [2010/04/12 15:31:46 | 000,079,360 | ---- | M] (Creative Labs) [On_Demand | Stopped] -- C:\Program Files\Common Files\Creative Labs Shared\Service\CTAELicensing.exe -- (Creative Audio Engine Licensing Service)
SRV - [2010/04/12 15:31:26 | 000,079,360 | ---- | M] (Creative Labs) [On_Demand | Stopped] -- C:\Program Files\Common Files\Creative Labs Shared\Service\AL6Licensing.exe -- (Creative ALchemy AL6 Licensing Service)
SRV - [2010/02/21 22:19:42 | 000,655,624 | ---- | M] (Acresso Software Inc.) [On_Demand | Stopped] -- C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe -- (FLEXnet Licensing Service)
SRV - [2009/10/07 01:47:34 | 000,154,136 | ---- | M] (Logitech Inc.) [Auto | Running] -- C:\Program Files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe -- (LVPrcSrv)
SRV - [2009/09/12 00:34:12 | 001,488,128 | ---- | M] (O&O Software GmbH) [Auto | Running] -- C:\Program Files\OO Software\Defrag\oodag.exe -- (O&O Defrag)
SRV - [2009/08/28 19:45:56 | 000,286,720 | ---- | M] (Creative Technology Ltd) [Auto | Running] -- C:\Program Files\Creative\Shared Files\CTAudSvc.exe -- (CTAudSvcService)
SRV - [2009/07/13 18:16:21 | 000,185,856 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\wwansvc.dll -- (WwanSvc)
SRV - [2009/07/13 18:16:17 | 000,151,552 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\wbiosrvc.dll -- (WbioSrvc)
SRV - [2009/07/13 18:16:17 | 000,119,808 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\System32\umpo.dll -- (Power)
SRV - [2009/07/13 18:16:16 | 000,037,376 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\System32\themeservice.dll -- (Themes)
SRV - [2009/07/13 18:16:15 | 000,053,760 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\sppuinotify.dll -- (sppuinotify)
SRV - [2009/07/13 18:16:13 | 000,043,520 | ---- | M] (Microsoft Corporation) [Unknown | Running] -- C:\Windows\System32\RpcEpMap.dll -- (RpcEptMapper)
SRV - [2009/07/13 18:16:13 | 000,025,088 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\sensrsvc.dll -- (SensrSvc)
SRV - [2009/07/13 18:16:12 | 001,004,544 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\PeerDistSvc.dll -- (PeerDistSvc)
SRV - [2009/07/13 18:16:12 | 000,269,824 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Windows\System32\pnrpsvc.dll -- (PNRPsvc)
SRV - [2009/07/13 18:16:12 | 000,269,824 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Windows\System32\pnrpsvc.dll -- (p2pimsvc)
SRV - [2009/07/13 18:16:12 | 000,165,376 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Windows\System32\provsvc.dll -- (HomeGroupProvider)
SRV - [2009/07/13 18:16:12 | 000,020,480 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\pnrpauto.dll -- (PNRPAutoReg)
SRV - [2009/07/13 18:15:41 | 000,680,960 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
SRV - [2009/07/13 18:15:36 | 000,194,560 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Windows\System32\ListSvc.dll -- (HomeGroupListener)
SRV - [2009/07/13 18:15:21 | 000,797,696 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\FntCache.dll -- (FontCache)
SRV - [2009/07/13 18:15:11 | 000,253,440 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\System32\dhcpcore.dll -- (Dhcp)
SRV - [2009/07/13 18:15:10 | 000,218,624 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\defragsvc.dll -- (defragsvc)
SRV - [2009/07/13 18:14:59 | 000,076,800 | ---- | M] (Microsoft Corporation) [Unknown | Stopped] -- C:\Windows\System32\bdesvc.dll -- (BDESVC)
SRV - [2009/07/13 18:14:58 | 000,088,064 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\AxInstSv.dll -- (AxInstSV) ActiveX Installer (AxInstSV)
SRV - [2009/07/13 18:14:53 | 000,027,648 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\appidsvc.dll -- (AppIDSvc)
SRV - [2009/07/13 18:14:29 | 003,179,520 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\sppsvc.exe -- (sppsvc)


========== Driver Services (SafeList) ==========

DRV - File not found [Kernel | On_Demand | Stopped] -- C:\Program Files\PeerGuardian2\pgfilter.sys -- (pgfilter)
DRV - File not found [Kernel | On_Demand | Stopped] -- C:\Windows\System32\F41F.tmp -- (MEMSWEEP2)
DRV - File not found [File_System | Boot | Stopped] -- C:\Windows\System32\DRIVERS\Lbd.sys -- (Lbd)
DRV - [2010/08/19 12:31:36 | 000,243,024 | ---- | M] (AVG Technologies CZ, s.r.o.) [Kernel | System | Running] -- C:\Windows\System32\drivers\avgtdix.sys -- (AvgTdiX)
DRV - [2010/08/19 12:31:34 | 000,216,400 | ---- | M] (AVG Technologies CZ, s.r.o.) [Kernel | System | Running] -- C:\Windows\System32\drivers\avgldx86.sys -- (AvgLdx86)
DRV - [2010/08/19 12:31:29 | 000,029,584 | ---- | M] (AVG Technologies CZ, s.r.o.) [File_System | System | Running] -- C:\Windows\System32\drivers\avgmfx86.sys -- (AvgMfx86)
DRV - [2010/04/29 15:39:26 | 000,020,952 | ---- | M] (Malwarebytes Corporation) [File_System | On_Demand | Running] -- C:\Windows\System32\drivers\mbam.sys -- (MBAMProtector)
DRV - [2010/01/11 21:03:33 | 011,586,280 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\nvlddmkm.sys -- (nvlddmkm)
DRV - [2009/12/11 00:44:02 | 000,133,720 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\System32\Drivers\ksecpkg.sys -- (KSecPkg)
DRV - [2009/10/07 01:46:36 | 000,025,752 | ---- | M] () [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\LVPr2Mon.sys -- (LVPr2Mon)
DRV - [2009/09/28 02:02:42 | 000,016,472 | ---- | M] () [Kernel | On_Demand | Running] -- C:\Program Files\PeerBlock\pbfilter.sys -- (pbfilter)
DRV - [2009/07/31 11:39:58 | 000,017,920 | ---- | M] (Creative Technology Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\WRfiltv.sys -- (WRfiltv)
DRV - [2009/07/13 18:26:21 | 000,015,952 | ---- | M] (CMD Technology, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\cmdide.sys -- (cmdide)
DRV - [2009/07/13 18:26:17 | 000,297,552 | ---- | M] (Adaptec, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\adpahci.sys -- (adpahci)
DRV - [2009/07/13 18:26:15 | 000,422,976 | ---- | M] (Adaptec, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\adp94xx.sys -- (adp94xx)
DRV - [2009/07/13 18:26:15 | 000,159,312 | ---- | M] (AMD Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\amdsbs.sys -- (amdsbs)
DRV - [2009/07/13 18:26:15 | 000,146,512 | ---- | M] (Adaptec, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\adpu320.sys -- (adpu320)
DRV - [2009/07/13 18:26:15 | 000,086,608 | ---- | M] (Adaptec, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\arcsas.sys -- (arcsas)
DRV - [2009/07/13 18:26:15 | 000,079,952 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\amdsata.sys -- (amdsata)
DRV - [2009/07/13 18:26:15 | 000,076,368 | ---- | M] (Adaptec, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\arc.sys -- (arc)
DRV - [2009/07/13 18:26:15 | 000,023,616 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\system32\DRIVERS\amdxata.sys -- (amdxata)
DRV - [2009/07/13 18:26:15 | 000,014,400 | ---- | M] (Acer Laboratories Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\aliide.sys -- (aliide)
DRV - [2009/07/13 18:20:44 | 000,142,416 | ---- | M] (NVIDIA Corporation) [Kernel | Boot | Running] -- C:\Windows\system32\DRIVERS\nvstor.sys -- (nvstor)
DRV - [2009/07/13 18:20:44 | 000,117,312 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\nvraid.sys -- (nvraid)
DRV - [2009/07/13 18:20:44 | 000,044,624 | ---- | M] (IBM Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\nfrd960.sys -- (nfrd960)
DRV - [2009/07/13 18:20:37 | 000,089,168 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\lsi_sas.sys -- (LSI_SAS)
DRV - [2009/07/13 18:20:36 | 000,332,352 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\iaStorV.sys -- (iaStorV)
DRV - [2009/07/13 18:20:36 | 000,235,584 | ---- | M] (LSI Corporation, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\MegaSR.sys -- (MegaSR)
DRV - [2009/07/13 18:20:36 | 000,096,848 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\lsi_scsi.sys -- (LSI_SCSI)
DRV - [2009/07/13 18:20:36 | 000,095,824 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\lsi_fc.sys -- (LSI_FC)
DRV - [2009/07/13 18:20:36 | 000,054,864 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\lsi_sas2.sys -- (LSI_SAS2)
DRV - [2009/07/13 18:20:36 | 000,041,040 | ---- | M] (Intel Corp./ICP vortex GmbH) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\iirsp.sys -- (iirsp)
DRV - [2009/07/13 18:20:36 | 000,030,800 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\megasas.sys -- (megasas)
DRV - [2009/07/13 18:20:36 | 000,013,904 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\System32\drivers\hwpolicy.sys -- (hwpolicy)
DRV - [2009/07/13 18:20:28 | 000,453,712 | ---- | M] (Emulex) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\elxstor.sys -- (elxstor)
DRV - [2009/07/13 18:20:28 | 000,070,720 | ---- | M] (Adaptec, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\djsvs.sys -- (aic78xx)
DRV - [2009/07/13 18:20:28 | 000,067,152 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\HpSAMD.sys -- (HpSAMD)
DRV - [2009/07/13 18:20:28 | 000,046,160 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\System32\drivers\fsdepends.sys -- (FsDepends)
DRV - [2009/07/13 18:19:11 | 000,141,904 | ---- | M] (VIA Technologies Inc.,Ltd) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\vsmraid.sys -- (vsmraid)
DRV - [2009/07/13 18:19:10 | 000,175,824 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\vmbus.sys -- (vmbus)
DRV - [2009/07/13 18:19:10 | 000,159,824 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\vhdmp.sys -- (vhdmp)
DRV - [2009/07/13 18:19:10 | 000,040,896 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\system32\DRIVERS\vmstorfl.sys -- (storflt)
DRV - [2009/07/13 18:19:10 | 000,032,832 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\system32\DRIVERS\vdrvroot.sys -- (vdrvroot)
DRV - [2009/07/13 18:19:10 | 000,028,224 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\storvsc.sys -- (storvsc)
DRV - [2009/07/13 18:19:10 | 000,019,008 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\System32\drivers\wimmount.sys -- (WIMMount)
DRV - [2009/07/13 18:19:10 | 000,016,976 | ---- | M] (VIA Technologies, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\viaide.sys -- (viaide)
DRV - [2009/07/13 18:19:04 | 001,383,488 | ---- | M] (QLogic Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\ql2300.sys -- (ql2300)
DRV - [2009/07/13 18:19:04 | 000,173,648 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\System32\drivers\rdyboost.sys -- (rdyboost)
DRV - [2009/07/13 18:19:04 | 000,106,064 | ---- | M] (QLogic Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\ql40xx.sys -- (ql40xx)
DRV - [2009/07/13 18:19:04 | 000,077,888 | ---- | M] (Silicon Integrated Systems) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\sisraid4.sys -- (SiSRaid4)
DRV - [2009/07/13 18:19:04 | 000,043,088 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\System32\drivers\pcw.sys -- (pcw)
DRV - [2009/07/13 18:19:04 | 000,040,016 | ---- | M] (Silicon Integrated Systems Corp.) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\SiSRaid2.sys -- (SiSRaid2)
DRV - [2009/07/13 18:19:04 | 000,021,072 | ---- | M] (Promise Technology) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\stexstor.sys -- (stexstor)
DRV - [2009/07/13 18:17:54 | 000,369,568 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\System32\Drivers\cng.sys -- (CNG)
DRV - [2009/07/13 17:57:25 | 000,272,128 | ---- | M] (Brother Industries Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\Drivers\Brserid.sys -- (Brserid) Brother MFC Serial Port Interface Driver (WDM)
DRV - [2009/07/13 17:02:41 | 000,018,944 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\rdpbus.sys -- (rdpbus)
DRV - [2009/07/13 17:01:41 | 000,007,168 | ---- | M] (Microsoft Corporation) [Kernel | System | Running] -- C:\Windows\System32\drivers\RDPREFMP.sys -- (RDPREFMP)
DRV - [2009/07/13 16:55:00 | 000,049,152 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\agilevpn.sys -- (RasAgileVpn) WAN Miniport (IKEv2)
DRV - [2009/07/13 16:53:51 | 000,009,728 | ---- | M] (Microsoft Corporation) [Kernel | System | Running] -- C:\Windows\System32\drivers\wfplwf.sys -- (WfpLwf)
DRV - [2009/07/13 16:52:44 | 000,027,136 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\ndiscap.sys -- (NdisCap)
DRV - [2009/07/13 16:52:02 | 000,019,968 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\vwifibus.sys -- (vwifibus)
DRV - [2009/07/13 16:52:00 | 000,163,328 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\1394ohci.sys -- (1394ohci)
DRV - [2009/07/13 16:51:35 | 000,008,192 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\umpass.sys -- (UmPass)
DRV - [2009/07/13 16:51:23 | 000,080,640 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\USBAUDIO.sys -- (usbaudio) USB Audio Driver (WDM)
DRV - [2009/07/13 16:51:11 | 000,034,944 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\winusb.sys -- (WinUsb)
DRV - [2009/07/13 16:51:08 | 000,004,096 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\mshidkmdf.sys -- (mshidkmdf)
DRV - [2009/07/13 16:46:55 | 000,012,288 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\MTConfig.sys -- (MTConfig)
DRV - [2009/07/13 16:45:26 | 000,031,232 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\CompositeBus.sys -- (CompositeBus)
DRV - [2009/07/13 16:36:52 | 000,050,176 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\drivers\appid.sys -- (AppID)
DRV - [2009/07/13 16:33:50 | 000,026,624 | ---- | M] (Microsoft Corporation) [Kernel | Unknown | Stopped] -- C:\Windows\System32\drivers\scfilter.sys -- (scfilter)
DRV - [2009/07/13 16:28:47 | 000,005,632 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\vms3cap.sys -- (s3cap)
DRV - [2009/07/13 16:28:45 | 000,017,920 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\VMBusHID.sys -- (VMBusHID)
DRV - [2009/07/13 16:24:05 | 000,032,256 | ---- | M] (Microsoft Corporation) [Kernel | System | Running] -- C:\Windows\System32\drivers\discache.sys -- (discache)
DRV - [2009/07/13 16:19:21 | 000,021,504 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\HidBatt.sys -- (HidBatt)
DRV - [2009/07/13 16:16:36 | 000,009,728 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\acpipmi.sys -- (AcpiPmi)
DRV - [2009/07/13 16:11:04 | 000,052,736 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\amdppm.sys -- (AmdPPM)
DRV - [2009/07/13 15:54:14 | 000,026,624 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\drivers\hcw85cir.sys -- (hcw85cir)
DRV - [2009/07/13 15:53:33 | 000,012,160 | ---- | M] (Brother Industries Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\Drivers\BrUsbMdm.sys -- (BrUsbMdm)
DRV - [2009/07/13 15:53:33 | 000,011,904 | ---- | M] (Brother Industries Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\Drivers\BrUsbSer.sys -- (BrUsbSer)
DRV - [2009/07/13 15:53:32 | 000,062,336 | ---- | M] (Brother Industries Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\Drivers\BrSerWdm.sys -- (BrSerWdm)
DRV - [2009/07/13 15:53:28 | 000,013,568 | ---- | M] (Brother Industries, Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\BrFiltLo.sys -- (BrFiltLo)
DRV - [2009/07/13 15:53:28 | 000,005,248 | ---- | M] (Brother Industries, Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\BrFiltUp.sys -- (BrFiltUp)
DRV - [2009/07/13 15:02:52 | 000,347,264 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\nvm62x32.sys -- (NVENETFD)
DRV - [2009/07/13 15:02:49 | 000,229,888 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\b57nd60x.sys -- (b57nd60x)
DRV - [2009/07/13 15:02:48 | 003,100,160 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\evbdx.sys -- (ebdrv)
DRV - [2009/07/13 15:02:48 | 000,430,080 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\bxvbdx.sys -- (b06bdrv)
DRV - [2009/06/18 19:45:02 | 004,172,832 | ---- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\RTKVAC.SYS -- (ALCXWDM) Service for Realtek AC97 Audio (WDM)
DRV - [2009/02/24 18:42:14 | 000,116,736 | ---- | M] (MagicISO, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\mcdbus.sys -- (mcdbus)
DRV - [2007/05/09 21:51:34 | 000,041,888 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\LVUSBSta.sys -- (LVUSBSta)
DRV - [2007/05/09 21:47:00 | 001,276,832 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\LV302V32.SYS -- (PID_PEPI) Logitech QuickCam IM(PID_PEPI)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========



IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0



IE - HKU\S-1-5-21-3074497874-418840486-2860784660-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = http://www.msn.com/
IE - HKU\S-1-5-21-3074497874-418840486-2860784660-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = en-us
IE - HKU\S-1-5-21-3074497874-418840486-2860784660-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 49 7C DB AC 08 44 CB 01 [binary data]
IE - HKU\S-1-5-21-3074497874-418840486-2860784660-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-21-3074497874-418840486-2860784660-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = <local>
IE - HKU\S-1-5-21-3074497874-418840486-2860784660-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyServer" = http=127.0.0.1:6522

========== FireFox ==========

FF - prefs.js..browser.startup.homepage: "http://www.wow.com/"
FF - prefs.js..extensions.enabledItems: {AB2CE124-6272-4b12-94A9-7303C7397BD1}:4.2.0.5198
FF - prefs.js..extensions.enabledItems: {3f963a5b-e555-4543-90e2-c3908898db71}:9.0.0.845
FF - prefs.js..extensions.enabledItems: tab@search.com:1.0
FF - prefs.js..keyword.URL: "http://www.google.com/search?ie=UTF-8&oe=UTF-8&sourceid=navclient&gfns=1&q="


FF - HKLM\software\mozilla\Firefox\Extensions\\{3f963a5b-e555-4543-90e2-c3908898db71}: C:\Program Files\AVG\AVG9\Firefox [2010/08/19 12:31:27 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.6.8\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2010/08/31 23:24:50 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.6.8\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2010/08/31 23:24:50 | 000,000,000 | ---D | M]

[2010/02/17 19:14:03 | 000,000,000 | ---D | M] -- C:\Users\User\AppData\Roaming\mozilla\Extensions
[2010/08/31 16:42:00 | 000,000,000 | ---D | M] -- C:\Users\User\AppData\Roaming\mozilla\Firefox\Profiles\46oz1h7i.default\extensions
[2010/08/25 16:18:35 | 000,000,000 | ---D | M] -- C:\Users\User\AppData\Roaming\mozilla\Firefox\Profiles\46oz1h7i.default\extensions\tab@search.com
[2010/08/31 16:42:00 | 000,000,000 | ---D | M] -- C:\Program Files\Mozilla Firefox\extensions
[2010/04/12 15:49:00 | 000,000,000 | ---D | M] (Skype extension for Firefox) -- C:\Program Files\Mozilla Firefox\extensions\{AB2CE124-6272-4b12-94A9-7303C7397BD1}
[2010/01/13 15:46:00 | 000,063,488 | ---- | M] (Nullsoft, Inc.) -- C:\Program Files\Mozilla Firefox\plugins\npwachk.dll
[2010/08/22 05:47:08 | 000,002,074 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\google_search.xml

O1 HOSTS File: ([2010/05/23 11:28:47 | 000,001,871 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 ereg.adobe.com
O1 - Hosts: 127.0.0.1 activate.wip3.adobe.com
O1 - Hosts: 127.0.0.1 wip3.adobe.com
O1 - Hosts: 127.0.0.1 3dns-3.adobe.com
O1 - Hosts: 127.0.0.1 3dns-2.adobe.com
O1 - Hosts: 127.0.0.1 adobe-dns.adobe.com
O1 - Hosts: 127.0.0.1 adobe-dns-2.adobe.com
O1 - Hosts: 127.0.0.1 adobe-dns-3.adobe.com
O1 - Hosts: 127.0.0.1 ereg.wip3.adobe.com
O1 - Hosts: 127.0.0.1 activate-sea.adobe.com
O1 - Hosts: 127.0.0.1 wwis-dubc1-vip60.adobe.com
O1 - Hosts: 127.0.0.1 activate-sjc0.adobe.com
O1 - Hosts: 127.0.0.1 adobe.activate.com127.0.0.1 practivate.adobe.com
O1 - Hosts: 127.0.0.1 ereg.adobe.com
O1 - Hosts: 127.0.0.1 activate.wip3.adobe.com
O1 - Hosts: 127.0.0.1 wip3.adobe.com
O1 - Hosts: 127.0.0.1 3dns-3.adobe.com
O1 - Hosts: 127.0.0.1 3dns-2.adobe.com
O1 - Hosts: 127.0.0.1 adobe-dns.adobe.com
O1 - Hosts: 127.0.0.1 adobe-dns-2.adobe.com
O1 - Hosts: 127.0.0.1 adobe-dns-3.adobe.com
O1 - Hosts: 127.0.0.1 ereg.wip3.adobe.com
O1 - Hosts: 127.0.0.1 activate-sea.adobe.com
O1 - Hosts: 127.0.0.1 wwis-dubc1-vip60.adobe.com
O1 - Hosts: 127.0.0.1 activate-sjc0.adobe.com
O1 - Hosts: 1 more lines...
O2 - BHO: (no name) - {0B1B0D47-95F7-4bad-9309-A945B655AE61} - No CLSID value found.
O2 - BHO: (AVG Safe Search) - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG9\avgssie.dll (AVG Technologies CZ, s.r.o.)
O2 - BHO: (Groove GFS Browser Helper) - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll (Microsoft Corporation)
O2 - BHO: (Adobe PDF Conversion Toolbar Helper) - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O2 - BHO: (SmartSelect Class) - {F4971EE7-DAA0-4053-9964-665D8EE6A077} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O3 - HKLM\..\Toolbar: (Adobe PDF) - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O3 - HKLM\..\Toolbar: (NaturalReader.IEbar) - {BCBF738C-4891-4B9A-959A-C6BF7F608C3A} - C:\Program Files\NaturalSoft\naturalreader7\NVRIEbar.dll (www.naturalreaders.com)
O3 - HKU\S-1-5-21-3074497874-418840486-2860784660-1000\..\Toolbar\WebBrowser: (Adobe PDF) - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O4 - HKLM..\Run: [] File not found
O4 - HKLM..\Run: [Acrobat Assistant 8.0] C:\Program Files\Adobe\Acrobat 9.0\Acrobat\Acrotray.exe (Adobe Systems Inc.)
O4 - HKLM..\Run: [AVG9_TRAY] C:\Program Files\AVG\AVG9\avgtray.exe (AVG Technologies CZ, s.r.o.)
O4 - HKLM..\Run: [googletalk] C:\Program Files\Google\Google Talk\googletalk.exe (Google)
O4 - HKLM..\Run: [Malwarebytes' Anti-Malware] C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe (Malwarebytes Corporation)
O4 - HKLM..\Run: [OODefragTray] C:\Program Files\OO Software\Defrag\oodtray.exe (O&O Software GmbH)
O4 - HKLM..\Run: [SoundMan] C:\Windows\SOUNDMAN.EXE (Realtek Semiconductor Corp.)
O4 - HKLM..\Run: [UpdatePDRShortCut] C:\Program Files\CyberLink\PowerDirector\MUITransfer\MUIStartMenu.exe (CyberLink Corp.)
O4 - HKU\S-1-5-21-3074497874-418840486-2860784660-1000..\Run: [Pando Media Booster] C:\Program Files\Pando Networks\Media Booster\PMB.exe ()
O4 - HKU\S-1-5-21-3074497874-418840486-2860784660-1000..\Run: [PeerBlock] C:\Program Files\PeerBlock\peerblock.exe (PeerBlock, LLC)
O4 - HKU\S-1-5-19..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (Microsoft Corporation)
O4 - HKU\S-1-5-20..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (Microsoft Corporation)
O4 - Startup: C:\Users\User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\CurseClientStartup.ccip ()
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLUA = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: PromptOnSecureDesktop = 0
O7 - HKU\S-1-5-21-3074497874-418840486-2860784660-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O8 - Extra context menu item: Append Link Target to Existing PDF - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Append to Existing PDF - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Convert Link Target to Adobe PDF - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Convert to Adobe PDF - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: E&xport to Microsoft Excel - C:\Program Files\Microsoft Office\Office12\EXCEL.EXE (Microsoft Corporation)
O9 - Extra Button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office\Office12\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office\Office12\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra Button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\Program Files\Microsoft Office\Office12\REFIEBAR.DLL (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000007 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O13 - gopher Prefix: missing
O16 - DPF: {0067DBFC-A752-458C-AE6E-B9C7E63D4824} http://www.logitech.com/devicedetector/plu...Detection32.cab (Device Detection)
O16 - DPF: {83A4D5A6-E2C1-4EDD-AD48-1A1C50BD06EF} http://www.bearbook.com/WebResource.axd?d=...187939332716250 (Image Uploader Control)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Java Plug-in 1.6.0_18)
O16 - DPF: {CAFEEFAC-0016-0000-0018-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Java Plug-in 1.6.0_18)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Java Plug-in 1.6.0_18)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 68.105.28.12 68.105.29.12 68.105.28.11
O18 - Protocol\Handler\grooveLocalGWS {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files\Microsoft Office\Office12\GrooveSystemServices.dll (Microsoft Corporation)
O18 - Protocol\Handler\linkscanner {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG9\avgpp.dll (AVG Technologies CZ, s.r.o.)
O18 - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - C:\Program Files\Common Files\microsoft shared\Help\hxds.dll (Microsoft Corporation)
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O18 - Protocol\Filter\text/xml {807563E5-5146-11D5-A672-00B0D022E945} - C:\Program Files\Common Files\microsoft shared\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation)
O20 - AppInit_DLLs: (acaptuser32.dll) - C:\Windows\System32\acaptuser32.dll (Adobe Systems Incorporated)
O20 - AppInit_DLLs: (avgrsstx.dll) - C:\Windows\System32\avgrsstx.dll (AVG Technologies CZ, s.r.o.)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\System32\SystemPropertiesPerformance.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (/pagefile) - File not found
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - CLSID or File not found.
O28 - HKLM ShellExecuteHooks: {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll (Microsoft Corporation)
O30 - LSA: Security Packages - (pku2u) - C:\Windows\System32\pku2u.dll (Microsoft Corporation)
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2009/06/10 14:42:20 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O34 - HKLM BootExecute: (OODBS) - C:\Windows\System32\OODBS.exe (O&O Software GmbH)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

NetSvcs: FastUserSwitchingCompatibility - File not found
NetSvcs: Ias - File not found
NetSvcs: Nla - File not found
NetSvcs: Ntmssvc - File not found
NetSvcs: NWCWorkstation - File not found
NetSvcs: Nwsapagent - File not found
NetSvcs: SRService - File not found
NetSvcs: Wmi - C:\Windows\System32\wmi.dll (Microsoft Corporation)
NetSvcs: WmdmPmSp - File not found
NetSvcs: LogonHours - File not found
NetSvcs: PCAudit - File not found
NetSvcs: helpsvc - File not found
NetSvcs: uploadmgr - File not found
NetSvcs: Themes - C:\Windows\System32\themeservice.dll (Microsoft Corporation)
NetSvcs: BDESVC - C:\Windows\System32\bdesvc.dll (Microsoft Corporation)

MsConfig - StartUpFolder: C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^Adobe Gamma Loader.lnk - C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe - (Adobe Systems, Inc.)
MsConfig - StartUpFolder: C:^Users^User^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^MagicDisc.lnk - C:\Program Files\MagicDisc\MagicDisc.exe - (MagicISO, Inc.)
MsConfig - StartUpReg: Adobe Acrobat Speed Launcher - hkey= - key= - C:\Program Files\Adobe\Acrobat 9.0\Acrobat\Acrobat_sl.exe (Adobe Systems Incorporated)
MsConfig - StartUpReg: Adobe ARM - hkey= - key= - C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe (Adobe Systems Incorporated)
MsConfig - StartUpReg: Aim - hkey= - key= - C:\Program Files\AIM\aim.exe (AOL LLC)
MsConfig - StartUpReg: DKPProfilerUploader - hkey= - key= - C:\Program Files\DKP Profiler Uploader\DKPProfilerUploader.exe (Microsoft)
MsConfig - StartUpReg: iTunesHelper - hkey= - key= - C:\Program Files\iTunes\iTunesHelper.exe (Apple Inc.)
MsConfig - StartUpReg: Logitech Vid - hkey= - key= - C:\Program Files\Logitech\Logitech Vid\vid.exe (Logitech Inc.)
MsConfig - StartUpReg: LogitechQuickCamRibbon - hkey= - key= - C:\Program Files\Logitech\Logitech WebCam Software\LWS.exe ()
MsConfig - StartUpReg: Messenger (Yahoo!) - hkey= - key= - C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe (Yahoo! Inc.)
MsConfig - StartUpReg: QuickTime Task - hkey= - key= - C:\Program Files\QuickTime\QTTask.exe (Apple Inc.)
MsConfig - StartUpReg: WinampAgent - hkey= - key= - C:\Program Files\Winamp\winampa.exe (Nullsoft, Inc.)
MsConfig - State: "startup" - 2

Drivers32: aux - C:\Windows\System32\wdmaud.drv (Microsoft Corporation)
Drivers32: aux1 - C:\Windows\System32\wdmaud.drv (Microsoft Corporation)
Drivers32: aux2 - C:\Windows\System32\wdmaud.drv (Microsoft Corporation)
Drivers32: midi - C:\Windows\System32\wdmaud.drv (Microsoft Corporation)
Drivers32: midi1 - C:\Windows\System32\wdmaud.drv (Microsoft Corporation)
Drivers32: midi2 - C:\Windows\System32\wdmaud.drv (Microsoft Corporation)
Drivers32: midi3 - C:\Windows\System32\wdmaud.drv (Microsoft Corporation)
Drivers32: midimapper - C:\Windows\System32\midimap.dll (Microsoft Corporation)
Drivers32: mixer - C:\Windows\System32\wdmaud.drv (Microsoft Corporation)
Drivers32: mixer1 - C:\Windows\System32\wdmaud.drv (Microsoft Corporation)
Drivers32: mixer2 - C:\Windows\System32\wdmaud.drv (Microsoft Corporation)
Drivers32: mixer3 - C:\Windows\System32\wdmaud.drv (Microsoft Corporation)
Drivers32: msacm.imaadpcm - C:\Windows\System32\imaadp32.acm (Microsoft Corporation)
Drivers32: msacm.l3acm - C:\Windows\System32\l3codeca.acm (Fraunhofer Institut Integrierte Schaltungen IIS)
Drivers32: msacm.msadpcm - C:\Windows\System32\msadp32.acm (Microsoft Corporation)
Drivers32: msacm.msg711 - C:\Windows\System32\msg711.acm (Microsoft Corporation)
Drivers32: msacm.msgsm610 - C:\Windows\System32\msgsm32.acm (Microsoft Corporation)
Drivers32: MSVideo - C:\Windows\System32\vfwwdm32.dll (Microsoft Corporation)
Drivers32: MSVideo8 - C:\Windows\System32\vfwwdm32.dll (Microsoft Corporation)
Drivers32: vidc.cvid - C:\Windows\System32\iccvid.dll (Radius Inc.)
Drivers32: VIDC.I420 - C:\Windows\System32\LVCodec2.dll (Logitech Inc.)
Drivers32: VIDC.IYUV - C:\Windows\System32\iyuv_32.dll (Microsoft Corporation)
Drivers32: vidc.mrle - C:\Windows\System32\msrle32.dll (Microsoft Corporation)
Drivers32: vidc.msvc - C:\Windows\System32\msvidc32.dll (Microsoft Corporation)
Drivers32: VIDC.UYVY - C:\Windows\System32\msyuv.dll (Microsoft Corporation)
Drivers32: VIDC.YUY2 - C:\Windows\System32\msyuv.dll (Microsoft Corporation)
Drivers32: VIDC.YVU9 - C:\Windows\System32\tsbyuv.dll (Microsoft Corporation)
Drivers32: VIDC.YVYU - C:\Windows\System32\msyuv.dll (Microsoft Corporation)
Drivers32: wave - C:\Windows\System32\wdmaud.drv (Microsoft Corporation)
Drivers32: wave1 - C:\Windows\System32\wdmaud.drv (Microsoft Corporation)
Drivers32: wave2 - C:\Windows\System32\wdmaud.drv (Microsoft Corporation)
Drivers32: wave3 - C:\Windows\System32\wdmaud.drv (Microsoft Corporation)
Drivers32: wavemapper - C:\Windows\System32\msacm32.drv (Microsoft Corporation)

========== Files/Folders - Created Within 90 Days ==========

[2010/09/13 17:19:49 | 000,576,000 | ---- | C] (OldTimer Tools) -- C:\Users\User\Desktop\OTL.exe
[2010/09/12 00:05:58 | 000,000,000 | ---D | C] -- C:\Users\User\Desktop\Wildcats Game 9-11-2010
[2010/09/10 22:51:22 | 000,000,000 | ---D | C] -- C:\ProgramData\Creative Labs
[2010/09/10 22:51:02 | 000,000,000 | ---D | C] -- C:\Users\User\Documents\The Lord of the Rings Online
[2010/09/10 22:51:02 | 000,000,000 | ---D | C] -- C:\Users\User\AppData\Local\The Lord of the Rings Online
[2010/09/10 22:40:42 | 000,000,000 | ---D | C] -- C:\Users\User\AppData\Local\Turbine
[2010/09/10 22:38:03 | 000,000,000 | ---D | C] -- C:\Users\User\AppData\Local\ApplicationHistory
[2010/09/10 21:58:10 | 000,000,000 | ---D | C] -- C:\Program Files\Turbine
[2010/09/10 12:47:47 | 000,000,000 | ---D | C] -- C:\LOTRO High Res Installer Files
[2010/09/10 12:46:46 | 000,000,000 | ---D | C] -- C:\Users\User\AppData\Local\PMB Files
[2010/09/10 12:46:42 | 000,000,000 | ---D | C] -- C:\ProgramData\PMB Files
[2010/09/10 12:46:18 | 000,000,000 | ---D | C] -- C:\Program Files\Pando Networks
[2010/09/08 22:21:06 | 000,000,000 | ---D | C] -- C:\Users\User\Desktop\riffraff
[2010/09/07 21:15:20 | 000,000,000 | ---D | C] -- C:\Program Files\Sophos
[2010/08/25 16:22:04 | 000,000,000 | ---D | C] -- C:\Users\User\Desktop\concerning hobbits_data
[2010/08/25 16:18:52 | 000,000,000 | -H-D | C] -- C:\$AVG
[2010/08/25 16:18:32 | 000,000,000 | ---D | C] -- C:\ProgramData\Update
[2010/08/25 16:18:21 | 000,000,000 | ---D | C] -- C:\Users\User\AppData\Local\riptnambl
[2010/08/21 14:51:57 | 000,000,000 | ---D | C] -- C:\Users\User\AppData\Roaming\Malwarebytes
[2010/08/21 14:51:50 | 000,038,224 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbamswissarmy.sys
[2010/08/21 14:51:49 | 000,020,952 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbam.sys
[2010/08/21 14:51:49 | 000,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware
[2010/08/21 14:51:49 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes
[2010/08/21 10:39:05 | 000,000,000 | ---D | C] -- C:\Users\User\AppData\Roaming\vlc
[2010/08/19 22:42:52 | 000,000,000 | ---D | C] -- C:\Users\User\Desktop\pics to sort
[2010/08/19 12:31:38 | 000,012,536 | ---- | C] (AVG Technologies CZ, s.r.o.) -- C:\Windows\System32\avgrsstx.dll
[2010/08/19 12:31:36 | 000,243,024 | ---- | C] (AVG Technologies CZ, s.r.o.) -- C:\Windows\System32\drivers\avgtdix.sys
[2010/08/19 12:31:34 | 000,216,400 | ---- | C] (AVG Technologies CZ, s.r.o.) -- C:\Windows\System32\drivers\avgldx86.sys
[2010/08/19 12:31:29 | 000,029,584 | ---- | C] (AVG Technologies CZ, s.r.o.) -- C:\Windows\System32\drivers\avgmfx86.sys
[2010/08/19 12:31:28 | 000,000,000 | ---D | C] -- C:\Windows\System32\drivers\Avg
[2010/08/19 12:29:38 | 000,000,000 | ---D | C] -- C:\Windows\Minidump
[2010/08/19 12:02:13 | 000,000,000 | ---D | C] -- C:\Program Files\AVG
[2010/08/19 12:02:12 | 000,000,000 | ---D | C] -- C:\ProgramData\avg9
[2010/08/19 11:36:57 | 000,000,000 | ---D | C] -- C:\Users\User\AppData\Local\{67E29178-152A-4D95-AE00-1DD4EC48D05E}
[2010/08/19 11:35:29 | 000,000,000 | ---D | C] -- C:\Users\User\AppData\Local\gsihwjjth
[2010/08/19 11:35:10 | 000,000,000 | ---D | C] -- C:\Users\User\AppData\Local\Windows Server
[2010/08/15 22:53:47 | 000,000,000 | ---D | C] -- C:\Program Files\PeerBlock
[2010/08/15 22:45:51 | 000,000,000 | ---D | C] -- C:\Program Files\PeerGuardian2
[2010/08/08 18:00:05 | 000,000,000 | ---D | C] -- C:\Users\User\Desktop\For Jessy
[2010/08/08 13:24:06 | 000,000,000 | ---D | C] -- C:\Users\User\Documents\My eBooks
[2010/08/08 13:24:06 | 000,000,000 | ---D | C] -- C:\Users\User\AppData\Roaming\Mobipocket
[2010/08/08 13:23:54 | 000,000,000 | ---D | C] -- C:\Program Files\Mobipocket.com
[2010/07/19 16:02:26 | 000,000,000 | ---D | C] -- C:\Users\User\Documents\Red Kawa
[2010/07/19 16:02:26 | 000,000,000 | ---D | C] -- C:\Users\User\AppData\Roaming\Red Kawa
[2010/07/19 16:02:26 | 000,000,000 | ---D | C] -- C:\Users\User\AppData\Local\Geckofx
[2010/07/19 15:56:51 | 000,000,000 | ---D | C] -- C:\Program Files\AviSynth 2.5
[2010/07/19 15:56:44 | 000,000,000 | ---D | C] -- C:\Program Files\Red Kawa
[2010/06/22 09:17:03 | 000,000,000 | ---D | C] -- C:\ProgramData\Blizzard Entertainment
[2010/06/18 12:54:34 | 000,000,000 | ---D | C] -- C:\Windows\pss
[2010/06/17 13:20:01 | 000,000,000 | ---D | C] -- C:\Program Files\SystemRequirementsLab
[2010/06/17 13:19:58 | 000,000,000 | ---D | C] -- C:\Users\User\AppData\Roaming\SystemRequirementsLab

========== Files - Modified Within 90 Days ==========

[2010/09/13 17:22:00 | 004,194,304 | -HS- | M] () -- C:\Users\User\ntuser.dat
[2010/09/13 17:19:50 | 000,576,000 | ---- | M] (OldTimer Tools) -- C:\Users\User\Desktop\OTL.exe
[2010/09/13 16:46:00 | 000,000,882 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2010/09/13 16:43:00 | 000,000,904 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-3074497874-418840486-2860784660-1000UA.job
[2010/09/13 12:29:11 | 000,731,366 | ---- | M] () -- C:\Windows\System32\PerfStringBackup.INI
[2010/09/13 12:29:11 | 000,626,794 | ---- | M] () -- C:\Windows\System32\perfh009.dat
[2010/09/13 12:29:11 | 000,108,366 | ---- | M] () -- C:\Windows\System32\perfc009.dat
[2010/09/13 10:14:50 | 064,580,852 | ---- | M] () -- C:\Windows\System32\drivers\Avg\incavi.avm
[2010/09/13 10:12:22 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2010/09/12 22:43:07 | 000,000,852 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-3074497874-418840486-2860784660-1000Core.job
[2010/09/12 22:23:05 | 000,000,878 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2010/09/12 11:08:31 | 000,010,728 | ---- | M] () -- C:\Users\User\Desktop\The Great Waist Debate.docx
[2010/09/12 00:05:42 | 000,871,716 | ---- | M] () -- C:\Users\User\Desktop\Catpics 9-11-2010.jpg
[2010/09/11 23:52:08 | 000,002,391 | ---- | M] () -- C:\Users\User\Desktop\Google Chrome.lnk
[2010/09/11 11:49:24 | 000,290,920 | ---- | M] () -- C:\Users\User\Desktop\Gayagain's Island 2.jpg
[2010/09/10 22:40:44 | 000,000,092 | ---- | M] () -- C:\Users\User\AppData\Local\fusioncache.dat
[2010/09/10 22:36:16 | 000,002,171 | ---- | M] () -- C:\Users\User\Desktop\The Lord of the Rings Online.lnk
[2010/09/10 21:34:56 | 001,423,930 | ---- | M] () -- C:\Users\User\Desktop\Gayagain's Island.jpg
[2010/09/10 09:34:08 | 000,081,399 | ---- | M] () -- C:\Users\User\Desktop\glee bear kurt.jpg
[2010/09/09 13:46:30 | 000,000,006 | -H-- | M] () -- C:\Windows\tasks\SA.DAT
[2010/09/09 13:46:28 | 000,524,288 | -HS- | M] () -- C:\Users\User\ntuser.dat{336f0340-bc53-11df-b221-00e04ce9d553}.TMContainer00000000000000000002.regtrans-ms
[2010/09/09 13:46:28 | 000,524,288 | -HS- | M] () -- C:\Users\User\ntuser.dat{336f0340-bc53-11df-b221-00e04ce9d553}.TMContainer00000000000000000001.regtrans-ms
[2010/09/09 13:46:28 | 000,065,536 | -HS- | M] () -- C:\Users\User\ntuser.dat{336f0340-bc53-11df-b221-00e04ce9d553}.TM.blf
[2010/09/09 13:46:20 | 2414,772,224 | -HS- | M] () -- C:\hiberfil.sys
[2010/09/09 13:46:20 | 000,051,677 | ---- | M] () -- C:\Windows\System32\oodbs.lor
[2010/09/09 12:40:05 | 001,706,114 | -H-- | M] () -- C:\Users\User\AppData\Local\IconCache.db
[2010/09/09 12:39:52 | 000,025,325 | ---- | M] () -- C:\Users\User\Desktop\Writing Templates.xlsm
[2010/09/08 11:34:55 | 000,189,589 | ---- | M] () -- C:\Users\User\Desktop\brads udid.jpg
[2010/09/07 23:53:04 | 000,525,824 | ---- | M] () -- C:\Users\User\Desktop\dds.scr
[2010/09/07 23:52:48 | 000,000,000 | ---- | M] () -- C:\Users\User\defogger_reenable
[2010/09/07 11:56:50 | 001,530,861 | ---- | M] () -- C:\Users\User\Desktop\IMG_3508.JPG
[2010/09/07 11:39:06 | 000,001,875 | ---- | M] () -- C:\Users\User\Desktop\AIM.lnk
[2010/09/06 23:22:16 | 000,012,672 | ---- | M] () -- C:\Users\User\Desktop\OKrrrrr.mp3
[2010/09/06 21:15:37 | 004,237,824 | ---- | M] () -- C:\Users\User\Desktop\beweave.mp3
[2010/09/06 21:14:57 | 008,624,641 | ---- | M] () -- C:\Users\User\Desktop\beweave.mp4
[2010/09/05 02:28:20 | 006,190,139 | ---- | M] () -- C:\Users\User\Desktop\39878_bleeping_2.wmv
[2010/08/30 23:09:19 | 000,206,767 | ---- | M] () -- C:\Users\User\Desktop\DSC00083.JPG
[2010/08/27 18:23:05 | 000,014,533 | ---- | M] () -- C:\Users\User\Desktop\Novel Planning.docx
[2010/08/27 00:26:09 | 000,009,216 | ---- | M] () -- C:\Users\User\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2010/08/27 00:19:25 | 000,001,080 | ---- | M] () -- C:\Users\Public\Desktop\YouTube Downloader.lnk
[2010/08/25 23:39:01 | 000,000,979 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes' Anti-Malware.lnk
[2010/08/25 16:22:04 | 000,004,156 | ---- | M] () -- C:\Users\User\Desktop\concerning hobbits.aup
[2010/08/25 16:18:16 | 000,000,005 | ---- | M] () -- C:\zrpt.xml
[2010/08/25 14:10:49 | 003,600,008 | ---- | M] () -- C:\Users\User\Desktop\Jack Johnson and Dave Matthews - A Pirate Looks at 40.mp3
[2010/08/25 12:50:14 | 000,014,416 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2010/08/25 12:50:14 | 000,014,416 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2010/08/24 23:06:43 | 000,071,452 | ---- | M] () -- C:\Users\User\Desktop\tpirwheel2.wav
[2010/08/24 23:02:51 | 000,786,496 | ---- | M] () -- C:\Users\User\Desktop\tpirhorns.wav
[2010/08/24 22:59:54 | 000,168,230 | ---- | M] () -- C:\Users\User\Desktop\tpiryodel.wav
[2010/08/24 22:11:54 | 000,000,703 | ---- | M] () -- C:\Users\Public\Desktop\World of Warcraft.lnk
[2010/08/21 20:57:02 | 000,000,362 | RHS- | M] () -- C:\ProgramData\ntuser.pol
[2010/08/21 11:30:01 | 000,030,186 | ---- | M] () -- C:\Users\User\Documents\cc_20100821_112944.reg
[2010/08/21 10:38:23 | 000,001,024 | ---- | M] () -- C:\Users\Public\Desktop\VLC media player.lnk
[2010/08/19 14:12:52 | 000,524,288 | -HS- | M] () -- C:\Users\User\ntuser.dat{08a2b40c-abc8-11df-91cf-c55eaca8e1e0}.TMContainer00000000000000000002.regtrans-ms
[2010/08/19 14:12:52 | 000,524,288 | -HS- | M] () -- C:\Users\User\ntuser.dat{08a2b40c-abc8-11df-91cf-c55eaca8e1e0}.TMContainer00000000000000000001.regtrans-ms
[2010/08/19 14:12:52 | 000,065,536 | -HS- | M] () -- C:\Users\User\ntuser.dat{08a2b40c-abc8-11df-91cf-c55eaca8e1e0}.TM.blf
[2010/08/19 12:31:38 | 000,012,536 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Windows\System32\avgrsstx.dll
[2010/08/19 12:31:38 | 000,001,812 | ---- | M] () -- C:\Users\Public\Desktop\AVG Free 9.0.lnk
[2010/08/19 12:31:36 | 000,243,024 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Windows\System32\drivers\avgtdix.sys
[2010/08/19 12:31:34 | 000,216,400 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Windows\System32\drivers\avgldx86.sys
[2010/08/19 12:31:29 | 000,113,461 | ---- | M] () -- C:\Windows\System32\drivers\Avg\iavichjw.avm
[2010/08/19 12:31:29 | 000,029,584 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Windows\System32\drivers\avgmfx86.sys
[2010/08/19 11:36:58 | 000,000,120 | ---- | M] () -- C:\Users\User\AppData\Local\Xtutuqazefi.dat
[2010/08/19 11:36:58 | 000,000,000 | ---- | M] () -- C:\Users\User\AppData\Local\Ncuhexemexizo.bin
[2010/08/17 05:59:30 | 002,896,690 | ---- | M] () -- C:\Users\User\Desktop\68508_me_playing - Copy.mp4
[2010/08/15 22:53:47 | 000,001,023 | ---- | M] () -- C:\Users\User\Desktop\PeerBlock.lnk
[2010/07/19 15:56:44 | 000,002,172 | ---- | M] () -- C:\Users\Public\Desktop\Videora iPod touch Converter.lnk
[2010/07/11 15:26:40 | 000,000,112 | ---- | M] () -- C:\Users\User\Desktop\Pandora.url

========== Files Created - No Company Name ==========

[2010/09/12 11:08:30 | 000,010,728 | ---- | C] () -- C:\Users\User\Desktop\The Great Waist Debate.docx
[2010/09/12 00:05:37 | 000,871,716 | ---- | C] () -- C:\Users\User\Desktop\Catpics 9-11-2010.jpg
[2010/09/11 11:48:57 | 000,290,920 | ---- | C] () -- C:\Users\User\Desktop\Gayagain's Island 2.jpg
[2010/09/10 22:40:44 | 000,000,092 | ---- | C] () -- C:\Users\User\AppData\Local\fusioncache.dat
[2010/09/10 22:36:16 | 000,002,171 | ---- | C] () -- C:\Users\User\Desktop\The Lord of the Rings Online.lnk
[2010/09/10 21:34:54 | 001,423,930 | ---- | C] () -- C:\Users\User\Desktop\Gayagain's Island.jpg
[2010/09/10 09:34:08 | 000,081,399 | ---- | C] () -- C:\Users\User\Desktop\glee bear kurt.jpg
[2010/09/09 13:46:28 | 000,524,288 | -HS- | C] () -- C:\Users\User\ntuser.dat{336f0340-bc53-11df-b221-00e04ce9d553}.TMContainer00000000000000000002.regtrans-ms
[2010/09/09 13:46:28 | 000,524,288 | -HS- | C] () -- C:\Users\User\ntuser.dat{336f0340-bc53-11df-b221-00e04ce9d553}.TMContainer00000000000000000001.regtrans-ms
[2010/09/09 13:46:28 | 000,065,536 | -HS- | C] () -- C:\Users\User\ntuser.dat{336f0340-bc53-11df-b221-00e04ce9d553}.TM.blf
[2010/09/09 09:11:33 | 006,190,139 | ---- | C] () -- C:\Users\User\Desktop\39878_bleeping_2.wmv
[2010/09/08 11:34:55 | 000,189,589 | ---- | C] () -- C:\Users\User\Desktop\brads udid.jpg
[2010/09/07 23:53:47 | 000,525,824 | ---- | C] () -- C:\Users\User\Desktop\dds.scr
[2010/09/07 23:52:48 | 000,000,000 | ---- | C] () -- C:\Users\User\defogger_reenable
[2010/09/07 11:56:50 | 001,530,861 | ---- | C] () -- C:\Users\User\Desktop\IMG_3508.JPG
[2010/09/07 11:39:06 | 000,001,875 | ---- | C] () -- C:\Users\User\Desktop\AIM.lnk
[2010/09/06 21:21:49 | 000,012,672 | ---- | C] () -- C:\Users\User\Desktop\OKrrrrr.mp3
[2010/09/06 21:15:23 | 004,237,824 | ---- | C] () -- C:\Users\User\Desktop\beweave.mp3
[2010/09/06 21:14:57 | 008,624,641 | ---- | C] () -- C:\Users\User\Desktop\beweave.mp4
[2010/08/30 23:09:17 | 000,206,767 | ---- | C] () -- C:\Users\User\Desktop\DSC00083.JPG
[2010/08/30 11:53:09 | 002,896,690 | ---- | C] () -- C:\Users\User\Desktop\68508_me_playing - Copy.mp4
[2010/08/27 16:44:22 | 000,014,533 | ---- | C] () -- C:\Users\User\Desktop\Novel Planning.docx
[2010/08/27 00:19:25 | 000,001,080 | ---- | C] () -- C:\Users\Public\Desktop\YouTube Downloader.lnk
[2010/08/25 16:22:04 | 000,004,156 | ---- | C] () -- C:\Users\User\Desktop\concerning hobbits.aup
[2010/08/25 14:10:21 | 003,600,008 | ---- | C] () -- C:\Users\User\Desktop\Jack Johnson and Dave Matthews - A Pirate Looks at 40.mp3
[2010/08/24 23:06:43 | 000,071,452 | ---- | C] () -- C:\Users\User\Desktop\tpirwheel2.wav
[2010/08/24 23:02:50 | 000,786,496 | ---- | C] () -- C:\Users\User\Desktop\tpirhorns.wav
[2010/08/24 22:59:54 | 000,168,230 | ---- | C] () -- C:\Users\User\Desktop\tpiryodel.wav
[2010/08/21 14:51:52 | 000,000,979 | ---- | C] () -- C:\Users\Public\Desktop\Malwarebytes' Anti-Malware.lnk
[2010/08/21 11:29:48 | 000,030,186 | ---- | C] () -- C:\Users\User\Documents\cc_20100821_112944.reg
[2010/08/21 10:38:23 | 000,001,024 | ---- | C] () -- C:\Users\Public\Desktop\VLC media player.lnk
[2010/08/19 12:31:38 | 000,001,812 | ---- | C] () -- C:\Users\Public\Desktop\AVG Free 9.0.lnk
[2010/08/19 12:31:29 | 000,113,461 | ---- | C] () -- C:\Windows\System32\drivers\Avg\iavichjw.avm
[2010/08/19 12:31:28 | 064,580,852 | ---- | C] () -- C:\Windows\System32\drivers\Avg\incavi.avm
[2010/08/19 12:29:49 | 000,524,288 | -HS- | C] () -- C:\Users\User\ntuser.dat{08a2b40c-abc8-11df-91cf-c55eaca8e1e0}.TMContainer00000000000000000002.regtrans-ms
[2010/08/19 12:29:49 | 000,524,288 | -HS- | C] () -- C:\Users\User\ntuser.dat{08a2b40c-abc8-11df-91cf-c55eaca8e1e0}.TMContainer00000000000000000001.regtrans-ms
[2010/08/19 12:29:49 | 000,065,536 | -HS- | C] () -- C:\Users\User\ntuser.dat{08a2b40c-abc8-11df-91cf-c55eaca8e1e0}.TM.blf
[2010/08/19 11:36:58 | 000,000,120 | ---- | C] () -- C:\Users\User\AppData\Local\Xtutuqazefi.dat
[2010/08/19 11:36:58 | 000,000,000 | ---- | C] () -- C:\Users\User\AppData\Local\Ncuhexemexizo.bin
[2010/08/19 11:35:24 | 000,000,005 | ---- | C] () -- C:\zrpt.xml
[2010/08/18 14:35:56 | 719,446,016 | ---- | C] () -- C:\Users\User\Desktop\Walt Disney - The Last Unicorn.avi
[2010/08/17 23:04:29 | 000,025,325 | ---- | C] () -- C:\Users\User\Desktop\Writing Templates.xlsm
[2010/08/15 22:53:47 | 000,001,023 | ---- | C] () -- C:\Users\User\Desktop\PeerBlock.lnk
[2010/07/19 15:56:44 | 000,002,172 | ---- | C] () -- C:\Users\Public\Desktop\Videora iPod touch Converter.lnk
[2010/07/11 15:26:25 | 000,000,112 | ---- | C] () -- C:\Users\User\Desktop\Pandora.url
[2010/07/05 22:39:03 | 000,002,391 | ---- | C] () -- C:\Users\User\Desktop\Google Chrome.lnk
[2010/07/05 22:38:13 | 000,000,904 | ---- | C] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-3074497874-418840486-2860784660-1000UA.job
[2010/07/05 22:38:12 | 000,000,852 | ---- | C] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-3074497874-418840486-2860784660-1000Core.job
[2010/06/08 23:50:28 | 000,000,362 | RHS- | C] () -- C:\ProgramData\ntuser.pol
[2010/04/12 15:31:58 | 000,030,688 | ---- | C] () -- C:\Windows\System32\xfiWR.ini
[2010/04/12 15:31:57 | 000,001,801 | ---- | C] () -- C:\Windows\WRcfg.ini
[2010/04/12 15:31:57 | 000,000,388 | ---- | C] () -- C:\Windows\WRMCcfg.ini
[2010/04/12 15:31:53 | 000,176,128 | ---- | C] () -- C:\Windows\System32\APOMngr.DLL
[2010/04/12 15:31:53 | 000,073,728 | ---- | C] () -- C:\Windows\System32\CmdRtr.DLL
[2010/03/01 11:36:47 | 000,000,600 | ---- | C] () -- C:\Users\User\AppData\Roaming\winscp.rnd
[2010/02/28 19:33:46 | 000,009,216 | ---- | C] () -- C:\Users\User\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2010/02/19 11:19:34 | 000,000,262 | ---- | C] () -- C:\Windows\{789289CA-F73A-4A16-A331-54D498CE069F}_WiseFW.ini
[2010/02/17 20:11:39 | 000,691,592 | ---- | C] () -- C:\Windows\System32\OGACheckControl.DLL
[2009/10/07 01:46:36 | 000,025,752 | ---- | C] () -- C:\Windows\System32\drivers\LVPr2Mon.sys
[2009/10/07 01:23:08 | 000,013,584 | ---- | C] () -- C:\Windows\System32\drivers\iKeyLFT2.dll
[2009/07/13 16:51:43 | 000,073,728 | ---- | C] () -- C:\Windows\System32\BthpanContextHandler.dll
[2009/07/13 16:42:10 | 000,064,000 | ---- | C] () -- C:\Windows\System32\BWContextHandler.dll
[2009/04/14 07:43:32 | 000,154,144 | ---- | C] () -- C:\Windows\System32\RTLCPAPI.dll
[2007/05/09 20:35:54 | 000,057,126 | ---- | C] () -- C:\Windows\System32\lvcoinst.ini
[2004/02/28 05:30:12 | 000,049,152 | ---- | C] () -- C:\Windows\System32\TrustSupport.dll
[2000/10/25 17:15:00 | 000,017,920 | ---- | C] () -- C:\Windows\System32\Implode.dll

========== LOP Check ==========

[2010/02/18 01:28:54 | 000,000,000 | ---D | M] -- C:\Users\User\AppData\Roaming\acccore
[2010/09/07 10:59:19 | 000,000,000 | ---D | M] -- C:\Users\User\AppData\Roaming\Audacity
[2010/05/11 14:42:34 | 000,000,000 | ---D | M] -- C:\Users\User\AppData\Roaming\Leadertech
[2010/08/08 13:24:40 | 000,000,000 | ---D | M] -- C:\Users\User\AppData\Roaming\Mobipocket
[2010/07/19 16:02:26 | 000,000,000 | ---D | M] -- C:\Users\User\AppData\Roaming\Red Kawa
[2010/06/17 13:19:58 | 000,000,000 | ---D | M] -- C:\Users\User\AppData\Roaming\SystemRequirementsLab
[2010/09/13 17:22:41 | 000,000,000 | ---D | M] -- C:\Users\User\AppData\Roaming\uTorrent
[2009/07/13 21:53:46 | 000,010,612 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT

========== Purity Check ==========



========== Custom Scans ==========


< %systemroot%\system32\*.dll /lockedfiles >
[2009/07/13 18:15:13 | 000,346,112 | ---- | M] (Microsoft Corporation) Unable to obtain MD5 -- C:\Windows\System32\dxtmsft.dll
[2009/07/13 18:15:13 | 000,215,552 | ---- | M] (Microsoft Corporation) Unable to obtain MD5 -- C:\Windows\System32\dxtrans.dll
[2009/07/13 18:15:36 | 000,226,816 | ---- | M] (Microsoft Corporation) Unable to obtain MD5 -- C:\Windows\System32\LocationApi.dll

< %systemroot%\system32\*.sys /90 >

< %systemroot%\Tasks\*.job /lockedfiles >

< %systemroot%\System32\config\*.sav >

< %SYSTEMDRIVE%\*.* >
[2010/08/19 12:22:46 | 000,000,809 | ---- | M] () -- C:\aaw7boot.log
[2009/06/10 14:42:20 | 000,000,024 | ---- | M] () -- C:\autoexec.bat
[2009/06/10 14:42:20 | 000,000,010 | ---- | M] () -- C:\config.sys
[2010/09/09 13:46:20 | 2414,772,224 | -HS- | M] () -- C:\hiberfil.sys
[2010/02/18 01:28:14 | 000,000,350 | -H-- | M] () -- C:\IPH.PH
[2010/09/09 13:46:20 | 3219,697,664 | -HS- | M] () -- C:\pagefile.sys
[2010/02/17 21:57:40 | 000,000,010 | ---- | M] () -- C:\sharing password.txt
[2010/08/25 16:18:16 | 000,000,005 | ---- | M] () -- C:\zrpt.xml

< %systemroot%\system32\Spool\prtprocs\w32x86\*.dll >
[2009/07/13 18:15:26 | 000,280,064 | ---- | M] (Hewlett-Packard Corporation) -- C:\Windows\System32\spool\prtprocs\w32x86\hpzppw71.dll
[2009/07/13 18:15:35 | 000,022,528 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\spool\prtprocs\w32x86\jnwppr.dll
[2006/10/26 19:56:12 | 000,033,104 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\spool\prtprocs\w32x86\msonpppr.dll
[2009/07/13 18:16:19 | 000,029,696 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\spool\prtprocs\w32x86\winprint.dll

< %systemroot%\*. /mp /s >


< MD5 for: AGP440.SYS >
[2009/07/13 18:26:15 | 000,053,312 | ---- | M] (Microsoft Corporation) MD5=507812C3054C21CEF746B6EE3D04DD6E -- C:\Windows\System32\drivers\AGP440.sys
[2009/07/13 18:26:15 | 000,053,312 | ---- | M] (Microsoft Corporation) MD5=507812C3054C21CEF746B6EE3D04DD6E -- C:\Windows\System32\DriverStore\FileRepository\machine.inf_x86_neutral_65848c2d7375a720\AGP440.sys
[2009/07/13 18:26:15 | 000,053,312 | ---- | M] (Microsoft Corporation) MD5=507812C3054C21CEF746B6EE3D04DD6E -- C:\Windows\winsxs\x86_machine.inf_31bf3856ad364e35_6.1.7600.16385_none_b9e9435f20046eeb\AGP440.sys

< MD5 for: ATAPI.SYS >
[2009/07/13 18:26:15 | 000,021,584 | ---- | M] (Microsoft Corporation) MD5=338C86357871C167A96AB976519BF59E -- C:\Windows\System32\drivers\atapi.sys
[2009/07/13 18:26:15 | 000,021,584 | ---- | M] (Microsoft Corporation) MD5=338C86357871C167A96AB976519BF59E -- C:\Windows\System32\DriverStore\FileRepository\mshdc.inf_x86_neutral_f64b9c35a3a5be81\atapi.sys
[2009/07/13 18:26:15 | 000,021,584 | ---- | M] (Microsoft Corporation) MD5=338C86357871C167A96AB976519BF59E -- C:\Windows\winsxs\x86_mshdc.inf_31bf3856ad364e35_6.1.7600.16385_none_dd0e7e3d82dd640d\atapi.sys

< MD5 for: CNGAUDIT.DLL >
[2009/07/13 18:15:06 | 000,012,288 | ---- | M] (Microsoft Corporation) MD5=50BA656134F78AF64E4DD3C8B6FEFD7E -- C:\Windows\System32\cngaudit.dll
[2009/07/13 18:15:06 | 000,012,288 | ---- | M] (Microsoft Corporation) MD5=50BA656134F78AF64E4DD3C8B6FEFD7E -- C:\Windows\winsxs\x86_microsoft-windows-cngaudit-dll_31bf3856ad364e35_6.1.7600.16385_none_e83a414890e8132b\cngaudit.dll

< MD5 for: EVENTLOG.DLL >
[2008/06/06 14:03:52 | 000,007,216 | ---- | M] () MD5=C2A279A458A06DE2C83D842AA042B5A8 -- C:\Program Files\CyberLink\PowerDirector\EventLog.dll

< MD5 for: IASTORV.SYS >
[2009/07/13 18:20:36 | 000,332,352 | ---- | M] (Intel Corporation) MD5=934AF4D7C5F457B9F0743F4299B77B67 -- C:\Windows\System32\drivers\iaStorV.sys
[2009/07/13 18:20:36 | 000,332,352 | ---- | M] (Intel Corporation) MD5=934AF4D7C5F457B9F0743F4299B77B67 -- C:\Windows\System32\DriverStore\FileRepository\iastorv.inf_x86_neutral_18cccb83b34e1453\iaStorV.sys
[2009/07/13 18:20:36 | 000,332,352 | ---- | M] (Intel Corporation) MD5=934AF4D7C5F457B9F0743F4299B77B67 -- C:\Windows\winsxs\x86_iastorv.inf_31bf3856ad364e35_6.1.7600.16385_none_aee7a89be91b9000\iaStorV.sys

< MD5 for: NETLOGON.DLL >
[2009/07/13 18:16:02 | 000,563,712 | ---- | M] (Microsoft Corporation) MD5=EAA75D9000B71F10EEC04D2AE6C60E81 -- C:\Windows\System32\netlogon.dll
[2009/07/13 18:16:02 | 000,563,712 | ---- | M] (Microsoft Corporation) MD5=EAA75D9000B71F10EEC04D2AE6C60E81 -- C:\Windows\winsxs\x86_microsoft-windows-security-netlogon_31bf3856ad364e35_6.1.7600.16385_none_fd8e0d66994d7dc8\netlogon.dll

< MD5 for: NVRD32.SYS >
[2008/11/12 17:02:46 | 000,133,152 | ---- | M] (NVIDIA Corporation) MD5=5DD1242CABC1EF8DCE4438D72D72A436 -- C:\NVIDIA\nForceWinVistaInt\15.26\IDE\WinVista\sataraid\nvrd32.sys

< MD5 for: NVSTOR.SYS >
[2009/07/13 18:20:44 | 000,142,416 | ---- | M] (NVIDIA Corporation) MD5=C99F251A5DE63C6F129CF71933ACED0F -- C:\Windows\System32\drivers\nvstor.sys
[2009/07/13 18:20:44 | 000,142,416 | ---- | M] (NVIDIA Corporation) MD5=C99F251A5DE63C6F129CF71933ACED0F -- C:\Windows\System32\DriverStore\FileRepository\nvraid.inf_x86_neutral_5bde3fe2945bce9e\nvstor.sys
[2009/07/13 18:20:44 | 000,142,416 | ---- | M] (NVIDIA Corporation) MD5=C99F251A5DE63C6F129CF71933ACED0F -- C:\Windows\winsxs\x86_nvraid.inf_31bf3856ad364e35_6.1.7600.16385_none_39b1194b205239d8\nvstor.sys

< MD5 for: SCECLI.DLL >
[2009/07/13 18:16:13 | 000,175,616 | ---- | M] (Microsoft Corporation) MD5=26073302DAEA83CC5B944C546D6B47D2 -- C:\Windows\System32\scecli.dll
[2009/07/13 18:16:13 | 000,175,616 | ---- | M] (Microsoft Corporation) MD5=26073302DAEA83CC5B944C546D6B47D2 -- C:\Windows\winsxs\x86_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.1.7600.16385_none_37e4387f3a6f0483\scecli.dll

< MD5 for: USER32.DLL >
[2009/07/13 18:16:17 | 000,811,520 | ---- | M] (Microsoft Corporation) MD5=34B7E222E81FAFA885F0C5F2CFA56861 -- C:\Windows\System32\user32.dll
[2009/07/13 18:16:17 | 000,811,520 | ---- | M] (Microsoft Corporation) MD5=34B7E222E81FAFA885F0C5F2CFA56861 -- C:\Windows\winsxs\x86_microsoft-windows-user32_31bf3856ad364e35_6.1.7600.16385_none_cd0ec264ceb014a3\user32.dll

< MD5 for: WS2_32.DLL >
[2009/07/13 18:16:20 | 000,206,336 | ---- | M] (Microsoft Corporation) MD5=DAAE8A9B8C0ACC7F858454132553C30D -- C:\Windows\System32\ws2_32.dll
[2009/07/13 18:16:20 | 000,206,336 | ---- | M] (Microsoft Corporation) MD5=DAAE8A9B8C0ACC7F858454132553C30D -- C:\Windows\winsxs\x86_microsoft-windows-w..nfrastructure-ws232_31bf3856ad364e35_6.1.7600.16385_none_f28e06e62fa99b35\ws2_32.dll

< %systemroot%\*. /mp /s >

< HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate\AU >

< End of report >

--------------------------


OTL Extras logfile created on: 9/13/2010 5:20:52 PM - Run 1
OTL by OldTimer - Version 3.2.12.0 Folder = C:\Users\User\Desktop
Ultimate Edition (Version = 6.1.7600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.7600.16385)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

3.00 Gb Total Physical Memory | 1.00 Gb Available Physical Memory | 48.00% Memory free
6.00 Gb Paging File | 4.00 Gb Available in Paging File | 70.00% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 232.79 Gb Total Space | 2.23 Gb Free Space | 0.96% Space Free | Partition Type: NTFS
D: Drive not present or media not loaded
E: Drive not present or media not loaded
Drive F: | 7.45 Gb Total Space | 0.90 Gb Free Space | 12.08% Space Free | Partition Type: FAT32
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded

Computer Name: USER-PC
Current User Name: User
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: All users
Company Name Whitelist: On
Skip Microsoft Files: On
File Age = 90 Days
Output = Standard
Quick Scan

========== Extra Registry (SafeList) ==========


========== File Associations ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\System32\control.exe (Microsoft Corporation)
.hlp [@ = hlpfile] -- C:\Windows\winhlp32.exe (Microsoft Corporation)

[HKEY_USERS\S-1-5-21-3074497874-418840486-2860784660-1000\SOFTWARE\Classes\<extension>]
.html [@ = ChromeHTML] -- Reg Error: Key error. File not found

========== Shell Spawning ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
hlpfile [open] -- %SystemRoot%\winhlp32.exe %1 (Microsoft Corporation)
htmlfile [edit] -- "C:\Program Files\Microsoft Office\Office12\msohtmed.exe" %1 (Microsoft Corporation)
htmlfile [print] -- "C:\Program Files\Microsoft Office\Office12\msohtmed.exe" /p %1 (Microsoft Corporation)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l (Microsoft Corporation)
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [AddToPlaylistVLC] -- C:\Program Files\VideoLAN\VLC\vlc.exe --started-from-file --playlist-enqueue "%1" ()
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [OneNote.Open] -- C:\PROGRA~1\MICROS~2\Office12\ONENOTE.EXE "%L" (Microsoft Corporation)
Directory [PlayWithVLC] -- C:\Program Files\VideoLAN\VLC\vlc.exe --started-from-file --no-playlist-enqueue "%1" ()
Directory [Winamp.Bookmark] -- "C:\Program Files\Winamp\winamp.exe" /BOOKMARK "%1" (Nullsoft, Inc.)
Directory [Winamp.Enqueue] -- "C:\Program Files\Winamp\winamp.exe" /ADD "%1" (Nullsoft, Inc.)
Directory [Winamp.Play] -- "C:\Program Files\Winamp\winamp.exe" "%1" (Nullsoft, Inc.)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

========== Security Center Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"VistaSp1" = Reg Error: Unknown registry data type -- File not found
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]

========== Firewall Settings ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1

========== Authorized Applications List ==========


========== HKEY_LOCAL_MACHINE Uninstall List ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{002D9D5E-29BA-3E6D-9BC4-3D7D6DBC735C}" = Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148
"{015C5B35-B678-451C-9AEE-821E8D69621C}_is1" = PeerBlock 1.0.0 (r181)
"{0429B343-D023-4524-89BC-0478E0D9E3C3}" = Sound Blaster World of Warcraft Headset
"{07287123-B8AC-41CE-8346-3D777245C35B}" = Bonjour
"{197A3012-8C85-4FD3-AB66-9EC7E13DB92E}" = Adobe AIR
"{1a413f37-ed88-4fec-9666-5c48dc4b7bb7}" = YouTube Downloader 2.6.1
"{226b64e8-dc75-4eea-a6c8-abcb496320f2}-Google Talk" = Google Talk (remove only)
"{26A24AE4-039D-4CA4-87B4-2F83216018FF}" = Java™ 6 Update 18
"{342126E1-173C-4585-BFBE-3EBDD20E3E9E}" = Mobipocket Reader 6.2
"{39F6E2B4-CFE8-C30A-66E8-489651F0F34C}" = Adobe Media Player
"{3FA365DF-2D68-45ED-8F83-8C8A33E65143}" = Apple Application Support
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{4A7FDA4D-F4D7-4A49-934A-066D59A43C7E}" = SmartSound Quicktracks Plugin
"{4FBCEA31-5D18-4212-9231-DE7CF1BE7DBB}" = Logitech Vid
"{56C049BE-79E9-4502-BEA7-9754A3E60F9B}" = neroxml
"{5B1C8D6A-0968-45BA-8D22-F002A94EC278}" = Natural Voice Crystal16
"{6956856F-B6B3-4BE0-BA0B-8F495BE32033}" = Apple Software Update
"{6fa53d5d-895d-4330-8f4e-6b58ad504293}" = Nero 9 Lite
"{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable
"{7748AC8C-18E3-43BB-959B-088FAEA16FB2}" = Nero StartSmart
"{789289CA-F73A-4A16-A331-54D498CE069F}" = Ventrilo Client
"{81063354-9060-42B2-A000-1EBE96778AA9}" = iTunes
"{837b34e3-7c30-493c-8f6a-2b0f04e2912c}" = Microsoft Visual C++ 2005 Redistributable
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8B7917E0-AF55-4E8A-9473-017F0AA03AC8}" = QuickTime
"{90120000-0015-0409-0000-0000000FF1CE}" = Microsoft Office Access MUI (English) 2007
"{90120000-0015-0409-0000-0000000FF1CE}_ENTERPRISE_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = 2007 Microsoft Office Suite Service Pack 2 (SP2)
"{90120000-0016-0409-0000-0000000FF1CE}" = Microsoft Office Excel MUI (English) 2007
"{90120000-0016-0409-0000-0000000FF1CE}_ENTERPRISE_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = 2007 Microsoft Office Suite Service Pack 2 (SP2)
"{90120000-0018-0409-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (English) 2007
"{90120000-0018-0409-0000-0000000FF1CE}_ENTERPRISE_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = 2007 Microsoft Office Suite Service Pack 2 (SP2)
"{90120000-0019-0409-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (English) 2007
"{90120000-0019-0409-0000-0000000FF1CE}_ENTERPRISE_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = 2007 Microsoft Office Suite Service Pack 2 (SP2)
"{90120000-001A-0409-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (English) 2007
"{90120000-001A-0409-0000-0000000FF1CE}_ENTERPRISE_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = 2007 Microsoft Office Suite Service Pack 2 (SP2)
"{90120000-001B-0409-0000-0000000FF1CE}" = Microsoft Office Word MUI (English) 2007
"{90120000-001B-0409-0000-0000000FF1CE}_ENTERPRISE_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = 2007 Microsoft Office Suite Service Pack 2 (SP2)
"{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007
"{90120000-001F-0409-0000-0000000FF1CE}_ENTERPRISE_{ABDDE972-355B-4AF1-89A8-DA50B7B5C045}" = 2007 Microsoft Office Suite Service Pack 2 (SP2)
"{90120000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2007
"{90120000-001F-040C-0000-0000000FF1CE}_ENTERPRISE_{F580DDD5-8D37-4998-968E-EBB76BB86787}" = 2007 Microsoft Office Suite Service Pack 2 (SP2)
"{90120000-001F-0C0A-0000-0000000FF1CE}" = Microsoft Office Proof (Spanish) 2007
"{90120000-001F-0C0A-0000-0000000FF1CE}_ENTERPRISE_{187308AB-5FA7-4F14-9AB9-D290383A10D9}" = 2007 Microsoft Office Suite Service Pack 2 (SP2)
"{90120000-002C-0409-0000-0000000FF1CE}" = Microsoft Office Proofing (English) 2007
"{90120000-0030-0000-0000-0000000FF1CE}" = Microsoft Office Enterprise 2007
"{90120000-0030-0000-0000-0000000FF1CE}_ENTERPRISE_{0B36C6D6-F5D8-4EAF-BF94-4376A230AD5B}" = 2007 Microsoft Office Suite Service Pack 2 (SP2)
"{90120000-0030-0000-0000-0000000FF1CE}_ENTERPRISE_{3D019598-7B59-447A-80AE-815B703B84FF}" = Security Update for Microsoft Office system 2007 (972581)
"{90120000-0044-0409-0000-0000000FF1CE}" = Microsoft Office InfoPath MUI (English) 2007
"{90120000-0044-0409-0000-0000000FF1CE}_ENTERPRISE_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = 2007 Microsoft Office Suite Service Pack 2 (SP2)
"{90120000-006E-0409-0000-0000000FF1CE}" = Microsoft Office Shared MUI (English) 2007
"{90120000-006E-0409-0000-0000000FF1CE}_ENTERPRISE_{DE5A002D-8122-4278-A7EE-3121E7EA254E}" = 2007 Microsoft Office Suite Service Pack 2 (SP2)
"{90120000-00A1-0409-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (English) 2007
"{90120000-00A1-0409-0000-0000000FF1CE}_ENTERPRISE_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = 2007 Microsoft Office Suite Service Pack 2 (SP2)
"{90120000-00BA-0409-0000-0000000FF1CE}" = Microsoft Office Groove MUI (English) 2007
"{90120000-00BA-0409-0000-0000000FF1CE}_ENTERPRISE_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = 2007 Microsoft Office Suite Service Pack 2 (SP2)
"{90120000-0114-0409-0000-0000000FF1CE}" = Microsoft Office Groove Setup Metadata MUI (English) 2007
"{90120000-0114-0409-0000-0000000FF1CE}_ENTERPRISE_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = 2007 Microsoft Office Suite Service Pack 2 (SP2)
"{90120000-0115-0409-0000-0000000FF1CE}" = Microsoft Office Shared Setup Metadata MUI (English) 2007
"{90120000-0115-0409-0000-0000000FF1CE}_ENTERPRISE_{DE5A002D-8122-4278-A7EE-3121E7EA254E}" = 2007 Microsoft Office Suite Service Pack 2 (SP2)
"{90120000-0117-0409-0000-0000000FF1CE}" = Microsoft Office Access Setup Metadata MUI (English) 2007
"{90120000-0117-0409-0000-0000000FF1CE}_ENTERPRISE_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = 2007 Microsoft Office Suite Service Pack 2 (SP2)
"{92482FB3-C05B-41C6-89E7-75D985602A6E}" = System Requirements Lab
"{961034C0-58DF-11DF-97FD-005056806466}" = Google Earth Plug-in
"{980A182F-E0A2-4A40-94C1-AE0C1235902E}" = Pando Media Booster
"{981029E0-7FC9-4CF3-AB39-6F133621921A}" = Skype Toolbars
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{A49F249F-0C91-497F-86DF-B2585E8E76B7}" = Microsoft Visual C++ 2005 Redistributable
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{AADEA55D-C834-4BCB-98A3-4B8D1C18F4EE}" = Apple Mobile Device Support
"{AC76BA86-1033-F400-7761-000000000004}" = Adobe Acrobat 9 Pro Extended - English, Français, Deutsch
"{AC76BA86-1033-F400-7761-000000000004}_932" = Adobe Acrobat 9.3.2 - CPSID_53951
"{AC76BA86-1033-F400-7761-000000000004}{AC76BA86-1033-F400-7761-000000000004}" = Adobe Acrobat 9 Pro Extended - English, Français, Deutsch
"{B2EC4A38-B545-4A00-8214-13FE0E915E6D}" = Advertising Center
"{B3DAF54F-DB25-4586-9EF1-96D24BB14088}" = Windows Movie Maker 2.6
"{BD5CA0DA-71AD-43DA-B19E-6EEE0C9ADC9A}" = Nero ControlCenter
"{C27BC2A2-30DD-4014-B22E-63EB0DB572F9}" = Logitech Webcam Software
"{C81A2FE0-3574-00A9-CED4-BDAA334CBE8E}" = Nero Online Upgrade
"{CB099890-1D5F-11D5-9EA9-0050BAE317E1}" = CyberLink PowerDirector
"{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}" = Microsoft .NET Framework 1.1
"{D103C4BA-F905-437A-8049-DB24763BBE36}" = Skype™ 4.2
"{D36DD326-7280-11D8-97C8-000129760CBE}" = CyberLink PhotoNow
"{E8A80433-302B-4FF1-815D-FCC8EAC482FF}" = Nero Installer
"{ED147072-2079-43AA-A9DE-F2027591C682}" = NaturalReader7
"{ED6C5ECD-5AA4-4054-BF67-8F49526E5765}" = O&O Defrag Professional
"{F333A33D-125C-32A2-8DCE-5C5D14231E27}" = Visual C++ 2008 x86 Runtime - (v9.0.30729)
"{F333A33D-125C-32A2-8DCE-5C5D14231E27}.vc_x86runtime_30729_01" = Visual C++ 2008 x86 Runtime - v9.0.30729.01
"{FB08F381-6533-4108-B7DD-039E11FBC27E}" = Realtek AC'97 Audio
"12bbe590-c890-11d9-9669-0800200c9a66_is1" = The Lord of the Rings Online™ v03.02.03.8013
"Adobe AIR" = Adobe AIR
"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin
"Adobe Photoshop 7.0" = Adobe Photoshop 7.0
"AIM_7" = AIM 7
"Audacity 1.3 Beta (Unicode)_is1" = Audacity 1.3.11 (Unicode)
"AVG9Uninstall" = AVG Free 9.0
"AviSynth" = AviSynth 2.5
"CCleaner" = CCleaner
"com.adobe.amp.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1" = Adobe Media Player
"ENTERPRISE" = Microsoft Office Enterprise 2007
"FFmpeg for Audacity on Windows_is1" = FFmpeg for Audacity on Windows
"InstallShield_{4A7FDA4D-F4D7-4A49-934A-066D59A43C7E}" = SmartSound Quicktracks Plugin
"InstallShield_{CB099890-1D5F-11D5-9EA9-0050BAE317E1}" = CyberLink PowerDirector
"InstallShield_{D36DD326-7280-11D8-97C8-000129760CBE}" = CyberLink PhotoNow
"LAME for Audacity_is1" = LAME v3.98.2 for Audacity
"lvdrivers_12.10" = Logitech Webcam Software Driver Package
"Magic ISO Maker v5.5 (build 0281)" = Magic ISO Maker v5.5 (build 0281)
"MagicDisc 2.7.106" = MagicDisc 2.7.106
"Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware
"Microsoft .NET Framework 1.1 (1033)" = Microsoft .NET Framework 1.1
"mIRC" = mIRC
"Mozilla Firefox (3.6.8)" = Mozilla Firefox (3.6.8)
"NVIDIA Display Control Panel" = NVIDIA Display Control Panel
"NVIDIA Drivers" = NVIDIA Drivers
"PokerStars" = PokerStars
"Revo Uninstaller" = Revo Uninstaller 1.85
"SoftwareUpdUtility" = Download Updater (AOL LLC)
"Sophos-AntiRootkit" = Sophos Anti-Rootkit 1.5.4
"ST6UNST #1" = DKP Profiler
"SysInfo" = Creative System Information
"uTorrent" = µTorrent
"Videora iPod touch Converter" = Videora iPod touch Converter 5.04
"VLC media player" = VLC media player 0.9.2
"Winamp" = Winamp
"WinRAR archiver" = WinRAR archiver
"World of Warcraft" = World of Warcraft
"Yahoo! Messenger" = Yahoo! Messenger

========== HKEY_USERS Uninstall List ==========

[HKEY_USERS\S-1-5-21-3074497874-418840486-2860784660-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"090215de958f1060" = Curse Client
"Google Chrome" = Google Chrome
"Winamp Detect" = Winamp Detector Plug-in

========== Last 10 Event Log Errors ==========

Error reading Event Logs: The Event Service is not operating properly or the Event Logs are corrupt!

< End of report >


#4 etavares

etavares

    Bleepin' Remover


  • Malware Response Team
  • 15,514 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:08:22 PM

Posted 14 September 2010 - 05:17 PM

Hello, hobyman.
OK, definitely still some malware on your computer. One more scan, then we remove.


P2P Warning and Request
The log shows that you have been using so called peer-to-peer or file-sharing programmes (in your case uTorrent). These programmes allow to share files between users as the name(s) suggest. In today's world the cyber crime has come a long way and any means is used to infect personal computers to make use of their stored data or machine power for further propagation of their malware files. A popular means is the use of file-sharing tools as a tremendous amount of prospective victims can be reached through it.

It is therefore possible to be infected by downloading manipulated files via peer-to-peer tools and thus suggested to be used with intense care. I recommend that you uninstall this program. That is optional, however. If you decide to not uninstall, please refrain from using it until I let you know your computer is clean.
Online Poker Warning
Your logs show that you have online poker programs installed on your computer. I know that you may use these (this) game(s) on a regular basis but I think it's important to note that often these kind of programmes are installed with other unwanted software, namely spyware or adware. Due to this I strongly suggest that you uninstall these programmes if you do not use them anymore or did not install these programmes yourself on purpose. There are so many online poker games out there these days that it is close to impossible to keep track of whether a programme is infected or not. Should you have installed this online poker game on purpose and wish to continue using this, you may ignore this. Should you decide to uninstall the programme, then you can do so by following the below steps:

You can remove this via Add/Remove programs.


Registry Cleaner Warning


I also see that you have a Ccleaner installed. It is a great tool that I use. However, be careful of the registry cleaning functionality (versus file cleaning), Here at BC, we do not recommend using registry cleaners as they don't speed up your computer and they can do more harm than good if they remove a legitimate entry. If you do use it, make sure to use a tool like ERUNT to back up your registry first. Merely backing it up yourself via regedit wont' help you if you can't boot up as a result!

See here for more information:
http://www.bleepingcomputer.com/forums/ind...p;#entry1326578










Step 1

Please download MBRCheck by ad_13 and save it to your desktop.

Double-click to run. A window will pop up. If it says 'non-standard' or 'infected' MBR code detected, please type 3 for Exit for now and press Enter.

It will save a logfile on your desktop that starts with MBR, then has the date, etc. Please copy and paste the contents of that log in your reply.



Step 2

Scan With RKUnHooker
  • Please Rootkit Unhooker and save it to your desktop.
  • Now double-click on RKUnhookerLE.exe to run it.
  • Click the Report tab, then click Scan.
  • Check (Tick) Drivers, Stealth. Uncheck the rest. then Click OK.
  • Wait till the scanner has finished and then click File, Save Report.
  • Save the report somewhere where you can find it. Click Close.

Copy the entire contents of the report and paste it in a reply here.

Note** you may get this warning it is ok, just ignore

QUOTE
"Rootkit Unhooker has detected a parasite inside itself!
It is recommended to remove parasite, okay?"


etavares


If I don't respond within 2 days, please feel free to PM me.
Please don't ask for help via PM. The forums are there for a reason. Please post in the forums so others may benefit as well.

Posted Image
Unified Network of Instructors and Trusted Eliminators
 


#5 hobyman

hobyman
  • Topic Starter

  • Members
  • 13 posts
  • OFFLINE
  •  
  • Local time:05:22 PM

Posted 14 September 2010 - 05:32 PM

Hello there. Thank you for the suggestions regarding the P2P software, Poker games, and CCleaner. I will definitely take all of that into account and follow your instructions. Here are the logs you requested and thank you so much for your assistance!


MBRCheck, version 1.2.3
© 2010, AD

Command-line:
Windows Version: Windows 7 Ultimate Edition
Windows Information: (build 7600), 32-bit
Logical Drives Mask: 0x0000003c

Kernel Drivers (total 159):
0x82A14000 \SystemRoot\system32\ntkrnlpa.exe
0x82E24000 \SystemRoot\system32\halmacpi.dll
0x80BCF000 \SystemRoot\system32\kdcom.dll
0x8AA02000 \SystemRoot\system32\mcupdate_AuthenticAMD.dll
0x8AA0D000 \SystemRoot\system32\PSHED.dll
0x8AA1E000 \SystemRoot\system32\BOOTVID.dll
0x8AA26000 \SystemRoot\system32\CLFS.SYS
0x8AA68000 \SystemRoot\system32\CI.dll
0x8AB13000 \SystemRoot\system32\drivers\Wdf01000.sys
0x8AB84000 \SystemRoot\system32\drivers\WDFLDR.SYS
0x8AB92000 \SystemRoot\system32\DRIVERS\ACPI.sys
0x8ABDA000 \SystemRoot\system32\DRIVERS\WMILIB.SYS
0x8ABE3000 \SystemRoot\system32\DRIVERS\msisadrv.sys
0x8AC3E000 \SystemRoot\system32\DRIVERS\pci.sys
0x8AC68000 \SystemRoot\system32\DRIVERS\vdrvroot.sys
0x8AC73000 \SystemRoot\System32\drivers\partmgr.sys
0x8AC84000 \SystemRoot\system32\DRIVERS\volmgr.sys
0x8AC94000 \SystemRoot\System32\drivers\volmgrx.sys
0x8ACDF000 \SystemRoot\system32\DRIVERS\pciide.sys
0x8ACE6000 \SystemRoot\system32\DRIVERS\PCIIDEX.SYS
0x8ACF4000 \SystemRoot\System32\drivers\mountmgr.sys
0x8AD0A000 \SystemRoot\system32\DRIVERS\atapi.sys
0x8AD13000 \SystemRoot\system32\DRIVERS\ataport.SYS
0x8AD36000 \SystemRoot\system32\DRIVERS\nvstor.sys
0x8AD5B000 \SystemRoot\system32\DRIVERS\storport.sys
0x8ADA2000 \SystemRoot\system32\DRIVERS\amdxata.sys
0x8ADAB000 \SystemRoot\system32\drivers\fltmgr.sys
0x8ADDF000 \SystemRoot\system32\drivers\fileinfo.sys
0x8AE09000 \SystemRoot\System32\Drivers\Ntfs.sys
0x8AF38000 \SystemRoot\System32\Drivers\msrpc.sys
0x8AF63000 \SystemRoot\System32\Drivers\ksecdd.sys
0x8AF76000 \SystemRoot\System32\Drivers\cng.sys
0x8AFD3000 \SystemRoot\System32\drivers\pcw.sys
0x8AFE1000 \SystemRoot\System32\Drivers\Fs_Rec.sys
0x8B019000 \SystemRoot\system32\drivers\ndis.sys
0x8B0D0000 \SystemRoot\system32\drivers\NETIO.SYS
0x8B10E000 \SystemRoot\System32\Drivers\ksecpkg.sys
0x8B218000 \SystemRoot\System32\drivers\tcpip.sys
0x8B361000 \SystemRoot\System32\drivers\fwpkclnt.sys
0x8B392000 \SystemRoot\system32\DRIVERS\vmstorfl.sys
0x8B39B000 \SystemRoot\system32\DRIVERS\volsnap.sys
0x8B3DA000 \SystemRoot\System32\Drivers\spldr.sys
0x8B133000 \SystemRoot\System32\drivers\rdyboost.sys
0x8B3E2000 \SystemRoot\System32\Drivers\mup.sys
0x8B3F2000 \SystemRoot\System32\drivers\hwpolicy.sys
0x8B160000 \SystemRoot\System32\DRIVERS\fvevol.sys
0x8B200000 \SystemRoot\system32\DRIVERS\disk.sys
0x8B192000 \SystemRoot\system32\DRIVERS\CLASSPNP.SYS
0x8AC00000 \SystemRoot\system32\DRIVERS\cdrom.sys
0x8B211000 \SystemRoot\System32\Drivers\Null.SYS
0x8B011000 \SystemRoot\System32\Drivers\Beep.SYS
0x8B1F3000 \SystemRoot\System32\drivers\vga.sys
0x8FE2D000 \SystemRoot\System32\drivers\VIDEOPRT.SYS
0x8FE4E000 \SystemRoot\System32\drivers\watchdog.sys
0x8FE5B000 \SystemRoot\System32\DRIVERS\RDPCDD.sys
0x8FE63000 \SystemRoot\system32\drivers\rdpencdd.sys
0x8FE6B000 \SystemRoot\system32\drivers\rdprefmp.sys
0x8FE73000 \SystemRoot\System32\Drivers\Msfs.SYS
0x8FE7E000 \SystemRoot\System32\Drivers\Npfs.SYS
0x8FE8C000 \SystemRoot\system32\DRIVERS\tdx.sys
0x8FEA3000 \SystemRoot\system32\DRIVERS\TDI.SYS
0x8FEAE000 \SystemRoot\System32\Drivers\avgtdix.sys
0x8FEE8000 \SystemRoot\System32\DRIVERS\netbt.sys
0x8FF1A000 \SystemRoot\system32\drivers\afd.sys
0x8FF74000 \SystemRoot\system32\DRIVERS\wfplwf.sys
0x8FF7B000 \SystemRoot\system32\DRIVERS\pacer.sys
0x8FF9A000 \SystemRoot\system32\DRIVERS\netbios.sys
0x8FFA8000 \SystemRoot\system32\DRIVERS\serial.sys
0x8FFC2000 \SystemRoot\system32\DRIVERS\wanarp.sys
0x8FFD5000 \SystemRoot\system32\DRIVERS\termdd.sys
0x8FA31000 \SystemRoot\system32\DRIVERS\rdbss.sys
0x8FA72000 \SystemRoot\system32\drivers\nsiproxy.sys
0x8FA7C000 \SystemRoot\system32\DRIVERS\mssmbios.sys
0x8FA86000 \SystemRoot\System32\drivers\discache.sys
0x8FA92000 \SystemRoot\system32\drivers\csc.sys
0x8FAF6000 \SystemRoot\System32\Drivers\dfsc.sys
0x8FB0E000 \SystemRoot\system32\DRIVERS\blbdrive.sys
0x8FB1C000 \SystemRoot\System32\Drivers\avgmfx86.sys
0x8FB22000 \SystemRoot\System32\Drivers\avgldx86.sys
0x8FB56000 \SystemRoot\system32\DRIVERS\tunnel.sys
0x8FB77000 \SystemRoot\system32\DRIVERS\amdk8.sys
0x9120D000 \SystemRoot\system32\DRIVERS\nvlddmkm.sys
0x91D19000 \SystemRoot\system32\DRIVERS\nvBridge.kmd
0x91D1B000 \SystemRoot\System32\drivers\dxgkrnl.sys
0x8FB89000 \SystemRoot\System32\drivers\dxgmms1.sys
0x91DD2000 \SystemRoot\system32\DRIVERS\usbohci.sys
0x90804000 \SystemRoot\system32\DRIVERS\USBPORT.SYS
0x9084F000 \SystemRoot\system32\DRIVERS\usbehci.sys
0x9085E000 \SystemRoot\system32\DRIVERS\GEARAspiWDM.sys
0x90A01000 \SystemRoot\system32\drivers\RTKVAC.SYS
0x9086F000 \SystemRoot\system32\drivers\portcls.sys
0x9089E000 \SystemRoot\system32\drivers\drmk.sys
0x908B7000 \SystemRoot\system32\drivers\ks.sys
0x908EB000 \SystemRoot\system32\DRIVERS\nvm62x32.sys
0x90940000 \SystemRoot\system32\DRIVERS\fdc.sys
0x9094B000 \SystemRoot\system32\DRIVERS\serenum.sys
0x90955000 \SystemRoot\system32\DRIVERS\parport.sys
0x9096D000 \SystemRoot\system32\DRIVERS\i8042prt.sys
0x90985000 \SystemRoot\system32\DRIVERS\kbdclass.sys
0x90992000 \SystemRoot\system32\DRIVERS\CompositeBus.sys
0x9099F000 \SystemRoot\system32\DRIVERS\AgileVpn.sys
0x909B1000 \SystemRoot\system32\DRIVERS\rasl2tp.sys
0x909C9000 \SystemRoot\system32\DRIVERS\ndistapi.sys
0x909D4000 \SystemRoot\system32\DRIVERS\ndiswan.sys
0x91DDC000 \SystemRoot\system32\DRIVERS\raspppoe.sys
0x8FBC2000 \SystemRoot\system32\DRIVERS\raspptp.sys
0x8FBD9000 \SystemRoot\system32\DRIVERS\rassstp.sys
0x909F6000 \SystemRoot\system32\DRIVERS\rdpbus.sys
0x91200000 \SystemRoot\system32\DRIVERS\mouclass.sys
0x8FA00000 \SystemRoot\system32\DRIVERS\mcdbus.sys
0x8FE00000 \SystemRoot\system32\DRIVERS\SCSIPORT.SYS
0x90DFB000 \SystemRoot\system32\DRIVERS\swenum.sys
0x8FA1D000 \SystemRoot\system32\DRIVERS\umbus.sys
0x90435000 \SystemRoot\system32\DRIVERS\usbhub.sys
0x90479000 \SystemRoot\System32\Drivers\NDProxy.SYS
0x9048A000 \SystemRoot\system32\DRIVERS\hidusb.sys
0x90495000 \SystemRoot\system32\DRIVERS\HIDCLASS.SYS
0x904A8000 \SystemRoot\system32\DRIVERS\HIDPARSE.SYS
0x904AF000 \SystemRoot\system32\DRIVERS\USBD.SYS
0x904B1000 \SystemRoot\system32\DRIVERS\mouhid.sys
0x904BC000 \SystemRoot\System32\Drivers\crashdmp.sys
0x904C9000 \SystemRoot\System32\Drivers\dump_diskdump.sys
0x904D3000 \SystemRoot\System32\Drivers\dump_nvstor.sys
0x904F8000 \SystemRoot\System32\Drivers\dump_dumpfve.sys
0x97CA0000 \SystemRoot\System32\win32k.sys
0x90509000 \SystemRoot\System32\drivers\Dxapi.sys
0x90513000 \SystemRoot\system32\DRIVERS\monitor.sys
0x97F00000 \SystemRoot\System32\TSDDD.dll
0x97F30000 \SystemRoot\System32\cdd.dll
0x97F50000 \SystemRoot\System32\ATMFD.DLL
0x9051E000 \SystemRoot\system32\drivers\luafv.sys
0x90539000 \SystemRoot\system32\drivers\WudfPf.sys
0x90553000 \SystemRoot\system32\DRIVERS\lltdio.sys
0x90563000 \SystemRoot\system32\DRIVERS\rspndr.sys
0x90576000 \SystemRoot\system32\drivers\HTTP.sys
0x90400000 \SystemRoot\system32\DRIVERS\bowser.sys
0x90419000 \SystemRoot\System32\drivers\mpsdrv.sys
0x8B1B7000 \SystemRoot\system32\DRIVERS\mrxsmb.sys
0x9CC22000 \SystemRoot\system32\DRIVERS\mrxsmb10.sys
0x9CC5D000 \SystemRoot\system32\DRIVERS\mrxsmb20.sys
0x9CC78000 \SystemRoot\system32\DRIVERS\parvdm.sys
0x9CC7F000 \SystemRoot\system32\drivers\peauth.sys
0x9CD16000 \SystemRoot\System32\Drivers\secdrv.SYS
0x9CD20000 \SystemRoot\System32\DRIVERS\srvnet.sys
0x9CD41000 \SystemRoot\System32\drivers\tcpipreg.sys
0x9CD4E000 \SystemRoot\System32\DRIVERS\srv2.sys
0x9CD9D000 \SystemRoot\System32\DRIVERS\srv.sys
0xA0814000 \SystemRoot\System32\drivers\rdpdr.sys
0xA0839000 \SystemRoot\system32\DRIVERS\LVPr2Mon.sys
0xA083E000 \SystemRoot\system32\drivers\tdtcp.sys
0xA0848000 \SystemRoot\System32\DRIVERS\tssecsrv.sys
0xA0855000 \SystemRoot\System32\Drivers\RDPWD.SYS
0xA0886000 \??\C:\Program Files\PeerBlock\pbfilter.sys
0xA088D000 \??\C:\Windows\system32\drivers\mbam.sys
0xA08E8000 \SystemRoot\System32\Drivers\fastfat.SYS
0xA0912000 \SystemRoot\system32\DRIVERS\USBSTOR.SYS
0x775E0000 \Windows\System32\ntdll.dll
0x475B0000 \Windows\System32\smss.exe
0x77820000 \Windows\System32\apisetschema.dll

Processes (total 77):
0 System Idle Process
4 System
228 C:\Windows\System32\smss.exe
328 csrss.exe
388 C:\Windows\System32\wininit.exe
400 csrss.exe
412 C:\Program Files\AVG\AVG9\avgchsvx.exe
428 C:\Program Files\AVG\AVG9\avgrsx.exe
504 C:\Program Files\AVG\AVG9\avgcsrvx.exe
520 C:\Windows\System32\services.exe
528 C:\Windows\System32\lsass.exe
540 C:\Windows\System32\lsm.exe
600 C:\Windows\System32\winlogon.exe
944 C:\Windows\System32\svchost.exe
1008 C:\Windows\System32\nvvsvc.exe
1052 C:\Windows\System32\svchost.exe
1152 C:\Windows\System32\svchost.exe
1188 C:\Windows\System32\svchost.exe
1228 C:\Windows\System32\svchost.exe
1348 C:\Program Files\Creative\Shared Files\CTAudSvc.exe
1428 C:\Windows\System32\svchost.exe
1532 C:\Windows\System32\nvvsvc.exe
1564 C:\Windows\System32\svchost.exe
1704 C:\Windows\System32\spoolsv.exe
1760 C:\Windows\System32\svchost.exe
1940 C:\Windows\System32\dwm.exe
1960 C:\Windows\System32\taskhost.exe
2008 C:\Windows\explorer.exe
2020 C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
252 C:\Program Files\AVG\AVG9\avgwdsvc.exe
324 C:\Program Files\Bonjour\mDNSResponder.exe
788 C:\Windows\System32\svchost.exe
1880 C:\Program Files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe
1556 C:\Program Files\OO Software\Defrag\oodag.exe
2156 C:\Program Files\CyberLink\Shared files\RichVideo.exe
2348 C:\Windows\System32\svchost.exe
2860 C:\Program Files\Adobe\Acrobat 9.0\Acrobat\acrotray.exe
2880 C:\Windows\SOUNDMAN.EXE
2904 C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe
2912 C:\Program Files\OO Software\Defrag\oodtray.exe
2936 C:\Program Files\AVG\AVG9\avgnsx.exe
2972 C:\Program Files\Common Files\Java\Java Update\jusched.exe
2992 C:\Program Files\AVG\AVG9\avgtray.exe
3012 C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe
3020 C:\Program Files\Windows Sidebar\sidebar.exe
3064 C:\Program Files\PeerBlock\peerblock.exe
3432 C:\Windows\System32\svchost.exe
3524 C:\Program Files\Pando Networks\Media Booster\PMB.exe
3928 C:\Users\User\AppData\Local\Apps\2.0\Z6R1L6E0.0YW\LHY18LDN.OXZ\curs..tion_eee711038731a406_0004.0000_172b37d8269e5e48\CurseClient.exe
2712 C:\Windows\System32\SearchIndexer.exe
2624 C:\Program Files\Windows Media Player\wmpnetwk.exe
4184 C:\Windows\System32\svchost.exe
5592 C:\Users\User\AppData\Local\Google\Chrome\Application\chrome.exe
5860 C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe
4428 C:\Program Files\Common Files\Java\Java Update\jucheck.exe
1908 C:\Users\User\AppData\Local\Google\Chrome\Application\chrome.exe
2504 C:\Users\User\AppData\Local\Google\Chrome\Application\chrome.exe
5384 C:\Program Files\Winamp\winamp.exe
4032 C:\Users\User\AppData\Local\Google\Chrome\Application\chrome.exe
2116 C:\Program Files\Microsoft Office\Office12\EXCEL.EXE
1340 C:\Program Files\TTS1.4\DeskTop\bin\nvdesktopproxy.exe
5064 C:\Windows\System32\conhost.exe
2516 C:\Users\User\AppData\Local\Google\Chrome\Application\chrome.exe
3908 C:\Users\User\AppData\Local\Google\Chrome\Application\chrome.exe
4396 C:\Users\User\AppData\Local\Google\Chrome\Application\chrome.exe
3916 C:\Program Files\Microsoft Office\Office12\POWERPNT.EXE
5068 C:\Program Files\TTS1.4\DeskTop\bin\nvdesktopproxy.exe
2380 C:\Windows\System32\conhost.exe
4100 C:\Users\User\AppData\Local\Google\Chrome\Application\chrome.exe
5536 C:\Windows\System32\audiodg.exe
3040 C:\Users\User\AppData\Local\Google\Chrome\Application\chrome.exe
4584 C:\Users\User\AppData\Local\Google\Chrome\Application\chrome.exe
2760 C:\Windows\System32\SearchProtocolHost.exe
1148 C:\Windows\System32\SearchFilterHost.exe
4844 C:\Users\User\Desktop\MBRCheck.exe
5716 C:\Windows\System32\conhost.exe
1668 C:\Windows\System32\dllhost.exe

\\.\C: --> \\.\PhysicalDrive0 at offset 0x00000000`06500000 (NTFS)
\\.\F: --> \\.\PhysicalDrive1 at offset 0x00000000`007e0000 (FAT32)

PhysicalDrive0 Model Number: ST3250620AS, Rev: 3.AA
PhysicalDrive1 Model Number: SAMSUNGHM500JI, Rev:

Size Device Name MBR Status
--------------------------------------------
232 GB \\.\PhysicalDrive0 RE: Windows 7 MBR code detected
SHA1: 4379A3D43019B46FA357F7DD6A53B45A3CA8FB79
465 GB \\.\PhysicalDrive1 RE: Unknown MBR code
SHA1: 639AC5CDF8A5CF3245975932C6A4215450A7B98F


Found non-standard or infected MBR.
Enter 'Y' and hit ENTER for more options, or 'N' to exit:

Done!

------------------------------------------------------

RkU Version: 3.8.388.590, Type LE (SR2)
==============================================
OS Name: Windows 7
Version 6.1.7600
Number of processors #2
==============================================
>Drivers
==============================================
0x9120D000 C:\Windows\system32\DRIVERS\nvlddmkm.sys 11583488 bytes (NVIDIA Corporation, NVIDIA Windows Kernel Mode Driver, Version 196.21 )
0x82A14000 C:\Windows\system32\ntkrnlpa.exe 4259840 bytes (Microsoft Corporation, NT Kernel & System)
0x82A14000 PnpManager 4259840 bytes
0x82A14000 RAW 4259840 bytes
0x82A14000 WMIxWDM 4259840 bytes
0x90A01000 C:\Windows\system32\drivers\RTKVAC.SYS 4169728 bytes (Realtek Semiconductor Corp., Realtek AC'97 Audio Driver (WDM))
0x97CA0000 Win32k 2400256 bytes
0x97CA0000 C:\Windows\System32\win32k.sys 2400256 bytes (Microsoft Corporation, Multi-User Win32 Driver)
0x8B218000 C:\Windows\System32\drivers\tcpip.sys 1347584 bytes (Microsoft Corporation, TCP/IP Driver)
0x8AE09000 C:\Windows\System32\Drivers\Ntfs.sys 1241088 bytes (Microsoft Corporation, NT File System Driver)
0x91D1B000 C:\Windows\System32\drivers\dxgkrnl.sys 749568 bytes (Microsoft Corporation, DirectX Graphics Kernel)
0x8B019000 C:\Windows\system32\drivers\ndis.sys 749568 bytes (Microsoft Corporation, NDIS 6.20 driver)
0x8AA68000 C:\Windows\system32\CI.dll 700416 bytes (Microsoft Corporation, Code Integrity Module)
0x9CC7F000 C:\Windows\system32\drivers\peauth.sys 618496 bytes (Microsoft Corporation, Protected Environment Authentication and Authorization Export Driver)
0x90576000 C:\Windows\system32\drivers\HTTP.sys 544768 bytes (Microsoft Corporation, HTTP Protocol Stack)
0x8AB13000 C:\Windows\system32\drivers\Wdf01000.sys 462848 bytes (Microsoft Corporation, Kernel Mode Driver Framework Runtime)
0x8FA92000 C:\Windows\system32\drivers\csc.sys 409600 bytes (Microsoft Corporation, Windows Client Side Caching Driver)
0x8AF76000 C:\Windows\System32\Drivers\cng.sys 380928 bytes (Microsoft Corporation, Kernel Cryptography, Next Generation)
0x8FF1A000 C:\Windows\system32\drivers\afd.sys 368640 bytes (Microsoft Corporation, Ancillary Function Driver for WinSock)
0x908EB000 C:\Windows\system32\DRIVERS\nvm62x32.sys 348160 bytes (NVIDIA Corporation, NVIDIA MCP Networking Function Driver.)
0x9CD9D000 C:\Windows\System32\DRIVERS\srv.sys 331776 bytes (Microsoft Corporation, Server driver)
0x9CD4E000 C:\Windows\System32\DRIVERS\srv2.sys 323584 bytes (Microsoft Corporation, Smb 2.0 Server driver)
0x97F50000 C:\Windows\System32\ATMFD.DLL 315392 bytes (Adobe Systems Incorporated, Windows NT OpenType/Type 1 Font Driver)
0x90804000 C:\Windows\system32\DRIVERS\USBPORT.SYS 307200 bytes (Microsoft Corporation, USB 1.1 & 2.0 Port Driver)
0x8AC94000 C:\Windows\System32\drivers\volmgrx.sys 307200 bytes (Microsoft Corporation, Volume Manager Extension Driver)
0x8AB92000 C:\Windows\system32\DRIVERS\ACPI.sys 294912 bytes (Microsoft Corporation, ACPI Driver for NT)
0x8AD5B000 C:\Windows\system32\DRIVERS\storport.sys 290816 bytes (Microsoft Corporation, Microsoft Storage Port Driver)
0x90435000 C:\Windows\system32\DRIVERS\usbhub.sys 278528 bytes (Microsoft Corporation, Default Hub Driver for USB)
0x8AA26000 C:\Windows\system32\CLFS.SYS 270336 bytes (Microsoft Corporation, Common Log File System Driver)
0x8FA31000 C:\Windows\system32\DRIVERS\rdbss.sys 266240 bytes (Microsoft Corporation, Redirected Drive Buffering SubSystem Driver)
0x8B39B000 C:\Windows\system32\DRIVERS\volsnap.sys 258048 bytes (Microsoft Corporation, Volume Shadow Copy Driver)
0x8B0D0000 C:\Windows\system32\drivers\NETIO.SYS 253952 bytes (Microsoft Corporation, Network I/O Subsystem)
0x9CC22000 C:\Windows\system32\DRIVERS\mrxsmb10.sys 241664 bytes (Microsoft Corporation, Longhorn SMB Downlevel SubRdr)
0x8FEAE000 C:\Windows\System32\Drivers\avgtdix.sys 237568 bytes (AVG Technologies CZ, s.r.o., AVG Network connection watcher)
0x8FB89000 C:\Windows\System32\drivers\dxgmms1.sys 233472 bytes (Microsoft Corporation, DirectX Graphics MMS)
0x82E24000 ACPI_HAL 225280 bytes
0x82E24000 C:\Windows\system32\halmacpi.dll 225280 bytes (Microsoft Corporation, Hardware Abstraction Layer DLL)
0x8FB22000 C:\Windows\System32\Drivers\avgldx86.sys 212992 bytes (AVG Technologies CZ, s.r.o., AVG AVI Loader Driver)
0x8ADAB000 C:\Windows\system32\drivers\fltmgr.sys 212992 bytes (Microsoft Corporation, Microsoft Filesystem Filter Manager)
0x908B7000 C:\Windows\system32\drivers\ks.sys 212992 bytes (Microsoft Corporation, Kernel CSA Library)
0x8B160000 C:\Windows\System32\DRIVERS\fvevol.sys 204800 bytes (Microsoft Corporation, BitLocker Drive Encryption Driver)
0x8FEE8000 C:\Windows\System32\DRIVERS\netbt.sys 204800 bytes (Microsoft Corporation, MBT Transport driver)
0x8B361000 C:\Windows\System32\drivers\fwpkclnt.sys 200704 bytes (Microsoft Corporation, FWP/IPsec Kernel-Mode API)
0xA0855000 C:\Windows\System32\Drivers\RDPWD.SYS 200704 bytes (Microsoft Corporation, RDP Terminal Stack Driver)
0x9086F000 C:\Windows\system32\drivers\portcls.sys 192512 bytes (Microsoft Corporation, Port Class (Class Driver for Port/Miniport Devices))
0x8B133000 C:\Windows\System32\drivers\rdyboost.sys 184320 bytes (Microsoft Corporation, ReadyBoost Driver)
0x8AF38000 C:\Windows\System32\Drivers\msrpc.sys 176128 bytes (Microsoft Corporation, Kernel Remote Procedure Call Provider)
0xA08E8000 C:\Windows\System32\Drivers\fastfat.SYS 172032 bytes (Microsoft Corporation, Fast FAT File System Driver)
0x8AC3E000 C:\Windows\system32\DRIVERS\pci.sys 172032 bytes (Microsoft Corporation, NT Plug and Play PCI Enumerator)
0x8FE00000 C:\Windows\system32\DRIVERS\SCSIPORT.SYS 155648 bytes (Microsoft Corporation, SCSI Port Driver)
0x8B192000 C:\Windows\system32\DRIVERS\CLASSPNP.SYS 151552 bytes (Microsoft Corporation, SCSI Class System Dll)
0x904D3000 C:\Windows\System32\Drivers\dump_nvstor.sys 151552 bytes
0x8B10E000 C:\Windows\System32\Drivers\ksecpkg.sys 151552 bytes (Microsoft Corporation, Kernel Security Support Provider Interface Packages)
0x8AD36000 C:\Windows\system32\DRIVERS\nvstor.sys 151552 bytes (NVIDIA Corporation, NVIDIA® nForce™ Sata Performance Driver)
0xA0814000 C:\Windows\System32\drivers\rdpdr.sys 151552 bytes (Microsoft Corporation, Microsoft RDP Device redirector)
0x8AD13000 C:\Windows\system32\DRIVERS\ataport.SYS 143360 bytes (Microsoft Corporation, ATAPI Driver Extension)
0x8B1B7000 C:\Windows\system32\DRIVERS\mrxsmb.sys 143360 bytes (Microsoft Corporation, Windows NT SMB Minirdr)
0x909D4000 C:\Windows\system32\DRIVERS\ndiswan.sys 139264 bytes (Microsoft Corporation, MS PPP Framing Driver (Strong Encryption))
0x9CD20000 C:\Windows\System32\DRIVERS\srvnet.sys 135168 bytes (Microsoft Corporation, Server Network driver)
0x8FB56000 C:\Windows\system32\DRIVERS\tunnel.sys 135168 bytes (Microsoft Corporation, Microsoft Tunnel Interface Driver)
0x8FE2D000 C:\Windows\System32\drivers\VIDEOPRT.SYS 135168 bytes (Microsoft Corporation, Video Port Driver)
0x8AC00000 C:\Windows\system32\DRIVERS\cdrom.sys 126976 bytes (Microsoft Corporation, SCSI CD-ROM Driver)
0x8FF7B000 C:\Windows\system32\DRIVERS\pacer.sys 126976 bytes (Microsoft Corporation, QoS Packet Scheduler)
0x97F30000 C:\Windows\System32\cdd.dll 122880 bytes (Microsoft Corporation, Canonical Display Driver)
0x8FA00000 C:\Windows\system32\DRIVERS\mcdbus.sys 118784 bytes (MagicISO, Inc., MagicISO SCSI Host Controller)
0x9051E000 C:\Windows\system32\drivers\luafv.sys 110592 bytes (Microsoft Corporation, LUA File Virtualization Filter Driver)
0x9CC5D000 C:\Windows\system32\DRIVERS\mrxsmb20.sys 110592 bytes (Microsoft Corporation, Longhorn SMB 2.0 Redirector)
0x8FFA8000 C:\Windows\system32\DRIVERS\serial.sys 106496 bytes (Microsoft Corporation, Serial Device Driver)
0x90539000 C:\Windows\system32\drivers\WudfPf.sys 106496 bytes (Microsoft Corporation, Windows Driver Foundation - User-mode Driver Framework Platform Driver)
0x90400000 C:\Windows\system32\DRIVERS\bowser.sys 102400 bytes (Microsoft Corporation, NT Lan Manager Datagram Receiver Driver)
0x9089E000 C:\Windows\system32\drivers\drmk.sys 102400 bytes (Microsoft Corporation, Microsoft Trusted Audio Drivers)
0x8FAF6000 C:\Windows\System32\Drivers\dfsc.sys 98304 bytes (Microsoft Corporation, DFS Namespace Client Driver)
0x9096D000 C:\Windows\system32\DRIVERS\i8042prt.sys 98304 bytes (Microsoft Corporation, i8042 Port Driver)
0x90955000 C:\Windows\system32\DRIVERS\parport.sys 98304 bytes (Microsoft Corporation, Parallel Port Driver)
0x909B1000 C:\Windows\system32\DRIVERS\rasl2tp.sys 98304 bytes (Microsoft Corporation, RAS L2TP mini-port/call-manager driver)
0x91DDC000 C:\Windows\system32\DRIVERS\raspppoe.sys 98304 bytes (Microsoft Corporation, RAS PPPoE mini-port/call-manager driver)
0x8FBC2000 C:\Windows\system32\DRIVERS\raspptp.sys 94208 bytes (Microsoft Corporation, Peer-to-Peer Tunneling Protocol)
0x8FBD9000 C:\Windows\system32\DRIVERS\rassstp.sys 94208 bytes (Microsoft Corporation, RAS SSTP Miniport Call Manager)
0x8FE8C000 C:\Windows\system32\DRIVERS\tdx.sys 94208 bytes (Microsoft Corporation, TDI Translation Driver)
0xA0912000 C:\Windows\system32\DRIVERS\USBSTOR.SYS 94208 bytes (Microsoft Corporation, USB Mass Storage Class Driver)
0x8ACF4000 C:\Windows\System32\drivers\mountmgr.sys 90112 bytes (Microsoft Corporation, Mount Point Manager)
0x90495000 C:\Windows\system32\DRIVERS\HIDCLASS.SYS 77824 bytes (Microsoft Corporation, Hid Class Library)
0x8AF63000 C:\Windows\System32\Drivers\ksecdd.sys 77824 bytes (Microsoft Corporation, Kernel Security Support Provider Interface)
0x90563000 C:\Windows\system32\DRIVERS\rspndr.sys 77824 bytes (Microsoft Corporation, Link-Layer Topology Responder Driver for NDIS 6)
0x8FFC2000 C:\Windows\system32\DRIVERS\wanarp.sys 77824 bytes (Microsoft Corporation, MS Remote Access and Routing ARP Driver)
0x9099F000 C:\Windows\system32\DRIVERS\AgileVpn.sys 73728 bytes (Microsoft Corporation, RAS Agile Vpn Miniport Call Manager)
0x8FB77000 C:\Windows\system32\DRIVERS\amdk8.sys 73728 bytes (Microsoft Corporation, Processor Device Driver)
0x90419000 C:\Windows\System32\drivers\mpsdrv.sys 73728 bytes (Microsoft Corporation, Microsoft Protection Service Driver)
0x8B200000 C:\Windows\system32\DRIVERS\disk.sys 69632 bytes (Microsoft Corporation, PnP Disk Driver)
0x904F8000 C:\Windows\System32\Drivers\dump_dumpfve.sys 69632 bytes
0x8ADDF000 C:\Windows\system32\drivers\fileinfo.sys 69632 bytes (Microsoft Corporation, FileInfo Filter Driver)
0x90479000 C:\Windows\System32\Drivers\NDProxy.SYS 69632 bytes (Microsoft Corporation, NDIS Proxy)
0x8AC73000 C:\Windows\System32\drivers\partmgr.sys 69632 bytes (Microsoft Corporation, Partition Management Driver)
0x8AA0D000 C:\Windows\system32\PSHED.dll 69632 bytes (Microsoft Corporation, Platform Specific Hardware Error Driver)
0x90553000 C:\Windows\system32\DRIVERS\lltdio.sys 65536 bytes (Microsoft Corporation, Link-Layer Topology Mapper I/O Driver)
0x8B3E2000 C:\Windows\System32\Drivers\mup.sys 65536 bytes (Microsoft Corporation, Multiple UNC Provider Driver)
0x8FFD5000 C:\Windows\system32\DRIVERS\termdd.sys 65536 bytes (Microsoft Corporation, Remote Desktop Server Driver)
0x8AC84000 C:\Windows\system32\DRIVERS\volmgr.sys 65536 bytes (Microsoft Corporation, Volume Manager Driver)
0x9084F000 C:\Windows\system32\DRIVERS\usbehci.sys 61440 bytes (Microsoft Corporation, EHCI eUSB Miniport Driver)
0x8FB0E000 C:\Windows\system32\DRIVERS\blbdrive.sys 57344 bytes (Microsoft Corporation, BLB Drive Driver)
0x8FF9A000 C:\Windows\system32\DRIVERS\netbios.sys 57344 bytes (Microsoft Corporation, NetBIOS interface driver)
0x8FE7E000 C:\Windows\System32\Drivers\Npfs.SYS 57344 bytes (Microsoft Corporation, NPFS Driver)
0x8ACE6000 C:\Windows\system32\DRIVERS\PCIIDEX.SYS 57344 bytes (Microsoft Corporation, PCI IDE Bus Driver Extension)
0x8AFD3000 C:\Windows\System32\drivers\pcw.sys 57344 bytes (Microsoft Corporation, Performance Counters for Windows Driver)
0x8FA1D000 C:\Windows\system32\DRIVERS\umbus.sys 57344 bytes (Microsoft Corporation, User-Mode Bus Enumerator)
0x8AB84000 C:\Windows\system32\drivers\WDFLDR.SYS 57344 bytes (Microsoft Corporation, Kernel Mode Driver Framework Loader)
0x90992000 C:\Windows\system32\DRIVERS\CompositeBus.sys 53248 bytes (Microsoft Corporation, Multi-Transport Composite Bus Enumerator)
0x904BC000 C:\Windows\System32\Drivers\crashdmp.sys 53248 bytes (Microsoft Corporation, Crash Dump Driver)
0x90985000 C:\Windows\system32\DRIVERS\kbdclass.sys 53248 bytes (Microsoft Corporation, Keyboard Class Driver)
0x91200000 C:\Windows\system32\DRIVERS\mouclass.sys 53248 bytes (Microsoft Corporation, Mouse Class Driver)
0x9CD41000 C:\Windows\System32\drivers\tcpipreg.sys 53248 bytes (Microsoft Corporation, TCP/IP Registry Compatibility Driver)
0xA0848000 C:\Windows\System32\DRIVERS\tssecsrv.sys 53248 bytes (Microsoft Corporation, TS Security Filter Driver)
0x8FE4E000 C:\Windows\System32\drivers\watchdog.sys 53248 bytes (Microsoft Corporation, Watchdog Driver)
0x8FA86000 C:\Windows\System32\drivers\discache.sys 49152 bytes (Microsoft Corporation, System Indexer/Cache Driver)
0x8B1F3000 C:\Windows\System32\drivers\vga.sys 49152 bytes (Microsoft Corporation, VGA/Super VGA Video Driver)
0x90940000 C:\Windows\system32\DRIVERS\fdc.sys 45056 bytes (Microsoft Corporation, Floppy Disk Controller Driver)
0x9048A000 C:\Windows\system32\DRIVERS\hidusb.sys 45056 bytes (Microsoft Corporation, USB Miniport Driver for Input Devices)
0x8AA02000 C:\Windows\system32\mcupdate_AuthenticAMD.dll 45056 bytes (Microsoft Corporation, AMD Microcode Update Library)
0x90513000 C:\Windows\system32\DRIVERS\monitor.sys 45056 bytes (Microsoft Corporation, Monitor Driver)
0x904B1000 C:\Windows\system32\DRIVERS\mouhid.sys 45056 bytes (Microsoft Corporation, HID Mouse Filter Driver)
0x8FE73000 C:\Windows\System32\Drivers\Msfs.SYS 45056 bytes (Microsoft Corporation, Mailslot driver)
0x909C9000 C:\Windows\system32\DRIVERS\ndistapi.sys 45056 bytes (Microsoft Corporation, NDIS 3.0 connection wrapper driver)
0x8FEA3000 C:\Windows\system32\DRIVERS\TDI.SYS 45056 bytes (Microsoft Corporation, TDI Wrapper)
0x8AC68000 C:\Windows\system32\DRIVERS\vdrvroot.sys 45056 bytes (Microsoft Corporation, Virtual Drive Root Enumerator)
0x904C9000 C:\Windows\System32\Drivers\dump_diskdump.sys 40960 bytes
0x90509000 C:\Windows\System32\drivers\Dxapi.sys 40960 bytes (Microsoft Corporation, DirectX API Driver)
0x8FA7C000 C:\Windows\system32\DRIVERS\mssmbios.sys 40960 bytes (Microsoft Corporation, System Management BIOS Driver)
0x8FA72000 C:\Windows\system32\drivers\nsiproxy.sys 40960 bytes (Microsoft Corporation, NSI Proxy)
0x909F6000 C:\Windows\system32\DRIVERS\rdpbus.sys 40960 bytes (Microsoft Corporation, Microsoft RDP Bus Device driver)
0x9CD16000 C:\Windows\System32\Drivers\secdrv.SYS 40960 bytes (Macrovision Corporation, Macrovision Europe Limited, and Macrovision Japan and Asia K.K., Macrovision SECURITY Driver)
0x9094B000 C:\Windows\system32\DRIVERS\serenum.sys 40960 bytes (Microsoft Corporation, Serial Port Enumerator)
0xA083E000 C:\Windows\system32\drivers\tdtcp.sys 40960 bytes (Microsoft Corporation, TCP Transport Driver)
0x91DD2000 C:\Windows\system32\DRIVERS\usbohci.sys 40960 bytes (Microsoft Corporation, OHCI USB Miniport Driver)
0x8ADA2000 C:\Windows\system32\DRIVERS\amdxata.sys 36864 bytes (Advanced Micro Devices, Storage Filter Driver)
0x8AD0A000 C:\Windows\system32\DRIVERS\atapi.sys 36864 bytes (Microsoft Corporation, ATAPI IDE Miniport Driver)
0x8AFE1000 C:\Windows\System32\Drivers\Fs_Rec.sys 36864 bytes (Microsoft Corporation, File System Recognizer Driver)
0xA0952000 C:\Windows\System32\Drivers\Normandy.SYS 36864 bytes (RKU Driver)
0x97F00000 C:\Windows\System32\TSDDD.dll 36864 bytes (Microsoft Corporation, Framebuffer Display Driver)
0x8B392000 C:\Windows\system32\DRIVERS\vmstorfl.sys 36864 bytes (Microsoft Corporation, Virtual Storage Filter Driver)
0x8ABDA000 C:\Windows\system32\DRIVERS\WMILIB.SYS 36864 bytes (Microsoft Corporation, WMILIB WMI support library Dll)
0x8AA1E000 C:\Windows\system32\BOOTVID.dll 32768 bytes (Microsoft Corporation, VGA Boot Driver)
0x8B3F2000 C:\Windows\System32\drivers\hwpolicy.sys 32768 bytes (Microsoft Corporation, Hardware Policy Driver)
0x80BCF000 C:\Windows\system32\kdcom.dll 32768 bytes (Microsoft Corporation, Serial Kernel Debugger)
0x8ABE3000 C:\Windows\system32\DRIVERS\msisadrv.sys 32768 bytes (Microsoft Corporation, ISA Driver)
0x8FE5B000 C:\Windows\System32\DRIVERS\RDPCDD.sys 32768 bytes (Microsoft Corporation, RDP Miniport)
0x8FE63000 C:\Windows\system32\drivers\rdpencdd.sys 32768 bytes (Microsoft Corporation, RDP Encoder Miniport)
0x8FE6B000 C:\Windows\system32\drivers\rdprefmp.sys 32768 bytes (Microsoft Corporation, RDP Reflector Driver Miniport)
0x8B3DA000 C:\Windows\System32\Drivers\spldr.sys 32768 bytes (Microsoft Corporation, loader for security processor)
0x8B011000 C:\Windows\System32\Drivers\Beep.SYS 28672 bytes (Microsoft Corporation, BEEP Driver)
0x904A8000 C:\Windows\system32\DRIVERS\HIDPARSE.SYS 28672 bytes (Microsoft Corporation, Hid Parsing Library)
0x8B211000 C:\Windows\System32\Drivers\Null.SYS 28672 bytes (Microsoft Corporation, NULL Driver)
0x9CC78000 C:\Windows\system32\DRIVERS\parvdm.sys 28672 bytes (Microsoft Corporation, VDM Parallel Driver)
0xA0886000 C:\Program Files\PeerBlock\pbfilter.sys 28672 bytes
0x8ACDF000 C:\Windows\system32\DRIVERS\pciide.sys 28672 bytes (Microsoft Corporation, Generic PCI IDE Bus Driver)
0x8FF74000 C:\Windows\system32\DRIVERS\wfplwf.sys 28672 bytes (Microsoft Corporation, WFP NDIS 6.20 Lightweight Filter Driver)
0x8FB1C000 C:\Windows\System32\Drivers\avgmfx86.sys 24576 bytes (AVG Technologies CZ, s.r.o., AVG Resident Shield Minifilter Driver)
0x9085E000 C:\Windows\system32\DRIVERS\GEARAspiWDM.sys 24576 bytes (GEAR Software Inc., CD DVD Filter)
0xA0839000 C:\Windows\system32\DRIVERS\LVPr2Mon.sys 20480 bytes (-, -)
0xA088D000 C:\Windows\system32\drivers\mbam.sys 16384 bytes (Malwarebytes Corporation, Malwarebytes' Anti-Malware)
0x91D19000 C:\Windows\system32\DRIVERS\nvBridge.kmd 8192 bytes (NVIDIA Corporation, NVIDIA Compatible Windows Vista Kernel Mode Driver, Version 196.21 )
0x90DFB000 C:\Windows\system32\DRIVERS\swenum.sys 8192 bytes (Microsoft Corporation, Plug and Play Software Device Enumerator)
0x904AF000 C:\Windows\system32\DRIVERS\USBD.SYS 8192 bytes (Microsoft Corporation, Universal Serial Bus Driver)
==============================================
>Stealth
==============================================
0x04600000 Hidden Image-->WPF.Themes.dll [ EPROCESS 0x8763B368 ] PID: 3928, 102400 bytes
0x066A0000 Hidden Image-->Interop.Office.dll [ EPROCESS 0x87A00728 ] PID: 2116, 167936 bytes
0x06B20000 Hidden Image-->Interop.Office.dll [ EPROCESS 0xBDB299C0 ] PID: 3916, 167936 bytes
0x096C0000 Hidden Image-->Interop.SpeechLib.dll [ EPROCESS 0x87A00728 ] PID: 2116, 176128 bytes
0x023E0000 Hidden Image-->Interop.SpeechLib.dll [ EPROCESS 0xBDB299C0 ] PID: 3916, 176128 bytes
0x058D0000 Hidden Image-->Curse.CurseClient.Controls.dll [ EPROCESS 0x8763B368 ] PID: 3928, 192512 bytes
0x04460000 Hidden Image-->Curse.CurseClient.Enumerations.dll [ EPROCESS 0x8763B368 ] PID: 3928, 28672 bytes
0x05E90000 Hidden Image-->Curse.MurmurHash.dll [ EPROCESS 0x8763B368 ] PID: 3928, 28672 bytes
0x030A0000 Hidden Image-->extensibility.dll [ EPROCESS 0x87A00728 ] PID: 2116, 28672 bytes
0x040A0000 Hidden Image-->extensibility.dll [ EPROCESS 0xBDB299C0 ] PID: 3916, 28672 bytes
0x03F70000 Hidden Image-->Curse.CurseClient.Common.dll [ EPROCESS 0x8763B368 ] PID: 3928, 299008 bytes
0x034D0000 Hidden Image-->stdole.dll [ EPROCESS 0x87A00728 ] PID: 2116, 36864 bytes
0x041C0000 Hidden Image-->stdole.dll [ EPROCESS 0xBDB299C0 ] PID: 3916, 36864 bytes
0x05930000 Hidden Image-->Interop.NetFwTypeLib.dll [ EPROCESS 0x8763B368 ] PID: 3928, 45056 bytes
0x067E0000 Hidden Image-->Interop.NVRVoice2.dll [ EPROCESS 0x87A00728 ] PID: 2116, 45056 bytes
0x06B60000 Hidden Image-->Interop.NVRVoice2.dll [ EPROCESS 0xBDB299C0 ] PID: 3916, 45056 bytes
0x04CE0000 Hidden Image-->Curse.AddOns.dll [ EPROCESS 0x8763B368 ] PID: 3928, 53248 bytes
0x05260000 Hidden Image-->Curse.ClientService.Models.dll [ EPROCESS 0x8763B368 ] PID: 3928, 53248 bytes
0x03070000 Hidden Image-->NaturalReaderExcel.dll [ EPROCESS 0x87A00728 ] PID: 2116, 53248 bytes
0x00A20000 Hidden Image-->Curse.CurseClient.Localization.dll [ EPROCESS 0x8763B368 ] PID: 3928, 61440 bytes
0x03BD0000 Hidden Image-->NaturalReaderPowerPoint.dll [ EPROCESS 0xBDB299C0 ] PID: 3916, 61440 bytes
0x05230000 Hidden Image-->GammaJul.LgLcd.dll [ EPROCESS 0x8763B368 ] PID: 3928, 69632 bytes
0x03D30000 Hidden Image-->Curse.dll [ EPROCESS 0x8763B368 ] PID: 3928, 77824 bytes
0x04D20000 Hidden Image-->Curse.CurseClient.Logitech.dll [ EPROCESS 0x8763B368 ] PID: 3928, 77824 bytes
0x05E30000 Hidden Image-->zlib.net.dll [ EPROCESS 0x8763B368 ] PID: 3928, 77824 bytes



#6 etavares

etavares

    Bleepin' Remover


  • Malware Response Team
  • 15,514 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:08:22 PM

Posted 14 September 2010 - 06:14 PM

Hello, hobyman.
Next, please download ComboFix from one of these locations:* IMPORTANT !!! Save ComboFix.exe to your Desktop as etavaresCF.exe
  • Disable your AntiVirus and AntiSpyware applications, usually via a right click on the System Tray icon. They may otherwise interfere with our tools. (Click on this link to see a list of programs that should be disabled. The list is not all inclusive.)
  • Double click on etavaresCF.exe & follow the prompts.
  • As part of it's process, ComboFix will check to see if the Microsoft Windows Recovery Console is installed. With malware infections being as they are today, it's strongly recommended to have this pre-installed on your machine before doing any malware removal. It will allow you to boot up into a special recovery/repair mode that will allow us to more easily help you should your computer have a problem after an attempted removal of malware.
  • Follow the prompts to allow ComboFix to download and install the Microsoft Windows Recovery Console, and when prompted, agree to the End-User License Agreement to install the Microsoft Windows Recovery Console.
**Please note: If the Microsoft Windows Recovery Console is already installed, ComboFix will continue it's malware removal procedures.



Once the Microsoft Windows Recovery Console is installed using ComboFix, you should see the following message:



Click on Yes, to continue scanning for malware.

When finished, it shall produce a log for you. Please include the C:\ComboFix.txt in your next reply, along with any symptoms that are present after it runs.

etavares


If I don't respond within 2 days, please feel free to PM me.
Please don't ask for help via PM. The forums are there for a reason. Please post in the forums so others may benefit as well.

Posted Image
Unified Network of Instructors and Trusted Eliminators
 


#7 hobyman

hobyman
  • Topic Starter

  • Members
  • 13 posts
  • OFFLINE
  •  
  • Local time:05:22 PM

Posted 14 September 2010 - 06:41 PM

Hello there. I have downloaded and run combofix as requested. Symptoms have yet to manifest, though they have traditionally not shown up until several hours after the computer has been running. Here is the requested log. I'm crossing my fingers that the issues are resolved?


ComboFix 10-09-14.01 - User 09/14/2010 16:23:22.1.2 - x86
Microsoft Windows 7 Ultimate 6.1.7600.0.1252.1.1033.18.3071.967 [GMT -7:00]
Running from: c:\users\User\Desktop\etavaresCF.exe
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\program files\Mozilla Firefox\searchplugins\google_search.xml
c:\users\User\AppData\Local\{67E29178-152A-4D95-AE00-1DD4EC48D05E}
c:\users\User\AppData\Local\{67E29178-152A-4D95-AE00-1DD4EC48D05E}\chrome\content\overlay.xul
c:\users\User\AppData\Local\{67E29178-152A-4D95-AE00-1DD4EC48D05E}\install.rdf
c:\users\User\AppData\Local\Windows Server
c:\users\User\AppData\Local\Windows Server\server.dat
c:\windows\TEMP\logishrd\LVPrcInj01.dll

.
((((((((((((((((((((((((( Files Created from 2010-08-14 to 2010-09-14 )))))))))))))))))))))))))))))))
.

2010-09-14 23:31 . 2010-09-14 23:33 -------- d-----w- c:\users\User\AppData\Local\temp
2010-09-14 05:04 . 2010-09-14 22:58 -------- d-----w- C:\World of Warcraft Beta
2010-09-14 04:47 . 2010-09-14 05:01 -------- d-----w- c:\users\User\Cataclysm-Beta-Installer-4.0.0.12635-enUS
2010-09-11 05:51 . 2010-09-11 05:51 -------- d-----w- c:\programdata\Creative Labs
2010-09-11 05:51 . 2010-09-13 17:29 -------- d-----w- c:\users\User\AppData\Local\The Lord of the Rings Online
2010-09-11 05:40 . 2010-09-11 05:40 92 ----a-w- c:\users\User\AppData\Local\fusioncache.dat
2010-09-11 05:40 . 2010-09-11 05:42 -------- d-----w- c:\users\User\AppData\Local\Turbine
2010-09-11 05:38 . 2007-03-12 23:42 3495784 ----a-w- c:\windows\system32\d3dx9_33.dll
2010-09-11 05:38 . 2010-09-13 17:31 -------- d-----w- c:\users\User\AppData\Local\ApplicationHistory
2010-09-11 04:58 . 2010-09-11 04:58 -------- d-----w- c:\program files\Turbine
2010-09-10 19:47 . 2010-09-11 04:57 -------- d-----w- C:\LOTRO High Res Installer Files
2010-09-10 19:46 . 2010-09-14 23:33 -------- d-----w- c:\users\User\AppData\Local\PMB Files
2010-09-10 19:46 . 2010-09-10 19:47 -------- d-----w- c:\programdata\PMB Files
2010-09-10 19:46 . 2010-09-10 19:46 -------- d-----w- c:\program files\Pando Networks
2010-09-08 04:15 . 2010-09-08 04:15 -------- d-----w- c:\program files\Sophos
2010-08-25 23:18 . 2010-08-25 23:18 -------- d-----w- C:\$AVG
2010-08-25 23:18 . 2010-08-26 00:45 -------- d-----w- c:\programdata\Update
2010-08-25 23:18 . 2010-08-26 00:45 -------- d-----w- c:\users\User\AppData\Local\riptnambl
2010-08-21 21:51 . 2010-08-21 21:51 -------- d-----w- c:\users\User\AppData\Roaming\Malwarebytes
2010-08-21 21:51 . 2010-04-29 22:39 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2010-08-21 21:51 . 2010-08-26 06:39 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2010-08-21 21:51 . 2010-08-21 21:51 -------- d-----w- c:\programdata\Malwarebytes
2010-08-21 21:51 . 2010-04-29 22:39 20952 ----a-w- c:\windows\system32\drivers\mbam.sys
2010-08-21 17:39 . 2010-09-14 19:33 -------- d-----w- c:\users\User\AppData\Roaming\vlc
2010-08-19 19:31 . 2010-08-19 19:31 12536 ----a-w- c:\windows\system32\avgrsstx.dll
2010-08-19 19:31 . 2010-08-19 19:31 243024 ----a-w- c:\windows\system32\drivers\avgtdix.sys
2010-08-19 19:31 . 2010-08-19 19:31 216400 ----a-w- c:\windows\system32\drivers\avgldx86.sys
2010-08-19 19:31 . 2010-08-19 19:31 29584 ----a-w- c:\windows\system32\drivers\avgmfx86.sys
2010-08-19 19:31 . 2010-09-14 17:21 -------- d-----w- c:\windows\system32\drivers\Avg
2010-08-19 19:02 . 2010-08-19 19:02 -------- d-----w- c:\program files\AVG
2010-08-19 19:02 . 2010-09-09 20:46 -------- d-----w- c:\programdata\avg9
2010-08-19 18:36 . 2010-08-19 18:36 120 ----a-w- c:\users\User\AppData\Local\Xtutuqazefi.dat
2010-08-19 18:36 . 2010-08-19 18:36 0 ----a-w- c:\users\User\AppData\Local\Ncuhexemexizo.bin
2010-08-19 18:35 . 2010-08-19 20:27 -------- d-----w- c:\users\User\AppData\Local\gsihwjjth
2010-08-16 05:53 . 2010-09-14 23:33 -------- d-----w- c:\program files\PeerBlock
2010-08-16 05:45 . 2010-08-16 05:52 -------- d-----w- c:\program files\PeerGuardian2

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-09-14 06:12 . 2010-02-18 22:06 -------- d-----w- c:\program files\uTorrent
2010-09-14 06:10 . 2010-02-18 22:06 -------- d-----w- c:\users\User\AppData\Roaming\uTorrent
2010-09-14 06:02 . 2010-04-12 04:59 -------- d-----w- c:\program files\Common Files\Blizzard Entertainment
2010-09-12 18:15 . 2010-06-03 06:58 -------- d-----w- c:\programdata\Lavasoft
2010-09-09 21:34 . 2010-02-18 07:19 -------- d-----w- c:\users\User\AppData\Roaming\Winamp
2010-09-07 17:59 . 2010-02-22 06:20 -------- d-----w- c:\users\User\AppData\Roaming\Audacity
2010-08-27 07:19 . 2010-02-22 02:15 -------- d-----w- c:\program files\YouTube Downloader
2010-08-26 00:57 . 2010-02-19 18:19 -------- d-----w- c:\program files\Common Files\Wise Installation Wizard
2010-08-13 06:27 . 2010-08-13 06:27 27591840 ----a-w- c:\programdata\Yahoo!\YUpdater\msgup1000_1270_us_u2.exe
2010-08-08 20:24 . 2010-08-08 20:24 -------- d-----w- c:\users\User\AppData\Roaming\Mobipocket
2010-08-08 20:23 . 2010-08-08 20:23 50008 ----a-r- c:\users\User\AppData\Roaming\Microsoft\Installer\{342126E1-173C-4585-BFBE-3EBDD20E3E9E}\_6FEFF9B68218417F98F549.exe
2010-08-08 20:23 . 2010-08-08 20:23 -------- d-----w- c:\program files\Mobipocket.com
2010-08-06 05:48 . 2010-04-12 22:49 -------- d-----w- c:\users\User\AppData\Roaming\Skype
2010-08-05 23:08 . 2010-04-12 22:51 -------- d-----w- c:\users\User\AppData\Roaming\skypePM
2010-07-20 16:52 . 2010-02-18 07:43 -------- d-----w- c:\users\User\AppData\Roaming\mIRC
2010-07-20 16:44 . 2010-02-18 07:43 -------- d-----w- c:\program files\mIRC
2010-07-19 23:02 . 2010-07-19 23:02 -------- d-----w- c:\users\User\AppData\Roaming\Red Kawa
2010-07-19 22:56 . 2010-07-19 22:56 -------- d-----w- c:\program files\AviSynth 2.5
2010-07-19 22:56 . 2010-07-19 22:56 -------- d-----w- c:\program files\Red Kawa
2010-06-17 20:19 . 2010-06-17 20:19 77312 ----a-w- c:\users\User\AppData\Roaming\SystemRequirementsLab\srlproxy_cyri_4.1.72.0A.dll
2009-06-10 21:26 . 2009-07-14 02:04 9633792 --sha-r- c:\windows\Fonts\StaticCache.dat
2009-07-14 01:14 . 2009-07-13 23:42 396800 --sha-w- c:\windows\winsxs\x86_microsoft-windows-mail-app_31bf3856ad364e35_6.1.7600.16385_none_f12e83abb108c86c\WinMail.exe
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2009-07-14 1173504]
"Google Update"="c:\users\User\AppData\Local\Google\Update\GoogleUpdate.exe" [2010-06-15 136176]
"PeerBlock"="c:\program files\PeerBlock\peerblock.exe" [2009-09-28 1529432]
"Pando Media Booster"="c:\program files\Pando Networks\Media Booster\PMB.exe" [2010-09-10 2969496]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Acrobat Assistant 8.0"="c:\program files\Adobe\Acrobat 9.0\Acrobat\Acrotray.exe" [2010-04-03 640440]
"SoundMan"="SOUNDMAN.EXE" [2009-04-14 604704]
"GrooveMonitor"="c:\program files\Microsoft Office\Office12\GrooveMonitor.exe" [2008-10-25 31072]
"OODefragTray"="c:\program files\OO Software\Defrag\oodtray.exe" [2009-09-12 2524416]
"UpdatePDRShortCut"="c:\program files\CyberLink\PowerDirector\MUITransfer\MUIStartMenu.exe" [2008-12-04 218408]
"googletalk"="c:\program files\Google\Google Talk\googletalk.exe" [2007-01-01 3739648]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2010-01-11 246504]
"AVG9_TRAY"="c:\progra~1\AVG\AVG9\avgtray.exe" [2010-08-19 2065760]
"Malwarebytes' Anti-Malware"="c:\program files\Malwarebytes' Anti-Malware\mbamgui.exe" [2010-04-29 437584]

c:\users\User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
CurseClientStartup.ccip [2010-4-12 0]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 0 (0x0)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableLUA"= 0 (0x0)
"EnableUIADesktopToggle"= 0 (0x0)
"PromptOnSecureDesktop"= 0 (0x0)

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"AppInit_DLLs"=c:\windows\System32\acaptuser32.dll c:\windows\System32\avgrsstx.dll

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]
BootExecute REG_MULTI_SZ autocheck autochk *\0OODBS

[HKLM\~\startupfolder\C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^Adobe Gamma Loader.lnk]
path=c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\Adobe Gamma Loader.lnk
backup=c:\windows\pss\Adobe Gamma Loader.lnk.CommonStartup
backupExtension=.CommonStartup

[HKLM\~\startupfolder\C:^Users^User^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^MagicDisc.lnk]
path=c:\users\User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\MagicDisc.lnk
backup=c:\windows\pss\MagicDisc.lnk.Startup
backupExtension=.Startup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Acrobat Speed Launcher]
2010-04-04 05:32 38840 ----a-w- c:\program files\Adobe\Acrobat 9.0\Acrobat\acrobat_sl.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe ARM]
2010-06-09 08:06 976832 ----a-w- c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Aim]
2009-12-01 17:38 3951976 ----a-w- c:\program files\AIM\aim.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DKPProfilerUploader]
2007-11-19 09:27 102400 ----a-w- c:\program files\DKP Profiler Uploader\DKPProfilerUploader.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper]
2010-02-16 01:07 141608 ----a-w- c:\program files\iTunes\iTunesHelper.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Logitech Vid]
2009-07-16 22:35 5458704 ----a-w- c:\program files\Logitech\Logitech Vid\Vid.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LogitechQuickCamRibbon]
2009-10-14 20:36 2793304 ----a-w- c:\program files\Logitech\Logitech WebCam Software\LWS.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Messenger (Yahoo!)]
2009-11-10 22:39 5244216 ----a-w- c:\progra~1\Yahoo!\Messenger\YahooMessenger.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
2010-02-16 01:50 417792 ----a-w- c:\program files\QuickTime\QTTask.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WinampAgent]
2010-01-13 22:44 37888 ----a-w- c:\program files\Winamp\winampa.exe

R0 Lbd;Lbd;c:\windows\system32\DRIVERS\Lbd.sys [x]
R2 gupdate;Google Update Service (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [2010-05-17 136176]
R3 Creative ALchemy AL6 Licensing Service;Creative ALchemy AL6 Licensing Service;c:\program files\Common Files\Creative Labs Shared\Service\AL6Licensing.exe [2010-04-12 79360]
R3 Creative Audio Engine Licensing Service;Creative Audio Engine Licensing Service;c:\program files\Common Files\Creative Labs Shared\Service\CTAELicensing.exe [2010-04-12 79360]
R3 MEMSWEEP2;MEMSWEEP2;c:\windows\system32\F41F.tmp [x]
R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe [2010-06-03 1343400]
R3 WRfiltv;WRfiltv;c:\windows\system32\drivers\WRfiltv.sys [2009-07-31 17920]
S1 AvgLdx86;AVG Free AVI Loader Driver x86;c:\windows\system32\Drivers\avgldx86.sys [2010-08-19 216400]
S1 AvgTdiX;AVG Free Network Redirector;c:\windows\system32\Drivers\avgtdix.sys [2010-08-19 243024]
S2 avg9wd;AVG Free WatchDog;c:\program files\AVG\AVG9\avgwdsvc.exe [2010-08-19 308136]
S2 MBAMService;MBAMService;c:\program files\Malwarebytes' Anti-Malware\mbamservice.exe [2010-04-29 304464]
S3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [2010-04-29 20952]
S3 pbfilter;pbfilter;c:\program files\PeerBlock\pbfilter.sys [2009-09-28 16472]

.
Contents of the 'Scheduled Tasks' folder

2010-09-14 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-05-17 20:33]

2010-09-14 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-05-17 20:33]

2010-09-14 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3074497874-418840486-2860784660-1000Core.job
- c:\users\User\AppData\Local\Google\Update\GoogleUpdate.exe [2010-07-06 04:41]

2010-09-14 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3074497874-418840486-2860784660-1000UA.job
- c:\users\User\AppData\Local\Google\Update\GoogleUpdate.exe [2010-07-06 04:41]
.
.
------- Supplementary Scan -------
.
uInternet Settings,ProxyOverride = <local>
uInternet Settings,ProxyServer = http=127.0.0.1:6522
IE: Append Link Target to Existing PDF - c:\program files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
IE: Append to Existing PDF - c:\program files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppend.html
IE: Convert Link Target to Adobe PDF - c:\program files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
IE: Convert to Adobe PDF - c:\program files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIECapture.html
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000
DPF: {0067DBFC-A752-458C-AE6E-B9C7E63D4824} - hxxp://www.logitech.com/devicedetector/plugins/LogitechDeviceDetection32.cab
DPF: {83A4D5A6-E2C1-4EDD-AD48-1A1C50BD06EF} - hxxp://www.bearbook.com/WebResource.axd?d=3LyxKpRiDMO9WBglmpCrXqANufuc6xt4cWD3JwC0hTC36uMCOPYsETjQK-yIn8gndxqQSmjbfLcv265-9M15L-o4aSFQhBwWFVergK51b601&t=634187939332716250
FF - ProfilePath - c:\users\User\AppData\Roaming\Mozilla\Firefox\Profiles\46oz1h7i.default\
FF - prefs.js: browser.startup.homepage - hxxp://www.wow.com/
FF - prefs.js: keyword.URL - hxxp://www.google.com/search?ie=UTF-8&oe=UTF-8&sourceid=navclient&gfns=1&q=
FF - component: c:\program files\AVG\AVG9\Firefox\components\avgssff.dll
FF - component: c:\program files\Mozilla Firefox\extensions\{AB2CE124-6272-4b12-94A9-7303C7397BD1}\components\SkypeFfComponent.dll
FF - plugin: c:\program files\Google\Google Earth\plugin\npgeplugin.dll
FF - plugin: c:\program files\Google\Update\1.2.183.29\npGoogleOneClick8.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\npdnupdater2.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\npwachk.dll
FF - plugin: c:\users\User\AppData\Local\Google\Update\1.2.183.29\npGoogleOneClick8.dll

---- FIREFOX POLICIES ----
FF - user.js: network.protocol-handler.warn-external.dnupdate - false
FF - user.js: search.clsid - {061B59D8-D826-4C4D-8FDE-2925E844AD93}
FF - user.js: search.sid - 15101055100
FF - user.js: extensions.newAddons - falsec:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgbaam7a8h", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgberp4a5d4ar", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled", false);
.
- - - - ORPHANS REMOVED - - - -

WebBrowser-{D4027C7F-154A-4066-A1AD-4243D8127440} - (no file)



[HKEY_LOCAL_MACHINE\system\ControlSet001\services\MEMSWEEP2]
"ImagePath"="\??\c:\windows\system32\F41F.tmp"
.
--------------------- LOCKED REGISTRY KEYS ---------------------

[HKEY_LOCAL_MACHINE\software\Microsoft\Windows\CurrentVersion\System*]
"OODEFRAG12.00.00.01PROFESSIONAL"="5C0DC82FE690955DBAA32DA428C773E71D1917C31398129C94A6F74C9E7877265CE4B9EB8E4A7915938602EA5C21E9D5D1AE44F36C9711BE8442A9E59AB7FBA6A3E2C33512701A92AD68115D719BA770FA6C52E64B1569DD5E6FACF6E5FEBC9E127BECC74CFEBC9E127BECC74CFEBC9E127BECC74CFEBC9E127BECC74CFEBC9E127BECC74CFEBC9E127BECC74CA6A0AC4980AC7933A6171C11EC38DE3DA9C6AECB7A5D1407BA7FD869164D67946BFEA9E5E8AD497502C0466D2EF1C97C8C16006F1F39C3603C1EC13829398D31961208F36832317A8DF9A654C4117D04A1BEA8F81E67296F9A0235B58D2C861F4DCC10A23353C36FF48E9FF993B03D3D14E509C886ABE340713C5AF338462A3497B8478234EE8C4DF2F4EC4306A81F86700E37B9657AB136BB80C060F7B782F580D254B89C93005FC296712C4D851F9042AD6F3C0CFD3784F8EE1D815E6979BF180C85005F0672C5A4513443E0099A5E9C310F521114FBB62A22476E43F36241F0C9CC24363C9C73DEF65CA9F6A654CB93761A94D04DEAAA5725B954C2A66E7C2463BC861DE11CB1B94F399610087203C0D0362D656FD3910AF795F23C84B8C84DA7901D52D6729A0192BCD36A08FE064408AFDBB4F4E9F0D18F9F9DD042BBCF8AD7A2715BAF861F06EE7D3F8B386A293DD5F374E18AC3A3C1D23DBEE9CDD9910127761F80329E021D08344BBD5C0416526997DC5A915ED5EE9D7BD0B0C156605740AFD84EDB6ADC1FF1BFFE0EED04C72D67D011499F180BF3410C63167359623ABF976393D97B19E7B7A074CC1985117BE4F9A0227FB4187201C09DCB686F92D7B69998659145F7D9577E58103E84956EED92AE9BAC5BA5099411B6C95B09C065A9C8E59C1AA28DD8C2A2EF3072E5CDBB80BDF12EDA973461291BF8CBBAFA8E1912D8CAD23E51C0CC5F798ECA7D6E861E914137996ED893A3DD9DC64FA87D74305CA25F6BFD72CDA20917A0405CC9625186095C5F00F1E98146FB1419FB2C3BE9EAA44A880E0AC34B8BB02337BF85D399BBA3D4465E1B31ABEBBEE82FBF888109917D4A13D30488BBA99F29188B13A4BAFEC328D60B70B6584812605DB1773C561AF230B66CABD06D9962D78F584BF17D93C0F161BA6F9D44CEC4AD32C43F301C406E60E32633A9D9069A6A8E73E62C3230166076D7FBD92B604B12029F8DF92BB6FCD64E0630F3050C0EAE4CDB0598A80161B7EC005F3652573E67629C73075622CD1EEEC29BE2F1BEA608BEC8274E37A466505E8342D07F7E581A30C9E319F59938580147D27D2A2273EBA620B4BC372D0B132AE8361B7D167AA809EAB8C9E52DB2BB85B3979FB833A4E4827F77220623DB7F70E92ED91A52A82A5075AD02055C5C8FC0DB0F7A2F5D901097B79D940680852B99F37FA8A85B0AC4AE936280B69BF3B3B947C290A30432A0704C3B7B1C345D"

[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
------------------------ Other Running Processes ------------------------
.
c:\windows\system32\nvvsvc.exe
c:\program files\Creative\Shared Files\CTAudSvc.exe
c:\windows\system32\nvvsvc.exe
c:\program files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
c:\program files\Bonjour\mDNSResponder.exe
c:\program files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe
c:\program files\OO Software\Defrag\oodag.exe
c:\program files\CyberLink\Shared files\RichVideo.exe
c:\windows\system32\taskhost.exe
c:\program files\AVG\AVG9\avgnsx.exe
c:\windows\system32\conhost.exe
c:\program files\AVG\AVG9\avgrsx.exe
c:\program files\AVG\AVG9\avgchsvx.exe
c:\program files\AVG\AVG9\avgcsrvx.exe
c:\windows\SOUNDMAN.EXE
c:\program files\AVG\AVG9\avgtray.exe
c:\windows\Microsoft.NET\Framework\v2.0.50727\dfsvc.exe
c:\program files\Windows Media Player\wmpnetwk.exe
.
**************************************************************************
.
Completion time: 2010-09-14 16:37:42 - machine was rebooted
ComboFix-quarantined-files.txt 2010-09-14 23:37

Pre-Run: 26,062,413,824 bytes free
Post-Run: 26,208,395,264 bytes free

- - End Of File - - 17FCF394D2ADE1A339828E82D1FF5092


#8 hobyman

hobyman
  • Topic Starter

  • Members
  • 13 posts
  • OFFLINE
  •  
  • Local time:05:22 PM

Posted 14 September 2010 - 07:19 PM

So this message just appeared:

"Malwarebytes' Anti-spyware has detected a malicious process attempting to start and has blocked the execution attempt. Please select an option below.

C:\ProgramData\Update\seupd.exe (Trojan.Agent)"

I had the option of Disable Protection, Ignore, or Quarantine. I chose quarantine. Looks like there must still be an issue.

#9 etavares

etavares

    Bleepin' Remover


  • Malware Response Team
  • 15,514 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:08:22 PM

Posted 15 September 2010 - 05:24 PM

Hello, hobyman.
Yeah, CF didn't get those files. Let's get them now.



Step 1

Open notepad and copy/paste the text in the quotebox below into it:

QUOTE
http://www.bleepingcomputer.com/forums/topic345993.html

collect::
C:\ProgramData\Update\seupd.exe
C:\zrpt.xml
C:\Users\User\AppData\Local\Xtutuqazefi.dat
C:\Users\User\AppData\Local\Ncuhexemexizo.bin
folder::
C:\Users\User\AppData\Local\riptnambl
C:\Users\User\AppData\Local\gsihwjjth
C:\Users\User\AppData\Local\{67E29178-152A-4D95-AE00-1DD4EC48D05E}


Save this as CFScript.txt





Refering to the picture above, drag CFScript.txt into ComboFix.exe

When finished, it shall produce a log for you. Post that log in your next reply.

**Note**

When CF finishes running, the ComboFix log will open along with a message box--do not be alarmed. With the above script, ComboFix will capture files to submit for analysis.
  • Ensure you are connected to the internet and click OK on the message box.

etavares


If I don't respond within 2 days, please feel free to PM me.
Please don't ask for help via PM. The forums are there for a reason. Please post in the forums so others may benefit as well.

Posted Image
Unified Network of Instructors and Trusted Eliminators
 


#10 hobyman

hobyman
  • Topic Starter

  • Members
  • 13 posts
  • OFFLINE
  •  
  • Local time:05:22 PM

Posted 15 September 2010 - 06:16 PM

Hello there. This has been done. Here is the log:


ComboFix 10-09-14.01 - User 09/15/2010 16:01:52.2.2 - x86
Microsoft Windows 7 Ultimate 6.1.7600.0.1252.1.1033.18.3071.1726 [GMT -7:00]
Running from: c:\users\User\Desktop\etavaresCF.exe
Command switches used :: c:\users\User\Desktop\CFScript.txt
* Created a new restore point

file zipped: c:\users\User\AppData\Local\Ncuhexemexizo.bin
file zipped: c:\users\User\AppData\Local\Xtutuqazefi.dat
file zipped: C:\zrpt.xml
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\users\User\AppData\Local\gsihwjjth
c:\users\User\AppData\Local\Ncuhexemexizo.bin
c:\users\User\AppData\Local\riptnambl
c:\users\User\AppData\Local\Xtutuqazefi.dat
c:\windows\TEMP\logishrd\LVPrcInj01.dll
C:\zrpt.xml

.
((((((((((((((((((((((((( Files Created from 2010-08-15 to 2010-09-15 )))))))))))))))))))))))))))))))
.

2010-09-15 23:07 . 2010-09-15 23:09 -------- d-----w- c:\users\User\AppData\Local\temp
2010-09-15 23:07 . 2010-09-15 23:07 -------- d-----w- c:\users\Public\AppData\Local\temp
2010-09-15 23:07 . 2010-09-15 23:07 -------- d-----w- c:\users\Mcx2-USER-PC\AppData\Local\temp
2010-09-15 23:07 . 2010-09-15 23:07 -------- d-----w- c:\users\Mcx1-USER-PC\AppData\Local\temp
2010-09-15 23:07 . 2010-09-15 23:07 -------- d-----w- c:\users\Default\AppData\Local\temp
2010-09-14 05:04 . 2010-09-15 19:19 -------- d-----w- C:\World of Warcraft Beta
2010-09-14 04:47 . 2010-09-14 05:01 -------- d-----w- c:\users\User\Cataclysm-Beta-Installer-4.0.0.12635-enUS
2010-09-11 05:51 . 2010-09-11 05:51 -------- d-----w- c:\programdata\Creative Labs
2010-09-11 05:51 . 2010-09-13 17:29 -------- d-----w- c:\users\User\AppData\Local\The Lord of the Rings Online
2010-09-11 05:40 . 2010-09-11 05:40 92 ----a-w- c:\users\User\AppData\Local\fusioncache.dat
2010-09-11 05:40 . 2010-09-11 05:42 -------- d-----w- c:\users\User\AppData\Local\Turbine
2010-09-11 05:38 . 2007-03-12 23:42 3495784 ----a-w- c:\windows\system32\d3dx9_33.dll
2010-09-11 05:38 . 2010-09-13 17:31 -------- d-----w- c:\users\User\AppData\Local\ApplicationHistory
2010-09-11 04:58 . 2010-09-11 04:58 -------- d-----w- c:\program files\Turbine
2010-09-10 19:47 . 2010-09-11 04:57 -------- d-----w- C:\LOTRO High Res Installer Files
2010-09-10 19:46 . 2010-09-15 23:09 -------- d-----w- c:\users\User\AppData\Local\PMB Files
2010-09-10 19:46 . 2010-09-10 19:47 -------- d-----w- c:\programdata\PMB Files
2010-09-10 19:46 . 2010-09-10 19:46 -------- d-----w- c:\program files\Pando Networks
2010-09-08 04:15 . 2010-09-08 04:15 -------- d-----w- c:\program files\Sophos
2010-08-25 23:18 . 2010-08-25 23:18 -------- d-----w- C:\$AVG
2010-08-25 23:18 . 2010-08-26 00:45 -------- d-----w- c:\programdata\Update
2010-08-21 21:51 . 2010-08-21 21:51 -------- d-----w- c:\users\User\AppData\Roaming\Malwarebytes
2010-08-21 21:51 . 2010-04-29 22:39 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2010-08-21 21:51 . 2010-08-26 06:39 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2010-08-21 21:51 . 2010-08-21 21:51 -------- d-----w- c:\programdata\Malwarebytes
2010-08-21 21:51 . 2010-04-29 22:39 20952 ----a-w- c:\windows\system32\drivers\mbam.sys
2010-08-21 17:39 . 2010-09-14 19:33 -------- d-----w- c:\users\User\AppData\Roaming\vlc
2010-08-19 19:31 . 2010-08-19 19:31 12536 ----a-w- c:\windows\system32\avgrsstx.dll
2010-08-19 19:31 . 2010-08-19 19:31 243024 ----a-w- c:\windows\system32\drivers\avgtdix.sys
2010-08-19 19:31 . 2010-08-19 19:31 216400 ----a-w- c:\windows\system32\drivers\avgldx86.sys
2010-08-19 19:31 . 2010-08-19 19:31 29584 ----a-w- c:\windows\system32\drivers\avgmfx86.sys
2010-08-19 19:31 . 2010-09-15 16:48 -------- d-----w- c:\windows\system32\drivers\Avg
2010-08-19 19:02 . 2010-08-19 19:02 -------- d-----w- c:\program files\AVG
2010-08-19 19:02 . 2010-09-09 20:46 -------- d-----w- c:\programdata\avg9

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-09-15 23:11 . 2010-08-16 05:53 -------- d-----w- c:\program files\PeerBlock
2010-09-14 06:12 . 2010-02-18 22:06 -------- d-----w- c:\program files\uTorrent
2010-09-14 06:10 . 2010-02-18 22:06 -------- d-----w- c:\users\User\AppData\Roaming\uTorrent
2010-09-14 06:02 . 2010-04-12 04:59 -------- d-----w- c:\program files\Common Files\Blizzard Entertainment
2010-09-12 18:15 . 2010-06-03 06:58 -------- d-----w- c:\programdata\Lavasoft
2010-09-09 21:34 . 2010-02-18 07:19 -------- d-----w- c:\users\User\AppData\Roaming\Winamp
2010-09-07 17:59 . 2010-02-22 06:20 -------- d-----w- c:\users\User\AppData\Roaming\Audacity
2010-08-27 07:19 . 2010-02-22 02:15 -------- d-----w- c:\program files\YouTube Downloader
2010-08-26 00:57 . 2010-02-19 18:19 -------- d-----w- c:\program files\Common Files\Wise Installation Wizard
2010-08-16 05:52 . 2010-08-16 05:45 -------- d-----w- c:\program files\PeerGuardian2
2010-08-13 06:27 . 2010-08-13 06:27 27591840 ----a-w- c:\programdata\Yahoo!\YUpdater\msgup1000_1270_us_u2.exe
2010-08-08 20:24 . 2010-08-08 20:24 -------- d-----w- c:\users\User\AppData\Roaming\Mobipocket
2010-08-08 20:23 . 2010-08-08 20:23 50008 ----a-r- c:\users\User\AppData\Roaming\Microsoft\Installer\{342126E1-173C-4585-BFBE-3EBDD20E3E9E}\_6FEFF9B68218417F98F549.exe
2010-08-08 20:23 . 2010-08-08 20:23 -------- d-----w- c:\program files\Mobipocket.com
2010-08-06 05:48 . 2010-04-12 22:49 -------- d-----w- c:\users\User\AppData\Roaming\Skype
2010-08-05 23:08 . 2010-04-12 22:51 -------- d-----w- c:\users\User\AppData\Roaming\skypePM
2010-07-20 16:52 . 2010-02-18 07:43 -------- d-----w- c:\users\User\AppData\Roaming\mIRC
2010-07-20 16:44 . 2010-02-18 07:43 -------- d-----w- c:\program files\mIRC
2010-07-19 23:02 . 2010-07-19 23:02 -------- d-----w- c:\users\User\AppData\Roaming\Red Kawa
2010-07-19 22:56 . 2010-07-19 22:56 -------- d-----w- c:\program files\AviSynth 2.5
2010-07-19 22:56 . 2010-07-19 22:56 -------- d-----w- c:\program files\Red Kawa
2009-06-10 21:26 . 2009-07-14 02:04 9633792 --sha-r- c:\windows\Fonts\StaticCache.dat
2009-07-14 01:14 . 2009-07-13 23:42 396800 --sha-w- c:\windows\winsxs\x86_microsoft-windows-mail-app_31bf3856ad364e35_6.1.7600.16385_none_f12e83abb108c86c\WinMail.exe
.

((((((((((((((((((((((((((((( SnapShot@2010-09-14_23.33.27 )))))))))))))))))))))))))))))))))))))))))
.
+ 2009-07-14 04:55 . 2010-09-15 23:10 36366 c:\windows\System32\wdi\BootPerformanceDiagnostics_SystemData.bin
- 2009-07-14 04:55 . 2010-09-14 23:34 36366 c:\windows\System32\wdi\BootPerformanceDiagnostics_SystemData.bin
+ 2010-02-18 02:30 . 2010-09-15 23:11 10430 c:\windows\System32\wdi\{86432a0b-3c7d-4ddf-a89c-172faa90485d}\S-1-5-21-3074497874-418840486-2860784660-1000_UserData.bin
+ 2010-02-18 03:20 . 2010-09-15 16:47 49152 c:\windows\System32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
- 2010-02-18 03:20 . 2010-09-14 06:17 49152 c:\windows\System32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
+ 2009-07-14 04:41 . 2010-09-15 16:47 32768 c:\windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
- 2009-07-14 04:41 . 2010-09-14 06:17 32768 c:\windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
- 2010-02-18 04:57 . 2010-09-14 23:33 16384 c:\windows\ServiceProfiles\NetworkService\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
+ 2010-02-18 04:57 . 2010-09-15 23:09 16384 c:\windows\ServiceProfiles\NetworkService\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
- 2010-02-18 04:57 . 2010-09-14 23:33 32768 c:\windows\ServiceProfiles\NetworkService\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
+ 2010-02-18 04:57 . 2010-09-15 23:09 32768 c:\windows\ServiceProfiles\NetworkService\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
- 2010-02-18 04:57 . 2010-09-14 23:33 16384 c:\windows\ServiceProfiles\NetworkService\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
+ 2010-02-18 04:57 . 2010-09-15 23:09 16384 c:\windows\ServiceProfiles\NetworkService\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
- 2010-02-18 02:49 . 2010-09-14 23:33 16384 c:\windows\ServiceProfiles\LocalService\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
+ 2010-02-18 02:49 . 2010-09-15 23:09 16384 c:\windows\ServiceProfiles\LocalService\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
- 2010-02-19 19:07 . 2010-09-14 23:11 32768 c:\windows\ServiceProfiles\LocalService\AppData\Local\Temp\Temporary Internet Files\Content.IE5\index.dat
+ 2010-02-19 19:07 . 2010-09-15 23:00 32768 c:\windows\ServiceProfiles\LocalService\AppData\Local\Temp\Temporary Internet Files\Content.IE5\index.dat
+ 2010-02-19 19:07 . 2010-09-15 23:00 16384 c:\windows\ServiceProfiles\LocalService\AppData\Local\Temp\History\History.IE5\index.dat
- 2010-02-19 19:07 . 2010-09-14 23:11 16384 c:\windows\ServiceProfiles\LocalService\AppData\Local\Temp\History\History.IE5\index.dat
+ 2010-02-19 19:07 . 2010-09-15 23:00 16384 c:\windows\ServiceProfiles\LocalService\AppData\Local\Temp\Cookies\index.dat
- 2010-02-19 19:07 . 2010-09-14 23:11 16384 c:\windows\ServiceProfiles\LocalService\AppData\Local\Temp\Cookies\index.dat
- 2010-02-18 02:49 . 2010-09-14 23:33 32768 c:\windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
+ 2010-02-18 02:49 . 2010-09-15 23:09 32768 c:\windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
- 2010-02-18 02:49 . 2010-09-14 23:33 16384 c:\windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
+ 2010-02-18 02:49 . 2010-09-15 23:09 16384 c:\windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
+ 2010-09-14 06:12 . 2010-09-15 23:09 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat
- 2010-09-14 06:12 . 2010-09-14 23:32 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat
+ 2010-02-19 00:20 . 2010-09-15 15:18 274820 c:\windows\System32\wdi\SuspendPerformanceDiagnostics_SystemData_S4.bin
+ 2009-07-14 02:05 . 2010-09-15 01:09 626794 c:\windows\System32\perfh009.dat
- 2009-07-14 02:05 . 2010-09-14 19:58 626794 c:\windows\System32\perfh009.dat
- 2009-07-14 02:05 . 2010-09-14 19:58 108366 c:\windows\System32\perfc009.dat
+ 2009-07-14 02:05 . 2010-09-15 01:09 108366 c:\windows\System32\perfc009.dat
- 2010-02-18 03:20 . 2010-09-14 06:17 327680 c:\windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
+ 2010-02-18 03:20 . 2010-09-15 16:47 327680 c:\windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2009-07-14 1173504]
"Google Update"="c:\users\User\AppData\Local\Google\Update\GoogleUpdate.exe" [2010-06-15 136176]
"PeerBlock"="c:\program files\PeerBlock\peerblock.exe" [2009-09-28 1529432]
"Pando Media Booster"="c:\program files\Pando Networks\Media Booster\PMB.exe" [2010-09-10 2969496]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Acrobat Assistant 8.0"="c:\program files\Adobe\Acrobat 9.0\Acrobat\Acrotray.exe" [2010-04-03 640440]
"SoundMan"="SOUNDMAN.EXE" [2009-04-14 604704]
"GrooveMonitor"="c:\program files\Microsoft Office\Office12\GrooveMonitor.exe" [2008-10-25 31072]
"OODefragTray"="c:\program files\OO Software\Defrag\oodtray.exe" [2009-09-12 2524416]
"UpdatePDRShortCut"="c:\program files\CyberLink\PowerDirector\MUITransfer\MUIStartMenu.exe" [2008-12-04 218408]
"googletalk"="c:\program files\Google\Google Talk\googletalk.exe" [2007-01-01 3739648]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2010-01-11 246504]
"AVG9_TRAY"="c:\progra~1\AVG\AVG9\avgtray.exe" [2010-08-19 2065760]
"Malwarebytes' Anti-Malware"="c:\program files\Malwarebytes' Anti-Malware\mbamgui.exe" [2010-04-29 437584]

c:\users\User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
CurseClientStartup.ccip [2010-4-12 0]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 0 (0x0)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableLUA"= 0 (0x0)
"EnableUIADesktopToggle"= 0 (0x0)
"PromptOnSecureDesktop"= 0 (0x0)

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"AppInit_DLLs"=c:\windows\System32\acaptuser32.dll c:\windows\System32\avgrsstx.dll

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]
BootExecute REG_MULTI_SZ autocheck autochk *\0OODBS

[HKLM\~\startupfolder\C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^Adobe Gamma Loader.lnk]
path=c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\Adobe Gamma Loader.lnk
backup=c:\windows\pss\Adobe Gamma Loader.lnk.CommonStartup
backupExtension=.CommonStartup

[HKLM\~\startupfolder\C:^Users^User^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^MagicDisc.lnk]
path=c:\users\User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\MagicDisc.lnk
backup=c:\windows\pss\MagicDisc.lnk.Startup
backupExtension=.Startup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Acrobat Speed Launcher]
2010-04-04 05:32 38840 ----a-w- c:\program files\Adobe\Acrobat 9.0\Acrobat\acrobat_sl.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe ARM]
2010-06-09 08:06 976832 ----a-w- c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Aim]
2009-12-01 17:38 3951976 ----a-w- c:\program files\AIM\aim.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DKPProfilerUploader]
2007-11-19 09:27 102400 ----a-w- c:\program files\DKP Profiler Uploader\DKPProfilerUploader.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper]
2010-02-16 01:07 141608 ----a-w- c:\program files\iTunes\iTunesHelper.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Logitech Vid]
2009-07-16 22:35 5458704 ----a-w- c:\program files\Logitech\Logitech Vid\Vid.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LogitechQuickCamRibbon]
2009-10-14 20:36 2793304 ----a-w- c:\program files\Logitech\Logitech WebCam Software\LWS.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Messenger (Yahoo!)]
2009-11-10 22:39 5244216 ----a-w- c:\progra~1\Yahoo!\Messenger\YahooMessenger.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
2010-02-16 01:50 417792 ----a-w- c:\program files\QuickTime\QTTask.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WinampAgent]
2010-01-13 22:44 37888 ----a-w- c:\program files\Winamp\winampa.exe

R0 Lbd;Lbd;c:\windows\system32\DRIVERS\Lbd.sys [x]
R2 gupdate;Google Update Service (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [2010-05-17 136176]
R3 Creative ALchemy AL6 Licensing Service;Creative ALchemy AL6 Licensing Service;c:\program files\Common Files\Creative Labs Shared\Service\AL6Licensing.exe [2010-04-12 79360]
R3 Creative Audio Engine Licensing Service;Creative Audio Engine Licensing Service;c:\program files\Common Files\Creative Labs Shared\Service\CTAELicensing.exe [2010-04-12 79360]
R3 MEMSWEEP2;MEMSWEEP2;c:\windows\system32\F41F.tmp [x]
R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe [2010-06-03 1343400]
R3 WRfiltv;WRfiltv;c:\windows\system32\drivers\WRfiltv.sys [2009-07-31 17920]
S1 AvgLdx86;AVG Free AVI Loader Driver x86;c:\windows\system32\Drivers\avgldx86.sys [2010-08-19 216400]
S1 AvgTdiX;AVG Free Network Redirector;c:\windows\system32\Drivers\avgtdix.sys [2010-08-19 243024]
S2 avg9wd;AVG Free WatchDog;c:\program files\AVG\AVG9\avgwdsvc.exe [2010-08-19 308136]
S2 MBAMService;MBAMService;c:\program files\Malwarebytes' Anti-Malware\mbamservice.exe [2010-04-29 304464]
S3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [2010-04-29 20952]
S3 pbfilter;pbfilter;c:\program files\PeerBlock\pbfilter.sys [2009-09-28 16472]

.
Contents of the 'Scheduled Tasks' folder

2010-09-15 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-05-17 20:33]

2010-09-15 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-05-17 20:33]

2010-09-15 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3074497874-418840486-2860784660-1000Core.job
- c:\users\User\AppData\Local\Google\Update\GoogleUpdate.exe [2010-07-06 04:41]

2010-09-15 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3074497874-418840486-2860784660-1000UA.job
- c:\users\User\AppData\Local\Google\Update\GoogleUpdate.exe [2010-07-06 04:41]
.
.
------- Supplementary Scan -------
.
uInternet Settings,ProxyOverride = <local>
uInternet Settings,ProxyServer = http=127.0.0.1:6522
IE: Append Link Target to Existing PDF - c:\program files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
IE: Append to Existing PDF - c:\program files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppend.html
IE: Convert Link Target to Adobe PDF - c:\program files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
IE: Convert to Adobe PDF - c:\program files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIECapture.html
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000
DPF: {0067DBFC-A752-458C-AE6E-B9C7E63D4824} - hxxp://www.logitech.com/devicedetector/plugins/LogitechDeviceDetection32.cab
DPF: {83A4D5A6-E2C1-4EDD-AD48-1A1C50BD06EF} - hxxp://www.bearbook.com/WebResource.axd?d=3LyxKpRiDMO9WBglmpCrXqANufuc6xt4cWD3JwC0hTC36uMCOPYsETjQK-yIn8gndxqQSmjbfLcv265-9M15L-o4aSFQhBwWFVergK51b601&t=634187939332716250
FF - ProfilePath - c:\users\User\AppData\Roaming\Mozilla\Firefox\Profiles\46oz1h7i.default\
FF - prefs.js: browser.startup.homepage - hxxp://www.wow.com/
FF - prefs.js: keyword.URL - hxxp://www.google.com/search?ie=UTF-8&oe=UTF-8&sourceid=navclient&gfns=1&q=
FF - component: c:\program files\AVG\AVG9\Firefox\components\avgssff.dll
FF - component: c:\program files\Mozilla Firefox\extensions\{AB2CE124-6272-4b12-94A9-7303C7397BD1}\components\SkypeFfComponent.dll
FF - plugin: c:\program files\Google\Google Earth\plugin\npgeplugin.dll
FF - plugin: c:\program files\Google\Update\1.2.183.29\npGoogleOneClick8.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\npdnupdater2.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\npwachk.dll
FF - plugin: c:\program files\Pando Networks\Media Booster\npPandoWebPlugin.dll
FF - plugin: c:\users\User\AppData\Local\Google\Update\1.2.183.29\npGoogleOneClick8.dll

---- FIREFOX POLICIES ----
FF - user.js: network.protocol-handler.warn-external.dnupdate - false
FF - user.js: search.clsid - {061B59D8-D826-4C4D-8FDE-2925E844AD93}
FF - user.js: search.sid - 15101055100
FF - user.js: extensions.newAddons - falsec:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgbaam7a8h", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgberp4a5d4ar", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled", false);
.

[HKEY_LOCAL_MACHINE\system\ControlSet001\services\MEMSWEEP2]
"ImagePath"="\??\c:\windows\system32\F41F.tmp"
.
--------------------- LOCKED REGISTRY KEYS ---------------------

[HKEY_LOCAL_MACHINE\software\Microsoft\Windows\CurrentVersion\System*]
"OODEFRAG12.00.00.01PROFESSIONAL"="5C0DC82FE690955DBAA32DA428C773E71D1917C31398129C94A6F74C9E7877265CE4B9EB8E4A7915938602EA5C21E9D5D1AE44F36C9711BE8442A9E59AB7FBA6A3E2C33512701A92AD68115D719BA770FA6C52E64B1569DD5E6FACF6E5FEBC9E127BECC74CFEBC9E127BECC74CFEBC9E127BECC74CFEBC9E127BECC74CFEBC9E127BECC74CFEBC9E127BECC74CA6A0AC4980AC7933A6171C11EC38DE3DA9C6AECB7A5D1407BA7FD869164D67946BFEA9E5E8AD497502C0466D2EF1C97C8C16006F1F39C3603C1EC13829398D31961208F36832317A8DF9A654C4117D04A1BEA8F81E67296F9A0235B58D2C861F4DCC10A23353C36FF48E9FF993B03D3D14E509C886ABE340713C5AF338462A3497B8478234EE8C4DF2F4EC4306A81F86700E37B9657AB136BB80C060F7B782F580D254B89C93005FC296712C4D851F9042AD6F3C0CFD3784F8EE1D815E6979BF180C85005F0672C5A4513443E0099A5E9C310F521114FBB62A22476E43F36241F0C9CC24363C9C73DEF65CA9F6A654CB93761A94D04DEAAA5725B954C2A66E7C2463BC861DE11CB1B94F399610087203C0D0362D656FD3910AF795F23C84B8C84DA7901D52D6729A0192BCD36A08FE064408AFDBB4F4E9F0D18F9F9DD042BBCF8AD7A2715BAF861F06EE7D3F8B386A293DD5F374E18AC3A3C1D23DBEE9CDD9910127761F80329E021D08344BBD5C0416526997DC5A915ED5EE9D7BD0B0C156605740AFD84EDB6ADC1FF1BFFE0EED04C72D67D011499F180BF3410C63167359623ABF976393D97B19E7B7A074CC1985117BE4F9A0227FB4187201C09DCB686F92D7B69998659145F7D9577E58103E84956EED92AE9BAC5BA5099411B6C95B09C065A9C8E59C1AA28DD8C2A2EF3072E5CDBB80BDF12EDA973461291BF8CBBAFA8E1912D8CAD23E51C0CC5F798ECA7D6E861E914137996ED893A3DD9DC64FA87D74305CA25F6BFD72CDA20917A0405CC9625186095C5F00F1E98146FB1419FB2C3BE9EAA44A880E0AC34B8BB02337BF85D399BBA3D4465E1B31ABEBBEE82FBF888109917D4A13D30488BBA99F29188B13A4BAFEC328D60B70B6584812605DB1773C561AF230B66CABD06D9962D78F584BF17D93C0F161BA6F9D44CEC4AD32C43F301C406E60E32633A9D9069A6A8E73E62C3230166076D7FBD92B604B12029F8DF92BB6FCD64E0630F3050C0EAE4CDB0598A80161B7EC005F3652573E67629C73075622CD1EEEC29BE2F1BEA608BEC8274E37A466505E8342D07F7E581A30C9E319F59938580147D27D2A2273EBA620B4BC372D0B132AE8361B7D167AA809EAB8C9E52DB2BB85B3979FB833A4E4827F77220623DB7F70E92ED91A52A82A5075AD02055C5C8FC0DB0F7A2F5D901097B79D940680852B99F37FA8A85B0AC4AE936280B69BF3B3B947C290A30432A0704C3B7B1C345D"

[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
------------------------ Other Running Processes ------------------------
.
c:\windows\system32\nvvsvc.exe
c:\program files\Creative\Shared Files\CTAudSvc.exe
c:\windows\system32\nvvsvc.exe
c:\windows\system32\taskhost.exe
c:\program files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
c:\program files\Bonjour\mDNSResponder.exe
c:\program files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe
c:\program files\OO Software\Defrag\oodag.exe
c:\program files\CyberLink\Shared files\RichVideo.exe
c:\windows\system32\conhost.exe
c:\program files\AVG\AVG9\avgnsx.exe
c:\program files\AVG\AVG9\avgrsx.exe
c:\program files\AVG\AVG9\avgchsvx.exe
c:\program files\AVG\AVG9\avgcsrvx.exe
c:\windows\SOUNDMAN.EXE
c:\program files\AVG\AVG9\avgtray.exe
c:\windows\Microsoft.NET\Framework\v2.0.50727\dfsvc.exe
c:\program files\Windows Media Player\wmpnetwk.exe
.
**************************************************************************
.
Completion time: 2010-09-15 16:13:56 - machine was rebooted
ComboFix-quarantined-files.txt 2010-09-15 23:13
ComboFix2.txt 2010-09-14 23:37

Pre-Run: 26,722,516,992 bytes free
Post-Run: 26,677,702,656 bytes free

- - End Of File - - E39F4888E9FFA8B8DFDDF9A4EA93215A
Upload was successful


#11 etavares

etavares

    Bleepin' Remover


  • Malware Response Team
  • 15,514 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:08:22 PM

Posted 16 September 2010 - 06:12 PM

Hello, hobyman.

That file wasn't there, so it looks like MBAM caught it. Any more popups from MBAM?



Step 1

Next, we need to update Java.
Your Java is out of date. Older versions have vulnerabilities that malicious sites can use to exploit and infect your system. Please follow these steps to remove older version Java components and update:
  • Download the latest version of Java Runtime Environment (JRE) Version 21 and save it to your desktop.
  • Scroll down to where it says "JDK 6 Update 21 (JDK or JRE)...allows end-users to run Java applications".
  • Click the "Download JRE" button to the right.
  • Select your Platform: "Windows".
  • Select your Language: "Multi-language".
  • Read the License Agreement, and then check the box that says: "Accept License Agreement".
  • Click Continue and the page will refresh.
  • Click on the link to download Windows Offline Installation and save the file to your desktop.
  • Close any programs you may have running - especially your web browser.
  • Go to Start > Settings > Control Panel, double-click on Add/Remove Programs and remove all older versions of Java.
  • Check (highlight) any item with Java Runtime Environment (JRE or J2SE) or Java™ in the name.
  • Click the Remove or Change/Remove button.
  • Repeat as many times as necessary to remove each Java versions.
  • Reboot your computer once all Java components are removed.
  • Then from your desktop double-click on jre-6u21-windows-i586-p.exe to install the newest version.



Step 2

Please pull anything out of the recycle bin that you want to save. Part of this fix will empty temp files, and that does include the recycle bin.

We need run an OTL Script
  1. Please download OTL from one of the following mirrors if you do not still have it.
  2. Save it to your desktop.
  3. Double click on the icon on your desktop.
  4. Paste the following code under the Custom Scans/Fixes box at the bottom. Do not include the word "Code".
    CODE
    :OTL
    DRV - File not found [Kernel | On_Demand | Stopped] -- C:\Program Files\PeerGuardian2\pgfilter.sys -- (pgfilter)
    DRV - File not found [Kernel | On_Demand | Stopped] -- C:\Windows\System32\F41F.tmp -- (MEMSWEEP2)
    DRV - File not found [File_System | Boot | Stopped] -- C:\Windows\System32\DRIVERS\Lbd.sys -- (Lbd)
    O2 - BHO: (no name) - {0B1B0D47-95F7-4bad-9309-A945B655AE61} - No CLSID value found.
    O4 - HKLM..\Run: [] File not found
    O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - CLSID or File not found.
    IE - HKU\S-1-5-21-3074497874-418840486-2860784660-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyServer" = http=127.0.0.1:6522
    :Commands
    [EmptyTemp]
  5. Click the Run Fix button at the top.
  6. let the program run unhindered and reboot when it is done.
  7. You will get a log when it is done, please post that in your reply.
  8. Please then create a new OTL report....
  9. Click the "Scan All Users" checkbox.
  10. Push the button.
  11. A report will open, copy and paste it in a reply here.



Step 3

I'd like us to scan your machine with ESET OnlineScan
  1. Hold down Control and click on the following link to open ESET OnlineScan in a new window.
    ESET OnlineScan
  2. Click the button.
  3. For alternate browsers only: (Microsoft Internet Explorer users can skip these steps)
    1. Click on to download the ESET Smart Installer. Save it to your desktop.
    2. Double click on the icon on your desktop.
  4. Check
  5. Click the button.
  6. Accept any security warnings from your browser.
  7. Check
  8. Push the Start button.
  9. ESET will then download updates for itself, install itself, and begin scanning your computer. Please be patient as this can take some time.
  10. When the scan completes, push
  11. Push , and save the file to your desktop using a unique name, such as ESETScan. Include the contents of this report in your next reply.
  12. Push the button.
  13. Push

etavares


If I don't respond within 2 days, please feel free to PM me.
Please don't ask for help via PM. The forums are there for a reason. Please post in the forums so others may benefit as well.

Posted Image
Unified Network of Instructors and Trusted Eliminators
 


#12 hobyman

hobyman
  • Topic Starter

  • Members
  • 13 posts
  • OFFLINE
  •  
  • Local time:05:22 PM

Posted 16 September 2010 - 08:41 PM

Malware continues to find and quarantine seupd.exe. Here's the data from the new logs:


All processes killed
========== OTL ==========
Service pgfilter stopped successfully!
Service pgfilter deleted successfully!
File C:\Program Files\PeerGuardian2\pgfilter.sys not found.
Service MEMSWEEP2 stopped successfully!
Service MEMSWEEP2 deleted successfully!
File C:\Windows\System32\F41F.tmp not found.
Service Lbd stopped successfully!
Service Lbd deleted successfully!
File C:\Windows\System32\DRIVERS\Lbd.sys not found.
Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{0B1B0D47-95F7-4bad-9309-A945B655AE61}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{0B1B0D47-95F7-4bad-9309-A945B655AE61}\ not found.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\\ not found.
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad\\WebCheck deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{E6FB5E20-DE35-11CF-9C87-00AA005127ED}\ deleted successfully.
HKU\S-1-5-21-3074497874-418840486-2860784660-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings\\ProxyServer| /E : value set successfully!
========== COMMANDS ==========

[EMPTYTEMP]

User: All Users

User: Default
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 67 bytes

User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes

User: Mcx1-USER-PC
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 67 bytes

User: Mcx2-USER-PC
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 67 bytes

User: Public
->Temp folder emptied: 0 bytes

User: User
->Temp folder emptied: 1118820 bytes
->Temporary Internet Files folder emptied: 1630750 bytes
->Java cache emptied: 5225262 bytes
->FireFox cache emptied: 44799487 bytes
->Google Chrome cache emptied: 288544820 bytes
->Flash cache emptied: 68243 bytes

%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 109688 bytes
RecycleBin emptied: 3308866808 bytes

Total Files Cleaned = 3,481.00 mb


OTL by OldTimer - Version 3.2.12.0 log created on 09162010_164728

Files\Folders moved on Reboot...
File move failed. C:\Windows\temp\logishrd\LVPrcInj01.dll scheduled to be moved on reboot.

Registry entries deleted on Reboot...

----------------------------------------------

OTL logfile created on: 9/16/2010 4:52:15 PM - Run 2
OTL by OldTimer - Version 3.2.12.0 Folder = C:\Users\User\Desktop
Ultimate Edition (Version = 6.1.7600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.7600.16385)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

3.00 Gb Total Physical Memory | 2.00 Gb Available Physical Memory | 66.00% Memory free
6.00 Gb Paging File | 5.00 Gb Available in Paging File | 81.00% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 232.79 Gb Total Space | 22.31 Gb Free Space | 9.58% Space Free | Partition Type: NTFS
D: Drive not present or media not loaded
E: Drive not present or media not loaded
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded

Computer Name: USER-PC
Current User Name: User
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: All users
Company Name Whitelist: Off
Skip Microsoft Files: Off
File Age = 30 Days
Output = Standard

========== Processes (SafeList) ==========

PRC - [2010/09/13 17:19:50 | 000,576,000 | ---- | M] (OldTimer Tools) -- C:\Users\User\Desktop\OTL.exe
PRC - [2010/09/12 15:18:13 | 000,975,928 | ---- | M] (Google Inc.) -- C:\Users\User\AppData\Local\Google\Chrome\Application\chrome.exe
PRC - [2010/09/10 12:46:21 | 002,969,496 | ---- | M] () -- C:\Program Files\Pando Networks\Media Booster\PMB.exe
PRC - [2010/08/19 12:31:28 | 001,101,152 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG9\avgchsvx.exe
PRC - [2010/08/19 12:31:28 | 000,723,296 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG9\avgcsrvx.exe
PRC - [2010/08/19 12:31:28 | 000,620,896 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG9\avgnsx.exe
PRC - [2010/08/19 12:31:28 | 000,515,424 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG9\avgrsx.exe
PRC - [2010/08/19 12:31:27 | 002,065,760 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG9\avgtray.exe
PRC - [2010/08/19 12:31:27 | 000,308,136 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG9\avgwdsvc.exe
PRC - [2010/04/29 15:39:34 | 000,304,464 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe
PRC - [2010/04/29 15:39:32 | 000,437,584 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe
PRC - [2010/04/03 16:44:26 | 000,640,440 | ---- | M] (Adobe Systems Inc.) -- C:\Program Files\Adobe\Acrobat 9.0\Acrobat\acrotray.exe
PRC - [2009/10/30 22:45:39 | 002,614,272 | ---- | M] (Microsoft Corporation) -- C:\Windows\explorer.exe
PRC - [2009/10/07 01:47:34 | 000,154,136 | ---- | M] (Logitech Inc.) -- C:\Program Files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe
PRC - [2009/09/28 02:02:42 | 001,529,432 | ---- | M] (PeerBlock, LLC) -- C:\Program Files\PeerBlock\peerblock.exe
PRC - [2009/09/12 00:34:12 | 001,488,128 | ---- | M] (O&O Software GmbH) -- C:\Program Files\OO Software\Defrag\oodag.exe
PRC - [2009/09/12 00:34:00 | 002,524,416 | ---- | M] (O&O Software GmbH) -- C:\Program Files\OO Software\Defrag\oodtray.exe
PRC - [2009/08/28 19:45:56 | 000,286,720 | ---- | M] (Creative Technology Ltd) -- C:\Program Files\Creative\Shared Files\CTAudSvc.exe
PRC - [2009/07/13 18:14:42 | 000,049,152 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\taskhost.exe
PRC - [2009/06/10 14:22:50 | 000,005,120 | ---- | M] (Microsoft Corporation) -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\dfsvc.exe
PRC - [2009/04/14 07:43:42 | 000,604,704 | ---- | M] (Realtek Semiconductor Corp.) -- C:\Windows\SOUNDMAN.EXE
PRC - [2007/01/01 14:22:02 | 003,739,648 | ---- | M] (Google) -- C:\Program Files\Google\Google Talk\googletalk.exe


========== Modules (SafeList) ==========

MOD - [2010/09/13 17:19:50 | 000,576,000 | ---- | M] (OldTimer Tools) -- C:\Users\User\Desktop\OTL.exe
MOD - [2009/07/13 18:16:15 | 000,099,840 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\sspicli.dll
MOD - [2009/07/13 18:16:13 | 000,092,160 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\sechost.dll
MOD - [2009/07/13 18:16:12 | 000,031,744 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\profapi.dll
MOD - [2009/07/13 18:15:35 | 000,288,256 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\KernelBase.dll
MOD - [2009/07/13 18:15:13 | 000,067,072 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\dwmapi.dll
MOD - [2009/07/13 18:15:11 | 000,064,512 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\devobj.dll
MOD - [2009/07/13 18:15:07 | 000,036,864 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\cryptbase.dll
MOD - [2009/07/13 18:15:02 | 000,145,920 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\cfgmgr32.dll
MOD - [2009/07/13 18:14:10 | 000,095,232 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\msscript.ocx
MOD - [2009/07/13 18:03:50 | 001,680,896 | ---- | M] (Microsoft Corporation) -- C:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7600.16385_none_421189da2b7fabfc\comctl32.dll


========== Win32 Services (SafeList) ==========

SRV - [2010/08/19 12:31:27 | 000,308,136 | ---- | M] (AVG Technologies CZ, s.r.o.) [Auto | Running] -- C:\Program Files\AVG\AVG9\avgwdsvc.exe -- (avg9wd)
SRV - [2010/06/02 17:07:07 | 001,343,400 | ---- | M] (Microsoft Corporation) [Unknown | Stopped] -- C:\Windows\System32\Wat\WatAdminSvc.exe -- (WatAdminSvc)
SRV - [2010/04/29 15:39:34 | 000,304,464 | ---- | M] (Malwarebytes Corporation) [Auto | Running] -- C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe -- (MBAMService)
SRV - [2010/04/12 15:31:46 | 000,079,360 | ---- | M] (Creative Labs) [On_Demand | Stopped] -- C:\Program Files\Common Files\Creative Labs Shared\Service\CTAELicensing.exe -- (Creative Audio Engine Licensing Service)
SRV - [2010/04/12 15:31:26 | 000,079,360 | ---- | M] (Creative Labs) [On_Demand | Stopped] -- C:\Program Files\Common Files\Creative Labs Shared\Service\AL6Licensing.exe -- (Creative ALchemy AL6 Licensing Service)
SRV - [2010/02/21 22:19:42 | 000,655,624 | ---- | M] (Acresso Software Inc.) [On_Demand | Stopped] -- C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe -- (FLEXnet Licensing Service)
SRV - [2009/10/07 01:47:34 | 000,154,136 | ---- | M] (Logitech Inc.) [Auto | Running] -- C:\Program Files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe -- (LVPrcSrv)
SRV - [2009/09/12 00:34:12 | 001,488,128 | ---- | M] (O&O Software GmbH) [Auto | Running] -- C:\Program Files\OO Software\Defrag\oodag.exe -- (O&O Defrag)
SRV - [2009/08/28 19:45:56 | 000,286,720 | ---- | M] (Creative Technology Ltd) [Auto | Running] -- C:\Program Files\Creative\Shared Files\CTAudSvc.exe -- (CTAudSvcService)
SRV - [2009/07/13 18:16:21 | 000,185,856 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\wwansvc.dll -- (WwanSvc)
SRV - [2009/07/13 18:16:17 | 000,151,552 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\wbiosrvc.dll -- (WbioSrvc)
SRV - [2009/07/13 18:16:17 | 000,119,808 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\System32\umpo.dll -- (Power)
SRV - [2009/07/13 18:16:16 | 000,037,376 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\System32\themeservice.dll -- (Themes)
SRV - [2009/07/13 18:16:15 | 000,053,760 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\sppuinotify.dll -- (sppuinotify)
SRV - [2009/07/13 18:16:13 | 000,043,520 | ---- | M] (Microsoft Corporation) [Unknown | Running] -- C:\Windows\System32\RpcEpMap.dll -- (RpcEptMapper)
SRV - [2009/07/13 18:16:13 | 000,025,088 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\sensrsvc.dll -- (SensrSvc)
SRV - [2009/07/13 18:16:12 | 001,004,544 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\PeerDistSvc.dll -- (PeerDistSvc)
SRV - [2009/07/13 18:16:12 | 000,269,824 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Windows\System32\pnrpsvc.dll -- (PNRPsvc)
SRV - [2009/07/13 18:16:12 | 000,269,824 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Windows\System32\pnrpsvc.dll -- (p2pimsvc)
SRV - [2009/07/13 18:16:12 | 000,165,376 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Windows\System32\provsvc.dll -- (HomeGroupProvider)
SRV - [2009/07/13 18:16:12 | 000,020,480 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\pnrpauto.dll -- (PNRPAutoReg)
SRV - [2009/07/13 18:15:41 | 000,680,960 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
SRV - [2009/07/13 18:15:36 | 000,194,560 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Windows\System32\ListSvc.dll -- (HomeGroupListener)
SRV - [2009/07/13 18:15:21 | 000,797,696 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\FntCache.dll -- (FontCache)
SRV - [2009/07/13 18:15:11 | 000,253,440 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\System32\dhcpcore.dll -- (Dhcp)
SRV - [2009/07/13 18:15:10 | 000,218,624 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\defragsvc.dll -- (defragsvc)
SRV - [2009/07/13 18:14:59 | 000,076,800 | ---- | M] (Microsoft Corporation) [Unknown | Stopped] -- C:\Windows\System32\bdesvc.dll -- (BDESVC)
SRV - [2009/07/13 18:14:58 | 000,088,064 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\AxInstSv.dll -- (AxInstSV) ActiveX Installer (AxInstSV)
SRV - [2009/07/13 18:14:53 | 000,027,648 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\appidsvc.dll -- (AppIDSvc)
SRV - [2009/07/13 18:14:29 | 003,179,520 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\sppsvc.exe -- (sppsvc)


========== Driver Services (SafeList) ==========

DRV - File not found [Kernel | On_Demand | Stopped] -- C:\Users\User\AppData\Local\Temp\catchme.sys -- (catchme)
DRV - [2010/08/19 12:31:36 | 000,243,024 | ---- | M] (AVG Technologies CZ, s.r.o.) [Kernel | System | Running] -- C:\Windows\System32\drivers\avgtdix.sys -- (AvgTdiX)
DRV - [2010/08/19 12:31:34 | 000,216,400 | ---- | M] (AVG Technologies CZ, s.r.o.) [Kernel | System | Running] -- C:\Windows\System32\drivers\avgldx86.sys -- (AvgLdx86)
DRV - [2010/08/19 12:31:29 | 000,029,584 | ---- | M] (AVG Technologies CZ, s.r.o.) [File_System | System | Running] -- C:\Windows\System32\drivers\avgmfx86.sys -- (AvgMfx86)
DRV - [2010/04/29 15:39:26 | 000,020,952 | ---- | M] (Malwarebytes Corporation) [File_System | On_Demand | Running] -- C:\Windows\System32\drivers\mbam.sys -- (MBAMProtector)
DRV - [2010/01/11 21:03:33 | 011,586,280 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\nvlddmkm.sys -- (nvlddmkm)
DRV - [2009/12/11 00:44:02 | 000,133,720 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\System32\Drivers\ksecpkg.sys -- (KSecPkg)
DRV - [2009/10/07 01:46:36 | 000,025,752 | ---- | M] () [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\LVPr2Mon.sys -- (LVPr2Mon)
DRV - [2009/09/28 02:02:42 | 000,016,472 | ---- | M] () [Kernel | On_Demand | Running] -- C:\Program Files\PeerBlock\pbfilter.sys -- (pbfilter)
DRV - [2009/07/31 11:39:58 | 000,017,920 | ---- | M] (Creative Technology Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\WRfiltv.sys -- (WRfiltv)
DRV - [2009/07/13 18:26:21 | 000,015,952 | ---- | M] (CMD Technology, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\cmdide.sys -- (cmdide)
DRV - [2009/07/13 18:26:17 | 000,297,552 | ---- | M] (Adaptec, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\adpahci.sys -- (adpahci)
DRV - [2009/07/13 18:26:15 | 000,422,976 | ---- | M] (Adaptec, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\adp94xx.sys -- (adp94xx)
DRV - [2009/07/13 18:26:15 | 000,159,312 | ---- | M] (AMD Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\amdsbs.sys -- (amdsbs)
DRV - [2009/07/13 18:26:15 | 000,146,512 | ---- | M] (Adaptec, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\adpu320.sys -- (adpu320)
DRV - [2009/07/13 18:26:15 | 000,086,608 | ---- | M] (Adaptec, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\arcsas.sys -- (arcsas)
DRV - [2009/07/13 18:26:15 | 000,079,952 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\amdsata.sys -- (amdsata)
DRV - [2009/07/13 18:26:15 | 000,076,368 | ---- | M] (Adaptec, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\arc.sys -- (arc)
DRV - [2009/07/13 18:26:15 | 000,023,616 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\system32\DRIVERS\amdxata.sys -- (amdxata)
DRV - [2009/07/13 18:26:15 | 000,014,400 | ---- | M] (Acer Laboratories Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\aliide.sys -- (aliide)
DRV - [2009/07/13 18:20:44 | 000,142,416 | ---- | M] (NVIDIA Corporation) [Kernel | Boot | Running] -- C:\Windows\system32\DRIVERS\nvstor.sys -- (nvstor)
DRV - [2009/07/13 18:20:44 | 000,117,312 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\nvraid.sys -- (nvraid)
DRV - [2009/07/13 18:20:44 | 000,044,624 | ---- | M] (IBM Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\nfrd960.sys -- (nfrd960)
DRV - [2009/07/13 18:20:37 | 000,089,168 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\lsi_sas.sys -- (LSI_SAS)
DRV - [2009/07/13 18:20:36 | 000,332,352 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\iaStorV.sys -- (iaStorV)
DRV - [2009/07/13 18:20:36 | 000,235,584 | ---- | M] (LSI Corporation, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\MegaSR.sys -- (MegaSR)
DRV - [2009/07/13 18:20:36 | 000,096,848 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\lsi_scsi.sys -- (LSI_SCSI)
DRV - [2009/07/13 18:20:36 | 000,095,824 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\lsi_fc.sys -- (LSI_FC)
DRV - [2009/07/13 18:20:36 | 000,054,864 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\lsi_sas2.sys -- (LSI_SAS2)
DRV - [2009/07/13 18:20:36 | 000,041,040 | ---- | M] (Intel Corp./ICP vortex GmbH) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\iirsp.sys -- (iirsp)
DRV - [2009/07/13 18:20:36 | 000,030,800 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\megasas.sys -- (megasas)
DRV - [2009/07/13 18:20:36 | 000,013,904 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\System32\drivers\hwpolicy.sys -- (hwpolicy)
DRV - [2009/07/13 18:20:28 | 000,453,712 | ---- | M] (Emulex) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\elxstor.sys -- (elxstor)
DRV - [2009/07/13 18:20:28 | 000,070,720 | ---- | M] (Adaptec, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\djsvs.sys -- (aic78xx)
DRV - [2009/07/13 18:20:28 | 000,067,152 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\HpSAMD.sys -- (HpSAMD)
DRV - [2009/07/13 18:20:28 | 000,046,160 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\System32\drivers\fsdepends.sys -- (FsDepends)
DRV - [2009/07/13 18:19:11 | 000,141,904 | ---- | M] (VIA Technologies Inc.,Ltd) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\vsmraid.sys -- (vsmraid)
DRV - [2009/07/13 18:19:10 | 000,175,824 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\vmbus.sys -- (vmbus)
DRV - [2009/07/13 18:19:10 | 000,159,824 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\vhdmp.sys -- (vhdmp)
DRV - [2009/07/13 18:19:10 | 000,040,896 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\system32\DRIVERS\vmstorfl.sys -- (storflt)
DRV - [2009/07/13 18:19:10 | 000,032,832 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\system32\DRIVERS\vdrvroot.sys -- (vdrvroot)
DRV - [2009/07/13 18:19:10 | 000,028,224 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\storvsc.sys -- (storvsc)
DRV - [2009/07/13 18:19:10 | 000,019,008 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\System32\drivers\wimmount.sys -- (WIMMount)
DRV - [2009/07/13 18:19:10 | 000,016,976 | ---- | M] (VIA Technologies, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\viaide.sys -- (viaide)
DRV - [2009/07/13 18:19:04 | 001,383,488 | ---- | M] (QLogic Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\ql2300.sys -- (ql2300)
DRV - [2009/07/13 18:19:04 | 000,173,648 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\System32\drivers\rdyboost.sys -- (rdyboost)
DRV - [2009/07/13 18:19:04 | 000,106,064 | ---- | M] (QLogic Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\ql40xx.sys -- (ql40xx)
DRV - [2009/07/13 18:19:04 | 000,077,888 | ---- | M] (Silicon Integrated Systems) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\sisraid4.sys -- (SiSRaid4)
DRV - [2009/07/13 18:19:04 | 000,043,088 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\System32\drivers\pcw.sys -- (pcw)
DRV - [2009/07/13 18:19:04 | 000,040,016 | ---- | M] (Silicon Integrated Systems Corp.) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\SiSRaid2.sys -- (SiSRaid2)
DRV - [2009/07/13 18:19:04 | 000,021,072 | ---- | M] (Promise Technology) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\stexstor.sys -- (stexstor)
DRV - [2009/07/13 18:17:54 | 000,369,568 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\System32\Drivers\cng.sys -- (CNG)
DRV - [2009/07/13 17:57:25 | 000,272,128 | ---- | M] (Brother Industries Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\Drivers\Brserid.sys -- (Brserid) Brother MFC Serial Port Interface Driver (WDM)
DRV - [2009/07/13 17:02:41 | 000,018,944 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\rdpbus.sys -- (rdpbus)
DRV - [2009/07/13 17:01:41 | 000,007,168 | ---- | M] (Microsoft Corporation) [Kernel | System | Running] -- C:\Windows\System32\drivers\RDPREFMP.sys -- (RDPREFMP)
DRV - [2009/07/13 16:55:00 | 000,049,152 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\agilevpn.sys -- (RasAgileVpn) WAN Miniport (IKEv2)
DRV - [2009/07/13 16:53:51 | 000,009,728 | ---- | M] (Microsoft Corporation) [Kernel | System | Running] -- C:\Windows\System32\drivers\wfplwf.sys -- (WfpLwf)
DRV - [2009/07/13 16:52:44 | 000,027,136 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\ndiscap.sys -- (NdisCap)
DRV - [2009/07/13 16:52:02 | 000,019,968 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\vwifibus.sys -- (vwifibus)
DRV - [2009/07/13 16:52:00 | 000,163,328 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\1394ohci.sys -- (1394ohci)
DRV - [2009/07/13 16:51:35 | 000,008,192 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\umpass.sys -- (UmPass)
DRV - [2009/07/13 16:51:23 | 000,080,640 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\USBAUDIO.sys -- (usbaudio) USB Audio Driver (WDM)
DRV - [2009/07/13 16:51:11 | 000,034,944 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\winusb.sys -- (WinUsb)
DRV - [2009/07/13 16:51:08 | 000,004,096 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\mshidkmdf.sys -- (mshidkmdf)
DRV - [2009/07/13 16:46:55 | 000,012,288 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\MTConfig.sys -- (MTConfig)
DRV - [2009/07/13 16:45:26 | 000,031,232 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\CompositeBus.sys -- (CompositeBus)
DRV - [2009/07/13 16:36:52 | 000,050,176 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\drivers\appid.sys -- (AppID)
DRV - [2009/07/13 16:33:50 | 000,026,624 | ---- | M] (Microsoft Corporation) [Kernel | Unknown | Stopped] -- C:\Windows\System32\drivers\scfilter.sys -- (scfilter)
DRV - [2009/07/13 16:28:47 | 000,005,632 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\vms3cap.sys -- (s3cap)
DRV - [2009/07/13 16:28:45 | 000,017,920 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\VMBusHID.sys -- (VMBusHID)
DRV - [2009/07/13 16:24:05 | 000,032,256 | ---- | M] (Microsoft Corporation) [Kernel | System | Running] -- C:\Windows\System32\drivers\discache.sys -- (discache)
DRV - [2009/07/13 16:19:21 | 000,021,504 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\HidBatt.sys -- (HidBatt)
DRV - [2009/07/13 16:16:36 | 000,009,728 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\acpipmi.sys -- (AcpiPmi)
DRV - [2009/07/13 16:11:04 | 000,052,736 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\amdppm.sys -- (AmdPPM)
DRV - [2009/07/13 15:54:14 | 000,026,624 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\drivers\hcw85cir.sys -- (hcw85cir)
DRV - [2009/07/13 15:53:33 | 000,012,160 | ---- | M] (Brother Industries Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\Drivers\BrUsbMdm.sys -- (BrUsbMdm)
DRV - [2009/07/13 15:53:33 | 000,011,904 | ---- | M] (Brother Industries Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\Drivers\BrUsbSer.sys -- (BrUsbSer)
DRV - [2009/07/13 15:53:32 | 000,062,336 | ---- | M] (Brother Industries Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\Drivers\BrSerWdm.sys -- (BrSerWdm)
DRV - [2009/07/13 15:53:28 | 000,013,568 | ---- | M] (Brother Industries, Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\BrFiltLo.sys -- (BrFiltLo)
DRV - [2009/07/13 15:53:28 | 000,005,248 | ---- | M] (Brother Industries, Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\BrFiltUp.sys -- (BrFiltUp)
DRV - [2009/07/13 15:02:52 | 000,347,264 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\nvm62x32.sys -- (NVENETFD)
DRV - [2009/07/13 15:02:49 | 000,229,888 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\b57nd60x.sys -- (b57nd60x)
DRV - [2009/07/13 15:02:48 | 003,100,160 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\evbdx.sys -- (ebdrv)
DRV - [2009/07/13 15:02:48 | 000,430,080 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\bxvbdx.sys -- (b06bdrv)
DRV - [2009/06/18 19:45:02 | 004,172,832 | ---- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\RTKVAC.SYS -- (ALCXWDM) Service for Realtek AC97 Audio (WDM)
DRV - [2009/02/24 18:42:14 | 000,116,736 | ---- | M] (MagicISO, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\mcdbus.sys -- (mcdbus)
DRV - [2007/05/09 21:51:34 | 000,041,888 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\LVUSBSta.sys -- (LVUSBSta)
DRV - [2007/05/09 21:47:00 | 001,276,832 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\LV302V32.SYS -- (PID_PEPI) Logitech QuickCam IM(PID_PEPI)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========



IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0



IE - HKU\S-1-5-21-3074497874-418840486-2860784660-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = en-us
IE - HKU\S-1-5-21-3074497874-418840486-2860784660-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 49 7C DB AC 08 44 CB 01 [binary data]
IE - HKU\S-1-5-21-3074497874-418840486-2860784660-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-21-3074497874-418840486-2860784660-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = <local>

========== FireFox ==========

FF - prefs.js..browser.startup.homepage: "http://www.wow.com/"
FF - prefs.js..extensions.enabledItems: {AB2CE124-6272-4b12-94A9-7303C7397BD1}:4.2.0.5198
FF - prefs.js..extensions.enabledItems: {3f963a5b-e555-4543-90e2-c3908898db71}:9.0.0.845
FF - prefs.js..extensions.enabledItems: tab@search.com:1.0
FF - prefs.js..keyword.URL: "http://www.google.com/search?ie=UTF-8&oe=UTF-8&sourceid=navclient&gfns=1&q="


FF - HKLM\software\mozilla\Firefox\Extensions\\{3f963a5b-e555-4543-90e2-c3908898db71}: C:\Program Files\AVG\AVG9\Firefox [2010/08/19 12:31:27 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.6.8\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2010/08/31 23:24:50 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.6.8\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2010/09/16 16:45:57 | 000,000,000 | ---D | M]

[2010/02/17 19:14:03 | 000,000,000 | ---D | M] -- C:\Users\User\AppData\Roaming\mozilla\Extensions
[2010/08/31 16:42:00 | 000,000,000 | ---D | M] -- C:\Users\User\AppData\Roaming\mozilla\Firefox\Profiles\46oz1h7i.default\extensions
[2010/08/25 16:18:35 | 000,000,000 | ---D | M] -- C:\Users\User\AppData\Roaming\mozilla\Firefox\Profiles\46oz1h7i.default\extensions\tab@search.com
[2010/09/16 16:49:50 | 000,000,000 | ---D | M] -- C:\Program Files\Mozilla Firefox\extensions
[2010/04/12 15:49:00 | 000,000,000 | ---D | M] (Skype extension for Firefox) -- C:\Program Files\Mozilla Firefox\extensions\{AB2CE124-6272-4b12-94A9-7303C7397BD1}
[2010/09/16 16:46:02 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}
[2010/09/16 16:45:46 | 000,423,656 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\Mozilla Firefox\plugins\npdeployJava1.dll
[2010/01/13 15:46:00 | 000,063,488 | ---- | M] (Nullsoft, Inc.) -- C:\Program Files\Mozilla Firefox\plugins\npwachk.dll

O1 HOSTS File: ([2010/09/15 16:09:26 | 000,000,027 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O2 - BHO: (AVG Safe Search) - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG9\avgssie.dll (AVG Technologies CZ, s.r.o.)
O2 - BHO: (Groove GFS Browser Helper) - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll (Microsoft Corporation)
O2 - BHO: (Adobe PDF Conversion Toolbar Helper) - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O2 - BHO: (SmartSelect Class) - {F4971EE7-DAA0-4053-9964-665D8EE6A077} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O3 - HKLM\..\Toolbar: (Adobe PDF) - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O3 - HKLM\..\Toolbar: (NaturalReader.IEbar) - {BCBF738C-4891-4B9A-959A-C6BF7F608C3A} - C:\Program Files\NaturalSoft\naturalreader7\NVRIEbar.dll (www.naturalreaders.com)
O3 - HKU\S-1-5-21-3074497874-418840486-2860784660-1000\..\Toolbar\WebBrowser: (Adobe PDF) - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O4 - HKLM..\Run: [Acrobat Assistant 8.0] C:\Program Files\Adobe\Acrobat 9.0\Acrobat\Acrotray.exe (Adobe Systems Inc.)
O4 - HKLM..\Run: [AVG9_TRAY] C:\Program Files\AVG\AVG9\avgtray.exe (AVG Technologies CZ, s.r.o.)
O4 - HKLM..\Run: [googletalk] C:\Program Files\Google\Google Talk\googletalk.exe (Google)
O4 - HKLM..\Run: [Malwarebytes' Anti-Malware] C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe (Malwarebytes Corporation)
O4 - HKLM..\Run: [OODefragTray] C:\Program Files\OO Software\Defrag\oodtray.exe (O&O Software GmbH)
O4 - HKLM..\Run: [SoundMan] C:\Windows\SOUNDMAN.EXE (Realtek Semiconductor Corp.)
O4 - HKLM..\Run: [UpdatePDRShortCut] C:\Program Files\CyberLink\PowerDirector\MUITransfer\MUIStartMenu.exe (CyberLink Corp.)
O4 - HKU\S-1-5-21-3074497874-418840486-2860784660-1000..\Run: [Pando Media Booster] C:\Program Files\Pando Networks\Media Booster\PMB.exe ()
O4 - HKU\S-1-5-21-3074497874-418840486-2860784660-1000..\Run: [PeerBlock] C:\Program Files\PeerBlock\peerblock.exe (PeerBlock, LLC)
O4 - Startup: C:\Users\User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\CurseClientStartup.ccip ()
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLUA = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: PromptOnSecureDesktop = 0
O7 - HKU\.DEFAULT\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-18\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-19\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-20\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-21-3074497874-418840486-2860784660-1000\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-21-3074497874-418840486-2860784660-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-21-3074497874-418840486-2860784660-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O8 - Extra context menu item: Append Link Target to Existing PDF - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Append to Existing PDF - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Convert Link Target to Adobe PDF - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Convert to Adobe PDF - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: E&xport to Microsoft Excel - C:\Program Files\Microsoft Office\Office12\EXCEL.EXE (Microsoft Corporation)
O9 - Extra Button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office\Office12\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office\Office12\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra Button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\Program Files\Microsoft Office\Office12\REFIEBAR.DLL (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000007 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O16 - DPF: {0067DBFC-A752-458C-AE6E-B9C7E63D4824} http://www.logitech.com/devicedetector/plu...Detection32.cab (Device Detection)
O16 - DPF: {83A4D5A6-E2C1-4EDD-AD48-1A1C50BD06EF} http://www.bearbook.com/WebResource.axd?d=...187939332716250 (Image Uploader Control)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Java Plug-in 1.6.0_21)
O16 - DPF: {CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Java Plug-in 1.6.0_21)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Java Plug-in 1.6.0_21)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 68.105.28.12 68.105.29.12 68.105.28.11
O18 - Protocol\Handler\grooveLocalGWS {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files\Microsoft Office\Office12\GrooveSystemServices.dll (Microsoft Corporation)
O18 - Protocol\Handler\linkscanner {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG9\avgpp.dll (AVG Technologies CZ, s.r.o.)
O18 - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - C:\Program Files\Common Files\microsoft shared\Help\hxds.dll (Microsoft Corporation)
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O18 - Protocol\Filter\text/xml {807563E5-5146-11D5-A672-00B0D022E945} - C:\Program Files\Common Files\microsoft shared\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation)
O20 - AppInit_DLLs: (C:\Windows\System32\acaptuser32.dll) - C:\Windows\System32\acaptuser32.dll (Adobe Systems Incorporated)
O20 - AppInit_DLLs: (C:\Windows\System32\avgrsstx.dll) - C:\Windows\System32\avgrsstx.dll (AVG Technologies CZ, s.r.o.)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\System32\SystemPropertiesPerformance.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (/pagefile) - File not found
O28 - HKLM ShellExecuteHooks: {AEB6717E-7E19-11d0-97EE-00C04FD91972} - Reg Error: Key error. File not found
O28 - HKLM ShellExecuteHooks: {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll (Microsoft Corporation)
O30 - LSA: Security Packages - (pku2u) - C:\Windows\System32\pku2u.dll (Microsoft Corporation)
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2009/06/10 14:42:20 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O34 - HKLM BootExecute: (OODBS) - C:\Windows\System32\OODBS.exe (O&O Software GmbH)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = ComFile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

========== Files/Folders - Created Within 30 Days ==========

[2010/09/16 16:47:28 | 000,000,000 | ---D | C] -- C:\_OTL
[2010/09/16 16:46:19 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Java
[2010/09/16 16:45:57 | 000,423,656 | ---- | C] (Sun Microsystems, Inc.) -- C:\Windows\System32\deployJava1.dll
[2010/09/16 16:45:57 | 000,153,376 | ---- | C] (Sun Microsystems, Inc.) -- C:\Windows\System32\javaws.exe
[2010/09/16 16:45:57 | 000,145,184 | ---- | C] (Sun Microsystems, Inc.) -- C:\Windows\System32\javaw.exe
[2010/09/16 16:45:57 | 000,145,184 | ---- | C] (Sun Microsystems, Inc.) -- C:\Windows\System32\java.exe
[2010/09/16 16:45:44 | 000,000,000 | ---D | C] -- C:\Program Files\Java
[2010/09/15 16:13:05 | 000,000,000 | -HSD | C] -- C:\$RECYCLE.BIN
[2010/09/15 16:07:56 | 000,000,000 | ---D | C] -- C:\Windows\temp
[2010/09/15 16:07:56 | 000,000,000 | ---D | C] -- C:\Users\User\AppData\Local\temp
[2010/09/15 15:58:56 | 000,212,480 | ---- | C] (SteelWerX) -- C:\Windows\SWXCACLS.exe
[2010/09/14 16:21:30 | 000,161,792 | ---- | C] (SteelWerX) -- C:\Windows\SWREG.exe
[2010/09/14 16:21:30 | 000,136,704 | ---- | C] (SteelWerX) -- C:\Windows\SWSC.exe
[2010/09/14 16:21:30 | 000,031,232 | ---- | C] (NirSoft) -- C:\Windows\NIRCMD.exe
[2010/09/14 16:21:16 | 000,000,000 | ---D | C] -- C:\Windows\ERDNT
[2010/09/14 16:20:44 | 000,000,000 | ---D | C] -- C:\Qoobox
[2010/09/13 22:04:51 | 000,000,000 | ---D | C] -- C:\World of Warcraft Beta
[2010/09/13 21:47:24 | 000,000,000 | ---D | C] -- C:\Users\User\Cataclysm-Beta-Installer-4.0.0.12635-enUS
[2010/09/13 17:19:49 | 000,576,000 | ---- | C] (OldTimer Tools) -- C:\Users\User\Desktop\OTL.exe
[2010/09/10 22:51:22 | 000,000,000 | ---D | C] -- C:\ProgramData\Creative Labs
[2010/09/10 22:51:02 | 000,000,000 | ---D | C] -- C:\Users\User\Documents\The Lord of the Rings Online
[2010/09/10 22:51:02 | 000,000,000 | ---D | C] -- C:\Users\User\AppData\Local\The Lord of the Rings Online
[2010/09/10 22:40:42 | 000,000,000 | ---D | C] -- C:\Users\User\AppData\Local\Turbine
[2010/09/10 22:38:52 | 003,495,784 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\d3dx9_33.dll
[2010/09/10 22:38:03 | 000,000,000 | ---D | C] -- C:\Users\User\AppData\Local\ApplicationHistory
[2010/09/10 21:58:10 | 000,000,000 | ---D | C] -- C:\Program Files\Turbine
[2010/09/10 12:47:47 | 000,000,000 | ---D | C] -- C:\LOTRO High Res Installer Files
[2010/09/10 12:46:46 | 000,000,000 | ---D | C] -- C:\Users\User\AppData\Local\PMB Files
[2010/09/10 12:46:42 | 000,000,000 | ---D | C] -- C:\ProgramData\PMB Files
[2010/09/10 12:46:18 | 000,000,000 | ---D | C] -- C:\Program Files\Pando Networks
[2010/09/07 21:15:20 | 000,000,000 | ---D | C] -- C:\Program Files\Sophos
[2010/08/25 16:18:52 | 000,000,000 | ---D | C] -- C:\$AVG
[2010/08/25 16:18:32 | 000,000,000 | ---D | C] -- C:\ProgramData\Update
[2010/08/21 14:51:57 | 000,000,000 | ---D | C] -- C:\Users\User\AppData\Roaming\Malwarebytes
[2010/08/21 14:51:50 | 000,038,224 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbamswissarmy.sys
[2010/08/21 14:51:49 | 000,020,952 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbam.sys
[2010/08/21 14:51:49 | 000,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware
[2010/08/21 14:51:49 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes
[2010/08/21 10:39:05 | 000,000,000 | ---D | C] -- C:\Users\User\AppData\Roaming\vlc
[2010/08/19 12:31:38 | 000,012,536 | ---- | C] (AVG Technologies CZ, s.r.o.) -- C:\Windows\System32\avgrsstx.dll
[2010/08/19 12:31:36 | 000,243,024 | ---- | C] (AVG Technologies CZ, s.r.o.) -- C:\Windows\System32\drivers\avgtdix.sys
[2010/08/19 12:31:34 | 000,216,400 | ---- | C] (AVG Technologies CZ, s.r.o.) -- C:\Windows\System32\drivers\avgldx86.sys
[2010/08/19 12:31:29 | 000,029,584 | ---- | C] (AVG Technologies CZ, s.r.o.) -- C:\Windows\System32\drivers\avgmfx86.sys
[2010/08/19 12:31:28 | 000,000,000 | ---D | C] -- C:\Windows\System32\drivers\Avg
[2010/08/19 12:29:38 | 000,000,000 | ---D | C] -- C:\Windows\Minidump
[2010/08/19 12:02:13 | 000,000,000 | ---D | C] -- C:\Program Files\AVG
[2010/08/19 12:02:12 | 000,000,000 | ---D | C] -- C:\ProgramData\avg9

========== Files - Modified Within 30 Days ==========

[2010/09/16 16:49:59 | 000,000,878 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2010/09/16 16:49:57 | 000,000,006 | -H-- | M] () -- C:\Windows\tasks\SA.DAT
[2010/09/16 16:49:53 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2010/09/16 16:49:51 | 2414,772,224 | -HS- | M] () -- C:\hiberfil.sys
[2010/09/16 16:49:50 | 000,056,781 | ---- | M] () -- C:\Windows\System32\oodbs.lor
[2010/09/16 16:48:19 | 004,194,304 | -HS- | M] () -- C:\Users\User\ntuser.dat
[2010/09/16 16:46:02 | 000,000,882 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2010/09/16 16:45:46 | 000,423,656 | ---- | M] (Sun Microsystems, Inc.) -- C:\Windows\System32\deployJava1.dll
[2010/09/16 16:45:46 | 000,153,376 | ---- | M] (Sun Microsystems, Inc.) -- C:\Windows\System32\javaws.exe
[2010/09/16 16:45:46 | 000,145,184 | ---- | M] (Sun Microsystems, Inc.) -- C:\Windows\System32\javaw.exe
[2010/09/16 16:45:46 | 000,145,184 | ---- | M] (Sun Microsystems, Inc.) -- C:\Windows\System32\java.exe
[2010/09/16 16:43:01 | 000,000,904 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-3074497874-418840486-2860784660-1000UA.job
[2010/09/16 13:57:53 | 000,000,703 | ---- | M] () -- C:\Users\Public\Desktop\World of Warcraft.lnk
[2010/09/16 11:29:31 | 000,731,366 | ---- | M] () -- C:\Windows\System32\PerfStringBackup.INI
[2010/09/16 11:29:31 | 000,626,794 | ---- | M] () -- C:\Windows\System32\perfh009.dat
[2010/09/16 11:29:31 | 000,108,366 | ---- | M] () -- C:\Windows\System32\perfc009.dat
[2010/09/16 10:29:38 | 064,691,171 | ---- | M] () -- C:\Windows\System32\drivers\Avg\incavi.avm
[2010/09/15 22:43:02 | 000,000,852 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-3074497874-418840486-2860784660-1000Core.job
[2010/09/15 21:24:01 | 000,061,122 | ---- | M] () -- C:\Users\User\Desktop\Jim and Nerys.jpg
[2010/09/15 16:09:39 | 000,000,215 | ---- | M] () -- C:\Windows\system.ini
[2010/09/15 16:09:26 | 000,000,027 | ---- | M] () -- C:\Windows\System32\drivers\etc\hosts
[2010/09/15 08:59:58 | 009,817,344 | ---- | M] () -- C:\Users\User\Desktop\On the Rocks - Lady Gaga - Bad Romance.mp3
[2010/09/15 08:46:20 | 074,806,596 | ---- | M] () -- C:\Users\User\Desktop\On the Rocks - Lady Gaga - Bad Romance.mp4
[2010/09/14 21:21:20 | 000,002,391 | ---- | M] () -- C:\Users\User\Desktop\Google Chrome.lnk
[2010/09/14 16:18:18 | 003,845,016 | R--- | M] () -- C:\Users\User\Desktop\etavaresCF.exe
[2010/09/14 15:26:34 | 000,133,632 | ---- | M] () -- C:\Users\User\Desktop\RKUnhookerLE.EXE
[2010/09/14 15:24:39 | 000,080,384 | ---- | M] () -- C:\Users\User\Desktop\MBRCheck.exe
[2010/09/14 15:14:54 | 000,026,630 | ---- | M] () -- C:\Users\User\Desktop\Writing Templates.xlsm
[2010/09/14 12:34:19 | 000,008,192 | ---- | M] () -- C:\Users\User\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2010/09/13 23:10:43 | 000,524,288 | -HS- | M] () -- C:\Users\User\ntuser.dat{336f0340-bc53-11df-b221-00e04ce9d553}.TMContainer00000000000000000002.regtrans-ms
[2010/09/13 23:10:43 | 000,524,288 | -HS- | M] () -- C:\Users\User\ntuser.dat{336f0340-bc53-11df-b221-00e04ce9d553}.TMContainer00000000000000000001.regtrans-ms
[2010/09/13 23:10:43 | 000,065,536 | -HS- | M] () -- C:\Users\User\ntuser.dat{336f0340-bc53-11df-b221-00e04ce9d553}.TM.blf
[2010/09/13 23:10:29 | 002,577,174 | -H-- | M] () -- C:\Users\User\AppData\Local\IconCache.db
[2010/09/13 23:03:01 | 000,000,792 | ---- | M] () -- C:\Users\Public\Desktop\World of Warcraft Beta.lnk
[2010/09/13 17:19:50 | 000,576,000 | ---- | M] (OldTimer Tools) -- C:\Users\User\Desktop\OTL.exe
[2010/09/12 11:08:31 | 000,010,728 | ---- | M] () -- C:\Users\User\Desktop\The Great Waist Debate.docx
[2010/09/10 22:40:44 | 000,000,092 | ---- | M] () -- C:\Users\User\AppData\Local\fusioncache.dat
[2010/09/10 22:36:16 | 000,002,171 | ---- | M] () -- C:\Users\User\Desktop\The Lord of the Rings Online.lnk
[2010/09/08 11:34:55 | 000,189,589 | ---- | M] () -- C:\Users\User\Desktop\brads udid.jpg
[2010/09/07 23:53:04 | 000,525,824 | ---- | M] () -- C:\Users\User\Desktop\dds.scr
[2010/09/07 23:52:48 | 000,000,000 | ---- | M] () -- C:\Users\User\defogger_reenable
[2010/09/07 11:39:06 | 000,001,875 | ---- | M] () -- C:\Users\User\Desktop\AIM.lnk
[2010/09/06 23:22:16 | 000,012,672 | ---- | M] () -- C:\Users\User\Desktop\OKrrrrr.mp3
[2010/09/06 21:15:37 | 004,237,824 | ---- | M] () -- C:\Users\User\Desktop\beweave.mp3
[2010/09/06 21:14:57 | 008,624,641 | ---- | M] () -- C:\Users\User\Desktop\beweave.mp4
[2010/09/05 02:28:20 | 006,190,139 | ---- | M] () -- C:\Users\User\Desktop\39878_bleeping_2.wmv
[2010/08/27 18:23:05 | 000,014,533 | ---- | M] () -- C:\Users\User\Desktop\Novel Planning.docx
[2010/08/27 00:19:25 | 000,001,080 | ---- | M] () -- C:\Users\Public\Desktop\YouTube Downloader.lnk
[2010/08/25 23:39:01 | 000,000,979 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes' Anti-Malware.lnk
[2010/08/25 16:22:04 | 000,004,156 | ---- | M] () -- C:\Users\User\Desktop\concerning hobbits.aup
[2010/08/25 14:10:49 | 003,600,008 | ---- | M] () -- C:\Users\User\Desktop\Jack Johnson and Dave Matthews - A Pirate Looks at 40.mp3
[2010/08/25 12:50:14 | 000,014,416 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2010/08/25 12:50:14 | 000,014,416 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2010/08/24 23:06:43 | 000,071,452 | ---- | M] () -- C:\Users\User\Desktop\tpirwheel2.wav
[2010/08/24 23:02:51 | 000,786,496 | ---- | M] () -- C:\Users\User\Desktop\tpirhorns.wav
[2010/08/24 22:59:54 | 000,168,230 | ---- | M] () -- C:\Users\User\Desktop\tpiryodel.wav
[2010/08/21 20:57:02 | 000,000,362 | RHS- | M] () -- C:\ProgramData\ntuser.pol
[2010/08/21 11:30:01 | 000,030,186 | ---- | M] () -- C:\Users\User\Documents\cc_20100821_112944.reg
[2010/08/21 10:38:23 | 000,001,024 | ---- | M] () -- C:\Users\Public\Desktop\VLC media player.lnk
[2010/08/19 14:12:52 | 000,524,288 | -HS- | M] () -- C:\Users\User\ntuser.dat{08a2b40c-abc8-11df-91cf-c55eaca8e1e0}.TMContainer00000000000000000002.regtrans-ms
[2010/08/19 14:12:52 | 000,524,288 | -HS- | M] () -- C:\Users\User\ntuser.dat{08a2b40c-abc8-11df-91cf-c55eaca8e1e0}.TMContainer00000000000000000001.regtrans-ms
[2010/08/19 14:12:52 | 000,065,536 | -HS- | M] () -- C:\Users\User\ntuser.dat{08a2b40c-abc8-11df-91cf-c55eaca8e1e0}.TM.blf
[2010/08/19 12:31:38 | 000,012,536 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Windows\System32\avgrsstx.dll
[2010/08/19 12:31:38 | 000,001,812 | ---- | M] () -- C:\Users\Public\Desktop\AVG Free 9.0.lnk
[2010/08/19 12:31:36 | 000,243,024 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Windows\System32\drivers\avgtdix.sys
[2010/08/19 12:31:34 | 000,216,400 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Windows\System32\drivers\avgldx86.sys
[2010/08/19 12:31:29 | 000,113,461 | ---- | M] () -- C:\Windows\System32\drivers\Avg\iavichjw.avm
[2010/08/19 12:31:29 | 000,029,584 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Windows\System32\drivers\avgmfx86.sys

========== Files Created - No Company Name ==========

[2010/09/15 21:24:01 | 000,061,122 | ---- | C] () -- C:\Users\User\Desktop\Jim and Nerys.jpg
[2010/09/15 08:59:30 | 009,817,344 | ---- | C] () -- C:\Users\User\Desktop\On the Rocks - Lady Gaga - Bad Romance.mp3
[2010/09/15 08:46:20 | 074,806,596 | ---- | C] () -- C:\Users\User\Desktop\On the Rocks - Lady Gaga - Bad Romance.mp4
[2010/09/14 16:21:30 | 000,256,512 | ---- | C] () -- C:\Windows\PEV.exe
[2010/09/14 16:21:30 | 000,098,816 | ---- | C] () -- C:\Windows\sed.exe
[2010/09/14 16:21:30 | 000,080,412 | ---- | C] () -- C:\Windows\grep.exe
[2010/09/14 16:21:30 | 000,077,312 | ---- | C] () -- C:\Windows\MBR.exe
[2010/09/14 16:21:30 | 000,068,096 | ---- | C] () -- C:\Windows\zip.exe
[2010/09/14 16:18:14 | 003,845,016 | R--- | C] () -- C:\Users\User\Desktop\etavaresCF.exe
[2010/09/14 15:26:33 | 000,133,632 | ---- | C] () -- C:\Users\User\Desktop\RKUnhookerLE.EXE
[2010/09/14 15:24:39 | 000,080,384 | ---- | C] () -- C:\Users\User\Desktop\MBRCheck.exe
[2010/09/13 22:04:51 | 000,000,792 | ---- | C] () -- C:\Users\Public\Desktop\World of Warcraft Beta.lnk
[2010/09/12 11:08:30 | 000,010,728 | ---- | C] () -- C:\Users\User\Desktop\The Great Waist Debate.docx
[2010/09/10 22:40:44 | 000,000,092 | ---- | C] () -- C:\Users\User\AppData\Local\fusioncache.dat
[2010/09/10 22:36:16 | 000,002,171 | ---- | C] () -- C:\Users\User\Desktop\The Lord of the Rings Online.lnk
[2010/09/09 13:46:28 | 000,524,288 | -HS- | C] () -- C:\Users\User\ntuser.dat{336f0340-bc53-11df-b221-00e04ce9d553}.TMContainer00000000000000000002.regtrans-ms
[2010/09/09 13:46:28 | 000,524,288 | -HS- | C] () -- C:\Users\User\ntuser.dat{336f0340-bc53-11df-b221-00e04ce9d553}.TMContainer00000000000000000001.regtrans-ms
[2010/09/09 13:46:28 | 000,065,536 | -HS- | C] () -- C:\Users\User\ntuser.dat{336f0340-bc53-11df-b221-00e04ce9d553}.TM.blf
[2010/09/09 09:11:33 | 006,190,139 | ---- | C] () -- C:\Users\User\Desktop\39878_bleeping_2.wmv
[2010/09/08 11:34:55 | 000,189,589 | ---- | C] () -- C:\Users\User\Desktop\brads udid.jpg
[2010/09/07 23:53:47 | 000,525,824 | ---- | C] () -- C:\Users\User\Desktop\dds.scr
[2010/09/07 23:52:48 | 000,000,000 | ---- | C] () -- C:\Users\User\defogger_reenable
[2010/09/07 11:39:06 | 000,001,875 | ---- | C] () -- C:\Users\User\Desktop\AIM.lnk
[2010/09/06 21:21:49 | 000,012,672 | ---- | C] () -- C:\Users\User\Desktop\OKrrrrr.mp3
[2010/09/06 21:15:23 | 004,237,824 | ---- | C] () -- C:\Users\User\Desktop\beweave.mp3
[2010/09/06 21:14:57 | 008,624,641 | ---- | C] () -- C:\Users\User\Desktop\beweave.mp4
[2010/08/30 11:53:09 | 002,896,690 | ---- | C] () -- C:\Users\User\Desktop\68508_me_playing - Copy.mp4
[2010/08/27 16:44:22 | 000,014,533 | ---- | C] () -- C:\Users\User\Desktop\Novel Planning.docx
[2010/08/27 00:19:25 | 000,001,080 | ---- | C] () -- C:\Users\Public\Desktop\YouTube Downloader.lnk
[2010/08/25 16:22:04 | 000,004,156 | ---- | C] () -- C:\Users\User\Desktop\concerning hobbits.aup
[2010/08/25 14:10:21 | 003,600,008 | ---- | C] () -- C:\Users\User\Desktop\Jack Johnson and Dave Matthews - A Pirate Looks at 40.mp3
[2010/08/24 23:06:43 | 000,071,452 | ---- | C] () -- C:\Users\User\Desktop\tpirwheel2.wav
[2010/08/24 23:02:50 | 000,786,496 | ---- | C] () -- C:\Users\User\Desktop\tpirhorns.wav
[2010/08/24 22:59:54 | 000,168,230 | ---- | C] () -- C:\Users\User\Desktop\tpiryodel.wav
[2010/08/21 14:51:52 | 000,000,979 | ---- | C] () -- C:\Users\Public\Desktop\Malwarebytes' Anti-Malware.lnk
[2010/08/21 11:29:48 | 000,030,186 | ---- | C] () -- C:\Users\User\Documents\cc_20100821_112944.reg
[2010/08/21 10:38:23 | 000,001,024 | ---- | C] () -- C:\Users\Public\Desktop\VLC media player.lnk
[2010/08/19 12:31:38 | 000,001,812 | ---- | C] () -- C:\Users\Public\Desktop\AVG Free 9.0.lnk
[2010/08/19 12:31:29 | 000,113,461 | ---- | C] () -- C:\Windows\System32\drivers\Avg\iavichjw.avm
[2010/08/19 12:31:28 | 064,691,171 | ---- | C] () -- C:\Windows\System32\drivers\Avg\incavi.avm
[2010/08/19 12:29:49 | 000,524,288 | -HS- | C] () -- C:\Users\User\ntuser.dat{08a2b40c-abc8-11df-91cf-c55eaca8e1e0}.TMContainer00000000000000000002.regtrans-ms
[2010/08/19 12:29:49 | 000,524,288 | -HS- | C] () -- C:\Users\User\ntuser.dat{08a2b40c-abc8-11df-91cf-c55eaca8e1e0}.TMContainer00000000000000000001.regtrans-ms
[2010/08/19 12:29:49 | 000,065,536 | -HS- | C] () -- C:\Users\User\ntuser.dat{08a2b40c-abc8-11df-91cf-c55eaca8e1e0}.TM.blf
[2010/08/18 14:35:56 | 719,446,016 | ---- | C] () -- C:\Users\User\Desktop\Walt Disney - The Last Unicorn.avi
[2010/08/17 23:04:29 | 000,026,630 | ---- | C] () -- C:\Users\User\Desktop\Writing Templates.xlsm
[2010/06/08 23:50:28 | 000,000,362 | RHS- | C] () -- C:\ProgramData\ntuser.pol
[2010/04/12 15:31:58 | 000,030,688 | ---- | C] () -- C:\Windows\System32\xfiWR.ini
[2010/04/12 15:31:57 | 000,001,801 | ---- | C] () -- C:\Windows\WRcfg.ini
[2010/04/12 15:31:57 | 000,000,388 | ---- | C] () -- C:\Windows\WRMCcfg.ini
[2010/04/12 15:31:53 | 000,176,128 | ---- | C] () -- C:\Windows\System32\APOMngr.DLL
[2010/04/12 15:31:53 | 000,073,728 | ---- | C] () -- C:\Windows\System32\CmdRtr.DLL
[2010/03/01 11:36:47 | 000,000,600 | ---- | C] () -- C:\Users\User\AppData\Roaming\winscp.rnd
[2010/02/28 19:33:46 | 000,008,192 | ---- | C] () -- C:\Users\User\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2010/02/19 11:19:34 | 000,000,262 | ---- | C] () -- C:\Windows\{789289CA-F73A-4A16-A331-54D498CE069F}_WiseFW.ini
[2010/02/17 20:11:39 | 000,691,592 | ---- | C] () -- C:\Windows\System32\OGACheckControl.DLL
[2009/10/07 01:46:36 | 000,025,752 | ---- | C] () -- C:\Windows\System32\drivers\LVPr2Mon.sys
[2009/10/07 01:23:08 | 000,013,584 | ---- | C] () -- C:\Windows\System32\drivers\iKeyLFT2.dll
[2009/07/13 16:51:43 | 000,073,728 | ---- | C] () -- C:\Windows\System32\BthpanContextHandler.dll
[2009/07/13 16:42:10 | 000,064,000 | ---- | C] () -- C:\Windows\System32\BWContextHandler.dll
[2009/04/14 07:43:32 | 000,154,144 | ---- | C] () -- C:\Windows\System32\RTLCPAPI.dll
[2007/05/09 20:35:54 | 000,057,126 | ---- | C] () -- C:\Windows\System32\lvcoinst.ini
[2004/02/28 05:30:12 | 000,049,152 | ---- | C] () -- C:\Windows\System32\TrustSupport.dll
[2000/10/25 17:15:00 | 000,017,920 | ---- | C] () -- C:\Windows\System32\Implode.dll
< End of report >

------------------------------------------

ESET Log:

C:\Brad\Matrix of Knowledge\Music\Shrek - soundtrack\02. Smash Mouth - I'm A Believer.mp3 a variant of WMA/TrojanDownloader.GetCodec.gen trojan cleaned - quarantined
C:\Brad\Matrix of Knowledge\Music\Shrek - soundtrack\05. Baha Men - Best Years Of Our Lives.mp3 a variant of WMA/TrojanDownloader.GetCodec.gen trojan cleaned - quarantined
C:\Windows\System32\hlp.dat Win32/Bamital.DZ trojan cleaned by deleting - quarantined


#13 etavares

etavares

    Bleepin' Remover


  • Malware Response Team
  • 15,514 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:08:22 PM

Posted 18 September 2010 - 06:29 AM

Hello, hobyman.

OK, let's see if there's another copy and remove the directory.



Step 1

Download SystemLook from one of the links below and save it to your Desktop.
Download Mirror #1
Download Mirror #2
  • Double-click SystemLook.exe to run it.
  • A blank Windows shall open with the title "SystemLook v1.0-by Jpshortstuff".
  • Copy and Paste the content of the following codebox into the main textfield under "File":
    CODE
    :filefind
    seupd.exe
  • Please Confirm everything is copied and Pasted as I have provided above
  • Click the Look button to start the scan.
  • When finished, a notepad window will open with the results of the scan.
  • Please post this log in your next reply.


Note: The log can also be found on your Desktop entitled SystemLook.txt
2nd Note: The scan may take a while from several seconds to a minute or more depending on the number of files you have and how fast your computer can perform the task




Step 2

We need run an OTL Script
  1. Please download OTL from one of the following mirrors if you do not still have it.
  2. Save it to your desktop.
  3. Double click on the icon on your desktop.
  4. Paste the following code under the Custom Scans/Fixes box at the bottom. Do not include the word "Code".
    CODE
    :files
    C:\ProgramData\Update\
  5. Click the Run Fix button at the top.
  6. let the program run unhindered and reboot when it is done.
  7. You will get a log when it is done, please post that in your reply.
  8. Please then create a new OTL report....
  9. Click the "Scan All Users" checkbox.
  10. Push the button.
  11. A report will open, copy and paste it in a reply here.



Step 3

I'd like us to scan your machine with ESET OnlineScan
  1. Hold down Control and click on the following link to open ESET OnlineScan in a new window.
    ESET OnlineScan
  2. Click the button.
  3. For alternate browsers only: (Microsoft Internet Explorer users can skip these steps)
    1. Click on to download the ESET Smart Installer. Save it to your desktop.
    2. Double click on the icon on your desktop.
  4. Check
  5. Click the button.
  6. Accept any security warnings from your browser.
  7. Check
  8. Push the Start button.
  9. ESET will then download updates for itself, install itself, and begin scanning your computer. Please be patient as this can take some time.
  10. When the scan completes, push
  11. Push , and save the file to your desktop using a unique name, such as ESETScan. Include the contents of this report in your next reply.
  12. Push the button.
  13. Push

etavares


If I don't respond within 2 days, please feel free to PM me.
Please don't ask for help via PM. The forums are there for a reason. Please post in the forums so others may benefit as well.

Posted Image
Unified Network of Instructors and Trusted Eliminators
 


#14 hobyman

hobyman
  • Topic Starter

  • Members
  • 13 posts
  • OFFLINE
  •  
  • Local time:05:22 PM

Posted 18 September 2010 - 03:19 PM

Hello there. Here are the logs. The online scanner did not find any threats, FYI.

SystemLook 04.09.10 by jpshortstuff
Log created at 11:16 on 18/09/2010 by User
Administrator - Elevation successful

========== filefind ==========

Searching for "seupd.exe"
No files found.

-= EOF =-

------------------------

========== FILES ==========
C:\ProgramData\Update folder moved successfully.

OTL by OldTimer - Version 3.2.12.0 log created on 09182010_111845

--------------------------------

OTL logfile created on: 9/18/2010 11:22:51 AM - Run 3
OTL by OldTimer - Version 3.2.12.0 Folder = C:\Users\User\Desktop
Ultimate Edition (Version = 6.1.7600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.7600.16385)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

3.00 Gb Total Physical Memory | 2.00 Gb Available Physical Memory | 68.00% Memory free
6.00 Gb Paging File | 5.00 Gb Available in Paging File | 82.00% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 232.79 Gb Total Space | 24.46 Gb Free Space | 10.51% Space Free | Partition Type: NTFS
D: Drive not present or media not loaded
E: Drive not present or media not loaded
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded

Computer Name: USER-PC
Current User Name: User
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: All users
Company Name Whitelist: Off
Skip Microsoft Files: Off
File Age = 30 Days
Output = Standard

========== Processes (SafeList) ==========

PRC - [2010/09/16 16:01:42 | 000,975,928 | ---- | M] (Google Inc.) -- C:\Users\User\AppData\Local\Google\Chrome\Application\chrome.exe
PRC - [2010/09/13 17:19:50 | 000,576,000 | ---- | M] (OldTimer Tools) -- C:\Users\User\Desktop\OTL.exe
PRC - [2010/09/10 12:46:21 | 002,969,496 | ---- | M] () -- C:\Program Files\Pando Networks\Media Booster\PMB.exe
PRC - [2010/08/19 12:31:28 | 001,101,152 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG9\avgchsvx.exe
PRC - [2010/08/19 12:31:28 | 000,723,296 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG9\avgcsrvx.exe
PRC - [2010/08/19 12:31:28 | 000,620,896 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG9\avgnsx.exe
PRC - [2010/08/19 12:31:28 | 000,515,424 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG9\avgrsx.exe
PRC - [2010/08/19 12:31:27 | 002,065,760 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG9\avgtray.exe
PRC - [2010/08/19 12:31:27 | 000,308,136 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG9\avgwdsvc.exe
PRC - [2010/04/29 15:39:32 | 000,437,584 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe
PRC - [2010/04/03 16:44:26 | 000,640,440 | ---- | M] (Adobe Systems Inc.) -- C:\Program Files\Adobe\Acrobat 9.0\Acrobat\acrotray.exe
PRC - [2009/10/30 22:45:39 | 002,614,272 | ---- | M] (Microsoft Corporation) -- C:\Windows\explorer.exe
PRC - [2009/10/07 01:47:34 | 000,154,136 | ---- | M] (Logitech Inc.) -- C:\Program Files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe
PRC - [2009/09/28 02:02:42 | 001,529,432 | ---- | M] (PeerBlock, LLC) -- C:\Program Files\PeerBlock\peerblock.exe
PRC - [2009/09/12 00:34:12 | 001,488,128 | ---- | M] (O&O Software GmbH) -- C:\Program Files\OO Software\Defrag\oodag.exe
PRC - [2009/09/12 00:34:00 | 002,524,416 | ---- | M] (O&O Software GmbH) -- C:\Program Files\OO Software\Defrag\oodtray.exe
PRC - [2009/08/28 19:45:56 | 000,286,720 | ---- | M] (Creative Technology Ltd) -- C:\Program Files\Creative\Shared Files\CTAudSvc.exe
PRC - [2009/07/13 18:14:42 | 000,049,152 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\taskhost.exe
PRC - [2009/07/13 18:14:29 | 000,017,408 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\PrintIsolationHost.exe
PRC - [2009/06/10 14:22:50 | 000,005,120 | ---- | M] (Microsoft Corporation) -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\dfsvc.exe
PRC - [2009/04/14 07:43:42 | 000,604,704 | ---- | M] (Realtek Semiconductor Corp.) -- C:\Windows\SOUNDMAN.EXE
PRC - [2007/01/01 14:22:02 | 003,739,648 | ---- | M] (Google) -- C:\Program Files\Google\Google Talk\googletalk.exe


========== Modules (SafeList) ==========

MOD - [2010/09/13 17:19:50 | 000,576,000 | ---- | M] (OldTimer Tools) -- C:\Users\User\Desktop\OTL.exe
MOD - [2009/07/13 18:16:15 | 000,099,840 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\sspicli.dll
MOD - [2009/07/13 18:16:13 | 000,092,160 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\sechost.dll
MOD - [2009/07/13 18:16:12 | 000,031,744 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\profapi.dll
MOD - [2009/07/13 18:15:35 | 000,288,256 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\KernelBase.dll
MOD - [2009/07/13 18:15:13 | 000,067,072 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\dwmapi.dll
MOD - [2009/07/13 18:15:11 | 000,064,512 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\devobj.dll
MOD - [2009/07/13 18:15:07 | 000,036,864 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\cryptbase.dll
MOD - [2009/07/13 18:15:02 | 000,145,920 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\cfgmgr32.dll
MOD - [2009/07/13 18:14:10 | 000,095,232 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\msscript.ocx
MOD - [2009/07/13 18:03:50 | 001,680,896 | ---- | M] (Microsoft Corporation) -- C:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7600.16385_none_421189da2b7fabfc\comctl32.dll


========== Win32 Services (SafeList) ==========

SRV - [2010/08/19 12:31:27 | 000,308,136 | ---- | M] (AVG Technologies CZ, s.r.o.) [Auto | Running] -- C:\Program Files\AVG\AVG9\avgwdsvc.exe -- (avg9wd)
SRV - [2010/06/02 17:07:07 | 001,343,400 | ---- | M] (Microsoft Corporation) [Unknown | Stopped] -- C:\Windows\System32\Wat\WatAdminSvc.exe -- (WatAdminSvc)
SRV - [2010/04/29 15:39:34 | 000,304,464 | ---- | M] (Malwarebytes Corporation) [Auto | Stopped] -- C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe -- (MBAMService)
SRV - [2010/04/12 15:31:46 | 000,079,360 | ---- | M] (Creative Labs) [On_Demand | Stopped] -- C:\Program Files\Common Files\Creative Labs Shared\Service\CTAELicensing.exe -- (Creative Audio Engine Licensing Service)
SRV - [2010/04/12 15:31:26 | 000,079,360 | ---- | M] (Creative Labs) [On_Demand | Stopped] -- C:\Program Files\Common Files\Creative Labs Shared\Service\AL6Licensing.exe -- (Creative ALchemy AL6 Licensing Service)
SRV - [2010/02/21 22:19:42 | 000,655,624 | ---- | M] (Acresso Software Inc.) [On_Demand | Stopped] -- C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe -- (FLEXnet Licensing Service)
SRV - [2009/10/07 01:47:34 | 000,154,136 | ---- | M] (Logitech Inc.) [Auto | Running] -- C:\Program Files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe -- (LVPrcSrv)
SRV - [2009/09/12 00:34:12 | 001,488,128 | ---- | M] (O&O Software GmbH) [Auto | Running] -- C:\Program Files\OO Software\Defrag\oodag.exe -- (O&O Defrag)
SRV - [2009/08/28 19:45:56 | 000,286,720 | ---- | M] (Creative Technology Ltd) [Auto | Running] -- C:\Program Files\Creative\Shared Files\CTAudSvc.exe -- (CTAudSvcService)
SRV - [2009/07/13 18:16:21 | 000,185,856 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\wwansvc.dll -- (WwanSvc)
SRV - [2009/07/13 18:16:17 | 000,151,552 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\wbiosrvc.dll -- (WbioSrvc)
SRV - [2009/07/13 18:16:17 | 000,119,808 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\System32\umpo.dll -- (Power)
SRV - [2009/07/13 18:16:16 | 000,037,376 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\System32\themeservice.dll -- (Themes)
SRV - [2009/07/13 18:16:15 | 000,053,760 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\sppuinotify.dll -- (sppuinotify)
SRV - [2009/07/13 18:16:13 | 000,043,520 | ---- | M] (Microsoft Corporation) [Unknown | Running] -- C:\Windows\System32\RpcEpMap.dll -- (RpcEptMapper)
SRV - [2009/07/13 18:16:13 | 000,025,088 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\sensrsvc.dll -- (SensrSvc)
SRV - [2009/07/13 18:16:12 | 001,004,544 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\PeerDistSvc.dll -- (PeerDistSvc)
SRV - [2009/07/13 18:16:12 | 000,269,824 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Windows\System32\pnrpsvc.dll -- (PNRPsvc)
SRV - [2009/07/13 18:16:12 | 000,269,824 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Windows\System32\pnrpsvc.dll -- (p2pimsvc)
SRV - [2009/07/13 18:16:12 | 000,165,376 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Windows\System32\provsvc.dll -- (HomeGroupProvider)
SRV - [2009/07/13 18:16:12 | 000,020,480 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\pnrpauto.dll -- (PNRPAutoReg)
SRV - [2009/07/13 18:15:41 | 000,680,960 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
SRV - [2009/07/13 18:15:36 | 000,194,560 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Windows\System32\ListSvc.dll -- (HomeGroupListener)
SRV - [2009/07/13 18:15:21 | 000,797,696 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\FntCache.dll -- (FontCache)
SRV - [2009/07/13 18:15:11 | 000,253,440 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\System32\dhcpcore.dll -- (Dhcp)
SRV - [2009/07/13 18:15:10 | 000,218,624 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\defragsvc.dll -- (defragsvc)
SRV - [2009/07/13 18:14:59 | 000,076,800 | ---- | M] (Microsoft Corporation) [Unknown | Stopped] -- C:\Windows\System32\bdesvc.dll -- (BDESVC)
SRV - [2009/07/13 18:14:58 | 000,088,064 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\AxInstSv.dll -- (AxInstSV) ActiveX Installer (AxInstSV)
SRV - [2009/07/13 18:14:53 | 000,027,648 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\appidsvc.dll -- (AppIDSvc)
SRV - [2009/07/13 18:14:29 | 003,179,520 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\sppsvc.exe -- (sppsvc)


========== Driver Services (SafeList) ==========

DRV - File not found [Kernel | On_Demand | Stopped] -- C:\Users\User\AppData\Local\Temp\catchme.sys -- (catchme)
DRV - [2010/08/19 12:31:36 | 000,243,024 | ---- | M] (AVG Technologies CZ, s.r.o.) [Kernel | System | Running] -- C:\Windows\System32\drivers\avgtdix.sys -- (AvgTdiX)
DRV - [2010/08/19 12:31:34 | 000,216,400 | ---- | M] (AVG Technologies CZ, s.r.o.) [Kernel | System | Running] -- C:\Windows\System32\drivers\avgldx86.sys -- (AvgLdx86)
DRV - [2010/08/19 12:31:29 | 000,029,584 | ---- | M] (AVG Technologies CZ, s.r.o.) [File_System | System | Running] -- C:\Windows\System32\drivers\avgmfx86.sys -- (AvgMfx86)
DRV - [2010/04/29 15:39:26 | 000,020,952 | ---- | M] (Malwarebytes Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\System32\drivers\mbam.sys -- (MBAMProtector)
DRV - [2010/01/11 21:03:33 | 011,586,280 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\nvlddmkm.sys -- (nvlddmkm)
DRV - [2009/12/11 00:44:02 | 000,133,720 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\System32\Drivers\ksecpkg.sys -- (KSecPkg)
DRV - [2009/10/07 01:46:36 | 000,025,752 | ---- | M] () [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\LVPr2Mon.sys -- (LVPr2Mon)
DRV - [2009/09/28 02:02:42 | 000,016,472 | ---- | M] () [Kernel | On_Demand | Running] -- C:\Program Files\PeerBlock\pbfilter.sys -- (pbfilter)
DRV - [2009/07/31 11:39:58 | 000,017,920 | ---- | M] (Creative Technology Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\WRfiltv.sys -- (WRfiltv)
DRV - [2009/07/13 18:26:21 | 000,015,952 | ---- | M] (CMD Technology, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\cmdide.sys -- (cmdide)
DRV - [2009/07/13 18:26:17 | 000,297,552 | ---- | M] (Adaptec, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\adpahci.sys -- (adpahci)
DRV - [2009/07/13 18:26:15 | 000,422,976 | ---- | M] (Adaptec, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\adp94xx.sys -- (adp94xx)
DRV - [2009/07/13 18:26:15 | 000,159,312 | ---- | M] (AMD Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\amdsbs.sys -- (amdsbs)
DRV - [2009/07/13 18:26:15 | 000,146,512 | ---- | M] (Adaptec, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\adpu320.sys -- (adpu320)
DRV - [2009/07/13 18:26:15 | 000,086,608 | ---- | M] (Adaptec, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\arcsas.sys -- (arcsas)
DRV - [2009/07/13 18:26:15 | 000,079,952 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\amdsata.sys -- (amdsata)
DRV - [2009/07/13 18:26:15 | 000,076,368 | ---- | M] (Adaptec, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\arc.sys -- (arc)
DRV - [2009/07/13 18:26:15 | 000,023,616 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\system32\DRIVERS\amdxata.sys -- (amdxata)
DRV - [2009/07/13 18:26:15 | 000,014,400 | ---- | M] (Acer Laboratories Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\aliide.sys -- (aliide)
DRV - [2009/07/13 18:20:44 | 000,142,416 | ---- | M] (NVIDIA Corporation) [Kernel | Boot | Running] -- C:\Windows\system32\DRIVERS\nvstor.sys -- (nvstor)
DRV - [2009/07/13 18:20:44 | 000,117,312 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\nvraid.sys -- (nvraid)
DRV - [2009/07/13 18:20:44 | 000,044,624 | ---- | M] (IBM Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\nfrd960.sys -- (nfrd960)
DRV - [2009/07/13 18:20:37 | 000,089,168 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\lsi_sas.sys -- (LSI_SAS)
DRV - [2009/07/13 18:20:36 | 000,332,352 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\iaStorV.sys -- (iaStorV)
DRV - [2009/07/13 18:20:36 | 000,235,584 | ---- | M] (LSI Corporation, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\MegaSR.sys -- (MegaSR)
DRV - [2009/07/13 18:20:36 | 000,096,848 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\lsi_scsi.sys -- (LSI_SCSI)
DRV - [2009/07/13 18:20:36 | 000,095,824 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\lsi_fc.sys -- (LSI_FC)
DRV - [2009/07/13 18:20:36 | 000,054,864 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\lsi_sas2.sys -- (LSI_SAS2)
DRV - [2009/07/13 18:20:36 | 000,041,040 | ---- | M] (Intel Corp./ICP vortex GmbH) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\iirsp.sys -- (iirsp)
DRV - [2009/07/13 18:20:36 | 000,030,800 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\megasas.sys -- (megasas)
DRV - [2009/07/13 18:20:36 | 000,013,904 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\System32\drivers\hwpolicy.sys -- (hwpolicy)
DRV - [2009/07/13 18:20:28 | 000,453,712 | ---- | M] (Emulex) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\elxstor.sys -- (elxstor)
DRV - [2009/07/13 18:20:28 | 000,070,720 | ---- | M] (Adaptec, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\djsvs.sys -- (aic78xx)
DRV - [2009/07/13 18:20:28 | 000,067,152 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\HpSAMD.sys -- (HpSAMD)
DRV - [2009/07/13 18:20:28 | 000,046,160 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\System32\drivers\fsdepends.sys -- (FsDepends)
DRV - [2009/07/13 18:19:11 | 000,141,904 | ---- | M] (VIA Technologies Inc.,Ltd) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\vsmraid.sys -- (vsmraid)
DRV - [2009/07/13 18:19:10 | 000,175,824 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\vmbus.sys -- (vmbus)
DRV - [2009/07/13 18:19:10 | 000,159,824 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\vhdmp.sys -- (vhdmp)
DRV - [2009/07/13 18:19:10 | 000,040,896 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\system32\DRIVERS\vmstorfl.sys -- (storflt)
DRV - [2009/07/13 18:19:10 | 000,032,832 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\system32\DRIVERS\vdrvroot.sys -- (vdrvroot)
DRV - [2009/07/13 18:19:10 | 000,028,224 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\storvsc.sys -- (storvsc)
DRV - [2009/07/13 18:19:10 | 000,019,008 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\System32\drivers\wimmount.sys -- (WIMMount)
DRV - [2009/07/13 18:19:10 | 000,016,976 | ---- | M] (VIA Technologies, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\viaide.sys -- (viaide)
DRV - [2009/07/13 18:19:04 | 001,383,488 | ---- | M] (QLogic Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\ql2300.sys -- (ql2300)
DRV - [2009/07/13 18:19:04 | 000,173,648 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\System32\drivers\rdyboost.sys -- (rdyboost)
DRV - [2009/07/13 18:19:04 | 000,106,064 | ---- | M] (QLogic Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\ql40xx.sys -- (ql40xx)
DRV - [2009/07/13 18:19:04 | 000,077,888 | ---- | M] (Silicon Integrated Systems) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\sisraid4.sys -- (SiSRaid4)
DRV - [2009/07/13 18:19:04 | 000,043,088 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\System32\drivers\pcw.sys -- (pcw)
DRV - [2009/07/13 18:19:04 | 000,040,016 | ---- | M] (Silicon Integrated Systems Corp.) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\SiSRaid2.sys -- (SiSRaid2)
DRV - [2009/07/13 18:19:04 | 000,021,072 | ---- | M] (Promise Technology) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\stexstor.sys -- (stexstor)
DRV - [2009/07/13 18:17:54 | 000,369,568 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\System32\Drivers\cng.sys -- (CNG)
DRV - [2009/07/13 17:57:25 | 000,272,128 | ---- | M] (Brother Industries Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\Drivers\Brserid.sys -- (Brserid) Brother MFC Serial Port Interface Driver (WDM)
DRV - [2009/07/13 17:02:41 | 000,018,944 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\rdpbus.sys -- (rdpbus)
DRV - [2009/07/13 17:01:41 | 000,007,168 | ---- | M] (Microsoft Corporation) [Kernel | System | Running] -- C:\Windows\System32\drivers\RDPREFMP.sys -- (RDPREFMP)
DRV - [2009/07/13 16:55:00 | 000,049,152 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\agilevpn.sys -- (RasAgileVpn) WAN Miniport (IKEv2)
DRV - [2009/07/13 16:53:51 | 000,009,728 | ---- | M] (Microsoft Corporation) [Kernel | System | Running] -- C:\Windows\System32\drivers\wfplwf.sys -- (WfpLwf)
DRV - [2009/07/13 16:52:44 | 000,027,136 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\ndiscap.sys -- (NdisCap)
DRV - [2009/07/13 16:52:02 | 000,019,968 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\vwifibus.sys -- (vwifibus)
DRV - [2009/07/13 16:52:00 | 000,163,328 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\1394ohci.sys -- (1394ohci)
DRV - [2009/07/13 16:51:35 | 000,008,192 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\umpass.sys -- (UmPass)
DRV - [2009/07/13 16:51:23 | 000,080,640 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\USBAUDIO.sys -- (usbaudio) USB Audio Driver (WDM)
DRV - [2009/07/13 16:51:11 | 000,034,944 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\winusb.sys -- (WinUsb)
DRV - [2009/07/13 16:51:08 | 000,004,096 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\mshidkmdf.sys -- (mshidkmdf)
DRV - [2009/07/13 16:46:55 | 000,012,288 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\MTConfig.sys -- (MTConfig)
DRV - [2009/07/13 16:45:26 | 000,031,232 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\CompositeBus.sys -- (CompositeBus)
DRV - [2009/07/13 16:36:52 | 000,050,176 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\drivers\appid.sys -- (AppID)
DRV - [2009/07/13 16:33:50 | 000,026,624 | ---- | M] (Microsoft Corporation) [Kernel | Unknown | Stopped] -- C:\Windows\System32\drivers\scfilter.sys -- (scfilter)
DRV - [2009/07/13 16:28:47 | 000,005,632 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\vms3cap.sys -- (s3cap)
DRV - [2009/07/13 16:28:45 | 000,017,920 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\VMBusHID.sys -- (VMBusHID)
DRV - [2009/07/13 16:24:05 | 000,032,256 | ---- | M] (Microsoft Corporation) [Kernel | System | Running] -- C:\Windows\System32\drivers\discache.sys -- (discache)
DRV - [2009/07/13 16:19:21 | 000,021,504 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\HidBatt.sys -- (HidBatt)
DRV - [2009/07/13 16:16:36 | 000,009,728 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\acpipmi.sys -- (AcpiPmi)
DRV - [2009/07/13 16:11:04 | 000,052,736 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\amdppm.sys -- (AmdPPM)
DRV - [2009/07/13 15:54:14 | 000,026,624 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\drivers\hcw85cir.sys -- (hcw85cir)
DRV - [2009/07/13 15:53:33 | 000,012,160 | ---- | M] (Brother Industries Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\Drivers\BrUsbMdm.sys -- (BrUsbMdm)
DRV - [2009/07/13 15:53:33 | 000,011,904 | ---- | M] (Brother Industries Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\Drivers\BrUsbSer.sys -- (BrUsbSer)
DRV - [2009/07/13 15:53:32 | 000,062,336 | ---- | M] (Brother Industries Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\Drivers\BrSerWdm.sys -- (BrSerWdm)
DRV - [2009/07/13 15:53:28 | 000,013,568 | ---- | M] (Brother Industries, Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\BrFiltLo.sys -- (BrFiltLo)
DRV - [2009/07/13 15:53:28 | 000,005,248 | ---- | M] (Brother Industries, Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\BrFiltUp.sys -- (BrFiltUp)
DRV - [2009/07/13 15:02:52 | 000,347,264 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\nvm62x32.sys -- (NVENETFD)
DRV - [2009/07/13 15:02:49 | 000,229,888 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\b57nd60x.sys -- (b57nd60x)
DRV - [2009/07/13 15:02:48 | 003,100,160 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\evbdx.sys -- (ebdrv)
DRV - [2009/07/13 15:02:48 | 000,430,080 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\bxvbdx.sys -- (b06bdrv)
DRV - [2009/06/18 19:45:02 | 004,172,832 | ---- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\RTKVAC.SYS -- (ALCXWDM) Service for Realtek AC97 Audio (WDM)
DRV - [2009/02/24 18:42:14 | 000,116,736 | ---- | M] (MagicISO, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\mcdbus.sys -- (mcdbus)
DRV - [2007/05/09 21:51:34 | 000,041,888 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\LVUSBSta.sys -- (LVUSBSta)
DRV - [2007/05/09 21:47:00 | 001,276,832 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\LV302V32.SYS -- (PID_PEPI) Logitech QuickCam IM(PID_PEPI)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========



IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0



IE - HKU\S-1-5-21-3074497874-418840486-2860784660-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = en-us
IE - HKU\S-1-5-21-3074497874-418840486-2860784660-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 49 7C DB AC 08 44 CB 01 [binary data]
IE - HKU\S-1-5-21-3074497874-418840486-2860784660-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-21-3074497874-418840486-2860784660-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = <local>

========== FireFox ==========

FF - prefs.js..browser.startup.homepage: "http://www.wow.com/"
FF - prefs.js..extensions.enabledItems: {AB2CE124-6272-4b12-94A9-7303C7397BD1}:4.2.0.5198
FF - prefs.js..extensions.enabledItems: {3f963a5b-e555-4543-90e2-c3908898db71}:9.0.0.845
FF - prefs.js..extensions.enabledItems: tab@search.com:1.0
FF - prefs.js..keyword.URL: "http://www.google.com/search?ie=UTF-8&oe=UTF-8&sourceid=navclient&gfns=1&q="


FF - HKLM\software\mozilla\Firefox\Extensions\\{3f963a5b-e555-4543-90e2-c3908898db71}: C:\Program Files\AVG\AVG9\Firefox [2010/08/19 12:31:27 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.6.8\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2010/08/31 23:24:50 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.6.8\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2010/09/16 16:45:57 | 000,000,000 | ---D | M]

[2010/02/17 19:14:03 | 000,000,000 | ---D | M] -- C:\Users\User\AppData\Roaming\mozilla\Extensions
[2010/08/31 16:42:00 | 000,000,000 | ---D | M] -- C:\Users\User\AppData\Roaming\mozilla\Firefox\Profiles\46oz1h7i.default\extensions
[2010/08/25 16:18:35 | 000,000,000 | ---D | M] -- C:\Users\User\AppData\Roaming\mozilla\Firefox\Profiles\46oz1h7i.default\extensions\tab@search.com
[2010/09/16 16:49:50 | 000,000,000 | ---D | M] -- C:\Program Files\Mozilla Firefox\extensions
[2010/04/12 15:49:00 | 000,000,000 | ---D | M] (Skype extension for Firefox) -- C:\Program Files\Mozilla Firefox\extensions\{AB2CE124-6272-4b12-94A9-7303C7397BD1}
[2010/09/16 16:46:02 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}
[2010/09/16 16:45:46 | 000,423,656 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\Mozilla Firefox\plugins\npdeployJava1.dll
[2010/01/13 15:46:00 | 000,063,488 | ---- | M] (Nullsoft, Inc.) -- C:\Program Files\Mozilla Firefox\plugins\npwachk.dll

O1 HOSTS File: ([2010/09/15 16:09:26 | 000,000,027 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O2 - BHO: (AVG Safe Search) - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG9\avgssie.dll (AVG Technologies CZ, s.r.o.)
O2 - BHO: (Groove GFS Browser Helper) - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll (Microsoft Corporation)
O2 - BHO: (Adobe PDF Conversion Toolbar Helper) - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O2 - BHO: (SmartSelect Class) - {F4971EE7-DAA0-4053-9964-665D8EE6A077} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O3 - HKLM\..\Toolbar: (Adobe PDF) - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O3 - HKLM\..\Toolbar: (NaturalReader.IEbar) - {BCBF738C-4891-4B9A-959A-C6BF7F608C3A} - C:\Program Files\NaturalSoft\naturalreader7\NVRIEbar.dll (www.naturalreaders.com)
O3 - HKU\S-1-5-21-3074497874-418840486-2860784660-1000\..\Toolbar\WebBrowser: (Adobe PDF) - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O4 - HKLM..\Run: [Acrobat Assistant 8.0] C:\Program Files\Adobe\Acrobat 9.0\Acrobat\Acrotray.exe (Adobe Systems Inc.)
O4 - HKLM..\Run: [AVG9_TRAY] C:\Program Files\AVG\AVG9\avgtray.exe (AVG Technologies CZ, s.r.o.)
O4 - HKLM..\Run: [googletalk] C:\Program Files\Google\Google Talk\googletalk.exe (Google)
O4 - HKLM..\Run: [Malwarebytes' Anti-Malware] C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe (Malwarebytes Corporation)
O4 - HKLM..\Run: [OODefragTray] C:\Program Files\OO Software\Defrag\oodtray.exe (O&O Software GmbH)
O4 - HKLM..\Run: [SoundMan] C:\Windows\SOUNDMAN.EXE (Realtek Semiconductor Corp.)
O4 - HKLM..\Run: [UpdatePDRShortCut] C:\Program Files\CyberLink\PowerDirector\MUITransfer\MUIStartMenu.exe (CyberLink Corp.)
O4 - HKU\S-1-5-21-3074497874-418840486-2860784660-1000..\Run: [Pando Media Booster] C:\Program Files\Pando Networks\Media Booster\PMB.exe ()
O4 - HKU\S-1-5-21-3074497874-418840486-2860784660-1000..\Run: [PeerBlock] C:\Program Files\PeerBlock\peerblock.exe (PeerBlock, LLC)
O4 - Startup: C:\Users\User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\CurseClientStartup.ccip ()
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLUA = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: PromptOnSecureDesktop = 0
O7 - HKU\.DEFAULT\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-18\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-19\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-20\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-21-3074497874-418840486-2860784660-1000\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-21-3074497874-418840486-2860784660-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-21-3074497874-418840486-2860784660-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O8 - Extra context menu item: Append Link Target to Existing PDF - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Append to Existing PDF - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Convert Link Target to Adobe PDF - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Convert to Adobe PDF - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: E&xport to Microsoft Excel - C:\Program Files\Microsoft Office\Office12\EXCEL.EXE (Microsoft Corporation)
O9 - Extra Button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office\Office12\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office\Office12\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra Button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\Program Files\Microsoft Office\Office12\REFIEBAR.DLL (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000007 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O16 - DPF: {0067DBFC-A752-458C-AE6E-B9C7E63D4824} http://www.logitech.com/devicedetector/plu...Detection32.cab (Device Detection)
O16 - DPF: {83A4D5A6-E2C1-4EDD-AD48-1A1C50BD06EF} http://www.bearbook.com/WebResource.axd?d=...187939332716250 (Image Uploader Control)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Java Plug-in 1.6.0_21)
O16 - DPF: {CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Java Plug-in 1.6.0_21)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Java Plug-in 1.6.0_21)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 68.105.28.12 68.105.29.12 68.105.28.11
O18 - Protocol\Handler\grooveLocalGWS {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files\Microsoft Office\Office12\GrooveSystemServices.dll (Microsoft Corporation)
O18 - Protocol\Handler\linkscanner {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG9\avgpp.dll (AVG Technologies CZ, s.r.o.)
O18 - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - C:\Program Files\Common Files\microsoft shared\Help\hxds.dll (Microsoft Corporation)
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O18 - Protocol\Filter\text/xml {807563E5-5146-11D5-A672-00B0D022E945} - C:\Program Files\Common Files\microsoft shared\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation)
O20 - AppInit_DLLs: (C:\Windows\System32\acaptuser32.dll) - C:\Windows\System32\acaptuser32.dll (Adobe Systems Incorporated)
O20 - AppInit_DLLs: (C:\Windows\System32\avgrsstx.dll) - C:\Windows\System32\avgrsstx.dll (AVG Technologies CZ, s.r.o.)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\System32\SystemPropertiesPerformance.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (/pagefile) - File not found
O28 - HKLM ShellExecuteHooks: {AEB6717E-7E19-11d0-97EE-00C04FD91972} - Reg Error: Key error. File not found
O28 - HKLM ShellExecuteHooks: {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll (Microsoft Corporation)
O30 - LSA: Security Packages - (pku2u) - C:\Windows\System32\pku2u.dll (Microsoft Corporation)
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2009/06/10 14:42:20 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O34 - HKLM BootExecute: (OODBS) - C:\Windows\System32\OODBS.exe (O&O Software GmbH)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = ComFile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

========== Files/Folders - Created Within 30 Days ==========

[2010/09/16 16:56:27 | 000,000,000 | ---D | C] -- C:\Program Files\ESET
[2010/09/16 16:47:28 | 000,000,000 | ---D | C] -- C:\_OTL
[2010/09/16 16:46:19 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Java
[2010/09/16 16:45:57 | 000,423,656 | ---- | C] (Sun Microsystems, Inc.) -- C:\Windows\System32\deployJava1.dll
[2010/09/16 16:45:57 | 000,153,376 | ---- | C] (Sun Microsystems, Inc.) -- C:\Windows\System32\javaws.exe
[2010/09/16 16:45:57 | 000,145,184 | ---- | C] (Sun Microsystems, Inc.) -- C:\Windows\System32\javaw.exe
[2010/09/16 16:45:57 | 000,145,184 | ---- | C] (Sun Microsystems, Inc.) -- C:\Windows\System32\java.exe
[2010/09/16 16:45:44 | 000,000,000 | ---D | C] -- C:\Program Files\Java
[2010/09/15 16:13:05 | 000,000,000 | -HSD | C] -- C:\$RECYCLE.BIN
[2010/09/15 16:07:56 | 000,000,000 | ---D | C] -- C:\Windows\temp
[2010/09/15 16:07:56 | 000,000,000 | ---D | C] -- C:\Users\User\AppData\Local\temp
[2010/09/15 15:58:56 | 000,212,480 | ---- | C] (SteelWerX) -- C:\Windows\SWXCACLS.exe
[2010/09/14 16:21:30 | 000,161,792 | ---- | C] (SteelWerX) -- C:\Windows\SWREG.exe
[2010/09/14 16:21:30 | 000,136,704 | ---- | C] (SteelWerX) -- C:\Windows\SWSC.exe
[2010/09/14 16:21:30 | 000,031,232 | ---- | C] (NirSoft) -- C:\Windows\NIRCMD.exe
[2010/09/14 16:21:16 | 000,000,000 | ---D | C] -- C:\Windows\ERDNT
[2010/09/14 16:20:44 | 000,000,000 | ---D | C] -- C:\Qoobox
[2010/09/13 22:04:51 | 000,000,000 | ---D | C] -- C:\World of Warcraft Beta
[2010/09/13 21:47:24 | 000,000,000 | ---D | C] -- C:\Users\User\Cataclysm-Beta-Installer-4.0.0.12635-enUS
[2010/09/13 17:19:49 | 000,576,000 | ---- | C] (OldTimer Tools) -- C:\Users\User\Desktop\OTL.exe
[2010/09/10 22:51:22 | 000,000,000 | ---D | C] -- C:\ProgramData\Creative Labs
[2010/09/10 22:51:02 | 000,000,000 | ---D | C] -- C:\Users\User\Documents\The Lord of the Rings Online
[2010/09/10 22:51:02 | 000,000,000 | ---D | C] -- C:\Users\User\AppData\Local\The Lord of the Rings Online
[2010/09/10 22:40:42 | 000,000,000 | ---D | C] -- C:\Users\User\AppData\Local\Turbine
[2010/09/10 22:38:52 | 003,495,784 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\d3dx9_33.dll
[2010/09/10 22:38:03 | 000,000,000 | ---D | C] -- C:\Users\User\AppData\Local\ApplicationHistory
[2010/09/10 21:58:10 | 000,000,000 | ---D | C] -- C:\Program Files\Turbine
[2010/09/10 12:47:47 | 000,000,000 | ---D | C] -- C:\LOTRO High Res Installer Files
[2010/09/10 12:46:46 | 000,000,000 | ---D | C] -- C:\Users\User\AppData\Local\PMB Files
[2010/09/10 12:46:42 | 000,000,000 | ---D | C] -- C:\ProgramData\PMB Files
[2010/09/10 12:46:18 | 000,000,000 | ---D | C] -- C:\Program Files\Pando Networks
[2010/09/07 21:15:20 | 000,000,000 | ---D | C] -- C:\Program Files\Sophos
[2010/08/25 16:18:52 | 000,000,000 | ---D | C] -- C:\$AVG
[2010/08/21 14:51:57 | 000,000,000 | ---D | C] -- C:\Users\User\AppData\Roaming\Malwarebytes
[2010/08/21 14:51:50 | 000,038,224 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbamswissarmy.sys
[2010/08/21 14:51:49 | 000,020,952 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbam.sys
[2010/08/21 14:51:49 | 000,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware
[2010/08/21 14:51:49 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes
[2010/08/21 10:39:05 | 000,000,000 | ---D | C] -- C:\Users\User\AppData\Roaming\vlc
[2010/08/19 12:31:38 | 000,012,536 | ---- | C] (AVG Technologies CZ, s.r.o.) -- C:\Windows\System32\avgrsstx.dll
[2010/08/19 12:31:36 | 000,243,024 | ---- | C] (AVG Technologies CZ, s.r.o.) -- C:\Windows\System32\drivers\avgtdix.sys
[2010/08/19 12:31:34 | 000,216,400 | ---- | C] (AVG Technologies CZ, s.r.o.) -- C:\Windows\System32\drivers\avgldx86.sys
[2010/08/19 12:31:29 | 000,029,584 | ---- | C] (AVG Technologies CZ, s.r.o.) -- C:\Windows\System32\drivers\avgmfx86.sys
[2010/08/19 12:31:28 | 000,000,000 | ---D | C] -- C:\Windows\System32\drivers\Avg
[2010/08/19 12:29:38 | 000,000,000 | ---D | C] -- C:\Windows\Minidump
[2010/08/19 12:02:13 | 000,000,000 | ---D | C] -- C:\Program Files\AVG
[2010/08/19 12:02:12 | 000,000,000 | ---D | C] -- C:\ProgramData\avg9

========== Files - Modified Within 30 Days ==========

[2010/09/18 11:21:31 | 000,000,878 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2010/09/18 11:21:28 | 000,000,006 | -H-- | M] () -- C:\Windows\tasks\SA.DAT
[2010/09/18 11:21:26 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2010/09/18 11:21:23 | 2414,772,224 | -HS- | M] () -- C:\hiberfil.sys
[2010/09/18 11:21:22 | 000,058,057 | ---- | M] () -- C:\Windows\System32\oodbs.lor
[2010/09/18 11:19:59 | 004,194,304 | -HS- | M] () -- C:\Users\User\ntuser.dat
[2010/09/18 11:19:48 | 000,000,852 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-3074497874-418840486-2860784660-1000Core.job
[2010/09/18 11:19:46 | 002,579,858 | -H-- | M] () -- C:\Users\User\AppData\Local\IconCache.db
[2010/09/18 11:15:36 | 000,075,264 | ---- | M] () -- C:\Users\User\Desktop\SystemLook.exe
[2010/09/18 11:13:26 | 064,887,310 | ---- | M] () -- C:\Windows\System32\drivers\Avg\incavi.avm
[2010/09/18 11:13:19 | 009,962,794 | ---- | M] () -- C:\Users\User\Desktop\Nerys and Jim Pics.zip
[2010/09/18 11:12:05 | 000,000,904 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-3074497874-418840486-2860784660-1000UA.job
[2010/09/18 11:11:50 | 000,002,391 | ---- | M] () -- C:\Users\User\Desktop\Google Chrome.lnk
[2010/09/18 11:10:37 | 000,000,882 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2010/09/16 21:30:24 | 000,000,703 | ---- | M] () -- C:\Users\Public\Desktop\World of Warcraft.lnk
[2010/09/16 21:16:55 | 000,007,083 | ---- | M] () -- C:\Users\User\Desktop\Bamm-Bamm_Rubble.jpg
[2010/09/16 16:45:46 | 000,423,656 | ---- | M] (Sun Microsystems, Inc.) -- C:\Windows\System32\deployJava1.dll
[2010/09/16 16:45:46 | 000,153,376 | ---- | M] (Sun Microsystems, Inc.) -- C:\Windows\System32\javaws.exe
[2010/09/16 16:45:46 | 000,145,184 | ---- | M] (Sun Microsystems, Inc.) -- C:\Windows\System32\javaw.exe
[2010/09/16 16:45:46 | 000,145,184 | ---- | M] (Sun Microsystems, Inc.) -- C:\Windows\System32\java.exe
[2010/09/16 11:29:31 | 000,731,366 | ---- | M] () -- C:\Windows\System32\PerfStringBackup.INI
[2010/09/16 11:29:31 | 000,626,794 | ---- | M] () -- C:\Windows\System32\perfh009.dat
[2010/09/16 11:29:31 | 000,108,366 | ---- | M] () -- C:\Windows\System32\perfc009.dat
[2010/09/15 21:24:01 | 000,061,122 | ---- | M] () -- C:\Users\User\Desktop\Jim and Nerys.jpg
[2010/09/15 16:09:39 | 000,000,215 | ---- | M] () -- C:\Windows\system.ini
[2010/09/15 16:09:26 | 000,000,027 | ---- | M] () -- C:\Windows\System32\drivers\etc\hosts
[2010/09/15 08:59:58 | 009,817,344 | ---- | M] () -- C:\Users\User\Desktop\On the Rocks - Lady Gaga - Bad Romance.mp3
[2010/09/15 08:46:20 | 074,806,596 | ---- | M] () -- C:\Users\User\Desktop\On the Rocks - Lady Gaga - Bad Romance.mp4
[2010/09/14 16:18:18 | 003,845,016 | R--- | M] () -- C:\Users\User\Desktop\etavaresCF.exe
[2010/09/14 15:26:34 | 000,133,632 | ---- | M] () -- C:\Users\User\Desktop\RKUnhookerLE.EXE
[2010/09/14 15:24:39 | 000,080,384 | ---- | M] () -- C:\Users\User\Desktop\MBRCheck.exe
[2010/09/14 15:14:54 | 000,026,630 | ---- | M] () -- C:\Users\User\Desktop\Writing Templates.xlsm
[2010/09/14 12:34:19 | 000,008,192 | ---- | M] () -- C:\Users\User\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2010/09/13 23:10:43 | 000,524,288 | -HS- | M] () -- C:\Users\User\ntuser.dat{336f0340-bc53-11df-b221-00e04ce9d553}.TMContainer00000000000000000002.regtrans-ms
[2010/09/13 23:10:43 | 000,524,288 | -HS- | M] () -- C:\Users\User\ntuser.dat{336f0340-bc53-11df-b221-00e04ce9d553}.TMContainer00000000000000000001.regtrans-ms
[2010/09/13 23:10:43 | 000,065,536 | -HS- | M] () -- C:\Users\User\ntuser.dat{336f0340-bc53-11df-b221-00e04ce9d553}.TM.blf
[2010/09/13 23:03:01 | 000,000,792 | ---- | M] () -- C:\Users\Public\Desktop\World of Warcraft Beta.lnk
[2010/09/13 17:19:50 | 000,576,000 | ---- | M] (OldTimer Tools) -- C:\Users\User\Desktop\OTL.exe
[2010/09/12 11:08:31 | 000,010,728 | ---- | M] () -- C:\Users\User\Desktop\The Great Waist Debate.docx
[2010/09/10 22:40:44 | 000,000,092 | ---- | M] () -- C:\Users\User\AppData\Local\fusioncache.dat
[2010/09/10 22:36:16 | 000,002,171 | ---- | M] () -- C:\Users\User\Desktop\The Lord of the Rings Online.lnk
[2010/09/08 11:34:55 | 000,189,589 | ---- | M] () -- C:\Users\User\Desktop\brads udid.jpg
[2010/09/07 23:53:04 | 000,525,824 | ---- | M] () -- C:\Users\User\Desktop\dds.scr
[2010/09/07 23:52:48 | 000,000,000 | ---- | M] () -- C:\Users\User\defogger_reenable
[2010/09/07 11:39:06 | 000,001,875 | ---- | M] () -- C:\Users\User\Desktop\AIM.lnk
[2010/09/06 23:22:16 | 000,012,672 | ---- | M] () -- C:\Users\User\Desktop\OKrrrrr.mp3
[2010/09/06 21:15:37 | 004,237,824 | ---- | M] () -- C:\Users\User\Desktop\beweave.mp3
[2010/09/06 21:14:57 | 008,624,641 | ---- | M] () -- C:\Users\User\Desktop\beweave.mp4
[2010/09/05 02:28:20 | 006,190,139 | ---- | M] () -- C:\Users\User\Desktop\39878_bleeping_2.wmv
[2010/08/27 18:23:05 | 000,014,533 | ---- | M] () -- C:\Users\User\Desktop\Novel Planning.docx
[2010/08/27 00:19:25 | 000,001,080 | ---- | M] () -- C:\Users\Public\Desktop\YouTube Downloader.lnk
[2010/08/25 23:39:01 | 000,000,979 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes' Anti-Malware.lnk
[2010/08/25 16:22:04 | 000,004,156 | ---- | M] () -- C:\Users\User\Desktop\concerning hobbits.aup
[2010/08/25 14:10:49 | 003,600,008 | ---- | M] () -- C:\Users\User\Desktop\Jack Johnson and Dave Matthews - A Pirate Looks at 40.mp3
[2010/08/25 12:50:14 | 000,014,416 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2010/08/25 12:50:14 | 000,014,416 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2010/08/24 23:06:43 | 000,071,452 | ---- | M] () -- C:\Users\User\Desktop\tpirwheel2.wav
[2010/08/24 23:02:51 | 000,786,496 | ---- | M] () -- C:\Users\User\Desktop\tpirhorns.wav
[2010/08/24 22:59:54 | 000,168,230 | ---- | M] () -- C:\Users\User\Desktop\tpiryodel.wav
[2010/08/21 20:57:02 | 000,000,362 | RHS- | M] () -- C:\ProgramData\ntuser.pol
[2010/08/21 11:30:01 | 000,030,186 | ---- | M] () -- C:\Users\User\Documents\cc_20100821_112944.reg
[2010/08/21 10:38:23 | 000,001,024 | ---- | M] () -- C:\Users\Public\Desktop\VLC media player.lnk
[2010/08/19 14:12:52 | 000,524,288 | -HS- | M] () -- C:\Users\User\ntuser.dat{08a2b40c-abc8-11df-91cf-c55eaca8e1e0}.TMContainer00000000000000000002.regtrans-ms
[2010/08/19 14:12:52 | 000,524,288 | -HS- | M] () -- C:\Users\User\ntuser.dat{08a2b40c-abc8-11df-91cf-c55eaca8e1e0}.TMContainer00000000000000000001.regtrans-ms
[2010/08/19 14:12:52 | 000,065,536 | -HS- | M] () -- C:\Users\User\ntuser.dat{08a2b40c-abc8-11df-91cf-c55eaca8e1e0}.TM.blf
[2010/08/19 12:31:38 | 000,012,536 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Windows\System32\avgrsstx.dll
[2010/08/19 12:31:38 | 000,001,812 | ---- | M] () -- C:\Users\Public\Desktop\AVG Free 9.0.lnk
[2010/08/19 12:31:36 | 000,243,024 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Windows\System32\drivers\avgtdix.sys
[2010/08/19 12:31:34 | 000,216,400 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Windows\System32\drivers\avgldx86.sys
[2010/08/19 12:31:29 | 000,113,461 | ---- | M] () -- C:\Windows\System32\drivers\Avg\iavichjw.avm
[2010/08/19 12:31:29 | 000,029,584 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Windows\System32\drivers\avgmfx86.sys

========== Files Created - No Company Name ==========

[2010/09/18 11:15:35 | 000,075,264 | ---- | C] () -- C:\Users\User\Desktop\SystemLook.exe
[2010/09/18 11:12:39 | 009,962,794 | ---- | C] () -- C:\Users\User\Desktop\Nerys and Jim Pics.zip
[2010/09/16 21:16:55 | 000,007,083 | ---- | C] () -- C:\Users\User\Desktop\Bamm-Bamm_Rubble.jpg
[2010/09/15 21:24:01 | 000,061,122 | ---- | C] () -- C:\Users\User\Desktop\Jim and Nerys.jpg
[2010/09/15 08:59:30 | 009,817,344 | ---- | C] () -- C:\Users\User\Desktop\On the Rocks - Lady Gaga - Bad Romance.mp3
[2010/09/15 08:46:20 | 074,806,596 | ---- | C] () -- C:\Users\User\Desktop\On the Rocks - Lady Gaga - Bad Romance.mp4
[2010/09/14 16:21:30 | 000,256,512 | ---- | C] () -- C:\Windows\PEV.exe
[2010/09/14 16:21:30 | 000,098,816 | ---- | C] () -- C:\Windows\sed.exe
[2010/09/14 16:21:30 | 000,080,412 | ---- | C] () -- C:\Windows\grep.exe
[2010/09/14 16:21:30 | 000,077,312 | ---- | C] () -- C:\Windows\MBR.exe
[2010/09/14 16:21:30 | 000,068,096 | ---- | C] () -- C:\Windows\zip.exe
[2010/09/14 16:18:14 | 003,845,016 | R--- | C] () -- C:\Users\User\Desktop\etavaresCF.exe
[2010/09/14 15:26:33 | 000,133,632 | ---- | C] () -- C:\Users\User\Desktop\RKUnhookerLE.EXE
[2010/09/14 15:24:39 | 000,080,384 | ---- | C] () -- C:\Users\User\Desktop\MBRCheck.exe
[2010/09/13 22:04:51 | 000,000,792 | ---- | C] () -- C:\Users\Public\Desktop\World of Warcraft Beta.lnk
[2010/09/12 11:08:30 | 000,010,728 | ---- | C] () -- C:\Users\User\Desktop\The Great Waist Debate.docx
[2010/09/10 22:40:44 | 000,000,092 | ---- | C] () -- C:\Users\User\AppData\Local\fusioncache.dat
[2010/09/10 22:36:16 | 000,002,171 | ---- | C] () -- C:\Users\User\Desktop\The Lord of the Rings Online.lnk
[2010/09/09 13:46:28 | 000,524,288 | -HS- | C] () -- C:\Users\User\ntuser.dat{336f0340-bc53-11df-b221-00e04ce9d553}.TMContainer00000000000000000002.regtrans-ms
[2010/09/09 13:46:28 | 000,524,288 | -HS- | C] () -- C:\Users\User\ntuser.dat{336f0340-bc53-11df-b221-00e04ce9d553}.TMContainer00000000000000000001.regtrans-ms
[2010/09/09 13:46:28 | 000,065,536 | -HS- | C] () -- C:\Users\User\ntuser.dat{336f0340-bc53-11df-b221-00e04ce9d553}.TM.blf
[2010/09/09 09:11:33 | 006,190,139 | ---- | C] () -- C:\Users\User\Desktop\39878_bleeping_2.wmv
[2010/09/08 11:34:55 | 000,189,589 | ---- | C] () -- C:\Users\User\Desktop\brads udid.jpg
[2010/09/07 23:53:47 | 000,525,824 | ---- | C] () -- C:\Users\User\Desktop\dds.scr
[2010/09/07 23:52:48 | 000,000,000 | ---- | C] () -- C:\Users\User\defogger_reenable
[2010/09/07 11:39:06 | 000,001,875 | ---- | C] () -- C:\Users\User\Desktop\AIM.lnk
[2010/09/06 21:21:49 | 000,012,672 | ---- | C] () -- C:\Users\User\Desktop\OKrrrrr.mp3
[2010/09/06 21:15:23 | 004,237,824 | ---- | C] () -- C:\Users\User\Desktop\beweave.mp3
[2010/09/06 21:14:57 | 008,624,641 | ---- | C] () -- C:\Users\User\Desktop\beweave.mp4
[2010/08/30 11:53:09 | 002,896,690 | ---- | C] () -- C:\Users\User\Desktop\68508_me_playing - Copy.mp4
[2010/08/27 16:44:22 | 000,014,533 | ---- | C] () -- C:\Users\User\Desktop\Novel Planning.docx
[2010/08/27 00:19:25 | 000,001,080 | ---- | C] () -- C:\Users\Public\Desktop\YouTube Downloader.lnk
[2010/08/25 16:22:04 | 000,004,156 | ---- | C] () -- C:\Users\User\Desktop\concerning hobbits.aup
[2010/08/25 14:10:21 | 003,600,008 | ---- | C] () -- C:\Users\User\Desktop\Jack Johnson and Dave Matthews - A Pirate Looks at 40.mp3
[2010/08/24 23:06:43 | 000,071,452 | ---- | C] () -- C:\Users\User\Desktop\tpirwheel2.wav
[2010/08/24 23:02:50 | 000,786,496 | ---- | C] () -- C:\Users\User\Desktop\tpirhorns.wav
[2010/08/24 22:59:54 | 000,168,230 | ---- | C] () -- C:\Users\User\Desktop\tpiryodel.wav
[2010/08/21 14:51:52 | 000,000,979 | ---- | C] () -- C:\Users\Public\Desktop\Malwarebytes' Anti-Malware.lnk
[2010/08/21 11:29:48 | 000,030,186 | ---- | C] () -- C:\Users\User\Documents\cc_20100821_112944.reg
[2010/08/21 10:38:23 | 000,001,024 | ---- | C] () -- C:\Users\Public\Desktop\VLC media player.lnk
[2010/08/19 12:31:38 | 000,001,812 | ---- | C] () -- C:\Users\Public\Desktop\AVG Free 9.0.lnk
[2010/08/19 12:31:29 | 000,113,461 | ---- | C] () -- C:\Windows\System32\drivers\Avg\iavichjw.avm
[2010/08/19 12:31:28 | 064,887,310 | ---- | C] () -- C:\Windows\System32\drivers\Avg\incavi.avm
[2010/08/19 12:29:49 | 000,524,288 | -HS- | C] () -- C:\Users\User\ntuser.dat{08a2b40c-abc8-11df-91cf-c55eaca8e1e0}.TMContainer00000000000000000002.regtrans-ms
[2010/08/19 12:29:49 | 000,524,288 | -HS- | C] () -- C:\Users\User\ntuser.dat{08a2b40c-abc8-11df-91cf-c55eaca8e1e0}.TMContainer00000000000000000001.regtrans-ms
[2010/08/19 12:29:49 | 000,065,536 | -HS- | C] () -- C:\Users\User\ntuser.dat{08a2b40c-abc8-11df-91cf-c55eaca8e1e0}.TM.blf
[2010/06/08 23:50:28 | 000,000,362 | RHS- | C] () -- C:\ProgramData\ntuser.pol
[2010/04/12 15:31:58 | 000,030,688 | ---- | C] () -- C:\Windows\System32\xfiWR.ini
[2010/04/12 15:31:57 | 000,001,801 | ---- | C] () -- C:\Windows\WRcfg.ini
[2010/04/12 15:31:57 | 000,000,388 | ---- | C] () -- C:\Windows\WRMCcfg.ini
[2010/04/12 15:31:53 | 000,176,128 | ---- | C] () -- C:\Windows\System32\APOMngr.DLL
[2010/04/12 15:31:53 | 000,073,728 | ---- | C] () -- C:\Windows\System32\CmdRtr.DLL
[2010/03/01 11:36:47 | 000,000,600 | ---- | C] () -- C:\Users\User\AppData\Roaming\winscp.rnd
[2010/02/28 19:33:46 | 000,008,192 | ---- | C] () -- C:\Users\User\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2010/02/19 11:19:34 | 000,000,262 | ---- | C] () -- C:\Windows\{789289CA-F73A-4A16-A331-54D498CE069F}_WiseFW.ini
[2010/02/17 20:11:39 | 000,691,592 | ---- | C] () -- C:\Windows\System32\OGACheckControl.DLL
[2009/10/07 01:46:36 | 000,025,752 | ---- | C] () -- C:\Windows\System32\drivers\LVPr2Mon.sys
[2009/10/07 01:23:08 | 000,013,584 | ---- | C] () -- C:\Windows\System32\drivers\iKeyLFT2.dll
[2009/07/13 16:51:43 | 000,073,728 | ---- | C] () -- C:\Windows\System32\BthpanContextHandler.dll
[2009/07/13 16:42:10 | 000,064,000 | ---- | C] () -- C:\Windows\System32\BWContextHandler.dll
[2009/04/14 07:43:32 | 000,154,144 | ---- | C] () -- C:\Windows\System32\RTLCPAPI.dll
[2007/05/09 20:35:54 | 000,057,126 | ---- | C] () -- C:\Windows\System32\lvcoinst.ini
[2004/02/28 05:30:12 | 000,049,152 | ---- | C] () -- C:\Windows\System32\TrustSupport.dll
[2000/10/25 17:15:00 | 000,017,920 | ---- | C] () -- C:\Windows\System32\Implode.dll
< End of report >

-----------------------



#15 etavares

etavares

    Bleepin' Remover


  • Malware Response Team
  • 15,514 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:08:22 PM

Posted 18 September 2010 - 04:27 PM

OK, I want to sit on this for a bit before we clean up. Let me know if you get an MBAM warning in the next day or two. For that matter, let me know if you don't. smile.gif If it looks good tomorrow or Monday we'll clean up.


If I don't respond within 2 days, please feel free to PM me.
Please don't ask for help via PM. The forums are there for a reason. Please post in the forums so others may benefit as well.

Posted Image
Unified Network of Instructors and Trusted Eliminators
 





0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users