Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Infected with some kind of Protected Malware (TDL3?)


  • This topic is locked This topic is locked
18 replies to this topic

#1 LilJohnAY

LilJohnAY

  • Members
  • 19 posts
  • OFFLINE
  •  
  • Local time:11:41 PM

Posted 27 September 2010 - 03:28 PM

So I got infected by the TDL3 Rootkit virus. After many scans with things such as MBAM, AVG Free, Hitman Pro, and TDSSKiller, I though I got rid of the TDL3 virus. But, I noticed that in Firefox, I still have the symptoms of the "Google redirect virus". I definitely need some help to get rid of this darned thing sad.gif Any help would be greatly appreciated.
Also, I ran multiple scans with GMER. Each time I tried, the scans take HOURS to complete, and whenever I try to click "Save" to save the log after the scan is completed, the program ALWAYS stops responding. :'[ I've noticed that the only results that come up in the scan appear in the first few minutes, though....

Anyway, as requested by boopme, here is the DDS log:
[(*Note, I foolishly had many tabs open in Google Chrome mellow.gif Hence all the GoogleChrome open applications*)]


DDS (Ver_10-03-17.01) - NTFSx86
Run by John at 22:08:31.21 on Sun 09/26/2010
Internet Explorer: 8.0.6001.18702 BrowserJavaVersion: 1.6.0_05
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.3325.1368 [GMT -4:00]

AV: AVG Anti-Virus *On-access scanning enabled* (Updated) {17DDD097-36FF-435F-9E1B-52D74245D6BF}
FW: ZoneAlarm Firewall *enabled* {829BDA32-94B3-44F4-8446-F8FCFF809F8B}

============== Running Processes ===============

C:\WINDOWS\system32\svchost -k DcomLaunch
svchost.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
svchost.exe
svchost.exe
C:\WINDOWS\system32\ZoneLabs\vsmon.exe
C:\Program Files\AVG\AVG9\avgchsvx.exe
C:\Program Files\AVG\AVG9\avgrsx.exe
C:\Program Files\AVG\AVG9\avgcsrvx.exe
C:\WINDOWS\system32\spoolsv.exe
c:\program files\common files\logishrd\lvmvfm\LVPrcSrv.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
svchost.exe
C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACService.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
C:\Program Files\AVG\AVG9\avgwdsvc.exe
C:\Program Files\Prevx\prevx.exe
C:\WINDOWS\system32\svchost.exe -k hpdevmgmt
C:\Program Files\AVG\AVG9\avgam.exe
C:\WINDOWS\system32\svchost.exe -k HPService
C:\Program Files\AVG\AVG9\avgnsx.exe
C:\Program Files\NVIDIA Corporation\nTune\nTuneService.exe
C:\Program Files\Dell Support Center\bin\sprtsvc.exe
C:\WINDOWS\system32\svchost.exe -k imgsvc
C:\Program Files\Prevx\prevx.exe
C:\Program Files\AVG\AVG9\avgcsrvx.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Documents and Settings\John\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
C:\Documents and Settings\John\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
C:\Documents and Settings\John\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
C:\Documents and Settings\John\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
C:\Documents and Settings\John\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
C:\Documents and Settings\John\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
C:\Documents and Settings\John\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
C:\Documents and Settings\John\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
C:\Documents and Settings\John\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
C:\Documents and Settings\John\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
C:\Documents and Settings\John\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
C:\Documents and Settings\John\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
C:\Documents and Settings\John\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
C:\Documents and Settings\John\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
C:\Documents and Settings\John\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
C:\Documents and Settings\John\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
C:\Documents and Settings\John\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
C:\Documents and Settings\John\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
C:\Documents and Settings\John\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
C:\Documents and Settings\John\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
C:\Documents and Settings\John\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
C:\Documents and Settings\John\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
C:\Documents and Settings\John\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
C:\Documents and Settings\John\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
C:\Documents and Settings\John\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
C:\Documents and Settings\John\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
C:\Documents and Settings\John\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
C:\Documents and Settings\John\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
C:\Documents and Settings\John\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
C:\Documents and Settings\John\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
C:\Documents and Settings\John\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
C:\Documents and Settings\John\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
C:\Documents and Settings\John\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
C:\Documents and Settings\John\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
C:\Documents and Settings\John\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
C:\Documents and Settings\John\My Documents\Downloads\Defogger.exe
C:\Documents and Settings\John\Desktop\dds.scr

============== Pseudo HJT Report ===============

uStart Page = hxxp://partnerpage.google.com/smallbiz.dell.com/en_us?hl=en&client=dell-usuk&channel=us-smb&ibd=2080908
uDefault_Page_URL = partnerpage.google.com/smallbiz.dell.com/en_us?hl=en&client=dell-usuk&channel=us-smb&ibd=2080908
uSearch Bar =
uInternet Connection Wizard,ShellNext = iexplore
uInternet Settings,ProxyOverride = <local>
uSearchAssistant = hxxp://www.google.com/ie
uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
BHO: {02478D38-C3F9-4efb-9B51-7695ECA05670} - No File
BHO: HP Print Enhancer: {0347c33e-8762-4905-bf09-768834316c61} - c:\program files\hp\digital imaging\smart web printing\hpswp_printenhancer.dll
BHO: Adobe PDF Reader Link Helper: {06849e9f-c8d7-4d59-b87d-784b7d6be0b3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelper.dll
BHO: SafeOnline BHO: {69d72956-317c-44bd-b369-8e44d4ef9801} - c:\windows\system32\PxSecure.dll
BHO: HP Smart BHO Class: {ffffffff-cf4e-4f2b-bdc2-0e72e116a856} - c:\program files\hp\digital imaging\smart web printing\hpswp_BHO.dll
TB: {2318C2B1-4965-11D4-9B18-009027A5CD4F} - No File
TB: {EF99BD32-C1FB-11D2-892F-0090271D4F88} - No File
TB: {724D43A0-0D85-11D4-9908-00400523E39A} - No File
mRun: [iTunesHelper] "c:\program files\itunes\iTunesHelper.exe"
mRun: [ZoneAlarm Client] "c:\program files\zone labs\zonealarm\zlclient.exe"
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\hpdigi~1.lnk - c:\program files\hp\digital imaging\bin\hpqtra08.exe
IE: E&xport to Microsoft Excel - c:\progra~1\micros~2\office12\EXCEL.EXE/3000
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
IE: {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - {CAFEEFAC-0016-0000-0005-ABCDEFFEDCBC} - c:\program files\java\jre1.6.0_05\bin\ssv.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~2\office12\REFIEBAR.DLL
IE: {DDE87865-83C5-48c4-8357-2F5B1AA84522} - {DDE87865-83C5-48c4-8357-2F5B1AA84522} - c:\program files\hp\digital imaging\smart web printing\hpswp_BHO.dll
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_05-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0005-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_05-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_05-windows-i586.cab
Handler: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - c:\program files\avg\avg9\avgpp.dll
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - c:\progra~1\common~1\skype\SKYPE4~1.DLL
Notify: AtiExtEvent - Ati2evxx.dll
Notify: avgrsstarter - avgrsstx.dll
Notify: GoToAssist - c:\program files\citrix\gotoassist\514\G2AWinLogon.dll
AppInit_DLLs: c:\progra~1\google\google~2\GOEC62~1.DLL
SEH: Microsoft AntiMalware ShellExecuteHook: {091eb208-39dd-417d-a5dd-7e2c2d8fb9cb} - c:\progra~1\window~4\MpShHook.dll
Hosts: 127.0.0.1 www.spywareinfo.com

================= FIREFOX ===================

FF - ProfilePath - c:\docume~1\john\applic~1\mozilla\firefox\profiles\la6e4z40.default\
FF - prefs.js: browser.search.selectedEngine - Google
FF - prefs.js: keyword.URL - hxxp://search.search-tab.com/?sid=10101057100&s=
FF - component: c:\program files\avg\avg9\firefox\components\avgssff.dll
FF - plugin: c:\documents and settings\all users\application data\nexonus\ngm\npNxGameUS.dll
FF - plugin: c:\documents and settings\john\application data\move networks\plugins\npqmp071503000010.dll
FF - plugin: c:\documents and settings\john\application data\move networks\plugins\npqmp071701000002.dll
FF - plugin: c:\documents and settings\john\local settings\application data\google\update\1.2.183.29\npGoogleOneClick8.dll
FF - plugin: c:\program files\emusic download manager\plugin\npemusic.dll
FF - plugin: c:\program files\google\update\1.2.183.23\npGoogleOneClick8.dll
FF - plugin: c:\program files\mozilla firefox\plugins\npbittorrent.dll
FF - plugin: c:\program files\mozilla firefox\plugins\npViewpoint.dll
FF - HiddenExtension: Java Console: No Registry Reference - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0011-ABCDEFFEDCBA}

---- FIREFOX POLICIES ----
FF - user.js: browser.search.selectedEngine - Google
FF - user.js: browser.search.order.1 - Google
FF - user.js: keyword.URL - hxxp://search.search-tab.com/?sid=10101057100&s=c:\program files\mozilla firefox\greprefs\all.js - pref("ui.use_native_colors", true);
c:\program files\mozilla firefox\greprefs\all.js - pref("ui.use_native_popup_windows", false);
c:\program files\mozilla firefox\greprefs\all.js - pref("browser.enable_click_image_resizing", true);
c:\program files\mozilla firefox\greprefs\all.js - pref("accessibility.browsewithcaret_shortcut.enabled", true);
c:\program files\mozilla firefox\greprefs\all.js - pref("javascript.options.mem.high_water_mark", 32);
c:\program files\mozilla firefox\greprefs\all.js - pref("javascript.options.mem.gc_frequency", 1600);
c:\program files\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.lu", true);
c:\program files\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.nu", true);
c:\program files\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.nz", true);
c:\program files\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgbaam7a8h", true);
c:\program files\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgberp4a5d4ar", true);
c:\program files\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--p1ai", true);
c:\program files\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgbayh7gpa", true);
c:\program files\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.tel", true);
c:\program files\mozilla firefox\greprefs\all.js - pref("network.auth.force-generic-ntlm", false);
c:\program files\mozilla firefox\greprefs\all.js - pref("network.proxy.type", 5);
c:\program files\mozilla firefox\greprefs\all.js - pref("network.buffer.cache.count", 24);
c:\program files\mozilla firefox\greprefs\all.js - pref("network.buffer.cache.size", 4096);
c:\program files\mozilla firefox\greprefs\all.js - pref("dom.ipc.plugins.timeoutSecs", 45);
c:\program files\mozilla firefox\greprefs\all.js - pref("svg.smil.enabled", false);
c:\program files\mozilla firefox\greprefs\all.js - pref("ui.trackpoint_hack.enabled", -1);
c:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.debug", false);
c:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.agedWeight", 2);
c:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.bucketSize", 1);
c:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.maxTimeGroupings", 25);
c:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.timeGroupingSize", 604800);
c:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.boundaryWeight", 25);
c:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.prefixWeight", 5);
c:\program files\mozilla firefox\greprefs\all.js - pref("accelerometer.enabled", true);
c:\program files\mozilla firefox\greprefs\all.js - pref("html5.enable", false);
c:\program files\mozilla firefox\greprefs\security-prefs.js - pref("security.ssl.allow_unrestricted_renego_everywhere__temporarily_available_pref", true);
c:\program files\mozilla firefox\greprefs\security-prefs.js - pref("security.ssl.renego_unrestricted_hosts", "");
c:\program files\mozilla firefox\greprefs\security-prefs.js - pref("security.ssl.treat_unsafe_negotiation_as_broken", false);
c:\program files\mozilla firefox\greprefs\security-prefs.js - pref("security.ssl.require_safe_negotiation", false);
c:\program files\mozilla firefox\greprefs\security-prefs.js - pref("security.ssl3.rsa_seed_sha", true);
c:\program files\mozilla firefox\defaults\pref\firefox-branding.js - pref("app.update.download.backgroundInterval", 600);
c:\program files\mozilla firefox\defaults\pref\firefox-branding.js - pref("app.update.url.manual", "http://www.firefox.com");
c:\program files\mozilla firefox\defaults\pref\firefox-branding.js - pref("browser.search.param.yahoo-fr-ja", "mozff");
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.name", "chrome://browser/locale/browser.properties");
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.description", "chrome://browser/locale/browser.properties");
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("xpinstall.whitelist.add", "addons.mozilla.org");
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("xpinstall.whitelist.add.36", "getpersonas.com");
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("lightweightThemes.update.enabled", true);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("browser.allTabs.previews", false);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("plugins.hide_infobar_for_outdated_plugin", false);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("plugins.update.notifyUser", false);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("toolbar.customization.usesheet", false);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled.nptest.dll", true);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled.npswf32.dll", true);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled.npctrl.dll", true);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled.npqtplugin.dll", true);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled", false);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("browser.taskbar.previews.enable", false);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("browser.taskbar.previews.max", 20);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("browser.taskbar.previews.cachetime", 20);

============= SERVICES / DRIVERS ===============

R0 AvgRkx86;avgrkx86.sys;c:\windows\system32\drivers\avgrkx86.sys [2010-9-14 52872]
R0 pxscan;pxscan;c:\windows\system32\drivers\pxscan.sys [2010-9-19 30320]
R1 AvgLdx86;AVG AVI Loader Driver x86;c:\windows\system32\drivers\avgldx86.sys [2008-9-14 216400]
R1 AvgMfx86;AVG On-access Scanner Minifilter Driver x86;c:\windows\system32\drivers\avgmfx86.sys [2008-9-14 29584]
R1 AvgTdiX;AVG Network Redirector;c:\windows\system32\drivers\avgtdix.sys [2010-9-14 243024]
R1 vsdatant;vsdatant;c:\windows\system32\vsdatant.sys [2010-9-19 532224]
R1 ZDCNDIS5;ZDCNDIS5 NDIS5.1 Protocol Driver;c:\windows\system32\ZDCndis5.sys [2008-10-1 20736]
R2 avg9wd;AVG WatchDog;c:\program files\avg\avg9\avgwdsvc.exe [2010-9-14 308136]
R2 cpuz132;cpuz132;c:\windows\system32\drivers\cpuz132_x32.sys [2009-11-15 12672]
R2 CSIScanner;CSIScanner;c:\program files\prevx\prevx.exe [2010-9-19 6405168]
R2 pxrts;pxrts;c:\windows\system32\drivers\pxrts.sys [2010-9-19 73216]
R2 vsmon;TrueVector Internet Monitor;c:\windows\system32\zonelabs\vsmon.exe -service --> c:\windows\system32\zonelabs\vsmon.exe -service [?]
R3 pxkbf;pxkbf;c:\windows\system32\drivers\pxkbf.sys [2010-9-19 24400]
S0 cerc6;cerc6; [x]
S0 phqva;phqva; [x]
S2 gupdate;Google Update Service (gupdate);c:\program files\google\update\GoogleUpdate.exe [2010-6-27 136176]
S2 WinDefend;Windows Defender;c:\program files\windows defender\MsMpEng.exe [2006-11-3 13592]
S3 ASPI;Advanced SCSI Programming Interface Driver;c:\windows\system32\drivers\ASPI32.SYS [2008-10-5 16512]
S3 FirebirdServerMAGIXInstance;Firebird Server - MAGIX Instance;c:\program files\magix\common\database\bin\fbserver.exe [2009-8-22 1527900]
S3 RegGuard;RegGuard;c:\windows\system32\drivers\regguard.sys [2010-9-14 24416]
S3 SbieDrv;SbieDrv;c:\program files\sandboxie\SbieDrv.sys [2010-2-3 115432]

=============== Created Last 30 ================

2010-09-27 02:06:26 0 ----a-w- c:\documents and settings\john\defogger_reenable
2010-09-23 23:17:05 0 d-----w- c:\docume~1\john\applic~1\AVG9
2010-09-19 16:26:14 4212 ---ha-w- c:\windows\system32\zllictbl.dat
2010-09-19 16:25:43 0 d-----w- c:\program files\Zone Labs
2010-09-19 16:18:16 0 d-----w- c:\docume~1\john\applic~1\QuickScan
2010-09-19 16:04:01 70192 ----a-w- c:\windows\system32\PxSecure.dll
2010-09-19 16:03:58 73216 ----a-w- c:\windows\system32\drivers\pxrts.sys
2010-09-19 16:03:58 30320 ----a-w- c:\windows\system32\drivers\pxscan.sys
2010-09-19 16:03:55 24400 ----a-w- c:\windows\system32\drivers\pxkbf.sys
2010-09-19 16:03:52 0 d-----w- c:\program files\Prevx
2010-09-19 16:03:42 0 d-----w- c:\docume~1\alluse~1\applic~1\PrevxCSI
2010-09-19 14:35:37 0 ---ha-w- c:\windows\system32\drivers\Msft_Kernel_NuidFltr_01005.Wdf
2010-09-19 14:35:33 0 ---ha-w- c:\windows\system32\drivers\MsftWdf_Kernel_01005_Coinstaller_Critical.Wdf
2010-09-19 14:32:13 21504 ----a-w- c:\windows\system32\drivers\hidserv.dll
2010-09-14 23:26:39 0 d--h--w- C:\$AVG
2010-09-14 23:25:14 52872 ----a-w- c:\windows\system32\drivers\avgrkx86.sys
2010-09-14 23:25:12 243024 ----a-w- c:\windows\system32\drivers\avgtdix.sys
2010-09-14 23:23:45 0 d-----w- c:\docume~1\alluse~1\applic~1\avg9
2010-09-14 20:00:24 732 ----a-w- c:\windows\system32\.crusader
2010-09-14 19:48:22 24416 ----a-w- c:\windows\system32\drivers\regguard.sys
2010-09-14 19:44:35 2 --shatr- c:\windows\winstart.bat
2010-09-14 19:43:57 12808 ----a-w- c:\windows\system32\drivers\UnHackMeDrv.sys
2010-09-14 19:43:51 0 d-----w- c:\program files\UnHackMe
2010-09-14 19:40:33 16968 ----a-w- c:\windows\system32\drivers\hitmanpro35.sys
2010-09-14 19:40:17 0 d-----w- c:\docume~1\alluse~1\applic~1\Hitman Pro
2010-09-14 19:40:13 0 d-----w- c:\program files\Hitman Pro 3.5
2010-09-14 05:02:55 0 d-----w- c:\docume~1\john\applic~1\Malwarebytes
2010-09-14 05:02:49 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2010-09-14 05:02:47 20952 ----a-w- c:\windows\system32\drivers\mbam.sys
2010-09-14 05:02:47 0 d-----w- c:\program files\Malwarebytes' Anti-Malware
2010-09-14 05:02:47 0 d-----w- c:\docume~1\alluse~1\applic~1\Malwarebytes
2010-09-14 04:12:29 112 ----a-w- c:\docume~1\alluse~1\applic~1\ndeOJDg.dat
2010-09-03 04:43:18 0 d-----w- C:\Games
2010-09-03 04:17:02 409600 ----a-w- c:\windows\system32\wrap_oal.dll
2010-09-03 04:17:02 192512 ----a-w- c:\windows\system32\VisionManaged.dll
2010-09-03 04:17:01 1347584 ----a-w- c:\windows\system32\vision71.dll
2010-09-03 04:17:00 352256 ----a-w- c:\windows\system32\VGeom71.dll
2010-09-03 04:17:00 139264 ----a-w- c:\windows\system32\VBaseUI80.dll
2010-09-03 04:17:00 131072 ----a-w- c:\windows\system32\VBaseUI71.dll
2010-09-03 04:16:59 1085440 ----a-w- c:\windows\system32\vBase80.dll
2010-09-03 04:16:58 1040384 ----a-w- c:\windows\system32\vBase71.dll
2010-09-03 04:16:56 86016 ----a-w- c:\windows\system32\NxExtensions.dll
2010-09-03 04:16:56 386600 ----a-w- c:\windows\system32\PhysXCooking.dll
2010-09-03 04:16:56 2768896 ----a-w- c:\windows\system32\PhysXCore.dll
2010-09-03 04:16:56 114688 ----a-w- c:\windows\system32\OpenAL32.dll
2010-09-03 04:16:55 356352 ----a-w- c:\windows\system32\NxCooking.dll
2010-09-03 04:16:55 126976 ----a-w- c:\windows\system32\NxCharacter.dll
2010-09-03 04:16:50 325120 ----a-w- c:\windows\system32\libsndfile-1.dll
2010-09-03 04:16:42 3801448 ----a-w- c:\windows\system32\d3dx9d_34.dll
2010-09-03 04:12:43 0 d-----w- c:\program files\Nobilis
2010-09-03 04:03:55 0 d-----w- c:\docume~1\john\applic~1\Armagetron
2010-09-03 03:57:41 0 d-----w- c:\program files\Crayon Physics Deluxe
2010-09-03 03:55:57 0 d-----w- c:\program files\Garage Games
2010-09-03 03:05:12 0 d-----w- c:\program files\Armagetron Advanced
2010-09-03 03:05:12 0 d-----w- c:\docume~1\alluse~1\applic~1\Armagetron
2010-09-02 18:35:10 43520 ----a-w- c:\windows\system32\CmdLineExt03.dll
2010-09-02 18:26:12 0 d-----w- C:\UT2004

==================== Find3M ====================

2010-09-16 02:41:30 138496 ----a-w- c:\windows\system32\drivers\afd.sys
2010-09-14 23:26:19 12536 ----a-w- c:\windows\system32\avgrsstx.dll
2010-09-14 23:25:12 216400 ----a-w- c:\windows\system32\drivers\avgldx86.sys
2010-08-17 13:17:06 58880 ----a-w- c:\windows\system32\spoolsv.exe
2010-08-15 18:15:12 0 ----a-w- c:\docume~1\alluse~1\applic~1\PKP_DLbx.DAT
2010-08-15 18:12:41 20 ---h--w- c:\docume~1\alluse~1\applic~1\PKP_DLdw.DAT
2010-08-15 18:11:23 20 ---h--w- c:\docume~1\alluse~1\applic~1\PKP_DLdu.DAT
2010-08-15 18:11:19 106496 ----a-w- c:\windows\system32\ATL71.DLL
2010-07-22 15:49:15 590848 ----a-w- c:\windows\system32\rpcrt4.dll
2010-07-22 05:57:20 5120 ----a-w- c:\windows\system32\xpsp4res.dll
2010-06-30 12:31:35 149504 ----a-w- c:\windows\system32\schannel.dll
2010-04-20 21:25:38 2670592 --sh--w- c:\windows\Winterbottom.exe

============= FINISH: 22:14:34.89 ===============




Attached Files



BC AdBot (Login to Remove)

 


#2 Shannon2012

Shannon2012

  • Security Colleague
  • 3,657 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:North Carolina, USA
  • Local time:11:41 PM

Posted 01 October 2010 - 04:31 PM


Hello and welcome to Bleeping Computer

We apologize for the delay in responding to your request for help. Here at Bleeping Computer we get overwhelmed at times, and we are trying our best to keep up. Please note that your topic was not intentionally overlooked. Our mission is to help everyone in need, but sometimes it takes just a little longer to get to every request for help. No one is ignored here.

If you have since resolved the original problem you were having, we would appreciate you letting us know. If not please perform the following steps below so we can have a look at the current condition of your machine.

If you have not done so, include a clear description of the problems you're having, along with any steps you may have performed so far.

Upon completing the steps below another staff member will review and take the steps necessary with you to get your machine back in working order clean and free of malware.

If you have already posted a DDS log, please do so again, as your situation may have changed.
Use the 'Add Reply' and add the new log to this thread.

Thanks and again sorry for the delay.

We need to see some information about what is happening in your machine. Please perform the following scan:
  • Download DDS by sUBs from one of the following links. Save it to your desktop.
  • Double click on the DDS icon, allow it to run.
  • A small box will open, with an explaination about the tool. No input is needed, the scan is running.
  • Notepad will open with the results.
  • Follow the instructions that pop up for posting the results.
  • Close the program window, and delete the program from your desktop.
Please note: You may have to disable any script protection running if the scan fails to run. After downloading the tool, disconnect from the internet and disable all antivirus protection. Run the scan, enable your A/V and reconnect to the internet.

Information on A/V control HERE

We also need a new log from the GMER anti-rootkit scanner. Please first disable any CD emulation programs using the steps found in this topic:

Why we request you disable CD Emulation when receiving Malware Removal Advice

Then create another GMER log and post it as an attachment to the reply where you post your new DDS log. Instructions on how to properly create a GMER log can be found here:

How to create a GMER log


Shannon

#3 LilJohnAY

LilJohnAY
  • Topic Starter

  • Members
  • 19 posts
  • OFFLINE
  •  
  • Local time:11:41 PM

Posted 02 October 2010 - 12:25 AM

The delay is fine. I understand much time is needed for all helpers to go out of their way and examine everyone's problems.

I have still had no luck with the GMER scan, though. I tried yet again, and it froze when I began the scan. Once I finally terminated the program, it would not open again. So I restarted my computer, and repeated the same process. X_X

But on a (hopefully) lighter note,
here is the new DDS log:




DDS (Ver_10-03-17.01) - NTFSx86
Run by John at 1:33:10.75 on Sat 10/02/2010
Internet Explorer: 8.0.6001.18702 BrowserJavaVersion: 1.6.0_05
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.3325.2599 [GMT -4:00]

AV: AVG Anti-Virus *On-access scanning enabled* (Updated) {17DDD097-36FF-435F-9E1B-52D74245D6BF}
FW: ZoneAlarm Firewall *enabled* {829BDA32-94B3-44F4-8446-F8FCFF809F8B}

============== Running Processes ===============

C:\WINDOWS\system32\svchost -k DcomLaunch
svchost.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
svchost.exe
svchost.exe
C:\WINDOWS\system32\ZoneLabs\vsmon.exe
C:\Program Files\AVG\AVG9\avgchsvx.exe
C:\Program Files\AVG\AVG9\avgrsx.exe
C:\Program Files\AVG\AVG9\avgcsrvx.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
c:\program files\common files\logishrd\lvmvfm\LVPrcSrv.exe
svchost.exe
C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACService.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
C:\Program Files\AVG\AVG9\avgwdsvc.exe
C:\WINDOWS\system32\svchost.exe -k hpdevmgmt
C:\Program Files\AVG\AVG9\avgam.exe
C:\Program Files\AVG\AVG9\avgnsx.exe
C:\WINDOWS\system32\svchost.exe -k HPService
C:\Program Files\NVIDIA Corporation\nTune\nTuneService.exe
C:\Program Files\Dell Support Center\bin\sprtsvc.exe
C:\WINDOWS\system32\svchost.exe -k imgsvc
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\AVG\AVG9\avgcsrvx.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Documents and Settings\John\Desktop\dds.scr

============== Pseudo HJT Report ===============

uStart Page = hxxp://partnerpage.google.com/smallbiz.dell.com/en_us?hl=en&client=dell-usuk&channel=us-smb&ibd=2080908
uDefault_Page_URL = partnerpage.google.com/smallbiz.dell.com/en_us?hl=en&client=dell-usuk&channel=us-smb&ibd=2080908
uSearch Bar =
uInternet Connection Wizard,ShellNext = iexplore
uInternet Settings,ProxyOverride = <local>
uSearchAssistant = hxxp://www.google.com/ie
uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
BHO: {02478D38-C3F9-4efb-9B51-7695ECA05670} - No File
BHO: HP Print Enhancer: {0347c33e-8762-4905-bf09-768834316c61} - c:\program files\hp\digital imaging\smart web printing\hpswp_printenhancer.dll
BHO: Adobe PDF Reader Link Helper: {06849e9f-c8d7-4d59-b87d-784b7d6be0b3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelper.dll
BHO: SafeOnline BHO: {69d72956-317c-44bd-b369-8e44d4ef9801} - c:\windows\system32\PxSecure.dll
BHO: HP Smart BHO Class: {ffffffff-cf4e-4f2b-bdc2-0e72e116a856} - c:\program files\hp\digital imaging\smart web printing\hpswp_BHO.dll
TB: {2318C2B1-4965-11D4-9B18-009027A5CD4F} - No File
TB: {EF99BD32-C1FB-11D2-892F-0090271D4F88} - No File
TB: {724D43A0-0D85-11D4-9908-00400523E39A} - No File
mRun: [iTunesHelper] "c:\program files\itunes\iTunesHelper.exe"
mRun: [ZoneAlarm Client] "c:\program files\zone labs\zonealarm\zlclient.exe"
mRun: [dellsupportcenter] "c:\program files\dell support center\bin\sprtcmd.exe" /P dellsupportcenter
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\hpdigi~1.lnk - c:\program files\hp\digital imaging\bin\hpqtra08.exe
IE: E&xport to Microsoft Excel - c:\progra~1\micros~2\office12\EXCEL.EXE/3000
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
IE: {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - {CAFEEFAC-0016-0000-0005-ABCDEFFEDCBC} - c:\program files\java\jre1.6.0_05\bin\ssv.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~2\office12\REFIEBAR.DLL
IE: {DDE87865-83C5-48c4-8357-2F5B1AA84522} - {DDE87865-83C5-48c4-8357-2F5B1AA84522} - c:\program files\hp\digital imaging\smart web printing\hpswp_BHO.dll
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_05-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0005-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_05-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_05-windows-i586.cab
Handler: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - c:\program files\avg\avg9\avgpp.dll
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - c:\progra~1\common~1\skype\SKYPE4~1.DLL
Notify: AtiExtEvent - Ati2evxx.dll
Notify: avgrsstarter - avgrsstx.dll
Notify: GoToAssist - c:\program files\citrix\gotoassist\514\G2AWinLogon.dll
AppInit_DLLs: c:\progra~1\google\google~2\GOEC62~1.DLL
SEH: Microsoft AntiMalware ShellExecuteHook: {091eb208-39dd-417d-a5dd-7e2c2d8fb9cb} - c:\progra~1\window~4\MpShHook.dll
Hosts: 127.0.0.1 www.spywareinfo.com

================= FIREFOX ===================

FF - ProfilePath - c:\docume~1\john\applic~1\mozilla\firefox\profiles\la6e4z40.default\
FF - prefs.js: browser.search.selectedEngine - Google
FF - prefs.js: keyword.URL - hxxp://search.search-tab.com/?sid=10101057100&s=
FF - component: c:\program files\avg\avg9\firefox\components\avgssff.dll
FF - plugin: c:\documents and settings\all users\application data\nexonus\ngm\npNxGameUS.dll
FF - plugin: c:\documents and settings\john\application data\move networks\plugins\npqmp071503000010.dll
FF - plugin: c:\documents and settings\john\application data\move networks\plugins\npqmp071701000002.dll
FF - plugin: c:\documents and settings\john\local settings\application data\google\update\1.2.183.29\npGoogleOneClick8.dll
FF - plugin: c:\program files\emusic download manager\plugin\npemusic.dll
FF - plugin: c:\program files\google\update\1.2.183.23\npGoogleOneClick8.dll
FF - plugin: c:\program files\mozilla firefox\plugins\npbittorrent.dll
FF - plugin: c:\program files\mozilla firefox\plugins\npViewpoint.dll
FF - HiddenExtension: Java Console: No Registry Reference - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0011-ABCDEFFEDCBA}

---- FIREFOX POLICIES ----
FF - user.js: browser.search.selectedEngine - Google
FF - user.js: browser.search.order.1 - Google
FF - user.js: keyword.URL - hxxp://search.search-tab.com/?sid=10101057100&s=c:\program files\mozilla firefox\greprefs\all.js - pref("ui.use_native_colors", true);
c:\program files\mozilla firefox\greprefs\all.js - pref("ui.use_native_popup_windows", false);
c:\program files\mozilla firefox\greprefs\all.js - pref("browser.enable_click_image_resizing", true);
c:\program files\mozilla firefox\greprefs\all.js - pref("accessibility.browsewithcaret_shortcut.enabled", true);
c:\program files\mozilla firefox\greprefs\all.js - pref("javascript.options.mem.high_water_mark", 32);
c:\program files\mozilla firefox\greprefs\all.js - pref("javascript.options.mem.gc_frequency", 1600);
c:\program files\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.lu", true);
c:\program files\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.nu", true);
c:\program files\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.nz", true);
c:\program files\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgbaam7a8h", true);
c:\program files\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgberp4a5d4ar", true);
c:\program files\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--p1ai", true);
c:\program files\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgbayh7gpa", true);
c:\program files\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.tel", true);
c:\program files\mozilla firefox\greprefs\all.js - pref("network.auth.force-generic-ntlm", false);
c:\program files\mozilla firefox\greprefs\all.js - pref("network.proxy.type", 5);
c:\program files\mozilla firefox\greprefs\all.js - pref("network.buffer.cache.count", 24);
c:\program files\mozilla firefox\greprefs\all.js - pref("network.buffer.cache.size", 4096);
c:\program files\mozilla firefox\greprefs\all.js - pref("dom.ipc.plugins.timeoutSecs", 45);
c:\program files\mozilla firefox\greprefs\all.js - pref("svg.smil.enabled", false);
c:\program files\mozilla firefox\greprefs\all.js - pref("ui.trackpoint_hack.enabled", -1);
c:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.debug", false);
c:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.agedWeight", 2);
c:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.bucketSize", 1);
c:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.maxTimeGroupings", 25);
c:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.timeGroupingSize", 604800);
c:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.boundaryWeight", 25);
c:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.prefixWeight", 5);
c:\program files\mozilla firefox\greprefs\all.js - pref("accelerometer.enabled", true);
c:\program files\mozilla firefox\greprefs\security-prefs.js - pref("security.ssl.allow_unrestricted_renego_everywhere__temporarily_available_pref", true);
c:\program files\mozilla firefox\greprefs\security-prefs.js - pref("security.ssl.renego_unrestricted_hosts", "");
c:\program files\mozilla firefox\greprefs\security-prefs.js - pref("security.ssl.treat_unsafe_negotiation_as_broken", false);
c:\program files\mozilla firefox\greprefs\security-prefs.js - pref("security.ssl.require_safe_negotiation", false);
c:\program files\mozilla firefox\greprefs\security-prefs.js - pref("security.ssl3.rsa_seed_sha", true);
c:\program files\mozilla firefox\defaults\pref\firefox-branding.js - pref("app.update.download.backgroundInterval", 600);
c:\program files\mozilla firefox\defaults\pref\firefox-branding.js - pref("app.update.url.manual", "http://www.firefox.com");
c:\program files\mozilla firefox\defaults\pref\firefox-branding.js - pref("browser.search.param.yahoo-fr-ja", "mozff");
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.name", "chrome://browser/locale/browser.properties");
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.description", "chrome://browser/locale/browser.properties");
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("xpinstall.whitelist.add", "addons.mozilla.org");
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("xpinstall.whitelist.add.36", "getpersonas.com");
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("lightweightThemes.update.enabled", true);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("browser.allTabs.previews", false);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("plugins.hide_infobar_for_outdated_plugin", false);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("plugins.update.notifyUser", false);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("toolbar.customization.usesheet", false);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled.nptest.dll", true);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled.npswf32.dll", true);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled.npctrl.dll", true);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled.npqtplugin.dll", true);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled", false);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("browser.taskbar.previews.enable", false);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("browser.taskbar.previews.max", 20);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("browser.taskbar.previews.cachetime", 20);

============= SERVICES / DRIVERS ===============

R0 AvgRkx86;avgrkx86.sys;c:\windows\system32\drivers\avgrkx86.sys [2010-9-14 52872]
R0 pxscan;pxscan;c:\windows\system32\drivers\pxscan.sys [2010-9-19 30320]
R1 AvgLdx86;AVG AVI Loader Driver x86;c:\windows\system32\drivers\avgldx86.sys [2008-9-14 216400]
R1 AvgMfx86;AVG On-access Scanner Minifilter Driver x86;c:\windows\system32\drivers\avgmfx86.sys [2008-9-14 29584]
R1 AvgTdiX;AVG Network Redirector;c:\windows\system32\drivers\avgtdix.sys [2010-9-14 243024]
R1 vsdatant;vsdatant;c:\windows\system32\vsdatant.sys [2010-9-19 532224]
R1 ZDCNDIS5;ZDCNDIS5 NDIS5.1 Protocol Driver;c:\windows\system32\ZDCndis5.sys [2008-10-1 20736]
R2 avg9wd;AVG WatchDog;c:\program files\avg\avg9\avgwdsvc.exe [2010-9-14 308136]
R2 cpuz132;cpuz132;c:\windows\system32\drivers\cpuz132_x32.sys [2009-11-15 12672]
R2 pxrts;pxrts;c:\windows\system32\drivers\pxrts.sys [2010-9-19 73216]
R2 vsmon;TrueVector Internet Monitor;c:\windows\system32\zonelabs\vsmon.exe -service --> c:\windows\system32\zonelabs\vsmon.exe -service [?]
R3 pxkbf;pxkbf;c:\windows\system32\drivers\pxkbf.sys [2010-9-19 24400]
S0 cerc6;cerc6; [x]
S0 phqva;phqva; [x]
S2 CSIScanner;CSIScanner;c:\program files\prevx\prevx.exe [2010-9-19 6405168]
S2 gupdate;Google Update Service (gupdate);c:\program files\google\update\GoogleUpdate.exe [2010-6-27 136176]
S2 WinDefend;Windows Defender;c:\program files\windows defender\MsMpEng.exe [2006-11-3 13592]
S3 ASPI;Advanced SCSI Programming Interface Driver;c:\windows\system32\drivers\ASPI32.SYS [2008-10-5 16512]
S3 FirebirdServerMAGIXInstance;Firebird Server - MAGIX Instance;c:\program files\magix\common\database\bin\fbserver.exe [2009-8-22 1527900]
S3 RegGuard;RegGuard;c:\windows\system32\drivers\regguard.sys [2010-9-14 24416]
S3 SbieDrv;SbieDrv;c:\program files\sandboxie\SbieDrv.sys [2010-2-3 115432]

=============== Created Last 30 ================

2010-10-02 03:52:22 0 d-sh--w- C:\found.000
2010-09-27 02:06:26 0 ----a-w- c:\documents and settings\john\defogger_reenable
2010-09-23 23:17:05 0 d-----w- c:\docume~1\john\applic~1\AVG9
2010-09-19 16:26:14 4212 ---ha-w- c:\windows\system32\zllictbl.dat
2010-09-19 16:25:43 0 d-----w- c:\program files\Zone Labs
2010-09-19 16:18:16 0 d-----w- c:\docume~1\john\applic~1\QuickScan
2010-09-19 16:04:01 70192 ----a-w- c:\windows\system32\PxSecure.dll
2010-09-19 16:03:58 73216 ----a-w- c:\windows\system32\drivers\pxrts.sys
2010-09-19 16:03:58 30320 ----a-w- c:\windows\system32\drivers\pxscan.sys
2010-09-19 16:03:55 24400 ----a-w- c:\windows\system32\drivers\pxkbf.sys
2010-09-19 16:03:52 0 d-----w- c:\program files\Prevx
2010-09-19 16:03:42 0 d-----w- c:\docume~1\alluse~1\applic~1\PrevxCSI
2010-09-19 14:35:37 0 ---ha-w- c:\windows\system32\drivers\Msft_Kernel_NuidFltr_01005.Wdf
2010-09-19 14:35:33 0 ---ha-w- c:\windows\system32\drivers\MsftWdf_Kernel_01005_Coinstaller_Critical.Wdf
2010-09-19 14:32:13 21504 ----a-w- c:\windows\system32\drivers\hidserv.dll
2010-09-14 23:26:39 0 d--h--w- C:\$AVG
2010-09-14 23:25:14 52872 ----a-w- c:\windows\system32\drivers\avgrkx86.sys
2010-09-14 23:25:12 243024 ----a-w- c:\windows\system32\drivers\avgtdix.sys
2010-09-14 23:23:45 0 d-----w- c:\docume~1\alluse~1\applic~1\avg9
2010-09-14 20:00:24 732 ----a-w- c:\windows\system32\.crusader
2010-09-14 19:48:22 24416 ----a-w- c:\windows\system32\drivers\regguard.sys
2010-09-14 19:44:35 2 --shatr- c:\windows\winstart.bat
2010-09-14 19:43:57 12808 ----a-w- c:\windows\system32\drivers\UnHackMeDrv.sys
2010-09-14 19:43:51 0 d-----w- c:\program files\UnHackMe
2010-09-14 19:40:33 16968 ----a-w- c:\windows\system32\drivers\hitmanpro35.sys
2010-09-14 19:40:17 0 d-----w- c:\docume~1\alluse~1\applic~1\Hitman Pro
2010-09-14 19:40:13 0 d-----w- c:\program files\Hitman Pro 3.5
2010-09-14 05:02:55 0 d-----w- c:\docume~1\john\applic~1\Malwarebytes
2010-09-14 05:02:49 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2010-09-14 05:02:47 20952 ----a-w- c:\windows\system32\drivers\mbam.sys
2010-09-14 05:02:47 0 d-----w- c:\program files\Malwarebytes' Anti-Malware
2010-09-14 05:02:47 0 d-----w- c:\docume~1\alluse~1\applic~1\Malwarebytes
2010-09-14 04:12:29 112 ----a-w- c:\docume~1\alluse~1\applic~1\ndeOJDg.dat
2010-09-03 04:43:18 0 d-----w- C:\Games
2010-09-03 04:17:02 409600 ----a-w- c:\windows\system32\wrap_oal.dll
2010-09-03 04:17:02 192512 ----a-w- c:\windows\system32\VisionManaged.dll
2010-09-03 04:17:01 1347584 ----a-w- c:\windows\system32\vision71.dll
2010-09-03 04:17:00 352256 ----a-w- c:\windows\system32\VGeom71.dll
2010-09-03 04:17:00 139264 ----a-w- c:\windows\system32\VBaseUI80.dll
2010-09-03 04:17:00 131072 ----a-w- c:\windows\system32\VBaseUI71.dll
2010-09-03 04:16:59 1085440 ----a-w- c:\windows\system32\vBase80.dll
2010-09-03 04:16:58 1040384 ----a-w- c:\windows\system32\vBase71.dll
2010-09-03 04:16:56 86016 ----a-w- c:\windows\system32\NxExtensions.dll
2010-09-03 04:16:56 386600 ----a-w- c:\windows\system32\PhysXCooking.dll
2010-09-03 04:16:56 2768896 ----a-w- c:\windows\system32\PhysXCore.dll
2010-09-03 04:16:56 114688 ----a-w- c:\windows\system32\OpenAL32.dll
2010-09-03 04:16:55 356352 ----a-w- c:\windows\system32\NxCooking.dll
2010-09-03 04:16:55 126976 ----a-w- c:\windows\system32\NxCharacter.dll
2010-09-03 04:16:50 325120 ----a-w- c:\windows\system32\libsndfile-1.dll
2010-09-03 04:16:42 3801448 ----a-w- c:\windows\system32\d3dx9d_34.dll
2010-09-03 04:12:43 0 d-----w- c:\program files\Nobilis
2010-09-03 04:03:55 0 d-----w- c:\docume~1\john\applic~1\Armagetron
2010-09-03 03:57:41 0 d-----w- c:\program files\Crayon Physics Deluxe
2010-09-03 03:55:57 0 d-----w- c:\program files\Garage Games
2010-09-03 03:05:12 0 d-----w- c:\program files\Armagetron Advanced
2010-09-03 03:05:12 0 d-----w- c:\docume~1\alluse~1\applic~1\Armagetron
2010-09-02 18:35:10 43520 ----a-w- c:\windows\system32\CmdLineExt03.dll
2010-09-02 18:26:12 0 d-----w- C:\UT2004

==================== Find3M ====================

2010-09-16 02:41:30 138496 ----a-w- c:\windows\system32\drivers\afd.sys
2010-09-14 23:26:19 12536 ----a-w- c:\windows\system32\avgrsstx.dll
2010-09-14 23:25:12 216400 ----a-w- c:\windows\system32\drivers\avgldx86.sys
2010-08-17 13:17:06 58880 ----a-w- c:\windows\system32\spoolsv.exe
2010-08-15 18:15:12 0 ----a-w- c:\docume~1\alluse~1\applic~1\PKP_DLbx.DAT
2010-08-15 18:12:41 20 ---h--w- c:\docume~1\alluse~1\applic~1\PKP_DLdw.DAT
2010-08-15 18:11:23 20 ---h--w- c:\docume~1\alluse~1\applic~1\PKP_DLdu.DAT
2010-08-15 18:11:19 106496 ----a-w- c:\windows\system32\ATL71.DLL
2010-07-22 15:49:15 590848 ----a-w- c:\windows\system32\rpcrt4.dll
2010-07-22 05:57:20 5120 ----a-w- c:\windows\system32\xpsp4res.dll
2010-04-20 21:25:38 2670592 --sh--w- c:\windows\Winterbottom.exe

============= FINISH: 1:33:45.23 ===============

Attached Files


Edited by LilJohnAY, 02 October 2010 - 12:34 AM.


#4 Shannon2012

Shannon2012

  • Security Colleague
  • 3,657 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:North Carolina, USA
  • Local time:11:41 PM

Posted 03 October 2010 - 05:18 PM

Hi, LilJohnAY-

Welcome to Bleeping Computer.

My name is Shannon and I will be working with you to remove the malware that is on your machine.

I apologize for the delay in replying to your post, but this forum is extremely busy.

There may be a delay in my response to your posts as I am still currently in training. I will be helping you with supervision of the teachers and they will approve every posts before I present them to you.

Please don't make any further changes or run any other tools unless instructed to. Additional changes may hinder the cleaning of your machine.

When asked to copy logs or reports into your reply, please copy them directly into your reply. Do not include them in quotes. Do not attach them unless asked to do so. In Notepad, please turn off Word Wrap under the Format menu.

Please Track this topic - On the top right on this tread, click on the Option button, and, in the drop-down list, click on 'Track this topic'. Under Subscription Information, click on 'Immediate Email Notification' and then click on the Proceed button at the bottom.

Please give me some time to look over your log. I will post the reply as soon as possible.

Shannon

#5 Shannon2012

Shannon2012

  • Security Colleague
  • 3,657 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:North Carolina, USA
  • Local time:11:41 PM

Posted 05 October 2010 - 10:12 AM

Hi-

Thanks for the logs, but we do need to look deeper into your system. Since GMER locks up, we will try Rootkit Unhooker (RKU).

First though, your logs show that you are using peer-to-peer (P2P) or file-sharing programs like uTorrent.
    These programs allow to share files between users as the name(s) suggest. In today's world, the cyber crime has grown to an enormous business and any means is used to infect personal computers and to make use of their stored data or machine power for further propagation of the malware files. A popular means is the use of file-sharing tools as a tremendous amount of prospective victims can be reached through it.

    It is therefore possible to be infected by downloading manipulated files via peer-to-peer tools and thus suggested to be used with intense care. Some further readings on this subject - Risks of File-Sharing Technology

    It is pretty much certain that if you continue to use P2P programs, you will get infected again.

    I would recommend that you uninstall uTorrent, however that choice is up to you. If you choose to remove this program, you can do so via Start > Control Panel > Add/Remove Programs.

Next, scan With RKUnHooker
  • Rootkit Unhooker and save it to your desktop.
  • Now double-click on RKUnhookerLE.exe to run it.
  • Click the Report tab, then click Scan.
  • Check (Tick) Drivers, Stealth. Uncheck the rest. then Click OK.
  • Wait till the scanner has finished and then click File, Save Report.
  • Save the report somewhere where you can find it. Click Close.

    Copy the entire contents of the report and paste it in your reply.
Note** you may get this warning it is ok, just ignore
"Rootkit Unhooker has detected a parasite inside itself!
It is recommended to remove parasite, okay?"

Please run Malwarebytes' Anti-Malware (MBAM)
  • Click on the Update tab and click the Check for Updates button.
  • When the update is finished, click on the Scanner tab.
  • Select "Perform Full Scan", then click Scan.
  • The scan may take some time to finish,so please be patient.
  • When the scan is complete, click OK, then Show Results to view the results.
  • Make sure that everything is checked, and click Remove Selected.
  • When disinfection is completed, a log will open in Notepad and you may be prompted to Restart.
  • The log is automatically saved by MBAM and can be viewed by clicking the Logs tab in MBAM.
  • Copy & Paste the entire report in your next reply.
Please download MBRCheck by clicking here and save it to your desktop.
  • Be sure to disable your security programs.
  • Double click on the file to run it (Vista and Windows 7 users will have to confirm the UAC prompt).
  • A window will open on your desktop.
  • If an unknown bootcode is found you will have further options available to you, at this time press N then press Enter twice.
  • If nothing unusual is found just press Enter.
  • A .txt file named MBRCheck_mm.dd.yy_hh.mm.txt should appear on your desktop.
  • Please post the contents of that file in your next reply.
We need to create an OTL Report
  • Please download OTL from here:
  • Main Mirror
  • Save it to your desktop.
  • Double click on the icon on your desktop.
  • Click the "Scan All Users" checkbox.
  • Change the "Extra Registry" option to "Use SafeList"
  • Under the Custom Scan box paste in the contents of the CODE box.
    CODE
    netsvcs
    %SYSTEMDRIVE%\*.exe
    %ALLUSERSPROFILE%\Application Data\*.exe /s
    /md5start
    eventlog.dll
    scecli.dll
    netlogon.dll
    cngaudit.dll
    sceclt.dll
    ntelogon.dll
    logevent.dll
    iaStor.sys
    nvstor.sys
    atapi.sys
    IdeChnDr.sys
    viasraid.sys
    AGP440.sys
    vaxscsi.sys
    nvatabus.sys
    viamraid.sys
    nvata.sys
    nvgts.sys
    iastorv.sys
    ViPrt.sys
    eNetHook.dll
    ahcix86.sys
    KR10N.sys
    nvstor32.sys
    ahcix86s.sys
    nvrd32.sys
    symmpi.sys
    adp3132.sys
    /md5stop
    %systemroot%\*. /mp /s
    CREATERESTOREPOINT
    %systemroot%\system32\*.dll /lockedfiles
    %systemroot%\Tasks\*.job /lockedfiles
  • Push the button.
  • Two reports will open, copy and paste them into your reply:
  • OTL.txt <-- Will be opened
  • Extra.txt <-- Will be minimized

In your reply, Please copy in the RKU, MBAM, and MBRCheck reports plus the two OTL reports. I would also like to see the TDSSKiller report from the run that removed the TDL3 infection. It should be in the root folder - C:\TDSSKiller[date time stamp].txt. Also, send me a copy of the MBAM report that you ran on 9/14. When you have MBAM open, you will find it under the Logs tab.

Thanks.
Shannon

#6 LilJohnAY

LilJohnAY
  • Topic Starter

  • Members
  • 19 posts
  • OFFLINE
  •  
  • Local time:11:41 PM

Posted 05 October 2010 - 11:14 PM

I did as you suggested and uninstalled uTorrent. Definitely do not want to have this happen again. X_X

But here are all the logs. MBAM detected one file of something like "Spyware.Passwords". So I'm glad that's gone.

RKUnhooker:

RkU Version: 3.8.388.590, Type LE (SR2)
==============================================
OS Name: Windows XP
Version 5.1.2600 (Service Pack 3)
Number of processors #4
==============================================
>Drivers
==============================================
0xA4B9A000 C:\WINDOWS\system32\drivers\RtkHDAud.sys 4796416 bytes (Realtek Semiconductor Corp., Realtek® High Definition Audio Function Driver)
0xB88CA000 C:\WINDOWS\system32\DRIVERS\ati2mtag.sys 4734976 bytes (ATI Technologies Inc., ATI Radeon WindowsNT Miniport Driver)
0xA5145000 C:\WINDOWS\system32\drivers\RtKHDMI.sys 4243456 bytes (Realtek Semiconductor Corp., Realtek® High Definition Audio Function Driver)
0xBF1F7000 C:\WINDOWS\System32\ati3duag.dll 3284992 bytes (ATI Technologies Inc. , ati3duag.dll)
0x804D7000 C:\WINDOWS\system32\ntkrnlpa.exe 2150400 bytes (Microsoft Corporation, NT Kernel & System)
0x804D7000 PnpManager 2150400 bytes
0x804D7000 RAW 2150400 bytes
0x804D7000 WMIxWDM 2150400 bytes
0xBF519000 C:\WINDOWS\System32\ativvaxx.dll 2056192 bytes (ATI Technologies Inc. , Radeon Video Acceleration Universal Driver)
0x9F8A1000 C:\WINDOWS\system32\DRIVERS\LVMVDrv.sys 1957888 bytes (Logitech Inc., Logitech Machine Vision Engine Loader)
0xBF800000 Win32k 1855488 bytes
0xBF800000 C:\WINDOWS\System32\win32k.sys 1855488 bytes (Microsoft Corporation, Multi-User Win32 Driver)
0x9F621000 C:\WINDOWS\system32\DRIVERS\LVcKap.sys 1687552 bytes (-, -)
0xB3458000 C:\WINDOWS\system32\DRIVERS\atinavrr.sys 1019904 bytes (ATI Technologies Inc., ATI Unified AVStream Driver)
0xB2F9B000 C:\WINDOWS\system32\DRIVERS\NVNRM.SYS 946176 bytes (NVIDIA Corporation, NVIDIA Network Resource Manager.)
0x9F7BD000 C:\WINDOWS\system32\DRIVERS\LV302V32.SYS 933888 bytes (Logitech Inc., Logitech QuickCam Driver)
0xBF0FE000 C:\WINDOWS\System32\atikvmag.dll 626688 bytes (ATI Technologies Inc., Virtual Command And Memory Manager)
0xBF068000 C:\WINDOWS\System32\ati2cqag.dll 614400 bytes (ATI Technologies Inc., Central Memory Manager / Queue Server Module)
0xB9DDD000 Ntfs.sys 577536 bytes (Microsoft Corporation, NT File System Driver)
0x9FBCD000 C:\WINDOWS\System32\vsdatant.sys 528384 bytes (Check Point Software Technologies LTD, ZoneAlarm Firewalling Driver)
0x9F5A6000 C:\WINDOWS\system32\DRIVERS\Wdf01000.sys 503808 bytes (Microsoft Corporation, WDF Dynamic)
0x9FADB000 C:\WINDOWS\system32\DRIVERS\mrxsmb.sys 458752 bytes (Microsoft Corporation, Windows NT SMB Minirdr)
0xBF197000 C:\WINDOWS\System32\atiok3x2.dll 393216 bytes (ATI Technologies Inc., Ring 0 x2 component)
0xB1AD5000 C:\WINDOWS\system32\DRIVERS\update.sys 385024 bytes (Microsoft Corporation, Update Driver)
0x9FCD6000 C:\WINDOWS\system32\DRIVERS\tcpip.sys 364544 bytes (Microsoft Corporation, TCP/IP Protocol Driver)
0x9B2EA000 C:\WINDOWS\system32\DRIVERS\srv.sys 356352 bytes (Microsoft Corporation, Server driver)
0xBF012000 C:\WINDOWS\System32\ati2dvag.dll 352256 bytes (ATI Technologies Inc., ATI Radeon WindowsNT Display Driver)
0xBFFA0000 C:\WINDOWS\System32\ATMFD.DLL 286720 bytes (Adobe Systems Incorporated, Windows NT OpenType/Type 1 Font Driver)
0x9FC76000 C:\WINDOWS\System32\Drivers\avgtdix.sys 237568 bytes (AVG Technologies CZ, s.r.o., AVG Network connection watcher)
0x9FB76000 C:\WINDOWS\System32\drivers\truecrypt.sys 217088 bytes (TrueCrypt Foundation, TrueCrypt Driver)
0x9FAA7000 C:\WINDOWS\System32\Drivers\avgldx86.sys 212992 bytes (AVG Technologies CZ, s.r.o., AVG AVI Loader Driver)
0xB1B50000 C:\WINDOWS\system32\DRIVERS\rdpdr.sys 196608 bytes (Microsoft Corporation, Microsoft RDP Device redirector)
0xB9F79000 ACPI.sys 188416 bytes (Microsoft Corporation, ACPI Driver for NT)
0x9B571000 C:\WINDOWS\system32\DRIVERS\mrxdav.sys 184320 bytes (Microsoft Corporation, Windows NT WebDav Minirdr)
0xB9DB0000 NDIS.sys 184320 bytes (Microsoft Corporation, NDIS 5.1 wrapper driver)
0x9FB4B000 C:\WINDOWS\system32\DRIVERS\rdbss.sys 176128 bytes (Microsoft Corporation, Redirected Drive Buffering SubSystem Driver)
0xB3613000 C:\WINDOWS\system32\DRIVERS\HDAudBus.sys 163840 bytes (Windows ® Server 2003 DDK provider, High Definition Audio Bus Driver v1.0a)
0x9FC4E000 C:\WINDOWS\system32\DRIVERS\netbt.sys 163840 bytes (Microsoft Corporation, MBT Transport driver)
0xB9F23000 dmio.sys 155648 bytes (Microsoft Corp., Veritas Software, NT Disk Manager I/O Driver)
0x9FCB0000 C:\WINDOWS\system32\DRIVERS\ipnat.sys 155648 bytes (Microsoft Corporation, IP Network Address Translator)
0xA5121000 C:\WINDOWS\system32\drivers\portcls.sys 147456 bytes (Microsoft Corporation, Port Class (Class Driver for Port/Miniport Devices))
0xB30B1000 C:\WINDOWS\system32\DRIVERS\USBPORT.SYS 147456 bytes (Microsoft Corporation, USB 1.1 & 2.0 Port Driver)
0xB3435000 C:\WINDOWS\system32\DRIVERS\ks.sys 143360 bytes (Microsoft Corporation, Kernel CSA Library)
0xB9F00000 nvrd32.sys 143360 bytes (NVIDIA Corporation, NVIDIA® nForce™ RAID Driver)
0x9FBAB000 C:\WINDOWS\System32\drivers\afd.sys 139264 bytes (Microsoft Corporation, Ancillary Function Driver for WinSock)
0x806E4000 ACPI_HAL 134400 bytes
0x806E4000 C:\WINDOWS\system32\hal.dll 134400 bytes (Microsoft Corporation, Hardware Abstraction Layer DLL)
0xB9E93000 fltMgr.sys 131072 bytes (Microsoft Corporation, Microsoft Filesystem Filter Manager)
0xB9F49000 ftdisk.sys 126976 bytes (Microsoft Corporation, FT Disk Driver)
0x9F514000 C:\WINDOWS\System32\Drivers\dump_nvgts.sys 118784 bytes
0xB1B33000 C:\WINDOWS\system32\DRIVERS\mcdbus.sys 118784 bytes (MagicISO, Inc., MagicISO SCSI Host Controller)
0xB9ECB000 nvgts.sys 118784 bytes (NVIDIA Corporation, NVIDIA® nForce™ Sata Performance Driver)
0xB9D96000 Mup.sys 106496 bytes (Microsoft Corporation, Multiple UNC Provider driver)
0xB9EE8000 atapi.sys 98304 bytes (Microsoft Corporation, IDE/ATAPI Port Driver)
0xB9EB3000 C:\WINDOWS\system32\DRIVERS\SCSIPORT.SYS 98304 bytes (Microsoft Corporation, SCSI Port Driver)
0xB9E6A000 KSecDD.sys 94208 bytes (Microsoft Corporation, Kernel Security Support Provider Interface)
0xB22CA000 C:\WINDOWS\system32\DRIVERS\ndiswan.sys 94208 bytes (Microsoft Corporation, MS PPP Framing Driver (Strong Encryption))
0x9AD85000 C:\WINDOWS\system32\drivers\wdmaud.sys 86016 bytes (Microsoft Corporation, MMSYSTEM Wave/Midi API mapper)
0xB363B000 C:\WINDOWS\system32\DRIVERS\VIDEOPRT.SYS 81920 bytes (Microsoft Corporation, Video Port Driver)
0x9FD2F000 C:\WINDOWS\system32\DRIVERS\ipsec.sys 77824 bytes (Microsoft Corporation, IPSec Driver)
0xBF000000 C:\WINDOWS\System32\drivers\dxg.sys 73728 bytes (Microsoft Corporation, DirectX Graphics Driver)
0xB9E81000 sr.sys 73728 bytes (Microsoft Corporation, System Restore Filesystem Filter Driver)
0xB9F68000 pci.sys 69632 bytes (Microsoft Corporation, NT Plug and Play PCI Enumerator)
0xB2218000 C:\WINDOWS\system32\DRIVERS\psched.sys 69632 bytes (Microsoft Corporation, MS QoS Packet Scheduler)
0x9B8E6000 C:\WINDOWS\System32\drivers\pxrts.sys 69632 bytes (Prevx, Prevx Realtime Security)
0xA082C000 C:\WINDOWS\System32\Drivers\Cdfs.SYS 65536 bytes (Microsoft Corporation, CD-ROM File System Driver)
0xBA2C8000 C:\WINDOWS\system32\DRIVERS\cdrom.sys 65536 bytes (Microsoft Corporation, SCSI CD-ROM Driver)
0xBA0A8000 ohci1394.sys 65536 bytes (Microsoft Corporation, 1394 OpenHCI Port Driver)
0xB2EC1000 C:\WINDOWS\system32\drivers\drmk.sys 61440 bytes (Microsoft Corporation, Microsoft Kernel DRM Descrambler Filter)
0xB8D6E000 C:\WINDOWS\system32\DRIVERS\redbook.sys 61440 bytes (Microsoft Corporation, Redbook Audio Filter Driver)
0x9B1E2000 C:\WINDOWS\system32\drivers\sysaudio.sys 61440 bytes (Microsoft Corporation, System Audio WDM Filter)
0xA0B78000 C:\WINDOWS\system32\drivers\usbaudio.sys 61440 bytes (Microsoft Corporation, USB Audio Class Driver)
0xA0111000 C:\WINDOWS\system32\DRIVERS\usbhub.sys 61440 bytes (Microsoft Corporation, Default Hub Driver for USB)
0xBA0B8000 C:\WINDOWS\system32\DRIVERS\1394BUS.SYS 57344 bytes (Microsoft Corporation, 1394 Bus Device Driver)
0xBA318000 C:\WINDOWS\system32\DRIVERS\NVENETFD.sys 57344 bytes (NVIDIA Corporation, NVIDIA Networking Function Driver.)
0xBA0E8000 C:\WINDOWS\system32\DRIVERS\CLASSPNP.SYS 53248 bytes (Microsoft Corporation, SCSI Class System Dll)
0xB43B7000 C:\WINDOWS\system32\DRIVERS\rasl2tp.sys 53248 bytes (Microsoft Corporation, RAS L2TP mini-port/call-manager driver)
0xBA0F8000 VolSnap.sys 53248 bytes (Microsoft Corporation, Volume Shadow Copy Driver)
0xA0B48000 C:\WINDOWS\system32\DRIVERS\WDFLDR.SYS 53248 bytes (Microsoft Corporation, WDFLDR)
0xBA128000 avgrkx86.sys 49152 bytes (AVG Technologies CZ, s.r.o., AVG Anti-Rootkit Driver)
0xBA2F8000 C:\WINDOWS\system32\DRIVERS\raspptp.sys 49152 bytes (Microsoft Corporation, Peer-to-Peer Tunneling Protocol)
0x9FF7E000 C:\WINDOWS\System32\Drivers\Fips.SYS 45056 bytes (Microsoft Corporation, FIPS Crypto Driver)
0xBA2B8000 C:\WINDOWS\system32\DRIVERS\imapi.sys 45056 bytes (Microsoft Corporation, IMAPI Kernel Driver)
0xBA0D8000 MountMgr.sys 45056 bytes (Microsoft Corporation, Mount Manager)
0xB43C7000 C:\WINDOWS\system32\DRIVERS\raspppoe.sys 45056 bytes (Microsoft Corporation, RAS PPPoE mini-port/call-manager driver)
0xBA0C8000 isapnp.sys 40960 bytes (Microsoft Corporation, PNP ISA Bus Driver)
0xB8DBE000 C:\WINDOWS\System32\Drivers\NDProxy.SYS 40960 bytes (Microsoft Corporation, NDIS Proxy)
0xB8D5E000 C:\WINDOWS\system32\DRIVERS\nvnetbus.sys 40960 bytes (NVIDIA Corporation, NVIDIA Networking Bus Driver.)
0xB43A7000 C:\WINDOWS\system32\DRIVERS\termdd.sys 40960 bytes (Microsoft Corporation, Terminal Server Driver)
0xBA108000 disk.sys 36864 bytes (Microsoft Corporation, PnP Disk Driver)
0xA0E2B000 C:\WINDOWS\system32\DRIVERS\HIDCLASS.SYS 36864 bytes (Microsoft Corporation, Hid Class Library)
0xBA198000 C:\WINDOWS\system32\DRIVERS\intelppm.sys 36864 bytes (Microsoft Corporation, Processor Device Driver)
0xA0E0B000 C:\WINDOWS\system32\drivers\LVUSBSta.sys 36864 bytes (Logitech Inc., USB Statistic Driver)
0xB4387000 C:\WINDOWS\system32\DRIVERS\msgpc.sys 36864 bytes (Microsoft Corporation, MS General Packet Classifier)
0x9FF8E000 C:\WINDOWS\system32\DRIVERS\netbios.sys 36864 bytes (Microsoft Corporation, NetBIOS interface driver)
0x9A06F000 C:\WINDOWS\System32\Drivers\Normandy.SYS 36864 bytes (RKU Driver)
0xBA118000 PxHelp20.sys 36864 bytes (Sonic Solutions, Px Engine Device Driver for Windows 2000/XP)
0xA0101000 C:\WINDOWS\system32\DRIVERS\wanarp.sys 36864 bytes (Microsoft Corporation, MS Remote Access and Routing ARP Driver)
0xBA3F0000 C:\WINDOWS\System32\Drivers\Npfs.SYS 32768 bytes (Microsoft Corporation, NPFS Driver)
0xB728F000 C:\WINDOWS\nvoclock.sys 32768 bytes (NVidia Corp., NVidia System Utility Driver)
0xBA410000 C:\WINDOWS\system32\DRIVERS\usbccgp.sys 32768 bytes (Microsoft Corporation, USB Common Class Generic Parent Driver)
0xBA3D0000 C:\WINDOWS\system32\DRIVERS\usbehci.sys 32768 bytes (Microsoft Corporation, EHCI eUSB Miniport Driver)
0xBA438000 C:\WINDOWS\system32\DRIVERS\fdc.sys 28672 bytes (Microsoft Corporation, Floppy Disk Controller Driver)
0xBA3D8000 C:\WINDOWS\system32\DRIVERS\HIDPARSE.SYS 28672 bytes (Microsoft Corporation, Hid Parsing Library)
0xB3128000 C:\WINDOWS\system32\DRIVERS\NuidFltr.sys 28672 bytes (Microsoft Corporation, Filter Driver for Microsoft Hardware HID Non-User Input Data)
0xBA328000 C:\WINDOWS\system32\DRIVERS\PCIIDEX.SYS 28672 bytes (Microsoft Corporation, PCI IDE Bus Driver Extension)
0xBA418000 C:\WINDOWS\System32\Drivers\avgmfx86.sys 24576 bytes (AVG Technologies CZ, s.r.o., AVG Resident Shield Minifilter Driver)
0xBA440000 C:\WINDOWS\system32\DRIVERS\GEARAspiWDM.sys 24576 bytes (GEAR Software Inc., CD DVD Filter)
0xB7267000 C:\WINDOWS\system32\DRIVERS\kbdclass.sys 24576 bytes (Microsoft Corporation, Keyboard Class Driver)
0xB725F000 C:\WINDOWS\system32\DRIVERS\mouclass.sys 24576 bytes (Microsoft Corporation, Mouse Class Driver)
0xBA338000 pxscan.sys 24576 bytes (Prevx, Prevx Scanner)
0xBA3E0000 C:\WINDOWS\System32\drivers\vga.sys 24576 bytes (Microsoft Corporation, VGA/Super VGA Video Driver)
0xBA3F8000 C:\WINDOWS\system32\ZDCNDIS5.SYS 24576 bytes (ZDC., Inc. (ZDC), ZDC NDIS 5.0 SPR Protocol Driver)
0xBA398000 C:\WINDOWS\system32\DRIVERS\LVPr2Mon.sys 20480 bytes (-, -)
0xBA3E8000 C:\WINDOWS\System32\Drivers\Msfs.SYS 20480 bytes (Microsoft Corporation, Mailslot driver)
0xBA330000 PartMgr.sys 20480 bytes (Microsoft Corporation, Partition Manager)
0xB7277000 C:\WINDOWS\system32\DRIVERS\ptilink.sys 20480 bytes (Parallel Technologies, Inc., Parallel Technologies DirectParallel IO Library)
0xB3108000 C:\WINDOWS\System32\drivers\pxkbf.sys 20480 bytes (Prevx, Prevx Keyboard Security)
0xB726F000 C:\WINDOWS\system32\DRIVERS\raspti.sys 20480 bytes (Microsoft Corporation, PTI DirectParallel® mini-port/call-manager driver)
0xB7297000 C:\WINDOWS\system32\DRIVERS\TDI.SYS 20480 bytes (Microsoft Corporation, TDI Wrapper)
0xBA3C8000 C:\WINDOWS\system32\DRIVERS\usbohci.sys 20480 bytes (Microsoft Corporation, OHCI USB Miniport Driver)
0xB30F0000 C:\WINDOWS\System32\watchdog.sys 20480 bytes (Microsoft Corporation, Watchdog Driver)
0x9B5E2000 C:\WINDOWS\system32\drivers\cpuz132_x32.sys 16384 bytes (Windows ® Codename Longhorn DDK provider, CPUID Driver)
0xBA574000 C:\WINDOWS\System32\Drivers\dump_diskdump.sys 16384 bytes
0xBA550000 C:\WINDOWS\system32\DRIVERS\kbdhid.sys 16384 bytes (Microsoft Corporation, HID Mouse Filter Driver)
0xB98CA000 C:\WINDOWS\system32\DRIVERS\mssmbios.sys 16384 bytes (Microsoft Corporation, System Management BIOS Driver)
0xB98AA000 C:\WINDOWS\system32\DRIVERS\NCREMOTEPCI.SYS 16384 bytes (PLX Technology, Inc. (visit www.PlxTech.com), Remote PCI (RPCI) driver library (x86))
0x9B8DA000 C:\WINDOWS\system32\DRIVERS\ndisuio.sys 16384 bytes (Microsoft Corporation, NDIS User mode I/O Driver)
0xB9458000 C:\WINDOWS\system32\DRIVERS\BdaSup.SYS 12288 bytes (Microsoft Corporation, Microsoft BDA Driver Support Library)
0xBA4B8000 C:\WINDOWS\system32\BOOTVID.dll 12288 bytes (Microsoft Corporation, VGA Boot Driver)
0x9FA87000 C:\WINDOWS\System32\drivers\Dxapi.sys 12288 bytes (Microsoft Corporation, DirectX API Driver)
0xBA578000 C:\WINDOWS\system32\DRIVERS\hidusb.sys 12288 bytes (Microsoft Corporation, USB Miniport Driver for Input Devices)
0xB9434000 C:\WINDOWS\System32\Drivers\i2omgmt.SYS 12288 bytes (Microsoft Corporation, I2O Utility Filter)
0xBA594000 C:\WINDOWS\system32\DRIVERS\mouhid.sys 12288 bytes (Microsoft Corporation, HID Mouse Filter Driver)
0xBA584000 C:\WINDOWS\system32\DRIVERS\ndistapi.sys 12288 bytes (Microsoft Corporation, NDIS 3.0 connection wrapper driver)
0xBA554000 C:\WINDOWS\system32\DRIVERS\rasacd.sys 12288 bytes (Microsoft Corporation, RAS Automatic Connection Driver)
0xBA5FA000 C:\WINDOWS\System32\Drivers\Beep.SYS 8192 bytes (Microsoft Corporation, BEEP Driver)
0xBA5AC000 dmload.sys 8192 bytes (Microsoft Corp., Veritas Software., NT Disk Manager Startup Driver)
0xBA5F8000 C:\WINDOWS\System32\Drivers\Fs_Rec.SYS 8192 bytes (Microsoft Corporation, File System Recognizer Driver)
0xBA5A8000 C:\WINDOWS\system32\KDCOM.DLL 8192 bytes (Microsoft Corporation, Kernel Debugger HW Extension DLL)
0xBA616000 C:\WINDOWS\system32\DRIVERS\lv302af.sys 8192 bytes (Logitech Inc., Audio filter for Express Plus)
0xBA5FC000 C:\WINDOWS\System32\Drivers\mnmdd.SYS 8192 bytes (Microsoft Corporation, Frame buffer simulator)
0xBA5FE000 C:\WINDOWS\System32\DRIVERS\RDPCDD.sys 8192 bytes (Microsoft Corporation, RDP Miniport)
0xBA664000 C:\WINDOWS\system32\DRIVERS\swenum.sys 8192 bytes (Microsoft Corporation, Plug and Play Software Device Enumerator)
0xBA64C000 C:\WINDOWS\system32\drivers\USBD.SYS 8192 bytes (Microsoft Corporation, Universal Serial Bus Driver)
0xBA5AA000 C:\WINDOWS\system32\DRIVERS\WMILIB.SYS 8192 bytes (Microsoft Corporation, WMILIB WMI support library Dll)
0xBA7BA000 C:\WINDOWS\system32\DRIVERS\audstub.sys 4096 bytes (Microsoft Corporation, AudStub Driver)
0xBA7AC000 C:\WINDOWS\System32\drivers\dxgthk.sys 4096 bytes (Microsoft Corporation, DirectX Graphics Driver Thunk)
0xBA6EB000 C:\WINDOWS\System32\Drivers\Null.SYS 4096 bytes (Microsoft Corporation, NULL Driver)
0xBA670000 pciide.sys 4096 bytes (Microsoft Corporation, Generic PCI IDE Bus Driver)
==============================================
>Stealth
==============================================




MBAM:

Malwarebytes' Anti-Malware 1.46
www.malwarebytes.org

Database version: 4749

Windows 5.1.2600 Service Pack 3
Internet Explorer 8.0.6001.18702

10/5/2010 10:59:10 PM
mbam-log-2010-10-05 (22-59-10).txt

Scan type: Full scan (C:\|D:\|G:\|)
Objects scanned: 377079
Time elapsed: 1 hour(s), 57 minute(s), 35 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 1

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
C:\WINDOWS\pss\syscron.exeStartup (Spyware.Passwords.XGen) -> Quarantined and deleted successfully.




MBRCheck:


MBRCheck, version 1.2.3
© 2010, AD

Command-line:
Windows Version: Windows XP Professional
Windows Information: Service Pack 3 (build 2600)
Logical Drives Mask: 0x0000004c

Kernel Drivers (total 146):
0x804D7000 \WINDOWS\system32\ntkrnlpa.exe
0x806E4000 \WINDOWS\system32\hal.dll
0xBA5A8000 \WINDOWS\system32\KDCOM.DLL
0xBA4B8000 \WINDOWS\system32\BOOTVID.dll
0xBA0A8000 lqvpaari.sys
0xB9F79000 ACPI.sys
0xBA5AA000 \WINDOWS\system32\DRIVERS\WMILIB.SYS
0xB9F68000 pci.sys
0xBA0B8000 ohci1394.sys
0xBA0C8000 \WINDOWS\system32\DRIVERS\1394BUS.SYS
0xBA0D8000 isapnp.sys
0xBA670000 pciide.sys
0xBA328000 \WINDOWS\system32\DRIVERS\PCIIDEX.SYS
0xBA0E8000 MountMgr.sys
0xB9F49000 ftdisk.sys
0xBA5AC000 dmload.sys
0xB9F23000 dmio.sys
0xB9F00000 nvrd32.sys
0xBA0F8000 \WINDOWS\system32\DRIVERS\CLASSPNP.SYS
0xBA330000 PartMgr.sys
0xBA338000 pxscan.sys
0xBA108000 VolSnap.sys
0xB9EE8000 atapi.sys
0xB9ECB000 nvgts.sys
0xB9EB3000 \WINDOWS\system32\DRIVERS\SCSIPORT.SYS
0xBA118000 disk.sys
0xB9E93000 fltMgr.sys
0xB9E81000 sr.sys
0xBA128000 PxHelp20.sys
0xB9E6A000 KSecDD.sys
0xB9DDD000 Ntfs.sys
0xB9DB0000 NDIS.sys
0xB9D96000 Mup.sys
0xBA138000 avgrkx86.sys
0xB8D0E000 \SystemRoot\system32\DRIVERS\intelppm.sys
0xB887A000 \SystemRoot\system32\DRIVERS\ati2mtag.sys
0xB38E7000 \SystemRoot\system32\DRIVERS\VIDEOPRT.SYS
0xB38BF000 \SystemRoot\system32\DRIVERS\HDAudBus.sys
0xBA64C000 \SystemRoot\system32\drivers\USBD.SYS
0xB37C6000 \SystemRoot\system32\DRIVERS\atinavrr.sys
0xB37A3000 \SystemRoot\system32\DRIVERS\ks.sys
0xB9382000 \SystemRoot\system32\DRIVERS\NCREMOTEPCI.SYS
0xB937E000 \SystemRoot\system32\DRIVERS\BdaSup.SYS
0xBA388000 \SystemRoot\system32\DRIVERS\fdc.sys
0xBA390000 \SystemRoot\system32\DRIVERS\usbohci.sys
0xB34E0000 \SystemRoot\system32\DRIVERS\USBPORT.SYS
0xBA398000 \SystemRoot\system32\DRIVERS\usbehci.sys
0xB514D000 \SystemRoot\system32\DRIVERS\imapi.sys
0xB8D7E000 \SystemRoot\system32\DRIVERS\cdrom.sys
0xB513D000 \SystemRoot\system32\DRIVERS\redbook.sys
0xBA3A0000 \SystemRoot\system32\DRIVERS\GEARAspiWDM.sys
0xB50FD000 \SystemRoot\system32\DRIVERS\nvnetbus.sys
0xB32A0000 \SystemRoot\system32\DRIVERS\NVNRM.SYS
0xBA74C000 \SystemRoot\system32\DRIVERS\audstub.sys
0xB50DD000 \SystemRoot\system32\DRIVERS\rasl2tp.sys
0xBA598000 \SystemRoot\system32\DRIVERS\ndistapi.sys
0xB25BB000 \SystemRoot\system32\DRIVERS\ndiswan.sys
0xBA1C8000 \SystemRoot\system32\DRIVERS\raspppoe.sys
0xB8D2E000 \SystemRoot\system32\DRIVERS\raspptp.sys
0xB7395000 \SystemRoot\system32\DRIVERS\TDI.SYS
0xB25AA000 \SystemRoot\system32\DRIVERS\psched.sys
0xBA168000 \SystemRoot\system32\DRIVERS\msgpc.sys
0xB737D000 \SystemRoot\system32\DRIVERS\ptilink.sys
0xB7365000 \SystemRoot\system32\DRIVERS\raspti.sys
0xB1BB6000 \SystemRoot\system32\DRIVERS\rdpdr.sys
0xB8D8E000 \SystemRoot\system32\DRIVERS\termdd.sys
0xB735D000 \SystemRoot\system32\DRIVERS\kbdclass.sys
0xB7355000 \SystemRoot\system32\DRIVERS\mouclass.sys
0xB1B99000 \SystemRoot\system32\DRIVERS\mcdbus.sys
0xBA664000 \SystemRoot\system32\DRIVERS\swenum.sys
0xB1B3B000 \SystemRoot\system32\DRIVERS\update.sys
0xB9D4E000 \SystemRoot\system32\DRIVERS\mssmbios.sys
0xB8D1E000 \SystemRoot\system32\DRIVERS\NVENETFD.sys
0xB3084000 \SystemRoot\System32\Drivers\NDProxy.SYS
0xA50E5000 \SystemRoot\system32\drivers\RtKHDMI.sys
0xA5075000 \SystemRoot\system32\drivers\portcls.sys
0xB3004000 \SystemRoot\system32\drivers\drmk.sys
0xA48DE000 \SystemRoot\system32\drivers\RtkHDAud.sys
0x9FF60000 \SystemRoot\system32\DRIVERS\usbhub.sys
0xBA580000 \SystemRoot\System32\Drivers\i2omgmt.SYS
0xBA5F0000 \SystemRoot\System32\Drivers\Fs_Rec.SYS
0xBA784000 \SystemRoot\System32\Drivers\Null.SYS
0xBA5F2000 \SystemRoot\System32\Drivers\Beep.SYS
0xBA480000 \SystemRoot\system32\DRIVERS\HIDPARSE.SYS
0xBA450000 \SystemRoot\System32\drivers\vga.sys
0xBA5E8000 \SystemRoot\System32\Drivers\mnmdd.SYS
0xBA5EA000 \SystemRoot\System32\DRIVERS\RDPCDD.sys
0xBA468000 \SystemRoot\System32\Drivers\Msfs.SYS
0xBA458000 \SystemRoot\System32\Drivers\Npfs.SYS
0xBA558000 \SystemRoot\system32\DRIVERS\rasacd.sys
0x9FDB8000 \SystemRoot\system32\DRIVERS\ipsec.sys
0x9FD5F000 \SystemRoot\system32\DRIVERS\tcpip.sys
0x9FD25000 \SystemRoot\System32\Drivers\avgtdix.sys
0x9FCFF000 \SystemRoot\system32\DRIVERS\ipnat.sys
0x9FF50000 \SystemRoot\system32\DRIVERS\wanarp.sys
0x9FCAF000 \SystemRoot\system32\DRIVERS\netbt.sys
0x9FC2E000 \SystemRoot\System32\vsdatant.sys
0xBA460000 \??\C:\WINDOWS\system32\ZDCNDIS5.SYS
0x9FC0C000 \SystemRoot\System32\drivers\afd.sys
0x9FF40000 \SystemRoot\system32\DRIVERS\netbios.sys
0x9FBD7000 \SystemRoot\System32\drivers\truecrypt.sys
0x9FBAC000 \SystemRoot\system32\DRIVERS\rdbss.sys
0x9FB3C000 \SystemRoot\system32\DRIVERS\mrxsmb.sys
0x9FF30000 \SystemRoot\System32\Drivers\Fips.SYS
0xBA488000 \SystemRoot\System32\Drivers\avgmfx86.sys
0x9FB08000 \SystemRoot\System32\Drivers\avgldx86.sys
0xB9D66000 \SystemRoot\system32\DRIVERS\hidusb.sys
0xB1C46000 \SystemRoot\system32\DRIVERS\HIDCLASS.SYS
0xBA470000 \SystemRoot\system32\DRIVERS\usbccgp.sys
0x9F902000 \SystemRoot\system32\DRIVERS\LVMVDrv.sys
0xBA2A8000 \SystemRoot\system32\drivers\LVUSBSta.sys
0x9F81E000 \SystemRoot\system32\DRIVERS\LV302V32.SYS
0xBA616000 \SystemRoot\system32\DRIVERS\lv302af.sys
0xB8D4E000 \SystemRoot\system32\drivers\usbaudio.sys
0x9F682000 \SystemRoot\system32\DRIVERS\LVcKap.sys
0xBA428000 \SystemRoot\system32\DRIVERS\NuidFltr.sys
0xA16B3000 \SystemRoot\system32\DRIVERS\WDFLDR.SYS
0x9F607000 \SystemRoot\system32\DRIVERS\Wdf01000.sys
0xB2EA2000 \SystemRoot\system32\DRIVERS\mouhid.sys
0xA1214000 \SystemRoot\System32\Drivers\Cdfs.SYS
0x9FCF7000 \SystemRoot\system32\DRIVERS\kbdhid.sys
0xB7385000 \SystemRoot\System32\drivers\pxkbf.sys
0x9FCEB000 \SystemRoot\System32\Drivers\dump_diskdump.sys
0x9F575000 \SystemRoot\System32\Drivers\dump_nvgts.sys
0xBF800000 \SystemRoot\System32\win32k.sys
0x9FB04000 \SystemRoot\System32\drivers\Dxapi.sys
0xB736D000 \SystemRoot\System32\watchdog.sys
0xBF000000 \SystemRoot\System32\drivers\dxg.sys
0xBA750000 \SystemRoot\System32\drivers\dxgthk.sys
0xBF012000 \SystemRoot\System32\ati2dvag.dll
0xBF068000 \SystemRoot\System32\ati2cqag.dll
0xBF0FE000 \SystemRoot\System32\atikvmag.dll
0xBF197000 \SystemRoot\System32\atiok3x2.dll
0xBF1F7000 \SystemRoot\System32\ati3duag.dll
0xBF519000 \SystemRoot\System32\ativvaxx.dll
0xBFFA0000 \SystemRoot\System32\ATMFD.DLL
0x9B5D9000 \SystemRoot\System32\drivers\pxrts.sys
0x9B5D1000 \SystemRoot\system32\DRIVERS\ndisuio.sys
0x9B254000 \SystemRoot\system32\drivers\wdmaud.sys
0xA054D000 \SystemRoot\system32\drivers\sysaudio.sys
0x9B06F000 \SystemRoot\system32\DRIVERS\mrxdav.sys
0x9AFA3000 \??\C:\WINDOWS\system32\drivers\cpuz132_x32.sys
0x9ACDB000 \SystemRoot\system32\DRIVERS\srv.sys
0x9E493000 \SystemRoot\system32\DRIVERS\LVPr2Mon.sys
0xBA410000 \??\C:\WINDOWS\nvoclock.sys
0x7C900000 \WINDOWS\system32\ntdll.dll

Processes (total 39):
0 System Idle Process
4 System
692 C:\WINDOWS\system32\smss.exe
756 csrss.exe
788 C:\WINDOWS\system32\winlogon.exe
832 C:\WINDOWS\system32\services.exe
844 C:\WINDOWS\system32\lsass.exe
1020 C:\WINDOWS\system32\svchost.exe
1084 svchost.exe
1224 C:\WINDOWS\system32\svchost.exe
1344 svchost.exe
1420 svchost.exe
1468 C:\WINDOWS\system32\ZoneLabs\vsmon.exe
1544 C:\Program Files\AVG\AVG9\avgchsvx.exe
1552 C:\Program Files\AVG\AVG9\avgrsx.exe
1648 C:\Program Files\AVG\AVG9\avgcsrvx.exe
492 C:\WINDOWS\system32\spoolsv.exe
568 C:\Program Files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe
1376 C:\WINDOWS\explorer.exe
252 C:\Program Files\iTunes\iTunesHelper.exe
260 C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
320 svchost.exe
472 C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACService.exe
724 C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
1272 C:\Program Files\AVG\AVG9\avgwdsvc.exe
2232 C:\WINDOWS\system32\svchost.exe
2284 C:\Program Files\AVG\AVG9\avgam.exe
2320 C:\WINDOWS\system32\svchost.exe
2316 C:\Program Files\AVG\AVG9\avgnsx.exe
2472 C:\Program Files\NVIDIA Corporation\nTune\nTuneService.exe
2660 C:\Program Files\Dell Support Center\bin\sprtsvc.exe
2816 C:\WINDOWS\system32\svchost.exe
3016 wdfmgr.exe
2388 C:\Program Files\iPod\bin\iPodService.exe
3164 alg.exe
2836 C:\Program Files\AVG\AVG9\avgcsrvx.exe
1276 C:\WINDOWS\system32\wuauclt.exe
2160 C:\WINDOWS\system32\wscntfy.exe
3376 C:\Documents and Settings\John\Desktop\MBRCheck.exe

\\.\C: --> \\.\PhysicalDrive0 at offset 0x00000000`036e8e00 (NTFS)

PhysicalDrive0 Model Number: WDCWD5000AAKS-75A7B0, Rev: 01.03B01

Size Device Name MBR Status
--------------------------------------------
465 GB \\.\PhysicalDrive0 Unknown MBR code
SHA1: 49317473774A146FB87EC5200B1C6B80AB2FF32D


Found non-standard or infected MBR.
Enter 'Y' and hit ENTER for more options, or 'N' to exit:

Done!




OTL's:


OTL.txt:
OTL logfile created on: 10/5/2010 11:13:24 PM - Run 1
OTL by OldTimer - Version 3.2.14.1 Folder = C:\Documents and Settings\John\Desktop
Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

3.00 Gb Total Physical Memory | 3.00 Gb Available Physical Memory | 82.00% Memory free
8.00 Gb Paging File | 8.00 Gb Available in Paging File | 95.00% Paging File free
Paging file location(s): C:\pagefile.sys 4987 6000 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 455.94 Gb Total Space | 220.80 Gb Free Space | 48.43% Space Free | Partition Type: NTFS
D: Drive not present or media not loaded
E: Drive not present or media not loaded
F: Drive not present or media not loaded
Drive G: | 414.61 Mb Total Space | 0.00 Mb Free Space | 0.00% Space Free | Partition Type: CDFS
H: Drive not present or media not loaded
I: Drive not present or media not loaded

Computer Name: D3R3VDH1
Current User Name: John
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: All users
Company Name Whitelist: Off
Skip Microsoft Files: Off
File Age = 30 Days
Output = Standard

========== Processes (SafeList) ==========

PRC - [2010/10/05 17:07:49 | 000,575,488 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\John\Desktop\OTL.exe
PRC - [2010/09/23 19:19:33 | 000,621,920 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG9\avgnsx.exe
PRC - [2010/09/14 19:25:48 | 001,101,152 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG9\avgchsvx.exe
PRC - [2010/09/14 19:25:47 | 000,515,424 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG9\avgrsx.exe
PRC - [2010/09/14 19:25:45 | 000,723,296 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG9\avgcsrvx.exe
PRC - [2010/09/14 19:25:11 | 000,842,592 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG9\avgam.exe
PRC - [2010/09/14 19:25:09 | 000,308,136 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG9\avgwdsvc.exe
PRC - [2010/06/23 13:52:56 | 002,435,592 | ---- | M] (Check Point Software Technologies LTD) -- C:\WINDOWS\system32\ZoneLabs\vsmon.exe
PRC - [2010/06/23 13:51:30 | 001,043,968 | ---- | M] (Check Point Software Technologies LTD) -- C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
PRC - [2010/06/10 21:03:08 | 000,144,176 | ---- | M] (Apple Inc.) -- C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
PRC - [2010/03/18 11:19:26 | 000,113,152 | ---- | M] (ArcSoft Inc.) -- C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACService.exe
PRC - [2008/08/14 00:04:44 | 000,201,968 | ---- | M] (SupportSoft, Inc.) -- C:\Program Files\Dell Support Center\bin\sprtsvc.exe
PRC - [2008/04/14 08:00:00 | 001,033,728 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe
PRC - [2008/01/15 14:31:58 | 000,155,648 | ---- | M] (NVIDIA) -- C:\Program Files\NVIDIA Corporation\nTune\nTuneService.exe
PRC - [2007/02/06 17:45:26 | 000,109,344 | ---- | M] (Logitech Inc.) -- c:\Program Files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe


========== Modules (SafeList) ==========

MOD - [2010/10/05 17:07:49 | 000,575,488 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\John\Desktop\OTL.exe
MOD - [2008/04/14 08:00:00 | 000,110,592 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\msscript.ocx
MOD - [2007/02/06 17:45:14 | 000,092,960 | ---- | M] (Logitech Inc.) -- C:\Program Files\Common Files\LogiShrd\LVMVFM\LVPrcInj.dll


========== Win32 Services (SafeList) ==========

SRV - File not found [Disabled | Stopped] -- C:\Program Files\Common Files\SureThing Shared\stllssvr.exe -- (stllssvr)
SRV - [2010/09/19 12:03:55 | 006,405,168 | ---- | M] (Prevx) [Auto | Stopped] -- C:\Program Files\Prevx\prevx.exe -- (CSIScanner)
SRV - [2010/09/14 19:25:09 | 000,308,136 | ---- | M] (AVG Technologies CZ, s.r.o.) [Auto | Running] -- C:\Program Files\AVG\AVG9\avgwdsvc.exe -- (avg9wd)
SRV - [2010/06/23 13:52:56 | 002,435,592 | ---- | M] (Check Point Software Technologies LTD) [Auto | Running] -- C:\WINDOWS\System32\ZoneLabs\vsmon.exe -- (vsmon)
SRV - [2010/06/10 21:03:08 | 000,144,176 | ---- | M] (Apple Inc.) [Auto | Running] -- C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe -- (Apple Mobile Device)
SRV - [2010/03/18 11:19:26 | 000,113,152 | ---- | M] (ArcSoft Inc.) [Auto | Running] -- C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACService.exe -- (ACDaemon)
SRV - [2010/02/03 06:40:16 | 000,073,960 | ---- | M] (tzuk) [On_Demand | Stopped] -- C:\Program Files\Sandboxie\SbieSvc.exe -- (SbieSvc)
SRV - [2010/01/23 22:36:37 | 000,655,624 | ---- | M] (Acresso Software Inc.) [Disabled | Stopped] -- C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe -- (FLEXnet Licensing Service)
SRV - [2008/09/08 16:01:55 | 000,016,680 | ---- | M] (Citrix Online, a division of Citrix Systems, Inc.) [Disabled | Stopped] -- C:\Program Files\Citrix\GoToAssist\514\g2aservice.exe -- (GoToAssist)
SRV - [2008/08/14 00:04:44 | 000,201,968 | ---- | M] (SupportSoft, Inc.) [Auto | Running] -- C:\Program Files\Dell Support Center\bin\sprtsvc.exe -- (sprtsvc_dellsupportcenter) SupportSoft Sprocket Service (dellsupportcenter)
SRV - [2008/01/15 14:31:58 | 000,155,648 | ---- | M] (NVIDIA) [Auto | Running] -- C:\Program Files\NVIDIA Corporation\nTune\nTuneService.exe -- (nTuneService)
SRV - [2007/02/06 17:47:12 | 000,105,248 | ---- | M] (Logitech Inc.) [Auto | Stopped] -- C:\Program Files\Common Files\LogiShrd\SrvLnch\SrvLnch.exe -- (LVSrvLauncher)
SRV - [2007/02/06 17:45:26 | 000,109,344 | ---- | M] (Logitech Inc.) [Auto | Running] -- c:\Program Files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe -- (LVPrcSrv)
SRV - [2006/11/03 20:19:58 | 000,013,592 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Program Files\Windows Defender\MsMpEng.exe -- (WinDefend)
SRV - [2005/11/17 14:18:52 | 001,527,900 | ---- | M] (MAGIX®) [On_Demand | Stopped] -- C:\Program Files\MAGIX\Common\Database\bin\fbserver.exe -- (FirebirdServerMAGIXInstance)


========== Driver Services (SafeList) ==========

DRV - File not found [Kernel | System | Stopped] -- C:\WINDOWS\System32\DRIVERS\OMCI.SYS -- (OMCI)
DRV - File not found [Kernel | On_Demand | Stopped] -- C:\WINDOWS\System32\drivers\EagleNT.sys -- (EagleNT)
DRV - [2010/09/19 12:03:58 | 000,073,216 | ---- | M] (Prevx) [File_System | Auto | Running] -- C:\WINDOWS\system32\drivers\pxrts.sys -- (pxrts)
DRV - [2010/09/19 12:03:58 | 000,030,320 | ---- | M] (Prevx) [Kernel | Boot | Running] -- C:\WINDOWS\System32\drivers\pxscan.sys -- (pxscan)
DRV - [2010/09/19 12:03:55 | 000,024,400 | ---- | M] (Prevx) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\pxkbf.sys -- (pxkbf)
DRV - [2010/09/14 19:25:14 | 000,243,024 | ---- | M] (AVG Technologies CZ, s.r.o.) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\avgtdix.sys -- (AvgTdiX)
DRV - [2010/09/14 19:25:14 | 000,052,872 | ---- | M] (AVG Technologies CZ, s.r.o.) [File_System | Boot | Running] -- C:\WINDOWS\System32\Drivers\avgrkx86.sys -- (AvgRkx86)
DRV - [2010/09/14 19:25:12 | 000,216,400 | ---- | M] (AVG Technologies CZ, s.r.o.) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\avgldx86.sys -- (AvgLdx86)
DRV - [2010/09/14 19:25:12 | 000,029,584 | ---- | M] (AVG Technologies CZ, s.r.o.) [File_System | System | Running] -- C:\WINDOWS\system32\drivers\avgmfx86.sys -- (AvgMfx86)
DRV - [2010/09/14 18:54:45 | 000,024,416 | ---- | M] (Greatis Software) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\regguard.sys -- (RegGuard)
DRV - [2010/05/13 10:02:32 | 000,532,224 | ---- | M] (Check Point Software Technologies LTD) [Kernel | System | Running] -- C:\WINDOWS\system32\vsdatant.sys -- (vsdatant)
DRV - [2010/02/03 06:40:08 | 000,115,432 | ---- | M] (tzuk) [Kernel | On_Demand | Stopped] -- C:\Program Files\Sandboxie\SbieDrv.sys -- (SbieDrv)
DRV - [2009/11/04 23:07:42 | 000,223,432 | ---- | M] (TrueCrypt Foundation) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\truecrypt.sys -- (truecrypt)
DRV - [2009/09/25 11:12:04 | 004,241,792 | ---- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\RtKHDMI.sys -- (RTHDMIAzAudService)
DRV - [2009/07/15 05:20:12 | 004,407,808 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ati2mtag.sys -- (ati2mtag)
DRV - [2009/07/07 21:18:26 | 001,017,984 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\atinavrr.sys -- (ATIAVPCI)
DRV - [2009/05/09 01:14:20 | 000,014,736 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\nuidfltr.sys -- (NuidFltr)
DRV - [2009/03/27 02:16:28 | 000,012,672 | ---- | M] (Windows ® Codename Longhorn DDK provider) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\cpuz132_x32.sys -- (cpuz132)
DRV - [2009/02/24 18:42:14 | 000,116,736 | ---- | M] (MagicISO, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\mcdbus.sys -- (mcdbus)
DRV - [2008/11/11 13:42:00 | 000,024,832 | ---- | M] (LG Electronics Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\lgusbmodem.sys -- (USBModem)
DRV - [2008/11/11 13:41:00 | 000,019,968 | ---- | M] (LG Electronics Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\lgusbdiag.sys -- (UsbDiag)
DRV - [2008/11/11 13:41:00 | 000,013,056 | ---- | M] (LG Electronics Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\lgusbbus.sys -- (usbbus)
DRV - [2008/04/14 08:06:40 | 000,043,008 | ---- | M] (Advanced Micro Devices, Inc.) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\DRIVERS\amdagp.sys -- (amdagp)
DRV - [2008/04/14 08:06:40 | 000,040,960 | ---- | M] (Silicon Integrated Systems Corporation) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\DRIVERS\sisagp.sys -- (sisagp)
DRV - [2008/04/14 08:00:00 | 000,179,584 | ---- | M] (Mylex Corporation) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\DRIVERS\dac2w2k.sys -- (dac2w2k)
DRV - [2008/04/14 08:00:00 | 000,144,384 | ---- | M] (Windows ® Server 2003 DDK provider) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\hdaudbus.sys -- (HDAudBus)
DRV - [2008/04/14 08:00:00 | 000,049,024 | ---- | M] (QLogic Corporation) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\DRIVERS\ql1280.sys -- (ql1280)
DRV - [2008/04/14 08:00:00 | 000,045,312 | ---- | M] (QLogic Corporation) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\DRIVERS\ql12160.sys -- (ql12160)
DRV - [2008/04/14 08:00:00 | 000,040,320 | ---- | M] (QLogic Corporation) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\DRIVERS\ql1080.sys -- (ql1080)
DRV - [2008/04/14 08:00:00 | 000,036,736 | ---- | M] (Promise Technology, Inc.) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\DRIVERS\ultra.sys -- (ultra)
DRV - [2008/04/14 08:00:00 | 000,032,640 | ---- | M] (LSI Logic) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\DRIVERS\symc8xx.sys -- (symc8xx)
DRV - [2008/04/14 08:00:00 | 000,030,688 | ---- | M] (LSI Logic) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\DRIVERS\sym_u3.sys -- (sym_u3)
DRV - [2008/04/14 08:00:00 | 000,028,384 | ---- | M] (LSI Logic) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\DRIVERS\sym_hi.sys -- (sym_hi)
DRV - [2008/04/14 08:00:00 | 000,026,496 | ---- | M] (Advanced System Products, Inc.) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\DRIVERS\asc.sys -- (asc)
DRV - [2008/04/14 08:00:00 | 000,019,072 | ---- | M] (Adaptec, Inc.) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\DRIVERS\sparrow.sys -- (Sparrow)
DRV - [2008/04/14 08:00:00 | 000,017,280 | ---- | M] (American Megatrends Inc.) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\DRIVERS\mraid35x.sys -- (mraid35x)
DRV - [2008/04/14 08:00:00 | 000,016,256 | ---- | M] (Symbios Logic Inc.) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\DRIVERS\symc810.sys -- (symc810)
DRV - [2008/04/14 08:00:00 | 000,015,232 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\mpe.sys -- (MPE)
DRV - [2008/04/14 08:00:00 | 000,014,848 | ---- | M] (Advanced System Products, Inc.) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\DRIVERS\asc3550.sys -- (asc3550)
DRV - [2008/04/14 08:00:00 | 000,006,656 | ---- | M] (CMD Technology, Inc.) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\DRIVERS\cmdide.sys -- (CmdIde)
DRV - [2008/04/14 08:00:00 | 000,005,248 | ---- | M] (Acer Laboratories Inc.) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\DRIVERS\aliide.sys -- (AliIde)
DRV - [2008/04/14 01:15:14 | 000,060,032 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\USBAUDIO.sys -- (usbaudio) USB Audio Driver (WDM)
DRV - [2008/01/21 14:15:22 | 000,128,000 | ---- | M] (NVIDIA Corporation) [Kernel | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\nvrd32.sys -- (nvrd32)
DRV - [2008/01/21 14:15:22 | 000,102,400 | ---- | M] (NVIDIA Corporation) [Kernel | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\nvgts.sys -- (nvgts)
DRV - [2008/01/15 14:34:04 | 000,029,696 | ---- | M] (NVidia Corp.) [Kernel | On_Demand | Running] -- C:\WINDOWS\nvoclock.sys -- (NVR0Dev)
DRV - [2008/01/14 23:20:12 | 000,022,016 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\nvnetbus.sys -- (nvnetbus)
DRV - [2008/01/14 23:20:10 | 000,054,016 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\NVENETFD.sys -- (NVENETFD)
DRV - [2008/01/14 23:10:30 | 004,620,288 | ---- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\RtkHDAud.sys -- (IntcAzAudAddService) Service for Realtek HD Audio (WDM)
DRV - [2007/12/26 22:25:10 | 000,020,736 | R--- | M] (ZDC., Inc. (ZDC)) [Kernel | System | Running] -- C:\WINDOWS\system32\ZDCndis5.sys -- (ZDCNDIS5)
DRV - [2007/09/23 22:32:20 | 000,084,992 | ---- | M] (ATI Research Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\AtiHdmi.sys -- (AtiHdmiService)
DRV - [2007/07/19 01:44:02 | 000,041,752 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\LVUSBSta.sys -- (LVUSBSta)
DRV - [2007/07/19 01:39:16 | 000,013,848 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\lv302af.sys -- (pepifilter)
DRV - [2007/02/26 18:15:22 | 000,061,984 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\xusb21.sys -- (xusb21)
DRV - [2007/02/06 17:45:04 | 000,025,632 | ---- | M] () [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\LVPr2Mon.sys -- (LVPr2Mon)
DRV - [2007/02/06 17:44:36 | 001,964,064 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\LVMVdrv.sys -- (LVMVDrv)
DRV - [2007/02/06 17:42:40 | 001,691,808 | ---- | M] () [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\Lvckap.sys -- (LVcKap)
DRV - [2007/02/03 10:27:28 | 000,938,272 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\LV302V32.SYS -- (PID_PEPI) Logitech QuickCam IM(PID_PEPI)
DRV - [2004/02/04 10:27:56 | 000,049,536 | ---- | M] (Texas Instruments Incorporated) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\tiehdusb.sys -- (TIEHDUSB)
DRV - [2002/07/17 09:05:10 | 000,016,512 | ---- | M] (Adaptec) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\ASPI32.SYS -- (ASPI)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,Default_Page_URL = partnerpage.google.com/smallbiz.dell.com/en_us?hl=en&client=dell-usuk&channel=us-smb&ibd=2080908
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,Default_Search_URL = http://www.google.com/ie
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,Start Page = partnerpage.google.com/smallbiz.dell.com/en_us?hl=en&client=dell-usuk&channel=us-smb&ibd=2080908


IE - HKU\.DEFAULT\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = partnerpage.google.com/smallbiz.dell.com/en_us?hl=en&client=dell-usuk&channel=us-smb&ibd=2080908
IE - HKU\.DEFAULT\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = partnerpage.google.com/smallbiz.dell.com/en_us?hl=en&client=dell-usuk&channel=us-smb&ibd=2080908
IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-18\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = partnerpage.google.com/smallbiz.dell.com/en_us?hl=en&client=dell-usuk&channel=us-smb&ibd=2080908
IE - HKU\S-1-5-18\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = partnerpage.google.com/smallbiz.dell.com/en_us?hl=en&client=dell-usuk&channel=us-smb&ibd=2080908
IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0



IE - HKU\S-1-5-21-181711195-3971840082-1150427271-1008\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = partnerpage.google.com/smallbiz.dell.com/en_us?hl=en&client=dell-usuk&channel=us-smb&ibd=2080908
IE - HKU\S-1-5-21-181711195-3971840082-1150427271-1008\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://partnerpage.google.com/smallbiz.del...amp;ibd=2080908
IE - HKU\S-1-5-21-181711195-3971840082-1150427271-1008\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.google.com/ie
IE - HKU\S-1-5-21-181711195-3971840082-1150427271-1008\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-21-181711195-3971840082-1150427271-1008\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = <local>

========== FireFox ==========

FF - prefs.js..browser.search.order.1: "Google"
FF - prefs.js..browser.search.selectedEngine: "Google"
FF - prefs.js..extensions.enabledItems: {99B98C2C-7274-45a3-A640-D9DF1A1C8460}:1.4
FF - prefs.js..extensions.enabledItems: detinyurlexpander@daniel.clarke:1.2.1
FF - prefs.js..extensions.enabledItems: {b9db16a4-6edc-47ec-a1f4-b86292ed211d}:4.8
FF - prefs.js..extensions.enabledItems: firebug@software.joehewitt.com:1.5.4
FF - prefs.js..extensions.enabledItems: {e4a8a97b-f2ed-450b-b12d-ee082ba24781}:0.8.20100408.6
FF - prefs.js..extensions.enabledItems: moveplayer@movenetworks.com:7
FF - prefs.js..extensions.enabledItems: {3f963a5b-e555-4543-90e2-c3908898db71}:9.0.0.855
FF - prefs.js..keyword.URL: "http://search.search-tab.com/?sid=10101057100&s="

FF - user.js..browser.search.selectedEngine: "Google"
FF - user.js..browser.search.order.1: "Google"
FF - user.js..keyword.URL: "http://search.search-tab.com/?sid=10101057100&s="

FF - HKLM\software\mozilla\eMusic Download Manager\Extensions\\Components: C:\Program Files\eMusic Download Manager\xulrunner\components [2010/04/02 01:39:34 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\eMusic Download Manager\Extensions\\Plugins: C:\Program Files\eMusic Download Manager\xulrunner\plugins [2010/04/02 01:39:33 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Firefox\Extensions\\smartwebprinting@hp.com: C:\Program Files\HP\Digital Imaging\Smart Web Printing\MozillaAddOn2 [2010/01/15 15:02:53 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Firefox\Extensions\\{3f963a5b-e555-4543-90e2-c3908898db71}: C:\Program Files\AVG\AVG9\Firefox [2010/09/23 19:21:56 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.6.10\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2010/09/27 21:32:22 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.6.10\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2010/09/27 21:32:22 | 000,000,000 | ---D | M]

[2008/09/13 18:43:36 | 000,000,000 | ---D | M] -- C:\Documents and Settings\John\Application Data\Mozilla\Extensions
[2010/10/04 16:28:20 | 000,000,000 | ---D | M] -- C:\Documents and Settings\John\Application Data\Mozilla\Firefox\Profiles\la6e4z40.default\extensions
[2010/05/13 20:22:11 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Documents and Settings\John\Application Data\Mozilla\Firefox\Profiles\la6e4z40.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}
[2010/04/11 21:21:29 | 000,000,000 | ---D | M] (CookieCuller) -- C:\Documents and Settings\John\Application Data\Mozilla\Firefox\Profiles\la6e4z40.default\extensions\{99B98C2C-7274-45a3-A640-D9DF1A1C8460}
[2010/04/07 22:26:52 | 000,000,000 | ---D | M] () -- C:\Documents and Settings\John\Application Data\Mozilla\Firefox\Profiles\la6e4z40.default\extensions\{a7101e54-830c-4d33-a3ed-bedc17ec44da}
[2010/08/07 20:20:59 | 000,000,000 | ---D | M] (DownloadHelper) -- C:\Documents and Settings\John\Application Data\Mozilla\Firefox\Profiles\la6e4z40.default\extensions\{b9db16a4-6edc-47ec-a1f4-b86292ed211d}
[2010/04/11 18:43:03 | 000,000,000 | ---D | M] (Greasemonkey) -- C:\Documents and Settings\John\Application Data\Mozilla\Firefox\Profiles\la6e4z40.default\extensions\{e4a8a97b-f2ed-450b-b12d-ee082ba24781}
[2010/04/07 22:33:53 | 000,000,000 | ---D | M] -- C:\Documents and Settings\John\Application Data\Mozilla\Firefox\Profiles\la6e4z40.default\extensions\detinyurlexpander@daniel.clarke
[2010/05/13 20:22:16 | 000,000,000 | ---D | M] -- C:\Documents and Settings\John\Application Data\Mozilla\Firefox\Profiles\la6e4z40.default\extensions\firebug@software.joehewitt.com
[2010/10/04 16:28:20 | 000,000,000 | ---D | M] -- C:\Program Files\Mozilla Firefox\extensions
[2008/01/04 04:38:50 | 000,054,600 | ---- | M] (BitTorrent, Inc.) -- C:\Program Files\Mozilla Firefox\plugins\npbittorrent.dll
[2007/04/16 13:07:12 | 000,180,293 | ---- | M] () -- C:\Program Files\Mozilla Firefox\plugins\npViewpoint.dll
[2010/09/13 11:13:36 | 000,002,075 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\google_search.xml

O1 HOSTS File: ([2010/04/02 01:38:18 | 000,377,785 | R--- | M]) - C:\WINDOWS\system32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O1 - Hosts: 127.0.0.1 activate.adobe.com
O1 - Hosts: 127.0.0.1 www.007guard.com
O1 - Hosts: 127.0.0.1 007guard.com
O1 - Hosts: 127.0.0.1 008i.com
O1 - Hosts: 127.0.0.1 www.008k.com
O1 - Hosts: 127.0.0.1 008k.com
O1 - Hosts: 127.0.0.1 www.00hq.com
O1 - Hosts: 127.0.0.1 00hq.com
O1 - Hosts: 127.0.0.1 010402.com
O1 - Hosts: 127.0.0.1 www.032439.com
O1 - Hosts: 127.0.0.1 032439.com
O1 - Hosts: 127.0.0.1 www.0scan.com
O1 - Hosts: 127.0.0.1 0scan.com
O1 - Hosts: 127.0.0.1 www.1000gratisproben.com
O1 - Hosts: 127.0.0.1 1000gratisproben.com
O1 - Hosts: 127.0.0.1 www.1001namen.com
O1 - Hosts: 127.0.0.1 1001namen.com
O1 - Hosts: 127.0.0.1 www.100888290cs.com
O1 - Hosts: 127.0.0.1 100888290cs.com
O1 - Hosts: 127.0.0.1 www.100sexlinks.com
O1 - Hosts: 127.0.0.1 100sexlinks.com
O1 - Hosts: 127.0.0.1 10sek.com
O1 - Hosts: 127.0.0.1 www.10sek.com
O1 - Hosts: 127.0.0.1 1-2005-search.com
O1 - Hosts: 13023 more lines...
O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - No CLSID value found.
O2 - BHO: (HP Print Enhancer) - {0347C33E-8762-4905-BF09-768834316C61} - C:\Program Files\HP\Digital Imaging\Smart Web Printing\hpswp_printenhancer.dll (Hewlett-Packard Co.)
O2 - BHO: (Adobe PDF Reader Link Helper) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated)
O2 - BHO: (SafeOnline BHO) - {69D72956-317C-44bd-B369-8E44D4EF9801} - C:\WINDOWS\system32\PxSecure.dll (Prevx)
O2 - BHO: (HP Smart BHO Class) - {FFFFFFFF-CF4E-4F2B-BDC2-0E72E116A856} - C:\Program Files\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll (Hewlett-Packard Co.)
O3 - HKU\S-1-5-21-181711195-3971840082-1150427271-1008\..\Toolbar\WebBrowser: (no name) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - No CLSID value found.
O3 - HKU\S-1-5-21-181711195-3971840082-1150427271-1008\..\Toolbar\WebBrowser: (no name) - {724D43A0-0D85-11D4-9908-00400523E39A} - No CLSID value found.
O3 - HKU\S-1-5-21-181711195-3971840082-1150427271-1008\..\Toolbar\WebBrowser: (no name) - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - No CLSID value found.
O4 - HKLM..\Run: [dellsupportcenter] C:\Program Files\Dell Support Center\bin\sprtcmd.exe File not found
O4 - HKLM..\Run: [ZoneAlarm Client] C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe (Check Point Software Technologies LTD)
O4 - HKLM..\RunOnceEx: [Flags] Reg Error: Invalid data type. File not found
O4 - HKLM..\RunOnceEx: [Title] File not found
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: AllowLegacyWebView = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: AllowUnhashedWebView = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoCDBurning = 0
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-21-181711195-3971840082-1150427271-1008\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O8 - Extra context menu item: E&xport to Microsoft Excel - C:\Program Files\Microsoft Office\Office12\EXCEL.EXE (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\npjpi160_05.dll (Sun Microsystems, Inc.)
O9 - Extra Button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\Program Files\Microsoft Office\Office12\REFIEBAR.DLL (Microsoft Corporation)
O9 - Extra Button: HP Smart Select - {DDE87865-83C5-48c4-8357-2F5B1AA84522} - C:\Program Files\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll (Hewlett-Packard Co.)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000004 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Java Plug-in 1.6.0_05)
O16 - DPF: {CAFEEFAC-0016-0000-0005-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Java Plug-in 1.6.0_05)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Java Plug-in 1.6.0_05)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 68.87.64.150 68.87.75.198
O18 - Protocol\Handler\linkscanner {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG9\avgpp.dll (AVG Technologies CZ, s.r.o.)
O18 - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - C:\Program Files\Common Files\Microsoft Shared\Help\hxds.dll (Microsoft Corporation)
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O18 - Protocol\Filter\text/xml {807563E5-5146-11D5-A672-00B0D022E945} - C:\Program Files\Common Files\Microsoft Shared\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation)
O20 - AppInit_DLLs: (C:\PROGRA~1\Google\GOOGLE~2\GOEC62~1.DLL) - C:\PROGRA~1\Google\GOOGLE~2\GOEC62~1.DLL File not found
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - Winlogon\Notify\AtiExtEvent: DllName - Ati2evxx.dll - C:\WINDOWS\System32\ati2evxx.dll (ATI Technologies Inc.)
O20 - Winlogon\Notify\avgrsstarter: DllName - avgrsstx.dll - C:\WINDOWS\System32\avgrsstx.dll (AVG Technologies CZ, s.r.o.)
O20 - Winlogon\Notify\GoToAssist: DllName - C:\Program Files\Citrix\GoToAssist\514\G2AWinLogon.dll - C:\Program Files\Citrix\GoToAssist\514\g2awinlogon.dll (Citrix Online, a division of Citrix Systems, Inc.)
O24 - Desktop WallPaper: C:\Documents and Settings\John\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O24 - Desktop BackupWallPaper: C:\Documents and Settings\John\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O28 - HKLM ShellExecuteHooks: {091EB208-39DD-417D-A5DD-7E2C2D8FB9CB} - C:\Program Files\Windows Defender\MpShHook.dll (Microsoft Corporation)
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2008/04/25 17:29:32 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O32 - AutoRun File - [1995/11/06 12:27:48 | 000,077,238 | R--- | M] () - G:\AUTOPLAY.BMP -- [ CDFS ]
O32 - AutoRun File - [1995/11/06 12:27:48 | 000,129,954 | R--- | M] () - G:\AUTOPLAY.EXE -- [ CDFS ]
O32 - AutoRun File - [1995/11/06 12:27:48 | 000,000,766 | R--- | M] () - G:\AUTOPLAY.ICO -- [ CDFS ]
O32 - AutoRun File - [1995/11/07 05:15:24 | 000,000,298 | R--- | M] () - G:\AUTORUN.INF -- [ CDFS ]
O33 - MountPoints2\{491942de-e9cb-11de-929b-001ec9597456}\Shell\AutoRun\command - "" = E:\yqq8eqil.exe -- File not found
O33 - MountPoints2\{491942de-e9cb-11de-929b-001ec9597456}\Shell\open\Command - "" = E:\yqq8eqil.exe -- File not found
O33 - MountPoints2\G\Shell - "" = AutoRun
O33 - MountPoints2\G\Shell\AutoRun - "" = Auto&Play
O33 - MountPoints2\G\Shell\AutoRun\command - "" = G:\AUTOPLAY.EXE -- [1995/11/06 12:27:48 | 000,129,954 | R--- | M] ()
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

NetSvcs: Ias - File not found
NetSvcs: Iprip - File not found
NetSvcs: Irmon - File not found
NetSvcs: NWCWorkstation - File not found
NetSvcs: Nwsapagent - File not found
NetSvcs: WmdmPmSp - File not found

CREATERESTOREPOINT
Restore point Set: OTL Restore Point (17183584330711040)

========== Files/Folders - Created Within 30 Days ==========

[2010/10/05 17:07:49 | 000,575,488 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\John\Desktop\OTL.exe
[2010/10/01 23:52:22 | 000,000,000 | -HSD | C] -- C:\found.000
[2010/09/23 19:17:05 | 000,000,000 | ---D | C] -- C:\Documents and Settings\John\Application Data\AVG9
[2010/09/19 12:26:08 | 000,058,368 | ---- | C] (Check Point Software Technologies LTD) -- C:\WINDOWS\System32\vsregexp.dll
[2010/09/19 12:25:58 | 000,103,936 | ---- | C] (Check Point Software Technologies LTD) -- C:\WINDOWS\System32\zlcommdb.dll
[2010/09/19 12:25:58 | 000,069,120 | ---- | C] (Check Point Software Technologies LTD) -- C:\WINDOWS\System32\zlcomm.dll
[2010/09/19 12:25:55 | 000,043,008 | ---- | C] (Check Point Software Technologies LTD) -- C:\WINDOWS\System32\vswmi.dll
[2010/09/19 12:25:46 | 001,238,528 | ---- | C] (Check Point Software Technologies LTD) -- C:\WINDOWS\System32\zpeng25.dll
[2010/09/19 12:25:46 | 000,110,080 | ---- | C] (Check Point Software Technologies LTD) -- C:\WINDOWS\System32\vsxml.dll
[2010/09/19 12:25:46 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\ZoneLabs
[2010/09/19 12:25:45 | 000,302,592 | ---- | C] (Check Point Software Technologies LTD) -- C:\WINDOWS\System32\vspubapi.dll
[2010/09/19 12:25:45 | 000,108,032 | ---- | C] (Check Point Software Technologies LTD) -- C:\WINDOWS\System32\vsmonapi.dll
[2010/09/19 12:25:44 | 000,532,224 | ---- | C] (Check Point Software Technologies LTD) -- C:\WINDOWS\System32\vsdatant.sys
[2010/09/19 12:25:43 | 000,000,000 | ---D | C] -- C:\Program Files\Zone Labs
[2010/09/19 12:25:13 | 000,000,000 | ---D | C] -- C:\WINDOWS\Internet Logs
[2010/09/19 12:25:12 | 000,713,728 | ---- | C] (Check Point Software Technologies LTD) -- C:\WINDOWS\System32\vsutil.dll
[2010/09/19 12:25:12 | 000,228,864 | ---- | C] (Check Point Software Technologies LTD) -- C:\WINDOWS\System32\vsinit.dll
[2010/09/19 12:25:12 | 000,112,128 | ---- | C] (Check Point Software Technologies LTD) -- C:\WINDOWS\System32\vsdata.dll
[2010/09/19 12:18:16 | 000,000,000 | ---D | C] -- C:\Documents and Settings\John\Application Data\QuickScan
[2010/09/19 12:04:01 | 000,070,192 | ---- | C] (Prevx) -- C:\WINDOWS\System32\PxSecure.dll
[2010/09/19 12:03:58 | 000,073,216 | ---- | C] (Prevx) -- C:\WINDOWS\System32\drivers\pxrts.sys
[2010/09/19 12:03:58 | 000,030,320 | ---- | C] (Prevx) -- C:\WINDOWS\System32\drivers\pxscan.sys
[2010/09/19 12:03:55 | 000,024,400 | ---- | C] (Prevx) -- C:\WINDOWS\System32\drivers\pxkbf.sys
[2010/09/19 12:03:52 | 000,000,000 | ---D | C] -- C:\Program Files\Prevx
[2010/09/19 12:03:42 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\PrevxCSI
[2010/09/19 10:32:13 | 000,021,504 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\drivers\hidserv.dll
[2010/09/15 23:52:36 | 000,000,000 | ---D | C] -- C:\Documents and Settings\John\My Documents\RegRun2
[2010/09/15 19:23:12 | 000,000,000 | ---D | C] -- C:\Documents and Settings\NetworkService\Local Settings\Application Data\Adobe
[2010/09/14 23:54:18 | 000,000,000 | ---D | C] -- C:\Documents and Settings\LocalService\Application Data\Macromedia
[2010/09/14 23:54:16 | 000,000,000 | ---D | C] -- C:\Documents and Settings\LocalService\Application Data\Adobe
[2010/09/14 19:26:39 | 000,000,000 | -H-D | C] -- C:\$AVG
[2010/09/14 19:25:14 | 000,052,872 | ---- | C] (AVG Technologies CZ, s.r.o.) -- C:\WINDOWS\System32\drivers\avgrkx86.sys
[2010/09/14 19:25:12 | 000,243,024 | ---- | C] (AVG Technologies CZ, s.r.o.) -- C:\WINDOWS\System32\drivers\avgtdix.sys
[2010/09/14 19:23:45 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\avg9
[2010/09/14 15:48:22 | 000,024,416 | ---- | C] (Greatis Software) -- C:\WINDOWS\System32\drivers\regguard.sys
[2010/09/14 15:44:10 | 000,000,000 | ---D | C] -- C:\Documents and Settings\John\Desktop\RegRun2
[2010/09/14 15:43:58 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Documents\regruninfo
[2010/09/14 15:43:57 | 000,012,808 | ---- | C] (Greatis Software, LLC.) -- C:\WINDOWS\System32\drivers\UnHackMeDrv.sys
[2010/09/14 15:43:51 | 000,000,000 | ---D | C] -- C:\Program Files\UnHackMe
[2010/09/14 15:40:17 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Hitman Pro
[2010/09/14 15:40:13 | 000,000,000 | ---D | C] -- C:\Program Files\Hitman Pro 3.5
[2010/09/14 01:45:09 | 000,000,000 | ---D | C] -- C:\Documents and Settings\NetworkService\Application Data\Sun
[2010/09/14 01:03:55 | 000,000,000 | -HSD | C] -- C:\WINDOWS\CSC
[2010/09/14 01:02:55 | 000,000,000 | ---D | C] -- C:\Documents and Settings\John\Application Data\Malwarebytes
[2010/09/14 01:02:49 | 000,038,224 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbamswissarmy.sys
[2010/09/14 01:02:47 | 000,020,952 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys
[2010/09/14 01:02:47 | 000,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware
[2010/09/14 01:02:47 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Malwarebytes
[2010/09/13 23:58:30 | 000,000,000 | ---D | C] -- C:\Documents and Settings\NetworkService\Application Data\Macromedia
[2010/09/13 23:58:28 | 000,000,000 | ---D | C] -- C:\Documents and Settings\NetworkService\Application Data\Adobe
[22 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
[1 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2010/10/05 23:02:33 | 000,002,206 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2010/10/05 23:01:41 | 000,000,878 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineCore.job
[2010/10/05 23:01:40 | 000,000,006 | -H-- | M] () -- C:\WINDOWS\tasks\SA.DAT
[2010/10/05 23:01:32 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2010/10/05 23:01:29 | 3487,006,720 | -HS- | M] () -- C:\hiberfil.sys
[2010/10/05 23:00:11 | 000,000,178 | -HS- | M] () -- C:\Documents and Settings\John\ntuser.ini
[2010/10/05 23:00:10 | 017,301,504 | ---- | M] () -- C:\Documents and Settings\John\NTUSER.DAT
[2010/10/05 23:00:00 | 000,000,974 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskUserS-1-5-21-181711195-3971840082-1150427271-1008UA.job
[2010/10/05 23:00:00 | 000,000,922 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskUserS-1-5-21-181711195-3971840082-1150427271-1008Core.job
[2010/10/05 22:28:24 | 000,000,000 | ---- | M] () -- C:\Documents and Settings\John\Local Settings\Application Data\prvlcl.dat
[2010/10/05 22:26:01 | 000,000,882 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineUA.job
[2010/10/05 17:07:49 | 000,575,488 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\John\Desktop\OTL.exe
[2010/10/05 17:07:47 | 000,080,384 | ---- | M] () -- C:\Documents and Settings\John\Desktop\MBRCheck.exe
[2010/10/05 17:06:22 | 065,638,003 | ---- | M] () -- C:\WINDOWS\System32\drivers\Avg\incavi.avm
[2010/10/05 17:04:08 | 000,133,632 | ---- | M] () -- C:\Documents and Settings\John\Desktop\RKUnhookerLE.EXE
[2010/10/04 19:30:34 | 000,002,137 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\iTunes.lnk
[2010/10/03 13:51:11 | 000,016,968 | ---- | M] () -- C:\WINDOWS\System32\drivers\hitmanpro35.sys
[2010/10/02 01:46:00 | 000,000,330 | -H-- | M] () -- C:\WINDOWS\tasks\MP Scheduled Scan.job
[2010/10/02 01:30:43 | 000,525,824 | ---- | M] () -- C:\Documents and Settings\John\Desktop\dds.scr
[2010/09/26 22:17:50 | 000,284,915 | ---- | M] () -- C:\Documents and Settings\John\Desktop\gmer.zip
[2010/09/26 22:06:26 | 000,000,000 | ---- | M] () -- C:\Documents and Settings\John\defogger_reenable
[2010/09/26 22:05:49 | 000,050,477 | ---- | M] () -- C:\Documents and Settings\John\Desktop\Defogger.exe
[2010/09/26 20:18:21 | 000,000,684 | ---- | M] () -- C:\Documents and Settings\John\Desktop\CCleaner.lnk
[2010/09/24 01:01:18 | 000,002,279 | ---- | M] () -- C:\Documents and Settings\John\Desktop\Google Chrome.lnk
[2010/09/24 01:01:18 | 000,002,257 | ---- | M] () -- C:\Documents and Settings\John\Application Data\Microsoft\Internet Explorer\Quick Launch\Google Chrome.lnk
[2010/09/23 19:29:29 | 000,000,732 | ---- | M] () -- C:\WINDOWS\System32\.crusader
[2010/09/22 00:15:41 | 000,811,190 | ---- | M] () -- C:\Documents and Settings\John\My Documents\sarahs theology collage.docx
[2010/09/19 12:26:31 | 000,420,800 | ---- | M] () -- C:\WINDOWS\System32\vsconfig.xml
[2010/09/19 12:26:14 | 000,004,212 | -H-- | M] () -- C:\WINDOWS\System32\zllictbl.dat
[2010/09/19 12:26:12 | 000,000,733 | ---- | M] () -- C:\Documents and Settings\John\Desktop\ZoneAlarm Security.lnk
[2010/09/19 12:04:01 | 000,070,192 | ---- | M] (Prevx) -- C:\WINDOWS\System32\PxSecure.dll
[2010/09/19 12:03:58 | 000,073,216 | ---- | M] (Prevx) -- C:\WINDOWS\System32\drivers\pxrts.sys
[2010/09/19 12:03:58 | 000,030,320 | ---- | M] (Prevx) -- C:\WINDOWS\System32\drivers\pxscan.sys
[2010/09/19 12:03:55 | 000,024,400 | ---- | M] (Prevx) -- C:\WINDOWS\System32\drivers\pxkbf.sys
[2010/09/19 12:03:41 | 000,000,202 | ---- | M] () -- C:\WINDOWS\wininit.ini
[2010/09/19 10:35:37 | 000,000,000 | -H-- | M] () -- C:\WINDOWS\System32\drivers\Msft_Kernel_NuidFltr_01005.Wdf
[2010/09/19 10:35:33 | 000,000,000 | -H-- | M] () -- C:\WINDOWS\System32\drivers\MsftWdf_Kernel_01005_Coinstaller_Critical.Wdf
[2010/09/15 23:58:01 | 001,077,894 | -H-- | M] () -- C:\Documents and Settings\John\Local Settings\Application Data\IconCache.db
[2010/09/15 22:50:04 | 000,000,730 | ---- | M] () -- C:\WINDOWS\win.ini
[2010/09/15 22:50:04 | 000,000,227 | ---- | M] () -- C:\WINDOWS\system.ini
[2010/09/15 22:50:04 | 000,000,211 | RHS- | M] () -- C:\boot.ini
[2010/09/15 22:39:37 | 000,000,664 | ---- | M] () -- C:\WINDOWS\System32\d3d9caps.dat
[2010/09/14 19:26:19 | 000,012,536 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\WINDOWS\System32\avgrsstx.dll
[2010/09/14 19:25:14 | 000,243,024 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\WINDOWS\System32\drivers\avgtdix.sys
[2010/09/14 19:25:14 | 000,052,872 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\WINDOWS\System32\drivers\avgrkx86.sys
[2010/09/14 19:25:12 | 000,216,400 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\WINDOWS\System32\drivers\avgldx86.sys
[2010/09/14 19:25:12 | 000,029,584 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\WINDOWS\System32\drivers\avgmfx86.sys
[2010/09/14 19:25:11 | 000,113,461 | ---- | M] () -- C:\WINDOWS\System32\drivers\Avg\iavichjw.avm
[2010/09/14 18:54:45 | 000,024,416 | ---- | M] (Greatis Software) -- C:\WINDOWS\System32\drivers\regguard.sys
[2010/09/14 15:44:35 | 000,002,577 | ---- | M] () -- C:\WINDOWS\System32\CONFIG.NT
[2010/09/14 15:44:35 | 000,001,688 | ---- | M] () -- C:\WINDOWS\System32\AUTOEXEC.NT
[2010/09/14 15:44:35 | 000,000,002 | RHS- | M] () -- C:\WINDOWS\winstart.bat
[2010/09/14 15:44:00 | 000,000,632 | ---- | M] () -- C:\Documents and Settings\John\Desktop\UnHackMe.lnk
[2010/09/14 15:20:40 | 000,000,112 | ---- | M] () -- C:\Documents and Settings\All Users\Application Data\ndeOJDg.dat
[2010/09/08 00:46:03 | 000,030,720 | ---- | M] () -- C:\Documents and Settings\John\Desktop\xc training.doc
[22 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
[1 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]

========== Files Created - No Company Name ==========

[2010/10/05 17:07:53 | 000,080,384 | ---- | C] () -- C:\Documents and Settings\John\Desktop\MBRCheck.exe
[2010/10/05 17:04:09 | 000,133,632 | ---- | C] () -- C:\Documents and Settings\John\Desktop\RKUnhookerLE.EXE
[2010/10/02 01:30:45 | 000,525,824 | ---- | C] () -- C:\Documents and Settings\John\Desktop\dds.scr
[2010/10/01 01:27:13 | 000,000,000 | ---- | C] () -- C:\Documents and Settings\John\Local Settings\Application Data\prvlcl.dat
[2010/09/26 22:18:42 | 000,293,376 | ---- | C] () -- C:\Documents and Settings\John\Desktop\gmer.exe
[2010/09/26 22:17:50 | 000,284,915 | ---- | C] () -- C:\Documents and Settings\John\Desktop\gmer.zip
[2010/09/26 22:06:26 | 000,000,000 | ---- | C] () -- C:\Documents and Settings\John\defogger_reenable
[2010/09/26 22:05:49 | 000,050,477 | ---- | C] () -- C:\Documents and Settings\John\Desktop\Defogger.exe
[2010/09/22 00:15:40 | 000,811,190 | ---- | C] () -- C:\Documents and Settings\John\My Documents\sarahs theology collage.docx
[2010/09/19 12:26:14 | 000,004,212 | -H-- | C] () -- C:\WINDOWS\System32\zllictbl.dat
[2010/09/19 12:26:12 | 000,000,733 | ---- | C] () -- C:\Documents and Settings\John\Desktop\ZoneAlarm Security.lnk
[2010/09/19 12:25:44 | 000,420,800 | ---- | C] () -- C:\WINDOWS\System32\vsconfig.xml
[2010/09/19 10:35:37 | 000,000,000 | -H-- | C] () -- C:\WINDOWS\System32\drivers\Msft_Kernel_NuidFltr_01005.Wdf
[2010/09/19 10:35:33 | 000,000,000 | -H-- | C] () -- C:\WINDOWS\System32\drivers\MsftWdf_Kernel_01005_Coinstaller_Critical.Wdf
[2010/09/15 22:42:01 | 3487,006,720 | -HS- | C] () -- C:\hiberfil.sys
[2010/09/14 16:00:24 | 000,000,732 | ---- | C] () -- C:\WINDOWS\System32\.crusader
[2010/09/14 15:44:35 | 000,000,002 | RHS- | C] () -- C:\WINDOWS\winstart.bat
[2010/09/14 15:44:00 | 000,000,632 | ---- | C] () -- C:\Documents and Settings\John\Desktop\UnHackMe.lnk
[2010/09/14 15:40:33 | 000,016,968 | ---- | C] () -- C:\WINDOWS\System32\drivers\hitmanpro35.sys
[2010/09/14 15:31:35 | 000,001,810 | ---- | C] () -- C:\Documents and Settings\All Users\Start Menu\Programs\Startup\HP Digital Imaging Monitor.lnk
[2010/09/14 00:54:17 | 000,000,330 | -H-- | C] () -- C:\WINDOWS\tasks\MP Scheduled Scan.job
[2010/09/14 00:12:29 | 000,000,112 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\ndeOJDg.dat
[2010/09/03 00:17:02 | 000,192,512 | ---- | C] () -- C:\WINDOWS\System32\VisionManaged.dll
[2010/09/03 00:17:00 | 000,139,264 | ---- | C] () -- C:\WINDOWS\System32\VBaseUI80.dll
[2010/09/03 00:17:00 | 000,131,072 | ---- | C] () -- C:\WINDOWS\System32\VBaseUI71.dll
[2010/09/03 00:16:56 | 002,768,896 | ---- | C] () -- C:\WINDOWS\System32\PhysXCore.dll
[2010/09/03 00:16:56 | 000,386,600 | ---- | C] () -- C:\WINDOWS\System32\PhysXCooking.dll
[2010/09/03 00:16:56 | 000,086,016 | ---- | C] () -- C:\WINDOWS\System32\NxExtensions.dll
[2010/09/03 00:16:55 | 000,356,352 | ---- | C] () -- C:\WINDOWS\System32\NxCooking.dll
[2010/09/03 00:16:55 | 000,126,976 | ---- | C] () -- C:\WINDOWS\System32\NxCharacter.dll
[2010/09/03 00:16:50 | 000,325,120 | ---- | C] () -- C:\WINDOWS\System32\libsndfile-1.dll
[2010/09/02 14:35:10 | 000,043,520 | ---- | C] () -- C:\WINDOWS\System32\CmdLineExt03.dll
[2010/08/15 14:15:12 | 000,000,000 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\PKP_DLbx.DAT
[2010/08/15 14:12:41 | 000,000,268 | RH-- | C] () -- C:\Documents and Settings\All Users\Application Data\Contextual Menu Items
[2010/08/15 14:12:41 | 000,000,268 | RH-- | C] () -- C:\Documents and Settings\John\Application Data\Conditionals
[2010/08/15 14:12:41 | 000,000,020 | -H-- | C] () -- C:\Documents and Settings\All Users\Application Data\PKP_DLdw.DAT
[2010/08/15 14:11:23 | 000,000,268 | RH-- | C] () -- C:\Documents and Settings\All Users\Application Data\Console
[2010/08/15 14:11:23 | 000,000,268 | RH-- | C] () -- C:\Documents and Settings\John\Application Data\Components
[2010/08/15 14:11:23 | 000,000,020 | -H-- | C] () -- C:\Documents and Settings\All Users\Application Data\PKP_DLdu.DAT
[2010/07/10 17:31:30 | 000,000,091 | ---- | C] () -- C:\WINDOWS\AD_PREFS.INI
[2010/06/05 16:43:41 | 000,000,189 | ---- | C] () -- C:\WINDOWS\SIERRA.INI
[2010/04/11 17:11:38 | 000,001,598 | ---- | C] () -- C:\WINDOWS\Sandboxie.ini
[2009/09/03 00:24:51 | 000,022,328 | ---- | C] () -- C:\Documents and Settings\John\Application Data\PnkBstrK.sys
[2009/08/24 17:12:41 | 000,000,953 | ---- | C] () -- C:\WINDOWS\disney.ini
[2009/08/24 17:12:35 | 000,000,174 | ---- | C] () -- C:\WINDOWS\disneysy.ini
[2009/08/22 02:28:43 | 000,000,028 | ---- | C] () -- C:\WINDOWS\Robota.INI
[2009/08/22 02:27:08 | 000,053,248 | ---- | C] () -- C:\WINDOWS\System32\mgxasio2.dll
[2009/08/22 02:26:02 | 000,120,200 | ---- | C] () -- C:\WINDOWS\System32\DLLDEV32i.dll
[2009/08/22 02:25:27 | 000,006,211 | ---- | C] () -- C:\WINDOWS\mgxoschk.ini
[2009/08/21 02:56:00 | 000,010,651 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\hpzinstall.log
[2009/08/07 00:58:58 | 000,058,163 | ---- | C] () -- C:\WINDOWS\System32\lvcoinst.ini
[2009/08/03 16:07:42 | 000,403,816 | ---- | C] () -- C:\WINDOWS\System32\OGACheckControl.dll
[2009/06/09 00:39:34 | 000,000,754 | ---- | C] () -- C:\WINDOWS\WORDPAD.INI
[2009/05/27 00:36:51 | 000,000,202 | ---- | C] () -- C:\WINDOWS\wininit.ini
[2009/01/23 19:51:16 | 000,000,067 | ---- | C] () -- C:\WINDOWS\101_ASB.INI
[2008/11/17 00:22:13 | 000,012,288 | ---- | C] () -- C:\WINDOWS\impborl.dll
[2008/10/07 09:13:30 | 000,197,912 | ---- | C] () -- C:\WINDOWS\System32\physxcudart_20.dll
[2008/10/07 09:13:22 | 000,058,648 | ---- | C] () -- C:\WINDOWS\System32\AgCPanelTraditionalChinese.dll
[2008/10/07 09:13:20 | 000,058,648 | ---- | C] () -- C:\WINDOWS\System32\AgCPanelSwedish.dll
[2008/10/07 09:13:20 | 000,058,648 | ---- | C] () -- C:\WINDOWS\System32\AgCPanelSpanish.dll
[2008/10/07 09:13:20 | 000,058,648 | ---- | C] () -- C:\WINDOWS\System32\AgCPanelSimplifiedChinese.dll
[2008/10/07 09:13:20 | 000,058,648 | ---- | C] () -- C:\WINDOWS\System32\AgCPanelPortugese.dll
[2008/10/07 09:13:20 | 000,058,648 | ---- | C] () -- C:\WINDOWS\System32\AgCPanelKorean.dll
[2008/10/07 09:13:20 | 000,058,648 | ---- | C] () -- C:\WINDOWS\System32\AgCPanelJapanese.dll
[2008/10/07 09:13:20 | 000,058,648 | ---- | C] () -- C:\WINDOWS\System32\AgCPanelGerman.dll
[2008/10/07 09:13:20 | 000,058,648 | ---- | C] () -- C:\WINDOWS\System32\AgCPanelFrench.dll
[2008/10/01 16:45:31 | 000,000,040 | ---- | C] () -- C:\WINDOWS\System32\2Wire.ini
[2008/10/01 16:45:22 | 000,000,020 | ---- | C] () -- C:\WINDOWS\System32\NB-WGASW.ini
[2008/09/24 22:26:05 | 000,000,021 | ---- | C] () -- C:\WINDOWS\atid.ini
[2008/09/21 02:37:09 | 000,028,672 | ---- | C] () -- C:\WINDOWS\kmouse32.dll
[2008/09/08 18:43:51 | 000,001,154 | ---- | C] () -- C:\WINDOWS\System32\OEMINFO.INI
[2008/09/08 16:11:38 | 000,000,061 | ---- | C] () -- C:\WINDOWS\smscfg.ini
[2008/04/25 17:26:32 | 000,001,793 | ---- | C] () -- C:\WINDOWS\System32\fxsperf.ini
[2008/04/14 01:42:04 | 000,363,520 | ---- | C] () -- C:\WINDOWS\System32\psisdecd.dll
[2007/02/06 17:45:04 | 000,025,632 | ---- | C] () -- C:\WINDOWS\System32\drivers\LVPr2Mon.sys
[2007/02/06 17:42:40 | 001,691,808 | ---- | C] () -- C:\WINDOWS\System32\drivers\Lvckap.sys

========== Custom Scans ==========


< %SYSTEMDRIVE%\*.exe >

< %ALLUSERSPROFILE%\Application Data\*.exe /s >
[2009/02/04 13:56:14 | 000,075,112 | ---- | M] (GEAR Software, Inc.) -- C:\Documents and Settings\All Users\Application Data\{429CAD59-35B1-4DBC-BB6D-1DB246563521}\x86\DifXInstall32.exe
[2010/01/11 04:12:48 | 002,653,048 | ---- | M] (Uniblue Systems Ltd. ) -- C:\Documents and Settings\All Users\Application Data\{66E2F539-12B6-4870-A500-7689CDE75C5E}\DriverScanner_Setup.exe
[2008/10/09 01:51:17 | 000,057,344 | ---- | M] (Microsoft Corporation) -- C:\Documents and Settings\All Users\Application Data\{66E2F539-12B6-4870-A500-7689CDE75C5E}\driverscanner\3E39C89\2FB6E586\DriverScannerApi.exe
[2008/11/14 09:32:18 | 000,212,992 | ---- | M] (Uniblue Systems) -- C:\Documents and Settings\All Users\Application Data\{66E2F539-12B6-4870-A500-7689CDE75C5E}\driverscanner\5C40AA7E\8F9F9DCD\DriverScanner.exe
[2008/08/27 08:45:58 | 000,077,312 | ---- | M] (Microsoft Corporation) -- C:\Documents and Settings\All Users\Application Data\{66E2F539-12B6-4870-A500-7689CDE75C5E}\driverscanner\CD77AC88\3DFD6AB6\DriverScannerApi.exe
[2008/09/24 22:26:06 | 001,144,808 | ---- | M] () -- C:\Documents and Settings\All Users\Application Data\AOL Downloads\aimtunes\AIMTunes.exe
[2009/10/05 15:11:04 | 003,547,096 | ---- | M] (AOL LLC) -- C:\Documents and Settings\All Users\Application Data\AOL OCP\AIM\Storage\All Users\SUDS_BBC2683C\CACHE\4469.2.4\AIMinst.exe
[2009/10/05 15:11:08 | 002,314,768 | ---- | M] (AOL LLC) -- C:\Documents and Settings\All Users\Application Data\AOL OCP\AIM\Storage\All Users\SUDS_BBC2683C\CACHE\4469.2.4\AIMLang.exe
[2007/08/17 09:34:16 | 000,107,872 | ---- | M] (AOL LLC) -- C:\Documents and Settings\All Users\Application Data\AOL OCP\AIM\Storage\All Users\SUDS_BBC2683C\CACHE\4469.2.4\aolsetup.exe
[2009/10/05 15:11:20 | 000,097,128 | ---- | M] () -- C:\Documents and Settings\All Users\Application Data\AOL OCP\AIM\Storage\All Users\SUDS_BBC2683C\CACHE\4469.2.4\bsetutil.exe
[2009/10/05 15:11:20 | 000,180,824 | ---- | M] (AOL LLC) -- C:\Documents and Settings\All Users\Application Data\AOL OCP\AIM\Storage\All Users\SUDS_BBC2683C\CACHE\4469.2.4\dlupd.exe
[2009/10/05 15:11:12 | 000,243,048 | ---- | M] () -- C:\Documents and Settings\All Users\Application Data\AOL OCP\AIM\Storage\All Users\SUDS_BBC2683C\CACHE\4469.2.4\migrator.exe
[2009/10/05 15:11:12 | 001,225,352 | ---- | M] (AOL LLC.) -- C:\Documents and Settings\All Users\Application Data\AOL OCP\AIM\Storage\All Users\SUDS_BBC2683C\CACHE\4469.2.4\msvc9rt.exe
[2009/10/05 15:10:56 | 000,036,704 | ---- | M] (AOL LLC.) -- C:\Documents and Settings\All Users\Application Data\AOL OCP\AIM\Storage\All Users\SUDS_BBC2683C\CACHE\4469.2.4\postproc.exe
[2009/10/05 15:10:56 | 000,172,840 | ---- | M] (AOL LLC.) -- C:\Documents and Settings\All Users\Application Data\AOL OCP\AIM\Storage\All Users\SUDS_BBC2683C\CACHE\4469.2.4\setup.exe
[2009/10/05 15:11:14 | 000,404,568 | ---- | M] (AOL LLC) -- C:\Documents and Settings\All Users\Application Data\AOL OCP\AIM\Storage\All Users\SUDS_BBC2683C\CACHE\4469.2.4\tbsetup.exe
[2009/10/05 15:11:18 | 000,030,568 | ---- | M] () -- C:\Documents and Settings\All Users\Application Data\AOL OCP\AIM\Storage\All Users\SUDS_BBC2683C\CACHE\4469.2.4\Uninstaller.exe
[2010/07/23 02:00:41 | 000,073,000 | ---- | M] (Apple Inc.) -- C:\Documents and Settings\All Users\Application Data\Apple Computer\Installer Cache\iTunes 9.2.1.5\SetupAdmin.exe
[2010/08/15 14:31:35 | 002,485,883 | ---- | M] (ArcSoft Inc. ) -- C:\Documents and Settings\All Users\Application Data\ArcSoft\Global Deploy\CheckUpdate\ArcConnect.exe
[2010/09/29 16:11:39 | 002,065,760 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Documents and Settings\All Users\Application Data\avg9\update\backup\avgtray.exe
[2010/09/29 16:11:39 | 004,100,960 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Documents and Settings\All Users\Application Data\avg9\update\backup\avgui.exe
[2010/08/17 14:10:48 | 000,372,736 | ---- | M] (SoftThinks) -- C:\Documents and Settings\All Users\Application Data\Dell\DSL\DSLCheck.exe
[2008/10/31 08:43:52 | 001,847,136 | ---- | M] (MAGIX AG) -- C:\Documents and Settings\All Users\Application Data\MAGIX\MusicMaker15Premium_Download_version\Default\hrpjna01.exe
[2008/10/05 11:42:21 | 000,159,744 | ---- | M] (Nexon) -- C:\Documents and Settings\All Users\Application Data\NexonUS\NGM\NGM.exe
[2008/09/08 16:01:27 | 000,069,120 | ---- | M] (Microsoft Corporation) -- C:\Documents and Settings\All Users\Application Data\SupportSoft\DellSupportCenter\_default\data\f9cd5860-4b46-43fa-aa04-46ba9e956204\7e7d3c88-958b-4607-85a7-8c1cc5188887.1\NOTEPAD.EXE
[2008/09/03 18:06:54 | 005,342,161 | ---- | M] () -- C:\Documents and Settings\All Users\Application Data\SupportSoft\DellSupportCenter\SYSTEM\exec\DSCPatch_2_2_08100_2.1.exe
[2008/10/27 23:09:43 | 000,155,710 | ---- | M] () -- C:\Documents and Settings\All Users\Application Data\SupportSoft\DellSupportCenter\SYSTEM\exec\DSCPatch_2_2_08267_2.1.exe
[2009/01/21 19:23:49 | 000,148,954 | ---- | M] () -- C:\Documents and Settings\All Users\Application Data\SupportSoft\DellSupportCenter\SYSTEM\exec\DSCPatch_2_2_08335_2.1.exe
[2009/05/26 12:23:39 | 003,484,829 | ---- | M] () -- C:\Documents and Settings\All Users\Application Data\SupportSoft\DellSupportCenter\SYSTEM\exec\DSCPatch_2_2_09085_2.1.exe
[2008/06/25 12:50:12 | 000,529,291 | ---- | M] () -- C:\Documents and Settings\All Users\Application Data\SupportSoft\DellSupportCenter\SYSTEM\exec\PCD_Patch_1.exe
[2008/06/03 19:26:56 | 004,700,656 | ---- | M] (Sonic Solutions) -- C:\Documents and Settings\All Users\Application Data\Uninstall\{09760D42-E223-42AD-8C3E-55B47D0DDAC3}\setup.exe


< MD5 for: AGP440.SYS >
[2008/04/14 08:00:00 | 020,056,462 | ---- | M] () .cab file -- C:\I386\sp3.cab:AGP440.sys
[2008/04/14 08:00:00 | 020,056,462 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp3.cab:AGP440.sys
[2008/04/14 08:06:40 | 000,042,368 | ---- | M] (Microsoft Corporation) MD5=08FD04AA961BDC77FB983F328334E3D7 -- C:\WINDOWS\system32\drivers\AGP440.SYS

< MD5 for: AHCIX86.SYS >
[2008/03/07 21:24:52 | 000,176,136 | ---- | M] (AMD Technologies Inc.) MD5=B6E729A575F84938A08D367E8352EB86 -- C:\ATI\SUPPORT\8-9_xp32_dd_ccc_wdm_enu_68898\SBDrv\RAID7xx\x86\ahcix86.sys

< MD5 for: ATAPI.SYS >
[2008/04/14 08:00:00 | 020,056,462 | ---- | M] () .cab file -- C:\I386\sp3.cab:atapi.sys
[2008/04/14 08:00:00 | 020,056,462 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp3.cab:atapi.sys
[2008/04/14 08:00:00 | 000,096,512 | ---- | M] (Microsoft Corporation) MD5=9F3A2F5AA6875C72BF062C712CFA2674 -- C:\WINDOWS\system32\drivers\atapi.sys

< MD5 for: EVENTLOG.DLL >
[2008/04/14 08:00:00 | 000,056,320 | ---- | M] (Microsoft Corporation) MD5=6D4FEB43EE538FC5428CC7F0565AA656 -- C:\WINDOWS\system32\dllcache\eventlog.dll
[2008/04/14 08:00:00 | 000,056,320 | ---- | M] (Microsoft Corporation) MD5=6D4FEB43EE538FC5428CC7F0565AA656 -- C:\WINDOWS\system32\eventlog.dll

< MD5 for: IASTOR.SYS >
[2008/05/07 18:40:02 | 000,317,976 | ---- | M] (Intel Corporation) MD5=80C633722DA72E97F3F5B3B11325696D -- C:\WINDOWS\Dell\Intel\IaStor.sys

< MD5 for: NETLOGON.DLL >
[2008/04/14 08:00:00 | 000,407,040 | ---- | M] (Microsoft Corporation) MD5=1B7F071C51B77C272875C3A23E1E4550 -- C:\WINDOWS\system32\dllcache\netlogon.dll
[2008/04/14 08:00:00 | 000,407,040 | ---- | M] (Microsoft Corporation) MD5=1B7F071C51B77C272875C3A23E1E4550 -- C:\WINDOWS\system32\netlogon.dll

< MD5 for: NVGTS.SYS >
[2008/02/11 10:44:08 | 000,102,400 | ---- | M] (NVIDIA Corporation) MD5=A0B3F3A5049931657164F0FFCF0B208E -- C:\drivers\storage\R178505\nvgts.sys
[2008/01/21 14:15:22 | 000,102,400 | ---- | M] (NVIDIA Corporation) MD5=A0B3F3A5049931657164F0FFCF0B208E -- C:\WINDOWS\Dell\NVidia\nvgts.sys
[2008/01/21 14:15:22 | 000,102,400 | ---- | M] (NVIDIA Corporation) MD5=A0B3F3A5049931657164F0FFCF0B208E -- C:\WINDOWS\system32\drivers\nvgts.sys

< MD5 for: NVRD32.SYS >
[2008/02/11 10:44:08 | 000,128,000 | ---- | M] (NVIDIA Corporation) MD5=C9128FE14E5C1E55710781B5C276F2ED -- C:\drivers\storage\R178505\nvrd32.sys
[2008/01/21 14:15:22 | 000,128,000 | ---- | M] (NVIDIA Corporation) MD5=C9128FE14E5C1E55710781B5C276F2ED -- C:\WINDOWS\Dell\NVidia\nvrd32.sys
[2008/01/21 14:15:22 | 000,128,000 | ---- | M] (NVIDIA Corporation) MD5=C9128FE14E5C1E55710781B5C276F2ED -- C:\WINDOWS\system32\drivers\nvrd32.sys

< MD5 for: SCECLI.DLL >
[2008/04/14 08:00:00 | 000,181,248 | ---- | M] (Microsoft Corporation) MD5=A86BB5E61BF3E39B62AB4C7E7085A084 -- C:\WINDOWS\system32\dllcache\scecli.dll
[2008/04/14 08:00:00 | 000,181,248 | ---- | M] (Microsoft Corporation) MD5=A86BB5E61BF3E39B62AB4C7E7085A084 -- C:\WINDOWS\system32\scecli.dll

< MD5 for: SYMMPI.SYS >
[2007/02/10 02:06:00 | 000,100,096 | ---- | M] (LSI Logic) MD5=A42F863305943869BA00A613C8EE8C7E -- C:\WINDOWS\Dell\LSI\symmpi.sys

< %systemroot%\*. /mp /s >

< %systemroot%\system32\*.dll /lockedfiles >
[1 C:\WINDOWS\system32\*.tmp files -> C:\WINDOWS\system32\*.tmp -> ]

< %systemroot%\Tasks\*.job /lockedfiles >

========== Files - Unicode (All) ==========
[2008/09/21 22:39:45 | 004,923,965 | ---- | M] ()(C:\Documents and Settings\John\My Documents\05 - ??.ogg) -- C:\Documents and Settings\John\My Documents\05 - 葉月.ogg
[2008/09/21 22:39:29 | 004,923,965 | ---- | C] ()(C:\Documents and Settings\John\My Documents\05 - ??.ogg) -- C:\Documents and Settings\John\My Documents\05 - 葉月.ogg
< End of report >


Extra.txt:
OTL Extras logfile created on: 10/5/2010 11:13:24 PM - Run 1
OTL by OldTimer - Version 3.2.14.1 Folder = C:\Documents and Settings\John\Desktop
Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

3.00 Gb Total Physical Memory | 3.00 Gb Available Physical Memory | 82.00% Memory free
8.00 Gb Paging File | 8.00 Gb Available in Paging File | 95.00% Paging File free
Paging file location(s): C:\pagefile.sys 4987 6000 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 455.94 Gb Total Space | 220.80 Gb Free Space | 48.43% Space Free | Partition Type: NTFS
D: Drive not present or media not loaded
E: Drive not present or media not loaded
F: Drive not present or media not loaded
Drive G: | 414.61 Mb Total Space | 0.00 Mb Free Space | 0.00% Space Free | Partition Type: CDFS
H: Drive not present or media not loaded
I: Drive not present or media not loaded

Computer Name: D3R3VDH1
Current User Name: John
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: All users
Company Name Whitelist: Off
Skip Microsoft Files: Off
File Age = 30 Days
Output = Standard

========== Extra Registry (SafeList) ==========


========== File Associations ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]

[HKEY_USERS\S-1-5-21-181711195-3971840082-1150427271-1008\SOFTWARE\Classes\<extension>]
.html [@ = ChromeHTML] -- C:\Documents and Settings\John\Local Settings\Application Data\Google\Chrome\Application\chrome.exe (Google Inc.)

========== Shell Spawning ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
exefile [open] -- "%1" %*
htmlfile [edit] -- "C:\Program Files\Microsoft Office\Office12\msohtmed.exe" %1 (Microsoft Corporation)
htmlfile [print] -- "C:\Program Files\Microsoft Office\Office12\msohtmed.exe" /p %1 (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l (Microsoft Corporation)
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [AddToPlaylistVLC] -- "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" ()
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [PlayWithVLC] -- "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" ()
Folder [open] -- %SystemRoot%\Explorer.exe /idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

========== Security Center Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"FirstRunDisabled" = 1
"AntiVirusDisableNotify" = 0
"FirewallDisableNotify" = 0
"UpdatesDisableNotify" = 0
"AntiVirusOverride" = 0
"FirewallOverride" = 0

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall]
"DisableMonitoring" = 1

========== System Restore Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]
"DisableSR" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Sr]
"Start" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SrService]
"Start" = 2

========== Firewall Settings ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"EnableFirewall" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\GloballyOpenPorts\List]
"139:TCP" = 139:TCP:*:Enabled:@xpsp2res.dll,-22004
"445:TCP" = 445:TCP:*:Enabled:@xpsp2res.dll,-22005
"137:UDP" = 137:UDP:*:Enabled:@xpsp2res.dll,-22001
"138:UDP" = 138:UDP:*:Enabled:@xpsp2res.dll,-22002
"427:TCP" = 427:TCP:LocalSubNet:Enabled:SLP_Port(427)_TCP
"427:UDP" = 427:UDP:LocalSubNet:Enabled:SLP_Port(427)_UDP

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 0
"DoNotAllowExceptions" = 0
"DisableNotifications" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]
"1900:UDP" = 1900:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22007
"2869:TCP" = 2869:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22008
"139:TCP" = 139:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22004
"445:TCP" = 445:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22005
"137:UDP" = 137:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22001
"138:UDP" = 138:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22002
"427:TCP" = 427:TCP:LocalSubNet:Enabled:SLP_Port(427)_TCP
"427:UDP" = 427:UDP:LocalSubNet:Enabled:SLP_Port(427)_UDP
"443:UDP" = 443:UDP:*:Disabled:ooVoo UDP port 443
"37674:TCP" = 37674:TCP:*:Disabled:ooVoo TCP port 37674
"37674:UDP" = 37674:UDP:*:Disabled:ooVoo UDP port 37674
"37675:UDP" = 37675:UDP:*:Disabled:ooVoo UDP port 37675

========== Authorized Applications List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]
"C:\Nexon\Combat Arms\CombatArms.exe" = C:\Nexon\Combat Arms\CombatArms.exe:*Enabled:CombatArms.exe -- File not found
"C:\Nexon\Combat Arms\Engine.exe" = C:\Nexon\Combat Arms\Engine.exe:*Enabled:Engine.exe -- File not found
"D:\setup\hpznui01.exe" = D:\setup\hpznui01.exe:*:Enabled:hpznui01.exe -- File not found
"C:\Program Files\HP\Digital Imaging\bin\hpofxm08.exe" = C:\Program Files\HP\Digital Imaging\bin\hpofxm08.exe:*:Enabled:hpofxm08.exe -- (Hewlett-Packard Co.)
"C:\Program Files\HP\Digital Imaging\bin\hposfx08.exe" = C:\Program Files\HP\Digital Imaging\bin\hposfx08.exe:*:Enabled:hposfx08.exe -- (Hewlett-Packard Co.)
"C:\Program Files\HP\Digital Imaging\bin\hposid01.exe" = C:\Program Files\HP\Digital Imaging\bin\hposid01.exe:*:Enabled:hposid01.exe -- (Hewlett-Packard Co.)
"C:\Program Files\HP\Digital Imaging\bin\hpzwiz01.exe" = C:\Program Files\HP\Digital Imaging\bin\hpzwiz01.exe:*:Enabled:hpzwiz01.exe -- (Hewlett-Packard Co.)

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"C:\Program Files\Microsoft Office\Office12\OUTLOOK.EXE" = C:\Program Files\Microsoft Office\Office12\OUTLOOK.EXE:*:Enabled:Microsoft Office Outlook -- (Microsoft Corporation)
"C:\Program Files\DNA\btdna.exe" = C:\Program Files\DNA\btdna.exe:*:Enabled:DNA -- (BitTorrent, Inc.)
"C:\Program Files\BitTorrent\bittorrent.exe" = C:\Program Files\BitTorrent\bittorrent.exe:*:Enabled:BitTorrent -- File not found
"C:\Program Files\Pidgin\pidgin.exe" = C:\Program Files\Pidgin\pidgin.exe:*:Enabled:Pidgin -- (The Pidgin developer community)
"C:\Program Files\Common Files\AOL\Loader\aolload.exe" = C:\Program Files\Common Files\AOL\Loader\aolload.exe:*:Enabled:AOL Loader -- (AOL LLC)
"C:\Program Files\AIM6\aim6.exe" = C:\Program Files\AIM6\aim6.exe:*:Enabled:AIM -- (AOL LLC)
"C:\Program Files\uTorrent\uTorrent.exe" = C:\Program Files\uTorrent\uTorrent.exe:*:Enabled:µTorrent -- File not found
"C:\Documents and Settings\All Users\Application Data\NexonUS\NGM\NGM.exe" = C:\Documents and Settings\All Users\Application Data\NexonUS\NGM\NGM.exe:*:Enabled:Nexon Game Manager -- (Nexon)
"C:\Nexon\Combat Arms\CombatArms.exe" = C:\Nexon\Combat Arms\CombatArms.exe:*Enabled:CombatArms.exe -- File not found
"C:\Nexon\Combat Arms\Engine.exe" = C:\Nexon\Combat Arms\Engine.exe:*Enabled:Engine.exe -- File not found
"C:\Nexon\Combat Arms\NMService.exe" = C:\Nexon\Combat Arms\NMService.exe:*:Enabled:Nexon Messenger Core -- File not found
"C:\Documents and Settings\John\Local Settings\Application Data\Google\Chrome\Application\chrome.exe" = C:\Documents and Settings\John\Local Settings\Application Data\Google\Chrome\Application\chrome.exe:*:Enabled:Google Chrome -- (Google Inc.)
"C:\Program Files\Mozilla Firefox\firefox.exe" = C:\Program Files\Mozilla Firefox\firefox.exe:*:Enabled:Mozilla Firefox -- (Mozilla Corporation)
"C:\Program Files\Team Fortress 2\hl2.exe" = C:\Program Files\Team Fortress 2\hl2.exe:*:Disabled:hl2 -- ()
"C:\Program Files\Steam\steamapps\truegamer44\team fortress 2\hl2.exe" = C:\Program Files\Steam\steamapps\truegamer44\team fortress 2\hl2.exe:*:Disabled:hl2 -- ()
"C:\Documents and Settings\John\My Documents\Downloads\Half-Life 2 The Orange Box [Krayzie-N-Bone]\Team Fortress 2\Team Fortress 2\hl2.exe" = C:\Documents and Settings\John\My Documents\Downloads\Half-Life 2 The Orange Box [Krayzie-N-Bone]\Team Fortress 2\Team Fortress 2\hl2.exe:*:Disabled:hl2 -- File not found
"C:\Documents and Settings\John\My Documents\Downloads\American McGee Alice-PC Game\alice.exe" = C:\Documents and Settings\John\My Documents\Downloads\American McGee Alice-PC Game\alice.exe:*:Enabled:American McGee's Alice -- (Rogue Entertainment)
"D:\setup\hpznui01.exe" = D:\setup\hpznui01.exe:*:Enabled:hpznui01.exe -- File not found
"C:\Program Files\Sierra Entertainment\FEAR Perseus Mandate\FEARXP2.exe" = C:\Program Files\Sierra Entertainment\FEAR Perseus Mandate\FEARXP2.exe:*:Enabled:FEARXP2 -- (TimeGate Studios, Inc.)
"C:\WINDOWS\system32\PnkBstrA.exe" = C:\WINDOWS\system32\PnkBstrA.exe:*:Enabled:PnkBstrA -- File not found
"C:\WINDOWS\system32\PnkBstrB.exe" = C:\WINDOWS\system32\PnkBstrB.exe:*:Enabled:PnkBstrB -- File not found
"C:\Program Files\Ubisoft\Gearbox Software\Brothers in Arms - Hell's Highway\Binaries\biahh.exe" = C:\Program Files\Ubisoft\Gearbox Software\Brothers in Arms - Hell's Highway\Binaries\biahh.exe:*:Enabled:biahh -- ()
"C:\Program Files\ooVoo\ooVoo.exe" = C:\Program Files\ooVoo\ooVoo.exe:*:Enabled:ooVoo -- (ooVoo LLC)
"C:\Program Files\RealVNC\VNC4\winvnc4.exe" = C:\Program Files\RealVNC\VNC4\winvnc4.exe:*:Enabled:VNC Server Free Edition for Win32 -- (RealVNC Ltd.)
"C:\Program Files\HP\Digital Imaging\bin\hpofxm08.exe" = C:\Program Files\HP\Digital Imaging\bin\hpofxm08.exe:*:Enabled:hpofxm08.exe -- (Hewlett-Packard Co.)
"C:\Program Files\HP\Digital Imaging\bin\hposfx08.exe" = C:\Program Files\HP\Digital Imaging\bin\hposfx08.exe:*:Enabled:hposfx08.exe -- (Hewlett-Packard Co.)
"C:\Program Files\HP\Digital Imaging\bin\hposid01.exe" = C:\Program Files\HP\Digital Imaging\bin\hposid01.exe:*:Enabled:hposid01.exe -- (Hewlett-Packard Co.)
"C:\Program Files\HP\Digital Imaging\bin\hpzwiz01.exe" = C:\Program Files\HP\Digital Imaging\bin\hpzwiz01.exe:*:Enabled:hpzwiz01.exe -- (Hewlett-Packard Co.)
"C:\Program Files\FrostWire\FrostWire.exe" = C:\Program Files\FrostWire\FrostWire.exe:*:Enabled:FrostWire -- (FrostWire Group)
"C:\Program Files\Vuze\Azureus.exe" = C:\Program Files\Vuze\Azureus.exe:*:Enabled:Azureus / Vuze -- File not found
"C:\Program Files\Beat Hazard\BeatHazard.exe" = C:\Program Files\Beat Hazard\BeatHazard.exe:*:Enabled:BeatHazard -- ()
"C:\UT2004\System\UT2004.exe" = C:\UT2004\System\UT2004.exe:*:Enabled:UT2004 -- ()
"C:\Program Files\THQ\Dawn of War\W40k.exe" = C:\Program Files\THQ\Dawn of War\W40k.exe:*:Enabled:W40k -- File not found
"C:\Program Files\Steam\steamapps\truegamer44\half-life\hl.exe" = C:\Program Files\Steam\steamapps\truegamer44\half-life\hl.exe:*:Enabled:Half-Life -- (Valve)
"C:\Program Files\Steam\steamapps\common\alien swarm\swarm.exe" = C:\Program Files\Steam\steamapps\common\alien swarm\swarm.exe:*:Enabled:Alien Swarm -- ()
"C:\Program Files\AVG\AVG9\avgam.exe" = C:\Program Files\AVG\AVG9\avgam.exe:*:Enabled:avgam.exe -- (AVG Technologies CZ, s.r.o.)
"C:\Program Files\AVG\AVG9\avgdiagex.exe" = C:\Program Files\AVG\AVG9\avgdiagex.exe:*:Enabled:avgdiagex.exe -- (AVG Technologies CZ, s.r.o.)
"C:\Program Files\AVG\AVG9\avgupd.exe" = C:\Program Files\AVG\AVG9\avgupd.exe:*:Enabled:avgupd.exe -- (AVG Technologies CZ, s.r.o.)
"C:\Program Files\AVG\AVG9\avgnsx.exe" = C:\Program Files\AVG\AVG9\avgnsx.exe:*:Enabled:avgnsx.exe -- (AVG Technologies CZ, s.r.o.)
"C:\WINDOWS\system32\ZoneLabs\vsmon.exe" = C:\WINDOWS\system32\ZoneLabs\vsmon.exe:*:Enabled:vsmon -- (Check Point Software Technologies LTD)
"C:\Program Files\iTunes\iTunes.exe" = C:\Program Files\iTunes\iTunes.exe:*:Enabled:iTunes -- (Apple Inc.)
"C:\Program Files\Dell Video Chat\DellVideoChat.exe" = C:\Program Files\Dell Video Chat\DellVideoChat.exe:*:Enabled:SightSpeed -- (Dell Inc. and SightSpeed Inc.)


========== HKEY_LOCAL_MACHINE Uninstall List ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{002D9D5E-29BA-3E6D-9BC4-3D7D6DBC735C}" = Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148
"{02EBDBB9-4600-41D3-B566-40CB861511D2}" = World of Warcraft FREE Trial
"{03A7C57A-B2C8-409b-92E5-524A0DFD0DD3}" = Status
"{048298C9-A4D3-490B-9FF9-AB023A9238F3}" = Steam
"{0556F885-2415-4666-B53E-33727E46AEA1}" = The Movies™
"{055EE59D-217B-43A7-ABFF-507B966405D8}" = ATI Catalyst Control Center
"{05AC8C7A-618A-4ED5-A5D4-0A09FAA5AEDB}_is1" = tokidoki screensaver 1.0
"{07B739FD-DD3E-5060-6DF2-1D0A6448C192}" = Catalyst Control Center Graphics Full Existing
"{087A66B8-1F0F-4a8d-A649-0CFE276AA7C0}" = WebReg
"{08E81ABD-79F7-49C2-881F-FD6CB0975693}" = Roxio Creator Data
"{09760D42-E223-42AD-8C3E-55B47D0DDAC3}" = Roxio Creator DE
"{0AACB61D-9A82-6836-2840-28D0CF08781B}" = Catalyst Control Center Graphics Light
"{0CB9668D-F979-4F31-B8B8-67FE90F929F8}" = Bonjour
"{0E2B767B-EA6A-489B-BF83-8083FE1DB661}" = Pcsx2 0.9.6
"{0EB5D9B7-8E6C-4A9E-B74F-16B7EE89A67B}" = Microsoft Plus! Photo Story 2 LE
"{0ECFCB07-9BFE-4970-ACA1-D568D982760B}" = Complete Care Business Service Agreement
"{101C938A-B723-97FB-A065-EDFD782E5978}" = Catalyst Control Center Graphics Light
"{18D10072035C4515918F7E37EAFAACFC}" = AutoUpdate
"{1a413f37-ed88-4fec-9666-5c48dc4b7bb7}" = YouTube Downloader 2.5.7
"{1C4551A6-4743-4093-91E4-1477CD655043}" = NVIDIA PhysX
"{1F54DAFA-9261-4A62-B59D-6C9F26B48FE4}" = Roxio Creator Tools
"{1FF713E1-FE5E-4AD0-9C8C-B2E877846B45}" = Catalyst Control Center - Branding
"{221BCE94-499E-21A9-4744-364294430D6A}" = Catalyst Control Center Graphics Full New
"{237CD223-1B9D-47E8-A76C-E478B83CCEA2}" = File Uploader
"{28BE306E-5DA6-4F9C-BDB0-DBA3C8C6FFFD}" = QuickTime
"{2A59A62D-09BA-E4CF-C7C2-E30332CE50F1}" = ccc-core-static
"{2C04F12D-9AE2-B73C-17F7-A906A3D0C147}" = Catalyst Control Center HydraVision Full
"{2EEA7AA4-C203-4b90-A34F-19FB7EF1C81C}" = BufferChm
"{30465B6C-B53F-49A1-9EBA-A3F187AD502E}" = Roxio Update Manager
"{3248F0A8-6813-11D6-A77B-00B0D0160050}" = Java™ 6 Update 5
"{33B5B641-7843-48A9-A8FE-4501869D0B92}" = Geometry Solved!
"{33BB4982-DC52-4886-A03B-F4C5C80BEE89}" = Windows Media Player 10
"{350C97B0-3D7C-4EE8-BAA9-00BCB3D54227}" = WebFldrs XP
"{35725FBC-A136-4A46-9F29-091759D9BB93}" = MVision
"{36787A11-7848-3C1C-17E3-667A9FFB0E9C}" = Catalyst Control Center Core Implementation
"{36CDA33B-909B-4719-97D1-C4B99309BDC7}" = ATI Parental Control & Encoder
"{3700194C-C5DD-439A-BE06-A66960CA4C70}" = MSVCSetup
"{38DAE5F5-EC70-4aa5-801B-D11CA0A33B41}" = BPDSoftware
"{3FC7CBBC4C1E11DCA1A752EA55D89593}" = DivX Version Checker
"{4100185B-ECAB-519C-D7EB-544EC401E2DB}" = ccc-core-preinstall
"{47ECCB1F-2811-49C0-B6A7-26778639ABA0}" = 32 Bit HP CIO Components Installer
"{4A85E968-9E24-0AE4-BC49-1614E86F0A50}" = Catalyst Control Center Graphics Previews Common
"{4CE79985-8BCD-11D5-AA2E-0008C760B784}" = Ultimate Ride
"{4D304678-738E-42a0-931A-2B022F49DEB8}" = TrayApp
"{4DFAEE3E-3489-5236-9028-1A5B9B359CD0}" = Catalyst Control Center Graphics Full New
"{4E7C28C7-D5DA-4E9F-A1CA-60490B54AE35}" = UnloadSupport
"{50120000-1105-0000-0000-0000000FF1CE}" = Microsoft Office 2007 Primary Interop Assemblies
"{5449FB4F-1802-4D5B-A6D8-087DB1142147}" = Realtek HDMI Audio Driver for ATI
"{57F60D52-630B-43C5-BD20-176F5CD4EED6}" = bpd_scan
"{5887D64D-2663-43FB-B4BD-7464C56AB425}" = NVIDIA System Monitor
"{5FE82A80-8985-082F-9B61-7EEDB1FCB461}" = ccc-core-static
"{6675CA7F-E51B-4F6A-99D4-F8F0124C6EAA}" = Roxio Express Labeler 3
"{676981B7-A2D9-49D0-9F4C-03018F131DA9}" = DocProc
"{6811CAA0-BF12-11D4-9EA1-0050BAE317E1}" = PowerDVD DX
"{6956856F-B6B3-4BE0-BA0B-8F495BE32033}" = Apple Software Update
"{6A1ACC15-7632-45ba-A3AB-0250EBD4B7DD}" = 6500_E709a
"{6B76A0FE-4D7F-4BCE-8BD1-D61CAB936D40}_is1" = Beat Hazard 1.3s
"{6CC080F1-2E00-41D5-BE47-A3BC784E9DFB}" = BPDSoftware_Ini
"{6E45BA47-383C-4C1E-8ED0-0D4845C293D7}" = Microsoft Plus! Digital Media Edition Installer
"{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable
"{73A4F29F-31AC-4EBD-AA1B-0CC5F18C8F83}" = Roxio Creator Audio
"{74DC0593-6BC6-4001-AD5F-D810AFB68D86}" = HP Update
"{74F7662C-B1DB-489E-A8AC-07A06B24978B}" = Dell System Restore
"{767CC44C-9BBC-438D-BAD3-FD4595DD148B}" = VC80CRTRedist - 8.0.50727.762
"{76D92E84-A78B-2F37-E165-95BC732750E0}" = ccc-core-preinstall
"{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
"{78610B4D-3157-9EA6-905E-64F144EC1E30}" = Catalyst Control Center Graphics Previews Common
"{7B3F0113-E63C-4D6D-AF19-111A3165CCA2}" = Text-To-Speech-Runtime
"{7B63B2922B174135AFC0E1377DD81EC2}" = DivX Codec
"{7C7F30F4-94E7-4AA8-8941-90C4A80C68BF}" = NVIDIA Performance
"{7D2370AC-D8E6-4996-986A-19824F8A167C}" = Logitech QuickCam
"{800E784D-53E3-4948-B491-9E7FA5EACBDC}" = SmartWebPrinting
"{837b34e3-7c30-493c-8f6a-2b0f04e2912c}" = Microsoft Visual C++ 2005 Redistributable
"{85991ED2-010C-4930-96FA-52F43C2CE98A}" = Apple Mobile Device Support
"{87441A59-5E64-4096-A170-14EFE67200C3}" = Picture Control Utility
"{8795CBED-55E2-4693-9F14-84EC446935BE}" = SpeechRedist
"{87A9A9A9-FAB7-4224-9328-0FA2058C0FD5}" = Network
"{8ADFC4160D694100B5B8A22DE9DCABD9}" = DivX Player
"{8D0BB1D1-E9FB-49E9-A9C1-09C00F38DA0C}" = FEAR Perseus Mandate
"{8D2AC4F2-0BBA-4A94-A866-8B54263FAE87}" = Reservoir Dogs
"{8E1AB809-F821-4F41-8431-44A11ED1EDBA}" = TVT7Diag
"{90120000-0010-0409-0000-0000000FF1CE}" = Microsoft Software Update for Web Folders (English) 12
"{90120000-0016-0409-0000-0000000FF1CE}" = Microsoft Office Excel MUI (English) 2007
"{90120000-0016-0409-0000-0000000FF1CE}_SMALLBUSINESSR_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0018-0409-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (English) 2007
"{90120000-0018-0409-0000-0000000FF1CE}_SMALLBUSINESSR_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0019-0409-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (English) 2007
"{90120000-0019-0409-0000-0000000FF1CE}_SMALLBUSINESSR_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-001A-0409-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (English) 2007
"{90120000-001A-0409-0000-0000000FF1CE}_SMALLBUSINESSR_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-001B-0409-0000-0000000FF1CE}" = Microsoft Office Word MUI (English) 2007
"{90120000-001B-0409-0000-0000000FF1CE}_SMALLBUSINESSR_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007
"{90120000-001F-0409-0000-0000000FF1CE}_SMALLBUSINESSR_{ABDDE972-355B-4AF1-89A8-DA50B7B5C045}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2007
"{90120000-001F-040C-0000-0000000FF1CE}_SMALLBUSINESSR_{F580DDD5-8D37-4998-968E-EBB76BB86787}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-001F-0C0A-0000-0000000FF1CE}" = Microsoft Office Proof (Spanish) 2007
"{90120000-001F-0C0A-0000-0000000FF1CE}_SMALLBUSINESSR_{187308AB-5FA7-4F14-9AB9-D290383A10D9}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-002C-0409-0000-0000000FF1CE}" = Microsoft Office Proofing (English) 2007
"{90120000-006E-0409-0000-0000000FF1CE}" = Microsoft Office Shared MUI (English) 2007
"{90120000-006E-0409-0000-0000000FF1CE}_SMALLBUSINESSR_{DE5A002D-8122-4278-A7EE-3121E7EA254E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0115-0409-0000-0000000FF1CE}" = Microsoft Office Shared Setup Metadata MUI (English) 2007
"{90120000-0115-0409-0000-0000000FF1CE}_SMALLBUSINESSR_{DE5A002D-8122-4278-A7EE-3121E7EA254E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90A40409-6000-11D3-8CFE-0150048383C9}" = Microsoft Office 2003 Web Components
"{91120000-00CA-0000-0000-0000000FF1CE}" = Microsoft Office Small Business 2007
"{91120000-00CA-0000-0000-0000000FF1CE}_SMALLBUSINESSR_{0B36C6D6-F5D8-4EAF-BF94-4376A230AD5B}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{91120000-00CA-0000-0000-0000000FF1CE}_SMALLBUSINESSR_{3D019598-7B59-447A-80AE-815B703B84FF}" = Security Update for Microsoft Office system 2007 (972581)
"{9129B46A-51F0-431b-9838-DF7272F3204E}" = ProductContext
"{91F7F3F3-CE80-48C3-8327-7D24A0A5716A}" = iTunes
"{95120000-00B9-0409-0000-0000000FF1CE}" = Microsoft Application Error Reporting
"{9559F7CA-5E34-4237-A2D9-D856464AD727}" = Project64 1.6
"{9603DE6D-4567-4b78-B941-849322373DE2}" = SolutionCenter
"{99D3379A-4741-FC40-5E63-E47DD31560D2}" = CCC Help English
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{9CCCFD9C-248F-47FE-9496-1680E3E5C163}" = Scan
"{9D1B99B7-DAD8-440d-B4FB-1915332FBCC2}" = HPProductAssistant
"{9D623E1A-30E1-4E55-BD80-5C1359DB120B}" = Melodyne 3.1
"{A06275F4-324B-4E85-95E6-87B2CD729401}" = Windows Defender
"{A0F66FCA-8206-9034-9B67-D1F50DA2DDAC}" = Catalyst Control Center HydraVision Full
"{A2BCA9F1-566C-4805-97D1-7FDC93386723}" = Adobe AIR
"{A3051CD0-2F64-3813-A88D-B8DCCDE8F8C7}" = Microsoft .NET Framework 3.0 Service Pack 2
"{A43BF6A5-D5F0-4AAA-BF41-65995063EC44}" = MSXML 6.0 Parser
"{A548C254-03BB-22F8-1064-899487B3CF85}" = Catalyst Control Center InstallProxy
"{A7E6A962-C086-47E3-BAEC-9C84AF292820}" = SpongeBob SquarePants - Battle for Bikini Bottom
"{A8B94669-8654-4126-BD28-D0D2412CDED6}" = TI Connect 1.6
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{A939D341-5A04-4E0A-BB55-3E65B386432D}" = Microsoft Office Small Business Connectivity Components
"{A96E97134CA649888820BCDE5E300BBD}" = H.264 Decoder
"{AAC389499AEF40428987B3D30CFC76C9}" = MKV Splitter
"{AB06254A-9A28-F8AD-236E-FB5C3108FE85}" = ATI Catalyst Install Manager
"{AC13BA3A-336B-45a4-B3FE-2D3058A7B533}" = Toolbox
"{AC76BA86-7AD7-1033-7B44-A81300000003}" = Adobe Reader 8.1.5
"{AC76BA86-7AD7-1033-7B44-A81300000003}_814" = KB408682
"{AEF9DC35ADDF4825B049ACBFD1C6EB37}" = AAC Decoder
"{B0DF58A2-40DF-4465-AA56-38623EC9938C}" = Documentation & Support Launcher
"{B2544A03-10D0-4E5E-BA69-0362FFC20D18}" = OGA Notifier 2.0.0048.0
"{B2D328BE-45AD-4D92-96F9-2151490A203E}" = Apple Application Support
"{B4092C6D-E886-4CB2-BA68-FE5A88D31DE6}_is1" = Spybot - Search & Destroy
"{B4CF385A-2015-5236-C2DB-EF09DA2AEA6C}" = CCC Help English
"{B6884A07-0305-47AE-9969-8F26FADC17DE}" = Games, Music, & Photos Launcher
"{B6A26DE5-F2B5-4D58-9570-4FC760E00FCD}" = Roxio Creator Copy
"{B7050CBDB2504B34BC2A9CA0A692CC29}" = DivX Web Player
"{BAF78226-3200-4DB4-BE33-4D922A799840}" = Windows Presentation Foundation
"{BD68F46D-8A82-4664-8E68-F87C55BDEFD4}" = Microsoft SQL Server Native Client
"{BEF726DD-4037-4214-8C6A-E625C02D2870}" = Logitech Audio Echo Cancellation Component
"{C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F}" = Microsoft .NET Framework 2.0 Service Pack 2
"{C29C1940-CB85-4F3B-906C-33FEE0E67103}" = DocMgr
"{C3ABE126-2BB2-4246-BFE1-6797679B3579}" = LG USB Modem driver
"{C427E746-4EC9-4E3C-AACB-C6BB1F714D7F}" = Uniblue DriverScanner 2009
"{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}" = Microsoft .NET Framework 1.1
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{D103C4BA-F905-437A-8049-DB24763BBE36}" = Skype™ 4.1
"{D2FCC1AE-6311-47C5-8130-C6C66D77DD71}" = Nikon Message Center
"{D5068583-D569-468B-9755-5FBF5848F46F}" = Sony Picture Utility
"{D52ED371-E583-2A3F-C17C-2FC42E2D0077}" = Catalyst Control Center Graphics Full Existing
"{D5A11B8A-2A7B-2BED-E05F-2318C83A771B}" = ccc-utility
"{D9D93D74-107D-4BD3-87D0-AABCF7C98BD5}" = Catalyst Control Center - Branding
"{DAB63C41-6ED8-1DEA-B5FC-D48FDB96B9B9}" = Shockhound Download Manager
"{DCFD26A8-60A5-4C69-A52D-264D0386FDB3}" = Microsoft Xbox 360 Accessories 1.2
"{DE13432E-F0C1-4842-A5BA-CC997DA72A70}" = 6500_E709_eDocs
"{DFAE9340-E8BB-4433-9A08-C8334DAFE1B9}" = Star Wars Republic Commando
"{E3BFEE55-39E2-4BE0-B966-89FE583822C1}" = Dell Support Center (Support Software)
"{E42BD75A-FC23-4E3F-9F91-2658334C644F}" = Internet Service Offers Launcher
"{E51E08E3-BBD2-40AD-8F9F-4BF9DEA54B44}" = Algebra 2 Solved!
"{E8A602BF-C276-4DB2-A9FF-B4C30EA1CB7C}_is1" = iDump (Freeware) Build:29
"{E93E5EF6-D361-481E-849D-F16EF5C78EBC}" = Musicmatch for Windows Media Player
"{E9757890-7EC5-46C8-99AB-B00F07B6525C}" = Nikon Transfer
"{EA516024-D84D-41F1-814F-83175A6188F2}" = Logitech Video Enumerator
"{ED439A64-F018-4DD4-8BA5-328D85AB09AB}" = Roxio Creator DE
"{EEEB604C-C1A7-4f8c-B03F-56F9C1C9C45F}" = Fax
"{EF9E56EE-0243-4BAD-88F4-5E7508AA7D96}" = Destination Component
"{F007CBCE-D714-4C0B-8CE9-9B0D78116468}" = ViewNX
"{F18046C5-1C4E-4BE1-A3D6-A6F970E2E8E8}" = ArcSoft Panorama Maker 5
"{F185B35D-38E5-4D88-B275-15C8C7FC4357}" = 6500_E709_Help
"{F58DBB36-F623-048A-0780-4FFDEA2486CA}" = Catalyst Control Center Core Implementation
"{F6124436-F906-7B89-7009-50BB8CD7CA93}" = ccc-utility
"{F648FD09-7CEA-4257-BC68-A8389189FD51}" = GPBaseService2
"{F769B78E-FF0E-4db5-95E2-9F4C8D6352FE}" = DeviceDiscovery
"{FA0F0A01-4631-4161-A6C2-948BF694382E}" = HP Officejet 6500 E709 Series
"{FAA7F8FF-3C05-4A61-8F14-D8A6E9ED6623}" = ooVoo
"101 Dalmatians StoryBook" = 101 Dalmatians StoryBook
"Adobe AIR" = Adobe AIR
"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin
"AIM_6" = AIM 6
"And Yet It Moves 1.50" = And Yet It Moves 1.50
"Armagetron Advanced" = Armagetron Advanced 0.2.8.2.1.gcc
"ASIO4ALL" = ASIO4ALL
"Aspell French Dictionary_is1" = Aspell French Dictionary-0.50-3
"Aspell Norwegian Dictionary_is1" = Aspell Norwegian Dictionary-0.50-2
"Aspell Polish Dictionary_is1" = Aspell Polish Dictionary-0.50-2
"ATI Display Driver" = ATI Display Driver
"Audacity 1.3 Beta (Unicode)_is1" = Audacity 1.3.7 (Unicode)
"AVG9Uninstall" = AVG 9.0
"Billy_is1" = Sheep Friends - Billy 1.03
"Brothers in Arms - Hell's Highway" = Brothers in Arms: Hell's Highway
"Capture NX 2" = Capture NX 2
"CCleaner" = CCleaner
"Celestia_is1" = Celestia 1.5.1
"clone_high" = clone_high Screen Saver
"Combined Community Codec Pack_is1" = Combined Community Codec Pack 2009-09-09
"CPUID CPU-Z_is1" = CPUID CPU-Z 1.52.2
"Crayon Physics Deluxe_is1" = Crayon Physics Deluxe - release 53
"Dell Video Chat" = Dell Video Chat (remove only)
"DivX Plus DirectShow Filters" = DivX Plus DirectShow Filters
"eMusic Download Manager" = eMusic Download Manager 4.1.3
"Firebird SQL Server UK" = Firebird SQL Server - MAGIX Edition
"FL Studio 9" = FL Studio 9
"FormatFactory" = FormatFactory 2.45
"FrostWire" = FrostWire 4.20.3
"GNU Aspell_is1" = GNU Aspell 0.50-3
"GoToAssist" = GoToAssist 8.0.0.514
"Guitar Pro 5_is1" = Guitar Pro 5.2
"HitmanPro35" = Hitman Pro 3.5
"HP Document Manager" = HP Document Manager 2.0
"HP Imaging Device Functions" = HP Imaging Device Functions 12.0
"HP Smart Web Printing" = HP Smart Web Printing
"HP Solution Center & Imaging Support Tools" = HP Solution Center 12.0
"HPOCR" = OCR Software by I.R.I.S. 12.0
"HyperCam 2" = HyperCam 2
"Hypnotize" = Hypnotize Screen Saver
"ie8" = Windows Internet Explorer 8
"I-Fluid_is1" = I-Fluid 1.22
"ImgBurn" = ImgBurn
"InstallShield_{0556F885-2415-4666-B53E-33727E46AEA1}" = The Movies™
"InstallShield_{5887D64D-2663-43FB-B4BD-7464C56AB425}" = NVIDIA System Monitor
"InstallShield_{7C7F30F4-94E7-4AA8-8941-90C4A80C68BF}" = NVIDIA Performance
"LAME for Audacity_is1" = LAME v3.98.2 for Audacity
"Magic DVD Ripper_is1" = Magic DVD Ripper V5.4.2
"MagicDisc 2.7.106" = MagicDisc 2.7.106
"Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware
"Microsoft .NET Framework 1.1 (1033)" = Microsoft .NET Framework 1.1
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"Mozilla Firefox (3.6.10)" = Mozilla Firefox (3.6.10)
"MSNINST" = MSN
"Muse At Wembley" = Muse At Wembley Screen Saver
"NVIDIA Drivers" = NVIDIA Drivers
"OJOsoft Total Video Converter2.5.1.1121" = OJOsoft Total Video Converter
"PCSI" = Prevx
"Pidgin" = Pidgin
"pidgin-guifications" = Guifications Plugin (remove only)
"QcDrv" = Logitech® Camera Driver
"RealVNC_is1" = VNC Free Edition 4.1.3
"Sandboxie" = Sandboxie 3.44
"Security Task Manager" = Security Task Manager 1.7h
"SMALLBUSINESSR" = Microsoft Office Small Business 2007
"Steam App 630" = Alien Swarm
"Steam App 70" = Half-Life
"SystemRequirementsLab" = System Requirements Lab
"Toxic Biohazard" = Toxic Biohazard
"TrueCrypt" = TrueCrypt
"UnHackMe_is1" = UnHackMe 5.99 release
"Uniblue DriverScanner 2009" = Uniblue DriverScanner 2009
"UT2004" = Unreal Tournament 2004
"Virtual DJ - Atomix Productions" = Virtual DJ - Atomix Productions
"VLC media player" = VLC media player 1.0.3
"Wdf01005" = Microsoft Kernel-Mode Driver Framework Feature Pack 1.5
"Windows Media Format Runtime" = Windows Media Format Runtime
"Windows Media Player" = Windows Media Player 10
"WinRAR archiver" = WinRAR archiver
"XpsEPSC" = XML Paper Specification Shared Components Pack 1.0
"XQXSetup_is1" = Xteq Systems X-Setup 6.3
"ZoneAlarm" = ZoneAlarm
"Zuma Deluxe RA" = Zuma Deluxe RA

========== HKEY_USERS Uninstall List ==========

[HKEY_USERS\S-1-5-21-181711195-3971840082-1150427271-1008\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"BitTorrent DNA" = DNA
"GCalc 3" = GCalc 3
"Google Chrome" = Google Chrome
"Move Media Player" = Move Media Player

========== Last 10 Event Log Errors ==========

[ Application Events ]
Error - 9/22/2010 12:00:05 AM | Computer Name = D3R3VDH1 | Source = Google Update | ID = 20
Description =

Error - 9/22/2010 12:26:05 AM | Computer Name = D3R3VDH1 | Source = Google Update | ID = 20
Description =

Error - 9/24/2010 10:37:09 PM | Computer Name = D3R3VDH1 | Source = Application Hang | ID = 1002
Description = Hanging application bmt68y8n.exe, version 1.0.15.15281, hang module
hungapp, version 0.0.0.0, hang address 0x00000000.

Error - 9/24/2010 10:37:11 PM | Computer Name = D3R3VDH1 | Source = Application Hang | ID = 1002
Description = Hanging application bmt68y8n.exe, version 1.0.15.15281, hang module
hungapp, version 0.0.0.0, hang address 0x00000000.

Error - 9/26/2010 10:22:21 PM | Computer Name = D3R3VDH1 | Source = ESENT | ID = 490
Description = svchost (1220) An attempt to open the file "C:\WINDOWS\system32\CatRoot2\{127D0A1D-4EF2-11D1-8608-00C04FC295EE}\catdb"
for read / write access failed with system error 32 (0x00000020): "The process
cannot access the file because it is being used by another process. ". The open
file operation will fail with error -1032 (0xfffffbf8).

Error - 9/26/2010 10:22:21 PM | Computer Name = D3R3VDH1 | Source = ESENT | ID = 439
Description = Catalog Database (1220) Unable to write a shadowed header for file
C:\WINDOWS\system32\CatRoot2\{127D0A1D-4EF2-11D1-8608-00C04FC295EE}\catdb. Error
-1032.

Error - 9/26/2010 10:22:21 PM | Computer Name = D3R3VDH1 | Source = ESENT | ID = 473
Description = Catalog Database (1220) Database C:\WINDOWS\system32\CatRoot2\{127D0A1D-4EF2-11D1-8608-00C04FC295EE}\catdb
was partially detached. Error -1032 encountered updating database headers.

Error - 10/2/2010 12:00:31 AM | Computer Name = D3R3VDH1 | Source = Application Hang | ID = 1002
Description = Hanging application iTunes.exe, version 9.2.1.5, hang module hungapp,
version 0.0.0.0, hang address 0x00000000.

Error - 10/2/2010 12:00:32 AM | Computer Name = D3R3VDH1 | Source = Application Hang | ID = 1002
Description = Hanging application iTunes.exe, version 9.2.1.5, hang module hungapp,
version 0.0.0.0, hang address 0x00000000.

Error - 10/2/2010 12:01:41 AM | Computer Name = D3R3VDH1 | Source = Application Hang | ID = 1001
Description = Fault bucket 1966363158.

[ OSession Events ]
Error - 1/30/2009 7:50:25 AM | Computer Name = D3R3VDH1 | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 0, Application Name: Microsoft Office Word, Application Version:
12.0.6331.5000, Microsoft Office Version: 12.0.6215.1000. This session lasted 25586
seconds with 1440 seconds of active time. This session ended with a crash.

[ System Events ]
Error - 10/5/2010 11:01:51 PM | Computer Name = D3R3VDH1 | Source = DCOM | ID = 10005
Description = DCOM got error "%1058" attempting to start the service hpqcxs08 with
arguments "" in order to run the server: {1DAEDD8A-30ED-4585-9CF1-13BDF7791DDE}

Error - 10/5/2010 11:01:51 PM | Computer Name = D3R3VDH1 | Source = DCOM | ID = 10005
Description = DCOM got error "%1058" attempting to start the service hpqcxs08 with
arguments "" in order to run the server: {1DAEDD8A-30ED-4585-9CF1-13BDF7791DDE}

Error - 10/5/2010 11:01:51 PM | Computer Name = D3R3VDH1 | Source = DCOM | ID = 10005
Description = DCOM got error "%1058" attempting to start the service hpqcxs08 with
arguments "" in order to run the server: {1DAEDD8A-30ED-4585-9CF1-13BDF7791DDE}

Error - 10/5/2010 11:01:57 PM | Computer Name = D3R3VDH1 | Source = DCOM | ID = 10005
Description = DCOM got error "%1058" attempting to start the service hpqcxs08 with
arguments "" in order to run the server: {1DAEDD8A-30ED-4585-9CF1-13BDF7791DDE}

Error - 10/5/2010 11:01:58 PM | Computer Name = D3R3VDH1 | Source = DCOM | ID = 10005
Description = DCOM got error "%1058" attempting to start the service hpqcxs08 with
arguments "" in order to run the server: {1DAEDD8A-30ED-4585-9CF1-13BDF7791DDE}

Error - 10/5/2010 11:01:58 PM | Computer Name = D3R3VDH1 | Source = DCOM | ID = 10005
Description = DCOM got error "%1058" attempting to start the service hpqcxs08 with
arguments "" in order to run the server: {1DAEDD8A-30ED-4585-9CF1-13BDF7791DDE}

Error - 10/5/2010 11:01:58 PM | Computer Name = D3R3VDH1 | Source = DCOM | ID = 10005
Description = DCOM got error "%1058" attempting to start the service hpqcxs08 with
arguments "" in order to run the server: {1DAEDD8A-30ED-4585-9CF1-13BDF7791DDE}

Error - 10/5/2010 11:01:58 PM | Computer Name = D3R3VDH1 | Source = DCOM | ID = 10005
Description = DCOM got error "%1058" attempting to start the service hpqcxs08 with
arguments "" in order to run the server: {1DAEDD8A-30ED-4585-9CF1-13BDF7791DDE}

Error - 10/5/2010 11:02:03 PM | Computer Name = D3R3VDH1 | Source = DCOM | ID = 10005
Description = DCOM got error "%1058" attempting to start the service hpqcxs08 with
arguments "" in order to run the server: {1DAEDD8A-30ED-4585-9CF1-13BDF7791DDE}

Error - 10/5/2010 11:02:05 PM | Computer Name = D3R3VDH1 | Source = DCOM | ID = 10005
Description = DCOM got error "%1058" attempting to start the service hpqcxs08 with
arguments "" in order to run the server: {1DAEDD8A-30ED-4585-9CF1-13BDF7791DDE}


< End of report >

#7 LilJohnAY

LilJohnAY
  • Topic Starter

  • Members
  • 19 posts
  • OFFLINE
  •  
  • Local time:11:41 PM

Posted 05 October 2010 - 11:17 PM

(All of the logs together was too large a post. X_X
So here are the rest.)
(EDIT: Also, when I use the Google search in my Firefox browser, I am no longer redirected to that search.search-tab.com site!! Hurrrraaayyyy!!)

busy.gif clapping.gif



Here is the TDSSKiller report that I think got rid of the TDL3 (I also have one from the next day, deleting a file and registry values with "sptd" services. I can post that as well, if need be) :


2010/09/15 22:39:24.0296 TDSS rootkit removing tool 2.4.2.1 Sep 7 2010 14:43:44
2010/09/15 22:39:24.0296 ================================================================================
2010/09/15 22:39:24.0296 SystemInfo:
2010/09/15 22:39:24.0296
2010/09/15 22:39:24.0296 OS Version: 5.1.2600 ServicePack: 3.0
2010/09/15 22:39:24.0296 Product type: Workstation
2010/09/15 22:39:24.0296 ComputerName: D3R3VDH1
2010/09/15 22:39:24.0296 UserName: John
2010/09/15 22:39:24.0296 Windows directory: C:\WINDOWS
2010/09/15 22:39:24.0296 System windows directory: C:\WINDOWS
2010/09/15 22:39:24.0296 Processor architecture: Intel x86
2010/09/15 22:39:24.0296 Number of processors: 4
2010/09/15 22:39:24.0296 Page size: 0x1000
2010/09/15 22:39:24.0296 Boot type: Safe boot with network
2010/09/15 22:39:24.0296 ================================================================================
2010/09/15 22:39:24.0609 Initialize success
2010/09/15 22:39:26.0625 ================================================================================
2010/09/15 22:39:26.0625 Scan started
2010/09/15 22:39:26.0625 Mode: Manual;
2010/09/15 22:39:26.0625 ================================================================================
2010/09/15 22:39:27.0265 abp480n5 (6abb91494fe6c59089b9336452ab2ea3) C:\WINDOWS\system32\DRIVERS\ABP480N5.SYS
2010/09/15 22:39:27.0343 ACPI (8fd99680a539792a30e97944fdaecf17) C:\WINDOWS\system32\DRIVERS\ACPI.sys
2010/09/15 22:39:27.0390 ACPIEC (9859c0f6936e723e4892d7141b1327d5) C:\WINDOWS\system32\drivers\ACPIEC.sys
2010/09/15 22:39:27.0437 adpu160m (9a11864873da202c996558b2106b0bbc) C:\WINDOWS\system32\DRIVERS\adpu160m.sys
2010/09/15 22:39:27.0484 aec (8bed39e3c35d6a489438b8141717a557) C:\WINDOWS\system32\drivers\aec.sys
2010/09/15 22:39:27.0562 AFD (bafd128fdcedd59e5892e02b01b9f247) C:\WINDOWS\System32\drivers\afd.sys
2010/09/15 22:39:27.0562 Suspicious file (Forged): C:\WINDOWS\System32\drivers\afd.sys. Real md5: bafd128fdcedd59e5892e02b01b9f247, Fake md5: 7e775010ef291da96ad17ca4b17137d7
2010/09/15 22:39:27.0562 AFD - detected Rootkit.Win32.TDSS.tdl3 (0)
2010/09/15 22:39:27.0625 agp440 (08fd04aa961bdc77fb983f328334e3d7) C:\WINDOWS\system32\DRIVERS\agp440.sys
2010/09/15 22:39:27.0640 agpCPQ (03a7e0922acfe1b07d5db2eeb0773063) C:\WINDOWS\system32\DRIVERS\agpCPQ.sys
2010/09/15 22:39:27.0703 Aha154x (c23ea9b5f46c7f7910db3eab648ff013) C:\WINDOWS\system32\DRIVERS\aha154x.sys
2010/09/15 22:39:27.0750 aic78u2 (19dd0fb48b0c18892f70e2e7d61a1529) C:\WINDOWS\system32\DRIVERS\aic78u2.sys
2010/09/15 22:39:27.0781 aic78xx (b7fe594a7468aa0132deb03fb8e34326) C:\WINDOWS\system32\DRIVERS\aic78xx.sys
2010/09/15 22:39:27.0828 AliIde (1140ab9938809700b46bb88e46d72a96) C:\WINDOWS\system32\DRIVERS\aliide.sys
2010/09/15 22:39:27.0843 alim1541 (cb08aed0de2dd889a8a820cd8082d83c) C:\WINDOWS\system32\DRIVERS\alim1541.sys
2010/09/15 22:39:27.0875 amdagp (95b4fb835e28aa1336ceeb07fd5b9398) C:\WINDOWS\system32\DRIVERS\amdagp.sys
2010/09/15 22:39:27.0921 amsint (79f5add8d24bd6893f2903a3e2f3fad6) C:\WINDOWS\system32\DRIVERS\amsint.sys
2010/09/15 22:39:28.0000 Arp1394 (b5b8a80875c1dededa8b02765642c32f) C:\WINDOWS\system32\DRIVERS\arp1394.sys
2010/09/15 22:39:28.0046 asc (62d318e9a0c8fc9b780008e724283707) C:\WINDOWS\system32\DRIVERS\asc.sys
2010/09/15 22:39:28.0078 asc3350p (69eb0cc7714b32896ccbfd5edcbea447) C:\WINDOWS\system32\DRIVERS\asc3350p.sys
2010/09/15 22:39:28.0140 asc3550 (5d8de112aa0254b907861e9e9c31d597) C:\WINDOWS\system32\DRIVERS\asc3550.sys
2010/09/15 22:39:28.0203 ASPI (54ab078660e536da72b21a27f56b035b) C:\WINDOWS\System32\DRIVERS\ASPI32.sys
2010/09/15 22:39:28.0265 AsyncMac (b153affac761e7f5fcfa822b9c4e97bc) C:\WINDOWS\system32\DRIVERS\asyncmac.sys
2010/09/15 22:39:28.0328 atapi (9f3a2f5aa6875c72bf062c712cfa2674) C:\WINDOWS\system32\DRIVERS\atapi.sys
2010/09/15 22:39:28.0515 ati2mtag (97129408c8760f3421c1551ba3f3899d) C:\WINDOWS\system32\DRIVERS\ati2mtag.sys
2010/09/15 22:39:28.0640 ATIAVPCI (edd8188414f2e7b84c23a52d9a7e48a7) C:\WINDOWS\system32\DRIVERS\atinavrr.sys
2010/09/15 22:39:28.0734 AtiHdmiService (dc6957811ff95f2dd3004361b20d8d3f) C:\WINDOWS\system32\drivers\AtiHdmi.sys
2010/09/15 22:39:28.0781 Atmarpc (9916c1225104ba14794209cfa8012159) C:\WINDOWS\system32\DRIVERS\atmarpc.sys
2010/09/15 22:39:28.0828 audstub (d9f724aa26c010a217c97606b160ed68) C:\WINDOWS\system32\DRIVERS\audstub.sys
2010/09/15 22:39:28.0968 AvgLdx86 (b8c187439d27aba430dd69fdcf1fa657) C:\WINDOWS\system32\Drivers\avgldx86.sys
2010/09/15 22:39:29.0046 AvgMfx86 (53b3f979930a786a614d29cafe99f645) C:\WINDOWS\system32\Drivers\avgmfx86.sys
2010/09/15 22:39:29.0109 AvgRkx86 (5bbcd8646074a3af4ee9b321d12c2b64) C:\WINDOWS\system32\Drivers\avgrkx86.sys
2010/09/15 22:39:29.0218 AvgTdiX (22e3b793c3e61720f03d3a22351af410) C:\WINDOWS\system32\Drivers\avgtdix.sys
2010/09/15 22:39:29.0265 Beep (da1f27d85e0d1525f6621372e7b685e9) C:\WINDOWS\system32\drivers\Beep.sys
2010/09/15 22:39:29.0343 cbidf (90a673fc8e12a79afbed2576f6a7aaf9) C:\WINDOWS\system32\DRIVERS\cbidf2k.sys
2010/09/15 22:39:29.0359 cbidf2k (90a673fc8e12a79afbed2576f6a7aaf9) C:\WINDOWS\system32\drivers\cbidf2k.sys
2010/09/15 22:39:29.0421 CCDECODE (0be5aef125be881c4f854c554f2b025c) C:\WINDOWS\system32\DRIVERS\CCDECODE.sys
2010/09/15 22:39:29.0500 cd20xrnt (f3ec03299634490e97bbce94cd2954c7) C:\WINDOWS\system32\DRIVERS\cd20xrnt.sys
2010/09/15 22:39:29.0640 Cdaudio (c1b486a7658353d33a10cc15211a873b) C:\WINDOWS\system32\drivers\Cdaudio.sys
2010/09/15 22:39:29.0703 Cdfs (c885b02847f5d2fd45a24e219ed93b32) C:\WINDOWS\system32\drivers\Cdfs.sys
2010/09/15 22:39:29.0750 Cdrom (1f4260cc5b42272d71f79e570a27a4fe) C:\WINDOWS\system32\DRIVERS\cdrom.sys
2010/09/15 22:39:29.0921 CmdIde (e5dcb56c533014ecbc556a8357c929d5) C:\WINDOWS\system32\DRIVERS\cmdide.sys
2010/09/15 22:39:30.0015 Cpqarray (3ee529119eed34cd212a215e8c40d4b6) C:\WINDOWS\system32\DRIVERS\cpqarray.sys
2010/09/15 22:39:30.0062 cpuz132 (097a0a4899b759a4f032bd464963b4be) C:\WINDOWS\system32\drivers\cpuz132_x32.sys
2010/09/15 22:39:30.0156 dac2w2k (e550e7418984b65a78299d248f0a7f36) C:\WINDOWS\system32\DRIVERS\dac2w2k.sys
2010/09/15 22:39:30.0187 dac960nt (683789caa3864eb46125ae86ff677d34) C:\WINDOWS\system32\DRIVERS\dac960nt.sys
2010/09/15 22:39:30.0250 Disk (044452051f3e02e7963599fc8f4f3e25) C:\WINDOWS\system32\DRIVERS\disk.sys
2010/09/15 22:39:30.0406 dmboot (d992fe1274bde0f84ad826acae022a41) C:\WINDOWS\system32\drivers\dmboot.sys
2010/09/15 22:39:30.0453 dmio (7c824cf7bbde77d95c08005717a95f6f) C:\WINDOWS\system32\DRIVERS\dmio.sys
2010/09/15 22:39:30.0484 dmload (e9317282a63ca4d188c0df5e09c6ac5f) C:\WINDOWS\system32\drivers\dmload.sys
2010/09/15 22:39:30.0546 DMusic (8a208dfcf89792a484e76c40e5f50b45) C:\WINDOWS\system32\drivers\DMusic.sys
2010/09/15 22:39:30.0609 dpti2o (40f3b93b4e5b0126f2f5c0a7a5e22660) C:\WINDOWS\system32\DRIVERS\dpti2o.sys
2010/09/15 22:39:30.0640 drmkaud (8f5fcff8e8848afac920905fbd9d33c8) C:\WINDOWS\system32\drivers\drmkaud.sys
2010/09/15 22:39:30.0781 Fastfat (38d332a6d56af32635675f132548343e) C:\WINDOWS\system32\drivers\Fastfat.sys
2010/09/15 22:39:30.0843 Fdc (92cdd60b6730b9f50f6a1a0c1f8cdc81) C:\WINDOWS\system32\DRIVERS\fdc.sys
2010/09/15 22:39:30.0890 Fips (d45926117eb9fa946a6af572fbe1caa3) C:\WINDOWS\system32\drivers\Fips.sys
2010/09/15 22:39:30.0953 Flpydisk (9d27e7b80bfcdf1cdd9b555862d5e7f0) C:\WINDOWS\system32\drivers\Flpydisk.sys
2010/09/15 22:39:31.0000 FltMgr (b2cf4b0786f8212cb92ed2b50c6db6b0) C:\WINDOWS\system32\DRIVERS\fltMgr.sys
2010/09/15 22:39:31.0015 Fs_Rec (3e1e2bd4f39b0e2b7dc4f4d2bcc2779a) C:\WINDOWS\system32\drivers\Fs_Rec.sys
2010/09/15 22:39:31.0046 Ftdisk (6ac26732762483366c3969c9e4d2259d) C:\WINDOWS\system32\DRIVERS\ftdisk.sys
2010/09/15 22:39:31.0078 GEARAspiWDM (8182ff89c65e4d38b2de4bb0fb18564e) C:\WINDOWS\system32\DRIVERS\GEARAspiWDM.sys
2010/09/15 22:39:31.0140 Gpc (0a02c63c8b144bd8c86b103dee7c86a2) C:\WINDOWS\system32\DRIVERS\msgpc.sys
2010/09/15 22:39:31.0234 HDAudBus (573c7d0a32852b48f3058cfd8026f511) C:\WINDOWS\system32\DRIVERS\HDAudBus.sys
2010/09/15 22:39:31.0296 hidusb (ccf82c5ec8a7326c3066de870c06daf1) C:\WINDOWS\system32\DRIVERS\hidusb.sys
2010/09/15 22:39:31.0359 hpn (b028377dea0546a5fcfba928a8aefae0) C:\WINDOWS\system32\DRIVERS\hpn.sys
2010/09/15 22:39:31.0437 HPZid412 (d03d10f7ded688fecf50f8fbf1ea9b8a) C:\WINDOWS\system32\DRIVERS\HPZid412.sys
2010/09/15 22:39:31.0468 HPZipr12 (89f41658929393487b6b7d13c8528ce3) C:\WINDOWS\system32\DRIVERS\HPZipr12.sys
2010/09/15 22:39:31.0546 HPZius12 (abcb05ccdbf03000354b9553820e39f8) C:\WINDOWS\system32\DRIVERS\HPZius12.sys
2010/09/15 22:39:31.0609 HTTP (f80a415ef82cd06ffaf0d971528ead38) C:\WINDOWS\system32\Drivers\HTTP.sys
2010/09/15 22:39:31.0640 i2omgmt (9368670bd426ebea5e8b18a62416ec28) C:\WINDOWS\system32\drivers\i2omgmt.sys
2010/09/15 22:39:31.0703 i2omp (f10863bf1ccc290babd1a09188ae49e0) C:\WINDOWS\system32\DRIVERS\i2omp.sys
2010/09/15 22:39:31.0734 Imapi (083a052659f5310dd8b6a6cb05edcf8e) C:\WINDOWS\system32\DRIVERS\imapi.sys
2010/09/15 22:39:31.0796 ini910u (4a40e045faee58631fd8d91afc620719) C:\WINDOWS\system32\DRIVERS\ini910u.sys
2010/09/15 22:39:31.0953 IntcAzAudAddService (eb5608fd4f2961517ac9f5cac88b023b) C:\WINDOWS\system32\drivers\RtkHDAud.sys
2010/09/15 22:39:32.0000 IntelIde (b5466a9250342a7aa0cd1fba13420678) C:\WINDOWS\system32\DRIVERS\intelide.sys
2010/09/15 22:39:32.0046 intelppm (8c953733d8f36eb2133f5bb58808b66b) C:\WINDOWS\system32\DRIVERS\intelppm.sys
2010/09/15 22:39:32.0109 Ip6Fw (3bb22519a194418d5fec05d800a19ad0) C:\WINDOWS\system32\DRIVERS\Ip6Fw.sys
2010/09/15 22:39:32.0203 IpFilterDriver (731f22ba402ee4b62748adaf6363c182) C:\WINDOWS\system32\DRIVERS\ipfltdrv.sys
2010/09/15 22:39:32.0234 IpInIp (b87ab476dcf76e72010632b5550955f5) C:\WINDOWS\system32\DRIVERS\ipinip.sys
2010/09/15 22:39:32.0281 IpNat (cc748ea12c6effde940ee98098bf96bb) C:\WINDOWS\system32\DRIVERS\ipnat.sys
2010/09/15 22:39:32.0296 IPSec (23c74d75e36e7158768dd63d92789a91) C:\WINDOWS\system32\DRIVERS\ipsec.sys
2010/09/15 22:39:32.0343 IRENUM (c93c9ff7b04d772627a3646d89f7bf89) C:\WINDOWS\system32\DRIVERS\irenum.sys
2010/09/15 22:39:32.0406 isapnp (05a299ec56e52649b1cf2fc52d20f2d7) C:\WINDOWS\system32\DRIVERS\isapnp.sys
2010/09/15 22:39:32.0453 Kbdclass (463c1ec80cd17420a542b7f36a36f128) C:\WINDOWS\system32\DRIVERS\kbdclass.sys
2010/09/15 22:39:32.0500 kbdhid (9ef487a186dea361aa06913a75b3fa99) C:\WINDOWS\system32\DRIVERS\kbdhid.sys
2010/09/15 22:39:32.0546 kmixer (692bcf44383d056aed41b045a323d378) C:\WINDOWS\system32\drivers\kmixer.sys
2010/09/15 22:39:32.0593 KSecDD (b467646c54cc746128904e1654c750c1) C:\WINDOWS\system32\drivers\KSecDD.sys
2010/09/15 22:39:32.0734 LVcKap (9a3d4fc6b86e7e36473079ab76ac703d) C:\WINDOWS\system32\DRIVERS\LVcKap.sys
2010/09/15 22:39:32.0843 LVMVDrv (0acbc11f19320af6c19f2e20013d9095) C:\WINDOWS\system32\DRIVERS\LVMVDrv.sys
2010/09/15 22:39:32.0921 LVPr2Mon (12866641284ebb41e627bb53c04da959) C:\WINDOWS\system32\DRIVERS\LVPr2Mon.sys
2010/09/15 22:39:32.0984 LVUSBSta (caef4c05ba2c1acad4ebcaa4261cd55d) C:\WINDOWS\system32\drivers\LVUSBSta.sys
2010/09/15 22:39:33.0046 mcdbus (8fd868e32459ece2a1bb0169f513d31e) C:\WINDOWS\system32\DRIVERS\mcdbus.sys
2010/09/15 22:39:33.0078 mnmdd (4ae068242760a1fb6e1a44bf4e16afa6) C:\WINDOWS\system32\drivers\mnmdd.sys
2010/09/15 22:39:33.0125 Modem (dfcbad3cec1c5f964962ae10e0bcc8e1) C:\WINDOWS\system32\drivers\Modem.sys
2010/09/15 22:39:33.0140 Mouclass (35c9e97194c8cfb8430125f8dbc34d04) C:\WINDOWS\system32\DRIVERS\mouclass.sys
2010/09/15 22:39:33.0156 mouhid (b1c303e17fb9d46e87a98e4ba6769685) C:\WINDOWS\system32\DRIVERS\mouhid.sys
2010/09/15 22:39:33.0187 MountMgr (a80b9a0bad1b73637dbcbba7df72d3fd) C:\WINDOWS\system32\drivers\MountMgr.sys
2010/09/15 22:39:33.0234 MPE (c0f8e0c2c3c0437cf37c6781896dc3ec) C:\WINDOWS\system32\DRIVERS\MPE.sys
2010/09/15 22:39:33.0250 mraid35x (3f4bb95e5a44f3be34824e8e7caf0737) C:\WINDOWS\system32\DRIVERS\mraid35x.sys
2010/09/15 22:39:33.0281 MRxDAV (11d42bb6206f33fbb3ba0288d3ef81bd) C:\WINDOWS\system32\DRIVERS\mrxdav.sys
2010/09/15 22:39:33.0328 MRxSmb (f3aefb11abc521122b67095044169e98) C:\WINDOWS\system32\DRIVERS\mrxsmb.sys
2010/09/15 22:39:33.0359 Msfs (c941ea2454ba8350021d774daf0f1027) C:\WINDOWS\system32\drivers\Msfs.sys
2010/09/15 22:39:33.0421 MSKSSRV (d1575e71568f4d9e14ca56b7b0453bf1) C:\WINDOWS\system32\drivers\MSKSSRV.sys
2010/09/15 22:39:33.0437 MSPCLOCK (325bb26842fc7ccc1fcce2c457317f3e) C:\WINDOWS\system32\drivers\MSPCLOCK.sys
2010/09/15 22:39:33.0484 MSPQM (bad59648ba099da4a17680b39730cb3d) C:\WINDOWS\system32\drivers\MSPQM.sys
2010/09/15 22:39:33.0500 mssmbios (af5f4f3f14a8ea2c26de30f7a1e17136) C:\WINDOWS\system32\DRIVERS\mssmbios.sys
2010/09/15 22:39:33.0546 MSTEE (e53736a9e30c45fa9e7b5eac55056d1d) C:\WINDOWS\system32\drivers\MSTEE.sys
2010/09/15 22:39:33.0546 Mup (2f625d11385b1a94360bfc70aaefdee1) C:\WINDOWS\system32\drivers\Mup.sys
2010/09/15 22:39:33.0578 NABTSFEC (5b50f1b2a2ed47d560577b221da734db) C:\WINDOWS\system32\DRIVERS\NABTSFEC.sys
2010/09/15 22:39:33.0625 NDIS (1df7f42665c94b825322fae71721130d) C:\WINDOWS\system32\drivers\NDIS.sys
2010/09/15 22:39:33.0687 NdisIP (7ff1f1fd8609c149aa432f95a8163d97) C:\WINDOWS\system32\DRIVERS\NdisIP.sys
2010/09/15 22:39:33.0718 NdisTapi (1ab3d00c991ab086e69db84b6c0ed78f) C:\WINDOWS\system32\DRIVERS\ndistapi.sys
2010/09/15 22:39:33.0734 Ndisuio (f927a4434c5028758a842943ef1a3849) C:\WINDOWS\system32\DRIVERS\ndisuio.sys
2010/09/15 22:39:33.0750 NdisWan (edc1531a49c80614b2cfda43ca8659ab) C:\WINDOWS\system32\DRIVERS\ndiswan.sys
2010/09/15 22:39:33.0765 NDProxy (6215023940cfd3702b46abc304e1d45a) C:\WINDOWS\system32\drivers\NDProxy.sys
2010/09/15 22:39:33.0781 NetBIOS (5d81cf9a2f1a3a756b66cf684911cdf0) C:\WINDOWS\system32\DRIVERS\netbios.sys
2010/09/15 22:39:33.0828 NetBT (74b2b2f5bea5e9a3dc021d685551bd3d) C:\WINDOWS\system32\DRIVERS\netbt.sys
2010/09/15 22:39:33.0890 NIC1394 (e9e47cfb2d461fa0fc75b7a74c6383ea) C:\WINDOWS\system32\DRIVERS\nic1394.sys
2010/09/15 22:39:33.0906 Npfs (3182d64ae053d6fb034f44b6def8034a) C:\WINDOWS\system32\drivers\Npfs.sys
2010/09/15 22:39:34.0000 Ntfs (78a08dd6a8d65e697c18e1db01c5cdca) C:\WINDOWS\system32\drivers\Ntfs.sys
2010/09/15 22:39:34.0062 Null (73c1e1f395918bc2c6dd67af7591a3ad) C:\WINDOWS\system32\drivers\Null.sys
2010/09/15 22:39:34.0109 NVENETFD (d314fe034d68c09d412727886e24f5fb) C:\WINDOWS\system32\DRIVERS\NVENETFD.sys
2010/09/15 22:39:34.0171 nvgts (a0b3f3a5049931657164f0ffcf0b208e) C:\WINDOWS\system32\DRIVERS\nvgts.sys
2010/09/15 22:39:34.0218 nvnetbus (f99fbb623ed78367574ee461b5b32c2c) C:\WINDOWS\system32\DRIVERS\nvnetbus.sys
2010/09/15 22:39:34.0281 NVR0Dev (812f257ed1cd53fcb1f9f9cc910f4809) C:\WINDOWS\nvoclock.sys
2010/09/15 22:39:34.0328 nvrd32 (c9128fe14e5c1e55710781b5c276f2ed) C:\WINDOWS\system32\DRIVERS\nvrd32.sys
2010/09/15 22:39:34.0343 NwlnkFlt (b305f3fad35083837ef46a0bbce2fc57) C:\WINDOWS\system32\DRIVERS\nwlnkflt.sys
2010/09/15 22:39:34.0359 NwlnkFwd (c99b3415198d1aab7227f2c88fd664b9) C:\WINDOWS\system32\DRIVERS\nwlnkfwd.sys
2010/09/15 22:39:34.0375 ohci1394 (ca33832df41afb202ee7aeb05145922f) C:\WINDOWS\system32\DRIVERS\ohci1394.sys
2010/09/15 22:39:34.0421 Parport (5575faf8f97ce5e713d108c2a58d7c7c) C:\WINDOWS\system32\drivers\Parport.sys
2010/09/15 22:39:34.0500 Partizan (6ddcf3f801ec15fe698f6a215cf30a1f) C:\WINDOWS\system32\drivers\Partizan.sys
2010/09/15 22:39:34.0515 PartMgr (beb3ba25197665d82ec7065b724171c6) C:\WINDOWS\system32\drivers\PartMgr.sys
2010/09/15 22:39:34.0531 ParVdm (70e98b3fd8e963a6a46a2e6247e0bea1) C:\WINDOWS\system32\drivers\ParVdm.sys
2010/09/15 22:39:34.0546 PCI (a219903ccf74233761d92bef471a07b1) C:\WINDOWS\system32\DRIVERS\pci.sys
2010/09/15 22:39:34.0562 PCIIde (ccf5f451bb1a5a2a522a76e670000ff0) C:\WINDOWS\system32\DRIVERS\pciide.sys
2010/09/15 22:39:34.0671 Pcmcia (9e89ef60e9ee05e3f2eef2da7397f1c1) C:\WINDOWS\system32\drivers\Pcmcia.sys
2010/09/15 22:39:34.0765 pepifilter (c5d5ea6a29523e0f6016741e9851c6db) C:\WINDOWS\system32\DRIVERS\lv302af.sys
2010/09/15 22:39:34.0796 perc2 (6c14b9c19ba84f73d3a86dba11133101) C:\WINDOWS\system32\DRIVERS\perc2.sys
2010/09/15 22:39:34.0812 perc2hib (f50f7c27f131afe7beba13e14a3b9416) C:\WINDOWS\system32\DRIVERS\perc2hib.sys
2010/09/15 22:39:34.0906 PID_PEPI (84b9084692fe00df09f20e516d831c57) C:\WINDOWS\system32\DRIVERS\LV302V32.SYS
2010/09/15 22:39:34.0968 PptpMiniport (efeec01b1d3cf84f16ddd24d9d9d8f99) C:\WINDOWS\system32\DRIVERS\raspptp.sys
2010/09/15 22:39:34.0984 PSched (09298ec810b07e5d582cb3a3f9255424) C:\WINDOWS\system32\DRIVERS\psched.sys
2010/09/15 22:39:34.0984 Ptilink (80d317bd1c3dbc5d4fe7b1678c60cadd) C:\WINDOWS\system32\DRIVERS\ptilink.sys
2010/09/15 22:39:35.0015 PxHelp20 (03e0fe281823ba64b3782f5b38950e73) C:\WINDOWS\system32\Drivers\PxHelp20.sys
2010/09/15 22:39:35.0031 ql1080 (0a63fb54039eb5662433caba3b26dba7) C:\WINDOWS\system32\DRIVERS\ql1080.sys
2010/09/15 22:39:35.0046 Ql10wnt (6503449e1d43a0ff0201ad5cb1b8c706) C:\WINDOWS\system32\DRIVERS\ql10wnt.sys
2010/09/15 22:39:35.0078 ql12160 (156ed0ef20c15114ca097a34a30d8a01) C:\WINDOWS\system32\DRIVERS\ql12160.sys
2010/09/15 22:39:35.0078 ql1240 (70f016bebde6d29e864c1230a07cc5e6) C:\WINDOWS\system32\DRIVERS\ql1240.sys
2010/09/15 22:39:35.0093 ql1280 (907f0aeea6bc451011611e732bd31fcf) C:\WINDOWS\system32\DRIVERS\ql1280.sys
2010/09/15 22:39:35.0140 RasAcd (fe0d99d6f31e4fad8159f690d68ded9c) C:\WINDOWS\system32\DRIVERS\rasacd.sys
2010/09/15 22:39:35.0156 Rasl2tp (11b4a627bc9614b885c4969bfa5ff8a6) C:\WINDOWS\system32\DRIVERS\rasl2tp.sys
2010/09/15 22:39:35.0171 RasPppoe (5bc962f2654137c9909c3d4603587dee) C:\WINDOWS\system32\DRIVERS\raspppoe.sys
2010/09/15 22:39:35.0187 Raspti (fdbb1d60066fcfbb7452fd8f9829b242) C:\WINDOWS\system32\DRIVERS\raspti.sys
2010/09/15 22:39:35.0234 Rdbss (7ad224ad1a1437fe28d89cf22b17780a) C:\WINDOWS\system32\DRIVERS\rdbss.sys
2010/09/15 22:39:35.0250 RDPCDD (4912d5b403614ce99c28420f75353332) C:\WINDOWS\system32\DRIVERS\RDPCDD.sys
2010/09/15 22:39:35.0265 rdpdr (15cabd0f7c00c47c70124907916af3f1) C:\WINDOWS\system32\DRIVERS\rdpdr.sys
2010/09/15 22:39:35.0296 RDPWD (6728e45b66f93c08f11de2e316fc70dd) C:\WINDOWS\system32\drivers\RDPWD.sys
2010/09/15 22:39:35.0328 redbook (f828dd7e1419b6653894a8f97a0094c5) C:\WINDOWS\system32\DRIVERS\redbook.sys
2010/09/15 22:39:35.0375 RegGuard (37ecebdd930395a9c399fb18a3c236d3) C:\WINDOWS\system32\Drivers\regguard.sys
2010/09/15 22:39:35.0531 RTHDMIAzAudService (1eacb3bfede4e2f5a584fa4e8031729b) C:\WINDOWS\system32\drivers\RtKHDMI.sys
2010/09/15 22:39:35.0671 SbieDrv (0e5a3d6b8362d7b44dbf56acd2c090ce) C:\Program Files\Sandboxie\SbieDrv.sys
2010/09/15 22:39:35.0718 Secdrv (90a3935d05b494a5a39d37e71f09a677) C:\WINDOWS\system32\DRIVERS\secdrv.sys
2010/09/15 22:39:35.0750 Serial (cca207a8896d4c6a0c9ce29a4ae411a7) C:\WINDOWS\system32\drivers\Serial.sys
2010/09/15 22:39:35.0812 Sfloppy (8e6b8c671615d126fdc553d1e2de5562) C:\WINDOWS\system32\drivers\Sfloppy.sys
2010/09/15 22:39:35.0843 sisagp (6b33d0ebd30db32e27d1d78fe946a754) C:\WINDOWS\system32\DRIVERS\sisagp.sys
2010/09/15 22:39:35.0890 SLIP (866d538ebe33709a5c9f5c62b73b7d14) C:\WINDOWS\system32\DRIVERS\SLIP.sys
2010/09/15 22:39:35.0921 Sparrow (83c0f71f86d3bdaf915685f3d568b20e) C:\WINDOWS\system32\DRIVERS\sparrow.sys
2010/09/15 22:39:35.0968 splitter (ab8b92451ecb048a4d1de7c3ffcb4a9f) C:\WINDOWS\system32\drivers\splitter.sys
2010/09/15 22:39:36.0046 sptd (d390675b8ce45e5fb359338e5e649329) C:\WINDOWS\system32\Drivers\sptd.sys
2010/09/15 22:39:36.0046 Suspicious file (NoAccess): C:\WINDOWS\system32\Drivers\sptd.sys. md5: d390675b8ce45e5fb359338e5e649329
2010/09/15 22:39:36.0046 sptd - detected Locked file (1)
2010/09/15 22:39:36.0062 sr (76bb022c2fb6902fd5bdd4f78fc13a5d) C:\WINDOWS\system32\DRIVERS\sr.sys
2010/09/15 22:39:36.0125 Srv (da852e3e0bf1cea75d756f9866241e57) C:\WINDOWS\system32\DRIVERS\srv.sys
2010/09/15 22:39:36.0171 streamip (77813007ba6265c4b6098187e6ed79d2) C:\WINDOWS\system32\DRIVERS\StreamIP.sys
2010/09/15 22:39:36.0218 swenum (3941d127aef12e93addf6fe6ee027e0f) C:\WINDOWS\system32\DRIVERS\swenum.sys
2010/09/15 22:39:36.0250 swmidi (8ce882bcc6cf8a62f2b2323d95cb3d01) C:\WINDOWS\system32\drivers\swmidi.sys
2010/09/15 22:39:36.0281 symc810 (1ff3217614018630d0a6758630fc698c) C:\WINDOWS\system32\DRIVERS\symc810.sys
2010/09/15 22:39:36.0296 symc8xx (070e001d95cf725186ef8b20335f933c) C:\WINDOWS\system32\DRIVERS\symc8xx.sys
2010/09/15 22:39:36.0343 sym_hi (80ac1c4abbe2df3b738bf15517a51f2c) C:\WINDOWS\system32\DRIVERS\sym_hi.sys
2010/09/15 22:39:36.0375 sym_u3 (bf4fab949a382a8e105f46ebb4937058) C:\WINDOWS\system32\DRIVERS\sym_u3.sys
2010/09/15 22:39:36.0406 sysaudio (8b83f3ed0f1688b4958f77cd6d2bf290) C:\WINDOWS\system32\drivers\sysaudio.sys
2010/09/15 22:39:36.0484 Tcpip (9aefa14bd6b182d61e3119fa5f436d3d) C:\WINDOWS\system32\DRIVERS\tcpip.sys
2010/09/15 22:39:36.0531 TDPIPE (6471a66807f5e104e4885f5b67349397) C:\WINDOWS\system32\drivers\TDPIPE.sys
2010/09/15 22:39:36.0546 TDTCP (c56b6d0402371cf3700eb322ef3aaf61) C:\WINDOWS\system32\drivers\TDTCP.sys
2010/09/15 22:39:36.0593 TermDD (88155247177638048422893737429d9e) C:\WINDOWS\system32\DRIVERS\termdd.sys
2010/09/15 22:39:36.0656 TIEHDUSB (a1124ebc672aa3ae1b327096c1dcc346) C:\WINDOWS\system32\drivers\tiehdusb.sys
2010/09/15 22:39:36.0687 TosIde (f2790f6af01321b172aa62f8e1e187d9) C:\WINDOWS\system32\DRIVERS\toside.sys
2010/09/15 22:39:36.0718 truecrypt (6ec1d6ed5471c99ffc38abe498a6df08) C:\WINDOWS\system32\drivers\truecrypt.sys
2010/09/15 22:39:36.0765 Udfs (5787b80c2e3c5e2f56c2a233d91fa2c9) C:\WINDOWS\system32\drivers\Udfs.sys
2010/09/15 22:39:36.0796 ultra (1b698a51cd528d8da4ffaed66dfc51b9) C:\WINDOWS\system32\DRIVERS\ultra.sys
2010/09/15 22:39:36.0828 Update (402ddc88356b1bac0ee3dd1580c76a31) C:\WINDOWS\system32\DRIVERS\update.sys
2010/09/15 22:39:36.0875 USBAAPL (4b8a9c16b6d9258ed99c512aecb8c555) C:\WINDOWS\system32\Drivers\usbaapl.sys
2010/09/15 22:39:36.0921 usbaudio (e919708db44ed8543a7c017953148330) C:\WINDOWS\system32\drivers\usbaudio.sys
2010/09/15 22:39:36.0968 usbbus (9419faac6552a51542dbba02971c841c) C:\WINDOWS\system32\DRIVERS\lgusbbus.sys
2010/09/15 22:39:37.0015 usbccgp (173f317ce0db8e21322e71b7e60a27e8) C:\WINDOWS\system32\DRIVERS\usbccgp.sys
2010/09/15 22:39:37.0046 UsbDiag (c0a466fa4ffec464320e159bc1bbdc0c) C:\WINDOWS\system32\DRIVERS\lgusbdiag.sys
2010/09/15 22:39:37.0109 usbehci (65dcf09d0e37d4c6b11b5b0b76d470a7) C:\WINDOWS\system32\DRIVERS\usbehci.sys
2010/09/15 22:39:37.0125 usbhub (1ab3cdde553b6e064d2e754efe20285c) C:\WINDOWS\system32\DRIVERS\usbhub.sys
2010/09/15 22:39:37.0156 USBModem (f74a54774a9b0afeb3c40adec68aa600) C:\WINDOWS\system32\DRIVERS\lgusbmodem.sys
2010/09/15 22:39:37.0187 usbohci (0daecce65366ea32b162f85f07c6753b) C:\WINDOWS\system32\DRIVERS\usbohci.sys
2010/09/15 22:39:37.0250 usbprint (a717c8721046828520c9edf31288fc00) C:\WINDOWS\system32\DRIVERS\usbprint.sys
2010/09/15 22:39:37.0312 usbscan (a0b8cf9deb1184fbdd20784a58fa75d4) C:\WINDOWS\system32\DRIVERS\usbscan.sys
2010/09/15 22:39:37.0359 USBSTOR (a32426d9b14a089eaa1d922e0c5801a9) C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS
2010/09/15 22:39:37.0390 usbuhci (26496f9dee2d787fc3e61ad54821ffe6) C:\WINDOWS\system32\DRIVERS\usbuhci.sys
2010/09/15 22:39:37.0421 VgaSave (0d3a8fafceacd8b7625cd549757a7df1) C:\WINDOWS\System32\drivers\vga.sys
2010/09/15 22:39:37.0453 viaagp (754292ce5848b3738281b4f3607eaef4) C:\WINDOWS\system32\DRIVERS\viaagp.sys
2010/09/15 22:39:37.0484 ViaIde (3b3efcda263b8ac14fdf9cbdd0791b2e) C:\WINDOWS\system32\DRIVERS\viaide.sys
2010/09/15 22:39:37.0578 VolSnap (4c8fcb5cc53aab716d810740fe59d025) C:\WINDOWS\system32\drivers\VolSnap.sys
2010/09/15 22:39:37.0625 Wanarp (e20b95baedb550f32dd489265c1da1f6) C:\WINDOWS\system32\DRIVERS\wanarp.sys
2010/09/15 22:39:37.0687 Wdf01000 (060e8cb99cc0a6751db5810c042b0d45) C:\WINDOWS\system32\DRIVERS\Wdf01000.sys
2010/09/15 22:39:37.0765 wdmaud (6768acf64b18196494413695f0c3a00f) C:\WINDOWS\system32\drivers\wdmaud.sys
2010/09/15 22:39:37.0875 WpdUsb (1385e5aa9c9821790d33a9563b8d2dd0) C:\WINDOWS\system32\Drivers\wpdusb.sys
2010/09/15 22:39:37.0906 WSTCODEC (c98b39829c2bbd34e454150633c62c78) C:\WINDOWS\system32\DRIVERS\WSTCODEC.SYS
2010/09/15 22:39:37.0968 xusb21 (ee9144207ee0211eb5656ba6808ac4a0) C:\WINDOWS\system32\DRIVERS\xusb21.sys
2010/09/15 22:39:38.0000 ZDCNDIS5 (1e206ae7b474b393e97a14c7769ba9a4) C:\WINDOWS\system32\ZDCNDIS5.SYS
2010/09/15 22:39:38.0031 ================================================================================
2010/09/15 22:39:38.0031 Scan finished
2010/09/15 22:39:38.0031 ================================================================================
2010/09/15 22:39:38.0031 Detected object count: 2
2010/09/15 22:39:56.0343 AFD (bafd128fdcedd59e5892e02b01b9f247) C:\WINDOWS\System32\drivers\afd.sys
2010/09/15 22:39:56.0343 Suspicious file (Forged): C:\WINDOWS\System32\drivers\afd.sys. Real md5: bafd128fdcedd59e5892e02b01b9f247, Fake md5: 7e775010ef291da96ad17ca4b17137d7
2010/09/15 22:39:56.0546 Backup copy found, using it..
2010/09/15 22:39:56.0562 C:\WINDOWS\System32\drivers\afd.sys - will be cured after reboot
2010/09/15 22:39:56.0562 Rootkit.Win32.TDSS.tdl3(AFD) - User select action: Cure
2010/09/15 22:39:56.0562 Locked file(sptd) - User select action: Skip
2010/09/15 22:40:58.0312 Deinitialize success




Here is the MBAM report from that day (I also have two more - one from the 15th, and another from the 24th - that found a few virus, trojan, and malware agents. I will gladly post those as well, if you would like.) :

Malwarebytes' Anti-Malware 1.46
www.malwarebytes.org

Database version: 4052

Windows 5.1.2600 Service Pack 3 (Safe Mode)
Internet Explorer 8.0.6001.18702

9/14/2010 6:07:23 AM
mbam-log-2010-09-14 (06-07-23).txt

Scan type: Full scan (C:\|)
Objects scanned: 355390
Time elapsed: 1 hour(s), 3 minute(s), 20 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 2
Registry Data Items Infected: 1
Folders Infected: 0
Files Infected: 3

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Toolbar\ShellBrowser\{90b8b761-df2b-48ac-bbe0-bcc03a819b3b} (Adware.Zango) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run\microsoft corp (Trojan.Agent) -> Quarantined and deleted successfully.

Registry Data Items Infected:
HKEY_CLASSES_ROOT\regfile\shell\open\command\(default) (Broken.OpenCommand) -> Bad: ("regedit.exe" "%1") Good: (regedit.exe "%1") -> Quarantined and deleted successfully.

Folders Infected:
(No malicious items detected)

Files Infected:
C:\System Volume Information\_restore{45B5E8B9-949A-471E-999D-F381DA56A2D3}\RP154\A0025831.exe (Trojan.Downloader) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{45B5E8B9-949A-471E-999D-F381DA56A2D3}\RP157\A0026133.dll (Malware.Packer.Gen) -> Quarantined and deleted successfully.
C:\WINDOWS\DpiSca.exe (Virus.Agent) -> Quarantined and deleted successfully.




Phew. I think I got all of them. So many logs!! wacko.gif
Thanks again, though. I will patiently wait for your reply.

Edited by LilJohnAY, 05 October 2010 - 11:25 PM.


#8 Shannon2012

Shannon2012

  • Security Colleague
  • 3,657 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:North Carolina, USA
  • Local time:11:41 PM

Posted 07 October 2010 - 07:37 PM

Hi-

Sorry for the delay. As you said, there are a lot of logs. I will get back to you soon.

Thanks,
Shannon

#9 Shannon2012

Shannon2012

  • Security Colleague
  • 3,657 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:North Carolina, USA
  • Local time:11:41 PM

Posted 08 October 2010 - 05:27 AM

Hi-

Again, sorry for the delay. Some of the logs identified at least one trojan. A backdoor trojan allows hackers to remotely control your computer, steal critical system information and download and execute files.

I would counsel you to disconnect this PC from the Internet immediately. If you do any banking or other financial transactions on the PC or if it should contain any other sensitive information, please get to a known clean computer and change all passwords where applicable, and it would be wise to contact those same financial institutions to apprise them of your situation.

Though the trojan has been identified and can be killed, because of it's backdoor functionality, your PC is very likely compromised and there is no way to be sure your computer can ever again be trusted. Many experts in the security community believe that once infected with this type of trojan, the best course of action would be a reformat and reinstall of the OS. Please read these for more information:

How Do I Handle Possible Identify Theft, Internet Fraud and CC Fraud?
When Should I Format, How Should I Reinstall

We can still clean this machine but I can't guarantee that it will be 100% secure afterwards. Let me know what you decide to do.

If you wish to continue with cleaning up your computer-

In one of the the logs, I saw where at some point that you had attached an infected drive as E:, which could have infected your computer. You can lessen the chance of transmitting malware via autorun files by using Flash_Disinfector. Flash_Disinfector is a specialized fix tool created by sUBs to remove infections that load an autorun.inf file on removable media. Flash_Disinfector will create a hidden "dummy" autorun folder/file with special permissions in each partition and every external drive that was connected when the tool was run. This folder helps to keep the malicious autorun.ini file from being installed on the root drive and running other malicious files which will infect the computer.
Please download Flash_Disinfector.exe by sUBs and save it to your desktop.
  • Double-click Flash_Disinfector.exe to run it and follow any prompts that may appear.
  • The utility may ask you to insert your flash drive and/or other removable drives. Please do so and allow the utility to clean up those drives as well.
  • Hold down the Shift key when inserting the drive until Windows detects it to keep autorun.inf from executing if it is present.
  • Wait until it has finished scanning and then exit the program.
  • Reboot your computer when done.
Note: As part of its routine, Flash_Disinfector will create a hidden folder named autorun.inf in each partition and every USB drive that was plugged in when you ran it. Do not delete this folder...it will help protect your drives from future infection by keeping the autorun file from being installed on the root drive and running other malicious files.

Re-Run MBRCheck.exe
  • Wait until you see the following line: Enter 'Y' and hit ENTER for more options, or 'N' to exit:
  • Please push the 'Y' key and then press Enter
  • When program ask you Enter your choice: enter
    [1] Dump the MBR of a physical disk to file.
    and press the Enter key
  • Now the program will ask you "Enter the physical disk number to fix (0-99, -1 to cancel):"
  • Enter 0 and press the Enter key.
  • The program will show Available MBR codes:, followed by a list of operating systems.
    [ 0] Default (Windows XP)
    [ 1] Windows XP
    [ 2] Windows Server 2003
    [ 3] Windows Vista
    [ 4] Windows 2008
    [ 5] Windows 7
  • Please enter 0 and then press the Enter key.
  • The program will ask for the file name to dump to, type dump.dat and Press Enter. You should see Dumped successfully.
  • Next, type -1 and press Enter. Next press Enter again, and the program will exit.
  • Save it to C:\ and attach it to your next reply.
We need to check the contents of the MBR Dump.

Please click this link-->Jotti
When the Jotti page has finished loading, click Jotti's Browse button and navigate to the following file and click the Submit file button within Jotti.

c:\dump.dat

If Jotti reports that the file has been scanned before and gives you those results, click on the Scan Again button.
Please post back the results of the scan in your next post.
If Jotti is busy, try the same at Virustotal: http://www.virustotal.com/

Download Combofix from either of the links below, and save it to your desktop. For information regarding this download, please visit this webpage: how-to-use-combofix

Link 1
Link 2

**Note: It is important that it is saved directly to your desktop**

1. Close any open browsers.
2. Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.
How to Temporarily Disable your Anti-virusl


Double click on combofix.exe & follow the prompts.
  • When finished, it will produce a report for you.
  • Please copy the "C:\ComboFix.txt" into your reply.
Note:
Do not mouseclick combofix's window while it's running. That may cause it to stall


Your Java runtimes are out of date. Older versions have vulnerabilities that malicious sites can use to exploit and infect your system. Please follow these steps to remove older version Java components and update:
  • Download the latest version here - Java Runtime Environment (JRE) Version 6
  • Scroll down to where it says "JDK 6 Update 21 (JRE) ...allows end-users to run Java applications".
  • Click the "Download JRE" button to the right.
  • Select your Platform: "Windows".
  • Select your Language: "Multi-language".
  • Read the License Agreement, and then check the box that says: "Accept License Agreement".
  • Click Continue and the page will refresh.
  • Click on the link to download Windows Offline Installation and save the file to your desktop.
  • Close any programs you may have running - especially your web browser.
  • Go to Start > Settings > Control Panel, double-click on Add/Remove Programs and remove all older versions of Java.
  • Check (highlight) any item with Java Runtime Environment (JRE or J2SE) in the name.
  • Click the Remove or Change/Remove button.
  • Repeat as many times as necessary to remove each Java versions.
  • Reboot your computer once all Java components are removed.
  • Then from your desktop double-click on jre-6u21-windows-i586.exe to install the newest version.
Next, we need to run an OTL Fix.
  • Please reopen on your desktop.
  • Copy and Paste the following code into the textbox. Do not include the word "Code"
CODE
:OTL
SRV - File not found [Disabled | Stopped] -- C:\Program Files\Common Files\SureThing Shared\stllssvr.exe -- (stllssvr)
DRV - File not found [Kernel | On_Demand | Stopped] -- C:\WINDOWS\System32\drivers\EagleNT.sys -- (EagleNT)
O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - No CLSID value found.
O3 - HKU\S-1-5-21-181711195-3971840082-1150427271-1008\..\Toolbar\WebBrowser: (no name) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - No CLSID value found.
O3 - HKU\S-1-5-21-181711195-3971840082-1150427271-1008\..\Toolbar\WebBrowser: (no name) - {724D43A0-0D85-11D4-9908-00400523E39A} - No CLSID value found.
O3 - HKU\S-1-5-21-181711195-3971840082-1150427271-1008\..\Toolbar\WebBrowser: (no name) - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - No CLSID value found.
O4 - HKLM..\Run: [dellsupportcenter] C:\Program Files\Dell Support Center\bin\sprtcmd.exe File not found
O4 - HKLM..\RunOnceEx: [Flags] Reg Error: Invalid data type. File not found
O4 - HKLM..\RunOnceEx: [Title] File not found
O20 - AppInit_DLLs: (C:\PROGRA~1\Google\GOOGLE~2\GOEC62~1.DLL) - C:\PROGRA~1\Google\GOOGLE~2\GOEC62~1.DLL File not found
IE - HKU\S-1-5-21-181711195-3971840082-1150427271-1008\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = <local>
O9 - Extra 'Tools' menuitem : Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\npjpi160_05.dll (Sun Microsystems, Inc.)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Java Plug-in 1.6.0_05)
O16 - DPF: {CAFEEFAC-0016-0000-0005-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Java Plug-in 1.6.0_05)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Java Plug-in 1.6.0_05)
O33 - MountPoints2\{491942de-e9cb-11de-929b-001ec9597456}\Shell\AutoRun\command - "" = E:\yqq8eqil.exe -- File not found
O33 - MountPoints2\{491942de-e9cb-11de-929b-001ec9597456}\Shell\open\Command - "" = E:\yqq8eqil.exe -- File not found
:reg
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]
"C:\Nexon\Combat Arms\CombatArms.exe" =-
"C:\Nexon\Combat Arms\Engine.exe" = -
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"C:\Program Files\uTorrent\uTorrent.exe" =-
"C:\Nexon\Combat Arms\CombatArms.exe" =-
"C:\Nexon\Combat Arms\Engine.exe" =-
"C:\Nexon\Combat Arms\NMService.exe" =-
"C:\WINDOWS\system32\PnkBstrA.exe" =-
"C:\WINDOWS\system32\PnkBstrB.exe" =-
"C:\Program Files\Vuze\Azureus.exe" =-
"C:\Program Files\THQ\Dawn of War\W40k.exe" =-
:commands
[emptytemp]
  • Push
  • OTL may ask to reboot the machine. Please do so if asked.
  • Click .
  • A report will open. Copy and Paste that report in your next reply.
  • If you have to reboot, once back up, open the C:\_OTL\MovedFiles folder and copy the newest log into your next reply.
Next, do a new OTL scan.
  • Double click on the icon on your desktop.
  • Click the "Scan All Users" checkbox.
  • Push the button.
  • A report will open, copy and paste it into your reply:
  • OTL.txt <-- Will be the opened report

In your reply, please copy in the MBRCheck log, ComboFix report, the OTL Fix log, and the OTL report. Attach the dump.dat file. Also, let me know what you found out from Jotti on the MBR dump and let me know your computer is doing.

Shannon

#10 LilJohnAY

LilJohnAY
  • Topic Starter

  • Members
  • 19 posts
  • OFFLINE
  •  
  • Local time:11:41 PM

Posted 09 October 2010 - 05:38 PM

Oh, no, no, no, no. That is exactly what I was hoping WOULDN'T be the case. :'[
Well tons of questions, then:

1. If I do format my hard drive and reinstall Windows, will that completely fix the backdoor?? I simply absolutely need this computer to be secure again. :'[ sad.gif

2. I am using the infected PC right now, but I unplug it from the internet whenever I'm not on it. There have been no problems, after the fix of that Google redirect in Firefox.

3. I think I will format my hard drive, if it does fix the backdoor, but because I am infected I don't know how I would keep some precious files.
I mean, if I connect an external hard drive or something to put the files on (i think I'd use my iPod), it would get infected, right?? I did this with a flash drive already - I used one of my flash drives on my brother's laptop, because we had to print an essay out for school. So I did that. He had to print another one out in about a week, so I used the flash drive again (I did not think the flash drive had become infected) on his laptop. So now that leads me to....

4. Because I used this flash drive on the laptop, what do I do to make sure that laptop isn't infected, or how do I cure it??

5. Referencing back to 3, if I wanted to keep some files, I would have to clean the computer first, right?? So I could securely use an external hard drive, or something similar?? If that is the case, I will continue with your instructions to clean the computer, and then I guess I will format the hard drive. :/

#11 Shannon2012

Shannon2012

  • Security Colleague
  • 3,657 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:North Carolina, USA
  • Local time:11:41 PM

Posted 11 October 2010 - 08:01 AM

Hi-

To answer your questions and comments-

"If I do format my hard drive and reinstall Windows, will that completely fix the backdoor?" If you format your hard drive and install a fresh copy of the operating system, there will be no infections left.

"I think I will format my hard drive, if it does fix the backdoor, but because I am infected I don't know how I would keep some precious files." You can back up your files on the hard drive before you format it, but you should not backup files with the following extensions:
.exe
.scr
.htm
.html
.xml
.zip
.rar
.asp
.php

as these might harbor infections.

"if I wanted to keep some files, I would have to clean the computer first, right??" It would not be necessary to clean the system before backing up your files if you follow the above instructions.

"if I connect an external hard drive or something to put the files on" If you connect any external drive to your system, make sure you run Flash_Disinfector after you have them connected. This will lessen the chance of spreading infections.

"Because I used this flash drive on the laptop, what do I do to make sure that laptop isn't infected" Assuming you have anti-virus software installed on the laptop, run a full scan with it, and download & follow the instructions given earlier for MalwareBytes' Anti-Malware. Also, run Flash_Disinfector on it.


Shannon

#12 LilJohnAY

LilJohnAY
  • Topic Starter

  • Members
  • 19 posts
  • OFFLINE
  •  
  • Local time:11:41 PM

Posted 13 October 2010 - 09:07 PM

Okay. Wow. You are a God-send. Thank you very much. I've decided I will format my drive & reinstall Windows, but I will need to find time to do that, so right now I will stick with cleaning the machine.

As far as the laptop, it came with Norton security on it, so I ran a full scan and got a few adware programs (from months ago). Nothing seems to have come from the flash drive I used, but I used Flash_Disinfector on it nonetheless. The only thing I saw suspicious on the laptop were notices like "Protecting connection to Teredo Tunneling Pseudo-Interface" and "Unauthorized Access Logged" notices. This sounds like a problem - is it??
I also found a weird-looking .txt file in my WINDOWS folder. These were the contents:
"[KB2158563.log]
0.578: ================================================================================
0.578: 2010/10/02 01:26:01.980 (local)
0.578: C:\WINDOWS\SoftwareDistribution\Download\804d59d22f111acd320f8c790519d1d6\update\update.exe (version 6.3.13.0)
0.656: DoInstallation: GetProcAddress(InitializeCustomizationDLL) Returned: 0x7f
0.656: Failed To Enable SE_SHUTDOWN_PRIVILEGE
0.656: Hotfix started with following command line: -q -z -er /ParentInfo:5374c8a2a554aa4c93e2279763431ded
0.719: In Function GetReleaseSet, line 1240, RegQueryValueEx failed with error 0x2
0.750: Return Value From IsInstallable = 1
0.750: IsInstallable returned 441092
0.750: Return Value From IsInstallable = 1
0.750: IsInstallable returned value( 0x1 ) which is Equal To 0x1
0.750: Condition succeeded for section Prereq.CheckRegistry.Section in Line 1 of PreRequisite
1.672: In Function TestVolatileFlag, line 11825, RegOpenKeyEx failed with error 0x2
1.672: In Function TestVolatileFlag, line 11857, RegOpenKeyEx failed with error 0x2
1.672: DoInstallation: CleanPFR failed: 0x2
1.703: In Function GetReleaseSet, line 1240, RegQueryValueEx failed with error 0x2
1.703: SetProductTypes: InfProductBuildType=BuildType.IP
1.703: SetAltOsLoaderPath: No section uses DirId 65701; done.
1.781: DoInstallation: FetchSourceURL for c:\windows\softwaredistribution\download\804d59d22f111acd320f8c790519d1d6\update\update.inf failed
1.781: CreateUninstall = 1,Directory = C:\WINDOWS\$NtUninstallKB2158563$
1.781: LoadFileQueues: UpdSpGetSourceFileLocation for halmacpi.dll failed: 0xe0000102
1.781: BuildCabinetManifest: update.url absent
1.797: Starting AnalyzeComponents
1.797: AnalyzePhaseZero used 0 ticks
1.797: No c:\windows\INF\updtblk.inf file.
1.797: OEM file scan used 0 ticks
1.797: AnalyzePhaseOne: used 0 ticks
1.797: AnalyzeComponents: Hotpatch analysis disabled; skipping.
1.797: AnalyzeComponents: Hotpatching is disabled.
1.844: AnalyzePhaseTwo used 32 ticks
1.844: AnalyzePhaseThree used 0 ticks
1.844: AnalyzePhaseFive used 0 ticks
1.844: AnalyzePhaseSix used 0 ticks
1.844: AnalyzeComponents used 47 ticks
1.844: Downloading 0 files
1.844: bPatchMode = FALSE
1.844: Inventory complete: ReturnStatus=0, 63 ticks
1.844: Num Ticks for invent : 63
1.844: Allocation size of drive C: is 4096 bytes, free space = 236528599040 bytes
1.844: AnalyzeDiskUsage: Skipping EstimateDiskUsageForUninstall.
1.844: Drive C: free 225571MB req: 5MB w/uninstall: NOT CALCULATED.
1.844: CabinetBuild complete
1.844: Num Ticks for Cabinet build : 0
1.844: DynamicStrings section not defined or empty.
1.890: FileInUse:: Detection disabled.
2.890: LoadFileQueues: UpdSpGetSourceFileLocation for halmacpi.dll failed: 0xe0000102
2.937: Num Ticks for Backup : 1093
3.125: Num Ticks for creating uninst inf : 188
3.125: Registering Uninstall Program for -> KB2158563, KB2158563 , 0x0
3.125: LoadFileQueues: UpdSpGetSourceFileLocation for halmacpi.dll failed: 0xe0000102
3.140: System Restore Point set.
3.172: PFE2: Not avoiding Per File Exceptions.
3.187: GetCatVersion: Failed to retrieve version information from C:\WINDOWS\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\KB2158563.cat with error 0x57
3.328: Copied file: C:\WINDOWS\system32\tzchange.exe
3.406: DoInstallation: Installing assemblies with source root path: c:\windows\softwaredistribution\download\804d59d22f111acd320f8c790519d1d6\
3.406: Num Ticks for Copying files : 281
3.609: Num Ticks for Reg update and deleting 0 size files : 203
6.172: UpdateSpUpdSvcInf: Source [ProcessesToRunAfterReboot] section is empty; nothing to do.
6.250: RebootNecessary = 0,WizardInput = 1 , DontReboot = 1, ForceRestart = 0"

Is this something from someone else, or am I just being paranoid, now?? >__<




But back to the matter at hand -
Here is the MBRCheck log (I screwed up with the file name a few times whistling.gif ):

MBRCheck, version 1.2.3
© 2010, AD

Command-line:
Windows Version: Windows XP Professional
Windows Information: Service Pack 3 (build 2600)
Logical Drives Mask: 0x0000004c

Kernel Drivers (total 147):
0x804D7000 \WINDOWS\system32\ntkrnlpa.exe
0x806E4000 \WINDOWS\system32\hal.dll
0xBA5A8000 \WINDOWS\system32\KDCOM.DLL
0xBA4B8000 \WINDOWS\system32\BOOTVID.dll
0xB9F79000 ACPI.sys
0xBA5AA000 \WINDOWS\system32\DRIVERS\WMILIB.SYS
0xB9F68000 pci.sys
0xBA0A8000 ohci1394.sys
0xBA0B8000 \WINDOWS\system32\DRIVERS\1394BUS.SYS
0xBA0C8000 isapnp.sys
0xBA670000 pciide.sys
0xBA328000 \WINDOWS\system32\DRIVERS\PCIIDEX.SYS
0xBA0D8000 MountMgr.sys
0xB9F49000 ftdisk.sys
0xBA5AC000 dmload.sys
0xB9F23000 dmio.sys
0xB9F00000 nvrd32.sys
0xBA0E8000 \WINDOWS\system32\DRIVERS\CLASSPNP.SYS
0xBA330000 PartMgr.sys
0xBA338000 pxscan.sys
0xBA0F8000 VolSnap.sys
0xB9EE8000 atapi.sys
0xB9ECB000 nvgts.sys
0xB9EB3000 \WINDOWS\system32\DRIVERS\SCSIPORT.SYS
0xBA108000 disk.sys
0xB9E93000 fltMgr.sys
0xB9E81000 sr.sys
0xBA118000 PxHelp20.sys
0xB9E6A000 KSecDD.sys
0xB9DDD000 Ntfs.sys
0xB9DB0000 NDIS.sys
0xB9D96000 Mup.sys
0xBA128000 avgrkx86.sys
0xBA1F8000 \SystemRoot\system32\DRIVERS\intelppm.sys
0xB912B000 \SystemRoot\system32\DRIVERS\ati2mtag.sys
0xB6B67000 \SystemRoot\system32\DRIVERS\VIDEOPRT.SYS
0xB6B3F000 \SystemRoot\system32\DRIVERS\HDAudBus.sys
0xBA638000 \SystemRoot\system32\drivers\USBD.SYS
0xB6A46000 \SystemRoot\system32\DRIVERS\atinavrr.sys
0xB6A23000 \SystemRoot\system32\DRIVERS\ks.sys
0xB786E000 \SystemRoot\system32\DRIVERS\NCREMOTEPCI.SYS
0xB786A000 \SystemRoot\system32\DRIVERS\BdaSup.SYS
0xBA438000 \SystemRoot\system32\DRIVERS\fdc.sys
0xBA408000 \SystemRoot\system32\DRIVERS\usbohci.sys
0xB69FF000 \SystemRoot\system32\DRIVERS\USBPORT.SYS
0xBA448000 \SystemRoot\system32\DRIVERS\usbehci.sys
0xB6C1D000 \SystemRoot\system32\DRIVERS\imapi.sys
0xBA1B8000 \SystemRoot\system32\DRIVERS\cdrom.sys
0xBA1C8000 \SystemRoot\system32\DRIVERS\redbook.sys
0xBA450000 \SystemRoot\system32\DRIVERS\GEARAspiWDM.sys
0xBA198000 \SystemRoot\system32\DRIVERS\nvnetbus.sys
0xB6918000 \SystemRoot\system32\DRIVERS\NVNRM.SYS
0xBA74E000 \SystemRoot\system32\DRIVERS\audstub.sys
0xBA158000 \SystemRoot\system32\DRIVERS\rasl2tp.sys
0xB7862000 \SystemRoot\system32\DRIVERS\ndistapi.sys
0xB6861000 \SystemRoot\system32\DRIVERS\ndiswan.sys
0xBA168000 \SystemRoot\system32\DRIVERS\raspppoe.sys
0xB6908000 \SystemRoot\system32\DRIVERS\raspptp.sys
0xBA458000 \SystemRoot\system32\DRIVERS\TDI.SYS
0xB6850000 \SystemRoot\system32\DRIVERS\psched.sys
0xB68F8000 \SystemRoot\system32\DRIVERS\msgpc.sys
0xBA460000 \SystemRoot\system32\DRIVERS\ptilink.sys
0xBA468000 \SystemRoot\system32\DRIVERS\raspti.sys
0xB6820000 \SystemRoot\system32\DRIVERS\rdpdr.sys
0xB68E8000 \SystemRoot\system32\DRIVERS\termdd.sys
0xBA470000 \SystemRoot\system32\DRIVERS\kbdclass.sys
0xBA4A0000 \SystemRoot\system32\DRIVERS\mouclass.sys
0xB678B000 \SystemRoot\system32\DRIVERS\mcdbus.sys
0xBA63C000 \SystemRoot\system32\DRIVERS\swenum.sys
0xB672D000 \SystemRoot\system32\DRIVERS\update.sys
0xB9D66000 \SystemRoot\system32\DRIVERS\mssmbios.sys
0xB6898000 \SystemRoot\system32\DRIVERS\NVENETFD.sys
0xB6888000 \SystemRoot\System32\Drivers\NDProxy.SYS
0xAA115000 \SystemRoot\system32\drivers\RtKHDMI.sys
0xAA0F1000 \SystemRoot\system32\drivers\portcls.sys
0xB7EBF000 \SystemRoot\system32\drivers\drmk.sys
0xA8B79000 \SystemRoot\system32\drivers\RtkHDAud.sys
0xA2A10000 \SystemRoot\system32\DRIVERS\usbhub.sys
0xA343B000 \SystemRoot\System32\Drivers\i2omgmt.SYS
0xBA5EE000 \SystemRoot\System32\Drivers\Fs_Rec.SYS
0xBA7F2000 \SystemRoot\System32\Drivers\Null.SYS
0xBA5F0000 \SystemRoot\System32\Drivers\Beep.SYS
0xB7D86000 \SystemRoot\system32\DRIVERS\HIDPARSE.SYS
0xBA478000 \SystemRoot\System32\drivers\vga.sys
0xBA5F2000 \SystemRoot\System32\Drivers\mnmdd.SYS
0xBA5F4000 \SystemRoot\System32\DRIVERS\RDPCDD.sys
0xB7D76000 \SystemRoot\System32\Drivers\Msfs.SYS
0xB7D7E000 \SystemRoot\System32\Drivers\Npfs.SYS
0xA3433000 \SystemRoot\system32\DRIVERS\rasacd.sys
0xA1D2E000 \SystemRoot\system32\DRIVERS\ipsec.sys
0xA1CD5000 \SystemRoot\system32\DRIVERS\tcpip.sys
0xA1C9B000 \SystemRoot\System32\Drivers\avgtdix.sys
0xA1C75000 \SystemRoot\system32\DRIVERS\ipnat.sys
0xA2A00000 \SystemRoot\system32\DRIVERS\wanarp.sys
0xA1C4D000 \SystemRoot\system32\DRIVERS\netbt.sys
0xA1BCC000 \SystemRoot\System32\vsdatant.sys
0xB7D66000 \??\C:\WINDOWS\system32\ZDCNDIS5.SYS
0xA1BAA000 \SystemRoot\System32\drivers\afd.sys
0xA29F0000 \SystemRoot\system32\DRIVERS\netbios.sys
0xA1B75000 \SystemRoot\System32\drivers\truecrypt.sys
0xA1B4A000 \SystemRoot\system32\DRIVERS\rdbss.sys
0xA1ADA000 \SystemRoot\system32\DRIVERS\mrxsmb.sys
0xA29E0000 \SystemRoot\System32\Drivers\Fips.SYS
0xBA428000 \SystemRoot\System32\Drivers\avgmfx86.sys
0xA1AA6000 \SystemRoot\System32\Drivers\avgldx86.sys
0xA1DA6000 \SystemRoot\system32\DRIVERS\hidusb.sys
0xBA238000 \SystemRoot\system32\DRIVERS\HIDCLASS.SYS
0xA20CA000 \SystemRoot\system32\DRIVERS\usbccgp.sys
0xA18C8000 \SystemRoot\system32\DRIVERS\LVMVDrv.sys
0xB963F000 \SystemRoot\system32\drivers\LVUSBSta.sys
0xA17E4000 \SystemRoot\system32\DRIVERS\LV302V32.SYS
0xBA608000 \SystemRoot\system32\DRIVERS\lv302af.sys
0xB962F000 \SystemRoot\system32\drivers\usbaudio.sys
0xA1648000 \SystemRoot\system32\DRIVERS\LVcKap.sys
0xA20C2000 \SystemRoot\system32\DRIVERS\NuidFltr.sys
0xB961F000 \SystemRoot\system32\DRIVERS\WDFLDR.SYS
0xA15CD000 \SystemRoot\system32\DRIVERS\Wdf01000.sys
0xB992F000 \SystemRoot\system32\DRIVERS\mouhid.sys
0xB95FF000 \SystemRoot\System32\Drivers\Cdfs.SYS
0xBA578000 \SystemRoot\system32\DRIVERS\kbdhid.sys
0xA20BA000 \SystemRoot\System32\drivers\pxkbf.sys
0xBA584000 \SystemRoot\System32\Drivers\dump_diskdump.sys
0xA1563000 \SystemRoot\System32\Drivers\dump_nvgts.sys
0xBF800000 \SystemRoot\System32\win32k.sys
0xBA59C000 \SystemRoot\System32\drivers\Dxapi.sys
0xA20AA000 \SystemRoot\System32\watchdog.sys
0xBF000000 \SystemRoot\System32\drivers\dxg.sys
0xBA6DA000 \SystemRoot\System32\drivers\dxgthk.sys
0xBF012000 \SystemRoot\System32\ati2dvag.dll
0xBF068000 \SystemRoot\System32\ati2cqag.dll
0xBF0FE000 \SystemRoot\System32\atikvmag.dll
0xBF197000 \SystemRoot\System32\atiok3x2.dll
0xBF1F7000 \SystemRoot\System32\ati3duag.dll
0xBF519000 \SystemRoot\System32\ativvaxx.dll
0xBFFA0000 \SystemRoot\System32\ATMFD.DLL
0x9D9E7000 \SystemRoot\System32\drivers\pxrts.sys
0x9D9E3000 \SystemRoot\system32\DRIVERS\ndisuio.sys
0x9D712000 \SystemRoot\system32\DRIVERS\mrxdav.sys
0x9D763000 \??\C:\WINDOWS\system32\drivers\cpuz132_x32.sys
0x9D463000 \SystemRoot\system32\DRIVERS\srv.sys
0xBA410000 \SystemRoot\system32\DRIVERS\LVPr2Mon.sys
0xBA3A0000 \??\C:\WINDOWS\nvoclock.sys
0x9CDCE000 \SystemRoot\system32\drivers\wdmaud.sys
0x9D0C7000 \SystemRoot\system32\drivers\sysaudio.sys
0xB67B8000 \??\C:\WINDOWS\system32\drivers\mbamswissarmy.sys
0xBA658000 \SystemRoot\system32\drivers\MSPQM.sys
0x7C900000 \WINDOWS\system32\ntdll.dll

Processes (total 45):
0 System Idle Process
4 System
680 C:\WINDOWS\system32\smss.exe
752 csrss.exe
784 C:\WINDOWS\system32\winlogon.exe
828 C:\WINDOWS\system32\services.exe
840 C:\WINDOWS\system32\lsass.exe
1036 C:\WINDOWS\system32\svchost.exe
1096 svchost.exe
1184 C:\WINDOWS\system32\svchost.exe
1272 svchost.exe
1300 svchost.exe
1340 C:\WINDOWS\system32\ZoneLabs\vsmon.exe
1416 C:\Program Files\AVG\AVG9\avgchsvx.exe
1424 C:\Program Files\AVG\AVG9\avgrsx.exe
1532 C:\Program Files\AVG\AVG9\avgcsrvx.exe
2032 C:\WINDOWS\system32\spoolsv.exe
192 C:\Program Files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe
256 svchost.exe
312 C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACService.exe
328 C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
428 C:\Program Files\AVG\AVG9\avgwdsvc.exe
472 C:\Program Files\Prevx\prevx.exe
416 C:\WINDOWS\system32\svchost.exe
728 C:\WINDOWS\system32\svchost.exe
804 C:\Program Files\AVG\AVG9\avgam.exe
1008 C:\Program Files\AVG\AVG9\avgnsx.exe
1780 C:\Program Files\NVIDIA Corporation\nTune\nTuneService.exe
2152 C:\Program Files\Dell Support Center\bin\sprtsvc.exe
2216 C:\WINDOWS\system32\svchost.exe
2316 wdfmgr.exe
3108 alg.exe
3032 C:\WINDOWS\explorer.exe
3148 C:\Program Files\Prevx\prevx.exe
420 C:\Program Files\iTunes\iTunesHelper.exe
504 C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
536 C:\WINDOWS\system32\wuauclt.exe
2612 C:\Program Files\iPod\bin\iPodService.exe
2908 C:\Program Files\AVG\AVG9\avgcsrvx.exe
1432 C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe
512 C:\Program Files\Mozilla Firefox\firefox.exe
1240 C:\Program Files\AVG\AVG9\avgscanx.exe
1324 C:\Program Files\AVG\AVG9\avgcsrvx.exe
5636 C:\WINDOWS\system32\msiexec.exe
2740 C:\Documents and Settings\John\Desktop\MBRCheck.exe

\\.\C: --> \\.\PhysicalDrive0 at offset 0x00000000`036e8e00 (NTFS)

PhysicalDrive0 Model Number: WDCWD5000AAKS-75A7B0, Rev: 01.03B01

Size Device Name MBR Status
--------------------------------------------
465 GB \\.\PhysicalDrive0 Unknown MBR code
SHA1: 49317473774A146FB87EC5200B1C6B80AB2FF32D


Found non-standard or infected MBR.
Enter 'Y' and hit ENTER for more options, or 'N' to exit:
Options:
[1] Dump the MBR of a physical disk to file.
[2] Restore the MBR of a physical disk with a standard boot code.
[3] Exit.

Enter your choice: Enter the physical disk number to dump (0-99, -1 to exit): 0Dumping \\.\PhysicalDisk0...
Enter filename to dump to: MBRCheckDumped successfully!

Enter the physical disk number to dump (0-99, -1 to exit): 0Dumping \\.\PhysicalDisk0...
Enter filename to dump to: DumpDumped successfully!

Enter the physical disk number to dump (0-99, -1 to exit): 0Dumping \\.\PhysicalDisk0...
Enter filename to dump to: dump.datDumped successfully!

Enter the physical disk number to dump (0-99, -1 to exit): -1

Done!




The Jotti scan said that 0 of the 19 scanners found malware. So that's a good thing. smile.gif

ComboFix log:
ComboFix 10-10-12.03 - John 10/13/2010 21:46:24.1.4 - x86
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.3325.2420 [GMT -4:00]
Running from: c:\documents and settings\John\Desktop\ComboFix.exe
AV: AVG Anti-Virus *On-access scanning disabled* (Updated) {17DDD097-36FF-435F-9E1B-52D74245D6BF}
FW: ZoneAlarm Firewall *disabled* {829BDA32-94B3-44F4-8446-F8FCFF809F8B}
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\program files\Mozilla Firefox\searchplugins\google_search.xml

.
((((((((((((((((((((((((( Files Created from 2010-09-14 to 2010-10-14 )))))))))))))))))))))))))))))))
.

2010-10-10 00:52 . 2010-09-16 14:24 6084944 ----a-w- c:\documents and settings\All Users\Application Data\Microsoft\Windows Defender\Definition Updates\{2E05A3A4-2FDF-463F-92B3-F1F25C47CCFD}\mpengine.dll
2010-10-02 03:52 . 2010-10-02 03:52 -------- d-----w- C:\found.000
2010-09-23 23:17 . 2010-09-23 23:17 -------- d-----w- c:\documents and settings\John\Application Data\AVG9
2010-09-19 16:18 . 2010-09-19 16:18 -------- d-----w- c:\documents and settings\John\Application Data\QuickScan
2010-09-19 16:04 . 2010-09-19 16:04 70192 ----a-w- c:\windows\system32\PxSecure.dll
2010-09-19 16:03 . 2010-10-10 03:30 30320 ----a-w- c:\windows\system32\drivers\pxscan.sys
2010-09-19 16:03 . 2010-10-10 03:30 74624 ----a-w- c:\windows\system32\drivers\pxrts.sys
2010-09-19 16:03 . 2010-10-10 03:30 24400 ----a-w- c:\windows\system32\drivers\pxkbf.sys
2010-09-19 16:03 . 2010-10-10 03:30 -------- d-----w- c:\program files\Prevx
2010-09-19 16:03 . 2010-10-14 01:24 -------- d-----w- c:\documents and settings\All Users\Application Data\PrevxCSI
2010-09-19 14:32 . 2008-04-14 09:41 21504 ----a-w- c:\windows\system32\drivers\hidserv.dll
2010-09-15 23:23 . 2010-09-15 23:27 -------- d-----w- c:\documents and settings\NetworkService\Local Settings\Application Data\Adobe
2010-09-14 23:26 . 2010-09-14 23:26 -------- d-----w- C:\$AVG
2010-09-14 23:25 . 2010-09-14 23:25 52872 ----a-w- c:\windows\system32\drivers\avgrkx86.sys
2010-09-14 23:25 . 2010-09-14 23:25 243024 ----a-w- c:\windows\system32\drivers\avgtdix.sys
2010-09-14 23:23 . 2010-09-14 23:23 -------- d-----w- c:\documents and settings\All Users\Application Data\avg9
2010-09-14 19:48 . 2010-09-14 22:54 24416 ----a-w- c:\windows\system32\drivers\regguard.sys
2010-09-14 19:44 . 2010-09-14 19:44 2 --shatr- c:\windows\winstart.bat
2010-09-14 19:43 . 2010-09-01 18:18 12808 ----a-w- c:\windows\system32\drivers\UnHackMeDrv.sys
2010-09-14 19:43 . 2010-09-15 22:35 -------- d-----w- c:\program files\UnHackMe
2010-09-14 19:40 . 2010-10-10 09:33 16968 ----a-w- c:\windows\system32\drivers\hitmanpro35.sys
2010-09-14 19:40 . 2010-09-14 20:00 -------- d-----w- c:\documents and settings\All Users\Application Data\Hitman Pro
2010-09-14 19:40 . 2010-09-14 19:40 -------- d-----w- c:\program files\Hitman Pro 3.5
2010-09-14 10:12 . 2010-09-14 10:12 -------- d-----w- c:\documents and settings\JUDE\Application Data\Malwarebytes
2010-09-14 05:02 . 2010-09-14 05:02 -------- d-----w- c:\documents and settings\John\Application Data\Malwarebytes
2010-09-14 05:02 . 2010-04-29 19:39 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2010-09-14 05:02 . 2010-09-14 05:05 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2010-09-14 05:02 . 2010-09-14 05:02 -------- d-----w- c:\documents and settings\All Users\Application Data\Malwarebytes
2010-09-14 05:02 . 2010-04-29 19:39 20952 ----a-w- c:\windows\system32\drivers\mbam.sys

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-07-14 00:16 . 2009-07-14 00:16 1044480 -c--a-w- c:\program files\mozilla firefox\plugins\libdivx.dll
2009-07-14 00:16 . 2009-07-14 00:16 200704 -c--a-w- c:\program files\mozilla firefox\plugins\ssldivx.dll
2010-04-20 21:25 2670592 --sh--w- c:\windows\Winterbottom.exe
.
CODE
<pre>
c:\program files\Dell Support Center\bin\sprtcmd .exe
c:\program files\iTunes\iTunesHelper .exe
</pre>


((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2010-07-21 141608]
"ZoneAlarm Client"="c:\program files\Zone Labs\ZoneAlarm\zlclient.exe" [2010-06-23 1043968]
"dellsupportcenter"="c:\program files\Dell Support Center\bin\sprtcmd.exe" [N/A]

c:\documents and settings\All Users\Start Menu\Programs\Startup\
HP Digital Imaging Monitor.lnk - c:\program files\HP\Digital Imaging\bin\hpqtra08.exe [2008-10-16 214360]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\avgrsstarter]
2010-09-14 23:26 12536 ----a-w- c:\windows\system32\avgrsstx.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\GoToAssist]
2008-09-08 20:01 10536 ----a-w- c:\program files\Citrix\GoToAssist\514\g2awinlogon.dll

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WinDefend]
@="Service"

[HKLM\~\startupfolder\C:^Documents and Settings^John^Start Menu^Programs^Startup^syscron.exe]
path=c:\documents and settings\John\Start Menu\Programs\Startup\syscron.exe
backup=c:\windows\pss\syscron.exeStartup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher]
2008-10-15 06:04 39792 -c--a-w- c:\program files\Adobe\Reader 8.0\Reader\reader_sl.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Alcmtr]
2008-01-15 03:10 69632 ----a-w- c:\windows\ALCMTR.EXE

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ArcSoft Connection Service]
2010-03-18 15:19 207360 ----a-w- c:\program files\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AVG8_TRAY]
c:\progra~1\AVG\AVG8\avgtray.exe [N/A]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BitTorrent DNA]
2009-10-06 21:49 323392 ----a-w- c:\program files\DNA\btdna.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DellSupportCenter]
c:\program files\Dell Support Center\bin\sprtcmd.exe [N/A]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DLA]
c:\windows\System32\DLA\DLACTRLW.EXE [N/A]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\dscactivate]
2008-03-11 17:44 16384 -c--a-w- c:\program files\Dell Support Center\gs_agent\custom\dsca.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HitmanPro35]
2010-09-14 19:39 6305088 ----a-w- c:\program files\Hitman Pro 3.5\HitmanPro35.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HP Software Update]
2008-12-08 19:50 54576 -c--a-w- c:\program files\HP\HP Software Update\hpwuschd2.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LogitechCommunicationsManager]
2007-02-08 05:12 488984 ----a-w- c:\program files\Common Files\LogiShrd\LComMgr\Communications_Helper.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LogitechQuickCamRibbon]
2007-02-08 05:13 774168 ----a-w- c:\program files\Logitech\QuickCam10\QuickCam10.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSConfig]
2008-04-14 12:00 169984 ----a-w- c:\windows\pchealth\helpctr\binaries\msconfig.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Nikon Transfer Monitor]
2009-09-15 22:47 479232 ----a-w- c:\program files\Common Files\Nikon\Monitor\NkMonitor.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NVIDIA nTune]
2008-01-15 18:31 106496 ----a-w- c:\program files\NVIDIA Corporation\nTune\nTuneCmd.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NVRaidService]
2008-01-03 21:57 184864 ----a-w- c:\windows\system32\nvraidservice.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PDVDDXSrv]
2009-04-02 21:33 128232 -c----w- c:\program files\CyberLink\PowerDVD DX\PDVDDXSrv.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
2010-03-18 01:53 421888 ----a-w- c:\program files\QuickTime\QTTask.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RTHDCPL]
2008-01-15 03:10 16855552 ----a-w- c:\windows\RTHDCPL.EXE

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SandboxieControl]
2010-02-03 10:40 394984 ----a-w- c:\program files\Sandboxie\SbieCtrl.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\StartCCC]
2009-07-15 01:25 98304 ----a-w- c:\program files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
c:\program files\Java\jre1.6.0_05\bin\jusched.exe [N/A]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SUPERAntiSpyware]
c:\program files\SUPERAntiSpyware\SUPERAntiSpyware.exe [N/A]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\UnHackMe Monitor]
2010-09-01 18:18 594200 ----a-w- c:\program files\UnHackMe\hackmon.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Windows Defender]
2006-11-04 00:20 866584 ----a-w- c:\program files\Windows Defender\MSASCui.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]
"Bonjour Service"=2 (0x2)

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\ZoneLabsFirewall]
"DisableMonitoring"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\Microsoft Office\\Office12\\OUTLOOK.EXE"=
"c:\\Program Files\\DNA\\btdna.exe"=
"c:\\Program Files\\Pidgin\\pidgin.exe"=
"c:\\Program Files\\Common Files\\AOL\\Loader\\aolload.exe"=
"c:\\Program Files\\AIM6\\aim6.exe"=
"c:\\Documents and Settings\\All Users\\Application Data\\NexonUS\\NGM\\NGM.exe"=
"c:\\Documents and Settings\\John\\Local Settings\\Application Data\\Google\\Chrome\\Application\\chrome.exe"=
"c:\\Program Files\\Mozilla Firefox\\firefox.exe"=
"c:\\Program Files\\Team Fortress 2\\hl2.exe"=
"c:\\Program Files\\Steam\\steamapps\\truegamer44\\team fortress 2\\hl2.exe"=
"c:\\Documents and Settings\\John\\My Documents\\Downloads\\American McGee Alice-PC Game\\alice.exe"=
"c:\\Program Files\\Sierra Entertainment\\FEAR Perseus Mandate\\FEARXP2.exe"=
"c:\\Program Files\\Ubisoft\\Gearbox Software\\Brothers in Arms - Hell's Highway\\Binaries\\biahh.exe"=
"c:\\Program Files\\ooVoo\\ooVoo.exe"=
"c:\\Program Files\\RealVNC\\VNC4\\winvnc4.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqtra08.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqste08.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpofxm08.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hposfx08.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hposid01.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqkygrp.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpzwiz01.exe"=
"c:\\Program Files\\Skype\\Plugin Manager\\skypePM.exe"=
"c:\\Program Files\\FrostWire\\FrostWire.exe"=
"c:\\Program Files\\Skype\\Phone\\Skype.exe"=
"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"c:\\Program Files\\Beat Hazard\\BeatHazard.exe"=
"c:\\UT2004\\System\\UT2004.exe"=
"c:\\Program Files\\Steam\\steamapps\\truegamer44\\half-life\\hl.exe"=
"c:\\Program Files\\Steam\\steamapps\\common\\alien swarm\\swarm.exe"=
"c:\\Program Files\\AVG\\AVG9\\avgam.exe"=
"c:\\Program Files\\AVG\\AVG9\\avgdiagex.exe"=
"c:\\Program Files\\AVG\\AVG9\\avgupd.exe"=
"c:\\Program Files\\AVG\\AVG9\\avgnsx.exe"=
"c:\\WINDOWS\\system32\\ZoneLabs\\vsmon.exe"=
"c:\\Program Files\\iTunes\\iTunes.exe"=
"c:\\Program Files\\Dell Video Chat\\DellVideoChat.exe"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"443:UDP"= 443:UDP:*:Disabled:ooVoo UDP port 443
"37674:TCP"= 37674:TCP:*:Disabled:ooVoo TCP port 37674
"37674:UDP"= 37674:UDP:*:Disabled:ooVoo UDP port 37674
"37675:UDP"= 37675:UDP:*:Disabled:ooVoo UDP port 37675

R0 AvgRkx86;avgrkx86.sys;c:\windows\system32\drivers\avgrkx86.sys [9/14/2010 7:25 PM 52872]
R0 pxscan;pxscan;c:\windows\system32\drivers\pxscan.sys [9/19/2010 12:03 PM 30320]
R1 AvgLdx86;AVG AVI Loader Driver x86;c:\windows\system32\drivers\avgldx86.sys [9/14/2008 2:24 AM 216400]
R1 AvgTdiX;AVG Network Redirector;c:\windows\system32\drivers\avgtdix.sys [9/14/2010 7:25 PM 243024]
R2 avg9wd;AVG WatchDog;c:\program files\AVG\AVG9\avgwdsvc.exe [9/14/2010 7:25 PM 308136]
R2 pxrts;pxrts;c:\windows\system32\drivers\pxrts.sys [9/19/2010 12:03 PM 74624]
R3 MBAMSwissArmy;MBAMSwissArmy;c:\windows\system32\drivers\mbamswissarmy.sys [9/14/2010 1:02 AM 38224]
R3 pxkbf;pxkbf;c:\windows\system32\drivers\pxkbf.sys [9/19/2010 12:03 PM 24400]
S0 cerc6;cerc6; [x]
S0 phqva;phqva; [x]
S2 CSIScanner;CSIScanner;c:\program files\Prevx\prevx.exe [9/19/2010 12:03 PM 6407728]
S2 gupdate;Google Update Service (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [6/27/2010 1:21 PM 136176]
S2 WinDefend;Windows Defender;c:\program files\Windows Defender\MsMpEng.exe [11/3/2006 8:19 PM 13592]
S3 ASPI;Advanced SCSI Programming Interface Driver;c:\windows\system32\drivers\ASPI32.SYS [10/5/2008 2:29 PM 16512]
S3 FirebirdServerMAGIXInstance;Firebird Server - MAGIX Instance;c:\program files\MAGIX\Common\Database\bin\fbserver.exe [8/22/2009 2:27 AM 1527900]
S3 RegGuard;RegGuard;c:\windows\system32\drivers\regguard.sys [9/14/2010 3:48 PM 24416]

--- Other Services/Drivers In Memory ---

*NewlyCreated* - MBAMSWISSARMY

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
HPZ12 REG_MULTI_SZ Pml Driver HPZ12 Net Driver HPZ12
HPService REG_MULTI_SZ HPSLPSVC
hpdevmgmt REG_MULTI_SZ hpqcxs08 hpqddsvc
.
Contents of the 'Scheduled Tasks' folder

2009-08-26 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2008-07-30 16:34]

2010-10-14 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-06-27 01:50]

2010-10-14 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-06-27 01:50]

2010-10-10 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-181711195-3971840082-1150427271-1008Core.job
- c:\documents and settings\John\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2008-09-13 22:48]

2010-10-14 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-181711195-3971840082-1150427271-1008UA.job
- c:\documents and settings\John\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2008-09-13 22:48]

2010-10-10 c:\windows\Tasks\MP Scheduled Scan.job
- c:\program files\Windows Defender\MpCmdRun.exe [2006-11-04 00:20]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://partnerpage.google.com/smallbiz.dell.com/en_us?hl=en&client=dell-usuk&channel=us-smb&ibd=2080908
uInternet Connection Wizard,ShellNext = iexplore
uInternet Settings,ProxyOverride = <local>
uSearchAssistant = hxxp://www.google.com/ie
uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000
FF - ProfilePath - c:\documents and settings\John\Application Data\Mozilla\Firefox\Profiles\la6e4z40.default\
FF - prefs.js: browser.search.selectedEngine - Google
FF - prefs.js: keyword.URL - hxxp://search.search-tab.com/?sid=10101057100&s=
FF - component: c:\program files\AVG\AVG9\Firefox\components\avgssff.dll
FF - plugin: c:\documents and settings\All Users\Application Data\NexonUS\NGM\npNxGameUS.dll
FF - plugin: c:\documents and settings\John\Application Data\Move Networks\plugins\npqmp071503000010.dll
FF - plugin: c:\documents and settings\John\Application Data\Move Networks\plugins\npqmp071701000002.dll
FF - plugin: c:\documents and settings\John\Local Settings\Application Data\Google\Update\1.2.183.29\npGoogleOneClick8.dll
FF - plugin: c:\program files\eMusic Download Manager\plugin\npemusic.dll
FF - plugin: c:\program files\Google\Update\1.2.183.23\npGoogleOneClick8.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\npbittorrent.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\npViewpoint.dll

---- FIREFOX POLICIES ----
FF - user.js: browser.search.selectedEngine - Google
FF - user.js: browser.search.order.1 - Google
FF - user.js: keyword.URL - hxxp://search.search-tab.com/?sid=10101057100&s=c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgbaam7a8h", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgberp4a5d4ar", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled", false);
.
- - - - ORPHANS REMOVED - - - -



.
--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'winlogon.exe'(784)
c:\windows\system32\Ati2evxx.dll
c:\program files\Citrix\GoToAssist\514\G2AWinLogon.dll
.
Completion time: 2010-10-13 21:56:38
ComboFix-quarantined-files.txt 2010-10-14 01:56

Pre-Run: 235,945,521,152 bytes free
Post-Run: 236,977,405,952 bytes free

WindowsXP-KB310994-SP2-Pro-BootDisk-ENU.exe
[boot loader]
timeout=2
default=multi(0)disk(0)rdisk(0)partition(2)\WINDOWS
[operating systems]
c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
UnsupportedDebug="do not select this" /debug
multi(0)disk(0)rdisk(0)partition(2)\WINDOWS="Microsoft Windows XP Professional" /noexecute=optin /fastdetect

- - End Of File - - 6E03D838E8A8EA667A1799E40F75118F



In trying to upload and attach the dump.dat file from C:\, it says "Upload failed. You are not permitted to upload this type of file." Not cool. :'[
But I will have the OTL fix & scan after I reboot and reinstall Java....

#13 LilJohnAY

LilJohnAY
  • Topic Starter

  • Members
  • 19 posts
  • OFFLINE
  •  
  • Local time:11:41 PM

Posted 13 October 2010 - 09:52 PM

OTL Fix Report:

All processes killed
========== OTL ==========
Service stllssvr stopped successfully!
Service stllssvr deleted successfully!
File C:\Program Files\Common Files\SureThing Shared\stllssvr.exe not found.
Service EagleNT stopped successfully!
Service EagleNT deleted successfully!
File C:\WINDOWS\System32\drivers\EagleNT.sys not found.
Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{02478D38-C3F9-4efb-9B51-7695ECA05670}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{02478D38-C3F9-4efb-9B51-7695ECA05670}\ not found.
Registry value HKEY_USERS\S-1-5-21-181711195-3971840082-1150427271-1008\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{2318C2B1-4965-11D4-9B18-009027A5CD4F} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{2318C2B1-4965-11D4-9B18-009027A5CD4F}\ not found.
Registry value HKEY_USERS\S-1-5-21-181711195-3971840082-1150427271-1008\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{724D43A0-0D85-11D4-9908-00400523E39A} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{724D43A0-0D85-11D4-9908-00400523E39A}\ not found.
Registry value HKEY_USERS\S-1-5-21-181711195-3971840082-1150427271-1008\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{EF99BD32-C1FB-11D2-892F-0090271D4F88} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{EF99BD32-C1FB-11D2-892F-0090271D4F88}\ not found.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\\dellsupportcenter deleted successfully.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\RunOnceEx\\Flags not found.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\RunOnceEx\\Title not found.
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows\\AppInit_Dlls not found.
HKU\S-1-5-21-181711195-3971840082-1150427271-1008\Software\Microsoft\Windows\CurrentVersion\Internet Settings\\ProxyOverride| /E : value set successfully!
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Extensions\{08B0E5C0-4FCB-11CF-AAA5-00401C608501}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{08B0E5C0-4FCB-11CF-AAA5-00401C608501}\ deleted successfully.
File C:\Program Files\Java\jre1.6.0_05\bin\npjpi160_05.dll not found.
Starting removal of ActiveX control {8AD9C840-044E-11D1-B3E9-00805F499D93}
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{8AD9C840-044E-11D1-B3E9-00805F499D93}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{8AD9C840-044E-11D1-B3E9-00805F499D93}\ deleted successfully.
Registry key HKEY_CURRENT_USER\SOFTWARE\Classes\CLSID\{8AD9C840-044E-11D1-B3E9-00805F499D93}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{8AD9C840-044E-11D1-B3E9-00805F499D93}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{8AD9C840-044E-11D1-B3E9-00805F499D93}\ not found.
Starting removal of ActiveX control {CAFEEFAC-0016-0000-0005-ABCDEFFEDCBA}
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{CAFEEFAC-0016-0000-0005-ABCDEFFEDCBA}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0005-ABCDEFFEDCBA}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0005-ABCDEFFEDCBA}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{CAFEEFAC-0016-0000-0005-ABCDEFFEDCBA}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0005-ABCDEFFEDCBA}\ not found.
Starting removal of ActiveX control {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA}
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{491942de-e9cb-11de-929b-001ec9597456}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{491942de-e9cb-11de-929b-001ec9597456}\ not found.
File E:\yqq8eqil.exe not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{491942de-e9cb-11de-929b-001ec9597456}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{491942de-e9cb-11de-929b-001ec9597456}\ not found.
File E:\yqq8eqil.exe not found.
========== REGISTRY ==========
Registry value HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List\\C:\Nexon\Combat Arms\CombatArms.exe deleted successfully.
Registry value HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List\\C:\Nexon\Combat Arms\Engine.exe deleted successfully.
Registry value HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List\\C:\Program Files\uTorrent\uTorrent.exe not found.
Registry value HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List\\C:\Nexon\Combat Arms\CombatArms.exe not found.
Registry value HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List\\C:\Nexon\Combat Arms\Engine.exe not found.
Registry value HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List\\C:\Nexon\Combat Arms\NMService.exe not found.
Registry value HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List\\C:\WINDOWS\system32\PnkBstrA.exe not found.
Registry value HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List\\C:\WINDOWS\system32\PnkBstrB.exe not found.
Registry value HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List\\C:\Program Files\Vuze\Azureus.exe not found.
Registry value HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List\\C:\Program Files\THQ\Dawn of War\W40k.exe not found.
========== COMMANDS ==========

[EMPTYTEMP]

User: Administrator
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes

User: All Users

User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 67 bytes
->Flash cache emptied: 41620 bytes

User: Guest
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 67 bytes
->Java cache emptied: 36355 bytes
->FireFox cache emptied: 71504340 bytes
->Flash cache emptied: 10111 bytes

User: John
->Temp folder emptied: 2922936 bytes
->Temporary Internet Files folder emptied: 287334 bytes
->Java cache emptied: 0 bytes
->FireFox cache emptied: 85205351 bytes
->Google Chrome cache emptied: 366708607 bytes
->Apple Safari cache emptied: 187392 bytes
->Flash cache emptied: 91921 bytes

User: JUDE
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 35642 bytes
->Java cache emptied: 54194433 bytes
->FireFox cache emptied: 38608157 bytes
->Flash cache emptied: 39095 bytes

User: LocalService
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 540806 bytes
->Flash cache emptied: 3593 bytes

User: NetworkService
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 67 bytes
->Java cache emptied: 1094828 bytes
->Flash cache emptied: 13731 bytes

%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 4088060 bytes
%systemroot%\System32 .tmp files removed: 2577 bytes
%systemroot%\System32\dllcache .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 7055 bytes
%systemroot%\system32\config\systemprofile\Local Settings\Temp folder emptied: 0 bytes
%systemroot%\system32\config\systemprofile\Local Settings\Temporary Internet Files folder emptied: 17444869 bytes
RecycleBin emptied: 16074528 bytes

Total Files Cleaned = 629.00 mb


OTL by OldTimer - Version 3.2.14.1 log created on 10132010_221656

Files\Folders moved on Reboot...
C:\Documents and Settings\John\Local Settings\Temp\~DFCFCC.tmp moved successfully.
File\Folder C:\WINDOWS\temp\ZLT0403e.TMP not found!

Registry entries deleted on Reboot...





OTL Scan:
OTL logfile created on: 10/13/2010 10:37:55 PM - Run 2
OTL by OldTimer - Version 3.2.14.1 Folder = C:\Documents and Settings\John\Desktop
Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

3.00 Gb Total Physical Memory | 3.00 Gb Available Physical Memory | 80.00% Memory free
8.00 Gb Paging File | 7.00 Gb Available in Paging File | 94.00% Paging File free
Paging file location(s): C:\pagefile.sys 4987 6000 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 455.94 Gb Total Space | 221.11 Gb Free Space | 48.50% Space Free | Partition Type: NTFS
D: Drive not present or media not loaded
E: Drive not present or media not loaded
F: Drive not present or media not loaded
Drive G: | 414.61 Mb Total Space | 0.00 Mb Free Space | 0.00% Space Free | Partition Type: CDFS
H: Drive not present or media not loaded
I: Drive not present or media not loaded

Computer Name: D3R3VDH1
Current User Name: John
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: All users
Company Name Whitelist: Off
Skip Microsoft Files: Off
File Age = 30 Days
Output = Standard

========== Processes (SafeList) ==========

PRC - [2010/10/09 23:30:23 | 006,407,728 | ---- | M] (Prevx) -- C:\Program Files\Prevx\prevx.exe
PRC - [2010/10/05 17:07:49 | 000,575,488 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\John\Desktop\OTL.exe
PRC - [2010/09/23 19:19:33 | 000,621,920 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG9\avgnsx.exe
PRC - [2010/09/14 19:25:48 | 001,101,152 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG9\avgchsvx.exe
PRC - [2010/09/14 19:25:47 | 000,515,424 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG9\avgrsx.exe
PRC - [2010/09/14 19:25:45 | 000,723,296 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG9\avgcsrvx.exe
PRC - [2010/09/14 19:25:11 | 000,842,592 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG9\avgam.exe
PRC - [2010/09/14 19:25:09 | 000,308,136 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG9\avgwdsvc.exe
PRC - [2010/06/23 13:52:56 | 002,435,592 | ---- | M] (Check Point Software Technologies LTD) -- C:\WINDOWS\system32\ZoneLabs\vsmon.exe
PRC - [2010/06/23 13:51:30 | 001,043,968 | ---- | M] (Check Point Software Technologies LTD) -- C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
PRC - [2010/06/10 21:03:08 | 000,144,176 | ---- | M] (Apple Inc.) -- C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
PRC - [2010/03/18 11:19:26 | 000,113,152 | ---- | M] (ArcSoft Inc.) -- C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACService.exe
PRC - [2008/08/14 00:04:44 | 000,201,968 | ---- | M] (SupportSoft, Inc.) -- C:\Program Files\Dell Support Center\bin\sprtsvc.exe
PRC - [2008/04/14 08:00:00 | 001,033,728 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe
PRC - [2008/01/15 14:31:58 | 000,155,648 | ---- | M] (NVIDIA) -- C:\Program Files\NVIDIA Corporation\nTune\nTuneService.exe
PRC - [2007/02/06 17:45:26 | 000,109,344 | ---- | M] (Logitech Inc.) -- c:\Program Files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe


========== Modules (SafeList) ==========

MOD - [2010/10/05 17:07:49 | 000,575,488 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\John\Desktop\OTL.exe
MOD - [2008/04/14 08:00:00 | 000,110,592 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\msscript.ocx
MOD - [2007/02/06 17:45:14 | 000,092,960 | ---- | M] (Logitech Inc.) -- C:\Program Files\Common Files\LogiShrd\LVMVFM\LVPrcInj.dll


========== Win32 Services (SafeList) ==========

SRV - [2010/10/09 23:30:23 | 006,407,728 | ---- | M] (Prevx) [Auto | Running] -- C:\Program Files\Prevx\prevx.exe -- (CSIScanner)
SRV - [2010/09/14 19:25:09 | 000,308,136 | ---- | M] (AVG Technologies CZ, s.r.o.) [Auto | Running] -- C:\Program Files\AVG\AVG9\avgwdsvc.exe -- (avg9wd)
SRV - [2010/06/23 13:52:56 | 002,435,592 | ---- | M] (Check Point Software Technologies LTD) [Auto | Running] -- C:\WINDOWS\System32\ZoneLabs\vsmon.exe -- (vsmon)
SRV - [2010/06/10 21:03:08 | 000,144,176 | ---- | M] (Apple Inc.) [Auto | Running] -- C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe -- (Apple Mobile Device)
SRV - [2010/03/18 11:19:26 | 000,113,152 | ---- | M] (ArcSoft Inc.) [Auto | Running] -- C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACService.exe -- (ACDaemon)
SRV - [2010/02/03 06:40:16 | 000,073,960 | ---- | M] (tzuk) [On_Demand | Stopped] -- C:\Program Files\Sandboxie\SbieSvc.exe -- (SbieSvc)
SRV - [2010/01/23 22:36:37 | 000,655,624 | ---- | M] (Acresso Software Inc.) [Disabled | Stopped] -- C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe -- (FLEXnet Licensing Service)
SRV - [2008/09/08 16:01:55 | 000,016,680 | ---- | M] (Citrix Online, a division of Citrix Systems, Inc.) [Disabled | Stopped] -- C:\Program Files\Citrix\GoToAssist\514\g2aservice.exe -- (GoToAssist)
SRV - [2008/08/14 00:04:44 | 000,201,968 | ---- | M] (SupportSoft, Inc.) [Auto | Running] -- C:\Program Files\Dell Support Center\bin\sprtsvc.exe -- (sprtsvc_dellsupportcenter) SupportSoft Sprocket Service (dellsupportcenter)
SRV - [2008/01/15 14:31:58 | 000,155,648 | ---- | M] (NVIDIA) [Auto | Running] -- C:\Program Files\NVIDIA Corporation\nTune\nTuneService.exe -- (nTuneService)
SRV - [2007/02/06 17:47:12 | 000,105,248 | ---- | M] (Logitech Inc.) [Auto | Stopped] -- C:\Program Files\Common Files\LogiShrd\SrvLnch\SrvLnch.exe -- (LVSrvLauncher)
SRV - [2007/02/06 17:45:26 | 000,109,344 | ---- | M] (Logitech Inc.) [Auto | Running] -- c:\Program Files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe -- (LVPrcSrv)
SRV - [2006/11/03 20:19:58 | 000,013,592 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Program Files\Windows Defender\MsMpEng.exe -- (WinDefend)
SRV - [2005/11/17 14:18:52 | 001,527,900 | ---- | M] (MAGIX®) [On_Demand | Stopped] -- C:\Program Files\MAGIX\Common\Database\bin\fbserver.exe -- (FirebirdServerMAGIXInstance)


========== Driver Services (SafeList) ==========

DRV - File not found [Kernel | System | Stopped] -- C:\WINDOWS\System32\DRIVERS\OMCI.SYS -- (OMCI)
DRV - File not found [Kernel | On_Demand | Stopped] -- C:\DOCUME~1\John\LOCALS~1\Temp\catchme.sys -- (catchme)
DRV - [2010/10/09 23:30:25 | 000,030,320 | ---- | M] (Prevx) [Kernel | Boot | Running] -- C:\WINDOWS\System32\drivers\pxscan.sys -- (pxscan)
DRV - [2010/10/09 23:30:24 | 000,074,624 | ---- | M] (Prevx) [File_System | Auto | Running] -- C:\WINDOWS\system32\drivers\pxrts.sys -- (pxrts)
DRV - [2010/10/09 23:30:24 | 000,024,400 | ---- | M] (Prevx) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\pxkbf.sys -- (pxkbf)
DRV - [2010/09/14 19:25:14 | 000,243,024 | ---- | M] (AVG Technologies CZ, s.r.o.) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\avgtdix.sys -- (AvgTdiX)
DRV - [2010/09/14 19:25:14 | 000,052,872 | ---- | M] (AVG Technologies CZ, s.r.o.) [File_System | Boot | Running] -- C:\WINDOWS\System32\Drivers\avgrkx86.sys -- (AvgRkx86)
DRV - [2010/09/14 19:25:12 | 000,216,400 | ---- | M] (AVG Technologies CZ, s.r.o.) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\avgldx86.sys -- (AvgLdx86)
DRV - [2010/09/14 19:25:12 | 000,029,584 | ---- | M] (AVG Technologies CZ, s.r.o.) [File_System | System | Running] -- C:\WINDOWS\system32\drivers\avgmfx86.sys -- (AvgMfx86)
DRV - [2010/09/14 18:54:45 | 000,024,416 | ---- | M] (Greatis Software) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\regguard.sys -- (RegGuard)
DRV - [2010/05/13 10:02:32 | 000,532,224 | ---- | M] (Check Point Software Technologies LTD) [Kernel | System | Running] -- C:\WINDOWS\system32\vsdatant.sys -- (vsdatant)
DRV - [2010/04/29 15:39:38 | 000,038,224 | ---- | M] (Malwarebytes Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\mbamswissarmy.sys -- (MBAMSwissArmy)
DRV - [2010/02/03 06:40:08 | 000,115,432 | ---- | M] (tzuk) [Kernel | On_Demand | Stopped] -- C:\Program Files\Sandboxie\SbieDrv.sys -- (SbieDrv)
DRV - [2009/11/04 23:07:42 | 000,223,432 | ---- | M] (TrueCrypt Foundation) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\truecrypt.sys -- (truecrypt)
DRV - [2009/09/25 11:12:04 | 004,241,792 | ---- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\RtKHDMI.sys -- (RTHDMIAzAudService)
DRV - [2009/07/15 05:20:12 | 004,407,808 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ati2mtag.sys -- (ati2mtag)
DRV - [2009/07/07 21:18:26 | 001,017,984 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\atinavrr.sys -- (ATIAVPCI)
DRV - [2009/05/09 01:14:20 | 000,014,736 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\nuidfltr.sys -- (NuidFltr)
DRV - [2009/03/27 02:16:28 | 000,012,672 | ---- | M] (Windows ® Codename Longhorn DDK provider) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\cpuz132_x32.sys -- (cpuz132)
DRV - [2009/02/24 18:42:14 | 000,116,736 | ---- | M] (MagicISO, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\mcdbus.sys -- (mcdbus)
DRV - [2008/11/11 13:42:00 | 000,024,832 | ---- | M] (LG Electronics Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\lgusbmodem.sys -- (USBModem)
DRV - [2008/11/11 13:41:00 | 000,019,968 | ---- | M] (LG Electronics Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\lgusbdiag.sys -- (UsbDiag)
DRV - [2008/11/11 13:41:00 | 000,013,056 | ---- | M] (LG Electronics Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\lgusbbus.sys -- (usbbus)
DRV - [2008/04/14 08:06:40 | 000,043,008 | ---- | M] (Advanced Micro Devices, Inc.) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\DRIVERS\amdagp.sys -- (amdagp)
DRV - [2008/04/14 08:06:40 | 000,040,960 | ---- | M] (Silicon Integrated Systems Corporation) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\DRIVERS\sisagp.sys -- (sisagp)
DRV - [2008/04/14 08:00:00 | 000,179,584 | ---- | M] (Mylex Corporation) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\DRIVERS\dac2w2k.sys -- (dac2w2k)
DRV - [2008/04/14 08:00:00 | 000,144,384 | ---- | M] (Windows ® Server 2003 DDK provider) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\hdaudbus.sys -- (HDAudBus)
DRV - [2008/04/14 08:00:00 | 000,049,024 | ---- | M] (QLogic Corporation) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\DRIVERS\ql1280.sys -- (ql1280)
DRV - [2008/04/14 08:00:00 | 000,045,312 | ---- | M] (QLogic Corporation) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\DRIVERS\ql12160.sys -- (ql12160)
DRV - [2008/04/14 08:00:00 | 000,040,320 | ---- | M] (QLogic Corporation) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\DRIVERS\ql1080.sys -- (ql1080)
DRV - [2008/04/14 08:00:00 | 000,036,736 | ---- | M] (Promise Technology, Inc.) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\DRIVERS\ultra.sys -- (ultra)
DRV - [2008/04/14 08:00:00 | 000,032,640 | ---- | M] (LSI Logic) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\DRIVERS\symc8xx.sys -- (symc8xx)
DRV - [2008/04/14 08:00:00 | 000,030,688 | ---- | M] (LSI Logic) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\DRIVERS\sym_u3.sys -- (sym_u3)
DRV - [2008/04/14 08:00:00 | 000,028,384 | ---- | M] (LSI Logic) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\DRIVERS\sym_hi.sys -- (sym_hi)
DRV - [2008/04/14 08:00:00 | 000,026,496 | ---- | M] (Advanced System Products, Inc.) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\DRIVERS\asc.sys -- (asc)
DRV - [2008/04/14 08:00:00 | 000,019,072 | ---- | M] (Adaptec, Inc.) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\DRIVERS\sparrow.sys -- (Sparrow)
DRV - [2008/04/14 08:00:00 | 000,017,280 | ---- | M] (American Megatrends Inc.) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\DRIVERS\mraid35x.sys -- (mraid35x)
DRV - [2008/04/14 08:00:00 | 000,016,256 | ---- | M] (Symbios Logic Inc.) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\DRIVERS\symc810.sys -- (symc810)
DRV - [2008/04/14 08:00:00 | 000,015,232 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\mpe.sys -- (MPE)
DRV - [2008/04/14 08:00:00 | 000,014,848 | ---- | M] (Advanced System Products, Inc.) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\DRIVERS\asc3550.sys -- (asc3550)
DRV - [2008/04/14 08:00:00 | 000,006,656 | ---- | M] (CMD Technology, Inc.) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\DRIVERS\cmdide.sys -- (CmdIde)
DRV - [2008/04/14 08:00:00 | 000,005,248 | ---- | M] (Acer Laboratories Inc.) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\DRIVERS\aliide.sys -- (AliIde)
DRV - [2008/04/14 01:15:14 | 000,060,032 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\USBAUDIO.sys -- (usbaudio) USB Audio Driver (WDM)
DRV - [2008/01/21 14:15:22 | 000,128,000 | ---- | M] (NVIDIA Corporation) [Kernel | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\nvrd32.sys -- (nvrd32)
DRV - [2008/01/21 14:15:22 | 000,102,400 | ---- | M] (NVIDIA Corporation) [Kernel | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\nvgts.sys -- (nvgts)
DRV - [2008/01/15 14:34:04 | 000,029,696 | ---- | M] (NVidia Corp.) [Kernel | On_Demand | Running] -- C:\WINDOWS\nvoclock.sys -- (NVR0Dev)
DRV - [2008/01/14 23:20:12 | 000,022,016 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\nvnetbus.sys -- (nvnetbus)
DRV - [2008/01/14 23:20:10 | 000,054,016 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\NVENETFD.sys -- (NVENETFD)
DRV - [2008/01/14 23:10:30 | 004,620,288 | ---- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\RtkHDAud.sys -- (IntcAzAudAddService) Service for Realtek HD Audio (WDM)
DRV - [2007/12/26 22:25:10 | 000,020,736 | R--- | M] (ZDC., Inc. (ZDC)) [Kernel | System | Running] -- C:\WINDOWS\system32\ZDCndis5.sys -- (ZDCNDIS5)
DRV - [2007/09/23 22:32:20 | 000,084,992 | ---- | M] (ATI Research Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\AtiHdmi.sys -- (AtiHdmiService)
DRV - [2007/07/19 01:44:02 | 000,041,752 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\LVUSBSta.sys -- (LVUSBSta)
DRV - [2007/07/19 01:39:16 | 000,013,848 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\lv302af.sys -- (pepifilter)
DRV - [2007/02/26 18:15:22 | 000,061,984 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\xusb21.sys -- (xusb21)
DRV - [2007/02/06 17:45:04 | 000,025,632 | ---- | M] () [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\LVPr2Mon.sys -- (LVPr2Mon)
DRV - [2007/02/06 17:44:36 | 001,964,064 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\LVMVdrv.sys -- (LVMVDrv)
DRV - [2007/02/06 17:42:40 | 001,691,808 | ---- | M] () [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\Lvckap.sys -- (LVcKap)
DRV - [2007/02/03 10:27:28 | 000,938,272 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\LV302V32.SYS -- (PID_PEPI) Logitech QuickCam IM(PID_PEPI)
DRV - [2004/02/04 10:27:56 | 000,049,536 | ---- | M] (Texas Instruments Incorporated) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\tiehdusb.sys -- (TIEHDUSB)
DRV - [2002/07/17 09:05:10 | 000,016,512 | ---- | M] (Adaptec) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\ASPI32.SYS -- (ASPI)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,Default_Page_URL = partnerpage.google.com/smallbiz.dell.com/en_us?hl=en&client=dell-usuk&channel=us-smb&ibd=2080908
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,Default_Search_URL = http://www.google.com/ie
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,Start Page = partnerpage.google.com/smallbiz.dell.com/en_us?hl=en&client=dell-usuk&channel=us-smb&ibd=2080908


IE - HKU\.DEFAULT\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = partnerpage.google.com/smallbiz.dell.com/en_us?hl=en&client=dell-usuk&channel=us-smb&ibd=2080908
IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-18\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = partnerpage.google.com/smallbiz.dell.com/en_us?hl=en&client=dell-usuk&channel=us-smb&ibd=2080908
IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0



IE - HKU\S-1-5-21-181711195-3971840082-1150427271-1008\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://partnerpage.google.com/smallbiz.del...amp;ibd=2080908
IE - HKU\S-1-5-21-181711195-3971840082-1150427271-1008\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.google.com/ie
IE - HKU\S-1-5-21-181711195-3971840082-1150427271-1008\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-21-181711195-3971840082-1150427271-1008\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" =

========== FireFox ==========

FF - prefs.js..browser.search.order.1: "Google"
FF - prefs.js..browser.search.selectedEngine: "Google"
FF - prefs.js..extensions.enabledItems: {99B98C2C-7274-45a3-A640-D9DF1A1C8460}:1.4
FF - prefs.js..extensions.enabledItems: detinyurlexpander@daniel.clarke:1.2.1
FF - prefs.js..extensions.enabledItems: {b9db16a4-6edc-47ec-a1f4-b86292ed211d}:4.8
FF - prefs.js..extensions.enabledItems: firebug@software.joehewitt.com:1.5.4
FF - prefs.js..extensions.enabledItems: {e4a8a97b-f2ed-450b-b12d-ee082ba24781}:0.8.20100408.6
FF - prefs.js..extensions.enabledItems: moveplayer@movenetworks.com:7
FF - prefs.js..extensions.enabledItems: {3f963a5b-e555-4543-90e2-c3908898db71}:9.0.0.855
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}:6.0.22
FF - prefs.js..extensions.enabledItems: jqs@sun.com:1.0
FF - prefs.js..keyword.URL: "http://search.search-tab.com/?sid=10101057100&s="

FF - user.js..browser.search.selectedEngine: "Google"
FF - user.js..browser.search.order.1: "Google"
FF - user.js..keyword.URL: "http://search.search-tab.com/?sid=10101057100&s="

FF - HKLM\software\mozilla\eMusic Download Manager\Extensions\\Components: C:\Program Files\eMusic Download Manager\xulrunner\components [2010/04/02 01:39:34 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\eMusic Download Manager\Extensions\\Plugins: C:\Program Files\eMusic Download Manager\xulrunner\plugins [2010/04/02 01:39:33 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Firefox\Extensions\\smartwebprinting@hp.com: C:\Program Files\HP\Digital Imaging\Smart Web Printing\MozillaAddOn2 [2010/01/15 15:02:53 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Firefox\Extensions\\{3f963a5b-e555-4543-90e2-c3908898db71}: C:\Program Files\AVG\AVG9\Firefox [2010/09/23 19:21:56 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.6.10\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2010/09/27 21:32:22 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.6.10\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2010/10/13 22:13:56 | 000,000,000 | ---D | M]

[2008/09/13 18:43:36 | 000,000,000 | ---D | M] -- C:\Documents and Settings\John\Application Data\Mozilla\Extensions
[2010/10/13 22:35:39 | 000,000,000 | ---D | M] -- C:\Documents and Settings\John\Application Data\Mozilla\Firefox\Profiles\la6e4z40.default\extensions
[2010/05/13 20:22:11 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Documents and Settings\John\Application Data\Mozilla\Firefox\Profiles\la6e4z40.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}
[2010/04/11 21:21:29 | 000,000,000 | ---D | M] (CookieCuller) -- C:\Documents and Settings\John\Application Data\Mozilla\Firefox\Profiles\la6e4z40.default\extensions\{99B98C2C-7274-45a3-A640-D9DF1A1C8460}
[2010/04/07 22:26:52 | 000,000,000 | ---D | M] () -- C:\Documents and Settings\John\Application Data\Mozilla\Firefox\Profiles\la6e4z40.default\extensions\{a7101e54-830c-4d33-a3ed-bedc17ec44da}
[2010/08/07 20:20:59 | 000,000,000 | ---D | M] (DownloadHelper) -- C:\Documents and Settings\John\Application Data\Mozilla\Firefox\Profiles\la6e4z40.default\extensions\{b9db16a4-6edc-47ec-a1f4-b86292ed211d}
[2010/04/11 18:43:03 | 000,000,000 | ---D | M] (Greasemonkey) -- C:\Documents and Settings\John\Application Data\Mozilla\Firefox\Profiles\la6e4z40.default\extensions\{e4a8a97b-f2ed-450b-b12d-ee082ba24781}
[2010/04/07 22:33:53 | 000,000,000 | ---D | M] -- C:\Documents and Settings\John\Application Data\Mozilla\Firefox\Profiles\la6e4z40.default\extensions\detinyurlexpander@daniel.clarke
[2010/05/13 20:22:16 | 000,000,000 | ---D | M] -- C:\Documents and Settings\John\Application Data\Mozilla\Firefox\Profiles\la6e4z40.default\extensions\firebug@software.joehewitt.com
[2010/10/13 22:35:39 | 000,000,000 | ---D | M] -- C:\Program Files\Mozilla Firefox\extensions
[2010/10/13 22:13:56 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}
[2008/01/04 04:38:50 | 000,054,600 | ---- | M] (BitTorrent, Inc.) -- C:\Program Files\Mozilla Firefox\plugins\npbittorrent.dll
[2010/10/13 22:13:46 | 000,472,808 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\Mozilla Firefox\plugins\npdeployJava1.dll
[2007/04/16 13:07:12 | 000,180,293 | ---- | M] () -- C:\Program Files\Mozilla Firefox\plugins\npViewpoint.dll

O1 HOSTS File: ([2010/10/13 21:54:06 | 000,000,027 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O2 - BHO: (HP Print Enhancer) - {0347C33E-8762-4905-BF09-768834316C61} - C:\Program Files\HP\Digital Imaging\Smart Web Printing\hpswp_printenhancer.dll (Hewlett-Packard Co.)
O2 - BHO: (Adobe PDF Reader Link Helper) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated)
O2 - BHO: (SafeOnline BHO) - {69D72956-317C-44bd-B369-8E44D4EF9801} - C:\WINDOWS\system32\PxSecure.dll (Prevx)
O2 - BHO: (HP Smart BHO Class) - {FFFFFFFF-CF4E-4F2B-BDC2-0E72E116A856} - C:\Program Files\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll (Hewlett-Packard Co.)
O4 - HKLM..\Run: [ZoneAlarm Client] C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe (Check Point Software Technologies LTD)
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: AllowLegacyWebView = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: AllowUnhashedWebView = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoCDBurning = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O7 - HKU\.DEFAULT\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKU\S-1-5-18\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKU\S-1-5-19\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-20\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-21-181711195-3971840082-1150427271-1008\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-21-181711195-3971840082-1150427271-1008\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKU\S-1-5-21-181711195-3971840082-1150427271-1008\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKU\S-1-5-21-181711195-3971840082-1150427271-1008\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O8 - Extra context menu item: E&xport to Microsoft Excel - C:\Program Files\Microsoft Office\Office12\EXCEL.EXE (Microsoft Corporation)
O9 - Extra Button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\Program Files\Microsoft Office\Office12\REFIEBAR.DLL (Microsoft Corporation)
O9 - Extra Button: HP Smart Select - {DDE87865-83C5-48c4-8357-2F5B1AA84522} - C:\Program Files\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll (Hewlett-Packard Co.)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000004 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O16 - DPF: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Java Plug-in 1.6.0_22)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 68.87.64.150 68.87.75.198
O18 - Protocol\Handler\linkscanner {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG9\avgpp.dll (AVG Technologies CZ, s.r.o.)
O18 - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - C:\Program Files\Common Files\Microsoft Shared\Help\hxds.dll (Microsoft Corporation)
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O18 - Protocol\Filter\text/xml {807563E5-5146-11D5-A672-00B0D022E945} - C:\Program Files\Common Files\Microsoft Shared\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - Winlogon\Notify\AtiExtEvent: DllName - Ati2evxx.dll - C:\WINDOWS\System32\ati2evxx.dll (ATI Technologies Inc.)
O20 - Winlogon\Notify\avgrsstarter: DllName - avgrsstx.dll - C:\WINDOWS\System32\avgrsstx.dll (AVG Technologies CZ, s.r.o.)
O20 - Winlogon\Notify\GoToAssist: DllName - C:\Program Files\Citrix\GoToAssist\514\G2AWinLogon.dll - C:\Program Files\Citrix\GoToAssist\514\g2awinlogon.dll (Citrix Online, a division of Citrix Systems, Inc.)
O24 - Desktop WallPaper: C:\Documents and Settings\John\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O24 - Desktop BackupWallPaper: C:\Documents and Settings\John\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O28 - HKLM ShellExecuteHooks: {091EB208-39DD-417D-A5DD-7E2C2D8FB9CB} - C:\Program Files\Windows Defender\MpShHook.dll (Microsoft Corporation)
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2008/04/25 17:29:32 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O32 - AutoRun File - [2010/10/09 20:11:47 | 000,000,000 | R--D | M] - C:\autorun.inf -- [ NTFS ]
O32 - AutoRun File - [1995/11/06 12:27:48 | 000,077,238 | R--- | M] () - G:\AUTOPLAY.BMP -- [ CDFS ]
O32 - AutoRun File - [1995/11/06 12:27:48 | 000,129,954 | R--- | M] () - G:\AUTOPLAY.EXE -- [ CDFS ]
O32 - AutoRun File - [1995/11/06 12:27:48 | 000,000,766 | R--- | M] () - G:\AUTOPLAY.ICO -- [ CDFS ]
O32 - AutoRun File - [1995/11/07 05:15:24 | 000,000,298 | R--- | M] () - G:\AUTORUN.INF -- [ CDFS ]
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = ComFile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

========== Files/Folders - Created Within 30 Days ==========

[2010/10/13 22:16:56 | 000,000,000 | ---D | C] -- C:\_OTL
[2010/10/13 22:14:27 | 000,000,000 | -HSD | C] -- C:\RECYCLER
[2010/10/13 22:14:14 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Sun
[2010/10/13 22:14:09 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Java
[2010/10/13 22:13:56 | 000,472,808 | ---- | C] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\deployJava1.dll
[2010/10/13 22:13:56 | 000,153,376 | ---- | C] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\javaws.exe
[2010/10/13 22:13:56 | 000,145,184 | ---- | C] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\javaw.exe
[2010/10/13 22:13:56 | 000,145,184 | ---- | C] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\java.exe
[2010/10/13 22:13:56 | 000,073,728 | ---- | C] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\javacpl.cpl
[2010/10/13 21:44:16 | 000,000,000 | RHSD | C] -- C:\cmdcons
[2010/10/13 21:42:19 | 000,212,480 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWXCACLS.exe
[2010/10/13 21:42:19 | 000,161,792 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWREG.exe
[2010/10/13 21:42:19 | 000,136,704 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWSC.exe
[2010/10/13 21:42:19 | 000,031,232 | ---- | C] (NirSoft) -- C:\WINDOWS\NIRCMD.exe
[2010/10/13 21:42:14 | 000,000,000 | ---D | C] -- C:\WINDOWS\ERDNT
[2010/10/13 21:42:13 | 000,000,000 | ---D | C] -- C:\ComboFix
[2010/10/13 21:41:42 | 000,000,000 | ---D | C] -- C:\Qoobox
[2010/10/09 20:11:47 | 000,000,000 | R--D | C] -- C:\autorun.inf
[2010/10/05 17:07:49 | 000,575,488 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\John\Desktop\OTL.exe
[2010/10/01 23:52:22 | 000,000,000 | ---D | C] -- C:\found.000
[2010/09/23 19:17:05 | 000,000,000 | ---D | C] -- C:\Documents and Settings\John\Application Data\AVG9
[2010/09/19 12:26:08 | 000,058,368 | ---- | C] (Check Point Software Technologies LTD) -- C:\WINDOWS\System32\vsregexp.dll
[2010/09/19 12:25:58 | 000,103,936 | ---- | C] (Check Point Software Technologies LTD) -- C:\WINDOWS\System32\zlcommdb.dll
[2010/09/19 12:25:58 | 000,069,120 | ---- | C] (Check Point Software Technologies LTD) -- C:\WINDOWS\System32\zlcomm.dll
[2010/09/19 12:25:55 | 000,043,008 | ---- | C] (Check Point Software Technologies LTD) -- C:\WINDOWS\System32\vswmi.dll
[2010/09/19 12:25:46 | 001,238,528 | ---- | C] (Check Point Software Technologies LTD) -- C:\WINDOWS\System32\zpeng25.dll
[2010/09/19 12:25:46 | 000,110,080 | ---- | C] (Check Point Software Technologies LTD) -- C:\WINDOWS\System32\vsxml.dll
[2010/09/19 12:25:46 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\ZoneLabs
[2010/09/19 12:25:45 | 000,302,592 | ---- | C] (Check Point Software Technologies LTD) -- C:\WINDOWS\System32\vspubapi.dll
[2010/09/19 12:25:45 | 000,108,032 | ---- | C] (Check Point Software Technologies LTD) -- C:\WINDOWS\System32\vsmonapi.dll
[2010/09/19 12:25:44 | 000,532,224 | ---- | C] (Check Point Software Technologies LTD) -- C:\WINDOWS\System32\vsdatant.sys
[2010/09/19 12:25:43 | 000,000,000 | ---D | C] -- C:\Program Files\Zone Labs
[2010/09/19 12:25:13 | 000,000,000 | ---D | C] -- C:\WINDOWS\Internet Logs
[2010/09/19 12:25:12 | 000,713,728 | ---- | C] (Check Point Software Technologies LTD) -- C:\WINDOWS\System32\vsutil.dll
[2010/09/19 12:25:12 | 000,228,864 | ---- | C] (Check Point Software Technologies LTD) -- C:\WINDOWS\System32\vsinit.dll
[2010/09/19 12:25:12 | 000,112,128 | ---- | C] (Check Point Software Technologies LTD) -- C:\WINDOWS\System32\vsdata.dll
[2010/09/19 12:18:16 | 000,000,000 | ---D | C] -- C:\Documents and Settings\John\Application Data\QuickScan
[2010/09/19 12:04:01 | 000,070,192 | ---- | C] (Prevx) -- C:\WINDOWS\System32\PxSecure.dll
[2010/09/19 12:03:58 | 000,074,624 | ---- | C] (Prevx) -- C:\WINDOWS\System32\drivers\pxrts.sys
[2010/09/19 12:03:58 | 000,030,320 | ---- | C] (Prevx) -- C:\WINDOWS\System32\drivers\pxscan.sys
[2010/09/19 12:03:55 | 000,024,400 | ---- | C] (Prevx) -- C:\WINDOWS\System32\drivers\pxkbf.sys
[2010/09/19 12:03:52 | 000,000,000 | ---D | C] -- C:\Program Files\Prevx
[2010/09/19 12:03:42 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\PrevxCSI
[2010/09/19 10:32:13 | 000,021,504 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\drivers\hidserv.dll
[2010/09/15 23:52:36 | 000,000,000 | ---D | C] -- C:\Documents and Settings\John\My Documents\RegRun2
[2010/09/15 19:23:12 | 000,000,000 | ---D | C] -- C:\Documents and Settings\NetworkService\Local Settings\Application Data\Adobe
[2010/09/14 23:54:18 | 000,000,000 | ---D | C] -- C:\Documents and Settings\LocalService\Application Data\Macromedia
[2010/09/14 23:54:16 | 000,000,000 | ---D | C] -- C:\Documents and Settings\LocalService\Application Data\Adobe
[2010/09/14 19:26:39 | 000,000,000 | ---D | C] -- C:\$AVG
[2010/09/14 19:25:14 | 000,052,872 | ---- | C] (AVG Technologies CZ, s.r.o.) -- C:\WINDOWS\System32\drivers\avgrkx86.sys
[2010/09/14 19:25:12 | 000,243,024 | ---- | C] (AVG Technologies CZ, s.r.o.) -- C:\WINDOWS\System32\drivers\avgtdix.sys
[2010/09/14 19:23:45 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\avg9
[2010/09/14 15:48:22 | 000,024,416 | ---- | C] (Greatis Software) -- C:\WINDOWS\System32\drivers\regguard.sys
[2010/09/14 15:44:10 | 000,000,000 | ---D | C] -- C:\Documents and Settings\John\Desktop\RegRun2
[2010/09/14 15:43:58 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Documents\regruninfo
[2010/09/14 15:43:57 | 000,012,808 | ---- | C] (Greatis Software, LLC.) -- C:\WINDOWS\System32\drivers\UnHackMeDrv.sys
[2010/09/14 15:43:51 | 000,000,000 | ---D | C] -- C:\Program Files\UnHackMe
[2010/09/14 15:40:17 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Hitman Pro
[2010/09/14 15:40:13 | 000,000,000 | ---D | C] -- C:\Program Files\Hitman Pro 3.5
[2010/09/14 01:45:09 | 000,000,000 | ---D | C] -- C:\Documents and Settings\NetworkService\Application Data\Sun
[2010/09/14 01:03:55 | 000,000,000 | -HSD | C] -- C:\WINDOWS\CSC
[2010/09/14 01:02:55 | 000,000,000 | ---D | C] -- C:\Documents and Settings\John\Application Data\Malwarebytes
[2010/09/14 01:02:49 | 000,038,224 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbamswissarmy.sys
[2010/09/14 01:02:47 | 000,020,952 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys
[2010/09/14 01:02:47 | 000,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware
[2010/09/14 01:02:47 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Malwarebytes
[2010/09/13 23:58:30 | 000,000,000 | ---D | C] -- C:\Documents and Settings\NetworkService\Application Data\Macromedia
[2010/09/13 23:58:28 | 000,000,000 | ---D | C] -- C:\Documents and Settings\NetworkService\Application Data\Adobe

========== Files - Modified Within 30 Days ==========

[2010/10/13 22:37:11 | 017,563,648 | ---- | M] () -- C:\Documents and Settings\John\NTUSER.DAT
[2010/10/13 22:34:25 | 000,002,206 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2010/10/13 22:34:24 | 000,000,878 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineCore.job
[2010/10/13 22:26:10 | 000,000,006 | -H-- | M] () -- C:\WINDOWS\tasks\SA.DAT
[2010/10/13 22:26:04 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2010/10/13 22:26:00 | 3487,006,720 | -HS- | M] () -- C:\hiberfil.sys
[2010/10/13 22:24:57 | 000,000,178 | -HS- | M] () -- C:\Documents and Settings\John\ntuser.ini
[2010/10/13 22:13:46 | 000,472,808 | ---- | M] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\deployJava1.dll
[2010/10/13 22:13:46 | 000,153,376 | ---- | M] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\javaws.exe
[2010/10/13 22:13:46 | 000,145,184 | ---- | M] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\javaw.exe
[2010/10/13 22:13:46 | 000,145,184 | ---- | M] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\java.exe
[2010/10/13 22:13:46 | 000,073,728 | ---- | M] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\javacpl.cpl
[2010/10/13 22:13:10 | 000,000,000 | ---- | M] () -- C:\Documents and Settings\John\Local Settings\Application Data\prvlcl.dat
[2010/10/13 22:00:00 | 000,000,974 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskUserS-1-5-21-181711195-3971840082-1150427271-1008UA.job
[2010/10/13 21:54:13 | 000,000,227 | ---- | M] () -- C:\WINDOWS\system.ini
[2010/10/13 21:54:06 | 000,000,027 | ---- | M] () -- C:\WINDOWS\System32\drivers\etc\hosts
[2010/10/13 21:44:22 | 000,000,327 | RHS- | M] () -- C:\boot.ini
[2010/10/13 21:26:05 | 000,000,882 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineUA.job
[2010/10/13 21:25:19 | 003,878,092 | R--- | M] () -- C:\Documents and Settings\John\Desktop\ComboFix.exe
[2010/10/13 21:19:26 | 000,000,512 | ---- | M] () -- C:\dump.dat
[2010/10/13 21:00:08 | 066,261,925 | ---- | M] () -- C:\WINDOWS\System32\drivers\Avg\incavi.avm
[2010/10/10 05:33:47 | 000,016,968 | ---- | M] () -- C:\WINDOWS\System32\drivers\hitmanpro35.sys
[2010/10/10 02:19:00 | 000,000,330 | -H-- | M] () -- C:\WINDOWS\tasks\MP Scheduled Scan.job
[2010/10/09 23:30:25 | 000,030,320 | ---- | M] (Prevx) -- C:\WINDOWS\System32\drivers\pxscan.sys
[2010/10/09 23:30:24 | 000,074,624 | ---- | M] (Prevx) -- C:\WINDOWS\System32\drivers\pxrts.sys
[2010/10/09 23:30:24 | 000,024,400 | ---- | M] (Prevx) -- C:\WINDOWS\System32\drivers\pxkbf.sys
[2010/10/09 23:30:15 | 000,000,187 | ---- | M] () -- C:\WINDOWS\wininit.ini
[2010/10/09 23:00:01 | 000,000,922 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskUserS-1-5-21-181711195-3971840082-1150427271-1008Core.job
[2010/10/09 20:10:05 | 000,132,597 | ---- | M] () -- C:\Documents and Settings\John\Desktop\Flash_Disinfector.exe
[2010/10/07 23:16:48 | 000,002,137 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\iTunes.lnk
[2010/10/07 19:31:00 | 000,512,402 | ---- | M] () -- C:\WINDOWS\System32\PerfStringBackup.INI
[2010/10/07 19:31:00 | 000,448,466 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat
[2010/10/07 19:31:00 | 000,074,634 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat
[2010/10/06 19:39:11 | 017,070,421 | ---- | M] () -- C:\Documents and Settings\John\Desktop\Miles Fisher - This Must Be The Place (Cover).mp4
[2010/10/06 19:34:37 | 011,406,376 | ---- | M] () -- C:\Documents and Settings\John\Desktop\Dubstep Snowman.mp4
[2010/10/05 17:07:49 | 000,575,488 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\John\Desktop\OTL.exe
[2010/10/05 17:07:47 | 000,080,384 | ---- | M] () -- C:\Documents and Settings\John\Desktop\MBRCheck.exe
[2010/10/05 17:04:08 | 000,133,632 | ---- | M] () -- C:\Documents and Settings\John\Desktop\RKUnhookerLE.EXE
[2010/10/02 01:30:43 | 000,525,824 | ---- | M] () -- C:\Documents and Settings\John\Desktop\dds.scr
[2010/09/26 22:17:50 | 000,284,915 | ---- | M] () -- C:\Documents and Settings\John\Desktop\gmer.zip
[2010/09/26 22:06:26 | 000,000,000 | ---- | M] () -- C:\Documents and Settings\John\defogger_reenable
[2010/09/26 22:05:49 | 000,050,477 | ---- | M] () -- C:\Documents and Settings\John\Desktop\Defogger.exe
[2010/09/26 20:18:21 | 000,000,684 | ---- | M] () -- C:\Documents and Settings\John\Desktop\CCleaner.lnk
[2010/09/24 01:01:18 | 000,002,279 | ---- | M] () -- C:\Documents and Settings\John\Desktop\Google Chrome.lnk
[2010/09/24 01:01:18 | 000,002,257 | ---- | M] () -- C:\Documents and Settings\John\Application Data\Microsoft\Internet Explorer\Quick Launch\Google Chrome.lnk
[2010/09/23 19:29:29 | 000,000,732 | ---- | M] () -- C:\WINDOWS\System32\.crusader
[2010/09/22 00:15:41 | 000,811,190 | ---- | M] () -- C:\Documents and Settings\John\My Documents\sarahs theology collage.docx
[2010/09/19 12:26:31 | 000,420,800 | ---- | M] () -- C:\WINDOWS\System32\vsconfig.xml
[2010/09/19 12:26:14 | 000,004,212 | -H-- | M] () -- C:\WINDOWS\System32\zllictbl.dat
[2010/09/19 12:26:12 | 000,000,733 | ---- | M] () -- C:\Documents and Settings\John\Desktop\ZoneAlarm Security.lnk
[2010/09/19 12:04:01 | 000,070,192 | ---- | M] (Prevx) -- C:\WINDOWS\System32\PxSecure.dll
[2010/09/19 10:35:37 | 000,000,000 | -H-- | M] () -- C:\WINDOWS\System32\drivers\Msft_Kernel_NuidFltr_01005.Wdf
[2010/09/19 10:35:33 | 000,000,000 | -H-- | M] () -- C:\WINDOWS\System32\drivers\MsftWdf_Kernel_01005_Coinstaller_Critical.Wdf
[2010/09/15 23:58:01 | 001,077,894 | -H-- | M] () -- C:\Documents and Settings\John\Local Settings\Application Data\IconCache.db
[2010/09/15 22:50:04 | 000,000,730 | ---- | M] () -- C:\WINDOWS\win.ini
[2010/09/15 22:50:04 | 000,000,211 | ---- | M] () -- C:\Boot.bak
[2010/09/15 22:39:37 | 000,000,664 | ---- | M] () -- C:\WINDOWS\System32\d3d9caps.dat
[2010/09/14 19:26:19 | 000,012,536 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\WINDOWS\System32\avgrsstx.dll
[2010/09/14 19:25:14 | 000,243,024 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\WINDOWS\System32\drivers\avgtdix.sys
[2010/09/14 19:25:14 | 000,052,872 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\WINDOWS\System32\drivers\avgrkx86.sys
[2010/09/14 19:25:12 | 000,216,400 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\WINDOWS\System32\drivers\avgldx86.sys
[2010/09/14 19:25:12 | 000,029,584 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\WINDOWS\System32\drivers\avgmfx86.sys
[2010/09/14 19:25:11 | 000,113,461 | ---- | M] () -- C:\WINDOWS\System32\drivers\Avg\iavichjw.avm
[2010/09/14 18:54:45 | 000,024,416 | ---- | M] (Greatis Software) -- C:\WINDOWS\System32\drivers\regguard.sys
[2010/09/14 15:44:35 | 000,002,577 | ---- | M] () -- C:\WINDOWS\System32\CONFIG.NT
[2010/09/14 15:44:35 | 000,001,688 | ---- | M] () -- C:\WINDOWS\System32\AUTOEXEC.NT
[2010/09/14 15:44:35 | 000,000,002 | RHS- | M] () -- C:\WINDOWS\winstart.bat
[2010/09/14 15:44:00 | 000,000,632 | ---- | M] () -- C:\Documents and Settings\John\Desktop\UnHackMe.lnk
[2010/09/14 15:20:40 | 000,000,112 | ---- | M] () -- C:\Documents and Settings\All Users\Application Data\ndeOJDg.dat

========== Files Created - No Company Name ==========

[2010/10/13 21:44:22 | 000,000,211 | ---- | C] () -- C:\Boot.bak
[2010/10/13 21:44:19 | 000,260,272 | RHS- | C] () -- C:\cmldr
[2010/10/13 21:42:19 | 000,256,512 | ---- | C] () -- C:\WINDOWS\PEV.exe
[2010/10/13 21:42:19 | 000,098,816 | ---- | C] () -- C:\WINDOWS\sed.exe
[2010/10/13 21:42:19 | 000,080,412 | ---- | C] () -- C:\WINDOWS\grep.exe
[2010/10/13 21:42:19 | 000,077,312 | ---- | C] () -- C:\WINDOWS\MBR.exe
[2010/10/13 21:42:19 | 000,068,096 | ---- | C] () -- C:\WINDOWS\zip.exe
[2010/10/13 21:19:24 | 000,000,512 | ---- | C] () -- C:\dump.dat
[2010/10/13 21:03:35 | 003,878,092 | R--- | C] () -- C:\Documents and Settings\John\Desktop\ComboFix.exe
[2010/10/09 20:10:05 | 000,132,597 | ---- | C] () -- C:\Documents and Settings\John\Desktop\Flash_Disinfector.exe
[2010/10/06 19:38:53 | 017,070,421 | ---- | C] () -- C:\Documents and Settings\John\Desktop\Miles Fisher - This Must Be The Place (Cover).mp4
[2010/10/06 19:34:16 | 011,406,376 | ---- | C] () -- C:\Documents and Settings\John\Desktop\Dubstep Snowman.mp4
[2010/10/05 17:07:53 | 000,080,384 | ---- | C] () -- C:\Documents and Settings\John\Desktop\MBRCheck.exe
[2010/10/05 17:04:09 | 000,133,632 | ---- | C] () -- C:\Documents and Settings\John\Desktop\RKUnhookerLE.EXE
[2010/10/02 01:30:45 | 000,525,824 | ---- | C] () -- C:\Documents and Settings\John\Desktop\dds.scr
[2010/10/01 01:27:13 | 000,000,000 | ---- | C] () -- C:\Documents and Settings\John\Local Settings\Application Data\prvlcl.dat
[2010/09/26 22:18:42 | 000,293,376 | ---- | C] () -- C:\Documents and Settings\John\Desktop\gmer.exe
[2010/09/26 22:17:50 | 000,284,915 | ---- | C] () -- C:\Documents and Settings\John\Desktop\gmer.zip
[2010/09/26 22:06:26 | 000,000,000 | ---- | C] () -- C:\Documents and Settings\John\defogger_reenable
[2010/09/26 22:05:49 | 000,050,477 | ---- | C] () -- C:\Documents and Settings\John\Desktop\Defogger.exe
[2010/09/22 00:15:40 | 000,811,190 | ---- | C] () -- C:\Documents and Settings\John\My Documents\sarahs theology collage.docx
[2010/09/19 12:26:14 | 000,004,212 | -H-- | C] () -- C:\WINDOWS\System32\zllictbl.dat
[2010/09/19 12:26:12 | 000,000,733 | ---- | C] () -- C:\Documents and Settings\John\Desktop\ZoneAlarm Security.lnk
[2010/09/19 12:25:44 | 000,420,800 | ---- | C] () -- C:\WINDOWS\System32\vsconfig.xml
[2010/09/19 10:35:37 | 000,000,000 | -H-- | C] () -- C:\WINDOWS\System32\drivers\Msft_Kernel_NuidFltr_01005.Wdf
[2010/09/19 10:35:33 | 000,000,000 | -H-- | C] () -- C:\WINDOWS\System32\drivers\MsftWdf_Kernel_01005_Coinstaller_Critical.Wdf
[2010/09/15 22:42:01 | 3487,006,720 | -HS- | C] () -- C:\hiberfil.sys
[2010/09/14 16:00:24 | 000,000,732 | ---- | C] () -- C:\WINDOWS\System32\.crusader
[2010/09/14 15:44:35 | 000,000,002 | RHS- | C] () -- C:\WINDOWS\winstart.bat
[2010/09/14 15:44:00 | 000,000,632 | ---- | C] () -- C:\Documents and Settings\John\Desktop\UnHackMe.lnk
[2010/09/14 15:40:33 | 000,016,968 | ---- | C] () -- C:\WINDOWS\System32\drivers\hitmanpro35.sys
[2010/09/14 15:31:35 | 000,001,810 | ---- | C] () -- C:\Documents and Settings\All Users\Start Menu\Programs\Startup\HP Digital Imaging Monitor.lnk
[2010/09/14 00:54:17 | 000,000,330 | -H-- | C] () -- C:\WINDOWS\tasks\MP Scheduled Scan.job
[2010/09/14 00:12:29 | 000,000,112 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\ndeOJDg.dat
[2010/09/03 00:17:02 | 000,192,512 | ---- | C] () -- C:\WINDOWS\System32\VisionManaged.dll
[2010/09/03 00:17:00 | 000,139,264 | ---- | C] () -- C:\WINDOWS\System32\VBaseUI80.dll
[2010/09/03 00:17:00 | 000,131,072 | ---- | C] () -- C:\WINDOWS\System32\VBaseUI71.dll
[2010/09/03 00:16:56 | 002,768,896 | ---- | C] () -- C:\WINDOWS\System32\PhysXCore.dll
[2010/09/03 00:16:56 | 000,386,600 | ---- | C] () -- C:\WINDOWS\System32\PhysXCooking.dll
[2010/09/03 00:16:56 | 000,086,016 | ---- | C] () -- C:\WINDOWS\System32\NxExtensions.dll
[2010/09/03 00:16:55 | 000,356,352 | ---- | C] () -- C:\WINDOWS\System32\NxCooking.dll
[2010/09/03 00:16:55 | 000,126,976 | ---- | C] () -- C:\WINDOWS\System32\NxCharacter.dll
[2010/09/03 00:16:50 | 000,325,120 | ---- | C] () -- C:\WINDOWS\System32\libsndfile-1.dll
[2010/09/02 14:35:10 | 000,043,520 | ---- | C] () -- C:\WINDOWS\System32\CmdLineExt03.dll
[2010/08/15 14:15:12 | 000,000,000 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\PKP_DLbx.DAT
[2010/08/15 14:12:41 | 000,000,268 | RH-- | C] () -- C:\Documents and Settings\All Users\Application Data\Contextual Menu Items
[2010/08/15 14:12:41 | 000,000,268 | RH-- | C] () -- C:\Documents and Settings\John\Application Data\Conditionals
[2010/08/15 14:12:41 | 000,000,020 | -H-- | C] () -- C:\Documents and Settings\All Users\Application Data\PKP_DLdw.DAT
[2010/08/15 14:11:23 | 000,000,268 | RH-- | C] () -- C:\Documents and Settings\All Users\Application Data\Console
[2010/08/15 14:11:23 | 000,000,268 | RH-- | C] () -- C:\Documents and Settings\John\Application Data\Components
[2010/08/15 14:11:23 | 000,000,020 | -H-- | C] () -- C:\Documents and Settings\All Users\Application Data\PKP_DLdu.DAT
[2010/07/10 17:31:30 | 000,000,091 | ---- | C] () -- C:\WINDOWS\AD_PREFS.INI
[2010/06/05 16:43:41 | 000,000,189 | ---- | C] () -- C:\WINDOWS\SIERRA.INI
[2010/04/11 17:11:38 | 000,001,598 | ---- | C] () -- C:\WINDOWS\Sandboxie.ini
[2009/09/03 00:24:51 | 000,022,328 | ---- | C] () -- C:\Documents and Settings\John\Application Data\PnkBstrK.sys
[2009/08/24 17:12:41 | 000,000,953 | ---- | C] () -- C:\WINDOWS\disney.ini
[2009/08/24 17:12:35 | 000,000,174 | ---- | C] () -- C:\WINDOWS\disneysy.ini
[2009/08/22 02:28:43 | 000,000,028 | ---- | C] () -- C:\WINDOWS\Robota.INI
[2009/08/22 02:27:08 | 000,053,248 | ---- | C] () -- C:\WINDOWS\System32\mgxasio2.dll
[2009/08/22 02:26:02 | 000,120,200 | ---- | C] () -- C:\WINDOWS\System32\DLLDEV32i.dll
[2009/08/22 02:25:27 | 000,006,211 | ---- | C] () -- C:\WINDOWS\mgxoschk.ini
[2009/08/21 02:56:00 | 000,010,651 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\hpzinstall.log
[2009/08/07 00:58:58 | 000,058,163 | ---- | C] () -- C:\WINDOWS\System32\lvcoinst.ini
[2009/08/03 16:07:42 | 000,403,816 | ---- | C] () -- C:\WINDOWS\System32\OGACheckControl.dll
[2009/06/09 00:39:34 | 000,000,754 | ---- | C] () -- C:\WINDOWS\WORDPAD.INI
[2009/05/27 00:36:51 | 000,000,187 | ---- | C] () -- C:\WINDOWS\wininit.ini
[2009/01/23 19:51:16 | 000,000,067 | ---- | C] () -- C:\WINDOWS\101_ASB.INI
[2008/11/17 00:22:13 | 000,012,288 | ---- | C] () -- C:\WINDOWS\impborl.dll
[2008/10/07 09:13:30 | 000,197,912 | ---- | C] () -- C:\WINDOWS\System32\physxcudart_20.dll
[2008/10/07 09:13:22 | 000,058,648 | ---- | C] () -- C:\WINDOWS\System32\AgCPanelTraditionalChinese.dll
[2008/10/07 09:13:20 | 000,058,648 | ---- | C] () -- C:\WINDOWS\System32\AgCPanelSwedish.dll
[2008/10/07 09:13:20 | 000,058,648 | ---- | C] () -- C:\WINDOWS\System32\AgCPanelSpanish.dll
[2008/10/07 09:13:20 | 000,058,648 | ---- | C] () -- C:\WINDOWS\System32\AgCPanelSimplifiedChinese.dll
[2008/10/07 09:13:20 | 000,058,648 | ---- | C] () -- C:\WINDOWS\System32\AgCPanelPortugese.dll
[2008/10/07 09:13:20 | 000,058,648 | ---- | C] () -- C:\WINDOWS\System32\AgCPanelKorean.dll
[2008/10/07 09:13:20 | 000,058,648 | ---- | C] () -- C:\WINDOWS\System32\AgCPanelJapanese.dll
[2008/10/07 09:13:20 | 000,058,648 | ---- | C] () -- C:\WINDOWS\System32\AgCPanelGerman.dll
[2008/10/07 09:13:20 | 000,058,648 | ---- | C] () -- C:\WINDOWS\System32\AgCPanelFrench.dll
[2008/10/01 16:45:31 | 000,000,040 | ---- | C] () -- C:\WINDOWS\System32\2Wire.ini
[2008/10/01 16:45:22 | 000,000,020 | ---- | C] () -- C:\WINDOWS\System32\NB-WGASW.ini
[2008/09/24 22:26:05 | 000,000,021 | ---- | C] () -- C:\WINDOWS\atid.ini
[2008/09/21 02:37:09 | 000,028,672 | ---- | C] () -- C:\WINDOWS\kmouse32.dll
[2008/09/08 18:43:51 | 000,001,154 | ---- | C] () -- C:\WINDOWS\System32\OEMINFO.INI
[2008/09/08 16:11:38 | 000,000,061 | ---- | C] () -- C:\WINDOWS\smscfg.ini
[2008/04/25 17:26:32 | 000,001,793 | ---- | C] () -- C:\WINDOWS\System32\fxsperf.ini
[2008/04/14 01:42:04 | 000,363,520 | ---- | C] () -- C:\WINDOWS\System32\psisdecd.dll
[2007/02/06 17:45:04 | 000,025,632 | ---- | C] () -- C:\WINDOWS\System32\drivers\LVPr2Mon.sys
[2007/02/06 17:42:40 | 001,691,808 | ---- | C] () -- C:\WINDOWS\System32\drivers\Lvckap.sys

========== Files - Unicode (All) ==========
[2008/09/21 22:39:45 | 004,923,965 | ---- | M] ()(C:\Documents and Settings\John\My Documents\05 - ??.ogg) -- C:\Documents and Settings\John\My Documents\05 - 葉月.ogg
[2008/09/21 22:39:29 | 004,923,965 | ---- | C] ()(C:\Documents and Settings\John\My Documents\05 - ??.ogg) -- C:\Documents and Settings\John\My Documents\05 - 葉月.ogg
< End of report >

#14 Shannon2012

Shannon2012

  • Security Colleague
  • 3,657 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:North Carolina, USA
  • Local time:11:41 PM

Posted 15 October 2010 - 07:08 PM

Hi-

Thank you for the logs. The "weird-looking .txt file in my WINDOWS folder" is a Windows update log and nothing to worry about. The "Protecting connection to Teredo Tunneling Pseudo-Interface" should be alright, but I would need more information on "Unauthorized Access Logged" notices.

Sorry you couldn't upload the dump.dat file. I noticed that you have WinRAR installed. We will use that to make a RAR archive.
  • Right click on the dump.dat file
  • Choose "Add to Archive"
  • In "Archive Format" choose "Zip"
Attach the zipped file to your reply.

Now, we need to run ComboFix again to correct some problems-

1. Close any open browsers.

2. Open notepad and copy/paste the text in the code box below into it:

CODE
RenV::
c:\program files\Dell Support Center\bin\sprtcmd .exe
c:\program files\iTunes\iTunesHelper .exe
Registry::
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"dellsupportcenter"=-
[-HKLM\~\startupfolder\C:^Documents and Settings^John^Start Menu^Programs^Startup^syscron.exe]
File::
c:\windows\pss\syscron.exeStartup
c:\documents and settings\John\Start Menu\Programs\Startup\syscron.exe
DDS::
uInternet Connection Wizard,ShellNext = iexplore
Driver::
S0 cerc6;cerc6; [x]
S0 phqva;phqva; [x]


Save this as CFScript.txt, in the same location as ComboFix.exe



Refering to the picture above, drag CFScript into ComboFix.exe

When finished, it will produce a log for you at "C:\ComboFix.txt"

Note:
Do not mouseclick combofix's window whilst it's running. That may cause it to stall


Next, please run Malwarebytes' Anti-Malware (MBAM)
  • Click on the Update tab and click the Check for Updates button.
  • When the update is finished, click on the Scanner tab.
  • Select "Perform Full Scan", then click Scan.
  • The scan may take some time to finish,so please be patient.
  • When the scan is complete, click OK, then Show Results to view the results.
  • Make sure that everything is checked, and click Remove Selected.
  • When disinfection is completed, a log will open in Notepad and you may be prompted to Restart.
  • The log is automatically saved by MBAM and can be viewed by clicking the Logs tab in MBAM.
  • Copy & Paste the entire report in your next reply.

Then, I'd like for you to scan your machine with ESET OnlineScan
  • Hold down Control key and click on the following link to open ESET OnlineScan in a new window.
  • ESET OnlineScan
  • Click the button.
  • For alternate browsers only: (Microsoft Internet Explorer users can skip the next two steps)
  • Click on to download the ESET Smart Installer. Save it to your desktop.
  • Double click on the icon on your desktop.
  • Check
  • Click the button.
  • Accept any security warnings from your browser.
  • Check
  • Push the Start button.
  • ESET will then download updates for itself, install itself, and begin scanning your computer. Please be patient as this can take some time.
  • When the scan completes, push
  • Push , and save the file to your desktop using a unique name, such as ESETScan. Include the contents of this report in your next reply.
  • Push the button.
  • Push
Because of the malware infection, your Dell Support Center software might not function correctly. If that is the case, you can download a fresh copy of the Dell Support Center software from here. You want the 32bit version.

In your reply, copy in the ComboFix log, the MBAM report, and the ESET Online report(if you get one). Attach the zipped file for the dump.dat file. Finally, tell me how your machine is running.


Shannon

#15 LilJohnAY

LilJohnAY
  • Topic Starter

  • Members
  • 19 posts
  • OFFLINE
  •  
  • Local time:11:41 PM

Posted 20 October 2010 - 10:16 PM

Okay, I will try to find out more information about the "Unauthorized Access Logged" notifications.

I have attached the dump.zip file with no problems.

When I save the code as CFScript and try to drag it into Combofix, once I start the program it says something like "This program cannot execute this file." or something. And then when I try to continue the program, where it makes a new System Restore point and all, the program just stops. :/

I will run the MBAM scan and ESET Online Scan if you like, but I figured we needed Combofix first. :P

Attached Files

  • Attached File  dump.zip   581bytes   1 downloads





0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users