Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

MBR\\.\PHYSICALDRIVEO


  • This topic is locked This topic is locked
7 replies to this topic

#1 josie_grossie35

josie_grossie35

  • Members
  • 6 posts
  • OFFLINE
  •  
  • Local time:09:04 AM

Posted 03 February 2011 - 01:13 AM

About a week ago my computer started behaving strangely. Norton wasn't showing anything odd during the scans, but I couldn't figure out what was wrong so I created backup disks and restored the computer to factory settings. After reboot, it is still crashing to blue screen every few minutes. Downloaded Avast and it is showing that I have a hidden object (rootkit) but I have no idea how to fix it. What next?

THX,

Josie

Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 11:52:07 PM, on 2/2/2011
Platform: Windows Vista SP1 (WinNT 6.00.1905)
MSIE: Internet Explorer v8.00 (8.00.6001.18999)
Boot mode: Normal

Running processes:
C:\Program Files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Program Files (x86)\McAfee Security Scan\2.0.181\SSScheduler.exe
C:\Program Files (x86)\Java\jre1.6.0_05\bin\jusched.exe
c:\Program Files (x86)\Common Files\Symantec Shared\ccSvcHst.exe
C:\Windows\CNYHKey.exe
C:\Program Files (x86)\IOI\Smart Copy\ButtonMonitor.exe
C:\Program Files\Alwil Software\Avast5\AvastUI.exe
C:\Windows\ModLedKey.exe
C:\Program Files (x86)\Trend Micro\HiJackThis\HiJackThis.exe
C:\Windows\SysWOW64\DllHost.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://homepage.gateway.com/rdr.aspx?b=ACGW&l=0409&s=1&o=vp64&d=0211&m=dx4200-09
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
F2 - REG:system.ini: UserInit=userinit.exe
O1 - Hosts: ::1 localhost
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: NCO 2.0 IE BHO - {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - c:\Program Files (x86)\Common Files\Symantec Shared\coShared\Browser\2.6\coIEPlg.dll
O2 - BHO: Symantec Intrusion Prevention - {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - C:\PROGRA~2\COMMON~1\SYMANT~1\IDS\IPSBHO.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre1.6.0_05\bin\ssv.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files (x86)\Google\GoogleToolbarNotifier\5.6.5805.1910\swg.dll
O3 - Toolbar: Show Norton Toolbar - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - c:\Program Files (x86)\Common Files\Symantec Shared\coShared\Browser\2.6\CoIEPlg.dll
O3 - Toolbar: Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll
O4 - HKLM\..\Run: [ccApp] "c:\Program Files (x86)\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [osCheck] "c:\Program Files (x86)\Norton 360\osCheck.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files (x86)\Java\jre1.6.0_05\bin\jusched.exe"
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files (x86)\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [StartCCC] "C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun
O4 - HKLM\..\Run: [LchDrvKey] LchDrvKey.exe
O4 - HKLM\..\Run: [LedKey] CNYHKey.exe
O4 - HKLM\..\Run: [Smart Copy] "C:\Program Files (x86)\IOI\Smart Copy\ButtonMonitor.exe" -A
O4 - HKLM\..\Run: [P2Go_Menu] "C:\Program Files (x86)\CyberLink\Power2Go\MUITransfer\MUIStartMenu.exe" "C:\Program Files (x86)\CyberLink\Power2Go" UpdateWithCreateOnce "SOFTWARE\CyberLink\Power2Go\6.0"
O4 - HKLM\..\Run: [avast5] "C:\Program Files\Alwil Software\Avast5\avastUI.exe" /nogui
O4 - HKCU\..\Run: [swg] "C:\Program Files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe"
O4 - Global Startup: McAfee Security Scan Plus.lnk = ?
O8 - Extra context menu item: Google Sidewiki... - res://C:\Program Files (x86)\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_E11712C84EA7E12B.dll/cmsidewiki.html
O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~2\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~2\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~2\MICROS~2\Office12\REFIEBAR.DLL
O16 - DPF: {3860DD98-0549-4D50-AA72-5D17D200EE10} (Windows Live OneCare safety scanner control) - http://cdn.scan.onecare.live.com/resource/download/scanner/en-us/wlscctrl2.cab
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
O22 - SharedTaskScheduler: Component Categories cache daemon - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\Windows\system32\browseui.dll
O23 - Service: Agere Modem Call Progress Audio (AgereModemAudio) - Unknown owner - C:\Windows\system32\agr64svc.exe (file missing)
O23 - Service: @%SystemRoot%\system32\Alg.exe,-112 (ALG) - Unknown owner - C:\Windows\System32\alg.exe (file missing)
O23 - Service: Ati External Event Utility - Unknown owner - C:\Windows\system32\Ati2evxx.exe (file missing)
O23 - Service: Automatic LiveUpdate Scheduler - Symantec Corporation - c:\Program Files (x86)\Symantec\LiveUpdate\AluSchedulerSvc.exe
O23 - Service: avast! Antivirus - AVAST Software - C:\Program Files\Alwil Software\Avast5\AvastSvc.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - c:\Program Files (x86)\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - c:\Program Files (x86)\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: Symantec Lic NetConnect service (CLTNetCnService) - Symantec Corporation - c:\Program Files (x86)\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: COM Host (comHost) - Symantec Corporation - c:\Program Files (x86)\Common Files\Symantec Shared\VAScanner\comHost.exe
O23 - Service: @dfsrres.dll,-101 (DFSR) - Unknown owner - C:\Windows\system32\DFSR.exe (file missing)
O23 - Service: Empowering Technology Service (ETService) - Unknown owner - C:\Program Files\GATEWAY\Gateway Recovery Management\Service\ETService.exe
O23 - Service: GameConsoleService - WildTangent, Inc. - C:\Program Files (x86)\Gateway Games\Gateway Game Console\GameConsoleService.exe
O23 - Service: Google Update Service (gupdate) (gupdate) - Google Inc. - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
O23 - Service: Google Software Updater (gusvc) - Google - C:\Program Files (x86)\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: @keyiso.dll,-100 (KeyIso) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: LiveUpdate - Symantec Corporation - c:\Program Files (x86)\Symantec\LiveUpdate\LuComServer_3_4.EXE
O23 - Service: LiveUpdate Notice - Symantec Corporation - c:\Program Files (x86)\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: McAfee Security Scan Component Host Service (McComponentHostService) - McAfee, Inc. - C:\Program Files (x86)\McAfee Security Scan\2.0.181\McCHSvc.exe
O23 - Service: @comres.dll,-2797 (MSDTC) - Unknown owner - C:\Windows\System32\msdtc.exe (file missing)
O23 - Service: @%SystemRoot%\System32\netlogon.dll,-102 (Netlogon) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%systemroot%\system32\psbase.dll,-300 (ProtectedStorage) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: Cyberlink RichVideo Service(CRVS) (RichVideo) - Unknown owner - C:\Program Files (x86)\CyberLink\Shared files\RichVideo.exe
O23 - Service: @%systemroot%\system32\Locator.exe,-2 (RpcLocator) - Unknown owner - C:\Windows\system32\locator.exe (file missing)
O23 - Service: @%SystemRoot%\system32\samsrv.dll,-1 (SamSs) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%SystemRoot%\system32\SLsvc.exe,-101 (slsvc) - Unknown owner - C:\Windows\system32\SLsvc.exe (file missing)
O23 - Service: @%SystemRoot%\system32\snmptrap.exe,-3 (SNMPTRAP) - Unknown owner - C:\Windows\System32\snmptrap.exe (file missing)
O23 - Service: @%systemroot%\system32\spoolsv.exe,-1 (Spooler) - Unknown owner - C:\Windows\System32\spoolsv.exe (file missing)
O23 - Service: Symantec Core LC - Unknown owner - C:\PROGRA~2\COMMON~1\SYMANT~1\CCPD-LC\symlcsvc.exe
O23 - Service: @%SystemRoot%\system32\ui0detect.exe,-101 (UI0Detect) - Unknown owner - C:\Windows\system32\UI0Detect.exe (file missing)
O23 - Service: @%SystemRoot%\system32\vds.exe,-100 (vds) - Unknown owner - C:\Windows\System32\vds.exe (file missing)
O23 - Service: @%systemroot%\system32\vssvc.exe,-102 (VSS) - Unknown owner - C:\Windows\system32\vssvc.exe (file missing)
O23 - Service: @%Systemroot%\system32\wbem\wmiapsrv.exe,-110 (wmiApSrv) - Unknown owner - C:\Windows\system32\wbem\WmiApSrv.exe (file missing)
O23 - Service: @%ProgramFiles%\Windows Media Player\wmpnetwk.exe,-101 (WMPNetworkSvc) - Unknown owner - C:\Program Files (x86)\Windows Media Player\wmpnetwk.exe (file missing)
O23 - Service: Marvell Yukon Service (yksvc) - Unknown owner - RUNDLL32.EXE (file missing)

--
End of file - 9415 bytes

BC AdBot (Login to Remove)

 


#2 josie_grossie35

josie_grossie35
  • Topic Starter

  • Members
  • 6 posts
  • OFFLINE
  •  
  • Local time:09:04 AM

Posted 03 February 2011 - 01:38 AM

am trying to run dds logs... but my computer keeps crashing every time i try to download the software :wacko:

#3 fireman4it

fireman4it

    Bleepin' Fireman


  • Malware Response Team
  • 13,512 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Greenup, Ill USA
  • Local time:09:04 AM

Posted 03 February 2011 - 02:13 AM

Hello josie_grossie35 ,
  • Welcome to Bleeping Computer.
  • My name is fireman4it and I will be helping you with your Malware problem.

    Please take note of some guidelines for this fix:
  • Refrain from making any changes to your computer including installing/uninstall programs, deleting files, modifying the registry, and running scanners or tools.
  • If you do not understand any step(s) provided, please do not hesitate to ask before continuing.
  • Even if things appear to be better, it might not mean we are finished. Please continue to follow my instructions and reply back until I give you the "all clean".
  • Finally, please reply using the Posted Image button in the lower right hand corner of your screen. Do not start a new topic. The logs that you post should be pasted directly into the reply, unless they do not fit into the post.


1.
Please download the TDSS Rootkit Removing Tool (TDSSKiller.exe) and save it to your Desktop. <-Important!!!
Be sure to download TDSSKiller.exe (v2.4.0.0) from Kaspersky's website and not TDSSKiller.zip which appears to be an older version 2.3.2.2 of the tool.
  • Double-click on TDSSKiller.exe to run the tool for known TDSS variants.
    Vista/Windows 7 users right-click and select Run As Administrator.
  • If TDSSKiller does not run, try renaming it.
  • To do this, right-click on TDSSKiller.exe, select Rename and give it a random name with the .com file extension (i.e. 123abc.com). If you do not see the file extension, please refer to How to change the file extension.
  • Click the Start Scan button.
  • Do not use the computer during the scan
  • If the scan completes with nothing found, click Close to exit.
  • If malicious objects are found, they will show in the Scan results - Select action for found objects and offer three options.
  • Ensure Cure (default) is selected, then click Continue > Reboot now to finish the cleaning process.
  • A log file named TDSSKiller_version_date_time_log.txt (i.e. TDSSKiller.2.4.0.0_27.07.2010_09.o7.26_log.txt) will be created and saved to the root directory (usually Local Disk C:).
  • Copy and paste the contents of that file in your next reply.

2.
Please download MBRCheck to your desktop.

1. Double click MBRCheck.exe to run it (Right click and run as Administrator for Vista).
2. It will open a black window, please do not fix anything (if it gives you an option).
3. Exit that window and it will produce a log (MBRCheck_date_time).
4. Please post that log when you reply.

3.
  • 1. Please download OTL from one of the following mirrors:
  • This is THE Mirror
    2. Save it to your desktop.
    3. Double click on the Posted Image icon on your desktop.
    4. Under the Custom Scan box paste this in
    netsvcs
    %SYSTEMDRIVE%\*.exe
    /md5start
    eventlog.dll
    scecli.dll
    netlogon.dll
    cngaudit.dll
    sceclt.dll
    ntelogon.dll
    logevent.dll
    iaStor.sys
    nvstor.sys
    atapi.sys
    IdeChnDr.sys
    viasraid.sys
    AGP440.sys
    vaxscsi.sys
    nvatabus.sys
    viamraid.sys
    nvata.sys
    nvgts.sys
    iastorv.sys
    ViPrt.sys
    eNetHook.dll
    ahcix86.sys
    KR10N.sys
    /md5stop
    %systemroot%\*. /mp /s
    CREATERESTOREPOINT

    5. Push the Quick Scan button.
    6. Two reports will open, copy and paste them in a reply here:
  • OTL.txt <-- Will be opened
  • Extra.txt <-- Will be minimized


Things to include in your next reply::
TDssKiller log
MBRCheck log
OTL.txt
Extra.txt
How is your machine running now?

" Extinguishing Malware from the world"

The Virus, Trojan, Spyware, and Malware Removal forum is very busy. If I'm helping you and I've not posted back within 24 hrs., send a PM with your topic link. Thank you.

ALL OTHER HELP REQUESTS VIA THE PM SYSTEM WILL BE IGNORED. The Forums are there for a reason!
Thanks-


  userbar_eis_500.gif

If I have helped you, consider making a donation to help me continue the fight against Malware! Just click btn_donate_LG.gif


#4 josie_grossie35

josie_grossie35
  • Topic Starter

  • Members
  • 6 posts
  • OFFLINE
  •  
  • Local time:09:04 AM

Posted 03 February 2011 - 11:08 AM

2011/02/03 09:33:37.0472 3756 TDSS rootkit removing tool 2.4.16.0 Feb 1 2011 10:34:03
2011/02/03 09:33:39.0485 3756 ================================================================================
2011/02/03 09:33:39.0485 3756 SystemInfo:
2011/02/03 09:33:39.0485 3756
2011/02/03 09:33:39.0485 3756 OS Version: 6.0.6001 ServicePack: 1.0
2011/02/03 09:33:39.0485 3756 Product type: Workstation
2011/02/03 09:33:39.0485 3756 ComputerName: UNSETH-PC
2011/02/03 09:33:39.0485 3756 UserName: unseth
2011/02/03 09:33:39.0485 3756 Windows directory: C:\Windows
2011/02/03 09:33:39.0485 3756 System windows directory: C:\Windows
2011/02/03 09:33:39.0485 3756 Running under WOW64
2011/02/03 09:33:39.0485 3756 Processor architecture: Intel x64
2011/02/03 09:33:39.0485 3756 Number of processors: 4
2011/02/03 09:33:39.0485 3756 Page size: 0x1000
2011/02/03 09:33:39.0485 3756 Boot type: Normal boot
2011/02/03 09:33:39.0485 3756 ================================================================================
2011/02/03 09:33:39.0844 3756 Initialize success
2011/02/03 09:33:57.0750 4496 ================================================================================
2011/02/03 09:33:57.0750 4496 Scan started
2011/02/03 09:33:57.0750 4496 Mode: Manual;
2011/02/03 09:33:57.0750 4496 ================================================================================
2011/02/03 09:33:58.0562 4496 ACPI (8c99ed256a889d647935a97c543b7b85) C:\Windows\system32\drivers\acpi.sys
2011/02/03 09:33:58.0655 4496 adp94xx (f14215e37cf124104575073f782111d2) C:\Windows\system32\drivers\adp94xx.sys
2011/02/03 09:33:58.0718 4496 adpahci (7d05a75e3066861a6610f7ee04ff085c) C:\Windows\system32\drivers\adpahci.sys
2011/02/03 09:33:58.0764 4496 adpu160m (820a201fe08a0c345b3bedbc30e1a77c) C:\Windows\system32\drivers\adpu160m.sys
2011/02/03 09:33:58.0796 4496 adpu320 (9b4ab6854559dc168fbb4c24fc52e794) C:\Windows\system32\drivers\adpu320.sys
2011/02/03 09:33:59.0045 4496 AFD (db37041ab857abc7e179e856d8e1582c) C:\Windows\system32\drivers\afd.sys
2011/02/03 09:33:59.0139 4496 AgereSoftModem (385471f8147e1bd6a08c031e3aad3910) C:\Windows\system32\DRIVERS\agrsm64.sys
2011/02/03 09:33:59.0186 4496 agp440 (f6f6793b7f17b550ecfdbd3b229173f7) C:\Windows\system32\drivers\agp440.sys
2011/02/03 09:33:59.0295 4496 aic78xx (222cb641b4b8a1d1126f8033f9fd6a00) C:\Windows\system32\drivers\djsvs.sys
2011/02/03 09:33:59.0326 4496 aliide (157d0898d4b73f075ce9fa26b482df98) C:\Windows\system32\drivers\aliide.sys
2011/02/03 09:33:59.0342 4496 amdide (970fa5059e61e30d25307b99903e991e) C:\Windows\system32\drivers\amdide.sys
2011/02/03 09:33:59.0388 4496 AmdK8 (cdc3632a3a5ea4dbb83e46076a3165a1) C:\Windows\system32\drivers\amdk8.sys
2011/02/03 09:33:59.0498 4496 arc (ba8417d4765f3988ff921f30f630e303) C:\Windows\system32\drivers\arc.sys
2011/02/03 09:33:59.0622 4496 arcsas (9d41c435619733b34cc16a511e644b11) C:\Windows\system32\drivers\arcsas.sys
2011/02/03 09:33:59.0700 4496 aswFsBlk (6923740db573b46fdda13e1df412c577) C:\Windows\system32\drivers\aswFsBlk.sys
2011/02/03 09:33:59.0732 4496 aswMonFlt (de001b988b58bfd453f667842655b22e) C:\Windows\system32\drivers\aswMonFlt.sys
2011/02/03 09:33:59.0841 4496 aswRdr (e0d1002d7fa65dd023788b17f714e682) C:\Windows\system32\drivers\aswRdr.sys
2011/02/03 09:33:59.0966 4496 aswSP (c3eafdc0f533425614430a112ba71e9a) C:\Windows\system32\drivers\aswSP.sys
2011/02/03 09:34:00.0184 4496 aswTdi (0226ffbc420d8fb67ba3b9dbdd1f2dca) C:\Windows\system32\drivers\aswTdi.sys
2011/02/03 09:34:00.0402 4496 AsyncMac (22d13ff3dafec2a80634752b1eaa2de6) C:\Windows\system32\DRIVERS\asyncmac.sys
2011/02/03 09:34:00.0434 4496 atapi (62bd869afa2bf2e30f9d3ff428c87d5c) C:\Windows\system32\drivers\atapi.sys
2011/02/03 09:34:00.0590 4496 atikmdag (0746ea434a4693251c7d3be3cccc77d6) C:\Windows\system32\DRIVERS\atikmdag.sys
2011/02/03 09:34:00.0730 4496 AtiPcie (db0d3de15edc96e7529fc0d3f7760894) C:\Windows\system32\DRIVERS\AtiPcie.sys
2011/02/03 09:34:01.0042 4496 blbdrive (79feeb40056683f8f61398d81dda65d2) C:\Windows\system32\drivers\blbdrive.sys
2011/02/03 09:34:01.0073 4496 bowser (8b2b19031d0aeade6e1b933df1acba7e) C:\Windows\system32\DRIVERS\bowser.sys
2011/02/03 09:34:01.0120 4496 BrFiltLo (f09eee9edc320b5e1501f749fde686c8) C:\Windows\system32\drivers\brfiltlo.sys
2011/02/03 09:34:01.0136 4496 BrFiltUp (b114d3098e9bdb8bea8b053685831be6) C:\Windows\system32\drivers\brfiltup.sys
2011/02/03 09:34:01.0182 4496 Brserid (f0f0ba4d815be446aa6a4583ca3bca9b) C:\Windows\system32\drivers\brserid.sys
2011/02/03 09:34:01.0198 4496 BrSerWdm (a6eca2151b08a09caceca35c07f05b42) C:\Windows\system32\drivers\brserwdm.sys
2011/02/03 09:34:01.0214 4496 BrUsbMdm (b79968002c277e869cf38bd22cd61524) C:\Windows\system32\drivers\brusbmdm.sys
2011/02/03 09:34:01.0245 4496 BrUsbSer (a87528880231c54e75ea7a44943b38bf) C:\Windows\system32\drivers\brusbser.sys
2011/02/03 09:34:01.0260 4496 BTHMODEM (e0777b34e05f8a82a21856efc900c29f) C:\Windows\system32\drivers\bthmodem.sys
2011/02/03 09:34:01.0307 4496 cdfs (b4d787db8d30793a4d4df9feed18f136) C:\Windows\system32\DRIVERS\cdfs.sys
2011/02/03 09:34:01.0338 4496 cdrom (3b2fb35363423ed60c8fbf15fc8680bd) C:\Windows\system32\DRIVERS\cdrom.sys
2011/02/03 09:34:01.0370 4496 circlass (02ea568d498bbdd4ba55bf3fce34d456) C:\Windows\system32\drivers\circlass.sys
2011/02/03 09:34:01.0401 4496 CLFS (caeda2572b7042b11062f327f099251d) C:\Windows\system32\CLFS.sys
2011/02/03 09:34:01.0541 4496 cmdide (e5d5499a1c50a54b5161296b6afe6192) C:\Windows\system32\drivers\cmdide.sys
2011/02/03 09:34:01.0588 4496 COH_Mon (4ac0614de43f8787ec1556560c752af8) C:\Windows\system32\Drivers\COH_Mon.sys
2011/02/03 09:34:01.0619 4496 Compbatt (7fb8ad01db0eabe60c8a861531a8f431) C:\Windows\system32\drivers\compbatt.sys
2011/02/03 09:34:01.0650 4496 crcdisk (a8585b6412253803ce8efcbd6d6dc15c) C:\Windows\system32\drivers\crcdisk.sys
2011/02/03 09:34:01.0697 4496 DfsC (bd4acc56e477ad7419cbe90fceeb621b) C:\Windows\system32\Drivers\dfsc.sys
2011/02/03 09:34:01.0744 4496 disk (2dc415fc05fb8a079f896cbbacb19324) C:\Windows\system32\drivers\disk.sys
2011/02/03 09:34:02.0009 4496 drmkaud (f1a78a98cfc2ee02144c6bec945447e6) C:\Windows\system32\drivers\drmkaud.sys
2011/02/03 09:34:02.0150 4496 DXGKrnl (412964040ce920ff83aff6b5b551bf99) C:\Windows\System32\drivers\dxgkrnl.sys
2011/02/03 09:34:02.0274 4496 E1G60 (264cee7b031a9d6c827f3d0cb031f2fe) C:\Windows\system32\DRIVERS\E1G6032E.sys
2011/02/03 09:34:02.0306 4496 Ecache (7343d950a34a95dcb7441642e3e6beef) C:\Windows\system32\drivers\ecache.sys
2011/02/03 09:34:02.0384 4496 eeCtrl (066108ae4c35835081598827a1a7d08d) C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\eeCtrl64.sys
2011/02/03 09:34:02.0633 4496 elxstor (c4636d6e10469404ab5308d9fd45ed07) C:\Windows\system32\drivers\elxstor.sys
2011/02/03 09:34:02.0728 4496 EraserUtilRebootDrv (12866876e3851f1e5d462b2a83e25578) C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys
2011/02/03 09:34:02.0991 4496 ErrDev (bc3a58e938bb277e46bf4b3003b01abd) C:\Windows\system32\drivers\errdev.sys
2011/02/03 09:34:03.0245 4496 exfat (2a546b9a84658b0554b1ec35cd9adaf5) C:\Windows\system32\drivers\exfat.sys
2011/02/03 09:34:03.0273 4496 fastfat (fe731d345ed9eeabbc72a59b35941834) C:\Windows\system32\drivers\fastfat.sys
2011/02/03 09:34:03.0306 4496 fdc (81b79b6df71fa1d2c6d688d830616e39) C:\Windows\system32\DRIVERS\fdc.sys
2011/02/03 09:34:03.0335 4496 FileInfo (457b7d1d533e4bd62a99aed9c7bb4c59) C:\Windows\system32\drivers\fileinfo.sys
2011/02/03 09:34:03.0357 4496 Filetrace (d421327fd6efccaf884a54c58e1b0d7f) C:\Windows\system32\drivers\filetrace.sys
2011/02/03 09:34:03.0380 4496 flpydisk (230923ea2b80f79b0f88d90f87b87ebd) C:\Windows\system32\DRIVERS\flpydisk.sys
2011/02/03 09:34:03.0414 4496 FltMgr (7dacf1a3a4219575070c6dc7c957428a) C:\Windows\system32\drivers\fltmgr.sys
2011/02/03 09:34:03.0441 4496 Fs_Rec (29d99e860a1ca0a03c6a733fdd0da703) C:\Windows\system32\drivers\Fs_Rec.sys
2011/02/03 09:34:03.0466 4496 gagp30kx (c8e416668d3dc2be3d4fe4c79224997f) C:\Windows\system32\drivers\gagp30kx.sys
2011/02/03 09:34:03.0519 4496 GEARAspiWDM (cb121f1009623e83ebcc2c4dcef6d3fe) C:\Windows\system32\Drivers\GEARAspiWDM.sys
2011/02/03 09:34:03.0791 4496 HdAudAddService (df45f8142dc6df9d18c39b3effbd0409) C:\Windows\system32\drivers\HdAudio.sys
2011/02/03 09:34:04.0010 4496 HDAudBus (0c0d0f8a3ff09ecc81963d09ec6a0a84) C:\Windows\system32\DRIVERS\HDAudBus.sys
2011/02/03 09:34:04.0232 4496 HidBth (b4881c84a180e75b8c25dc1d726c375f) C:\Windows\system32\drivers\hidbth.sys
2011/02/03 09:34:04.0450 4496 HidIr (4e77a77e2c986e8f88f996bb3e1ad829) C:\Windows\system32\drivers\hidir.sys
2011/02/03 09:34:04.0493 4496 HidUsb (128e2da8483fdd4dd0c7b3f9abd6f323) C:\Windows\system32\DRIVERS\hidusb.sys
2011/02/03 09:34:04.0570 4496 HpCISSs (d7109a1e6bd2dfdbcba72a6bc626a13b) C:\Windows\system32\drivers\hpcisss.sys
2011/02/03 09:34:04.0623 4496 HTTP (e690736da6c543f5d99c8fa27bea31db) C:\Windows\system32\drivers\HTTP.sys
2011/02/03 09:34:04.0659 4496 i2omp (da94c854cea5fac549d4e1f6e88349e8) C:\Windows\system32\drivers\i2omp.sys
2011/02/03 09:34:04.0684 4496 i8042prt (cbb597659a2713ce0c9cc20c88c7591f) C:\Windows\system32\DRIVERS\i8042prt.sys
2011/02/03 09:34:04.0713 4496 iaStorV (3e3bf3627d886736d0b4e90054f929f6) C:\Windows\system32\drivers\iastorv.sys
2011/02/03 09:34:04.0795 4496 IDSvia64 (4e5201e6ef84b798ebd40c32be088d7a) C:\PROGRA~3\Symantec\DEFINI~1\SymcData\ipsdefs\20110126.001\IDSvia64.sys
2011/02/03 09:34:05.0054 4496 iirsp (8c3951ad2fe886ef76c7b5027c3125d3) C:\Windows\system32\drivers\iirsp.sys
2011/02/03 09:34:05.0211 4496 int15 (8c7fa71cb1ebcd3ede8958d27b1bf0b4) C:\Windows\SysWOW64\drivers\int15_64.sys
2011/02/03 09:34:05.0419 4496 IntcAzAudAddService (6fdf709500c20362ffc5057f0d1e0c8d) C:\Windows\system32\drivers\RTKVHD64.sys
2011/02/03 09:34:05.0462 4496 intelide (df797a12176f11b2d301c5b234bb200e) C:\Windows\system32\drivers\intelide.sys
2011/02/03 09:34:05.0480 4496 intelppm (bfd84af32fa1bad6231c4585cb469630) C:\Windows\system32\DRIVERS\intelppm.sys
2011/02/03 09:34:05.0516 4496 IpFilterDriver (99b821f5bebd6a3cc3fe564f802ae0fd) C:\Windows\system32\DRIVERS\ipfltdrv.sys
2011/02/03 09:34:05.0642 4496 IPMIDRV (9c2ee2e6e5a7203bfae15c299475ec67) C:\Windows\system32\drivers\ipmidrv.sys
2011/02/03 09:34:05.0667 4496 IPNAT (b7e6212f581ea5f6ab0c3a6ceeeb89be) C:\Windows\system32\DRIVERS\ipnat.sys
2011/02/03 09:34:05.0688 4496 IRENUM (8c42ca155343a2f11d29feca67faa88d) C:\Windows\system32\drivers\irenum.sys
2011/02/03 09:34:05.0723 4496 isapnp (0672bfcedc6fc468a2b0500d81437f4f) C:\Windows\system32\drivers\isapnp.sys
2011/02/03 09:34:05.0894 4496 iScsiPrt (49e4ccbf74783fce5d2cc1ff6480e1f4) C:\Windows\system32\DRIVERS\msiscsi.sys
2011/02/03 09:34:06.0003 4496 iteatapi (63c766cdc609ff8206cb447a65abba4a) C:\Windows\system32\drivers\iteatapi.sys
2011/02/03 09:34:06.0105 4496 iteraid (1281fe73b17664631d12f643cbea3f59) C:\Windows\system32\drivers\iteraid.sys
2011/02/03 09:34:06.0128 4496 kbdclass (423696f3ba6472dd17699209b933bc26) C:\Windows\system32\DRIVERS\kbdclass.sys
2011/02/03 09:34:06.0151 4496 kbdhid (bf8783a5066cfecf45095459e8010fa7) C:\Windows\system32\DRIVERS\kbdhid.sys
2011/02/03 09:34:06.0217 4496 KSecDD (ccdcce6224e1e207e953af826b98a9d9) C:\Windows\system32\Drivers\ksecdd.sys
2011/02/03 09:34:06.0262 4496 ksthunk (1d419cf43db29396ecd7113d129d94eb) C:\Windows\system32\drivers\ksthunk.sys
2011/02/03 09:34:06.0325 4496 lltdio (96ece2659b6654c10a0c310ae3a6d02c) C:\Windows\system32\DRIVERS\lltdio.sys
2011/02/03 09:34:06.0372 4496 LSI_FC (acbe1af32d3123e330a07bfbc5ec4a9b) C:\Windows\system32\drivers\lsi_fc.sys
2011/02/03 09:34:06.0391 4496 LSI_SAS (799ffb2fc4729fa46d2157c0065b3525) C:\Windows\system32\drivers\lsi_sas.sys
2011/02/03 09:34:06.0419 4496 LSI_SCSI (f445ff1daad8a226366bfaf42551226b) C:\Windows\system32\drivers\lsi_scsi.sys
2011/02/03 09:34:06.0438 4496 luafv (52f87b9cc8932c2a7375c3b2a9be5e3e) C:\Windows\system32\drivers\luafv.sys
2011/02/03 09:34:06.0480 4496 megasas (5c5cd6aaced32fb26c3fb34b3dcf972f) C:\Windows\system32\drivers\megasas.sys
2011/02/03 09:34:06.0518 4496 MegaSR (859bc2436b076c77c159ed694acfe8f8) C:\Windows\system32\drivers\megasr.sys
2011/02/03 09:34:06.0548 4496 Modem (59848d5cc74606f0ee7557983bb73c2e) C:\Windows\system32\drivers\modem.sys
2011/02/03 09:34:06.0579 4496 monitor (c247cc2a57e0a0c8c6dccf7807b3e9e5) C:\Windows\system32\DRIVERS\monitor.sys
2011/02/03 09:34:06.0601 4496 mouclass (9367304e5e412b120cf5f4ea14e4e4f1) C:\Windows\system32\DRIVERS\mouclass.sys
2011/02/03 09:34:06.0623 4496 mouhid (c2c2bd5c5ce5aaf786ddd74b75d2ac69) C:\Windows\system32\DRIVERS\mouhid.sys
2011/02/03 09:34:06.0646 4496 MountMgr (11bc9b1e8801b01f7f6adb9ead30019b) C:\Windows\system32\drivers\mountmgr.sys
2011/02/03 09:34:06.0683 4496 mpio (f8276eb8698142884498a528dfea8478) C:\Windows\system32\drivers\mpio.sys
2011/02/03 09:34:06.0702 4496 mpsdrv (c92b9abdb65a5991e00c28f13491dba2) C:\Windows\system32\drivers\mpsdrv.sys
2011/02/03 09:34:06.0728 4496 Mraid35x (3c200630a89ef2c0864d515b7a75802e) C:\Windows\system32\drivers\mraid35x.sys
2011/02/03 09:34:06.0847 4496 MRxDAV (fe2706c15f8345c342820e4e4583fea0) C:\Windows\system32\drivers\mrxdav.sys
2011/02/03 09:34:06.0935 4496 mrxsmb (937512d4321b4f5218ad5a0aebf2b5cc) C:\Windows\system32\DRIVERS\mrxsmb.sys
2011/02/03 09:34:06.0995 4496 mrxsmb10 (152b673b3984356390e7baa4199f1114) C:\Windows\system32\DRIVERS\mrxsmb10.sys
2011/02/03 09:34:07.0075 4496 mrxsmb20 (65e45c26ba6fd66cd2889913f73823ef) C:\Windows\system32\DRIVERS\mrxsmb20.sys
2011/02/03 09:34:07.0108 4496 msahci (1ac860612b85d8e85ee257d372e39f4d) C:\Windows\system32\drivers\msahci.sys
2011/02/03 09:34:07.0127 4496 msdsm (264bbb4aaf312a485f0e44b65a6b7202) C:\Windows\system32\drivers\msdsm.sys
2011/02/03 09:34:07.0164 4496 Msfs (704f59bfc4512d2bb0146aec31b10a7c) C:\Windows\system32\drivers\Msfs.sys
2011/02/03 09:34:07.0191 4496 msisadrv (00ebc952961664780d43dca157e79b27) C:\Windows\system32\drivers\msisadrv.sys
2011/02/03 09:34:07.0235 4496 MSKSSRV (0ea73e498f53b96d83dbfca074ad4cf8) C:\Windows\system32\drivers\MSKSSRV.sys
2011/02/03 09:34:07.0252 4496 MSPCLOCK (52e59b7e992a58e740aa63f57edbae8b) C:\Windows\system32\drivers\MSPCLOCK.sys
2011/02/03 09:34:07.0275 4496 MSPQM (49084a75bae043ae02d5b44d02991bb2) C:\Windows\system32\drivers\MSPQM.sys
2011/02/03 09:34:07.0309 4496 MsRPC (b8e32e6103fbba9fbb1d0c11ff0d13b5) C:\Windows\system32\drivers\MsRPC.sys
2011/02/03 09:34:07.0334 4496 mssmbios (855796e59df77ea93af46f20155bf55b) C:\Windows\system32\DRIVERS\mssmbios.sys
2011/02/03 09:34:07.0355 4496 MSTEE (86d632d75d05d5b7c7c043fa3564ae86) C:\Windows\system32\drivers\MSTEE.sys
2011/02/03 09:34:07.0378 4496 Mup (ddf133501f68d6988a0f55dfa88637b4) C:\Windows\system32\Drivers\mup.sys
2011/02/03 09:34:07.0440 4496 NativeWifiP (73b99c98fa3a2ed1566e02d6fe1913a5) C:\Windows\system32\DRIVERS\nwifi.sys
2011/02/03 09:34:07.0526 4496 NAVENG (7be93dbb02b66e72872ff76d8a92e662) C:\PROGRA~3\Symantec\DEFINI~1\VIRUSD~1\20110202.022\ENG64.SYS
2011/02/03 09:34:07.0590 4496 NAVEX15 (be99edbba322ca59b3f2fe17b9bf987a) C:\PROGRA~3\Symantec\DEFINI~1\VIRUSD~1\20110202.022\EX64.SYS
2011/02/03 09:34:07.0860 4496 NDIS (2a2ee457af36c5c9a6808c768bd3a12b) C:\Windows\system32\drivers\ndis.sys
2011/02/03 09:34:08.0052 4496 NdisTapi (64df698a425478e321981431ac171334) C:\Windows\system32\DRIVERS\ndistapi.sys
2011/02/03 09:34:08.0074 4496 Ndisuio (8baa43196d7b5bb972c9a6b2bbf61a19) C:\Windows\system32\DRIVERS\ndisuio.sys
2011/02/03 09:34:08.0097 4496 NdisWan (52e3e8e35101399be9b2938c992aa087) C:\Windows\system32\DRIVERS\ndiswan.sys
2011/02/03 09:34:08.0117 4496 NDProxy (9cb77ed7cb72850253e973a2d6afdf49) C:\Windows\system32\drivers\NDProxy.sys
2011/02/03 09:34:08.0153 4496 NetBIOS (a499294f5029a7862adc115bda7371ce) C:\Windows\system32\DRIVERS\netbios.sys
2011/02/03 09:34:08.0173 4496 netbt (7a29ca243a629230799754162d80120f) C:\Windows\system32\DRIVERS\netbt.sys
2011/02/03 09:34:08.0222 4496 nfrd960 (4ac08bd6af2df42e0c3196d826c8aea7) C:\Windows\system32\drivers\nfrd960.sys
2011/02/03 09:34:08.0245 4496 Npfs (b06154e2a2c91e9be5599fca53bc4cd0) C:\Windows\system32\drivers\Npfs.sys
2011/02/03 09:34:08.0274 4496 nsiproxy (1523af19ee8b030ba682f7a53537eaeb) C:\Windows\system32\drivers\nsiproxy.sys
2011/02/03 09:34:08.0333 4496 Ntfs (fe86ba5ac3b50e2ca911e9c60c07b638) C:\Windows\system32\drivers\Ntfs.sys
2011/02/03 09:34:08.0361 4496 Null (dd5d684975352b85b52e3fd5347c20cb) C:\Windows\system32\drivers\Null.sys
2011/02/03 09:34:08.0384 4496 nvraid (2c040b7ada5b06f6facadac8514aa034) C:\Windows\system32\drivers\nvraid.sys
2011/02/03 09:34:08.0405 4496 nvstor (f7ea0fe82842d05eda3efdd376dbfdba) C:\Windows\system32\drivers\nvstor.sys
2011/02/03 09:34:08.0433 4496 nv_agp (19067ca93075ef4823e3938a686f532f) C:\Windows\system32\drivers\nv_agp.sys
2011/02/03 09:34:08.0519 4496 ohci1394 (1b30103fde512915a9214b108b6e7a9c) C:\Windows\system32\DRIVERS\ohci1394.sys
2011/02/03 09:34:08.0655 4496 Parport (4c6a7fd04ddf4db88791048382e3edb1) C:\Windows\system32\DRIVERS\parport.sys
2011/02/03 09:34:08.0683 4496 partmgr (5ab40c36894f4c06bdab0c9a2fba282d) C:\Windows\system32\drivers\partmgr.sys
2011/02/03 09:34:08.0713 4496 pci (2a5b2a51559066ea84742909b5b2cd69) C:\Windows\system32\drivers\pci.sys
2011/02/03 09:34:08.0733 4496 pciide (4423e6d4d20c5d9ae27608bbe55347f7) C:\Windows\system32\drivers\pciide.sys
2011/02/03 09:34:08.0785 4496 pcmcia (037661f3d7c507c9993b7010ceee6288) C:\Windows\system32\drivers\pcmcia.sys
2011/02/03 09:34:08.0812 4496 PEAUTH (58865916f53592a61549b04941bfd80d) C:\Windows\system32\drivers\peauth.sys
2011/02/03 09:34:08.0994 4496 PptpMiniport (f5739f2c6db2534c384ad5150808e8f5) C:\Windows\system32\DRIVERS\raspptp.sys
2011/02/03 09:34:09.0013 4496 Processor (5080e59ecee0bc923f14018803aa7a01) C:\Windows\system32\DRIVERS\processr.sys
2011/02/03 09:34:09.0054 4496 PSched (0e0e205a296095fe4c631e6a4775ad6c) C:\Windows\system32\DRIVERS\pacer.sys
2011/02/03 09:34:09.0093 4496 ql2300 (0b83f4e681062f3839be2ec1d98fd94a) C:\Windows\system32\drivers\ql2300.sys
2011/02/03 09:34:09.0120 4496 ql40xx (e1c80f8d4d1e39ef9595809c1369bf2a) C:\Windows\system32\drivers\ql40xx.sys
2011/02/03 09:34:09.0149 4496 QWAVEdrv (e8d76edab77ec9c634c27b8eac33adc5) C:\Windows\system32\drivers\qwavedrv.sys
2011/02/03 09:34:09.0170 4496 RasAcd (1013b3b663a56d3ddd784f581c1bd005) C:\Windows\system32\DRIVERS\rasacd.sys
2011/02/03 09:34:09.0208 4496 Rasl2tp (3b9085f91ef00abd15a6f36570e90e12) C:\Windows\system32\DRIVERS\rasl2tp.sys
2011/02/03 09:34:09.0235 4496 RasPppoe (2ce1703c27196094fb6e4c6e439f2c21) C:\Windows\system32\DRIVERS\raspppoe.sys
2011/02/03 09:34:09.0270 4496 RasSstp (fcd04fa67e8b40fa0ad361dd38593942) C:\Windows\system32\DRIVERS\rassstp.sys
2011/02/03 09:34:09.0293 4496 rdbss (33fa5b6136d92ee0f53f021c79091300) C:\Windows\system32\DRIVERS\rdbss.sys
2011/02/03 09:34:09.0312 4496 RDPCDD (603900cc05f6be65ccbf373800af3716) C:\Windows\system32\DRIVERS\RDPCDD.sys
2011/02/03 09:34:09.0351 4496 rdpdr (c045d1fb111c28df0d1be8d4bda22c06) C:\Windows\system32\drivers\rdpdr.sys
2011/02/03 09:34:09.0370 4496 RDPENCDD (cab9421daf3d97b33d0d055858e2c3ab) C:\Windows\system32\drivers\rdpencdd.sys
2011/02/03 09:34:09.0400 4496 RDPWD (7747082f672aa2846235c9cea42e2e72) C:\Windows\system32\drivers\RDPWD.sys
2011/02/03 09:34:09.0671 4496 rspndr (22a9cb08b1a6707c1550c6bf099aae73) C:\Windows\system32\DRIVERS\rspndr.sys
2011/02/03 09:34:09.0960 4496 RTSTOR (b6b74a05f4da0231d5d275568a104f89) C:\Windows\system32\drivers\RTSTOR64.SYS
2011/02/03 09:34:09.0984 4496 sbp2port (cd9c693589c60ad59bbbcfb0e524e01b) C:\Windows\system32\drivers\sbp2port.sys
2011/02/03 09:34:10.0043 4496 secdrv (3ea8a16169c26afbeb544e0e48421186) C:\Windows\system32\drivers\secdrv.sys
2011/02/03 09:34:10.0071 4496 Serenum (2449316316411d65bd2c761a6ffb2ce2) C:\Windows\system32\DRIVERS\serenum.sys
2011/02/03 09:34:10.0107 4496 Serial (4b438170be2fc8e0bd35ee87a960f84f) C:\Windows\system32\DRIVERS\serial.sys
2011/02/03 09:34:10.0125 4496 sermouse (a842f04833684bceea7336211be478df) C:\Windows\system32\drivers\sermouse.sys
2011/02/03 09:34:10.0169 4496 sffdisk (14d4b4465193a87c127933978e8c4106) C:\Windows\system32\drivers\sffdisk.sys
2011/02/03 09:34:10.0191 4496 sffp_mmc (7073aee3f82f3d598e3825962aa98ab2) C:\Windows\system32\drivers\sffp_mmc.sys
2011/02/03 09:34:10.0213 4496 sffp_sd (35e59ebe4a01a0532ed67975161c7b82) C:\Windows\system32\drivers\sffp_sd.sys
2011/02/03 09:34:10.0235 4496 sfloppy (6b7838c94135768bd455cbdc23e39e5f) C:\Windows\system32\drivers\sfloppy.sys
2011/02/03 09:34:10.0268 4496 SiSRaid2 (7a5de502aeb719d4594c6471060a78b3) C:\Windows\system32\drivers\sisraid2.sys
2011/02/03 09:34:10.0295 4496 SiSRaid4 (3a2f769fab9582bc720e11ea1dfb184d) C:\Windows\system32\drivers\sisraid4.sys
2011/02/03 09:34:10.0325 4496 Smb (41eb2e8e005feedcafce301983eff932) C:\Windows\system32\DRIVERS\smb.sys
2011/02/03 09:34:10.0367 4496 spldr (f9cb0672162f7f04248e2b82c1ff4617) C:\Windows\system32\drivers\spldr.sys
2011/02/03 09:34:10.0405 4496 SRTSP (7e4cc24a23262a84ae99dbffef69a6b0) C:\Windows\system32\Drivers\SRTSP64.SYS
2011/02/03 09:34:10.0433 4496 SRTSPL (8b1dedeba049a3e1daf8219eec87eb00) C:\Windows\system32\Drivers\SRTSPL64.SYS
2011/02/03 09:34:10.0455 4496 SRTSPX (3db35652e4460da6730bb44908fa39cb) C:\Windows\system32\Drivers\SRTSPX64.SYS
2011/02/03 09:34:10.0505 4496 srv (4adb9a620ff071ee7d17487a87861659) C:\Windows\system32\DRIVERS\srv.sys
2011/02/03 09:34:10.0536 4496 srv2 (2aea7a85ceb33abb332d35617990f50b) C:\Windows\system32\DRIVERS\srv2.sys
2011/02/03 09:34:10.0570 4496 srvnet (a93df8babf7c7b9637a76e0eae5744b7) C:\Windows\system32\DRIVERS\srvnet.sys
2011/02/03 09:34:10.0624 4496 swenum (8a851ca908b8b974f89c50d2e18d4f0c) C:\Windows\system32\DRIVERS\swenum.sys
2011/02/03 09:34:10.0653 4496 Symc8xx (2f26a2c6fc96b29beff5d8ed74e6625b) C:\Windows\system32\drivers\symc8xx.sys
2011/02/03 09:34:10.0702 4496 SYMDNS (002e73df2a07785e93943eefc16edb57) C:\Windows\System32\Drivers\SYMDNS.SYS
2011/02/03 09:34:10.0721 4496 SymEvent (209d2e4c78026eba547121e73dd82ebe) C:\Windows\system32\Drivers\SYMEVENT64x86.SYS
2011/02/03 09:34:10.0745 4496 SYMFW (c785ca33d3dbcdf604e58c3a2eb1818a) C:\Windows\System32\Drivers\SYMFW.SYS
2011/02/03 09:34:10.0779 4496 SymIM (f78828b90bd5bb5bcd8500f9b08ba76f) C:\Windows\system32\DRIVERS\SymIMv.sys
2011/02/03 09:34:10.0806 4496 SYMNDISV (8357806b06b514f6edf9d10cfdce2853) C:\Windows\System32\Drivers\SYMNDISV.SYS
2011/02/03 09:34:10.0859 4496 SYMREDRV (e05fbad45a96fb25f58bb0a9538a337e) C:\Windows\System32\Drivers\SYMREDRV.SYS
2011/02/03 09:34:10.0887 4496 SYMTDI (a30def26951b77788a71b1033d275e65) C:\Windows\System32\Drivers\SYMTDI.SYS
2011/02/03 09:34:10.0924 4496 Sym_hi (a909667976d3bccd1df813fed517d837) C:\Windows\system32\drivers\sym_hi.sys
2011/02/03 09:34:10.0942 4496 Sym_u3 (36887b56ec2d98b9c362f6ae4de5b7b0) C:\Windows\system32\drivers\sym_u3.sys
2011/02/03 09:34:11.0021 4496 Tcpip (7d86275fb640011b372fd566c0eafa8d) C:\Windows\system32\drivers\tcpip.sys
2011/02/03 09:34:11.0080 4496 Tcpip6 (7d86275fb640011b372fd566c0eafa8d) C:\Windows\system32\DRIVERS\tcpip.sys
2011/02/03 09:34:11.0125 4496 tcpipreg (c29d4b3b08ad0b7e8564814e4ff6a57b) C:\Windows\system32\drivers\tcpipreg.sys
2011/02/03 09:34:11.0143 4496 TDPIPE (1d8bf4aaa5fb7a2761475781dc1195bc) C:\Windows\system32\drivers\tdpipe.sys
2011/02/03 09:34:11.0165 4496 TDTCP (7f7e00cdf609df657f4cda02dd1c9bb1) C:\Windows\system32\drivers\tdtcp.sys
2011/02/03 09:34:11.0187 4496 tdx (8c39c72e0e853de04748c0337d9b9216) C:\Windows\system32\DRIVERS\tdx.sys
2011/02/03 09:34:11.0213 4496 TermDD (3f0ebf6ee609f2a276c0d5faf244ec90) C:\Windows\system32\DRIVERS\termdd.sys
2011/02/03 09:34:11.0264 4496 tssecsrv (9e5409cd17c8bef193aad498f3bc2cb8) C:\Windows\system32\DRIVERS\tssecsrv.sys
2011/02/03 09:34:11.0293 4496 tunnel (f6a4fba7c03ac2efd00f3301c0c1e067) C:\Windows\system32\DRIVERS\tunnel.sys
2011/02/03 09:34:11.0318 4496 uagp35 (fec266ef401966311744bd0f359f7f56) C:\Windows\system32\drivers\uagp35.sys
2011/02/03 09:34:11.0347 4496 udfs (eca6629e33f122afff18a2ab7c3eb033) C:\Windows\system32\DRIVERS\udfs.sys
2011/02/03 09:34:11.0383 4496 uliagpkx (4ec9447ac3ab462647f60e547208ca00) C:\Windows\system32\drivers\uliagpkx.sys
2011/02/03 09:34:11.0414 4496 uliahci (697f0446134cdc8f99e69306184fbbb4) C:\Windows\system32\drivers\uliahci.sys
2011/02/03 09:34:11.0435 4496 UlSata (31707f09846056651ea2c37858f5ddb0) C:\Windows\system32\drivers\ulsata.sys
2011/02/03 09:34:11.0463 4496 ulsata2 (85e5e43ed5b48c8376281bab519271b7) C:\Windows\system32\drivers\ulsata2.sys
2011/02/03 09:34:11.0482 4496 umbus (46e9a994c4fed537dd951f60b86ad3f4) C:\Windows\system32\DRIVERS\umbus.sys
2011/02/03 09:34:11.0546 4496 usbccgp (07e3498fc60834219d2356293da0fecc) C:\Windows\system32\DRIVERS\usbccgp.sys
2011/02/03 09:34:11.0585 4496 usbcir (9247f7e0b65852c1f6631480984d6ed2) C:\Windows\system32\drivers\usbcir.sys
2011/02/03 09:34:11.0609 4496 usbehci (da6d8d8ed0a53c63ac6f4bd40fe83fbe) C:\Windows\system32\DRIVERS\usbehci.sys
2011/02/03 09:34:11.0640 4496 usbhub (99045369ae3216216573d0775fd7ed56) C:\Windows\system32\DRIVERS\usbhub.sys
2011/02/03 09:34:11.0659 4496 usbohci (540b622da0949695c40cdc9d5d497a8b) C:\Windows\system32\DRIVERS\usbohci.sys
2011/02/03 09:34:11.0688 4496 usbprint (acfee697af477021bb3ec78c5431fed2) C:\Windows\system32\drivers\usbprint.sys
2011/02/03 09:34:11.0723 4496 USBSTOR (586d9876a4945779c8eea926c0d16889) C:\Windows\system32\DRIVERS\USBSTOR.SYS
2011/02/03 09:34:11.0743 4496 usbuhci (b2872cbf9f47316abd0e0c74a1aba507) C:\Windows\system32\DRIVERS\usbuhci.sys
2011/02/03 09:34:11.0776 4496 vga (916b94bcf1e09873fff2d5fb11767bbc) C:\Windows\system32\DRIVERS\vgapnp.sys
2011/02/03 09:34:11.0798 4496 VgaSave (b83ab16b51feda65dd81b8c59d114d63) C:\Windows\System32\drivers\vga.sys
2011/02/03 09:34:11.0822 4496 viaide (8294b6c3fdb6c33f24e150de647ecdaa) C:\Windows\system32\drivers\viaide.sys
2011/02/03 09:34:11.0862 4496 volmgr (793d9b32a1c462c91f6f70358283ac97) C:\Windows\system32\drivers\volmgr.sys
2011/02/03 09:34:11.0888 4496 volmgrx (5aa217da5dc4ff5b9ac9ab86563b3223) C:\Windows\system32\drivers\volmgrx.sys
2011/02/03 09:34:11.0918 4496 volsnap (de4307412d98050239026e56a7dff3c0) C:\Windows\system32\drivers\volsnap.sys
2011/02/03 09:34:11.0939 4496 vsmraid (a68f455ed2673835209318dd61bfbb0e) C:\Windows\system32\drivers\vsmraid.sys
2011/02/03 09:34:11.0985 4496 WacomPen (fef8fe5923fead2cee4dfabfce3393a7) C:\Windows\system32\drivers\wacompen.sys
2011/02/03 09:34:12.0013 4496 Wanarp (aea75207e443c8623c36b8d03596f84f) C:\Windows\system32\DRIVERS\wanarp.sys
2011/02/03 09:34:12.0029 4496 Wanarpv6 (aea75207e443c8623c36b8d03596f84f) C:\Windows\system32\DRIVERS\wanarp.sys
2011/02/03 09:34:12.0065 4496 Wd (0c17a0816f65b89e362e682ad5e7266e) C:\Windows\system32\drivers\wd.sys
2011/02/03 09:34:12.0103 4496 Wdf01000 (d02e7e4567da1e7582fbf6a91144b0df) C:\Windows\system32\drivers\Wdf01000.sys
2011/02/03 09:34:12.0203 4496 WmiAcpi (e18aebaaa5a773fe11aa2c70f65320f5) C:\Windows\system32\drivers\wmiacpi.sys
2011/02/03 09:34:12.0258 4496 ws2ifsl (8a900348370e359b6bff6a550e4649e1) C:\Windows\system32\drivers\ws2ifsl.sys
2011/02/03 09:34:12.0314 4496 WUDFRd (501a65252617b495c0f1832f908d54d8) C:\Windows\system32\DRIVERS\WUDFRd.sys
2011/02/03 09:34:12.0383 4496 yukonx64 (b681cadb266b151061e7baa82b0d77b7) C:\Windows\system32\DRIVERS\yk60x64.sys
2011/02/03 09:34:12.0415 4496 \HardDisk0 - detected Rootkit.Win32.TDSS.tdl4 (0)
2011/02/03 09:34:12.0420 4496 ================================================================================
2011/02/03 09:34:12.0420 4496 Scan finished
2011/02/03 09:34:12.0420 4496 ================================================================================
2011/02/03 09:34:12.0435 3784 Detected object count: 1
2011/02/03 09:34:51.0685 3784 \HardDisk0 - will be cured after reboot
2011/02/03 09:34:51.0685 3784 Rootkit.Win32.TDSS.tdl4(\HardDisk0) - User select action: Cure
2011/02/03 09:35:16.0442 3600 Deinitialize success

MBRCheck, version 1.2.3
© 2010, AD

Command-line:
Windows Version: Windows Vista Home Premium Edition
Windows Information: Service Pack 1 (build 6001), 64-bit
Base Board Manufacturer: Gateway
BIOS Manufacturer: American Megatrends Inc.
System Manufacturer: Gateway
System Product Name: DX4200-09
Logical Drives Mask: 0x000000fc

Kernel Drivers (total 156):
0x02418000 \SystemRoot\system32\ntoskrnl.exe
0x02930000 \SystemRoot\system32\hal.dll
0x00609000 \SystemRoot\system32\kdcom.dll
0x00613000 \SystemRoot\system32\PSHED.dll
0x00627000 \SystemRoot\system32\CLFS.SYS
0x00684000 \SystemRoot\system32\CI.dll
0x00809000 \SystemRoot\system32\drivers\Wdf01000.sys
0x008E3000 \SystemRoot\system32\drivers\WDFLDR.SYS
0x008F1000 \SystemRoot\system32\drivers\acpi.sys
0x00947000 \SystemRoot\system32\drivers\WMILIB.SYS
0x00950000 \SystemRoot\system32\drivers\msisadrv.sys
0x0095A000 \SystemRoot\system32\drivers\pci.sys
0x0098A000 \SystemRoot\System32\drivers\partmgr.sys
0x0099F000 \SystemRoot\system32\drivers\volmgr.sys
0x00736000 \SystemRoot\System32\drivers\volmgrx.sys
0x009B3000 \SystemRoot\system32\drivers\pciide.sys
0x009BA000 \SystemRoot\system32\drivers\PCIIDEX.SYS
0x009CA000 \SystemRoot\System32\drivers\mountmgr.sys
0x009DD000 \SystemRoot\system32\drivers\atapi.sys
0x0079C000 \SystemRoot\system32\drivers\ataport.SYS
0x00A04000 \SystemRoot\system32\drivers\fltmgr.sys
0x00A4A000 \SystemRoot\system32\drivers\fileinfo.sys
0x00A5E000 \SystemRoot\System32\Drivers\ksecdd.sys
0x00C04000 \SystemRoot\system32\drivers\ndis.sys
0x00AE5000 \SystemRoot\system32\drivers\msrpc.sys
0x00B35000 \SystemRoot\system32\drivers\NETIO.SYS
0x00E0D000 \SystemRoot\System32\drivers\tcpip.sys
0x00F81000 \SystemRoot\System32\drivers\fwpkclnt.sys
0x0100E000 \SystemRoot\System32\Drivers\Ntfs.sys
0x01192000 \SystemRoot\system32\drivers\volsnap.sys
0x011D6000 \SystemRoot\System32\Drivers\spldr.sys
0x011DE000 \SystemRoot\System32\Drivers\mup.sys
0x00FAD000 \SystemRoot\System32\drivers\ecache.sys
0x00FD9000 \SystemRoot\system32\drivers\disk.sys
0x00DC7000 \SystemRoot\system32\drivers\CLASSPNP.SYS
0x011F0000 \SystemRoot\system32\DRIVERS\AtiPcie.sys
0x01000000 \SystemRoot\system32\drivers\crcdisk.sys
0x00DF3000 \SystemRoot\system32\DRIVERS\tunnel.sys
0x00B8D000 \SystemRoot\system32\DRIVERS\processr.sys
0x04602000 \SystemRoot\system32\DRIVERS\atikmdag.sys
0x04C60000 \SystemRoot\System32\drivers\dxgkrnl.sys
0x04D3F000 \SystemRoot\System32\drivers\watchdog.sys
0x04D4E000 \SystemRoot\system32\DRIVERS\HDAudBus.sys
0x04D61000 \SystemRoot\system32\DRIVERS\yk60x64.sys
0x04DC6000 \SystemRoot\system32\DRIVERS\ohci1394.sys
0x04DD8000 \SystemRoot\system32\DRIVERS\1394BUS.SYS
0x00BA0000 \SystemRoot\system32\DRIVERS\cdrom.sys
0x04DE8000 \SystemRoot\System32\Drivers\GEARAspiWDM.sys
0x04DF1000 \SystemRoot\system32\DRIVERS\usbohci.sys
0x02004000 \SystemRoot\system32\DRIVERS\USBPORT.SYS
0x0204A000 \SystemRoot\system32\DRIVERS\usbehci.sys
0x0205B000 \SystemRoot\system32\DRIVERS\parport.sys
0x02077000 \SystemRoot\system32\DRIVERS\i8042prt.sys
0x0208D000 \SystemRoot\system32\DRIVERS\kbdclass.sys
0x0209B000 \SystemRoot\system32\DRIVERS\serial.sys
0x020B8000 \SystemRoot\system32\DRIVERS\serenum.sys
0x020C4000 \SystemRoot\system32\DRIVERS\agrsm64.sys
0x02000000 \SystemRoot\system32\DRIVERS\USBD.SYS
0x00BBC000 \SystemRoot\system32\drivers\modem.sys
0x007C0000 \SystemRoot\system32\DRIVERS\msiscsi.sys
0x04E06000 \SystemRoot\system32\DRIVERS\storport.sys
0x04E63000 \SystemRoot\system32\DRIVERS\TDI.SYS
0x04E70000 \SystemRoot\system32\DRIVERS\rasl2tp.sys
0x04E93000 \SystemRoot\system32\DRIVERS\ndistapi.sys
0x04E9F000 \SystemRoot\system32\DRIVERS\ndiswan.sys
0x04ED0000 \SystemRoot\system32\DRIVERS\raspppoe.sys
0x04EE0000 \SystemRoot\system32\DRIVERS\raspptp.sys
0x04EFE000 \SystemRoot\system32\DRIVERS\rassstp.sys
0x04F16000 \SystemRoot\system32\DRIVERS\termdd.sys
0x04F28000 \SystemRoot\system32\DRIVERS\mouclass.sys
0x04F34000 \SystemRoot\system32\DRIVERS\swenum.sys
0x04F36000 \SystemRoot\system32\DRIVERS\ks.sys
0x04F6A000 \SystemRoot\system32\DRIVERS\mssmbios.sys
0x04F75000 \SystemRoot\system32\DRIVERS\umbus.sys
0x04F85000 \SystemRoot\system32\DRIVERS\usbhub.sys
0x04FCC000 \SystemRoot\System32\Drivers\NDProxy.SYS
0x05A02000 \SystemRoot\system32\drivers\HdAudio.sys
0x05A4B000 \SystemRoot\system32\drivers\portcls.sys
0x05A86000 \SystemRoot\system32\drivers\drmk.sys
0x05AA9000 \SystemRoot\system32\drivers\ksthunk.sys
0x05C0A000 \SystemRoot\system32\drivers\RTKVHD64.sys
0x05D77000 \SystemRoot\System32\Drivers\Fs_Rec.SYS
0x05D81000 \SystemRoot\System32\Drivers\Null.SYS
0x05D8A000 \SystemRoot\System32\drivers\vga.sys
0x05D98000 \SystemRoot\System32\drivers\VIDEOPRT.SYS
0x05DBD000 \SystemRoot\System32\DRIVERS\RDPCDD.sys
0x05DC6000 \SystemRoot\system32\drivers\rdpencdd.sys
0x05DCF000 \SystemRoot\System32\Drivers\Msfs.SYS
0x05DDA000 \SystemRoot\System32\Drivers\Npfs.SYS
0x05DEB000 \SystemRoot\System32\DRIVERS\rasacd.sys
0x05AAF000 \SystemRoot\system32\DRIVERS\tdx.sys
0x05ACC000 \SystemRoot\System32\Drivers\aswTdi.SYS
0x05ADC000 \SystemRoot\System32\Drivers\SYMTDI.SYS
0x05B25000 \??\C:\Windows\system32\Drivers\SYMEVENT64x86.SYS
0x05B5B000 \SystemRoot\system32\DRIVERS\smb.sys
0x05B76000 \SystemRoot\system32\drivers\afd.sys
0x05DF4000 \SystemRoot\System32\Drivers\aswRdr.SYS
0x05E08000 \SystemRoot\System32\DRIVERS\netbt.sys
0x05E4C000 \SystemRoot\system32\DRIVERS\pacer.sys
0x05E6A000 \SystemRoot\system32\DRIVERS\SymIMv.sys
0x05E74000 \SystemRoot\system32\DRIVERS\netbios.sys
0x05E83000 \SystemRoot\system32\DRIVERS\wanarp.sys
0x05E9E000 \SystemRoot\System32\Drivers\SRTSPX64.SYS
0x05EB2000 \SystemRoot\system32\DRIVERS\rdbss.sys
0x05F00000 \SystemRoot\system32\drivers\nsiproxy.sys
0x05F0C000 \??\C:\PROGRA~3\Symantec\DEFINI~1\SymcData\ipsdefs\20110126.001\IDSvia64.sys
0x05F72000 \SystemRoot\system32\DRIVERS\hidusb.sys
0x05F7B000 \SystemRoot\system32\DRIVERS\HIDCLASS.SYS
0x05F8D000 \SystemRoot\system32\DRIVERS\HIDPARSE.SYS
0x0600E000 \??\C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\eeCtrl64.sys
0x06084000 \SystemRoot\system32\DRIVERS\mouhid.sys
0x0608F000 \??\C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys
0x060B4000 \SystemRoot\System32\Drivers\dfsc.sys
0x060D1000 \SystemRoot\System32\Drivers\aswSP.SYS
0x0611A000 \SystemRoot\system32\DRIVERS\usbccgp.sys
0x06136000 \SystemRoot\system32\drivers\RTSTOR64.SYS
0x0614A000 \SystemRoot\system32\DRIVERS\cdfs.sys
0x06166000 \SystemRoot\System32\Drivers\crashdmp.sys
0x06174000 \SystemRoot\System32\Drivers\dump_dumpata.sys
0x06180000 \SystemRoot\System32\Drivers\dump_atapi.sys
0x00010000 \SystemRoot\System32\win32k.sys
0x06188000 \SystemRoot\System32\drivers\Dxapi.sys
0x06194000 \SystemRoot\system32\DRIVERS\monitor.sys
0x00490000 \SystemRoot\System32\TSDDD.dll
0x006D0000 \SystemRoot\System32\cdd.dll
0x061A7000 \SystemRoot\system32\drivers\luafv.sys
0x05F95000 \??\C:\Windows\system32\drivers\aswMonFlt.sys
0x061C9000 \SystemRoot\System32\Drivers\aswFsBlk.SYS
0x061D2000 \SystemRoot\system32\DRIVERS\lltdio.sys
0x00BCB000 \SystemRoot\system32\DRIVERS\nwifi.sys
0x061E6000 \SystemRoot\system32\DRIVERS\ndisuio.sys
0x05FCF000 \SystemRoot\system32\DRIVERS\rspndr.sys
0x07809000 \SystemRoot\system32\drivers\spsys.sys
0x078A3000 \SystemRoot\system32\drivers\HTTP.sys
0x07942000 \SystemRoot\System32\DRIVERS\srvnet.sys
0x0796A000 \SystemRoot\system32\DRIVERS\bowser.sys
0x07988000 \SystemRoot\System32\drivers\mpsdrv.sys
0x079A2000 \SystemRoot\system32\drivers\mrxdav.sys
0x079C9000 \SystemRoot\system32\DRIVERS\mrxsmb.sys
0x07E09000 \SystemRoot\system32\DRIVERS\mrxsmb10.sys
0x07E52000 \SystemRoot\system32\DRIVERS\mrxsmb20.sys
0x07E71000 \SystemRoot\System32\DRIVERS\srv2.sys
0x07EA3000 \SystemRoot\System32\DRIVERS\srv.sys
0x07F3A000 \SystemRoot\System32\Drivers\SYMREDRV.SYS
0x07F45000 \SystemRoot\System32\Drivers\SYMDNS.SYS
0x07F4E000 \SystemRoot\System32\Drivers\SYMNDISV.SYS
0x07F5C000 \SystemRoot\System32\Drivers\SYMFW.SYS
0x0880B000 \SystemRoot\system32\drivers\peauth.sys
0x088C1000 \SystemRoot\System32\Drivers\secdrv.SYS
0x088CC000 \SystemRoot\System32\drivers\tcpipreg.sys
0x088DB000 \SystemRoot\system32\DRIVERS\WUDFRd.sys
0x088FB000 \SystemRoot\system32\DRIVERS\WUDFPf.sys
0x08911000 \SystemRoot\System32\Drivers\SRTSP64.SYS
0x08C00000 \??\C:\PROGRA~3\Symantec\DEFINI~1\VIRUSD~1\20110202.022\EX64.SYS
0x08DBA000 \??\C:\PROGRA~3\Symantec\DEFINI~1\VIRUSD~1\20110202.022\ENG64.SYS
0x77560000 \Windows\System32\ntdll.dll

Processes (total 67):
0 System Idle Process
4 System
468 C:\Windows\System32\smss.exe
552 csrss.exe
600 C:\Windows\System32\wininit.exe
620 csrss.exe
652 C:\Windows\System32\services.exe
664 C:\Windows\System32\lsass.exe
672 C:\Windows\System32\lsm.exe
780 C:\Windows\System32\winlogon.exe
868 C:\Windows\System32\svchost.exe
944 C:\Windows\System32\svchost.exe
1008 C:\Windows\System32\svchost.exe
296 C:\Windows\System32\Ati2evxx.exe
480 C:\Windows\System32\svchost.exe
524 C:\Windows\System32\svchost.exe
532 C:\Windows\System32\svchost.exe
1064 C:\Windows\System32\audiodg.exe
1096 C:\Windows\System32\svchost.exe
1112 C:\Windows\System32\SLsvc.exe
1172 C:\Windows\System32\svchost.exe
1312 C:\Windows\System32\svchost.exe
1404 C:\Program Files\Alwil Software\Avast5\AvastSvc.exe
1416 C:\Windows\System32\Ati2evxx.exe
1868 C:\Windows\System32\spoolsv.exe
1892 C:\Program Files (x86)\Common Files\Symantec Shared\CCSVCHST.EXE
1320 C:\Windows\System32\svchost.exe
2208 C:\Windows\System32\taskeng.exe
2484 C:\Windows\System32\agr64svc.exe
2520 C:\Program Files\GATEWAY\Gateway Recovery Management\Service\ETService.exe
2668 C:\Windows\System32\svchost.exe
2712 C:\Program Files (x86)\CyberLink\Shared files\RichVideo.exe
2768 C:\Windows\System32\svchost.exe
2796 C:\Windows\System32\svchost.exe
2856 C:\Windows\System32\SearchIndexer.exe
2948 C:\Windows\System32\rundll32.exe
2968 WUDFHost.exe
2200 C:\Program Files (x86)\Symantec\LiveUpdate\AluSchedulerSvc.exe
3208 C:\Windows\System32\taskeng.exe
3216 C:\Windows\System32\dwm.exe
3304 C:\Windows\System32\taskeng.exe
3352 C:\Windows\explorer.exe
3396 C:\Windows\mHotkey.exe
3608 C:\Program Files\Windows Defender\MSASCui.exe
3616 C:\Program Files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
3636 C:\Program Files (x86)\McAfee Security Scan\2.0.181\SSScheduler.exe
3776 C:\Program Files (x86)\Java\jre1.6.0_05\bin\jusched.exe
3784 C:\Program Files (x86)\Common Files\Symantec Shared\CCSVCHST.EXE
3792 C:\Program Files (x86)\Adobe\Reader 8.0\Reader\reader_sl.exe
3820 C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
3836 C:\Windows\CNYHKey.exe
3844 C:\Program Files (x86)\IOI\Smart Copy\ButtonMonitor.exe
3864 C:\Program Files\Alwil Software\Avast5\AvastUI.exe
4024 C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CCC.exe
3096 C:\Windows\ModLEDKey.exe
2784 C:\Windows\ChiFuncExt.exe
4612 C:\PROGRA~2\COMMON~1\SYMANT~1\CCPD-LC\symlcsvc.exe
4716 WmiPrvSE.exe
4760 C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
4252 WmiPrvSE.exe
3560 C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
3180 C:\Windows\servicing\TrustedInstaller.exe
4388 C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
4552 C:\Windows\System32\SearchProtocolHost.exe
5000 C:\Windows\System32\SearchFilterHost.exe
4396 C:\Windows\System32\wbem\WMIADAP.exe
5076 C:\Users\unseth\Downloads\MBRCheck.exe

\\.\C: --> \\.\PhysicalDrive0 at offset 0x00000002`71200000 (NTFS)

PhysicalDrive0 Model Number: WDCWD6400AAKS-00A7B2, Rev: 01.03B01

Size Device Name MBR Status
--------------------------------------------
596 GB \\.\PhysicalDrive0 Unknown MBR code
SHA1: 53902D02D6A9EDB1C16B4443A248CC81F6527D29


Found non-standard or infected MBR.
Enter 'Y' and hit ENTER for more options, or 'N' to exit:

Done!

OTL logfile created on: 2/3/2011 9:43:41 AM - Run 1
OTL by OldTimer - Version 3.2.20.6 Folder = C:\Users\unseth\Downloads
64bit-Windows Vista Home Premium Edition Service Pack 1 (Version = 6.0.6001) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18999)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

4.00 Gb Total Physical Memory | 2.00 Gb Available Physical Memory | 55.00% Memory free
8.00 Gb Paging File | 6.00 Gb Available in Paging File | 77.00% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 586.40 Gb Total Space | 537.41 Gb Free Space | 91.64% Space Free | Partition Type: NTFS
Drive D: | 461.55 Mb Total Space | 0.00 Mb Free Space | 0.00% Space Free | Partition Type: CDFS

Computer Name: UNSETH-PC | User Name: unseth | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan | Include 64bit Scans
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2011/02/03 09:42:55 | 000,602,624 | ---- | M] (OldTimer Tools) -- C:\Users\unseth\Downloads\OTL.exe
PRC - [2011/02/02 11:57:55 | 000,068,856 | ---- | M] (Google Inc.) -- C:\Program Files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
PRC - [2011/01/13 02:47:34 | 003,396,624 | ---- | M] (AVAST Software) -- C:\Program Files\Alwil Software\Avast5\AvastUI.exe
PRC - [2011/01/13 02:47:33 | 000,040,384 | ---- | M] (AVAST Software) -- C:\Program Files\Alwil Software\Avast5\AvastSvc.exe
PRC - [2011/01/07 21:35:52 | 000,991,800 | ---- | M] (Google Inc.) -- C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
PRC - [2010/01/15 06:49:20 | 000,255,536 | ---- | M] (McAfee, Inc.) -- C:\Program Files (x86)\McAfee Security Scan\2.0.181\SSScheduler.exe
PRC - [2008/11/03 15:31:05 | 001,245,064 | ---- | M] () -- C:\Program Files (x86)\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
PRC - [2008/10/17 17:52:10 | 000,149,352 | ---- | M] (Symantec Corporation) -- c:\Program Files (x86)\Common Files\Symantec Shared\CCSVCHST.EXE
PRC - [2008/05/30 12:50:28 | 000,581,120 | ---- | M] () -- C:\Windows\mHotkey.exe
PRC - [2008/05/21 16:36:36 | 000,053,248 | ---- | M] (IOI) -- C:\Program Files (x86)\IOI\Smart Copy\ButtonMonitor.exe
PRC - [2008/04/24 16:18:48 | 000,057,344 | ---- | M] (Chicony) -- C:\Windows\ChiFuncExt.exe
PRC - [2008/04/24 15:44:28 | 000,354,304 | ---- | M] (Creative) -- C:\Windows\CNYHKey.exe
PRC - [2008/02/22 06:25:21 | 000,144,784 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files (x86)\Java\jre1.6.0_05\bin\jusched.exe
PRC - [2008/02/20 17:02:00 | 000,238,968 | ---- | M] (Symantec Corporation) -- c:\Program Files (x86)\Symantec\LiveUpdate\AluSchedulerSvc.exe
PRC - [2008/01/12 00:16:38 | 000,039,792 | ---- | M] (Adobe Systems Incorporated) -- C:\Program Files (x86)\Adobe\Reader 8.0\Reader\reader_sl.exe
PRC - [2007/01/08 16:51:56 | 000,053,248 | ---- | M] (Chicony) -- C:\Windows\ModLEDKey.exe


========== Modules (SafeList) ==========

MOD - [2011/02/03 09:42:55 | 000,602,624 | ---- | M] (OldTimer Tools) -- C:\Users\unseth\Downloads\OTL.exe
MOD - [2011/01/13 02:47:35 | 000,189,728 | ---- | M] (AVAST Software) -- C:\Program Files\Alwil Software\Avast5\snxhk.dll
MOD - [2010/08/31 09:39:57 | 001,684,480 | ---- | M] (Microsoft Corporation) -- C:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.6001.18523_none_5cdd65e20837faf2\comctl32.dll


========== Win32 Services (SafeList) ==========

SRV:64bit: - [2011/01/13 02:47:33 | 000,040,384 | ---- | M] (AVAST Software) [Auto | Running] -- C:\Program Files\Alwil Software\Avast5\AvastSvc.exe -- (avast! Antivirus)
SRV:64bit: - [2008/07/22 08:12:08 | 000,902,656 | ---- | M] () [Auto | Running] -- C:\Windows\SysNative\Ati2evxx.exe -- (Ati External Event Utility)
SRV:64bit: - [2008/06/11 13:18:30 | 000,024,576 | ---- | M] () [Auto | Running] -- C:\Program Files\GATEWAY\Gateway Recovery Management\Service\ETService.exe -- (ETService)
SRV:64bit: - [2008/01/20 20:47:32 | 000,383,544 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
SRV:64bit: - [2007/12/10 21:11:30 | 000,015,872 | ---- | M] () [Auto | Running] -- C:\Windows\SysNative\agr64svc.exe -- (AgereModemAudio)
SRV:64bit: - [2006/11/02 05:16:05 | 000,046,592 | ---- | M] () [Auto | Running] -- C:\Windows\SysNative\rundll32.exe -- (yksvc)
SRV - [2010/03/18 13:16:28 | 000,130,384 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32)
SRV - [2010/01/15 06:49:20 | 000,227,232 | ---- | M] (McAfee, Inc.) [On_Demand | Stopped] -- C:\Program Files (x86)\McAfee Security Scan\2.0.181\McCHSvc.exe -- (McComponentHostService)
SRV - [2008/11/03 15:31:05 | 001,245,064 | ---- | M] () [On_Demand | Running] -- C:\Program Files (x86)\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe -- (Symantec Core LC)
SRV - [2008/10/17 17:52:10 | 000,149,352 | ---- | M] (Symantec Corporation) [Auto | Running] -- c:\Program Files (x86)\Common Files\Symantec Shared\ccSvcHst.exe -- (LiveUpdate Notice)
SRV - [2008/10/17 17:52:10 | 000,149,352 | ---- | M] (Symantec Corporation) [Auto | Running] -- c:\Program Files (x86)\Common Files\Symantec Shared\ccSvcHst.exe -- (CLTNetCnService)
SRV - [2008/10/17 17:52:10 | 000,149,352 | ---- | M] (Symantec Corporation) [Auto | Running] -- c:\Program Files (x86)\Common Files\Symantec Shared\ccSvcHst.exe -- (ccSetMgr)
SRV - [2008/10/17 17:52:10 | 000,149,352 | ---- | M] (Symantec Corporation) [Auto | Running] -- c:\Program Files (x86)\Common Files\Symantec Shared\ccSvcHst.exe -- (ccEvtMgr)
SRV - [2008/09/05 13:52:32 | 003,220,856 | ---- | M] (Symantec Corporation) [On_Demand | Stopped] -- c:\Program Files (x86)\Symantec\LiveUpdate\LuComServer_3_4.EXE -- (LiveUpdate)
SRV - [2008/07/27 12:03:13 | 000,069,632 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32)
SRV - [2008/05/05 16:25:46 | 000,165,416 | ---- | M] (WildTangent, Inc.) [On_Demand | Stopped] -- C:\Program Files (x86)\Gateway Games\Gateway Game Console\GameConsoleService.exe -- (GameConsoleService)
SRV - [2008/02/20 17:02:00 | 000,238,968 | ---- | M] (Symantec Corporation) [Auto | Running] -- c:\Program Files (x86)\Symantec\LiveUpdate\AluSchedulerSvc.exe -- (Automatic LiveUpdate Scheduler)
SRV - [2007/08/21 04:22:00 | 000,267,096 | ---- | M] (Symantec Corporation) [On_Demand | Stopped] -- c:\Program Files (x86)\Common Files\Symantec Shared\VAScanner\comHost.exe -- (comHost)


========== Driver Services (SafeList) ==========

DRV:64bit: - [2011/02/02 14:30:37 | 000,172,080 | ---- | M] () [Kernel | On_Demand | Running] -- C:\Windows\SysNative\Drivers\SYMEVENT64x86.SYS -- (SymEvent)
DRV:64bit: - [2011/01/13 02:37:23 | 000,062,032 | ---- | M] () [File_System | Auto | Running] -- C:\Windows\SysNative\drivers\aswMonFlt.sys -- (aswMonFlt)
DRV:64bit: - [2009/02/19 15:31:42 | 000,028,720 | ---- | M] () [Kernel | System | Running] -- C:\Windows\SysNative\DRIVERS\SymIMv.sys -- (SymIM)
DRV:64bit: - [2009/02/19 15:31:18 | 000,047,664 | ---- | M] () [Kernel | On_Demand | Running] -- C:\Windows\SysNative\Drivers\SYMNDISV.SYS -- (SYMNDISV)
DRV:64bit: - [2009/02/19 15:31:00 | 000,266,800 | ---- | M] () [Kernel | System | Running] -- C:\Windows\SysNative\Drivers\SYMTDI.SYS -- (SYMTDI)
DRV:64bit: - [2009/02/19 15:30:58 | 000,145,456 | ---- | M] () [Kernel | On_Demand | Running] -- C:\Windows\SysNative\Drivers\SYMFW.SYS -- (SYMFW)
DRV:64bit: - [2009/02/19 15:30:58 | 000,028,720 | ---- | M] () [Kernel | On_Demand | Running] -- C:\Windows\SysNative\Drivers\SYMREDRV.SYS -- (SYMREDRV)
DRV:64bit: - [2009/02/19 15:30:58 | 000,016,432 | ---- | M] () [Kernel | On_Demand | Running] -- C:\Windows\SysNative\Drivers\SYMDNS.SYS -- (SYMDNS)
DRV:64bit: - [2008/08/05 02:03:00 | 000,392,192 | ---- | M] () [Kernel | On_Demand | Running] -- C:\Windows\SysNative\DRIVERS\yk60x64.sys -- (yukonx64)
DRV:64bit: - [2008/07/30 19:55:06 | 000,025,424 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\COH_Mon.sys -- (COH_Mon)
DRV:64bit: - [2008/07/22 08:58:24 | 004,647,936 | ---- | M] () [Kernel | On_Demand | Running] -- C:\Windows\SysNative\DRIVERS\atikmdag.sys -- (atikmdag)
DRV:64bit: - [2008/06/05 21:21:44 | 000,066,048 | ---- | M] () [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\RTSTOR64.SYS -- (RTSTOR)
DRV:64bit: - [2008/04/27 19:25:06 | 000,016,400 | ---- | M] () [Kernel | Boot | Running] -- C:\Windows\SysNative\DRIVERS\AtiPcie.sys -- (AtiPcie) ATI PCI Express (3GIO)
DRV:64bit: - [2008/04/17 15:12:54 | 000,019,304 | ---- | M] () [Kernel | On_Demand | Running] -- C:\Windows\SysNative\Drivers\GEARAspiWDM.sys -- (GEARAspiWDM)
DRV:64bit: - [2008/03/05 00:22:34 | 001,253,376 | ---- | M] () [Kernel | On_Demand | Running] -- C:\Windows\SysNative\DRIVERS\agrsm64.sys -- (AgereSoftModem)
DRV:64bit: - [2008/01/30 20:51:00 | 000,476,720 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\SRTSPL64.SYS -- (SRTSPL)
DRV:64bit: - [2008/01/30 20:51:00 | 000,440,880 | ---- | M] () [File_System | On_Demand | Running] -- C:\Windows\SysNative\Drivers\SRTSP64.SYS -- (SRTSP)
DRV:64bit: - [2008/01/30 20:51:00 | 000,032,304 | ---- | M] () [Kernel | System | Running] -- C:\Windows\SysNative\Drivers\SRTSPX64.SYS -- (SRTSPX)
DRV:64bit: - [2006/09/18 15:36:24 | 000,000,308 | ---- | M] () [File_System | On_Demand | Running] -- C:\Windows\SysNative\Wbem\ntfs.mof -- (Ntfs)
DRV - [2011/01/18 13:17:46 | 001,791,096 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\ProgramData\Symantec\Definitions\VirusDefs\20110202.022\EX64.SYS -- (NAVEX15)
DRV - [2011/01/18 13:17:46 | 000,475,696 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\eeCtrl64.sys -- (eeCtrl)
DRV - [2011/01/18 13:17:46 | 000,132,656 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys -- (EraserUtilRebootDrv)
DRV - [2011/01/18 13:17:46 | 000,117,880 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\ProgramData\Symantec\Definitions\VirusDefs\20110202.022\ENG64.SYS -- (NAVENG)
DRV - [2011/01/07 00:14:06 | 000,392,752 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\ProgramData\Symantec\Definitions\SymcData\ipsdefs\20110126.001\IDSviA64.sys -- (IDSvia64)
DRV - [2008/06/11 13:13:24 | 000,017,952 | ---- | M] (Acer, Inc.) [Kernel | Auto | Stopped] -- C:\Windows\SysWOW64\drivers\int15_64.sys -- (int15)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://homepage.gateway.com/rdr.aspx?b=ACGW&l=0409&s=1&o=vp64&d=0211&m=dx4200-09
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://homepage.gateway.com/rdr.aspx?b=ACGW&l=0409&s=1&o=vp64&d=0211&m=dx4200-09

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,SearchDefaultBranded = 1
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.msn.com/
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,StartPageCache = 1
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0



O1 HOSTS File: ([2006/09/18 15:37:24 | 000,000,761 | ---- | M]) - C:\Windows\SysNative\drivers\etc\Hosts
O1 - Hosts: 127.0.0.1 localhost
O1 - Hosts: ::1 localhost
O2:64bit: - BHO: (Google Toolbar Helper) - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
O2:64bit: - BHO: (Google Toolbar Notifier BHO) - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.6.5805.1910\swg64.dll (Google Inc.)
O2 - BHO: (Adobe PDF Reader Link Helper) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated)
O2 - BHO: (no name) - {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - c:\Program Files (x86)\Common Files\Symantec Shared\coShared\Browser\2.6\CoIEPlg.dll (Symantec Corporation)
O2 - BHO: (Symantec Intrusion Prevention) - {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - C:\Program Files (x86)\Common Files\Symantec Shared\IDS\IPSBHO.dll (Symantec Corporation)
O2 - BHO: (SSVHelper Class) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre1.6.0_05\bin\ssv.dll (Sun Microsystems, Inc.)
O2 - BHO: (Google Toolbar Helper) - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
O2 - BHO: (Google Toolbar Notifier BHO) - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files (x86)\Google\GoogleToolbarNotifier\5.6.5805.1910\swg.dll (Google Inc.)
O3:64bit: - HKLM\..\Toolbar: (Google Toolbar) - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
O3 - HKLM\..\Toolbar: (Google Toolbar) - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
O3 - HKLM\..\Toolbar: (Show Norton Toolbar) - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - c:\Program Files (x86)\Common Files\Symantec Shared\coShared\Browser\2.6\CoIEPlg.dll (Symantec Corporation)
O3:64bit: - HKCU\..\Toolbar\WebBrowser: (Google Toolbar) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
O3 - HKCU\..\Toolbar\WebBrowser: (Google Toolbar) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
O3 - HKCU\..\Toolbar\WebBrowser: (Show Norton Toolbar) - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - c:\Program Files (x86)\Common Files\Symantec Shared\coShared\Browser\2.6\CoIEPlg.dll (Symantec Corporation)
O4:64bit: - HKLM..\Run: [Windows Defender] C:\Program Files\Windows Defender\MSASCui.exe (Microsoft Corporation)
O4 - HKLM..\Run: [Adobe Reader Speed Launcher] C:\Program Files (x86)\Adobe\Reader 8.0\Reader\Reader_sl.exe (Adobe Systems Incorporated)
O4 - HKLM..\Run: [avast5] C:\Program Files\Alwil Software\Avast5\avastUI.exe (AVAST Software)
O4 - HKLM..\Run: [ccApp] c:\Program Files (x86)\Common Files\Symantec Shared\ccApp.exe (Symantec Corporation)
O4 - HKLM..\Run: [eRecoveryService] File not found
O4 - HKLM..\Run: [LchDrvKey] C:\Windows\LchDrvKey.exe ()
O4 - HKLM..\Run: [LedKey] C:\Windows\CNYHKey.exe (Creative)
O4 - HKLM..\Run: [osCheck] c:\Program Files (x86)\Norton 360\osCheck.exe (Symantec Corporation)
O4 - HKLM..\Run: [P2Go_Menu] C:\Program Files (x86)\CyberLink\Power2Go\MUITransfer\MUIStartMenu.exe (CyberLink Corp.)
O4 - HKLM..\Run: [Smart Copy] C:\Program Files (x86)\IOI\Smart Copy\ButtonMonitor.exe (IOI)
O4 - HKLM..\Run: [StartCCC] C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe (Advanced Micro Devices, Inc.)
O4 - HKLM..\Run: [SunJavaUpdateSched] C:\Program Files (x86)\Java\jre1.6.0_05\bin\jusched.exe (Sun Microsystems, Inc.)
O4 - HKCU..\Run: [swg] C:\Program Files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe (Google Inc.)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1
O8:64bit: - Extra context menu item: Google Sidewiki... - C:\Program Files (x86)\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_E11712C84EA7E12B.dll (Google Inc.)
O8 - Extra context menu item: Google Sidewiki... - C:\Program Files (x86)\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_E11712C84EA7E12B.dll (Google Inc.)
O13 - gopher Prefix: missing
O13 - gopher Prefix: missing
O16 - DPF: {3860DD98-0549-4D50-AA72-5D17D200EE10} http://cdn.scan.onecare.live.com/resource/download/scanner/en-us/wlscctrl2.cab (Windows Live OneCare safety scanner control)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_05-windows-i586.cab (Java Plug-in 1.6.0_05)
O16 - DPF: {CAFEEFAC-0016-0000-0005-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_05-windows-i586.cab (Java Plug-in 1.6.0_05)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_05-windows-i586.cab (Java Plug-in 1.6.0_05)
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab (Reg Error: Key error.)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.254
O18:64bit: - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\ms-itss {0A9007C0-4076-11D3-8789-0000F8105754} - Reg Error: Key error. File not found
O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O24 - Desktop WallPaper: C:\Windows\Web\Wallpaper\img11.jpg
O24 - Desktop BackupWallPaper: C:\Windows\Web\Wallpaper\img11.jpg
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2000/09/07 14:06:55 | 000,000,027 | R--- | M] () - D:\AUTORUN.INF -- [ CDFS ]
O33 - MountPoints2\{6a9c5691-2ef3-11e0-b1fb-806e6f6e6963}\Shell - "" = AutoRun
O33 - MountPoints2\{6a9c5691-2ef3-11e0-b1fb-806e6f6e6963}\Shell\AutoRun\command - "" = D:\CDExtra.exe -- [2002/11/26 10:20:18 | 002,580,052 | R--- | M] (Macromedia, Inc.)
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*


CREATERESTOREPOINT
Restore point Set: OTL Restore Point

========== Files/Folders - Created Within 30 Days ==========

[2011/02/02 22:43:08 | 000,000,000 | ---D | C] -- C:\Users\unseth\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\HiJackThis
[2011/02/02 22:43:07 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Trend Micro
[2011/02/02 20:26:48 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome
[2011/02/02 20:24:26 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\avast! Free Antivirus
[2011/02/02 20:23:29 | 000,038,848 | ---- | C] (AVAST Software) -- C:\Windows\avastSS.scr
[2011/02/02 20:23:28 | 000,188,216 | ---- | C] (AVAST Software) -- C:\Windows\SysWow64\aswBoot.exe
[2011/02/02 20:23:20 | 000,000,000 | ---D | C] -- C:\ProgramData\Alwil Software
[2011/02/02 20:23:20 | 000,000,000 | ---D | C] -- C:\Program Files\Alwil Software
[2011/02/02 20:02:48 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Windows Live Safety Center
[2011/02/02 15:44:02 | 000,000,000 | ---D | C] -- C:\Program Files\Google
[2011/02/02 15:41:24 | 000,000,000 | ---D | C] -- C:\Users\unseth\AppData\Roaming\Adobe
[2011/02/02 15:06:55 | 000,000,000 | ---D | C] -- C:\Users\unseth\AppData\Local\Microsoft Games
[2011/02/02 14:46:21 | 000,000,000 | ---D | C] -- C:\Windows\Minidump
[2011/02/02 14:35:06 | 000,000,000 | ---D | C] -- C:\Users\unseth\AppData\Roaming\Google
[2011/02/02 14:35:06 | 000,000,000 | ---D | C] -- C:\Users\unseth\AppData\Local\Google
[2011/02/02 14:28:08 | 000,000,000 | ---D | C] -- C:\Users\Public\Documents\Symantec
[2011/02/02 14:28:04 | 000,000,000 | ---D | C] -- C:\Windows\SysNative\DRVSTORE
[2011/02/02 14:28:04 | 000,000,000 | ---D | C] -- C:\ProgramData\{3276BE95_AF08_429F_A64F_CA64CB79BCF6}
[2011/02/02 14:27:10 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Adobe AIR
[2011/02/02 14:27:09 | 000,000,000 | ---D | C] -- C:\Users\unseth\AppData\Local\Adobe
[2011/02/02 14:25:40 | 000,000,000 | ---D | C] -- C:\ProgramData\McAfee Security Scan
[2011/02/02 14:25:40 | 000,000,000 | ---D | C] -- C:\ProgramData\McAfee
[2011/02/02 14:25:39 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\McAfee Security Scan Plus
[2011/02/02 14:25:39 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\McAfee Security Scan
[2011/02/02 14:16:18 | 000,000,000 | ---D | C] -- C:\Users\unseth\AppData\Roaming\Macromedia
[2011/02/02 12:04:21 | 000,000,000 | ---D | C] -- C:\Users\unseth\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\CyberLink Power2Go
[2011/02/02 12:04:08 | 000,000,000 | ---D | C] -- C:\ProgramData\CyberLink
[2011/02/02 12:02:26 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Gateway
[2011/02/02 12:01:29 | 000,017,952 | ---- | C] (Acer, Inc.) -- C:\Windows\SysWow64\drivers\int15_64.sys
[2011/02/02 12:01:29 | 000,015,392 | ---- | C] (Acer, Inc.) -- C:\Windows\SysWow64\drivers\int15.sys
[2011/02/02 12:01:09 | 000,000,000 | ---D | C] -- C:\Program Files\GATEWAY
[2011/02/02 12:00:38 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Smart Copy
[2011/02/02 12:00:38 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\IOI
[2011/02/02 11:59:21 | 000,354,304 | ---- | C] (Creative) -- C:\Windows\CNYHKey.exe
[2011/02/02 11:59:21 | 000,053,248 | ---- | C] (Chicony) -- C:\Windows\ModLEDKey.exe
[2011/02/02 11:59:20 | 000,057,344 | ---- | C] (Chicony) -- C:\Windows\ChiFuncExt.exe
[2011/02/02 11:59:00 | 000,000,000 | ---D | C] -- C:\Users\unseth\AppData\Roaming\Symantec
[2011/02/02 11:58:58 | 000,000,000 | ---D | C] -- C:\Users\unseth\AppData\Roaming\InstallShield
[2011/02/02 11:58:57 | 000,000,000 | ---D | C] -- C:\Users\unseth\AppData\Roaming\ATI
[2011/02/02 11:58:57 | 000,000,000 | ---D | C] -- C:\Users\unseth\AppData\Local\ATI
[2011/02/02 11:58:57 | 000,000,000 | ---D | C] -- C:\ProgramData\ATI
[2011/02/02 11:58:46 | 000,000,000 | R--D | C] -- C:\Users\unseth\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup
[2011/02/02 11:58:46 | 000,000,000 | R--D | C] -- C:\Users\unseth\Searches
[2011/02/02 11:58:46 | 000,000,000 | R--D | C] -- C:\Users\unseth\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Administrative Tools
[2011/02/02 11:58:39 | 000,000,000 | ---D | C] -- C:\Users\unseth\AppData\Roaming\Identities
[2011/02/02 11:58:37 | 000,000,000 | R--D | C] -- C:\Users\unseth\Contacts
[2011/02/02 11:58:36 | 000,000,000 | ---D | C] -- C:\Users\unseth\AppData\Local\VirtualStore
[2011/02/02 11:58:14 | 000,000,000 | ---D | C] -- C:\ProgramData\Application Data
[2011/02/02 11:58:00 | 000,000,000 | ---D | C] -- C:\Program Files\eBay
[2011/02/02 11:57:55 | 000,000,000 | ---D | C] -- C:\ProgramData\Google
[2011/02/02 11:57:50 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Google
[2011/02/02 11:55:16 | 000,000,000 | --SD | C] -- C:\Users\unseth\AppData\Roaming\Microsoft
[2011/02/02 11:55:16 | 000,000,000 | R--D | C] -- C:\Users\unseth\Videos
[2011/02/02 11:55:16 | 000,000,000 | R--D | C] -- C:\Users\unseth\Saved Games
[2011/02/02 11:55:16 | 000,000,000 | R--D | C] -- C:\Users\unseth\Pictures
[2011/02/02 11:55:16 | 000,000,000 | R--D | C] -- C:\Users\unseth\Music
[2011/02/02 11:55:16 | 000,000,000 | R--D | C] -- C:\Users\unseth\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Maintenance
[2011/02/02 11:55:16 | 000,000,000 | R--D | C] -- C:\Users\unseth\Links
[2011/02/02 11:55:16 | 000,000,000 | R--D | C] -- C:\Users\unseth\Favorites
[2011/02/02 11:55:16 | 000,000,000 | R--D | C] -- C:\Users\unseth\Downloads
[2011/02/02 11:55:16 | 000,000,000 | R--D | C] -- C:\Users\unseth\Documents
[2011/02/02 11:55:16 | 000,000,000 | R--D | C] -- C:\Users\unseth\Desktop
[2011/02/02 11:55:16 | 000,000,000 | R--D | C] -- C:\Users\unseth\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories
[2011/02/02 11:55:16 | 000,000,000 | -HSD | C] -- C:\Users\unseth\AppData\Local\Temporary Internet Files
[2011/02/02 11:55:16 | 000,000,000 | -HSD | C] -- C:\Users\unseth\Templates
[2011/02/02 11:55:16 | 000,000,000 | -HSD | C] -- C:\Users\unseth\Start Menu
[2011/02/02 11:55:16 | 000,000,000 | -HSD | C] -- C:\Users\unseth\SendTo
[2011/02/02 11:55:16 | 000,000,000 | -HSD | C] -- C:\Users\unseth\Recent
[2011/02/02 11:55:16 | 000,000,000 | -HSD | C] -- C:\Users\unseth\PrintHood
[2011/02/02 11:55:16 | 000,000,000 | -HSD | C] -- C:\Users\unseth\NetHood
[2011/02/02 11:55:16 | 000,000,000 | -HSD | C] -- C:\Users\unseth\Documents\My Videos
[2011/02/02 11:55:16 | 000,000,000 | -HSD | C] -- C:\Users\unseth\Documents\My Pictures
[2011/02/02 11:55:16 | 000,000,000 | -HSD | C] -- C:\Users\unseth\Documents\My Music
[2011/02/02 11:55:16 | 000,000,000 | -HSD | C] -- C:\Users\unseth\My Documents
[2011/02/02 11:55:16 | 000,000,000 | -HSD | C] -- C:\Users\unseth\Local Settings
[2011/02/02 11:55:16 | 000,000,000 | -HSD | C] -- C:\Users\unseth\AppData\Local\History
[2011/02/02 11:55:16 | 000,000,000 | -HSD | C] -- C:\Users\unseth\Cookies
[2011/02/02 11:55:16 | 000,000,000 | -HSD | C] -- C:\Users\unseth\Application Data
[2011/02/02 11:55:16 | 000,000,000 | -HSD | C] -- C:\Users\unseth\AppData\Local\Application Data
[2011/02/02 11:55:16 | 000,000,000 | -H-D | C] -- C:\Users\unseth\AppData
[2011/02/02 11:55:16 | 000,000,000 | ---D | C] -- C:\Users\unseth\AppData\Local\Temp
[2011/02/02 11:55:16 | 000,000,000 | ---D | C] -- C:\Users\unseth\AppData\Local\Microsoft
[2011/02/02 11:55:16 | 000,000,000 | ---D | C] -- C:\Users\unseth\AppData\Roaming\Media Center Programs
[2011/02/02 11:55:16 | 000,000,000 | ---D | C] -- C:\Users\unseth\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\CyberLink MediaShow
[2011/02/02 11:55:16 | 000,000,000 | ---D | C] -- C:\Users\unseth\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\CyberLink LabelPrint
[2011/02/02 11:46:36 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Catalyst Control Center
[2011/02/02 11:46:03 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\ATI Technologies
[2011/02/02 11:45:11 | 000,000,000 | ---D | C] -- C:\Program Files\ATI
[2011/02/02 11:44:28 | 000,000,000 | ---D | C] -- C:\Windows\SoftwareDistribution
[2011/02/02 11:39:49 | 000,000,000 | -HSD | C] -- C:\System Volume Information
[2011/02/02 11:38:27 | 000,054,824 | ---- | C] (Agere Systems) -- C:\Windows\agrsmdel.exe
[2011/02/02 11:38:27 | 000,029,184 | ---- | C] (Agere Systems) -- C:\Windows\agrdel64.exe

========== Files - Modified Within 30 Days ==========

[2011/02/03 09:42:54 | 000,703,388 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI
[2011/02/03 09:42:54 | 000,604,264 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat
[2011/02/03 09:42:54 | 000,103,964 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat
[2011/02/03 09:39:01 | 000,000,898 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2011/02/03 09:38:46 | 000,000,894 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2011/02/03 09:36:53 | 000,000,000 | ---- | M] () -- C:\Windows\SysNative\LogConfigTemp.xml
[2011/02/03 09:36:33 | 000,003,216 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
[2011/02/03 09:36:32 | 000,003,216 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
[2011/02/03 09:36:15 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2011/02/03 09:36:10 | 4025,671,680 | -HS- | M] () -- C:\hiberfil.sys
[2011/02/03 00:53:33 | 551,778,020 | ---- | M] () -- C:\Windows\MEMORY.DMP
[2011/02/03 00:17:31 | 000,000,000 | ---- | M] () -- C:\Users\unseth\defogger_reenable
[2011/02/02 23:49:18 | 000,002,561 | ---- | M] () -- C:\Users\unseth\Desktop\HiJackThis.lnk
[2011/02/02 20:26:48 | 000,002,027 | ---- | M] () -- C:\Users\Public\Desktop\Google Chrome.lnk
[2011/02/02 20:26:48 | 000,002,011 | ---- | M] () -- C:\Users\unseth\Application Data\Microsoft\Internet Explorer\Quick Launch\Google Chrome.lnk
[2011/02/02 20:24:27 | 000,001,798 | ---- | M] () -- C:\Users\Public\Desktop\avast! Free Antivirus.lnk
[2011/02/02 20:24:20 | 000,000,000 | ---- | M] () -- C:\Windows\SysWow64\config.nt
[2011/02/02 19:17:38 | 000,000,970 | ---- | M] () -- C:\Users\unseth\Application Data\Microsoft\Internet Explorer\Quick Launch\Windows Media Player.lnk
[2011/02/02 18:42:49 | 000,000,975 | ---- | M] () -- C:\Users\unseth\Application Data\Microsoft\Internet Explorer\Quick Launch\Launch Internet Explorer Browser.lnk
[2011/02/02 18:32:05 | 000,313,928 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT
[2011/02/02 14:30:37 | 000,172,080 | ---- | M] () -- C:\Windows\SysNative\drivers\SYMEVENT64x86.SYS
[2011/02/02 14:30:37 | 000,010,655 | ---- | M] () -- C:\Windows\SysNative\drivers\SYMEVENT64x86.CAT
[2011/02/02 14:30:37 | 000,000,855 | ---- | M] () -- C:\Windows\SysNative\drivers\SYMEVENT64x86.INF
[2011/02/02 14:25:39 | 000,001,773 | ---- | M] () -- C:\Users\Public\Desktop\McAfee Security Scan Plus.lnk
[2011/02/02 14:25:39 | 000,001,771 | ---- | M] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\McAfee Security Scan Plus.lnk
[2011/02/02 12:04:28 | 000,000,000 | ---- | M] () -- C:\Windows\SysNative\drivers\Gateway_DX4200-09_1.0_PTG040X007907024B82703.MRK
[2011/02/02 11:57:23 | 000,112,780 | ---- | M] () -- C:\Windows\SysNative\log.xml
[2011/02/02 11:50:37 | 000,047,092 | ---- | M] () -- C:\Windows\SysNative\license.rtf
[2011/02/02 11:45:52 | 000,000,000 | ---- | M] () -- C:\Windows\ativpsrm.bin
[2011/02/02 11:44:29 | 000,000,000 | -H-- | M] () -- C:\Windows\SysNative\drivers\Msft_User_WpdFs_01_00_00.Wdf
[2011/01/13 02:47:35 | 000,038,848 | ---- | M] (AVAST Software) -- C:\Windows\avastSS.scr
[2011/01/13 02:47:32 | 000,188,216 | ---- | M] (AVAST Software) -- C:\Windows\SysWow64\aswBoot.exe
[2011/01/13 02:47:23 | 000,237,168 | ---- | M] () -- C:\Windows\SysNative\aswBoot.exe
[2011/01/13 02:41:44 | 000,273,488 | ---- | M] () -- C:\Windows\SysNative\drivers\aswSP.sys
[2011/01/13 02:40:20 | 000,051,792 | ---- | M] () -- C:\Windows\SysNative\drivers\aswTdi.sys
[2011/01/13 02:37:34 | 000,029,264 | ---- | M] () -- C:\Windows\SysNative\drivers\aswRdr.sys
[2011/01/13 02:37:23 | 000,062,032 | ---- | M] () -- C:\Windows\SysNative\drivers\aswMonFlt.sys
[2011/01/13 02:37:12 | 000,020,560 | ---- | M] () -- C:\Windows\SysNative\drivers\aswFsBlk.sys

========== Files Created - No Company Name ==========

[2011/02/03 00:17:31 | 000,000,000 | ---- | C] () -- C:\Users\unseth\defogger_reenable
[2011/02/02 22:43:08 | 000,002,561 | ---- | C] () -- C:\Users\unseth\Desktop\HiJackThis.lnk
[2011/02/02 22:03:44 | 4025,671,680 | -HS- | C] () -- C:\hiberfil.sys
[2011/02/02 20:26:48 | 000,002,027 | ---- | C] () -- C:\Users\Public\Desktop\Google Chrome.lnk
[2011/02/02 20:26:48 | 000,002,011 | ---- | C] () -- C:\Users\unseth\Application Data\Microsoft\Internet Explorer\Quick Launch\Google Chrome.lnk
[2011/02/02 20:24:27 | 000,001,798 | ---- | C] () -- C:\Users\Public\Desktop\avast! Free Antivirus.lnk
[2011/02/02 20:24:26 | 000,020,560 | ---- | C] () -- C:\Windows\SysNative\drivers\aswFsBlk.sys
[2011/02/02 20:24:25 | 000,273,488 | ---- | C] () -- C:\Windows\SysNative\drivers\aswSP.sys
[2011/02/02 20:24:23 | 000,029,264 | ---- | C] () -- C:\Windows\SysNative\drivers\aswRdr.sys
[2011/02/02 20:24:22 | 000,051,792 | ---- | C] () -- C:\Windows\SysNative\drivers\aswTdi.sys
[2011/02/02 20:24:20 | 000,062,032 | ---- | C] () -- C:\Windows\SysNative\drivers\aswMonFlt.sys
[2011/02/02 20:24:19 | 000,237,168 | ---- | C] () -- C:\Windows\SysNative\aswBoot.exe
[2011/02/02 20:24:19 | 000,000,000 | ---- | C] () -- C:\Windows\SysWow64\config.nt
[2011/02/02 20:23:34 | 000,428,804 | ---- | C] () -- C:\Users\unseth\AppData\Local\dd_vcredistMSI79E3.txt
[2011/02/02 20:23:32 | 000,011,714 | ---- | C] () -- C:\Users\unseth\AppData\Local\dd_vcredistUI79E3.txt
[2011/02/02 18:58:45 | 001,942,856 | ---- | C] () -- C:\Windows\SysNative\dfshim.dll
[2011/02/02 18:58:45 | 000,444,752 | ---- | C] () -- C:\Windows\SysNative\mscoree.dll
[2011/02/02 18:58:45 | 000,320,352 | ---- | C] () -- C:\Windows\SysNative\PresentationHost.exe
[2011/02/02 18:58:45 | 000,109,912 | ---- | C] () -- C:\Windows\SysNative\PresentationHostProxy.dll
[2011/02/02 18:58:45 | 000,048,960 | ---- | C] () -- C:\Windows\SysNative\netfxperf.dll
[2011/02/02 18:50:17 | 000,000,970 | ---- | C] () -- C:\Users\unseth\Application Data\Microsoft\Internet Explorer\Quick Launch\Windows Media Player.lnk
[2011/02/02 17:06:25 | 000,316,416 | ---- | C] () -- C:\Windows\SysNative\msshsq.dll
[2011/02/02 16:06:26 | 000,049,160 | ---- | C] () -- C:\Windows\SysNative\infocardcpl.cpl
[2011/02/02 16:06:22 | 000,011,264 | ---- | C] () -- C:\Windows\SysNative\icardres.dll
[2011/02/02 16:06:20 | 001,383,936 | ---- | C] () -- C:\Windows\SysNative\icardagt.exe
[2011/02/02 16:06:20 | 001,168,928 | ---- | C] () -- C:\Windows\SysNative\PresentationNative_v0300.dll
[2011/02/02 16:06:20 | 000,167,432 | ---- | C] () -- C:\Windows\SysNative\infocardapi.dll
[2011/02/02 16:06:13 | 000,126,520 | ---- | C] () -- C:\Windows\SysNative\PresentationCFFRasterizerNative_v0300.dll
[2011/02/02 15:58:11 | 000,158,208 | ---- | C] () -- C:\Windows\SysNative\mscorier.dll
[2011/02/02 15:58:08 | 000,076,288 | ---- | C] () -- C:\Windows\SysNative\mscories.dll
[2011/02/02 15:55:08 | 000,270,720 | ---- | C] () -- C:\Windows\SysNative\MpSigStub.exe
[2011/02/02 15:52:48 | 000,032,768 | ---- | C] () -- C:\Windows\SysNative\nshhttp.dll
[2011/02/02 15:52:45 | 000,610,304 | ---- | C] () -- C:\Windows\SysNative\drivers\http.sys
[2011/02/02 15:52:45 | 000,033,792 | ---- | C] () -- C:\Windows\SysNative\httpapi.dll
[2011/02/02 15:47:37 | 000,104,960 | ---- | C] () -- C:\Windows\SysNative\cabview.dll
[2011/02/02 15:47:36 | 000,218,112 | ---- | C] () -- C:\Windows\SysNative\wintrust.dll
[2011/02/02 15:45:14 | 000,227,328 | ---- | C] () -- C:\Windows\SysNative\mpg2splt.ax
[2011/02/02 15:45:14 | 000,101,376 | ---- | C] () -- C:\Windows\SysNative\MSNP.ax
[2011/02/02 15:45:11 | 000,558,592 | ---- | C] () -- C:\Windows\SysNative\EncDec.dll
[2011/02/02 15:45:11 | 000,375,808 | ---- | C] () -- C:\Windows\SysNative\psisdecd.dll
[2011/02/02 15:45:11 | 000,289,792 | ---- | C] () -- C:\Windows\SysNative\psisrndr.ax
[2011/02/02 15:42:19 | 000,057,560 | ---- | C] () -- C:\Windows\SysNative\wuauclt.exe
[2011/02/02 15:42:19 | 000,043,744 | ---- | C] () -- C:\Windows\SysNative\wups2.dll
[2011/02/02 15:42:18 | 002,621,440 | ---- | C] () -- C:\Windows\SysNative\wucltux.dll
[2011/02/02 15:42:18 | 002,424,024 | ---- | C] () -- C:\Windows\SysNative\wuaueng.dll
[2011/02/02 15:42:07 | 000,700,640 | ---- | C] () -- C:\Windows\SysNative\wuapi.dll
[2011/02/02 15:42:07 | 000,098,816 | ---- | C] () -- C:\Windows\SysNative\wudriver.dll
[2011/02/02 15:42:07 | 000,038,112 | ---- | C] () -- C:\Windows\SysNative\wups.dll
[2011/02/02 15:41:53 | 000,185,416 | ---- | C] () -- C:\Windows\SysNative\wuwebv.dll
[2011/02/02 15:41:53 | 000,036,864 | ---- | C] () -- C:\Windows\SysNative\wuapp.exe
[2011/02/02 15:33:58 | 001,638,912 | ---- | C] () -- C:\Windows\SysNative\mshtml.tlb
[2011/02/02 15:33:58 | 001,062,912 | ---- | C] () -- C:\Windows\SysNative\mstime.dll
[2011/02/02 15:33:58 | 000,096,768 | ---- | C] () -- C:\Windows\SysNative\mshtmled.dll
[2011/02/02 15:33:57 | 000,243,712 | ---- | C] () -- C:\Windows\SysNative\occache.dll
[2011/02/02 15:33:56 | 000,252,416 | ---- | C] () -- C:\Windows\SysNative\iepeers.dll
[2011/02/02 15:33:56 | 000,219,136 | ---- | C] () -- C:\Windows\SysNative\ieui.dll
[2011/02/02 15:33:56 | 000,071,680 | ---- | C] () -- C:\Windows\SysNative\msfeedsbs.dll
[2011/02/02 15:33:56 | 000,056,832 | ---- | C] () -- C:\Windows\SysNative\licmgr10.dll
[2011/02/02 15:33:56 | 000,031,744 | ---- | C] () -- C:\Windows\SysNative\jsproxy.dll
[2011/02/02 15:33:55 | 001,486,848 | ---- | C] () -- C:\Windows\SysNative\urlmon.dll
[2011/02/02 15:33:55 | 000,710,656 | ---- | C] () -- C:\Windows\SysNative\msfeeds.dll
[2011/02/02 15:33:54 | 001,147,904 | ---- | C] () -- C:\Windows\SysNative\wininet.dll
[2011/02/02 15:33:54 | 000,162,816 | ---- | C] () -- C:\Windows\SysNative\ieUnatt.exe
[2011/02/02 15:33:54 | 000,132,096 | ---- | C] () -- C:\Windows\SysNative\iesysprep.dll
[2011/02/02 15:33:54 | 000,077,312 | ---- | C] () -- C:\Windows\SysNative\iesetup.dll
[2011/02/02 15:33:54 | 000,072,192 | ---- | C] () -- C:\Windows\SysNative\iernonce.dll
[2011/02/02 15:33:54 | 000,070,656 | ---- | C] () -- C:\Windows\SysNative\ie4uinit.exe
[2011/02/02 15:33:54 | 000,057,667 | ---- | C] () -- C:\Windows\SysWow64\ieuinit.inf
[2011/02/02 15:33:54 | 000,057,667 | ---- | C] () -- C:\Windows\SysNative\ieuinit.inf
[2011/02/02 15:33:54 | 000,012,288 | ---- | C] () -- C:\Windows\SysNative\msfeedssync.exe
[2011/02/02 15:33:53 | 000,479,232 | ---- | C] () -- C:\Windows\SysNative\html.iec
[2011/02/02 15:33:53 | 000,459,776 | ---- | C] () -- C:\Windows\SysNative\iedkcs32.dll
[2011/02/02 15:33:52 | 002,340,864 | ---- | C] () -- C:\Windows\SysNative\iertutil.dll
[2011/02/02 15:33:51 | 001,538,560 | ---- | C] () -- C:\Windows\SysNative\inetcpl.cpl
[2011/02/02 15:33:50 | 012,474,368 | ---- | C] () -- C:\Windows\SysNative\ieframe.dll
[2011/02/02 15:33:48 | 009,259,520 | ---- | C] () -- C:\Windows\SysNative\mshtml.dll
[2011/02/02 15:32:02 | 000,161,792 | ---- | C] () -- C:\Windows\SysNative\advpack.dll
[2011/02/02 15:32:02 | 000,088,064 | ---- | C] () -- C:\Windows\SysNative\admparse.dll
[2011/02/02 15:32:02 | 000,085,504 | ---- | C] () -- C:\Windows\SysNative\icardie.dll
[2011/02/02 15:32:02 | 000,022,528 | ---- | C] () -- C:\Windows\SysNative\corpol.dll
[2011/02/02 15:32:01 | 000,223,232 | ---- | C] () -- C:\Windows\SysNative\msls31.dll
[2011/02/02 15:32:01 | 000,157,696 | ---- | C] () -- C:\Windows\SysNative\ieakeng.dll
[2011/02/02 15:32:01 | 000,077,824 | ---- | C] () -- C:\Windows\SysNative\tdc.ocx
[2011/02/02 15:32:00 | 000,125,952 | ---- | C] () -- C:\Windows\SysNative\inseng.dll
[2011/02/02 15:32:00 | 000,076,288 | ---- | C] () -- C:\Windows\SysNative\wextract.exe
[2011/02/02 15:32:00 | 000,052,736 | ---- | C] () -- C:\Windows\SysNative\imgutil.dll
[2011/02/02 15:31:59 | 000,481,280 | ---- | C] () -- C:\Windows\SysNative\ieapfltr.dll
[2011/02/02 15:31:59 | 000,063,488 | ---- | C] () -- C:\Windows\SysNative\pngfilt.dll
[2011/02/02 15:31:58 | 000,508,416 | ---- | C] () -- C:\Windows\SysNative\dxtmsft.dll
[2011/02/02 15:31:58 | 000,318,464 | ---- | C] () -- C:\Windows\SysNative\dxtrans.dll
[2011/02/02 15:31:57 | 000,304,640 | ---- | C] () -- C:\Windows\SysNative\webcheck.dll
[2011/02/02 15:31:57 | 000,271,872 | ---- | C] () -- C:\Windows\SysNative\ieaksie.dll
[2011/02/02 15:31:56 | 000,278,528 | ---- | C] () -- C:\Windows\SysNative\WinFXDocObj.exe
[2011/02/02 15:31:56 | 000,241,664 | ---- | C] () -- C:\Windows\SysNative\msrating.dll
[2011/02/02 15:31:56 | 000,163,840 | ---- | C] () -- C:\Windows\SysNative\ieakui.dll
[2011/02/02 15:31:56 | 000,131,584 | ---- | C] () -- C:\Windows\SysNative\PDMSetup.exe
[2011/02/02 15:31:56 | 000,129,024 | ---- | C] () -- C:\Windows\SysNative\RegisterIEPKEYs.exe
[2011/02/02 15:31:56 | 000,128,512 | ---- | C] () -- C:\Windows\SysNative\SetIEInstalledDate.exe
[2011/02/02 15:31:56 | 000,125,440 | ---- | C] () -- C:\Windows\SysNative\SetDepNx.exe
[2011/02/02 15:31:56 | 000,041,984 | ---- | C] () -- C:\Windows\SysNative\mshta.exe
[2011/02/02 15:31:55 | 000,817,664 | ---- | C] () -- C:\Windows\SysNative\jscript.dll
[2011/02/02 15:31:55 | 000,612,864 | ---- | C] () -- C:\Windows\SysNative\vbscript.dll
[2011/02/02 15:31:55 | 000,108,032 | ---- | C] () -- C:\Windows\SysNative\url.dll
[2011/02/02 15:31:55 | 000,048,128 | ---- | C] () -- C:\Windows\SysNative\mshtmler.dll
[2011/02/02 15:31:54 | 003,698,584 | ---- | C] () -- C:\Windows\SysNative\ieapfltr.dat
[2011/02/02 15:31:53 | 000,193,536 | ---- | C] () -- C:\Windows\SysNative\iexpress.exe
[2011/02/02 15:21:43 | 000,176,640 | ---- | C] () -- C:\Windows\SysNative\Faultrep.dll
[2011/02/02 15:21:43 | 000,120,832 | ---- | C] () -- C:\Windows\SysNative\wersvc.dll
[2011/02/02 15:21:42 | 000,087,552 | ---- | C] () -- C:\Windows\SysNative\consent.exe
[2011/02/02 15:21:41 | 001,875,456 | ---- | C] () -- C:\Windows\SysNative\msxml3.dll
[2011/02/02 15:21:39 | 000,841,216 | ---- | C] () -- C:\Windows\SysNative\WindowsCodecs.dll
[2011/02/02 15:21:39 | 000,470,016 | ---- | C] () -- C:\Windows\SysNative\PhotoMetadataHandler.dll
[2011/02/02 15:21:39 | 000,386,560 | ---- | C] () -- C:\Windows\SysNative\WindowsCodecsExt.dll
[2011/02/02 15:21:36 | 000,054,272 | ---- | C] () -- C:\Windows\SysNative\iyuv_32.dll
[2011/02/02 15:21:36 | 000,038,400 | ---- | C] () -- C:\Windows\SysNative\msvidc32.dll
[2011/02/02 15:21:35 | 000,108,544 | ---- | C] () -- C:\Windows\SysNative\avifil32.dll
[2011/02/02 15:21:35 | 000,093,184 | ---- | C] () -- C:\Windows\SysNative\mciavi32.dll
[2011/02/02 15:21:35 | 000,076,800 | ---- | C] () -- C:\Windows\SysNative\avicap32.dll
[2011/02/02 15:21:35 | 000,025,600 | ---- | C] () -- C:\Windows\SysNative\msyuv.dll
[2011/02/02 15:21:35 | 000,015,872 | ---- | C] () -- C:\Windows\SysNative\msrle32.dll
[2011/02/02 15:21:35 | 000,013,824 | ---- | C] () -- C:\Windows\SysNative\tsbyuv.dll
[2011/02/02 15:21:34 | 000,143,360 | ---- | C] () -- C:\Windows\SysNative\msvfw32.dll
[2011/02/02 15:21:23 | 000,141,312 | ---- | C] () -- C:\Windows\SysNative\netiohlp.dll
[2011/02/02 15:21:22 | 000,032,256 | ---- | C] () -- C:\Windows\SysNative\NETSTAT.EXE
[2011/02/02 15:21:22 | 000,023,040 | ---- | C] () -- C:\Windows\SysNative\ARP.EXE
[2011/02/02 15:21:22 | 000,012,800 | ---- | C] () -- C:\Windows\SysNative\MRINFO.EXE
[2011/02/02 15:21:21 | 000,021,504 | ---- | C] () -- C:\Windows\SysNative\ROUTE.EXE
[2011/02/02 15:21:21 | 000,011,264 | ---- | C] () -- C:\Windows\SysNative\finger.exe
[2011/02/02 15:21:21 | 000,010,752 | ---- | C] () -- C:\Windows\SysNative\TCPSVCS.EXE
[2011/02/02 15:21:21 | 000,010,240 | ---- | C] () -- C:\Windows\SysNative\HOSTNAME.EXE
[2011/02/02 15:21:20 | 000,017,920 | ---- | C] () -- C:\Windows\SysNative\netevent.dll
[2011/02/02 15:20:54 | 001,692,160 | ---- | C] () -- C:\Windows\SysNative\lsasrv.dll
[2011/02/02 15:20:54 | 000,515,656 | ---- | C] () -- C:\Windows\SysNative\drivers\ksecdd.sys
[2011/02/02 15:20:54 | 000,268,800 | ---- | C] () -- C:\Windows\SysNative\msv1_0.dll
[2011/02/02 15:20:54 | 000,205,312 | ---- | C] () -- C:\Windows\SysNative\wdigest.dll
[2011/02/02 15:20:54 | 000,094,720 | ---- | C] () -- C:\Windows\SysNative\secur32.dll
[2011/02/02 15:20:53 | 000,011,264 | ---- | C] () -- C:\Windows\SysNative\lsass.exe
[2011/02/02 15:20:52 | 000,557,056 | ---- | C] () -- C:\Windows\SysNative\wmpeffects.dll
[2011/02/02 15:20:50 | 000,295,936 | ---- | C] () -- C:\Windows\SysNative\raschap.dll
[2011/02/02 15:20:50 | 000,280,576 | ---- | C] () -- C:\Windows\SysNative\rastls.dll
[2011/02/02 15:20:47 | 000,462,848 | ---- | C] () -- C:\Windows\SysNative\odbc32.dll
[2011/02/02 15:20:41 | 001,794,560 | ---- | C] () -- C:\Windows\SysNative\msxml6.dll
[2011/02/02 15:19:49 | 002,900,480 | ---- | C] () -- C:\Windows\SysNative\WMVCORE.DLL
[2011/02/02 15:19:48 | 003,547,136 | ---- | C] () -- C:\Windows\SysNative\mf.dll
[2011/02/02 15:19:46 | 001,090,048 | ---- | C] () -- C:\Windows\SysNative\wmpmde.dll
[2011/02/02 15:19:40 | 000,974,848 | ---- | C] () -- C:\Windows\SysNative\inetcomm.dll
[2011/02/02 15:19:37 | 000,141,824 | ---- | C] () -- C:\Windows\SysNative\drivers\srvnet.sys
[2011/02/02 15:19:36 | 002,608,803 | ---- | C] () -- C:\Windows\SysNative\wlan.tmf
[2011/02/02 15:19:35 | 000,376,832 | ---- | C] () -- C:\Windows\SysNative\wlansec.dll
[2011/02/02 15:19:35 | 000,353,280 | ---- | C] () -- C:\Windows\SysNative\wlanmsm.dll
[2011/02/02 15:19:35 | 000,157,184 | ---- | C] () -- C:\Windows\SysNative\L2SecHC.dll
[2011/02/02 15:19:34 | 000,615,936 | ---- | C] () -- C:\Windows\SysNative\wlansvc.dll
[2011/02/02 15:19:34 | 000,097,792 | ---- | C] () -- C:\Windows\SysNative\wlanhlp.dll
[2011/02/02 15:19:34 | 000,086,528 | ---- | C] () -- C:\Windows\SysNative\wlanapi.dll
[2011/02/02 15:19:33 | 000,324,608 | ---- | C] () -- C:\Windows\SysNative\PortableDeviceApi.dll
[2011/02/02 15:19:31 | 000,267,776 | ---- | C] () -- C:\Windows\SysNative\spoolsv.exe
[2011/02/02 15:19:29 | 000,818,688 | ---- | C] () -- C:\Windows\SysNative\WMSPDMOD.DLL
[2011/02/02 15:19:27 | 000,273,920 | ---- | C] () -- C:\Windows\SysNative\drivers\mrxsmb10.sys
[2011/02/02 15:19:27 | 000,135,168 | ---- | C] () -- C:\Windows\SysNative\drivers\mrxsmb.sys
[2011/02/02 15:19:27 | 000,105,472 | ---- | C] () -- C:\Windows\SysNative\drivers\mrxsmb20.sys
[2011/02/02 15:19:26 | 000,202,752 | ---- | C] () -- C:\Windows\SysNative\wkssvc.dll
[2011/02/02 15:19:24 | 000,622,080 | ---- | C] () -- C:\Windows\SysNative\usp10.dll
[2011/02/02 15:19:20 | 001,245,184 | ---- | C] () -- C:\Windows\SysNative\WMNetMgr.dll
[2011/02/02 15:19:19 | 000,112,640 | ---- | C] () -- C:\Windows\SysNative\logagent.exe
[2011/02/02 15:19:00 | 000,372,736 | ---- | C] () -- C:\Windows\SysNative\unregmp2.exe
[2011/02/02 15:18:31 | 001,030,656 | ---- | C] () -- C:\Windows\SysNative\printfilterpipelinesvc.exe
[2011/02/02 15:18:31 | 000,718,336 | ---- | C] () -- C:\Windows\SysNative\rpcss.dll
[2011/02/02 15:18:29 | 000,231,424 | ---- | C] () -- C:\Windows\SysNative\sdohlp.dll
[2011/02/02 15:18:29 | 000,163,840 | ---- | C] () -- C:\Windows\SysNative\iasrecst.dll
[2011/02/02 15:18:29 | 000,075,776 | ---- | C] () -- C:\Windows\SysNative\iasads.dll
[2011/02/02 15:18:29 | 000,061,440 | ---- | C] () -- C:\Windows\SysNative\iasdatastore.dll
[2011/02/02 15:18:29 | 000,036,352 | ---- | C] () -- C:\Windows\SysNative\printfilterpipelineprxy.dll
[2011/02/02 15:18:29 | 000,024,576 | ---- | C] () -- C:\Windows\SysNative\iashost.exe
[2011/02/02 15:18:14 | 012,898,304 | ---- | C] () -- C:\Windows\SysNative\shell32.dll
[2011/02/02 15:17:46 | 013,425,152 | ---- | C] () -- C:\Windows\SysNative\wmp.dll
[2011/02/02 15:17:42 | 008,147,968 | ---- | C] () -- C:\Windows\SysNative\wmploc.DLL
[2011/02/02 15:17:28 | 000,462,848 | ---- | C] () -- C:\Windows\SysNative\drivers\srv.sys
[2011/02/02 15:17:28 | 000,174,592 | ---- | C] () -- C:\Windows\SysNative\drivers\srv2.sys
[2011/02/02 15:17:26 | 001,208,832 | ---- | C] () -- C:\Windows\SysNative\kernel32.dll
[2011/02/02 15:17:24 | 000,025,600 | ---- | C] () -- C:\Windows\SysNative\amxread.dll
[2011/02/02 15:17:24 | 000,015,872 | ---- | C] () -- C:\Windows\SysNative\apilogen.dll
[2011/02/02 15:17:22 | 001,420,176 | ---- | C] () -- C:\Windows\SysNative\drivers\tcpip.sys
[2011/02/02 15:17:19 | 004,690,832 | ---- | C] () -- C:\Windows\SysNative\ntoskrnl.exe
[2011/02/02 15:17:17 | 000,633,856 | ---- | C] () -- C:\Windows\SysNative\comctl32.dll
[2011/02/02 15:17:15 | 000,050,688 | ---- | C] () -- C:\Windows\SysNative\rtutils.dll
[2011/02/02 15:17:09 | 000,002,048 | ---- | C] () -- C:\Windows\SysNative\tzres.dll
[2011/02/02 15:16:57 | 001,923,584 | ---- | C] () -- C:\Windows\SysNative\ole32.dll
[2011/02/02 15:16:54 | 000,189,952 | ---- | C] () -- C:\Windows\SysNative\t2embed.dll
[2011/02/02 15:16:52 | 000,367,104 | ---- | C] () -- C:\Windows\SysNative\atmfd.dll
[2011/02/02 15:16:51 | 000,096,256 | ---- | C] () -- C:\Windows\SysNative\fontsub.dll
[2011/02/02 15:16:51 | 000,048,128 | ---- | C] () -- C:\Windows\SysNative\atmlib.dll
[2011/02/02 15:16:43 | 000,295,424 | ---- | C] () -- C:\Windows\SysNative\MP4SDECD.DLL
[2011/02/02 15:16:42 | 000,388,608 | ---- | C] () -- C:\Windows\SysNative\gdi32.dll
[2011/02/02 15:15:50 | 000,594,944 | ---- | C] () -- C:\Windows\SysNative\RMActivate_isv.exe
[2011/02/02 15:15:50 | 000,594,432 | ---- | C] () -- C:\Windows\SysNative\RMActivate.exe
[2011/02/02 15:15:49 | 000,535,040 | ---- | C] () -- C:\Windows\SysNative\secproc.dll
[2011/02/02 15:15:49 | 000,534,016 | ---- | C] () -- C:\Windows\SysNative\secproc_isv.dll
[2011/02/02 15:15:49 | 000,413,696 | ---- | C] () -- C:\Windows\SysNative\RMActivate_ssp_isv.exe
[2011/02/02 15:15:49 | 000,409,600 | ---- | C] () -- C:\Windows\SysNative\RMActivate_ssp.exe
[2011/02/02 15:15:48 | 000,457,216 | ---- | C] () -- C:\Windows\SysNative\msdrm.dll
[2011/02/02 15:15:48 | 000,159,232 | ---- | C] () -- C:\Windows\SysNative\secproc_ssp_isv.dll
[2011/02/02 15:15:48 | 000,158,720 | ---- | C] () -- C:\Windows\SysNative\secproc_ssp.dll
[2011/02/02 15:15:45 | 000,437,248 | ---- | C] () -- C:\Windows\SysNative\WSDApi.dll
[2011/02/02 15:15:43 | 001,280,512 | ---- | C] () -- C:\Windows\SysNative\rpcrt4.dll
[2011/02/02 15:15:32 | 000,368,128 | ---- | C] () -- C:\Windows\SysNative\wmpdxm.dll
[2011/02/02 15:15:30 | 000,009,216 | ---- | C] () -- C:\Windows\SysNative\spwmp.dll
[2011/02/02 15:15:29 | 000,005,120 | ---- | C] () -- C:\Windows\SysNative\msdxm.ocx
[2011/02/02 15:15:29 | 000,005,120 | ---- | C] () -- C:\Windows\SysNative\dxmasf.dll
[2011/02/02 15:15:28 | 000,043,520 | ---- | C] () -- C:\Windows\SysNative\msdxm.tlb
[2011/02/02 15:15:28 | 000,018,432 | ---- | C] () -- C:\Windows\SysNative\amcompat.tlb
[2011/02/02 15:15:26 | 000,660,480 | ---- | C] () -- C:\Windows\SysNative\win32spl.dll
[2011/02/02 15:15:17 | 000,791,552 | ---- | C] () -- C:\Windows\SysNative\localspl.dll
[2011/02/02 15:15:13 | 000,088,576 | ---- | C] () -- C:\Windows\SysNative\atl.dll
[2011/02/02 15:15:12 | 000,084,480 | ---- | C] () -- C:\Windows\SysNative\asycfilt.dll
[2011/02/02 15:15:10 | 000,656,384 | ---- | C] () -- C:\Windows\SysNative\kerberos.dll
[2011/02/02 15:15:03 | 002,423,296 | ---- | C] () -- C:\Windows\SysNative\mstscax.dll
[2011/02/02 15:12:55 | 000,730,112 | ---- | C] () -- C:\Windows\SysNative\msdtcprx.dll
[2011/02/02 15:12:55 | 000,048,640 | ---- | C] () -- C:\Windows\SysNative\xolehlp.dll
[2011/02/02 15:12:54 | 002,751,488 | ---- | C] () -- C:\Windows\SysNative\win32k.sys
[2011/02/02 15:12:52 | 000,072,192 | ---- | C] () -- C:\Windows\SysNative\l3codeca.acm
[2011/02/02 15:12:51 | 000,880,640 | ---- | C] () -- C:\Windows\SysNative\timedate.cpl
[2011/02/02 15:12:48 | 000,082,944 | ---- | C] () -- C:\Windows\SysNative\msasn1.dll
[2011/02/02 15:12:47 | 001,570,816 | ---- | C] () -- C:\Windows\SysNative\quartz.dll
[2011/02/02 15:12:46 | 001,691,648 | ---- | C] () -- C:\Windows\SysNative\connect.dll
[2011/02/02 15:12:45 | 000,883,200 | ---- | C] () -- C:\Windows\SysNative\drivers\dxgkrnl.sys
[2011/02/02 15:12:45 | 000,399,872 | ---- | C] () -- C:\Windows\SysNative\emdmgmt.dll
[2011/02/02 15:12:45 | 000,187,392 | ---- | C] () -- C:\Windows\SysNative\drivers\nwifi.sys
[2011/02/02 15:12:45 | 000,048,640 | ---- | C] () -- C:\Windows\SysNative\dataclen.dll
[2011/02/02 15:12:45 | 000,047,104 | ---- | C] () -- C:\Windows\SysNative\cdd.dll
[2011/02/02 15:09:16 | 000,648,704 | ---- | C] () -- C:\Windows\SysNative\netapi32.dll
[2011/02/02 15:09:11 | 001,251,840 | ---- | C] () -- C:\Windows\SysNative\sdclt.exe
[2011/02/02 15:09:08 | 000,032,256 | ---- | C] () -- C:\Windows\SysNative\Apphlpdm.dll
[2011/02/02 15:09:07 | 004,240,384 | ---- | C] () -- C:\Windows\SysNative\GameUXLegacyGDFs.dll
[2011/02/02 15:08:41 | 000,854,528 | ---- | C] () -- C:\Windows\SysNative\schedsvc.dll
[2011/02/02 15:08:41 | 000,655,872 | ---- | C] () -- C:\Windows\SysNative\taskschd.dll
[2011/02/02 15:08:41 | 000,499,712 | ---- | C] () -- C:\Windows\SysNative\wmicmiplugin.dll
[2011/02/02 15:08:40 | 000,410,112 | ---- | C] () -- C:\Windows\SysNative\taskcomp.dll
[2011/02/02 15:08:40 | 000,267,776 | ---- | C] () -- C:\Windows\SysNative\taskeng.exe
[2011/02/02 15:08:38 | 000,343,040 | ---- | C] () -- C:\Windows\SysNative\schannel.dll
[2011/02/02 15:08:34 | 000,439,808 | ---- | C] () -- C:\Windows\SysNative\winhttp.dll
[2011/02/02 15:02:24 | 000,049,152 | ---- | C] () -- C:\Windows\CNYUSB.dll
[2011/02/02 14:46:01 | 551,778,020 | ---- | C] () -- C:\Windows\MEMORY.DMP
[2011/02/02 14:34:34 | 000,000,975 | ---- | C] () -- C:\Users\unseth\Application Data\Microsoft\Internet Explorer\Quick Launch\Launch Internet Explorer Browser.lnk
[2011/02/02 14:28:04 | 000,126,312 | ---- | C] () -- C:\Windows\SysNative\GEARAspi64.dll
[2011/02/02 14:28:04 | 000,019,304 | ---- | C] () -- C:\Windows\SysNative\drivers\GEARAspiWDM.sys
[2011/02/02 14:26:28 | 000,025,424 | ---- | C] () -- C:\Windows\SysNative\drivers\COH_Mon.sys
[2011/02/02 14:26:28 | 000,010,557 | ---- | C] () -- C:\Windows\SysNative\drivers\COH_Mon.cat
[2011/02/02 14:25:39 | 000,001,773 | ---- | C] () -- C:\Users\Public\Desktop\McAfee Security Scan Plus.lnk
[2011/02/02 14:25:39 | 000,001,771 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\McAfee Security Scan Plus.lnk
[2011/02/02 14:21:49 | 000,000,898 | ---- | C] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2011/02/02 14:21:49 | 000,000,894 | ---- | C] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2011/02/02 12:04:28 | 000,000,000 | ---- | C] () -- C:\Windows\SysNative\drivers\Gateway_DX4200-09_1.0_PTG040X007907024B82703.MRK
[2011/02/02 12:01:39 | 000,000,000 | ---- | C] () -- C:\Windows\SysNative\LogConfigTemp.xml
[2011/02/02 12:01:38 | 000,585,216 | ---- | C] () -- C:\Windows\SysNative\INT15_64.dll
[2011/02/02 12:01:38 | 000,017,952 | ---- | C] () -- C:\Windows\SysNative\drivers\int15_64.sys
[2011/02/02 11:59:51 | 006,416,928 | ---- | C] () -- C:\Windows\System\DriveIcon.dll
[2011/02/02 11:59:51 | 000,066,048 | ---- | C] () -- C:\Windows\SysNative\drivers\RTSTOR64.sys
[2011/02/02 11:59:51 | 000,005,430 | ---- | C] () -- C:\Windows\System\MyMulti.ico
[2011/02/02 11:59:21 | 000,581,120 | ---- | C] () -- C:\Windows\mHotkey.exe
[2011/02/02 11:59:21 | 000,003,088 | ---- | C] () -- C:\Windows\MODLED.xml
[2011/02/02 11:59:21 | 000,003,084 | ---- | C] () -- C:\Windows\mHotkey.xml
[2011/02/02 11:59:21 | 000,000,870 | ---- | C] () -- C:\Windows\mhotkey_reg.ini
[2011/02/02 11:59:20 | 000,294,912 | ---- | C] () -- C:\Windows\PIC.dll
[2011/02/02 11:59:20 | 000,036,864 | ---- | C] () -- C:\Windows\LchDrvKey.exe
[2011/02/02 11:58:52 | 000,000,951 | ---- | C] () -- C:\Users\unseth\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer (64-bit).lnk
[2011/02/02 11:58:48 | 000,000,981 | ---- | C] () -- C:\Users\unseth\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk
[2011/02/02 11:58:46 | 000,000,976 | ---- | C] () -- C:\Users\unseth\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Windows Media Player.lnk
[2011/02/02 11:58:37 | 000,000,917 | ---- | C] () -- C:\Users\unseth\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Windows Mail.lnk
[2011/02/02 11:57:23 | 000,112,780 | ---- | C] () -- C:\Windows\SysNative\log.xml
[2011/02/02 11:55:16 | 000,000,258 | ---- | C] () -- C:\Users\unseth\Application Data\Microsoft\Internet Explorer\Quick Launch\Shows Desktop.lnk
[2011/02/02 11:55:16 | 000,000,240 | ---- | C] () -- C:\Users\unseth\Application Data\Microsoft\Internet Explorer\Quick Launch\Window Switcher.lnk
[2011/02/02 11:45:52 | 000,000,000 | ---- | C] () -- C:\Windows\ativpsrm.bin
[2011/02/02 11:44:29 | 000,000,000 | -H-- | C] () -- C:\Windows\SysNative\drivers\Msft_User_WpdFs_01_00_00.Wdf
[2011/02/02 11:38:27 | 001,253,376 | ---- | C] () -- C:\Windows\SysNative\drivers\agrsm64.sys
[2011/02/02 11:38:27 | 000,014,336 | ---- | C] () -- C:\Windows\SysNative\agrsco64.dll
[2008/01/20 20:50:05 | 000,060,124 | ---- | C] () -- C:\Windows\SysWow64\tcpmon.ini
[2008/01/20 20:49:49 | 000,368,640 | ---- | C] () -- C:\Windows\SysWow64\msjetoledb40.dll

========== LOP Check ==========

[2011/02/03 09:35:25 | 000,021,582 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT

========== Purity Check ==========



========== Custom Scans ==========


< %SYSTEMDRIVE%\*.exe >


< MD5 for: AGP440.SYS >
[2008/01/20 20:46:51 | 000,064,568 | ---- | M] () MD5=F6F6793B7F17B550ECFDBD3B229173F7 -- C:\Windows\SysNative\drivers\AGP440.sys
[2008/01/20 20:46:51 | 000,064,568 | ---- | M] (Microsoft Corporation) MD5=F6F6793B7F17B550ECFDBD3B229173F7 -- C:\Windows\winsxs\amd64_machine.inf_31bf3856ad364e35_6.0.6001.18000_none_163188bf770e4ab0\AGP440.sys

< MD5 for: ATAPI.SYS >
[2008/01/20 20:46:50 | 000,022,584 | ---- | M] (Microsoft Corporation) MD5=1898FAE8E07D97F2F6C2D5326C633FAC -- C:\Windows\winsxs\amd64_mshdc.inf_31bf3856ad364e35_6.0.6001.18000_none_3956c39dd9e73fd2\atapi.sys
[2008/02/21 23:29:46 | 000,022,584 | ---- | M] (Microsoft Corporation) MD5=2297D8A0E2F3E1BA55E1538BA33B9E86 -- C:\Windows\winsxs\amd64_mshdc.inf_31bf3856ad364e35_6.0.6001.22120_none_39cac090f315177e\atapi.sys
[2008/02/21 23:30:43 | 000,022,584 | ---- | M] () MD5=62BD869AFA2BF2E30F9D3FF428C87D5C -- C:\Windows\SysNative\drivers\atapi.sys
[2008/02/21 23:30:43 | 000,022,584 | ---- | M] (Microsoft Corporation) MD5=62BD869AFA2BF2E30F9D3FF428C87D5C -- C:\Windows\winsxs\amd64_mshdc.inf_31bf3856ad364e35_6.0.6001.18023_none_394424a3d9f4c3b9\atapi.sys

< MD5 for: CNGAUDIT.DLL >
[2006/11/02 05:16:48 | 000,014,848 | ---- | M] () MD5=21322B1A2AD337C579F4A65EA0D25193 -- C:\Windows\SysNative\cngaudit.dll
[2006/11/02 05:16:48 | 000,014,848 | ---- | M] (Microsoft Corporation) MD5=21322B1A2AD337C579F4A65EA0D25193 -- C:\Windows\winsxs\amd64_microsoft-windows-cngaudit-dll_31bf3856ad364e35_6.0.6000.16386_none_424bc4aceb06de1c\cngaudit.dll
[2006/11/02 03:46:03 | 000,011,776 | ---- | M] (Microsoft Corporation) MD5=7F15B4953378C8B5161D65C26D5FED4D -- C:\Windows\SysWOW64\cngaudit.dll
[2006/11/02 03:46:03 | 000,011,776 | ---- | M] (Microsoft Corporation) MD5=7F15B4953378C8B5161D65C26D5FED4D -- C:\Windows\winsxs\x86_microsoft-windows-cngaudit-dll_31bf3856ad364e35_6.0.6000.16386_none_e62d292932a96ce6\cngaudit.dll

< MD5 for: IASTORV.SYS >
[2008/01/20 20:46:59 | 000,290,872 | ---- | M] () MD5=3E3BF3627D886736D0B4E90054F929F6 -- C:\Windows\SysNative\drivers\iaStorV.sys
[2008/01/20 20:46:59 | 000,290,872 | ---- | M] (Intel Corporation) MD5=3E3BF3627D886736D0B4E90054F929F6 -- C:\Windows\winsxs\amd64_iastorv.inf_31bf3856ad364e35_6.0.6001.18000_none_0b2fedfc40256bc5\iaStorV.sys

< MD5 for: NETLOGON.DLL >
[2008/01/20 20:51:03 | 000,716,800 | ---- | M] () MD5=5D0A4891F8CD0E9E64FF57A6A34044F5 -- C:\Windows\SysNative\netlogon.dll
[2008/01/20 20:51:03 | 000,716,800 | ---- | M] (Microsoft Corporation) MD5=5D0A4891F8CD0E9E64FF57A6A34044F5 -- C:\Windows\winsxs\amd64_microsoft-windows-security-netlogon_31bf3856ad364e35_6.0.6001.18000_none_59d652c6f057598d\netlogon.dll
[2008/01/20 20:48:28 | 000,592,384 | ---- | M] (Microsoft Corporation) MD5=A8EFC0B6E75B789F7FD3BA5025D4E37F -- C:\Windows\SysWOW64\netlogon.dll
[2008/01/20 20:48:28 | 000,592,384 | ---- | M] (Microsoft Corporation) MD5=A8EFC0B6E75B789F7FD3BA5025D4E37F -- C:\Windows\winsxs\wow64_microsoft-windows-security-netlogon_31bf3856ad364e35_6.0.6001.18000_none_642afd1924b81b88\netlogon.dll

< MD5 for: NVSTOR.SYS >
[2008/01/20 20:46:54 | 000,054,328 | ---- | M] () MD5=F7EA0FE82842D05EDA3EFDD376DBFDBA -- C:\Windows\SysNative\drivers\nvstor.sys
[2008/01/20 20:46:54 | 000,054,328 | ---- | M] (NVIDIA Corporation) MD5=F7EA0FE82842D05EDA3EFDD376DBFDBA -- C:\Windows\winsxs\amd64_nvraid.inf_31bf3856ad364e35_6.0.6001.18000_none_95f95eab775c159d\nvstor.sys

< MD5 for: SCECLI.DLL >
[2008/01/20 20:50:28 | 000,177,152 | ---- | M] (Microsoft Corporation) MD5=28B84EB538F7E8A0FE8B9299D591E0B9 -- C:\Windows\SysWOW64\scecli.dll
[2008/01/20 20:50:28 | 000,177,152 | ---- | M] (Microsoft Corporation) MD5=28B84EB538F7E8A0FE8B9299D591E0B9 -- C:\Windows\winsxs\wow64_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.0.6001.18000_none_9e812831c5d9a243\scecli.dll
[2008/01/20 20:49:49 | 000,235,520 | ---- | M] () MD5=35F1DD99F9903BC267C2AF16B09F9BF7 -- C:\Windows\SysNative\scecli.dll
[2008/01/20 20:49:49 | 000,235,520 | ---- | M] (Microsoft Corporation) MD5=35F1DD99F9903BC267C2AF16B09F9BF7 -- C:\Windows\winsxs\amd64_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.0.6001.18000_none_942c7ddf9178e048\scecli.dll

< %systemroot%\*. /mp /s >

< End of report >

OTL Extras logfile created on: 2/3/2011 9:43:41 AM - Run 1
OTL by OldTimer - Version 3.2.20.6 Folder = C:\Users\unseth\Downloads
64bit-Windows Vista Home Premium Edition Service Pack 1 (Version = 6.0.6001) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18999)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

4.00 Gb Total Physical Memory | 2.00 Gb Available Physical Memory | 55.00% Memory free
8.00 Gb Paging File | 6.00 Gb Available in Paging File | 77.00% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 586.40 Gb Total Space | 537.41 Gb Free Space | 91.64% Space Free | Partition Type: NTFS
Drive D: | 461.55 Mb Total Space | 0.00 Mb Free Space | 0.00% Space Free | Partition Type: CDFS

Computer Name: UNSETH-PC | User Name: unseth | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan | Include 64bit Scans
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Extra Registry (SafeList) ==========


========== File Associations ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.html[@ = ChromeHTML] -- C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.)
.url[@ = InternetShortcut] -- C:\Windows\SysNative\rundll32.exe ()

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\SysWow64\control.exe (Microsoft Corporation)
.html [@ = ChromeHTML] -- C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.)

[HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>]
.html [@ = ChromeHTML] -- Reg Error: Key error. File not found

========== Shell Spawning ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %* File not found
cmdfile [open] -- "%1" %* File not found
comfile [open] -- "%1" %* File not found
exefile [open] -- "%1" %* File not found
helpfile [open] -- Reg Error: Key error.
http [open] -- "C:\Program Files (x86)\Google\Chrome\Application\chrome.exe" -- "%1" (Google Inc.)
https [open] -- "C:\Program Files (x86)\Google\Chrome\Application\chrome.exe" -- "%1" (Google Inc.)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" ()
InternetShortcut [open] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\ieframe.dll",OpenURL %l ()
InternetShortcut [print] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll",PrintHTML "%1" ()
piffile [open] -- "%1" %* File not found
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1" File not found
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l File not found
scrfile [open] -- "%1" /S File not found
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1 File not found
Directory [cmd] -- cmd.exe /s /k pushd "%V" ()
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe /separate,/idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /separate,/e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
http [open] -- "C:\Program Files (x86)\Google\Chrome\Application\chrome.exe" -- "%1" (Google Inc.)
https [open] -- "C:\Program Files (x86)\Google\Chrome\Application\chrome.exe" -- "%1" (Google Inc.)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe /separate,/idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /separate,/e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

========== Security Center Settings ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
"VistaSp1" = 9F 9E 16 8C DC 5B C8 01 [binary data]

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"oobe_av" = 1

========== Firewall Settings ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"EnableFirewall" = 0
"DisableNotifications" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 0
"DisableNotifications" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"EnableFirewall" = 0
"DisableNotifications" = 0

========== Authorized Applications List ==========


========== Vista Active Open Ports Exception List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]

========== Vista Active Application Exception List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{A490E25E-C0D4-468C-B775-A4D63E10C249}" = protocol=6 | dir=in | app=c:\program files (x86)\microsoft office\office12\onenote.exe |
"{D2924E90-7A3A-4784-A624-DF4556480B6B}" = protocol=17 | dir=in | app=c:\program files (x86)\microsoft office\office12\onenote.exe |

========== HKEY_LOCAL_MACHINE Uninstall List ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{071c9b48-7c32-4621-a0ac-3f809523288f}" = Microsoft Visual C++ 2005 Redistributable (x64)
"{2B8AD1EE-28D4-42FF-AE4B-856E5862D583}" = ccCommon64
"{6361EA0C-499F-40C0-6924-A8D974784908}" = ccc-utility64
"{6E8E85E8-CE4B-4FF5-91F7-04999C9FAE6A}" = Microsoft Visual C++ 2005 Redistributable (x64)
"{816EB8D3-C431-5997-8A7B-99EED8D88C99}" = ATI Catalyst Install Manager
"{90120000-002A-0000-1000-0000000FF1CE}" = Microsoft Office Office 64-bit Components 2007
"{90120000-002A-0409-1000-0000000FF1CE}" = Microsoft Office Shared 64-bit MUI (English) 2007
"{90120000-0116-0409-1000-0000000FF1CE}" = Microsoft Office Shared 64-bit Setup Metadata MUI (English) 2007
"{90B5B05F-AFDA-4922-A153-45B14200BA77}" = SPBBC 64bit
"{BD927EB7-78D3-4DC4-9325-7CBD89D8F0E5}" = GearDrvs
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{D75B1A1F-BBEC-4DF2-ACE4-9B166438A621}" = Symantec Real Time Storage Protection Component (x64)
"{F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4}" = Microsoft .NET Framework 4 Client Profile
"{FE916F56-3C2B-4206-B0C2-4DCDD673308C}" = SymNet x64
"Agere Systems Soft Modem" = Agere Systems PCI-SV92PP Soft Modem
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{0204009C-53D7-67E6-6631-62A1DBD66BCA}" = Catalyst Control Center Localization German
"{0BDD3FAD-61CD-4BF3-B9C4-4CEFD43F53F8}" = Norton 360 HTMLHelp
"{14911AD7-62FA-2DF7-961A-314786398DDD}" = Catalyst Control Center Localization Danish
"{18455581-E099-4BA8-BC6B-F34B2F06600C}" = Google Toolbar for Internet Explorer
"{18960408-D04F-61BB-802E-13851583716E}" = CCC Help French
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{1FF2E7A9-824F-8B73-6332-C9DD19B08A67}" = CCC Help Finnish
"{21829177-4DED-4209-AD08-490B3AC9C01A}" = Norton 360
"{2318C2B1-4965-11d4-9B18-009027A5CD4F}" = Google Toolbar for Internet Explorer
"{23638DF5-41EF-7AEC-8AEB-2C7B4A298D05}" = CCC Help Norwegian
"{24DF7221-644B-4C3A-A478-459502D40522}" = Backup
"{26D08718-801F-2F78-B5DC-78D50714AA95}" = Catalyst Control Center Localization French
"{2B462A9D-286B-0A4F-6FB8-E71B39AB3978}" = Catalyst Control Center Localization Spanish
"{2D38E148-989C-9E77-E655-328FE0726761}" = Catalyst Control Center Localization Finnish
"{2D617065-1C52-4240-B5BC-C0AE12157777}" = Norton 360
"{3248F0A8-6813-11D6-A77B-00B0D0160050}" = Java™ 6 Update 5
"{3594EE90-B157-4519-9E82-8B6F4711A0A1}" = Catalyst Control Center - Branding
"{3770179C-38F3-A941-643C-5790E78D80C7}" = Skins
"{40BF1E83-20EB-11D8-97C5-0009C5020658}" = CyberLink Power2Go
"{45690715-80A6-4445-B61D-ADEC5888E8CD}" = Symantec Technical Support Controls
"{45A66726-69BC-466B-A7A4-12FCBA4883D7}" = HiJackThis
"{46C045BF-2B3F-4BC4-8E4C-00E0CF8BD9DB}" = Adobe AIR
"{482020CC-FEF7-9392-69F0-6C6F26FD7BCD}" = Catalyst Control Center Localization Japanese
"{4D19B0D8-896C-96AE-27B2-98B8B3997EBD}" = Catalyst Control Center Graphics Light
"{55A6283C-638A-4EE0-B491-51118554BDA2}" = Norton Confidential Core
"{5ADE38D8-1B9C-6F79-C88F-A84B01E4175C}" = CCC Help Dutch
"{5F00DF7E-418B-4CD9-8EC5-781156BCC49E}" = Microsoft Money Shared Libraries
"{600494AA-0E7B-6F10-9426-AFF9914CA403}" = Catalyst Control Center Graphics Full New
"{67E03279-F703-408F-B4BF-46B5FC8D70CD}" = Microsoft Works
"{68C96BC9-EB2A-C0F1-0BAE-8E7FACD1CC52}" = Catalyst Control Center Core Implementation
"{69897DB3-8AA0-AB8B-C41F-5F18CE08DD10}" = CCC Help German
"{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable
"{7BBEF4EB-4996-3B90-1F79-0CED09C781F5}" = Catalyst Control Center Localization Swedish
"{7C95F789-0941-CBF8-A906-507E1F938B23}" = Catalyst Control Center Localization Dutch
"{7F811A54-5A09-4579-90E1-C93498E230D9}" = Gateway Recovery Management
"{80E158EA-7181-40FE-A701-301CE6BE64AB}" = CyberLink MediaShow
"{90120000-0016-0409-0000-0000000FF1CE}" = Microsoft Office Excel MUI (English) 2007
"{90120000-0016-0409-0000-0000000FF1CE}_HOMESTUDENTR_{4CA4ECC1-DBD4-4591-8F4C-AA12AD2D3E59}" = 2007 Microsoft Office Suite Service Pack 1 (SP1)
"{90120000-0018-0409-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (English) 2007
"{90120000-0018-0409-0000-0000000FF1CE}_HOMESTUDENTR_{4CA4ECC1-DBD4-4591-8F4C-AA12AD2D3E59}" = 2007 Microsoft Office Suite Service Pack 1 (SP1)
"{90120000-001B-0409-0000-0000000FF1CE}" = Microsoft Office Word MUI (English) 2007
"{90120000-001B-0409-0000-0000000FF1CE}_HOMESTUDENTR_{4CA4ECC1-DBD4-4591-8F4C-AA12AD2D3E59}" = 2007 Microsoft Office Suite Service Pack 1 (SP1)
"{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007
"{90120000-001F-0409-0000-0000000FF1CE}_HOMESTUDENTR_{3EC77D26-799B-4CD8-914F-C1565E796173}" = 2007 Microsoft Office Suite Service Pack 1 (SP1)
"{90120000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2007
"{90120000-001F-040C-0000-0000000FF1CE}_HOMESTUDENTR_{430971B1-C31E-45DA-81E0-72C095BAB72C}" = 2007 Microsoft Office Suite Service Pack 1 (SP1)
"{90120000-001F-0C0A-0000-0000000FF1CE}" = Microsoft Office Proof (Spanish) 2007
"{90120000-001F-0C0A-0000-0000000FF1CE}_HOMESTUDENTR_{F7A31780-33C4-4E39-951A-5EC9B91D7BF1}" = 2007 Microsoft Office Suite Service Pack 1 (SP1)
"{90120000-0020-0409-0000-0000000FF1CE}" = Compatibility Pack for the 2007 Office system
"{90120000-002A-0000-1000-0000000FF1CE}_HOMESTUDENTR_{00C5525B-3CB3-467D-8100-2E6FB306CD86}" = 2007 Microsoft Office Suite Service Pack 1 (SP1)
"{90120000-002A-0409-1000-0000000FF1CE}_HOMESTUDENTR_{FAD8A83E-9BAC-4179-9268-A35948034D85}" = 2007 Microsoft Office Suite Service Pack 1 (SP1)
"{90120000-002C-0409-0000-0000000FF1CE}" = Microsoft Office Proofing (English) 2007
"{90120000-006E-0409-0000-0000000FF1CE}" = Microsoft Office Shared MUI (English) 2007
"{90120000-006E-0409-0000-0000000FF1CE}_HOMESTUDENTR_{FAD8A83E-9BAC-4179-9268-A35948034D85}" = 2007 Microsoft Office Suite Service Pack 1 (SP1)
"{90120000-00A1-0409-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (English) 2007
"{90120000-00A1-0409-0000-0000000FF1CE}_HOMESTUDENTR_{4CA4ECC1-DBD4-4591-8F4C-AA12AD2D3E59}" = 2007 Microsoft Office Suite Service Pack 1 (SP1)
"{90120000-0115-0409-0000-0000000FF1CE}" = Microsoft Office Shared Setup Metadata MUI (English) 2007
"{90120000-0115-0409-0000-0000000FF1CE}_HOMESTUDENTR_{FAD8A83E-9BAC-4179-9268-A35948034D85}" = 2007 Microsoft Office Suite Service Pack 1 (SP1)
"{90120000-0116-0409-1000-0000000FF1CE}_HOMESTUDENTR_{FAD8A83E-9BAC-4179-9268-A35948034D85}" = 2007 Microsoft Office Suite Service Pack 1 (SP1)
"{91120000-002F-0000-0000-0000000FF1CE}" = Microsoft Office Home and Student 2007
"{91120000-002F-0000-0000-0000000FF1CE}_HOMESTUDENTR_{BEE75E01-DD3F-4D5F-B96C-609E6538D419}" = 2007 Microsoft Office Suite Service Pack 1 (SP1)
"{95120000-00AF-0409-0000-0000000FF1CE}" = Microsoft Office PowerPoint Viewer 2007 (English)
"{9D05E935-B635-73BC-1320-80496C7EC481}" = CCC Help English
"{9DE36FF9-B4DC-76E5-DE1A-D940D5BB1E83}" = CCC Help Danish
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{AC76BA86-7AD7-1033-7B44-A81200000003}" = Adobe Reader 8.1.2
"{B24E05CC-46FF-4787-BBB8-5CD516AFB118}" = ccCommon
"{B3920458-4EA6-A26B-7621-AB086AC4086D}" = CCC Help Spanish
"{B7BC1735-B009-2946-AA94-2A60190616BE}" = Catalyst Control Center Localization Norwegian
"{B8CCF37C-4C5D-0B17-1472-FEDB3D88F9E8}" = CCC Help Japanese
"{B9D218EA-982B-53A2-BEEA-EF4C08DDD3DB}" = Catalyst Control Center Localization Italian
"{BB034FA9-BC86-7231-4618-B30918CD43F7}" = CCC Help Swedish
"{BE709AB0-E637-D304-F30C-B4B84F496DA7}" = ccc-core-static
"{C1E7BB59-E1BE-CC2F-32B8-F0EAB1322BC4}" = CCC Help Italian
"{C55C9458-6FAA-0DA2-3F35-CAD71AA13A89}" = Catalyst Control Center Graphics Full Existing
"{C59C179C-668D-49A9-B6EA-0121CCFC1243}" = CyberLink LabelPrint
"{CB84F0F2-927B-458D-9DC5-87832E3DC653}" = GearDrvs
"{DC24971E-1946-445D-8A82-CE685433FA7D}" = Realtek USB 2.0 Card Reader
"{E50AE784-FABE-46DA-A1F8-7B6B56DCB22E}" = Microsoft Office Suite Activation Assistant
"{E80F62FF-5D3C-4A19-8409-9721F2928206}" = LiveUpdate (Symantec Corporation)
"{EB1F488E-AB5E-DB3A-A144-51802C2B0041}" = Catalyst Control Center Graphics Previews Vista
"{ED5DCA6F-5FEA-47CB-83DB-210A468C298B}" = WUR0817 Keyboard Driver
"{EFB5B3B5-A280-4E25-BE1C-634EEFE32C1B}" = AppCore
"Adobe AIR" = Adobe AIR
"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX
"avast5" = avast! Free Antivirus
"Google Chrome" = Google Chrome
"HOMESTUDENTR" = Microsoft Office Home and Student 2007
"InstallShield_{40BF1E83-20EB-11D8-97C5-0009C5020658}" = CyberLink Power2Go
"InstallShield_{80E158EA-7181-40FE-A701-301CE6BE64AB}" = CyberLink MediaShow
"Marvell Miniport Driver" = Marvell Miniport Driver
"McAfee Security Scan" = McAfee Security Scan Plus
"Money2007b" = Microsoft Money Essentials
"PsuedoLiveUpdate" = LiveUpdate (Symantec Corporation)
"Smart Copy" = Smart Copy 3.1.1.1
"SymSetup.{2D617065-1C52-4240-B5BC-C0AE12157777}" = Norton 360 (Symantec Corporation)
"WildTangent gateway Master Uninstall" = Gateway Games
"Windows Live OneCare safety scanner" = Windows Live OneCare safety scanner

========== Last 10 Event Log Errors ==========

[ Application Events ]
Error - 2/2/2011 8:53:15 PM | Computer Name = unseth-PC | Source = WinMgmt | ID = 10
Description =

Error - 2/2/2011 9:04:50 PM | Computer Name = unseth-PC | Source = WinMgmt | ID = 10
Description =

Error - 2/2/2011 9:11:00 PM | Computer Name = unseth-PC | Source = EventSystem | ID = 4621
Description =

Error - 2/2/2011 9:13:48 PM | Computer Name = unseth-PC | Source = WinMgmt | ID = 10
Description =

Error - 2/2/2011 9:14:24 PM | Computer Name = unseth-PC | Source = Application Error | ID = 1000
Description = Faulting application LuComServer_3_4.EXE, version 3.4.1.238, time
stamp 0x48932a97, faulting module unknown, version 0.0.0.0, time stamp 0x00000000,
exception code 0xc0000005, fault offset 0x75caa57d, process id 0xb74, application
start time 0x01cbc33fb17e6609.

Error - 2/2/2011 9:14:33 PM | Computer Name = unseth-PC | Source = Application Error | ID = 1000
Description = Faulting application LuCallbackProxy.exe, version 3.4.1.234, time
stamp 0x47bdf466, faulting module unknown, version 0.0.0.0, time stamp 0x00000000,
exception code 0xc0000005, fault offset 0x75caa57d, process id 0x498, application
start time 0x01cbc33fb719caf9.

Error - 2/2/2011 9:27:12 PM | Computer Name = unseth-PC | Source = WinMgmt | ID = 10
Description =

Error - 2/2/2011 9:54:43 PM | Computer Name = unseth-PC | Source = WinMgmt | ID = 10
Description =

Error - 2/2/2011 10:01:05 PM | Computer Name = unseth-PC | Source = Application Error | ID = 1000
Description = Faulting application iexplore.exe, version 8.0.6001.18999, time stamp
0x4ccf92fb, faulting module unknown, version 0.0.0.0, time stamp 0x00000000, exception
code 0xc0000005, fault offset 0x7537a57d, process id 0xb30, application start time
0x01cbc34637807a61.

Error - 2/2/2011 10:06:49 PM | Computer Name = unseth-PC | Source = Application Error | ID = 1000
Description = Faulting application iexplore.exe, version 8.0.6001.18999, time stamp
0x4ccf92fb, faulting module unknown, version 0.0.0.0, time stamp 0x00000000, exception
code 0xc0000005, fault offset 0x7537a57d, process id 0xd34, application start time
0x01cbc34704845591.

[ System Events ]
Error - 2/2/2011 4:39:16 PM | Computer Name = unseth-PC | Source = Service Control Manager | ID = 7000
Description =

Error - 2/2/2011 4:39:16 PM | Computer Name = unseth-PC | Source = Service Control Manager | ID = 7000
Description =

Error - 2/2/2011 4:54:12 PM | Computer Name = unseth-PC | Source = EventLog | ID = 6008
Description = The previous system shutdown at 2:50:32 PM on 2/2/2011 was unexpected.

Error - 2/2/2011 4:54:15 PM | Computer Name = unseth-PC | Source = HTTP | ID = 15016
Description =

Error - 2/2/2011 4:55:15 PM | Computer Name = unseth-PC | Source = Service Control Manager | ID = 7000
Description =

Error - 2/2/2011 4:55:15 PM | Computer Name = unseth-PC | Source = Service Control Manager | ID = 7000
Description =

Error - 2/2/2011 4:59:42 PM | Computer Name = unseth-PC | Source = EventLog | ID = 6008
Description = The previous system shutdown at 2:57:46 PM on 2/2/2011 was unexpected.

Error - 2/2/2011 4:59:46 PM | Computer Name = unseth-PC | Source = HTTP | ID = 15016
Description =

Error - 2/2/2011 5:01:07 PM | Computer Name = unseth-PC | Source = Service Control Manager | ID = 7000
Description =

Error - 2/2/2011 5:01:07 PM | Computer Name = unseth-PC | Source = Service Control Manager | ID = 7000
Description =


< End of report >


The computer didn't crash while I was running the reports... so I guess that is a good sign... we shall see.

#5 fireman4it

fireman4it

    Bleepin' Fireman


  • Malware Response Team
  • 13,512 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Greenup, Ill USA
  • Local time:09:04 AM

Posted 03 February 2011 - 11:52 AM

Hello,


We need to disable windows defender so it will not interfere with some of our tools.

We need to disable your Windows Defender Real-time Protection as it may interfere with the fixes that we need to make.
  • Open Windows Defender.
  • Click on Tools, General Settings.
  • Scroll down and uncheck Turn on real-time protection (recommended).
  • After you uncheck this, click on the Save button and close Windows Defender.
After all of the fixes are complete it is very important that you enable Real-time Protection again.

1.
Re-Run MBRCheck.exe
  • Wait until you see the following line: Enter 'Y' and hit ENTER for more options, or 'N' to exit:
  • Please push the 'Y' key and then press Enter
  • When program ask you Enter your choice: enter
    [1] Dump the MBR of a physical disk to file.
    and press the Enter key
  • When it asks which Physical Drive(0-99)to dump: enter 0
  • The program will ask for the file name to dump to, type dump.dat and Press Enter. You should see Dumped successfully.
  • Next, type -1 and press Enter. Next press Enter again, and the program will exit.
  • Save it to your desktop then attach the resultant output in your next reply.


2.
I do not recommend that you have more than one anti virus product installed and running on your computer at a time. The reason for this is that if both products have their automatic (Real-Time) protection switched on, then those products which do not encrypt the virus strings within them can cause other anti virus products to cause "false alarms". It can also lead to a clash as both products fight for access to files which are opened again this is the resident/automatic protection. In general terms, the two programs may conflict and cause:
1) False Alarms: When the anti virus software tells you that your PC has a virus when it actually doesn't.
2) System Performance Problems: Your system may lock up due to both products attempting to access the same file at the same time.
Therefore please go to add/remove in the control panel and remove either Avast or Norton360.

3.
Important Note: Your version of Java is out of date. Older versions have vulnerabilities that malicious sites can use to exploit and infect your system. Microsoft: ‘Unprecedented Wave of Java Exploitation’
Drive-by Trojan preying on out-of-date Java installations
Ghosts of Java Haunt UsersPlease follow these steps to remove older version Java components and update:
  • Download the latest version of Java Runtime Environment (JRE) Version 6 and save it to your desktop.
  • Look for "Java Platform, Standard Edition".
  • Click the "Download JRE" button to the right.
  • Select your Platform: "Windows" (32-bit) or "Windows x64" (64-bit).
  • Select your Language: "Multi-language".
  • Read the License Agreement, and then check the box that says: "I agree to the Java SE...License Agreement".
  • Click Continue and the page will refresh.
  • Under Required Files, check the box for Windows Offline Installation, click the link below it and save the file to your desktop.
  • Close any programs you may have running - especially your web browser.
Go to Posted Image > Control Panel, double-click on Add/Remove Programs or Programs and Features in Vista/Windows 7 and remove all older versions of Java.
  • Check (highlight) any item with Java Runtime Environment (JRE or J2SE) in the name.
  • Click the Remove or Change/Remove button and follow the onscreen instructions for the Java uninstaller.
  • Repeat as many times as necessary to remove each Java versions.
  • Reboot your computer once all Java components are removed.
  • Then from your desktop double-click on jre-6u23-windows-i586.exe to install the newest version.
  • If using Windows 7 or Vista and the installer refuses to launch due to insufficient user permissions, then Run As Administrator.
  • When the Java Setup - Welcome window opens, click the Install > button.
  • If offered to install a Toolbar, just uncheck the box before continuing unless you want it.
-- Starting with Java 6u10, the uninstaller incorporated in each new release uses Enhanced Auto update to automatically remove the previous version when updating to a later update release. It will not remove older versions, so they will need to be removed manually.
-- Java is updated frequently. If you want to be automatically notified of future updates, just turn on the Java Automatic Update feature and you will not have to remember to update when Java releases a new version.


Note: The Java Quick Starter (JQS.exe) adds a service to improve the initial startup time of Java applets and applications but it's not necessary.
To disable the JQS service if you don't want to use it:
  • Go to Start > Control Panel > Java > Advanced > Miscellaneous and uncheck the box for Java Quick Starter.
  • Click Ok and reboot your computer.

4.
We need to run an OTL Fix
  • Please reopen Posted Image on your desktop.
  • Copy and Paste the following code into the Posted Image textbox. Do not include the word "Code"
    :Otl
    O4 - HKLM..\Run: [eRecoveryService] File not found
    O13 - gopher Prefix: missing
    O13 - gopher Prefix: missing
    O18:64bit: - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - Reg Error: Key error. File not found
    O18:64bit: - Protocol\Handler\ms-itss {0A9007C0-4076-11D3-8789-0000F8105754} - Reg Error: Key error. File not found
    O32 - AutoRun File - [2000/09/07 14:06:55 | 000,000,027 | R--- | M] () - D:\AUTORUN.INF -- [ CDFS ]
    O33 - MountPoints2\{6a9c5691-2ef3-11e0-b1fb-806e6f6e6963}\Shell - "" = AutoRun
    O33 - MountPoints2\{6a9c5691-2ef3-11e0-b1fb-806e6f6e6963}\Shell\AutoRun\command - "" = D:\CDExtra.exe -- [2002/11/26
  • Push Posted Image
  • OTL may ask to reboot the machine. Please do so if asked.
  • Click Posted Image.
  • A report will open. Copy and Paste that report in your next reply.

5.
Please download Malwarebytes' Anti-Malware (v1.50) and save it to your desktop.
Download Link 1
Download Link 2Malwarebytes' may "make changes to your registry" as part of its disinfection routine. If using other security programs that detect registry changes (ie Spybot's Teatimer), they may interfere or alert you. Temporarily disable such programs or permit them to allow the changes.

  • Make sure you are connected to the Internet and double-click on mbam-setup.exe to install the application.
    For instructions with screenshots, please refer to this Guide.
  • When the installation begins, follow the prompts and do not make any changes to default settings.
  • Malwarebytes will automatically start and you will be asked to update the program before performing a scan.
  • If an update is found, the program will automatically update itself. Press the OK button and continue.
  • If you encounter any problems while downloading the definition updates, manually download them from here and just double-click on mbam-rules.exe to install.
  • Under the Scanner tab, make sure the "Perform Quick Scan" option is selected.
  • Click on the Scan button.
  • When finished, a message box will say "The scan completed successfully. Click 'Show Results' to display all objects found".
  • Click OK to close the message box, then click the Show Results button to see a list of any malware that was found.
  • Make sure that everything is checked and then click Remove Selected.
  • When removal is completed, a log report will open in Notepad.
  • The log is automatically saved and can be viewed by clicking the Logs tab.
  • Copy and paste the contents of that report in your next reply. Be sure to post the complete log to include the top portion which shows the database version and your operating system.
  • Exit Malwarebytes' when done.
Note: If Malwarebytes' encounters a file that is difficult to remove, you will be asked to reboot your computer so it can proceed with the disinfection process. If asked to restart the computer, please do so immediately. Failure to reboot normally will prevent Malwarebytes' from removing all the malware.

6.
Download DDS and save it to your desktop from here or here or here.
Disable any script blocker, and then double click dds.scr to run the tool.

* When done, DDS will open two (2) logs:

1. DDS.txt
2. Attach.txt

Save both reports to your desktop post the contents of the DDS.txt log. Save the other report incase I need to look at it later.




Things to include in your next reply:
MBR Dump.dat
OTL fix log
MBAM log
DDS.txt
Attach.txt
How is your machine running now?

Edited by fireman4it, 03 February 2011 - 11:56 AM.

" Extinguishing Malware from the world"

The Virus, Trojan, Spyware, and Malware Removal forum is very busy. If I'm helping you and I've not posted back within 24 hrs., send a PM with your topic link. Thank you.

ALL OTHER HELP REQUESTS VIA THE PM SYSTEM WILL BE IGNORED. The Forums are there for a reason!
Thanks-


  userbar_eis_500.gif

If I have helped you, consider making a donation to help me continue the fight against Malware! Just click btn_donate_LG.gif


#6 josie_grossie35

josie_grossie35
  • Topic Starter

  • Members
  • 6 posts
  • OFFLINE
  •  
  • Local time:09:04 AM

Posted 03 February 2011 - 11:31 PM

MBRCheck, version 1.2.3
© 2010, AD

Command-line:
Windows Version: Windows Vista Home Premium Edition
Windows Information: Service Pack 1 (build 6001), 64-bit
Base Board Manufacturer: Gateway
BIOS Manufacturer: American Megatrends Inc.
System Manufacturer: Gateway
System Product Name: DX4200-09
Logical Drives Mask: 0x000000fc

Kernel Drivers (total 151):
0x02416000 \SystemRoot\system32\ntoskrnl.exe
0x0292E000 \SystemRoot\system32\hal.dll
0x00604000 \SystemRoot\system32\kdcom.dll
0x0060E000 \SystemRoot\system32\PSHED.dll
0x00622000 \SystemRoot\system32\CLFS.SYS
0x0067F000 \SystemRoot\system32\CI.dll
0x0080C000 \SystemRoot\system32\drivers\Wdf01000.sys
0x008E6000 \SystemRoot\system32\drivers\WDFLDR.SYS
0x008F4000 \SystemRoot\system32\drivers\acpi.sys
0x0094A000 \SystemRoot\system32\drivers\WMILIB.SYS
0x00953000 \SystemRoot\system32\drivers\msisadrv.sys
0x0095D000 \SystemRoot\system32\drivers\pci.sys
0x0098D000 \SystemRoot\System32\drivers\partmgr.sys
0x009A2000 \SystemRoot\system32\drivers\volmgr.sys
0x00731000 \SystemRoot\System32\drivers\volmgrx.sys
0x009B6000 \SystemRoot\system32\drivers\pciide.sys
0x009BD000 \SystemRoot\system32\drivers\PCIIDEX.SYS
0x009CD000 \SystemRoot\System32\drivers\mountmgr.sys
0x009E0000 \SystemRoot\system32\drivers\atapi.sys
0x00797000 \SystemRoot\system32\drivers\ataport.SYS
0x00A00000 \SystemRoot\system32\drivers\fltmgr.sys
0x00A46000 \SystemRoot\system32\drivers\fileinfo.sys
0x00A5A000 \SystemRoot\System32\Drivers\ksecdd.sys
0x00C03000 \SystemRoot\system32\drivers\ndis.sys
0x00AE1000 \SystemRoot\system32\drivers\msrpc.sys
0x00B31000 \SystemRoot\system32\drivers\NETIO.SYS
0x00E0B000 \SystemRoot\System32\drivers\tcpip.sys
0x00F7F000 \SystemRoot\System32\drivers\fwpkclnt.sys
0x01004000 \SystemRoot\System32\Drivers\Ntfs.sys
0x01188000 \SystemRoot\system32\drivers\volsnap.sys
0x011CC000 \SystemRoot\System32\Drivers\spldr.sys
0x011D4000 \SystemRoot\System32\Drivers\mup.sys
0x00FAB000 \SystemRoot\System32\drivers\ecache.sys
0x011E6000 \SystemRoot\system32\drivers\disk.sys
0x00DC6000 \SystemRoot\system32\drivers\CLASSPNP.SYS
0x00FD7000 \SystemRoot\system32\DRIVERS\AtiPcie.sys
0x00FDF000 \SystemRoot\system32\drivers\crcdisk.sys
0x00B89000 \SystemRoot\system32\DRIVERS\tunnel.sys
0x00B95000 \SystemRoot\system32\DRIVERS\processr.sys
0x0460D000 \SystemRoot\system32\DRIVERS\atikmdag.sys
0x04C6B000 \SystemRoot\System32\drivers\dxgkrnl.sys
0x04D4A000 \SystemRoot\System32\drivers\watchdog.sys
0x04D59000 \SystemRoot\system32\DRIVERS\HDAudBus.sys
0x04D6C000 \SystemRoot\system32\DRIVERS\yk60x64.sys
0x04DD1000 \SystemRoot\system32\DRIVERS\ohci1394.sys
0x04DE3000 \SystemRoot\system32\DRIVERS\1394BUS.SYS
0x00BA8000 \SystemRoot\system32\DRIVERS\cdrom.sys
0x04DF3000 \SystemRoot\System32\Drivers\GEARAspiWDM.sys
0x04600000 \SystemRoot\system32\DRIVERS\usbohci.sys
0x02000000 \SystemRoot\system32\DRIVERS\USBPORT.SYS
0x02046000 \SystemRoot\system32\DRIVERS\usbehci.sys
0x02057000 \SystemRoot\system32\DRIVERS\parport.sys
0x02073000 \SystemRoot\system32\DRIVERS\i8042prt.sys
0x02089000 \SystemRoot\system32\DRIVERS\kbdclass.sys
0x02097000 \SystemRoot\system32\DRIVERS\serial.sys
0x020B4000 \SystemRoot\system32\DRIVERS\serenum.sys
0x020C0000 \SystemRoot\system32\DRIVERS\agrsm64.sys
0x021FC000 \SystemRoot\system32\DRIVERS\USBD.SYS
0x00BC4000 \SystemRoot\system32\drivers\modem.sys
0x007BB000 \SystemRoot\system32\DRIVERS\msiscsi.sys
0x04E0B000 \SystemRoot\system32\DRIVERS\storport.sys
0x04E68000 \SystemRoot\system32\DRIVERS\TDI.SYS
0x04E75000 \SystemRoot\system32\DRIVERS\rasl2tp.sys
0x04E98000 \SystemRoot\system32\DRIVERS\ndistapi.sys
0x04EA4000 \SystemRoot\system32\DRIVERS\ndiswan.sys
0x04ED5000 \SystemRoot\system32\DRIVERS\raspppoe.sys
0x04EE5000 \SystemRoot\system32\DRIVERS\raspptp.sys
0x04F03000 \SystemRoot\system32\DRIVERS\rassstp.sys
0x04F1B000 \SystemRoot\system32\DRIVERS\termdd.sys
0x04F2D000 \SystemRoot\system32\DRIVERS\mouclass.sys
0x04F39000 \SystemRoot\system32\DRIVERS\swenum.sys
0x04F3B000 \SystemRoot\system32\DRIVERS\ks.sys
0x04F6F000 \SystemRoot\system32\DRIVERS\mssmbios.sys
0x04F7A000 \SystemRoot\system32\DRIVERS\umbus.sys
0x04F8A000 \SystemRoot\system32\DRIVERS\usbhub.sys
0x04FD1000 \SystemRoot\System32\Drivers\NDProxy.SYS
0x05A0A000 \SystemRoot\system32\drivers\HdAudio.sys
0x05A53000 \SystemRoot\system32\drivers\portcls.sys
0x05A8E000 \SystemRoot\system32\drivers\drmk.sys
0x05AB1000 \SystemRoot\system32\drivers\ksthunk.sys
0x05C05000 \SystemRoot\system32\drivers\RTKVHD64.sys
0x05D72000 \SystemRoot\System32\Drivers\Fs_Rec.SYS
0x05D7C000 \SystemRoot\System32\Drivers\Null.SYS
0x05D85000 \SystemRoot\System32\drivers\vga.sys
0x05D93000 \SystemRoot\System32\drivers\VIDEOPRT.SYS
0x05DB8000 \SystemRoot\System32\DRIVERS\RDPCDD.sys
0x05DC1000 \SystemRoot\system32\drivers\rdpencdd.sys
0x05DCA000 \SystemRoot\System32\Drivers\Msfs.SYS
0x05DD5000 \SystemRoot\System32\Drivers\Npfs.SYS
0x05DE6000 \SystemRoot\System32\DRIVERS\rasacd.sys
0x05AB7000 \SystemRoot\system32\DRIVERS\tdx.sys
0x05AD4000 \SystemRoot\System32\Drivers\SYMTDI.SYS
0x05B1D000 \??\C:\Windows\system32\Drivers\SYMEVENT64x86.SYS
0x05B53000 \SystemRoot\system32\DRIVERS\smb.sys
0x05B6E000 \SystemRoot\system32\drivers\afd.sys
0x05E05000 \SystemRoot\System32\DRIVERS\netbt.sys
0x05E49000 \SystemRoot\system32\DRIVERS\pacer.sys
0x05E67000 \SystemRoot\system32\DRIVERS\SymIMv.sys
0x05E71000 \SystemRoot\system32\DRIVERS\netbios.sys
0x05E80000 \SystemRoot\system32\DRIVERS\wanarp.sys
0x05E9B000 \SystemRoot\System32\Drivers\SRTSPX64.SYS
0x05EAF000 \SystemRoot\system32\DRIVERS\rdbss.sys
0x05EFD000 \SystemRoot\system32\drivers\nsiproxy.sys
0x05F09000 \??\C:\PROGRA~3\Symantec\DEFINI~1\SymcData\ipsdefs\20110126.001\IDSvia64.sys
0x05F6F000 \SystemRoot\system32\DRIVERS\hidusb.sys
0x05F78000 \SystemRoot\system32\DRIVERS\HIDCLASS.SYS
0x05F8A000 \SystemRoot\system32\DRIVERS\HIDPARSE.SYS
0x06005000 \??\C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\eeCtrl64.sys
0x0607B000 \??\C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys
0x060A0000 \SystemRoot\System32\Drivers\dfsc.sys
0x060BD000 \SystemRoot\system32\DRIVERS\usbccgp.sys
0x060D9000 \SystemRoot\system32\drivers\RTSTOR64.SYS
0x060ED000 \SystemRoot\system32\DRIVERS\cdfs.sys
0x06109000 \SystemRoot\System32\Drivers\crashdmp.sys
0x06117000 \SystemRoot\System32\Drivers\dump_dumpata.sys
0x06123000 \SystemRoot\System32\Drivers\dump_atapi.sys
0x00050000 \SystemRoot\System32\win32k.sys
0x0612B000 \SystemRoot\System32\drivers\Dxapi.sys
0x06137000 \SystemRoot\system32\DRIVERS\monitor.sys
0x004A0000 \SystemRoot\System32\TSDDD.dll
0x00600000 \SystemRoot\System32\cdd.dll
0x0614A000 \SystemRoot\system32\drivers\luafv.sys
0x0780B000 \SystemRoot\system32\drivers\spsys.sys
0x078C9000 \SystemRoot\system32\DRIVERS\lltdio.sys
0x078DD000 \SystemRoot\system32\DRIVERS\nwifi.sys
0x07911000 \SystemRoot\system32\DRIVERS\ndisuio.sys
0x0791C000 \SystemRoot\system32\DRIVERS\rspndr.sys
0x07934000 \SystemRoot\system32\drivers\HTTP.sys
0x079D3000 \SystemRoot\System32\DRIVERS\srvnet.sys
0x078A5000 \SystemRoot\system32\DRIVERS\bowser.sys
0x0616C000 \SystemRoot\System32\drivers\mpsdrv.sys
0x06186000 \SystemRoot\system32\drivers\mrxdav.sys
0x061AD000 \SystemRoot\system32\DRIVERS\mrxsmb.sys
0x05F9D000 \SystemRoot\system32\DRIVERS\mrxsmb10.sys
0x061D6000 \SystemRoot\system32\DRIVERS\mrxsmb20.sys
0x07C05000 \SystemRoot\System32\DRIVERS\srv2.sys
0x07C37000 \SystemRoot\System32\DRIVERS\srv.sys
0x07CCE000 \SystemRoot\System32\Drivers\SYMREDRV.SYS
0x07CD9000 \SystemRoot\System32\Drivers\SYMDNS.SYS
0x07CE2000 \SystemRoot\System32\Drivers\SYMNDISV.SYS
0x07CF0000 \SystemRoot\System32\Drivers\SYMFW.SYS
0x07D30000 \SystemRoot\system32\drivers\peauth.sys
0x07DE6000 \SystemRoot\System32\Drivers\secdrv.SYS
0x07DF1000 \SystemRoot\System32\drivers\tcpipreg.sys
0x05BDB000 \SystemRoot\system32\DRIVERS\WUDFRd.sys
0x07D18000 \SystemRoot\system32\DRIVERS\WUDFPf.sys
0x08A0F000 \SystemRoot\System32\Drivers\SRTSP64.SYS
0x08C05000 \??\C:\PROGRA~3\Symantec\DEFINI~1\VIRUSD~1\20110203.003\EX64.SYS
0x08DBF000 \??\C:\PROGRA~3\Symantec\DEFINI~1\VIRUSD~1\20110203.003\ENG64.SYS
0x08DEA000 \SystemRoot\system32\DRIVERS\mouhid.sys
0x76FE0000 \Windows\System32\ntdll.dll

Processes (total 61):
0 System Idle Process
4 System
452 C:\Windows\System32\smss.exe
604 csrss.exe
656 C:\Windows\System32\wininit.exe
684 csrss.exe
712 C:\Windows\System32\services.exe
724 C:\Windows\System32\lsass.exe
732 C:\Windows\System32\lsm.exe
896 C:\Windows\System32\winlogon.exe
924 C:\Windows\System32\svchost.exe
984 C:\Windows\System32\svchost.exe
1020 C:\Windows\System32\svchost.exe
472 C:\Windows\System32\Ati2evxx.exe
576 C:\Windows\System32\svchost.exe
608 C:\Windows\System32\svchost.exe
704 C:\Windows\System32\svchost.exe
1044 C:\Windows\System32\audiodg.exe
1104 C:\Windows\System32\svchost.exe
1132 C:\Windows\System32\SLsvc.exe
1176 C:\Windows\System32\svchost.exe
1344 C:\Windows\System32\Ati2evxx.exe
1368 C:\Windows\System32\svchost.exe
1572 C:\Windows\System32\spoolsv.exe
1612 C:\Program Files (x86)\Common Files\Symantec Shared\CCSVCHST.EXE
1832 C:\Windows\System32\svchost.exe
2136 C:\Windows\System32\taskeng.exe
2368 C:\Windows\System32\agr64svc.exe
2404 C:\Program Files\GATEWAY\Gateway Recovery Management\Service\ETService.exe
2608 C:\Windows\System32\svchost.exe
2628 C:\Program Files (x86)\CyberLink\Shared files\RichVideo.exe
2660 C:\Windows\System32\svchost.exe
2696 C:\Windows\System32\svchost.exe
2732 C:\Windows\System32\SearchIndexer.exe
2792 C:\Windows\System32\rundll32.exe
2948 WUDFHost.exe
2212 C:\Program Files (x86)\Symantec\LiveUpdate\AluSchedulerSvc.exe
2120 C:\Windows\System32\taskeng.exe
3084 C:\Windows\System32\taskeng.exe
3092 C:\Windows\System32\dwm.exe
3152 C:\Windows\explorer.exe
3188 C:\Windows\mHotkey.exe
3316 C:\Program Files\Windows Defender\MSASCui.exe
3328 C:\Program Files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
3344 C:\Program Files (x86)\McAfee Security Scan\2.0.181\SSScheduler.exe
3492 C:\Program Files (x86)\Common Files\Symantec Shared\CCSVCHST.EXE
3516 C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
3532 C:\Windows\CNYHKey.exe
3540 C:\Program Files (x86)\IOI\Smart Copy\ButtonMonitor.exe
3748 C:\Windows\ModLEDKey.exe
3928 C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CCC.exe
3280 C:\Windows\ChiFuncExt.exe
3368 C:\Windows\System32\wuauclt.exe
908 C:\Windows\splwow64.exe
504 taskeng.exe
1272 C:\Program Files (x86)\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
4432 WmiPrvSE.exe
1076 C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
4100 C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
3556 C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
4760 C:\Users\unseth\Downloads\MBRCheck.exe

\\.\C: --> \\.\PhysicalDrive0 at offset 0x00000002`71200000 (NTFS)

PhysicalDrive0 Model Number: WDCWD6400AAKS-00A7B2, Rev: 01.03B01

Size Device Name MBR Status
--------------------------------------------
596 GB \\.\PhysicalDrive0 Unknown MBR code
SHA1: 53902D02D6A9EDB1C16B4443A248CC81F6527D29


Found non-standard or infected MBR.
Enter 'Y' and hit ENTER for more options, or 'N' to exit:
Options:
[1] Dump the MBR of a physical disk to file.
[2] Restore the MBR of a physical disk with a standard boot code.
[3] Exit.

Enter your choice: Enter the physical disk number to dump (0-99, -1 to exit): 0Dumping \\.\PhysicalDisk0...
Enter filename to dump to: dump.datDumped successfully!

Enter the physical disk number to dump (0-99, -1 to exit): -1

Done!

========== OTL ==========
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\\eRecoveryService deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\URL\Prefixes\\gopher|:gopher:// /E : value set successfully!
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\URL\Prefixes\\gopher|:gopher:// /E : value set successfully!
64bit-Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PROTOCOLS\Handler\ms-help\ deleted successfully.
64bit-Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{314111c7-a502-11d2-bbca-00c04f8ec294}\ not found.
File {314111c7-a502-11d2-bbca-00c04f8ec294} - Reg Error: Key error. File not found not found.
64bit-Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PROTOCOLS\Handler\ms-itss\ deleted successfully.
64bit-Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{0A9007C0-4076-11D3-8789-0000F8105754}\ not found.
File {0A9007C0-4076-11D3-8789-0000F8105754} - Reg Error: Key error. File not found not found.
File move failed. D:\AUTORUN.INF scheduled to be moved on reboot.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{6a9c5691-2ef3-11e0-b1fb-806e6f6e6963}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{6a9c5691-2ef3-11e0-b1fb-806e6f6e6963}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{6a9c5691-2ef3-11e0-b1fb-806e6f6e6963}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{6a9c5691-2ef3-11e0-b1fb-806e6f6e6963}\ not found.
File move failed. D:\CDExtra.exe scheduled to be moved on reboot.

OTL by OldTimer - Version 3.2.20.6 log created on 02032011_221451

Files\Folders moved on Reboot...
File move failed. D:\AUTORUN.INF scheduled to be moved on reboot.
File move failed. D:\CDExtra.exe scheduled to be moved on reboot.

Registry entries deleted on Reboot...

Malwarebytes' Anti-Malware 1.50.1.1100
www.malwarebytes.org

Database version: 5671

Windows 6.0.6001 Service Pack 1
Internet Explorer 8.0.6001.18999

2/3/2011 10:24:54 PM
mbam-log-2011-02-03 (22-24-54).txt

Scan type: Quick scan
Objects scanned: 158353
Time elapsed: 2 minute(s), 23 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 0

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
(No malicious items detected)

DDS (Ver_10-12-12.02) - NTFS_AMD64
Run by unseth at 22:26:00.19 on Thu 02/03/2011
Internet Explorer: 8.0.6001.18999
Microsoft® Windows Vista™ Home Premium 6.0.6001.1.1252.1.1033.18.3838.2475 [GMT -6:00]

AV: Norton 360 *Enabled/Updated* {88C95A36-8C3B-2F2C-1B8B-30FCCFDC4855}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
SP: Norton 360 *Enabled/Updated* {33A8BBD2-AA01-20A2-213B-0B8EB45B02E8}
FW: Norton 360 *Enabled* {B0F2DB13-C654-2E74-30D4-99C9310F0F2E}

============== Running Processes ===============

C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\svchost.exe -k rpcss
C:\Windows\System32\svchost.exe -k secsvcs
C:\Windows\system32\Ati2evxx.exe
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k GPSvcGroup
C:\Windows\system32\SLsvc.exe
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\system32\Ati2evxx.exe
C:\Windows\System32\spoolsv.exe
c:\Program Files (x86)\Common Files\Symantec Shared\ccSvcHst.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Windows\system32\taskeng.exe
C:\Windows\system32\taskeng.exe
C:\Windows\system32\taskeng.exe
C:\Windows\MHotKey.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Windows\ChiFuncExt.exe
C:\Windows\system32\agr64svc.exe
C:\Program Files\GATEWAY\Gateway Recovery Management\Service\ETService.exe
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\Program Files (x86)\CyberLink\Shared files\RichVideo.exe
C:\Windows\system32\svchost.exe -k imgsvc
C:\Windows\System32\svchost.exe -k WerSvcGroup
C:\Windows\system32\SearchIndexer.exe
C:\Windows\system32\WUDFHost.exe
C:\Windows\system32\RUNDLL32.EXE
c:\Program Files (x86)\Symantec\LiveUpdate\AluSchedulerSvc.exe
C:\Windows\notepad.exe
C:\Program Files\Windows Defender\MSASCui.exe
C:\Program Files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Program Files (x86)\McAfee Security Scan\2.0.181\SSScheduler.exe
c:\Program Files (x86)\Common Files\Symantec Shared\ccSvcHst.exe
C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
C:\Windows\CNYHKey.exe
C:\Program Files (x86)\IOI\Smart Copy\ButtonMonitor.exe
C:\Windows\ModLedKey.exe
C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CCC.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Windows\system32\wuauclt.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Windows\SysWOW64\NOTEPAD.EXE
C:\Windows\system32\SearchProtocolHost.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Windows\system32\DllHost.exe
C:\Windows\system32\DllHost.exe
C:\Users\unseth\Downloads\dds (6).scr
C:\Windows\system32\wbem\wmiprvse.exe

============== Pseudo HJT Report ===============

mStart Page = hxxp://homepage.gateway.com/rdr.aspx?b=ACGW&l=0409&s=1&o=vp64&d=0211&m=dx4200-09
mWinlogon: Userinit=userinit.exe
BHO: Adobe PDF Reader Link Helper: {06849e9f-c8d7-4d59-b87d-784b7d6be0b3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
BHO: NCO 2.0 IE BHO: {602adb0e-4aff-4217-8aa1-95dac4dfa408} - c:\Program Files (x86)\Common Files\Symantec Shared\coShared\Browser\2.6\coIEPlg.dll
BHO: Symantec Intrusion Prevention: {6d53ec84-6aae-4787-aeee-f4628f01010c} - C:\PROGRA~2\COMMON~1\SYMANT~1\IDS\IPSBHO.dll
BHO: Google Toolbar Helper: {aa58ed58-01dd-4d91-8333-cf10577473f7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll
BHO: Google Toolbar Notifier BHO: {af69de43-7d58-4638-b6fa-ce66b5ad205d} - C:\Program Files (x86)\Google\GoogleToolbarNotifier\5.6.5805.1910\swg.dll
TB: Show Norton Toolbar: {7febefe3-6b19-4349-98d2-ffb09d4b49ca} - c:\Program Files (x86)\Common Files\Symantec Shared\coShared\Browser\2.6\CoIEPlg.dll
TB: Google Toolbar: {2318c2b1-4965-11d4-9b18-009027a5cd4f} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll
uRun: [swg] "C:\Program Files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe"
mRun: [ccApp] "c:\Program Files (x86)\Common Files\Symantec Shared\ccApp.exe"
mRun: [osCheck] "c:\Program Files (x86)\Norton 360\osCheck.exe"
mRun: [Adobe Reader Speed Launcher] "C:\Program Files (x86)\Adobe\Reader 8.0\Reader\Reader_sl.exe"
mRun: [StartCCC] "C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun
mRun: [LchDrvKey] LchDrvKey.exe
mRun: [LedKey] CNYHKey.exe
mRun: [Smart Copy] "C:\Program Files (x86)\IOI\Smart Copy\ButtonMonitor.exe" -A
mRun: [P2Go_Menu] "C:\Program Files (x86)\CyberLink\Power2Go\MUITransfer\MUIStartMenu.exe" "C:\Program Files (x86)\CyberLink\Power2Go" UpdateWithCreateOnce "SOFTWARE\CyberLink\Power2Go\6.0"
mRunOnce: [Malwarebytes' Anti-Malware] "C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe" /install /silent
StartupFolder: C:\PROGRA~3\MICROS~1\Windows\STARTM~1\Programs\Startup\MCAFEE~1.LNK - C:\Program Files (x86)\McAfee Security Scan\2.0.181\SSScheduler.exe
mPolicies-explorer: NoActiveDesktop = 1 (0x1)
mPolicies-explorer: NoActiveDesktopChanges = 1 (0x1)
mPolicies-system: EnableUIADesktopToggle = 0 (0x0)
IE: Google Sidewiki... - C:\Program Files (x86)\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_E11712C84EA7E12B.dll/cmsidewiki.html
IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - C:\PROGRA~2\MICROS~2\Office12\ONBttnIE.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - C:\PROGRA~2\MICROS~2\Office12\REFIEBAR.DLL
DPF: {3860DD98-0549-4D50-AA72-5D17D200EE10} - hxxp://cdn.scan.onecare.live.com/resource/download/scanner/en-us/wlscctrl2.cab
DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
BHO-X64: Google Toolbar Helper: {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll
BHO-X64: Google Toolbar Notifier BHO: {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.6.5805.1910\swg64.dll
BHO-X64: Java™ Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
TB-X64: Google Toolbar: {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll
TB-X64: Show Norton Toolbar: {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} -
mRun-x64: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide

============= SERVICES / DRIVERS ===============

R1 IDSvia64;Symantec Intrusion Prevention Driver;C:\PROGRA~3\Symantec\DEFINI~1\SymcData\ipsdefs\20110126.001\IDSvia64.sys [2011-2-2 392752]
R2 ETService;Empowering Technology Service;C:\Program Files\GATEWAY\Gateway Recovery Management\Service\ETService.exe [2011-2-2 24576]
R2 LiveUpdate Notice;LiveUpdate Notice;C:\Program Files (x86)\Common Files\Symantec Shared\CCSVCHST.EXE [2008-2-17 149352]
R2 yksvc;Marvell Yukon Service;RUNDLL32.EXE ykx64coinst,serviceStartProc --> RUNDLL32.EXE ykx64coinst,serviceStartProc [?]
R3 EraserUtilRebootDrv;EraserUtilRebootDrv;C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [2011-2-2 132656]
R3 SYMNDISV;SYMNDISV;C:\Windows\System32\drivers\symndisv.sys [2009-2-19 47664]
R3 yukonx64;NDIS6.0 Miniport Driver for Marvell Yukon Ethernet Controller;C:\Windows\System32\drivers\yk60x64.sys [2008-8-5 392192]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-3-18 138576]
S2 gupdate;Google Update Service (gupdate);C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2011-2-2 135664]
S3 COH_Mon;COH_Mon;C:\Windows\System32\drivers\COH_Mon.sys [2011-2-2 25424]
S3 McComponentHostService;McAfee Security Scan Component Host Service;C:\Program Files (x86)\McAfee Security Scan\2.0.181\McCHSvc.exe [2010-1-15 227232]
S3 PerfHost;Performance Counter DLL Host;C:\Windows\SysWOW64\perfhost.exe [2008-1-20 19968]
S3 Symantec Core LC;Symantec Core LC;C:\PROGRA~2\COMMON~1\SYMANT~1\CCPD-LC\symlcsvc.exe [2008-11-3 1245064]
S3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\WPF\WPFFontCache_v0400.exe [2010-3-18 1020768]
S4 clr_optimization_v2.0.50727_64;Microsoft .NET Framework NGEN v2.0.50727_X64;C:\Windows\Microsoft.NET\Framework64\v2.0.50727\mscorsvw.exe [2011-2-2 93184]

=============== File Associations ===============

JSEFile=C:\Windows\SysWOW64\WScript.exe "%1" %*

=============== Created Last 30 ================

2011-02-04 04:21:26 -------- d-----w- C:\Users\unseth\AppData\Roaming\Malwarebytes
2011-02-04 04:21:22 38224 ----a-w- C:\Windows\SysWow64\drivers\mbamswissarmy.sys
2011-02-04 04:21:22 -------- d-----w- C:\PROGRA~3\Malwarebytes
2011-02-04 04:21:19 24152 ----a-w- C:\Windows\System32\drivers\mbam.sys
2011-02-04 04:21:19 -------- d-----w- C:\Program Files (x86)\Malwarebytes' Anti-Malware
2011-02-04 04:14:51 -------- d-----w- C:\_OTL
2011-02-03 22:35:18 521448 ----a-w- C:\Windows\System32\deployJava1.dll
2011-02-03 04:43:09 388096 ----a-r- C:\Users\unseth\AppData\Roaming\Microsoft\Installer\{45A66726-69BC-466B-A7A4-12FCBA4883D7}\HiJackThis.exe
2011-02-03 04:43:07 -------- d-----w- C:\Program Files (x86)\Trend Micro
2011-02-03 02:23:20 -------- d-----w- C:\PROGRA~3\Alwil Software
2011-02-03 00:58:45 99176 ----a-w- C:\Windows\SysWow64\PresentationHostProxy.dll
2011-02-03 00:58:45 49472 ----a-w- C:\Windows\SysWow64\netfxperf.dll
2011-02-03 00:58:45 48960 ----a-w- C:\Windows\System32\netfxperf.dll
2011-02-03 00:58:45 444752 ----a-w- C:\Windows\System32\mscoree.dll
2011-02-03 00:58:45 320352 ----a-w- C:\Windows\System32\PresentationHost.exe
2011-02-03 00:58:45 297808 ----a-w- C:\Windows\SysWow64\mscoree.dll
2011-02-03 00:58:45 295264 ----a-w- C:\Windows\SysWow64\PresentationHost.exe
2011-02-03 00:58:45 1942856 ----a-w- C:\Windows\System32\dfshim.dll
2011-02-03 00:58:45 1130824 ----a-w- C:\Windows\SysWow64\dfshim.dll
2011-02-03 00:58:45 109912 ----a-w- C:\Windows\System32\PresentationHostProxy.dll
2011-02-02 23:06:25 316416 ----a-w- C:\Windows\System32\msshsq.dll
2011-02-02 23:06:25 231936 ----a-w- C:\Windows\SysWow64\msshsq.dll
2011-02-02 22:06:26 49160 ----a-w- C:\Windows\System32\infocardcpl.cpl
2011-02-02 22:06:26 37384 ----a-w- C:\Windows\SysWow64\infocardcpl.cpl
2011-02-02 22:06:22 11264 ----a-w- C:\Windows\SysWow64\icardres.dll
2011-02-02 22:06:22 11264 ----a-w- C:\Windows\System32\icardres.dll
2011-02-02 22:06:20 97800 ----a-w- C:\Windows\SysWow64\infocardapi.dll
2011-02-02 22:06:20 781344 ----a-w- C:\Windows\SysWow64\PresentationNative_v0300.dll
2011-02-02 22:06:20 622080 ----a-w- C:\Windows\SysWow64\icardagt.exe
2011-02-02 22:06:20 167432 ----a-w- C:\Windows\System32\infocardapi.dll
2011-02-02 22:06:20 1383936 ----a-w- C:\Windows\System32\icardagt.exe
2011-02-02 22:06:20 1168928 ----a-w- C:\Windows\System32\PresentationNative_v0300.dll
2011-02-02 22:06:13 126520 ----a-w- C:\Windows\System32\PresentationCFFRasterizerNative_v0300.dll
2011-02-02 22:06:13 105016 ----a-w- C:\Windows\SysWow64\PresentationCFFRasterizerNative_v0300.dll
2011-02-02 21:58:11 158720 ----a-w- C:\Windows\SysWow64\mscorier.dll
2011-02-02 21:58:11 158208 ----a-w- C:\Windows\System32\mscorier.dll
2011-02-02 21:58:08 76288 ----a-w- C:\Windows\System32\mscories.dll
2011-02-02 21:58:07 83968 ----a-w- C:\Windows\SysWow64\mscories.dll
2011-02-02 21:55:14 3765288 ----a-w- C:\PROGRA~3\Microsoft\Windows Defender\Definition Updates\Backup\mpengine.dll
2011-02-02 21:55:11 7844688 ----a-w- C:\PROGRA~3\Microsoft\Windows Defender\Definition Updates\{70D1B6C6-71D1-43BE-AC15-4C85DE4A4BBA}\mpengine.dll
2011-02-02 21:55:08 270720 ------w- C:\Windows\System32\MpSigStub.exe
2011-02-02 21:52:48 32768 ----a-w- C:\Windows\System32\nshhttp.dll
2011-02-02 21:52:48 24064 ----a-w- C:\Windows\SysWow64\nshhttp.dll
2011-02-02 21:52:45 610304 ----a-w- C:\Windows\System32\drivers\http.sys
2011-02-02 21:52:45 33792 ----a-w- C:\Windows\System32\httpapi.dll
2011-02-02 21:52:44 31232 ----a-w- C:\Windows\SysWow64\httpapi.dll
2011-02-02 21:47:37 98304 ----a-w- C:\Windows\SysWow64\cabview.dll
2011-02-02 21:47:37 104960 ----a-w- C:\Windows\System32\cabview.dll
2011-02-02 21:47:36 218112 ----a-w- C:\Windows\System32\wintrust.dll
2011-02-02 21:47:36 171520 ----a-w- C:\Windows\SysWow64\wintrust.dll
2011-02-02 21:45:14 80896 ----a-w- C:\Windows\SysWow64\MSNP.ax
2011-02-02 21:45:14 227328 ----a-w- C:\Windows\System32\mpg2splt.ax
2011-02-02 21:45:14 177664 ----a-w- C:\Windows\SysWow64\mpg2splt.ax
2011-02-02 21:45:14 101376 ----a-w- C:\Windows\System32\MSNP.ax
2011-02-02 21:45:12 293376 ----a-w- C:\Windows\SysWow64\psisdecd.dll
2011-02-02 21:45:11 558592 ----a-w- C:\Windows\System32\EncDec.dll
2011-02-02 21:45:11 428544 ----a-w- C:\Windows\SysWow64\EncDec.dll
2011-02-02 21:45:11 375808 ----a-w- C:\Windows\System32\psisdecd.dll
2011-02-02 21:45:11 289792 ----a-w- C:\Windows\System32\psisrndr.ax
2011-02-02 21:45:11 217088 ----a-w- C:\Windows\SysWow64\psisrndr.ax
2011-02-02 21:42:18 2621440 ----a-w- C:\Windows\System32\wucltux.dll
2011-02-02 21:42:07 98816 ----a-w- C:\Windows\System32\wudriver.dll
2011-02-02 21:42:07 87552 ----a-w- C:\Windows\SysWow64\wudriver.dll
2011-02-02 21:41:53 36864 ----a-w- C:\Windows\System32\wuapp.exe
2011-02-02 21:41:53 33792 ----a-w- C:\Windows\SysWow64\wuapp.exe
2011-02-02 21:41:53 185416 ----a-w- C:\Windows\System32\wuwebv.dll
2011-02-02 21:41:53 171608 ----a-w- C:\Windows\SysWow64\wuwebv.dll
2011-02-02 21:35:12 7680 ----a-w- C:\Program Files\Internet Explorer\iecompat.dll
2011-02-02 21:35:12 7680 ----a-w- C:\Program Files (x86)\Internet Explorer\iecompat.dll
2011-02-02 21:32:02 88064 ----a-w- C:\Windows\System32\admparse.dll
2011-02-02 21:21:43 176640 ----a-w- C:\Windows\System32\Faultrep.dll
2011-02-02 21:20:57 3080704 ----a-w- C:\Windows\explorer.exe
2011-02-02 21:18:31 891392 ----a-w- C:\Windows\System32\wbem\fastprox.dll
2011-02-02 21:16:57 1923584 ----a-w- C:\Windows\System32\ole32.dll
2011-02-02 21:15:50 594944 ----a-w- C:\Windows\System32\RMActivate_isv.exe
2011-02-02 21:12:55 730112 ----a-w- C:\Windows\System32\msdtcprx.dll
2011-02-02 21:09:13 954752 ----a-w- C:\Windows\SysWow64\mfc40.dll
2011-02-02 21:09:13 954288 ----a-w- C:\Windows\SysWow64\mfc40u.dll
2011-02-02 21:09:11 1251840 ----a-w- C:\Windows\System32\sdclt.exe
2011-02-02 21:09:08 4240384 ----a-w- C:\Windows\SysWow64\GameUXLegacyGDFs.dll
2011-02-02 21:09:08 32256 ----a-w- C:\Windows\System32\Apphlpdm.dll
2011-02-02 21:09:08 28672 ----a-w- C:\Windows\SysWow64\Apphlpdm.dll
2011-02-02 21:09:07 4240384 ----a-w- C:\Windows\System32\GameUXLegacyGDFs.dll
2011-02-02 21:08:41 854528 ----a-w- C:\Windows\System32\schedsvc.dll
2011-02-02 21:08:41 655872 ----a-w- C:\Windows\System32\taskschd.dll
2011-02-02 21:08:41 499712 ----a-w- C:\Windows\System32\wmicmiplugin.dll
2011-02-02 21:08:41 357376 ----a-w- C:\Windows\SysWow64\taskschd.dll
2011-02-02 21:08:40 410112 ----a-w- C:\Windows\System32\taskcomp.dll
2011-02-02 21:08:40 270336 ----a-w- C:\Windows\SysWow64\taskcomp.dll
2011-02-02 21:08:40 267776 ----a-w- C:\Windows\System32\taskeng.exe
2011-02-02 21:08:40 171520 ----a-w- C:\Windows\SysWow64\taskeng.exe
2011-02-02 21:08:38 343040 ----a-w- C:\Windows\System32\schannel.dll
2011-02-02 21:08:38 274432 ----a-w- C:\Windows\SysWow64\schannel.dll
2011-02-02 21:08:34 439808 ----a-w- C:\Windows\System32\winhttp.dll
2011-02-02 21:08:34 376832 ----a-w- C:\Windows\SysWow64\winhttp.dll
2011-02-02 21:06:55 -------- d-----w- C:\Users\unseth\AppData\Local\Microsoft Games
2011-02-02 21:05:16 68096 ----a-w- C:\Program Files\Windows Mail\wabmig.exe
2011-02-02 21:05:16 66048 ----a-w- C:\Program Files (x86)\Windows Mail\wabmig.exe
2011-02-02 21:05:16 516096 ----a-w- C:\Program Files\Windows Mail\wab.exe
2011-02-02 21:05:16 515584 ----a-w- C:\Program Files (x86)\Windows Mail\wab.exe
2011-02-02 21:05:16 35328 ----a-w- C:\Program Files\Windows Mail\wabfind.dll
2011-02-02 21:05:16 33280 ----a-w- C:\Program Files (x86)\Windows Mail\wabfind.dll
2011-02-02 21:02:24 49152 ----a-w- C:\Windows\CNYUSB.dll
2011-02-02 20:53:16 215848 ----a-r- C:\Program Files (x86)\Common Files\Microsoft Shared\Works Shared\eularegn.dll
2011-02-02 20:53:16 20776 ----a-r- C:\Program Files (x86)\Common Files\Microsoft Shared\Works Shared\wkernlng.dll
2011-02-02 20:35:06 -------- d-----w- C:\Users\unseth\AppData\Local\Google
2011-02-02 20:28:04 19304 ----a-w- C:\Windows\System32\drivers\GEARAspiWDM.sys
2011-02-02 20:28:04 126312 ----a-w- C:\Windows\System32\GEARAspi64.dll
2011-02-02 20:28:04 107368 ----a-w- C:\Windows\SysWow64\GEARAspi.dll
2011-02-02 20:28:04 -------- d-----w- C:\PROGRA~3\{3276BE95_AF08_429F_A64F_CA64CB79BCF6}
2011-02-02 20:27:09 -------- d-----w- C:\Users\unseth\AppData\Local\Adobe
2011-02-02 20:26:28 25424 ----a-w- C:\Windows\System32\drivers\COH_Mon.sys
2011-02-02 20:25:40 -------- d-----w- C:\PROGRA~3\McAfee Security Scan
2011-02-02 20:25:39 -------- d-----w- C:\Program Files (x86)\McAfee Security Scan
2011-02-02 18:01:38 585216 ----a-w- C:\Windows\System32\INT15_64.dll
2011-02-02 18:01:38 17952 ----a-w- C:\Windows\System32\drivers\int15_64.sys
2011-02-02 18:01:29 17952 ----a-w- C:\Windows\SysWow64\drivers\int15_64.sys
2011-02-02 18:01:29 15392 ----a-w- C:\Windows\SysWow64\drivers\int15.sys
2011-02-02 18:01:09 -------- d-----w- C:\Program Files\GATEWAY
2011-02-02 18:00:38 -------- d-----w- C:\Program Files (x86)\IOI
2011-02-02 17:59:51 66048 ----a-w- C:\Windows\System32\drivers\RTSTOR64.sys
2011-02-02 17:59:51 6416928 ----a-w- C:\Windows\system\DriveIcon.dll
2011-02-02 17:59:21 581120 ----a-w- C:\Windows\mHotkey.exe
2011-02-02 17:59:21 53248 ----a-w- C:\Windows\ModLEDKey.exe
2011-02-02 17:59:21 354304 ----a-w- C:\Windows\CNYHKey.exe
2011-02-02 17:59:20 57344 ----a-w- C:\Windows\ChiFuncExt.exe
2011-02-02 17:59:20 36864 ----a-w- C:\Windows\LchDrvKey.exe
2011-02-02 17:59:20 294912 ----a-w- C:\Windows\PIC.dll
2011-02-02 17:59:00 -------- d-----w- C:\Users\unseth\AppData\Roaming\Symantec
2011-02-02 17:58:57 -------- d-----w- C:\Users\unseth\AppData\Local\ATI
2011-02-02 17:58:36 -------- d-----w- C:\Users\unseth\AppData\Local\VirtualStore
2011-02-02 17:58:00 -------- d-----w- C:\Program Files\eBay
2011-02-02 17:46:03 -------- d-----w- C:\Program Files (x86)\ATI Technologies
2011-02-02 17:45:52 0 ----a-w- C:\Windows\ativpsrm.bin
2011-02-02 17:45:11 -------- d-----w- C:\Program Files\ATI
2011-02-02 17:38:27 54824 ----a-w- C:\Windows\agrsmdel.exe
2011-02-02 17:38:27 29184 ----a-w- C:\Windows\agrdel64.exe
2011-02-02 17:38:27 14336 ----a-w- C:\Windows\System32\agrsco64.dll
2011-02-02 17:38:27 1253376 ----a-w- C:\Windows\System32\drivers\agrsm64.sys

==================== Find3M ====================

2011-02-02 20:41:00 525792 ----a-w- C:\Windows\DIFxAPI.dll
2011-02-02 20:30:37 172080 ----a-w- C:\Windows\System32\drivers\SYMEVENT64x86.SYS
2010-12-28 15:26:13 462848 ----a-w- C:\Windows\System32\odbc32.dll
2010-12-28 14:57:35 409600 ----a-w- C:\Windows\SysWow64\odbc32.dll

============= FINISH: 22:26:42.97 ===============
UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
IF REQUESTED, ZIP IT UP & ATTACH IT

DDS (Ver_10-12-12.02)

Microsoft® Windows Vista™ Home Premium
Boot Device: \Device\HarddiskVolume2
Install Date: 2/2/2011 11:48:36 AM
System Uptime: 2/3/2011 10:15:39 PM (0 hours ago)

Motherboard: Gateway | | RS780
Processor: AMD Phenom™ 9150e Quad-Core Processor | AM2 | 1800/200mhz

==== Disk Partitions =========================

C: is FIXED (NTFS) - 586 GiB total, 525.6 GiB free.
D: is CDROM (CDFS)
E: is Removable
F: is Removable
G: is Removable
H: is Removable

==== Disabled Device Manager Items =============

==== System Restore Points ===================


==== Installed Programs ======================

2007 Microsoft Office Suite Service Pack 1 (SP1)
Adobe AIR
Adobe Flash Player 10 ActiveX
Adobe Reader 8.1.2
AppCore
Backup
Catalyst Control Center - Branding
Catalyst Control Center Core Implementation
Catalyst Control Center Graphics Full Existing
Catalyst Control Center Graphics Full New
Catalyst Control Center Graphics Light
Catalyst Control Center Graphics Previews Vista
Catalyst Control Center Localization Danish
Catalyst Control Center Localization Dutch
Catalyst Control Center Localization Finnish
Catalyst Control Center Localization French
Catalyst Control Center Localization German
Catalyst Control Center Localization Italian
Catalyst Control Center Localization Japanese
Catalyst Control Center Localization Norwegian
Catalyst Control Center Localization Spanish
Catalyst Control Center Localization Swedish
ccc-core-static
CCC Help Danish
CCC Help Dutch
CCC Help English
CCC Help Finnish
CCC Help French
CCC Help German
CCC Help Italian
CCC Help Japanese
CCC Help Norwegian
CCC Help Spanish
CCC Help Swedish
ccCommon
Compatibility Pack for the 2007 Office system
CyberLink LabelPrint
CyberLink MediaShow
CyberLink Power2Go
Gateway Games
Gateway Recovery Management
GearDrvs
Google Chrome
Google Toolbar for Internet Explorer
Google Update Helper
HiJackThis
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB953595)
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB958484)
LiveUpdate (Symantec Corporation)
Malwarebytes' Anti-Malware
Marvell Miniport Driver
McAfee Security Scan Plus
Microsoft Money Essentials
Microsoft Money Shared Libraries
Microsoft Office Excel MUI (English) 2007
Microsoft Office Home and Student 2007
Microsoft Office OneNote MUI (English) 2007
Microsoft Office PowerPoint MUI (English) 2007
Microsoft Office PowerPoint Viewer 2007 (English)
Microsoft Office Proof (English) 2007
Microsoft Office Proof (French) 2007
Microsoft Office Proof (Spanish) 2007
Microsoft Office Proofing (English) 2007
Microsoft Office Shared MUI (English) 2007
Microsoft Office Shared Setup Metadata MUI (English) 2007
Microsoft Office Suite Activation Assistant
Microsoft Office Word MUI (English) 2007
Microsoft Visual C++ 2005 Redistributable
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
Microsoft Works
Norton 360
Norton 360 (Symantec Corporation)
Norton 360 HTMLHelp
Norton Confidential Core
Realtek USB 2.0 Card Reader
Skins
Smart Copy 3.1.1.1
Symantec Technical Support Controls
Update for Office 2007 (KB946691)
Windows Live OneCare safety scanner
WUR0817 Keyboard Driver

==== End Of File ===========================

Again... the computer has not crashed lately, so it seems better. What next?

#7 fireman4it

fireman4it

    Bleepin' Fireman


  • Malware Response Team
  • 13,512 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Greenup, Ill USA
  • Local time:09:04 AM

Posted 04 February 2011 - 12:09 AM

Congradulations your log is clean!



We need to clean up our mess:
Download and Run OTC

We will now remove the tools we used during this fix using OTC.

  • Download OTC by OldTimer and save it to your desktop.
  • Double click Posted Image icon to start the program. If you are using Vista, please right-click and choose run as administrator
  • Then Click the big Posted Image button.
  • You will get a prompt saying "Being Cleanup Process". Please select Yes.
  • Restart your computer when prompted.






For a nice list of freeware programmes in all categories, please have a look at this thread with freeware products that are regarded as useful by the users of this forum: Commonly Used Freeware Replacements.
Please also have a look at the following links, giving some advice and suggestions for preventing future infections:
Now you should Set a New Restore Point to prevent possible reinfection from an old one. Some of the malware you picked up could have been saved in System Restore. Since System Restore is a protected directory, your tools can not access it to delete these bad files which sometimes can reinfect your system. Setting a new restore point AFTER cleaning your system will help prevent this and enable your computer to "roll-back" to a clean working state.
The easiest and safest way to do this is:
  • Go to Start > Programs > Accessories > System Tools and click "System Restore".
  • Choose the radio button marked "Create a Restore Point" on the first screen then click "Next". Give the R.P. a name then click "Create". The new point will be stamped with the current date and time. Keep a log of this so you can find it easily should you need to use System Restore.
  • Then go to Start > Run and type: Cleanmgr
  • Click "OK".
  • Click the "More Options" Tab.
  • Click "Clean Up" in the System Restore section to remove all previous restore points except the newly created one.
I recommend you regularly visit the Windows Update Site , you where lagging behind on a few of them!
  • Lots of Hacking/Trojans use the methods found (plugged by the updates) that have not been stopped by people not updating.
  • By updating your machine, you have one less headache! Posted Image
  • Update ALL Critical updates and any other Windows updates for services/programs that you use.
  • If you wish, you can also use automatic updates. This is a good thing to have if you want to be up-to-date all the time, but can also be a bit of an annoyance due to its handling and the sizes of the updates. If you wish to turn on automatic updates then you will find here is a nice little article about turning on automatic updates.
  • Note that it will download them for you, but you still have to actually click install.
  • If you do not want to have automatic updates turned on, or are on dial-up, you can always download updates seperately at: http://windowsupdate.microsoft.com.
It is also a good idea to check for the latest versions of commonly installed applications that are regularly patched to fix vulnerabilities. You can check these by visiting Secunia Software Inspector and Calendar of Updates.

Another recommend, is to download HostMan. It safeguards you with a regularly updated Hosts-file that blocks dangerous sites from opening. This adds another bit of safety while surfing the Internet. For installlation and setting up, follow these steps:
  • Double-click the Downloaded installer and install the tool to a location of your choice
  • Via the Startmenu, navigate to HostsMan and run the program.
    • Click "Hosts" in the menu
    • Click "Manage Updates" in the submenu
    • Out of the three, select atleast one of the three (I have MVPS Host as my main one)
    • Click "Add Update." After that you will only need to click on the following button to retrieve updates:
      Posted Image
  • Click the X to exit the program.
  • Note: If you were using a custom Hosts file you will need to replace any of those entries yourself.

Finally, and definitely the MOST IMPORTANT step, click on the following tutorial and follow each step listed there:

Simple and easy ways to keep your computer safe and secure on the Internet

Glad I was able to help and if there any other problems related to your computer please feel free to post them in the appropriate forum. Though we help people with spyware and viruses here at BC, we also help people with other computer problems! Do not forget to tell your friends about us!

" Extinguishing Malware from the world"

The Virus, Trojan, Spyware, and Malware Removal forum is very busy. If I'm helping you and I've not posted back within 24 hrs., send a PM with your topic link. Thank you.

ALL OTHER HELP REQUESTS VIA THE PM SYSTEM WILL BE IGNORED. The Forums are there for a reason!
Thanks-


  userbar_eis_500.gif

If I have helped you, consider making a donation to help me continue the fight against Malware! Just click btn_donate_LG.gif


#8 fireman4it

fireman4it

    Bleepin' Fireman


  • Malware Response Team
  • 13,512 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Greenup, Ill USA
  • Local time:09:04 AM

Posted 05 February 2011 - 12:04 PM

It appears that this issue is resolved, therefore I am closing the topic. If that is not the case and you need or wish to continue with this topic, please send me or any Moderator a Personal Message (PM) that you would like this topic re-opened.

" Extinguishing Malware from the world"

The Virus, Trojan, Spyware, and Malware Removal forum is very busy. If I'm helping you and I've not posted back within 24 hrs., send a PM with your topic link. Thank you.

ALL OTHER HELP REQUESTS VIA THE PM SYSTEM WILL BE IGNORED. The Forums are there for a reason!
Thanks-


  userbar_eis_500.gif

If I have helped you, consider making a donation to help me continue the fight against Malware! Just click btn_donate_LG.gif





0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users