Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Infected w/ Browser Hijack (unknown, no identifying traits) and getting random BSODs


  • This topic is locked This topic is locked
21 replies to this topic

#1 esmith972

esmith972

  • Members
  • 12 posts
  • OFFLINE
  •  
  • Local time:11:49 PM

Posted 19 February 2011 - 02:44 PM

Help! I've been infected w/ a browser hijacker and that is causing redirects and random BSODs. I'm sorry but I don't know any specifics about the hijacker.



DDS (Ver_10-12-12.02) - NTFSx86
Run by Eric at 13:09:46.15 on Fri 02/18/2011
Internet Explorer: 8.0.7600.16385
Microsoft Windows 7 Ultimate 6.1.7600.0.1252.1.1033.18.3326.1629 [GMT -6:00]

SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

============== Running Processes ===============

C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\nvvsvc.exe
C:\Windows\system32\svchost.exe -k RPCSS
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k LocalService
C:\Program Files\NVIDIA Corporation\Display\NvXDSync.exe
C:\Windows\system32\nvvsvc.exe
C:\Program Files\Cisco\Cisco AnyConnect VPN Client\vpnagent.exe
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Program Files\Cisco Systems\VPN Client\cvpnd.exe
C:\Program Files\EASEUS\Todo Backup 2.0\bin\Agent.exe
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Program Files\Common Files\Motive\McciCMService.exe
C:\Windows\System32\svchost.exe -k LocalServicePeerNet
C:\Windows\system32\Dwm.exe
C:\Windows\system32\PnkBstrA.exe
C:\Windows\system32\taskhost.exe
C:\Windows\Explorer.EXE
C:\Program Files\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
C:\Windows\system32\svchost.exe -k imgsvc
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
C:\Windows\system32\SearchIndexer.exe
C:\Program Files\AIM\aim.exe
C:\Program Files\Skype\Phone\Skype.exe
E:\Steam\Steam.exe
C:\Users\Eric\Local Settings\Apps\F.lux\flux.exe
C:\Program Files\Spark\Spark.exe
C:\Program Files\Logitech\SetPoint\SetPoint.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
C:\BTGUARD\myentunnel.exe
C:\Users\Eric\AppData\Roaming\Dropbox\bin\Dropbox.exe
C:\Program Files\Common Files\Logitech\khalshared\KHALMNPR.EXE
C:\BTGUARD\plink.exe
C:\Program Files\Rockstar Games\Rockstar Games Social Club\1_0_0_0\RGSC.exe
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\Program Files\Skype\Plugin Manager\skypePM.exe
C:\Windows\system32\DllHost.exe
C:\Windows\Microsoft.Net\Framework\v3.0\WPF\PresentationFontCache.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Windows\Notepad.exe
C:\Program Files\Common Files\Intuit\Update Service\IntuitUpdateService.exe
C:\Windows\System32\svchost.exe -k secsvcs
C:\Users\Eric\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Eric\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Eric\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Eric\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Windows\system32\NOTEPAD.EXE
C:\Users\Eric\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Eric\AppData\Local\Temp\9740.tmp\MBR.DAT
C:\Users\Eric\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Eric\Downloads\dds.scr
C:\Windows\system32\conhost.exe
C:\Windows\system32\wbem\wmiprvse.exe

============== Pseudo HJT Report ===============

uStart Page = about:blank
uSearch Bar = Preserve
BHO: Windows Live ID Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - c:\program files\common files\microsoft shared\windows live\WindowsLiveLogin.dll
BHO: Skype Plug-In: {ae805869-2e5c-4ed4-8f7b-f1f7851a4497} - c:\program files\skype\toolbars\internet explorer\skypeieplugin.dll
BHO: Java™ Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
TB: {9D425283-D487-4337-BAB6-AB8354A81457} - No File
uRun: [Aim] "c:\program files\aim\aim.exe" /d locale=en-US
uRun: [Skype] "c:\program files\skype\phone\Skype.exe" /nosplash /minimized
uRun: [DAEMON Tools Lite] "c:\program files\daemon tools lite\DTLite.exe" -autorun
uRun: [Steam] "e:\steam\Steam.exe" -silent
uRun: [F.lux] "c:\users\eric\local settings\apps\f.lux\flux.exe" /noshow
uRun: [C:!Users!Eric!AppData!Local!Google!Chrome!User Data_service_run] "c:\users\eric\appdata\local\google\chrome\application\chrome.exe" --type=service
uRun: [RGSC] c:\program files\rockstar games\rockstar games social club\RGSCLauncher.exe /silent
uRun: [Google Update] "c:\users\eric\appdata\local\google\update\GoogleUpdate.exe" /c
uRun: [Spark] c:\program files\spark\Spark.exe
mRun: [Kernel and Hardware Abstraction Layer] KHALMNPR.EXE
StartupFolder: c:\users\eric\appdata\roaming\micros~1\windows\startm~1\programs\startup\btguar~2.lnk - c:\btguard\myentunnel.exe
StartupFolder: c:\users\eric\appdata\roaming\micros~1\windows\startm~1\programs\startup\dropbox.lnk - c:\users\eric\appdata\roaming\dropbox\bin\Dropbox.exe
StartupFolder: c:\progra~2\micros~1\windows\startm~1\programs\startup\logite~1.lnk - c:\program files\logitech\setpoint\SetPoint.exe
mPolicies-system: ConsentPromptBehaviorAdmin = 0 (0x0)
mPolicies-system: ConsentPromptBehaviorUser = 3 (0x3)
mPolicies-system: EnableLUA = 0 (0x0)
mPolicies-system: EnableUIADesktopToggle = 0 (0x0)
mPolicies-system: PromptOnSecureDesktop = 0 (0x0)
IE: {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - c:\program files\skype\toolbars\internet explorer\skypeieplugin.dll
Trusted Zone: intuit.com\ttlc
DPF: 55963676-2F5E-4BAF-AC28-CF26AA587566 - vpnweb.cab
DPF: {03A89EFD-E023-A200-A22D-45F77558EB4C} - hxxps://content10.ilinc.com/download/AXCltInstall.dll
DPF: {1E54D648-B804-468d-BC78-4AFFED8E262F} - hxxp://www.nvidia.com/content/DriverDownload/srl/3.0.0.4/srl_bin/sysreqlab_nvd.cab
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab
DPF: {A084A130-28AE-4B32-B51A-1C8CE164BC88} - hxxp://www.convergysworkathome.com/AppHardT.CAB
DPF: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab
DPF: {E0FEE963-BB53-4215-81AD-B28C77384644} - hxxps://pattcw.att.motive.com/wizlet/DSLActivation/static/installer/ATTInternetInstaller.cab
DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
TCP: {7BE2EFFF-C1CF-4358-8E64-91AE21FB0FD0} = 204.57.81.36,209.163.253.2
TCP: {FE5EC94F-914B-4AF0-B0CE-C31CC427D78D} = 8.8.8.8,8.8.4.4
Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - c:\program files\skype\toolbars\internet explorer\skypeieplugin.dll
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - c:\progra~1\common~1\skype\SKYPE4~1.DLL
Hosts: 127.0.0.1 www.spywareinfo.com

================= FIREFOX ===================

FF - ProfilePath - c:\users\eric\appdata\roaming\mozilla\firefox\profiles\bn5oka96.default\
FF - prefs.js: network.proxy.http - 127.0.0.1
FF - prefs.js: network.proxy.http_port - 59677
FF - prefs.js: network.proxy.type - 0
FF - plugin: c:\program files\common files\motive\npMotive.dll
FF - plugin: c:\program files\foxit software\foxit reader\plugins\npFoxitReaderPlugin.dll
FF - plugin: c:\program files\google\google earth\plugin\npgeplugin.dll
FF - plugin: c:\program files\google\update\1.2.183.39\npGoogleOneClick8.dll
FF - plugin: c:\program files\java\jre6\bin\new_plugin\npdeployJava1.dll
FF - plugin: c:\program files\mozilla firefox\plugins\npdnu.dll
FF - plugin: c:\program files\mozilla firefox\plugins\npdnupdater2.dll
FF - plugin: c:\program files\nvidia corporation\3d vision\npnv3dv.dll
FF - plugin: c:\program files\nvidia corporation\3d vision\npnv3dvstreaming.dll
FF - plugin: c:\program files\onlive\firefoxplugin\npolgdet.dll
FF - plugin: c:\users\eric\appdata\local\google\update\1.2.183.39\npGoogleOneClick8.dll
FF - plugin: c:\users\eric\appdata\roaming\mozilla\firefox\profiles\bn5oka96.default\extensions\battlefieldplay4free@ea.com\platform\winnt_x86-msvc\plugins\npBP4FUpdater.dll
FF - plugin: c:\users\eric\appdata\roaming\mozilla\plugins\npgoogletalk.dll
FF - plugin: c:\users\eric\appdata\roaming\mozilla\plugins\npgtpo3dautoplugin.dll
FF - plugin: c:\windows\system32\wat\npWatWeb.dll
FF - Ext: Default: {972ce4c6-7e08-4474-a285-3208198ce6fd} - c:\program files\mozilla firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
FF - Ext: Battlefield Play4Free: battlefieldplay4free@ea.com - %profile%\extensions\battlefieldplay4free@ea.com

---- FIREFOX POLICIES ----
FF - user.js: network.protocol-handler.warn-external.dnupdate - false
============= SERVICES / DRIVERS ===============

R0 EUBAKUP;EUBAKUP;c:\windows\system32\drivers\eubakup.sys [2011-1-7 31112]
R0 EUFS;EUFS;c:\windows\system32\drivers\eufs.sys [2011-1-7 21896]
R1 EUDSKACS;EUDSKACS;c:\windows\system32\drivers\eudskacs.sys [2011-1-7 15240]
R2 EASEUS Agent;EASEUS Agent;c:\program files\easeus\todo backup 2.0\bin\Agent.exe [2011-1-7 55688]
R2 Stereo Service;NVIDIA Stereoscopic 3D Driver Service;c:\program files\nvidia corporation\3d vision\nvSCPAPISvr.exe [2010-10-16 369256]
R2 vpnagent;Cisco AnyConnect VPN Agent;c:\program files\cisco\cisco anyconnect vpn client\vpnagent.exe [2009-12-17 497856]
R3 dtsoftbus01;DAEMON Tools Virtual Bus Driver;c:\windows\system32\drivers\dtsoftbus01.sys [2011-1-12 218176]
R3 EuDisk;EASEUS Disk Enumerator;c:\windows\system32\drivers\EuDisk.sys [2011-1-7 188296]
R3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\drivers\Rt86win7.sys [2009-6-10 139776]
R3 WSDPrintDevice;WSD Print Support via UMB;c:\windows\system32\drivers\WSDPrint.sys [2009-7-13 17920]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\microsoft.net\framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
S2 gupdate;Google Update Service (gupdate);c:\program files\google\update\GoogleUpdate.exe [2011-2-2 136176]
S3 b57nd60x;Broadcom NetXtreme Gigabit Ethernet - NDIS 6.0;c:\windows\system32\drivers\b57nd60x.sys [2009-7-13 229888]
S3 epmntdrv;epmntdrv;c:\windows\system32\epmntdrv.sys [2011-1-5 14216]
S3 EuGdiDrv;EuGdiDrv;c:\windows\system32\EuGdiDrv.sys [2011-1-5 8456]
S3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\wat\WatAdminSvc.exe [2010-12-21 1343400]

=============== Created Last 30 ================

2011-02-17 05:45:38 -------- d-----w- c:\program files\Trend Micro
2011-02-17 02:52:27 -------- d-----w- c:\program files\Spybot - Search & Destroy
2011-02-17 02:52:27 -------- d-----w- c:\progra~2\Spybot - Search & Destroy
2011-02-15 05:00:08 5890896 ----a-w- c:\progra~2\microsoft\windows defender\definition updates\{04a02815-3a07-4a46-8446-5c8fc3eacfdb}\mpengine.dll
2011-02-15 04:49:27 -------- d-----w- c:\users\eric\appdata\roaming\Malwarebytes
2011-02-15 04:49:19 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2011-02-15 04:49:19 -------- d-----w- c:\progra~2\Malwarebytes
2011-02-15 04:49:16 20952 ----a-w- c:\windows\system32\drivers\mbam.sys
2011-02-15 04:49:16 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2011-02-12 19:45:10 -------- d-----w- c:\program files\SpeedFan
2011-02-11 04:48:01 819200 ----a-w- c:\windows\system32\xvidcore.dll
2011-02-11 04:48:01 77824 ----a-w- c:\windows\system32\xvid.ax
2011-02-11 04:48:01 180224 ----a-w- c:\windows\system32\xvidvfw.dll
2011-02-11 04:48:01 -------- d-----w- c:\program files\Xvid
2011-02-11 04:37:46 -------- d-----w- c:\users\eric\appdata\local\Sony
2011-02-11 04:35:09 -------- d-----w- c:\program files\Sony
2011-02-11 01:27:52 -------- d-----w- c:\users\eric\appdata\local\xboot
2011-02-10 17:42:35 -------- d-----w- C:\pebuilder3110a
2011-02-09 16:39:03 -------- d-----w- c:\users\eric\appdata\roaming\uTorrent
2011-02-09 16:39:00 -------- d-----w- c:\program files\uTorrent
2011-02-09 16:38:30 -------- d-----w- c:\users\eric\appdata\local\uTorrent
2011-02-07 19:29:20 179712 ----a-w- c:\windows\notepad.exe.bak
2011-02-04 03:49:13 5890896 ----a-w- c:\progra~2\microsoft\windows defender\definition updates\backup\mpengine.dll
2011-02-03 19:05:01 454656 ----a-w- c:\windows\putty.exe
2011-02-03 18:02:00 -------- d-----w- c:\users\eric\appdata\roaming\TightVNC
2011-02-03 18:01:51 -------- d-----w- c:\program files\TightVNC
2011-02-03 17:49:56 -------- d-----w- c:\users\eric\.sshterm
2011-02-03 17:49:56 -------- d-----w- c:\users\eric\.ssh
2011-02-01 21:24:46 -------- d-----w- c:\users\eric\appdata\local\iLinc
2011-02-01 21:24:07 -------- d-----w- c:\program files\iLinc
2011-01-27 17:05:23 -------- d-----w- c:\users\eric\appdata\local\CrashRpt
2011-01-27 17:03:57 -------- d-----w- c:\windows\system32\directx
2011-01-26 21:35:21 -------- d-----w- c:\users\eric\appdata\roaming\Intuit
2011-01-26 21:35:15 -------- d-----w- c:\program files\common files\AnswerWorks 5.0
2011-01-26 21:30:40 -------- d-----w- c:\users\eric\appdata\local\IsolatedStorage
2011-01-26 21:30:37 -------- d-----w- c:\program files\common files\Intuit
2011-01-26 21:30:22 -------- d-----w- c:\program files\TurboTax
2011-01-26 21:30:02 -------- d-----w- c:\progra~2\Intuit
2011-01-26 05:06:10 -------- d-----w- C:\GameCreate
2011-01-24 05:23:19 107888 ----a-w- c:\windows\system32\CmdLineExt.dll
2011-01-24 04:59:48 -------- d-----w- c:\program files\Rockstar Games
2011-01-23 02:11:45 -------- d-----w- c:\users\eric\appdata\roaming\Dropbox
2011-01-21 05:17:47 69632 ----a-w- c:\windows\system32\KemXML.dll
2011-01-21 05:17:47 163840 ----a-w- c:\windows\system32\kemutb.dll
2011-01-21 05:17:47 135168 ----a-w- c:\windows\system32\KemUtil.dll
2011-01-21 05:17:47 110592 ----a-w- c:\windows\system32\KemWnd.dll
2011-01-21 05:17:10 -------- d-----w- c:\program files\common files\Logitech
2011-01-21 05:16:56 32768 ----a-w- c:\program files\common files\installshield\professional\runtime\Objectps.dll
2011-01-21 05:16:55 753664 ----a-w- c:\program files\common files\installshield\professional\runtime\11\00\intel32\iKernel.dll
2011-01-21 05:16:55 69714 ----a-w- c:\program files\common files\installshield\professional\runtime\11\00\intel32\ctor.dll
2011-01-21 05:16:55 5632 ----a-w- c:\program files\common files\installshield\professional\runtime\11\00\intel32\DotNetInstaller.exe
2011-01-21 05:16:55 274432 ----a-w- c:\program files\common files\installshield\professional\runtime\11\00\intel32\iscript.dll
2011-01-21 05:16:55 200836 ----a-w- c:\program files\common files\installshield\professional\runtime\11\00\intel32\iGdi.dll
2011-01-21 05:16:55 184320 ----a-w- c:\program files\common files\installshield\professional\runtime\11\00\intel32\iuser.dll
2011-01-21 05:16:54 331908 ----a-w- c:\program files\common files\installshield\professional\runtime\11\00\intel32\setup.dll

==================== Find3M ====================

2011-02-16 03:39:03 270904 ----a-w- c:\windows\system32\PnkBstrB.xtr
2011-02-16 03:39:03 270904 ----a-w- c:\windows\system32\PnkBstrB.exe
2011-02-15 02:59:08 270904 ----a-w- c:\windows\system32\PnkBstrB.ex0
2011-02-02 23:11:20 222080 ------w- c:\windows\system32\MpSigStub.exe
2011-01-23 01:39:04 75136 ----a-w- c:\windows\system32\PnkBstrA.exe
2011-01-19 02:20:52 22328 ----a-w- c:\users\eric\appdata\roaming\PnkBstrK.sys
2011-01-19 02:20:34 2250024 ----a-w- c:\windows\system32\pbsvc.exe
2010-12-29 23:03:51 80 --sh--r- c:\windows\system32\BAC157B930.dll
2010-12-26 23:38:44 18824 ----a-w- c:\windows\system32\fbnative.exe
2010-12-13 16:33:20 440808 ----a-w- c:\windows\system32\AppHardT.dll
2010-12-08 16:36:46 348160 ----a-w- c:\windows\msvcr71.dll
2010-11-30 04:36:38 445016 ----a-w- c:\windows\system32\wrap_oal.dll
2010-11-30 04:36:38 109144 ----a-w- c:\windows\system32\OpenAL32.dll
2010-11-26 21:27:12 581192 ----a-w- c:\windows\system32\WinUSBCoInstaller.dll
2010-11-26 21:27:11 1112288 ----a-w- c:\windows\system32\WdfCoInstaller01007.dll
2010-11-26 20:58:21 472808 ----a-w- c:\windows\system32\deployJava1.dll

============= FINISH: 13:10:16.21 ===============

Attached Files



BC AdBot (Login to Remove)

 


#2 CatByte

CatByte

    bleepin' tiger


  • Malware Response Team
  • 14,664 posts
  • OFFLINE
  •  
  • Gender:Not Telling
  • Location:Canada
  • Local time:01:49 AM

Posted 21 February 2011 - 06:00 PM

Hi,

Please do the following

Refer to the ComboFix User's Guide

  • Download ComboFix from one of these locations:

    Link 1
    Link 2

    * IMPORTANT !!! Place ComboFix.exe on your Desktop
  • Disable your AntiVirus and AntiSpyware applications, usually via a right click on the System Tray icon. They may otherwise interfere with ComboFix.


    You can get help on disabling your protection programs here
  • Double click on ComboFix.exe & follow the prompts.
  • Your desktop may go blank. This is normal. It will return when ComboFix is done. ComboFix may reboot your machine. This is normal.
  • When finished, it shall produce a log for you. Post that log in your next reply

    Note:
    Do not mouseclick combofix's window whilst it's running. That may cause it to stall.


    ---------------------------------------------------------------------------------------------
  • Ensure your AntiVirus and AntiSpyware applications are re-enabled.

    ---------------------------------------------------------------------------------------------

Microsoft MVP - 2010, 2011, 2012, 2013, 2014, 2015


#3 esmith972

esmith972
  • Topic Starter

  • Members
  • 12 posts
  • OFFLINE
  •  
  • Local time:11:49 PM

Posted 21 February 2011 - 10:49 PM

For some reason when I try to run ComboFix my computer just BSOD's out ("screenshot" attached) and when I try to log into safe mode it says something about User Control Service not running (not sure of the exact error message as every time I log in now it just locks up).

[EDIT] Oh yeah, it also kept telling me I had a corrupt version of ComboFix no matter what I did. I even downloaded it on my phone and copied it to the desktop and it wouldn't work.

Attached Files


Edited by esmith972, 21 February 2011 - 10:51 PM.


#4 CatByte

CatByte

    bleepin' tiger


  • Malware Response Team
  • 14,664 posts
  • OFFLINE
  •  
  • Gender:Not Telling
  • Location:Canada
  • Local time:01:49 AM

Posted 21 February 2011 - 10:56 PM

Did it say anything about an infection called "virut"?

please do the following:

  • Please go to VirSCAN.org FREE on-line scan service
  • Copy and paste the following file path into the "Suspicious files to scan" box on the top of the page:


    c:\windows\system32\userinit.exe

  • Click on the Upload button
  • If a pop-up appears saying the file has been scanned already, please select the ReScan button.
  • Once the Scan is completed, click on the "Copy to Clipboard" button. This will copy the link of the report into the Clipboard.
  • Paste the contents of the Clipboard in your next reply.

Please do the same for the following files:

c:\windows\explorer.exe
c:\windows\system32\ctfmon.exe
c:\windows\system32\spoolsv.exe



If all those files come back as clean, then delete the copy of combofix that you have, download a fresh copy but rename it to iexplore before saving it to your desktop and try running it again.

Microsoft MVP - 2010, 2011, 2012, 2013, 2014, 2015


#5 esmith972

esmith972
  • Topic Starter

  • Members
  • 12 posts
  • OFFLINE
  •  
  • Local time:11:49 PM

Posted 21 February 2011 - 11:36 PM

Below are the scans (which came back clean on each one). Unfortunately I can no longer run ComboFix without the PC crashing. The only way I could get it to run properly was by logging into the guest account and that's how I got the error saying it was corrupt. I also tried the IExplore.exe trick but it resulted in the same thing, a BSOD or it saying it was corrupt.

VirSCAN.org Scanned Report :
Scanned time   : 2011/02/21 22:14:22 (CST)
Scanner results: Scanners did not find malware!
File Name      : explorer.exe
File Size      : 2614272 byte
File Type      : PE32 executable for MS Windows (GUI) Intel 80386 32-bit
MD5            : 2626fc9755be22f805d3cfa0ce3ee727
SHA1           : d76db4dcd710be9c3314cff94824933847565372
Online report  : http://virscan.org/report/580c0f6de56abc99f58a34f8ffd81149.html

Scanner        Engine Ver      Sig Ver           Sig Date    Time   Scan result
a-squared      5.1.0.2         20110216210205    2011-02-16  0.40   -
AhnLab V3      2011.02.22.00   2011.02.22        2011-02-22  1.44   -
AntiVir        8.2.4.170       7.11.3.172        2011-02-21  0.28   -
Antiy          2.0.18          20110217.7833565  2011-02-17  0.02   -
Arcavir        2010            201102221211      2011-02-22  0.28   -
Authentium     5.1.1           201102211027      2011-02-21  3.11   -
AVAST!         4.7.4           110221-1          2011-02-21  0.14   -
AVG            8.5.850         271.1.1/3458      2011-02-22  0.28   -
BitDefender    7.90123.6670571 7.36365           2011-02-22  6.28   -
ClamAV         0.96.5          12747             2011-02-22  0.76   -
Comodo         4.0             7766              2011-02-21  1.09   -
CP Secure      1.3.0.5         2011.02.20        2011-02-20  0.50   -
Dr.Web         5.0.2.3300      2011.02.22        2011-02-22  11.31  -
F-Prot         4.4.4.56        20110221          2011-02-21  2.89   -
F-Secure       7.02.73807      2011.02.21.04     2011-02-21  0.14   -
Fortinet       4.2.254         12.921            2011-02-21  0.65   -
GData          21.1854/21.703  20110222          2011-02-22  9.99   -
ViRobot        20110221        2011.02.21        2011-02-21  0.38   -
Ikarus         T3.1.32.15.0    2011.02.21.77781  2011-02-21  4.88   -
JiangMin       13.0.900        2011.02.21        2011-02-21  1.48   -
Kaspersky      5.5.10          2011.02.21        2011-02-21  0.15   -
KingSoft       2009.2.5.15     2011.2.22.9       2011-02-22  0.82   -
McAfee         5400.1158       6264              2011-02-21  9.73   -
Microsoft      1.6502          2011.02.22        2011-02-22  4.37   -
NOD32          3.0.21          5893              2011-02-21  0.01   -
Norman         6.07.03         6.07.00           2011-02-21  12.01  -
Panda          9.05.01         2011.02.21        2011-02-21  6.41   -
Trend Micro    9.200-1012      7.852.01          2011-02-21  0.04   -
Quick Heal     11.00           2011.02.21        2011-02-21  2.29   -
Rising         20.0            23.46.00.06       2011-02-21  2.71   -
Sophos         3.16.1          4.62              2011-02-22  5.91   -
Sunbelt        3.9.2474.2      8499              2011-02-21  0.73   -
Symantec       1.3.0.24        20110221.002      2011-02-21  0.24   -
nProtect       20110222.01     3198871           2011-02-22  7.66   -
The Hacker     6.7.0.1         v00136            2011-02-21  0.59   -
VBA32          3.12.14.3       20110220.2114     2011-02-20  5.15   -
VirusBuster    5.2.0.28        13.6.212.0/45322372011-02-21  0.00   -




VirSCAN.org Scanned Report :
Scanned time   : 2011/02/21 22:18:43 (CST)
Scanner results: Scanners did not find malware!
File Name      : userinit.exe
File Size      : 26112 byte
File Type      : PE32 executable for MS Windows (GUI) Intel 80386 32-bit
MD5            : 6de80f60d7de9ce6b8c2ddfdf79ef175
SHA1           : 8d439a6186ff526403989ac217dfe8e3a2d8bc2c
Online report  : http://virscan.org/report/0a7e5a65fb944efbc8ca9ecbb00cd719.html

Scanner        Engine Ver      Sig Ver           Sig Date    Time   Scan result
a-squared      5.1.0.2         20110216210205    2011-02-16  0.30   -
AhnLab V3      2011.02.22.00   2011.02.22        2011-02-22  1.63   -
AntiVir        8.2.4.170       7.11.3.172        2011-02-21  0.28   -
Antiy          2.0.18          20110217.7833565  2011-02-17  0.02   -
Arcavir        2010            201102221211      2011-02-22  0.05   -
Authentium     5.1.1           201102211027      2011-02-21  1.47   -
AVAST!         4.7.4           110221-1          2011-02-21  0.01   -
AVG            8.5.850         271.1.1/3458      2011-02-22  0.26   -
BitDefender    7.90123.6670571 7.36365           2011-02-22  6.28   -
ClamAV         0.96.5          12751             2011-02-22  0.01   -
Comodo         4.0             7766              2011-02-21  1.06   -
CP Secure      1.3.0.5         2011.02.20        2011-02-20  0.04   -
Dr.Web         5.0.2.3300      2011.02.22        2011-02-22  10.75  -
F-Prot         4.4.4.56        20110221          2011-02-21  1.46   -
F-Secure       7.02.73807      2011.02.22.01     2011-02-22  0.07   -
Fortinet       4.2.254         12.921            2011-02-21  0.28   -
GData          21.1854/21.703  20110222          2011-02-22  8.33   -
ViRobot        20110221        2011.02.21        2011-02-21  0.38   -
Ikarus         T3.1.32.15.0    2011.02.22.77782  2011-02-22  4.89   -
JiangMin       13.0.900        2011.02.21        2011-02-21  1.42   -
Kaspersky      5.5.10          2011.02.21        2011-02-21  0.10   -
KingSoft       2009.2.5.15     2011.2.22.9       2011-02-22  0.75   -
McAfee         5400.1158       6264              2011-02-21  8.00   -
Microsoft      1.6502          2011.02.22        2011-02-22  3.85   -
NOD32          3.0.21          5893              2011-02-21  0.01   -
Norman         6.07.03         6.07.00           2011-02-21  12.02  -
Panda          9.05.01         2011.02.21        2011-02-21  3.50   -
Trend Micro    9.200-1012      7.852.01          2011-02-21  0.03   -
Quick Heal     11.00           2011.02.21        2011-02-21  1.01   -
Rising         20.0            23.46.00.06       2011-02-21  2.05   -
Sophos         3.16.1          4.62              2011-02-22  3.34   -
Sunbelt        3.9.2474.2      8500              2011-02-21  0.97   -
Symantec       1.3.0.24        20110221.002      2011-02-21  0.06   -
nProtect       20110222.01     3198871           2011-02-22  6.62   -
The Hacker     6.7.0.1         v00136            2011-02-21  0.56   -
VBA32          3.12.14.3       20110220.2114     2011-02-20  3.98   -
VirusBuster    5.2.0.28        13.6.212.0/45322372011-02-21  0.00   -




VirSCAN.org Scanned Report :
Scanned time   : 2011/02/21 22:21:41 (CST)
Scanner results: Scanners did not find malware!
File Name      : ctfmon.exe
File Size      : 8704 byte
File Type      : PE32 executable for MS Windows (GUI) Intel 80386 32-bit
MD5            : 4a3cdcef8ed41b221f3dbef5792fb52d
SHA1           : 6c04499f7406e270b590374ef813c4012530273e
Online report  : http://virscan.org/report/fdbb915f1e281e1bd0563767d10ddf33.html

Scanner        Engine Ver      Sig Ver           Sig Date    Time   Scan result
a-squared      5.1.0.2         20110216210205    2011-02-16  0.34   -
AhnLab V3      2011.02.22.00   2011.02.22        2011-02-22  1.54   -
AntiVir        8.2.4.170       7.11.3.172        2011-02-21  0.28   -
Antiy          2.0.18          20110217.7833565  2011-02-17  0.02   -
Arcavir        2010            201102221211      2011-02-22  0.04   -
Authentium     5.1.1           201102211027      2011-02-21  1.49   -
AVAST!         4.7.4           110221-1          2011-02-21  0.00   -
AVG            8.5.850         271.1.1/3458      2011-02-22  0.25   -
BitDefender    7.90123.6670571 7.36365           2011-02-22  6.31   -
ClamAV         0.96.5          12751             2011-02-22  0.01   -
Comodo         4.0             7766              2011-02-21  1.06   -
CP Secure      1.3.0.5         2011.02.20        2011-02-20  0.03   -
Dr.Web         5.0.2.3300      2011.02.22        2011-02-22  10.97  -
F-Prot         4.4.4.56        20110221          2011-02-21  1.44   -
F-Secure       7.02.73807      2011.02.22.01     2011-02-22  12.06  -
Fortinet       4.2.254         12.921            2011-02-21  0.21   -
GData          21.1854/21.703  20110222          2011-02-22  8.23   -
ViRobot        20110221        2011.02.21        2011-02-21  0.38   -
Ikarus         T3.1.32.15.0    2011.02.22.77782  2011-02-22  4.89   -
JiangMin       13.0.900        2011.02.21        2011-02-21  1.44   -
Kaspersky      5.5.10          2011.02.21        2011-02-21  0.15   -
KingSoft       2009.2.5.15     2011.2.22.9       2011-02-22  0.90   -
McAfee         5400.1158       6264              2011-02-21  7.18   -
Microsoft      1.6502          2011.02.22        2011-02-22  3.83   -
NOD32          3.0.21          5893              2011-02-21  0.03   -
Norman         6.07.03         6.07.00           2011-02-21  10.01  -
Panda          9.05.01         2011.02.21        2011-02-21  2.36   -
Trend Micro    9.200-1012      7.852.01          2011-02-21  0.03   -
Quick Heal     11.00           2011.02.21        2011-02-21  0.96   -
Rising         20.0            23.46.00.06       2011-02-21  2.02   -
Sophos         3.16.1          4.62              2011-02-22  3.34   -
Sunbelt        3.9.2474.2      8500              2011-02-21  0.61   -
Symantec       1.3.0.24        20110221.002      2011-02-21  0.05   -
nProtect       20110222.01     3198871           2011-02-22  5.86   -
The Hacker     6.7.0.1         v00136            2011-02-21  0.46   -
VBA32          3.12.14.3       20110220.2114     2011-02-20  3.94   -
VirusBuster    5.2.0.28        13.6.212.0/45322372011-02-21  0.00   -




VirSCAN.org Scanned Report :
Scanned time   : 2011/02/21 22:25:00 (CST)
Scanner results: Scanners did not find malware!
File Name      : spoolsv.exe
File Size      : 316416 byte
File Type      : PE32 executable for MS Windows (GUI) Intel 80386 32-bit
MD5            : 49b6dd6ab3715b7a67965f17194e98a9
SHA1           : 748cce9f0ddad553aad3e695f10d6249fde953c2
Online report  : http://virscan.org/report/61c3f95fe5e82fd6a11b909aadf6dcc8.html

Scanner        Engine Ver      Sig Ver           Sig Date    Time   Scan result
a-squared      5.1.0.2         20110216210205    2011-02-16  0.32   -
AhnLab V3      2011.02.22.00   2011.02.22        2011-02-22  1.44   -
AntiVir        8.2.4.170       7.11.3.172        2011-02-21  0.30   -
Antiy          2.0.18          20110217.7833565  2011-02-17  0.02   -
Arcavir        2010            201102221211      2011-02-22  0.13   -
Authentium     5.1.1           201102211027      2011-02-21  2.35   -
AVAST!         4.7.4           110221-1          2011-02-21  0.03   -
AVG            8.5.850         271.1.1/3458      2011-02-22  0.26   -
BitDefender    7.90123.6670571 7.36365           2011-02-22  6.23   -
ClamAV         0.96.5          12751             2011-02-22  0.08   -
Comodo         4.0             7766              2011-02-21  1.05   -
CP Secure      1.3.0.5         2011.02.20        2011-02-20  0.08   -
Dr.Web         5.0.2.3300      2011.02.22        2011-02-22  10.95  -
F-Prot         4.4.4.56        20110221          2011-02-21  2.44   -
F-Secure       7.02.73807      2011.02.22.01     2011-02-22  11.65  -
Fortinet       4.2.254         12.921            2011-02-21  0.36   -
GData          21.1854/21.703  20110222          2011-02-22  7.61   -
ViRobot        20110221        2011.02.21        2011-02-21  0.44   -
Ikarus         T3.1.32.15.0    2011.02.22.77782  2011-02-22  4.87   -
JiangMin       13.0.900        2011.02.21        2011-02-21  1.51   -
Kaspersky      5.5.10          2011.02.21        2011-02-21  0.10   -
KingSoft       2009.2.5.15     2011.2.22.9       2011-02-22  0.77   -
McAfee         5400.1158       6264              2011-02-21  7.26   -
Microsoft      1.6502          2011.02.22        2011-02-22  5.99   -
NOD32          3.0.21          5893              2011-02-21  0.01   -
Norman         6.07.03         6.07.00           2011-02-21  10.02  -
Panda          9.05.01         2011.02.21        2011-02-21  2.42   -
Trend Micro    9.200-1012      7.852.01          2011-02-21  0.04   -
Quick Heal     11.00           2011.02.21        2011-02-21  1.08   -
Rising         20.0            23.46.00.06       2011-02-21  2.04   -
Sophos         3.16.1          4.62              2011-02-22  3.71   -
Sunbelt        3.9.2474.2      8500              2011-02-21  0.71   -
Symantec       1.3.0.24        20110221.002      2011-02-21  0.07   -
nProtect       20110222.01     3198871           2011-02-22  7.15   -
The Hacker     6.7.0.1         v00136            2011-02-21  0.64   -
VBA32          3.12.14.3       20110220.2114     2011-02-20  3.61   -
VirusBuster    5.2.0.28        13.6.212.0/45322372011-02-21  0.00   -

Edited by esmith972, 21 February 2011 - 11:37 PM.


#6 CatByte

CatByte

    bleepin' tiger


  • Malware Response Team
  • 14,664 posts
  • OFFLINE
  •  
  • Gender:Not Telling
  • Location:Canada
  • Local time:01:49 AM

Posted 22 February 2011 - 02:54 AM

Hi

Please run the following:


Please download TDSSKiller.zip
  • Extract it to your desktop
  • Double click TDSSKiller.exe
  • Press Start Scan
    • Only if Malicious objects are found then ensure Cure is selected
    • Then click Continue > Reboot now
  • Copy and paste the log in your next reply
    • A copy of the log will be saved automatically to the root of the drive (typically C:\)

Microsoft MVP - 2010, 2011, 2012, 2013, 2014, 2015


#7 esmith972

esmith972
  • Topic Starter

  • Members
  • 12 posts
  • OFFLINE
  •  
  • Local time:11:49 PM

Posted 22 February 2011 - 09:03 AM

I ran it again after rebooting and it didn't find the rootkit again so it seems to be gone.

2011/02/22 07:56:41.0919 6520	TDSS rootkit removing tool 2.4.18.0 Feb 21 2011 11:08:08
2011/02/22 07:56:42.0069 6520	================================================================================
2011/02/22 07:56:42.0069 6520	SystemInfo:
2011/02/22 07:56:42.0069 6520	
2011/02/22 07:56:42.0070 6520	OS Version: 6.1.7600 ServicePack: 0.0
2011/02/22 07:56:42.0070 6520	Product type: Workstation
2011/02/22 07:56:42.0070 6520	ComputerName: MEXICO
2011/02/22 07:56:42.0070 6520	UserName: Eric
2011/02/22 07:56:42.0070 6520	Windows directory: C:\Windows
2011/02/22 07:56:42.0070 6520	System windows directory: C:\Windows
2011/02/22 07:56:42.0070 6520	Processor architecture: Intel x86
2011/02/22 07:56:42.0070 6520	Number of processors: 3
2011/02/22 07:56:42.0070 6520	Page size: 0x1000
2011/02/22 07:56:42.0070 6520	Boot type: Normal boot
2011/02/22 07:56:42.0070 6520	================================================================================
2011/02/22 07:56:42.0858 6520	Initialize success
2011/02/22 07:56:46.0216 6528	================================================================================
2011/02/22 07:56:46.0216 6528	Scan started
2011/02/22 07:56:46.0216 6528	Mode: Manual; 
2011/02/22 07:56:46.0216 6528	================================================================================
2011/02/22 07:56:46.0891 6528	1394ohci        (6d2aca41739bfe8cb86ee8e85f29697d) C:\Windows\system32\DRIVERS\1394ohci.sys
2011/02/22 07:56:46.0937 6528	ACPI            (f0e07d144c8685b8774bc32fc8da4df0) C:\Windows\system32\DRIVERS\ACPI.sys
2011/02/22 07:56:46.0962 6528	AcpiPmi         (98d81ca942d19f7d9153b095162ac013) C:\Windows\system32\DRIVERS\acpipmi.sys
2011/02/22 07:56:46.0993 6528	adp94xx         (21e785ebd7dc90a06391141aac7892fb) C:\Windows\system32\DRIVERS\adp94xx.sys
2011/02/22 07:56:47.0027 6528	adpahci         (0c676bc278d5b59ff5abd57bbe9123f2) C:\Windows\system32\DRIVERS\adpahci.sys
2011/02/22 07:56:47.0059 6528	adpu320         (7c7b5ee4b7b822ec85321fe23a27db33) C:\Windows\system32\DRIVERS\adpu320.sys
2011/02/22 07:56:47.0116 6528	AFD             (ddc040fdb01ef1712a6b13e52afb104c) C:\Windows\system32\drivers\afd.sys
2011/02/22 07:56:47.0148 6528	agp440          (507812c3054c21cef746b6ee3d04dd6e) C:\Windows\system32\DRIVERS\agp440.sys
2011/02/22 07:56:47.0178 6528	aic78xx         (8b30250d573a8f6b4bd23195160d8707) C:\Windows\system32\DRIVERS\djsvs.sys
2011/02/22 07:56:47.0221 6528	aliide          (0d40bcf52ea90fc7df2aeab6503dea44) C:\Windows\system32\DRIVERS\aliide.sys
2011/02/22 07:56:47.0248 6528	amdagp          (3c6600a0696e90a463771c7422e23ab5) C:\Windows\system32\DRIVERS\amdagp.sys
2011/02/22 07:56:47.0268 6528	amdide          (cd5914170297126b6266860198d1d4f0) C:\Windows\system32\DRIVERS\amdide.sys
2011/02/22 07:56:47.0300 6528	AmdK8           (00dda200d71bac534bf56a9db5dfd666) C:\Windows\system32\DRIVERS\amdk8.sys
2011/02/22 07:56:47.0337 6528	AmdPPM          (3cbf30f5370fda40dd3e87df38ea53b6) C:\Windows\system32\DRIVERS\amdppm.sys
2011/02/22 07:56:47.0363 6528	amdsata         (2101a86c25c154f8314b24ef49d7fbc2) C:\Windows\system32\DRIVERS\amdsata.sys
2011/02/22 07:56:47.0392 6528	amdsbs          (ea43af0c423ff267355f74e7a53bdaba) C:\Windows\system32\DRIVERS\amdsbs.sys
2011/02/22 07:56:47.0415 6528	amdxata         (b81c2b5616f6420a9941ea093a92b150) C:\Windows\system32\DRIVERS\amdxata.sys
2011/02/22 07:56:47.0443 6528	AppID           (feb834c02ce1e84b6a38f953ca067706) C:\Windows\system32\drivers\appid.sys
2011/02/22 07:56:47.0485 6528	arc             (2932004f49677bd84dbc72edb754ffb3) C:\Windows\system32\DRIVERS\arc.sys
2011/02/22 07:56:47.0508 6528	arcsas          (5d6f36c46fd283ae1b57bd2e9feb0bc7) C:\Windows\system32\DRIVERS\arcsas.sys
2011/02/22 07:56:47.0556 6528	AsyncMac        (add2ade1c2b285ab8378d2daaf991481) C:\Windows\system32\DRIVERS\asyncmac.sys
2011/02/22 07:56:47.0594 6528	atapi           (338c86357871c167a96ab976519bf59e) C:\Windows\system32\DRIVERS\atapi.sys
2011/02/22 07:56:47.0658 6528	b06bdrv         (1a231abec60fd316ec54c66715543cec) C:\Windows\system32\DRIVERS\bxvbdx.sys
2011/02/22 07:56:47.0688 6528	b57nd60x        (bd8869eb9cde6bbe4508d869929869ee) C:\Windows\system32\DRIVERS\b57nd60x.sys
2011/02/22 07:56:47.0728 6528	Beep            (505506526a9d467307b3c393dedaf858) C:\Windows\system32\drivers\Beep.sys
2011/02/22 07:56:47.0766 6528	blbdrive        (2287078ed48fcfc477b05b20cf38f36f) C:\Windows\system32\DRIVERS\blbdrive.sys
2011/02/22 07:56:47.0796 6528	bowser          (fcafaef6798d7b51ff029f99a9898961) C:\Windows\system32\DRIVERS\bowser.sys
2011/02/22 07:56:47.0813 6528	BrFiltLo        (9f9acc7f7ccde8a15c282d3f88b43309) C:\Windows\system32\DRIVERS\BrFiltLo.sys
2011/02/22 07:56:47.0837 6528	BrFiltUp        (56801ad62213a41f6497f96dee83755a) C:\Windows\system32\DRIVERS\BrFiltUp.sys
2011/02/22 07:56:47.0873 6528	Brserid         (845b8ce732e67f3b4133164868c666ea) C:\Windows\System32\Drivers\Brserid.sys
2011/02/22 07:56:47.0893 6528	BrSerWdm        (203f0b1e73adadbbb7b7b1fabd901f6b) C:\Windows\System32\Drivers\BrSerWdm.sys
2011/02/22 07:56:47.0915 6528	BrUsbMdm        (bd456606156ba17e60a04e18016ae54b) C:\Windows\System32\Drivers\BrUsbMdm.sys
2011/02/22 07:56:47.0936 6528	BrUsbSer        (af72ed54503f717a43268b3cc5faec2e) C:\Windows\System32\Drivers\BrUsbSer.sys
2011/02/22 07:56:47.0960 6528	BTHMODEM        (ed3df7c56ce0084eb2034432fc56565a) C:\Windows\system32\DRIVERS\bthmodem.sys
2011/02/22 07:56:47.0996 6528	cdfs            (77ea11b065e0a8ab902d78145ca51e10) C:\Windows\system32\DRIVERS\cdfs.sys
2011/02/22 07:56:48.0023 6528	cdrom           (ba6e70aa0e6091bc39de29477d866a77) C:\Windows\system32\DRIVERS\cdrom.sys
2011/02/22 07:56:48.0050 6528	circlass        (3fe3fe94a34df6fb06e6418d0f6a0060) C:\Windows\system32\DRIVERS\circlass.sys
2011/02/22 07:56:48.0089 6528	CLFS            (635181e0e9bbf16871bf5380d71db02d) C:\Windows\system32\CLFS.sys
2011/02/22 07:56:48.0135 6528	CmBatt          (dea805815e587dad1dd2c502220b5616) C:\Windows\system32\DRIVERS\CmBatt.sys
2011/02/22 07:56:48.0154 6528	cmdide          (c537b1db64d495b9b4717b4d6d9edbf2) C:\Windows\system32\DRIVERS\cmdide.sys
2011/02/22 07:56:48.0183 6528	CNG             (1b675691ed940766149c93e8f4488d68) C:\Windows\system32\Drivers\cng.sys
2011/02/22 07:56:48.0209 6528	Compbatt        (a6023d3823c37043986713f118a89bee) C:\Windows\system32\DRIVERS\compbatt.sys
2011/02/22 07:56:48.0231 6528	CompositeBus    (f1724ba27e97d627f808fb0ba77a28a6) C:\Windows\system32\DRIVERS\CompositeBus.sys
2011/02/22 07:56:48.0262 6528	crcdisk         (2c4ebcfc84a9b44f209dff6c6e6c61d1) C:\Windows\system32\DRIVERS\crcdisk.sys
2011/02/22 07:56:48.0377 6528	CSC             (27c9490bdd0ae48911ab8cf1932591ed) C:\Windows\system32\drivers\csc.sys
2011/02/22 07:56:48.0430 6528	CVirtA          (b5ecadf7708960f1818c7fa015f4c239) C:\Windows\system32\DRIVERS\CVirtA.sys
2011/02/22 07:56:48.0459 6528	CVPNDRVA        (18994842386fd3039279d7865740abbd) C:\Windows\system32\Drivers\CVPNDRVA.sys
2011/02/22 07:56:48.0504 6528	DfsC            (8e09e52ee2e3ceb199ef3dd99cf9e3fb) C:\Windows\system32\Drivers\dfsc.sys
2011/02/22 07:56:48.0531 6528	discache        (1a050b0274bfb3890703d490f330c0da) C:\Windows\system32\drivers\discache.sys
2011/02/22 07:56:48.0567 6528	Disk            (565003f326f99802e68ca78f2a68e9ff) C:\Windows\system32\DRIVERS\disk.sys
2011/02/22 07:56:48.0591 6528	DNE             (b5aa5aa5ac327bd7c1aec0c58f0c1144) C:\Windows\system32\DRIVERS\dne2000.sys
2011/02/22 07:56:48.0650 6528	drmkaud         (b918e7c5f9bf77202f89e1a9539f2eb4) C:\Windows\system32\drivers\drmkaud.sys
2011/02/22 07:56:48.0707 6528	dtsoftbus01     (b672b993207dd5e2f73fcda8c0427b0f) C:\Windows\system32\DRIVERS\dtsoftbus01.sys
2011/02/22 07:56:48.0747 6528	DXGKrnl         (8b6c3464d7fac176500061dbfff42ad4) C:\Windows\System32\drivers\dxgkrnl.sys
2011/02/22 07:56:48.0777 6528	E1G60           (22ef8965101685add128f03a2b03ce16) C:\Windows\system32\DRIVERS\E1G60I32.sys
2011/02/22 07:56:48.0878 6528	ebdrv           (024e1b5cac09731e4d868e64dbfb4ab0) C:\Windows\system32\DRIVERS\evbdx.sys
2011/02/22 07:56:48.0982 6528	elxstor         (0ed67910c8c326796faa00b2bf6d9d3c) C:\Windows\system32\DRIVERS\elxstor.sys
2011/02/22 07:56:49.0038 6528	epmntdrv        (539ca34fbc74ec366a0d751028c32a08) C:\Windows\system32\epmntdrv.sys
2011/02/22 07:56:49.0083 6528	ErrDev          (8fc3208352dd3912c94367a206ab3f11) C:\Windows\system32\DRIVERS\errdev.sys
2011/02/22 07:56:49.0142 6528	EUBAKUP         (9f96640065a543b2b7b1e8cd5e35b650) C:\Windows\system32\drivers\eubakup.sys
2011/02/22 07:56:49.0169 6528	EuDisk          (b9a03d02dbcaa8e6179fc467f317f465) C:\Windows\system32\DRIVERS\EuDisk.sys
2011/02/22 07:56:49.0195 6528	EUDSKACS        (753a3477c7383fc8d8e7c0d70246e1af) C:\Windows\system32\drivers\eudskacs.sys
2011/02/22 07:56:49.0231 6528	EUFS            (93dee9680c615b54ed5530aa70ef04ee) C:\Windows\system32\drivers\eufs.sys
2011/02/22 07:56:49.0289 6528	EuGdiDrv        (1f2f4ab15ce03ecc257feb2f6dc5a013) C:\Windows\system32\EuGdiDrv.sys
2011/02/22 07:56:49.0348 6528	exfat           (2dc9108d74081149cc8b651d3a26207f) C:\Windows\system32\drivers\exfat.sys
2011/02/22 07:56:49.0377 6528	fastfat         (7e0ab74553476622fb6ae36f73d97d35) C:\Windows\system32\drivers\fastfat.sys
2011/02/22 07:56:49.0400 6528	fdc             (e817a017f82df2a1f8cfdbda29388b29) C:\Windows\system32\DRIVERS\fdc.sys
2011/02/22 07:56:49.0421 6528	FileInfo        (6cf00369c97f3cf563be99be983d13d8) C:\Windows\system32\drivers\fileinfo.sys
2011/02/22 07:56:49.0454 6528	Filetrace       (42c51dc94c91da21cb9196eb64c45db9) C:\Windows\system32\drivers\filetrace.sys
2011/02/22 07:56:49.0479 6528	flpydisk        (87907aa70cb3c56600f1c2fb8841579b) C:\Windows\system32\DRIVERS\flpydisk.sys
2011/02/22 07:56:49.0516 6528	FltMgr          (7520ec808e0c35e0ee6f841294316653) C:\Windows\system32\drivers\fltmgr.sys
2011/02/22 07:56:49.0557 6528	FsDepends       (1a16b57943853e598cff37fe2b8cbf1d) C:\Windows\system32\drivers\FsDepends.sys
2011/02/22 07:56:49.0576 6528	Fs_Rec          (a574b4360e438977038aae4bf60d79a2) C:\Windows\system32\drivers\Fs_Rec.sys
2011/02/22 07:56:49.0627 6528	fvevol          (5592f5dba26282d24d2b080eb438a4d7) C:\Windows\system32\DRIVERS\fvevol.sys
2011/02/22 07:56:49.0651 6528	gagp30kx        (65ee0c7a58b65e74ae05637418153938) C:\Windows\system32\DRIVERS\gagp30kx.sys
2011/02/22 07:56:49.0710 6528	giveio          (77ebf3e9386daa51551af429052d88d0) C:\Windows\system32\giveio.sys
2011/02/22 07:56:49.0754 6528	hcw85cir        (c44e3c2bab6837db337ddee7544736db) C:\Windows\system32\drivers\hcw85cir.sys
2011/02/22 07:56:49.0810 6528	HdAudAddService (3530cad25deba7dc7de8bb51632cbc5f) C:\Windows\system32\drivers\HdAudio.sys
2011/02/22 07:56:49.0842 6528	HDAudBus        (717a2207fd6f13ad3e664c7d5a43c7bf) C:\Windows\system32\DRIVERS\HDAudBus.sys
2011/02/22 07:56:49.0863 6528	HidBatt         (1d58a7f3e11a9731d0eaaaa8405acc36) C:\Windows\system32\DRIVERS\HidBatt.sys
2011/02/22 07:56:49.0893 6528	HidBth          (89448f40e6df260c206a193a4683ba78) C:\Windows\system32\DRIVERS\hidbth.sys
2011/02/22 07:56:49.0980 6528	HidIr           (cf50b4cf4a4f229b9f3c08351f99ca5e) C:\Windows\system32\DRIVERS\hidir.sys
2011/02/22 07:56:50.0042 6528	HidUsb          (25072fb35ac90b25f9e4e3bacf774102) C:\Windows\system32\DRIVERS\hidusb.sys
2011/02/22 07:56:50.0101 6528	HpSAMD          (295fdc419039090eb8b49ffdbb374549) C:\Windows\system32\DRIVERS\HpSAMD.sys
2011/02/22 07:56:50.0138 6528	HTTP            (c531c7fd9e8b62021112787c4e2c5a5a) C:\Windows\system32\drivers\HTTP.sys
2011/02/22 07:56:50.0168 6528	hwpolicy        (8305f33cde89ad6c7a0763ed0b5a8d42) C:\Windows\system32\drivers\hwpolicy.sys
2011/02/22 07:56:50.0202 6528	i8042prt        (f151f0bdc47f4a28b1b20a0818ea36d6) C:\Windows\system32\DRIVERS\i8042prt.sys
2011/02/22 07:56:50.0229 6528	iaStorV         (934af4d7c5f457b9f0743f4299b77b67) C:\Windows\system32\DRIVERS\iaStorV.sys
2011/02/22 07:56:50.0261 6528	iirsp           (4173ff5708f3236cf25195fecd742915) C:\Windows\system32\DRIVERS\iirsp.sys
2011/02/22 07:56:50.0295 6528	intelide        (a0f12f2c9ba6c72f3987ce780e77c130) C:\Windows\system32\DRIVERS\intelide.sys
2011/02/22 07:56:50.0329 6528	intelppm        (3b514d27bfc4accb4037bc6685f766e0) C:\Windows\system32\DRIVERS\intelppm.sys
2011/02/22 07:56:50.0374 6528	IpFilterDriver  (709d1761d3b19a932ff0238ea6d50200) C:\Windows\system32\DRIVERS\ipfltdrv.sys
2011/02/22 07:56:50.0409 6528	IPMIDRV         (e4454b6c37d7ffd5649611f6496308a7) C:\Windows\system32\DRIVERS\IPMIDrv.sys
2011/02/22 07:56:50.0438 6528	IPNAT           (a5fa468d67abcdaa36264e463a7bb0cd) C:\Windows\system32\drivers\ipnat.sys
2011/02/22 07:56:50.0462 6528	IRENUM          (42996cff20a3084a56017b7902307e9f) C:\Windows\system32\drivers\irenum.sys
2011/02/22 07:56:50.0489 6528	isapnp          (1f32bb6b38f62f7df1a7ab7292638a35) C:\Windows\system32\DRIVERS\isapnp.sys
2011/02/22 07:56:50.0527 6528	iScsiPrt        (ed46c223ae46c6866ab77cdc41c404b7) C:\Windows\system32\DRIVERS\msiscsi.sys
2011/02/22 07:56:50.0556 6528	kbdclass        (adef52ca1aeae82b50df86b56413107e) C:\Windows\system32\DRIVERS\kbdclass.sys
2011/02/22 07:56:50.0585 6528	kbdhid          (3d9f0ebf350edcfd6498057301455964) C:\Windows\system32\DRIVERS\kbdhid.sys
2011/02/22 07:56:50.0618 6528	KSecDD          (e36a061ec11b373826905b21be10948f) C:\Windows\system32\Drivers\ksecdd.sys
2011/02/22 07:56:50.0646 6528	KSecPkg         (26c046977e85b95036453d7b88ba1820) C:\Windows\system32\Drivers\ksecpkg.sys
2011/02/22 07:56:50.0716 6528	LHidFilt        (c91206ca84684057118265e8377c77b6) C:\Windows\system32\DRIVERS\LHidFilt.Sys
2011/02/22 07:56:50.0767 6528	lltdio          (f7611ec07349979da9b0ae1f18ccc7a6) C:\Windows\system32\DRIVERS\lltdio.sys
2011/02/22 07:56:50.0800 6528	LMouFilt        (9f03720fa5e6d14cd4dfea610f2c1a7c) C:\Windows\system32\DRIVERS\LMouFilt.Sys
2011/02/22 07:56:50.0829 6528	LSI_FC          (eb119a53ccf2acc000ac71b065b78fef) C:\Windows\system32\DRIVERS\lsi_fc.sys
2011/02/22 07:56:50.0860 6528	LSI_SAS         (8ade1c877256a22e49b75d1cc9161f9c) C:\Windows\system32\DRIVERS\lsi_sas.sys
2011/02/22 07:56:50.0886 6528	LSI_SAS2        (dc9dc3d3daa0e276fd2ec262e38b11e9) C:\Windows\system32\DRIVERS\lsi_sas2.sys
2011/02/22 07:56:50.0916 6528	LSI_SCSI        (0a036c7d7cab643a7f07135ac47e0524) C:\Windows\system32\DRIVERS\lsi_scsi.sys
2011/02/22 07:56:50.0954 6528	luafv           (6703e366cc18d3b6e534f5cf7df39cee) C:\Windows\system32\drivers\luafv.sys
2011/02/22 07:56:50.0989 6528	megasas         (0fff5b045293002ab38eb1fd1fc2fb74) C:\Windows\system32\DRIVERS\megasas.sys
2011/02/22 07:56:51.0022 6528	MegaSR          (dcbab2920c75f390caf1d29f675d03d6) C:\Windows\system32\DRIVERS\MegaSR.sys
2011/02/22 07:56:51.0054 6528	Modem           (f001861e5700ee84e2d4e52c712f4964) C:\Windows\system32\drivers\modem.sys
2011/02/22 07:56:51.0081 6528	monitor         (79d10964de86b292320e9dfe02282a23) C:\Windows\system32\DRIVERS\monitor.sys
2011/02/22 07:56:51.0098 6528	mouclass        (fb18cc1d4c2e716b6b903b0ac0cc0609) C:\Windows\system32\DRIVERS\mouclass.sys
2011/02/22 07:56:51.0122 6528	mouhid          (2c388d2cd01c9042596cf3c8f3c7b24d) C:\Windows\system32\DRIVERS\mouhid.sys
2011/02/22 07:56:51.0149 6528	mountmgr        (921c18727c5920d6c0300736646931c2) C:\Windows\system32\drivers\mountmgr.sys
2011/02/22 07:56:51.0197 6528	MpFilter        (7e34bfa1a7b60bba1da03d677f16cd63) C:\Windows\system32\DRIVERS\MpFilter.sys
2011/02/22 07:56:51.0229 6528	mpio            (2af5997438c55fb79d33d015c30e1974) C:\Windows\system32\DRIVERS\mpio.sys
2011/02/22 07:56:51.0351 6528	MpKslf962bc6c   (5f53edfead46fa7adb78eee9ecce8fdf) C:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{65154097-41F9-4B5F-9A46-801D20E27D9C}\MpKslf962bc6c.sys
2011/02/22 07:56:51.0385 6528	MpNWMon         (f32e2d6a1640a469a9ed4f1929a4a861) C:\Windows\system32\DRIVERS\MpNWMon.sys
2011/02/22 07:56:51.0413 6528	mpsdrv          (ad2723a7b53dd1aacae6ad8c0bfbf4d0) C:\Windows\system32\drivers\mpsdrv.sys
2011/02/22 07:56:51.0463 6528	MREMP50         (9bd4dcb5412921864a7aacdedfbd1923) C:\PROGRA~1\COMMON~1\Motive\MREMP50.SYS
2011/02/22 07:56:51.0539 6528	MRESP50         (07c02c892e8e1a72d6bf35004f0e9c5e) C:\PROGRA~1\COMMON~1\Motive\MRESP50.SYS
2011/02/22 07:56:51.0582 6528	MRxDAV          (b1be47008d20e43da3adc37c24cdb89d) C:\Windows\system32\drivers\mrxdav.sys
2011/02/22 07:56:51.0613 6528	mrxsmb          (9e5dd4ef01aed723abf5342ef23ff012) C:\Windows\system32\DRIVERS\mrxsmb.sys
2011/02/22 07:56:51.0649 6528	mrxsmb10        (6532acbf612a8d340ef9e25e4fef21ee) C:\Windows\system32\DRIVERS\mrxsmb10.sys
2011/02/22 07:56:51.0680 6528	mrxsmb20        (24d76abe5dcad22f19d105f76fdf0ce1) C:\Windows\system32\DRIVERS\mrxsmb20.sys
2011/02/22 07:56:51.0702 6528	msahci          (4326d168944123f38dd3b2d9c37a0b12) C:\Windows\system32\DRIVERS\msahci.sys
2011/02/22 07:56:51.0728 6528	msdsm           (455029c7174a2dbb03dba8a0d8bddd9a) C:\Windows\system32\DRIVERS\msdsm.sys
2011/02/22 07:56:51.0776 6528	Msfs            (daefb28e3af5a76abcc2c3078c07327f) C:\Windows\system32\drivers\Msfs.sys
2011/02/22 07:56:51.0798 6528	mshidkmdf       (3e1e5767043c5af9367f0056295e9f84) C:\Windows\System32\drivers\mshidkmdf.sys
2011/02/22 07:56:51.0820 6528	msisadrv        (0a4e5757ae09fa9622e3158cc1aef114) C:\Windows\system32\DRIVERS\msisadrv.sys
2011/02/22 07:56:51.0923 6528	MSKSSRV         (8c0860d6366aaffb6c5bb9df9448e631) C:\Windows\system32\drivers\MSKSSRV.sys
2011/02/22 07:56:52.0039 6528	MSPCLOCK        (3ea8b949f963562cedbb549eac0c11ce) C:\Windows\system32\drivers\MSPCLOCK.sys
2011/02/22 07:56:52.0066 6528	MSPQM           (f456e973590d663b1073e9c463b40932) C:\Windows\system32\drivers\MSPQM.sys
2011/02/22 07:56:52.0092 6528	MsRPC           (0e008fc4819d238c51d7c93e7b41e560) C:\Windows\system32\drivers\MsRPC.sys
2011/02/22 07:56:52.0126 6528	mssmbios        (fc6b9ff600cc585ea38b12589bd4e246) C:\Windows\system32\DRIVERS\mssmbios.sys
2011/02/22 07:56:52.0151 6528	MSTEE           (b42c6b921f61a6e55159b8be6cd54a36) C:\Windows\system32\drivers\MSTEE.sys
2011/02/22 07:56:52.0196 6528	msvad_simple    (00c7b2306f1ca5389a1ac6d1df9c2e25) C:\Windows\system32\drivers\povrtdev.sys
2011/02/22 07:56:52.0233 6528	MTConfig        (33599130f44e1f34631cea241de8ac84) C:\Windows\system32\DRIVERS\MTConfig.sys
2011/02/22 07:56:52.0269 6528	Mup             (159fad02f64e6381758c990f753bcc80) C:\Windows\system32\Drivers\mup.sys
2011/02/22 07:56:52.0318 6528	NativeWifiP     (26384429fcd85d83746f63e798ab1480) C:\Windows\system32\DRIVERS\nwifi.sys
2011/02/22 07:56:52.0367 6528	NDIS            (23759d175a0a9baaf04d05047bc135a8) C:\Windows\system32\drivers\ndis.sys
2011/02/22 07:56:52.0413 6528	NdisCap         (0e1787aa6c9191d3d319e8bafe86f80c) C:\Windows\system32\DRIVERS\ndiscap.sys
2011/02/22 07:56:52.0450 6528	NdisTapi        (e4a8aec125a2e43a9e32afeea7c9c888) C:\Windows\system32\DRIVERS\ndistapi.sys
2011/02/22 07:56:52.0475 6528	Ndisuio         (b30ae7f2b6d7e343b0df32e6c08fce75) C:\Windows\system32\DRIVERS\ndisuio.sys
2011/02/22 07:56:52.0501 6528	NdisWan         (267c415eadcbe53c9ca873dee39cf3a4) C:\Windows\system32\DRIVERS\ndiswan.sys
2011/02/22 07:56:52.0525 6528	NDProxy         (af7e7c63dcef3f8772726f86039d6eb4) C:\Windows\system32\drivers\NDProxy.sys
2011/02/22 07:56:52.0552 6528	NetBIOS         (80b275b1ce3b0e79909db7b39af74d51) C:\Windows\system32\DRIVERS\netbios.sys
2011/02/22 07:56:52.0577 6528	NetBT           (dd52a733bf4ca5af84562a5e2f963b91) C:\Windows\system32\DRIVERS\netbt.sys
2011/02/22 07:56:52.0661 6528	nfrd960         (1d85c4b390b0ee09c7a46b91efb2c097) C:\Windows\system32\DRIVERS\nfrd960.sys
2011/02/22 07:56:52.0702 6528	NisDrv          (17e2c08c5ecfbe94a7c67b1c275ee9d9) C:\Windows\system32\DRIVERS\NisDrvWFP.sys
2011/02/22 07:56:52.0739 6528	Npfs            (1db262a9f8c087e8153d89bef3d2235f) C:\Windows\system32\drivers\Npfs.sys
2011/02/22 07:56:52.0772 6528	nsiproxy        (e9a0a4d07e53d8fea2bb8387a3293c58) C:\Windows\system32\drivers\nsiproxy.sys
2011/02/22 07:56:52.0824 6528	Ntfs            (3795dcd21f740ee799fb7223234215af) C:\Windows\system32\drivers\Ntfs.sys
2011/02/22 07:56:52.0878 6528	Null            (f9756a98d69098dca8945d62858a812c) C:\Windows\system32\drivers\Null.sys
2011/02/22 07:56:53.0117 6528	nvlddmkm        (bd409de5681c74c1de51d72427dc202d) C:\Windows\system32\DRIVERS\nvlddmkm.sys
2011/02/22 07:56:53.0320 6528	nvraid          (3f3d04b1d08d43c16ea7963954ec768d) C:\Windows\system32\DRIVERS\nvraid.sys
2011/02/22 07:56:53.0426 6528	nvstor          (c99f251a5de63c6f129cf71933aced0f) C:\Windows\system32\DRIVERS\nvstor.sys
2011/02/22 07:56:53.0471 6528	nv_agp          (5a0983915f02bae73267cc2a041f717d) C:\Windows\system32\DRIVERS\nv_agp.sys
2011/02/22 07:56:53.0500 6528	ohci1394        (08a70a1f2cdde9bb49b885cb817a66eb) C:\Windows\system32\DRIVERS\ohci1394.sys
2011/02/22 07:56:53.0557 6528	Parport         (2ea877ed5dd9713c5ac74e8ea7348d14) C:\Windows\system32\DRIVERS\parport.sys
2011/02/22 07:56:53.0588 6528	partmgr         (ff4218952b51de44fe910953a3e686b9) C:\Windows\system32\drivers\partmgr.sys
2011/02/22 07:56:53.0625 6528	Parvdm          (eb0a59f29c19b86479d36b35983daadc) C:\Windows\system32\DRIVERS\parvdm.sys
2011/02/22 07:56:53.0661 6528	pci             (c858cb77c577780ecc456a892e7e7d0f) C:\Windows\system32\DRIVERS\pci.sys
2011/02/22 07:56:53.0685 6528	pciide          (afe86f419014db4e5593f69ffe26ce0a) C:\Windows\system32\DRIVERS\pciide.sys
2011/02/22 07:56:53.0711 6528	pcmcia          (f396431b31693e71e8a80687ef523506) C:\Windows\system32\DRIVERS\pcmcia.sys
2011/02/22 07:56:53.0744 6528	pcw             (250f6b43d2b613172035c6747aeeb19f) C:\Windows\system32\drivers\pcw.sys
2011/02/22 07:56:53.0788 6528	PEAUTH          (9e0104ba49f4e6973749a02bf41344ed) C:\Windows\system32\drivers\peauth.sys
2011/02/22 07:56:53.0901 6528	PptpMiniport    (631e3e205ad6d86f2aed6a4a8e69f2db) C:\Windows\system32\DRIVERS\raspptp.sys
2011/02/22 07:56:53.0923 6528	Processor       (85b1e3a0c7585bc4aae6899ec6fcf011) C:\Windows\system32\DRIVERS\processr.sys
2011/02/22 07:56:53.0974 6528	Psched          (6270ccae2a86de6d146529fe55b3246a) C:\Windows\system32\DRIVERS\pacer.sys
2011/02/22 07:56:54.0039 6528	ql2300          (ab95ecf1f6659a60ddc166d8315b0751) C:\Windows\system32\DRIVERS\ql2300.sys
2011/02/22 07:56:54.0108 6528	ql40xx          (b4dd51dd25182244b86737dc51af2270) C:\Windows\system32\DRIVERS\ql40xx.sys
2011/02/22 07:56:54.0146 6528	QWAVEdrv        (584078ca1b95ca72df2a27c336f9719d) C:\Windows\system32\drivers\qwavedrv.sys
2011/02/22 07:56:54.0176 6528	RasAcd          (30a81b53c766d0133bb86d234e5556ab) C:\Windows\system32\DRIVERS\rasacd.sys
2011/02/22 07:56:54.0210 6528	RasAgileVpn     (57ec4aef73660166074d8f7f31c0d4fd) C:\Windows\system32\DRIVERS\AgileVpn.sys
2011/02/22 07:56:54.0240 6528	Rasl2tp         (d9f91eafec2815365cbe6d167e4e332a) C:\Windows\system32\DRIVERS\rasl2tp.sys
2011/02/22 07:56:54.0274 6528	RasPppoe        (0fe8b15916307a6ac12bfb6a63e45507) C:\Windows\system32\DRIVERS\raspppoe.sys
2011/02/22 07:56:54.0311 6528	RasSstp         (44101f495a83ea6401d886e7fd70096b) C:\Windows\system32\DRIVERS\rassstp.sys
2011/02/22 07:56:54.0344 6528	rdbss           (835d7e81bf517a3b72384bdcc85e1ce6) C:\Windows\system32\DRIVERS\rdbss.sys
2011/02/22 07:56:54.0373 6528	rdpbus          (0d8f05481cb76e70e1da06ee9f0da9df) C:\Windows\system32\DRIVERS\rdpbus.sys
2011/02/22 07:56:54.0400 6528	RDPCDD          (1e016846895b15a99f9a176a05029075) C:\Windows\system32\DRIVERS\RDPCDD.sys
2011/02/22 07:56:54.0431 6528	RDPDR           (c5ff95883ffef704d50c40d21cfb3ab5) C:\Windows\system32\drivers\rdpdr.sys
2011/02/22 07:56:54.0450 6528	RDPENCDD        (5a53ca1598dd4156d44196d200c94b8a) C:\Windows\system32\drivers\rdpencdd.sys
2011/02/22 07:56:54.0475 6528	RDPREFMP        (44b0a53cd4f27d50ed461dae0c0b4e1f) C:\Windows\system32\drivers\rdprefmp.sys
2011/02/22 07:56:54.0508 6528	RDPWD           (801371ba9782282892d00aadb08ee367) C:\Windows\system32\drivers\RDPWD.sys
2011/02/22 07:56:54.0538 6528	rdyboost        (4ea225bf1cf05e158853f30a99ca29a7) C:\Windows\system32\drivers\rdyboost.sys
2011/02/22 07:56:54.0589 6528	rspndr          (032b0d36ad92b582d869879f5af5b928) C:\Windows\system32\DRIVERS\rspndr.sys
2011/02/22 07:56:54.0635 6528	RTL8167         (7dfd48e24479b68b258d8770121155a0) C:\Windows\system32\DRIVERS\Rt86win7.sys
2011/02/22 07:56:54.0673 6528	s3cap           (5423d8437051e89dd34749f242c98648) C:\Windows\system32\DRIVERS\vms3cap.sys
2011/02/22 07:56:54.0721 6528	sbp2port        (34ee0c44b724e3e4ce2eff29126de5b5) C:\Windows\system32\DRIVERS\sbp2port.sys
2011/02/22 07:56:54.0758 6528	scfilter        (a95c54b2ac3cc9c73fcdf9e51a1d6b51) C:\Windows\system32\DRIVERS\scfilter.sys
2011/02/22 07:56:54.0803 6528	secdrv          (90a3935d05b494a5a39d37e71f09a677) C:\Windows\system32\drivers\secdrv.sys
2011/02/22 07:56:54.0842 6528	Serenum         (9ad8b8b515e3df6acd4212ef465de2d1) C:\Windows\system32\DRIVERS\serenum.sys
2011/02/22 07:56:54.0863 6528	Serial          (5fb7fcea0490d821f26f39cc5ea3d1e2) C:\Windows\system32\DRIVERS\serial.sys
2011/02/22 07:56:54.0892 6528	sermouse        (79bffb520327ff916a582dfea17aa813) C:\Windows\system32\DRIVERS\sermouse.sys
2011/02/22 07:56:54.0935 6528	sffdisk         (9f976e1eb233df46fce808d9dea3eb9c) C:\Windows\system32\DRIVERS\sffdisk.sys
2011/02/22 07:56:54.0961 6528	sffp_mmc        (932a68ee27833cfd57c1639d375f2731) C:\Windows\system32\DRIVERS\sffp_mmc.sys
2011/02/22 07:56:54.0982 6528	sffp_sd         (4f1e5b0fe7c8050668dbfade8999aefb) C:\Windows\system32\DRIVERS\sffp_sd.sys
2011/02/22 07:56:55.0006 6528	sfloppy         (db96666cc8312ebc45032f30b007a547) C:\Windows\system32\DRIVERS\sfloppy.sys
2011/02/22 07:56:55.0042 6528	sisagp          (2565cac0dc9fe0371bdce60832582b2e) C:\Windows\system32\DRIVERS\sisagp.sys
2011/02/22 07:56:55.0071 6528	SiSRaid2        (a9f0486851becb6dda1d89d381e71055) C:\Windows\system32\DRIVERS\SiSRaid2.sys
2011/02/22 07:56:55.0105 6528	SiSRaid4        (3727097b55738e2f554972c3be5bc1aa) C:\Windows\system32\DRIVERS\sisraid4.sys
2011/02/22 07:56:55.0135 6528	Smb             (3e21c083b8a01cb70ba1f09303010fce) C:\Windows\system32\DRIVERS\smb.sys
2011/02/22 07:56:55.0183 6528	speedfan        (5d6401db90ec81b71f8e2c5c8f0fef23) C:\Windows\system32\speedfan.sys
2011/02/22 07:56:55.0203 6528	spldr           (95cf1ae7527fb70f7816563cbc09d942) C:\Windows\system32\drivers\spldr.sys
2011/02/22 07:56:55.0272 6528	srv             (50a83ca406c808bd35ac9141a0c7618f) C:\Windows\system32\DRIVERS\srv.sys
2011/02/22 07:56:55.0302 6528	srv2            (dce7e10feaabd4cae95948b3de5340bb) C:\Windows\system32\DRIVERS\srv2.sys
2011/02/22 07:56:55.0333 6528	srvnet          (bd1433a32792fd0dc450479094fc435a) C:\Windows\system32\DRIVERS\srvnet.sys
2011/02/22 07:56:55.0385 6528	stexstor        (db32d325c192b801df274bfd12a7e72b) C:\Windows\system32\DRIVERS\stexstor.sys
2011/02/22 07:56:55.0420 6528	storflt         (957e346ca948668f2496a6ccf6ff82cc) C:\Windows\system32\DRIVERS\vmstorfl.sys
2011/02/22 07:56:55.0447 6528	storvsc         (d5751969dc3e4b88bf482ac8ec9fe019) C:\Windows\system32\DRIVERS\storvsc.sys
2011/02/22 07:56:55.0465 6528	swenum          (e58c78a848add9610a4db6d214af5224) C:\Windows\system32\DRIVERS\swenum.sys
2011/02/22 07:56:55.0536 6528	Tcpip           (2cc3d75488abd3ec628bbb9a4fc84efc) C:\Windows\system32\drivers\tcpip.sys
2011/02/22 07:56:55.0603 6528	TCPIP6          (2cc3d75488abd3ec628bbb9a4fc84efc) C:\Windows\system32\DRIVERS\tcpip.sys
2011/02/22 07:56:55.0632 6528	tcpipreg        (e64444523add154f86567c469bc0b17f) C:\Windows\system32\drivers\tcpipreg.sys
2011/02/22 07:56:55.0662 6528	TDPIPE          (1875c1490d99e70e449e3afae9fcbadf) C:\Windows\system32\drivers\tdpipe.sys
2011/02/22 07:56:55.0684 6528	TDTCP           (7551e91ea999ee9a8e9c331d5a9c31f3) C:\Windows\system32\drivers\tdtcp.sys
2011/02/22 07:56:55.0713 6528	tdx             (cb39e896a2a83702d1737bfd402b3542) C:\Windows\system32\DRIVERS\tdx.sys
2011/02/22 07:56:55.0740 6528	TermDD          (c36f41ee20e6999dbf4b0425963268a5) C:\Windows\system32\DRIVERS\termdd.sys
2011/02/22 07:56:55.0796 6528	tssecsrv        (98ae6fa07d12cb4ec5cf4a9bfa5f4242) C:\Windows\system32\DRIVERS\tssecsrv.sys
2011/02/22 07:56:55.0822 6528	tunnel          (3e461d890a97f9d4c168f5fda36e1d00) C:\Windows\system32\DRIVERS\tunnel.sys
2011/02/22 07:56:55.0846 6528	uagp35          (750fbcb269f4d7dd2e420c56b795db6d) C:\Windows\system32\DRIVERS\uagp35.sys
2011/02/22 07:56:55.0879 6528	udfs            (09cc3e16f8e5ee7168e01cf8fcbe061a) C:\Windows\system32\DRIVERS\udfs.sys
2011/02/22 07:56:55.0934 6528	uliagpkx        (44e8048ace47befbfdc2e9be4cbc8880) C:\Windows\system32\DRIVERS\uliagpkx.sys
2011/02/22 07:56:55.0962 6528	umbus           (049b3a50b3d646baeeee9eec9b0668dc) C:\Windows\system32\DRIVERS\umbus.sys
2011/02/22 07:56:55.0992 6528	UmPass          (7550ad0c6998ba1cb4843e920ee0feac) C:\Windows\system32\DRIVERS\umpass.sys
2011/02/22 07:56:56.0055 6528	usbaudio        (2436a42aab4ad48a9b714e5b0f344627) C:\Windows\system32\drivers\usbaudio.sys
2011/02/22 07:56:56.0083 6528	usbccgp         (8455c4ed038efd09e99327f9d2d48ffa) C:\Windows\system32\DRIVERS\usbccgp.sys
2011/02/22 07:56:56.0116 6528	usbcir          (04ec7cec62ec3b6d9354eee93327fc82) C:\Windows\system32\DRIVERS\usbcir.sys
2011/02/22 07:56:56.0161 6528	usbcm           (a31c1f4b2448eeeff7c0d4e4d58bd9b3) C:\Windows\system32\DRIVERS\usbcm.sys
2011/02/22 07:56:56.0192 6528	usbehci         (1c333bfd60f2fed2c7ad5daf533cb742) C:\Windows\system32\DRIVERS\usbehci.sys
2011/02/22 07:56:56.0221 6528	usbhub          (ee6ef93ccfa94fae8c6ab298273d8ae2) C:\Windows\system32\DRIVERS\usbhub.sys
2011/02/22 07:56:56.0250 6528	usbohci         (a6fb7957ea7afb1165991e54ce934b74) C:\Windows\system32\DRIVERS\usbohci.sys
2011/02/22 07:56:56.0274 6528	usbprint        (797d862fe0875e75c7cc4c1ad7b30252) C:\Windows\system32\DRIVERS\usbprint.sys
2011/02/22 07:56:56.0298 6528	USBSTOR         (d8889d56e0d27e57ed4591837fe71d27) C:\Windows\system32\DRIVERS\USBSTOR.SYS
2011/02/22 07:56:56.0327 6528	usbuhci         (78780c3ebce17405b1ccd07a3a8a7d72) C:\Windows\system32\DRIVERS\usbuhci.sys
2011/02/22 07:56:56.0370 6528	usb_rndisx      (d82f43d15fdaa666856c0190cb73e7c9) C:\Windows\system32\DRIVERS\usb8023x.sys
2011/02/22 07:56:56.0410 6528	vdrvroot        (a059c4c3edb09e07d21a8e5c0aabd3cb) C:\Windows\system32\DRIVERS\vdrvroot.sys
2011/02/22 07:56:56.0438 6528	vga             (17c408214ea61696cec9c66e388b14f3) C:\Windows\system32\DRIVERS\vgapnp.sys
2011/02/22 07:56:56.0466 6528	VgaSave         (8e38096ad5c8570a6f1570a61e251561) C:\Windows\System32\drivers\vga.sys
2011/02/22 07:56:56.0498 6528	vhdmp           (3be6e1f3a4f1afec8cee0d7883f93583) C:\Windows\system32\DRIVERS\vhdmp.sys
2011/02/22 07:56:56.0532 6528	viaagp          (c829317a37b4bea8f39735d4b076e923) C:\Windows\system32\DRIVERS\viaagp.sys
2011/02/22 07:56:56.0560 6528	ViaC7           (e02f079a6aa107f06b16549c6e5c7b74) C:\Windows\system32\DRIVERS\viac7.sys
2011/02/22 07:56:56.0588 6528	viaide          (e43574f6a56a0ee11809b48c09e4fd3c) C:\Windows\system32\DRIVERS\viaide.sys
2011/02/22 07:56:56.0613 6528	vmbus           (379b349f65f453d2a6e75ea6b7448e49) C:\Windows\system32\DRIVERS\vmbus.sys
2011/02/22 07:56:56.0642 6528	VMBusHID        (ec2bbab4b84d0738c6c83d2234dc36fe) C:\Windows\system32\DRIVERS\VMBusHID.sys
2011/02/22 07:56:56.0678 6528	volmgr          (384e5a2aa49934295171e499f86ba6f3) C:\Windows\system32\DRIVERS\volmgr.sys
2011/02/22 07:56:56.0706 6528	volmgrx         (b5bb72067ddddbbfb04b2f89ff8c3c87) C:\Windows\system32\drivers\volmgrx.sys
2011/02/22 07:56:56.0733 6528	volsnap         (58df9d2481a56edde167e51b334d44fd) C:\Windows\system32\DRIVERS\volsnap.sys
2011/02/22 07:56:56.0782 6528	vpcbus          (33e74df34753fcaab06f6f2bdc8cabf5) C:\Windows\system32\DRIVERS\vpchbus.sys
2011/02/22 07:56:56.0819 6528	vpcnfltr        (5f04362ceb5fb5901037e9d9eadd3760) C:\Windows\system32\DRIVERS\vpcnfltr.sys
2011/02/22 07:56:56.0860 6528	vpcusb          (625088d6ee9ede977fd03cf18d1cd5c5) C:\Windows\system32\DRIVERS\vpcusb.sys
2011/02/22 07:56:56.0905 6528	vpcvmm          (5ed378d91e32134f3c0b3810860ffd71) C:\Windows\system32\drivers\vpcvmm.sys
2011/02/22 07:56:56.0954 6528	vpnva           (e1f2333a88ec4a5c8ea6be357323b72d) C:\Windows\system32\DRIVERS\vpnva.sys
2011/02/22 07:56:56.0983 6528	vsmraid         (9dfa0cc2f8855a04816729651175b631) C:\Windows\system32\DRIVERS\vsmraid.sys
2011/02/22 07:56:57.0012 6528	vwifibus        (90567b1e658001e79d7c8bbd3dde5aa6) C:\Windows\System32\drivers\vwifibus.sys
2011/02/22 07:56:57.0048 6528	WacomPen        (de3721e89c653aa281428c8a69745d90) C:\Windows\system32\DRIVERS\wacompen.sys
2011/02/22 07:56:57.0082 6528	WANARP          (692a712062146e96d28ba0b7d75de31b) C:\Windows\system32\DRIVERS\wanarp.sys
2011/02/22 07:56:57.0097 6528	Wanarpv6        (692a712062146e96d28ba0b7d75de31b) C:\Windows\system32\DRIVERS\wanarp.sys
2011/02/22 07:56:57.0154 6528	Wd              (1112a9badacb47b7c0bb0392e3158dff) C:\Windows\system32\DRIVERS\wd.sys
2011/02/22 07:56:57.0189 6528	Wdf01000        (9950e3d0f08141c7e89e64456ae7dc73) C:\Windows\system32\drivers\Wdf01000.sys
2011/02/22 07:56:57.0257 6528	WfpLwf          (8b9a943f3b53861f2bfaf6c186168f79) C:\Windows\system32\DRIVERS\wfplwf.sys
2011/02/22 07:56:57.0281 6528	WIMMount        (5cf95b35e59e2a38023836fff31be64c) C:\Windows\system32\drivers\wimmount.sys
2011/02/22 07:56:57.0366 6528	WinUSB          (30fc6e5448d0cbaaa95280eeef7fedae) C:\Windows\system32\DRIVERS\WinUSB.sys
2011/02/22 07:56:57.0412 6528	WmiAcpi         (0217679b8fca58714c3bf2726d2ca84e) C:\Windows\system32\DRIVERS\wmiacpi.sys
2011/02/22 07:56:57.0480 6528	ws2ifsl         (6db3276587b853bf886b69528fdb048c) C:\Windows\system32\drivers\ws2ifsl.sys
2011/02/22 07:56:57.0534 6528	WSDPrintDevice  (553f6ccd7c58eb98d4a8fbdaf283d7a9) C:\Windows\system32\DRIVERS\WSDPrint.sys
2011/02/22 07:56:57.0571 6528	WudfPf          (6f9b6c0c93232cff47d0f72d6db1d21e) C:\Windows\system32\drivers\WudfPf.sys
2011/02/22 07:56:57.0596 6528	WUDFRd          (f91ff1e51fca30b3c3981db7d5924252) C:\Windows\system32\DRIVERS\WUDFRd.sys
2011/02/22 07:56:57.0660 6528	\HardDisk0 - detected Rootkit.Win32.TDSS.tdl4 (0)
2011/02/22 07:56:57.0681 6528	================================================================================
2011/02/22 07:56:57.0681 6528	Scan finished
2011/02/22 07:56:57.0681 6528	================================================================================
2011/02/22 07:56:57.0694 6544	Detected object count: 1
2011/02/22 07:57:10.0169 6544	\HardDisk0 - will be cured after reboot
2011/02/22 07:57:10.0170 6544	Rootkit.Win32.TDSS.tdl4(\HardDisk0) - User select action: Cure 
2011/02/22 07:57:13.0042 6452	Deinitialize success

Edited by esmith972, 22 February 2011 - 09:03 AM.


#8 CatByte

CatByte

    bleepin' tiger


  • Malware Response Team
  • 14,664 posts
  • OFFLINE
  •  
  • Gender:Not Telling
  • Location:Canada
  • Local time:01:49 AM

Posted 22 February 2011 - 04:55 PM

Please give combofix another try

download a fresh copy - rename it to iexplore and run it.

thanks

Microsoft MVP - 2010, 2011, 2012, 2013, 2014, 2015


#9 esmith972

esmith972
  • Topic Starter

  • Members
  • 12 posts
  • OFFLINE
  •  
  • Local time:11:49 PM

Posted 22 February 2011 - 07:59 PM

Now it's running but it's not actually scanning anything. I turned it on shortly after you posted that message and left after 30 minutes and it was just stuck at the scanning screen. Upon my return just now, the computer was totally frozen and just had the cursor on the screen w/ a black background. I don't see a log either so I'm not sure what happened.

[EDIT] It's not even running correctly in safe mode. Safe to say it's not gonna run lol. I've tried new copies, different accounts, safe mode, running as administrator, etc. Nothing will allow this to run properly. It either freezes or it just sits at the screen saying it's scanning and never produces a log.

Edited by esmith972, 22 February 2011 - 08:35 PM.


#10 CatByte

CatByte

    bleepin' tiger


  • Malware Response Team
  • 14,664 posts
  • OFFLINE
  •  
  • Gender:Not Telling
  • Location:Canada
  • Local time:01:49 AM

Posted 22 February 2011 - 10:15 PM

Ok,

we'll move on


Please do the following:

  • Please open your MalwareBytes AntiMalware Program
  • Click the Update Tab and search for updates
  • If an update is found, it will download and install the latest version.
  • Once the program has loaded, select "Perform Quick Scan", then click Scan.
  • The scan may take some time to finish, so please be patient.
  • When the scan is complete, click OK, then Show Results to view the results.
  • Make sure that everything is checked, and click Remove Selected. <-- very important
  • When disinfection is completed, a log will open in Notepad and you may be prompted to Restart. (See Extra Note)
  • The log is automatically saved by MBAM and can be viewed by clicking the Logs tab in MBAM.
  • Copy&Paste the entire report in your next reply.

Extra Note:If MBAM encounters a file that is difficult to remove, you will be presented with 1 of 2 prompts, click OK to either and let MBAM proceed with the disinfection process, if asked to restart the computer, please do so immediately.



NEXT


Go here to run an online scanner from ESET.
  • Note: You will need to use Internet explorer for this scan
  • Turn off the real time scanner of any existing antivirus program while performing the online scan
  • Tick the box next to YES, I accept the Terms of Use.
  • Click Start
  • When asked, allow the activeX control to install
  • Click Start
  • Make sure that the option Remove found threats is unticked and the Scan Archives option is ticked.
  • Click on Advanced Settings, ensure the options Scan for potentially unwanted applications, Scan for potentially unsafe applications, and Enable Anti-Stealth Technology are ticked.
  • Click Scan
  • Wait for the scan to finish
  • When the scan completes, press the LIST OF THREATS FOUND button
  • Press EXPORT TO TEXT FILE , name the file ESETSCAN and save it to your desktop
  • Include the contents of this report in your next reply.
  • Press the BACK button.
  • Press Finish

Microsoft MVP - 2010, 2011, 2012, 2013, 2014, 2015


#11 esmith972

esmith972
  • Topic Starter

  • Members
  • 12 posts
  • OFFLINE
  •  
  • Local time:11:49 PM

Posted 23 February 2011 - 11:36 PM

I couldn't ever get ESET to load properly but MBAM removed something and I haven't had a browser redirect yet, seems to be fixed. You did the trick with that TDSS Killer. Thank you so much! :D

#12 CatByte

CatByte

    bleepin' tiger


  • Malware Response Team
  • 14,664 posts
  • OFFLINE
  •  
  • Gender:Not Telling
  • Location:Canada
  • Local time:01:49 AM

Posted 24 February 2011 - 08:53 PM

Hi

would you please post the MBAM log and try this other online scan, I'm still a little concerned that it's not 100% yet as you are still having issues getting some programs to run:

Please go HERE to run Panda's ActiveScan
  • Once you are on the Panda site click the Scan your PC Now button
  • A new window will open...click the Check Now button
  • Enter your Country
  • Enter your State/Province
  • Enter your e-mail address and click send
  • Select either Home User or Company
  • Click the big Scan Now button
  • If it wants to install an ActiveX component allow it
  • It will start downloading the files it requires for the scan (Note: It may take a couple of minutes)
  • When download is complete, click on My Computer to start the scan
  • When the scan completes, if anything malicious is detected, click the See Report button, then Save Report and save it to a convenient location.
    Post the contents of the ActiveScan report

Microsoft MVP - 2010, 2011, 2012, 2013, 2014, 2015


#13 esmith972

esmith972
  • Topic Starter

  • Members
  • 12 posts
  • OFFLINE
  •  
  • Local time:11:49 PM

Posted 26 February 2011 - 12:21 AM

Sure.


Malwarebytes' Anti-Malware 1.50.1.1100
www.malwarebytes.org

Database version: 5848

Windows 6.1.7600
Internet Explorer 8.0.7600.16385

2/22/2011 9:35:04 PM
mbam-log-2011-02-22 (21-35-04).txt

Scan type: Quick scan
Objects scanned: 166077
Time elapsed: 3 minute(s), 18 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 1
Folders Infected: 0
Files Infected: 0

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Internet Explorer\control panel\ConnectionsTab (PUM.Hijack.ConnectionControl) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully.

Folders Infected:
(No malicious items detected)

Files Infected:
(No malicious items detected)



;***********************************************************************************************************************************************************************************
ANALYSIS: 2011-02-25 23:16:45
PROTECTIONS: 1
MALWARE: 35
SUSPECTS: 4
;***********************************************************************************************************************************************************************************
PROTECTIONS
Description Version Active Updated
;===================================================================================================================================================================================
Microsoft Security Essentials Yes Yes
;===================================================================================================================================================================================
MALWARE
Id Description Type Active Severity Disinfectable Disinfected Location
;===================================================================================================================================================================================
00055560 Exploit/LoadImage HackTools No 0 Yes No d:\games\grid\audio\speech\en\names_player\pit\chief_bl_m_47.raw
00055560 Exploit/LoadImage HackTools No 0 Yes No d:\games\grid\audio\speech\en\04_position\keydriver10ahead3s_2.raw
00055560 Exploit/LoadImage HackTools No 0 Yes No d:\games\grid\audio\speech\en\08_accidents\team9term_2.raw
00139059 Cookie/Traffic Marketplace TrackingCookie No 0 Yes No c:\windows\system32\config\systemprofile\appdata\roaming\microsoft\windows\cookies\system@trafficmp[1].txt
00139060 Cookie/Casalemedia TrackingCookie No 0 Yes No c:\windows\system32\config\systemprofile\appdata\roaming\microsoft\windows\cookies\system@casalemedia[1].txt
00139061 Cookie/Doubleclick TrackingCookie No 0 Yes No c:\users\eric\appdata\roaming\microsoft\windows\cookies\eric@doubleclick[3].txt
00139061 Cookie/Doubleclick TrackingCookie No 0 Yes No c:\windows\system32\config\systemprofile\appdata\roaming\microsoft\windows\cookies\system@doubleclick[1].txt
00139061 Cookie/Doubleclick TrackingCookie No 0 Yes No c:\users\eric\appdata\roaming\microsoft\windows\cookies\eric@doubleclick[2].txt
00139061 Cookie/Doubleclick TrackingCookie No 0 Yes No c:\users\eric\appdata\roaming\microsoft\windows\cookies\eric@doubleclick[5].txt
00139061 Cookie/Doubleclick TrackingCookie No 0 Yes No c:\users\guest\appdata\roaming\microsoft\windows\cookies\guest@doubleclick[1].txt
00139061 Cookie/Doubleclick TrackingCookie No 0 Yes No c:\users\eric\appdata\roaming\microsoft\windows\cookies\eric@doubleclick[1].txt
00139064 Cookie/Atlas DMT TrackingCookie No 0 Yes No c:\windows\system32\config\systemprofile\appdata\roaming\microsoft\windows\cookies\system@atdmt[2].txt
00139064 Cookie/Atlas DMT TrackingCookie No 0 Yes No c:\users\eric\appdata\roaming\microsoft\windows\cookies\eric@atdmt[1].txt
00139064 Cookie/Atlas DMT TrackingCookie No 0 Yes No c:\users\guest\appdata\roaming\microsoft\windows\cookies\guest@atdmt[1].txt
00145457 Cookie/FastClick TrackingCookie No 0 Yes No c:\windows\system32\config\systemprofile\appdata\roaming\microsoft\windows\cookies\system@fastclick[1].txt
00145731 Cookie/Tribalfusion TrackingCookie No 0 Yes No c:\windows\system32\config\systemprofile\appdata\roaming\microsoft\windows\cookies\system@tribalfusion[1].txt
00145738 Cookie/Mediaplex TrackingCookie No 0 Yes No c:\users\guest\appdata\roaming\microsoft\windows\cookies\guest@mediaplex[2].txt
00145738 Cookie/Mediaplex TrackingCookie No 0 Yes No c:\users\eric\appdata\roaming\microsoft\windows\cookies\eric@mediaplex[2].txt
00145738 Cookie/Mediaplex TrackingCookie No 0 Yes No c:\windows\system32\config\systemprofile\appdata\roaming\microsoft\windows\cookies\system@mediaplex[1].txt
00147806 Cookie/7search TrackingCookie No 0 Yes No c:\windows\system32\config\systemprofile\appdata\roaming\microsoft\windows\cookies\system@7search[1].txt
00167747 Cookie/Azjmp TrackingCookie No 0 Yes No c:\windows\system32\config\systemprofile\appdata\roaming\microsoft\windows\cookies\system@azjmp[1].txt
00167753 Cookie/Statcounter TrackingCookie No 0 Yes No c:\windows\system32\config\systemprofile\appdata\roaming\microsoft\windows\cookies\system@statcounter[2].txt
00168048 Cookie/Overture TrackingCookie No 0 Yes No c:\windows\system32\config\systemprofile\appdata\roaming\microsoft\windows\cookies\system@perf.overture[1].txt
00168056 Cookie/YieldManager TrackingCookie No 0 Yes No c:\users\eric\appdata\roaming\microsoft\windows\cookies\eric@ad.yieldmanager[2].txt
00168061 Cookie/Apmebf TrackingCookie No 0 Yes No c:\users\guest\appdata\roaming\microsoft\windows\cookies\guest@apmebf[1].txt
00168061 Cookie/Apmebf TrackingCookie No 0 Yes No c:\users\eric\appdata\roaming\microsoft\windows\cookies\eric@apmebf[1].txt
00168061 Cookie/Apmebf TrackingCookie No 0 Yes No c:\windows\system32\config\systemprofile\appdata\roaming\microsoft\windows\cookies\system@apmebf[2].txt
00168076 Cookie/BurstNet TrackingCookie No 0 Yes No c:\windows\system32\config\systemprofile\appdata\roaming\microsoft\windows\cookies\system@burstnet[2].txt
00168090 Cookie/Serving-sys TrackingCookie No 0 Yes No c:\windows\system32\config\systemprofile\appdata\roaming\microsoft\windows\cookies\system@serving-sys[1].txt
00168093 Cookie/Serving-sys TrackingCookie No 0 Yes No c:\windows\system32\config\systemprofile\appdata\roaming\microsoft\windows\cookies\system@bs.serving-sys[2].txt
00168097 Cookie/BurstBeacon TrackingCookie No 0 Yes No c:\windows\system32\config\systemprofile\appdata\roaming\microsoft\windows\cookies\system@www.burstbeacon[2].txt
00168109 Cookie/Adtech TrackingCookie No 0 Yes No c:\windows\system32\config\systemprofile\appdata\roaming\microsoft\windows\cookies\system@adtech[1].txt
00168110 Cookie/Server.iad.Liveperson TrackingCookie No 0 Yes No c:\windows\system32\config\systemprofile\appdata\roaming\microsoft\windows\cookies\system@server.iad.liveperson[2].txt
00168116 Cookie/Comclick TrackingCookie No 0 Yes No c:\windows\system32\config\systemprofile\appdata\roaming\microsoft\windows\cookies\system@fl01.ct2.comclick[2].txt
00169190 Cookie/Advertising TrackingCookie No 0 Yes No c:\users\eric\appdata\roaming\microsoft\windows\cookies\eric@advertising[5].txt
00169190 Cookie/Advertising TrackingCookie No 0 Yes No c:\windows\system32\config\systemprofile\appdata\roaming\microsoft\windows\cookies\system@advertising[2].txt
00169190 Cookie/Advertising TrackingCookie No 0 Yes No c:\users\eric\appdata\roaming\microsoft\windows\cookies\eric@advertising[3].txt
00169190 Cookie/Advertising TrackingCookie No 0 Yes No c:\users\eric\appdata\roaming\microsoft\windows\cookies\eric@advertising[2].txt
00169190 Cookie/Advertising TrackingCookie No 0 Yes No c:\users\eric\appdata\roaming\microsoft\windows\cookies\eric@advertising[6].txt
00169190 Cookie/Advertising TrackingCookie No 0 Yes No c:\users\eric\appdata\roaming\microsoft\windows\cookies\eric@advertising[1].txt
00169190 Cookie/Advertising TrackingCookie No 0 Yes No c:\users\eric\appdata\roaming\microsoft\windows\cookies\eric@advertising[7].txt
00169190 Cookie/Advertising TrackingCookie No 0 Yes No c:\users\eric\appdata\roaming\microsoft\windows\cookies\eric@advertising[8].txt
00169190 Cookie/Advertising TrackingCookie No 0 Yes No c:\users\eric\appdata\roaming\microsoft\windows\cookies\eric@advertising[9].txt
00169190 Cookie/Advertising TrackingCookie No 0 Yes No c:\users\eric\appdata\roaming\microsoft\windows\cookies\eric@advertising[4].txt
00170495 Cookie/PointRoll TrackingCookie No 0 Yes No c:\users\eric\appdata\roaming\microsoft\windows\cookies\eric@ads.pointroll[2].txt
00170495 Cookie/PointRoll TrackingCookie No 0 Yes No c:\windows\system32\config\systemprofile\appdata\roaming\microsoft\windows\cookies\system@ads.pointroll[2].txt
00170554 Cookie/Overture TrackingCookie No 0 Yes No c:\windows\system32\config\systemprofile\appdata\roaming\microsoft\windows\cookies\system@overture[1].txt
00170556 Cookie/RealMedia TrackingCookie No 0 Yes No c:\windows\system32\config\systemprofile\appdata\roaming\microsoft\windows\cookies\system@realmedia[1].txt
00170556 Cookie/RealMedia TrackingCookie No 0 Yes No c:\users\eric\appdata\roaming\microsoft\windows\cookies\eric@realmedia[1].txt
00171982 Cookie/QuestionMarket TrackingCookie No 0 Yes No c:\windows\system32\config\systemprofile\appdata\roaming\microsoft\windows\cookies\system@questionmarket[1].txt
00172221 Cookie/Zedo TrackingCookie No 0 Yes No c:\windows\system32\config\systemprofile\appdata\roaming\microsoft\windows\cookies\system@zedo[2].txt
00194327 Cookie/Go TrackingCookie No 0 Yes No c:\windows\system32\config\systemprofile\appdata\roaming\microsoft\windows\cookies\system@go[1].txt
00207936 Cookie/Adviva TrackingCookie No 0 Yes No c:\windows\system32\config\systemprofile\appdata\roaming\microsoft\windows\cookies\system@adviva[2].txt
00262020 Cookie/Atwola TrackingCookie No 0 Yes No c:\users\eric\appdata\roaming\microsoft\windows\cookies\eric@atwola[1].txt
00262020 Cookie/Atwola TrackingCookie No 0 Yes No c:\users\eric\appdata\roaming\microsoft\windows\cookies\eric@atwola[7].txt
00262020 Cookie/Atwola TrackingCookie No 0 Yes No c:\users\eric\appdata\roaming\microsoft\windows\cookies\eric@atwola[6].txt
00262020 Cookie/Atwola TrackingCookie No 0 Yes No c:\users\eric\appdata\roaming\microsoft\windows\cookies\eric@atwola[5].txt
00262020 Cookie/Atwola TrackingCookie No 0 Yes No c:\users\eric\appdata\roaming\microsoft\windows\cookies\eric@atwola[4].txt
00262020 Cookie/Atwola TrackingCookie No 0 Yes No c:\users\eric\appdata\roaming\microsoft\windows\cookies\eric@atwola[3].txt
00262020 Cookie/Atwola TrackingCookie No 0 Yes No c:\users\eric\appdata\roaming\microsoft\windows\cookies\eric@atwola[2].txt
00262020 Cookie/Atwola TrackingCookie No 0 Yes No c:\users\eric\appdata\roaming\microsoft\windows\cookies\eric@atwola[8].txt
01196325 Cookie/Enhance TrackingCookie No 0 Yes No c:\windows\system32\config\systemprofile\appdata\roaming\microsoft\windows\cookies\system@enhance[2].txt
07758763 Trj/Agent.OKB Virus/Trojan No 1 Yes No c:\users\eric\appdata\locallow\sun\java\deployment\cache\6.0\31\4624ccdf-3fb5edb5[direct/cron.class]
07758770 Trj/OpenConnection Virus/Trojan No 0 Yes No c:\users\eric\appdata\locallow\sun\java\deployment\cache\6.0\31\4624ccdf-3fb5edb5[direct/bear.class]
;===================================================================================================================================================================================
SUSPECTS
Sent Location
;===================================================================================================================================================================================
No d:\games\duke3d\setup.exe
No d:\games\duke3d\setup.exe[²öç\spscom.exe]
;===================================================================================================================================================================================
VULNERABILITIES
Id Severity Description
;===================================================================================================================================================================================
;===================================================================================================================================================================================

#14 CatByte

CatByte

    bleepin' tiger


  • Malware Response Team
  • 14,664 posts
  • OFFLINE
  •  
  • Gender:Not Telling
  • Location:Canada
  • Local time:01:49 AM

Posted 26 February 2011 - 09:34 AM

Please run the following:


  • Download OTL and save it to your desktop.
  • Double click on the Posted Image icon to run it.
  • Make sure all other windows are closed and to let it run uninterrupted.
  • When the window appears, underneath Output at the top, make sure Standard output is selected.
  • Under the Extra Registry section, check Use SafeList
  • Download the following file scan.txt and save it to your Desktop. (You may need to right click on it and select "Save")
  • Double click inside the Custom Scan box at the bottom
  • A window will appear saying "Click Ok to load a custom scan from a file or Cancel to cancel"
  • Click the Ok button and navigate to the file scan.txt which we just saved to your desktop
  • Select scan.txt and click Open. Writing will now appear under the Custom Scan box
  • Click the Run Scan button. Do not change any settings unless otherwise told to do so. The scan wont take long.
  • When the scan completes, it will open two notepad windows. OTL.Txt and Extras.Txt. These are saved in the same location as OTL.
  • Please copy (Edit->Select All, Edit->Copy) the contents of these files, one at a time and post them in your topic


NEXT


Please advise how the computer is running now and if there are any outstanding issues.

Microsoft MVP - 2010, 2011, 2012, 2013, 2014, 2015


#15 esmith972

esmith972
  • Topic Starter

  • Members
  • 12 posts
  • OFFLINE
  •  
  • Local time:11:49 PM

Posted 27 February 2011 - 05:21 PM

OTL logfile created on: 2/27/2011 4:15:47 PM - Run 1
OTL by OldTimer - Version 3.2.22.2 Folder = C:\Users\Eric\Downloads
Ultimate Edition (Version = 6.1.7600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.7600.16385)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

3.00 Gb Total Physical Memory | 2.00 Gb Available Physical Memory | 46.00% Memory free
6.00 Gb Paging File | 4.00 Gb Available in Paging File | 64.00% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 225.29 Gb Total Space | 187.58 Gb Free Space | 83.26% Space Free | Partition Type: NTFS
Drive D: | 1171.87 Gb Total Space | 352.90 Gb Free Space | 30.11% Space Free | Partition Type: NTFS
Drive E: | 232.88 Gb Total Space | 38.48 Gb Free Space | 16.52% Space Free | Partition Type: NTFS

Computer Name: MEXICO | User Name: Eric | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2011/02/27 16:14:21 | 000,581,120 | ---- | M] (OldTimer Tools) -- C:\Users\Eric\Downloads\OTL.exe
PRC - [2011/02/26 18:23:26 | 004,059,504 | ---- | M] (MediaMall Technologies, Inc.) -- C:\Program Files\MediaMall\MediaMallServer.exe
PRC - [2011/02/24 15:04:49 | 000,397,176 | ---- | M] (BitTorrent, Inc.) -- C:\Program Files\uTorrent\uTorrent.exe
PRC - [2011/01/27 09:51:05 | 002,253,688 | ---- | M] (TeamViewer GmbH) -- C:\Program Files\TeamViewer\Version6\TeamViewer_Service.exe
PRC - [2011/01/18 16:40:20 | 001,242,448 | ---- | M] (Valve Corporation) -- E:\Steam\Steam.exe
PRC - [2011/01/05 11:11:04 | 004,321,112 | ---- | M] (AOL Inc.) -- C:\Program Files\AIM\aim.exe
PRC - [2010/12/26 17:38:44 | 000,055,688 | ---- | M] (CHENGDU YIWO Tech Development Co., Ltd) -- C:\Program Files\EASEUS\Todo Backup 2.0\bin\Agent.exe
PRC - [2010/12/16 20:24:30 | 023,343,848 | ---- | M] (Dropbox, Inc.) -- C:\Users\Eric\AppData\Roaming\Dropbox\bin\Dropbox.exe
PRC - [2010/12/08 13:11:38 | 000,136,584 | ---- | M] (LogMeIn, Inc.) -- C:\Program Files\LogMeIn\x86\ramaint.exe
PRC - [2010/12/08 13:11:32 | 000,374,152 | ---- | M] (LogMeIn, Inc.) -- C:\Program Files\LogMeIn\x86\LMIGuardianSvc.exe
PRC - [2010/11/30 13:20:36 | 000,997,408 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Microsoft Security Client\msseces.exe
PRC - [2010/11/26 14:52:32 | 000,577,335 | ---- | M] () -- C:\android-sdk-windows\tools\adb.exe
PRC - [2010/11/11 12:26:40 | 000,011,736 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Microsoft Security Client\Antimalware\MsMpEng.exe
PRC - [2010/11/08 12:04:20 | 000,390,528 | ---- | M] (LogMeIn, Inc.) -- C:\Program Files\LogMeIn\x86\LogMeIn.exe
PRC - [2010/10/16 12:42:12 | 000,792,680 | ---- | M] (NVIDIA Corporation) -- C:\Program Files\NVIDIA Corporation\Display\NvXDSync.exe
PRC - [2010/10/16 11:46:40 | 000,369,256 | ---- | M] (NVIDIA Corporation) -- C:\Program Files\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
PRC - [2010/09/17 15:40:06 | 000,063,048 | ---- | M] (LogMeIn, Inc.) -- C:\Program Files\LogMeIn\x86\LogMeInSystray.exe
PRC - [2010/03/23 15:02:01 | 000,282,624 | ---- | M] (Simon Tatham) -- C:\BTGUARD\plink.exe
PRC - [2010/03/23 13:19:32 | 001,528,616 | ---- | M] (Cisco Systems, Inc.) -- C:\Program Files\Cisco Systems\VPN Client\cvpnd.exe
PRC - [2009/12/17 15:32:32 | 000,497,856 | ---- | M] (Cisco Systems, Inc.) -- C:\Program Files\Cisco\Cisco AnyConnect VPN Client\vpnagent.exe
PRC - [2009/10/30 23:45:39 | 002,614,272 | ---- | M] (Microsoft Corporation) -- C:\Windows\explorer.exe
PRC - [2009/09/29 09:17:50 | 000,013,088 | ---- | M] (Intuit Inc.) -- C:\Program Files\Common Files\Intuit\Update Service\IntuitUpdateService.exe
PRC - [2009/07/13 19:14:42 | 000,049,152 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\taskhost.exe
PRC - [2009/07/13 19:14:15 | 000,271,360 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\conhost.exe
PRC - [2008/11/14 14:35:28 | 001,453,992 | R--- | M] (Take-Two Interactive Software, Inc.) -- C:\Program Files\Rockstar Games\Rockstar Games Social Club\1_0_0_0\RGSC.exe
PRC - [2008/03/22 17:07:50 | 000,249,856 | ---- | M] (Nemesis][) -- C:\BTGUARD\myentunnel.exe
PRC - [2007/01/30 01:52:06 | 000,688,128 | ---- | M] (Logitech Inc.) -- C:\Program Files\Logitech\SetPoint\SetPoint.exe
PRC - [2007/01/23 15:44:00 | 000,101,136 | ---- | M] (Logitech Inc.) -- C:\Program Files\Common Files\Logitech\khalshared\KHALMNPR.exe
PRC - [2007/01/01 15:22:02 | 003,739,648 | ---- | M] (Google) -- C:\Program Files\Google\Google Talk\googletalk.exe


========== Modules (SafeList) ==========

MOD - [2011/02/27 16:14:21 | 000,581,120 | ---- | M] (OldTimer Tools) -- C:\Users\Eric\Downloads\OTL.exe
MOD - [2010/10/06 17:36:08 | 000,499,712 | ---- | M] (Microsoft Corporation) -- C:\Users\Eric\AppData\Roaming\Dropbox\bin\msvcp71.dll
MOD - [2010/10/06 17:36:00 | 000,094,208 | ---- | M] (Dropbox, Inc.) -- C:\Users\Eric\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll
MOD - [2010/08/20 23:21:32 | 001,680,896 | ---- | M] (Microsoft Corporation) -- C:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7600.16661_none_420fe3fa2b8113bd\comctl32.dll
MOD - [2009/07/13 19:15:27 | 000,009,728 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\IconCodecService.dll
MOD - [2009/07/13 19:15:09 | 000,854,528 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\dbghelp.dll
MOD - [2009/06/10 15:23:11 | 000,632,656 | ---- | M] (Microsoft Corporation) -- C:\Windows\winsxs\x86_microsoft.vc80.crt_1fc8b3b9a1e18e3b_8.0.50727.4927_none_d08a205e442db5b5\msvcr80.dll
MOD - [2009/06/10 15:23:11 | 000,554,816 | ---- | M] (Microsoft Corporation) -- C:\Windows\winsxs\x86_microsoft.vc80.crt_1fc8b3b9a1e18e3b_8.0.50727.4927_none_d08a205e442db5b5\msvcp80.dll
MOD - [2008/03/03 18:34:38 | 000,348,160 | ---- | M] (Microsoft Corporation) -- C:\Users\Eric\AppData\Roaming\Dropbox\bin\msvcr71.dll
MOD - [2007/01/30 01:47:46 | 000,044,544 | ---- | M] (Logitech Inc.) -- C:\Program Files\Logitech\SetPoint\lgscroll.dll


========== Win32 Services (SafeList) ==========

SRV - File not found [Auto | Stopped] -- -- (PEVSystemStart)
SRV - [2011/02/26 18:23:26 | 004,059,504 | ---- | M] (MediaMall Technologies, Inc.) [Auto | Running] -- C:\Program Files\MediaMall\MediaMallServer.exe -- (MediaMall Server)
SRV - [2011/01/27 09:51:05 | 002,253,688 | ---- | M] (TeamViewer GmbH) [Auto | Running] -- C:\Program Files\TeamViewer\Version6\TeamViewer_Service.exe -- (TeamViewer6)
SRV - [2011/01/18 18:09:21 | 000,407,336 | ---- | M] (Valve Corporation) [On_Demand | Stopped] -- C:\Program Files\Common Files\Steam\SteamService.exe -- (Steam Client Service)
SRV - [2010/12/26 17:38:44 | 000,055,688 | ---- | M] (CHENGDU YIWO Tech Development Co., Ltd) [Auto | Running] -- C:\Program Files\EASEUS\Todo Backup 2.0\bin\Agent.exe -- (EASEUS Agent)
SRV - [2010/12/21 14:52:18 | 001,343,400 | ---- | M] (Microsoft Corporation) [Unknown | Stopped] -- C:\Windows\System32\Wat\WatAdminSvc.exe -- (WatAdminSvc)
SRV - [2010/12/08 13:11:38 | 000,136,584 | ---- | M] (LogMeIn, Inc.) [Auto | Running] -- C:\Program Files\LogMeIn\x86\RaMaint.exe -- (LMIMaint)
SRV - [2010/12/08 13:11:32 | 000,374,152 | ---- | M] (LogMeIn, Inc.) [Auto | Running] -- C:\Program Files\LogMeIn\x86\LMIGuardianSvc.exe -- (LMIGuardianSvc)
SRV - [2010/11/11 12:26:42 | 000,206,360 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Microsoft Security Client\Antimalware\NisSrv.exe -- (NisSrv)
SRV - [2010/11/11 12:26:40 | 000,011,736 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Microsoft Security Client\Antimalware\MsMpEng.exe -- (MsMpSvc)
SRV - [2010/11/08 15:04:26 | 000,036,352 | ---- | M] () [On_Demand | Stopped] -- C:\Program Files\OpenVPN\bin\openvpnserv.exe -- (OpenVPNService)
SRV - [2010/11/08 12:04:20 | 000,390,528 | ---- | M] (LogMeIn, Inc.) [Auto | Running] -- C:\Program Files\LogMeIn\x86\LogMeIn.exe -- (LogMeIn)
SRV - [2010/10/16 11:46:40 | 000,369,256 | ---- | M] (NVIDIA Corporation) [Auto | Running] -- C:\Program Files\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe -- (Stereo Service)
SRV - [2010/03/23 13:19:32 | 001,528,616 | ---- | M] (Cisco Systems, Inc.) [Auto | Running] -- C:\Program Files\Cisco Systems\VPN Client\cvpnd.exe -- (CVPND)
SRV - [2009/12/17 15:32:32 | 000,497,856 | ---- | M] (Cisco Systems, Inc.) [Auto | Running] -- C:\Program Files\Cisco\Cisco AnyConnect VPN Client\vpnagent.exe -- (vpnagent)
SRV - [2009/09/29 09:17:50 | 000,013,088 | ---- | M] (Intuit Inc.) [Auto | Running] -- C:\Program Files\Common Files\Intuit\Update Service\IntuitUpdateService.exe -- (IntuitUpdateService)
SRV - [2009/07/13 19:16:13 | 000,025,088 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\sensrsvc.dll -- (SensrSvc)
SRV - [2009/07/13 19:16:12 | 001,004,544 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\PeerDistSvc.dll -- (PeerDistSvc)
SRV - [2009/07/13 19:15:41 | 000,680,960 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)


========== Driver Services (SafeList) ==========

DRV - [2011/02/27 01:56:38 | 000,028,752 | ---- | M] (Microsoft Corporation) [Kernel | System | Running] -- C:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{9C2A35D1-0174-4432-9280-11695D11F288}\MpKslb93a120d.sys -- (MpKslb93a120d)
DRV - [2011/02/23 19:49:19 | 000,138,416 | ---- | M] () [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\PnkBstrK.sys -- (PnkBstrK)
DRV - [2011/02/07 14:35:04 | 000,023,920 | ---- | M] (MediaMall Technologies, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\povrtdev.sys -- (msvad_simple)
DRV - [2011/01/12 21:26:13 | 000,431,672 | ---- | M] (Duplex Secure Ltd.) [Kernel | Disabled | Stopped] -- C:\Windows\System32\Drivers\sptd.sys -- (sptd)
DRV - [2011/01/12 21:19:50 | 000,218,176 | ---- | M] (DT Soft Ltd) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\dtsoftbus01.sys -- (dtsoftbus01)
DRV - [2010/12/26 17:38:34 | 000,021,896 | ---- | M] (CHENGDU YIWO Tech Development Co., Ltd) [Kernel | Boot | Running] -- C:\Windows\system32\drivers\eufs.sys -- (EUFS)
DRV - [2010/12/26 17:38:30 | 000,015,240 | ---- | M] (CHENGDU YIWO Tech Development Co., Ltd) [Kernel | System | Running] -- C:\Windows\System32\drivers\eudskacs.sys -- (EUDSKACS)
DRV - [2010/12/26 17:38:26 | 000,031,112 | ---- | M] (CHENGDU YIWO Tech Development Co., Ltd) [Kernel | Boot | Running] -- C:\Windows\system32\drivers\eubakup.sys -- (EUBAKUP)
DRV - [2010/12/26 17:38:24 | 000,188,296 | ---- | M] (CHENGDU YIWO Tech Development Co., Ltd) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\EuDisk.sys -- (EuDisk)
DRV - [2010/11/08 15:04:26 | 000,026,112 | ---- | M] (The OpenVPN Project) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\tap0901.sys -- (tap0901)
DRV - [2010/10/24 21:25:38 | 000,054,144 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\NisDrvWFP.sys -- (NisDrv)
DRV - [2010/10/24 21:25:38 | 000,043,392 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\MpNWMon.sys -- (MpNWMon)
DRV - [2010/10/16 12:55:00 | 010,084,360 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\nvlddmkm.sys -- (nvlddmkm)
DRV - [2010/09/17 15:40:06 | 000,047,640 | ---- | M] (LogMeIn, Inc.) [File_System | Auto | Running] -- C:\Windows\System32\drivers\LMIRfsDriver.sys -- (LMIRfsDriver)
DRV - [2010/09/17 15:40:06 | 000,012,856 | ---- | M] (LogMeIn, Inc.) [Kernel | Auto | Running] -- C:\Program Files\LogMeIn\x86\rainfo.sys -- (LMIInfo)
DRV - [2010/07/15 08:44:20 | 000,014,216 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\Windows\System32\epmntdrv.sys -- (epmntdrv)
DRV - [2010/07/15 08:44:20 | 000,008,456 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\Windows\System32\EuGdiDrv.sys -- (EuGdiDrv)
DRV - [2010/04/30 16:09:44 | 000,020,096 | ---- | M] (Printing Communications Assoc., Inc. (PCAUSA)) [Kernel | On_Demand | Stopped] -- C:\Program Files\Common Files\Motive\MRESP50.sys -- (MRESP50)
DRV - [2010/04/30 16:09:22 | 000,021,248 | ---- | M] (Printing Communications Assoc., Inc. (PCAUSA)) [Kernel | On_Demand | Stopped] -- C:\Program Files\Common Files\Motive\MREMP50.sys -- (MREMP50)
DRV - [2010/03/23 13:15:36 | 000,308,859 | ---- | M] (Cisco Systems, Inc.) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\CVPNDRVA.sys -- (CVPNDRVA)
DRV - [2009/12/17 15:18:52 | 000,020,152 | ---- | M] (Cisco Systems, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\vpnva.sys -- (vpnva)
DRV - [2009/09/22 19:19:31 | 000,294,912 | ---- | M] (Microsoft Corporation) [Kernel | System | Running] -- C:\Windows\System32\drivers\vpcvmm.sys -- (vpcvmm)
DRV - [2009/09/22 19:19:31 | 000,055,040 | ---- | M] (Microsoft Corporation) [Kernel | System | Running] -- C:\Windows\System32\drivers\vpcnfltr.sys -- (vpcnfltr)
DRV - [2009/09/22 19:18:08 | 000,078,336 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\vpcusb.sys -- (vpcusb)
DRV - [2009/09/22 19:18:07 | 000,165,376 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\vpchbus.sys -- (vpcbus)
DRV - [2009/07/13 19:19:10 | 000,175,824 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\vmbus.sys -- (vmbus)
DRV - [2009/07/13 19:19:10 | 000,040,896 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\system32\DRIVERS\vmstorfl.sys -- (storflt)
DRV - [2009/07/13 19:19:10 | 000,028,224 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\storvsc.sys -- (storvsc)
DRV - [2009/07/13 18:18:07 | 000,017,920 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\WSDPrint.sys -- (WSDPrintDevice)
DRV - [2009/07/13 17:51:11 | 000,034,944 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\winusb.sys -- (WinUSB)
DRV - [2009/07/13 17:28:47 | 000,005,632 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\vms3cap.sys -- (s3cap)
DRV - [2009/07/13 17:28:45 | 000,017,920 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\VMBusHID.sys -- (VMBusHID)
DRV - [2008/11/16 18:39:44 | 000,131,984 | ---- | M] (Deterministic Networks, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\dne2000.sys -- (DNE)
DRV - [2007/01/23 15:45:00 | 000,034,576 | ---- | M] (Logitech, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\LHidFilt.Sys -- (LHidFilt)
DRV - [2007/01/23 15:45:00 | 000,033,296 | ---- | M] (Logitech, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\LMouFilt.Sys -- (LMouFilt)
DRV - [2007/01/18 20:28:02 | 000,005,275 | ---- | M] (Cisco Systems, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\CVirtA.sys -- (CVirtA)
DRV - [2006/09/24 07:28:46 | 000,005,248 | ---- | M] (Windows ® 2000 DDK provider) [Kernel | Boot | Running] -- C:\Windows\system32\speedfan.sys -- (speedfan)
DRV - [2002/04/11 19:21:38 | 000,013,335 | ---- | M] (Microsystems Corp) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\usbcm.sys -- (usbcm)
DRV - [1996/04/03 13:33:26 | 000,005,248 | ---- | M] () [Kernel | Boot | Running] -- C:\Windows\system32\giveio.sys -- (giveio)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========


IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = about:blank
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = http://www.msn.com/
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = en-us
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

========== FireFox ==========

FF - prefs.js..extensions.enabledItems: battlefieldplay4free@ea.com:1.0.27.2
FF - prefs.js..network.proxy.http: "127.0.0.1"
FF - prefs.js..network.proxy.http_port: 59677
FF - prefs.js..network.proxy.type: 0


FF - HKLM\software\mozilla\Mozilla Firefox 3.6.13\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2011/01/31 14:09:38 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.6.13\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2011/01/31 14:09:37 | 000,000,000 | ---D | M]

[2010/12/30 17:31:31 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Eric\AppData\Roaming\Mozilla\Extensions
[2011/02/16 22:56:15 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Eric\AppData\Roaming\Mozilla\Firefox\Profiles\bn5oka96.default\extensions
[2011/01/31 14:10:51 | 000,000,000 | ---D | M] (Battlefield Play4Free) -- C:\Users\Eric\AppData\Roaming\Mozilla\Firefox\Profiles\bn5oka96.default\extensions\battlefieldplay4free@ea.com
[2011/01/31 14:11:34 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions

O1 HOSTS File: ([2011/02/16 20:58:25 | 000,430,078 | R--- | M]) - C:\Windows\System32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 www.007guard.com
O1 - Hosts: 127.0.0.1 007guard.com
O1 - Hosts: 127.0.0.1 008i.com
O1 - Hosts: 127.0.0.1 www.008k.com
O1 - Hosts: 127.0.0.1 008k.com
O1 - Hosts: 127.0.0.1 www.00hq.com
O1 - Hosts: 127.0.0.1 00hq.com
O1 - Hosts: 127.0.0.1 010402.com
O1 - Hosts: 127.0.0.1 www.032439.com
O1 - Hosts: 127.0.0.1 032439.com
O1 - Hosts: 127.0.0.1 www.0scan.com
O1 - Hosts: 127.0.0.1 0scan.com
O1 - Hosts: 127.0.0.1 1000gratisproben.com
O1 - Hosts: 127.0.0.1 www.1000gratisproben.com
O1 - Hosts: 127.0.0.1 1001namen.com
O1 - Hosts: 127.0.0.1 www.1001namen.com
O1 - Hosts: 127.0.0.1 100888290cs.com
O1 - Hosts: 127.0.0.1 www.100888290cs.com
O1 - Hosts: 127.0.0.1 www.100sexlinks.com
O1 - Hosts: 127.0.0.1 100sexlinks.com
O1 - Hosts: 127.0.0.1 10sek.com
O1 - Hosts: 127.0.0.1 www.10sek.com
O1 - Hosts: 127.0.0.1 www.1-2005-search.com
O1 - Hosts: 127.0.0.1 1-2005-search.com
O1 - Hosts: 127.0.0.1 123fporn.info
O1 - Hosts: 14802 more lines...
O2 - BHO: (Skype Plug-In) - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O3 - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {9D425283-D487-4337-BAB6-AB8354A81457} - No CLSID value found.
O4 - HKLM..\Run: [googletalk] C:\Program Files\Google\Google Talk\googletalk.exe (Google)
O4 - HKLM..\Run: [Kernel and Hardware Abstraction Layer] C:\Windows\KHALMNPR.Exe (Logitech Inc.)
O4 - HKLM..\Run: [LogMeIn GUI] C:\Program Files\LogMeIn\x86\LogMeInSystray.exe (LogMeIn, Inc.)
O4 - HKLM..\Run: [MSC] C:\Program Files\Microsoft Security Client\msseces.exe (Microsoft Corporation)
O4 - HKCU..\Run: [Aim] C:\Program Files\AIM\aim.exe (AOL Inc.)
O4 - HKCU..\Run: [F.lux] C:\Users\Eric\Local Settings\Apps\F.lux\flux.exe ()
O4 - HKCU..\Run: [RGSC] C:\Program Files\Rockstar Games\Rockstar Games Social Club\RGSCLauncher.exe (Take-Two Interactive Software, Inc.)
O4 - HKCU..\Run: [Steam] E:\Steam\Steam.exe (Valve Corporation)
O4 - Startup: C:\Users\Eric\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\BTGuard Encryption.lnk = C:\BTGUARD\myentunnel.exe (Nemesis][)
O4 - Startup: C:\Users\Eric\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk = C:\Users\Eric\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 24
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLUA = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: PromptOnSecureDesktop = 0
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O9 - Extra Button: Skype Plug-In - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O9 - Extra 'Tools' menuitem : Skype Plug-In - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O13 - gopher Prefix: missing
O15 - HKCU\..Trusted Domains: intuit.com ([ttlc] https in Trusted sites)
O16 - DPF: {03A89EFD-E023-A200-A22D-45F77558EB4C} https://content10.ilinc.com/download/AXCltInstall.dll (ILINCInstall102 Class)
O16 - DPF: {1E54D648-B804-468d-BC78-4AFFED8E262F} http://www.nvidia.com/content/DriverDownload/srl/3.0.0.4/srl_bin/sysreqlab_nvd.cab (System Requirements Lab Class)
O16 - DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} http://download.eset.com/special/eos/OnlineScanner.cab (OnlineScanner Control)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab (Java Plug-in 1.6.0_22)
O16 - DPF: {9191F686-7F0A-441D-8A98-2FE3AC1BD913} http://acs.pandasoftware.com/activescan/cabs/as2stubie.cab (ActiveScan 2.0 Installer Class)
O16 - DPF: {A084A130-28AE-4B32-B51A-1C8CE164BC88} http://www.convergysworkathome.com/AppHardT.CAB (WNICheck2 Class)
O16 - DPF: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab (Java Plug-in 1.6.0_22)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab (Java Plug-in 1.6.0_22)
O16 - DPF: {E0FEE963-BB53-4215-81AD-B28C77384644} https://pattcw.att.motive.com/wizlet/DSLActivation/static/installer/ATTInternetInstaller.cab (WebBrowserType Class)
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab (Reg Error: Key error.)
O16 - DPF: 55963676-2F5E-4BAF-AC28-CF26AA587566 vpnweb.cab (Reg Error: Key error.)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 10.0.2.1
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O18 - Protocol\Handler\skype-ie-addon-data {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\System32\SystemPropertiesPerformance.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (/pagefile) - File not found
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - CLSID or File not found.
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2009/06/10 15:42:20 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O33 - MountPoints2\{2d8fe6c0-f985-11df-82c4-806e6f6e6963}\Shell - "" = AutoRun
O33 - MountPoints2\{2d8fe6c0-f985-11df-82c4-806e6f6e6963}\Shell\AutoRun\command - "" = F:\setup.exe
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

NetSvcs: FastUserSwitchingCompatibility - File not found
NetSvcs: Ias - File not found
NetSvcs: Nla - File not found
NetSvcs: Ntmssvc - File not found
NetSvcs: NWCWorkstation - File not found
NetSvcs: Nwsapagent - File not found
NetSvcs: SRService - File not found
NetSvcs: WmdmPmSp - File not found
NetSvcs: LogonHours - File not found
NetSvcs: PCAudit - File not found
NetSvcs: helpsvc - File not found
NetSvcs: uploadmgr - File not found

Drivers32: msacm.l3acm - C:\Windows\System32\l3codeca.acm (Fraunhofer Institut Integrierte Schaltungen IIS)
Drivers32: vidc.cvid - C:\Windows\System32\iccvid.dll (Radius Inc.)
Drivers32: VIDC.FPS1 - C:\Windows\System32\frapsvid.dll (Beepa P/L)
Drivers32: vidc.XVID - C:\Windows\System32\xvidvfw.dll ()

MsConfig - StartUpFolder: C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^VPN Client.lnk - C:\Windows\Installer\{B0BF7057-6869-4E4B-920C-EA2A58DA07F0}\Icon3E5562ED7.ico - ()
MsConfig - StartUpFolder: C:^Users^Eric^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^BTGuard Updates.lnk - C:\BTGUARD\settings.exe - ()
MsConfig - StartUpFolder: C:^Users^Eric^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^uTorrent.lnk - - File not found
MsConfig - StartUpReg: EaseUs Watch - hkey= - key= - C:\Program Files\EASEUS\Todo Backup 2.0\bin\EuWatch.exe (CHENGDU YIWO Tech Development Co., Ltd)
MsConfig - StartUpReg: Google Update - hkey= - key= - C:\Users\Eric\AppData\Local\Google\Update\GoogleUpdate.exe (Google Inc.)
MsConfig - StartUpReg: QuickTime Task - hkey= - key= - C:\Program Files\QuickTime\QTTask.exe (Apple Inc.)
MsConfig - StartUpReg: RGSC - hkey= - key= - C:\Program Files\Rockstar Games\Rockstar Games Social Club\RGSCLauncher.exe (Take-Two Interactive Software, Inc.)
MsConfig - StartUpReg: Spark - hkey= - key= - C:\Program Files\Spark\Spark.exe (Jive Software)
MsConfig - StartUpReg: SunJavaUpdateSched - hkey= - key= - C:\Program Files\Common Files\Java\Java Update\jusched.exe (Sun Microsystems, Inc.)
MsConfig - State: "startup" - 2

SafeBootMin: Base - Driver Group
SafeBootMin: Boot Bus Extender - Driver Group
SafeBootMin: Boot file system - Driver Group
SafeBootMin: File system - Driver Group
SafeBootMin: Filter - Driver Group
SafeBootMin: HelpSvc - Service
SafeBootMin: MsMpSvc - C:\Program Files\Microsoft Security Client\Antimalware\MsMpEng.exe (Microsoft Corporation)
SafeBootMin: NTDS - File not found
SafeBootMin: PCI Configuration - Driver Group
SafeBootMin: PEVSystemStart - File not found
SafeBootMin: PNP Filter - Driver Group
SafeBootMin: Primary disk - Driver Group
SafeBootMin: procexp90.Sys - Driver
SafeBootMin: sacsvr - Service
SafeBootMin: SCSI Class - Driver Group
SafeBootMin: System Bus Extender - Driver Group
SafeBootMin: vmms - Service
SafeBootMin: WinDefend - C:\Program Files\Windows Defender\MpSvc.dll (Microsoft Corporation)
SafeBootMin: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers
SafeBootMin: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive
SafeBootMin: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive
SafeBootMin: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller
SafeBootMin: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc
SafeBootMin: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard
SafeBootMin: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse
SafeBootMin: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters
SafeBootMin: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter
SafeBootMin: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System
SafeBootMin: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive
SafeBootMin: {533C5B84-EC70-11D2-9505-00C04F79DEAF} - Volume shadow copy
SafeBootMin: {6BDD1FC1-810F-11D0-BEC7-08002BE2092F} - IEEE 1394 Bus host controllers
SafeBootMin: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume
SafeBootMin: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices
SafeBootMin: {D48179BE-EC20-11D1-B6B8-00C04FA372A7} - SBP2 IEEE 1394 Devices
SafeBootMin: {D94EE5D8-D189-4994-83D2-F68D7D41B0E6} - SecurityDevices

SafeBootNet: Base - Driver Group
SafeBootNet: Boot Bus Extender - Driver Group
SafeBootNet: Boot file system - Driver Group
SafeBootNet: File system - Driver Group
SafeBootNet: Filter - Driver Group
SafeBootNet: HelpSvc - Service
SafeBootNet: Messenger - Service
SafeBootNet: MsMpSvc - C:\Program Files\Microsoft Security Client\Antimalware\MsMpEng.exe (Microsoft Corporation)
SafeBootNet: NDIS Wrapper - Driver Group
SafeBootNet: NetBIOSGroup - Driver Group
SafeBootNet: NetDDEGroup - Driver Group
SafeBootNet: Network - Driver Group
SafeBootNet: NetworkProvider - Driver Group
SafeBootNet: NTDS - File not found
SafeBootNet: PCI Configuration - Driver Group
SafeBootNet: PEVSystemStart - File not found
SafeBootNet: PNP Filter - Driver Group
SafeBootNet: PNP_TDI - Driver Group
SafeBootNet: Primary disk - Driver Group
SafeBootNet: procexp90.Sys - Driver
SafeBootNet: rdsessmgr - Service
SafeBootNet: sacsvr - Service
SafeBootNet: SCSI Class - Driver Group
SafeBootNet: Streams Drivers - Driver Group
SafeBootNet: System Bus Extender - Driver Group
SafeBootNet: TDI - Driver Group
SafeBootNet: vmms - Service
SafeBootNet: WinDefend - C:\Program Files\Windows Defender\MpSvc.dll (Microsoft Corporation)
SafeBootNet: WudfUsbccidDriver - Driver
SafeBootNet: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers
SafeBootNet: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive
SafeBootNet: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive
SafeBootNet: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller
SafeBootNet: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc
SafeBootNet: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard
SafeBootNet: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse
SafeBootNet: {4D36E972-E325-11CE-BFC1-08002BE10318} - Net
SafeBootNet: {4D36E973-E325-11CE-BFC1-08002BE10318} - NetClient
SafeBootNet: {4D36E974-E325-11CE-BFC1-08002BE10318} - NetService
SafeBootNet: {4D36E975-E325-11CE-BFC1-08002BE10318} - NetTrans
SafeBootNet: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters
SafeBootNet: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter
SafeBootNet: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System
SafeBootNet: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive
SafeBootNet: {50DD5230-BA8A-11D1-BF5D-0000F805F530} - Smart card readers
SafeBootNet: {533C5B84-EC70-11D2-9505-00C04F79DEAF} - Volume shadow copy
SafeBootNet: {6BDD1FC1-810F-11D0-BEC7-08002BE2092F} - IEEE 1394 Bus host controllers
SafeBootNet: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume
SafeBootNet: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices
SafeBootNet: {D48179BE-EC20-11D1-B6B8-00C04FA372A7} - SBP2 IEEE 1394 Devices
SafeBootNet: {D94EE5D8-D189-4994-83D2-F68D7D41B0E6} - SecurityDevices

ActiveX: {08B0E5C0-4FCB-11CF-AAA5-00401C608500} - Java (Sun)
ActiveX: {22d6f312-b0f6-11d0-94ab-0080c74c7e95} - Microsoft Windows Media Player 12.0
ActiveX: {2C7339CF-2B09-4501-B3F3-F3508C9228ED} - %SystemRoot%\system32\regsvr32.exe /s /n /i:/UserInstall %SystemRoot%\system32\themeui.dll
ActiveX: {3af36230-a269-11d1-b5bf-0000f8051515} - Offline Browsing Pack
ActiveX: {3C3901C5-3455-3E0A-A214-0B093A5070A6} - .NET Framework
ActiveX: {44BBA840-CC51-11CF-AAFA-00AA00B6015C} - "%ProgramFiles%\Windows Mail\WinMail.exe" OCInstallUserConfigOE
ActiveX: {44BBA855-CC51-11CF-AAFA-00AA00B6015F} - DirectDrawEx
ActiveX: {45ea75a0-a269-11d1-b5bf-0000f8051515} - Internet Explorer Help
ActiveX: {4f645220-306d-11d2-995d-00c04f98bbc9} - Microsoft Windows Script 5.6
ActiveX: {5fd399c0-a70a-11d1-9948-00c04f98bbc9} - Internet Explorer Setup Tools
ActiveX: {630b1da0-b465-11d1-9948-00c04f98bbc9} - Browsing Enhancements
ActiveX: {6BF52A52-394A-11d3-B153-00C04F79FAA6} - Microsoft Windows Media Player
ActiveX: {6fab99d0-bab8-11d1-994a-00c04f98bbc9} - MSN Site Access
ActiveX: {7790769C-0471-11d2-AF11-00C04FA35D02} - Address Book 7
ActiveX: {7C028AF8-F614-47B3-82DA-BA94E41B1089} - .NET Framework
ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4340} - regsvr32.exe /s /n /i:U shell32.dll
ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4383} - C:\Windows\System32\ie4uinit.exe -BaseSettings
ActiveX: {89B4C1CD-B018-4511-B0A1-5476DBF70820} - C:\Windows\system32\Rundll32.exe C:\Windows\system32\mscories.dll,Install
ActiveX: {9381D8F2-0288-11D0-9501-00AA00B911A5} - Dynamic HTML Data Binding
ActiveX: {C9E9A340-D1F1-11D0-821E-444553540600} - Internet Explorer Core Fonts
ActiveX: {de5aed00-a4bf-11d1-9948-00c04f98bbc9} - HTML Help
ActiveX: {E92B03AB-B707-11d2-9CBD-0000F87A369E} - Active Directory Service Interface
ActiveX: >{22d6f312-b0f6-11d0-94ab-0080c74c7e95} - %SystemRoot%\system32\unregmp2.exe /ShowWMP
ActiveX: >{26923b43-4d38-484f-9b9e-de460746276c} - C:\Windows\System32\ie4uinit.exe -UserIconConfig
ActiveX: >{60B49E34-C7CC-11D0-8953-00A0C90347FF} - "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\iedkcs32.dll",BrandIEActiveSetup SIGNUP

========== Files/Folders - Created Within 30 Days ==========

[2011/02/25 14:35:15 | 000,028,552 | ---- | C] (Panda Security, S.L.) -- C:\Windows\System32\drivers\pavboot.sys
[2011/02/25 14:35:08 | 000,000,000 | ---D | C] -- C:\Program Files\Panda Security
[2011/02/25 14:04:16 | 000,000,000 | ---D | C] -- C:\Users\Eric\AppData\Local\LogMeIn
[2011/02/25 14:04:09 | 000,029,568 | ---- | C] (LogMeIn, Inc.) -- C:\Windows\System32\LMIport.dll
[2011/02/25 14:04:08 | 000,083,360 | ---- | C] (LogMeIn, Inc.) -- C:\Windows\System32\LMIRfsClientNP.dll
[2011/02/25 14:04:08 | 000,047,640 | ---- | C] (LogMeIn, Inc.) -- C:\Windows\System32\drivers\LMIRfsDriver.sys
[2011/02/25 14:04:07 | 000,087,424 | ---- | C] (LogMeIn, Inc.) -- C:\Windows\System32\LMIinit.dll
[2011/02/25 14:04:04 | 000,000,000 | ---D | C] -- C:\ProgramData\LogMeIn
[2011/02/25 14:03:54 | 000,000,000 | ---D | C] -- C:\Program Files\LogMeIn
[2011/02/25 13:56:39 | 000,000,000 | ---D | C] -- C:\Users\Eric\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\OpenVPN
[2011/02/25 13:56:39 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\OpenVPN
[2011/02/25 13:56:35 | 000,000,000 | ---D | C] -- C:\Program Files\OpenVPN
[2011/02/23 18:05:43 | 000,000,000 | ---D | C] -- C:\Users\Eric\AppData\Roaming\TeamViewer
[2011/02/23 18:04:57 | 000,000,000 | ---D | C] -- C:\Program Files\TeamViewer
[2011/02/22 21:38:53 | 000,000,000 | ---D | C] -- C:\Program Files\ESET
[2011/02/22 19:22:56 | 000,000,000 | --SD | C] -- C:\ComboFix
[2011/02/22 19:22:39 | 000,212,480 | ---- | C] (SteelWerX) -- C:\Windows\SWXCACLS.exe
[2011/02/22 13:12:47 | 000,000,000 | ---D | C] -- C:\Users\Eric\AppData\Local\Microsoft Games
[2011/02/22 09:12:30 | 000,161,792 | ---- | C] (SteelWerX) -- C:\Windows\SWREG.exe
[2011/02/22 09:12:30 | 000,136,704 | ---- | C] (SteelWerX) -- C:\Windows\SWSC.exe
[2011/02/22 09:12:30 | 000,031,232 | ---- | C] (NirSoft) -- C:\Windows\NIRCMD.exe
[2011/02/22 09:12:25 | 000,000,000 | ---D | C] -- C:\Windows\ERDNT
[2011/02/22 09:12:21 | 000,002,048 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\tzres.dll
[2011/02/22 09:12:19 | 000,496,128 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\taskschd.dll
[2011/02/22 09:12:19 | 000,351,232 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wmicmiplugin.dll
[2011/02/22 09:12:19 | 000,305,152 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\taskcomp.dll
[2011/02/22 09:12:19 | 000,179,712 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\schtasks.exe
[2011/02/22 09:12:18 | 002,329,088 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\win32k.sys
[2011/02/22 09:12:17 | 000,573,440 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\odbc32.dll
[2011/02/22 09:12:16 | 000,716,800 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\jscript.dll
[2011/02/22 09:12:16 | 000,428,032 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\vbscript.dll
[2011/02/22 09:12:12 | 000,606,208 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mstime.dll
[2011/02/22 09:12:12 | 000,599,040 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msfeeds.dll
[2011/02/22 09:12:12 | 000,386,048 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\html.iec
[2011/02/22 09:12:12 | 000,381,440 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iedkcs32.dll
[2011/02/22 09:12:12 | 000,185,856 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iepeers.dll
[2011/02/22 09:12:12 | 000,176,640 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieui.dll
[2011/02/22 09:12:12 | 000,064,512 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msfeedsbs.dll
[2011/02/22 09:12:12 | 000,048,128 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\jsproxy.dll
[2011/02/22 09:12:12 | 000,044,544 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\licmgr10.dll
[2011/02/22 09:12:12 | 000,012,800 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msfeedssync.exe
[2011/02/22 09:12:11 | 001,638,912 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mshtml.tlb
[2011/02/22 09:12:05 | 000,314,368 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\webio.dll
[2011/02/22 09:12:05 | 000,294,400 | ---- | C] (Adobe Systems Incorporated) -- C:\Windows\System32\atmfd.dll
[2011/02/22 09:12:05 | 000,034,304 | ---- | C] (Adobe Systems) -- C:\Windows\System32\atmlib.dll
[2011/02/22 09:12:03 | 003,957,120 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ntkrnlpa.exe
[2011/02/22 09:12:03 | 003,901,824 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ntoskrnl.exe
[2011/02/22 09:11:39 | 000,000,000 | ---D | C] -- C:\Qoobox
[2011/02/22 09:10:55 | 000,101,760 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\consent.exe
[2011/02/22 07:56:33 | 001,372,248 | ---- | C] (Kaspersky Lab ZAO) -- C:\Users\Eric\Desktop\TDSSKiller.exe
[2011/02/21 23:09:01 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\PlayOn
[2011/02/21 23:08:58 | 000,000,000 | ---D | C] -- C:\Program Files\MediaMall
[2011/02/21 23:08:58 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\ffdshowEx
[2011/02/21 23:08:43 | 000,000,000 | ---D | C] -- C:\ProgramData\MediaMall
[2011/02/21 23:07:52 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft Security Client
[2011/02/19 19:11:37 | 000,000,000 | ---D | C] -- C:\Users\Eric\Desktop\Random Junk
[2011/02/19 13:47:56 | 000,000,000 | ---D | C] -- C:\Users\Eric\AppData\Roaming\gtk-2.0
[2011/02/19 13:47:48 | 000,000,000 | ---D | C] -- C:\Users\Eric\.thumbnails
[2011/02/19 13:33:07 | 000,000,000 | -HSD | C] -- C:\Windows\System32\%APPDATA%
[2011/02/19 13:02:30 | 000,000,000 | ---D | C] -- C:\Users\Eric\Documents\gegl-0.0
[2011/02/19 13:02:30 | 000,000,000 | ---D | C] -- C:\Users\Eric\.gimp-2.6
[2011/02/19 13:02:19 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\GIMP
[2011/02/19 13:02:07 | 000,000,000 | ---D | C] -- C:\Program Files\GIMP-2.0
[2011/02/19 12:57:25 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Adobe
[2011/02/18 22:02:43 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Talk
[2011/02/18 19:05:01 | 000,000,000 | ---D | C] -- C:\Users\Eric\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\TransMac
[2011/02/18 19:05:01 | 000,000,000 | ---D | C] -- C:\Users\Eric\AppData\Local\TransMac
[2011/02/18 19:05:01 | 000,000,000 | ---D | C] -- C:\Program Files\TransMac
[2011/02/16 23:45:38 | 000,000,000 | ---D | C] -- C:\Program Files\Trend Micro
[2011/02/16 23:45:38 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\HijackThis
[2011/02/16 22:26:33 | 000,000,000 | ---D | C] -- C:\Users\Eric\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Google Chrome
[2011/02/16 20:52:30 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Spybot - Search & Destroy
[2011/02/16 20:52:27 | 000,000,000 | ---D | C] -- C:\ProgramData\Spybot - Search & Destroy
[2011/02/16 20:52:27 | 000,000,000 | ---D | C] -- C:\Program Files\Spybot - Search & Destroy
[2011/02/15 16:31:56 | 000,000,000 | ---D | C] -- C:\Windows\Minidump
[2011/02/14 22:49:27 | 000,000,000 | ---D | C] -- C:\Users\Eric\AppData\Roaming\Malwarebytes
[2011/02/14 22:49:19 | 000,038,224 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbamswissarmy.sys
[2011/02/14 22:49:19 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware
[2011/02/14 22:49:19 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes
[2011/02/14 22:49:16 | 000,020,952 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbam.sys
[2011/02/14 22:49:16 | 000,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware
[2011/02/12 13:45:10 | 000,000,000 | ---D | C] -- C:\Users\Eric\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\SpeedFan
[2011/02/12 13:45:10 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\SpeedFan
[2011/02/12 13:45:10 | 000,000,000 | ---D | C] -- C:\Program Files\SpeedFan
[2011/02/10 22:48:01 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Xvid
[2011/02/10 22:48:01 | 000,000,000 | ---D | C] -- C:\Program Files\Xvid
[2011/02/10 22:38:39 | 000,000,000 | ---D | C] -- C:\Users\Eric\AppData\Roaming\Publish Providers
[2011/02/10 22:37:46 | 000,000,000 | ---D | C] -- C:\Users\Eric\AppData\Local\Sony
[2011/02/10 22:35:18 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Sony
[2011/02/10 22:35:09 | 000,000,000 | ---D | C] -- C:\ProgramData\Sony
[2011/02/10 22:35:09 | 000,000,000 | ---D | C] -- C:\Program Files\Sony
[2011/02/10 20:57:58 | 000,000,000 | ---D | C] -- C:\Users\Eric\AppData\Roaming\Sony
[2011/02/10 19:27:52 | 000,000,000 | ---D | C] -- C:\Users\Eric\AppData\Local\xboot
[2011/02/10 11:42:36 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\PE Builder
[2011/02/10 11:42:35 | 000,000,000 | ---D | C] -- C:\pebuilder3110a
[2011/02/09 10:39:03 | 000,000,000 | ---D | C] -- C:\Users\Eric\AppData\Roaming\uTorrent
[2011/02/09 10:39:00 | 000,000,000 | ---D | C] -- C:\Program Files\uTorrent
[2011/02/09 10:38:30 | 000,000,000 | ---D | C] -- C:\Users\Eric\AppData\Local\uTorrent
[2011/02/07 14:35:04 | 000,023,920 | ---- | C] (MediaMall Technologies, Inc.) -- C:\Windows\System32\drivers\povrtdev.sys
[2011/02/05 08:00:46 | 000,000,000 | ---D | C] -- C:\Program Files\Ubisoft
[2011/02/04 20:09:43 | 000,000,000 | ---D | C] -- C:\Users\Eric\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\RollerCoaster Tycoon 2
[2011/02/04 19:57:49 | 000,000,000 | ---D | C] -- C:\ProgramData\Ubisoft
[2011/02/03 13:05:01 | 000,454,656 | ---- | C] (Simon Tatham) -- C:\Windows\putty.exe
[2011/02/03 12:02:00 | 000,000,000 | ---D | C] -- C:\Users\Eric\AppData\Roaming\TightVNC
[2011/02/03 12:01:51 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\TightVNC
[2011/02/03 12:01:51 | 000,000,000 | ---D | C] -- C:\Program Files\TightVNC
[2011/02/03 11:49:56 | 000,000,000 | ---D | C] -- C:\Users\Eric\.sshterm
[2011/02/03 11:49:56 | 000,000,000 | ---D | C] -- C:\Users\Eric\.ssh
[2011/02/02 10:23:34 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Earth
[2011/02/02 10:21:22 | 000,000,000 | ---D | C] -- C:\Program Files\Google
[2011/02/01 20:49:11 | 000,000,000 | ---D | C] -- C:\Users\Eric\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Flux
[2011/02/01 15:24:46 | 000,000,000 | ---D | C] -- C:\Users\Eric\AppData\Local\iLinc
[2011/02/01 15:24:43 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\iLinc 10
[2011/02/01 15:24:07 | 000,000,000 | ---D | C] -- C:\Program Files\iLinc
[2011/02/01 11:58:13 | 000,000,000 | ---D | C] -- C:\Users\Public\Documents\stalker-shoc

========== Files - Modified Within 30 Days ==========

[2011/02/27 16:14:56 | 000,024,270 | ---- | M] () -- C:\Windows\System32\Notepad2.ini
[2011/02/27 16:00:00 | 000,000,372 | ---- | M] () -- C:\Windows\tasks\At1.job
[2011/02/27 15:26:00 | 000,000,882 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2011/02/27 15:24:00 | 000,000,904 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-1741313435-3812852985-375618545-1001UA.job
[2011/02/27 10:40:08 | 000,000,878 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2011/02/26 22:35:31 | 000,000,852 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-1741313435-3812852985-375618545-1001Core.job
[2011/02/25 14:04:06 | 000,001,024 | ---- | M] () -- C:\.rnd
[2011/02/25 14:01:38 | 000,024,072 | ---- | M] () -- C:\Windows\Notepad2.ini
[2011/02/25 13:56:53 | 000,001,049 | ---- | M] () -- C:\Users\Eric\Desktop\OpenVPN GUI.lnk
[2011/02/25 12:26:23 | 000,659,130 | ---- | M] () -- C:\Windows\System32\perfh009.dat
[2011/02/25 12:26:23 | 000,120,146 | ---- | M] () -- C:\Windows\System32\perfc009.dat
[2011/02/25 07:51:48 | 000,004,001 | ---- | M] () -- C:\Users\Eric\.recently-used.xbel
[2011/02/24 20:07:46 | 002,829,637 | ---- | M] () -- C:\Users\Eric\Desktop\DSC_0002.JPG
[2011/02/24 03:33:08 | 000,022,400 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2011/02/24 03:33:08 | 000,022,400 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2011/02/23 20:47:40 | 000,036,139 | ---- | M] () -- C:\Users\Eric\Desktop\awwwwwyeeeeeah.png
[2011/02/23 20:47:12 | 000,054,055 | ---- | M] () -- C:\Users\Eric\Desktop\download.png
[2011/02/23 19:49:19 | 000,138,416 | ---- | M] () -- C:\Windows\System32\drivers\PnkBstrK.sys
[2011/02/23 19:49:14 | 000,270,904 | ---- | M] () -- C:\Windows\System32\PnkBstrB.xtr
[2011/02/23 18:05:01 | 000,001,086 | ---- | M] () -- C:\Users\Public\Desktop\TeamViewer 6.lnk
[2011/02/23 03:22:09 | 000,273,864 | ---- | M] () -- C:\Windows\System32\FNTCACHE.DAT
[2011/02/23 03:22:08 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2011/02/23 03:21:55 | 2615,320,576 | -HS- | M] () -- C:\hiberfil.sys
[2011/02/22 21:35:20 | 000,001,044 | ---- | M] () -- C:\Users\Eric\Desktop\mbam
[2011/02/22 17:09:33 | 004,273,108 | R--- | M] () -- C:\Users\Eric\Desktop\ComboFix.exe
[2011/02/22 10:37:11 | 001,564,065 | ---- | M] () -- C:\Users\Eric\Desktop\i3micromood200.png
[2011/02/21 23:09:01 | 000,001,977 | ---- | M] () -- C:\Users\Public\Desktop\PlayOn.lnk
[2011/02/21 23:08:07 | 000,001,945 | ---- | M] () -- C:\Windows\epplauncher.mif
[2011/02/21 22:39:54 | 270,586,063 | ---- | M] () -- C:\Windows\MEMORY.DMP
[2011/02/21 11:09:14 | 001,372,248 | ---- | M] (Kaspersky Lab ZAO) -- C:\Users\Eric\Desktop\TDSSKiller.exe
[2011/02/20 22:41:45 | 000,000,600 | ---- | M] () -- C:\Users\Eric\AppData\Local\PUTTY.RND
[2011/02/19 13:36:59 | 000,000,176 | ---- | M] () -- C:\Users\Eric\defogger_reenable
[2011/02/18 22:05:02 | 000,270,904 | ---- | M] () -- C:\Windows\System32\PnkBstrB.ex0
[2011/02/16 20:58:25 | 000,430,078 | R--- | M] () -- C:\Windows\System32\drivers\etc\hosts
[2011/02/16 20:47:28 | 000,000,822 | ---- | M] () -- C:\Windows\System32\drivers\etc\hosts.20110216-205825.backup
[2011/02/14 22:46:18 | 000,005,813 | ---- | M] () -- C:\Users\Eric\AppData\Roaming\8BB0.589
[2011/02/12 13:45:10 | 000,000,045 | ---- | M] () -- C:\Windows\System32\initdebug.nfo
[2011/02/07 14:35:04 | 000,023,920 | ---- | M] (MediaMall Technologies, Inc.) -- C:\Windows\System32\drivers\povrtdev.sys
[2011/02/03 13:05:01 | 000,454,656 | ---- | M] (Simon Tatham) -- C:\Windows\putty.exe
[2011/01/31 14:09:39 | 000,001,875 | ---- | M] () -- C:\Users\Eric\Application Data\Microsoft\Internet Explorer\Quick Launch\Mozilla Firefox.lnk

========== Files Created - No Company Name ==========

[2011/02/25 14:04:05 | 000,001,024 | ---- | C] () -- C:\.rnd
[2011/02/25 14:04:00 | 000,000,924 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\LogMeIn.lnk
[2011/02/25 13:56:53 | 000,001,049 | ---- | C] () -- C:\Users\Eric\Desktop\OpenVPN GUI.lnk
[2011/02/25 07:51:48 | 000,004,001 | ---- | C] () -- C:\Users\Eric\.recently-used.xbel
[2011/02/25 07:43:18 | 002,829,637 | ---- | C] () -- C:\Users\Eric\Desktop\DSC_0002.JPG
[2011/02/23 20:47:40 | 000,036,139 | ---- | C] () -- C:\Users\Eric\Desktop\awwwwwyeeeeeah.png
[2011/02/23 20:47:16 | 000,054,055 | ---- | C] () -- C:\Users\Eric\Desktop\download.png
[2011/02/23 18:05:01 | 000,001,098 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\TeamViewer 6.lnk
[2011/02/23 18:05:01 | 000,001,086 | ---- | C] () -- C:\Users\Public\Desktop\TeamViewer 6.lnk
[2011/02/22 21:35:20 | 000,001,044 | ---- | C] () -- C:\Users\Eric\Desktop\mbam
[2011/02/22 17:09:05 | 004,273,108 | R--- | C] () -- C:\Users\Eric\Desktop\ComboFix.exe
[2011/02/22 10:37:10 | 001,564,065 | ---- | C] () -- C:\Users\Eric\Desktop\i3micromood200.png
[2011/02/22 09:12:30 | 000,256,512 | ---- | C] () -- C:\Windows\PEV.exe
[2011/02/22 09:12:30 | 000,098,816 | ---- | C] () -- C:\Windows\sed.exe
[2011/02/22 09:12:30 | 000,089,088 | ---- | C] () -- C:\Windows\MBR.exe
[2011/02/22 09:12:30 | 000,080,412 | ---- | C] () -- C:\Windows\grep.exe
[2011/02/22 09:12:30 | 000,068,096 | ---- | C] () -- C:\Windows\zip.exe
[2011/02/21 23:09:01 | 000,001,977 | ---- | C] () -- C:\Users\Public\Desktop\PlayOn.lnk
[2011/02/21 23:08:07 | 000,001,945 | ---- | C] () -- C:\Windows\epplauncher.mif
[2011/02/21 23:07:54 | 000,001,863 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Security Essentials.lnk
[2011/02/19 13:36:44 | 000,000,176 | ---- | C] () -- C:\Users\Eric\defogger_reenable
[2011/02/15 16:31:52 | 270,586,063 | ---- | C] () -- C:\Windows\MEMORY.DMP
[2011/02/14 18:36:38 | 000,005,813 | ---- | C] () -- C:\Users\Eric\AppData\Roaming\8BB0.589
[2011/02/13 19:09:25 | 000,000,372 | ---- | C] () -- C:\Windows\tasks\At1.job
[2011/02/12 13:45:08 | 000,000,045 | ---- | C] () -- C:\Windows\System32\initdebug.nfo
[2011/02/10 22:48:01 | 000,819,200 | ---- | C] () -- C:\Windows\System32\xvidcore.dll
[2011/02/10 22:48:01 | 000,180,224 | ---- | C] () -- C:\Windows\System32\xvidvfw.dll
[2011/02/10 22:48:01 | 000,077,824 | ---- | C] () -- C:\Windows\System32\xvid.ax
[2011/02/07 13:34:34 | 000,024,270 | ---- | C] () -- C:\Windows\System32\Notepad2.ini
[2011/02/07 13:31:16 | 000,024,072 | ---- | C] () -- C:\Windows\Notepad2.ini
[2011/02/02 10:21:37 | 000,000,882 | ---- | C] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2011/02/02 10:21:37 | 000,000,878 | ---- | C] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2011/01/31 14:09:39 | 000,001,875 | ---- | C] () -- C:\Users\Eric\Application Data\Microsoft\Internet Explorer\Quick Launch\Mozilla Firefox.lnk
[2011/01/18 20:20:52 | 000,022,328 | ---- | C] () -- C:\Users\Eric\AppData\Roaming\PnkBstrK.sys
[2011/01/18 20:20:34 | 002,250,024 | ---- | C] () -- C:\Windows\System32\pbsvc.exe
[2011/01/05 13:55:49 | 002,217,088 | ---- | C] () -- C:\Windows\System32\BootMan.exe
[2011/01/05 13:55:49 | 000,086,408 | ---- | C] () -- C:\Windows\System32\setupempdrv03.exe
[2011/01/05 13:55:49 | 000,014,848 | ---- | C] () -- C:\Windows\System32\EuEpmGdi.dll
[2011/01/05 13:55:49 | 000,014,216 | ---- | C] () -- C:\Windows\System32\epmntdrv.sys
[2011/01/05 13:55:49 | 000,008,456 | ---- | C] () -- C:\Windows\System32\EuGdiDrv.sys
[2010/12/30 17:31:27 | 000,000,000 | ---- | C] () -- C:\Windows\nsreg.dat
[2010/12/28 19:16:41 | 000,000,080 | RHS- | C] () -- C:\Windows\System32\BAC157B930.dll
[2010/12/28 18:43:14 | 001,970,176 | ---- | C] () -- C:\Windows\System32\d3dx9.dll
[2010/12/24 20:32:11 | 000,138,416 | ---- | C] () -- C:\Windows\System32\drivers\PnkBstrK.sys
[2010/12/24 20:32:03 | 000,270,904 | ---- | C] () -- C:\Windows\System32\PnkBstrB.exe
[2010/12/24 20:31:47 | 000,075,136 | ---- | C] () -- C:\Windows\System32\PnkBstrA.exe
[2010/12/08 20:32:23 | 000,000,262 | ---- | C] () -- C:\Windows\{789289CA-F73A-4A16-A331-54D498CE069F}_WiseFW.ini
[2010/12/01 21:18:36 | 000,000,056 | -H-- | C] () -- C:\Windows\System32\ezsidmv.dat
[2010/11/27 05:10:51 | 000,000,600 | ---- | C] () -- C:\Users\Eric\AppData\Local\PUTTY.RND
[2010/10/14 01:36:44 | 000,179,263 | ---- | C] () -- C:\Windows\System32\xlive.dll.cat
[2010/03/30 13:28:22 | 000,167,936 | ---- | C] () -- C:\Windows\System32\multiserv.dll
[2010/03/23 13:26:48 | 000,201,512 | ---- | C] () -- C:\Windows\System32\vpnapi.dll
[2009/07/13 22:57:37 | 000,067,584 | --S- | C] () -- C:\Windows\bootstat.dat
[2009/07/13 22:33:53 | 000,273,864 | ---- | C] () -- C:\Windows\System32\FNTCACHE.DAT
[2009/07/13 20:05:48 | 000,659,130 | ---- | C] () -- C:\Windows\System32\perfh009.dat
[2009/07/13 20:05:48 | 000,291,294 | ---- | C] () -- C:\Windows\System32\perfi009.dat
[2009/07/13 20:05:48 | 000,120,146 | ---- | C] () -- C:\Windows\System32\perfc009.dat
[2009/07/13 20:05:48 | 000,031,548 | ---- | C] () -- C:\Windows\System32\perfd009.dat
[2009/07/13 20:05:05 | 000,000,741 | ---- | C] () -- C:\Windows\System32\NOISE.DAT
[2009/07/13 20:04:11 | 000,215,943 | ---- | C] () -- C:\Windows\System32\dssec.dat
[2009/07/13 18:19:49 | 000,066,048 | ---- | C] () -- C:\Windows\System32\PrintBrmUi.exe
[2009/07/13 17:55:01 | 000,043,131 | ---- | C] () -- C:\Windows\mib.bin
[2009/07/13 17:51:43 | 000,073,728 | ---- | C] () -- C:\Windows\System32\BthpanContextHandler.dll
[2009/07/13 17:42:10 | 000,064,000 | ---- | C] () -- C:\Windows\System32\BWContextHandler.dll
[2009/07/13 17:41:04 | 000,632,832 | ---- | C] () -- C:\Windows\System32\Notepad.exe
[2009/07/13 17:41:04 | 000,632,832 | ---- | C] () -- C:\Windows\Notepad.exe
[2009/06/10 15:26:10 | 000,673,088 | ---- | C] () -- C:\Windows\System32\mlang.dat
[2007/03/24 00:56:05 | 000,131,072 | ---- | C] () -- C:\Windows\System32\gc.dll
[1996/04/03 13:33:26 | 000,005,248 | ---- | C] () -- C:\Windows\System32\giveio.sys

========== Alternate Data Streams ==========

@Alternate Data Stream - 99 bytes -> C:\ProgramData\TEMP:EF6E4E62
@Alternate Data Stream - 103 bytes -> C:\ProgramData\TEMP:76650B61

< End of report >

OTL Extras logfile created on: 2/27/2011 4:15:47 PM - Run 1
OTL by OldTimer - Version 3.2.22.2 Folder = C:\Users\Eric\Downloads
Ultimate Edition (Version = 6.1.7600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.7600.16385)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

3.00 Gb Total Physical Memory | 2.00 Gb Available Physical Memory | 46.00% Memory free
6.00 Gb Paging File | 4.00 Gb Available in Paging File | 64.00% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 225.29 Gb Total Space | 187.58 Gb Free Space | 83.26% Space Free | Partition Type: NTFS
Drive D: | 1171.87 Gb Total Space | 352.90 Gb Free Space | 30.11% Space Free | Partition Type: NTFS
Drive E: | 232.88 Gb Total Space | 38.48 Gb Free Space | 16.52% Space Free | Partition Type: NTFS

Computer Name: MEXICO | User Name: Eric | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Extra Registry (SafeList) ==========


========== File Associations ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\System32\control.exe (Microsoft Corporation)
.hlp [@ = hlpfile] -- C:\Windows\winhlp32.exe (Microsoft Corporation)
.inf [@ = inffile] -- C:\Windows\System32\NOTEPAD.EXE ()
.ini [@ = inifile] -- C:\Windows\System32\NOTEPAD.EXE ()
.txt [@ = txtfile] -- C:\Windows\System32\NOTEPAD.EXE ()

[HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>]
.html [@ = ChromeHTML] -- Reg Error: Key error. File not found

========== Shell Spawning ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [edit] -- %SystemRoot%\System32\NOTEPAD.EXE %1 ()
batfile [open] -- "%1" %*
batfile [print] -- %SystemRoot%\System32\NOTEPAD.EXE /p %1 ()
cmdfile [edit] -- %SystemRoot%\System32\NOTEPAD.EXE %1 ()
cmdfile [open] -- "%1" %*
cmdfile [print] -- %SystemRoot%\System32\NOTEPAD.EXE /p %1 ()
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
hlpfile [open] -- %SystemRoot%\winhlp32.exe %1 (Microsoft Corporation)
htmlfile [edit] -- Reg Error: Key error.
htmlfile [print] -- rundll32.exe %windir%\system32\mshtml.dll,PrintHTML "%1"
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
inffile [open] -- %SystemRoot%\system32\NOTEPAD.EXE %1 ()
inffile [print] -- %SystemRoot%\system32\NOTEPAD.EXE /p %1 ()
inifile [open] -- %SystemRoot%\system32\NOTEPAD.EXE %1 ()
inifile [print] -- %SystemRoot%\system32\NOTEPAD.EXE /p %1 ()
jsfile [edit] -- C:\Windows\System32\Notepad.exe %1 ()
jsfile [print] -- C:\Windows\System32\Notepad.exe /p %1 ()
jsefile [edit] -- C:\Windows\System32\Notepad.exe %1 ()
jsefile [print] -- C:\Windows\System32\Notepad.exe /p %1 ()
piffile [open] -- "%1" %*
regfile [edit] -- %SystemRoot%\system32\notepad.exe "%1" ()
regfile [merge] -- Reg Error: Key error.
regfile [print] -- %SystemRoot%\system32\notepad.exe /p "%1" ()
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
txtfile [open] -- %SystemRoot%\system32\NOTEPAD.EXE %1 ()
txtfile [print] -- %SystemRoot%\system32\NOTEPAD.EXE /p %1 ()
txtfile [printto] -- %SystemRoot%\system32\notepad.exe /pt "%1" "%2" "%3" "%4" ()
vbefile [edit] -- "%SystemRoot%\System32\Notepad.exe" %1 ()
vbefile [print] -- "%SystemRoot%\System32\Notepad.exe" /p %1 ()
vbsfile [edit] -- "%SystemRoot%\System32\Notepad.exe" %1 ()
vbsfile [print] -- "%SystemRoot%\System32\Notepad.exe" /p %1 ()
wsffile [edit] -- "%SystemRoot%\System32\Notepad.exe" %1 ()
wsffile [print] -- "%SystemRoot%\System32\Notepad.exe" /p %1 ()
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [AddToPlaylistVLC] -- "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" ()
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [PlayWithVLC] -- "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" ()
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

========== Security Center Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"VistaSp1" = Reg Error: Unknown registry data type -- File not found
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]

========== System Restore Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]
"DisableSR" = 0

========== Firewall Settings ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
"DoNotAllowExceptions" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1

========== Authorized Applications List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]


========== HKEY_LOCAL_MACHINE Uninstall List ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{005F78AF-110D-398A-8430-BE98950A1E22}" = Google Talk Plugin
"{048298C9-A4D3-490B-9FF9-AB023A9238F3}" = Steam
"{0840B4D6-7DD1-4187-8523-E6FC0007EFB7}" = Windows Live ID Sign-in Assistant
"{08B3869E-D282-424C-9AFC-870E04A4BA14}" = Rockstar Games Social Club
"{0A0CADCF-78DA-33C4-A350-CD51849B9702}" = Microsoft .NET Framework 4 Extended
"{117CE366-3EED-48C5-BF6A-E0F47A0E68A4}" = ShadowCopy
"{1374CC63-B520-4f3f-98E8-E9020BF01CFF}" = Windows XP Mode
"{196BB40D-1578-3D01-B289-BEFC77A11A1E}" = Microsoft Visual C++ 2010 x86 Redistributable - 10.0.30319
"{19B2FBFE-27D2-458C-9C75-5280C831E49C}" = CoPilot Central 2.0
"{1FDA5A37-B22D-43FF-B582-B8964050DC13}" = Microsoft Games for Windows - LIVE Redistributable
"{226b64e8-dc75-4eea-a6c8-abcb496320f2}-Google Talk" = Google Talk (remove only)
"{26A24AE4-039D-4CA4-87B4-2F83216022FF}" = Java™ 6 Update 22
"{2BFC7AA0-544C-4E3A-8796-67F3BE655BE9}" = Microsoft XNA Framework Redistributable 4.0
"{2E8EAC71-BFE4-417A-88F0-5A1BDFBCF5D3}" = Logitech SetPoint
"{3881DB80-EAA2-012B-ADAE-000000000000}" = TurboTax 2009 WinPerFedFormset
"{38975F50-EAA2-012B-ADB4-000000000000}" = TurboTax 2009 WinPerReleaseEngine
"{38A34630-EAA2-012B-ADB6-000000000000}" = TurboTax 2009 WinPerTaxSupport
"{3B78608F-D09A-11DF-A54E-0013D3D69929}" = Vegas Pro 10.0
"{3C3901C5-3455-3E0A-A214-0B093A5070A6}" = Microsoft .NET Framework 4 Client Profile
"{3C5A81D0-EAA2-012B-AE9F-000000000000}" = TurboTax 2009 wrapper
"{40719211-D09A-11DF-BA30-0013D3D69929}" = MSVCRT Redists
"{436811A5-21BF-7826-7792-FD69BABD20AB}" = ATI Catalyst Install Manager
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{579BA58C-F33D-4970-9953-B94B43768AC3}" = Grand Theft Auto IV
"{6956856F-B6B3-4BE0-BA0B-8F495BE32033}" = Apple Software Update
"{69FDFBB6-351D-4B8C-89D8-867DC9D0A2A4}" = Windows Media Player Firefox Plugin
"{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable
"{76423878-BF55-4C2F-AC25-2A82CE9AFB7A}" = Windows 7 Logon Background Changer
"{774088D4-0777-4D78-904D-E435B318F5D2}" = Microsoft Antimalware
"{77A776C4-D10F-416D-88F0-53F2D9DCD9B3}" = Microsoft Security Client
"{789289CA-F73A-4A16-A331-54D498CE069F}" = Ventrilo Client
"{7ADB1002-9FAC-4EF0-8EC0-57A0D7CB5355}" = Aurora
"{837b34e3-7c30-493c-8f6a-2b0f04e2912c}" = Microsoft Visual C++ 2005 Redistributable
"{86A4C6D9-29EE-4719-AFA1-BA3341862B83}" = Microsoft Games for Windows - LIVE
"{888F1505-C2B3-4FDE-835D-36353EBD4754}" = Ubisoft Game Launcher
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8CC990CD-87C8-475C-AC32-8A7984E2FCFA}" = CDDRV_Installer
"{92083A9A-549D-4057-88E8-223EA08563FA}" = Cisco AnyConnect VPN Client
"{98613C99-1399-416C-A07C-1EE1C585D872}" = SeaTools for Windows
"{9E5A03E3-6246-4920-9630-0527D5DA9B07}" = iSEEK AnswerWorks English Runtime
"{A49F249F-0C91-497F-86DF-B2585E8E76B7}" = Microsoft Visual C++ 2005 Redistributable
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{B0BF7057-6869-4E4B-920C-EA2A58DA07F0}" = Cisco Systems VPN Client 5.0.07.0290
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.3DVision" = NVIDIA 3D Vision Driver 260.99
"{B2FE1952-0186-46c3-BAEC-A80AA35AC5B8}_Display.ControlPanel" = NVIDIA Control Panel 260.99
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver" = NVIDIA Graphics Driver 260.99
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.PhysX" = NVIDIA PhysX System Software 9.10.0514
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_installer" = NVIDIA Install Application
"{B4092C6D-E886-4CB2-BA68-FE5A88D31DE6}_is1" = Spybot - Search & Destroy
"{B9DB4C76-01A4-46D5-8910-F7AA6376DBAF}" = NVIDIA PhysX
"{C78EAC6F-7A73-452E-8134-DBB2165C5A68}" = QuickTime
"{C89C8D86-4423-4A58-AA40-DD259ACE07C1}" = KhalSetup
"{CD95D125-2992-4858-B3EF-5F6FB52FBAD6}" = Skype Toolbars
"{D2FCA41E-AC01-4DCD-B3A7-DC9E32363065}}_is1" = Rapture3D 2.3.26 Game
"{D3ABAFE6-5A74-4998-BAAD-D3595C0F4DBB}" = PlayOn
"{D3AE96EE-2876-4B3F-847C-D3A4AD689E43}" = LogMeIn
"{DF6320E3-B716-4FAB-99CD-18AB6A2C3970}" = DJ Java Decompiler v.3.11.11.95
"{E633D396-5188-4E9D-8F6B-BFB8BF3467E8}" = Skype™ 5.0
"{F301B7DB-5678-4B28-B1A0-F086F194A8CB}" = GameCreate
"{FB4F9000-04FC-11E0-85D2-001AA037B01E}" = Google Earth Plug-in
"{Stalker Complete 2009 v1.4.4}}_is1" = Stalker Complete 2009
"ActiveScan 2.0" = Panda ActiveScan 2.0
"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX
"AIM_7" = AIM 7
"Android Commander_is1" = Android Commander version 0.7.9.8.2.01
"BattlEye" = BattlEye Uninstall
"Cheat Engine 5.6.1_is1" = Cheat Engine 5.6.1
"DAEMON Tools Lite" = DAEMON Tools Lite
"EASEUS Partition Master Home Edition_is1" = EASEUS Partition Master 6.5.2 Home Edition
"EASEUS Todo Backup Home 2.0_is1" = EASEUS Todo Backup Home 2.0
"ESET Online Scanner" = ESET Online Scanner v3
"FileZilla Client" = FileZilla Client 3.3.5.1
"Foxit Reader" = Foxit Reader
"Fraps" = Fraps (remove only)
"Hamster Free Video Converter_is1" = HamsterFreeVideoConverter
"HijackThis" = HijackThis 2.0.2
"ImgBurn" = ImgBurn
"InstallShield_{19B2FBFE-27D2-458C-9C75-5280C831E49C}" = CoPilot Central 2.0
"Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"Microsoft .NET Framework 4 Extended" = Microsoft .NET Framework 4 Extended
"Microsoft Security Client" = Microsoft Security Essentials
"Mozilla Firefox (3.6.13)" = Mozilla Firefox (3.6.13)
"NVIDIAStereo" = NVIDIA Stereoscopic 3D Driver
"OnLive" = OnLive
"OpenAL" = OpenAL
"OpenVPN" = OpenVPN 2.1.4
"PE Builder_is1" = PE Builder 3.1.10a
"Police Pursuit Mod 7.5c 7.5c" = Police Pursuit Mod 7.5c 7.5c
"PunkBusterSvc" = PunkBuster Services
"RollerCoaster Tycoon 2 v1.00" = RollerCoaster Tycoon 2 v1.00
"SoftwareUpdUtility" = Download Updater (AOL LLC)
"Spark 2.5.8" = Spark 2.5.8
"SpeedFan" = SpeedFan (remove only)
"Steam App 17500" = Zombie Panic Source
"Steam App 33220" = Tom Clancy's Splinter Cell: Conviction
"Steam App 4500" = S.T.A.L.K.E.R.: Shadow of Chernobyl
"SystemRequirementsLab" = System Requirements Lab
"TeamViewer 6" = TeamViewer 6
"TightVNC" = TightVNC 2.0.2
"TransMac_is1" = TransMac version 10.0
"TurboTax 2009" = TurboTax 2009
"uninstall.exe" = iLinc Client
"uTorrent" = µTorrent
"VLC media player" = VLC media player 1.1.5
"WinGimp-2.0_is1" = GIMP 2.6.11
"WinRAR archiver" = WinRAR archiver
"Xvid_is1" = Xvid 1.2.2 final uninstall

========== HKEY_CURRENT_USER Uninstall List ==========

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"62805c3093d0494a" = Minecraft - Crafting guide
"BTGuard 2.2" = BTGuard 2.2
"BTGuard Encryption 2.0" = BTGuard Encryption 2.0
"ChromePlus" = ChromePlus
"Dropbox" = Dropbox
"Flux" = F.lux
"Google Chrome" = Google Chrome

========== Last 10 Event Log Errors ==========

[ Application Events ]
Error - 2/20/2011 8:02:30 PM | Computer Name = MEXICO | Source = Application Error | ID = 1000
Description = Faulting application name: chrome.exe, version: 0.0.0.0, time stamp:
0x4d533e9f Faulting module name: SHLWAPI.dll, version: 6.1.7600.16385, time stamp:
0x4a5bdb05 Exception code: 0xc0000005 Fault offset: 0x0000dad8 Faulting process id:
0xa5c Faulting application start time: 0x01cbd1515d2abf15 Faulting application path:
C:\Users\Eric\AppData\Local\Google\Chrome\Application\chrome.exe Faulting module
path: C:\Windows\system32\SHLWAPI.dll Report Id: dfbefd32-3d4d-11e0-8762-6cf0492bca8a

Error - 2/21/2011 2:30:26 AM | Computer Name = MEXICO | Source = SideBySide | ID = 16842815
Description = Activation context generation failed for "c:\program files\android
commander\DelZip179.dll".Error in manifest or policy file "c:\program files\android
commander\DelZip179.dll" on line 8. The value "*" of attribute "language" in element
"assemblyIdentity" is invalid.

Error - 2/21/2011 2:30:29 AM | Computer Name = MEXICO | Source = SideBySide | ID = 16842785
Description = Activation context generation failed for "c:\program files\EASEUS\easeus
partition master 6.5.2 home edition\bin\x64\WinChkdsk.exe". Dependent Assembly Microsoft.VC80.CRT,processorArchitecture="amd64",publicKeyToken="1fc8b3b9a1e18e3b",type="win32",version="8.0.50727.762"
could not be found. Please use sxstrace.exe for detailed diagnosis.

Error - 2/21/2011 2:31:11 AM | Computer Name = MEXICO | Source = SideBySide | ID = 16842815
Description = Activation context generation failed for "c:\program files\spybot
- search & destroy\DelZip179.dll".Error in manifest or policy file "c:\program files\spybot
- search & destroy\DelZip179.dll" on line 8. The value "*" of attribute "language"
in element "assemblyIdentity" is invalid.

Error - 2/21/2011 10:14:15 AM | Computer Name = MEXICO | Source = Application Error | ID = 1000
Description = Faulting application name: chrome.exe, version: 0.0.0.0, time stamp:
0x4d533e9f Faulting module name: SHLWAPI.dll, version: 6.1.7600.16385, time stamp:
0x4a5bdb05 Exception code: 0xc0000005 Fault offset: 0x0000dad8 Faulting process id:
0x1424 Faulting application start time: 0x01cbd1cf0a6c6842 Faulting application path:
C:\Users\Eric\AppData\Local\Google\Chrome\Application\chrome.exe Faulting module
path: C:\Windows\system32\SHLWAPI.dll Report Id: dc813f0b-3dc4-11e0-8762-6cf0492bca8a

Error - 2/21/2011 5:29:33 PM | Computer Name = MEXICO | Source = Application Error | ID = 1000
Description = Faulting application name: chrome.exe, version: 0.0.0.0, time stamp:
0x4d533e9f Faulting module name: SHLWAPI.dll, version: 6.1.7600.16385, time stamp:
0x4a5bdb05 Exception code: 0xc0000005 Fault offset: 0x0000dad8 Faulting process id:
0x12a8 Faulting application start time: 0x01cbd1d19dae2192 Faulting application path:
C:\Users\Eric\AppData\Local\Google\Chrome\Application\chrome.exe Faulting module
path: C:\Windows\system32\SHLWAPI.dll Report Id: ac0d4762-3e01-11e0-8762-6cf0492bca8a

Error - 2/22/2011 12:54:12 AM | Computer Name = MEXICO | Source = SideBySide | ID = 16842785
Description = Activation context generation failed for "D:\$RECYCLE.BIN\S-1-5-21-1741313435-3812852985-375618545-1001\$REBP6FK.exe".
Dependent
Assembly Microsoft.Windows.Common-Controls,language="&#x2a;",processorArchitecture="amd64",publicKeyToken="6595b64144ccf1df",type="win32",version="6.0.0.0"
could not be found. Please use sxstrace.exe for detailed diagnosis.

Error - 2/22/2011 2:30:58 AM | Computer Name = MEXICO | Source = SideBySide | ID = 16842815
Description = Activation context generation failed for "c:\program files\android
commander\DelZip179.dll".Error in manifest or policy file "c:\program files\android
commander\DelZip179.dll" on line 8. The value "*" of attribute "language" in element
"assemblyIdentity" is invalid.

Error - 2/22/2011 2:31:07 AM | Computer Name = MEXICO | Source = SideBySide | ID = 16842785
Description = Activation context generation failed for "c:\program files\EASEUS\easeus
partition master 6.5.2 home edition\bin\x64\WinChkdsk.exe". Dependent Assembly Microsoft.VC80.CRT,processorArchitecture="amd64",publicKeyToken="1fc8b3b9a1e18e3b",type="win32",version="8.0.50727.762"
could not be found. Please use sxstrace.exe for detailed diagnosis.

Error - 2/22/2011 2:33:00 AM | Computer Name = MEXICO | Source = SideBySide | ID = 16842815
Description = Activation context generation failed for "c:\program files\spybot
- search & destroy\DelZip179.dll".Error in manifest or policy file "c:\program files\spybot
- search & destroy\DelZip179.dll" on line 8. The value "*" of attribute "language"
in element "assemblyIdentity" is invalid.

[ Cisco AnyConnect VPN Client Events ]
Error - 2/24/2011 9:58:03 AM | Computer Name = MEXICO | Source = vpnagent | ID = 67108866
Description = Function: CVirtualAdapter::GetConnName File: .\WindowsVirtualAdapter.cpp
Line:
2355 Invoked Function: GetAdaptersAddresses Return Code: 111 (0x0000006F) Description:
The file name is too long.

Error - 2/24/2011 9:58:06 AM | Computer Name = MEXICO | Source = vpnagent | ID = 67108866
Description = Function: IELockdownMSIESettings File: .\BrowserProxyIE.cpp Line: 416
Invoked
Function: IEHideIEConnSettings Return Code: -32047083 (0xFE170015) Description: BROWSERPROXY_ERROR_NO_MSIE_LOCKDOWN


Error - 2/24/2011 7:00:28 PM | Computer Name = MEXICO | Source = vpncli | ID = 67108866
Description = Function: MsgCatalog::msgFormat File: .\i18n\MsgCatalog.cpp Line: 344
Invoked
Function: FormatMessage Return Code: 3 (0x00000003) Description: The system cannot
find the path specified.

Error - 2/24/2011 7:00:29 PM | Computer Name = MEXICO | Source = vpncli | ID = 67108866
Description = Function: MsgCatalog::msgFormat File: .\i18n\MsgCatalog.cpp Line: 344
Invoked
Function: FormatMessage Return Code: 3 (0x00000003) Description: The system cannot
find the path specified.

Error - 2/25/2011 9:33:48 AM | Computer Name = MEXICO | Source = vpnagent | ID = 67108866
Description = Function: CCapiCertificate::verifyChainPolicy File: .\Certificates\CapiCertificate.cpp
Line:
1914 Invoked Function: CertVerifyCertificateChainPolicy Return Code: -2146762487
(0x800B0109) Description: A certificate chain processed, but terminated in a root
certificate which is not trusted by the trust provider.

Error - 2/25/2011 9:33:48 AM | Computer Name = MEXICO | Source = vpnagent | ID = 67108866
Description = Function: CCapiCertificate::verifyChainPolicy File: .\Certificates\CapiCertificate.cpp
Line:
1914 Invoked Function: CertVerifyCertificateChainPolicy Return Code: -2146762487
(0x800B0109) Description: A certificate chain processed, but terminated in a root
certificate which is not trusted by the trust provider.

Error - 2/25/2011 9:33:48 AM | Computer Name = MEXICO | Source = vpnagent | ID = 67108866
Description = Function: CVirtualAdapter::GetConnName File: .\WindowsVirtualAdapter.cpp
Line:
2355 Invoked Function: GetAdaptersAddresses Return Code: 111 (0x0000006F) Description:
The file name is too long.

Error - 2/25/2011 9:33:52 AM | Computer Name = MEXICO | Source = vpnagent | ID = 67108866
Description = Function: IELockdownMSIESettings File: .\BrowserProxyIE.cpp Line: 416
Invoked
Function: IEHideIEConnSettings Return Code: -32047083 (0xFE170015) Description: BROWSERPROXY_ERROR_NO_MSIE_LOCKDOWN


Error - 2/25/2011 4:08:58 PM | Computer Name = MEXICO | Source = vpncli | ID = 67108866
Description = Function: MsgCatalog::msgFormat File: .\i18n\MsgCatalog.cpp Line: 344
Invoked
Function: FormatMessage Return Code: 3 (0x00000003) Description: The system cannot
find the path specified.

Error - 2/25/2011 4:08:58 PM | Computer Name = MEXICO | Source = vpncli | ID = 67108866
Description = Function: MsgCatalog::msgFormat File: .\i18n\MsgCatalog.cpp Line: 344
Invoked
Function: FormatMessage Return Code: 3 (0x00000003) Description: The system cannot
find the path specified.

[ System Events ]
Error - 2/22/2011 9:22:25 PM | Computer Name = MEXICO | Source = Service Control Manager | ID = 7001
Description = The Network List Service service depends on the Network Location Awareness
service which failed to start because of the following error: %%1068

Error - 2/22/2011 9:22:26 PM | Computer Name = MEXICO | Source = Service Control Manager | ID = 7001
Description = The Network List Service service depends on the Network Location Awareness
service which failed to start because of the following error: %%1068

Error - 2/22/2011 9:22:26 PM | Computer Name = MEXICO | Source = Service Control Manager | ID = 7001
Description = The Network List Service service depends on the Network Location Awareness
service which failed to start because of the following error: %%1068

Error - 2/22/2011 9:22:26 PM | Computer Name = MEXICO | Source = Service Control Manager | ID = 7001
Description = The Network List Service service depends on the Network Location Awareness
service which failed to start because of the following error: %%1068

Error - 2/22/2011 9:22:26 PM | Computer Name = MEXICO | Source = Service Control Manager | ID = 7001
Description = The Network List Service service depends on the Network Location Awareness
service which failed to start because of the following error: %%1068

Error - 2/22/2011 9:22:26 PM | Computer Name = MEXICO | Source = Service Control Manager | ID = 7001
Description = The Network List Service service depends on the Network Location Awareness
service which failed to start because of the following error: %%1068

Error - 2/22/2011 9:22:26 PM | Computer Name = MEXICO | Source = Service Control Manager | ID = 7001
Description = The Network List Service service depends on the Network Location Awareness
service which failed to start because of the following error: %%1068

Error - 2/22/2011 10:00:34 PM | Computer Name = MEXICO | Source = EventLog | ID = 6008
Description = The previous system shutdown at 7:22:53 PM on ?2/?22/?2011 was unexpected.

Error - 2/22/2011 10:01:56 PM | Computer Name = MEXICO | Source = DCOM | ID = 10016
Description =

Error - 2/22/2011 11:37:47 PM | Computer Name = MEXICO | Source = DCOM | ID = 10016
Description =


< End of report >

Like I said it seems to be ok, I didn't realize there was any other issues with the PC. Again, I appreciate your help, and please let me know if there is anything else I should scan. :)




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users