Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Infected with unknown, Google redirects, host service crashes


  • This topic is locked This topic is locked
28 replies to this topic

#1 Rexmaster

Rexmaster

  • Members
  • 16 posts
  • OFFLINE
  •  
  • Local time:12:24 PM

Posted 25 February 2011 - 11:50 AM

Google links redirect. Host service crashes. Any explorer browsing hangs, save as in any app hangs. Window appearance seems to revert back to classic style. Any and all assistance is greatly appreciated!!!


DDS (Ver_10-12-12.02) - NTFSx86
Run by Rexmaster at 10:26:18.27 on Fri 02/25/2011
Internet Explorer: 7.0.6000.17037

============== Running Processes ===============

C:\Windows\system32\wininit.exe
C:\Program Files\AVG\AVG9\avgchsvx.exe
C:\Program Files\AVG\AVG9\avgrsx.exe
C:\Windows\system32\lsm.exe
C:\Program Files\AVG\AVG9\avgcsrvx.exe
C:\Windows\system32\SLsvc.exe
C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe
C:\Windows\System32\spoolsv.exe
C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACService.exe
C:\Program Files\AVG\AVG9\avgwdsvc.exe
C:\Program Files\Research In Motion\Smart Card Reader\BlackBerrySCRService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\Common Files\LightScribe\LSSrvc.exe
C:\Program Files\Common Files\Motive\McciCMService.exe
C:\Program Files\AVG\AVG9\avgnsx.exe
C:\Program Files\Motorola\MotoConnectService\MotoConnectService.exe
C:\Program Files\OpenCase\OpenCASE Media Agent\MediaAgent.exe
C:\Program Files\Western Digital\WD SmartWare\WD Drive Manager\WDDMService.exe
C:\Program Files\Western Digital\WD SmartWare\Front Parlor\WDSmartWareBackgroundService.exe
C:\Windows\system32\SearchIndexer.exe
C:\Windows\system32\wbem\unsecapp.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Windows\System32\rundll32.exe
C:\Program Files\AVG\AVG9\avgtray.exe
C:\Program Files\Research In Motion\Smart Card Reader\BlackBerrySCRUIProxy.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Apps\AnyDVD\AnyDVDtray.exe
C:\Windows\ehome\ehtray.exe
C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
C:\Windows\System32\rundll32.exe
C:\Windows\ehome\ehmsas.exe
C:\Program Files\Motorola\MotoConnectService\MotoConnect.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Lavasoft\Ad-Aware\AAWTray.exe
C:\Apps\Office\OFFICE11\OUTLOOK.EXE
C:\Program Files\AVG\AVG9\avgcsrvx.exe
C:\Apps\Office\OFFICE11\WINWORD.EXE
C:\Program Files\Internet Explorer\iexplore.exe
C:\Users\Rexmaster\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\I7L5KZAZ\Defogger[1].exe
C:\Windows\system32\SearchProtocolHost.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Users\Rexmaster\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\UAKDZSFH\dds[2].scr
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\svchost.exe -k rpcss
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\Windows\system32\svchost.exe -k imgsvc
C:\Windows\System32\svchost.exe -k WerSvcGroup

============== Pseudo HJT Report ===============

uInternet Settings,ProxyOverride = *.local
BHO: Adobe PDF Reader Link Helper: {06849e9f-c8d7-4d59-b87d-784b7d6be0b3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelper.dll
BHO: AVG Safe Search: {3ca2f312-6f6e-4b53-a66e-4e65e497c8c0} - c:\program files\avg\avg9\avgssie.dll
BHO: Watch for Browser Events: {516e2306-7adf-47ec-aea8-acb6b51899f1} - c:\apps\autofi~1\macroe~1\iCapture.dll
BHO: Spybot-S&D IE Protection: {53707962-6f74-2d53-2644-206d7942484f} - c:\progra~1\spybot~1\SDHelper.dll
BHO: SSVHelper Class: {761497bb-d6f0-462c-b6eb-d4daf1d92d43} - c:\program files\java\jre1.6.0_05\bin\ssv.dll
BHO: Google Toolbar Notifier BHO: {af69de43-7d58-4638-b6fa-ce66b5ad205d} - c:\program files\google\googletoolbarnotifier\5.1.1309.3572\swg.dll
TB: Veoh Browser Plug-in: {d0943516-5076-4020-a3b5-aefaf26ab263} - c:\program files\veoh networks\veoh\plugins\reg\VeohToolbar.dll
uRun: [Sidebar] c:\program files\windows sidebar\sidebar.exe /autoRun
uRun: [AnyDVD] c:\apps\anydvd\AnyDVDtray.exe
uRun: [ehTray.exe] c:\windows\ehome\ehTray.exe
uRun: [<NO NAME>]
uRun: [SpybotSD TeaTimer] c:\program files\spybot - search & destroy\TeaTimer.exe
mRun: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide
mRun: [NvSvc] RUNDLL32.EXE c:\windows\system32\nvsvc.dll,nvsvcStart
mRun: [NvMediaCenter] RUNDLL32.EXE c:\windows\system32\NvMcTray.dll,NvTaskbarInit
mRun: [<NO NAME>]
mRun: [NVIDIA nTune] "c:\apps\ntune\ntune\nTuneCmd.exe" clear
mRun: [SunJavaUpdateSched] "c:\program files\java\jre1.6.0_05\bin\jusched.exe"
mRun: [AVG9_TRAY] c:\progra~1\avg\avg9\avgtray.exe
mRun: [SmartCardReaderProxy] c:\program files\research in motion\smart card reader\BlackBerrySCRUIProxy.exe
mPolicies-system: EnableLUA = 0 (0x0)
IE: E&xport to Microsoft Excel - c:\apps\office\office11\EXCEL.EXE/3000
IE: {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - {CAFEEFAC-0016-0000-0005-ABCDEFFEDCBC} - c:\program files\java\jre1.6.0_05\bin\ssv.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\apps\office\office11\REFIEBAR.DLL
IE: {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - {53707962-6F74-2D53-2644-206D7942484F} - c:\progra~1\spybot~1\SDHelper.dll
Trusted Zone: $talisma_url$
DPF: {02BCC737-B171-4746-94C9-0D8A0B2C0089} - hxxp://office.microsoft.com/sites/production/ieawsdc32.cab
DPF: {166B1BCA-3F9C-11CF-8075-444553540000} - hxxp://fpdownload.macromedia.com/get/shockwave/cabs/director/sw.cab
DPF: {17492023-C23A-453E-A040-C7C580BBF700} - hxxp://download.microsoft.com/download/5/b/0/5b0d4654-aa20-495c-b89f-c1c34c691085/LegitCheckControl.cab
DPF: {1842B0EE-B597-11D4-8997-00104BD12D94} - hxxp://www.pcpitstop.com/internet/pcpConnCheck.cab
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://sdlc-esd.sun.com/ESD39/JSCDL/jdk/6u5b/jinstall-6u5-windows-i586-jc.cab?AuthParam=1206283049_dd9d3fc1c0a0f18cc58f9085d228a073&GroupName=JSC&BHost=javadl.sun.com&FilePath=/ESD39/JSCDL/jdk/6u5b/jinstall-6u5-windows-i586-jc.cab&File=jinstall-6u5-windows-i586-jc.cab
DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} - hxxp://fpdownload.macromedia.com/get/flashplayer/current/polarbear/ultrashim.cab
DPF: {CAFEEFAC-0016-0000-0005-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_05-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_05-windows-i586.cab
DPF: {CF40ACC5-E1BB-4AFF-AC72-04C2F616BCA7} - hxxp://www.adobe.com/products/acrobat/nos/gp.cab
DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
Handler: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - c:\program files\avg\avg9\avgpp.dll
AppInit_DLLs: avgrsstx.dll
SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - %SystemRoot%\system32\wpdshserviceobj.dll

================= FIREFOX ===================

FF - ProfilePath - c:\users\rexmas~1\appdata\roaming\mozilla\firefox\profiles\kry7akdn.default\

============= SERVICES / DRIVERS ===============

R? gupdate1c9dfdde220f835;Google Update Service (gupdate1c9dfdde220f835)
R? hcwhdpvr;Hauppauge HD PVR Capture Device
R? Lavasoft Kernexplorer;Lavasoft helper driver
R? motccgp;Motorola USB Composite Device Driver
R? motccgpfl;MotCcgpFlService
R? motport;Motorola USB Diagnostic Port
R? nosGetPlusHelper;getPlus® Helper 3004
R? NPF;NetGroup Packet Filter Driver
R? WDC_SAM;WD SCSI Pass Thru driver
S? archlp;archlp
S? avg9wd;AVG Free WatchDog
S? AvgLdx86;AVG Free AVI Loader Driver x86
S? AvgMfx86;AVG Free On-access Scanner Minifilter Driver x86
S? AvgTdiX;AVG Free Network Redirector
S? BlackBerry Smart Card Reader Service;BlackBerry Smart Card Reader Service
S? CLBStor;InstantBurn Storage Helper Driver
S? CLBUDF;CyberLink InstantBurn UDF Filesystem
S? Lavasoft Ad-Aware Service;Lavasoft Ad-Aware Service
S? Lbd;Lbd
S? MotoConnect Service;MotoConnect Service
S? OpenCASE Media Agent;OpenCASE Media Agent
S? RIM;BlackBerry Smart Card Reader
S? WDDMService;WD SmartWare Drive Manager
S? WDSmartWareBackgroundService;WD SmartWare Background Service

=============== Created Last 30 ================

2011-02-23 21:39:41 16432 ----a-w- c:\windows\system32\lsdelete.exe
2011-02-23 18:44:02 64512 ----a-w- c:\windows\system32\drivers\Lbd.sys
2011-02-23 18:43:57 98392 ----a-w- c:\windows\system32\drivers\SBREDrv.sys
2011-02-23 18:42:27 -------- d-----w- c:\users\rexmas~1\appdata\local\Sunbelt Software
2011-02-23 18:41:24 -------- dc-h--w- c:\progra~2\{E53F90E0-D7CA-4310-8844-F6E688407890}
2011-02-23 18:39:29 -------- d-----w- c:\program files\Lavasoft
2011-02-23 17:06:19 -------- d-----w- c:\program files\Spybot - Search & Destroy
2011-02-23 17:06:19 -------- d-----w- c:\progra~2\Spybot - Search & Destroy
2011-02-23 17:03:29 16409960 ----a-w- c:\users\rexmaster\spybotsd162.exe
2011-02-15 18:46:19 -------- d-----w- c:\program files\common files\Akamai
2011-02-15 16:48:55 32576 ----a-w- c:\program files\mozilla firefox\plugins\np_gp.dll
2011-02-03 18:38:37 -------- d-----w- c:\program files\HRBlock2010
2011-02-03 14:57:09 -------- d-----w- c:\program files\ShopFactory V9

==================== Find3M ====================

2011-02-24 19:22:20 256 ----a-w- c:\windows\system32\pool.bin
2011-01-13 03:56:05 427520 ----a-w- c:\windows\system32\termsrv.dll
2010-12-13 17:57:27 156672 ----a-w- c:\windows\system32\rmc_fixasf.exe
2010-12-13 17:57:24 237568 ----a-w- c:\windows\system32\rmc_rtspdl.dll
2010-12-13 17:57:14 323584 ----a-w- c:\windows\system32\AUDIOGENIE2.DLL

=================== ROOTKIT ====================

Stealth MBR rootkit/Mebroot/Sinowal/TDL4 detector 0.4.2 by Gmer, http://www.gmer.net
Windows 6.0.6000 Disk: ST375064 rev.3.AA -> Harddisk0\DR0 -> \Device\00000056

device: opened successfully
user: MBR read successfully

Disk trace:
called modules: ntkrnlpa.exe CLASSPNP.SYS disk.sys acpi.sys hal.dll >>UNKNOWN [0x86ABE5DC]<<
_asm { PUSH EBP; MOV EBP, ESP; PUSH ECX; MOV EAX, [EBP+0x8]; CMP EAX, [0x86ac47b8]; MOV EAX, [0x86ac4834]; PUSH EBX; PUSH ESI; MOV ESI, [EBP+0xc]; MOV EBX, [ESI+0x60]; PUSH EDI; JNZ 0x20; MOV [EBP+0x8], EAX; }
1 ntkrnlpa!IofCallDriver[0x81C27F3B] -> \Device\Harddisk0\DR0[0x864E03B8]
3 nt[0x81CB07E2] -> ntkrnlpa!IofCallDriver[0x81C27F3B] -> [0x84E1C870]
5 acpi[0x8046832A] -> ntkrnlpa!IofCallDriver[0x81C27F3B] -> [0x843CECA0]
\Driver\nvstor[0x84D6FDF8] -> IRP_MJ_CREATE -> 0x86ABE5DC
kernel: MBR read successfully
_asm { XOR AX, AX; MOV SS, AX; MOV SP, 0x7c00; MOV ES, AX; MOV DS, AX; MOV SI, 0x7c00; MOV DI, 0x600; MOV CX, 0x200; CLD ; REP MOVSB ; PUSH AX; PUSH 0x61c; RETF ; STI ; MOV CX, 0x4; MOV BP, 0x7be; CMP BYTE [BP+0x0], 0x0; }
detected disk devices:
\Device\00000055 -> \??\SCSI#Disk&Ven_ST375064&Prod_0AS#4&cc3eadc&0&000100#{53f56307-b6bf-11d0-94f2-00a0c91efb8b} device not found
detected hooks:
user != kernel MBR !!!
Warning: possible TDL4 rootkit infection !
TDL4 rootkit infection detected ! Use: "mbr.exe -f" to fix.

============= FINISH: 10:27:42.58 ===============

Attached Files



BC AdBot (Login to Remove)

 


#2 SweetTech

SweetTech

    Agent ST


  • Members
  • 13,421 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Antarctica
  • Local time:01:24 PM

Posted 25 February 2011 - 11:54 AM

Hello and welcome to the forums!

My secret agent name on the forums is SweetTech (you can call me ST for short), it's a pleasure to meet you. :)


I would be glad to take a look at your log and help you with solving any malware problems.

If you have since resolved the issues you were originally experiencing, or have received help elsewhere, please inform me so that this topic can be closed.

If you have not, please adhere to the guidelines below and then follow instructions as outlined further below:

  • Logs from malware removal programs (OTL is one of them) can take some time to analyze. I need you to be patient while I analyze any logs you post. Please remember, I am a volunteer, and I do have a life outside of these forums.
  • Please make sure to carefully read any instruction that I give you. Attention to detail is important! Since I cannot see or directly interact with your computer I am dependent on you to "be my eyes" and provide as much information as you can regarding the current state of your computer.
  • If you're not sure, or if something unexpected happens, do NOT continue! Stop and ask!
  • These instructions have been specifically tailored to your computer and the issues you are experiencing with your computer. It's important to note that these instructions are not suitable for any other computer, even if the issues are fairly similar.
  • Do not do things I do not ask for, such as running a spyware scan on your computer. The one thing that you should always do, is to make sure sure that your anti-virus definitions are up-to-date!
  • Please do not use the Attachment feature for any log file. Do a Copy/Paste of the entire contents of the log file and submit it inside your post.
  • I am going to stick with you until ALL malware is gone from your system. I would appreciate it if you would do the same. From this point, we're in this together ;)
    Because of this, you must reply within three days
    failure to reply will result in the topic being closed!
  • Please do not PM me directly for help. If you have any questions, post them in this topic.
  • Lastly, I am no magician. I will try very hard to fix your issues, but no promises can be made. Also be aware that some infections are so severe that you might need to resort to reformatting and reinstalling your operating system.
    Don't worry, this only happens in severe cases, but it sadly does happen. Be prepared to back up your data. Have means of backing up your data available.

____________________________________________________

Posted Image One or more of the identified infections is a backdoor trojan and password stealer.

This type of infection allows hackers to access and remotely control your computer, log keystrokes, steal critical system information, and download and execute files without your knowledge.
If you do any banking or other financial transactions on the PC or if it contains any other sensitive information, then from a clean computer, change all passwords where applicable.
It would also be wise to contact those same financial institutions to appraise them of your situation.


I highly suggest you take a look at the two links provided below:
1. How Do I Handle Possible Identify Theft, Internet Fraud, and CC Fraud?
2. When should I re-format? How should I reinstall?


We can still clean this machine but I can't guarantee that it will be 100% secure afterwards. Let me know what you decide to do. If you decide to go through with the cleanup, please proceed with the following steps.



NEXT:



Running TDSSKiller

Please read carefully and follow these steps.
  • Download TDSSKiller and save it to your Desktop.
  • Extract its contents to your desktop.
  • Once extracted, open the TDSSKiller folder and doubleclick on TDSSKiller.exe to run the application, then on Start Scan.


    Posted Image

  • If an infected file is detected, the default action will be Cure, click on Continue.


    Posted Image

  • If a suspicious file is detected, the default action will be Skip, click on Continue.


    Posted Image

  • It may ask you to reboot the computer to complete the process. Click on Reboot Now.


    Posted Image

  • If no reboot is require, click on Report. A log file should appear. Please copy and paste the contents of that file here.
  • If a reboot is required, the report can also be found in your root directory, (usually C:\ folder) in the form of "TDSSKiller.[Version]_[Date]_[Time]_log.txt". Please copy and paste the contents of that file here.


NEXT:



Running OTM

We need to execute an OTM script
  • Please download OTM by OldTimer and save it to your desktop.
  • Double click the Posted Image icon on your desktop.
  • Paste the following code under the Posted Image area. Do not include the word "Code".
    :Processes
    :Files
    
    :Commands
    [resethosts]
    [purity]
    [emptytemp]
    [emptyflash]
    [createrestorepoint]
    
  • Push the large Posted Image button.
  • OTM may ask to reboot the machine. Please do so if asked.
  • Copy/Paste the contents under the Posted Image line here in your next reply.
  • If you are unable to copy/paste from this window (as will be the case if the machine was rebooted), open Notepad (Start->All Programs->Accessories->Notepad), click File->Open, in the File Name box enter *.log and press the Enter key, navigate to the C:\_OTM\MovedFiles folder, and open the newest .log file present, and copy/paste the contents of that document back here in your next post.


NEXT:



Running OTL

We need to create an OTL Report
  • Please download OTL from one of the following mirrors:
  • Save it to your desktop.
  • Double click on the Posted Image icon on your desktop.
  • Click the "Scan All Users" checkbox.
  • Push the Posted Image button.
  • Two reports will open, copy and paste them in a reply here:
    • OTL.txt <-- Will be opened
    • Extra.txt <-- Will be minimized


NEXT:



Please be sure to include an update on how things are currently running in your next reply.

Have I helped you? If you'd like to assist in the fight against malware, click here Posted Image


The instructions seen in this post have been specifically tailored to this user and the issues they are experiencing with their computer. If you think you have a similar problem, please first read this topic, and then begin your own, new thread. I do not offer private support via Private Message.


#3 Rexmaster

Rexmaster
  • Topic Starter

  • Members
  • 16 posts
  • OFFLINE
  •  
  • Local time:12:24 PM

Posted 25 February 2011 - 12:22 PM

2011/02/25 11:56:57.0571 7996 TDSS rootkit removing tool 2.4.18.0 Feb 21 2011 11:08:08
2011/02/25 11:56:57.0680 7996 ================================================================================
2011/02/25 11:56:57.0680 7996 SystemInfo:
2011/02/25 11:56:57.0680 7996
2011/02/25 11:56:57.0680 7996 OS Version: 6.0.6000 ServicePack: 0.0
2011/02/25 11:56:57.0680 7996 Product type: Workstation
2011/02/25 11:56:57.0680 7996 ComputerName: VISTA
2011/02/25 11:56:57.0680 7996 UserName: Rexmaster
2011/02/25 11:56:57.0680 7996 Windows directory: C:\Windows
2011/02/25 11:56:57.0680 7996 System windows directory: C:\Windows
2011/02/25 11:56:57.0680 7996 Processor architecture: Intel x86
2011/02/25 11:56:57.0680 7996 Number of processors: 2
2011/02/25 11:56:57.0680 7996 Page size: 0x1000
2011/02/25 11:56:57.0680 7996 Boot type: Normal boot
2011/02/25 11:56:57.0680 7996 ================================================================================
2011/02/25 11:56:57.0914 7996 Initialize success
2011/02/25 11:57:00.0321 5056 ================================================================================
2011/02/25 11:57:00.0321 5056 Scan started
2011/02/25 11:57:00.0321 5056 Mode: Manual;
2011/02/25 11:57:00.0321 5056 ================================================================================
2011/02/25 11:57:01.0367 5056 ACPI (84fc6df81212d16be5c4f441682feccc) C:\Windows\system32\drivers\acpi.sys
2011/02/25 11:57:01.0430 5056 adp94xx (2edc5bbac6c651ece337bde8ed97c9fb) C:\Windows\system32\drivers\adp94xx.sys
2011/02/25 11:57:01.0477 5056 adpahci (b84088ca3cdca97da44a984c6ce1ccad) C:\Windows\system32\drivers\adpahci.sys
2011/02/25 11:57:01.0508 5056 adpu160m (7880c67bccc27c86fd05aa2afb5ea469) C:\Windows\system32\drivers\adpu160m.sys
2011/02/25 11:57:01.0555 5056 adpu320 (9ae713f8e30efc2abccd84904333df4d) C:\Windows\system32\drivers\adpu320.sys
2011/02/25 11:57:01.0633 5056 Afc (a7b8a3a79d35215d798a300df49ed23f) C:\Windows\system32\drivers\Afc.sys
2011/02/25 11:57:01.0680 5056 AFD (5d24caf8efd924a875698ff28384db8b) C:\Windows\system32\drivers\afd.sys
2011/02/25 11:57:01.0711 5056 agp440 (ef23439cdd587f64c2c1b8825cead7d8) C:\Windows\system32\drivers\agp440.sys
2011/02/25 11:57:01.0774 5056 aic78xx (ae1fdf7bf7bb6c6a70f67699d880592a) C:\Windows\system32\drivers\djsvs.sys
2011/02/25 11:57:01.0805 5056 aliide (90395b64600ebb4552e26e178c94b2e4) C:\Windows\system32\drivers\aliide.sys
2011/02/25 11:57:01.0836 5056 amdagp (2b13e304c9dfdfa5eb582f6a149fa2c7) C:\Windows\system32\drivers\amdagp.sys
2011/02/25 11:57:01.0867 5056 amdide (0577df1d323fe75a739c787893d300ea) C:\Windows\system32\drivers\amdide.sys
2011/02/25 11:57:01.0914 5056 AmdK7 (dc487885bcef9f28eece6fac0e5ddfc5) C:\Windows\system32\drivers\amdk7.sys
2011/02/25 11:57:01.0946 5056 AmdK8 (0ca0071da4315b00fc1328ca86b425da) C:\Windows\system32\drivers\amdk8.sys
2011/02/25 11:57:02.0008 5056 AnyDVD (a198fd45dfe819c1f9a7bed90339842f) C:\Windows\system32\Drivers\AnyDVD.sys
2011/02/25 11:57:02.0055 5056 arc (5f673180268bb1fdb69c99b6619fe379) C:\Windows\system32\drivers\arc.sys
2011/02/25 11:57:02.0117 5056 archlp (dc80b26d4a398e71775f682a5ab88127) C:\Windows\system32\drivers\archlp.sys
2011/02/25 11:57:02.0149 5056 arcsas (957f7540b5e7f602e44648c7de5a1c05) C:\Windows\system32\drivers\arcsas.sys
2011/02/25 11:57:02.0196 5056 AsyncMac (e86cf7ce67d5de898f27ef884dc357d8) C:\Windows\system32\DRIVERS\asyncmac.sys
2011/02/25 11:57:02.0242 5056 atapi (b35cfcef838382ab6490b321c87edf17) C:\Windows\system32\drivers\atapi.sys
2011/02/25 11:57:02.0321 5056 AvgLdx86 (b8c187439d27aba430dd69fdcf1fa657) C:\Windows\system32\Drivers\avgldx86.sys
2011/02/25 11:57:02.0352 5056 AvgMfx86 (53b3f979930a786a614d29cafe99f645) C:\Windows\system32\Drivers\avgmfx86.sys
2011/02/25 11:57:02.0383 5056 AvgTdiX (22e3b793c3e61720f03d3a22351af410) C:\Windows\system32\Drivers\avgtdix.sys
2011/02/25 11:57:02.0446 5056 Beep (ac3dd1708b22761ebd7cbe14dcc3b5d7) C:\Windows\system32\drivers\Beep.sys
2011/02/25 11:57:02.0555 5056 bowser (913cd06fbe9105ce6077e90fd4418561) C:\Windows\system32\DRIVERS\bowser.sys
2011/02/25 11:57:02.0602 5056 BrFiltLo (9f9acc7f7ccde8a15c282d3f88b43309) C:\Windows\system32\drivers\brfiltlo.sys
2011/02/25 11:57:02.0633 5056 BrFiltUp (56801ad62213a41f6497f96dee83755a) C:\Windows\system32\drivers\brfiltup.sys
2011/02/25 11:57:02.0664 5056 Brserid (b304e75cff293029eddf094246747113) C:\Windows\system32\drivers\brserid.sys
2011/02/25 11:57:02.0696 5056 BrSerWdm (203f0b1e73adadbbb7b7b1fabd901f6b) C:\Windows\system32\drivers\brserwdm.sys
2011/02/25 11:57:02.0711 5056 BrUsbMdm (bd456606156ba17e60a04e18016ae54b) C:\Windows\system32\drivers\brusbmdm.sys
2011/02/25 11:57:02.0742 5056 BrUsbSer (af72ed54503f717a43268b3cc5faec2e) C:\Windows\system32\drivers\brusbser.sys
2011/02/25 11:57:02.0774 5056 BTHMODEM (ad07c1ec6665b8b35741ab91200c6b68) C:\Windows\system32\drivers\bthmodem.sys
2011/02/25 11:57:02.0805 5056 cdfs (6c3a437fc873c6f6a4fc620b6888cb86) C:\Windows\system32\DRIVERS\cdfs.sys
2011/02/25 11:57:02.0821 5056 cdrom (8d1866e61af096ae8b582454f5e4d303) C:\Windows\system32\DRIVERS\cdrom.sys
2011/02/25 11:57:02.0883 5056 circlass (da8e0afc7baa226c538ef53ac2f90897) C:\Windows\system32\drivers\circlass.sys
2011/02/25 11:57:02.0930 5056 CLBStor (3b15740f137b2b243fdae2e7b9c391f7) C:\Windows\system32\drivers\CLBStor.sys
2011/02/25 11:57:02.0961 5056 CLBUDF (f5c65ca7c0d348820caf9b499d783243) C:\Windows\system32\drivers\CLBUDF.sys
2011/02/25 11:57:03.0008 5056 CLFS (1b84fd0937d3b99af9ba38ddff3daf54) C:\Windows\system32\CLFS.sys
2011/02/25 11:57:03.0039 5056 cmdide (45201046c776ffdaf3fc8a0029c581c8) C:\Windows\system32\drivers\cmdide.sys
2011/02/25 11:57:03.0071 5056 Compbatt (82b8c91d327cfecf76cb58716f7d4997) C:\Windows\system32\drivers\compbatt.sys
2011/02/25 11:57:03.0086 5056 crcdisk (2a213ae086bbec5e937553c7d9a2b22c) C:\Windows\system32\drivers\crcdisk.sys
2011/02/25 11:57:03.0117 5056 Crusoe (22a7f883508176489f559ee745b5bf5d) C:\Windows\system32\drivers\crusoe.sys
2011/02/25 11:57:03.0164 5056 DfsC (a7179de59ae269ab70345527894ccd7c) C:\Windows\system32\Drivers\dfsc.sys
2011/02/25 11:57:03.0227 5056 disk (841af4c4d41d3e3b2f244e976b0f7963) C:\Windows\system32\drivers\disk.sys
2011/02/25 11:57:03.0274 5056 drmkaud (ee472cd2c01f6f8e8aa1fa06ffef61b6) C:\Windows\system32\drivers\drmkaud.sys
2011/02/25 11:57:03.0336 5056 DXGKrnl (334988883de69adb27e2cf9f9715bbdb) C:\Windows\System32\drivers\dxgkrnl.sys
2011/02/25 11:57:03.0367 5056 E1G60 (f88fb26547fd2ce6d0a5af2985892c48) C:\Windows\system32\DRIVERS\E1G60I32.sys
2011/02/25 11:57:03.0399 5056 Ecache (0efc7531b936ee57fdb4e837664c509f) C:\Windows\system32\drivers\ecache.sys
2011/02/25 11:57:03.0477 5056 ElbyCDIO (309ac30471a0f1c3a89dee1c81230576) C:\Windows\system32\Drivers\ElbyCDIO.sys
2011/02/25 11:57:03.0508 5056 elxstor (e8f3f21a71720c84bcf423b80028359f) C:\Windows\system32\drivers\elxstor.sys
2011/02/25 11:57:03.0571 5056 fastfat (84a317cb0b3954d3768cdcd018dbf670) C:\Windows\system32\drivers\fastfat.sys
2011/02/25 11:57:03.0602 5056 fdc (63bdada84951b9c03e641800e176898a) C:\Windows\system32\DRIVERS\fdc.sys
2011/02/25 11:57:03.0633 5056 FileInfo (65773d6115c037ffd7ef8280ae85eb9d) C:\Windows\system32\drivers\fileinfo.sys
2011/02/25 11:57:03.0664 5056 Filetrace (c226dd0de060745f3e042f58dcf78402) C:\Windows\system32\drivers\filetrace.sys
2011/02/25 11:57:03.0696 5056 flpydisk (6603957eff5ec62d25075ea8ac27de68) C:\Windows\system32\DRIVERS\flpydisk.sys
2011/02/25 11:57:03.0727 5056 FltMgr (a6a8da7ae4d53394ab22ac3ab6d3f5d3) C:\Windows\system32\drivers\fltmgr.sys
2011/02/25 11:57:03.0774 5056 Fs_Rec (66a078591208baa210c7634b11eb392c) C:\Windows\system32\drivers\Fs_Rec.sys
2011/02/25 11:57:03.0789 5056 gagp30kx (4e1cd0a45c50a8882616cae5bf82f3c5) C:\Windows\system32\drivers\gagp30kx.sys
2011/02/25 11:57:03.0836 5056 GEARAspiWDM (5dc17164f66380cbfefd895c18467773) C:\Windows\system32\Drivers\GEARAspiWDM.sys
2011/02/25 11:57:03.0914 5056 hcwhdpvr (127d4434658c35effd265ec486c9dc3a) C:\Windows\system32\DRIVERS\hcwhdpvr.sys
2011/02/25 11:57:03.0961 5056 HdAudAddService (cb04c744be0a61b1d648faed182c3b59) C:\Windows\system32\drivers\HdAudio.sys
2011/02/25 11:57:03.0992 5056 HDAudBus (0db613a7e427b5663563677796fd5258) C:\Windows\system32\DRIVERS\HDAudBus.sys
2011/02/25 11:57:04.0024 5056 HidBth (1338520e78d90154ed6be8f84de5fceb) C:\Windows\system32\drivers\hidbth.sys
2011/02/25 11:57:04.0055 5056 HidIr (ff3160c3a2445128c5a6d9b076da519e) C:\Windows\system32\drivers\hidir.sys
2011/02/25 11:57:04.0086 5056 HidUsb (3c64042b95e583b366ba4e5d2450235e) C:\Windows\system32\DRIVERS\hidusb.sys
2011/02/25 11:57:04.0164 5056 HpCISSs (df353b401001246853763c4b7aaa6f50) C:\Windows\system32\drivers\hpcisss.sys
2011/02/25 11:57:04.0227 5056 HTTP (ea24fe637d974a8a31bc650f478e3533) C:\Windows\system32\drivers\HTTP.sys
2011/02/25 11:57:04.0258 5056 i2omp (324c2152ff2c61abae92d09f3cca4d63) C:\Windows\system32\drivers\i2omp.sys
2011/02/25 11:57:04.0321 5056 i8042prt (1c9ee072baa3abb460b91d7ee9152660) C:\Windows\system32\DRIVERS\i8042prt.sys
2011/02/25 11:57:04.0352 5056 iaStorV (c957bf4b5d80b46c5017bf0101e6c906) C:\Windows\system32\drivers\iastorv.sys
2011/02/25 11:57:04.0399 5056 iirsp (2d077bf86e843f901d8db709c95b49a5) C:\Windows\system32\drivers\iirsp.sys
2011/02/25 11:57:04.0430 5056 intelide (97469037714070e45194ed318d636401) C:\Windows\system32\drivers\intelide.sys
2011/02/25 11:57:04.0446 5056 intelppm (ce44cc04262f28216dd4341e9e36a16f) C:\Windows\system32\DRIVERS\intelppm.sys
2011/02/25 11:57:04.0492 5056 IpFilterDriver (880c6f86cc3f551b8fea2c11141268c0) C:\Windows\system32\DRIVERS\ipfltdrv.sys
2011/02/25 11:57:04.0586 5056 IPMIDRV (40f34f8aba2a015d780e4b09138b6c17) C:\Windows\system32\drivers\ipmidrv.sys
2011/02/25 11:57:04.0602 5056 IPNAT (10077c35845101548037df04fd1a420b) C:\Windows\system32\DRIVERS\ipnat.sys
2011/02/25 11:57:04.0633 5056 IRENUM (a82f328f4792304184642d6d397bb1e3) C:\Windows\system32\drivers\irenum.sys
2011/02/25 11:57:04.0664 5056 isapnp (350fca7e73cf65bcef43fae1e4e91293) C:\Windows\system32\drivers\isapnp.sys
2011/02/25 11:57:04.0696 5056 iScsiPrt (4dca456d4d5723f8fa9c6760d240b0df) C:\Windows\system32\DRIVERS\msiscsi.sys
2011/02/25 11:57:04.0727 5056 iteatapi (bced60d16156e428f8df8cf27b0df150) C:\Windows\system32\drivers\iteatapi.sys
2011/02/25 11:57:04.0774 5056 iteraid (06fa654504a498c30adca8bec4e87e7e) C:\Windows\system32\drivers\iteraid.sys
2011/02/25 11:57:04.0805 5056 kbdclass (b076b2ab806b3f696dab21375389101c) C:\Windows\system32\DRIVERS\kbdclass.sys
2011/02/25 11:57:04.0946 5056 kbdhid (ed61dbc6603f612b7338283edbacbc4b) C:\Windows\system32\DRIVERS\kbdhid.sys
2011/02/25 11:57:05.0211 5056 KSecDD (0a829977b078dea11641fc2af87ceade) C:\Windows\system32\Drivers\ksecdd.sys
2011/02/25 11:57:05.0289 5056 Lavasoft Kernexplorer (6c4a3804510ad8e0f0c07b5be3d44ddb) C:\Program Files\Lavasoft\Ad-Aware\KernExplorer.sys
2011/02/25 11:57:05.0336 5056 Lbd (336abe8721cbc3110f1c6426da633417) C:\Windows\system32\DRIVERS\Lbd.sys
2011/02/25 11:57:05.0383 5056 lltdio (fd015b4f95daa2b712f0e372a116fbad) C:\Windows\system32\DRIVERS\lltdio.sys
2011/02/25 11:57:05.0461 5056 LSI_FC (a2262fb9f28935e862b4db46438c80d2) C:\Windows\system32\drivers\lsi_fc.sys
2011/02/25 11:57:05.0492 5056 LSI_SAS (30d73327d390f72a62f32c103daf1d6d) C:\Windows\system32\drivers\lsi_sas.sys
2011/02/25 11:57:05.0539 5056 LSI_SCSI (e1e36fefd45849a95f1ab81de0159fe3) C:\Windows\system32\drivers\lsi_scsi.sys
2011/02/25 11:57:05.0571 5056 luafv (42885bb44b6e065b8575a8dd6c430c52) C:\Windows\system32\drivers\luafv.sys
2011/02/25 11:57:05.0633 5056 megasas (d153b14fc6598eae8422a2037553adce) C:\Windows\system32\drivers\megasas.sys
2011/02/25 11:57:05.0680 5056 Modem (21755967298a46fb6adfec9db6012211) C:\Windows\system32\drivers\modem.sys
2011/02/25 11:57:05.0805 5056 monitor (7446e104a5fe5987ca9e4983fbac4f97) C:\Windows\system32\DRIVERS\monitor.sys
2011/02/25 11:57:05.0883 5056 motccgp (c741717b0a18813dd7d12085937cee72) C:\Windows\system32\DRIVERS\motccgp.sys
2011/02/25 11:57:06.0071 5056 motccgpfl (b812da6605caf02641312f1f65c75419) C:\Windows\system32\DRIVERS\motccgpfl.sys
2011/02/25 11:57:06.0149 5056 motmodem (54fee02961c70fd9d4d7e2f87afa23fa) C:\Windows\system32\DRIVERS\motmodem.sys
2011/02/25 11:57:06.0227 5056 motport (54fee02961c70fd9d4d7e2f87afa23fa) C:\Windows\system32\DRIVERS\motport.sys
2011/02/25 11:57:06.0274 5056 mouclass (5fba13c1a1841b0885d316ed3589489d) C:\Windows\system32\DRIVERS\mouclass.sys
2011/02/25 11:57:06.0305 5056 mouhid (b569b5c5d3bde545df3a6af512cccdba) C:\Windows\system32\DRIVERS\mouhid.sys
2011/02/25 11:57:06.0414 5056 MountMgr (01f1e5a3e4877c931cbb31613fec16a6) C:\Windows\system32\drivers\mountmgr.sys
2011/02/25 11:57:06.0461 5056 mpio (583a41f26278d9e0ea548163d6139397) C:\Windows\system32\drivers\mpio.sys
2011/02/25 11:57:06.0524 5056 mpsdrv (6e7a7f0c1193ee5648443fe2d4b789ec) C:\Windows\system32\drivers\mpsdrv.sys
2011/02/25 11:57:06.0571 5056 Mraid35x (4fbbb70d30fd20ec51f80061703b001e) C:\Windows\system32\drivers\mraid35x.sys
2011/02/25 11:57:06.0742 5056 MRxDAV (1d8828b98ee309d65e006f0829e280e5) C:\Windows\system32\drivers\mrxdav.sys
2011/02/25 11:57:06.0821 5056 mrxsmb (8af705ce1bb907932157fab821170f27) C:\Windows\system32\DRIVERS\mrxsmb.sys
2011/02/25 11:57:07.0055 5056 mrxsmb10 (47e13ab23371be3279eef22bbfa2c1be) C:\Windows\system32\DRIVERS\mrxsmb10.sys
2011/02/25 11:57:07.0555 5056 mrxsmb20 (90b3fc7bd6b3d7ee7635debba2187f66) C:\Windows\system32\DRIVERS\mrxsmb20.sys
2011/02/25 11:57:07.0617 5056 msahci (742aed7939e734c36b7e8d6228ce26b7) C:\Windows\system32\drivers\msahci.sys
2011/02/25 11:57:07.0664 5056 msdsm (3fc82a2ae4cc149165a94699183d3028) C:\Windows\system32\drivers\msdsm.sys
2011/02/25 11:57:07.0899 5056 Msfs (729eafefd4e7417165f353a18dbe947d) C:\Windows\system32\drivers\Msfs.sys
2011/02/25 11:57:07.0946 5056 msisadrv (5f454a16a5146cd91a176d70f0cfa3ec) C:\Windows\system32\drivers\msisadrv.sys
2011/02/25 11:57:08.0008 5056 MSKSSRV (892cedefa7e0ffe7be8da651b651d047) C:\Windows\system32\drivers\MSKSSRV.sys
2011/02/25 11:57:08.0039 5056 MSPCLOCK (ae2cb1da69b2676b4cee2a501af5871c) C:\Windows\system32\drivers\MSPCLOCK.sys
2011/02/25 11:57:08.0196 5056 MSPQM (f910da84fa90c44a3addb7cd874463fd) C:\Windows\system32\drivers\MSPQM.sys
2011/02/25 11:57:08.0289 5056 MsRPC (84571c0ae07647ba38d493f5f0015df7) C:\Windows\system32\drivers\MsRPC.sys
2011/02/25 11:57:08.0399 5056 mssmbios (4385c80ede885e25492d408cad91bd6f) C:\Windows\system32\DRIVERS\mssmbios.sys
2011/02/25 11:57:08.0602 5056 MSTEE (c826dd1373f38afd9ca46ec3c436a14e) C:\Windows\system32\drivers\MSTEE.sys
2011/02/25 11:57:08.0992 5056 Mup (fa7aa70050cf5e2d15de00941e5665e5) C:\Windows\system32\Drivers\mup.sys
2011/02/25 11:57:09.0117 5056 NativeWifiP (6da4a0fc7c0e83df0cb3cfd0a514c3bc) C:\Windows\system32\DRIVERS\nwifi.sys
2011/02/25 11:57:09.0196 5056 NDIS (227c11e1e7cf6ef8afb2a238d209760c) C:\Windows\system32\drivers\ndis.sys
2011/02/25 11:57:09.0258 5056 NdisTapi (81659cdcbd0f9a9e07e6878ad8c78d3f) C:\Windows\system32\DRIVERS\ndistapi.sys
2011/02/25 11:57:09.0383 5056 Ndisuio (5de5ee546bf40838ebe0e01cb629df64) C:\Windows\system32\DRIVERS\ndisuio.sys
2011/02/25 11:57:09.0430 5056 NdisWan (397402adcbb8946223a1950101f6cd94) C:\Windows\system32\DRIVERS\ndiswan.sys
2011/02/25 11:57:09.0492 5056 NDProxy (1b24fa907af283199a81b3bb37e5e526) C:\Windows\system32\drivers\NDProxy.sys
2011/02/25 11:57:09.0602 5056 NetBIOS (356dbb9f98e8dc1028dd3092fceeb877) C:\Windows\system32\DRIVERS\netbios.sys
2011/02/25 11:57:09.0821 5056 netbt (e3a168912e7eefc3bd3b814720d68b41) C:\Windows\system32\DRIVERS\netbt.sys
2011/02/25 11:57:09.0899 5056 nfrd960 (2e7fb731d4790a1bc6270accefacb36e) C:\Windows\system32\drivers\nfrd960.sys
2011/02/25 11:57:09.0977 5056 NPF (8a785b2a89e872b5e26a601f8bf01619) C:\Windows\system32\drivers\npf.sys
2011/02/25 11:57:10.0008 5056 Npfs (4f9832beb9fafd8ceb0e541f1323b26e) C:\Windows\system32\drivers\Npfs.sys
2011/02/25 11:57:10.0055 5056 nsiproxy (b488dfec274de1fc9d653870ef2587be) C:\Windows\system32\drivers\nsiproxy.sys
2011/02/25 11:57:10.0117 5056 Ntfs (37430aa7a66d7a63407adc2c0d05e9f6) C:\Windows\system32\drivers\Ntfs.sys
2011/02/25 11:57:10.0149 5056 ntrigdigi (e875c093aec0c978a90f30c9e0dfbb72) C:\Windows\system32\drivers\ntrigdigi.sys
2011/02/25 11:57:10.0321 5056 Null (ec5efb3c60f1b624648344a328bce596) C:\Windows\system32\drivers\Null.sys
2011/02/25 11:57:10.0367 5056 NVENETFD (1657f3fbd9061526c14ff37e79306f98) C:\Windows\system32\DRIVERS\nvm60x32.sys
2011/02/25 11:57:10.0571 5056 nvlddmkm (513098dd7a7f4eea43f9b0bbc1948c80) C:\Windows\system32\DRIVERS\nvlddmkm.sys
2011/02/25 11:57:10.0649 5056 nvraid (e69e946f80c1c31c53003bfbf50cbb7c) C:\Windows\system32\drivers\nvraid.sys
2011/02/25 11:57:10.0696 5056 nvstor (4a5fcab82d9bf6af8a023a66802fe9e9) C:\Windows\system32\drivers\nvstor.sys
2011/02/25 11:57:10.0727 5056 nv_agp (07c186427eb8fcc3d8d7927187f260f7) C:\Windows\system32\drivers\nv_agp.sys
2011/02/25 11:57:10.0821 5056 ohci1394 (be32da025a0be1878f0ee8d6d9386cd5) C:\Windows\system32\DRIVERS\ohci1394.sys
2011/02/25 11:57:11.0039 5056 Parport (0fa9b5055484649d63c303fe404e5f4d) C:\Windows\system32\drivers\parport.sys
2011/02/25 11:57:11.0352 5056 partmgr (555a5b2c8022983bc7467bc925b222ee) C:\Windows\system32\drivers\partmgr.sys
2011/02/25 11:57:11.0383 5056 Parvdm (4f9a6a8a31413180d0fcb279ad5d8112) C:\Windows\system32\drivers\parvdm.sys
2011/02/25 11:57:11.0524 5056 pci (1085d75657807e0e8b32f9e19a1647c3) C:\Windows\system32\drivers\pci.sys
2011/02/25 11:57:11.0617 5056 pciide (caba65e9c41cd2900d4c92d4f825c5f8) C:\Windows\system32\drivers\pciide.sys
2011/02/25 11:57:11.0649 5056 pcmcia (e6f3fb1b86aa519e7698ad05e58b04e5) C:\Windows\system32\drivers\pcmcia.sys
2011/02/25 11:57:11.0711 5056 PEAUTH (6349f6ed9c623b44b52ea3c63c831a92) C:\Windows\system32\drivers\peauth.sys
2011/02/25 11:57:11.0774 5056 PptpMiniport (6c359ac71d7b550a0d41f9db4563ce05) C:\Windows\system32\DRIVERS\raspptp.sys
2011/02/25 11:57:11.0805 5056 Processor (0e3cef5d28b40cf273281d620c50700a) C:\Windows\system32\drivers\processr.sys
2011/02/25 11:57:11.0867 5056 PSched (2c8bae55247c4e09352e870292e4d1ab) C:\Windows\system32\DRIVERS\pacer.sys
2011/02/25 11:57:11.0946 5056 ql2300 (ccdac889326317792480c0a67156a1ec) C:\Windows\system32\drivers\ql2300.sys
2011/02/25 11:57:12.0086 5056 ql40xx (81a7e5c076e59995d54bc1ed3a16e60b) C:\Windows\system32\drivers\ql40xx.sys
2011/02/25 11:57:12.0633 5056 QWAVEdrv (d2b3e2b7426dc23e185fbc73c8936c12) C:\Windows\system32\drivers\qwavedrv.sys
2011/02/25 11:57:12.0805 5056 RasAcd (bd7b30f55b3649506dd8b3d38f571d2a) C:\Windows\system32\DRIVERS\rasacd.sys
2011/02/25 11:57:12.0867 5056 Rasl2tp (88587dd843e2059848995b407b67f6cf) C:\Windows\system32\DRIVERS\rasl2tp.sys
2011/02/25 11:57:12.0992 5056 RasPppoe (ccf4e9c6cbbac81437f88cb2ae0b6c96) C:\Windows\system32\DRIVERS\raspppoe.sys
2011/02/25 11:57:13.0164 5056 rdbss (54129c5d9581bbec8bd1ebd3ba813f47) C:\Windows\system32\DRIVERS\rdbss.sys
2011/02/25 11:57:13.0211 5056 RDPCDD (794585276b5d7fca9f3fc15543f9f0b9) C:\Windows\system32\DRIVERS\RDPCDD.sys
2011/02/25 11:57:13.0258 5056 rdpdr (e8bd98d46f2ed77132ba927fccb47d8b) C:\Windows\system32\drivers\rdpdr.sys
2011/02/25 11:57:13.0289 5056 RDPENCDD (980b56e2e273e19d3a9d72d5c420f008) C:\Windows\system32\drivers\rdpencdd.sys
2011/02/25 11:57:13.0321 5056 RDPWD (8830e790a74a96605faba74f9665bb3c) C:\Windows\system32\drivers\RDPWD.sys
2011/02/25 11:57:13.0383 5056 RIM (673fdff0cea7c2c5993323dad02fdc7f) C:\Windows\system32\DRIVERS\BlackBerrySCRDriver.sys
2011/02/25 11:57:13.0446 5056 RimUsb (0f6756ef8bda6dfa7be50465c83132bb) C:\Windows\system32\Drivers\RimUsb.sys
2011/02/25 11:57:13.0508 5056 RimVSerPort (d9b34325ee5df78b8f28a3de9f577c7d) C:\Windows\system32\DRIVERS\RimSerial.sys
2011/02/25 11:57:13.0524 5056 ROOTMODEM (d49d61312b273de069584d48c81c8b1d) C:\Windows\system32\Drivers\RootMdm.sys
2011/02/25 11:57:13.0571 5056 rspndr (97e939d2128fec5d5a3e6e79b290a2f4) C:\Windows\system32\DRIVERS\rspndr.sys
2011/02/25 11:57:13.0602 5056 sbp2port (3ce8f073a557e172b330109436984e30) C:\Windows\system32\drivers\sbp2port.sys
2011/02/25 11:57:13.0696 5056 secdrv (90a3935d05b494a5a39d37e71f09a677) C:\Windows\system32\drivers\secdrv.sys
2011/02/25 11:57:13.0758 5056 Serenum (68e44e331d46f0fb38f0863a84cd1a31) C:\Windows\system32\DRIVERS\serenum.sys
2011/02/25 11:57:13.0789 5056 Serial (c70d69a918b178d3c3b06339b40c2e1b) C:\Windows\system32\DRIVERS\serial.sys
2011/02/25 11:57:13.0836 5056 sermouse (450accd77ec5cea720c1cdb9e26b953b) C:\Windows\system32\drivers\sermouse.sys
2011/02/25 11:57:13.0883 5056 sffdisk (103b79418da647736ee95645f305f68a) C:\Windows\system32\drivers\sffdisk.sys
2011/02/25 11:57:13.0914 5056 sffp_mmc (8fd08a310645fe872eeec6e08c6bf3ee) C:\Windows\system32\drivers\sffp_mmc.sys
2011/02/25 11:57:13.0930 5056 sffp_sd (9cfa05fcfcb7124e69cfc812b72f9614) C:\Windows\system32\drivers\sffp_sd.sys
2011/02/25 11:57:13.0961 5056 sfloppy (46ed8e91793b2e6f848015445a0ac188) C:\Windows\system32\drivers\sfloppy.sys
2011/02/25 11:57:14.0008 5056 sisagp (d2a595d6eebeeaf4334f8e50efbc9931) C:\Windows\system32\drivers\sisagp.sys
2011/02/25 11:57:14.0039 5056 SiSRaid2 (cedd6f4e7d84e9f98b34b3fe988373aa) C:\Windows\system32\drivers\sisraid2.sys
2011/02/25 11:57:14.0055 5056 SiSRaid4 (df843c528c4f69d12ce41ce462e973a7) C:\Windows\system32\drivers\sisraid4.sys
2011/02/25 11:57:14.0102 5056 Smb (ac0d90738adb51a6fd12ff00874a2162) C:\Windows\system32\DRIVERS\smb.sys
2011/02/25 11:57:14.0133 5056 spldr (426f9b029aa9162ceccf65369457d046) C:\Windows\system32\drivers\spldr.sys
2011/02/25 11:57:14.0180 5056 srv (038579c35f7cad4a4bbf735dbf83277d) C:\Windows\system32\DRIVERS\srv.sys
2011/02/25 11:57:14.0242 5056 srv2 (6971a757af8cb5e2cbcbb76cc530db6c) C:\Windows\system32\DRIVERS\srv2.sys
2011/02/25 11:57:14.0289 5056 srvnet (9e1a4603b874eebce0298113951abefb) C:\Windows\system32\DRIVERS\srvnet.sys
2011/02/25 11:57:14.0336 5056 swenum (1379bdb336f8158c176a465e30759f57) C:\Windows\system32\DRIVERS\swenum.sys
2011/02/25 11:57:14.0383 5056 Symc8xx (192aa3ac01df071b541094f251deed10) C:\Windows\system32\drivers\symc8xx.sys
2011/02/25 11:57:14.0414 5056 Sym_hi (8c8eb8c76736ebaf3b13b633b2e64125) C:\Windows\system32\drivers\sym_hi.sys
2011/02/25 11:57:14.0446 5056 Sym_u3 (8072af52b5fd103bbba387a1e49f62cb) C:\Windows\system32\drivers\sym_u3.sys
2011/02/25 11:57:14.0539 5056 Tcpip (4a82fa8f0df67aa354580c3faaf8bde3) C:\Windows\system32\drivers\tcpip.sys
2011/02/25 11:57:14.0602 5056 Tcpip6 (4a82fa8f0df67aa354580c3faaf8bde3) C:\Windows\system32\DRIVERS\tcpip.sys
2011/02/25 11:57:14.0617 5056 tcpipreg (5ce0c4a7b12d0067dad527d72b68c726) C:\Windows\system32\drivers\tcpipreg.sys
2011/02/25 11:57:14.0649 5056 TDPIPE (964248aef49c31fa6a93201a73ffaf50) C:\Windows\system32\drivers\tdpipe.sys
2011/02/25 11:57:14.0680 5056 TDTCP (7d2c1ae1648a60fce4aa0f7982e419d3) C:\Windows\system32\drivers\tdtcp.sys
2011/02/25 11:57:14.0711 5056 tdx (ab4fde8af4a0270a46a001c08cbce1c2) C:\Windows\system32\DRIVERS\tdx.sys
2011/02/25 11:57:14.0742 5056 TermDD (2c549bd9dd091fbfaa0a2a48e82ec2fb) C:\Windows\system32\DRIVERS\termdd.sys
2011/02/25 11:57:14.0805 5056 tssecsrv (29f0eca726f0d51f7e048bdb0b372f29) C:\Windows\system32\DRIVERS\tssecsrv.sys
2011/02/25 11:57:14.0883 5056 tunmp (65e953bc0084d44498b51f59784d2a82) C:\Windows\system32\DRIVERS\tunmp.sys
2011/02/25 11:57:14.0899 5056 tunnel (4a39bda5e0fd30bdf4884f9d33ae6105) C:\Windows\system32\DRIVERS\tunnel.sys
2011/02/25 11:57:14.0930 5056 uagp35 (c3ade15414120033a36c0f293d4a4121) C:\Windows\system32\drivers\uagp35.sys
2011/02/25 11:57:14.0961 5056 udfs (6348da98707ceda8a0dfb05820e17732) C:\Windows\system32\DRIVERS\udfs.sys
2011/02/25 11:57:14.0992 5056 uliagpkx (75e6890ebfce0841d3291b02e7a8bdb0) C:\Windows\system32\drivers\uliagpkx.sys
2011/02/25 11:57:15.0039 5056 uliahci (3cd4ea35a6221b85dcc25daa46313f8d) C:\Windows\system32\drivers\uliahci.sys
2011/02/25 11:57:15.0055 5056 UlSata (8514d0e5cd0534467c5fc61be94a569f) C:\Windows\system32\drivers\ulsata.sys
2011/02/25 11:57:15.0086 5056 ulsata2 (38c3c6e62b157a6bc46594fada45c62b) C:\Windows\system32\drivers\ulsata2.sys
2011/02/25 11:57:15.0117 5056 umbus (3fb78f1d1dd86d87bececd9dffa24dd9) C:\Windows\system32\DRIVERS\umbus.sys
2011/02/25 11:57:15.0164 5056 UMPass (08ea9c0247f391af4d4a16885a1c159d) C:\Windows\system32\DRIVERS\umpass.sys
2011/02/25 11:57:15.0227 5056 usbccgp (b0ba9caffe9b0555ec0317f30cb79cd2) C:\Windows\system32\DRIVERS\usbccgp.sys
2011/02/25 11:57:15.0242 5056 usbcir (e9476e6c486e76bc4898074768fb7131) C:\Windows\system32\drivers\usbcir.sys
2011/02/25 11:57:15.0289 5056 usbehci (c9fcd05b0a80ea08c2768e5a279b14de) C:\Windows\system32\DRIVERS\usbehci.sys
2011/02/25 11:57:15.0321 5056 usbhub (5e44f7d957f7560da06bfe6b84b58a35) C:\Windows\system32\DRIVERS\usbhub.sys
2011/02/25 11:57:15.0336 5056 usbohci (9333e482a173938788cbde8f81ec52fb) C:\Windows\system32\DRIVERS\usbohci.sys
2011/02/25 11:57:15.0367 5056 usbprint (b51e52acf758be00ef3a58ea452fe360) C:\Windows\system32\DRIVERS\usbprint.sys
2011/02/25 11:57:15.0430 5056 usbscan (b1f95285c08ddfe00c0b955462637ec7) C:\Windows\system32\DRIVERS\usbscan.sys
2011/02/25 11:57:15.0461 5056 USBSTOR (7887ce56934e7f104e98c975f47353c5) C:\Windows\system32\DRIVERS\USBSTOR.SYS
2011/02/25 11:57:15.0524 5056 usbuhci (325dbbacb8a36af9988ccf40eac228cc) C:\Windows\system32\DRIVERS\usbuhci.sys
2011/02/25 11:57:15.0571 5056 vga (7d92be0028ecdedec74617009084b5ef) C:\Windows\system32\DRIVERS\vgapnp.sys
2011/02/25 11:57:15.0602 5056 VgaSave (17a8f877314e4067f8c8172cc6d9101c) C:\Windows\System32\drivers\vga.sys
2011/02/25 11:57:15.0633 5056 viaagp (045d9961e591cf0674a920b6ba3ba5cb) C:\Windows\system32\drivers\viaagp.sys
2011/02/25 11:57:15.0664 5056 ViaC7 (56a4de5f02f2e88182b0981119b4dd98) C:\Windows\system32\drivers\viac7.sys
2011/02/25 11:57:15.0696 5056 viaide (fd2e3175fcada350c7ab4521dca187ec) C:\Windows\system32\drivers\viaide.sys
2011/02/25 11:57:15.0727 5056 volmgr (103e84c95832d0ed93507997cc7b54e8) C:\Windows\system32\drivers\volmgr.sys
2011/02/25 11:57:15.0758 5056 volmgrx (294da8d3f965f6a8db934a83c7b461ff) C:\Windows\system32\drivers\volmgrx.sys
2011/02/25 11:57:15.0805 5056 volsnap (80dc0c9bcb579ed9815001a4d37cbfd5) C:\Windows\system32\drivers\volsnap.sys
2011/02/25 11:57:15.0852 5056 vsmraid (d984439746d42b30fc65a4c3546c6829) C:\Windows\system32\drivers\vsmraid.sys
2011/02/25 11:57:15.0883 5056 WacomPen (48dfee8f1af7c8235d4e626f0c4fe031) C:\Windows\system32\drivers\wacompen.sys
2011/02/25 11:57:15.0930 5056 Wanarp (6798c1209a53b5a0ded8d437c45145ff) C:\Windows\system32\DRIVERS\wanarp.sys
2011/02/25 11:57:15.0930 5056 Wanarpv6 (6798c1209a53b5a0ded8d437c45145ff) C:\Windows\system32\DRIVERS\wanarp.sys
2011/02/25 11:57:15.0977 5056 Wd (afc5ad65b991c1e205cf25cfdbf7a6f4) C:\Windows\system32\drivers\wd.sys
2011/02/25 11:57:16.0039 5056 WDC_SAM (d6efaf429fd30c5df613d220e344cce7) C:\Windows\system32\DRIVERS\wdcsam.sys
2011/02/25 11:57:16.0117 5056 Wdf01000 (b6f0a7ad6d4bd325fbcd8bac96cd8d96) C:\Windows\system32\drivers\Wdf01000.sys
2011/02/25 11:57:16.0227 5056 WmiAcpi (701a9f884a294327e9141d73746ee279) C:\Windows\system32\drivers\wmiacpi.sys
2011/02/25 11:57:16.0289 5056 WpdUsb (2d27171b16a577ef14c1273668753485) C:\Windows\system32\DRIVERS\wpdusb.sys
2011/02/25 11:57:16.0321 5056 ws2ifsl (84620aecdcfd2a7a14e6263927d8c0ed) C:\Windows\system32\drivers\ws2ifsl.sys
2011/02/25 11:57:16.0367 5056 WUDFRd (a2aafcc8a204736296d937c7c545b53f) C:\Windows\system32\DRIVERS\WUDFRd.sys
2011/02/25 11:57:16.0461 5056 {95808DC4-FA4A-4C74-92FE-5B863F82066B} (5867ce254625645345c833510d24f124) C:\Program Files\CyberLink\PowerDVD\000.fcl
2011/02/25 11:57:16.0508 5056 \HardDisk1 - detected Rootkit.Win32.TDSS.tdl4 (0)
2011/02/25 11:57:16.0508 5056 ================================================================================
2011/02/25 11:57:16.0508 5056 Scan finished
2011/02/25 11:57:16.0508 5056 ================================================================================
2011/02/25 11:57:16.0524 4348 Detected object count: 1
2011/02/25 11:57:29.0664 4348 \HardDisk1 - will be cured after reboot
2011/02/25 11:57:29.0664 4348 Rootkit.Win32.TDSS.tdl4(\HardDisk1) - User select action: Cure
2011/02/25 11:58:10.0680 5552 Deinitialize success

#4 SweetTech

SweetTech

    Agent ST


  • Members
  • 13,421 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Antarctica
  • Local time:01:24 PM

Posted 25 February 2011 - 12:33 PM

Rexmaster,

This snippet below was one of the issues that was contributing to the issues you were experiencing:

2011/02/25 11:57:16.0524 4348 Detected object count: 1
2011/02/25 11:57:29.0664 4348 \HardDisk1 - will be cured after reboot
2011/02/25 11:57:29.0664 4348 Rootkit.Win32.TDSS.tdl4(\HardDisk1) - User select action: Cure
2011/02/25 11:58:10.0680 5552 Deinitialize success


Please post the other logs when you get a chance.

Have I helped you? If you'd like to assist in the fight against malware, click here Posted Image


The instructions seen in this post have been specifically tailored to this user and the issues they are experiencing with their computer. If you think you have a similar problem, please first read this topic, and then begin your own, new thread. I do not offer private support via Private Message.


#5 Rexmaster

Rexmaster
  • Topic Starter

  • Members
  • 16 posts
  • OFFLINE
  •  
  • Local time:12:24 PM

Posted 25 February 2011 - 12:33 PM

All processes killed
========== PROCESSES ==========
========== FILES ==========
========== COMMANDS ==========
C:\Windows\System32\drivers\etc\Hosts moved successfully.
HOSTS file reset successfully

[EMPTYTEMP]

User: All Users

User: Default
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->Flash cache emptied: 41661 bytes

User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->Flash cache emptied: 0 bytes

User: Mcx1
->Temp folder emptied: 1963 bytes
->Temporary Internet Files folder emptied: 6203468 bytes
->Flash cache emptied: 506 bytes

User: Mcx2
->Temp folder emptied: 442 bytes
->Temporary Internet Files folder emptied: 2673367 bytes
->Flash cache emptied: 41 bytes

User: Public

User: Rexmaster
->Temp folder emptied: 156809715 bytes
->Temporary Internet Files folder emptied: 127567448 bytes
->Java cache emptied: 21195629 bytes
->FireFox cache emptied: 2854450 bytes
->Flash cache emptied: 1496368 bytes

%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 24 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 62247448 bytes
%systemroot%\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files folder emptied: 172557884 bytes
%systemroot%\system32\config\systemprofile\AppData\LocalLow\Sun\Java\Deployment folder emptied: 334 bytes
RecycleBin emptied: 3794590 bytes

Total Files Cleaned = 532.00 mb

Restore point Set: OTM Restore Point

OTM by OldTimer - Version 3.1.17.2 log created on 02252011_122352

Files moved on Reboot...

Registry entries deleted on Reboot...

#6 Rexmaster

Rexmaster
  • Topic Starter

  • Members
  • 16 posts
  • OFFLINE
  •  
  • Local time:12:24 PM

Posted 25 February 2011 - 12:38 PM

OTL logfile created on: 2/25/2011 12:34:37 PM - Run 1
OTL by OldTimer - Version 3.2.21.0 Folder = C:\Users\Rexmaster\Desktop
Windows Vista Home Premium Edition (Version = 6.0.6000) - Type = NTWorkstation
Internet Explorer (Version = 7.0.6000.17037)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

3.00 Gb Total Physical Memory | 1.00 Gb Available Physical Memory | 47.00% Memory free
6.00 Gb Paging File | 4.00 Gb Available in Paging File | 75.00% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 698.63 Gb Total Space | 135.33 Gb Free Space | 19.37% Space Free | Partition Type: NTFS
Drive E: | 931.51 Gb Total Space | 474.57 Gb Free Space | 50.95% Space Free | Partition Type: NTFS
Drive Z: | 37.26 Gb Total Space | 26.27 Gb Free Space | 70.49% Space Free | Partition Type: NTFS

Computer Name: VISTA | User Name: Rexmaster | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2011/02/25 12:34:17 | 000,577,024 | ---- | M] (OldTimer Tools) -- C:\Users\Rexmaster\Desktop\OTL.exe
PRC - [2011/02/22 20:00:12 | 001,405,384 | ---- | M] (Lavasoft Limited) -- C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe
PRC - [2011/02/22 20:00:12 | 000,939,848 | ---- | M] (Lavasoft Limited) -- C:\Program Files\Lavasoft\Ad-Aware\AAWTray.exe
PRC - [2010/11/24 09:09:13 | 002,069,344 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG9\avgtray.exe
PRC - [2010/11/24 09:08:04 | 000,725,344 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG9\avgcsrvx.exe
PRC - [2010/09/23 07:02:32 | 000,621,920 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG9\avgnsx.exe
PRC - [2010/09/02 13:47:50 | 001,101,152 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG9\avgchsvx.exe
PRC - [2010/09/02 13:47:49 | 000,515,424 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG9\avgrsx.exe
PRC - [2010/09/02 13:47:12 | 000,308,136 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG9\avgwdsvc.exe
PRC - [2010/05/04 04:31:50 | 003,464,128 | ---- | M] (SlySoft, Inc.) -- C:\Apps\AnyDVD\AnyDVDtray.exe
PRC - [2010/03/18 10:19:26 | 000,113,152 | ---- | M] (ArcSoft Inc.) -- C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACService.exe
PRC - [2010/01/21 15:24:08 | 000,110,592 | ---- | M] (WDC) -- C:\Program Files\Western Digital\WD SmartWare\WD Drive Manager\WDDMService.exe
PRC - [2009/11/25 14:20:02 | 000,091,392 | ---- | M] () -- C:\Program Files\Motorola\MotoConnectService\MotoConnectService.exe
PRC - [2009/11/25 14:19:58 | 000,277,760 | ---- | M] (Motorola) -- C:\Program Files\Motorola\MotoConnectService\MotoConnect.exe
PRC - [2009/06/16 07:58:08 | 000,020,480 | ---- | M] (Memeo) -- C:\Program Files\Western Digital\WD SmartWare\Front Parlor\WDSmartWareBackgroundService.exe
PRC - [2009/03/05 16:07:20 | 002,260,480 | RHS- | M] (Safer-Networking Ltd.) -- C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
PRC - [2008/10/29 01:20:29 | 002,923,520 | ---- | M] (Microsoft Corporation) -- C:\Windows\explorer.exe
PRC - [2008/08/05 14:54:02 | 000,835,208 | ---- | M] (ExtendMedia Inc.) -- C:\Program Files\OpenCase\OpenCASE Media Agent\MediaAgent.exe
PRC - [2008/02/05 14:29:46 | 000,897,024 | ---- | M] (Research In Motion Limited) -- C:\Program Files\Research In Motion\Smart Card Reader\BlackBerrySCRUIProxy.exe
PRC - [2008/02/05 14:29:46 | 000,491,520 | ---- | M] (Research In Motion Limited) -- C:\Program Files\Research In Motion\Smart Card Reader\BlackBerrySCRService.exe
PRC - [2006/11/02 04:45:59 | 000,116,736 | ---- | M] () -- \\?\C:\Windows\System32\wbem\WMIADAP.EXE
PRC - [2005/07/22 16:21:40 | 012,061,896 | ---- | M] (Microsoft Corporation) -- C:\Apps\Office\OFFICE11\WINWORD.EXE
PRC - [2005/07/05 11:14:28 | 000,196,296 | ---- | M] (Microsoft Corporation) -- C:\Apps\Office\OFFICE11\OUTLOOK.EXE


========== Modules (SafeList) ==========

MOD - [2011/02/25 12:34:17 | 000,577,024 | ---- | M] (OldTimer Tools) -- C:\Users\Rexmaster\Desktop\OTL.exe
MOD - [2010/09/02 13:48:36 | 000,012,536 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Windows\System32\avgrsstx.dll
MOD - [2010/02/04 13:17:27 | 000,129,984 | ---- | M] (SlySoft, Inc.) -- C:\Apps\AnyDVD\ADvdDiscHlp.dll
MOD - [2006/11/02 04:38:57 | 001,648,128 | ---- | M] (Microsoft Corporation) -- C:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.6000.16386_none_5d07289e07e1d100\comctl32.dll


========== Win32 Services (SafeList) ==========

SRV - [2011/02/22 20:00:12 | 001,405,384 | ---- | M] (Lavasoft Limited) [Auto | Running] -- C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe -- (Lavasoft Ad-Aware Service)
SRV - [2011/02/02 10:57:54 | 000,052,288 | ---- | M] (NOS Microsystems Ltd.) [On_Demand | Stopped] -- C:\Program Files\NOS\bin\getPlus_Helper_3004.dll -- (nosGetPlusHelper) getPlus®
SRV - [2010/09/02 13:47:12 | 000,308,136 | ---- | M] (AVG Technologies CZ, s.r.o.) [Auto | Running] -- C:\Program Files\AVG\AVG9\avgwdsvc.exe -- (avg9wd)
SRV - [2010/03/18 10:19:26 | 000,113,152 | ---- | M] (ArcSoft Inc.) [Auto | Running] -- C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACService.exe -- (ACDaemon)
SRV - [2010/01/21 15:24:08 | 000,110,592 | ---- | M] (WDC) [Auto | Running] -- C:\Program Files\Western Digital\WD SmartWare\WD Drive Manager\WDDMService.exe -- (WDDMService)
SRV - [2009/11/25 14:20:02 | 000,091,392 | ---- | M] () [Auto | Running] -- C:\Program Files\Motorola\MotoConnectService\MotoConnectService.exe -- (MotoConnect Service)
SRV - [2009/06/16 07:58:08 | 000,020,480 | ---- | M] (Memeo) [Auto | Running] -- C:\Program Files\Western Digital\WD SmartWare\Front Parlor\WDSmartWareBackgroundService.exe -- (WDSmartWareBackgroundService)
SRV - [2008/08/05 14:54:02 | 000,835,208 | ---- | M] (ExtendMedia Inc.) [Auto | Running] -- C:\Program Files\OpenCase\OpenCASE Media Agent\MediaAgent.exe -- (OpenCASE Media Agent)
SRV - [2008/05/21 18:57:50 | 000,092,792 | ---- | M] (CACE Technologies, Inc.) [On_Demand | Stopped] -- C:\Program Files\WinPcap\rpcapd.exe -- (rpcapd) Remote Packet Capture Protocol v.0 (experimental)
SRV - [2008/02/05 14:29:46 | 000,491,520 | ---- | M] (Research In Motion Limited) [Auto | Running] -- C:\Program Files\Research In Motion\Smart Card Reader\BlackBerrySCRService.exe -- (BlackBerry Smart Card Reader Service)
SRV - [2007/01/16 22:02:28 | 000,265,912 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)


========== Driver Services (SafeList) ==========

DRV - [2011/02/22 20:00:14 | 000,064,512 | ---- | M] (Lavasoft AB) [File_System | Boot | Running] -- C:\Windows\system32\DRIVERS\Lbd.sys -- (Lbd)
DRV - [2011/02/22 20:00:13 | 000,015,232 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\Program Files\Lavasoft\Ad-Aware\kernexplorer.sys -- (Lavasoft Kernexplorer)
DRV - [2010/09/02 13:48:34 | 000,243,024 | ---- | M] (AVG Technologies CZ, s.r.o.) [Kernel | System | Running] -- C:\Windows\System32\drivers\avgtdix.sys -- (AvgTdiX)
DRV - [2010/09/02 13:48:27 | 000,216,400 | ---- | M] (AVG Technologies CZ, s.r.o.) [Kernel | System | Running] -- C:\Windows\System32\drivers\avgldx86.sys -- (AvgLdx86)
DRV - [2010/09/02 13:48:25 | 000,029,584 | ---- | M] (AVG Technologies CZ, s.r.o.) [File_System | System | Running] -- C:\Windows\System32\drivers\avgmfx86.sys -- (AvgMfx86)
DRV - [2010/04/23 11:31:01 | 000,106,432 | ---- | M] (SlySoft, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\AnyDVD.sys -- (AnyDVD)
DRV - [2010/01/01 12:20:34 | 000,026,024 | ---- | M] (Elaborate Bytes AG) [Kernel | System | Running] -- C:\Windows\System32\drivers\ElbyCDIO.sys -- (ElbyCDIO)
DRV - [2009/10/27 12:02:14 | 000,023,936 | ---- | M] (Motorola) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\motport.sys -- (motport)
DRV - [2009/10/27 12:02:14 | 000,023,936 | ---- | M] (Motorola) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\motmodem.sys -- (motmodem)
DRV - [2009/08/13 10:45:56 | 000,091,264 | ---- | M] () [Kernel | System | Running] -- C:\Windows\System32\drivers\ArcHlp.sys -- (archlp)
DRV - [2009/06/19 16:59:34 | 000,019,712 | ---- | M] (Motorola) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\motccgp.sys -- (motccgp)
DRV - [2009/04/01 07:57:00 | 000,157,184 | ---- | M] (Hauppauge, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\hcwhdpvr.sys -- (hcwhdpvr)
DRV - [2009/02/13 10:02:52 | 000,011,520 | ---- | M] (Western Digital Technologies) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\wdcsam.sys -- (WDC_SAM)
DRV - [2009/01/29 17:18:00 | 000,008,320 | ---- | M] (Motorola) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\motccgpfl.sys -- (motccgpfl)
DRV - [2008/05/21 18:57:38 | 000,034,576 | ---- | M] (CACE Technologies, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\npf.sys -- (NPF)
DRV - [2008/02/05 14:29:46 | 000,033,280 | ---- | M] (Research In Motion Limited) [Kernel | System | Running] -- C:\Windows\System32\drivers\BlackBerrySCRDriver.sys -- (RIM)
DRV - [2007/11/05 20:57:46 | 000,041,456 | ---- | M] (Cyberlink Corp.) [Kernel | Auto | Running] -- C:\Program Files\CyberLink\PowerDVD\000.fcl -- ({95808DC4-FA4A-4C74-92FE-5B863F82066B})
DRV - [2007/09/11 21:28:00 | 007,623,968 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\nvlddmkm.sys -- (nvlddmkm)
DRV - [2007/06/04 18:25:14 | 000,016,048 | ---- | M] (Cyberlink Co.,Ltd.) [Kernel | System | Running] -- C:\Windows\System32\drivers\CLBStor.sys -- (CLBStor)
DRV - [2007/06/04 18:25:12 | 000,162,096 | ---- | M] (CyberLink Corporation.) [File_System | Auto | Running] -- C:\Windows\System32\drivers\CLBUDF.sys -- (CLBUDF)
DRV - [2007/01/05 20:59:42 | 000,035,920 | ---- | M] (NVIDIA Corporation) [Kernel | Boot | Running] -- C:\Windows\system32\drivers\nvstor.sys -- (nvstor)
DRV - [2006/11/02 04:51:45 | 000,900,712 | ---- | M] (QLogic Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\ql2300.sys -- (ql2300)
DRV - [2006/11/02 04:51:38 | 000,420,968 | ---- | M] (Adaptec, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\adp94xx.sys -- (adp94xx)
DRV - [2006/11/02 04:51:34 | 000,316,520 | ---- | M] (Emulex) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\elxstor.sys -- (elxstor)
DRV - [2006/11/02 04:51:32 | 000,297,576 | ---- | M] (Adaptec, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\adpahci.sys -- (adpahci)
DRV - [2006/11/02 04:51:25 | 000,235,112 | ---- | M] (ULi Electronics Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\uliahci.sys -- (uliahci)
DRV - [2006/11/02 04:51:25 | 000,232,040 | ---- | M] (Intel Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\iastorv.sys -- (iaStorV)
DRV - [2006/11/02 04:51:00 | 000,147,048 | ---- | M] (Adaptec, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\adpu320.sys -- (adpu320)
DRV - [2006/11/02 04:50:45 | 000,115,816 | ---- | M] (Promise Technology, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\ulsata2.sys -- (ulsata2)
DRV - [2006/11/02 04:50:41 | 000,112,232 | ---- | M] (VIA Technologies Inc.,Ltd) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\vsmraid.sys -- (vsmraid)
DRV - [2006/11/02 04:50:35 | 000,106,088 | ---- | M] (QLogic Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\ql40xx.sys -- (ql40xx)
DRV - [2006/11/02 04:50:35 | 000,098,408 | ---- | M] (Promise Technology, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\ulsata.sys -- (UlSata)
DRV - [2006/11/02 04:50:35 | 000,098,408 | ---- | M] (Adaptec, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\adpu160m.sys -- (adpu160m)
DRV - [2006/11/02 04:50:24 | 000,088,680 | ---- | M] (NVIDIA Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\nvraid.sys -- (nvraid)
DRV - [2006/11/02 04:50:19 | 000,045,160 | ---- | M] (IBM Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\nfrd960.sys -- (nfrd960)
DRV - [2006/11/02 04:50:17 | 000,041,576 | ---- | M] (Intel Corp./ICP vortex GmbH) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\iirsp.sys -- (iirsp)
DRV - [2006/11/02 04:50:16 | 000,071,784 | ---- | M] (Silicon Integrated Systems) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\sisraid4.sys -- (SiSRaid4)
DRV - [2006/11/02 04:50:11 | 000,071,272 | ---- | M] (Adaptec, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\djsvs.sys -- (aic78xx)
DRV - [2006/11/02 04:50:10 | 000,067,688 | ---- | M] (Adaptec, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\arcsas.sys -- (arcsas)
DRV - [2006/11/02 04:50:10 | 000,065,640 | ---- | M] (LSI Logic) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\lsi_scsi.sys -- (LSI_SCSI)
DRV - [2006/11/02 04:50:10 | 000,038,504 | ---- | M] (Silicon Integrated Systems Corp.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\sisraid2.sys -- (SiSRaid2)
DRV - [2006/11/02 04:50:10 | 000,037,480 | ---- | M] (Hewlett-Packard Company) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\hpcisss.sys -- (HpCISSs)
DRV - [2006/11/02 04:50:09 | 000,067,688 | ---- | M] (Adaptec, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\arc.sys -- (arc)
DRV - [2006/11/02 04:50:09 | 000,035,944 | ---- | M] (Integrated Technology Express, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\iteraid.sys -- (iteraid)
DRV - [2006/11/02 04:50:07 | 000,035,944 | ---- | M] (Integrated Technology Express, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\iteatapi.sys -- (iteatapi)
DRV - [2006/11/02 04:50:05 | 000,065,640 | ---- | M] (LSI Logic) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\lsi_sas.sys -- (LSI_SAS)
DRV - [2006/11/02 04:50:05 | 000,035,944 | ---- | M] (LSI Logic) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\symc8xx.sys -- (Symc8xx)
DRV - [2006/11/02 04:50:04 | 000,065,640 | ---- | M] (LSI Logic) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\lsi_fc.sys -- (LSI_FC)
DRV - [2006/11/02 04:50:03 | 000,034,920 | ---- | M] (LSI Logic) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\sym_u3.sys -- (Sym_u3)
DRV - [2006/11/02 04:49:59 | 000,033,384 | ---- | M] (LSI Logic Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\mraid35x.sys -- (Mraid35x)
DRV - [2006/11/02 04:49:56 | 000,031,848 | ---- | M] (LSI Logic) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\sym_hi.sys -- (Sym_hi)
DRV - [2006/11/02 04:49:53 | 000,028,776 | ---- | M] (LSI Logic Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\megasas.sys -- (megasas)
DRV - [2006/11/02 04:49:30 | 000,017,512 | ---- | M] (VIA Technologies, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\viaide.sys -- (viaide)
DRV - [2006/11/02 04:49:28 | 000,016,488 | ---- | M] (CMD Technology, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\cmdide.sys -- (cmdide)
DRV - [2006/11/02 04:49:20 | 000,014,952 | ---- | M] (Acer Laboratories Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\aliide.sys -- (aliide)
DRV - [2006/11/02 03:55:22 | 000,007,168 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\umpass.sys -- (UMPass)
DRV - [2006/11/02 03:25:24 | 000,071,808 | ---- | M] (Brother Industries Ltd.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\brserid.sys -- (Brserid) Brother MFC Serial Port Interface Driver (WDM)
DRV - [2006/11/02 03:24:47 | 000,011,904 | ---- | M] (Brother Industries Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\drivers\brusbser.sys -- (BrUsbSer)
DRV - [2006/11/02 03:24:46 | 000,005,248 | ---- | M] (Brother Industries, Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\drivers\brfiltup.sys -- (BrFiltUp)
DRV - [2006/11/02 03:24:45 | 000,013,568 | ---- | M] (Brother Industries, Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\drivers\brfiltlo.sys -- (BrFiltLo)
DRV - [2006/11/02 03:24:44 | 000,062,336 | ---- | M] (Brother Industries Ltd.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\brserwdm.sys -- (BrSerWdm)
DRV - [2006/11/02 03:24:44 | 000,012,160 | ---- | M] (Brother Industries Ltd.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\brusbmdm.sys -- (BrUsbMdm)
DRV - [2006/11/02 02:36:50 | 000,020,608 | ---- | M] (N-trig Innovative Technologies) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\ntrigdigi.sys -- (ntrigdigi)
DRV - [2006/11/02 02:30:56 | 000,429,056 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\nvm60x32.sys -- (NVENETFD)
DRV - [2006/11/02 02:30:54 | 000,117,760 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\E1G60I32.sys -- (E1G60) Intel®
DRV - [2005/02/23 13:58:56 | 000,011,776 | ---- | M] (Arcsoft, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\afc.sys -- (Afc)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm


IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0



IE - HKU\S-1-5-21-51891498-3140153588-1045656940-1000\SOFTWARE\Microsoft\Internet Explorer\Main,StartPageCache = 1
IE - HKU\S-1-5-21-51891498-3140153588-1045656940-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-21-51891498-3140153588-1045656940-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local

========== FireFox ==========


FF - HKLM\software\mozilla\Firefox\Extensions\\{3f963a5b-e555-4543-90e2-c3908898db71}: C:\Program Files\AVG\AVG9\Firefox [2010/11/24 09:11:00 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 2.0.0.18\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2009/05/05 21:50:55 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 2.0.0.18\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2011/02/17 17:15:08 | 000,000,000 | ---D | M]

[2008/03/31 11:10:32 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Rexmaster\AppData\Roaming\Mozilla\Firefox\Profiles\kry7akdn.default\extensions
[2011/02/17 14:53:01 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions
[2011/02/17 14:53:01 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA}
[2008/03/31 11:25:20 | 000,000,000 | ---D | M] (Veoh Browser Plug-in) -- C:\PROGRAM FILES\VEOH NETWORKS\VEOH\PLUGINS\NOREG\VIDEOFINDER4
[2009/09/09 02:12:05 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\WINDOWS\MICROSOFT.NET\FRAMEWORK\V3.5\WINDOWS PRESENTATION FOUNDATION\DOTNETASSISTANTEXTENSION
[2009/05/05 21:50:41 | 000,067,696 | ---- | M] (Mozilla Foundation) -- C:\Program Files\Mozilla Firefox\components\jar50.dll
[2009/05/05 21:50:41 | 000,054,376 | ---- | M] (Mozilla Foundation) -- C:\Program Files\Mozilla Firefox\components\jsd3250.dll
[2009/05/05 21:50:41 | 000,034,952 | ---- | M] (Mozilla Foundation) -- C:\Program Files\Mozilla Firefox\components\myspell.dll
[2009/05/05 21:50:41 | 000,046,720 | ---- | M] (Mozilla Foundation) -- C:\Program Files\Mozilla Firefox\components\spellchk.dll
[2009/05/05 21:50:41 | 000,172,144 | ---- | M] (Mozilla Foundation) -- C:\Program Files\Mozilla Firefox\components\xpinstal.dll

O1 HOSTS File: ([2011/02/25 12:23:52 | 000,000,098 | ---- | M]) - C:\Windows\System32\drivers\etc\Hosts
O1 - Hosts: 127.0.0.1 localhost
O1 - Hosts: ::1 localhost
O2 - BHO: (Adobe PDF Reader Link Helper) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated)
O2 - BHO: (AVG Safe Search) - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG9\avgssie.dll (AVG Technologies CZ, s.r.o.)
O2 - BHO: (Watch for Browser Events) - {516E2306-7ADF-47EC-AEA8-ACB6B51899F1} - C:\Apps\Auto Fire\Macro Express3\iCapture.dll (Insight Software Solutions, Inc.)
O2 - BHO: (Spybot-S&D IE Protection) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
O2 - BHO: (SSVHelper Class) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll (Sun Microsystems, Inc.)
O2 - BHO: (Google Toolbar Notifier BHO) - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.1.1309.3572\swg.dll (Google Inc.)
O3 - HKLM\..\Toolbar: (Veoh Browser Plug-in) - {D0943516-5076-4020-A3B5-AEFAF26AB263} - C:\Program Files\Veoh Networks\Veoh\Plugins\reg\VeohToolbar.dll (Veoh Networks Inc)
O4 - HKLM..\Run: [] File not found
O4 - HKLM..\Run: [AVG9_TRAY] C:\Program Files\AVG\AVG9\avgtray.exe (AVG Technologies CZ, s.r.o.)
O4 - HKLM..\Run: [NVIDIA nTune] C:\Apps\NTune\nTune\nTuneCmd.exe (NVIDIA)
O4 - HKLM..\Run: [NvMediaCenter] C:\Windows\System32\NvMcTray.dll (NVIDIA Corporation)
O4 - HKLM..\Run: [NvSvc] C:\Windows\System32\nvsvc.dll (NVIDIA Corporation)
O4 - HKLM..\Run: [SmartCardReaderProxy] C:\Program Files\Research In Motion\Smart Card Reader\BlackBerrySCRUIProxy.exe (Research In Motion Limited)
O4 - HKLM..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe (Sun Microsystems, Inc.)
O4 - HKLM..\Run: [Windows Defender] C:\Program Files\Windows Defender\MSASCui.exe (Microsoft Corporation)
O4 - HKU\S-1-5-19..\Run: [WindowsWelcomeCenter] C:\Windows\System32\oobefldr.dll (Microsoft Corporation)
O4 - HKU\S-1-5-20..\Run: [WindowsWelcomeCenter] C:\Windows\System32\oobefldr.dll (Microsoft Corporation)
O4 - HKU\S-1-5-21-51891498-3140153588-1045656940-1000..\Run: [] File not found
O4 - HKU\S-1-5-21-51891498-3140153588-1045656940-1000..\Run: [AnyDVD] C:\Apps\AnyDVD\AnyDVDtray.exe (SlySoft, Inc.)
O4 - HKU\S-1-5-21-51891498-3140153588-1045656940-1000..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe (Safer-Networking Ltd.)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLUA = 0
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O8 - Extra context menu item: E&xport to Microsoft Excel - C:\Apps\Office\OFFICE11\EXCEL.EXE (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll (Sun Microsystems, Inc.)
O9 - Extra Button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\Apps\Office\OFFICE11\REFIEBAR.DLL (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000007 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O13 - gopher Prefix: missing
O15 - HKU\S-1-5-21-51891498-3140153588-1045656940-1000\..Trusted Domains: $talisma_url$ ([]https in Trusted sites)
O16 - DPF: {02BCC737-B171-4746-94C9-0D8A0B2C0089} http://office.microsoft.com/sites/production/ieawsdc32.cab (Microsoft Office Template and Media Control)
O16 - DPF: {166B1BCA-3F9C-11CF-8075-444553540000} http://fpdownload.macromedia.com/get/shockwave/cabs/director/sw.cab (Shockwave ActiveX Control)
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} http://download.microsoft.com/download/5/b/0/5b0d4654-aa20-495c-b89f-c1c34c691085/LegitCheckControl.cab (Windows Genuine Advantage Validation Tool)
O16 - DPF: {1842B0EE-B597-11D4-8997-00104BD12D94} http://www.pcpitstop.com/internet/pcpConnCheck.cab (iCC Class)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://sdlc-esd.sun.com/ESD39/JSCDL/jdk/6u5b/jinstall-6u5-windows-i586-jc.cab?AuthParam=1206283049_dd9d3fc1c0a0f18cc58f9085d228a073&GroupName=JSC&BHost=javadl.sun.com&FilePath=/ESD39/JSCDL/jdk/6u5b/jinstall-6u5-windows-i586-jc.cab&File=jinstall-6u5-windows-i586-jc.cab (Java Plug-in 1.6.0_05)
O16 - DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} http://fpdownload.macromedia.com/get/flashplayer/current/polarbear/ultrashim.cab (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-0016-0000-0005-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_05-windows-i586.cab (Java Plug-in 1.6.0_05)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_05-windows-i586.cab (Java Plug-in 1.6.0_05)
O16 - DPF: {CF40ACC5-E1BB-4AFF-AC72-04C2F616BCA7} http://www.adobe.com/products/acrobat/nos/gp.cab (get_atlcom Class)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab (Shockwave Flash Object)
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab (get_atlcom Class)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.254
O18 - Protocol\Handler\linkscanner {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG9\avgpp.dll (AVG Technologies CZ, s.r.o.)
O20 - AppInit_DLLs: (avgrsstx.dll) - C:\Windows\System32\avgrsstx.dll (AVG Technologies CZ, s.r.o.)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O24 - Desktop WallPaper: C:\Windows\Web\Wallpaper\img24.jpg
O24 - Desktop BackupWallPaper: C:\Windows\Web\Wallpaper\img24.jpg
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2006/09/18 16:43:36 | 000,000,024 | -HS- | M] () - C:\autoexec.bat -- [ NTFS ]
O32 - AutoRun File - [2008/02/20 11:13:42 | 000,021,444 | ---- | M] () - Z:\Autofire_0_4.zip -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O34 - HKLM BootExecute: (lsdelete) - C:\Windows\System32\lsdelete.exe ()
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

========== Files/Folders - Created Within 30 Days ==========

[2011/02/25 12:34:12 | 000,577,024 | ---- | C] (OldTimer Tools) -- C:\Users\Rexmaster\Desktop\OTL.exe
[2011/02/25 12:23:52 | 000,000,000 | ---D | C] -- C:\_OTM
[2011/02/25 12:23:24 | 000,519,680 | ---- | C] (OldTimer Tools) -- C:\Users\Rexmaster\Desktop\OTM.exe
[2011/02/23 13:44:02 | 000,064,512 | ---- | C] (Lavasoft AB) -- C:\Windows\System32\drivers\Lbd.sys
[2011/02/23 13:44:02 | 000,000,000 | ---D | C] -- C:\Windows\System32\DRVSTORE
[2011/02/23 13:43:57 | 000,098,392 | ---- | C] (Sunbelt Software) -- C:\Windows\System32\drivers\SBREDrv.sys
[2011/02/23 13:42:27 | 000,000,000 | ---D | C] -- C:\Users\Rexmaster\AppData\Local\Sunbelt Software
[2011/02/23 13:41:24 | 000,000,000 | -H-D | C] -- C:\ProgramData\{E53F90E0-D7CA-4310-8844-F6E688407890}
[2011/02/23 13:39:30 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Lavasoft
[2011/02/23 13:39:29 | 000,000,000 | ---D | C] -- C:\ProgramData\Lavasoft
[2011/02/23 13:39:29 | 000,000,000 | ---D | C] -- C:\Program Files\Lavasoft
[2011/02/23 12:06:25 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Spybot - Search & Destroy
[2011/02/23 12:06:19 | 000,000,000 | ---D | C] -- C:\ProgramData\Spybot - Search & Destroy
[2011/02/23 12:06:19 | 000,000,000 | ---D | C] -- C:\Program Files\Spybot - Search & Destroy
[2011/02/23 12:03:29 | 016,409,960 | ---- | C] (Safer Networking Limited ) -- C:\Users\Rexmaster\spybotsd162.exe
[2011/02/18 10:42:57 | 000,000,000 | ---D | C] -- C:\Windows\Minidump
[2011/02/17 14:53:16 | 000,000,000 | ---D | C] -- C:\ProgramData\Sun
[2011/02/15 14:49:15 | 000,000,000 | ---D | C] -- C:\Users\Rexmaster\Desktop\Adobe CS5
[2011/02/15 13:46:19 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Akamai
[2011/02/15 11:48:49 | 000,000,000 | ---D | C] -- C:\ProgramData\NOS
[2011/02/15 11:48:49 | 000,000,000 | ---D | C] -- C:\Program Files\NOS
[2011/02/03 13:39:28 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\H&R Block 2010
[2011/02/03 13:38:37 | 000,000,000 | ---D | C] -- C:\Program Files\HRBlock2010
[2011/02/03 09:58:31 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ShopFactory V9
[2011/02/03 09:57:09 | 000,000,000 | ---D | C] -- C:\Users\Rexmaster\Documents\ShopFactory V9 Websites
[2011/02/03 09:57:09 | 000,000,000 | ---D | C] -- C:\Program Files\ShopFactory V9
[2011/01/28 14:28:29 | 000,000,000 | --SD | C] -- C:\Users\Rexmaster\Documents\My Data Sources
[3 C:\Users\Rexmaster\Documents\*.tmp files -> C:\Users\Rexmaster\Documents\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2011/02/25 12:35:51 | 000,621,314 | ---- | M] () -- C:\Windows\System32\perfh009.dat
[2011/02/25 12:35:51 | 000,109,058 | ---- | M] () -- C:\Windows\System32\perfc009.dat
[2011/02/25 12:34:17 | 000,577,024 | ---- | M] (OldTimer Tools) -- C:\Users\Rexmaster\Desktop\OTL.exe
[2011/02/25 12:32:08 | 000,000,370 | ---- | M] () -- C:\Windows\tasks\Ad-Aware Update (Weekly).job
[2011/02/25 12:31:19 | 000,000,868 | ---- | M] () -- C:\Windows\tasks\Google Software Updater.job
[2011/02/25 12:29:28 | 000,000,882 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2011/02/25 12:28:56 | 000,000,256 | ---- | M] () -- C:\Windows\System32\pool.bin
[2011/02/25 12:28:48 | 000,003,680 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
[2011/02/25 12:28:48 | 000,003,680 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
[2011/02/25 12:28:43 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2011/02/25 12:28:34 | 2951,274,496 | -HS- | M] () -- C:\hiberfil.sys
[2011/02/25 12:23:52 | 000,000,098 | ---- | M] () -- C:\Windows\System32\drivers\etc\Hosts
[2011/02/25 12:23:29 | 000,519,680 | ---- | M] (OldTimer Tools) -- C:\Users\Rexmaster\Desktop\OTM.exe
[2011/02/25 08:39:36 | 071,738,447 | ---- | M] () -- C:\Windows\System32\drivers\Avg\incavi.avm
[2011/02/24 10:05:07 | 000,000,197 | ---- | M] () -- C:\Windows\ODBCINST.INI
[2011/02/24 09:46:00 | 000,000,886 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2011/02/23 17:05:37 | 000,000,376 | ---- | M] () -- C:\Windows\ODBC.INI
[2011/02/23 13:43:57 | 000,098,392 | ---- | M] (Sunbelt Software) -- C:\Windows\System32\drivers\SBREDrv.sys
[2011/02/23 13:41:23 | 000,001,031 | ---- | M] () -- C:\Users\Rexmaster\Application Data\Microsoft\Internet Explorer\Quick Launch\Ad-Aware.lnk
[2011/02/23 13:41:23 | 000,001,007 | ---- | M] () -- C:\Users\Public\Desktop\Ad-Aware.lnk
[2011/02/23 12:07:45 | 000,001,055 | ---- | M] () -- C:\Users\Rexmaster\Desktop\Spybot - Search & Destroy.lnk
[2011/02/23 12:03:34 | 016,409,960 | ---- | M] (Safer Networking Limited ) -- C:\Users\Rexmaster\spybotsd162.exe
[2011/02/22 20:00:14 | 000,064,512 | ---- | M] (Lavasoft AB) -- C:\Windows\System32\drivers\Lbd.sys
[2011/02/22 20:00:13 | 000,016,432 | ---- | M] () -- C:\Windows\System32\lsdelete.exe
[2011/02/22 10:48:18 | 000,004,604 | ---- | M] () -- C:\Users\Rexmaster\Documents\gd_bundle.crt
[2011/02/22 10:48:18 | 000,001,980 | ---- | M] () -- C:\Users\Rexmaster\Documents\discountgamingstore.com.crt
[2011/02/22 10:46:09 | 000,004,241 | ---- | M] () -- C:\Users\Rexmaster\discountgamingstore.com.zip
[2011/02/21 17:49:56 | 000,000,938 | ---- | M] () -- C:\Users\Rexmaster\Application Data\Microsoft\Internet Explorer\Quick Launch\Windows Media Player.lnk
[2011/02/18 10:42:57 | 277,591,580 | ---- | M] () -- C:\Windows\MEMORY.DMP
[2011/02/15 15:52:51 | 002,550,772 | ---- | M] () -- C:\Users\Rexmaster\Documents\CHEERS!.jpg
[2011/02/14 14:33:24 | 000,000,053 | ---- | M] () -- C:\Users\Rexmaster\google4e26dd8c20ac7fc1.html
[2011/02/11 03:50:52 | 000,000,468 | ---- | M] () -- C:\Windows\tasks\20090311_162700_Rexmaster.job
[2011/02/08 10:12:48 | 000,150,016 | ---- | M] () -- C:\Users\Rexmaster\Documents\Survivor.xls
[2011/02/07 13:11:02 | 000,650,191 | ---- | M] () -- C:\Users\Rexmaster\Desktop\Las Vegas Hotels, Atlantic City Casinos & More Caesars Entertainment Casino Hotels2.mht
[2011/02/07 13:07:02 | 000,650,199 | ---- | M] () -- C:\Users\Rexmaster\Desktop\Las Vegas Hotels, Atlantic City Casinos & More Caesars Entertainment Casino Hotels.mht
[2011/02/07 11:43:52 | 000,056,832 | ---- | M] () -- C:\Users\Rexmaster\Documents\April.doc
[2011/02/07 11:31:14 | 000,055,808 | ---- | M] () -- C:\Users\Rexmaster\Documents\March.doc
[2011/02/07 11:20:47 | 000,080,384 | ---- | M] () -- C:\Users\Rexmaster\Documents\Feb.doc
[2011/02/07 11:10:36 | 000,338,944 | ---- | M] () -- C:\Users\Rexmaster\Documents\My Outlook Calendar.dot
[2011/02/07 11:01:51 | 000,075,453 | ---- | M] () -- C:\Users\Rexmaster\Documents\TS102299376.xltx
[2011/02/07 10:24:07 | 000,763,038 | ---- | M] () -- C:\Users\Rexmaster\Desktop\Southwest Airlines - Purchase Confirmation.mht
[2011/02/04 11:05:11 | 000,000,018 | ---- | M] () -- C:\Users\Rexmaster\Documents\tradesdownload.xls
[2011/02/03 13:39:58 | 000,001,822 | ---- | M] () -- C:\Users\Public\Desktop\H&R Block 2010.lnk
[2011/02/03 09:58:32 | 000,000,911 | ---- | M] () -- C:\Users\Rexmaster\Desktop\ShopFactory V9.lnk
[2011/01/28 15:41:28 | 000,036,524 | ---- | M] () -- C:\data_feed.csv
[2011/01/28 14:38:14 | 000,036,524 | ---- | M] () -- C:\Users\Rexmaster\data_feed.csv
[2011/01/28 14:27:25 | 000,066,386 | ---- | M] () -- C:\shop.xml
[2011/01/28 14:25:59 | 000,035,733 | ---- | M] () -- C:\ebay.csv
[2011/01/28 14:19:52 | 000,117,078 | ---- | M] () -- C:\test.csv
[2011/01/28 12:39:07 | 000,000,132 | ---- | M] () -- C:\Users\Rexmaster\AppData\Roaming\Adobe BMP Format CS5 Prefs
[3 C:\Users\Rexmaster\Documents\*.tmp files -> C:\Users\Rexmaster\Documents\*.tmp -> ]

========== Files Created - No Company Name ==========

[2011/02/25 12:32:04 | 000,000,370 | ---- | C] () -- C:\Windows\tasks\Ad-Aware Update (Weekly).job
[2011/02/23 16:39:41 | 000,016,432 | ---- | C] () -- C:\Windows\System32\lsdelete.exe
[2011/02/23 13:41:23 | 000,001,031 | ---- | C] () -- C:\Users\Rexmaster\Application Data\Microsoft\Internet Explorer\Quick Launch\Ad-Aware.lnk
[2011/02/23 13:41:23 | 000,001,007 | ---- | C] () -- C:\Users\Public\Desktop\Ad-Aware.lnk
[2011/02/23 12:07:45 | 000,001,055 | ---- | C] () -- C:\Users\Rexmaster\Desktop\Spybot - Search & Destroy.lnk
[2011/02/22 10:48:18 | 000,004,604 | ---- | C] () -- C:\Users\Rexmaster\Documents\gd_bundle.crt
[2011/02/22 10:48:18 | 000,001,980 | ---- | C] () -- C:\Users\Rexmaster\Documents\discountgamingstore.com.crt
[2011/02/22 10:46:09 | 000,004,241 | ---- | C] () -- C:\Users\Rexmaster\discountgamingstore.com.zip
[2011/02/21 17:49:56 | 000,000,944 | ---- | C] () -- C:\Users\Rexmaster\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Windows Media Player.lnk
[2011/02/21 17:49:56 | 000,000,938 | ---- | C] () -- C:\Users\Rexmaster\Application Data\Microsoft\Internet Explorer\Quick Launch\Windows Media Player.lnk
[2011/02/18 10:42:26 | 277,591,580 | ---- | C] () -- C:\Windows\MEMORY.DMP
[2011/02/18 10:41:02 | 000,000,197 | ---- | C] () -- C:\Windows\ODBCINST.INI
[2011/02/15 15:42:37 | 002,550,772 | ---- | C] () -- C:\Users\Rexmaster\Documents\CHEERS!.jpg
[2011/02/14 14:33:24 | 000,000,053 | ---- | C] () -- C:\Users\Rexmaster\google4e26dd8c20ac7fc1.html
[2011/02/07 13:10:58 | 000,650,191 | ---- | C] () -- C:\Users\Rexmaster\Desktop\Las Vegas Hotels, Atlantic City Casinos & More Caesars Entertainment Casino Hotels2.mht
[2011/02/07 13:06:59 | 000,650,199 | ---- | C] () -- C:\Users\Rexmaster\Desktop\Las Vegas Hotels, Atlantic City Casinos & More Caesars Entertainment Casino Hotels.mht
[2011/02/07 12:27:10 | 000,150,016 | ---- | C] () -- C:\Users\Rexmaster\Documents\Survivor.xls
[2011/02/07 11:43:52 | 000,056,832 | ---- | C] () -- C:\Users\Rexmaster\Documents\April.doc
[2011/02/07 11:31:14 | 000,055,808 | ---- | C] () -- C:\Users\Rexmaster\Documents\March.doc
[2011/02/07 11:20:47 | 000,080,384 | ---- | C] () -- C:\Users\Rexmaster\Documents\Feb.doc
[2011/02/07 11:10:36 | 000,338,944 | ---- | C] () -- C:\Users\Rexmaster\Documents\My Outlook Calendar.dot
[2011/02/07 11:01:51 | 000,075,453 | ---- | C] () -- C:\Users\Rexmaster\Documents\TS102299376.xltx
[2011/02/07 10:24:02 | 000,763,038 | ---- | C] () -- C:\Users\Rexmaster\Desktop\Southwest Airlines - Purchase Confirmation.mht
[2011/02/04 11:05:09 | 000,000,018 | ---- | C] () -- C:\Users\Rexmaster\Documents\tradesdownload.xls
[2011/02/03 13:39:58 | 000,001,822 | ---- | C] () -- C:\Users\Public\Desktop\H&R Block 2010.lnk
[2011/02/03 09:58:32 | 000,000,911 | ---- | C] () -- C:\Users\Rexmaster\Desktop\ShopFactory V9.lnk
[2011/01/28 14:38:30 | 000,036,524 | ---- | C] () -- C:\Users\Rexmaster\data_feed.csv
[2011/01/28 14:37:03 | 000,036,524 | ---- | C] () -- C:\data_feed.csv
[2011/01/28 14:27:25 | 000,066,386 | ---- | C] () -- C:\shop.xml
[2011/01/28 14:25:59 | 000,035,733 | ---- | C] () -- C:\ebay.csv
[2011/01/28 14:19:52 | 000,117,078 | ---- | C] () -- C:\test.csv
[2011/01/28 12:39:07 | 000,000,132 | ---- | C] () -- C:\Users\Rexmaster\AppData\Roaming\Adobe BMP Format CS5 Prefs
[2010/05/17 14:23:51 | 000,091,264 | ---- | C] () -- C:\Windows\System32\drivers\ArcHlp.sys
[2010/05/17 14:20:40 | 000,000,248 | ---- | C] () -- C:\Windows\HCWBlast.ini
[2010/05/17 14:17:43 | 000,065,536 | ---- | C] () -- C:\Windows\System32\dmcrypto.dll
[2010/05/17 14:17:22 | 000,002,336 | ---- | C] () -- C:\Windows\HCWPNP.INI
[2009/07/29 11:36:51 | 000,000,376 | ---- | C] () -- C:\Windows\ODBC.INI
[2009/06/12 14:16:11 | 000,000,355 | ---- | C] () -- C:\Windows\COVERE~1.INI
[2008/12/29 12:17:15 | 000,000,318 | ---- | C] () -- C:\Windows\lgfwup.ini
[2008/11/26 12:03:53 | 000,237,568 | ---- | C] () -- C:\Windows\System32\rmc_rtspdl.dll
[2008/07/17 19:52:36 | 000,000,158 | ---- | C] () -- C:\Windows\pagesuit.ini
[2008/07/17 19:52:35 | 000,023,040 | ---- | C] () -- C:\Windows\System32\irisco32.dll
[2008/07/09 11:06:33 | 000,021,840 | ---- | C] () -- C:\Windows\System32\SIntfNT.dll
[2008/07/09 11:06:33 | 000,017,212 | ---- | C] () -- C:\Windows\System32\SIntf32.dll
[2008/07/09 11:06:33 | 000,012,067 | ---- | C] () -- C:\Windows\System32\SIntf16.dll
[2008/05/21 18:56:36 | 000,053,299 | ---- | C] () -- C:\Windows\System32\pthreadVC.dll
[2008/01/24 17:12:53 | 000,000,142 | ---- | C] () -- C:\Windows\wpd99.drv
[2008/01/24 17:12:52 | 000,051,716 | ---- | C] () -- C:\Windows\System32\pdf995mon.dll
[2007/11/13 01:55:11 | 000,010,752 | ---- | C] () -- C:\Windows\System32\ff_vfw.dll
[2007/11/02 01:29:57 | 000,000,182 | ---- | C] () -- C:\Windows\NeroDigital.ini
[2007/11/01 23:31:26 | 000,000,040 | -HS- | C] () -- C:\ProgramData\.zreglib
[2007/11/01 23:24:49 | 000,054,272 | ---- | C] () -- C:\Users\Rexmaster\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2007/11/01 01:03:45 | 000,000,680 | ---- | C] () -- C:\Users\Rexmaster\AppData\Local\d3d9caps.dat
[2006/11/02 07:35:32 | 000,005,632 | ---- | C] () -- C:\Windows\System32\sysprepMCE.dll
[2006/11/02 02:40:29 | 000,013,750 | ---- | C] () -- C:\Windows\System32\pacerprf.ini
[2006/09/05 13:59:14 | 000,217,088 | ---- | C] () -- C:\Windows\NVGfxOgl.dll
[2003/01/07 14:05:08 | 000,002,695 | ---- | C] () -- C:\Windows\System32\OUTLPERF.INI

< End of report >

OTL Extras logfile created on: 2/25/2011 12:34:37 PM - Run 1
OTL by OldTimer - Version 3.2.21.0 Folder = C:\Users\Rexmaster\Desktop
Windows Vista Home Premium Edition (Version = 6.0.6000) - Type = NTWorkstation
Internet Explorer (Version = 7.0.6000.17037)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

3.00 Gb Total Physical Memory | 1.00 Gb Available Physical Memory | 47.00% Memory free
6.00 Gb Paging File | 4.00 Gb Available in Paging File | 75.00% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 698.63 Gb Total Space | 135.33 Gb Free Space | 19.37% Space Free | Partition Type: NTFS
Drive E: | 931.51 Gb Total Space | 474.57 Gb Free Space | 50.95% Space Free | Partition Type: NTFS
Drive Z: | 37.26 Gb Total Space | 26.27 Gb Free Space | 70.49% Space Free | Partition Type: NTFS

Computer Name: VISTA | User Name: Rexmaster | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Extra Registry (SafeList) ==========


========== File Associations ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\System32\control.exe (Microsoft Corporation)
.hlp [@ = hlpfile] -- C:\Windows\winhlp32.exe (Microsoft Corporation)
.url [@ = InternetShortcut] -- rundll32.exe ieframe.dll,OpenURL %l

========== Shell Spawning ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
hlpfile [open] -- %SystemRoot%\winhlp32.exe %1 (Microsoft Corporation)
htmlfile [edit] -- "C:\Apps\Office\OFFICE11\msohtmed.exe" %1 (Microsoft Corporation)
htmlfile [print] -- "C:\Apps\Office\OFFICE11\msohtmed.exe" /p %1 (Microsoft Corporation)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
InternetShortcut [open] -- rundll32.exe ieframe.dll,OpenURL %l
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [AddToPlaylistVLC] -- "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" ()
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [PlayWithVLC] -- "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" ()
Folder [open] -- %SystemRoot%\Explorer.exe /separate,/idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /separate,/e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

========== Security Center Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0

========== Firewall Settings ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1

========== Authorized Applications List ==========


========== Vista Active Open Ports Exception List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{00A22287-44DA-4A60-961C-D3EA2D2FE754}" = lport=445 | protocol=6 | dir=in | app=system |
"{1F280436-F898-4715-9798-231B7D2FF3BE}" = lport=7777 | protocol=17 | dir=in | app=%systemroot%\ehome\ehshell.exe |
"{252BE0BA-3CB9-4B88-830C-FA5226017AB8}" = lport=3390 | protocol=6 | dir=in | app=system |
"{35858555-99B5-4221-B0FA-D8183AD62E3D}" = lport=2177 | protocol=17 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{38725F4D-8E02-4C3B-BA15-56B6C4D807AC}" = lport=2177 | protocol=17 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{3CCC0D67-DD74-4072-A3DB-DDFE49CB878E}" = rport=137 | protocol=17 | dir=out | app=system |
"{3E98625F-B53C-4F7A-A852-166377A248A2}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{50E6FF46-EB62-46B1-BD29-D3B916AB54BD}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{55E7639C-8900-4192-8338-E8FD1A4A3184}" = rport=10244 | protocol=6 | dir=out | app=system |
"{5716DA1E-5756-44B2-A1EE-F9B2F52FF9BA}" = lport=2177 | protocol=6 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{5EE688F7-2E4A-4A3C-8191-4CC52F472FC2}" = lport=3724 | protocol=6 | dir=in | name=blizzard downloader: 3724 |
"{6D9C33C6-CDBA-411D-93FE-FFD88CC7F6EA}" = lport=10244 | protocol=6 | dir=in | app=system |
"{6DCD865B-3F56-45C1-83C2-C4039F40608C}" = lport=3389 | protocol=6 | dir=in | name=remote desktop connection |
"{72ECD3E2-5F29-4ADA-A312-8827E45B8823}" = lport=59132 | protocol=6 | dir=in | name=pandorest listening port |
"{790DF638-1D65-4ED8-B347-7C3B92D37B00}" = rport=445 | protocol=6 | dir=out | app=system |
"{7ED0ECB5-5406-4BC4-98BF-6BA3F620E315}" = lport=3390 | protocol=6 | dir=in | app=system |
"{7F97C37C-B058-4231-815A-B3C8AD048F1D}" = rport=138 | protocol=17 | dir=out | app=system |
"{80B016F6-18D0-4134-8430-5CD31DCCFD4C}" = lport=138 | protocol=17 | dir=in | app=system |
"{92FDEA36-4B66-40E3-B1B0-637BF7B6107E}" = lport=554 | protocol=6 | dir=in | app=%systemroot%\ehome\ehshell.exe |
"{94AAEB27-4F9D-4932-9FB2-2E3A95711DC9}" = lport=139 | protocol=6 | dir=in | app=system |
"{971571AE-B994-44E0-946B-56FC7B66459B}" = lport=554 | protocol=6 | dir=in | app=%systemroot%\ehome\ehshell.exe |
"{9E7772F2-07C1-40E0-B4A1-986908C0EAB9}" = lport=7777 | protocol=17 | dir=in | app=%systemroot%\ehome\ehshell.exe |
"{A12DFD38-B96A-4B0A-A018-053792404651}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{A321A22F-E4CE-4E3A-AFD8-CC22CC10EF52}" = lport=2177 | protocol=6 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{AE273C63-3474-4315-A5E8-D6F9205D5A9D}" = rport=2177 | protocol=17 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{AF48F91A-BFF5-4A35-B6AE-E0B93A1A0B48}" = rport=139 | protocol=6 | dir=out | app=system |
"{B636295C-326E-4628-946F-ECD4867A6B5B}" = rport=2177 | protocol=6 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{BBEB5C3D-0F4B-4585-B723-C67A7779BF19}" = lport=41952 | protocol=17 | dir=in | name=tv1 |
"{BE06AF41-751C-4CA3-ACB3-32D604D0C7E9}" = lport=rpc-epmap | protocol=6 | dir=in | svc=rpcss | name=@firewallapi.dll,-28539 |
"{CC92EBA5-7055-4BB6-8197-A1FB121E1272}" = rport=10244 | protocol=6 | dir=out | app=system |
"{CCC58434-BE52-4CFE-86D7-87D01087FD26}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{D1867139-B310-4401-94EF-C80EFFA0D020}" = rport=2177 | protocol=6 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{D40661D0-6BD8-417D-9813-933F4D71DCAC}" = lport=41952 | protocol=6 | dir=in | name=tv |
"{D69E5510-C358-4905-A119-7BB625286436}" = lport=137 | protocol=17 | dir=in | app=system |
"{E3100458-EDD5-4B66-9FFE-662CEEA8DDAB}" = lport=rpc | protocol=6 | dir=in | svc=spooler | app=%systemroot%\system32\spoolsv.exe |
"{EB0FEAB8-0648-41E7-BBF0-67B664DE24C8}" = lport=10244 | protocol=6 | dir=in | app=system |
"{F0C1DF23-5893-4B26-8903-6A37B18E6FFC}" = rport=2177 | protocol=17 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe |

========== Vista Active Application Exception List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{0636706F-EC0B-4129-A3A9-619EB74CEAA7}" = protocol=17 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe |
"{0AE98DC7-C7C6-4909-A563-3FAA2789909D}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{0D15B0B7-4D38-4E90-868B-89C47C543756}" = dir=in | app=%systemdrive%\apps\tversity\media server\mediaserver.exe |
"{0FE3D633-840E-4528-A7B7-9AAA000CF956}" = protocol=1 | dir=in | name=@firewallapi.dll,-28543 |
"{24272566-BFA7-49C6-9AC7-E14E9B840F94}" = dir=in | app=c:\program files\avg\avg9\avgnsx.exe |
"{28291467-E14E-4FAF-9F04-96A22D7BF8CD}" = dir=in | app=c:\program files\avg\avg9\avgupd.exe |
"{2AC99054-B4B4-46FE-8A60-7F32FCFF8CF5}" = protocol=58 | dir=in | name=@firewallapi.dll,-28545 |
"{2D235F81-A7DA-4FD2-A343-0C38E8B929DF}" = protocol=58 | dir=in | name=@firewallapi.dll,-28545 |
"{42BE7EA7-32DC-48D9-9D92-4D9FFB791711}" = protocol=6 | dir=out | app=%systemroot%\ehome\mcx2prov.exe |
"{43C8ED23-0724-4BD3-A4AE-8636E9EF1C2D}" = protocol=58 | dir=out | name=@firewallapi.dll,-28546 |
"{458E2303-968B-4280-ACF9-299FCCA74690}" = protocol=17 | dir=in | app=c:\users\rexmaster\appdata\local\microsoft\windows\temporary internet files\content.ie5\x4edcpq6\1280_starcraft2gameplayvideo_englishus2-avi-downloader[1].exe |
"{45EA94CD-D7C7-435C-8F38-4D5F94D5EDAA}" = protocol=6 | dir=out | svc=mcx2svc | app=%systemroot%\system32\svchost.exe |
"{5DCB2860-9A89-4618-A6F5-E7B366B14C84}" = protocol=6 | dir=in | app=c:\program files\itunes\itunes.exe |
"{692E5FF2-0097-44E7-B31E-58BE73298FDD}" = protocol=6 | dir=out | app=%systemroot%\ehome\ehshell.exe |
"{7BAC7049-6966-4342-BF9A-44195D809DA8}" = protocol=1 | dir=in | name=@firewallapi.dll,-28543 |
"{816A69FA-2EC9-4D9C-821C-644EC17FBB87}" = protocol=6 | dir=in | app=c:\users\rexmaster\appdata\local\microsoft\windows\temporary internet files\content.ie5\x4edcpq6\1280_starcraft2gameplayvideo_englishus2-avi-downloader[1].exe |
"{879B5F3A-28B9-487E-A3A4-7F06B4804936}" = protocol=6 | dir=out | app=%systemroot%\ehome\ehshell.exe |
"{892E5C55-F0EE-442C-A707-6DFFA6EF7461}" = dir=in | app=c:\program files\cyberlink\powerdvd\powerdvd.exe |
"{A3FF3CBA-1C0B-4BEF-8910-D16D108B88D4}" = protocol=17 | dir=in | app=c:\program files\opencase\opencase media agent\pandobinaries\nbcpandorest.exe |
"{A4BBAFF8-3D09-4FC5-B74D-20EA86A2E168}" = protocol=58 | dir=out | name=@firewallapi.dll,-28546 |
"{A635603D-A504-4D81-BB1E-B1BC8851FFAD}" = protocol=17 | dir=out | app=%systemroot%\ehome\ehshell.exe |
"{BD344408-A113-4276-93AA-71259511A4F1}" = protocol=17 | dir=in | app=c:\apps\tversity\media server\tversity.exe |
"{BDC6C7E6-6E6A-46C3-A6D5-46A7776469B2}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe |
"{BF83D0BC-B044-4D59-A76C-D65D29F42A4D}" = protocol=1 | dir=out | name=@firewallapi.dll,-28544 |
"{C15C69DF-21C3-4A9C-B60C-A53A3F93D5FD}" = protocol=17 | dir=out | app=%systemroot%\ehome\ehshell.exe |
"{C7CDD442-B713-454C-ACED-0E577180D9CA}" = protocol=6 | dir=in | app=c:\program files\opencase\opencase media agent\pandobinaries\nbcpandorest.exe |
"{D43AED47-23A7-4482-B9E0-DC33EF973909}" = protocol=1 | dir=out | name=@firewallapi.dll,-28544 |
"{D7F3CB28-01AC-4D14-9F10-56458A3F5209}" = protocol=6 | dir=out | svc=mcx2svc | app=%systemroot%\system32\svchost.exe |
"{DBE2EAB7-820E-4A48-AAB9-E037B4CBE188}" = dir=in | app=c:\apps\tversity\media server\mediaserver.exe |
"{DF07100D-8B82-48A3-9650-285631BD48F4}" = dir=in | app=c:\apps\tversity\media server\mediaserver.exe |
"{E4673033-F44D-4D63-96EF-20515596F08F}" = protocol=6 | dir=out | app=%systemroot%\ehome\mcx2prov.exe |
"{E482240C-2838-4682-BCD7-DF26005AAABF}" = protocol=6 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe |
"{E9F883EA-CB80-4B9D-92C5-6AAD49BF2DD0}" = protocol=17 | dir=in | app=c:\program files\itunes\itunes.exe |
"{EDA9630B-98D5-44DA-8DDF-1F2BAD9A83F3}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"TCP Query User{00E090D6-07E4-45A7-9722-F96B7146FC80}C:\apps\bb\fledge.exe" = protocol=6 | dir=in | app=c:\apps\bb\fledge.exe |
"TCP Query User{198AFAB1-E7D5-469B-B075-4AE617507922}C:\windows\system32\ftp.exe" = protocol=6 | dir=in | app=c:\windows\system32\ftp.exe |
"TCP Query User{1EE6848C-3D66-4A64-97A3-F709E998A618}C:\games\eq\launchpad.exe" = protocol=6 | dir=in | app=c:\games\eq\launchpad.exe |
"TCP Query User{25A0E2C9-CDDC-4903-B6F7-21C20959007E}C:\games\eq\eqgame.exe" = protocol=6 | dir=in | app=c:\games\eq\eqgame.exe |
"TCP Query User{2FADB48C-6DD7-4C42-906F-B9AAAC137213}C:\program files\internet explorer\iexplore.exe" = protocol=6 | dir=in | app=c:\program files\internet explorer\iexplore.exe |
"TCP Query User{32692498-ECB2-449D-BD5D-A76EDDF826D5}C:\program files\java\jre1.6.0_05\bin\javaw.exe" = protocol=6 | dir=in | app=c:\program files\java\jre1.6.0_05\bin\javaw.exe |
"TCP Query User{3ED19CE9-6735-4FDA-AB34-8DB1FD2F5124}C:\program files\shopfactory v8\shopfactory\sfeditoru.exe" = protocol=6 | dir=in | app=c:\program files\shopfactory v8\shopfactory\sfeditoru.exe |
"TCP Query User{572B35A5-D078-4D8F-BA0D-7AA21B25CACC}C:\games\eq\eqvoiceservice.exe" = protocol=6 | dir=in | app=c:\games\eq\eqvoiceservice.exe |
"TCP Query User{64F186C8-6A65-4D3B-A445-1599AA7447DF}C:\program files\veoh networks\veoh\veohclient.exe" = protocol=6 | dir=in | app=c:\program files\veoh networks\veoh\veohclient.exe |
"TCP Query User{9127EB17-D978-4AE5-9D93-CA4DE5BC7E95}C:\program files\sony\station\launchpad\launchpad.exe" = protocol=6 | dir=in | app=c:\program files\sony\station\launchpad\launchpad.exe |
"TCP Query User{944D50FB-2933-4CF8-84E1-93C1C645F013}C:\users\rexmaster\appdata\roaming\macromedia\flash player\www.macromedia.com\bin\octoshape\octoshape.exe" = protocol=6 | dir=in | app=c:\users\rexmaster\appdata\roaming\macromedia\flash player\www.macromedia.com\bin\octoshape\octoshape.exe |
"TCP Query User{985FB6A8-0E90-47BE-A781-D1CEDA6E3805}C:\games\eq\launchpad.exe" = protocol=6 | dir=in | app=c:\games\eq\launchpad.exe |
"TCP Query User{9E803671-F4C8-4A61-A6F2-08B1C0A95858}C:\games\eq\eqvoiceservice.exe" = protocol=6 | dir=in | app=c:\games\eq\eqvoiceservice.exe |
"TCP Query User{BFAFAFD8-0620-4E8E-A919-254909894D78}C:\games\eq\eqgame.exe" = protocol=6 | dir=in | app=c:\games\eq\eqgame.exe |
"TCP Query User{C3D13B19-FB5E-4B3F-BF59-B013B09AB920}C:\program files\sony\station\launchpad\launchpad.exe" = protocol=6 | dir=in | app=c:\program files\sony\station\launchpad\launchpad.exe |
"TCP Query User{C490CDB0-A3C6-4BE4-B6D0-22CB464D740D}C:\apps\bb\osloader.exe" = protocol=6 | dir=in | app=c:\apps\bb\osloader.exe |
"UDP Query User{11774152-6F8B-4D46-8309-DD66AE6C66A6}C:\games\eq\launchpad.exe" = protocol=17 | dir=in | app=c:\games\eq\launchpad.exe |
"UDP Query User{2FA36B19-838E-406A-B99E-56C1E2F29F60}C:\apps\bb\fledge.exe" = protocol=17 | dir=in | app=c:\apps\bb\fledge.exe |
"UDP Query User{3BD6692B-DB0D-4B57-95FD-07F49982BD6E}C:\program files\sony\station\launchpad\launchpad.exe" = protocol=17 | dir=in | app=c:\program files\sony\station\launchpad\launchpad.exe |
"UDP Query User{3DCB4670-5EC4-4D9A-96AD-C13B89D309B7}C:\program files\shopfactory v8\shopfactory\sfeditoru.exe" = protocol=17 | dir=in | app=c:\program files\shopfactory v8\shopfactory\sfeditoru.exe |
"UDP Query User{42B64B84-8095-46D3-BF2F-96C6AAE0915D}C:\program files\sony\station\launchpad\launchpad.exe" = protocol=17 | dir=in | app=c:\program files\sony\station\launchpad\launchpad.exe |
"UDP Query User{5854C766-673E-447D-AF17-118A4A41A1C4}C:\games\eq\eqvoiceservice.exe" = protocol=17 | dir=in | app=c:\games\eq\eqvoiceservice.exe |
"UDP Query User{5C7F2621-C083-48CC-89C7-80ED3B8CD84F}C:\program files\veoh networks\veoh\veohclient.exe" = protocol=17 | dir=in | app=c:\program files\veoh networks\veoh\veohclient.exe |
"UDP Query User{66B31E4F-1CCC-491B-8D92-8F7A6AE80A64}C:\windows\system32\ftp.exe" = protocol=17 | dir=in | app=c:\windows\system32\ftp.exe |
"UDP Query User{8BC089E9-E536-48A0-97C6-107CE4394AAB}C:\games\eq\eqvoiceservice.exe" = protocol=17 | dir=in | app=c:\games\eq\eqvoiceservice.exe |
"UDP Query User{8E15AC1A-5F66-445D-A72D-6A41BF9B4168}C:\users\rexmaster\appdata\roaming\macromedia\flash player\www.macromedia.com\bin\octoshape\octoshape.exe" = protocol=17 | dir=in | app=c:\users\rexmaster\appdata\roaming\macromedia\flash player\www.macromedia.com\bin\octoshape\octoshape.exe |
"UDP Query User{91924007-F82F-4B93-A3EB-2E42221530FF}C:\program files\java\jre1.6.0_05\bin\javaw.exe" = protocol=17 | dir=in | app=c:\program files\java\jre1.6.0_05\bin\javaw.exe |
"UDP Query User{A1FA21B9-816B-4F52-ADD1-7B08DF5970F9}C:\apps\bb\osloader.exe" = protocol=17 | dir=in | app=c:\apps\bb\osloader.exe |
"UDP Query User{C7DDF13C-652B-40A1-B459-9477E403C711}C:\program files\internet explorer\iexplore.exe" = protocol=17 | dir=in | app=c:\program files\internet explorer\iexplore.exe |
"UDP Query User{CE269860-76F7-4F52-B8EB-8C2803F2A221}C:\games\eq\eqgame.exe" = protocol=17 | dir=in | app=c:\games\eq\eqgame.exe |
"UDP Query User{CF213941-B037-4B34-8520-5766BD4DBB3A}C:\games\eq\launchpad.exe" = protocol=17 | dir=in | app=c:\games\eq\launchpad.exe |
"UDP Query User{F2B14F54-6756-42D3-AEE3-11ECBA5B50AF}C:\games\eq\eqgame.exe" = protocol=17 | dir=in | app=c:\games\eq\eqgame.exe |

========== HKEY_LOCAL_MACHINE Uninstall List ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{02DFF6B1-1654-411C-8D7B-FD6052EF016F}" = Apple Software Update
"{033E378E-6AD3-4AD5-BDEB-CBD69B31046C}" = Microsoft_VC90_ATL_x86
"{0405E51E-9582-4207-8F38-AC44201D3808}" = VeohTV BETA
"{08CA9554-B5FE-4313-938F-D4A417B81175}" = QuickTime
"{08D2E121-7F6A-43EB-97FD-629B44903403}" = Microsoft_VC90_CRT_x86
"{0D048BE8-AE02-4CB5-A428-616B9848E4A7}" = BlackBerry Desktop Software 4.3
"{0D2DBE8A-43D0-7830-7AE7-CA6C99A832E7}" = Adobe Community Help
"{0F3647F8-E51D-4FCC-8862-9A8D0C5ACF25}" = Microsoft_VC80_ATL_x86
"{1771FDC8-D846-4B77-996A-C80DAD42C03F}" = OpenCASE Media Agent
"{19C64880-BBCA-11D4-9EEE-0004ACDDDB3B}" = CyberLink InstantBurn
"{1FBF6C24-C1FD-4101-A42B-0C564F9E8E79}" = Hi-Def Suite
"{20292BBB-C7D7-4526-9E38-42C4A5C2A3A6}" = H&R Block Deluxe + Efile 2009
"{232DB76D-4751-41A9-9EC2-CDC0DAC1FAB6}" = WD SmartWare
"{26D3E377-1DCA-4043-9410-B4A9BACF1033}" = Nero 7 Ultra Edition
"{2D2D8FE2-605C-4D3C-B706-36E981E7EEF0}" = BD/HD Advisor 1.0
"{2EA870FA-585F-4187-903D-CB9FFD21E2E0}" = DHTML Editing Component
"{3248F0A8-6813-11D6-A77B-00B0D0160050}" = Java™ 6 Update 5
"{3DE0053C-FD9A-483E-B7C9-B06E4392206E}" = iTunes
"{40BF1E83-20EB-11D8-97C5-0009C5020658}" = Power2Go 5.0
"{4286E640-B5FB-11DF-AC4B-005056C00008}" = Google Earth
"{4732D4A0-5A47-44D8-9B84-B3BD4906D30D}" = TaxCut Premium 2007
"{47BF1BD6-DCAC-468F-A0AD-E5DECC2211C3}" = Bonjour
"{548F12A2-BD2E-4B5A-9B62-BBC0AA8EB3DD}" = Everio MediaBrowser HD Edition
"{56C049BE-79E9-4502-BEA7-9754A3E60F9B}" = neroxml
"{6179550A-3E7C-499E-BCC9-9E8113E0A285}" = LG ODD Auto Firmware Update
"{635FED5B-2C6D-49BE-87E6-7A6FCD22BC5A}" = Microsoft_VC90_MFC_x86
"{6811CAA0-BF12-11D4-9EA1-0050BAE317E1}" = PowerDVD
"{71F17309-007D-43F9-9313-DBFBA5FCB3B3}" = LightScribe Optical Disc Kit
"{74AC6719-44C0-421A-8D63-7138B455BCC8}" = BlackBerry Smart Card Reader v1.5.1
"{76E41F43-59D2-4F30-BA42-9A762EE1E8DE}" = Avanquest update
"{783676EB-93A4-4373-B4FD-A0CC107FA349}" = ArcSoft TotalMedia Extreme
"{79207BEE-6CD3-483C-824C-944663BACAC4}" = TaxCut Premium + Efile 2008
"{7C7F30F4-94E7-4AA8-8941-90C4A80C68BF}" = NVIDIA nTune
"{81FB87B4-AEA6-49A8-9110-BED4AEFC20E8}" = H&R Block Deluxe + Efile 2010
"{837b34e3-7c30-493c-8f6a-2b0f04e2912c}" = Microsoft Visual C++ 2005 Redistributable
"{90110409-6000-11D3-8CFE-0150048383C9}" = Microsoft Office Professional Edition 2003
"{92D58719-BBC1-4CC3-A08B-56C9E884CC2C}" = Microsoft_VC80_CRT_x86
"{9BFFB382-0B2C-11D6-AB3E-000102B0F79A}" = Readiris 7.5
"{A0673E9E-4510-4AA0-B860-58FD5A7212A1}" = Motorola Driver Installation 4.5.0
"{A2BCA9F1-566C-4805-97D1-7FDC93386723}" = Adobe AIR
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{AC76BA86-7AD7-1033-7B44-A81100000003}" = Adobe Reader 8.1.1
"{ADD5DB49-72CF-11D8-9D75-000129760D75}" = PowerBackup
"{B4092C6D-E886-4CB2-BA68-FE5A88D31DE6}_is1" = Spybot - Search & Destroy
"{B7A0CE06-068E-11D6-97FD-0050BACBF861}" = PowerProducer
"{BAD8CA9C-77C0-4663-B00B-A8D3B13C341B}" = Motorola Phone Tools
"{BC41C09D-FAA9-4346-9FE6-1E0017BC551A}" = Adobe Flash Player 10 Plugin
"{BCE72AED-3332-4863-9567-C5DCB9052CA2}" = Netflix Movie Viewer
"{C59C179C-668D-49A9-B6EA-0121CCFC1243}" = LabelPrint
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{CF9CD37C-E29A-11D5-AE3D-005004B8E30C}" = Digital Photo Navigator 1.5
"{D1A19B02-817E-4296-A45B-07853FD74D57}" = Microsoft_VC80_MFC_x86
"{D7A89413-FB45-4ECE-A893-32DC87F45554}" = Legends of Norrath
"{D92BBB52-82FF-42ED-8A3C-4E062F944AB7}" = Microsoft_VC80_MFCLOC_x86
"{DE3A9DC5-9A5D-6485-9662-347162C7E4CA}" = Adobe Media Player
"{DED53B0B-B67C-4244-AE6A-D6FD3C28D1EF}" = Ad-Aware
"{E2883E8F-472F-4fb0-9522-AC9BF37916A7}" = Adobe Download Manager
"{E8F728D0-C3F0-42EB-BBC2-C4A38A577CB1}" = Motorola Phone Tools
"{F333A33D-125C-32A2-8DCE-5C5D14231E27}" = Visual C++ 2008 x86 Runtime - (v9.0.30729)
"{F333A33D-125C-32A2-8DCE-5C5D14231E27}.vc_x86runtime_30729_01" = Visual C++ 2008 x86 Runtime - v9.0.30729.01
"Ad-Aware" = Ad-Aware
"Adobe AIR" = Adobe AIR
"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX
"Adobe Shockwave Player" = Adobe Shockwave Player 11
"AnyDVD" = AnyDVD
"AVG9Uninstall" = AVG Free 9.0
"BBSCR_{74AC6719-44C0-421A-8D63-7138B455BCC8}" = BlackBerry Smart Card Reader v1.5.1
"BlackBerry_{0D048BE8-AE02-4CB5-A428-616B9848E4A7}" = BlackBerry Desktop Software 4.3
"chc.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1" = Adobe Community Help
"com.adobe.amp.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1" = Adobe Media Player
"Cool MP3 Splitter_is1" = Cool MP3 Splitter 2.2
"ffdshow_is1" = ffdshow [rev 1324] [2007-07-01]
"Free 3GP Video Converter_is1" = Free 3GP Video Converter version 3.1
"Free FLV Converter_is1" = Free FLV Converter V 6.1.0
"Free HTTP Sniffer" = Free HTTP Sniffer
"Google Updater" = Google Updater
"Hauppauge HDPVR Scheduler" = Hauppauge HDPVR Scheduler
"Hauppauge WinTV IR Blaster" = Hauppauge WinTV IR Blaster
"Hauppauge WinTV Scheduler" = Hauppauge WinTV Scheduler
"Imagicon" = Imagicon
"InstallShield_{0405E51E-9582-4207-8F38-AC44201D3808}" = VeohTV BETA
"InstallShield_{7C7F30F4-94E7-4AA8-8941-90C4A80C68BF}" = NVIDIA nTune
"Macro Express 3" = Macro Express 3
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"Mozilla Firefox (2.0.0.18)" = Mozilla Firefox (2.0.0.18)
"NVIDIA Drivers" = NVIDIA Drivers
"Pdf995" = Pdf995 (installed by TaxCut)
"PdfEdit995" = PdfEdit995 (installed by TaxCut)
"Replay Media Catcher 3.01" = Replay Media Catcher 3.01
"ShopFactory V8 Total Care_is1" = ShopFactory V8 Total Care
"ShopFactory V9 Total Care Beta_is1" = ShopFactory V9 Total Care Beta
"ST6UNST #1" = EQ Companion 0.796 for Windows XP
"Uninstall_is1" = Uninstall 1.0.0.1
"VLC media player" = VLC media player 0.9.9
"WinHTTrack Website Copier_is1" = WinHTTrack Website Copier 3.43-7
"WinPcapInst" = WinPcap 4.1 beta4
"WinRAR archiver" = WinRAR archiver

========== HKEY_USERS Uninstall List ==========

[HKEY_USERS\S-1-5-21-51891498-3140153588-1045656940-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"Move Networks Player - IE" = Move Networks Media Player for Internet Explorer
"Octoshape add-in for Adobe Flash Player" = Octoshape add-in for Adobe Flash Player

========== Last 10 Event Log Errors ==========

[ Application Events ]
Error - 2/23/2011 6:47:41 PM | Computer Name = Vista | Source = System Restore | ID = 8210
Description =

Error - 2/23/2011 8:08:19 PM | Computer Name = Vista | Source = Application Error | ID = 1000
Description = Faulting application svchost.exe, version 6.0.6000.16386, time stamp
0x4549adc4, faulting module ntdll.dll, version 6.0.6000.16386, time stamp 0x4549bdc9,
exception code 0xc000071b, fault offset 0x0008ac88, process id 0x520, application
start time 0x01cbd3a3c71621bc.

Error - 2/24/2011 10:35:45 AM | Computer Name = VISTA | Source = BlackBerry Smart Card Reader | ID = 100
Description = c073 - Failed to wrap the windows SmartcardCredentialProvider

Error - 2/24/2011 10:55:54 AM | Computer Name = Vista | Source = Application Error | ID = 1000
Description = Faulting application svchost.exe, version 6.0.6000.16386, time stamp
0x4549adc4, faulting module ntdll.dll, version 6.0.6000.16386, time stamp 0x4549bdc9,
exception code 0xc000071b, fault offset 0x0008ac88, process id 0x564, application
start time 0x01cbd4301b373434.

Error - 2/24/2011 11:03:12 AM | Computer Name = Vista | Source = Application Error | ID = 1000
Description = Faulting application wmiprvse.exe, version 6.0.6000.16830, time stamp
0x49ac8efc, faulting module cimwin32.dll_unloaded, version 0.0.0.0, time stamp
0x4549bce4, exception code 0xc0000005, fault offset 0x6ee67b9d, process id 0xce4,
application start time 0x01cbd43029e96646.

Error - 2/24/2011 11:04:34 AM | Computer Name = Vista | Source = Application Error | ID = 1000
Description = Faulting application regsvr32.exe, version 6.0.6000.16386, time stamp
0x4549b3c7, faulting module msvcrt.dll, version 7.0.6000.16386, time stamp 0x4549bd61,
exception code 0xc0000005, fault offset 0x0000fc12, process id 0x1488, application
start time 0x01cbd4341f19c045.

Error - 2/24/2011 11:38:17 AM | Computer Name = Vista | Source = Application Error | ID = 1000
Description = Faulting application svchost.exe, version 6.0.6000.16386, time stamp
0x4549adc4, faulting module ntdll.dll, version 6.0.6000.16386, time stamp 0x4549bdc9,
exception code 0xc000071b, fault offset 0x0008ac88, process id 0x59c, application
start time 0x01cbd435fc32174c.

Error - 2/24/2011 3:33:23 PM | Computer Name = Vista | Source = Application Error | ID = 1000
Description = Faulting application svchost.exe, version 6.0.6000.16386, time stamp
0x4549adc4, faulting module unknown, version 0.0.0.0, time stamp 0x00000000, exception
code 0xc0000005, fault offset 0x07eba9d8, process id 0x574, application start time
0x01cbd4581ca9a3e2.

Error - 2/25/2011 1:18:15 PM | Computer Name = VISTA | Source = BlackBerry Smart Card Reader | ID = 100
Description = c073 - Failed to wrap the windows SmartcardCredentialProvider

Error - 2/25/2011 1:28:49 PM | Computer Name = Vista | Source = BlackBerry Smart Card Reader | ID = 100
Description = c073 - Failed to wrap the windows SmartcardCredentialProvider

[ Media Center Events ]
Error - 12/12/2008 6:28:48 PM | Computer Name = Vista | Source = MCUpdate | ID = 0
Description = DownloadPackgeTask.SubTasksComplete: failed downloading package SportsSchedule.

Error - 5/12/2009 3:30:00 PM | Computer Name = Vista | Source = MCUpdate | ID = 0
Description = DownloadPackgeTask.SubTasksComplete: failed downloading package SportsSchedule.

[ System Events ]
Error - 2/24/2011 4:22:41 PM | Computer Name = Vista | Source = DCOM | ID = 10010
Description =

Error - 2/25/2011 11:26:49 AM | Computer Name = Vista | Source = DCOM | ID = 10010
Description =

Error - 2/25/2011 1:18:11 PM | Computer Name = Vista | Source = EventLog | ID = 6008
Description = The previous system shutdown at 12:16:46 PM on 2/25/2011 was unexpected.

Error - 2/25/2011 1:18:28 PM | Computer Name = Vista | Source = DCOM | ID = 10016
Description =

Error - 2/25/2011 1:18:28 PM | Computer Name = Vista | Source = DCOM | ID = 10016
Description =

Error - 2/25/2011 1:18:28 PM | Computer Name = Vista | Source = Service Control Manager | ID = 7026
Description =

Error - 2/25/2011 1:28:14 PM | Computer Name = Vista | Source = ACPI | ID = 327686
Description = IRQARB: ACPI BIOS does not contain an IRQ for the device in PCI slot
3, function 0. Please contact your system vendor for technical assistance.

Error - 2/25/2011 1:28:59 PM | Computer Name = Vista | Source = DCOM | ID = 10016
Description =

Error - 2/25/2011 1:28:59 PM | Computer Name = Vista | Source = DCOM | ID = 10016
Description =

Error - 2/25/2011 1:29:01 PM | Computer Name = Vista | Source = Service Control Manager | ID = 7026
Description =


< End of report >

#7 SweetTech

SweetTech

    Agent ST


  • Members
  • 13,421 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Antarctica
  • Local time:01:24 PM

Posted 25 February 2011 - 12:46 PM

Rexmaster,

Do you recognize these files?

C:\Users\Rexmaster\Documents\discountgamingstore.com.crt
C:\Users\Rexmaster\discountgamingstore.com.zip
C:\Users\Rexmaster\google4e26dd8c20ac7fc1.html
C:\Windows\tasks\20090311_162700_Rexmaster.job
C:\Users\Rexmaster\Documents\TS102299376.xltx

____________________________________________________


Disable SpyBot TeaTimer
We need to disable Spybot S&D's "TeaTimer"
TeaTimer works by preventing ANY changes to the system. It will attempt to undo any fixes we run, because it blocks these fixes from running.

In order to safeguard your system from problems that can be brought on by a half finished fix, we need to disable TeaTimer. We can reenable it when we're done if you like.
  • Open SpyBot Search and Destroy by going to Start -> All Programs -> Spybot Search and Destroy -> Spybot Search and Destroy.
  • If prompted with a legal dialog, accept the warning.
  • Click Posted Image and then on "Advanced Mode"
    Posted Image
  • You may be presented with a warning dialog. If so, press Posted Image
  • Click on Posted Image
  • Click on Posted Image
  • Uncheck this checkbox:
    Posted Image
  • Close/Exit Spybot Search and Destroy


NEXT:



OTL Fix

We need to run an OTL Fix
  • Please reopen Posted Image on your desktop.
  • Copy and Paste the following code into the Posted Image textbox.

    :Services
    :OTL
    O4 - HKLM..\Run: [] File not found
    O4 - HKU\S-1-5-21-51891498-3140153588-1045656940-1000..\Run: [] File not found
    O15 - HKU\S-1-5-21-51891498-3140153588-1045656940-1000\..Trusted Domains: $talisma_url$ ([]https in Trusted sites)
    O16 - DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} http://fpdownload.macromedia.com/get/flashplayer/current/polarbear/ultrashim.cab (Reg Error: Key error.)
    [2011/02/23 13:41:24 | 000,000,000 | -H-D | C] -- C:\ProgramData\{E53F90E0-D7CA-4310-8844-F6E688407890}
    [3 C:\Users\Rexmaster\Documents\*.tmp files -> C:\Users\Rexmaster\Documents\*.tmp -> ]
    
    :Reg
    
    :Files
    ipconfig /flushdns /c
    :Commands
    [purity]
    [resethosts]
    [CreateRestorePoint]
    [emptytemp]
    [EMPTYFLASH]
    
  • Push Posted Image
  • OTL may ask to reboot the machine. Please do so if asked.
  • Click Posted Image.
  • A report will open. Copy and Paste that report in your next reply.
  • If the machine reboots, the log will be located at C:\_OTL\MovedFiles\mmddyyyy_hhmmss.log, where mmddyyyy_hhmmss is the date of the tool run.


NEXT:



Scanning with MalwareBytes' Anti-Malware
Please download Malwarebytes' Anti-Malware to your desktop.

  • Double-click mbam-setup.exe and follow the prompts to install the program.
  • At the end, be sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes' Anti-Malware, then click Finish.
  • If an update is found, it will download and install the latest version.
  • Once the program has loaded, select Perform quick scan, then click Scan.
  • When the scan is complete, click OK, then Show Results to view the results.
  • Be sure that everything is checked, and click Remove Selected.
  • When completed, a log will open in Notepad. Please save it to a convenient location and post the results.
Extra Note: If MBAM encounters a file that is difficult to remove, you will be presented with 1 of 2 prompts, click OK to either and let MBAM proceed with the disinfection process, if asked to restart the computer, please do so immediately.



NEXT:



Please include an update on how things are currently running.

Have I helped you? If you'd like to assist in the fight against malware, click here Posted Image


The instructions seen in this post have been specifically tailored to this user and the issues they are experiencing with their computer. If you think you have a similar problem, please first read this topic, and then begin your own, new thread. I do not offer private support via Private Message.


#8 Rexmaster

Rexmaster
  • Topic Starter

  • Members
  • 16 posts
  • OFFLINE
  •  
  • Local time:12:24 PM

Posted 25 February 2011 - 12:56 PM

Tea Timer turned off in SpyBot

Rexmaster,

Do you recognize these files?


C:\Users\Rexmaster\Documents\discountgamingstore.com.crt - Could be part of shopping cart software for a web page I designed. Is not longer needed
C:\Users\Rexmaster\discountgamingstore.com.zip - Could be part of shopping cart software for a web page I designed. Is not longer needed
C:\Users\Rexmaster\google4e26dd8c20ac7fc1.html - This was a site verification file for Google.
C:\Windows\tasks\20090311_162700_Rexmaster.job - No.
C:\Users\Rexmaster\Documents\TS102299376.xltx - No.




All processes killed
========== SERVICES/DRIVERS ==========
========== OTL ==========
Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\ deleted successfully.
Registry key HKEY_USERS\S-1-5-21-51891498-3140153588-1045656940-1000\Software\Microsoft\Windows\CurrentVersion\Run\ deleted successfully.
Registry key HKEY_USERS\S-1-5-21-51891498-3140153588-1045656940-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\$talisma_url$\ deleted successfully.
Starting removal of ActiveX control {8FFBE65D-2C9C-4669-84BD-5829DC0B603C}
C:\Windows\Downloaded Program Files\erma.inf moved successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{8FFBE65D-2C9C-4669-84BD-5829DC0B603C}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{8FFBE65D-2C9C-4669-84BD-5829DC0B603C}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{8FFBE65D-2C9C-4669-84BD-5829DC0B603C}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{8FFBE65D-2C9C-4669-84BD-5829DC0B603C}\ not found.
C:\ProgramData\{E53F90E0-D7CA-4310-8844-F6E688407890} folder moved successfully.
C:\Users\Rexmaster\Documents\~WRL0004.tmp deleted successfully.
C:\Users\Rexmaster\Documents\~WRL1006.tmp deleted successfully.
C:\Users\Rexmaster\Documents\~WRL3763.tmp deleted successfully.
========== REGISTRY ==========
========== FILES ==========
< ipconfig /flushdns /c >
Windows IP Configuration
Successfully flushed the DNS Resolver Cache.
C:\Users\Rexmaster\Desktop\cmd.bat deleted successfully.
C:\Users\Rexmaster\Desktop\cmd.txt deleted successfully.
========== COMMANDS ==========
C:\Windows\System32\drivers\etc\Hosts moved successfully.
HOSTS file reset successfully


[EMPTYTEMP]

User: All Users

User: Default
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->Flash cache emptied: 0 bytes

User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->Flash cache emptied: 0 bytes

User: Mcx1
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->Flash cache emptied: 0 bytes

User: Mcx2
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->Flash cache emptied: 0 bytes

User: Public

User: Rexmaster
->Temp folder emptied: 31832 bytes
->Temporary Internet Files folder emptied: 6352968 bytes
->Java cache emptied: 0 bytes
->FireFox cache emptied: 0 bytes
->Flash cache emptied: 0 bytes

%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 30558 bytes
RecycleBin emptied: 0 bytes

Total Files Cleaned = 6.00 mb


[EMPTYFLASH]

User: All Users

User: Default
->Flash cache emptied: 0 bytes

User: Default User
->Flash cache emptied: 0 bytes

User: Mcx1
->Flash cache emptied: 0 bytes

User: Mcx2
->Flash cache emptied: 0 bytes

User: Public

User: Rexmaster
->Flash cache emptied: 0 bytes

Total Flash Files Cleaned = 0.00 mb


OTL by OldTimer - Version 3.2.21.0 log created on 02252011_125004

Files\Folders moved on Reboot...
C:\Users\Rexmaster\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\LT2WQJ0T\evilcontrollers_com[1].htm moved successfully.
C:\Users\Rexmaster\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\FA7MTXS9\page__gopid__2147505[1].htm moved successfully.
C:\Users\Rexmaster\AppData\Local\Microsoft\Windows\Temporary Internet Files\AntiPhishing\A0AB7674-8D67-4F4D-B5E1-96FAEADFB79D.dat moved successfully.

Registry entries deleted on Reboot...

#9 Rexmaster

Rexmaster
  • Topic Starter

  • Members
  • 16 posts
  • OFFLINE
  •  
  • Local time:12:24 PM

Posted 25 February 2011 - 01:03 PM

Update: Everything seems to be running fine. Although most times it would take ~20 minutes to produce symptoms after a reboot. I'm not sure I have been up 20 minutes yet after any reboots.



Malwarebytes' Anti-Malware 1.50.1.1100
www.malwarebytes.org

Database version: 5876

Windows 6.0.6000
Internet Explorer 7.0.6000.17037

2/25/2011 1:01:45 PM
mbam-log-2011-02-25 (13-01-45).txt

Scan type: Quick scan
Objects scanned: 169558
Time elapsed: 2 minute(s), 51 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 0

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
(No malicious items detected)

#10 SweetTech

SweetTech

    Agent ST


  • Members
  • 13,421 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Antarctica
  • Local time:01:24 PM

Posted 25 February 2011 - 01:07 PM

Rexmaster,

Thanks for the clarification on those files. I don't want to be removing anything that is legit.


C:\Users\Rexmaster\Documents\discountgamingstore.com.crt - Could be part of shopping cart software for a web page I designed. Is not longer needed
C:\Users\Rexmaster\discountgamingstore.com.zip - Could be part of shopping cart software for a web page I designed. Is not longer needed

Since you no longer need these I will go ahead and script these out.

C:\Users\Rexmaster\google4e26dd8c20ac7fc1.html - This was a site verification file for Google.

I will leave this file alone.


OTL Fix

We need to run an OTL Fix
  • Please reopen Posted Image on your desktop.
  • Copy and Paste the following code into the Posted Image textbox.

    :Services
    :OTL
    
    :Reg
    
    :Files
    C:\Users\Rexmaster\Documents\discountgamingstore.com.crt
    C:\Users\Rexmaster\discountgamingstore.com.zip
    ipconfig /flushdns /c
    :Commands
    [CreateRestorePoint]
    
  • Push Posted Image
  • OTL may ask to reboot the machine. Please do so if asked.
  • Click Posted Image.
  • A report will open. Copy and Paste that report in your next reply.
  • If the machine reboots, the log will be located at C:\_OTL\MovedFiles\mmddyyyy_hhmmss.log, where mmddyyyy_hhmmss is the date of the tool run.


NEXT:



ESET Online Scanner
I'd like us to scan your machine with ESET Online Scan

Note: It is recommended to disable on-board anti-virus program and anti-spyware programs while performing scans so there are no conflicts and it will speed up scan time.
Please don't go surfing while your resident protection is disabled!
Once the scan is finished remember to re-enable your anti-virus along with your anti-spyware programs.



  • Hold down Control and click on the following link to open ESET OnlineScan in a new window.
    ESET OnlineScan
  • Click the Posted Image button.
  • For alternate browsers only: (Microsoft Internet Explorer users can skip these steps)
    • Click on Posted Image to download the ESET Smart Installer. Save it to your desktop.
    • Double click on the Posted Image icon on your desktop.
  • Check Posted Image
  • Click the Posted Image button.
  • Accept any security warnings from your browser.
  • Check Posted Image
  • Make sure that the option "Remove found threats" is Unchecked
  • When the Computer scan settings display shows, click the Advanced option, the place a check next to the following (if it is not already checked):
    • Enable Anti-Stealth technology
  • Push the Start button.
  • ESET will then download updates for itself, install itself, and begin
    scanning your computer. Please be patient as this can take some time.
  • When the scan completes, push Posted Image
  • Push Posted Image, and save the file to your desktop using a unique name, such as
    ESETScan. Include the contents of this report in your next reply.
  • Push the Posted Image button.
  • Push Posted Image


NEXT:


Security Check
Download Security Check by screen317 from here or here.
  • Save it to your Desktop.
  • Double click SecurityCheck.exe and follow the onscreen instructions inside of the black box.
  • A Notepad document should open automatically called checkup.txt; please post the contents of that document.

Have I helped you? If you'd like to assist in the fight against malware, click here Posted Image


The instructions seen in this post have been specifically tailored to this user and the issues they are experiencing with their computer. If you think you have a similar problem, please first read this topic, and then begin your own, new thread. I do not offer private support via Private Message.


#11 Rexmaster

Rexmaster
  • Topic Starter

  • Members
  • 16 posts
  • OFFLINE
  •  
  • Local time:12:24 PM

Posted 25 February 2011 - 02:10 PM

ESET is running, that's going to take a while...

========== SERVICES/DRIVERS ==========
========== OTL ==========
========== REGISTRY ==========
========== FILES ==========
C:\Users\Rexmaster\Documents\discountgamingstore.com.crt moved successfully.
C:\Users\Rexmaster\discountgamingstore.com.zip moved successfully.
< ipconfig /flushdns /c >
Windows IP Configuration
Successfully flushed the DNS Resolver Cache.
C:\Users\Rexmaster\Desktop\cmd.bat deleted successfully.
C:\Users\Rexmaster\Desktop\cmd.txt deleted successfully.
========== COMMANDS ==========


OTL by OldTimer - Version 3.2.21.0 log created on 02252011_131150

#12 SweetTech

SweetTech

    Agent ST


  • Members
  • 13,421 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Antarctica
  • Local time:01:24 PM

Posted 25 February 2011 - 02:17 PM

Okay.

Have I helped you? If you'd like to assist in the fight against malware, click here Posted Image


The instructions seen in this post have been specifically tailored to this user and the issues they are experiencing with their computer. If you think you have a similar problem, please first read this topic, and then begin your own, new thread. I do not offer private support via Private Message.


#13 Rexmaster

Rexmaster
  • Topic Starter

  • Members
  • 16 posts
  • OFFLINE
  •  
  • Local time:12:24 PM

Posted 25 February 2011 - 04:16 PM

ESET Scan

C:\Apps\Nero\Nero-7.10.1.0_eng_update_wch.exe Win32/Toolbar.AskSBar application

#14 Rexmaster

Rexmaster
  • Topic Starter

  • Members
  • 16 posts
  • OFFLINE
  •  
  • Local time:12:24 PM

Posted 25 February 2011 - 04:18 PM

Results of screen317's Security Check version 0.99.9
Windows Vista (UAC is disabled!)
Out of date service pack!!
Internet Explorer 7 Out of date!
``````````````````````````````
Antivirus/Firewall Check:

Windows Firewall Enabled!
AVG Free 9.0
ESET Online Scanner v3
WMI entry may not exist for antivirus; attempting automatic update.
```````````````````````````````
Anti-malware/Other Utilities Check:

Ad-Aware
Malwarebytes' Anti-Malware
Java™ 6 Update 5
Out of date Java installed!
Adobe Flash Player
Adobe Reader 8.1.1
Out of date Adobe Reader installed!
Mozilla Firefox (2.0.0) Firefox Out of Date!
````````````````````````````````
Process Check:
objlist.exe by Laurent

Ad-Aware AAWService.exe
Ad-Aware AAWTray.exe
AVG avgwdsvc.exe
AVG avgrsx.exe
AVG avgnsx.exe
AVG avgemc.exe
``````````End of Log````````````

#15 Rexmaster

Rexmaster
  • Topic Starter

  • Members
  • 16 posts
  • OFFLINE
  •  
  • Local time:12:24 PM

Posted 25 February 2011 - 04:19 PM

Status update: Machine has been stable for hours now. I think you got it!

Rexmaster




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users