Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Google Searches Redirected


  • This topic is locked This topic is locked
11 replies to this topic

#1 ArthurEiss

ArthurEiss

  • Members
  • 7 posts
  • OFFLINE
  •  
  • Local time:10:33 PM

Posted 18 December 2010 - 07:52 AM

Greetings,

I have the same problem as the chap here: http://www.bleepingcomputer.com/forums/topic304734.html ... Please help. SysRestore and SmitFraudFix have not worked thus far. Below is my dds.txt, and attached is my attach.txt. I'm also going to re-post with my OTL results, but I cannot follow the other advice as the file c:\program files (x86)\mozilla firefox\plugins\npOGPPlugin.dll does not exist on my system. I assume you will find some comparable file, or not, in my logs.

DDS (Ver_10-12-12.02) - NTFSx86
Run by Eiss at 7:43:34.04 on Sat 12/18/2010
Internet Explorer: 8.0.6001.18975 BrowserJavaVersion: 1.6.0_20
Microsoft® Windows Vista™ Home Basic 6.0.6002.2.1252.1.1033.18.1014.169 [GMT -5:00]

SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

============== Running Processes ===============

C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\svchost.exe -k rpcss
C:\Windows\System32\svchost.exe -k secsvcs
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k GPSvcGroup
C:\Windows\system32\SLsvc.exe
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Program Files\Windows Defender\MSASCui.exe
C:\Program Files\DellTPad\Apoint.exe
C:\Windows\System32\igfxpers.exe
C:\Program Files\Toshiba\Bluetooth Toshiba Stack\ItSecMng.exe
C:\Program Files\CyberLink\PowerDVD DX\PDVDDXSrv.exe
C:\SvcTools\8.0.83.17\bin\lnchr.exe
C:\Windows\vVX3000.exe
C:\Program Files\DivX\DivX Update\DivXUpdate.exe
C:\Program Files\Common Files\Java\Java Update\jusched.exe
C:\Program Files\Windows Media Player\wmpnscfg.exe
C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtMng.exe
C:\Program Files\McAfee Security Scan\2.0.181\SSScheduler.exe
C:\Program Files\DellTPad\ApMsgFwd.exe
C:\Windows\system32\igfxsrvc.exe
C:\Program Files\DellTPad\HidFind.exe
C:\apache\bin\httpd.exe
C:\Program Files\Microsoft LifeCam\MSCamS32.exe
C:\Program Files\MySQL\MySQL Server 5.1\bin\mysqld.exe
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
c:\SvcTools\8.0.83.17\bin\lnchr.exe
C:\apache\bin\httpd.exe
C:\Program Files\DellTPad\Apntex.exe
C:\Windows\system32\svchost.exe -k imgsvc
C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtSrv.exe
C:\Windows\System32\svchost.exe -k WerSvcGroup
C:\Windows\system32\SearchIndexer.exe
C:\Windows\system32\DRIVERS\xaudio.exe
C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosA2dp.exe
C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtHid.exe
C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtHsp.exe
C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosAVRC.exe
C:\Program Files\Toshiba\Bluetooth Toshiba Stack\tosOBEX.exe
C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtProc.exe
C:\Program Files\Yahoo!\Messenger\ymsgr_tray.exe
C:\Windows\system32\SearchProtocolHost.exe
C:\Users\Eiss\Desktop\OTL.exe
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\taskeng.exe
C:\Windows\system32\taskeng.exe
C:\Windows\notepad.exe
C:\Windows\notepad.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Windows\system32\taskeng.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Windows\system32\DllHost.exe
C:\Users\Eiss\Desktop\dds.scr

============== Pseudo HJT Report ===============

uURLSearchHooks: MHURLSearchHook Class: {1c4ab6a5-595f-4e86-b15f-f93cce2bbd48} - c:\program files\family toolbar\tbhelper.dll
BHO: &Yahoo! Toolbar Helper: {02478d38-c3f9-4efb-9b51-7695eca05670} - c:\progra~1\yahoo!\companion\installs\cpn\yt.dll
BHO: MHTBPos00 Class: {0c37b053-fd68-456a-82e1-d788ee342e6f} - c:\program files\family toolbar\tbcore3.dll
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll
BHO: {5C255C8A-E604-49b4-9D64-90988571CECB} - No File
BHO: Search Helper: {6ebf7485-159f-4bff-a14f-b9e3aac4465b} - c:\program files\microsoft\search enhancement pack\search helper\SEPsearchhelperie.dll
BHO: Windows Live Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - c:\program files\common files\microsoft shared\windows live\WindowsLiveLogin.dll
BHO: Java™ Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
BHO: Windows Live Toolbar Helper: {e15a8dc0-8516-42a1-81ea-dc94ec1acf10} - c:\program files\windows live\toolbar\wltcore.dll
BHO: SingleInstance Class: {fdad4da1-61a2-4fd8-9c17-86f7ac245081} - c:\progra~1\yahoo!\companion\installs\cpn\YTSingleInstance.dll
TB: &Windows Live Toolbar: {21fa44ef-376d-4d53-9b0f-8a89d3229068} - c:\program files\windows live\toolbar\wltcore.dll
TB: Yahoo! Toolbar: {ef99bd32-c1fb-11d2-892f-0090271d4f88} - c:\progra~1\yahoo!\companion\installs\cpn\yt.dll
TB: Family Toolbar: {fd2fd708-1f6f-4b68-b141-c5778f0c19bb} - c:\program files\family toolbar\tbcore3.dll
uRun: [Sidebar] c:\program files\windows sidebar\sidebar.exe /autoRun
uRun: [Messenger (Yahoo!)] "c:\progra~1\yahoo!\messenger\YahooMessenger.exe" -quiet
uRun: [Skype] "c:\program files\skype\phone\Skype.exe" /nosplash /minimized
uRun: [ChikkaIM] c:\progra~1\chikka\Chikka.exe
uRun: [msnmsgr] "c:\program files\windows live\messenger\msnmsgr.exe" /background
uRun: [WMPNSCFG] c:\program files\windows media player\WMPNSCFG.exe
uRun: [Yahoo! Pager] "c:\program files\yahoo!\messenger\YahooMessenger.exe" -quiet
mRun: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide
mRun: [Apoint] c:\program files\delltpad\Apoint.exe
mRun: [IgfxTray] c:\windows\system32\igfxtray.exe
mRun: [HotKeysCmds] c:\windows\system32\hkcmd.exe
mRun: [Persistence] c:\windows\system32\igfxpers.exe
mRun: [ITSecMng] %ProgramFiles%\TOSHIBA\Bluetooth Toshiba Stack\ItSecMng.exe /START
mRun: [PDVDDXSrv] "c:\program files\cyberlink\powerdvd dx\PDVDDXSrv.exe"
mRun: [SMA8.0.83.17] "c:\svctools\8.0.83.17\bin\lnchr.exe" --context=user --control-dir="c:\svctools\8.0.83.17\ctrl-user"
mRun: [Microsoft Default Manager] "c:\program files\microsoft\search enhancement pack\default manager\DefMgr.exe" -resume
mRun: [VX3000] c:\windows\vVX3000.exe
mRun: [LifeCam] "c:\program files\microsoft lifecam\LifeExp.exe"
mRun: [DivXUpdate] "c:\program files\divx\divx update\DivXUpdate.exe" /CHECKNOW
mRun: [SunJavaUpdateSched] "c:\program files\common files\java\java update\jusched.exe"
mRun: [Adobe Reader Speed Launcher] "c:\program files\adobe\reader 9.0\reader\Reader_sl.exe"
mRun: [Adobe ARM] "c:\program files\common files\adobe\arm\1.0\AdobeARM.exe"
StartupFolder: c:\users\eiss\appdata\roaming\micros~1\windows\startm~1\programs\startup\openof~1.lnk - c:\program files\openoffice.org 3\program\quickstart.exe
StartupFolder: c:\progra~2\micros~1\windows\startm~1\programs\startup\blueto~1.lnk - c:\program files\toshiba\bluetooth toshiba stack\TosBtMng.exe
StartupFolder: c:\progra~2\micros~1\windows\startm~1\programs\startup\mcafee~1.lnk - c:\program files\mcafee security scan\2.0.181\SSScheduler.exe
StartupFolder: c:\progra~2\micros~1\windows\startm~1\programs\startup\monito~1.lnk - c:\apache\bin\ApacheMonitor.exe
mPolicies-explorer: BindDirectlyToPropertySetStorage = 0 (0x0)
mPolicies-system: EnableLUA = 0 (0x0)
mPolicies-system: EnableUIADesktopToggle = 0 (0x0)
IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - c:\program files\windows live\writer\WriterBrowserExtension.dll
DPF: {67DABFBF-D0AB-41FA-9C46-CC0F21721616} - hxxp://download.divx.com/player/DivXBrowserPlugin.cab
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - c:\progra~1\common~1\skype\SKYPE4~1.DLL
Notify: igfxcui - igfxdev.dll

================= FIREFOX ===================

FF - ProfilePath - c:\users\eiss\appdata\roaming\mozilla\firefox\profiles\07mr9ht7.default\
FF - prefs.js: browser.search.defaulturl - hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT2260173&SearchSource=3&q={searchTerms}
FF - prefs.js: browser.search.selectedEngine - Search
FF - prefs.js: browser.startup.homepage - hxxp://search.myheritage.com/
FF - component: c:\program files\mozilla firefox\extensions\{ab2ce124-6272-4b12-94a9-7303c7397bd1}\components\SkypeFfComponent.dll
FF - component: c:\users\eiss\appdata\roaming\mozilla\firefox\profiles\07mr9ht7.default\extensions\{8bdea9d6-6f62-45eb-8ee9-8a81af0d2f94}\components\FFExternalAlert.dll
FF - component: c:\users\eiss\appdata\roaming\mozilla\firefox\profiles\07mr9ht7.default\extensions\{8bdea9d6-6f62-45eb-8ee9-8a81af0d2f94}\components\RadioWMPCore.dll
FF - plugin: c:\program files\divx\divx plus web player\npdivx32.dll
FF - plugin: c:\program files\google\google earth\plugin\npgeplugin.dll
FF - plugin: c:\program files\google\update\1.2.183.39\npGoogleOneClick8.dll
FF - plugin: c:\program files\mozilla firefox\plugins\npdeployJava1.dll
FF - plugin: c:\program files\windows live\photo gallery\NPWLPG.dll
FF - plugin: c:\users\eiss\appdata\local\yahoo!\browserplus\2.9.8\plugins\npybrowserplus_2.9.8.dll
FF - plugin: c:\users\eiss\appdata\roaming\facebook\npfbplugin_1_0_3.dll

---- FIREFOX POLICIES ----
FF - user.js: yahoo.ytff.general.dontshowhpoffer - true);user_pref(yahoo.homepage.dontask, true
============= SERVICES / DRIVERS ===============

R2 Apache2.2;Apache2.2;c:\apache\bin\httpd.exe [2010-3-4 24645]
R2 SMA8.0.83.17;Software Management Agent 8.0.83.17;c:\svctools\8.0.83.17\bin\lnchr.exe [2009-12-1 532480]
S2 gupdate1cac8812357290;Google Update Service (gupdate1cac8812357290);c:\program files\google\update\GoogleUpdate.exe [2010-3-20 133104]
S3 McComponentHostService;McAfee Security Scan Component Host Service;c:\program files\mcafee security scan\2.0.181\McCHSvc.exe [2010-1-15 227232]

=============== Created Last 30 ================

2010-12-18 12:02:16 35 ----a-w- c:\users\eiss\appdata\roaming\SetValue.bat
2010-12-18 12:02:15 691 ----a-w- c:\users\eiss\appdata\roaming\GetValue.vbs
2010-12-18 11:38:18 4716 ----a-w- c:\windows\system32\tmp.reg
2010-12-16 11:32:22 6273872 ----a-w- c:\progra~2\microsoft\windows defender\definition updates\{bcfcd465-aae6-474b-8d0a-6fb8646a666f}\mpengine.dll
2010-12-14 17:13:01 -------- d-----w- c:\progra~2\pEgDo06511
2010-12-09 11:08:38 -------- d-----w- c:\program files\World of Warcraft
2010-12-09 11:08:38 -------- d-----w- c:\program files\common files\Blizzard Entertainment
2010-12-09 11:00:27 -------- d-----w- c:\progra~2\Blizzard Entertainment

==================== Find3M ====================

2010-10-19 15:41:44 222080 ----a-w- c:\windows\system32\MpSigStub.exe

=================== ROOTKIT ====================

Stealth MBR rootkit/Mebroot/Sinowal/TDL4 detector 0.4.2 by Gmer, http://www.gmer.net
Windows 6.0.6002 Disk: WDC_WD1600BEVT-75ZCT2 rev.11.01A11 -> Harddisk0\DR0 -> \Device\Ide\IdePort0 P0T0L0-0

device: opened successfully
user: MBR read successfully

Disk trace:
called modules: ntkrnlpa.exe CLASSPNP.SYS disk.sys >>UNKNOWN [0x84F2D555]<<
_asm { PUSH EBP; MOV EBP, ESP; PUSH ECX; MOV EAX, [EBP+0x8]; CMP EAX, [0x84f337b0]; MOV EAX, [0x84f3382c]; PUSH EBX; PUSH ESI; MOV ESI, [EBP+0xc]; MOV EBX, [ESI+0x60]; PUSH EDI; JNZ 0x20; MOV [EBP+0x8], EAX; }
1 ntkrnlpa!IofCallDriver[0x81A8E962] -> \Device\Harddisk0\DR0[0x844272F8]
3 CLASSPNP[0x85FA98B3] -> ntkrnlpa!IofCallDriver[0x81A8E962] -> [0x8509D030]
\Driver\atapi[0x84D9A410] -> IRP_MJ_CREATE -> 0x84F2D555
kernel: MBR read successfully
_asm { XOR AX, AX; MOV SS, AX; MOV SP, 0x7c00; MOV ES, AX; MOV DS, AX; MOV SI, 0x7c00; MOV DI, 0x600; MOV CX, 0x200; CLD ; REP MOVSB ; PUSH AX; PUSH 0x61c; RETF ; STI ; PUSHA ; MOV CX, 0x132; MOV BP, 0x62a; ROR BYTE [BP+0x0], CL; INC BP; }
detected disk devices:
\Device\Ide\IdeDeviceP0T0L0-0 -> \??\IDE#DiskWDC_WD1600BEVT-75ZCT2___________________11.01A11#5&205179cd&0&0.0.0#{53f56307-b6bf-11d0-94f2-00a0c91efb8b} device not found
detected hooks:
user != kernel MBR !!!
sectors 312581806 (+255): user != kernel
Warning: possible TDL4 rootkit infection !
TDL4 rootkit infection detected ! Use: "mbr.exe -f" to fix.

============= FINISH: 7:45:17.92 ===============

Attached Files



BC AdBot (Login to Remove)

 


#2 ArthurEiss

ArthurEiss
  • Topic Starter

  • Members
  • 7 posts
  • OFFLINE
  •  
  • Local time:10:33 PM

Posted 18 December 2010 - 07:53 AM

Here are my OTL.exe files:

OTL.TXT

OTL logfile created on: 12/18/2010 07:28:36 - Run 1
OTL by OldTimer - Version 3.2.17.3 Folder = C:\Users\Eiss\Desktop
Windows Vista Home Basic Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18975)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

1,014.00 Mb Total Physical Memory | 437.00 Mb Available Physical Memory | 43.00% Memory free
2.00 Gb Paging File | 1.00 Gb Available in Paging File | 57.00% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 134.36 Gb Total Space | 69.35 Gb Free Space | 51.62% Space Free | Partition Type: NTFS
Drive D: | 14.65 Gb Total Space | 8.61 Gb Free Space | 58.77% Space Free | Partition Type: NTFS

Computer Name: LEVIATHAN | User Name: Eiss | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2010/12/18 07:27:04 | 000,575,488 | ---- | M] (OldTimer Tools) -- C:\Users\Eiss\Desktop\OTL.exe
PRC - [2010/09/16 15:04:06 | 001,164,584 | ---- | M] () -- C:\Program Files\DivX\DivX Update\DivXUpdate.exe
PRC - [2010/05/14 10:00:26 | 000,249,136 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
PRC - [2010/03/04 10:27:50 | 000,024,645 | ---- | M] (Apache Software Foundation) -- C:\apache\bin\httpd.exe
PRC - [2010/03/01 19:37:36 | 000,762,736 | ---- | M] (Microsoft Corporation) -- C:\Windows\vVX3000.exe
PRC - [2010/03/01 19:37:28 | 000,139,632 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Microsoft LifeCam\MSCamS32.exe
PRC - [2010/01/15 07:49:20 | 000,255,536 | ---- | M] (McAfee, Inc.) -- C:\Program Files\McAfee Security Scan\2.0.181\SSScheduler.exe
PRC - [2009/06/25 00:19:10 | 000,532,480 | ---- | M] (Dell Inc.) -- C:\SvcTools\8.0.83.17\bin\lnchr.exe
PRC - [2009/06/25 00:19:10 | 000,532,480 | ---- | M] (Dell Inc.) -- c:\SvcTools\8.0.83.17\bin\lnchr.exe
PRC - [2009/04/11 01:27:36 | 002,926,592 | ---- | M] (Microsoft Corporation) -- C:\Windows\explorer.exe
PRC - [2008/11/09 15:48:14 | 000,602,392 | ---- | M] (Yahoo! Inc.) -- C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe
PRC - [2008/07/09 19:21:54 | 000,040,960 | ---- | M] (Alps Electric Co., Ltd.) -- C:\Program Files\DellTPad\hidfind.exe
PRC - [2008/07/09 19:21:48 | 000,163,840 | ---- | M] (Alps Electric Co., Ltd.) -- C:\Program Files\DellTPad\Apoint.exe
PRC - [2008/07/09 19:21:46 | 000,050,736 | ---- | M] (Alps Electric Co., Ltd.) -- C:\Program Files\DellTPad\ApMsgFwd.exe
PRC - [2008/07/09 19:21:46 | 000,049,152 | ---- | M] (Alps Electric Co., Ltd.) -- C:\Program Files\DellTPad\ApntEx.exe
PRC - [2008/03/14 14:09:56 | 002,938,184 | ---- | M] (TOSHIBA CORPORATION.) -- C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtMng.exe
PRC - [2008/03/07 22:24:30 | 002,577,736 | ---- | M] (TOSHIBA CORPORATION.) -- C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtProc.exe
PRC - [2008/03/07 10:26:36 | 000,316,744 | ---- | M] (TOSHIBA CORPORATION.) -- C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosOBEX.exe
PRC - [2008/02/26 11:57:28 | 000,128,296 | ---- | M] (CyberLink Corp.) -- C:\Program Files\CyberLink\PowerDVD DX\PDVDDXSrv.exe
PRC - [2008/01/22 21:13:08 | 000,288,072 | ---- | M] (TOSHIBA CORPORATION.) -- C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtHSP.exe
PRC - [2008/01/20 21:33:00 | 001,008,184 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Windows Defender\MSASCui.exe
PRC - [2008/01/09 11:38:44 | 000,288,072 | ---- | M] (TOSHIBA CORPORATION.) -- C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosAVRC.exe
PRC - [2007/10/29 15:30:14 | 000,278,528 | ---- | M] (TOSHIBA CORPORATION.) -- C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosA2dp.exe
PRC - [2007/10/04 19:39:42 | 000,077,824 | ---- | M] (TOSHIBA CORPORATION.) -- C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtHid.exe
PRC - [2007/09/28 17:05:16 | 000,128,360 | ---- | M] (TOSHIBA CORPORATION) -- C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtSrv.exe
PRC - [2007/09/28 17:03:46 | 000,075,136 | ---- | M] ( TOSHIBA CORPORATION) -- C:\Program Files\Toshiba\Bluetooth Toshiba Stack\ItSecMng.exe


========== Modules (SafeList) ==========

MOD - [2010/12/18 07:27:04 | 000,575,488 | ---- | M] (OldTimer Tools) -- C:\Users\Eiss\Desktop\OTL.exe
MOD - [2010/08/31 10:43:52 | 001,686,016 | ---- | M] (Microsoft Corporation) -- C:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.6002.18305_none_5cb72f2a088b0ed3\comctl32.dll


========== Win32 Services (SafeList) ==========

SRV - [2010/05/14 10:00:26 | 000,249,136 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe -- (SeaPort)
SRV - [2010/03/04 10:27:50 | 000,024,645 | ---- | M] (Apache Software Foundation) [Auto | Running] -- C:\apache\bin\httpd.exe -- (Apache2.2)
SRV - [2010/03/01 19:37:28 | 000,139,632 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Microsoft LifeCam\MSCamS32.exe -- (MSCamSvc)
SRV - [2010/01/15 07:49:20 | 000,227,232 | ---- | M] (McAfee, Inc.) [On_Demand | Stopped] -- C:\Program Files\McAfee Security Scan\2.0.181\McCHSvc.exe -- (McComponentHostService)
SRV - [2009/06/25 00:19:10 | 000,532,480 | ---- | M] (Dell Inc.) [Auto | Running] -- c:\SvcTools\8.0.83.17\bin\lnchr.exe -- (SMA8.0.83.17)
SRV - [2008/11/09 15:48:14 | 000,602,392 | ---- | M] (Yahoo! Inc.) [Auto | Running] -- C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe -- (YahooAUService)
SRV - [2008/01/20 21:33:00 | 000,272,952 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
SRV - [2007/09/28 17:05:16 | 000,128,360 | ---- | M] (TOSHIBA CORPORATION) [Auto | Running] -- C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtSrv.exe -- (TOSHIBA Bluetooth Service)


========== Driver Services (SafeList) ==========

DRV - File not found [Kernel | On_Demand | Stopped] -- C:\Windows\System32\DRIVERS\nwlnkfwd.sys -- (NwlnkFwd)
DRV - File not found [Kernel | On_Demand | Stopped] -- C:\Windows\System32\DRIVERS\nwlnkflt.sys -- (NwlnkFlt)
DRV - File not found [Kernel | On_Demand | Stopped] -- C:\Windows\System32\DRIVERS\ipinip.sys -- (IpInIp)
DRV - [2010/03/01 19:37:36 | 001,961,328 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\VX3000.sys -- (VX3000)
DRV - [2009/04/10 23:42:54 | 000,073,216 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\USBAUDIO.sys -- (usbaudio) USB Audio Driver (WDM)
DRV - [2008/07/14 12:06:18 | 000,003,712 | ---- | M] (TOSHIBA Corporation.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\toshidpt.sys -- (toshidpt)
DRV - [2008/07/14 12:06:16 | 000,041,856 | ---- | M] (TOSHIBA CORPORATION) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\tosrfusb.sys -- (tosrfusb)
DRV - [2008/07/14 12:06:12 | 000,018,612 | ---- | M] (TOSHIBA Corporation.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\tosrfnds.sys -- (tosrfnds)
DRV - [2008/07/14 12:06:10 | 000,074,112 | ---- | M] (TOSHIBA Corporation.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\Tosrfhid.sys -- (Tosrfhid)
DRV - [2008/07/14 12:06:08 | 000,064,128 | ---- | M] (TOSHIBA Corporation) [Kernel | System | Running] -- C:\Windows\System32\drivers\tosrfcom.sys -- (Tosrfcom)
DRV - [2008/07/14 12:06:06 | 000,036,608 | ---- | M] (TOSHIBA Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\tosrfbnp.sys -- (tosrfbnp)
DRV - [2008/07/14 12:06:04 | 000,131,712 | ---- | M] (TOSHIBA CORPORATION) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\tosrfbd.sys -- (tosrfbd)
DRV - [2008/07/14 12:06:00 | 000,041,472 | ---- | M] (TOSHIBA Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\tosporte.sys -- (tosporte)
DRV - [2008/07/09 19:35:28 | 000,122,368 | ---- | M] (Realtek Corporation ) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\Rtlh86.sys -- (RTL8169)
DRV - [2008/07/09 19:34:52 | 000,912,384 | ---- | M] (Atheros Communications, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\athr.sys -- (athr)
DRV - [2008/07/09 19:29:48 | 000,008,704 | ---- | M] (Conexant Systems, Inc.) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\XAudio.sys -- (XAudio)
DRV - [2008/07/09 19:29:44 | 000,980,992 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\HSX_DPV.sys -- (HSF_DPV)
DRV - [2008/07/09 19:29:44 | 000,661,504 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\HSX_CNXT.sys -- (winachsf)
DRV - [2008/07/09 19:29:42 | 000,208,384 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\HSXHWAZL.sys -- (HSXHWAZL)
DRV - [2008/07/09 19:28:14 | 000,038,400 | ---- | M] (REDC) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\rixdptsk.sys -- (rismxdp)
DRV - [2008/07/09 19:28:08 | 000,046,592 | ---- | M] (REDC) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\rimmptsk.sys -- (rimmptsk)
DRV - [2008/07/09 19:28:04 | 000,043,008 | ---- | M] (REDC) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\rimsptsk.sys -- (rimsptsk)
DRV - [2008/07/09 19:25:58 | 002,354,176 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\igdkmd32.sys -- (igfx)
DRV - [2008/07/09 19:21:46 | 000,164,400 | ---- | M] (Alps Electric Co., Ltd.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\Apfiltr.sys -- (ApfiltrService)
DRV - [2008/07/09 19:18:42 | 000,221,184 | ---- | M] (Conexant Systems Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\CHDRT32.sys -- (CnxtHdAudService)
DRV - [2008/01/20 21:32:53 | 000,149,560 | ---- | M] (Adaptec, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\adpu320.sys -- (adpu320)
DRV - [2008/01/20 21:32:53 | 000,031,288 | ---- | M] (LSI Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\megasas.sys -- (megasas)
DRV - [2008/01/20 21:32:52 | 000,386,616 | ---- | M] (LSI Corporation, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\megasr.sys -- (MegaSR)
DRV - [2008/01/20 21:32:52 | 000,101,432 | ---- | M] (Adaptec, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\adpu160m.sys -- (adpu160m)
DRV - [2008/01/20 21:32:52 | 000,074,808 | ---- | M] (Silicon Integrated Systems) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\sisraid4.sys -- (SiSRaid4)
DRV - [2008/01/20 21:32:52 | 000,040,504 | ---- | M] (Hewlett-Packard Company) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\hpcisss.sys -- (HpCISSs)
DRV - [2008/01/20 21:32:51 | 000,300,600 | ---- | M] (Adaptec, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\adpahci.sys -- (adpahci)
DRV - [2008/01/20 21:32:51 | 000,220,672 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\e1e6032.sys -- (e1express) Intel®
DRV - [2008/01/20 21:32:51 | 000,089,656 | ---- | M] (LSI Logic) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\lsi_sas.sys -- (LSI_SAS)
DRV - [2008/01/20 21:32:50 | 001,122,360 | ---- | M] (QLogic Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\ql2300.sys -- (ql2300)
DRV - [2008/01/20 21:32:50 | 000,118,784 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\E1G60I32.sys -- (E1G60) Intel®
DRV - [2008/01/20 21:32:50 | 000,079,928 | ---- | M] (Adaptec, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\arcsas.sys -- (arcsas)
DRV - [2008/01/20 21:32:49 | 000,235,064 | ---- | M] (Intel Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\iastorv.sys -- (iaStorV)
DRV - [2008/01/20 21:32:49 | 000,130,616 | ---- | M] (VIA Technologies Inc.,Ltd) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\vsmraid.sys -- (vsmraid)
DRV - [2008/01/20 21:32:49 | 000,115,816 | ---- | M] (Promise Technology, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\ulsata2.sys -- (ulsata2)
DRV - [2008/01/20 21:32:49 | 000,096,312 | ---- | M] (LSI Logic) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\lsi_fc.sys -- (LSI_FC)
DRV - [2008/01/20 21:32:49 | 000,079,416 | ---- | M] (Adaptec, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\arc.sys -- (arc)
DRV - [2008/01/20 21:32:48 | 000,342,584 | ---- | M] (Emulex) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\elxstor.sys -- (elxstor)
DRV - [2008/01/20 21:32:48 | 000,096,312 | ---- | M] (LSI Logic) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\lsi_scsi.sys -- (LSI_SCSI)
DRV - [2008/01/20 21:32:47 | 000,102,968 | ---- | M] (NVIDIA Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\nvraid.sys -- (nvraid)
DRV - [2008/01/20 21:32:47 | 000,045,112 | ---- | M] (NVIDIA Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\nvstor.sys -- (nvstor)
DRV - [2008/01/20 21:32:46 | 000,422,968 | ---- | M] (Adaptec, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\adp94xx.sys -- (adp94xx)
DRV - [2008/01/20 21:32:45 | 000,238,648 | ---- | M] (ULi Electronics Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\uliahci.sys -- (uliahci)
DRV - [2008/01/20 21:32:21 | 000,020,024 | ---- | M] (VIA Technologies, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\viaide.sys -- (viaide)
DRV - [2008/01/20 21:32:21 | 000,019,000 | ---- | M] (CMD Technology, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\cmdide.sys -- (cmdide)
DRV - [2008/01/20 21:32:21 | 000,017,464 | ---- | M] (Acer Laboratories Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\aliide.sys -- (aliide)
DRV - [2006/11/02 04:50:35 | 000,106,088 | ---- | M] (QLogic Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\ql40xx.sys -- (ql40xx)
DRV - [2006/11/02 04:50:35 | 000,098,408 | ---- | M] (Promise Technology, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\ulsata.sys -- (UlSata)
DRV - [2006/11/02 04:50:19 | 000,045,160 | ---- | M] (IBM Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\nfrd960.sys -- (nfrd960)
DRV - [2006/11/02 04:50:17 | 000,041,576 | ---- | M] (Intel Corp./ICP vortex GmbH) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\iirsp.sys -- (iirsp)
DRV - [2006/11/02 04:50:11 | 000,071,272 | ---- | M] (Adaptec, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\djsvs.sys -- (aic78xx)
DRV - [2006/11/02 04:50:09 | 000,035,944 | ---- | M] (Integrated Technology Express, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\iteraid.sys -- (iteraid)
DRV - [2006/11/02 04:50:07 | 000,035,944 | ---- | M] (Integrated Technology Express, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\iteatapi.sys -- (iteatapi)
DRV - [2006/11/02 04:50:05 | 000,035,944 | ---- | M] (LSI Logic) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\symc8xx.sys -- (Symc8xx)
DRV - [2006/11/02 04:50:03 | 000,034,920 | ---- | M] (LSI Logic) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\sym_u3.sys -- (Sym_u3)
DRV - [2006/11/02 04:49:59 | 000,033,384 | ---- | M] (LSI Logic Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\mraid35x.sys -- (Mraid35x)
DRV - [2006/11/02 04:49:56 | 000,031,848 | ---- | M] (LSI Logic) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\sym_hi.sys -- (Sym_hi)
DRV - [2006/11/02 03:25:24 | 000,071,808 | ---- | M] (Brother Industries Ltd.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\brserid.sys -- (Brserid) Brother MFC Serial Port Interface Driver (WDM)
DRV - [2006/11/02 03:24:47 | 000,011,904 | ---- | M] (Brother Industries Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\drivers\brusbser.sys -- (BrUsbSer)
DRV - [2006/11/02 03:24:46 | 000,005,248 | ---- | M] (Brother Industries, Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\drivers\brfiltup.sys -- (BrFiltUp)
DRV - [2006/11/02 03:24:45 | 000,013,568 | ---- | M] (Brother Industries, Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\drivers\brfiltlo.sys -- (BrFiltLo)
DRV - [2006/11/02 03:24:44 | 000,062,336 | ---- | M] (Brother Industries Ltd.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\brserwdm.sys -- (BrSerWdm)
DRV - [2006/11/02 03:24:44 | 000,012,160 | ---- | M] (Brother Industries Ltd.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\brusbmdm.sys -- (BrUsbMdm)
DRV - [2006/11/02 02:36:50 | 000,020,608 | ---- | M] (N-trig Innovative Technologies) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\ntrigdigi.sys -- (ntrigdigi)
DRV - [2006/11/02 02:36:43 | 002,028,032 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\atikmdag.sys -- (R300)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========


IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,StartPageCache = 1
IE - HKCU\..\URLSearchHook: {1C4AB6A5-595F-4e86-B15F-F93CCE2BBD48} - C:\Program Files\Family Toolbar\tbhelper.dll ()
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

========== FireFox ==========

FF - prefs.js..browser.search.defaultthis.engineName: "Swag Bucks Customized Web Search"
FF - prefs.js..browser.search.defaulturl: "http://search.conduit.com/ResultsExt.aspx?ctid=CT2260173&SearchSource=3&q={searchTerms}"
FF - prefs.js..browser.search.param.yahoo-fr: "chrf-ytbm"
FF - prefs.js..browser.search.param.yahoo-fr-cjkt: "chrf-ytbm"
FF - prefs.js..browser.search.param.yahoo-type: "${8}"
FF - prefs.js..browser.search.selectedEngine: "Search"
FF - prefs.js..browser.startup.homepage: "http://search.myheritage.com/"


FF - HKLM\software\mozilla\Mozilla Firefox 3.6.12\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2010/11/07 07:07:33 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.6.12\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2010/12/09 12:19:05 | 000,000,000 | ---D | M]

[2010/02/21 15:39:14 | 000,000,000 | ---D | M] -- C:\Users\Eiss\AppData\Roaming\Mozilla\Extensions
[2010/12/14 17:25:36 | 000,000,000 | ---D | M] -- C:\Users\Eiss\AppData\Roaming\Mozilla\Firefox\Profiles\07mr9ht7.default\extensions
[2010/06/24 17:59:16 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Users\Eiss\AppData\Roaming\Mozilla\Firefox\Profiles\07mr9ht7.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}
[2010/08/17 21:50:12 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Eiss\AppData\Roaming\Mozilla\Firefox\Profiles\07mr9ht7.default\extensions\{3112ca9c-de6d-4884-a869-9855de68056c}
[2010/07/09 08:40:16 | 000,000,000 | ---D | M] (Google Toolbar for Firefox) -- C:\Users\Eiss\AppData\Roaming\Mozilla\Firefox\Profiles\07mr9ht7.default\extensions\{3112ca9c-de6d-4884-a869-9855de68056c}(288)
[2010/06/24 17:59:16 | 000,000,000 | ---D | M] (Yahoo! Toolbar) -- C:\Users\Eiss\AppData\Roaming\Mozilla\Firefox\Profiles\07mr9ht7.default\extensions\{635abd67-4fe9-1b23-4f01-e679fa7484c1}
[2010/03/25 16:17:04 | 000,000,000 | ---D | M] (Swag Bucks Toolbar) -- C:\Users\Eiss\AppData\Roaming\Mozilla\Firefox\Profiles\07mr9ht7.default\extensions\{8bdea9d6-6f62-45eb-8ee9-8a81af0d2f94}
[2010/03/15 18:37:19 | 000,000,000 | ---D | M] -- C:\Users\Eiss\AppData\Roaming\Mozilla\Firefox\Profiles\07mr9ht7.default\extensions\browserhighlighter@ebay.com
[2010/06/24 17:59:10 | 000,000,000 | ---D | M] -- C:\Users\Eiss\AppData\Roaming\Mozilla\Firefox\Profiles\07mr9ht7.default\extensions\firebug@software.joehewitt.com
[2010/03/24 15:13:38 | 000,000,923 | ---- | M] () -- C:\Users\Eiss\AppData\Roaming\Mozilla\Firefox\Profiles\07mr9ht7.default\searchplugins\conduit.xml
[2010/12/14 17:25:36 | 000,000,000 | ---D | M] -- C:\Program Files\Mozilla Firefox\extensions
[2010/02/23 22:47:19 | 000,000,000 | ---D | M] (Skype extension for Firefox) -- C:\Program Files\Mozilla Firefox\extensions\{AB2CE124-6272-4b12-94A9-7303C7397BD1}
[2010/10/11 09:56:11 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}
[2010/04/12 16:29:19 | 000,411,368 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\Mozilla Firefox\plugins\npdeployJava1.dll
[2010/11/04 11:55:44 | 000,003,803 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\MyHeritage.xml

O1 HOSTS File: ([2010/12/18 07:02:11 | 000,000,761 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O1 - Hosts: ::1 localhost
O2 - BHO: (&Yahoo! Toolbar Helper) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll (Yahoo! Inc.)
O2 - BHO: (MHTBPos00 Class) - {0C37B053-FD68-456a-82E1-D788EE342E6F} - C:\Program Files\Family Toolbar\tbcore3.dll ()
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - No CLSID value found.
O2 - BHO: (Search Helper) - {6EBF7485-159F-4bff-A14F-B9E3AAC4465B} - C:\Program Files\Microsoft\Search Enhancement Pack\Search Helper\SEPsearchhelperie.dll (Microsoft Corporation)
O2 - BHO: (Windows Live Toolbar Helper) - {E15A8DC0-8516-42A1-81EA-DC94EC1ACF10} - C:\Program Files\Windows Live\Toolbar\wltcore.dll (Microsoft Corporation)
O2 - BHO: (SingleInstance Class) - {FDAD4DA1-61A2-4FD8-9C17-86F7AC245081} - C:\Program Files\Yahoo!\Companion\Installs\cpn\YTSingleInstance.dll (Yahoo! Inc)
O3 - HKLM\..\Toolbar: (&Windows Live Toolbar) - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - C:\Program Files\Windows Live\Toolbar\wltcore.dll (Microsoft Corporation)
O3 - HKLM\..\Toolbar: (Yahoo! Toolbar) - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll (Yahoo! Inc.)
O3 - HKLM\..\Toolbar: (Family Toolbar) - {FD2FD708-1F6F-4B68-B141-C5778F0C19BB} - C:\Program Files\Family Toolbar\tbcore3.dll ()
O3 - HKCU\..\Toolbar\WebBrowser: (&Windows Live Toolbar) - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - C:\Program Files\Windows Live\Toolbar\wltcore.dll (Microsoft Corporation)
O3 - HKCU\..\Toolbar\WebBrowser: (Family Toolbar) - {FD2FD708-1F6F-4B68-B141-C5778F0C19BB} - C:\Program Files\Family Toolbar\tbcore3.dll ()
O4 - HKLM..\Run: [Apoint] C:\Program Files\DellTPad\Apoint.exe (Alps Electric Co., Ltd.)
O4 - HKLM..\Run: [DivXUpdate] C:\Program Files\DivX\DivX Update\DivXUpdate.exe ()
O4 - HKLM..\Run: [ITSecMng] C:\Program Files\TOSHIBA\Bluetooth Toshiba Stack\ItSecMng.exe ( TOSHIBA CORPORATION)
O4 - HKLM..\Run: [LifeCam] C:\Program Files\Microsoft LifeCam\LifeExp.exe (Microsoft Corporation)
O4 - HKLM..\Run: [Microsoft Default Manager] C:\Program Files\Microsoft\Search Enhancement Pack\Default Manager\DefMgr.exe (Microsoft Corporation)
O4 - HKLM..\Run: [PDVDDXSrv] C:\Program Files\CyberLink\PowerDVD DX\PDVDDXSrv.exe (CyberLink Corp.)
O4 - HKLM..\Run: [SMA8.0.83.17] c:\SvcTools\8.0.83.17\bin\lnchr.exe (Dell Inc.)
O4 - HKLM..\Run: [VX3000] C:\Windows\vVX3000.exe (Microsoft Corporation)
O4 - HKLM..\Run: [Windows Defender] C:\Program Files\Windows Defender\MSASCui.exe (Microsoft Corporation)
O4 - HKCU..\Run: [ChikkaIM] C:\Program Files\Chikka\chikka.exe ()
O4 - HKCU..\Run: [Messenger (Yahoo!)] C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe (Yahoo! Inc.)
O4 - HKCU..\Run: [Yahoo! Pager] C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe (Yahoo! Inc.)
O4 - Startup: C:\Users\Eiss\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OpenOffice.org 3.2.lnk = C:\Program Files\OpenOffice.org 3\program\quickstart.exe ()
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLUA = 0
O9 - Extra Button: Blog This - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : &Blog This in Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll (Microsoft Corporation)
O13 - gopher Prefix: missing
O16 - DPF: {67DABFBF-D0AB-41FA-9C46-CC0F21721616} http://download.divx.com/player/DivXBrowserPlugin.cab (DivXBrowserPlugin Object)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab (Java Plug-in 1.6.0_20)
O16 - DPF: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab (Java Plug-in 1.6.0_20)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab (Java Plug-in 1.6.0_20)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 209.18.47.61 209.18.47.62
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O18 - Protocol\Handler\wlmailhtml {03C514A3-1EFB-4856-9F99-10D7BE1653C0} - C:\Program Files\Windows Live\Mail\mailcomm.dll (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20 - Winlogon\Notify\igfxcui: DllName - igfxdev.dll - C:\Windows\System32\igfxdev.dll (Intel Corporation)
O24 - Desktop WallPaper: C:\Users\Eiss\Desktop\photogra[hy\66968_439837271081_659931081_5815704_4361595_n.jpg
O24 - Desktop BackupWallPaper: C:\Users\Eiss\Desktop\photogra[hy\66968_439837271081_659931081_5815704_4361595_n.jpg
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2006/09/18 16:43:36 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

========== Files/Folders - Created Within 30 Days ==========

[2010/12/18 07:26:56 | 000,575,488 | ---- | C] (OldTimer Tools) -- C:\Users\Eiss\Desktop\OTL.exe
[2010/12/18 06:26:41 | 000,000,000 | ---D | C] -- C:\Users\Eiss\Desktop\SmitfraudFix
[2010/12/14 12:13:01 | 000,000,000 | ---D | C] -- C:\ProgramData\pEgDo06511
[2010/12/09 12:18:06 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Adobe
[2010/12/09 06:21:25 | 000,000,000 | ---D | C] -- C:\ProgramData\WindowsSearch
[2010/12/09 06:08:38 | 000,000,000 | ---D | C] -- C:\Program Files\World of Warcraft
[2010/12/09 06:08:38 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Blizzard Entertainment
[2010/12/09 06:00:27 | 000,000,000 | ---D | C] -- C:\ProgramData\Blizzard Entertainment

========== Files - Modified Within 30 Days ==========

[2010/12/18 07:28:00 | 000,000,882 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2010/12/18 07:27:04 | 000,575,488 | ---- | M] (OldTimer Tools) -- C:\Users\Eiss\Desktop\OTL.exe
[2010/12/18 07:09:20 | 000,003,616 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
[2010/12/18 07:09:19 | 000,003,616 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
[2010/12/18 07:05:05 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2010/12/18 07:04:56 | 1063,645,184 | -HS- | M] () -- C:\hiberfil.sys
[2010/12/18 07:02:16 | 000,000,691 | ---- | M] () -- C:\Users\Eiss\AppData\Roaming\GetValue.vbs
[2010/12/18 07:02:16 | 000,000,035 | ---- | M] () -- C:\Users\Eiss\AppData\Roaming\SetValue.bat
[2010/12/18 07:02:15 | 000,004,716 | ---- | M] () -- C:\Windows\System32\tmp.reg
[2010/12/18 06:39:04 | 000,000,886 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2010/12/18 06:01:05 | 000,000,416 | -H-- | M] () -- C:\Windows\tasks\User_Feed_Synchronization-{D81BC0B3-1B89-4CE2-B7A0-892C932762A2}.job
[2010/12/14 06:00:43 | 000,005,972 | ---- | M] () -- C:\Users\Eiss\AppData\Local\d3d9caps.dat
[2010/12/09 12:19:05 | 000,001,889 | ---- | M] () -- C:\Users\Public\Desktop\Adobe Reader 9.lnk
[2010/12/04 11:12:59 | 000,000,472 | -H-- | M] () -- C:\Windows\tasks\Norton Security Scan for Eiss.job
[2010/11/28 09:28:21 | 000,595,684 | ---- | M] () -- C:\Windows\System32\perfh009.dat
[2010/11/28 09:28:21 | 000,101,350 | ---- | M] () -- C:\Windows\System32\perfc009.dat

========== Files Created - No Company Name ==========

[2010/12/18 07:04:56 | 1063,645,184 | -HS- | C] () -- C:\hiberfil.sys
[2010/12/18 07:02:16 | 000,000,035 | ---- | C] () -- C:\Users\Eiss\AppData\Roaming\SetValue.bat
[2010/12/18 07:02:15 | 000,000,691 | ---- | C] () -- C:\Users\Eiss\AppData\Roaming\GetValue.vbs
[2010/12/18 06:38:18 | 000,004,716 | ---- | C] () -- C:\Windows\System32\tmp.reg
[2010/12/09 12:18:13 | 000,001,889 | ---- | C] () -- C:\Users\Public\Desktop\Adobe Reader 9.lnk
[2010/11/04 12:00:58 | 000,000,579 | ---- | C] () -- C:\Windows\MyHeritage.INI
[2010/11/04 11:55:35 | 000,454,656 | ---- | C] () -- C:\Windows\System32\PaintX.dll
[2010/09/15 02:04:45 | 000,000,127 | ---- | C] () -- C:\Windows\System32\MRT.INI
[2010/07/14 20:22:09 | 000,000,120 | ---- | C] () -- C:\Users\Eiss\AppData\Local\Mnapamisunog.dat
[2010/07/14 20:22:09 | 000,000,000 | ---- | C] () -- C:\Users\Eiss\AppData\Local\Rmeveceb.bin
[2010/07/14 20:19:15 | 000,042,715 | -HS- | C] () -- C:\Users\Eiss\AppData\Roaming\8053c48d-4a73-4497-b8a3-7bed64c80b78_44.avi
[2010/06/20 16:47:54 | 000,007,680 | ---- | C] () -- C:\Users\Eiss\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2010/04/06 08:48:19 | 000,005,972 | ---- | C] () -- C:\Users\Eiss\AppData\Local\d3d9caps.dat
[2010/03/22 02:00:57 | 000,000,000 | ---- | C] () -- C:\Windows\tosOBEX.INI
[2010/03/04 17:43:32 | 000,002,384 | ---- | C] () -- C:\Users\Eiss\AppData\Roaming\wklnhst.dat
[2010/03/03 10:16:29 | 000,024,206 | ---- | C] () -- C:\Users\Eiss\AppData\Roaming\UserTile.png
[2010/02/24 08:50:06 | 000,000,952 | -HS- | C] () -- C:\Windows\System32\KGyGaAvL.sys
[2010/02/23 22:14:54 | 000,117,248 | ---- | C] () -- C:\Windows\System32\EhStorAuthn.dll
[2009/12/01 14:44:59 | 000,147,456 | ---- | C] () -- C:\Windows\System32\igfxCoIn_v1472.dll
[2009/08/03 14:07:42 | 000,403,816 | ---- | C] () -- C:\Windows\System32\OGACheckControl.dll
[2009/06/26 17:21:02 | 000,015,498 | ---- | C] () -- C:\Windows\VX3000.ini
[2007/12/21 17:46:32 | 000,118,784 | ---- | C] () -- C:\Windows\System32\TosBtAcc.dll
[2006/11/02 05:25:44 | 000,159,744 | ---- | C] () -- C:\Windows\System32\atitmmxx.dll
[2006/11/02 02:40:29 | 000,013,750 | ---- | C] () -- C:\Windows\System32\pacerprf.ini
[2005/07/22 22:30:18 | 000,065,536 | ---- | C] () -- C:\Windows\System32\TosCommAPI.dll

< End of report >

Extras.Txt

OTL Extras logfile created on: 12/18/2010 07:28:36 - Run 1
OTL by OldTimer - Version 3.2.17.3 Folder = C:\Users\Eiss\Desktop
Windows Vista Home Basic Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18975)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

1,014.00 Mb Total Physical Memory | 437.00 Mb Available Physical Memory | 43.00% Memory free
2.00 Gb Paging File | 1.00 Gb Available in Paging File | 57.00% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 134.36 Gb Total Space | 69.35 Gb Free Space | 51.62% Space Free | Partition Type: NTFS
Drive D: | 14.65 Gb Total Space | 8.61 Gb Free Space | 58.77% Space Free | Partition Type: NTFS

Computer Name: LEVIATHAN | User Name: Eiss | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Extra Registry (SafeList) ==========


========== File Associations ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\System32\control.exe (Microsoft Corporation)
.hlp [@ = hlpfile] -- C:\Windows\winhlp32.exe (Microsoft Corporation)

[HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation)

========== Shell Spawning ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
hlpfile [open] -- %SystemRoot%\winhlp32.exe %1 (Microsoft Corporation)
htmlfile [edit] -- Reg Error: Key error.
htmlfile [print] -- rundll32.exe %windir%\system32\mshtml.dll,PrintHTML "%1"
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l (Microsoft Corporation)
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [AddToPlaylistVLC] -- "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" ()
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [PlayWithVLC] -- "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" ()
Folder [open] -- %SystemRoot%\Explorer.exe /separate,/idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /separate,/e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

========== Security Center Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1
"AntiVirusDisableNotify" = 0x00000000
"FirewallDisableNotify" = 0x00000000
"UpdatesDisableNotify" = 0x00000000

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"oobe_av" = 1
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
"VistaSp1" = Reg Error: Unknown registry data type -- File not found
"VistaSp2" = Reg Error: Unknown registry data type -- File not found

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]

========== Firewall Settings ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 1
"DisableNotifications" = 1
"DoNotAllowExceptions" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"EnableFirewall" = 1
"DisableNotifications" = 1
"DoNotAllowExceptions" = 0

========== Authorized Applications List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]


========== Vista Active Open Ports Exception List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{22293316-C7DE-4B0A-B4BA-9D621D6F8023}" = lport=5191 | protocol=6 | dir=in | name=the browser highlighter xcom |
"{743DD5C6-2F3E-40C8-806F-3139C75173FF}" = lport=3724 | protocol=6 | dir=in | name=blizzard downloader: 3724 |
"{ABC80319-06E2-48DC-868A-CB548B4BD6CA}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=svchost.exe |
"{B5ED1B72-C485-4F41-9692-F66584EC965F}" = lport=2869 | protocol=6 | dir=in | app=system |

========== Vista Active Application Exception List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{0409B1A1-E2DD-4E9B-960C-CD38C7279A24}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{0486960F-99C4-4103-9A72-7C8CAA645C09}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{0753A59D-E15E-4601-B7C7-368D15AE86A0}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{07D247F4-A93C-40C0-B7B1-D60E541767BC}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{0BBFF812-3E81-4C75-A3F0-D298FC71A63F}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{0C154BF3-12DF-47DF-975F-75DCEB98755F}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{0F9A17B2-B133-482D-BE17-092B199CA24C}" = protocol=17 | dir=in | app=c:\program files\microsoft lifecam\lifeenc2.exe |
"{129DE90D-388D-4E6E-976B-32BD8D4E58F7}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{12BC77E5-879A-439C-9FED-8B9A14DCA533}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{12C04C32-1742-4B3A-A915-3F9332317B93}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{14134FC4-4ABE-48D0-9D03-751D499B9395}" = protocol=17 | dir=in | app=c:\program files\world of warcraft\launcher.exe |
"{1451523B-60E9-4367-8FD2-C9983C19BEEE}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{150BFC6D-F9C6-44FD-9E54-F6CF8E3196DC}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{1C475D89-90F2-4B25-8B93-AE8764400060}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{1CAC39B8-8F15-4D76-BF23-73E1CB7D05A5}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{1DA66724-8CBC-44DD-959D-EE903618C3AE}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{1E1D3D03-BBE4-4879-9C56-FECB3565B15F}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{1FD09DC7-D6AC-485E-A47D-A05CECD1FC54}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{21E288EA-847E-40A2-AC9C-4B4EBC6DD117}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{22BE2030-C032-420B-84E4-EFC720485140}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{23833D35-3ADF-488C-A325-1B3FD9751518}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{254ECFF9-79F6-4309-909F-A2EE427FB124}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{25621C4D-FBF4-411A-BCE4-2E79120379A3}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{2604A5AA-0CC3-46D2-A4E1-D586BD23C41D}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{281654ED-A0C1-4B20-B404-796C67EFD00D}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{2916742B-AEED-4FE1-8567-A5BCA43A922A}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{293A1DD8-C0A7-4A89-A2F1-310BA49E5C05}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{2C24EA29-6864-4C52-92CF-C4701B5F30CB}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{2C497166-EB91-4E97-AFA9-61269A674512}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{2FB26B2C-4EEA-41A9-BCB9-49BB4D1AED0B}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{309574E5-B5E5-49B6-B9AF-D0DA87A9E04F}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{31D7AA55-3AF9-48E2-912F-5D2502EC3C81}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{31E5A353-B274-4F7A-8A3C-5F295EFABB3D}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{3568A07C-F6AC-49BD-B991-B49006FCD934}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{3750324B-D884-42D0-A318-49AB8C480762}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{3763609E-D53D-4479-BF50-DDFFC470F770}" = protocol=6 | dir=in | app=c:\program files\skype\plugin manager\skypepm.exe |
"{37E775F1-9D6E-4779-901E-765A64FCBEF3}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{3853BDC2-E33E-4455-B94A-73DD71C249D1}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{394E4907-C42E-48C4-8E96-87A750BAC5A8}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{39DB3479-79D1-4A3B-A77A-E252D74281B4}" = protocol=17 | dir=in | app=c:\program files\world of warcraft\blizzard downloader.exe |
"{3B37B3D0-59F9-48E0-BFEB-D1B9AEC21315}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{3C5AF389-2273-4463-AE00-F53AA2E30750}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{3CF9EB11-5FBE-4811-B266-D8A6FACF542D}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{43BEB248-AD33-4E88-AE4A-1EF203B1F59B}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{44F5EC29-362C-46B5-98E1-16454AE6975F}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{451AAAE4-826E-492F-82D8-60B7D46F715F}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{46701A68-E802-492F-A535-11B0F4818B50}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{4A69F9E0-A0DA-4839-997B-E34FBD640B88}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{4AAF6222-7E17-438D-B214-EFDD6098080C}" = protocol=6 | dir=in | app=c:\program files\skype\plugin manager\skypepm.exe |
"{4B206492-A5F1-4EE1-9845-EFCE605EBAC7}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{4C322144-D54E-4275-989C-CC96D22AE249}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{4E586526-9011-44E4-AB42-9970CBCC86AD}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{4EACA248-EB67-4C8C-B1AC-5442112A5790}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{4F0EA3C7-EB54-4219-8D5D-3BCDD630B22A}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{4FFCD0CA-A4BE-43E2-BB41-044CC5C7FD7E}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{524B2255-5A42-4AB4-9F68-94F5EBC8FA6A}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{52FBFF2B-7A5C-48F1-86D3-377B6574ACDB}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{544FA73B-0D0C-409F-97C5-F43E657E09E5}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{54C76BD2-6EDB-40FF-9C6E-7A3A7E0E8D6C}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{5556FAB5-E2B3-4628-83DE-8326E39151FF}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{55C796C4-314E-49D8-8BE6-BA46D028F2C4}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{573C45B6-AB1D-474E-AD79-4EB88FB38804}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{57905B22-C1DA-426E-8F2B-7D30AC00B311}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{57AEF247-FF3B-4934-93D0-B04A69A21EDC}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{5A65A63A-5693-4C3B-AA9E-44191312DDD1}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{5AE76A31-1E5A-465F-B1EC-FF675105814C}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{5B498B0C-606B-4CC7-854A-1106B778A969}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{5C290C29-898B-475B-8451-C623899A9A7B}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{5C3543F0-9B4F-41BF-9C16-D551909AD968}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{5CF18F9E-5262-4B91-9F42-A95CF74465D4}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{6421DD44-7771-4481-9DB4-F384D2135639}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{6466D6E8-6CB4-4302-8152-B2744EC0B253}" = protocol=6 | dir=in | app=c:\program files\yahoo!\messenger\yahoomessenger.exe |
"{6493036B-D3DB-4436-8C48-92684A370AD1}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{667A0EE7-7133-4232-90F3-946D60F04CBB}" = protocol=6 | dir=in | app=c:\program files\microsoft lifecam\lifecam.exe |
"{68D86E4B-370F-4A2F-9E90-6A44CB4CBBDE}" = dir=in | app=c:\program files\cyberlink\powerdvd dx\powerdvd.exe |
"{6B59384A-A08E-4C2E-A0DF-CCEBB2778DD0}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{6C59F3D8-8917-477A-BA2A-78BF2BF11661}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{6F289F87-888C-482C-86BF-AAB0C475F8F4}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{70625589-DC01-467A-9279-23B84E30E441}" = protocol=6 | dir=in | app=c:\program files\world of warcraft\launcher.patch.exe |
"{728786E3-F86E-4046-9ADD-11E47D638A96}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{748BAB79-8ABC-48FF-B0F1-1B49F2FFA16B}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{763BEA9A-8531-40A6-8CF0-04788B28B7C9}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{780BB4C6-9E3D-4807-8670-774A91EED975}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{78526A8F-61F5-4E0E-889A-038789B5AAE3}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{7AFB4635-C2BB-44F7-B3C2-2A8D564B0F28}" = dir=in | app=c:\program files\windows live\sync\windowslivesync.exe |
"{7B441249-CD7D-4669-A112-9CA147A5C8BA}" = protocol=6 | dir=in | app=c:\program files\microsoft lifecam\lifeenc2.exe |
"{7BE664EC-48AA-4830-A863-EAF62754252C}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{7C5237CF-F352-423A-A295-4DFAAB24E820}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{7F534948-1177-4A77-A740-0AF9DE9E2197}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{828BB213-7D4E-43B3-B2A3-6A023A98FCE9}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{83FDF43A-7861-4BD2-A2A4-1253A1C66796}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{849EB614-3E49-49B0-8F20-AC250A08C943}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{87524602-99B8-4B51-8EB1-0A375E2459B6}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{8763BE81-D50D-4D11-9F80-3C5E001861E4}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{87D34D18-B41B-433C-B6B5-0D2AD4DE4B45}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{87F7ACEE-6BEF-4CAD-975A-07736C508490}" = protocol=17 | dir=in | app=c:\program files\microsoft lifecam\lifeexp.exe |
"{880D2105-2B32-491A-84DA-9FCF9FDEB8BA}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{899EF6D2-7CCD-4300-836A-54E60ED11A71}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{89B51474-D7A5-42CE-A2B8-D4BF77D31CC9}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{8A8909C5-456B-477F-934B-7792C1F61CB9}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{8D47C04D-71CA-468D-AEBF-FC805053F345}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{8DB9708F-DD25-4F8E-940B-4AEA2142C179}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{8E6F5C7F-1755-4981-8BF5-51CAC81CD618}" = protocol=6 | dir=in | app=c:\program files\microsoft lifecam\lifeexp.exe |
"{8F284476-276D-4017-980E-693DCFB60D50}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{9111C93A-4D54-4CCD-A348-BFF0393A9B79}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{918364BC-258A-4923-BC3D-03F7CA7A2A8A}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{92190806-1F88-446C-8EA9-ECA86021E616}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{9560E162-61E6-421F-B04E-4420B721B2CB}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{97183962-E9CC-405F-9398-DC5745C3A540}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{9762AA10-04D0-447A-B062-5ED32F466E6B}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{9783ACCF-48F7-4BA8-900B-254A5A1488CF}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{989F085E-AF9B-47BA-B71D-1E74F91970FA}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{9993DC08-F5B4-4C3C-B546-1B25B52D7CBA}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{9B56C793-C1BF-4002-8058-3AF770AF7C3E}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{9C0CA3DF-F4B5-4C79-BBD5-60AA268C95D6}" = protocol=17 | dir=in | app=c:\program files\skype\plugin manager\skypepm.exe |
"{9D9CD6EA-2EB6-40AA-840E-4E8562EC7D2F}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{9FF717EA-F039-4ECB-AC58-8EB0F3EEB7A6}" = protocol=17 | dir=in | app=c:\program files\world of warcraft\launcher.patch.exe |
"{A3493460-FC5B-40F8-9237-081A94215B2A}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{A3BF4928-E43D-44AA-BAC7-821328722E98}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{A52BF8CA-736D-4543-96E5-9CE40DCF8272}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{A56497DF-48DE-4A9E-AFFD-B073811D3D8D}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{A8FF1080-68CF-4404-84D5-D99096DDD722}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{A91C1346-F780-49EB-8A48-FBE30ECFCEA1}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{AA40FBE6-B865-4592-AE6D-C921D6480D10}" = protocol=17 | dir=in | app=c:\program files\yahoo!\messenger\yahoomessenger.exe |
"{AA8F489B-0DBE-4615-A431-0DC482E575DC}" = dir=in | app=c:\program files\cyberlink\powerdvd dx\pdvddxsrv.exe |
"{AC63CD9E-D55D-47EA-B786-C7A4DC8D6AA5}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{AD4EB943-D3DD-4F5F-B67F-05871FE555D3}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{AE7897B1-DB36-4CEE-A387-E1A6BA8D51CF}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{AF146358-C84D-418D-B7AE-EE3C3169ED70}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{AFA6C39D-6C3A-4CD6-B0CE-B05047E86E88}" = protocol=6 | dir=in | app=c:\program files\tbh\monitor\bin\tbhmonitor.exe |
"{B2783178-E96C-4AE0-BD1B-49CF4F506572}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{B461E2CB-B760-466B-A0CC-D48F0B6A7781}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{B4FF44B9-175F-4C76-8E54-AC8346DFEF8C}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{B53F0934-31F3-4D03-BF36-BB2F849F7597}" = protocol=6 | dir=in | app=c:\program files\world of warcraft\blizzard downloader.exe |
"{B70FF37E-41CD-44F5-BA02-F2948DEDEA8B}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{B79CF3E0-ECC8-4176-BB5C-408830CD4725}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{B7F7F972-C6FD-4C9A-8256-67F5BAAB8070}" = dir=in | app=c:\program files\windows live\messenger\wlcsdk.exe |
"{B8DBFEB5-28E6-4420-BE9F-BE2F50248E94}" = protocol=17 | dir=in | app=c:\program files\microsoft lifecam\lifetray.exe |
"{B8EB3A36-5926-430D-9FFF-177FAB8C43B2}" = protocol=6 | dir=in | app=c:\program files\tbh\base\bin\tbhdaemon.exe |
"{BB9B97AF-6002-47DE-A4D8-85CF70F2AEB8}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{BE28C174-A9B2-4A85-89C9-F7E799AF160E}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{BE388BD2-BA56-45ED-A0CB-53F557DC3A32}" = protocol=6 | dir=in | app=c:\program files\microsoft lifecam\lifetray.exe |
"{BF550C20-594E-43BA-9B77-99735F8891B4}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{C137B0CE-C512-4F23-9BA2-BEE79030960C}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{C258FD68-C9E6-416B-9EFB-FDC7FCA0BD87}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{C3F774D6-7375-40B7-8B98-6490B6A3231C}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{C512111D-B792-4F3B-960B-CC38ADFA859C}" = dir=in | app=c:\program files\skype\plugin manager\skypepm.exe |
"{C790FD07-7570-4E9B-A7B4-BECC2D6F96AF}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{C81710C3-EAEC-40AD-BCAE-11FEC0CC9574}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{C8AEC558-3093-48EB-BAAA-4DB3E695CFBE}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{C9722F96-529C-426D-8E7C-6D2B308E7527}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{CA1CF563-D7AD-447B-96DE-F3D55A0AE59D}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{CB3DD0A3-83BB-4CF1-9DE3-950DA0ACA3C4}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{CD9826C7-4050-419A-B1AA-07E5EF3B1A74}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{CE2EBF50-7B81-4EE9-BEF7-62D25A8141DF}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{CEF1E048-B8A6-48F5-B804-44CB57E34B72}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{CFB635DF-C8F2-4349-B34F-B1DF7CB2556C}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{D1A43B2E-6D21-422D-8203-4A43ED7C3EDA}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{D1DA462A-70F8-43D2-9489-639880C25E80}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{D27B1350-3669-4953-9274-0C0A151E8B7C}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{D2E8AAC9-874C-4E40-810D-B1559E5C342E}" = protocol=6 | dir=in | app=c:\program files\world of warcraft\launcher.exe |
"{D360D0DE-B0BC-4B1A-B071-CCDA9062B19B}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{D376747D-237A-484A-B105-8E2B322FF5FE}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{D41BD0B9-E87C-484E-85F0-D6EBDFDE6411}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{D628991D-51DF-488D-A3F6-4BE762C0C1B5}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{D6AF7FE7-4CEF-42B2-9A4D-5CAB83CDCD50}" = protocol=17 | dir=in | app=c:\program files\tbh\monitor\bin\tbhmonitor.exe |
"{D8FEDFAA-E03B-424A-8083-9B0BF65823C8}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{D9F762D1-CD43-4680-9885-0FDA83E0FE14}" = protocol=17 | dir=in | app=c:\program files\skype\plugin manager\skypepm.exe |
"{DB820310-43CD-4D82-87E0-3FE024B9D177}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{DBE90321-76FB-4A51-AE51-86B3FE04565B}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{DCFF91EA-7DBF-446B-8567-FDDEABF4788D}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{DDE2870F-C85E-4D0F-88ED-807BB82C2177}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{DF88BC93-B930-4B5B-84F9-8BD72C9C04BC}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{E118869D-555D-482E-A9DE-44D1987E9E16}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{E15A44BB-05DD-4611-BC07-459755748D11}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{E59DEDC6-2C82-407A-B9A3-13D14728EBB9}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{E765D06F-1F71-4A79-96A2-960B30911D8D}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{E8B2DF96-DA30-4CD8-8600-3F170DCA360E}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{EA4BB5E1-0E16-4C09-B41B-7B6DC5B214C0}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{EAA10675-3802-4BCA-BE15-E4F5EE310050}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{EBF2C97E-CCD0-4FED-939E-63377E81D967}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{F0CCF252-8D5A-4DB1-AE32-3FA83569B9E2}" = dir=in | app=c:\program files\windows live\messenger\msnmsgr.exe |
"{F18B1DD9-692E-4D00-B893-188A2B00F830}" = protocol=17 | dir=in | app=c:\program files\tbh\base\bin\tbhdaemon.exe |
"{F19D6E48-BD82-4564-86C2-DA7C02A1EAC1}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{F1A0EF71-81AA-4F0E-A690-D6B53F3B8B85}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{F1A2AC57-B892-4DCB-ADA5-1E05EA419CB0}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{F2A63EA5-B880-427D-99AB-A7D3B8526535}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{F2F578FC-3963-4644-9BA8-206478148861}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{F30D7BAE-9559-4037-BCDE-678F0B332E42}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{F6922BB5-23F7-40B3-8480-662A97428032}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{F8F4CFB6-5EFF-4944-B227-23982541DB7C}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{F9123EE9-460E-433D-9C95-A99217F24CF3}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{F9316C01-2D3C-4362-BE1A-126749396669}" = protocol=17 | dir=in | app=c:\program files\microsoft lifecam\lifecam.exe |
"{FA3E2B18-5D7F-4F96-9A24-3873A9F5D953}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{FAFE3F93-6A38-4901-8606-99CDC494641F}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{FBC3D160-E542-4A82-84E3-3857B68ACF53}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"TCP Query User{E2CD2E72-2032-4BAE-A98D-ADB31A9590F5}C:\program files\yahoo!\messenger\yahoomessenger.exe" = protocol=6 | dir=in | app=c:\program files\yahoo!\messenger\yahoomessenger.exe |
"UDP Query User{8068C2C8-41DD-4D9E-BB9B-C714F2C16738}C:\program files\yahoo!\messenger\yahoomessenger.exe" = protocol=17 | dir=in | app=c:\program files\yahoo!\messenger\yahoomessenger.exe |

========== HKEY_LOCAL_MACHINE Uninstall List ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{0394CDC8-FABD-4ED8-B104-03393876DFDF}" = Roxio Creator Tools
"{06E6E30D-B498-442F-A943-07DE41D7F785}" = Microsoft Search Enhancement Pack
"{07159635-9DFE-4105-BFC0-2817DB540C68}" = Roxio Activation Module
"{0D397393-9B50-4C52-84D5-77E344289F87}" = Roxio Creator Data
"{136E7A33-97D9-435C-BFDE-6A1327F2C235}" = MySQL Server 5.1
"{15BC8CD0-A65B-47D0-A2DD-90A824590FA8}" = Microsoft Works
"{171E6C1E-B5FC-11DF-B115-005056C00008}" = Google Earth Plug-in
"{178832DE-9DE0-4C87-9F82-9315A9B03985}" = Windows Live Writer
"{1A15507A-8551-4626-915D-3D5FA095CC1B}" = Corel Paint Shop Pro X
"{1A6D9B5E-9BAB-4141-85BA-2C6552FA7913}" = Dell Backup and Recovery Manager
"{205C6BDD-7B73-42DE-8505-9A093F35A238}" = Windows Live Upload Tool
"{22B775E7-6C42-4FC5-8E10-9A5E3257BD94}" = MSVCRT
"{26A24AE4-039D-4CA4-87B4-2F83216018FF}" = Java™ 6 Update 20
"{30465B6C-B53F-49A1-9EBA-A3F187AD502E}" = Roxio Update Manager
"{3A02BF10-88B9-4D61-9439-A67C9DE7D4BC}" = RS2Bot
"{3B4E636E-9D65-4D67-BA61-189800823F52}" = Windows Live Communications Platform
"{3D5044A5-97B8-45C0-B956-BB2376569188}" = Windows Live Movie Maker
"{45338B07-A236-4270-9A77-EBB4115517B5}" = Windows Live Sign-in Assistant
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{4C3E9904-F9DC-4233-A4EA-251E24E039FC}" = PHP 5.2.13
"{5EE7D259-D137-4438-9A5F-42F432EC0421}" = VC80CRTRedist - 8.0.50727.4053
"{619CDD8A-14B6-43A1-AB6C-0F4EE48CE048}" = Roxio Creator Copy
"{61BEA823-ECAF-49F1-8378-A59B3B8AD247}" = Microsoft Default Manager
"{6412CECE-8172-4BE5-935B-6CECACD2CA87}" = Windows Live Mail
"{6421F085-1FAA-DE13-D02A-CFB412C522A4}" = Acrobat.com
"{6675CA7F-E51B-4F6A-99D4-F8F0124C6EAA}" = Roxio Express Labeler 3
"{6811CAA0-BF12-11D4-9EA1-0050BAE317E1}" = PowerDVD
"{6ADD0603-16EF-400D-9F9E-486432835002}" = OpenOffice.org 3.2
"{81128EE8-8EAD-4DB0-85C6-17C2CE50FF71}" = Windows Live Essentials
"{837b34e3-7c30-493c-8f6a-2b0f04e2912c}" = Microsoft Visual C++ 2005 Redistributable
"{83FFCFC7-88C6-41C6-8752-958A45325C82}" = Roxio Creator Audio
"{84EBDF39-4B33-49D7-A0BD-EB6E2C4E81C1}" = Windows Live Sync
"{85262A06-2D8C-4BC1-B6ED-5A705D09CFFC}" = Apache HTTP Server 2.2.15
"{880AF49C-34F7-4285-A8AD-8F7A3D1C33DC}" = Roxio Creator BDAV Plugin
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8A74E887-8F0F-4017-AF53-CBA42211AAA5}" = Microsoft Sync Framework Runtime Native v1.0 (x86)
"{8D337F77-BE7F-41A2-A7CB-D5A63FD7049B}" = Sonic CinePlayer Decoder Pack
"{90120000-0020-0409-0000-0000000FF1CE}" = Compatibility Pack for the 2007 Office system
"{95120000-00AF-0409-0000-0000000FF1CE}" = Microsoft Office PowerPoint Viewer 2007 (English)
"{95120000-00B9-0409-0000-0000000FF1CE}" = Microsoft Application Error Reporting
"{981029E0-7FC9-4CF3-AB39-6F133621921A}" = Skype Toolbars
"{995F1E2E-F542-4310-8E1D-9926F5A279B3}" = Windows Live Toolbar
"{9F72EF8B-AEC9-4CA5-B483-143980AFD6FD}" = Dell Touchpad
"{A85FD55B-891B-4314-97A5-EA96C0BD80B5}" = Windows Live Messenger
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{AC76BA86-7AD7-1033-7B44-A94000000001}" = Adobe Reader 9.4.1
"{B194272D-1F92-46DF-99EB-8D5CE91CB4EC}" = Adobe AIR
"{B2544A03-10D0-4E5E-BA69-0362FFC20D18}" = OGA Notifier 2.0.0048.0
"{B3BC9DB1-0B0A-48B0-B86B-EA77CAA7F800}" = Microsoft Corporation
"{BD64AF4A-8C80-4152-AD77-FCDDF05208AB}" = Microsoft Sync Framework Services Native v1.0 (x86)
"{C8B0680B-CDAE-4809-9F91-387B6DE00F7C}" = Roxio Creator DE
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{CEBB6BFB-D708-4F99-A633-BC2600E01EF6}" = Bluetooth Stack for Windows by Toshiba
"{D103C4BA-F905-437A-8049-DB24763BBE36}" = Skype™ 4.2
"{D6C75F0B-3BC1-4FC9-B8C5-3F7E8ED059CA}" = Windows Live Photo Gallery
"{DCF60B7D-5830-4AF6-998F-1CD79E1A4BF6}" = Microsoft LifeCam
"{E2DFE069-083E-4631-9B6C-43C48E991DE5}" = Junk Mail filter update
"{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}" = Microsoft SQL Server 2005 Compact Edition [ENU]
"{F0E12BBA-AD66-4022-A453-A1C8A0C4D570}" = Microsoft Choice Guard
"{F6BD194C-4190-4D73-B1B1-C48C99921BFE}" = Windows Live Call
"Adobe AIR" = Adobe AIR
"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin
"Chikka TXT Messenger (3.0.45) " = Chikka TXT Messenger (3.0.45)
"CNXT_AUDIO_HDA" = Conexant HD Audio
"CNXT_MODEM_HDA_HSF" = HDAUDIO Soft Data Fax Modem with SmartCP
"com.adobe.mauby.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1" = Acrobat.com
"Core FTP LE 2.1" = Core FTP LE 2.1
"Dell ServicesReady" = Dell ServicesReady
"DivX Setup.divx.com" = DivX Setup
"Family Tree Builder" = MyHeritage Family Tree Builder
"Google Chrome" = Google Chrome
"McAfee Security Scan" = McAfee Security Scan Plus
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"Mozilla Firefox (3.6.12)" = Mozilla Firefox (3.6.12)
"nbi-nb-base-6.8.0.0.0" = NetBeans IDE 6.8
"NSS" = Norton Security Scan
"VLC media player" = VLC media player 1.0.5
"WinLiveSuite_Wave3" = Windows Live Essentials
"World of Warcraft" = World of Warcraft
"Yahoo! Companion" = Yahoo! Toolbar
"Yahoo! Messenger" = Yahoo! Messenger
"Yahoo! Software Update" = Yahoo! Software Update

========== HKEY_CURRENT_USER Uninstall List ==========

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"Facebook Plug-In" = Facebook Plug-In
"Yahoo! BrowserPlus" = Yahoo! BrowserPlus 2.9.8

========== Last 10 Event Log Errors ==========

[ Application Events ]
Error - 7/23/2010 22:07:58 | Computer Name = Leviathan | Source = SPP | ID = 16387
Description =

Error - 7/23/2010 22:07:58 | Computer Name = Leviathan | Source = System Restore | ID = 8193
Description =

Error - 7/23/2010 22:07:58 | Computer Name = Leviathan | Source = System Restore | ID = 8210
Description =

Error - 7/24/2010 00:00:26 | Computer Name = Leviathan | Source = SPP | ID = 16387
Description =

Error - 7/24/2010 00:00:26 | Computer Name = Leviathan | Source = System Restore | ID = 8193
Description =

Error - 7/24/2010 00:00:26 | Computer Name = Leviathan | Source = System Restore | ID = 8210
Description =

Error - 7/24/2010 01:08:52 | Computer Name = Leviathan | Source = Application Error | ID = 1000
Description = Faulting application DivXUpdate.exe, version 1.0.1.10, time stamp
0x4c06fc6d, faulting module MSVCP80.dll, version 8.0.50727.4053, time stamp 0x4a594cd0,
exception code 0xc0000005, fault offset 0x000100b5, process id 0x130, application
start time 0x01cb2a0cabf9bf47.

Error - 7/24/2010 01:52:07 | Computer Name = Leviathan | Source = Application Error | ID = 1000
Description = Faulting application svchost.exe, version 6.0.6001.18000, time stamp
0x47918b89, faulting module ntdll.dll, version 6.0.6002.18005, time stamp 0x49e03821,
exception code 0xc000071b, fault offset 0x000888f5, process id 0x1534, application
start time 0x01cb2ad0b6c754c1.

Error - 7/24/2010 01:55:37 | Computer Name = Leviathan | Source = WinMgmt | ID = 10
Description =

[ System Events ]
Error - 5/13/2010 17:28:22 | Computer Name = Leviathan | Source = DCOM | ID = 10010
Description =

Error - 5/13/2010 17:29:47 | Computer Name = Leviathan | Source = Microsoft-Windows-WLAN-AutoConfig | ID = 10000
Description =

Error - 5/13/2010 17:31:10 | Computer Name = Leviathan | Source = Service Control Manager | ID = 7000
Description =

Error - 5/13/2010 17:31:35 | Computer Name = Leviathan | Source = Service Control Manager | ID = 7022
Description =

Error - 5/16/2010 09:10:58 | Computer Name = Leviathan | Source = Server | ID = 2505
Description = The server could not bind to the transport \Device\NetBT_Tcpip_{40E6A557-DF3C-459F-AADC-5C6625EF5E25}
because another computer on the network has the same name. The server could not
start.

Error - 5/16/2010 20:03:45 | Computer Name = Leviathan | Source = Service Control Manager | ID = 7011
Description =

Error - 5/17/2010 21:16:56 | Computer Name = Leviathan | Source = EventLog | ID = 6008
Description = The previous system shutdown at 9:00:11 PM on 5/17/2010 was unexpected.

Error - 5/17/2010 21:16:58 | Computer Name = Leviathan | Source = Microsoft-Windows-WLAN-AutoConfig | ID = 10000
Description =

Error - 5/17/2010 21:18:45 | Computer Name = Leviathan | Source = Service Control Manager | ID = 7000
Description =

Error - 5/17/2010 21:19:34 | Computer Name = Leviathan | Source = Service Control Manager | ID = 7022
Description =


< End of report >

#3 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:11:33 PM

Posted 28 December 2010 - 07:38 AM

Hello and Welcome to the forums!

My name is Gringo and I'll be glad to help you with your computer problems.

Somethings to remember while we are working together.

  • Do not run any other tool untill instructed to do so!
  • Please Do not Attach logs or put in code boxes.
  • Tell me about any problems that have occurred during the fix.
  • Tell me of any other symptoms you may be having as these can help also.
  • Do not run anything while running a fix.


We apologize for the delay in responding to your request for help. Here at Bleeping Computer we get overwhelmed at times, and we are trying our best to keep up. Please note that your topic was not intentionally overlooked. Our mission is to help everyone in need, but sometimes it takes just a little longer to get to every request for help. No one is ignored here.

Click on the Watch Topic Button and select Immediate Notification and click on proceed, this will help you to get notified faster when I have replied and make the cleaning process faster.


In order for me to see the status of the infection I will need a new set of logs to start with.

Please print out or make a copy in notpad of any instructions given, as sometimes it is necessary to go offline and you will lose access to them.

DeFogger:

  • Please download DeFogger to your desktop.

    Double click DeFogger to run the tool.
  • The application window will appear
  • Click the Disable button to disable your CD Emulation drivers
  • Click Yes to continue
  • A 'Finished!' message will appear
  • Click OK
  • DeFogger may ask you to reboot the machine, if it does - click OK
Do not re-enable these drivers until otherwise instructed.

Download DDS:

  • Please download DDS by sUBs from one of the links below and save it to your desktop:

    Posted Image
    Download DDS and save it to your desktop

    Link1
    Link2
    Link3

    Please disable any anti-malware program that will block scripts from running before running DDS.

    • Double-Click on dds.scr and a command window will appear. This is normal.
    • Shortly after two logs will appear:
    • DDS.txt
    • Attach.txt
  • A window will open instructing you save & post the logs
  • Save the logs to a convenient place such as your desktop
  • Copy the contents of both logs & post in your next reply





Scan With RKUnHooker

  • Please Download Rootkit Unhooker Save it to your desktop.
  • Now double-click on RKUnhookerLE.exe to run it.
  • Click the Report tab, then click Scan.
  • Check (Tick) Drivers, Stealth,. Uncheck the rest. then Click OK.
  • Wait till the scanner has finished and then click File, Save Report.
  • Save the report somewhere where you can find it. Click Close.
Copy the entire contents of the report and paste it in a reply here.

Note** you may get this warning it is ok, just ignore

"Rootkit Unhooker has detected a parasite inside itself!
It is recommended to remove parasite, okay?"


"just click on Cancel, then Accept".


information and logs:

  • In your next post I need the following

  • .logs from DDS
  • log from RKUnHooker
  • let me know of any problems you may have had

Gringo

I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#4 ArthurEiss

ArthurEiss
  • Topic Starter

  • Members
  • 7 posts
  • OFFLINE
  •  
  • Local time:10:33 PM

Posted 29 December 2010 - 07:00 AM

Thanks for getting back to me.

New symptoms:
- Host process for windows crashes sporadically.
- System reboots randomly from windows without prompt or warning. Screen just goes blank in the middle of browsing or whatever, and the power clicks off then on.

LOGS:



DDS (Ver_10-12-12.02) - NTFSx86
Run by Eiss at 6:48:54.22 on Wed 12/29/2010
Internet Explorer: 8.0.6001.18975 BrowserJavaVersion: 1.6.0_20
Microsoft® Windows Vista™ Home Basic 6.0.6002.2.1252.1.1033.18.1014.223 [GMT -5:00]

SP: Windows Defender *Enabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

============== Running Processes ===============

C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\svchost.exe -k rpcss
C:\Windows\System32\svchost.exe -k secsvcs
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k GPSvcGroup
C:\Windows\system32\SLsvc.exe
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\apache\bin\httpd.exe
C:\Program Files\Microsoft LifeCam\MSCamS32.exe
C:\Program Files\MySQL\MySQL Server 5.1\bin\mysqld.exe
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
c:\SvcTools\8.0.83.17\bin\lnchr.exe
C:\apache\bin\httpd.exe
C:\Windows\system32\svchost.exe -k imgsvc
C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtSrv.exe
C:\Windows\System32\svchost.exe -k WerSvcGroup
C:\Windows\system32\SearchIndexer.exe
C:\Windows\system32\DRIVERS\xaudio.exe
C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe
C:\Windows\system32\taskeng.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Windows\system32\taskeng.exe
C:\Program Files\Google\Update\1.2.183.39\GoogleCrashHandler.exe
C:\Program Files\Windows Defender\MSASCui.exe
C:\Program Files\DellTPad\Apoint.exe
C:\Windows\System32\igfxpers.exe
C:\Program Files\CyberLink\PowerDVD DX\PDVDDXSrv.exe
C:\SvcTools\8.0.83.17\bin\lnchr.exe
C:\Windows\vVX3000.exe
C:\Program Files\Common Files\Java\Java Update\jusched.exe
C:\Program Files\DivX\DivX Update\DivXUpdate.exe
C:\Program Files\DivX\DivX Plus Web Player\DDMService.exe
C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtMng.exe
C:\Program Files\McAfee Security Scan\2.0.181\SSScheduler.exe
C:\Program Files\Windows Media Player\wmpnscfg.exe
C:\Windows\system32\igfxsrvc.exe
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\Windows\system32\SearchProtocolHost.exe
C:\Program Files\DellTPad\ApMsgFwd.exe
C:\Program Files\DellTPad\HidFind.exe
C:\Program Files\DellTPad\Apntex.exe
C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosA2dp.exe
C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtHid.exe
C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtHsp.exe
C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosAVRC.exe
C:\Program Files\Toshiba\Bluetooth Toshiba Stack\tosOBEX.exe
C:\Program Files\Yahoo!\Messenger\ymsgr_tray.exe
C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtProc.exe
C:\Program Files\Google\Chrome\Application\chrome.exe
C:\Program Files\Google\Chrome\Application\chrome.exe
C:\Program Files\Google\Chrome\Application\chrome.exe
C:\Program Files\Google\Chrome\Application\chrome.exe
C:\Program Files\Google\Chrome\Application\chrome.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Users\Eiss\Desktop\dds.scr
C:\Windows\system32\wbem\wmiprvse.exe

============== Pseudo HJT Report ===============

uStart Page = hxxp://www.google.com/
uURLSearchHooks: MHURLSearchHook Class: {1c4ab6a5-595f-4e86-b15f-f93cce2bbd48} - c:\program files\family toolbar\tbhelper.dll
BHO: &Yahoo! Toolbar Helper: {02478d38-c3f9-4efb-9b51-7695eca05670} - c:\progra~1\yahoo!\companion\installs\cpn\yt.dll
BHO: MHTBPos00 Class: {0c37b053-fd68-456a-82e1-d788ee342e6f} - c:\program files\family toolbar\tbcore3.dll
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll
BHO: DivX Plus Web Player HTML5 <video>: {326e768d-4182-46fd-9c16-1449a49795f4} - c:\program files\divx\divx plus web player\npdivx32.dll
BHO: DivX HiQ: {593ddec6-7468-4cdd-90e1-42dadaa222e9} - c:\program files\divx\divx plus web player\npdivx32.dll
BHO: {5C255C8A-E604-49b4-9D64-90988571CECB} - No File
BHO: Search Helper: {6ebf7485-159f-4bff-a14f-b9e3aac4465b} - c:\program files\microsoft\search enhancement pack\search helper\SEPsearchhelperie.dll
BHO: Windows Live Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - c:\program files\common files\microsoft shared\windows live\WindowsLiveLogin.dll
BHO: Java™ Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
BHO: Windows Live Toolbar Helper: {e15a8dc0-8516-42a1-81ea-dc94ec1acf10} - c:\program files\windows live\toolbar\wltcore.dll
BHO: SingleInstance Class: {fdad4da1-61a2-4fd8-9c17-86f7ac245081} - c:\progra~1\yahoo!\companion\installs\cpn\YTSingleInstance.dll
TB: &Windows Live Toolbar: {21fa44ef-376d-4d53-9b0f-8a89d3229068} - c:\program files\windows live\toolbar\wltcore.dll
TB: Yahoo! Toolbar: {ef99bd32-c1fb-11d2-892f-0090271d4f88} - c:\progra~1\yahoo!\companion\installs\cpn\yt.dll
TB: Family Toolbar: {fd2fd708-1f6f-4b68-b141-c5778f0c19bb} - c:\program files\family toolbar\tbcore3.dll
uRun: [Sidebar] c:\program files\windows sidebar\sidebar.exe /autoRun
uRun: [Messenger (Yahoo!)] "c:\progra~1\yahoo!\messenger\YahooMessenger.exe" -quiet
uRun: [Skype] "c:\program files\skype\phone\Skype.exe" /nosplash /minimized
uRun: [ChikkaIM] c:\progra~1\chikka\Chikka.exe
uRun: [msnmsgr] "c:\program files\windows live\messenger\msnmsgr.exe" /background
uRun: [WMPNSCFG] c:\program files\windows media player\WMPNSCFG.exe
uRun: [Yahoo! Pager] "c:\program files\yahoo!\messenger\YahooMessenger.exe" -quiet
mRun: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide
mRun: [Apoint] c:\program files\delltpad\Apoint.exe
mRun: [IgfxTray] c:\windows\system32\igfxtray.exe
mRun: [HotKeysCmds] c:\windows\system32\hkcmd.exe
mRun: [Persistence] c:\windows\system32\igfxpers.exe
mRun: [ITSecMng] %ProgramFiles%\TOSHIBA\Bluetooth Toshiba Stack\ItSecMng.exe /START
mRun: [PDVDDXSrv] "c:\program files\cyberlink\powerdvd dx\PDVDDXSrv.exe"
mRun: [SMA8.0.83.17] "c:\svctools\8.0.83.17\bin\lnchr.exe" --context=user --control-dir="c:\svctools\8.0.83.17\ctrl-user"
mRun: [Microsoft Default Manager] "c:\program files\microsoft\search enhancement pack\default manager\DefMgr.exe" -resume
mRun: [VX3000] c:\windows\vVX3000.exe
mRun: [LifeCam] "c:\program files\microsoft lifecam\LifeExp.exe"
mRun: [SunJavaUpdateSched] "c:\program files\common files\java\java update\jusched.exe"
mRun: [Adobe Reader Speed Launcher] "c:\program files\adobe\reader 9.0\reader\Reader_sl.exe"
mRun: [Adobe ARM] "c:\program files\common files\adobe\arm\1.0\AdobeARM.exe"
mRun: [DivXUpdate] "c:\program files\divx\divx update\DivXUpdate.exe" /CHECKNOW
mRun: [DivX Download Manager] "c:\program files\divx\divx plus web player\DDmService.exe" start
StartupFolder: c:\users\eiss\appdata\roaming\micros~1\windows\startm~1\programs\startup\openof~1.lnk - c:\program files\openoffice.org 3\program\quickstart.exe
StartupFolder: c:\progra~2\micros~1\windows\startm~1\programs\startup\blueto~1.lnk - c:\program files\toshiba\bluetooth toshiba stack\TosBtMng.exe
StartupFolder: c:\progra~2\micros~1\windows\startm~1\programs\startup\mcafee~1.lnk - c:\program files\mcafee security scan\2.0.181\SSScheduler.exe
StartupFolder: c:\progra~2\micros~1\windows\startm~1\programs\startup\monito~1.lnk - c:\apache\bin\ApacheMonitor.exe
mPolicies-explorer: BindDirectlyToPropertySetStorage = 0 (0x0)
mPolicies-system: EnableLUA = 0 (0x0)
mPolicies-system: EnableUIADesktopToggle = 0 (0x0)
IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - c:\program files\windows live\writer\WriterBrowserExtension.dll
DPF: {67DABFBF-D0AB-41FA-9C46-CC0F21721616} - hxxp://download.divx.com/player/DivXBrowserPlugin.cab
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - c:\progra~1\common~1\skype\SKYPE4~1.DLL
Notify: igfxcui - igfxdev.dll

================= FIREFOX ===================

FF - ProfilePath - c:\users\eiss\appdata\roaming\mozilla\firefox\profiles\07mr9ht7.default\
FF - prefs.js: browser.search.defaulturl - hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT2260173&SearchSource=3&q={searchTerms}
FF - prefs.js: browser.search.selectedEngine - Search
FF - prefs.js: browser.startup.homepage - hxxp://www.google.com
FF - component: c:\program files\mozilla firefox\extensions\{ab2ce124-6272-4b12-94a9-7303c7397bd1}\components\SkypeFfComponent.dll
FF - plugin: c:\program files\divx\divx ovs helper\npovshelper.dll
FF - plugin: c:\program files\divx\divx plus web player\npdivx32.dll
FF - plugin: c:\program files\google\google earth\plugin\npgeplugin.dll
FF - plugin: c:\program files\google\update\1.2.183.39\npGoogleOneClick8.dll
FF - plugin: c:\program files\mozilla firefox\plugins\npdeployJava1.dll
FF - plugin: c:\program files\windows live\photo gallery\NPWLPG.dll
FF - plugin: c:\users\eiss\appdata\local\yahoo!\browserplus\2.9.8\plugins\npybrowserplus_2.9.8.dll
FF - plugin: c:\users\eiss\appdata\roaming\facebook\npfbplugin_1_0_3.dll
FF - Ext: Default: {972ce4c6-7e08-4474-a285-3208198ce6fd} - c:\program files\mozilla firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
FF - Ext: Skype extension for Firefox: {AB2CE124-6272-4b12-94A9-7303C7397BD1} - c:\program files\mozilla firefox\extensions\{AB2CE124-6272-4b12-94A9-7303C7397BD1}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0018-ABCDEFFEDCBA} - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0018-ABCDEFFEDCBA}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA} - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}
FF - Ext: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - %profile%\extensions\{20a82645-c095-46ed-80e3-08825760534b}
FF - Ext: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\microsoft.net\framework\v3.5\windows presentation foundation\DotNetAssistantExtension
FF - Ext: DivX Plus Web Player HTML5 &lt;video&gt;: {23fcfd51-4958-4f00-80a3-ae97e717ed8b} - c:\program files\divx\divx plus web player\firefox\html5video
FF - Ext: DivX HiQ: {6904342A-8307-11DF-A508-4AE2DFD72085} - c:\program files\divx\divx plus web player\firefox\wpa

---- FIREFOX POLICIES ----
FF - user.js: yahoo.ytff.general.dontshowhpoffer - true);user_pref(yahoo.homepage.dontask, true
============= SERVICES / DRIVERS ===============

R2 Apache2.2;Apache2.2;c:\apache\bin\httpd.exe [2010-3-4 24645]
R2 SMA8.0.83.17;Software Management Agent 8.0.83.17;c:\svctools\8.0.83.17\bin\lnchr.exe [2009-12-1 532480]
S2 gupdate1cac8812357290;Google Update Service (gupdate1cac8812357290);c:\program files\google\update\GoogleUpdate.exe [2010-3-20 133104]
S3 McComponentHostService;McAfee Security Scan Component Host Service;c:\program files\mcafee security scan\2.0.181\McCHSvc.exe [2010-1-15 227232]

=============== Created Last 30 ================

2010-12-26 14:23:57 -------- d-----w- C:\enterprise
2010-12-25 14:56:48 -------- d-----w- c:\users\eiss\appdata\roaming\Local
2010-12-18 12:02:16 35 ----a-w- c:\users\eiss\appdata\roaming\SetValue.bat
2010-12-18 12:02:15 691 ----a-w- c:\users\eiss\appdata\roaming\GetValue.vbs
2010-12-18 11:38:18 4716 ----a-w- c:\windows\system32\tmp.reg
2010-12-16 11:32:22 6273872 ----a-w- c:\progra~2\microsoft\windows defender\definition updates\{bcfcd465-aae6-474b-8d0a-6fb8646a666f}\mpengine.dll
2010-12-14 17:13:01 -------- d-----w- c:\progra~2\pEgDo06511
2010-12-09 11:08:38 -------- d-----w- c:\program files\World of Warcraft
2010-12-09 11:08:38 -------- d-----w- c:\program files\common files\Blizzard Entertainment
2010-12-09 11:00:27 -------- d-----w- c:\progra~2\Blizzard Entertainment

==================== Find3M ====================

2010-11-12 00:44:54 94208 ----a-w- c:\windows\system32\dpl100.dll
2010-11-08 22:57:04 353592 ----a-w- c:\windows\system32\DivXControlPanelApplet.cpl
2010-10-19 15:41:44 222080 ----a-w- c:\windows\system32\MpSigStub.exe

=================== ROOTKIT ====================

Stealth MBR rootkit/Mebroot/Sinowal/TDL4 detector 0.4.2 by Gmer, http://www.gmer.net
Windows 6.0.6002 Disk: WDC_WD1600BEVT-75ZCT2 rev.11.01A11 -> Harddisk0\DR0 -> \Device\Ide\IdePort0 P0T0L0-0

device: opened successfully
user: MBR read successfully

Disk trace:
called modules: ntkrnlpa.exe CLASSPNP.SYS disk.sys >>UNKNOWN [0x84FDD555]<<
_asm { PUSH EBP; MOV EBP, ESP; PUSH ECX; MOV EAX, [EBP+0x8]; CMP EAX, [0x84fe37b0]; MOV EAX, [0x84fe382c]; PUSH EBX; PUSH ESI; MOV ESI, [EBP+0xc]; MOV EBX, [ESI+0x60]; PUSH EDI; JNZ 0x20; MOV [EBP+0x8], EAX; }
1 ntkrnlpa!IofCallDriver[0x81A88962] -> \Device\Harddisk0\DR0[0x84451318]
3 CLASSPNP[0x85FA18B3] -> ntkrnlpa!IofCallDriver[0x81A88962] -> [0x8502F290]
\Driver\atapi[0x84451130] -> IRP_MJ_CREATE -> 0x84FDD555
kernel: MBR read successfully
_asm { XOR AX, AX; MOV SS, AX; MOV SP, 0x7c00; MOV ES, AX; MOV DS, AX; MOV SI, 0x7c00; MOV DI, 0x600; MOV CX, 0x200; CLD ; REP MOVSB ; PUSH AX; PUSH 0x61c; RETF ; STI ; PUSHA ; MOV CX, 0x132; MOV BP, 0x62a; ROR BYTE [BP+0x0], CL; INC BP; }
detected disk devices:
\Device\Ide\IdeDeviceP0T0L0-0 -> \??\IDE#DiskWDC_WD1600BEVT-75ZCT2___________________11.01A11#5&205179cd&0&0.0.0#{53f56307-b6bf-11d0-94f2-00a0c91efb8b} device not found
detected hooks:
user != kernel MBR !!!
sectors 312581806 (+255): user != kernel
Warning: possible TDL4 rootkit infection !
TDL4 rootkit infection detected ! Use: "mbr.exe -f" to fix.

============= FINISH: 6:50:41.70 ===============

UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
IF REQUESTED, ZIP IT UP & ATTACH IT

DDS (Ver_10-12-12.02)

Microsoft® Windows Vista™ Home Basic
Boot Device: \Device\HarddiskVolume3
Install Date: 12/1/2009 06:56:19
System Uptime: 12/29/2010 06:40:21 (0 hours ago)

Motherboard: Dell Inc. | | 0Y487G
Processor: Intel® Celeron® CPU 560 @ 2.13GHz | Microprocessor | 2128/133mhz

==== Disk Partitions =========================

C: is FIXED (NTFS) - 134 GiB total, 69.977 GiB free.
D: is FIXED (NTFS) - 15 GiB total, 8.593 GiB free.
E: is CDROM ()

==== Disabled Device Manager Items =============

==== System Restore Points ===================

RP308: 12/12/2010 10:22:37 - Scheduled Checkpoint
RP309: 12/13/2010 12:46:24 - Scheduled Checkpoint
RP310: 12/14/2010 06:11:39 - Windows Update

==== Installed Programs ======================

Acrobat.com
Adobe AIR
Adobe Flash Player 10 ActiveX
Adobe Flash Player 10 Plugin
Adobe Reader 9.4.1
Apache HTTP Server 2.2.15
Bluetooth Stack for Windows by Toshiba
Chikka TXT Messenger (3.0.45)
Compatibility Pack for the 2007 Office system
Conexant HD Audio
Core FTP LE 2.1
Corel Paint Shop Pro X
Dell Backup and Recovery Manager
Dell ServicesReady
Dell Touchpad
DivX Setup
Facebook Plug-In
Google Chrome
Google Earth Plug-in
Google Update Helper
HDAUDIO Soft Data Fax Modem with SmartCP
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB953595)
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB958484)
Java Auto Updater
Java™ 6 Update 20
Junk Mail filter update
McAfee Security Scan Plus
Microsoft .NET Framework 3.5 SP1
Microsoft Application Error Reporting
Microsoft Choice Guard
Microsoft Corporation
Microsoft Default Manager
Microsoft LifeCam
Microsoft Office PowerPoint Viewer 2007 (English)
Microsoft Search Enhancement Pack
Microsoft Silverlight
Microsoft SQL Server 2005 Compact Edition [ENU]
Microsoft Sync Framework Runtime Native v1.0 (x86)
Microsoft Sync Framework Services Native v1.0 (x86)
Microsoft Visual C++ 2005 Redistributable
Microsoft Works
Mozilla Firefox (3.6.13)
MSVCRT
MSXML 4.0 SP2 (KB954430)
MSXML 4.0 SP2 (KB973688)
MyHeritage Family Tree Builder
MySQL Server 5.1
NetBeans IDE 6.8
Norton Security Scan
OGA Notifier 2.0.0048.0
OpenOffice.org 3.2
PHP 5.2.13
PowerDVD
Roxio Activation Module
Roxio Creator Audio
Roxio Creator BDAV Plugin
Roxio Creator Copy
Roxio Creator Data
Roxio Creator DE
Roxio Creator Tools
Roxio Express Labeler 3
Roxio Update Manager
RS2Bot
Security Update for Microsoft .NET Framework 3.5 SP1 (KB2416473)
Skype Toolbars
Skype™ 4.2
Sonic CinePlayer Decoder Pack
Update for Microsoft .NET Framework 3.5 SP1 (KB963707)
VC80CRTRedist - 8.0.50727.4053
VLC media player 1.0.5
Windows Live Call
Windows Live Communications Platform
Windows Live Essentials
Windows Live Mail
Windows Live Messenger
Windows Live Movie Maker
Windows Live Photo Gallery
Windows Live Sign-in Assistant
Windows Live Sync
Windows Live Toolbar
Windows Live Upload Tool
Windows Live Writer
World of Warcraft
Yahoo! BrowserPlus 2.9.8
Yahoo! Messenger
Yahoo! Software Update
Yahoo! Toolbar

==== Event Viewer Messages From Past Week ========

12/29/2010 06:42:27, Error: Service Control Manager [7000] - The Parallel port driver service failed to start due to the following error: The service cannot be started, either because it is disabled or because it has no enabled devices associated with it.
12/29/2010 06:41:14, Error: Microsoft-Windows-WLAN-AutoConfig [10000] - WLAN Extensibility Module has failed to start. Module Path: C:\Windows\system32\athihvs.dll Error Code: 126
12/29/2010 06:34:06, Error: Service Control Manager [7026] - The following boot-start or system-start driver(s) failed to load: spldr Tosrfcom Wanarpv6
12/29/2010 06:34:06, Error: Service Control Manager [7001] - The Computer Browser service depends on the Server service which failed to start because of the following error: The dependency service or group failed to start.
12/29/2010 06:33:29, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service WSearch with arguments "" in order to run the server: {9E175B6D-F52A-11D8-B9A5-505054503030}
12/29/2010 06:33:23, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service WSearch with arguments "" in order to run the server: {7D096C5F-AC08-4F1F-BEB7-5C22C517CE39}
12/29/2010 06:33:16, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service EventSystem with arguments "" in order to run the server: {1BE1F766-5536-11D1-B726-00C04FB926AF}
12/29/2010 06:33:09, Error: Microsoft-Windows-WLAN-AutoConfig [10000] - WLAN Extensibility Module has failed to start. Module Path: C:\Windows\system32\athihvs.dll Error Code: 21
12/29/2010 06:33:07, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service ShellHWDetection with arguments "" in order to run the server: {DD522ACC-F821-461A-A407-50B198B896DC}
12/29/2010 06:32:39, Error: EventLog [6008] - The previous system shutdown at 6:30:58 AM on 12/29/2010 was unexpected.
12/29/2010 06:11:12, Error: EventLog [6008] - The previous system shutdown at 6:07:06 AM on 12/29/2010 was unexpected.
12/29/2010 06:03:19, Error: EventLog [6008] - The previous system shutdown at 6:01:58 AM on 12/29/2010 was unexpected.
12/29/2010 05:59:16, Error: EventLog [6008] - The previous system shutdown at 1:36:15 PM on 12/28/2010 was unexpected.
12/28/2010 06:02:30, Error: EventLog [6008] - The previous system shutdown at 1:11:24 PM on 12/26/2010 was unexpected.
12/26/2010 09:09:37, Error: EventLog [6008] - The previous system shutdown at 9:07:51 AM on 12/26/2010 was unexpected.
12/26/2010 08:54:07, Error: EventLog [6008] - The previous system shutdown at 1:16:04 PM on 12/25/2010 was unexpected.
12/25/2010 11:19:00, Error: Service Control Manager [7032] - The Service Control Manager tried to take a corrective action (Restart the service) after the unexpected termination of the Windows Management Instrumentation service, but this action failed with the following error: An instance of the service is already running.
12/25/2010 11:18:58, Error: Service Control Manager [7032] - The Service Control Manager tried to take a corrective action (Restart the service) after the unexpected termination of the Background Intelligent Transfer Service service, but this action failed with the following error: An instance of the service is already running.
12/25/2010 10:06:29, Error: Service Control Manager [7032] - The Service Control Manager tried to take a corrective action (Restart the service) after the unexpected termination of the Remote Access Connection Manager service, but this action failed with the following error: An instance of the service is already running.
12/25/2010 09:52:13, Error: EventLog [6008] - The previous system shutdown at 12:39:43 PM on 12/23/2010 was unexpected.
12/23/2010 06:00:02, Error: EventLog [6008] - The previous system shutdown at 1:01:03 PM on 12/21/2010 was unexpected.

==== End Of File ===========================

RkU Version: 3.8.388.590, Type LE (SR2)
==============================================
OS Name: Windows Vista
Version 6.0.6002 (Service Pack 2)
Number of processors #1
==============================================
>Drivers
==============================================
0x8900F000 C:\Windows\system32\DRIVERS\igdkmd32.sys 7196672 bytes (Intel Corporation, Intel Graphics Kernel Mode Driver)
0x81A44000 C:\Windows\system32\ntkrnlpa.exe 3903488 bytes (Microsoft Corporation, NT Kernel & System)
0x81A44000 PnpManager 3903488 bytes
0x81A44000 RAW 3903488 bytes
0x81A44000 WMIxWDM 3903488 bytes
0x814C0000 Win32k 2109440 bytes
0x814C0000 C:\Windows\System32\win32k.sys 2109440 bytes (Microsoft Corporation, Multi-User Win32 Driver)
0x85E04000 C:\Windows\System32\Drivers\Ntfs.sys 1114112 bytes (Microsoft Corporation, NT File System Driver)
0x820C9000 C:\Windows\system32\drivers\ndis.sys 1093632 bytes (Microsoft Corporation, NDIS 6.0 wrapper driver)
0x89E44000 C:\Windows\system32\DRIVERS\HSX_DPV.sys 1056768 bytes (Conexant Systems, Inc., HSF_DP driver)
0x8223D000 C:\Windows\System32\drivers\tcpip.sys 958464 bytes (Microsoft Corporation, TCP/IP Driver)
0x89A01000 C:\Windows\system32\DRIVERS\athr.sys 933888 bytes (Atheros Communications, Inc., Atheros Extensible Wireless LAN device driver)
0x804D8000 C:\Windows\system32\CI.dll 917504 bytes (Microsoft Corporation, Code Integrity Module)
0xA5F02000 C:\Windows\system32\drivers\peauth.sys 909312 bytes (Microsoft Corporation, Protected Environment Authentication and Authorization Export Driver)
0x89F46000 C:\Windows\system32\DRIVERS\HSX_CNXT.sys 741376 bytes (Conexant Systems, Inc., HSF_CNXT driver)
0xA585F000 C:\Windows\system32\drivers\spsys.sys 720896 bytes (Microsoft Corporation, security processor)
0x896EC000 C:\Windows\System32\drivers\dxgkrnl.sys 651264 bytes (Microsoft Corporation, DirectX Graphics Kernel)
0x82342000 C:\Windows\system32\DRIVERS\HDAudBus.sys 577536 bytes (Microsoft Corporation, High Definition Audio Bus Driver)
0x80606000 C:\Windows\system32\drivers\Wdf01000.sys 507904 bytes (Microsoft Corporation, WDF Dynamic)
0x82058000 C:\Windows\System32\Drivers\ksecdd.sys 462848 bytes (Microsoft Corporation, Kernel Security Support Provider Interface)
0x8040E000 C:\Windows\system32\mcupdate_GenuineIntel.dll 458752 bytes (Microsoft Corporation, Intel Microcode Update Library)
0xA590F000 C:\Windows\system32\drivers\HTTP.sys 446464 bytes (Microsoft Corporation, HTTP Protocol Stack)
0xA5E98000 C:\Windows\System32\DRIVERS\srv.sys 319488 bytes (Microsoft Corporation, Server driver)
0x80738000 C:\Windows\System32\drivers\volmgrx.sys 303104 bytes (Microsoft Corporation, Volume Manager Extension Driver)
0x8A081000 C:\Windows\system32\drivers\afd.sys 294912 bytes (Microsoft Corporation, Ancillary Function Driver for WinSock)
0x8068F000 C:\Windows\system32\drivers\acpi.sys 286720 bytes (Microsoft Corporation, ACPI Driver for NT)
0x80497000 C:\Windows\system32\CLFS.SYS 266240 bytes (Microsoft Corporation, Common Log File System Driver)
0x89C0F000 C:\Windows\system32\DRIVERS\storport.sys 266240 bytes (Microsoft Corporation, Microsoft Storage Port Driver)
0x897A2000 C:\Windows\system32\DRIVERS\USBPORT.SYS 253952 bytes (Microsoft Corporation, USB 1.1 & 2.0 Port Driver)
0x89E07000 C:\Windows\system32\DRIVERS\HSXHWAZL.sys 249856 bytes (Conexant Systems, Inc., HSF_HWAZL WDM driver)
0x8A132000 C:\Windows\system32\DRIVERS\rdbss.sys 245760 bytes (Microsoft Corporation, Redirected Drive Buffering SubSystem Driver)
0x82202000 C:\Windows\system32\drivers\NETIO.SYS 241664 bytes (Microsoft Corporation, Network I/O Subsystem)
0x89D7C000 C:\Windows\system32\drivers\CHDRT32.sys 237568 bytes (Conexant Systems Inc., High Definition Audio Function Driver)
0xA5E1F000 C:\Windows\system32\DRIVERS\mrxsmb10.sys 233472 bytes (Microsoft Corporation, Longhorn SMB Downlevel SubRdr)
0x85F14000 C:\Windows\system32\drivers\volsnap.sys 233472 bytes (Microsoft Corporation, Volume Shadow Copy Driver)
0x89D2B000 C:\Windows\system32\DRIVERS\usbhub.sys 217088 bytes (Microsoft Corporation, Default Hub Driver for USB)
0x81A11000 ACPI_HAL 208896 bytes
0x81A11000 C:\Windows\system32\hal.dll 208896 bytes (Microsoft Corporation, Hardware Abstraction Layer DLL)
0x8200C000 C:\Windows\system32\drivers\fltmgr.sys 204800 bytes (Microsoft Corporation, Microsoft Filesystem Filter Manager)
0x8A0C9000 C:\Windows\System32\DRIVERS\netbt.sys 204800 bytes (Microsoft Corporation, MBT Transport driver)
0x823CF000 C:\Windows\system32\DRIVERS\msiscsi.sys 192512 bytes (Microsoft Corporation, Microsoft iSCSI Initiator Driver)
0x80797000 C:\Windows\system32\DRIVERS\pcmcia.sys 184320 bytes (Microsoft Corporation, PCMCIA Bus Driver)
0x89DB6000 C:\Windows\system32\drivers\portcls.sys 184320 bytes (Microsoft Corporation, Port Class (Class Driver for Port/Miniport Devices))
0x89B63000 C:\Windows\system32\DRIVERS\Apfiltr.sys 180224 bytes (Alps Electric Co., Ltd., Alps Touch Pad Driver)
0x821D4000 C:\Windows\system32\drivers\msrpc.sys 176128 bytes (Microsoft Corporation, Kernel Remote Procedure Call Provider)
0x89CEA000 C:\Windows\system32\DRIVERS\ks.sys 172032 bytes (Microsoft Corporation, Kernel CSA Library)
0xA5818000 C:\Windows\system32\DRIVERS\nwifi.sys 172032 bytes (Microsoft Corporation, NativeWiFi Miniport Driver)
0xA7602000 C:\Windows\System32\Drivers\fastfat.SYS 163840 bytes (Microsoft Corporation, Fast FAT File System Driver)
0xA5E70000 C:\Windows\System32\DRIVERS\srv2.sys 163840 bytes (Microsoft Corporation, Smb 2.0 Server driver)
0x85F64000 C:\Windows\System32\drivers\ecache.sys 159744 bytes (Microsoft Corporation, Special Memory Device Cache)
0x806E6000 C:\Windows\system32\drivers\pci.sys 159744 bytes (Microsoft Corporation, NT Plug and Play PCI Enumerator)
0x805D6000 C:\Windows\system32\drivers\drmk.sys 151552 bytes (Microsoft Corporation, Microsoft Kernel DRM Descrambler Filter)
0x89C7D000 C:\Windows\system32\DRIVERS\ndiswan.sys 143360 bytes (Microsoft Corporation, MS PPP Framing Driver (Strong Encryption))
0x89AE5000 C:\Windows\system32\DRIVERS\Rtlh86.sys 139264 bytes (Realtek Corporation , Realtek 8101E/8168/8169 NDIS6 32-bit Driver )
0x85F9C000 C:\Windows\system32\drivers\CLASSPNP.SYS 135168 bytes (Microsoft Corporation, SCSI Class System Dll)
0xA59C7000 C:\Windows\system32\drivers\mrxdav.sys 135168 bytes (Microsoft Corporation, Windows NT WebDav Minirdr)
0x8A19C000 C:\Windows\system32\DRIVERS\tosrfbd.sys 135168 bytes (TOSHIBA CORPORATION, Bluetooth RF Bus Driver)
0x8A004000 C:\Windows\System32\drivers\VIDEOPRT.SYS 135168 bytes (Microsoft Corporation, Video Port Driver)
0xA5E00000 C:\Windows\system32\DRIVERS\mrxsmb.sys 126976 bytes (Microsoft Corporation, Windows NT SMB Minirdr)
0x805B8000 C:\Windows\system32\drivers\ataport.SYS 122880 bytes (Microsoft Corporation, ATAPI Driver Extension)
0xA597C000 C:\Windows\System32\DRIVERS\srvnet.sys 118784 bytes (Microsoft Corporation, Server Network driver)
0x82327000 C:\Windows\System32\drivers\fwpkclnt.sys 110592 bytes (Microsoft Corporation, FWP/IPsec Kernel-Mode API)
0x807E3000 C:\Windows\system32\drivers\luafv.sys 110592 bytes (Microsoft Corporation, LUA File Virtualization Filter Driver)
0x89B25000 C:\Windows\system32\DRIVERS\sdbus.sys 106496 bytes (Microsoft Corporation, SecureDigital Bus Driver)
0xA5999000 C:\Windows\system32\DRIVERS\bowser.sys 102400 bytes (Microsoft Corporation, NT Lan Manager Datagram Receiver Driver)
0x89BA5000 C:\Windows\system32\DRIVERS\cdrom.sys 98304 bytes (Microsoft Corporation, SCSI CD-ROM Driver)
0xA5E58000 C:\Windows\system32\DRIVERS\mrxsmb20.sys 98304 bytes (Microsoft Corporation, Longhorn SMB 2.0 Redirector)
0x8A178000 C:\Windows\System32\Drivers\dfsc.sys 94208 bytes (Microsoft Corporation, DFS Namespace Client Driver)
0x89C5B000 C:\Windows\system32\DRIVERS\rasl2tp.sys 94208 bytes (Microsoft Corporation, RAS L2TP mini-port/call-manager driver)
0xA7648000 C:\Windows\system32\DRIVERS\cdfs.sys 90112 bytes (Microsoft Corporation, CD-ROM File System Driver)
0x8A0FB000 C:\Windows\system32\DRIVERS\pacer.sys 90112 bytes (Microsoft Corporation, QoS Packet Scheduler)
0x8A057000 C:\Windows\system32\DRIVERS\tdx.sys 90112 bytes (Microsoft Corporation, TDI Translation Driver)
0xA59B2000 C:\Windows\System32\drivers\mpsdrv.sys 86016 bytes (Microsoft Corporation, Microsoft Protection Service Driver)
0x89CC3000 C:\Windows\system32\DRIVERS\rassstp.sys 86016 bytes (Microsoft Corporation, RAS SSTP Miniport Call Manager)
0x89CAF000 C:\Windows\system32\DRIVERS\raspptp.sys 81920 bytes (Microsoft Corporation, Peer-to-Peer Tunneling Protocol)
0x8A06D000 C:\Windows\system32\DRIVERS\smb.sys 81920 bytes (Microsoft Corporation, SMB Transport driver)
0x89B50000 C:\Windows\system32\DRIVERS\i8042prt.sys 77824 bytes (Microsoft Corporation, i8042 Port Driver)
0xA584C000 C:\Windows\system32\DRIVERS\rspndr.sys 77824 bytes (Microsoft Corporation, Link-Layer Topology Responder Driver for NDIS 6)
0x8A1BD000 C:\Windows\system32\DRIVERS\Tosrfhid.sys 77824 bytes (TOSHIBA Corporation., Bluetooth HID Driver from TOSHIBA)
0x8A11F000 C:\Windows\system32\DRIVERS\wanarp.sys 77824 bytes (Microsoft Corporation, MS Remote Access and Routing ARP Driver)
0x85F8B000 C:\Windows\system32\drivers\disk.sys 69632 bytes (Microsoft Corporation, PnP Disk Driver)
0x89D6B000 C:\Windows\System32\Drivers\NDProxy.SYS 69632 bytes (Microsoft Corporation, NDIS Proxy)
0x8047E000 C:\Windows\system32\PSHED.dll 69632 bytes (Microsoft Corporation, Platform Specific Hardware Error Driver)
0x89B3F000 C:\Windows\system32\DRIVERS\rimmptsk.sys 69632 bytes (REDC, RICOH SD Driver)
0x8203E000 C:\Windows\system32\drivers\fileinfo.sys 65536 bytes (Microsoft Corporation, FileInfo Filter Driver)
0x8A1E7000 C:\Windows\system32\DRIVERS\HIDCLASS.SYS 65536 bytes (Microsoft Corporation, Hid Class Library)
0xA5808000 C:\Windows\system32\DRIVERS\lltdio.sys 65536 bytes (Microsoft Corporation, Link-Layer Topology Mapper I/O Driver)
0x807CB000 C:\Windows\System32\drivers\mountmgr.sys 65536 bytes (Microsoft Corporation, Mount Point Manager)
0x89B07000 C:\Windows\system32\DRIVERS\ohci1394.sys 65536 bytes (Microsoft Corporation, 1394 OpenHCI Port Driver)
0x89CD8000 C:\Windows\system32\DRIVERS\termdd.sys 65536 bytes (Microsoft Corporation, Terminal Server Driver)
0x89BD9000 C:\Windows\System32\Drivers\tosrfcom.sys 65536 bytes (TOSHIBA Corporation, Bluetooth RFCOMM Driver)
0x89BCA000 C:\Windows\system32\DRIVERS\intelppm.sys 61440 bytes (Microsoft Corporation, Processor Device Driver)
0x85FD0000 C:\Windows\system32\DRIVERS\monitor.sys 61440 bytes (Microsoft Corporation, Monitor Driver)
0x85F55000 C:\Windows\System32\Drivers\mup.sys 61440 bytes (Microsoft Corporation, Multiple UNC Provider driver)
0x8070D000 C:\Windows\System32\drivers\partmgr.sys 61440 bytes (Microsoft Corporation, Partition Management Driver)
0x89CA0000 C:\Windows\system32\DRIVERS\raspppoe.sys 61440 bytes (Microsoft Corporation, RAS PPPoE mini-port/call-manager driver)
0x897E0000 C:\Windows\system32\DRIVERS\usbehci.sys 61440 bytes (Microsoft Corporation, EHCI eUSB Miniport Driver)
0x80729000 C:\Windows\system32\drivers\volmgr.sys 61440 bytes (Microsoft Corporation, Volume Manager Driver)
0x89B17000 C:\Windows\system32\DRIVERS\1394BUS.SYS 57344 bytes (Microsoft Corporation, 1394 Bus Device Driver)
0x81700000 C:\Windows\System32\cdd.dll 57344 bytes (Microsoft Corporation, Canonical Display Driver)
0x8A111000 C:\Windows\system32\DRIVERS\netbios.sys 57344 bytes (Microsoft Corporation, NetBIOS interface driver)
0x8A040000 C:\Windows\System32\Drivers\Npfs.SYS 57344 bytes (Microsoft Corporation, NPFS Driver)
0x80789000 C:\Windows\system32\DRIVERS\PCIIDEX.SYS 57344 bytes (Microsoft Corporation, PCI IDE Bus Driver Extension)
0x89BF1000 C:\Windows\System32\Drivers\crashdmp.sys 53248 bytes (Microsoft Corporation, Crash Dump Driver)
0x89DE3000 C:\Windows\system32\drivers\modem.sys 53248 bytes (Microsoft Corporation, Modem Device Driver)
0x89D1E000 C:\Windows\system32\DRIVERS\umbus.sys 53248 bytes (Microsoft Corporation, User-Mode Bus Enumerator)
0x80682000 C:\Windows\system32\drivers\WDFLDR.SYS 53248 bytes (Microsoft Corporation, WDFLDR)
0xA7634000 C:\Windows\System32\drivers\tcpipreg.sys 49152 bytes (Microsoft Corporation, TCP/IP Registry Compatibility Driver)
0x89C00000 C:\Windows\System32\drivers\vga.sys 49152 bytes (Microsoft Corporation, VGA/Super VGA Video Driver)
0x8978B000 C:\Windows\System32\drivers\watchdog.sys 49152 bytes (Microsoft Corporation, Watchdog Driver)
0x897EF000 C:\Windows\System32\Drivers\dump_dumpata.sys 45056 bytes
0x89B9A000 C:\Windows\system32\DRIVERS\kbdclass.sys 45056 bytes (Microsoft Corporation, Keyboard Class Driver)
0x89B8F000 C:\Windows\system32\DRIVERS\mouclass.sys 45056 bytes (Microsoft Corporation, Mouse Class Driver)
0x8A035000 C:\Windows\System32\Drivers\Msfs.SYS 45056 bytes (Microsoft Corporation, Mailslot driver)
0x89C72000 C:\Windows\system32\DRIVERS\ndistapi.sys 45056 bytes (Microsoft Corporation, NDIS 3.0 connection wrapper driver)
0x89C50000 C:\Windows\system32\DRIVERS\TDI.SYS 45056 bytes (Microsoft Corporation, TDI Wrapper)
0x89D60000 C:\Windows\system32\DRIVERS\tosporte.sys 45056 bytes (TOSHIBA Corporation, TOSHIBA Bluetooth Port Emulation Driver)
0x8A18F000 C:\Windows\system32\DRIVERS\tosrfusb.sys 45056 bytes (TOSHIBA CORPORATION, Bluetooth USB Miniport Driver)
0x85FE6000 C:\Windows\system32\DRIVERS\tunnel.sys 45056 bytes (Microsoft Corporation, Microsoft Tunnel Interface Driver)
0x89797000 C:\Windows\system32\DRIVERS\usbuhci.sys 45056 bytes (Microsoft Corporation, UHCI USB Miniport Driver)
0x8071F000 C:\Windows\system32\DRIVERS\BATTC.SYS 40960 bytes (Microsoft Corporation, Battery Class Driver)
0x85FC6000 C:\Windows\System32\drivers\Dxapi.sys 40960 bytes (Microsoft Corporation, DirectX API Driver)
0x89D14000 C:\Windows\system32\DRIVERS\mssmbios.sys 40960 bytes (Microsoft Corporation, System Management BIOS Driver)
0xA5842000 C:\Windows\system32\DRIVERS\ndisuio.sys 40960 bytes (Microsoft Corporation, NDIS User mode I/O driver)
0x8A16E000 C:\Windows\system32\drivers\nsiproxy.sys 40960 bytes (Microsoft Corporation, NSI Proxy)
0x8204E000 C:\Windows\System32\Drivers\PxHelp20.sys 40960 bytes (Sonic Solutions, Px Engine Device Driver for Windows 2000/XP)
0xA762A000 C:\Windows\System32\Drivers\secdrv.SYS 40960 bytes (Macrovision Corporation, Macrovision Europe Limited, and Macrovision Japan and Asia K.K., Macrovision SECURITY Driver)
0x85FBD000 C:\Windows\system32\drivers\crcdisk.sys 36864 bytes (Microsoft Corporation, Disk Block Verification Filter Driver)
0x89DF0000 C:\Windows\System32\Drivers\Fs_Rec.SYS 36864 bytes (Microsoft Corporation, File System Recognizer Driver)
0x8A1DE000 C:\Windows\system32\DRIVERS\hidusb.sys 36864 bytes (Microsoft Corporation, USB Miniport Driver for Input Devices)
0xA7665000 C:\Windows\System32\Drivers\Normandy.SYS 36864 bytes (RKU Driver)
0x8A04E000 C:\Windows\System32\DRIVERS\rasacd.sys 36864 bytes (Microsoft Corporation, RAS Automatic Connection Driver)
0x8A1D0000 C:\Windows\System32\Drivers\tosrfbnp.sys 36864 bytes (TOSHIBA Corporation, Bluetooth RFBNEP Driver)
0x816E0000 C:\Windows\System32\TSDDD.dll 36864 bytes (Microsoft Corporation, Framebuffer Display Driver)
0x85FF1000 C:\Windows\system32\DRIVERS\tunmp.sys 36864 bytes (Microsoft Corporation, Microsoft Tunnel Interface Driver)
0x89BC1000 C:\Windows\system32\DRIVERS\wmiacpi.sys 36864 bytes (Microsoft Corporation, Windows Management Interface for ACPI)
0x806D5000 C:\Windows\system32\drivers\WMILIB.SYS 36864 bytes (Microsoft Corporation, WMILIB WMI support library Dll)
0x807DB000 C:\Windows\system32\drivers\atapi.sys 32768 bytes (Microsoft Corporation, ATAPI IDE Miniport Driver)
0x8048F000 C:\Windows\system32\BOOTVID.dll 32768 bytes (Microsoft Corporation, VGA Boot Driver)
0x89000000 C:\Windows\System32\Drivers\dump_atapi.sys 32768 bytes
0x89BE9000 C:\Windows\system32\DRIVERS\mouhid.sys 32768 bytes (Microsoft Corporation, HID Mouse Filter Driver)
0x806DE000 C:\Windows\system32\drivers\msisadrv.sys 32768 bytes (Microsoft Corporation, ISA Driver)
0x8A025000 C:\Windows\System32\DRIVERS\RDPCDD.sys 32768 bytes (Microsoft Corporation, RDP Miniport)
0x8A02D000 C:\Windows\system32\drivers\rdpencdd.sys 32768 bytes (Microsoft Corporation, RDP Miniport)
0x85F4D000 C:\Windows\System32\Drivers\spldr.sys 32768 bytes (Microsoft Corporation, loader for security processor)
0xA7640000 C:\Windows\system32\DRIVERS\xaudio.sys 32768 bytes (Conexant Systems, Inc., Modem Audio Device Driver)
0x89DF9000 C:\Windows\System32\Drivers\Beep.SYS 28672 bytes (Microsoft Corporation, BEEP Driver)
0x8A1F7000 C:\Windows\system32\DRIVERS\HIDPARSE.SYS 28672 bytes (Microsoft Corporation, Hid Parsing Library)
0x80782000 C:\Windows\system32\DRIVERS\intelide.sys 28672 bytes (Microsoft Corporation, Intel PCI IDE Driver)
0xA765E000 C:\Users\Eiss\AppData\Local\Temp\mbr.sys 28672 bytes
0x89E00000 C:\Windows\System32\Drivers\Null.SYS 28672 bytes (Microsoft Corporation, NULL Driver)
0x807C4000 C:\Windows\system32\drivers\pciide.sys 28672 bytes (Microsoft Corporation, Generic PCI IDE Bus Driver)
0x8A1D9000 C:\Windows\system32\DRIVERS\tosrfnds.sys 20480 bytes (TOSHIBA Corporation., Bluetooth BNEP Driver)
0x89BBD000 C:\Windows\system32\DRIVERS\CmBatt.sys 16384 bytes (Microsoft Corporation, Control Method Battery Driver)
0xA5EFE000 C:\Windows\system32\DRIVERS\mdmxsdk.sys 16384 bytes (Conexant, Diagnostic Interface x86 Driver)
0x8071C000 C:\Windows\system32\DRIVERS\compbatt.sys 12288 bytes (Microsoft Corporation, Composite Battery Driver)
0x851BD000 C:\Windows\system32\kdcom.dll 12288 bytes (Microsoft Corporation, Kernel Debugger HW Extension DLL)
0x89CE8000 C:\Windows\system32\DRIVERS\swenum.sys 8192 bytes (Microsoft Corporation, Plug and Play Software Device Enumerator)
0x8A19A000 C:\Windows\system32\DRIVERS\USBD.SYS 8192 bytes (Microsoft Corporation, Universal Serial Bus Driver)
==============================================
>Stealth
==============================================

#5 ArthurEiss

ArthurEiss
  • Topic Starter

  • Members
  • 7 posts
  • OFFLINE
  •  
  • Local time:10:33 PM

Posted 29 December 2010 - 07:01 AM

Also, FYI: The redirect problems are persistent even in safe mode with networking.

#6 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:11:33 PM

Posted 29 December 2010 - 07:21 AM

Hello

I Would like you to do the following.

Please print out or make a copy in notpad of any instructions given, as sometimes it is necessary to go offline and you will lose access to them.

Run Combofix:

You may be asked to install or update the Recovery Console (Win XP Only) if this happens please allow it to do so (you will need to be connected to the internet for this)

Before you run Combofix I will need you to turn off any security software you have running, If you do not know how to do this you can find out >here< or >here<

Combofix may need to reboot your computer more than once to do its job this is normal.

You can download Combofix from one of these links.
Link 1
Link 2
Link 3
1. Close any open browsers or any other programs that are open.
2. Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.

Double click on combofix.exe & follow the prompts.
When finished, it will produce a report for you.

Note 1: Do not mouseclick combofix's window while it's running. That may cause it to stall

Note 2: If you recieve an error "Illegal operation attempted on a registery key that has been marked for deletion." Please restart the computer

"information and logs"

  • In your next post I need the following
  • Log from Combofix
  • let me know of any problems you may have had
  • How is the computer doing now?

Gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#7 ArthurEiss

ArthurEiss
  • Topic Starter

  • Members
  • 7 posts
  • OFFLINE
  •  
  • Local time:10:33 PM

Posted 29 December 2010 - 08:38 AM

Thank you. Here is the log. Unfortunately the redirects are not resolved. This may be my imagination, but the computer does seem to be running a bit faster in general.

ComboFix 10-12-28.03 - Eiss 12/29/2010 8:18.1.1 - x86
Microsoft® Windows Vista™ Home Basic 6.0.6002.2.1252.1.1033.18.1014.321 [GMT -5:00]
Running from: c:\users\Eiss\Desktop\ComboFix.exe
SP: Windows Defender *Disabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
* Created a new restore point
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\users\Eiss\AppData\Local\{900C78FC-B274-4E59-9DA1-AF4CDE05D1E2}
c:\users\Eiss\AppData\Local\{900C78FC-B274-4E59-9DA1-AF4CDE05D1E2}\chrome\content\overlay.xul
c:\users\Eiss\AppData\Local\{900C78FC-B274-4E59-9DA1-AF4CDE05D1E2}\install.rdf
c:\users\Eiss\AppData\Roaming\8053c48d-4a73-4497-b8a3-7bed64c80b78_44.avi
c:\users\Eiss\AppData\Roaming\Local
c:\users\Eiss\AppData\Roaming\Local\Temp\DDM\Settings\0.ddi
c:\users\Eiss\AppData\Roaming\Local\Temp\DDM\Settings\Inception_Trailer_592.divx.ddr
c:\users\Eiss\AppData\Roaming\Local\Temp\DDM\Settings\settings.ddi
c:\users\Eiss\AppData\Roaming\Local\Temp\DDM\Settings\Temporary Downloaded Files\Inception_Trailer_592.divx
c:\windows\system32\tmp.reg
c:\windows\Temp\_ex-08.exe

.
\\.\PhysicalDrive0 - Bootkit TDL4 was found and disinfected
.
((((((((((((((((((((((((( Files Created from 2010-11-28 to 2010-12-29 )))))))))))))))))))))))))))))))
.

2010-12-29 13:27 . 2010-12-29 13:28 -------- d-----w- c:\users\Eiss\AppData\Local\temp
2010-12-29 13:27 . 2010-12-29 13:27 -------- d-----w- c:\users\Default\AppData\Local\temp
2010-12-26 14:23 . 2010-12-26 14:25 -------- d-----w- C:\enterprise
2010-12-18 12:02 . 2010-12-18 12:02 35 ----a-w- c:\users\Eiss\AppData\Roaming\SetValue.bat
2010-12-18 12:02 . 2010-12-18 12:02 691 ----a-w- c:\users\Eiss\AppData\Roaming\GetValue.vbs
2010-12-16 11:32 . 2010-11-10 04:33 6273872 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{BCFCD465-AAE6-474B-8D0A-6FB8646A666F}\mpengine.dll
2010-12-14 17:13 . 2010-12-14 17:13 -------- d-----w- c:\programdata\pEgDo06511
2010-12-09 17:18 . 2010-12-09 17:18 -------- d-----w- c:\program files\Common Files\Adobe
2010-12-09 11:21 . 2010-12-09 11:21 -------- d-----w- c:\programdata\WindowsSearch
2010-12-09 11:08 . 2010-12-23 12:07 -------- d-----w- c:\program files\World of Warcraft
2010-12-09 11:08 . 2010-12-16 11:26 -------- d-----w- c:\program files\Common Files\Blizzard Entertainment
2010-12-09 11:00 . 2010-12-09 13:03 -------- d-----w- c:\programdata\Blizzard Entertainment

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-11-12 00:44 . 2010-11-12 00:44 94208 ----a-w- c:\windows\system32\dpl100.dll
2010-11-08 22:57 . 2010-11-08 22:57 353592 ----a-w- c:\windows\system32\DivXControlPanelApplet.cpl
2010-10-19 15:41 . 2010-02-24 02:27 222080 ----a-w- c:\windows\system32\MpSigStub.exe
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks]
"{1C4AB6A5-595F-4e86-B15F-F93CCE2BBD48}"= "c:\program files\Family Toolbar\tbhelper.dll" [2009-05-07 355840]

[HKEY_CLASSES_ROOT\clsid\{1c4ab6a5-595f-4e86-b15f-f93cce2bbd48}]
[HKEY_CLASSES_ROOT\URLSearchHook.MHURLSearchHook.1]
[HKEY_CLASSES_ROOT\TypeLib\{1EA6B471-CAD2-419a-9539-0586EEFE2D09}]
[HKEY_CLASSES_ROOT\URLSearchHook.MHURLSearchHook]

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{0C37B053-FD68-456a-82E1-D788EE342E6F}]
2009-05-07 21:46 2642432 ----a-w- c:\program files\Family Toolbar\tbcore3.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
"{FD2FD708-1F6F-4B68-B141-C5778F0C19BB}"= "c:\program files\Family Toolbar\tbcore3.dll" [2009-05-07 2642432]

[HKEY_CLASSES_ROOT\clsid\{fd2fd708-1f6f-4b68-b141-c5778f0c19bb}]
[HKEY_CLASSES_ROOT\MHToolbar.MHToolbar.3]
[HKEY_CLASSES_ROOT\TypeLib\{EC4085F2-8DB3-45a6-AD0B-CA289F3C5D7E}]
[HKEY_CLASSES_ROOT\MHToolbar.MHToolbar]

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\Webbrowser]
"{FD2FD708-1F6F-4B68-B141-C5778F0C19BB}"= "c:\program files\Family Toolbar\tbcore3.dll" [2009-05-07 2642432]

[HKEY_CLASSES_ROOT\clsid\{fd2fd708-1f6f-4b68-b141-c5778f0c19bb}]
[HKEY_CLASSES_ROOT\MHToolbar.MHToolbar.3]
[HKEY_CLASSES_ROOT\TypeLib\{EC4085F2-8DB3-45a6-AD0B-CA289F3C5D7E}]
[HKEY_CLASSES_ROOT\MHToolbar.MHToolbar]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2009-04-11 1233920]
"Messenger (Yahoo!)"="c:\progra~1\Yahoo!\Messenger\YahooMessenger.exe" [2007-08-20 4670704]
"Skype"="c:\program files\Skype\Phone\Skype.exe" [2010-09-02 13351304]
"ChikkaIM"="c:\progra~1\Chikka\Chikka.exe" [2004-04-29 1503232]
"msnmsgr"="c:\program files\Windows Live\Messenger\msnmsgr.exe" [2009-07-26 3883856]
"WMPNSCFG"="c:\program files\Windows Media Player\WMPNSCFG.exe" [2008-01-21 202240]
"Yahoo! Pager"="c:\program files\Yahoo!\Messenger\YahooMessenger.exe" [2007-08-20 4670704]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Apoint"="c:\program files\DellTPad\Apoint.exe" [2008-07-10 163840]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2008-07-10 150040]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2008-07-10 170520]
"Persistence"="c:\windows\system32\igfxpers.exe" [2008-07-10 141848]
"PDVDDXSrv"="c:\program files\CyberLink\PowerDVD DX\PDVDDXSrv.exe" [2008-02-26 128296]
"SMA8.0.83.17"="c:\svctools\8.0.83.17\bin\lnchr.exe" [2009-06-25 532480]
"Microsoft Default Manager"="c:\program files\Microsoft\Search Enhancement Pack\Default Manager\DefMgr.exe" [2009-07-17 288080]
"VX3000"="c:\windows\vVX3000.exe" [2010-03-02 762736]
"LifeCam"="c:\program files\Microsoft LifeCam\LifeExp.exe" [2010-03-02 119152]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2010-02-18 248040]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2010-09-23 35760]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2010-09-21 932288]
"DivXUpdate"="c:\program files\DivX\DivX Update\DivXUpdate.exe" [2010-12-09 1226608]
"DivX Download Manager"="c:\program files\DivX\DivX Plus Web Player\DDmService.exe" [2010-12-08 63360]

c:\users\Eiss\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
OpenOffice.org 3.2.lnk - c:\program files\OpenOffice.org 3\program\quickstart.exe [2009-12-15 384000]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableLUA"= 0 (0x0)
"EnableUIADesktopToggle"= 0 (0x0)

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"mixer1"=wdmaud.drv

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]
@="Driver"

R2 gupdate1cac8812357290;Google Update Service (gupdate1cac8812357290);c:\program files\Google\Update\GoogleUpdate.exe [2010-03-20 133104]
R3 McComponentHostService;McAfee Security Scan Component Host Service;c:\program files\McAfee Security Scan\2.0.181\McCHSvc.exe [2010-01-15 227232]
S2 Apache2.2;Apache2.2;c:\apache\bin\httpd.exe [2010-03-04 24645]
S2 SMA8.0.83.17;Software Management Agent 8.0.83.17;c:\svctools\8.0.83.17\bin\lnchr.exe [2009-06-25 532480]


[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
LocalServiceNoNetwork REG_MULTI_SZ PLA DPS BFE mpssvc
.
Contents of the 'Scheduled Tasks' folder

2010-12-29 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-03-20 22:59]

2010-12-29 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-03-20 22:59]

2010-12-04 c:\windows\Tasks\Norton Security Scan for Eiss.job
- c:\program files\Norton Security Scan\Engine\2.7.3.34\Nss.exe [2010-04-18 14:06]

2010-12-29 c:\windows\Tasks\User_Feed_Synchronization-{D81BC0B3-1B89-4CE2-B7A0-892C932762A2}.job
- c:\windows\system32\msfeedssync.exe [2010-10-13 04:25]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.google.com/
FF - ProfilePath - c:\users\Eiss\AppData\Roaming\Mozilla\Firefox\Profiles\07mr9ht7.default\
FF - prefs.js: browser.search.defaulturl - hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT2260173&SearchSource=3&q={searchTerms}
FF - prefs.js: browser.startup.homepage - hxxp://www.google.com
FF - Ext: Default: {972ce4c6-7e08-4474-a285-3208198ce6fd} - c:\program files\Mozilla Firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
FF - Ext: Skype extension for Firefox: {AB2CE124-6272-4b12-94A9-7303C7397BD1} - c:\program files\Mozilla Firefox\extensions\{AB2CE124-6272-4b12-94A9-7303C7397BD1}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0018-ABCDEFFEDCBA} - c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0018-ABCDEFFEDCBA}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA} - c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}
FF - Ext: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - %profile%\extensions\{20a82645-c095-46ed-80e3-08825760534b}
FF - Ext: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension
FF - Ext: DivX Plus Web Player HTML5 &lt;video&gt;: {23fcfd51-4958-4f00-80a3-ae97e717ed8b} - c:\program files\DivX\DivX Plus Web Player\firefox\html5video
FF - Ext: DivX HiQ: {6904342A-8307-11DF-A508-4AE2DFD72085} - c:\program files\DivX\DivX Plus Web Player\firefox\wpa
FF - user.js: yahoo.ytff.general.dontshowhpoffer - true);user_pref(yahoo.homepage.dontask, true
.
- - - - ORPHANS REMOVED - - - -

HKLM-Run-ITSecMng - %ProgramFiles%\TOSHIBA\Bluetooth Toshiba Stack\ItSecMng.exe



**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2010-12-29 08:28
Windows 6.0.6002 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************

Stealth MBR rootkit/Mebroot/Sinowal/TDL4 detector 0.4.2 by Gmer, http://www.gmer.net
Windows 6.0.6002 Disk: WDC_WD1600BEVT-75ZCT2 rev.11.01A11 -> Harddisk0\DR0 -> \Device\Ide\IdePort0 P0T0L0-0

device: opened successfully
user: MBR read successfully

Disk trace:
called modules: ntkrnlpa.exe CLASSPNP.SYS disk.sys >>UNKNOWN [0x84FE7555]<<
_asm { PUSH EBP; MOV EBP, ESP; PUSH ECX; MOV EAX, [EBP+0x8]; CMP EAX, [0x84fed7b0]; MOV EAX, [0x84fed82c]; PUSH EBX; PUSH ESI; MOV ESI, [EBP+0xc]; MOV EBX, [ESI+0x60]; PUSH EDI; JNZ 0x20; MOV [EBP+0x8], EAX; }
1 ntkrnlpa!IofCallDriver[0x81A94962] -> \Device\Harddisk0\DR0[0x84452620]
3 CLASSPNP[0x85FAC8B3] -> ntkrnlpa!IofCallDriver[0x81A94962] -> [0x85150030]
\Driver\atapi[0x84FD6F38] -> IRP_MJ_CREATE -> 0x84FE7555
kernel: MBR read successfully
_asm { XOR AX, AX; MOV SS, AX; MOV SP, 0x7c00; MOV ES, AX; MOV DS, AX; MOV SI, 0x7c00; MOV DI, 0x600; MOV CX, 0x200; CLD ; REP MOVSB ; PUSH AX; PUSH 0x61c; RETF ; STI ; PUSHA ; MOV CX, 0x132; MOV BP, 0x62a; ROR BYTE [BP+0x0], CL; INC BP; }
detected disk devices:
\Device\Ide\IdeDeviceP0T0L0-0 -> \??\IDE#DiskWDC_WD1600BEVT-75ZCT2___________________11.01A11#5&205179cd&0&0.0.0#{53f56307-b6bf-11d0-94f2-00a0c91efb8b} device not found
detected hooks:
user != kernel MBR !!!
sectors 312581806 (+255): user != kernel
Warning: possible TDL4 rootkit infection !
TDL4 rootkit infection detected ! Use: "mbr.exe -f" to fix.

**************************************************************************

[HKEY_LOCAL_MACHINE\system\ControlSet001\Services\MySQL]
"ImagePath"="\"c:\program files\MySQL\MySQL Server 5.1\bin\mysqld\" --defaults-file=\"c:\program files\MySQL\MySQL Server 5.1\my.ini\" MySQL"
.
--------------------- LOCKED REGISTRY KEYS ---------------------

[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
Completion time: 2010-12-29 08:32:18
ComboFix-quarantined-files.txt 2010-12-29 13:32

Pre-Run: 75,064,512,512 bytes free
Post-Run: 75,677,454,336 bytes free

- - End Of File - - 5EA8711A234516CE423B9BF0C6B61EDB

#8 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:11:33 PM

Posted 29 December 2010 - 08:43 AM

Hello

It looks like the rootkit is still active. I want you to run this tool for me next.

tdsskiller:

Please read carefully and follow these steps.
  • Download TDSSKiller and save it to your Desktop.
  • doubleclick on TDSSKiller.exe to run the application, then on Start Scan.
  • If an infected file is detected, the default action will be Cure, click on Continue.
  • If a suspicious file is detected, the default action will be Skip, click on Continue.
  • It may ask you to reboot the computer to complete the process. Click on Reboot Now.
  • If no reboot is require, click on Report. A log file should appear. Please copy and paste the contents of that file here.
  • If a reboot is required, the report can also be found in your root directory, (usually C:\ folder) in the form of "TDSSKiller.[Version]_[Date]_[Time]_log.txt". Please copy and paste the contents of that file here.

Gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#9 ArthurEiss

ArthurEiss
  • Topic Starter

  • Members
  • 7 posts
  • OFFLINE
  •  
  • Local time:10:33 PM

Posted 29 December 2010 - 08:55 AM

I'm not getting redirects anymore. So far so good. Thank you so much for your help I'm forever in your debt. I'll let you know if I experience anything more in the future. Is there anything else I need to do?


2010/12/29 08:47:27.0222 TDSS rootkit removing tool 2.4.12.0 Dec 16 2010 09:46:46
2010/12/29 08:47:27.0222 ================================================================================
2010/12/29 08:47:27.0222 SystemInfo:
2010/12/29 08:47:27.0222
2010/12/29 08:47:27.0222 OS Version: 6.0.6002 ServicePack: 2.0
2010/12/29 08:47:27.0222 Product type: Workstation
2010/12/29 08:47:27.0222 ComputerName: LEVIATHAN
2010/12/29 08:47:27.0222 UserName: Eiss
2010/12/29 08:47:27.0222 Windows directory: C:\Windows
2010/12/29 08:47:27.0222 System windows directory: C:\Windows
2010/12/29 08:47:27.0222 Processor architecture: Intel x86
2010/12/29 08:47:27.0222 Number of processors: 1
2010/12/29 08:47:27.0222 Page size: 0x1000
2010/12/29 08:47:27.0223 Boot type: Normal boot
2010/12/29 08:47:27.0223 ================================================================================
2010/12/29 08:47:27.0688 Initialize success
2010/12/29 08:47:33.0765 ================================================================================
2010/12/29 08:47:33.0765 Scan started
2010/12/29 08:47:33.0765 Mode: Manual;
2010/12/29 08:47:33.0765 ================================================================================
2010/12/29 08:47:34.0961 ACPI (82b296ae1892fe3dbee00c9cf92f8ac7) C:\Windows\system32\drivers\acpi.sys
2010/12/29 08:47:35.0028 adp94xx (04f0fcac69c7c71a3ac4eb97fafc8303) C:\Windows\system32\drivers\adp94xx.sys
2010/12/29 08:47:35.0076 adpahci (60505e0041f7751bdbb80f88bf45c2ce) C:\Windows\system32\drivers\adpahci.sys
2010/12/29 08:47:35.0127 adpu160m (8a42779b02aec986eab64ecfc98f8bd7) C:\Windows\system32\drivers\adpu160m.sys
2010/12/29 08:47:35.0156 adpu320 (241c9e37f8ce45ef51c3de27515ca4e5) C:\Windows\system32\drivers\adpu320.sys
2010/12/29 08:47:35.0253 AFD (a201207363aa900abf1a388468688570) C:\Windows\system32\drivers\afd.sys
2010/12/29 08:47:35.0327 agp440 (13f9e33747e6b41a3ff305c37db0d360) C:\Windows\system32\drivers\agp440.sys
2010/12/29 08:47:35.0374 aic78xx (ae1fdf7bf7bb6c6a70f67699d880592a) C:\Windows\system32\drivers\djsvs.sys
2010/12/29 08:47:35.0404 aliide (9eaef5fc9b8e351afa7e78a6fae91f91) C:\Windows\system32\drivers\aliide.sys
2010/12/29 08:47:35.0432 amdagp (c47344bc706e5f0b9dce369516661578) C:\Windows\system32\drivers\amdagp.sys
2010/12/29 08:47:35.0468 amdide (9b78a39a4c173fdbc1321e0dd659b34c) C:\Windows\system32\drivers\amdide.sys
2010/12/29 08:47:35.0501 AmdK7 (18f29b49ad23ecee3d2a826c725c8d48) C:\Windows\system32\drivers\amdk7.sys
2010/12/29 08:47:35.0528 AmdK8 (93ae7f7dd54ab986a6f1a1b37be7442d) C:\Windows\system32\drivers\amdk8.sys
2010/12/29 08:47:35.0603 ApfiltrService (9325e49d555d8f12ce1735227dbb3d80) C:\Windows\system32\DRIVERS\Apfiltr.sys
2010/12/29 08:47:35.0671 arc (5d2888182fb46632511acee92fdad522) C:\Windows\system32\drivers\arc.sys
2010/12/29 08:47:35.0719 arcsas (5e2a321bd7c8b3624e41fdec3e244945) C:\Windows\system32\drivers\arcsas.sys
2010/12/29 08:47:35.0770 AsyncMac (53b202abee6455406254444303e87be1) C:\Windows\system32\DRIVERS\asyncmac.sys
2010/12/29 08:47:35.0826 atapi (1f05b78ab91c9075565a9d8a4b880bc4) C:\Windows\system32\drivers\atapi.sys
2010/12/29 08:47:35.0902 athr (997e25f5b7d53c94c0ad2dc080f6868e) C:\Windows\system32\DRIVERS\athr.sys
2010/12/29 08:47:36.0007 Beep (67e506b75bd5326a3ec7b70bd014dfb6) C:\Windows\system32\drivers\Beep.sys
2010/12/29 08:47:36.0095 blbdrive (d4df28447741fd3d953526e33a617397) C:\Windows\system32\drivers\blbdrive.sys
2010/12/29 08:47:36.0138 bowser (74b442b2be1260b7588c136177ceac66) C:\Windows\system32\DRIVERS\bowser.sys
2010/12/29 08:47:36.0188 BrFiltLo (9f9acc7f7ccde8a15c282d3f88b43309) C:\Windows\system32\drivers\brfiltlo.sys
2010/12/29 08:47:36.0228 BrFiltUp (56801ad62213a41f6497f96dee83755a) C:\Windows\system32\drivers\brfiltup.sys
2010/12/29 08:47:36.0286 Brserid (b304e75cff293029eddf094246747113) C:\Windows\system32\drivers\brserid.sys
2010/12/29 08:47:36.0328 BrSerWdm (203f0b1e73adadbbb7b7b1fabd901f6b) C:\Windows\system32\drivers\brserwdm.sys
2010/12/29 08:47:36.0384 BrUsbMdm (bd456606156ba17e60a04e18016ae54b) C:\Windows\system32\drivers\brusbmdm.sys
2010/12/29 08:47:36.0532 BrUsbSer (af72ed54503f717a43268b3cc5faec2e) C:\Windows\system32\drivers\brusbser.sys
2010/12/29 08:47:36.0577 BTHMODEM (ad07c1ec6665b8b35741ab91200c6b68) C:\Windows\system32\drivers\bthmodem.sys
2010/12/29 08:47:36.0758 cdfs (7add03e75beb9e6dd102c3081d29840a) C:\Windows\system32\DRIVERS\cdfs.sys
2010/12/29 08:47:36.0827 cdrom (6b4bffb9becd728097024276430db314) C:\Windows\system32\DRIVERS\cdrom.sys
2010/12/29 08:47:36.0886 circlass (e5d4133f37219dbcfe102bc61072589d) C:\Windows\system32\drivers\circlass.sys
2010/12/29 08:47:36.0946 CLFS (d7659d3b5b92c31e84e53c1431f35132) C:\Windows\system32\CLFS.sys
2010/12/29 08:47:37.0015 CmBatt (99afc3795b58cc478fbbbcdc658fcb56) C:\Windows\system32\DRIVERS\CmBatt.sys
2010/12/29 08:47:37.0057 cmdide (0ca25e686a4928484e9fdabd168ab629) C:\Windows\system32\drivers\cmdide.sys
2010/12/29 08:47:37.0132 CnxtHdAudService (58bc03301ec3052f866532946bf51ad6) C:\Windows\system32\drivers\CHDRT32.sys
2010/12/29 08:47:37.0184 Compbatt (6afef0b60fa25de07c0968983ee4f60a) C:\Windows\system32\DRIVERS\compbatt.sys
2010/12/29 08:47:37.0224 crcdisk (741e9dff4f42d2d8477d0fc1dc0df871) C:\Windows\system32\drivers\crcdisk.sys
2010/12/29 08:47:37.0276 Crusoe (1f07becdca750766a96cda811ba86410) C:\Windows\system32\drivers\crusoe.sys
2010/12/29 08:47:37.0374 DfsC (218d8ae46c88e82014f5d73d0236d9b2) C:\Windows\system32\Drivers\dfsc.sys
2010/12/29 08:47:37.0484 disk (5d4aefc3386920236a548271f8f1af6a) C:\Windows\system32\drivers\disk.sys
2010/12/29 08:47:37.0583 drmkaud (97fef831ab90bee128c9af390e243f80) C:\Windows\system32\drivers\drmkaud.sys
2010/12/29 08:47:37.0664 DXGKrnl (fb85f7f69e9b109820409243f578cc4d) C:\Windows\System32\drivers\dxgkrnl.sys
2010/12/29 08:47:37.0777 e1express (908ed85b7806e8af3af5e9b74f7809d4) C:\Windows\system32\DRIVERS\e1e6032.sys
2010/12/29 08:47:37.0896 E1G60 (5425f74ac0c1dbd96a1e04f17d63f94c) C:\Windows\system32\DRIVERS\E1G60I32.sys
2010/12/29 08:47:38.0004 Ecache (7f64ea048dcfac7acf8b4d7b4e6fe371) C:\Windows\system32\drivers\ecache.sys
2010/12/29 08:47:38.0089 elxstor (23b62471681a124889978f6295b3f4c6) C:\Windows\system32\drivers\elxstor.sys
2010/12/29 08:47:38.0168 ErrDev (f2a80de2d1b7116052c09cb4d4ca1416) C:\Windows\system32\drivers\errdev.sys
2010/12/29 08:47:38.0309 exfat (22b408651f9123527bcee54b4f6c5cae) C:\Windows\system32\drivers\exfat.sys
2010/12/29 08:47:38.0369 fastfat (1e9b9a70d332103c52995e957dc09ef8) C:\Windows\system32\drivers\fastfat.sys
2010/12/29 08:47:38.0477 fdc (afe1e8b9782a0dd7fb46bbd88e43f89a) C:\Windows\system32\DRIVERS\fdc.sys
2010/12/29 08:47:38.0535 FileInfo (a8c0139a884861e3aae9cfe73b208a9f) C:\Windows\system32\drivers\fileinfo.sys
2010/12/29 08:47:38.0568 Filetrace (0ae429a696aecbc5970e3cf2c62635ae) C:\Windows\system32\drivers\filetrace.sys
2010/12/29 08:47:38.0599 flpydisk (85b7cf99d532820495d68d747fda9ebd) C:\Windows\system32\DRIVERS\flpydisk.sys
2010/12/29 08:47:38.0649 FltMgr (01334f9ea68e6877c4ef05d3ea8abb05) C:\Windows\system32\drivers\fltmgr.sys
2010/12/29 08:47:38.0703 Fs_Rec (65ea8b77b5851854f0c55c43fa51a198) C:\Windows\system32\drivers\Fs_Rec.sys
2010/12/29 08:47:38.0788 gagp30kx (34582a6e6573d54a07ece5fe24a126b5) C:\Windows\system32\drivers\gagp30kx.sys
2010/12/29 08:47:39.0095 HDAudBus (062452b7ffd68c8c042a6261fe8dff4a) C:\Windows\system32\DRIVERS\HDAudBus.sys
2010/12/29 08:47:39.0149 HidBth (1338520e78d90154ed6be8f84de5fceb) C:\Windows\system32\drivers\hidbth.sys
2010/12/29 08:47:39.0187 HidIr (ff3160c3a2445128c5a6d9b076da519e) C:\Windows\system32\drivers\hidir.sys
2010/12/29 08:47:39.0250 HidUsb (cca4b519b17e23a00b826c55716809cc) C:\Windows\system32\DRIVERS\hidusb.sys
2010/12/29 08:47:39.0303 HpCISSs (16ee7b23a009e00d835cdb79574a91a6) C:\Windows\system32\drivers\hpcisss.sys
2010/12/29 08:47:39.0397 HSF_DPV (99f85640054ba65190b860d878a7c9ae) C:\Windows\system32\DRIVERS\HSX_DPV.sys
2010/12/29 08:47:39.0483 HSXHWAZL (cfbc2b81972e298f0e19ee68fa9e73da) C:\Windows\system32\DRIVERS\HSXHWAZL.sys
2010/12/29 08:47:39.0570 HTTP (0eeeca26c8d4bde2a4664db058a81937) C:\Windows\system32\drivers\HTTP.sys
2010/12/29 08:47:39.0630 i2omp (c6b032d69650985468160fc9937cf5b4) C:\Windows\system32\drivers\i2omp.sys
2010/12/29 08:47:39.0704 i8042prt (22d56c8184586b7a1f6fa60be5f5a2bd) C:\Windows\system32\DRIVERS\i8042prt.sys
2010/12/29 08:47:39.0756 iaStorV (54155ea1b0df185878e0fc9ec3ac3a14) C:\Windows\system32\drivers\iastorv.sys
2010/12/29 08:47:39.0940 igfx (63c56dac467ef814b60ff2aa2286c917) C:\Windows\system32\DRIVERS\igdkmd32.sys
2010/12/29 08:47:40.0038 iirsp (2d077bf86e843f901d8db709c95b49a5) C:\Windows\system32\drivers\iirsp.sys
2010/12/29 08:47:40.0136 intelide (83aa759f3189e6370c30de5dc5590718) C:\Windows\system32\DRIVERS\intelide.sys
2010/12/29 08:47:40.0178 intelppm (224191001e78c89dfa78924c3ea595ff) C:\Windows\system32\DRIVERS\intelppm.sys
2010/12/29 08:47:40.0237 IpFilterDriver (62c265c38769b864cb25b4bcf62df6c3) C:\Windows\system32\DRIVERS\ipfltdrv.sys
2010/12/29 08:47:40.0311 IPMIDRV (b25aaf203552b7b3491139d582b39ad1) C:\Windows\system32\drivers\ipmidrv.sys
2010/12/29 08:47:40.0351 IPNAT (8793643a67b42cec66490b2a0cf92d68) C:\Windows\system32\DRIVERS\ipnat.sys
2010/12/29 08:47:40.0390 IRENUM (109c0dfb82c3632fbd11949b73aeeac9) C:\Windows\system32\drivers\irenum.sys
2010/12/29 08:47:40.0430 isapnp (6c70698a3e5c4376c6ab5c7c17fb0614) C:\Windows\system32\drivers\isapnp.sys
2010/12/29 08:47:40.0493 iScsiPrt (232fa340531d940aac623b121a595034) C:\Windows\system32\DRIVERS\msiscsi.sys
2010/12/29 08:47:40.0529 iteatapi (bced60d16156e428f8df8cf27b0df150) C:\Windows\system32\drivers\iteatapi.sys
2010/12/29 08:47:40.0585 iteraid (06fa654504a498c30adca8bec4e87e7e) C:\Windows\system32\drivers\iteraid.sys
2010/12/29 08:47:40.0617 kbdclass (37605e0a8cf00cbba538e753e4344c6e) C:\Windows\system32\DRIVERS\kbdclass.sys
2010/12/29 08:47:40.0670 kbdhid (18247836959ba67e3511b62846b9c2e0) C:\Windows\system32\DRIVERS\kbdhid.sys
2010/12/29 08:47:40.0740 KSecDD (86165728af9bf72d6442a894fdfb4f8b) C:\Windows\system32\Drivers\ksecdd.sys
2010/12/29 08:47:40.0825 lltdio (d1c5883087a0c3f1344d9d55a44901f6) C:\Windows\system32\DRIVERS\lltdio.sys
2010/12/29 08:47:40.0912 LSI_FC (c7e15e82879bf3235b559563d4185365) C:\Windows\system32\drivers\lsi_fc.sys
2010/12/29 08:47:40.0956 LSI_SAS (ee01ebae8c9bf0fa072e0ff68718920a) C:\Windows\system32\drivers\lsi_sas.sys
2010/12/29 08:47:41.0004 LSI_SCSI (912a04696e9ca30146a62afa1463dd5c) C:\Windows\system32\drivers\lsi_scsi.sys
2010/12/29 08:47:41.0047 luafv (8f5c7426567798e62a3b3614965d62cc) C:\Windows\system32\drivers\luafv.sys
2010/12/29 08:47:41.0116 mdmxsdk (0cea2d0d3fa284b85ed5b68365114f76) C:\Windows\system32\DRIVERS\mdmxsdk.sys
2010/12/29 08:47:41.0161 megasas (0001ce609d66632fa17b84705f658879) C:\Windows\system32\drivers\megasas.sys
2010/12/29 08:47:41.0207 MegaSR (c252f32cd9a49dbfc25ecf26ebd51a99) C:\Windows\system32\drivers\megasr.sys
2010/12/29 08:47:41.0271 Modem (e13b5ea0f51ba5b1512ec671393d09ba) C:\Windows\system32\drivers\modem.sys
2010/12/29 08:47:41.0331 monitor (0a9bb33b56e294f686abb7c1e4e2d8a8) C:\Windows\system32\DRIVERS\monitor.sys
2010/12/29 08:47:41.0371 mouclass (5bf6a1326a335c5298477754a506d263) C:\Windows\system32\DRIVERS\mouclass.sys
2010/12/29 08:47:41.0412 mouhid (93b8d4869e12cfbe663915502900876f) C:\Windows\system32\DRIVERS\mouhid.sys
2010/12/29 08:47:41.0457 MountMgr (bdafc88aa6b92f7842416ea6a48e1600) C:\Windows\system32\drivers\mountmgr.sys
2010/12/29 08:47:41.0504 mpio (511d011289755dd9f9a7579fb0b064e6) C:\Windows\system32\drivers\mpio.sys
2010/12/29 08:47:41.0641 mpsdrv (22241feba9b2defa669c8cb0a8dd7d2e) C:\Windows\system32\drivers\mpsdrv.sys
2010/12/29 08:47:41.0691 Mraid35x (4fbbb70d30fd20ec51f80061703b001e) C:\Windows\system32\drivers\mraid35x.sys
2010/12/29 08:47:41.0731 MRxDAV (82cea0395524aacfeb58ba1448e8325c) C:\Windows\system32\drivers\mrxdav.sys
2010/12/29 08:47:41.0787 mrxsmb (454341e652bdf5e01b0f2140232b073e) C:\Windows\system32\DRIVERS\mrxsmb.sys
2010/12/29 08:47:41.0834 mrxsmb10 (2a4901aff069944fa945ed5bbf4dcde3) C:\Windows\system32\DRIVERS\mrxsmb10.sys
2010/12/29 08:47:41.0875 mrxsmb20 (28b3f1ab44bdd4432c041581412f17d9) C:\Windows\system32\DRIVERS\mrxsmb20.sys
2010/12/29 08:47:41.0950 msahci (f70590424eefbf5c27a40c67afdb8383) C:\Windows\system32\drivers\msahci.sys
2010/12/29 08:47:42.0017 msdsm (4468b0f385a86ecddaf8d3ca662ec0e7) C:\Windows\system32\drivers\msdsm.sys
2010/12/29 08:47:42.0076 Msfs (a9927f4a46b816c92f461acb90cf8515) C:\Windows\system32\drivers\Msfs.sys
2010/12/29 08:47:42.0135 msisadrv (0f400e306f385c56317357d6dea56f62) C:\Windows\system32\drivers\msisadrv.sys
2010/12/29 08:47:42.0206 MSKSSRV (d8c63d34d9c9e56c059e24ec7185cc07) C:\Windows\system32\drivers\MSKSSRV.sys
2010/12/29 08:47:42.0242 MSPCLOCK (1d373c90d62ddb641d50e55b9e78d65e) C:\Windows\system32\drivers\MSPCLOCK.sys
2010/12/29 08:47:42.0300 MSPQM (b572da05bf4e098d4bba3a4734fb505b) C:\Windows\system32\drivers\MSPQM.sys
2010/12/29 08:47:42.0357 MsRPC (b49456d70555de905c311bcda6ec6adb) C:\Windows\system32\drivers\MsRPC.sys
2010/12/29 08:47:42.0400 mssmbios (e384487cb84be41d09711c30ca79646c) C:\Windows\system32\DRIVERS\mssmbios.sys
2010/12/29 08:47:42.0443 MSTEE (7199c1eec1e4993caf96b8c0a26bd58a) C:\Windows\system32\drivers\MSTEE.sys
2010/12/29 08:47:42.0480 Mup (6a57b5733d4cb702c8ea4542e836b96c) C:\Windows\system32\Drivers\mup.sys
2010/12/29 08:47:42.0572 NativeWifiP (85c44fdff9cf7e72a40dcb7ec06a4416) C:\Windows\system32\DRIVERS\nwifi.sys
2010/12/29 08:47:42.0659 NDIS (1357274d1883f68300aeadd15d7bbb42) C:\Windows\system32\drivers\ndis.sys
2010/12/29 08:47:42.0730 NdisTapi (0e186e90404980569fb449ba7519ae61) C:\Windows\system32\DRIVERS\ndistapi.sys
2010/12/29 08:47:42.0776 Ndisuio (d6973aa34c4d5d76c0430b181c3cd389) C:\Windows\system32\DRIVERS\ndisuio.sys
2010/12/29 08:47:42.0870 NdisWan (818f648618ae34f729fdb47ec68345c3) C:\Windows\system32\DRIVERS\ndiswan.sys
2010/12/29 08:47:42.0925 NDProxy (71dab552b41936358f3b541ae5997fb3) C:\Windows\system32\drivers\NDProxy.sys
2010/12/29 08:47:42.0967 NetBIOS (bcd093a5a6777cf626434568dc7dba78) C:\Windows\system32\DRIVERS\netbios.sys
2010/12/29 08:47:43.0029 netbt (ecd64230a59cbd93c85f1cd1cab9f3f6) C:\Windows\system32\DRIVERS\netbt.sys
2010/12/29 08:47:43.0121 nfrd960 (2e7fb731d4790a1bc6270accefacb36e) C:\Windows\system32\drivers\nfrd960.sys
2010/12/29 08:47:43.0172 Npfs (d36f239d7cce1931598e8fb90a0dbc26) C:\Windows\system32\drivers\Npfs.sys
2010/12/29 08:47:43.0219 nsiproxy (609773e344a97410ce4ebf74a8914fcf) C:\Windows\system32\drivers\nsiproxy.sys
2010/12/29 08:47:43.0305 Ntfs (6a4a98cee84cf9e99564510dda4baa47) C:\Windows\system32\drivers\Ntfs.sys
2010/12/29 08:47:43.0374 ntrigdigi (e875c093aec0c978a90f30c9e0dfbb72) C:\Windows\system32\drivers\ntrigdigi.sys
2010/12/29 08:47:43.0405 Null (c5dbbcda07d780bda9b685df333bb41e) C:\Windows\system32\drivers\Null.sys
2010/12/29 08:47:43.0444 nvraid (2edf9e7751554b42cbb60116de727101) C:\Windows\system32\drivers\nvraid.sys
2010/12/29 08:47:43.0493 nvstor (abed0c09758d1d97db0042dbb2688177) C:\Windows\system32\drivers\nvstor.sys
2010/12/29 08:47:43.0541 nv_agp (18bbdf913916b71bd54575bdb6eeac0b) C:\Windows\system32\drivers\nv_agp.sys
2010/12/29 08:47:43.0669 ohci1394 (6f310e890d46e246e0e261a63d9b36b4) C:\Windows\system32\DRIVERS\ohci1394.sys
2010/12/29 08:47:43.0726 Parport (0fa9b5055484649d63c303fe404e5f4d) C:\Windows\system32\drivers\parport.sys
2010/12/29 08:47:43.0779 partmgr (57389fa59a36d96b3eb09d0cb91e9cdc) C:\Windows\system32\drivers\partmgr.sys
2010/12/29 08:47:43.0820 Parvdm (4f9a6a8a31413180d0fcb279ad5d8112) C:\Windows\system32\drivers\parvdm.sys
2010/12/29 08:47:43.0877 pci (941dc1d19e7e8620f40bbc206981efdb) C:\Windows\system32\drivers\pci.sys
2010/12/29 08:47:43.0987 pciide (1636d43f10416aeb483bc6001097b26c) C:\Windows\system32\drivers\pciide.sys
2010/12/29 08:47:44.0078 pcmcia (3bb2244f343b610c29c98035504c9b75) C:\Windows\system32\DRIVERS\pcmcia.sys
2010/12/29 08:47:44.0166 PEAUTH (6349f6ed9c623b44b52ea3c63c831a92) C:\Windows\system32\drivers\peauth.sys
2010/12/29 08:47:44.0300 PptpMiniport (ecfffaec0c1ecd8dbc77f39070ea1db1) C:\Windows\system32\DRIVERS\raspptp.sys
2010/12/29 08:47:44.0356 Processor (2027293619dd0f047c584cf2e7df4ffd) C:\Windows\system32\drivers\processr.sys
2010/12/29 08:47:44.0435 PSched (99514faa8df93d34b5589187db3aa0ba) C:\Windows\system32\DRIVERS\pacer.sys
2010/12/29 08:47:44.0502 PxHelp20 (e42e3433dbb4cffe8fdd91eab29aea8e) C:\Windows\system32\Drivers\PxHelp20.sys
2010/12/29 08:47:44.0577 ql2300 (0a6db55afb7820c99aa1f3a1d270f4f6) C:\Windows\system32\drivers\ql2300.sys
2010/12/29 08:47:44.0648 ql40xx (81a7e5c076e59995d54bc1ed3a16e60b) C:\Windows\system32\drivers\ql40xx.sys
2010/12/29 08:47:44.0695 QWAVEdrv (9f5e0e1926014d17486901c88eca2db7) C:\Windows\system32\drivers\qwavedrv.sys
2010/12/29 08:47:44.0808 R300 (e642b131fb74caf4bb8a014f31113142) C:\Windows\system32\DRIVERS\atikmdag.sys
2010/12/29 08:47:44.0892 RasAcd (147d7f9c556d259924351feb0de606c3) C:\Windows\system32\DRIVERS\rasacd.sys
2010/12/29 08:47:44.0960 Rasl2tp (a214adbaf4cb47dd2728859ef31f26b0) C:\Windows\system32\DRIVERS\rasl2tp.sys
2010/12/29 08:47:45.0032 RasPppoe (509a98dd18af4375e1fc40bc175f1def) C:\Windows\system32\DRIVERS\raspppoe.sys
2010/12/29 08:47:45.0082 RasSstp (2005f4a1e05fa09389ac85840f0a9e4d) C:\Windows\system32\DRIVERS\rassstp.sys
2010/12/29 08:47:45.0143 rdbss (b14c9d5b9add2f84f70570bbbfaa7935) C:\Windows\system32\DRIVERS\rdbss.sys
2010/12/29 08:47:45.0191 RDPCDD (89e59be9a564262a3fb6c4f4f1cd9899) C:\Windows\system32\DRIVERS\RDPCDD.sys
2010/12/29 08:47:45.0258 rdpdr (fbc0bacd9c3d7f6956853f64a66e252d) C:\Windows\system32\drivers\rdpdr.sys
2010/12/29 08:47:45.0308 RDPENCDD (9d91fe5286f748862ecffa05f8a0710c) C:\Windows\system32\drivers\rdpencdd.sys
2010/12/29 08:47:45.0367 RDPWD (30bfbdfb7f95559ede971f9ddb9a00ba) C:\Windows\system32\drivers\RDPWD.sys
2010/12/29 08:47:45.0453 rimmptsk (c2ef513bbe069f0d4ee0938a76f975d3) C:\Windows\system32\DRIVERS\rimmptsk.sys
2010/12/29 08:47:45.0493 rimsptsk (c398bca91216755b098679a8da8a2300) C:\Windows\system32\drivers\rimsptsk.sys
2010/12/29 08:47:45.0537 rismxdp (2a2554cb24506e0a0508fc395c4a1b42) C:\Windows\system32\drivers\rixdptsk.sys
2010/12/29 08:47:45.0614 rspndr (9c508f4074a39e8b4b31d27198146fad) C:\Windows\system32\DRIVERS\rspndr.sys
2010/12/29 08:47:45.0691 RTL8169 (2fc33077f85d7dc0d03678c06d43898c) C:\Windows\system32\DRIVERS\Rtlh86.sys
2010/12/29 08:47:45.0741 sbp2port (3ce8f073a557e172b330109436984e30) C:\Windows\system32\drivers\sbp2port.sys
2010/12/29 08:47:45.0820 sdbus (8f36b54688c31eed4580129040c6a3d3) C:\Windows\system32\DRIVERS\sdbus.sys
2010/12/29 08:47:45.0882 secdrv (90a3935d05b494a5a39d37e71f09a677) C:\Windows\system32\drivers\secdrv.sys
2010/12/29 08:47:45.0984 Serenum (68e44e331d46f0fb38f0863a84cd1a31) C:\Windows\system32\drivers\serenum.sys
2010/12/29 08:47:46.0037 Serial (c70d69a918b178d3c3b06339b40c2e1b) C:\Windows\system32\drivers\serial.sys
2010/12/29 08:47:46.0079 sermouse (8af3d28a879bf75db53a0ee7a4289624) C:\Windows\system32\drivers\sermouse.sys
2010/12/29 08:47:46.0157 sffdisk (3efa810bdca87f6ecc24f9832243fe86) C:\Windows\system32\drivers\sffdisk.sys
2010/12/29 08:47:46.0204 sffp_mmc (e95d451f7ea3e583aec75f3b3ee42dc5) C:\Windows\system32\drivers\sffp_mmc.sys
2010/12/29 08:47:46.0241 sffp_sd (3d0ea348784b7ac9ea9bd9f317980979) C:\Windows\system32\drivers\sffp_sd.sys
2010/12/29 08:47:46.0280 sfloppy (46ed8e91793b2e6f848015445a0ac188) C:\Windows\system32\drivers\sfloppy.sys
2010/12/29 08:47:46.0350 sisagp (1d76624a09a054f682d746b924e2dbc3) C:\Windows\system32\drivers\sisagp.sys
2010/12/29 08:47:46.0399 SiSRaid2 (43cb7aa756c7db280d01da9b676cfde2) C:\Windows\system32\drivers\sisraid2.sys
2010/12/29 08:47:46.0450 SiSRaid4 (a99c6c8b0baa970d8aa59ddc50b57f94) C:\Windows\system32\drivers\sisraid4.sys
2010/12/29 08:47:46.0549 Smb (7b75299a4d201d6a6533603d6914ab04) C:\Windows\system32\DRIVERS\smb.sys
2010/12/29 08:47:46.0608 spldr (7aebdeef071fe28b0eef2cdd69102bff) C:\Windows\system32\drivers\spldr.sys
2010/12/29 08:47:46.0793 srv (ff3cbc13db84d81f56931bc922cc37c4) C:\Windows\system32\DRIVERS\srv.sys
2010/12/29 08:47:46.0882 srv2 (d15959d9f69f0d39a0153e9c244f20dd) C:\Windows\system32\DRIVERS\srv2.sys
2010/12/29 08:47:46.0919 srvnet (faa0d553a49e85008c6bb3781987c574) C:\Windows\system32\DRIVERS\srvnet.sys
2010/12/29 08:47:47.0009 swenum (7ba58ecf0c0a9a69d44b3dca62becf56) C:\Windows\system32\DRIVERS\swenum.sys
2010/12/29 08:47:47.0056 Symc8xx (192aa3ac01df071b541094f251deed10) C:\Windows\system32\drivers\symc8xx.sys
2010/12/29 08:47:47.0115 Sym_hi (8c8eb8c76736ebaf3b13b633b2e64125) C:\Windows\system32\drivers\sym_hi.sys
2010/12/29 08:47:47.0160 Sym_u3 (8072af52b5fd103bbba387a1e49f62cb) C:\Windows\system32\drivers\sym_u3.sys
2010/12/29 08:47:47.0297 Tcpip (a474879afa4a596b3a531f3e69730dbf) C:\Windows\system32\drivers\tcpip.sys
2010/12/29 08:47:47.0360 Tcpip6 (a474879afa4a596b3a531f3e69730dbf) C:\Windows\system32\DRIVERS\tcpip.sys
2010/12/29 08:47:47.0420 tcpipreg (608c345a255d82a6289c2d468eb41fd7) C:\Windows\system32\drivers\tcpipreg.sys
2010/12/29 08:47:47.0450 TDPIPE (5dcf5e267be67a1ae926f2df77fbcc56) C:\Windows\system32\drivers\tdpipe.sys
2010/12/29 08:47:47.0558 TDTCP (389c63e32b3cefed425b61ed92d3f021) C:\Windows\system32\drivers\tdtcp.sys
2010/12/29 08:47:47.0608 tdx (76b06eb8a01fc8624d699e7045303e54) C:\Windows\system32\DRIVERS\tdx.sys
2010/12/29 08:47:47.0660 TermDD (3cad38910468eab9a6479e2f01db43c7) C:\Windows\system32\DRIVERS\termdd.sys
2010/12/29 08:47:47.0777 toshidpt (e362d54fd394999c4178936396664e57) C:\Windows\system32\drivers\toshidpt.sys
2010/12/29 08:47:47.0832 tosporte (2c15b4856f929ac7dd144044d8334b54) C:\Windows\system32\DRIVERS\tosporte.sys
2010/12/29 08:47:47.0908 tosrfbd (4ac571026155442678e3a0b564a374b1) C:\Windows\system32\DRIVERS\tosrfbd.sys
2010/12/29 08:47:47.0959 tosrfbnp (181e217a7a326817d97946d045b3cb46) C:\Windows\system32\Drivers\tosrfbnp.sys
2010/12/29 08:47:48.0051 Tosrfcom (e90ace3b4fa7a85f992bc21eb779c407) C:\Windows\system32\Drivers\tosrfcom.sys
2010/12/29 08:47:48.0101 Tosrfhid (d3f87c46c7c9e5db99fbd3d17121b891) C:\Windows\system32\DRIVERS\Tosrfhid.sys
2010/12/29 08:47:48.0148 tosrfnds (c52fd27b9adf3a1f22cb90e6bcf9b0cb) C:\Windows\system32\DRIVERS\tosrfnds.sys
2010/12/29 08:47:48.0183 tosrfusb (98c04a6432ce9c2ad328f57b9384d348) C:\Windows\system32\DRIVERS\tosrfusb.sys
2010/12/29 08:47:48.0269 tssecsrv (dcf0f056a2e4f52287264f5ab29cf206) C:\Windows\system32\DRIVERS\tssecsrv.sys
2010/12/29 08:47:48.0319 tunmp (387e5f1a2e0a96faf43f11ea7a7a760e) C:\Windows\system32\DRIVERS\tunmp.sys
2010/12/29 08:47:48.0365 tunnel (4e2e4203534ebbe07bb8147a8d419143) C:\Windows\system32\DRIVERS\tunnel.sys
2010/12/29 08:47:48.0407 uagp35 (7d33c4db2ce363c8518d2dfcf533941f) C:\Windows\system32\drivers\uagp35.sys
2010/12/29 08:47:48.0465 udfs (d9728af68c4c7693cb100b8441cbdec6) C:\Windows\system32\DRIVERS\udfs.sys
2010/12/29 08:47:48.0545 uliagpkx (b0acfdc9e4af279e9116c03e014b2b27) C:\Windows\system32\drivers\uliagpkx.sys
2010/12/29 08:47:48.0591 uliahci (9224bb254f591de4ca8d572a5f0d635c) C:\Windows\system32\drivers\uliahci.sys
2010/12/29 08:47:48.0635 UlSata (8514d0e5cd0534467c5fc61be94a569f) C:\Windows\system32\drivers\ulsata.sys
2010/12/29 08:47:48.0692 ulsata2 (38c3c6e62b157a6bc46594fada45c62b) C:\Windows\system32\drivers\ulsata2.sys
2010/12/29 08:47:48.0742 umbus (32cff9f809ae9aed85464492bf3e32d2) C:\Windows\system32\DRIVERS\umbus.sys
2010/12/29 08:47:48.0835 usbaudio (32db9517628ff0d070682aab61e688f0) C:\Windows\system32\drivers\usbaudio.sys
2010/12/29 08:47:48.0895 usbccgp (caf811ae4c147ffcd5b51750c7f09142) C:\Windows\system32\DRIVERS\usbccgp.sys
2010/12/29 08:47:48.0945 usbcir (e9476e6c486e76bc4898074768fb7131) C:\Windows\system32\drivers\usbcir.sys
2010/12/29 08:47:49.0016 usbehci (8d75aec2bba8d041976d1831a03e42fc) C:\Windows\system32\DRIVERS\usbehci.sys
2010/12/29 08:47:49.0072 usbhub (7ae1e0745b06e9dd5df66ede062bacfa) C:\Windows\system32\DRIVERS\usbhub.sys
2010/12/29 08:47:49.0112 usbohci (38dbc7dd6cc5a72011f187425384388b) C:\Windows\system32\drivers\usbohci.sys
2010/12/29 08:47:49.0146 usbprint (b51e52acf758be00ef3a58ea452fe360) C:\Windows\system32\drivers\usbprint.sys
2010/12/29 08:47:49.0197 USBSTOR (be3da31c191bc222d9ad503c5224f2ad) C:\Windows\system32\DRIVERS\USBSTOR.SYS
2010/12/29 08:47:49.0242 usbuhci (407fa9318014a409c4575b77493950c8) C:\Windows\system32\DRIVERS\usbuhci.sys
2010/12/29 08:47:49.0312 vga (87b06e1f30b749a114f74622d013f8d4) C:\Windows\system32\DRIVERS\vgapnp.sys
2010/12/29 08:47:49.0360 VgaSave (2e93ac0a1d8c79d019db6c51f036636c) C:\Windows\System32\drivers\vga.sys
2010/12/29 08:47:49.0403 viaagp (5d7159def58a800d5781ba3a879627bc) C:\Windows\system32\drivers\viaagp.sys
2010/12/29 08:47:49.0453 ViaC7 (c4f3a691b5bad343e6249bd8c2d45dee) C:\Windows\system32\drivers\viac7.sys
2010/12/29 08:47:49.0496 viaide (aadf5587a4063f52c2c3fed7887426fc) C:\Windows\system32\drivers\viaide.sys
2010/12/29 08:47:49.0539 volmgr (69503668ac66c77c6cd7af86fbdf8c43) C:\Windows\system32\drivers\volmgr.sys
2010/12/29 08:47:49.0605 volmgrx (23e41b834759917bfd6b9a0d625d0c28) C:\Windows\system32\drivers\volmgrx.sys
2010/12/29 08:47:49.0662 volsnap (147281c01fcb1df9252de2a10d5e7093) C:\Windows\system32\drivers\volsnap.sys
2010/12/29 08:47:49.0710 vsmraid (587253e09325e6bf226b299774b728a9) C:\Windows\system32\drivers\vsmraid.sys
2010/12/29 08:47:49.0813 VX3000 (e26744e5dd71a16e80d4dd5a286b8423) C:\Windows\system32\DRIVERS\VX3000.sys
2010/12/29 08:47:49.0912 WacomPen (48dfee8f1af7c8235d4e626f0c4fe031) C:\Windows\system32\drivers\wacompen.sys
2010/12/29 08:47:49.0961 Wanarp (55201897378cca7af8b5efd874374a26) C:\Windows\system32\DRIVERS\wanarp.sys
2010/12/29 08:47:49.0986 Wanarpv6 (55201897378cca7af8b5efd874374a26) C:\Windows\system32\DRIVERS\wanarp.sys
2010/12/29 08:47:50.0037 Wd (78fe9542363f297b18c027b2d7e7c07f) C:\Windows\system32\drivers\wd.sys
2010/12/29 08:47:50.0104 Wdf01000 (b6f0a7ad6d4bd325fbcd8bac96cd8d96) C:\Windows\system32\drivers\Wdf01000.sys
2010/12/29 08:47:50.0235 winachsf (72cc6a8ca7891031d6380db5025c773c) C:\Windows\system32\DRIVERS\HSX_CNXT.sys
2010/12/29 08:47:50.0380 WmiAcpi (2e7255d172df0b8283cdfb7b433b864e) C:\Windows\system32\DRIVERS\wmiacpi.sys
2010/12/29 08:47:50.0486 WpdUsb (0cec23084b51b8288099eb710224e955) C:\Windows\system32\DRIVERS\wpdusb.sys
2010/12/29 08:47:50.0549 ws2ifsl (e3a3cb253c0ec2494d4a61f5e43a389c) C:\Windows\system32\drivers\ws2ifsl.sys
2010/12/29 08:47:50.0649 WUDFRd (ac13cb789d93412106b0fb6c7eb2bcb6) C:\Windows\system32\DRIVERS\WUDFRd.sys
2010/12/29 08:47:50.0699 XAudio (dab33cfa9dd24251aaa389ff36b64d4b) C:\Windows\system32\DRIVERS\xaudio.sys
2010/12/29 08:47:50.0807 \HardDisk0 - detected Rootkit.Win32.TDSS.tdl4 (0)
2010/12/29 08:47:50.0813 ================================================================================
2010/12/29 08:47:50.0813 Scan finished
2010/12/29 08:47:50.0813 ================================================================================
2010/12/29 08:47:50.0837 Detected object count: 1
2010/12/29 08:48:00.0091 \HardDisk0 - will be cured after reboot
2010/12/29 08:48:00.0092 Rootkit.Win32.TDSS.tdl4(\HardDisk0) - User select action: Cure
2010/12/29 08:48:06.0157 Deinitialize success

#10 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:11:33 PM

Posted 29 December 2010 - 03:53 PM

These logs are looking alot better. But we still have some work to do.

Please print out these instructions, or copy them to a Notepad file. It will make it easier for you to follow the instructions and complete all of the necessary steps..

uninstall some programs

1. click on start
2. then go to settings
3. after that you need control panel
4. look for the icon add/remove programs
click on the following programs

Adobe Reader 9.4.1

and click on remove

Update Adobe Reader

Recently there have been vunerabilities detected in older versions of Adobe Reader. It is strongly suggested that you update to the current version.

You can download it from http://www.adobe.com/products/acrobat/readstep2.html
After installing the latest Adobe Reader, uninstall all previous versions.
If you already have Adobe Photoshop® Album Starter Edition installed or do not wish to have it installed UNcheck the box which says Also Download Adobe Photoshop® Album Starter Edition.

If you don't like Adobe Reader (53 MB), you can download Foxit PDF Reader(7 MB) from here. It's a much smaller file to download and uses a lot less resources than Adobe Reader.

Note: When installing FoxitReader, be carefull not to install anything to do with AskBar.
[/list]
Your Java is out of date.

It can be updated by the Java control panel
  • click on Start-> Control Panel (Classic View)-> Java (looks like a coffee cup) -> Update Tab -> Update Now.
  • An update should begin;
  • follow the prompts

Clear your Java Cache

  • click on Start-> Control Panel (Classic View)-> Java (looks like a coffee cup)
    • On the General tab, under Temporary Internet Files, click the Settings button.
    • Next, click on the Delete Files button
    • There are two options in the window to clear the cache - Leave BOTH Checked
      Applications and Applets
      Trace and Log Files
  • Click OK on Delete Temporary Files Window
    Note: This deletes ALL the Downloaded Applications and Applets from the CACHE.
  • Click OK to leave the Temporary Files Window
  • Click OK to leave the Java Control Panel.

TFC(Temp File Cleaner):

  • Please download TFC to your desktop,
  • Save any unsaved work. TFC will close all open application windows.
  • Double-click TFC.exe to run the program.
  • If prompted, click "Yes" to reboot.
Note: Save your work. TFC will automatically close any open programs, let it run uninterrupted. It shouldn't take longer take a couple of minutes, and may only take a few seconds. Only if needed will you be prompted to reboot.

: Malwarebytes' Anti-Malware :

  • Please download Malwarebytes' Anti-Malware to your desktop.
  • Double-click mbam-setup.exe and follow the prompts to install the program.
  • At the end, be sure a checkmark is placed next to
    • Update Malwarebytes' Anti-Malware
    • and Launch Malwarebytes' Anti-Malware
  • then click Finish.
  • If an update is found, it will download and install the latest version.
  • Once the program has loaded, select Perform quick scan, then click Scan.
  • When the scan is complete, click OK, then Show Results to view the results.
  • Be sure that everything is Checked (ticked) except items in the C:\System Volume Information folder and click on Remove Selected.
  • When completed, a log will open in Notepad. please copy and paste the log into your next reply
    • If you accidently close it, the log file is saved here and will be named like this:
    • C:\Documents and Settings\Username\Application Data\Malwarebytes\Malwarebytes' Anti-Malware\Logs\mbam-log-date (time).txt

Note: If MBAM encounters a file that is difficult to remove, you will be presented with 1 of 2 prompts.
Click OK to either and let MBAM proceed with the disinfection process.
If asked to restart the computer, please do so immediately. Failure to reboot will prevent MBAM from removing all the malware.


Download HijackThis

  • Go Here to download HijackThis Installer
  • Save HijackThis Installer to your desktop.
  • Double-click on the HijackThis Installer icon on your desktop. (Vista and Win 7 right click and run as admin)
  • By default it will install to C:\Program Files\Trend Micro\HijackThis .
  • Click on Install.
  • It will create a HijackThis icon on the desktop.
  • Once installed it will launch Hijackthis.
  • Click on the Do a system scan and save a logfile button. It will scan and the log should open in notepad.
  • Click on Edit > Select All then click on Edit > Copy to copy the entire contents of the log.
  • Come back here to this thread and Paste the log in your next reply.
  • DO NOT use the AnalyseThis button its findings are dangerous if misinterpreted.
  • DO NOT have Hijackthis fix anything yet. Most of what it finds will be harmless or even required.

"information and logs"

  • In your next post I need the following

  • Log From MBAM
  • report from Hijackthis
  • let me know of any problems you may have had
  • How is the computer doing now?

Gringo

I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#11 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:11:33 PM

Posted 01 January 2011 - 11:05 PM

Hello

three day bump

It has been Three days since my last post.

  • do you still need help with this?
  • do you need more time?
  • are you having problems following my instructions?
  • if after 48hrs you have not replied to this thread then it will have to be closed!

Gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#12 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:11:33 PM

Posted 05 January 2011 - 07:28 AM

Due to the lack of feedback, this topic is now closed.In the event you still have problems, please send me or any Moderator a Private Message and ask them to reopen this topic within the next 5 days.
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users