Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Need help with computer running oddly


  • This topic is locked This topic is locked
29 replies to this topic

#1 hypnotictonic420

hypnotictonic420

  • Members
  • 17 posts
  • OFFLINE
  •  
  • Local time:09:57 AM

Posted 07 December 2010 - 06:56 PM

Hey all, I just started an account with this site, however I am not new to it. I have bounced around the forums here and there when I have an issue that needs to be dealt with. Now My computer is just running strange. Its running slowly, it will randomly restart itself sometimes when im using firefox, my sound will stop working as well as my video online will slow down significantly and lag untill i restart my computer and then it is fine for a day or so. Im going to post a hijack this log just to see what you all think and maybe someone will see a virus or something that i havent. Im good with computers but this time i just dont wanna fix it all by myself, i lack the time and am getting frustrated. Thanks for any help. -Dev


Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Alwil Software\Avast5\afwServ.exe
C:\Program Files\Alwil Software\Avast5\AvastSvc.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\eHome\ehRecvr.exe
C:\WINDOWS\eHome\ehSched.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Viewpoint\Common\ViewpointService.exe
C:\WINDOWS\SOUNDMAN.EXE
C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe
C:\WINDOWS\ehome\ehtray.exe
C:\Program Files\Alwil Software\Avast5\avastUI.exe
C:\WINDOWS\system32\ctfmon.exe
C:\WINDOWS\eHome\ehmsas.exe
C:\WINDOWS\system32\wscntfy.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Viewpoint\Viewpoint Manager\ViewMgr.exe
C:\Program Files\Mozilla Firefox\plugin-container.exe
C:\WINDOWS\system32\taskmgr.exe
C:\WINDOWS\system32\dllhost.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = http=localhost:7171
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local;<local>
R3 - URLSearchHook: (no name) - *CFBFAE00-17A6-11D0-99CB-00C04FD64497} - (no file)
R3 - URLSearchHook: (no name) - *{CFBFAE00-17A6-11D0-99CB-00C04FD64497} - (no file)
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: RealPlayer Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Program Files\Real\RealPlayer\rpbrowserrecordplugin.dll
O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - (no file)
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O2 - BHO: Java™ Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O4 - HKLM\..\Run: [ATIPTA] C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
O4 - HKLM\..\Run: [Recguard] %WINDIR%\SMINST\RECGUARD.EXE
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [EPSON Stylus Photo R340 Series] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATIAJA.EXE /P30 "EPSON Stylus Photo R340 Series" /O6 "USB002" /M "Stylus Photo R340"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe"
O4 - HKLM\..\Run: [Reminder] %WINDIR%\Creator\Remind_XP.exe
O4 - HKLM\..\Run: [ehTray] C:\WINDOWS\ehome\ehtray.exe
O4 - HKLM\..\Run: [AVG8_TRAY] C:\PROGRA~1\AVG\AVG8\avgtray.exe
O4 - HKLM\..\Run: [AIMWDInstallFilename] C:\PROGRA~1\AIM\AIMWDI~1.EXE
O4 - HKLM\..\Run: [avast5] "C:\Program Files\Alwil Software\Avast5\avastUI.exe" /nogui
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [Fbw] C:\WINDOWS\system32\?ystem\s?rvices.exe
O4 - HKCU\..\Run: [Ztfknl] C:\WINDOWS\?ystem32\?explore.exe
O4 - HKCU\..\Run: [Axuikx] C:\WINDOWS\?ssembly\n?lookup.exe
O4 - HKCU\..\Run: [Tjlqt] "C:\Program Files\W?nSxS\w?auboot.exe"
O4 - HKCU\..\Run: [Xmheontv] C:\WINDOWS\?ssembly\s?anregw.exe
O4 - HKCU\..\Run: [Ujex] C:\WINDOWS\??crosoft\w?auclt.exe
O4 - HKCU\..\Run: [Faaq] "C:\Documents and Settings\Owner\My Documents\F?nts\r?ndll.exe"
O4 - HKCU\..\Run: [Sysfud] "C:\Documents and Settings\Owner\My Documents\T?sks\s?ool32.exe"
O4 - HKCU\..\Run: [Szjzbfm] C:\WINDOWS\??curity\s?rvices.exe
O4 - HKCU\..\Run: [Foankq] C:\WINDOWS\?ssembly\r?ndll32.exe
O4 - HKCU\..\Run: [Zyo] "C:\Documents and Settings\Owner\My Documents\s?stem\m?iexec.exe"
O4 - HKCU\..\Run: [Ztaeasmq] "C:\Program Files\Common Files\??pPatch\t?skmgr.exe"
O4 - HKCU\..\Run: [Hobnnhs] "C:\Documents and Settings\Owner\My Documents\?dobe\n?tepad.exe"
O4 - HKCU\..\Run: [Pzge] "C:\Documents and Settings\Owner\My Documents\s?stem32\s?anregw.exe"
O4 - HKCU\..\Run: [Nbnp] C:\WINDOWS\W?nSxS\i?xplore.exe
O4 - HKCU\..\Run: [Cbbbvvn] C:\WINDOWS\?ymantec\?ti2evxx.exe
O4 - HKCU\..\Run: [Aim6] "C:\Program Files\AIM6\aim6.exe" /d locale=en-US ee://aol/imApp
O4 - HKCU\..\Run: [Flykr] C:\WINDOWS\?ssembly\n?pdb.exe
O4 - HKCU\..\Run: [Amkaygx] C:\WINDOWS\system32\?dobe\l?gonui.exe
O4 - HKUS\S-1-5-18\..\Run: [SYSDLL] SYSDLL (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [SYSDLL] SYSDLL (User 'Default user')
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM\aim.exe
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\system32\Shdocvw.dll
O9 - Extra button: Run IMVU - {d9288080-1baa-4bc4-9cf8-a92d743db949} - C:\Documents and Settings\Owner\Start Menu\Programs\IMVU\Run IMVU.lnk (file missing)
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search && Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
O16 - DPF: {EF148DBB-5B6D-4130-B2A1-661571E86260} (Playtime Games Launcher) - http://games.pogo.com/online2/pogo/mahjong_escape_ancient/PTGameLauncher.cab
O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - (no file)
O20 - Winlogon Notify: avgrsstarter - avgrsstx.dll (file missing)
O23 - Service: avast! Antivirus - AVAST Software - C:\Program Files\Alwil Software\Avast5\AvastSvc.exe
O23 - Service: avast! Firewall - AVAST Software - C:\Program Files\Alwil Software\Avast5\afwServ.exe
O23 - Service: avast! Mail Scanner - AVAST Software - C:\Program Files\Alwil Software\Avast5\AvastSvc.exe
O23 - Service: avast! Web Scanner - AVAST Software - C:\Program Files\Alwil Software\Avast5\AvastSvc.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: Viewpoint Manager Service - Viewpoint Corporation - C:\Program Files\Viewpoint\Common\ViewpointService.exe

Edited by hamluis, 07 December 2010 - 09:07 PM.
Deleted subsequent posts, moving to Malware Removal Logs from XP ~ Hamluis.


BC AdBot (Login to Remove)

 


#2 thcbytes

thcbytes

  • Malware Response Team
  • 14,790 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:09:57 AM

Posted 14 December 2010 - 11:45 PM

Do you still desire help?
Proud member - Unified Network of Instructors and Trained Eliminators
Posted Image

I do not accept personal donations for assistance provided. I would ask that you instead consider donating the greatest gift - Organ Donation. Your organs are of no use to you when your gone. You will save a life that would otherwise be lost!

http://donatelife.net/register-now/

#3 hypnotictonic420

hypnotictonic420
  • Topic Starter

  • Members
  • 17 posts
  • OFFLINE
  •  
  • Local time:09:57 AM

Posted 16 December 2010 - 10:31 PM

Yes, I do still require help with this if someone can in fact help. It would be much appreciated, ill also post a new hijack this log. Thank you.


Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 10:30:34 PM, on 12/16/2010
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16945)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Alwil Software\Avast5\afwServ.exe
C:\Program Files\Alwil Software\Avast5\AvastSvc.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\eHome\ehRecvr.exe
C:\WINDOWS\eHome\ehSched.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\Viewpoint\Common\ViewpointService.exe
C:\Program Files\Viewpoint\Viewpoint Manager\ViewMgr.exe
C:\WINDOWS\system32\wscntfy.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\SOUNDMAN.EXE
C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe
C:\WINDOWS\ehome\ehtray.exe
C:\Program Files\Alwil Software\Avast5\avastUI.exe
C:\WINDOWS\eHome\ehmsas.exe
C:\WINDOWS\system32\ctfmon.exe
C:\WINDOWS\system32\dllhost.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = http=localhost:7171
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local;<local>
R3 - URLSearchHook: (no name) - *CFBFAE00-17A6-11D0-99CB-00C04FD64497} - (no file)
R3 - URLSearchHook: (no name) - *{CFBFAE00-17A6-11D0-99CB-00C04FD64497} - (no file)
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: RealPlayer Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Program Files\Real\RealPlayer\rpbrowserrecordplugin.dll
O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - (no file)
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O2 - BHO: Java™ Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O4 - HKLM\..\Run: [ATIPTA] C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
O4 - HKLM\..\Run: [Recguard] %WINDIR%\SMINST\RECGUARD.EXE
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [EPSON Stylus Photo R340 Series] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATIAJA.EXE /P30 "EPSON Stylus Photo R340 Series" /O6 "USB002" /M "Stylus Photo R340"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe"
O4 - HKLM\..\Run: [Reminder] %WINDIR%\Creator\Remind_XP.exe
O4 - HKLM\..\Run: [ehTray] C:\WINDOWS\ehome\ehtray.exe
O4 - HKLM\..\Run: [AIMWDInstallFilename] C:\PROGRA~1\AIM\AIMWDI~1.EXE
O4 - HKLM\..\Run: [avast5] "C:\Program Files\Alwil Software\Avast5\avastUI.exe" /nogui
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [Fbw] C:\WINDOWS\system32\?ystem\s?rvices.exe
O4 - HKCU\..\Run: [Ztfknl] C:\WINDOWS\?ystem32\?explore.exe
O4 - HKCU\..\Run: [Axuikx] C:\WINDOWS\?ssembly\n?lookup.exe
O4 - HKCU\..\Run: [Tjlqt] "C:\Program Files\W?nSxS\w?auboot.exe"
O4 - HKCU\..\Run: [Xmheontv] C:\WINDOWS\?ssembly\s?anregw.exe
O4 - HKCU\..\Run: [Ujex] C:\WINDOWS\??crosoft\w?auclt.exe
O4 - HKCU\..\Run: [Faaq] "C:\Documents and Settings\Owner\My Documents\F?nts\r?ndll.exe"
O4 - HKCU\..\Run: [Sysfud] "C:\Documents and Settings\Owner\My Documents\T?sks\s?ool32.exe"
O4 - HKCU\..\Run: [Szjzbfm] C:\WINDOWS\??curity\s?rvices.exe
O4 - HKCU\..\Run: [Foankq] C:\WINDOWS\?ssembly\r?ndll32.exe
O4 - HKCU\..\Run: [Zyo] "C:\Documents and Settings\Owner\My Documents\s?stem\m?iexec.exe"
O4 - HKCU\..\Run: [Ztaeasmq] "C:\Program Files\Common Files\??pPatch\t?skmgr.exe"
O4 - HKCU\..\Run: [Hobnnhs] "C:\Documents and Settings\Owner\My Documents\?dobe\n?tepad.exe"
O4 - HKCU\..\Run: [Pzge] "C:\Documents and Settings\Owner\My Documents\s?stem32\s?anregw.exe"
O4 - HKCU\..\Run: [Nbnp] C:\WINDOWS\W?nSxS\i?xplore.exe
O4 - HKCU\..\Run: [Cbbbvvn] C:\WINDOWS\?ymantec\?ti2evxx.exe
O4 - HKCU\..\Run: [Aim6] "C:\Program Files\AIM6\aim6.exe" /d locale=en-US ee://aol/imApp
O4 - HKCU\..\Run: [Flykr] C:\WINDOWS\?ssembly\n?pdb.exe
O4 - HKCU\..\Run: [Amkaygx] C:\WINDOWS\system32\?dobe\l?gonui.exe
O4 - HKCU\..\Run: [AIM] C:\Program Files\AIM\aim.exe -cnetwait.odl
O4 - HKUS\S-1-5-18\..\Run: [SYSDLL] SYSDLL (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [SYSDLL] SYSDLL (User 'Default user')
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM\aim.exe
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\system32\Shdocvw.dll
O9 - Extra button: Run IMVU - {d9288080-1baa-4bc4-9cf8-a92d743db949} - C:\Documents and Settings\Owner\Start Menu\Programs\IMVU\Run IMVU.lnk (file missing)
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search && Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
O16 - DPF: {EF148DBB-5B6D-4130-B2A1-661571E86260} (Playtime Games Launcher) - http://games.pogo.com/online2/pogo/mahjong_escape_ancient/PTGameLauncher.cab
O20 - Winlogon Notify: avgrsstarter - avgrsstx.dll (file missing)
O23 - Service: avast! Antivirus - AVAST Software - C:\Program Files\Alwil Software\Avast5\AvastSvc.exe
O23 - Service: avast! Firewall - AVAST Software - C:\Program Files\Alwil Software\Avast5\afwServ.exe
O23 - Service: avast! Mail Scanner - AVAST Software - C:\Program Files\Alwil Software\Avast5\AvastSvc.exe
O23 - Service: avast! Web Scanner - AVAST Software - C:\Program Files\Alwil Software\Avast5\AvastSvc.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: Viewpoint Manager Service - Viewpoint Corporation - C:\Program Files\Viewpoint\Common\ViewpointService.exe

--
End of file - 7622 bytes

#4 thcbytes

thcbytes

  • Malware Response Team
  • 14,790 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:09:57 AM

Posted 16 December 2010 - 10:37 PM

Hi and welcome to the Virus/Trojan/Spyware/Malware Removal forum,

I am thcbytes and I am here to help you!

I ask that you refrain from running tools other than those I suggest to you while I am cleaning up your computer. The reason for this is so I know what is going on with the machine at any time. Some programs can interfere with others and hamper the recovery process.

Please perform all steps in the order received and do not proceed if you need clarification.

Please copy and paste all logs into your post unless directed otherwise. Please do not re-run any programs I suggest. If you encounter problems please stop and tell me about it. When your computer is clean I will alert you of such. I will also provide you with detailed suggestions for prevention.

In the upper right hand corner of the topic you will see a button called Watch this topic. Click on this then choose Immediate E-Mail notification and then Proceed then you will be advised by email when I respond to your topic.

After 5 days if your topic is not replied I we assume it has been abandoned and I will close it.

I would also like to inform you that most of us here at Bleeping Computer offer our expert assistance out of the goodness of our hearts. Please be courteous and appreciative for the assistance provided!

Again I would like to remind you to make no further changes to your computer unless I direct you to do so. Your computer fix will be based on the current condition of your computer! Any changes might delay my ability to help you.

==========

We need to create an OTL Report
  • Please download OTL from one of the following mirrors:
  • Save it to your desktop.
  • Double click on the Posted Image icon on your desktop.
  • Push the Posted Image button.
  • Two reports will open, copy and paste them in a reply here:
    • OTL.txt <-- Will be opened
    • Extra.txt <-- Will be minimized

==========

Scan With RKUnHooker

  • Please download http://www.kernelmode.info/ARKs/RKUnhookerLE.EXE
  • Save it to your desktop.
  • Double-click it to run.
  • Click the Reporttab and then click Scan.
  • Check Drivers & Stealth and Uncheck the rest then Click OK.
  • Wait till the scanner has finished and then click File --> Save Report.
  • Save the report to your desktop and click Close.
Copy the entire contents of the report and paste it in a reply here.

Note** you may get this warning it is ok, just ignore it

"Rootkit Unhooker has detected a parasite inside itself!
It is recommended to remove parasite, okay?"


==========

Please download MBRCheck to your desktop
  • Double click MBRCheck.exe to run (With Vista and Win 7 right click and select Run as Administrator)
  • It will show a Black screen with some data on it
  • A log named MBRcheck will be on your desktop
  • Copy and paste that log in your next reply

==========

With your next post please provide:

  • OTL.txt
  • Extra.txt
  • RKU log
  • MbrCheck log
  • You will likely need to post the logs over several posts.

Kind regards,
thcbytes
Proud member - Unified Network of Instructors and Trained Eliminators
Posted Image

I do not accept personal donations for assistance provided. I would ask that you instead consider donating the greatest gift - Organ Donation. Your organs are of no use to you when your gone. You will save a life that would otherwise be lost!

http://donatelife.net/register-now/

#5 hypnotictonic420

hypnotictonic420
  • Topic Starter

  • Members
  • 17 posts
  • OFFLINE
  •  
  • Local time:09:57 AM

Posted 16 December 2010 - 11:04 PM

OTL.txt:

OTL logfile created on: 12/16/2010 10:46:40 PM - Run 1
OTL by OldTimer - Version 3.2.17.3 Folder = C:\Documents and Settings\Owner\My Documents\Downloads
Windows XP Media Center Edition Service Pack 2 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 7.0.5730.11)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

894.00 Mb Total Physical Memory | 456.00 Mb Available Physical Memory | 51.00% Memory free
2.00 Gb Paging File | 2.00 Gb Available in Paging File | 84.00% Paging File free
Paging file location(s): C:\pagefile.sys 1344 2688 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 182.10 Gb Total Space | 10.35 Gb Free Space | 5.68% Space Free | Partition Type: NTFS
Drive D: | 4.20 Gb Total Space | 0.99 Gb Free Space | 23.67% Space Free | Partition Type: FAT32
Drive G: | 37.26 Gb Total Space | 14.16 Gb Free Space | 37.99% Space Free | Partition Type: FAT32

Computer Name: KAT | User Name: Owner | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2010/12/16 22:45:19 | 000,575,488 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Owner\My Documents\Downloads\OTL.exe
PRC - [2010/12/11 17:47:56 | 000,016,856 | ---- | M] (Mozilla Corporation) -- C:\Program Files\Mozilla Firefox\plugin-container.exe
PRC - [2010/12/11 17:47:52 | 000,912,344 | ---- | M] (Mozilla Corporation) -- C:\Program Files\Mozilla Firefox\firefox.exe
PRC - [2010/09/07 10:12:02 | 002,838,912 | ---- | M] (AVAST Software) -- C:\Program Files\Alwil Software\Avast5\AvastUI.exe
PRC - [2010/09/07 10:11:59 | 000,040,384 | ---- | M] (AVAST Software) -- C:\Program Files\Alwil Software\Avast5\AvastSvc.exe
PRC - [2010/09/07 10:11:44 | 000,119,200 | ---- | M] (AVAST Software) -- C:\Program Files\Alwil Software\Avast5\afwServ.exe
PRC - [2009/06/17 01:36:53 | 000,396,288 | ---- | M] (Trend Micro Inc.) -- C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
PRC - [2008/02/22 03:25:21 | 000,144,784 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe
PRC - [2007/06/13 05:23:07 | 001,033,216 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe
PRC - [2007/01/04 16:38:18 | 000,112,336 | ---- | M] (Viewpoint Corporation) -- C:\Program Files\Viewpoint\Viewpoint Manager\ViewMgr.exe
PRC - [2007/01/04 16:38:08 | 000,024,652 | ---- | M] (Viewpoint Corporation) -- C:\Program Files\Viewpoint\Common\ViewpointService.exe
PRC - [2004/12/01 18:54:22 | 000,077,824 | ---- | M] (Realtek Semiconductor Corp.) -- C:\WINDOWS\SOUNDMAN.EXE


========== Modules (SafeList) ==========

MOD - [2010/12/16 22:45:19 | 000,575,488 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Owner\My Documents\Downloads\OTL.exe
MOD - [2006/08/25 10:45:55 | 001,054,208 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.2982_x-ww_ac3f9c03\comctl32.dll


========== Win32 Services (SafeList) ==========

SRV - [2010/09/07 10:11:59 | 000,040,384 | ---- | M] (AVAST Software) [On_Demand | Running] -- C:\Program Files\Alwil Software\Avast5\AvastSvc.exe -- (avast! Web Scanner)
SRV - [2010/09/07 10:11:59 | 000,040,384 | ---- | M] (AVAST Software) [On_Demand | Running] -- C:\Program Files\Alwil Software\Avast5\AvastSvc.exe -- (avast! Mail Scanner)
SRV - [2010/09/07 10:11:59 | 000,040,384 | ---- | M] (AVAST Software) [Auto | Running] -- C:\Program Files\Alwil Software\Avast5\AvastSvc.exe -- (avast! Antivirus)
SRV - [2010/09/07 10:11:44 | 000,119,200 | ---- | M] (AVAST Software) [Auto | Running] -- C:\Program Files\Alwil Software\Avast5\afwServ.exe -- (avast! Firewall)
SRV - [2010/06/10 20:03:08 | 000,144,176 | ---- | M] (Apple Inc.) [Disabled | Stopped] -- C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe -- (Apple Mobile Device)
SRV - [2009/06/22 03:19:03 | 000,718,880 | ---- | M] (Emsi Software GmbH) [Disabled | Stopped] -- C:\Program Files\a-squared Free\a2service.exe -- (a2free)
SRV - [2008/05/05 18:21:34 | 001,174,664 | ---- | M] (Symantec Corporation) [Disabled | Stopped] -- C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe -- (Symantec Core LC)
SRV - [2007/01/04 16:38:08 | 000,024,652 | ---- | M] (Viewpoint Corporation) [Auto | Running] -- C:\Program Files\Viewpoint\Common\ViewpointService.exe -- (Viewpoint Manager Service)
SRV - [2005/08/05 21:46:16 | 000,172,032 | ---- | M] (New Boundary Technologies, Inc.) [Disabled | Stopped] -- C:\Program Files\Common Files\New Boundary\PrismXL\PRISMXL.SYS -- (PrismXL)


========== Driver Services (SafeList) ==========

DRV - File not found [Kernel | On_Demand | Stopped] -- C:\WINDOWS\System32\DRIVERS\wanatw4.sys -- (wanatw) WAN Miniport (ATW)
DRV - File not found [Kernel | On_Demand | Stopped] -- C:\WINDOWS\System32\DRIVERS\MRVW245.sys -- (MRVW245)
DRV - File not found [Kernel | On_Demand | Stopped] -- C:\Program Files\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys -- (EraserUtilRebootDrv)
DRV - File not found [Kernel | On_Demand | Stopped] -- C:\DOCUME~1\Owner\LOCALS~1\Temp\catchme.sys -- (catchme)
DRV - File not found [Kernel | On_Demand | Stopped] -- C:\WINDOWS\System32\DRIVERS\bcmwl5.sys -- (BCM43XX)
DRV - [2010/09/07 09:54:16 | 000,099,792 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\WINDOWS\System32\drivers\aswFW.sys -- (aswFW)
DRV - [2010/09/07 09:53:58 | 000,340,048 | ---- | M] (AVAST Software) [File_System | System | Running] -- C:\WINDOWS\System32\drivers\aswSnx.sys -- (aswSnx)
DRV - [2010/09/07 09:53:35 | 000,190,416 | ---- | M] (AVAST Software) [Kernel | Boot | Running] -- C:\WINDOWS\System32\drivers\aswNdis2.sys -- (aswNdis2)
DRV - [2010/09/07 09:52:25 | 000,046,672 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\WINDOWS\System32\drivers\aswTdi.sys -- (aswTdi)
DRV - [2010/09/07 09:52:03 | 000,165,584 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\WINDOWS\System32\drivers\aswSP.sys -- (aswSP)
DRV - [2010/09/07 09:47:46 | 000,023,376 | ---- | M] (AVAST Software) [Kernel | On_Demand | Running] -- C:\WINDOWS\System32\drivers\aswRdr.sys -- (aswRdr)
DRV - [2010/09/07 09:47:19 | 000,100,176 | ---- | M] (AVAST Software) [File_System | Auto | Running] -- C:\WINDOWS\System32\drivers\aswmon2.sys -- (aswMon2)
DRV - [2010/09/07 09:47:07 | 000,017,744 | ---- | M] (AVAST Software) [File_System | Auto | Running] -- C:\WINDOWS\System32\drivers\aswFsBlk.sys -- (aswFsBlk)
DRV - [2010/09/07 09:46:51 | 000,028,880 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\WINDOWS\System32\drivers\aavmker4.sys -- (Aavmker4)
DRV - [2010/09/07 09:24:46 | 000,012,112 | ---- | M] (ALWIL Software) [Kernel | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\aswNdis.sys -- (aswNdis)
DRV - [2009/06/12 15:34:26 | 000,717,296 | ---- | M] () [Kernel | Boot | Running] -- C:\WINDOWS\System32\Drivers\sptd.sys -- (sptd)
DRV - [2008/01/15 19:24:04 | 000,008,413 | ---- | M] (RealNetworks, Inc.) [Kernel | Auto | Running] -- C:\WINDOWS\System32\drivers\mcstrm.sys -- (MCSTRM)
DRV - [2007/02/02 03:00:00 | 000,009,464 | ---- | M] (Sonic Solutions) [Kernel | System | Running] -- C:\WINDOWS\System32\drivers\cdralw2k.sys -- (Cdralw2k)
DRV - [2007/02/02 03:00:00 | 000,009,336 | ---- | M] (Sonic Solutions) [Kernel | System | Running] -- C:\WINDOWS\System32\drivers\cdr4_xp.sys -- (Cdr4_xp)
DRV - [2005/03/14 19:54:00 | 001,032,192 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ati2mtag.sys -- (ati2mtag)
DRV - [2004/12/01 23:40:08 | 002,300,928 | ---- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ALCXWDM.SYS -- (ALCXWDM) Service for Realtek AC97 Audio (WDM)
DRV - [2004/11/15 19:41:54 | 000,036,804 | ---- | M] (Alcor Micro Corp.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\Sunkfilt.sys -- (SunkFilt)
DRV - [2004/08/04 08:07:44 | 000,043,008 | ---- | M] (Advanced Micro Devices, Inc.) [Kernel | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\amdagp.sys -- (amdagp)
DRV - [2004/08/04 08:07:44 | 000,041,088 | ---- | M] (Silicon Integrated Systems Corporation) [Kernel | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\sisagp.sys -- (sisagp)
DRV - [2004/08/04 00:29:56 | 001,897,408 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\nv4_mini.sys -- (nv)
DRV - [2004/06/17 17:56:22 | 000,220,032 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\HSFHWBS2.sys -- (HSFHWBS2)
DRV - [2004/06/17 17:55:38 | 000,685,056 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\HSF_CNXT.sys -- (winachsf)
DRV - [2004/06/17 17:55:04 | 001,041,536 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\HSF_DP.sys -- (HSF_DP)
DRV - [2004/04/13 23:14:12 | 000,070,144 | ---- | M] (Realtek Semiconductor Corporation ) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\Rtlnicxp.sys -- (RTL8023xp)
DRV - [2003/09/25 21:15:32 | 000,015,872 | ---- | M] (Printing Communications Assoc., Inc. (PCAUSA)) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\GTNDIS5.sys -- (GTNDIS5)
DRV - [2003/09/20 08:45:48 | 000,021,248 | ---- | M] (Padus, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\pfc.sys -- (pfc)
DRV - [2001/08/17 23:07:44 | 000,019,072 | ---- | M] (Adaptec, Inc.) [Kernel | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\sparrow.sys -- (Sparrow)
DRV - [2001/08/17 23:07:42 | 000,030,688 | ---- | M] (LSI Logic) [Kernel | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\sym_u3.sys -- (sym_u3)
DRV - [2001/08/17 23:07:40 | 000,028,384 | ---- | M] (LSI Logic) [Kernel | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\sym_hi.sys -- (sym_hi)
DRV - [2001/08/17 23:07:36 | 000,032,640 | ---- | M] (LSI Logic) [Kernel | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\symc8xx.sys -- (symc8xx)
DRV - [2001/08/17 23:07:34 | 000,016,256 | ---- | M] (Symbios Logic Inc.) [Kernel | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\symc810.sys -- (symc810)
DRV - [2001/08/17 22:52:22 | 000,036,736 | ---- | M] (Promise Technology, Inc.) [Kernel | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\ultra.sys -- (ultra)
DRV - [2001/08/17 22:52:20 | 000,045,312 | ---- | M] (QLogic Corporation) [Kernel | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\ql12160.sys -- (ql12160)
DRV - [2001/08/17 22:52:20 | 000,040,320 | ---- | M] (QLogic Corporation) [Kernel | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\ql1080.sys -- (ql1080)
DRV - [2001/08/17 22:52:18 | 000,049,024 | ---- | M] (QLogic Corporation) [Kernel | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\ql1280.sys -- (ql1280)
DRV - [2001/08/17 22:52:16 | 000,179,584 | ---- | M] (Mylex Corporation) [Kernel | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\dac2w2k.sys -- (dac2w2k)
DRV - [2001/08/17 22:52:12 | 000,017,280 | ---- | M] (American Megatrends Inc.) [Kernel | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\mraid35x.sys -- (mraid35x)
DRV - [2001/08/17 22:52:00 | 000,026,496 | ---- | M] (Advanced System Products, Inc.) [Kernel | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\asc.sys -- (asc)
DRV - [2001/08/17 22:51:58 | 000,014,848 | ---- | M] (Advanced System Products, Inc.) [Kernel | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\asc3550.sys -- (asc3550)
DRV - [2001/08/17 22:51:56 | 000,005,248 | ---- | M] (Acer Laboratories Inc.) [Kernel | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\aliide.sys -- (AliIde)
DRV - [2001/08/17 22:51:54 | 000,006,656 | ---- | M] (CMD Technology, Inc.) [Kernel | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\cmdide.sys -- (CmdIde)
DRV - [2001/08/17 15:49:32 | 000,019,968 | ---- | M] (Macronix International Co., Ltd. ) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\mxnic.sys -- (mxnic)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 1
IE - HKLM\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local;<local>
IE - HKLM\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyServer" = http=localhost:7171

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.com/
IE - HKCU\..\URLSearchHook: *{CFBFAE00-17A6-11D0-99CB-00C04FD64497} - Reg Error: Key error. File not found
IE - HKCU\..\URLSearchHook: *CFBFAE00-17A6-11D0-99CB-00C04FD64497} - Reg Error: Key error. File not found
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local;<local>
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyServer" = http=localhost:7171

========== FireFox ==========

FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}:6.0.20
FF - prefs.js..extensions.enabledItems: jqs@sun.com:1.0
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}:6.0.21
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}:6.0.22
FF - prefs.js..network.proxy.http: "localhost"
FF - prefs.js..network.proxy.http_port: 7171
FF - prefs.js..network.proxy.type: 4

FF - HKLM\software\mozilla\Firefox\Extensions\\{ABDE892B-13A8-4d1b-88E6-365A6E755758}: C:\Program Files\Real\RealPlayer\browserrecord [2008/01/15 19:00:01 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Firefox\Extensions\\avg@igeared: C:\Program Files\AVG\AVG8\Toolbar\Firefox\avg@igeared [2009/10/10 18:42:37 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.6.13\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2010/12/14 11:44:23 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.6.13\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2010/12/11 17:48:06 | 000,000,000 | ---D | M]

[2009/06/15 01:21:18 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\Mozilla\Extensions
[2010/07/23 13:10:21 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\l1phwphy.default\extensions
[2010/12/14 13:26:40 | 000,000,000 | ---D | M] -- C:\Program Files\Mozilla Firefox\extensions
[2010/05/12 01:46:18 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}
[2010/08/16 17:21:54 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}
[2010/11/16 00:01:26 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}
[2010/09/15 04:50:38 | 000,472,808 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\Mozilla Firefox\plugins\npdeployJava1.dll
[2007/04/16 12:07:12 | 000,180,293 | ---- | M] () -- C:\Program Files\Mozilla Firefox\plugins\npViewpoint.dll

O1 HOSTS File: ([2009/06/22 22:53:12 | 000,000,027 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O2 - BHO: (Adobe PDF Reader Link Helper) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated)
O2 - BHO: (RealPlayer Download and Record Plugin for Internet Explorer) - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Program Files\Real\RealPlayer\rpbrowserrecordplugin.dll (RealPlayer)
O2 - BHO: (no name) - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - No CLSID value found.
O2 - BHO: (Spybot-S&D IE Protection) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
O3 - HKCU\..\Toolbar\ShellBrowser: (no name) - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - No CLSID value found.
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {0B53EAC3-8D69-4B9E-9B19-A37C9A5676A7} - No CLSID value found.
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - No CLSID value found.
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - No CLSID value found.
O4 - HKLM..\Run: [AIMWDInstallFilename] C:\PROGRA~1\AIM\AIMWDI~1.EXE File not found
O4 - HKLM..\Run: [avast5] C:\Program Files\Alwil Software\Avast5\avastUI.exe (AVAST Software)
O4 - HKLM..\Run: [EPSON Stylus Photo R340 Series] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATIAJA.EXE File not found
O4 - HKLM..\Run: [Recguard] C:\WINDOWS\SMINST\Recguard.exe ()
O4 - HKLM..\Run: [Reminder] C:\WINDOWS\creator\remind_xp.exe (SoftThinks)
O4 - HKLM..\Run: [SoundMan] C:\WINDOWS\SOUNDMAN.EXE (Realtek Semiconductor Corp.)
O4 - HKLM..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe (Sun Microsystems, Inc.)
O4 - HKCU..\Run: [AIM] C:\Program Files\AIM\aim.exe -cnetwait.odl File not found
O4 - HKCU..\Run: [Aim6] C:\Program Files\AIM6\aim6.exe (AOL LLC)
O4 - HKCU..\Run: [Amkaygx] C:\WINDOWS\System32\Αdobe\lοgonui.exe File not found
O4 - HKCU..\Run: [Axuikx] C:\WINDOWS\?ssembly\n?lookup.exe File not found
O4 - HKCU..\Run: [Cbbbvvn] C:\WINDOWS\?ymantec\?ti2evxx.exe File not found
O4 - HKCU..\Run: [Faaq] C:\Documents and Settings\Owner\My Documents\F?nts\r?ndll.exe File not found
O4 - HKCU..\Run: [Fbw] C:\WINDOWS\System32\?ystem\s?rvices.exe File not found
O4 - HKCU..\Run: [Flykr] C:\WINDOWS\аssembly\nоpdb.exe File not found
O4 - HKCU..\Run: [Foankq] C:\WINDOWS\?ssembly\r?ndll32.exe File not found
O4 - HKCU..\Run: [Hobnnhs] C:\Documents and Settings\Owner\My Documents\?dobe\n?tepad.exe File not found
O4 - HKCU..\Run: [Nbnp] C:\WINDOWS\W?nSxS\i?xplore.exe File not found
O4 - HKCU..\Run: [Pzge] C:\Documents and Settings\Owner\My Documents\s?stem32\s?anregw.exe File not found
O4 - HKCU..\Run: [Sysfud] C:\Documents and Settings\Owner\My Documents\T?sks\s?ool32.exe File not found
O4 - HKCU..\Run: [Szjzbfm] C:\WINDOWS\??curity\s?rvices.exe File not found
O4 - HKCU..\Run: [Tjlqt] C:\Program Files\W?nSxS\w?auboot.exe File not found
O4 - HKCU..\Run: [Ujex] C:\WINDOWS\??crosoft\w?auclt.exe File not found
O4 - HKCU..\Run: [Xmheontv] C:\WINDOWS\?ssembly\s?anregw.exe File not found
O4 - HKCU..\Run: [Ztaeasmq] C:\Program Files\Common Files\??pPatch\t?skmgr.exe File not found
O4 - HKCU..\Run: [Ztfknl] C:\WINDOWS\?ystem32\?explore.exe File not found
O4 - HKCU..\Run: [Zyo] C:\Documents and Settings\Owner\My Documents\s?stem\m?iexec.exe File not found
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoCDBurning = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: InstallVisualStyle = C:\WINDOWS\Resources\Themes\Royale\Royale.msstyles (Microsoft)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: InstallTheme = C:\WINDOWS\Resources\Themes\Royale.theme ()
O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O9 - Extra Button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM\aim.exe (America Online, Inc.)
O9 - Extra Button: Run IMVU - {d9288080-1baa-4bc4-9cf8-a92d743db949} - C:\Documents and Settings\Owner\Start Menu\Programs\IMVU\Run IMVU.lnk File not found
O9 - Extra 'Tools' menuitem : Spybot - Search && Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000004 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O16 - DPF: {166B1BCA-3F9C-11CF-8075-444553540000} http://download.macromedia.com/pub/shockwave/cabs/director/sw.cab (Shockwave ActiveX Control)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab (Java Plug-in 1.6.0_22)
O16 - DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} http://fpdownload.macromedia.com/get/flashplayer/current/ultrashim.cab (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-0015-0000-0004-ABCDEFFEDCBA} http://java.sun.com/update/1.5.0/jinstall-1_5_0_04-windows-i586.cab (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-0015-0000-0006-ABCDEFFEDCBA} http://java.sun.com/update/1.5.0/jinstall-1_5_0_06-windows-i586.cab (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-0015-0000-0009-ABCDEFFEDCBA} http://java.sun.com/update/1.5.0/jinstall-1_5_0_09-windows-i586.cab (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-0015-0000-0010-ABCDEFFEDCBA} http://java.sun.com/update/1.5.0/jinstall-1_5_0_10-windows-i586.cab (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-0015-0000-0011-ABCDEFFEDCBA} http://java.sun.com/update/1.5.0/jinstall-1_5_0_11-windows-i586.cab (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-0016-0000-0001-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_01-windows-i586.cab (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-0016-0000-0002-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_02-windows-i586.cab (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-0016-0000-0003-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_03-windows-i586.cab (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-0016-0000-0005-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_05-windows-i586.cab (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab (Java Plug-in 1.6.0_22)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab (Java Plug-in 1.6.0_22)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://fpdownload.macromedia.com/pub/shockwave/cabs/flash/swflash.cab (Shockwave Flash Object)
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab (Reg Error: Key error.)
O16 - DPF: {EF148DBB-5B6D-4130-B2A1-661571E86260} http://games.pogo.com/online2/pogo/mahjong_escape_ancient/PTGameLauncher.cab (Playtime Games Launcher)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 167.206.245.129 167.206.245.130
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - HKCU Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - Winlogon\Notify\AtiExtEvent: DllName - Ati2evxx.dll - C:\WINDOWS\System32\ati2evxx.dll (ATI Technologies Inc.)
O20 - Winlogon\Notify\avgrsstarter: DllName - avgrsstx.dll - File not found
O24 - Desktop WallPaper: C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Desktop Background.bmp
O24 - Desktop BackupWallPaper: C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Desktop Background.bmp
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2005/04/13 12:20:25 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = ComFile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

========== Files/Folders - Created Within 30 Days ==========

[2009/12/02 15:30:44 | 000,047,360 | ---- | C] (VSO Software) -- C:\Documents and Settings\Owner\Application Data\pcouffin.sys
[2008/02/24 20:21:55 | 000,774,144 | ---- | C] (RealNetworks, Inc.) -- C:\Program Files\RngInterstitial.dll
[14 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2010/12/15 02:06:00 | 000,000,472 | ---- | M] () -- C:\WINDOWS\tasks\Ad-Aware Update (Weekly).job
[2010/12/14 12:45:38 | 000,001,170 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2010/12/14 12:25:14 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2010/12/14 12:25:05 | 938,004,480 | -HS- | M] () -- C:\hiberfil.sys
[2010/12/07 15:21:26 | 000,007,291 | ---- | M] () -- C:\Documents and Settings\Owner\Desktop\Audio1.nra
[2010/11/29 19:37:05 | 000,000,664 | ---- | M] () -- C:\WINDOWS\System32\d3d9caps.dat
[2010/11/25 19:12:52 | 000,102,912 | ---- | M] () -- C:\Documents and Settings\Owner\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[14 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]

========== Files Created - No Company Name ==========

[2010/12/07 15:21:26 | 000,007,291 | ---- | C] () -- C:\Documents and Settings\Owner\Desktop\Audio1.nra
[2010/08/18 20:28:40 | 000,172,696 | ---- | C] () -- C:\Documents and Settings\LocalService\Local Settings\Application Data\FontCache3.0.0.0.dat
[2010/07/24 03:11:17 | 000,000,600 | ---- | C] () -- C:\Documents and Settings\Owner\Local Settings\Application Data\PUTTY.RND
[2009/12/02 15:31:13 | 000,001,041 | ---- | C] () -- C:\Documents and Settings\Owner\Application Data\vso_ts_preview.xml
[2009/12/02 15:30:56 | 000,000,034 | ---- | C] () -- C:\Documents and Settings\Owner\Application Data\pcouffin.log
[2009/12/02 15:30:44 | 000,087,608 | ---- | C] () -- C:\Documents and Settings\Owner\Application Data\inst.exe
[2009/12/02 15:30:44 | 000,007,887 | ---- | C] () -- C:\Documents and Settings\Owner\Application Data\pcouffin.cat
[2009/12/02 15:30:44 | 000,001,144 | ---- | C] () -- C:\Documents and Settings\Owner\Application Data\pcouffin.inf
[2009/06/28 21:40:46 | 000,168,448 | ---- | C] () -- C:\WINDOWS\System32\unrar.dll
[2009/06/28 21:40:43 | 000,000,038 | ---- | C] () -- C:\WINDOWS\avisplitter.ini
[2009/06/28 21:40:21 | 000,881,664 | ---- | C] () -- C:\WINDOWS\System32\xvidcore.dll
[2009/06/28 21:40:21 | 000,205,824 | ---- | C] () -- C:\WINDOWS\System32\xvidvfw.dll
[2009/06/28 21:40:18 | 000,085,504 | ---- | C] () -- C:\WINDOWS\System32\ff_vfw.dll
[2009/06/22 23:21:26 | 000,000,431 | ---- | C] () -- C:\WINDOWS\wininit.ini
[2009/06/17 00:58:17 | 000,000,036 | ---- | C] () -- C:\Documents and Settings\Owner\Local Settings\Application Data\housecall.guid.cache
[2009/06/17 00:45:30 | 000,002,769 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\LUUnInstall.LiveUpdate
[2009/06/12 15:34:24 | 000,717,296 | ---- | C] () -- C:\WINDOWS\System32\drivers\sptd.sys
[2008/03/20 21:27:40 | 000,000,000 | ---- | C] () -- C:\Documents and Settings\Owner\Local Settings\Application Data\rx_image.Cache
[2008/01/15 19:03:22 | 000,000,025 | ---- | C] () -- C:\WINDOWS\cdplayer.ini
[2007/01/28 11:30:00 | 000,000,097 | ---- | C] () -- C:\WINDOWS\System32\PICSDK.ini
[2006/12/01 10:09:43 | 000,000,029 | ---- | C] () -- C:\WINDOWS\atid.ini
[2006/09/14 10:02:46 | 000,000,092 | ---- | C] () -- C:\WINDOWS\iPlayer.INI
[2006/08/10 16:24:18 | 000,094,208 | ---- | C] () -- C:\WINDOWS\System32\GTW32N50.dll
[2005/10/21 14:58:25 | 000,001,632 | ---- | C] () -- C:\Documents and Settings\Owner\Application Data\wklnhst.dat
[2005/10/02 22:03:55 | 000,000,128 | ---- | C] () -- C:\Documents and Settings\Owner\Local Settings\Application Data\fusioncache.dat
[2005/09/28 22:03:15 | 000,000,002 | ---- | C] () -- C:\WINDOWS\msoffice.ini
[2005/09/19 14:37:29 | 000,000,116 | ---- | C] () -- C:\WINDOWS\NeroDigital.ini
[2005/09/13 16:45:29 | 000,000,310 | ---- | C] () -- C:\WINDOWS\lexstat.ini
[2005/09/12 19:22:10 | 000,102,912 | ---- | C] () -- C:\Documents and Settings\Owner\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2005/08/05 22:10:41 | 000,156,672 | ---- | C] () -- C:\WINDOWS\System32\RTLCPAPI.dll
[2005/08/05 22:06:34 | 000,000,376 | ---- | C] () -- C:\WINDOWS\ODBC.INI
[2005/08/05 21:48:19 | 000,532,544 | ---- | C] () -- C:\WINDOWS\PIC.dll
[2005/08/05 21:48:19 | 000,024,576 | ---- | C] () -- C:\WINDOWS\HKNTDLL.dll
[2005/04/13 14:02:03 | 000,000,061 | ---- | C] () -- C:\WINDOWS\smscfg.ini
[2005/04/13 11:57:05 | 000,001,436 | ---- | C] () -- C:\WINDOWS\System32\oeminfo.ini
[2005/04/13 11:57:05 | 000,000,493 | ---- | C] () -- C:\WINDOWS\System32\emver.ini
[2005/04/13 05:08:04 | 000,004,161 | ---- | C] () -- C:\WINDOWS\ODBCINST.INI
[2004/06/24 00:20:02 | 000,000,058 | ---- | C] () -- C:\WINDOWS\System32\EAL32.INI
[2003/03/26 09:19:44 | 000,077,824 | ---- | C] () -- C:\WINDOWS\System32\LXBLLCNP.DLL
[2003/01/07 17:05:08 | 000,002,695 | ---- | C] () -- C:\WINDOWS\System32\OUTLPERF.INI
[2002/11/13 10:40:22 | 000,040,960 | ---- | C] () -- C:\WINDOWS\System32\lxblvs.dll

========== Files - Unicode (All) ==========
[2008/04/16 16:55:14 | 000,000,000 | ---D | M](C:\Program Files\Common Files\??crosoft) -- C:\Program Files\Common Files\Міcrosoft
[2008/04/16 16:55:14 | 000,000,000 | ---D | M](C:\Program Files\Common Files\??crosoft) -- C:\Program Files\Common Files\Міcrosoft
[2008/03/26 18:34:52 | 000,000,000 | ---D | M](C:\Documents and Settings\Owner\Application Data\s?stem32) -- C:\Documents and Settings\Owner\Application Data\sуstem32
[2008/03/26 18:34:52 | 000,000,000 | ---D | M](C:\Documents and Settings\Owner\Application Data\s?stem32) -- C:\Documents and Settings\Owner\Application Data\sуstem32
[2008/02/06 18:49:09 | 000,000,000 | ---D | M](C:\Documents and Settings\Owner\Application Data\?ppPatch) -- C:\Documents and Settings\Owner\Application Data\ΑppPatch
[2008/02/06 18:49:09 | 000,000,000 | ---D | M](C:\Documents and Settings\Owner\Application Data\?ppPatch) -- C:\Documents and Settings\Owner\Application Data\ΑppPatch
[2007/11/25 10:38:44 | 000,000,000 | ---D | M](C:\Documents and Settings\Owner\Application Data\?racle) -- C:\Documents and Settings\Owner\Application Data\Οracle
[2007/11/25 10:38:44 | 000,000,000 | ---D | M](C:\Documents and Settings\Owner\Application Data\?racle) -- C:\Documents and Settings\Owner\Application Data\Οracle
[2007/11/16 18:08:46 | 000,000,000 | ---D | M](C:\Documents and Settings\Owner\Application Data\M?crosoft.NET) -- C:\Documents and Settings\Owner\Application Data\Mіcrosoft.NET
[2007/11/16 18:08:46 | 000,000,000 | ---D | M](C:\Documents and Settings\Owner\Application Data\M?crosoft.NET) -- C:\Documents and Settings\Owner\Application Data\Mіcrosoft.NET
(C:\Program Files\Common Files\??crosoft) -- C:\Program Files\Common Files\Міcrosoft
(C:\Documents and Settings\Owner\Application Data\s?stem32) -- C:\Documents and Settings\Owner\Application Data\sуstem32
(C:\Documents and Settings\Owner\Application Data\M?crosoft.NET) -- C:\Documents and Settings\Owner\Application Data\Mіcrosoft.NET
(C:\Documents and Settings\Owner\Application Data\?racle) -- C:\Documents and Settings\Owner\Application Data\Οracle
(C:\Documents and Settings\Owner\Application Data\?ppPatch) -- C:\Documents and Settings\Owner\Application Data\ΑppPatch

========== Alternate Data Streams ==========

@Alternate Data Stream - 130 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:D0851FBD

< End of report >










Extra.txt:

OTL Extras logfile created on: 12/16/2010 10:46:40 PM - Run 1
OTL by OldTimer - Version 3.2.17.3 Folder = C:\Documents and Settings\Owner\My Documents\Downloads
Windows XP Media Center Edition Service Pack 2 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 7.0.5730.11)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

894.00 Mb Total Physical Memory | 456.00 Mb Available Physical Memory | 51.00% Memory free
2.00 Gb Paging File | 2.00 Gb Available in Paging File | 84.00% Paging File free
Paging file location(s): C:\pagefile.sys 1344 2688 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 182.10 Gb Total Space | 10.35 Gb Free Space | 5.68% Space Free | Partition Type: NTFS
Drive D: | 4.20 Gb Total Space | 0.99 Gb Free Space | 23.67% Space Free | Partition Type: FAT32
Drive G: | 37.26 Gb Total Space | 14.16 Gb Free Space | 37.99% Space Free | Partition Type: FAT32

Computer Name: KAT | User Name: Owner | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Extra Registry (SafeList) ==========


========== File Associations ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]

[HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation)

========== Shell Spawning ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
exefile [open] -- "%1" %*
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l (Microsoft Corporation)
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [AddToPlaylistVLC] -- "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" ()
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [PlayWithVLC] -- "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" ()
Folder [open] -- %SystemRoot%\Explorer.exe /idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

========== Security Center Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"FirstRunDisabled" = 1
"AntiVirusDisableNotify" = 0
"FirewallDisableNotify" = 0
"UpdatesDisableNotify" = 0
"AntiVirusOverride" = 0
"FirewallOverride" = 0

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
"DisableMonitoring" = 1

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]
"DisableMonitoring" = 1

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]
"DisableMonitoring" = 1

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall]

========== System Restore Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]
"DisableSR" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Sr]
"Start" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SrService]
"Start" = 2

========== Firewall Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile]

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\StandardProfile]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\GloballyOpenPorts\List]
"139:TCP" = 139:TCP:*:Enabled:@xpsp2res.dll,-22004
"445:TCP" = 445:TCP:*:Enabled:@xpsp2res.dll,-22005
"137:UDP" = 137:UDP:*:Enabled:@xpsp2res.dll,-22001
"138:UDP" = 138:UDP:*:Enabled:@xpsp2res.dll,-22002

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 1
"DoNotAllowExceptions" = 0
"DisableNotifications" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]
"1900:UDP" = 1900:UDP:LocalSubNet:Disabled:@xpsp2res.dll,-22007
"2869:TCP" = 2869:TCP:LocalSubNet:Disabled:@xpsp2res.dll,-22008
"139:TCP" = 139:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22004
"445:TCP" = 445:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22005
"137:UDP" = 137:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22001
"138:UDP" = 138:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22002
"14004:TCP" = 14004:TCP:*:Enabled:PORT_14004
"29816:TCP" = 29816:TCP:*:Enabled:PORT_29816
"60070:TCP" = 60070:TCP:*:Enabled:PORT_60070
"44684:TCP" = 44684:TCP:*:Enabled:PORT_44684
"24731:TCP" = 24731:TCP:*:Enabled:PORT_24731
"20103:TCP" = 20103:TCP:*:Enabled:PORT_20103
"62692:TCP" = 62692:TCP:*:Enabled:PORT_62692
"57044:TCP" = 57044:TCP:*:Enabled:PORT_57044
"24310:TCP" = 24310:TCP:*:Enabled:PORT_24310
"41906:TCP" = 41906:TCP:*:Enabled:PORT_41906
"36447:TCP" = 36447:TCP:*:Enabled:PORT_36447
"37628:TCP" = 37628:TCP:*:Enabled:PORT_37628
"36302:TCP" = 36302:TCP:*:Enabled:PORT_36302
"11168:TCP" = 11168:TCP:*:Enabled:PORT_11168
"64043:TCP" = 64043:TCP:*:Enabled:PORT_64043
"53229:TCP" = 53229:TCP:*:Enabled:PORT_53229
"5336:TCP" = 5336:TCP:*:Enabled:PORT_5336
"62058:TCP" = 62058:TCP:*:Enabled:PORT_62058
"17173:TCP" = 17173:TCP:*:Enabled:PORT_17173
"15606:TCP" = 15606:TCP:*:Enabled:PORT_15606
"15011:TCP" = 15011:TCP:*:Enabled:PORT_15011
"60449:TCP" = 60449:TCP:*:Enabled:PORT_60449
"27230:TCP" = 27230:TCP:*:Enabled:PORT_27230
"46330:TCP" = 46330:TCP:*:Enabled:PORT_46330
"62238:TCP" = 62238:TCP:*:Enabled:PORT_62238
"17417:TCP" = 17417:TCP:*:Enabled:PORT_17417
"43591:TCP" = 43591:TCP:*:Enabled:PORT_43591
"25900:TCP" = 25900:TCP:*:Enabled:PORT_25900
"37482:TCP" = 37482:TCP:*:Enabled:PORT_37482
"58184:TCP" = 58184:TCP:*:Enabled:PORT_58184
"50557:TCP" = 50557:TCP:*:Enabled:PORT_50557
"30120:TCP" = 30120:TCP:*:Enabled:PORT_30120
"52228:TCP" = 52228:TCP:*:Enabled:PORT_52228
"55558:TCP" = 55558:TCP:*:Enabled:PORT_55558
"31048:TCP" = 31048:TCP:*:Enabled:PORT_31048
"38295:TCP" = 38295:TCP:*:Enabled:PORT_38295
"38719:TCP" = 38719:TCP:*:Enabled:PORT_38719
"63504:TCP" = 63504:TCP:*:Enabled:PORT_63504
"37957:TCP" = 37957:TCP:*:Enabled:PORT_37957
"16988:TCP" = 16988:TCP:*:Enabled:PORT_16988
"12119:TCP" = 12119:TCP:*:Enabled:PORT_12119
"55129:TCP" = 55129:TCP:*:Enabled:PORT_55129
"51465:TCP" = 51465:TCP:*:Enabled:PORT_51465
"60066:TCP" = 60066:TCP:*:Enabled:PORT_60066
"7176:TCP" = 7176:TCP:*:Enabled:PORT_7176
"28925:TCP" = 28925:TCP:*:Enabled:PORT_28925
"58034:TCP" = 58034:TCP:*:Enabled:PORT_58034
"40129:TCP" = 40129:TCP:*:Enabled:PORT_40129
"15018:TCP" = 15018:TCP:*:Enabled:PORT_15018
"6887:TCP" = 6887:TCP:*:Enabled:PORT_6887
"9119:TCP" = 9119:TCP:*:Enabled:PORT_9119
"54365:TCP" = 54365:TCP:*:Enabled:PORT_54365
"40895:TCP" = 40895:TCP:*:Enabled:PORT_40895
"13606:TCP" = 13606:TCP:*:Enabled:PORT_13606
"59463:TCP" = 59463:TCP:*:Enabled:PORT_59463
"21855:TCP" = 21855:TCP:*:Enabled:PORT_21855
"18194:TCP" = 18194:TCP:*:Enabled:PORT_18194
"62844:TCP" = 62844:TCP:*:Enabled:PORT_62844
"49200:TCP" = 49200:TCP:*:Enabled:PORT_49200
"7563:TCP" = 7563:TCP:*:Enabled:PORT_7563
"50926:TCP" = 50926:TCP:*:Enabled:PORT_50926
"39004:TCP" = 39004:TCP:*:Enabled:PORT_39004
"53158:TCP" = 53158:TCP:*:Enabled:PORT_53158
"49524:TCP" = 49524:TCP:*:Enabled:PORT_49524
"14815:TCP" = 14815:TCP:*:Enabled:PORT_14815
"62773:TCP" = 62773:TCP:*:Enabled:PORT_62773
"34136:TCP" = 34136:TCP:*:Enabled:PORT_34136
"28819:TCP" = 28819:TCP:*:Enabled:PORT_28819
"35000:TCP" = 35000:TCP:*:Enabled:PORT_35000
"63631:TCP" = 63631:TCP:*:Enabled:PORT_63631
"63328:TCP" = 63328:TCP:*:Enabled:PORT_63328
"13948:TCP" = 13948:TCP:*:Enabled:PORT_13948
"29661:TCP" = 29661:TCP:*:Enabled:PORT_29661
"22660:TCP" = 22660:TCP:*:Enabled:PORT_22660
"21670:TCP" = 21670:TCP:*:Enabled:PORT_21670
"22553:TCP" = 22553:TCP:*:Enabled:PORT_22553
"43055:TCP" = 43055:TCP:*:Enabled:PORT_43055
"24013:TCP" = 24013:TCP:*:Enabled:PORT_24013
"27544:TCP" = 27544:TCP:*:Enabled:PORT_27544
"34539:TCP" = 34539:TCP:*:Enabled:PORT_34539
"55926:TCP" = 55926:TCP:*:Enabled:PORT_55926
"53078:TCP" = 53078:TCP:*:Enabled:PORT_53078
"22728:TCP" = 22728:TCP:*:Enabled:PORT_22728
"31172:TCP" = 31172:TCP:*:Enabled:PORT_31172
"34083:TCP" = 34083:TCP:*:Enabled:PORT_34083
"38950:TCP" = 38950:TCP:*:Enabled:PORT_38950
"10895:TCP" = 10895:TCP:*:Enabled:PORT_10895
"35711:TCP" = 35711:TCP:*:Enabled:PORT_35711
"35717:TCP" = 35717:TCP:*:Enabled:PORT_35717
"32195:TCP" = 32195:TCP:*:Enabled:PORT_32195
"59125:TCP" = 59125:TCP:*:Enabled:PORT_59125
"60611:TCP" = 60611:TCP:*:Enabled:PORT_60611
"63820:TCP" = 63820:TCP:*:Enabled:PORT_63820
"47953:TCP" = 47953:TCP:*:Enabled:PORT_47953
"7705:TCP" = 7705:TCP:*:Enabled:PORT_7705
"21754:TCP" = 21754:TCP:*:Enabled:PORT_21754
"18563:TCP" = 18563:TCP:*:Enabled:PORT_18563
"27242:TCP" = 27242:TCP:*:Enabled:PORT_27242
"12106:TCP" = 12106:TCP:*:Enabled:PORT_12106
"12488:TCP" = 12488:TCP:*:Enabled:PORT_12488
"21898:TCP" = 21898:TCP:*:Enabled:PORT_21898
"31375:TCP" = 31375:TCP:*:Enabled:PORT_31375
"38034:TCP" = 38034:TCP:*:Enabled:PORT_38034
"6391:TCP" = 6391:TCP:*:Enabled:PORT_6391
"64689:TCP" = 64689:TCP:*:Enabled:PORT_64689
"45805:TCP" = 45805:TCP:*:Enabled:PORT_45805
"59451:TCP" = 59451:TCP:*:Enabled:PORT_59451
"49712:TCP" = 49712:TCP:*:Enabled:PORT_49712
"24763:TCP" = 24763:TCP:*:Enabled:PORT_24763
"36047:TCP" = 36047:TCP:*:Enabled:PORT_36047
"60414:TCP" = 60414:TCP:*:Enabled:PORT_60414
"50356:TCP" = 50356:TCP:*:Enabled:PORT_50356
"28477:TCP" = 28477:TCP:*:Enabled:PORT_28477
"30486:TCP" = 30486:TCP:*:Enabled:PORT_30486
"28555:TCP" = 28555:TCP:*:Enabled:PORT_28555
"30311:TCP" = 30311:TCP:*:Enabled:PORT_30311
"46348:TCP" = 46348:TCP:*:Enabled:PORT_46348
"37764:TCP" = 37764:TCP:*:Enabled:PORT_37764
"47348:TCP" = 47348:TCP:*:Enabled:PORT_47348
"18360:TCP" = 18360:TCP:*:Enabled:PORT_18360
"28754:TCP" = 28754:TCP:*:Enabled:PORT_28754
"8394:TCP" = 8394:TCP:*:Enabled:PORT_8394
"61004:TCP" = 61004:TCP:*:Enabled:PORT_61004
"29875:TCP" = 29875:TCP:*:Enabled:PORT_29875
"14980:TCP" = 14980:TCP:*:Enabled:PORT_14980
"5480:TCP" = 5480:TCP:*:Enabled:PORT_5480
"39973:TCP" = 39973:TCP:*:Enabled:PORT_39973
"21071:TCP" = 21071:TCP:*:Enabled:PORT_21071
"33165:TCP" = 33165:TCP:*:Enabled:PORT_33165
"17910:TCP" = 17910:TCP:*:Enabled:PORT_17910
"45285:TCP" = 45285:TCP:*:Enabled:PORT_45285
"65438:TCP" = 65438:TCP:*:Enabled:PORT_65438
"46063:TCP" = 46063:TCP:*:Enabled:PORT_46063
"64176:TCP" = 64176:TCP:*:Enabled:PORT_64176
"44620:TCP" = 44620:TCP:*:Enabled:PORT_44620
"42004:TCP" = 42004:TCP:*:Enabled:PORT_42004
"54226:TCP" = 54226:TCP:*:Enabled:PORT_54226
"40528:TCP" = 40528:TCP:*:Enabled:PORT_40528
"51689:TCP" = 51689:TCP:*:Enabled:PORT_51689
"5348:TCP" = 5348:TCP:*:Enabled:PORT_5348
"25344:TCP" = 25344:TCP:*:Enabled:PORT_25344
"30047:TCP" = 30047:TCP:*:Enabled:PORT_30047
"40409:TCP" = 40409:TCP:*:Enabled:PORT_40409
"40214:TCP" = 40214:TCP:*:Enabled:PORT_40214
"28488:TCP" = 28488:TCP:*:Enabled:PORT_28488
"46508:TCP" = 46508:TCP:*:Enabled:PORT_46508
"12025:TCP" = 12025:TCP:*:Enabled:PORT_12025
"13223:TCP" = 13223:TCP:*:Enabled:PORT_13223
"11926:TCP" = 11926:TCP:*:Enabled:PORT_11926
"17581:TCP" = 17581:TCP:*:Enabled:PORT_17581
"61891:TCP" = 61891:TCP:*:Enabled:PORT_61891
"39165:TCP" = 39165:TCP:*:Enabled:PORT_39165
"55301:TCP" = 55301:TCP:*:Enabled:PORT_55301
"27095:TCP" = 27095:TCP:*:Enabled:PORT_27095
"36133:TCP" = 36133:TCP:*:Enabled:PORT_36133
"47050:TCP" = 47050:TCP:*:Enabled:PORT_47050
"34638:TCP" = 34638:TCP:*:Enabled:PORT_34638
"6974:TCP" = 6974:TCP:*:Enabled:PORT_6974
"55973:TCP" = 55973:TCP:*:Enabled:PORT_55973
"58553:TCP" = 58553:TCP:*:Enabled:PORT_58553
"24278:TCP" = 24278:TCP:*:Enabled:PORT_24278
"8907:TCP" = 8907:TCP:*:Enabled:PORT_8907
"28785:TCP" = 28785:TCP:*:Enabled:PORT_28785
"14594:TCP" = 14594:TCP:*:Enabled:PORT_14594
"65117:TCP" = 65117:TCP:*:Enabled:PORT_65117
"17989:TCP" = 17989:TCP:*:Enabled:PORT_17989
"16603:TCP" = 16603:TCP:*:Enabled:PORT_16603
"34110:TCP" = 34110:TCP:*:Enabled:PORT_34110
"58943:TCP" = 58943:TCP:*:Enabled:PORT_58943
"33278:TCP" = 33278:TCP:*:Enabled:PORT_33278
"26505:TCP" = 26505:TCP:*:Enabled:PORT_26505
"9739:TCP" = 9739:TCP:*:Enabled:PORT_9739
"32649:TCP" = 32649:TCP:*:Enabled:PORT_32649
"10067:TCP" = 10067:TCP:*:Enabled:PORT_10067
"48785:TCP" = 48785:TCP:*:Enabled:PORT_48785
"16366:TCP" = 16366:TCP:*:Enabled:PORT_16366
"35988:TCP" = 35988:TCP:*:Enabled:PORT_35988
"50315:TCP" = 50315:TCP:*:Enabled:PORT_50315
"35978:TCP" = 35978:TCP:*:Enabled:PORT_35978
"47116:TCP" = 47116:TCP:*:Enabled:PORT_47116
"30598:TCP" = 30598:TCP:*:Enabled:PORT_30598
"24645:TCP" = 24645:TCP:*:Enabled:PORT_24645
"6405:TCP" = 6405:TCP:*:Enabled:PORT_6405
"33901:TCP" = 33901:TCP:*:Enabled:PORT_33901
"26845:TCP" = 26845:TCP:*:Enabled:PORT_26845
"47629:TCP" = 47629:TCP:*:Enabled:PORT_47629
"26551:TCP" = 26551:TCP:*:Enabled:PORT_26551
"18126:TCP" = 18126:TCP:*:Enabled:PORT_18126
"13969:TCP" = 13969:TCP:*:Enabled:PORT_13969
"27746:TCP" = 27746:TCP:*:Enabled:PORT_27746
"16255:TCP" = 16255:TCP:*:Enabled:PORT_16255
"59477:TCP" = 59477:TCP:*:Enabled:PORT_59477
"22691:TCP" = 22691:TCP:*:Enabled:PORT_22691
"47000:TCP" = 47000:TCP:*:Enabled:PORT_47000
"5731:TCP" = 5731:TCP:*:Enabled:PORT_5731
"17021:TCP" = 17021:TCP:*:Enabled:PORT_17021
"45438:TCP" = 45438:TCP:*:Enabled:PORT_45438
"6161:TCP" = 6161:TCP:*:Enabled:PORT_6161
"57778:TCP" = 57778:TCP:*:Enabled:PORT_57778
"60646:TCP" = 60646:TCP:*:Enabled:PORT_60646
"28504:TCP" = 28504:TCP:*:Enabled:PORT_28504
"30906:TCP" = 30906:TCP:*:Enabled:PORT_30906
"7165:TCP" = 7165:TCP:*:Enabled:PORT_7165
"41970:TCP" = 41970:TCP:*:Enabled:PORT_41970
"5078:TCP" = 5078:TCP:*:Enabled:PORT_5078
"26770:TCP" = 26770:TCP:*:Enabled:PORT_26770
"22957:TCP" = 22957:TCP:*:Enabled:PORT_22957
"55938:TCP" = 55938:TCP:*:Enabled:PORT_55938
"22565:TCP" = 22565:TCP:*:Enabled:PORT_22565
"24684:TCP" = 24684:TCP:*:Enabled:PORT_24684
"56116:TCP" = 56116:TCP:*:Enabled:PORT_56116
"23516:TCP" = 23516:TCP:*:Enabled:PORT_23516
"8301:TCP" = 8301:TCP:*:Enabled:PORT_8301
"45680:TCP" = 45680:TCP:*:Enabled:PORT_45680
"26637:TCP" = 26637:TCP:*:Enabled:PORT_26637
"42243:TCP" = 42243:TCP:*:Enabled:PORT_42243
"56010:TCP" = 56010:TCP:*:Enabled:PORT_56010
"38325:TCP" = 38325:TCP:*:Enabled:PORT_38325
"9496:TCP" = 9496:TCP:*:Enabled:PORT_9496
"24075:TCP" = 24075:TCP:*:Enabled:PORT_24075
"20817:TCP" = 20817:TCP:*:Enabled:PORT_20817
"53406:TCP" = 53406:TCP:*:Enabled:PORT_53406
"48208:TCP" = 48208:TCP:*:Enabled:PORT_48208
"51529:TCP" = 51529:TCP:*:Enabled:PORT_51529
"30270:TCP" = 30270:TCP:*:Enabled:PORT_30270
"10301:TCP" = 10301:TCP:*:Enabled:PORT_10301
"27750:TCP" = 27750:TCP:*:Enabled:PORT_27750
"39250:TCP" = 39250:TCP:*:Enabled:PORT_39250
"43624:TCP" = 43624:TCP:*:Enabled:PORT_43624
"30806:TCP" = 30806:TCP:*:Enabled:PORT_30806
"16165:TCP" = 16165:TCP:*:Enabled:PORT_16165
"23825:TCP" = 23825:TCP:*:Enabled:PORT_23825
"65098:TCP" = 65098:TCP:*:Enabled:PORT_65098
"18125:TCP" = 18125:TCP:*:Enabled:PORT_18125
"57943:TCP" = 57943:TCP:*:Enabled:PORT_57943
"57258:TCP" = 57258:TCP:*:Enabled:PORT_57258
"60541:TCP" = 60541:TCP:*:Enabled:PORT_60541
"57988:TCP" = 57988:TCP:*:Enabled:PORT_57988
"5128:TCP" = 5128:TCP:*:Enabled:PORT_5128
"46822:TCP" = 46822:TCP:*:Enabled:PORT_46822
"11521:TCP" = 11521:TCP:*:Enabled:PORT_11521
"8381:TCP" = 8381:TCP:*:Enabled:PORT_8381
"43289:TCP" = 43289:TCP:*:Enabled:PORT_43289
"61098:TCP" = 61098:TCP:*:Enabled:PORT_61098
"48953:TCP" = 48953:TCP:*:Enabled:PORT_48953
"10200:TCP" = 10200:TCP:*:Enabled:PORT_10200
"29348:TCP" = 29348:TCP:*:Enabled:PORT_29348
"26728:TCP" = 26728:TCP:*:Enabled:PORT_26728
"28320:TCP" = 28320:TCP:*:Enabled:PORT_28320
"44973:TCP" = 44973:TCP:*:Enabled:PORT_44973
"16317:TCP" = 16317:TCP:*:Enabled:PORT_16317
"57238:TCP" = 57238:TCP:*:Enabled:PORT_57238
"17540:TCP" = 17540:TCP:*:Enabled:PORT_17540
"6881:TCP" = 6881:TCP:*:Enabled:PORT_6881
"28807:TCP" = 28807:TCP:*:Enabled:PORT_28807
"46341:TCP" = 46341:TCP:*:Enabled:PORT_46341
"64988:TCP" = 64988:TCP:*:Enabled:PORT_64988
"42368:TCP" = 42368:TCP:*:Enabled:PORT_42368
"64649:TCP" = 64649:TCP:*:Enabled:PORT_64649
"37243:TCP" = 37243:TCP:*:Enabled:PORT_37243
"33497:TCP" = 33497:TCP:*:Enabled:PORT_33497
"60141:TCP" = 60141:TCP:*:Enabled:PORT_60141
"5262:TCP" = 5262:TCP:*:Enabled:PORT_5262
"61867:TCP" = 61867:TCP:*:Enabled:PORT_61867
"50238:TCP" = 50238:TCP:*:Enabled:PORT_50238
"57090:TCP" = 57090:TCP:*:Enabled:PORT_57090
"28582:TCP" = 28582:TCP:*:Enabled:PORT_28582
"40515:TCP" = 40515:TCP:*:Enabled:PORT_40515
"36661:TCP" = 36661:TCP:*:Enabled:PORT_36661
"26765:TCP" = 26765:TCP:*:Enabled:PORT_26765
"16802:TCP" = 16802:TCP:*:Enabled:PORT_16802
"33973:TCP" = 33973:TCP:*:Enabled:PORT_33973
"14700:TCP" = 14700:TCP:*:Enabled:PORT_14700
"43406:TCP" = 43406:TCP:*:Enabled:PORT_43406
"20363:TCP" = 20363:TCP:*:Enabled:PORT_20363
"59368:TCP" = 59368:TCP:*:Enabled:PORT_59368
"54799:TCP" = 54799:TCP:*:Enabled:PORT_54799
"38536:TCP" = 38536:TCP:*:Enabled:PORT_38536
"31020:TCP" = 31020:TCP:*:Enabled:PORT_31020
"17207:TCP" = 17207:TCP:*:Enabled:PORT_17207
"49797:TCP" = 49797:TCP:*:Enabled:PORT_49797
"41445:TCP" = 41445:TCP:*:Enabled:PORT_41445
"9004:TCP" = 9004:TCP:*:Enabled:PORT_9004
"45426:TCP" = 45426:TCP:*:Enabled:PORT_45426
"22541:TCP" = 22541:TCP:*:Enabled:PORT_22541
"28254:TCP" = 28254:TCP:*:Enabled:PORT_28254
"58914:TCP" = 58914:TCP:*:Enabled:PORT_58914
"56664:TCP" = 56664:TCP:*:Enabled:PORT_56664
"39826:TCP" = 39826:TCP:*:Enabled:PORT_39826
"23665:TCP" = 23665:TCP:*:Enabled:PORT_23665
"27051:TCP" = 27051:TCP:*:Enabled:PORT_27051
"26820:TCP" = 26820:TCP:*:Enabled:PORT_26820
"27008:TCP" = 27008:TCP:*:Enabled:PORT_27008
"36081:TCP" = 36081:TCP:*:Enabled:PORT_36081
"47868:TCP" = 47868:TCP:*:Enabled:PORT_47868
"31926:TCP" = 31926:TCP:*:Enabled:PORT_31926
"20862:TCP" = 20862:TCP:*:Enabled:PORT_20862
"9475:TCP" = 9475:TCP:*:Enabled:PORT_9475
"19934:TCP" = 19934:TCP:*:Enabled:PORT_19934
"34531:TCP" = 34531:TCP:*:Enabled:PORT_34531

========== Authorized Applications List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]
"C:\Program Files\Common Files\AOL\ACS\AOLacsd.exe" = C:\Program Files\Common Files\AOL\ACS\AOLacsd.exe:*:Enabled:AOL -- File not found
"C:\Program Files\Common Files\AOL\ACS\AOLDial.exe" = C:\Program Files\Common Files\AOL\ACS\AOLDial.exe:*:Enabled:AOL -- File not found
"C:\Program Files\America Online 9.0\waol.exe" = C:\Program Files\America Online 9.0\waol.exe:*:Enabled:AOL -- File not found
"C:\Program Files\AIM\aim.exe" = C:\Program Files\AIM\aim.exe:*:Enabled:AOL Instant Messenger -- (America Online, Inc.)

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"C:\Program Files\Common Files\AOL\ACS\AOLacsd.exe" = C:\Program Files\Common Files\AOL\ACS\AOLacsd.exe:*:Enabled:AOL -- File not found
"C:\Program Files\Common Files\AOL\ACS\AOLDial.exe" = C:\Program Files\Common Files\AOL\ACS\AOLDial.exe:*:Enabled:AOL -- File not found
"C:\Program Files\America Online 9.0\waol.exe" = C:\Program Files\America Online 9.0\waol.exe:*:Enabled:AOL -- File not found
"C:\Program Files\AIM\aim.exe" = C:\Program Files\AIM\aim.exe:*:Enabled:AOL Instant Messenger -- (America Online, Inc.)
"C:\Program Files\Common Files\AOL\Loader\aolload.exe" = C:\Program Files\Common Files\AOL\Loader\aolload.exe:*:Enabled:AOL Loader -- (AOL LLC)
"C:\Program Files\LimeWire\LimeWire.exe" = C:\Program Files\LimeWire\LimeWire.exe:*:Enabled:LimeWire -- File not found
"C:\Program Files\AIM6\aim6.exe" = C:\Program Files\AIM6\aim6.exe:*:Enabled:AIM -- (AOL LLC)
"C:\Program Files\DNA\btdna.exe" = C:\Program Files\DNA\btdna.exe:*:Enabled:DNA -- (BitTorrent, Inc.)
"C:\Program Files\BitTorrent\bittorrent.exe" = C:\Program Files\BitTorrent\bittorrent.exe:*:Enabled:BitTorrent -- (BitTorrent, Inc.)
"C:\Program Files\Spybot - Search & Destroy\SDUpdate.exe" = C:\Program Files\Spybot - Search & Destroy\SDUpdate.exe:*:Enabled:Update Spybot-S&D -- (Safer Networking Limited)
"C:\Program Files\CCleaner\CCleaner.exe" = C:\Program Files\CCleaner\CCleaner.exe:*:Enabled:CCleaner -- (Piriform Ltd)
"C:\Program Files\Lavasoft\Ad-Aware\Ad-Aware.exe" = C:\Program Files\Lavasoft\Ad-Aware\Ad-Aware.exe:*:Enabled:Ad-Aware -- File not found
"C:\Program Files\AVG\AVG8\avgupd.exe" = C:\Program Files\AVG\AVG8\avgupd.exe:*:Enabled:avgupd.exe -- File not found
"C:\Program Files\AVG\AVG8\avgnsx.exe" = C:\Program Files\AVG\AVG8\avgnsx.exe:*:Enabled:avgnsx.exe -- File not found
"C:\Program Files\Mozilla Firefox\firefox.exe" = C:\Program Files\Mozilla Firefox\firefox.exe:*:Enabled:Firefox -- (Mozilla Corporation)
"C:\Program Files\VideoLAN\VLC\vlc.exe" = C:\Program Files\VideoLAN\VLC\vlc.exe:*:Enabled:VLC media player -- ()
"C:\Program Files\FrostWire\FrostWire.exe" = C:\Program Files\FrostWire\FrostWire.exe:*:Enabled:FrostWire -- (FrostWire Group)
"C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe" = C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe:*:Enabled:Yahoo! Messenger -- (Yahoo! Inc.)
"C:\BTGUARD\uTorrent.exe" = C:\BTGUARD\uTorrent.exe:*:Enabled:µTorrent -- (BitTorrent, Inc.)
"C:\Program Files\iTunes\iTunes.exe" = C:\Program Files\iTunes\iTunes.exe:*:Enabled:iTunes -- (Apple Inc.)
"C:\Program Files\uTorrent\uTorrent.exe" = C:\Program Files\uTorrent\uTorrent.exe:*:Enabled:µTorrent -- (BitTorrent, Inc.)


========== HKEY_LOCAL_MACHINE Uninstall List ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{0BEDBD4E-2D34-47B5-9973-57E62B29307C}" = ATI Control Panel
"{0CB9668D-F979-4F31-B8B8-67FE90F929F8}" = Bonjour
"{13F3917B56CD4C25848BDC69916971BB}" = DivX Converter
"{15377C3E-9655-400F-B441-E69F0A6BEAFE}" = Recovery Software Suite eMachines
"{18D10072035C4515918F7E37EAFAACFC}" = AutoUpdate
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{206FD69B-F9FE-4164-81BD-D52552BC9C23}" = GearDrvs
"{26A24AE4-039D-4CA4-87B4-2F83216020FF}" = Java™ 6 Update 22
"{2BA00471-0328-3743-93BD-FA813353A783}" = Microsoft .NET Framework 3.0 Service Pack 1
"{2CDCCE7E-55D5-40CC-AEA0-ABA54713501F}" = LUMIX Simple Viewer
"{2FC099BD-AC9B-33EB-809C-D332E1B27C40}" = Microsoft .NET Framework 3.5
"{3248F0A8-6813-11D6-A77B-00B0D0150020}" = J2SE Runtime Environment 5.0 Update 2
"{3248F0A8-6813-11D6-A77B-00B0D0150040}" = J2SE Runtime Environment 5.0 Update 4
"{3248F0A8-6813-11D6-A77B-00B0D0150060}" = J2SE Runtime Environment 5.0 Update 6
"{3248F0A8-6813-11D6-A77B-00B0D0150090}" = J2SE Runtime Environment 5.0 Update 9
"{3248F0A8-6813-11D6-A77B-00B0D0150100}" = J2SE Runtime Environment 5.0 Update 10
"{3248F0A8-6813-11D6-A77B-00B0D0150110}" = J2SE Runtime Environment 5.0 Update 11
"{3248F0A8-6813-11D6-A77B-00B0D0160010}" = Java™ SE Runtime Environment 6 Update 1
"{3248F0A8-6813-11D6-A77B-00B0D0160020}" = Java™ 6 Update 2
"{3248F0A8-6813-11D6-A77B-00B0D0160030}" = Java™ 6 Update 3
"{3248F0A8-6813-11D6-A77B-00B0D0160050}" = Java™ 6 Update 5
"{350C97B0-3D7C-4EE8-BAA9-00BCB3D54227}" = WebFldrs XP
"{3D9892BB-A751-4E48-ADC8-E4289956CE1D}" = QuickTime
"{3F262ADC-5AD2-48E5-A586-44315E04A9E2}" = Microsoft Picture It! Library 10
"{3FC7CBBC4C1E11DCA1A752EA55D89593}" = DivX Version Checker
"{416D80BA-6F6D-4672-B7CF-F54DA2F80B44}" = Microsoft Works
"{42756145-9997-4D28-809B-8756BFD00106}" = Microsoft Picture It! Premium 10
"{46C045BF-2B3F-4BC4-8E4C-00E0CF8BD9DB}" = Adobe AIR
"{523BD5B6-E904-493C-B902-1BC9B7D44DF4}" = Lexmark Photo Center
"{63569CE9-FA00-469C-AF5C-E5D4D93ACF91}" = Windows Genuine Advantage v1.3.0254.0
"{66D171AA-670F-4309-9C74-5BA7F7DBA0B3}" = Roxio Media Manager
"{6811CAA0-BF12-11D4-9EA1-0050BAE317E1}" = PowerDVD
"{6D316D67-DA52-4659-9C98-F479963534D6}" = Audiosurf
"{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable
"{767CC44C-9BBC-438D-BAD3-FD4595DD148B}" = VC80CRTRedist - 8.0.50727.762
"{7B63B2922B174135AFC0E1377DD81EC2}" = DivX Codec
"{81EED1A1-AE78-4B11-BE47-C6AE9F5E87F1}" = Digital Media Reader
"{85991ED2-010C-4930-96FA-52F43C2CE98A}" = Apple Mobile Device Support
"{8ADFC4160D694100B5B8A22DE9DCABD9}" = DivX Player
"{8DCE550C-CA43-4E82-92DF-FFC4A48F5BE1}" = Napster Burn Engine
"{91120409-6000-11D3-8CFE-0150048383C9}" = Microsoft Office Standard Edition 2003
"{91F7F3F3-CE80-48C3-8327-7D24A0A5716A}" = iTunes
"{98605CAA-5F52-44EC-8AF7-2EC1A4C35F2D}" = BlackBerry Desktop Software 4.2.2
"{9941F0AA-B903-4AF4-A055-83A9815CC011}" = Sonic Encoders
"{9F7FC79B-3059-4264-9450-39EB368E3225}" = Microsoft Digital Image Library 9 - Blocker
"{A96E97134CA649888820BCDE5E300BBD}" = H.264 Decoder
"{AAC389499AEF40428987B3D30CFC76C9}" = MKV Splitter
"{AC76BA86-7AD7-1033-7B44-A70900000002}" = Adobe Reader 7.0.9
"{AEF9DC35ADDF4825B049ACBFD1C6EB37}" = AAC Decoder
"{B13A7C41581B411290FBC0395694E2A9}" = DivX Converter
"{B2D328BE-45AD-4D92-96F9-2151490A203E}" = Apple Application Support
"{B4092C6D-E886-4CB2-BA68-FE5A88D31DE6}_is1" = Spybot - Search & Destroy
"{B508B3F1-A24A-32C0-B310-85786919EF28}" = Microsoft .NET Framework 2.0 Service Pack 1
"{B7050CBDB2504B34BC2A9CA0A692CC29}" = DivX Web Player
"{C4124E95-5061-4776-8D5D-E3D931C778E1}" = Microsoft VC9 runtime libraries
"{C41300B9-185D-475E-BFEC-39EF732F19B1}" = Apple Software Update
"{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}" = Microsoft .NET Framework 1.1
"{DB6AB705-C9BD-40E3-8929-2EA57F36A4FF}_is1" = ConvertXtoDVD 4.0.6.316
"{DC67641A-05C4-4FED-A462-1EB1DC6CF2F5}" = ArcSoft Software Suite
"{F333A33D-125C-32A2-8DCE-5C5D14231E27}" = Visual C++ 2008 x86 Runtime - (v9.0.30729)
"{F333A33D-125C-32A2-8DCE-5C5D14231E27}.vc_x86runtime_30729_01" = Visual C++ 2008 x86 Runtime - v9.0.30729.01
"{F413B69D-4AD6-42AB-AEA5-0548989FAD50}" = Norton 360
"{FB08F381-6533-4108-B7DD-039E11FBC27E}" = Realtek AC'97 Audio
"{FF262740-C85A-11D5-BBEC-00D0B740900A}" = Multimedia Keyboard Driver
"Adobe AIR" = Adobe AIR
"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin
"AIM_6" = AIM 6
"All ATI Software" = ATI - Software Uninstall Utility
"AOL Instant Messenger" = AOL Instant Messenger
"ASIO4ALL" = ASIO4ALL
"a-squared Free_is1" = a-squared Free 4.5
"ATI Display Driver" = ATI Display Driver
"avast5" = avast! Internet Security
"BlackBerry_{98605CAA-5F52-44EC-8AF7-2EC1A4C35F2D}" = BlackBerry Desktop Software 4.2.2
"CCleaner" = CCleaner (remove only)
"CNXT_MODEM_PCI_VEN_14F1&DEV_2F20&SUBSYS_200014F1" = SoftV92 Data Fax Modem with SmartCP
"Collab" = Collab
"Deckadance" = Deckadance
"DivX Plus DirectShow Filters" = DivX Plus DirectShow Filters
"FL Studio 8" = FL Studio 8
"FrostWire" = FrostWire 4.20.6
"HijackThis" = HijackThis 2.0.2
"IDNMitigationAPIs" = Microsoft Internationalized Domain Names Mitigation APIs
"ie7" = Windows Internet Explorer 7
"IL Download Manager" = IL Download Manager
"InstallShield_{523BD5B6-E904-493C-B902-1BC9B7D44DF4}" = Lexmark Photo Center
"InstallShield_{81EED1A1-AE78-4B11-BE47-C6AE9F5E87F1}" = Digital Media Reader
"InterActual Player" = InterActual Player
"KLiteCodecPack_is1" = K-Lite Codec Pack 4.9.5 (Full)
"Lexmark Z700-P700 Series" = Lexmark Z700-P700 Series
"Macromedia Shockwave Player" = Macromedia Shockwave Player
"Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware
"Messenger:Mate (AIM)" = Messenger:Mate for AIM (remove only)
"Microsoft .NET Framework 1.1 (1033)" = Microsoft .NET Framework 1.1
"Microsoft .NET Framework 3.5" = Microsoft .NET Framework 3.5
"Mozilla Firefox (3.6.13)" = Mozilla Firefox (3.6.13)
"Nero - Burning Rom!UninstallKey" = Nero OEM
"Nero BurnRights!UninstallKey" = Nero BurnRights
"Network Play System (Patching)" = Network Play System (Patching)
"NLSDownlevelMapping" = Microsoft National Language Support Downlevel APIs
"PictureItPrem_v10" = Microsoft Picture It! Premium 10
"PoiZone" = PoiZone
"RealArcade 1.2" = RealArcade
"RealPlayer 6.0" = RealPlayer
"Toxic Biohazard" = Toxic Biohazard
"uTorrent" = µTorrent
"Viewpoint Manager" = Viewpoint Manager (Remove Only)
"ViewpointMediaPlayer" = Viewpoint Media Player
"VLC media player" = VLC media player 0.9.9
"WIC" = Windows Imaging Component
"WinAce Archiver" = WinAce Archiver
"Windows Media Format Runtime" = Windows Media Format Runtime
"WinRAR archiver" = WinRAR archiver
"XpsEPSC" = XML Paper Specification Shared Components Pack 1.0
"Yahoo! Messenger" = Yahoo! Messenger

========== HKEY_CURRENT_USER Uninstall List ==========

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"BitTorrent" = BitTorrent
"BitTorrent DNA" = DNA
"BTGuard 2.1" = BTGuard 2.1

========== Last 10 Event Log Errors ==========

[ Antivirus Events ]
Error - 10/20/2010 1:34:41 AM | Computer Name = KAT | Source = avast! | ID = 33554522
Description =

[ Application Events ]
Error - 9/29/2010 9:04:56 PM | Computer Name = KAT | Source = Application Error | ID = 1000
Description = Faulting application zsnesw.exe, version 0.0.0.0, faulting module
zsnesw.exe, version 0.0.0.0, fault address 0x001eb62e.

Error - 10/20/2010 3:36:35 AM | Computer Name = KAT | Source = Application Hang | ID = 1002
Description = Hanging application firefox.exe, version 1.9.2.3888, hang module hungapp,
version 0.0.0.0, hang address 0x00000000.

Error - 10/20/2010 3:36:35 AM | Computer Name = KAT | Source = Application Hang | ID = 1002
Description = Hanging application firefox.exe, version 1.9.2.3888, hang module hungapp,
version 0.0.0.0, hang address 0x00000000.

Error - 10/21/2010 8:46:32 AM | Computer Name = KAT | Source = crypt32 | ID = 131083
Description = Failed extract of third-party root list from auto update cab at: <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab>
with error: A required certificate is not within its validity period when verifying
against the current system clock or the timestamp in the signed file.

Error - 10/21/2010 8:46:32 AM | Computer Name = KAT | Source = crypt32 | ID = 131083
Description = Failed extract of third-party root list from auto update cab at: <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab>
with error: A required certificate is not within its validity period when verifying
against the current system clock or the timestamp in the signed file.

Error - 11/1/2010 5:19:06 PM | Computer Name = KAT | Source = Application Error | ID = 1000
Description = Faulting application explorer.exe, version 6.0.2900.3156, faulting
module msvcrt.dll, version 7.0.2600.2180, fault address 0x0001b9be.

Error - 11/13/2010 1:51:30 AM | Computer Name = KAT | Source = MsiInstaller | ID = 11324
Description = Product: Adobe Reader 9.4.0 -- Error 1324.The path Kats Documents
or the volume is invalid. Please enter it again.

Error - 11/16/2010 1:01:40 AM | Computer Name = KAT | Source = MsiInstaller | ID = 11324
Description = Product: Java Auto Updater -- Error 1324.The path Kats Documents contains
an invalid character.

Error - 12/9/2010 8:20:37 PM | Computer Name = KAT | Source = COM+ | ID = 135761
Description = The run-time environment has detected an inconsistency in its internal
state. This indicates a potential instability in the process that could be caused
by the custom components running in the COM+ application, the components they make
use of, or other factors. Error in d:\qxp_slp\com\com1x\src\comsvcs\package\cpackage.cpp(1184),
hr = 80080005: InitEventCollector fail

Error - 12/11/2010 11:38:04 PM | Computer Name = KAT | Source = EventSystem | ID = 4609
Description = The COM+ Event System detected a bad return code during its internal
processing. HRESULT was 800706BF from line 44 of d:\comxp_sp2\com\com1x\src\events\tier1\eventsystemobj.cpp.
Please contact Microsoft Product Support Services to report this erro

[ Application Events ]
Error - 9/29/2010 9:04:56 PM | Computer Name = KAT | Source = Application Error | ID = 1000
Description = Faulting application zsnesw.exe, version 0.0.0.0, faulting module
zsnesw.exe, version 0.0.0.0, fault address 0x001eb62e.

Error - 10/20/2010 3:36:35 AM | Computer Name = KAT | Source = Application Hang | ID = 1002
Description = Hanging application firefox.exe, version 1.9.2.3888, hang module hungapp,
version 0.0.0.0, hang address 0x00000000.

Error - 10/20/2010 3:36:35 AM | Computer Name = KAT | Source = Application Hang | ID = 1002
Description = Hanging application firefox.exe, version 1.9.2.3888, hang module hungapp,
version 0.0.0.0, hang address 0x00000000.

Error - 10/21/2010 8:46:32 AM | Computer Name = KAT | Source = crypt32 | ID = 131083
Description = Failed extract of third-party root list from auto update cab at: <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab>
with error: A required certificate is not within its validity period when verifying
against the current system clock or the timestamp in the signed file.

Error - 10/21/2010 8:46:32 AM | Computer Name = KAT | Source = crypt32 | ID = 131083
Description = Failed extract of third-party root list from auto update cab at: <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab>
with error: A required certificate is not within its validity period when verifying
against the current system clock or the timestamp in the signed file.

Error - 11/1/2010 5:19:06 PM | Computer Name = KAT | Source = Application Error | ID = 1000
Description = Faulting application explorer.exe, version 6.0.2900.3156, faulting
module msvcrt.dll, version 7.0.2600.2180, fault address 0x0001b9be.

Error - 11/13/2010 1:51:30 AM | Computer Name = KAT | Source = MsiInstaller | ID = 11324
Description = Product: Adobe Reader 9.4.0 -- Error 1324.The path Kats Documents
or the volume is invalid. Please enter it again.

Error - 11/16/2010 1:01:40 AM | Computer Name = KAT | Source = MsiInstaller | ID = 11324
Description = Product: Java Auto Updater -- Error 1324.The path Kats Documents contains
an invalid character.

Error - 12/9/2010 8:20:37 PM | Computer Name = KAT | Source = COM+ | ID = 135761
Description = The run-time environment has detected an inconsistency in its internal
state. This indicates a potential instability in the process that could be caused
by the custom components running in the COM+ application, the components they make
use of, or other factors. Error in d:\qxp_slp\com\com1x\src\comsvcs\package\cpackage.cpp(1184),
hr = 80080005: InitEventCollector fail

Error - 12/11/2010 11:38:04 PM | Computer Name = KAT | Source = EventSystem | ID = 4609
Description = The COM+ Event System detected a bad return code during its internal
processing. HRESULT was 800706BF from line 44 of d:\comxp_sp2\com\com1x\src\events\tier1\eventsystemobj.cpp.
Please contact Microsoft Product Support Services to report this erro

[ System Events ]
Error - 12/13/2010 11:39:26 AM | Computer Name = KAT | Source = Dhcp | ID = 1002
Description = The IP address lease 192.168.1.100 for the Network Card with network
address 0013D32D4B8F has been denied by the DHCP server 192.168.1.1 (The DHCP Server
sent a DHCPNACK message).

Error - 12/13/2010 11:39:29 PM | Computer Name = KAT | Source = Dhcp | ID = 1002
Description = The IP address lease 192.168.1.100 for the Network Card with network
address 0013D32D4B8F has been denied by the DHCP server 192.168.1.1 (The DHCP Server
sent a DHCPNACK message).

Error - 12/14/2010 11:39:33 AM | Computer Name = KAT | Source = Dhcp | ID = 1002
Description = The IP address lease 192.168.1.100 for the Network Card with network
address 0013D32D4B8F has been denied by the DHCP server 192.168.1.1 (The DHCP Server
sent a DHCPNACK message).

Error - 12/14/2010 1:26:08 PM | Computer Name = KAT | Source = RemoteAccess | ID = 20106
Description = Unable to add the interface {D17D2D8B-373A-454F-B38D-05C9D2EB3C7E}
with the Router Manager for the IP protocol. The following error occurred: Cannot
complete this function.

Error - 12/14/2010 1:45:36 PM | Computer Name = KAT | Source = Service Control Manager | ID = 7031
Description = The COM+ System Application service terminated unexpectedly. It has
done this 1 time(s). The following corrective action will be taken in 1000 milliseconds:
Restart the service.

Error - 12/15/2010 1:25:22 AM | Computer Name = KAT | Source = Dhcp | ID = 1002
Description = The IP address lease 192.168.1.100 for the Network Card with network
address 0013D32D4B8F has been denied by the DHCP server 192.168.1.1 (The DHCP Server
sent a DHCPNACK message).

Error - 12/15/2010 1:25:25 PM | Computer Name = KAT | Source = Dhcp | ID = 1002
Description = The IP address lease 192.168.1.100 for the Network Card with network
address 0013D32D4B8F has been denied by the DHCP server 192.168.1.1 (The DHCP Server
sent a DHCPNACK message).

Error - 12/16/2010 1:25:28 AM | Computer Name = KAT | Source = Dhcp | ID = 1002
Description = The IP address lease 192.168.1.100 for the Network Card with network
address 0013D32D4B8F has been denied by the DHCP server 192.168.1.1 (The DHCP Server
sent a DHCPNACK message).

Error - 12/16/2010 1:25:30 PM | Computer Name = KAT | Source = Dhcp | ID = 1002
Description = The IP address lease 192.168.1.100 for the Network Card with network
address 0013D32D4B8F has been denied by the DHCP server 192.168.1.1 (The DHCP Server
sent a DHCPNACK message).

Error - 12/16/2010 8:48:03 PM | Computer Name = KAT | Source = Service Control Manager | ID = 7031
Description = The COM+ System Application service terminated unexpectedly. It has
done this 1 time(s). The following corrective action will be taken in 1000 milliseconds:
Restart the service.


< End of report >

#6 hypnotictonic420

hypnotictonic420
  • Topic Starter

  • Members
  • 17 posts
  • OFFLINE
  •  
  • Local time:09:57 AM

Posted 16 December 2010 - 11:09 PM

RKU txt:


RkU Version: 3.8.388.590, Type LE (SR2)
==============================================
OS Name: Windows XP
Version 5.1.2600 (Service Pack 2)
Number of processors #1
==============================================
>Drivers
==============================================
0xF62AC000 C:\WINDOWS\system32\drivers\ALCXWDM.SYS 2301952 bytes (Realtek Semiconductor Corp., Realtek AC'97 Audio Driver (WDM))
0xBF0B0000 C:\WINDOWS\System32\ati3duag.dll 2297856 bytes (ATI Technologies Inc. , ati3duag.dll)
0x804D7000 C:\WINDOWS\system32\ntkrnlpa.exe 2057728 bytes (Microsoft Corporation, NT Kernel & System)
0x804D7000 PnpManager 2057728 bytes
0x804D7000 RAW 2057728 bytes
0x804D7000 WMIxWDM 2057728 bytes
0xBF800000 Win32k 1851392 bytes
0xBF800000 C:\WINDOWS\System32\win32k.sys 1851392 bytes (Microsoft Corporation, Multi-User Win32 Driver)
0xF6727000 C:\WINDOWS\system32\DRIVERS\ati2mtag.sys 1069056 bytes (ATI Technologies Inc., ATI Radeon WindowsNT Miniport Driver)
0xF73CF000 PCI_PNP1382 1048576 bytes
0xF73CF000 spew.sys 1048576 bytes
0xF73CF000 sptd 1048576 bytes
0xF6598000 C:\WINDOWS\system32\DRIVERS\HSF_DP.sys 1044480 bytes (Conexant Systems, Inc., HSF_DP driver)
0xF64F0000 C:\WINDOWS\system32\DRIVERS\HSF_CNXT.sys 688128 bytes (Conexant Systems, Inc., HSF_CNXT driver)
0xBF2E1000 C:\WINDOWS\System32\ativvaxx.dll 610304 bytes (ATI Technologies Inc. , Radeon Video Acceleration Universal Driver)
0xF7200000 Ntfs.sys 577536 bytes (Microsoft Corporation, NT File System Driver)
0xEDF08000 C:\WINDOWS\system32\DRIVERS\mrxsmb.sys 454656 bytes (Microsoft Corporation, Windows NT SMB Minirdr)
0xEDE60000 C:\WINDOWS\System32\Drivers\aswSnx.SYS 364544 bytes (AVAST Software, avast! Virtualization Driver)
0xEE024000 C:\WINDOWS\system32\DRIVERS\tcpip.sys 360448 bytes (Microsoft Corporation, TCP/IP Protocol Driver)
0xB8053000 C:\WINDOWS\system32\DRIVERS\srv.sys 335872 bytes (Microsoft Corporation, Server driver)
0xBFFA0000 C:\WINDOWS\System32\ATMFD.DLL 286720 bytes (Adobe Systems Incorporated, Windows NT OpenType/Type 1 Font Driver)
0xB7921000 C:\WINDOWS\System32\Drivers\HTTP.sys 266240 bytes (Microsoft Corporation, HTTP Protocol Stack)
0xBF012000 C:\WINDOWS\System32\ati2dvag.dll 241664 bytes (ATI Technologies Inc., ATI Radeon WindowsNT Display Driver)
0xF6697000 C:\WINDOWS\system32\DRIVERS\HSFHWBS2.sys 221184 bytes (Conexant Systems, Inc., HSF_HWB2 WDM driver)
0xF6197000 C:\WINDOWS\system32\DRIVERS\update.sys 212992 bytes (Microsoft Corporation, Update Driver)
0xBF04D000 C:\WINDOWS\System32\ati2cqag.dll 204800 bytes (ATI Technologies Inc., Central Memory Manager / Queue Server Module)
0xBF07F000 C:\WINDOWS\System32\atikvmag.dll 200704 bytes (ATI Technologies Inc., Virtual Command And Memory Manager)
0xF621B000 C:\WINDOWS\system32\DRIVERS\rdpdr.sys 200704 bytes (Microsoft Corporation, Microsoft RDP Device redirector)
0xF7389000 ACPI.sys 188416 bytes (Microsoft Corporation, ACPI Driver for NT)
0xF71A6000 aswNdis2.sys 184320 bytes (AVAST Software, avast! Filtering NDIS driver)
0xF71D3000 NDIS.sys 184320 bytes (Microsoft Corporation, NDIS 5.1 wrapper driver)
0xF72D6000 dac2w2k.sys 180224 bytes (Mylex Corporation, Mylex Disk Array Controller Driver)
0xB81BD000 C:\WINDOWS\system32\DRIVERS\mrxdav.sys 180224 bytes (Microsoft Corporation, Windows NT WebDav Minirdr)
0xB50AA000 C:\WINDOWS\system32\drivers\kmixer.sys 176128 bytes (Microsoft Corporation, Kernel Mode Audio Mixer)
0xEDF77000 C:\WINDOWS\system32\DRIVERS\rdbss.sys 176128 bytes (Microsoft Corporation, Redirected Drive Buffering SubSystem Driver)
0xEDFC4000 C:\WINDOWS\system32\DRIVERS\netbt.sys 163840 bytes (Microsoft Corporation, MBT Transport driver)
0xEDEE1000 C:\WINDOWS\System32\Drivers\aswSP.SYS 159744 bytes (AVAST Software, avast! self protection module)
0xF7333000 dmio.sys 155648 bytes (Microsoft Corp., Veritas Software, NT Disk Manager I/O Driver)
0xF6288000 C:\WINDOWS\system32\drivers\portcls.sys 147456 bytes (Microsoft Corporation, Port Class (Class Driver for Port/Miniport Devices))
0xEDE15000 C:\WINDOWS\System32\Drivers\Fastfat.SYS 143360 bytes (Microsoft Corporation, Fast FAT File System Driver)
0xF66CD000 C:\WINDOWS\system32\DRIVERS\ks.sys 143360 bytes (Microsoft Corporation, Kernel CSA Library)
0xF66F0000 C:\WINDOWS\system32\DRIVERS\USBPORT.SYS 143360 bytes (Microsoft Corporation, USB 1.1 & 2.0 Port Driver)
0xEDFA2000 C:\WINDOWS\System32\drivers\afd.sys 139264 bytes (Microsoft Corporation, Ancillary Function Driver for WinSock)
0xEDFEC000 C:\WINDOWS\system32\DRIVERS\ipnat.sys 135168 bytes (Microsoft Corporation, IP Network Address Translator)
0x806CE000 ACPI_HAL 131968 bytes
0x806CE000 C:\WINDOWS\system32\hal.dll 131968 bytes (Microsoft Corporation, Hardware Abstraction Layer DLL)
0xF72B6000 fltMgr.sys 131072 bytes (Microsoft Corporation, Microsoft Filesystem Filter Manager)
0xF7359000 ftdisk.sys 126976 bytes (Microsoft Corporation, FT Disk Driver)
0xF718B000 Mup.sys 110592 bytes (Microsoft Corporation, Multiple UNC Provider driver)
0xF7302000 adpu160m.sys 102400 bytes (Microsoft Corporation, Adaptec Ultra160 SCSI miniport)
0xF731B000 atapi.sys 98304 bytes (Microsoft Corporation, IDE/ATAPI Port Driver)
0xEDDAD000 C:\WINDOWS\System32\Drivers\dump_atapi.sys 98304 bytes
0xF73B7000 C:\WINDOWS\System32\Drivers\SCSIPORT.SYS 98304 bytes (Microsoft Corporation, SCSI Port Driver)
0xEE00D000 C:\WINDOWS\System32\Drivers\aswFW.SYS 94208 bytes (AVAST Software, avast! Filtering TDI driver)
0xB83A1000 C:\WINDOWS\System32\Drivers\aswMon2.SYS 94208 bytes (AVAST Software, avast! File System Filter Driver for Windows XP)
0xF728D000 KSecDD.sys 94208 bytes (Microsoft Corporation, Kernel Security Support Provider Interface)
0xF625D000 C:\WINDOWS\system32\DRIVERS\ndiswan.sys 94208 bytes (Microsoft Corporation, MS PPP Framing Driver (Strong Encryption))
0xB7C06000 C:\WINDOWS\system32\drivers\wdmaud.sys 86016 bytes (Microsoft Corporation, MMSYSTEM Wave/Midi API mapper)
0xF6274000 C:\WINDOWS\system32\DRIVERS\parport.sys 81920 bytes (Microsoft Corporation, Parallel Port Driver)
0xF6713000 C:\WINDOWS\system32\DRIVERS\VIDEOPRT.SYS 81920 bytes (Microsoft Corporation, Video Port Driver)
0xEE07C000 C:\WINDOWS\system32\DRIVERS\ipsec.sys 77824 bytes (Microsoft Corporation, IPSec Driver)
0xBF000000 C:\WINDOWS\System32\drivers\dxg.sys 73728 bytes (Microsoft Corporation, DirectX Graphics Driver)
0xF64DE000 C:\WINDOWS\system32\DRIVERS\Rtlnicxp.sys 73728 bytes (Realtek Semiconductor Corporation , Realtek 10/100/1000 NDIS 5.1 Driver )
0xF72A4000 sr.sys 73728 bytes (Microsoft Corporation, System Restore Filesystem Filter Driver)
0xF7378000 pci.sys 69632 bytes (Microsoft Corporation, NT Plug and Play PCI Enumerator)
0xF624C000 C:\WINDOWS\system32\DRIVERS\psched.sys 69632 bytes (Microsoft Corporation, MS QoS Packet Scheduler)
0xB7B48000 C:\WINDOWS\System32\Drivers\Cdfs.SYS 65536 bytes (Microsoft Corporation, CD-ROM File System Driver)
0xF7770000 C:\WINDOWS\system32\DRIVERS\nic1394.sys 65536 bytes (Microsoft Corporation, IEEE1394 Ndis Miniport and Call Manager)
0xF77E0000 C:\WINDOWS\system32\DRIVERS\arp1394.sys 61440 bytes (Microsoft Corporation, IP/1394 Arp Client)
0xF7780000 C:\WINDOWS\system32\drivers\drmk.sys 61440 bytes (Microsoft Corporation, Microsoft Kernel DRM Descrambler Filter)
0xF76D0000 ohci1394.sys 61440 bytes (Microsoft Corporation, 1394 OpenHCI Port Driver)
0xF7760000 C:\WINDOWS\system32\DRIVERS\redbook.sys 61440 bytes (Microsoft Corporation, Redbook Audio Filter Driver)
0xB7DA3000 C:\WINDOWS\system32\drivers\sysaudio.sys 61440 bytes (Microsoft Corporation, System Audio WDM Filter)
0xF682C000 C:\WINDOWS\system32\DRIVERS\usbhub.sys 61440 bytes (Microsoft Corporation, Default Hub Driver for USB)
0xF7630000 aic78u2.sys 57344 bytes (Microsoft Corporation, Adaptec Ultra2 SCSI miniport)
0xF7600000 aic78xx.sys 57344 bytes (Microsoft Corporation, Adaptec Ultra SCSI miniport)
0xF76E0000 C:\WINDOWS\system32\DRIVERS\1394BUS.SYS 53248 bytes (Microsoft Corporation, 1394 Bus Device Driver)
0xF7750000 C:\WINDOWS\system32\DRIVERS\cdrom.sys 53248 bytes (Microsoft Corporation, SCSI CD-ROM Driver)
0xF7690000 C:\WINDOWS\system32\DRIVERS\CLASSPNP.SYS 53248 bytes (Microsoft Corporation, SCSI Class System Dll)
0xF68BC000 C:\WINDOWS\system32\DRIVERS\rasl2tp.sys 53248 bytes (Microsoft Corporation, RAS L2TP mini-port/call-manager driver)
0xF75F0000 VolSnap.sys 53248 bytes (Microsoft Corporation, Volume Shadow Copy Driver)
0xF687C000 C:\WINDOWS\System32\Drivers\pcouffin.sys 49152 bytes (VSO Software, low level access layer for CD/DVD/BD devices)
0xF7670000 ql12160.sys 49152 bytes (QLogic Corporation, Miniport Driver for QLogic ISP PCI Adapters)
0xF7660000 ql1280.sys 49152 bytes (QLogic Corporation, Miniport Driver for QLogic ISP PCI Adapters)
0xF689C000 C:\WINDOWS\system32\DRIVERS\raspptp.sys 49152 bytes (Microsoft Corporation, Peer-to-Peer Tunneling Protocol)
0xF76F0000 agp440.sys 45056 bytes (Microsoft Corporation, 440 NT AGP Filter)
0xF7720000 agpCPQ.sys 45056 bytes (Microsoft Corporation, CompatNT AGP Filter)
0xF7700000 alim1541.sys 45056 bytes (Microsoft Corporation, ALi M1541 NT AGP Filter)
0xF7710000 amdagp.sys 45056 bytes (Advanced Micro Devices, Inc., AMD Win2000 AGP Filter)
0xF70EB000 C:\WINDOWS\system32\DRIVERS\imapi.sys 45056 bytes (Microsoft Corporation, IMAPI Kernel Driver)
0xF75E0000 MountMgr.sys 45056 bytes (Microsoft Corporation, Mount Manager)
0xF68AC000 C:\WINDOWS\system32\DRIVERS\raspppoe.sys 45056 bytes (Microsoft Corporation, RAS PPPoE mini-port/call-manager driver)
0xF76B0000 sisagp.sys 45056 bytes (Silicon Integrated Systems Corporation, SiS NT AGP Filter)
0xF76C0000 viaagp.sys 45056 bytes (Microsoft Corporation, VIA NT AGP Filter)
0xF77D0000 C:\WINDOWS\System32\Drivers\aswTdi.SYS 40960 bytes (AVAST Software, avast! TDI Filter Driver)
0xF683C000 C:\WINDOWS\System32\Drivers\NDProxy.SYS 40960 bytes (Microsoft Corporation, NDIS Proxy)
0xF7650000 ql1080.sys 40960 bytes (QLogic Corporation, Miniport Driver for QLogic ISP PCI Adapters)
0xF7620000 ql1240.sys 40960 bytes (Microsoft Corporation, QLogic ISP PCI Adapters)
0xF686C000 C:\WINDOWS\system32\DRIVERS\termdd.sys 40960 bytes (Microsoft Corporation, Terminal Server Driver)
0xF7680000 disk.sys 36864 bytes (Microsoft Corporation, PnP Disk Driver)
0xF7810000 C:\WINDOWS\System32\Drivers\Fips.SYS 36864 bytes (Microsoft Corporation, FIPS Crypto Driver)
0xF7840000 C:\WINDOWS\system32\DRIVERS\HIDCLASS.SYS 36864 bytes (Microsoft Corporation, Hid Class Library)
0xF75D0000 isapnp.sys 36864 bytes (Microsoft Corporation, PNP ISA Bus Driver)
0xF688C000 C:\WINDOWS\system32\DRIVERS\msgpc.sys 36864 bytes (Microsoft Corporation, MS General Packet Classifier)
0xF77F0000 C:\WINDOWS\system32\DRIVERS\netbios.sys 36864 bytes (Microsoft Corporation, NetBIOS interface driver)
0xB5125000 C:\WINDOWS\System32\Drivers\Normandy.SYS 36864 bytes (RKU Driver)
0xF70FB000 C:\WINDOWS\system32\DRIVERS\processr.sys 36864 bytes (Microsoft Corporation, Processor Device Driver)
0xF76A0000 PxHelp20.sys 36864 bytes (Sonic Solutions, Px Engine Device Driver for Windows 2000/XP)
0xF7610000 ql10wnt.sys 36864 bytes (Microsoft Corporation, Miniport Driver for QLogic ISP PCI Adapters)
0xF7640000 ultra.sys 36864 bytes (Promise Technology, Inc., Promise Ultra66 Miniport Driver)
0xF77C0000 C:\WINDOWS\system32\DRIVERS\wanarp.sys 36864 bytes (Microsoft Corporation, MS Remote Access and Routing ARP Driver)
0xF79A0000 C:\WINDOWS\System32\Drivers\Modem.SYS 32768 bytes (Microsoft Corporation, Modem Device Driver)
0xF79A8000 C:\WINDOWS\System32\Drivers\Npfs.SYS 32768 bytes (Microsoft Corporation, NPFS Driver)
0xF7880000 symc8xx.sys 32768 bytes (LSI Logic, Symbios 8XX SCSI Miniport Driver)
0xF7890000 sym_u3.sys 32768 bytes (LSI Logic, Symbios Ultra3 SCSI Miniport Driver)
0xF6203000 C:\WINDOWS\system32\DRIVERS\usbccgp.sys 32768 bytes (Microsoft Corporation, USB Common Class Generic Parent Driver)
0xF7868000 asc.sys 28672 bytes (Advanced System Products, Inc., AdvanSys SCSI Controller Driver)
0xF79C0000 C:\WINDOWS\system32\DRIVERS\fdc.sys 28672 bytes (Microsoft Corporation, Floppy Disk Controller Driver)
0xF7970000 C:\WINDOWS\system32\DRIVERS\HIDPARSE.SYS 28672 bytes (Microsoft Corporation, Hid Parsing Library)
0xF78B8000 hpn.sys 28672 bytes (Microsoft Corporation, NetRAID-4M Miniport Driver)
0xF7850000 C:\WINDOWS\system32\DRIVERS\PCIIDEX.SYS 28672 bytes (Microsoft Corporation, PCI IDE Bus Driver Extension)
0xF78B0000 perc2.sys 28672 bytes (Microsoft Corporation, PERC 2 Miniport Driver)
0xF7920000 C:\WINDOWS\system32\DRIVERS\RimSerial.sys 28672 bytes (Research in Motion Ltd, RIM Virtual Serial Driver)
0xF61EB000 C:\WINDOWS\System32\Drivers\sunkfilt.sys 28672 bytes (Alcor Micro Corp., SunkFilt)
0xF7888000 sym_hi.sys 28672 bytes (LSI Logic, Symbios Hi-Perf SCSI Miniport Driver)
0xF7948000 C:\WINDOWS\system32\DRIVERS\usbehci.sys 28672 bytes (Microsoft Corporation, EHCI eUSB Miniport Driver)
0xF61DB000 C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS 28672 bytes (Microsoft Corporation, USB Mass Storage Class Driver)
0xF61F3000 C:\WINDOWS\System32\Drivers\Aavmker4.SYS 24576 bytes (AVAST Software, avast! Base Kernel-Mode Device Driver for Windows NT/2000/XP)
0xF7898000 ABP480N5.SYS 24576 bytes (Microsoft Corporation, AdvanSys SCSI Controller Driver)
0xF78A0000 asc3350p.sys 24576 bytes (Microsoft Corporation, AdvanSys SCSI Card Driver)
0xF7978000 C:\WINDOWS\System32\Drivers\GEARAspiWDM.sys 24576 bytes (GEAR Software Inc., CD DVD Filter)
0xF7928000 C:\WINDOWS\system32\DRIVERS\kbdclass.sys 24576 bytes (Microsoft Corporation, Keyboard Class Driver)
0xF7930000 C:\WINDOWS\system32\DRIVERS\mouclass.sys 24576 bytes (Microsoft Corporation, Mouse Class Driver)
0xF7958000 C:\WINDOWS\system32\drivers\pfc.sys 24576 bytes (Padus, Inc., Padus® ASPI Shell)
0xF7980000 C:\WINDOWS\System32\drivers\vga.sys 24576 bytes (Microsoft Corporation, VGA/Super VGA Video Driver)
0xEDDDD000 C:\WINDOWS\System32\Drivers\aswRdr.SYS 20480 bytes (AVAST Software, avast! TDI RDR Driver)
0xF78A8000 dpti2o.sys 20480 bytes (Microsoft Corporation, DPT SmartRAID miniport)
0xF7878000 i2omp.sys 20480 bytes (Microsoft Corporation, I2O Miniport Driver)
0xF7870000 mraid35x.sys 20480 bytes (American Megatrends Inc., MegaRAID RAID Controller Driver for Windows Whistler 32)
0xF7990000 C:\WINDOWS\System32\Drivers\Msfs.SYS 20480 bytes (Microsoft Corporation, Mailslot driver)
0xF7858000 PartMgr.sys 20480 bytes (Microsoft Corporation, Partition Manager)
0xF7900000 C:\WINDOWS\system32\DRIVERS\ptilink.sys 20480 bytes (Parallel Technologies, Inc., Parallel Technologies DirectParallel IO Library)
0xF7910000 C:\WINDOWS\system32\DRIVERS\raspti.sys 20480 bytes (Microsoft Corporation, PTI DirectParallel® mini-port/call-manager driver)
0xF7860000 sparrow.sys 20480 bytes (Adaptec, Inc., Adaptec AIC-6x60 series SCSI miniport)
0xF78C0000 C:\WINDOWS\system32\DRIVERS\TDI.SYS 20480 bytes (Microsoft Corporation, TDI Wrapper)
0xF7940000 C:\WINDOWS\system32\DRIVERS\usbohci.sys 20480 bytes (Microsoft Corporation, OHCI USB Miniport Driver)
0xF7938000 C:\WINDOWS\System32\watchdog.sys 20480 bytes (Microsoft Corporation, Watchdog Driver)
0xF79E8000 aha154x.sys 16384 bytes (Microsoft Corporation, Adaptec AHA-154x series SCSI miniport)
0xF79F8000 asc3550.sys 16384 bytes (Advanced System Products, Inc., AdvanSys Ultra-Wide PCI SCSI Driver)
0xF7A00000 cbidf2k.sys 16384 bytes (Microsoft Corporation, CardBus/PCMCIA IDE Miniport Driver)
0xF79E4000 cpqarray.sys 16384 bytes (Microsoft Corporation, Compaq Drive Array Controllers SCSI Miniport Driver)
0xF79F0000 dac960nt.sys 16384 bytes (Microsoft Corporation, Mylex Disk Array Controller Driver)
0xF79FC000 ini910u.sys 16384 bytes (Microsoft Corporation, INITIO ini910u SCSI miniport)
0xF70AF000 C:\WINDOWS\system32\DRIVERS\kbdhid.sys 16384 bytes (Microsoft Corporation, HID Mouse Filter Driver)
0xF7AA0000 C:\WINDOWS\system32\DRIVERS\mssmbios.sys 16384 bytes (Microsoft Corporation, System Management BIOS Driver)
0xB85D8000 C:\WINDOWS\system32\DRIVERS\ndisuio.sys 16384 bytes (Microsoft Corporation, NDIS User mode I/O Driver)
0xF79EC000 symc810.sys 16384 bytes (Symbios Logic Inc., Symbios Logic Inc. SCSI Miniport Driver)
0xF79F4000 amsint.sys 12288 bytes (Microsoft Corporation, AMD SCSI/NET Controller)
0xB863C000 C:\WINDOWS\System32\Drivers\aswFsBlk.SYS 12288 bytes (AVAST Software, avast! File System Access Blocking Driver)
0xF79E0000 C:\WINDOWS\system32\BOOTVID.dll 12288 bytes (Microsoft Corporation, VGA Boot Driver)
0xEDEC1000 C:\WINDOWS\System32\drivers\Dxapi.sys 12288 bytes (Microsoft Corporation, DirectX API Driver)
0xF70C3000 C:\WINDOWS\system32\DRIVERS\hidusb.sys 12288 bytes (Microsoft Corporation, USB Miniport Driver for Input Devices)
0xB81B1000 C:\WINDOWS\system32\DRIVERS\mdmxsdk.sys 12288 bytes (Conexant, Diagnostic Interface DRIVER)
0xF709B000 C:\WINDOWS\system32\DRIVERS\mouhid.sys 12288 bytes (Microsoft Corporation, HID Mouse Filter Driver)
0xF6E4F000 C:\WINDOWS\system32\DRIVERS\ndistapi.sys 12288 bytes (Microsoft Corporation, NDIS 3.0 connection wrapper driver)
0xF70A7000 C:\WINDOWS\system32\DRIVERS\rasacd.sys 12288 bytes (Microsoft Corporation, RAS Automatic Connection Driver)
0xF7AD4000 aliide.sys 8192 bytes (Acer Laboratories Inc., ALi mini IDE Driver)
0xF7AE4000 aswNdis.sys 8192 bytes (ALWIL Software, avast! Filtering NDIS driver)
0xF7B50000 C:\WINDOWS\System32\Drivers\Beep.SYS 8192 bytes (Microsoft Corporation, BEEP Driver)
0xF7AE0000 cd20xrnt.sys 8192 bytes (Microsoft Corporation, IBM Portable CD-ROM Drive Miniport)
0xF7AD6000 cmdide.sys 8192 bytes (CMD Technology, Inc., CMD PCI IDE Bus Driver)
0xF7ADE000 dmload.sys 8192 bytes (Microsoft Corp., Veritas Software., NT Disk Manager Startup Driver)
0xF7AFA000 C:\WINDOWS\System32\Drivers\dump_WMILIB.SYS 8192 bytes
0xF7B4C000 C:\WINDOWS\System32\Drivers\Fs_Rec.SYS 8192 bytes (Microsoft Corporation, File System Recognizer Driver)
0xF7B48000 C:\WINDOWS\System32\Drivers\i2omgmt.SYS 8192 bytes (Microsoft Corporation, I2O Utility Filter)
0xF7ADC000 intelide.sys 8192 bytes (Microsoft Corporation, Intel PCI IDE Driver)
0xF7AD0000 C:\WINDOWS\system32\KDCOM.DLL 8192 bytes (Microsoft Corporation, Kernel Debugger HW Extension DLL)
0xF7B52000 C:\WINDOWS\System32\Drivers\MCSTRM.SYS 8192 bytes (RealNetworks, Inc., RealNetworks Virtual Path Manager®)
0xF7B56000 C:\WINDOWS\System32\Drivers\mnmdd.SYS 8192 bytes (Microsoft Corporation, Frame buffer simulator)
0xF7B16000 C:\WINDOWS\System32\Drivers\ParVdm.SYS 8192 bytes (Microsoft Corporation, VDM Parallel Driver)
0xF7AE2000 perc2hib.sys 8192 bytes (Microsoft Corporation, PERC 2 Hibernate Driver)
0xF7B5A000 C:\WINDOWS\System32\DRIVERS\RDPCDD.sys 8192 bytes (Microsoft Corporation, RDP Miniport)
0xF7B32000 C:\WINDOWS\System32\Drivers\RootMdm.sys 8192 bytes (Microsoft Corporation, Legacy Non-Pnp Modem Device Driver)
0xF7B38000 C:\WINDOWS\system32\DRIVERS\swenum.sys 8192 bytes (Microsoft Corporation, Plug and Play Software Device Enumerator)
0xF7AD8000 toside.sys 8192 bytes (Microsoft Corporation, Toshiba PCI IDE Controller)
0xF7B3E000 C:\WINDOWS\system32\DRIVERS\USBD.SYS 8192 bytes (Microsoft Corporation, Universal Serial Bus Driver)
0xF7ADA000 viaide.sys 8192 bytes (Microsoft Corporation, Generic PCI IDE Bus Driver)
0xF7AD2000 C:\WINDOWS\System32\Drivers\WMILIB.SYS 8192 bytes (Microsoft Corporation, WMILIB WMI support library Dll)
0xF7C35000 C:\WINDOWS\system32\DRIVERS\audstub.sys 4096 bytes (Microsoft Corporation, AudStub Driver)
0xF7CB8000 C:\WINDOWS\System32\Drivers\Cdr4_xp.SYS 4096 bytes (Sonic Solutions, CDR4 CD and DVD Place Holder Driver (see PxHelp))
0xF7CB9000 C:\WINDOWS\System32\Drivers\Cdralw2k.SYS 4096 bytes (Sonic Solutions, CDRAL Place Holder Driver (see PxHelp))
0xF7D15000 C:\WINDOWS\System32\drivers\dxgthk.sys 4096 bytes (Microsoft Corporation, DirectX Graphics Driver Thunk)
0xF7CBB000 C:\WINDOWS\System32\Drivers\Null.SYS 4096 bytes (Microsoft Corporation, NULL Driver)
0xF7B98000 pciide.sys 4096 bytes (Microsoft Corporation, Generic PCI IDE Bus Driver)
0x857551F8 unknown_irp_handler 3592 bytes
0x857631F8 unknown_irp_handler 3592 bytes
0x857C81F8 unknown_irp_handler 3592 bytes
0x857581F8 unknown_irp_handler 3592 bytes
0x857601F8 unknown_irp_handler 3592 bytes
0x857CA1F8 unknown_irp_handler 3592 bytes
0x857621F8 unknown_irp_handler 3592 bytes
0x857CD1F8 unknown_irp_handler 3592 bytes
0x857661F8 unknown_irp_handler 3592 bytes
0x857611F8 unknown_irp_handler 3592 bytes
0x8575C1F8 unknown_irp_handler 3592 bytes
0x857671F8 unknown_irp_handler 3592 bytes
0x857CF1F8 unknown_irp_handler 3592 bytes
0x854BA1F8 unknown_irp_handler 3592 bytes
0x857CC1F8 unknown_irp_handler 3592 bytes
0x857D41F8 unknown_irp_handler 3592 bytes
0x8575F1F8 unknown_irp_handler 3592 bytes
0x8575B1F8 unknown_irp_handler 3592 bytes
0x857D81F8 unknown_irp_handler 3592 bytes
0x857CE1F8 unknown_irp_handler 3592 bytes
0x8575D1F8 unknown_irp_handler 3592 bytes
0x8575A1F8 unknown_irp_handler 3592 bytes
0x857D51F8 unknown_irp_handler 3592 bytes
0x857591F8 unknown_irp_handler 3592 bytes
0x857C91F8 unknown_irp_handler 3592 bytes
0x857641F8 unknown_irp_handler 3592 bytes
0x857571F8 unknown_irp_handler 3592 bytes
0x857D31F8 unknown_irp_handler 3592 bytes
0x857651F8 unknown_irp_handler 3592 bytes
0x857D01F8 unknown_irp_handler 3592 bytes
0x8575E1F8 unknown_irp_handler 3592 bytes
0x857C71F8 unknown_irp_handler 3592 bytes
0x857D61F8 unknown_irp_handler 3592 bytes
0x857D11F8 unknown_irp_handler 3592 bytes
0x857CB1F8 unknown_irp_handler 3592 bytes
0x857D21F8 unknown_irp_handler 3592 bytes
0x857D71F8 unknown_irp_handler 3592 bytes
0x853C3500 unknown_irp_handler 2816 bytes
0x8541C500 unknown_irp_handler 2816 bytes
0x85459500 unknown_irp_handler 2816 bytes
0x8545A500 unknown_irp_handler 2816 bytes
0x85458500 unknown_irp_handler 2816 bytes
0x853A3500 unknown_irp_handler 2816 bytes
0x85406500 unknown_irp_handler 2816 bytes
==============================================
>Stealth
==============================================
WARNING: Virus alike driver modification [sffp_sd.sys]
WARNING: Virus alike driver modification [sffdisk.sys]
WARNING: Virus alike driver modification [cpqdap01.sys]
WARNING: Virus alike driver modification [nikedrv.sys]
WARNING: Virus alike driver modification [rio8drv.sys]
WARNING: Virus alike driver modification [riodrv.sys]
WARNING: Virus alike driver modification [ws2ifsl.sys]
WARNING: Virus alike driver modification [fsvga.sys]
WARNING: Virus alike driver modification [tunmp.sys]
WARNING: Virus alike driver modification [usb8023.sys]
WARNING: Virus alike driver modification [imagesrv.sys]
WARNING: Virus alike driver modification [diskdump.sys]
WARNING: Virus alike driver modification [smclib.sys]
WARNING: Virus alike driver modification [tape.sys]
WARNING: Virus alike driver modification [serenum.sys]
WARNING: Virus alike driver modification [usbintel.sys]
WARNING: Virus alike driver modification [nwrdr.sys]
WARNING: Virus alike driver modification [tsbvcap.sys]
WARNING: Virus alike driver modification [usbcamd.sys]
WARNING: Virus alike driver modification [usbcamd2.sys]
WARNING: Virus alike driver modification [pciidex.sys]
WARNING: Virus alike driver modification [sonydcam.sys]
WARNING: Virus alike driver modification [cinemst2.sys]
WARNING: Virus alike driver modification [rndismp.sys]
WARNING: Virus alike driver modification [atmepvc.sys]
WARNING: Virus alike driver modification [rawwan.sys]
WARNING: Virus alike driver modification [atmuni.sys]
WARNING: Virus alike driver modification [intelppm.sys]
WARNING: Virus alike driver modification [crusoe.sys]
WARNING: Virus alike driver modification [amdk6.sys]
WARNING: Virus alike driver modification [amdk7.sys]
WARNING: Virus alike driver modification [nmnt.sys]
WARNING: Virus alike driver modification [stream.sys]
WARNING: Virus alike driver modification [classpnp.sys]
WARNING: Virus alike driver modification [tosdvd.sys]
WARNING: Virus alike driver modification [1394bus.sys]
WARNING: Virus alike driver modification [atmlane.sys]
WARNING: Virus alike driver modification [nwlnkspx.sys]
WARNING: Virus alike driver modification [vdmindvd.sys]
WARNING: Virus alike driver modification [imagedrv.sys]
WARNING: Virus alike driver modification [nwlnknb.sys]
WARNING: Virus alike driver modification [mf.sys]
WARNING: Virus alike driver modification [enum1394.sys]
WARNING: File locked for read access [C:\WINDOWS\system32\drivers\sptd.sys]
WARNING: Virus alike driver modification [sdbus.sys]
WARNING: Virus alike driver modification [bridge.sys]
WARNING: Virus alike driver modification [mcd.sys]
WARNING: Virus alike driver modification [nwlnkipx.sys]
WARNING: Virus alike driver modification [scsiport.sys]




MBR check txt:

MBRCheck, version 1.2.3
© 2010, AD

Command-line:
Windows Version: Windows XP Professional
Windows Information: Service Pack 2 (build 2600)
Logical Drives Mask: 0x000007fc

Kernel Drivers (total 188):
0x804D7000 \WINDOWS\system32\ntkrnlpa.exe
0x806CE000 \WINDOWS\system32\hal.dll
0xF7AD0000 \WINDOWS\system32\KDCOM.DLL
0xF79E0000 \WINDOWS\system32\BOOTVID.dll
0xF73CF000 spew.sys
0xF7AD2000 \WINDOWS\System32\Drivers\WMILIB.SYS
0xF73B7000 \WINDOWS\System32\Drivers\SCSIPORT.SYS
0xF7389000 ACPI.sys
0xF7378000 pci.sys
0xF75D0000 isapnp.sys
0xF7B98000 pciide.sys
0xF7850000 \WINDOWS\system32\DRIVERS\PCIIDEX.SYS
0xF7AD4000 aliide.sys
0xF7AD6000 cmdide.sys
0xF7AD8000 toside.sys
0xF7ADA000 viaide.sys
0xF7ADC000 intelide.sys
0xF75E0000 MountMgr.sys
0xF7359000 ftdisk.sys
0xF7ADE000 dmload.sys
0xF7333000 dmio.sys
0xF7858000 PartMgr.sys
0xF75F0000 VolSnap.sys
0xF79E4000 cpqarray.sys
0xF731B000 atapi.sys
0xF79E8000 aha154x.sys
0xF7860000 sparrow.sys
0xF79EC000 symc810.sys
0xF7600000 aic78xx.sys
0xF79F0000 dac960nt.sys
0xF7610000 ql10wnt.sys
0xF79F4000 amsint.sys
0xF7868000 asc.sys
0xF79F8000 asc3550.sys
0xF7870000 mraid35x.sys
0xF7878000 i2omp.sys
0xF79FC000 ini910u.sys
0xF7620000 ql1240.sys
0xF7630000 aic78u2.sys
0xF7880000 symc8xx.sys
0xF7888000 sym_hi.sys
0xF7890000 sym_u3.sys
0xF7898000 ABP480N5.SYS
0xF78A0000 asc3350p.sys
0xF7AE0000 cd20xrnt.sys
0xF7640000 ultra.sys
0xF7302000 adpu160m.sys
0xF78A8000 dpti2o.sys
0xF7650000 ql1080.sys
0xF7660000 ql1280.sys
0xF7670000 ql12160.sys
0xF78B0000 perc2.sys
0xF7AE2000 perc2hib.sys
0xF78B8000 hpn.sys
0xF7A00000 cbidf2k.sys
0xF72D6000 dac2w2k.sys
0xF7680000 disk.sys
0xF7690000 \WINDOWS\system32\DRIVERS\CLASSPNP.SYS
0xF72B6000 fltMgr.sys
0xF72A4000 sr.sys
0xF76A0000 PxHelp20.sys
0xF728D000 KSecDD.sys
0xF7200000 Ntfs.sys
0xF71D3000 NDIS.sys
0xF71A6000 aswNdis2.sys
0xF7AE4000 aswNdis.sys
0xF76B0000 sisagp.sys
0xF76C0000 viaagp.sys
0xF76D0000 ohci1394.sys
0xF76E0000 \WINDOWS\system32\DRIVERS\1394BUS.SYS
0xF718B000 Mup.sys
0xF76F0000 agp440.sys
0xF7700000 alim1541.sys
0xF7710000 amdagp.sys
0xF7720000 agpCPQ.sys
0xF70FB000 \SystemRoot\system32\DRIVERS\processr.sys
0xF6727000 \SystemRoot\system32\DRIVERS\ati2mtag.sys
0xF6713000 \SystemRoot\system32\DRIVERS\VIDEOPRT.SYS
0xF7940000 \SystemRoot\system32\DRIVERS\usbohci.sys
0xF66F0000 \SystemRoot\system32\DRIVERS\USBPORT.SYS
0xF7948000 \SystemRoot\system32\DRIVERS\usbehci.sys
0xF70EB000 \SystemRoot\system32\DRIVERS\imapi.sys
0xF7958000 \SystemRoot\system32\drivers\pfc.sys
0xF7750000 \SystemRoot\system32\DRIVERS\cdrom.sys
0xF7760000 \SystemRoot\system32\DRIVERS\redbook.sys
0xF66CD000 \SystemRoot\system32\DRIVERS\ks.sys
0xF7978000 \SystemRoot\System32\Drivers\GEARAspiWDM.sys
0xF6697000 \SystemRoot\system32\DRIVERS\HSFHWBS2.sys
0xF6598000 \SystemRoot\system32\DRIVERS\HSF_DP.sys
0xF64F0000 \SystemRoot\system32\DRIVERS\HSF_CNXT.sys
0xF79A0000 \SystemRoot\System32\Drivers\Modem.SYS
0xF64DE000 \SystemRoot\system32\DRIVERS\Rtlnicxp.sys
0xF7770000 \SystemRoot\system32\DRIVERS\nic1394.sys
0xF62AC000 \SystemRoot\system32\drivers\ALCXWDM.SYS
0xF6288000 \SystemRoot\system32\drivers\portcls.sys
0xF7780000 \SystemRoot\system32\drivers\drmk.sys
0xF79C0000 \SystemRoot\system32\DRIVERS\fdc.sys
0xF6274000 \SystemRoot\system32\DRIVERS\parport.sys
0xF7C35000 \SystemRoot\system32\DRIVERS\audstub.sys
0xF7B32000 \SystemRoot\System32\Drivers\RootMdm.sys
0xF68BC000 \SystemRoot\system32\DRIVERS\rasl2tp.sys
0xF6E4F000 \SystemRoot\system32\DRIVERS\ndistapi.sys
0xF625D000 \SystemRoot\system32\DRIVERS\ndiswan.sys
0xF68AC000 \SystemRoot\system32\DRIVERS\raspppoe.sys
0xF689C000 \SystemRoot\system32\DRIVERS\raspptp.sys
0xF78C0000 \SystemRoot\system32\DRIVERS\TDI.SYS
0xF624C000 \SystemRoot\system32\DRIVERS\psched.sys
0xF688C000 \SystemRoot\system32\DRIVERS\msgpc.sys
0xF7900000 \SystemRoot\system32\DRIVERS\ptilink.sys
0xF7910000 \SystemRoot\system32\DRIVERS\raspti.sys
0xF687C000 \SystemRoot\System32\Drivers\pcouffin.sys
0xF7920000 \SystemRoot\system32\DRIVERS\RimSerial.sys
0xF621B000 \SystemRoot\system32\DRIVERS\rdpdr.sys
0xF686C000 \SystemRoot\system32\DRIVERS\termdd.sys
0xF7928000 \SystemRoot\system32\DRIVERS\kbdclass.sys
0xF7930000 \SystemRoot\system32\DRIVERS\mouclass.sys
0xF7B38000 \SystemRoot\system32\DRIVERS\swenum.sys
0xF6197000 \SystemRoot\system32\DRIVERS\update.sys
0xF7AA0000 \SystemRoot\system32\DRIVERS\mssmbios.sys
0xF683C000 \SystemRoot\System32\Drivers\NDProxy.SYS
0xF682C000 \SystemRoot\system32\DRIVERS\usbhub.sys
0xF7B3E000 \SystemRoot\system32\DRIVERS\USBD.SYS
0xF7B48000 \SystemRoot\System32\Drivers\i2omgmt.SYS
0xF7CB8000 \SystemRoot\System32\Drivers\Cdr4_xp.SYS
0xF7CB9000 \SystemRoot\System32\Drivers\Cdralw2k.SYS
0xF7B4C000 \SystemRoot\System32\Drivers\Fs_Rec.SYS
0xF7CBB000 \SystemRoot\System32\Drivers\Null.SYS
0xF7B50000 \SystemRoot\System32\Drivers\Beep.SYS
0xF7970000 \SystemRoot\system32\DRIVERS\HIDPARSE.SYS
0xF7980000 \SystemRoot\System32\drivers\vga.sys
0xF7B56000 \SystemRoot\System32\Drivers\mnmdd.SYS
0xF7B5A000 \SystemRoot\System32\DRIVERS\RDPCDD.sys
0xF7990000 \SystemRoot\System32\Drivers\Msfs.SYS
0xF79A8000 \SystemRoot\System32\Drivers\Npfs.SYS
0xF70A7000 \SystemRoot\system32\DRIVERS\rasacd.sys
0xEE07C000 \SystemRoot\system32\DRIVERS\ipsec.sys
0xEE024000 \SystemRoot\system32\DRIVERS\tcpip.sys
0xEE00D000 \SystemRoot\System32\Drivers\aswFW.SYS
0xEDFEC000 \SystemRoot\system32\DRIVERS\ipnat.sys
0xF77C0000 \SystemRoot\system32\DRIVERS\wanarp.sys
0xF77D0000 \SystemRoot\System32\Drivers\aswTdi.SYS
0xF77E0000 \SystemRoot\system32\DRIVERS\arp1394.sys
0xEDFC4000 \SystemRoot\system32\DRIVERS\netbt.sys
0xEDFA2000 \SystemRoot\System32\drivers\afd.sys
0xF77F0000 \SystemRoot\system32\DRIVERS\netbios.sys
0xEDF77000 \SystemRoot\system32\DRIVERS\rdbss.sys
0xEDF08000 \SystemRoot\system32\DRIVERS\mrxsmb.sys
0xF7810000 \SystemRoot\System32\Drivers\Fips.SYS
0xEDEE1000 \SystemRoot\System32\Drivers\aswSP.SYS
0xEDE60000 \SystemRoot\System32\Drivers\aswSnx.SYS
0xF6203000 \SystemRoot\system32\DRIVERS\usbccgp.sys
0xF61F3000 \SystemRoot\System32\Drivers\Aavmker4.SYS
0xF61EB000 \??\C:\WINDOWS\System32\Drivers\sunkfilt.sys
0xF61DB000 \SystemRoot\system32\DRIVERS\USBSTOR.SYS
0xF70C3000 \SystemRoot\system32\DRIVERS\hidusb.sys
0xF7840000 \SystemRoot\system32\DRIVERS\HIDCLASS.SYS
0xEDE15000 \SystemRoot\System32\Drivers\Fastfat.SYS
0xF70AF000 \SystemRoot\system32\DRIVERS\kbdhid.sys
0xF709B000 \SystemRoot\system32\DRIVERS\mouhid.sys
0xEDDAD000 \SystemRoot\System32\Drivers\dump_atapi.sys
0xF7AFA000 \SystemRoot\System32\Drivers\dump_WMILIB.SYS
0xBF800000 \SystemRoot\System32\win32k.sys
0xEDEC1000 \SystemRoot\System32\drivers\Dxapi.sys
0xF7938000 \SystemRoot\System32\watchdog.sys
0xBF000000 \SystemRoot\System32\drivers\dxg.sys
0xF7D15000 \SystemRoot\System32\drivers\dxgthk.sys
0xBF012000 \SystemRoot\System32\ati2dvag.dll
0xBF04D000 \SystemRoot\System32\ati2cqag.dll
0xBF07F000 \SystemRoot\System32\atikvmag.dll
0xBF0B0000 \SystemRoot\System32\ati3duag.dll
0xBF2E1000 \SystemRoot\System32\ativvaxx.dll
0xBFFA0000 \SystemRoot\System32\ATMFD.DLL
0xB863C000 \SystemRoot\System32\Drivers\aswFsBlk.SYS
0xB85D8000 \SystemRoot\system32\DRIVERS\ndisuio.sys
0xB83A1000 \SystemRoot\System32\Drivers\aswMon2.SYS
0xB81BD000 \SystemRoot\system32\DRIVERS\mrxdav.sys
0xF7B16000 \SystemRoot\System32\Drivers\ParVdm.SYS
0xF7B52000 \SystemRoot\System32\Drivers\MCSTRM.SYS
0xB8053000 \SystemRoot\system32\DRIVERS\srv.sys
0xB81B1000 \SystemRoot\system32\DRIVERS\mdmxsdk.sys
0xEDDDD000 \SystemRoot\System32\Drivers\aswRdr.SYS
0xB7C06000 \SystemRoot\system32\drivers\wdmaud.sys
0xB7DA3000 \SystemRoot\system32\drivers\sysaudio.sys
0xB7921000 \SystemRoot\System32\Drivers\HTTP.sys
0xB7B48000 \SystemRoot\System32\Drivers\Cdfs.SYS
0xB50AA000 \SystemRoot\system32\drivers\kmixer.sys
0xB5125000 \SystemRoot\System32\Drivers\Normandy.SYS
0x7C900000 \WINDOWS\system32\ntdll.dll

Processes (total 37):
0 System Idle Process
4 System
756 C:\WINDOWS\system32\smss.exe
832 csrss.exe
860 C:\WINDOWS\system32\winlogon.exe
904 C:\WINDOWS\system32\services.exe
920 C:\WINDOWS\system32\lsass.exe
1076 C:\WINDOWS\system32\svchost.exe
1184 svchost.exe
1296 C:\WINDOWS\system32\svchost.exe
1380 svchost.exe
1500 svchost.exe
1620 C:\Program Files\Alwil Software\Avast5\afwServ.exe
1760 C:\Program Files\Alwil Software\Avast5\AvastSvc.exe
212 C:\WINDOWS\system32\spoolsv.exe
340 svchost.exe
376 C:\WINDOWS\ehome\ehRecvr.exe
388 C:\WINDOWS\ehome\ehSched.exe
436 C:\Program Files\Java\jre6\bin\jqs.exe
660 C:\Program Files\Viewpoint\Common\ViewpointService.exe
2204 alg.exe
2828 C:\Program Files\Viewpoint\Viewpoint Manager\ViewMgr.exe
3160 C:\WINDOWS\system32\wscntfy.exe
2780 C:\WINDOWS\explorer.exe
4024 C:\WINDOWS\SOUNDMAN.EXE
2228 C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe
348 C:\WINDOWS\ehome\ehtray.exe
532 C:\Program Files\Alwil Software\Avast5\AvastUI.exe
604 C:\WINDOWS\ehome\ehmsas.exe
632 C:\WINDOWS\system32\ctfmon.exe
5816 C:\WINDOWS\system32\dllhost.exe
4824 C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
5516 C:\Program Files\Mozilla Firefox\firefox.exe
2276 C:\Program Files\Mozilla Firefox\plugin-container.exe
4432 C:\Documents and Settings\Owner\My Documents\Downloads\OTL.exe
2888 C:\Documents and Settings\Owner\My Documents\Downloads\RKUnhookerLE.EXE
600 C:\Documents and Settings\Owner\My Documents\Downloads\MBRCheck.exe

\\.\C: --> \\.\PhysicalDrive0 at offset 0x00000001`0d27ca00 (NTFS)
\\.\D: --> \\.\PhysicalDrive0 at offset 0x00000000`00007e00 (FAT32)
\\.\G: --> \\.\PhysicalDrive1 at offset 0x00000000`00007e00 (FAT32)

PhysicalDrive0 Model Number: ST3200021A, Rev: 3.01
PhysicalDrive1 Model Number: WDCWD400BB-60DGA0, Rev: 05.03E05

Size Device Name MBR Status
--------------------------------------------
186 GB \\.\PhysicalDrive0 Gateway MBR code detected
SHA1: 007DADCB3671462B53686F6996D328CFD544ABBD
37 GB \\.\PhysicalDrive1 Unknown MBR code
SHA1: D6FA314EBC5F8F61CC7D153892E2FEE686189DF9


Found non-standard or infected MBR.
Enter 'Y' and hit ENTER for more options, or 'N' to exit:
Options:
[1] Dump the MBR of a physical disk to file.
[2] Restore the MBR of a physical disk with a standard boot code.
[3] Exit.

Enter your choice:

Done!

#7 thcbytes

thcbytes

  • Malware Response Team
  • 14,790 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:09:57 AM

Posted 17 December 2010 - 12:29 PM

Well done. :thumbup2:

After we are completely finished I want you to update to sp3!!
http://www.microsoft.com/downloads/en/details.aspx?FamilyId=85AF7BFD-6F69-4289-8BD1-EB966BCDFB5E&displaylang=en

==========

Viewpoint Manager is considered as foistware instead of malware since it is installed without users approval but doesn't spy or do anything "bad". This changed from what we know in 2006 read this article:

http://www.clickz.com/news/article.php/3561546

I suggest you remove the program now. Click on start > run > and then paste the following into the "open" field: appwiz.cpl and press OK. From within Add or Remove Programs uninstall the following if they exist: Viewpoint, Viewpoint Manager, Viewpoint Media Player.

==========

I see you have Frostwire installed!

Using any peer-to-peer (P2P) or file sharing program (i.e. Limewire, eMule, Kontiki, BitTorrent, uTorrent, BearShare, Azureus/Vuze) is a security risk which can make your system susceptible to a smörgåsbord of malware infections, remote attacks, and exposure of personal information.

The reason for this is that file sharing relies on its members giving and gaining unfettered access to computers across the P2P network. This practice can make you vulnerable to data and identity theft, system infection and remote access exploit by attackers who can take control of your computer without your knowledge. Even if you change the risky default settings to a safer configuration, downloading files from an anonymous source increases your exposure to infection because the files you are downloading may actually contain a disguised threat. Many malicious worms and Trojans, such as the Storm Worm, target and spread across P2P files sharing networks because of their known vulnerabilities. In some instances the infection may cause so much damage to your system that recovery is not possible and a Repair Install will NOT help!. In those cases, the only option is to wipe your drive, reformat and reinstall the OS.

Even the safest P2P file sharing programs that do not contain bundled spyware, still expose you to risks because of the very nature of the P2P file sharing process. By default, most P2P file sharing programs are configured to automatically launch at startup. They are also configured to allow other P2P users on the same network open access to a shared directory on your computer. The best way to eliminate these risks is to avoid using P2P applications.Using such programs is very likely how your computer got infected!!

==========

Please download ComboFix from one of these locations:

Link 1
Link 2

Save it to your Desktop <-- Important!!!

  • Disable your AntiVirus and AntiSpyware applications, usually via a right click on the System Tray icon. They may otherwise interfere with our tools. Please refer to this link for instructions.

  • Double click it & follow the prompts.

  • As part of it's process, ComboFix will check to see if the Microsoft Windows Recovery Console is installed. With malware infections being as they are today, it's strongly recommended to have this pre-installed on your machine before doing any malware removal. It will allow you to boot up into a special recovery/repair mode that will allow us to more easily help you should your computer have a problem after an attempted removal of malware.

  • Follow the prompts to allow ComboFix to download and install the Microsoft Windows Recovery Console, and when prompted, agree to the End-User License Agreement to install the Microsoft Windows Recovery Console.

**Please note: If the Microsoft Windows Recovery Console is already installed, ComboFix will continue it's malware removal procedures.

Posted Image


Once the Microsoft Windows Recovery Console is installed using ComboFix, you should see the following message:

Posted Image

Click on Yes, to continue scanning for malware.

When finished, it will produce a log for you. Please include the C:\ComboFix.txt in your next reply

A word of warning: Neither I nor sUBs are responsible for any damage you may have caused your machine by running ComboFix on your own.
This tool is not a toy and not for everyday use.
ComboFix SHOULD NOT be used unless requested by a forum helper


How is your computer running now?

Regards,
thcbytes
Proud member - Unified Network of Instructors and Trained Eliminators
Posted Image

I do not accept personal donations for assistance provided. I would ask that you instead consider donating the greatest gift - Organ Donation. Your organs are of no use to you when your gone. You will save a life that would otherwise be lost!

http://donatelife.net/register-now/

#8 hypnotictonic420

hypnotictonic420
  • Topic Starter

  • Members
  • 17 posts
  • OFFLINE
  •  
  • Local time:09:57 AM

Posted 17 December 2010 - 10:04 PM

Well, I will get rid of the viewpoint applications and see if that helps at all. I know about frostwire and such peer to peer networks. I have it set so i CAN NOT share any files on my computer and any access is blocked. I dont use it that often anyway. I have combofix on my computer already, it works well, I will run it and see if it picks up anything malicious. I am also going to run spybot again and a couple others. The main problem is is that my computer has been slowing down lately and it has been happening more often even after restarts. It is mainly lagging when i go to watch video's on hulu or other sites like that, the video will skip and lag very bad. It did not really do this in the past which leads me to believe it is infected somehow. Also my windows task bar will sometimes randomly change from its current view to like classic view..This kinda makes me think that someone has my computer hacked with something such as subseven or netbus(not sure what any new ones are called) that would allow them to mess with my settings and what not. Sometimes while running firefox my computer will restart randomly, there are a bunch of other reasons that lead me to believe something is awry. Thank you for the help, I will post more logs, I am also just toying with the idea of backing up everything important to me and formatting/installing a new OS.

#9 thcbytes

thcbytes

  • Malware Response Team
  • 14,790 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:09:57 AM

Posted 18 December 2010 - 08:43 AM

Based on your logs you might have a TDSS infection.

==========

Here is the deal. If you want my help I would ask that you do only as I have requested.

==========

I do not want you to run a Spybot scan. In fact Spybot might interfere with our fix so please disable it until we have finished.

TeaTimer works by preventing ANY changes to the system. It will attempt to undo any fixes we run, because it blocks these fixes from running.

In order to safeguard your system from problems that can be brought on by a half finished fix, we need to disable TeaTimer. We can reenable it when we're done if you like.
  • Open SpyBot Search and Destroy by going to Start -> All Programs -> Spybot Search and Destroy -> Spybot Search and Destroy.
  • If prompted with a legal dialog, accept the warning.
  • Click Posted Image and then on "Advanced Mode"
    Posted Image
  • You may be presented with a warning dialog. If so, press Posted Image
  • Click on Posted Image
  • Click on Posted Image
  • Uncheck this checkbox:
    Posted Image
  • Close/Exit Spybot Search and Destroy

==========

If you plan to format the drive or you do not desire my help then please let me know and I will close this thread.

==========

In regards to p2p. If you download from an anonymous source you will be infected! It is like having unprotected sex!

==========

You have run Combofix unsupervised.....this is ill advised!!

:exclame: This is a complex and powerful tool that should not be used except under the supervision and direction of a malware expert. It can and will render your computer unbootable permanently!! Also realize that in most circumstances a single run of Combofix is ineffective. Specialized scripts will be written specifically directing this program to clean-up based on your logs!! :exclame:

=========

Please let me know what you plan to do.

Regards,
thcbytes
Proud member - Unified Network of Instructors and Trained Eliminators
Posted Image

I do not accept personal donations for assistance provided. I would ask that you instead consider donating the greatest gift - Organ Donation. Your organs are of no use to you when your gone. You will save a life that would otherwise be lost!

http://donatelife.net/register-now/

#10 hypnotictonic420

hypnotictonic420
  • Topic Starter

  • Members
  • 17 posts
  • OFFLINE
  •  
  • Local time:09:57 AM

Posted 18 December 2010 - 12:31 PM

I have not had tea time active since ive installed the program, i dont like it and turned it off. I tried to do as you said and run combofix however it is saying that i have AVG anti-virus running. I uninstalled AVG a long time ago cause it was a crappy anti-virus but i guess it doesnt fully uninstall. There is remnants of it somewhere, im assuming in the registry or something.

#11 thcbytes

thcbytes

  • Malware Response Team
  • 14,790 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:09:57 AM

Posted 18 December 2010 - 03:55 PM

Do this.....

Download TDSSKiller.zip
  • Extract it to your desktop
  • Double click TDSSKiller.exe
  • Press Start Scan
    • If Malicious objects are found then ensure Cure is selected
    • Then click Continue > Reboot now
  • Copy and paste the log in your next reply
    • A copy of the log will be saved automatically to the root of the drive (typically C:\)

==========

Next this...

Download and run AppRemover.
http://www.appremover.com/

=========

Then this....

:exclame: Warning: This script was specifically written and designed for this user only. Unsupervised use of this tool could render your computer unbootable permanently!! :exclame:

1. Close any open browsers.

2. Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.

3. Open notepad and copy/paste the all of the text in the quotebox below (including the hyperlink if present) into it:

4. Combofix might upload a few suspicious files. Please allow this!!

REGISTRY::
[-HKEY_CURRENT_USER\AppEvents\EventLabels\avgtrayRSAlert]
[-HKEY_CURRENT_USER\AppEvents\EventLabels\avgtrayScanFinished]
[-HKEY_CURRENT_USER\AppEvents\EventLabels\avgtrayScanFinishedThreatFound]
[-HKEY_CURRENT_USER\AppEvents\EventLabels\avgtrayScanStarted]
[-HKEY_CURRENT_USER\AppEvents\EventLabels\avgtrayUpdEnd]
[-HKEY_CURRENT_USER\AppEvents\EventLabels\avgtrayUpdEndFail]
[-HKEY_CURRENT_USER\AppEvents\EventLabels\avgtrayUpdStart]
[-HKEY_CURRENT_USER\AppEvents\Schemes\Apps\avgtray]
[-HKEY_CURRENT_USER\Software\Avg]
[-HKEY_CLASSES_ROOT\*\shellex\ContextMenuHandlers\AVG9 Shell Extension]
[-HKEY_CLASSES_ROOT\.avgdx]
[-HKEY_CLASSES_ROOT\CLSID\{1152F8E0-69DB-4935-AFC3-59F8A5A86A3E}]
[-HKEY_CLASSES_ROOT\CLSID\{3CA2F312-6F6E-4B53-A66E-4E65E497C8C0}]
[-HKEY_CLASSES_ROOT\CLSID\{41B21542-2055-4212-A6F2-395CD109B14B}]
[-HKEY_CLASSES_ROOT\CLSID\{6F59E522-4689-156E-316C-D5B48819DE95} ]
[-HKEY_CLASSES_ROOT\CLSID\{86E8C5B0-75B6-4ff2-B04F-6789CC7AE386}]
[-HKEY_CLASSES_ROOT\CLSID\{9F97547E-4609-42C5-AE0C-81C61FFAEBC3}]
[-HKEY_CLASSES_ROOT\CLSID\{EF0BB4CD-81FA-48AF-99B3-AB6C1F079BEC}]
[-HKEY_CLASSES_ROOT\CLSID\{F1FE4608-7924-4908-8E12-81CFA206F00A}]
[-HKEY_CLASSES_ROOT\CLSID\{F274614C-63F8-47D5-A4D1-FBDDE494F8D1}]
[-HKEY_CLASSES_ROOT\Folder\shellex\ContextMenuHandlers\AVG9 Shell Extension]
[-HKEY_CLASSES_ROOT\Installer\Features\36E852A15FD8BDA48923830A21D156BE]
[-HKEY_CLASSES_ROOT\Installer\Features\69BC3230A1222404483A39DE4E0799CF]
[-HKEY_CLASSES_ROOT\Installer\Features\CFD2C1F142D260E3CB8B271543DA9F98]
[-HKEY_CLASSES_ROOT\Installer\Products\36E852A15FD8BDA48923830A21D156BE]
[-HKEY_CLASSES_ROOT\Installer\Products\69BC3230A1222404483A39DE4E0799CF]
[-HKEY_CLASSES_ROOT\Installer\Products\CFD2C1F142D260E3CB8B271543DA9F98]
[-HKEY_CLASSES_ROOT\Installer\UpgradeCodes\06DD9E4F7F3FF9C41BC2BD64A2CE18FE]
[-HKEY_CLASSES_ROOT\Installer\UpgradeCodes\38F747DBDC97B4E459142E21199F9D10]
[-HKEY_CLASSES_ROOT\Installer\UpgradeCodes\41A387AA3A7A33D3590FA953D1350011]
[-HKEY_CLASSES_ROOT\LinkScannerIE.NavFilter]
[-HKEY_CLASSES_ROOT\LinkScannerIE.NavFilter.1]
[-HKEY_CLASSES_ROOT\MicroScanner.MicroScanner]
[-HKEY_CLASSES_ROOT\piffile\shellex\ContextMenuHandlers\AVG9 Shell Extension]
[-HKEY_CLASSES_ROOT\PROTOCOLS\Handler\linkscanner]
[-HKEY_LOCAL_MACHINE\SOFTWARE\AVG]
[-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\DevDiv\VC]
[-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\App Paths\AVGSE.DLL]
[-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{0323CB96-221A-4042-84A3-93EDE47099FC}]
[-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{1A258E63-8DF5-4ADB-9832-38A0121D65EB}]
[-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\AlwaysUnloadDll]
[-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\AVG]
[-HKEY_CLASSES_ROOT\CLSID\{50A96677-4378-434d-9F4B-6B28B485933F}\{976BA62F-ABED-40e0-8F7B-6DE4F6756F0B}]
[-HKEY_CLASSES_ROOT\CLSID\{50A96677-4378-434d-9F4B-6B28B485933F}\{976BA62F-ABEE-40e0-8F7B-6DE4F6756F0B}]
[-HKEY_CLASSES_ROOT\CLSID\{50A96677-4378-434d-9F4B-6B28B485933F}\{976BA62F-ABEF-40e0-8F7B-6DE4F6756F0B}]
[-HKEY_CLASSES_ROOT\CLSID\{9781B2D1-AF27-474F-A3A5-C0763FBDF3B7}]
[-HKEY_CLASSES_ROOT\CLSID\{A3BC75A2-1F87-4686-AA43-5347D756017C}]
[-HKEY_CLASSES_ROOT\CLSID\{CCC7A320-B3CA-4199-B1A6-9F516DD69829}]
[-HKEY_CLASSES_ROOT\CLSID\{F2DDE6B2-9684-4A55-86D4-E255E237B77C}]
[-HKEY_CLASSES_ROOT\PROTOCOLS\Handler\avgsecuritytoolbar]
[-HKEY_CURRENT_USER\AppEvents\EventLabels\avgtrayWSAlert]
[-HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\SearchScopes\{CCC7A320-B3CA-4199-B1A6-9F516DD69829}]
[-HKEY_CURRENT_USER\Software\AppDataLow\Avg]
[-HKEY_CURRENT_USER\Software\AVG Security Toolbar]
[-HKEY_LOCAL_MACHINE\SOFTWARE\AVG Security Toolbar]
[-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\avgrsstarter]
[-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\AVG9Uninstall]
[-HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Eventlog\Application\AvgEms]
[-HKEY_USERS\.DEFAULT\AppEvents\EventLabels\avgtrayRSAlert]
[-HKEY_USERS\.DEFAULT\AppEvents\EventLabels\avgtrayScanFinished]
[-HKEY_USERS\.DEFAULT\AppEvents\EventLabels\avgtrayScanFinishedThreatFound]
[-HKEY_USERS\.DEFAULT\AppEvents\EventLabels\avgtrayScanStarted]
[-HKEY_USERS\.DEFAULT\AppEvents\EventLabels\avgtrayWSAlert]
[-HKEY_USERS\.DEFAULT\AppEvents\Schemes\Apps\avgtray]
[-HKEY_USERS\.DEFAULT\Software\AppDataLow\Avg]
[-HKEY_USERS\.DEFAULT\Software\Avg]
[-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{CCC7A320-B3CA-4199-B1A6-9F516DD69829}]
[-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{CCC7A320-B3CA-4199-B1A6-9F516DD69829}]

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks]
"{A3BC75A2-1F87-4686-AA43-5347D756017C}"=-
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"AVG9_TRAY"=-
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved]
"{9F97547E-4609-42C5-AE0C-81C61FFAEBC3}"=-
"{9F97547E-460A-42C5-AE0C-81C61FFAEBC3}"=-
[HKEY_LOCAL_MACHINE\SOFTWARE\Mozilla\Firefox\Extensions]
"{3f963a5b-e555-4543-90e2-c3908898db71}"=-
"avg@igeared"=-
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\GroupOrderList]
"AVG"=-

DRIVER::
Avg
AVGIDSAgent
AVGIDSDriver
AVGIDSEH
AVGIDSFilter
AVGIDSShim
Avgldx86
Avgmfx86
Avgrkx86
Avgtdix
avgwd
AVG Security Toolbar Service
avg9emc
avg9wd

FOLDER::
%SYSTEMDRIVE%\$AVG
%COMMONAPPDATA%\AVG10
%COMMONAPPDATA%\MFAData
%COMMONPROGRAMS%\AVG 2011
%APPDATA%\AVG10
%PROGRAMFILES%\AVG
%SYSTEM%\drivers\AVG
%COMMONAPPDATA%\AVG Security Toolbar
%COMMONAPPDATA%\avg9
%COMMONPrograms%\AVG Free 9.0

File::
%COMMONAPPDATA%\Common Files\6F59E522-4689-156E-316C-D5B48819DE95.dat
%COMMONDESKTOP%\AVG 2011.lnk
%SYSTEM%\drivers\AVGIDSDriver.sys
%SYSTEM%\drivers\AVGIDSEH.sys
%SYSTEM%\drivers\AVGIDSFilter.sys
%SYSTEM%\drivers\AVGIDSShim.sys
%SYSTEM%\drivers\avgldx86.sys
%SYSTEM%\drivers\avgmfx86.sys
%SYSTEM%\drivers\avgrkx86.sys
%SYSTEM%\drivers\avgtdix.sys
%COMMONDesktop%\AVG Free 9.0.lnk
%PROGRAMFILES%\Mozilla Firefox\searchplugins\avg_igeared.xml
%SYSTEM%\avgrsstx.dll

SECCENTER::
AVG Anti-Virus Free


Save this as CFScript_AVG2011.txt, in the same location as ComboFix.exe


Posted Image

Refering to the picture above, drag CFScript into ComboFix.exe

When finished, it shall produce a log for you at C:\ComboFix.txt which I will require in your next reply.

Regards,
thcbytes
Proud member - Unified Network of Instructors and Trained Eliminators
Posted Image

I do not accept personal donations for assistance provided. I would ask that you instead consider donating the greatest gift - Organ Donation. Your organs are of no use to you when your gone. You will save a life that would otherwise be lost!

http://donatelife.net/register-now/

#12 hypnotictonic420

hypnotictonic420
  • Topic Starter

  • Members
  • 17 posts
  • OFFLINE
  •  
  • Local time:09:57 AM

Posted 18 December 2010 - 07:53 PM

This is crazy man, I just did all that you said, ill post the logs in here. However, when i dragged the txt file into Combofix, it did in fact open Combofix and what not, I have avast disabled and what not but it is STILL saying that AVG real time scanner is running bla bla bla bla and I must disable it, well i know it needs to be disabled; I freakin deleted it from my damn computer however long ago cause it sucks at life(computer life) when it comes to doing what it was designed for. In fact, it has just made things worse and managed to slow my computer down and clearly stick pieces of itself throughout my computer and cause me problems. NEVER AGAIN will I use AVG or anything made by that company and I will tell everyone I know to do the same. This is just ridiculous. I ran Kasperspy's TDSS killer and it says it found nothing as well except for one locked file that is suspicious I guess...So what the hell, basically I uninstalled AVG, Ive even used their uninstall tool specifically for that. Clearly hasnt worked. Ive used this APP. Remover tool you showed me and that hasn't found it. It should have found AVG. Combofix will open, my computer will make a bleep ton of noise (I have it set to make a noise each time a program is opened/closed/minimize/maximize/etc, you get the idea) so it must be opening and close somethings like crazy for some reason..Or something is trying to open and it is not being allowed to? Then Combofix will tell me about AVG and then the next dialog box pops up saying that I have no closed/disabled AVG and it is going to run anyway however this could be harmful to my computer, i click the close button and it doesnt do a thing after that. This is pretty much exactly what happens if the information helps you figure anything out, sorry for the book I have typed just now but I assume the details could help. I will now post the logs:

=======================================================

TDSS Killer Log:

2010/12/18 18:48:36.0659 TDSS rootkit removing tool 2.4.12.0 Dec 16 2010 09:46:46
2010/12/18 18:48:36.0659 ================================================================================
2010/12/18 18:48:36.0659 SystemInfo:
2010/12/18 18:48:36.0659
2010/12/18 18:48:36.0659 OS Version: 5.1.2600 ServicePack: 2.0
2010/12/18 18:48:36.0659 Product type: Workstation
2010/12/18 18:48:36.0659 ComputerName: KAT
2010/12/18 18:48:36.0659 UserName: Owner
2010/12/18 18:48:36.0659 Windows directory: C:\WINDOWS
2010/12/18 18:48:36.0659 System windows directory: C:\WINDOWS
2010/12/18 18:48:36.0659 Processor architecture: Intel x86
2010/12/18 18:48:36.0659 Number of processors: 1
2010/12/18 18:48:36.0675 Page size: 0x1000
2010/12/18 18:48:36.0675 Boot type: Normal boot
2010/12/18 18:48:36.0675 ================================================================================
2010/12/18 18:48:38.0097 Initialize success
2010/12/18 18:48:49.0550 ================================================================================
2010/12/18 18:48:49.0550 Scan started
2010/12/18 18:48:49.0550 Mode: Manual;
2010/12/18 18:48:49.0550 ================================================================================
2010/12/18 18:48:50.0222 Aavmker4 (8d488938e2f7048906f1fbd3af394887) C:\WINDOWS\system32\drivers\Aavmker4.sys
2010/12/18 18:48:50.0643 abp480n5 (6abb91494fe6c59089b9336452ab2ea3) C:\WINDOWS\system32\DRIVERS\ABP480N5.SYS
2010/12/18 18:48:50.0893 ACPI (a10c7534f7223f4a73a948967d00e69b) C:\WINDOWS\system32\DRIVERS\ACPI.sys
2010/12/18 18:48:51.0143 ACPIEC (9859c0f6936e723e4892d7141b1327d5) C:\WINDOWS\system32\drivers\ACPIEC.sys
2010/12/18 18:48:51.0362 adpu160m (9a11864873da202c996558b2106b0bbc) C:\WINDOWS\system32\DRIVERS\adpu160m.sys
2010/12/18 18:48:51.0643 aec (1ee7b434ba961ef845de136224c30fec) C:\WINDOWS\system32\drivers\aec.sys
2010/12/18 18:48:51.0925 AFD (55e6e1c51b6d30e54335750955453702) C:\WINDOWS\System32\drivers\afd.sys
2010/12/18 18:48:52.0128 agp440 (2c428fa0c3e3a01ed93c9b2a27d8d4bb) C:\WINDOWS\system32\DRIVERS\agp440.sys
2010/12/18 18:48:52.0347 agpCPQ (67288b07d6aba6c1267b626e67bc56fd) C:\WINDOWS\system32\DRIVERS\agpCPQ.sys
2010/12/18 18:48:52.0565 Aha154x (c23ea9b5f46c7f7910db3eab648ff013) C:\WINDOWS\system32\DRIVERS\aha154x.sys
2010/12/18 18:48:52.0800 aic78u2 (19dd0fb48b0c18892f70e2e7d61a1529) C:\WINDOWS\system32\DRIVERS\aic78u2.sys
2010/12/18 18:48:53.0003 aic78xx (b7fe594a7468aa0132deb03fb8e34326) C:\WINDOWS\system32\DRIVERS\aic78xx.sys
2010/12/18 18:48:53.0378 ALCXWDM (4e0aca5290b2966f24c45250a56c2da1) C:\WINDOWS\system32\drivers\ALCXWDM.SYS
2010/12/18 18:48:53.0690 AliIde (1140ab9938809700b46bb88e46d72a96) C:\WINDOWS\system32\DRIVERS\aliide.sys
2010/12/18 18:48:53.0893 alim1541 (f312b7cef21eff52fa23056b9d815fad) C:\WINDOWS\system32\DRIVERS\alim1541.sys
2010/12/18 18:48:54.0097 amdagp (675c16a3c1f8482f85ee4a97fc0dde3d) C:\WINDOWS\system32\DRIVERS\amdagp.sys
2010/12/18 18:48:54.0315 amsint (79f5add8d24bd6893f2903a3e2f3fad6) C:\WINDOWS\system32\DRIVERS\amsint.sys
2010/12/18 18:48:54.0534 Arp1394 (f0d692b0bffb46e30eb3cea168bbc49f) C:\WINDOWS\system32\DRIVERS\arp1394.sys
2010/12/18 18:48:54.0768 asc (62d318e9a0c8fc9b780008e724283707) C:\WINDOWS\system32\DRIVERS\asc.sys
2010/12/18 18:48:54.0987 asc3350p (69eb0cc7714b32896ccbfd5edcbea447) C:\WINDOWS\system32\DRIVERS\asc3350p.sys
2010/12/18 18:48:55.0190 asc3550 (5d8de112aa0254b907861e9e9c31d597) C:\WINDOWS\system32\DRIVERS\asc3550.sys
2010/12/18 18:48:55.0487 aswFsBlk (a0d86b8ac93ef95620420c7a24ac5344) C:\WINDOWS\system32\drivers\aswFsBlk.sys
2010/12/18 18:48:55.0753 aswFW (25ace55b10046e9e6e9b148fa7abd3b7) C:\WINDOWS\system32\drivers\aswFW.sys
2010/12/18 18:48:56.0034 aswMon2 (7d880c76a285a41284d862e2d798ec0d) C:\WINDOWS\system32\drivers\aswMon2.sys
2010/12/18 18:48:56.0268 aswNdis (7b948e3657bea62e437bc46ca6ef6012) C:\WINDOWS\system32\DRIVERS\aswNdis.sys
2010/12/18 18:48:56.0534 aswNdis2 (125febcb61d33b358afc20866b8a9842) C:\WINDOWS\system32\drivers\aswNdis2.sys
2010/12/18 18:48:56.0784 aswRdr (69823954bbd461a73d69774928c9737e) C:\WINDOWS\system32\drivers\aswRdr.sys
2010/12/18 18:48:57.0034 aswSnx (81f10376af5f0f466f03cb2c5321b7ed) C:\WINDOWS\system32\drivers\aswSnx.sys
2010/12/18 18:48:57.0331 aswSP (7ecc2776638b04553f9a85bd684c3abf) C:\WINDOWS\system32\drivers\aswSP.sys
2010/12/18 18:48:57.0581 aswTdi (095ed820a926aa8189180b305e1bcfc9) C:\WINDOWS\system32\drivers\aswTdi.sys
2010/12/18 18:48:57.0831 AsyncMac (02000abf34af4c218c35d257024807d6) C:\WINDOWS\system32\DRIVERS\asyncmac.sys
2010/12/18 18:48:58.0065 atapi (cdfe4411a69c224bd1d11b2da92dac51) C:\WINDOWS\system32\DRIVERS\atapi.sys
2010/12/18 18:48:58.0565 ati2mtag (e564f459722294f0e3a47527783bd03c) C:\WINDOWS\system32\DRIVERS\ati2mtag.sys
2010/12/18 18:48:58.0878 Atmarpc (ec88da854ab7d7752ec8be11a741bb7f) C:\WINDOWS\system32\DRIVERS\atmarpc.sys
2010/12/18 18:48:59.0112 audstub (d9f724aa26c010a217c97606b160ed68) C:\WINDOWS\system32\DRIVERS\audstub.sys
2010/12/18 18:48:59.0565 Beep (da1f27d85e0d1525f6621372e7b685e9) C:\WINDOWS\system32\drivers\Beep.sys
2010/12/18 18:49:00.0003 cbidf (90a673fc8e12a79afbed2576f6a7aaf9) C:\WINDOWS\system32\DRIVERS\cbidf2k.sys
2010/12/18 18:49:00.0206 cbidf2k (90a673fc8e12a79afbed2576f6a7aaf9) C:\WINDOWS\system32\drivers\cbidf2k.sys
2010/12/18 18:49:00.0425 cd20xrnt (f3ec03299634490e97bbce94cd2954c7) C:\WINDOWS\system32\DRIVERS\cd20xrnt.sys
2010/12/18 18:49:00.0675 Cdaudio (c1b486a7658353d33a10cc15211a873b) C:\WINDOWS\system32\drivers\Cdaudio.sys
2010/12/18 18:49:00.0940 Cdfs (cd7d5152df32b47f4e36f710b35aae02) C:\WINDOWS\system32\drivers\Cdfs.sys
2010/12/18 18:49:01.0175 Cdr4_xp (837eef65af62d4e8a37c41d3879f7274) C:\WINDOWS\system32\drivers\Cdr4_xp.sys
2010/12/18 18:49:01.0409 Cdralw2k (579da2f9f5401f55dae2cf8779d61dfc) C:\WINDOWS\system32\drivers\Cdralw2k.sys
2010/12/18 18:49:01.0628 Cdrom (af9c19b3100fe010496b1a27181fbf72) C:\WINDOWS\system32\DRIVERS\cdrom.sys
2010/12/18 18:49:02.0081 CmdIde (e5dcb56c533014ecbc556a8357c929d5) C:\WINDOWS\system32\DRIVERS\cmdide.sys
2010/12/18 18:49:02.0362 Cpqarray (3ee529119eed34cd212a215e8c40d4b6) C:\WINDOWS\system32\DRIVERS\cpqarray.sys
2010/12/18 18:49:02.0628 dac2w2k (e550e7418984b65a78299d248f0a7f36) C:\WINDOWS\system32\DRIVERS\dac2w2k.sys
2010/12/18 18:49:02.0878 dac960nt (683789caa3864eb46125ae86ff677d34) C:\WINDOWS\system32\DRIVERS\dac960nt.sys
2010/12/18 18:49:03.0159 Disk (00ca44e4534865f8a3b64f7c0984bff0) C:\WINDOWS\system32\DRIVERS\disk.sys
2010/12/18 18:49:03.0456 dmboot (c0fbb516e06e243f0cf31f597e7ebf7d) C:\WINDOWS\system32\drivers\dmboot.sys
2010/12/18 18:49:03.0737 dmio (f5e7b358a732d09f4bcf2824b88b9e28) C:\WINDOWS\system32\drivers\dmio.sys
2010/12/18 18:49:03.0972 dmload (e9317282a63ca4d188c0df5e09c6ac5f) C:\WINDOWS\system32\drivers\dmload.sys
2010/12/18 18:49:04.0237 DMusic (a6f881284ac1150e37d9ae47ff601267) C:\WINDOWS\system32\drivers\DMusic.sys
2010/12/18 18:49:04.0518 dpti2o (40f3b93b4e5b0126f2f5c0a7a5e22660) C:\WINDOWS\system32\DRIVERS\dpti2o.sys
2010/12/18 18:49:04.0768 drmkaud (1ed4dbbae9f5d558dbba4cc450e3eb2e) C:\WINDOWS\system32\drivers\drmkaud.sys
2010/12/18 18:49:05.0237 Fastfat (3117f595e9615e04f05a54fc15a03b20) C:\WINDOWS\system32\drivers\Fastfat.sys
2010/12/18 18:49:05.0503 Fdc (ced2e8396a8838e59d8fd529c680e02c) C:\WINDOWS\system32\DRIVERS\fdc.sys
2010/12/18 18:49:05.0737 Fips (e153ab8a11de5452bcf5ac7652dbf3ed) C:\WINDOWS\system32\drivers\Fips.sys
2010/12/18 18:49:05.0987 Flpydisk (0dd1de43115b93f4d85e889d7a86f548) C:\WINDOWS\system32\DRIVERS\flpydisk.sys
2010/12/18 18:49:06.0237 FltMgr (3d234fb6d6ee875eb009864a299bea29) C:\WINDOWS\system32\DRIVERS\fltMgr.sys
2010/12/18 18:49:06.0487 Fs_Rec (3e1e2bd4f39b0e2b7dc4f4d2bcc2779a) C:\WINDOWS\system32\drivers\Fs_Rec.sys
2010/12/18 18:49:06.0753 Ftdisk (6ac26732762483366c3969c9e4d2259d) C:\WINDOWS\system32\DRIVERS\ftdisk.sys
2010/12/18 18:49:07.0003 GEARAspiWDM (8182ff89c65e4d38b2de4bb0fb18564e) C:\WINDOWS\system32\Drivers\GEARAspiWDM.sys
2010/12/18 18:49:07.0222 Gpc (c0f1d4a21de5a415df8170616703debf) C:\WINDOWS\system32\DRIVERS\msgpc.sys
2010/12/18 18:49:07.0425 GTNDIS5 (fc80052194d5708254a346568f0e77c0) C:\WINDOWS\system32\GTNDIS5.SYS
2010/12/18 18:49:07.0768 HidUsb (1de6783b918f540149aa69943bdfeba8) C:\WINDOWS\system32\DRIVERS\hidusb.sys
2010/12/18 18:49:08.0018 hpn (b028377dea0546a5fcfba928a8aefae0) C:\WINDOWS\system32\DRIVERS\hpn.sys
2010/12/18 18:49:08.0268 HSFHWBS2 (33dfc0afa95f9a2c753ff2adb7d4a21f) C:\WINDOWS\system32\DRIVERS\HSFHWBS2.sys
2010/12/18 18:49:08.0550 HSF_DP (b2dfc168d6f7512faea085253c5a37ad) C:\WINDOWS\system32\DRIVERS\HSF_DP.sys
2010/12/18 18:49:08.0831 HTTP (9f8b0f4276f618964fd118be4289b7cd) C:\WINDOWS\system32\Drivers\HTTP.sys
2010/12/18 18:49:09.0050 i2omgmt (8f09f91b5c91363b77bcd15599570f2c) C:\WINDOWS\system32\drivers\i2omgmt.sys
2010/12/18 18:49:09.0284 i2omp (ed6bf9e441fdea13292a6d30a64a24c3) C:\WINDOWS\system32\DRIVERS\i2omp.sys
2010/12/18 18:49:09.0534 i8042prt (5502b58eef7486ee6f93f3f164dcb808) C:\WINDOWS\system32\DRIVERS\i8042prt.sys
2010/12/18 18:49:09.0815 Imapi (f8aa320c6a0409c0380e5d8a99d76ec6) C:\WINDOWS\system32\DRIVERS\imapi.sys
2010/12/18 18:49:10.0097 ini910u (4a40e045faee58631fd8d91afc620719) C:\WINDOWS\system32\DRIVERS\ini910u.sys
2010/12/18 18:49:10.0362 IntelIde (2d722b2b54ab55b2fa475eb58d7b2aad) C:\WINDOWS\system32\DRIVERS\intelide.sys
2010/12/18 18:49:10.0612 Ip6Fw (4448006b6bc60e6c027932cfc38d6855) C:\WINDOWS\system32\DRIVERS\Ip6Fw.sys
2010/12/18 18:49:10.0847 IpFilterDriver (731f22ba402ee4b62748adaf6363c182) C:\WINDOWS\system32\DRIVERS\ipfltdrv.sys
2010/12/18 18:49:11.0112 IpInIp (e1ec7f5da720b640cd8fb8424f1b14bb) C:\WINDOWS\system32\DRIVERS\ipinip.sys
2010/12/18 18:49:11.0362 IpNat (e2168cbc7098ffe963c6f23f472a3593) C:\WINDOWS\system32\DRIVERS\ipnat.sys
2010/12/18 18:49:11.0612 IPSec (64537aa5c003a6afeee1df819062d0d1) C:\WINDOWS\system32\DRIVERS\ipsec.sys
2010/12/18 18:49:11.0893 IRENUM (50708daa1b1cbb7d6ac1cf8f56a24410) C:\WINDOWS\system32\DRIVERS\irenum.sys
2010/12/18 18:49:12.0143 isapnp (e504f706ccb699c2596e9a3da1596e87) C:\WINDOWS\system32\DRIVERS\isapnp.sys
2010/12/18 18:49:12.0425 Kbdclass (ebdee8a2ee5393890a1acee971c4c246) C:\WINDOWS\system32\DRIVERS\kbdclass.sys
2010/12/18 18:49:12.0690 kbdhid (e182fa8e49e8ee41b4adc53093f3c7e6) C:\WINDOWS\system32\DRIVERS\kbdhid.sys
2010/12/18 18:49:12.0940 kmixer (ba5deda4d934e6288c2f66caf58d2562) C:\WINDOWS\system32\drivers\kmixer.sys
2010/12/18 18:49:13.0190 KSecDD (674d3e5a593475915dc6643317192403) C:\WINDOWS\system32\drivers\KSecDD.sys
2010/12/18 18:49:13.0722 MCSTRM (5bb01b9f582259d1fb7653c5c1da3653) C:\WINDOWS\system32\drivers\MCSTRM.sys
2010/12/18 18:49:13.0972 mdmxsdk (3c318b9cd391371bed62126581ee9961) C:\WINDOWS\system32\DRIVERS\mdmxsdk.sys
2010/12/18 18:49:14.0237 MHNDRV (7f2f1d2815a6449d346fcccbc569fbd6) C:\WINDOWS\system32\DRIVERS\mhndrv.sys
2010/12/18 18:49:14.0456 mnmdd (4ae068242760a1fb6e1a44bf4e16afa6) C:\WINDOWS\system32\drivers\mnmdd.sys
2010/12/18 18:49:14.0722 Modem (6fc6f9d7acc36dca9b914565a3aeda05) C:\WINDOWS\system32\drivers\Modem.sys
2010/12/18 18:49:14.0972 Mouclass (34e1f0031153e491910e12551400192c) C:\WINDOWS\system32\DRIVERS\mouclass.sys
2010/12/18 18:49:15.0237 mouhid (b1c303e17fb9d46e87a98e4ba6769685) C:\WINDOWS\system32\DRIVERS\mouhid.sys
2010/12/18 18:49:15.0487 MountMgr (65653f3b4477f3c63e68a9659f85ee2e) C:\WINDOWS\system32\drivers\MountMgr.sys
2010/12/18 18:49:15.0737 mraid35x (3f4bb95e5a44f3be34824e8e7caf0737) C:\WINDOWS\system32\DRIVERS\mraid35x.sys
2010/12/18 18:49:16.0222 MRxDAV (29414447eb5bde2f8397dc965dbb3156) C:\WINDOWS\system32\DRIVERS\mrxdav.sys
2010/12/18 18:49:16.0472 MRxSmb (6f2d483b97b395544e59749c47963c6a) C:\WINDOWS\system32\DRIVERS\mrxsmb.sys
2010/12/18 18:49:16.0784 Msfs (561b3a4333ca2dbdba28b5b956822519) C:\WINDOWS\system32\drivers\Msfs.sys
2010/12/18 18:49:17.0050 MSKSSRV (ae431a8dd3c1d0d0610cdbac16057ad0) C:\WINDOWS\system32\drivers\MSKSSRV.sys
2010/12/18 18:49:17.0300 MSPCLOCK (13e75fef9dfeb08eeded9d0246e1f448) C:\WINDOWS\system32\drivers\MSPCLOCK.sys
2010/12/18 18:49:17.0550 MSPQM (1988a33ff19242576c3d0ef9ce785da7) C:\WINDOWS\system32\drivers\MSPQM.sys
2010/12/18 18:49:17.0800 mssmbios (469541f8bfd2b32659d5d463a6714bce) C:\WINDOWS\system32\DRIVERS\mssmbios.sys
2010/12/18 18:49:18.0050 Mup (82035e0f41c2dd05ae41d27fe6cf7de1) C:\WINDOWS\system32\drivers\Mup.sys
2010/12/18 18:49:18.0300 mxnic (e1cdf20697d992cf83ff86dd04df1285) C:\WINDOWS\system32\DRIVERS\mxnic.sys
2010/12/18 18:49:18.0534 NDIS (558635d3af1c7546d26067d5d9b6959e) C:\WINDOWS\system32\drivers\NDIS.sys
2010/12/18 18:49:18.0784 NdisTapi (08d43bbdacdf23f34d79e44ed35c1b4c) C:\WINDOWS\system32\DRIVERS\ndistapi.sys
2010/12/18 18:49:19.0034 Ndisuio (34d6cd56409da9a7ed573e1c90a308bf) C:\WINDOWS\system32\DRIVERS\ndisuio.sys
2010/12/18 18:49:19.0268 NdisWan (0b90e255a9490166ab368cd55a529893) C:\WINDOWS\system32\DRIVERS\ndiswan.sys
2010/12/18 18:49:19.0534 NDProxy (59fc3fb44d2669bc144fd87826bb571f) C:\WINDOWS\system32\drivers\NDProxy.sys
2010/12/18 18:49:19.0768 NetBIOS (3a2aca8fc1d7786902ca434998d7ceb4) C:\WINDOWS\system32\DRIVERS\netbios.sys
2010/12/18 18:49:20.0018 NetBT (0c80e410cd2f47134407ee7dd19cc86b) C:\WINDOWS\system32\DRIVERS\netbt.sys
2010/12/18 18:49:20.0347 NIC1394 (5c5c53db4fef16cf87b9911c7e8c6fbc) C:\WINDOWS\system32\DRIVERS\nic1394.sys
2010/12/18 18:49:20.0612 Npfs (4f601bcb8f64ea3ac0994f98fed03f8e) C:\WINDOWS\system32\drivers\Npfs.sys
2010/12/18 18:49:20.0893 Ntfs (19a811ef5f1ed5c926a028ce107ff1af) C:\WINDOWS\system32\drivers\Ntfs.sys
2010/12/18 18:49:21.0206 Null (73c1e1f395918bc2c6dd67af7591a3ad) C:\WINDOWS\system32\drivers\Null.sys
2010/12/18 18:49:21.0503 nv (2b298519edbfcf451d43e0f1e8f1006d) C:\WINDOWS\system32\DRIVERS\nv4_mini.sys
2010/12/18 18:49:21.0831 NwlnkFlt (b305f3fad35083837ef46a0bbce2fc57) C:\WINDOWS\system32\DRIVERS\nwlnkflt.sys
2010/12/18 18:49:22.0081 NwlnkFwd (c99b3415198d1aab7227f2c88fd664b9) C:\WINDOWS\system32\DRIVERS\nwlnkfwd.sys
2010/12/18 18:49:22.0315 ohci1394 (0951db8e5823ea366b0e408d71e1ba2a) C:\WINDOWS\system32\DRIVERS\ohci1394.sys
2010/12/18 18:49:22.0565 P3 (3e16eff2a6fed2d8d7f5a66dfe65d183) C:\WINDOWS\system32\DRIVERS\p3.sys
2010/12/18 18:49:22.0815 Parport (29744eb4ce659dfe3b4122deb45bc478) C:\WINDOWS\system32\DRIVERS\parport.sys
2010/12/18 18:49:23.0050 PartMgr (3334430c29dc338092f79c38ef7b4cd0) C:\WINDOWS\system32\drivers\PartMgr.sys
2010/12/18 18:49:23.0315 ParVdm (70e98b3fd8e963a6a46a2e6247e0bea1) C:\WINDOWS\system32\drivers\ParVdm.sys
2010/12/18 18:49:23.0565 PCI (8086d9979234b603ad5bc2f5d890b234) C:\WINDOWS\system32\DRIVERS\pci.sys
2010/12/18 18:49:24.0003 PCIIde (ccf5f451bb1a5a2a522a76e670000ff0) C:\WINDOWS\system32\DRIVERS\pciide.sys
2010/12/18 18:49:24.0268 Pcmcia (82a087207decec8456fbe8537947d579) C:\WINDOWS\system32\drivers\Pcmcia.sys
2010/12/18 18:49:24.0518 pcouffin (5b6c11de7e839c05248ced8825470fef) C:\WINDOWS\system32\Drivers\pcouffin.sys
2010/12/18 18:49:25.0550 perc2 (6c14b9c19ba84f73d3a86dba11133101) C:\WINDOWS\system32\DRIVERS\perc2.sys
2010/12/18 18:49:25.0815 perc2hib (f50f7c27f131afe7beba13e14a3b9416) C:\WINDOWS\system32\DRIVERS\perc2hib.sys
2010/12/18 18:49:26.0159 pfc (6c1618a07b49e3873582b6449e744088) C:\WINDOWS\system32\drivers\pfc.sys
2010/12/18 18:49:26.0425 PptpMiniport (1c5cc65aac0783c344f16353e60b72ac) C:\WINDOWS\system32\DRIVERS\raspptp.sys
2010/12/18 18:49:26.0690 Processor (0d97d88720a4087ec93af7dbb303b30a) C:\WINDOWS\system32\DRIVERS\processr.sys
2010/12/18 18:49:26.0940 PSched (48671f327553dcf1d27f6197f622a668) C:\WINDOWS\system32\DRIVERS\psched.sys
2010/12/18 18:49:27.0190 Ptilink (80d317bd1c3dbc5d4fe7b1678c60cadd) C:\WINDOWS\system32\DRIVERS\ptilink.sys
2010/12/18 18:49:27.0409 PxHelp20 (d86b4a68565e444d76457f14172c875a) C:\WINDOWS\system32\Drivers\PxHelp20.sys
2010/12/18 18:49:27.0659 ql1080 (0a63fb54039eb5662433caba3b26dba7) C:\WINDOWS\system32\DRIVERS\ql1080.sys
2010/12/18 18:49:27.0925 Ql10wnt (6503449e1d43a0ff0201ad5cb1b8c706) C:\WINDOWS\system32\DRIVERS\ql10wnt.sys
2010/12/18 18:49:28.0190 ql12160 (156ed0ef20c15114ca097a34a30d8a01) C:\WINDOWS\system32\DRIVERS\ql12160.sys
2010/12/18 18:49:28.0440 ql1240 (70f016bebde6d29e864c1230a07cc5e6) C:\WINDOWS\system32\DRIVERS\ql1240.sys
2010/12/18 18:49:28.0690 ql1280 (907f0aeea6bc451011611e732bd31fcf) C:\WINDOWS\system32\DRIVERS\ql1280.sys
2010/12/18 18:49:28.0940 RasAcd (fe0d99d6f31e4fad8159f690d68ded9c) C:\WINDOWS\system32\DRIVERS\rasacd.sys
2010/12/18 18:49:29.0206 Rasl2tp (98faeb4a4dcf812ba1c6fca4aa3e115c) C:\WINDOWS\system32\DRIVERS\rasl2tp.sys
2010/12/18 18:49:29.0472 RasPppoe (7306eeed8895454cbed4669be9f79faa) C:\WINDOWS\system32\DRIVERS\raspppoe.sys
2010/12/18 18:49:29.0737 Raspti (fdbb1d60066fcfbb7452fd8f9829b242) C:\WINDOWS\system32\DRIVERS\raspti.sys
2010/12/18 18:49:30.0003 Rdbss (03b965b1ca47f6ef60eb5e51cb50e0af) C:\WINDOWS\system32\DRIVERS\rdbss.sys
2010/12/18 18:49:30.0253 RDPCDD (4912d5b403614ce99c28420f75353332) C:\WINDOWS\system32\DRIVERS\RDPCDD.sys
2010/12/18 18:49:30.0534 rdpdr (a2cae2c60bc37e0751ef9dda7ceaf4ad) C:\WINDOWS\system32\DRIVERS\rdpdr.sys
2010/12/18 18:49:30.0831 RDPWD (b54cd38a9ebfbf2b3561426e3fe26f62) C:\WINDOWS\system32\drivers\RDPWD.sys
2010/12/18 18:49:31.0112 redbook (b31b4588e4086d8d84adbf9845c2402b) C:\WINDOWS\system32\DRIVERS\redbook.sys
2010/12/18 18:49:31.0378 RimUsb (5ec6fa6386ab2580b5ae3cf39ac1dfaf) C:\WINDOWS\system32\Drivers\RimUsb.sys
2010/12/18 18:49:31.0628 RimVSerPort (d9b34325ee5df78b8f28a3de9f577c7d) C:\WINDOWS\system32\DRIVERS\RimSerial.sys
2010/12/18 18:49:31.0893 ROOTMODEM (d8b0b4ade32574b2d9c5cc34dc0dbbe7) C:\WINDOWS\system32\Drivers\RootMdm.sys
2010/12/18 18:49:32.0268 RTL8023xp (e9877aa069dc11b03dbd1d33b8b2a3ca) C:\WINDOWS\system32\DRIVERS\Rtlnicxp.sys
2010/12/18 18:49:32.0534 Secdrv (90a3935d05b494a5a39d37e71f09a677) C:\WINDOWS\system32\DRIVERS\secdrv.sys
2010/12/18 18:49:32.0815 Serial (cd9404d115a00d249f70a371b46d5a26) C:\WINDOWS\system32\drivers\Serial.sys
2010/12/18 18:49:33.0097 Sfloppy (0d13b6df6e9e101013a7afb0ce629fe0) C:\WINDOWS\system32\drivers\Sfloppy.sys
2010/12/18 18:49:33.0550 sisagp (732d859b286da692119f286b21a2a114) C:\WINDOWS\system32\DRIVERS\sisagp.sys
2010/12/18 18:49:33.0815 Sparrow (83c0f71f86d3bdaf915685f3d568b20e) C:\WINDOWS\system32\DRIVERS\sparrow.sys
2010/12/18 18:49:34.0050 splitter (0ce218578fff5f4f7e4201539c45c78f) C:\WINDOWS\system32\drivers\splitter.sys
2010/12/18 18:49:34.0362 sptd (71e276f6d189413266ea22171806597b) C:\WINDOWS\system32\Drivers\sptd.sys
2010/12/18 18:49:34.0362 Suspicious file (NoAccess): C:\WINDOWS\system32\Drivers\sptd.sys. md5: 71e276f6d189413266ea22171806597b
2010/12/18 18:49:34.0393 sptd - detected Locked file (1)
2010/12/18 18:49:34.0628 sr (e41b6d037d6cd08461470af04500dc24) C:\WINDOWS\system32\DRIVERS\sr.sys
2010/12/18 18:49:34.0909 Srv (ab9c79ed12d65e800aaad3d72a04792f) C:\WINDOWS\system32\DRIVERS\srv.sys
2010/12/18 18:49:35.0190 SunkFilt (86ca1a5c15a5a98d5533945fb1120b05) C:\WINDOWS\System32\Drivers\sunkfilt.sys
2010/12/18 18:49:35.0456 swenum (03c1bae4766e2450219d20b993d6e046) C:\WINDOWS\system32\DRIVERS\swenum.sys
2010/12/18 18:49:35.0737 swmidi (94abc808fc4b6d7d2bbf42b85e25bb4d) C:\WINDOWS\system32\drivers\swmidi.sys
2010/12/18 18:49:36.0034 symc810 (1ff3217614018630d0a6758630fc698c) C:\WINDOWS\system32\DRIVERS\symc810.sys
2010/12/18 18:49:36.0300 symc8xx (070e001d95cf725186ef8b20335f933c) C:\WINDOWS\system32\DRIVERS\symc8xx.sys
2010/12/18 18:49:36.0550 sym_hi (80ac1c4abbe2df3b738bf15517a51f2c) C:\WINDOWS\system32\DRIVERS\sym_hi.sys
2010/12/18 18:49:36.0815 sym_u3 (bf4fab949a382a8e105f46ebb4937058) C:\WINDOWS\system32\DRIVERS\sym_u3.sys
2010/12/18 18:49:37.0081 sysaudio (650ad082d46bac0e64c9c0e0928492fd) C:\WINDOWS\system32\drivers\sysaudio.sys
2010/12/18 18:49:37.0378 Tcpip (2a5554fc5b1e04e131230e3ce035c3f9) C:\WINDOWS\system32\DRIVERS\tcpip.sys
2010/12/18 18:49:37.0643 TDPIPE (38d437cf2d98965f239b0abcd66dcb0f) C:\WINDOWS\system32\drivers\TDPIPE.sys
2010/12/18 18:49:37.0893 TDTCP (ed0580af02502d00ad8c4c066b156be9) C:\WINDOWS\system32\drivers\TDTCP.sys
2010/12/18 18:49:38.0143 TermDD (a540a99c281d933f3d69d55e48727f47) C:\WINDOWS\system32\DRIVERS\termdd.sys
2010/12/18 18:49:38.0440 TosIde (f2790f6af01321b172aa62f8e1e187d9) C:\WINDOWS\system32\DRIVERS\toside.sys
2010/12/18 18:49:38.0737 Udfs (12f70256f140cd7d52c58c7048fde657) C:\WINDOWS\system32\drivers\Udfs.sys
2010/12/18 18:49:39.0003 ultra (1b698a51cd528d8da4ffaed66dfc51b9) C:\WINDOWS\system32\DRIVERS\ultra.sys
2010/12/18 18:49:39.0284 Update (aff2e5045961bbc0a602bb6f95eb1345) C:\WINDOWS\system32\DRIVERS\update.sys
2010/12/18 18:49:39.0565 usbccgp (bffd9f120cc63bcbaa3d840f3eef9f79) C:\WINDOWS\system32\DRIVERS\usbccgp.sys
2010/12/18 18:49:39.0815 usbehci (15e993ba2f6946b2bfbbfcd30398621e) C:\WINDOWS\system32\DRIVERS\usbehci.sys
2010/12/18 18:49:40.0097 usbhub (c72f40947f92cea56a8fb532edf025f1) C:\WINDOWS\system32\DRIVERS\usbhub.sys
2010/12/18 18:49:40.0331 usbohci (bdfe799a8531bad8a5a985821fe78760) C:\WINDOWS\system32\DRIVERS\usbohci.sys
2010/12/18 18:49:40.0581 usbprint (a42369b7cd8886cd7c70f33da6fcbcf5) C:\WINDOWS\system32\DRIVERS\usbprint.sys
2010/12/18 18:49:40.0847 USBSTOR (6cd7b22193718f1d17a47a1cd6d37e75) C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS
2010/12/18 18:49:41.0206 VgaSave (8a60edd72b4ea5aea8202daf0e427925) C:\WINDOWS\System32\drivers\vga.sys
2010/12/18 18:49:41.0440 viaagp (d92e7c8a30cfd14d8e15b5f7f032151b) C:\WINDOWS\system32\DRIVERS\viaagp.sys
2010/12/18 18:49:41.0675 ViaIde (59cb1338ad3654417bea49636457f65d) C:\WINDOWS\system32\DRIVERS\viaide.sys
2010/12/18 18:49:41.0956 VolSnap (ee4660083deba849ff6c485d944b379b) C:\WINDOWS\system32\drivers\VolSnap.sys
2010/12/18 18:49:42.0268 Wanarp (984ef0b9788abf89974cfed4bfbaacbc) C:\WINDOWS\system32\DRIVERS\wanarp.sys
2010/12/18 18:49:42.0940 wdmaud (efd235ca22b57c81118c1aeb4798f1c1) C:\WINDOWS\system32\drivers\wdmaud.sys
2010/12/18 18:49:43.0237 winachsf (2dc7c0b6175a0a8ed84a4f70199c93b5) C:\WINDOWS\system32\DRIVERS\HSF_CNXT.sys
2010/12/18 18:49:43.0659 ================================================================================
2010/12/18 18:49:43.0659 Scan finished
2010/12/18 18:49:43.0659 ================================================================================
2010/12/18 18:49:43.0722 Detected object count: 1
2010/12/18 18:50:41.0065 Locked file(sptd) - User select action: Skip
2010/12/18 19:18:43.0487 Deinitialize success

======================================================================================

Hmmm, this seems to be all the logs I have so far, If I have missed some, let me know and ill find and post it real quick. Thanks again.

#13 hypnotictonic420

hypnotictonic420
  • Topic Starter

  • Members
  • 17 posts
  • OFFLINE
  •  
  • Local time:09:57 AM

Posted 19 December 2010 - 12:18 AM

Ok, I got Combofix to run and it seems to have went ok. After reboot, I had to disable avast real quick again cause that automatically runs at startup. While it was doing its thing and after it was done, update.exe kept opening and closing every second, im not sure what thats about or what the process is, any idea on why this was happening? Its probably insignificant and im just paranoid.. I will post the combofix log below..


Combofix log:


ComboFix 10-12-18.01 - Owner 12/18/2010 23:32:55.2.1 - x86
Microsoft Windows XP Professional 5.1.2600.2.1252.1.1033.18.894.417 [GMT -5:00]
Running from: c:\documents and settings\Owner\My Documents\Downloads\Trying to fix bleeped up computer\ComboFix.exe
Command switches used :: c:\documents and settings\Owner\My Documents\Downloads\Trying to fix bleeped up computer\CFScript_AVG2011.txt
AV: avast! Internet Security *Disabled/Updated* {7591DB91-41F0-48A3-B128-1A293FD8233D}
AV: AVG Anti-Virus Free *Enabled/Updated* {17DDD097-36FF-435F-9E1B-52D74245D6BF}
FW: avast! Internet Security *Disabled* {7591DB91-41F0-48A3-B128-1A293FD8233D}
* Created a new restore point

FILE ::
"c:\documents and settings\All Users\Application Data\Common Files\6F59E522-4689-156E-316C-D5B48819DE95.dat"
"c:\documents and settings\All Users\Desktop\AVG 2011.lnk"
"c:\documents and settings\All Users\Desktop\AVG Free 9.0.lnk"
"c:\program files\Mozilla Firefox\searchplugins\avg_igeared.xml"
"c:\windows\system32\avgrsstx.dll"
"c:\windows\system32\drivers\AVGIDSDriver.sys"
"c:\windows\system32\drivers\AVGIDSEH.sys"
"c:\windows\system32\drivers\AVGIDSFilter.sys"
"c:\windows\system32\drivers\AVGIDSShim.sys"
"c:\windows\system32\drivers\avgldx86.sys"
"c:\windows\system32\drivers\avgmfx86.sys"
"c:\windows\system32\drivers\avgrkx86.sys"
"c:\windows\system32\drivers\avgtdix.sys"
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\documents and settings\Owner\Application Data\inst.exe
c:\program files\AWS\WEATHE~1\MINIBU~1.DLL
c:\windows\Downloaded Program Files\popcaploader.dll
c:\windows\Downloaded Program Files\popcaploader.inf
.
---- Previous Run -------
.
c:\windows\system32\drivers\MSIVXknvbwrvaprrdnbveretubonwkluwjqnq.sys
c:\windows\system32\MSIVXbtnummyqjlhndmvhvudnkdseaobtwuub.dll
c:\windows\system32\MSIVXyscuhjtvprtuccwfxxyviexwsgqnacnc.dll
c:\recycler\S-1-5-21-1417001333-1580818891-725345543-1003\desktop.ini
c:\recycler\S-1-5-21-1417001333-1580818891-725345543-1003\INFO2
c:\recycler\S-1-5-21-2626191610-1205389388-834698159-500\desktop.ini
c:\recycler\S-1-5-21-2626191610-1205389388-834698159-500\INFO2
c:\recycler\S-1-5-21-3182237036-1388889847-2430597741-500\desktop.ini
c:\recycler\S-1-5-21-3182237036-1388889847-2430597741-500\INFO2
c:\recycler\S-1-5-21-3574691555-3905486512-2342171452-500\desktop.ini
c:\recycler\S-1-5-21-3574691555-3905486512-2342171452-500\INFO2
c:\recycler\S-1-5-21-4785382563-7614185683-482538531-6515\Desktop.ini
c:\recycler\S-1-5-21-4785382563-7614185683-482538531-6515\rundll32.exe
c:\recycler\S-1-5-21-6851806120-0751279171-837239181-6421\Desktop.ini
c:\recycler\S-1-5-21-8773525530-7050329143-551391684-5405\Desktop.ini
C:\test.txt
c:\windows\hosts
c:\windows\sonce122621.dat
c:\windows\st_1245218985.exe
c:\windows\st_1245221434.exe
c:\windows\st_1245237413.exe
c:\windows\st_1245239865.exe
c:\windows\system32\drivers\MSIVXknvbwrvaprrdnbveretubonwkluwjqnq.sys
c:\windows\system32\MSIVXbtnummyqjlhndmvhvudnkdseaobtwuub.dll
c:\windows\system32\MSIVXcount
c:\windows\system32\MSIVXyscuhjtvprtuccwfxxyviexwsgqnacnc.dll
c:\windows\system32\tmp.reg
c:\windows\Tasks\{5B57CF47-0BFA-43c6-ACF9-3B3653DCADBA}.job
D:\Autorun.inf
D:\Desktop.ini

.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.

-------\Service_MSIVXserv.sys
-------\Legacy_SERVICE_CVAS
-------\Legacy_AVGLDX86
-------\Legacy_AVGMFX86
-------\Legacy_AVGTDIX


((((((((((((((((((((((((( Files Created from 2010-11-19 to 2010-12-19 )))))))))))))))))))))))))))))))
.

No new files created in this timespan

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-02-25 01:21 . 2008-02-25 01:21 774144 ----a-w- c:\program files\RngInterstitial.dll
2009-05-01 21:02 . 2009-05-01 21:02 1044480 ----a-w- c:\program files\mozilla firefox\plugins\libdivx.dll
2009-05-01 21:02 . 2009-05-01 21:02 200704 ----a-w- c:\program files\mozilla firefox\plugins\ssldivx.dll
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\snxPluginsShell]
@="{F4B3B0AA-13D1-4a36-BDA2-2055B0F3D5DE}"
[HKEY_CLASSES_ROOT\CLSID\{F4B3B0AA-13D1-4a36-BDA2-2055B0F3D5DE}]
2010-09-07 15:14 152160 ----a-w- c:\program files\Alwil Software\Avast5\snxPlugins.dll

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Fbw"="c:\windows\system32\?ystem\s?rvices.exe" [?]
"Ztfknl"="c:\windows\?ystem32\?explore.exe" [?]
"Axuikx"="c:\windows\?ssembly\n?lookup.exe" [?]
"Tjlqt"="c:\program files\W?nSxS\w?auboot.exe" [?]
"Xmheontv"="c:\windows\?ssembly\s?anregw.exe" [?]
"Ujex"="c:\windows\??crosoft\w?auclt.exe" [?]
"Faaq"="c:\documents and settings\Owner\My Documents\F?nts\r?ndll.exe" [?]
"Sysfud"="c:\documents and settings\Owner\My Documents\T?sks\s?ool32.exe" [?]
"Szjzbfm"="c:\windows\??curity\s?rvices.exe" [?]
"Foankq"="c:\windows\?ssembly\r?ndll32.exe" [?]
"Zyo"="c:\documents and settings\Owner\My Documents\s?stem\m?iexec.exe" [?]
"Ztaeasmq"="c:\program files\Common Files\??pPatch\t?skmgr.exe" [?]
"Hobnnhs"="c:\documents and settings\Owner\My Documents\?dobe\n?tepad.exe" [?]
"Pzge"="c:\documents and settings\Owner\My Documents\s?stem32\s?anregw.exe" [?]
"Nbnp"="c:\windows\W?nSxS\i?xplore.exe" [?]
"Cbbbvvn"="c:\windows\?ymantec\?ti2evxx.exe" [?]
"Flykr"="c:\windows\?ssembly\n?pdb.exe" [?]
"Amkaygx"="c:\windows\system32\?dobe\l?gonui.exe" [?]
"Aim6"="c:\program files\AIM6\aim6.exe" [2009-07-09 49968]
"AIM"="c:\program files\AIM\aim.exe" [2004-06-07 61440]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ATIPTA"="c:\program files\ATI Technologies\ATI Control Panel\atiptaxx.exe" [2005-03-18 339968]
"Recguard"="c:\windows\SMINST\RECGUARD.EXE" [2002-09-14 212992]
"SoundMan"="SOUNDMAN.EXE" [2004-12-01 77824]
"SunJavaUpdateSched"="c:\program files\Java\jre1.6.0_05\bin\jusched.exe" [2008-02-22 144784]
"Reminder"="c:\windows\Creator\Remind_XP.exe" [2005-03-09 966656]
"ehTray"="c:\windows\ehome\ehtray.exe" [2004-08-10 59392]
"avast5"="c:\program files\Alwil Software\Avast5\avastUI.exe" [2010-09-07 2838912]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"SYSDLL"="SYSDLL" [X]

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Adobe Reader Speed Launch.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\Adobe Reader Speed Launch.lnk
backup=c:\windows\pss\Adobe Reader Speed Launch.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^BigFix.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\BigFix.lnk
backup=c:\windows\pss\BigFix.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^LUMIX Simple Viewer.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\LUMIX Simple Viewer.lnk
backup=c:\windows\pss\LUMIX Simple Viewer.lnkCommon Startup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Cwkhhfej]
c:\program files\S?mantec\t?skmgr.exe [?]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Vhgnsv]
c:\windows\?ymantec\m?hta.exe [?]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AIM]
2004-06-07 20:53 61440 ----a-w- c:\program files\AIM\aim.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BitTorrent DNA]
2010-09-02 02:57 323392 ----a-w- c:\program files\DNA\btdna.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\CHotkey]
2004-05-18 01:30 543232 ----a-w- c:\windows\zHotkey.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DAEMON Tools Pro Agent]
2007-09-06 13:08 136136 ----a-w- c:\program files\DAEMON Tools Pro\DTProAgent.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper]
2010-07-21 19:53 141608 ----a-w- c:\program files\iTunes\iTunesHelper.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Messenger (Yahoo!)]
2009-05-27 01:06 4351216 ----a-w- c:\program files\Yahoo!\Messenger\YahooMessenger.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSMSGS]
2004-10-13 16:24 1694208 ------w- c:\program files\Messenger\msmsgs.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroFilterCheck]
2001-07-09 15:50 155648 ----a-w- c:\windows\system32\NeroCheck.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
2010-03-19 02:16 421888 ----a-w- c:\program files\QuickTime\QTTask.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RemoteControl]
2004-11-03 03:24 32768 ----a-w- c:\program files\CyberLink\PowerDVD\PDVDServ.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RoxWatchTray]
2007-04-23 16:43 228088 ----a-w- c:\program files\Common Files\Roxio Shared\9.0\SharedCOM\RoxWatchTray9.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ShowWnd]
2003-09-19 16:09 36864 ----a-w- c:\windows\ShowWnd.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunKistEM]
2004-11-15 22:04 135168 ----a-w- c:\program files\Digital Media Reader\shwiconEM.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TkBellExe]
2008-01-15 23:59 185896 ----a-w- c:\program files\Common Files\Real\Update_OB\realsched.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\updateMgr]
2006-03-30 21:45 313472 ----a-r- c:\program files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]
"Symantec Core LC"=3 (0x3)
"RoxWatch9"=2 (0x2)
"RoxMediaDB9"=3 (0x3)
"RoxLiveShare9"=2 (0x2)
"Roxio Upnp Server 9"=2 (0x2)
"Roxio UPnP Renderer 9"=3 (0x3)
"PrismXL"=2 (0x2)
"ose"=3 (0x3)
"LexBceS"=2 (0x2)
"iPod Service"=3 (0x3)
"CryptSvc"=3 (0x3)
"Browser"=2 (0x2)
"Bonjour Service"=2 (0x2)
"Ati HotKey Poller"=2 (0x2)
"Apple Mobile Device"=2 (0x2)
"a2free"=2 (0x2)
"JavaQuickStarterService"=2 (0x2)

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
"DisableMonitoring"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\Messenger\\msmsgs.exe"=
"c:\\Program Files\\AIM\\aim.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\Common Files\\AOL\\Loader\\aolload.exe"=
"c:\\Program Files\\AIM6\\aim6.exe"=
"c:\\Program Files\\DNA\\btdna.exe"=
"c:\\Program Files\\BitTorrent\\bittorrent.exe"=
"c:\\Program Files\\Spybot - Search & Destroy\\SDUpdate.exe"=
"c:\\Program Files\\CCleaner\\CCleaner.exe"=
"c:\\Program Files\\Mozilla Firefox\\firefox.exe"=
"c:\\Program Files\\VideoLAN\\VLC\\vlc.exe"=
"c:\\Program Files\\FrostWire\\FrostWire.exe"=
"c:\\Program Files\\Yahoo!\\Messenger\\YahooMessenger.exe"=
"c:\\BTGUARD\\uTorrent.exe"=
"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"c:\\Program Files\\iTunes\\iTunes.exe"=
"c:\\Program Files\\uTorrent\\uTorrent.exe"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"14004:TCP"= 14004:TCP:PORT_14004
"29816:TCP"= 29816:TCP:PORT_29816
"60070:TCP"= 60070:TCP:PORT_60070
"44684:TCP"= 44684:TCP:PORT_44684
"24731:TCP"= 24731:TCP:PORT_24731
"20103:TCP"= 20103:TCP:PORT_20103
"62692:TCP"= 62692:TCP:PORT_62692
"57044:TCP"= 57044:TCP:PORT_57044
"24310:TCP"= 24310:TCP:PORT_24310
"41906:TCP"= 41906:TCP:PORT_41906
"36447:TCP"= 36447:TCP:PORT_36447
"37628:TCP"= 37628:TCP:PORT_37628
"36302:TCP"= 36302:TCP:PORT_36302
"11168:TCP"= 11168:TCP:PORT_11168
"64043:TCP"= 64043:TCP:PORT_64043
"53229:TCP"= 53229:TCP:PORT_53229
"5336:TCP"= 5336:TCP:PORT_5336
"62058:TCP"= 62058:TCP:PORT_62058
"17173:TCP"= 17173:TCP:PORT_17173
"15606:TCP"= 15606:TCP:PORT_15606
"15011:TCP"= 15011:TCP:PORT_15011
"60449:TCP"= 60449:TCP:PORT_60449
"27230:TCP"= 27230:TCP:PORT_27230
"46330:TCP"= 46330:TCP:PORT_46330
"62238:TCP"= 62238:TCP:PORT_62238
"17417:TCP"= 17417:TCP:PORT_17417
"43591:TCP"= 43591:TCP:PORT_43591
"25900:TCP"= 25900:TCP:PORT_25900
"37482:TCP"= 37482:TCP:PORT_37482
"58184:TCP"= 58184:TCP:PORT_58184
"50557:TCP"= 50557:TCP:PORT_50557
"30120:TCP"= 30120:TCP:PORT_30120
"52228:TCP"= 52228:TCP:PORT_52228
"55558:TCP"= 55558:TCP:PORT_55558
"31048:TCP"= 31048:TCP:PORT_31048
"38295:TCP"= 38295:TCP:PORT_38295
"38719:TCP"= 38719:TCP:PORT_38719
"63504:TCP"= 63504:TCP:PORT_63504
"37957:TCP"= 37957:TCP:PORT_37957
"16988:TCP"= 16988:TCP:PORT_16988
"12119:TCP"= 12119:TCP:PORT_12119
"55129:TCP"= 55129:TCP:PORT_55129
"51465:TCP"= 51465:TCP:PORT_51465
"60066:TCP"= 60066:TCP:PORT_60066
"7176:TCP"= 7176:TCP:PORT_7176
"28925:TCP"= 28925:TCP:PORT_28925
"58034:TCP"= 58034:TCP:PORT_58034
"40129:TCP"= 40129:TCP:PORT_40129
"15018:TCP"= 15018:TCP:PORT_15018
"6887:TCP"= 6887:TCP:PORT_6887
"9119:TCP"= 9119:TCP:PORT_9119
"54365:TCP"= 54365:TCP:PORT_54365
"40895:TCP"= 40895:TCP:PORT_40895
"13606:TCP"= 13606:TCP:PORT_13606
"59463:TCP"= 59463:TCP:PORT_59463
"21855:TCP"= 21855:TCP:PORT_21855
"18194:TCP"= 18194:TCP:PORT_18194
"62844:TCP"= 62844:TCP:PORT_62844
"49200:TCP"= 49200:TCP:PORT_49200
"7563:TCP"= 7563:TCP:PORT_7563
"50926:TCP"= 50926:TCP:PORT_50926
"39004:TCP"= 39004:TCP:PORT_39004
"53158:TCP"= 53158:TCP:PORT_53158
"49524:TCP"= 49524:TCP:PORT_49524
"14815:TCP"= 14815:TCP:PORT_14815
"62773:TCP"= 62773:TCP:PORT_62773
"34136:TCP"= 34136:TCP:PORT_34136
"28819:TCP"= 28819:TCP:PORT_28819
"35000:TCP"= 35000:TCP:PORT_35000
"63631:TCP"= 63631:TCP:PORT_63631
"63328:TCP"= 63328:TCP:PORT_63328
"13948:TCP"= 13948:TCP:PORT_13948
"29661:TCP"= 29661:TCP:PORT_29661
"22660:TCP"= 22660:TCP:PORT_22660
"21670:TCP"= 21670:TCP:PORT_21670
"22553:TCP"= 22553:TCP:PORT_22553
"43055:TCP"= 43055:TCP:PORT_43055
"24013:TCP"= 24013:TCP:PORT_24013
"27544:TCP"= 27544:TCP:PORT_27544
"34539:TCP"= 34539:TCP:PORT_34539
"55926:TCP"= 55926:TCP:PORT_55926
"53078:TCP"= 53078:TCP:PORT_53078
"22728:TCP"= 22728:TCP:PORT_22728
"31172:TCP"= 31172:TCP:PORT_31172
"34083:TCP"= 34083:TCP:PORT_34083
"38950:TCP"= 38950:TCP:PORT_38950
"10895:TCP"= 10895:TCP:PORT_10895
"35711:TCP"= 35711:TCP:PORT_35711
"35717:TCP"= 35717:TCP:PORT_35717
"32195:TCP"= 32195:TCP:PORT_32195
"59125:TCP"= 59125:TCP:PORT_59125
"60611:TCP"= 60611:TCP:PORT_60611
"63820:TCP"= 63820:TCP:PORT_63820
"47953:TCP"= 47953:TCP:PORT_47953
"7705:TCP"= 7705:TCP:PORT_7705
"21754:TCP"= 21754:TCP:PORT_21754
"18563:TCP"= 18563:TCP:PORT_18563
"27242:TCP"= 27242:TCP:PORT_27242
"12106:TCP"= 12106:TCP:PORT_12106
"12488:TCP"= 12488:TCP:PORT_12488
"21898:TCP"= 21898:TCP:PORT_21898
"31375:TCP"= 31375:TCP:PORT_31375
"38034:TCP"= 38034:TCP:PORT_38034
"6391:TCP"= 6391:TCP:PORT_6391
"64689:TCP"= 64689:TCP:PORT_64689
"45805:TCP"= 45805:TCP:PORT_45805
"59451:TCP"= 59451:TCP:PORT_59451
"49712:TCP"= 49712:TCP:PORT_49712
"24763:TCP"= 24763:TCP:PORT_24763
"36047:TCP"= 36047:TCP:PORT_36047
"60414:TCP"= 60414:TCP:PORT_60414
"50356:TCP"= 50356:TCP:PORT_50356
"28477:TCP"= 28477:TCP:PORT_28477
"30486:TCP"= 30486:TCP:PORT_30486
"28555:TCP"= 28555:TCP:PORT_28555
"30311:TCP"= 30311:TCP:PORT_30311
"46348:TCP"= 46348:TCP:PORT_46348
"37764:TCP"= 37764:TCP:PORT_37764
"47348:TCP"= 47348:TCP:PORT_47348
"18360:TCP"= 18360:TCP:PORT_18360
"28754:TCP"= 28754:TCP:PORT_28754
"8394:TCP"= 8394:TCP:PORT_8394
"61004:TCP"= 61004:TCP:PORT_61004
"29875:TCP"= 29875:TCP:PORT_29875
"14980:TCP"= 14980:TCP:PORT_14980
"5480:TCP"= 5480:TCP:PORT_5480
"39973:TCP"= 39973:TCP:PORT_39973
"21071:TCP"= 21071:TCP:PORT_21071
"33165:TCP"= 33165:TCP:PORT_33165
"17910:TCP"= 17910:TCP:PORT_17910
"45285:TCP"= 45285:TCP:PORT_45285
"65438:TCP"= 65438:TCP:PORT_65438
"46063:TCP"= 46063:TCP:PORT_46063
"64176:TCP"= 64176:TCP:PORT_64176
"44620:TCP"= 44620:TCP:PORT_44620
"42004:TCP"= 42004:TCP:PORT_42004
"54226:TCP"= 54226:TCP:PORT_54226
"40528:TCP"= 40528:TCP:PORT_40528
"51689:TCP"= 51689:TCP:PORT_51689
"5348:TCP"= 5348:TCP:PORT_5348
"25344:TCP"= 25344:TCP:PORT_25344
"30047:TCP"= 30047:TCP:PORT_30047
"40409:TCP"= 40409:TCP:PORT_40409
"40214:TCP"= 40214:TCP:PORT_40214
"28488:TCP"= 28488:TCP:PORT_28488
"46508:TCP"= 46508:TCP:PORT_46508
"12025:TCP"= 12025:TCP:PORT_12025
"13223:TCP"= 13223:TCP:PORT_13223
"11926:TCP"= 11926:TCP:PORT_11926
"17581:TCP"= 17581:TCP:PORT_17581
"61891:TCP"= 61891:TCP:PORT_61891
"39165:TCP"= 39165:TCP:PORT_39165
"55301:TCP"= 55301:TCP:PORT_55301
"27095:TCP"= 27095:TCP:PORT_27095
"36133:TCP"= 36133:TCP:PORT_36133
"47050:TCP"= 47050:TCP:PORT_47050
"34638:TCP"= 34638:TCP:PORT_34638
"6974:TCP"= 6974:TCP:PORT_6974
"55973:TCP"= 55973:TCP:PORT_55973
"58553:TCP"= 58553:TCP:PORT_58553
"24278:TCP"= 24278:TCP:PORT_24278
"8907:TCP"= 8907:TCP:PORT_8907
"28785:TCP"= 28785:TCP:PORT_28785
"14594:TCP"= 14594:TCP:PORT_14594
"65117:TCP"= 65117:TCP:PORT_65117
"17989:TCP"= 17989:TCP:PORT_17989
"16603:TCP"= 16603:TCP:PORT_16603
"34110:TCP"= 34110:TCP:PORT_34110
"58943:TCP"= 58943:TCP:PORT_58943
"33278:TCP"= 33278:TCP:PORT_33278
"26505:TCP"= 26505:TCP:PORT_26505
"9739:TCP"= 9739:TCP:PORT_9739
"32649:TCP"= 32649:TCP:PORT_32649
"10067:TCP"= 10067:TCP:PORT_10067
"48785:TCP"= 48785:TCP:PORT_48785
"16366:TCP"= 16366:TCP:PORT_16366
"35988:TCP"= 35988:TCP:PORT_35988
"50315:TCP"= 50315:TCP:PORT_50315
"35978:TCP"= 35978:TCP:PORT_35978
"47116:TCP"= 47116:TCP:PORT_47116
"30598:TCP"= 30598:TCP:PORT_30598
"24645:TCP"= 24645:TCP:PORT_24645
"6405:TCP"= 6405:TCP:PORT_6405
"33901:TCP"= 33901:TCP:PORT_33901
"26845:TCP"= 26845:TCP:PORT_26845
"47629:TCP"= 47629:TCP:PORT_47629
"26551:TCP"= 26551:TCP:PORT_26551
"18126:TCP"= 18126:TCP:PORT_18126
"13969:TCP"= 13969:TCP:PORT_13969
"27746:TCP"= 27746:TCP:PORT_27746
"16255:TCP"= 16255:TCP:PORT_16255
"59477:TCP"= 59477:TCP:PORT_59477
"22691:TCP"= 22691:TCP:PORT_22691
"47000:TCP"= 47000:TCP:PORT_47000
"5731:TCP"= 5731:TCP:PORT_5731
"17021:TCP"= 17021:TCP:PORT_17021
"45438:TCP"= 45438:TCP:PORT_45438
"6161:TCP"= 6161:TCP:PORT_6161
"57778:TCP"= 57778:TCP:PORT_57778
"60646:TCP"= 60646:TCP:PORT_60646
"28504:TCP"= 28504:TCP:PORT_28504
"30906:TCP"= 30906:TCP:PORT_30906
"7165:TCP"= 7165:TCP:PORT_7165
"41970:TCP"= 41970:TCP:PORT_41970
"5078:TCP"= 5078:TCP:PORT_5078
"26770:TCP"= 26770:TCP:PORT_26770
"22957:TCP"= 22957:TCP:PORT_22957
"55938:TCP"= 55938:TCP:PORT_55938
"22565:TCP"= 22565:TCP:PORT_22565
"24684:TCP"= 24684:TCP:PORT_24684
"56116:TCP"= 56116:TCP:PORT_56116
"23516:TCP"= 23516:TCP:PORT_23516
"8301:TCP"= 8301:TCP:PORT_8301
"45680:TCP"= 45680:TCP:PORT_45680
"26637:TCP"= 26637:TCP:PORT_26637
"42243:TCP"= 42243:TCP:PORT_42243
"56010:TCP"= 56010:TCP:PORT_56010
"38325:TCP"= 38325:TCP:PORT_38325
"9496:TCP"= 9496:TCP:PORT_9496
"24075:TCP"= 24075:TCP:PORT_24075
"20817:TCP"= 20817:TCP:PORT_20817
"53406:TCP"= 53406:TCP:PORT_53406
"48208:TCP"= 48208:TCP:PORT_48208
"51529:TCP"= 51529:TCP:PORT_51529
"30270:TCP"= 30270:TCP:PORT_30270
"10301:TCP"= 10301:TCP:PORT_10301
"27750:TCP"= 27750:TCP:PORT_27750
"39250:TCP"= 39250:TCP:PORT_39250
"43624:TCP"= 43624:TCP:PORT_43624
"30806:TCP"= 30806:TCP:PORT_30806
"16165:TCP"= 16165:TCP:PORT_16165
"23825:TCP"= 23825:TCP:PORT_23825
"65098:TCP"= 65098:TCP:PORT_65098
"18125:TCP"= 18125:TCP:PORT_18125
"57943:TCP"= 57943:TCP:PORT_57943
"57258:TCP"= 57258:TCP:PORT_57258
"60541:TCP"= 60541:TCP:PORT_60541
"57988:TCP"= 57988:TCP:PORT_57988
"5128:TCP"= 5128:TCP:PORT_5128
"46822:TCP"= 46822:TCP:PORT_46822
"11521:TCP"= 11521:TCP:PORT_11521
"8381:TCP"= 8381:TCP:PORT_8381
"43289:TCP"= 43289:TCP:PORT_43289
"61098:TCP"= 61098:TCP:PORT_61098
"48953:TCP"= 48953:TCP:PORT_48953
"10200:TCP"= 10200:TCP:PORT_10200
"29348:TCP"= 29348:TCP:PORT_29348
"26728:TCP"= 26728:TCP:PORT_26728
"28320:TCP"= 28320:TCP:PORT_28320
"44973:TCP"= 44973:TCP:PORT_44973
"16317:TCP"= 16317:TCP:PORT_16317
"57238:TCP"= 57238:TCP:PORT_57238
"17540:TCP"= 17540:TCP:PORT_17540
"6881:TCP"= 6881:TCP:PORT_6881
"28807:TCP"= 28807:TCP:PORT_28807
"46341:TCP"= 46341:TCP:PORT_46341
"64988:TCP"= 64988:TCP:PORT_64988
"42368:TCP"= 42368:TCP:PORT_42368
"64649:TCP"= 64649:TCP:PORT_64649
"37243:TCP"= 37243:TCP:PORT_37243
"33497:TCP"= 33497:TCP:PORT_33497
"60141:TCP"= 60141:TCP:PORT_60141
"5262:TCP"= 5262:TCP:PORT_5262
"61867:TCP"= 61867:TCP:PORT_61867
"50238:TCP"= 50238:TCP:PORT_50238
"57090:TCP"= 57090:TCP:PORT_57090
"28582:TCP"= 28582:TCP:PORT_28582
"40515:TCP"= 40515:TCP:PORT_40515
"36661:TCP"= 36661:TCP:PORT_36661
"26765:TCP"= 26765:TCP:PORT_26765
"16802:TCP"= 16802:TCP:PORT_16802
"33973:TCP"= 33973:TCP:PORT_33973
"14700:TCP"= 14700:TCP:PORT_14700
"43406:TCP"= 43406:TCP:PORT_43406
"20363:TCP"= 20363:TCP:PORT_20363
"59368:TCP"= 59368:TCP:PORT_59368
"54799:TCP"= 54799:TCP:PORT_54799
"38536:TCP"= 38536:TCP:PORT_38536
"31020:TCP"= 31020:TCP:PORT_31020
"17207:TCP"= 17207:TCP:PORT_17207
"49797:TCP"= 49797:TCP:PORT_49797
"41445:TCP"= 41445:TCP:PORT_41445
"9004:TCP"= 9004:TCP:PORT_9004
"45426:TCP"= 45426:TCP:PORT_45426
"22541:TCP"= 22541:TCP:PORT_22541
"28254:TCP"= 28254:TCP:PORT_28254
"58914:TCP"= 58914:TCP:PORT_58914
"56664:TCP"= 56664:TCP:PORT_56664
"39826:TCP"= 39826:TCP:PORT_39826
"23665:TCP"= 23665:TCP:PORT_23665
"27051:TCP"= 27051:TCP:PORT_27051
"26820:TCP"= 26820:TCP:PORT_26820
"27008:TCP"= 27008:TCP:PORT_27008
"36081:TCP"= 36081:TCP:PORT_36081
"47868:TCP"= 47868:TCP:PORT_47868
"31926:TCP"= 31926:TCP:PORT_31926
"20862:TCP"= 20862:TCP:PORT_20862
"9475:TCP"= 9475:TCP:PORT_9475
"19934:TCP"= 19934:TCP:PORT_19934
"34531:TCP"= 34531:TCP:PORT_34531

R0 aswNdis;avast! Firewall NDIS Filter Service;c:\windows\system32\drivers\aswNdis.sys [11/5/2010 12:24 PM 12112]
R0 aswNdis2;avast! Firewall Core Firewall Service;c:\windows\system32\drivers\aswNdis2.sys [11/5/2010 12:25 PM 190416]
R0 sptd;sptd;c:\windows\system32\drivers\sptd.sys [6/12/2009 3:34 PM 717296]
R1 aswFW;avast! TDI Firewall driver;c:\windows\system32\drivers\aswFW.sys [11/5/2010 12:25 PM 99792]
R1 aswSnx;aswSnx;c:\windows\system32\drivers\aswSnx.sys [11/5/2010 12:25 PM 340048]
R1 aswSP;aswSP;c:\windows\system32\drivers\aswSP.sys [6/22/2009 11:55 PM 165584]
R2 aswFsBlk;aswFsBlk;c:\windows\system32\drivers\aswFsBlk.sys [6/22/2009 11:55 PM 17744]
S2 avast! Firewall;avast! Firewall;c:\program files\Alwil Software\Avast5\afwServ.exe [11/5/2010 12:24 PM 119200]
S3 EraserUtilRebootDrv;EraserUtilRebootDrv;\??\c:\program files\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys --> c:\program files\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [?]
S4 a2free;a-squared Free Service;c:\program files\a-squared Free\a2service.exe [6/17/2009 2:13 AM 718880]
S4 Viewpoint Manager Service;Viewpoint Manager Service;c:\program files\Viewpoint\Common\ViewpointService.exe [7/16/2007 7:25 PM 24652]
.
Contents of the 'Scheduled Tasks' folder
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.google.com/
uInternet Settings,ProxyServer = http=localhost:7171
uInternet Settings,ProxyOverride = *.local;<local>
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
IE: {{d9288080-1baa-4bc4-9cf8-a92d743db949} - c:\documents and settings\Owner\Start Menu\Programs\IMVU\Run IMVU.lnk
DPF: {EF148DBB-5B6D-4130-B2A1-661571E86260} - hxxp://games.pogo.com/online2/pogo/mahjong_escape_ancient/PTGameLauncher.cab
FF - ProfilePath - c:\documents and settings\Owner\Application Data\Mozilla\Firefox\Profiles\l1phwphy.default\
FF - Ext: Default: {972ce4c6-7e08-4474-a285-3208198ce6fd} - c:\program files\Mozilla Firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA} - c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA} - c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA} - c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}
FF - Ext: Java Quick Starter: jqs@sun.com - c:\program files\Java\jre6\lib\deploy\jqs\ff
.
- - - - ORPHANS REMOVED - - - -

URLSearchHooks-*CFBFAE00-17A6-11D0-99CB-00C04FD64497} - (no file)
HKLM-Run-EPSON Stylus Photo R340 Series - c:\windows\System32\spool\DRIVERS\W32X86\3\E_FATIAJA.EXE
HKLM-Run-AIMWDInstallFilename - c:\progra~1\AIM\AIMWDI~1.EXE
MSConfigStartUp-Ad-Watch - c:\program files\Lavasoft\Ad-Aware\AAWTray.exe
MSConfigStartUp-BearShare - c:\program files\BearShare\BearShare.exe
MSConfigStartUp-Win32 Firewall - c:\docume~1\Owner\LOCALS~1\Temp\978.exe



**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2010-12-18 23:58
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'winlogon.exe'(868)
c:\windows\system32\Ati2evxx.dll

- - - - - - - > 'explorer.exe'(3124)
c:\windows\system32\WININET.dll
c:\windows\system32\ieframe.dll
c:\windows\system32\mshtml.dll
.
------------------------ Other Running Processes ------------------------
.
c:\program files\Alwil Software\Avast5\AvastSvc.exe
c:\windows\eHome\ehRecvr.exe
c:\windows\eHome\ehSched.exe
c:\program files\Java\jre6\bin\jqs.exe
c:\windows\system32\dllhost.exe
c:\windows\SOUNDMAN.EXE
c:\windows\eHome\ehmsas.exe
c:\windows\system32\taskmgr.exe
c:\windows\SoftwareDistribution\Download\d0000506503afe0296e18a61659526d0\update\update.exe
.
**************************************************************************
.
Completion time: 2010-12-19 00:08:33 - machine was rebooted
ComboFix-quarantined-files.txt 2010-12-19 05:08

Pre-Run: 12,272,037,888 bytes free
Post-Run: 12,317,413,376 bytes free

WindowsXP-KB310994-SP2-Pro-BootDisk-ENU.exe
[boot loader]
timeout=2
default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS
[operating systems]
c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
UnsupportedDebug="do not select this" /debug
multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Windows XP Media Center Edition" /noexecute=optin /fastdetect

- - End Of File - - 5B416C8F6FD3722D855E8B15A5341792

#14 hypnotictonic420

hypnotictonic420
  • Topic Starter

  • Members
  • 17 posts
  • OFFLINE
  •  
  • Local time:09:57 AM

Posted 19 December 2010 - 12:22 AM

I was just looking that over..I see in the top part entries about AVG and how it was updated and such? WTFFFFFFFFFFFFFFFF...I deleted this stupid thing, it should be gone, I went through and got rid of every bit of it I could possibly find anywhere after i uninstalled it and after i used AVG's uninstall tool, this is insane..How can they be allowed to do that? Also, im curious as to why I have so many "svchost.exe" processes? Is this normal? There is one in particular that seems to be eating up a lot of memory..Think this could be part of the problem or it could be a virus in disguise??

Edited by hypnotictonic420, 19 December 2010 - 12:25 AM.


#15 thcbytes

thcbytes

  • Malware Response Team
  • 14,790 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:09:57 AM

Posted 19 December 2010 - 11:03 AM

Well done. :thumbup2:

Are you still getting the AVG popup when you run CF?

==========

The detection in TDSSKiller is a false positive.

==========

Your computer is severely infected.

Please note...

One or more of the identified infections was a Backdoor trojan/Rootkit.

This can allow hackers to potentially remotely control your computer, steal critical system information and download and execute files.

If you do any banking or other financial transactions on the PC or if it should contain any other sensitive information, please get to a known clean computer and change all passwords where applicable, and it would be wise to contact those same financial institutions to apprise them of your situation.

Though the trojan has been identified and killed, because of it's backdoor functionality, your PC is very likely compromised and there is no way to be sure your computer can ever again be trusted. Many experts in the security community believe that once infected with this type of trojan, the best course of action would be a reformat and reinstall of the OS. Please read these for more information:

How Do I Handle Possible Identify Theft, Internet Fraud and CC Fraud?
When Should I Format, How Should I Reinstall

I can still clean this machine but I can't guarantee that it will be 100% secure afterward. If after careful consideration you have decided to continue with cleanup then please proceed as I have outlined below.

==========

Please open Notepad (Start -> Run -> type notepad in the Open field -> OK) and copy and paste the text inside the code box below:

Windows Registry Editor Version 5.00

[-HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]

Name the file as regedit.reg, making sure save as type is set to " All Files ".
Double click on regedit.reg & allow it to run.



==========

This next.....

:exclame: Warning: This script was specifically written and designed for this user only. Unsupervised use of this tool could render your computer unbootable permanently!! :exclame:

1. Close any open browsers.

2. Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.

3. Open notepad and copy/paste the all of the text in the quotebox below (including the hyperlink if present) into it:

4. Combofix might upload a few suspicious files. Please allow this!!

SecCenter::
AV: AVG Anti-Virus Free *Enabled/Updated* {17DDD097-36FF-435F-9E1B-52D74245D6BF}

File::
c:\program files\Viewpoint\Common\ViewpointService.exe

Registry::
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Fbw"=-
"Ztfknl"=-
"Axuikx"=-
"Tjlqt"=-
"Xmheontv"=-
"Ujex"=-
"Faaq"=-
"Sysfud"=-
"Szjzbfm"=-
"Foankq"=-
"Zyo"=-
"Ztaeasmq"=-
"Hobnnhs"=-
"Pzge"=-
"Nbnp"=-
"Cbbbvvn"=-
"Flykr"=-
"Amkaygx"=-

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"SYSDLL"=-

[-HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Cwkhhfej]

[-HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Vhgnsv]

Driver::
Viewpoint Manager Service

DDS::
uInternet Settings,ProxyServer = http=localhost:7171
uInternet Settings,ProxyOverride = *.local;<local>


Save this as CFScript.txt, in the same location as ComboFix.exe


Posted Image

Refering to the picture above, drag CFScript into ComboFix.exe

When finished, it shall produce a log for you at C:\ComboFix.txt which I will require in your next reply.

How is your computer running now?

Regards,
thcbytes
Proud member - Unified Network of Instructors and Trained Eliminators
Posted Image

I do not accept personal donations for assistance provided. I would ask that you instead consider donating the greatest gift - Organ Donation. Your organs are of no use to you when your gone. You will save a life that would otherwise be lost!

http://donatelife.net/register-now/




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users