Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Google searches being redirected, need help.


  • This topic is locked This topic is locked
15 replies to this topic

#1 CSMartin85

CSMartin85

  • Members
  • 8 posts
  • OFFLINE
  •  
  • Local time:07:08 PM

Posted 02 October 2010 - 02:58 PM

So I made a poor choice and left my laptop with my 11 year old sister for the weekend. Now that I have it back, all of my Google searches are being redirected to random sites. I can still view the site I want by clicking the cache version of the site, but I'd rather just get rid of whatever virus I have.


DDS (Ver_10-03-17.01) - NTFSx86
Run by Christian at 15:30:58.15 on Sat 10/02/2010
Internet Explorer: 8.0.7600.16385 BrowserJavaVersion: 1.6.0_21
Microsoft® Windows 7 Eternity™ 2009 6.1.7600.0.1252.1.1033.18.3032.1711 [GMT -4:00]


============== Running Processes ===============

C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\svchost.exe -k RPCSS
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\svchost.exe -k NetworkService
C:\Program Files\Alwil Software\Avast5\AvastSvc.exe
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Windows\system32\svchost.exe -k imgsvc
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\Windows\system32\WUDFHost.exe
C:\Windows\system32\taskhost.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Program Files\Alwil Software\Avast5\AvastUI.exe
C:\Windows\System32\igfxpers.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\DivX\DivX Update\DivXUpdate.exe
C:\Program Files\Common Files\Java\Java Update\jusched.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Program Files\RocketDock\RocketDock.exe
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Program Files\iPod\bin\iPodService.exe
C:\Windows\system32\SearchIndexer.exe
C:\Windows\system32\taskhost.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Windows\system32\SearchProtocolHost.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Users\Christian\Desktop\dds.scr
C:\Windows\system32\conhost.exe
C:\Program Files\Skype\Toolbars\Shared\SkypeNames2.exe
C:\Windows\system32\wbem\wmiprvse.exe

============== Pseudo HJT Report ===============

uStart Page = hxxp://www.facebook.com/
uInternet Settings,ProxyOverride = *.local
BHO: Skype add-on for Internet Explorer: {ae805869-2e5c-4ed4-8f7b-f1f7851a4497} - c:\program files\skype\toolbars\internet explorer\skypeieplugin.dll
BHO: Java™ Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
uRun: [AppVodBurner]
mRun: [avast5] "c:\program files\alwil software\avast5\avastUI.exe" /nogui
mRun: [IgfxTray] c:\windows\system32\igfxtray.exe
mRun: [HotKeysCmds] c:\windows\system32\hkcmd.exe
mRun: [Persistence] c:\windows\system32\igfxpers.exe
mRun: [iTunesHelper] "c:\program files\itunes\iTunesHelper.exe"
mRun: [SunJavaUpdateSched] "c:\program files\common files\java\java update\jusched.exe"
dRun: [Welcome Center] c:\windows\system32\rundll32.exe c:\windows\system32\OobeFldr.dll,ShowWelcomeCenter LaunchedBy_StartMenuShortcut
dRun: [Sidebar] c:\program files\windows sidebar\sidebar.exe /autoRun
StartupFolder: c:\users\christ~1\appdata\roaming\micros~1\windows\startm~1\programs\startup\limewi~1.lnk - c:\program files\limewire\LimeWire.exe
StartupFolder: c:\progra~2\micros~1\windows\startm~1\programs\startup\rocket~1.lnk - c:\program files\rocketdock\RocketDock.exe
mPolicies-system: ConsentPromptBehaviorAdmin = 0 (0x0)
mPolicies-system: ConsentPromptBehaviorUser = 0 (0x0)
mPolicies-system: EnableLUA = 0 (0x0)
mPolicies-system: EnableUIADesktopToggle = 0 (0x0)
dPolicies-explorer: NoResolveTrack = 1 (0x1)
dPolicies-explorer: NoSMBalloonTip = 1 (0x1)
IE: {FA9B9510-9FCB-4ca0-818C-5D0987B47C4D} - c:\program files\pokerstars.net\PokerStarsUpdate.exe
IE: {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - c:\program files\skype\toolbars\internet explorer\skypeieplugin.dll
DPF: {166B1BCA-3F9C-11CF-8075-444553540000} - hxxp://download.macromedia.com/pub/shockwave/cabs/director/sw.cab
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_21-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_21-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_21-windows-i586.cab
DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - c:\program files\skype\toolbars\internet explorer\skypeieplugin.dll
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - c:\progra~1\common~1\skype\SKYPE4~1.DLL
Notify: igfxcui - igfxdev.dll

================= FIREFOX ===================

FF - ProfilePath - c:\users\christ~1\appdata\roaming\mozilla\firefox\profiles\fiquc365.default\
FF - plugin: c:\program files\divx\divx plus web player\npdivx32.dll
FF - plugin: c:\program files\java\jre6\bin\new_plugin\npdeployJava1.dll
FF - HiddenExtension: Java Console: No Registry Reference - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}
FF - HiddenExtension: Java Console: No Registry Reference - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}

---- FIREFOX POLICIES ----
c:\program files\mozilla firefox\greprefs\all.js - pref("ui.use_native_colors", true);
c:\program files\mozilla firefox\greprefs\all.js - pref("ui.use_native_popup_windows", false);
c:\program files\mozilla firefox\greprefs\all.js - pref("browser.enable_click_image_resizing", true);
c:\program files\mozilla firefox\greprefs\all.js - pref("accessibility.browsewithcaret_shortcut.enabled", true);
c:\program files\mozilla firefox\greprefs\all.js - pref("javascript.options.mem.high_water_mark", 32);
c:\program files\mozilla firefox\greprefs\all.js - pref("javascript.options.mem.gc_frequency", 1600);
c:\program files\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.lu", true);
c:\program files\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.nu", true);
c:\program files\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.nz", true);
c:\program files\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgbaam7a8h", true);
c:\program files\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgberp4a5d4ar", true);
c:\program files\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--p1ai", true);
c:\program files\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgbayh7gpa", true);
c:\program files\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.tel", true);
c:\program files\mozilla firefox\greprefs\all.js - pref("network.auth.force-generic-ntlm", false);
c:\program files\mozilla firefox\greprefs\all.js - pref("network.proxy.type", 5);
c:\program files\mozilla firefox\greprefs\all.js - pref("network.buffer.cache.count", 24);
c:\program files\mozilla firefox\greprefs\all.js - pref("network.buffer.cache.size", 4096);
c:\program files\mozilla firefox\greprefs\all.js - pref("dom.ipc.plugins.timeoutSecs", 45);
c:\program files\mozilla firefox\greprefs\all.js - pref("svg.smil.enabled", false);
c:\program files\mozilla firefox\greprefs\all.js - pref("ui.trackpoint_hack.enabled", -1);
c:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.debug", false);
c:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.agedWeight", 2);
c:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.bucketSize", 1);
c:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.maxTimeGroupings", 25);
c:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.timeGroupingSize", 604800);
c:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.boundaryWeight", 25);
c:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.prefixWeight", 5);
c:\program files\mozilla firefox\greprefs\all.js - pref("accelerometer.enabled", true);
c:\program files\mozilla firefox\greprefs\security-prefs.js - pref("security.ssl.allow_unrestricted_renego_everywhere__temporarily_available_pref", true);
c:\program files\mozilla firefox\greprefs\security-prefs.js - pref("security.ssl.renego_unrestricted_hosts", "");
c:\program files\mozilla firefox\greprefs\security-prefs.js - pref("security.ssl.treat_unsafe_negotiation_as_broken", false);
c:\program files\mozilla firefox\greprefs\security-prefs.js - pref("security.ssl.require_safe_negotiation", false);
c:\program files\mozilla firefox\greprefs\security-prefs.js - pref("security.ssl3.rsa_seed_sha", true);
c:\program files\mozilla firefox\defaults\pref\firefox-branding.js - pref("app.update.download.backgroundInterval", 600);
c:\program files\mozilla firefox\defaults\pref\firefox-branding.js - pref("app.update.url.manual", "http://www.firefox.com");
c:\program files\mozilla firefox\defaults\pref\firefox-branding.js - pref("browser.search.param.yahoo-fr-ja", "mozff");
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.name", "chrome://browser/locale/browser.properties");
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.description", "chrome://browser/locale/browser.properties");
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("xpinstall.whitelist.add", "addons.mozilla.org");
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("xpinstall.whitelist.add.36", "getpersonas.com");
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("lightweightThemes.update.enabled", true);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("browser.allTabs.previews", false);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("plugins.hide_infobar_for_outdated_plugin", false);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("plugins.update.notifyUser", false);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("toolbar.customization.usesheet", false);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled.nptest.dll", true);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled.npswf32.dll", true);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled.npctrl.dll", true);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled.npqtplugin.dll", true);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled", false);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("browser.taskbar.previews.enable", false);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("browser.taskbar.previews.max", 20);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("browser.taskbar.previews.cachetime", 20);

============= SERVICES / DRIVERS ===============

R1 aswSP;aswSP;c:\windows\system32\drivers\aswSP.sys [2010-9-2 165584]
R1 vwififlt;Virtual WiFi Filter Driver;c:\windows\system32\drivers\vwififlt.sys [2009-7-13 48128]
R2 aswFsBlk;aswFsBlk;c:\windows\system32\drivers\aswFsBlk.sys [2010-9-2 17744]
R2 aswMonFlt;aswMonFlt;c:\windows\system32\drivers\aswMonFlt.sys [2010-9-2 50768]
R2 avast! Antivirus;avast! Antivirus;c:\program files\alwil software\avast5\AvastSvc.exe [2010-9-10 40384]
R3 avast! Mail Scanner;avast! Mail Scanner;c:\program files\alwil software\avast5\AvastSvc.exe [2010-9-10 40384]
R3 avast! Web Scanner;avast! Web Scanner;c:\program files\alwil software\avast5\AvastSvc.exe [2010-9-10 40384]
R3 yukonw7;NDIS6.2 Miniport Driver for Marvell Yukon Ethernet Controller;c:\windows\system32\drivers\yk62x86.sys [2009-9-28 315392]
RUnknown szkg5;szkg5; [x]
RUnknown szkgfs;szkgfs; [x]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\microsoft.net\framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
S3 b57nd60x;Broadcom NetXtreme Gigabit Ethernet - NDIS 6.0;c:\windows\system32\drivers\b57nd60x.sys [2009-7-13 229888]
SUnknown is3srv;is3srv; [x]

=============== Created Last 30 ================

2010-10-01 19:08:00 6920 ----a-w- c:\windows\system32\drivers\kgpcpy.cfg
2010-10-01 19:03:13 0 d-----w- c:\programdata\STOPzilla!
2010-10-01 02:46:22 0 d-----w- c:\users\christ~1\appdata\roaming\Malwarebytes
2010-10-01 02:45:39 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2010-10-01 02:45:38 0 d-----w- c:\programdata\Malwarebytes
2010-10-01 02:45:37 20952 ----a-w- c:\windows\system32\drivers\mbam.sys
2010-10-01 02:45:37 0 d-----w- c:\program files\Malwarebytes' Anti-Malware
2010-10-01 00:02:28 423656 ----a-w- c:\windows\system32\deployJava1.dll
2010-09-30 23:51:45 190976 ----a-w- c:\windows\system32\drivers\ks.sys
2010-09-30 23:51:16 2048 ----a-w- c:\windows\system32\tzres.dll
2010-09-30 23:46:49 65536 --sha-w- c:\users\christian\ntuser.dat{eff98ec1-cce9-11df-9b06-0025646c62ba}.TM.blf
2010-09-30 23:46:49 524288 --sha-w- c:\users\christian\ntuser.dat{eff98ec1-cce9-11df-9b06-0025646c62ba}.TMContainer00000000000000000002.regtrans-ms
2010-09-30 23:46:49 524288 --sha-w- c:\users\christian\ntuser.dat{eff98ec1-cce9-11df-9b06-0025646c62ba}.TMContainer00000000000000000001.regtrans-ms
2010-09-30 23:30:47 0 d-----w- c:\windows\system32\appmgmt
2010-09-30 16:34:49 0 d-----w- c:\program files\FBLayouts
2010-09-16 01:38:48 0 d-----w- c:\programdata\Blizzard Entertainment
2010-09-16 00:27:05 0 d-----w- c:\programdata\Blizzard
2010-09-15 22:14:28 0 d-----w- c:\program files\common files\Blizzard Entertainment
2010-09-15 21:19:45 316928 ----a-w- c:\windows\system32\spoolsv.exe
2010-09-11 09:48:38 0 d-----w- c:\program files\common files\PX Storage Engine
2010-09-11 09:48:19 0 d-----w- c:\program files\common files\DivX Shared
2010-09-10 07:46:30 0 d-----w- c:\program files\VodBurner
2010-09-09 22:51:02 56 ---ha-w- c:\windows\system32\ezsidmv.dat
2010-09-09 15:54:59 65536 --sha-w- c:\users\christian\ntuser.dat{862a1f86-bc2a-11df-9b62-0025646c62ba}.TM.blf
2010-09-09 15:54:59 524288 --sha-w- c:\users\christian\ntuser.dat{862a1f86-bc2a-11df-9b62-0025646c62ba}.TMContainer00000000000000000002.regtrans-ms
2010-09-09 15:54:59 524288 --sha-w- c:\users\christian\ntuser.dat{862a1f86-bc2a-11df-9b62-0025646c62ba}.TMContainer00000000000000000001.regtrans-ms
2010-09-06 06:50:45 0 d-----w- c:\programdata\LogiShrd
2010-09-06 06:45:24 0 d-----w- c:\programdata\Logitech
2010-09-06 06:45:21 0 d-----w- c:\program files\common files\LWS
2010-09-03 02:10:08 0 d-----w- c:\users\christ~1\appdata\roaming\LimeWire
2010-09-02 22:29:37 0 d-----w- c:\program files\LimeWire
2010-09-02 22:15:55 0 d-----w- c:\program files\DivX
2010-09-02 22:15:15 0 d-----w- c:\programdata\DivX
2010-09-02 21:38:45 0 d-----r- c:\program files\Skype
2010-09-02 21:38:43 0 d-----w- c:\programdata\Skype
2010-09-02 21:12:01 0 d-----w- c:\programdata\Sun
2010-09-02 20:52:30 0 d-----w- c:\windows\system32\Adobe
2010-09-02 20:11:12 0 d-----w- c:\programdata\Sony
2010-09-02 20:11:00 0 d-----w- c:\program files\Sony

==================== Find3M ====================

2010-09-07 15:12:17 38848 ----a-w- c:\windows\avastSS.scr
2010-09-07 14:47:30 50768 ----a-w- c:\windows\system32\drivers\aswMonFlt.sys
2010-09-02 12:03:32 0 ---ha-w- c:\windows\system32\drivers\Msft_User_WpdFs_01_09_00.Wdf
2010-09-02 09:59:20 0 ---ha-w- c:\windows\system32\drivers\Msft_User_WpdMtpDr_01_09_00.Wdf
2010-07-29 06:30:49 197632 ----a-w- c:\windows\system32\ir32_32.dll
2010-07-29 06:30:34 82944 ----a-w- c:\windows\system32\iccvid.dll
2010-07-27 22:44:10 91424 ----a-w- c:\windows\system32\dnssd.dll
2010-07-27 22:44:10 75040 ----a-w- c:\windows\system32\jdns_sd.dll
2010-07-27 22:44:10 197920 ----a-w- c:\windows\system32\dnssdX.dll
2010-07-27 22:44:10 107808 ----a-w- c:\windows\system32\dns-sd.exe
2010-07-27 12:14:12 539232 ----a-w- c:\windows\system32\LVUI2RC.dll
2010-07-27 12:14:00 543328 ----a-w- c:\windows\system32\LVUI2.dll
2010-07-27 12:08:34 203360 ----a-w- c:\windows\system32\lvci1311021.dll
2010-07-27 12:07:56 416352 ----a-w- c:\windows\system32\lvcodec2.dll
2010-07-27 12:03:20 10829656 ----a-w- c:\windows\system32\LogiDPP.dll
2010-07-27 12:03:20 102744 ----a-w- c:\windows\system32\LogiDPPApp.exe
2010-07-27 12:03:18 290648 ----a-w- c:\windows\system32\DevManagerCore.dll
2010-07-27 11:55:50 37518 ----a-w- c:\windows\system32\Repository.reg
2009-07-14 04:56:42 31548 ----a-w- c:\windows\inf\perflib\0409\perfd.dat
2009-07-14 04:56:42 31548 ----a-w- c:\windows\inf\perflib\0409\perfc.dat
2009-07-14 04:56:42 291294 ----a-w- c:\windows\inf\perflib\0409\perfi.dat
2009-07-14 04:56:42 291294 ----a-w- c:\windows\inf\perflib\0409\perfh.dat
2009-07-14 04:41:57 174 --sha-w- c:\program files\desktop.ini
2009-07-14 00:34:40 291294 ----a-w- c:\windows\inf\perflib\0000\perfi.dat
2009-07-14 00:34:40 291294 ----a-w- c:\windows\inf\perflib\0000\perfh.dat
2009-07-14 00:34:38 31548 ----a-w- c:\windows\inf\perflib\0000\perfd.dat
2009-07-14 00:34:38 31548 ----a-w- c:\windows\inf\perflib\0000\perfc.dat
2009-06-10 21:26:35 9633792 --sha-r- c:\windows\fonts\StaticCache.dat
2009-07-14 01:14:45 396800 --sha-w- c:\windows\winsxs\x86_microsoft-windows-mail-app_31bf3856ad364e35_6.1.7600.16385_none_f12e83abb108c86c\WinMail.exe

============= FINISH: 15:31:35.27 ===============

Attached Files



BC AdBot (Login to Remove)

 


#2 etavares

etavares

    Bleepin' Remover


  • Malware Response Team
  • 15,514 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:07:08 PM

Posted 08 October 2010 - 05:56 PM

Hello and welcome to Bleeping Computer

We apologize for the delay in responding to your request for help. Here at Bleeping Computer we get overwhelmed at times, and we are trying our best to keep up. Please note that your topic was not intentionally overlooked. Our mission is to help everyone in need, but sometimes it takes just a little longer to get to every request for help. No one is ignored here.

If you have since resolved the original problem you were having, we would appreciate you letting us know. If not please perform the following steps below so we can have a look at the current condition of your machine.

If you have not done so, include a clear description of the problems you're having, along with any steps you may have performed so far.

Please refrain from running tools or applying updates other than those we suggest while we are cleaning up your computer. The reason for this is so we know what is going on with the machine at any time. Some programs can interfere with others and hamper the recovery process. Please also continue to work with me until I give you the all clear. Even if your computer appears to act better, you may still be infected.

Even if you have already provided information about your PC, we need a new log to see what has changed since you originally posted your problem.

Once we start working together, please reply back within 3 days or this thread may be closed so we can help others who are waiting.

We need to create an OTL report,
  • Please download OTL from this link.
  • Save it to your desktop.
  • Double click on the icon on your desktop.
  • Click the "Scan All Users" checkbox.
  • Under the Custom Scan box paste this in:

    netsvcs
    msconfig
    drivers32 /all
    %systemroot%\system32\*.dll /lockedfiles
    %systemroot%\system32\*.sys /90
    %systemroot%\Tasks\*.job /lockedfiles
    %systemroot%\System32\config\*.sav
    %SYSTEMDRIVE%\*.*
    %systemroot%\system32\Spool\prtprocs\w32x86\*.dll
    %systemroot%\*. /mp /s
    HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate\AU
    CREATERESTOREPOINT

  • Click the Quick Scan button.
  • The scan should take a few minutes.
  • Please copy and paste both logs in your reply.

We also need a new log from the GMER anti-rootkit scanner. Please first disable any CD emulation programs using the steps found in this topic:

Why we request you disable CD Emulation when receiving Malware Removal Advice

Then create another GMER log and post it as an attachment to the reply where you post your new OTL log. Instructions on how to properly create a GMER log can be found here:

How to create a GMER log


In your reply, please post both OTL logs and the GMER log.


If I don't respond within 2 days, please feel free to PM me.
Please don't ask for help via PM. The forums are there for a reason. Please post in the forums so others may benefit as well.

Posted Image
Unified Network of Instructors and Trusted Eliminators
 


#3 CSMartin85

CSMartin85
  • Topic Starter

  • Members
  • 8 posts
  • OFFLINE
  •  
  • Local time:07:08 PM

Posted 08 October 2010 - 08:34 PM

OTL logfile created on: 10/8/2010 9:16:16 PM - Run 1
OTL by OldTimer - Version 3.2.14.1 Folder = C:\Users\Christian\Desktop
Ultimate Edition (Version = 6.1.7600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.7600.16385)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

3.00 Gb Total Physical Memory | 2.00 Gb Available Physical Memory | 70.00% Memory free
6.00 Gb Paging File | 5.00 Gb Available in Paging File | 85.00% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 232.79 Gb Total Space | 132.13 Gb Free Space | 56.76% Space Free | Partition Type: NTFS
D: Drive not present or media not loaded
E: Drive not present or media not loaded
Drive F: | 7.45 Gb Total Space | 2.07 Gb Free Space | 27.83% Space Free | Partition Type: FAT32
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded

Computer Name: CM-LAPTOP
Current User Name: Christian
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: All users
Company Name Whitelist: On
Skip Microsoft Files: On
File Age = 90 Days
Output = Standard
Quick Scan

========== Processes (SafeList) ==========

PRC - File not found -- C:\Program Files\STOPzilla!\STOPzilla.exe
PRC - [2010/10/08 21:14:47 | 000,576,512 | ---- | M] (OldTimer Tools) -- C:\Users\Christian\Desktop\OTL.exe
PRC - [2010/09/07 11:12:02 | 002,838,912 | ---- | M] (AVAST Software) -- C:\Program Files\Alwil Software\Avast5\AvastUI.exe
PRC - [2010/09/07 11:11:59 | 000,040,384 | ---- | M] (AVAST Software) -- C:\Program Files\Alwil Software\Avast5\AvastSvc.exe
PRC - [2010/08/13 12:58:56 | 000,144,672 | ---- | M] (Apple Inc.) -- C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
PRC - [2009/10/31 01:45:39 | 002,614,272 | ---- | M] (Microsoft Corporation) -- C:\Windows\explorer.exe
PRC - [2009/07/13 21:14:42 | 000,049,152 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\taskhost.exe
PRC - [2007/09/02 04:28:52 | 000,495,616 | ---- | M] () -- C:\Program Files\RocketDock\RocketDock.exe


========== Modules (SafeList) ==========

MOD - [2010/10/08 21:14:47 | 000,576,512 | ---- | M] (OldTimer Tools) -- C:\Users\Christian\Desktop\OTL.exe
MOD - [2009/07/13 21:16:15 | 000,099,840 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\sspicli.dll
MOD - [2009/07/13 21:16:13 | 000,092,160 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\sechost.dll
MOD - [2009/07/13 21:16:13 | 000,050,688 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\samcli.dll
MOD - [2009/07/13 21:16:12 | 000,031,744 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\profapi.dll
MOD - [2009/07/13 21:16:03 | 000,022,016 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\netutils.dll
MOD - [2009/07/13 21:15:35 | 000,288,256 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\KernelBase.dll
MOD - [2009/07/13 21:15:13 | 000,067,072 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\dwmapi.dll
MOD - [2009/07/13 21:15:11 | 000,064,512 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\devobj.dll
MOD - [2009/07/13 21:15:07 | 000,036,864 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\cryptbase.dll
MOD - [2009/07/13 21:15:02 | 000,145,920 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\cfgmgr32.dll
MOD - [2009/07/13 21:14:10 | 000,095,232 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\msscript.ocx
MOD - [2009/07/13 21:03:50 | 001,680,896 | ---- | M] (Microsoft Corporation) -- C:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7600.16385_none_421189da2b7fabfc\comctl32.dll
MOD - [2007/09/02 04:27:36 | 000,069,632 | ---- | M] () -- C:\Program Files\RocketDock\RocketDock.dll


========== Win32 Services (SafeList) ==========

SRV - [2010/09/07 11:11:59 | 000,040,384 | ---- | M] (AVAST Software) [On_Demand | Running] -- C:\Program Files\Alwil Software\Avast5\AvastSvc.exe -- (avast! Web Scanner)
SRV - [2010/09/07 11:11:59 | 000,040,384 | ---- | M] (AVAST Software) [On_Demand | Running] -- C:\Program Files\Alwil Software\Avast5\AvastSvc.exe -- (avast! Mail Scanner)
SRV - [2010/09/07 11:11:59 | 000,040,384 | ---- | M] (AVAST Software) [Auto | Running] -- C:\Program Files\Alwil Software\Avast5\AvastSvc.exe -- (avast! Antivirus)
SRV - [2010/08/13 12:58:56 | 000,144,672 | ---- | M] (Apple Inc.) [Auto | Running] -- C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe -- (Apple Mobile Device)
SRV - [2010/03/18 13:16:28 | 000,130,384 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32)
SRV - [2009/08/01 18:18:05 | 000,037,888 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\System32\themeservice.dll -- (Themes)
SRV - [2009/07/13 21:16:21 | 000,185,856 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\wwansvc.dll -- (WwanSvc)
SRV - [2009/07/13 21:16:17 | 000,151,552 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\wbiosrvc.dll -- (WbioSrvc)
SRV - [2009/07/13 21:16:17 | 000,119,808 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\System32\umpo.dll -- (Power)
SRV - [2009/07/13 21:16:15 | 000,053,760 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\sppuinotify.dll -- (sppuinotify)
SRV - [2009/07/13 21:16:13 | 000,043,520 | ---- | M] (Microsoft Corporation) [Unknown | Running] -- C:\Windows\System32\RpcEpMap.dll -- (RpcEptMapper)
SRV - [2009/07/13 21:16:13 | 000,025,088 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\sensrsvc.dll -- (SensrSvc)
SRV - [2009/07/13 21:16:12 | 001,004,544 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\PeerDistSvc.dll -- (PeerDistSvc)
SRV - [2009/07/13 21:16:12 | 000,269,824 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\pnrpsvc.dll -- (PNRPsvc)
SRV - [2009/07/13 21:16:12 | 000,269,824 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\pnrpsvc.dll -- (p2pimsvc)
SRV - [2009/07/13 21:16:12 | 000,165,376 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Windows\System32\provsvc.dll -- (HomeGroupProvider)
SRV - [2009/07/13 21:16:12 | 000,020,480 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\pnrpauto.dll -- (PNRPAutoReg)
SRV - [2009/07/13 21:15:36 | 000,194,560 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\ListSvc.dll -- (HomeGroupListener)
SRV - [2009/07/13 21:15:21 | 000,797,696 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\FntCache.dll -- (FontCache)
SRV - [2009/07/13 21:15:11 | 000,253,440 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\System32\dhcpcore.dll -- (Dhcp)
SRV - [2009/07/13 21:15:10 | 000,218,624 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\defragsvc.dll -- (defragsvc)
SRV - [2009/07/13 21:14:59 | 000,076,800 | ---- | M] (Microsoft Corporation) [Unknown | Stopped] -- C:\Windows\System32\bdesvc.dll -- (BDESVC)
SRV - [2009/07/13 21:14:58 | 000,088,064 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\AxInstSv.dll -- (AxInstSV) ActiveX Installer (AxInstSV)
SRV - [2009/07/13 21:14:53 | 000,027,648 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\appidsvc.dll -- (AppIDSvc)
SRV - [2009/07/13 21:14:29 | 003,179,520 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\System32\sppsvc.exe -- (sppsvc)


========== Driver Services (SafeList) ==========

DRV - File not found [Kernel | Unknown | Running] -- -- (szkgfs)
DRV - File not found [Kernel | Unknown | Running] -- -- (szkg5)
DRV - [2010/09/07 10:52:25 | 000,046,672 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\Windows\System32\drivers\aswTdi.sys -- (aswTdi)
DRV - [2010/09/07 10:52:03 | 000,165,584 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\Windows\System32\drivers\aswSP.sys -- (aswSP)
DRV - [2010/09/07 10:47:46 | 000,023,376 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\Windows\System32\drivers\aswRdr.sys -- (aswRdr)
DRV - [2010/09/07 10:47:30 | 000,050,768 | ---- | M] (AVAST Software) [File_System | Auto | Running] -- C:\Windows\System32\drivers\aswMonFlt.sys -- (aswMonFlt)
DRV - [2010/09/07 10:47:07 | 000,017,744 | ---- | M] (AVAST Software) [File_System | Auto | Running] -- C:\Windows\System32\drivers\aswFsBlk.sys -- (aswFsBlk)
DRV - [2010/07/27 08:14:58 | 006,842,464 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\lvuvc.sys -- (LVUVC) Logitech QuickCam Pro 9000(UVC)
DRV - [2010/07/27 08:12:50 | 000,282,336 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\lvrs.sys -- (LVRS)
DRV - [2010/04/21 18:10:04 | 008,746,496 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\igdkmd32.sys -- (igfx)
DRV - [2009/12/11 03:44:02 | 000,133,720 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\System32\Drivers\ksecpkg.sys -- (KSecPkg)
DRV - [2009/09/28 09:22:00 | 000,315,392 | ---- | M] () [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\yk62x86.sys -- (yukonw7)
DRV - [2009/07/13 21:26:21 | 000,015,952 | ---- | M] (CMD Technology, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\cmdide.sys -- (cmdide)
DRV - [2009/07/13 21:26:17 | 000,297,552 | ---- | M] (Adaptec, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\adpahci.sys -- (adpahci)
DRV - [2009/07/13 21:26:15 | 000,422,976 | ---- | M] (Adaptec, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\adp94xx.sys -- (adp94xx)
DRV - [2009/07/13 21:26:15 | 000,159,312 | ---- | M] (AMD Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\amdsbs.sys -- (amdsbs)
DRV - [2009/07/13 21:26:15 | 000,146,512 | ---- | M] (Adaptec, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\adpu320.sys -- (adpu320)
DRV - [2009/07/13 21:26:15 | 000,086,608 | ---- | M] (Adaptec, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\arcsas.sys -- (arcsas)
DRV - [2009/07/13 21:26:15 | 000,079,952 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\amdsata.sys -- (amdsata)
DRV - [2009/07/13 21:26:15 | 000,076,368 | ---- | M] (Adaptec, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\arc.sys -- (arc)
DRV - [2009/07/13 21:26:15 | 000,023,616 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\system32\DRIVERS\amdxata.sys -- (amdxata)
DRV - [2009/07/13 21:26:15 | 000,014,400 | ---- | M] (Acer Laboratories Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\aliide.sys -- (aliide)
DRV - [2009/07/13 21:20:44 | 000,142,416 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\nvstor.sys -- (nvstor)
DRV - [2009/07/13 21:20:44 | 000,117,312 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\nvraid.sys -- (nvraid)
DRV - [2009/07/13 21:20:44 | 000,044,624 | ---- | M] (IBM Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\nfrd960.sys -- (nfrd960)
DRV - [2009/07/13 21:20:37 | 000,089,168 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\lsi_sas.sys -- (LSI_SAS)
DRV - [2009/07/13 21:20:36 | 000,332,352 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\iaStorV.sys -- (iaStorV)
DRV - [2009/07/13 21:20:36 | 000,235,584 | ---- | M] (LSI Corporation, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\MegaSR.sys -- (MegaSR)
DRV - [2009/07/13 21:20:36 | 000,096,848 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\lsi_scsi.sys -- (LSI_SCSI)
DRV - [2009/07/13 21:20:36 | 000,095,824 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\lsi_fc.sys -- (LSI_FC)
DRV - [2009/07/13 21:20:36 | 000,054,864 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\lsi_sas2.sys -- (LSI_SAS2)
DRV - [2009/07/13 21:20:36 | 000,041,040 | ---- | M] (Intel Corp./ICP vortex GmbH) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\iirsp.sys -- (iirsp)
DRV - [2009/07/13 21:20:36 | 000,030,800 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\megasas.sys -- (megasas)
DRV - [2009/07/13 21:20:36 | 000,013,904 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\System32\drivers\hwpolicy.sys -- (hwpolicy)
DRV - [2009/07/13 21:20:28 | 000,453,712 | ---- | M] (Emulex) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\elxstor.sys -- (elxstor)
DRV - [2009/07/13 21:20:28 | 000,070,720 | ---- | M] (Adaptec, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\djsvs.sys -- (aic78xx)
DRV - [2009/07/13 21:20:28 | 000,067,152 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\HpSAMD.sys -- (HpSAMD)
DRV - [2009/07/13 21:20:28 | 000,046,160 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\System32\drivers\fsdepends.sys -- (FsDepends)
DRV - [2009/07/13 21:19:11 | 000,141,904 | ---- | M] (VIA Technologies Inc.,Ltd) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\vsmraid.sys -- (vsmraid)
DRV - [2009/07/13 21:19:10 | 000,175,824 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\vmbus.sys -- (vmbus)
DRV - [2009/07/13 21:19:10 | 000,159,824 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\vhdmp.sys -- (vhdmp)
DRV - [2009/07/13 21:19:10 | 000,040,896 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\system32\DRIVERS\vmstorfl.sys -- (storflt)
DRV - [2009/07/13 21:19:10 | 000,032,832 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\system32\DRIVERS\vdrvroot.sys -- (vdrvroot)
DRV - [2009/07/13 21:19:10 | 000,028,224 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\storvsc.sys -- (storvsc)
DRV - [2009/07/13 21:19:10 | 000,019,008 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\System32\drivers\wimmount.sys -- (WIMMount)
DRV - [2009/07/13 21:19:10 | 000,016,976 | ---- | M] (VIA Technologies, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\viaide.sys -- (viaide)
DRV - [2009/07/13 21:19:04 | 001,383,488 | ---- | M] (QLogic Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\ql2300.sys -- (ql2300)
DRV - [2009/07/13 21:19:04 | 000,173,648 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\System32\drivers\rdyboost.sys -- (rdyboost)
DRV - [2009/07/13 21:19:04 | 000,106,064 | ---- | M] (QLogic Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\ql40xx.sys -- (ql40xx)
DRV - [2009/07/13 21:19:04 | 000,077,888 | ---- | M] (Silicon Integrated Systems) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\sisraid4.sys -- (SiSRaid4)
DRV - [2009/07/13 21:19:04 | 000,043,088 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\System32\drivers\pcw.sys -- (pcw)
DRV - [2009/07/13 21:19:04 | 000,040,016 | ---- | M] (Silicon Integrated Systems Corp.) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\SiSRaid2.sys -- (SiSRaid2)
DRV - [2009/07/13 21:19:04 | 000,021,072 | ---- | M] (Promise Technology) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\stexstor.sys -- (stexstor)
DRV - [2009/07/13 21:17:54 | 000,369,568 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\System32\Drivers\cng.sys -- (CNG)
DRV - [2009/07/13 20:57:25 | 000,272,128 | ---- | M] (Brother Industries Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\Drivers\Brserid.sys -- (Brserid) Brother MFC Serial Port Interface Driver (WDM)
DRV - [2009/07/13 20:02:41 | 000,018,944 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\rdpbus.sys -- (rdpbus)
DRV - [2009/07/13 20:01:41 | 000,007,168 | ---- | M] (Microsoft Corporation) [Kernel | System | Running] -- C:\Windows\System32\drivers\RDPREFMP.sys -- (RDPREFMP)
DRV - [2009/07/13 19:55:00 | 000,049,152 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\agilevpn.sys -- (RasAgileVpn) WAN Miniport (IKEv2)
DRV - [2009/07/13 19:53:51 | 000,009,728 | ---- | M] (Microsoft Corporation) [Kernel | System | Running] -- C:\Windows\System32\drivers\wfplwf.sys -- (WfpLwf)
DRV - [2009/07/13 19:52:44 | 000,027,136 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\ndiscap.sys -- (NdisCap)
DRV - [2009/07/13 19:52:04 | 000,048,128 | ---- | M] (Microsoft Corporation) [Kernel | System | Running] -- C:\Windows\System32\drivers\vwififlt.sys -- (vwififlt)
DRV - [2009/07/13 19:52:02 | 000,019,968 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\vwifibus.sys -- (vwifibus)
DRV - [2009/07/13 19:52:00 | 000,163,328 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\1394ohci.sys -- (1394ohci)
DRV - [2009/07/13 19:51:35 | 000,008,192 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\umpass.sys -- (UmPass)
DRV - [2009/07/13 19:51:23 | 000,080,640 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\USBAUDIO.sys -- (usbaudio) USB Audio Driver (WDM)
DRV - [2009/07/13 19:51:11 | 000,034,944 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\winusb.sys -- (WinUsb)
DRV - [2009/07/13 19:51:08 | 000,004,096 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\mshidkmdf.sys -- (mshidkmdf)
DRV - [2009/07/13 19:46:55 | 000,012,288 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\MTConfig.sys -- (MTConfig)
DRV - [2009/07/13 19:45:26 | 000,031,232 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\CompositeBus.sys -- (CompositeBus)
DRV - [2009/07/13 19:36:52 | 000,050,176 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\drivers\appid.sys -- (AppID)
DRV - [2009/07/13 19:33:50 | 000,026,624 | ---- | M] (Microsoft Corporation) [Kernel | Unknown | Stopped] -- C:\Windows\System32\drivers\scfilter.sys -- (scfilter)
DRV - [2009/07/13 19:28:47 | 000,005,632 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\vms3cap.sys -- (s3cap)
DRV - [2009/07/13 19:28:45 | 000,017,920 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\VMBusHID.sys -- (VMBusHID)
DRV - [2009/07/13 19:24:05 | 000,032,256 | ---- | M] (Microsoft Corporation) [Kernel | System | Running] -- C:\Windows\System32\drivers\discache.sys -- (discache)
DRV - [2009/07/13 19:19:21 | 000,021,504 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\HidBatt.sys -- (HidBatt)
DRV - [2009/07/13 19:16:36 | 000,009,728 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\acpipmi.sys -- (AcpiPmi)
DRV - [2009/07/13 19:11:04 | 000,052,736 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\amdppm.sys -- (AmdPPM)
DRV - [2009/07/13 18:54:14 | 000,026,624 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\drivers\hcw85cir.sys -- (hcw85cir)
DRV - [2009/07/13 18:53:33 | 000,012,160 | ---- | M] (Brother Industries Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\Drivers\BrUsbMdm.sys -- (BrUsbMdm)
DRV - [2009/07/13 18:53:33 | 000,011,904 | ---- | M] (Brother Industries Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\Drivers\BrUsbSer.sys -- (BrUsbSer)
DRV - [2009/07/13 18:53:32 | 000,062,336 | ---- | M] (Brother Industries Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\Drivers\BrSerWdm.sys -- (BrSerWdm)
DRV - [2009/07/13 18:53:28 | 000,013,568 | ---- | M] (Brother Industries, Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\BrFiltLo.sys -- (BrFiltLo)
DRV - [2009/07/13 18:53:28 | 000,005,248 | ---- | M] (Brother Industries, Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\BrFiltUp.sys -- (BrFiltUp)
DRV - [2009/07/13 18:02:49 | 000,229,888 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\b57nd60x.sys -- (b57nd60x)
DRV - [2009/07/13 18:02:48 | 003,100,160 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\evbdx.sys -- (ebdrv)
DRV - [2009/07/13 18:02:48 | 000,430,080 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\bxvbdx.sys -- (b06bdrv)
DRV - [2009/07/08 00:45:32 | 002,506,232 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\BCMWL6.SYS -- (BCM43XX)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========



IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0



IE - HKU\S-1-5-21-503737564-3586905363-225293983-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.facebook.com/
IE - HKU\S-1-5-21-503737564-3586905363-225293983-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = http://www.msn.com/
IE - HKU\S-1-5-21-503737564-3586905363-225293983-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = en-us
IE - HKU\S-1-5-21-503737564-3586905363-225293983-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = DD BD 0A B4 81 4A CB 01 [binary data]
IE - HKU\S-1-5-21-503737564-3586905363-225293983-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-21-503737564-3586905363-225293983-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local

========== FireFox ==========

FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}:6.0.20
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}:6.0.21

FF - HKLM\software\mozilla\Mozilla Firefox 3.6.9\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2010/09/30 19:42:01 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.6.9\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2010/09/30 20:02:28 | 000,000,000 | ---D | M]

[2010/09/02 22:10:22 | 000,000,000 | ---D | M] -- C:\Users\Christian\AppData\Roaming\Mozilla\Extensions
[2010/09/02 22:10:22 | 000,000,000 | ---D | M] -- C:\Users\Christian\AppData\Roaming\Mozilla\Extensions\mozswing@mozswing.org
[2010/09/30 19:33:19 | 000,000,000 | ---D | M] -- C:\Users\Christian\AppData\Roaming\Mozilla\Firefox\Profiles\cijsm90z.default\extensions
[2010/09/30 22:25:21 | 000,000,000 | ---D | M] -- C:\Users\Christian\AppData\Roaming\Mozilla\Firefox\Profiles\fiquc365.default\extensions
[2010/09/16 00:25:02 | 000,000,919 | ---- | M] () -- C:\Users\Christian\AppData\Roaming\Mozilla\Firefox\Profiles\fiquc365.default\searchplugins\conduit.xml
[2010/09/30 20:06:55 | 000,000,000 | ---D | M] -- C:\Program Files\Mozilla Firefox\extensions
[2010/09/30 20:02:29 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}
[2010/09/30 20:06:55 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}
[2010/07/17 05:00:04 | 000,423,656 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\Mozilla Firefox\plugins\npdeployJava1.dll

O1 HOSTS File: ([2010/10/01 15:05:35 | 000,000,860 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O1 - Hosts: ::1 localhost
O2 - BHO: (Skype add-on for Internet Explorer) - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O4 - HKLM..\Run: [avast5] C:\Program Files\Alwil Software\Avast5\avastUI.exe (AVAST Software)
O4 - HKU\.DEFAULT..\Run: [Welcome Center] C:\Windows\system32\OobeFldr.DLL (Microsoft Corporation)
O4 - HKU\S-1-5-18..\Run: [Welcome Center] C:\Windows\system32\OobeFldr.DLL (Microsoft Corporation)
O4 - HKU\S-1-5-21-503737564-3586905363-225293983-1000..\Run: [AppVodBurner] File not found
O4 - HKU\S-1-5-19..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (Microsoft Corporation)
O4 - HKU\S-1-5-20..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (Microsoft Corporation)
O4 - Startup: C:\Users\Christian\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\LimeWire On Startup.lnk = C:\Program Files\LimeWire\LimeWire.exe (Lime Wire, LLC)
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\control panel present
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\restrictions present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLUA = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: VerboseStatus = 1
O7 - HKU\.DEFAULT\Software\Policies\Microsoft\Internet Explorer\control panel present
O7 - HKU\.DEFAULT\Software\Policies\Microsoft\Internet Explorer\restrictions present
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoLowDiskSpaceChecks = 1
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: LinkResolveIgnoreLinkInfo = 1
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoResolveSearch = 1
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoResolveTrack = 1
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoInternetOpenWith = 1
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoSMBalloonTip = 1
O7 - HKU\S-1-5-18\Software\Policies\Microsoft\Internet Explorer\control panel present
O7 - HKU\S-1-5-18\Software\Policies\Microsoft\Internet Explorer\restrictions present
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoLowDiskSpaceChecks = 1
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: LinkResolveIgnoreLinkInfo = 1
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoResolveSearch = 1
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoResolveTrack = 1
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoInternetOpenWith = 1
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoSMBalloonTip = 1
O7 - HKU\S-1-5-19\Software\Policies\Microsoft\Internet Explorer\control panel present
O7 - HKU\S-1-5-19\Software\Policies\Microsoft\Internet Explorer\restrictions present
O7 - HKU\S-1-5-20\Software\Policies\Microsoft\Internet Explorer\control panel present
O7 - HKU\S-1-5-20\Software\Policies\Microsoft\Internet Explorer\restrictions present
O7 - HKU\S-1-5-21-503737564-3586905363-225293983-1000\Software\Policies\Microsoft\Internet Explorer\control panel present
O7 - HKU\S-1-5-21-503737564-3586905363-225293983-1000\Software\Policies\Microsoft\Internet Explorer\restrictions present
O7 - HKU\S-1-5-21-503737564-3586905363-225293983-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O9 - Extra Button: Skype add-on for Internet Explorer - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O9 - Extra 'Tools' menuitem : Skype add-on for Internet Explorer - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O9 - Extra Button: PokerStars.net - {FA9B9510-9FCB-4ca0-818C-5D0987B47C4D} - C:\Program Files\PokerStars.NET\PokerStarsUpdate.exe (PokerStars)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000007 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O16 - DPF: {166B1BCA-3F9C-11CF-8075-444553540000} http://download.macromedia.com/pub/shockwa...director/sw.cab (Shockwave ActiveX Control)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Java Plug-in 1.6.0_21)
O16 - DPF: {CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Java Plug-in 1.6.0_21)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Java Plug-in 1.6.0_21)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://fpdownload2.macromedia.com/get/shoc...ash/swflash.cab (Shockwave Flash Object)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 10.1.10.1
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O18 - Protocol\Handler\skype-ie-addon-data {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\System32\SystemPropertiesPerformance.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (/pagefile) - File not found
O20 - Winlogon\Notify\igfxcui: DllName - igfxdev.dll - C:\Windows\System32\igfxdev.dll (Intel Corporation)
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - CLSID or File not found.
O30 - LSA: Security Packages - (pku2u) - C:\Windows\System32\pku2u.dll (Microsoft Corporation)
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2009/06/10 17:42:20 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O32 - AutoRun File - [2009/07/28 19:40:54 | 000,000,055 | ---- | M] () - F:\autorun.inf -- [ FAT32 ]
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKU\S-1-5-21-503737564-3586905363-225293983-1000\...exe [@ = exefile] -- Reg Error: Key error. File not found

NetSvcs: FastUserSwitchingCompatibility - File not found
NetSvcs: Ias - File not found
NetSvcs: Nla - File not found
NetSvcs: Ntmssvc - File not found
NetSvcs: NWCWorkstation - File not found
NetSvcs: Nwsapagent - File not found
NetSvcs: SRService - File not found
NetSvcs: Wmi - C:\Windows\System32\wmi.dll (Microsoft Corporation)
NetSvcs: WmdmPmSp - File not found
NetSvcs: LogonHours - File not found
NetSvcs: PCAudit - File not found
NetSvcs: helpsvc - File not found
NetSvcs: uploadmgr - File not found
NetSvcs: Themes - C:\Windows\System32\themeservice.dll (Microsoft Corporation)
NetSvcs: BDESVC - C:\Windows\System32\bdesvc.dll (Microsoft Corporation)


Drivers32: aux - C:\Windows\System32\wdmaud.drv (Microsoft Corporation)
Drivers32: aux1 - C:\Windows\System32\wdmaud.drv (Microsoft Corporation)
Drivers32: midi - C:\Windows\System32\wdmaud.drv (Microsoft Corporation)
Drivers32: midi1 - C:\Windows\System32\wdmaud.drv (Microsoft Corporation)
Drivers32: midimapper - C:\Windows\System32\midimap.dll (Microsoft Corporation)
Drivers32: mixer - C:\Windows\System32\wdmaud.drv (Microsoft Corporation)
Drivers32: mixer1 - C:\Windows\System32\wdmaud.drv (Microsoft Corporation)
Drivers32: msacm.imaadpcm - C:\Windows\System32\imaadp32.acm (Microsoft Corporation)
Drivers32: msacm.l3acm - C:\Windows\System32\l3codecp.acm (Fraunhofer Institut Integrierte Schaltungen IIS)
Drivers32: msacm.l3codec - C:\Windows\System32\l3codecp.acm (Fraunhofer Institut Integrierte Schaltungen IIS)
Drivers32: msacm.msadpcm - C:\Windows\System32\msadp32.acm (Microsoft Corporation)
Drivers32: msacm.msg711 - C:\Windows\System32\msg711.acm (Microsoft Corporation)
Drivers32: msacm.msgsm610 - C:\Windows\System32\msgsm32.acm (Microsoft Corporation)
Drivers32: MSVideo - C:\Windows\System32\vfwwdm32.dll (Microsoft Corporation)
Drivers32: MSVideo8 - C:\Windows\System32\vfwwdm32.dll (Microsoft Corporation)
Drivers32: vidc.cvid - C:\Windows\System32\iccvid.dll (Radius Inc.)
Drivers32: vidc.DIVX - C:\Windows\System32\DivX.dll (DivX, Inc.)
Drivers32: vidc.i420 - C:\Windows\System32\lvcodec2.dll (Logitech Inc.)
Drivers32: VIDC.IYUV - C:\Windows\System32\iyuv_32.dll (Microsoft Corporation)
Drivers32: vidc.mrle - C:\Windows\System32\msrle32.dll (Microsoft Corporation)
Drivers32: vidc.msvc - C:\Windows\System32\msvidc32.dll (Microsoft Corporation)
Drivers32: VIDC.UYVY - C:\Windows\System32\msyuv.dll (Microsoft Corporation)
Drivers32: VIDC.YUY2 - C:\Windows\System32\msyuv.dll (Microsoft Corporation)
Drivers32: vidc.yv12 - C:\Windows\System32\DivX.dll (DivX, Inc.)
Drivers32: VIDC.YVU9 - C:\Windows\System32\tsbyuv.dll (Microsoft Corporation)
Drivers32: VIDC.YVYU - C:\Windows\System32\msyuv.dll (Microsoft Corporation)
Drivers32: wave - C:\Windows\System32\wdmaud.drv (Microsoft Corporation)
Drivers32: wave1 - C:\Windows\System32\wdmaud.drv (Microsoft Corporation)
Drivers32: wavemapper - C:\Windows\System32\msacm32.drv (Microsoft Corporation)

========== Files/Folders - Created Within 90 Days ==========

[2010/10/08 21:14:46 | 000,576,512 | ---- | C] (OldTimer Tools) -- C:\Users\Christian\Desktop\OTL.exe
[2010/10/01 16:07:10 | 000,000,000 | -HSD | C] -- C:\Config.Msi
[2010/10/01 15:03:13 | 000,000,000 | ---D | C] -- C:\ProgramData\STOPzilla!
[2010/10/01 15:03:13 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\iS3
[2010/09/30 22:46:22 | 000,000,000 | ---D | C] -- C:\Users\Christian\AppData\Roaming\Malwarebytes
[2010/09/30 22:45:39 | 000,038,224 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbamswissarmy.sys
[2010/09/30 22:45:38 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes
[2010/09/30 22:45:37 | 000,020,952 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbam.sys
[2010/09/30 22:45:37 | 000,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware
[2010/09/30 19:30:47 | 000,000,000 | ---D | C] -- C:\Windows\System32\appmgmt
[2010/09/30 12:34:49 | 000,000,000 | ---D | C] -- C:\Program Files\FBLayouts
[2010/09/29 18:20:58 | 000,000,000 | -H-D | C] -- C:\Users\Public\Documents\Server
[2010/09/26 14:18:08 | 000,000,000 | ---D | C] -- C:\Users\Christian\AppData\Local\Google
[2010/09/26 14:18:08 | 000,000,000 | ---D | C] -- C:\Program Files\Google
[2010/09/17 23:41:13 | 000,000,000 | ---D | C] -- C:\Windows\Sun
[2010/09/15 21:38:48 | 000,000,000 | ---D | C] -- C:\ProgramData\Blizzard Entertainment
[2010/09/15 21:19:09 | 000,000,000 | ---D | C] -- C:\Users\Public\Documents\Blizzard Entertainment
[2010/09/15 20:27:05 | 000,000,000 | ---D | C] -- C:\ProgramData\Blizzard
[2010/09/15 18:14:28 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Blizzard Entertainment
[2010/09/11 05:48:38 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\PX Storage Engine
[2010/09/11 05:48:19 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\DivX Shared
[2010/09/10 03:49:22 | 000,000,000 | ---D | C] -- C:\Users\Christian\Documents\VodBurner
[2010/09/10 03:46:30 | 000,000,000 | ---D | C] -- C:\Program Files\VodBurner
[2010/09/09 18:50:07 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Skype
[2010/09/06 03:24:29 | 000,000,000 | ---D | C] -- C:\Users\Christian\Documents\Webcam
[2010/09/06 02:50:45 | 000,000,000 | ---D | C] -- C:\ProgramData\LogiShrd
[2010/09/06 02:45:41 | 000,000,000 | ---D | C] -- C:\Users\Christian\AppData\Roaming\Leadertech
[2010/09/06 02:45:24 | 000,000,000 | ---D | C] -- C:\ProgramData\Logitech
[2010/09/06 02:45:21 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\LWS
[2010/09/06 02:45:10 | 000,000,000 | ---D | C] -- C:\Program Files\Logitech
[2010/09/06 02:41:05 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\logishrd
[2010/09/05 00:49:01 | 000,000,000 | ---D | C] -- C:\Users\Christian\AppData\Roaming\skypePM
[2010/09/05 00:48:17 | 000,000,000 | ---D | C] -- C:\Users\Christian\AppData\Roaming\Skype
[2010/09/02 22:10:08 | 000,000,000 | ---D | C] -- C:\Users\Christian\AppData\Roaming\LimeWire
[2010/09/02 18:57:45 | 000,000,000 | ---D | C] -- C:\Users\Christian\AppData\Roaming\Mozilla
[2010/09/02 18:57:45 | 000,000,000 | ---D | C] -- C:\Users\Christian\AppData\Local\Mozilla
[2010/09/02 18:57:22 | 000,000,000 | ---D | C] -- C:\Program Files\Mozilla Firefox
[2010/09/02 18:29:37 | 000,000,000 | ---D | C] -- C:\Program Files\LimeWire
[2010/09/02 18:17:24 | 000,000,000 | ---D | C] -- C:\Users\Christian\AppData\Roaming\DivX
[2010/09/02 18:15:55 | 000,000,000 | ---D | C] -- C:\Program Files\DivX
[2010/09/02 18:15:15 | 000,000,000 | ---D | C] -- C:\ProgramData\DivX
[2010/09/02 17:38:45 | 000,000,000 | R--D | C] -- C:\Program Files\Skype
[2010/09/02 17:38:43 | 000,000,000 | ---D | C] -- C:\ProgramData\Skype
[2010/09/02 17:12:01 | 000,000,000 | ---D | C] -- C:\ProgramData\Sun
[2010/09/02 17:12:01 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Java
[2010/09/02 17:10:32 | 000,000,000 | ---D | C] -- C:\Program Files\Java
[2010/09/02 16:52:30 | 000,000,000 | ---D | C] -- C:\Windows\System32\Adobe
[2010/09/02 16:19:18 | 000,000,000 | ---D | C] -- C:\Users\Christian\AppData\Roaming\Publish Providers
[2010/09/02 16:15:44 | 000,000,000 | ---D | C] -- C:\Users\Christian\AppData\Roaming\Sony
[2010/09/02 16:15:44 | 000,000,000 | ---D | C] -- C:\Users\Christian\AppData\Local\Sony
[2010/09/02 16:11:12 | 000,000,000 | ---D | C] -- C:\ProgramData\Sony
[2010/09/02 16:11:00 | 000,000,000 | ---D | C] -- C:\Program Files\Sony
[2010/09/02 15:56:19 | 000,000,000 | ---D | C] -- C:\Users\Christian\Documents\DBZ Clips
[2010/09/02 15:01:04 | 000,000,000 | ---D | C] -- C:\Program Files\PokerStars.NET
[2010/09/02 14:45:21 | 000,000,000 | ---D | C] -- C:\Users\Christian\AppData\Local\Apple Computer
[2010/09/02 14:45:20 | 000,000,000 | ---D | C] -- C:\Users\Christian\AppData\Roaming\Apple Computer
[2010/09/02 14:45:14 | 000,000,000 | ---D | C] -- C:\Windows\System32\DRVSTORE
[2010/09/02 14:44:54 | 000,000,000 | ---D | C] -- C:\Program Files\iTunes
[2010/09/02 14:44:54 | 000,000,000 | ---D | C] -- C:\Program Files\iPod
[2010/09/02 14:44:54 | 000,000,000 | ---D | C] -- C:\ProgramData\{429CAD59-35B1-4DBC-BB6D-1DB246563521}
[2010/09/02 14:44:15 | 000,000,000 | ---D | C] -- C:\Program Files\QuickTime
[2010/09/02 14:44:15 | 000,000,000 | ---D | C] -- C:\ProgramData\Apple Computer
[2010/09/02 14:44:07 | 000,000,000 | ---D | C] -- C:\Users\Christian\AppData\Local\Apple
[2010/09/02 14:44:05 | 000,000,000 | ---D | C] -- C:\Program Files\Apple Software Update
[2010/09/02 14:43:44 | 000,000,000 | ---D | C] -- C:\Program Files\Bonjour
[2010/09/02 14:43:34 | 000,000,000 | ---D | C] -- C:\ProgramData\Apple
[2010/09/02 14:43:34 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Apple
[2010/09/02 09:01:38 | 000,000,000 | ---D | C] -- C:\Windows\Panther
[2010/09/02 08:02:47 | 000,000,000 | ---D | C] -- C:\Windows\Prefetch
[2010/09/02 08:02:03 | 000,000,000 | -HSD | C] -- C:\System Volume Information
[2010/09/02 06:35:29 | 000,000,000 | ---D | C] -- C:\Users\Christian\AppData\Roaming\Macromedia
[2010/09/02 06:35:29 | 000,000,000 | ---D | C] -- C:\Users\Christian\AppData\Roaming\Adobe
[2010/09/02 06:35:26 | 000,000,000 | ---D | C] -- C:\Windows\System32\Macromed
[2010/09/02 06:25:04 | 000,000,000 | ---D | C] -- C:\Program Files\Intel
[2010/09/02 06:25:03 | 000,000,000 | ---D | C] -- C:\Intel
[2010/09/02 06:18:48 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft.NET
[2010/09/02 05:39:28 | 000,165,584 | ---- | C] (AVAST Software) -- C:\Windows\System32\drivers\aswSP.sys
[2010/09/02 05:39:28 | 000,017,744 | ---- | C] (AVAST Software) -- C:\Windows\System32\drivers\aswFsBlk.sys
[2010/09/02 05:39:27 | 000,023,376 | ---- | C] (AVAST Software) -- C:\Windows\System32\drivers\aswRdr.sys
[2010/09/02 05:39:25 | 000,046,672 | ---- | C] (AVAST Software) -- C:\Windows\System32\drivers\aswTdi.sys
[2010/09/02 05:39:23 | 000,050,768 | ---- | C] (AVAST Software) -- C:\Windows\System32\drivers\aswMonFlt.sys
[2010/09/02 05:38:56 | 000,000,000 | -HSD | C] -- C:\Windows\Installer
[2010/09/02 05:38:52 | 000,167,592 | ---- | C] (AVAST Software) -- C:\Windows\System32\aswBoot.exe
[2010/09/02 05:38:52 | 000,038,848 | ---- | C] (AVAST Software) -- C:\Windows\avastSS.scr
[2010/09/02 05:38:49 | 000,000,000 | ---D | C] -- C:\ProgramData\Alwil Software
[2010/09/02 05:38:49 | 000,000,000 | ---D | C] -- C:\Program Files\Alwil Software
[2010/09/02 05:15:58 | 000,000,000 | ---D | C] -- C:\Users\Christian\AppData\Local\ElevatedDiagnostics
[2010/09/02 05:10:34 | 000,000,000 | R--D | C] -- C:\Users\Christian\Searches
[2010/09/02 05:10:33 | 000,000,000 | -H-D | C] -- C:\Users\Christian\Application Data\Microsoft\Internet Explorer\Quick Launch\User Pinned
[2010/09/02 05:10:25 | 000,000,000 | ---D | C] -- C:\Users\Christian\AppData\Roaming\Identities
[2010/09/02 05:10:23 | 000,000,000 | R--D | C] -- C:\Users\Christian\Contacts
[2010/09/02 05:10:10 | 000,000,000 | -HSD | C] -- C:\Users\Christian\AppData\Local\Temporary Internet Files
[2010/09/02 05:10:10 | 000,000,000 | -HSD | C] -- C:\Users\Christian\Templates
[2010/09/02 05:10:10 | 000,000,000 | -HSD | C] -- C:\Users\Christian\Start Menu
[2010/09/02 05:10:10 | 000,000,000 | -HSD | C] -- C:\Users\Christian\SendTo
[2010/09/02 05:10:10 | 000,000,000 | -HSD | C] -- C:\Users\Christian\Recent
[2010/09/02 05:10:10 | 000,000,000 | -HSD | C] -- C:\Users\Christian\PrintHood
[2010/09/02 05:10:10 | 000,000,000 | -HSD | C] -- C:\Users\Christian\NetHood
[2010/09/02 05:10:10 | 000,000,000 | -HSD | C] -- C:\Users\Christian\Documents\My Videos
[2010/09/02 05:10:10 | 000,000,000 | -HSD | C] -- C:\Users\Christian\Documents\My Pictures
[2010/09/02 05:10:10 | 000,000,000 | -HSD | C] -- C:\Users\Christian\Documents\My Music
[2010/09/02 05:10:10 | 000,000,000 | -HSD | C] -- C:\Users\Christian\My Documents
[2010/09/02 05:10:10 | 000,000,000 | -HSD | C] -- C:\Users\Christian\Local Settings
[2010/09/02 05:10:10 | 000,000,000 | -HSD | C] -- C:\Users\Christian\AppData\Local\History
[2010/09/02 05:10:10 | 000,000,000 | -HSD | C] -- C:\Users\Christian\Cookies
[2010/09/02 05:10:10 | 000,000,000 | -HSD | C] -- C:\Users\Christian\Application Data
[2010/09/02 05:10:10 | 000,000,000 | -HSD | C] -- C:\Users\Christian\AppData\Local\Application Data
[2010/09/02 05:10:09 | 000,000,000 | --SD | C] -- C:\Users\Christian\AppData\Roaming\Microsoft
[2010/09/02 05:10:09 | 000,000,000 | R--D | C] -- C:\Users\Christian\Videos
[2010/09/02 05:10:09 | 000,000,000 | R--D | C] -- C:\Users\Christian\Saved Games
[2010/09/02 05:10:09 | 000,000,000 | R--D | C] -- C:\Users\Christian\Pictures
[2010/09/02 05:10:09 | 000,000,000 | R--D | C] -- C:\Users\Christian\Music
[2010/09/02 05:10:09 | 000,000,000 | R--D | C] -- C:\Users\Christian\Links
[2010/09/02 05:10:09 | 000,000,000 | R--D | C] -- C:\Users\Christian\Favorites
[2010/09/02 05:10:09 | 000,000,000 | R--D | C] -- C:\Users\Christian\Downloads
[2010/09/02 05:10:09 | 000,000,000 | R--D | C] -- C:\Users\Christian\My Documents
[2010/09/02 05:10:09 | 000,000,000 | R--D | C] -- C:\Users\Christian\Desktop
[2010/09/02 05:10:09 | 000,000,000 | -H-D | C] -- C:\Users\Christian\AppData
[2010/09/02 05:10:09 | 000,000,000 | ---D | C] -- C:\Users\Christian\AppData\Local\Temp
[2010/09/02 05:10:09 | 000,000,000 | ---D | C] -- C:\Users\Christian\AppData\Local\Microsoft
[2010/09/02 05:10:09 | 000,000,000 | ---D | C] -- C:\Users\Christian\AppData\Roaming\Media Center Programs
[2010/09/02 05:09:22 | 000,000,000 | -HSD | C] -- C:\Recovery
[2010/09/02 05:09:18 | 000,000,000 | ---D | C] -- C:\Windows\SoftwareDistribution
[2010/09/02 04:50:59 | 000,000,000 | R--D | C] -- C:\Users\Christian\Documents\Favorites
[2010/09/02 04:48:24 | 000,000,000 | ---D | C] -- C:\Users\Christian\Documents\Shoddy Battle Teams
[2010/09/02 04:47:35 | 000,000,000 | ---D | C] -- C:\Users\Christian\Documents\LimeWire
[2010/09/02 04:47:35 | 000,000,000 | ---D | C] -- C:\Users\Christian\Documents\Driver
[2010/09/02 04:05:55 | 000,000,000 | ---D | C] -- C:\Users\Christian\Documents\gifs
[2010/09/02 04:04:21 | 000,000,000 | ---D | C] -- C:\Users\Christian\Documents\Movies
[2010/09/02 04:04:10 | 000,000,000 | ---D | C] -- C:\Users\Christian\Documents\Vegas Projects
[2010/09/02 04:03:24 | 000,000,000 | ---D | C] -- C:\Users\Christian\Documents\Software
[2010/04/21 17:32:38 | 000,004,096 | ---- | C] ( ) -- C:\Windows\System32\IGFXDEVLib.dll

========== Files - Modified Within 90 Days ==========

[2010/10/08 21:18:12 | 001,310,720 | -HS- | M] () -- C:\Users\Christian\ntuser.dat
[2010/10/08 21:14:47 | 000,576,512 | ---- | M] (OldTimer Tools) -- C:\Users\Christian\Desktop\OTL.exe
[2010/10/08 21:09:41 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2010/10/08 17:39:54 | 000,016,944 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2010/10/08 17:39:54 | 000,016,944 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2010/10/08 00:29:13 | 000,001,219 | ---- | M] () -- C:\Users\Public\Desktop\World of Warcraft.lnk
[2010/10/07 23:46:45 | 000,726,316 | ---- | M] () -- C:\Windows\System32\PerfStringBackup.INI
[2010/10/07 23:46:45 | 000,624,178 | ---- | M] () -- C:\Windows\System32\perfh009.dat
[2010/10/07 23:46:45 | 000,106,522 | ---- | M] () -- C:\Windows\System32\perfc009.dat
[2010/10/07 23:44:38 | 000,000,688 | ---- | M] () -- C:\Windows\System32\drivers\kgpcpy.cfg
[2010/10/07 23:42:39 | 000,001,933 | ---- | M] () -- C:\Users\Public\Desktop\avast! Free Antivirus.lnk
[2010/10/07 23:42:37 | 000,002,577 | ---- | M] () -- C:\Windows\System32\config.nt
[2010/10/07 23:42:33 | 000,000,006 | -H-- | M] () -- C:\Windows\tasks\SA.DAT
[2010/10/07 23:38:22 | 000,524,288 | -HS- | M] () -- C:\Users\Christian\ntuser.dat{6a59cd48-d28d-11df-ad56-0025646c62ba}.TMContainer00000000000000000002.regtrans-ms
[2010/10/07 23:38:21 | 000,524,288 | -HS- | M] () -- C:\Users\Christian\ntuser.dat{6a59cd48-d28d-11df-ad56-0025646c62ba}.TMContainer00000000000000000001.regtrans-ms
[2010/10/07 23:38:21 | 000,065,536 | -HS- | M] () -- C:\Users\Christian\ntuser.dat{6a59cd48-d28d-11df-ad56-0025646c62ba}.TM.blf
[2010/10/07 23:37:56 | 2384,744,448 | -HS- | M] () -- C:\hiberfil.sys
[2010/10/01 14:29:04 | 000,002,917 | ---- | M] () -- C:\Users\Christian\Documents\Kaspersky.html
[2010/09/30 22:45:41 | 000,000,979 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes' Anti-Malware.lnk
[2010/09/30 19:53:59 | 000,524,288 | -HS- | M] () -- C:\Users\Christian\ntuser.dat{eff98ec1-cce9-11df-9b06-0025646c62ba}.TMContainer00000000000000000002.regtrans-ms
[2010/09/30 19:53:59 | 000,524,288 | -HS- | M] () -- C:\Users\Christian\ntuser.dat{eff98ec1-cce9-11df-9b06-0025646c62ba}.TMContainer00000000000000000001.regtrans-ms
[2010/09/30 19:53:59 | 000,065,536 | -HS- | M] () -- C:\Users\Christian\ntuser.dat{eff98ec1-cce9-11df-9b06-0025646c62ba}.TM.blf
[2010/09/11 18:33:58 | 231,225,215 | ---- | M] () -- C:\Users\Christian\Documents\Gohan-Had Enough Rendering.mp4
[2010/09/11 08:17:09 | 231,210,377 | ---- | M] () -- C:\Users\Christian\Documents\Gohan-Had Enough.mp4
[2010/09/10 01:51:14 | 000,000,000 | ---- | M] () -- C:\Windows\nsreg.dat
[2010/09/10 01:50:48 | 000,001,909 | ---- | M] () -- C:\Users\Christian\Application Data\Microsoft\Internet Explorer\Quick Launch\Mozilla Firefox.lnk
[2010/09/10 01:50:48 | 000,001,885 | ---- | M] () -- C:\Users\Public\Desktop\Mozilla Firefox.lnk
[2010/09/09 18:51:02 | 000,000,056 | -H-- | M] () -- C:\Windows\System32\ezsidmv.dat
[2010/09/09 18:50:07 | 000,002,503 | ---- | M] () -- C:\Users\Public\Desktop\Skype.lnk
[2010/09/09 18:49:09 | 000,001,863 | ---- | M] () -- C:\Users\Christian\Desktop\LimeWire 5.5.14.lnk
[2010/09/09 15:57:12 | 000,524,288 | -HS- | M] () -- C:\Users\Christian\ntuser.dat{862a1f86-bc2a-11df-9b62-0025646c62ba}.TMContainer00000000000000000002.regtrans-ms
[2010/09/09 15:57:12 | 000,524,288 | -HS- | M] () -- C:\Users\Christian\ntuser.dat{862a1f86-bc2a-11df-9b62-0025646c62ba}.TMContainer00000000000000000001.regtrans-ms
[2010/09/09 15:57:12 | 000,065,536 | -HS- | M] () -- C:\Users\Christian\ntuser.dat{862a1f86-bc2a-11df-9b62-0025646c62ba}.TM.blf
[2010/09/07 11:12:17 | 000,038,848 | ---- | M] (AVAST Software) -- C:\Windows\avastSS.scr
[2010/09/07 11:11:54 | 000,167,592 | ---- | M] (AVAST Software) -- C:\Windows\System32\aswBoot.exe
[2010/09/07 10:52:25 | 000,046,672 | ---- | M] (AVAST Software) -- C:\Windows\System32\drivers\aswTdi.sys
[2010/09/07 10:52:03 | 000,165,584 | ---- | M] (AVAST Software) -- C:\Windows\System32\drivers\aswSP.sys
[2010/09/07 10:47:46 | 000,023,376 | ---- | M] (AVAST Software) -- C:\Windows\System32\drivers\aswRdr.sys
[2010/09/07 10:47:30 | 000,050,768 | ---- | M] (AVAST Software) -- C:\Windows\System32\drivers\aswMonFlt.sys
[2010/09/07 10:47:07 | 000,017,744 | ---- | M] (AVAST Software) -- C:\Windows\System32\drivers\aswFsBlk.sys
[2010/09/02 22:10:30 | 000,001,821 | ---- | M] () -- C:\Users\Christian\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\LimeWire On Startup.lnk
[2010/09/02 16:18:38 | 000,002,608 | ---- | M] () -- C:\Users\Christian\Documents\Register Vegas Pro.htm
[2010/09/02 16:11:19 | 000,001,878 | ---- | M] () -- C:\Users\Public\Desktop\Vegas Pro 9.0.lnk
[2010/09/02 15:01:10 | 000,001,075 | ---- | M] () -- C:\Users\Christian\Application Data\Microsoft\Internet Explorer\Quick Launch\PokerStars.net.lnk
[2010/09/02 15:01:10 | 000,001,051 | ---- | M] () -- C:\Users\Public\Desktop\PokerStars.lnk
[2010/09/02 14:45:16 | 000,002,429 | ---- | M] () -- C:\Users\Public\Desktop\iTunes.lnk
[2010/09/02 14:44:20 | 000,001,815 | ---- | M] () -- C:\Users\Public\Desktop\QuickTime Player.lnk
[2010/09/02 08:05:24 | 000,039,293 | ---- | M] () -- C:\Windows\System32\license.rtf
[2010/09/02 08:03:32 | 000,000,000 | -H-- | M] () -- C:\Windows\System32\drivers\Msft_User_WpdFs_01_09_00.Wdf
[2010/09/02 06:28:56 | 000,266,808 | ---- | M] () -- C:\Windows\System32\FNTCACHE.DAT
[2010/09/02 05:59:20 | 000,000,000 | -H-- | M] () -- C:\Windows\System32\drivers\Msft_User_WpdMtpDr_01_09_00.Wdf
[2010/09/02 05:21:44 | 000,524,288 | -HS- | M] () -- C:\Users\Christian\NTUSER.DAT{6cced2f1-6e01-11de-8bed-001e0bcd1824}.TMContainer00000000000000000002.regtrans-ms
[2010/09/02 05:21:44 | 000,524,288 | -HS- | M] () -- C:\Users\Christian\NTUSER.DAT{6cced2f1-6e01-11de-8bed-001e0bcd1824}.TMContainer00000000000000000001.regtrans-ms
[2010/09/02 05:21:44 | 000,065,536 | -HS- | M] () -- C:\Users\Christian\NTUSER.DAT{6cced2f1-6e01-11de-8bed-001e0bcd1824}.TM.blf
[2010/09/02 05:15:33 | 000,001,407 | ---- | M] () -- C:\Users\Christian\Application Data\Microsoft\Internet Explorer\Quick Launch\Launch Internet Explorer Browser.lnk
[2010/09/02 05:10:40 | 000,057,560 | ---- | M] () -- C:\Users\Christian\AppData\Local\GDIPFONTCACHEV1.DAT
[2010/09/02 05:10:35 | 000,001,413 | ---- | M] () -- C:\Users\Christian\Desktop\Internet Explorer.lnk
[2010/09/02 05:10:10 | 000,000,020 | -HS- | M] () -- C:\Users\Christian\ntuser.ini
[2010/07/27 08:03:20 | 010,829,656 | ---- | M] () -- C:\Windows\System32\LogiDPP.dll
[2010/07/27 08:03:20 | 000,102,744 | ---- | M] () -- C:\Windows\System32\LogiDPPApp.exe
[2010/07/27 08:03:18 | 000,290,648 | ---- | M] () -- C:\Windows\System32\DevManagerCore.dll
[2010/07/27 07:56:40 | 000,266,828 | ---- | M] () -- C:\Windows\System32\drivers\LVAFT.cfg
[2010/07/27 07:56:04 | 000,090,411 | ---- | M] () -- C:\Windows\System32\lvcoinst.ini
[2010/07/27 07:55:50 | 000,037,518 | ---- | M] () -- C:\Windows\System32\Repository.reg

========== Files Created - No Company Name ==========

[2010/10/07 23:43:23 | 000,000,688 | ---- | C] () -- C:\Windows\System32\drivers\kgpcpy.cfg
[2010/10/07 23:38:22 | 000,524,288 | -HS- | C] () -- C:\Users\Christian\ntuser.dat{6a59cd48-d28d-11df-ad56-0025646c62ba}.TMContainer00000000000000000002.regtrans-ms
[2010/10/07 23:38:21 | 000,524,288 | -HS- | C] () -- C:\Users\Christian\ntuser.dat{6a59cd48-d28d-11df-ad56-0025646c62ba}.TMContainer00000000000000000001.regtrans-ms
[2010/10/07 23:38:21 | 000,065,536 | -HS- | C] () -- C:\Users\Christian\ntuser.dat{6a59cd48-d28d-11df-ad56-0025646c62ba}.TM.blf
[2010/10/01 14:29:04 | 000,002,917 | ---- | C] () -- C:\Users\Christian\Documents\Kaspersky.html
[2010/09/30 22:45:41 | 000,000,979 | ---- | C] () -- C:\Users\Public\Desktop\Malwarebytes' Anti-Malware.lnk
[2010/09/30 19:46:49 | 000,524,288 | -HS- | C] () -- C:\Users\Christian\ntuser.dat{eff98ec1-cce9-11df-9b06-0025646c62ba}.TMContainer00000000000000000002.regtrans-ms
[2010/09/30 19:46:49 | 000,524,288 | -HS- | C] () -- C:\Users\Christian\ntuser.dat{eff98ec1-cce9-11df-9b06-0025646c62ba}.TMContainer00000000000000000001.regtrans-ms
[2010/09/30 19:46:49 | 000,065,536 | -HS- | C] () -- C:\Users\Christian\ntuser.dat{eff98ec1-cce9-11df-9b06-0025646c62ba}.TM.blf
[2010/09/15 19:23:40 | 000,001,219 | ---- | C] () -- C:\Users\Public\Desktop\World of Warcraft.lnk
[2010/09/11 18:10:12 | 231,225,215 | ---- | C] () -- C:\Users\Christian\Documents\Gohan-Had Enough Rendering.mp4
[2010/09/11 07:53:23 | 231,210,377 | ---- | C] () -- C:\Users\Christian\Documents\Gohan-Had Enough.mp4
[2010/09/10 01:51:14 | 000,000,000 | ---- | C] () -- C:\Windows\nsreg.dat
[2010/09/10 01:50:48 | 000,001,909 | ---- | C] () -- C:\Users\Christian\Application Data\Microsoft\Internet Explorer\Quick Launch\Mozilla Firefox.lnk
[2010/09/10 01:50:48 | 000,001,885 | ---- | C] () -- C:\Users\Public\Desktop\Mozilla Firefox.lnk
[2010/09/09 18:51:02 | 000,000,056 | -H-- | C] () -- C:\Windows\System32\ezsidmv.dat
[2010/09/09 18:50:07 | 000,002,503 | ---- | C] () -- C:\Users\Public\Desktop\Skype.lnk
[2010/09/09 18:49:09 | 000,001,863 | ---- | C] () -- C:\Users\Christian\Desktop\LimeWire 5.5.14.lnk
[2010/09/09 11:54:59 | 000,524,288 | -HS- | C] () -- C:\Users\Christian\ntuser.dat{862a1f86-bc2a-11df-9b62-0025646c62ba}.TMContainer00000000000000000002.regtrans-ms
[2010/09/09 11:54:59 | 000,524,288 | -HS- | C] () -- C:\Users\Christian\ntuser.dat{862a1f86-bc2a-11df-9b62-0025646c62ba}.TMContainer00000000000000000001.regtrans-ms
[2010/09/09 11:54:59 | 000,065,536 | -HS- | C] () -- C:\Users\Christian\ntuser.dat{862a1f86-bc2a-11df-9b62-0025646c62ba}.TM.blf
[2010/09/02 22:10:30 | 000,001,821 | ---- | C] () -- C:\Users\Christian\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\LimeWire On Startup.lnk
[2010/09/02 16:11:19 | 000,001,878 | ---- | C] () -- C:\Users\Public\Desktop\Vegas Pro 9.0.lnk
[2010/09/02 15:01:10 | 000,001,075 | ---- | C] () -- C:\Users\Christian\Application Data\Microsoft\Internet Explorer\Quick Launch\PokerStars.net.lnk
[2010/09/02 15:01:10 | 000,001,051 | ---- | C] () -- C:\Users\Public\Desktop\PokerStars.lnk
[2010/09/02 14:45:16 | 000,002,429 | ---- | C] () -- C:\Users\Public\Desktop\iTunes.lnk
[2010/09/02 14:44:20 | 000,001,815 | ---- | C] () -- C:\Users\Public\Desktop\QuickTime Player.lnk
[2010/09/02 08:03:32 | 000,000,000 | -H-- | C] () -- C:\Windows\System32\drivers\Msft_User_WpdFs_01_09_00.Wdf
[2010/09/02 08:02:03 | 2384,744,448 | -HS- | C] () -- C:\hiberfil.sys
[2010/09/02 05:59:20 | 000,000,000 | -H-- | C] () -- C:\Windows\System32\drivers\Msft_User_WpdMtpDr_01_09_00.Wdf
[2010/09/02 05:39:29 | 000,001,933 | ---- | C] () -- C:\Users\Public\Desktop\avast! Free Antivirus.lnk
[2010/09/02 05:15:33 | 000,001,407 | ---- | C] () -- C:\Users\Christian\Application Data\Microsoft\Internet Explorer\Quick Launch\Launch Internet Explorer Browser.lnk
[2010/09/02 05:10:35 | 000,001,413 | ---- | C] () -- C:\Users\Christian\Desktop\Internet Explorer.lnk
[2010/09/02 05:10:10 | 000,000,020 | -HS- | C] () -- C:\Users\Christian\ntuser.ini
[2010/09/02 05:10:09 | 001,310,720 | -HS- | C] () -- C:\Users\Christian\ntuser.dat
[2010/09/02 05:10:09 | 000,524,288 | -HS- | C] () -- C:\Users\Christian\NTUSER.DAT{6cced2f1-6e01-11de-8bed-001e0bcd1824}.TMContainer00000000000000000002.regtrans-ms
[2010/09/02 05:10:09 | 000,524,288 | -HS- | C] () -- C:\Users\Christian\NTUSER.DAT{6cced2f1-6e01-11de-8bed-001e0bcd1824}.TMContainer00000000000000000001.regtrans-ms
[2010/09/02 05:10:09 | 000,262,144 | -HS- | C] () -- C:\Users\Christian\ntuser.dat.LOG1
[2010/09/02 05:10:09 | 000,065,536 | -HS- | C] () -- C:\Users\Christian\NTUSER.DAT{6cced2f1-6e01-11de-8bed-001e0bcd1824}.TM.blf
[2010/09/02 05:10:09 | 000,000,290 | ---- | C] () -- C:\Users\Christian\Application Data\Microsoft\Internet Explorer\Quick Launch\Shows Desktop.lnk
[2010/09/02 05:10:09 | 000,000,272 | ---- | C] () -- C:\Users\Christian\Application Data\Microsoft\Internet Explorer\Quick Launch\Window Switcher.lnk
[2010/09/02 05:10:09 | 000,000,000 | -HS- | C] () -- C:\Users\Christian\ntuser.dat.LOG2
[2010/09/02 04:47:35 | 000,080,702 | ---- | C] () -- C:\Users\Christian\Documents\JavaRNG 2.1.jar
[2010/09/02 04:44:51 | 000,211,815 | ---- | C] () -- C:\Users\Christian\Documents\RNGReporter_830.zip
[2010/09/02 04:44:51 | 000,002,608 | ---- | C] () -- C:\Users\Christian\Documents\Register Vegas Pro.htm
[2010/09/02 04:06:08 | 129,387,158 | ---- | C] () -- C:\Users\Christian\Documents\Vista System Files.zip
[2010/07/27 08:03:20 | 010,829,656 | ---- | C] () -- C:\Windows\System32\LogiDPP.dll
[2010/07/27 08:03:20 | 000,102,744 | ---- | C] () -- C:\Windows\System32\LogiDPPApp.exe
[2010/07/27 08:03:18 | 000,290,648 | ---- | C] () -- C:\Windows\System32\DevManagerCore.dll
[2010/07/27 07:56:40 | 000,266,828 | ---- | C] () -- C:\Windows\System32\drivers\LVAFT.cfg
[2010/07/27 07:56:04 | 000,090,411 | ---- | C] () -- C:\Windows\System32\lvcoinst.ini
[2010/07/27 07:55:50 | 000,037,518 | ---- | C] () -- C:\Windows\System32\Repository.reg
[2010/04/21 17:22:50 | 000,208,896 | ---- | C] () -- C:\Windows\System32\iglhsip32.dll
[2010/04/21 17:22:50 | 000,143,360 | ---- | C] () -- C:\Windows\System32\iglhcp32.dll
[2009/09/28 09:22:00 | 000,315,392 | ---- | C] () -- C:\Windows\System32\drivers\yk62x86.sys
[2009/07/13 19:51:43 | 000,073,728 | ---- | C] () -- C:\Windows\System32\BthpanContextHandler.dll
[2009/07/13 19:42:10 | 000,064,000 | ---- | C] () -- C:\Windows\System32\BWContextHandler.dll

========== LOP Check ==========

[2010/09/06 02:45:41 | 000,000,000 | ---D | M] -- C:\Users\Christian\AppData\Roaming\Leadertech
[2010/10/07 23:43:44 | 000,000,000 | ---D | M] -- C:\Users\Christian\AppData\Roaming\LimeWire
[2010/09/02 16:19:18 | 000,000,000 | ---D | M] -- C:\Users\Christian\AppData\Roaming\Publish Providers
[2010/09/11 07:52:50 | 000,000,000 | ---D | M] -- C:\Users\Christian\AppData\Roaming\Sony
[2009/07/14 00:53:46 | 000,006,354 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT

========== Purity Check ==========



========== Custom Scans ==========


< %systemroot%\system32\*.dll /lockedfiles >
[2009/07/13 21:15:13 | 000,346,112 | ---- | M] (Microsoft Corporation) Unable to obtain MD5 -- C:\Windows\System32\dxtmsft.dll
[2009/07/13 21:15:13 | 000,215,552 | ---- | M] (Microsoft Corporation) Unable to obtain MD5 -- C:\Windows\System32\dxtrans.dll
[2010/06/30 02:21:47 | 000,185,856 | ---- | M] (Microsoft Corporation) Unable to obtain MD5 -- C:\Windows\System32\iepeers.dll

< %systemroot%\system32\*.sys /90 >

< %systemroot%\Tasks\*.job /lockedfiles >

< %systemroot%\System32\config\*.sav >

< %SYSTEMDRIVE%\*.* >
[2009/06/10 17:42:20 | 000,000,024 | ---- | M] () -- C:\autoexec.bat
[2009/06/10 17:42:20 | 000,000,010 | ---- | M] () -- C:\config.sys
[2010/10/07 23:37:56 | 2384,744,448 | -HS- | M] () -- C:\hiberfil.sys
[2010/10/07 23:37:59 | 3179,663,360 | -HS- | M] () -- C:\pagefile.sys

< %systemroot%\system32\Spool\prtprocs\w32x86\*.dll >
[2009/07/13 21:15:35 | 000,022,528 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\spool\prtprocs\w32x86\jnwppr.dll
[2009/07/13 21:16:19 | 000,029,696 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\spool\prtprocs\w32x86\winprint.dll

< %systemroot%\*. /mp /s >

< HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate\AU >

< End of report >

OTL Extras logfile created on: 10/8/2010 9:16:16 PM - Run 1
OTL by OldTimer - Version 3.2.14.1 Folder = C:\Users\Christian\Desktop
Ultimate Edition (Version = 6.1.7600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.7600.16385)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

3.00 Gb Total Physical Memory | 2.00 Gb Available Physical Memory | 70.00% Memory free
6.00 Gb Paging File | 5.00 Gb Available in Paging File | 85.00% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 232.79 Gb Total Space | 132.13 Gb Free Space | 56.76% Space Free | Partition Type: NTFS
D: Drive not present or media not loaded
E: Drive not present or media not loaded
Drive F: | 7.45 Gb Total Space | 2.07 Gb Free Space | 27.83% Space Free | Partition Type: FAT32
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded

Computer Name: CM-LAPTOP
Current User Name: Christian
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: All users
Company Name Whitelist: On
Skip Microsoft Files: On
File Age = 90 Days
Output = Standard
Quick Scan

========== Extra Registry (SafeList) ==========


========== File Associations ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\System32\control.exe (Microsoft Corporation)
.hlp [@ = hlpfile] -- C:\Windows\winhlp32.exe (Microsoft Corporation)

[HKEY_USERS\S-1-5-21-503737564-3586905363-225293983-1000\SOFTWARE\Classes\<extension>]
.exe [@ = exefile] -- Reg Error: Key error. File not found

========== Shell Spawning ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
hlpfile [open] -- %SystemRoot%\winhlp32.exe %1 (Microsoft Corporation)
htmlfile [edit] -- Reg Error: Key error.
htmlfile [print] -- rundll32.exe %windir%\system32\mshtml.dll,PrintHTML "%1"
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l (Microsoft Corporation)
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [openNew] -- explorer %1 (Microsoft Corporation)
Directory [runas] -- cmd.exe /c takeown /f "%1" /r /d y && icacls "%1" /grant administrators:F /t (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

========== Security Center Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"VistaSp1" = Reg Error: Unknown registry data type -- File not found
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]

========== Firewall Settings ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1

========== Authorized Applications List ==========


========== HKEY_LOCAL_MACHINE Uninstall List ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{26A24AE4-039D-4CA4-87B4-2F83216018FF}" = Java™ 6 Update 21
"{350FB27C-CF62-4EF3-AF9D-70FF313FE221}" = iTunes
"{3C3901C5-3455-3E0A-A214-0B093A5070A6}" = Microsoft .NET Framework 4 Client Profile
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{5EE7D259-D137-4438-9A5F-42F432EC0421}" = VC80CRTRedist - 8.0.50727.4053
"{656957B8-41DB-4E43-AAA1-B128C2213D50}" = VodBurner
"{837b34e3-7c30-493c-8f6a-2b0f04e2912c}" = Microsoft Visual C++ 2005 Redistributable
"{981029E0-7FC9-4CF3-AB39-6F133621921A}" = Skype Toolbars
"{C41300B9-185D-475E-BFEC-39EF732F19B1}" = Apple Software Update
"{CCA1EEA3-555E-4D05-AC46-4B49C6C5D887}" = Apple Mobile Device Support
"{D103C4BA-F905-437A-8049-DB24763BBE36}" = Skype™ 4.2
"{D9D1A2FD-56B2-4F21-B959-745FE43CAB8C}" = Vegas Pro 9.0
"{DAEAFD68-BB4A-4507-A241-C8804D2EA66D}" = Apple Application Support
"{EB900AF8-CC61-4E15-871B-98D1EA3E8025}" = QuickTime
"{FF1C31AE-0CDC-40CE-AB85-406F8B70D643}" = Bonjour
"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin
"Adobe Shockwave Player" = Adobe Shockwave Player 11.5
"avast5" = avast! Free Antivirus
"DivX Setup.divx.com" = DivX Setup
"LimeWire" = LimeWire 5.5.14
"Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"Mozilla Firefox (3.6.9)" = Mozilla Firefox (3.6.9)
"PokerStars.net" = PokerStars.net
"World of Warcraft" = World of Warcraft

========== Last 10 Event Log Errors ==========

[ Application Events ]
Error - 10/6/2010 1:14:11 PM | Computer Name = CM-Laptop | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: Continuously busy for more than a second

Error - 10/6/2010 1:14:11 PM | Computer Name = CM-Laptop | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: m->NextScheduledEvent 25210

Error - 10/6/2010 1:14:11 PM | Computer Name = CM-Laptop | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: m->NextScheduledSPRetry 25210

Error - 10/7/2010 10:07:24 PM | Computer Name = CM-Laptop | Source = Bonjour Service | ID = 100
Description = 460: ERROR: read_msg errno 10054 (An existing connection was forcibly
closed by the remote host.)

Error - 10/7/2010 10:07:24 PM | Computer Name = CM-Laptop | Source = Bonjour Service | ID = 100
Description = 456: ERROR: read_msg errno 10054 (An existing connection was forcibly
closed by the remote host.)

Error - 10/7/2010 10:07:24 PM | Computer Name = CM-Laptop | Source = Bonjour Service | ID = 100
Description = 468: ERROR: read_msg errno 10054 (An existing connection was forcibly
closed by the remote host.)

Error - 10/7/2010 10:07:24 PM | Computer Name = CM-Laptop | Source = Bonjour Service | ID = 100
Description = 472: ERROR: read_msg errno 10054 (An existing connection was forcibly
closed by the remote host.)

Error - 10/7/2010 10:08:55 PM | Computer Name = CM-Laptop | Source = Application Error | ID = 1000
Description = Faulting application name: Explorer.EXE, version: 6.1.7600.16450,
time stamp: 0x4aeba271 Faulting module name: unknown, version: 0.0.0.0, time stamp:
0x00000000 Exception code: 0xc0000005 Fault offset: 0x003476c5 Faulting process id:
0x638 Faulting application start time: 0x01cb637099c6201a Faulting application path:
C:\Windows\Explorer.EXE Faulting module path: unknown Report Id: 005e01dc-d281-11df-8cb5-0025646c62ba

Error - 10/7/2010 11:44:40 PM | Computer Name = CM-Laptop | Source = Application Error | ID = 1000
Description = Faulting application name: SZServer.exe, version: 5.0.80.44, time
stamp: 0x4c8966a4 Faulting module name: iS3Base5.dll, version: 5.0.113.0, time stamp:
0x4c7fcda4 Exception code: 0xc0000005 Fault offset: 0x000040b2 Faulting process id:
0x354 Faulting application start time: 0x01cb669a38fce038 Faulting application path:
C:\Program Files\Common Files\iS3\Anti-Spyware\SZServer.exe Faulting module path:
C:\Windows\system32\iS3Base5.dll Report Id: 60eb3b2e-d28e-11df-ad56-0025646c62ba

Error - 10/8/2010 4:18:52 AM | Computer Name = CM-Laptop | Source = Application Error | ID = 1000
Description = Faulting application name: iexplore.exe, version: 8.0.7600.16385,
time stamp: 0x4a5bc69e Faulting module name: unknown, version: 0.0.0.0, time stamp:
0x00000000 Exception code: 0xc0000005 Fault offset: 0x00053119 Faulting process id:
0xc10 Faulting application start time: 0x01cb66bca00704d4 Faulting application path:
C:\Program Files\Internet Explorer\iexplore.exe Faulting module path: unknown Report
Id: aedea53b-d2b4-11df-ad56-0025646c62ba

[ System Events ]
Error - 10/7/2010 10:38:02 PM | Computer Name = CM-Laptop | Source = Service Control Manager | ID = 7001
Description = The Network List Service service depends on the Network Location Awareness
service which failed to start because of the following error: %%1068

Error - 10/7/2010 10:38:02 PM | Computer Name = CM-Laptop | Source = Service Control Manager | ID = 7001
Description = The Network List Service service depends on the Network Location Awareness
service which failed to start because of the following error: %%1068

Error - 10/7/2010 10:38:02 PM | Computer Name = CM-Laptop | Source = Service Control Manager | ID = 7001
Description = The Network List Service service depends on the Network Location Awareness
service which failed to start because of the following error: %%1068

Error - 10/7/2010 10:50:38 PM | Computer Name = CM-Laptop | Source = Service Control Manager | ID = 7034
Description = The Bonjour Service service terminated unexpectedly. It has done
this 1 time(s).

Error - 10/7/2010 11:25:14 PM | Computer Name = CM-Laptop | Source = Microsoft-Windows-Directory-Services-SAM | ID = 12291
Description = SAM failed to start the TCP/IP or SPX/IPX listening thread

Error - 10/7/2010 11:25:14 PM | Computer Name = CM-Laptop | Source = Service Control Manager | ID = 7023
Description = The Computer Browser service terminated with the following error:
%%1115

Error - 10/7/2010 11:25:24 PM | Computer Name = CM-Laptop | Source = Service Control Manager | ID = 7023
Description = The Server service terminated with the following error: %%1062

Error - 10/7/2010 11:42:32 PM | Computer Name = CM-Laptop | Source = Service Control Manager | ID = 7022
Description = The avast! Antivirus service hung on starting.

Error - 10/7/2010 11:42:36 PM | Computer Name = CM-Laptop | Source = Service Control Manager | ID = 7026
Description = The following boot-start or system-start driver(s) failed to load:
is3srv

Error - 10/7/2010 11:44:47 PM | Computer Name = CM-Laptop | Source = Service Control Manager | ID = 7034
Description = The STOPzilla Service service terminated unexpectedly. It has done
this 1 time(s).


< End of report >

GMER 1.0.15.15281 - http://www.gmer.net
Rootkit scan 2010-10-08 21:31:01
Windows 6.1.7600
Running: gmer.exe; Driver: C:\Users\CHRIST~1\AppData\Local\Temp\uxryapod.sys


---- System - GMER 1.0.15 ----

SSDT \SystemRoot\system32\drivers\szkgfs.sys ZwTerminateProcess [0x82F99496]

INT 0x1F \SystemRoot\system32\halmacpi.dll (Hardware Abstraction Layer DLL/Microsoft Corporation) 8282BAF8
INT 0x37 \SystemRoot\system32\halmacpi.dll (Hardware Abstraction Layer DLL/Microsoft Corporation) 8282B104
INT 0xC1 \SystemRoot\system32\halmacpi.dll (Hardware Abstraction Layer DLL/Microsoft Corporation) 8282B3F4
INT 0xD1 \SystemRoot\system32\halmacpi.dll (Hardware Abstraction Layer DLL/Microsoft Corporation) 828142D8
INT 0xD2 \SystemRoot\system32\halmacpi.dll (Hardware Abstraction Layer DLL/Microsoft Corporation) 82813898
INT 0xDF \SystemRoot\system32\halmacpi.dll (Hardware Abstraction Layer DLL/Microsoft Corporation) 8282B1DC
INT 0xE1 \SystemRoot\system32\halmacpi.dll (Hardware Abstraction Layer DLL/Microsoft Corporation) 8282B958
INT 0xE3 \SystemRoot\system32\halmacpi.dll (Hardware Abstraction Layer DLL/Microsoft Corporation) 8282B6F8
INT 0xFD \SystemRoot\system32\halmacpi.dll (Hardware Abstraction Layer DLL/Microsoft Corporation) 8282BF2C
INT 0xFE \SystemRoot\system32\halmacpi.dll (Hardware Abstraction Layer DLL/Microsoft Corporation) 8282C1A8

Code \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software) ZwCreateProcessEx [0x8FC9FBAE]
Code \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software) ZwCreateSection [0x8FC9F9D2]
Code \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software) ZwLoadDriver [0x8FC9FB0C]
Code \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software) NtCreateSection
Code \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software) ObMakeTemporaryObject

---- Kernel code sections - GMER 1.0.15 ----

.text ntkrnlpa.exe!ZwSaveKeyEx + 13AD 8288B599 1 Byte [06]
.text ntkrnlpa.exe!KiDispatchInterrupt + 5A2 828AFF52 19 Bytes [E0, 0F, BA, F0, 07, 73, 09, ...] {LOOPNZ 0x11; MOV EDX, 0x97307f0; MOV CR4, EAX; OR AL, 0x80; MOV CR4, EAX; RET ; MOV ECX, CR3}
.text ntkrnlpa.exe!RtlSidHashLookup + 7B8 828B7CC8 3 Bytes [96, 94, F9] {XCHG ESI, EAX; XCHG ESP, EAX; STC }
PAGE ntkrnlpa.exe!ZwLoadDriver 829E9291 2 Bytes JMP 8FC9FB10 \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software)
PAGE ntkrnlpa.exe!ZwLoadDriver + 3 829E9294 4 Bytes [2B, 0D, CC, CC]
PAGE ntkrnlpa.exe!ObMakeTemporaryObject 82A50FBF 5 Bytes JMP 8FC9B5D4 \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software)
PAGE ntkrnlpa.exe!ObInsertObject + 27 82A6ACF3 5 Bytes JMP 8FC9D012 \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software)
PAGE ntkrnlpa.exe!NtCreateSection 82A78D63 7 Bytes JMP 8FC9F9D6 \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software)
PAGE ntkrnlpa.exe!ZwCreateProcessEx 82B22EAC 7 Bytes JMP 8FC9FBB2 \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software)
? system32\DRIVERS\szkg.sys The system cannot find the path specified. !
? system32\drivers\szkgfs.sys The system cannot find the path specified. !
.text peauth.sys 9A565C9E 27 Bytes [6C, BE, 75, E1, D7, 0B, 3C, ...]
.text peauth.sys 9A565CC2 27 Bytes [6C, BE, 75, E1, D7, 0B, 3C, ...]
PAGE peauth.sys 9A56BB9C 71 Bytes [4F, 80, AD, AF, 9D, CB, D1, ...]
PAGE peauth.sys 9A56BBED 110 Bytes [1B, 92, D4, 5E, 32, 61, C8, ...]
PAGE peauth.sys 9A56C02D 101 Bytes [0E, 28, 09, 84, 52, CF, 9C, ...]

---- User code sections - GMER 1.0.15 ----

.text C:\Program Files\Alwil Software\Avast5\AvastSvc.exe[1388] kernel32.dll!SetUnhandledExceptionFilter 765B3162 4 Bytes [C2, 04, 00, 90] {RET 0x4; NOP }
.text C:\Windows\Explorer.EXE[1572] kernel32.dll!CreateProcessInternalW 765B42CE 5 Bytes JMP 00138328
.text C:\Program Files\Internet Explorer\iexplore.exe[2140] kernel32.dll!CreateProcessInternalW 765B42CE 5 Bytes JMP 0005733B
.text C:\Program Files\Internet Explorer\iexplore.exe[2140] USER32.dll!UnhookWindowsHookEx 771FCC7B 5 Bytes JMP 6F81835E C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[2140] USER32.dll!CallNextHookEx 771FCC8F 5 Bytes JMP 6F7F9D5C C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[2140] USER32.dll!CreateWindowExW 77200E51 5 Bytes JMP 6F808157 C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[2140] USER32.dll!SetWindowsHookExW 7720210A 5 Bytes JMP 6F7B4633 C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[2140] USER32.dll!DialogBoxIndirectParamW 77224AA7 5 Bytes JMP 6F92F970 C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[2140] USER32.dll!DialogBoxParamW 7722564A 5 Bytes JMP 6F724BA7 C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[2140] USER32.dll!DialogBoxParamA 7723CF6A 5 Bytes JMP 6F92F90D C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[2140] USER32.dll!DialogBoxIndirectParamA 7723D29C 5 Bytes JMP 6F92F9D3 C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[2140] USER32.dll!MessageBoxIndirectA 7724E8C9 5 Bytes JMP 6F92F8A2 C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[2140] USER32.dll!MessageBoxIndirectW 7724E9C3 5 Bytes JMP 6F92F837 C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[2140] USER32.dll!MessageBoxExA 7724EA29 5 Bytes JMP 6F92F7D5 C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[2140] USER32.dll!MessageBoxExW 7724EA4D 5 Bytes JMP 6F92F773 C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[2140] ole32.dll!OleLoadFromStream 767F5B88 5 Bytes JMP 6F92FCCE C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[2140] ole32.dll!CoCreateInstance 768457FC 5 Bytes JMP 6F808C45 C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[2140] ws2_32.dll!closesocket 76CD3BED 5 Bytes JMP 000560A8
.text C:\Program Files\Internet Explorer\iexplore.exe[2140] ws2_32.dll!recv 76CD47DF 5 Bytes JMP 00055E5D
.text C:\Program Files\Internet Explorer\iexplore.exe[2140] ws2_32.dll!WSASend 76CD68A7 5 Bytes JMP 00055F14
.text C:\Program Files\Internet Explorer\iexplore.exe[2140] ws2_32.dll!WSARecv 76CDC29F 5 Bytes JMP 00055FAE
.text C:\Program Files\Internet Explorer\iexplore.exe[2140] ws2_32.dll!send 76CDC4C8 5 Bytes JMP 00055DEA
.text C:\Program Files\Internet Explorer\iexplore.exe[2284] kernel32.dll!CreateProcessInternalW 765B42CE 5 Bytes JMP 0005733B
.text C:\Program Files\Internet Explorer\iexplore.exe[2284] USER32.dll!UnhookWindowsHookEx 771FCC7B 5 Bytes JMP 6F81835E C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[2284] USER32.dll!CallNextHookEx 771FCC8F 5 Bytes JMP 6F7F9D5C C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[2284] USER32.dll!CreateWindowExW 77200E51 5 Bytes JMP 6F808157 C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[2284] USER32.dll!SetWindowsHookExW 7720210A 5 Bytes JMP 6F7B4633 C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[2284] USER32.dll!DialogBoxIndirectParamW 77224AA7 5 Bytes JMP 6F92F970 C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[2284] USER32.dll!DialogBoxParamW 7722564A 5 Bytes JMP 6F724BA7 C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[2284] USER32.dll!DialogBoxParamA 7723CF6A 5 Bytes JMP 6F92F90D C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[2284] USER32.dll!DialogBoxIndirectParamA 7723D29C 5 Bytes JMP 6F92F9D3 C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[2284] USER32.dll!MessageBoxIndirectA 7724E8C9 5 Bytes JMP 6F92F8A2 C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[2284] USER32.dll!MessageBoxIndirectW 7724E9C3 5 Bytes JMP 6F92F837 C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[2284] USER32.dll!MessageBoxExA 7724EA29 5 Bytes JMP 6F92F7D5 C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[2284] USER32.dll!MessageBoxExW 7724EA4D 5 Bytes JMP 6F92F773 C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[2284] ole32.dll!OleLoadFromStream 767F5B88 5 Bytes JMP 6F92FCCE C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[2284] ole32.dll!CoCreateInstance 768457FC 5 Bytes JMP 6F808C45 C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[2284] ws2_32.dll!closesocket 76CD3BED 5 Bytes JMP 000560A8
.text C:\Program Files\Internet Explorer\iexplore.exe[2284] ws2_32.dll!recv 76CD47DF 5 Bytes JMP 00055E5D
.text C:\Program Files\Internet Explorer\iexplore.exe[2284] ws2_32.dll!WSASend 76CD68A7 5 Bytes JMP 00055F14
.text C:\Program Files\Internet Explorer\iexplore.exe[2284] ws2_32.dll!WSARecv 76CDC29F 5 Bytes JMP 00055FAE
.text C:\Program Files\Internet Explorer\iexplore.exe[2284] ws2_32.dll!send 76CDC4C8 5 Bytes JMP 00055DEA
.text C:\Program Files\Internet Explorer\iexplore.exe[3188] kernel32.dll!CreateProcessInternalW 765B42CE 5 Bytes JMP 0005733B
.text C:\Program Files\Internet Explorer\iexplore.exe[3188] USER32.dll!CreateWindowExW 77200E51 5 Bytes JMP 6F808157 C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[3188] USER32.dll!DialogBoxIndirectParamW 77224AA7 5 Bytes JMP 6F92F970 C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[3188] USER32.dll!DialogBoxParamW 7722564A 5 Bytes JMP 6F724BA7 C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[3188] USER32.dll!DialogBoxParamA 7723CF6A 5 Bytes JMP 6F92F90D C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[3188] USER32.dll!DialogBoxIndirectParamA 7723D29C 5 Bytes JMP 6F92F9D3 C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[3188] USER32.dll!MessageBoxIndirectA 7724E8C9 5 Bytes JMP 6F92F8A2 C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[3188] USER32.dll!MessageBoxIndirectW 7724E9C3 5 Bytes JMP 6F92F837 C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[3188] USER32.dll!MessageBoxExA 7724EA29 5 Bytes JMP 6F92F7D5 C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[3188] USER32.dll!MessageBoxExW 7724EA4D 5 Bytes JMP 6F92F773 C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[3188] ws2_32.dll!closesocket 76CD3BED 5 Bytes JMP 000560A8
.text C:\Program Files\Internet Explorer\iexplore.exe[3188] ws2_32.dll!recv 76CD47DF 5 Bytes JMP 00055E5D
.text C:\Program Files\Internet Explorer\iexplore.exe[3188] ws2_32.dll!WSASend 76CD68A7 5 Bytes JMP 00055F14
.text C:\Program Files\Internet Explorer\iexplore.exe[3188] ws2_32.dll!WSARecv 76CDC29F 5 Bytes JMP 00055FAE
.text C:\Program Files\Internet Explorer\iexplore.exe[3188] ws2_32.dll!send 76CDC4C8 5 Bytes JMP 00055DEA
.text C:\Program Files\Internet Explorer\iexplore.exe[3592] kernel32.dll!CreateProcessInternalW 765B42CE 5 Bytes JMP 0005733B
.text C:\Program Files\Internet Explorer\iexplore.exe[3592] USER32.dll!UnhookWindowsHookEx 771FCC7B 5 Bytes JMP 6F81835E C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[3592] USER32.dll!CallNextHookEx 771FCC8F 5 Bytes JMP 6F7F9D5C C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[3592] USER32.dll!CreateWindowExW 77200E51 5 Bytes JMP 6F808157 C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[3592] USER32.dll!SetWindowsHookExW 7720210A 5 Bytes JMP 6F7B4633 C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[3592] USER32.dll!DialogBoxIndirectParamW 77224AA7 5 Bytes JMP 6F92F970 C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[3592] USER32.dll!DialogBoxParamW 7722564A 5 Bytes JMP 6F724BA7 C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[3592] USER32.dll!DialogBoxParamA 7723CF6A 5 Bytes JMP 6F92F90D C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[3592] USER32.dll!DialogBoxIndirectParamA 7723D29C 5 Bytes JMP 6F92F9D3 C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[3592] USER32.dll!MessageBoxIndirectA 7724E8C9 5 Bytes JMP 6F92F8A2 C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[3592] USER32.dll!MessageBoxIndirectW 7724E9C3 5 Bytes JMP 6F92F837 C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[3592] USER32.dll!MessageBoxExA 7724EA29 5 Bytes JMP 6F92F7D5 C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[3592] USER32.dll!MessageBoxExW 7724EA4D 5 Bytes JMP 6F92F773 C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[3592] ole32.dll!OleLoadFromStream 767F5B88 5 Bytes JMP 6F92FCCE C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[3592] ole32.dll!CoCreateInstance 768457FC 5 Bytes JMP 6F808C45 C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[3592] ws2_32.dll!closesocket 76CD3BED 5 Bytes JMP 000560A8
.text C:\Program Files\Internet Explorer\iexplore.exe[3592] ws2_32.dll!recv 76CD47DF 5 Bytes JMP 00055E5D
.text C:\Program Files\Internet Explorer\iexplore.exe[3592] ws2_32.dll!WSASend 76CD68A7 5 Bytes JMP 00055F14
.text C:\Program Files\Internet Explorer\iexplore.exe[3592] ws2_32.dll!WSARecv 76CDC29F 5 Bytes JMP 00055FAE
.text C:\Program Files\Internet Explorer\iexplore.exe[3592] ws2_32.dll!send 76CDC4C8 5 Bytes JMP 00055DEA

---- Devices - GMER 1.0.15 ----

AttachedDevice \FileSystem\Ntfs \Ntfs szkgfs.sys
AttachedDevice \Driver\tdx \Device\Tcp aswTdi.SYS (avast! TDI Filter Driver/AVAST Software)

Device \Driver\ACPI_HAL \Device\00000049 halmacpi.dll (Hardware Abstraction Layer DLL/Microsoft Corporation)

AttachedDevice \Driver\volmgr \Device\HarddiskVolume1 fvevol.sys (BitLocker Drive Encryption Driver/Microsoft Corporation)
AttachedDevice \Driver\volmgr \Device\HarddiskVolume2 fvevol.sys (BitLocker Drive Encryption Driver/Microsoft Corporation)
AttachedDevice \Driver\volmgr \Device\HarddiskVolume3 fvevol.sys (BitLocker Drive Encryption Driver/Microsoft Corporation)
AttachedDevice \Driver\volmgr \Device\HarddiskVolume4 fvevol.sys (BitLocker Drive Encryption Driver/Microsoft Corporation)
AttachedDevice \Driver\tdx \Device\Udp aswTdi.SYS (avast! TDI Filter Driver/AVAST Software)

Device \Driver\szkg5 \Device\MSProcess szkg.sys

AttachedDevice \FileSystem\fastfat \Fat szkgfs.sys
---- Processes - GMER 1.0.15 ----

Library C:\Program (*** hidden *** ) @ C:\Program [2888] 0x00400000
Library C:\Windows\system32\iS3Base5.dll (*** hidden *** ) @ C:\Program [2888] 0x63100000
Library C:\Windows\system32\SZBase5.dll (*** hidden *** ) @ C:\Program [2888] 0x65000000
Library C:\Windows\system32\iS3Win325.dll (*** hidden *** ) @ C:\Program [2888] 0x64400000
Library C:\Windows\system32\iS3UI5.dll (*** hidden *** ) @ C:\Program [2888] 0x64200000
Library C:\Windows\system32\iS3HTUI5.dll (*** hidden *** ) @ C:\Program [2888] 0x10000000
Library C:\Windows\system32\iS3Svc5.dll (*** hidden *** ) @ C:\Program [2888] 0x64100000
Library C:\Program (*** hidden *** ) @ C:\Program [2888] 0x65500000
Library C:\Program (*** hidden *** ) @ C:\Program [2888] 0x00230000
Library C:\Windows\system32\iS3Inet5.dll (*** hidden *** ) @ C:\Program [2888] 0x63600000
Library C:\Program (*** hidden *** ) @ C:\Program [2888] 0x01770000
Library C:\Program (*** hidden *** ) @ C:\Program [2888] 0x01690000
Library C:\Program (*** hidden *** ) @ C:\Program [2888] 0x016C0000
Library C:\Program (*** hidden *** ) @ C:\Program [2888] 0x01700000

---- EOF - GMER 1.0.15 ----


#4 etavares

etavares

    Bleepin' Remover


  • Malware Response Team
  • 15,514 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:07:08 PM

Posted 09 October 2010 - 06:23 AM

Hello, CSMartin85.

P2P Warning and Request
The log shows that you have been using so called peer-to-peer or file-sharing programmes (in your case LimeWire). These programmes allow to share files between users as the name(s) suggest. In today's world the cyber crime has come a long way and any means is used to infect personal computers to make use of their stored data or machine power for further propagation of their malware files. A popular means is the use of file-sharing tools as a tremendous amount of prospective victims can be reached through it.

It is therefore possible to be infected by downloading manipulated files via peer-to-peer tools and thus suggested to be used with intense care. I recommend that you uninstall this program. That is optional, however. If you decide to not uninstall, please refrain from using it until I let you know your computer is clean.

Online Poker Warning
Your logs show that you have online poker programs installed on your computer. I know that you may use these (this) game(s) on a regular basis but I think it's important to note that often these kind of programmes are installed with other unwanted software, namely spyware or adware. Due to this I strongly suggest that you uninstall these programmes if you do not use them anymore or did not install these programmes yourself on purpose. There are so many online poker games out there these days that it is close to impossible to keep track of whether a programme is infected or not. Should you have installed this online poker game on purpose and wish to continue using this, you may ignore this. Should you decide to uninstall the programme, then you can do so by following the below steps:

You can remove this via Add/Remove programs.

StopZilla

I would recommend to uninstall StopZilla. It does not have a good rating on Web of Trust.





Step 1

Please download MBRCheck by ad_13 and save it to your desktop.

Double-click to run. A window will pop up. If it says 'non-standard' or 'infected' MBR code detected, please type 3 for Exit for now and press Enter.

It will save a logfile on your desktop that starts with MBR, then has the date, etc. Please copy and paste the contents of that log in your reply.



Step 2

Scan With RKUnHooker
  • Please Rootkit Unhooker and save it to your desktop.
  • Now double-click on RKUnhookerLE.exe to run it.
  • Click the Report tab, then click Scan.
  • Check (Tick) Drivers, Stealth. Uncheck the rest. then Click OK.
  • Wait till the scanner has finished and then click File, Save Report.
  • Save the report somewhere where you can find it. Click Close.

Copy the entire contents of the report and paste it in a reply here.

Note** you may get this warning it is ok, just ignore

QUOTE
"Rootkit Unhooker has detected a parasite inside itself!
It is recommended to remove parasite, okay?"


etavares


If I don't respond within 2 days, please feel free to PM me.
Please don't ask for help via PM. The forums are there for a reason. Please post in the forums so others may benefit as well.

Posted Image
Unified Network of Instructors and Trusted Eliminators
 


#5 CSMartin85

CSMartin85
  • Topic Starter

  • Members
  • 8 posts
  • OFFLINE
  •  
  • Local time:07:08 PM

Posted 09 October 2010 - 11:36 AM

Overnight, I lost access to explorer.exe. I try to run it through command and am told that it cannot be opened because it is infected with a virus. If you can tell me what to do as to obtaining the MBRcheck log. Here is the RKUnHooker log.

RkU Version: 3.8.388.590, Type LE (SR2)
==============================================
OS Name: Windows 7
Version 6.1.7600
Number of processors #2
==============================================
>Drivers
==============================================
0x9043B000 C:\Windows\system32\DRIVERS\igdkmd32.sys 9281536 bytes (Intel Corporation, Intel Graphics Kernel Mode Driver)
0x8283C000 C:\Windows\system32\ntkrnlpa.exe 4259840 bytes (Microsoft Corporation, NT Kernel & System)
0x91437000 C:\Windows\system32\DRIVERS\bcmwl6.sys 2519040 bytes (Broadcom Corporation, Broadcom 802.11 Network Adapter wireless driver)
0x964F0000 C:\Windows\System32\win32k.sys 2400256 bytes (Microsoft Corporation, Multi-User Win32 Driver)
0x8B033000 C:\Windows\System32\drivers\tcpip.sys 1347584 bytes (Microsoft Corporation, TCP/IP Driver)
0x8AC3B000 C:\Windows\System32\Drivers\Ntfs.sys 1241088 bytes (Microsoft Corporation, NT File System Driver)
0x90D15000 C:\Windows\System32\drivers\dxgkrnl.sys 749568 bytes (Microsoft Corporation, DirectX Graphics Kernel)
0x8AEA9000 C:\Windows\system32\drivers\ndis.sys 749568 bytes (Microsoft Corporation, NDIS 6.20 driver)
0x82EE0000 C:\Windows\system32\CI.dll 700416 bytes (Microsoft Corporation, Code Integrity Module)
0x98871000 C:\Windows\system32\drivers\peauth.sys 618496 bytes (Microsoft Corporation, Protected Environment Authentication and Authorization Export Driver)
0x9693B000 C:\Windows\system32\drivers\HTTP.sys 544768 bytes (Microsoft Corporation, HTTP Protocol Stack)
0x82E0D000 C:\Windows\system32\mcupdate_GenuineIntel.dll 491520 bytes (Microsoft Corporation, Intel Microcode Update Library)
0x82F8B000 C:\Windows\system32\drivers\Wdf01000.sys 462848 bytes (Microsoft Corporation, Kernel Mode Driver Framework Runtime)
0x8F618000 C:\Windows\system32\drivers\csc.sys 409600 bytes (Microsoft Corporation, Windows Client Side Caching Driver)
0x8AE35000 C:\Windows\System32\Drivers\cng.sys 380928 bytes (Microsoft Corporation, Kernel Cryptography, Next Generation)
0x90247000 C:\Windows\system32\drivers\afd.sys 368640 bytes (Microsoft Corporation, Ancillary Function Driver for WinSock)
0x9898F000 C:\Windows\System32\DRIVERS\srv.sys 331776 bytes (Microsoft Corporation, Server driver)
0x916A8000 C:\Windows\system32\DRIVERS\yk62x86.sys 331776 bytes (-, -)
0x903A1000 C:\Windows\system32\drivers\HdAudio.sys 327680 bytes (Microsoft Corporation, High Definition Audio Function Driver)
0x98940000 C:\Windows\System32\DRIVERS\srv2.sys 323584 bytes (Microsoft Corporation, Smb 2.0 Server driver)
0x8F6EA000 C:\Windows\system32\DRIVERS\USBPORT.SYS 307200 bytes (Microsoft Corporation, USB 1.1 & 2.0 Port Driver)
0x8AB0B000 C:\Windows\System32\drivers\volmgrx.sys 307200 bytes (Microsoft Corporation, Volume Manager Extension Driver)
0x8AA49000 C:\Windows\system32\DRIVERS\ACPI.sys 294912 bytes (Microsoft Corporation, ACPI Driver for NT)
0x968D2000 C:\Windows\system32\DRIVERS\nwifi.sys 286720 bytes (Microsoft Corporation, NativeWiFi Miniport Driver)
0x8F788000 C:\Windows\system32\DRIVERS\usbhub.sys 278528 bytes (Microsoft Corporation, Default Hub Driver for USB)
0x82E9E000 C:\Windows\system32\CLFS.SYS 270336 bytes (Microsoft Corporation, Common Log File System Driver)
0x90340000 C:\Windows\system32\DRIVERS\rdbss.sys 266240 bytes (Microsoft Corporation, Redirected Drive Buffering SubSystem Driver)
0x8B1B6000 C:\Windows\system32\DRIVERS\volsnap.sys 258048 bytes (Microsoft Corporation, Volume Shadow Copy Driver)
0x8AF60000 C:\Windows\system32\drivers\NETIO.SYS 253952 bytes (Microsoft Corporation, Network I/O Subsystem)
0x98803000 C:\Windows\system32\DRIVERS\mrxsmb10.sys 241664 bytes (Microsoft Corporation, Longhorn SMB Downlevel SubRdr)
0x90400000 C:\Windows\System32\drivers\dxgmms1.sys 233472 bytes (Microsoft Corporation, DirectX Graphics MMS)
0x9686E000 C:\Windows\system32\drivers\aswMonFlt.sys 225280 bytes (AVAST Software, avast! File System Minifilter for Windows 2003/Vista)
0x82805000 C:\Windows\system32\halmacpi.dll 225280 bytes (Microsoft Corporation, Hardware Abstraction Layer DLL)
0x8ABB9000 C:\Windows\system32\drivers\fltmgr.sys 212992 bytes (Microsoft Corporation, Microsoft Filesystem Filter Manager)
0x8F754000 C:\Windows\system32\DRIVERS\ks.sys 212992 bytes (Microsoft Corporation, Kernel CSA Library)
0x8AE00000 C:\Windows\System32\DRIVERS\fvevol.sys 204800 bytes (Microsoft Corporation, BitLocker Drive Encryption Driver)
0x902A6000 C:\Windows\System32\DRIVERS\netbt.sys 204800 bytes (Microsoft Corporation, MBT Transport driver)
0x8B17C000 C:\Windows\System32\drivers\fwpkclnt.sys 200704 bytes (Microsoft Corporation, FWP/IPsec Kernel-Mode API)
0x8F7CC000 C:\Windows\system32\drivers\portcls.sys 192512 bytes (Microsoft Corporation, Port Class (Class Driver for Port/Miniport Devices))
0x8B000000 C:\Windows\System32\drivers\rdyboost.sys 184320 bytes (Microsoft Corporation, ReadyBoost Driver)
0x8AD6A000 C:\Windows\System32\Drivers\msrpc.sys 176128 bytes (Microsoft Corporation, Kernel Remote Procedure Call Provider)
0x8AAA2000 C:\Windows\system32\DRIVERS\pci.sys 172032 bytes (Microsoft Corporation, NT Plug and Play PCI Enumerator)
0x8F6A2000 C:\Windows\System32\Drivers\aswSP.SYS 159744 bytes (AVAST Software, avast! self protection module)
0x8ADA8000 C:\Windows\system32\DRIVERS\CLASSPNP.SYS 151552 bytes (Microsoft Corporation, SCSI Class System Dll)
0x8AF9E000 C:\Windows\System32\Drivers\ksecpkg.sys 151552 bytes (Microsoft Corporation, Kernel Security Support Provider Interface Packages)
0x8AB75000 C:\Windows\system32\DRIVERS\ataport.SYS 143360 bytes (Microsoft Corporation, ATAPI Driver Extension)
0x96800000 C:\Windows\system32\DRIVERS\mrxsmb.sys 143360 bytes (Microsoft Corporation, Windows NT SMB Minirdr)
0x91792000 C:\Windows\system32\DRIVERS\ndiswan.sys 139264 bytes (Microsoft Corporation, MS PPP Framing Driver (Strong Encryption))
0x98912000 C:\Windows\System32\DRIVERS\srvnet.sys 135168 bytes (Microsoft Corporation, Server Network driver)
0x8F6C9000 C:\Windows\system32\DRIVERS\tunnel.sys 135168 bytes (Microsoft Corporation, Microsoft Tunnel Interface Driver)
0x8AA00000 C:\Windows\System32\drivers\VIDEOPRT.SYS 135168 bytes (Microsoft Corporation, Video Port Driver)
0x9A62B000 C:\Windows\system32\DRIVERS\WUDFRd.sys 135168 bytes (Microsoft Corporation, Windows Driver Foundation - User-mode Driver Framework Reflector)
0x8AC00000 C:\Windows\system32\DRIVERS\cdrom.sys 126976 bytes (Microsoft Corporation, SCSI CD-ROM Driver)
0x8F735000 C:\Windows\system32\DRIVERS\HDAudBus.sys 126976 bytes (Microsoft Corporation, High Definition Audio Bus Driver)
0x902DF000 C:\Windows\system32\DRIVERS\pacer.sys 126976 bytes (Microsoft Corporation, QoS Packet Scheduler)
0x96780000 C:\Windows\System32\cdd.dll 122880 bytes (Microsoft Corporation, Canonical Display Driver)
0x96853000 C:\Windows\system32\drivers\luafv.sys 110592 bytes (Microsoft Corporation, LUA File Virtualization Filter Driver)
0x9883E000 C:\Windows\system32\DRIVERS\mrxsmb20.sys 110592 bytes (Microsoft Corporation, Longhorn SMB 2.0 Redirector)
0x968A8000 C:\Windows\system32\drivers\WudfPf.sys 106496 bytes (Microsoft Corporation, Windows Driver Foundation - User-mode Driver Framework Platform Driver)
0x969C0000 C:\Windows\system32\DRIVERS\bowser.sys 102400 bytes (Microsoft Corporation, NT Lan Manager Datagram Receiver Driver)
0x90DE6000 C:\Windows\system32\drivers\drmk.sys 102400 bytes (Microsoft Corporation, Microsoft Trusted Audio Drivers)
0x8F67C000 C:\Windows\System32\Drivers\dfsc.sys 98304 bytes (Microsoft Corporation, DFS Namespace Client Driver)
0x916F9000 C:\Windows\system32\DRIVERS\i8042prt.sys 98304 bytes (Microsoft Corporation, i8042 Port Driver)
0x9176F000 C:\Windows\system32\DRIVERS\rasl2tp.sys 98304 bytes (Microsoft Corporation, RAS L2TP mini-port/call-manager driver)
0x917B4000 C:\Windows\system32\DRIVERS\raspppoe.sys 98304 bytes (Microsoft Corporation, RAS PPPoE mini-port/call-manager driver)
0x917CC000 C:\Windows\system32\DRIVERS\raspptp.sys 94208 bytes (Microsoft Corporation, Peer-to-Peer Tunneling Protocol)
0x917E3000 C:\Windows\system32\DRIVERS\rassstp.sys 94208 bytes (Microsoft Corporation, RAS SSTP Miniport Call Manager)
0x9021B000 C:\Windows\system32\DRIVERS\tdx.sys 94208 bytes (Microsoft Corporation, TDI Translation Driver)
0x9682F000 C:\Windows\system32\DRIVERS\USBSTOR.SYS 94208 bytes (Microsoft Corporation, USB Mass Storage Class Driver)
0x8AB56000 C:\Windows\System32\drivers\mountmgr.sys 90112 bytes (Microsoft Corporation, Mount Point Manager)
0x8AD95000 C:\Windows\System32\Drivers\ksecdd.sys 77824 bytes (Microsoft Corporation, Kernel Security Support Provider Interface)
0x96928000 C:\Windows\system32\DRIVERS\rspndr.sys 77824 bytes (Microsoft Corporation, Link-Layer Topology Responder Driver for NDIS 6)
0x9031D000 C:\Windows\system32\DRIVERS\wanarp.sys 77824 bytes (Microsoft Corporation, MS Remote Access and Routing ARP Driver)
0x9175D000 C:\Windows\system32\DRIVERS\AgileVpn.sys 73728 bytes (Microsoft Corporation, RAS Agile Vpn Miniport Call Manager)
0x9173E000 C:\Windows\system32\DRIVERS\intelppm.sys 73728 bytes (Microsoft Corporation, Processor Device Driver)
0x969D9000 C:\Windows\System32\drivers\mpsdrv.sys 73728 bytes (Microsoft Corporation, Microsoft Protection Service Driver)
0x8AFDB000 C:\Windows\system32\DRIVERS\disk.sys 69632 bytes (Microsoft Corporation, PnP Disk Driver)
0x8ADCD000 C:\Windows\System32\Drivers\dump_dumpfve.sys 69632 bytes
0x8ABED000 C:\Windows\system32\drivers\fileinfo.sys 69632 bytes (Microsoft Corporation, FileInfo Filter Driver)
0x9141A000 C:\Windows\System32\Drivers\NDProxy.SYS 69632 bytes (Microsoft Corporation, NDIS Proxy)
0x8AAD7000 C:\Windows\System32\drivers\partmgr.sys 69632 bytes (Microsoft Corporation, Partition Management Driver)
0x82E85000 C:\Windows\system32\PSHED.dll 69632 bytes (Microsoft Corporation, Platform Specific Hardware Error Driver)
0x902FE000 C:\Windows\system32\DRIVERS\vwififlt.sys 69632 bytes (Microsoft Corporation, Virtual WiFi Filter Driver)
0x968C2000 C:\Windows\system32\DRIVERS\lltdio.sys 65536 bytes (Microsoft Corporation, Link-Layer Topology Mapper I/O Driver)
0x8AFC3000 C:\Windows\System32\Drivers\mup.sys 65536 bytes (Microsoft Corporation, Multiple UNC Provider Driver)
0x96918000 C:\Windows\system32\DRIVERS\ndisuio.sys 65536 bytes (Microsoft Corporation, NDIS User mode I/O driver)
0x90330000 C:\Windows\system32\DRIVERS\termdd.sys 65536 bytes (Microsoft Corporation, Remote Desktop Server Driver)
0x8AAFB000 C:\Windows\system32\DRIVERS\volmgr.sys 65536 bytes (Microsoft Corporation, Volume Manager Driver)
0x90DD7000 C:\Windows\system32\DRIVERS\usbehci.sys 61440 bytes (Microsoft Corporation, EHCI eUSB Miniport Driver)
0x8F694000 C:\Windows\system32\DRIVERS\blbdrive.sys 57344 bytes (Microsoft Corporation, BLB Drive Driver)
0x9030F000 C:\Windows\system32\DRIVERS\netbios.sys 57344 bytes (Microsoft Corporation, NetBIOS interface driver)
0x9020D000 C:\Windows\System32\Drivers\Npfs.SYS 57344 bytes (Microsoft Corporation, NPFS Driver)
0x8ABA2000 C:\Windows\system32\DRIVERS\PCIIDEX.SYS 57344 bytes (Microsoft Corporation, PCI IDE Bus Driver Extension)
0x8AE92000 C:\Windows\System32\drivers\pcw.sys 57344 bytes (Microsoft Corporation, Performance Counters for Windows Driver)
0x9140C000 C:\Windows\system32\DRIVERS\umbus.sys 57344 bytes (Microsoft Corporation, User-Mode Bus Enumerator)
0x8AA3B000 C:\Windows\system32\drivers\WDFLDR.SYS 57344 bytes (Microsoft Corporation, Kernel Mode Driver Framework Loader)
0x91750000 C:\Windows\system32\DRIVERS\CompositeBus.sys 53248 bytes (Microsoft Corporation, Multi-Transport Composite Bus Enumerator)
0x8F600000 C:\Windows\System32\Drivers\crashdmp.sys 53248 bytes (Microsoft Corporation, Crash Dump Driver)
0x9171E000 C:\Windows\system32\DRIVERS\kbdclass.sys 53248 bytes (Microsoft Corporation, Keyboard Class Driver)
0x91711000 C:\Windows\system32\DRIVERS\mouclass.sys 53248 bytes (Microsoft Corporation, Mouse Class Driver)
0x98933000 C:\Windows\System32\drivers\tcpipreg.sys 53248 bytes (Microsoft Corporation, TCP/IP Registry Compatibility Driver)
0x8ADF3000 C:\Windows\System32\drivers\watchdog.sys 53248 bytes (Microsoft Corporation, Watchdog Driver)
0x90395000 C:\Windows\System32\drivers\discache.sys 49152 bytes (Microsoft Corporation, System Indexer/Cache Driver)
0x8AC26000 C:\Windows\System32\drivers\vga.sys 49152 bytes (Microsoft Corporation, VGA/Super VGA Video Driver)
0x8AAF0000 C:\Windows\system32\DRIVERS\BATTC.SYS 45056 bytes (Microsoft Corporation, Battery Class Driver)
0x8F60D000 C:\Windows\System32\Drivers\dump_dumpata.sys 45056 bytes
0x9A6B6000 C:\Windows\system32\DRIVERS\monitor.sys 45056 bytes (Microsoft Corporation, Monitor Driver)
0x82E00000 C:\Windows\System32\Drivers\Msfs.SYS 45056 bytes (Microsoft Corporation, Mailslot driver)
0x91787000 C:\Windows\system32\DRIVERS\ndistapi.sys 45056 bytes (Microsoft Corporation, NDIS 3.0 connection wrapper driver)
0x90232000 C:\Windows\system32\DRIVERS\TDI.SYS 45056 bytes (Microsoft Corporation, TDI Wrapper)
0x90DCC000 C:\Windows\system32\DRIVERS\usbuhci.sys 45056 bytes (Microsoft Corporation, UHCI USB Miniport Driver)
0x8AACC000 C:\Windows\system32\DRIVERS\vdrvroot.sys 45056 bytes (Microsoft Corporation, Virtual Drive Root Enumerator)
0x9023D000 C:\Windows\System32\Drivers\aswTdi.SYS 40960 bytes (AVAST Software, avast! TDI Filter Driver)
0x903F1000 C:\Windows\System32\Drivers\dump_msahci.sys 40960 bytes
0x9142B000 C:\Windows\System32\drivers\Dxapi.sys 40960 bytes (Microsoft Corporation, DirectX API Driver)
0x8AB98000 C:\Windows\system32\DRIVERS\msahci.sys 40960 bytes (Microsoft Corporation, MS AHCI 1.0 Standard Driver)
0x9038B000 C:\Windows\system32\DRIVERS\mssmbios.sys 40960 bytes (Microsoft Corporation, System Management BIOS Driver)
0x90381000 C:\Windows\system32\drivers\nsiproxy.sys 40960 bytes (Microsoft Corporation, NSI Proxy)
0x91400000 C:\Windows\system32\DRIVERS\rdpbus.sys 40960 bytes (Microsoft Corporation, Microsoft RDP Bus Device driver)
0x98908000 C:\Windows\System32\Drivers\secdrv.SYS 40960 bytes (Macrovision Corporation, Macrovision Europe Limited, and Macrovision Japan and Asia K.K., Macrovision SECURITY Driver)
0x9169E000 C:\Windows\system32\DRIVERS\vwifibus.sys 40960 bytes (Microsoft Corporation, Virtual WiFi Bus Driver)
0x8ABB0000 C:\Windows\system32\DRIVERS\amdxata.sys 36864 bytes (Advanced Micro Devices, Storage Filter Driver)
0x8AB6C000 C:\Windows\system32\DRIVERS\atapi.sys 36864 bytes (Microsoft Corporation, ATAPI IDE Miniport Driver)
0x8AEA0000 C:\Windows\System32\Drivers\Fs_Rec.sys 36864 bytes (Microsoft Corporation, File System Recognizer Driver)
0x9A6C1000 C:\Windows\System32\Drivers\Normandy.SYS 36864 bytes (RKU Driver)
0x96750000 C:\Windows\System32\TSDDD.dll 36864 bytes (Microsoft Corporation, Framebuffer Display Driver)
0x8B1AD000 C:\Windows\system32\DRIVERS\vmstorfl.sys 36864 bytes (Microsoft Corporation, Virtual Storage Filter Driver)
0x91735000 C:\Windows\system32\DRIVERS\wmiacpi.sys 36864 bytes (Microsoft Corporation, Windows Management Interface for ACPI)
0x8AA91000 C:\Windows\system32\DRIVERS\WMILIB.SYS 36864 bytes (Microsoft Corporation, WMILIB WMI support library Dll)
0x82E96000 C:\Windows\system32\BOOTVID.dll 32768 bytes (Microsoft Corporation, VGA Boot Driver)
0x8AAE8000 C:\Windows\system32\DRIVERS\compbatt.sys 32768 bytes (Microsoft Corporation, Composite Battery Driver)
0x8AFD3000 C:\Windows\System32\drivers\hwpolicy.sys 32768 bytes (Microsoft Corporation, Hardware Policy Driver)
0x80BAA000 C:\Windows\system32\kdcom.dll 32768 bytes (Microsoft Corporation, Serial Kernel Debugger)
0x8AA9A000 C:\Windows\system32\DRIVERS\msisadrv.sys 32768 bytes (Microsoft Corporation, ISA Driver)
0x8AC32000 C:\Windows\System32\DRIVERS\RDPCDD.sys 32768 bytes (Microsoft Corporation, RDP Miniport)
0x8AA21000 C:\Windows\system32\drivers\rdpencdd.sys 32768 bytes (Microsoft Corporation, RDP Encoder Miniport)
0x8AA29000 C:\Windows\system32\drivers\rdprefmp.sys 32768 bytes (Microsoft Corporation, RDP Reflector Driver Miniport)
0x8B1F5000 C:\Windows\System32\Drivers\spldr.sys 32768 bytes (Microsoft Corporation, loader for security processor)
0x8AC1F000 C:\Windows\System32\Drivers\Beep.SYS 28672 bytes (Microsoft Corporation, BEEP Driver)
0x8AFF9000 C:\Windows\System32\Drivers\Null.SYS 28672 bytes (Microsoft Corporation, NULL Driver)
0x902D8000 C:\Windows\system32\DRIVERS\wfplwf.sys 28672 bytes (Microsoft Corporation, WFP NDIS 6.20 Lightweight Filter Driver)
0x9172B000 C:\Windows\system32\DRIVERS\GEARAspiWDM.sys 24576 bytes (GEAR Software Inc., CD DVD Filter)
0x902A1000 C:\Windows\System32\Drivers\aswRdr.SYS 20480 bytes (AVAST Software, avast! TDI RDR Driver)
0x91731000 C:\Windows\system32\DRIVERS\CmBatt.sys 16384 bytes (Microsoft Corporation, Control Method Battery Driver)
0x968A5000 C:\Windows\System32\Drivers\aswFsBlk.SYS 12288 bytes (AVAST Software, avast! File System Access Blocking Driver)
0x9140A000 C:\Windows\system32\DRIVERS\swenum.sys 8192 bytes (Microsoft Corporation, Plug and Play Software Device Enumerator)
0x96846000 C:\Windows\system32\DRIVERS\USBD.SYS 8192 bytes (Microsoft Corporation, Universal Serial Bus Driver)
==============================================
>Stealth
==============================================
0x9A676F2E Unknown thread object [ ETHREAD 0x85012AA8 ] , 600 bytes


!!POSSIBLE ROOTKIT ACTIVITY DETECTED!! =)

#6 etavares

etavares

    Bleepin' Remover


  • Malware Response Team
  • 15,514 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:07:08 PM

Posted 10 October 2010 - 07:05 AM

Hello, CSMartin85.

Ok, let's try to regain control then we can run MBR_check.

Next, please download ComboFix from one of these locations:* IMPORTANT !!! Save ComboFix.exe to your Desktop as etavaresCF.exe
  • Disable your AntiVirus and AntiSpyware applications, usually via a right click on the System Tray icon. They may otherwise interfere with our tools. (Click on this link to see a list of programs that should be disabled. The list is not all inclusive.)
  • Double click on etavaresCF.exe & follow the prompts.
  • As part of it's process, ComboFix will check to see if the Microsoft Windows Recovery Console is installed. With malware infections being as they are today, it's strongly recommended to have this pre-installed on your machine before doing any malware removal. It will allow you to boot up into a special recovery/repair mode that will allow us to more easily help you should your computer have a problem after an attempted removal of malware.
  • Follow the prompts to allow ComboFix to download and install the Microsoft Windows Recovery Console, and when prompted, agree to the End-User License Agreement to install the Microsoft Windows Recovery Console.
**Please note: If the Microsoft Windows Recovery Console is already installed, ComboFix will continue it's malware removal procedures.



Once the Microsoft Windows Recovery Console is installed using ComboFix, you should see the following message:



Click on Yes, to continue scanning for malware.

When finished, it shall produce a log for you. Please include the C:\ComboFix.txt in your next reply, along with any symptoms that are present after it runs.

etavares


If I don't respond within 2 days, please feel free to PM me.
Please don't ask for help via PM. The forums are there for a reason. Please post in the forums so others may benefit as well.

Posted Image
Unified Network of Instructors and Trusted Eliminators
 


#7 CSMartin85

CSMartin85
  • Topic Starter

  • Members
  • 8 posts
  • OFFLINE
  •  
  • Local time:07:08 PM

Posted 11 October 2010 - 08:33 PM

I have no desktop due to the loss of explorer.exe. I've tried running ComboFix rather than saving it but nothing happens.

#8 CSMartin85

CSMartin85
  • Topic Starter

  • Members
  • 8 posts
  • OFFLINE
  •  
  • Local time:07:08 PM

Posted 11 October 2010 - 09:27 PM

My apologies for the double post but I figured out how to run ComboFix. I also have my Explorer.exe back, so that's very helpful. Here is my ComboFix log.

ComboFix 10-10-11.01 - Christian 10/11/2010 22:11:52.1.2 - x86
Microsoft® Windows 7 Eternity™ 2009 6.1.7600.0.1252.1.1033.18.3032.2294 [GMT -4:00]
Running from: c:\users\Christian\Desktop\etavarescf.exe
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

Infected copy of c:\windows\explorer.exe was found and disinfected
Restored copy from - c:\windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.20563_none_52283b2af41f3691\explorer.exe

Infected copy of c:\windows\System32\wininit.exe was found and disinfected
Restored copy from - c:\windows\winsxs\x86_microsoft-windows-wininit_31bf3856ad364e35_6.1.7600.16385_none_30c90ef265a43c13\wininit.exe

Infected copy of c:\windows\explorer.exe was found and disinfected
Restored copy from - c:\windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.20563_none_52283b2af41f3691\explorer.exe
.
((((((((((((((((((((((((( Files Created from 2010-09-12 to 2010-10-12 )))))))))))))))))))))))))))))))
.

2010-10-12 02:10 . 2010-10-12 02:11 -------- d-----w- C:\32788R22FWJFW
2010-10-01 19:03 . 2010-10-08 07:33 -------- d-----w- c:\program files\Common Files\iS3
2010-10-01 19:03 . 2010-10-08 03:44 -------- d-----w- c:\programdata\STOPzilla!
2010-10-01 02:46 . 2010-10-01 02:46 -------- d-----w- c:\users\Christian\AppData\Roaming\Malwarebytes
2010-10-01 02:45 . 2010-04-29 19:39 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2010-10-01 02:45 . 2010-10-01 02:45 -------- d-----w- c:\programdata\Malwarebytes
2010-10-01 02:45 . 2010-10-01 02:45 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2010-10-01 02:45 . 2010-04-29 19:39 20952 ----a-w- c:\windows\system32\drivers\mbam.sys
2010-10-01 00:02 . 2010-07-17 09:00 423656 ----a-w- c:\windows\system32\deployJava1.dll
2010-10-01 00:02 . 2010-07-17 09:00 423656 ----a-w- c:\program files\Mozilla Firefox\plugins\npdeployJava1.dll
2010-09-30 23:51 . 2010-03-04 03:57 190976 ----a-w- c:\windows\system32\drivers\ks.sys
2010-09-30 23:51 . 2010-06-19 06:15 2048 ----a-w- c:\windows\system32\tzres.dll
2010-09-30 23:51 . 2010-08-27 05:30 13312 ----a-w- c:\program files\Internet Explorer\iecompat.dll
2010-09-30 16:34 . 2010-09-30 23:29 -------- d-----w- c:\program files\FBLayouts
2010-09-26 18:18 . 2010-09-30 23:30 -------- d-----w- c:\program files\Google
2010-09-26 18:18 . 2010-09-27 06:06 -------- d-----w- c:\users\Christian\AppData\Local\Google
2010-09-18 03:41 . 2010-09-18 03:41 -------- d-----w- c:\windows\Sun
2010-09-16 01:38 . 2010-09-17 00:34 -------- d-----w- c:\programdata\Blizzard Entertainment
2010-09-16 00:44 . 2010-09-16 01:19 -------- d-----w- c:\users\Public\Games
2010-09-16 00:27 . 2010-09-16 00:27 -------- d-----w- c:\programdata\Blizzard
2010-09-15 22:14 . 2010-09-30 23:42 -------- d-----w- c:\program files\Common Files\Blizzard Entertainment
2010-09-15 21:19 . 2010-08-21 05:32 316928 ----a-w- c:\windows\system32\spoolsv.exe

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"avast5"="c:\program files\Alwil Software\Avast5\avastUI.exe" [2010-09-07 2838912]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2010-04-21 136216]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2010-04-21 171032]
"Persistence"="c:\windows\system32\igfxpers.exe" [2010-04-21 169496]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2010-09-01 421160]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2010-05-14 248552]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"Welcome Center"="c:\windows\system32\OobeFldr.dll" [2009-09-11 859648]
"Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2009-07-14 1173504]

c:\users\Christian\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
LimeWire On Startup.lnk - c:\program files\LimeWire\LimeWire.exe [2010-8-19 503808]

c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
RocketDock.lnk - c:\program files\RocketDock\RocketDock.exe [2009-9-16 495616]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 0 (0x0)
"ConsentPromptBehaviorUser"= 0 (0x0)
"EnableLUA"= 0 (0x0)
"EnableUIADesktopToggle"= 0 (0x0)

[HKEY_USERS\.default\software\microsoft\windows\currentversion\policies\explorer]
"NoResolveTrack"= 1 (0x1)
"NoSMBalloonTip"= 1 (0x1)

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"aux1"=wdmaud.drv

R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]
S1 aswSP;aswSP; [x]
S1 vwififlt;Virtual WiFi Filter Driver;c:\windows\system32\DRIVERS\vwififlt.sys [2009-07-13 48128]
S2 aswFsBlk;aswFsBlk; [x]
S2 aswMonFlt;aswMonFlt;c:\windows\system32\drivers\aswMonFlt.sys [2010-09-07 50768]
S3 yukonw7;NDIS6.2 Miniport Driver for Marvell Yukon Ethernet Controller;c:\windows\system32\DRIVERS\yk62x86.sys [2009-09-28 315392]

.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.facebook.com/
uInternet Settings,ProxyOverride = *.local
IE: {{FA9B9510-9FCB-4ca0-818C-5D0987B47C4D} - c:\program files\PokerStars.NET\PokerStarsUpdate.exe
FF - ProfilePath - c:\users\Christian\AppData\Roaming\Mozilla\Firefox\Profiles\fiquc365.default\
FF - plugin: c:\program files\DivX\DivX Plus Web Player\npdivx32.dll
FF - plugin: c:\program files\Java\jre6\bin\new_plugin\npdeployJava1.dll

---- FIREFOX POLICIES ----
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgbaam7a8h", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgberp4a5d4ar", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled", false);
.
- - - - ORPHANS REMOVED - - - -

HKCU-Run-AppVodBurner - (no file)


.
--------------------- LOCKED REGISTRY KEYS ---------------------

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil10i_ActiveX.exe,-101"

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]
"Enabled"=dword:00000001

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]
@="c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil10i_ActiveX.exe"

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"

[HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]
@Denied: (A 2) (Everyone)
@="IFlashBroker4"

[HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"

[HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"

[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'Explorer.exe'(2708)
c:\program files\RocketDock\RocketDock.dll
.
------------------------ Other Running Processes ------------------------
.
c:\program files\Alwil Software\Avast5\AvastSvc.exe
c:\program files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
c:\program files\Bonjour\mDNSResponder.exe
c:\windows\system32\WUDFHost.exe
c:\windows\system32\taskhost.exe
c:\windows\system32\conhost.exe
c:\program files\iPod\bin\iPodService.exe
c:\program files\Windows Media Player\wmpnetwk.exe
c:\windows\system32\sppsvc.exe
c:\\?\c:\windows\system32\wbem\WMIADAP.EXE
.
**************************************************************************
.
Completion time: 2010-10-11 22:21:08 - machine was rebooted
ComboFix-quarantined-files.txt 2010-10-12 02:21

Pre-Run: 141,096,284,160 bytes free
Post-Run: 141,111,382,016 bytes free

- - End Of File - - 8178C78B2B217C6AF208C0AE75032008


#9 etavares

etavares

    Bleepin' Remover


  • Malware Response Team
  • 15,514 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:07:08 PM

Posted 12 October 2010 - 05:13 PM

Hello, CSMartin85.
OK, you had a Bamital infection. I'll provide this warning below. HOw is your computer running now?

Backdoor Warning
One or more of the identified infections is a backdoor trojan.

This allows hackers to remotely control your computer, steal critical system information and download and execute files.

I would counsel you to disconnect this PC from the Internet immediately. If you do any banking or other financial transactions on the PC or if it should contain any other sensitive information, please get to a known clean computer and change all passwords where applicable, and it would be wise to contact those same financial institutions to apprise them of your situation.

Though the trojan has been identified and can be killed, because of it's backdoor functionality, your PC is very likely compromised and there is no way to be sure your computer can ever again be trusted. Many experts in the security community believe that once infected with this type of trojan, the best course of action would be a reformat and reinstall of the OS. Please read these for more information:

How Do I Handle Possible Identify Theft, Internet Fraud and CC Fraud?
When Should I Format, How Should I Reinstall

We can still clean this machine but I can't guarantee that it will be 100% secure afterwards. Let me know what you decide to do. If you do decide to proceed, please continue with the fix below.















Step 1

1. Close any open browsers.

2. Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.

3. Open notepad and copy/paste the text in the quotebox below into it:

QUOTE
Driver::
aswSP
aswFsBlk
RegLock::
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\PCW\Security]


Save this as CFScript.txt, in the same location as ComboFix.exe




Refering to the picture above, drag CFScript into ComboFix.exe

When finished, it shall produce a log for you at C:\ComboFix.txt which I will require in your next reply.



Step 2


Please try to run MBR check now.

Please download MBRCheck by ad_13 and save it to your desktop.

Double-click to run. A window will pop up. If it says 'non-standard' or 'infected' MBR code detected, please type 3 for Exit for now and press Enter.

It will save a logfile on your desktop that starts with MBR, then has the date, etc. Please copy and paste the contents of that log in your reply.

etavares


If I don't respond within 2 days, please feel free to PM me.
Please don't ask for help via PM. The forums are there for a reason. Please post in the forums so others may benefit as well.

Posted Image
Unified Network of Instructors and Trusted Eliminators
 


#10 CSMartin85

CSMartin85
  • Topic Starter

  • Members
  • 8 posts
  • OFFLINE
  •  
  • Local time:07:08 PM

Posted 12 October 2010 - 11:22 PM

My computer has been running perfectly. No Google redirects, no loss of explorer.exe, generally no problems at all. Here are the requested logs.

ComboFix 10-10-12.01 - Christian 10/13/2010 0:08.2.2 - x86
Microsoft® Windows 7 Eternity™ 2009 6.1.7600.0.1252.1.1033.18.3032.2221 [GMT -4:00]
Running from: c:\users\Christian\Desktop\etavarescf.exe
Command switches used :: c:\users\Christian\Desktop\CFScript.txt
* Created a new restore point
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.

-------\Legacy_ASWFSBLK
-------\Legacy_ASWSP
-------\Service_aswFsBlk
-------\Service_aswSP


((((((((((((((((((((((((( Files Created from 2010-09-13 to 2010-10-13 )))))))))))))))))))))))))))))))
.

2010-10-13 04:13 . 2010-10-13 04:13 -------- d-----w- C:\Device
2010-10-13 04:12 . 2010-10-13 04:12 -------- d-----w- c:\users\Default\AppData\Local\temp
2010-10-13 04:06 . 2010-10-13 04:06 -------- d-----w- C:\32788R22FWJFW
2010-10-12 02:16 . 2010-10-13 04:14 -------- d-----w- c:\users\Christian\AppData\Local\temp
2010-10-01 19:03 . 2010-10-08 07:33 -------- d-----w- c:\program files\Common Files\iS3
2010-10-01 19:03 . 2010-10-08 03:44 -------- d-----w- c:\programdata\STOPzilla!
2010-10-01 02:46 . 2010-10-01 02:46 -------- d-----w- c:\users\Christian\AppData\Roaming\Malwarebytes
2010-10-01 02:45 . 2010-04-29 19:39 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2010-10-01 02:45 . 2010-10-01 02:45 -------- d-----w- c:\programdata\Malwarebytes
2010-10-01 02:45 . 2010-10-01 02:45 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2010-10-01 02:45 . 2010-04-29 19:39 20952 ----a-w- c:\windows\system32\drivers\mbam.sys
2010-10-01 00:02 . 2010-07-17 09:00 423656 ----a-w- c:\windows\system32\deployJava1.dll
2010-10-01 00:02 . 2010-07-17 09:00 423656 ----a-w- c:\program files\Mozilla Firefox\plugins\npdeployJava1.dll
2010-09-30 23:51 . 2010-03-04 03:57 190976 ----a-w- c:\windows\system32\drivers\ks.sys
2010-09-30 23:51 . 2010-06-19 06:15 2048 ----a-w- c:\windows\system32\tzres.dll
2010-09-30 23:51 . 2010-08-27 05:30 13312 ----a-w- c:\program files\Internet Explorer\iecompat.dll
2010-09-30 16:34 . 2010-09-30 23:29 -------- d-----w- c:\program files\FBLayouts
2010-09-26 18:18 . 2010-09-30 23:30 -------- d-----w- c:\program files\Google
2010-09-26 18:18 . 2010-09-27 06:06 -------- d-----w- c:\users\Christian\AppData\Local\Google
2010-09-18 03:41 . 2010-09-18 03:41 -------- d-----w- c:\windows\Sun
2010-09-16 01:38 . 2010-09-17 00:34 -------- d-----w- c:\programdata\Blizzard Entertainment
2010-09-16 00:44 . 2010-09-16 01:19 -------- d-----w- c:\users\Public\Games
2010-09-16 00:27 . 2010-09-16 00:27 -------- d-----w- c:\programdata\Blizzard
2010-09-15 22:14 . 2010-09-30 23:42 -------- d-----w- c:\program files\Common Files\Blizzard Entertainment
2010-09-15 21:19 . 2010-08-21 05:32 316928 ----a-w- c:\windows\system32\spoolsv.exe

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2010-04-21 136216]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2010-04-21 171032]
"Persistence"="c:\windows\system32\igfxpers.exe" [2010-04-21 169496]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2010-09-01 421160]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2010-05-14 248552]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"Welcome Center"="c:\windows\system32\OobeFldr.dll" [2009-09-11 859648]
"Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2009-07-14 1173504]

c:\users\Christian\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
LimeWire On Startup.lnk - c:\program files\LimeWire\LimeWire.exe [2010-8-19 503808]

c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
RocketDock.lnk - c:\program files\RocketDock\RocketDock.exe [2009-9-16 495616]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 0 (0x0)
"ConsentPromptBehaviorUser"= 0 (0x0)
"EnableLUA"= 0 (0x0)
"EnableUIADesktopToggle"= 0 (0x0)

[HKEY_USERS\.default\software\microsoft\windows\currentversion\policies\explorer]
"NoResolveTrack"= 1 (0x1)
"NoSMBalloonTip"= 1 (0x1)

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"aux1"=wdmaud.drv

R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]
S1 vwififlt;Virtual WiFi Filter Driver;c:\windows\system32\DRIVERS\vwififlt.sys [2009-07-13 48128]
S2 aswMonFlt;aswMonFlt;c:\windows\system32\drivers\aswMonFlt.sys [2010-09-07 50768]
S3 yukonw7;NDIS6.2 Miniport Driver for Marvell Yukon Ethernet Controller;c:\windows\system32\DRIVERS\yk62x86.sys [2009-09-28 315392]

.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.facebook.com/
uInternet Settings,ProxyOverride = *.local
IE: {{FA9B9510-9FCB-4ca0-818C-5D0987B47C4D} - c:\program files\PokerStars.NET\PokerStarsUpdate.exe
FF - ProfilePath - c:\users\Christian\AppData\Roaming\Mozilla\Firefox\Profiles\fiquc365.default\
FF - plugin: c:\program files\DivX\DivX Plus Web Player\npdivx32.dll
FF - plugin: c:\program files\Java\jre6\bin\new_plugin\npdeployJava1.dll

---- FIREFOX POLICIES ----
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgbaam7a8h", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgberp4a5d4ar", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled", false);
.
.
--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'Explorer.exe'(3112)
c:\program files\RocketDock\RocketDock.dll
.
------------------------ Other Running Processes ------------------------
.
c:\program files\Alwil Software\Avast5\AvastSvc.exe
c:\program files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
c:\windows\system32\taskhost.exe
c:\program files\Bonjour\mDNSResponder.exe
c:\windows\system32\conhost.exe
c:\program files\iPod\bin\iPodService.exe
c:\windows\system32\WUDFHost.exe
c:\program files\Windows Media Player\wmpnetwk.exe
c:\windows\system32\sppsvc.exe
.
**************************************************************************
.
Completion time: 2010-10-13 00:17:15 - machine was rebooted
ComboFix-quarantined-files.txt 2010-10-13 04:17
ComboFix2.txt 2010-10-12 02:21

Pre-Run: 136,924,889,088 bytes free
Post-Run: 136,868,663,296 bytes free

- - End Of File - - AA80B0BB6F4FF16908B79B77BEF7D7A4

MBRCheck, version 1.2.3
© 2010, AD

Command-line:
Windows Version: Windows 7 Ultimate Edition
Windows Information: (build 7600), 32-bit
Base Board Manufacturer: Dell Inc.
BIOS Manufacturer: Dell Inc.
System Manufacturer: Dell Inc.
System Product Name: Inspiron 1545
Logical Drives Mask: 0x0000001c

Kernel Drivers (total 153):
0x82808000 \SystemRoot\system32\ntkrnlpa.exe
0x82C18000 \SystemRoot\system32\halmacpi.dll
0x80BA2000 \SystemRoot\system32\kdcom.dll
0x82E0A000 \SystemRoot\system32\mcupdate_GenuineIntel.dll
0x82E82000 \SystemRoot\system32\PSHED.dll
0x82E93000 \SystemRoot\system32\BOOTVID.dll
0x82E9B000 \SystemRoot\system32\CLFS.SYS
0x82EDD000 \SystemRoot\system32\CI.dll
0x82F88000 \SystemRoot\system32\drivers\Wdf01000.sys
0x8AA12000 \SystemRoot\system32\drivers\WDFLDR.SYS
0x8AA20000 \SystemRoot\system32\DRIVERS\ACPI.sys
0x8AA68000 \SystemRoot\system32\DRIVERS\WMILIB.SYS
0x8AA71000 \SystemRoot\system32\DRIVERS\msisadrv.sys
0x8AA79000 \SystemRoot\system32\DRIVERS\pci.sys
0x8AAA3000 \SystemRoot\system32\DRIVERS\vdrvroot.sys
0x8AAAE000 \SystemRoot\System32\drivers\partmgr.sys
0x8AABF000 \SystemRoot\system32\DRIVERS\compbatt.sys
0x8AAC7000 \SystemRoot\system32\DRIVERS\BATTC.SYS
0x8AAD2000 \SystemRoot\system32\DRIVERS\volmgr.sys
0x8AAE2000 \SystemRoot\System32\drivers\volmgrx.sys
0x8AB2D000 \SystemRoot\System32\drivers\mountmgr.sys
0x8AB43000 \SystemRoot\system32\DRIVERS\atapi.sys
0x8AB4C000 \SystemRoot\system32\DRIVERS\ataport.SYS
0x8AB6F000 \SystemRoot\system32\DRIVERS\msahci.sys
0x8AB79000 \SystemRoot\system32\DRIVERS\PCIIDEX.SYS
0x8AB87000 \SystemRoot\system32\DRIVERS\amdxata.sys
0x8AB90000 \SystemRoot\system32\drivers\fltmgr.sys
0x8ABC4000 \SystemRoot\system32\drivers\fileinfo.sys
0x8AC13000 \SystemRoot\System32\Drivers\Ntfs.sys
0x8AD42000 \SystemRoot\System32\Drivers\msrpc.sys
0x8AD6D000 \SystemRoot\System32\Drivers\ksecdd.sys
0x8AD80000 \SystemRoot\System32\Drivers\cng.sys
0x8ADDD000 \SystemRoot\System32\drivers\pcw.sys
0x8ADEB000 \SystemRoot\System32\Drivers\Fs_Rec.sys
0x8AE11000 \SystemRoot\system32\drivers\ndis.sys
0x8AEC8000 \SystemRoot\system32\drivers\NETIO.SYS
0x8AF06000 \SystemRoot\System32\Drivers\ksecpkg.sys
0x8B01D000 \SystemRoot\System32\drivers\tcpip.sys
0x8B166000 \SystemRoot\System32\drivers\fwpkclnt.sys
0x8B197000 \SystemRoot\system32\DRIVERS\vmstorfl.sys
0x8B1A0000 \SystemRoot\system32\DRIVERS\volsnap.sys
0x8B1DF000 \SystemRoot\System32\Drivers\spldr.sys
0x8AF2B000 \SystemRoot\System32\drivers\rdyboost.sys
0x8B1E7000 \SystemRoot\System32\Drivers\mup.sys
0x8B1F7000 \SystemRoot\System32\drivers\hwpolicy.sys
0x8AF58000 \SystemRoot\System32\DRIVERS\fvevol.sys
0x8B000000 \SystemRoot\system32\DRIVERS\disk.sys
0x8AF8A000 \SystemRoot\system32\DRIVERS\CLASSPNP.SYS
0x8AFD7000 \SystemRoot\system32\DRIVERS\cdrom.sys
0x8AFF6000 \SystemRoot\System32\Drivers\Null.SYS
0x8AE00000 \SystemRoot\System32\Drivers\Beep.SYS
0x8ADF4000 \SystemRoot\System32\drivers\vga.sys
0x8ABD5000 \SystemRoot\System32\drivers\VIDEOPRT.SYS
0x8AC00000 \SystemRoot\System32\drivers\watchdog.sys
0x8AE07000 \SystemRoot\System32\DRIVERS\RDPCDD.sys
0x8ABF6000 \SystemRoot\system32\drivers\rdpencdd.sys
0x8AA00000 \SystemRoot\system32\drivers\rdprefmp.sys
0x8F63A000 \SystemRoot\System32\Drivers\Msfs.SYS
0x8F645000 \SystemRoot\System32\Drivers\Npfs.SYS
0x8F653000 \SystemRoot\system32\DRIVERS\tdx.sys
0x8F66A000 \SystemRoot\system32\DRIVERS\TDI.SYS
0x8F675000 \SystemRoot\System32\Drivers\aswTdi.SYS
0x8F67F000 \SystemRoot\system32\drivers\afd.sys
0x8F6D9000 \SystemRoot\System32\Drivers\aswRdr.SYS
0x8F6DE000 \SystemRoot\System32\DRIVERS\netbt.sys
0x8F710000 \SystemRoot\system32\DRIVERS\wfplwf.sys
0x8F717000 \SystemRoot\system32\DRIVERS\pacer.sys
0x8F736000 \SystemRoot\system32\DRIVERS\vwififlt.sys
0x8F747000 \SystemRoot\system32\DRIVERS\netbios.sys
0x8F755000 \SystemRoot\system32\DRIVERS\wanarp.sys
0x8F768000 \SystemRoot\system32\DRIVERS\termdd.sys
0x8F778000 \SystemRoot\system32\DRIVERS\rdbss.sys
0x8F7B9000 \SystemRoot\system32\drivers\nsiproxy.sys
0x8F7C3000 \SystemRoot\system32\DRIVERS\mssmbios.sys
0x8F7CD000 \SystemRoot\System32\drivers\discache.sys
0x8EE28000 \SystemRoot\system32\drivers\csc.sys
0x8EE8C000 \SystemRoot\System32\Drivers\dfsc.sys
0x8EEA4000 \SystemRoot\system32\DRIVERS\blbdrive.sys
0x8EEB2000 \SystemRoot\system32\DRIVERS\tunnel.sys
0x90408000 \SystemRoot\system32\DRIVERS\igdkmd32.sys
0x90CE2000 \SystemRoot\System32\drivers\dxgkrnl.sys
0x90D99000 \SystemRoot\System32\drivers\dxgmms1.sys
0x90DD2000 \SystemRoot\system32\DRIVERS\usbuhci.sys
0x8EED3000 \SystemRoot\system32\DRIVERS\USBPORT.SYS
0x90DDD000 \SystemRoot\system32\DRIVERS\usbehci.sys
0x8EF1E000 \SystemRoot\system32\DRIVERS\HDAudBus.sys
0x9101F000 \SystemRoot\system32\DRIVERS\bcmwl6.sys
0x91286000 \SystemRoot\system32\DRIVERS\vwifibus.sys
0x91290000 \SystemRoot\system32\DRIVERS\yk62x86.sys
0x912E1000 \SystemRoot\system32\DRIVERS\i8042prt.sys
0x912F9000 \SystemRoot\system32\DRIVERS\mouclass.sys
0x91306000 \SystemRoot\system32\DRIVERS\kbdclass.sys
0x91313000 \SystemRoot\system32\DRIVERS\GEARAspiWDM.sys
0x91319000 \SystemRoot\system32\DRIVERS\CmBatt.sys
0x9131D000 \SystemRoot\system32\DRIVERS\wmiacpi.sys
0x91326000 \SystemRoot\system32\DRIVERS\intelppm.sys
0x91338000 \SystemRoot\system32\DRIVERS\CompositeBus.sys
0x91345000 \SystemRoot\system32\DRIVERS\AgileVpn.sys
0x91357000 \SystemRoot\system32\DRIVERS\rasl2tp.sys
0x9136F000 \SystemRoot\system32\DRIVERS\ndistapi.sys
0x9137A000 \SystemRoot\system32\DRIVERS\ndiswan.sys
0x9139C000 \SystemRoot\system32\DRIVERS\raspppoe.sys
0x913B4000 \SystemRoot\system32\DRIVERS\raspptp.sys
0x913CB000 \SystemRoot\system32\DRIVERS\rassstp.sys
0x913E2000 \SystemRoot\system32\DRIVERS\rdpbus.sys
0x913EC000 \SystemRoot\system32\DRIVERS\swenum.sys
0x8EF3D000 \SystemRoot\system32\DRIVERS\ks.sys
0x913EE000 \SystemRoot\system32\DRIVERS\umbus.sys
0x8EF71000 \SystemRoot\system32\DRIVERS\usbhub.sys
0x91000000 \SystemRoot\System32\Drivers\NDProxy.SYS
0x9522A000 \SystemRoot\system32\drivers\HdAudio.sys
0x9527A000 \SystemRoot\system32\drivers\portcls.sys
0x952A9000 \SystemRoot\system32\drivers\drmk.sys
0x952C2000 \SystemRoot\System32\Drivers\crashdmp.sys
0x952CF000 \SystemRoot\System32\Drivers\dump_dumpata.sys
0x952DA000 \SystemRoot\System32\Drivers\dump_msahci.sys
0x952E4000 \SystemRoot\System32\Drivers\dump_dumpfve.sys
0x94E40000 \SystemRoot\System32\win32k.sys
0x952F5000 \SystemRoot\System32\drivers\Dxapi.sys
0x952FF000 \SystemRoot\system32\DRIVERS\USBSTOR.SYS
0x95316000 \SystemRoot\system32\DRIVERS\USBD.SYS
0x95318000 \SystemRoot\system32\DRIVERS\monitor.sys
0x950A0000 \SystemRoot\System32\TSDDD.dll
0x950D0000 \SystemRoot\System32\cdd.dll
0x95323000 \SystemRoot\system32\drivers\luafv.sys
0x9533E000 \??\C:\Windows\system32\drivers\aswMonFlt.sys
0x95375000 \SystemRoot\system32\drivers\WudfPf.sys
0x9538F000 \SystemRoot\system32\DRIVERS\lltdio.sys
0x9539F000 \SystemRoot\system32\DRIVERS\nwifi.sys
0x953E5000 \SystemRoot\system32\DRIVERS\ndisuio.sys
0x95200000 \SystemRoot\system32\DRIVERS\rspndr.sys
0x97639000 \SystemRoot\system32\drivers\HTTP.sys
0x976BE000 \SystemRoot\system32\DRIVERS\bowser.sys
0x976D7000 \SystemRoot\System32\drivers\mpsdrv.sys
0x976E9000 \SystemRoot\system32\DRIVERS\mrxsmb.sys
0x9770C000 \SystemRoot\system32\DRIVERS\mrxsmb10.sys
0x97747000 \SystemRoot\system32\DRIVERS\mrxsmb20.sys
0x97762000 \SystemRoot\system32\drivers\peauth.sys
0x97600000 \SystemRoot\System32\Drivers\secdrv.SYS
0x9760A000 \SystemRoot\System32\DRIVERS\srvnet.sys
0x9762B000 \SystemRoot\System32\drivers\tcpipreg.sys
0x9902D000 \SystemRoot\System32\DRIVERS\srv2.sys
0x9907C000 \SystemRoot\System32\DRIVERS\srv.sys
0x990CD000 \SystemRoot\system32\DRIVERS\WUDFRd.sys
0x990EE000 \SystemRoot\system32\drivers\spsys.sys
0x99158000 \??\C:\Windows\system32\Drivers\PROCEXP113.SYS
0x777E0000 \Windows\System32\ntdll.dll
0x47C20000 \Windows\System32\smss.exe
0x77A20000 \Windows\System32\apisetschema.dll
0x00070000 \Windows\System32\autochk.exe
0x77970000 \Windows\System32\usp10.dll
0x77640000 \Windows\System32\setupapi.dll
0x77570000 \Windows\System32\msctf.dll

Processes (total 49):
0 System Idle Process
4 System
260 C:\Windows\System32\smss.exe
348 csrss.exe
400 C:\Windows\System32\wininit.exe
412 csrss.exe
460 C:\Windows\System32\services.exe
484 C:\Windows\System32\winlogon.exe
504 C:\Windows\System32\lsass.exe
516 C:\Windows\System32\lsm.exe
628 C:\Windows\System32\svchost.exe
720 C:\Windows\System32\svchost.exe
816 C:\Windows\System32\svchost.exe
848 C:\Windows\System32\svchost.exe
876 C:\Windows\System32\svchost.exe
940 C:\Windows\System32\audiodg.exe
1020 C:\Windows\System32\svchost.exe
1216 C:\Windows\System32\svchost.exe
1316 C:\Program Files\Alwil Software\Avast5\AvastSvc.exe
1564 C:\Windows\System32\spoolsv.exe
1604 C:\Windows\System32\svchost.exe
1720 C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
1776 C:\Windows\System32\taskhost.exe
1868 C:\Windows\System32\dwm.exe
1960 C:\Program Files\Bonjour\mDNSResponder.exe
2008 C:\Windows\System32\svchost.exe
1860 C:\Windows\System32\hkcmd.exe
336 C:\Windows\System32\igfxpers.exe
2060 C:\Program Files\iTunes\iTunesHelper.exe
2384 C:\Program Files\Common Files\Java\Java Update\jusched.exe
2568 C:\Program Files\RocketDock\RocketDock.exe
3380 C:\Program Files\iPod\bin\iPodService.exe
3404 C:\Windows\System32\SearchIndexer.exe
3648 WUDFHost.exe
3752 C:\Windows\System32\svchost.exe
3864 C:\Program Files\Windows Media Player\wmpnetwk.exe
4048 C:\Windows\System32\svchost.exe
3112 C:\Windows\explorer.exe
2520 C:\Windows\System32\sppsvc.exe
736 C:\Windows\System32\wuauclt.exe
1732 WmiPrvSE.exe
3792 C:\Program Files\Internet Explorer\iexplore.exe
3780 C:\Program Files\Internet Explorer\iexplore.exe
3016 C:\Program Files\Internet Explorer\iexplore.exe
3068 C:\Windows\System32\SearchProtocolHost.exe
1088 C:\Windows\System32\SearchFilterHost.exe
3280 C:\Users\Christian\Desktop\MBRCheck.exe
2516 C:\Windows\System32\conhost.exe
2544 C:\Windows\System32\dllhost.exe

\\.\C: --> \\.\PhysicalDrive0 at offset 0x00000000`06500000 (NTFS)

PhysicalDrive0 Model Number: WDCWD2500BEVT-75ZCT2, Rev: 11.01A11

Size Device Name MBR Status
--------------------------------------------
232 GB \\.\PhysicalDrive0 Windows 7 MBR code detected
SHA1: 4379A3D43019B46FA357F7DD6A53B45A3CA8FB79


Done!

#11 etavares

etavares

    Bleepin' Remover


  • Malware Response Team
  • 15,514 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:07:08 PM

Posted 13 October 2010 - 05:28 PM

Hello, CSMartin85.
Ok, it's looking bettter on my end too. Let's get a second opinion.



Step 1

Please download Malwarebytes Anti-Malware and save it to your desktop.
alternate download link 1
alternate download link 2

MBAM may "make changes to your registry" as part of its disinfection routine. If using other security programs that detect registry changes (ie Spybot's Teatimer), they may interfere or alert you. Temporarily disable such programs or permit them to allow the changes.
  • Make sure you are connected to the Internet.
  • Double-click on mbam-setup.exe to install the application.
  • When the installation begins, follow the prompts and do not make any changes to default settings.
  • When installation has finished, make sure you leave both of these checked:
    • Update Malwarebytes' Anti-Malware
    • Launch Malwarebytes' Anti-Malware
  • Then click Finish.
MBAM will automatically start and you will be asked to update the program before performing a scan.
  • If an update is found, the program will automatically update itself. Press the OK button to close that box and continue.
  • If you encounter any problems while downloading the definition updates, manually download them from here and just double-click on mbam-rules.exe to install.
On the Scanner tab:
  • Make sure the "Perform Quick Scan" option is selected.
  • Then click on the Scan button.
  • If asked to select the drives to scan, leave all the drives selected and click on the Start Scan button.
  • The scan will begin and "Scan in progress" will show at the top. It may take some time to complete so please be patient.
  • When the scan is finished, a message box will say "The scan completed successfully. Click 'Show Results' to display all objects found".
  • Click OK to close the message box and continue with the removal process.
Back at the main Scanner screen:
  • Click on the Show Results button to see a list of any malware that was found.
  • Make sure that everything is checked, and click Remove Selected.
  • When removal is completed, a log report will open in Notepad.
  • The log is automatically saved and can be viewed by clicking the Logs tab in MBAM.
  • Copy and paste the contents of that report in your next reply. Be sure to post the complete log to include the top portion which shows MBAM's database version and your operating system.
  • Exit MBAM when done.
Note: If MBAM encounters a file that is difficult to remove, you will be asked to reboot your computer so MBAM can proceed with the disinfection process. If asked to restart the computer, please do so immediately. Failure to reboot normally (not into safe mode) will prevent MBAM from removing all the malware.



Step 2

Please pull anything out of the recycle bin that you want to save. Part of this fix will empty temp files, and that does include the recycle bin.

We need run an OTL Script
  1. Please download OTL from one of the following mirrors if you do not still have it.
  2. Save it to your desktop.
  3. Double click on the icon on your desktop.
  4. Paste the following code under the Custom Scans/Fixes box at the bottom. Do not include the word "Code".
    CODE
    :OTL
    PRC - File not found -- C:\Program Files\STOPzilla!\STOPzilla.exe
    DRV - File not found [Kernel | Unknown | Running] -- -- (szkgfs)
    DRV - File not found [Kernel | Unknown | Running] -- -- (szkg5)
    O4 - HKU\S-1-5-21-503737564-3586905363-225293983-1000..\Run: [AppVodBurner] File not found
    O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - CLSID or File not found.
    :Commands
    [EmptyTemp]
  5. Click the Run Fix button at the top.
  6. let the program run unhindered and reboot when it is done.
  7. You will get a log when it is done, please post that in your reply.
  8. Please then create a new OTL report....
  9. Click the "Scan All Users" checkbox.
  10. Push the button.
  11. A report will open, copy and paste it in a reply here.



Step 3

Please go to the Kaspersky website and perform an online antivirus scan.
  1. Read through the requirements and privacy statement and click on Accept button.
  2. It will start downloading and installing the scanner and virus definitions. You will be prompted to install an application from Kaspersky. Click Run.
  3. When the downloads have finished, click on Settings.
  4. Make sure these boxes are checked (ticked). If they are not, please tick them and click on the Save button:
    Spyware, Adware, Dialers, and other potentially dangerous programs
    Archives
  5. Click on My Computer under Scan.
  6. Once the scan is complete, it will display the results. Click on View Scan Report.
  7. You will see a list of infected items there. Click on Save Report As....
  8. Save this report to a convenient place. Change the Files of type to Text file (.txt) before clicking on the Save button.
  9. Please post this log in your next reply.

Note: Kaspersky online scan may take time to complete, please be patient.

etavares


If I don't respond within 2 days, please feel free to PM me.
Please don't ask for help via PM. The forums are there for a reason. Please post in the forums so others may benefit as well.

Posted Image
Unified Network of Instructors and Trusted Eliminators
 


#12 CSMartin85

CSMartin85
  • Topic Starter

  • Members
  • 8 posts
  • OFFLINE
  •  
  • Local time:07:08 PM

Posted 13 October 2010 - 08:29 PM

Okay, Malwarebytes came up clean, as did Kaspersky. However, upon running OTL my explorer.exe ended and OTL became unresponsive. Good or bad? Malwarebytes log coming right up.

Malwarebytes' Anti-Malware 1.46
www.malwarebytes.org

Database version: 4725

Windows 6.1.7600
Internet Explorer 8.0.7600.16385

10/13/2010 9:07:25 PM
mbam-log-2010-10-13 (21-07-25).txt

Scan type: Quick scan
Objects scanned: 133652
Time elapsed: 4 minute(s), 24 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 0

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
(No malicious items detected)



On a side note, I really appreciate the assistance. You guys do a great job.

#13 etavares

etavares

    Bleepin' Remover


  • Malware Response Team
  • 15,514 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:07:08 PM

Posted 14 October 2010 - 05:29 PM

Hello, CSMartin85.

First, thanks!

QUOTE
good or bad

Neither. smile.gif Likely a fluke, but let's see.

Please run OTL and post a Quick Scan log.

etavares


If I don't respond within 2 days, please feel free to PM me.
Please don't ask for help via PM. The forums are there for a reason. Please post in the forums so others may benefit as well.

Posted Image
Unified Network of Instructors and Trusted Eliminators
 


#14 CSMartin85

CSMartin85
  • Topic Starter

  • Members
  • 8 posts
  • OFFLINE
  •  
  • Local time:07:08 PM

Posted 14 October 2010 - 07:12 PM

OTL logfile created on: 10/14/2010 7:34:00 PM - Run 2
OTL by OldTimer - Version 3.2.14.1 Folder = C:\Users\Christian\Desktop
Ultimate Edition (Version = 6.1.7600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.7600.16385)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

3.00 Gb Total Physical Memory | 2.00 Gb Available Physical Memory | 79.00% Memory free
6.00 Gb Paging File | 5.00 Gb Available in Paging File | 89.00% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 232.79 Gb Total Space | 125.98 Gb Free Space | 54.12% Space Free | Partition Type: NTFS
D: Drive not present or media not loaded
E: Drive not present or media not loaded
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded

Computer Name: CM-LAPTOP
Current User Name: Christian
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: Current user
Company Name Whitelist: On
Skip Microsoft Files: On
File Age = 90 Days
Output = Standard
Quick Scan

========== Processes (SafeList) ==========

PRC - [2010/10/08 21:14:47 | 000,576,512 | ---- | M] (OldTimer Tools) -- C:\Users\Christian\Desktop\OTL.exe
PRC - [2010/09/07 11:11:59 | 000,040,384 | ---- | M] (AVAST Software) -- C:\Program Files\Alwil Software\Avast5\AvastSvc.exe
PRC - [2010/08/13 12:58:56 | 000,144,672 | ---- | M] (Apple Inc.) -- C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
PRC - [2010/05/14 11:44:46 | 000,501,480 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\Common Files\Java\Java Update\jucheck.exe
PRC - [2009/10/31 02:00:51 | 002,614,272 | ---- | M] (Microsoft Corporation) -- C:\Windows\explorer.exe
PRC - [2009/07/13 21:14:42 | 000,049,152 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\taskhost.exe
PRC - [2009/07/13 21:14:29 | 003,179,520 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\sppsvc.exe
PRC - [2007/09/02 04:28:52 | 000,495,616 | ---- | M] () -- C:\Program Files\RocketDock\RocketDock.exe


========== Modules (SafeList) ==========

MOD - [2010/10/08 21:14:47 | 000,576,512 | ---- | M] (OldTimer Tools) -- C:\Users\Christian\Desktop\OTL.exe
MOD - [2010/08/21 01:21:32 | 001,680,896 | ---- | M] (Microsoft Corporation) -- C:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7600.16661_none_420fe3fa2b8113bd\comctl32.dll
MOD - [2009/07/13 21:16:15 | 000,099,840 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\sspicli.dll
MOD - [2009/07/13 21:16:13 | 000,092,160 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\sechost.dll
MOD - [2009/07/13 21:16:13 | 000,050,688 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\samcli.dll
MOD - [2009/07/13 21:16:12 | 000,031,744 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\profapi.dll
MOD - [2009/07/13 21:16:03 | 000,022,016 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\netutils.dll
MOD - [2009/07/13 21:15:35 | 000,288,256 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\KernelBase.dll
MOD - [2009/07/13 21:15:13 | 000,067,072 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\dwmapi.dll
MOD - [2009/07/13 21:15:11 | 000,064,512 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\devobj.dll
MOD - [2009/07/13 21:15:07 | 000,036,864 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\cryptbase.dll
MOD - [2009/07/13 21:15:02 | 000,145,920 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\cfgmgr32.dll
MOD - [2009/07/13 21:14:10 | 000,095,232 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\msscript.ocx
MOD - [2007/09/02 04:27:36 | 000,069,632 | ---- | M] () -- C:\Program Files\RocketDock\RocketDock.dll


========== Win32 Services (SafeList) ==========

SRV - [2010/09/07 11:11:59 | 000,040,384 | ---- | M] (AVAST Software) [On_Demand | Running] -- C:\Program Files\Alwil Software\Avast5\AvastSvc.exe -- (avast! Web Scanner)
SRV - [2010/09/07 11:11:59 | 000,040,384 | ---- | M] (AVAST Software) [On_Demand | Running] -- C:\Program Files\Alwil Software\Avast5\AvastSvc.exe -- (avast! Mail Scanner)
SRV - [2010/09/07 11:11:59 | 000,040,384 | ---- | M] (AVAST Software) [Auto | Running] -- C:\Program Files\Alwil Software\Avast5\AvastSvc.exe -- (avast! Antivirus)
SRV - [2010/08/13 12:58:56 | 000,144,672 | ---- | M] (Apple Inc.) [Auto | Running] -- C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe -- (Apple Mobile Device)
SRV - [2010/03/18 13:16:28 | 000,130,384 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32)
SRV - [2009/08/01 18:18:05 | 000,037,888 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\System32\themeservice.dll -- (Themes)
SRV - [2009/07/13 21:16:21 | 000,185,856 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\wwansvc.dll -- (WwanSvc)
SRV - [2009/07/13 21:16:17 | 000,151,552 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\wbiosrvc.dll -- (WbioSrvc)
SRV - [2009/07/13 21:16:17 | 000,119,808 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\System32\umpo.dll -- (Power)
SRV - [2009/07/13 21:16:15 | 000,053,760 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\sppuinotify.dll -- (sppuinotify)
SRV - [2009/07/13 21:16:13 | 000,043,520 | ---- | M] (Microsoft Corporation) [Unknown | Running] -- C:\Windows\System32\RpcEpMap.dll -- (RpcEptMapper)
SRV - [2009/07/13 21:16:13 | 000,025,088 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\sensrsvc.dll -- (SensrSvc)
SRV - [2009/07/13 21:16:12 | 001,004,544 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\PeerDistSvc.dll -- (PeerDistSvc)
SRV - [2009/07/13 21:16:12 | 000,269,824 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\pnrpsvc.dll -- (PNRPsvc)
SRV - [2009/07/13 21:16:12 | 000,269,824 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\pnrpsvc.dll -- (p2pimsvc)
SRV - [2009/07/13 21:16:12 | 000,165,376 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Windows\System32\provsvc.dll -- (HomeGroupProvider)
SRV - [2009/07/13 21:16:12 | 000,020,480 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\pnrpauto.dll -- (PNRPAutoReg)
SRV - [2009/07/13 21:15:36 | 000,194,560 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\ListSvc.dll -- (HomeGroupListener)
SRV - [2009/07/13 21:15:21 | 000,797,696 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\FntCache.dll -- (FontCache)
SRV - [2009/07/13 21:15:11 | 000,253,440 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\System32\dhcpcore.dll -- (Dhcp)
SRV - [2009/07/13 21:15:10 | 000,218,624 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\defragsvc.dll -- (defragsvc)
SRV - [2009/07/13 21:14:59 | 000,076,800 | ---- | M] (Microsoft Corporation) [Unknown | Stopped] -- C:\Windows\System32\bdesvc.dll -- (BDESVC)
SRV - [2009/07/13 21:14:58 | 000,088,064 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\AxInstSv.dll -- (AxInstSV) ActiveX Installer (AxInstSV)
SRV - [2009/07/13 21:14:53 | 000,027,648 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\appidsvc.dll -- (AppIDSvc)
SRV - [2009/07/13 21:14:29 | 003,179,520 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\System32\sppsvc.exe -- (sppsvc)


========== Driver Services (SafeList) ==========

DRV - File not found [Kernel | On_Demand | Stopped] -- C:\Users\CHRIST~1\AppData\Local\Temp\catchme.sys -- (catchme)
DRV - [2010/09/07 10:52:25 | 000,046,672 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\Windows\System32\drivers\aswTdi.sys -- (aswTdi)
DRV - [2010/09/07 10:47:46 | 000,023,376 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\Windows\System32\drivers\aswRdr.sys -- (aswRdr)
DRV - [2010/09/07 10:47:30 | 000,050,768 | ---- | M] (AVAST Software) [File_System | Auto | Running] -- C:\Windows\System32\drivers\aswMonFlt.sys -- (aswMonFlt)
DRV - [2010/07/27 08:14:58 | 006,842,464 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\lvuvc.sys -- (LVUVC) Logitech QuickCam Pro 9000(UVC)
DRV - [2010/07/27 08:12:50 | 000,282,336 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\lvrs.sys -- (LVRS)
DRV - [2010/04/21 18:10:04 | 008,746,496 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\igdkmd32.sys -- (igfx)
DRV - [2009/12/11 03:44:02 | 000,133,720 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\System32\Drivers\ksecpkg.sys -- (KSecPkg)
DRV - [2009/09/28 09:22:00 | 000,315,392 | ---- | M] () [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\yk62x86.sys -- (yukonw7)
DRV - [2009/07/13 21:26:21 | 000,015,952 | ---- | M] (CMD Technology, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\cmdide.sys -- (cmdide)
DRV - [2009/07/13 21:26:17 | 000,297,552 | ---- | M] (Adaptec, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\adpahci.sys -- (adpahci)
DRV - [2009/07/13 21:26:15 | 000,422,976 | ---- | M] (Adaptec, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\adp94xx.sys -- (adp94xx)
DRV - [2009/07/13 21:26:15 | 000,159,312 | ---- | M] (AMD Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\amdsbs.sys -- (amdsbs)
DRV - [2009/07/13 21:26:15 | 000,146,512 | ---- | M] (Adaptec, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\adpu320.sys -- (adpu320)
DRV - [2009/07/13 21:26:15 | 000,086,608 | ---- | M] (Adaptec, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\arcsas.sys -- (arcsas)
DRV - [2009/07/13 21:26:15 | 000,079,952 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\amdsata.sys -- (amdsata)
DRV - [2009/07/13 21:26:15 | 000,076,368 | ---- | M] (Adaptec, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\arc.sys -- (arc)
DRV - [2009/07/13 21:26:15 | 000,023,616 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\system32\DRIVERS\amdxata.sys -- (amdxata)
DRV - [2009/07/13 21:26:15 | 000,014,400 | ---- | M] (Acer Laboratories Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\aliide.sys -- (aliide)
DRV - [2009/07/13 21:20:44 | 000,142,416 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\nvstor.sys -- (nvstor)
DRV - [2009/07/13 21:20:44 | 000,117,312 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\nvraid.sys -- (nvraid)
DRV - [2009/07/13 21:20:44 | 000,044,624 | ---- | M] (IBM Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\nfrd960.sys -- (nfrd960)
DRV - [2009/07/13 21:20:37 | 000,089,168 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\lsi_sas.sys -- (LSI_SAS)
DRV - [2009/07/13 21:20:36 | 000,332,352 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\iaStorV.sys -- (iaStorV)
DRV - [2009/07/13 21:20:36 | 000,235,584 | ---- | M] (LSI Corporation, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\MegaSR.sys -- (MegaSR)
DRV - [2009/07/13 21:20:36 | 000,096,848 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\lsi_scsi.sys -- (LSI_SCSI)
DRV - [2009/07/13 21:20:36 | 000,095,824 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\lsi_fc.sys -- (LSI_FC)
DRV - [2009/07/13 21:20:36 | 000,054,864 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\lsi_sas2.sys -- (LSI_SAS2)
DRV - [2009/07/13 21:20:36 | 000,041,040 | ---- | M] (Intel Corp./ICP vortex GmbH) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\iirsp.sys -- (iirsp)
DRV - [2009/07/13 21:20:36 | 000,030,800 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\megasas.sys -- (megasas)
DRV - [2009/07/13 21:20:36 | 000,013,904 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\System32\drivers\hwpolicy.sys -- (hwpolicy)
DRV - [2009/07/13 21:20:28 | 000,453,712 | ---- | M] (Emulex) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\elxstor.sys -- (elxstor)
DRV - [2009/07/13 21:20:28 | 000,070,720 | ---- | M] (Adaptec, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\djsvs.sys -- (aic78xx)
DRV - [2009/07/13 21:20:28 | 000,067,152 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\HpSAMD.sys -- (HpSAMD)
DRV - [2009/07/13 21:20:28 | 000,046,160 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\System32\drivers\fsdepends.sys -- (FsDepends)
DRV - [2009/07/13 21:19:11 | 000,141,904 | ---- | M] (VIA Technologies Inc.,Ltd) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\vsmraid.sys -- (vsmraid)
DRV - [2009/07/13 21:19:10 | 000,175,824 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\vmbus.sys -- (vmbus)
DRV - [2009/07/13 21:19:10 | 000,159,824 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\vhdmp.sys -- (vhdmp)
DRV - [2009/07/13 21:19:10 | 000,040,896 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\system32\DRIVERS\vmstorfl.sys -- (storflt)
DRV - [2009/07/13 21:19:10 | 000,032,832 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\system32\DRIVERS\vdrvroot.sys -- (vdrvroot)
DRV - [2009/07/13 21:19:10 | 000,028,224 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\storvsc.sys -- (storvsc)
DRV - [2009/07/13 21:19:10 | 000,019,008 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\System32\drivers\wimmount.sys -- (WIMMount)
DRV - [2009/07/13 21:19:10 | 000,016,976 | ---- | M] (VIA Technologies, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\viaide.sys -- (viaide)
DRV - [2009/07/13 21:19:04 | 001,383,488 | ---- | M] (QLogic Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\ql2300.sys -- (ql2300)
DRV - [2009/07/13 21:19:04 | 000,173,648 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\System32\drivers\rdyboost.sys -- (rdyboost)
DRV - [2009/07/13 21:19:04 | 000,106,064 | ---- | M] (QLogic Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\ql40xx.sys -- (ql40xx)
DRV - [2009/07/13 21:19:04 | 000,077,888 | ---- | M] (Silicon Integrated Systems) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\sisraid4.sys -- (SiSRaid4)
DRV - [2009/07/13 21:19:04 | 000,043,088 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\System32\drivers\pcw.sys -- (pcw)
DRV - [2009/07/13 21:19:04 | 000,040,016 | ---- | M] (Silicon Integrated Systems Corp.) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\SiSRaid2.sys -- (SiSRaid2)
DRV - [2009/07/13 21:19:04 | 000,021,072 | ---- | M] (Promise Technology) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\stexstor.sys -- (stexstor)
DRV - [2009/07/13 21:17:54 | 000,369,568 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\System32\Drivers\cng.sys -- (CNG)
DRV - [2009/07/13 20:57:25 | 000,272,128 | ---- | M] (Brother Industries Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\Drivers\Brserid.sys -- (Brserid) Brother MFC Serial Port Interface Driver (WDM)
DRV - [2009/07/13 20:02:41 | 000,018,944 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\rdpbus.sys -- (rdpbus)
DRV - [2009/07/13 20:01:41 | 000,007,168 | ---- | M] (Microsoft Corporation) [Kernel | System | Running] -- C:\Windows\System32\drivers\RDPREFMP.sys -- (RDPREFMP)
DRV - [2009/07/13 19:55:00 | 000,049,152 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\agilevpn.sys -- (RasAgileVpn) WAN Miniport (IKEv2)
DRV - [2009/07/13 19:53:51 | 000,009,728 | ---- | M] (Microsoft Corporation) [Kernel | System | Running] -- C:\Windows\System32\drivers\wfplwf.sys -- (WfpLwf)
DRV - [2009/07/13 19:52:44 | 000,027,136 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\ndiscap.sys -- (NdisCap)
DRV - [2009/07/13 19:52:04 | 000,048,128 | ---- | M] (Microsoft Corporation) [Kernel | System | Running] -- C:\Windows\System32\drivers\vwififlt.sys -- (vwififlt)
DRV - [2009/07/13 19:52:02 | 000,019,968 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\vwifibus.sys -- (vwifibus)
DRV - [2009/07/13 19:52:00 | 000,163,328 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\1394ohci.sys -- (1394ohci)
DRV - [2009/07/13 19:51:35 | 000,008,192 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\umpass.sys -- (UmPass)
DRV - [2009/07/13 19:51:23 | 000,080,640 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\USBAUDIO.sys -- (usbaudio) USB Audio Driver (WDM)
DRV - [2009/07/13 19:51:11 | 000,034,944 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\winusb.sys -- (WinUsb)
DRV - [2009/07/13 19:51:08 | 000,004,096 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\mshidkmdf.sys -- (mshidkmdf)
DRV - [2009/07/13 19:46:55 | 000,012,288 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\MTConfig.sys -- (MTConfig)
DRV - [2009/07/13 19:45:26 | 000,031,232 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\CompositeBus.sys -- (CompositeBus)
DRV - [2009/07/13 19:36:52 | 000,050,176 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\drivers\appid.sys -- (AppID)
DRV - [2009/07/13 19:33:50 | 000,026,624 | ---- | M] (Microsoft Corporation) [Kernel | Unknown | Stopped] -- C:\Windows\System32\drivers\scfilter.sys -- (scfilter)
DRV - [2009/07/13 19:28:47 | 000,005,632 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\vms3cap.sys -- (s3cap)
DRV - [2009/07/13 19:28:45 | 000,017,920 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\VMBusHID.sys -- (VMBusHID)
DRV - [2009/07/13 19:24:05 | 000,032,256 | ---- | M] (Microsoft Corporation) [Kernel | System | Running] -- C:\Windows\System32\drivers\discache.sys -- (discache)
DRV - [2009/07/13 19:19:21 | 000,021,504 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\HidBatt.sys -- (HidBatt)
DRV - [2009/07/13 19:16:36 | 000,009,728 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\acpipmi.sys -- (AcpiPmi)
DRV - [2009/07/13 19:11:04 | 000,052,736 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\amdppm.sys -- (AmdPPM)
DRV - [2009/07/13 18:54:14 | 000,026,624 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\drivers\hcw85cir.sys -- (hcw85cir)
DRV - [2009/07/13 18:53:33 | 000,012,160 | ---- | M] (Brother Industries Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\Drivers\BrUsbMdm.sys -- (BrUsbMdm)
DRV - [2009/07/13 18:53:33 | 000,011,904 | ---- | M] (Brother Industries Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\Drivers\BrUsbSer.sys -- (BrUsbSer)
DRV - [2009/07/13 18:53:32 | 000,062,336 | ---- | M] (Brother Industries Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\Drivers\BrSerWdm.sys -- (BrSerWdm)
DRV - [2009/07/13 18:53:28 | 000,013,568 | ---- | M] (Brother Industries, Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\BrFiltLo.sys -- (BrFiltLo)
DRV - [2009/07/13 18:53:28 | 000,005,248 | ---- | M] (Brother Industries, Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\BrFiltUp.sys -- (BrFiltUp)
DRV - [2009/07/13 18:02:49 | 000,229,888 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\b57nd60x.sys -- (b57nd60x)
DRV - [2009/07/13 18:02:48 | 003,100,160 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\evbdx.sys -- (ebdrv)
DRV - [2009/07/13 18:02:48 | 000,430,080 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\bxvbdx.sys -- (b06bdrv)
DRV - [2009/07/08 00:45:32 | 002,506,232 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\BCMWL6.SYS -- (BCM43XX)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========


IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.facebook.com/
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = en-us
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = DD BD 0A B4 81 4A CB 01 [binary data]
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local

========== FireFox ==========

FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}:6.0.20
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}:6.0.21

FF - HKLM\software\mozilla\Mozilla Firefox 3.6.9\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2010/09/30 19:42:01 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.6.9\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2010/09/30 20:02:28 | 000,000,000 | ---D | M]

[2010/09/02 22:10:22 | 000,000,000 | ---D | M] -- C:\Users\Christian\AppData\Roaming\Mozilla\Extensions
[2010/09/02 22:10:22 | 000,000,000 | ---D | M] -- C:\Users\Christian\AppData\Roaming\Mozilla\Extensions\mozswing@mozswing.org
[2010/09/30 19:33:19 | 000,000,000 | ---D | M] -- C:\Users\Christian\AppData\Roaming\Mozilla\Firefox\Profiles\cijsm90z.default\extensions
[2010/09/30 22:25:21 | 000,000,000 | ---D | M] -- C:\Users\Christian\AppData\Roaming\Mozilla\Firefox\Profiles\fiquc365.default\extensions
[2010/09/16 00:25:02 | 000,000,919 | ---- | M] () -- C:\Users\Christian\AppData\Roaming\Mozilla\Firefox\Profiles\fiquc365.default\searchplugins\conduit.xml
[2010/09/30 20:06:55 | 000,000,000 | ---D | M] -- C:\Program Files\Mozilla Firefox\extensions
[2010/09/30 20:02:29 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}
[2010/09/30 20:06:55 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}
[2010/07/17 05:00:04 | 000,423,656 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\Mozilla Firefox\plugins\npdeployJava1.dll

O1 HOSTS File: ([2010/10/13 00:14:17 | 000,000,027 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O2 - BHO: (Skype add-on for Internet Explorer) - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O4 - HKCU..\RunOnce: [FlashPlayerUpdate] C:\Windows\System32\Macromed\Flash\FlashUtil10i_ActiveX.exe (Adobe Systems, Inc.)
O4 - Startup: C:\Users\Christian\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\LimeWire On Startup.lnk = C:\Program Files\LimeWire\LimeWire.exe (Lime Wire, LLC)
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\control panel present
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\restrictions present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLUA = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: VerboseStatus = 1
O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\control panel present
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O9 - Extra Button: Skype add-on for Internet Explorer - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O9 - Extra 'Tools' menuitem : Skype add-on for Internet Explorer - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O9 - Extra Button: PokerStars.net - {FA9B9510-9FCB-4ca0-818C-5D0987B47C4D} - C:\Program Files\PokerStars.NET\PokerStarsUpdate.exe (PokerStars)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000007 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O16 - DPF: {166B1BCA-3F9C-11CF-8075-444553540000} http://download.macromedia.com/pub/shockwa...director/sw.cab (Shockwave ActiveX Control)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Java Plug-in 1.6.0_21)
O16 - DPF: {CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Java Plug-in 1.6.0_21)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Java Plug-in 1.6.0_21)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://fpdownload2.macromedia.com/get/shoc...ash/swflash.cab (Shockwave Flash Object)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 10.1.10.1
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O18 - Protocol\Handler\skype-ie-addon-data {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\System32\SystemPropertiesPerformance.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (/pagefile) - File not found
O20 - Winlogon\Notify\igfxcui: DllName - igfxdev.dll - C:\Windows\System32\igfxdev.dll (Intel Corporation)
O28 - HKLM ShellExecuteHooks: {AEB6717E-7E19-11d0-97EE-00C04FD91972} - Reg Error: Key error. File not found
O30 - LSA: Security Packages - (pku2u) - C:\Windows\System32\pku2u.dll (Microsoft Corporation)
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2009/06/10 17:42:20 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = ComFile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKCU\...exe [@ = exefile] -- Reg Error: Key error. File not found

========== Files/Folders - Created Within 90 Days ==========

[2010/10/13 21:14:46 | 000,000,000 | ---D | C] -- C:\_OTL
[2010/10/13 00:14:22 | 000,000,000 | -HSD | C] -- C:\$RECYCLE.BIN
[2010/10/13 00:13:19 | 000,000,000 | ---D | C] -- C:\Device
[2010/10/13 00:06:09 | 000,212,480 | ---- | C] (SteelWerX) -- C:\Windows\SWXCACLS.exe
[2010/10/13 00:06:06 | 000,000,000 | ---D | C] -- C:\32788R22FWJFW
[2010/10/11 22:16:00 | 000,000,000 | ---D | C] -- C:\Users\Christian\AppData\Local\temp
[2010/10/11 22:11:09 | 000,161,792 | ---- | C] (SteelWerX) -- C:\Windows\SWREG.exe
[2010/10/11 22:11:09 | 000,136,704 | ---- | C] (SteelWerX) -- C:\Windows\SWSC.exe
[2010/10/11 22:11:09 | 000,031,232 | ---- | C] (NirSoft) -- C:\Windows\NIRCMD.exe
[2010/10/11 22:11:03 | 000,000,000 | ---D | C] -- C:\Windows\ERDNT
[2010/10/11 21:29:02 | 000,000,000 | ---D | C] -- C:\Qoobox
[2010/10/08 21:24:31 | 000,000,000 | ---D | C] -- C:\Users\Christian\Desktop\gmer
[2010/10/08 21:14:46 | 000,576,512 | ---- | C] (OldTimer Tools) -- C:\Users\Christian\Desktop\OTL.exe
[2010/10/01 16:07:10 | 000,000,000 | ---D | C] -- C:\Config.Msi
[2010/10/01 15:03:13 | 000,000,000 | ---D | C] -- C:\ProgramData\STOPzilla!
[2010/10/01 15:03:13 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\iS3
[2010/09/30 22:46:22 | 000,000,000 | ---D | C] -- C:\Users\Christian\AppData\Roaming\Malwarebytes
[2010/09/30 22:45:39 | 000,038,224 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbamswissarmy.sys
[2010/09/30 22:45:38 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes
[2010/09/30 22:45:37 | 000,020,952 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbam.sys
[2010/09/30 22:45:37 | 000,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware
[2010/09/30 19:30:47 | 000,000,000 | ---D | C] -- C:\Windows\System32\appmgmt
[2010/09/30 12:34:49 | 000,000,000 | ---D | C] -- C:\Program Files\FBLayouts
[2010/09/29 18:20:58 | 000,000,000 | -H-D | C] -- C:\Users\Public\Documents\Server
[2010/09/26 14:18:08 | 000,000,000 | ---D | C] -- C:\Users\Christian\AppData\Local\Google
[2010/09/26 14:18:08 | 000,000,000 | ---D | C] -- C:\Program Files\Google
[2010/09/17 23:41:13 | 000,000,000 | ---D | C] -- C:\Windows\Sun
[2010/09/15 21:38:48 | 000,000,000 | ---D | C] -- C:\ProgramData\Blizzard Entertainment
[2010/09/15 21:19:09 | 000,000,000 | ---D | C] -- C:\Users\Public\Documents\Blizzard Entertainment
[2010/09/15 20:27:05 | 000,000,000 | ---D | C] -- C:\ProgramData\Blizzard
[2010/09/15 18:14:28 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Blizzard Entertainment
[2010/09/11 05:48:38 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\PX Storage Engine
[2010/09/11 05:48:19 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\DivX Shared
[2010/09/10 03:49:22 | 000,000,000 | ---D | C] -- C:\Users\Christian\Documents\VodBurner
[2010/09/10 03:46:30 | 000,000,000 | ---D | C] -- C:\Program Files\VodBurner
[2010/09/09 18:50:07 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Skype
[2010/09/06 03:24:29 | 000,000,000 | ---D | C] -- C:\Users\Christian\Documents\Webcam
[2010/09/06 02:50:45 | 000,000,000 | ---D | C] -- C:\ProgramData\LogiShrd
[2010/09/06 02:45:41 | 000,000,000 | ---D | C] -- C:\Users\Christian\AppData\Roaming\Leadertech
[2010/09/06 02:45:24 | 000,000,000 | ---D | C] -- C:\ProgramData\Logitech
[2010/09/06 02:45:21 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\LWS
[2010/09/06 02:45:10 | 000,000,000 | ---D | C] -- C:\Program Files\Logitech
[2010/09/06 02:41:05 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\logishrd
[2010/09/05 00:49:01 | 000,000,000 | ---D | C] -- C:\Users\Christian\AppData\Roaming\skypePM
[2010/09/05 00:48:17 | 000,000,000 | ---D | C] -- C:\Users\Christian\AppData\Roaming\Skype
[2010/09/02 22:10:08 | 000,000,000 | ---D | C] -- C:\Users\Christian\AppData\Roaming\LimeWire
[2010/09/02 18:57:45 | 000,000,000 | ---D | C] -- C:\Users\Christian\AppData\Roaming\Mozilla
[2010/09/02 18:57:45 | 000,000,000 | ---D | C] -- C:\Users\Christian\AppData\Local\Mozilla
[2010/09/02 18:57:22 | 000,000,000 | ---D | C] -- C:\Program Files\Mozilla Firefox
[2010/09/02 18:29:37 | 000,000,000 | ---D | C] -- C:\Program Files\LimeWire
[2010/09/02 18:17:24 | 000,000,000 | ---D | C] -- C:\Users\Christian\AppData\Roaming\DivX
[2010/09/02 18:15:55 | 000,000,000 | ---D | C] -- C:\Program Files\DivX
[2010/09/02 18:15:15 | 000,000,000 | ---D | C] -- C:\ProgramData\DivX
[2010/09/02 17:38:45 | 000,000,000 | R--D | C] -- C:\Program Files\Skype
[2010/09/02 17:38:43 | 000,000,000 | ---D | C] -- C:\ProgramData\Skype
[2010/09/02 17:12:01 | 000,000,000 | ---D | C] -- C:\ProgramData\Sun
[2010/09/02 17:12:01 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Java
[2010/09/02 17:10:32 | 000,000,000 | ---D | C] -- C:\Program Files\Java
[2010/09/02 16:52:30 | 000,000,000 | ---D | C] -- C:\Windows\System32\Adobe
[2010/09/02 16:19:18 | 000,000,000 | ---D | C] -- C:\Users\Christian\AppData\Roaming\Publish Providers
[2010/09/02 16:15:44 | 000,000,000 | ---D | C] -- C:\Users\Christian\AppData\Roaming\Sony
[2010/09/02 16:15:44 | 000,000,000 | ---D | C] -- C:\Users\Christian\AppData\Local\Sony
[2010/09/02 16:11:12 | 000,000,000 | ---D | C] -- C:\ProgramData\Sony
[2010/09/02 16:11:00 | 000,000,000 | ---D | C] -- C:\Program Files\Sony
[2010/09/02 15:56:19 | 000,000,000 | ---D | C] -- C:\Users\Christian\Documents\DBZ Clips
[2010/09/02 15:01:04 | 000,000,000 | ---D | C] -- C:\Program Files\PokerStars.NET
[2010/09/02 14:45:21 | 000,000,000 | ---D | C] -- C:\Users\Christian\AppData\Local\Apple Computer
[2010/09/02 14:45:20 | 000,000,000 | ---D | C] -- C:\Users\Christian\AppData\Roaming\Apple Computer
[2010/09/02 14:45:14 | 000,000,000 | ---D | C] -- C:\Windows\System32\DRVSTORE
[2010/09/02 14:44:54 | 000,000,000 | ---D | C] -- C:\Program Files\iTunes
[2010/09/02 14:44:54 | 000,000,000 | ---D | C] -- C:\Program Files\iPod
[2010/09/02 14:44:54 | 000,000,000 | ---D | C] -- C:\ProgramData\{429CAD59-35B1-4DBC-BB6D-1DB246563521}
[2010/09/02 14:44:15 | 000,000,000 | ---D | C] -- C:\Program Files\QuickTime
[2010/09/02 14:44:15 | 000,000,000 | ---D | C] -- C:\ProgramData\Apple Computer
[2010/09/02 14:44:07 | 000,000,000 | ---D | C] -- C:\Users\Christian\AppData\Local\Apple
[2010/09/02 14:44:05 | 000,000,000 | ---D | C] -- C:\Program Files\Apple Software Update
[2010/09/02 14:43:44 | 000,000,000 | ---D | C] -- C:\Program Files\Bonjour
[2010/09/02 14:43:34 | 000,000,000 | ---D | C] -- C:\ProgramData\Apple
[2010/09/02 14:43:34 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Apple
[2010/09/02 09:01:38 | 000,000,000 | ---D | C] -- C:\Windows\Panther
[2010/09/02 08:02:47 | 000,000,000 | ---D | C] -- C:\Windows\Prefetch
[2010/09/02 08:02:03 | 000,000,000 | -HSD | C] -- C:\System Volume Information
[2010/09/02 06:35:29 | 000,000,000 | ---D | C] -- C:\Users\Christian\AppData\Roaming\Macromedia
[2010/09/02 06:35:29 | 000,000,000 | ---D | C] -- C:\Users\Christian\AppData\Roaming\Adobe
[2010/09/02 06:35:26 | 000,000,000 | ---D | C] -- C:\Windows\System32\Macromed
[2010/09/02 06:25:04 | 000,000,000 | ---D | C] -- C:\Program Files\Intel
[2010/09/02 06:25:03 | 000,000,000 | ---D | C] -- C:\Intel
[2010/09/02 06:18:48 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft.NET
[2010/09/02 05:39:28 | 000,165,584 | ---- | C] (AVAST Software) -- C:\Windows\System32\drivers\aswSP.sys
[2010/09/02 05:39:28 | 000,017,744 | ---- | C] (AVAST Software) -- C:\Windows\System32\drivers\aswFsBlk.sys
[2010/09/02 05:39:27 | 000,023,376 | ---- | C] (AVAST Software) -- C:\Windows\System32\drivers\aswRdr.sys
[2010/09/02 05:39:25 | 000,046,672 | ---- | C] (AVAST Software) -- C:\Windows\System32\drivers\aswTdi.sys
[2010/09/02 05:39:23 | 000,050,768 | ---- | C] (AVAST Software) -- C:\Windows\System32\drivers\aswMonFlt.sys
[2010/09/02 05:38:56 | 000,000,000 | -HSD | C] -- C:\Windows\Installer
[2010/09/02 05:38:52 | 000,167,592 | ---- | C] (AVAST Software) -- C:\Windows\System32\aswBoot.exe
[2010/09/02 05:38:52 | 000,038,848 | ---- | C] (AVAST Software) -- C:\Windows\avastSS.scr
[2010/09/02 05:38:49 | 000,000,000 | ---D | C] -- C:\ProgramData\Alwil Software
[2010/09/02 05:38:49 | 000,000,000 | ---D | C] -- C:\Program Files\Alwil Software
[2010/09/02 05:15:58 | 000,000,000 | ---D | C] -- C:\Users\Christian\AppData\Local\ElevatedDiagnostics
[2010/09/02 05:10:34 | 000,000,000 | R--D | C] -- C:\Users\Christian\Searches
[2010/09/02 05:10:33 | 000,000,000 | -H-D | C] -- C:\Users\Christian\Application Data\Microsoft\Internet Explorer\Quick Launch\User Pinned
[2010/09/02 05:10:25 | 000,000,000 | ---D | C] -- C:\Users\Christian\AppData\Roaming\Identities
[2010/09/02 05:10:23 | 000,000,000 | R--D | C] -- C:\Users\Christian\Contacts
[2010/09/02 05:10:10 | 000,000,000 | -HSD | C] -- C:\Users\Christian\AppData\Local\Temporary Internet Files
[2010/09/02 05:10:10 | 000,000,000 | -HSD | C] -- C:\Users\Christian\Templates
[2010/09/02 05:10:10 | 000,000,000 | -HSD | C] -- C:\Users\Christian\Start Menu
[2010/09/02 05:10:10 | 000,000,000 | -HSD | C] -- C:\Users\Christian\SendTo
[2010/09/02 05:10:10 | 000,000,000 | -HSD | C] -- C:\Users\Christian\Recent
[2010/09/02 05:10:10 | 000,000,000 | -HSD | C] -- C:\Users\Christian\PrintHood
[2010/09/02 05:10:10 | 000,000,000 | -HSD | C] -- C:\Users\Christian\NetHood
[2010/09/02 05:10:10 | 000,000,000 | -HSD | C] -- C:\Users\Christian\Documents\My Videos
[2010/09/02 05:10:10 | 000,000,000 | -HSD | C] -- C:\Users\Christian\Documents\My Pictures
[2010/09/02 05:10:10 | 000,000,000 | -HSD | C] -- C:\Users\Christian\Documents\My Music
[2010/09/02 05:10:10 | 000,000,000 | -HSD | C] -- C:\Users\Christian\My Documents
[2010/09/02 05:10:10 | 000,000,000 | -HSD | C] -- C:\Users\Christian\Local Settings
[2010/09/02 05:10:10 | 000,000,000 | -HSD | C] -- C:\Users\Christian\AppData\Local\History
[2010/09/02 05:10:10 | 000,000,000 | -HSD | C] -- C:\Users\Christian\Cookies
[2010/09/02 05:10:10 | 000,000,000 | -HSD | C] -- C:\Users\Christian\Application Data
[2010/09/02 05:10:10 | 000,000,000 | -HSD | C] -- C:\Users\Christian\AppData\Local\Application Data
[2010/09/02 05:10:09 | 000,000,000 | --SD | C] -- C:\Users\Christian\AppData\Roaming\Microsoft
[2010/09/02 05:10:09 | 000,000,000 | R--D | C] -- C:\Users\Christian\Videos
[2010/09/02 05:10:09 | 000,000,000 | R--D | C] -- C:\Users\Christian\Saved Games
[2010/09/02 05:10:09 | 000,000,000 | R--D | C] -- C:\Users\Christian\Pictures
[2010/09/02 05:10:09 | 000,000,000 | R--D | C] -- C:\Users\Christian\Music
[2010/09/02 05:10:09 | 000,000,000 | R--D | C] -- C:\Users\Christian\Links
[2010/09/02 05:10:09 | 000,000,000 | R--D | C] -- C:\Users\Christian\Favorites
[2010/09/02 05:10:09 | 000,000,000 | R--D | C] -- C:\Users\Christian\Downloads
[2010/09/02 05:10:09 | 000,000,000 | R--D | C] -- C:\Users\Christian\My Documents
[2010/09/02 05:10:09 | 000,000,000 | R--D | C] -- C:\Users\Christian\Desktop
[2010/09/02 05:10:09 | 000,000,000 | -H-D | C] -- C:\Users\Christian\AppData
[2010/09/02 05:10:09 | 000,000,000 | ---D | C] -- C:\Users\Christian\AppData\Local\Microsoft
[2010/09/02 05:10:09 | 000,000,000 | ---D | C] -- C:\Users\Christian\AppData\Roaming\Media Center Programs
[2010/09/02 05:09:22 | 000,000,000 | ---D | C] -- C:\Recovery
[2010/09/02 05:09:18 | 000,000,000 | ---D | C] -- C:\Windows\SoftwareDistribution
[2010/09/02 04:50:59 | 000,000,000 | R--D | C] -- C:\Users\Christian\Documents\Favorites
[2010/09/02 04:48:24 | 000,000,000 | ---D | C] -- C:\Users\Christian\Documents\Shoddy Battle Teams
[2010/09/02 04:47:35 | 000,000,000 | ---D | C] -- C:\Users\Christian\Documents\LimeWire
[2010/09/02 04:47:35 | 000,000,000 | ---D | C] -- C:\Users\Christian\Documents\Driver
[2010/09/02 04:05:55 | 000,000,000 | ---D | C] -- C:\Users\Christian\Documents\gifs
[2010/09/02 04:04:21 | 000,000,000 | ---D | C] -- C:\Users\Christian\Documents\Movies
[2010/09/02 04:04:10 | 000,000,000 | ---D | C] -- C:\Users\Christian\Documents\Vegas Projects
[2010/09/02 04:03:24 | 000,000,000 | ---D | C] -- C:\Users\Christian\Documents\Software
[2010/04/21 17:32:38 | 000,004,096 | ---- | C] ( ) -- C:\Windows\System32\IGFXDEVLib.dll

========== Files - Modified Within 90 Days ==========

[2010/10/14 19:35:06 | 000,016,944 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2010/10/14 19:35:06 | 000,016,944 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2010/10/14 19:32:17 | 000,726,316 | ---- | M] () -- C:\Windows\System32\PerfStringBackup.INI
[2010/10/14 19:32:17 | 000,624,178 | ---- | M] () -- C:\Windows\System32\perfh009.dat
[2010/10/14 19:32:17 | 000,106,522 | ---- | M] () -- C:\Windows\System32\perfc009.dat
[2010/10/14 19:27:56 | 000,000,006 | -H-- | M] () -- C:\Windows\tasks\SA.DAT
[2010/10/14 19:27:49 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2010/10/14 19:27:46 | 2384,744,448 | -HS- | M] () -- C:\hiberfil.sys
[2010/10/14 15:13:52 | 001,572,864 | -HS- | M] () -- C:\Users\Christian\ntuser.dat
[2010/10/14 15:13:48 | 001,494,099 | -H-- | M] () -- C:\Users\Christian\AppData\Local\IconCache.db
[2010/10/14 01:27:19 | 000,001,219 | ---- | M] () -- C:\Users\Public\Desktop\World of Warcraft.lnk
[2010/10/13 23:45:20 | 000,266,808 | ---- | M] () -- C:\Windows\System32\FNTCACHE.DAT
[2010/10/13 00:21:05 | 000,080,384 | ---- | M] () -- C:\Users\Christian\Desktop\MBRCheck.exe
[2010/10/13 00:14:22 | 000,000,215 | ---- | M] () -- C:\Windows\system.ini
[2010/10/13 00:14:17 | 000,000,027 | ---- | M] () -- C:\Windows\System32\drivers\etc\hosts
[2010/10/13 00:06:00 | 003,877,883 | R--- | M] () -- C:\Users\Christian\Desktop\etavarescf.exe
[2010/10/09 04:57:16 | 000,524,288 | -HS- | M] () -- C:\Users\Christian\ntuser.dat{6a59cd48-d28d-11df-ad56-0025646c62ba}.TMContainer00000000000000000002.regtrans-ms
[2010/10/09 04:57:16 | 000,524,288 | -HS- | M] () -- C:\Users\Christian\ntuser.dat{6a59cd48-d28d-11df-ad56-0025646c62ba}.TMContainer00000000000000000001.regtrans-ms
[2010/10/09 04:57:16 | 000,065,536 | -HS- | M] () -- C:\Users\Christian\ntuser.dat{6a59cd48-d28d-11df-ad56-0025646c62ba}.TM.blf
[2010/10/08 21:24:21 | 000,284,915 | ---- | M] () -- C:\Users\Christian\Desktop\gmer.zip
[2010/10/08 21:14:47 | 000,576,512 | ---- | M] (OldTimer Tools) -- C:\Users\Christian\Desktop\OTL.exe
[2010/10/07 23:44:38 | 000,000,688 | ---- | M] () -- C:\Windows\System32\drivers\kgpcpy.cfg
[2010/10/07 23:42:39 | 000,001,933 | ---- | M] () -- C:\Users\Public\Desktop\avast! Free Antivirus.lnk
[2010/10/07 23:42:37 | 000,002,577 | ---- | M] () -- C:\Windows\System32\config.nt
[2010/10/01 14:29:04 | 000,002,917 | ---- | M] () -- C:\Users\Christian\Documents\Kaspersky.html
[2010/09/30 22:45:41 | 000,000,979 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes' Anti-Malware.lnk
[2010/09/30 19:53:59 | 000,524,288 | -HS- | M] () -- C:\Users\Christian\ntuser.dat{eff98ec1-cce9-11df-9b06-0025646c62ba}.TMContainer00000000000000000002.regtrans-ms
[2010/09/30 19:53:59 | 000,524,288 | -HS- | M] () -- C:\Users\Christian\ntuser.dat{eff98ec1-cce9-11df-9b06-0025646c62ba}.TMContainer00000000000000000001.regtrans-ms
[2010/09/30 19:53:59 | 000,065,536 | -HS- | M] () -- C:\Users\Christian\ntuser.dat{eff98ec1-cce9-11df-9b06-0025646c62ba}.TM.blf
[2010/09/11 18:33:58 | 231,225,215 | ---- | M] () -- C:\Users\Christian\Documents\Gohan-Had Enough Rendering.mp4
[2010/09/11 08:17:09 | 231,210,377 | ---- | M] () -- C:\Users\Christian\Documents\Gohan-Had Enough.mp4
[2010/09/10 01:51:14 | 000,000,000 | ---- | M] () -- C:\Windows\nsreg.dat
[2010/09/10 01:50:48 | 000,001,909 | ---- | M] () -- C:\Users\Christian\Application Data\Microsoft\Internet Explorer\Quick Launch\Mozilla Firefox.lnk
[2010/09/10 01:50:48 | 000,001,885 | ---- | M] () -- C:\Users\Public\Desktop\Mozilla Firefox.lnk
[2010/09/09 18:51:02 | 000,000,056 | -H-- | M] () -- C:\Windows\System32\ezsidmv.dat
[2010/09/09 18:50:07 | 000,002,503 | ---- | M] () -- C:\Users\Public\Desktop\Skype.lnk
[2010/09/09 18:49:09 | 000,001,863 | ---- | M] () -- C:\Users\Christian\Desktop\LimeWire 5.5.14.lnk
[2010/09/09 15:57:12 | 000,524,288 | -HS- | M] () -- C:\Users\Christian\ntuser.dat{862a1f86-bc2a-11df-9b62-0025646c62ba}.TMContainer00000000000000000002.regtrans-ms
[2010/09/09 15:57:12 | 000,524,288 | -HS- | M] () -- C:\Users\Christian\ntuser.dat{862a1f86-bc2a-11df-9b62-0025646c62ba}.TMContainer00000000000000000001.regtrans-ms
[2010/09/09 15:57:12 | 000,065,536 | -HS- | M] () -- C:\Users\Christian\ntuser.dat{862a1f86-bc2a-11df-9b62-0025646c62ba}.TM.blf
[2010/09/07 11:12:17 | 000,038,848 | ---- | M] (AVAST Software) -- C:\Windows\avastSS.scr
[2010/09/07 11:11:54 | 000,167,592 | ---- | M] (AVAST Software) -- C:\Windows\System32\aswBoot.exe
[2010/09/07 10:52:25 | 000,046,672 | ---- | M] (AVAST Software) -- C:\Windows\System32\drivers\aswTdi.sys
[2010/09/07 10:52:03 | 000,165,584 | ---- | M] (AVAST Software) -- C:\Windows\System32\drivers\aswSP.sys
[2010/09/07 10:47:46 | 000,023,376 | ---- | M] (AVAST Software) -- C:\Windows\System32\drivers\aswRdr.sys
[2010/09/07 10:47:30 | 000,050,768 | ---- | M] (AVAST Software) -- C:\Windows\System32\drivers\aswMonFlt.sys
[2010/09/07 10:47:07 | 000,017,744 | ---- | M] (AVAST Software) -- C:\Windows\System32\drivers\aswFsBlk.sys
[2010/09/02 22:10:30 | 000,001,821 | ---- | M] () -- C:\Users\Christian\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\LimeWire On Startup.lnk
[2010/09/02 16:18:38 | 000,002,608 | ---- | M] () -- C:\Users\Christian\Documents\Register Vegas Pro.htm
[2010/09/02 16:11:19 | 000,001,878 | ---- | M] () -- C:\Users\Public\Desktop\Vegas Pro 9.0.lnk
[2010/09/02 15:01:10 | 000,001,075 | ---- | M] () -- C:\Users\Christian\Application Data\Microsoft\Internet Explorer\Quick Launch\PokerStars.net.lnk
[2010/09/02 15:01:10 | 000,001,051 | ---- | M] () -- C:\Users\Public\Desktop\PokerStars.lnk
[2010/09/02 14:45:16 | 000,002,429 | ---- | M] () -- C:\Users\Public\Desktop\iTunes.lnk
[2010/09/02 14:44:20 | 000,001,815 | ---- | M] () -- C:\Users\Public\Desktop\QuickTime Player.lnk
[2010/09/02 08:05:24 | 000,039,293 | ---- | M] () -- C:\Windows\System32\license.rtf
[2010/09/02 08:03:32 | 000,000,000 | -H-- | M] () -- C:\Windows\System32\drivers\Msft_User_WpdFs_01_09_00.Wdf
[2010/09/02 05:59:20 | 000,000,000 | -H-- | M] () -- C:\Windows\System32\drivers\Msft_User_WpdMtpDr_01_09_00.Wdf
[2010/09/02 05:21:44 | 000,524,288 | -HS- | M] () -- C:\Users\Christian\NTUSER.DAT{6cced2f1-6e01-11de-8bed-001e0bcd1824}.TMContainer00000000000000000002.regtrans-ms
[2010/09/02 05:21:44 | 000,524,288 | -HS- | M] () -- C:\Users\Christian\NTUSER.DAT{6cced2f1-6e01-11de-8bed-001e0bcd1824}.TMContainer00000000000000000001.regtrans-ms
[2010/09/02 05:21:44 | 000,065,536 | -HS- | M] () -- C:\Users\Christian\NTUSER.DAT{6cced2f1-6e01-11de-8bed-001e0bcd1824}.TM.blf
[2010/09/02 05:15:33 | 000,001,407 | ---- | M] () -- C:\Users\Christian\Application Data\Microsoft\Internet Explorer\Quick Launch\Launch Internet Explorer Browser.lnk
[2010/09/02 05:10:40 | 000,057,560 | ---- | M] () -- C:\Users\Christian\AppData\Local\GDIPFONTCACHEV1.DAT
[2010/09/02 05:10:35 | 000,001,413 | ---- | M] () -- C:\Users\Christian\Desktop\Internet Explorer.lnk
[2010/09/02 05:10:10 | 000,000,020 | -HS- | M] () -- C:\Users\Christian\ntuser.ini
[2010/07/27 08:03:20 | 010,829,656 | ---- | M] () -- C:\Windows\System32\LogiDPP.dll
[2010/07/27 08:03:20 | 000,102,744 | ---- | M] () -- C:\Windows\System32\LogiDPPApp.exe
[2010/07/27 08:03:18 | 000,290,648 | ---- | M] () -- C:\Windows\System32\DevManagerCore.dll
[2010/07/27 07:56:40 | 000,266,828 | ---- | M] () -- C:\Windows\System32\drivers\LVAFT.cfg
[2010/07/27 07:56:04 | 000,090,411 | ---- | M] () -- C:\Windows\System32\lvcoinst.ini
[2010/07/27 07:55:50 | 000,037,518 | ---- | M] () -- C:\Windows\System32\Repository.reg

========== Files Created - No Company Name ==========

[2010/10/13 00:21:05 | 000,080,384 | ---- | C] () -- C:\Users\Christian\Desktop\MBRCheck.exe
[2010/10/11 22:11:09 | 000,256,512 | ---- | C] () -- C:\Windows\PEV.exe
[2010/10/11 22:11:09 | 000,098,816 | ---- | C] () -- C:\Windows\sed.exe
[2010/10/11 22:11:09 | 000,080,412 | ---- | C] () -- C:\Windows\grep.exe
[2010/10/11 22:11:09 | 000,077,312 | ---- | C] () -- C:\Windows\MBR.exe
[2010/10/11 22:11:09 | 000,068,096 | ---- | C] () -- C:\Windows\zip.exe
[2010/10/11 21:27:09 | 003,877,883 | R--- | C] () -- C:\Users\Christian\Desktop\etavarescf.exe
[2010/10/08 21:24:20 | 000,284,915 | ---- | C] () -- C:\Users\Christian\Desktop\gmer.zip
[2010/10/07 23:43:23 | 000,000,688 | ---- | C] () -- C:\Windows\System32\drivers\kgpcpy.cfg
[2010/10/07 23:38:22 | 000,524,288 | -HS- | C] () -- C:\Users\Christian\ntuser.dat{6a59cd48-d28d-11df-ad56-0025646c62ba}.TMContainer00000000000000000002.regtrans-ms
[2010/10/07 23:38:21 | 000,524,288 | -HS- | C] () -- C:\Users\Christian\ntuser.dat{6a59cd48-d28d-11df-ad56-0025646c62ba}.TMContainer00000000000000000001.regtrans-ms
[2010/10/07 23:38:21 | 000,065,536 | -HS- | C] () -- C:\Users\Christian\ntuser.dat{6a59cd48-d28d-11df-ad56-0025646c62ba}.TM.blf
[2010/10/01 14:29:04 | 000,002,917 | ---- | C] () -- C:\Users\Christian\Documents\Kaspersky.html
[2010/09/30 22:45:41 | 000,000,979 | ---- | C] () -- C:\Users\Public\Desktop\Malwarebytes' Anti-Malware.lnk
[2010/09/30 19:46:49 | 000,524,288 | -HS- | C] () -- C:\Users\Christian\ntuser.dat{eff98ec1-cce9-11df-9b06-0025646c62ba}.TMContainer00000000000000000002.regtrans-ms
[2010/09/30 19:46:49 | 000,524,288 | -HS- | C] () -- C:\Users\Christian\ntuser.dat{eff98ec1-cce9-11df-9b06-0025646c62ba}.TMContainer00000000000000000001.regtrans-ms
[2010/09/30 19:46:49 | 000,065,536 | -HS- | C] () -- C:\Users\Christian\ntuser.dat{eff98ec1-cce9-11df-9b06-0025646c62ba}.TM.blf
[2010/09/15 19:23:40 | 000,001,219 | ---- | C] () -- C:\Users\Public\Desktop\World of Warcraft.lnk
[2010/09/11 18:10:12 | 231,225,215 | ---- | C] () -- C:\Users\Christian\Documents\Gohan-Had Enough Rendering.mp4
[2010/09/11 07:53:23 | 231,210,377 | ---- | C] () -- C:\Users\Christian\Documents\Gohan-Had Enough.mp4
[2010/09/10 01:51:14 | 000,000,000 | ---- | C] () -- C:\Windows\nsreg.dat
[2010/09/10 01:50:48 | 000,001,909 | ---- | C] () -- C:\Users\Christian\Application Data\Microsoft\Internet Explorer\Quick Launch\Mozilla Firefox.lnk
[2010/09/10 01:50:48 | 000,001,885 | ---- | C] () -- C:\Users\Public\Desktop\Mozilla Firefox.lnk
[2010/09/09 18:51:02 | 000,000,056 | -H-- | C] () -- C:\Windows\System32\ezsidmv.dat
[2010/09/09 18:50:07 | 000,002,503 | ---- | C] () -- C:\Users\Public\Desktop\Skype.lnk
[2010/09/09 18:49:09 | 000,001,863 | ---- | C] () -- C:\Users\Christian\Desktop\LimeWire 5.5.14.lnk
[2010/09/09 11:54:59 | 000,524,288 | -HS- | C] () -- C:\Users\Christian\ntuser.dat{862a1f86-bc2a-11df-9b62-0025646c62ba}.TMContainer00000000000000000002.regtrans-ms
[2010/09/09 11:54:59 | 000,524,288 | -HS- | C] () -- C:\Users\Christian\ntuser.dat{862a1f86-bc2a-11df-9b62-0025646c62ba}.TMContainer00000000000000000001.regtrans-ms
[2010/09/09 11:54:59 | 000,065,536 | -HS- | C] () -- C:\Users\Christian\ntuser.dat{862a1f86-bc2a-11df-9b62-0025646c62ba}.TM.blf
[2010/09/02 22:10:30 | 000,001,821 | ---- | C] () -- C:\Users\Christian\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\LimeWire On Startup.lnk
[2010/09/02 16:11:19 | 000,001,878 | ---- | C] () -- C:\Users\Public\Desktop\Vegas Pro 9.0.lnk
[2010/09/02 15:01:10 | 000,001,075 | ---- | C] () -- C:\Users\Christian\Application Data\Microsoft\Internet Explorer\Quick Launch\PokerStars.net.lnk
[2010/09/02 15:01:10 | 000,001,051 | ---- | C] () -- C:\Users\Public\Desktop\PokerStars.lnk
[2010/09/02 14:45:16 | 000,002,429 | ---- | C] () -- C:\Users\Public\Desktop\iTunes.lnk
[2010/09/02 14:44:20 | 000,001,815 | ---- | C] () -- C:\Users\Public\Desktop\QuickTime Player.lnk
[2010/09/02 08:03:32 | 000,000,000 | -H-- | C] () -- C:\Windows\System32\drivers\Msft_User_WpdFs_01_09_00.Wdf
[2010/09/02 08:02:03 | 2384,744,448 | -HS- | C] () -- C:\hiberfil.sys
[2010/09/02 05:59:20 | 000,000,000 | -H-- | C] () -- C:\Windows\System32\drivers\Msft_User_WpdMtpDr_01_09_00.Wdf
[2010/09/02 05:39:29 | 000,001,933 | ---- | C] () -- C:\Users\Public\Desktop\avast! Free Antivirus.lnk
[2010/09/02 05:15:33 | 000,001,407 | ---- | C] () -- C:\Users\Christian\Application Data\Microsoft\Internet Explorer\Quick Launch\Launch Internet Explorer Browser.lnk
[2010/09/02 05:10:35 | 000,001,413 | ---- | C] () -- C:\Users\Christian\Desktop\Internet Explorer.lnk
[2010/09/02 05:10:10 | 000,000,020 | -HS- | C] () -- C:\Users\Christian\ntuser.ini
[2010/09/02 05:10:09 | 001,572,864 | -HS- | C] () -- C:\Users\Christian\ntuser.dat
[2010/09/02 05:10:09 | 000,524,288 | -HS- | C] () -- C:\Users\Christian\NTUSER.DAT{6cced2f1-6e01-11de-8bed-001e0bcd1824}.TMContainer00000000000000000002.regtrans-ms
[2010/09/02 05:10:09 | 000,524,288 | -HS- | C] () -- C:\Users\Christian\NTUSER.DAT{6cced2f1-6e01-11de-8bed-001e0bcd1824}.TMContainer00000000000000000001.regtrans-ms
[2010/09/02 05:10:09 | 000,262,144 | -HS- | C] () -- C:\Users\Christian\ntuser.dat.LOG1
[2010/09/02 05:10:09 | 000,065,536 | -HS- | C] () -- C:\Users\Christian\NTUSER.DAT{6cced2f1-6e01-11de-8bed-001e0bcd1824}.TM.blf
[2010/09/02 05:10:09 | 000,000,290 | ---- | C] () -- C:\Users\Christian\Application Data\Microsoft\Internet Explorer\Quick Launch\Shows Desktop.lnk
[2010/09/02 05:10:09 | 000,000,272 | ---- | C] () -- C:\Users\Christian\Application Data\Microsoft\Internet Explorer\Quick Launch\Window Switcher.lnk
[2010/09/02 05:10:09 | 000,000,000 | -HS- | C] () -- C:\Users\Christian\ntuser.dat.LOG2
[2010/09/02 04:47:35 | 000,080,702 | ---- | C] () -- C:\Users\Christian\Documents\JavaRNG 2.1.jar
[2010/09/02 04:44:51 | 000,211,815 | ---- | C] () -- C:\Users\Christian\Documents\RNGReporter_830.zip
[2010/09/02 04:44:51 | 000,002,608 | ---- | C] () -- C:\Users\Christian\Documents\Register Vegas Pro.htm
[2010/09/02 04:06:08 | 129,387,158 | ---- | C] () -- C:\Users\Christian\Documents\Vista System Files.zip
[2010/07/27 08:03:20 | 010,829,656 | ---- | C] () -- C:\Windows\System32\LogiDPP.dll
[2010/07/27 08:03:20 | 000,102,744 | ---- | C] () -- C:\Windows\System32\LogiDPPApp.exe
[2010/07/27 08:03:18 | 000,290,648 | ---- | C] () -- C:\Windows\System32\DevManagerCore.dll
[2010/07/27 07:56:40 | 000,266,828 | ---- | C] () -- C:\Windows\System32\drivers\LVAFT.cfg
[2010/07/27 07:56:04 | 000,090,411 | ---- | C] () -- C:\Windows\System32\lvcoinst.ini
[2010/07/27 07:55:50 | 000,037,518 | ---- | C] () -- C:\Windows\System32\Repository.reg
[2010/04/21 17:22:50 | 000,208,896 | ---- | C] () -- C:\Windows\System32\iglhsip32.dll
[2010/04/21 17:22:50 | 000,143,360 | ---- | C] () -- C:\Windows\System32\iglhcp32.dll
[2009/09/28 09:22:00 | 000,315,392 | ---- | C] () -- C:\Windows\System32\drivers\yk62x86.sys
[2009/07/13 19:51:43 | 000,073,728 | ---- | C] () -- C:\Windows\System32\BthpanContextHandler.dll
[2009/07/13 19:42:10 | 000,064,000 | ---- | C] () -- C:\Windows\System32\BWContextHandler.dll

========== LOP Check ==========

[2010/09/06 02:45:41 | 000,000,000 | ---D | M] -- C:\Users\Christian\AppData\Roaming\Leadertech
[2010/10/14 19:28:22 | 000,000,000 | ---D | M] -- C:\Users\Christian\AppData\Roaming\LimeWire
[2010/09/02 16:19:18 | 000,000,000 | ---D | M] -- C:\Users\Christian\AppData\Roaming\Publish Providers
[2010/09/11 07:52:50 | 000,000,000 | ---D | M] -- C:\Users\Christian\AppData\Roaming\Sony
[2009/07/14 00:53:46 | 000,007,872 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT

========== Purity Check ==========


< End of report >


#15 etavares

etavares

    Bleepin' Remover


  • Malware Response Team
  • 15,514 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:07:08 PM

Posted 15 October 2010 - 07:54 PM

Hello, CSMartin85.

Looks good to me.


Ok, good news. Your log appears clean. Let's clean up our mess. If your computer is running well; please do the steps listed below. At the end, I've also listed a few completely optional things you can do to further secure your computer. Safe surfing!



Step 1

Uninstall ComboFix and Clean Up
Click Start > Run and type combofix /Uninstall click OK (Note the space between combofix and /Uninstall) See below:

Please advise if this step is missed for any reason as it performs some important actions.

Download and Run OTC

We will now remove the tools we used during this fix using OTC.
  • Download OTC by OldTimer and save it to your desktop.
  • If that link doesn't work, try this one.
  • Double click icon to start the program. If you are using Vista, please right-click and choose run as administrator
  • Then Click the big button.
  • You will get a prompt saying "Begin Cleanup Process". Please select Yes.
  • Restart your computer when prompted.

If you ran Defogger and disabled your emulator, please don't forget to run it again and reenable it. See the instructions here to do so.


Optional Items

Please take the time to read below to secure your machine and take the necessary steps to keep it that way.


System Still Slow?
You may wish to try StartupLite. Simply download this tool to your desktop and run it. It will explain any optional auto-start programs on your system, and offer the option to stop these programs from starting at startup. This will result in fewer programs running when you boot your system, and should improve preformance. If you are running Windows Vista or Windows 7, please right-click on the icon, and select "Run As Administrator"; otherwise it won't work.
If that does not work, you can try the steps mentioned in Slow Computer/browser? Check Here First; It May Not Be Malware

Protect yourself from malicious sites

The HOSTS file can protect you from connecting to bad sites. See The Hosts File and what it can do for you for more background.

Please download HostMan. It safeguards you with a regularly updated Hosts-file that blocks dangerous sites from opening. This adds another bit of safety while surfing the Internet. For installlation and setting up, follow these steps:
  1. Double-click the Downloaded installer and install the tool to a location of your choice
  2. Via the Startmenu, navigate to HostsMan and run the program.
    1. Click "Hosts" in the menu
    2. Click "Manage Updates" in the submenu
    3. Out of the three, select atleast one of the three (I have MVPS Host as my main one)
    4. Click "Add Update." After that you will only need to click on the following button to retrieve updates:
  3. Click the X to exit the program.
  4. Note: If you were using a custom Hosts file you will need to replace any of those entries yourself.


Keep Windows Up to Date
It is important that you visit http://www.windowsupdate.com regularly. This will ensure your computer has always the latest security updates available installed on your computer. If there are new updates to install, install them immediately, reboot your computer, and revisit the site until there are no more critical updates.



Update your AntiVirus Software

It is imperative that you update your Antivirus software at least once a week (Even more if you wish). If you do not update your antivirus software then it will not be able to catch any of the new variants that may come out. If you use a commercial antivirus program you must make sure you keep renewing your subscription. Otherwise, once your subscription runs out, you may not be able to update the programs virus definitions.


Make sure your applications have all of their updates

It is also possible for other programs on your computer to have security vulnerability that can allow malware to infect you. Therefore, it is also a good idea to check for the latest versions of commonly installed applications that are regularly patched to fix vulnerabilities. You can check these by visiting Secunia Software Inspector and Calendar of Updates.

Use a Firewall

I can not stress how important it is that you use a Firewall on your computer. Without a firewall your computer is susceptible to being hacked and taken over. I am very serious about this and see it happen almost every day with my clients. Simply using a Firewall in its default configuration can lower your risk greatly.

For a tutorial on Firewalls and a listing of some available ones see the link below:

Understanding and Using Firewalls

Install an AntiSpyware Program

A highly recommended AntiSpyware program isMalwarebytes Anti-Malware. You can download the free version..

Installing this program will provide spyware & hijacker protection on your computer alongside your virus protection. You should scan your computer with an AntiSpyware program on a regular basis just as you would an antivirus software.

Update all these programs regularly
Make sure you update all your programs regularly. Without regular updates you WILL NOT be protected when new malicious programs are released.

Follow this list and your potential for being infected again will reduce dramatically.

Good luck!

etavares


If I don't respond within 2 days, please feel free to PM me.
Please don't ask for help via PM. The forums are there for a reason. Please post in the forums so others may benefit as well.

Posted Image
Unified Network of Instructors and Trusted Eliminators
 





0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users