Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Did malware cause my BSOD crash?


  • This topic is locked This topic is locked
26 replies to this topic

#1 HeadDesk

HeadDesk

  • Members
  • 55 posts
  • OFFLINE
  •  
  • Gender:Not Telling
  • Local time:05:48 PM

Posted 07 November 2010 - 04:20 PM

I had a computer crash with BSOD and dumping of memory 2 days ago, and I don't know if I'm missing an important update or if it was caused by malware. Help please?
It happened randomly while I was watching Youtube. (I hadn't updated the flash player, but not sure if that can cause crashes.)

I do know that I clicked an innocent looking link a while back (a few weeks ago or longer) and was warned off it by the antivirus. (Link was redirecting my browser, this site contains malware - I think that's what it said.)

When I next looked all the green ticks that indicated safe links were gone, and I was getting an aggressive popup all the time threatening infection and saying 'Your computer is infected! buy this protection now to stop the Trojan attack!' and going to a form asking for credit card details. Pic The email worm I can believe as I got spam from a friends account, but the rest of it seems fishy. I did have antivirus software and it says I don't, also that might be showing more free space than I really have.

Dunno... Well if it's a scam the joke's on them, because I have no credit card - and I've heard about scareware. Pop up is long gone but I hope nothing nasty is lurking.


I also get ads targeted to what I just searched all the time, so I think there's spyware or cookies even though I laborously followed some directions on opting out of cookies from a number of sites. (this - hxxp://www.networkadvertising.org/managing/opt_out.asp)

This isn't the first time I've had problems. I'm just hoping I've simply neglected something basic and easily fixed, rather than the crash and dumping being from a virus. I've been so bad about backing up, and have no idea about cleaning a virus or spyware out of the computer should I need to.


Here are the logs from the links I was asked to follow. (And I hope random viewers can't hack me with info I post publicly from these >.< )


DDS (Ver_10-11-08.01) - NTFSx86
Run by Bella at 6:30:52.53 on Mon 08/11/2010
Internet Explorer: 8.0.6001.18975
Microsoft® Windows Vista™ Home Premium 6.0.6002.2.1252.61.1033.18.3070.1666 [GMT 11:00]

SP: Windows Defender *enabled* (Updated) {D68DDC3A-831F-4FAE-9E44-DA132C1ACF46}

============== Running Processes ===============

C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\svchost.exe -k rpcss
C:\Windows\System32\svchost.exe -k secsvcs
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k GPSvcGroup
C:\Windows\system32\SLsvc.exe
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\svchost.exe -k NetworkService
C:\Program Files\Alwil Software\Avast5\AvastSvc.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Windows\RtHDVCpl.exe
C:\Windows\System32\rundll32.exe
C:\Program Files\Alwil Software\Avast5\AvastUI.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Program Files\Windows Live\Messenger\msnmsgr.exe
C:\Windows\System32\rundll32.exe
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\taskeng.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Windows\system32\taskeng.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Windows\system32\svchost.exe -k hpdevmgmt
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
C:\Windows\system32\svchost.exe -k imgsvc
C:\Windows\System32\svchost.exe -k WerSvcGroup
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
C:\Windows\system32\SearchIndexer.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
C:\Windows\system32\WUDFHost.exe
C:\Program Files\Windows Live\Installer\wlstartup.exe
C:\Program Files\VIRGIN BROADBAND\VIRGIN BROADBAND.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Microsoft\Search Enhancement Pack\SCServer\SCServer.exe
C:\Program Files\Google\Google Toolbar\GoogleToolbarUser_32.exe
C:\Windows\system32\Macromed\Flash\FlashUtil10c.exe
C:\Windows\system32\svchost.exe -k SDRSVC
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Windows\system32\conime.exe
C:\Windows\system32\SearchProtocolHost.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Users\Bella\Desktop\dds.scr
C:\Windows\system32\wbem\wmiprvse.exe

============== Pseudo HJT Report ===============

uSearch Bar = hxxp://www.google.com/ie
uSearch Page = hxxp://www.google.com
uStart Page = hxxp://aldi.com.au/
mDefault_Page_URL = hxxp://aldi.com.au/
uSearchURL,(Default) = hxxp://www.google.com/keyword/%s
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll
BHO: Search Helper: {6ebf7485-159f-4bff-a14f-b9e3aac4465b} - c:\program files\microsoft\search enhancement pack\search helper\SEPsearchhelperie.dll
BHO: SSVHelper Class: {761497bb-d6f0-462c-b6eb-d4daf1d92d43} - c:\program files\java\jre1.6.0_03\bin\ssv.dll
BHO: Windows Live ID Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - c:\program files\common files\microsoft shared\windows live\WindowsLiveLogin.dll
BHO: Google Toolbar Helper: {aa58ed58-01dd-4d91-8333-cf10577473f7} - c:\program files\google\google toolbar\GoogleToolbar_32.dll
BHO: Google Toolbar Notifier BHO: {af69de43-7d58-4638-b6fa-ce66b5ad205d} - c:\program files\google\googletoolbarnotifier\5.6.5805.1910\swg.dll
BHO: HP Smart BHO Class: {ffffffff-cf4e-4f2b-bdc2-0e72e116a856} - c:\program files\hp\digital imaging\smart web printing\hpswp_BHO.dll
TB: {CCC7A320-B3CA-4199-B1A6-9F516DD69829} - No File
TB: Google Toolbar: {2318c2b1-4965-11d4-9b18-009027a5cd4f} - c:\program files\google\google toolbar\GoogleToolbar_32.dll
TB: {21FA44EF-376D-4D53-9B0F-8A89D3229068} - No File
TB: {472734EA-242A-422B-ADF8-83D1E48CC825} - No File
uRun: [swg] "c:\program files\google\googletoolbarnotifier\GoogleToolbarNotifier.exe"
uRun: [msnmsgr] "c:\program files\windows live\messenger\msnmsgr.exe" /background
mRun: [MSConfig] "c:\windows\system32\msconfig.exe" /auto
mRun: [SynTPEnh] c:\program files\synaptics\syntp\SynTPEnh.exe
mRun: [RtHDVCpl] RtHDVCpl.exe
mRun: [Skytel] Skytel.exe
mRun: [NvSvc] RUNDLL32.EXE c:\windows\system32\nvsvc.dll,nvsvcStart
mRun: [NvCplDaemon] RUNDLL32.EXE c:\windows\system32\NvCpl.dll,NvStartup
mRun: [NvMediaCenter] RUNDLL32.EXE c:\windows\system32\NvMcTray.dll,NvTaskbarInit
mRun: [AppleSyncNotifier] c:\program files\common files\apple\mobile device support\AppleSyncNotifier.exe
mRun: [avast5] c:\progra~1\alwils~1\avast5\avastUI.exe /nogui
mRun: [QuickTime Task] "c:\program files\quicktime\QTTask.exe" -atboottime
mRun: [iTunesHelper] "c:\program files\itunes\iTunesHelper.exe"
mPolicies-explorer: BindDirectlyToPropertySetStorage = 0 (0x0)
mPolicies-system: EnableUIADesktopToggle = 0 (0x0)
IE: E&xport to Microsoft Excel - c:\progra~1\micros~3\office12\EXCEL.EXE/3000
IE: Google Sidewiki... - c:\program files\google\google toolbar\component\GoogleToolbarDynamic_mui_en_950DF09FAB501E03.dll/cmsidewiki.html
IE: {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - {CAFEEFAC-0016-0000-0003-ABCDEFFEDCBC} - c:\program files\java\jre1.6.0_03\bin\ssv.dll
IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - c:\program files\windows live\writer\WriterBrowserExtension.dll
IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - c:\progra~1\micros~3\office12\ONBttnIE.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~3\office12\REFIEBAR.DLL
IE: {DDE87865-83C5-48c4-8357-2F5B1AA84522} - {DDE87865-83C5-48c4-8357-2F5B1AA84522} - c:\program files\hp\digital imaging\smart web printing\hpswp_BHO.dll
Trusted Zone: gothic.org.au\www
DPF: {166B1BCA-3F9C-11CF-8075-444553540000} - hxxp://fpdownload.macromedia.com/get/shockwave/cabs/director/sw.cab
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_03-windows-i586.cab
DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} - hxxp://fpdownload.macromedia.com/get/flashplayer/current/ultrashim.cab
DPF: {CAFEEFAC-0016-0000-0003-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_03-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_03-windows-i586.cab
DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
TCP: {D6B2425D-3B92-44D2-94A8-4B1F7C1C244D} = 123.200.191.17 123.200.191.18
Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - c:\program files\windows live\photo gallery\AlbumDownloadProtocolHandler.dll
AppInit_DLLs: c:\progra~1\google\google~2\GOEC62~1.DLL

============= SERVICES / DRIVERS ===============

R1 aswSP;aswSP;c:\windows\system32\drivers\aswSP.sys [2010-6-25 165584]
R2 aswFsBlk;aswFsBlk;c:\windows\system32\drivers\aswFsBlk.sys [2010-6-25 17744]
R2 aswMonFlt;aswMonFlt;c:\windows\system32\drivers\aswMonFlt.sys [2010-6-25 50768]
R2 avast! Antivirus;avast! Antivirus;c:\program files\alwil software\avast5\AvastSvc.exe [2010-6-25 40384]
R3 avast! Mail Scanner;avast! Mail Scanner;c:\program files\alwil software\avast5\AvastSvc.exe [2010-6-25 40384]
R3 avast! Web Scanner;avast! Web Scanner;c:\program files\alwil software\avast5\AvastSvc.exe [2010-6-25 40384]
R3 DCamUSBGene;GenesysLogic USB2.0 PC Camera;c:\windows\system32\drivers\USBGENE.sys [2009-10-8 131584]
R3 FontCache;Windows Font Cache Service;c:\windows\system32\svchost.exe -k LocalServiceAndNoImpersonation [2009-10-10 21504]
R3 netr28;Ralink 802.11n Wireless Driver for Windows Vista;c:\windows\system32\drivers\netr28.sys [2009-10-8 327168]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\microsoft.net\framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
S2 gupdate;Google Update Service (gupdate);c:\program files\google\update\GoogleUpdate.exe [2010-1-31 135664]
S2 Lavasoft Ad-Aware Service;Lavasoft Ad-Aware Service;c:\program files\lavasoft\ad-aware\AAWService.exe [2010-2-5 1352832]
S3 fssfltr;FssFltr;c:\windows\system32\drivers\fssfltr.sys [2010-11-5 39272]
S3 fsssvc;Windows Live Family Safety Service;c:\program files\windows live\family safety\fsssvc.exe [2010-9-23 1493352]
S3 PhilCap;NXP service;c:\windows\system32\drivers\PhilCap.sys [2009-10-8 908896]
S4 GoogleDesktopManager-061008-081103;Google Desktop Manager 5.7.806.10245;c:\program files\google\google desktop search\GoogleDesktop.exe [2008-1-17 29744]

=============== Created Last 30 ================

2010-11-07 19:29:08 630272 ----a-w- c:\users\bella\dds.scr
2010-11-07 19:27:31 50477 ----a-w- c:\users\bella\Defogger.exe
2010-11-06 12:53:37 6146896 ----a-w- c:\progra~2\microsoft\windows defender\definition updates\{83b98528-7561-43e5-8511-a44184f87478}\mpengine.dll
2010-11-05 11:28:55 -------- d-----w- c:\windows\en
2010-11-05 11:28:36 39272 ----a-w- c:\windows\system32\drivers\fssfltr.sys
2010-11-05 11:24:32 69464 ----a-w- c:\windows\system32\XAPOFX1_3.dll
2010-11-05 11:24:32 515416 ----a-w- c:\windows\system32\XAudio2_5.dll
2010-11-05 11:24:32 453456 ----a-w- c:\windows\system32\d3dx10_42.dll
2010-11-05 11:23:24 469256 ----a-w- c:\program files\common files\windows live\.cache\db01d2631cb7cdb2b\InstallManager_WLE_WLE.exe
2010-11-05 11:22:42 15712 ----a-w- c:\program files\common files\windows live\.cache\c338d5231cb7cdb1f\MeshBetaRemover.exe
2010-11-05 11:22:21 94040 ----a-w- c:\program files\common files\windows live\.cache\b69aab431cb7cdb18\DSETUP.dll
2010-11-05 11:22:21 525656 ----a-w- c:\program files\common files\windows live\.cache\b69aab431cb7cdb18\DXSETUP.exe
2010-11-05 11:22:21 1691480 ----a-w- c:\program files\common files\windows live\.cache\b69aab431cb7cdb18\dsetup32.dll
2010-11-05 11:22:19 94040 ----a-w- c:\program files\common files\windows live\.cache\b4e70fa31cb7cdb17\DSETUP.dll
2010-11-05 11:22:19 525656 ----a-w- c:\program files\common files\windows live\.cache\b4e70fa31cb7cdb17\DXSETUP.exe
2010-11-05 11:22:19 1691480 ----a-w- c:\program files\common files\windows live\.cache\b4e70fa31cb7cdb17\dsetup32.dll
2010-11-05 11:21:22 -------- d-----w- c:\users\bella\appdata\local\Windows Live
2010-11-05 11:20:18 754688 ----a-w- c:\windows\system32\webservices.dll
2010-10-29 11:14:05 1696256 ----a-w- c:\windows\system32\gameux.dll
2010-10-29 11:14:04 28672 ----a-w- c:\windows\system32\Apphlpdm.dll
2010-10-29 11:14:03 4240384 ----a-w- c:\windows\system32\GameUXLegacyGDFs.dll
2010-10-15 15:20:39 -------- d-----w- c:\program files\iPod
2010-10-15 15:20:37 -------- d-----w- c:\program files\iTunes
2010-10-15 15:18:16 159744 ----a-w- c:\program files\internet explorer\plugins\npqtplugin7.dll
2010-10-15 15:18:16 159744 ----a-w- c:\program files\internet explorer\plugins\npqtplugin6.dll
2010-10-15 15:18:16 159744 ----a-w- c:\program files\internet explorer\plugins\npqtplugin5.dll
2010-10-15 15:18:16 159744 ----a-w- c:\program files\internet explorer\plugins\npqtplugin4.dll
2010-10-15 15:18:16 159744 ----a-w- c:\program files\internet explorer\plugins\npqtplugin3.dll
2010-10-15 15:18:16 159744 ----a-w- c:\program files\internet explorer\plugins\npqtplugin2.dll
2010-10-15 15:18:16 159744 ----a-w- c:\program files\internet explorer\plugins\npqtplugin.dll
2010-10-15 15:14:53 -------- d-----w- c:\program files\Bonjour
2010-10-13 14:00:13 168960 ----a-w- c:\program files\windows media player\wmplayer.exe
2010-10-13 14:00:12 8147456 ----a-w- c:\windows\system32\wmploc.DLL
2010-10-13 13:57:32 867328 ----a-w- c:\windows\system32\wmpmde.dll
2010-10-13 13:57:31 531968 ----a-w- c:\windows\system32\comctl32.dll

==================== Find3M ====================

2010-10-19 00:41:44 222080 ------w- c:\windows\system32\MpSigStub.exe
2010-09-22 13:47:28 49016 ----a-w- c:\windows\system32\sirenacm.dll
2010-09-22 13:32:56 301936 ----a-w- c:\windows\WLXPGSS.SCR
2010-09-09 19:07:49 15880 ----a-w- c:\windows\system32\lsdelete.exe
2010-09-08 06:01:28 916480 ----a-w- c:\windows\system32\wininet.dll
2010-09-08 05:57:18 43520 ----a-w- c:\windows\system32\licmgr10.dll
2010-09-08 05:57:05 1469440 ----a-w- c:\windows\system32\inetcpl.cpl
2010-09-08 05:56:53 71680 ----a-w- c:\windows\system32\iesetup.dll
2010-09-08 05:56:53 109056 ----a-w- c:\windows\system32\iesysprep.dll
2010-09-08 05:04:36 385024 ----a-w- c:\windows\system32\html.iec
2010-09-08 04:26:46 133632 ----a-w- c:\windows\system32\ieUnatt.exe
2010-09-08 04:25:15 1638912 ----a-w- c:\windows\system32\mshtml.tlb
2010-09-08 00:17:46 94208 ----a-w- c:\windows\system32\QuickTimeVR.qtx
2010-09-08 00:17:46 69632 ----a-w- c:\windows\system32\QuickTime.qts
2010-09-07 15:12:17 38848 ----a-w- c:\windows\avastSS.scr
2010-09-06 16:20:29 125952 ----a-w- c:\windows\system32\srvsvc.dll
2010-09-06 16:19:06 17920 ----a-w- c:\windows\system32\netevent.dll
2010-08-31 15:46:37 954752 ----a-w- c:\windows\system32\mfc40.dll
2010-08-31 15:46:37 954288 ----a-w- c:\windows\system32\mfc40u.dll
2010-08-31 13:27:38 2038272 ----a-w- c:\windows\system32\win32k.sys
2010-08-26 16:37:45 157184 ----a-w- c:\windows\system32\t2embed.dll
2010-08-26 16:33:06 173056 ----a-w- c:\windows\apppatch\AcXtrnal.dll
2010-08-26 16:33:04 542720 ----a-w- c:\windows\apppatch\AcLayers.dll
2010-08-26 16:33:04 458752 ----a-w- c:\windows\apppatch\AcSpecfc.dll
2010-08-26 16:33:04 2159616 ----a-w- c:\windows\apppatch\AcGenral.dll
2010-08-17 14:11:37 128000 ----a-w- c:\windows\system32\spoolsv.exe
2010-08-15 13:41:08 1200128 ----a-w- c:\users\bella\LooknStop_Setup_207_x64_VC2005.exe
2010-08-15 13:13:26 34697898 ----a-w- c:\users\bella\clamwin-0.96.1-setup.exe
2010-08-10 15:53:15 274944 ----a-w- c:\windows\system32\schannel.dll

============= FINISH: 6:33:19.60 ===============



GMER 1.0.15.15507 - http://www.gmer.net
Rootkit scan 2010-11-08 08:08:52
Windows 6.0.6002 Service Pack 2 Harddisk0\DR0 -> \Device\Ide\IAAStorageDevice-0 WDC_WD25 01.0
Running: gmer.exe; Driver: C:\Users\Bella\AppData\Local\Temp\uwlcqpod.sys


---- Kernel code sections - GMER 1.0.15 ----

.text C:\Windows\system32\DRIVERS\nvlddmkm.sys section is writeable [0x9060C360, 0x35BDD2, 0xE8000020]
? C:\Users\Bella\AppData\Local\Temp\mbr.sys The system cannot find the file specified. !

---- Registry - GMER 1.0.15 ----

Reg HKLM\SYSTEM\CurrentControlSet\Services\BTHPORT\Upgrade\HidBth
Reg HKLM\SYSTEM\ControlSet002\Services\BTHPORT\Upgrade\HidBth (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet003\Services\BTHPORT\Upgrade\HidBth (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet004\Services\BTHPORT\Upgrade\HidBth (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet005\Services\BTHPORT\Upgrade\HidBth (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet006\Services\BTHPORT\Upgrade\HidBth (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet007\Services\BTHPORT\Upgrade\HidBth (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet008\Services\BTHPORT\Upgrade\HidBth (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet009\Services\BTHPORT\Upgrade\HidBth (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet011\Services\BTHPORT\Upgrade\HidBth (not active ControlSet)
Reg HKLM\SOFTWARE\Classes\CLSID\{B6A930A0-A4F5-43A5-9B4E-6189A6C2B9E8}@f!s!d!d!\22!`!y!m!\24!t!t!\24!{!`!s!\30! 19583823

---- EOF - GMER 1.0.15 ----

Attached Files

  • Attached File  DDS.txt   14.16KB   4 downloads
  • Attached File  ark.txt   1.96KB   3 downloads

Edited by Orange Blossom, 07 November 2010 - 07:50 PM.
Deactivate link. ~ OB


BC AdBot (Login to Remove)

 


#2 pwgib

pwgib

  • Malware Response Team
  • 2,956 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:God's Country
  • Local time:05:48 PM

Posted 15 November 2010 - 09:13 AM

Hello HeadDesk

I will be handling your log to help you get cleaned up. I apologize for the delay but the forum is very busy.

As you can see the logs we ask for are very extensive and take a lot of time to investigate.If you haven't already, you can keep the link to this topic in your Favorites. Alternatively, you can click the Options button at the top bar of this topic and Track this Topic, where you can choose email notifications.

Please make sure Word Wrap in notepad is turned off. When copying and pasting logs paste them directly in the reply box only attach logs if asked to. Do not wrap logs in codebox or code tags. It makes it very difficult to read and analyze them. Please paste them directly into the reply box.
Please do not make any changes to your system until we are through. Fixes are based upon information that is current from your system so any changes can affect our strategy. Please refrain from running any tools we may use without specific instructions.

If your operating system is Windows Vista or Windows 7 it may be necessary to right click then choose Run as Administrator any programs we use.

Before we begin please check and follow the instructions on How to Show Hidden Files and Folders in Windows Vista and Windows XP and How to show hidden files in Windows 7

Because the e-mail notification system is not completely reliable, please check your topic once a day for responses.

---------------------------

And I hope random viewers can't hack me with info I post publicly from these

Nothing in the logs we request produce any information that can be exploited. :thumbup2:

Step 1.

Please download Malwarebytes Anti-Malware and save it to your desktop.
  • Make sure you are connected to the Internet.
  • Double-click on mbam-setup.exe to install the application.
  • When the installation begins, follow the prompts and do not make any changes to default settings.
  • When installation has finished, make sure you leave both of these checked:
    • Update Malwarebytes' Anti-Malware
    • Launch Malwarebytes' Anti-Malware
  • Then click Finish.
  • MBAM will automatically start and you will be asked to update the program before performing a scan. If an update is found, the program will automatically update itself. Press the OK button to close that box and continue. If you encounter any problems while downloading the updates, manually download them from here and just double-click on mbam-rules.exe to install.
  • On the Scanner tab:
    • Make sure the "Perform Quick Scan" option is selected.
    • Then click on the Scan button.
  • If asked to select the drives to scan, leave all the drives selected and click on the Start Scan button.
  • The scan will begin and "Scan in progress" will show at the top. It may take some time to complete so please be patient.
  • When the scan is finished, a message box will say "The scan completed successfully. Click 'Show Results' to display all objects found".
  • Click OK to close the message box and continue with the removal process.
  • Back at the main Scanner screen, click on the Show Results button to see a list of any malware that was found.
  • Make sure that everything is checked, and click Remove Selected.
  • When removal is completed, a log report will open in Notepad.
  • The log is automatically saved and can be viewed by clicking the Logs tab in MBAM.
  • Copy and paste the contents of that report in your next reply and exit MBAM.
Note: If MBAM encounters a file that is difficult to remove, you may be asked to reboot your computer so it can proceed with the disinfection process. Regardless if prompted to restart the computer or not, please do so immediately. Failure to reboot normally (not into safe mode) will prevent MBAM from removing all the malware. MBAM may make changes to your registry as part of its disinfection routine. If you're using other security programs that detect registry changes, they may alert you after scanning with MBAM. Please permit the program to allow the changes.

Step 2.

Download Combofix from any of the links below, and save it to your desktop.

Link 1
Link 2
  • Close/disable all anti-virus and anti-malware programs so they do not interfere with the running of ComboFix. <----Important
    Refer to this page if you are not sure how.
  • Close any open windows, including this one.
  • Double click on ComboFix.exe & follow the prompts.
  • As part of it's process, ComboFix will check to see if the Microsoft Windows Recovery Console is installed. With malware infections being as they are today, it's strongly recommended to have this pre-installed on your machine before doing any malware removal. It will allow you to boot up into a special recovery/repair mode that will allow us to more easily help you should your computer have a problem after an attempted removal of malware.
  • If you did not have it installed, you will see the prompt below. Choose YES.
  • Posted Image
  • Follow the prompts to allow ComboFix to download and install the Microsoft Windows Recovery Console, and when prompted, agree to the End-User License Agreement to install the Microsoft Windows Recovery Console.
**Please note: If the Microsoft Windows Recovery Console is already installed, ComboFix will continue it's malware removal procedures.

Note:The Windows Recovery Console will allow you to boot up into a special recovery (repair) mode. This allows us to more easily help you
should your computer have a problem after an attempted removal of malware. It is a simple procedure that will only take a few moments of your time.
  • Once the Microsoft Windows Recovery Console is installed using ComboFix, you should see the following message:

    Posted Image
  • Click on Yes, to continue scanning for malware.
  • When finished, it will produce a report for you. Please post the contents of the log (C:\ComboFix.txt).
Leave your computer alone while ComboFix is running.
ComboFix will restart your computer if malware is found; allow it to do so.


Note: Please Do NOT mouseclick combofix's window while its running because it may cause it to stall.

Are you still getting redirected or popups? Are you still getting a BSOD? In your next reply please include the following:

MBAM log
ComboFix.txt


Thank you for your patience!!

Edited by pwgib, 15 November 2010 - 09:14 AM.

PW

#3 HeadDesk

HeadDesk
  • Topic Starter

  • Members
  • 55 posts
  • OFFLINE
  •  
  • Gender:Not Telling
  • Local time:05:48 PM

Posted 16 November 2010 - 12:59 PM

Ok, thanks!

Done all the 'show hidden files' stuff.

I'm not getting redirected, but I am getting the targeted ads still. I'll get popups for screensavers still, and I got another "ZOMG you are infected" thing which I believe to be scareware as I did the MBAM and it said there was no malware...

Edit: I turned Avast! off until the next restart but Adaware consistently failed to open for me to disable it, so I uninstalled Adaware for this and am reinstalling now.

I've done what was asked, and it didn't restart so possibly there's no malware... The program didn't offer me the option to install Windows Recovery Console, and if I already have it I can't locate it to reboot in repair mode. Does that matter?

Logs -


Malwarebytes' Anti-Malware 1.46
www.malwarebytes.org

Database version: 5127

Windows 6.0.6002 Service Pack 2
Internet Explorer 8.0.6001.18975

17/11/2010 3:04:29 AM
mbam-log-2010-11-17 (03-04-29).txt

Scan type: Quick scan
Objects scanned: 144170
Time elapsed: 7 minute(s), 26 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 0

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
(No malicious items detected)








ComboFix 10-11-15.06 - Bella 17/11/2010 5:12.1.2 - x86
Microsoft® Windows Vista™ Home Premium 6.0.6002.2.1252.61.1033.18.3070.2016 [GMT 11:00]
Running from: c:\users\Bella\Desktop\ComboFix.exe
SP: Windows Defender *enabled* (Updated) {D68DDC3A-831F-4FAE-9E44-DA132C1ACF46}
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\users\Bella\Defogger.exe

.
((((((((((((((((((((((((( Files Created from 2010-10-16 to 2010-11-16 )))))))))))))))))))))))))))))))
.

2010-11-16 18:20 . 2010-11-16 18:20 -------- d-----w- c:\users\Default\AppData\Local\temp
2010-11-16 15:55 . 2010-11-16 15:55 -------- d-----w- c:\users\Bella\AppData\Roaming\Malwarebytes
2010-11-16 15:55 . 2010-04-29 04:39 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2010-11-16 15:55 . 2010-11-16 15:55 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2010-11-16 15:55 . 2010-11-16 15:55 -------- d-----w- c:\programdata\Malwarebytes
2010-11-16 15:55 . 2010-04-29 04:39 20952 ----a-w- c:\windows\system32\drivers\mbam.sys
2010-11-16 11:36 . 2010-10-07 23:21 6146896 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{38287722-3031-44AC-94FE-CC170A5F0D59}\mpengine.dll
2010-11-10 04:59 . 2010-10-07 11:37 2409784 ----a-w- c:\program files\Windows Mail\OESpamFilter.dat
2010-11-07 19:29 . 2010-11-07 19:29 630272 ----a-w- c:\users\Bella\dds.scr
2010-11-05 11:28 . 2010-11-05 11:28 -------- d-----w- c:\windows\en
2010-11-05 11:28 . 2010-09-22 13:21 39272 ----a-w- c:\windows\system32\drivers\fssfltr.sys
2010-11-05 11:24 . 2009-09-04 06:44 69464 ----a-w- c:\windows\system32\XAPOFX1_3.dll
2010-11-05 11:24 . 2009-09-04 06:44 515416 ----a-w- c:\windows\system32\XAudio2_5.dll
2010-11-05 11:24 . 2009-09-04 06:29 453456 ----a-w- c:\windows\system32\d3dx10_42.dll
2010-11-05 11:23 . 2010-11-05 11:23 469256 ----a-w- c:\program files\Common Files\Windows Live\.cache\db01d2631cb7cdb2b\InstallManager_WLE_WLE.exe
2010-11-05 11:22 . 2010-11-05 11:22 15712 ----a-w- c:\program files\Common Files\Windows Live\.cache\c338d5231cb7cdb1f\MeshBetaRemover.exe
2010-11-05 11:22 . 2010-11-05 11:22 94040 ----a-w- c:\program files\Common Files\Windows Live\.cache\b69aab431cb7cdb18\DSETUP.dll
2010-11-05 11:22 . 2010-11-05 11:22 525656 ----a-w- c:\program files\Common Files\Windows Live\.cache\b69aab431cb7cdb18\DXSETUP.exe
2010-11-05 11:22 . 2010-11-05 11:22 1691480 ----a-w- c:\program files\Common Files\Windows Live\.cache\b69aab431cb7cdb18\dsetup32.dll
2010-11-05 11:22 . 2010-11-05 11:22 94040 ----a-w- c:\program files\Common Files\Windows Live\.cache\b4e70fa31cb7cdb17\DSETUP.dll
2010-11-05 11:22 . 2010-11-05 11:22 525656 ----a-w- c:\program files\Common Files\Windows Live\.cache\b4e70fa31cb7cdb17\DXSETUP.exe
2010-11-05 11:22 . 2010-11-05 11:22 1691480 ----a-w- c:\program files\Common Files\Windows Live\.cache\b4e70fa31cb7cdb17\dsetup32.dll
2010-11-05 11:21 . 2010-11-16 18:08 -------- d-----w- c:\users\Bella\AppData\Local\Windows Live
2010-11-05 11:20 . 2009-08-04 08:02 754688 ----a-w- c:\windows\system32\webservices.dll
2010-10-29 11:14 . 2010-08-26 16:34 1696256 ----a-w- c:\windows\system32\gameux.dll
2010-10-29 11:14 . 2010-08-26 16:33 28672 ----a-w- c:\windows\system32\Apphlpdm.dll
2010-10-29 11:14 . 2010-08-26 14:23 4240384 ----a-w- c:\windows\system32\GameUXLegacyGDFs.dll

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-10-19 00:41 . 2010-02-03 18:55 222080 ------w- c:\windows\system32\MpSigStub.exe
2010-09-22 13:47 . 2010-09-22 13:47 49016 ----a-w- c:\windows\system32\sirenacm.dll
2010-09-22 13:32 . 2010-09-22 13:32 301936 ----a-w- c:\windows\WLXPGSS.SCR
2010-09-13 13:56 . 2010-10-13 14:00 8147456 ----a-w- c:\windows\system32\wmploc.DLL
2010-09-09 19:07 . 2010-09-09 19:07 95024 ----a-w- c:\windows\system32\drivers\SBREDrv.sys
2010-09-08 06:01 . 2010-10-13 13:59 916480 ----a-w- c:\windows\system32\wininet.dll
2010-09-08 05:57 . 2010-10-13 13:59 43520 ----a-w- c:\windows\system32\licmgr10.dll
2010-09-08 05:57 . 2010-10-13 13:59 1469440 ----a-w- c:\windows\system32\inetcpl.cpl
2010-09-08 05:56 . 2010-10-13 13:59 71680 ----a-w- c:\windows\system32\iesetup.dll
2010-09-08 05:56 . 2010-10-13 13:59 109056 ----a-w- c:\windows\system32\iesysprep.dll
2010-09-08 05:04 . 2010-10-13 13:59 385024 ----a-w- c:\windows\system32\html.iec
2010-09-08 04:26 . 2010-10-13 13:59 133632 ----a-w- c:\windows\system32\ieUnatt.exe
2010-09-08 04:25 . 2010-10-13 13:59 1638912 ----a-w- c:\windows\system32\mshtml.tlb
2010-09-08 00:17 . 2010-09-08 00:17 94208 ----a-w- c:\windows\system32\QuickTimeVR.qtx
2010-09-08 00:17 . 2010-09-08 00:17 69632 ----a-w- c:\windows\system32\QuickTime.qts
2010-09-07 15:12 . 2010-06-29 12:49 38848 ----a-w- c:\windows\avastSS.scr
2010-09-07 15:11 . 2010-06-24 13:57 167592 ----a-w- c:\windows\system32\aswBoot.exe
2010-09-07 14:52 . 2010-06-24 13:58 46672 ----a-w- c:\windows\system32\drivers\aswTdi.sys
2010-09-07 14:52 . 2010-06-24 13:58 165584 ----a-w- c:\windows\system32\drivers\aswSP.sys
2010-09-07 14:47 . 2010-06-24 13:58 23376 ----a-w- c:\windows\system32\drivers\aswRdr.sys
2010-09-07 14:47 . 2010-06-24 13:58 50768 ----a-w- c:\windows\system32\drivers\aswMonFlt.sys
2010-09-07 14:47 . 2010-06-24 13:58 17744 ----a-w- c:\windows\system32\drivers\aswFsBlk.sys
2010-09-06 16:20 . 2010-10-13 13:59 125952 ----a-w- c:\windows\system32\srvsvc.dll
2010-09-06 16:19 . 2010-10-13 13:59 17920 ----a-w- c:\windows\system32\netevent.dll
2010-09-06 13:45 . 2010-10-13 13:59 304128 ----a-w- c:\windows\system32\drivers\srv.sys
2010-09-06 13:45 . 2010-10-13 13:59 145408 ----a-w- c:\windows\system32\drivers\srv2.sys
2010-09-06 13:45 . 2010-10-13 13:59 102400 ----a-w- c:\windows\system32\drivers\srvnet.sys
2010-08-31 15:46 . 2010-10-13 13:59 954752 ----a-w- c:\windows\system32\mfc40.dll
2010-08-31 15:46 . 2010-10-13 13:59 954288 ----a-w- c:\windows\system32\mfc40u.dll
2010-08-31 15:44 . 2010-10-13 13:57 531968 ----a-w- c:\windows\system32\comctl32.dll
2010-08-31 13:27 . 2010-10-13 13:59 2038272 ----a-w- c:\windows\system32\win32k.sys
2010-08-26 16:37 . 2010-10-13 13:59 157184 ----a-w- c:\windows\system32\t2embed.dll
2010-08-26 16:33 . 2010-10-29 11:14 173056 ----a-w- c:\windows\apppatch\AcXtrnal.dll
2010-08-26 16:33 . 2010-10-29 11:14 542720 ----a-w- c:\windows\apppatch\AcLayers.dll
2010-08-26 16:33 . 2010-10-29 11:14 458752 ----a-w- c:\windows\apppatch\AcSpecfc.dll
2010-08-26 16:33 . 2010-10-29 11:14 2159616 ----a-w- c:\windows\apppatch\AcGenral.dll
2010-08-20 16:05 . 2010-10-13 13:57 867328 ----a-w- c:\windows\system32\wmpmde.dll
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2009-03-07 39408]
"msnmsgr"="c:\program files\Windows Live\Messenger\msnmsgr.exe" [2010-09-22 4240760]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2007-01-05 827392]
"RtHDVCpl"="RtHDVCpl.exe" [2007-12-04 4710400]
"Skytel"="Skytel.exe" [2007-11-20 1826816]
"NvSvc"="c:\windows\system32\nvsvc.dll" [2007-10-23 86016]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2007-10-23 8501792]
"NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2007-10-23 81920]
"AppleSyncNotifier"="c:\program files\Common Files\Apple\Mobile Device Support\AppleSyncNotifier.exe" [2010-03-16 47392]
"avast5"="c:\progra~1\ALWILS~1\Avast5\avastUI.exe" [2010-09-07 2838912]
"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2010-09-08 421888]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2010-09-23 421160]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableUIADesktopToggle"= 0 (0x0)

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WinDefend]
@="Service"

[HKLM\~\startupfolder\C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^HP Digital Imaging Monitor.lnk]
path=c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\HP Digital Imaging Monitor.lnk
backup=c:\windows\pss\HP Digital Imaging Monitor.lnk.CommonStartup
backupExtension=.CommonStartup

[HKLM\~\startupfolder\C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^TMMonitor.lnk]
path=c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\TMMonitor.lnk
backup=c:\windows\pss\TMMonitor.lnk.CommonStartup
backupExtension=.CommonStartup

[HKLM\~\startupfolder\C:^Users^Bella^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^OneNote 2007 Screen Clipper and Launcher.lnk]
path=c:\users\Bella\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OneNote 2007 Screen Clipper and Launcher.lnk
backup=c:\windows\pss\OneNote 2007 Screen Clipper and Launcher.lnk.Startup
backupExtension=.Startup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Windows Defender]
%ProgramFiles%\Windows Defender\MSASCui.exe -hide [X]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher]
2009-02-27 06:10 35696 ----a-w- c:\program files\Adobe\Reader 9.0\Reader\reader_sl.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}]
2007-10-14 22:14 202024 ----a-w- c:\program files\Common Files\Nero\Lib\NMBgMonitor.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\CLMLServer]
2007-10-17 04:42 128296 ----a-w- c:\program files\HomeCinema\Power2Go\CLMLSvc.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ehTray.exe]
2008-01-19 07:33 125952 ----a-w- c:\windows\ehome\ehtray.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Google Desktop Search]
2009-01-17 11:03 29744 ----a-w- c:\program files\Google\Google Desktop Search\GoogleDesktop.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HP Software Update]
2007-10-14 11:17 49152 ----a-w- c:\program files\HP\HP Software Update\hpwuSchd2.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\hpqSRMon]
2007-08-22 06:31 80896 ----a-w- c:\program files\HP\Digital Imaging\bin\HpqSRmon.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\IAAnotif]
2007-10-03 04:44 178712 ----a-w- c:\program files\Intel\Intel Matrix Storage Manager\IAAnotif.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper]
2010-09-23 15:10 421160 ----a-w- c:\program files\iTunes\iTunesHelper.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LanguageShortcut]
2007-01-08 11:17 52256 ----a-w- c:\program files\HomeCinema\PowerDVD\Language\Language.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\msnmsgr]
2010-09-22 13:47 4240760 ----a-w- c:\program files\Windows Live\Messenger\msnmsgr.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroFilterCheck]
2007-03-01 03:57 153136 ----a-w- c:\program files\Common Files\Nero\Lib\NeroCheck.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NvCplDaemon]
2007-10-23 12:03 8501792 ----a-w- c:\windows\System32\nvcpl.dll

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NvMediaCenter]
2007-10-23 12:03 81920 ----a-w- c:\windows\System32\nvmctray.dll

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NvSvc]
2007-10-23 12:03 86016 ----a-w- c:\windows\System32\nvsvc.dll

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
2010-09-08 00:17 421888 ----a-w- c:\program files\QuickTime\QTTask.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RemoteControl]
2007-02-09 09:51 71216 ----a-w- c:\program files\HomeCinema\PowerDVD\PDVDServ.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\swg]
2009-03-07 14:34 39408 ----a-w- c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SynTPEnh]
2007-01-05 06:18 827392 ----a-w- c:\program files\Synaptics\SynTP\SynTPEnh.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\toolbar_eula_launcher]
2007-02-09 04:54 16896 ----a-w- c:\program files\GoogleEULA\EULALauncher.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\UCam_Menu]
2007-09-13 05:32 222504 ----a-w- c:\program files\HomeCinema\YouCam\MUITransfer\MUIStartMenu.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WindowsWelcomeCenter]
2009-04-11 06:28 2153472 ----a-w- c:\windows\System32\oobefldr.dll

R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]
R2 gupdate;Google Update Service (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [2010-01-31 135664]
R3 PhilCap;NXP service;c:\windows\system32\DRIVERS\PhilCap.sys [2007-07-31 908896]
R3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;c:\windows\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe [2010-03-18 753504]
R4 GoogleDesktopManager-061008-081103;Google Desktop Manager 5.7.806.10245;c:\program files\Google\Google Desktop Search\GoogleDesktop.exe [2009-01-17 29744]
S1 aswSP;aswSP; [x]
S2 aswFsBlk;aswFsBlk; [x]
S2 aswMonFlt;aswMonFlt;c:\windows\system32\drivers\aswMonFlt.sys [2010-09-07 50768]
S3 DCamUSBGene;GenesysLogic USB2.0 PC Camera;c:\windows\system32\DRIVERS\usbgene.sys [2007-06-26 131584]
S3 netr28;Ralink 802.11n Wireless Driver for Windows Vista;c:\windows\system32\DRIVERS\netr28.sys [2007-11-21 327168]


--- Other Services/Drivers In Memory ---

*Deregistered* - BdFileSpy

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
hpdevmgmt REG_MULTI_SZ hpqcxs08 hpqddsvc
LocalServiceAndNoImpersonation REG_MULTI_SZ FontCache
.
Contents of the 'Scheduled Tasks' folder

2010-11-16 c:\windows\Tasks\Google Software Updater.job
- c:\program files\Google\Common\Google Updater\GoogleUpdaterService.exe [2008-01-17 11:03]

2010-11-16 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-01-31 10:55]

2010-11-16 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-01-31 10:55]

2010-11-16 c:\windows\Tasks\User_Feed_Synchronization-{CFB69A24-03E7-4351-90DC-03758A90E2C5}.job
- c:\windows\system32\msfeedssync.exe [2010-10-13 04:25]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://aldi.com.au/
uSearchURL,(Default) = hxxp://www.google.com/keyword/%s
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~3\Office12\EXCEL.EXE/3000
IE: Google Sidewiki... - c:\program files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_950DF09FAB501E03.dll/cmsidewiki.html
Trusted Zone: gothic.org.au\www
.
- - - - ORPHANS REMOVED - - - -

Toolbar-{CCC7A320-B3CA-4199-B1A6-9F516DD69829} - (no file)
WebBrowser-{CCC7A320-B3CA-4199-B1A6-9F516DD69829} - (no file)
MSConfigStartUp-AppleSyncNotifier - c:\program files\Common Files\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe
MSConfigStartUp-ISTray - c:\program files\Spyware Doctor\pctsTray.exe



**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2010-11-17 05:20
Windows 6.0.6002 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...


c:\users\Bella\AppData\Local\Temp\catchme.dll 53248 bytes executable

scan completed successfully
hidden files: 1

**************************************************************************
.
--------------------- LOCKED REGISTRY KEYS ---------------------

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000001
"MSCurrentCountry"=dword:00000009

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0002\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0003\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
Completion time: 2010-11-17 05:22:42
ComboFix-quarantined-files.txt 2010-11-16 18:22

Pre-Run: 149,631,238,144 bytes free
Post-Run: 150,786,584,576 bytes free

Current=1 Default=1 Failed=0 LastKnownGood=10 Sets=1,2,3,4,5,6,7,8,9,10
- - End Of File - - 704E16B803AF366E10699B156797AB86

Attached Files


Edited by HeadDesk, 16 November 2010 - 02:02 PM.


#4 pwgib

pwgib

  • Malware Response Team
  • 2,956 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:God's Country
  • Local time:05:48 PM

Posted 17 November 2010 - 03:14 AM

Hi HeadDesk,

The program didn't offer me the option to install Windows Recovery Console

This is normal. The Recovery Console in Vista and Windows 7 has been replaced with the built in System Recovery Options :)

ComboFix will check to see if the Microsoft Windows Recovery Console is installed
If you did not have it installed, you will see the prompt below. Choose YES.


Step 1.

  • Download TDSSKiller and save it to your Desktop.
  • Extract its contents to your desktop.
  • Once extracted, open the TDSSKiller folder and doubleclick on TDSSKiller.exe to run the application, then on Start Scan.
  • If an infected file is detected, the default action will be Cure, click on Continue.
  • If a suspicious file is detected, the default action will be Skip, click on Continue.
  • It may ask you to reboot the computer to complete the process. Click on Reboot Now.
  • If no reboot is required, click on Report. A log file should appear. Please copy and paste the contents of that file here.
  • If a reboot is required, the report can also be found in your root directory, (usually C:\ folder) in the form of "TDSSKiller.[Version]_[Date]_[Time]_log.txt". Please copy and paste the contents of that file here.

Step 2.

I would like to see another ARK scan.

Scan With RKUnHooker
  • Please Download Rootkit Unhooker Save it to your desktop.
  • Now double-click on RKUnhookerLE.exe to run it.
  • Click the Report tab, then click Scan.
  • Check (Tick) Drivers, Stealth. Uncheck the rest. then Click OK.
  • Wait till the scanner has finished and then click File, Save Report.
  • Save the report somewhere where you can find it. Click Close.
Copy the entire contents of the report and paste it in a reply here.

Note** you may get this warning it is ok, just ignore

"Rootkit Unhooker has detected a parasite inside itself!
It is recommended to remove parasite, okay?"


Step 3.

  • Please download mbrcheck from Here
  • Save that file to your desktop and double click on it to run it.
  • It will show a Black screen with some data on it then hit any key to continue.
  • Once it finishes there will be a log produced on your desktop that is labeled mbrcheck*.txt (where the * is date)
  • Please post the contents of that log in your next reply.

Step 4.

We need to create an OTL Report
  • Please download OTL from the following mirror:
  • Save it to your desktop.
  • Double click on the Posted Image icon on your desktop.
  • Click the "Scan All Users" checkbox.
  • Push the Posted Image button.
  • Two reports will open, copy and paste them in a reply here:
    • OTL.txt <-- Will be opened
    • Extra.txt <-- Will be minimized

In your next reply please include the following:

TDSSKiller log
RKUnhooker report
mbrcheck*.txt
OTL.txt <-- Will be opened
Extra.txt <-- Will be minimized


Thanks!!
PW

#5 HeadDesk

HeadDesk
  • Topic Starter

  • Members
  • 55 posts
  • OFFLINE
  •  
  • Gender:Not Telling
  • Local time:05:48 PM

Posted 18 November 2010 - 09:25 AM

Thanks for all your help!

:step1: TDDSK Killer log (Nothing found, no reboot needed)

2010/11/19 00:31:30.0146 TDSS rootkit removing tool 2.4.8.0 Nov 17 2010 07:23:12
2010/11/19 00:31:30.0146 ================================================================================
2010/11/19 00:31:30.0146 SystemInfo:
2010/11/19 00:31:30.0146
2010/11/19 00:31:30.0146 OS Version: 6.0.6002 ServicePack: 2.0
2010/11/19 00:31:30.0146 Product type: Workstation
2010/11/19 00:31:30.0146 ComputerName: BELLA-PC
2010/11/19 00:31:30.0146 UserName: Bella
2010/11/19 00:31:30.0146 Windows directory: C:\Windows
2010/11/19 00:31:30.0146 System windows directory: C:\Windows
2010/11/19 00:31:30.0146 Processor architecture: Intel x86
2010/11/19 00:31:30.0146 Number of processors: 2
2010/11/19 00:31:30.0146 Page size: 0x1000
2010/11/19 00:31:30.0146 Boot type: Normal boot
2010/11/19 00:31:30.0146 ================================================================================
2010/11/19 00:31:31.0347 Initialize success
2010/11/19 00:31:33.0734 ================================================================================
2010/11/19 00:31:33.0734 Scan started
2010/11/19 00:31:33.0734 Mode: Manual;
2010/11/19 00:31:33.0734 ================================================================================
2010/11/19 00:31:34.0358 ACPI (82b296ae1892fe3dbee00c9cf92f8ac7) C:\Windows\system32\drivers\acpi.sys
2010/11/19 00:31:34.0436 adp94xx (2edc5bbac6c651ece337bde8ed97c9fb) C:\Windows\system32\drivers\adp94xx.sys
2010/11/19 00:31:34.0483 adpahci (b84088ca3cdca97da44a984c6ce1ccad) C:\Windows\system32\drivers\adpahci.sys
2010/11/19 00:31:34.0545 adpu160m (7880c67bccc27c86fd05aa2afb5ea469) C:\Windows\system32\drivers\adpu160m.sys
2010/11/19 00:31:34.0576 adpu320 (9ae713f8e30efc2abccd84904333df4d) C:\Windows\system32\drivers\adpu320.sys
2010/11/19 00:31:34.0654 Afc (fe3ea6e9afc1a78e6edca121e006afb7) C:\Windows\system32\drivers\Afc.sys
2010/11/19 00:31:34.0732 AFD (a201207363aa900abf1a388468688570) C:\Windows\system32\drivers\afd.sys
2010/11/19 00:31:34.0810 AgereSoftModem (ce91b158fa490cf4c4d487a4130f4660) C:\Windows\system32\DRIVERS\AGRSM.sys
2010/11/19 00:31:34.0966 aic78xx (ae1fdf7bf7bb6c6a70f67699d880592a) C:\Windows\system32\drivers\djsvs.sys
2010/11/19 00:31:35.0013 aliide (90395b64600ebb4552e26e178c94b2e4) C:\Windows\system32\drivers\aliide.sys
2010/11/19 00:31:35.0075 amdagp (2b13e304c9dfdfa5eb582f6a149fa2c7) C:\Windows\system32\drivers\amdagp.sys
2010/11/19 00:31:35.0107 amdide (0577df1d323fe75a739c787893d300ea) C:\Windows\system32\drivers\amdide.sys
2010/11/19 00:31:35.0138 AmdK7 (dc487885bcef9f28eece6fac0e5ddfc5) C:\Windows\system32\drivers\amdk7.sys
2010/11/19 00:31:35.0169 AmdK8 (0ca0071da4315b00fc1328ca86b425da) C:\Windows\system32\drivers\amdk8.sys
2010/11/19 00:31:35.0341 arc (5f673180268bb1fdb69c99b6619fe379) C:\Windows\system32\drivers\arc.sys
2010/11/19 00:31:35.0419 arcsas (957f7540b5e7f602e44648c7de5a1c05) C:\Windows\system32\drivers\arcsas.sys
2010/11/19 00:31:35.0512 aswFsBlk (a0d86b8ac93ef95620420c7a24ac5344) C:\Windows\system32\drivers\aswFsBlk.sys
2010/11/19 00:31:35.0559 aswMonFlt (bd9119468c32b7ecd1e0544d3f286a73) C:\Windows\system32\drivers\aswMonFlt.sys
2010/11/19 00:31:35.0606 aswRdr (69823954bbd461a73d69774928c9737e) C:\Windows\system32\drivers\aswRdr.sys
2010/11/19 00:31:35.0637 aswSP (7ecc2776638b04553f9a85bd684c3abf) C:\Windows\system32\drivers\aswSP.sys
2010/11/19 00:31:35.0653 aswTdi (095ed820a926aa8189180b305e1bcfc9) C:\Windows\system32\drivers\aswTdi.sys
2010/11/19 00:31:35.0715 AsyncMac (53b202abee6455406254444303e87be1) C:\Windows\system32\DRIVERS\asyncmac.sys
2010/11/19 00:31:35.0762 atapi (1f05b78ab91c9075565a9d8a4b880bc4) C:\Windows\system32\drivers\atapi.sys
2010/11/19 00:31:35.0902 Beep (67e506b75bd5326a3ec7b70bd014dfb6) C:\Windows\system32\drivers\Beep.sys
2010/11/19 00:31:36.0058 bowser (74b442b2be1260b7588c136177ceac66) C:\Windows\system32\DRIVERS\bowser.sys
2010/11/19 00:31:36.0136 BrFiltLo (9f9acc7f7ccde8a15c282d3f88b43309) C:\Windows\system32\drivers\brfiltlo.sys
2010/11/19 00:31:36.0167 BrFiltUp (56801ad62213a41f6497f96dee83755a) C:\Windows\system32\drivers\brfiltup.sys
2010/11/19 00:31:36.0199 Brserid (b304e75cff293029eddf094246747113) C:\Windows\system32\drivers\brserid.sys
2010/11/19 00:31:36.0230 BrSerWdm (203f0b1e73adadbbb7b7b1fabd901f6b) C:\Windows\system32\drivers\brserwdm.sys
2010/11/19 00:31:36.0261 BrUsbMdm (bd456606156ba17e60a04e18016ae54b) C:\Windows\system32\drivers\brusbmdm.sys
2010/11/19 00:31:36.0277 BrUsbSer (af72ed54503f717a43268b3cc5faec2e) C:\Windows\system32\drivers\brusbser.sys
2010/11/19 00:31:36.0323 BTHMODEM (ad07c1ec6665b8b35741ab91200c6b68) C:\Windows\system32\drivers\bthmodem.sys
2010/11/19 00:31:36.0495 cdfs (7add03e75beb9e6dd102c3081d29840a) C:\Windows\system32\DRIVERS\cdfs.sys
2010/11/19 00:31:36.0557 cdrom (6b4bffb9becd728097024276430db314) C:\Windows\system32\DRIVERS\cdrom.sys
2010/11/19 00:31:36.0620 circlass (da8e0afc7baa226c538ef53ac2f90897) C:\Windows\system32\drivers\circlass.sys
2010/11/19 00:31:36.0682 CLFS (d7659d3b5b92c31e84e53c1431f35132) C:\Windows\system32\CLFS.sys
2010/11/19 00:31:36.0791 CmBatt (99afc3795b58cc478fbbbcdc658fcb56) C:\Windows\system32\DRIVERS\CmBatt.sys
2010/11/19 00:31:36.0823 cmdide (45201046c776ffdaf3fc8a0029c581c8) C:\Windows\system32\drivers\cmdide.sys
2010/11/19 00:31:36.0869 Compbatt (6afef0b60fa25de07c0968983ee4f60a) C:\Windows\system32\DRIVERS\compbatt.sys
2010/11/19 00:31:36.0901 crcdisk (2a213ae086bbec5e937553c7d9a2b22c) C:\Windows\system32\drivers\crcdisk.sys
2010/11/19 00:31:36.0932 Crusoe (22a7f883508176489f559ee745b5bf5d) C:\Windows\system32\drivers\crusoe.sys
2010/11/19 00:31:37.0025 DCamUSBGene (4aefc07ae970fb75201cdcb79e9bad33) C:\Windows\system32\DRIVERS\usbgene.sys
2010/11/19 00:31:37.0088 DfsC (218d8ae46c88e82014f5d73d0236d9b2) C:\Windows\system32\Drivers\dfsc.sys
2010/11/19 00:31:37.0181 disk (5d4aefc3386920236a548271f8f1af6a) C:\Windows\system32\drivers\disk.sys
2010/11/19 00:31:37.0259 Dot4 (4f59c172c094e1a1d46463a8dc061cbd) C:\Windows\system32\DRIVERS\Dot4.sys
2010/11/19 00:31:37.0291 Dot4Print (80bf3ba09f6f2523c8f6b7cc6dbf7bd5) C:\Windows\system32\DRIVERS\Dot4Prt.sys
2010/11/19 00:31:37.0322 dot4usb (c55004ca6b419b6695970dfe849b122f) C:\Windows\system32\DRIVERS\dot4usb.sys
2010/11/19 00:31:37.0400 drmkaud (97fef831ab90bee128c9af390e243f80) C:\Windows\system32\drivers\drmkaud.sys
2010/11/19 00:31:37.0478 DXGKrnl (5c7e2097b91d689ded7a6ff90f0f3a25) C:\Windows\System32\drivers\dxgkrnl.sys
2010/11/19 00:31:37.0556 E1G60 (f88fb26547fd2ce6d0a5af2985892c48) C:\Windows\system32\DRIVERS\E1G60I32.sys
2010/11/19 00:31:37.0634 Ecache (7f64ea048dcfac7acf8b4d7b4e6fe371) C:\Windows\system32\drivers\ecache.sys
2010/11/19 00:31:37.0696 elxstor (e8f3f21a71720c84bcf423b80028359f) C:\Windows\system32\drivers\elxstor.sys
2010/11/19 00:31:37.0821 exfat (22b408651f9123527bcee54b4f6c5cae) C:\Windows\system32\drivers\exfat.sys
2010/11/19 00:31:37.0852 fastfat (1e9b9a70d332103c52995e957dc09ef8) C:\Windows\system32\drivers\fastfat.sys
2010/11/19 00:31:37.0899 fdc (63bdada84951b9c03e641800e176898a) C:\Windows\system32\DRIVERS\fdc.sys
2010/11/19 00:31:37.0977 FETNDIS (b2b2c38e916184ff8523c7439ddd417f) C:\Windows\system32\DRIVERS\fetnd5.sys
2010/11/19 00:31:38.0024 FileInfo (a8c0139a884861e3aae9cfe73b208a9f) C:\Windows\system32\drivers\fileinfo.sys
2010/11/19 00:31:38.0071 Filetrace (0ae429a696aecbc5970e3cf2c62635ae) C:\Windows\system32\drivers\filetrace.sys
2010/11/19 00:31:38.0117 flpydisk (6603957eff5ec62d25075ea8ac27de68) C:\Windows\system32\DRIVERS\flpydisk.sys
2010/11/19 00:31:38.0180 FltMgr (01334f9ea68e6877c4ef05d3ea8abb05) C:\Windows\system32\drivers\fltmgr.sys
2010/11/19 00:31:38.0258 fssfltr (d909075fa72c090f27aa926c32cb4612) C:\Windows\system32\DRIVERS\fssfltr.sys
2010/11/19 00:31:38.0320 Fs_Rec (65ea8b77b5851854f0c55c43fa51a198) C:\Windows\system32\drivers\Fs_Rec.sys
2010/11/19 00:31:38.0351 gagp30kx (4e1cd0a45c50a8882616cae5bf82f3c5) C:\Windows\system32\drivers\gagp30kx.sys
2010/11/19 00:31:38.0383 GEARAspiWDM (8182ff89c65e4d38b2de4bb0fb18564e) C:\Windows\system32\Drivers\GEARAspiWDM.sys
2010/11/19 00:31:38.0476 HdAudAddService (cb04c744be0a61b1d648faed182c3b59) C:\Windows\system32\drivers\HdAudio.sys
2010/11/19 00:31:38.0570 HDAudBus (062452b7ffd68c8c042a6261fe8dff4a) C:\Windows\system32\DRIVERS\HDAudBus.sys
2010/11/19 00:31:38.0632 HidBth (1338520e78d90154ed6be8f84de5fceb) C:\Windows\system32\drivers\hidbth.sys
2010/11/19 00:31:38.0663 HidIr (ff3160c3a2445128c5a6d9b076da519e) C:\Windows\system32\drivers\hidir.sys
2010/11/19 00:31:38.0710 HidUsb (cca4b519b17e23a00b826c55716809cc) C:\Windows\system32\DRIVERS\hidusb.sys
2010/11/19 00:31:38.0741 HpCISSs (df353b401001246853763c4b7aaa6f50) C:\Windows\system32\drivers\hpcisss.sys
2010/11/19 00:31:38.0819 HTTP (f870aa3e254628ebeafe754108d664de) C:\Windows\system32\drivers\HTTP.sys
2010/11/19 00:31:38.0882 hwdatacard (19e6885a061011d8dabe8f64498423fa) C:\Windows\system32\DRIVERS\ewusbmdm.sys
2010/11/19 00:31:38.0913 i2omp (324c2152ff2c61abae92d09f3cca4d63) C:\Windows\system32\drivers\i2omp.sys
2010/11/19 00:31:38.0960 i8042prt (22d56c8184586b7a1f6fa60be5f5a2bd) C:\Windows\system32\DRIVERS\i8042prt.sys
2010/11/19 00:31:39.0022 iaStor (e5a0034847537eaee3c00349d5c34c5f) C:\Windows\system32\drivers\iastor.sys
2010/11/19 00:31:39.0053 iaStorV (c957bf4b5d80b46c5017bf0101e6c906) C:\Windows\system32\drivers\iastorv.sys
2010/11/19 00:31:39.0085 iirsp (2d077bf86e843f901d8db709c95b49a5) C:\Windows\system32\drivers\iirsp.sys
2010/11/19 00:31:39.0209 IntcAzAudAddService (f6548a004e94996877d43b33ffcf20e3) C:\Windows\system32\drivers\RTKVHDA.sys
2010/11/19 00:31:39.0350 intelide (83aa759f3189e6370c30de5dc5590718) C:\Windows\system32\drivers\intelide.sys
2010/11/19 00:31:39.0397 intelppm (224191001e78c89dfa78924c3ea595ff) C:\Windows\system32\DRIVERS\intelppm.sys
2010/11/19 00:31:39.0443 IpFilterDriver (62c265c38769b864cb25b4bcf62df6c3) C:\Windows\system32\DRIVERS\ipfltdrv.sys
2010/11/19 00:31:39.0537 IPMIDRV (40f34f8aba2a015d780e4b09138b6c17) C:\Windows\system32\drivers\ipmidrv.sys
2010/11/19 00:31:39.0584 IPNAT (8793643a67b42cec66490b2a0cf92d68) C:\Windows\system32\DRIVERS\ipnat.sys
2010/11/19 00:31:39.0631 IRENUM (109c0dfb82c3632fbd11949b73aeeac9) C:\Windows\system32\drivers\irenum.sys
2010/11/19 00:31:39.0677 isapnp (350fca7e73cf65bcef43fae1e4e91293) C:\Windows\system32\drivers\isapnp.sys
2010/11/19 00:31:39.0724 iScsiPrt (232fa340531d940aac623b121a595034) C:\Windows\system32\DRIVERS\msiscsi.sys
2010/11/19 00:31:39.0755 iteatapi (bced60d16156e428f8df8cf27b0df150) C:\Windows\system32\drivers\iteatapi.sys
2010/11/19 00:31:39.0802 iteraid (06fa654504a498c30adca8bec4e87e7e) C:\Windows\system32\drivers\iteraid.sys
2010/11/19 00:31:39.0865 kbdclass (37605e0a8cf00cbba538e753e4344c6e) C:\Windows\system32\DRIVERS\kbdclass.sys
2010/11/19 00:31:39.0880 kbdhid (d2600cb17b7408b4a83f231dc9a11ac3) C:\Windows\system32\drivers\kbdhid.sys
2010/11/19 00:31:39.0958 KSecDD (86165728af9bf72d6442a894fdfb4f8b) C:\Windows\system32\Drivers\ksecdd.sys
2010/11/19 00:31:40.0052 lltdio (d1c5883087a0c3f1344d9d55a44901f6) C:\Windows\system32\DRIVERS\lltdio.sys
2010/11/19 00:31:40.0067 LSI_FC (a2262fb9f28935e862b4db46438c80d2) C:\Windows\system32\drivers\lsi_fc.sys
2010/11/19 00:31:40.0083 LSI_SAS (30d73327d390f72a62f32c103daf1d6d) C:\Windows\system32\drivers\lsi_sas.sys
2010/11/19 00:31:40.0114 LSI_SCSI (e1e36fefd45849a95f1ab81de0159fe3) C:\Windows\system32\drivers\lsi_scsi.sys
2010/11/19 00:31:40.0161 luafv (8f5c7426567798e62a3b3614965d62cc) C:\Windows\system32\drivers\luafv.sys
2010/11/19 00:31:40.0192 megasas (d153b14fc6598eae8422a2037553adce) C:\Windows\system32\drivers\megasas.sys
2010/11/19 00:31:40.0239 Modem (e13b5ea0f51ba5b1512ec671393d09ba) C:\Windows\system32\drivers\modem.sys
2010/11/19 00:31:40.0286 monitor (0a9bb33b56e294f686abb7c1e4e2d8a8) C:\Windows\system32\DRIVERS\monitor.sys
2010/11/19 00:31:40.0317 mouclass (5bf6a1326a335c5298477754a506d263) C:\Windows\system32\DRIVERS\mouclass.sys
2010/11/19 00:31:40.0333 mouhid (93b8d4869e12cfbe663915502900876f) C:\Windows\system32\DRIVERS\mouhid.sys
2010/11/19 00:31:40.0364 MountMgr (bdafc88aa6b92f7842416ea6a48e1600) C:\Windows\system32\drivers\mountmgr.sys
2010/11/19 00:31:40.0411 mpio (583a41f26278d9e0ea548163d6139397) C:\Windows\system32\drivers\mpio.sys
2010/11/19 00:31:40.0442 mpsdrv (22241feba9b2defa669c8cb0a8dd7d2e) C:\Windows\system32\drivers\mpsdrv.sys
2010/11/19 00:31:40.0473 Mraid35x (4fbbb70d30fd20ec51f80061703b001e) C:\Windows\system32\drivers\mraid35x.sys
2010/11/19 00:31:40.0520 MRxDAV (82cea0395524aacfeb58ba1448e8325c) C:\Windows\system32\drivers\mrxdav.sys
2010/11/19 00:31:40.0551 mrxsmb (454341e652bdf5e01b0f2140232b073e) C:\Windows\system32\DRIVERS\mrxsmb.sys
2010/11/19 00:31:40.0598 mrxsmb10 (2a4901aff069944fa945ed5bbf4dcde3) C:\Windows\system32\DRIVERS\mrxsmb10.sys
2010/11/19 00:31:40.0629 mrxsmb20 (28b3f1ab44bdd4432c041581412f17d9) C:\Windows\system32\DRIVERS\mrxsmb20.sys
2010/11/19 00:31:40.0645 msahci (742aed7939e734c36b7e8d6228ce26b7) C:\Windows\system32\drivers\msahci.sys
2010/11/19 00:31:40.0660 msdsm (3fc82a2ae4cc149165a94699183d3028) C:\Windows\system32\drivers\msdsm.sys
2010/11/19 00:31:40.0723 Msfs (a9927f4a46b816c92f461acb90cf8515) C:\Windows\system32\drivers\Msfs.sys
2010/11/19 00:31:40.0769 msisadrv (0f400e306f385c56317357d6dea56f62) C:\Windows\system32\drivers\msisadrv.sys
2010/11/19 00:31:40.0832 MSKSSRV (d8c63d34d9c9e56c059e24ec7185cc07) C:\Windows\system32\drivers\MSKSSRV.sys
2010/11/19 00:31:40.0863 MSPCLOCK (1d373c90d62ddb641d50e55b9e78d65e) C:\Windows\system32\drivers\MSPCLOCK.sys
2010/11/19 00:31:40.0894 MSPQM (b572da05bf4e098d4bba3a4734fb505b) C:\Windows\system32\drivers\MSPQM.sys
2010/11/19 00:31:40.0925 MsRPC (b49456d70555de905c311bcda6ec6adb) C:\Windows\system32\drivers\MsRPC.sys
2010/11/19 00:31:40.0972 mssmbios (e384487cb84be41d09711c30ca79646c) C:\Windows\system32\DRIVERS\mssmbios.sys
2010/11/19 00:31:40.0972 MSTEE (7199c1eec1e4993caf96b8c0a26bd58a) C:\Windows\system32\drivers\MSTEE.sys
2010/11/19 00:31:40.0988 Mup (6a57b5733d4cb702c8ea4542e836b96c) C:\Windows\system32\Drivers\mup.sys
2010/11/19 00:31:41.0035 NativeWifiP (85c44fdff9cf7e72a40dcb7ec06a4416) C:\Windows\system32\DRIVERS\nwifi.sys
2010/11/19 00:31:41.0097 NDIS (1357274d1883f68300aeadd15d7bbb42) C:\Windows\system32\drivers\ndis.sys
2010/11/19 00:31:41.0191 NdisTapi (0e186e90404980569fb449ba7519ae61) C:\Windows\system32\DRIVERS\ndistapi.sys
2010/11/19 00:31:41.0222 Ndisuio (d6973aa34c4d5d76c0430b181c3cd389) C:\Windows\system32\DRIVERS\ndisuio.sys
2010/11/19 00:31:41.0269 NdisWan (818f648618ae34f729fdb47ec68345c3) C:\Windows\system32\DRIVERS\ndiswan.sys
2010/11/19 00:31:41.0315 NDProxy (71dab552b41936358f3b541ae5997fb3) C:\Windows\system32\drivers\NDProxy.sys
2010/11/19 00:31:41.0362 NetBIOS (bcd093a5a6777cf626434568dc7dba78) C:\Windows\system32\DRIVERS\netbios.sys
2010/11/19 00:31:41.0409 netbt (ecd64230a59cbd93c85f1cd1cab9f3f6) C:\Windows\system32\DRIVERS\netbt.sys
2010/11/19 00:31:41.0456 netr28 (b05ffe38336193a9b988b00b230c5b80) C:\Windows\system32\DRIVERS\netr28.sys
2010/11/19 00:31:41.0503 nfrd960 (2e7fb731d4790a1bc6270accefacb36e) C:\Windows\system32\drivers\nfrd960.sys
2010/11/19 00:31:41.0565 Npfs (d36f239d7cce1931598e8fb90a0dbc26) C:\Windows\system32\drivers\Npfs.sys
2010/11/19 00:31:41.0596 nsiproxy (609773e344a97410ce4ebf74a8914fcf) C:\Windows\system32\drivers\nsiproxy.sys
2010/11/19 00:31:41.0659 Ntfs (6a4a98cee84cf9e99564510dda4baa47) C:\Windows\system32\drivers\Ntfs.sys
2010/11/19 00:31:41.0721 ntrigdigi (e875c093aec0c978a90f30c9e0dfbb72) C:\Windows\system32\drivers\ntrigdigi.sys
2010/11/19 00:31:41.0768 Null (c5dbbcda07d780bda9b685df333bb41e) C:\Windows\system32\drivers\Null.sys
2010/11/19 00:31:42.0017 nvlddmkm (0c329fbe4bad0bab2a381e81b0c7f9d7) C:\Windows\system32\DRIVERS\nvlddmkm.sys
2010/11/19 00:31:42.0205 nvraid (e69e946f80c1c31c53003bfbf50cbb7c) C:\Windows\system32\drivers\nvraid.sys
2010/11/19 00:31:42.0236 nvstor (9e0ba19a28c498a6d323d065db76dffc) C:\Windows\system32\drivers\nvstor.sys
2010/11/19 00:31:42.0251 nv_agp (07c186427eb8fcc3d8d7927187f260f7) C:\Windows\system32\drivers\nv_agp.sys
2010/11/19 00:31:42.0329 ohci1394 (be32da025a0be1878f0ee8d6d9386cd5) C:\Windows\system32\DRIVERS\ohci1394.sys
2010/11/19 00:31:42.0376 Parport (0fa9b5055484649d63c303fe404e5f4d) C:\Windows\system32\DRIVERS\parport.sys
2010/11/19 00:31:42.0407 partmgr (57389fa59a36d96b3eb09d0cb91e9cdc) C:\Windows\system32\drivers\partmgr.sys
2010/11/19 00:31:42.0439 Parvdm (4f9a6a8a31413180d0fcb279ad5d8112) C:\Windows\system32\DRIVERS\parvdm.sys
2010/11/19 00:31:42.0485 pci (941dc1d19e7e8620f40bbc206981efdb) C:\Windows\system32\drivers\pci.sys
2010/11/19 00:31:42.0501 pciide (3b1901e401473e03eb8c874271e50c26) C:\Windows\system32\drivers\pciide.sys
2010/11/19 00:31:42.0517 pcmcia (e6f3fb1b86aa519e7698ad05e58b04e5) C:\Windows\system32\drivers\pcmcia.sys
2010/11/19 00:31:42.0579 PEAUTH (6349f6ed9c623b44b52ea3c63c831a92) C:\Windows\system32\drivers\peauth.sys
2010/11/19 00:31:42.0688 PhilCap (f433b5aa6dbac3c8626eefaf134e4763) C:\Windows\system32\DRIVERS\PhilCap.sys
2010/11/19 00:31:42.0766 PptpMiniport (ecfffaec0c1ecd8dbc77f39070ea1db1) C:\Windows\system32\DRIVERS\raspptp.sys
2010/11/19 00:31:42.0782 Processor (0e3cef5d28b40cf273281d620c50700a) C:\Windows\system32\drivers\processr.sys
2010/11/19 00:31:42.0829 PSched (99514faa8df93d34b5589187db3aa0ba) C:\Windows\system32\DRIVERS\pacer.sys
2010/11/19 00:31:42.0891 ql2300 (ccdac889326317792480c0a67156a1ec) C:\Windows\system32\drivers\ql2300.sys
2010/11/19 00:31:42.0922 ql40xx (81a7e5c076e59995d54bc1ed3a16e60b) C:\Windows\system32\drivers\ql40xx.sys
2010/11/19 00:31:42.0969 QWAVEdrv (9f5e0e1926014d17486901c88eca2db7) C:\Windows\system32\drivers\qwavedrv.sys
2010/11/19 00:31:43.0063 R300 (e642b131fb74caf4bb8a014f31113142) C:\Windows\system32\DRIVERS\atikmdag.sys
2010/11/19 00:31:43.0156 RasAcd (147d7f9c556d259924351feb0de606c3) C:\Windows\system32\DRIVERS\rasacd.sys
2010/11/19 00:31:43.0203 Rasl2tp (a214adbaf4cb47dd2728859ef31f26b0) C:\Windows\system32\DRIVERS\rasl2tp.sys
2010/11/19 00:31:43.0234 RasPppoe (509a98dd18af4375e1fc40bc175f1def) C:\Windows\system32\DRIVERS\raspppoe.sys
2010/11/19 00:31:43.0265 RasSstp (2005f4a1e05fa09389ac85840f0a9e4d) C:\Windows\system32\DRIVERS\rassstp.sys
2010/11/19 00:31:43.0312 rdbss (b14c9d5b9add2f84f70570bbbfaa7935) C:\Windows\system32\DRIVERS\rdbss.sys
2010/11/19 00:31:43.0343 RDPCDD (89e59be9a564262a3fb6c4f4f1cd9899) C:\Windows\system32\DRIVERS\RDPCDD.sys
2010/11/19 00:31:43.0390 rdpdr (e8bd98d46f2ed77132ba927fccb47d8b) C:\Windows\system32\drivers\rdpdr.sys
2010/11/19 00:31:43.0421 RDPENCDD (9d91fe5286f748862ecffa05f8a0710c) C:\Windows\system32\drivers\rdpencdd.sys
2010/11/19 00:31:43.0453 RDPWD (30bfbdfb7f95559ede971f9ddb9a00ba) C:\Windows\system32\drivers\RDPWD.sys
2010/11/19 00:31:43.0515 rspndr (9c508f4074a39e8b4b31d27198146fad) C:\Windows\system32\DRIVERS\rspndr.sys
2010/11/19 00:31:43.0562 RTL8169 (71b7026d61293c1e91145bdad11c53bf) C:\Windows\system32\DRIVERS\Rtlh86.sys
2010/11/19 00:31:43.0609 RTSTOR (557d431125aa3d58f2d132fda1eb8255) C:\Windows\system32\drivers\RTSTOR.SYS
2010/11/19 00:31:43.0640 sbp2port (3ce8f073a557e172b330109436984e30) C:\Windows\system32\drivers\sbp2port.sys
2010/11/19 00:31:43.0655 secdrv (90a3935d05b494a5a39d37e71f09a677) C:\Windows\system32\drivers\secdrv.sys
2010/11/19 00:31:43.0671 Serenum (68e44e331d46f0fb38f0863a84cd1a31) C:\Windows\system32\DRIVERS\serenum.sys
2010/11/19 00:31:43.0718 Serial (c70d69a918b178d3c3b06339b40c2e1b) C:\Windows\system32\DRIVERS\serial.sys
2010/11/19 00:31:43.0765 sermouse (8af3d28a879bf75db53a0ee7a4289624) C:\Windows\system32\drivers\sermouse.sys
2010/11/19 00:31:43.0780 sffdisk (103b79418da647736ee95645f305f68a) C:\Windows\system32\drivers\sffdisk.sys
2010/11/19 00:31:43.0796 sffp_mmc (8fd08a310645fe872eeec6e08c6bf3ee) C:\Windows\system32\drivers\sffp_mmc.sys
2010/11/19 00:31:43.0827 sffp_sd (9cfa05fcfcb7124e69cfc812b72f9614) C:\Windows\system32\drivers\sffp_sd.sys
2010/11/19 00:31:43.0843 sfloppy (46ed8e91793b2e6f848015445a0ac188) C:\Windows\system32\drivers\sfloppy.sys
2010/11/19 00:31:43.0858 SiSRaid2 (cedd6f4e7d84e9f98b34b3fe988373aa) C:\Windows\system32\drivers\sisraid2.sys
2010/11/19 00:31:43.0889 SiSRaid4 (df843c528c4f69d12ce41ce462e973a7) C:\Windows\system32\drivers\sisraid4.sys
2010/11/19 00:31:43.0952 Smb (7b75299a4d201d6a6533603d6914ab04) C:\Windows\system32\DRIVERS\smb.sys
2010/11/19 00:31:43.0983 spldr (7aebdeef071fe28b0eef2cdd69102bff) C:\Windows\system32\drivers\spldr.sys
2010/11/19 00:31:44.0030 srv (ff3cbc13db84d81f56931bc922cc37c4) C:\Windows\system32\DRIVERS\srv.sys
2010/11/19 00:31:44.0077 srv2 (d15959d9f69f0d39a0153e9c244f20dd) C:\Windows\system32\DRIVERS\srv2.sys
2010/11/19 00:31:44.0092 srvnet (faa0d553a49e85008c6bb3781987c574) C:\Windows\system32\DRIVERS\srvnet.sys
2010/11/19 00:31:44.0170 swenum (7ba58ecf0c0a9a69d44b3dca62becf56) C:\Windows\system32\DRIVERS\swenum.sys
2010/11/19 00:31:44.0201 Symc8xx (192aa3ac01df071b541094f251deed10) C:\Windows\system32\drivers\symc8xx.sys
2010/11/19 00:31:44.0217 Sym_hi (8c8eb8c76736ebaf3b13b633b2e64125) C:\Windows\system32\drivers\sym_hi.sys
2010/11/19 00:31:44.0233 Sym_u3 (8072af52b5fd103bbba387a1e49f62cb) C:\Windows\system32\drivers\sym_u3.sys
2010/11/19 00:31:44.0295 SynTP (7b70299794a7dbac6f4910fffcfdf208) C:\Windows\system32\DRIVERS\SynTP.sys
2010/11/19 00:31:44.0373 Tcpip (a474879afa4a596b3a531f3e69730dbf) C:\Windows\system32\drivers\tcpip.sys
2010/11/19 00:31:44.0420 Tcpip6 (a474879afa4a596b3a531f3e69730dbf) C:\Windows\system32\DRIVERS\tcpip.sys
2010/11/19 00:31:44.0467 tcpipreg (608c345a255d82a6289c2d468eb41fd7) C:\Windows\system32\drivers\tcpipreg.sys
2010/11/19 00:31:44.0513 TDPIPE (5dcf5e267be67a1ae926f2df77fbcc56) C:\Windows\system32\drivers\tdpipe.sys
2010/11/19 00:31:44.0529 TDTCP (389c63e32b3cefed425b61ed92d3f021) C:\Windows\system32\drivers\tdtcp.sys
2010/11/19 00:31:44.0545 tdx (76b06eb8a01fc8624d699e7045303e54) C:\Windows\system32\DRIVERS\tdx.sys
2010/11/19 00:31:44.0591 TermDD (3cad38910468eab9a6479e2f01db43c7) C:\Windows\system32\DRIVERS\termdd.sys
2010/11/19 00:31:44.0654 tosrfbd (8c3bfaf3fca90502e6fa35503b8e979e) C:\Windows\system32\DRIVERS\tosrfbd.sys
2010/11/19 00:31:44.0685 Tosrfhid (7c807ba9660e2995cc0217a14a24094c) C:\Windows\system32\DRIVERS\Tosrfhid.sys
2010/11/19 00:31:44.0716 tosrfnds (c52fd27b9adf3a1f22cb90e6bcf9b0cb) C:\Windows\system32\DRIVERS\tosrfnds.sys
2010/11/19 00:31:44.0763 TosRfSnd (a4ce9572bc4ac8d329455059b43c5bea) C:\Windows\system32\drivers\tosrfsnd.sys
2010/11/19 00:31:44.0810 tosrfusb (01c90086cd37e7e8d9a827e24167fcb7) C:\Windows\system32\DRIVERS\tosrfusb.sys
2010/11/19 00:31:44.0857 tssecsrv (dcf0f056a2e4f52287264f5ab29cf206) C:\Windows\system32\DRIVERS\tssecsrv.sys
2010/11/19 00:31:44.0888 tunmp (caecc0120ac49e3d2f758b9169872d38) C:\Windows\system32\DRIVERS\tunmp.sys
2010/11/19 00:31:44.0935 tunnel (300db877ac094feab0be7688c3454a9c) C:\Windows\system32\DRIVERS\tunnel.sys
2010/11/19 00:31:44.0966 uagp35 (c3ade15414120033a36c0f293d4a4121) C:\Windows\system32\DRIVERS\uagp35.sys
2010/11/19 00:31:45.0013 udfs (d9728af68c4c7693cb100b8441cbdec6) C:\Windows\system32\DRIVERS\udfs.sys
2010/11/19 00:31:45.0059 uliagpkx (75e6890ebfce0841d3291b02e7a8bdb0) C:\Windows\system32\drivers\uliagpkx.sys
2010/11/19 00:31:45.0091 uliahci (3cd4ea35a6221b85dcc25daa46313f8d) C:\Windows\system32\drivers\uliahci.sys
2010/11/19 00:31:45.0122 UlSata (8514d0e5cd0534467c5fc61be94a569f) C:\Windows\system32\drivers\ulsata.sys
2010/11/19 00:31:45.0137 ulsata2 (38c3c6e62b157a6bc46594fada45c62b) C:\Windows\system32\drivers\ulsata2.sys
2010/11/19 00:31:45.0169 umbus (32cff9f809ae9aed85464492bf3e32d2) C:\Windows\system32\DRIVERS\umbus.sys
2010/11/19 00:31:45.0231 usbccgp (caf811ae4c147ffcd5b51750c7f09142) C:\Windows\system32\DRIVERS\usbccgp.sys
2010/11/19 00:31:45.0262 usbcir (e9476e6c486e76bc4898074768fb7131) C:\Windows\system32\drivers\usbcir.sys
2010/11/19 00:31:45.0293 usbehci (79e96c23a97ce7b8f14d310da2db0c9b) C:\Windows\system32\DRIVERS\usbehci.sys
2010/11/19 00:31:45.0325 usbhub (4673bbcb006af60e7abddbe7a130ba42) C:\Windows\system32\DRIVERS\usbhub.sys
2010/11/19 00:31:45.0356 usbohci (38dbc7dd6cc5a72011f187425384388b) C:\Windows\system32\drivers\usbohci.sys
2010/11/19 00:31:45.0387 usbprint (e75c4b5269091d15a2e7dc0b6d35f2f5) C:\Windows\system32\DRIVERS\usbprint.sys
2010/11/19 00:31:45.0434 USBSTOR (be3da31c191bc222d9ad503c5224f2ad) C:\Windows\system32\DRIVERS\USBSTOR.SYS
2010/11/19 00:31:45.0481 usbuhci (814d653efc4d48be3b04a307eceff56f) C:\Windows\system32\DRIVERS\usbuhci.sys
2010/11/19 00:31:45.0527 vga (7d92be0028ecdedec74617009084b5ef) C:\Windows\system32\DRIVERS\vgapnp.sys
2010/11/19 00:31:45.0574 VgaSave (2e93ac0a1d8c79d019db6c51f036636c) C:\Windows\System32\drivers\vga.sys
2010/11/19 00:31:45.0605 viaagp (045d9961e591cf0674a920b6ba3ba5cb) C:\Windows\system32\drivers\viaagp.sys
2010/11/19 00:31:45.0621 ViaC7 (56a4de5f02f2e88182b0981119b4dd98) C:\Windows\system32\drivers\viac7.sys
2010/11/19 00:31:45.0683 viaide (fd2e3175fcada350c7ab4521dca187ec) C:\Windows\system32\drivers\viaide.sys
2010/11/19 00:31:45.0715 volmgr (69503668ac66c77c6cd7af86fbdf8c43) C:\Windows\system32\drivers\volmgr.sys
2010/11/19 00:31:45.0777 volmgrx (23e41b834759917bfd6b9a0d625d0c28) C:\Windows\system32\drivers\volmgrx.sys
2010/11/19 00:31:45.0808 volsnap (147281c01fcb1df9252de2a10d5e7093) C:\Windows\system32\drivers\volsnap.sys
2010/11/19 00:31:45.0855 vsmraid (d984439746d42b30fc65a4c3546c6829) C:\Windows\system32\drivers\vsmraid.sys
2010/11/19 00:31:45.0886 WacomPen (48dfee8f1af7c8235d4e626f0c4fe031) C:\Windows\system32\drivers\wacompen.sys
2010/11/19 00:31:45.0917 Wanarp (55201897378cca7af8b5efd874374a26) C:\Windows\system32\DRIVERS\wanarp.sys
2010/11/19 00:31:45.0933 Wanarpv6 (55201897378cca7af8b5efd874374a26) C:\Windows\system32\DRIVERS\wanarp.sys
2010/11/19 00:31:45.0964 Wd (afc5ad65b991c1e205cf25cfdbf7a6f4) C:\Windows\system32\drivers\wd.sys
2010/11/19 00:31:46.0011 Wdf01000 (b6f0a7ad6d4bd325fbcd8bac96cd8d96) C:\Windows\system32\drivers\Wdf01000.sys
2010/11/19 00:31:46.0058 WmiAcpi (701a9f884a294327e9141d73746ee279) C:\Windows\system32\drivers\wmiacpi.sys
2010/11/19 00:31:46.0120 ws2ifsl (e3a3cb253c0ec2494d4a61f5e43a389c) C:\Windows\system32\drivers\ws2ifsl.sys
2010/11/19 00:31:46.0183 WUDFRd (ac13cb789d93412106b0fb6c7eb2bcb6) C:\Windows\system32\DRIVERS\WUDFRd.sys
2010/11/19 00:31:46.0214 ================================================================================
2010/11/19 00:31:46.0214 Scan finished
2010/11/19 00:31:46.0214 ================================================================================
2010/11/19 00:37:09.0849 Deinitialize success



:step2: For the Rootkit Unhooker, I kept being unable to access the one you linked. Broken link?
I used initiative and scanned with another one (Slow PC Fighter hxxp://www.spamfighter.com/SLOW-PCfighter/?cid=adwenIMAGEcn&gclid=CKm3ifbAqqUCFQPwbwodb1eHWw), I hope this is alright?

Err... Strike that. It told me my PC's health was bad, and when I clicked 'Repair Now' it wanted me to buy stuff. :mellow: I'm not sure if it's safe or if I even should have downloaded that...

And when I try to find the one you suggested, it has lots of options. Please advise a safe one or whack up another link? Sorry for that.



:step3: MBR check

I said something infected or nonstandard was found, and asked me to choose between dumping to file, restoring MBR with normal boot code, or ignoring and closing. I didn't know the right choice, just tried second option (restore) and clicked X to exit when it asked how many characters or something. Huh? I'm lost there :huh: I saw a text file after I did that, so here it it.

BRCheck, version 1.2.3
© 2010, AD

Command-line:
Windows Version: Windows Vista Home Premium Edition
Windows Information: Service Pack 2 (build 6002), 32-bit
Base Board Manufacturer: Notebook
BIOS Manufacturer: Phoenix Technologies LTD
System Manufacturer: Notebook
System Product Name: MIM2300
Logical Drives Mask: 0x000001fc

Kernel Drivers (total 158):
0x83846000 \SystemRoot\system32\ntkrnlpa.exe
0x83813000 \SystemRoot\system32\hal.dll
0x8040C000 \SystemRoot\system32\kdcom.dll
0x80413000 \SystemRoot\system32\mcupdate_GenuineIntel.dll
0x80483000 \SystemRoot\system32\PSHED.dll
0x80494000 \SystemRoot\system32\BOOTVID.dll
0x8049C000 \SystemRoot\system32\CLFS.SYS
0x804DD000 \SystemRoot\system32\CI.dll
0x80609000 \SystemRoot\system32\drivers\Wdf01000.sys
0x80685000 \SystemRoot\system32\drivers\WDFLDR.SYS
0x80692000 \SystemRoot\system32\drivers\acpi.sys
0x806D8000 \SystemRoot\system32\drivers\WMILIB.SYS
0x806E1000 \SystemRoot\system32\drivers\msisadrv.sys
0x806E9000 \SystemRoot\system32\drivers\pci.sys
0x80710000 \SystemRoot\System32\drivers\partmgr.sys
0x8071F000 \SystemRoot\system32\DRIVERS\compbatt.sys
0x80722000 \SystemRoot\system32\DRIVERS\BATTC.SYS
0x8072C000 \SystemRoot\system32\drivers\volmgr.sys
0x8073B000 \SystemRoot\System32\drivers\volmgrx.sys
0x80785000 \SystemRoot\system32\drivers\intelide.sys
0x8078C000 \SystemRoot\system32\drivers\PCIIDEX.SYS
0x8079A000 \SystemRoot\System32\drivers\mountmgr.sys
0x83E04000 \SystemRoot\system32\drivers\iastor.sys
0x83ECC000 \SystemRoot\system32\drivers\atapi.sys
0x83ED4000 \SystemRoot\system32\drivers\ataport.SYS
0x83EF2000 \SystemRoot\system32\drivers\fltmgr.sys
0x83F24000 \SystemRoot\system32\drivers\fileinfo.sys
0x83F34000 \SystemRoot\System32\Drivers\ksecdd.sys
0x8BA0D000 \SystemRoot\system32\drivers\ndis.sys
0x8BB18000 \SystemRoot\system32\drivers\msrpc.sys
0x8BB43000 \SystemRoot\system32\drivers\NETIO.SYS
0x8BC0A000 \SystemRoot\System32\drivers\tcpip.sys
0x8BCF4000 \SystemRoot\System32\drivers\fwpkclnt.sys
0x8BE07000 \SystemRoot\System32\Drivers\Ntfs.sys
0x8BF17000 \SystemRoot\system32\drivers\volsnap.sys
0x8BF50000 \SystemRoot\system32\DRIVERS\uagp35.sys
0x8BF61000 \SystemRoot\System32\Drivers\spldr.sys
0x8BF69000 \SystemRoot\System32\Drivers\mup.sys
0x8BF78000 \SystemRoot\System32\drivers\ecache.sys
0x8BF9F000 \SystemRoot\system32\drivers\disk.sys
0x8BFB0000 \SystemRoot\system32\drivers\CLASSPNP.SYS
0x8BFD1000 \SystemRoot\system32\drivers\crcdisk.sys
0x8BFE7000 \SystemRoot\system32\DRIVERS\tunnel.sys
0x8BFF2000 \SystemRoot\system32\DRIVERS\tunmp.sys
0x8BDD7000 \SystemRoot\system32\DRIVERS\intelppm.sys
0x90201000 \SystemRoot\system32\DRIVERS\nvlddmkm.sys
0x90948000 \SystemRoot\System32\drivers\dxgkrnl.sys
0x909E9000 \SystemRoot\System32\drivers\watchdog.sys
0x909F5000 \SystemRoot\system32\DRIVERS\usbuhci.sys
0x8BB7E000 \SystemRoot\system32\DRIVERS\USBPORT.SYS
0x8BDE6000 \SystemRoot\system32\DRIVERS\usbehci.sys
0x90A04000 \SystemRoot\system32\DRIVERS\HDAudBus.sys
0x90A91000 \SystemRoot\system32\DRIVERS\netr28.sys
0x90AE8000 \SystemRoot\system32\DRIVERS\Rtlh86.sys
0x90AFF000 \SystemRoot\system32\DRIVERS\i8042prt.sys
0x90B12000 \SystemRoot\system32\DRIVERS\kbdclass.sys
0x90B1D000 \SystemRoot\system32\DRIVERS\SynTP.sys
0x90B48000 \SystemRoot\system32\DRIVERS\USBD.SYS
0x90B4A000 \SystemRoot\system32\DRIVERS\mouclass.sys
0x90B55000 \SystemRoot\system32\drivers\Afc.sys
0x90B5D000 \SystemRoot\system32\DRIVERS\cdrom.sys
0x90B75000 \SystemRoot\System32\Drivers\GEARAspiWDM.sys
0x90B7B000 \SystemRoot\system32\DRIVERS\CmBatt.sys
0x90B7F000 \SystemRoot\system32\DRIVERS\msiscsi.sys
0x90BAE000 \SystemRoot\system32\DRIVERS\storport.sys
0x90BEF000 \SystemRoot\system32\DRIVERS\TDI.SYS
0x8BBBC000 \SystemRoot\system32\DRIVERS\rasl2tp.sys
0x8BDF5000 \SystemRoot\system32\DRIVERS\ndistapi.sys
0x8BBD3000 \SystemRoot\system32\DRIVERS\ndiswan.sys
0x83FA5000 \SystemRoot\system32\DRIVERS\raspppoe.sys
0x83FB4000 \SystemRoot\system32\DRIVERS\raspptp.sys
0x83FC8000 \SystemRoot\system32\DRIVERS\rassstp.sys
0x83FDD000 \SystemRoot\system32\DRIVERS\termdd.sys
0x90BFA000 \SystemRoot\system32\DRIVERS\swenum.sys
0x807AA000 \SystemRoot\system32\DRIVERS\ks.sys
0x8BC00000 \SystemRoot\system32\DRIVERS\mssmbios.sys
0x8BA00000 \SystemRoot\system32\DRIVERS\umbus.sys
0x805BD000 \SystemRoot\system32\DRIVERS\usbhub.sys
0x83FED000 \SystemRoot\System32\Drivers\NDProxy.SYS
0x90E01000 \SystemRoot\system32\drivers\RTKVHDA.sys
0x9100D000 \SystemRoot\system32\drivers\portcls.sys
0x9103A000 \SystemRoot\system32\drivers\drmk.sys
0x9105F000 \SystemRoot\system32\DRIVERS\AGRSM.sys
0x9117B000 \SystemRoot\system32\drivers\modem.sys
0x91188000 \SystemRoot\System32\Drivers\Fs_Rec.SYS
0x91191000 \SystemRoot\System32\Drivers\Null.SYS
0x91198000 \SystemRoot\System32\Drivers\Beep.SYS
0x9119F000 \SystemRoot\System32\drivers\vga.sys
0x911AB000 \SystemRoot\System32\drivers\VIDEOPRT.SYS
0x911CC000 \SystemRoot\System32\DRIVERS\RDPCDD.sys
0x911D4000 \SystemRoot\system32\drivers\rdpencdd.sys
0x911DC000 \SystemRoot\System32\Drivers\Msfs.SYS
0x911E7000 \SystemRoot\System32\Drivers\Npfs.SYS
0x911F5000 \SystemRoot\System32\DRIVERS\rasacd.sys
0x807D4000 \SystemRoot\system32\DRIVERS\tdx.sys
0x91000000 \SystemRoot\System32\Drivers\aswTdi.SYS
0x807EA000 \SystemRoot\system32\DRIVERS\smb.sys
0x9140A000 \SystemRoot\System32\DRIVERS\netbt.sys
0x9143C000 \SystemRoot\system32\drivers\afd.sys
0x91484000 \SystemRoot\System32\Drivers\aswRdr.SYS
0x91489000 \SystemRoot\system32\DRIVERS\pacer.sys
0x9149F000 \SystemRoot\system32\DRIVERS\netbios.sys
0x914AD000 \SystemRoot\system32\DRIVERS\wanarp.sys
0x914C0000 \SystemRoot\system32\DRIVERS\rdbss.sys
0x914FC000 \SystemRoot\system32\drivers\nsiproxy.sys
0x91506000 \SystemRoot\System32\Drivers\dfsc.sys
0x9151D000 \SystemRoot\System32\Drivers\aswSP.SYS
0x91544000 \SystemRoot\System32\Drivers\fastfat.SYS
0x9156C000 \SystemRoot\system32\drivers\RTSTOR.SYS
0x9157E000 \SystemRoot\system32\DRIVERS\hidusb.sys
0x91587000 \SystemRoot\system32\DRIVERS\HIDCLASS.SYS
0x91597000 \SystemRoot\system32\DRIVERS\HIDPARSE.SYS
0x9159E000 \SystemRoot\system32\DRIVERS\mouhid.sys
0x915A6000 \SystemRoot\system32\DRIVERS\usbccgp.sys
0x915BD000 \SystemRoot\system32\DRIVERS\USBSTOR.SYS
0x915D2000 \SystemRoot\system32\DRIVERS\ewusbmdm.sys
0x915EB000 \SystemRoot\system32\DRIVERS\tosrfusb.sys
0x8BD0F000 \SystemRoot\system32\DRIVERS\usbgene.sys
0x90FEF000 \SystemRoot\system32\DRIVERS\STREAM.SYS
0x915F6000 \SystemRoot\system32\DRIVERS\USBCAMD2.SYS
0x8BD30000 \SystemRoot\system32\DRIVERS\USBGENE0.SYS
0x91E07000 \SystemRoot\system32\DRIVERS\USBGENE1.SYS
0x91E85000 \SystemRoot\system32\DRIVERS\USBGENE2.SYS
0x91EA7000 \SystemRoot\system32\DRIVERS\tosrfbd.sys
0x91EC3000 \SystemRoot\system32\DRIVERS\Tosrfhid.sys
0x91ED5000 \SystemRoot\System32\Drivers\crashdmp.sys
0x91EE2000 \SystemRoot\System32\Drivers\dump_iaStor.sys
0x968C0000 \SystemRoot\System32\win32k.sys
0x91FAA000 \SystemRoot\System32\drivers\Dxapi.sys
0x91FB4000 \SystemRoot\system32\DRIVERS\monitor.sys
0x96AE0000 \SystemRoot\System32\TSDDD.dll
0x96B00000 \SystemRoot\System32\cdd.dll
0x91FC3000 \SystemRoot\system32\drivers\luafv.sys
0x8BD69000 \??\C:\Windows\system32\drivers\aswMonFlt.sys
0x91FDE000 \SystemRoot\System32\Drivers\aswFsBlk.SYS
0xA060F000 \SystemRoot\system32\drivers\spsys.sys
0xA06BF000 \SystemRoot\system32\DRIVERS\lltdio.sys
0xA06CF000 \SystemRoot\system32\DRIVERS\nwifi.sys
0xA06F9000 \SystemRoot\system32\DRIVERS\ndisuio.sys
0xA0703000 \SystemRoot\system32\DRIVERS\rspndr.sys
0xA0716000 \SystemRoot\system32\DRIVERS\cdfs.sys
0xA072C000 \SystemRoot\system32\drivers\HTTP.sys
0xA0799000 \SystemRoot\System32\DRIVERS\srvnet.sys
0xA07B6000 \SystemRoot\system32\DRIVERS\bowser.sys
0xA07CF000 \SystemRoot\System32\drivers\mpsdrv.sys
0x8BDA0000 \SystemRoot\system32\drivers\mrxdav.sys
0xA6E0D000 \SystemRoot\system32\DRIVERS\mrxsmb.sys
0xA6E2C000 \SystemRoot\system32\DRIVERS\mrxsmb10.sys
0xA6E65000 \SystemRoot\system32\DRIVERS\mrxsmb20.sys
0xA6E7D000 \SystemRoot\System32\DRIVERS\srv2.sys
0xA6EA5000 \SystemRoot\System32\DRIVERS\srv.sys
0xA6F0B000 \SystemRoot\system32\drivers\peauth.sys
0xA6FE9000 \SystemRoot\System32\Drivers\secdrv.SYS
0xA6FF3000 \SystemRoot\System32\drivers\tcpipreg.sys
0xA6EF3000 \SystemRoot\system32\DRIVERS\WUDFRd.sys
0xA07E4000 \SystemRoot\system32\DRIVERS\WUDFPf.sys
0xA6E00000 \SystemRoot\system32\DRIVERS\asyncmac.sys
0x77840000 \Windows\System32\ntdll.dll

Processes (total 65):
0 System Idle Process
4 System
572 C:\Windows\System32\smss.exe
788 csrss.exe
840 C:\Windows\System32\wininit.exe
852 csrss.exe
884 C:\Windows\System32\services.exe
896 C:\Windows\System32\lsass.exe
904 C:\Windows\System32\lsm.exe
992 C:\Windows\System32\winlogon.exe
1088 C:\Windows\System32\svchost.exe
1160 C:\Windows\System32\svchost.exe
1208 C:\Windows\System32\svchost.exe
1296 C:\Windows\System32\svchost.exe
1372 C:\Windows\System32\svchost.exe
1396 C:\Windows\System32\svchost.exe
1468 C:\Windows\System32\audiodg.exe
1492 C:\Windows\System32\svchost.exe
1512 C:\Windows\System32\SLsvc.exe
1556 C:\Windows\System32\svchost.exe
1756 C:\Windows\System32\svchost.exe
1968 C:\Program Files\Alwil Software\Avast5\AvastSvc.exe
2004 C:\Windows\System32\dwm.exe
2028 C:\Windows\explorer.exe
856 C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
832 C:\Windows\RtHDVCpl.exe
1260 C:\Windows\System32\rundll32.exe
1424 C:\Program Files\Alwil Software\Avast5\AvastUI.exe
1636 C:\Program Files\iTunes\iTunesHelper.exe
1684 C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
1820 C:\Program Files\Windows Live\Messenger\msnmsgr.exe
1952 C:\Windows\System32\rundll32.exe
2116 C:\Windows\System32\spoolsv.exe
2148 C:\Windows\System32\taskeng.exe
2156 C:\Windows\System32\svchost.exe
2256 C:\Windows\System32\taskeng.exe
2492 C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
2548 C:\Program Files\Bonjour\mDNSResponder.exe
2600 C:\Windows\System32\svchost.exe
2680 C:\Windows\System32\svchost.exe
2784 C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
2876 C:\Windows\System32\svchost.exe
2952 C:\Windows\System32\svchost.exe
2984 C:\Program Files\Common Files\microsoft shared\Windows Live\WLIDSVC.EXE
3044 C:\Windows\System32\SearchIndexer.exe
3140 C:\Program Files\Common Files\microsoft shared\Windows Live\WLIDSVCM.EXE
3380 WUDFHost.exe
3716 C:\Program Files\VIRGIN BROADBAND\VIRGIN BROADBAND.exe
2944 C:\Program Files\Internet Explorer\iexplore.exe
3316 C:\Program Files\Internet Explorer\iexplore.exe
2296 C:\Program Files\Microsoft\Search Enhancement Pack\SCServer\SCServer.exe
928 C:\Program Files\Google\Google Toolbar\GoogleToolbarUser_32.exe
1700 C:\Windows\System32\Macromed\Flash\FlashUtil10c.exe
4108 C:\Program Files\iPod\bin\iPodService.exe
4512 C:\Windows\System32\svchost.exe
5756 C:\Program Files\Internet Explorer\iexplore.exe
4280 C:\Program Files\Internet Explorer\iexplore.exe
5648 C:\Program Files\Internet Explorer\iexplore.exe
5828 C:\Windows\System32\svchost.exe
3220 C:\Windows\System32\SearchProtocolHost.exe
5924 C:\Windows\System32\SearchFilterHost.exe
4588 dllhost.exe
1648 dllhost.exe
5448 C:\Users\Bella\Desktop\MBRCheck.exe
2240 C:\Windows\System32\conime.exe

\\.\C: --> \\.\PhysicalDrive0 at offset 0x00000000`00100000 (NTFS)
\\.\D: --> \\.\PhysicalDrive0 at offset 0x00000035`38400000 (FAT32)
\\.\I: --> \\.\PhysicalDrive2 at offset 0x00000000`00007e00 (FAT32)

PhysicalDrive0 Model Number: WDCWD2500BEVS-22UST0, Rev: 01.01A01
PhysicalDrive2 Model Number: SAMSUNGHM320JI, Rev:

Size Device Name MBR Status
--------------------------------------------
232 GB \\.\PhysicalDrive0 Windows 2008 MBR code detected
SHA1: 8DF43F2BDE2D9451948FA14B5279969C777A7979
298 GB \\.\PhysicalDrive2 MBR Code Faked!
SHA1: 88F68F4719808C4421EC96D8F3F12B0725F2E4F0


Found non-standard or infected MBR.
Enter 'Y' and hit ENTER for more options, or 'N' to exit:
Options:
[1] Dump the MBR of a physical disk to file.
[2] Restore the MBR of a physical disk with a standard boot code.
[3] Exit.

Enter your choice:


:step4:

OTL Log

OTL logfile created on: 19/11/2010 1:18:54 AM - Run 1
OTL by OldTimer - Version 3.2.17.3 Folder = C:\Users\Bella\Desktop
Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18975)
Locale: 00000C09 | Country: Australia | Language: ENA | Date Format: d/MM/yyyy

3.00 Gb Total Physical Memory | 2.00 Gb Available Physical Memory | 58.00% Memory free
6.00 Gb Paging File | 5.00 Gb Available in Paging File | 80.00% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 212.88 Gb Total Space | 141.20 Gb Free Space | 66.33% Space Free | Partition Type: NTFS
Drive D: | 20.00 Gb Total Space | 0.02 Gb Free Space | 0.08% Space Free | Partition Type: FAT32
Drive E: | 1.82 Gb Total Space | 1.81 Gb Free Space | 99.69% Space Free | Partition Type: FAT
Drive G: | 11.74 Mb Total Space | 0.00 Mb Free Space | 0.00% Space Free | Partition Type: CDFS
Drive I: | 298.02 Gb Total Space | 288.20 Gb Free Space | 96.71% Space Free | Partition Type: FAT32

Computer Name: BELLA-PC | User Name: Bella | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2010/11/19 01:17:43 | 000,575,488 | ---- | M] (OldTimer Tools) -- C:\Users\Bella\Desktop\OTL.exe
PRC - [2010/10/25 02:16:40 | 000,304,304 | ---- | M] (Google Inc.) -- C:\Program Files\Google\Google Toolbar\GoogleToolbarUser_32.exe
PRC - [2010/09/22 12:03:38 | 000,316,208 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Microsoft\Search Enhancement Pack\SCServer\SCServer.exe
PRC - [2010/09/22 12:03:38 | 000,249,136 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
PRC - [2010/09/08 02:12:02 | 002,838,912 | ---- | M] (AVAST Software) -- C:\Program Files\Alwil Software\Avast5\AvastUI.exe
PRC - [2010/09/08 02:11:59 | 000,040,384 | ---- | M] (AVAST Software) -- C:\Program Files\Alwil Software\Avast5\AvastSvc.exe
PRC - [2010/08/13 12:58:56 | 000,144,672 | ---- | M] (Apple Inc.) -- C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
PRC - [2009/10/07 10:20:36 | 000,114,688 | ---- | M] () -- C:\Program Files\VIRGIN BROADBAND\VIRGIN BROADBAND.exe
PRC - [2009/07/18 14:12:12 | 000,257,440 | R--- | M] (Adobe Systems, Inc.) -- C:\Windows\System32\Macromed\Flash\FlashUtil10c.exe
PRC - [2009/04/11 17:27:36 | 002,926,592 | ---- | M] (Microsoft Corporation) -- C:\Windows\explorer.exe
PRC - [2009/04/11 17:27:28 | 000,069,120 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\conime.exe
PRC - [2009/03/08 01:34:52 | 000,039,408 | ---- | M] (Google Inc.) -- C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
PRC - [2007/12/05 04:31:48 | 004,710,400 | ---- | M] (Realtek Semiconductor) -- C:\Windows\RtHDVCpl.exe


========== Modules (SafeList) ==========

MOD - [2010/11/19 01:17:43 | 000,575,488 | ---- | M] (OldTimer Tools) -- C:\Users\Bella\Desktop\OTL.exe
MOD - [2010/09/01 02:43:52 | 001,686,016 | ---- | M] (Microsoft Corporation) -- C:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.6002.18305_none_5cb72f2a088b0ed3\comctl32.dll


========== Win32 Services (SafeList) ==========

SRV - [2010/09/23 00:21:24 | 001,493,352 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Windows Live\Family Safety\fsssvc.exe -- (fsssvc)
SRV - [2010/09/22 12:03:38 | 000,249,136 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe -- (SeaPort)
SRV - [2010/09/08 02:11:59 | 000,040,384 | ---- | M] (AVAST Software) [On_Demand | Running] -- C:\Program Files\Alwil Software\Avast5\AvastSvc.exe -- (avast! Web Scanner)
SRV - [2010/09/08 02:11:59 | 000,040,384 | ---- | M] (AVAST Software) [On_Demand | Running] -- C:\Program Files\Alwil Software\Avast5\AvastSvc.exe -- (avast! Mail Scanner)
SRV - [2010/09/08 02:11:59 | 000,040,384 | ---- | M] (AVAST Software) [Auto | Running] -- C:\Program Files\Alwil Software\Avast5\AvastSvc.exe -- (avast! Antivirus)
SRV - [2010/08/13 12:58:56 | 000,144,672 | ---- | M] (Apple Inc.) [Auto | Running] -- C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe -- (Apple Mobile Device)
SRV - [2010/03/18 14:16:28 | 000,753,504 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe -- (WPFFontCache_v0400)
SRV - [2010/03/18 14:16:28 | 000,130,384 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32)
SRV - [2009/09/25 12:27:04 | 000,793,088 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Windows\System32\FntCache.dll -- (FontCache)
SRV - [2009/01/17 22:03:01 | 000,029,744 | ---- | M] (Google) [Disabled | Stopped] -- C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe -- (GoogleDesktopManager-061008-081103)
SRV - [2008/01/19 18:38:24 | 000,272,952 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
SRV - [2007/10/03 15:45:02 | 000,358,936 | ---- | M] (Intel Corporation) [Disabled | Stopped] -- C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTmon.exe -- (IAANTMON) Intel®
SRV - [2007/02/25 21:55:18 | 000,125,048 | ---- | M] (TOSHIBA CORPORATION) [Disabled | Stopped] -- C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtSrv.exe -- (TOSHIBA Bluetooth Service)
SRV - [2006/10/05 12:10:12 | 000,009,216 | ---- | M] (Agere Systems) [Disabled | Stopped] -- C:\Windows\System32\agrsmsvc.exe -- (AgereModemAudio)
SRV - [2001/11/12 13:31:48 | 000,020,480 | ---- | M] (X10) [Disabled | Stopped] -- C:\Program Files\Common Files\X10\Common\X10nets.exe -- (x10nets)


========== Driver Services (SafeList) ==========

DRV - File not found [Kernel | On_Demand | Stopped] -- C:\Windows\System32\DRIVERS\nwlnkfwd.sys -- (NwlnkFwd)
DRV - File not found [Kernel | On_Demand | Stopped] -- C:\Windows\System32\DRIVERS\nwlnkflt.sys -- (NwlnkFlt)
DRV - File not found [Kernel | On_Demand | Stopped] -- C:\Windows\System32\DRIVERS\ipinip.sys -- (IpInIp)
DRV - File not found [Kernel | On_Demand | Stopped] -- C:\Users\Bella\AppData\Local\Temp\catchme.sys -- (catchme)
DRV - File not found [Kernel | Disabled | Stopped] -- C:\Windows\System32\drivers\blbdrive.sys -- (blbdrive)
DRV - [2010/09/23 00:21:24 | 000,039,272 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\fssfltr.sys -- (fssfltr)
DRV - [2010/09/08 01:52:25 | 000,046,672 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\Windows\System32\drivers\aswTdi.sys -- (aswTdi)
DRV - [2010/09/08 01:52:03 | 000,165,584 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\Windows\System32\drivers\aswSP.sys -- (aswSP)
DRV - [2010/09/08 01:47:46 | 000,023,376 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\Windows\System32\drivers\aswRdr.sys -- (aswRdr)
DRV - [2010/09/08 01:47:30 | 000,050,768 | ---- | M] (AVAST Software) [File_System | Auto | Running] -- C:\Windows\System32\drivers\aswMonFlt.sys -- (aswMonFlt)
DRV - [2010/09/08 01:47:07 | 000,017,744 | ---- | M] (AVAST Software) [File_System | Auto | Running] -- C:\Windows\System32\drivers\aswFsBlk.sys -- (aswFsBlk)
DRV - [2008/03/17 11:05:30 | 000,101,632 | ---- | M] (Huawei Technologies Co., Ltd.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\ewusbmdm.sys -- (hwdatacard)
DRV - [2007/12/05 10:28:52 | 002,027,032 | ---- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\RTKVHDA.sys -- (IntcAzAudAddService) Service for Realtek HD Audio (WDM)
DRV - [2007/11/21 11:17:34 | 000,327,168 | ---- | M] (Ralink Technology, Corp.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\netr28.sys -- (netr28)
DRV - [2007/11/09 22:30:22 | 000,057,856 | ---- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\RTSTOR.sys -- (RTSTOR)
DRV - [2007/10/23 23:03:00 | 007,629,664 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\nvlddmkm.sys -- (nvlddmkm)
DRV - [2007/09/29 23:03:12 | 000,308,248 | ---- | M] (Intel Corporation) [Kernel | Boot | Running] -- C:\Windows\system32\drivers\iastor.sys -- (iaStor)
DRV - [2007/07/31 11:58:18 | 000,908,896 | ---- | M] (NXP Semiconductors Germany GmbH) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\PhilCap.sys -- (PhilCap)
DRV - [2007/06/26 13:44:22 | 000,131,584 | ---- | M] (Genesys Logic, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\USBGENE.sys -- (DCamUSBGene)
DRV - [2007/06/11 14:25:28 | 000,041,856 | ---- | M] (TOSHIBA CORPORATION) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\tosrfusb.sys -- (tosrfusb)
DRV - [2007/04/24 13:20:06 | 000,113,920 | ---- | M] (TOSHIBA CORPORATION) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\tosrfbd.sys -- (tosrfbd)
DRV - [2007/03/05 21:28:00 | 000,076,288 | ---- | M] (Realtek Corporation ) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\Rtlh86.sys -- (RTL8169)
DRV - [2007/03/01 16:53:10 | 000,073,728 | ---- | M] (TOSHIBA Corporation.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\Tosrfhid.sys -- (Tosrfhid)
DRV - [2007/01/22 10:43:26 | 000,053,376 | ---- | M] (TOSHIBA Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\TosRfSnd.sys -- (TosRfSnd)
DRV - [2007/01/05 17:42:54 | 000,181,304 | ---- | M] (Synaptics, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\SynTP.sys -- (SynTP)
DRV - [2006/11/28 15:11:00 | 001,161,888 | ---- | M] (Agere Systems) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\AGRSM.sys -- (AgereSoftModem)
DRV - [2006/11/10 15:05:00 | 000,018,688 | ---- | M] (Arcsoft, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\afc.sys -- (Afc)
DRV - [2006/11/02 20:51:45 | 000,900,712 | ---- | M] (QLogic Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\ql2300.sys -- (ql2300)
DRV - [2006/11/02 20:51:38 | 000,420,968 | ---- | M] (Adaptec, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\adp94xx.sys -- (adp94xx)
DRV - [2006/11/02 20:51:34 | 000,316,520 | ---- | M] (Emulex) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\elxstor.sys -- (elxstor)
DRV - [2006/11/02 20:51:32 | 000,297,576 | ---- | M] (Adaptec, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\adpahci.sys -- (adpahci)
DRV - [2006/11/02 20:51:25 | 000,235,112 | ---- | M] (ULi Electronics Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\uliahci.sys -- (uliahci)
DRV - [2006/11/02 20:51:25 | 000,232,040 | ---- | M] (Intel Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\iastorv.sys -- (iaStorV)
DRV - [2006/11/02 20:51:00 | 000,147,048 | ---- | M] (Adaptec, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\adpu320.sys -- (adpu320)
DRV - [2006/11/02 20:50:45 | 000,115,816 | ---- | M] (Promise Technology, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\ulsata2.sys -- (ulsata2)
DRV - [2006/11/02 20:50:41 | 000,112,232 | ---- | M] (VIA Technologies Inc.,Ltd) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\vsmraid.sys -- (vsmraid)
DRV - [2006/11/02 20:50:35 | 000,106,088 | ---- | M] (QLogic Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\ql40xx.sys -- (ql40xx)
DRV - [2006/11/02 20:50:35 | 000,098,408 | ---- | M] (Promise Technology, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\ulsata.sys -- (UlSata)
DRV - [2006/11/02 20:50:35 | 000,098,408 | ---- | M] (Adaptec, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\adpu160m.sys -- (adpu160m)
DRV - [2006/11/02 20:50:24 | 000,088,680 | ---- | M] (NVIDIA Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\nvraid.sys -- (nvraid)
DRV - [2006/11/02 20:50:19 | 000,045,160 | ---- | M] (IBM Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\nfrd960.sys -- (nfrd960)
DRV - [2006/11/02 20:50:17 | 000,041,576 | ---- | M] (Intel Corp./ICP vortex GmbH) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\iirsp.sys -- (iirsp)
DRV - [2006/11/02 20:50:16 | 000,071,784 | ---- | M] (Silicon Integrated Systems) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\sisraid4.sys -- (SiSRaid4)
DRV - [2006/11/02 20:50:13 | 000,040,040 | ---- | M] (NVIDIA Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\nvstor.sys -- (nvstor)
DRV - [2006/11/02 20:50:11 | 000,071,272 | ---- | M] (Adaptec, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\djsvs.sys -- (aic78xx)
DRV - [2006/11/02 20:50:10 | 000,067,688 | ---- | M] (Adaptec, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\arcsas.sys -- (arcsas)
DRV - [2006/11/02 20:50:10 | 000,065,640 | ---- | M] (LSI Logic) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\lsi_scsi.sys -- (LSI_SCSI)
DRV - [2006/11/02 20:50:10 | 000,038,504 | ---- | M] (Silicon Integrated Systems Corp.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\sisraid2.sys -- (SiSRaid2)
DRV - [2006/11/02 20:50:10 | 000,037,480 | ---- | M] (Hewlett-Packard Company) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\hpcisss.sys -- (HpCISSs)
DRV - [2006/11/02 20:50:09 | 000,067,688 | ---- | M] (Adaptec, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\arc.sys -- (arc)
DRV - [2006/11/02 20:50:09 | 000,035,944 | ---- | M] (Integrated Technology Express, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\iteraid.sys -- (iteraid)
DRV - [2006/11/02 20:50:07 | 000,035,944 | ---- | M] (Integrated Technology Express, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\iteatapi.sys -- (iteatapi)
DRV - [2006/11/02 20:50:05 | 000,065,640 | ---- | M] (LSI Logic) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\lsi_sas.sys -- (LSI_SAS)
DRV - [2006/11/02 20:50:05 | 000,035,944 | ---- | M] (LSI Logic) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\symc8xx.sys -- (Symc8xx)
DRV - [2006/11/02 20:50:04 | 000,065,640 | ---- | M] (LSI Logic) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\lsi_fc.sys -- (LSI_FC)
DRV - [2006/11/02 20:50:03 | 000,034,920 | ---- | M] (LSI Logic) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\sym_u3.sys -- (Sym_u3)
DRV - [2006/11/02 20:49:59 | 000,033,384 | ---- | M] (LSI Logic Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\mraid35x.sys -- (Mraid35x)
DRV - [2006/11/02 20:49:56 | 000,031,848 | ---- | M] (LSI Logic) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\sym_hi.sys -- (Sym_hi)
DRV - [2006/11/02 20:49:53 | 000,028,776 | ---- | M] (LSI Logic Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\megasas.sys -- (megasas)
DRV - [2006/11/02 20:49:30 | 000,017,512 | ---- | M] (VIA Technologies, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\viaide.sys -- (viaide)
DRV - [2006/11/02 20:49:28 | 000,016,488 | ---- | M] (CMD Technology, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\cmdide.sys -- (cmdide)
DRV - [2006/11/02 20:49:20 | 000,014,952 | ---- | M] (Acer Laboratories Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\aliide.sys -- (aliide)
DRV - [2006/11/02 19:25:24 | 000,071,808 | ---- | M] (Brother Industries Ltd.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\brserid.sys -- (Brserid) Brother MFC Serial Port Interface Driver (WDM)
DRV - [2006/11/02 19:24:47 | 000,011,904 | ---- | M] (Brother Industries Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\drivers\brusbser.sys -- (BrUsbSer)
DRV - [2006/11/02 19:24:46 | 000,005,248 | ---- | M] (Brother Industries, Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\drivers\brfiltup.sys -- (BrFiltUp)
DRV - [2006/11/02 19:24:45 | 000,013,568 | ---- | M] (Brother Industries, Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\drivers\brfiltlo.sys -- (BrFiltLo)
DRV - [2006/11/02 19:24:44 | 000,062,336 | ---- | M] (Brother Industries Ltd.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\brserwdm.sys -- (BrSerWdm)
DRV - [2006/11/02 19:24:44 | 000,012,160 | ---- | M] (Brother Industries Ltd.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\brusbmdm.sys -- (BrUsbMdm)
DRV - [2006/11/02 18:36:50 | 000,020,608 | ---- | M] (N-trig Innovative Technologies) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\ntrigdigi.sys -- (ntrigdigi)
DRV - [2006/11/02 18:36:43 | 002,028,032 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\atikmdag.sys -- (R300)
DRV - [2006/11/02 18:30:54 | 000,117,760 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\E1G60I32.sys -- (E1G60) Intel®
DRV - [2005/01/06 13:42:00 | 000,018,612 | ---- | M] (TOSHIBA Corporation.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\tosrfnds.sys -- (tosrfnds)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========



IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0



IE - HKU\S-1-5-21-3285734972-3574571405-3825002702-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://aldi.com.au/
IE - HKU\S-1-5-21-3285734972-3574571405-3825002702-1000\SOFTWARE\Microsoft\Internet Explorer\Main,StartPageCache = 1
IE - HKU\S-1-5-21-3285734972-3574571405-3825002702-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0



O1 HOSTS File: ([2010/11/17 05:20:12 | 000,000,027 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O2 - BHO: (Search Helper) - {6EBF7485-159F-4bff-A14F-B9E3AAC4465B} - C:\Program Files\Microsoft\Search Enhancement Pack\Search Helper\SEPsearchhelperie.dll (Microsoft Corporation)
O2 - BHO: (SSVHelper Class) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll (Sun Microsystems, Inc.)
O2 - BHO: (Google Toolbar Helper) - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
O2 - BHO: (Google Toolbar Notifier BHO) - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.6.5805.1910\swg.dll (Google Inc.)
O2 - BHO: (HP Smart BHO Class) - {FFFFFFFF-CF4E-4F2B-BDC2-0E72E116A856} - C:\Program Files\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll (Hewlett-Packard Co.)
O3 - HKLM\..\Toolbar: (Google Toolbar) - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
O3 - HKU\S-1-5-21-3285734972-3574571405-3825002702-1000\..\Toolbar\WebBrowser: (no name) - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - No CLSID value found.
O3 - HKU\S-1-5-21-3285734972-3574571405-3825002702-1000\..\Toolbar\WebBrowser: (Google Toolbar) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
O4 - HKLM..\Run: [AppleSyncNotifier] C:\Program Files\Common Files\Apple\Mobile Device Support\AppleSyncNotifier.exe (Apple Inc.)
O4 - HKLM..\Run: [avast5] C:\Program Files\Alwil Software\Avast5\AvastUI.exe (AVAST Software)
O4 - HKLM..\Run: [NvCplDaemon] C:\Windows\System32\NvCpl.DLL (NVIDIA Corporation)
O4 - HKLM..\Run: [NvMediaCenter] C:\Windows\System32\NvMcTray.DLL (NVIDIA Corporation)
O4 - HKLM..\Run: [NvSvc] C:\Windows\System32\nvsvc.DLL (NVIDIA Corporation)
O4 - HKLM..\Run: [RtHDVCpl] C:\Windows\RtHDVCpl.exe (Realtek Semiconductor)
O4 - HKLM..\Run: [Skytel] C:\Windows\SkyTel.exe (Realtek Semiconductor Corp.)
O4 - HKU\S-1-5-21-3285734972-3574571405-3825002702-1000..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe (Google Inc.)
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O7 - HKU\.DEFAULT\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-18\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-19\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-20\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-21-3285734972-3574571405-3825002702-1000\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-21-3285734972-3574571405-3825002702-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O8 - Extra context menu item: Google Sidewiki... - C:\Program Files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_950DF09FAB501E03.dll (Google Inc.)
O9 - Extra 'Tools' menuitem : Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll (Sun Microsystems, Inc.)
O9 - Extra Button: @C:\Program Files\Windows Live\Writer\WindowsLiveWriterShortcuts.dll,-1004 - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : @C:\Program Files\Windows Live\Writer\WindowsLiveWriterShortcuts.dll,-1003 - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll (Microsoft Corporation)
O9 - Extra Button: HP Smart Select - {DDE87865-83C5-48c4-8357-2F5B1AA84522} - C:\Program Files\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll (Hewlett-Packard Co.)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000008 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O15 - HKU\S-1-5-21-3285734972-3574571405-3825002702-1000\..Trusted Domains: gothic.org.au ([www] https in Trusted sites)
O15 - HKU\S-1-5-21-3285734972-3574571405-3825002702-1000\..Trusted Ranges: GD ([http] in Local intranet)
O16 - DPF: {166B1BCA-3F9C-11CF-8075-444553540000} http://fpdownload.macromedia.com/get/shockwave/cabs/director/sw.cab (Reg Error: Key error.)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_03-windows-i586.cab (Java Plug-in 1.6.0_03)
O16 - DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} http://fpdownload.macromedia.com/get/flashplayer/current/ultrashim.cab (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-0016-0000-0003-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_03-windows-i586.cab (Java Plug-in 1.6.0_03)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_03-windows-i586.cab (Java Plug-in 1.6.0_03)
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab (Reg Error: Key error.)
O18 - Protocol\Handler\wlmailhtml {03C514A3-1EFB-4856-9F99-10D7BE1653C0} - C:\Program Files\Windows Live\Mail\mailcomm.dll (Microsoft Corporation)
O18 - Protocol\Handler\wlpg {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O24 - Desktop WallPaper: C:\Users\Bella\Pictures\You get what anyone gets.jpg
O24 - Desktop BackupWallPaper: C:\Users\Bella\Pictures\You get what anyone gets.jpg
O28 - HKLM ShellExecuteHooks: {AEB6717E-7E19-11d0-97EE-00C04FD91972} - Reg Error: Key error. File not found
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2006/09/19 08:43:36 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O32 - AutoRun File - [2008/04/24 08:44:40 | 000,114,688 | R--- | M] (Huawei Technologies Co., Ltd.) - G:\AutoRun.exe -- [ CDFS ]
O32 - AutoRun File - [2008/06/20 02:53:14 | 000,000,056 | R--- | M] () - G:\AUTORUN.INF -- [ CDFS ]
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = ComFile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

========== Files/Folders - Created Within 30 Days ==========

[2010/11/19 01:17:37 | 000,575,488 | ---- | C] (OldTimer Tools) -- C:\Users\Bella\Desktop\OTL.exe
[2010/11/19 00:57:15 | 000,000,000 | ---D | C] -- C:\ProgramData\Fighters
[2010/11/19 00:56:33 | 000,000,000 | ---D | C] -- C:\Users\Bella\Desktop\Languages
[2010/11/19 00:50:07 | 001,202,792 | ---- | C] (SPAMfighter ApS) -- C:\Users\Bella\Desktop\slow-pcfighter_Web.exe
[2010/11/19 00:24:52 | 000,000,000 | ---D | C] -- C:\Users\Bella\Desktop\tdsskiller
[2010/11/17 05:22:47 | 000,000,000 | -HSD | C] -- C:\$RECYCLE.BIN
[2010/11/17 05:22:44 | 000,000,000 | ---D | C] -- C:\Users\Bella\AppData\Local\temp
[2010/11/17 05:10:36 | 000,161,792 | ---- | C] (SteelWerX) -- C:\Windows\SWREG.exe
[2010/11/17 05:10:36 | 000,136,704 | ---- | C] (SteelWerX) -- C:\Windows\SWSC.exe
[2010/11/17 05:10:36 | 000,031,232 | ---- | C] (NirSoft) -- C:\Windows\NIRCMD.exe
[2010/11/17 05:10:27 | 000,000,000 | ---D | C] -- C:\Windows\ERDNT
[2010/11/17 05:10:25 | 000,000,000 | ---D | C] -- C:\ComboFix
[2010/11/17 05:10:18 | 000,000,000 | ---D | C] -- C:\Qoobox
[2010/11/17 05:10:01 | 000,212,480 | ---- | C] (SteelWerX) -- C:\Windows\SWXCACLS.exe
[2010/11/17 02:55:46 | 000,000,000 | ---D | C] -- C:\Users\Bella\AppData\Roaming\Malwarebytes
[2010/11/17 02:55:38 | 000,038,224 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbamswissarmy.sys
[2010/11/17 02:55:37 | 000,020,952 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbam.sys
[2010/11/17 02:55:37 | 000,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware
[2010/11/17 02:55:37 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes
[2010/11/17 02:52:44 | 006,153,376 | ---- | C] (Malwarebytes Corporation ) -- C:\Users\Bella\Desktop\mbam-setup.exe
[2010/11/08 06:57:44 | 000,000,000 | ---D | C] -- C:\Users\Bella\Desktop\gmer
[2010/11/05 22:28:55 | 000,000,000 | ---D | C] -- C:\Windows\en
[2010/11/05 22:28:36 | 000,039,272 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\drivers\fssfltr.sys
[2010/11/05 22:24:32 | 000,515,416 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\XAudio2_5.dll
[2010/11/05 22:24:32 | 000,453,456 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\d3dx10_42.dll
[2010/11/05 22:24:32 | 000,069,464 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\XAPOFX1_3.dll
[2010/11/05 22:21:22 | 000,000,000 | ---D | C] -- C:\Users\Bella\AppData\Local\Windows Live
[2010/11/05 22:20:18 | 000,754,688 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\webservices.dll
[2010/11/05 04:15:19 | 000,000,000 | ---D | C] -- C:\Users\Bella\Documents\bluescreenview[1]
[2010/10/29 22:14:05 | 001,696,256 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\gameux.dll
[2010/10/29 22:14:04 | 000,028,672 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\Apphlpdm.dll
[2010/10/29 22:14:03 | 004,240,384 | ---- | C] (Microsoft) -- C:\Windows\System32\GameUXLegacyGDFs.dll
[3 C:\Users\Bella\Desktop\*.tmp files -> C:\Users\Bella\Desktop\*.tmp -> ]
[1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2010/11/19 01:20:29 | 000,000,418 | -H-- | M] () -- C:\Windows\tasks\User_Feed_Synchronization-{CFB69A24-03E7-4351-90DC-03758A90E2C5}.job
[2010/11/19 01:17:43 | 000,575,488 | ---- | M] (OldTimer Tools) -- C:\Users\Bella\Desktop\OTL.exe
[2010/11/19 01:09:12 | 000,080,384 | ---- | M] () -- C:\Users\Bella\Desktop\MBRCheck.exe
[2010/11/19 00:57:24 | 000,000,284 | ---- | M] () -- C:\Windows\tasks\SLOW-PCfighter-Bella-Startup.job
[2010/11/19 00:57:08 | 000,000,325 | ---- | M] () -- C:\Users\Bella\Desktop\CommonToolkitSuite.cts
[2010/11/19 00:57:02 | 000,001,444 | ---- | M] () -- C:\Users\Public\Desktop\SLOW-PCfighter.lnk
[2010/11/19 00:50:16 | 001,202,792 | ---- | M] (SPAMfighter ApS) -- C:\Users\Bella\Desktop\slow-pcfighter_Web.exe
[2010/11/19 00:49:11 | 000,609,214 | ---- | M] () -- C:\Windows\System32\perfh009.dat
[2010/11/19 00:49:11 | 000,112,298 | ---- | M] () -- C:\Windows\System32\perfc009.dat
[2010/11/19 00:45:22 | 000,000,868 | ---- | M] () -- C:\Windows\tasks\Google Software Updater.job
[2010/11/19 00:41:38 | 000,027,839 | ---- | M] () -- C:\Users\Bella\AppData\Roaming\nvModes.001
[2010/11/19 00:41:36 | 000,003,568 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
[2010/11/19 00:41:36 | 000,000,882 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2010/11/19 00:41:35 | 000,003,568 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
[2010/11/19 00:41:23 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2010/11/19 00:41:17 | 3219,578,880 | -HS- | M] () -- C:\hiberfil.sys
[2010/11/19 00:25:02 | 000,000,886 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2010/11/19 00:24:23 | 001,224,671 | ---- | M] () -- C:\Users\Bella\Desktop\tdsskiller.zip
[2010/11/17 08:50:19 | 000,002,231 | ---- | M] () -- C:\Users\Public\Desktop\iTunes.lnk
[2010/11/17 05:20:12 | 000,000,027 | ---- | M] () -- C:\Windows\System32\drivers\etc\hosts
[2010/11/17 03:06:10 | 003,910,178 | R--- | M] () -- C:\Users\Bella\Desktop\ComboFix.exe
[2010/11/17 02:55:41 | 000,000,822 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes' Anti-Malware.lnk
[2010/11/17 02:52:44 | 006,153,376 | ---- | M] (Malwarebytes Corporation ) -- C:\Users\Bella\Desktop\mbam-setup.exe
[2010/11/08 06:56:38 | 000,287,041 | ---- | M] () -- C:\Users\Bella\Desktop\gmer.zip
[2010/11/08 06:30:20 | 000,630,272 | ---- | M] () -- C:\Users\Bella\Desktop\dds.scr
[2010/11/08 06:29:16 | 000,630,272 | ---- | M] () -- C:\Users\Bella\dds.scr
[2010/11/08 06:25:49 | 000,000,000 | ---- | M] () -- C:\Users\Bella\defogger_reenable
[2010/11/08 01:20:24 | 000,089,088 | ---- | M] () -- C:\Windows\MBR.exe
[2010/11/06 23:48:05 | 000,334,664 | ---- | M] () -- C:\Windows\System32\FNTCACHE.DAT
[2010/11/05 04:26:13 | 000,001,975 | ---- | M] () -- C:\Users\Public\Desktop\Google Chrome.lnk
[2010/11/05 03:21:58 | 341,212,316 | ---- | M] () -- C:\Windows\MEMORY.DMP
[3 C:\Users\Bella\Desktop\*.tmp files -> C:\Users\Bella\Desktop\*.tmp -> ]
[1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]

========== Files Created - No Company Name ==========

[2010/11/19 01:09:12 | 000,080,384 | ---- | C] () -- C:\Users\Bella\Desktop\MBRCheck.exe
[2010/11/19 00:57:24 | 000,000,284 | ---- | C] () -- C:\Windows\tasks\SLOW-PCfighter-Bella-Startup.job
[2010/11/19 00:57:02 | 000,001,444 | ---- | C] () -- C:\Users\Public\Desktop\SLOW-PCfighter.lnk
[2010/11/19 00:24:23 | 001,224,671 | ---- | C] () -- C:\Users\Bella\Desktop\tdsskiller.zip
[2010/11/17 05:10:36 | 000,256,512 | ---- | C] () -- C:\Windows\PEV.exe
[2010/11/17 05:10:36 | 000,098,816 | ---- | C] () -- C:\Windows\sed.exe
[2010/11/17 05:10:36 | 000,089,088 | ---- | C] () -- C:\Windows\MBR.exe
[2010/11/17 05:10:36 | 000,080,412 | ---- | C] () -- C:\Windows\grep.exe
[2010/11/17 05:10:36 | 000,068,096 | ---- | C] () -- C:\Windows\zip.exe
[2010/11/17 03:06:10 | 003,910,178 | R--- | C] () -- C:\Users\Bella\Desktop\ComboFix.exe
[2010/11/17 02:55:41 | 000,000,822 | ---- | C] () -- C:\Users\Public\Desktop\Malwarebytes' Anti-Malware.lnk
[2010/11/08 06:56:38 | 000,287,041 | ---- | C] () -- C:\Users\Bella\Desktop\gmer.zip
[2010/11/08 06:30:12 | 000,630,272 | ---- | C] () -- C:\Users\Bella\Desktop\dds.scr
[2010/11/08 06:29:08 | 000,630,272 | ---- | C] () -- C:\Users\Bella\dds.scr
[2010/11/08 06:25:49 | 000,000,000 | ---- | C] () -- C:\Users\Bella\defogger_reenable
[2010/04/10 02:32:06 | 000,117,248 | ---- | C] () -- C:\Windows\System32\EhStorAuthn.dll
[2010/03/04 02:48:22 | 000,767,952 | ---- | C] () -- C:\Windows\BDTSupport.dll.old
[2009/10/12 02:14:28 | 000,008,704 | ---- | C] () -- C:\Users\Bella\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2009/10/08 16:15:41 | 000,515,328 | ---- | C] () -- C:\Windows\System32\drivers\USBGENE1.sys
[2009/10/08 16:15:41 | 000,232,704 | ---- | C] () -- C:\Windows\System32\drivers\USBGENE0.sys
[2009/10/08 16:15:02 | 000,009,824 | ---- | C] () -- C:\Windows\System32\716xCoInstaller.dll
[2009/10/08 16:15:01 | 001,060,424 | ---- | C] () -- C:\Windows\System32\WdfCoInstaller01000.dll
[2009/10/07 23:41:54 | 000,000,680 | ---- | C] () -- C:\Users\Bella\AppData\Local\d3d9caps.dat
[2009/09/05 21:07:01 | 000,027,839 | ---- | C] () -- C:\Users\Bella\AppData\Roaming\nvModes.001
[2009/09/04 22:21:05 | 000,027,839 | ---- | C] () -- C:\Users\Bella\AppData\Roaming\nvModes.dat
[2009/08/03 15:07:42 | 000,403,816 | ---- | C] () -- C:\Windows\System32\OGACheckControl.dll
[2009/01/08 22:40:58 | 000,000,052 | ---- | C] () -- C:\Users\Bella\AppData\Roaming\Default.PLS
[2008/07/17 23:04:25 | 000,031,007 | ---- | C] () -- C:\Users\Bella\AppData\Roaming\UserTile.png
[2008/05/09 02:22:02 | 000,000,190 | ---- | C] () -- C:\Windows\FASTYPE.INI
[2008/03/22 03:27:02 | 000,000,096 | ---- | C] () -- C:\Users\Bella\AppData\Roaming\wklnhst.dat
[2008/01/14 18:27:41 | 000,000,000 | ---- | C] () -- C:\Windows\tosOBEX.INI
[2008/01/14 15:13:03 | 000,001,500 | ---- | C] () -- C:\Windows\RtDefLvl.ini
[2006/12/05 13:05:04 | 000,114,688 | ---- | C] () -- C:\Windows\System32\TosBtAcc.dll
[2006/11/02 23:35:32 | 000,005,632 | ---- | C] () -- C:\Windows\System32\sysprepMCE.dll
[2006/11/02 21:25:44 | 000,159,744 | ---- | C] () -- C:\Windows\System32\atitmmxx.dll
[2006/11/02 18:40:29 | 000,013,750 | ---- | C] () -- C:\Windows\System32\pacerprf.ini
[2005/07/22 21:30:18 | 000,065,536 | ---- | C] () -- C:\Windows\System32\TosCommAPI.dll

========== Alternate Data Streams ==========

@Alternate Data Stream - 121 bytes -> C:\ProgramData\TEMP:DFC5A2B2
@Alternate Data Stream - 121 bytes -> C:\ProgramData\TEMP:A8ADE5D8
@Alternate Data Stream - 105 bytes -> C:\ProgramData\TEMP:430C6D84

< End of report >






Extra log



OTL Extras logfile created on: 19/11/2010 1:18:54 AM - Run 1
OTL by OldTimer - Version 3.2.17.3 Folder = C:\Users\Bella\Desktop
Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18975)
Locale: 00000C09 | Country: Australia | Language: ENA | Date Format: d/MM/yyyy

3.00 Gb Total Physical Memory | 2.00 Gb Available Physical Memory | 58.00% Memory free
6.00 Gb Paging File | 5.00 Gb Available in Paging File | 80.00% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 212.88 Gb Total Space | 141.20 Gb Free Space | 66.33% Space Free | Partition Type: NTFS
Drive D: | 20.00 Gb Total Space | 0.02 Gb Free Space | 0.08% Space Free | Partition Type: FAT32
Drive E: | 1.82 Gb Total Space | 1.81 Gb Free Space | 99.69% Space Free | Partition Type: FAT
Drive G: | 11.74 Mb Total Space | 0.00 Mb Free Space | 0.00% Space Free | Partition Type: CDFS
Drive I: | 298.02 Gb Total Space | 288.20 Gb Free Space | 96.71% Space Free | Partition Type: FAT32

Computer Name: BELLA-PC | User Name: Bella | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Extra Registry (SafeList) ==========


========== File Associations ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.hlp [@ = hlpfile] -- C:\Windows\winhlp32.exe (Microsoft Corporation)

========== Shell Spawning ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
hlpfile [open] -- %SystemRoot%\winhlp32.exe %1 (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l (Microsoft Corporation)
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe /separate,/idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /separate,/e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

========== Security Center Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1
"FirewallDisableNotify" = 0
"AntiVirusDisableNotify" = 0
"UpdatesDisableNotify" = 0

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
"VistaSp1" = Reg Error: Unknown registry data type -- File not found
"VistaSp2" = Reg Error: Unknown registry data type -- File not found

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]

========== System Restore Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]
"DisableSR" = 0

========== Firewall Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile]

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\StandardProfile]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1

========== Authorized Applications List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]


========== Vista Active Open Ports Exception List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{1CE95E96-A14D-4CCA-B55C-6860858F04F0}" = lport=2869 | protocol=6 | dir=in | app=system |
"{5F3E4224-6291-4B47-A18B-2E461906509B}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=svchost.exe |
"{F120C931-133E-485C-A65F-D1D4DFA38F16}" = lport=1900 | protocol=17 | dir=in | name=windows live communications platform (ssdp) |
"{FD213E2E-5027-4A9B-A004-C2A4346C1AAC}" = lport=2869 | protocol=6 | dir=in | name=windows live communications platform (upnp) |

========== Vista Active Application Exception List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{12FCCFA2-A5F7-4472-A49F-A6F4739816F1}" = protocol=6 | dir=in | app=c:\users\bella\appdata\local\temp\7zs6853.tmp\symnrt.exe |
"{18596CBC-8A60-4C12-8DF4-12488030B582}" = dir=in | app=c:\program files\homecinema\powerdirector\pdr.exe |
"{34F58268-78D3-407D-B6F7-99A0565E0758}" = dir=in | app=c:\program files\windows live\sync\windowslivesync.exe |
"{378F8F24-DB8E-4D2B-AA05-B9F675E375D4}" = protocol=6 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe |
"{399490CF-98C7-4A12-B331-149D51791988}" = protocol=6 | dir=in | app=c:\program files\microsoft office\office12\onenote.exe |
"{4AFF1BC5-FD29-4059-B70D-625C5F84B22A}" = dir=in | app=c:\program files\windows live\contacts\wlcomm.exe |
"{50C8DC9D-0BA1-4D4F-8E80-3D5C5A81961A}" = protocol=17 | dir=in | app=c:\program files\microsoft office\office12\onenote.exe |
"{53C4AC3F-23B0-4EED-9003-0446CB1F050E}" = protocol=17 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe |
"{7380DCFD-6194-406E-98EA-415FD4BE8650}" = protocol=17 | dir=in | app=c:\program files\arcsoft\totalmedia 3\totalmedia.exe |
"{80F44A08-4857-4CCB-BF57-4D7C2E329E5A}" = protocol=17 | dir=in | app=c:\program files\ivt corporation\bluesoleil\bluesoleil.exe |
"{87E380C0-7DCA-4B05-B680-D0B1258908EE}" = dir=in | app=c:\program files\homecinema\makedisc\makedisc.exe |
"{A2B3AADA-84D7-41C2-A07E-84DF4703054E}" = dir=in | app=c:\program files\itunes\itunes.exe |
"{A777A6EB-7F08-4781-AE26-ACDE905C4844}" = protocol=6 | dir=in | app=c:\program files\arcsoft\totalmedia 3\totalmedia.exe |
"{C5F53E28-3589-4B94-B0DB-F11BCAE0BCFE}" = dir=in | app=c:\program files\windows live\messenger\msnmsgr.exe |
"{E01F04AA-2064-4A3B-8954-26035B8E588C}" = protocol=6 | dir=in | app=c:\program files\ivt corporation\bluesoleil\bluesoleil.exe |
"{EBEA63F5-AC14-41FE-9B57-C08C764497BF}" = protocol=17 | dir=in | app=c:\users\bella\appdata\local\temp\7zs6853.tmp\symnrt.exe |
"{EE0A239D-8121-42D1-9713-3049589115EB}" = dir=in | app=c:\program files\homecinema\powerdvd\powerdvd.exe |

========== HKEY_LOCAL_MACHINE Uninstall List ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{002D9D5E-29BA-3E6D-9BC4-3D7D6DBC735C}" = Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148
"{01FB4998-33C4-4431-85ED-079E3EEFE75D}" = YouCam
"{0289B35E-DC07-4c7a-9710-BBD686EA4B7D}" = Status
"{0B0F231F-CE6A-483D-AA23-77B364F75917}" = Windows Live Installer
"{0F7C2E47-089E-4d23-B9F7-39BE00100776}" = Toolbox
"{11AFE21E-B193-430D-B57A-DFF7815BB962}" = Ulead PhotoImpact 12
"{15BC8CD0-A65B-47D0-A2DD-90A824590FA8}" = Microsoft Works
"{18455581-E099-4BA8-BC6B-F34B2F06600C}" = Google Toolbar for Internet Explorer
"{18669FF9-C8FE-407a-9F70-E674896B1DB4}" = GPBaseService
"{19BA08F7-C728-469C-8A35-BFBD3633BE08}" = Windows Live Movie Maker
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{1F6AB0E7-8CDD-4B93-8A23-AA9EB2FEFCE4}" = Junk Mail filter update
"{1FF7DC11-FD66-4FF3-A6C0-6DF8D5FA829C}" = ArcSoft TotalMedia 3
"{200FEC62-3C34-4D60-9CE8-EC372E01C08F}" = Windows Live SOXE Definitions
"{206FD69B-F9FE-4164-81BD-D52552BC9C23}" = GearDrvs
"{20ACB2F8-3BCA-45A8-80A2-9D3CB5C25F43}" = Safari
"{2318C2B1-4965-11d4-9B18-009027A5CD4F}" = Google Toolbar for Internet Explorer
"{294BF709-D758-4363-8D75-01479AD20927}" = Windows Live Family Safety
"{2CE5A2E7-3437-4CE7-BCF4-85ED6EEFF9E4}" = iTunes
"{3248F0A8-6813-11D6-A77B-00B0D0160030}" = Java™ 6 Update 3
"{3336F667-9049-4D46-98B6-4C743EEBC5B1}" = Windows Live Photo Gallery
"{34BFB099-07B2-4E95-A673-7362D60866A2}" = PSSWCORE
"{34F4D9A4-42C2-4348-BEF4-E553C84549E7}" = Windows Live Photo Gallery
"{3581a349-e9e0-474b-92c4-5d887eb9d5f4}" = DJ_SF_03_D2500_Software
"{36FDBE6E-6684-462b-AE98-9A39A1B200CC}" = HPProductAssistant
"{3921A67A-5AB1-4E48-9444-C71814CF3027}" = VCRedistSetup
"{3C3901C5-3455-3E0A-A214-0B093A5070A6}" = Microsoft .NET Framework 4 Client Profile
"{3FB39BED-37C8-4E60-8E02-315B8C2B07E3}" = Genesys PC Camera Device
"{40BF1E83-20EB-11D8-97C5-0009C5020658}" = CyberLink Power2Go
"{4a1789a1-33fd-427e-9027-dec4d7fe8fa5}" = D2500
"{4CBABDFD-49F8-47FD-BE7D-ECDE7270525A}" = Windows Live PIMT Platform
"{5109C064-813E-4e87-B0DE-C8AF7B5BC02B}" = SmartWebPrintingOC
"{51F96AEC-D902-4434-A0DC-B9692A21AE7C}" = MobileMe Control Panel
"{5680dfaf-b87b-455b-a0b1-0c77eb0b03ca}" = DJ_SF_03_D2500_Software_Min
"{56C049BE-79E9-4502-BEA7-9754A3E60F9B}" = neroxml
"{5BB977A4-E843-4E31-9859-745F442B1033}" = Nero 8 Essentials
"{5DD4FCBD-A3C1-4155-9E17-4161C70AAABA}" = Segoe UI
"{61AD15B2-50DB-4686-A739-14FE180D4429}" = Windows Live ID Sign-in Assistant
"{65DA2EC9-0642-47E9-AAE2-B5267AA14D75}" = Activation Assistant for the 2007 Microsoft Office suites
"{66E6CE0C-5A1E-430C-B40A-0C90FF1804A8}" = eSupportQFolder
"{6811CAA0-BF12-11D4-9EA1-0050BAE317E1}" = PowerDVD
"{682B3E4F-696A-42DE-A41C-4C07EA1678B4}" = Windows Live SOXE
"{687FEF8A-8597-40b4-832C-297EA3F35817}" = BufferChm
"{6956856F-B6B3-4BE0-BA0B-8F495BE32033}" = Apple Software Update
"{6A05FEDF-662E-46BF-8A25-010E3F1C9C69}" = Windows Live UX Platform Language Pack
"{6F5E2F4A-377D-4700-B0E3-8F7F7507EA15}" = CustomerResearchQFolder
"{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
"{80956555-A512-4190-9CAD-B000C36D6B6B}" = Windows Live Messenger
"{818ABC3C-635C-4651-8183-D0E9640B7DD1}" = HP Update
"{837b34e3-7c30-493c-8f6a-2b0f04e2912c}" = Microsoft Visual C++ 2005 Redistributable
"{846AC73B-9394-48B9-B941-8F7F472F0047}" = Bluesoleil2.6.0.9 Release 070606
"{84EBDF39-4B33-49D7-A0BD-EB6E2C4E81C1}" = Windows Live Sync
"{867F5501-F8EF-4542-9D68-310A238A15FF}" = SLOW-PCfighter
"{8833FFB6-5B0C-4764-81AA-06DFEED9A476}" = Realtek 8169 PCI, 8168 and 8101E PCIe Ethernet Network Card Driver for Windows Vista
"{89998BCF-F415-468a-8282-CB042765A26F}" = HP Deskjet D2500 Printer Driver Software 10.0 Rel .3
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8A85DEAD-7C1F-4368-881C-72AC74CB2E91}" = UnloadSupport
"{8DD46C6A-0056-4FEC-B70A-28BB16A1F11F}" = MSVCRT
"{8FC4F1DD-F7FD-4766-804D-3C8FF1D309AF}" = Ralink Wireless LAN
"{90120000-0016-0409-0000-0000000FF1CE}" = Microsoft Office Excel MUI (English) 2007
"{90120000-0016-0409-0000-0000000FF1CE}_HOMESTUDENTR_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0018-0409-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (English) 2007
"{90120000-0018-0409-0000-0000000FF1CE}_HOMESTUDENTR_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-001B-0409-0000-0000000FF1CE}" = Microsoft Office Word MUI (English) 2007
"{90120000-001B-0409-0000-0000000FF1CE}_HOMESTUDENTR_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007
"{90120000-001F-0409-0000-0000000FF1CE}_HOMESTUDENTR_{ABDDE972-355B-4AF1-89A8-DA50B7B5C045}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2007
"{90120000-001F-040C-0000-0000000FF1CE}_HOMESTUDENTR_{F580DDD5-8D37-4998-968E-EBB76BB86787}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-001F-0C0A-0000-0000000FF1CE}" = Microsoft Office Proof (Spanish) 2007
"{90120000-001F-0C0A-0000-0000000FF1CE}_HOMESTUDENTR_{187308AB-5FA7-4F14-9AB9-D290383A10D9}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-0020-0409-0000-0000000FF1CE}" = Compatibility Pack for the 2007 Office system
"{90120000-002C-0409-0000-0000000FF1CE}" = Microsoft Office Proofing (English) 2007
"{90120000-006E-0409-0000-0000000FF1CE}" = Microsoft Office Shared MUI (English) 2007
"{90120000-006E-0409-0000-0000000FF1CE}_HOMESTUDENTR_{DE5A002D-8122-4278-A7EE-3121E7EA254E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-00A1-0409-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (English) 2007
"{90120000-00A1-0409-0000-0000000FF1CE}_HOMESTUDENTR_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0115-0409-0000-0000000FF1CE}" = Microsoft Office Shared Setup Metadata MUI (English) 2007
"{90120000-0115-0409-0000-0000000FF1CE}_HOMESTUDENTR_{DE5A002D-8122-4278-A7EE-3121E7EA254E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{9068B2BE-D93A-4C0A-861C-5E35E2C0E09E}" = Intel® Matrix Storage Manager
"{91120000-002F-0000-0000-0000000FF1CE}" = Microsoft Office Home and Student 2007
"{91120000-002F-0000-0000-0000000FF1CE}_HOMESTUDENTR_{0B36C6D6-F5D8-4EAF-BF94-4376A230AD5B}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{91120000-002F-0000-0000-0000000FF1CE}_HOMESTUDENTR_{3D019598-7B59-447A-80AE-815B703B84FF}" = Security Update for Microsoft Office system 2007 (972581)
"{92EA4134-10D1-418A-91E1-5A0453131A38}" = Windows Live Movie Maker
"{95120000-00AF-0409-0000-0000000FF1CE}" = Microsoft Office PowerPoint Viewer 2007 (English)
"{95120000-00B9-0409-0000-0000000FF1CE}" = Microsoft Application Error Reporting
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{9C2D4047-0E40-499a-AC7A-C4B9BB12FE03}" = TrayApp
"{9D56775A-93F3-44A3-8092-840E3826DE30}" = Windows Live Mail
"{A5AB9D5E-52E2-440e-A3ED-9512E253C81A}" = SolutionCenter
"{A726AE06-AAA3-43D1-87E3-70F510314F04}" = Windows Live Writer
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{A9BDCA6B-3653-467B-AC83-94367DA3BFE3}" = Windows Live Photo Common
"{AAAFC670-569B-4A2F-82B4-42945E0DE3EF}" = Windows Live Writer
"{AAF454FC-82CA-4F29-AB31-6A109485E76E}" = Windows Live Writer
"{AB5D51AE-EBC3-438D-872C-705C7C2084B0}" = DeviceManagementQFolder
"{ac55e361-642f-46af-81f5-1c69fedb6706}" = DJ_SF_03_D2500_ProductContext
"{AC76BA86-7AD7-1033-7B44-A91000000001}" = Adobe Reader 9.1
"{AC76BA86-7AD7-5464-3428-900000000004}" = Spelling Dictionaries Support For Adobe Reader 9
"{AF844339-2F8A-4593-81B3-9F4C54038C4E}" = Windows Live MIME IFilter
"{B145EC69-66F5-11D8-9D75-000129760D75}" = MakeDisc
"{B2544A03-10D0-4E5E-BA69-0362FFC20D18}" = OGA Notifier 2.0.0048.0
"{B7A0CE06-068E-11D6-97FD-0050BACBF861}" = PowerProducer
"{B8DBED1E-8BC3-4d08-B94A-F9D7D88E9BBF}" = HPSSupply
"{BAD0FA60-09CF-4411-AE6A-C2844C8812FA}" = HP Photosmart Essential 2.5
"{C66824E4-CBB3-4851-BB3F-E8CFD6350923}" = Windows Live Mail
"{c6d55c99-0700-44f6-8c46-3a0a14ee3d4c}" = D2500_Help
"{CB099890-1D5F-11D5-9EA9-0050BAE317E1}" = PowerDirector
"{CB84F0F2-927B-458D-9DC5-87832E3DC653}" = GearDrvs
"{CCA1EEA3-555E-4D05-AC46-4B49C6C5D887}" = Apple Mobile Device Support
"{CCB9B81A-167F-4832-B305-D2A0430840B3}" = WebReg
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{CE95A79E-E4FC-4FFF-8A75-29F04B942FF2}" = Windows Live UX Platform
"{CEBB6BFB-D708-4F99-A633-BC2600E01EF6}" = Bluetooth Stack for Windows by Toshiba
"{CFF8B8E8-E086-4DE0-935F-FE22CAB54F80}" = Microsoft Search Enhancement Pack
"{D2E0F0CC-6BE0-490b-B08B-9267083E34C9}" = MarketResearch
"{D36DD326-7280-11D8-97C8-000129760CBE}" = PhotoNow!
"{D436F577-1695-4D2F-8B44-AC76C99E0002}" = Windows Live Photo Common
"{D45240D3-B6B3-4FF9-B243-54ECE3E10066}" = Windows Live Communications Platform
"{D5A9B7C0-8751-11D8-9D75-000129760D75}" = MediaShow
"{DAEAFD68-BB4A-4507-A241-C8804D2EA66D}" = Apple Application Support
"{DC24971E-1946-445D-8A82-CE685433FA7D}" = Realtek USB 2.0 Card Reader
"{DDC8BDEE-DCAC-404D-8257-3E8D4B782467}" = Windows Live Writer Resources
"{E08DC77E-D09A-4e36-8067-D6DBBCC5F8DC}" = VideoToolkit01
"{E09C4DB7-630C-4F06-A631-8EA7239923AF}" = D3DX10
"{E7004147-2CCA-431C-AA05-2AB166B9785D}" = QuickTime
"{EB4DF488-AAEF-406F-A341-CB2AAA315B90}" = Windows Live Messenger
"{EF1ADA5A-0B1A-4662-8C55-7475A61D8B65}" = DeviceDiscovery
"{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}" = Microsoft SQL Server 2005 Compact Edition [ENU]
"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
"{F1E63043-54FC-429B-AB2C-31AF9FBA4BC7}" = 32 Bit HP CIO Components Installer
"{F333A33D-125C-32A2-8DCE-5C5D14231E27}" = Visual C++ 2008 x86 Runtime - (v9.0.30729)
"{F333A33D-125C-32A2-8DCE-5C5D14231E27}.vc_x86runtime_30729_01" = Visual C++ 2008 x86 Runtime - v9.0.30729.01
"{F40BBEC7-C2A4-4A00-9B24-7A055A2C5262}" = Microsoft Office Live Add-in 1.5
"{F53D678E-238F-4A71-9742-08BB6774E9DC}" = Windows Live Family Safety
"{FE044230-9CA5-43F7-9B58-5AC5A28A1F33}" = Windows Live Essentials
"{FF1C31AE-0CDC-40CE-AB85-406F8B70D643}" = Bonjour
"{XXXXXXXX-XXXX-XXXX-XXXX-XXXXXXXXXXXX}" = CyberLink YouCam
"Activation Assistant for the 2007 Microsoft Office suites" = Activation Assistant for the 2007 Microsoft Office suites
"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX
"Agere Systems Soft Modem" = Agere Systems HDA Modem
"avast5" = avast! Free Antivirus
"CameraWindowDVC6" = Canon Camera Window DC_DV 6 for ZoomBrowser EX
"CameraWindowMC" = Canon Camera Window MC 6 for ZoomBrowser EX
"Canon G.726 WMP-Decoder" = Canon G.726 WMP-Decoder
"Google Chrome" = Google Chrome
"Google Desktop" = Google Desktop
"Google Updater" = Google Updater
"HOMESTUDENTR" = Microsoft Office Home and Student 2007
"HP Imaging Device Functions" = HP Imaging Device Functions 10.0
"HP Photosmart Essential" = HP Photosmart Essential 2.5
"HP Smart Web Printing" = HP Smart Web Printing
"HP Solution Center & Imaging Support Tools" = HP Solution Center 10.0
"HPExtendedCapabilities" = HP Customer Participation Program 10.0
"InstallShield_{01FB4998-33C4-4431-85ED-079E3EEFE75D}" = CyberLink YouCam
"InstallShield_{40BF1E83-20EB-11D8-97C5-0009C5020658}" = CyberLink Power2Go
"InstallShield_{CB099890-1D5F-11D5-9EA9-0050BAE317E1}" = PowerDirector
"Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"MovieEditTask" = Canon MovieEdit Task for ZoomBrowser EX
"NVIDIA Drivers" = NVIDIA Drivers
"PhotoStitch" = Canon Utilities PhotoStitch
"RAW Image Task" = Canon RAW Image Task for ZoomBrowser EX
"RemoteCaptureTask" = Canon RemoteCapture Task for ZoomBrowser EX
"Shop for HP Supplies" = Shop for HP Supplies
"SLOW-PCfighter" = SLOW-PCfighter
"SynTPDeinstKey" = Synaptics Pointing Device Driver
"VIRGIN BROADBAND" = VIRGIN BROADBAND
"WinLiveSuite" = Windows Live Essentials
"X10Hardware" = X10 Hardware™
"ZoomBrowser EX" = Canon Utilities ZoomBrowser EX

========== Last 10 Event Log Errors ==========

[ Application Events ]
Error - 11/11/2010 4:44:42 PM | Computer Name = Bella-PC | Source = Bonjour Service | ID = 100
Description = 396: ERROR: read_msg errno 10054 (An existing connection was forcibly
closed by the remote host.)

Error - 11/11/2010 4:44:42 PM | Computer Name = Bella-PC | Source = Bonjour Service | ID = 100
Description = 400: ERROR: read_msg errno 10054 (An existing connection was forcibly
closed by the remote host.)

Error - 13/11/2010 8:55:52 AM | Computer Name = Bella-PC | Source = Application Error | ID = 1000
Description = Faulting application iexplore.exe, version 8.0.6001.18975, time stamp
0x4c8710a6, faulting module Flash10c.ocx, version 10.0.32.18, time stamp 0x4a613d79,
exception code 0xc0000005, fault offset 0x001579a2, process id 0x8a0, application
start time 0x01cb832b1cfbf16b.

Error - 13/11/2010 8:59:34 AM | Computer Name = Bella-PC | Source = Application Hang | ID = 1002
Description = The program iexplore.exe version 8.0.6001.18975 stopped interacting
with Windows and was closed. To see if more information about the problem is available,
check the problem history in the Problem Reports and Solutions control panel. Process
ID: ca4 Start Time: 01cb832b1c6d1eeb Termination Time: 0

Error - 16/11/2010 7:15:59 AM | Computer Name = Bella-PC | Source = Application Error | ID = 1000
Description = Faulting application VIRGIN BROADBAND.exe, version 1.0.0.1, time stamp
0x4833a9b8, faulting module USER32.dll, version 6.0.6002.18005, time stamp 0x49e0380e,
exception code 0xc0000005, fault offset 0x0006529f, process id 0xcc4, application
start time 0x01cb857f63d07712.

Error - 16/11/2010 7:23:07 PM | Computer Name = Bella-PC | Source = Application Hang | ID = 1002
Description = The program iexplore.exe version 8.0.6001.18975 stopped interacting
with Windows and was closed. To see if more information about the problem is available,
check the problem history in the Problem Reports and Solutions control panel. Process
ID: 718 Start Time: 01cb85bef719e376 Termination Time: 12

Error - 17/11/2010 11:22:43 PM | Computer Name = Bella-PC | Source = Bonjour Service | ID = 100
Description = 388: ERROR: read_msg errno 10054 (An existing connection was forcibly
closed by the remote host.)

Error - 17/11/2010 11:22:43 PM | Computer Name = Bella-PC | Source = Bonjour Service | ID = 100
Description = 392: ERROR: read_msg errno 10054 (An existing connection was forcibly
closed by the remote host.)

Error - 17/11/2010 11:22:43 PM | Computer Name = Bella-PC | Source = Bonjour Service | ID = 100
Description = 400: ERROR: read_msg errno 10054 (An existing connection was forcibly
closed by the remote host.)

Error - 17/11/2010 11:22:43 PM | Computer Name = Bella-PC | Source = Bonjour Service | ID = 100
Description = 396: ERROR: read_msg errno 10054 (An existing connection was forcibly
closed by the remote host.)

[ OSession Events ]
Error - 20/02/2009 1:34:56 AM | Computer Name = Bella-PC | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 0, Application Name: Microsoft Office Word, Application Version:
12.0.6331.5000, Microsoft Office Version: 12.0.6215.1000. This session lasted 3086
seconds with 1140 seconds of active time. This session ended with a crash.

Error - 12/03/2009 1:59:37 PM | Computer Name = Bella-PC | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 0, Application Name: Microsoft Office Word, Application Version:
12.0.6331.5000, Microsoft Office Version: 12.0.6215.1000. This session lasted 308
seconds with 60 seconds of active time. This session ended with a crash.

Error - 20/06/2010 1:58:18 PM | Computer Name = Bella-PC | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 0, Application Name: Microsoft Office Word, Application Version:
12.0.6535.5000, Microsoft Office Version: 12.0.6425.1000. This session lasted 5401
seconds with 0 seconds of active time. This session ended with a crash.

[ System Events ]
Error - 16/11/2010 1:37:44 PM | Computer Name = Bella-PC | Source = Service Control Manager | ID = 7022
Description =

Error - 16/11/2010 2:07:28 PM | Computer Name = Bella-PC | Source = Service Control Manager | ID = 7000
Description =

Error - 16/11/2010 2:07:48 PM | Computer Name = Bella-PC | Source = Service Control Manager | ID = 7022
Description =

Error - 16/11/2010 2:12:27 PM | Computer Name = Bella-PC | Source = Service Control Manager | ID = 7030
Description =

Error - 16/11/2010 2:20:14 PM | Computer Name = Bella-PC | Source = Service Control Manager | ID = 7030
Description =

Error - 18/11/2010 9:11:21 AM | Computer Name = Bella-PC | Source = Service Control Manager | ID = 7000
Description =

Error - 18/11/2010 9:11:42 AM | Computer Name = Bella-PC | Source = Service Control Manager | ID = 7022
Description =

Error - 18/11/2010 9:42:47 AM | Computer Name = Bella-PC | Source = Service Control Manager | ID = 7000
Description =

Error - 18/11/2010 9:42:59 AM | Computer Name = Bella-PC | Source = DCOM | ID = 10010
Description =

Error - 18/11/2010 9:43:09 AM | Computer Name = Bella-PC | Source = Service Control Manager | ID = 7022
Description =


< End of report >

#6 pwgib

pwgib

  • Malware Response Team
  • 2,956 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:God's Country
  • Local time:05:48 PM

Posted 18 November 2010 - 05:47 PM

Hello HeadDesk,

Step 1.

We need to run an OTL Fix
  • Please reopen Posted Image on your desktop.
  • Copy and Paste the following code into the Posted Image textbox.

    :OTL
    O3 - HKU\S-1-5-21-3285734972-3574571405-3825002702-1000\..\Toolbar\WebBrowser: (no name) - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - No CLSID value found.
    O15 - HKU\S-1-5-21-3285734972-3574571405-3825002702-1000\..Trusted Domains: gothic.org.au ([www] https in Trusted sites)
    O15 - HKU\S-1-5-21-3285734972-3574571405-3825002702-1000\..Trusted Ranges: GD ([http] in Local intranet)
    O34 - HKLM BootExecute: (autocheck autochk *) - File not found
    @Alternate Data Stream - 121 bytes -> C:\ProgramData\TEMP:DFC5A2B2
    @Alternate Data Stream - 121 bytes -> C:\ProgramData\TEMP:A8ADE5D8
    @Alternate Data Stream - 105 bytes -> C:\ProgramData\TEMP:430C6D84
    
    :commands
    [EmptyTemp]
    
  • Push Posted Image
  • OTL may ask to reboot the machine. Please do so if asked.
  • Click Posted Image.
  • A report will open. Copy and Paste that report in your next reply.

Step 2.

Re-Run MBRCheck.exe
  • Wait until you see the following line: Enter 'Y' and hit ENTER for more options, or 'N' to exit:
  • Please push the 'Y' key and then press Enter
  • When program ask you Enter your choice: enter
    [1] Dump the MBR of a physical disk to file.
    and press the Enter key
  • Now the program will ask you "Enter the physical disk number to fix (0-99, -1 to cancel):"
  • Enter 2 and press the Enter key.
  • The program will show Available MBR codes:, followed by a list of operating systems.
    [ 0] Default (Windows XP)
    [ 1] Windows XP
    [ 2] Windows Server 2003
    [ 3] Windows Vista
    [ 4] Windows 2008
    [ 5] Windows 7
  • Please enter 3 and then press the Enter key.
  • The program will ask for the file name to dump to, type dump.dat and Press Enter. You should see Dumped successfully.
  • Next, type -1 and press Enter. Next press Enter again, and the program will exit.
  • Save it to C:\ and attach it to your next reply.

We need to check the contents of the MBR Dump.

Please click this link-->Virustotal: http://www.virustotal.com/
When the VirusTotal page has finished loading, Click the browse button. Copy and paste the lines in bold in the open box, then click Send File after pasting one line.

c:\dump.dat

If the file has been analyzed before, click the Reanalyse File Now button.

If VirusTotal is busy, try the same at Jotti: Posted Image<--link

Please copy and paste the results of the scan and attach c:\dump.dat in your next post.

In your next reply please include the following:

OTLFix report
VirusTotal results
c:\dump.dat <--attached

How is your computer running?


Thanks!!

Edited by pwgib, 18 November 2010 - 06:03 PM.

PW

#7 HeadDesk

HeadDesk
  • Topic Starter

  • Members
  • 55 posts
  • OFFLINE
  •  
  • Gender:Not Telling
  • Local time:05:48 PM

Posted 19 November 2010 - 09:24 AM

Thanks for all your time and patience on this, pwgib.

My computer keeps going slow or freezing, and it's been worse since I installed the damn 'Slow PC Fighter'. It pops up when I start the computer, saying the health of my computer is bad. Pic It also keeps making another desktop icon, so there's now three.

*facepalm* I apologize, I'm a noob. I'm uninstalling it now, deleting the .exe, and running the fix.

Step 1. OTL Fix

========== OTL ==========
Registry value HKEY_USERS\S-1-5-21-3285734972-3574571405-3825002702-1000\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{21FA44EF-376D-4D53-9B0F-8A89D3229068} not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{21FA44EF-376D-4D53-9B0F-8A89D3229068}\ not found.
Registry key HKEY_USERS\S-1-5-21-3285734972-3574571405-3825002702-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\gothic.org.au\www\ not found.
Registry value HKEY_USERS\S-1-5-21-3285734972-3574571405-3825002702-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Ranges\GD\\http not found.
Registry value HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Session manager\\BootExecute:autocheck autochk * deleted successfully.
Unable to delete ADS C:\ProgramData\TEMP:DFC5A2B2 .
Unable to delete ADS C:\ProgramData\TEMP:A8ADE5D8 .
Unable to delete ADS C:\ProgramData\TEMP:430C6D84 .
========== COMMANDS ==========

OTL by OldTimer - Version 3.2.17.3 log created on 11202010_012433


Step 2. MBR Dump. I hit a few snags here, not sure what happened or where I went wrong. Everything went as you described (except I wasn't asked to hit 3 to choose Windows Vista), until I hit 'Enter' to exit. No log was displayed, and I couldn't open dump.dat to paste the log - neither could I attach the file to this post. I repeated the dump a few times, but there must be something wrong/I'm not getting.

Whenever I tried to open it the window flickered as an empty box for a second and didn't work. I had the option to save it when trying to open using Internet Explorer, but trying to open that way had the same result. So I've tried to save it to C:\ where it should go, but it won't allow it without the permission of the administrator (though I am the administrator!) It's in Desktop instead.

When I tried to attach the file to this post I wasn't allowed to (! Error You aren't permitted to upload this kind of file), even when I found the exact location on desktop.

I'm sorry, just can't seem to make this work to attach the dump.dat. :(
There are a few MBR titled documents, so I'll attach the most recent? I'm really hoping this helps give you a picture of what happened.

MBRCheck, version 1.2.3
© 2010, AD

Command-line:
Windows Version: Windows Vista Home Premium Edition
Windows Information: Service Pack 2 (build 6002), 32-bit
Base Board Manufacturer: Notebook
BIOS Manufacturer: Phoenix Technologies LTD
System Manufacturer: Notebook
System Product Name: MIM2300
Logical Drives Mask: 0x000001fc

Kernel Drivers (total 158):
0x8381A000 \SystemRoot\system32\ntkrnlpa.exe
0x83BD3000 \SystemRoot\system32\hal.dll
0x80404000 \SystemRoot\system32\kdcom.dll
0x8040B000 \SystemRoot\system32\mcupdate_GenuineIntel.dll
0x8047B000 \SystemRoot\system32\PSHED.dll
0x8048C000 \SystemRoot\system32\BOOTVID.dll
0x80494000 \SystemRoot\system32\CLFS.SYS
0x804D5000 \SystemRoot\system32\CI.dll
0x80605000 \SystemRoot\system32\drivers\Wdf01000.sys
0x80681000 \SystemRoot\system32\drivers\WDFLDR.SYS
0x8068E000 \SystemRoot\system32\drivers\acpi.sys
0x806D4000 \SystemRoot\system32\drivers\WMILIB.SYS
0x806DD000 \SystemRoot\system32\drivers\msisadrv.sys
0x806E5000 \SystemRoot\system32\drivers\pci.sys
0x8070C000 \SystemRoot\System32\drivers\partmgr.sys
0x8071B000 \SystemRoot\system32\DRIVERS\compbatt.sys
0x8071E000 \SystemRoot\system32\DRIVERS\BATTC.SYS
0x80728000 \SystemRoot\system32\drivers\volmgr.sys
0x80737000 \SystemRoot\System32\drivers\volmgrx.sys
0x80781000 \SystemRoot\system32\drivers\intelide.sys
0x80788000 \SystemRoot\system32\drivers\PCIIDEX.SYS
0x80796000 \SystemRoot\System32\drivers\mountmgr.sys
0x83E0F000 \SystemRoot\system32\drivers\iastor.sys
0x83ED7000 \SystemRoot\system32\drivers\atapi.sys
0x83EDF000 \SystemRoot\system32\drivers\ataport.SYS
0x83EFD000 \SystemRoot\system32\drivers\fltmgr.sys
0x83F2F000 \SystemRoot\system32\drivers\fileinfo.sys
0x83F3F000 \SystemRoot\System32\Drivers\ksecdd.sys
0x8BA04000 \SystemRoot\system32\drivers\ndis.sys
0x8BB0F000 \SystemRoot\system32\drivers\msrpc.sys
0x8BB3A000 \SystemRoot\system32\drivers\NETIO.SYS
0x8BC0C000 \SystemRoot\System32\drivers\tcpip.sys
0x8BCF6000 \SystemRoot\System32\drivers\fwpkclnt.sys
0x8BE07000 \SystemRoot\System32\Drivers\Ntfs.sys
0x8BF17000 \SystemRoot\system32\drivers\volsnap.sys
0x8BF50000 \SystemRoot\system32\DRIVERS\uagp35.sys
0x8BF61000 \SystemRoot\System32\Drivers\spldr.sys
0x8BF69000 \SystemRoot\System32\Drivers\mup.sys
0x8BF78000 \SystemRoot\System32\drivers\ecache.sys
0x8BF9F000 \SystemRoot\system32\drivers\disk.sys
0x8BFB0000 \SystemRoot\system32\drivers\CLASSPNP.SYS
0x8BFD1000 \SystemRoot\system32\drivers\crcdisk.sys
0x8BFE7000 \SystemRoot\system32\DRIVERS\tunnel.sys
0x8BFF2000 \SystemRoot\system32\DRIVERS\tunmp.sys
0x8BDD9000 \SystemRoot\system32\DRIVERS\intelppm.sys
0x90000000 \SystemRoot\system32\DRIVERS\nvlddmkm.sys
0x90747000 \SystemRoot\System32\drivers\dxgkrnl.sys
0x907E8000 \SystemRoot\System32\drivers\watchdog.sys
0x907F4000 \SystemRoot\system32\DRIVERS\usbuhci.sys
0x8BB75000 \SystemRoot\system32\DRIVERS\USBPORT.SYS
0x8BDE8000 \SystemRoot\system32\DRIVERS\usbehci.sys
0x90A00000 \SystemRoot\system32\DRIVERS\HDAudBus.sys
0x90A8D000 \SystemRoot\system32\DRIVERS\netr28.sys
0x90AE4000 \SystemRoot\system32\DRIVERS\Rtlh86.sys
0x90AFB000 \SystemRoot\system32\DRIVERS\i8042prt.sys
0x90B0E000 \SystemRoot\system32\DRIVERS\kbdclass.sys
0x90B19000 \SystemRoot\system32\DRIVERS\SynTP.sys
0x90B44000 \SystemRoot\system32\DRIVERS\USBD.SYS
0x90B46000 \SystemRoot\system32\DRIVERS\mouclass.sys
0x90B51000 \SystemRoot\system32\drivers\Afc.sys
0x90B59000 \SystemRoot\system32\DRIVERS\cdrom.sys
0x90B71000 \SystemRoot\System32\Drivers\GEARAspiWDM.sys
0x90B77000 \SystemRoot\system32\DRIVERS\CmBatt.sys
0x90B7B000 \SystemRoot\system32\DRIVERS\msiscsi.sys
0x90BAA000 \SystemRoot\system32\DRIVERS\storport.sys
0x90BEB000 \SystemRoot\system32\DRIVERS\TDI.SYS
0x8BBB3000 \SystemRoot\system32\DRIVERS\rasl2tp.sys
0x8BC00000 \SystemRoot\system32\DRIVERS\ndistapi.sys
0x8BBCA000 \SystemRoot\system32\DRIVERS\ndiswan.sys
0x8BBED000 \SystemRoot\system32\DRIVERS\raspppoe.sys
0x83FB0000 \SystemRoot\system32\DRIVERS\raspptp.sys
0x83FC4000 \SystemRoot\system32\DRIVERS\rassstp.sys
0x83FD9000 \SystemRoot\system32\DRIVERS\termdd.sys
0x90BF6000 \SystemRoot\system32\DRIVERS\swenum.sys
0x807A6000 \SystemRoot\system32\DRIVERS\ks.sys
0x83FE9000 \SystemRoot\system32\DRIVERS\mssmbios.sys
0x83FF3000 \SystemRoot\system32\DRIVERS\umbus.sys
0x805B5000 \SystemRoot\system32\DRIVERS\usbhub.sys
0x807D0000 \SystemRoot\System32\Drivers\NDProxy.SYS
0x90E0A000 \SystemRoot\system32\drivers\RTKVHDA.sys
0x91009000 \SystemRoot\system32\drivers\portcls.sys
0x91036000 \SystemRoot\system32\drivers\drmk.sys
0x9105B000 \SystemRoot\system32\DRIVERS\AGRSM.sys
0x91177000 \SystemRoot\system32\drivers\modem.sys
0x91184000 \SystemRoot\System32\Drivers\Fs_Rec.SYS
0x9118D000 \SystemRoot\System32\Drivers\Null.SYS
0x91194000 \SystemRoot\System32\Drivers\Beep.SYS
0x9119B000 \SystemRoot\System32\drivers\vga.sys
0x911A7000 \SystemRoot\System32\drivers\VIDEOPRT.SYS
0x911C8000 \SystemRoot\System32\DRIVERS\RDPCDD.sys
0x911D0000 \SystemRoot\system32\drivers\rdpencdd.sys
0x911D8000 \SystemRoot\System32\Drivers\Msfs.SYS
0x911E3000 \SystemRoot\System32\Drivers\Npfs.SYS
0x911F1000 \SystemRoot\System32\DRIVERS\rasacd.sys
0x807E1000 \SystemRoot\system32\DRIVERS\tdx.sys
0x90E00000 \SystemRoot\System32\Drivers\aswTdi.SYS
0x805EA000 \SystemRoot\system32\DRIVERS\smb.sys
0x9140C000 \SystemRoot\System32\DRIVERS\netbt.sys
0x9143E000 \SystemRoot\system32\drivers\afd.sys
0x91486000 \SystemRoot\System32\Drivers\aswRdr.SYS
0x9148B000 \SystemRoot\system32\DRIVERS\pacer.sys
0x914A1000 \SystemRoot\system32\DRIVERS\netbios.sys
0x914AF000 \SystemRoot\system32\DRIVERS\wanarp.sys
0x914C2000 \SystemRoot\system32\DRIVERS\rdbss.sys
0x914FE000 \SystemRoot\system32\drivers\nsiproxy.sys
0x91508000 \SystemRoot\System32\Drivers\dfsc.sys
0x9151F000 \SystemRoot\System32\Drivers\aswSP.SYS
0x91546000 \SystemRoot\system32\drivers\RTSTOR.SYS
0x91558000 \SystemRoot\system32\DRIVERS\hidusb.sys
0x91561000 \SystemRoot\system32\DRIVERS\HIDCLASS.SYS
0x91571000 \SystemRoot\system32\DRIVERS\HIDPARSE.SYS
0x91578000 \SystemRoot\system32\DRIVERS\mouhid.sys
0x91580000 \SystemRoot\System32\Drivers\fastfat.SYS
0x915A8000 \SystemRoot\system32\DRIVERS\USBSTOR.SYS
0x915BD000 \SystemRoot\system32\DRIVERS\usbccgp.sys
0x915D4000 \SystemRoot\system32\DRIVERS\tosrfusb.sys
0x915DF000 \SystemRoot\system32\DRIVERS\usbgene.sys
0x8BFDA000 \SystemRoot\system32\DRIVERS\STREAM.SYS
0x91400000 \SystemRoot\system32\DRIVERS\USBCAMD2.SYS
0x8BD11000 \SystemRoot\system32\DRIVERS\USBGENE0.SYS
0x8BD4A000 \SystemRoot\system32\DRIVERS\USBGENE1.SYS
0x91E03000 \SystemRoot\system32\DRIVERS\USBGENE2.SYS
0x91E25000 \SystemRoot\system32\DRIVERS\ewusbmdm.sys
0x91E3E000 \SystemRoot\system32\DRIVERS\tosrfbd.sys
0x91E5A000 \SystemRoot\system32\DRIVERS\Tosrfhid.sys
0x91E6C000 \SystemRoot\System32\Drivers\crashdmp.sys
0x91E79000 \SystemRoot\System32\Drivers\dump_iaStor.sys
0x96410000 \SystemRoot\System32\win32k.sys
0x91F41000 \SystemRoot\System32\drivers\Dxapi.sys
0x91F4B000 \SystemRoot\system32\DRIVERS\monitor.sys
0x96630000 \SystemRoot\System32\TSDDD.dll
0x96650000 \SystemRoot\System32\cdd.dll
0x91F5A000 \SystemRoot\system32\drivers\luafv.sys
0x91F75000 \??\C:\Windows\system32\drivers\aswMonFlt.sys
0x91FAC000 \SystemRoot\System32\Drivers\aswFsBlk.SYS
0xA000C000 \SystemRoot\system32\drivers\spsys.sys
0xA00BC000 \SystemRoot\system32\DRIVERS\lltdio.sys
0xA00CC000 \SystemRoot\system32\DRIVERS\nwifi.sys
0xA00F6000 \SystemRoot\system32\DRIVERS\ndisuio.sys
0xA0100000 \SystemRoot\system32\DRIVERS\rspndr.sys
0xA0113000 \SystemRoot\system32\DRIVERS\cdfs.sys
0xA0129000 \SystemRoot\system32\drivers\HTTP.sys
0xA0196000 \SystemRoot\System32\DRIVERS\srvnet.sys
0xA01B3000 \SystemRoot\system32\DRIVERS\bowser.sys
0xA01CC000 \SystemRoot\System32\drivers\mpsdrv.sys
0x91FB7000 \SystemRoot\system32\drivers\mrxdav.sys
0xA01E1000 \SystemRoot\system32\DRIVERS\mrxsmb.sys
0xA6E0F000 \SystemRoot\system32\DRIVERS\mrxsmb10.sys
0xA6E48000 \SystemRoot\system32\DRIVERS\mrxsmb20.sys
0xA6E60000 \SystemRoot\System32\DRIVERS\srv2.sys
0xA6E88000 \SystemRoot\System32\DRIVERS\srv.sys
0xA6EEE000 \SystemRoot\system32\drivers\peauth.sys
0xA6FCC000 \SystemRoot\System32\Drivers\secdrv.SYS
0xA6FD6000 \SystemRoot\System32\drivers\tcpipreg.sys
0xA6FE2000 \SystemRoot\system32\DRIVERS\WUDFRd.sys
0xA6ED6000 \SystemRoot\system32\DRIVERS\WUDFPf.sys
0xA6FF7000 \SystemRoot\system32\DRIVERS\asyncmac.sys
0x77180000 \Windows\System32\ntdll.dll

Processes (total 66):
0 System Idle Process
4 System
584 C:\Windows\System32\smss.exe
780 csrss.exe
840 C:\Windows\System32\wininit.exe
852 csrss.exe
884 C:\Windows\System32\services.exe
896 C:\Windows\System32\lsass.exe
904 C:\Windows\System32\lsm.exe
1028 C:\Windows\System32\winlogon.exe
1096 C:\Windows\System32\svchost.exe
1172 C:\Windows\System32\svchost.exe
1216 C:\Windows\System32\svchost.exe
1312 C:\Windows\System32\svchost.exe
1372 C:\Windows\System32\svchost.exe
1396 C:\Windows\System32\svchost.exe
1476 C:\Windows\System32\audiodg.exe
1500 C:\Windows\System32\svchost.exe
1520 C:\Windows\System32\SLsvc.exe
1552 C:\Windows\System32\svchost.exe
1768 C:\Windows\System32\svchost.exe
1992 C:\Windows\System32\dwm.exe
2000 C:\Program Files\Alwil Software\Avast5\AvastSvc.exe
2024 C:\Windows\explorer.exe
1948 C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
1920 C:\Windows\RtHDVCpl.exe
1884 C:\Windows\System32\rundll32.exe
936 C:\Program Files\Alwil Software\Avast5\AvastUI.exe
2136 C:\Windows\System32\spoolsv.exe
2152 C:\Program Files\iTunes\iTunesHelper.exe
2168 C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
2192 C:\Windows\System32\taskeng.exe
2204 C:\Windows\System32\svchost.exe
2408 C:\Windows\System32\taskeng.exe
2476 C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
2508 C:\Program Files\Bonjour\mDNSResponder.exe
2516 C:\Windows\System32\rundll32.exe
2540 C:\Windows\System32\svchost.exe
2576 C:\Windows\System32\svchost.exe
2624 C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
2768 C:\Windows\System32\svchost.exe
2832 C:\Windows\System32\svchost.exe
2880 C:\Program Files\Common Files\microsoft shared\Windows Live\WLIDSVC.EXE
2940 C:\Windows\System32\taskeng.exe
3008 C:\Windows\System32\SearchIndexer.exe
3152 C:\Program Files\Common Files\microsoft shared\Windows Live\WLIDSVCM.EXE
3808 WUDFHost.exe
2568 C:\Program Files\Internet Explorer\iexplore.exe
2788 C:\Program Files\VIRGIN BROADBAND\VIRGIN BROADBAND.exe
3432 C:\Program Files\Internet Explorer\iexplore.exe
3844 C:\Program Files\Microsoft\Search Enhancement Pack\SCServer\SCServer.exe
1724 C:\Program Files\Google\Google Toolbar\GoogleToolbarUser_32.exe
3668 C:\Program Files\Internet Explorer\iexplore.exe
1904 C:\Windows\System32\taskmgr.exe
4696 C:\Windows\System32\mobsync.exe
4712 C:\Program Files\iPod\bin\iPodService.exe
4880 C:\Windows\System32\svchost.exe
5864 C:\Windows\System32\Macromed\Flash\FlashUtil10c.exe
5340 C:\Windows\System32\msiexec.exe
5752 C:\Windows\System32\svchost.exe
1776 C:\Windows\System32\SearchFilterHost.exe
5608 C:\Windows\System32\SearchProtocolHost.exe
3976 dllhost.exe
3784 dllhost.exe
5736 C:\Users\Bella\Desktop\MBRCheck.exe
2324 C:\Windows\System32\conime.exe

\\.\C: --> \\.\PhysicalDrive0 at offset 0x00000000`00100000 (NTFS)
\\.\D: --> \\.\PhysicalDrive0 at offset 0x00000035`38400000 (FAT32)
\\.\I: --> \\.\PhysicalDrive2 at offset 0x00000000`00007e00 (FAT32)

PhysicalDrive0 Model Number: WDCWD2500BEVS-22UST0, Rev: 01.01A01
PhysicalDrive2 Model Number: SAMSUNGHM320JI, Rev:

Size Device Name MBR Status
--------------------------------------------
232 GB \\.\PhysicalDrive0 Windows 2008 MBR code detected
SHA1: 8DF43F2BDE2D9451948FA14B5279969C777A7979
298 GB \\.\PhysicalDrive2 MBR Code Faked!
SHA1: 28F4559F91F097DB8CFE50E3F91101C785E48F6C


Found non-standard or infected MBR.
Enter 'Y' and hit ENTER for more options, or 'N' to exit:
Options:
[1] Dump the MBR of a physical disk to file.
[2] Restore the MBR of a physical disk with a standard boot code.
[3] Exit.

Enter your choice: Enter the physical disk number to dump (0-99, -1 to exit): 2Dumping \\.\PhysicalDisk2...
Enter filename to dump to: dump.datDumped successfully!

Enter the physical disk number to dump (0-99, -1 to exit): -1

Done!


It allowed me to send the dump.dat to VirusTotal though. hxxp://www.virustotal.com/file-scan/report.html?id=7164874acd2b4dea815187acf0f22774615e2a9fff746135f2b4d086121cda1a-1290178589

AhnLab-V3 2010.11.19.00 2010.11.18 -
AntiVir 7.10.14.54 2010.11.19 -
Antiy-AVL 2.0.3.7 2010.11.19 -
Avast 4.8.1351.0 2010.11.19 -
Avast5 5.0.594.0 2010.11.19 -
AVG 9.0.0.851 2010.11.19 -
BitDefender 7.2 2010.11.19 -
CAT-QuickHeal 11.00 2010.11.09 -
ClamAV 0.96.4.0 2010.11.19 -
Command 5.2.11.5 2010.11.19 -
Comodo 6772 2010.11.19 -
DrWeb 5.0.2.03300 2010.11.19 -
Emsisoft 5.0.0.50 2010.11.19 -
eSafe 7.0.17.0 2010.11.18 -
eTrust-Vet 36.1.7986 2010.11.19 -
F-Prot 4.6.2.117 2010.11.19 -
F-Secure 9.0.16160.0 2010.11.19 -
Fortinet 4.2.254.0 2010.11.18 -
GData 21 2010.11.19 -
Ikarus T3.1.1.90.0 2010.11.19 -
Jiangmin 13.0.900 2010.11.19 -
K7AntiVirus 9.68.3021 2010.11.18 -
Kaspersky 7.0.0.125 2010.11.19 -
McAfee 5.400.0.1158 2010.11.19 -
McAfee-GW-Edition 2010.1C 2010.11.19 -
Microsoft 1.6402 2010.11.19 -
NOD32 5633 2010.11.19 -
Norman 6.06.10 2010.11.19 -
nProtect 2010-11-19.02 2010.11.19 -
Panda 10.0.2.7 2010.11.18 -
PCTools 7.0.3.5 2010.11.19 -
Prevx 3.0 2010.11.19 -
Rising 22.74.03.08 2010.11.19 -
Sophos 4.59.0 2010.11.19 -
SUPERAntiSpyware 4.40.0.1006 2010.11.19 -
Symantec 20101.2.0.161 2010.11.19 -
TheHacker 6.7.0.1.086 2010.11.18 -
TrendMicro 9.120.0.1004 2010.11.19 -
TrendMicro-HouseCall 9.120.0.1004 2010.11.19 -
VBA32 3.12.14.2 2010.11.19 -
VIPRE 7351 2010.11.19 -
ViRobot 2010.10.30.4121 2010.11.19 -
VirusBuster 13.6.49.0 2010.11.19 -
Additional informationShow all
MD5 : 632027a7108142c549a64a13467bab09
SHA1 : a737cca953c256300364af4619aca2d3ca56b1e4
SHA256: 7164874acd2b4dea815187acf0f22774615e2a9fff746135f2b4d086121cda1a
ssdeep: 3:7qPFllV/lctlfbabtXq:7qPGXfb26
File size : 512 bytes
First seen: 2010-11-19 14:56:29
Last seen : 2010-11-19 14:56:29
TrID:
Corel Photo Paint (100.0%)
sigcheck:
publisher....: n/a
copyright....: n/a
product......: n/a
description..: n/a
original name: n/a
internal name: n/a
file version.: n/a
comments.....: n/a
signers......: -
signing date.: -
verified.....: Unsigned



VT Community

0
This file has never been reviewed by any VT Community member. Be the first one to comment on it!

Edited by HeadDesk, 19 November 2010 - 10:50 AM.


#8 pwgib

pwgib

  • Malware Response Team
  • 2,956 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:God's Country
  • Local time:05:48 PM

Posted 20 November 2010 - 05:38 AM

Hello HeadDesk,

Have you been able to uninstall Slow PC Fighter?

What do you use the 298GB Drive I for?

Please go here and follow the instructions for uploading the dump.dat file. In the comment box add "requested by pwgib".

Are you still getting popups and the "ZOMG you are infected" message?

I don't see any evidence of one but do you connect to the inteernet via router?


Step 1.

We need to run a Combofix Script

1. Close any open browsers.

2. Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix. <<----Important
3. Open notepad and copy/paste the text in the codebox below into it:

Driver:: 
BdFileSpy

DDS::
Trusted Zone: gothic.org.au\www


Save this as CFScript.txt, in the same location as ComboFix.exe


Posted Image

Refering to the picture above, drag CFScript into ComboFix.exe

If Combofix prompts you to update the program please allow it to do so.

When finished, it shall produce a log for you at C:\ComboFix.txt which I will require in your next reply.

Step 2.

I'd like us to scan your machine with ESET OnlineScan
  • Hold down Control and click on the following link to open ESET OnlineScan in a new window.
    ESET OnlineScan
  • Click the Posted Image button.
  • For alternate browsers only: (Microsoft Internet Explorer users can skip these steps)
    • Click on Posted Image to download the ESET Smart Installer. Save it to your desktop.
    • Double click on the Posted Image icon on your desktop.
  • Check Posted Image
  • Click the Posted Image button.
  • Accept any security warnings from your browser.
  • Check Posted Image
  • Push the Start button.
  • ESET will then download updates for itself, install itself, and begin scanning your computer. Please be patient as this can take some time.
  • When the scan completes, push Posted Image
  • Push Posted Image, and save the file to your desktop using a unique name, such as ESETScan. Include the contents of this report in your next reply.
  • Push the Posted Image button.
  • Push Posted Image
<<Note: If ESET finds nothing there will be no log produced

In your next reply please include the following:

ComboFix.txt
ESET scan results


(Note that I will be traveling most of 11-20 but I will try to respond this evening). :thumbup2:


Thanks!!
PW

#9 HeadDesk

HeadDesk
  • Topic Starter

  • Members
  • 55 posts
  • OFFLINE
  •  
  • Gender:Not Telling
  • Local time:05:48 PM

Posted 20 November 2010 - 07:00 AM

It's ok, please don't rush! Do everything you need to do elsewhere and get back to this whenever, it's not urgent.

I've uninstalled Slow PC Fighter, deleted all icons and deleted the .exe too. Sorry bout that. No more popups or any "ZOMG" (figure of speech ;) ) drama that I can see.

Router? Uh, not really sure what that is but I don't think I do. I have a wireless modem that just plugs in as if it was a USB device.


The 298 GB... I'm assuming you mean that's a lot of memory. I don't game or anything. I just have a lot of stuff saved, like pictures and music, and need to do a weeding of the nonessentials. I find it hard to know when I should delete programs also, so for fear of wiping the wrong thing there may be a few cluttering the computer.


I've submitted the dump.dat with a comment that pwgib requested it.

Edited by HeadDesk, 20 November 2010 - 07:45 AM.


#10 pwgib

pwgib

  • Malware Response Team
  • 2,956 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:God's Country
  • Local time:05:48 PM

Posted 20 November 2010 - 08:12 AM

That is your Drive I that is 298, Gigabytes in size.

Drive C: | 212.88 Gb Total Space | 141.20 Gb Free Space | 66.33% Space Free | Partition Type: NTFS
Drive D: | 20.00 Gb Total Space | 0.02 Gb Free Space | 0.08% Space Free | Partition Type: FAT32
Drive E: | 1.82 Gb Total Space | 1.81 Gb Free Space | 99.69% Space Free | Partition Type: FAT
Drive G: | 11.74 Mb Total Space | 0.00 Mb Free Space | 0.00% Space Free | Partition Type: CDFS
Drive I: | 298.02 Gb Total Space | 288.20 Gb Free Space | 96.71% Space Free | Partition Type: FAT32

To access it go to My Computer and double click on Drive I.


Thanks!!
PW

#11 pwgib

pwgib

  • Malware Response Team
  • 2,956 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:God's Country
  • Local time:05:48 PM

Posted 20 November 2010 - 08:19 AM

Were you able to upload the file dump.dat?

Thanks!!
PW

#12 HeadDesk

HeadDesk
  • Topic Starter

  • Members
  • 55 posts
  • OFFLINE
  •  
  • Gender:Not Telling
  • Local time:05:48 PM

Posted 20 November 2010 - 08:30 AM

Ah, sorry! It says Verbatim, so that would be the external hard drive I backup onto.

Yep, it said the dump.dat was submitted.

I'm just going through the rest of the steps now, messed up doing it from memory so I'm redoing it the right way.

I also had to restart (it's ok, I did the manual one after the log was made and it showed on the log that it had already automatically rebooted). Because when I tried to access Avast! to put the protection back on or get on the net to come back here, it gave me an error message like 'illegal/unauthorized' and 'marked for deletion'. Sorry, only got the sense of it and it sorted out after the manual restart. Scary.



I'll have the things up for you soon :thumbup2:


Ok, I checked and I don't have a router.

Step 1. Dragged the right file in this time, and got the log. (Saw the error message again, it was 'illegal operation attempted on registry keys marked for deletion'. Happenened on trying to open Avast or log onto internet without having restarted manually after the log was generated. So while I'm not sure if I really should have restarted, I had to to get back on here or put Avast back on. :( )


Anyway, here's the Combofix log from dragging CFScript.txt ---> Combofix.exe

ComboFix 10-11-15.06 - Bella 21/11/2010 0:35.3.2 - x86
Microsoft® Windows Vista™ Home Premium 6.0.6002.2.1252.61.1033.18.3070.2081 [GMT 11:00]
Running from: c:\users\Bella\Desktop\ComboFix.exe
Command switches used :: c:\users\Bella\Desktop\CFScript.txt
SP: Windows Defender *enabled* (Updated) {D68DDC3A-831F-4FAE-9E44-DA132C1ACF46}
.

((((((((((((((((((((((((( Files Created from 2010-10-20 to 2010-11-20 )))))))))))))))))))))))))))))))
.

2010-11-20 13:42 . 2010-11-20 13:42 -------- d-----w- c:\users\Bella\AppData\Local\temp
2010-11-20 13:42 . 2010-11-20 13:42 -------- d-----w- c:\users\Default\AppData\Local\temp
2010-11-19 14:13 . 2010-11-19 14:13 -------- d-----w- C:\_OTL
2010-11-19 12:20 . 2010-11-10 04:33 6273872 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{266A5EFA-007E-4B73-B182-F84E3B77C634}\mpengine.dll
2010-11-16 15:55 . 2010-11-16 15:55 -------- d-----w- c:\users\Bella\AppData\Roaming\Malwarebytes
2010-11-16 15:55 . 2010-04-29 04:39 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2010-11-16 15:55 . 2010-11-16 15:55 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2010-11-16 15:55 . 2010-11-16 15:55 -------- d-----w- c:\programdata\Malwarebytes
2010-11-16 15:55 . 2010-04-29 04:39 20952 ----a-w- c:\windows\system32\drivers\mbam.sys
2010-11-10 04:59 . 2010-10-07 11:37 2409784 ----a-w- c:\program files\Windows Mail\OESpamFilter.dat
2010-11-07 19:29 . 2010-11-07 19:29 630272 ----a-w- c:\users\Bella\dds.scr
2010-11-05 11:28 . 2010-11-05 11:28 -------- d-----w- c:\windows\en
2010-11-05 11:28 . 2010-09-22 13:21 39272 ----a-w- c:\windows\system32\drivers\fssfltr.sys
2010-11-05 11:24 . 2009-09-04 06:44 69464 ----a-w- c:\windows\system32\XAPOFX1_3.dll
2010-11-05 11:24 . 2009-09-04 06:44 515416 ----a-w- c:\windows\system32\XAudio2_5.dll
2010-11-05 11:24 . 2009-09-04 06:29 453456 ----a-w- c:\windows\system32\d3dx10_42.dll
2010-11-05 11:23 . 2010-11-05 11:23 469256 ----a-w- c:\program files\Common Files\Windows Live\.cache\db01d2631cb7cdb2b\InstallManager_WLE_WLE.exe
2010-11-05 11:22 . 2010-11-05 11:22 15712 ----a-w- c:\program files\Common Files\Windows Live\.cache\c338d5231cb7cdb1f\MeshBetaRemover.exe
2010-11-05 11:22 . 2010-11-05 11:22 94040 ----a-w- c:\program files\Common Files\Windows Live\.cache\b69aab431cb7cdb18\DSETUP.dll
2010-11-05 11:22 . 2010-11-05 11:22 525656 ----a-w- c:\program files\Common Files\Windows Live\.cache\b69aab431cb7cdb18\DXSETUP.exe
2010-11-05 11:22 . 2010-11-05 11:22 1691480 ----a-w- c:\program files\Common Files\Windows Live\.cache\b69aab431cb7cdb18\dsetup32.dll
2010-11-05 11:22 . 2010-11-05 11:22 94040 ----a-w- c:\program files\Common Files\Windows Live\.cache\b4e70fa31cb7cdb17\DSETUP.dll
2010-11-05 11:22 . 2010-11-05 11:22 525656 ----a-w- c:\program files\Common Files\Windows Live\.cache\b4e70fa31cb7cdb17\DXSETUP.exe
2010-11-05 11:22 . 2010-11-05 11:22 1691480 ----a-w- c:\program files\Common Files\Windows Live\.cache\b4e70fa31cb7cdb17\dsetup32.dll
2010-11-05 11:21 . 2010-11-20 10:54 -------- d-----w- c:\users\Bella\AppData\Local\Windows Live
2010-11-05 11:20 . 2009-08-04 08:02 754688 ----a-w- c:\windows\system32\webservices.dll
2010-10-29 11:14 . 2010-08-26 16:34 1696256 ----a-w- c:\windows\system32\gameux.dll
2010-10-29 11:14 . 2010-08-26 16:33 28672 ----a-w- c:\windows\system32\Apphlpdm.dll
2010-10-29 11:14 . 2010-08-26 14:23 4240384 ----a-w- c:\windows\system32\GameUXLegacyGDFs.dll

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-10-18 23:41 . 2010-02-03 18:55 222080 ------w- c:\windows\system32\MpSigStub.exe
2010-09-22 13:47 . 2010-09-22 13:47 49016 ----a-w- c:\windows\system32\sirenacm.dll
2010-09-22 13:32 . 2010-09-22 13:32 301936 ----a-w- c:\windows\WLXPGSS.SCR
2010-09-13 13:56 . 2010-10-13 14:00 8147456 ----a-w- c:\windows\system32\wmploc.DLL
2010-09-09 19:07 . 2010-09-09 19:07 95024 ----a-w- c:\windows\system32\drivers\SBREDrv.sys
2010-09-08 06:01 . 2010-10-13 13:59 916480 ----a-w- c:\windows\system32\wininet.dll
2010-09-08 05:57 . 2010-10-13 13:59 43520 ----a-w- c:\windows\system32\licmgr10.dll
2010-09-08 05:57 . 2010-10-13 13:59 1469440 ----a-w- c:\windows\system32\inetcpl.cpl
2010-09-08 05:56 . 2010-10-13 13:59 71680 ----a-w- c:\windows\system32\iesetup.dll
2010-09-08 05:56 . 2010-10-13 13:59 109056 ----a-w- c:\windows\system32\iesysprep.dll
2010-09-08 05:04 . 2010-10-13 13:59 385024 ----a-w- c:\windows\system32\html.iec
2010-09-08 04:26 . 2010-10-13 13:59 133632 ----a-w- c:\windows\system32\ieUnatt.exe
2010-09-08 04:25 . 2010-10-13 13:59 1638912 ----a-w- c:\windows\system32\mshtml.tlb
2010-09-08 00:17 . 2010-09-08 00:17 94208 ----a-w- c:\windows\system32\QuickTimeVR.qtx
2010-09-08 00:17 . 2010-09-08 00:17 69632 ----a-w- c:\windows\system32\QuickTime.qts
2010-09-07 15:12 . 2010-06-29 12:49 38848 ----a-w- c:\windows\avastSS.scr
2010-09-07 15:11 . 2010-06-24 13:57 167592 ----a-w- c:\windows\system32\aswBoot.exe
2010-09-07 14:52 . 2010-06-24 13:58 46672 ----a-w- c:\windows\system32\drivers\aswTdi.sys
2010-09-07 14:52 . 2010-06-24 13:58 165584 ----a-w- c:\windows\system32\drivers\aswSP.sys
2010-09-07 14:47 . 2010-06-24 13:58 23376 ----a-w- c:\windows\system32\drivers\aswRdr.sys
2010-09-07 14:47 . 2010-06-24 13:58 50768 ----a-w- c:\windows\system32\drivers\aswMonFlt.sys
2010-09-07 14:47 . 2010-06-24 13:58 17744 ----a-w- c:\windows\system32\drivers\aswFsBlk.sys
2010-09-06 16:20 . 2010-10-13 13:59 125952 ----a-w- c:\windows\system32\srvsvc.dll
2010-09-06 16:19 . 2010-10-13 13:59 17920 ----a-w- c:\windows\system32\netevent.dll
2010-09-06 13:45 . 2010-10-13 13:59 304128 ----a-w- c:\windows\system32\drivers\srv.sys
2010-09-06 13:45 . 2010-10-13 13:59 145408 ----a-w- c:\windows\system32\drivers\srv2.sys
2010-09-06 13:45 . 2010-10-13 13:59 102400 ----a-w- c:\windows\system32\drivers\srvnet.sys
2010-08-31 15:46 . 2010-10-13 13:59 954752 ----a-w- c:\windows\system32\mfc40.dll
2010-08-31 15:46 . 2010-10-13 13:59 954288 ----a-w- c:\windows\system32\mfc40u.dll
2010-08-31 15:44 . 2010-10-13 13:57 531968 ----a-w- c:\windows\system32\comctl32.dll
2010-08-31 13:27 . 2010-10-13 13:59 2038272 ----a-w- c:\windows\system32\win32k.sys
2010-08-26 16:37 . 2010-10-13 13:59 157184 ----a-w- c:\windows\system32\t2embed.dll
2010-08-26 16:33 . 2010-10-29 11:14 173056 ----a-w- c:\windows\apppatch\AcXtrnal.dll
2010-08-26 16:33 . 2010-10-29 11:14 542720 ----a-w- c:\windows\apppatch\AcLayers.dll
2010-08-26 16:33 . 2010-10-29 11:14 458752 ----a-w- c:\windows\apppatch\AcSpecfc.dll
2010-08-26 16:33 . 2010-10-29 11:14 2159616 ----a-w- c:\windows\apppatch\AcGenral.dll
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2009-03-07 39408]
"msnmsgr"="c:\program files\Windows Live\Messenger\msnmsgr.exe" [2010-09-22 4240760]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2007-01-05 827392]
"RtHDVCpl"="RtHDVCpl.exe" [2007-12-04 4710400]
"Skytel"="Skytel.exe" [2007-11-20 1826816]
"NvSvc"="c:\windows\system32\nvsvc.dll" [2007-10-23 86016]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2007-10-23 8501792]
"NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2007-10-23 81920]
"AppleSyncNotifier"="c:\program files\Common Files\Apple\Mobile Device Support\AppleSyncNotifier.exe" [2010-03-16 47392]
"avast5"="c:\progra~1\ALWILS~1\Avast5\avastUI.exe" [2010-09-07 2838912]
"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2010-09-08 421888]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2010-09-23 421160]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableUIADesktopToggle"= 0 (0x0)

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]
BootExecute REG_MULTI_SZ \0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WinDefend]
@="Service"

[HKLM\~\startupfolder\C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^HP Digital Imaging Monitor.lnk]
path=c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\HP Digital Imaging Monitor.lnk
backup=c:\windows\pss\HP Digital Imaging Monitor.lnk.CommonStartup
backupExtension=.CommonStartup

[HKLM\~\startupfolder\C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^TMMonitor.lnk]
path=c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\TMMonitor.lnk
backup=c:\windows\pss\TMMonitor.lnk.CommonStartup
backupExtension=.CommonStartup

[HKLM\~\startupfolder\C:^Users^Bella^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^OneNote 2007 Screen Clipper and Launcher.lnk]
path=c:\users\Bella\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OneNote 2007 Screen Clipper and Launcher.lnk
backup=c:\windows\pss\OneNote 2007 Screen Clipper and Launcher.lnk.Startup
backupExtension=.Startup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Windows Defender]
%ProgramFiles%\Windows Defender\MSASCui.exe -hide [X]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher]
2009-02-27 06:10 35696 ----a-w- c:\program files\Adobe\Reader 9.0\Reader\reader_sl.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}]
2007-10-14 22:14 202024 ----a-w- c:\program files\Common Files\Nero\Lib\NMBgMonitor.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\CLMLServer]
2007-10-17 04:42 128296 ----a-w- c:\program files\HomeCinema\Power2Go\CLMLSvc.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ehTray.exe]
2008-01-19 07:33 125952 ----a-w- c:\windows\ehome\ehtray.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Google Desktop Search]
2009-01-17 11:03 29744 ----a-w- c:\program files\Google\Google Desktop Search\GoogleDesktop.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HP Software Update]
2007-10-14 11:17 49152 ----a-w- c:\program files\HP\HP Software Update\hpwuSchd2.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\hpqSRMon]
2007-08-22 06:31 80896 ----a-w- c:\program files\HP\Digital Imaging\bin\HpqSRmon.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\IAAnotif]
2007-10-03 04:44 178712 ----a-w- c:\program files\Intel\Intel Matrix Storage Manager\IAAnotif.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper]
2010-09-23 15:10 421160 ----a-w- c:\program files\iTunes\iTunesHelper.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LanguageShortcut]
2007-01-08 11:17 52256 ----a-w- c:\program files\HomeCinema\PowerDVD\Language\Language.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\msnmsgr]
2010-09-22 13:47 4240760 ----a-w- c:\program files\Windows Live\Messenger\msnmsgr.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroFilterCheck]
2007-03-01 03:57 153136 ----a-w- c:\program files\Common Files\Nero\Lib\NeroCheck.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NvCplDaemon]
2007-10-23 12:03 8501792 ----a-w- c:\windows\System32\nvcpl.dll

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NvMediaCenter]
2007-10-23 12:03 81920 ----a-w- c:\windows\System32\nvmctray.dll

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NvSvc]
2007-10-23 12:03 86016 ----a-w- c:\windows\System32\nvsvc.dll

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
2010-09-08 00:17 421888 ----a-w- c:\program files\QuickTime\QTTask.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RemoteControl]
2007-02-09 09:51 71216 ----a-w- c:\program files\HomeCinema\PowerDVD\PDVDServ.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\swg]
2009-03-07 14:34 39408 ----a-w- c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SynTPEnh]
2007-01-05 06:18 827392 ----a-w- c:\program files\Synaptics\SynTP\SynTPEnh.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\toolbar_eula_launcher]
2007-02-09 04:54 16896 ----a-w- c:\program files\GoogleEULA\EULALauncher.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\UCam_Menu]
2007-09-13 05:32 222504 ----a-w- c:\program files\HomeCinema\YouCam\MUITransfer\MUIStartMenu.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WindowsWelcomeCenter]
2009-04-11 06:28 2153472 ----a-w- c:\windows\System32\oobefldr.dll

R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]
R2 gupdate;Google Update Service (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [2010-01-31 135664]
R3 PhilCap;NXP service;c:\windows\system32\DRIVERS\PhilCap.sys [2007-07-31 908896]
R3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;c:\windows\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe [2010-03-18 753504]
R4 GoogleDesktopManager-061008-081103;Google Desktop Manager 5.7.806.10245;c:\program files\Google\Google Desktop Search\GoogleDesktop.exe [2009-01-17 29744]
S1 aswSP;aswSP; [x]
S2 aswFsBlk;aswFsBlk; [x]
S2 aswMonFlt;aswMonFlt;c:\windows\system32\drivers\aswMonFlt.sys [2010-09-07 50768]
S3 DCamUSBGene;GenesysLogic USB2.0 PC Camera;c:\windows\system32\DRIVERS\usbgene.sys [2007-06-26 131584]
S3 netr28;Ralink 802.11n Wireless Driver for Windows Vista;c:\windows\system32\DRIVERS\netr28.sys [2007-11-21 327168]


[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
hpdevmgmt REG_MULTI_SZ hpqcxs08 hpqddsvc
LocalServiceAndNoImpersonation REG_MULTI_SZ FontCache
.
Contents of the 'Scheduled Tasks' folder

2010-11-20 c:\windows\Tasks\Google Software Updater.job
- c:\program files\Google\Common\Google Updater\GoogleUpdaterService.exe [2008-01-17 11:03]

2010-11-20 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-01-31 10:55]

2010-11-20 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-01-31 10:55]

2010-11-20 c:\windows\Tasks\User_Feed_Synchronization-{CFB69A24-03E7-4351-90DC-03758A90E2C5}.job
- c:\windows\system32\msfeedssync.exe [2010-10-13 04:25]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://aldi.com.au/
uSearchURL,(Default) = hxxp://www.google.com/keyword/%s
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~3\Office12\EXCEL.EXE/3000
IE: Google Sidewiki... - c:\program files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_950DF09FAB501E03.dll/cmsidewiki.html
.

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2010-11-21 00:42
Windows 6.0.6002 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
--------------------- LOCKED REGISTRY KEYS ---------------------

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000001
"MSCurrentCountry"=dword:00000009

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0002\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0003\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
Completion time: 2010-11-21 00:45:14
ComboFix-quarantined-files.txt 2010-11-20 13:45
ComboFix2.txt 2010-11-20 13:09
ComboFix3.txt 2010-11-16 18:22

Pre-Run: 152,112,840,704 bytes free
Post-Run: 152,063,389,696 bytes free

Current=1 Default=1 Failed=0 LastKnownGood=10 Sets=1,2,3,4,5,6,7,8,9,10
- - End Of File - - E1F5B76C24250A9577C15819564B02E6

Step 2. This took a while, and I couldn't be sure if it was finished for quite a bit. It finally says done and didn't bring up a log, so maybe there was nothing to find.


So yeah, I'l just leave this here for when you get back. Thanks :thumbsup:

Edited by HeadDesk, 20 November 2010 - 10:42 AM.


#13 pwgib

pwgib

  • Malware Response Team
  • 2,956 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:God's Country
  • Local time:05:48 PM

Posted 21 November 2010 - 10:46 AM

Hello HeadDesk,

Let's make sure the the MBRCheck dump got uploaded. I might have accidentally given you the wrong link. :whistle:

Please do the following:
Run MBRCheck again

When prompted, Enter 'Y' and hit ENTER for more options

When the program asks you to Enter your choice: enter
[1] Dump the MBR of a physical disk to file and press the Enter key.

When you see: Enter the physical disk number to dump (0-99, -1 to exit):"

Enter 2 to dump the MBR to the physical disk.

Name the dumped file as dump2.dat

Enter -1 to exit.

Please then locate the files and visit this site and follow the instructions for uploading the file.

Please let me know when you get it uploaded. :)

Thanks!!
PW

#14 HeadDesk

HeadDesk
  • Topic Starter

  • Members
  • 55 posts
  • OFFLINE
  •  
  • Gender:Not Telling
  • Local time:05:48 PM

Posted 22 November 2010 - 08:25 AM

Whoops! Ok, take 2.

There, submitted :)

#15 pwgib

pwgib

  • Malware Response Team
  • 2,956 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:God's Country
  • Local time:05:48 PM

Posted 23 November 2010 - 05:38 AM

Hi HeadDesk ,

I haven't forgotten about you. I am waiting for some information about this entry.

298 GB \\.\PhysicalDrive2 MBR Code Faked!

Thanks!!
PW




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users