Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Redirect/Script infection


  • This topic is locked This topic is locked
19 replies to this topic

#1 jcalvert86

jcalvert86

  • Members
  • 10 posts
  • OFFLINE
  •  
  • Local time:10:34 AM

Posted 09 May 2011 - 02:25 AM

Upon booting I typically get a "script error" that appears to be a script to redirect to a random webpage. Also, while using both IE9 and Firefox, my searches etc are redirected.


.
DDS (Ver_11-03-05.01) - NTFSx86
Run by Josh at 2:17:37.11 on Mon 05/09/2011
Internet Explorer: 9.0.8112.16421 BrowserJavaVersion: 1.6.0_25
Microsoft Windows 7 Professional 6.1.7601.1.1252.1.1033.18.2046.962 [GMT -5:00]
.
AV: Microsoft Security Essentials *Disabled/Updated* {108DAC43-C256-20B7-BB05-914135DA5160}
SP: Microsoft Security Essentials *Disabled/Updated* {ABEC4DA7-E46C-2F39-81B5-AA334E5D1BDD}
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
============== Running Processes ===============
.
C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\nvvsvc.exe
C:\Windows\system32\svchost.exe -k RPCSS
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Program Files\Common Files\logishrd\LVMVFM\UMVPFSrv.exe
C:\Program Files\Creative\Shared Files\CTAudSvc.exe
C:\Windows\system32\svchost.exe -k LocalService
C:\Program Files\NVIDIA Corporation\Display\NvXDSync.exe
C:\Windows\system32\nvvsvc.exe
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Program Files\Canon\IJPLM\IJPLMSVC.EXE
C:\Program Files\Common Files\Logishrd\LVMVFM\LVPrcSrv.exe
C:\Windows\system32\svchost.exe -k imgsvc
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Program Files\Creative\Sound Blaster X-Fi Surround 5.1\Volume Panel\VolPanlu.exe
C:\Windows\System32\rundll32.exe
C:\Program Files\Canon\MyPrinter\BJMYPRT.EXE
C:\Program Files\Razer\Reclusa\razerhid.exe
C:\Program Files\Adobe\Reader 9.0\Reader\reader_sl.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Razer\Reclusa\razertra.exe
C:\Program Files\Microsoft IntelliPoint\ipoint.exe
C:\Program Files\Common Files\Java\Java Update\jusched.exe
C:\Program Files\Microsoft IntelliPoint\dpupdchk.exe
C:\Program Files\Logitech\Vid HD\Vid.exe
C:\Program Files\MagicDisc\MagicDisc.exe
C:\Windows\System32\svchost.exe -k secsvcs
C:\Windows\system32\SearchIndexer.exe
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Windows\system32\SearchProtocolHost.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Windows\System32\svchost.exe -k LocalServicePeerNet
C:\Windows\system32\wbem\wmiprvse.exe
C:\Users\Josh\Desktop\dds.scr
C:\Windows\system32\conhost.exe
C:\Windows\system32\wbem\wmiprvse.exe
.
============== Pseudo HJT Report ===============
.
uStart Page = hxxp://www.yahoo.com/
uInternet Settings,ProxyOverride = *.local
uURLSearchHooks: H - No File
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll
BHO: Groove GFS Browser Helper: {72853161-30c5-4d22-b7f9-0bbc1d38a37e} - c:\progra~1\micros~2\office14\GROOVEEX.DLL
BHO: Skype add-on for Internet Explorer: {ae805869-2e5c-4ed4-8f7b-f1f7851a4497} - c:\program files\skype\toolbars\internet explorer\skypeieplugin.dll
BHO: Office Document Cache Handler: {b4f3a835-0e21-4959-ba22-42b3008e02ff} - c:\progra~1\micros~2\office14\URLREDIR.DLL
BHO: Java™ Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
uRun: [Logitech Vid] "c:\program files\logitech\vid hd\Vid.exe" -bootmode
mRun: [VolPanel] "c:\program files\creative\sound blaster x-fi surround 5.1\volume panel\VolPanlu.exe" /r
mRun: [Creative SB Monitoring Utility] RunDll32 sbavmon.dll,SBAVMonitor
mRun: [CanonMyPrinter] c:\program files\canon\myprinter\BJMyPrt.exe /logon
mRun: [CanonSolutionMenu] c:\program files\canon\solutionmenu\CNSLMAIN.exe /logon
mRun: [Reclusa] c:\program files\razer\reclusa\razerhid.exe
mRun: [Adobe Reader Speed Launcher] "c:\program files\adobe\reader 9.0\reader\Reader_sl.exe"
mRun: [Adobe ARM] "c:\program files\common files\adobe\arm\1.0\AdobeARM.exe"
mRun: [iTunesHelper] "c:\program files\itunes\iTunesHelper.exe"
mRun: [BCSSync] "c:\program files\microsoft office\office14\BCSSync.exe" /DelayServices
mRun: [IntelliPoint] "c:\program files\microsoft intellipoint\ipoint.exe"
mRun: [SunJavaUpdateSched] "c:\program files\common files\java\java update\jusched.exe"
StartupFolder: c:\users\josh\appdata\roaming\micros~1\windows\startm~1\programs\startup\magicd~1.lnk - c:\program files\magicdisc\MagicDisc.exe
mPolicies-system: ConsentPromptBehaviorAdmin = 0 (0x0)
mPolicies-system: ConsentPromptBehaviorUser = 3 (0x3)
mPolicies-system: EnableLUA = 0 (0x0)
mPolicies-system: EnableUIADesktopToggle = 0 (0x0)
mPolicies-system: PromptOnSecureDesktop = 0 (0x0)
IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - c:\program files\microsoft office\office14\ONBttnIE.dll
IE: {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - {FFFDC614-B694-4AE6-AB38-5D6374584B52} - c:\program files\microsoft office\office14\ONBttnIELinkedNotes.dll
IE: {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - c:\program files\skype\toolbars\internet explorer\skypeieplugin.dll
Trusted Zone: anabolicminds.com\www
Trusted Zone: facebook.com\www
Trusted Zone: mustangworld.com\www
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_25-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0025-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_25-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_25-windows-i586.cab
DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
Filter: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - c:\program files\common files\microsoft shared\office14\MSOXMLMF.DLL
Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - c:\program files\skype\toolbars\internet explorer\skypeieplugin.dll
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - c:\progra~1\common~1\skype\SKYPE4~1.DLL
SEH: Groove GFS Stub Execution Hook: {b5a7f190-dda6-4420-b3ba-52453494e6cd} - c:\progra~1\micros~2\office14\GROOVEEX.DLL
.
================= FIREFOX ===================
.
FF - ProfilePath - c:\users\josh\appdata\roaming\mozilla\firefox\profiles\t4flj3nz.default\
FF - prefs.js: browser.startup.homepage - hxxp://www.yahoo.com/
FF - prefs.js: network.proxy.type - 0
FF - plugin: c:\progra~1\micros~3\office14\NPAUTHZ.DLL
FF - plugin: c:\progra~1\micros~3\office14\NPSPWRAP.DLL
FF - plugin: c:\program files\canon\easy-photoprint ex\NPEZFFPI.DLL
FF - plugin: c:\program files\java\jre6\bin\new_plugin\npdeployJava1.dll
.
============= SERVICES / DRIVERS ===============
.
R1 MpFilter;Microsoft Malware Protection Driver;c:\windows\system32\drivers\MpFilter.sys [2010-10-24 165264]
R2 UMVPFSrv;UMVPFSrv;c:\program files\common files\logishrd\lvmvfm\UMVPFSrv.exe [2011-4-1 428640]
R3 CompFilter;UVCCompositeFilter;c:\windows\system32\drivers\lvbusflt.sys [2011-4-1 20448]
R3 ksaud;Creative USB Audio Driver;c:\windows\system32\drivers\ksaud.sys [2010-8-3 899712]
R3 MpNWMon;Microsoft Malware Protection Network Driver;c:\windows\system32\drivers\MpNWMon.sys [2010-10-24 43392]
R3 RecFltr;Reclusa Keyboard;c:\windows\system32\drivers\RecFltr.sys [2010-11-23 41984]
R3 VST_DPV;VST_DPV;c:\windows\system32\drivers\VSTDPV3.SYS [2009-7-13 980992]
R3 VSTHWBS2;VSTHWBS2;c:\windows\system32\drivers\VSTBS23.SYS [2009-7-13 266752]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\microsoft.net\framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
S2 KMService;KMService;c:\windows\system32\srvany.exe [2011-2-4 8192]
S3 b57nd60x;Broadcom NetXtreme Gigabit Ethernet - NDIS 6.0;c:\windows\system32\drivers\b57nd60x.sys [2009-7-13 229888]
S3 Creative ALchemy AL6 Licensing Service;Creative ALchemy AL6 Licensing Service;c:\program files\common files\creative labs shared\service\AL6Licensing.exe [2010-8-4 79360]
S3 Creative Audio Engine Licensing Service;Creative Audio Engine Licensing Service;c:\program files\common files\creative labs shared\service\CTAELicensing.exe [2010-8-3 79360]
S3 Microsoft SharePoint Workspace Audit Service;Microsoft SharePoint Workspace Audit Service;c:\program files\microsoft office\office14\GROOVE.EXE [2010-3-25 30969208]
S3 NisDrv;Microsoft Network Inspection System;c:\windows\system32\drivers\NisDrvWFP.sys [2010-10-24 54144]
S3 NisSrv;Microsoft Network Inspection;c:\program files\microsoft security client\antimalware\NisSrv.exe [2010-11-11 206360]
S3 osppsvc;Office Software Protection Platform;c:\program files\common files\microsoft shared\officesoftwareprotectionplatform\OSPPSVC.EXE [2010-1-9 4640000]
S3 StorSvc;Storage Service;c:\windows\system32\svchost.exe -k LocalSystemNetworkRestricted [2009-7-13 20992]
S3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\TsUsbFlt.sys [2011-2-23 52224]
S3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\wat\WatAdminSvc.exe [2010-8-4 1343400]
.
=============== Created Last 30 ================
.
2011-05-09 07:17:03 439632 ----a-w- c:\progra~2\microsoft\microsoft antimalware\definition updates\{47c383a1-d935-493e-aeaa-54450bca58c6}\gapaengine.dll
2011-05-09 06:49:47 7071056 ----a-w- c:\progra~2\microsoft\windows defender\definition updates\{ef6b7cc5-e0da-4a76-a85c-6254dc60a377}\mpengine.dll
2011-05-09 06:43:11 -------- d-sh--w- C:\$RECYCLE.BIN
2011-05-09 06:43:10 -------- d-----w- c:\users\josh\appdata\local\temp
2011-05-09 06:30:30 439632 ----a-w- c:\progra~2\microsoft\microsoft antimalware\definition updates\{178d1831-682f-4057-8393-0c11514931b1}\gapaengine.dll
2011-05-09 06:28:29 472808 ----a-w- c:\program files\mozilla firefox\plugins\npdeployJava1.dll
2011-05-09 05:56:25 98816 ----a-w- c:\windows\sed.exe
2011-05-09 05:56:25 89088 ----a-w- c:\windows\MBR.exe
2011-05-09 05:56:25 256512 ----a-w- c:\windows\PEV.exe
2011-05-09 05:56:25 161792 ----a-w- c:\windows\SWREG.exe
2011-05-09 05:51:00 -------- d-----w- c:\users\josh\appdata\roaming\Malwarebytes
2011-05-09 05:50:54 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2011-05-09 05:50:53 -------- d-----w- c:\progra~2\Malwarebytes
2011-05-09 05:50:50 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2011-05-08 19:04:42 89048 ----a-w- c:\program files\mozilla firefox\libEGL.dll
2011-05-08 19:04:42 781272 ----a-w- c:\program files\mozilla firefox\mozsqlite3.dll
2011-05-08 19:04:42 465880 ----a-w- c:\program files\mozilla firefox\libGLESv2.dll
2011-05-08 19:04:42 1892184 ----a-w- c:\program files\mozilla firefox\d3dx9_42.dll
2011-05-08 19:04:42 1874904 ----a-w- c:\program files\mozilla firefox\mozjs.dll
2011-05-08 19:04:42 15832 ----a-w- c:\program files\mozilla firefox\mozalloc.dll
2011-05-08 19:04:42 142296 ----a-w- c:\program files\mozilla firefox\components\browsercomps.dll
2011-05-08 19:04:41 1974616 ----a-w- c:\program files\mozilla firefox\D3DCompiler_42.dll
2011-04-30 07:15:49 -------- d-----w- c:\program files\Microsoft IntelliPoint
2011-04-25 04:37:44 439632 ----a-w- c:\progra~2\microsoft\microsoft antimalware\definition updates\nisbackup\gapaengine.dll
2011-04-25 04:37:41 5890896 ----a-w- c:\progra~2\microsoft\microsoft antimalware\definition updates\backup\mpengine.dll
2011-04-25 04:37:35 7071056 ----a-w- c:\progra~2\microsoft\microsoft antimalware\definition updates\{b0839190-482b-4ab4-a5c6-c963966a610c}\mpengine.dll
2011-04-23 04:50:50 642048 ----a-w- c:\windows\system32\CPFilters.dll
2011-04-23 04:48:58 1164288 ----a-w- c:\windows\system32\mfc42u.dll
2011-04-23 04:48:58 1137664 ----a-w- c:\windows\system32\mfc42.dll
2011-04-23 04:48:39 96768 ----a-w- c:\windows\system32\drivers\mrxsmb20.sys
2011-04-23 04:48:39 69632 ----a-w- c:\windows\system32\drivers\bowser.sys
2011-04-23 04:48:39 223232 ----a-w- c:\windows\system32\drivers\mrxsmb10.sys
2011-04-23 04:48:39 123904 ----a-w- c:\windows\system32\drivers\mrxsmb.sys
2011-04-22 17:03:01 -------- d-----w- c:\program files\common files\FreeCause
2011-04-22 17:02:55 -------- d-----w- c:\users\josh\appdata\local\TempImg
2011-04-22 17:02:52 -------- d-----w- c:\program files\Registry Cleaner
2011-04-22 17:02:47 -------- d-----w- c:\users\josh\appdata\local\TempImages
2011-04-22 16:26:48 -------- d-----w- c:\users\josh\appdata\roaming\AVG10
2011-04-22 16:23:23 -------- d--h--w- c:\progra~2\Common Files
2011-04-22 16:22:19 -------- d-----w- c:\progra~2\AVG10
2011-04-22 16:18:57 -------- d-----w- c:\progra~2\MFAData
2011-04-20 17:31:10 65602 ----a-w- c:\windows\system32\cook3260.dll
2011-04-20 17:31:10 626688 ----a-w- c:\windows\system32\vp7vfw.dll
2011-04-20 17:31:10 217127 ----a-w- c:\windows\system32\drv43260.dll
2011-04-20 17:31:10 208935 ----a-w- c:\windows\system32\drv33260.dll
2011-04-20 17:31:10 176165 ----a-w- c:\windows\system32\drv23260.dll
2011-04-20 17:31:10 1184984 ----a-w- c:\windows\system32\wvc1dmod.dll
2011-04-20 17:31:10 102439 ----a-w- c:\windows\system32\sipr3260.dll
2011-04-20 17:31:08 -------- d-----w- c:\program files\VSO
2011-04-14 08:39:02 103864 ----a-w- c:\program files\mozilla firefox\plugins\nppdf32.dll
2011-04-14 08:39:02 103864 ----a-w- c:\program files\internet explorer\plugins\nppdf32.dll
2011-04-13 20:02:36 40984 ----a-w- c:\windows\system32\drivers\point32.sys
2011-04-12 18:01:38 45464 ----a-w- c:\windows\system32\drivers\dc3d.sys
.
==================== Find3M ====================
.
2011-05-09 06:28:23 472808 ----a-w- c:\windows\system32\deployJava1.dll
2011-04-09 04:02:10 391168 ----a-w- c:\windows\system32\itpcoin815.dll
2011-04-09 04:02:04 390656 ----a-w- c:\windows\system32\ipcoin815.dll
2011-04-01 10:10:46 539232 ----a-w- c:\windows\system32\LVUI2RC.dll
2011-04-01 10:10:24 543328 ----a-w- c:\windows\system32\LVUI2.dll
2011-04-01 10:08:56 195168 ----a-w- c:\windows\system32\lvci13251014.dll
2011-04-01 10:08:36 301664 ----a-w- c:\windows\system32\lvcodec2.dll
2011-04-01 10:07:02 10877272 ----a-w- c:\windows\system32\LogiDPP.dll
2011-04-01 10:07:02 102744 ----a-w- c:\windows\system32\LogiDPPApp.exe
2011-04-01 10:06:56 331608 ----a-w- c:\windows\system32\DevManagerCore.dll
2011-04-01 09:56:20 39318 ----a-w- c:\windows\system32\Repository.reg
2011-03-08 05:28:29 741376 ----a-w- c:\windows\system32\inetcomm.dll
2011-03-03 05:38:01 132608 ----a-w- c:\windows\system32\dnsrslvr.dll
2011-03-03 05:36:16 28672 ----a-w- c:\windows\system32\dnscacheugc.exe
2011-03-03 03:42:34 2333184 ----a-w- c:\windows\system32\win32k.sys
2011-02-24 05:38:54 288256 ----a-w- c:\windows\system32\XpsGdiConverter.dll
2011-02-23 19:58:25 152576 ----a-w- c:\windows\system32\msclmd.dll
2011-02-19 06:30:54 805376 ----a-w- c:\windows\system32\FntCache.dll
2011-02-19 06:30:51 1076736 ----a-w- c:\windows\system32\DWrite.dll
2011-02-19 06:30:50 739840 ----a-w- c:\windows\system32\d2d1.dll
2011-02-19 06:30:46 34304 ----a-w- c:\windows\system32\atmlib.dll
2011-02-19 04:34:54 294912 ----a-w- c:\windows\system32\atmfd.dll
2011-02-12 05:35:31 191488 ----a-w- c:\windows\system32\FXSCOVER.exe
.
============= FINISH: 2:18:15.80 ===============

Attached Files



BC AdBot (Login to Remove)

 


#2 SweetTech

SweetTech

    Agent ST


  • Members
  • 13,421 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Antarctica
  • Local time:11:34 AM

Posted 12 May 2011 - 04:08 PM

Hello and welcome to the forums!

My secret agent name on the forums is SweetTech (you can call me ST for short), it's a pleasure to meet you. :)

I am very sorry for the delay in responding, but as you can see we are at the moment being flooded with logs which, when paired with the never-ending shortage of helpers, resulted in the delayed responding to your thread.

I would be glad to take a look at your log and help you with solving any malware problems.

If you have since resolved the issues you were originally experiencing, or have received help elsewhere, please inform me so that this topic can be closed.

If you have not, please adhere to the guidelines below and then follow instructions as outlined further below:

  • Logs from malware removal programs (OTL is one of them) can take some time to analyze. I need you to be patient while I analyze any logs you post. Please remember, I am a volunteer, and I do have a life outside of these forums.
  • Please make sure to carefully read any instruction that I give you. Attention to detail is important! Since I cannot see or directly interact with your computer I am dependent on you to "be my eyes" and provide as much information as you can regarding the current state of your computer.
  • If you're not sure, or if something unexpected happens, do NOT continue! Stop and ask!
  • In Windows Vista and Windows 7, all tools need to be started by right clicking and selecting Run as Administrator!
  • If I instruct you to download a specific tool in which you already have, please delete the copy that you have and re-download the tool. The reason I ask you to do this is because these tools are updated fairly regularly.
  • Do not do things I do not ask for, such as running a spyware scan on your computer. The one thing that you should always do, is to make sure sure that your anti-virus definitions are up-to-date!
  • Please do not use the Attachment feature for any log file. Do a Copy/Paste of the entire contents of the log file and submit it inside your post.
  • I am going to stick with you until ALL malware is gone from your system. I would appreciate it if you would do the same. From this point, we're in this together ;)
    Because of this, you must reply within three days
    failure to reply will result in the topic being closed!
  • Please do not PM me directly for help. If you have any questions, post them in this topic.
  • Lastly, I am no magician. I will try very hard to fix your issues, but no promises can be made. Also be aware that some infections are so severe that you might need to resort to reformatting and reinstalling your operating system.
    Don't worry, this only happens in severe cases, but it sadly does happen. Be prepared to back up your data. Have means of backing up your data available.

____________________________________________________

Rootkit UnHooker (RkU)
Please download Rootkit Unhooker from one of the following links and save it to your desktop.
Link 1 (.exe file)
Link 2 (zipped file)
Link 3 (.rar file)In order to use this tool if you downloaded from either of the second two links, you will need to extract the RKUnhookerLE.exe file using a program capable of extracing ZIP and RAR compressed files. If you don't have an extraction program, you can downlaod, install and use the free 7-zip utility.

  • Double-click on RKUnhookerLE.exe to start the program.
    Vista/Windows 7 users right-click and select Run As Administrator.
  • Click the Report tab, then click Scan.
  • Check Drivers, Stealth, and uncheck the rest.
  • Click OK.
  • Wait until it's finished and then go to File > Save Report.
  • Save the report to your Desktop.
  • Copy and paste the contents of the report into your next reply.
-- Note: You may get this warning...just ignore it, click OK and continue: "Rootkit Unhooker has detected a parasite inside itself! It is recommended to remove parasite, okay?".



NEXT:



Running OTL

We need to create an OTL Report
  • Please download OTL from one of the following mirrors:
  • Save it to your desktop.
  • Double click on the Posted Image icon on your desktop.
  • Click the "Scan All Users" checkbox.
  • Push the Posted Image button.
  • Two reports will open, copy and paste them in a reply here:
    • OTL.txt <-- Will be opened
    • Extra.txt <-- Will be minimized


NEXT:


Please provide an update on how things are running in your next reply.

Have I helped you? If you'd like to assist in the fight against malware, click here Posted Image


The instructions seen in this post have been specifically tailored to this user and the issues they are experiencing with their computer. If you think you have a similar problem, please first read this topic, and then begin your own, new thread. I do not offer private support via Private Message.


#3 jcalvert86

jcalvert86
  • Topic Starter

  • Members
  • 10 posts
  • OFFLINE
  •  
  • Local time:10:34 AM

Posted 12 May 2011 - 11:35 PM

RkU Version: 3.8.388.590, Type LE (SR2)
==============================================
OS Name: Windows 7
Version 6.1.7601 (Service Pack 1)
Number of processors #2
==============================================
>Drivers
==============================================
0x8F40A000 C:\Windows\system32\DRIVERS\nvlddmkm.sys 10080256 bytes (NVIDIA Corporation, NVIDIA Windows Kernel Mode Driver, Version 260.99 )
0x9343B000 C:\Windows\system32\DRIVERS\lvuvc.sys 4329472 bytes (Logitech Inc., Logitech USB Video Class Driver)
0x82A0E000 C:\Windows\system32\ntkrnlpa.exe 4268032 bytes (Microsoft Corporation, NT Kernel & System)
0x82A0E000 PnpManager 4268032 bytes
0x82A0E000 RAW 4268032 bytes
0x82A0E000 WMIxWDM 4268032 bytes
0x92710000 Win32k 2416640 bytes
0x92710000 C:\Windows\System32\win32k.sys 2416640 bytes (Microsoft Corporation, Multi-User Win32 Driver)
0x89227000 C:\Windows\System32\drivers\tcpip.sys 1351680 bytes (Microsoft Corporation, TCP/IP Driver)
0x8901E000 C:\Windows\System32\Drivers\Ntfs.sys 1241088 bytes (Microsoft Corporation, NT File System Driver)
0x8EE30000 C:\Windows\system32\DRIVERS\VSTDPV3.SYS 1056768 bytes (Conexant Systems, Inc., HSF_DP driver)
0x938B6000 C:\Windows\system32\drivers\ksaud.sys 901120 bytes (Creative Technology Ltd., WDM USB Audio Driver)
0x894B6000 C:\Windows\System32\Drivers\dump_iaStorV.sys 897024 bytes
0x88E20000 C:\Windows\system32\drivers\iaStorV.sys 897024 bytes (Intel Corporation, Intel Matrix Storage Manager driver - ia32)
0x8EA08000 C:\Windows\System32\drivers\dxgkrnl.sys 749568 bytes (Microsoft Corporation, DirectX Graphics Kernel)
0x88F49000 C:\Windows\system32\drivers\ndis.sys 749568 bytes (Microsoft Corporation, NDIS 6.20 driver)
0x8EF32000 C:\Windows\system32\DRIVERS\VSTCNXT3.SYS 741376 bytes (Conexant Systems, Inc., HSF_CNXT driver)
0x88AF7000 C:\Windows\system32\CI.dll 700416 bytes (Microsoft Corporation, Code Integrity Module)
0x99E05000 C:\Windows\system32\drivers\peauth.sys 618496 bytes (Microsoft Corporation, Protected Environment Authentication and Authorization Export Driver)
0x8A57B000 C:\Windows\system32\drivers\HTTP.sys 544768 bytes (Microsoft Corporation, HTTP Protocol Stack)
0x88A17000 C:\Windows\system32\mcupdate_GenuineIntel.dll 544768 bytes (Microsoft Corporation, Intel Microcode Update Library)
0x88C06000 C:\Windows\system32\drivers\Wdf01000.sys 462848 bytes (Microsoft Corporation, Kernel Mode Driver Framework Runtime)
0x8E979000 C:\Windows\system32\drivers\csc.sys 409600 bytes (Microsoft Corporation, Windows Client Side Caching Driver)
0x8918B000 C:\Windows\System32\Drivers\cng.sys 380928 bytes (Microsoft Corporation, Kernel Cryptography, Next Generation)
0x8E866000 C:\Windows\system32\drivers\afd.sys 368640 bytes (Microsoft Corporation, Ancillary Function Driver for WinSock)
0x99F24000 C:\Windows\System32\DRIVERS\srv.sys 335872 bytes (Microsoft Corporation, Server driver)
0x8FF4E000 C:\Windows\system32\drivers\HdAudio.sys 327680 bytes (Microsoft Corporation, High Definition Audio Function Driver)
0x99ED4000 C:\Windows\System32\DRIVERS\srv2.sys 327680 bytes (Microsoft Corporation, Smb 2.0 Server driver)
0x92600000 C:\Windows\System32\ATMFD.DLL 315392 bytes (Adobe Systems Incorporated, Windows NT OpenType/Type 1 Font Driver)
0x8EBB4000 C:\Windows\system32\DRIVERS\VSTBS23.SYS 311296 bytes (Conexant Systems, Inc., HSF_HWB2 WDM driver)
0x8EB3B000 C:\Windows\system32\DRIVERS\USBPORT.SYS 307200 bytes (Microsoft Corporation, USB 1.1 & 2.0 Port Driver)
0x88D34000 C:\Windows\System32\drivers\volmgrx.sys 307200 bytes (Microsoft Corporation, Volume Manager Extension Driver)
0x88C85000 C:\Windows\system32\drivers\ACPI.sys 294912 bytes (Microsoft Corporation, ACPI Driver for NT)
0x8A535000 C:\Windows\system32\DRIVERS\lvrs.sys 286720 bytes (Logitech Inc., Logitech Kernel Audio Improvement Filter Driver)
0x8FEF9000 C:\Windows\system32\drivers\usbhub.sys 278528 bytes (Microsoft Corporation, Default Hub Driver for USB)
0x88AB5000 C:\Windows\system32\CLFS.SYS 270336 bytes (Microsoft Corporation, Common Log File System Driver)
0x8E918000 C:\Windows\system32\DRIVERS\rdbss.sys 266240 bytes (Microsoft Corporation, Redirected Drive Buffering SubSystem Driver)
0x893AB000 C:\Windows\system32\drivers\volsnap.sys 258048 bytes (Microsoft Corporation, Volume Shadow Copy Driver)
0x88BA2000 C:\Windows\system32\drivers\NETIO.SYS 253952 bytes (Microsoft Corporation, Network I/O Subsystem)
0x8A441000 C:\Windows\system32\DRIVERS\mrxsmb10.sys 241664 bytes (Microsoft Corporation, Longhorn SMB Downlevel SubRdr)
0x8EABF000 C:\Windows\System32\drivers\dxgmms1.sys 233472 bytes (Microsoft Corporation, DirectX Graphics MMS)
0x8EAF8000 C:\Windows\system32\DRIVERS\e1e6232.sys 229376 bytes (Intel Corporation, Intel® PRO/1000 Adapter NDIS 6 deserialized driver)
0x82E20000 ACPI_HAL 225280 bytes
0x82E20000 C:\Windows\system32\halmacpi.dll 225280 bytes (Microsoft Corporation, Hardware Abstraction Layer DLL)
0x88F04000 C:\Windows\system32\drivers\fltmgr.sys 212992 bytes (Microsoft Corporation, Microsoft Filesystem Filter Manager)
0x8FDA9000 C:\Windows\system32\DRIVERS\ks.sys 212992 bytes (Microsoft Corporation, Kernel CSA Library)
0x8944E000 C:\Windows\System32\DRIVERS\fvevol.sys 204800 bytes (Microsoft Corporation, BitLocker Drive Encryption Driver)
0x8E834000 C:\Windows\System32\DRIVERS\netbt.sys 204800 bytes (Microsoft Corporation, MBT Transport driver)
0x89371000 C:\Windows\System32\drivers\fwpkclnt.sys 200704 bytes (Microsoft Corporation, FWP/IPsec Kernel-Mode API)
0x8FF9E000 C:\Windows\system32\drivers\portcls.sys 192512 bytes (Microsoft Corporation, Port Class (Class Driver for Port/Miniport Devices))
0x89409000 C:\Windows\System32\drivers\rdyboost.sys 184320 bytes (Microsoft Corporation, ReadyBoost Driver)
0x8914D000 C:\Windows\System32\Drivers\msrpc.sys 176128 bytes (Microsoft Corporation, Kernel Remote Procedure Call Provider)
0x88CDE000 C:\Windows\system32\drivers\pci.sys 172032 bytes (Microsoft Corporation, NT Plug and Play PCI Enumerator)
0x88D95000 C:\Windows\system32\drivers\vmbus.sys 172032 bytes (Microsoft Corporation, Virtual Machine Bus)
0x895CE000 C:\Windows\system32\DRIVERS\MpFilter.sys 159744 bytes (Microsoft Corporation, Microsoft antimalware file system filter driver)
0x8FEC3000 C:\Windows\system32\DRIVERS\SCSIPORT.SYS 155648 bytes (Microsoft Corporation, SCSI Port Driver)
0x89491000 C:\Windows\system32\DRIVERS\CLASSPNP.SYS 151552 bytes (Microsoft Corporation, SCSI Class System Dll)
0x88DD1000 C:\Windows\System32\Drivers\ksecpkg.sys 151552 bytes (Microsoft Corporation, Kernel Security Support Provider Interface Packages)
0x8A400000 C:\Windows\system32\DRIVERS\mrxsmb.sys 143360 bytes (Microsoft Corporation, Windows NT SMB Minirdr)
0x8FE1A000 C:\Windows\system32\DRIVERS\ndiswan.sys 139264 bytes (Microsoft Corporation, MS PPP Framing Driver (Strong Encryption))
0x99EA6000 C:\Windows\System32\DRIVERS\srvnet.sys 135168 bytes (Microsoft Corporation, Server Network driver)
0x8E80E000 C:\Windows\system32\DRIVERS\tunnel.sys 135168 bytes (Microsoft Corporation, Microsoft Tunnel Interface Driver)
0x89200000 C:\Windows\System32\drivers\VIDEOPRT.SYS 135168 bytes (Microsoft Corporation, Video Port Driver)
0x895AF000 C:\Windows\system32\drivers\cdrom.sys 126976 bytes (Microsoft Corporation, SCSI CD-ROM Driver)
0x8EB95000 C:\Windows\system32\drivers\HDAudBus.sys 126976 bytes (Microsoft Corporation, High Definition Audio Bus Driver)
0x8E8C7000 C:\Windows\system32\DRIVERS\pacer.sys 126976 bytes (Microsoft Corporation, QoS Packet Scheduler)
0x929A0000 C:\Windows\System32\cdd.dll 122880 bytes (Microsoft Corporation, Canonical Display Driver)
0x8FEA6000 C:\Windows\system32\DRIVERS\mcdbus.sys 118784 bytes (MagicISO, Inc., MagicISO SCSI Host Controller)
0x9399D000 C:\Windows\system32\drivers\luafv.sys 110592 bytes (Microsoft Corporation, LUA File Virtualization Filter Driver)
0x8A47C000 C:\Windows\system32\DRIVERS\mrxsmb20.sys 110592 bytes (Microsoft Corporation, Longhorn SMB 2.0 Redirector)
0x939B8000 C:\Windows\system32\drivers\WudfPf.sys 106496 bytes (Microsoft Corporation, Windows Driver Foundation - User-mode Driver Framework Platform Driver)
0x93400000 C:\Windows\system32\DRIVERS\bowser.sys 102400 bytes (Microsoft Corporation, NT Lan Manager Datagram Receiver Driver)
0x8FFCD000 C:\Windows\system32\drivers\drmk.sys 102400 bytes (Microsoft Corporation, Microsoft Trusted Audio Drivers)
0x8E9DD000 C:\Windows\System32\Drivers\dfsc.sys 98304 bytes (Microsoft Corporation, DFS Namespace Client Driver)
0x8FDDD000 C:\Windows\system32\DRIVERS\rasl2tp.sys 98304 bytes (Microsoft Corporation, RAS L2TP mini-port/call-manager driver)
0x8FE3C000 C:\Windows\system32\DRIVERS\raspppoe.sys 98304 bytes (Microsoft Corporation, RAS PPPoE mini-port/call-manager driver)
0x8FE54000 C:\Windows\system32\DRIVERS\raspptp.sys 94208 bytes (Microsoft Corporation, Peer-to-Peer Tunneling Protocol)
0x8FE6B000 C:\Windows\system32\DRIVERS\rassstp.sys 94208 bytes (Microsoft Corporation, RAS SSTP Miniport Call Manager)
0x88A00000 C:\Windows\system32\DRIVERS\tdx.sys 94208 bytes (Microsoft Corporation, TDI Translation Driver)
0x8A428000 C:\Windows\system32\DRIVERS\usbccgp.sys 94208 bytes (Microsoft Corporation, USB Common Class Generic Parent Driver)
0x8FFE6000 C:\Windows\system32\DRIVERS\cdfs.sys 90112 bytes (Microsoft Corporation, CD-ROM File System Driver)
0x88D7F000 C:\Windows\System32\drivers\mountmgr.sys 90112 bytes (Microsoft Corporation, Mount Point Manager)
0x8A521000 C:\Windows\system32\drivers\usbaudio.sys 81920 bytes (Microsoft Corporation, USB Audio Class Driver)
0x93883000 C:\Windows\system32\DRIVERS\HIDCLASS.SYS 77824 bytes (Microsoft Corporation, Hid Class Library)
0x89178000 C:\Windows\System32\Drivers\ksecdd.sys 77824 bytes (Microsoft Corporation, Kernel Security Support Provider Interface)
0x939E2000 C:\Windows\system32\DRIVERS\rspndr.sys 77824 bytes (Microsoft Corporation, Link-Layer Topology Responder Driver for NDIS 6)
0x8E8F4000 C:\Windows\system32\DRIVERS\wanarp.sys 77824 bytes (Microsoft Corporation, MS Remote Access and Routing ARP Driver)
0x88DBF000 00000094 73728 bytes
0x8EE0D000 C:\Windows\system32\DRIVERS\AgileVpn.sys 73728 bytes (Microsoft Corporation, RAS Agile Vpn Miniport Call Manager)
0x88BEE000 C:\Windows\system32\DRIVERS\intelppm.sys 73728 bytes (Microsoft Corporation, Processor Device Driver)
0x93419000 C:\Windows\System32\drivers\mpsdrv.sys 73728 bytes (Microsoft Corporation, Microsoft Protection Service Driver)
0x88DBF000 C:\Windows\system32\drivers\winhv.sys 73728 bytes (Microsoft Corporation, Windows Hypervisor Interface Driver)
0x89480000 C:\Windows\system32\DRIVERS\disk.sys 69632 bytes (Microsoft Corporation, PnP Disk Driver)
0x89591000 C:\Windows\System32\Drivers\dump_dumpfve.sys 69632 bytes
0x88F38000 C:\Windows\system32\drivers\fileinfo.sys 69632 bytes (Microsoft Corporation, FileInfo Filter Driver)
0x8FF3D000 C:\Windows\System32\Drivers\NDProxy.SYS 69632 bytes (Microsoft Corporation, NDIS Proxy)
0x88D13000 C:\Windows\System32\drivers\partmgr.sys 69632 bytes (Microsoft Corporation, Partition Management Driver)
0x88A9C000 C:\Windows\system32\PSHED.dll 69632 bytes (Microsoft Corporation, Platform Specific Hardware Error Driver)
0x8E907000 C:\Windows\system32\drivers\termdd.sys 69632 bytes (Microsoft Corporation, Remote Desktop Server Driver)
0x939D2000 C:\Windows\system32\DRIVERS\lltdio.sys 65536 bytes (Microsoft Corporation, Link-Layer Topology Mapper I/O Driver)
0x89436000 C:\Windows\System32\Drivers\mup.sys 65536 bytes (Microsoft Corporation, Multiple UNC Provider Driver)
0x88D24000 C:\Windows\system32\drivers\volmgr.sys 65536 bytes (Microsoft Corporation, Volume Manager Driver)
0x8EB86000 C:\Windows\system32\DRIVERS\usbehci.sys 61440 bytes (Microsoft Corporation, EHCI eUSB Miniport Driver)
0x8E800000 C:\Windows\system32\DRIVERS\blbdrive.sys 57344 bytes (Microsoft Corporation, BLB Drive Driver)
0x8E8E6000 C:\Windows\system32\DRIVERS\netbios.sys 57344 bytes (Microsoft Corporation, NetBIOS interface driver)
0x88BE0000 C:\Windows\System32\Drivers\Npfs.SYS 57344 bytes (Microsoft Corporation, NPFS Driver)
0x891E8000 C:\Windows\System32\drivers\pcw.sys 57344 bytes (Microsoft Corporation, Performance Counters for Windows Driver)
0x8FEEB000 C:\Windows\system32\drivers\umbus.sys 57344 bytes (Microsoft Corporation, User-Mode Bus Enumerator)
0x88C77000 C:\Windows\system32\drivers\WDFLDR.SYS 57344 bytes (Microsoft Corporation, Kernel Mode Driver Framework Loader)
0x8EE00000 C:\Windows\system32\drivers\CompositeBus.sys 53248 bytes (Microsoft Corporation, Multi-Transport Composite Bus Enumerator)
0x8FE00000 C:\Windows\System32\Drivers\crashdmp.sys 53248 bytes (Microsoft Corporation, Crash Dump Driver)
0x8FE8C000 C:\Windows\system32\drivers\kbdclass.sys 53248 bytes (Microsoft Corporation, Keyboard Class Driver)
0x8EFE7000 C:\Windows\system32\drivers\modem.sys 53248 bytes (Microsoft Corporation, Modem Device Driver)
0x8FE99000 C:\Windows\system32\DRIVERS\mouclass.sys 53248 bytes (Microsoft Corporation, Mouse Class Driver)
0x99EC7000 C:\Windows\System32\drivers\tcpipreg.sys 53248 bytes (Microsoft Corporation, TCP/IP Registry Compatibility Driver)
0x89000000 C:\Windows\System32\drivers\watchdog.sys 53248 bytes (Microsoft Corporation, Watchdog Driver)
0x8E96D000 C:\Windows\System32\drivers\discache.sys 49152 bytes (Microsoft Corporation, System Indexer/Cache Driver)
0x93896000 C:\Windows\system32\drivers\kbdhid.sys 49152 bytes (Microsoft Corporation, HID Keyboard Filter Driver)
0x88E13000 C:\Windows\system32\DRIVERS\TDI.SYS 49152 bytes (Microsoft Corporation, TDI Wrapper)
0x893F2000 C:\Windows\System32\drivers\vga.sys 49152 bytes (Microsoft Corporation, VGA/Super VGA Video Driver)
0x93878000 C:\Windows\system32\DRIVERS\hidusb.sys 45056 bytes (Microsoft Corporation, USB Miniport Driver for Input Devices)
0x9385C000 C:\Windows\system32\DRIVERS\monitor.sys 45056 bytes (Microsoft Corporation, Monitor Driver)
0x938A2000 C:\Windows\system32\DRIVERS\mouhid.sys 45056 bytes (Microsoft Corporation, HID Mouse Filter Driver)
0x88E08000 C:\Windows\System32\Drivers\Msfs.SYS 45056 bytes (Microsoft Corporation, Mailslot driver)
0x8EE1F000 C:\Windows\system32\DRIVERS\ndistapi.sys 45056 bytes (Microsoft Corporation, NDIS 3.0 connection wrapper driver)
0x93992000 C:\Windows\System32\Drivers\RecFltr.sys 45056 bytes (-, -)
0x8EB30000 C:\Windows\system32\DRIVERS\usbuhci.sys 45056 bytes (Microsoft Corporation, UHCI USB Miniport Driver)
0x88D08000 C:\Windows\system32\drivers\vdrvroot.sys 45056 bytes (Microsoft Corporation, Virtual Drive Root Enumerator)
0x93867000 C:\Windows\system32\DRIVERS\dc3d.sys 40960 bytes (Microsoft Corporation, Filter Driver for Identification of Microsoft Hardware Wireless Mouse and Keyboard Device Models)
0x8FE0D000 C:\Windows\System32\drivers\Dxapi.sys 40960 bytes (Microsoft Corporation, DirectX API Driver)
0x99F7B000 C:\Windows\system32\DRIVERS\MpNWMon.sys 40960 bytes (Microsoft Corporation, Network monitor driver)
0x8E963000 C:\Windows\system32\drivers\mssmbios.sys 40960 bytes (Microsoft Corporation, System Management BIOS Driver)
0x8E959000 C:\Windows\system32\drivers\nsiproxy.sys 40960 bytes (Microsoft Corporation, NSI Proxy)
0x8FE82000 C:\Windows\system32\DRIVERS\rdpbus.sys 40960 bytes (Microsoft Corporation, Microsoft RDP Bus Device driver)
0x99E9C000 C:\Windows\System32\Drivers\secdrv.SYS 40960 bytes (Macrovision Corporation, Macrovision Europe Limited, and Macrovision Japan and Asia K.K., Macrovision SECURITY Driver)
0x88EFB000 C:\Windows\system32\drivers\amdxata.sys 36864 bytes (Advanced Micro Devices, Storage Filter Driver)
0x99FEF000 C:\Windows\system32\DRIVERS\asyncmac.sys 36864 bytes (Microsoft Corporation, MS Remote Access serial network driver)
0x891F6000 C:\Windows\System32\Drivers\Fs_Rec.sys 36864 bytes (Microsoft Corporation, File System Recognizer Driver)
0x99F85000 C:\Windows\System32\Drivers\Normandy.SYS 36864 bytes (RKU Driver)
0x938AD000 C:\Windows\system32\DRIVERS\point32.sys 36864 bytes (Microsoft Corporation, Point32k.sys)
0x92970000 C:\Windows\System32\TSDDD.dll 36864 bytes (Microsoft Corporation, Framebuffer Display Driver)
0x893A2000 C:\Windows\system32\drivers\vmstorfl.sys 36864 bytes (Microsoft Corporation, Virtual Storage Filter Driver)
0x88CCD000 C:\Windows\system32\drivers\WMILIB.SYS 36864 bytes (Microsoft Corporation, WMILIB WMI support library Dll)
0x88AAD000 C:\Windows\system32\BOOTVID.dll 32768 bytes (Microsoft Corporation, VGA Boot Driver)
0x89446000 C:\Windows\System32\drivers\hwpolicy.sys 32768 bytes (Microsoft Corporation, Hardware Policy Driver)
0x80BC5000 C:\Windows\system32\kdcom.dll 32768 bytes (Microsoft Corporation, Serial Kernel Debugger)
0x88CD6000 C:\Windows\system32\drivers\msisadrv.sys 32768 bytes (Microsoft Corporation, ISA Driver)
0x8900D000 C:\Windows\System32\DRIVERS\RDPCDD.sys 32768 bytes (Microsoft Corporation, RDP Miniport)
0x89015000 C:\Windows\system32\drivers\rdpencdd.sys 32768 bytes (Microsoft Corporation, RDP Encoder Miniport)
0x88E00000 C:\Windows\system32\drivers\rdprefmp.sys 32768 bytes (Microsoft Corporation, RDP Reflector Driver Miniport)
0x893EA000 C:\Windows\System32\Drivers\spldr.sys 32768 bytes (Microsoft Corporation, loader for security processor)
0x89400000 C:\Windows\System32\Drivers\Beep.SYS 28672 bytes (Microsoft Corporation, BEEP Driver)
0x93871000 C:\Windows\system32\DRIVERS\HIDPARSE.SYS 28672 bytes (Microsoft Corporation, Hid Parsing Library)
0x895F5000 C:\Windows\System32\Drivers\Null.SYS 28672 bytes (Microsoft Corporation, NULL Driver)
0x8E8C0000 C:\Windows\system32\DRIVERS\wfplwf.sys 28672 bytes (Microsoft Corporation, WFP NDIS 6.20 Lightweight Filter Driver)
0x8EFF4000 C:\Windows\system32\DRIVERS\GEARAspiWDM.sys 24576 bytes (GEAR Software Inc., CD DVD Filter)
0x99F76000 C:\Windows\system32\DRIVERS\LVPr2Mon.sys 20480 bytes (-, -)
0x8A51D000 C:\Windows\system32\DRIVERS\lvbusflt.sys 16384 bytes (Logitech Inc., Logitech USB Video Class Filter Driver)
0x8FDA7000 C:\Windows\system32\DRIVERS\nvBridge.kmd 8192 bytes (NVIDIA Corporation, NVIDIA Compatible Windows Vista Kernel Mode Driver, Version 260.99 )
0x8FEE9000 C:\Windows\system32\drivers\swenum.sys 8192 bytes (Microsoft Corporation, Plug and Play Software Device Enumerator)
0x8A43F000 C:\Windows\system32\DRIVERS\USBD.SYS 8192 bytes (Microsoft Corporation, Universal Serial Bus Driver)
0x8646F1ED unknown_irp_handler 3603 bytes
==============================================
>Stealth
==============================================
0x86470A91 Unknown page with executable code, 1391 bytes
0x86471191 Unknown page with executable code, 3695 bytes
0x86473E7A Unknown thread object [ ETHREAD 0x86752880 ] TID: 288, 600 bytes
0x86476008 Unknown thread object [ ETHREAD 0x867525A8 ] TID: 292, 600 bytes
0x864750DE Unknown thread object [ ETHREAD 0x863C0D48 ] , 600 bytes
0x86473B45 Unknown thread object [ ETHREAD 0x863C0A70 ] , 600 bytes
0x99FAFF2E Unknown thread object [ ETHREAD 0x850C4B08 ] , 600 bytes
0x99FAFF2E Unknown thread object [ ETHREAD 0x84D76C18 ] , 600 bytes
0x86475CDC Unknown page with executable code, 804 bytes


OTL logfile created on: 5/12/2011 11:28:42 PM - Run 1
OTL by OldTimer - Version 3.2.22.3 Folder = C:\Users\Josh\Desktop
An unknown product Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

2.00 Gb Total Physical Memory | 1.00 Gb Available Physical Memory | 51.00% Memory free
4.00 Gb Paging File | 2.00 Gb Available in Paging File | 53.00% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 298.09 Gb Total Space | 132.28 Gb Free Space | 44.38% Space Free | Partition Type: NTFS
Drive F: | 1.51 Gb Total Space | 0.00 Gb Free Space | 0.00% Space Free | Partition Type: CDFS

Computer Name: JOSH-PC | User Name: Josh | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2011/05/12 23:28:24 | 000,580,608 | ---- | M] (OldTimer Tools) -- C:\Users\Josh\Desktop\OTL.exe
PRC - [2011/05/08 14:04:42 | 000,924,632 | ---- | M] (Mozilla Corporation) -- C:\Program Files\Mozilla Firefox\firefox.exe
PRC - [2010/11/20 07:17:09 | 002,616,320 | ---- | M] (Microsoft Corporation) -- C:\Windows\explorer.exe
PRC - [2010/10/29 15:06:08 | 005,915,480 | ---- | M] (Logitech Inc.) -- C:\Program Files\Logitech\Vid HD\Vid.exe
PRC - [2010/10/16 13:42:12 | 000,792,680 | ---- | M] (NVIDIA Corporation) -- C:\Program Files\NVIDIA Corporation\Display\NvXDSync.exe
PRC - [2010/05/07 19:47:32 | 000,162,648 | ---- | M] (Logitech Inc.) -- C:\Program Files\Common Files\logishrd\LVMVFM\LVPrcSrv.exe
PRC - [2009/11/04 11:46:38 | 000,151,552 | ---- | M] (Razer USA Ltd.) -- C:\Program Files\Razer\Reclusa\razerhid.exe
PRC - [2009/08/28 19:45:56 | 000,286,720 | ---- | M] (Creative Technology Ltd) -- C:\Program Files\Creative\Shared Files\CTAudSvc.exe
PRC - [2009/07/26 21:10:00 | 001,983,816 | ---- | M] (CANON INC.) -- C:\Program Files\Canon\MyPrinter\BJMYPRT.EXE
PRC - [2009/07/13 20:14:24 | 000,157,184 | ---- | M] (Microsoft Corporation) -- c:\Program Files\Windows Defender\MpCmdRun.exe
PRC - [2009/02/23 19:43:12 | 000,576,000 | ---- | M] (MagicISO, Inc.) -- C:\Program Files\MagicDisc\MagicDisc.exe
PRC - [2009/02/10 11:01:49 | 000,116,104 | ---- | M] () -- C:\Program Files\Canon\IJPLM\ijplmsvc.exe
PRC - [2008/11/24 14:01:12 | 000,237,693 | ---- | M] (Creative Technology Ltd) -- C:\Program Files\Creative\Sound Blaster X-Fi Surround 5.1\Volume Panel\VolPanlu.exe
PRC - [2007/01/23 21:15:02 | 000,217,088 | ---- | M] () -- C:\Program Files\Razer\Reclusa\razertra.exe


========== Modules (SafeList) ==========

MOD - [2011/05/12 23:28:24 | 000,580,608 | ---- | M] (OldTimer Tools) -- C:\Users\Josh\Desktop\OTL.exe
MOD - [2010/11/20 06:55:09 | 001,680,896 | ---- | M] (Microsoft Corporation) -- C:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2\comctl32.dll


========== Win32 Services (SafeList) ==========

SRV - [2011/04/01 05:11:52 | 000,428,640 | ---- | M] (Logitech Inc.) [Auto | Stopped] -- C:\Program Files\Common Files\logishrd\LVMVFM\UMVPFSrv.exe -- (UMVPFSrv)
SRV - [2010/11/11 13:26:42 | 000,206,360 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- c:\Program Files\Microsoft Security Client\Antimalware\NisSrv.exe -- (NisSrv)
SRV - [2010/11/11 13:26:40 | 000,011,736 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- c:\Program Files\Microsoft Security Client\Antimalware\MsMpEng.exe -- (MsMpSvc)
SRV - [2010/09/11 20:58:54 | 000,655,624 | ---- | M] (Acresso Software Inc.) [On_Demand | Stopped] -- C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe -- (FLEXnet Licensing Service)
SRV - [2010/08/04 09:33:11 | 000,079,360 | ---- | M] (Creative Labs) [On_Demand | Stopped] -- C:\Program Files\Common Files\Creative Labs Shared\Service\AL6Licensing.exe -- (Creative ALchemy AL6 Licensing Service)
SRV - [2010/08/04 03:01:16 | 001,343,400 | ---- | M] (Microsoft Corporation) [Unknown | Stopped] -- C:\Windows\System32\Wat\WatAdminSvc.exe -- (WatAdminSvc)
SRV - [2010/08/03 20:31:51 | 000,079,360 | ---- | M] (Creative Labs) [On_Demand | Stopped] -- C:\Program Files\Common Files\Creative Labs Shared\Service\CTAELicensing.exe -- (Creative Audio Engine Licensing Service)
SRV - [2010/05/07 19:47:32 | 000,162,648 | ---- | M] (Logitech Inc.) [Auto | Running] -- C:\Program Files\Common Files\Logishrd\LVMVFM\LVPrcSrv.exe -- (LVPrcSrv)
SRV - [2010/03/25 11:25:22 | 030,969,208 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Microsoft Office\Office14\GROOVE.EXE -- (Microsoft SharePoint Workspace Audit Service)
SRV - [2009/08/28 19:45:56 | 000,286,720 | ---- | M] (Creative Technology Ltd) [Auto | Running] -- C:\Program Files\Creative\Shared Files\CTAudSvc.exe -- (CTAudSvcService)
SRV - [2009/07/13 20:16:15 | 000,016,384 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\StorSvc.dll -- (StorSvc)
SRV - [2009/07/13 20:16:13 | 000,025,088 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\sensrsvc.dll -- (SensrSvc)
SRV - [2009/07/13 20:16:12 | 001,004,544 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\PeerDistSvc.dll -- (PeerDistSvc)
SRV - [2009/07/13 20:15:41 | 000,680,960 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
SRV - [2009/02/10 11:01:49 | 000,116,104 | ---- | M] () [Auto | Running] -- C:\Program Files\Canon\IJPLM\ijplmsvc.exe -- (IJPLMSVC)
SRV - [2003/04/18 20:06:26 | 000,008,192 | ---- | M] () [Auto | Stopped] -- C:\Windows\System32\srvany.exe -- (KMService)


========== Driver Services (SafeList) ==========

DRV - [2011/04/12 13:01:38 | 000,045,464 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\dc3d.sys -- (dc3d) MS Hardware Device Detection Driver (USB)
DRV - [2011/04/01 05:11:10 | 004,333,280 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\lvuvc.sys -- (LVUVC) Logitech HD Webcam C510(UVC)
DRV - [2011/04/01 05:09:48 | 000,291,424 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\lvrs.sys -- (LVRS)
DRV - [2011/04/01 05:07:52 | 000,020,448 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\lvbusflt.sys -- (CompFilter)
DRV - [2010/11/20 07:30:15 | 000,175,360 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\system32\drivers\vmbus.sys -- (vmbus)
DRV - [2010/11/20 07:30:15 | 000,040,704 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\system32\drivers\vmstorfl.sys -- (storflt)
DRV - [2010/11/20 07:30:15 | 000,028,032 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\drivers\storvsc.sys -- (storvsc)
DRV - [2010/11/20 05:24:41 | 000,052,224 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\TsUsbFlt.sys -- (TsUsbFlt)
DRV - [2010/11/20 04:14:45 | 000,017,920 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\drivers\VMBusHID.sys -- (VMBusHID)
DRV - [2010/11/20 04:14:41 | 000,005,632 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\drivers\vms3cap.sys -- (s3cap)
DRV - [2010/10/24 22:25:38 | 000,054,144 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\NisDrvWFP.sys -- (NisDrv)
DRV - [2010/10/24 22:25:38 | 000,043,392 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\MpNWMon.sys -- (MpNWMon)
DRV - [2010/10/16 13:55:00 | 010,084,360 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\nvlddmkm.sys -- (nvlddmkm)
DRV - [2010/05/07 19:43:30 | 000,025,824 | ---- | M] () [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\LVPr2Mon.sys -- (LVPr2Mon)
DRV - [2009/12/15 10:23:00 | 000,899,712 | ---- | M] (Creative Technology Ltd.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\ksaud.sys -- (ksaud)
DRV - [2009/08/12 16:58:14 | 000,041,984 | ---- | M] () [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\RecFltr.sys -- (RecFltr)
DRV - [2009/07/13 18:45:33 | 000,083,456 | ---- | M] (Brother Industries Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\serial.sys -- (Serial)
DRV - [2009/07/13 17:13:47 | 000,266,752 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\VSTBS23.SYS -- (VSTHWBS2)
DRV - [2009/06/05 19:12:34 | 000,219,352 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\e1e6232.sys -- (e1express) Intel®
DRV - [2009/02/24 18:42:14 | 000,116,736 | ---- | M] (MagicISO, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\mcdbus.sys -- (mcdbus)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========



IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0



IE - HKU\S-1-5-21-1904082376-3768260479-4107068024-1001\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/
IE - HKU\S-1-5-21-1904082376-3768260479-4107068024-1001\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = en-us
IE - HKU\S-1-5-21-1904082376-3768260479-4107068024-1001\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 94 D2 73 36 8A 32 CB 01 [binary data]
IE - HKU\S-1-5-21-1904082376-3768260479-4107068024-1001\..\URLSearchHook: - Reg Error: Key error. File not found
IE - HKU\S-1-5-21-1904082376-3768260479-4107068024-1001\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-21-1904082376-3768260479-4107068024-1001\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local

========== FireFox ==========

FF - prefs.js..browser.startup.homepage: "http://www.yahoo.com/"
FF - prefs.js..extensions.enabledItems: toolbar@ask.com:3.11.3.15590
FF - prefs.js..extensions.enabledItems: {1E73965B-8B48-48be-9C8D-68B920ABC1C4}:10.0.0.1319
FF - prefs.js..network.proxy.no_proxies_on: "*.local"
FF - prefs.js..network.proxy.type: 0

FF - HKLM\software\mozilla\Mozilla Firefox 4.0.1\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2011/05/08 14:04:45 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 4.0.1\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2011/05/09 01:28:29 | 000,000,000 | ---D | M]

[2011/01/18 15:05:38 | 000,000,000 | -H-D | M] (No name found) -- C:\Users\Josh\AppData\Roaming\Mozilla\Extensions
[2010/08/12 21:58:37 | 000,000,000 | -H-D | M] (No name found) -- C:\Users\Josh\AppData\Roaming\Mozilla\Extensions\mozswing@mozswing.org
[2011/05/08 14:01:02 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Josh\AppData\Roaming\Mozilla\Firefox\Profiles\t4flj3nz.default\extensions
[2011/05/07 03:05:13 | 000,000,000 | ---D | M] (Ask Toolbar Toolbar) -- C:\Users\Josh\AppData\Roaming\Mozilla\Firefox\Profiles\t4flj3nz.default\extensions\toolbar@ask.com
[2011/05/09 01:28:34 | 000,000,000 | -H-D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions
[2011/05/09 01:28:34 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0025-ABCDEFFEDCBA}
File not found (No name found) --
[2011/05/08 14:04:42 | 000,142,296 | ---- | M] (Mozilla Foundation) -- C:\Program Files\Mozilla Firefox\components\browsercomps.dll
[2011/05/09 01:28:23 | 000,472,808 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\Mozilla Firefox\plugins\npdeployJava1.dll
[2011/05/08 14:04:43 | 000,002,252 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\bing.xml

O1 HOSTS File: ([2011/05/09 01:41:48 | 000,000,027 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O2 - BHO: (Groove GFS Browser Helper) - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files\Microsoft Office\Office14\GROOVEEX.DLL (Microsoft Corporation)
O2 - BHO: (Skype add-on for Internet Explorer) - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O2 - BHO: (Office Document Cache Handler) - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation)
O4 - HKLM..\Run: [BCSSync] C:\Program Files\Microsoft Office\Office14\BCSSync.exe (Microsoft Corporation)
O4 - HKLM..\Run: [CanonMyPrinter] C:\Program Files\Canon\MyPrinter\BJMyPrt.exe (CANON INC.)
O4 - HKLM..\Run: [CanonSolutionMenu] C:\Program Files\Canon\SolutionMenu\CNSLMAIN.exe (CANON INC.)
O4 - HKLM..\Run: [Creative SB Monitoring Utility] C:\Windows\System32\SBAVMon.dll (Creative Technology Ltd.)
O4 - HKLM..\Run: [Reclusa] C:\Program Files\Razer\Reclusa\razerhid.exe (Razer USA Ltd.)
O4 - HKLM..\Run: [VolPanel] C:\Program Files\Creative\Sound Blaster X-Fi Surround 5.1\Volume Panel\VolPanlu.exe (Creative Technology Ltd)
O4 - HKU\S-1-5-21-1904082376-3768260479-4107068024-1001..\Run: [Logitech Vid] C:\Program Files\Logitech\Vid HD\Vid.exe (Logitech Inc.)
O4 - Startup: C:\Users\Josh\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\MagicDisc.lnk = C:\Program Files\MagicDisc\MagicDisc.exe (MagicISO, Inc.)
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLUA = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: PromptOnSecureDesktop = 0
O7 - HKU\.DEFAULT\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-18\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-19\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-20\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-21-1904082376-3768260479-4107068024-1001\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-21-1904082376-3768260479-4107068024-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-21-1904082376-3768260479-4107068024-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O9 - Extra Button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office\Office14\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : Se&nd to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office\Office14\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra Button: OneNote Lin&ked Notes - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files\Microsoft Office\Office14\ONBttnIELinkedNotes.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : OneNote Lin&ked Notes - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files\Microsoft Office\Office14\ONBttnIELinkedNotes.dll (Microsoft Corporation)
O9 - Extra Button: Skype add-on for Internet Explorer - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O9 - Extra 'Tools' menuitem : Skype add-on for Internet Explorer - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000005 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O15 - HKU\S-1-5-21-1904082376-3768260479-4107068024-1001\..Trusted Domains: anabolicminds.com ([www] http in Trusted sites)
O15 - HKU\S-1-5-21-1904082376-3768260479-4107068024-1001\..Trusted Domains: facebook.com ([www] * in Trusted sites)
O15 - HKU\S-1-5-21-1904082376-3768260479-4107068024-1001\..Trusted Domains: mustangworld.com ([www] http in Trusted sites)
O16 - DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} http://download.eset.com/special/eos-beta/OnlineScanner.cab (OnlineScanner Control)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_25-windows-i586.cab (Java Plug-in 1.6.0_25)
O16 - DPF: {CAFEEFAC-0016-0000-0025-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_25-windows-i586.cab (Java Plug-in 1.6.0_25)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_25-windows-i586.cab (Java Plug-in 1.6.0_25)
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab (Reg Error: Key error.)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.2.1
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O18 - Protocol\Handler\skype-ie-addon-data {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\System32\SystemPropertiesPerformance.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (/pagefile) - File not found
O28 - HKLM ShellExecuteHooks: {AEB6717E-7E19-11d0-97EE-00C04FD91972} - Reg Error: Key error. File not found
O28 - HKLM ShellExecuteHooks: {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\Program Files\Microsoft Office\Office14\GROOVEEX.DLL (Microsoft Corporation)
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2009/06/10 16:42:20 | 000,000,024 | -H-- | M] () - C:\autoexec.bat -- [ NTFS ]
O32 - AutoRun File - [2010/05/30 21:55:15 | 000,000,175 | R--- | M] () - F:\autorun.inf -- [ CDFS ]
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = ComFile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

========== Files/Folders - Created Within 30 Days ==========

[2011/05/12 23:28:22 | 000,580,608 | ---- | C] (OldTimer Tools) -- C:\Users\Josh\Desktop\OTL.exe
[2011/05/09 02:54:15 | 000,000,000 | -HSD | C] -- C:\$RECYCLE.BIN
[2011/05/09 02:46:21 | 000,212,480 | ---- | C] (SteelWerX) -- C:\Windows\SWXCACLS.exe
[2011/05/09 02:40:22 | 000,000,000 | ---D | C] -- C:\Program Files\ESET
[2011/05/09 02:30:39 | 001,407,280 | ---- | C] (Kaspersky Lab ZAO) -- C:\Users\Josh\Desktop\123.exe.exe
[2011/05/09 01:54:52 | 000,000,000 | ---D | C] -- C:\Users\Josh\Desktop\gmer
[2011/05/09 01:43:10 | 000,000,000 | ---D | C] -- C:\Users\Josh\AppData\Local\temp
[2011/05/09 01:28:45 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Java
[2011/05/09 01:28:29 | 000,157,472 | ---- | C] (Sun Microsystems, Inc.) -- C:\Windows\System32\javaws.exe
[2011/05/09 01:28:29 | 000,145,184 | ---- | C] (Sun Microsystems, Inc.) -- C:\Windows\System32\javaw.exe
[2011/05/09 01:28:29 | 000,145,184 | ---- | C] (Sun Microsystems, Inc.) -- C:\Windows\System32\java.exe
[2011/05/09 00:56:25 | 000,161,792 | ---- | C] (SteelWerX) -- C:\Windows\SWREG.exe
[2011/05/09 00:56:25 | 000,136,704 | ---- | C] (SteelWerX) -- C:\Windows\SWSC.exe
[2011/05/09 00:56:25 | 000,031,232 | ---- | C] (NirSoft) -- C:\Windows\NIRCMD.exe
[2011/05/09 00:53:09 | 000,000,000 | ---D | C] -- C:\Windows\ERDNT
[2011/05/09 00:51:00 | 000,000,000 | ---D | C] -- C:\Users\Josh\AppData\Roaming\Malwarebytes
[2011/05/09 00:50:54 | 000,038,224 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbamswissarmy.sys
[2011/05/09 00:50:54 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware
[2011/05/09 00:50:53 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes
[2011/05/09 00:50:50 | 000,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware
[2011/05/09 00:46:11 | 000,000,000 | ---D | C] -- C:\Qoobox
[2011/04/30 02:16:11 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Mouse
[2011/04/30 02:15:49 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft IntelliPoint
[2011/04/23 11:07:52 | 000,162,304 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msrating.dll
[2011/04/23 11:07:52 | 000,161,792 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msls31.dll
[2011/04/23 11:07:52 | 000,110,592 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\IEAdvpack.dll
[2011/04/23 11:07:52 | 000,074,752 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\RegisterIEPKEYs.exe
[2011/04/23 11:07:52 | 000,065,024 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\jsproxy.dll
[2011/04/23 11:07:52 | 000,041,472 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msfeedsbs.dll
[2011/04/23 11:07:52 | 000,010,752 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msfeedssync.exe
[2011/04/23 11:07:51 | 003,695,416 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieapfltr.dat
[2011/04/23 11:07:51 | 001,427,456 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\inetcpl.cpl
[2011/04/23 11:07:51 | 000,434,176 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieapfltr.dll
[2011/04/23 11:07:51 | 000,367,104 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\html.iec
[2011/04/23 11:07:51 | 000,353,792 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\dxtmsft.dll
[2011/04/23 11:07:51 | 000,353,584 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iedkcs32.dll
[2011/04/23 11:07:51 | 000,231,936 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\url.dll
[2011/04/23 11:07:51 | 000,223,232 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\dxtrans.dll
[2011/04/23 11:07:51 | 000,176,640 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieui.dll
[2011/04/23 11:07:51 | 000,130,560 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieakeng.dll
[2011/04/23 11:07:51 | 000,086,528 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iesysprep.dll
[2011/04/23 11:07:51 | 000,078,848 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\inseng.dll
[2011/04/23 11:07:51 | 000,076,800 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\SetIEInstalledDate.exe
[2011/04/23 11:07:51 | 000,074,752 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iesetup.dll
[2011/04/23 11:07:51 | 000,074,240 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ie4uinit.exe
[2011/04/23 11:07:51 | 000,048,640 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mshtmler.dll
[2011/04/23 11:07:51 | 000,031,744 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iernonce.dll
[2011/04/23 11:07:51 | 000,023,552 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\licmgr10.dll
[2011/04/23 11:07:50 | 002,382,848 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mshtml.tlb
[2011/04/23 11:07:50 | 001,797,632 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\jscript9.dll
[2011/04/23 11:07:50 | 000,716,800 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\jscript.dll
[2011/04/23 11:07:50 | 000,580,608 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msfeeds.dll
[2011/04/23 11:07:50 | 000,420,864 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\vbscript.dll
[2011/04/23 11:07:50 | 000,227,840 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieaksie.dll
[2011/04/23 11:07:50 | 000,163,840 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieakui.dll
[2011/04/23 11:07:50 | 000,152,064 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wextract.exe
[2011/04/23 11:07:50 | 000,150,528 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iexpress.exe
[2011/04/23 11:07:50 | 000,142,848 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieUnatt.exe
[2011/04/23 11:07:50 | 000,118,784 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iepeers.dll
[2011/04/23 11:07:50 | 000,101,888 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\admparse.dll
[2011/04/23 11:07:50 | 000,054,272 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\pngfilt.dll
[2011/04/23 11:07:50 | 000,035,840 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\imgutil.dll
[2011/04/22 23:50:50 | 000,642,048 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\CPFilters.dll
[2011/04/22 23:50:50 | 000,534,528 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\EncDec.dll
[2011/04/22 23:50:49 | 000,850,944 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\sbe.dll
[2011/04/22 23:50:49 | 000,199,680 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mpg2splt.ax
[2011/04/22 23:50:37 | 000,028,672 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\dnscacheugc.exe
[2011/04/22 23:50:36 | 002,333,184 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\win32k.sys
[2011/04/22 23:50:35 | 000,294,912 | ---- | C] (Adobe Systems Incorporated) -- C:\Windows\System32\atmfd.dll
[2011/04/22 23:50:35 | 000,034,304 | ---- | C] (Adobe Systems) -- C:\Windows\System32\atmlib.dll
[2011/04/22 23:50:34 | 000,191,488 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\FXSCOVER.exe
[2011/04/22 23:50:33 | 001,076,736 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\DWrite.dll
[2011/04/22 23:50:32 | 000,739,840 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\d2d1.dll
[2011/04/22 23:50:32 | 000,288,256 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\XpsGdiConverter.dll
[2011/04/22 23:48:58 | 001,164,288 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mfc42u.dll
[2011/04/22 23:48:58 | 001,137,664 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mfc42.dll
[2011/04/22 12:03:01 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\FreeCause
[2011/04/22 12:02:55 | 000,000,000 | ---D | C] -- C:\Users\Josh\AppData\Local\TempImg
[2011/04/22 12:02:52 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\RegistryCleaner
[2011/04/22 12:02:52 | 000,000,000 | ---D | C] -- C:\Program Files\Registry Cleaner
[2011/04/22 12:02:47 | 000,000,000 | ---D | C] -- C:\Users\Josh\AppData\Local\TempImages
[2011/04/22 11:26:48 | 000,000,000 | ---D | C] -- C:\Users\Josh\AppData\Roaming\AVG10
[2011/04/22 11:23:23 | 000,000,000 | -H-D | C] -- C:\ProgramData\Common Files
[2011/04/22 11:22:19 | 000,000,000 | ---D | C] -- C:\ProgramData\AVG10
[2011/04/22 11:18:57 | 000,000,000 | ---D | C] -- C:\ProgramData\MFAData
[2011/04/20 12:31:13 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\VSO
[2011/04/20 12:31:10 | 001,184,984 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wvc1dmod.dll
[2011/04/20 12:31:10 | 000,626,688 | ---- | C] (On2.com) -- C:\Windows\System32\vp7vfw.dll
[2011/04/20 12:31:10 | 000,273,408 | ---- | C] (RealNetworks, Inc.) -- C:\Windows\System32\Pncrt.dll
[2011/04/20 12:31:10 | 000,217,127 | ---- | C] (RealNetworks, Inc.) -- C:\Windows\System32\drv43260.dll
[2011/04/20 12:31:10 | 000,208,935 | ---- | C] (RealNetworks, Inc.) -- C:\Windows\System32\drv33260.dll
[2011/04/20 12:31:10 | 000,176,165 | ---- | C] (RealNetworks, Inc.) -- C:\Windows\System32\drv23260.dll
[2011/04/20 12:31:10 | 000,102,439 | ---- | C] (RealNetworks, Inc.) -- C:\Windows\System32\sipr3260.dll
[2011/04/20 12:31:10 | 000,065,602 | ---- | C] (RealNetworks, Inc.) -- C:\Windows\System32\cook3260.dll
[2011/04/20 12:31:08 | 000,000,000 | ---D | C] -- C:\Program Files\VSO
[2011/04/20 12:29:44 | 000,000,000 | -H-D | C] -- C:\Users\Josh\Documents\PcSetup
[2011/04/20 12:26:35 | 000,000,000 | -H-D | C] -- C:\Users\Josh\AppData\Roaming\Vso
[2 C:\Windows\System32\*.tmp files -> C:\Windows\System32\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2011/05/12 23:28:24 | 000,580,608 | ---- | M] (OldTimer Tools) -- C:\Users\Josh\Desktop\OTL.exe
[2011/05/12 23:26:15 | 000,133,632 | ---- | M] () -- C:\Users\Josh\Desktop\RKUnhookerLE.EXE
[2011/05/09 23:38:23 | 000,001,112 | ---- | M] () -- C:\Users\Josh\Desktop\Mozilla Firefox.lnk
[2011/05/09 05:51:38 | 000,013,456 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2011/05/09 05:51:38 | 000,013,456 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2011/05/09 03:03:17 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2011/05/09 03:03:12 | 1608,970,240 | -HS- | M] () -- C:\hiberfil.sys
[2011/05/09 02:30:40 | 001,407,280 | ---- | M] (Kaspersky Lab ZAO) -- C:\Users\Josh\Desktop\123.exe.exe
[2011/05/09 01:54:35 | 000,293,775 | ---- | M] () -- C:\Users\Josh\Desktop\gmer.zip
[2011/05/09 01:51:31 | 000,000,000 | ---- | M] () -- C:\Users\Josh\defogger_reenable
[2011/05/09 01:50:49 | 000,625,664 | ---- | M] () -- C:\Users\Josh\Desktop\dds.scr
[2011/05/09 01:41:48 | 000,000,027 | ---- | M] () -- C:\Windows\System32\drivers\etc\hosts
[2011/05/09 01:31:40 | 004,343,965 | R--- | M] () -- C:\Users\Josh\Desktop\ComboFix.exe
[2011/05/09 01:28:23 | 000,472,808 | ---- | M] (Sun Microsystems, Inc.) -- C:\Windows\System32\deployJava1.dll
[2011/05/09 01:28:23 | 000,157,472 | ---- | M] (Sun Microsystems, Inc.) -- C:\Windows\System32\javaws.exe
[2011/05/09 01:28:23 | 000,145,184 | ---- | M] (Sun Microsystems, Inc.) -- C:\Windows\System32\javaw.exe
[2011/05/09 01:28:23 | 000,145,184 | ---- | M] (Sun Microsystems, Inc.) -- C:\Windows\System32\java.exe
[2011/05/09 00:50:54 | 000,001,071 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes' Anti-Malware.lnk
[2011/05/08 14:05:17 | 000,002,002 | ---- | M] () -- C:\Users\Josh\Application Data\Microsoft\Internet Explorer\Quick Launch\Mozilla Firefox.lnk
[2011/05/04 09:29:41 | 000,408,904 | ---- | M] () -- C:\Windows\System32\FNTCACHE.DAT
[2011/05/02 14:03:50 | 000,624,802 | ---- | M] () -- C:\Windows\System32\perfh009.dat
[2011/05/02 14:03:50 | 000,106,216 | ---- | M] () -- C:\Windows\System32\perfc009.dat
[2011/04/30 01:46:41 | 000,001,984 | ---- | M] () -- C:\Users\Public\Desktop\Adobe Reader 9.lnk
[2011/04/29 23:27:58 | 000,160,944 | ---- | M] () -- C:\Users\Josh\042911-23883-01.dmp
[2011/04/29 23:27:47 | 2145,333,553 | ---- | M] () -- C:\Windows\MEMORY.DMP
[2011/04/24 13:52:52 | 000,001,411 | ---- | M] () -- C:\Users\Josh\Application Data\Microsoft\Internet Explorer\Quick Launch\Launch Internet Explorer Browser.lnk
[2011/04/23 11:07:52 | 000,162,304 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\msrating.dll
[2011/04/23 11:07:52 | 000,161,792 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\msls31.dll
[2011/04/23 11:07:52 | 000,110,592 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\IEAdvpack.dll
[2011/04/23 11:07:52 | 000,074,752 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\RegisterIEPKEYs.exe
[2011/04/23 11:07:52 | 000,065,024 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\jsproxy.dll
[2011/04/23 11:07:52 | 000,041,472 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\msfeedsbs.dll
[2011/04/23 11:07:52 | 000,010,752 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\msfeedssync.exe
[2011/04/23 11:07:51 | 003,695,416 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\ieapfltr.dat
[2011/04/23 11:07:51 | 001,427,456 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\inetcpl.cpl
[2011/04/23 11:07:51 | 000,434,176 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\ieapfltr.dll
[2011/04/23 11:07:51 | 000,367,104 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\html.iec
[2011/04/23 11:07:51 | 000,353,792 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\dxtmsft.dll
[2011/04/23 11:07:51 | 000,353,584 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\iedkcs32.dll
[2011/04/23 11:07:51 | 000,231,936 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\url.dll
[2011/04/23 11:07:51 | 000,223,232 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\dxtrans.dll
[2011/04/23 11:07:51 | 000,176,640 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\ieui.dll
[2011/04/23 11:07:51 | 000,130,560 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\ieakeng.dll
[2011/04/23 11:07:51 | 000,086,528 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\iesysprep.dll
[2011/04/23 11:07:51 | 000,078,848 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\inseng.dll
[2011/04/23 11:07:51 | 000,076,800 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\SetIEInstalledDate.exe
[2011/04/23 11:07:51 | 000,074,752 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\iesetup.dll
[2011/04/23 11:07:51 | 000,074,240 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\ie4uinit.exe
[2011/04/23 11:07:51 | 000,072,822 | ---- | M] () -- C:\Windows\System32\ieuinit.inf
[2011/04/23 11:07:51 | 000,048,640 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\mshtmler.dll
[2011/04/23 11:07:51 | 000,031,744 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\iernonce.dll
[2011/04/23 11:07:51 | 000,023,552 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\licmgr10.dll
[2011/04/23 11:07:50 | 002,382,848 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\mshtml.tlb
[2011/04/23 11:07:50 | 001,797,632 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\jscript9.dll
[2011/04/23 11:07:50 | 000,716,800 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\jscript.dll
[2011/04/23 11:07:50 | 000,580,608 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\msfeeds.dll
[2011/04/23 11:07:50 | 000,420,864 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\vbscript.dll
[2011/04/23 11:07:50 | 000,227,840 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\ieaksie.dll
[2011/04/23 11:07:50 | 000,163,840 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\ieakui.dll
[2011/04/23 11:07:50 | 000,152,064 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\wextract.exe
[2011/04/23 11:07:50 | 000,150,528 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\iexpress.exe
[2011/04/23 11:07:50 | 000,142,848 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\ieUnatt.exe
[2011/04/23 11:07:50 | 000,118,784 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\iepeers.dll
[2011/04/23 11:07:50 | 000,101,888 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\admparse.dll
[2011/04/23 11:07:50 | 000,054,272 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\pngfilt.dll
[2011/04/23 11:07:50 | 000,035,840 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\imgutil.dll
[2011/04/22 12:03:57 | 000,001,060 | ---- | M] () -- C:\Users\Josh\Desktop\RegistryCleaner.lnk
[2011/04/22 00:05:52 | 000,000,036 | ---- | M] () -- C:\Users\Josh\AppData\Local\housecall.guid.cache
[2011/04/21 23:00:08 | 000,000,160 | -H-- | M] () -- C:\ProgramData\~33873672
[2011/04/21 23:00:08 | 000,000,128 | -H-- | M] () -- C:\ProgramData\~33873672r
[2011/04/21 23:00:04 | 000,000,344 | -H-- | M] () -- C:\ProgramData\33873672
[2011/04/20 12:32:32 | 000,001,057 | -H-- | M] () -- C:\Users\Josh\AppData\Roaming\vso_ts_preview.xml
[2011/04/20 12:31:13 | 000,001,190 | ---- | M] () -- C:\Users\Josh\Desktop\ConvertXtoDVD 4.lnk
[2011/04/15 13:44:45 | 079,931,297 | -H-- | M] () -- C:\Users\Josh\Desktop\Roger_Sanchez_-_Ultra_Music_Festival_Miami_25-03-2011-Razorator.mp3
[2011/04/15 13:41:47 | 081,443,736 | -H-- | M] () -- C:\Users\Josh\Desktop\Martin_Solveig_-_Ultra_Music_Festival_Miami_25-03-2011-Razorator.mp3
[2 C:\Windows\System32\*.tmp files -> C:\Windows\System32\*.tmp -> ]

========== Files Created - No Company Name ==========

[2011/05/12 23:26:14 | 000,133,632 | ---- | C] () -- C:\Users\Josh\Desktop\RKUnhookerLE.EXE
[2011/05/09 23:38:23 | 000,001,112 | ---- | C] () -- C:\Users\Josh\Desktop\Mozilla Firefox.lnk
[2011/05/09 01:54:34 | 000,293,775 | ---- | C] () -- C:\Users\Josh\Desktop\gmer.zip
[2011/05/09 01:51:31 | 000,000,000 | ---- | C] () -- C:\Users\Josh\defogger_reenable
[2011/05/09 01:50:49 | 000,625,664 | ---- | C] () -- C:\Users\Josh\Desktop\dds.scr
[2011/05/09 01:17:22 | 004,343,965 | R--- | C] () -- C:\Users\Josh\Desktop\ComboFix.exe
[2011/05/09 00:56:25 | 000,256,512 | ---- | C] () -- C:\Windows\PEV.exe
[2011/05/09 00:56:25 | 000,098,816 | ---- | C] () -- C:\Windows\sed.exe
[2011/05/09 00:56:25 | 000,089,088 | ---- | C] () -- C:\Windows\MBR.exe
[2011/05/09 00:56:25 | 000,080,412 | ---- | C] () -- C:\Windows\grep.exe
[2011/05/09 00:56:25 | 000,068,096 | ---- | C] () -- C:\Windows\zip.exe
[2011/05/09 00:50:54 | 000,001,071 | ---- | C] () -- C:\Users\Public\Desktop\Malwarebytes' Anti-Malware.lnk
[2011/05/08 14:04:47 | 000,001,112 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mozilla Firefox.lnk
[2011/04/29 23:27:53 | 000,160,944 | ---- | C] () -- C:\Users\Josh\042911-23883-01.dmp
[2011/04/29 23:27:47 | 2145,333,553 | ---- | C] () -- C:\Windows\MEMORY.DMP
[2011/04/23 11:07:51 | 000,072,822 | ---- | C] () -- C:\Windows\System32\ieuinit.inf
[2011/04/22 12:03:57 | 000,001,060 | ---- | C] () -- C:\Users\Josh\Desktop\RegistryCleaner.lnk
[2011/04/22 00:05:52 | 000,000,036 | ---- | C] () -- C:\Users\Josh\AppData\Local\housecall.guid.cache
[2011/04/21 23:00:08 | 000,000,128 | -H-- | C] () -- C:\ProgramData\~33873672r
[2011/04/21 23:00:07 | 000,000,160 | -H-- | C] () -- C:\ProgramData\~33873672
[2011/04/21 23:00:04 | 000,000,344 | -H-- | C] () -- C:\ProgramData\33873672
[2011/04/20 12:31:13 | 000,001,190 | ---- | C] () -- C:\Users\Josh\Desktop\ConvertXtoDVD 4.lnk
[2011/04/20 12:26:36 | 000,001,057 | -H-- | C] () -- C:\Users\Josh\AppData\Roaming\vso_ts_preview.xml
[2011/04/15 13:44:45 | 079,931,297 | -H-- | C] () -- C:\Users\Josh\Desktop\Roger_Sanchez_-_Ultra_Music_Festival_Miami_25-03-2011-Razorator.mp3
[2011/04/15 13:41:47 | 081,443,736 | -H-- | C] () -- C:\Users\Josh\Desktop\Martin_Solveig_-_Ultra_Music_Festival_Miami_25-03-2011-Razorator.mp3
[2011/04/01 05:07:02 | 010,877,272 | ---- | C] () -- C:\Windows\System32\LogiDPP.dll
[2011/04/01 05:07:02 | 000,102,744 | ---- | C] () -- C:\Windows\System32\LogiDPPApp.exe
[2011/04/01 05:06:56 | 000,331,608 | ---- | C] () -- C:\Windows\System32\DevManagerCore.dll
[2011/04/01 04:56:00 | 000,027,872 | ---- | C] () -- C:\Windows\System32\lvcoinst.ini
[2011/03/01 00:36:11 | 000,000,056 | -H-- | C] () -- C:\Windows\System32\ezsidmv.dat
[2011/02/23 13:22:23 | 000,066,048 | ---- | C] () -- C:\Windows\System32\PrintBrmUi.exe
[2011/02/04 02:24:24 | 000,008,192 | ---- | C] () -- C:\Windows\System32\srvany.exe
[2010/11/23 19:56:38 | 000,041,984 | ---- | C] () -- C:\Windows\System32\drivers\RecFltr.sys
[2010/08/04 09:29:00 | 000,001,352 | ---- | C] () -- C:\ProgramData\cfSB1090.ini
[2010/08/04 09:29:00 | 000,001,352 | ---- | C] () -- C:\ProgramData\cfSB0910.ini
[2010/08/04 09:29:00 | 000,001,346 | ---- | C] () -- C:\ProgramData\cfSB1100.ini
[2010/08/04 09:29:00 | 000,001,302 | ---- | C] () -- C:\ProgramData\cfSB0300.ini
[2010/08/04 09:29:00 | 000,001,282 | ---- | C] () -- C:\ProgramData\cfSB0471.ini
[2010/08/04 09:29:00 | 000,001,208 | ---- | C] () -- C:\ProgramData\cfSB0490.ini
[2010/08/04 09:29:00 | 000,001,027 | ---- | C] () -- C:\ProgramData\cfSB0560.ini
[2010/08/04 09:29:00 | 000,001,026 | ---- | C] () -- C:\ProgramData\cfSB0271.ini
[2010/08/04 09:29:00 | 000,001,026 | ---- | C] () -- C:\ProgramData\cfSB0270.ini
[2010/08/04 09:29:00 | 000,000,590 | ---- | C] () -- C:\ProgramData\cfSB0950.ini
[2010/08/03 20:33:32 | 000,177,664 | ---- | C] () -- C:\Windows\System32\APOMngr.DLL
[2010/08/03 20:33:32 | 000,073,728 | ---- | C] () -- C:\Windows\System32\CmdRtr.DLL
[2010/08/03 20:33:25 | 000,033,327 | ---- | C] () -- C:\Windows\System32\kschimp.ini
[2010/08/03 20:33:24 | 000,001,352 | ---- | C] () -- C:\ProgramData\cfgks150plus.ini
[2010/08/03 20:33:24 | 000,001,352 | ---- | C] () -- C:\ProgramData\CfgBennu.ini
[2010/08/03 20:33:24 | 000,001,302 | ---- | C] () -- C:\ProgramData\cfgks500.ini
[2010/08/03 20:33:24 | 000,001,282 | ---- | C] () -- C:\ProgramData\cfgks550.ini
[2010/08/03 20:33:24 | 000,001,208 | ---- | C] () -- C:\ProgramData\cfgks150.ini
[2010/08/03 20:33:24 | 000,001,027 | ---- | C] () -- C:\ProgramData\cfgks200.ini
[2010/08/03 20:33:24 | 000,001,026 | ---- | C] () -- C:\ProgramData\cfgks50.ini
[2010/08/03 20:33:24 | 000,000,029 | ---- | C] () -- C:\Windows\System32\ctzapxx.ini
[2010/08/03 20:33:23 | 000,001,026 | ---- | C] () -- C:\ProgramData\cfgks100.ini
[2010/08/03 20:33:21 | 000,028,635 | ---- | C] () -- C:\Windows\System32\ksaud.ini
[2010/05/07 19:46:36 | 000,014,168 | ---- | C] () -- C:\Windows\System32\drivers\iKeyLFT2.dll
[2010/05/07 19:43:30 | 000,025,824 | ---- | C] () -- C:\Windows\System32\drivers\LVPr2Mon.sys
[2010/02/08 08:33:04 | 000,359,320 | ---- | C] () -- C:\Windows\System32\vfprintpthelper.dll
[2009/07/13 23:57:37 | 000,067,584 | --S- | C] () -- C:\Windows\bootstat.dat
[2009/07/13 23:33:53 | 000,408,904 | ---- | C] () -- C:\Windows\System32\FNTCACHE.DAT
[2009/07/13 21:05:48 | 000,624,802 | ---- | C] () -- C:\Windows\System32\perfh009.dat
[2009/07/13 21:05:48 | 000,291,294 | ---- | C] () -- C:\Windows\System32\perfi009.dat
[2009/07/13 21:05:48 | 000,106,216 | ---- | C] () -- C:\Windows\System32\perfc009.dat
[2009/07/13 21:05:48 | 000,031,548 | ---- | C] () -- C:\Windows\System32\perfd009.dat
[2009/07/13 21:05:05 | 000,000,741 | ---- | C] () -- C:\Windows\System32\NOISE.DAT
[2009/07/13 21:04:11 | 000,215,943 | ---- | C] () -- C:\Windows\System32\dssec.dat
[2009/07/13 18:55:01 | 000,043,131 | ---- | C] () -- C:\Windows\mib.bin
[2009/07/13 18:51:43 | 000,073,728 | ---- | C] () -- C:\Windows\System32\BthpanContextHandler.dll
[2009/07/13 18:42:10 | 000,064,000 | ---- | C] () -- C:\Windows\System32\BWContextHandler.dll
[2009/06/10 16:26:10 | 000,673,088 | ---- | C] () -- C:\Windows\System32\mlang.dat

< End of report >


OTL Extras logfile created on: 5/12/2011 11:28:42 PM - Run 1
OTL by OldTimer - Version 3.2.22.3 Folder = C:\Users\Josh\Desktop
An unknown product Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

2.00 Gb Total Physical Memory | 1.00 Gb Available Physical Memory | 51.00% Memory free
4.00 Gb Paging File | 2.00 Gb Available in Paging File | 53.00% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 298.09 Gb Total Space | 132.28 Gb Free Space | 44.38% Space Free | Partition Type: NTFS
Drive F: | 1.51 Gb Total Space | 0.00 Gb Free Space | 0.00% Space Free | Partition Type: CDFS

Computer Name: JOSH-PC | User Name: Josh | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Extra Registry (SafeList) ==========


========== File Associations ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\System32\control.exe (Microsoft Corporation)
.hlp [@ = hlpfile] -- C:\Windows\winhlp32.exe (Microsoft Corporation)

========== Shell Spawning ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
hlpfile [open] -- %SystemRoot%\winhlp32.exe %1 (Microsoft Corporation)
htmlfile [edit] -- "C:\Program Files\Microsoft Office\Office14\msohtmed.exe" %1 (Microsoft Corporation)
htmlfile [print] -- "C:\Program Files\Microsoft Office\Office14\msohtmed.exe" /p %1 (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

========== Security Center Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1
"FirewallDisableNotify" = 0
"AntiVirusDisableNotify" = 0
"UpdatesDisableNotify" = 0

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"VistaSp1" = Reg Error: Unknown registry data type -- File not found
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]

========== System Restore Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]
"DisableSR" = 0

========== Firewall Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile]

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\StandardProfile]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1

========== Authorized Applications List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]


========== HKEY_LOCAL_MACHINE Uninstall List ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{08610298-29AE-445B-B37D-EFBE05802967}" = LWS Pictures And Video
"{1199FAD5-9546-44f3-81CF-FFDB8040B7BF}_Canon_MP250_series" = Canon MP250 series MP Drivers
"{12BEF00E-ECFF-4820-BEDF-CCB9CC06A955}" = Sound Blaster X-Fi Surround 5.1
"{138A4072-9E64-46BD-B5F9-DB2BB395391F}" = LWS VideoEffects
"{148E08FF-D7C4-46ED-8D4D-601C67FE0AFD}" = Rosetta Stone Version 3
"{15634701-BACE-4449-8B25-1567DA8C9FD3}" = CameraHelperMsi
"{1651216E-E7AD-4250-92A1-FB8ED61391C9}" = LWS Help_main
"{174A3B31-4C43-43DD-866F-73C9DB887B48}" = LWS Twitter
"{196BB40D-1578-3D01-B289-BEFC77A11A1E}" = Microsoft Visual C++ 2010 x86 Redistributable - 10.0.30319
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{21DF0294-6B9D-4741-AB6F-B2ABFBD2387E}" = LWS YouTube Plugin
"{26A24AE4-039D-4CA4-87B4-2F83216025FF}" = Java™ 6 Update 25
"{2A981294-F14C-4F0F-9627-D793270922F8}" = Bonjour
"{308B6AEA-DE50-4666-996D-0FA461719D6B}" = Apple Mobile Device Support
"{328591D2-4F59-4EE1-ABF1-7F47E90E31A1}" = Razer Reclusa Config
"{39556553-8C77-4C5E-8F30-4083274948A2}" = Application Verifier
"{3C3901C5-3455-3E0A-A214-0B093A5070A6}" = Microsoft .NET Framework 4 Client Profile
"{3D3E663D-4E7E-4577-A560-7ECDDD45548A}" = PVSonyDll
"{3EE9BCAE-E9A9-45E5-9B1C-83A4D357E05C}" = erLT
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{4F30BC2B-5441-3149-91D7-FAA2332E2F5F}" = Microsoft Windows SDK for Windows 7 Headers and Libraries (30514)
"{57752979-A1C9-4C02-856B-FBB27AC4E02C}" = QuickTime
"{699C970F-1E17-3CD8-A2EA-87AB9EDEDFF4}" = Microsoft Windows SDK for Windows 7 Samples (30514)
"{6F76EC3C-34B1-436E-97FB-48C58D7BEDCD}" = LWS Gallery
"{71E66D3F-A009-44AB-8784-75E2819BA4BA}" = LWS Motion Detection
"{7AFFE35D-047A-3D27-B204-1CD849933C02}" = Microsoft Windows SDK for Windows 7 Common Utilities (30514)
"{83C8FA3C-F4EA-46C4-8392-D3CE353738D6}" = LWS Launcher
"{85C977FB-2A5B-3223-8AC5-828558EAF7D9}" = Microsoft Windows SDK for Windows 7 Utilities for Win32 Development (30514)
"{86D4B82A-ABED-442A-BE86-96357B70F4FE}" = Ask Toolbar
"{881F5DE8-9367-4B81-A325-E91BBC6472F9}" = iTunes
"{8937D274-C281-42E4-8CDB-A0B2DF979189}" = LWS Webcam Software
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{90140000-0011-0000-0000-0000000FF1CE}" = Microsoft Office Professional Plus 2010
"{90140000-0015-0409-0000-0000000FF1CE}" = Microsoft Office Access MUI (English) 2010
"{90140000-0016-0409-0000-0000000FF1CE}" = Microsoft Office Excel MUI (English) 2010
"{90140000-0018-0409-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (English) 2010
"{90140000-0019-0409-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (English) 2010
"{90140000-001A-0409-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (English) 2010
"{90140000-001B-0409-0000-0000000FF1CE}" = Microsoft Office Word MUI (English) 2010
"{90140000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2010
"{90140000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2010
"{90140000-001F-0C0A-0000-0000000FF1CE}" = Microsoft Office Proof (Spanish) 2010
"{90140000-002C-0409-0000-0000000FF1CE}" = Microsoft Office Proofing (English) 2010
"{90140000-0044-0409-0000-0000000FF1CE}" = Microsoft Office InfoPath MUI (English) 2010
"{90140000-006E-0409-0000-0000000FF1CE}" = Microsoft Office Shared MUI (English) 2010
"{90140000-00A1-0409-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (English) 2010
"{90140000-00BA-0409-0000-0000000FF1CE}" = Microsoft Office Groove MUI (English) 2010
"{90140000-0115-0409-0000-0000000FF1CE}" = Microsoft Office Shared Setup Metadata MUI (English) 2010
"{90140000-0117-0409-0000-0000000FF1CE}" = Microsoft Office Access Setup Metadata MUI (English) 2010
"{928D2FB1-291A-362B-89A4-7075A9D904A4}" = Microsoft Windows SDK for Windows 7 (7.1)
"{95120000-00B9-0409-0000-0000000FF1CE}" = Microsoft Application Error Reporting
"{981029E0-7FC9-4CF3-AB39-6F133621921A}" = Skype Toolbars
"{9C2F9B2C-1585-43AD-9EF9-48AAD60DFC04}" = Microsoft IntelliPoint 8.1
"{9DAEA76B-E50F-4272-A595-0124E826553D}" = LWS WLM Plugin
"{AC76BA86-7AD7-1033-7B44-A94000000001}" = Adobe Reader 9.4.4
"{B194272D-1F92-46DF-99EB-8D5CE91CB4EC}" = Adobe AIR
"{B2FE1952-0186-46c3-BAEC-A80AA35AC5B8}_Display.ControlPanel" = NVIDIA Control Panel 260.99
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver" = NVIDIA Graphics Driver 260.99
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_installer" = NVIDIA Install Application
"{BEEFC4F8-2909-48B3-AFAA-55D3533FDEDD}" = Creative MediaSource 5
"{C41300B9-185D-475E-BFEC-39EF732F19B1}" = Apple Software Update
"{D103C4BA-F905-437A-8049-DB24763BBE36}" = Skype™ 4.2
"{D40EB009-0499-459c-A8AF-C9C110766215}" = Logitech Webcam Software
"{DB6AB705-C9BD-40E3-8929-2EA57F36A4FF}_is1" = ConvertXtoDVD 4.1.16.360
"{E7F9E526-2324-437B-A609-E8C5309465CB}" = Microsoft Windows Performance Toolkit
"{EE6097DD-05F4-4178-9719-D3170BF098E8}" = Apple Application Support
"{EED027B7-0DB6-404B-8F45-6DFEE34A0441}" = LWS Video Mask Maker
"{FF167195-9EE4-46C0-8CD7-FBA3457E88AB}" = LWS Facebook
"Adobe AIR" = Adobe AIR
"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin
"ALchemy" = Creative ALchemy
"AudioCS" = Creative Audio Control Panel
"BitTorrent" = BitTorrent
"Canon MP250 series User Registration" = Canon MP250 series User Registration
"CANONIJPLM100" = Canon Inkjet Printer/Scanner/Fax Extended Survey Program
"CanonMyPrinter" = Canon Utilities My Printer
"CanonSolutionMenu" = Canon Utilities Solution Menu
"Console Launcher" = Creative Console Launcher
"Creative Entertainment Center" = Creative Entertainment Center
"Creative Software AutoUpdate" = Creative Software AutoUpdate
"Creative Sound Blaster Properties" = Creative Sound Blaster Properties
"DVDFab 8_is1" = DVDFab 8.0.7.2 Beta (22/01/2011)
"Easy-PhotoPrint EX" = Canon Utilities Easy-PhotoPrint EX
"ESET Online Scanner" = ESET Online Scanner v3
"Free ISO Creator (by minidvdsoft)_is1" = Free ISO Creator version 2.8
"Host OpenAL" = Host OpenAL
"Logitech Vid" = Logitech Vid HD
"Magic ISO Maker v5.5 (build 0265)" = Magic ISO Maker v5.5 (build 0265)
"MagicDisc 2.7.106" = MagicDisc 2.7.106
"Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"Microsoft IntelliPoint 8.1" = Microsoft IntelliPoint 8.1
"Mozilla Firefox 4.0.1 (x86 en-US)" = Mozilla Firefox 4.0.1 (x86 en-US)
"MP Navigator EX 3.0" = Canon MP Navigator EX 3.0
"Office14.PROPLUS" = Microsoft Office Professional Plus 2010
"RegistryCleaner" = Registry Cleaner 2.1
"Remote Control System" = Remote Control System
"SDKSetup_7.1.7600.0.30514" = Microsoft Windows SDK for Windows 7 (7.1)
"SysInfo" = Creative System Information
"SystemRequirementsLab" = System Requirements Lab
"WinRAR archiver" = WinRAR archiver

========== HKEY_USERS Uninstall List ==========

[HKEY_USERS\S-1-5-21-1904082376-3768260479-4107068024-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]

========== Last 10 Event Log Errors ==========

[ Application Events ]
Error - 5/5/2011 1:03:10 PM | Computer Name = Josh-PC | Source = Application Error | ID = 1000
Description = Faulting application name: iexplore.exe, version: 9.0.8112.16421,
time stamp: 0x4d76255d Faulting module name: avgssie.dll, version: 10.0.0.1324, time
stamp: 0x4dad5529 Exception code: 0xc0000005 Fault offset: 0x00113ddd Faulting process
id: 0xb5c Faulting application start time: 0x01cc0b464042bab5 Faulting application
path: C:\Program Files\Internet Explorer\iexplore.exe Faulting module path: C:\Program
Files\AVG\AVG10\avgssie.dll Report Id: 8d84aa98-7739-11e0-a22f-0019d136b2b0

Error - 5/5/2011 1:03:20 PM | Computer Name = Josh-PC | Source = Application Error | ID = 1000
Description = Faulting application name: iexplore.exe, version: 9.0.8112.16421,
time stamp: 0x4d76255d Faulting module name: avgssie.dll, version: 10.0.0.1324, time
stamp: 0x4dad5529 Exception code: 0xc0000005 Fault offset: 0x00113ddd Faulting process
id: 0x1704 Faulting application start time: 0x01cc0b46404356f7 Faulting application
path: C:\Program Files\Internet Explorer\iexplore.exe Faulting module path: C:\Program
Files\AVG\AVG10\avgssie.dll Report Id: 93b031a9-7739-11e0-a22f-0019d136b2b0

Error - 5/7/2011 3:11:55 AM | Computer Name = Josh-PC | Source = Application Error | ID = 1000
Description = Faulting application name: UMVPFSrv.exe, version: 13.25.1014.0, time
stamp: 0x4d955c8d Faulting module name: UMVPL.dll, version: 13.0.1774.0, time stamp:
0x4be4bfff Exception code: 0xc0000005 Fault offset: 0x00001e1c Faulting process id:
0x518 Faulting application start time: 0x01cc0c12315cfe40 Faulting application path:
C:\Program Files\Common Files\logishrd\LVMVFM\UMVPFSrv.exe Faulting module path:
C:\Program Files\Common Files\Logishrd\LVMVFM\UMVPL.dll Report Id: 49a81eca-7879-11e0-aeeb-0019d136b2b0

Error - 5/9/2011 2:30:42 AM | Computer Name = Josh-PC | Source = Windows Search Service | ID = 3038
Description =

Error - 5/9/2011 2:30:42 AM | Computer Name = Josh-PC | Source = Windows Search Service | ID = 7040
Description =

Error - 5/9/2011 2:30:42 AM | Computer Name = Josh-PC | Source = Windows Search Service | ID = 7042
Description =

Error - 5/9/2011 2:30:46 AM | Computer Name = Josh-PC | Source = Windows Search Service | ID = 3028
Description =

Error - 5/9/2011 2:30:46 AM | Computer Name = Josh-PC | Source = Windows Search Service | ID = 3058
Description =

Error - 5/9/2011 2:30:46 AM | Computer Name = Josh-PC | Source = Windows Search Service | ID = 7010
Description =

Error - 5/11/2011 12:34:25 AM | Computer Name = Josh-PC | Source = Application Error | ID = 1000
Description = Faulting application name: UMVPFSrv.exe, version: 13.25.1014.0, time
stamp: 0x4d955c8d Faulting module name: UMVPL.dll, version: 13.0.1774.0, time stamp:
0x4be4bfff Exception code: 0xc0000005 Fault offset: 0x00001e1c Faulting process id:
0x464 Faulting application start time: 0x01cc0e1f8e40404d Faulting application path:
C:\Program Files\Common Files\logishrd\LVMVFM\UMVPFSrv.exe Faulting module path:
C:\Program Files\Common Files\Logishrd\LVMVFM\UMVPL.dll Report Id: f2aada2a-7b87-11e0-9c70-0019d136b2b0

[ System Events ]
Error - 5/9/2011 3:54:23 AM | Computer Name = Josh-PC | Source = Service Control Manager | ID = 7001
Description = The Network List Service service depends on the Network Location Awareness
service which failed to start because of the following error: %%1068

Error - 5/9/2011 3:54:23 AM | Computer Name = Josh-PC | Source = Service Control Manager | ID = 7001
Description = The Network List Service service depends on the Network Location Awareness
service which failed to start because of the following error: %%1068

Error - 5/9/2011 3:54:23 AM | Computer Name = Josh-PC | Source = Service Control Manager | ID = 7001
Description = The Network List Service service depends on the Network Location Awareness
service which failed to start because of the following error: %%1068

Error - 5/9/2011 4:03:17 AM | Computer Name = Josh-PC | Source = Microsoft-Windows-Eventlog | ID = 22
Description = The event logging service encountered an error while initializing
publishing resources for channel DebugChannel. If channel type is Analytic or Debug,
then this could mean there was an error initializing logging resources as well.

Error - 5/9/2011 4:03:23 AM | Computer Name = Josh-PC | Source = Service Control Manager | ID = 7000
Description = The Apple Mobile Device service failed to start due to the following
error: %%5

Error - 5/9/2011 4:03:51 AM | Computer Name = Josh-PC | Source = Microsoft Antimalware | ID = 5101
Description = %%860 grace period has expired. Protection against viruses, spyware,
and other potentially unwanted software is disabled. Expiration Reason: %%873 Expiration
Date (UTC): ?5/?9/?2011 8:03:51 AM Error Code: 0x80092003 Error Description: An error
occurred while reading or writing to a file.

Error - 5/9/2011 4:03:54 AM | Computer Name = Josh-PC | Source = WMPNetworkSvc | ID = 866314
Description =

Error - 5/9/2011 4:03:54 AM | Computer Name = Josh-PC | Source = WMPNetworkSvc | ID = 866314
Description =

Error - 5/9/2011 4:03:55 AM | Computer Name = Josh-PC | Source = Service Control Manager | ID = 7023
Description = The Microsoft Antimalware Service service terminated with the following
error: %%-2147017840

Error - 5/11/2011 12:34:26 AM | Computer Name = Josh-PC | Source = Service Control Manager | ID = 7034
Description = The UMVPFSrv service terminated unexpectedly. It has done this 1
time(s).


< End of report >


** same script errors and google redirects as the last several days

Edited by jcalvert86, 12 May 2011 - 11:36 PM.


#4 SweetTech

SweetTech

    Agent ST


  • Members
  • 13,421 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Antarctica
  • Local time:11:34 AM

Posted 13 May 2011 - 08:52 AM

Hi!

Lets see where we stand after doing the following:

OTL Fix

We need to run an OTL Fix
  • Please reopen Posted Image on your desktop.
  • Copy and Paste the following code into the Posted Image textbox.
    :Services
    :OTL
    IE - HKU\S-1-5-21-1904082376-3768260479-4107068024-1001\..\URLSearchHook: - Reg Error: Key error. File not found
    O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab (Reg Error: Key error.)
    [2 C:\Windows\System32\*.tmp files -> C:\Windows\System32\*.tmp -> ]
    [2011/04/21 23:00:08 | 000,000,160 | -H-- | M] () -- C:\ProgramData\~33873672
    [2011/04/21 23:00:08 | 000,000,128 | -H-- | M] () -- C:\ProgramData\~33873672r
    [2011/04/21 23:00:04 | 000,000,344 | -H-- | M] () -- C:\ProgramData\33873672
    [2 C:\Windows\System32\*.tmp files -> C:\Windows\System32\*.tmp -> ]
    [2011/04/21 23:00:08 | 000,000,128 | -H-- | C] () -- C:\ProgramData\~33873672r
    [2011/04/21 23:00:07 | 000,000,160 | -H-- | C] () -- C:\ProgramData\~33873672
    [2011/04/21 23:00:04 | 000,000,344 | -H-- | C] () -- C:\ProgramData\33873672
    
    :Reg
    
    :Files
    type "C:\ComboFix.txt" /c
    ipconfig /flushdns /c
    :Commands
    [purity]
    [resethosts]
    [CreateRestorePoint]
    [emptytemp]
    [EMPTYFLASH]
    
  • Push Posted Image
  • OTL may ask to reboot the machine. Please do so if asked.
  • Click the OK button.
  • A report will open. Copy and Paste that report in your next reply.
  • If the machine reboots, the log will be located at C:\_OTL\MovedFiles\mmddyyyy_hhmmss.log, where mmddyyyy_hhmmss is the date of the tool run.


NEXT:



Malwarebytes' Anti-Malware

I see that you have Malwarebytes' Anti-Malware installed on your computer could you please do a scan using these settings:

  • Open Malwarebytes' Anti-Malware
  • Select the Update tab
  • Click Check for Updates
  • After the update have been completed, Select the Scanner tab.
  • Select Perform quick scan, then click on Scan
  • Leave the default options as it is and click on Start Scan
  • When done, you will be prompted. Click OK, then click on Show Results
  • Checked (ticked) all items and click on Remove Selected
  • After it has removed the items, Notepad will open. Please post this log in your next reply. You can also find the log in the Logs tab. The bottom most log is the latest
Extra Note: If MBAM encounters a file that is difficult to remove, you will be presented with 1 of 2 prompts, click OK to either and let MBAM proceed with the disinfection process, if asked to restart the computer, please do so immediately.

Have I helped you? If you'd like to assist in the fight against malware, click here Posted Image


The instructions seen in this post have been specifically tailored to this user and the issues they are experiencing with their computer. If you think you have a similar problem, please first read this topic, and then begin your own, new thread. I do not offer private support via Private Message.


#5 jcalvert86

jcalvert86
  • Topic Starter

  • Members
  • 10 posts
  • OFFLINE
  •  
  • Local time:10:34 AM

Posted 13 May 2011 - 10:45 AM

All processes killed
========== SERVICES/DRIVERS ==========
========== OTL ==========
Registry value HKEY_USERS\S-1-5-21-1904082376-3768260479-4107068024-1001\Software\Microsoft\Internet Explorer\URLSearchHooks\\ deleted successfully.
Starting removal of ActiveX control {E2883E8F-472F-4FB0-9522-AC9BF37916A7}
Registry error reading value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{E2883E8F-472F-4FB0-9522-AC9BF37916A7}\DownloadInformation\\INF .
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{E2883E8F-472F-4FB0-9522-AC9BF37916A7}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{E2883E8F-472F-4FB0-9522-AC9BF37916A7}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{E2883E8F-472F-4FB0-9522-AC9BF37916A7}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{E2883E8F-472F-4FB0-9522-AC9BF37916A7}\ not found.
C:\Windows\System32\tmpD989.tmp deleted successfully.
C:\Windows\System32\tmpDA65.tmp deleted successfully.
File C:\ProgramData\~33873672 not found.
File C:\ProgramData\~33873672r not found.
File C:\ProgramData\33873672 not found.
File C:\ProgramData\~33873672r not found.
File C:\ProgramData\~33873672 not found.
File C:\ProgramData\33873672 not found.
========== REGISTRY ==========
========== FILES ==========
< type "C:\ComboFix.txt" /c >
ComboFix 11-05-08.04 - Josh 05/09/2011 2:47.2.2 - x86 MINIMAL
Microsoft Windows 7 Professional 6.1.7601.1.1252.1.1033.18.2046.1300 [GMT -5:00]
Running from: c:\users\Josh\Desktop\ComboFix.exe
AV: Microsoft Security Essentials *Disabled/Updated* {108DAC43-C256-20B7-BB05-914135DA5160}
SP: Microsoft Security Essentials *Disabled/Updated* {ABEC4DA7-E46C-2F39-81B5-AA334E5D1BDD}
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
((((((((((((((((((((((((( Files Created from 2011-04-09 to 2011-05-09 )))))))))))))))))))))))))))))))
.
.
2011-05-09 07:53 . 2011-05-09 07:53 -------- d-----w- c:\users\Default\AppData\Local\temp
2011-05-09 07:44 . 2011-01-29 05:59 439632 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{716464BF-C7D7-442C-A1F0-45F64493CC3E}\gapaengine.dll
2011-05-09 07:40 . 2011-05-09 07:40 -------- d-----w- c:\program files\ESET
2011-05-09 07:17 . 2011-01-29 05:59 439632 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{47C383A1-D935-493E-AEAA-54450BCA58C6}\gapaengine.dll
2011-05-09 06:49 . 2011-04-11 07:04 7071056 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{EF6B7CC5-E0DA-4A76-A85C-6254DC60A377}\mpengine.dll
2011-05-09 06:43 . 2011-05-09 07:53 -------- d-----w- c:\users\Josh\AppData\Local\temp
2011-05-09 06:28 . 2011-05-09 06:28 -------- d-----w- c:\program files\Common Files\Java
2011-05-09 06:28 . 2011-05-09 06:28 472808 ----a-w- c:\program files\Mozilla Firefox\plugins\npdeployJava1.dll
2011-05-09 05:51 . 2011-05-09 05:51 -------- d-----w- c:\users\Josh\AppData\Roaming\Malwarebytes
2011-05-09 05:50 . 2010-12-20 23:09 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2011-05-09 05:50 . 2011-05-09 05:50 -------- d-----w- c:\programdata\Malwarebytes
2011-05-09 05:50 . 2011-05-09 05:50 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2011-05-08 19:04 . 2011-05-08 19:04 89048 ----a-w- c:\program files\Mozilla Firefox\libEGL.dll
2011-05-08 19:04 . 2011-05-08 19:04 781272 ----a-w- c:\program files\Mozilla Firefox\mozsqlite3.dll
2011-05-08 19:04 . 2011-05-08 19:04 465880 ----a-w- c:\program files\Mozilla Firefox\libGLESv2.dll
2011-05-08 19:04 . 2011-05-08 19:04 1892184 ----a-w- c:\program files\Mozilla Firefox\d3dx9_42.dll
2011-05-08 19:04 . 2011-05-08 19:04 1874904 ----a-w- c:\program files\Mozilla Firefox\mozjs.dll
2011-05-08 19:04 . 2011-05-08 19:04 15832 ----a-w- c:\program files\Mozilla Firefox\mozalloc.dll
2011-05-08 19:04 . 2011-05-08 19:04 142296 ----a-w- c:\program files\Mozilla Firefox\components\browsercomps.dll
2011-05-08 19:04 . 2011-05-08 19:04 1974616 ----a-w- c:\program files\Mozilla Firefox\D3DCompiler_42.dll
2011-04-30 07:15 . 2011-04-30 07:15 -------- d-----w- c:\program files\Microsoft IntelliPoint
2011-04-25 04:37 . 2011-01-29 05:59 439632 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\NISBackup\gapaengine.dll
2011-04-25 04:37 . 2011-01-13 07:41 5890896 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\Backup\mpengine.dll
2011-04-25 04:37 . 2011-04-11 05:04 7071056 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{B0839190-482B-4AB4-A5C6-C963966A610C}\mpengine.dll
2011-04-23 04:50 . 2010-12-23 05:54 642048 ----a-w- c:\windows\system32\CPFilters.dll
2011-04-23 04:48 . 2011-03-11 05:33 1164288 ----a-w- c:\windows\system32\mfc42u.dll
2011-04-23 04:48 . 2011-03-11 05:33 1137664 ----a-w- c:\windows\system32\mfc42.dll
2011-04-23 04:48 . 2011-02-23 04:47 223232 ----a-w- c:\windows\system32\drivers\mrxsmb10.sys
2011-04-23 04:48 . 2011-02-23 04:47 96768 ----a-w- c:\windows\system32\drivers\mrxsmb20.sys
2011-04-23 04:48 . 2011-02-23 04:47 123904 ----a-w- c:\windows\system32\drivers\mrxsmb.sys
2011-04-23 04:48 . 2011-02-23 04:47 69632 ----a-w- c:\windows\system32\drivers\bowser.sys
2011-04-22 17:03 . 2011-04-22 17:12 -------- d-----w- c:\program files\Common Files\FreeCause
2011-04-22 17:02 . 2011-04-22 17:02 -------- d-----w- c:\users\Josh\AppData\Local\TempImg
2011-04-22 17:02 . 2011-04-22 17:08 -------- d-----w- c:\program files\Registry Cleaner
2011-04-22 17:02 . 2011-04-22 17:02 -------- d-----w- c:\users\Josh\AppData\Local\TempImages
2011-04-22 16:26 . 2011-04-22 16:26 -------- d-----w- c:\users\Josh\AppData\Roaming\AVG10
2011-04-22 16:23 . 2011-04-22 16:23 -------- d--h--w- c:\programdata\Common Files
2011-04-22 16:22 . 2011-05-09 05:54 -------- d-----w- c:\programdata\AVG10
2011-04-22 16:18 . 2011-05-09 05:50 -------- d-----w- c:\programdata\MFAData
2011-04-20 17:31 . 2009-09-02 18:44 65602 ----a-w- c:\windows\system32\cook3260.dll
2011-04-20 17:31 . 2009-09-02 18:44 626688 ----a-w- c:\windows\system32\vp7vfw.dll
2011-04-20 17:31 . 2009-09-02 18:44 217127 ----a-w- c:\windows\system32\drv43260.dll
2011-04-20 17:31 . 2009-09-02 18:44 208935 ----a-w- c:\windows\system32\drv33260.dll
2011-04-20 17:31 . 2009-09-02 18:44 176165 ----a-w- c:\windows\system32\drv23260.dll
2011-04-20 17:31 . 2009-09-02 18:44 1184984 ----a-w- c:\windows\system32\wvc1dmod.dll
2011-04-20 17:31 . 2009-09-02 18:44 102439 ----a-w- c:\windows\system32\sipr3260.dll
2011-04-20 17:31 . 2011-04-22 04:35 -------- d-----w- c:\program files\VSO
2011-04-20 17:26 . 2011-04-20 17:32 -------- d--h--w- c:\users\Josh\AppData\Roaming\Vso
2011-04-14 08:39 . 2011-04-14 08:39 103864 ----a-w- c:\program files\Mozilla Firefox\plugins\nppdf32.dll
2011-04-14 08:39 . 2011-04-14 08:39 103864 ----a-w- c:\program files\Internet Explorer\Plugins\nppdf32.dll
2011-04-13 20:02 . 2011-04-13 20:02 40984 ----a-w- c:\windows\system32\drivers\point32.sys
2011-04-12 18:01 . 2011-04-12 18:01 45464 ----a-w- c:\windows\system32\drivers\dc3d.sys
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2011-05-09 06:28 . 2010-08-14 01:59 472808 ----a-w- c:\windows\system32\deployJava1.dll
2011-04-11 05:04 . 2011-01-29 05:41 7071056 ------w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\Updates\mpengine.dll
2011-04-09 04:02 . 2011-04-09 04:02 391168 ----a-w- c:\windows\system32\itpcoin815.dll
2011-04-09 04:02 . 2011-04-09 04:02 390656 ----a-w- c:\windows\system32\ipcoin815.dll
2011-04-01 10:11 . 2011-04-01 10:11 4333280 ----a-w- c:\windows\system32\drivers\lvuvc.sys
2011-04-01 10:10 . 2011-04-01 10:10 539232 ----a-w- c:\windows\system32\LVUI2RC.dll
2011-04-01 10:10 . 2011-04-01 10:10 543328 ----a-w- c:\windows\system32\LVUI2.dll
2011-04-01 10:09 . 2011-04-01 10:09 291424 ----a-w- c:\windows\system32\drivers\lvrs.sys
2011-04-01 10:08 . 2011-04-01 10:08 195168 ----a-w- c:\windows\system32\lvci13251014.dll
2011-04-01 10:08 . 2011-04-01 10:08 301664 ----a-w- c:\windows\system32\lvcodec2.dll
2011-04-01 10:07 . 2011-04-01 10:07 20448 ----a-w- c:\windows\system32\drivers\lvbusflt.sys
2011-04-01 10:07 . 2011-04-01 10:07 10877272 ----a-w- c:\windows\system32\LogiDPP.dll
2011-04-01 10:07 . 2011-04-01 10:07 102744 ----a-w- c:\windows\system32\LogiDPPApp.exe
2011-04-01 10:06 . 2011-04-01 10:06 331608 ----a-w- c:\windows\system32\DevManagerCore.dll
2011-04-01 09:56 . 2011-04-01 09:56 39318 ----a-w- c:\windows\system32\Repository.reg
2011-03-01 05:31 . 2011-03-01 05:31 53248 ----a-r- c:\users\Josh\AppData\Roaming\Microsoft\Installer\{3EE9BCAE-E9A9-45E5-9B1C-83A4D357E05C}\ARPPRODUCTICON.exe
2011-02-23 19:58 . 2009-07-14 02:05 152576 ----a-w- c:\windows\system32\msclmd.dll
2011-05-08 19:04 . 2011-05-08 19:04 142296 ----a-w- c:\program files\mozilla firefox\components\browsercomps.dll
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Logitech Vid"="c:\program files\Logitech\Vid HD\Vid.exe" [2010-10-29 5915480]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"VolPanel"="c:\program files\Creative\Sound Blaster X-Fi Surround 5.1\Volume Panel\VolPanlu.exe" [2008-11-24 237693]
"Creative SB Monitoring Utility"="sbavmon.dll" [2009-06-22 98816]
"CanonMyPrinter"="c:\program files\Canon\MyPrinter\BJMyPrt.exe" [2009-07-27 1983816]
"CanonSolutionMenu"="c:\program files\Canon\SolutionMenu\CNSLMAIN.exe" [2009-03-18 767312]
"Reclusa"="c:\program files\Razer\Reclusa\razerhid.exe" [2009-11-04 151552]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2011-01-31 35760]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2010-09-21 932288]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2010-12-13 421160]
"BCSSync"="c:\program files\Microsoft Office\Office14\BCSSync.exe" [2010-03-13 91520]
"IntelliPoint"="c:\program files\Microsoft IntelliPoint\ipoint.exe" [2011-04-13 1808784]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2011-01-07 253672]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce]
"GrpConv"="grpconv -o" [X]
.
c:\users\Josh\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
MagicDisc.lnk - c:\program files\MagicDisc\MagicDisc.exe [2010-9-11 576000]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 0 (0x0)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableLUA"= 0 (0x0)
"EnableUIADesktopToggle"= 0 (0x0)
"PromptOnSecureDesktop"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MsMpSvc]
@="Service"
.
R1 MpKsl0ad34419;MpKsl0ad34419;c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{9CF81542-9DE9-42FD-8F1C-B44E283DA8B9}\MpKsl0ad34419.sys [x]
R1 MpKsl27fd25bd;MpKsl27fd25bd;c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{B0839190-482B-4AB4-A5C6-C963966A610C}\MpKsl27fd25bd.sys [x]
R1 MpKsl4b1def81;MpKsl4b1def81; [x]
R1 MpKsl69f2fb29;MpKsl69f2fb29; [x]
R1 MpKsl7cdf935d;MpKsl7cdf935d; [x]
R1 MpKslccec2375;MpKslccec2375; [x]
R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]
R2 KMService;KMService;c:\windows\system32\srvany.exe [2003-04-19 8192]
R2 UMVPFSrv;UMVPFSrv;c:\program files\Common Files\logishrd\LVMVFM\UMVPFSrv.exe [2011-04-01 428640]
R3 Creative ALchemy AL6 Licensing Service;Creative ALchemy AL6 Licensing Service;c:\program files\Common Files\Creative Labs Shared\Service\AL6Licensing.exe [2010-08-04 79360]
R3 Creative Audio Engine Licensing Service;Creative Audio Engine Licensing Service;c:\program files\Common Files\Creative Labs Shared\Service\CTAELicensing.exe [2010-08-04 79360]
R3 ksaud;Creative USB Audio Driver;c:\windows\system32\drivers\ksaud.sys [2009-12-15 899712]
R3 Microsoft SharePoint Workspace Audit Service;Microsoft SharePoint Workspace Audit Service;c:\program files\Microsoft Office\Office14\GROOVE.EXE [2010-03-25 30969208]
R3 MpNWMon;Microsoft Malware Protection Network Driver;c:\windows\system32\DRIVERS\MpNWMon.sys [2010-10-25 43392]
R3 NisDrv;Microsoft Network Inspection System;c:\windows\system32\DRIVERS\NisDrvWFP.sys [2010-10-25 54144]
R3 NisSrv;Microsoft Network Inspection;c:\program files\Microsoft Security Client\Antimalware\NisSrv.exe [2010-11-11 206360]
R3 osppsvc;Office Software Protection Platform;c:\program files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE [2010-01-10 4640000]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [2010-11-20 52224]
R3 VST_DPV;VST_DPV;c:\windows\system32\DRIVERS\VSTDPV3.SYS [2009-07-13 980992]
R3 VSTHWBS2;VSTHWBS2;c:\windows\system32\DRIVERS\VSTBS23.SYS [2009-07-13 266752]
R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe [2010-08-04 1343400]
S3 CompFilter;UVCCompositeFilter;c:\windows\system32\DRIVERS\lvbusflt.sys [2011-04-01 20448]
S3 dc3d;MS Hardware Device Detection Driver (USB);c:\windows\system32\DRIVERS\dc3d.sys [2011-04-12 45464]
S3 RecFltr;Reclusa Keyboard;c:\windows\system32\Drivers\RecFltr.sys [2009-08-12 41984]
.
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.yahoo.com/
uInternet Settings,ProxyOverride = *.local
Trusted Zone: anabolicminds.com\www
Trusted Zone: facebook.com\www
Trusted Zone: mustangworld.com\www
FF - ProfilePath - c:\users\Josh\AppData\Roaming\Mozilla\Firefox\Profiles\t4flj3nz.default\
FF - prefs.js: browser.startup.homepage - hxxp://www.yahoo.com/
FF - prefs.js: network.proxy.type - 0
.
- - - - ORPHANS REMOVED - - - -
.
HKLM-RunOnce-<NO NAME> - (no file)
.
.
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
Completion time: 2011-05-09 02:54:37
ComboFix-quarantined-files.txt 2011-05-09 07:54
ComboFix2.txt 2011-05-09 06:43
.
Pre-Run: 144,310,226,944 bytes free
Post-Run: 144,376,553,472 bytes free
.
- - End Of File - - 161F657B17AFDC1BACFEAD8942809E4D
C:\Users\Josh\Desktop\cmd.bat deleted successfully.
C:\Users\Josh\Desktop\cmd.txt deleted successfully.
< ipconfig /flushdns /c >
Windows IP Configuration
Successfully flushed the DNS Resolver Cache.
C:\Users\Josh\Desktop\cmd.bat deleted successfully.
C:\Users\Josh\Desktop\cmd.txt deleted successfully.
========== COMMANDS ==========
C:\Windows\System32\drivers\etc\Hosts moved successfully.
HOSTS file reset successfully


[EMPTYTEMP]

User: All Users

User: Default
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 67 bytes
->Flash cache emptied: 56504 bytes

User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->Flash cache emptied: 0 bytes

User: Josh
->Temp folder emptied: 1345819 bytes
->Temporary Internet Files folder emptied: 204637384 bytes
->Java cache emptied: 0 bytes
->FireFox cache emptied: 49629710 bytes
->Flash cache emptied: 159098 bytes

User: Public
->Temp folder emptied: 0 bytes

%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 27172 bytes
RecycleBin emptied: 0 bytes

Total Files Cleaned = 244.00 mb


[EMPTYFLASH]

User: All Users

User: Default
->Flash cache emptied: 0 bytes

User: Default User
->Flash cache emptied: 0 bytes

User: Josh
->Flash cache emptied: 0 bytes

User: Public

Total Flash Files Cleaned = 0.00 mb


OTL by OldTimer - Version 3.2.22.3 log created on 05132011_103230

Files\Folders moved on Reboot...

Registry entries deleted on Reboot...




Malwarebytes' Anti-Malware 1.50.1.1100
www.malwarebytes.org

Database version: 6568

Windows 6.1.7601 Service Pack 1
Internet Explorer 9.0.8112.16421

5/13/2011 10:42:57 AM
mbam-log-2011-05-13 (10-42-57).txt

Scan type: Quick scan
Objects scanned: 148692
Time elapsed: 2 minute(s), 53 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 0

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
(No malicious items detected)

#6 SweetTech

SweetTech

    Agent ST


  • Members
  • 13,421 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Antarctica
  • Local time:11:34 AM

Posted 13 May 2011 - 12:28 PM

Hi!

How are things currently running?


Running TDSSKiller

Please read carefully and follow these steps.
  • Download TDSSKiller and save it to your Desktop.
  • Extract its contents to your desktop.
  • Once extracted, open the TDSSKiller folder and doubleclick on TDSSKiller.exe to run the application, then on Start Scan.


    Posted Image

  • If an infected file is detected, the default action will be Cure, click on Continue.


    Posted Image

  • If a suspicious file is detected, the default action will be Skip, click on Continue.


    Posted Image

  • It may ask you to reboot the computer to complete the process. Click on Reboot Now.


    Posted Image

  • If no reboot is require, click on Report. A log file should appear. Please copy and paste the contents of that file here.
  • If a reboot is required, the report can also be found in your root directory, (usually C:\ folder) in the form of "TDSSKiller.[Version]_[Date]_[Time]_log.txt". Please copy and paste the contents of that file here.


NEXT:



ESET Online Scanner
I'd like us to scan your machine with ESET Online Scan

Note: It is recommended to disable on-board anti-virus program and anti-spyware programs while performing scans so there are no conflicts and it will speed up scan time.
Please don't go surfing while your resident protection is disabled!
Once the scan is finished remember to re-enable your anti-virus along with your anti-spyware programs.



  • Hold down Control and click on the following link to open ESET OnlineScan in a new window.
    ESET OnlineScan
  • Click the Posted Image button.
  • For alternate browsers only: (Microsoft Internet Explorer users can skip these steps)
    • Click on Posted Image to download the ESET Smart Installer. Save it to your desktop.
    • Double click on the Posted Image icon on your desktop.
  • Check Posted Image
  • Click the Posted Image button.
  • Accept any security warnings from your browser.
  • Check Posted Image
  • Make sure that the option "Remove found threats" is Unchecked
  • When the Computer scan settings display shows, click the Advanced option, the place a check next to the following (if it is not already checked):
    • Enable Anti-Stealth technology
  • Push the Start button.
  • ESET will then download updates for itself, install itself, and begin
    scanning your computer. Please be patient as this can take some time.
  • When the scan completes, push Posted Image
  • Push Posted Image, and save the file to your desktop using a unique name, such as
    ESETScan. Include the contents of this report in your next reply.
  • Push the Posted Image button.
  • Push Posted Image


NEXT:


Security Check
Download Security Check by screen317 from here or here.
  • Save it to your Desktop.
  • Double click SecurityCheck.exe and follow the onscreen instructions inside of the black box.
  • A Notepad document should open automatically called checkup.txt; please post the contents of that document.

Have I helped you? If you'd like to assist in the fight against malware, click here Posted Image


The instructions seen in this post have been specifically tailored to this user and the issues they are experiencing with their computer. If you think you have a similar problem, please first read this topic, and then begin your own, new thread. I do not offer private support via Private Message.


#7 jcalvert86

jcalvert86
  • Topic Starter

  • Members
  • 10 posts
  • OFFLINE
  •  
  • Local time:10:34 AM

Posted 14 May 2011 - 02:59 AM

2011/05/13 14:25:17.0645 1792 TDSS rootkit removing tool 2.5.1.0 May 13 2011 13:20:29
2011/05/13 14:25:17.0962 1792 ================================================================================
2011/05/13 14:25:17.0962 1792 SystemInfo:
2011/05/13 14:25:17.0962 1792
2011/05/13 14:25:17.0962 1792 OS Version: 6.1.7601 ServicePack: 1.0
2011/05/13 14:25:17.0962 1792 Product type: Workstation
2011/05/13 14:25:17.0962 1792 ComputerName: JOSH-PC
2011/05/13 14:25:17.0962 1792 UserName: Josh
2011/05/13 14:25:17.0962 1792 Windows directory: C:\Windows
2011/05/13 14:25:17.0962 1792 System windows directory: C:\Windows
2011/05/13 14:25:17.0963 1792 Processor architecture: Intel x86
2011/05/13 14:25:17.0963 1792 Number of processors: 2
2011/05/13 14:25:17.0963 1792 Page size: 0x1000
2011/05/13 14:25:17.0963 1792 Boot type: Normal boot
2011/05/13 14:25:17.0963 1792 ================================================================================
2011/05/13 14:25:18.0232 1792 Initialize success
2011/05/13 14:25:23.0816 1892 ================================================================================
2011/05/13 14:25:23.0816 1892 Scan started
2011/05/13 14:25:23.0816 1892 Mode: Manual;
2011/05/13 14:25:23.0817 1892 ================================================================================
2011/05/13 14:25:24.0835 1892 1394ohci (1b133875b8aa8ac48969bd3458afe9f5) C:\Windows\system32\drivers\1394ohci.sys
2011/05/13 14:25:24.0872 1892 ACPI (cea80c80bed809aa0da6febc04733349) C:\Windows\system32\drivers\ACPI.sys
2011/05/13 14:25:24.0918 1892 AcpiPmi (1efbc664abff416d1d07db115dcb264f) C:\Windows\system32\drivers\acpipmi.sys
2011/05/13 14:25:24.0957 1892 adp94xx (21e785ebd7dc90a06391141aac7892fb) C:\Windows\system32\DRIVERS\adp94xx.sys
2011/05/13 14:25:24.0995 1892 adpahci (0c676bc278d5b59ff5abd57bbe9123f2) C:\Windows\system32\DRIVERS\adpahci.sys
2011/05/13 14:25:25.0018 1892 adpu320 (7c7b5ee4b7b822ec85321fe23a27db33) C:\Windows\system32\DRIVERS\adpu320.sys
2011/05/13 14:25:25.0094 1892 AFD (1151fd4fb0216cfed887bfde29ebd516) C:\Windows\system32\drivers\afd.sys
2011/05/13 14:25:25.0127 1892 agp440 (507812c3054c21cef746b6ee3d04dd6e) C:\Windows\system32\drivers\agp440.sys
2011/05/13 14:25:25.0151 1892 aic78xx (8b30250d573a8f6b4bd23195160d8707) C:\Windows\system32\DRIVERS\djsvs.sys
2011/05/13 14:25:25.0176 1892 aliide (0d40bcf52ea90fc7df2aeab6503dea44) C:\Windows\system32\drivers\aliide.sys
2011/05/13 14:25:25.0202 1892 amdagp (3c6600a0696e90a463771c7422e23ab5) C:\Windows\system32\drivers\amdagp.sys
2011/05/13 14:25:25.0225 1892 amdide (cd5914170297126b6266860198d1d4f0) C:\Windows\system32\drivers\amdide.sys
2011/05/13 14:25:25.0250 1892 AmdK8 (00dda200d71bac534bf56a9db5dfd666) C:\Windows\system32\DRIVERS\amdk8.sys
2011/05/13 14:25:25.0269 1892 AmdPPM (3cbf30f5370fda40dd3e87df38ea53b6) C:\Windows\system32\DRIVERS\amdppm.sys
2011/05/13 14:25:25.0297 1892 amdsata (e7f4d42d8076ec60e21715cd11743a0d) C:\Windows\system32\drivers\amdsata.sys
2011/05/13 14:25:25.0329 1892 amdsbs (ea43af0c423ff267355f74e7a53bdaba) C:\Windows\system32\DRIVERS\amdsbs.sys
2011/05/13 14:25:25.0356 1892 amdxata (146459d2b08bfdcbfa856d9947043c81) C:\Windows\system32\drivers\amdxata.sys
2011/05/13 14:25:25.0395 1892 AppID (aea177f783e20150ace5383ee368da19) C:\Windows\system32\drivers\appid.sys
2011/05/13 14:25:25.0455 1892 arc (2932004f49677bd84dbc72edb754ffb3) C:\Windows\system32\DRIVERS\arc.sys
2011/05/13 14:25:25.0486 1892 arcsas (5d6f36c46fd283ae1b57bd2e9feb0bc7) C:\Windows\system32\DRIVERS\arcsas.sys
2011/05/13 14:25:25.0535 1892 AsyncMac (add2ade1c2b285ab8378d2daaf991481) C:\Windows\system32\DRIVERS\asyncmac.sys
2011/05/13 14:25:25.0580 1892 atapi (338c86357871c167a96ab976519bf59e) C:\Windows\system32\drivers\atapi.sys
2011/05/13 14:25:25.0645 1892 b06bdrv (1a231abec60fd316ec54c66715543cec) C:\Windows\system32\DRIVERS\bxvbdx.sys
2011/05/13 14:25:25.0679 1892 b57nd60x (bd8869eb9cde6bbe4508d869929869ee) C:\Windows\system32\DRIVERS\b57nd60x.sys
2011/05/13 14:25:25.0717 1892 Beep (505506526a9d467307b3c393dedaf858) C:\Windows\system32\drivers\Beep.sys
2011/05/13 14:25:25.0754 1892 blbdrive (2287078ed48fcfc477b05b20cf38f36f) C:\Windows\system32\DRIVERS\blbdrive.sys
2011/05/13 14:25:25.0785 1892 bowser (8f2da3028d5fcbd1a060a3de64cd6506) C:\Windows\system32\DRIVERS\bowser.sys
2011/05/13 14:25:25.0812 1892 BrFiltLo (9f9acc7f7ccde8a15c282d3f88b43309) C:\Windows\system32\DRIVERS\BrFiltLo.sys
2011/05/13 14:25:25.0844 1892 BrFiltUp (56801ad62213a41f6497f96dee83755a) C:\Windows\system32\DRIVERS\BrFiltUp.sys
2011/05/13 14:25:25.0874 1892 Brserid (845b8ce732e67f3b4133164868c666ea) C:\Windows\System32\Drivers\Brserid.sys
2011/05/13 14:25:25.0891 1892 BrSerWdm (203f0b1e73adadbbb7b7b1fabd901f6b) C:\Windows\System32\Drivers\BrSerWdm.sys
2011/05/13 14:25:25.0916 1892 BrUsbMdm (bd456606156ba17e60a04e18016ae54b) C:\Windows\System32\Drivers\BrUsbMdm.sys
2011/05/13 14:25:25.0935 1892 BrUsbSer (af72ed54503f717a43268b3cc5faec2e) C:\Windows\System32\Drivers\BrUsbSer.sys
2011/05/13 14:25:25.0961 1892 BTHMODEM (ed3df7c56ce0084eb2034432fc56565a) C:\Windows\system32\DRIVERS\bthmodem.sys
2011/05/13 14:25:26.0118 1892 cdfs (77ea11b065e0a8ab902d78145ca51e10) C:\Windows\system32\DRIVERS\cdfs.sys
2011/05/13 14:25:26.0159 1892 cdrom (be167ed0fdb9c1fa1133953c18d5a6c9) C:\Windows\system32\drivers\cdrom.sys
2011/05/13 14:25:26.0193 1892 circlass (3fe3fe94a34df6fb06e6418d0f6a0060) C:\Windows\system32\DRIVERS\circlass.sys
2011/05/13 14:25:26.0239 1892 CLFS (635181e0e9bbf16871bf5380d71db02d) C:\Windows\system32\CLFS.sys
2011/05/13 14:25:26.0280 1892 CmBatt (dea805815e587dad1dd2c502220b5616) C:\Windows\system32\DRIVERS\CmBatt.sys
2011/05/13 14:25:26.0300 1892 cmdide (c537b1db64d495b9b4717b4d6d9edbf2) C:\Windows\system32\drivers\cmdide.sys
2011/05/13 14:25:26.0335 1892 CNG (1b675691ed940766149c93e8f4488d68) C:\Windows\system32\Drivers\cng.sys
2011/05/13 14:25:26.0357 1892 Compbatt (a6023d3823c37043986713f118a89bee) C:\Windows\system32\DRIVERS\compbatt.sys
2011/05/13 14:25:26.0398 1892 CompFilter (f77390678b3c2fa7ed82ea034d582355) C:\Windows\system32\DRIVERS\lvbusflt.sys
2011/05/13 14:25:26.0435 1892 CompositeBus (cbe8c58a8579cfe5fccf809e6f114e89) C:\Windows\system32\drivers\CompositeBus.sys
2011/05/13 14:25:26.0465 1892 crcdisk (2c4ebcfc84a9b44f209dff6c6e6c61d1) C:\Windows\system32\DRIVERS\crcdisk.sys
2011/05/13 14:25:26.0545 1892 CSC (3c2177a897b4ca2788c6fb0c3fd81d4b) C:\Windows\system32\drivers\csc.sys
2011/05/13 14:25:26.0662 1892 dc3d (734bbe7c66e6fd6047a1bd29b9343b30) C:\Windows\system32\DRIVERS\dc3d.sys
2011/05/13 14:25:26.0772 1892 DfsC (f024449c97ec1e464aaffda18593db88) C:\Windows\system32\Drivers\dfsc.sys
2011/05/13 14:25:26.0798 1892 discache (1a050b0274bfb3890703d490f330c0da) C:\Windows\system32\drivers\discache.sys
2011/05/13 14:25:26.0822 1892 Disk (565003f326f99802e68ca78f2a68e9ff) C:\Windows\system32\DRIVERS\disk.sys
2011/05/13 14:25:26.0886 1892 drmkaud (b918e7c5f9bf77202f89e1a9539f2eb4) C:\Windows\system32\drivers\drmkaud.sys
2011/05/13 14:25:26.0923 1892 DXGKrnl (23f5d28378a160352ba8f817bd8c71cb) C:\Windows\System32\drivers\dxgkrnl.sys
2011/05/13 14:25:26.0962 1892 e1express (0535bfbedb9378ddd15bdf9957d57d71) C:\Windows\system32\DRIVERS\e1e6232.sys
2011/05/13 14:25:27.0052 1892 ebdrv (024e1b5cac09731e4d868e64dbfb4ab0) C:\Windows\system32\DRIVERS\evbdx.sys
2011/05/13 14:25:27.0151 1892 elxstor (0ed67910c8c326796faa00b2bf6d9d3c) C:\Windows\system32\DRIVERS\elxstor.sys
2011/05/13 14:25:27.0188 1892 ErrDev (8fc3208352dd3912c94367a206ab3f11) C:\Windows\system32\drivers\errdev.sys
2011/05/13 14:25:27.0229 1892 exfat (2dc9108d74081149cc8b651d3a26207f) C:\Windows\system32\drivers\exfat.sys
2011/05/13 14:25:27.0262 1892 fastfat (7e0ab74553476622fb6ae36f73d97d35) C:\Windows\system32\drivers\fastfat.sys
2011/05/13 14:25:27.0295 1892 fdc (e817a017f82df2a1f8cfdbda29388b29) C:\Windows\system32\DRIVERS\fdc.sys
2011/05/13 14:25:27.0332 1892 FileInfo (6cf00369c97f3cf563be99be983d13d8) C:\Windows\system32\drivers\fileinfo.sys
2011/05/13 14:25:27.0357 1892 Filetrace (42c51dc94c91da21cb9196eb64c45db9) C:\Windows\system32\drivers\filetrace.sys
2011/05/13 14:25:27.0381 1892 flpydisk (87907aa70cb3c56600f1c2fb8841579b) C:\Windows\system32\DRIVERS\flpydisk.sys
2011/05/13 14:25:27.0400 1892 FltMgr (7520ec808e0c35e0ee6f841294316653) C:\Windows\system32\drivers\fltmgr.sys
2011/05/13 14:25:27.0420 1892 FsDepends (1a16b57943853e598cff37fe2b8cbf1d) C:\Windows\system32\drivers\FsDepends.sys
2011/05/13 14:25:27.0441 1892 Fs_Rec (a574b4360e438977038aae4bf60d79a2) C:\Windows\system32\drivers\Fs_Rec.sys
2011/05/13 14:25:27.0497 1892 fvevol (8a73e79089b282100b9393b644cb853b) C:\Windows\system32\DRIVERS\fvevol.sys
2011/05/13 14:25:27.0530 1892 gagp30kx (65ee0c7a58b65e74ae05637418153938) C:\Windows\system32\DRIVERS\gagp30kx.sys
2011/05/13 14:25:27.0560 1892 GEARAspiWDM (8182ff89c65e4d38b2de4bb0fb18564e) C:\Windows\system32\DRIVERS\GEARAspiWDM.sys
2011/05/13 14:25:27.0592 1892 hcw85cir (c44e3c2bab6837db337ddee7544736db) C:\Windows\system32\drivers\hcw85cir.sys
2011/05/13 14:25:27.0645 1892 HdAudAddService (a5ef29d5315111c80a5c1abad14c8972) C:\Windows\system32\drivers\HdAudio.sys
2011/05/13 14:25:27.0682 1892 HDAudBus (9036377b8a6c15dc2eec53e489d159b5) C:\Windows\system32\drivers\HDAudBus.sys
2011/05/13 14:25:27.0711 1892 HidBatt (1d58a7f3e11a9731d0eaaaa8405acc36) C:\Windows\system32\DRIVERS\HidBatt.sys
2011/05/13 14:25:27.0732 1892 HidBth (89448f40e6df260c206a193a4683ba78) C:\Windows\system32\DRIVERS\hidbth.sys
2011/05/13 14:25:27.0765 1892 HidIr (cf50b4cf4a4f229b9f3c08351f99ca5e) C:\Windows\system32\DRIVERS\hidir.sys
2011/05/13 14:25:27.0803 1892 HidUsb (10c19f8290891af023eaec0832e1eb4d) C:\Windows\system32\DRIVERS\hidusb.sys
2011/05/13 14:25:27.0844 1892 HpSAMD (295fdc419039090eb8b49ffdbb374549) C:\Windows\system32\drivers\HpSAMD.sys
2011/05/13 14:25:27.0882 1892 HTTP (871917b07a141bff43d76d8844d48106) C:\Windows\system32\drivers\HTTP.sys
2011/05/13 14:25:27.0927 1892 hwpolicy (0c4e035c7f105f1299258c90886c64c5) C:\Windows\system32\drivers\hwpolicy.sys
2011/05/13 14:25:27.0964 1892 i8042prt (f151f0bdc47f4a28b1b20a0818ea36d6) C:\Windows\system32\drivers\i8042prt.sys
2011/05/13 14:25:27.0994 1892 iaStorV (a3cae5d281db4cff7cff8233507ee5ad) C:\Windows\system32\drivers\iaStorV.sys
2011/05/13 14:25:28.0033 1892 iirsp (4173ff5708f3236cf25195fecd742915) C:\Windows\system32\DRIVERS\iirsp.sys
2011/05/13 14:25:28.0082 1892 intelide (a0f12f2c9ba6c72f3987ce780e77c130) C:\Windows\system32\drivers\intelide.sys
2011/05/13 14:25:28.0127 1892 intelppm (3b514d27bfc4accb4037bc6685f766e0) C:\Windows\system32\DRIVERS\intelppm.sys
2011/05/13 14:25:28.0166 1892 IPMIDRV (4bd7134618c1d2a27466a099062547bf) C:\Windows\system32\drivers\IPMIDrv.sys
2011/05/13 14:25:28.0196 1892 IPNAT (a5fa468d67abcdaa36264e463a7bb0cd) C:\Windows\system32\drivers\ipnat.sys
2011/05/13 14:25:28.0238 1892 IRENUM (42996cff20a3084a56017b7902307e9f) C:\Windows\system32\drivers\irenum.sys
2011/05/13 14:25:28.0269 1892 isapnp (1f32bb6b38f62f7df1a7ab7292638a35) C:\Windows\system32\drivers\isapnp.sys
2011/05/13 14:25:28.0297 1892 iScsiPrt (cb7a9abb12b8415bce5d74994c7ba3ae) C:\Windows\system32\drivers\msiscsi.sys
2011/05/13 14:25:28.0329 1892 kbdclass (adef52ca1aeae82b50df86b56413107e) C:\Windows\system32\drivers\kbdclass.sys
2011/05/13 14:25:28.0360 1892 kbdhid (9e3ced91863e6ee98c24794d05e27a71) C:\Windows\system32\drivers\kbdhid.sys
2011/05/13 14:25:28.0428 1892 ksaud (9272a8404ce073d1502ad52c5a1024e3) C:\Windows\system32\drivers\ksaud.sys
2011/05/13 14:25:28.0483 1892 KSecDD (412cea1aa78cc02a447f5c9e62b32ff1) C:\Windows\system32\Drivers\ksecdd.sys
2011/05/13 14:25:28.0504 1892 KSecPkg (26c046977e85b95036453d7b88ba1820) C:\Windows\system32\Drivers\ksecpkg.sys
2011/05/13 14:25:28.0559 1892 lltdio (f7611ec07349979da9b0ae1f18ccc7a6) C:\Windows\system32\DRIVERS\lltdio.sys
2011/05/13 14:25:28.0604 1892 LSI_FC (eb119a53ccf2acc000ac71b065b78fef) C:\Windows\system32\DRIVERS\lsi_fc.sys
2011/05/13 14:25:28.0633 1892 LSI_SAS (8ade1c877256a22e49b75d1cc9161f9c) C:\Windows\system32\DRIVERS\lsi_sas.sys
2011/05/13 14:25:28.0656 1892 LSI_SAS2 (dc9dc3d3daa0e276fd2ec262e38b11e9) C:\Windows\system32\DRIVERS\lsi_sas2.sys
2011/05/13 14:25:28.0678 1892 LSI_SCSI (0a036c7d7cab643a7f07135ac47e0524) C:\Windows\system32\DRIVERS\lsi_scsi.sys
2011/05/13 14:25:28.0712 1892 luafv (6703e366cc18d3b6e534f5cf7df39cee) C:\Windows\system32\drivers\luafv.sys
2011/05/13 14:25:28.0757 1892 LVPr2Mon (8be71d7edb8c7494913722059f760dd0) C:\Windows\system32\DRIVERS\LVPr2Mon.sys
2011/05/13 14:25:28.0801 1892 LVRS (b6e1ccd6572984adcae68439afd07011) C:\Windows\system32\DRIVERS\lvrs.sys
2011/05/13 14:25:28.0918 1892 LVUVC (6c42815dd57e397f0cd988304b5eb4b3) C:\Windows\system32\DRIVERS\lvuvc.sys
2011/05/13 14:25:29.0043 1892 mcdbus (8fd868e32459ece2a1bb0169f513d31e) C:\Windows\system32\DRIVERS\mcdbus.sys
2011/05/13 14:25:29.0075 1892 megasas (0fff5b045293002ab38eb1fd1fc2fb74) C:\Windows\system32\DRIVERS\megasas.sys
2011/05/13 14:25:29.0107 1892 MegaSR (dcbab2920c75f390caf1d29f675d03d6) C:\Windows\system32\DRIVERS\MegaSR.sys
2011/05/13 14:25:29.0198 1892 Modem (f001861e5700ee84e2d4e52c712f4964) C:\Windows\system32\drivers\modem.sys
2011/05/13 14:25:29.0226 1892 monitor (79d10964de86b292320e9dfe02282a23) C:\Windows\system32\DRIVERS\monitor.sys
2011/05/13 14:25:29.0264 1892 mouclass (fb18cc1d4c2e716b6b903b0ac0cc0609) C:\Windows\system32\DRIVERS\mouclass.sys
2011/05/13 14:25:29.0287 1892 mouhid (2c388d2cd01c9042596cf3c8f3c7b24d) C:\Windows\system32\DRIVERS\mouhid.sys
2011/05/13 14:25:29.0328 1892 mountmgr (fc8771f45ecccfd89684e38842539b9b) C:\Windows\system32\drivers\mountmgr.sys
2011/05/13 14:25:29.0377 1892 MpFilter (7e34bfa1a7b60bba1da03d677f16cd63) C:\Windows\system32\DRIVERS\MpFilter.sys
2011/05/13 14:25:29.0414 1892 mpio (2d699fb6e89ce0d8da14ecc03b3edfe0) C:\Windows\system32\drivers\mpio.sys
2011/05/13 14:25:29.0639 1892 MpNWMon (f32e2d6a1640a469a9ed4f1929a4a861) C:\Windows\system32\DRIVERS\MpNWMon.sys
2011/05/13 14:25:29.0660 1892 mpsdrv (ad2723a7b53dd1aacae6ad8c0bfbf4d0) C:\Windows\system32\drivers\mpsdrv.sys
2011/05/13 14:25:29.0706 1892 MRxDAV (ceb46ab7c01c9f825f8cc6babc18166a) C:\Windows\system32\drivers\mrxdav.sys
2011/05/13 14:25:29.0748 1892 mrxsmb (ed3d3419b064f28d812995ed8cadc541) C:\Windows\system32\DRIVERS\mrxsmb.sys
2011/05/13 14:25:29.0771 1892 mrxsmb10 (dc914446049169a964e27fd8888ffaee) C:\Windows\system32\DRIVERS\mrxsmb10.sys
2011/05/13 14:25:29.0796 1892 mrxsmb20 (e7d90388d14fae057c166c1801e0bf94) C:\Windows\system32\DRIVERS\mrxsmb20.sys
2011/05/13 14:25:29.0825 1892 msahci (012c5f4e9349e711e11e0f19a8589f0a) C:\Windows\system32\drivers\msahci.sys
2011/05/13 14:25:29.0854 1892 msdsm (55055f8ad8be27a64c831322a780a228) C:\Windows\system32\drivers\msdsm.sys
2011/05/13 14:25:29.0897 1892 Msfs (daefb28e3af5a76abcc2c3078c07327f) C:\Windows\system32\drivers\Msfs.sys
2011/05/13 14:25:29.0915 1892 mshidkmdf (3e1e5767043c5af9367f0056295e9f84) C:\Windows\System32\drivers\mshidkmdf.sys
2011/05/13 14:25:29.0936 1892 msisadrv (0a4e5757ae09fa9622e3158cc1aef114) C:\Windows\system32\drivers\msisadrv.sys
2011/05/13 14:25:29.0976 1892 MSKSSRV (8c0860d6366aaffb6c5bb9df9448e631) C:\Windows\system32\drivers\MSKSSRV.sys
2011/05/13 14:25:30.0017 1892 MSPCLOCK (3ea8b949f963562cedbb549eac0c11ce) C:\Windows\system32\drivers\MSPCLOCK.sys
2011/05/13 14:25:30.0032 1892 MSPQM (f456e973590d663b1073e9c463b40932) C:\Windows\system32\drivers\MSPQM.sys
2011/05/13 14:25:30.0057 1892 MsRPC (0e008fc4819d238c51d7c93e7b41e560) C:\Windows\system32\drivers\MsRPC.sys
2011/05/13 14:25:30.0079 1892 mssmbios (fc6b9ff600cc585ea38b12589bd4e246) C:\Windows\system32\drivers\mssmbios.sys
2011/05/13 14:25:30.0104 1892 MSTEE (b42c6b921f61a6e55159b8be6cd54a36) C:\Windows\system32\drivers\MSTEE.sys
2011/05/13 14:25:30.0127 1892 MTConfig (33599130f44e1f34631cea241de8ac84) C:\Windows\system32\DRIVERS\MTConfig.sys
2011/05/13 14:25:30.0149 1892 Mup (159fad02f64e6381758c990f753bcc80) C:\Windows\system32\Drivers\mup.sys
2011/05/13 14:25:30.0193 1892 NativeWifiP (26384429fcd85d83746f63e798ab1480) C:\Windows\system32\DRIVERS\nwifi.sys
2011/05/13 14:25:30.0251 1892 NDIS (e7c54812a2aaf43316eb6930c1ffa108) C:\Windows\system32\drivers\ndis.sys
2011/05/13 14:25:30.0278 1892 NdisCap (0e1787aa6c9191d3d319e8bafe86f80c) C:\Windows\system32\DRIVERS\ndiscap.sys
2011/05/13 14:25:30.0304 1892 NdisTapi (e4a8aec125a2e43a9e32afeea7c9c888) C:\Windows\system32\DRIVERS\ndistapi.sys
2011/05/13 14:25:30.0346 1892 Ndisuio (d8a65dafb3eb41cbb622745676fcd072) C:\Windows\system32\DRIVERS\ndisuio.sys
2011/05/13 14:25:30.0389 1892 NdisWan (38fbe267e7e6983311179230facb1017) C:\Windows\system32\DRIVERS\ndiswan.sys
2011/05/13 14:25:30.0435 1892 NDProxy (a4bdc541e69674fbff1a8ff00be913f2) C:\Windows\system32\drivers\NDProxy.sys
2011/05/13 14:25:30.0458 1892 NetBIOS (80b275b1ce3b0e79909db7b39af74d51) C:\Windows\system32\DRIVERS\netbios.sys
2011/05/13 14:25:30.0505 1892 NetBT (280122ddcf04b378edd1ad54d71c1e54) C:\Windows\system32\DRIVERS\netbt.sys
2011/05/13 14:25:30.0565 1892 nfrd960 (1d85c4b390b0ee09c7a46b91efb2c097) C:\Windows\system32\DRIVERS\nfrd960.sys
2011/05/13 14:25:30.0605 1892 NisDrv (17e2c08c5ecfbe94a7c67b1c275ee9d9) C:\Windows\system32\DRIVERS\NisDrvWFP.sys
2011/05/13 14:25:30.0643 1892 Npfs (1db262a9f8c087e8153d89bef3d2235f) C:\Windows\system32\drivers\Npfs.sys
2011/05/13 14:25:30.0664 1892 nsiproxy (e9a0a4d07e53d8fea2bb8387a3293c58) C:\Windows\system32\drivers\nsiproxy.sys
2011/05/13 14:25:30.0734 1892 Ntfs (33c3093d09017cfe2e219f2472bff6eb) C:\Windows\system32\drivers\Ntfs.sys
2011/05/13 14:25:30.0762 1892 Null (f9756a98d69098dca8945d62858a812c) C:\Windows\system32\drivers\Null.sys
2011/05/13 14:25:30.0966 1892 nvlddmkm (bd409de5681c74c1de51d72427dc202d) C:\Windows\system32\DRIVERS\nvlddmkm.sys
2011/05/13 14:25:31.0139 1892 nvraid (af2eec9580c1d32fb7eaf105d9784061) C:\Windows\system32\drivers\nvraid.sys
2011/05/13 14:25:31.0162 1892 nvstor (9283c58ebaa2618f93482eb5dabcec82) C:\Windows\system32\drivers\nvstor.sys
2011/05/13 14:25:31.0199 1892 nv_agp (5a0983915f02bae73267cc2a041f717d) C:\Windows\system32\drivers\nv_agp.sys
2011/05/13 14:25:31.0227 1892 ohci1394 (08a70a1f2cdde9bb49b885cb817a66eb) C:\Windows\system32\drivers\ohci1394.sys
2011/05/13 14:25:31.0311 1892 Parport (2ea877ed5dd9713c5ac74e8ea7348d14) C:\Windows\system32\DRIVERS\parport.sys
2011/05/13 14:25:31.0358 1892 partmgr (bf8f6af06da75b336f07e23aef97d93b) C:\Windows\system32\drivers\partmgr.sys
2011/05/13 14:25:31.0386 1892 Parvdm (eb0a59f29c19b86479d36b35983daadc) C:\Windows\system32\DRIVERS\parvdm.sys
2011/05/13 14:25:31.0419 1892 pci (673e55c3498eb970088e812ea820aa8f) C:\Windows\system32\drivers\pci.sys
2011/05/13 14:25:31.0441 1892 pciide (afe86f419014db4e5593f69ffe26ce0a) C:\Windows\system32\drivers\pciide.sys
2011/05/13 14:25:31.0464 1892 pcmcia (f396431b31693e71e8a80687ef523506) C:\Windows\system32\DRIVERS\pcmcia.sys
2011/05/13 14:25:31.0506 1892 pcw (250f6b43d2b613172035c6747aeeb19f) C:\Windows\system32\drivers\pcw.sys
2011/05/13 14:25:31.0541 1892 PEAUTH (9e0104ba49f4e6973749a02bf41344ed) C:\Windows\system32\drivers\peauth.sys
2011/05/13 14:25:31.0633 1892 Point32 (7d7a9c17d5455203dea11e5ef886cc59) C:\Windows\system32\DRIVERS\point32.sys
2011/05/13 14:25:31.0689 1892 PptpMiniport (631e3e205ad6d86f2aed6a4a8e69f2db) C:\Windows\system32\DRIVERS\raspptp.sys
2011/05/13 14:25:31.0714 1892 Processor (85b1e3a0c7585bc4aae6899ec6fcf011) C:\Windows\system32\DRIVERS\processr.sys
2011/05/13 14:25:31.0794 1892 Psched (6270ccae2a86de6d146529fe55b3246a) C:\Windows\system32\DRIVERS\pacer.sys
2011/05/13 14:25:31.0894 1892 ql2300 (ab95ecf1f6659a60ddc166d8315b0751) C:\Windows\system32\DRIVERS\ql2300.sys
2011/05/13 14:25:31.0922 1892 ql40xx (b4dd51dd25182244b86737dc51af2270) C:\Windows\system32\DRIVERS\ql40xx.sys
2011/05/13 14:25:31.0954 1892 QWAVEdrv (584078ca1b95ca72df2a27c336f9719d) C:\Windows\system32\drivers\qwavedrv.sys
2011/05/13 14:25:31.0975 1892 RasAcd (30a81b53c766d0133bb86d234e5556ab) C:\Windows\system32\DRIVERS\rasacd.sys
2011/05/13 14:25:32.0022 1892 RasAgileVpn (57ec4aef73660166074d8f7f31c0d4fd) C:\Windows\system32\DRIVERS\AgileVpn.sys
2011/05/13 14:25:32.0059 1892 Rasl2tp (d9f91eafec2815365cbe6d167e4e332a) C:\Windows\system32\DRIVERS\rasl2tp.sys
2011/05/13 14:25:32.0087 1892 RasPppoe (0fe8b15916307a6ac12bfb6a63e45507) C:\Windows\system32\DRIVERS\raspppoe.sys
2011/05/13 14:25:32.0120 1892 RasSstp (44101f495a83ea6401d886e7fd70096b) C:\Windows\system32\DRIVERS\rassstp.sys
2011/05/13 14:25:32.0160 1892 rdbss (d528bc58a489409ba40334ebf96a311b) C:\Windows\system32\DRIVERS\rdbss.sys
2011/05/13 14:25:32.0187 1892 rdpbus (0d8f05481cb76e70e1da06ee9f0da9df) C:\Windows\system32\DRIVERS\rdpbus.sys
2011/05/13 14:25:32.0227 1892 RDPCDD (23dae03f29d253ae74c44f99e515f9a1) C:\Windows\system32\DRIVERS\RDPCDD.sys
2011/05/13 14:25:32.0278 1892 RDPDR (b973fcfc50dc1434e1970a146f7e3885) C:\Windows\system32\drivers\rdpdr.sys
2011/05/13 14:25:32.0300 1892 RDPENCDD (5a53ca1598dd4156d44196d200c94b8a) C:\Windows\system32\drivers\rdpencdd.sys
2011/05/13 14:25:32.0328 1892 RDPREFMP (44b0a53cd4f27d50ed461dae0c0b4e1f) C:\Windows\system32\drivers\rdprefmp.sys
2011/05/13 14:25:32.0392 1892 RDPWD (288b06960d78428ff89e811632684e20) C:\Windows\system32\drivers\RDPWD.sys
2011/05/13 14:25:32.0440 1892 rdyboost (518395321dc96fe2c9f0e96ac743b656) C:\Windows\system32\drivers\rdyboost.sys
2011/05/13 14:25:32.0492 1892 RecFltr (81d24dccdb05290491e246b8d49c20e9) C:\Windows\system32\Drivers\RecFltr.sys
2011/05/13 14:25:32.0547 1892 rspndr (032b0d36ad92b582d869879f5af5b928) C:\Windows\system32\DRIVERS\rspndr.sys
2011/05/13 14:25:32.0569 1892 s3cap (7fa7f2e249a5dcbb7970630e15e1f482) C:\Windows\system32\drivers\vms3cap.sys
2011/05/13 14:25:32.0598 1892 sbp2port (05d860da1040f111503ac416ccef2bca) C:\Windows\system32\drivers\sbp2port.sys
2011/05/13 14:25:32.0647 1892 scfilter (0693b5ec673e34dc147e195779a4dcf6) C:\Windows\system32\DRIVERS\scfilter.sys
2011/05/13 14:25:32.0694 1892 secdrv (90a3935d05b494a5a39d37e71f09a677) C:\Windows\system32\drivers\secdrv.sys
2011/05/13 14:25:32.0740 1892 Serenum (9ad8b8b515e3df6acd4212ef465de2d1) C:\Windows\system32\DRIVERS\serenum.sys
2011/05/13 14:25:32.0766 1892 Serial (5fb7fcea0490d821f26f39cc5ea3d1e2) C:\Windows\system32\DRIVERS\serial.sys
2011/05/13 14:25:32.0800 1892 sermouse (79bffb520327ff916a582dfea17aa813) C:\Windows\system32\DRIVERS\sermouse.sys
2011/05/13 14:25:32.0861 1892 sffdisk (9f976e1eb233df46fce808d9dea3eb9c) C:\Windows\system32\drivers\sffdisk.sys
2011/05/13 14:25:32.0877 1892 sffp_mmc (932a68ee27833cfd57c1639d375f2731) C:\Windows\system32\drivers\sffp_mmc.sys
2011/05/13 14:25:32.0904 1892 sffp_sd (6d4ccaedc018f1cf52866bbbaa235982) C:\Windows\system32\drivers\sffp_sd.sys
2011/05/13 14:25:32.0929 1892 sfloppy (db96666cc8312ebc45032f30b007a547) C:\Windows\system32\DRIVERS\sfloppy.sys
2011/05/13 14:25:32.0974 1892 sisagp (2565cac0dc9fe0371bdce60832582b2e) C:\Windows\system32\drivers\sisagp.sys
2011/05/13 14:25:33.0006 1892 SiSRaid2 (a9f0486851becb6dda1d89d381e71055) C:\Windows\system32\DRIVERS\SiSRaid2.sys
2011/05/13 14:25:33.0038 1892 SiSRaid4 (3727097b55738e2f554972c3be5bc1aa) C:\Windows\system32\DRIVERS\sisraid4.sys
2011/05/13 14:25:33.0090 1892 Smb (3e21c083b8a01cb70ba1f09303010fce) C:\Windows\system32\DRIVERS\smb.sys
2011/05/13 14:25:33.0130 1892 spldr (95cf1ae7527fb70f7816563cbc09d942) C:\Windows\system32\drivers\spldr.sys
2011/05/13 14:25:33.0192 1892 srv (4e636465a8653ba3bf29f929aa578e6f) C:\Windows\system32\DRIVERS\srv.sys
2011/05/13 14:25:33.0223 1892 srv2 (4e4e17a3865f650ee8c67726872d9431) C:\Windows\system32\DRIVERS\srv2.sys
2011/05/13 14:25:33.0255 1892 srvnet (1346dff5be932939997d373d61a35626) C:\Windows\system32\DRIVERS\srvnet.sys
2011/05/13 14:25:33.0295 1892 stexstor (db32d325c192b801df274bfd12a7e72b) C:\Windows\system32\DRIVERS\stexstor.sys
2011/05/13 14:25:33.0326 1892 storflt (472af0311073dceceaa8fa18ba2bdf89) C:\Windows\system32\drivers\vmstorfl.sys
2011/05/13 14:25:33.0356 1892 storvsc (dcaffd62259e0bdb433dd67b5bb37619) C:\Windows\system32\drivers\storvsc.sys
2011/05/13 14:25:33.0380 1892 swenum (e58c78a848add9610a4db6d214af5224) C:\Windows\system32\drivers\swenum.sys
2011/05/13 14:25:33.0472 1892 Tcpip (37e8fa3779668837ca9e2c36d2415949) C:\Windows\system32\drivers\tcpip.sys
2011/05/13 14:25:33.0516 1892 TCPIP6 (37e8fa3779668837ca9e2c36d2415949) C:\Windows\system32\DRIVERS\tcpip.sys
2011/05/13 14:25:33.0568 1892 tcpipreg (cca24162e055c3714ce5a88b100c64ed) C:\Windows\system32\drivers\tcpipreg.sys
2011/05/13 14:25:33.0615 1892 TDPIPE (1cb91b2bd8f6dd367dfc2ef26fd751b2) C:\Windows\system32\drivers\tdpipe.sys
2011/05/13 14:25:33.0635 1892 TDTCP (2c10395baa4847f83042813c515cc289) C:\Windows\system32\drivers\tdtcp.sys
2011/05/13 14:25:33.0678 1892 tdx (b459575348c20e8121d6039da063c704) C:\Windows\system32\DRIVERS\tdx.sys
2011/05/13 14:25:33.0715 1892 TermDD (04dbf4b01ea4bf25a9a3e84affac9b20) C:\Windows\system32\drivers\termdd.sys
2011/05/13 14:25:33.0789 1892 tssecsrv (254bb140eee3c59d6114c1a86b636877) C:\Windows\system32\DRIVERS\tssecsrv.sys
2011/05/13 14:25:33.0824 1892 TsUsbFlt (fd1d6c73e6333be727cbcc6054247654) C:\Windows\system32\drivers\tsusbflt.sys
2011/05/13 14:25:33.0872 1892 tunnel (b2fa25d9b17a68bb93d58b0556e8c90d) C:\Windows\system32\DRIVERS\tunnel.sys
2011/05/13 14:25:33.0899 1892 uagp35 (750fbcb269f4d7dd2e420c56b795db6d) C:\Windows\system32\DRIVERS\uagp35.sys
2011/05/13 14:25:33.0942 1892 udfs (ee43346c7e4b5e63e54f927babbb32ff) C:\Windows\system32\DRIVERS\udfs.sys
2011/05/13 14:25:33.0984 1892 uliagpkx (44e8048ace47befbfdc2e9be4cbc8880) C:\Windows\system32\drivers\uliagpkx.sys
2011/05/13 14:25:34.0031 1892 umbus (d295bed4b898f0fd999fcfa9b32b071b) C:\Windows\system32\drivers\umbus.sys
2011/05/13 14:25:34.0061 1892 UmPass (7550ad0c6998ba1cb4843e920ee0feac) C:\Windows\system32\DRIVERS\umpass.sys
2011/05/13 14:25:34.0110 1892 USBAAPL (5c2bdc152bbab34f36473deaf7713f22) C:\Windows\system32\Drivers\usbaapl.sys
2011/05/13 14:25:34.0147 1892 usbaudio (1d9f2bd026e8e2d45033a4df3f16b78c) C:\Windows\system32\drivers\usbaudio.sys
2011/05/13 14:25:34.0169 1892 usbccgp (7e72e7d7e0757d59481d530fd2b0bfae) C:\Windows\system32\DRIVERS\usbccgp.sys
2011/05/13 14:25:34.0197 1892 usbcir (04ec7cec62ec3b6d9354eee93327fc82) C:\Windows\system32\drivers\usbcir.sys
2011/05/13 14:25:34.0237 1892 usbehci (1c333bfd60f2fed2c7ad5daf533cb742) C:\Windows\system32\DRIVERS\usbehci.sys
2011/05/13 14:25:34.0272 1892 usbhub (9d22aad9ac6a07c691a1113e5f860868) C:\Windows\system32\drivers\usbhub.sys
2011/05/13 14:25:34.0294 1892 usbohci (a6fb7957ea7afb1165991e54ce934b74) C:\Windows\system32\DRIVERS\usbohci.sys
2011/05/13 14:25:34.0316 1892 usbprint (797d862fe0875e75c7cc4c1ad7b30252) C:\Windows\system32\DRIVERS\usbprint.sys
2011/05/13 14:25:34.0343 1892 usbscan (576096ccbc07e7c4ea4f5e6686d6888f) C:\Windows\system32\DRIVERS\usbscan.sys
2011/05/13 14:25:34.0363 1892 USBSTOR (bf63ebfc6979fefb2bc03df7989a0c1a) C:\Windows\system32\drivers\USBSTOR.SYS
2011/05/13 14:25:34.0385 1892 usbuhci (78780c3ebce17405b1ccd07a3a8a7d72) C:\Windows\system32\DRIVERS\usbuhci.sys
2011/05/13 14:25:34.0428 1892 vdrvroot (a059c4c3edb09e07d21a8e5c0aabd3cb) C:\Windows\system32\drivers\vdrvroot.sys
2011/05/13 14:25:34.0464 1892 vga (17c408214ea61696cec9c66e388b14f3) C:\Windows\system32\DRIVERS\vgapnp.sys
2011/05/13 14:25:34.0495 1892 VgaSave (8e38096ad5c8570a6f1570a61e251561) C:\Windows\System32\drivers\vga.sys
2011/05/13 14:25:34.0519 1892 vhdmp (5461686cca2fda57b024547733ab42e3) C:\Windows\system32\drivers\vhdmp.sys
2011/05/13 14:25:34.0558 1892 viaagp (c829317a37b4bea8f39735d4b076e923) C:\Windows\system32\drivers\viaagp.sys
2011/05/13 14:25:34.0577 1892 ViaC7 (e02f079a6aa107f06b16549c6e5c7b74) C:\Windows\system32\DRIVERS\viac7.sys
2011/05/13 14:25:34.0603 1892 viaide (e43574f6a56a0ee11809b48c09e4fd3c) C:\Windows\system32\drivers\viaide.sys
2011/05/13 14:25:34.0634 1892 vmbus (c2f2911156fdc7817c52829c86da494e) C:\Windows\system32\drivers\vmbus.sys
2011/05/13 14:25:34.0659 1892 VMBusHID (d4d77455211e204f370d08f4963063ce) C:\Windows\system32\drivers\VMBusHID.sys
2011/05/13 14:25:34.0688 1892 volmgr (4c63e00f2f4b5f86ab48a58cd990f212) C:\Windows\system32\drivers\volmgr.sys
2011/05/13 14:25:34.0714 1892 volmgrx (b5bb72067ddddbbfb04b2f89ff8c3c87) C:\Windows\system32\drivers\volmgrx.sys
2011/05/13 14:25:34.0737 1892 volsnap (ab6532bf1c2519efcec5b8c04d8dc407) C:\Windows\system32\drivers\volsnap.sys
2011/05/13 14:25:34.0739 1892 Suspicious file (Forged): C:\Windows\system32\drivers\volsnap.sys. Real md5: ab6532bf1c2519efcec5b8c04d8dc407, Fake md5: f497f67932c6fa693d7de2780631cfe7
2011/05/13 14:25:34.0746 1892 volsnap - detected Rootkit.Win32.TDSS.tdl3 (0)
2011/05/13 14:25:34.0773 1892 vsmraid (9dfa0cc2f8855a04816729651175b631) C:\Windows\system32\DRIVERS\vsmraid.sys
2011/05/13 14:25:34.0821 1892 VSTHWBS2 (682fcf7d2eb5158cd30408e976562408) C:\Windows\system32\DRIVERS\VSTBS23.SYS
2011/05/13 14:25:34.0876 1892 VST_DPV (ceb4e3b6890e1e42dca6694d9e59e1a0) C:\Windows\system32\DRIVERS\VSTDPV3.SYS
2011/05/13 14:25:34.0907 1892 vwifibus (90567b1e658001e79d7c8bbd3dde5aa6) C:\Windows\System32\drivers\vwifibus.sys
2011/05/13 14:25:34.0945 1892 WacomPen (de3721e89c653aa281428c8a69745d90) C:\Windows\system32\DRIVERS\wacompen.sys
2011/05/13 14:25:34.0999 1892 WANARP (3c3c78515f5ab448b022bdf5b8ffdd2e) C:\Windows\system32\DRIVERS\wanarp.sys
2011/05/13 14:25:35.0015 1892 Wanarpv6 (3c3c78515f5ab448b022bdf5b8ffdd2e) C:\Windows\system32\DRIVERS\wanarp.sys
2011/05/13 14:25:35.0074 1892 Wd (1112a9badacb47b7c0bb0392e3158dff) C:\Windows\system32\DRIVERS\wd.sys
2011/05/13 14:25:35.0108 1892 Wdf01000 (9950e3d0f08141c7e89e64456ae7dc73) C:\Windows\system32\drivers\Wdf01000.sys
2011/05/13 14:25:35.0179 1892 WfpLwf (8b9a943f3b53861f2bfaf6c186168f79) C:\Windows\system32\DRIVERS\wfplwf.sys
2011/05/13 14:25:35.0207 1892 WIMMount (5cf95b35e59e2a38023836fff31be64c) C:\Windows\system32\drivers\wimmount.sys
2011/05/13 14:25:35.0243 1892 winachsf (bc0c7ea89194c299f051c24119000e17) C:\Windows\system32\DRIVERS\VSTCNXT3.SYS
2011/05/13 14:25:35.0329 1892 WmiAcpi (0217679b8fca58714c3bf2726d2ca84e) C:\Windows\system32\drivers\wmiacpi.sys
2011/05/13 14:25:35.0389 1892 ws2ifsl (6db3276587b853bf886b69528fdb048c) C:\Windows\system32\drivers\ws2ifsl.sys
2011/05/13 14:25:35.0447 1892 WudfPf (e714a1c0354636837e20ccbf00888ee7) C:\Windows\system32\drivers\WudfPf.sys
2011/05/13 14:25:35.0501 1892 WUDFRd (1023ee888c9b47178c5293ed5336ab69) C:\Windows\system32\DRIVERS\WUDFRd.sys
2011/05/13 14:25:35.0576 1892 ================================================================================
2011/05/13 14:25:35.0576 1892 Scan finished
2011/05/13 14:25:35.0576 1892 ================================================================================
2011/05/13 14:25:35.0590 4088 Detected object count: 1
2011/05/13 14:25:56.0011 4088 volsnap (ab6532bf1c2519efcec5b8c04d8dc407) C:\Windows\system32\drivers\volsnap.sys
2011/05/13 14:25:56.0012 4088 Suspicious file (Forged): C:\Windows\system32\drivers\volsnap.sys. Real md5: ab6532bf1c2519efcec5b8c04d8dc407, Fake md5: f497f67932c6fa693d7de2780631cfe7
2011/05/13 14:25:57.0490 4088 Backup copy found, using it..
2011/05/13 14:25:57.0500 4088 C:\Windows\system32\drivers\volsnap.sys - will be cured after reboot
2011/05/13 14:25:57.0500 4088 Rootkit.Win32.TDSS.tdl3(volsnap) - User select action: Cure
2011/05/13 14:26:31.0977 3292 Deinitialize success

ESETScan results

C:\Users\Josh\Desktop\Downloads\Microsoft.Office.2010.ISO.Activator-ZWTiSO-PDU-IPT\Microsoft.Office.2010-IPT.rar Win32/HackKMS.A application
C:\Users\Josh\Desktop\Downloads\Microsoft.Office.2010.ISO.Activator-ZWTiSO-PDU-IPT\Microsoft.Office.2010-IPT\MICROSOFT.OFFICE.2010.ISO Win32/HackKMS.A application

Sec Check results

Results of screen317's Security Check version 0.99.11
Windows 7 Service Pack 1 (UAC is disabled!)
Internet Explorer 8
``````````````````````````````
Antivirus/Firewall Check:

Windows Firewall Enabled!
ESET Online Scanner v3
WMI entry may not exist for antivirus; attempting automatic update.
```````````````````````````````
Anti-malware/Other Utilities Check:

Malwarebytes' Anti-Malware
Registry Cleaner 2.1
Java™ 6 Update 25
Adobe Flash Player 10.2.159.1
Adobe Reader 9.4.4
Out of date Adobe Reader installed!
Mozilla Firefox (x86 en-US..)
````````````````````````````````
Process Check:
objlist.exe by Laurent

``````````End of Log````````````

#8 jcalvert86

jcalvert86
  • Topic Starter

  • Members
  • 10 posts
  • OFFLINE
  •  
  • Local time:10:34 AM

Posted 14 May 2011 - 03:03 AM

Hopefully not jumping the gun here but it appears to be gone now... no script error or search redirect after last reboot.

#9 SweetTech

SweetTech

    Agent ST


  • Members
  • 13,421 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Antarctica
  • Local time:11:34 AM

Posted 14 May 2011 - 10:23 AM

Hi!

The main infection that you were infected with is called TDL3.

See the snippet of text below:

2011/05/13 14:25:35.0590 4088 Detected object count: 1
2011/05/13 14:25:56.0011 4088 volsnap (ab6532bf1c2519efcec5b8c04d8dc407) C:\Windows\system32\drivers\volsnap.sys
2011/05/13 14:25:56.0012 4088 Suspicious file (Forged): C:\Windows\system32\drivers\volsnap.sys. Real md5: ab6532bf1c2519efcec5b8c04d8dc407, Fake md5: f497f67932c6fa693d7de2780631cfe7
2011/05/13 14:25:57.0490 4088 Backup copy found, using it..
2011/05/13 14:25:57.0500 4088 C:\Windows\system32\drivers\volsnap.sys - will be cured after reboot
2011/05/13 14:25:57.0500 4088 Rootkit.Win32.TDSS.tdl3(volsnap) - User select action: Cure
2011/05/13 14:26:31.0977 3292 Deinitialize success


You can read more about this infection here:

Special thanks to quietman7 for providing the above links.



NEXT:



OTL Fix

We need to run an OTL Fix
  • Please reopen Posted Image on your desktop.
  • Copy and Paste the following code into the Posted Image textbox.
    :Services
    :OTL
    
    :Reg
    
    :Files
    C:\Users\Josh\Desktop\Downloads\Microsoft.Office.2010.ISO.Activator-ZWTiSO-PDU-IPT\Microsoft.Office.2010-IPT.rar
    C:\Users\Josh\Desktop\Downloads\Microsoft.Office.2010.ISO.Activator-ZWTiSO-PDU-IPT\Microsoft.Office.2010-IPT\MICROSOFT.OFFICE.2010.ISO
    C:\Users\Josh\Desktop\Downloads\Microsoft.Office.2010.ISO.Activator-ZWTiSO-PDU-IPT\
    ipconfig /flushdns /c
    :Commands
    [purity]
    [resethosts]
    [CreateRestorePoint]
    [emptytemp]
    [EMPTYFLASH]
    
  • Push Posted Image
  • OTL may ask to reboot the machine. Please do so if asked.
  • Click the OK button.
  • A report will open. Copy and Paste that report in your next reply.
  • If the machine reboots, the log will be located at C:\_OTL\MovedFiles\mmddyyyy_hhmmss.log, where mmddyyyy_hhmmss is the date of the tool run.


NEXT:



Update Adobe Reader
Earlier versions of Adobe Reader have known security flaws so it is recommended that you update your copy
  • Go to Start > Control Panel > Add/Remove Programs
  • Remove ALL instances of Adobe Reader
  • Re-boot your computer as required.
  • Once ALL versions of Adobe Reader have been uninstalled, visit: <<here>> and download the latest version of Adobe Reader
Alternative Option: after uninstalling Adobe Reader, you could try installing Foxit Reader from >here< Foxit Reader has fewer add-ons therefore loads more quickly.



NEXT:



OTL Custom Scan

We need to run an OTL Custom Scan
  • Please reopen Posted Image on your desktop.
  • Copy and Paste the following code into the Posted Image textbox.


    netsvcs
    drivers32
    hklm\software\clients\startmenuinternet|command /rs
    %USERPROFILE%\AppData\Local\Google\Chrome\User Data\*.* /s
    HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate\AU
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\Auto Update\Results\Install|LastSuccessTime /rs

  • Push the Posted Image button.
  • A report will open. Copy and Paste that report in your next reply.


NEXT:



What outstanding issues (if any) are you still experiencing with your computer?

Have I helped you? If you'd like to assist in the fight against malware, click here Posted Image


The instructions seen in this post have been specifically tailored to this user and the issues they are experiencing with their computer. If you think you have a similar problem, please first read this topic, and then begin your own, new thread. I do not offer private support via Private Message.


#10 jcalvert86

jcalvert86
  • Topic Starter

  • Members
  • 10 posts
  • OFFLINE
  •  
  • Local time:10:34 AM

Posted 16 May 2011 - 01:34 PM

All processes killed
========== SERVICES/DRIVERS ==========
========== OTL ==========
========== REGISTRY ==========
========== FILES ==========
C:\Users\Josh\Desktop\Downloads\Microsoft.Office.2010.ISO.Activator-ZWTiSO-PDU-IPT\Microsoft.Office.2010-IPT.rar moved successfully.
File move failed. C:\Users\Josh\Desktop\Downloads\Microsoft.Office.2010.ISO.Activator-ZWTiSO-PDU-IPT\Microsoft.Office.2010-IPT\MICROSOFT.OFFICE.2010.ISO scheduled to be moved on reboot.
Folder move failed. C:\Users\Josh\Desktop\Downloads\Microsoft.Office.2010.ISO.Activator-ZWTiSO-PDU-IPT\Microsoft.Office.2010-IPT scheduled to be moved on reboot.
C:\Users\Josh\Desktop\Downloads\Microsoft.Office.2010.ISO.Activator-ZWTiSO-PDU-IPT\IMG folder moved successfully.
Folder move failed. C:\Users\Josh\Desktop\Downloads\Microsoft.Office.2010.ISO.Activator-ZWTiSO-PDU-IPT scheduled to be moved on reboot.
< ipconfig /flushdns /c >
Windows IP Configuration
Successfully flushed the DNS Resolver Cache.
C:\Users\Josh\Desktop\cmd.bat deleted successfully.
C:\Users\Josh\Desktop\cmd.txt deleted successfully.
========== COMMANDS ==========
C:\Windows\System32\drivers\etc\Hosts moved successfully.
HOSTS file reset successfully


[EMPTYTEMP]

User: All Users

User: Default
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->Flash cache emptied: 0 bytes

User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->Flash cache emptied: 0 bytes

User: Josh
->Temp folder emptied: 5144078 bytes
->Temporary Internet Files folder emptied: 11061202 bytes
->Java cache emptied: 0 bytes
->FireFox cache emptied: 61744813 bytes
->Flash cache emptied: 18399 bytes

User: Public
->Temp folder emptied: 0 bytes

%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 15114 bytes
RecycleBin emptied: 0 bytes

Total Files Cleaned = 74.00 mb


[EMPTYFLASH]

User: All Users

User: Default
->Flash cache emptied: 0 bytes

User: Default User
->Flash cache emptied: 0 bytes

User: Josh
->Flash cache emptied: 0 bytes

User: Public

Total Flash Files Cleaned = 0.00 mb


OTL by OldTimer - Version 3.2.22.3 log created on 05162011_132507

Files\Folders moved on Reboot...
File move failed. C:\Users\Josh\Desktop\Downloads\Microsoft.Office.2010.ISO.Activator-ZWTiSO-PDU-IPT\Microsoft.Office.2010-IPT\MICROSOFT.OFFICE.2010.ISO scheduled to be moved on reboot.
Folder move failed. C:\Users\Josh\Desktop\Downloads\Microsoft.Office.2010.ISO.Activator-ZWTiSO-PDU-IPT\Microsoft.Office.2010-IPT scheduled to be moved on reboot.
Folder move failed. C:\Users\Josh\Desktop\Downloads\Microsoft.Office.2010.ISO.Activator-ZWTiSO-PDU-IPT\Microsoft.Office.2010-IPT scheduled to be moved on reboot.
Folder move failed. C:\Users\Josh\Desktop\Downloads\Microsoft.Office.2010.ISO.Activator-ZWTiSO-PDU-IPT scheduled to be moved on reboot.

Registry entries deleted on Reboot...




OTL logfile created on: 5/16/2011 1:31:51 PM - Run 2
OTL by OldTimer - Version 3.2.22.3 Folder = C:\Users\Josh\Desktop
An unknown product Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

2.00 Gb Total Physical Memory | 1.00 Gb Available Physical Memory | 56.00% Memory free
4.00 Gb Paging File | 3.00 Gb Available in Paging File | 63.00% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 298.09 Gb Total Space | 205.32 Gb Free Space | 68.88% Space Free | Partition Type: NTFS
Drive F: | 1.51 Gb Total Space | 0.00 Gb Free Space | 0.00% Space Free | Partition Type: CDFS

Computer Name: JOSH-PC | User Name: Josh | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - File not found --
PRC - [2011/05/12 23:28:24 | 000,580,608 | ---- | M] (OldTimer Tools) -- C:\Users\Josh\Desktop\OTL.exe
PRC - [2011/05/08 14:04:42 | 000,924,632 | ---- | M] (Mozilla Corporation) -- C:\Program Files\Mozilla Firefox\firefox.exe
PRC - [2011/04/01 05:11:52 | 000,428,640 | ---- | M] (Logitech Inc.) -- C:\Program Files\Common Files\logishrd\LVMVFM\UMVPFSrv.exe
PRC - [2010/11/20 07:17:09 | 002,616,320 | ---- | M] (Microsoft Corporation) -- C:\Windows\explorer.exe
PRC - [2010/10/29 15:06:08 | 005,915,480 | ---- | M] (Logitech Inc.) -- C:\Program Files\Logitech\Vid HD\Vid.exe
PRC - [2010/10/16 13:42:12 | 000,792,680 | ---- | M] (NVIDIA Corporation) -- C:\Program Files\NVIDIA Corporation\Display\NvXDSync.exe
PRC - [2010/05/07 19:47:32 | 000,162,648 | ---- | M] (Logitech Inc.) -- C:\Program Files\Common Files\logishrd\LVMVFM\LVPrcSrv.exe
PRC - [2009/11/04 11:46:38 | 000,151,552 | ---- | M] (Razer USA Ltd.) -- C:\Program Files\Razer\Reclusa\razerhid.exe
PRC - [2009/08/28 19:45:56 | 000,286,720 | ---- | M] (Creative Technology Ltd) -- C:\Program Files\Creative\Shared Files\CTAudSvc.exe
PRC - [2009/07/26 21:10:00 | 001,983,816 | ---- | M] (CANON INC.) -- C:\Program Files\Canon\MyPrinter\BJMYPRT.EXE
PRC - [2009/02/23 19:43:12 | 000,576,000 | ---- | M] (MagicISO, Inc.) -- C:\Program Files\MagicDisc\MagicDisc.exe
PRC - [2009/02/10 11:01:49 | 000,116,104 | ---- | M] () -- C:\Program Files\Canon\IJPLM\ijplmsvc.exe
PRC - [2008/11/24 14:01:12 | 000,237,693 | ---- | M] (Creative Technology Ltd) -- C:\Program Files\Creative\Sound Blaster X-Fi Surround 5.1\Volume Panel\VolPanlu.exe
PRC - [2007/01/23 21:15:02 | 000,217,088 | ---- | M] () -- C:\Program Files\Razer\Reclusa\razertra.exe


========== Modules (SafeList) ==========

MOD - [2011/05/12 23:28:24 | 000,580,608 | ---- | M] (OldTimer Tools) -- C:\Users\Josh\Desktop\OTL.exe
MOD - [2010/11/20 06:55:09 | 001,680,896 | ---- | M] (Microsoft Corporation) -- C:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2\comctl32.dll


========== Win32 Services (SafeList) ==========

SRV - [2011/04/01 05:11:52 | 000,428,640 | ---- | M] (Logitech Inc.) [Auto | Running] -- C:\Program Files\Common Files\logishrd\LVMVFM\UMVPFSrv.exe -- (UMVPFSrv)
SRV - [2010/11/11 13:26:42 | 000,206,360 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- c:\Program Files\Microsoft Security Client\Antimalware\NisSrv.exe -- (NisSrv)
SRV - [2010/11/11 13:26:40 | 000,011,736 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- c:\Program Files\Microsoft Security Client\Antimalware\MsMpEng.exe -- (MsMpSvc)
SRV - [2010/09/11 20:58:54 | 000,655,624 | ---- | M] (Acresso Software Inc.) [On_Demand | Stopped] -- C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe -- (FLEXnet Licensing Service)
SRV - [2010/08/04 09:33:11 | 000,079,360 | ---- | M] (Creative Labs) [On_Demand | Stopped] -- C:\Program Files\Common Files\Creative Labs Shared\Service\AL6Licensing.exe -- (Creative ALchemy AL6 Licensing Service)
SRV - [2010/08/04 03:01:16 | 001,343,400 | ---- | M] (Microsoft Corporation) [Unknown | Stopped] -- C:\Windows\System32\Wat\WatAdminSvc.exe -- (WatAdminSvc)
SRV - [2010/08/03 20:31:51 | 000,079,360 | ---- | M] (Creative Labs) [On_Demand | Stopped] -- C:\Program Files\Common Files\Creative Labs Shared\Service\CTAELicensing.exe -- (Creative Audio Engine Licensing Service)
SRV - [2010/05/07 19:47:32 | 000,162,648 | ---- | M] (Logitech Inc.) [Auto | Running] -- C:\Program Files\Common Files\Logishrd\LVMVFM\LVPrcSrv.exe -- (LVPrcSrv)
SRV - [2010/03/25 11:25:22 | 030,969,208 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Microsoft Office\Office14\GROOVE.EXE -- (Microsoft SharePoint Workspace Audit Service)
SRV - [2009/08/28 19:45:56 | 000,286,720 | ---- | M] (Creative Technology Ltd) [Auto | Running] -- C:\Program Files\Creative\Shared Files\CTAudSvc.exe -- (CTAudSvcService)
SRV - [2009/07/13 20:16:15 | 000,016,384 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\StorSvc.dll -- (StorSvc)
SRV - [2009/07/13 20:16:13 | 000,025,088 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\sensrsvc.dll -- (SensrSvc)
SRV - [2009/07/13 20:16:12 | 001,004,544 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\PeerDistSvc.dll -- (PeerDistSvc)
SRV - [2009/07/13 20:15:41 | 000,680,960 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
SRV - [2009/02/10 11:01:49 | 000,116,104 | ---- | M] () [Auto | Running] -- C:\Program Files\Canon\IJPLM\ijplmsvc.exe -- (IJPLMSVC)
SRV - [2003/04/18 20:06:26 | 000,008,192 | ---- | M] () [Auto | Stopped] -- C:\Windows\System32\srvany.exe -- (KMService)


========== Driver Services (SafeList) ==========

DRV - [2011/04/12 13:01:38 | 000,045,464 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\dc3d.sys -- (dc3d) MS Hardware Device Detection Driver (USB)
DRV - [2011/04/01 05:11:10 | 004,333,280 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\lvuvc.sys -- (LVUVC) Logitech HD Webcam C510(UVC)
DRV - [2011/04/01 05:09:48 | 000,291,424 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\lvrs.sys -- (LVRS)
DRV - [2011/04/01 05:07:52 | 000,020,448 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\lvbusflt.sys -- (CompFilter)
DRV - [2010/11/20 07:30:15 | 000,175,360 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\system32\drivers\vmbus.sys -- (vmbus)
DRV - [2010/11/20 07:30:15 | 000,040,704 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\system32\drivers\vmstorfl.sys -- (storflt)
DRV - [2010/11/20 07:30:15 | 000,028,032 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\drivers\storvsc.sys -- (storvsc)
DRV - [2010/11/20 05:24:41 | 000,052,224 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\TsUsbFlt.sys -- (TsUsbFlt)
DRV - [2010/11/20 04:14:45 | 000,017,920 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\drivers\VMBusHID.sys -- (VMBusHID)
DRV - [2010/11/20 04:14:41 | 000,005,632 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\drivers\vms3cap.sys -- (s3cap)
DRV - [2010/10/24 22:25:38 | 000,054,144 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\NisDrvWFP.sys -- (NisDrv)
DRV - [2010/10/24 22:25:38 | 000,043,392 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\MpNWMon.sys -- (MpNWMon)
DRV - [2010/10/16 13:55:00 | 010,084,360 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\nvlddmkm.sys -- (nvlddmkm)
DRV - [2010/05/07 19:43:30 | 000,025,824 | ---- | M] () [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\LVPr2Mon.sys -- (LVPr2Mon)
DRV - [2009/12/15 10:23:00 | 000,899,712 | ---- | M] (Creative Technology Ltd.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\ksaud.sys -- (ksaud)
DRV - [2009/08/12 16:58:14 | 000,041,984 | ---- | M] () [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\RecFltr.sys -- (RecFltr)
DRV - [2009/07/13 18:45:33 | 000,083,456 | ---- | M] (Brother Industries Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\serial.sys -- (Serial)
DRV - [2009/07/13 17:13:47 | 000,266,752 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\VSTBS23.SYS -- (VSTHWBS2)
DRV - [2009/06/05 19:12:34 | 000,219,352 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\e1e6232.sys -- (e1express) Intel®
DRV - [2009/02/24 18:42:14 | 000,116,736 | ---- | M] (MagicISO, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\mcdbus.sys -- (mcdbus)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========


IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = en-us
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 94 D2 73 36 8A 32 CB 01 [binary data]
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local

========== FireFox ==========

FF - prefs.js..browser.startup.homepage: "http://www.yahoo.com/"
FF - prefs.js..extensions.enabledItems: toolbar@ask.com:3.11.3.15590
FF - prefs.js..extensions.enabledItems: {1E73965B-8B48-48be-9C8D-68B920ABC1C4}:10.0.0.1319
FF - prefs.js..network.proxy.no_proxies_on: "*.local"
FF - prefs.js..network.proxy.type: 0

FF - HKLM\software\mozilla\Mozilla Firefox 4.0.1\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2011/05/08 14:04:45 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 4.0.1\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2011/05/16 13:31:18 | 000,000,000 | ---D | M]

[2011/01/18 15:05:38 | 000,000,000 | -H-D | M] (No name found) -- C:\Users\Josh\AppData\Roaming\Mozilla\Extensions
[2010/08/12 21:58:37 | 000,000,000 | -H-D | M] (No name found) -- C:\Users\Josh\AppData\Roaming\Mozilla\Extensions\mozswing@mozswing.org
[2011/05/08 14:01:02 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Josh\AppData\Roaming\Mozilla\Firefox\Profiles\t4flj3nz.default\extensions
[2011/05/07 03:05:13 | 000,000,000 | ---D | M] (Ask Toolbar Toolbar) -- C:\Users\Josh\AppData\Roaming\Mozilla\Firefox\Profiles\t4flj3nz.default\extensions\toolbar@ask.com
[2011/05/09 01:28:34 | 000,000,000 | -H-D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions
[2011/05/09 01:28:34 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0025-ABCDEFFEDCBA}
File not found (No name found) --
[2011/05/08 14:04:42 | 000,142,296 | ---- | M] (Mozilla Foundation) -- C:\Program Files\Mozilla Firefox\components\browsercomps.dll
[2011/05/09 01:28:23 | 000,472,808 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\Mozilla Firefox\plugins\npdeployJava1.dll
[2011/05/08 14:04:43 | 000,002,252 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\bing.xml

O1 HOSTS File: ([2011/05/16 13:25:14 | 000,000,098 | ---- | M]) - C:\Windows\System32\drivers\etc\Hosts
O1 - Hosts: 127.0.0.1 localhost
O1 - Hosts: ::1 localhost
O2 - BHO: (Groove GFS Browser Helper) - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files\Microsoft Office\Office14\GROOVEEX.DLL (Microsoft Corporation)
O2 - BHO: (Skype add-on for Internet Explorer) - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O2 - BHO: (Office Document Cache Handler) - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation)
O4 - HKLM..\Run: [Adobe Reader Speed Launcher] C:\Program Files\Adobe\Reader 10.0\Reader\Reader_sl.exe (Adobe Systems Incorporated)
O4 - HKLM..\Run: [BCSSync] C:\Program Files\Microsoft Office\Office14\BCSSync.exe (Microsoft Corporation)
O4 - HKLM..\Run: [CanonMyPrinter] C:\Program Files\Canon\MyPrinter\BJMyPrt.exe (CANON INC.)
O4 - HKLM..\Run: [CanonSolutionMenu] C:\Program Files\Canon\SolutionMenu\CNSLMAIN.exe (CANON INC.)
O4 - HKLM..\Run: [Creative SB Monitoring Utility] C:\Windows\System32\SBAVMon.dll (Creative Technology Ltd.)
O4 - HKLM..\Run: [Reclusa] C:\Program Files\Razer\Reclusa\razerhid.exe (Razer USA Ltd.)
O4 - HKLM..\Run: [VolPanel] C:\Program Files\Creative\Sound Blaster X-Fi Surround 5.1\Volume Panel\VolPanlu.exe (Creative Technology Ltd)
O4 - HKCU..\Run: [Logitech Vid] C:\Program Files\Logitech\Vid HD\Vid.exe (Logitech Inc.)
O4 - Startup: C:\Users\Josh\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\MagicDisc.lnk = C:\Program Files\MagicDisc\MagicDisc.exe (MagicISO, Inc.)
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLUA = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: PromptOnSecureDesktop = 0
O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O9 - Extra Button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office\Office14\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : Se&nd to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office\Office14\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra Button: OneNote Lin&ked Notes - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files\Microsoft Office\Office14\ONBttnIELinkedNotes.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : OneNote Lin&ked Notes - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files\Microsoft Office\Office14\ONBttnIELinkedNotes.dll (Microsoft Corporation)
O9 - Extra Button: Skype add-on for Internet Explorer - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O9 - Extra 'Tools' menuitem : Skype add-on for Internet Explorer - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000005 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O15 - HKCU\..Trusted Domains: anabolicminds.com ([www] http in Trusted sites)
O15 - HKCU\..Trusted Domains: facebook.com ([www] * in Trusted sites)
O15 - HKCU\..Trusted Domains: mustangworld.com ([www] http in Trusted sites)
O16 - DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} http://download.eset.com/special/eos-beta/OnlineScanner.cab (OnlineScanner Control)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_25-windows-i586.cab (Java Plug-in 1.6.0_25)
O16 - DPF: {CAFEEFAC-0016-0000-0025-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_25-windows-i586.cab (Java Plug-in 1.6.0_25)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_25-windows-i586.cab (Java Plug-in 1.6.0_25)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.2.1
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O18 - Protocol\Handler\skype-ie-addon-data {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\System32\SystemPropertiesPerformance.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (/pagefile) - File not found
O28 - HKLM ShellExecuteHooks: {AEB6717E-7E19-11d0-97EE-00C04FD91972} - Reg Error: Key error. File not found
O28 - HKLM ShellExecuteHooks: {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\Program Files\Microsoft Office\Office14\GROOVEEX.DLL (Microsoft Corporation)
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2009/06/10 16:42:20 | 000,000,024 | -H-- | M] () - C:\autoexec.bat -- [ NTFS ]
O32 - AutoRun File - [2010/05/30 21:55:15 | 000,000,175 | R--- | M] () - F:\autorun.inf -- [ CDFS ]
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = ComFile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

NetSvcs: FastUserSwitchingCompatibility - File not found
NetSvcs: Ias - File not found
NetSvcs: Nla - File not found
NetSvcs: Ntmssvc - File not found
NetSvcs: NWCWorkstation - File not found
NetSvcs: Nwsapagent - File not found
NetSvcs: SRService - File not found
NetSvcs: WmdmPmSp - File not found
NetSvcs: LogonHours - File not found
NetSvcs: PCAudit - File not found
NetSvcs: helpsvc - File not found
NetSvcs: uploadmgr - File not found

Drivers32: msacm.l3acm - C:\Windows\System32\l3codeca.acm (Fraunhofer Institut Integrierte Schaltungen IIS)
Drivers32: MSVideo - C:\Windows\System32\vfwwdm32.dll (Microsoft Corporation)
Drivers32: MSVideo8 - C:\Windows\System32\vfwwdm32.dll (Microsoft Corporation)
Drivers32: vidc.cvid - C:\Windows\System32\iccvid.dll (Radius Inc.)
Drivers32: vidc.i420 - C:\Windows\System32\lvcodec2.dll (Logitech Inc.)

========== Files/Folders - Created Within 30 Days ==========

[2011/05/16 13:31:08 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Adobe
[2011/05/13 14:25:00 | 000,000,000 | ---D | C] -- C:\Users\Josh\Desktop\tdsskiller
[2011/05/13 10:15:18 | 000,000,000 | ---D | C] -- C:\_OTL
[2011/05/12 23:28:22 | 000,580,608 | ---- | C] (OldTimer Tools) -- C:\Users\Josh\Desktop\OTL.exe
[2011/05/09 02:54:15 | 000,000,000 | -HSD | C] -- C:\$RECYCLE.BIN
[2011/05/09 02:46:21 | 000,212,480 | ---- | C] (SteelWerX) -- C:\Windows\SWXCACLS.exe
[2011/05/09 02:40:22 | 000,000,000 | ---D | C] -- C:\Program Files\ESET
[2011/05/09 01:43:10 | 000,000,000 | ---D | C] -- C:\Users\Josh\AppData\Local\temp
[2011/05/09 01:28:45 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Java
[2011/05/09 00:56:25 | 000,161,792 | ---- | C] (SteelWerX) -- C:\Windows\SWREG.exe
[2011/05/09 00:56:25 | 000,136,704 | ---- | C] (SteelWerX) -- C:\Windows\SWSC.exe
[2011/05/09 00:56:25 | 000,031,232 | ---- | C] (NirSoft) -- C:\Windows\NIRCMD.exe
[2011/05/09 00:53:09 | 000,000,000 | ---D | C] -- C:\Windows\ERDNT
[2011/05/09 00:51:00 | 000,000,000 | ---D | C] -- C:\Users\Josh\AppData\Roaming\Malwarebytes
[2011/05/09 00:50:54 | 000,038,224 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbamswissarmy.sys
[2011/05/09 00:50:54 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware
[2011/05/09 00:50:53 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes
[2011/05/09 00:50:50 | 000,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware
[2011/05/09 00:46:11 | 000,000,000 | ---D | C] -- C:\Qoobox
[2011/04/30 02:16:11 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Mouse
[2011/04/30 02:15:49 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft IntelliPoint
[2011/04/22 12:03:01 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\FreeCause
[2011/04/22 12:02:55 | 000,000,000 | ---D | C] -- C:\Users\Josh\AppData\Local\TempImg
[2011/04/22 12:02:52 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\RegistryCleaner
[2011/04/22 12:02:52 | 000,000,000 | ---D | C] -- C:\Program Files\Registry Cleaner
[2011/04/22 12:02:47 | 000,000,000 | ---D | C] -- C:\Users\Josh\AppData\Local\TempImages
[2011/04/22 11:26:48 | 000,000,000 | ---D | C] -- C:\Users\Josh\AppData\Roaming\AVG10
[2011/04/22 11:23:23 | 000,000,000 | -H-D | C] -- C:\ProgramData\Common Files
[2011/04/22 11:22:19 | 000,000,000 | ---D | C] -- C:\ProgramData\AVG10
[2011/04/22 11:18:57 | 000,000,000 | ---D | C] -- C:\ProgramData\MFAData
[2011/04/20 12:31:13 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\VSO
[2011/04/20 12:31:10 | 000,626,688 | ---- | C] (On2.com) -- C:\Windows\System32\vp7vfw.dll
[2011/04/20 12:31:08 | 000,000,000 | ---D | C] -- C:\Program Files\VSO
[2011/04/20 12:29:44 | 000,000,000 | -H-D | C] -- C:\Users\Josh\Documents\PcSetup
[2011/04/20 12:26:35 | 000,000,000 | -H-D | C] -- C:\Users\Josh\AppData\Roaming\Vso

========== Files - Modified Within 30 Days ==========

[2011/05/16 13:31:18 | 000,001,989 | ---- | M] () -- C:\Users\Public\Desktop\Adobe Reader X.lnk
[2011/05/16 13:26:53 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2011/05/16 13:26:49 | 1608,970,240 | -HS- | M] () -- C:\hiberfil.sys
[2011/05/16 13:25:14 | 000,000,098 | ---- | M] () -- C:\Windows\System32\drivers\etc\Hosts
[2011/05/16 03:45:30 | 000,013,456 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2011/05/16 03:45:30 | 000,013,456 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2011/05/12 23:28:24 | 000,580,608 | ---- | M] (OldTimer Tools) -- C:\Users\Josh\Desktop\OTL.exe
[2011/05/12 23:26:15 | 000,133,632 | ---- | M] () -- C:\Users\Josh\Desktop\RKUnhookerLE.EXE
[2011/05/09 23:38:23 | 000,001,112 | ---- | M] () -- C:\Users\Josh\Desktop\Mozilla Firefox.lnk
[2011/05/09 01:51:31 | 000,000,000 | ---- | M] () -- C:\Users\Josh\defogger_reenable
[2011/05/09 01:31:40 | 004,343,965 | R--- | M] () -- C:\Users\Josh\Desktop\ComboFix.exe
[2011/05/09 00:50:54 | 000,001,071 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes' Anti-Malware.lnk
[2011/05/08 14:05:17 | 000,002,002 | ---- | M] () -- C:\Users\Josh\Application Data\Microsoft\Internet Explorer\Quick Launch\Mozilla Firefox.lnk
[2011/05/04 09:29:41 | 000,408,904 | ---- | M] () -- C:\Windows\System32\FNTCACHE.DAT
[2011/05/02 14:03:50 | 000,624,802 | ---- | M] () -- C:\Windows\System32\perfh009.dat
[2011/05/02 14:03:50 | 000,106,216 | ---- | M] () -- C:\Windows\System32\perfc009.dat
[2011/04/29 23:27:58 | 000,160,944 | ---- | M] () -- C:\Users\Josh\042911-23883-01.dmp
[2011/04/29 23:27:47 | 2145,333,553 | ---- | M] () -- C:\Windows\MEMORY.DMP
[2011/04/24 13:52:52 | 000,001,411 | ---- | M] () -- C:\Users\Josh\Application Data\Microsoft\Internet Explorer\Quick Launch\Launch Internet Explorer Browser.lnk
[2011/04/23 11:07:51 | 000,072,822 | ---- | M] () -- C:\Windows\System32\ieuinit.inf
[2011/04/22 12:03:57 | 000,001,060 | ---- | M] () -- C:\Users\Josh\Desktop\RegistryCleaner.lnk
[2011/04/22 00:05:52 | 000,000,036 | ---- | M] () -- C:\Users\Josh\AppData\Local\housecall.guid.cache
[2011/04/20 12:32:32 | 000,001,057 | -H-- | M] () -- C:\Users\Josh\AppData\Roaming\vso_ts_preview.xml
[2011/04/20 12:31:13 | 000,001,190 | ---- | M] () -- C:\Users\Josh\Desktop\ConvertXtoDVD 4.lnk

========== Files Created - No Company Name ==========

[2011/05/16 13:31:18 | 000,002,441 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Reader X.lnk
[2011/05/16 13:31:18 | 000,001,989 | ---- | C] () -- C:\Users\Public\Desktop\Adobe Reader X.lnk
[2011/05/12 23:26:14 | 000,133,632 | ---- | C] () -- C:\Users\Josh\Desktop\RKUnhookerLE.EXE
[2011/05/09 23:38:23 | 000,001,112 | ---- | C] () -- C:\Users\Josh\Desktop\Mozilla Firefox.lnk
[2011/05/09 01:51:31 | 000,000,000 | ---- | C] () -- C:\Users\Josh\defogger_reenable
[2011/05/09 01:17:22 | 004,343,965 | R--- | C] () -- C:\Users\Josh\Desktop\ComboFix.exe
[2011/05/09 00:56:25 | 000,256,512 | ---- | C] () -- C:\Windows\PEV.exe
[2011/05/09 00:56:25 | 000,098,816 | ---- | C] () -- C:\Windows\sed.exe
[2011/05/09 00:56:25 | 000,089,088 | ---- | C] () -- C:\Windows\MBR.exe
[2011/05/09 00:56:25 | 000,080,412 | ---- | C] () -- C:\Windows\grep.exe
[2011/05/09 00:56:25 | 000,068,096 | ---- | C] () -- C:\Windows\zip.exe
[2011/05/09 00:50:54 | 000,001,071 | ---- | C] () -- C:\Users\Public\Desktop\Malwarebytes' Anti-Malware.lnk
[2011/05/08 14:04:47 | 000,001,112 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mozilla Firefox.lnk
[2011/04/29 23:27:53 | 000,160,944 | ---- | C] () -- C:\Users\Josh\042911-23883-01.dmp
[2011/04/29 23:27:47 | 2145,333,553 | ---- | C] () -- C:\Windows\MEMORY.DMP
[2011/04/23 11:07:51 | 000,072,822 | ---- | C] () -- C:\Windows\System32\ieuinit.inf
[2011/04/22 12:03:57 | 000,001,060 | ---- | C] () -- C:\Users\Josh\Desktop\RegistryCleaner.lnk
[2011/04/22 00:05:52 | 000,000,036 | ---- | C] () -- C:\Users\Josh\AppData\Local\housecall.guid.cache
[2011/04/20 12:31:13 | 000,001,190 | ---- | C] () -- C:\Users\Josh\Desktop\ConvertXtoDVD 4.lnk
[2011/04/20 12:26:36 | 000,001,057 | -H-- | C] () -- C:\Users\Josh\AppData\Roaming\vso_ts_preview.xml
[2011/04/01 05:07:02 | 010,877,272 | ---- | C] () -- C:\Windows\System32\LogiDPP.dll
[2011/04/01 05:07:02 | 000,102,744 | ---- | C] () -- C:\Windows\System32\LogiDPPApp.exe
[2011/04/01 05:06:56 | 000,331,608 | ---- | C] () -- C:\Windows\System32\DevManagerCore.dll
[2011/04/01 04:56:00 | 000,027,872 | ---- | C] () -- C:\Windows\System32\lvcoinst.ini
[2011/03/01 00:36:11 | 000,000,056 | -H-- | C] () -- C:\Windows\System32\ezsidmv.dat
[2011/02/23 13:22:23 | 000,066,048 | ---- | C] () -- C:\Windows\System32\PrintBrmUi.exe
[2011/02/04 02:24:24 | 000,008,192 | ---- | C] () -- C:\Windows\System32\srvany.exe
[2010/11/23 19:56:38 | 000,041,984 | ---- | C] () -- C:\Windows\System32\drivers\RecFltr.sys
[2010/08/04 09:29:00 | 000,001,352 | ---- | C] () -- C:\ProgramData\cfSB1090.ini
[2010/08/04 09:29:00 | 000,001,352 | ---- | C] () -- C:\ProgramData\cfSB0910.ini
[2010/08/04 09:29:00 | 000,001,346 | ---- | C] () -- C:\ProgramData\cfSB1100.ini
[2010/08/04 09:29:00 | 000,001,302 | ---- | C] () -- C:\ProgramData\cfSB0300.ini
[2010/08/04 09:29:00 | 000,001,282 | ---- | C] () -- C:\ProgramData\cfSB0471.ini
[2010/08/04 09:29:00 | 000,001,208 | ---- | C] () -- C:\ProgramData\cfSB0490.ini
[2010/08/04 09:29:00 | 000,001,027 | ---- | C] () -- C:\ProgramData\cfSB0560.ini
[2010/08/04 09:29:00 | 000,001,026 | ---- | C] () -- C:\ProgramData\cfSB0271.ini
[2010/08/04 09:29:00 | 000,001,026 | ---- | C] () -- C:\ProgramData\cfSB0270.ini
[2010/08/04 09:29:00 | 000,000,590 | ---- | C] () -- C:\ProgramData\cfSB0950.ini
[2010/08/03 20:33:32 | 000,177,664 | ---- | C] () -- C:\Windows\System32\APOMngr.DLL
[2010/08/03 20:33:32 | 000,073,728 | ---- | C] () -- C:\Windows\System32\CmdRtr.DLL
[2010/08/03 20:33:25 | 000,033,327 | ---- | C] () -- C:\Windows\System32\kschimp.ini
[2010/08/03 20:33:24 | 000,001,352 | ---- | C] () -- C:\ProgramData\cfgks150plus.ini
[2010/08/03 20:33:24 | 000,001,352 | ---- | C] () -- C:\ProgramData\CfgBennu.ini
[2010/08/03 20:33:24 | 000,001,302 | ---- | C] () -- C:\ProgramData\cfgks500.ini
[2010/08/03 20:33:24 | 000,001,282 | ---- | C] () -- C:\ProgramData\cfgks550.ini
[2010/08/03 20:33:24 | 000,001,208 | ---- | C] () -- C:\ProgramData\cfgks150.ini
[2010/08/03 20:33:24 | 000,001,027 | ---- | C] () -- C:\ProgramData\cfgks200.ini
[2010/08/03 20:33:24 | 000,001,026 | ---- | C] () -- C:\ProgramData\cfgks50.ini
[2010/08/03 20:33:24 | 000,000,029 | ---- | C] () -- C:\Windows\System32\ctzapxx.ini
[2010/08/03 20:33:23 | 000,001,026 | ---- | C] () -- C:\ProgramData\cfgks100.ini
[2010/08/03 20:33:21 | 000,028,635 | ---- | C] () -- C:\Windows\System32\ksaud.ini
[2010/05/07 19:46:36 | 000,014,168 | ---- | C] () -- C:\Windows\System32\drivers\iKeyLFT2.dll
[2010/05/07 19:43:30 | 000,025,824 | ---- | C] () -- C:\Windows\System32\drivers\LVPr2Mon.sys
[2010/02/08 08:33:04 | 000,359,320 | ---- | C] () -- C:\Windows\System32\vfprintpthelper.dll
[2009/07/13 23:57:37 | 000,067,584 | --S- | C] () -- C:\Windows\bootstat.dat
[2009/07/13 23:33:53 | 000,408,904 | ---- | C] () -- C:\Windows\System32\FNTCACHE.DAT
[2009/07/13 21:05:48 | 000,624,802 | ---- | C] () -- C:\Windows\System32\perfh009.dat
[2009/07/13 21:05:48 | 000,291,294 | ---- | C] () -- C:\Windows\System32\perfi009.dat
[2009/07/13 21:05:48 | 000,106,216 | ---- | C] () -- C:\Windows\System32\perfc009.dat
[2009/07/13 21:05:48 | 000,031,548 | ---- | C] () -- C:\Windows\System32\perfd009.dat
[2009/07/13 21:05:05 | 000,000,741 | ---- | C] () -- C:\Windows\System32\NOISE.DAT
[2009/07/13 21:04:11 | 000,215,943 | ---- | C] () -- C:\Windows\System32\dssec.dat
[2009/07/13 18:55:01 | 000,043,131 | ---- | C] () -- C:\Windows\mib.bin
[2009/07/13 18:51:43 | 000,073,728 | ---- | C] () -- C:\Windows\System32\BthpanContextHandler.dll
[2009/07/13 18:42:10 | 000,064,000 | ---- | C] () -- C:\Windows\System32\BWContextHandler.dll
[2009/06/10 16:26:10 | 000,673,088 | ---- | C] () -- C:\Windows\System32\mlang.dat

========== LOP Check ==========

[2011/04/22 11:26:48 | 000,000,000 | ---D | M] -- C:\Users\Josh\AppData\Roaming\AVG10
[2011/05/09 00:31:42 | 000,000,000 | ---D | M] -- C:\Users\Josh\AppData\Roaming\BitTorrent
[2011/04/21 23:26:18 | 000,000,000 | ---D | M] -- C:\Users\Josh\AppData\Roaming\Razer
[2011/04/21 23:26:18 | 000,000,000 | ---D | M] -- C:\Users\Josh\AppData\Roaming\SoftGrid Client
[2010/08/13 09:58:44 | 000,000,000 | -H-D | M] -- C:\Users\Josh\AppData\Roaming\TP
[2011/04/20 12:32:33 | 000,000,000 | -H-D | M] -- C:\Users\Josh\AppData\Roaming\Vso
[2009/07/13 23:53:46 | 000,027,952 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT

========== Purity Check ==========



========== Custom Scans ==========


< hklm\software\clients\startmenuinternet|command /rs >
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\InstallInfo\\HideIconsCommand: "C:\Program Files\Mozilla Firefox\uninstall\helper.exe" /HideShortcuts [2011/05/08 14:04:43 | 000,711,672 | ---- | M] (Mozilla Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\InstallInfo\\ShowIconsCommand: "C:\Program Files\Mozilla Firefox\uninstall\helper.exe" /ShowShortcuts [2011/05/08 14:04:43 | 000,711,672 | ---- | M] (Mozilla Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\InstallInfo\\ReinstallCommand: "C:\Program Files\Mozilla Firefox\uninstall\helper.exe" /SetAsDefaultAppGlobal [2011/05/08 14:04:43 | 000,711,672 | ---- | M] (Mozilla Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\shell\open\command\\: C:\Program Files\Mozilla Firefox\firefox.exe [2011/05/08 14:04:42 | 000,924,632 | ---- | M] (Mozilla Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\shell\properties\command\\: "C:\Program Files\Mozilla Firefox\firefox.exe" -preferences [2011/05/08 14:04:42 | 000,924,632 | ---- | M] (Mozilla Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\shell\safemode\command\\: "C:\Program Files\Mozilla Firefox\firefox.exe" -safe-mode [2011/05/08 14:04:42 | 000,924,632 | ---- | M] (Mozilla Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\InstallInfo\\ShowIconsCommand: "C:\Windows\System32\ie4uinit.exe" -show [2011/04/23 11:07:51 | 000,074,240 | ---- | M] (Microsoft Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\InstallInfo\\ReinstallCommand: "C:\Windows\System32\ie4uinit.exe" -reinstall [2011/04/23 11:07:51 | 000,074,240 | ---- | M] (Microsoft Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\InstallInfo\\HideIconsCommand: "C:\Windows\System32\ie4uinit.exe" -hide [2011/04/23 11:07:51 | 000,074,240 | ---- | M] (Microsoft Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\shell\naom\command\\: "C:\Program Files\Internet Explorer\iexplore.exe" -extoff [2011/04/23 11:07:52 | 000,748,336 | ---- | M] (Microsoft Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\shell\open\command\\: "C:\Program Files\Internet Explorer\iexplore.exe" [2011/04/23 11:07:52 | 000,748,336 | ---- | M] (Microsoft Corporation)

< %USERPROFILE%\AppData\Local\Google\Chrome\User Data\*.* /s >

< HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate\AU >

< HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\Auto Update\Results\Install|LastSuccessTime /rs >
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\Auto Update\Results\Install\\LastSuccessTime: 2011-04-30 07:17:16

< End of report >


** Everything appears to be running fine... so recent script errors or redirects.

#11 SweetTech

SweetTech

    Agent ST


  • Members
  • 13,421 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Antarctica
  • Local time:11:34 AM

Posted 16 May 2011 - 03:36 PM

Hello,

Your logs appear to be clean, so if you have no further issues with your computer, then please proceed with the following housekeeping procedures outlined below.



Time for some housekeeping
The following will implement some cleanup procedures as well as reset System Restore points:

Click Start > Run and copy/paste the following bolded text into the Run box and click OK: ComboFix /Uninstall



NEXT:



OTL Fix

We need to run an OTL Fix
  • Please reopen Posted Image on your desktop.
  • Copy and Paste the following code into the Posted Image textbox.
    :Commands
    [ClearAllRestorePoints]
    
  • Push Posted Image
  • OTL may ask to reboot the machine. Please do so if asked.
  • Click the OK button.
  • A report will open. Copy and Paste that report in your next reply.


NEXT:



OTL Clean-Up

We Need to Clean Up our Mess
Our work on your machine has left considerable leftovers on your box. Let's clean those up real quick:
  • Reopen Posted Image on your desktop.
  • Click on Posted Image
  • You will be prompted to reboot your system. Please do so.
If you still have any tools or logs leftover on your computer you can go ahead and delete those off of your computer now.


NEXT:



All Clean Speech

===> Make sure you've re-enabled any Security Programs that we may have disabled during the malware removal process. <===



Below I have included a number of recommendations for how to protect your computer against malware infections.


Updated Anti-Virus Program
It's essential that you have an updated anti-virus program running on your computer. You don't want to run more than one as it can cause program conflicts, as well as false positives

You can view an excellent list of Free Security Software programs that has been compiled by GeekstoGo.


Avoid P2P Programs

Remember that no matter how clean the program you're using for peer-to-peer filesharing may be, it offers no guarantees regarding the cleanliness of files you may choose to download. All files available via p2p filesharing carry a high risk, particularly those that offer you illegitimate methods of using legitimate software programs without paying for them. Some further readings on this subject, along the included links, are as follows: File-Sharing, otherwise known as Peer To Peer and Risks of File-Sharing Technology.

If you have any of these programs installed then I highly suggest you uninstall them.

NOTE: Take care when answering any questions posed by an uninstaller. Some questions may be worded to deceive you into keeping the program.


Internet Browsers

Many of the users that I assist here on the forums, ask me which programs they can use to prevent themselves from getting infected again in the future. The best answer I can give you is too practice safe browsing.

Please consider using an alternative browser such as Google Chrome or Opera. They are both much more secure than Internet Explorer, immune to almost all known browser hijackers, and also have great built-in pop-up blockers.

I also suggest you make your Internet Explore more secure.


Make Internet Explorer more secure

  • Click Start > Run
  • Type Inetcpl.cpl & click OK
  • Click on the Security tab
  • Click Reset all zones to default level
  • Make sure the Internet Zone is selected & Click Custom level
  • In the ActiveX section, set the first two options ("Download signed and unsigned ActiveX controls) to "Prompt", and ("Initialize and Script ActiveX controls not marked as safe") to "Disable".
  • Next Click OK, then Apply button and then OK to exit the Internet Properties page.



Extra Goodies

  • It is good security practice to change your passwords to all your online accounts on a fairly regular basis, this is especially true after an infection. Refer to this Microsoft article
    Strong passwords: How to create and use them
    then consider a password keeper, to keep all your passwords safe.
  • Keep Windows updated by regularly checking their website at: http://windowsupdate.microsoft.com/
    This will ensure your computer has always the latest security updates available installed on your computer.
  • You should run an updated scan with MalwareBytes' Anti-Malware weekly. Instructions are included below:

    • Open Malwarebytes' Anti-Malware
    • Select the Update tab
    • Click Check for Updates

  • Be weary of e-mails from unknown senders. Keep the following in mind as well: If it's to good to be true, then it more than likely is.

  • FileHippo Update Checker is an extremely helpful program that will tell you which of your programs need to be updated. Its important to keep programs up to date so that malware doesn't exploit any old security flaws.
  • ATF Cleaner - Cleans temporary files from IE and Windows, empties the recycle bin and more. Great tool to help speed up your computer and knock out those nasties that like to reside in the temp folders.
  • WOT, Web of Trust, warns you about risky websites that try to scam visitors, deliver malware or send spam. Protect your computer against online threats by using WOT as your front-line layer of protection when browsing or searching in unfamiliar territory. WOT's color-coded icons show you ratings for 21 million websites, helping you avoid the dangerous sites:
    • Green to go
    • Yellow for caution
    • Red to stop
    WOT has an addon available for Chrome and Opera.
  • Keep a backup of your important files - Now, more than ever, it's especially important to protect your digital files and memories. This article is full of good information on alternatives for home backup solutions.
  • In light of your recent issue, I'm sure you'd like to avoid any future infections. Please take a look at these well written articles:
    Think Prevention.
    PC Safety and Security--What Do I Need?.
**Be very wary with any security software that is advertised in popups or in other ways. They are not only usually of no use, but often have malware in them.

Thank you for your patience, and performing all of the procedures requested.

Please respond one last time so we can consider the thread resolved and close it, thank-you.

Cheers,
SweetTech.

Have I helped you? If you'd like to assist in the fight against malware, click here Posted Image


The instructions seen in this post have been specifically tailored to this user and the issues they are experiencing with their computer. If you think you have a similar problem, please first read this topic, and then begin your own, new thread. I do not offer private support via Private Message.


#12 jcalvert86

jcalvert86
  • Topic Starter

  • Members
  • 10 posts
  • OFFLINE
  •  
  • Local time:10:34 AM

Posted 17 May 2011 - 12:18 AM

Slight issue...alot of personal files are now gone.

Word documents, excel spreadsheets etc.

#13 SweetTech

SweetTech

    Agent ST


  • Members
  • 13,421 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Antarctica
  • Local time:11:34 AM

Posted 17 May 2011 - 09:01 AM

Slight issue...alot of personal files are now gone.

Word documents, excel spreadsheets etc.

I take it you have already proceed with the clean-up procedure?

When did you notice that a lot of these files were gone?

Where were these files stored?

Have I helped you? If you'd like to assist in the fight against malware, click here Posted Image


The instructions seen in this post have been specifically tailored to this user and the issues they are experiencing with their computer. If you think you have a similar problem, please first read this topic, and then begin your own, new thread. I do not offer private support via Private Message.


#14 jcalvert86

jcalvert86
  • Topic Starter

  • Members
  • 10 posts
  • OFFLINE
  •  
  • Local time:10:34 AM

Posted 17 May 2011 - 02:26 PM


Slight issue...alot of personal files are now gone.

Word documents, excel spreadsheets etc.

I take it you have already proceed with the clean-up procedure?

When did you notice that a lot of these files were gone?

Where were these files stored?


I waited to do the cleanup procedure, other than removing combofix.

I noticed it yesterday.. some were stored on the desktop, others in a personal folder. All my music, pictures etc are also gone.

Edited by jcalvert86, 17 May 2011 - 02:26 PM.


#15 SweetTech

SweetTech

    Agent ST


  • Members
  • 13,421 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Antarctica
  • Local time:11:34 AM

Posted 17 May 2011 - 02:32 PM

Did you notice these files missing after doing a particular step? The more information you provide to me, the better i'll be to see what has happened to it.

Have I helped you? If you'd like to assist in the fight against malware, click here Posted Image


The instructions seen in this post have been specifically tailored to this user and the issues they are experiencing with their computer. If you think you have a similar problem, please first read this topic, and then begin your own, new thread. I do not offer private support via Private Message.





0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users