Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

TDSS need help for removal


  • This topic is locked This topic is locked
31 replies to this topic

#1 lamented2

lamented2

  • Members
  • 19 posts
  • OFFLINE
  •  
  • Local time:05:31 AM

Posted 29 April 2011 - 09:19 PM

Hey guys! Been searching around the forum but can't see any definite solutions for my case so im willing to post whatever logs required to solve my issue. My mozilla firefox consistently redirects me to ad pages and malware-bytes antimalware comes back clean. Furthermore i have removed "Vista Internet Security 2011" twice only for it to return again and infect my computer and i need help to remove it once and for all. All help appreciated ! Thanks in advance! :)

Edit: Also if it helps, whenever i click "shutdown" my computer will show a BSOD and then reboot. Not sure if this is linked but just some added info. Running Windows Vista as well. Below is the DDS report.

DDS (Ver_11-03-05.01) - NTFSx86
Run by adm at 15:15:56.78 on Sat 30/04/2011
Internet Explorer: 7.0.6000.16473 BrowserJavaVersion: 1.6.0_23
Microsoft® Windows Vista™ Home Premium 6.0.6000.0.1252.61.1033.18.2038.1104 [GMT 10:00]
.
.
============== Running Processes ===============
.
C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\svchost.exe -k rpcss
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\SLsvc.exe
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Windows\system32\taskeng.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Program Files\Acer Arcade Live\Acer HomeMedia Connect\Kernel\DMS\CLMSServer.exe
C:\Program Files\Acer Arcade Live\Acer TV Share\Kernel\DMSTV\CLMSServer.exe
C:\Program Files\TortoiseSVN\bin\TSVNCache.exe
C:\Acer\Empowering Technology\ePerformance\MemCheck.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Acer\Empowering Technology\eDataSecurity\eDSService.exe
C:\Program Files\Common Files\LightScribe\LSSrvc.exe
C:\Windows\RtHDVCpl.exe
C:\Acer\Empowering Technology\SysMonitor.exe
C:\Acer\Empowering Technology\eDataSecurity\eDSLoader.exe
C:\Windows\vVX3000.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Common Files\Java\Java Update\jusched.exe
C:\Program Files\Microsoft LifeCam\MSCamS32.exe
C:\Windows\System32\igfxtray.exe
C:\Windows\System32\igfxpers.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Windows\ehome\ehtray.exe
C:\Program Files\DNA\btdna.exe
C:\Windows\System32\ctfmon.exe
C:\Program Files\Windows Media Player\wmpnscfg.exe
C:\Program Files\Windows Live\Messenger\msnmsgr.exe
C:\Program Files\DAP\DAP.exe
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\Program Files\CyberLink\Shared Files\RichVideo.exe
C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
C:\Windows\system32\svchost.exe -k imgsvc
C:\Windows\system32\UAService7.exe
C:\Windows\system32\igfxsrvc.exe
C:\Windows\ehome\ehmsas.exe
C:\Windows\System32\svchost.exe -k WerSvcGroup
C:\Windows\system32\SearchIndexer.exe
C:\Acer\Empowering Technology\eRecovery\eRecoveryService.exe
C:\Windows\system32\WUDFHost.exe
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\Windows\system32\taskeng.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Program Files\iPod\bin\iPodService.exe
D:\My DAP Downloads\dds.scr
.
============== Pseudo HJT Report ===============
.
uStart Page = hxxp://google.com.au/
uInternet Settings,ProxyOverride = <local>
uURLSearchHooks: H - No File
uURLSearchHooks: H - No File
mURLSearchHooks: H - No File
mWinlogon: System=c:\users\adm\appdata\local\svchost.exe
uWinlogon: System=c:\windows\system\wininit.com
uWindows: run=explorer.exe c:\windows\system\regedit.exe
uWindows: load=c:\users\adm\appdata\local\services.exe
BHO: Adobe PDF Reader Link Helper: {06849e9f-c8d7-4d59-b87d-784b7d6be0b3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelper.dll
BHO: SBCONVERT Class: {3017fb3e-9a77-4396-88c5-0ec9548fb42f} - c:\program files\speedbit video downloader\toolbar\tbcore3.dll
BHO: SearchPredictObj Class: {389943b0-c3a2-4e69-82cb-8596a84cb3dc} - c:\progra~1\search~1\SEARCH~1.DLL
BHO: {5C255C8A-E604-49b4-9D64-90988571CECB} - No File
BHO: Search Helper: {6ebf7485-159f-4bff-a14f-b9e3aac4465b} - c:\program files\microsoft\search enhancement pack\search helper\SearchHelper.dll
BHO: Windows Live Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - c:\program files\common files\microsoft shared\windows live\WindowsLiveLogin.dll
BHO: Java™ Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
BHO: Windows Live Toolbar Helper: {e15a8dc0-8516-42a1-81ea-dc94ec1acf10} - c:\program files\windows live\toolbar\wltcore.dll
BHO: Yontoo Layers: {fd72061e-9fde-484d-a58a-0bab4151cad8} - c:\program files\yontoo layers client\YontooIEClient.dll
BHO: Download Accelerator Plus Integration: {ff6c3cf0-4b15-11d1-abed-709549c10000} - c:\progra~1\dap\DAPIEL~1.DLL
BHO: GrabberObj Class: {ff7c3cf0-4b15-11d1-abed-709549c10000} - c:\progra~1\speedb~1\toolbar\grabber.dll
TB: Acer eDataSecurity Management: {5cbe3b7c-1e47-477e-a7dd-396db0476e29} - c:\windows\system32\eDStoolbar.dll
TB: {CCC7A320-B3CA-4199-B1A6-9F516DD69829} - No File
TB: SpeedBit Video Downloader: {0329e7d6-6f54-462d-93f6-f5c3118badf2} - c:\program files\speedbit video downloader\toolbar\tbcore3.dll
TB: &Windows Live Toolbar: {21fa44ef-376d-4d53-9b0f-8a89d3229068} - c:\program files\windows live\toolbar\wltcore.dll
TB: {32099AAC-C132-4136-9E9A-4E364A424E17} - No File
TB: {A057A204-BACC-4D26-9990-79A187E2698E} - No File
TB: {9565115D-C7D6-46D3-BD63-B67B481A4368} - No File
uRun: [Sidebar] c:\program files\windows sidebar\sidebar.exe /autoRun
uRun: [ehTray.exe] c:\windows\ehome\ehTray.exe
uRun: [BitTorrent DNA] "c:\program files\dna\btdna.exe"
uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe
uRun: [WMPNSCFG] c:\program files\windows media player\WMPNSCFG.exe
uRun: [msnmsgr] "c:\program files\windows live\messenger\msnmsgr.exe" /background
uRun: [DownloadAccelerator] "c:\program files\dap\DAP.EXE" /STARTUP
mRun: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide
mRun: [RtHDVCpl] RtHDVCpl.exe
mRun: [Adobe Reader Speed Launcher] "c:\program files\adobe\reader 8.0\reader\Reader_sl.exe"
mRun: [Acer Tour]
mRun: [PCMMediaSharing] c:\program files\acer arcade live\acer homemedia connect\kernel\dms\PCMMediaSharing.exe
mRun: [Acer Empowering Technology Monitor] c:\acer\empowering technology\SysMonitor.exe
mRun: [eDataSecurity Loader] c:\acer\empowering technology\edatasecurity\eDSloader.exe
mRun: [eRecoveryService]
mRun: [Acer Tour Reminder] c:\acer\acertour\Reminder.exe
mRun: [VX3000] c:\windows\vVX3000.exe
mRun: [LifeCam] "c:\program files\microsoft lifecam\LifeExp.exe"
mRun: [QuickTime Task] "c:\program files\quicktime\QTTask.exe" -atboottime
mRun: [iTunesHelper] "c:\program files\itunes\iTunesHelper.exe"
mRun: [SunJavaUpdateSched] "c:\program files\common files\java\java update\jusched.exe"
mRun: [IgfxTray] c:\windows\system32\igfxtray.exe
mRun: [HotKeysCmds] c:\windows\system32\hkcmd.exe
mRun: [Persistence] c:\windows\system32\igfxpers.exe
dRun: [Acer Tour Reminder] c:\acer\acertour\Reminder.exe
dRun: [msnmsgr] "c:\program files\windows live\messenger\msnmsgr.exe" /background
dRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe
StartupFolder: c:\users\adm\appdata\roaming\micros~1\windows\startm~1\programs\startup\onenot~1.lnk - c:\program files\microsoft office\office12\ONENOTEM.EXE
StartupFolder: c:\progra~2\micros~1\windows\startm~1\programs\startup\netgea~1.lnk - c:\program files\common files\VistaRunApp.exe
uPolicies-explorer: HideSCAHealth = 1 (0x1)
mPolicies-system: EnableLUA = 0 (0x0)
dPolicies-explorer: HideSCAHealth = 1 (0x1)
IE: &Clean Traces - c:\program files\dap\privacy package\dapcleanerie.htm
IE: &Download with &DAP - c:\program files\dap\dapextie.htm
IE: Download &all with DAP - c:\program files\dap\dapextie2.htm
IE: Translate this web page with Babylon - c:\program files\babylon\babylon-pro\utils\BabylonIEPI.dll/ActionTU.htm
IE: Translate with Babylon - c:\program files\babylon\babylon-pro\utils\BabylonIEPI.dll/Action.htm
IE: {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - c:\programs\partygaming\partypoker\RunApp.exe
IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - c:\program files\windows live\writer\WriterBrowserExtension.dll
IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - c:\progra~1\micros~2\office12\ONBttnIE.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~2\office12\REFIEBAR.DLL
LSP: c:\program files\common files\pc tools\lsp\PCTLsp.dll
DPF: {3860DD98-0549-4D50-AA72-5D17D200EE10} - hxxp://cdn.scan.onecare.live.com/resource/download/scanner/en-us/wlscctrl2.cab
DPF: {4A85DBE0-BFB2-4119-8401-186A7C6EB653} - hxxp://messenger.zone.msn.com/MessengerGamesContent/GameContent/Default/mjss/MJSS.cab109791.cab
DPF: {5C051655-FCD5-4969-9182-770EA5AA5565} - hxxp://messenger.zone.msn.com/binary/SolitaireShowdown.cab56986.cab
DPF: {5D6F45B3-9043-443D-A792-115447494D24} - hxxp://messenger.zone.msn.com/EN-AU/a-UNO1/GAME_UNO1.cab
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_23-windows-i586.cab
DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} - hxxp://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab
DPF: {CAFEEFAC-0016-0000-0002-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_02-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_23-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab
Name-Space Handler: ftp\ZDA - {5BFA1DAF-5EDC-11D2-959E-00C00C02DA5E} - c:\progra~1\dap\dapie.dll
Name-Space Handler: http\ZDA - {5BFA1DAF-5EDC-11D2-959E-00C00C02DA5E} - c:\progra~1\dap\dapie.dll
Notify: igfxcui - igfxdev.dll
.
================= FIREFOX ===================
.
FF - ProfilePath - c:\users\adm\appdata\roaming\mozilla\firefox\profiles\bznzrj17.default\
FF - component: c:\program files\dap\dapfirefox\components\DAPFireFox.dll
FF - plugin: c:\program files\java\jre6\bin\new_plugin\npdeployJava1.dll
FF - plugin: c:\program files\microsoft\office live\npOLW.dll
FF - plugin: c:\program files\pando networks\media booster\npPandoWebPlugin.dll
FF - plugin: c:\program files\veetle\player\npvlc.dll
FF - plugin: c:\program files\veetle\plugins\npVeetle.dll
FF - plugin: c:\program files\windows live\photo gallery\NPWLPG.dll
FF - plugin: c:\programdata\nexonus\ngm\npNxGameUS.dll
FF - Ext: Default: {972ce4c6-7e08-4474-a285-3208198ce6fd} - c:\program files\mozilla firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
FF - Ext: Download Accelerator Plus (DAP) extension: {F17C1572-C9EC-4e5c-A542-D05CBB5C5A08} - c:\program files\dap\DAPFireFox
.
============= SERVICES / DRIVERS ===============
.
R0 PCTCore;PCTools KDS;c:\windows\system32\drivers\PCTCore.sys [2011-4-29 239168]
R0 pctDS;PC Tools Data Store;c:\windows\system32\drivers\pctDS.sys [2011-4-29 338880]
R0 SCMNdisP;General NDIS Protocol Driver;c:\windows\system32\drivers\SCMNdisP.sys [2008-11-24 21728]
R2 Acer HomeMedia Connect Service;Acer HomeMedia Connect Service;c:\program files\acer arcade live\acer homemedia connect\kernel\dms\CLMSServer.exe [2007-8-16 269448]
R2 Acer TV Share Service;Acer TV Share Service;c:\program files\acer arcade live\acer tv share\kernel\dmstv\CLMSServer.exe [2008-1-15 269432]
R3 OmniTV;Cx2388x AvStream Video Capture;c:\windows\system32\drivers\OmniTV.sys [2007-8-16 221184]
S3 AVerM115S;AVerM115S service;c:\windows\system32\drivers\AVerM115S.sys [2007-8-16 856832]
S3 GarenaPEngine;GarenaPEngine;c:\users\adm\appdata\local\temp\ELA9043.tmp [2010-9-4 25616]
S3 netr73;RT73 USB Wireless LAN Card Driver for Vista;c:\windows\system32\drivers\netr73.sys [2008-1-15 247808]
S3 NPF;NetGroup Packet Filter Driver;c:\windows\system32\drivers\npf.sys [2005-8-3 32512]
S3 npggsvc;nProtect GameGuard Service;c:\windows\system32\gamemon.des -service --> c:\windows\system32\GameMon.des -service [?]
S3 RTL8187;NETGEAR WG111v2 54Mbps Wireless USB 2.0 Adapter Vista Driver;c:\windows\system32\drivers\wg111v2.sys [2007-2-9 213216]
S3 sdAuxService;PC Tools Auxiliary Service;c:\program files\pc tools security\pctsAuxs.exe [2011-4-29 366840]
S3 sdCoreService;PC Tools Security Service;c:\program files\pc tools security\pctsSvc.exe [2011-4-29 1150936]
.
=============== File Associations ===============
.
exefile="c:\windows\system32\config\systemprofile\appdata\local\pab.exe" -a "%1" %*
.
=============== Created Last 30 ================
.
2011-04-29 23:16:32 -------- d-----w- c:\program files\ESET
2011-04-29 23:07:08 98816 ----a-w- c:\windows\sed.exe
2011-04-29 23:07:08 89088 ----a-w- c:\windows\MBR.exe
2011-04-29 23:07:08 256512 ----a-w- c:\windows\PEV.exe
2011-04-29 23:07:08 161792 ----a-w- c:\windows\SWREG.exe
2011-04-29 23:06:55 -------- d-s---w- C:\ComboFix
2011-04-29 11:57:10 656320 ----a-w- c:\windows\system32\drivers\pctEFA.sys
2011-04-29 11:57:10 338880 ----a-w- c:\windows\system32\drivers\pctDS.sys
2011-04-29 11:57:09 249616 ----a-w- c:\windows\system32\drivers\pctgntdi.sys
2011-04-29 11:57:09 102184 ----a-w- c:\windows\system32\drivers\pctwfpfilter.sys
2011-04-29 11:57:07 239168 ----a-w- c:\windows\system32\drivers\PCTCore.sys
2011-04-29 11:57:07 160448 ----a-w- c:\windows\system32\drivers\PCTAppEvent.sys
2011-04-29 11:57:04 70536 ----a-w- c:\windows\system32\drivers\pctplsg.sys
2011-04-29 11:57:00 -------- d-----w- c:\users\adm\appdata\roaming\PC Tools
2011-04-29 11:57:00 -------- d-----w- c:\program files\PC Tools Security
2011-04-29 11:57:00 -------- d-----w- c:\program files\common files\PC Tools
2011-04-29 11:57:00 -------- d-----w- c:\progra~2\PC Tools
2011-04-29 09:24:31 12872 ----a-w- c:\windows\system32\bootdelete.exe
2011-04-29 09:15:11 16968 ----a-w- c:\windows\system32\drivers\hitmanpro35.sys
2011-04-29 09:14:54 -------- d-----w- c:\progra~2\Hitman Pro
2011-04-24 04:12:05 -------- d-----w- c:\program files\Yitsoft Software
2011-04-23 06:53:03 7071056 ----a-w- c:\progra~2\microsoft\windows defender\definition updates\{d6f592b8-5cf9-4d76-a076-9d40977e990d}\mpengine.dll
2011-04-10 09:45:12 -------- d-----w- c:\users\adm\appdata\roaming\LolClient
2011-04-10 09:24:28 -------- d-----w- C:\Riot Games
.
==================== Find3M ====================
.
2011-02-25 09:45:54 49472 ----a-w- c:\windows\system32\netfxperf.dll
2011-02-25 09:45:54 297808 ----a-w- c:\windows\system32\mscoree.dll
2011-02-25 09:45:54 1130824 ----a-w- c:\windows\system32\dfshim.dll
2011-02-25 09:45:53 99176 ----a-w- c:\windows\system32\PresentationHostProxy.dll
2011-02-25 09:45:53 295264 ----a-w- c:\windows\system32\PresentationHost.exe
2011-02-02 08:11:20 222080 ------w- c:\windows\system32\MpSigStub.exe
2007-01-05 20:09:26 208896 ----a-w- c:\program files\common files\VistaRunApp.exe
.
============= FINISH: 15:18:34.00 ===============Attached File  Attach.txt   982bytes   0 downloadsAttached File  ark.txt   15.06KB   1 downloads

Edited by lamented2, 30 April 2011 - 03:49 AM.


BC AdBot (Login to Remove)

 


#2 SweetTech

SweetTech

    Agent ST


  • Members
  • 13,421 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Antarctica
  • Local time:06:31 AM

Posted 05 May 2011 - 06:29 PM

Hello and welcome to the forums!

My secret agent name on the forums is SweetTech (you can call me ST for short), it's a pleasure to meet you. :)

I am very sorry for the delay in responding, but as you can see we are at the moment being flooded with logs which, when paired with the never-ending shortage of helpers, resulted in the delayed responding to your thread.

I would be glad to take a look at your log and help you with solving any malware problems.

If you have since resolved the issues you were originally experiencing, or have received help elsewhere, please inform me so that this topic can be closed.

If you have not, please adhere to the guidelines below and then follow instructions as outlined further below:

  • Logs from malware removal programs (OTL is one of them) can take some time to analyze. I need you to be patient while I analyze any logs you post. Please remember, I am a volunteer, and I do have a life outside of these forums.
  • Please make sure to carefully read any instruction that I give you. Attention to detail is important! Since I cannot see or directly interact with your computer I am dependent on you to "be my eyes" and provide as much information as you can regarding the current state of your computer.
  • If you're not sure, or if something unexpected happens, do NOT continue! Stop and ask!
  • In Windows Vista and Windows 7, all tools need to be started by right clicking and selecting Run as Administrator!
  • Do not do things I do not ask for, such as running a spyware scan on your computer. The one thing that you should always do, is to make sure sure that your anti-virus definitions are up-to-date!
  • Please do not use the Attachment feature for any log file. Do a Copy/Paste of the entire contents of the log file and submit it inside your post.
  • I am going to stick with you until ALL malware is gone from your system. I would appreciate it if you would do the same. From this point, we're in this together ;)
    Because of this, you must reply within three days
    failure to reply will result in the topic being closed!
  • Please do not PM me directly for help. If you have any questions, post them in this topic.
  • Lastly, I am no magician. I will try very hard to fix your issues, but no promises can be made. Also be aware that some infections are so severe that you might need to resort to reformatting and reinstalling your operating system.
    Don't worry, this only happens in severe cases, but it sadly does happen. Be prepared to back up your data. Have means of backing up your data available.

____________________________________________________


Posted Image One or more of the identified infections is a backdoor trojan and password stealer.

This type of infection allows hackers to access and remotely control your computer, log keystrokes, steal critical system information, and download and execute files without your knowledge.
If you do any banking or other financial transactions on the PC or if it contains any other sensitive information, then from a clean computer, change all passwords where applicable.
It would also be wise to contact those same financial institutions to appraise them of your situation.


I highly suggest you take a look at the two links provided below:
1. How Do I Handle Possible Identify Theft, Internet Fraud, and CC Fraud?
2. When should I re-format? How should I reinstall?


We can still clean this machine but I can't guarantee that it will be 100% secure afterwards. Let me know what you decide to do. If you decide to go through with the cleanup, please proceed with the following steps.



NEXT:



Running TDSSKiller

Please read carefully and follow these steps.
  • Download TDSSKiller and save it to your Desktop.
  • Extract its contents to your desktop.
  • Once extracted, open the TDSSKiller folder and doubleclick on TDSSKiller.exe to run the application, then on Start Scan.


    Posted Image

  • If an infected file is detected, the default action will be Cure, click on Continue.


    Posted Image

  • If a suspicious file is detected, the default action will be Skip, click on Continue.


    Posted Image

  • It may ask you to reboot the computer to complete the process. Click on Reboot Now.


    Posted Image

  • If no reboot is require, click on Report. A log file should appear. Please copy and paste the contents of that file here.
  • If a reboot is required, the report can also be found in your root directory, (usually C:\ folder) in the form of "TDSSKiller.[Version]_[Date]_[Time]_log.txt". Please copy and paste the contents of that file here.


NEXT:



Running OTL

We need to create an OTL Report
  • Please download OTL from one of the following mirrors:
  • Save it to your desktop.
  • Double click on the Posted Image icon on your desktop.
  • Click the "Scan All Users" checkbox.
  • Push the Posted Image button.
  • Two reports will open, copy and paste them in a reply here:
    • OTL.txt <-- Will be opened
    • Extra.txt <-- Will be minimized


NEXT:


Please provide an update on how things are running in your next reply.

Have I helped you? If you'd like to assist in the fight against malware, click here Posted Image


The instructions seen in this post have been specifically tailored to this user and the issues they are experiencing with their computer. If you think you have a similar problem, please first read this topic, and then begin your own, new thread. I do not offer private support via Private Message.


#3 lamented2

lamented2
  • Topic Starter

  • Members
  • 19 posts
  • OFFLINE
  •  
  • Local time:05:31 AM

Posted 05 May 2011 - 06:36 PM

Hi ST, thanks for the response. :) Here is the log of the TDSSKiller.

2011/05/06 09:32:16.0077 5804 TDSS rootkit removing tool 2.5.0.0 May 1 2011 14:20:16
2011/05/06 09:32:17.0159 5804 ================================================================================
2011/05/06 09:32:17.0159 5804 SystemInfo:
2011/05/06 09:32:17.0159 5804
2011/05/06 09:32:17.0159 5804 OS Version: 6.0.6000 ServicePack: 0.0
2011/05/06 09:32:17.0159 5804 Product type: Workstation
2011/05/06 09:32:17.0160 5804 ComputerName: ADM-PC
2011/05/06 09:32:17.0160 5804 UserName: adm
2011/05/06 09:32:17.0160 5804 Windows directory: C:\Windows
2011/05/06 09:32:17.0160 5804 System windows directory: C:\Windows
2011/05/06 09:32:17.0160 5804 Processor architecture: Intel x86
2011/05/06 09:32:17.0160 5804 Number of processors: 2
2011/05/06 09:32:17.0160 5804 Page size: 0x1000
2011/05/06 09:32:17.0160 5804 Boot type: Normal boot
2011/05/06 09:32:17.0160 5804 ================================================================================
2011/05/06 09:32:17.0621 5804 Initialize success
2011/05/06 09:32:20.0450 5860 ================================================================================
2011/05/06 09:32:20.0450 5860 Scan started
2011/05/06 09:32:20.0450 5860 Mode: Manual;
2011/05/06 09:32:20.0450 5860 ================================================================================
2011/05/06 09:32:22.0294 5860 ACPI (192bdbd1540645c4a2aa69f24cce197f) C:\Windows\system32\drivers\acpi.sys
2011/05/06 09:32:22.0356 5860 adp94xx (2edc5bbac6c651ece337bde8ed97c9fb) C:\Windows\system32\drivers\adp94xx.sys
2011/05/06 09:32:22.0410 5860 adpahci (b84088ca3cdca97da44a984c6ce1ccad) C:\Windows\system32\drivers\adpahci.sys
2011/05/06 09:32:22.0459 5860 adpu160m (7880c67bccc27c86fd05aa2afb5ea469) C:\Windows\system32\drivers\adpu160m.sys
2011/05/06 09:32:22.0532 5860 adpu320 (9ae713f8e30efc2abccd84904333df4d) C:\Windows\system32\drivers\adpu320.sys
2011/05/06 09:32:22.0600 5860 AFD (5d24caf8efd924a875698ff28384db8b) C:\Windows\system32\drivers\afd.sys
2011/05/06 09:32:22.0644 5860 agp440 (ef23439cdd587f64c2c1b8825cead7d8) C:\Windows\system32\drivers\agp440.sys
2011/05/06 09:32:22.0680 5860 aic78xx (ae1fdf7bf7bb6c6a70f67699d880592a) C:\Windows\system32\drivers\djsvs.sys
2011/05/06 09:32:22.0712 5860 aliide (90395b64600ebb4552e26e178c94b2e4) C:\Windows\system32\drivers\aliide.sys
2011/05/06 09:32:22.0881 5860 amdagp (2b13e304c9dfdfa5eb582f6a149fa2c7) C:\Windows\system32\drivers\amdagp.sys
2011/05/06 09:32:22.0909 5860 amdide (0577df1d323fe75a739c787893d300ea) C:\Windows\system32\drivers\amdide.sys
2011/05/06 09:32:22.0947 5860 AmdK7 (dc487885bcef9f28eece6fac0e5ddfc5) C:\Windows\system32\drivers\amdk7.sys
2011/05/06 09:32:22.0974 5860 AmdK8 (0ca0071da4315b00fc1328ca86b425da) C:\Windows\system32\drivers\amdk8.sys
2011/05/06 09:32:23.0144 5860 arc (5f673180268bb1fdb69c99b6619fe379) C:\Windows\system32\drivers\arc.sys
2011/05/06 09:32:23.0182 5860 arcsas (957f7540b5e7f602e44648c7de5a1c05) C:\Windows\system32\drivers\arcsas.sys
2011/05/06 09:32:23.0218 5860 AsyncMac (e86cf7ce67d5de898f27ef884dc357d8) C:\Windows\system32\DRIVERS\asyncmac.sys
2011/05/06 09:32:23.0261 5860 atapi (4f4fcb8b6ea06784fb6d475b7ec7300f) C:\Windows\system32\drivers\atapi.sys
2011/05/06 09:32:23.0358 5860 AVerM115S (c4681614d490f83518d5c9bc5b66645f) C:\Windows\system32\DRIVERS\AVerM115S.sys
2011/05/06 09:32:23.0441 5860 Beep (ac3dd1708b22761ebd7cbe14dcc3b5d7) C:\Windows\system32\drivers\Beep.sys
2011/05/06 09:32:23.0560 5860 bowser (913cd06fbe9105ce6077e90fd4418561) C:\Windows\system32\DRIVERS\bowser.sys
2011/05/06 09:32:23.0610 5860 BrFiltLo (9f9acc7f7ccde8a15c282d3f88b43309) C:\Windows\system32\drivers\brfiltlo.sys
2011/05/06 09:32:23.0643 5860 BrFiltUp (56801ad62213a41f6497f96dee83755a) C:\Windows\system32\drivers\brfiltup.sys
2011/05/06 09:32:23.0733 5860 Brserid (b304e75cff293029eddf094246747113) C:\Windows\system32\drivers\brserid.sys
2011/05/06 09:32:23.0778 5860 BrSerWdm (203f0b1e73adadbbb7b7b1fabd901f6b) C:\Windows\system32\drivers\brserwdm.sys
2011/05/06 09:32:23.0815 5860 BrUsbMdm (bd456606156ba17e60a04e18016ae54b) C:\Windows\system32\drivers\brusbmdm.sys
2011/05/06 09:32:23.0847 5860 BrUsbSer (af72ed54503f717a43268b3cc5faec2e) C:\Windows\system32\drivers\brusbser.sys
2011/05/06 09:32:23.0885 5860 BTHMODEM (ad07c1ec6665b8b35741ab91200c6b68) C:\Windows\system32\drivers\bthmodem.sys
2011/05/06 09:32:23.0954 5860 BVRPMPR5 (582dab5108a2cd2e43c679f899a2d7ea) C:\Windows\system32\drivers\BVRPMPR5.SYS
2011/05/06 09:32:23.0985 5860 cdfs (6c3a437fc873c6f6a4fc620b6888cb86) C:\Windows\system32\DRIVERS\cdfs.sys
2011/05/06 09:32:24.0035 5860 cdrom (8d1866e61af096ae8b582454f5e4d303) C:\Windows\system32\DRIVERS\cdrom.sys
2011/05/06 09:32:24.0073 5860 circlass (da8e0afc7baa226c538ef53ac2f90897) C:\Windows\system32\drivers\circlass.sys
2011/05/06 09:32:24.0108 5860 CLFS (51b4b82560e49c415ae5b1337d635c3f) C:\Windows\system32\CLFS.sys
2011/05/06 09:32:24.0146 5860 cmdide (45201046c776ffdaf3fc8a0029c581c8) C:\Windows\system32\drivers\cmdide.sys
2011/05/06 09:32:24.0161 5860 Compbatt (82b8c91d327cfecf76cb58716f7d4997) C:\Windows\system32\drivers\compbatt.sys
2011/05/06 09:32:24.0202 5860 crcdisk (2a213ae086bbec5e937553c7d9a2b22c) C:\Windows\system32\drivers\crcdisk.sys
2011/05/06 09:32:24.0221 5860 Crusoe (22a7f883508176489f559ee745b5bf5d) C:\Windows\system32\drivers\crusoe.sys
2011/05/06 09:32:24.0286 5860 DfsC (a7179de59ae269ab70345527894ccd7c) C:\Windows\system32\Drivers\dfsc.sys
2011/05/06 09:32:24.0329 5860 disk (841af4c4d41d3e3b2f244e976b0f7963) C:\Windows\system32\drivers\disk.sys
2011/05/06 09:32:24.0397 5860 drmkaud (ee472cd2c01f6f8e8aa1fa06ffef61b6) C:\Windows\system32\drivers\drmkaud.sys
2011/05/06 09:32:24.0466 5860 dtsoftbus01 (555e54ac2f601a8821cef58961653991) C:\Windows\system32\DRIVERS\dtsoftbus01.sys
2011/05/06 09:32:24.0529 5860 DXGKrnl (f032a2f91287a0b800891c7bef9ca7a8) C:\Windows\System32\drivers\dxgkrnl.sys
2011/05/06 09:32:24.0597 5860 e1express (04944f4fc4f0477185f5d26ae0ddb90e) C:\Windows\system32\DRIVERS\e1e6032.sys
2011/05/06 09:32:24.0650 5860 E1G60 (f88fb26547fd2ce6d0a5af2985892c48) C:\Windows\system32\DRIVERS\E1G60I32.sys
2011/05/06 09:32:24.0754 5860 Ecache (0efc7531b936ee57fdb4e837664c509f) C:\Windows\system32\drivers\ecache.sys
2011/05/06 09:32:24.0882 5860 elxstor (e8f3f21a71720c84bcf423b80028359f) C:\Windows\system32\drivers\elxstor.sys
2011/05/06 09:32:25.0059 5860 fastfat (84a317cb0b3954d3768cdcd018dbf670) C:\Windows\system32\drivers\fastfat.sys
2011/05/06 09:32:25.0114 5860 fdc (63bdada84951b9c03e641800e176898a) C:\Windows\system32\DRIVERS\fdc.sys
2011/05/06 09:32:25.0162 5860 FileInfo (65773d6115c037ffd7ef8280ae85eb9d) C:\Windows\system32\drivers\fileinfo.sys
2011/05/06 09:32:25.0178 5860 Filetrace (c226dd0de060745f3e042f58dcf78402) C:\Windows\system32\drivers\filetrace.sys
2011/05/06 09:32:25.0216 5860 flpydisk (6603957eff5ec62d25075ea8ac27de68) C:\Windows\system32\DRIVERS\flpydisk.sys
2011/05/06 09:32:25.0267 5860 FltMgr (a6a8da7ae4d53394ab22ac3ab6d3f5d3) C:\Windows\system32\drivers\fltmgr.sys
2011/05/06 09:32:25.0300 5860 Fs_Rec (66a078591208baa210c7634b11eb392c) C:\Windows\system32\drivers\Fs_Rec.sys
2011/05/06 09:32:25.0330 5860 gagp30kx (4e1cd0a45c50a8882616cae5bf82f3c5) C:\Windows\system32\drivers\gagp30kx.sys
2011/05/06 09:32:25.0448 5860 GarenaPEngine (97590bdd20e90546045982f6ea24eb1e) C:\Users\adm\AppData\Local\Temp\ELA9043.tmp
2011/05/06 09:32:25.0541 5860 GEARAspiWDM (8182ff89c65e4d38b2de4bb0fb18564e) C:\Windows\system32\DRIVERS\GEARAspiWDM.sys
2011/05/06 09:32:25.0823 5860 hamachi (833051c6c6c42117191935f734cfbd97) C:\Windows\system32\DRIVERS\hamachi.sys
2011/05/06 09:32:25.0879 5860 HdAudAddService (cb04c744be0a61b1d648faed182c3b59) C:\Windows\system32\drivers\HdAudio.sys
2011/05/06 09:32:25.0910 5860 HDAudBus (0db613a7e427b5663563677796fd5258) C:\Windows\system32\DRIVERS\HDAudBus.sys
2011/05/06 09:32:25.0943 5860 HidBth (1338520e78d90154ed6be8f84de5fceb) C:\Windows\system32\drivers\hidbth.sys
2011/05/06 09:32:25.0967 5860 HidIr (ff3160c3a2445128c5a6d9b076da519e) C:\Windows\system32\drivers\hidir.sys
2011/05/06 09:32:26.0001 5860 HidUsb (3c64042b95e583b366ba4e5d2450235e) C:\Windows\system32\DRIVERS\hidusb.sys
2011/05/06 09:32:26.0043 5860 HpCISSs (df353b401001246853763c4b7aaa6f50) C:\Windows\system32\drivers\hpcisss.sys
2011/05/06 09:32:26.0068 5860 HTTP (f31d27ccf514549a17e79bebe01b40b6) C:\Windows\system32\drivers\HTTP.sys
2011/05/06 09:32:26.0134 5860 i2omp (324c2152ff2c61abae92d09f3cca4d63) C:\Windows\system32\drivers\i2omp.sys
2011/05/06 09:32:26.0191 5860 i8042prt (1060f1377f395a242e27719440ece602) C:\Windows\system32\DRIVERS\i8042prt.sys
2011/05/06 09:32:26.0236 5860 iaStorV (c957bf4b5d80b46c5017bf0101e6c906) C:\Windows\system32\drivers\iastorv.sys
2011/05/06 09:32:26.0396 5860 igfx (a9221d13d8f1f772010ee293ba9baeb7) C:\Windows\system32\DRIVERS\igdkmd32.sys
2011/05/06 09:32:26.0509 5860 iirsp (2d077bf86e843f901d8db709c95b49a5) C:\Windows\system32\drivers\iirsp.sys
2011/05/06 09:32:26.0596 5860 int15 (c6e5276c00ebdeb096bb5ef4b797d1b6) C:\Acer\Empowering Technology\eRecovery\int15.sys
2011/05/06 09:32:26.0771 5860 IntcAzAudAddService (75334eceef6f39eec569f2f445254eda) C:\Windows\system32\drivers\RTKVHDA.sys
2011/05/06 09:32:27.0009 5860 intelide (97469037714070e45194ed318d636401) C:\Windows\system32\drivers\intelide.sys
2011/05/06 09:32:27.0069 5860 intelppm (ce44cc04262f28216dd4341e9e36a16f) C:\Windows\system32\DRIVERS\intelppm.sys
2011/05/06 09:32:27.0127 5860 IpFilterDriver (880c6f86cc3f551b8fea2c11141268c0) C:\Windows\system32\DRIVERS\ipfltdrv.sys
2011/05/06 09:32:27.0271 5860 IPMIDRV (40f34f8aba2a015d780e4b09138b6c17) C:\Windows\system32\drivers\ipmidrv.sys
2011/05/06 09:32:27.0348 5860 IPNAT (10077c35845101548037df04fd1a420b) C:\Windows\system32\DRIVERS\ipnat.sys
2011/05/06 09:32:27.0447 5860 IRENUM (a82f328f4792304184642d6d397bb1e3) C:\Windows\system32\drivers\irenum.sys
2011/05/06 09:32:27.0578 5860 isapnp (350fca7e73cf65bcef43fae1e4e91293) C:\Windows\system32\drivers\isapnp.sys
2011/05/06 09:32:27.0607 5860 iScsiPrt (4dca456d4d5723f8fa9c6760d240b0df) C:\Windows\system32\DRIVERS\msiscsi.sys
2011/05/06 09:32:27.0634 5860 iteatapi (bced60d16156e428f8df8cf27b0df150) C:\Windows\system32\drivers\iteatapi.sys
2011/05/06 09:32:27.0661 5860 iteraid (06fa654504a498c30adca8bec4e87e7e) C:\Windows\system32\drivers\iteraid.sys
2011/05/06 09:32:27.0689 5860 kbdclass (1a48765f92ba1a88445fc25c9c9d94fc) C:\Windows\system32\DRIVERS\kbdclass.sys
2011/05/06 09:32:27.0715 5860 kbdhid (d2600cb17b7408b4a83f231dc9a11ac3) C:\Windows\system32\DRIVERS\kbdhid.sys
2011/05/06 09:32:27.0761 5860 KSecDD (11d0bc1f2afd8abbb5a3dc47a042de54) C:\Windows\system32\Drivers\ksecdd.sys
2011/05/06 09:32:27.0821 5860 lltdio (fd015b4f95daa2b712f0e372a116fbad) C:\Windows\system32\DRIVERS\lltdio.sys
2011/05/06 09:32:27.0879 5860 LSI_FC (a2262fb9f28935e862b4db46438c80d2) C:\Windows\system32\drivers\lsi_fc.sys
2011/05/06 09:32:27.0926 5860 LSI_SAS (30d73327d390f72a62f32c103daf1d6d) C:\Windows\system32\drivers\lsi_sas.sys
2011/05/06 09:32:27.0969 5860 LSI_SCSI (e1e36fefd45849a95f1ab81de0159fe3) C:\Windows\system32\drivers\lsi_scsi.sys
2011/05/06 09:32:28.0010 5860 luafv (42885bb44b6e065b8575a8dd6c430c52) C:\Windows\system32\drivers\luafv.sys
2011/05/06 09:32:28.0061 5860 megasas (d153b14fc6598eae8422a2037553adce) C:\Windows\system32\drivers\megasas.sys
2011/05/06 09:32:28.0213 5860 Modem (21755967298a46fb6adfec9db6012211) C:\Windows\system32\drivers\modem.sys
2011/05/06 09:32:28.0352 5860 monitor (ec839ba91e45cce6eadafc418fff8206) C:\Windows\system32\DRIVERS\monitor.sys
2011/05/06 09:32:28.0400 5860 mouclass (3c9469dfb3440555dab070716d768b1e) C:\Windows\system32\DRIVERS\mouclass.sys
2011/05/06 09:32:28.0434 5860 mouhid (a3a6dff7e9e757db3df51a833bc28885) C:\Windows\system32\DRIVERS\mouhid.sys
2011/05/06 09:32:28.0544 5860 MountMgr (01f1e5a3e4877c931cbb31613fec16a6) C:\Windows\system32\drivers\mountmgr.sys
2011/05/06 09:32:28.0604 5860 mpio (583a41f26278d9e0ea548163d6139397) C:\Windows\system32\drivers\mpio.sys
2011/05/06 09:32:28.0640 5860 mpsdrv (6e7a7f0c1193ee5648443fe2d4b789ec) C:\Windows\system32\drivers\mpsdrv.sys
2011/05/06 09:32:28.0678 5860 Mraid35x (4fbbb70d30fd20ec51f80061703b001e) C:\Windows\system32\drivers\mraid35x.sys
2011/05/06 09:32:28.0745 5860 MRxDAV (93224014a418b72356462b8f7de6e8c9) C:\Windows\system32\drivers\mrxdav.sys
2011/05/06 09:32:28.0819 5860 mrxsmb (fca7563d87f71c6db0182ca67cc19aa7) C:\Windows\system32\DRIVERS\mrxsmb.sys
2011/05/06 09:32:28.0847 5860 mrxsmb10 (58a9ab5754fa4cabede7401283b5a771) C:\Windows\system32\DRIVERS\mrxsmb10.sys
2011/05/06 09:32:28.0871 5860 mrxsmb20 (79b09504e4a790104683722cd04f76b4) C:\Windows\system32\DRIVERS\mrxsmb20.sys
2011/05/06 09:32:28.0899 5860 msahci (742aed7939e734c36b7e8d6228ce26b7) C:\Windows\system32\drivers\msahci.sys
2011/05/06 09:32:28.0942 5860 msdsm (3fc82a2ae4cc149165a94699183d3028) C:\Windows\system32\drivers\msdsm.sys
2011/05/06 09:32:28.0983 5860 Msfs (729eafefd4e7417165f353a18dbe947d) C:\Windows\system32\drivers\Msfs.sys
2011/05/06 09:32:29.0025 5860 msisadrv (5f454a16a5146cd91a176d70f0cfa3ec) C:\Windows\system32\drivers\msisadrv.sys
2011/05/06 09:32:29.0059 5860 MSKSSRV (892cedefa7e0ffe7be8da651b651d047) C:\Windows\system32\drivers\MSKSSRV.sys
2011/05/06 09:32:29.0169 5860 MSPCLOCK (ae2cb1da69b2676b4cee2a501af5871c) C:\Windows\system32\drivers\MSPCLOCK.sys
2011/05/06 09:32:29.0204 5860 MSPQM (f910da84fa90c44a3addb7cd874463fd) C:\Windows\system32\drivers\MSPQM.sys
2011/05/06 09:32:29.0260 5860 MsRPC (84571c0ae07647ba38d493f5f0015df7) C:\Windows\system32\drivers\MsRPC.sys
2011/05/06 09:32:29.0367 5860 mssmbios (4385c80ede885e25492d408cad91bd6f) C:\Windows\system32\DRIVERS\mssmbios.sys
2011/05/06 09:32:29.0422 5860 MSTEE (c826dd1373f38afd9ca46ec3c436a14e) C:\Windows\system32\drivers\MSTEE.sys
2011/05/06 09:32:29.0450 5860 Mup (fa7aa70050cf5e2d15de00941e5665e5) C:\Windows\system32\Drivers\mup.sys
2011/05/06 09:32:29.0563 5860 NativeWifiP (497de786240303ee67ab01f5690c24c2) C:\Windows\system32\DRIVERS\nwifi.sys
2011/05/06 09:32:29.0648 5860 NDIS (227c11e1e7cf6ef8afb2a238d209760c) C:\Windows\system32\drivers\ndis.sys
2011/05/06 09:32:29.0714 5860 NdisTapi (7584f1794b23b83d63cc124a8c56d103) C:\Windows\system32\DRIVERS\ndistapi.sys
2011/05/06 09:32:29.0735 5860 Ndisuio (5de5ee546bf40838ebe0e01cb629df64) C:\Windows\system32\DRIVERS\ndisuio.sys
2011/05/06 09:32:29.0762 5860 NdisWan (397402adcbb8946223a1950101f6cd94) C:\Windows\system32\DRIVERS\ndiswan.sys
2011/05/06 09:32:29.0781 5860 NDProxy (874c12e3ad1431cabc854697d302c563) C:\Windows\system32\drivers\NDProxy.sys
2011/05/06 09:32:29.0847 5860 NetBIOS (356dbb9f98e8dc1028dd3092fceeb877) C:\Windows\system32\DRIVERS\netbios.sys
2011/05/06 09:32:29.0900 5860 netbt (e3a168912e7eefc3bd3b814720d68b41) C:\Windows\system32\DRIVERS\netbt.sys
2011/05/06 09:32:30.0003 5860 netr73 (2dd6bb85c8bdae6116565ab5beca4f7c) C:\Windows\system32\DRIVERS\netr73.sys
2011/05/06 09:32:30.0145 5860 nfrd960 (2e7fb731d4790a1bc6270accefacb36e) C:\Windows\system32\drivers\nfrd960.sys
2011/05/06 09:32:30.0268 5860 NPF (d21fee8db254ba762656878168ac1db6) C:\Windows\system32\drivers\npf.sys
2011/05/06 09:32:30.0298 5860 Npfs (4f9832beb9fafd8ceb0e541f1323b26e) C:\Windows\system32\drivers\Npfs.sys
2011/05/06 09:32:30.0512 5860 nsiproxy (b488dfec274de1fc9d653870ef2587be) C:\Windows\system32\drivers\nsiproxy.sys
2011/05/06 09:32:30.0594 5860 Ntfs (3f379380a4a2637f559444e338cf1b51) C:\Windows\system32\drivers\Ntfs.sys
2011/05/06 09:32:30.0745 5860 NTIDrvr (7f1c1f78d709c4a54cbb46ede7e0b48d) C:\Windows\system32\DRIVERS\NTIDrvr.sys
2011/05/06 09:32:30.0776 5860 ntrigdigi (e875c093aec0c978a90f30c9e0dfbb72) C:\Windows\system32\drivers\ntrigdigi.sys
2011/05/06 09:32:30.0884 5860 Null (ec5efb3c60f1b624648344a328bce596) C:\Windows\system32\drivers\Null.sys
2011/05/06 09:32:30.0939 5860 nvraid (e69e946f80c1c31c53003bfbf50cbb7c) C:\Windows\system32\drivers\nvraid.sys
2011/05/06 09:32:30.0980 5860 nvstor (9e0ba19a28c498a6d323d065db76dffc) C:\Windows\system32\drivers\nvstor.sys
2011/05/06 09:32:31.0137 5860 nv_agp (07c186427eb8fcc3d8d7927187f260f7) C:\Windows\system32\drivers\nv_agp.sys
2011/05/06 09:32:31.0282 5860 ohci1394 (be32da025a0be1878f0ee8d6d9386cd5) C:\Windows\system32\DRIVERS\ohci1394.sys
2011/05/06 09:32:31.0346 5860 OmniTV (364377fabde4552f1a6dc32d77d4bc74) C:\Windows\system32\DRIVERS\OmniTV.sys
2011/05/06 09:32:31.0412 5860 Parport (0fa9b5055484649d63c303fe404e5f4d) C:\Windows\system32\drivers\parport.sys
2011/05/06 09:32:31.0436 5860 partmgr (555a5b2c8022983bc7467bc925b222ee) C:\Windows\system32\drivers\partmgr.sys
2011/05/06 09:32:31.0461 5860 Parvdm (4f9a6a8a31413180d0fcb279ad5d8112) C:\Windows\system32\drivers\parvdm.sys
2011/05/06 09:32:31.0482 5860 pci (1085d75657807e0e8b32f9e19a1647c3) C:\Windows\system32\drivers\pci.sys
2011/05/06 09:32:31.0505 5860 pciide (3b1901e401473e03eb8c874271e50c26) C:\Windows\system32\drivers\pciide.sys
2011/05/06 09:32:31.0559 5860 pcmcia (e6f3fb1b86aa519e7698ad05e58b04e5) C:\Windows\system32\drivers\pcmcia.sys
2011/05/06 09:32:31.0684 5860 pcouffin (5b6c11de7e839c05248ced8825470fef) C:\Windows\system32\Drivers\pcouffin.sys
2011/05/06 09:32:31.0941 5860 PCTCore (6ef125721a9f1f7dbf3229786f7decd0) C:\Windows\system32\drivers\PCTCore.sys
2011/05/06 09:32:32.0056 5860 pctDS (f820b4c61d1e591325b679d479d4eea4) C:\Windows\system32\drivers\pctDS.sys
2011/05/06 09:32:32.0134 5860 PEAUTH (6349f6ed9c623b44b52ea3c63c831a92) C:\Windows\system32\drivers\peauth.sys
2011/05/06 09:32:32.0376 5860 PptpMiniport (c04dec5ace67c5247b150c4223970bb7) C:\Windows\system32\DRIVERS\raspptp.sys
2011/05/06 09:32:32.0408 5860 Processor (0e3cef5d28b40cf273281d620c50700a) C:\Windows\system32\drivers\processr.sys
2011/05/06 09:32:32.0450 5860 PSched (b74edf14453c9987e99e66535047ebee) C:\Windows\system32\DRIVERS\pacer.sys
2011/05/06 09:32:32.0482 5860 PSDFilter (e801d5cc24e1cf18fa87d24d7074b876) C:\Windows\system32\DRIVERS\psdfilter.sys
2011/05/06 09:32:32.0614 5860 PSDNServ (24b5e3429f7f0e779fc2e6e36a0a5f73) C:\Windows\system32\drivers\PSDNServ.sys
2011/05/06 09:32:32.0663 5860 psdvdisk (01cbfd08c0e8a6106bb26fcda297154e) C:\Windows\system32\drivers\psdvdisk.sys
2011/05/06 09:32:32.0718 5860 ql2300 (ccdac889326317792480c0a67156a1ec) C:\Windows\system32\drivers\ql2300.sys
2011/05/06 09:32:32.0803 5860 ql40xx (81a7e5c076e59995d54bc1ed3a16e60b) C:\Windows\system32\drivers\ql40xx.sys
2011/05/06 09:32:32.0842 5860 QWAVEdrv (d2b3e2b7426dc23e185fbc73c8936c12) C:\Windows\system32\drivers\qwavedrv.sys
2011/05/06 09:32:32.0864 5860 RasAcd (bd7b30f55b3649506dd8b3d38f571d2a) C:\Windows\system32\DRIVERS\rasacd.sys
2011/05/06 09:32:32.0899 5860 Rasl2tp (68b0019fee429ec49d29017af937e482) C:\Windows\system32\DRIVERS\rasl2tp.sys
2011/05/06 09:32:32.0964 5860 RasPppoe (ccf4e9c6cbbac81437f88cb2ae0b6c96) C:\Windows\system32\DRIVERS\raspppoe.sys
2011/05/06 09:32:33.0004 5860 rdbss (54129c5d9581bbec8bd1ebd3ba813f47) C:\Windows\system32\DRIVERS\rdbss.sys
2011/05/06 09:32:33.0036 5860 RDPCDD (794585276b5d7fca9f3fc15543f9f0b9) C:\Windows\system32\DRIVERS\RDPCDD.sys
2011/05/06 09:32:33.0114 5860 rdpdr (e8bd98d46f2ed77132ba927fccb47d8b) C:\Windows\system32\drivers\rdpdr.sys
2011/05/06 09:32:33.0178 5860 RDPENCDD (980b56e2e273e19d3a9d72d5c420f008) C:\Windows\system32\drivers\rdpencdd.sys
2011/05/06 09:32:33.0276 5860 RDPWD (8830e790a74a96605faba74f9665bb3c) C:\Windows\system32\drivers\RDPWD.sys
2011/05/06 09:32:33.0354 5860 rspndr (97e939d2128fec5d5a3e6e79b290a2f4) C:\Windows\system32\DRIVERS\rspndr.sys
2011/05/06 09:32:33.0415 5860 RTL8187 (37027dcdccbcab0dd1cfd35d7643aac5) C:\Windows\system32\DRIVERS\wg111v2.sys
2011/05/06 09:32:33.0497 5860 sbp2port (f4cd2396b2ad37035a839b963b8cf56a) C:\Windows\system32\DRIVERS\sbp2port.sys
2011/05/06 09:32:33.0599 5860 SCMNdisP (3b68015683c27cb00c7a6b60a37cbcfd) C:\Windows\system32\DRIVERS\scmndisp.sys
2011/05/06 09:32:33.0730 5860 secdrv (90a3935d05b494a5a39d37e71f09a677) C:\Windows\system32\drivers\secdrv.sys
2011/05/06 09:32:33.0789 5860 Serenum (68e44e331d46f0fb38f0863a84cd1a31) C:\Windows\system32\drivers\serenum.sys
2011/05/06 09:32:33.0822 5860 Serial (c70d69a918b178d3c3b06339b40c2e1b) C:\Windows\system32\drivers\serial.sys
2011/05/06 09:32:33.0840 5860 sermouse (fd06895f55c0bec3cbd84bda14e1c6b7) C:\Windows\system32\drivers\sermouse.sys
2011/05/06 09:32:33.0895 5860 sffdisk (103b79418da647736ee95645f305f68a) C:\Windows\system32\drivers\sffdisk.sys
2011/05/06 09:32:33.0915 5860 sffp_mmc (8fd08a310645fe872eeec6e08c6bf3ee) C:\Windows\system32\drivers\sffp_mmc.sys
2011/05/06 09:32:33.0939 5860 sffp_sd (9cfa05fcfcb7124e69cfc812b72f9614) C:\Windows\system32\drivers\sffp_sd.sys
2011/05/06 09:32:33.0956 5860 sfloppy (46ed8e91793b2e6f848015445a0ac188) C:\Windows\system32\drivers\sfloppy.sys
2011/05/06 09:32:34.0005 5860 sisagp (d2a595d6eebeeaf4334f8e50efbc9931) C:\Windows\system32\drivers\sisagp.sys
2011/05/06 09:32:34.0025 5860 SiSRaid2 (cedd6f4e7d84e9f98b34b3fe988373aa) C:\Windows\system32\drivers\sisraid2.sys
2011/05/06 09:32:34.0054 5860 SiSRaid4 (df843c528c4f69d12ce41ce462e973a7) C:\Windows\system32\drivers\sisraid4.sys
2011/05/06 09:32:34.0089 5860 Smb (ac0d90738adb51a6fd12ff00874a2162) C:\Windows\system32\DRIVERS\smb.sys
2011/05/06 09:32:34.0199 5860 sony_ssm.sys (e260979edc537ff7f9fe01d78ae07667) C:\Users\adm\AppData\Local\Temp\sony_ssm.sys
2011/05/06 09:32:34.0290 5860 spldr (426f9b029aa9162ceccf65369457d046) C:\Windows\system32\drivers\spldr.sys
2011/05/06 09:32:34.0351 5860 sptd (71e276f6d189413266ea22171806597b) C:\Windows\System32\Drivers\sptd.sys
2011/05/06 09:32:34.0421 5860 srv (2c677528b24d64d22886ecbe5cd97f20) C:\Windows\system32\DRIVERS\srv.sys
2011/05/06 09:32:34.0480 5860 srv2 (382baf4dcbd7648ced6c64a8a1e335b2) C:\Windows\system32\DRIVERS\srv2.sys
2011/05/06 09:32:34.0510 5860 srvnet (f8e47a77e1690d8574962b69cb22beb3) C:\Windows\system32\DRIVERS\srvnet.sys
2011/05/06 09:32:34.0627 5860 swenum (1379bdb336f8158c176a465e30759f57) C:\Windows\system32\DRIVERS\swenum.sys
2011/05/06 09:32:34.0657 5860 Symc8xx (192aa3ac01df071b541094f251deed10) C:\Windows\system32\drivers\symc8xx.sys
2011/05/06 09:32:34.0786 5860 Sym_hi (8c8eb8c76736ebaf3b13b633b2e64125) C:\Windows\system32\drivers\sym_hi.sys
2011/05/06 09:32:34.0831 5860 Sym_u3 (8072af52b5fd103bbba387a1e49f62cb) C:\Windows\system32\drivers\sym_u3.sys
2011/05/06 09:32:34.0892 5860 taphss (0c3b2a9c4bd2dd9a6c2e4084314dd719) C:\Windows\system32\DRIVERS\taphss.sys
2011/05/06 09:32:34.0967 5860 Tcpip (d944522b048a5feb7700b5170d3d9423) C:\Windows\system32\drivers\tcpip.sys
2011/05/06 09:32:35.0217 5860 Tcpip6 (d944522b048a5feb7700b5170d3d9423) C:\Windows\system32\DRIVERS\tcpip.sys
2011/05/06 09:32:35.0275 5860 tcpipreg (5ce0c4a7b12d0067dad527d72b68c726) C:\Windows\system32\drivers\tcpipreg.sys
2011/05/06 09:32:35.0310 5860 TDPIPE (964248aef49c31fa6a93201a73ffaf50) C:\Windows\system32\drivers\tdpipe.sys
2011/05/06 09:32:35.0333 5860 TDTCP (7d2c1ae1648a60fce4aa0f7982e419d3) C:\Windows\system32\drivers\tdtcp.sys
2011/05/06 09:32:35.0380 5860 tdx (ab4fde8af4a0270a46a001c08cbce1c2) C:\Windows\system32\DRIVERS\tdx.sys
2011/05/06 09:32:35.0431 5860 TermDD (2c549bd9dd091fbfaa0a2a48e82ec2fb) C:\Windows\system32\DRIVERS\termdd.sys
2011/05/06 09:32:35.0498 5860 tssecsrv (29f0eca726f0d51f7e048bdb0b372f29) C:\Windows\system32\DRIVERS\tssecsrv.sys
2011/05/06 09:32:35.0525 5860 tunmp (a858917785681743c512950fdfa14db7) C:\Windows\system32\DRIVERS\tunmp.sys
2011/05/06 09:32:35.0549 5860 tunnel (29f1d1d888ee61d20d5662e72aa34129) C:\Windows\system32\DRIVERS\tunnel.sys
2011/05/06 09:32:35.0585 5860 uagp35 (c3ade15414120033a36c0f293d4a4121) C:\Windows\system32\drivers\uagp35.sys
2011/05/06 09:32:35.0615 5860 udfs (6348da98707ceda8a0dfb05820e17732) C:\Windows\system32\DRIVERS\udfs.sys
2011/05/06 09:32:35.0724 5860 uliagpkx (75e6890ebfce0841d3291b02e7a8bdb0) C:\Windows\system32\drivers\uliagpkx.sys
2011/05/06 09:32:35.0824 5860 uliahci (3cd4ea35a6221b85dcc25daa46313f8d) C:\Windows\system32\drivers\uliahci.sys
2011/05/06 09:32:35.0914 5860 UlSata (8514d0e5cd0534467c5fc61be94a569f) C:\Windows\system32\drivers\ulsata.sys
2011/05/06 09:32:35.0965 5860 ulsata2 (38c3c6e62b157a6bc46594fada45c62b) C:\Windows\system32\drivers\ulsata2.sys
2011/05/06 09:32:36.0007 5860 umbus (3fb78f1d1dd86d87bececd9dffa24dd9) C:\Windows\system32\DRIVERS\umbus.sys
2011/05/06 09:32:36.0091 5860 USBAAPL (1df89c499bf45d878b87ebd4421d462d) C:\Windows\system32\Drivers\usbaapl.sys
2011/05/06 09:32:36.0164 5860 usbaudio (f6bf998ae33e3fb6c7d27f0560f1173f) C:\Windows\system32\drivers\usbaudio.sys
2011/05/06 09:32:36.0335 5860 usbccgp (0916972fb98080355ac1e9a4f92183f7) C:\Windows\system32\DRIVERS\usbccgp.sys
2011/05/06 09:32:36.0406 5860 usbcir (e9476e6c486e76bc4898074768fb7131) C:\Windows\system32\drivers\usbcir.sys
2011/05/06 09:32:36.0486 5860 usbehci (fb50f987304f907a0103b14a5f2f2344) C:\Windows\system32\DRIVERS\usbehci.sys
2011/05/06 09:32:36.0538 5860 usbhub (16675ab7e199635086ab0556137371f5) C:\Windows\system32\DRIVERS\usbhub.sys
2011/05/06 09:32:36.0619 5860 usbohci (38dbc7dd6cc5a72011f187425384388b) C:\Windows\system32\drivers\usbohci.sys
2011/05/06 09:32:36.0674 5860 usbprint (b51e52acf758be00ef3a58ea452fe360) C:\Windows\system32\drivers\usbprint.sys
2011/05/06 09:32:36.0754 5860 USBSTOR (7887ce56934e7f104e98c975f47353c5) C:\Windows\system32\DRIVERS\USBSTOR.SYS
2011/05/06 09:32:36.0801 5860 usbuhci (165bb1f0801118dc86aa3fc87d3d101c) C:\Windows\system32\DRIVERS\usbuhci.sys
2011/05/06 09:32:36.0899 5860 vga (7d92be0028ecdedec74617009084b5ef) C:\Windows\system32\DRIVERS\vgapnp.sys
2011/05/06 09:32:36.0962 5860 VgaSave (17a8f877314e4067f8c8172cc6d9101c) C:\Windows\System32\drivers\vga.sys
2011/05/06 09:32:37.0036 5860 viaagp (045d9961e591cf0674a920b6ba3ba5cb) C:\Windows\system32\drivers\viaagp.sys
2011/05/06 09:32:37.0079 5860 ViaC7 (56a4de5f02f2e88182b0981119b4dd98) C:\Windows\system32\drivers\viac7.sys
2011/05/06 09:32:37.0129 5860 viaide (fd2e3175fcada350c7ab4521dca187ec) C:\Windows\system32\drivers\viaide.sys
2011/05/06 09:32:37.0178 5860 volmgr (103e84c95832d0ed93507997cc7b54e8) C:\Windows\system32\drivers\volmgr.sys
2011/05/06 09:32:37.0224 5860 volmgrx (294da8d3f965f6a8db934a83c7b461ff) C:\Windows\system32\drivers\volmgrx.sys
2011/05/06 09:32:37.0302 5860 volsnap (11ef6c1caef76b685233450a126125d6) C:\Windows\system32\drivers\volsnap.sys
2011/05/06 09:32:37.0349 5860 vsmraid (d984439746d42b30fc65a4c3546c6829) C:\Windows\system32\drivers\vsmraid.sys
2011/05/06 09:32:37.0479 5860 VX3000 (b763b9807e6927004916c999fdb44c77) C:\Windows\system32\DRIVERS\VX3000.sys
2011/05/06 09:32:37.0830 5860 WacomPen (48dfee8f1af7c8235d4e626f0c4fe031) C:\Windows\system32\drivers\wacompen.sys
2011/05/06 09:32:38.0041 5860 Wanarp (6e1a5be9a0605f3d932ff35fba2b22b3) C:\Windows\system32\DRIVERS\wanarp.sys
2011/05/06 09:32:38.0075 5860 Wanarpv6 (6e1a5be9a0605f3d932ff35fba2b22b3) C:\Windows\system32\DRIVERS\wanarp.sys
2011/05/06 09:32:38.0137 5860 Wd (afc5ad65b991c1e205cf25cfdbf7a6f4) C:\Windows\system32\drivers\wd.sys
2011/05/06 09:32:38.0193 5860 Wdf01000 (5dfdbd5ef13e4d95be6fc108e2ed4a67) C:\Windows\system32\drivers\Wdf01000.sys
2011/05/06 09:32:38.0757 5860 WmiAcpi (701a9f884a294327e9141d73746ee279) C:\Windows\system32\drivers\wmiacpi.sys
2011/05/06 09:32:38.0847 5860 WpdUsb (2d27171b16a577ef14c1273668753485) C:\Windows\system32\DRIVERS\wpdusb.sys
2011/05/06 09:32:38.0873 5860 ws2ifsl (84620aecdcfd2a7a14e6263927d8c0ed) C:\Windows\system32\drivers\ws2ifsl.sys
2011/05/06 09:32:38.0966 5860 WUDFRd (a2aafcc8a204736296d937c7c545b53f) C:\Windows\system32\DRIVERS\WUDFRd.sys
2011/05/06 09:32:39.0519 5860 ================================================================================
2011/05/06 09:32:39.0519 5860 Scan finished
2011/05/06 09:32:39.0519 5860 ================================================================================
2011/05/06 09:32:42.0699 3864 Deinitialize success

#4 lamented2

lamented2
  • Topic Starter

  • Members
  • 19 posts
  • OFFLINE
  •  
  • Local time:05:31 AM

Posted 05 May 2011 - 06:38 PM

Here is the OTL.txt and extras.txt

OTL logfile created on: 6/05/2011 9:32:50 AM - Run 1
OTL by OldTimer - Version 3.2.22.3 Folder = D:\My DAP Downloads
Windows Vista Home Premium Edition (Version = 6.0.6000) - Type = NTWorkstation
Internet Explorer (Version = 7.0.6000.16473)
Locale: 00000C09 | Country: Australia | Language: ENA | Date Format: d/MM/yyyy

2.00 Gb Total Physical Memory | 1.00 Gb Available Physical Memory | 54.00% Memory free
4.00 Gb Paging File | 3.00 Gb Available in Paging File | 68.00% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 228.13 Gb Total Space | 58.57 Gb Free Space | 25.67% Space Free | Partition Type: NTFS
Drive D: | 227.86 Gb Total Space | 172.99 Gb Free Space | 75.92% Space Free | Partition Type: NTFS
Drive G: | 613.84 Mb Total Space | 0.00 Mb Free Space | 0.00% Space Free | Partition Type: CDFS

Computer Name: ADM-PC | User Name: adm | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2011/05/06 09:32:32 | 000,580,608 | ---- | M] (OldTimer Tools) -- D:\My DAP Downloads\OTL.exe
PRC - [2011/05/05 17:22:01 | 000,912,344 | ---- | M] (Mozilla Corporation) -- C:\Program Files\Mozilla Firefox\firefox.exe
PRC - [2011/01/20 19:20:12 | 001,305,408 | ---- | M] (DT Soft Ltd) -- C:\Program Files\DAEMON Tools Lite\DTLite.exe
PRC - [2010/11/10 17:04:22 | 002,836,656 | ---- | M] (SpeedBit Ltd.) -- C:\Program Files\DAP\DAP.exe
PRC - [2010/09/07 15:11:14 | 000,221,184 | ---- | M] (Sony DADC Austria AG.) -- C:\Windows\System32\UAService7.exe
PRC - [2009/10/07 09:03:27 | 000,323,392 | ---- | M] (BitTorrent, Inc.) -- C:\Program Files\DNA\btdna.exe
PRC - [2009/07/24 15:05:26 | 000,762,208 | ---- | M] (Microsoft Corporation) -- C:\Windows\vVX3000.exe
PRC - [2009/07/24 15:05:24 | 000,139,120 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Microsoft LifeCam\MSCamS32.exe
PRC - [2009/06/20 12:27:54 | 000,615,176 | ---- | M] (http://tortoisesvn.net) -- C:\Program Files\TortoiseSVN\bin\TSVNCache.exe
PRC - [2007/08/01 09:25:48 | 000,326,176 | ---- | M] () -- C:\Acer\Empowering Technology\SysMonitor.exe
PRC - [2007/07/04 04:40:10 | 000,053,248 | ---- | M] (Acer Inc.) -- C:\Acer\Empowering Technology\eRecovery\eRecoveryService.exe
PRC - [2007/06/22 11:33:20 | 000,269,448 | ---- | M] (CyberLink) -- C:\Program Files\Acer Arcade Live\Acer HomeMedia Connect\Kernel\DMS\CLMSServer.exe
PRC - [2007/06/21 17:04:40 | 000,269,432 | ---- | M] (CyberLink) -- C:\Program Files\Acer Arcade Live\Acer TV Share\Kernel\DMSTV\CLMSServer.exe
PRC - [2007/06/20 18:56:16 | 004,493,312 | ---- | M] (Realtek Semiconductor) -- C:\Windows\RtHDVCpl.exe
PRC - [2007/04/26 09:34:30 | 000,457,512 | ---- | M] (HiTRSUT) -- C:\Acer\Empowering Technology\eDataSecurity\eDSService.exe
PRC - [2007/04/26 09:33:36 | 000,457,216 | ---- | M] (HiTRUST) -- C:\Acer\Empowering Technology\eDataSecurity\eDSLoader.exe
PRC - [2007/04/17 11:48:12 | 000,028,672 | ---- | M] () -- C:\Acer\Empowering Technology\ePerformance\MemCheck.exe
PRC - [2006/11/02 19:45:07 | 002,923,520 | ---- | M] (Microsoft Corporation) -- C:\Windows\explorer.exe


========== Modules (SafeList) ==========

MOD - [2011/05/06 09:32:32 | 000,580,608 | ---- | M] (OldTimer Tools) -- D:\My DAP Downloads\OTL.exe
MOD - [2010/01/25 08:46:23 | 000,632,656 | ---- | M] (Microsoft Corporation) -- C:\Windows\winsxs\x86_microsoft.vc80.crt_1fc8b3b9a1e18e3b_8.0.50727.4053_none_d08d7da0442a985d\msvcr80.dll
MOD - [2010/01/25 08:46:23 | 000,554,832 | ---- | M] (Microsoft Corporation) -- C:\Windows\winsxs\x86_microsoft.vc80.crt_1fc8b3b9a1e18e3b_8.0.50727.4053_none_d08d7da0442a985d\msvcp80.dll
MOD - [2009/01/11 07:23:20 | 000,057,344 | ---- | M] (Microsoft Corporation) -- C:\Windows\winsxs\x86_microsoft.vc80.mfcloc_1fc8b3b9a1e18e3b_8.0.50727.762_none_43efccf17831d131\mfc80ENU.dll
MOD - [2008/12/04 06:22:50 | 001,093,120 | ---- | M] (Microsoft Corporation) -- C:\Windows\winsxs\x86_microsoft.vc80.mfc_1fc8b3b9a1e18e3b_8.0.50727.762_none_0c178a139ee2a7ed\mfc80u.dll
MOD - [2007/04/26 09:31:00 | 000,028,672 | ---- | M] () -- C:\Windows\System32\BatchCrypto.dll
MOD - [2007/04/26 09:30:44 | 000,063,488 | ---- | M] () -- C:\Windows\System32\ShowErrMsg.dll
MOD - [2007/04/26 09:30:40 | 000,286,720 | ---- | M] (HiTRUST) -- C:\Windows\System32\sysenv.dll
MOD - [2007/03/17 22:19:08 | 000,237,568 | ---- | M] (HiTRSUT) -- C:\Windows\System32\keyManager.dll
MOD - [2007/02/13 09:02:08 | 000,094,208 | ---- | M] (HiTRUST Inc.) -- C:\Windows\System32\MSNChatHook.dll
MOD - [2006/11/30 14:30:18 | 000,401,408 | ---- | M] (HiTRUST) -- C:\Windows\System32\CryptoAPI.dll
MOD - [2006/11/02 19:46:03 | 000,798,208 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\dbghelp.dll
MOD - [2006/11/02 19:38:57 | 001,648,128 | ---- | M] (Microsoft Corporation) -- C:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.6000.16386_none_5d07289e07e1d100\comctl32.dll


========== Win32 Services (SafeList) ==========

SRV - File not found [On_Demand | Stopped] -- -- (rpcapd) Remote Packet Capture Protocol v.0 (experimental)
SRV - File not found [Auto | Stopped] -- -- (npkcmsvc)
SRV - File not found [Auto | Stopped] -- -- (CLTNetCnService)
SRV - [2010/11/19 06:57:14 | 001,150,936 | ---- | M] (PC Tools) [On_Demand | Stopped] -- C:\Program Files\PC Tools Security\pctsSvc.exe -- (sdCoreService)
SRV - [2010/09/07 15:11:14 | 000,221,184 | ---- | M] (Sony DADC Austria AG.) [Auto | Running] -- C:\Windows\System32\UAService7.exe -- (UserAccess7) SecuROM User Access Service (V7)
SRV - [2010/03/15 14:02:36 | 000,366,840 | ---- | M] (PC Tools) [On_Demand | Stopped] -- C:\Program Files\PC Tools Security\pctsAuxs.exe -- (sdAuxService)
SRV - [2009/10/29 00:02:00 | 003,407,292 | ---- | M] (INCA Internet Co., Ltd.) [On_Demand | Stopped] -- C:\Windows\System32\GameMon.des -- (npggsvc)
SRV - [2009/07/24 15:05:24 | 000,139,120 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Microsoft LifeCam\MSCamS32.exe -- (MSCamSvc)
SRV - [2009/07/16 17:04:16 | 000,316,664 | ---- | M] (Valve Corporation) [On_Demand | Stopped] -- C:\Program Files\Common Files\Steam\SteamService.exe -- (Steam Client Service)
SRV - [2007/07/04 04:40:10 | 000,053,248 | ---- | M] (Acer Inc.) [Auto | Running] -- C:\Acer\Empowering Technology\eRecovery\eRecoveryService.exe -- (eRecoveryService)
SRV - [2007/06/22 11:33:20 | 000,269,448 | ---- | M] (CyberLink) [Auto | Running] -- C:\Program Files\Acer Arcade Live\Acer HomeMedia Connect\Kernel\DMS\CLMSServer.exe -- (Acer HomeMedia Connect Service)
SRV - [2007/06/21 17:04:40 | 000,269,432 | ---- | M] (CyberLink) [Auto | Running] -- C:\Program Files\Acer Arcade Live\Acer TV Share\Kernel\DMSTV\CLMSServer.exe -- (Acer TV Share Service)
SRV - [2007/04/26 09:34:30 | 000,457,512 | ---- | M] (HiTRSUT) [Auto | Running] -- C:\Acer\Empowering Technology\eDataSecurity\eDSService.exe -- (eDataSecurity Service)
SRV - [2007/04/17 11:48:12 | 000,028,672 | ---- | M] () [Auto | Running] -- C:\Acer\Empowering Technology\ePerformance\MemCheck.exe -- (AcerMemUsageCheckService)


========== Driver Services (SafeList) ==========

DRV - [2011/05/05 20:42:07 | 000,218,688 | ---- | M] (DT Soft Ltd) [Kernel | System | Running] -- C:\Windows\System32\drivers\dtsoftbus01.sys -- (dtsoftbus01)
DRV - [2010/11/25 10:43:00 | 000,239,168 | ---- | M] (PC Tools) [Kernel | Boot | Running] -- C:\Windows\system32\drivers\PCTCore.sys -- (PCTCore)
DRV - [2010/09/23 05:19:02 | 000,032,768 | ---- | M] (AnchorFree Inc) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\taphss.sys -- (taphss)
DRV - [2010/09/07 15:11:15 | 000,006,432 | ---- | M] (Sony DADC Austria AG.) [Kernel | On_Demand | Stopped] -- C:\Users\adm\AppData\Local\Temp\sony_ssm.sys -- (sony_ssm.sys)
DRV - [2010/09/04 14:00:14 | 000,025,616 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\Users\adm\AppData\Local\Temp\ELA9043.tmp -- (GarenaPEngine)
DRV - [2010/07/16 14:59:54 | 000,338,880 | ---- | M] (PC Tools) [Kernel | Boot | Running] -- C:\Windows\system32\drivers\pctDS.sys -- (pctDS)
DRV - [2009/07/24 15:05:26 | 001,961,328 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\VX3000.sys -- (VX3000)
DRV - [2009/04/23 11:15:06 | 000,026,176 | -H-- | M] (LogMeIn, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\hamachi.sys -- (hamachi)
DRV - [2008/09/24 17:49:34 | 000,717,296 | ---- | M] (Duplex Secure Ltd.) [Kernel | Disabled | Stopped] -- C:\Windows\System32\Drivers\sptd.sys -- (sptd)
DRV - [2007/07/03 12:05:20 | 000,015,392 | ---- | M] (Acer, Inc.) [Kernel | Auto | Running] -- C:\Acer\Empowering Technology\eRecovery\int15.sys -- (int15)
DRV - [2007/04/26 01:25:34 | 000,221,184 | ---- | M] (YUAN High-Tech Development Co. Ltd.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\OmniTV.sys -- (OmniTV)
DRV - [2007/04/13 15:22:56 | 000,228,224 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\e1e6032.sys -- (e1express) Intel®
DRV - [2007/03/27 03:30:48 | 000,049,904 | R--- | M] (Avanquest Software) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\BVRPMPR5.SYS -- (BVRPMPR5)
DRV - [2007/02/09 12:54:40 | 000,213,216 | ---- | M] (Realtek Semiconductor Corporation ) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\wg111v2.sys -- (RTL8187)
DRV - [2007/01/19 02:20:54 | 000,021,728 | ---- | M] (Windows ® Codename Longhorn DDK provider) [Kernel | Boot | Running] -- C:\Windows\system32\DRIVERS\scmndisp.sys -- (SCMNdisP)
DRV - [2006/09/29 16:41:46 | 000,247,808 | ---- | M] (Ralink Technology Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\netr73.sys -- (netr73)
DRV - [2006/08/03 16:30:48 | 000,856,832 | ---- | M] (AVerMedia TECHNOLOGIES, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\AVerM115S.sys -- (AVerM115S)
DRV - [2005/08/03 07:10:13 | 000,032,512 | ---- | M] (CACE Technologies) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\npf.sys -- (NPF)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm


IE - HKU\.DEFAULT\SOFTWARE\Microsoft\Internet Explorer\Main,Secondary Start Pages = http://global.acer.com [binary data]
IE - HKU\.DEFAULT\..\URLSearchHook: {A3BC75A2-1F87-4686-AA43-5347D756017C} - Reg Error: Key error. File not found
IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 1
IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyServer" = http=127.0.0.1:55151

IE - HKU\S-1-5-18\SOFTWARE\Microsoft\Internet Explorer\Main,Secondary Start Pages = http://global.acer.com [binary data]
IE - HKU\S-1-5-18\..\URLSearchHook: {A3BC75A2-1F87-4686-AA43-5347D756017C} - Reg Error: Key error. File not found
IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 1
IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyServer" = http=127.0.0.1:55151



IE - HKU\S-1-5-21-3512897752-3335045268-2292349305-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 1
IE - HKU\S-1-5-21-3512897752-3335045268-2292349305-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = <local>
IE - HKU\S-1-5-21-3512897752-3335045268-2292349305-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyServer" = http=127.0.0.1:63515

========== FireFox ==========

FF - prefs.js..browser.startup.homepage: "http://www.google.com.au/"
FF - prefs.js..extensions.enabledItems: {F17C1572-C9EC-4e5c-A542-D05CBB5C5A08}:9.5.0.0
FF - prefs.js..extensions.enabledItems: {DA1B0AB5-7DD3-4066-BC2A-64AABBDD0A8B}:1.2.314
FF - prefs.js..network.proxy.http: "127.0.0.1"
FF - prefs.js..network.proxy.http_port: 63515
FF - prefs.js..network.proxy.type: 0

FF - HKLM\software\mozilla\Firefox\Extensions\\{0329E7D6-6F54-462D-93F6-F5C3118BADF2}: C:\Program Files\SpeedBit Video Downloader\SPFireFox
FF - HKLM\software\mozilla\Firefox\Extensions\\m3ffxtbr@mywebsearch.com: C:\Program Files\MyWebSearch\bar\4.bin
FF - HKLM\software\mozilla\Mozilla Firefox 3.6.17\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2011/05/05 20:46:04 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.6.17\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2011/05/05 17:22:13 | 000,000,000 | ---D | M]

[2011/04/30 12:15:20 | 000,000,000 | ---D | M] (No name found) -- C:\Users\adm\AppData\Roaming\mozilla\Extensions
[2011/05/05 19:00:48 | 000,000,000 | ---D | M] (No name found) -- C:\Users\adm\AppData\Roaming\mozilla\Firefox\Profiles\bznzrj17.default\extensions
[2011/05/03 18:53:08 | 000,000,000 | ---D | M] (Net Usage Item) -- C:\Users\adm\AppData\Roaming\mozilla\Firefox\Profiles\bznzrj17.default\extensions\{DA1B0AB5-7DD3-4066-BC2A-64AABBDD0A8B}
[2011/04/30 12:15:08 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions
[2011/04/30 12:02:56 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}
[2011/04/30 12:02:56 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA}
[2010/11/10 17:04:31 | 000,000,000 | ---D | M] (Download Accelerator Plus (DAP) extension) -- C:\PROGRAM FILES\DAP\DAPFIREFOX

Hosts file not found
O2 - BHO: (Adobe PDF Reader Link Helper) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated)
O2 - BHO: (SBCONVERT Class) - {3017FB3E-9A77-4396-88C5-0EC9548FB42F} - File not found
O2 - BHO: (SearchPredictObj Class) - {389943B0-C3A2-4E69-82CB-8596A84CB3DC} - C:\Program Files\SearchPredict\SearchPredict.dll (Speedbit Ltd.)
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - No CLSID value found.
O2 - BHO: (Yontoo Layers) - {FD72061E-9FDE-484D-A58A-0BAB4151CAD8} - File not found
O2 - BHO: (Download Accelerator Plus Integration) - {FF6C3CF0-4B15-11D1-ABED-709549C10000} - C:\Program Files\DAP\dapieloader.dll (SpeedBit Ltd.)
O2 - BHO: (GrabberObj Class) - {FF7C3CF0-4B15-11D1-ABED-709549C10000} - File not found
O3 - HKLM\..\Toolbar: (SpeedBit Video Downloader) - {0329E7D6-6F54-462D-93F6-F5C3118BADF2} - File not found
O3 - HKLM\..\Toolbar: (Acer eDataSecurity Management) - {5CBE3B7C-1E47-477e-A7DD-396DB0476E29} - C:\Windows\System32\eDStoolbar.dll (HiTRUST)
O3 - HKLM\..\Toolbar: (no name) - {CCC7A320-B3CA-4199-B1A6-9F516DD69829} - No CLSID value found.
O3 - HKU\S-1-5-21-3512897752-3335045268-2292349305-1000\..\Toolbar\ShellBrowser: (Acer eDataSecurity Management) - {5CBE3B7C-1E47-477E-A7DD-396DB0476E29} - C:\Windows\System32\eDStoolbar.dll (HiTRUST)
O3 - HKU\S-1-5-21-3512897752-3335045268-2292349305-1000\..\Toolbar\WebBrowser: (SpeedBit Video Downloader) - {0329E7D6-6F54-462D-93F6-F5C3118BADF2} - File not found
O4 - HKLM..\Run: [Acer Empowering Technology Monitor] C:\Acer\Empowering Technology\SysMonitor.exe ()
O4 - HKLM..\Run: [Acer Tour] File not found
O4 - HKLM..\Run: [Acer Tour Reminder] C:\Acer\AcerTour\Reminder.exe (Acer Inc.)
O4 - HKLM..\Run: [Adobe Reader Speed Launcher] File not found
O4 - HKLM..\Run: [eDataSecurity Loader] C:\Acer\Empowering Technology\eDataSecurity\eDSLoader.exe (HiTRUST)
O4 - HKLM..\Run: [eRecoveryService] File not found
O4 - HKLM..\Run: [LifeCam] C:\Program Files\Microsoft LifeCam\LifeExp.exe (Microsoft Corporation)
O4 - HKLM..\Run: [PCMMediaSharing] C:\Program Files\Acer Arcade Live\Acer HomeMedia Connect\Kernel\DMS\PCMMediaSharing.exe ()
O4 - HKLM..\Run: [RtHDVCpl] C:\Windows\RtHDVCpl.exe (Realtek Semiconductor)
O4 - HKLM..\Run: [VX3000] C:\Windows\vVX3000.exe (Microsoft Corporation)
O4 - HKLM..\Run: [Windows Defender] C:\Program Files\Windows Defender\MSASCui.exe (Microsoft Corporation)
O4 - HKU\.DEFAULT..\Run: [Acer Tour Reminder] C:\Acer\AcerTour\Reminder.exe (Acer Inc.)
O4 - HKU\S-1-5-18..\Run: [Acer Tour Reminder] C:\Acer\AcerTour\Reminder.exe (Acer Inc.)
O4 - HKU\S-1-5-21-3512897752-3335045268-2292349305-1000..\Run: [BitTorrent DNA] C:\Program Files\DNA\btdna.exe (BitTorrent, Inc.)
O4 - HKU\S-1-5-21-3512897752-3335045268-2292349305-1000..\Run: [DAEMON Tools Lite] C:\Program Files\DAEMON Tools Lite\DTLite.exe (DT Soft Ltd)
O4 - HKU\S-1-5-21-3512897752-3335045268-2292349305-1000..\Run: [DownloadAccelerator] C:\Program Files\DAP\DAP.EXE (SpeedBit Ltd.)
F3 - HKU\S-1-5-21-3512897752-3335045268-2292349305-1000 WinNT: Run - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
F3 - HKU\S-1-5-21-3512897752-3335045268-2292349305-1000 WinNT: Run - (C:\Windows\System\regedit.exe) - File not found
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLUA = 0
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HideSCAHealth = 1
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HideSCAHealth = 1
O7 - HKU\S-1-5-21-3512897752-3335045268-2292349305-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HideSCAHealth = 1
O9 - Extra Button: PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - File not found
O9 - Extra 'Tools' menuitem : PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - File not found
O10 - NameSpace_Catalog5\Catalog_Entries\000000000007 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O13 - gopher Prefix: missing
O16 - DPF: {3860DD98-0549-4D50-AA72-5D17D200EE10} http://cdn.scan.onecare.live.com/resource/download/scanner/en-us/wlscctrl2.cab (Windows Live OneCare safety scanner control)
O16 - DPF: {4A85DBE0-BFB2-4119-8401-186A7C6EB653} http://messenger.zone.msn.com/MessengerGamesContent/GameContent/Default/mjss/MJSS.cab109791.cab ()
O16 - DPF: {5C051655-FCD5-4969-9182-770EA5AA5565} http://messenger.zone.msn.com/binary/SolitaireShowdown.cab56986.cab (Solitaire Showdown Class)
O16 - DPF: {5D6F45B3-9043-443D-A792-115447494D24} http://messenger.zone.msn.com/EN-AU/a-UNO1/GAME_UNO1.cab (UnoCtrl Class)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_23-windows-i586.cab (Java Plug-in 1.6.0_23)
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab (MessengerStatsClient Class)
O16 - DPF: {CAFEEFAC-0016-0000-0002-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_02-windows-i586.cab (Java Plug-in 1.6.0_02)
O16 - DPF: {CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_23-windows-i586.cab (Java Plug-in 1.6.0_23)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab (Java Plug-in 1.6.0_22)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 10.1.1.1
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: System - (C:\Users\adm\AppData\Local\svchost.exe) - File not found
O20 - HKLM Winlogon: GinaDLL - (RtlGina2.dll) - File not found
O20 - HKU\.DEFAULT Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20 - HKU\.DEFAULT Winlogon: Shell - (C:\Windows\system32\config\systemprofile\AppData\Roaming\dwm.exe) - File not found
O20 - HKU\S-1-5-18 Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20 - HKU\S-1-5-18 Winlogon: Shell - (C:\Windows\system32\config\systemprofile\AppData\Roaming\dwm.exe) - File not found
O20 - HKU\S-1-5-21-3512897752-3335045268-2292349305-1000 Winlogon: System - (C:\Windows\System\wininit.com) - File not found
O24 - Desktop WallPaper: C:\Users\adm\Pictures\vista.bmp
O24 - Desktop BackupWallPaper: C:\Users\adm\Pictures\vista.bmp
O31 - SafeBoot: AlternateShell - C:\Windows\system32\command.cmd
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2006/09/19 07:43:36 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O32 - AutoRun File - [2008/12/25 07:42:13 | 000,000,099 | -HS- | M] () - C:\autorun.inf -- [ NTFS ]
O32 - AutoRun File - [2008/12/25 07:42:13 | 000,000,099 | -HS- | M] () - D:\autorun.inf -- [ NTFS ]
O32 - AutoRun File - [2002/10/04 15:06:32 | 000,487,424 | R--- | M] (Electronic Arts Inc.) - G:\AutoRun.exe -- [ CDFS ]
O32 - AutoRun File - [2002/10/04 14:44:08 | 001,105,920 | R--- | M] () - G:\AutoRunGUI.dll -- [ CDFS ]
O32 - AutoRun File - [2002/10/22 22:26:50 | 000,000,000 | ---D | M] - G:\autorun -- [ CDFS ]
O32 - AutoRun File - [2002/10/04 15:06:32 | 000,000,083 | R--- | M] () - G:\autorun.inf -- [ CDFS ]
O33 - MountPoints2\{1078eaa7-b322-11df-9f79-001c253fd79b}\Shell\AutoRun\command - "" = H:\RESTORE\S-1-5-21-1482476501-1644491937-682003330-1013\Taquito.exe
O33 - MountPoints2\{1078eaa7-b322-11df-9f79-001c253fd79b}\Shell\open\command - "" = H:\RESTORE\S-1-5-21-1482476501-1644491937-682003330-1013\Taquito.exe
O33 - MountPoints2\{23181525-76b5-11e0-8acf-001c253fd79b}\Shell - "" = AutoRun
O33 - MountPoints2\{23181525-76b5-11e0-8acf-001c253fd79b}\Shell\AutoRun\command - "" = G:\AutoRun.exe -- [2002/10/04 15:06:32 | 000,487,424 | R--- | M] (Electronic Arts Inc.)
O33 - MountPoints2\{5b6e94e8-70e4-11dd-9ffe-001c253fd79b}\Shell - "" = Autorun
O33 - MountPoints2\{5b6e94e8-70e4-11dd-9ffe-001c253fd79b}\Shell\Auto\command - "" = H:\AutoRun.exe
O33 - MountPoints2\{5b6e94e8-70e4-11dd-9ffe-001c253fd79b}\Shell\AutoRun\command - "" = C:\Windows\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL H:\AutoRun.exe
O33 - MountPoints2\{77e52df8-ff39-11dd-9b38-001c253fd79b}\Shell\AutoRun\command - "" = RECYCLER\k-1-3542-4232123213-7676767-8888886\root.exe
O33 - MountPoints2\{77e52df8-ff39-11dd-9b38-001c253fd79b}\Shell\open\command - "" = RECYCLER\k-1-3542-4232123213-7676767-8888886\root.exe
O33 - MountPoints2\{7db94224-e3ac-11de-b531-001c253fd79b}\Shell\AutoRun\command - "" = H:\crsxses.exe
O33 - MountPoints2\{9cd2d1f6-ddee-11de-83db-001c253fd79b}\Shell - "" = AutoRun
O33 - MountPoints2\{9cd2d1f6-ddee-11de-83db-001c253fd79b}\Shell\AutoRun\command - "" = I:\LaunchU3.exe -a
O33 - MountPoints2\{cf11db2f-e60d-11de-b42c-001c253fd79b}\Shell - "" = Autorun
O33 - MountPoints2\{cf11db2f-e60d-11de-b42c-001c253fd79b}\Shell\Auto\command - "" = H:\AutoRun.exe
O33 - MountPoints2\{cf11db2f-e60d-11de-b42c-001c253fd79b}\Shell\AutoRun\command - "" = C:\Windows\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL H:\AutoRun.exe
O33 - MountPoints2\{dc54527a-24d9-11de-b373-001c253fd79b}\Shell\AutoRun\command - "" = 1ogf.exe
O33 - MountPoints2\{dc54527a-24d9-11de-b373-001c253fd79b}\Shell\open\Command - "" = 1ogf.exe
O33 - MountPoints2\{f487de99-581b-11e0-b954-001c253fd79b}\Shell\AutoRun\command - "" = C:\Windows\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL UlgD0he.exe
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "C:\Windows\system32\config\systemprofile\AppData\Local\ies.exe" -a "%1" %* (Microsoft Corporation)
O35 - HKU\S-1-5-21-3512897752-3335045268-2292349305-1000..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "C:\Windows\system32\config\systemprofile\AppData\Local\ies.exe" -a "%1" %* (Microsoft Corporation)
O37 - HKU\.DEFAULT\...exe [@ = exefile] -- "C:\Windows\system32\config\systemprofile\AppData\Local\ies.exe" -a "%1" %* (Microsoft Corporation)
O37 - HKU\S-1-5-18\...exe [@ = exefile] -- "C:\Windows\system32\config\systemprofile\AppData\Local\ies.exe" -a "%1" %* (Microsoft Corporation)

========== Files/Folders - Created Within 30 Days ==========

[2011/05/05 20:42:07 | 000,218,688 | ---- | C] (DT Soft Ltd) -- C:\Windows\System32\drivers\dtsoftbus01.sys
[2011/05/05 20:41:40 | 000,000,000 | ---D | C] -- C:\Users\adm\AppData\Roaming\DAEMON Tools Lite
[2011/05/05 20:41:40 | 000,000,000 | ---D | C] -- C:\ProgramData\DAEMON Tools Lite
[2011/05/03 08:27:13 | 000,184,320 | -HS- | C] (Microsoft Corporation) -- C:\Windows\System32\486s4.dll
[2011/04/30 12:15:11 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mozilla Firefox
[2011/04/30 12:12:14 | 000,000,000 | R--D | C] -- C:\32788R22FWJFW
[2011/04/30 12:02:45 | 000,000,000 | ---D | C] -- C:\Program Files\Mozilla Firefox
[2011/04/30 09:16:32 | 000,000,000 | ---D | C] -- C:\Program Files\ESET
[2011/04/30 09:07:08 | 000,212,480 | ---- | C] (SteelWerX) -- C:\Windows\SWXCACLS.exe
[2011/04/30 09:07:08 | 000,161,792 | ---- | C] (SteelWerX) -- C:\Windows\SWREG.exe
[2011/04/30 09:07:08 | 000,136,704 | ---- | C] (SteelWerX) -- C:\Windows\SWSC.exe
[2011/04/30 09:07:08 | 000,031,232 | ---- | C] (NirSoft) -- C:\Windows\NIRCMD.exe
[2011/04/30 09:06:56 | 000,000,000 | ---D | C] -- C:\Windows\ERDNT
[2011/04/30 09:06:55 | 000,000,000 | --SD | C] -- C:\ComboFix
[2011/04/30 09:06:39 | 000,000,000 | ---D | C] -- C:\Qoobox
[2011/04/29 21:57:10 | 000,656,320 | ---- | C] (PC Tools) -- C:\Windows\System32\drivers\pctEFA.sys
[2011/04/29 21:57:10 | 000,338,880 | ---- | C] (PC Tools) -- C:\Windows\System32\drivers\pctDS.sys
[2011/04/29 21:57:09 | 000,249,616 | ---- | C] (PC Tools) -- C:\Windows\System32\drivers\pctgntdi.sys
[2011/04/29 21:57:09 | 000,102,184 | ---- | C] (PC Tools) -- C:\Windows\System32\drivers\pctwfpfilter.sys
[2011/04/29 21:57:07 | 000,239,168 | ---- | C] (PC Tools) -- C:\Windows\System32\drivers\PCTCore.sys
[2011/04/29 21:57:07 | 000,160,448 | ---- | C] (PC Tools) -- C:\Windows\System32\drivers\PCTAppEvent.sys
[2011/04/29 21:57:05 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\PC Tools Security
[2011/04/29 21:57:04 | 000,070,536 | ---- | C] (PC Tools) -- C:\Windows\System32\drivers\pctplsg.sys
[2011/04/29 21:57:00 | 000,000,000 | ---D | C] -- C:\Program Files\PC Tools Security
[2011/04/29 21:57:00 | 000,000,000 | ---D | C] -- C:\Users\adm\AppData\Roaming\PC Tools
[2011/04/29 21:57:00 | 000,000,000 | ---D | C] -- C:\ProgramData\PC Tools
[2011/04/29 21:57:00 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\PC Tools
[2011/04/29 19:24:31 | 000,012,872 | ---- | C] (SurfRight B.V.) -- C:\Windows\System32\bootdelete.exe
[2011/04/29 19:14:54 | 000,000,000 | ---D | C] -- C:\ProgramData\Hitman Pro
[2011/04/24 14:12:06 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Yitsoft Software
[2011/04/24 14:12:05 | 000,000,000 | ---D | C] -- C:\Program Files\Yitsoft Software
[2011/04/10 19:45:12 | 000,000,000 | ---D | C] -- C:\Users\adm\AppData\Roaming\LolClient
[2011/04/10 19:24:28 | 000,000,000 | ---D | C] -- C:\Riot Games
[2011/04/10 19:24:28 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Riot Games
[2011/04/10 18:14:24 | 000,000,000 | ---D | C] -- C:\Users\adm\Desktop\League of Legends
[2009/08/02 14:21:40 | 000,047,360 | ---- | C] (VSO Software) -- C:\Users\adm\AppData\Roaming\pcouffin.sys
[2008/01/15 05:47:21 | 000,016,384 | ---- | C] ( ) -- C:\Windows\System32\ClearEvent.exe
[2007/08/16 11:50:06 | 000,053,248 | ---- | C] ( ) -- C:\Windows\System32\Interop.Shell32.dll
[1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2011/05/06 09:32:28 | 000,001,239 | ---- | M] () -- C:\Users\adm\Desktop\My DAP Downloads.lnk
[2011/05/06 08:58:05 | 000,003,072 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
[2011/05/06 08:58:05 | 000,003,072 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
[2011/05/06 07:47:12 | 000,000,611 | ---- | M] () -- C:\Windows\eReg.dat
[2011/05/06 07:44:16 | 000,000,414 | -H-- | M] () -- C:\Windows\tasks\User_Feed_Synchronization-{A1E20C11-1CCE-4470-974A-A981E0E3CE6E}.job
[2011/05/06 07:42:36 | 000,000,907 | ---- | M] () -- C:\Users\adm\Application Data\Microsoft\Internet Explorer\Quick Launch\Launch Internet Explorer Browser.lnk
[2011/05/06 07:02:52 | 000,631,190 | ---- | M] () -- C:\Windows\System32\perfh009.dat
[2011/05/06 07:02:52 | 000,112,010 | ---- | M] () -- C:\Windows\System32\perfc009.dat
[2011/05/06 06:58:00 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2011/05/06 06:57:58 | 2137,317,376 | -HS- | M] () -- C:\hiberfil.sys
[2011/05/05 20:42:07 | 000,218,688 | ---- | M] (DT Soft Ltd) -- C:\Windows\System32\drivers\dtsoftbus01.sys
[2011/05/05 20:42:00 | 000,001,699 | ---- | M] () -- C:\Users\Public\Desktop\DAEMON Tools Lite.lnk
[2011/05/05 09:55:31 | 182,999,366 | ---- | M] () -- C:\Windows\MEMORY.DMP
[2011/05/04 12:27:09 | 000,012,841 | ---- | M] () -- C:\Users\adm\AppData\Roaming\A98A.C61
[2011/05/03 14:29:24 | 000,010,248 | -HS- | M] () -- C:\ProgramData\3652q8r53i7vov7ke46rx876j7a10827
[2011/05/03 08:27:13 | 000,184,320 | -HS- | M] (Microsoft Corporation) -- C:\Windows\System32\486s4.dll
[2011/04/30 20:56:42 | 000,013,318 | -HS- | M] () -- C:\ProgramData\kk2s4tqba56un4l450l4846k0x2qh0
[2011/04/30 18:34:29 | 000,013,252 | -HS- | M] () -- C:\Users\adm\AppData\Local\47h7308i05434q7ml6uhge302
[2011/04/30 18:34:29 | 000,013,252 | -HS- | M] () -- C:\ProgramData\47h7308i05434q7ml6uhge302
[2011/04/30 12:15:11 | 000,001,712 | ---- | M] () -- C:\Users\adm\Application Data\Microsoft\Internet Explorer\Quick Launch\Mozilla Firefox.lnk
[2011/04/30 12:15:11 | 000,001,688 | ---- | M] () -- C:\Users\Public\Desktop\Mozilla Firefox.lnk
[2011/04/30 10:44:13 | 000,013,318 | -HS- | M] () -- C:\Users\adm\AppData\Local\ge75n4sv4s6wc15a2mb56fem6cm642xx4
[2011/04/30 10:44:13 | 000,013,318 | -HS- | M] () -- C:\ProgramData\ge75n4sv4s6wc15a2mb56fem6cm642xx4
[2011/04/30 09:41:30 | 000,000,176 | ---- | M] () -- C:\Users\adm\defogger_reenable
[2011/04/30 08:30:55 | 000,012,872 | ---- | M] (SurfRight B.V.) -- C:\Windows\System32\bootdelete.exe
[2011/04/30 08:07:54 | 000,016,968 | ---- | M] () -- C:\Windows\System32\drivers\hitmanpro35.sys
[2011/04/30 08:03:50 | 000,010,102 | -HS- | M] () -- C:\ProgramData\5f2ph51m052ajruj700xx2hor734170i6dmv3o246y7n4n4
[2011/04/29 22:25:01 | 000,000,870 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes' Anti-Malware.lnk
[2011/04/29 22:24:06 | 000,000,359 | ---- | M] () -- C:\Users\adm\Documents\fix.inf
[2011/04/29 22:02:35 | 000,010,122 | -HS- | M] () -- C:\Users\adm\AppData\Local\5f2ph51m052ajruj700xx2hor734170i6dmv3o246y7n4n4
[2011/04/29 21:57:05 | 000,001,750 | ---- | M] () -- C:\Users\Public\Desktop\Spyware Doctor.lnk
[2011/04/29 21:29:37 | 000,009,992 | -HS- | M] () -- C:\ProgramData\1866462758
[2011/04/21 11:18:25 | 000,027,648 | ---- | M] () -- C:\Users\adm\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2011/04/10 19:31:36 | 000,001,672 | ---- | M] () -- C:\Users\Public\Desktop\Play League of Legends.lnk
[1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]

========== Files Created - No Company Name ==========

[2011/05/06 07:47:12 | 000,000,611 | ---- | C] () -- C:\Windows\eReg.dat
[2011/05/03 14:36:39 | 000,012,841 | ---- | C] () -- C:\Users\adm\AppData\Roaming\A98A.C61
[2011/05/03 08:27:14 | 000,010,248 | -HS- | C] () -- C:\ProgramData\3652q8r53i7vov7ke46rx876j7a10827
[2011/04/30 20:54:12 | 000,013,318 | -HS- | C] () -- C:\ProgramData\kk2s4tqba56un4l450l4846k0x2qh0
[2011/04/30 16:24:28 | 000,013,252 | -HS- | C] () -- C:\Users\adm\AppData\Local\47h7308i05434q7ml6uhge302
[2011/04/30 12:42:26 | 000,013,252 | -HS- | C] () -- C:\ProgramData\47h7308i05434q7ml6uhge302
[2011/04/30 12:15:11 | 000,001,712 | ---- | C] () -- C:\Users\adm\Application Data\Microsoft\Internet Explorer\Quick Launch\Mozilla Firefox.lnk
[2011/04/30 12:15:11 | 000,001,688 | ---- | C] () -- C:\Users\Public\Desktop\Mozilla Firefox.lnk
[2011/04/30 10:42:11 | 000,013,318 | -HS- | C] () -- C:\Users\adm\AppData\Local\ge75n4sv4s6wc15a2mb56fem6cm642xx4
[2011/04/30 10:42:11 | 000,013,318 | -HS- | C] () -- C:\ProgramData\ge75n4sv4s6wc15a2mb56fem6cm642xx4
[2011/04/30 09:41:20 | 000,000,176 | ---- | C] () -- C:\Users\adm\defogger_reenable
[2011/04/30 09:07:08 | 000,256,512 | ---- | C] () -- C:\Windows\PEV.exe
[2011/04/30 09:07:08 | 000,098,816 | ---- | C] () -- C:\Windows\sed.exe
[2011/04/30 09:07:08 | 000,089,088 | ---- | C] () -- C:\Windows\MBR.exe
[2011/04/30 09:07:08 | 000,080,412 | ---- | C] () -- C:\Windows\grep.exe
[2011/04/30 09:07:08 | 000,068,096 | ---- | C] () -- C:\Windows\zip.exe
[2011/04/30 08:52:52 | 2137,317,376 | -HS- | C] () -- C:\hiberfil.sys
[2011/04/29 22:24:06 | 000,000,359 | ---- | C] () -- C:\Users\adm\Documents\fix.inf
[2011/04/29 21:57:05 | 000,001,750 | ---- | C] () -- C:\Users\Public\Desktop\Spyware Doctor.lnk
[2011/04/29 21:29:37 | 000,010,122 | -HS- | C] () -- C:\Users\adm\AppData\Local\5f2ph51m052ajruj700xx2hor734170i6dmv3o246y7n4n4
[2011/04/29 21:29:37 | 000,009,992 | -HS- | C] () -- C:\ProgramData\1866462758
[2011/04/29 21:18:07 | 000,010,102 | -HS- | C] () -- C:\ProgramData\5f2ph51m052ajruj700xx2hor734170i6dmv3o246y7n4n4
[2011/04/29 19:15:11 | 000,016,968 | ---- | C] () -- C:\Windows\System32\drivers\hitmanpro35.sys
[2011/04/10 19:31:36 | 000,001,672 | ---- | C] () -- C:\Users\Public\Desktop\Play League of Legends.lnk
[2011/04/09 08:14:44 | 000,057,344 | ---- | C] () -- C:\Users\adm\AppData\Roaming\chrtmp
[2011/03/16 18:28:55 | 000,120,320 | ---- | C] () -- C:\Windows\System32\apexchanger.exe
[2011/03/16 18:28:55 | 000,109,568 | ---- | C] () -- C:\Windows\System32\apex3gp.exe
[2011/03/16 18:28:54 | 004,755,968 | ---- | C] () -- C:\Windows\System32\apexconverter.exe
[2011/03/16 18:28:54 | 000,086,016 | ---- | C] () -- C:\Windows\System32\AddiTunes.exe
[2011/03/16 18:28:54 | 000,061,440 | ---- | C] () -- C:\Windows\System32\cygz.dll
[2011/03/16 18:28:54 | 000,007,196 | ---- | C] () -- C:\Windows\System32\INI_Pro_3GP_AAC.ini
[2011/03/16 18:28:54 | 000,006,490 | ---- | C] () -- C:\Windows\System32\INI_Pro_PSP.ini
[2011/03/16 18:28:54 | 000,005,028 | ---- | C] () -- C:\Windows\System32\INI_Pro_3GP2_AAC.ini
[2011/03/16 18:28:54 | 000,003,045 | ---- | C] () -- C:\Windows\System32\INI_Pro_iPod.ini
[2011/03/16 18:28:54 | 000,002,956 | ---- | C] () -- C:\Windows\System32\INI_Pro_PMP.ini
[2011/03/16 18:28:54 | 000,002,910 | ---- | C] () -- C:\Windows\System32\INI_Pro_3GP_AMR.ini
[2011/03/16 18:28:54 | 000,002,516 | ---- | C] () -- C:\Windows\System32\INI_Pro_PPC.ini
[2011/03/16 18:28:54 | 000,001,964 | ---- | C] () -- C:\Windows\System32\INI_QT_3GPP2_QVGA_AAC.ini
[2011/03/16 18:28:54 | 000,001,964 | ---- | C] () -- C:\Windows\System32\INI_QT_3GPP2_QCIF_AAC.ini
[2011/03/16 18:28:54 | 000,001,814 | ---- | C] () -- C:\Windows\System32\INI_QT_3GPP_QVGA_AMR.ini
[2011/03/16 18:28:54 | 000,001,814 | ---- | C] () -- C:\Windows\System32\INI_QT_3GPP_QVGA_AAC.ini
[2011/03/16 18:28:54 | 000,001,814 | ---- | C] () -- C:\Windows\System32\INI_QT_3GPP_QCIF_AMR.ini
[2011/03/16 18:28:54 | 000,001,814 | ---- | C] () -- C:\Windows\System32\INI_QT_3GPP_QCIF_AAC.ini
[2011/03/16 18:28:54 | 000,001,814 | ---- | C] () -- C:\Windows\System32\INI_Pro_Xbox.ini
[2011/03/16 18:28:54 | 000,000,036 | ---- | C] () -- C:\Windows\System32\INI_Add_mfra.ini
[2011/03/16 16:06:22 | 000,057,344 | ---- | C] () -- C:\Windows\System32\ff_vfw.dll
[2010/12/19 19:16:54 | 000,230,752 | ---- | C] () -- C:\Windows\patchw32.dll
[2010/12/19 19:16:52 | 000,118,176 | ---- | C] () -- C:\Windows\patchw.dll
[2010/12/16 14:21:49 | 000,000,242 | ---- | C] () -- C:\Users\adm\AppData\Roaming\RSBot_Accounts.ini
[2010/12/07 20:07:15 | 000,000,000 | ---- | C] () -- C:\Windows\System32\cd.dat
[2010/11/12 14:40:08 | 000,003,499 | ---- | C] () -- C:\Windows\System32\wbers.dat
[2010/11/12 14:40:05 | 000,026,466 | ---- | C] () -- C:\Windows\System32\wbers.dat.dmp
[2010/10/16 12:46:54 | 000,012,920 | ---- | C] () -- C:\Windows\System32\apl001.sys
[2010/10/16 12:46:54 | 000,010,872 | ---- | C] () -- C:\Windows\System32\apf001.sys
[2010/10/09 11:45:28 | 000,000,140 | ---- | C] () -- C:\Users\adm\AppData\Roaming\RSBot Accounts.ini
[2010/09/17 13:00:20 | 000,000,000 | ---- | C] () -- C:\Windows\nsreg.dat
[2009/11/15 07:23:14 | 000,237,568 | ---- | C] () -- C:\Windows\System32\lame_enc.dll
[2009/11/07 18:48:46 | 001,970,176 | ---- | C] () -- C:\Windows\System32\d3dx9.dll
[2009/08/02 14:22:47 | 000,000,066 | ---- | C] () -- C:\Users\adm\AppData\Roaming\vso_ts_preview.xml
[2009/08/02 14:21:40 | 000,087,608 | ---- | C] () -- C:\Users\adm\AppData\Roaming\inst.exe
[2009/08/02 14:21:40 | 000,007,887 | ---- | C] () -- C:\Users\adm\AppData\Roaming\pcouffin.cat
[2009/08/02 14:21:40 | 000,001,144 | ---- | C] () -- C:\Users\adm\AppData\Roaming\pcouffin.inf
[2009/07/22 17:58:19 | 000,692,224 | ---- | C] () -- C:\Windows\System32\libeay32.dll
[2009/07/22 17:58:19 | 000,151,552 | ---- | C] () -- C:\Windows\System32\ssleay32.dll
[2009/04/25 12:55:28 | 000,000,020 | ---- | C] () -- C:\Windows\GKLauncherInfo.ini
[2009/02/24 14:25:57 | 000,140,288 | ---- | C] () -- C:\Windows\System32\igfxtvcx.dll
[2008/11/28 17:47:47 | 000,000,262 | ---- | C] () -- C:\Windows\{789289CA-F73A-4A16-A331-54D498CE069F}_WiseFW.ini
[2008/09/21 16:14:03 | 000,017,089 | ---- | C] () -- C:\Users\adm\AppData\Roaming\UserTile.png
[2008/09/14 18:26:02 | 000,110,419 | ---- | C] () -- C:\ProgramData\BM97b63e8a.xml
[2008/09/14 18:26:02 | 000,000,022 | ---- | C] () -- C:\ProgramData\pskt.ini
[2008/08/25 07:42:29 | 000,005,676 | ---- | C] () -- C:\Users\adm\AppData\Local\d3d9caps.dat
[2008/08/24 19:58:24 | 000,000,025 | ---- | C] () -- C:\Windows\cdplayer.ini
[2008/08/23 20:49:11 | 000,015,498 | ---- | C] () -- C:\Windows\VX3000.ini
[2008/08/23 20:28:43 | 000,027,648 | ---- | C] () -- C:\Users\adm\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2008/07/24 02:50:52 | 003,596,288 | ---- | C] () -- C:\Windows\System32\qt-dx331.dll
[2008/07/24 02:46:38 | 000,012,288 | ---- | C] () -- C:\Windows\System32\DivXWMPExtType.dll
[2008/01/15 05:49:16 | 000,000,042 | ---- | C] () -- C:\Windows\Acer(Wide).ini
[2008/01/15 05:49:15 | 000,000,044 | ---- | C] () -- C:\Windows\Acer(Normal).ini
[2008/01/15 05:47:21 | 000,016,384 | ---- | C] () -- C:\Windows\System32\LauncheRyAgentUser.exe
[2007/08/16 12:39:17 | 000,001,024 | RH-- | C] () -- C:\Windows\System32\NTIBUN4.dll
[2007/08/16 11:50:04 | 000,331,776 | ---- | C] () -- C:\Windows\System32\ScrollBarLib.dll
[2007/08/16 10:53:36 | 000,000,707 | ---- | C] () -- C:\Windows\generic.ini
[2007/08/16 10:53:36 | 000,000,107 | ---- | C] () -- C:\Windows\Alaunch.ini
[2007/08/16 10:53:35 | 000,910,464 | ---- | C] () -- C:\Windows\System32\igmedkrn.dll
[2007/08/16 10:53:35 | 000,204,800 | ---- | C] () -- C:\Windows\System32\igfxCoIn_v1283.dll
[2007/08/16 10:53:34 | 000,003,072 | ---- | C] () -- C:\Windows\System32\34CoInstaller.dll
[2007/04/26 09:33:22 | 000,266,240 | ---- | C] () -- C:\Windows\System32\NotesExtmngr.dll
[2007/04/26 09:32:50 | 000,204,800 | ---- | C] () -- C:\Windows\System32\NotesActnMenu.dll
[2007/04/26 09:32:46 | 000,086,016 | ---- | C] () -- C:\Windows\System32\MSNSpook.dll
[2007/04/26 09:31:00 | 000,028,672 | ---- | C] () -- C:\Windows\System32\BatchCrypto.dll
[2007/04/26 09:30:52 | 000,073,728 | ---- | C] () -- C:\Windows\System32\APISlice.dll
[2007/04/26 09:30:44 | 000,063,488 | ---- | C] () -- C:\Windows\System32\ShowErrMsg.dll
[2007/01/06 06:09:26 | 000,208,896 | ---- | C] () -- C:\Program Files\Common Files\VistaRunApp.exe
[2006/12/26 08:44:48 | 000,022,016 | ---- | C] () -- C:\Windows\System32\MailFormat_U.dll
[2006/11/13 22:50:06 | 000,071,680 | ---- | C] () -- C:\Windows\System32\HTCA_SelfExtract.bin
[2006/11/02 22:57:28 | 000,067,584 | --S- | C] () -- C:\Windows\bootstat.dat
[2006/11/02 22:47:37 | 000,324,704 | ---- | C] () -- C:\Windows\System32\FNTCACHE.DAT
[2006/11/02 22:35:32 | 000,005,632 | ---- | C] () -- C:\Windows\System32\sysprepMCE.dll
[2006/11/02 20:33:01 | 000,631,190 | ---- | C] () -- C:\Windows\System32\perfh009.dat
[2006/11/02 20:33:01 | 000,287,440 | ---- | C] () -- C:\Windows\System32\perfi009.dat
[2006/11/02 20:33:01 | 000,112,010 | ---- | C] () -- C:\Windows\System32\perfc009.dat
[2006/11/02 20:33:01 | 000,030,674 | ---- | C] () -- C:\Windows\System32\perfd009.dat
[2006/11/02 20:23:21 | 000,215,943 | ---- | C] () -- C:\Windows\System32\dssec.dat
[2006/11/02 18:58:30 | 000,043,131 | ---- | C] () -- C:\Windows\mib.bin
[2006/11/02 18:19:00 | 000,000,741 | ---- | C] () -- C:\Windows\System32\NOISE.DAT
[2006/11/02 17:40:29 | 000,013,750 | ---- | C] () -- C:\Windows\System32\pacerprf.ini
[2006/11/02 17:25:31 | 000,673,088 | ---- | C] () -- C:\Windows\System32\mlang.dat
[2006/11/02 17:22:43 | 000,099,999 | ---- | C] () -- C:\Windows\System32\StructuredQuerySchema.bin
[2006/11/02 17:22:43 | 000,018,271 | ---- | C] () -- C:\Windows\System32\StructuredQuerySchemaTrivial.bin
[2005/08/03 07:24:01 | 000,053,299 | ---- | C] () -- C:\Windows\System32\pthreadVC.dll
[2001/12/27 09:12:30 | 000,065,536 | ---- | C] () -- C:\Windows\System32\multiplex_vcd.dll
[2001/09/04 16:46:38 | 000,110,592 | ---- | C] () -- C:\Windows\System32\Hmpg12.dll
[2001/07/31 09:33:56 | 000,118,784 | ---- | C] () -- C:\Windows\System32\HMPV2_ENC.dll
[2001/07/24 15:04:36 | 000,118,784 | ---- | C] () -- C:\Windows\System32\HMPV2_ENC_MMX.dll

========== Alternate Data Streams ==========

@Alternate Data Stream - 478 bytes -> C:\ProgramData\TEMP:05EE1EEF
@Alternate Data Stream - 152 bytes -> C:\ProgramData\TEMP:DFC5A2B2
@Alternate Data Stream - 124 bytes -> C:\ProgramData\TEMP:0D31DA45
@Alternate Data Stream - 120 bytes -> C:\ProgramData\TEMP:0A73A758
@Alternate Data Stream - 117 bytes -> C:\ProgramData\TEMP:AA9519A6
@Alternate Data Stream - 117 bytes -> C:\ProgramData\TEMP:2B11E0DF
@Alternate Data Stream - 110 bytes -> C:\ProgramData\TEMP:94188BC6
@Alternate Data Stream - 105 bytes -> C:\ProgramData\TEMP:D74B6CF5

< End of report >




Drive D: | 227.86 Gb Total Space | 172.99 Gb Free Space | 75.92% Space Free | Partition Type: NTFS
Drive G: | 613.84 Mb Total Space | 0.00 Mb Free Space | 0.00% Space Free | Partition Type: CDFS

Computer Name: ADM-PC | User Name: adm | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Extra Registry (SafeList) ==========


========== File Associations ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*
.exe [@ = exefile] -- C:\Windows\System32\config\systemprofile\AppData\Local\ies.exe (Microsoft Corporation)
.hlp [@ = hlpfile] -- C:\Windows\winhlp32.exe (Microsoft Corporation)
.html [@ = ChromeHTML] -- Reg Error: Key error. File not found
.url [@ = InternetShortcut] -- rundll32.exe ieframe.dll,OpenURL %l

[HKEY_USERS\.DEFAULT\SOFTWARE\Classes\<extension>]
.exe [@ = exefile] -- C:\Windows\System32\config\systemprofile\AppData\Local\ies.exe (Microsoft Corporation)

[HKEY_USERS\S-1-5-18\SOFTWARE\Classes\<extension>]
.exe [@ = exefile] -- C:\Windows\System32\config\systemprofile\AppData\Local\ies.exe (Microsoft Corporation)

[HKEY_USERS\S-1-5-21-3512897752-3335045268-2292349305-1000\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation)

========== Shell Spawning ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*
exefile [open] -- "C:\Windows\system32\config\systemprofile\AppData\Local\ies.exe" -a "%1" %* (Microsoft Corporation)
helpfile [open] -- Reg Error: Key error.
hlpfile [open] -- %SystemRoot%\winhlp32.exe %1 (Microsoft Corporation)
http [open] -- "C:\Program Files\Google\Chrome\Application\chrome.exe" -- "%1"
https [open] -- "C:\Program Files\Google\Chrome\Application\chrome.exe" -- "%1"
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
InternetShortcut [open] -- rundll32.exe ieframe.dll,OpenURL %l
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe /separate,/idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /separate,/e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

========== Security Center Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1
"UacDisableNotify" = 0
"InternetSettingsDisableNotify" = 0
"AutoUpdateDisableNotify" = 0

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
"DisableMonitoring" = 1

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]
"DisableMonitoring" = 1

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]
"DisableMonitoring" = 1

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0

========== System Restore Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]
"DisableSR" = 0

========== Firewall Settings ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1

========== Authorized Applications List ==========


========== Vista Active Open Ports Exception List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{0DD9630D-503B-41FA-A535-40C96FC023D9}" = lport=8379 | protocol=6 | dir=in | name=league of legends launcher |
"{164158CE-2AC5-41E9-BC09-F9E847349C33}" = lport=8378 | protocol=17 | dir=in | name=league of legends launcher |
"{1A12FB21-E0DF-4986-8EF3-F21F42A40A71}" = lport=8379 | protocol=17 | dir=in | name=league of legends launcher |
"{1A15BD9E-99C1-455B-9090-5C970C93CA37}" = lport=6985 | protocol=6 | dir=in | name=league of legends launcher |
"{1AA1E56A-8272-44C0-882C-A3FC9129527F}" = lport=10243 | protocol=6 | dir=in | app=system |
"{1D606014-6036-494B-885A-D55B50ED0621}" = lport=138 | protocol=17 | dir=in | app=system |
"{1DB77914-2139-42A3-A8F0-E0867E54E3DB}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{2216B7DF-E13C-4602-903C-D811C635731F}" = lport=6930 | protocol=6 | dir=in | name=league of legends launcher |
"{23DB0EE2-1783-420F-A581-A373C8179185}" = lport=8393 | protocol=6 | dir=in | name=league of legends lobby |
"{36C11F58-0312-40CC-A45F-55968D472F9F}" = rport=10243 | protocol=6 | dir=out | app=system |
"{37C957D5-6E8F-4DCC-832B-DBE9669ABA8F}" = rport=445 | protocol=6 | dir=out | app=system |
"{3DA140A0-AE4E-4613-879C-C4B3BE9A7D68}" = lport=8382 | protocol=6 | dir=in | name=league of legends launcher |
"{3EE3FE18-6CCC-4DCA-B4E5-753FA670495D}" = lport=6930 | protocol=17 | dir=in | name=league of legends launcher |
"{4372CD81-56BA-4C81-A226-89FAC4ECDCAA}" = lport=8382 | protocol=6 | dir=in | name=league of legends launcher |
"{459CB65A-1394-4390-914D-A63B53FAA695}" = lport=139 | protocol=6 | dir=in | app=system |
"{4670609E-5EFC-4FC3-AFFC-76ECA432F285}" = lport=6969 | protocol=17 | dir=in | name=league of legends launcher |
"{47249008-9C8C-4CD5-89C1-C02FD9FD972C}" = lport=6960 | protocol=17 | dir=in | name=league of legends launcher |
"{49CDEE98-807C-44D3-8629-F630A3138C33}" = lport=6905 | protocol=6 | dir=in | name=league of legends launcher |
"{51BD24A3-D707-4F2A-917F-406729FA6CAE}" = lport=6934 | protocol=17 | dir=in | name=league of legends launcher |
"{533CE885-DCBB-40A6-8CF2-ED8248EF587D}" = rport=138 | protocol=17 | dir=out | app=system |
"{58935C21-45B9-41BD-90B9-8FE18F83743C}" = rport=2177 | protocol=6 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{5AEEAAB1-9B86-435D-A3D6-F9C3FFECA068}" = lport=6987 | protocol=17 | dir=in | name=league of legends launcher |
"{6369D991-0B4E-42E4-96D0-B4DE3FC1F4FB}" = lport=8383 | protocol=6 | dir=in | name=league of legends launcher |
"{66021CF4-89B2-4070-A9B1-51F2CE9189B4}" = lport=8393 | protocol=6 | dir=in | name=league of legends lobby |
"{6BC56672-3A56-45BE-A8E2-588672DE3296}" = lport=6948 | protocol=17 | dir=in | name=league of legends launcher |
"{6C24B1D0-7ACC-4820-AAA7-85EC1F0512CB}" = lport=8381 | protocol=6 | dir=in | name=league of legends launcher |
"{6DAE29E4-AAD1-4EC2-85FE-58DA5226BEED}" = lport=6981 | protocol=6 | dir=in | name=league of legends launcher |
"{6E6ECF76-F647-4379-99ED-659B2677F261}" = lport=8390 | protocol=17 | dir=in | name=league of legends game client |
"{6F17BEA8-C52C-4627-A1DE-884EDB79F321}" = lport=8378 | protocol=6 | dir=in | name=league of legends launcher |
"{700F8409-BCF1-4C93-AA86-DDDBB2246A91}" = lport=6881 | protocol=17 | dir=in | name=league of legends launcher |
"{7674DA2E-E729-459A-B0DE-CB7AF7EDC9B8}" = lport=8393 | protocol=17 | dir=in | name=league of legends lobby |
"{790A8CA8-9E78-42DF-B29D-53CED9666A8C}" = lport=2177 | protocol=6 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{866BC7FE-5F9B-4D1D-9985-2B229E30ED31}" = lport=rpc | protocol=6 | dir=in | svc=spooler | app=%systemroot%\system32\spoolsv.exe |
"{8AEC2159-0026-4331-8D0C-E107160F3DEB}" = rport=137 | protocol=17 | dir=out | app=system |
"{8B0FA830-097B-4777-88F0-3A812ED2C4AB}" = lport=8382 | protocol=17 | dir=in | name=league of legends launcher |
"{90277F0C-5FE4-486B-8EE0-2FCD6366A2E5}" = lport=rpc-epmap | protocol=6 | dir=in | svc=rpcss | name=@firewallapi.dll,-28539 |
"{90A1B68D-5EC3-417A-9C50-7F624AD81602}" = lport=6919 | protocol=17 | dir=in | name=league of legends launcher |
"{941ADC29-D120-42E1-91B1-DF1B37B93895}" = lport=137 | protocol=17 | dir=in | app=system |
"{9800D668-FAA7-4E34-B5A0-3450B7384682}" = lport=8380 | protocol=17 | dir=in | name=league of legends launcher |
"{98DE2BAB-8317-4E6F-8AB3-FC1B193383B6}" = lport=8383 | protocol=17 | dir=in | name=league of legends launcher |
"{A0AAFA56-01E0-4E7D-8EBA-BCA0830F65AE}" = lport=2869 | protocol=6 | dir=in | app=system |
"{A37A9F69-5F47-4D73-8206-AF286E2BD476}" = lport=6919 | protocol=6 | dir=in | name=league of legends launcher |
"{A47B506C-E53C-4CA6-BCDD-C81A0B383E1D}" = lport=6981 | protocol=17 | dir=in | name=league of legends launcher |
"{AC1F7E64-A890-42B9-AD0C-65C4E4709A57}" = lport=2177 | protocol=17 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{AC91335E-9550-4BAB-9AE4-9730DAB1CC49}" = lport=6955 | protocol=6 | dir=in | name=league of legends launcher |
"{B0D45570-23E1-4654-BC7A-C8C8BD38ECF1}" = lport=6989 | protocol=6 | dir=in | name=league of legends launcher |
"{B2B4596A-7650-4A30-9407-905DF95C03EA}" = lport=6905 | protocol=17 | dir=in | name=league of legends launcher |
"{CB0BBC3F-2372-4173-B4D3-841508620D74}" = lport=2869 | protocol=6 | dir=in | app=system |
"{D85C1CB7-DE85-45F1-8205-C01BCD249AE1}" = lport=8381 | protocol=17 | dir=in | name=league of legends launcher |
"{D8B29661-733A-4823-857B-DD8EA5D13B12}" = lport=6987 | protocol=6 | dir=in | name=league of legends launcher |
"{DA7911A7-2F41-460D-8870-53309F4F5966}" = rport=2177 | protocol=17 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{DB55EB74-9528-4588-A9D5-3FF52CC5BCCA}" = lport=6969 | protocol=6 | dir=in | name=league of legends launcher |
"{DC20FF3B-6D4E-42D5-8882-030B9B04FD3C}" = lport=6955 | protocol=17 | dir=in | name=league of legends launcher |
"{DCCB70CC-2CDA-479A-8EE1-D76F3211C27F}" = lport=8380 | protocol=6 | dir=in | name=league of legends launcher |
"{DF3EAE34-9F69-4479-AF8F-FFA9B8033504}" = lport=8382 | protocol=17 | dir=in | name=league of legends launcher |
"{E0B58699-FC6F-4AFD-AA59-B9CF355E88C8}" = lport=6934 | protocol=6 | dir=in | name=league of legends launcher |
"{E2644C53-C765-43AC-B97F-9BA35976CAA2}" = lport=8390 | protocol=6 | dir=in | name=league of legends game client |
"{E34C3B65-F8A6-4AC6-A28A-B259570A12D8}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=svchost.exe |
"{EA1471EC-EC9F-4CC2-A655-B696A5616AB8}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{EAD6AE42-C3CB-4646-AF2D-E8BCB7B83C55}" = lport=8390 | protocol=17 | dir=in | name=league of legends game client |
"{ECA04992-B994-4379-87BF-2ECFC8D9AE61}" = rport=139 | protocol=6 | dir=out | app=system |
"{F1AD4F77-AA2C-418A-BAD3-9257F6AAA1E9}" = lport=6960 | protocol=6 | dir=in | name=league of legends launcher |
"{F37691D7-FB8C-4B6C-9ED4-6D1A3F0C1A8B}" = lport=6989 | protocol=17 | dir=in | name=league of legends launcher |
"{F3E4B2D8-CF4A-4EA9-9F4A-91B300D616CD}" = lport=6881 | protocol=6 | dir=in | name=league of legends launcher |
"{F73470D8-CE4B-4EED-8E42-C6277E72DFD0}" = lport=8393 | protocol=17 | dir=in | name=league of legends lobby |
"{F974473C-69A0-4F29-B8B4-2A7EBB3A4789}" = lport=6948 | protocol=6 | dir=in | name=league of legends launcher |
"{FB1A782F-42BB-4BEA-B214-92A8BA35B8EC}" = lport=445 | protocol=6 | dir=in | app=system |
"{FC413373-E986-4BE5-A549-5A1F2CDAF7C1}" = lport=6985 | protocol=17 | dir=in | name=league of legends launcher |
"{FE2C62D4-EFBB-4C96-A263-D47FEFCB47B9}" = lport=8390 | protocol=6 | dir=in | name=league of legends game client |

========== Vista Active Application Exception List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{020014E2-EBCC-495D-8AA5-458DC0A3D0CF}" = protocol=17 | dir=in | app=c:\program files\ventrilo\ventrilo.exe |
"{030241D9-2AB0-44B2-8CAD-F4B29FC46ECA}" = protocol=6 | dir=in | app=c:\users\adm\appdata\local\temp\purplebean.exe |
"{05DD27C3-5B7E-4F87-ABB4-448D939EE769}" = dir=in | app=c:\program files\acer arcade live\acer homemedia connect\kernel\dms\clmsserver.exe |
"{084F1044-42CC-441C-A577-5E9188230733}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe |
"{0BEA4D18-CDFB-4A3B-BFA2-E47482FC6FD0}" = protocol=6 | dir=in | app=c:\program files\reactor\ijjioptimizer.exe |
"{0C8C0170-EF52-405E-9BD3-86DFB7B50D87}" = protocol=6 | dir=in | app=c:\program files\pando networks\media booster\pmb.exe |
"{11AE0CB3-5036-4EE6-9E31-4DFCF597683C}" = protocol=6 | dir=in | app=c:\program files\pando networks\media booster\pmb.exe |
"{12754A07-92CE-4401-879E-8EDF2B7D2545}" = protocol=17 | dir=in | app=c:\users\adm\appdata\local\temp\purplebean.exe |
"{1F7AC86B-81AE-41F2-8334-EE2097DA8559}" = protocol=6 | dir=in | app=c:\users\adm\appdata\local\f4\clientupdater\clientupdater.exe |
"{2059DEC9-CDFB-4778-BD47-52A6F2A2EAD5}" = protocol=6 | dir=in | app=c:\program files\dna\btdna.exe |
"{226FF2FF-1A43-4F77-87FD-10211E68D57D}" = protocol=6 | dir=in | app=c:\program files\utorrent\utorrent.exe |
"{22808884-1D01-4AEB-B0A0-B99BB540463D}" = protocol=17 | dir=in | app=c:\riot games\league of legends\game\league of legends.exe |
"{22D7EB11-4C39-44AF-A86E-30F41E946200}" = protocol=6 | dir=in | app=c:\program files\microsoft office\office12\onenote.exe |
"{2532FC2F-C2A0-480F-95A6-B8FEDBC03F96}" = protocol=6 | dir=in | app=c:\riot games\league of legends\lol.launcher.exe |
"{2D829364-DD76-4693-BDD4-FCB3181BA95C}" = protocol=17 | dir=in | app=c:\riot games\league of legends\lol.launcher.exe |
"{2E82CCBC-A538-4332-AC18-2316935B2B56}" = protocol=6 | dir=in | app=c:\users\adm\appdata\local\temp\~osd78.tmp\rlvknlg.exe |
"{2FB46285-61BF-4EA7-A72D-32CC9B50F85A}" = protocol=6 | dir=in | app=c:\program files\relevantknowledge\rlvknlg.exe |
"{33AFCC9B-7412-4103-A511-8AED70B79DD7}" = protocol=6 | dir=in | app=c:\program files\ventrilo\ventrilo.exe |
"{3559F19D-836D-45D1-B795-65F7FB69326F}" = protocol=6 | dir=in | app=c:\users\adm\desktop\pes 2009\pes2009.exe |
"{37D0F7E0-F220-4F04-A1B0-CACFB85E2719}" = protocol=17 | dir=in | app=c:\program files\pando networks\media booster\pmb.exe |
"{38D2ED83-12F0-4A92-8395-4A610A41FDC4}" = dir=in | app=c:\program files\acer arcade live\acer tv share\acer tv share.exe |
"{39D31E0E-04DB-43DF-944F-B20DC24C7BAE}" = protocol=17 | dir=in | app=c:\program files\dna\btdna.exe |
"{3BD40E90-7A4B-45C6-A9B4-76A7466DA10D}" = dir=in | app=c:\program files\acer arcade live\acer slideshow dvd\acer slideshow dvd.exe |
"{3F1DCECE-9F81-4C8C-AC2F-341E25461123}" = protocol=17 | dir=in | app=c:\program files\avg\avg10\avgmfapx.exe |
"{3F884E7B-45B5-4AC1-830D-E280B1FA6992}" = protocol=17 | dir=in | app=c:\program files\stealthbot\stealthbot v2.6r3.exe |
"{4144D14D-C384-4DBB-AFF3-C7760E6A0622}" = protocol=17 | dir=in | app=c:\users\adm\desktop\all maplestories\maple v62\berserkms_(regular_game_client).exe |
"{436D8274-231D-4754-AE46-545B88F150EF}" = protocol=17 | dir=in | app=c:\program files\utorrent\utorrent.exe |
"{4370E331-0545-4A06-A2E3-1C7604DD797B}" = protocol=17 | dir=in | app=c:\riot games\league of legends\air\lolclient.exe |
"{437CB878-E26B-4993-8CB5-1616A6A06451}" = protocol=17 | dir=in | app=c:\program files\microsoft lifecam\lifecam.exe |
"{4475DABF-FBBF-4404-8DDF-05B130B7D6D3}" = dir=in | app=c:\program files\pando networks\media booster\pmb.exe |
"{45439237-BAE1-48E3-B401-401F1BFAA082}" = protocol=1 | dir=out | name=@firewallapi.dll,-28544 |
"{478C631A-E2EB-4417-9BAA-4E0A15C71A77}" = protocol=6 | dir=in | app=c:\program files\microsoft lifecam\lifeexp.exe |
"{480125A2-6FFE-45EF-8AE4-BB7FF6B40292}" = protocol=6 | dir=in | app=c:\users\adm\desktop\pes 2009\pes2009.exe |
"{4A775B3C-C3FF-40B6-95F8-34FAA617FE07}" = protocol=6 | dir=out | app=system |
"{4B859ED3-3C6D-426C-B623-2360613EA4F5}" = dir=in | app=c:\program files\acer arcade live\acer tv share\kernel\dmstv\clmsserver.exe |
"{4E5FAA7A-9DBD-4AA1-9500-768796E35387}" = protocol=6 | dir=in | app=c:\programdata\nexonus\ngm\ngm.exe |
"{4F4F3CB2-0DD8-49D3-82FF-0118C1F33A8E}" = protocol=17 | dir=in | app=c:\riot games\league of legends\game\league of legends.exe |
"{504774C9-D500-4079-8F5A-1717C7AA622F}" = protocol=58 | dir=in | name=@firewallapi.dll,-28545 |
"{52E741BF-B834-43A2-9939-57C460882CD2}" = protocol=6 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe |
"{56270DD2-10FF-43F7-835C-930EC7032B20}" = protocol=17 | dir=in | app=c:\program files\pando networks\media booster\pmb.exe |
"{5EB82128-68C7-42B8-9CA1-3D424C44CBCD}" = protocol=17 | dir=in | app=c:\program files\reactor\ijjioptimizer.exe |
"{5EF62F78-D18E-4530-8A9E-FEA2E4D1D4D9}" = protocol=17 | dir=in | app=c:\program files\steam\steam.exe |
"{6015FB8F-3286-4B66-98B6-9DFA6D3CDCD1}" = protocol=6 | dir=in | app=c:\program files\steam\steam.exe |
"{66B432A0-C082-4C0F-8A93-9226308B84D7}" = protocol=6 | dir=in | app=c:\users\adm\desktop\all maplestories\maple v62\berserkms_(regular_game_client).exe |
"{68011EC3-3A17-47D3-814E-EFB266A0C3D7}" = protocol=17 | dir=in | app=c:\program files\relevantknowledge\rlvknlg.exe |
"{68FDF3C7-0844-45A5-A076-9877E556C194}" = protocol=6 | dir=in | app=c:\riot games\league of legends\lol.launcher.exe |
"{69E77751-9CB0-4FA7-B7AA-A737625338E8}" = protocol=6 | dir=in | app=c:\windows\system32\wuapp.exe |
"{6FF3199A-36E0-484E-ACED-8E562F25A8D4}" = dir=in | app=c:\program files\acer arcade live\acer dv magician\acer dv magician.exe |
"{72AC1439-9558-4834-83F3-B1220AEAEE54}" = dir=in | app=c:\program files\acer arcade live\acer arcade live main page\acer arcade live.exe |
"{7374D4F6-C68B-456C-B799-D2AD6BF2D7B3}" = dir=in | app=c:\program files\windows live\sync\windowslivesync.exe |
"{75D177FE-1277-44B9-A980-E29BDCD35F58}" = protocol=17 | dir=in | app=c:\users\adm\desktop\pes 2009\pes2009.exe |
"{78375A15-200F-4EAB-AE8C-25C36B4D40AF}" = dir=in | app=c:\program files\windows live\messenger\msnmsgr.exe |
"{7BFC0C46-D704-4DE5-BC66-A0B377A58B4A}" = protocol=17 | dir=in | app=c:\program files\limewire\limewire.exe |
"{7D4EF762-0804-41DB-B8FA-A480B8A9808B}" = protocol=1 | dir=out | name=@firewallapi.dll,-28544 |
"{7DB08993-96DD-4881-9984-D86B43F68E8A}" = protocol=58 | dir=in | name=@firewallapi.dll,-28545 |
"{7E516352-C077-444C-971D-24F1D2F8DBD9}" = protocol=17 | dir=in | app=c:\program files\dna\btdna.exe |
"{832FD770-A24B-44C2-B369-945DED5A0031}" = protocol=17 | dir=in | app=c:\program files\microsoft lifecam\lifeexp.exe |
"{84FF564B-0723-4593-B2C0-B5913102FF1D}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe |
"{8751DEA0-27B4-4992-BF24-2F0A8CD50E11}" = dir=in | app=c:\program files\acer arcade live\acer dvdivine\acer dvdivine.exe |
"{89474C19-3AFC-445E-8E69-2E11C883AD21}" = protocol=17 | dir=in | app=c:\program files\itunes\itunes.exe |
"{8C1FB117-656A-4A9E-8254-0BD723200AB0}" = dir=in | app=c:\program files\acer arcade live\acer homemedia\acer homemedia.exe |
"{8F34E120-CC73-45BF-8349-94F29315F1A2}" = dir=in | app=c:\program files\acer arcade live\acer homemedia connect\acer homemedia connect.exe |
"{91CA20C6-096A-4F99-AE0C-93352A4F6E5F}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{91FB4B17-D027-4808-B03F-34137A9D41E7}" = protocol=6 | dir=in | app=c:\program files\stealthbot\stealthbot v2.6r3.exe |
"{95023884-3A2C-4DE9-B429-A27B46532C0E}" = dir=in | app=c:\program files\pando networks\media booster\pmb.exe |
"{99912997-783E-4C7B-BCD7-04F10A420F13}" = protocol=6 | dir=in | app=c:\program files\microsoft lifecam\lifetray.exe |
"{9CE4AFE7-03C9-4360-9523-518652229E76}" = protocol=17 | dir=in | app=c:\riot games\league of legends\air\lolclient.exe |
"{A3DDC259-AE6E-4431-8482-65E5BD1F5A6F}" = protocol=17 | dir=in | app=c:\riot games\league of legends\lol.launcher.exe |
"{A55CE7B9-79AF-4F5C-9124-B8A90E71CD0F}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe |
"{B4F7EAE4-E9B0-46B5-85B7-1FEFDF29892A}" = protocol=17 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe |
"{B70D94B5-2B27-4BCE-8D85-5AFB4C07C5D0}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{B800782C-FC3C-4D05-922A-ED915EC9AF11}" = protocol=6 | dir=in | app=c:\program files\steam\steamapps\common\beat hazard\beathazard.exe |
"{BB75F4AB-2354-4D6B-9ABB-2B832FB8BC81}" = protocol=6 | dir=in | app=c:\program files\microsoft lifecam\lifecam.exe |
"{BBA33E73-535E-4F30-8EC5-D8C11CF13AF0}" = protocol=17 | dir=in | app=c:\users\adm\appdata\local\f4\clientupdater\clientupdater.exe |
"{BD51E655-8477-4CD7-B568-8255C01B88D2}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{C3ACF800-3DE4-4E85-B039-78E1116D2FBB}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe |
"{C58C3D50-4CDD-4E2E-9CF3-409278AD0345}" = protocol=6 | dir=in | app=c:\program files\microsoft lifecam\lifeenc2.exe |
"{C63C688E-CDD7-45B4-A5BE-316594E4FFA5}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe |
"{C7D49D30-FCCA-4CBA-BA35-D8D3653424D4}" = protocol=17 | dir=in | app=c:\windows\system32\wuapp.exe |
"{C845CFAE-C1EC-47F8-96A8-0108531D8183}" = protocol=6 | dir=in | app=c:\program files\itunes\itunes.exe |
"{C95E1B71-568E-4162-92F1-5B844F06F587}" = protocol=6 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe |
"{CA1E2C11-17E0-4528-85C4-E6AF80E12172}" = protocol=6 | dir=in | app=c:\program files\dna\btdna.exe |
"{CDA1B3B6-4E0C-4B46-B677-7608A3DB3BF7}" = protocol=17 | dir=in | app=c:\program files\microsoft lifecam\lifetray.exe |
"{D86CF117-C73A-4529-AEE2-2A034735DA00}" = protocol=6 | dir=in | app=c:\program files\avg\avg10\avgmfapx.exe |
"{D9B5AEEE-9A72-4BD5-8DE4-5750D4867D63}" = protocol=6 | dir=in | app=c:\riot games\league of legends\air\lolclient.exe |
"{DA1F1E3C-9376-4BC7-83BD-535D290804E6}" = protocol=17 | dir=in | app=c:\program files\microsoft office\office12\onenote.exe |
"{DC8B7D5B-1624-4495-B4A2-25E3BE4949F6}" = protocol=58 | dir=out | name=@firewallapi.dll,-28546 |
"{DCE424B1-69B0-468E-B233-6D7FC97670D1}" = protocol=17 | dir=in | app=c:\program files\microsoft lifecam\lifeenc2.exe |
"{DED45318-F126-4BBA-AF59-477C886D18E2}" = protocol=6 | dir=in | app=c:\users\adm\appdata\local\temp\purplebean.exe |
"{DEFC1072-4FC7-456A-9337-B36F662518DC}" = protocol=58 | dir=out | name=@firewallapi.dll,-28546 |
"{E73A6A28-991A-433F-BC6E-EF2B2C7A806C}" = protocol=6 | dir=in | app=c:\riot games\league of legends\game\league of legends.exe |
"{E9CD1CDD-85EB-4386-9F90-4924EE4ED083}" = protocol=17 | dir=in | app=c:\users\adm\desktop\pes 2009\pes2009.exe |
"{ECB528AB-23BC-4E57-912C-4A69856262BE}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe |
"{EF089F86-12A8-430A-9EED-887299D11B70}" = protocol=17 | dir=in | app=c:\program files\steam\steamapps\common\beat hazard\beathazard.exe |
"{F1F0BEA8-7DA5-4AF1-AE59-244D51E70E31}" = protocol=6 | dir=in | app=c:\riot games\league of legends\game\league of legends.exe |
"{F2BCEC3A-8AB5-4D0B-A80D-68A0C7CE0DCD}" = protocol=17 | dir=in | app=c:\programdata\nexonus\ngm\ngm.exe |
"{F523BBE7-975E-4F0D-9BC0-F5909CE8264E}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{F7846B6F-B8C5-4DC0-8A13-BCEC21A3667D}" = protocol=1 | dir=in | name=@firewallapi.dll,-28543 |
"{F834A0BA-DFC0-4A98-9295-DBED40936A1A}" = protocol=6 | dir=in | app=c:\program files\limewire\limewire.exe |
"{F855C759-79FF-4D10-B046-8EC5A8ED0616}" = protocol=1 | dir=in | name=@firewallapi.dll,-28543 |
"{F96FC32D-5824-426D-B0DB-7854F96AAC8B}" = protocol=6 | dir=in | app=c:\riot games\league of legends\air\lolclient.exe |
"TCP Query User{01A03971-153C-4706-9E7D-4A6F38E8A306}C:\program files\mozilla firefox\firefox.exe" = protocol=6 | dir=in | app=c:\program files\mozilla firefox\firefox.exe |
"TCP Query User{037692F9-CB30-4090-86D6-3A1B4B1A5493}C:\program files\java\jre6\bin\java.exe" = protocol=6 | dir=in | app=c:\program files\java\jre6\bin\java.exe |
"TCP Query User{059A304D-1963-4AC4-9378-9DCAF74D5CE1}C:\users\adm\program files\dna\btdna.exe" = protocol=6 | dir=in | app=c:\users\adm\program files\dna\btdna.exe |
"TCP Query User{06E0E09D-8B45-4192-84B3-7249389F20A1}C:\program files\counter-strike 1.6\hlds.exe" = protocol=6 | dir=in | app=c:\program files\counter-strike 1.6\hlds.exe |
"TCP Query User{0A839AF2-1EAC-4300-9B57-A5505C3ADDB7}C:\program files\beat hazard\beathazard.exe" = protocol=6 | dir=in | app=c:\program files\beat hazard\beathazard.exe |
"TCP Query User{13D6FF2A-32E8-4A44-93B7-5703D8688F45}C:\program files\softnyx\wolfteam\wolfteam.bin" = protocol=6 | dir=in | app=c:\program files\softnyx\wolfteam\wolfteam.bin |
"TCP Query User{1FE7965D-7974-49D5-B3E2-D448C34B7D75}C:\program files\outspark\fists of fu\fistsoffu.exe" = protocol=6 | dir=in | app=c:\program files\outspark\fists of fu\fistsoffu.exe |
"TCP Query User{25C0C8B1-DA5C-4005-9516-8E00367A1D66}C:\program files\rugbyleague2\rugbyleague2.exe" = protocol=6 | dir=in | app=c:\program files\rugbyleague2\rugbyleague2.exe |
"TCP Query User{264E59E9-0E0F-4E6A-A392-8B6CCBAAEADB}C:\program files\dna\btdna.exe" = protocol=6 | dir=in | app=c:\program files\dna\btdna.exe |
"TCP Query User{2668FB1D-D390-4568-B080-947E61F5DF1C}C:\program files\warcraft iii\war3.exe" = protocol=6 | dir=in | app=c:\program files\warcraft iii\war3.exe |
"TCP Query User{278B2BC7-6315-4375-8E6D-B05D7947C12A}C:\program files\little fighter 2.5 - v2.0\lf2.5\lf2.5.exe" = protocol=6 | dir=in | app=c:\program files\little fighter 2.5 - v2.0\lf2.5\lf2.5.exe |
"TCP Query User{2E087E7A-8013-4C6D-AEE0-78189436AD92}C:\program files\littlefighter2\lf2_v2.0a\lf2.exe" = protocol=6 | dir=in | app=c:\program files\littlefighter2\lf2_v2.0a\lf2.exe |
"TCP Query User{38F1DA49-1AE7-4516-8C09-662838439E7B}C:\program files\utorrent\utorrent.exe" = protocol=6 | dir=in | app=c:\program files\utorrent\utorrent.exe |
"TCP Query User{40D6C514-077D-4CE2-B543-C8F515EE40F6}C:\program files\garena\garena.exe" = protocol=6 | dir=in | app=c:\program files\garena\garena.exe |
"TCP Query User{4EFD1601-1C65-4875-923E-A200B833083E}C:\program files\dap\dap.exe" = protocol=6 | dir=in | app=c:\program files\dap\dap.exe |
"TCP Query User{4F9F498E-34C7-4DE2-BE05-FC6878423656}C:\program files\internet explorer\iexplore.exe" = protocol=6 | dir=in | app=c:\program files\internet explorer\iexplore.exe |
"TCP Query User{50C97F42-340D-45AC-9DC3-175783F03837}C:\users\adm\appdata\local\temp\rarsfx0\hl.exe" = protocol=6 | dir=in | app=c:\users\adm\appdata\local\temp\rarsfx0\hl.exe |
"TCP Query User{51B132CE-F8A7-4ED9-85F9-6F25269D1D92}C:\users\adm\appdata\local\temp\7zipsfx.001\cf_downloader.exe" = protocol=6 | dir=in | app=c:\users\adm\appdata\local\temp\7zipsfx.001\cf_downloader.exe |
"TCP Query User{603864D8-08F6-44A3-9FE3-4600F9F7A828}C:\windows\explorer.exe" = protocol=6 | dir=in | app=c:\windows\explorer.exe |
"TCP Query User{61CA7E2F-B975-4F57-88E6-19F6DB311DFA}C:\ijji\english\u_sf\soldierfront.exe" = protocol=6 | dir=in | app=c:\ijji\english\u_sf\soldierfront.exe |
"TCP Query User{65714A61-AEDF-4581-A6BA-D942A1A136F6}C:\program files\softnyx\rakionis\bin\rakion.bin" = protocol=6 | dir=in | app=c:\program files\softnyx\rakionis\bin\rakion.bin |
"TCP Query User{6CB8CA69-7047-47B3-BBF4-888523439E1E}C:\program files\valve\hltv.exe" = protocol=6 | dir=in | app=c:\program files\valve\hltv.exe |
"TCP Query User{71EA7E95-6A5A-421E-BE5D-9291564AF226}C:\windows\system32\taskeng.exe" = protocol=6 | dir=in | app=c:\windows\system32\taskeng.exe |
"TCP Query User{75BF5C97-D7B6-4C8B-9BA6-48F2967A71C7}D:\nba 2k11\nba2k11.exe" = protocol=6 | dir=in | app=d:\nba 2k11\nba2k11.exe |
"TCP Query User{762496EE-9DC4-42E6-9E2F-F96EC1A85B58}C:\ynk\rohan_blood_feud_hero\rohanclient.exe" = protocol=6 | dir=in | app=c:\ynk\rohan_blood_feud_hero\rohanclient.exe |
"TCP Query User{7E52348F-C8B3-4AD2-990C-247682C870CF}C:\users\adm\nba 2k11\nba2k11.exe" = protocol=6 | dir=in | app=c:\users\adm\nba 2k11\nba2k11.exe |
"TCP Query User{94FB9787-05E2-4EDD-B3B0-FF701570ABA0}C:\program files\garena\garena.exe" = protocol=6 | dir=in | app=c:\program files\garena\garena.exe |
"TCP Query User{9BCC5E6F-1555-4540-A6D7-9B0D12150187}C:\program files\valve\hl.exe" = protocol=6 | dir=in | app=c:\program files\valve\hl.exe |
"TCP Query User{A56152D7-F070-4E4C-96AA-119C27B572FA}C:\program files\your freedom\freedom.exe" = protocol=6 | dir=in | app=c:\program files\your freedom\freedom.exe |
"TCP Query User{BC126C71-8CE2-486D-902A-000E1820BF87}C:\users\adm\documents\mwodownloader.exe" = protocol=6 | dir=in | app=c:\users\adm\documents\mwodownloader.exe |
"TCP Query User{BE695B77-DB5B-4EBB-B6B2-843B81D68A6C}C:\users\adm\appdata\local\temp\7zipsfx.000\cf_downloader.exe" = protocol=6 | dir=in | app=c:\users\adm\appdata\local\temp\7zipsfx.000\cf_downloader.exe |
"TCP Query User{BEE1A588-794B-4D75-9551-468D8FFF6233}C:\program files\counter-strike 1.6\hl.exe" = protocol=6 | dir=in | app=c:\program files\counter-strike 1.6\hl.exe |
"TCP Query User{C380FEE1-1892-400A-AE81-6A008FEA410C}C:\users\adm\downloads\sro_l4_full_client_downloader.exe" = protocol=6 | dir=in | app=c:\users\adm\downloads\sro_l4_full_client_downloader.exe |
"TCP Query User{CF80A871-C8BA-4D49-AF3E-5C89016E49EB}C:\program files\softnyx\wolfteam\wolfteam.bin" = protocol=6 | dir=in | app=c:\program files\softnyx\wolfteam\wolfteam.bin |
"TCP Query User{D3CBA358-88B2-45FB-8718-02EFAC0B6810}C:\program files\warcraft iii\war3.exe" = protocol=6 | dir=in | app=c:\program files\warcraft iii\war3.exe |
"TCP Query User{DF7FC3E4-8121-4B59-9423-AC617687B347}C:\program files\softnyx\gunboundwc\gunbound.gme" = protocol=6 | dir=in | app=c:\program files\softnyx\gunboundwc\gunbound.gme |
"TCP Query User{E2E08B09-93B0-4ED1-8993-964D74851ADC}C:\users\adm\pc_nba.2k11.full-rip.-tptb\nba 2k11\nba2k11.exe" = protocol=6 | dir=in | app=c:\users\adm\pc_nba.2k11.full-rip.-tptb\nba 2k11\nba2k11.exe |
"TCP Query User{E7B956AD-DEAF-498B-ABD4-7D3A8E838841}C:\program files\valve\hl.exe" = protocol=6 | dir=in | app=c:\program files\valve\hl.exe |
"TCP Query User{F693CBE8-F0DA-4201-9A09-F7CC43B8C1B0}C:\ijji\english\u_sf\soldierfront.exe" = protocol=6 | dir=in | app=c:\ijji\english\u_sf\soldierfront.exe |
"TCP Query User{FE94D6B1-9F83-4BB3-A68B-6D9D5040AE93}C:\users\adm\desktop\left 4 dead\left4dead.exe" = protocol=6 | dir=in | app=c:\users\adm\desktop\left 4 dead\left4dead.exe |
"TCP Query User{FF653508-CC62-41D0-8A31-2B4E735B8FAD}C:\program files\java\jre6\bin\javaw.exe" = protocol=6 | dir=in | app=c:\program files\java\jre6\bin\javaw.exe |
"UDP Query User{05F13B63-088A-4DE5-A952-E45542AC1DCE}C:\program files\counter-strike 1.6\hl.exe" = protocol=17 | dir=in | app=c:\program files\counter-strike 1.6\hl.exe |
"UDP Query User{079C9B41-C83E-4FA1-8755-3862188E99CB}C:\program files\warcraft iii\war3.exe" = protocol=17 | dir=in | app=c:\program files\warcraft iii\war3.exe |
"UDP Query User{093A43E9-2E96-412A-972B-BE741F6B675A}C:\ynk\rohan_blood_feud_hero\rohanclient.exe" = protocol=17 | dir=in | app=c:\ynk\rohan_blood_feud_hero\rohanclient.exe |
"UDP Query User{0D6945DE-12CA-49D1-8847-EB84C000D863}C:\program files\garena\garena.exe" = protocol=17 | dir=in | app=c:\program files\garena\garena.exe |
"UDP Query User{0FAA4E92-5880-4186-896F-FCED1A50DDE0}C:\windows\explorer.exe" = protocol=17 | dir=in | app=c:\windows\explorer.exe |
"UDP Query User{1105F3ED-B947-4F56-8B2B-6161F4237BAE}C:\program files\softnyx\wolfteam\wolfteam.bin" = protocol=17 | dir=in | app=c:\program files\softnyx\wolfteam\wolfteam.bin |
"UDP Query User{16329B30-C38C-416D-A4D7-8BB6C1A1D795}C:\users\adm\desktop\left 4 dead\left4dead.exe" = protocol=17 | dir=in | app=c:\users\adm\desktop\left 4 dead\left4dead.exe |
"UDP Query User{17652024-34E4-4116-8642-DD14637D2E1E}C:\users\adm\appdata\local\temp\rarsfx0\hl.exe" = protocol=17 | dir=in | app=c:\users\adm\appdata\local\temp\rarsfx0\hl.exe |
"UDP Query User{1A85DE64-470E-4B13-B6C1-E6225EBCA236}C:\users\adm\appdata\local\temp\7zipsfx.001\cf_downloader.exe" = protocol=17 | dir=in | app=c:\users\adm\appdata\local\temp\7zipsfx.001\cf_downloader.exe |
"UDP Query User{1B7B731E-FF31-45E2-8950-05862B913D54}C:\program files\valve\hl.exe" = protocol=17 | dir=in | app=c:\program files\valve\hl.exe |
"UDP Query User{293492A1-81B6-4B61-9168-0574123EC86D}C:\program files\outspark\fists of fu\fistsoffu.exe" = protocol=17 | dir=in | app=c:\program files\outspark\fists of fu\fistsoffu.exe |
"UDP Query User{299F18D6-733E-44DA-A19D-B09BE9B129F3}C:\program files\mozilla firefox\firefox.exe" = protocol=17 | dir=in | app=c:\program files\mozilla firefox\firefox.exe |
"UDP Query User{358EADAE-1AA5-40FD-A603-A872B43C5B3B}C:\users\adm\documents\mwodownloader.exe" = protocol=17 | dir=in | app=c:\users\adm\documents\mwodownloader.exe |
"UDP Query User{3908F48F-7A68-4ECF-8FC0-C017EB85EC1B}C:\ijji\english\u_sf\soldierfront.exe" = protocol=17 | dir=in | app=c:\ijji\english\u_sf\soldierfront.exe |
"UDP Query User{4E23DEBA-ADBB-4DA9-96B1-B6A479343922}C:\program files\valve\hl.exe" = protocol=17 | dir=in | app=c:\program files\valve\hl.exe |
"UDP Query User{5001021A-FAD5-46D8-99D5-44CCABD86566}C:\program files\littlefighter2\lf2_v2.0a\lf2.exe" = protocol=17 | dir=in | app=c:\program files\littlefighter2\lf2_v2.0a\lf2.exe |
"UDP Query User{5379C15C-4F94-4FCE-B503-95F089DE858D}C:\users\adm\appdata\local\temp\7zipsfx.000\cf_downloader.exe" = protocol=17 | dir=in | app=c:\users\adm\appdata\local\temp\7zipsfx.000\cf_downloader.exe |
"UDP Query User{5916FAEB-0489-49EB-A948-9D36EF26D6E6}C:\users\adm\downloads\sro_l4_full_client_downloader.exe" = protocol=17 | dir=in | app=c:\users\adm\downloads\sro_l4_full_client_downloader.exe |
"UDP Query User{5C0421F8-EC2F-4563-981B-4ACF97BF993B}D:\nba 2k11\nba2k11.exe" = protocol=17 | dir=in | app=d:\nba 2k11\nba2k11.exe |
"UDP Query User{6828C240-2AB0-4551-8207-D51B40370978}C:\program files\warcraft iii\war3.exe" = protocol=17 | dir=in | app=c:\program files\warcraft iii\war3.exe |
"UDP Query User{70503993-3BFE-4A9E-A5D0-628EE018F107}C:\program files\dap\dap.exe" = protocol=17 | dir=in | app=c:\program files\dap\dap.exe |
"UDP Query User{782ABCDA-0059-44A1-BAC4-1B61235AD17C}C:\users\adm\pc_nba.2k11.full-rip.-tptb\nba 2k11\nba2k11.exe" = protocol=17 | dir=in | app=c:\users\adm\pc_nba.2k11.full-rip.-tptb\nba 2k11\nba2k11.exe |
"UDP Query User{7D607F7C-398C-484E-B98B-6274C97C847F}C:\program files\valve\hltv.exe" = protocol=17 | dir=in | app=c:\program files\valve\hltv.exe |
"UDP Query User{83C9256F-9BEB-41CD-954F-D6D5B108B3EB}C:\program files\your freedom\freedom.exe" = protocol=17 | dir=in | app=c:\program files\your freedom\freedom.exe |
"UDP Query User{83F83D72-AE7C-46D5-9BB1-9557CFC8B5BD}C:\program files\counter-strike 1.6\hlds.exe" = protocol=17 | dir=in | app=c:\program files\counter-strike 1.6\hlds.exe |
"UDP Query User{9083AF76-5A61-4A67-A865-EAE367D40A8B}C:\program files\little fighter 2.5 - v2.0\lf2.5\lf2.5.exe" = protocol=17 | dir=in | app=c:\program files\little fighter 2.5 - v2.0\lf2.5\lf2.5.exe |
"UDP Query User{925DF6A5-9825-4573-8F46-3906468AED6C}C:\program files\java\jre6\bin\java.exe" = protocol=17 | dir=in | app=c:\program files\java\jre6\bin\java.exe |
"UDP Query User{9A9A0FCE-1679-4E4C-9F42-D027B4F612B5}C:\users\adm\nba 2k11\nba2k11.exe" = protocol=17 | dir=in | app=c:\users\adm\nba 2k11\nba2k11.exe |
"UDP Query User{A203BFE6-F066-4A1F-8CBA-B3AF2B76FFB6}C:\program files\beat hazard\beathazard.exe" = protocol=17 | dir=in | app=c:\program files\beat hazard\beathazard.exe |
"UDP Query User{A291E940-4510-4492-AFF2-980D85624C4D}C:\windows\system32\taskeng.exe" = protocol=17 | dir=in | app=c:\windows\system32\taskeng.exe |
"UDP Query User{AA00C0D6-9E33-4EAD-974A-A731662DDE33}C:\program files\softnyx\gunboundwc\gunbound.gme" = protocol=17 | dir=in | app=c:\program files\softnyx\gunboundwc\gunbound.gme |
"UDP Query User{B0F62662-1B80-406E-9A50-3CCBDF804611}C:\program files\internet explorer\iexplore.exe" = protocol=17 | dir=in | app=c:\program files\internet explorer\iexplore.exe |
"UDP Query User{CD4AA4D0-8E79-42C9-81F4-F7BACF518724}C:\ijji\english\u_sf\soldierfront.exe" = protocol=17 | dir=in | app=c:\ijji\english\u_sf\soldierfront.exe |
"UDP Query User{CF097AB4-B2DC-43E5-93D2-E955E79B5ECD}C:\program files\garena\garena.exe" = protocol=17 | dir=in | app=c:\program files\garena\garena.exe |
"UDP Query User{D304DD90-1844-4AEE-91F2-3F2EEB66EC1E}C:\program files\rugbyleague2\rugbyleague2.exe" = protocol=17 | dir=in | app=c:\program files\rugbyleague2\rugbyleague2.exe |
"UDP Query User{D88FB7A9-D0DE-44A9-8962-349C1C090EAE}C:\program files\softnyx\wolfteam\wolfteam.bin" = protocol=17 | dir=in | app=c:\program files\softnyx\wolfteam\wolfteam.bin |
"UDP Query User{DC36FBD0-609E-41DC-90AE-7CDBEF9D3290}C:\users\adm\program files\dna\btdna.exe" = protocol=17 | dir=in | app=c:\users\adm\program files\dna\btdna.exe |
"UDP Query User{DF97DDE5-87D4-4BB7-A16D-E236AFB04566}C:\program files\dna\btdna.exe" = protocol=17 | dir=in | app=c:\program files\dna\btdna.exe |
"UDP Query User{E0874C2F-8FED-4D41-8959-7CAA688E41FF}C:\program files\java\jre6\bin\javaw.exe" = protocol=17 | dir=in | app=c:\program files\java\jre6\bin\javaw.exe |
"UDP Query User{EE089F26-6882-43A9-B09B-3A8686E533A3}C:\program files\softnyx\rakionis\bin\rakion.bin" = protocol=17 | dir=in | app=c:\program files\softnyx\rakionis\bin\rakion.bin |
"UDP Query User{F1C3B098-66DB-407D-BFD1-D65E046B8A8B}C:\program files\utorrent\utorrent.exe" = protocol=17 | dir=in | app=c:\program files\utorrent\utorrent.exe |

========== HKEY_LOCAL_MACHINE Uninstall List ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{111DB3F0-0C58-4475-9954-1BD5B7B28618}" = League of Legends
"{67AC2696-E217-4519-A5BA-8A94E5F389D5}" = Solid Edge 2D Drafting ST2
"{92606477-9366-4D3B-8AE3-6BE4B29727AB}" = League of Legends
"DAEMON Tools Lite" = DAEMON Tools Lite
"Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware
"Mozilla Firefox (3.6.17)" = Mozilla Firefox (3.6.17)
"Veetle TV" = Veetle TV 0.9.18

========== HKEY_USERS Uninstall List ==========

[HKEY_USERS\S-1-5-21-3512897752-3335045268-2292349305-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"BitTorrent DNA" = DNA
"uTorrent" = µTorrent

========== Last 10 Event Log Errors ==========

[ Application Events ]
Error - 4/05/2011 6:00:12 PM | Computer Name = adm-PC | Source = WerSvc | ID = 5007
Description =

Error - 4/05/2011 7:26:19 PM | Computer Name = adm-PC | Source = .NET Runtime Optimization Service | ID = 1111
Description =

Error - 4/05/2011 7:42:45 PM | Computer Name = adm-PC | Source = Application Error | ID = 1000
Description = Faulting application MovieMaker.exe, version 14.0.8117.416, time stamp
0x4bc95aac, faulting module RAAC.dll, version 6.0.1.64, time stamp 0x4775a9b7,
exception code 0xc0000005, fault offset 0x000019fa, process id 0xbfc, application
start time 0x01cc0ab4f104fc42.

Error - 4/05/2011 8:00:07 PM | Computer Name = adm-PC | Source = WerSvc | ID = 5007
Description =

Error - 4/05/2011 8:04:40 PM | Computer Name = adm-PC | Source = Application Error | ID = 1000
Description = Faulting application iexplore.exe, version 7.0.6000.16473, time stamp
0x46296d48, faulting module unknown, version 0.0.0.0, time stamp 0x00000000, exception
code 0xc0000005, fault offset 0xffffffff, process id 0x574, application start time
0x01cc0ab6c79c1b10.

Error - 4/05/2011 9:18:32 PM | Computer Name = adm-PC | Source = WerSvc | ID = 5007
Description =

Error - 4/05/2011 9:26:03 PM | Computer Name = adm-PC | Source = .NET Runtime Optimization Service | ID = 1111
Description =

Error - 4/05/2011 10:04:04 PM | Computer Name = adm-PC | Source = Application Error | ID = 1000
Description = Faulting application iexplore.exe, version 7.0.6000.16473, time stamp
0x46296d48, faulting module unknown, version 0.0.0.0, time stamp 0x00000000, exception
code 0xc0000005, fault offset 0xffffffff, process id 0x550, application start time
0x01cc0ac1f7480b8c.

Error - 5/05/2011 5:02:52 PM | Computer Name = adm-PC | Source = WerSvc | ID = 5007
Description =

Error - 5/05/2011 5:03:48 PM | Computer Name = adm-PC | Source = .NET Runtime Optimization Service | ID = 1111
Description =

[ Media Center Events ]
Error - 2/03/2009 1:25:58 AM | Computer Name = adm-PC | Source = Media Center Guide | ID = 0
Description = Event Info: ERROR: SqmApiWrapper.TimerRecord failed; Win32 GetLastError
returned 10000105 Process: DefaultDomain Object Name: Media Center Guide

Error - 6/03/2009 1:30:33 AM | Computer Name = adm-PC | Source = Media Center Guide | ID = 0
Description = Event Info: ERROR: SqmApiWrapper.TimerRecord failed; Win32 GetLastError
returned 10000105 Process: DefaultDomain Object Name: Media Center Guide

Error - 6/03/2009 5:06:30 PM | Computer Name = adm-PC | Source = Media Center Guide | ID = 0
Description = Event Info: ERROR: SqmApiWrapper.TimerRecord failed; Win32 GetLastError
returned 10000105 Process: DefaultDomain Object Name: Media Center Guide

Error - 6/03/2009 5:52:49 PM | Computer Name = adm-PC | Source = Media Center Guide | ID = 0
Description = Event Info: ERROR: SqmApiWrapper.TimerRecord failed; Win32 GetLastError
returned 10000105 Process: DefaultDomain Object Name: Media Center Guide

Error - 6/03/2009 9:44:06 PM | Computer Name = adm-PC | Source = Media Center Guide | ID = 0
Description = Event Info: ERROR: SqmApiWrapper.TimerRecord failed; Win32 GetLastError
returned 10000105 Process: DefaultDomain Object Name: Media Center Guide

Error - 7/03/2009 1:04:13 AM | Computer Name = adm-PC | Source = Media Center Guide | ID = 0
Description = Event Info: ERROR: SqmApiWrapper.TimerRecord failed; Win32 GetLastError
returned 10000105 Process: DefaultDomain Object Name: Media Center Guide

Error - 7/03/2009 6:18:59 PM | Computer Name = adm-PC | Source = Media Center Guide | ID = 0
Description = Event Info: ERROR: SqmApiWrapper.TimerRecord failed; Win32 GetLastError
returned 10000105 Process: DefaultDomain Object Name: Media Center Guide

Error - 7/03/2009 8:30:39 PM | Computer Name = adm-PC | Source = Media Center Guide | ID = 0
Description = Event Info: ERROR: SqmApiWrapper.TimerRecord failed; Win32 GetLastError
returned 10000105 Process: DefaultDomain Object Name: Media Center Guide

Error - 7/03/2009 8:48:47 PM | Computer Name = adm-PC | Source = Media Center Guide | ID = 0
Description = Event Info: ERROR: SqmApiWrapper.TimerRecord failed; Win32 GetLastError
returned 10000105 Process: DefaultDomain Object Name: Media Center Guide

Error - 7/03/2009 10:16:34 PM | Computer Name = adm-PC | Source = Media Center Guide | ID = 0
Description = Event Info: ERROR: SqmApiWrapper.TimerRecord failed; Win32 GetLastError
returned 10000105 Process: DefaultDomain Object Name: Media Center Guide

[ OSession Events ]
Error - 13/02/2011 1:32:26 AM | Computer Name = adm-PC | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 0, Application Name: Microsoft Office Word, Application Version:
12.0.4518.1014, Microsoft Office Version: 12.0.4518.1014. This session lasted 462
seconds with 180 seconds of active time. This session ended with a crash.

Error - 13/02/2011 1:32:37 AM | Computer Name = adm-PC | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 0, Application Name: Microsoft Office Word, Application Version:
12.0.4518.1014, Microsoft Office Version: 12.0.4518.1014. This session lasted 1
seconds with 0 seconds of active time. This session ended with a crash.

Error - 13/02/2011 1:32:59 AM | Computer Name = adm-PC | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 0, Application Name: Microsoft Office Word, Application Version:
12.0.4518.1014, Microsoft Office Version: 12.0.4518.1014. This session lasted 13
seconds with 0 seconds of active time. This session ended with a crash.

[ System Events ]
Error - 4/05/2011 5:55:05 PM | Computer Name = adm-PC | Source = Dhcp | ID = 1002
Description = The IP address lease 10.1.1.12 for the Network Card with network address
001C253FD79B has been denied by the DHCP server 10.1.1.1 (The DHCP Server sent
a DHCPNACK message).

Error - 4/05/2011 5:56:27 PM | Computer Name = adm-PC | Source = Service Control Manager | ID = 7000
Description =

Error - 4/05/2011 7:55:34 PM | Computer Name = adm-PC | Source = EventLog | ID = 6008
Description = The previous system shutdown at 9:54:01 AM on 5/05/2011 was unexpected.

Error - 4/05/2011 7:55:43 PM | Computer Name = adm-PC | Source = Print | ID = 19
Description = The print spooler failed to share printer Send To OneNote 2007 with
shared resource name Send To OneNote 2007. Error 2114. The printer cannot be used
by others on the network.

Error - 4/05/2011 7:55:43 PM | Computer Name = adm-PC | Source = Print | ID = 19
Description = The print spooler failed to share printer Brother DCP-115C USB (Copy
1) with shared resource name Brother DCP-115C USB (Copy 1). Error 2114. The printer
cannot be used by others on the network.

Error - 4/05/2011 7:55:43 PM | Computer Name = adm-PC | Source = Print | ID = 19
Description = The print spooler failed to share printer Brother DCP-115C USB with
shared resource name Brother DCP-115C USB. Error 2114. The printer cannot be used
by others on the network.

Error - 4/05/2011 9:17:15 PM | Computer Name = adm-PC | Source = Service Control Manager | ID = 7000
Description =

Error - 5/05/2011 4:58:01 PM | Computer Name = adm-PC | Source = EventLog | ID = 6008
Description = The previous system shutdown at 10:37:39 PM on 5/05/2011 was unexpected.

Error - 5/05/2011 4:58:03 PM | Computer Name = ADM-PC | Source = Dhcp | ID = 1002
Description = The IP address lease 10.1.1.12 for the Network Card with network address
001C253FD79B has been denied by the DHCP server 10.1.1.1 (The DHCP Server sent
a DHCPNACK message).

Error - 5/05/2011 4:59:37 PM | Computer Name = adm-PC | Source = Service Control Manager | ID = 7000
Description =


< End of report >

#5 lamented2

lamented2
  • Topic Starter

  • Members
  • 19 posts
  • OFFLINE
  •  
  • Local time:05:31 AM

Posted 05 May 2011 - 06:40 PM

My google redirect has fixed itself, using TDSSkiller however my computer still has a BSOD upon shutting down and will restart itself. Thanks in advance :)

#6 SweetTech

SweetTech

    Agent ST


  • Members
  • 13,421 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Antarctica
  • Local time:06:31 AM

Posted 05 May 2011 - 06:50 PM

Hi!

OTL Fix

We need to run an OTL Fix
  • Please reopen Posted Image on your desktop.
  • Copy and Paste the following code into the Posted Image textbox.
    :Services
    :OTL
    IE - HKU\.DEFAULT\..\URLSearchHook: {A3BC75A2-1F87-4686-AA43-5347D756017C} - Reg Error: Key error. File not found
    IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 1
    IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyServer" = http=127.0.0.1:55151
    IE - HKU\S-1-5-18\..\URLSearchHook: {A3BC75A2-1F87-4686-AA43-5347D756017C} - Reg Error: Key error. File not found
    IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 1
    IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyServer" = http=127.0.0.1:55151
    IE - HKU\S-1-5-21-3512897752-3335045268-2292349305-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 1
    IE - HKU\S-1-5-21-3512897752-3335045268-2292349305-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyServer" = http=127.0.0.1:63515
    FF - prefs.js..network.proxy.http: "127.0.0.1"
    FF - prefs.js..network.proxy.http_port: 63515
    O2 - BHO: (SBCONVERT Class) - {3017FB3E-9A77-4396-88C5-0EC9548FB42F} - File not found
    O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - No CLSID value found.
    O2 - BHO: (Yontoo Layers) - {FD72061E-9FDE-484D-A58A-0BAB4151CAD8} - File not found
    O2 - BHO: (GrabberObj Class) - {FF7C3CF0-4B15-11D1-ABED-709549C10000} - File not found
    O3 - HKLM\..\Toolbar: (SpeedBit Video Downloader) - {0329E7D6-6F54-462D-93F6-F5C3118BADF2} - File not found
    O3 - HKLM\..\Toolbar: (no name) - {CCC7A320-B3CA-4199-B1A6-9F516DD69829} - No CLSID value found.
    O3 - HKU\S-1-5-21-3512897752-3335045268-2292349305-1000\..\Toolbar\WebBrowser: (SpeedBit Video Downloader) - {0329E7D6-6F54-462D-93F6-F5C3118BADF2} - File not found
    O4 - HKLM..\Run: [Acer Tour] File not found
    O4 - HKLM..\Run: [Adobe Reader Speed Launcher] File not found
    O4 - HKLM..\Run: [eRecoveryService] File not found
    F3 - HKU\S-1-5-21-3512897752-3335045268-2292349305-1000 WinNT: Run - (C:\Windows\System\regedit.exe) - File not found
    O9 - Extra Button: PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - File not found
    O9 - Extra 'Tools' menuitem : PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - File not found
    O16 - DPF: {CAFEEFAC-0016-0000-0002-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_02-windows-i586.cab (Java Plug-in 1.6.0_02)
    O20 - HKLM Winlogon: System - (C:\Users\adm\AppData\Local\svchost.exe) - File not found
    O20 - HKLM Winlogon: GinaDLL - (RtlGina2.dll) - File not found
    O20 - HKU\.DEFAULT Winlogon: Shell - (C:\Windows\system32\config\systemprofile\AppData\Roaming\dwm.exe) - File not found
    O20 - HKU\S-1-5-18 Winlogon: Shell - (C:\Windows\system32\config\systemprofile\AppData\Roaming\dwm.exe) - File not found
    O20 - HKU\S-1-5-21-3512897752-3335045268-2292349305-1000 Winlogon: System - (C:\Windows\System\wininit.com) - File not found
    O33 - MountPoints2\{1078eaa7-b322-11df-9f79-001c253fd79b}\Shell\AutoRun\command - "" = H:\RESTORE\S-1-5-21-1482476501-1644491937-682003330-1013\Taquito.exe
    O33 - MountPoints2\{1078eaa7-b322-11df-9f79-001c253fd79b}\Shell\open\command - "" = H:\RESTORE\S-1-5-21-1482476501-1644491937-682003330-1013\Taquito.exe
    O33 - MountPoints2\{23181525-76b5-11e0-8acf-001c253fd79b}\Shell - "" = AutoRun
    O33 - MountPoints2\{23181525-76b5-11e0-8acf-001c253fd79b}\Shell\AutoRun\command - "" = G:\AutoRun.exe -- [2002/10/04 15:06:32 | 000,487,424 | R--- | M] (Electronic Arts Inc.)
    O33 - MountPoints2\{5b6e94e8-70e4-11dd-9ffe-001c253fd79b}\Shell - "" = Autorun
    O33 - MountPoints2\{5b6e94e8-70e4-11dd-9ffe-001c253fd79b}\Shell\Auto\command - "" = H:\AutoRun.exe
    O33 - MountPoints2\{5b6e94e8-70e4-11dd-9ffe-001c253fd79b}\Shell\AutoRun\command - "" = C:\Windows\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL H:\AutoRun.exe
    O33 - MountPoints2\{77e52df8-ff39-11dd-9b38-001c253fd79b}\Shell\AutoRun\command - "" = RECYCLER\k-1-3542-4232123213-7676767-8888886\root.exe
    O33 - MountPoints2\{77e52df8-ff39-11dd-9b38-001c253fd79b}\Shell\open\command - "" = RECYCLER\k-1-3542-4232123213-7676767-8888886\root.exe
    O33 - MountPoints2\{7db94224-e3ac-11de-b531-001c253fd79b}\Shell\AutoRun\command - "" = H:\crsxses.exe
    O33 - MountPoints2\{9cd2d1f6-ddee-11de-83db-001c253fd79b}\Shell - "" = AutoRun
    O33 - MountPoints2\{9cd2d1f6-ddee-11de-83db-001c253fd79b}\Shell\AutoRun\command - "" = I:\LaunchU3.exe -a
    O33 - MountPoints2\{cf11db2f-e60d-11de-b42c-001c253fd79b}\Shell - "" = Autorun
    O33 - MountPoints2\{cf11db2f-e60d-11de-b42c-001c253fd79b}\Shell\Auto\command - "" = H:\AutoRun.exe
    O33 - MountPoints2\{cf11db2f-e60d-11de-b42c-001c253fd79b}\Shell\AutoRun\command - "" = C:\Windows\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL H:\AutoRun.exe
    O33 - MountPoints2\{dc54527a-24d9-11de-b373-001c253fd79b}\Shell\AutoRun\command - "" = 1ogf.exe
    O33 - MountPoints2\{dc54527a-24d9-11de-b373-001c253fd79b}\Shell\open\Command - "" = 1ogf.exe
    O33 - MountPoints2\{f487de99-581b-11e0-b954-001c253fd79b}\Shell\AutoRun\command - "" = C:\Windows\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL UlgD0he.exe
    O35 - HKLM\..exefile [open] -- "C:\Windows\system32\config\systemprofile\AppData\Local\ies.exe" -a "%1" %* (Microsoft Corporation)
    O37 - HKLM\...exe [@ = exefile] -- "C:\Windows\system32\config\systemprofile\AppData\Local\ies.exe" -a "%1" %* (Microsoft Corporation)
    O37 - HKU\.DEFAULT\...exe [@ = exefile] -- "C:\Windows\system32\config\systemprofile\AppData\Local\ies.exe" -a "%1" %* (Microsoft Corporation)
    O37 - HKU\S-1-5-18\...exe [@ = exefile] -- "C:\Windows\system32\config\systemprofile\AppData\Local\ies.exe" -a "%1" %* (Microsoft Corporation)
    [2011/05/03 08:27:13 | 000,184,320 | -HS- | C] (Microsoft Corporation) -- C:\Windows\System32\486s4.dll
    [1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]
    [2011/05/04 12:27:09 | 000,012,841 | ---- | M] () -- C:\Users\adm\AppData\Roaming\A98A.C61
    [2011/05/03 14:29:24 | 000,010,248 | -HS- | M] () -- C:\ProgramData\3652q8r53i7vov7ke46rx876j7a10827
    [2011/05/03 08:27:13 | 000,184,320 | -HS- | M] (Microsoft Corporation) -- C:\Windows\System32\486s4.dll
    [2011/04/30 20:56:42 | 000,013,318 | -HS- | M] () -- C:\ProgramData\kk2s4tqba56un4l450l4846k0x2qh0
    [2011/04/30 18:34:29 | 000,013,252 | -HS- | M] () -- C:\Users\adm\AppData\Local\47h7308i05434q7ml6uhge302
    [2011/04/30 18:34:29 | 000,013,252 | -HS- | M] () -- C:\ProgramData\47h7308i05434q7ml6uhge302
    [2011/04/30 10:44:13 | 000,013,318 | -HS- | M] () -- C:\Users\adm\AppData\Local\ge75n4sv4s6wc15a2mb56fem6cm642xx4
    [2011/04/30 10:44:13 | 000,013,318 | -HS- | M] () -- C:\ProgramData\ge75n4sv4s6wc15a2mb56fem6cm642xx4
    [2011/04/30 08:03:50 | 000,010,102 | -HS- | M] () -- C:\ProgramData\5f2ph51m052ajruj700xx2hor734170i6dmv3o246y7n4n4
    [2011/04/29 22:24:06 | 000,000,359 | ---- | M] () -- C:\Users\adm\Documents\fix.inf
    [2011/04/29 22:02:35 | 000,010,122 | -HS- | M] () -- C:\Users\adm\AppData\Local\5f2ph51m052ajruj700xx2hor734170i6dmv3o246y7n4n4
    [2011/04/29 21:29:37 | 000,009,992 | -HS- | M] () -- C:\ProgramData\1866462758
    [2011/05/03 14:36:39 | 000,012,841 | ---- | C] () -- C:\Users\adm\AppData\Roaming\A98A.C61
    [2011/05/03 08:27:14 | 000,010,248 | -HS- | C] () -- C:\ProgramData\3652q8r53i7vov7ke46rx876j7a10827
    [2011/04/30 20:54:12 | 000,013,318 | -HS- | C] () -- C:\ProgramData\kk2s4tqba56un4l450l4846k0x2qh0
    [2011/04/30 16:24:28 | 000,013,252 | -HS- | C] () -- C:\Users\adm\AppData\Local\47h7308i05434q7ml6uhge302
    [2011/04/30 12:42:26 | 000,013,252 | -HS- | C] () -- C:\ProgramData\47h7308i05434q7ml6uhge302
    [2011/04/30 10:42:11 | 000,013,318 | -HS- | C] () -- C:\Users\adm\AppData\Local\ge75n4sv4s6wc15a2mb56fem6cm642xx4
    [2011/04/30 10:42:11 | 000,013,318 | -HS- | C] () -- C:\ProgramData\ge75n4sv4s6wc15a2mb56fem6cm642xx4
    [2011/04/29 22:24:06 | 000,000,359 | ---- | C] () -- C:\Users\adm\Documents\fix.inf
    [2011/04/29 21:29:37 | 000,010,122 | -HS- | C] () -- C:\Users\adm\AppData\Local\5f2ph51m052ajruj700xx2hor734170i6dmv3o246y7n4n4
    [2011/04/29 21:29:37 | 000,009,992 | -HS- | C] () -- C:\ProgramData\1866462758
    [2011/04/29 21:18:07 | 000,010,102 | -HS- | C] () -- C:\ProgramData\5f2ph51m052ajruj700xx2hor734170i6dmv3o246y7n4n4
    
    :Reg
    
    :Files
    type "C:\ComboFix.txt" /c
    ipconfig /flushdns /c
    :Commands
    [purity]
    [resethosts]
    [CreateRestorePoint]
    [emptytemp]
    [EMPTYFLASH]
    
  • Push Posted Image
  • OTL may ask to reboot the machine. Please do so if asked.
  • Click the OK button.
  • A report will open. Copy and Paste that report in your next reply.
  • If the machine reboots, the log will be located at C:\_OTL\MovedFiles\mmddyyyy_hhmmss.log, where mmddyyyy_hhmmss is the date of the tool run.

Have I helped you? If you'd like to assist in the fight against malware, click here Posted Image


The instructions seen in this post have been specifically tailored to this user and the issues they are experiencing with their computer. If you think you have a similar problem, please first read this topic, and then begin your own, new thread. I do not offer private support via Private Message.


#7 lamented2

lamented2
  • Topic Starter

  • Members
  • 19 posts
  • OFFLINE
  •  
  • Local time:05:31 AM

Posted 05 May 2011 - 07:00 PM

Here is the log for the required fix.

All processes killed
========== SERVICES/DRIVERS ==========
========== OTL ==========
Registry value HKEY_USERS\.DEFAULT\Software\Microsoft\Internet Explorer\URLSearchHooks\\{A3BC75A2-1F87-4686-AA43-5347D756017C} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{A3BC75A2-1F87-4686-AA43-5347D756017C}\ not found.
HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings\\ProxyEnable|dword:0 /E : value set successfully!
HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings\\ProxyServer| /E : value set successfully!
Registry value HKEY_USERS\S-1-5-18\Software\Microsoft\Internet Explorer\URLSearchHooks\\{A3BC75A2-1F87-4686-AA43-5347D756017C} not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{A3BC75A2-1F87-4686-AA43-5347D756017C}\ not found.
HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings\\ProxyEnable|dword:0 /E : value set successfully!
HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings\\ProxyServer| /E : value set successfully!
HKU\S-1-5-21-3512897752-3335045268-2292349305-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings\\ProxyEnable|dword:0 /E : value set successfully!
HKU\S-1-5-21-3512897752-3335045268-2292349305-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings\\ProxyServer| /E : value set successfully!
Prefs.js: "127.0.0.1" removed from network.proxy.http
Prefs.js: 63515 removed from network.proxy.http_port
Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{3017FB3E-9A77-4396-88C5-0EC9548FB42F}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{3017FB3E-9A77-4396-88C5-0EC9548FB42F}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{5C255C8A-E604-49b4-9D64-90988571CECB}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{5C255C8A-E604-49b4-9D64-90988571CECB}\ not found.
Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{FD72061E-9FDE-484D-A58A-0BAB4151CAD8}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{FD72061E-9FDE-484D-A58A-0BAB4151CAD8}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{FF7C3CF0-4B15-11D1-ABED-709549C10000}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{FF7C3CF0-4B15-11D1-ABED-709549C10000}\ deleted successfully.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Toolbar\\{0329E7D6-6F54-462D-93F6-F5C3118BADF2} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{0329E7D6-6F54-462D-93F6-F5C3118BADF2}\ deleted successfully.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Toolbar\\{CCC7A320-B3CA-4199-B1A6-9F516DD69829} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{CCC7A320-B3CA-4199-B1A6-9F516DD69829}\ not found.
Registry value HKEY_USERS\S-1-5-21-3512897752-3335045268-2292349305-1000\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{0329E7D6-6F54-462D-93F6-F5C3118BADF2} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{0329E7D6-6F54-462D-93F6-F5C3118BADF2}\ not found.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\\Acer Tour deleted successfully.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\\Adobe Reader Speed Launcher deleted successfully.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\\eRecoveryService deleted successfully.
Registry value HKEY_USERS\S-1-5-21-3512897752-3335045268-2292349305-1000\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows\\Run:C:\Windows\System\regedit.exe deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Extensions\{B7FE5D70-9AA2-40F1-9C6B-12A255F085E1}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{B7FE5D70-9AA2-40F1-9C6B-12A255F085E1}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Extensions\{B7FE5D70-9AA2-40F1-9C6B-12A255F085E1}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{B7FE5D70-9AA2-40F1-9C6B-12A255F085E1}\ not found.
Starting removal of ActiveX control {CAFEEFAC-0016-0000-0002-ABCDEFFEDCBA}
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{CAFEEFAC-0016-0000-0002-ABCDEFFEDCBA}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0002-ABCDEFFEDCBA}\ deleted successfully.
Registry key HKEY_CURRENT_USER\SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0002-ABCDEFFEDCBA}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{CAFEEFAC-0016-0000-0002-ABCDEFFEDCBA}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0002-ABCDEFFEDCBA}\ not found.
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\\System:C:\Users\adm\AppData\Local\svchost.exe deleted successfully.
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\\GinaDLL:RtlGina2.dll deleted successfully.
Registry value HKEY_USERS\.DEFAULT\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\\Shell:C:\Windows\system32\config\systemprofile\AppData\Roaming\dwm.exe deleted successfully.
Registry value HKEY_USERS\S-1-5-18\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\\Shell:C:\Windows\system32\config\systemprofile\AppData\Roaming\dwm.exe deleted successfully.
Registry value HKEY_USERS\S-1-5-21-3512897752-3335045268-2292349305-1000\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\\System:C:\Windows\System\wininit.com deleted successfully.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{1078eaa7-b322-11df-9f79-001c253fd79b}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{1078eaa7-b322-11df-9f79-001c253fd79b}\ not found.
File H:\RESTORE\S-1-5-21-1482476501-1644491937-682003330-1013\Taquito.exe not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{1078eaa7-b322-11df-9f79-001c253fd79b}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{1078eaa7-b322-11df-9f79-001c253fd79b}\ not found.
File H:\RESTORE\S-1-5-21-1482476501-1644491937-682003330-1013\Taquito.exe not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{23181525-76b5-11e0-8acf-001c253fd79b}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{23181525-76b5-11e0-8acf-001c253fd79b}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{23181525-76b5-11e0-8acf-001c253fd79b}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{23181525-76b5-11e0-8acf-001c253fd79b}\ not found.
File move failed. G:\AutoRun.exe scheduled to be moved on reboot.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{5b6e94e8-70e4-11dd-9ffe-001c253fd79b}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{5b6e94e8-70e4-11dd-9ffe-001c253fd79b}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{5b6e94e8-70e4-11dd-9ffe-001c253fd79b}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{5b6e94e8-70e4-11dd-9ffe-001c253fd79b}\ not found.
File H:\AutoRun.exe not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{5b6e94e8-70e4-11dd-9ffe-001c253fd79b}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{5b6e94e8-70e4-11dd-9ffe-001c253fd79b}\ not found.
File C:\Windows\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL H:\AutoRun.exe not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{77e52df8-ff39-11dd-9b38-001c253fd79b}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{77e52df8-ff39-11dd-9b38-001c253fd79b}\ not found.
File C:\RECYCLER\k-1-3542-4232123213-7676767-8888886\root.exe not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{77e52df8-ff39-11dd-9b38-001c253fd79b}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{77e52df8-ff39-11dd-9b38-001c253fd79b}\ not found.
File C:\RECYCLER\k-1-3542-4232123213-7676767-8888886\root.exe not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{7db94224-e3ac-11de-b531-001c253fd79b}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{7db94224-e3ac-11de-b531-001c253fd79b}\ not found.
File H:\crsxses.exe not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{9cd2d1f6-ddee-11de-83db-001c253fd79b}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{9cd2d1f6-ddee-11de-83db-001c253fd79b}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{9cd2d1f6-ddee-11de-83db-001c253fd79b}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{9cd2d1f6-ddee-11de-83db-001c253fd79b}\ not found.
File I:\LaunchU3.exe -a not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{cf11db2f-e60d-11de-b42c-001c253fd79b}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{cf11db2f-e60d-11de-b42c-001c253fd79b}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{cf11db2f-e60d-11de-b42c-001c253fd79b}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{cf11db2f-e60d-11de-b42c-001c253fd79b}\ not found.
File H:\AutoRun.exe not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{cf11db2f-e60d-11de-b42c-001c253fd79b}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{cf11db2f-e60d-11de-b42c-001c253fd79b}\ not found.
File C:\Windows\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL H:\AutoRun.exe not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{dc54527a-24d9-11de-b373-001c253fd79b}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{dc54527a-24d9-11de-b373-001c253fd79b}\ not found.
File 1ogf.exe not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{dc54527a-24d9-11de-b373-001c253fd79b}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{dc54527a-24d9-11de-b373-001c253fd79b}\ not found.
File 1ogf.exe not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{f487de99-581b-11e0-b954-001c253fd79b}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{f487de99-581b-11e0-b954-001c253fd79b}\ not found.
File C:\Windows\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL UlgD0he.exe not found.
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Classes\exefile\shell\open\command\\'' updated successfully.
C:\Windows\System32\config\systemprofile\AppData\Local\ies.exe moved successfully.
HKEY_LOCAL_MACHINE\Software\Classes\.exe\shell\open\command\\|"%1" %* /E : value set successfully!
HKEY_LOCAL_MACHINE\Software\Classes\.exe\\|exefile /E : value set successfully!
Registry key HKEY_USERS\.DEFAULT\Software\Classes\.exe\ deleted successfully.
Registry key HKEY_USERS\.DEFAULT\Software\Classes\exefile\ deleted successfully.
HKEY_LOCAL_MACHINE\Software\Classes\.exe\\|exefile /E : value set successfully!
Registry key HKEY_USERS\S-1-5-18\Software\Classes\.exe\ not found.
Registry key HKEY_USERS\S-1-5-18\Software\Classes\exefile\ not found.
HKEY_LOCAL_MACHINE\Software\Classes\.exe\\|exefile /E : value set successfully!
File move failed. C:\Windows\System32\486s4.dll scheduled to be moved on reboot.
C:\Windows\msdownld.tmp folder deleted successfully.
C:\Users\adm\AppData\Roaming\A98A.C61 moved successfully.
C:\ProgramData\3652q8r53i7vov7ke46rx876j7a10827 moved successfully.
File move failed. C:\Windows\System32\486s4.dll scheduled to be moved on reboot.
C:\ProgramData\kk2s4tqba56un4l450l4846k0x2qh0 moved successfully.
C:\Users\adm\AppData\Local\47h7308i05434q7ml6uhge302 moved successfully.
C:\ProgramData\47h7308i05434q7ml6uhge302 moved successfully.
C:\Users\adm\AppData\Local\ge75n4sv4s6wc15a2mb56fem6cm642xx4 moved successfully.
C:\ProgramData\ge75n4sv4s6wc15a2mb56fem6cm642xx4 moved successfully.
C:\ProgramData\5f2ph51m052ajruj700xx2hor734170i6dmv3o246y7n4n4 moved successfully.
C:\Users\adm\Documents\fix.inf moved successfully.
C:\Users\adm\AppData\Local\5f2ph51m052ajruj700xx2hor734170i6dmv3o246y7n4n4 moved successfully.
C:\ProgramData\1866462758 moved successfully.
File C:\Users\adm\AppData\Roaming\A98A.C61 not found.
File C:\ProgramData\3652q8r53i7vov7ke46rx876j7a10827 not found.
File C:\ProgramData\kk2s4tqba56un4l450l4846k0x2qh0 not found.
File C:\Users\adm\AppData\Local\47h7308i05434q7ml6uhge302 not found.
File C:\ProgramData\47h7308i05434q7ml6uhge302 not found.
File C:\Users\adm\AppData\Local\ge75n4sv4s6wc15a2mb56fem6cm642xx4 not found.
File C:\ProgramData\ge75n4sv4s6wc15a2mb56fem6cm642xx4 not found.
File C:\Users\adm\Documents\fix.inf not found.
File C:\Users\adm\AppData\Local\5f2ph51m052ajruj700xx2hor734170i6dmv3o246y7n4n4 not found.
File C:\ProgramData\1866462758 not found.
File C:\ProgramData\5f2ph51m052ajruj700xx2hor734170i6dmv3o246y7n4n4 not found.
========== REGISTRY ==========
========== FILES ==========
< type "C:\ComboFix.txt" /c >
D:\My DAP Downloads\cmd.bat deleted successfully.
D:\My DAP Downloads\cmd.txt deleted successfully.
< ipconfig /flushdns /c >
Windows IP Configuration
Successfully flushed the DNS Resolver Cache.
D:\My DAP Downloads\cmd.bat deleted successfully.
D:\My DAP Downloads\cmd.txt deleted successfully.
========== COMMANDS ==========
HOSTS file reset successfully


[EMPTYTEMP]

User: adm
->Temp folder emptied: 2523614885 bytes
->Temporary Internet Files folder emptied: 174651485 bytes
->Java cache emptied: 126478501 bytes
->FireFox cache emptied: 102531722 bytes
->Flash cache emptied: 2380686 bytes

User: All Users

User: Default
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 33170 bytes

User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes

User: Public

%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 2830218168 bytes
RecycleBin emptied: 0 bytes

Total Files Cleaned = 5,493.00 mb


[EMPTYFLASH]

User: adm
->Flash cache emptied: 0 bytes

User: All Users

User: Default

User: Default User

User: Public

Total Flash Files Cleaned = 0.00 mb


OTL by OldTimer - Version 3.2.22.3 log created on 05062011_095133

Files\Folders moved on Reboot...
File\Folder G:\AutoRun.exe not found!
C:\Windows\System32\486s4.dll moved successfully.
File move failed. C:\Windows\temp\CLDigitalHome\CLMS_AGENT_LOG1.txt scheduled to be moved on reboot.
File move failed. C:\Windows\temp\CLDigitalHome\PCMMediaServer.log scheduled to be moved on reboot.

Registry entries deleted on Reboot...

#8 SweetTech

SweetTech

    Agent ST


  • Members
  • 13,421 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Antarctica
  • Local time:06:31 AM

Posted 05 May 2011 - 07:21 PM

Please post the TDSSKiller log file for me to review.

As well as running this scan:

Running ComboFix
Download Combofix from either of the links below, and save it to your desktop.

Link 1
Link 2

**Note: It is important that it is saved directly to your desktop**

--------------------------------------------------------------------
IMPORTANT - Disable your AntiVirus and AntiSpyware applications, usually via a right click on the System Tray icon. They may otherwise interfere with our tools. If you have difficulty properly disabling your protective programs, refer to this link here

Note: If AVG or CA Internet Security Suite is installed, you must remove these programs before using Combofix. If for some reason these applications will not uninstall, try uninstalling with AppRemover by Opswat.
--------------------------------------------------------------------

Double click on ComboFix.exe & follow the prompts.
  • When finished, it will produce a report for you.
  • Please post the C:\ComboFix.txt for further review.

Have I helped you? If you'd like to assist in the fight against malware, click here Posted Image


The instructions seen in this post have been specifically tailored to this user and the issues they are experiencing with their computer. If you think you have a similar problem, please first read this topic, and then begin your own, new thread. I do not offer private support via Private Message.


#9 lamented2

lamented2
  • Topic Starter

  • Members
  • 19 posts
  • OFFLINE
  •  
  • Local time:05:31 AM

Posted 05 May 2011 - 07:24 PM

The TDSSKiller log file is posted above. Would you like me to rerun TDSS killer and post another log? Will be using combofix now.

#10 lamented2

lamented2
  • Topic Starter

  • Members
  • 19 posts
  • OFFLINE
  •  
  • Local time:05:31 AM

Posted 05 May 2011 - 07:27 PM

Although he is the log from YESTERDAY, which managed to remove the rootkit.
2011/05/05 09:53:31.0882 3468 TDSS rootkit removing tool 2.5.0.0 May 1 2011 14:20:16
2011/05/05 09:53:33.0066 3468 ================================================================================
2011/05/05 09:53:33.0067 3468 SystemInfo:
2011/05/05 09:53:33.0067 3468
2011/05/05 09:53:33.0067 3468 OS Version: 6.0.6000 ServicePack: 0.0
2011/05/05 09:53:33.0067 3468 Product type: Workstation
2011/05/05 09:53:33.0067 3468 ComputerName: ADM-PC
2011/05/05 09:53:33.0067 3468 UserName: adm
2011/05/05 09:53:33.0067 3468 Windows directory: C:\Windows
2011/05/05 09:53:33.0067 3468 System windows directory: C:\Windows
2011/05/05 09:53:33.0067 3468 Processor architecture: Intel x86
2011/05/05 09:53:33.0067 3468 Number of processors: 2
2011/05/05 09:53:33.0067 3468 Page size: 0x1000
2011/05/05 09:53:33.0067 3468 Boot type: Normal boot
2011/05/05 09:53:33.0067 3468 ================================================================================
2011/05/05 09:53:33.0844 3468 Initialize success
2011/05/05 09:53:36.0235 3968 ================================================================================
2011/05/05 09:53:36.0235 3968 Scan started
2011/05/05 09:53:36.0235 3968 Mode: Manual;
2011/05/05 09:53:36.0235 3968 ================================================================================
2011/05/05 09:53:37.0988 3968 ACPI (192bdbd1540645c4a2aa69f24cce197f) C:\Windows\system32\drivers\acpi.sys
2011/05/05 09:53:38.0057 3968 adp94xx (2edc5bbac6c651ece337bde8ed97c9fb) C:\Windows\system32\drivers\adp94xx.sys
2011/05/05 09:53:38.0152 3968 adpahci (b84088ca3cdca97da44a984c6ce1ccad) C:\Windows\system32\drivers\adpahci.sys
2011/05/05 09:53:38.0219 3968 adpu160m (7880c67bccc27c86fd05aa2afb5ea469) C:\Windows\system32\drivers\adpu160m.sys
2011/05/05 09:53:38.0259 3968 adpu320 (9ae713f8e30efc2abccd84904333df4d) C:\Windows\system32\drivers\adpu320.sys
2011/05/05 09:53:38.0310 3968 AFD (5d24caf8efd924a875698ff28384db8b) C:\Windows\system32\drivers\afd.sys
2011/05/05 09:53:38.0387 3968 agp440 (ef23439cdd587f64c2c1b8825cead7d8) C:\Windows\system32\drivers\agp440.sys
2011/05/05 09:53:38.0424 3968 aic78xx (ae1fdf7bf7bb6c6a70f67699d880592a) C:\Windows\system32\drivers\djsvs.sys
2011/05/05 09:53:38.0456 3968 aliide (90395b64600ebb4552e26e178c94b2e4) C:\Windows\system32\drivers\aliide.sys
2011/05/05 09:53:38.0650 3968 amdagp (2b13e304c9dfdfa5eb582f6a149fa2c7) C:\Windows\system32\drivers\amdagp.sys
2011/05/05 09:53:38.0678 3968 amdide (0577df1d323fe75a739c787893d300ea) C:\Windows\system32\drivers\amdide.sys
2011/05/05 09:53:38.0757 3968 AmdK7 (dc487885bcef9f28eece6fac0e5ddfc5) C:\Windows\system32\drivers\amdk7.sys
2011/05/05 09:53:38.0793 3968 AmdK8 (0ca0071da4315b00fc1328ca86b425da) C:\Windows\system32\drivers\amdk8.sys
2011/05/05 09:53:38.0964 3968 arc (5f673180268bb1fdb69c99b6619fe379) C:\Windows\system32\drivers\arc.sys
2011/05/05 09:53:39.0017 3968 arcsas (957f7540b5e7f602e44648c7de5a1c05) C:\Windows\system32\drivers\arcsas.sys
2011/05/05 09:53:39.0053 3968 AsyncMac (e86cf7ce67d5de898f27ef884dc357d8) C:\Windows\system32\DRIVERS\asyncmac.sys
2011/05/05 09:53:39.0080 3968 atapi (4f4fcb8b6ea06784fb6d475b7ec7300f) C:\Windows\system32\drivers\atapi.sys
2011/05/05 09:53:39.0152 3968 AVerM115S (c4681614d490f83518d5c9bc5b66645f) C:\Windows\system32\DRIVERS\AVerM115S.sys
2011/05/05 09:53:39.0310 3968 Beep (ac3dd1708b22761ebd7cbe14dcc3b5d7) C:\Windows\system32\drivers\Beep.sys
2011/05/05 09:53:39.0463 3968 bowser (913cd06fbe9105ce6077e90fd4418561) C:\Windows\system32\DRIVERS\bowser.sys
2011/05/05 09:53:39.0537 3968 BrFiltLo (9f9acc7f7ccde8a15c282d3f88b43309) C:\Windows\system32\drivers\brfiltlo.sys
2011/05/05 09:53:39.0570 3968 BrFiltUp (56801ad62213a41f6497f96dee83755a) C:\Windows\system32\drivers\brfiltup.sys
2011/05/05 09:53:39.0685 3968 Brserid (b304e75cff293029eddf094246747113) C:\Windows\system32\drivers\brserid.sys
2011/05/05 09:53:39.0730 3968 BrSerWdm (203f0b1e73adadbbb7b7b1fabd901f6b) C:\Windows\system32\drivers\brserwdm.sys
2011/05/05 09:53:39.0792 3968 BrUsbMdm (bd456606156ba17e60a04e18016ae54b) C:\Windows\system32\drivers\brusbmdm.sys
2011/05/05 09:53:39.0819 3968 BrUsbSer (af72ed54503f717a43268b3cc5faec2e) C:\Windows\system32\drivers\brusbser.sys
2011/05/05 09:53:39.0870 3968 BTHMODEM (ad07c1ec6665b8b35741ab91200c6b68) C:\Windows\system32\drivers\bthmodem.sys
2011/05/05 09:53:40.0006 3968 BVRPMPR5 (582dab5108a2cd2e43c679f899a2d7ea) C:\Windows\system32\drivers\BVRPMPR5.SYS
2011/05/05 09:53:40.0062 3968 cdfs (6c3a437fc873c6f6a4fc620b6888cb86) C:\Windows\system32\DRIVERS\cdfs.sys
2011/05/05 09:53:40.0097 3968 cdrom (8d1866e61af096ae8b582454f5e4d303) C:\Windows\system32\DRIVERS\cdrom.sys
2011/05/05 09:53:40.0217 3968 circlass (da8e0afc7baa226c538ef53ac2f90897) C:\Windows\system32\drivers\circlass.sys
2011/05/05 09:53:40.0261 3968 CLFS (51b4b82560e49c415ae5b1337d635c3f) C:\Windows\system32\CLFS.sys
2011/05/05 09:53:40.0339 3968 cmdide (45201046c776ffdaf3fc8a0029c581c8) C:\Windows\system32\drivers\cmdide.sys
2011/05/05 09:53:40.0408 3968 Compbatt (82b8c91d327cfecf76cb58716f7d4997) C:\Windows\system32\drivers\compbatt.sys
2011/05/05 09:53:40.0504 3968 crcdisk (2a213ae086bbec5e937553c7d9a2b22c) C:\Windows\system32\drivers\crcdisk.sys
2011/05/05 09:53:40.0548 3968 Crusoe (22a7f883508176489f559ee745b5bf5d) C:\Windows\system32\drivers\crusoe.sys
2011/05/05 09:53:40.0696 3968 DfsC (a7179de59ae269ab70345527894ccd7c) C:\Windows\system32\Drivers\dfsc.sys
2011/05/05 09:53:40.0878 3968 disk (841af4c4d41d3e3b2f244e976b0f7963) C:\Windows\system32\drivers\disk.sys
2011/05/05 09:53:40.0999 3968 drmkaud (ee472cd2c01f6f8e8aa1fa06ffef61b6) C:\Windows\system32\drivers\drmkaud.sys
2011/05/05 09:53:41.0050 3968 DXGKrnl (f032a2f91287a0b800891c7bef9ca7a8) C:\Windows\System32\drivers\dxgkrnl.sys
2011/05/05 09:53:41.0105 3968 e1express (04944f4fc4f0477185f5d26ae0ddb90e) C:\Windows\system32\DRIVERS\e1e6032.sys
2011/05/05 09:53:41.0143 3968 E1G60 (f88fb26547fd2ce6d0a5af2985892c48) C:\Windows\system32\DRIVERS\E1G60I32.sys
2011/05/05 09:53:41.0306 3968 Ecache (0efc7531b936ee57fdb4e837664c509f) C:\Windows\system32\drivers\ecache.sys
2011/05/05 09:53:41.0399 3968 elxstor (e8f3f21a71720c84bcf423b80028359f) C:\Windows\system32\drivers\elxstor.sys
2011/05/05 09:53:41.0591 3968 fastfat (84a317cb0b3954d3768cdcd018dbf670) C:\Windows\system32\drivers\fastfat.sys
2011/05/05 09:53:41.0674 3968 fdc (63bdada84951b9c03e641800e176898a) C:\Windows\system32\DRIVERS\fdc.sys
2011/05/05 09:53:41.0739 3968 FileInfo (65773d6115c037ffd7ef8280ae85eb9d) C:\Windows\system32\drivers\fileinfo.sys
2011/05/05 09:53:41.0763 3968 Filetrace (c226dd0de060745f3e042f58dcf78402) C:\Windows\system32\drivers\filetrace.sys
2011/05/05 09:53:41.0810 3968 flpydisk (6603957eff5ec62d25075ea8ac27de68) C:\Windows\system32\DRIVERS\flpydisk.sys
2011/05/05 09:53:41.0852 3968 FltMgr (a6a8da7ae4d53394ab22ac3ab6d3f5d3) C:\Windows\system32\drivers\fltmgr.sys
2011/05/05 09:53:41.0885 3968 Fs_Rec (66a078591208baa210c7634b11eb392c) C:\Windows\system32\drivers\Fs_Rec.sys
2011/05/05 09:53:41.0940 3968 gagp30kx (4e1cd0a45c50a8882616cae5bf82f3c5) C:\Windows\system32\drivers\gagp30kx.sys
2011/05/05 09:53:42.0058 3968 GarenaPEngine (97590bdd20e90546045982f6ea24eb1e) C:\Users\adm\AppData\Local\Temp\ELA9043.tmp
2011/05/05 09:53:42.0151 3968 GEARAspiWDM (8182ff89c65e4d38b2de4bb0fb18564e) C:\Windows\system32\DRIVERS\GEARAspiWDM.sys
2011/05/05 09:53:42.0316 3968 hamachi (833051c6c6c42117191935f734cfbd97) C:\Windows\system32\DRIVERS\hamachi.sys
2011/05/05 09:53:42.0373 3968 HdAudAddService (cb04c744be0a61b1d648faed182c3b59) C:\Windows\system32\drivers\HdAudio.sys
2011/05/05 09:53:42.0403 3968 HDAudBus (0db613a7e427b5663563677796fd5258) C:\Windows\system32\DRIVERS\HDAudBus.sys
2011/05/05 09:53:42.0445 3968 HidBth (1338520e78d90154ed6be8f84de5fceb) C:\Windows\system32\drivers\hidbth.sys
2011/05/05 09:53:42.0502 3968 HidIr (ff3160c3a2445128c5a6d9b076da519e) C:\Windows\system32\drivers\hidir.sys
2011/05/05 09:53:42.0545 3968 HidUsb (3c64042b95e583b366ba4e5d2450235e) C:\Windows\system32\DRIVERS\hidusb.sys
2011/05/05 09:53:42.0603 3968 HpCISSs (df353b401001246853763c4b7aaa6f50) C:\Windows\system32\drivers\hpcisss.sys
2011/05/05 09:53:42.0680 3968 HTTP (f31d27ccf514549a17e79bebe01b40b6) C:\Windows\system32\drivers\HTTP.sys
2011/05/05 09:53:42.0744 3968 i2omp (324c2152ff2c61abae92d09f3cca4d63) C:\Windows\system32\drivers\i2omp.sys
2011/05/05 09:53:42.0826 3968 i8042prt (1060f1377f395a242e27719440ece602) C:\Windows\system32\DRIVERS\i8042prt.sys
2011/05/05 09:53:42.0872 3968 iaStorV (c957bf4b5d80b46c5017bf0101e6c906) C:\Windows\system32\drivers\iastorv.sys
2011/05/05 09:53:43.0111 3968 igfx (a9221d13d8f1f772010ee293ba9baeb7) C:\Windows\system32\DRIVERS\igdkmd32.sys
2011/05/05 09:53:43.0344 3968 iirsp (2d077bf86e843f901d8db709c95b49a5) C:\Windows\system32\drivers\iirsp.sys
2011/05/05 09:53:43.0464 3968 int15 (c6e5276c00ebdeb096bb5ef4b797d1b6) C:\Acer\Empowering Technology\eRecovery\int15.sys
2011/05/05 09:53:43.0667 3968 IntcAzAudAddService (75334eceef6f39eec569f2f445254eda) C:\Windows\system32\drivers\RTKVHDA.sys
2011/05/05 09:53:43.0819 3968 intelide (97469037714070e45194ed318d636401) C:\Windows\system32\drivers\intelide.sys
2011/05/05 09:53:43.0854 3968 intelppm (ce44cc04262f28216dd4341e9e36a16f) C:\Windows\system32\DRIVERS\intelppm.sys
2011/05/05 09:53:43.0920 3968 IpFilterDriver (880c6f86cc3f551b8fea2c11141268c0) C:\Windows\system32\DRIVERS\ipfltdrv.sys
2011/05/05 09:53:44.0023 3968 IPMIDRV (40f34f8aba2a015d780e4b09138b6c17) C:\Windows\system32\drivers\ipmidrv.sys
2011/05/05 09:53:44.0059 3968 IPNAT (10077c35845101548037df04fd1a420b) C:\Windows\system32\DRIVERS\ipnat.sys
2011/05/05 09:53:44.0098 3968 IRENUM (a82f328f4792304184642d6d397bb1e3) C:\Windows\system32\drivers\irenum.sys
2011/05/05 09:53:44.0163 3968 isapnp (350fca7e73cf65bcef43fae1e4e91293) C:\Windows\system32\drivers\isapnp.sys
2011/05/05 09:53:44.0209 3968 iScsiPrt (4dca456d4d5723f8fa9c6760d240b0df) C:\Windows\system32\DRIVERS\msiscsi.sys
2011/05/05 09:53:44.0261 3968 iteatapi (bced60d16156e428f8df8cf27b0df150) C:\Windows\system32\drivers\iteatapi.sys
2011/05/05 09:53:44.0304 3968 iteraid (06fa654504a498c30adca8bec4e87e7e) C:\Windows\system32\drivers\iteraid.sys
2011/05/05 09:53:44.0341 3968 kbdclass (1a48765f92ba1a88445fc25c9c9d94fc) C:\Windows\system32\DRIVERS\kbdclass.sys
2011/05/05 09:53:44.0375 3968 kbdhid (d2600cb17b7408b4a83f231dc9a11ac3) C:\Windows\system32\DRIVERS\kbdhid.sys
2011/05/05 09:53:44.0438 3968 KSecDD (11d0bc1f2afd8abbb5a3dc47a042de54) C:\Windows\system32\Drivers\ksecdd.sys
2011/05/05 09:53:44.0748 3968 lltdio (fd015b4f95daa2b712f0e372a116fbad) C:\Windows\system32\DRIVERS\lltdio.sys
2011/05/05 09:53:44.0889 3968 LSI_FC (a2262fb9f28935e862b4db46438c80d2) C:\Windows\system32\drivers\lsi_fc.sys
2011/05/05 09:53:44.0953 3968 LSI_SAS (30d73327d390f72a62f32c103daf1d6d) C:\Windows\system32\drivers\lsi_sas.sys
2011/05/05 09:53:45.0004 3968 LSI_SCSI (e1e36fefd45849a95f1ab81de0159fe3) C:\Windows\system32\drivers\lsi_scsi.sys
2011/05/05 09:53:45.0070 3968 luafv (42885bb44b6e065b8575a8dd6c430c52) C:\Windows\system32\drivers\luafv.sys
2011/05/05 09:53:45.0130 3968 megasas (d153b14fc6598eae8422a2037553adce) C:\Windows\system32\drivers\megasas.sys
2011/05/05 09:53:45.0182 3968 Modem (21755967298a46fb6adfec9db6012211) C:\Windows\system32\drivers\modem.sys
2011/05/05 09:53:45.0229 3968 monitor (ec839ba91e45cce6eadafc418fff8206) C:\Windows\system32\DRIVERS\monitor.sys
2011/05/05 09:53:45.0268 3968 mouclass (3c9469dfb3440555dab070716d768b1e) C:\Windows\system32\DRIVERS\mouclass.sys
2011/05/05 09:53:45.0294 3968 mouhid (a3a6dff7e9e757db3df51a833bc28885) C:\Windows\system32\DRIVERS\mouhid.sys
2011/05/05 09:53:45.0345 3968 MountMgr (01f1e5a3e4877c931cbb31613fec16a6) C:\Windows\system32\drivers\mountmgr.sys
2011/05/05 09:53:45.0412 3968 mpio (583a41f26278d9e0ea548163d6139397) C:\Windows\system32\drivers\mpio.sys
2011/05/05 09:53:45.0442 3968 mpsdrv (6e7a7f0c1193ee5648443fe2d4b789ec) C:\Windows\system32\drivers\mpsdrv.sys
2011/05/05 09:53:45.0480 3968 Mraid35x (4fbbb70d30fd20ec51f80061703b001e) C:\Windows\system32\drivers\mraid35x.sys
2011/05/05 09:53:45.0514 3968 MRxDAV (93224014a418b72356462b8f7de6e8c9) C:\Windows\system32\drivers\mrxdav.sys
2011/05/05 09:53:45.0564 3968 mrxsmb (fca7563d87f71c6db0182ca67cc19aa7) C:\Windows\system32\DRIVERS\mrxsmb.sys
2011/05/05 09:53:45.0591 3968 mrxsmb10 (58a9ab5754fa4cabede7401283b5a771) C:\Windows\system32\DRIVERS\mrxsmb10.sys
2011/05/05 09:53:45.0624 3968 mrxsmb20 (79b09504e4a790104683722cd04f76b4) C:\Windows\system32\DRIVERS\mrxsmb20.sys
2011/05/05 09:53:45.0676 3968 msahci (742aed7939e734c36b7e8d6228ce26b7) C:\Windows\system32\drivers\msahci.sys
2011/05/05 09:53:45.0735 3968 msdsm (3fc82a2ae4cc149165a94699183d3028) C:\Windows\system32\drivers\msdsm.sys
2011/05/05 09:53:45.0810 3968 Msfs (729eafefd4e7417165f353a18dbe947d) C:\Windows\system32\drivers\Msfs.sys
2011/05/05 09:53:45.0860 3968 msisadrv (5f454a16a5146cd91a176d70f0cfa3ec) C:\Windows\system32\drivers\msisadrv.sys
2011/05/05 09:53:45.0919 3968 MSKSSRV (892cedefa7e0ffe7be8da651b651d047) C:\Windows\system32\drivers\MSKSSRV.sys
2011/05/05 09:53:45.0962 3968 MSPCLOCK (ae2cb1da69b2676b4cee2a501af5871c) C:\Windows\system32\drivers\MSPCLOCK.sys
2011/05/05 09:53:45.0998 3968 MSPQM (f910da84fa90c44a3addb7cd874463fd) C:\Windows\system32\drivers\MSPQM.sys
2011/05/05 09:53:46.0054 3968 MsRPC (84571c0ae07647ba38d493f5f0015df7) C:\Windows\system32\drivers\MsRPC.sys
2011/05/05 09:53:46.0160 3968 mssmbios (4385c80ede885e25492d408cad91bd6f) C:\Windows\system32\DRIVERS\mssmbios.sys
2011/05/05 09:53:46.0191 3968 MSTEE (c826dd1373f38afd9ca46ec3c436a14e) C:\Windows\system32\drivers\MSTEE.sys
2011/05/05 09:53:46.0252 3968 Mup (fa7aa70050cf5e2d15de00941e5665e5) C:\Windows\system32\Drivers\mup.sys
2011/05/05 09:53:46.0333 3968 NativeWifiP (497de786240303ee67ab01f5690c24c2) C:\Windows\system32\DRIVERS\nwifi.sys
2011/05/05 09:53:46.0400 3968 NDIS (227c11e1e7cf6ef8afb2a238d209760c) C:\Windows\system32\drivers\ndis.sys
2011/05/05 09:53:46.0474 3968 NdisTapi (7584f1794b23b83d63cc124a8c56d103) C:\Windows\system32\DRIVERS\ndistapi.sys
2011/05/05 09:53:46.0503 3968 Ndisuio (5de5ee546bf40838ebe0e01cb629df64) C:\Windows\system32\DRIVERS\ndisuio.sys
2011/05/05 09:53:46.0581 3968 NdisWan (397402adcbb8946223a1950101f6cd94) C:\Windows\system32\DRIVERS\ndiswan.sys
2011/05/05 09:53:46.0681 3968 NDProxy (874c12e3ad1431cabc854697d302c563) C:\Windows\system32\drivers\NDProxy.sys
2011/05/05 09:53:46.0757 3968 NetBIOS (356dbb9f98e8dc1028dd3092fceeb877) C:\Windows\system32\DRIVERS\netbios.sys
2011/05/05 09:53:46.0802 3968 netbt (e3a168912e7eefc3bd3b814720d68b41) C:\Windows\system32\DRIVERS\netbt.sys
2011/05/05 09:53:46.0931 3968 netr73 (2dd6bb85c8bdae6116565ab5beca4f7c) C:\Windows\system32\DRIVERS\netr73.sys
2011/05/05 09:53:46.0997 3968 nfrd960 (2e7fb731d4790a1bc6270accefacb36e) C:\Windows\system32\drivers\nfrd960.sys
2011/05/05 09:53:47.0128 3968 NPF (d21fee8db254ba762656878168ac1db6) C:\Windows\system32\drivers\npf.sys
2011/05/05 09:53:47.0158 3968 Npfs (4f9832beb9fafd8ceb0e541f1323b26e) C:\Windows\system32\drivers\Npfs.sys
2011/05/05 09:53:47.0444 3968 nsiproxy (b488dfec274de1fc9d653870ef2587be) C:\Windows\system32\drivers\nsiproxy.sys
2011/05/05 09:53:47.0563 3968 Ntfs (3f379380a4a2637f559444e338cf1b51) C:\Windows\system32\drivers\Ntfs.sys
2011/05/05 09:53:47.0663 3968 NTIDrvr (7f1c1f78d709c4a54cbb46ede7e0b48d) C:\Windows\system32\DRIVERS\NTIDrvr.sys
2011/05/05 09:53:47.0694 3968 ntrigdigi (e875c093aec0c978a90f30c9e0dfbb72) C:\Windows\system32\drivers\ntrigdigi.sys
2011/05/05 09:53:47.0714 3968 Null (ec5efb3c60f1b624648344a328bce596) C:\Windows\system32\drivers\Null.sys
2011/05/05 09:53:47.0749 3968 nvraid (e69e946f80c1c31c53003bfbf50cbb7c) C:\Windows\system32\drivers\nvraid.sys
2011/05/05 09:53:47.0782 3968 nvstor (9e0ba19a28c498a6d323d065db76dffc) C:\Windows\system32\drivers\nvstor.sys
2011/05/05 09:53:47.0839 3968 nv_agp (07c186427eb8fcc3d8d7927187f260f7) C:\Windows\system32\drivers\nv_agp.sys
2011/05/05 09:53:47.0975 3968 ohci1394 (be32da025a0be1878f0ee8d6d9386cd5) C:\Windows\system32\DRIVERS\ohci1394.sys
2011/05/05 09:53:48.0015 3968 OmniTV (364377fabde4552f1a6dc32d77d4bc74) C:\Windows\system32\DRIVERS\OmniTV.sys
2011/05/05 09:53:48.0073 3968 Parport (0fa9b5055484649d63c303fe404e5f4d) C:\Windows\system32\drivers\parport.sys
2011/05/05 09:53:48.0105 3968 partmgr (555a5b2c8022983bc7467bc925b222ee) C:\Windows\system32\drivers\partmgr.sys
2011/05/05 09:53:48.0129 3968 Parvdm (4f9a6a8a31413180d0fcb279ad5d8112) C:\Windows\system32\drivers\parvdm.sys
2011/05/05 09:53:48.0162 3968 pci (1085d75657807e0e8b32f9e19a1647c3) C:\Windows\system32\drivers\pci.sys
2011/05/05 09:53:48.0215 3968 pciide (3b1901e401473e03eb8c874271e50c26) C:\Windows\system32\drivers\pciide.sys
2011/05/05 09:53:48.0261 3968 pcmcia (e6f3fb1b86aa519e7698ad05e58b04e5) C:\Windows\system32\drivers\pcmcia.sys
2011/05/05 09:53:48.0361 3968 pcouffin (5b6c11de7e839c05248ced8825470fef) C:\Windows\system32\Drivers\pcouffin.sys
2011/05/05 09:53:48.0460 3968 PCTCore (6ef125721a9f1f7dbf3229786f7decd0) C:\Windows\system32\drivers\PCTCore.sys
2011/05/05 09:53:48.0592 3968 pctDS (f820b4c61d1e591325b679d479d4eea4) C:\Windows\system32\drivers\pctDS.sys
2011/05/05 09:53:48.0659 3968 PEAUTH (6349f6ed9c623b44b52ea3c63c831a92) C:\Windows\system32\drivers\peauth.sys
2011/05/05 09:53:48.0828 3968 PptpMiniport (c04dec5ace67c5247b150c4223970bb7) C:\Windows\system32\DRIVERS\raspptp.sys
2011/05/05 09:53:48.0884 3968 Processor (0e3cef5d28b40cf273281d620c50700a) C:\Windows\system32\drivers\processr.sys
2011/05/05 09:53:48.0977 3968 PSched (b74edf14453c9987e99e66535047ebee) C:\Windows\system32\DRIVERS\pacer.sys
2011/05/05 09:53:49.0017 3968 PSDFilter (e801d5cc24e1cf18fa87d24d7074b876) C:\Windows\system32\DRIVERS\psdfilter.sys
2011/05/05 09:53:49.0036 3968 PSDNServ (24b5e3429f7f0e779fc2e6e36a0a5f73) C:\Windows\system32\drivers\PSDNServ.sys
2011/05/05 09:53:49.0073 3968 psdvdisk (01cbfd08c0e8a6106bb26fcda297154e) C:\Windows\system32\drivers\psdvdisk.sys
2011/05/05 09:53:49.0153 3968 ql2300 (ccdac889326317792480c0a67156a1ec) C:\Windows\system32\drivers\ql2300.sys
2011/05/05 09:53:49.0205 3968 ql40xx (81a7e5c076e59995d54bc1ed3a16e60b) C:\Windows\system32\drivers\ql40xx.sys
2011/05/05 09:53:49.0269 3968 QWAVEdrv (d2b3e2b7426dc23e185fbc73c8936c12) C:\Windows\system32\drivers\qwavedrv.sys
2011/05/05 09:53:49.0316 3968 RasAcd (bd7b30f55b3649506dd8b3d38f571d2a) C:\Windows\system32\DRIVERS\rasacd.sys
2011/05/05 09:53:49.0368 3968 Rasl2tp (68b0019fee429ec49d29017af937e482) C:\Windows\system32\DRIVERS\rasl2tp.sys
2011/05/05 09:53:49.0416 3968 RasPppoe (ccf4e9c6cbbac81437f88cb2ae0b6c96) C:\Windows\system32\DRIVERS\raspppoe.sys
2011/05/05 09:53:49.0456 3968 rdbss (54129c5d9581bbec8bd1ebd3ba813f47) C:\Windows\system32\DRIVERS\rdbss.sys
2011/05/05 09:53:49.0479 3968 RDPCDD (794585276b5d7fca9f3fc15543f9f0b9) C:\Windows\system32\DRIVERS\RDPCDD.sys
2011/05/05 09:53:49.0525 3968 rdpdr (e8bd98d46f2ed77132ba927fccb47d8b) C:\Windows\system32\drivers\rdpdr.sys
2011/05/05 09:53:49.0550 3968 RDPENCDD (980b56e2e273e19d3a9d72d5c420f008) C:\Windows\system32\drivers\rdpencdd.sys
2011/05/05 09:53:49.0586 3968 RDPWD (8830e790a74a96605faba74f9665bb3c) C:\Windows\system32\drivers\RDPWD.sys
2011/05/05 09:53:49.0689 3968 rspndr (97e939d2128fec5d5a3e6e79b290a2f4) C:\Windows\system32\DRIVERS\rspndr.sys
2011/05/05 09:53:49.0767 3968 RTL8187 (37027dcdccbcab0dd1cfd35d7643aac5) C:\Windows\system32\DRIVERS\wg111v2.sys
2011/05/05 09:53:49.0816 3968 sbp2port (f4cd2396b2ad37035a839b963b8cf56a) C:\Windows\system32\DRIVERS\sbp2port.sys
2011/05/05 09:53:49.0967 3968 SCMNdisP (3b68015683c27cb00c7a6b60a37cbcfd) C:\Windows\system32\DRIVERS\scmndisp.sys
2011/05/05 09:53:50.0149 3968 secdrv (90a3935d05b494a5a39d37e71f09a677) C:\Windows\system32\drivers\secdrv.sys
2011/05/05 09:53:50.0215 3968 Serenum (68e44e331d46f0fb38f0863a84cd1a31) C:\Windows\system32\drivers\serenum.sys
2011/05/05 09:53:50.0265 3968 Serial (c70d69a918b178d3c3b06339b40c2e1b) C:\Windows\system32\drivers\serial.sys
2011/05/05 09:53:50.0304 3968 sermouse (fd06895f55c0bec3cbd84bda14e1c6b7) C:\Windows\system32\drivers\sermouse.sys
2011/05/05 09:53:50.0388 3968 sffdisk (103b79418da647736ee95645f305f68a) C:\Windows\system32\drivers\sffdisk.sys
2011/05/05 09:53:50.0442 3968 sffp_mmc (8fd08a310645fe872eeec6e08c6bf3ee) C:\Windows\system32\drivers\sffp_mmc.sys
2011/05/05 09:53:50.0482 3968 sffp_sd (9cfa05fcfcb7124e69cfc812b72f9614) C:\Windows\system32\drivers\sffp_sd.sys
2011/05/05 09:53:50.0530 3968 sfloppy (46ed8e91793b2e6f848015445a0ac188) C:\Windows\system32\drivers\sfloppy.sys
2011/05/05 09:53:50.0598 3968 sisagp (d2a595d6eebeeaf4334f8e50efbc9931) C:\Windows\system32\drivers\sisagp.sys
2011/05/05 09:53:50.0627 3968 SiSRaid2 (cedd6f4e7d84e9f98b34b3fe988373aa) C:\Windows\system32\drivers\sisraid2.sys
2011/05/05 09:53:50.0656 3968 SiSRaid4 (df843c528c4f69d12ce41ce462e973a7) C:\Windows\system32\drivers\sisraid4.sys
2011/05/05 09:53:50.0766 3968 Smb (ac0d90738adb51a6fd12ff00874a2162) C:\Windows\system32\DRIVERS\smb.sys
2011/05/05 09:53:50.0909 3968 sony_ssm.sys (e260979edc537ff7f9fe01d78ae07667) C:\Users\adm\AppData\Local\Temp\sony_ssm.sys
2011/05/05 09:53:51.0016 3968 spldr (426f9b029aa9162ceccf65369457d046) C:\Windows\system32\drivers\spldr.sys
2011/05/05 09:53:51.0128 3968 sptd (71e276f6d189413266ea22171806597b) C:\Windows\System32\Drivers\sptd.sys
2011/05/05 09:53:51.0161 3968 srv (2c677528b24d64d22886ecbe5cd97f20) C:\Windows\system32\DRIVERS\srv.sys
2011/05/05 09:53:51.0182 3968 srv2 (382baf4dcbd7648ced6c64a8a1e335b2) C:\Windows\system32\DRIVERS\srv2.sys
2011/05/05 09:53:51.0202 3968 srvnet (f8e47a77e1690d8574962b69cb22beb3) C:\Windows\system32\DRIVERS\srvnet.sys
2011/05/05 09:53:51.0353 3968 swenum (1379bdb336f8158c176a465e30759f57) C:\Windows\system32\DRIVERS\swenum.sys
2011/05/05 09:53:51.0417 3968 Symc8xx (192aa3ac01df071b541094f251deed10) C:\Windows\system32\drivers\symc8xx.sys
2011/05/05 09:53:51.0455 3968 Sym_hi (8c8eb8c76736ebaf3b13b633b2e64125) C:\Windows\system32\drivers\sym_hi.sys
2011/05/05 09:53:51.0475 3968 Sym_u3 (8072af52b5fd103bbba387a1e49f62cb) C:\Windows\system32\drivers\sym_u3.sys
2011/05/05 09:53:51.0552 3968 taphss (0c3b2a9c4bd2dd9a6c2e4084314dd719) C:\Windows\system32\DRIVERS\taphss.sys
2011/05/05 09:53:51.0612 3968 Tcpip (d944522b048a5feb7700b5170d3d9423) C:\Windows\system32\drivers\tcpip.sys
2011/05/05 09:53:51.0702 3968 Tcpip6 (d944522b048a5feb7700b5170d3d9423) C:\Windows\system32\DRIVERS\tcpip.sys
2011/05/05 09:53:51.0735 3968 tcpipreg (5ce0c4a7b12d0067dad527d72b68c726) C:\Windows\system32\drivers\tcpipreg.sys
2011/05/05 09:53:51.0762 3968 TDPIPE (964248aef49c31fa6a93201a73ffaf50) C:\Windows\system32\drivers\tdpipe.sys
2011/05/05 09:53:51.0793 3968 TDTCP (7d2c1ae1648a60fce4aa0f7982e419d3) C:\Windows\system32\drivers\tdtcp.sys
2011/05/05 09:53:51.0811 3968 tdx (ab4fde8af4a0270a46a001c08cbce1c2) C:\Windows\system32\DRIVERS\tdx.sys
2011/05/05 09:53:51.0859 3968 TermDD (2c549bd9dd091fbfaa0a2a48e82ec2fb) C:\Windows\system32\DRIVERS\termdd.sys
2011/05/05 09:53:51.0941 3968 tssecsrv (29f0eca726f0d51f7e048bdb0b372f29) C:\Windows\system32\DRIVERS\tssecsrv.sys
2011/05/05 09:53:51.0985 3968 tunmp (a858917785681743c512950fdfa14db7) C:\Windows\system32\DRIVERS\tunmp.sys
2011/05/05 09:53:52.0010 3968 tunnel (29f1d1d888ee61d20d5662e72aa34129) C:\Windows\system32\DRIVERS\tunnel.sys
2011/05/05 09:53:52.0037 3968 uagp35 (c3ade15414120033a36c0f293d4a4121) C:\Windows\system32\drivers\uagp35.sys
2011/05/05 09:53:52.0066 3968 udfs (6348da98707ceda8a0dfb05820e17732) C:\Windows\system32\DRIVERS\udfs.sys
2011/05/05 09:53:52.0125 3968 uliagpkx (75e6890ebfce0841d3291b02e7a8bdb0) C:\Windows\system32\drivers\uliagpkx.sys
2011/05/05 09:53:52.0150 3968 uliahci (3cd4ea35a6221b85dcc25daa46313f8d) C:\Windows\system32\drivers\uliahci.sys
2011/05/05 09:53:52.0175 3968 UlSata (8514d0e5cd0534467c5fc61be94a569f) C:\Windows\system32\drivers\ulsata.sys
2011/05/05 09:53:52.0200 3968 ulsata2 (38c3c6e62b157a6bc46594fada45c62b) C:\Windows\system32\drivers\ulsata2.sys
2011/05/05 09:53:52.0250 3968 umbus (3fb78f1d1dd86d87bececd9dffa24dd9) C:\Windows\system32\DRIVERS\umbus.sys
2011/05/05 09:53:52.0318 3968 USBAAPL (1df89c499bf45d878b87ebd4421d462d) C:\Windows\system32\Drivers\usbaapl.sys
2011/05/05 09:53:52.0358 3968 usbaudio (f6bf998ae33e3fb6c7d27f0560f1173f) C:\Windows\system32\drivers\usbaudio.sys
2011/05/05 09:53:52.0412 3968 usbccgp (0916972fb98080355ac1e9a4f92183f7) C:\Windows\system32\DRIVERS\usbccgp.sys
2011/05/05 09:53:52.0433 3968 usbcir (e9476e6c486e76bc4898074768fb7131) C:\Windows\system32\drivers\usbcir.sys
2011/05/05 09:53:52.0463 3968 usbehci (fb50f987304f907a0103b14a5f2f2344) C:\Windows\system32\DRIVERS\usbehci.sys
2011/05/05 09:53:52.0498 3968 usbhub (16675ab7e199635086ab0556137371f5) C:\Windows\system32\DRIVERS\usbhub.sys
2011/05/05 09:53:52.0529 3968 usbohci (38dbc7dd6cc5a72011f187425384388b) C:\Windows\system32\drivers\usbohci.sys
2011/05/05 09:53:52.0547 3968 usbprint (b51e52acf758be00ef3a58ea452fe360) C:\Windows\system32\drivers\usbprint.sys
2011/05/05 09:53:52.0623 3968 USBSTOR (7887ce56934e7f104e98c975f47353c5) C:\Windows\system32\DRIVERS\USBSTOR.SYS
2011/05/05 09:53:52.0660 3968 usbuhci (165bb1f0801118dc86aa3fc87d3d101c) C:\Windows\system32\DRIVERS\usbuhci.sys
2011/05/05 09:53:52.0776 3968 vga (7d92be0028ecdedec74617009084b5ef) C:\Windows\system32\DRIVERS\vgapnp.sys
2011/05/05 09:53:52.0797 3968 VgaSave (17a8f877314e4067f8c8172cc6d9101c) C:\Windows\System32\drivers\vga.sys
2011/05/05 09:53:52.0821 3968 viaagp (045d9961e591cf0674a920b6ba3ba5cb) C:\Windows\system32\drivers\viaagp.sys
2011/05/05 09:53:52.0848 3968 ViaC7 (56a4de5f02f2e88182b0981119b4dd98) C:\Windows\system32\drivers\viac7.sys
2011/05/05 09:53:52.0873 3968 viaide (fd2e3175fcada350c7ab4521dca187ec) C:\Windows\system32\drivers\viaide.sys
2011/05/05 09:53:52.0897 3968 volmgr (103e84c95832d0ed93507997cc7b54e8) C:\Windows\system32\drivers\volmgr.sys
2011/05/05 09:53:52.0917 3968 volmgrx (294da8d3f965f6a8db934a83c7b461ff) C:\Windows\system32\drivers\volmgrx.sys
2011/05/05 09:53:52.0954 3968 volsnap (11ef6c1caef76b685233450a126125d6) C:\Windows\system32\drivers\volsnap.sys
2011/05/05 09:53:52.0993 3968 vsmraid (d984439746d42b30fc65a4c3546c6829) C:\Windows\system32\drivers\vsmraid.sys
2011/05/05 09:53:53.0097 3968 VX3000 (b763b9807e6927004916c999fdb44c77) C:\Windows\system32\DRIVERS\VX3000.sys
2011/05/05 09:53:53.0232 3968 WacomPen (48dfee8f1af7c8235d4e626f0c4fe031) C:\Windows\system32\drivers\wacompen.sys
2011/05/05 09:53:53.0252 3968 Wanarp (6e1a5be9a0605f3d932ff35fba2b22b3) C:\Windows\system32\DRIVERS\wanarp.sys
2011/05/05 09:53:53.0269 3968 Wanarpv6 (6e1a5be9a0605f3d932ff35fba2b22b3) C:\Windows\system32\DRIVERS\wanarp.sys
2011/05/05 09:53:53.0307 3968 Wd (afc5ad65b991c1e205cf25cfdbf7a6f4) C:\Windows\system32\drivers\wd.sys
2011/05/05 09:53:53.0346 3968 Wdf01000 (5dfdbd5ef13e4d95be6fc108e2ed4a67) C:\Windows\system32\drivers\Wdf01000.sys
2011/05/05 09:53:53.0493 3968 WmiAcpi (701a9f884a294327e9141d73746ee279) C:\Windows\system32\drivers\wmiacpi.sys
2011/05/05 09:53:53.0625 3968 WpdUsb (2d27171b16a577ef14c1273668753485) C:\Windows\system32\DRIVERS\wpdusb.sys
2011/05/05 09:53:53.0659 3968 ws2ifsl (84620aecdcfd2a7a14e6263927d8c0ed) C:\Windows\system32\drivers\ws2ifsl.sys
2011/05/05 09:53:53.0719 3968 WUDFRd (a2aafcc8a204736296d937c7c545b53f) C:\Windows\system32\DRIVERS\WUDFRd.sys
2011/05/05 09:53:54.0288 3968 \HardDisk0 - detected Rootkit.Win32.TDSS.tdl4 (0)
2011/05/05 09:53:54.0293 3968 ================================================================================
2011/05/05 09:53:54.0293 3968 Scan finished
2011/05/05 09:53:54.0293 3968 ================================================================================
2011/05/05 09:53:54.0304 4668 Detected object count: 1
2011/05/05 09:54:02.0288 4668 \HardDisk0 (Rootkit.Win32.TDSS.tdl4) - will be cured after reboot
2011/05/05 09:54:02.0288 4668 \HardDisk0 - ok
2011/05/05 09:54:02.0329 4668 Rootkit.Win32.TDSS.tdl4(\HardDisk0) - User select action: Cure
2011/05/05 09:54:05.0695 4256 Deinitialize success

#11 lamented2

lamented2
  • Topic Starter

  • Members
  • 19 posts
  • OFFLINE
  •  
  • Local time:05:31 AM

Posted 05 May 2011 - 07:45 PM

Here is the combofix log ST. Thanks for the ongoing support :)

ComboFix 11-05-05.01 - adm 06/05/2011 10:28:28.1.2 - x86
Microsoft® Windows Vista™ Home Premium 6.0.6000.0.1252.61.1033.18.2038.1110 [GMT 10:00]
Running from: c:\users\adm\Downloads\ComboFix.exe
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
C:\autorun.inf
C:\CFLog
c:\cflog\CrashLog_20101112.txt
c:\cflog\CrashLog_20101120.txt
c:\cflog\CrashLog_20101122.txt
c:\cflog\CrashLog_20101125.txt
c:\cflog\CrashLog_20101129.txt
c:\cflog\CrashLog_20101201.txt
c:\cflog\CrashLog_20110128.txt
c:\cflog\CrashLog_20110206.txt
c:\cflog\CrashLog_20110209.txt
c:\cflog\CrashLog_20110210.txt
c:\cflog\CrashLog_20110211.txt
c:\cflog\CrashLog_20110214.txt
c:\cflog\CrashLog_20110215.txt
c:\cflog\Utherverse VWW Client\alut.dll
c:\cflog\Utherverse VWW Client\artpclnt.dll
c:\cflog\Utherverse VWW Client\Branding\{481e6383-b7de-4333-a58f-51ad5be57b71}\appicon.ico
c:\cflog\Utherverse VWW Client\Branding\{481e6383-b7de-4333-a58f-51ad5be57b71}\brand.xml
c:\cflog\Utherverse VWW Client\Branding\{481e6383-b7de-4333-a58f-51ad5be57b71}\config.xml
c:\cflog\Utherverse VWW Client\Branding\{481e6383-b7de-4333-a58f-51ad5be57b71}\headerlogo.png
c:\cflog\Utherverse VWW Client\Branding\{481e6383-b7de-4333-a58f-51ad5be57b71}\LaunchOff.bmp
c:\cflog\Utherverse VWW Client\Branding\{481e6383-b7de-4333-a58f-51ad5be57b71}\LaunchOn.bmp
c:\cflog\Utherverse VWW Client\Branding\{481e6383-b7de-4333-a58f-51ad5be57b71}\license.rtf
c:\cflog\Utherverse VWW Client\Branding\{481e6383-b7de-4333-a58f-51ad5be57b71}\loading.png
c:\cflog\Utherverse VWW Client\Branding\{481e6383-b7de-4333-a58f-51ad5be57b71}\login.png
c:\cflog\Utherverse VWW Client\Branding\{481e6383-b7de-4333-a58f-51ad5be57b71}\patcher.bmp
c:\cflog\Utherverse VWW Client\Branding\{481e6383-b7de-4333-a58f-51ad5be57b71}\patchlang.xml
c:\cflog\Utherverse VWW Client\Branding\{481e6383-b7de-4333-a58f-51ad5be57b71}\RepairOff.bmp
c:\cflog\Utherverse VWW Client\Branding\{481e6383-b7de-4333-a58f-51ad5be57b71}\RepairOn.bmp
c:\cflog\Utherverse VWW Client\Branding\{481e6383-b7de-4333-a58f-51ad5be57b71}\splashscreen.png
c:\cflog\Utherverse VWW Client\Branding\{481e6383-b7de-4333-a58f-51ad5be57b71}\welcome.bmp
c:\cflog\Utherverse VWW Client\Branding\uninstall.ico
c:\cflog\Utherverse VWW Client\Branding\weblink.ico
c:\cflog\Utherverse VWW Client\cabarc.exe
c:\cflog\Utherverse VWW Client\config.xml
c:\cflog\Utherverse VWW Client\cshtpav5.dll
c:\cflog\Utherverse VWW Client\D3DX9_42.dll
c:\cflog\Utherverse VWW Client\granny2.dll
c:\cflog\Utherverse VWW Client\libsndfile-1.dll
c:\cflog\Utherverse VWW Client\ortp.dll
c:\cflog\Utherverse VWW Client\patch.xml
c:\cflog\Utherverse VWW Client\patchw32.dll
c:\cflog\Utherverse VWW Client\resources.7z
c:\cflog\Utherverse VWW Client\scpid.dll
c:\cflog\Utherverse VWW Client\Utherverse.exe
c:\cflog\Utherverse VWW Client\UtherversePatcher.exe
c:\cflog\Utherverse VWW Client\vivoxoal.dll
c:\cflog\Utherverse VWW Client\vivoxplatform.dll
c:\cflog\Utherverse VWW Client\vivoxsdk.dll
c:\cflog\Utherverse VWW Client\wrap_oal.dll
c:\cflog\Utherverse VWW Client\xmllite.dll
c:\cflog\Utherverse VWW Client\zlib.dll
c:\programdata\Tarma Installer
c:\programdata\Tarma Installer\{889DF117-14D1-44EE-9F31-C5FB5D47F68B}\_Setup.dll
c:\programdata\Tarma Installer\{889DF117-14D1-44EE-9F31-C5FB5D47F68B}\_Setupx.dll
c:\programdata\Tarma Installer\{889DF117-14D1-44EE-9F31-C5FB5D47F68B}\Setup.dat
c:\programdata\Tarma Installer\{889DF117-14D1-44EE-9F31-C5FB5D47F68B}\Setup.exe
c:\programdata\Tarma Installer\{889DF117-14D1-44EE-9F31-C5FB5D47F68B}\Setup.ico
c:\users\adm\AppData\Roaming\chrtmp
c:\users\adm\AppData\Roaming\inst.exe
c:\windows\system32\config\systemprofile\AppData\Local\tbw.exe
c:\windows\system32\drivers\npf.sys
c:\windows\system32\Packet.dll
c:\windows\system32\pthreadVC.dll
c:\windows\system32\wpcap.dll
c:\windows\Tasks\itmthacb.job
D:\autorun.inf
.
.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
-------\Legacy_NPF
-------\Service_NPF
.
.
((((((((((((((((((((((((( Files Created from 2011-04-06 to 2011-05-06 )))))))))))))))))))))))))))))))
.
.
2011-05-06 00:36 . 2011-05-06 00:36 -------- d-----w- c:\users\Default\AppData\Local\temp
2011-05-06 00:36 . 2011-05-06 00:38 -------- d-----w- c:\users\adm\AppData\Local\temp
2011-05-06 00:36 . 2011-05-06 00:36 -------- d-----w- c:\windows\system32\config\systemprofile\AppData\Local\temp
2011-05-05 10:42 . 2011-05-05 10:42 218688 ----a-w- c:\windows\system32\drivers\dtsoftbus01.sys
2011-05-05 10:41 . 2011-05-05 21:43 -------- d-----w- c:\users\adm\AppData\Roaming\DAEMON Tools Lite
2011-05-05 10:41 . 2011-05-05 10:41 -------- d-----w- c:\programdata\DAEMON Tools Lite
2011-04-29 23:16 . 2011-04-29 23:16 -------- d-----w- c:\program files\ESET
2011-04-29 11:57 . 2010-07-16 04:59 656320 ----a-w- c:\windows\system32\drivers\pctEFA.sys
2011-04-29 11:57 . 2010-07-16 04:59 338880 ----a-w- c:\windows\system32\drivers\pctDS.sys
2011-04-29 11:57 . 2010-11-17 00:19 249616 ----a-w- c:\windows\system32\drivers\pctgntdi.sys
2011-04-29 11:57 . 2010-11-17 00:19 102184 ----a-w- c:\windows\system32\drivers\pctwfpfilter.sys
2011-04-29 11:57 . 2010-11-25 00:53 160448 ----a-w- c:\windows\system32\drivers\PCTAppEvent.sys
2011-04-29 11:57 . 2010-11-25 00:43 239168 ----a-w- c:\windows\system32\drivers\PCTCore.sys
2011-04-29 11:57 . 2010-11-25 00:42 70536 ----a-w- c:\windows\system32\drivers\pctplsg.sys
2011-04-29 11:57 . 2011-04-29 23:37 -------- d-----w- c:\programdata\PC Tools
2011-04-29 11:57 . 2011-04-29 12:32 -------- d-----w- c:\program files\PC Tools Security
2011-04-29 11:57 . 2011-04-29 11:57 -------- d-----w- c:\program files\Common Files\PC Tools
2011-04-29 11:57 . 2011-04-29 11:57 -------- d-----w- c:\users\adm\AppData\Roaming\PC Tools
2011-04-29 09:24 . 2011-04-29 22:30 12872 ----a-w- c:\windows\system32\bootdelete.exe
2011-04-29 09:15 . 2011-04-29 22:07 16968 ----a-w- c:\windows\system32\drivers\hitmanpro35.sys
2011-04-29 09:14 . 2011-04-29 09:24 -------- d-----w- c:\programdata\Hitman Pro
2011-04-24 04:12 . 2011-04-30 02:01 -------- d-----w- c:\program files\Yitsoft Software
2011-04-23 06:53 . 2011-04-11 07:04 7071056 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{D6F592B8-5CF9-4D76-A076-9D40977E990D}\mpengine.dll
2011-04-10 09:45 . 2011-04-10 09:45 -------- d-----w- c:\users\adm\AppData\Roaming\LolClient
2011-04-10 09:24 . 2011-04-10 09:24 -------- d-----w- C:\Riot Games
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2011-02-25 09:45 . 2011-02-25 09:45 49472 ----a-w- c:\windows\system32\netfxperf.dll
2011-02-25 09:45 . 2011-02-25 09:45 297808 ----a-w- c:\windows\system32\mscoree.dll
2011-02-25 09:45 . 2011-02-25 09:45 1130824 ----a-w- c:\windows\system32\dfshim.dll
2011-02-25 09:45 . 2011-02-25 09:45 99176 ----a-w- c:\windows\system32\PresentationHostProxy.dll
2011-02-25 09:45 . 2011-02-25 09:45 295264 ----a-w- c:\windows\system32\PresentationHost.exe
2007-01-05 20:09 . 2007-01-05 20:09 208896 ----a-w- c:\program files\Common Files\VistaRunApp.exe
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{389943B0-C3A2-4E69-82CB-8596A84CB3DC}]
.
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{FF6C3CF0-4B15-11D1-ABED-709549C10000}]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\2TortoiseModified]
@="{C5994561-53D9-4125-87C9-F193FC689CB2}"
[HKEY_CLASSES_ROOT\CLSID\{C5994561-53D9-4125-87C9-F193FC689CB2}]
2009-06-05 08:01 85712 ----a-w- c:\program files\Common Files\TortoiseOverlays\TortoiseOverlays.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\3TortoiseConflict]
@="{C5994562-53D9-4125-87C9-F193FC689CB2}"
[HKEY_CLASSES_ROOT\CLSID\{C5994562-53D9-4125-87C9-F193FC689CB2}]
2009-06-05 08:01 85712 ----a-w- c:\program files\Common Files\TortoiseOverlays\TortoiseOverlays.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\4TortoiseLocked]
@="{C5994563-53D9-4125-87C9-F193FC689CB2}"
[HKEY_CLASSES_ROOT\CLSID\{C5994563-53D9-4125-87C9-F193FC689CB2}]
2009-06-05 08:01 85712 ----a-w- c:\program files\Common Files\TortoiseOverlays\TortoiseOverlays.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\5TortoiseReadOnly]
@="{C5994564-53D9-4125-87C9-F193FC689CB2}"
[HKEY_CLASSES_ROOT\CLSID\{C5994564-53D9-4125-87C9-F193FC689CB2}]
2009-06-05 08:01 85712 ----a-w- c:\program files\Common Files\TortoiseOverlays\TortoiseOverlays.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\6TortoiseDeleted]
@="{C5994565-53D9-4125-87C9-F193FC689CB2}"
[HKEY_CLASSES_ROOT\CLSID\{C5994565-53D9-4125-87C9-F193FC689CB2}]
2009-06-05 08:01 85712 ----a-w- c:\program files\Common Files\TortoiseOverlays\TortoiseOverlays.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\7TortoiseAdded]
@="{C5994566-53D9-4125-87C9-F193FC689CB2}"
[HKEY_CLASSES_ROOT\CLSID\{C5994566-53D9-4125-87C9-F193FC689CB2}]
2009-06-05 08:01 85712 ----a-w- c:\program files\Common Files\TortoiseOverlays\TortoiseOverlays.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\8TortoiseIgnored]
@="{C5994567-53D9-4125-87C9-F193FC689CB2}"
[HKEY_CLASSES_ROOT\CLSID\{C5994567-53D9-4125-87C9-F193FC689CB2}]
2009-06-05 08:01 85712 ----a-w- c:\program files\Common Files\TortoiseOverlays\TortoiseOverlays.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\9TortoiseUnversioned]
@="{C5994568-53D9-4125-87C9-F193FC689CB2}"
[HKEY_CLASSES_ROOT\CLSID\{C5994568-53D9-4125-87C9-F193FC689CB2}]
2009-06-05 08:01 85712 ----a-w- c:\program files\Common Files\TortoiseOverlays\TortoiseOverlays.dll
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2006-11-02 1196032]
"ehTray.exe"="c:\windows\ehome\ehTray.exe" [2006-11-02 125440]
"BitTorrent DNA"="c:\program files\DNA\btdna.exe" [2009-10-06 323392]
"msnmsgr"="c:\program files\Windows Live\Messenger\msnmsgr.exe" [2010-04-16 3872080]
"DownloadAccelerator"="c:\program files\DAP\DAP.EXE" [2010-11-10 2836656]
"WMPNSCFG"="c:\program files\Windows Media Player\WMPNSCFG.exe" [2006-11-02 201728]
"DAEMON Tools Lite"="c:\program files\DAEMON Tools Lite\DTLite.exe" [2011-01-20 1305408]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"RtHDVCpl"="RtHDVCpl.exe" [2007-06-20 4493312]
"PCMMediaSharing"="c:\program files\Acer Arcade Live\Acer HomeMedia Connect\Kernel\DMS\PCMMediaSharing.exe" [2007-06-22 204908]
"Acer Empowering Technology Monitor"="c:\acer\Empowering Technology\SysMonitor.exe" [2007-07-31 326176]
"eDataSecurity Loader"="c:\acer\Empowering Technology\eDataSecurity\eDSloader.exe" [2007-04-25 457216]
"Acer Tour Reminder"="c:\acer\AcerTour\Reminder.exe" [2007-05-22 151552]
"VX3000"="c:\windows\vVX3000.exe" [2009-07-24 762208]
"LifeCam"="c:\program files\Microsoft LifeCam\LifeExp.exe" [2009-07-24 118640]
"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2009-11-10 417792]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2009-11-12 141600]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2010-05-14 248552]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2009-02-26 141848]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2009-02-26 173592]
"Persistence"="c:\windows\system32\igfxpers.exe" [2009-02-26 150552]
.
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"Acer Tour Reminder"="c:\acer\AcerTour\Reminder.exe" [2007-05-22 151552]
"msnmsgr"="c:\program files\Windows Live\Messenger\msnmsgr.exe" [2010-04-16 3872080]
"ctfmon.exe"="c:\windows\system32\ctfmon.exe" [2006-11-02 8704]
.
c:\users\adm\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
OneNote 2007 Screen Clipper and Launcher.lnk - c:\program files\Microsoft Office\Office12\ONENOTEM.EXE [2006-10-27 98632]
.
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
NETGEAR WG111v2 Smart Wizard..lnk - c:\program files\Common Files\VistaRunApp.exe [2007-1-6 208896]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableLUA"= 0 (0x0)
.
[HKEY_USERS\.default\software\microsoft\windows\currentversion\policies\explorer]
"HideSCAHealth"= 1 (0x1)
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring]
"DisableMonitoring"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
"DisableMonitoring"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
"DisableMonitoring"=dword:00000001
.
R3 ALSysIO;ALSysIO;c:\users\adm\AppData\Local\Temp\ALSysIO.sys [x]
R3 apf001;apf001;c:\program files\Softnyx\RakionIS\Bin\apf001.sys [x]
R3 AVerM115S;AVerM115S service;c:\windows\system32\DRIVERS\AVerM115S.sys [2006-08-03 856832]
R3 GarenaPEngine;GarenaPEngine;c:\users\adm\AppData\Local\Temp\ELA9043.tmp [x]
R3 GGSAFERDriver;GGSAFER Driver;c:\program files\Garena\safedrv.sys [x]
R3 netr73;RT73 USB Wireless LAN Card Driver for Vista;c:\windows\system32\DRIVERS\netr73.sys [2006-09-29 247808]
R3 Normandy;Normandy SR2; [x]
R3 npggsvc;nProtect GameGuard Service;c:\windows\system32\GameMon.des [2009-10-28 3407292]
R3 npkycryp;npkycryp;c:\users\adm\Desktop\MapleStory\npkycryp.sys [x]
R3 RTL8187;NETGEAR WG111v2 54Mbps Wireless USB 2.0 Adapter Vista Driver;c:\windows\system32\DRIVERS\wg111v2.sys [2007-02-09 213216]
R3 sdAuxService;PC Tools Auxiliary Service;c:\program files\PC Tools Security\pctsAuxs.exe [2010-03-15 366840]
R3 XDva189;XDva189;c:\windows\system32\XDva189.sys [x]
R3 XDva224;XDva224;c:\windows\system32\XDva224.sys [x]
R3 XDva252;XDva252;c:\windows\system32\XDva252.sys [x]
R3 XDva374;XDva374;c:\windows\system32\XDva374.sys [x]
R3 XDva375;XDva375;c:\windows\system32\XDva375.sys [x]
R3 XDva377;XDva377;c:\windows\system32\XDva377.sys [x]
R3 XDva379;XDva379;c:\windows\system32\XDva379.sys [x]
R3 XDva382;XDva382;c:\windows\system32\XDva382.sys [x]
R3 XDva383;XDva383;c:\windows\system32\XDva383.sys [x]
R3 XDva384;XDva384;c:\windows\system32\XDva384.sys [x]
R3 XDva385;XDva385;c:\windows\system32\XDva385.sys [x]
R4 sptd;sptd;c:\windows\System32\Drivers\sptd.sys [2008-09-24 717296]
S0 PCTCore;PCTools KDS;c:\windows\system32\drivers\PCTCore.sys [2010-11-25 239168]
S0 pctDS;PC Tools Data Store;c:\windows\system32\drivers\pctDS.sys [2010-07-16 338880]
S0 SCMNdisP;General NDIS Protocol Driver;c:\windows\system32\DRIVERS\scmndisp.sys [2007-01-18 21728]
S1 dtsoftbus01;DAEMON Tools Virtual Bus Driver;c:\windows\system32\DRIVERS\dtsoftbus01.sys [2011-05-05 218688]
S2 Acer HomeMedia Connect Service;Acer HomeMedia Connect Service;c:\program files\Acer Arcade Live\Acer HomeMedia Connect\Kernel\DMS\CLMSServer.exe [2007-06-22 269448]
S2 Acer TV Share Service;Acer TV Share Service;c:\program files\Acer Arcade Live\Acer TV Share\Kernel\DMSTV\CLMSServer.exe [2007-06-21 269432]
S3 OmniTV;Cx2388x AvStream Video Capture;c:\windows\system32\DRIVERS\OmniTV.sys [2007-04-25 221184]
.
.
Contents of the 'Scheduled Tasks' folder
.
2011-05-05 c:\windows\Tasks\User_Feed_Synchronization-{A1E20C11-1CCE-4470-974A-A981E0E3CE6E}.job
- c:\windows\system32\msfeedssync.exe [2006-11-02 09:45]
.
.
------- Supplementary Scan -------
.
uInternet Settings,ProxyOverride = <local>
IE: &Download with &DAP - c:\program files\DAP\dapextie.htm
IE: Download &all with DAP - c:\program files\DAP\dapextie2.htm
Name-Space Handler: ftp\ZDA - {5BFA1DAF-5EDC-11D2-959E-00C00C02DA5E} - c:\progra~1\DAP\dapie.dll
Name-Space Handler: http\ZDA - {5BFA1DAF-5EDC-11D2-959E-00C00C02DA5E} - c:\progra~1\DAP\dapie.dll
FF - ProfilePath - c:\users\adm\AppData\Roaming\Mozilla\Firefox\Profiles\bznzrj17.default\
FF - prefs.js: browser.startup.homepage - hxxp://www.google.com.au/
FF - prefs.js: network.proxy.type - 0
FF - Ext: Default: {972ce4c6-7e08-4474-a285-3208198ce6fd} - c:\program files\Mozilla Firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
FF - Ext: Download Accelerator Plus (DAP) extension: {F17C1572-C9EC-4e5c-A542-D05CBB5C5A08} - c:\program files\DAP\DAPFireFox
FF - Ext: Net Usage Item: {DA1B0AB5-7DD3-4066-BC2A-64AABBDD0A8B} - %profile%\extensions\{DA1B0AB5-7DD3-4066-BC2A-64AABBDD0A8B}
.
- - - - ORPHANS REMOVED - - - -
.
WebBrowser-{CCC7A320-B3CA-4199-B1A6-9F516DD69829} - (no file)
WebBrowser-{9565115D-C7D6-46D3-BD63-B67B481A4368} - (no file)
ShellIconOverlayIdentifiers-{C5994560-53D9-4125-87C9-F193FC689CB2} - c:\windows\system32\486s4.dll
.
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2011-05-06 10:40
Windows 6.0.6000 NTFS
.
scanning hidden processes ...
.
scanning hidden autostart entries ...
.
scanning hidden files ...
.
scan completed successfully
hidden files: 0
.
**************************************************************************
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\GarenaPEngine]
"ImagePath"="\??\c:\users\adm\AppData\Local\Temp\ELA9043.tmp"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\MsNet]
"ImagePath"="c:\windows\Fonts\font.bat"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\npggsvc]
"ImagePath"="c:\windows\system32\GameMon.des -service"
.
--------------------- DLLs Loaded Under Running Processes ---------------------
.
- - - - - - - > 'Explorer.exe'(6012)
c:\windows\system32\MsnChatHook.dll
c:\windows\system32\ShowErrMsg.dll
c:\windows\system32\sysenv.dll
c:\windows\system32\BatchCrypto.dll
c:\windows\system32\CryptoAPI.dll
c:\windows\system32\keyManager.dll
c:\program files\Common Files\TortoiseOverlays\TortoiseOverlays.dll
c:\program files\TortoiseSVN\bin\TortoiseStub.dll
c:\program files\TortoiseSVN\bin\TortoiseSVN.dll
c:\program files\TortoiseSVN\bin\intl3_tsvn.dll
.
------------------------ Other Running Processes ------------------------
.
c:\acer\Empowering Technology\ePerformance\MemCheck.exe
c:\program files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
c:\program files\Bonjour\mDNSResponder.exe
c:\acer\Empowering Technology\eDataSecurity\eDSService.exe
c:\program files\Common Files\LightScribe\LSSrvc.exe
c:\program files\Microsoft LifeCam\MSCamS32.exe
c:\program files\CyberLink\Shared Files\RichVideo.exe
c:\program files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
c:\windows\system32\UAService7.exe
c:\acer\Empowering Technology\eRecovery\eRecoveryService.exe
c:\windows\system32\WUDFHost.exe
c:\windows\RtHDVCpl.exe
c:\program files\TortoiseSVN\bin\TSVNCache.exe
c:\windows\system32\igfxsrvc.exe
c:\windows\ehome\ehmsas.exe
c:\program files\Windows Media Player\wmpnetwk.exe
c:\program files\iPod\bin\iPodService.exe
c:\windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
c:\\?\c:\windows\system32\wbem\WMIADAP.EXE
.
**************************************************************************
.
Completion time: 2011-05-06 10:43:43 - machine was rebooted
ComboFix-quarantined-files.txt 2011-05-06 00:43
.
Pre-Run: 68,456,484,864 bytes free
Post-Run: 68,424,380,416 bytes free
.
- - End Of File - - A192E3DDC8ECD1BF88122747B4D1804C

#12 SweetTech

SweetTech

    Agent ST


  • Members
  • 13,421 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Antarctica
  • Local time:06:31 AM

Posted 06 May 2011 - 10:32 AM

Hi!

How are things currently running?

The main infection that you were infected with is called TDL4.

See the snippet of text below:

2011/05/05 09:53:54.0304 4668 Detected object count: 1
2011/05/05 09:54:02.0288 4668 \HardDisk0 (Rootkit.Win32.TDSS.tdl4) - will be cured after reboot
2011/05/05 09:54:02.0288 4668 \HardDisk0 - ok
2011/05/05 09:54:02.0329 4668 Rootkit.Win32.TDSS.tdl4(\HardDisk0) - User select action: Cure
2011/05/05 09:54:05.0695 4256 Deinitialize success


You can read more about this infection here:

Special thanks to quietman7 for providing the above links.



NEXT:



Malwarebytes' Anti-Malware

I see that you have Malwarebytes' Anti-Malware installed on your computer could you please do a scan using these settings:

  • Open Malwarebytes' Anti-Malware
  • Select the Update tab
  • Click Check for Updates
  • After the update have been completed, Select the Scanner tab.
  • Select Perform quick scan, then click on Scan
  • Leave the default options as it is and click on Start Scan
  • When done, you will be prompted. Click OK, then click on Show Results
  • Checked (ticked) all items and click on Remove Selected
  • After it has removed the items, Notepad will open. Please post this log in your next reply. You can also find the log in the Logs tab. The bottom most log is the latest
Extra Note: If MBAM encounters a file that is difficult to remove, you will be presented with 1 of 2 prompts, click OK to either and let MBAM proceed with the disinfection process, if asked to restart the computer, please do so immediately.



NEXT:



ESET Online Scanner
I'd like us to scan your machine with ESET Online Scan

Note: It is recommended to disable on-board anti-virus program and anti-spyware programs while performing scans so there are no conflicts and it will speed up scan time.
Please don't go surfing while your resident protection is disabled!
Once the scan is finished remember to re-enable your anti-virus along with your anti-spyware programs.



  • Hold down Control and click on the following link to open ESET OnlineScan in a new window.
    ESET OnlineScan
  • Click the Posted Image button.
  • For alternate browsers only: (Microsoft Internet Explorer users can skip these steps)
    • Click on Posted Image to download the ESET Smart Installer. Save it to your desktop.
    • Double click on the Posted Image icon on your desktop.
  • Check Posted Image
  • Click the Posted Image button.
  • Accept any security warnings from your browser.
  • Check Posted Image
  • Make sure that the option "Remove found threats" is Unchecked
  • When the Computer scan settings display shows, click the Advanced option, the place a check next to the following (if it is not already checked):
    • Enable Anti-Stealth technology
  • Push the Start button.
  • ESET will then download updates for itself, install itself, and begin
    scanning your computer. Please be patient as this can take some time.
  • When the scan completes, push Posted Image
  • Push Posted Image, and save the file to your desktop using a unique name, such as
    ESETScan. Include the contents of this report in your next reply.
  • Push the Posted Image button.
  • Push Posted Image


NEXT:



Security Check
Download Security Check by screen317 from here or here.
  • Save it to your Desktop.
  • Double click SecurityCheck.exe and follow the onscreen instructions inside of the black box.
  • A Notepad document should open automatically called checkup.txt; please post the contents of that document.

Have I helped you? If you'd like to assist in the fight against malware, click here Posted Image


The instructions seen in this post have been specifically tailored to this user and the issues they are experiencing with their computer. If you think you have a similar problem, please first read this topic, and then begin your own, new thread. I do not offer private support via Private Message.


#13 lamented2

lamented2
  • Topic Starter

  • Members
  • 19 posts
  • OFFLINE
  •  
  • Local time:05:31 AM

Posted 06 May 2011 - 05:00 PM

Things are running really well. Mozilla hangs a little sometimes but i think that's my computer's fault.

Here is the MBAM log.
Malwarebytes' Anti-Malware 1.50.1.1100
www.malwarebytes.org

Database version: 6522

Windows 6.0.6000
Internet Explorer 7.0.6000.16473

7/05/2011 7:58:38 AM
mbam-log-2011-05-07 (07-58-38).txt

Scan type: Quick scan
Objects scanned: 158145
Time elapsed: 4 minute(s), 58 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 0

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
(No malicious items detected)





Here is the "SecurityCheck" checkup.txt

Results of screen317's Security Check version 0.99.10
Windows Vista (UAC is disabled!)
Out of date service pack!!
Internet Explorer 7 Out of date!
``````````````````````````````
Antivirus/Firewall Check:

Windows Firewall Enabled!
ESET Online Scanner v3
WMI entry may not exist for antivirus; attempting automatic update.
```````````````````````````````
Anti-malware/Other Utilities Check:

Malwarebytes' Anti-Malware
Mozilla Firefox (3.6.17) Firefox Out of Date!
````````````````````````````````
Process Check:
objlist.exe by Laurent

Malwarebytes' Anti-Malware mbam.exe
ESET ESET Online Scanner OnlineScannerApp.exe
``````````End of Log````````````



ESET log will be coming very soon when it completes. So far computer is running sweetly again :)

#14 SweetTech

SweetTech

    Agent ST


  • Members
  • 13,421 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Antarctica
  • Local time:06:31 AM

Posted 06 May 2011 - 06:12 PM

Hi!

I'll await your response with the ESET log.

We will still have some work to do.

Have I helped you? If you'd like to assist in the fight against malware, click here Posted Image


The instructions seen in this post have been specifically tailored to this user and the issues they are experiencing with their computer. If you think you have a similar problem, please first read this topic, and then begin your own, new thread. I do not offer private support via Private Message.


#15 lamented2

lamented2
  • Topic Starter

  • Members
  • 19 posts
  • OFFLINE
  •  
  • Local time:05:31 AM

Posted 06 May 2011 - 06:40 PM

Multiple threats found on the ESET scan. Most of which are so called "hacks" for gaming which i can easily remove. Please advise for next step.

C:\Qoobox\Quarantine\C\autorun.inf.vir INF/Autorun virus
C:\Qoobox\Quarantine\C\Windows\System32\config\systemprofile\AppData\Local\tbw.exe.vir a variant of Win32/Injector.GBW trojan
C:\Qoobox\Quarantine\D\autorun.inf.vir INF/Autorun virus
C:\Users\adm\AppData\Local\VirtualStore\Windows\System32\wincsg32.rom Win32/TrojanDownloader.Small.OCS trojan
C:\Users\adm\Downloads\MsgPlusLive-480.exe a variant of Win32/MessengerPlus application
C:\Users\adm\Downloads\runeland.zip Java/IRCBot.A trojan
C:\Users\adm\Downloads\TrainerPublicGISv4.28GamerzAimPro.rar probably a variant of Win32/Obfuscated.HADTSBR trojan
C:\Windows\System32\config\systemprofile\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\18\46067112-5fc1e3f6 a variant of Win32/Injector.GBW trojan
C:\Windows\System32\config\systemprofile\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\2\6f74e142-429d2eca Java/TrojanDownloader.OpenStream.NBV trojan
C:\Windows\System32\config\systemprofile\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\27\4d01e0db-60cbd41e a variant of Win32/Kryptik.NHT trojan
C:\Windows\System32\config\systemprofile\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\3\465c2a43-3cb26434 multiple threats
C:\Windows\System32\config\systemprofile\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\34\3244ae2-24e11508 a variant of Win32/Kryptik.NHH trojan
C:\Windows\System32\config\systemprofile\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\4\7c6df484-71f1428e Win32/Spy.SpyEye.CA trojan
C:\Windows\System32\config\systemprofile\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\44\1e8e536c-115b2a02 a variant of Java/TrojanDownloader.OpenStream.NBV trojan
C:\Windows\System32\config\systemprofile\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\44\1e8e536c-187ccff3 a variant of Java/TrojanDownloader.OpenStream.NBV trojan
C:\Windows\System32\config\systemprofile\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\44\1e8e536c-2d5bd4ae a variant of Java/TrojanDownloader.OpenStream.NBV trojan
C:\Windows\System32\config\systemprofile\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\44\1e8e536c-59d7bca9 a variant of Java/TrojanDownloader.OpenStream.NBV trojan
C:\Windows\System32\config\systemprofile\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\44\1e8e536c-5c1fbaae a variant of Java/TrojanDownloader.OpenStream.NBV trojan
C:\Windows\System32\config\systemprofile\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\44\1e8e536c-7ecf93db a variant of Java/TrojanDownloader.OpenStream.NBV trojan
C:\Windows\System32\config\systemprofile\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\48\2c92b7b0-74170d79 a variant of Win32/Kryptik.NCU trojan
C:\Windows\System32\config\systemprofile\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\55\9f3c877-5ce4e08e multiple threats
D:\My DAP Downloads\AntiSpyWareSetup.exe.dap a variant of Win32/Kryptik.BOG trojan
D:\My DAP Downloads\AntiSpyWareSetup_1.exe.dap a variant of Win32/Kryptik.BOG trojan
D:\My DAP Downloads\AresHack.rar probably a variant of Win32/Delf.NFDMPOQ trojan
D:\My DAP Downloads\Ares_Hack_0217.rar probably a variant of Win32/Delf.NGTDSTL trojan
D:\My DAP Downloads\download_1.php.dap a variant of Win32/Kryptik.BOG trojan
D:\My DAP Downloads\HSS-1.56-install-anchorfree-76-conduit.exe a variant of Win32/HotSpotShield application
D:\My DAP Downloads\MsgPlusLive-490.exe a variant of Win32/MessengerPlus application
D:\My DAP Downloads\[.[.AresHack.rar probably a variant of Win32/Delf.NFDMPOQ trojan
D:\_OTL\MovedFiles\05062011_095133\C_Windows\System32\486s4.dll a variant of Win32/Kryptik.NHH trojan
D:\_OTL\MovedFiles\05062011_095133\C_Windows\System32\config\systemprofile\AppData\Local\ies.exe a variant of Win32/Kryptik.NHH trojan

Edited by lamented2, 06 May 2011 - 06:41 PM.





0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users