Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

TR/Agent.163840.A, TR/Agent.awz & TR/Spy.24064.7


  • This topic is locked This topic is locked
19 replies to this topic

#1 memawbrendax5

memawbrendax5

  • Members
  • 15 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:OHIO
  • Local time:10:52 PM

Posted 17 December 2010 - 10:00 PM

Was trying to open internet explorer and a virus popup occurred. Stated that I had multiple viruses and started scanning my computer.
This popup was not from my anti virus program, so I closed the program and and my virus program scanned and these items appeared. Now
every time I look up a website, I get redirected,especially when I was looking for help from your site and others. I could not click on the
main web page site, I would have to click on on of the forum feeds in order to not be redirected.


DDS (Ver_10-12-12.02) - NTFSx86
Run by Brenda at 20:01:56.59 on Fri 12/17/2010
Internet Explorer: 8.0.7600.16385
Microsoft Windows 7 Home Premium 6.1.7600.0.1252.1.1033.18.3062.1468 [GMT -5:00]

AV: Lavasoft Ad-Watch Live! Anti-Virus *Enabled/Updated* {DAAC1C79-1A96-9DFE-FC4C-6940214C33E6}
AV: AntiVir Desktop *Enabled/Updated* {090F9C29-64CE-6C6F-379C-5901B49A85B7}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
SP: Lavasoft Ad-Watch Live! *Enabled/Updated* {61CDFD9D-3CAC-9270-C6FC-52325ACB795B}
SP: AntiVir Desktop *Enabled/Updated* {B26E7DCD-42F4-63E1-0D2C-6273CF1DCF0A}

============== Running Processes ===============

C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\svchost.exe -k RPCSS
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\svchost.exe -k NetworkService
C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe
C:\Windows\System32\spoolsv.exe
C:\Program Files\Avira\AntiVir Desktop\sched.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Windows\system32\taskhost.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Windows\system32\aestsrv.exe
C:\Program Files\Avira\AntiVir Desktop\avguard.exe
C:\Program Files\DellTPad\Apoint.exe
C:\Program Files\Sigmatel\C-Major Audio\WDM\sttray.exe
C:\Windows\OEM02Mon.exe
C:\Windows\System32\WLTRAY.EXE
C:\Program Files\Intel\Intel Matrix Storage Manager\IAAnotif.exe
C:\Program Files\Dell\MediaDirect\PCMService.exe
C:\Program Files\Avira\AntiVir Desktop\avgnt.exe
C:\Program Files\Common Files\Java\Java Update\jusched.exe
C:\Windows\System32\igfxtray.exe
C:\Windows\System32\igfxpers.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Windows\system32\svchost.exe -k hpdevmgmt
C:\Program Files\DellTPad\ApMsgFwd.exe
C:\Program Files\Intel\Intel Matrix Storage Manager\Iaantmon.exe
C:\Windows\system32\igfxsrvc.exe
C:\Program Files\Avira\AntiVir Desktop\avshadow.exe
C:\Program Files\DellTPad\HidFind.exe
C:\Windows\system32\conhost.exe
C:\Program Files\DellTPad\Apntex.exe
C:\Windows\system32\conhost.exe
C:\Program Files\Novatel Wireless\Novacore\Server\NvtlSrvr.exe
C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
C:\Program Files\Dell Support Center\bin\sprtsvc.exe
c:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe
C:\Windows\system32\STacSV.exe
C:\Windows\system32\svchost.exe -k imgsvc
C:\Program Files\Sprint\Sprint SmartView\RDVCHG.exe
C:\Program Files\HTC\HTC Sync\Application Launcher\Application Launcher.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
C:\Program Files\Digital Line Detect\DLG.exe
C:\Users\Brenda\AppData\Local\Google\Update\1.2.183.39\GoogleCrashHandler.exe
C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
C:\Program Files\Dell\QuickSet\quickset.exe
C:\Program Files\Common Files\Teleca Shared\CapabilityManager.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
C:\Windows\System32\WLTRYSVC.EXE
C:\Program Files\Common Files\Teleca Shared\logger.exe
C:\Windows\system32\DRIVERS\xaudio.exe
C:\Windows\System32\bcmwltry.exe
C:\Windows\system32\SearchIndexer.exe
C:\Windows\system32\svchost.exe -k HPService
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Common Files\Teleca Shared\Generic.exe
C:\Windows\system32\wbem\unsecapp.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Program Files\HTC\HTC Sync\ClientInitiatedStarter\ClientInitiatedStarter.exe
C:\Program Files\HTC\HTC Sync\Mobile Phone Monitor\epmworker.exe
C:\Windows\System32\svchost.exe -k LocalServicePeerNet
C:\Program Files\HTC\HTC Sync\Mobile Phone Monitor\HTCVBTServer.exe
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\Program Files\HTC\HTC Sync\Mobile Phone Monitor\FsynSrvStarter.exe
C:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe
C:\Program Files\HP\Digital Imaging\bin\hpqbam08.exe
C:\Program Files\HP\Digital Imaging\bin\hpqgpc01.exe
C:\Windows\system32\DllHost.exe
C:\Program Files\Lavasoft\Ad-Aware\AAWTray.exe
C:\Windows\system32\svchost.exe -k SDRSVC
C:\Windows\system32\wuauclt.exe
C:\Program Files\Common Files\Java\Java Update\jucheck.exe
C:\Program Files\MSN Toolbar\Platform\4.0.0360.0\mswinext.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Microsoft\Search Enhancement Pack\SCServer\SCServer.exe
C:\Program Files\HP\Digital Imaging\smart web printing\hpswp_clipbook.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Users\Brenda\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\62Z6OS7S\Defogger[1].exe
C:\Windows\system32\conhost.exe
C:\Windows\system32\taskeng.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Windows\system32\SearchProtocolHost.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Windows\system32\SearchProtocolHost.exe
C:\Users\Brenda\Desktop\dds.scr
C:\Windows\system32\conhost.exe
C:\Windows\system32\wbem\wmiprvse.exe

============== Pseudo HJT Report ===============

uDefault_Page_URL = hxxp://www.google.com/ig/dell?hl=en&client=dell-usuk-rel&channel=us&ibd=1080725
uStart Page = hxxp://www.google.com/
uWindow Title = Internet Explorer provided by Dell
uInternet Settings,ProxyOverride = *.local
uURLSearchHooks: Yahoo! Toolbar: {ef99bd32-c1fb-11d2-892f-0090271d4f88} - c:\program files\yahoo!\companion\installs\cpn\yt.dll
uURLSearchHooks: PageRage Toolbar: {9565115d-c7d6-46d3-bd63-b67b481a4368} - c:\program files\pagerage\tbPag1.dll
mURLSearchHooks: PageRage Toolbar: {9565115d-c7d6-46d3-bd63-b67b481a4368} - c:\program files\pagerage\tbPag1.dll
BHO: &Yahoo! Toolbar Helper: {02478d38-c3f9-4efb-9b51-7695eca05670} - c:\program files\yahoo!\companion\installs\cpn\yt.dll
BHO: HP Print Enhancer: {0347c33e-8762-4905-bf09-768834316c61} - c:\program files\hp\digital imaging\smart web printing\hpswp_printenhancer.dll
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll
BHO: Search Helper: {6ebf7485-159f-4bff-a14f-b9e3aac4465b} - c:\program files\microsoft\search enhancement pack\search helper\SEPsearchhelperie.dll
BHO: Windows Live ID Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - c:\program files\common files\microsoft shared\windows live\WindowsLiveLogin.dll
BHO: PageRage Toolbar: {9565115d-c7d6-46d3-bd63-b67b481a4368} - c:\program files\pagerage\tbPag1.dll
BHO: Google Toolbar Helper: {aa58ed58-01dd-4d91-8333-cf10577473f7} - c:\program files\google\google toolbar\GoogleToolbar.dll
BHO: Google Toolbar Notifier BHO: {af69de43-7d58-4638-b6fa-ce66b5ad205d} - c:\program files\google\googletoolbarnotifier\5.0.926.3450\swg.dll
BHO: CBrowserHelperObject Object: {ca6319c0-31b7-401e-a518-a07c3db8f777} - c:\program files\dell\bae\BAE.dll
BHO: MSN Toolbar BHO: {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - c:\program files\msn toolbar\platform\4.0.0360.0\npwinext.dll
BHO: Java™ Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
BHO: Yontoo Layers: {fd72061e-9fde-484d-a58a-0bab4151cad8} - c:\program files\yontoo layers client\YontooIEClient.dll
BHO: SingleInstance Class: {fdad4da1-61a2-4fd8-9c17-86f7ac245081} - c:\program files\yahoo!\companion\installs\cpn\YTSingleInstance.dll
BHO: HP Smart BHO Class: {ffffffff-cf4e-4f2b-bdc2-0e72e116a856} - c:\program files\hp\digital imaging\smart web printing\hpswp_BHO.dll
TB: &Google Toolbar: {2318c2b1-4965-11d4-9b18-009027a5cd4f} - c:\program files\google\google toolbar\GoogleToolbar.dll
TB: Yahoo! Toolbar: {ef99bd32-c1fb-11d2-892f-0090271d4f88} - c:\program files\yahoo!\companion\installs\cpn\yt.dll
TB: MSN Toolbar: {8dcb7100-df86-4384-8842-8fa844297b3f} - c:\program files\msn toolbar\platform\4.0.0360.0\npwinext.dll
TB: PageRage Toolbar: {9565115d-c7d6-46d3-bd63-b67b481a4368} - c:\program files\pagerage\tbPag1.dll
TB: {604BC32A-9680-40D1-9AC6-E06B23A1BA4C} - No File
EB: HP Smart Web Printing: {555d4d79-4bd2-4094-a395-cfc534424a05} - c:\program files\hp\digital imaging\smart web printing\hpswp_bho.dll
uRun: [cdloader] "c:\users\brenda\appdata\roaming\mjusbsp\cdloader2.exe" MAGICJACK
uRun: [DellSupportCenter] "c:\program files\dell support center\bin\sprtcmd.exe" /P DellSupportCenter
uRun: [ehTray.exe] c:\windows\ehome\ehTray.exe
uRun: [Google Update] "c:\users\brenda\appdata\local\google\update\GoogleUpdate.exe" /c
mRun: [Apoint] c:\program files\delltpad\Apoint.exe
mRun: [SigmatelSysTrayApp] %ProgramFiles%\SigmaTel\C-Major Audio\WDM\sttray.exe
mRun: [OEM02Mon.exe] c:\windows\OEM02Mon.exe
mRun: [Broadcom Wireless Manager UI] c:\windows\system32\WLTRAY.exe
mRun: [DELL Webcam Manager] "c:\program files\dell\dell webcam manager\DellWMgr.exe" /s
mRun: [dellsupportcenter] "c:\program files\dell support center\bin\sprtcmd.exe" /P dellsupportcenter
mRun: [dscactivate] "c:\program files\dell support center\gs_agent\custom\dsca.exe"
mRun: [IAAnotif] "c:\program files\intel\intel matrix storage manager\Iaanotif.exe"
mRun: [PCMService] "c:\program files\dell\mediadirect\PCMService.exe"
mRun: [avgnt] "c:\program files\avira\antivir desktop\avgnt.exe" /min
mRun: [Microsoft Default Manager] "c:\program files\microsoft\search enhancement pack\default manager\DefMgr.exe" -resume
mRun: [SunJavaUpdateSched] "c:\program files\common files\java\java update\jusched.exe"
mRun: [IgfxTray] c:\windows\system32\igfxtray.exe
mRun: [HotKeysCmds] c:\windows\system32\hkcmd.exe
mRun: [Persistence] c:\windows\system32\igfxpers.exe
mRun: [hpqSRMon] c:\program files\hp\digital imaging\bin\hpqSRMon.exe
mRun: [RDVCHG] "c:\program files\sprint\sprint smartview\RDVCHG.exe"
mRun: [Mobile Connectivity Suite] "c:\program files\htc\htc sync\application launcher\Application Launcher.exe" /startoptions
mRun: [QuickTime Task] "c:\program files\quicktime\QTTask.exe" -atboottime
mRun: [AppleSyncNotifier] c:\program files\common files\apple\mobile device support\AppleSyncNotifier.exe
mRun: [iTunesHelper] "c:\program files\itunes\iTunesHelper.exe"
mRun: [Google Desktop Search] "c:\program files\google\google desktop search\GoogleDesktop.exe" /startup
StartupFolder: c:\progra~2\micros~1\windows\startm~1\programs\startup\digita~1.lnk - c:\program files\digital line detect\DLG.exe
StartupFolder: c:\progra~2\micros~1\windows\startm~1\programs\startup\hpdigi~1.lnk - c:\program files\hp\digital imaging\bin\hpqtra08.exe
StartupFolder: c:\progra~2\micros~1\windows\startm~1\programs\startup\quickset.lnk - c:\program files\dell\quickset\quickset.exe
mPolicies-explorer: BindDirectlyToPropertySetStorage = 0 (0x0)
mPolicies-system: ConsentPromptBehaviorAdmin = 0 (0x0)
mPolicies-system: ConsentPromptBehaviorUser = 3 (0x3)
mPolicies-system: EnableLUA = 0 (0x0)
mPolicies-system: EnableUIADesktopToggle = 0 (0x0)
IE: E&xport to Microsoft Excel - c:\progra~1\micros~2\office12\EXCEL.EXE/3000
IE: {3AD14F0C-ED16-4e43-B6D8-661B03F6A1EF} - c:\program files\pokerstars\PokerStarsUpdate.exe
IE: {DDE87865-83C5-48c4-8357-2F5B1AA84522} - {DDE87865-83C5-48c4-8357-2F5B1AA84522} - c:\program files\hp\digital imaging\smart web printing\hpswp_BHO.dll
LSP: bmnet.dll
DPF: {73ECB3AA-4717-450C-A2AB-D00DAD9EE203} - hxxp://h20270.www2.hp.com/ediags/gmn2/install/HPProductDetection2.cab
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab
DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} - hxxp://fpdownload.macromedia.com/get/flashplayer/current/polarbear/ultrashim.cab
DPF: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab
DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
Notify: GoToAssist - c:\program files\citrix\gotoassist\514\G2AWinLogon.dll
Notify: igfxcui - igfxdev.dll
AppInit_DLLs: c:\progra~1\google\google~1\GO36F4~1.DLL

============= SERVICES / DRIVERS ===============

R0 Lbd;Lbd;c:\windows\system32\drivers\Lbd.sys [2010-6-7 64288]
R1 vwififlt;Virtual WiFi Filter Driver;c:\windows\system32\drivers\vwififlt.sys [2009-7-13 48128]
R2 AESTFilters;Andrea ST Filters Service;c:\windows\system32\AEstSrv.exe [2010-1-30 73728]
R2 AntiVirSchedulerService;Avira AntiVir Scheduler;c:\program files\avira\antivir desktop\sched.exe [2010-3-29 135336]
R2 AntiVirService;Avira AntiVir Guard;c:\program files\avira\antivir desktop\avguard.exe [2010-3-29 267944]
R2 avgntflt;avgntflt;c:\windows\system32\drivers\avgntflt.sys [2009-7-25 61960]
R2 Lavasoft Ad-Aware Service;Lavasoft Ad-Aware Service;c:\program files\lavasoft\ad-aware\AAWService.exe [2010-9-23 1375992]
R2 NvtlService;NovaCore SDK Service;c:\program files\novatel wireless\novacore\server\NvtlSrvr.exe [2010-1-11 82944]
R3 IntcHdmiAddService;Intel® High Definition Audio HDMI Service;c:\windows\system32\drivers\IntcHdmi.sys [2008-7-25 111616]
R3 vwifimp;Microsoft Virtual WiFi Miniport Service;c:\windows\system32\drivers\vwifimp.sys [2009-7-13 14336]
R3 WSDPrintDevice;WSD Print Support via UMB;c:\windows\system32\drivers\WSDPrint.sys [2009-7-13 17920]
R3 yukonw7;NDIS6.2 Miniport Driver for Marvell Yukon Ethernet Controller;c:\windows\system32\drivers\yk62x86.sys [2009-9-28 315392]
S2 gupdate;Google Update Service (gupdate);c:\program files\google\update\GoogleUpdate.exe [2010-7-17 136176]
S3 b57nd60x;Broadcom NetXtreme Gigabit Ethernet - NDIS 6.0;c:\windows\system32\drivers\b57nd60x.sys [2009-7-13 229888]
S3 bcm;WiMAX Network Adapter;c:\windows\system32\drivers\drxvi314.sys [2010-2-11 319488]
S3 bcmbusctr;WiMAX Bus Driver;c:\windows\system32\drivers\BcmBusCtr.sys [2010-2-11 51456]
S3 CASprint;Sprint Con App Svc;c:\program files\sprint\sprint smartview\ConAppsSvc.exe [2010-6-8 124224]
S3 cm_net;C-motech USB Network Adapter Drivers;c:\windows\system32\drivers\cm_net.sys [2010-11-20 112640]
S3 cm_ser;C-motech USB Serial Port2 Driver;c:\windows\system32\drivers\cm_ser.sys [2010-11-20 103680]
S3 GoogleDesktopManager-051210-111108;Google Desktop Manager 5.9.1005.12335;c:\program files\google\google desktop search\GoogleDesktop.exe [2008-7-25 30192]
S3 Lavasoft Kernexplorer;Lavasoft helper driver;c:\program files\lavasoft\ad-aware\kernexplorer.sys [2010-9-23 15264]
S3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\wat\WatAdminSvc.exe [2010-3-2 1343400]

=============== Created Last 30 ================

2010-12-17 22:55:20 -------- d-----w- c:\windows\system32\%LocalAppData%
2010-12-16 04:16:12 -------- d-----w- C:\d960baba48f633e78fe6
2010-12-16 04:16:01 -------- d-----w- c:\program files\Feedback Tool
2010-12-11 00:54:12 -------- d-----w- c:\program files\iPod
2010-12-11 00:54:11 -------- d-----w- c:\program files\iTunes
2010-12-11 00:47:19 159744 ----a-w- c:\program files\internet explorer\plugins\npqtplugin7.dll
2010-12-11 00:47:19 159744 ----a-w- c:\program files\internet explorer\plugins\npqtplugin6.dll
2010-12-11 00:47:19 159744 ----a-w- c:\program files\internet explorer\plugins\npqtplugin5.dll
2010-12-11 00:47:19 159744 ----a-w- c:\program files\internet explorer\plugins\npqtplugin4.dll
2010-12-11 00:47:19 159744 ----a-w- c:\program files\internet explorer\plugins\npqtplugin3.dll
2010-12-11 00:47:19 159744 ----a-w- c:\program files\internet explorer\plugins\npqtplugin2.dll
2010-12-11 00:47:19 159744 ----a-w- c:\program files\internet explorer\plugins\npqtplugin.dll
2010-12-09 01:51:51 6273872 ----a-w- c:\progra~2\microsoft\windows defender\definition updates\{f823f6ae-2d1f-4b69-bd1d-c3b00b43ffd9}\mpengine.dll
2010-12-03 22:42:26 7680 ----a-w- c:\program files\internet explorer\iecompat.dll
2010-12-02 03:53:49 -------- d-----w- c:\users\brenda\appdata\roaming\Teleca
2010-12-02 03:53:49 -------- d-----w- c:\users\brenda\appdata\local\HTC
2010-12-02 03:53:33 -------- d-----w- c:\progra~2\HTC
2010-12-02 03:53:28 -------- d-----w- c:\program files\common files\Teleca Shared
2010-12-02 03:53:28 -------- d-----w- c:\progra~2\Teleca
2010-12-02 03:52:38 -------- d-----w- c:\program files\Spirent Communications
2010-12-02 03:52:26 -------- d-----w- c:\program files\HTC
2010-11-29 22:38:30 94208 ----a-w- c:\windows\system32\QuickTimeVR.qtx
2010-11-29 22:38:30 69632 ----a-w- c:\windows\system32\QuickTime.qts
2010-11-28 04:46:14 -------- dc-h--w- c:\progra~2\{E961CE1B-C3EA-4882-9F67-F859B555D097}
2010-11-21 01:11:21 -------- d-----w- c:\users\brenda\appdata\roaming\Sprint
2010-11-21 01:10:26 -------- d-----w- c:\users\brenda\appdata\roaming\Bytemobile
2010-11-21 01:08:08 -------- d-----w- c:\users\brenda\appdata\local\Sprint
2010-11-21 01:08:06 -------- d-----w- c:\users\brenda\appdata\roaming\Sierra Wireless
2010-11-21 00:56:32 112640 ----a-w- c:\windows\system32\drivers\cm_net32.sys
2010-11-21 00:56:32 112640 ----a-w- c:\windows\system32\drivers\cm_net.sys
2010-11-21 00:56:31 103680 ----a-w- c:\windows\system32\drivers\cm_ser32.sys
2010-11-21 00:56:31 103680 ----a-w- c:\windows\system32\drivers\cm_ser.sys
2010-11-21 00:55:05 -------- d-----w- c:\program files\Sierra Wireless
2010-11-21 00:55:03 -------- d-----w- c:\program files\common files\PctelEapPeer Authentication
2010-11-21 00:55:01 -------- d-----w- c:\program files\Sprint
2010-11-21 00:55:01 -------- d-----w- c:\program files\Novatel Wireless
2010-11-21 00:55:01 -------- d-----w- c:\progra~2\Sprint

==================== Find3M ====================

2010-10-19 15:41:44 222080 ------w- c:\windows\system32\MpSigStub.exe
2010-09-23 07:46:08 15880 ----a-w- c:\windows\system32\lsdelete.exe

=================== ROOTKIT ====================

Stealth MBR rootkit/Mebroot/Sinowal/TDL4 detector 0.4.2 by Gmer, http://www.gmer.net
Windows 6.1.7600 Disk: WDC_WD25 rev.01.0 -> Harddisk0\DR0 -> \Device\Ide\iaStor0

device: opened successfully
user: MBR read successfully

Disk trace:
called modules: ntkrnlpa.exe CLASSPNP.SYS disk.sys >>UNKNOWN [0x86ED4555]<<
_asm { PUSH EBP; MOV EBP, ESP; PUSH ECX; MOV EAX, [EBP+0x8]; CMP EAX, [0x86eda7b0]; MOV EAX, [0x86eda82c]; PUSH EBX; PUSH ESI; MOV ESI, [EBP+0xc]; MOV EBX, [ESI+0x60]; PUSH EDI; JNZ 0x20; MOV [EBP+0x8], EAX; }
1 ntkrnlpa!IofCallDriver[0x82E42458] -> \Device\Harddisk0\DR0[0x86EB2030]
3 CLASSPNP[0x8B78F59E] -> ntkrnlpa!IofCallDriver[0x82E42458] -> [0x8717FD00]
\Driver\iaStor[0x86EC2930] -> IRP_MJ_CREATE -> 0x86ED4555
kernel: MBR read successfully
_asm { XOR AX, AX; MOV SS, AX; MOV SP, 0x7c00; MOV ES, AX; MOV DS, AX; MOV SI, 0x7c00; MOV DI, 0x600; MOV CX, 0x200; CLD ; REP MOVSB ; PUSH AX; PUSH 0x61c; RETF ; STI ; PUSHA ; MOV CX, 0x132; MOV BP, 0x62a; ROR BYTE [BP+0x0], CL; INC BP; }
detected disk devices:
\Device\Ide\IAAStorageDevice-0 -> \??\IDE#DiskWDC_WD2500BEVS-75UST0___________________01.01A01#4&25d30264&0&0.0.0#{53f56307-b6bf-11d0-94f2-00a0c91efb8b} device not found
detected hooks:
user != kernel MBR !!!
sectors 488397166 (+255): user != kernel
Warning: possible TDL4 rootkit infection !
TDL4 rootkit infection detected ! Use: "mbr.exe -f" to fix.

============= FINISH: 20:02:45.92 ===============

Attached Files


Brendax5

Dont count the days, make the days count!

BC AdBot (Login to Remove)

 


#2 m0le

m0le

    Can U Dig It?


  • Malware Response Team
  • 34,527 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:London, UK
  • Local time:02:52 AM

Posted 27 December 2010 - 08:22 PM

Hi,

Welcome to Bleeping Computer. My name is m0le and I will be helping you with your log.
  • Please subscribe to this topic, if you haven't already. You can subscribe by clicking the Options box to the right of your topic title and selecting Track This Topic.

  • Please avoid installing/uninstalling or updating any programs and attempting any unsupervised fixes or scans. This can make helping you impossible.

  • Please reply to this post so I know you are there.
The forum is busy and we need to have replies as soon as possible. If I haven't had a reply after 3 days I will bump the topic and if you do not reply by the following day after that then I will close the topic.

----------------------------------------------

  • Download TDSSKiller and save it to your Desktop.

  • Extract its contents to your desktop and make sure TDSSKiller.exe (the contents of the zipped file) is on the Desktop itself, not within a folder on the desktop.

  • Go to Start > Run (Or you can hold down your Windows key and press R) and copy and paste the following into the text field. (make sure you include the quote marks) Then press OK.

    "%userprofile%\Desktop\TDSSKiller.exe" -l report.txt

  • Now click Start Scan.
  • If Malicious objects are found, ensure Cure is selected then click Continue > Reboot now.
  • Click Close
  • Finally press Report and copy and paste the contents into your next reply. If you've rebooted then the log will be found at C:\

Posted Image
m0le is a proud member of UNITE

#3 memawbrendax5

memawbrendax5
  • Topic Starter

  • Members
  • 15 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:OHIO
  • Local time:10:52 PM

Posted 27 December 2010 - 10:57 PM

Hello m0le,
Thanks for the help. Here is the report that you asked for. I had talked to a friend since the last time I posted and
he recommended that I run mbr.exe which I did and it found 4 infections. Since then I have had one virus alert which I hit remove.
Let me know if I did something I shouldnt have.

2010/12/27 22:51:45.0283 TDSS rootkit removing tool 2.4.12.0 Dec 16 2010 09:46:46
2010/12/27 22:51:45.0283 ================================================================================
2010/12/27 22:51:45.0283 SystemInfo:
2010/12/27 22:51:45.0283
2010/12/27 22:51:45.0283 OS Version: 6.1.7600 ServicePack: 0.0
2010/12/27 22:51:45.0283 Product type: Workstation
2010/12/27 22:51:45.0283 ComputerName: BRENDAS
2010/12/27 22:51:45.0283 UserName: Brenda
2010/12/27 22:51:45.0283 Windows directory: C:\Windows
2010/12/27 22:51:45.0283 System windows directory: C:\Windows
2010/12/27 22:51:45.0283 Processor architecture: Intel x86
2010/12/27 22:51:45.0283 Number of processors: 2
2010/12/27 22:51:45.0283 Page size: 0x1000
2010/12/27 22:51:45.0283 Boot type: Normal boot
2010/12/27 22:51:45.0283 ================================================================================
2010/12/27 22:51:45.0673 Initialize success
2010/12/27 22:51:48.0387 ================================================================================
2010/12/27 22:51:48.0387 Scan started
2010/12/27 22:51:48.0387 Mode: Manual;
2010/12/27 22:51:48.0387 ================================================================================
2010/12/27 22:51:48.0886 1394ohci (6d2aca41739bfe8cb86ee8e85f29697d) C:\Windows\system32\DRIVERS\1394ohci.sys
2010/12/27 22:51:48.0933 ACPI (f0e07d144c8685b8774bc32fc8da4df0) C:\Windows\system32\DRIVERS\ACPI.sys
2010/12/27 22:51:48.0996 AcpiPmi (98d81ca942d19f7d9153b095162ac013) C:\Windows\system32\DRIVERS\acpipmi.sys
2010/12/27 22:51:49.0042 adp94xx (21e785ebd7dc90a06391141aac7892fb) C:\Windows\system32\DRIVERS\adp94xx.sys
2010/12/27 22:51:49.0089 adpahci (0c676bc278d5b59ff5abd57bbe9123f2) C:\Windows\system32\DRIVERS\adpahci.sys
2010/12/27 22:51:49.0136 adpu320 (7c7b5ee4b7b822ec85321fe23a27db33) C:\Windows\system32\DRIVERS\adpu320.sys
2010/12/27 22:51:49.0245 AFD (ddc040fdb01ef1712a6b13e52afb104c) C:\Windows\system32\drivers\afd.sys
2010/12/27 22:51:49.0292 agp440 (507812c3054c21cef746b6ee3d04dd6e) C:\Windows\system32\DRIVERS\agp440.sys
2010/12/27 22:51:49.0323 aic78xx (8b30250d573a8f6b4bd23195160d8707) C:\Windows\system32\DRIVERS\djsvs.sys
2010/12/27 22:51:49.0386 aliide (0d40bcf52ea90fc7df2aeab6503dea44) C:\Windows\system32\DRIVERS\aliide.sys
2010/12/27 22:51:49.0417 amdagp (3c6600a0696e90a463771c7422e23ab5) C:\Windows\system32\DRIVERS\amdagp.sys
2010/12/27 22:51:49.0464 amdide (cd5914170297126b6266860198d1d4f0) C:\Windows\system32\DRIVERS\amdide.sys
2010/12/27 22:51:49.0495 AmdK8 (00dda200d71bac534bf56a9db5dfd666) C:\Windows\system32\DRIVERS\amdk8.sys
2010/12/27 22:51:49.0526 AmdPPM (3cbf30f5370fda40dd3e87df38ea53b6) C:\Windows\system32\DRIVERS\amdppm.sys
2010/12/27 22:51:49.0604 amdsata (2101a86c25c154f8314b24ef49d7fbc2) C:\Windows\system32\DRIVERS\amdsata.sys
2010/12/27 22:51:49.0635 amdsbs (ea43af0c423ff267355f74e7a53bdaba) C:\Windows\system32\DRIVERS\amdsbs.sys
2010/12/27 22:51:49.0666 amdxata (b81c2b5616f6420a9941ea093a92b150) C:\Windows\system32\DRIVERS\amdxata.sys
2010/12/27 22:51:49.0776 ApfiltrService (a80230bd04f0b8bf05185b369bb1cbb8) C:\Windows\system32\DRIVERS\Apfiltr.sys
2010/12/27 22:51:49.0822 AppID (feb834c02ce1e84b6a38f953ca067706) C:\Windows\system32\drivers\appid.sys
2010/12/27 22:51:49.0900 arc (2932004f49677bd84dbc72edb754ffb3) C:\Windows\system32\DRIVERS\arc.sys
2010/12/27 22:51:49.0932 arcsas (5d6f36c46fd283ae1b57bd2e9feb0bc7) C:\Windows\system32\DRIVERS\arcsas.sys
2010/12/27 22:51:49.0978 AsyncMac (add2ade1c2b285ab8378d2daaf991481) C:\Windows\system32\DRIVERS\asyncmac.sys
2010/12/27 22:51:50.0025 atapi (338c86357871c167a96ab976519bf59e) C:\Windows\system32\DRIVERS\atapi.sys
2010/12/27 22:51:50.0103 avgntflt (47b879406246ffdced59e18d331a0e7d) C:\Windows\system32\DRIVERS\avgntflt.sys
2010/12/27 22:51:50.0166 avipbb (da39805e2bad99d37fce9477dd94e7f2) C:\Windows\system32\DRIVERS\avipbb.sys
2010/12/27 22:51:50.0228 b06bdrv (1a231abec60fd316ec54c66715543cec) C:\Windows\system32\DRIVERS\bxvbdx.sys
2010/12/27 22:51:50.0306 b57nd60x (bd8869eb9cde6bbe4508d869929869ee) C:\Windows\system32\DRIVERS\b57nd60x.sys
2010/12/27 22:51:50.0384 bcm (14196079dddd871d8ba6c406c15c3f4a) C:\Windows\system32\DRIVERS\drxvi314.sys
2010/12/27 22:51:50.0540 BCM43XX (f9ce9b5e049efc66b8e6c73c18ee8438) C:\Windows\system32\DRIVERS\bcmwl6.sys
2010/12/27 22:51:50.0602 bcmbusctr (360c731bd6537c635c8d15b2f0d49669) C:\Windows\system32\DRIVERS\BcmBusCtr.sys
2010/12/27 22:51:50.0665 Beep (505506526a9d467307b3c393dedaf858) C:\Windows\system32\drivers\Beep.sys
2010/12/27 22:51:50.0712 blbdrive (2287078ed48fcfc477b05b20cf38f36f) C:\Windows\system32\DRIVERS\blbdrive.sys
2010/12/27 22:51:50.0774 BMLoad (c9c78e00a21d3fe21ce5d81ba5b45e21) C:\Windows\system32\drivers\BMLoad.sys
2010/12/27 22:51:50.0836 bowser (fcafaef6798d7b51ff029f99a9898961) C:\Windows\system32\DRIVERS\bowser.sys
2010/12/27 22:51:50.0883 BrFiltLo (9f9acc7f7ccde8a15c282d3f88b43309) C:\Windows\system32\DRIVERS\BrFiltLo.sys
2010/12/27 22:51:50.0914 BrFiltUp (56801ad62213a41f6497f96dee83755a) C:\Windows\system32\DRIVERS\BrFiltUp.sys
2010/12/27 22:51:50.0946 Brserid (845b8ce732e67f3b4133164868c666ea) C:\Windows\System32\Drivers\Brserid.sys
2010/12/27 22:51:50.0992 BrSerWdm (203f0b1e73adadbbb7b7b1fabd901f6b) C:\Windows\System32\Drivers\BrSerWdm.sys
2010/12/27 22:51:51.0024 BrUsbMdm (bd456606156ba17e60a04e18016ae54b) C:\Windows\System32\Drivers\BrUsbMdm.sys
2010/12/27 22:51:51.0055 BrUsbSer (af72ed54503f717a43268b3cc5faec2e) C:\Windows\System32\Drivers\BrUsbSer.sys
2010/12/27 22:51:51.0086 BTHMODEM (ed3df7c56ce0084eb2034432fc56565a) C:\Windows\system32\DRIVERS\bthmodem.sys
2010/12/27 22:51:51.0273 cdfs (77ea11b065e0a8ab902d78145ca51e10) C:\Windows\system32\DRIVERS\cdfs.sys
2010/12/27 22:51:51.0320 cdrom (ba6e70aa0e6091bc39de29477d866a77) C:\Windows\system32\DRIVERS\cdrom.sys
2010/12/27 22:51:51.0382 circlass (3fe3fe94a34df6fb06e6418d0f6a0060) C:\Windows\system32\DRIVERS\circlass.sys
2010/12/27 22:51:51.0429 CLFS (635181e0e9bbf16871bf5380d71db02d) C:\Windows\system32\CLFS.sys
2010/12/27 22:51:51.0492 CmBatt (dea805815e587dad1dd2c502220b5616) C:\Windows\system32\DRIVERS\CmBatt.sys
2010/12/27 22:51:51.0523 cmdide (c537b1db64d495b9b4717b4d6d9edbf2) C:\Windows\system32\DRIVERS\cmdide.sys
2010/12/27 22:51:51.0585 cm_net (8be938fe04e3a9d091f379c1d5f4b873) C:\Windows\system32\DRIVERS\cm_net.sys
2010/12/27 22:51:51.0632 cm_ser (33f77f7cb2c2efe34b3bc9cc716f73f3) C:\Windows\system32\DRIVERS\cm_ser.sys
2010/12/27 22:51:51.0679 CNG (1b675691ed940766149c93e8f4488d68) C:\Windows\system32\Drivers\cng.sys
2010/12/27 22:51:51.0710 Compbatt (a6023d3823c37043986713f118a89bee) C:\Windows\system32\DRIVERS\compbatt.sys
2010/12/27 22:51:51.0772 CompositeBus (f1724ba27e97d627f808fb0ba77a28a6) C:\Windows\system32\DRIVERS\CompositeBus.sys
2010/12/27 22:51:51.0804 crcdisk (2c4ebcfc84a9b44f209dff6c6e6c61d1) C:\Windows\system32\DRIVERS\crcdisk.sys
2010/12/27 22:51:51.0897 DfsC (8e09e52ee2e3ceb199ef3dd99cf9e3fb) C:\Windows\system32\Drivers\dfsc.sys
2010/12/27 22:51:51.0944 discache (1a050b0274bfb3890703d490f330c0da) C:\Windows\system32\drivers\discache.sys
2010/12/27 22:51:52.0006 Disk (565003f326f99802e68ca78f2a68e9ff) C:\Windows\system32\DRIVERS\disk.sys
2010/12/27 22:51:52.0084 Dot4 (b5e479eb83707dd698f66953e922042c) C:\Windows\system32\DRIVERS\Dot4.sys
2010/12/27 22:51:52.0147 Dot4Print (c25fea07a8e7767e8b89ab96a3b96519) C:\Windows\system32\DRIVERS\Dot4Prt.sys
2010/12/27 22:51:52.0178 dot4usb (cf491ff38d62143203c065260567e2f7) C:\Windows\system32\DRIVERS\dot4usb.sys
2010/12/27 22:51:52.0240 drmkaud (b918e7c5f9bf77202f89e1a9539f2eb4) C:\Windows\system32\drivers\drmkaud.sys
2010/12/27 22:51:52.0303 DXGKrnl (8b6c3464d7fac176500061dbfff42ad4) C:\Windows\System32\drivers\dxgkrnl.sys
2010/12/27 22:51:52.0490 ebdrv (024e1b5cac09731e4d868e64dbfb4ab0) C:\Windows\system32\DRIVERS\evbdx.sys
2010/12/27 22:51:52.0599 elxstor (0ed67910c8c326796faa00b2bf6d9d3c) C:\Windows\system32\DRIVERS\elxstor.sys
2010/12/27 22:51:52.0630 ErrDev (8fc3208352dd3912c94367a206ab3f11) C:\Windows\system32\DRIVERS\errdev.sys
2010/12/27 22:51:52.0693 exfat (2dc9108d74081149cc8b651d3a26207f) C:\Windows\system32\drivers\exfat.sys
2010/12/27 22:51:52.0724 fastfat (7e0ab74553476622fb6ae36f73d97d35) C:\Windows\system32\drivers\fastfat.sys
2010/12/27 22:51:52.0771 fdc (e817a017f82df2a1f8cfdbda29388b29) C:\Windows\system32\DRIVERS\fdc.sys
2010/12/27 22:51:52.0818 FileInfo (6cf00369c97f3cf563be99be983d13d8) C:\Windows\system32\drivers\fileinfo.sys
2010/12/27 22:51:52.0833 Filetrace (42c51dc94c91da21cb9196eb64c45db9) C:\Windows\system32\drivers\filetrace.sys
2010/12/27 22:51:52.0880 flpydisk (87907aa70cb3c56600f1c2fb8841579b) C:\Windows\system32\DRIVERS\flpydisk.sys
2010/12/27 22:51:52.0911 FltMgr (7520ec808e0c35e0ee6f841294316653) C:\Windows\system32\drivers\fltmgr.sys
2010/12/27 22:51:52.0958 FsDepends (1a16b57943853e598cff37fe2b8cbf1d) C:\Windows\system32\drivers\FsDepends.sys
2010/12/27 22:51:53.0005 Fs_Rec (a574b4360e438977038aae4bf60d79a2) C:\Windows\system32\drivers\Fs_Rec.sys
2010/12/27 22:51:53.0052 fvevol (dafbd9fe39197495aed6d51f3b85b5d2) C:\Windows\system32\DRIVERS\fvevol.sys
2010/12/27 22:51:53.0098 gagp30kx (65ee0c7a58b65e74ae05637418153938) C:\Windows\system32\DRIVERS\gagp30kx.sys
2010/12/27 22:51:53.0161 GEARAspiWDM (8182ff89c65e4d38b2de4bb0fb18564e) C:\Windows\system32\DRIVERS\GEARAspiWDM.sys
2010/12/27 22:51:53.0239 hcw85cir (c44e3c2bab6837db337ddee7544736db) C:\Windows\system32\drivers\hcw85cir.sys
2010/12/27 22:51:53.0286 HDAudBus (717a2207fd6f13ad3e664c7d5a43c7bf) C:\Windows\system32\DRIVERS\HDAudBus.sys
2010/12/27 22:51:53.0317 HidBatt (1d58a7f3e11a9731d0eaaaa8405acc36) C:\Windows\system32\DRIVERS\HidBatt.sys
2010/12/27 22:51:53.0348 HidBth (89448f40e6df260c206a193a4683ba78) C:\Windows\system32\DRIVERS\hidbth.sys
2010/12/27 22:51:53.0379 HidIr (cf50b4cf4a4f229b9f3c08351f99ca5e) C:\Windows\system32\DRIVERS\hidir.sys
2010/12/27 22:51:53.0426 HidUsb (25072fb35ac90b25f9e4e3bacf774102) C:\Windows\system32\DRIVERS\hidusb.sys
2010/12/27 22:51:53.0535 HpSAMD (295fdc419039090eb8b49ffdbb374549) C:\Windows\system32\DRIVERS\HpSAMD.sys
2010/12/27 22:51:53.0629 HSF_DPV (e9e589c9ab799f52e18f057635a2b362) C:\Windows\system32\DRIVERS\HSX_DPV.sys
2010/12/27 22:51:53.0676 HSXHWAZL (7845d2385f4dc7dfb3ccaf0c2fa4948e) C:\Windows\system32\DRIVERS\HSXHWAZL.sys
2010/12/27 22:51:53.0738 HTTP (c531c7fd9e8b62021112787c4e2c5a5a) C:\Windows\system32\drivers\HTTP.sys
2010/12/27 22:51:53.0769 hwpolicy (8305f33cde89ad6c7a0763ed0b5a8d42) C:\Windows\system32\drivers\hwpolicy.sys
2010/12/27 22:51:53.0816 i8042prt (f151f0bdc47f4a28b1b20a0818ea36d6) C:\Windows\system32\DRIVERS\i8042prt.sys
2010/12/27 22:51:53.0894 iaStor (997e8f5939f2d12cd9f2e6b395724c16) C:\Windows\system32\DRIVERS\iaStor.sys
2010/12/27 22:51:53.0941 iaStorV (934af4d7c5f457b9f0743f4299b77b67) C:\Windows\system32\DRIVERS\iaStorV.sys
2010/12/27 22:51:54.0144 igfx (9467514ea189475a6e7fdc5d7bde9d3f) C:\Windows\system32\DRIVERS\igdkmd32.sys
2010/12/27 22:51:54.0206 iirsp (4173ff5708f3236cf25195fecd742915) C:\Windows\system32\DRIVERS\iirsp.sys
2010/12/27 22:51:54.0284 IntcHdmiAddService (98d303ccb3415e9202e82043b37d66dc) C:\Windows\system32\drivers\IntcHdmi.sys
2010/12/27 22:51:54.0346 intelide (a0f12f2c9ba6c72f3987ce780e77c130) C:\Windows\system32\DRIVERS\intelide.sys
2010/12/27 22:51:54.0393 intelppm (3b514d27bfc4accb4037bc6685f766e0) C:\Windows\system32\DRIVERS\intelppm.sys
2010/12/27 22:51:54.0440 IpFilterDriver (709d1761d3b19a932ff0238ea6d50200) C:\Windows\system32\DRIVERS\ipfltdrv.sys
2010/12/27 22:51:54.0487 IPMIDRV (e4454b6c37d7ffd5649611f6496308a7) C:\Windows\system32\DRIVERS\IPMIDrv.sys
2010/12/27 22:51:54.0518 IPNAT (a5fa468d67abcdaa36264e463a7bb0cd) C:\Windows\system32\drivers\ipnat.sys
2010/12/27 22:51:54.0565 IRENUM (42996cff20a3084a56017b7902307e9f) C:\Windows\system32\drivers\irenum.sys
2010/12/27 22:51:54.0596 isapnp (1f32bb6b38f62f7df1a7ab7292638a35) C:\Windows\system32\DRIVERS\isapnp.sys
2010/12/27 22:51:54.0643 iScsiPrt (ed46c223ae46c6866ab77cdc41c404b7) C:\Windows\system32\DRIVERS\msiscsi.sys
2010/12/27 22:51:54.0690 kbdclass (adef52ca1aeae82b50df86b56413107e) C:\Windows\system32\DRIVERS\kbdclass.sys
2010/12/27 22:51:54.0721 kbdhid (3d9f0ebf350edcfd6498057301455964) C:\Windows\system32\DRIVERS\kbdhid.sys
2010/12/27 22:51:54.0752 KSecDD (e36a061ec11b373826905b21be10948f) C:\Windows\system32\Drivers\ksecdd.sys
2010/12/27 22:51:54.0799 KSecPkg (365c6154bbbc5377173f1ca7bfb6cc59) C:\Windows\system32\Drivers\ksecpkg.sys
2010/12/27 22:51:54.0877 Lbd (b7c19ec8b0dd7efa58ad41ffeb8b8cda) C:\Windows\system32\DRIVERS\Lbd.sys
2010/12/27 22:51:54.0939 lltdio (f7611ec07349979da9b0ae1f18ccc7a6) C:\Windows\system32\DRIVERS\lltdio.sys
2010/12/27 22:51:55.0002 LSI_FC (eb119a53ccf2acc000ac71b065b78fef) C:\Windows\system32\DRIVERS\lsi_fc.sys
2010/12/27 22:51:55.0017 LSI_SAS (8ade1c877256a22e49b75d1cc9161f9c) C:\Windows\system32\DRIVERS\lsi_sas.sys
2010/12/27 22:51:55.0064 LSI_SAS2 (dc9dc3d3daa0e276fd2ec262e38b11e9) C:\Windows\system32\DRIVERS\lsi_sas2.sys
2010/12/27 22:51:55.0080 LSI_SCSI (0a036c7d7cab643a7f07135ac47e0524) C:\Windows\system32\DRIVERS\lsi_scsi.sys
2010/12/27 22:51:55.0111 luafv (6703e366cc18d3b6e534f5cf7df39cee) C:\Windows\system32\drivers\luafv.sys
2010/12/27 22:51:55.0158 mdmxsdk (0cea2d0d3fa284b85ed5b68365114f76) C:\Windows\system32\DRIVERS\mdmxsdk.sys
2010/12/27 22:51:55.0220 megasas (0fff5b045293002ab38eb1fd1fc2fb74) C:\Windows\system32\DRIVERS\megasas.sys
2010/12/27 22:51:55.0236 MegaSR (dcbab2920c75f390caf1d29f675d03d6) C:\Windows\system32\DRIVERS\MegaSR.sys
2010/12/27 22:51:55.0282 Modem (f001861e5700ee84e2d4e52c712f4964) C:\Windows\system32\drivers\modem.sys
2010/12/27 22:51:55.0329 monitor (79d10964de86b292320e9dfe02282a23) C:\Windows\system32\DRIVERS\monitor.sys
2010/12/27 22:51:55.0376 mouclass (fb18cc1d4c2e716b6b903b0ac0cc0609) C:\Windows\system32\DRIVERS\mouclass.sys
2010/12/27 22:51:55.0423 mouhid (2c388d2cd01c9042596cf3c8f3c7b24d) C:\Windows\system32\DRIVERS\mouhid.sys
2010/12/27 22:51:55.0454 mountmgr (921c18727c5920d6c0300736646931c2) C:\Windows\system32\drivers\mountmgr.sys
2010/12/27 22:51:55.0485 mpio (2af5997438c55fb79d33d015c30e1974) C:\Windows\system32\DRIVERS\mpio.sys
2010/12/27 22:51:55.0516 mpsdrv (ad2723a7b53dd1aacae6ad8c0bfbf4d0) C:\Windows\system32\drivers\mpsdrv.sys
2010/12/27 22:51:55.0548 MRxDAV (b1be47008d20e43da3adc37c24cdb89d) C:\Windows\system32\drivers\mrxdav.sys
2010/12/27 22:51:55.0657 mrxsmb (f1b6aa08497ea86ca6ef6f7a08b0bfb8) C:\Windows\system32\DRIVERS\mrxsmb.sys
2010/12/27 22:51:55.0704 mrxsmb10 (5613358b4050f46f5a9832da8050d6e4) C:\Windows\system32\DRIVERS\mrxsmb10.sys
2010/12/27 22:51:55.0735 mrxsmb20 (25c9792778d80feb4c8201e62281bfdf) C:\Windows\system32\DRIVERS\mrxsmb20.sys
2010/12/27 22:51:55.0782 msahci (4326d168944123f38dd3b2d9c37a0b12) C:\Windows\system32\DRIVERS\msahci.sys
2010/12/27 22:51:55.0813 msdsm (455029c7174a2dbb03dba8a0d8bddd9a) C:\Windows\system32\DRIVERS\msdsm.sys
2010/12/27 22:51:55.0875 Msfs (daefb28e3af5a76abcc2c3078c07327f) C:\Windows\system32\drivers\Msfs.sys
2010/12/27 22:51:55.0922 mshidkmdf (3e1e5767043c5af9367f0056295e9f84) C:\Windows\System32\drivers\mshidkmdf.sys
2010/12/27 22:51:55.0953 msisadrv (0a4e5757ae09fa9622e3158cc1aef114) C:\Windows\system32\DRIVERS\msisadrv.sys
2010/12/27 22:51:56.0000 MSKSSRV (8c0860d6366aaffb6c5bb9df9448e631) C:\Windows\system32\drivers\MSKSSRV.sys
2010/12/27 22:51:56.0047 MSPCLOCK (3ea8b949f963562cedbb549eac0c11ce) C:\Windows\system32\drivers\MSPCLOCK.sys
2010/12/27 22:51:56.0078 MSPQM (f456e973590d663b1073e9c463b40932) C:\Windows\system32\drivers\MSPQM.sys
2010/12/27 22:51:56.0125 MsRPC (0e008fc4819d238c51d7c93e7b41e560) C:\Windows\system32\drivers\MsRPC.sys
2010/12/27 22:51:56.0156 mssmbios (fc6b9ff600cc585ea38b12589bd4e246) C:\Windows\system32\DRIVERS\mssmbios.sys
2010/12/27 22:51:56.0187 MSTEE (b42c6b921f61a6e55159b8be6cd54a36) C:\Windows\system32\drivers\MSTEE.sys
2010/12/27 22:51:56.0218 MTConfig (33599130f44e1f34631cea241de8ac84) C:\Windows\system32\DRIVERS\MTConfig.sys
2010/12/27 22:51:56.0265 Mup (159fad02f64e6381758c990f753bcc80) C:\Windows\system32\Drivers\mup.sys
2010/12/27 22:51:56.0328 NativeWifiP (26384429fcd85d83746f63e798ab1480) C:\Windows\system32\DRIVERS\nwifi.sys
2010/12/27 22:51:56.0390 NDIS (23759d175a0a9baaf04d05047bc135a8) C:\Windows\system32\drivers\ndis.sys
2010/12/27 22:51:56.0452 NdisCap (0e1787aa6c9191d3d319e8bafe86f80c) C:\Windows\system32\DRIVERS\ndiscap.sys
2010/12/27 22:51:56.0484 NdisTapi (e4a8aec125a2e43a9e32afeea7c9c888) C:\Windows\system32\DRIVERS\ndistapi.sys
2010/12/27 22:51:56.0515 Ndisuio (b30ae7f2b6d7e343b0df32e6c08fce75) C:\Windows\system32\DRIVERS\ndisuio.sys
2010/12/27 22:51:56.0546 NdisWan (267c415eadcbe53c9ca873dee39cf3a4) C:\Windows\system32\DRIVERS\ndiswan.sys
2010/12/27 22:51:56.0577 NDProxy (af7e7c63dcef3f8772726f86039d6eb4) C:\Windows\system32\drivers\NDProxy.sys
2010/12/27 22:51:56.0655 NetBIOS (80b275b1ce3b0e79909db7b39af74d51) C:\Windows\system32\DRIVERS\netbios.sys
2010/12/27 22:51:56.0686 NetBT (dd52a733bf4ca5af84562a5e2f963b91) C:\Windows\system32\DRIVERS\netbt.sys
2010/12/27 22:51:56.0764 nfrd960 (1d85c4b390b0ee09c7a46b91efb2c097) C:\Windows\system32\DRIVERS\nfrd960.sys
2010/12/27 22:51:56.0842 Nmea (b0d5188e282dc4edae7020f333427bc8) C:\Windows\system32\DRIVERS\pctnullport.sys
2010/12/27 22:51:56.0874 Npfs (1db262a9f8c087e8153d89bef3d2235f) C:\Windows\system32\drivers\Npfs.sys
2010/12/27 22:51:56.0920 nsiproxy (e9a0a4d07e53d8fea2bb8387a3293c58) C:\Windows\system32\drivers\nsiproxy.sys
2010/12/27 22:51:56.0998 Ntfs (3795dcd21f740ee799fb7223234215af) C:\Windows\system32\drivers\Ntfs.sys
2010/12/27 22:51:57.0045 Null (f9756a98d69098dca8945d62858a812c) C:\Windows\system32\drivers\Null.sys
2010/12/27 22:51:57.0092 nvraid (3f3d04b1d08d43c16ea7963954ec768d) C:\Windows\system32\DRIVERS\nvraid.sys
2010/12/27 22:51:57.0123 nvstor (c99f251a5de63c6f129cf71933aced0f) C:\Windows\system32\DRIVERS\nvstor.sys
2010/12/27 22:51:57.0186 nv_agp (5a0983915f02bae73267cc2a041f717d) C:\Windows\system32\DRIVERS\nv_agp.sys
2010/12/27 22:51:57.0232 NWADI (93213c7ec08e01e37a935bf144e75df6) C:\Windows\system32\DRIVERS\NWADIenum.sys
2010/12/27 22:51:57.0310 OEM02Dev (19cac780b858822055f46c58a111723c) C:\Windows\system32\DRIVERS\OEM02Dev.sys
2010/12/27 22:51:57.0342 OEM02Vfx (86326062a90494bdd79ce383511d7d69) C:\Windows\system32\DRIVERS\OEM02Vfx.sys
2010/12/27 22:51:57.0373 ohci1394 (08a70a1f2cdde9bb49b885cb817a66eb) C:\Windows\system32\DRIVERS\ohci1394.sys
2010/12/27 22:51:57.0420 Parport (2ea877ed5dd9713c5ac74e8ea7348d14) C:\Windows\system32\DRIVERS\parport.sys
2010/12/27 22:51:57.0451 partmgr (ff4218952b51de44fe910953a3e686b9) C:\Windows\system32\drivers\partmgr.sys
2010/12/27 22:51:57.0482 Parvdm (eb0a59f29c19b86479d36b35983daadc) C:\Windows\system32\DRIVERS\parvdm.sys
2010/12/27 22:51:57.0529 pci (c858cb77c577780ecc456a892e7e7d0f) C:\Windows\system32\DRIVERS\pci.sys
2010/12/27 22:51:57.0591 pciide (afe86f419014db4e5593f69ffe26ce0a) C:\Windows\system32\DRIVERS\pciide.sys
2010/12/27 22:51:57.0622 pcmcia (f396431b31693e71e8a80687ef523506) C:\Windows\system32\DRIVERS\pcmcia.sys
2010/12/27 22:51:57.0669 PCTINDIS5 (1e715247efffdda938c085913045d599) C:\Windows\system32\PCTINDIS5.SYS
2010/12/27 22:51:57.0700 pcw (250f6b43d2b613172035c6747aeeb19f) C:\Windows\system32\drivers\pcw.sys
2010/12/27 22:51:57.0747 PEAUTH (9e0104ba49f4e6973749a02bf41344ed) C:\Windows\system32\drivers\peauth.sys
2010/12/27 22:51:57.0888 PptpMiniport (631e3e205ad6d86f2aed6a4a8e69f2db) C:\Windows\system32\DRIVERS\raspptp.sys
2010/12/27 22:51:57.0919 Processor (85b1e3a0c7585bc4aae6899ec6fcf011) C:\Windows\system32\DRIVERS\processr.sys
2010/12/27 22:51:57.0981 Psched (6270ccae2a86de6d146529fe55b3246a) C:\Windows\system32\DRIVERS\pacer.sys
2010/12/27 22:51:58.0044 PxHelp20 (03e0fe281823ba64b3782f5b38950e73) C:\Windows\system32\Drivers\PxHelp20.sys
2010/12/27 22:51:58.0122 ql2300 (ab95ecf1f6659a60ddc166d8315b0751) C:\Windows\system32\DRIVERS\ql2300.sys
2010/12/27 22:51:58.0184 ql40xx (b4dd51dd25182244b86737dc51af2270) C:\Windows\system32\DRIVERS\ql40xx.sys
2010/12/27 22:51:58.0215 QWAVEdrv (584078ca1b95ca72df2a27c336f9719d) C:\Windows\system32\drivers\qwavedrv.sys
2010/12/27 22:51:58.0262 RasAcd (30a81b53c766d0133bb86d234e5556ab) C:\Windows\system32\DRIVERS\rasacd.sys
2010/12/27 22:51:58.0324 RasAgileVpn (57ec4aef73660166074d8f7f31c0d4fd) C:\Windows\system32\DRIVERS\AgileVpn.sys
2010/12/27 22:51:58.0356 Rasl2tp (d9f91eafec2815365cbe6d167e4e332a) C:\Windows\system32\DRIVERS\rasl2tp.sys
2010/12/27 22:51:58.0402 RasPppoe (0fe8b15916307a6ac12bfb6a63e45507) C:\Windows\system32\DRIVERS\raspppoe.sys
2010/12/27 22:51:58.0434 RasSstp (44101f495a83ea6401d886e7fd70096b) C:\Windows\system32\DRIVERS\rassstp.sys
2010/12/27 22:51:58.0465 rdbss (835d7e81bf517a3b72384bdcc85e1ce6) C:\Windows\system32\DRIVERS\rdbss.sys
2010/12/27 22:51:58.0512 rdpbus (0d8f05481cb76e70e1da06ee9f0da9df) C:\Windows\system32\DRIVERS\rdpbus.sys
2010/12/27 22:51:58.0543 RDPCDD (1e016846895b15a99f9a176a05029075) C:\Windows\system32\DRIVERS\RDPCDD.sys
2010/12/27 22:51:58.0605 RDPENCDD (5a53ca1598dd4156d44196d200c94b8a) C:\Windows\system32\drivers\rdpencdd.sys
2010/12/27 22:51:58.0636 RDPREFMP (44b0a53cd4f27d50ed461dae0c0b4e1f) C:\Windows\system32\drivers\rdprefmp.sys
2010/12/27 22:51:58.0683 RDPWD (801371ba9782282892d00aadb08ee367) C:\Windows\system32\drivers\RDPWD.sys
2010/12/27 22:51:58.0714 rdyboost (4ea225bf1cf05e158853f30a99ca29a7) C:\Windows\system32\drivers\rdyboost.sys
2010/12/27 22:51:58.0792 rimmptsk (355aac141b214bef1dbc1483afd9bd50) C:\Windows\system32\DRIVERS\rimmptsk.sys
2010/12/27 22:51:58.0855 rimsptsk (a4216c71dd4f60b26418ccfd99cd0815) C:\Windows\system32\DRIVERS\rimsptsk.sys
2010/12/27 22:51:58.0917 rismxdp (d231b577024aa324af13a42f3a807d10) C:\Windows\system32\DRIVERS\rixdptsk.sys
2010/12/27 22:51:58.0980 rspndr (032b0d36ad92b582d869879f5af5b928) C:\Windows\system32\DRIVERS\rspndr.sys
2010/12/27 22:51:59.0089 SASDIFSV (a3281aec37e0720a2bc28034c2df2a56) C:\Program Files\SUPERAntiSpyware\SASDIFSV.SYS
2010/12/27 22:51:59.0167 SASKUTIL (61db0d0756a99506207fd724e3692b25) C:\Program Files\SUPERAntiSpyware\SASKUTIL.SYS
2010/12/27 22:51:59.0307 sbp2port (34ee0c44b724e3e4ce2eff29126de5b5) C:\Windows\system32\DRIVERS\sbp2port.sys
2010/12/27 22:51:59.0354 scfilter (a95c54b2ac3cc9c73fcdf9e51a1d6b51) C:\Windows\system32\DRIVERS\scfilter.sys
2010/12/27 22:51:59.0432 sdbus (7b48cff3a475fe849dea65ec4d35c425) C:\Windows\system32\DRIVERS\sdbus.sys
2010/12/27 22:51:59.0494 secdrv (90a3935d05b494a5a39d37e71f09a677) C:\Windows\system32\drivers\secdrv.sys
2010/12/27 22:51:59.0572 Serenum (9ad8b8b515e3df6acd4212ef465de2d1) C:\Windows\system32\DRIVERS\serenum.sys
2010/12/27 22:51:59.0588 Serial (5fb7fcea0490d821f26f39cc5ea3d1e2) C:\Windows\system32\DRIVERS\serial.sys
2010/12/27 22:51:59.0619 sermouse (79bffb520327ff916a582dfea17aa813) C:\Windows\system32\DRIVERS\sermouse.sys
2010/12/27 22:51:59.0682 sffdisk (9f976e1eb233df46fce808d9dea3eb9c) C:\Windows\system32\DRIVERS\sffdisk.sys
2010/12/27 22:51:59.0713 sffp_mmc (932a68ee27833cfd57c1639d375f2731) C:\Windows\system32\DRIVERS\sffp_mmc.sys
2010/12/27 22:51:59.0744 sffp_sd (4f1e5b0fe7c8050668dbfade8999aefb) C:\Windows\system32\DRIVERS\sffp_sd.sys
2010/12/27 22:51:59.0791 sfloppy (db96666cc8312ebc45032f30b007a547) C:\Windows\system32\DRIVERS\sfloppy.sys
2010/12/27 22:51:59.0838 sisagp (2565cac0dc9fe0371bdce60832582b2e) C:\Windows\system32\DRIVERS\sisagp.sys
2010/12/27 22:51:59.0884 SiSRaid2 (a9f0486851becb6dda1d89d381e71055) C:\Windows\system32\DRIVERS\SiSRaid2.sys
2010/12/27 22:51:59.0916 SiSRaid4 (3727097b55738e2f554972c3be5bc1aa) C:\Windows\system32\DRIVERS\sisraid4.sys
2010/12/27 22:51:59.0962 Smb (3e21c083b8a01cb70ba1f09303010fce) C:\Windows\system32\DRIVERS\smb.sys
2010/12/27 22:52:00.0009 spldr (95cf1ae7527fb70f7816563cbc09d942) C:\Windows\system32\drivers\spldr.sys
2010/12/27 22:52:00.0118 srv (2dbedfb1853f06110ec2aa7f3213c89f) C:\Windows\system32\DRIVERS\srv.sys
2010/12/27 22:52:00.0181 srv2 (db37131d1027c50ea7ee21c8bb4536aa) C:\Windows\system32\DRIVERS\srv2.sys
2010/12/27 22:52:00.0243 srvnet (f5980b74124db9233b33f86fc5ebbb4f) C:\Windows\system32\DRIVERS\srvnet.sys
2010/12/27 22:52:00.0337 ssmdrv (a36ee93698802cd899f98bfd553d8185) C:\Windows\system32\DRIVERS\ssmdrv.sys
2010/12/27 22:52:00.0430 stexstor (db32d325c192b801df274bfd12a7e72b) C:\Windows\system32\DRIVERS\stexstor.sys
2010/12/27 22:52:00.0477 STHDA (6a2a5e809c2c0178326d92b19ee4aad3) C:\Windows\system32\drivers\stwrt.sys
2010/12/27 22:52:00.0555 StillCam (edb05bd63148796f23ea78506404a538) C:\Windows\system32\DRIVERS\serscan.sys
2010/12/27 22:52:00.0602 swenum (e58c78a848add9610a4db6d214af5224) C:\Windows\system32\DRIVERS\swenum.sys
2010/12/27 22:52:00.0758 Tcpip (bb7f39c31c4a4417fd318e7cd184e225) C:\Windows\system32\drivers\tcpip.sys
2010/12/27 22:52:00.0852 TCPIP6 (bb7f39c31c4a4417fd318e7cd184e225) C:\Windows\system32\DRIVERS\tcpip.sys
2010/12/27 22:52:00.0914 tcpipBM (b1a9e04d803fde6b78314455211b726e) C:\Windows\system32\drivers\tcpipBM.sys
2010/12/27 22:52:00.0961 tcpipreg (e64444523add154f86567c469bc0b17f) C:\Windows\system32\drivers\tcpipreg.sys
2010/12/27 22:52:01.0008 TDPIPE (1875c1490d99e70e449e3afae9fcbadf) C:\Windows\system32\drivers\tdpipe.sys
2010/12/27 22:52:01.0039 TDTCP (7551e91ea999ee9a8e9c331d5a9c31f3) C:\Windows\system32\drivers\tdtcp.sys
2010/12/27 22:52:01.0070 tdx (cb39e896a2a83702d1737bfd402b3542) C:\Windows\system32\DRIVERS\tdx.sys
2010/12/27 22:52:01.0117 TermDD (c36f41ee20e6999dbf4b0425963268a5) C:\Windows\system32\DRIVERS\termdd.sys
2010/12/27 22:52:01.0195 tssecsrv (98ae6fa07d12cb4ec5cf4a9bfa5f4242) C:\Windows\system32\DRIVERS\tssecsrv.sys
2010/12/27 22:52:01.0257 tunnel (3e461d890a97f9d4c168f5fda36e1d00) C:\Windows\system32\DRIVERS\tunnel.sys
2010/12/27 22:52:01.0288 uagp35 (750fbcb269f4d7dd2e420c56b795db6d) C:\Windows\system32\DRIVERS\uagp35.sys
2010/12/27 22:52:01.0351 udfs (09cc3e16f8e5ee7168e01cf8fcbe061a) C:\Windows\system32\DRIVERS\udfs.sys
2010/12/27 22:52:01.0413 uliagpkx (44e8048ace47befbfdc2e9be4cbc8880) C:\Windows\system32\DRIVERS\uliagpkx.sys
2010/12/27 22:52:01.0460 umbus (049b3a50b3d646baeeee9eec9b0668dc) C:\Windows\system32\DRIVERS\umbus.sys
2010/12/27 22:52:01.0491 UmPass (7550ad0c6998ba1cb4843e920ee0feac) C:\Windows\system32\DRIVERS\umpass.sys
2010/12/27 22:52:01.0569 usbbus (5353218b3265e3b8190335059f697a11) C:\Windows\system32\DRIVERS\lgusbbus.sys
2010/12/27 22:52:01.0585 usbccgp (8455c4ed038efd09e99327f9d2d48ffa) C:\Windows\system32\DRIVERS\usbccgp.sys
2010/12/27 22:52:01.0616 usbcir (04ec7cec62ec3b6d9354eee93327fc82) C:\Windows\system32\DRIVERS\usbcir.sys
2010/12/27 22:52:01.0663 usbehci (1c333bfd60f2fed2c7ad5daf533cb742) C:\Windows\system32\DRIVERS\usbehci.sys
2010/12/27 22:52:01.0710 usbhub (ee6ef93ccfa94fae8c6ab298273d8ae2) C:\Windows\system32\DRIVERS\usbhub.sys
2010/12/27 22:52:01.0741 usbohci (a6fb7957ea7afb1165991e54ce934b74) C:\Windows\system32\DRIVERS\usbohci.sys
2010/12/27 22:52:01.0772 usbprint (797d862fe0875e75c7cc4c1ad7b30252) C:\Windows\system32\DRIVERS\usbprint.sys
2010/12/27 22:52:01.0834 usbscan (576096ccbc07e7c4ea4f5e6686d6888f) C:\Windows\system32\DRIVERS\usbscan.sys
2010/12/27 22:52:01.0866 USBSTOR (d8889d56e0d27e57ed4591837fe71d27) C:\Windows\system32\DRIVERS\USBSTOR.SYS
2010/12/27 22:52:01.0912 usbuhci (78780c3ebce17405b1ccd07a3a8a7d72) C:\Windows\system32\DRIVERS\usbuhci.sys
2010/12/27 22:52:01.0959 vdrvroot (a059c4c3edb09e07d21a8e5c0aabd3cb) C:\Windows\system32\DRIVERS\vdrvroot.sys
2010/12/27 22:52:02.0006 vga (17c408214ea61696cec9c66e388b14f3) C:\Windows\system32\DRIVERS\vgapnp.sys
2010/12/27 22:52:02.0053 VgaSave (8e38096ad5c8570a6f1570a61e251561) C:\Windows\System32\drivers\vga.sys
2010/12/27 22:52:02.0084 vhdmp (3be6e1f3a4f1afec8cee0d7883f93583) C:\Windows\system32\DRIVERS\vhdmp.sys
2010/12/27 22:52:02.0131 viaagp (c829317a37b4bea8f39735d4b076e923) C:\Windows\system32\DRIVERS\viaagp.sys
2010/12/27 22:52:02.0193 ViaC7 (e02f079a6aa107f06b16549c6e5c7b74) C:\Windows\system32\DRIVERS\viac7.sys
2010/12/27 22:52:02.0240 viaide (e43574f6a56a0ee11809b48c09e4fd3c) C:\Windows\system32\DRIVERS\viaide.sys
2010/12/27 22:52:02.0287 volmgr (384e5a2aa49934295171e499f86ba6f3) C:\Windows\system32\DRIVERS\volmgr.sys
2010/12/27 22:52:02.0318 volmgrx (b5bb72067ddddbbfb04b2f89ff8c3c87) C:\Windows\system32\drivers\volmgrx.sys
2010/12/27 22:52:02.0365 volsnap (58df9d2481a56edde167e51b334d44fd) C:\Windows\system32\DRIVERS\volsnap.sys
2010/12/27 22:52:02.0427 vsmraid (9dfa0cc2f8855a04816729651175b631) C:\Windows\system32\DRIVERS\vsmraid.sys
2010/12/27 22:52:02.0458 vwifibus (90567b1e658001e79d7c8bbd3dde5aa6) C:\Windows\system32\DRIVERS\vwifibus.sys
2010/12/27 22:52:02.0521 vwififlt (7090d3436eeb4e7da3373090a23448f7) C:\Windows\system32\DRIVERS\vwififlt.sys
2010/12/27 22:52:02.0568 vwifimp (a3f04cbea6c2a10e6cb01f8b47611882) C:\Windows\system32\DRIVERS\vwifimp.sys
2010/12/27 22:52:02.0630 WacomPen (de3721e89c653aa281428c8a69745d90) C:\Windows\system32\DRIVERS\wacompen.sys
2010/12/27 22:52:02.0661 WANARP (692a712062146e96d28ba0b7d75de31b) C:\Windows\system32\DRIVERS\wanarp.sys
2010/12/27 22:52:02.0692 Wanarpv6 (692a712062146e96d28ba0b7d75de31b) C:\Windows\system32\DRIVERS\wanarp.sys
2010/12/27 22:52:02.0755 Wd (1112a9badacb47b7c0bb0392e3158dff) C:\Windows\system32\DRIVERS\wd.sys
2010/12/27 22:52:02.0802 Wdf01000 (9950e3d0f08141c7e89e64456ae7dc73) C:\Windows\system32\drivers\Wdf01000.sys
2010/12/27 22:52:02.0895 WfpLwf (8b9a943f3b53861f2bfaf6c186168f79) C:\Windows\system32\DRIVERS\wfplwf.sys
2010/12/27 22:52:02.0942 WIMMount (5cf95b35e59e2a38023836fff31be64c) C:\Windows\system32\drivers\wimmount.sys
2010/12/27 22:52:02.0989 winachsf (4daca8f07537d4d7e3534bb99294aa26) C:\Windows\system32\DRIVERS\HSX_CNXT.sys
2010/12/27 22:52:03.0129 WinUsb (30fc6e5448d0cbaaa95280eeef7fedae) C:\Windows\system32\DRIVERS\WinUsb.sys
2010/12/27 22:52:03.0207 WmiAcpi (0217679b8fca58714c3bf2726d2ca84e) C:\Windows\system32\DRIVERS\wmiacpi.sys
2010/12/27 22:52:03.0285 ws2ifsl (6db3276587b853bf886b69528fdb048c) C:\Windows\system32\drivers\ws2ifsl.sys
2010/12/27 22:52:03.0332 WSDPrintDevice (553f6ccd7c58eb98d4a8fbdaf283d7a9) C:\Windows\system32\DRIVERS\WSDPrint.sys
2010/12/27 22:52:03.0394 WudfPf (6f9b6c0c93232cff47d0f72d6db1d21e) C:\Windows\system32\drivers\WudfPf.sys
2010/12/27 22:52:03.0441 WUDFRd (f91ff1e51fca30b3c3981db7d5924252) C:\Windows\system32\DRIVERS\WUDFRd.sys
2010/12/27 22:52:03.0519 XAudio (5a7ff9a18ff6d7e0527fe3abf9204ef8) C:\Windows\system32\DRIVERS\xaudio.sys
2010/12/27 22:52:03.0597 yukonw7 (30b73eb97218a16cbc6de535782a1b35) C:\Windows\system32\DRIVERS\yk62x86.sys
2010/12/27 22:52:03.0691 ================================================================================
2010/12/27 22:52:03.0691 Scan finished
2010/12/27 22:52:03.0691 ================================================================================
Brendax5

Dont count the days, make the days count!

#4 m0le

m0le

    Can U Dig It?


  • Malware Response Team
  • 34,527 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:London, UK
  • Local time:02:52 AM

Posted 28 December 2010 - 07:28 AM

MBR.exe is a legitimate cure for the rootkit but TDSSKiller does more so it was necessary to run.

It looks like you are clean but we need to double check. Please run OTL and I can take a look for anything remaining

  • Download OTL to your desktop.
  • Double click on the icon to run it. Make sure all other windows are closed and to let it run uninterrupted.
  • When the window appears, underneath Output at the top change it to Minimal Output.
  • Under the Standard Registry box change it to All.
  • Check the boxes beside LOP Check and Purity Check.
  • Click the Run Scan button. Do not change any settings unless otherwise told to do so. The scan wont take long.
  • When the scan completes, it will open two notepad windows. OTL.Txt and Extras.Txt. These are saved in the same location as OTL.
  • Please copy (Edit->Select All, Edit->Copy) the contents of these files, one at a time, and post it with your next reply.

Posted Image
m0le is a proud member of UNITE

#5 memawbrendax5

memawbrendax5
  • Topic Starter

  • Members
  • 15 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:OHIO
  • Local time:10:52 PM

Posted 28 December 2010 - 05:23 PM

I did get another virus alert last night after I posted the tdsskiller log. Here is what appeared.
'HTML/Infected.WebPage.Gen [virus]'
detected in file 'C:\Users\Brenda\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\0K9KKWSN\f_7[1].js.

Here is the OTL and Extras log:

OTL logfile created on: 12/28/2010 5:05:47 PM - Run 1
OTL by OldTimer - Version 3.2.18.0 Folder = C:\Users\Brenda\Desktop
Home Premium Edition (Version = 6.1.7600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.7600.16385)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

3.00 Gb Total Physical Memory | 2.00 Gb Available Physical Memory | 53.00% Memory free
6.00 Gb Paging File | 5.00 Gb Available in Paging File | 75.00% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 220.32 Gb Total Space | 154.80 Gb Free Space | 70.26% Space Free | Partition Type: NTFS
Drive D: | 10.00 Gb Total Space | 5.68 Gb Free Space | 56.80% Space Free | Partition Type: NTFS

Computer Name: BRENDAS | User Name: Brenda | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - C:\Users\Brenda\Desktop\OTL.exe (OldTimer Tools)
PRC - C:\Program Files\Avira\AntiVir Desktop\avguard.exe (Avira GmbH)
PRC - C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe (Google)
PRC - C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe (Lavasoft)
PRC - C:\Program Files\Lavasoft\Ad-Aware\AAWTray.exe (Lavasoft)
PRC - C:\Program Files\Avira\AntiVir Desktop\avgnt.exe (Avira GmbH)
PRC - C:\Program Files\Avira\AntiVir Desktop\sched.exe (Avira GmbH)
PRC - C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe (Apple Inc.)
PRC - C:\Users\Brenda\AppData\Local\Google\Update\1.2.183.39\GoogleCrashHandler.exe (Google Inc.)
PRC - C:\Program Files\Sprint\Sprint SmartView\RDVCHG.exe (C-motech Co.,Ltd)
PRC - C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe (Microsoft Corporation)
PRC - C:\Program Files\HTC\HTC Sync\ClientInitiatedStarter\ClientInitiatedStarter.exe (Teleca)
PRC - C:\Program Files\HTC\HTC Sync\Mobile Phone Monitor\epmworker.exe (Teleca Sweden AB)
PRC - C:\Program Files\HTC\HTC Sync\Mobile Phone Monitor\FsynSrvStarter.exe (TODO: <Company name>)
PRC - C:\Program Files\HTC\HTC Sync\Mobile Phone Monitor\HTCVBTServer.exe (Teleca AB)
PRC - C:\Program Files\Avira\AntiVir Desktop\avshadow.exe (Avira GmbH)
PRC - C:\Program Files\Novatel Wireless\Novacore\Server\NvtlSrvr.exe ()
PRC - C:\Program Files\Common Files\Teleca Shared\Generic.exe (Teleca AB)
PRC - C:\Program Files\HTC\HTC Sync\Application Launcher\Application Launcher.exe (Teleca Sweden AB)
PRC - C:\Program Files\MSN Toolbar\Platform\4.0.0360.0\mswinext.exe (Microsoft Corp.)
PRC - C:\Windows\explorer.exe (Microsoft Corporation)
PRC - C:\Windows\System32\taskhost.exe (Microsoft Corporation)
PRC - C:\Windows\System32\sppsvc.exe (Microsoft Corporation)
PRC - C:\Windows\System32\conhost.exe (Microsoft Corporation)
PRC - C:\Program Files\Common Files\Teleca Shared\logger.exe (Popwire AB)
PRC - C:\Program Files\Dell Support Center\bin\sprtcmd.exe (SupportSoft, Inc.)
PRC - C:\Program Files\Common Files\Teleca Shared\CapabilityManager.exe (Teleca Sweden AB)
PRC - C:\Program Files\Dell Support Center\bin\sprtsvc.exe (SupportSoft, Inc.)
PRC - C:\Program Files\DellTPad\hidfind.exe (Alps Electric Co., Ltd.)
PRC - C:\Program Files\DellTPad\Apoint.exe (Alps Electric Co., Ltd.)
PRC - C:\Program Files\DellTPad\ApMsgFwd.exe (Alps Electric Co., Ltd.)
PRC - C:\Program Files\DellTPad\ApntEx.exe (Alps Electric Co., Ltd.)
PRC - C:\Windows\OEM02Mon.exe (Creative Technology Ltd.)
PRC - C:\Program Files\Dell\QuickSet\quickset.exe (Dell Inc.)
PRC - C:\Program Files\Dell\MediaDirect\PCMService.exe (CyberLink Corp.)
PRC - C:\Windows\System32\AEstSrv.exe (Andrea Electronics Corporation)
PRC - C:\Windows\System32\stacsv.exe (IDT, Inc.)
PRC - C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTmon.exe (Intel Corporation)
PRC - C:\Program Files\Intel\Intel Matrix Storage Manager\IAAnotif.exe (Intel Corporation)
PRC - C:\Program Files\Digital Line Detect\DLG.exe (Avanquest Software )


========== Modules (SafeList) ==========

MOD - C:\Users\Brenda\Desktop\OTL.exe (OldTimer Tools)
MOD - C:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7600.16661_none_420fe3fa2b8113bd\comctl32.dll (Microsoft Corporation)
MOD - C:\Windows\System32\sspicli.dll (Microsoft Corporation)
MOD - C:\Windows\System32\sechost.dll (Microsoft Corporation)
MOD - C:\Windows\System32\profapi.dll (Microsoft Corporation)
MOD - C:\Windows\System32\KernelBase.dll (Microsoft Corporation)
MOD - C:\Windows\System32\dwmapi.dll (Microsoft Corporation)
MOD - C:\Windows\System32\devobj.dll (Microsoft Corporation)
MOD - C:\Windows\System32\cryptbase.dll (Microsoft Corporation)
MOD - C:\Windows\System32\cfgmgr32.dll (Microsoft Corporation)


========== Win32 Services (SafeList) ==========

SRV - (Pml Driver HPZ12) -- C:\Windows\System32\HPZipm12.dll File not found
SRV - (Net Driver HPZ12) -- C:\Windows\System32\HPZinw12.dll File not found
SRV - (AntiVirService) -- C:\Program Files\Avira\AntiVir Desktop\avguard.exe (Avira GmbH)
SRV - (GoogleDesktopManager-051210-111108) -- C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe (Google)
SRV - (Lavasoft Ad-Aware Service) -- C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe (Lavasoft)
SRV - (AntiVirSchedulerService) -- C:\Program Files\Avira\AntiVir Desktop\sched.exe (Avira GmbH)
SRV - (Apple Mobile Device) -- C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe (Apple Inc.)
SRV - (SprintRcAppSvc) -- C:\Program Files\Sprint\Sprint SmartView\RcAppSvc.exe (SmithMicro Inc.)
SRV - (CASprint) -- C:\Program Files\Sprint\Sprint SmartView\ConAppsSvc.exe (SmithMicro Inc.)
SRV - (SeaPort) -- C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe (Microsoft Corporation)
SRV - (WatAdminSvc) -- C:\Windows\System32\Wat\WatAdminSvc.exe (Microsoft Corporation)
SRV - (NvtlService) -- C:\Program Files\Novatel Wireless\Novacore\Server\NvtlSrvr.exe ()
SRV - (WwanSvc) -- C:\Windows\System32\wwansvc.dll (Microsoft Corporation)
SRV - (WbioSrvc) -- C:\Windows\System32\wbiosrvc.dll (Microsoft Corporation)
SRV - (Power) -- C:\Windows\System32\umpo.dll (Microsoft Corporation)
SRV - (Themes) -- C:\Windows\System32\themeservice.dll (Microsoft Corporation)
SRV - (sppuinotify) -- C:\Windows\System32\sppuinotify.dll (Microsoft Corporation)
SRV - (RpcEptMapper) -- C:\Windows\System32\RpcEpMap.dll (Microsoft Corporation)
SRV - (SensrSvc) -- C:\Windows\System32\sensrsvc.dll (Microsoft Corporation)
SRV - (PNRPsvc) -- C:\Windows\System32\pnrpsvc.dll (Microsoft Corporation)
SRV - (p2pimsvc) -- C:\Windows\System32\pnrpsvc.dll (Microsoft Corporation)
SRV - (HomeGroupProvider) -- C:\Windows\System32\provsvc.dll (Microsoft Corporation)
SRV - (PNRPAutoReg) -- C:\Windows\System32\pnrpauto.dll (Microsoft Corporation)
SRV - (WinDefend) -- C:\Program Files\Windows Defender\MpSvc.dll (Microsoft Corporation)
SRV - (HomeGroupListener) -- C:\Windows\System32\ListSvc.dll (Microsoft Corporation)
SRV - (FontCache) -- C:\Windows\System32\FntCache.dll (Microsoft Corporation)
SRV - (Dhcp) -- C:\Windows\System32\dhcpcore.dll (Microsoft Corporation)
SRV - (defragsvc) -- C:\Windows\System32\defragsvc.dll (Microsoft Corporation)
SRV - (BDESVC) -- C:\Windows\System32\bdesvc.dll (Microsoft Corporation)
SRV - (AxInstSV) ActiveX Installer (AxInstSV) -- C:\Windows\System32\AxInstSv.dll (Microsoft Corporation)
SRV - (AppIDSvc) -- C:\Windows\System32\appidsvc.dll (Microsoft Corporation)
SRV - (sppsvc) -- C:\Windows\System32\sppsvc.exe (Microsoft Corporation)
SRV - (sprtsvc_dellsupportcenter) SupportSoft Sprocket Service (dellsupportcenter) -- C:\Program Files\Dell Support Center\bin\sprtsvc.exe (SupportSoft, Inc.)
SRV - (GoToAssist) -- C:\Program Files\Citrix\GoToAssist\514\g2aservice.exe (Citrix Online, a division of Citrix Systems, Inc.)
SRV - (AESTFilters) -- C:\Windows\System32\AEstSrv.exe (Andrea Electronics Corporation)
SRV - (STacSV) -- C:\Windows\System32\stacsv.exe (IDT, Inc.)
SRV - (IAANTMON) Intel® -- C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTmon.exe (Intel Corporation)
SRV - (AOL ACS) -- C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe (AOL LLC)


========== Driver Services (SafeList) ==========

DRV - (catchme) -- C:\Users\Brenda\AppData\Local\Temp\catchme.sys File not found
DRV - (BCM42RLY) -- C:\Windows\System32\drivers\BCM42RLY.sys File not found
DRV - (avipbb) -- C:\Windows\System32\drivers\avipbb.sys (Avira GmbH)
DRV - (avgntflt) -- C:\Windows\System32\drivers\avgntflt.sys (Avira GmbH)
DRV - (Lavasoft Kernexplorer) -- C:\Program Files\Lavasoft\Ad-Aware\kernexplorer.sys ()
DRV - (Lbd) -- C:\Windows\system32\DRIVERS\Lbd.sys (Lavasoft AB)
DRV - (NWADI) -- C:\Windows\System32\drivers\NWADIenum.sys (Novatel Wireless Inc)
DRV - (tcpipBM) -- C:\Windows\System32\drivers\tcpipBM.sys (Bytemobile, Inc.)
DRV - (Nmea) -- C:\Windows\System32\drivers\pctnullport.sys (PCTEL Inc.)
DRV - (PCTINDIS5) -- C:\Windows\System32\PCTINDIS5.sys (Smith Micro Inc.)
DRV - (SASKUTIL) -- C:\Program Files\SUPERAntiSpyware\SASKUTIL.SYS (SUPERAdBlocker.com and SUPERAntiSpyware.com)
DRV - (SASDIFSV) -- C:\Program Files\SUPERAntiSpyware\sasdifsv.sys (SUPERAdBlocker.com and SUPERAntiSpyware.com)
DRV - (bcm) -- C:\Windows\System32\drivers\drxvi314.sys (Beceem communications pvt ltd.)
DRV - (bcmbusctr) -- C:\Windows\System32\drivers\BcmBusCtr.sys (Beceem communications pvt ltd.)
DRV - (KSecPkg) -- C:\Windows\System32\Drivers\ksecpkg.sys (Microsoft Corporation)
DRV - (yukonw7) -- C:\Windows\System32\drivers\yk62x86.sys ()
DRV - (igfx) -- C:\Windows\System32\drivers\igdkmd32.sys (Intel Corporation)
DRV - (cmdide) -- C:\Windows\system32\DRIVERS\cmdide.sys (CMD Technology, Inc.)
DRV - (adpahci) -- C:\Windows\system32\DRIVERS\adpahci.sys (Adaptec, Inc.)
DRV - (adp94xx) -- C:\Windows\system32\DRIVERS\adp94xx.sys (Adaptec, Inc.)
DRV - (amdsbs) -- C:\Windows\system32\DRIVERS\amdsbs.sys (AMD Technologies Inc.)
DRV - (adpu320) -- C:\Windows\system32\DRIVERS\adpu320.sys (Adaptec, Inc.)
DRV - (arcsas) -- C:\Windows\system32\DRIVERS\arcsas.sys (Adaptec, Inc.)
DRV - (amdsata) -- C:\Windows\system32\DRIVERS\amdsata.sys (Advanced Micro Devices)
DRV - (arc) -- C:\Windows\system32\DRIVERS\arc.sys (Adaptec, Inc.)
DRV - (amdxata) -- C:\Windows\system32\DRIVERS\amdxata.sys (Advanced Micro Devices)
DRV - (aliide) -- C:\Windows\system32\DRIVERS\aliide.sys (Acer Laboratories Inc.)
DRV - (nvstor) -- C:\Windows\system32\DRIVERS\nvstor.sys (NVIDIA Corporation)
DRV - (nvraid) -- C:\Windows\system32\DRIVERS\nvraid.sys (NVIDIA Corporation)
DRV - (nfrd960) -- C:\Windows\system32\DRIVERS\nfrd960.sys (IBM Corporation)
DRV - (LSI_SAS) -- C:\Windows\system32\DRIVERS\lsi_sas.sys (LSI Corporation)
DRV - (iaStorV) -- C:\Windows\system32\DRIVERS\iaStorV.sys (Intel Corporation)
DRV - (MegaSR) -- C:\Windows\system32\DRIVERS\MegaSR.sys (LSI Corporation, Inc.)
DRV - (LSI_SCSI) -- C:\Windows\system32\DRIVERS\lsi_scsi.sys (LSI Corporation)
DRV - (LSI_FC) -- C:\Windows\system32\DRIVERS\lsi_fc.sys (LSI Corporation)
DRV - (LSI_SAS2) -- C:\Windows\system32\DRIVERS\lsi_sas2.sys (LSI Corporation)
DRV - (iirsp) -- C:\Windows\system32\DRIVERS\iirsp.sys (Intel Corp./ICP vortex GmbH)
DRV - (megasas) -- C:\Windows\system32\DRIVERS\megasas.sys (LSI Corporation)
DRV - (hwpolicy) -- C:\Windows\System32\drivers\hwpolicy.sys (Microsoft Corporation)
DRV - (elxstor) -- C:\Windows\system32\DRIVERS\elxstor.sys (Emulex)
DRV - (aic78xx) -- C:\Windows\system32\DRIVERS\djsvs.sys (Adaptec, Inc.)
DRV - (HpSAMD) -- C:\Windows\system32\DRIVERS\HpSAMD.sys (Hewlett-Packard Company)
DRV - (FsDepends) -- C:\Windows\System32\drivers\fsdepends.sys (Microsoft Corporation)
DRV - (vsmraid) -- C:\Windows\system32\DRIVERS\vsmraid.sys (VIA Technologies Inc.,Ltd)
DRV - (vhdmp) -- C:\Windows\system32\DRIVERS\vhdmp.sys (Microsoft Corporation)
DRV - (vdrvroot) -- C:\Windows\system32\DRIVERS\vdrvroot.sys (Microsoft Corporation)
DRV - (WIMMount) -- C:\Windows\System32\drivers\wimmount.sys (Microsoft Corporation)
DRV - (viaide) -- C:\Windows\system32\DRIVERS\viaide.sys (VIA Technologies, Inc.)
DRV - (ql2300) -- C:\Windows\system32\DRIVERS\ql2300.sys (QLogic Corporation)
DRV - (rdyboost) -- C:\Windows\System32\drivers\rdyboost.sys (Microsoft Corporation)
DRV - (ql40xx) -- C:\Windows\system32\DRIVERS\ql40xx.sys (QLogic Corporation)
DRV - (SiSRaid4) -- C:\Windows\system32\DRIVERS\sisraid4.sys (Silicon Integrated Systems)
DRV - (pcw) -- C:\Windows\System32\drivers\pcw.sys (Microsoft Corporation)
DRV - (SiSRaid2) -- C:\Windows\system32\DRIVERS\SiSRaid2.sys (Silicon Integrated Systems Corp.)
DRV - (stexstor) -- C:\Windows\system32\DRIVERS\stexstor.sys (Promise Technology)
DRV - (CNG) -- C:\Windows\System32\Drivers\cng.sys (Microsoft Corporation)
DRV - (Brserid) Brother MFC Serial Port Interface Driver (WDM) -- C:\Windows\System32\Drivers\Brserid.sys (Brother Industries Ltd.)
DRV - (WSDPrintDevice) -- C:\Windows\System32\drivers\WSDPrint.sys (Microsoft Corporation)
DRV - (rdpbus) -- C:\Windows\system32\DRIVERS\rdpbus.sys (Microsoft Corporation)
DRV - (RDPREFMP) -- C:\Windows\System32\drivers\RDPREFMP.sys (Microsoft Corporation)
DRV - (RasAgileVpn) WAN Miniport (IKEv2) -- C:\Windows\System32\drivers\agilevpn.sys (Microsoft Corporation)
DRV - (WfpLwf) -- C:\Windows\System32\drivers\wfplwf.sys (Microsoft Corporation)
DRV - (NdisCap) -- C:\Windows\System32\drivers\ndiscap.sys (Microsoft Corporation)
DRV - (vwifimp) -- C:\Windows\System32\drivers\vwifimp.sys (Microsoft Corporation)
DRV - (vwififlt) -- C:\Windows\System32\drivers\vwififlt.sys (Microsoft Corporation)
DRV - (vwifibus) -- C:\Windows\System32\drivers\vwifibus.sys (Microsoft Corporation)
DRV - (1394ohci) -- C:\Windows\System32\drivers\1394ohci.sys (Microsoft Corporation)
DRV - (UmPass) -- C:\Windows\system32\DRIVERS\umpass.sys (Microsoft Corporation)
DRV - (WinUsb) -- C:\Windows\System32\drivers\winusb.sys (Microsoft Corporation)
DRV - (mshidkmdf) -- C:\Windows\System32\drivers\mshidkmdf.sys (Microsoft Corporation)
DRV - (MTConfig) -- C:\Windows\system32\DRIVERS\MTConfig.sys (Microsoft Corporation)
DRV - (CompositeBus) -- C:\Windows\System32\drivers\CompositeBus.sys (Microsoft Corporation)
DRV - (AppID) -- C:\Windows\system32\drivers\appid.sys (Microsoft Corporation)
DRV - (scfilter) -- C:\Windows\System32\drivers\scfilter.sys (Microsoft Corporation)
DRV - (discache) -- C:\Windows\System32\drivers\discache.sys (Microsoft Corporation)
DRV - (AcpiPmi) -- C:\Windows\system32\DRIVERS\acpipmi.sys (Microsoft Corporation)
DRV - (AmdPPM) -- C:\Windows\system32\DRIVERS\amdppm.sys (Microsoft Corporation)
DRV - (hcw85cir) -- C:\Windows\system32\drivers\hcw85cir.sys (Hauppauge Computer Works, Inc.)
DRV - (BrUsbMdm) -- C:\Windows\System32\Drivers\BrUsbMdm.sys (Brother Industries Ltd.)
DRV - (BrUsbSer) -- C:\Windows\System32\Drivers\BrUsbSer.sys (Brother Industries Ltd.)
DRV - (BrSerWdm) -- C:\Windows\System32\Drivers\BrSerWdm.sys (Brother Industries Ltd.)
DRV - (BrFiltLo) -- C:\Windows\system32\DRIVERS\BrFiltLo.sys (Brother Industries, Ltd.)
DRV - (BrFiltUp) -- C:\Windows\system32\DRIVERS\BrFiltUp.sys (Brother Industries, Ltd.)
DRV - (b57nd60x) -- C:\Windows\System32\drivers\b57nd60x.sys (Broadcom Corporation)
DRV - (ebdrv) -- C:\Windows\system32\DRIVERS\evbdx.sys (Broadcom Corporation)
DRV - (b06bdrv) -- C:\Windows\system32\DRIVERS\bxvbdx.sys (Broadcom Corporation)
DRV - (BCM43XX) -- C:\Windows\System32\drivers\BCMWL6.SYS (Broadcom Corporation)
DRV - (ssmdrv) -- C:\Windows\System32\drivers\ssmdrv.sys (Avira GmbH)
DRV - (cm_net) -- C:\Windows\System32\drivers\cm_net.sys (C-motech Co.,Ltd.)
DRV - (cm_ser) -- C:\Windows\System32\drivers\cm_ser.sys (C-motech Co.,Ltd.)
DRV - (ApfiltrService) -- C:\Windows\System32\drivers\Apfiltr.sys (Alps Electric Co., Ltd.)
DRV - (IntcHdmiAddService) Intel® -- C:\Windows\System32\drivers\IntcHdmi.sys (Intel® Corporation)
DRV - (OEM02Vfx) -- C:\Windows\System32\drivers\OEM02Vfx.sys (EyePower Games Pte. Ltd.)
DRV - (OEM02Dev) -- C:\Windows\System32\drivers\OEM02Dev.sys (Creative Technology Ltd.)
DRV - (STHDA) -- C:\Windows\System32\drivers\stwrt.sys (IDT, Inc.)
DRV - (iaStor) -- C:\Windows\system32\DRIVERS\iaStor.sys (Intel Corporation)
DRV - (rismxdp) -- C:\Windows\System32\drivers\rixdptsk.sys (REDC)
DRV - (rimmptsk) -- C:\Windows\System32\drivers\rimmptsk.sys (REDC)
DRV - (rimsptsk) -- C:\Windows\System32\drivers\rimsptsk.sys (REDC)
DRV - (HSF_DPV) -- C:\Windows\System32\drivers\HSX_DPV.sys (Conexant Systems, Inc.)
DRV - (HSXHWAZL) -- C:\Windows\System32\drivers\HSXHWAZL.sys (Conexant Systems, Inc.)
DRV - (winachsf) -- C:\Windows\System32\drivers\HSX_CNXT.sys (Conexant Systems, Inc.)
DRV - (XAudio) -- C:\Windows\System32\drivers\XAudio.sys (Conexant Systems, Inc.)
DRV - (usbbus) -- C:\Windows\System32\drivers\lgusbbus.sys (LG Electronics Inc.)


========== Standard Registry (All) ==========


========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL = [binary data]
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Extensions Off Page = about:NoAdd-ons
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\System32\blank.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Security Risk Page = about:SecurityRisk
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,CustomizeSearch = http://ie.search.msn.com/{SUB_RFC1766}/srchasst/srchcust.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = http://ie.search.msn.com/{SUB_RFC1766}/srchasst/srchasst.htm
IE - HKLM\..\URLSearchHook: {9565115d-c7d6-46d3-bd63-b67b481a4368} - C:\Program Files\PageRage\tbPag1.dll (Conduit Ltd.)

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\system32\blank.htm
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Page_Transitions = 1
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.com/
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,StartPageCache = 1
IE - HKCU\..\URLSearchHook: {9565115d-c7d6-46d3-bd63-b67b481a4368} - C:\Program Files\PageRage\tbPag1.dll (Conduit Ltd.)
IE - HKCU\..\URLSearchHook: {CFBFAE00-17A6-11D0-99CB-00C04FD64497} - C:\Windows\System32\ieframe.dll (Microsoft Corporation)
IE - HKCU\..\URLSearchHook: {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll (Yahoo! Inc.)
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local;<local>

FF - HKLM\software\mozilla\Firefox\Extensions\\{20a82645-c095-46ed-80e3-08825760534b}: c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\ [2010/01/30 14:05:43 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Firefox\Extensions\\msntoolbar@msn.com: C:\Program Files\MSN Toolbar\Platform\4.0.0360.0\Firefox [2010/08/26 20:52:09 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Firefox\Extensions\\{27182e60-b5f3-411c-b545-b44205977502}: C:\Program Files\Microsoft\Search Enhancement Pack\Search Helper\firefoxextension\SearchHelperExtension\ [2010/08/26 20:52:09 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Firefox\Extensions\\smartwebprinting@hp.com: C:\Program Files\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3 [2010/10/12 14:13:49 | 000,000,000 | ---D | M]


O1 HOSTS File: ([2010/12/20 00:02:13 | 000,000,027 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O2 - BHO: (&Yahoo! Toolbar Helper) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll (Yahoo! Inc.)
O2 - BHO: (HP Print Enhancer) - {0347C33E-8762-4905-BF09-768834316C61} - C:\Program Files\HP\Digital Imaging\smart web printing\hpswp_printenhancer.dll (Hewlett-Packard Co.)
O2 - BHO: (Adobe PDF Link Helper) - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll (Adobe Systems Incorporated)
O2 - BHO: (Search Helper) - {6EBF7485-159F-4bff-A14F-B9E3AAC4465B} - C:\Program Files\Microsoft\Search Enhancement Pack\Search Helper\SEPsearchhelperie.dll (Microsoft Corporation)
O2 - BHO: (Windows Live ID Sign-in Helper) - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\microsoft shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corporation)
O2 - BHO: (PageRage Toolbar) - {9565115d-c7d6-46d3-bd63-b67b481a4368} - C:\Program Files\PageRage\tbPag1.dll (Conduit Ltd.)
O2 - BHO: (Google Toolbar Helper) - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files\Google\Google Toolbar\GoogleToolbar.dll ()
O2 - BHO: (Google Toolbar Notifier BHO) - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.0.926.3450\swg.dll (Google Inc.)
O2 - BHO: (CBrowserHelperObject Object) - {CA6319C0-31B7-401E-A518-A07C3DB8F777} - C:\Program Files\Dell\BAE\BAE.dll (Dell Inc.)
O2 - BHO: (MSN Toolbar BHO) - {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - C:\Program Files\MSN Toolbar\Platform\4.0.0360.0\npwinext.dll (Microsoft Corporation)
O2 - BHO: (Java™ Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll (Sun Microsystems, Inc.)
O2 - BHO: (Yontoo Layers) - {FD72061E-9FDE-484D-A58A-0BAB4151CAD8} - C:\Program Files\Yontoo Layers Client\YontooIEClient.dll (Yontoo Technology, Inc.)
O2 - BHO: (SingleInstance Class) - {FDAD4DA1-61A2-4FD8-9C17-86F7AC245081} - C:\Program Files\Yahoo!\Companion\Installs\cpn\YTSingleInstance.dll (Yahoo! Inc)
O2 - BHO: (HP Smart BHO Class) - {FFFFFFFF-CF4E-4F2B-BDC2-0E72E116A856} - C:\Program Files\HP\Digital Imaging\smart web printing\hpswp_BHO.dll (Hewlett-Packard Co.)
O3 - HKLM\..\Toolbar: (&Google Toolbar) - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar.dll ()
O3 - HKLM\..\Toolbar: (MSN Toolbar) - {8dcb7100-df86-4384-8842-8fa844297b3f} - C:\Program Files\MSN Toolbar\Platform\4.0.0360.0\npwinext.dll (Microsoft Corporation)
O3 - HKLM\..\Toolbar: (PageRage Toolbar) - {9565115d-c7d6-46d3-bd63-b67b481a4368} - C:\Program Files\PageRage\tbPag1.dll (Conduit Ltd.)
O3 - HKLM\..\Toolbar: (Yahoo! Toolbar) - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll (Yahoo! Inc.)
O3 - HKCU\..\Toolbar\WebBrowser: (&Google Toolbar) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar.dll ()
O4 - HKLM..\Run: [Apoint] C:\Program Files\DellTPad\Apoint.exe (Alps Electric Co., Ltd.)
O4 - HKLM..\Run: [AppleSyncNotifier] C:\Program Files\Common Files\Apple\Mobile Device Support\AppleSyncNotifier.exe (Apple Inc.)
O4 - HKLM..\Run: [avgnt] C:\Program Files\Avira\AntiVir Desktop\avgnt.exe (Avira GmbH)
O4 - HKLM..\Run: [Broadcom Wireless Manager UI] C:\Windows\System32\WLTRAY.EXE (Dell Inc.)
O4 - HKLM..\Run: [DELL Webcam Manager] C:\Program Files\Dell\Dell Webcam Manager\DellWMgr.exe (Creative Technology Ltd.)
O4 - HKLM..\Run: [dellsupportcenter] C:\Program Files\Dell Support Center\bin\sprtcmd.exe (SupportSoft, Inc.)
O4 - HKLM..\Run: [dscactivate] C:\Program Files\Dell Support Center\gs_agent\custom\dsca.exe ( )
O4 - HKLM..\Run: [Google Desktop Search] C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe (Google)
O4 - HKLM..\Run: [HotKeysCmds] C:\Windows\System32\hkcmd.exe (Intel Corporation)
O4 - HKLM..\Run: [hpqSRMon] C:\Program Files\HP\Digital Imaging\bin\HpqSRmon.exe (Hewlett-Packard)
O4 - HKLM..\Run: [IAAnotif] C:\Program Files\Intel\Intel Matrix Storage Manager\Iaanotif.exe (Intel Corporation)
O4 - HKLM..\Run: [IgfxTray] C:\Windows\System32\igfxtray.exe (Intel Corporation)
O4 - HKLM..\Run: [iTunesHelper] C:\Program Files\iTunes\iTunesHelper.exe (Apple Inc.)
O4 - HKLM..\Run: [Microsoft Default Manager] C:\Program Files\Microsoft\Search Enhancement Pack\Default Manager\DefMgr.exe (Microsoft Corporation)
O4 - HKLM..\Run: [Mobile Connectivity Suite] C:\Program Files\HTC\HTC Sync\Application Launcher\Application Launcher.exe (Teleca Sweden AB)
O4 - HKLM..\Run: [OEM02Mon.exe] C:\Windows\OEM02Mon.exe (Creative Technology Ltd.)
O4 - HKLM..\Run: [PCMService] C:\Program Files\Dell\MediaDirect\PCMService.exe (CyberLink Corp.)
O4 - HKLM..\Run: [Persistence] C:\Windows\System32\igfxpers.exe (Intel Corporation)
O4 - HKLM..\Run: [QuickTime Task] C:\Program Files\QuickTime\QTTask.exe (Apple Inc.)
O4 - HKLM..\Run: [RDVCHG] C:\Program Files\Sprint\Sprint SmartView\RDVCHG.exe (C-motech Co.,Ltd)
O4 - HKLM..\Run: [SunJavaUpdateSched] C:\Program Files\Common Files\Java\Java Update\jusched.exe (Sun Microsystems, Inc.)
O4 - HKCU..\Run: [cdloader] C:\Users\Brenda\AppData\Roaming\mjusbsp\cdloader2.exe (magicJack L.P.)
O4 - HKCU..\Run: [DellSupportCenter] C:\Program Files\Dell Support Center\bin\sprtcmd.exe (SupportSoft, Inc.)
O4 - HKCU..\Run: [ehTray.exe] C:\Windows\ehome\ehtray.exe (Microsoft Corporation)
O4 - HKCU..\Run: [Google Update] C:\Users\Brenda\AppData\Local\Google\Update\GoogleUpdate.exe (Google Inc.)
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: BindDirectlyToPropertySetStorage = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableInstallerDetection = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLUA = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableSecureUIAPaths = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableUIADesktopToggle = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableVirtualization = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: PromptOnSecureDesktop = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ValidateAdminCodeSignatures = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: dontdisplaylastusername = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: legalnoticecaption =
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: scforceoption = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: shutdownwithoutlogon = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: undockwithoutlogon = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: FilterAdministratorToken = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: legalnoticetext =
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: DisableRegistryTools = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats: CF_TEXT = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats: CF_BITMAP = 2
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats: CF_OEMTEXT = 7
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats: CF_DIB = 8
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats: CF_PALETTE = 9
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats: CF_UNICODETEXT = 13
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats: CF_DIBV5 = 17
O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O9 - Extra Button: PokerStars - {3AD14F0C-ED16-4e43-B6D8-661B03F6A1EF} - C:\Program Files\PokerStars\PokerStarsUpdate.exe (PokerStars)
O9 - Extra Button: Show or hide HP Smart Web Printing - {DDE87865-83C5-48c4-8357-2F5B1AA84522} - C:\Program Files\HP\Digital Imaging\smart web printing\hpswp_BHO.dll (Hewlett-Packard Co.)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000001 [] - C:\Windows\System32\nlaapi.dll (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000002 [] - C:\Windows\System32\NapiNSP.dll (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000003 [] - C:\Windows\System32\pnrpnsp.dll (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000004 [] - C:\Windows\System32\pnrpnsp.dll (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000005 [] - C:\Windows\System32\mswsock.dll (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000006 [] - C:\Windows\System32\winrnr.dll (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000007 [] - C:\Program Files\Common Files\microsoft shared\Windows Live\WLIDNSP.DLL (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000008 [] - C:\Program Files\Common Files\microsoft shared\Windows Live\WLIDNSP.DLL (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000009 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O10 - Protocol_Catalog9\Catalog_Entries\000000000001 - File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000002 - File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000003 - File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000004 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000005 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000006 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000007 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000008 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000009 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000010 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000011 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000012 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000013 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000014 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000015 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000016 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000017 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000018 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000019 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000020 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000021 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000022 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000023 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000024 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000025 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000026 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000027 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000028 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000029 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000030 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000031 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000032 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000033 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000034 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000035 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000036 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000037 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000038 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000039 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000040 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000041 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000042 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000043 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000044 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000045 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)
O15 - HKCU\..Trusted Domains: localhost ([]http in Local intranet)
O15 - HKCU\..Trusted Ranges: GD ([http] in Local intranet)
O16 - DPF: {73ECB3AA-4717-450C-A2AB-D00DAD9EE203} http://h20270.www2.hp.com/ediags/gmn2/install/HPProductDetection2.cab (GMNRev Class)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_23-windows-i586.cab (Java Plug-in 1.6.0_23)
O16 - DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} http://fpdownload.macromedia.com/get/flashplayer/current/polarbear/ultrashim.cab (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_23-windows-i586.cab (Java Plug-in 1.6.0_23)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_23-windows-i586.cab (Java Plug-in 1.6.0_23)
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab (Reg Error: Key error.)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.254
O18 - Protocol\Handler\about {3050F406-98B5-11CF-BB82-00AA00BDCE0B} - C:\Windows\System32\mshtml.dll (Microsoft Corporation)
O18 - Protocol\Handler\cdl {3dd53d40-7b8b-11D0-b013-00aa0059ce02} - C:\Windows\System32\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Handler\dvd {12D51199-0DB5-46FE-A120-47A3D7D937CC} - C:\Windows\System32\MSVidCtl.dll (Microsoft Corporation)
O18 - Protocol\Handler\file {79eac9e7-baf9-11ce-8c82-00aa004ba90b} - C:\Windows\System32\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Handler\ftp {79eac9e3-baf9-11ce-8c82-00aa004ba90b} - C:\Windows\System32\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Handler\gopher {79eac9e4-baf9-11ce-8c82-00aa004ba90b} - C:\Windows\System32\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Handler\http {79eac9e2-baf9-11ce-8c82-00aa004ba90b} - C:\Windows\System32\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Handler\https {79eac9e5-baf9-11ce-8c82-00aa004ba90b} - C:\Windows\System32\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Handler\its {9D148291-B9C8-11D0-A4CC-0000F80149F6} - C:\Windows\System32\itss.dll (Microsoft Corporation)
O18 - Protocol\Handler\javascript {3050F3B2-98B5-11CF-BB82-00AA00BDCE0B} - C:\Windows\System32\mshtml.dll (Microsoft Corporation)
O18 - Protocol\Handler\local {79eac9e7-baf9-11ce-8c82-00aa004ba90b} - C:\Windows\System32\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Handler\mailto {3050f3DA-98B5-11CF-BB82-00AA00BDCE0B} - C:\Windows\System32\mshtml.dll (Microsoft Corporation)
O18 - Protocol\Handler\mhtml {05300401-BCBC-11d0-85E3-00C04FD85AB4} - C:\Windows\System32\inetcomm.dll (Microsoft Corporation)
O18 - Protocol\Handler\mk {79eac9e6-baf9-11ce-8c82-00aa004ba90b} - C:\Windows\System32\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Handler\ms-its {9D148291-B9C8-11D0-A4CC-0000F80149F6} - C:\Windows\System32\itss.dll (Microsoft Corporation)
O18 - Protocol\Handler\ms-itss {0A9007C0-4076-11D3-8789-0000F8105754} - C:\Program Files\Common Files\microsoft shared\Information Retrieval\msitss.dll (Microsoft Corporation)
O18 - Protocol\Handler\res {3050F3BC-98B5-11CF-BB82-00AA00BDCE0B} - C:\Windows\System32\mshtml.dll (Microsoft Corporation)
O18 - Protocol\Handler\tv {CBD30858-AF45-11D2-B6D6-00C04FBBDE6E} - C:\Windows\System32\MSVidCtl.dll (Microsoft Corporation)
O18 - Protocol\Handler\vbscript {3050F3B2-98B5-11CF-BB82-00AA00BDCE0B} - C:\Windows\System32\mshtml.dll (Microsoft Corporation)
O18 - Protocol\Filter\application/octet-stream {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - C:\Windows\System32\mscoree.dll (Microsoft Corporation)
O18 - Protocol\Filter\application/x-complus {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - C:\Windows\System32\mscoree.dll (Microsoft Corporation)
O18 - Protocol\Filter\application/x-msdownload {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - C:\Windows\System32\mscoree.dll (Microsoft Corporation)
O18 - Protocol\Filter\deflate {8f6b0360-b80d-11d0-a9b3-006097942311} - C:\Windows\System32\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Filter\gzip {8f6b0360-b80d-11d0-a9b3-006097942311} - C:\Windows\System32\urlmon.dll (Microsoft Corporation)
O20 - AppInit_DLLs: (C:\PROGRA~1\GOOGLE\GOOGLE~1\GOOGLEDESKTOPNETWORK3.DLL) - C:\Program Files\Google\Google Desktop Search\GoogleDesktopNetwork3.dll (Google)
O20 - AppInit_DLLs: (C:\PROGRA~1\GOOGLE\GOOGLE~1\GO36F4~1.DLL) - C:\Program Files\Google\Google Desktop Search\GoogleDesktopNetwork3.dll (Google)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\System32\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\System32\SystemPropertiesPerformance.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (/pagefile) - File not found
O20 - Winlogon\Notify\GoToAssist: DllName - C:\Program Files\Citrix\GoToAssist\514\G2AWinLogon.dll - C:\Program Files\Citrix\GoToAssist\514\g2awinlogon.dll (Citrix Online, a division of Citrix Systems, Inc.)
O20 - Winlogon\Notify\igfxcui: DllName - igfxdev.dll - C:\Windows\System32\igfxdev.dll (Intel Corporation)
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - C:\Windows\System32\webcheck.dll (Microsoft Corporation)
O24 - Desktop WallPaper: C:\Users\Brenda\AppData\Roaming\Microsoft\Windows Photo Gallery\Windows Photo Gallery Wallpaper.jpg
O24 - Desktop BackupWallPaper: C:\Users\Brenda\AppData\Roaming\Microsoft\Windows Photo Gallery\Windows Photo Gallery Wallpaper.jpg
O28 - HKLM ShellExecuteHooks: {AEB6717E-7E19-11d0-97EE-00C04FD91972} - Reg Error: Key error. File not found
O29 - HKLM SecurityProviders - (credssp.dll) - C:\Windows\System32\credssp.dll (Microsoft Corporation)
O30 - LSA: Authentication Packages - (msv1_0) - C:\Windows\System32\msv1_0.dll (Microsoft Corporation)
O30 - LSA: Security Packages - (kerberos) - C:\Windows\System32\kerberos.dll (Microsoft Corporation)
O30 - LSA: Security Packages - (msv1_0) - C:\Windows\System32\msv1_0.dll (Microsoft Corporation)
O30 - LSA: Security Packages - (schannel) - C:\Windows\System32\schannel.dll (Microsoft Corporation)
O30 - LSA: Security Packages - (wdigest) - C:\Windows\System32\wdigest.dll (Microsoft Corporation)
O30 - LSA: Security Packages - (tspkg) - C:\Windows\System32\tspkg.dll (Microsoft Corporation)
O30 - LSA: Security Packages - (pku2u) - C:\Windows\System32\pku2u.dll (Microsoft Corporation)
O30 - LSA: Security Packages - (livessp) - C:\Windows\System32\livessp.dll (Microsoft Corporation)
O31 - SafeBoot: AlternateShell - cmd.exe
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2009/06/10 16:42:20 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O34 - HKLM BootExecute: (lsdelete) - C:\Windows\System32\lsdelete.exe ()
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = ComFile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

========== Files/Folders - Created Within 30 Days ==========

[2010/12/28 17:02:25 | 000,602,624 | ---- | C] (OldTimer Tools) -- C:\Users\Brenda\Desktop\OTL.exe
[2010/12/25 23:23:10 | 000,026,504 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\drivers\Diskdump.sys
[2010/12/25 23:22:48 | 012,625,408 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wmploc.DLL
[2010/12/25 23:22:27 | 000,109,056 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\t2embed.dll
[2010/12/25 23:22:21 | 000,954,752 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mfc40.dll
[2010/12/25 23:22:20 | 000,954,288 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mfc40u.dll
[2010/12/21 00:16:44 | 000,000,000 | ---D | C] -- C:\Users\Brenda\AppData\Local\Apps
[2010/12/20 22:34:57 | 000,000,000 | ---D | C] -- C:\Users\Brenda\AppData\Roaming\SUPERAntiSpyware.com
[2010/12/20 22:34:57 | 000,000,000 | ---D | C] -- C:\ProgramData\SUPERAntiSpyware.com
[2010/12/20 22:34:51 | 000,000,000 | ---D | C] -- C:\Program Files\SUPERAntiSpyware
[2010/12/20 22:34:05 | 009,953,832 | ---- | C] (SUPERAntiSpyware.com) -- C:\Users\Brenda\Desktop\SUPERAntiSpyware.exe
[2010/12/20 00:04:32 | 000,000,000 | -HSD | C] -- C:\$RECYCLE.BIN
[2010/12/19 23:52:03 | 000,161,792 | ---- | C] (SteelWerX) -- C:\Windows\SWREG.exe
[2010/12/19 23:52:03 | 000,136,704 | ---- | C] (SteelWerX) -- C:\Windows\SWSC.exe
[2010/12/19 23:52:03 | 000,031,232 | ---- | C] (NirSoft) -- C:\Windows\NIRCMD.exe
[2010/12/19 23:49:53 | 000,212,480 | ---- | C] (SteelWerX) -- C:\Windows\SWXCACLS.exe
[2010/12/19 23:49:23 | 000,000,000 | ---D | C] -- C:\Windows\ERDNT
[2010/12/19 23:49:02 | 000,000,000 | ---D | C] -- C:\Qoobox
[2010/12/19 23:23:22 | 001,345,624 | ---- | C] (Kaspersky Lab ZAO) -- C:\Users\Brenda\Desktop\tdsskiller.exe
[2010/12/18 09:50:11 | 000,157,472 | ---- | C] (Sun Microsystems, Inc.) -- C:\Windows\System32\javaws.exe
[2010/12/18 09:50:11 | 000,145,184 | ---- | C] (Sun Microsystems, Inc.) -- C:\Windows\System32\javaw.exe
[2010/12/18 09:50:11 | 000,145,184 | ---- | C] (Sun Microsystems, Inc.) -- C:\Windows\System32\java.exe
[2010/12/17 21:10:49 | 000,000,000 | ---D | C] -- C:\Users\Brenda\Desktop\gmer
[2010/12/17 21:08:07 | 000,000,000 | ---D | C] -- C:\Program Files\7-Zip
[2010/12/17 19:51:47 | 000,000,000 | ---D | C] -- C:\Windows\Sun
[2010/12/17 17:55:20 | 000,000,000 | ---D | C] -- C:\Windows\System32\%LocalAppData%
[2010/12/15 23:16:12 | 000,000,000 | ---D | C] -- C:\d960baba48f633e78fe6
[2010/12/15 23:16:01 | 000,000,000 | ---D | C] -- C:\Program Files\Feedback Tool
[2010/12/10 22:53:29 | 000,000,000 | ---D | C] -- C:\Users\Brenda\Documents\Resume
[2010/12/10 19:54:12 | 000,000,000 | ---D | C] -- C:\Program Files\iPod
[2010/12/10 19:54:11 | 000,000,000 | ---D | C] -- C:\Program Files\iTunes
[2010/12/10 19:47:04 | 000,000,000 | ---D | C] -- C:\Program Files\QuickTime
[2010/12/01 22:53:49 | 000,000,000 | ---D | C] -- C:\Users\Brenda\AppData\Roaming\Teleca
[2010/12/01 22:53:49 | 000,000,000 | ---D | C] -- C:\Users\Brenda\AppData\Local\HTC
[2010/12/01 22:53:33 | 000,000,000 | ---D | C] -- C:\ProgramData\HTC
[2010/12/01 22:53:28 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Teleca Shared
[2010/12/01 22:53:28 | 000,000,000 | ---D | C] -- C:\ProgramData\Teleca
[2010/12/01 22:52:38 | 000,000,000 | ---D | C] -- C:\Program Files\Spirent Communications
[2010/12/01 22:52:26 | 000,000,000 | ---D | C] -- C:\Program Files\HTC
[2010/11/29 17:38:30 | 000,094,208 | ---- | C] (Apple Inc.) -- C:\Windows\System32\QuickTimeVR.qtx
[2010/11/29 17:38:30 | 000,069,632 | ---- | C] (Apple Inc.) -- C:\Windows\System32\QuickTime.qts

========== Files - Modified Within 30 Days ==========

[2010/12/28 17:07:50 | 000,009,728 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2010/12/28 17:07:50 | 000,009,728 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2010/12/28 17:07:00 | 000,000,424 | -H-- | M] () -- C:\Windows\tasks\User_Feed_Synchronization-{752372BA-FF77-418E-87C9-578B12BD1AA6}.job
[2010/12/28 17:02:28 | 000,602,624 | ---- | M] (OldTimer Tools) -- C:\Users\Brenda\Desktop\OTL.exe
[2010/12/28 17:01:01 | 000,000,912 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-2950377186-3003291801-3831169716-1000UA.job
[2010/12/28 16:57:57 | 000,000,882 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2010/12/28 16:57:49 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2010/12/28 16:57:25 | 2408,087,552 | -HS- | M] () -- C:\hiberfil.sys
[2010/12/28 01:51:00 | 000,000,886 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2010/12/27 22:47:58 | 001,232,020 | ---- | M] () -- C:\Users\Brenda\Desktop\tdsskiller.zip
[2010/12/23 20:01:00 | 000,000,860 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-2950377186-3003291801-3831169716-1000Core.job
[2010/12/22 22:52:51 | 000,135,096 | ---- | M] (Avira GmbH) -- C:\Windows\System32\drivers\avipbb.sys
[2010/12/21 15:25:30 | 000,010,972 | ---- | M] () -- C:\Users\Brenda\AppData\Roaming\wklnhst.dat
[2010/12/20 22:34:53 | 000,001,967 | ---- | M] () -- C:\Users\Public\Desktop\SUPERAntiSpyware Free Edition.lnk
[2010/12/20 22:34:14 | 009,953,832 | ---- | M] (SUPERAntiSpyware.com) -- C:\Users\Brenda\Desktop\SUPERAntiSpyware.exe
[2010/12/20 00:02:13 | 000,000,027 | ---- | M] () -- C:\Windows\System32\drivers\etc\hosts
[2010/12/19 23:49:44 | 003,994,421 | R--- | M] () -- C:\Users\Brenda\Desktop\ComboFix.exe
[2010/12/19 23:36:35 | 000,089,088 | ---- | M] () -- C:\Users\Brenda\Desktop\mbr.exe
[2010/12/19 23:23:24 | 001,345,624 | ---- | M] (Kaspersky Lab ZAO) -- C:\Users\Brenda\Desktop\tdsskiller.exe
[2010/12/18 21:48:39 | 190,087,742 | ---- | M] () -- C:\Windows\MEMORY.DMP
[2010/12/18 21:42:25 | 000,660,787 | ---- | M] () -- C:\Users\Brenda\Desktop\iExplore.exe
[2010/12/18 21:05:44 | 000,619,502 | ---- | M] () -- C:\Windows\System32\perfh009.dat
[2010/12/18 21:05:44 | 000,105,646 | ---- | M] () -- C:\Windows\System32\perfc009.dat
[2010/12/17 21:10:22 | 000,288,107 | ---- | M] () -- C:\Users\Brenda\Desktop\gmer.zip
[2010/12/17 20:46:01 | 000,000,000 | ---- | M] () -- C:\Users\Brenda\defogger_reenable
[2010/12/17 20:45:47 | 000,050,477 | ---- | M] () -- C:\Users\Brenda\Desktop\Defogger.exe
[2010/12/17 20:30:05 | 000,007,605 | ---- | M] () -- C:\Users\Brenda\AppData\Local\Resmon.ResmonCfg
[2010/12/17 20:01:24 | 000,624,128 | ---- | M] () -- C:\Users\Brenda\Desktop\dds.scr
[2010/12/17 16:43:54 | 000,000,689 | ---- | M] () -- C:\Users\Public\Desktop\CCleaner.lnk
[2010/12/16 21:49:08 | 000,061,960 | ---- | M] (Avira GmbH) -- C:\Windows\System32\drivers\avgntflt.sys
[2010/12/16 10:10:09 | 000,000,134 | ---- | M] () -- C:\Users\Brenda\Desktop\Internet Explorer Troubleshooting.url
[2010/12/15 20:59:54 | 000,000,193 | ---- | M] () -- C:\Users\Brenda\Desktop\Welcome to Facebook.url
[2010/12/10 19:54:50 | 000,001,755 | ---- | M] () -- C:\Users\Public\Desktop\iTunes.lnk
[2010/12/10 19:48:04 | 000,001,152 | ---- | M] () -- C:\Windows\System32\mapisvc.inf
[2010/11/29 17:38:30 | 000,094,208 | ---- | M] (Apple Inc.) -- C:\Windows\System32\QuickTimeVR.qtx
[2010/11/29 17:38:30 | 000,069,632 | ---- | M] (Apple Inc.) -- C:\Windows\System32\QuickTime.qts

========== Files Created - No Company Name ==========

[2010/12/27 22:47:56 | 001,232,020 | ---- | C] () -- C:\Users\Brenda\Desktop\tdsskiller.zip
[2010/12/20 22:34:53 | 000,001,967 | ---- | C] () -- C:\Users\Public\Desktop\SUPERAntiSpyware Free Edition.lnk
[2010/12/19 23:52:03 | 000,256,512 | ---- | C] () -- C:\Windows\PEV.exe
[2010/12/19 23:52:03 | 000,098,816 | ---- | C] () -- C:\Windows\sed.exe
[2010/12/19 23:52:03 | 000,089,088 | ---- | C] () -- C:\Windows\MBR.exe
[2010/12/19 23:52:03 | 000,080,412 | ---- | C] () -- C:\Windows\grep.exe
[2010/12/19 23:52:03 | 000,068,096 | ---- | C] () -- C:\Windows\zip.exe
[2010/12/19 23:47:24 | 003,994,421 | R--- | C] () -- C:\Users\Brenda\Desktop\ComboFix.exe
[2010/12/19 23:36:34 | 000,089,088 | ---- | C] () -- C:\Users\Brenda\Desktop\mbr.exe
[2010/12/18 21:42:23 | 000,660,787 | ---- | C] () -- C:\Users\Brenda\Desktop\iExplore.exe
[2010/12/18 21:19:41 | 190,087,742 | ---- | C] () -- C:\Windows\MEMORY.DMP
[2010/12/17 21:10:21 | 000,288,107 | ---- | C] () -- C:\Users\Brenda\Desktop\gmer.zip
[2010/12/17 20:46:01 | 000,000,000 | ---- | C] () -- C:\Users\Brenda\defogger_reenable
[2010/12/17 20:45:46 | 000,050,477 | ---- | C] () -- C:\Users\Brenda\Desktop\Defogger.exe
[2010/12/17 20:30:05 | 000,007,605 | ---- | C] () -- C:\Users\Brenda\AppData\Local\Resmon.ResmonCfg
[2010/12/17 20:01:21 | 000,624,128 | ---- | C] () -- C:\Users\Brenda\Desktop\dds.scr
[2010/12/17 16:43:54 | 000,000,689 | ---- | C] () -- C:\Users\Public\Desktop\CCleaner.lnk
[2010/12/16 10:10:09 | 000,000,134 | ---- | C] () -- C:\Users\Brenda\Desktop\Internet Explorer Troubleshooting.url
[2010/12/15 20:59:53 | 000,000,193 | ---- | C] () -- C:\Users\Brenda\Desktop\Welcome to Facebook.url
[2010/12/10 19:54:50 | 000,001,755 | ---- | C] () -- C:\Users\Public\Desktop\iTunes.lnk
[2010/02/01 09:32:02 | 000,140,288 | ---- | C] () -- C:\Windows\System32\igfxtvcx.dll
[2010/01/31 19:09:40 | 000,043,653 | ---- | C] () -- C:\ProgramData\hpzinstall.log
[2009/09/28 09:22:00 | 000,315,392 | ---- | C] () -- C:\Windows\System32\drivers\yk62x86.sys
[2009/09/24 18:06:17 | 000,117,248 | ---- | C] () -- C:\Windows\System32\EhStorAuthn.dll
[2009/08/03 14:07:42 | 000,403,816 | ---- | C] () -- C:\Windows\System32\OGACheckControl.dll
[2009/07/13 18:51:43 | 000,073,728 | ---- | C] () -- C:\Windows\System32\BthpanContextHandler.dll
[2009/07/13 18:42:10 | 000,064,000 | ---- | C] () -- C:\Windows\System32\BWContextHandler.dll
[2008/10/19 21:10:47 | 000,024,206 | ---- | C] () -- C:\Users\Brenda\AppData\Roaming\UserTile.png
[2008/10/19 13:37:10 | 000,010,972 | ---- | C] () -- C:\Users\Brenda\AppData\Roaming\wklnhst.dat
[2008/10/16 22:25:17 | 000,000,000 | ---- | C] () -- C:\Windows\UltimateBuddy.INI
[2008/07/25 18:45:52 | 000,004,608 | ---- | C] () -- C:\Windows\System32\HdmiCoin.dll
[2008/07/25 18:45:48 | 000,016,480 | ---- | C] () -- C:\Windows\System32\rixdicon.dll
[2008/07/25 16:10:42 | 000,054,784 | ---- | C] () -- C:\Windows\System32\bcmwlrmt.dll

========== LOP Check ==========

[2010/01/30 14:14:45 | 000,000,000 | ---D | M] -- C:\Users\Brenda\AppData\Roaming\Amazon
[2010/11/20 20:10:26 | 000,000,000 | ---D | M] -- C:\Users\Brenda\AppData\Roaming\Bytemobile
[2010/11/07 20:41:33 | 000,000,000 | ---D | M] -- C:\Users\Brenda\AppData\Roaming\Fisher-Price
[2010/01/30 14:14:45 | 000,000,000 | ---D | M] -- C:\Users\Brenda\AppData\Roaming\GetRightToGo
[2010/01/30 14:14:45 | 000,000,000 | ---D | M] -- C:\Users\Brenda\AppData\Roaming\Image Zone Express
[2010/01/30 14:14:45 | 000,000,000 | ---D | M] -- C:\Users\Brenda\AppData\Roaming\iWin
[2010/01/30 14:14:49 | 000,000,000 | ---D | M] -- C:\Users\Brenda\AppData\Roaming\mjusbsp
[2010/01/30 14:14:50 | 000,000,000 | ---D | M] -- C:\Users\Brenda\AppData\Roaming\OpenOffice.org
[2010/01/30 14:14:52 | 000,000,000 | ---D | M] -- C:\Users\Brenda\AppData\Roaming\Printer Info Cache
[2010/11/20 20:08:06 | 000,000,000 | ---D | M] -- C:\Users\Brenda\AppData\Roaming\Sierra Wireless
[2010/11/09 15:16:05 | 000,000,000 | ---D | M] -- C:\Users\Brenda\AppData\Roaming\SoftGrid Client
[2010/11/20 20:11:21 | 000,000,000 | ---D | M] -- C:\Users\Brenda\AppData\Roaming\Sprint
[2010/12/01 23:17:39 | 000,000,000 | ---D | M] -- C:\Users\Brenda\AppData\Roaming\Teleca
[2010/01/30 14:14:53 | 000,000,000 | ---D | M] -- C:\Users\Brenda\AppData\Roaming\Template
[2008/10/18 22:01:21 | 000,000,000 | ---D | M] -- C:\Users\Brenda\AppData\Roaming\tmp
[2010/10/01 09:44:45 | 000,000,000 | ---D | M] -- C:\Users\Brenda\AppData\Roaming\TP
[2010/02/06 14:12:55 | 000,000,000 | ---D | M] -- C:\Users\Brenda\AppData\Roaming\Wal-Mart
[2010/12/17 20:15:23 | 000,032,564 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT
[2010/12/28 17:07:00 | 000,000,424 | -H-- | M] () -- C:\Windows\Tasks\User_Feed_Synchronization-{752372BA-FF77-418E-87C9-578B12BD1AA6}.job

========== Purity Check ==========



========== Alternate Data Streams ==========

@Alternate Data Stream - 130 bytes -> C:\ProgramData\TEMP:2CFBE2D1

< End of report >

OTL Extras logfile created on: 12/28/2010 5:05:47 PM - Run 1
OTL by OldTimer - Version 3.2.18.0 Folder = C:\Users\Brenda\Desktop
Home Premium Edition (Version = 6.1.7600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.7600.16385)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

3.00 Gb Total Physical Memory | 2.00 Gb Available Physical Memory | 53.00% Memory free
6.00 Gb Paging File | 5.00 Gb Available in Paging File | 75.00% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 220.32 Gb Total Space | 154.80 Gb Free Space | 70.26% Space Free | Partition Type: NTFS
Drive D: | 10.00 Gb Total Space | 5.68 Gb Free Space | 56.80% Space Free | Partition Type: NTFS

Computer Name: BRENDAS | User Name: Brenda | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Extra Registry (SafeList) ==========


========== File Associations ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\System32\control.exe (Microsoft Corporation)
.hlp [@ = hlpfile] -- C:\Windows\winhlp32.exe (Microsoft Corporation)

[HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>]
.html [@ = ChromeHTML] -- C:\Users\Brenda\AppData\Local\Google\Chrome\Application\chrome.exe (Google Inc.)

========== Shell Spawning ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
hlpfile [open] -- %SystemRoot%\winhlp32.exe %1 (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l (Microsoft Corporation)
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

========== Security Center Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1
"FirewallDisableNotify" = 0
"AntiVirusDisableNotify" = 0
"UpdatesDisableNotify" = 0

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"VistaSp1" = Reg Error: Unknown registry data type -- File not found
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]

========== System Restore Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]
"DisableSR" = 0

========== Firewall Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile]

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\StandardProfile]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1

========== Authorized Applications List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]


========== HKEY_LOCAL_MACHINE Uninstall List ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{002D9D5E-29BA-3E6D-9BC4-3D7D6DBC735C}" = Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148
"{06A1D88C-E102-4527-AF70-29FFD7AF215A}" = Scan
"{06E6E30D-B498-442F-A943-07DE41D7F785}" = Microsoft Search Enhancement Pack
"{08234a0d-cf39-4dca-99f0-0c5cb496da81}" = MSN Toolbar
"{0840B4D6-7DD1-4187-8523-E6FC0007EFB7}" = Windows Live ID Sign-in Assistant
"{08E81ABD-79F7-49C2-881F-FD6CB0975693}" = Roxio Creator Data
"{09760D42-E223-42AD-8C3E-55B47D0DDAC3}" = Roxio Creator DE
"{097CDB1E-07C9-40F1-9972-F0F9F3A287E4}" = Network
"{1458BB78-1DC5-4BC0-B9A3-2B644F5A8105}" = DeviceDiscovery
"{150B6201-E9E6-4DFB-960E-CCBD53FBDDED}" = HPProductAssistant
"{15619017-86DB-49F8-AD97-DC1BC616502E}" = ProductContext
"{15BC8CD0-A65B-47D0-A2DD-90A824590FA8}" = Microsoft Works
"{171E6C1E-B5FC-11DF-B115-005056C00008}" = Google Earth Plug-in
"{18669FF9-C8FE-407a-9F70-E674896B1DB4}" = GPBaseService
"{1D5E29AD-39A9-4D0A-A8B6-46A6FCD8C995}" = Live! Cam Avatar v1.0
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{1F54DAFA-9261-4A62-B59D-6C9F26B48FE4}" = Roxio Creator Tools
"{205C6BDD-7B73-42DE-8505-9A093F35A238}" = Windows Live Upload Tool
"{22B775E7-6C42-4FC5-8E10-9A5E3257BD94}" = MSVCRT
"{2318C2B1-4965-11d4-9B18-009027A5CD4F}" = Google Toolbar for Internet Explorer
"{26A24AE4-039D-4CA4-87B4-2F83216020FF}" = Java™ 6 Update 23
"{2750B389-A2D2-4953-99CA-27C1F2A8E6FD}" = Microsoft SQL Server 2005 Tools Express Edition
"{292F0F52-B62D-4E71-921B-89A682402201}" = Toolbox
"{2B4508B3-7403-44FF-8FBC-5CCD032E3635}" = MSN Toolbar Platform
"{30465B6C-B53F-49A1-9EBA-A3F187AD502E}" = Roxio Update Manager
"{308B6AEA-DE50-4666-996D-0FA461719D6B}" = Apple Mobile Device Support
"{3700194C-C5DD-439A-BE06-A66960CA4C70}" = MSVCSetup
"{3B540E44-8382-4899-B481-1E2E02E38F3E}" = 4660_4680_Help
"{3EB3B7E8-1466-405A-B5BC-44513AF85E34}_is1" = UltimateBet
"{3F92ABBB-6BBF-11D5-B229-002078017FBF}" = NetWaiting
"{42D68A86-DB1C-4256-B8C9-5D0D92919AF5}" = Banctec Service Agreement
"{4945F319-A24D-454C-A411-F3689987315D}" = HP OfficeJet J4600 All-In-One Series
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{4B6AD248-D3BF-426A-8D64-847288154F13}" = QuickSet
"{4E5386F5-C0F6-4532-A54A-374865AEAB71}" = Cisco PEAP Module
"{53F5C3EE-05ED-4830-994B-50B2F0D50FCE}" = Microsoft SQL Server Setup Support Files (English)
"{56B4002F-671C-49F4-984C-C760FE3806B5}" = Microsoft SQL Server VSS Writer
"{57752979-A1C9-4C02-856B-FBB27AC4E02C}" = QuickTime
"{5B025634-7D5B-4B8D-BE2A-7943C1CF2D5D}" = Status
"{5BB4D7C1-52F2-4BFD-9E40-0D419E2E3021}" = bpd_scan
"{5D9B17E4-5C34-45B2-9C95-8B9DB4CF7AF3}" = HP_Network_UserGuide
"{61BEA823-ECAF-49F1-8378-A59B3B8AD247}" = Microsoft Default Manager
"{62230596-37E5-4618-A329-0D21F529A86F}" = Browser Address Error Redirector
"{65D0C510-D7B6-4438-9FC8-E6B91115AB0D}" = Live! Cam Avatar Creator
"{6675CA7F-E51B-4F6A-99D4-F8F0124C6EAA}" = Roxio Express Labeler 3
"{66E6CE0C-5A1E-430C-B40A-0C90FF1804A8}" = eSupportQFolder
"{681B698F-C997-42C3-B184-B489C6CA24C9}" = HPPhotoSmartDiscLabelContent1
"{6956856F-B6B3-4BE0-BA0B-8F495BE32033}" = Apple Software Update
"{6B7B6D4D-8F9B-4CB3-8CA4-BCA9CC4C1A22}" = EDocs
"{6D6664A9-3342-4948-9B7E-034EFE366F0F}" = HTC Driver Installer
"{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable
"{73A4F29F-31AC-4EBD-AA1B-0CC5F18C8F83}" = Roxio Creator Audio
"{76F9CF97-FC4B-4E20-B363-D127C888448F}" = Cisco LEAP Module
"{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
"{7DB9F1E5-9ACB-410D-A7DC-7A3D023CE045}" = Dell Getting Started Guide
"{81128EE8-8EAD-4DB0-85C6-17C2CE50FF71}" = Windows Live Essentials
"{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-115065740}" = Bubbletown
"{84E0D40C-ED8E-48B2-83D2-4C11AB246F4A}" = Sprint SmartView
"{84EBDF39-4B33-49D7-A0BD-EB6E2C4E81C1}" = Windows Live Sync
"{87ACBBBE-B057-40D0-8BCC-EF86546AC5AC}" = Fisher-Price iXL - Disney Princess
"{889DF117-14D1-44EE-9F31-C5FB5D47F68B}" = Yontoo Layers Client 1.10.01
"{89CEAE14-DD0F-448E-9554-15781EC9DB24}" = Product Documentation Launcher
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8C2690CF-5B74-4F93-8139-7B5644CD6A3B}" = MobileMe Control Panel
"{8EE94FD8-5F52-4463-A340-185D16328158}" = WebReg
"{8FF6F5CA-4E30-4E3B-B951-204CAAA2716A}" = SmartWebPrinting
"{90024193-9F13-4877-89D5-A1CDF0CBBF28}" = Feedback Tool
"{9068B2BE-D93A-4C0A-861C-5E35E2C0E09E}" = Intel® Matrix Storage Manager
"{9294F169-72EE-4D74-AE92-CA25F64B4FF8}" = Fax
"{92A51949-EE4C-466D-AAF0-99E74A49A63F}" = DocMgr
"{95120000-003F-0409-0000-0000000FF1CE}" = Microsoft Office Excel Viewer
"{95120000-00AF-0409-0000-0000000FF1CE}" = Microsoft Office PowerPoint Viewer 2007 (English)
"{95120000-00B9-0409-0000-0000000FF1CE}" = Microsoft Application Error Reporting
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{9B362566-EC1B-4700-BB9C-EC661BDE2175}" = DocProc
"{9C6978E8-B6D0-4AB7-A7A0-D81A74FBF745}" = MediaDirect
"{9E384B32-59C8-46EF-BEA6-4DC8F27CDB8E}" = InstallVC90Support
"{9E896F0D-8C9D-4F82-A1A6-C55B7B6F5378}" = Fisher-Price iXL - Toy Story
"{9F72EF8B-AEC9-4CA5-B483-143980AFD6FD}" = Dell Touchpad
"{A462213D-EED4-42C2-9A60-7BDD4D4B0B17}" = SigmaTel Audio
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{AB05F2C8-F608-403b-95E1-FD8ADFACD31E}" = Windows 7 Upgrade Advisor
"{AC35A885-0F8F-4857-B7DA-6E8DFB43E6B3}" = HPSSupply
"{AC76BA86-7AD7-1033-7B44-A94000000001}" = Adobe Reader 9.4.1
"{B0069CFA-5BB9-4C03-B1C6-89CE290E5AFE}" = HP Update
"{B2544A03-10D0-4E5E-BA69-0362FFC20D18}" = OGA Notifier 2.0.0048.0
"{B629CD93-A629-4A9F-8B6E-218E741A316E}" = BPDSoftware_Ini
"{B6A26DE5-F2B5-4D58-9570-4FC760E00FCD}" = Roxio Creator Copy
"{BB3447F6-9553-4AA9-960E-0DB5310C5779}" = GPBaseService2
"{BC5DD87B-0143-4D14-AAE6-97109614DC6B}" = SolutionCenter
"{BD68F46D-8A82-4664-8E68-F87C55BDEFD4}" = Microsoft SQL Server Native Client
"{BD7204BA-DD64-499E-9B55-6A282CDF4FA4}" = Destinations
"{BEFBEDDF-1417-4C8A-92FB-F003C0D41199}" = OpenOffice.org 3.2
"{BF53252E-4AB2-4C7F-A0FD-6100755745E3}" = Cisco EAP-FAST Module
"{CAE7D1D9-3794-4169-B4DD-964ADBC534EE}" = HP Product Detection
"{CD31E63D-47FD-491C-8117-CF201D0AFAB5}" = TrayApp
"{CDDCBBF1-2703-46BC-938B-BCC81A1EEAAA}" = SUPERAntiSpyware
"{CDE9906C-90E0-4374-93CA-B84A24967E38}" = Fisher-Price iXL Computer Software
"{D360FA88-17C8-4F14-B67F-13AAF9607B12}" = MarketResearch
"{D6C75F0B-3BC1-4FC9-B8C5-3F7E8ED059CA}" = Windows Live Photo Gallery
"{D7769185-9A7C-48D4-8874-5388743A1DE2}" = Music, Photos & Videos Launcher
"{D79113E7-274C-470B-BD46-01B10219DF6A}" = HPPhotosmartEssential
"{D7D3E265-119C-4EFD-BB43-BEAF464FC969}" = J4680
"{DCE9C52A-95DD-4075-9FC6-3313FB8748A5}" = BPDSoftware
"{DED53B0B-B67C-4244-AE6A-D6FD3C28D1EF}" = Ad-Aware
"{E3BFEE55-39E2-4BE0-B966-89FE583822C1}" = Dell Support Center (Support Software)
"{E503B4BF-F7BB-3D5F-8BC8-F694B1CFF942}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022.218
"{E646DCF0-5A68-11D5-B229-002078017FBF}" = Digital Line Detect
"{ED00D08A-3C5F-488D-93A0-A04F21F23956}" = Windows Live Communications Platform
"{ED439A64-F018-4DD4-8BA5-328D85AB09AB}" = Roxio Creator DE
"{EE6097DD-05F4-4178-9719-D3170BF098E8}" = Apple Application Support
"{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}" = Microsoft SQL Server 2005 Compact Edition [ENU]
"{F0E12BBA-AD66-4022-A453-A1C8A0C4D570}" = Microsoft Choice Guard
"{F333A33D-125C-32A2-8DCE-5C5D14231E27}" = Visual C++ 2008 x86 Runtime - (v9.0.30729)
"{F333A33D-125C-32A2-8DCE-5C5D14231E27}.vc_x86runtime_30729_01" = Visual C++ 2008 x86 Runtime - v9.0.30729.01
"{F63A3748-B93D-4360-9AD4-B064481A5C7B}" = Modem Diagnostic Tool
"{FA0FF682-CC70-4C57-93CD-E276F3E7537E}" = BufferChm
"{FAE36873-1941-4076-A9A5-48812B5EA0B7}" = iTunes
"{FCAFEEB3-3520-4539-89AF-4B743D2DFAEC}" = HTC Sync
"{FF1C31AE-0CDC-40CE-AB85-406F8B70D643}" = Bonjour
"{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022
"7-Zip" = 7-Zip 9.20
"Ad-Aware" = Ad-Aware
"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX
"Advanced Audio FX Engine" = Advanced Audio FX Engine
"Advanced Video FX Engine" = Advanced Video FX Engine
"Amazon MP3 Downloader" = Amazon MP3 Downloader 1.0.3
"Avira AntiVir Desktop" = Avira AntiVir Personal - Free Antivirus
"Broadcom 802.11b Network Adapter" = Dell Wireless WLAN Card
"CCleaner" = CCleaner
"CNXT_MODEM_HDAUDIO_VEN_14F1&DEV_2C06&SUBSYS_14F1000F" = Conexant HDA D330 MDC V.92 Modem
"Coupon Printer for Windows5.0.0.0" = Coupon Printer for Windows
"Creative OEM002" = Laptop Integrated Webcam Driver (1.04.01.1011)
"Dell Webcam Center" = Dell Webcam Center
"Dell Webcam Manager" = Dell Webcam Manager
"Google Desktop" = Google Desktop
"GoToAssist" = GoToAssist 8.0.0.514
"HDMI" = Intel® Graphics Media Accelerator Driver
"HP Document Manager" = HP Document Manager 2.0
"HP Imaging Device Functions" = HP Imaging Device Functions 14.0
"HP Photosmart Essential" = HP Photosmart Essential 3.5
"HP Smart Web Printing" = HP Smart Web Printing 4.60
"HP Solution Center & Imaging Support Tools" = HP Solution Center 14.0
"HPExtendedCapabilities" = HP Customer Participation Program 14.0
"HPOCR" = OCR Software by I.R.I.S. 14.0
"InstallShield_{87ACBBBE-B057-40D0-8BCC-EF86546AC5AC}" = Fisher-Price iXL - Disney Princess
"InstallShield_{9E896F0D-8C9D-4F82-A1A6-C55B7B6F5378}" = Fisher-Price iXL - Toy Story
"InstallShield_{CDE9906C-90E0-4374-93CA-B84A24967E38}" = Fisher-Price iXL Computer Software
"Jewel Quest III" = Jewel Quest III (remove only)
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"Microsoft SQL Server 2005" = Microsoft SQL Server 2005
"PageRage Toolbar" = PageRage Toolbar
"PokerStars" = PokerStars
"Shop for HP Supplies" = Shop for HP Supplies
"SystemRequirementsLab" = System Requirements Lab
"TVWiz" = Intel® TV Wizard
"WinLiveSuite_Wave3" = Windows Live Essentials
"Yahoo! Companion" = Yahoo! Toolbar

========== HKEY_CURRENT_USER Uninstall List ==========

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"Google Chrome" = Google Chrome
"Yahoo! BrowserPlus" = Yahoo! BrowserPlus 2.9.8

========== Last 10 Event Log Errors ==========

Error reading Event Logs: The Event Service is not operating properly or the Event Logs are corrupt!

< End of report >
Brendax5

Dont count the days, make the days count!

#6 memawbrendax5

memawbrendax5
  • Topic Starter

  • Members
  • 15 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:OHIO
  • Local time:10:52 PM

Posted 28 December 2010 - 05:25 PM

Also, I have not been able to download any windows 7 updates that my system says I need. When I start them it stalls at
0% and I can leave it and the next day it is still at 0%. There are 13 that have been needed since November and they will
not install.
Brendax5

Dont count the days, make the days count!

#7 m0le

m0le

    Can U Dig It?


  • Malware Response Team
  • 34,527 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:London, UK
  • Local time:02:52 AM

Posted 28 December 2010 - 07:24 PM

Please download ATF Cleaner by Atribune. Double-click ATF-Cleaner.exe to run the program.
Under Main "Select Files to Delete" choose: Select All.
Click the Empty Selected button.
If you use Firefox browserClick Firefox at the top and choose: Select All
Click the Empty Selected button.
NOTE: If you would like to keep your saved passwords, please click No at the prompt.
If you use Opera browserClick Opera at the top and choose: Select All
Click the Empty Selected button.
NOTE: If you would like to keep your saved passwords, please click No at the prompt.
Click Exit on the Main menu to close the program.
For Technical Support, double-click the e-mail address located at the bottom of each menu.

NB: If you are using Firefox and this has caused page loading problems then please clear your private data. To do this go
to the Tools menu, select Clear Private Data, and then check Cache. Click Clear Private Data Now.

This could also be Clear Recent History or similar

Then close Firefox and then reopen it.



Please now run Combofix

Please download ComboFix from one of these locations:* IMPORTANT !!! Save ComboFix.exe to your Desktop making sure you rename it comfix.exe
  • Disable your AntiVirus and AntiSpyware applications, usually via a right click on the System Tray icon. They may otherwise interfere with our tools. (Click on this link to see a list of programs that should be disabled. The list is not all inclusive.)
  • Double click on Comfix.exe & follow the prompts.
  • As part of it's process, ComboFix will check to see if the Microsoft Windows Recovery Console is installed. With malware infections being as they are today, it's strongly recommended to have this pre-installed on your machine before doing any malware removal. It will allow you to boot up into a special recovery/repair mode that will allow us to more easily help you should your computer have a problem after an attempted removal of malware.
  • Follow the prompts to allow ComboFix to download and install the Microsoft Windows Recovery Console, and when prompted, agree to the End-User License Agreement to install the Microsoft Windows Recovery Console.
**Please note: If the Microsoft Windows Recovery Console is already installed, ComboFix will continue it's malware removal procedures.

Posted Image


Once the Microsoft Windows Recovery Console is installed using ComboFix, you should see the following message:

Posted Image


Click on Yes, to continue scanning for malware.

When finished, it shall produce a log for you. Please include the C:\ComboFix.txt in your next reply.
Posted Image
m0le is a proud member of UNITE

#8 memawbrendax5

memawbrendax5
  • Topic Starter

  • Members
  • 15 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:OHIO
  • Local time:10:52 PM

Posted 28 December 2010 - 11:21 PM

ok, here is the combofix log:

ComboFix 10-12-28.02 - Brenda 12/28/2010 23:06:29.2.2 - x86
Microsoft Windows 7 Home Premium 6.1.7600.0.1252.1.1033.18.3062.1708 [GMT -5:00]
Running from: c:\users\Brenda\Desktop\ComboFix.exe
AV: AntiVir Desktop *Disabled/Updated* {090F9C29-64CE-6C6F-379C-5901B49A85B7}
AV: Lavasoft Ad-Watch Live! Anti-Virus *Disabled/Updated* {DAAC1C79-1A96-9DFE-FC4C-6940214C33E6}
SP: AntiVir Desktop *Disabled/Updated* {B26E7DCD-42F4-63E1-0D2C-6273CF1DCF0A}
SP: Lavasoft Ad-Watch Live! *Disabled/Updated* {61CDFD9D-3CAC-9270-C6FC-52325ACB795B}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.

((((((((((((((((((((((((( Files Created from 2010-11-28 to 2010-12-29 )))))))))))))))))))))))))))))))
.

2010-12-29 04:12 . 2010-12-29 04:12 -------- d-----w- c:\users\Default\AppData\Local\temp
2010-12-26 04:23 . 2010-07-13 05:22 26504 ----a-w- c:\windows\system32\drivers\Diskdump.sys
2010-12-26 04:23 . 2010-06-29 05:02 1413632 ----a-w- c:\windows\system32\ole32.dll
2010-12-26 04:23 . 2010-06-29 04:57 4247040 ----a-w- c:\program files\Windows NT\Accessories\wordpad.exe
2010-12-26 04:22 . 2010-09-01 04:26 164864 ----a-w- c:\program files\Windows Media Player\wmplayer.exe
2010-12-26 04:22 . 2010-09-01 04:23 12625408 ----a-w- c:\windows\system32\wmploc.DLL
2010-12-26 04:22 . 2010-08-26 04:39 109056 ----a-w- c:\windows\system32\t2embed.dll
2010-12-26 04:22 . 2010-08-31 04:32 954752 ----a-w- c:\windows\system32\mfc40.dll
2010-12-26 04:22 . 2010-08-31 04:32 954288 ----a-w- c:\windows\system32\mfc40u.dll
2010-12-26 04:22 . 2010-08-21 05:36 224256 ----a-w- c:\windows\system32\schannel.dll
2010-12-26 04:22 . 2010-08-21 05:33 530432 ----a-w- c:\windows\system32\comctl32.dll
2010-12-21 05:16 . 2010-12-21 05:16 -------- d-----w- c:\users\Brenda\AppData\Local\Apps
2010-12-21 03:34 . 2010-12-21 03:34 -------- d-----w- c:\users\Brenda\AppData\Roaming\SUPERAntiSpyware.com
2010-12-21 03:34 . 2010-12-21 03:34 -------- d-----w- c:\programdata\SUPERAntiSpyware.com
2010-12-21 03:34 . 2010-12-21 05:44 -------- d-----w- c:\program files\SUPERAntiSpyware
2010-12-18 02:08 . 2010-12-18 02:08 -------- d-----w- c:\program files\7-Zip
2010-12-18 00:51 . 2010-12-18 00:51 -------- d-----w- c:\windows\Sun
2010-12-17 22:55 . 2010-12-17 22:55 -------- d-----w- c:\windows\system32\%LocalAppData%
2010-12-16 04:16 . 2010-12-16 04:16 -------- d-----w- C:\d960baba48f633e78fe6
2010-12-16 04:16 . 2010-12-16 04:16 -------- d-----w- c:\program files\Feedback Tool
2010-12-11 00:54 . 2010-12-11 00:54 -------- d-----w- c:\program files\iPod
2010-12-11 00:54 . 2010-12-11 00:54 -------- d-----w- c:\program files\iTunes
2010-12-11 00:47 . 2010-12-11 00:47 159744 ----a-w- c:\program files\Internet Explorer\Plugins\npqtplugin7.dll
2010-12-11 00:47 . 2010-12-11 00:47 159744 ----a-w- c:\program files\Internet Explorer\Plugins\npqtplugin6.dll
2010-12-11 00:47 . 2010-12-11 00:47 159744 ----a-w- c:\program files\Internet Explorer\Plugins\npqtplugin5.dll
2010-12-11 00:47 . 2010-12-11 00:47 159744 ----a-w- c:\program files\Internet Explorer\Plugins\npqtplugin4.dll
2010-12-11 00:47 . 2010-12-11 00:47 159744 ----a-w- c:\program files\Internet Explorer\Plugins\npqtplugin3.dll
2010-12-11 00:47 . 2010-12-11 00:47 159744 ----a-w- c:\program files\Internet Explorer\Plugins\npqtplugin2.dll
2010-12-11 00:47 . 2010-12-11 00:47 159744 ----a-w- c:\program files\Internet Explorer\Plugins\npqtplugin.dll
2010-12-11 00:47 . 2010-12-11 00:47 -------- d-----w- c:\program files\QuickTime
2010-12-09 01:51 . 2010-11-10 04:33 6273872 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{F823F6AE-2D1F-4B69-BD1D-C3B00B43FFD9}\mpengine.dll
2010-12-03 22:42 . 2010-10-19 08:10 7680 ----a-w- c:\program files\Internet Explorer\iecompat.dll
2010-12-02 03:53 . 2010-12-02 04:17 -------- d-----w- c:\users\Brenda\AppData\Roaming\Teleca
2010-12-02 03:53 . 2010-12-02 03:53 -------- d-----w- c:\users\Brenda\AppData\Local\HTC
2010-12-02 03:53 . 2010-12-02 03:53 -------- d-----w- c:\programdata\HTC
2010-12-02 03:53 . 2010-12-02 03:53 -------- d-----w- c:\program files\Common Files\Teleca Shared
2010-12-02 03:53 . 2010-12-02 03:53 -------- d-----w- c:\programdata\Teleca
2010-12-02 03:52 . 2010-12-02 03:52 -------- d-----w- c:\program files\Spirent Communications
2010-12-02 03:52 . 2010-12-02 03:53 -------- d-----w- c:\program files\HTC
2010-11-29 22:38 . 2010-11-29 22:38 94208 ----a-w- c:\windows\system32\QuickTimeVR.qtx
2010-11-29 22:38 . 2010-11-29 22:38 69632 ----a-w- c:\windows\system32\QuickTime.qts

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-12-23 03:52 . 2010-03-29 22:08 135096 ----a-w- c:\windows\system32\drivers\avipbb.sys
2010-12-17 02:49 . 2009-07-25 20:48 61960 ----a-w- c:\windows\system32\drivers\avgntflt.sys
2010-11-17 00:03 . 2010-11-17 00:03 169320 ----a-w- c:\programdata\Microsoft\Windows\Sqm\Manifest\Sqm10135.bin
2010-11-12 23:53 . 2010-06-11 15:27 472808 ----a-w- c:\windows\system32\deployJava1.dll
2010-11-05 23:46 . 2010-02-23 02:33 98392 ----a-w- c:\windows\system32\drivers\SBREDrv.sys
2010-10-19 15:41 . 2009-10-03 00:47 222080 ------w- c:\windows\system32\MpSigStub.exe
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks]
"{9565115d-c7d6-46d3-bd63-b67b481a4368}"= "c:\program files\PageRage\tbPag1.dll" [2010-08-15 2736736]

[HKEY_CLASSES_ROOT\clsid\{9565115d-c7d6-46d3-bd63-b67b481a4368}]

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{9565115d-c7d6-46d3-bd63-b67b481a4368}]
2010-08-15 13:29 2736736 ----a-w- c:\program files\PageRage\tbPag1.dll

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{FD72061E-9FDE-484D-A58A-0BAB4151CAD8}]
2010-07-22 20:38 194912 ------w- c:\program files\Yontoo Layers Client\YontooIEClient.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
"{9565115d-c7d6-46d3-bd63-b67b481a4368}"= "c:\program files\PageRage\tbPag1.dll" [2010-08-15 2736736]

[HKEY_CLASSES_ROOT\clsid\{9565115d-c7d6-46d3-bd63-b67b481a4368}]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"cdloader"="c:\users\Brenda\AppData\Roaming\mjusbsp\cdloader2.exe" [2009-04-10 50520]
"DellSupportCenter"="c:\program files\Dell Support Center\bin\sprtcmd.exe" [2009-05-21 206064]
"ehTray.exe"="c:\windows\ehome\ehTray.exe" [2009-07-14 144384]
"Google Update"="c:\users\Brenda\AppData\Local\Google\Update\GoogleUpdate.exe" [2010-07-18 136176]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Apoint"="c:\program files\DellTPad\Apoint.exe" [2008-05-04 167936]
"OEM02Mon.exe"="c:\windows\OEM02Mon.exe" [2008-03-04 36864]
"Broadcom Wireless Manager UI"="c:\windows\system32\WLTRAY.exe" [2007-12-08 3444736]
"DELL Webcam Manager"="c:\program files\Dell\Dell Webcam Manager\DellWMgr.exe" [2007-07-27 118784]
"dellsupportcenter"="c:\program files\Dell Support Center\bin\sprtcmd.exe" [2009-05-21 206064]
"dscactivate"="c:\program files\Dell Support Center\gs_agent\custom\dsca.exe" [2008-03-11 16384]
"IAAnotif"="c:\program files\Intel\Intel Matrix Storage Manager\Iaanotif.exe" [2007-03-21 174872]
"PCMService"="c:\program files\Dell\MediaDirect\PCMService.exe" [2007-12-21 184320]
"avgnt"="c:\program files\Avira\AntiVir Desktop\avgnt.exe" [2010-11-20 281768]
"Microsoft Default Manager"="c:\program files\Microsoft\Search Enhancement Pack\Default Manager\DefMgr.exe" [2009-07-17 288080]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2010-05-14 248552]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2009-09-23 141848]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2009-09-23 173592]
"Persistence"="c:\windows\system32\igfxpers.exe" [2009-09-23 150552]
"hpqSRMon"="c:\program files\HP\Digital Imaging\bin\hpqSRMon.exe" [2008-07-22 150528]
"RDVCHG"="c:\program files\Sprint\Sprint SmartView\RDVCHG.exe" [2010-06-08 316736]
"Mobile Connectivity Suite"="c:\program files\HTC\HTC Sync\Application Launcher\Application Launcher.exe" [2009-11-19 598016]
"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2010-11-29 421888]
"AppleSyncNotifier"="c:\program files\Common Files\Apple\Mobile Device Support\AppleSyncNotifier.exe" [2010-10-08 47904]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2010-11-18 421160]
"Google Desktop Search"="c:\program files\Google\Google Desktop Search\GoogleDesktop.exe" [2010-12-16 30192]

c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
Digital Line Detect.lnk - c:\program files\Digital Line Detect\DLG.exe [2008-7-25 50688]
HP Digital Imaging Monitor.lnk - c:\program files\HP\Digital Imaging\bin\hpqtra08.exe [2010-5-28 276328]
QuickSet.lnk - c:\program files\Dell\QuickSet\quickset.exe [2008-2-22 1193240]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 0 (0x0)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableLUA"= 0 (0x0)
"EnableUIADesktopToggle"= 0 (0x0)

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\GoToAssist]
2008-07-25 21:22 10536 ----a-w- c:\program files\Citrix\GoToAssist\514\g2awinlogon.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"AppInit_DLLs"=c:\progra~1\Google\GOOGLE~1\GoogleDesktopNetwork3.dll c:\progra~1\Google\GOOGLE~1\GoogleDesktopNetwork3.dll

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
Security Packages REG_MULTI_SZ kerberos msv1_0 schannel wdigest tspkg pku2u livessp

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Lavasoft Ad-Aware Service]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]
@="Driver"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe ARM]
2010-09-21 03:07 932288 ----a-r- c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher]
2010-09-23 08:47 35760 ----a-w- c:\program files\Adobe\Reader 9.0\Reader\reader_sl.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Google Desktop Search]
2010-12-16 02:32 30192 ----a-w- c:\program files\Google\Google Desktop Search\GoogleDesktop.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper]
2010-11-18 01:59 421160 ----a-w- c:\program files\iTunes\iTunesHelper.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iXL_MiddleWare]
2010-04-28 08:36 52280 ----a-w- c:\program files\Fisher-Price\iXL\iXL.Middleware.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSN Toolbar]
2009-11-18 19:09 240480 ----a-w- c:\program files\MSN Toolbar\Platform\4.0.0360.0\mswinext.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Sprint SmartView]
2010-06-08 22:20 75072 ----a-w- c:\program files\Sprint\Sprint SmartView\SprintSV.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\swg]
2008-07-25 21:12 68856 ----a-w- c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe

R2 gupdate;Google Update Service (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [2010-07-18 136176]
R3 bcm;WiMAX Network Adapter;c:\windows\system32\DRIVERS\drxvi314.sys [2010-02-12 319488]
R3 bcmbusctr;WiMAX Bus Driver;c:\windows\system32\DRIVERS\BcmBusCtr.sys [2010-02-12 51456]
R3 CASprint;Sprint Con App Svc;c:\program files\Sprint\Sprint SmartView\ConAppsSvc.exe [2010-06-08 124224]
R3 cm_net;C-motech USB Network Adapter Drivers;c:\windows\system32\DRIVERS\cm_net.sys [2008-05-29 112640]
R3 cm_ser;C-motech USB Serial Port2 Driver;c:\windows\system32\DRIVERS\cm_ser.sys [2008-05-29 103680]
R3 GoogleDesktopManager-051210-111108;Google Desktop Manager 5.9.1005.12335;c:\program files\Google\Google Desktop Search\GoogleDesktop.exe [2010-12-16 30192]
R3 Lavasoft Kernexplorer;Lavasoft helper driver;c:\program files\Lavasoft\Ad-Aware\KernExplorer.sys [2010-11-05 15264]
R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe [2010-03-03 1343400]
S0 Lbd;Lbd;c:\windows\system32\DRIVERS\Lbd.sys [2010-09-23 64288]
S1 SASDIFSV;SASDIFSV;c:\program files\SUPERAntiSpyware\SASDIFSV.SYS [2010-02-17 12872]
S1 SASKUTIL;SASKUTIL;c:\program files\SUPERAntiSpyware\SASKUTIL.SYS [2010-05-10 67656]
S1 vwififlt;Virtual WiFi Filter Driver;c:\windows\system32\DRIVERS\vwififlt.sys [2009-07-13 48128]
S2 AESTFilters;Andrea ST Filters Service;c:\windows\system32\aestsrv.exe [2007-09-20 73728]
S2 AntiVirSchedulerService;Avira AntiVir Scheduler;c:\program files\Avira\AntiVir Desktop\sched.exe [2010-11-20 135336]
S2 Lavasoft Ad-Aware Service;Lavasoft Ad-Aware Service;c:\program files\Lavasoft\Ad-Aware\AAWService.exe [2010-11-28 1375992]
S2 NvtlService;NovaCore SDK Service;c:\program files\Novatel Wireless\Novacore\Server\NvtlSrvr.exe [2010-01-11 82944]
S3 IntcHdmiAddService;Intel® High Definition Audio HDMI Service;c:\windows\system32\drivers\IntcHdmi.sys [2008-03-06 111616]
S3 vwifimp;Microsoft Virtual WiFi Miniport Service;c:\windows\system32\DRIVERS\vwifimp.sys [2009-07-13 14336]
S3 WSDPrintDevice;WSD Print Support via UMB;c:\windows\system32\DRIVERS\WSDPrint.sys [2009-07-14 17920]
S3 yukonw7;NDIS6.2 Miniport Driver for Marvell Yukon Ethernet Controller;c:\windows\system32\DRIVERS\yk62x86.sys [2009-09-28 315392]


--- Other Services/Drivers In Memory ---

*Deregistered* - BMLoad

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
hpdevmgmt REG_MULTI_SZ hpqcxs08 hpqddsvc
HPZ12 REG_MULTI_SZ Pml Driver HPZ12 Net Driver HPZ12
HPService REG_MULTI_SZ HPSLPSVC
.
Contents of the 'Scheduled Tasks' folder

2010-12-28 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-07-18 01:56]

2010-12-29 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-07-18 01:56]

2010-12-29 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2950377186-3003291801-3831169716-1000Core.job
- c:\users\Brenda\AppData\Local\Google\Update\GoogleUpdate.exe [2010-08-17 01:56]

2010-12-29 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2950377186-3003291801-3831169716-1000UA.job
- c:\users\Brenda\AppData\Local\Google\Update\GoogleUpdate.exe [2010-08-17 01:56]

2010-12-29 c:\windows\Tasks\User_Feed_Synchronization-{752372BA-FF77-418E-87C9-578B12BD1AA6}.job
- c:\windows\system32\msfeedssync.exe [2010-11-09 04:25]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.google.com/
uInternet Settings,ProxyOverride = *.local;<local>
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000
LSP: bmnet.dll
.
.
--------------------- LOCKED REGISTRY KEYS ---------------------

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil10l_ActiveX.exe,-101"

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]
"Enabled"=dword:00000001

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]
@="c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil10l_ActiveX.exe"

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]
@Denied: (A 2) (Everyone)
@="IFlashBroker4"

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0002\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'lsass.exe'(596)
c:\windows\system32\bmnet.dll
.
Completion time: 2010-12-28 23:14:46
ComboFix-quarantined-files.txt 2010-12-29 04:14
ComboFix2.txt 2010-12-20 05:04

Pre-Run: 167,852,007,424 bytes free
Post-Run: 167,797,682,176 bytes free

- - End Of File - - FD6B73C1EC51189EC1C39CEE1E771E33
Brendax5

Dont count the days, make the days count!

#9 memawbrendax5

memawbrendax5
  • Topic Starter

  • Members
  • 15 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:OHIO
  • Local time:10:52 PM

Posted 28 December 2010 - 11:27 PM

Another thing that I just remembered, is that when doing backup, it stalls also and does not finish.
Brendax5

Dont count the days, make the days count!

#10 m0le

m0le

    Can U Dig It?


  • Malware Response Team
  • 34,527 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:London, UK
  • Local time:02:52 AM

Posted 29 December 2010 - 08:00 AM

Please rerun Combofix, as shown below

1. Close any open browsers.

2. Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.

3. Open notepad and copy/paste the text in the box below into it:

RegLock::
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]


Save this as CFScript.txt, in the same location as Comfix.exe (called ComboFix.exe in the below graphic)


Posted Image

Refering to the picture above, drag CFScript into ComboFix.exe

If the program requests for you to update Combofix then click Yes.

When finished, it shall produce a log for you at C:\ComboFix.txt which I will require in your next reply.


Now please run the ESET online scanner

  • Hold down Control and click on the following link to open ESET OnlineScan in a new window.
    ESET OnlineScan
  • Click the Posted Image button.
  • For alternate browsers only: (Microsoft Internet Explorer users can skip these steps)
    • Click on Posted Image to download the ESET Smart Installer. Save it to your desktop.
    • Double click on the Posted Image icon on your desktop.
  • Check Posted Image
  • Click the Posted Image button.
  • Accept any security warnings from your browser.
  • Leave the top box checked and then check Posted Image
  • Push the Start button.
  • ESET will then download updates for itself, install itself, and begin scanning your computer. Please be patient as this can take some time.
  • When the scan completes, push Posted Image
  • Push Posted Image, and save the file to your desktop using a unique name, such as ESETScan. Include the contents of this report in your next reply.
  • Push the Posted Image button.
  • Push Posted Image
NOTE: If no malware is found then no log will be produced. Let me know if this is the case.
Posted Image
m0le is a proud member of UNITE

#11 memawbrendax5

memawbrendax5
  • Topic Starter

  • Members
  • 15 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:OHIO
  • Local time:10:52 PM

Posted 30 December 2010 - 09:09 PM

Hey Mole, I have been trying to run the ESET scanner and when I went to bed last night
it still wasnt done, so I left it at 35% and when I checked it after I came back from
work meeting it was still at 35%. I then got a pop up that stated,

"Caution! Your computer contains a variety of suspicious programs.
Your system requires immediate checking! The system will perform a
fast and free check your PC for malicious program". I went to task manager to stop
the process and when I did, it shut everything down that dealt with the internet.

I started it back up and when I tried to log back on to bleeping computers, I got a
message that stated that bleeping computers was not responding.

I did get ESET scanner started a little while ago and it is still running. I will send
when it gets done.
Brendax5

Dont count the days, make the days count!

#12 m0le

m0le

    Can U Dig It?


  • Malware Response Team
  • 34,527 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:London, UK
  • Local time:02:52 AM

Posted 30 December 2010 - 09:13 PM

The first warning is fake, the second one about Bleeping Computer was real - the site was inaccessible to some people today.

Let me know how the ESET scan goes. If it's taking too long then let me know.
Posted Image
m0le is a proud member of UNITE

#13 memawbrendax5

memawbrendax5
  • Topic Starter

  • Members
  • 15 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:OHIO
  • Local time:10:52 PM

Posted 30 December 2010 - 09:29 PM

Ok, scan just got done and it states no threats were found. Do I check the box to uninstall application on close?
Brendax5

Dont count the days, make the days count!

#14 memawbrendax5

memawbrendax5
  • Topic Starter

  • Members
  • 15 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:OHIO
  • Local time:10:52 PM

Posted 30 December 2010 - 09:43 PM

oh sorry, here is the log from the combofix

ComboFix 10-12-29.02 - Brenda 12/29/2010 22:49:43.3.2 - x86
Microsoft Windows 7 Home Premium 6.1.7600.0.1252.1.1033.18.3062.1847 [GMT -5:00]
Running from: c:\users\Brenda\Desktop\ComboFix.exe
Command switches used :: c:\users\Brenda\Desktop\CFScript.txt
AV: AntiVir Desktop *Disabled/Updated* {090F9C29-64CE-6C6F-379C-5901B49A85B7}
AV: Lavasoft Ad-Watch Live! Anti-Virus *Disabled/Updated* {DAAC1C79-1A96-9DFE-FC4C-6940214C33E6}
SP: AntiVir Desktop *Disabled/Updated* {B26E7DCD-42F4-63E1-0D2C-6273CF1DCF0A}
SP: Lavasoft Ad-Watch Live! *Disabled/Updated* {61CDFD9D-3CAC-9270-C6FC-52325ACB795B}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.

((((((((((((((((((((((((( Files Created from 2010-11-28 to 2010-12-30 )))))))))))))))))))))))))))))))
.

2010-12-30 03:55 . 2010-12-30 03:55 -------- d-----w- c:\users\Default\AppData\Local\temp
2010-12-30 02:59 . 2010-12-30 02:59 -------- d-----w- c:\users\Brenda\AppData\Local\Apple Computer
2010-12-26 04:23 . 2010-07-13 05:22 26504 ----a-w- c:\windows\system32\drivers\Diskdump.sys
2010-12-26 04:23 . 2010-06-29 05:02 1413632 ----a-w- c:\windows\system32\ole32.dll
2010-12-26 04:23 . 2010-06-29 04:57 4247040 ----a-w- c:\program files\Windows NT\Accessories\wordpad.exe
2010-12-26 04:22 . 2010-09-01 04:26 164864 ----a-w- c:\program files\Windows Media Player\wmplayer.exe
2010-12-26 04:22 . 2010-09-01 04:23 12625408 ----a-w- c:\windows\system32\wmploc.DLL
2010-12-26 04:22 . 2010-08-26 04:39 109056 ----a-w- c:\windows\system32\t2embed.dll
2010-12-26 04:22 . 2010-08-31 04:32 954752 ----a-w- c:\windows\system32\mfc40.dll
2010-12-26 04:22 . 2010-08-31 04:32 954288 ----a-w- c:\windows\system32\mfc40u.dll
2010-12-26 04:22 . 2010-08-21 05:36 224256 ----a-w- c:\windows\system32\schannel.dll
2010-12-26 04:22 . 2010-08-21 05:33 530432 ----a-w- c:\windows\system32\comctl32.dll
2010-12-21 05:16 . 2010-12-21 05:16 -------- d-----w- c:\users\Brenda\AppData\Local\Apps
2010-12-18 02:08 . 2010-12-18 02:08 -------- d-----w- c:\program files\7-Zip
2010-12-18 00:51 . 2010-12-18 00:51 -------- d-----w- c:\windows\Sun
2010-12-17 22:55 . 2010-12-17 22:55 -------- d-----w- c:\windows\system32\%LocalAppData%
2010-12-16 04:16 . 2010-12-16 04:16 -------- d-----w- C:\d960baba48f633e78fe6
2010-12-16 04:16 . 2010-12-16 04:16 -------- d-----w- c:\program files\Feedback Tool
2010-12-11 00:54 . 2010-12-11 00:54 -------- d-----w- c:\program files\iPod
2010-12-11 00:54 . 2010-12-11 00:54 -------- d-----w- c:\program files\iTunes
2010-12-11 00:47 . 2010-12-11 00:47 159744 ----a-w- c:\program files\Internet Explorer\Plugins\npqtplugin7.dll
2010-12-11 00:47 . 2010-12-11 00:47 159744 ----a-w- c:\program files\Internet Explorer\Plugins\npqtplugin6.dll
2010-12-11 00:47 . 2010-12-11 00:47 159744 ----a-w- c:\program files\Internet Explorer\Plugins\npqtplugin5.dll
2010-12-11 00:47 . 2010-12-11 00:47 159744 ----a-w- c:\program files\Internet Explorer\Plugins\npqtplugin4.dll
2010-12-11 00:47 . 2010-12-11 00:47 159744 ----a-w- c:\program files\Internet Explorer\Plugins\npqtplugin3.dll
2010-12-11 00:47 . 2010-12-11 00:47 159744 ----a-w- c:\program files\Internet Explorer\Plugins\npqtplugin2.dll
2010-12-11 00:47 . 2010-12-11 00:47 159744 ----a-w- c:\program files\Internet Explorer\Plugins\npqtplugin.dll
2010-12-11 00:47 . 2010-12-11 00:47 -------- d-----w- c:\program files\QuickTime
2010-12-09 01:51 . 2010-11-10 04:33 6273872 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{F823F6AE-2D1F-4B69-BD1D-C3B00B43FFD9}\mpengine.dll
2010-12-03 22:42 . 2010-10-19 08:10 7680 ----a-w- c:\program files\Internet Explorer\iecompat.dll
2010-12-02 03:53 . 2010-12-02 04:17 -------- d-----w- c:\users\Brenda\AppData\Roaming\Teleca
2010-12-02 03:53 . 2010-12-02 03:53 -------- d-----w- c:\users\Brenda\AppData\Local\HTC
2010-12-02 03:53 . 2010-12-02 03:53 -------- d-----w- c:\programdata\HTC
2010-12-02 03:53 . 2010-12-02 03:53 -------- d-----w- c:\program files\Common Files\Teleca Shared
2010-12-02 03:53 . 2010-12-02 03:53 -------- d-----w- c:\programdata\Teleca
2010-12-02 03:52 . 2010-12-02 03:52 -------- d-----w- c:\program files\Spirent Communications
2010-12-02 03:52 . 2010-12-02 03:53 -------- d-----w- c:\program files\HTC

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-12-23 03:52 . 2010-03-29 22:08 135096 ----a-w- c:\windows\system32\drivers\avipbb.sys
2010-12-17 02:49 . 2009-07-25 20:48 61960 ----a-w- c:\windows\system32\drivers\avgntflt.sys
2010-11-29 22:38 . 2010-11-29 22:38 94208 ----a-w- c:\windows\system32\QuickTimeVR.qtx
2010-11-29 22:38 . 2010-11-29 22:38 69632 ----a-w- c:\windows\system32\QuickTime.qts
2010-11-17 00:03 . 2010-11-17 00:03 169320 ----a-w- c:\programdata\Microsoft\Windows\Sqm\Manifest\Sqm10135.bin
2010-11-12 23:53 . 2010-06-11 15:27 472808 ----a-w- c:\windows\system32\deployJava1.dll
2010-11-05 23:46 . 2010-02-23 02:33 98392 ----a-w- c:\windows\system32\drivers\SBREDrv.sys
2010-10-19 15:41 . 2009-10-03 00:47 222080 ------w- c:\windows\system32\MpSigStub.exe
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks]
"{9565115d-c7d6-46d3-bd63-b67b481a4368}"= "c:\program files\PageRage\tbPag1.dll" [2010-08-15 2736736]

[HKEY_CLASSES_ROOT\clsid\{9565115d-c7d6-46d3-bd63-b67b481a4368}]

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{9565115d-c7d6-46d3-bd63-b67b481a4368}]
2010-08-15 13:29 2736736 ----a-w- c:\program files\PageRage\tbPag1.dll

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{FD72061E-9FDE-484D-A58A-0BAB4151CAD8}]
2010-07-22 20:38 194912 ------w- c:\program files\Yontoo Layers Client\YontooIEClient.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
"{9565115d-c7d6-46d3-bd63-b67b481a4368}"= "c:\program files\PageRage\tbPag1.dll" [2010-08-15 2736736]

[HKEY_CLASSES_ROOT\clsid\{9565115d-c7d6-46d3-bd63-b67b481a4368}]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"cdloader"="c:\users\Brenda\AppData\Roaming\mjusbsp\cdloader2.exe" [2009-04-10 50520]
"DellSupportCenter"="c:\program files\Dell Support Center\bin\sprtcmd.exe" [2009-05-21 206064]
"ehTray.exe"="c:\windows\ehome\ehTray.exe" [2009-07-14 144384]
"Google Update"="c:\users\Brenda\AppData\Local\Google\Update\GoogleUpdate.exe" [2010-07-18 136176]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Apoint"="c:\program files\DellTPad\Apoint.exe" [2008-05-04 167936]
"OEM02Mon.exe"="c:\windows\OEM02Mon.exe" [2008-03-04 36864]
"Broadcom Wireless Manager UI"="c:\windows\system32\WLTRAY.exe" [2007-12-08 3444736]
"DELL Webcam Manager"="c:\program files\Dell\Dell Webcam Manager\DellWMgr.exe" [2007-07-27 118784]
"dellsupportcenter"="c:\program files\Dell Support Center\bin\sprtcmd.exe" [2009-05-21 206064]
"dscactivate"="c:\program files\Dell Support Center\gs_agent\custom\dsca.exe" [2008-03-11 16384]
"IAAnotif"="c:\program files\Intel\Intel Matrix Storage Manager\Iaanotif.exe" [2007-03-21 174872]
"PCMService"="c:\program files\Dell\MediaDirect\PCMService.exe" [2007-12-21 184320]
"avgnt"="c:\program files\Avira\AntiVir Desktop\avgnt.exe" [2010-11-20 281768]
"Microsoft Default Manager"="c:\program files\Microsoft\Search Enhancement Pack\Default Manager\DefMgr.exe" [2009-07-17 288080]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2010-05-14 248552]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2009-09-23 141848]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2009-09-23 173592]
"Persistence"="c:\windows\system32\igfxpers.exe" [2009-09-23 150552]
"hpqSRMon"="c:\program files\HP\Digital Imaging\bin\hpqSRMon.exe" [2008-07-22 150528]
"RDVCHG"="c:\program files\Sprint\Sprint SmartView\RDVCHG.exe" [2010-06-08 316736]
"Mobile Connectivity Suite"="c:\program files\HTC\HTC Sync\Application Launcher\Application Launcher.exe" [2009-11-19 598016]
"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2010-11-29 421888]
"AppleSyncNotifier"="c:\program files\Common Files\Apple\Mobile Device Support\AppleSyncNotifier.exe" [2010-10-08 47904]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2010-11-18 421160]
"Google Desktop Search"="c:\program files\Google\Google Desktop Search\GoogleDesktop.exe" [2010-12-16 30192]

c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
Digital Line Detect.lnk - c:\program files\Digital Line Detect\DLG.exe [2008-7-25 50688]
HP Digital Imaging Monitor.lnk - c:\program files\HP\Digital Imaging\bin\hpqtra08.exe [2010-5-28 276328]
QuickSet.lnk - c:\program files\Dell\QuickSet\quickset.exe [2008-2-22 1193240]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 0 (0x0)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableLUA"= 0 (0x0)
"EnableUIADesktopToggle"= 0 (0x0)

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\GoToAssist]
2008-07-25 21:22 10536 ----a-w- c:\program files\Citrix\GoToAssist\514\g2awinlogon.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"AppInit_DLLs"=c:\progra~1\Google\GOOGLE~1\GoogleDesktopNetwork3.dll c:\progra~1\Google\GOOGLE~1\GoogleDesktopNetwork3.dll

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
Security Packages REG_MULTI_SZ kerberos msv1_0 schannel wdigest tspkg pku2u livessp

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Lavasoft Ad-Aware Service]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]
@="Driver"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe ARM]
2010-09-21 03:07 932288 ----a-r- c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher]
2010-09-23 08:47 35760 ----a-w- c:\program files\Adobe\Reader 9.0\Reader\reader_sl.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Google Desktop Search]
2010-12-16 02:32 30192 ----a-w- c:\program files\Google\Google Desktop Search\GoogleDesktop.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper]
2010-11-18 01:59 421160 ----a-w- c:\program files\iTunes\iTunesHelper.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iXL_MiddleWare]
2010-04-28 08:36 52280 ----a-w- c:\program files\Fisher-Price\iXL\iXL.Middleware.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSN Toolbar]
2009-11-18 19:09 240480 ----a-w- c:\program files\MSN Toolbar\Platform\4.0.0360.0\mswinext.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Sprint SmartView]
2010-06-08 22:20 75072 ----a-w- c:\program files\Sprint\Sprint SmartView\SprintSV.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\swg]
2008-07-25 21:12 68856 ----a-w- c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe

R2 gupdate;Google Update Service (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [2010-07-18 136176]
R3 bcm;WiMAX Network Adapter;c:\windows\system32\DRIVERS\drxvi314.sys [2010-02-12 319488]
R3 bcmbusctr;WiMAX Bus Driver;c:\windows\system32\DRIVERS\BcmBusCtr.sys [2010-02-12 51456]
R3 CASprint;Sprint Con App Svc;c:\program files\Sprint\Sprint SmartView\ConAppsSvc.exe [2010-06-08 124224]
R3 cm_net;C-motech USB Network Adapter Drivers;c:\windows\system32\DRIVERS\cm_net.sys [2008-05-29 112640]
R3 cm_ser;C-motech USB Serial Port2 Driver;c:\windows\system32\DRIVERS\cm_ser.sys [2008-05-29 103680]
R3 GoogleDesktopManager-051210-111108;Google Desktop Manager 5.9.1005.12335;c:\program files\Google\Google Desktop Search\GoogleDesktop.exe [2010-12-16 30192]
R3 Lavasoft Kernexplorer;Lavasoft helper driver;c:\program files\Lavasoft\Ad-Aware\KernExplorer.sys [2010-11-05 15264]
R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe [2010-03-03 1343400]
R3 WSDPrintDevice;WSD Print Support via UMB;c:\windows\system32\DRIVERS\WSDPrint.sys [2009-07-14 17920]
S0 Lbd;Lbd;c:\windows\system32\DRIVERS\Lbd.sys [2010-09-23 64288]
S1 vwififlt;Virtual WiFi Filter Driver;c:\windows\system32\DRIVERS\vwififlt.sys [2009-07-13 48128]
S2 AESTFilters;Andrea ST Filters Service;c:\windows\system32\aestsrv.exe [2007-09-20 73728]
S2 AntiVirSchedulerService;Avira AntiVir Scheduler;c:\program files\Avira\AntiVir Desktop\sched.exe [2010-11-20 135336]
S2 Lavasoft Ad-Aware Service;Lavasoft Ad-Aware Service;c:\program files\Lavasoft\Ad-Aware\AAWService.exe [2010-11-28 1375992]
S2 NvtlService;NovaCore SDK Service;c:\program files\Novatel Wireless\Novacore\Server\NvtlSrvr.exe [2010-01-11 82944]
S3 IntcHdmiAddService;Intel® High Definition Audio HDMI Service;c:\windows\system32\drivers\IntcHdmi.sys [2008-03-06 111616]
S3 vwifimp;Microsoft Virtual WiFi Miniport Service;c:\windows\system32\DRIVERS\vwifimp.sys [2009-07-13 14336]
S3 yukonw7;NDIS6.2 Miniport Driver for Marvell Yukon Ethernet Controller;c:\windows\system32\DRIVERS\yk62x86.sys [2009-09-28 315392]


--- Other Services/Drivers In Memory ---

*Deregistered* - BMLoad

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
hpdevmgmt REG_MULTI_SZ hpqcxs08 hpqddsvc
HPZ12 REG_MULTI_SZ Pml Driver HPZ12 Net Driver HPZ12
HPService REG_MULTI_SZ HPSLPSVC
.
Contents of the 'Scheduled Tasks' folder

2010-12-30 c:\windows\Tasks\Ad-Aware Scan (daily).job
- c:\program files\Lavasoft\Ad-Aware\Ad-AwareAdmin.exe [2010-09-23 04:38]

2010-12-30 c:\windows\Tasks\Ad-Aware Update (Weekly).job
- c:\program files\Lavasoft\Ad-Aware\Ad-AwareAdmin.exe [2010-09-23 04:38]

2010-12-30 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-07-18 01:56]

2010-12-30 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-07-18 01:56]

2010-12-29 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2950377186-3003291801-3831169716-1000Core.job
- c:\users\Brenda\AppData\Local\Google\Update\GoogleUpdate.exe [2010-08-17 01:56]

2010-12-30 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2950377186-3003291801-3831169716-1000UA.job
- c:\users\Brenda\AppData\Local\Google\Update\GoogleUpdate.exe [2010-08-17 01:56]

2010-12-30 c:\windows\Tasks\User_Feed_Synchronization-{752372BA-FF77-418E-87C9-578B12BD1AA6}.job
- c:\windows\system32\msfeedssync.exe [2010-11-09 04:25]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.google.com/
uInternet Settings,ProxyOverride = *.local;<local>
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000
LSP: bmnet.dll
.
.
--------------------- LOCKED REGISTRY KEYS ---------------------

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0002\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'lsass.exe'(552)
c:\windows\system32\bmnet.dll
.
Completion time: 2010-12-29 22:57:50
ComboFix-quarantined-files.txt 2010-12-30 03:57
ComboFix2.txt 2010-12-29 04:14
ComboFix3.txt 2010-12-20 05:04

Pre-Run: 167,159,107,584 bytes free
Post-Run: 167,112,794,112 bytes free

- - End Of File - - 6BC9BA0A1475894605F5E0921FBE721A
Brendax5

Dont count the days, make the days count!

#15 m0le

m0le

    Can U Dig It?


  • Malware Response Team
  • 34,527 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:London, UK
  • Local time:02:52 AM

Posted 31 December 2010 - 02:56 PM

AV: AntiVir Desktop *Disabled/Updated* {090F9C29-64CE-6C6F-379C-5901B49A85B7}
AV: Lavasoft Ad-Watch Live! Anti-Virus *Disabled/Updated* {DAAC1C79-1A96-9DFE-FC4C-6940214C33E6}
SP: AntiVir Desktop *Disabled/Updated* {B26E7DCD-42F4-63E1-0D2C-6273CF1DCF0A}
SP: Lavasoft Ad-Watch Live! *Disabled/Updated* {61CDFD9D-3CAC-9270-C6FC-52325ACB795B}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}


Can you disable/remove all but one antivirus and one antispyware program.

Please then run OTL again and post the log to do a final check (let me know if the false message appears again)
Posted Image
m0le is a proud member of UNITE




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users