Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Some infection that's affecting both FireFox and Google Chrome


  • This topic is locked This topic is locked
25 replies to this topic

#1 Mazzocchi

Mazzocchi

  • Members
  • 13 posts
  • OFFLINE
  •  
  • Local time:11:54 PM

Posted 09 May 2011 - 09:30 PM

So I have no idea what's going on. Whatever I have has been hijacking my FireFox Google searches, so most of the time whenever I click a link, I get redirected to one of a few malicious pages. Other than that, I can't start Google Chrome. Whenever I click it, literally nothing happens. I tried un-installing and re-installing, but nothing. Can anybody help?

.
DDS (Ver_11-03-05.01) - NTFSx86
Run by Mazzocchi at 21:57:22.54 on Mon 05/09/2011
Internet Explorer: 7.0.6000.16982 BrowserJavaVersion: 1.6.0_24
Microsoft® Windows Vista™ Home Premium 6.0.6000.0.1252.1.1033.18.3326.1807 [GMT -4:00]
.
.
============== Running Processes ===============
.
C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
svchost.exe 4
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\svchost.exe -k rpcss
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
svchost.exe 4
C:\Windows\system32\SLsvc.exe
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\svchost.exe -k NetworkService
C:\Program Files\Alwil Software\Avast5\AvastSvc.exe
C:\Windows\system32\taskeng.exe
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Windows\system32\rundll32.exe
C:\Windows\system32\taskeng.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Program Files\Alwil Software\Avast5\AvastUI.exe
C:\Program Files\Common Files\Java\Java Update\jusched.exe
C:\Program Files\DivX\DivX Update\DivXUpdate.exe
C:\Program Files\Zune\ZuneLauncher.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Steam\steam.exe
C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
C:\Windows\ehome\ehtray.exe
C:\Program Files\Windows Media Player\wmpnscfg.exe
C:\Program Files\McAfee Security Scan\2.1.121\SSScheduler.exe
C:\Program Files\Rainmeter\Rainmeter.exe
C:\Users\Mazzocchi\AppData\Roaming\Dropbox\bin\Dropbox.exe
C:\Windows\ehome\ehmsas.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\Windows\system32\svchost.exe -k imgsvc
C:\Windows\System32\svchost.exe -k WerSvcGroup
C:\Windows\system32\SearchIndexer.exe
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\Windows\system32\WUDFHost.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\PROGRA~1\Raptr\raptr.exe
C:\PROGRA~1\Raptr\raptr_im.exe
C:\Program Files\Raptr\raptr_ep32.exe
C:\Program Files\Zune\ZuneNss.exe
C:\Windows\system32\wuauclt.exe
C:\Windows\system32\igfxsrvc.exe
C:\Program Files\Last.fm\LastFM.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Mozilla Firefox\plugin-container.exe
C:\Windows\system32\SearchProtocolHost.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Users\Mazzocchi\Desktop\dds.scr
C:\Windows\system32\wbem\wmiprvse.exe
.
============== Pseudo HJT Report ===============
.
uStart Page = about:blank
uInternet Settings,ProxyOverride = <local>;*.local
uURLSearchHooks: DeviceVM Url Search Hook: {0063bf63-bfff-4b8f-9d26-4267df7f17dd} - c:\windows\system32\dvmurl.dll
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll
BHO: Spybot-S&D IE Protection: {53707962-6f74-2d53-2644-206d7942484f} - c:\program files\spybot - search & destroy\SDHelper.dll
BHO: Skype add-on for Internet Explorer: {ae805869-2e5c-4ed4-8f7b-f1f7851a4497} - c:\program files\skype\toolbars\internet explorer\skypeieplugin.dll
BHO: Java™ Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
uRun: [AdobeBridge]
uRun: [Steam] "c:\program files\steam\steam.exe" -silent
uRun: [SpybotSD TeaTimer] c:\program files\spybot - search & destroy\TeaTimer.exe
uRun: [Raptr] c:\progra~1\raptr\raptrstub.exe --startup
uRun: [ehTray.exe] c:\windows\ehome\ehTray.exe
uRun: [WMPNSCFG] c:\program files\windows media player\WMPNSCFG.exe
mRun: [NPSStartup]
mRun: [avast5] c:\progra~1\alwils~1\avast5\avastUI.exe /nogui
mRun: [SunJavaUpdateSched] "c:\program files\common files\java\java update\jusched.exe"
mRun: [DivXUpdate] "c:\program files\divx\divx update\DivXUpdate.exe" /CHECKNOW
mRun: [AppleSyncNotifier] c:\program files\common files\apple\mobile device support\AppleSyncNotifier.exe
mRun: [Zune Launcher] "c:\program files\zune\ZuneLauncher.exe"
mRun: [iTunesHelper] "c:\program files\itunes\iTunesHelper.exe"
mRun: [MSConfig] "c:\windows\system32\msconfig.exe" /auto
dRun: [tfeqgccb] c:\windows\temp\besanbtlq\vsnmkypsika.exe
dRunOnce: [FlashPlayerUpdate] c:\windows\system32\macromed\flash\FlashUtil9f.exe
StartupFolder: c:\users\mazzoc~1\appdata\roaming\micros~1\windows\startm~1\programs\startup\dropbox.lnk - c:\users\mazzocchi\appdata\roaming\dropbox\bin\Dropbox.exe
StartupFolder: c:\progra~2\micros~1\windows\startm~1\programs\startup\mcafee~1.lnk - c:\program files\mcafee security scan\2.1.121\SSScheduler.exe
StartupFolder: c:\progra~2\micros~1\windows\startm~1\programs\startup\rainme~1.lnk - c:\program files\rainmeter\Rainmeter.exe
uPolicies-explorer: HideSCAHealth = 1 (0x1)
mPolicies-system: EnableLUA = 0 (0x0)
IE: {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - c:\program files\aim95\aim.exe
IE: {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - c:\program files\skype\toolbars\internet explorer\skypeieplugin.dll
IE: {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - {53707962-6F74-2D53-2644-206D7942484F} - c:\program files\spybot - search & destroy\SDHelper.dll
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cab
Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - c:\program files\skype\toolbars\internet explorer\skypeieplugin.dll
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - c:\progra~1\common~1\skype\SKYPE4~1.DLL
Notify: igfxcui - igfxdev.dll
SSODL: IconPackager Repair - {1799460C-0BC8-4865-B9DF-4A36CD703FF0} - c:\program files\stardock\object desktop\iconpackager\iprepair.dll
.
================= FIREFOX ===================
.
FF - ProfilePath - c:\users\mazzoc~1\appdata\roaming\mozilla\firefox\profiles\zmchlnj9.default\
FF - prefs.js: browser.search.selectedEngine - Wikipedia (en)
FF - component: c:\program files\mozilla firefox\extensions\{ab2ce124-6272-4b12-94a9-7303c7397bd1}\components\SkypeFfComponent.dll
FF - plugin: c:\program files\divx\divx plus web player\npdivx32.dll
FF - plugin: c:\program files\java\jre6\bin\new_plugin\npdeployJava1.dll
FF - plugin: c:\program files\k-lite codec pack\real\browser\plugins\nppl3260.dll
FF - plugin: c:\program files\k-lite codec pack\real\browser\plugins\nprpjplug.dll
FF - plugin: c:\program files\microsoft silverlight\4.0.60129.0\npctrlui.dll
FF - plugin: c:\program files\mozilla firefox\plugins\npdeployJava1.dll
FF - plugin: c:\program files\mozilla firefox\plugins\npijjiautoinstallpluginff.dll
FF - plugin: c:\program files\veetle\player\npvlc.dll
FF - plugin: c:\program files\veetle\plugins\npVeetle.dll
FF - plugin: c:\program files\veetle\vlcbroadcast\npvbp.dll
FF - plugin: c:\users\mazzocchi\appdata\locallow\unity\webplayer\loader\npUnity3D32.dll
.
============= SERVICES / DRIVERS ===============
.
R1 aswSP;aswSP;c:\windows\system32\drivers\aswSP.sys [2009-11-7 162640]
R2 aswFsBlk;aswFsBlk;c:\windows\system32\drivers\aswFsBlk.sys [2009-11-7 19024]
R2 aswMonFlt;aswMonFlt;c:\windows\system32\drivers\aswMonFlt.sys [2009-11-7 51792]
R2 avast! Antivirus;avast! Antivirus;c:\program files\alwil software\avast5\AvastSvc.exe [2010-3-31 40384]
R3 amdkmdag;amdkmdag;c:\windows\system32\drivers\atipmdag.sys [2010-3-3 5340160]
R3 amdkmdap;amdkmdap;c:\windows\system32\drivers\atikmpag.sys [2010-3-2 152064]
R3 avast! Mail Scanner;avast! Mail Scanner;c:\program files\alwil software\avast5\AvastSvc.exe [2010-3-31 40384]
R3 avast! Web Scanner;avast! Web Scanner;c:\program files\alwil software\avast5\AvastSvc.exe [2010-3-31 40384]
R3 SaiK8018;SaiK8018;c:\windows\system32\drivers\SaiK8018.sys [2008-7-29 106496]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\microsoft.net\framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
S2 Norton Internet Security;Norton Internet Security;"c:\program files\norton internet security\engine\16.0.0.125\ccsvchst.exe" /s "norton internet security" /m "c:\program files\norton internet security\engine\16.0.0.125\dimaster.dll" /prefetch:1 --> c:\program files\norton internet security\engine\16.0.0.125\ccSvcHst.exe [?]
S3 FsUsbExDisk;FsUsbExDisk;c:\windows\system32\FsUsbExDisk.Sys [2009-11-9 36608]
S3 IntcHdmiAddService;Intel® High Definition Audio HDMI;c:\windows\system32\drivers\IntcHdmi.sys [2009-11-7 112640]
S3 McComponentHostService;McAfee Security Scan Component Host Service;c:\program files\mcafee security scan\2.1.121\McCHSvc.exe [2010-9-3 227232]
S3 WMZuneComm;Zune Windows Mobile Connectivity Service;c:\program files\zune\WMZuneComm.exe [2010-9-24 268528]
S3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;c:\windows\microsoft.net\framework\v4.0.30319\wpf\WPFFontCache_v0400.exe [2010-3-18 753504]
S4 AMD External Events Utility;AMD External Events Utility;c:\windows\system32\atiesrxx.exe [2010-3-3 172032]
S4 ES lite Service;ES lite Service for program management.;c:\program files\gigabyte\easysaver\essvr.exe [2009-11-7 68136]
S4 FsUsbExService;FsUsbExService;c:\windows\system32\FsUsbExService.Exe [2009-11-9 233472]
.
=============== Created Last 30 ================
.
2011-05-05 20:05:16 89048 ----a-w- c:\program files\mozilla firefox\libEGL.dll
2011-05-05 20:05:16 781272 ----a-w- c:\program files\mozilla firefox\mozsqlite3.dll
2011-05-05 20:05:16 465880 ----a-w- c:\program files\mozilla firefox\libGLESv2.dll
2011-05-05 20:05:16 1874904 ----a-w- c:\program files\mozilla firefox\mozjs.dll
2011-05-05 20:05:16 15832 ----a-w- c:\program files\mozilla firefox\mozalloc.dll
2011-05-05 20:05:15 1974616 ----a-w- c:\program files\mozilla firefox\D3DCompiler_42.dll
2011-05-05 20:05:15 1892184 ----a-w- c:\program files\mozilla firefox\d3dx9_42.dll
2011-05-05 20:05:15 142296 ----a-w- c:\program files\mozilla firefox\components\browsercomps.dll
2011-04-28 04:21:37 54016 ----a-w- c:\windows\system32\drivers\rpooqw.sys
2011-04-26 02:23:18 -------- d-----w- c:\users\mazzoc~1\appdata\roaming\Malwarebytes
2011-04-26 02:23:03 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2011-04-26 02:23:03 -------- d-----w- c:\progra~2\Malwarebytes
2011-04-26 02:22:58 20952 ----a-w- c:\windows\system32\drivers\mbam.sys
2011-04-26 02:22:58 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2011-04-25 21:34:52 -------- d-----w- c:\users\mazzoc~1\appdata\roaming\Ulbiet
2011-04-25 21:34:52 -------- d-----w- c:\users\mazzoc~1\appdata\roaming\Ixwiq
2011-04-25 19:31:24 64000 ---ha-w- c:\windows\system32\choirver.dll
2011-04-25 18:34:45 93184 --sha-r- c:\windows\system32\kdusba.dll
2011-04-25 16:57:29 -------- d-----w- C:\age
2011-04-25 16:46:59 -------- dc-h--w- c:\progra~2\{B98A2B83-8BB0-42E7-AA1D-D6FA6E7C8F31}
2011-04-25 16:46:49 -------- d-----w- c:\program files\Stardock
2011-04-18 23:19:58 -------- d-----w- c:\program files\iPod
2011-04-18 23:17:53 -------- d-----w- c:\program files\Bonjour
2011-04-15 02:25:44 306688 ----a-w- c:\windows\IsUninst.exe
2011-04-14 09:17:48 -------- d-----w- C:\hegames
2011-04-13 04:44:07 -------- d-----w- c:\users\mazzoc~1\appdata\local\The Wonderful End of the World
2011-04-13 04:40:15 -------- d-----w- c:\users\mazzoc~1\appdata\local\Two Tribes
2011-04-13 04:33:25 -------- d-----w- c:\users\mazzoc~1\appdata\local\Bit.Trip Beat
2011-04-13 04:24:10 99176 ----a-w- c:\windows\system32\PresentationHostProxy.dll
2011-04-13 04:24:10 49472 ----a-w- c:\windows\system32\netfxperf.dll
2011-04-13 04:24:10 297808 ----a-w- c:\windows\system32\mscoree.dll
2011-04-13 04:24:10 295264 ----a-w- c:\windows\system32\PresentationHost.exe
2011-04-13 04:24:10 1130824 ----a-w- c:\windows\system32\dfshim.dll
2011-04-13 04:22:47 444952 ----a-w- c:\windows\system32\wrap_oal.dll
2011-04-13 04:22:47 109080 ----a-w- c:\windows\system32\OpenAL32.dll
2011-04-13 04:22:47 -------- d-----w- c:\program files\OpenAL
2011-04-13 04:22:46 74072 ----a-w- c:\windows\system32\XAPOFX1_5.dll
2011-04-13 04:22:46 527192 ----a-w- c:\windows\system32\XAudio2_7.dll
2011-04-13 04:22:46 239960 ----a-w- c:\windows\system32\xactengine3_7.dll
2011-04-13 04:22:45 470880 ----a-w- c:\windows\system32\d3dx10_43.dll
2011-04-13 04:22:45 248672 ----a-w- c:\windows\system32\d3dx11_43.dll
2011-04-13 04:22:45 2106216 ----a-w- c:\windows\system32\D3DCompiler_43.dll
2011-04-13 04:22:45 1868128 ----a-w- c:\windows\system32\d3dcsx_43.dll
2011-04-13 04:20:30 238936 ----a-w- c:\windows\system32\xactengine3_6.dll
2011-04-13 04:20:30 22360 ----a-w- c:\windows\system32\X3DAudio1_7.dll
2011-04-13 04:05:50 -------- d-----w- c:\users\mazzoc~1\appdata\local\AaaaaRecklessDisregard
2011-04-13 04:05:01 -------- d-----w- c:\users\mazzoc~1\appdata\local\123KickIt
.
==================== Find3M ====================
.
2011-04-25 17:50:12 15819776 ----a-w- c:\windows\system32\imageres.dll
2011-04-08 15:46:17 679936 ----a-w- c:\windows\system32\Rock7077.scr
2011-04-06 20:20:16 91424 ----a-w- c:\windows\system32\dnssd.dll
2011-04-06 20:20:16 107808 ----a-w- c:\windows\system32\dns-sd.exe
2011-02-18 21:36:58 4184352 ----a-w- c:\windows\system32\usbaaplrc.dll
2002-07-26 22:02:06 153088 ----a-w- c:\program files\UNWISE.EXE
.
=================== ROOTKIT ====================
.
Stealth MBR rootkit/Mebroot/Sinowal/TDL4 detector 0.4.2 by Gmer, http://www.gmer.net
Windows 6.0.6000
.
CreateFile("\\.\PHYSICALDRIVE0"): The process cannot access the file because it is being used by another process.
device: opened successfully
user: error reading MBR
.
Disk trace:
called modules: ntkrnlpa.exe CLASSPNP.SYS disk.sys acpi.sys hal.dll >>UNKNOWN [0x87162730]<<
_asm { PUSH EBP; MOV EBP, ESP; PUSH ECX; MOV EAX, [EBP+0x8]; CMP EAX, [0x87168a10]; MOV EAX, [0x87168a8c]; PUSH EBX; PUSH ESI; MOV ESI, [EBP+0xc]; MOV EBX, [ESI+0x60]; PUSH EDI; JNZ 0x20; MOV [EBP+0x8], EAX; }
1 ntkrnlpa!IofCallDriver[0x82C27F3B] -> \Device\Harddisk0\DR0[0x8637F180]
3 nt[0x82CB07E2] -> ntkrnlpa!IofCallDriver[0x82C27F3B] -> [0x8622A928]
5 acpi[0x8044D32A] -> ntkrnlpa!IofCallDriver[0x82C27F3B] -> [0x862228B8]
\Driver\atapi[0x862737F8] -> IRP_MJ_CREATE -> 0x87162730
kernel: MBR read successfully
_asm { XOR AX, AX; MOV DS, AX; MOV ES, AX; MOV SS, AX; MOV SP, 0x7c00; MOV SI, 0x7c00; MOV DI, 0x600; MOV CX, 0x80; STD ; CLD ; CLD ; REP MOVSD ; NOP ; JMP FAR 0x0:0x620; }
detected disk devices:
detected hooks:
\Driver\atapi -> 0x861cd1f8
user != kernel MBR !!!
Warning: possible MBR rootkit infection !
MBR rootkit infection detected ! Use: "mbr.exe -f" to fix.
.
============= FINISH: 22:08:43.33 ===============

Attached Files


Edited by Mazzocchi, 09 May 2011 - 09:32 PM.


BC AdBot (Login to Remove)

 


#2 SweetTech

SweetTech

    Agent ST


  • Members
  • 13,421 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Antarctica
  • Local time:11:54 PM

Posted 12 May 2011 - 04:30 PM

Hello and welcome to the forums!

My secret agent name on the forums is SweetTech (you can call me ST for short), it's a pleasure to meet you. :)

I am very sorry for the delay in responding, but as you can see we are at the moment being flooded with logs which, when paired with the never-ending shortage of helpers, resulted in the delayed responding to your thread.

I would be glad to take a look at your log and help you with solving any malware problems.

If you have since resolved the issues you were originally experiencing, or have received help elsewhere, please inform me so that this topic can be closed.

If you have not, please adhere to the guidelines below and then follow instructions as outlined further below:

  • Logs from malware removal programs (OTL is one of them) can take some time to analyze. I need you to be patient while I analyze any logs you post. Please remember, I am a volunteer, and I do have a life outside of these forums.
  • Please make sure to carefully read any instruction that I give you. Attention to detail is important! Since I cannot see or directly interact with your computer I am dependent on you to "be my eyes" and provide as much information as you can regarding the current state of your computer.
  • If you're not sure, or if something unexpected happens, do NOT continue! Stop and ask!
  • In Windows Vista and Windows 7, all tools need to be started by right clicking and selecting Run as Administrator!
  • If I instruct you to download a specific tool in which you already have, please delete the copy that you have and re-download the tool. The reason I ask you to do this is because these tools are updated fairly regularly.
  • Do not do things I do not ask for, such as running a spyware scan on your computer. The one thing that you should always do, is to make sure sure that your anti-virus definitions are up-to-date!
  • Please do not use the Attachment feature for any log file. Do a Copy/Paste of the entire contents of the log file and submit it inside your post.
  • I am going to stick with you until ALL malware is gone from your system. I would appreciate it if you would do the same. From this point, we're in this together ;)
    Because of this, you must reply within three days
    failure to reply will result in the topic being closed!
  • Please do not PM me directly for help. If you have any questions, post them in this topic.
  • Lastly, I am no magician. I will try very hard to fix your issues, but no promises can be made. Also be aware that some infections are so severe that you might need to resort to reformatting and reinstalling your operating system.
    Don't worry, this only happens in severe cases, but it sadly does happen. Be prepared to back up your data. Have means of backing up your data available.

____________________________________________________


Posted Image One or more of the identified infections is a backdoor trojan and password stealer.

This type of infection allows hackers to access and remotely control your computer, log keystrokes, steal critical system information, and download and execute files without your knowledge.
If you do any banking or other financial transactions on the PC or if it contains any other sensitive information, then from a clean computer, change all passwords where applicable.
It would also be wise to contact those same financial institutions to appraise them of your situation.


I highly suggest you take a look at the two links provided below:
1. How Do I Handle Possible Identify Theft, Internet Fraud, and CC Fraud?
2. When should I re-format? How should I reinstall?


We can still clean this machine but I can't guarantee that it will be 100% secure afterwards. Let me know what you decide to do. If you decide to go through with the cleanup, please proceed with the following steps.



NEXT:



Running TDSSKiller

Please read carefully and follow these steps.
  • Download TDSSKiller and save it to your Desktop.
  • Extract its contents to your desktop.
  • Once extracted, open the TDSSKiller folder and doubleclick on TDSSKiller.exe to run the application, then on Start Scan.


    Posted Image

  • If an infected file is detected, the default action will be Cure, click on Continue.


    Posted Image

  • If a suspicious file is detected, the default action will be Skip, click on Continue.


    Posted Image

  • It may ask you to reboot the computer to complete the process. Click on Reboot Now.


    Posted Image

  • If no reboot is require, click on Report. A log file should appear. Please copy and paste the contents of that file here.
  • If a reboot is required, the report can also be found in your root directory, (usually C:\ folder) in the form of "TDSSKiller.[Version]_[Date]_[Time]_log.txt". Please copy and paste the contents of that file here.


NEXT:



Running OTL

We need to create an OTL Report
  • Please download OTL from one of the following mirrors:
  • Save it to your desktop.
  • Double click on the Posted Image icon on your desktop.
  • Click the "Scan All Users" checkbox.
  • Push the Posted Image button.
  • Two reports will open, copy and paste them in a reply here:
    • OTL.txt <-- Will be opened
    • Extra.txt <-- Will be minimized


NEXT:


Please provide an update on how things are running in your next reply.

Have I helped you? If you'd like to assist in the fight against malware, click here Posted Image


The instructions seen in this post have been specifically tailored to this user and the issues they are experiencing with their computer. If you think you have a similar problem, please first read this topic, and then begin your own, new thread. I do not offer private support via Private Message.


#3 Mazzocchi

Mazzocchi
  • Topic Starter

  • Members
  • 13 posts
  • OFFLINE
  •  
  • Local time:11:54 PM

Posted 12 May 2011 - 09:40 PM

Alrighty thank you for getting back to me :D
Here's the TDSSKiller Log:

2011/05/12 22:23:41.0954 2148 TDSS rootkit removing tool 2.5.0.0 May 1 2011 14:20:16
2011/05/12 22:23:42.0339 2148 ================================================================================
2011/05/12 22:23:42.0339 2148 SystemInfo:
2011/05/12 22:23:42.0339 2148
2011/05/12 22:23:42.0339 2148 OS Version: 6.0.6000 ServicePack: 0.0
2011/05/12 22:23:42.0339 2148 Product type: Workstation
2011/05/12 22:23:42.0339 2148 ComputerName: MAZZOCCHI-PC
2011/05/12 22:23:42.0339 2148 UserName: Mazzocchi
2011/05/12 22:23:42.0339 2148 Windows directory: C:\Windows
2011/05/12 22:23:42.0340 2148 System windows directory: C:\Windows
2011/05/12 22:23:42.0340 2148 Processor architecture: Intel x86
2011/05/12 22:23:42.0340 2148 Number of processors: 4
2011/05/12 22:23:42.0340 2148 Page size: 0x1000
2011/05/12 22:23:42.0340 2148 Boot type: Normal boot
2011/05/12 22:23:42.0340 2148 ================================================================================
2011/05/12 22:23:42.0484 2148 Initialize success
2011/05/12 22:23:56.0032 0768 ================================================================================
2011/05/12 22:23:56.0032 0768 Scan started
2011/05/12 22:23:56.0032 0768 Mode: Manual;
2011/05/12 22:23:56.0032 0768 ================================================================================
2011/05/12 22:23:56.0871 0768 ACPI (84fc6df81212d16be5c4f441682feccc) C:\Windows\system32\drivers\acpi.sys
2011/05/12 22:23:56.0993 0768 adfs (73685e15ef8b0bd9c30f1af413f13d49) C:\Windows\system32\drivers\adfs.sys
2011/05/12 22:23:57.0054 0768 adp94xx (2edc5bbac6c651ece337bde8ed97c9fb) C:\Windows\system32\drivers\adp94xx.sys
2011/05/12 22:23:57.0109 0768 adpahci (b84088ca3cdca97da44a984c6ce1ccad) C:\Windows\system32\drivers\adpahci.sys
2011/05/12 22:23:57.0120 0768 adpu160m (7880c67bccc27c86fd05aa2afb5ea469) C:\Windows\system32\drivers\adpu160m.sys
2011/05/12 22:23:57.0182 0768 adpu320 (9ae713f8e30efc2abccd84904333df4d) C:\Windows\system32\drivers\adpu320.sys
2011/05/12 22:23:57.0262 0768 AFD (5d24caf8efd924a875698ff28384db8b) C:\Windows\system32\drivers\afd.sys
2011/05/12 22:23:57.0278 0768 agp440 (ef23439cdd587f64c2c1b8825cead7d8) C:\Windows\system32\drivers\agp440.sys
2011/05/12 22:23:57.0332 0768 aic78xx (ae1fdf7bf7bb6c6a70f67699d880592a) C:\Windows\system32\drivers\djsvs.sys
2011/05/12 22:23:57.0359 0768 aliide (3a99cb23a2d326fd532618705d6e3048) C:\Windows\system32\drivers\aliide.sys
2011/05/12 22:23:57.0387 0768 amdagp (2b13e304c9dfdfa5eb582f6a149fa2c7) C:\Windows\system32\drivers\amdagp.sys
2011/05/12 22:23:57.0419 0768 amdide (4333c133dbd71c7d7fe4fb1b83f9ee3e) C:\Windows\system32\drivers\amdide.sys
2011/05/12 22:23:57.0428 0768 AmdK7 (dc487885bcef9f28eece6fac0e5ddfc5) C:\Windows\system32\drivers\amdk7.sys
2011/05/12 22:23:57.0442 0768 AmdK8 (0ca0071da4315b00fc1328ca86b425da) C:\Windows\system32\drivers\amdk8.sys
2011/05/12 22:23:57.0576 0768 amdkmdag (70af0409de16e6ef7be74f98652efc37) C:\Windows\system32\DRIVERS\atipmdag.sys
2011/05/12 22:23:57.0626 0768 amdkmdap (0b484b58e0dcb55b8d74952b7d9e8ad2) C:\Windows\system32\DRIVERS\atikmpag.sys
2011/05/12 22:23:57.0644 0768 arc (5f673180268bb1fdb69c99b6619fe379) C:\Windows\system32\drivers\arc.sys
2011/05/12 22:23:57.0657 0768 arcsas (957f7540b5e7f602e44648c7de5a1c05) C:\Windows\system32\drivers\arcsas.sys
2011/05/12 22:23:57.0741 0768 aswFsBlk (7f08d9c504b015d81a8abd75c80028c5) C:\Windows\system32\drivers\aswFsBlk.sys
2011/05/12 22:23:57.0807 0768 aswMonFlt (9bdc8e9ce17b773f69d2c6696c768c4f) C:\Windows\system32\drivers\aswMonFlt.sys
2011/05/12 22:23:57.0824 0768 aswRdr (ac48bdd4cd5d44af33087c06d6e9511c) C:\Windows\system32\drivers\aswRdr.sys
2011/05/12 22:23:57.0899 0768 aswSnx (b64134316fcd1f20e0f10ef3e65bd522) C:\Windows\system32\drivers\aswSnx.sys
2011/05/12 22:23:57.0937 0768 aswSP (d6788e3211afa9951ed7a4d617f68a4f) C:\Windows\system32\drivers\aswSP.sys
2011/05/12 22:23:57.0959 0768 aswTdi (4d100c45517809439c7b6dd98997fa00) C:\Windows\system32\drivers\aswTdi.sys
2011/05/12 22:23:57.0993 0768 AsyncMac (e86cf7ce67d5de898f27ef884dc357d8) C:\Windows\system32\DRIVERS\asyncmac.sys
2011/05/12 22:23:58.0035 0768 atapi (b35cfcef838382ab6490b321c87edf17) C:\Windows\system32\drivers\atapi.sys
2011/05/12 22:23:58.0112 0768 Beep (ac3dd1708b22761ebd7cbe14dcc3b5d7) C:\Windows\system32\drivers\Beep.sys
2011/05/12 22:23:58.0258 0768 bowser (913cd06fbe9105ce6077e90fd4418561) C:\Windows\system32\DRIVERS\bowser.sys
2011/05/12 22:23:58.0294 0768 BrFiltLo (9f9acc7f7ccde8a15c282d3f88b43309) C:\Windows\system32\drivers\brfiltlo.sys
2011/05/12 22:23:58.0323 0768 BrFiltUp (56801ad62213a41f6497f96dee83755a) C:\Windows\system32\drivers\brfiltup.sys
2011/05/12 22:23:58.0367 0768 Brserid (b304e75cff293029eddf094246747113) C:\Windows\system32\drivers\brserid.sys
2011/05/12 22:23:58.0377 0768 BrSerWdm (203f0b1e73adadbbb7b7b1fabd901f6b) C:\Windows\system32\drivers\brserwdm.sys
2011/05/12 22:23:58.0413 0768 BrUsbMdm (bd456606156ba17e60a04e18016ae54b) C:\Windows\system32\drivers\brusbmdm.sys
2011/05/12 22:23:58.0426 0768 BrUsbSer (af72ed54503f717a43268b3cc5faec2e) C:\Windows\system32\drivers\brusbser.sys
2011/05/12 22:23:58.0452 0768 BTHMODEM (ad07c1ec6665b8b35741ab91200c6b68) C:\Windows\system32\drivers\bthmodem.sys
2011/05/12 22:23:58.0531 0768 CamDrL (0f5ca31bb3fdb5c1e63c170cfbecc93b) C:\Windows\system32\DRIVERS\Camdrl.sys
2011/05/12 22:23:58.0545 0768 cdfs (6c3a437fc873c6f6a4fc620b6888cb86) C:\Windows\system32\DRIVERS\cdfs.sys
2011/05/12 22:23:58.0572 0768 cdrom (8d1866e61af096ae8b582454f5e4d303) C:\Windows\system32\DRIVERS\cdrom.sys
2011/05/12 22:23:58.0592 0768 circlass (da8e0afc7baa226c538ef53ac2f90897) C:\Windows\system32\drivers\circlass.sys
2011/05/12 22:23:58.0638 0768 CLFS (1b84fd0937d3b99af9ba38ddff3daf54) C:\Windows\system32\CLFS.sys
2011/05/12 22:23:58.0709 0768 cmdide (dfb94a6fc3a26972b0461ab5f1d8272b) C:\Windows\system32\drivers\cmdide.sys
2011/05/12 22:23:58.0730 0768 Compbatt (82b8c91d327cfecf76cb58716f7d4997) C:\Windows\system32\drivers\compbatt.sys
2011/05/12 22:23:58.0742 0768 crcdisk (2a213ae086bbec5e937553c7d9a2b22c) C:\Windows\system32\drivers\crcdisk.sys
2011/05/12 22:23:58.0764 0768 Crusoe (22a7f883508176489f559ee745b5bf5d) C:\Windows\system32\drivers\crusoe.sys
2011/05/12 22:23:58.0827 0768 DCamUSBEMPIA (5118ea8a2f55fa4d4295516500b78229) C:\Windows\system32\DRIVERS\emDevice.sys
2011/05/12 22:23:58.0843 0768 DfsC (a7179de59ae269ab70345527894ccd7c) C:\Windows\system32\Drivers\dfsc.sys
2011/05/12 22:23:58.0875 0768 disk (841af4c4d41d3e3b2f244e976b0f7963) C:\Windows\system32\drivers\disk.sys
2011/05/12 22:23:58.0942 0768 drmkaud (ee472cd2c01f6f8e8aa1fa06ffef61b6) C:\Windows\system32\drivers\drmkaud.sys
2011/05/12 22:23:59.0006 0768 DXGKrnl (334988883de69adb27e2cf9f9715bbdb) C:\Windows\System32\drivers\dxgkrnl.sys
2011/05/12 22:23:59.0035 0768 E1G60 (f88fb26547fd2ce6d0a5af2985892c48) C:\Windows\system32\DRIVERS\E1G60I32.sys
2011/05/12 22:23:59.0050 0768 Ecache (0efc7531b936ee57fdb4e837664c509f) C:\Windows\system32\drivers\ecache.sys
2011/05/12 22:23:59.0092 0768 elxstor (e8f3f21a71720c84bcf423b80028359f) C:\Windows\system32\drivers\elxstor.sys
2011/05/12 22:23:59.0144 0768 emAudio (200da4f1964c11b3c19a07f937394624) C:\Windows\system32\drivers\emAudio.sys
2011/05/12 22:23:59.0209 0768 fastfat (84a317cb0b3954d3768cdcd018dbf670) C:\Windows\system32\drivers\fastfat.sys
2011/05/12 22:23:59.0231 0768 fdc (63bdada84951b9c03e641800e176898a) C:\Windows\system32\DRIVERS\fdc.sys
2011/05/12 22:23:59.0247 0768 FileInfo (65773d6115c037ffd7ef8280ae85eb9d) C:\Windows\system32\drivers\fileinfo.sys
2011/05/12 22:23:59.0265 0768 Filetrace (c226dd0de060745f3e042f58dcf78402) C:\Windows\system32\drivers\filetrace.sys
2011/05/12 22:23:59.0310 0768 FiltUSBEMPIA (6f87e4706f59463b74bc4fad0f67338f) C:\Windows\system32\DRIVERS\emFilter.sys
2011/05/12 22:23:59.0362 0768 flpydisk (6603957eff5ec62d25075ea8ac27de68) C:\Windows\system32\DRIVERS\flpydisk.sys
2011/05/12 22:23:59.0372 0768 FltMgr (a6a8da7ae4d53394ab22ac3ab6d3f5d3) C:\Windows\system32\drivers\fltmgr.sys
2011/05/12 22:23:59.0427 0768 FsUsbExDisk (790a4ca68f44be35967b3df61f3e4675) C:\Windows\system32\FsUsbExDisk.SYS
2011/05/12 22:23:59.0480 0768 Fs_Rec (66a078591208baa210c7634b11eb392c) C:\Windows\system32\drivers\Fs_Rec.sys
2011/05/12 22:23:59.0497 0768 gagp30kx (4e1cd0a45c50a8882616cae5bf82f3c5) C:\Windows\system32\drivers\gagp30kx.sys
2011/05/12 22:23:59.0537 0768 gdrv (d556cb79967e92b5cc69686d16c1d846) C:\Windows\gdrv.sys
2011/05/12 22:23:59.0552 0768 GEARAspiWDM (8182ff89c65e4d38b2de4bb0fb18564e) C:\Windows\system32\DRIVERS\GEARAspiWDM.sys
2011/05/12 22:23:59.0626 0768 HdAudAddService (cb04c744be0a61b1d648faed182c3b59) C:\Windows\system32\drivers\HdAudio.sys
2011/05/12 22:23:59.0739 0768 HDAudBus (0db613a7e427b5663563677796fd5258) C:\Windows\system32\DRIVERS\HDAudBus.sys
2011/05/12 22:23:59.0805 0768 HidBth (1338520e78d90154ed6be8f84de5fceb) C:\Windows\system32\drivers\hidbth.sys
2011/05/12 22:23:59.0819 0768 HidIr (ff3160c3a2445128c5a6d9b076da519e) C:\Windows\system32\drivers\hidir.sys
2011/05/12 22:23:59.0852 0768 HidUsb (3c64042b95e583b366ba4e5d2450235e) C:\Windows\system32\DRIVERS\hidusb.sys
2011/05/12 22:23:59.0880 0768 HpCISSs (df353b401001246853763c4b7aaa6f50) C:\Windows\system32\drivers\hpcisss.sys
2011/05/12 22:23:59.0960 0768 HTTP (ea24fe637d974a8a31bc650f478e3533) C:\Windows\system32\drivers\HTTP.sys
2011/05/12 22:23:59.0975 0768 i2omp (324c2152ff2c61abae92d09f3cca4d63) C:\Windows\system32\drivers\i2omp.sys
2011/05/12 22:24:00.0019 0768 i8042prt (1c9ee072baa3abb460b91d7ee9152660) C:\Windows\system32\DRIVERS\i8042prt.sys
2011/05/12 22:24:00.0045 0768 iaStorV (c957bf4b5d80b46c5017bf0101e6c906) C:\Windows\system32\drivers\iastorv.sys
2011/05/12 22:24:00.0176 0768 igfx (c74a92abcc2a16c438e43cddb904bf75) C:\Windows\system32\DRIVERS\igdkmd32.sys
2011/05/12 22:24:00.0246 0768 iirsp (2d077bf86e843f901d8db709c95b49a5) C:\Windows\system32\drivers\iirsp.sys
2011/05/12 22:24:00.0385 0768 IntcAzAudAddService (38d5b498c555403ef637806937ab6639) C:\Windows\system32\drivers\RTKVHDA.sys
2011/05/12 22:24:00.0423 0768 IntcHdmiAddService (362b19109f9b6f68c8e2a35efc9144a0) C:\Windows\system32\drivers\IntcHdmi.sys
2011/05/12 22:24:00.0483 0768 intelide (988981c840084f480ba9e3319cebde1b) C:\Windows\system32\drivers\intelide.sys
2011/05/12 22:24:00.0498 0768 intelppm (ce44cc04262f28216dd4341e9e36a16f) C:\Windows\system32\DRIVERS\intelppm.sys
2011/05/12 22:24:00.0535 0768 IpFilterDriver (880c6f86cc3f551b8fea2c11141268c0) C:\Windows\system32\DRIVERS\ipfltdrv.sys
2011/05/12 22:24:00.0558 0768 IPMIDRV (40f34f8aba2a015d780e4b09138b6c17) C:\Windows\system32\drivers\ipmidrv.sys
2011/05/12 22:24:00.0571 0768 IPNAT (10077c35845101548037df04fd1a420b) C:\Windows\system32\DRIVERS\ipnat.sys
2011/05/12 22:24:00.0607 0768 IRENUM (a82f328f4792304184642d6d397bb1e3) C:\Windows\system32\drivers\irenum.sys
2011/05/12 22:24:00.0621 0768 isapnp (350fca7e73cf65bcef43fae1e4e91293) C:\Windows\system32\drivers\isapnp.sys
2011/05/12 22:24:00.0653 0768 iScsiPrt (4dca456d4d5723f8fa9c6760d240b0df) C:\Windows\system32\DRIVERS\msiscsi.sys
2011/05/12 22:24:00.0681 0768 iteatapi (bced60d16156e428f8df8cf27b0df150) C:\Windows\system32\drivers\iteatapi.sys
2011/05/12 22:24:00.0711 0768 iteraid (06fa654504a498c30adca8bec4e87e7e) C:\Windows\system32\drivers\iteraid.sys
2011/05/12 22:24:00.0776 0768 kbdclass (b076b2ab806b3f696dab21375389101c) C:\Windows\system32\DRIVERS\kbdclass.sys
2011/05/12 22:24:00.0797 0768 kbdhid (ed61dbc6603f612b7338283edbacbc4b) C:\Windows\system32\DRIVERS\kbdhid.sys
2011/05/12 22:24:00.0863 0768 KSecDD (0a829977b078dea11641fc2af87ceade) C:\Windows\system32\Drivers\ksecdd.sys
2011/05/12 22:24:00.0900 0768 lltdio (fd015b4f95daa2b712f0e372a116fbad) C:\Windows\system32\DRIVERS\lltdio.sys
2011/05/12 22:24:00.0954 0768 LoopBeMidi1 (de65ebd42567c33c0152e308a982b834) C:\Windows\system32\drivers\loopbe1.sys
2011/05/12 22:24:00.0981 0768 LSI_FC (a2262fb9f28935e862b4db46438c80d2) C:\Windows\system32\drivers\lsi_fc.sys
2011/05/12 22:24:01.0005 0768 LSI_SAS (30d73327d390f72a62f32c103daf1d6d) C:\Windows\system32\drivers\lsi_sas.sys
2011/05/12 22:24:01.0015 0768 LSI_SCSI (e1e36fefd45849a95f1ab81de0159fe3) C:\Windows\system32\drivers\lsi_scsi.sys
2011/05/12 22:24:01.0031 0768 luafv (42885bb44b6e065b8575a8dd6c430c52) C:\Windows\system32\drivers\luafv.sys
2011/05/12 22:24:01.0142 0768 LVcKap (fb548ff809634bfa866312b37d8a18ae) C:\Windows\system32\DRIVERS\LVcKap.sys
2011/05/12 22:24:01.0266 0768 LVMVDrv (fe3fb994f8702d9e37648927819b74b8) C:\Windows\system32\DRIVERS\LVMVDrv.sys
2011/05/12 22:24:01.0362 0768 LVPr2Mon (c7ea51f1ab10b0b2b443f4d5589fc1a5) C:\Windows\system32\DRIVERS\LVPr2Mon.sys
2011/05/12 22:24:01.0427 0768 LVUSBSta (caef4c05ba2c1acad4ebcaa4261cd55d) C:\Windows\system32\drivers\LVUSBSta.sys
2011/05/12 22:24:01.0482 0768 MarvinBus (a3e700d78eec390f1208098cdca5c6b6) C:\Windows\system32\DRIVERS\MarvinBus.sys
2011/05/12 22:24:01.0544 0768 megasas (d153b14fc6598eae8422a2037553adce) C:\Windows\system32\drivers\megasas.sys
2011/05/12 22:24:01.0569 0768 Modem (21755967298a46fb6adfec9db6012211) C:\Windows\system32\drivers\modem.sys
2011/05/12 22:24:01.0646 0768 monitor (7446e104a5fe5987ca9e4983fbac4f97) C:\Windows\system32\DRIVERS\monitor.sys
2011/05/12 22:24:01.0666 0768 mouclass (5fba13c1a1841b0885d316ed3589489d) C:\Windows\system32\DRIVERS\mouclass.sys
2011/05/12 22:24:01.0684 0768 mouhid (a3a6dff7e9e757db3df51a833bc28885) C:\Windows\system32\drivers\mouhid.sys
2011/05/12 22:24:01.0694 0768 MountMgr (01f1e5a3e4877c931cbb31613fec16a6) C:\Windows\system32\drivers\mountmgr.sys
2011/05/12 22:24:01.0737 0768 mpio (583a41f26278d9e0ea548163d6139397) C:\Windows\system32\drivers\mpio.sys
2011/05/12 22:24:01.0816 0768 mpsdrv (6e7a7f0c1193ee5648443fe2d4b789ec) C:\Windows\system32\drivers\mpsdrv.sys
2011/05/12 22:24:01.0830 0768 Mraid35x (4fbbb70d30fd20ec51f80061703b001e) C:\Windows\system32\drivers\mraid35x.sys
2011/05/12 22:24:01.0895 0768 MRxDAV (1d8828b98ee309d65e006f0829e280e5) C:\Windows\system32\drivers\mrxdav.sys
2011/05/12 22:24:01.0948 0768 mrxsmb (8af705ce1bb907932157fab821170f27) C:\Windows\system32\DRIVERS\mrxsmb.sys
2011/05/12 22:24:01.0960 0768 mrxsmb10 (47e13ab23371be3279eef22bbfa2c1be) C:\Windows\system32\DRIVERS\mrxsmb10.sys
2011/05/12 22:24:01.0988 0768 mrxsmb20 (90b3fc7bd6b3d7ee7635debba2187f66) C:\Windows\system32\DRIVERS\mrxsmb20.sys
2011/05/12 22:24:02.0037 0768 msahci (f0ec3a4e0693a34b148723b4da31668c) C:\Windows\system32\drivers\msahci.sys
2011/05/12 22:24:02.0063 0768 msdsm (3fc82a2ae4cc149165a94699183d3028) C:\Windows\system32\drivers\msdsm.sys
2011/05/12 22:24:02.0135 0768 Msfs (729eafefd4e7417165f353a18dbe947d) C:\Windows\system32\drivers\Msfs.sys
2011/05/12 22:24:02.0146 0768 msisadrv (5f454a16a5146cd91a176d70f0cfa3ec) C:\Windows\system32\drivers\msisadrv.sys
2011/05/12 22:24:02.0251 0768 MSKSSRV (892cedefa7e0ffe7be8da651b651d047) C:\Windows\system32\drivers\MSKSSRV.sys
2011/05/12 22:24:02.0275 0768 MSPCLOCK (ae2cb1da69b2676b4cee2a501af5871c) C:\Windows\system32\drivers\MSPCLOCK.sys
2011/05/12 22:24:02.0292 0768 MSPQM (f910da84fa90c44a3addb7cd874463fd) C:\Windows\system32\drivers\MSPQM.sys
2011/05/12 22:24:02.0314 0768 MsRPC (84571c0ae07647ba38d493f5f0015df7) C:\Windows\system32\drivers\MsRPC.sys
2011/05/12 22:24:02.0347 0768 mssmbios (4385c80ede885e25492d408cad91bd6f) C:\Windows\system32\DRIVERS\mssmbios.sys
2011/05/12 22:24:02.0370 0768 MSTEE (c826dd1373f38afd9ca46ec3c436a14e) C:\Windows\system32\drivers\MSTEE.sys
2011/05/12 22:24:02.0396 0768 Mup (fa7aa70050cf5e2d15de00941e5665e5) C:\Windows\system32\Drivers\mup.sys
2011/05/12 22:24:02.0410 0768 NativeWifiP (6da4a0fc7c0e83df0cb3cfd0a514c3bc) C:\Windows\system32\DRIVERS\nwifi.sys
2011/05/12 22:24:02.0494 0768 NDIS (227c11e1e7cf6ef8afb2a238d209760c) C:\Windows\system32\drivers\ndis.sys
2011/05/12 22:24:02.0556 0768 NdisTapi (81659cdcbd0f9a9e07e6878ad8c78d3f) C:\Windows\system32\DRIVERS\ndistapi.sys
2011/05/12 22:24:02.0572 0768 Ndisuio (5de5ee546bf40838ebe0e01cb629df64) C:\Windows\system32\DRIVERS\ndisuio.sys
2011/05/12 22:24:02.0603 0768 NdisWan (397402adcbb8946223a1950101f6cd94) C:\Windows\system32\DRIVERS\ndiswan.sys
2011/05/12 22:24:02.0625 0768 NDProxy (1b24fa907af283199a81b3bb37e5e526) C:\Windows\system32\drivers\NDProxy.sys
2011/05/12 22:24:02.0651 0768 NetBIOS (356dbb9f98e8dc1028dd3092fceeb877) C:\Windows\system32\DRIVERS\netbios.sys
2011/05/12 22:24:02.0698 0768 netbt (e3a168912e7eefc3bd3b814720d68b41) C:\Windows\system32\DRIVERS\netbt.sys
2011/05/12 22:24:02.0739 0768 nfrd960 (2e7fb731d4790a1bc6270accefacb36e) C:\Windows\system32\drivers\nfrd960.sys
2011/05/12 22:24:02.0767 0768 Npfs (4f9832beb9fafd8ceb0e541f1323b26e) C:\Windows\system32\drivers\Npfs.sys
2011/05/12 22:24:02.0781 0768 nsiproxy (b488dfec274de1fc9d653870ef2587be) C:\Windows\system32\drivers\nsiproxy.sys
2011/05/12 22:24:02.0861 0768 Ntfs (37430aa7a66d7a63407adc2c0d05e9f6) C:\Windows\system32\drivers\Ntfs.sys
2011/05/12 22:24:02.0899 0768 ntrigdigi (e875c093aec0c978a90f30c9e0dfbb72) C:\Windows\system32\drivers\ntrigdigi.sys
2011/05/12 22:24:02.0933 0768 Null (ec5efb3c60f1b624648344a328bce596) C:\Windows\system32\drivers\Null.sys
2011/05/12 22:24:02.0988 0768 nvraid (6f785db62a6d8f3fafd3e5695277e849) C:\Windows\system32\drivers\nvraid.sys
2011/05/12 22:24:03.0009 0768 nvstor (4a5fcab82d9bf6af8a023a66802fe9e9) C:\Windows\system32\drivers\nvstor.sys
2011/05/12 22:24:03.0020 0768 nv_agp (07c186427eb8fcc3d8d7927187f260f7) C:\Windows\system32\drivers\nv_agp.sys
2011/05/12 22:24:03.0060 0768 ohci1394 (be32da025a0be1878f0ee8d6d9386cd5) C:\Windows\system32\drivers\ohci1394.sys
2011/05/12 22:24:03.0141 0768 Parport (0fa9b5055484649d63c303fe404e5f4d) C:\Windows\system32\DRIVERS\parport.sys
2011/05/12 22:24:03.0154 0768 partmgr (555a5b2c8022983bc7467bc925b222ee) C:\Windows\system32\drivers\partmgr.sys
2011/05/12 22:24:03.0209 0768 Parvdm (4f9a6a8a31413180d0fcb279ad5d8112) C:\Windows\system32\DRIVERS\parvdm.sys
2011/05/12 22:24:03.0272 0768 pccsmcfd (175cc28dcf819f78caa3fbd44ad9e52a) C:\Windows\system32\DRIVERS\pccsmcfd.sys
2011/05/12 22:24:03.0284 0768 pci (1085d75657807e0e8b32f9e19a1647c3) C:\Windows\system32\drivers\pci.sys
2011/05/12 22:24:03.0317 0768 pciide (20b869152448f80ac49cf10264e91f5e) C:\Windows\system32\drivers\pciide.sys
2011/05/12 22:24:03.0349 0768 pcmcia (e6f3fb1b86aa519e7698ad05e58b04e5) C:\Windows\system32\drivers\pcmcia.sys
2011/05/12 22:24:03.0426 0768 PEAUTH (6349f6ed9c623b44b52ea3c63c831a92) C:\Windows\system32\drivers\peauth.sys
2011/05/12 22:24:03.0482 0768 PptpMiniport (6c359ac71d7b550a0d41f9db4563ce05) C:\Windows\system32\DRIVERS\raspptp.sys
2011/05/12 22:24:03.0519 0768 Processor (0e3cef5d28b40cf273281d620c50700a) C:\Windows\system32\drivers\processr.sys
2011/05/12 22:24:03.0582 0768 PSched (2c8bae55247c4e09352e870292e4d1ab) C:\Windows\system32\DRIVERS\pacer.sys
2011/05/12 22:24:03.0628 0768 ql2300 (ccdac889326317792480c0a67156a1ec) C:\Windows\system32\drivers\ql2300.sys
2011/05/12 22:24:03.0676 0768 ql40xx (81a7e5c076e59995d54bc1ed3a16e60b) C:\Windows\system32\drivers\ql40xx.sys
2011/05/12 22:24:03.0715 0768 QWAVEdrv (d2b3e2b7426dc23e185fbc73c8936c12) C:\Windows\system32\drivers\qwavedrv.sys
2011/05/12 22:24:03.0733 0768 RasAcd (bd7b30f55b3649506dd8b3d38f571d2a) C:\Windows\system32\DRIVERS\rasacd.sys
2011/05/12 22:24:03.0774 0768 Rasl2tp (88587dd843e2059848995b407b67f6cf) C:\Windows\system32\DRIVERS\rasl2tp.sys
2011/05/12 22:24:03.0788 0768 RasPppoe (ccf4e9c6cbbac81437f88cb2ae0b6c96) C:\Windows\system32\DRIVERS\raspppoe.sys
2011/05/12 22:24:03.0828 0768 rdbss (54129c5d9581bbec8bd1ebd3ba813f47) C:\Windows\system32\DRIVERS\rdbss.sys
2011/05/12 22:24:03.0842 0768 RDPCDD (794585276b5d7fca9f3fc15543f9f0b9) C:\Windows\system32\DRIVERS\RDPCDD.sys
2011/05/12 22:24:03.0886 0768 rdpdr (e8bd98d46f2ed77132ba927fccb47d8b) C:\Windows\system32\drivers\rdpdr.sys
2011/05/12 22:24:03.0897 0768 RDPENCDD (980b56e2e273e19d3a9d72d5c420f008) C:\Windows\system32\drivers\rdpencdd.sys
2011/05/12 22:24:03.0980 0768 RDPWD (8830e790a74a96605faba74f9665bb3c) C:\Windows\system32\drivers\RDPWD.sys
2011/05/12 22:24:04.0012 0768 rspndr (97e939d2128fec5d5a3e6e79b290a2f4) C:\Windows\system32\DRIVERS\rspndr.sys
2011/05/12 22:24:04.0088 0768 RTL8169 (a1adc7b4c074744662207da6edcdfbb0) C:\Windows\system32\DRIVERS\Rtlh86.sys
2011/05/12 22:24:04.0172 0768 SaiK8018 (d2400515259ffae22a2ea008baf161a1) C:\Windows\system32\DRIVERS\SaiK8018.sys
2011/05/12 22:24:04.0214 0768 sbp2port (3ce8f073a557e172b330109436984e30) C:\Windows\system32\drivers\sbp2port.sys
2011/05/12 22:24:04.0334 0768 ScanUSBEMPIA (f5a633609777c212ec5ff19927fc5955) C:\Windows\system32\DRIVERS\emScan.sys
2011/05/12 22:24:04.0409 0768 secdrv (90a3935d05b494a5a39d37e71f09a677) C:\Windows\system32\drivers\secdrv.sys
2011/05/12 22:24:04.0426 0768 Serenum (68e44e331d46f0fb38f0863a84cd1a31) C:\Windows\system32\DRIVERS\serenum.sys
2011/05/12 22:24:04.0451 0768 Serial (c70d69a918b178d3c3b06339b40c2e1b) C:\Windows\system32\DRIVERS\serial.sys
2011/05/12 22:24:04.0467 0768 sermouse (450accd77ec5cea720c1cdb9e26b953b) C:\Windows\system32\drivers\sermouse.sys
2011/05/12 22:24:04.0525 0768 sffdisk (103b79418da647736ee95645f305f68a) C:\Windows\system32\drivers\sffdisk.sys
2011/05/12 22:24:04.0542 0768 sffp_mmc (8fd08a310645fe872eeec6e08c6bf3ee) C:\Windows\system32\drivers\sffp_mmc.sys
2011/05/12 22:24:04.0580 0768 sffp_sd (9cfa05fcfcb7124e69cfc812b72f9614) C:\Windows\system32\drivers\sffp_sd.sys
2011/05/12 22:24:04.0610 0768 sfloppy (46ed8e91793b2e6f848015445a0ac188) C:\Windows\system32\drivers\sfloppy.sys
2011/05/12 22:24:04.0657 0768 sisagp (d2a595d6eebeeaf4334f8e50efbc9931) C:\Windows\system32\drivers\sisagp.sys
2011/05/12 22:24:04.0690 0768 SiSRaid2 (cedd6f4e7d84e9f98b34b3fe988373aa) C:\Windows\system32\drivers\sisraid2.sys
2011/05/12 22:24:04.0713 0768 SiSRaid4 (df843c528c4f69d12ce41ce462e973a7) C:\Windows\system32\drivers\sisraid4.sys
2011/05/12 22:24:04.0753 0768 Smb (ac0d90738adb51a6fd12ff00874a2162) C:\Windows\system32\DRIVERS\smb.sys
2011/05/12 22:24:04.0782 0768 spldr (426f9b029aa9162ceccf65369457d046) C:\Windows\system32\drivers\spldr.sys
2011/05/12 22:24:04.0892 0768 sptd (cdddec541bc3c96f91ecb48759673505) C:\Windows\System32\Drivers\sptd.sys
2011/05/12 22:24:04.0984 0768 srv (038579c35f7cad4a4bbf735dbf83277d) C:\Windows\system32\DRIVERS\srv.sys
2011/05/12 22:24:05.0035 0768 srv2 (6971a757af8cb5e2cbcbb76cc530db6c) C:\Windows\system32\DRIVERS\srv2.sys
2011/05/12 22:24:05.0087 0768 srvnet (9e1a4603b874eebce0298113951abefb) C:\Windows\system32\DRIVERS\srvnet.sys
2011/05/12 22:24:05.0161 0768 sscdbus (d6870895fe46a464a19141440eb6cc1e) C:\Windows\system32\DRIVERS\sscdbus.sys
2011/05/12 22:24:05.0239 0768 sscdmdfl (0fe167362e4689b716cdc8d93adedda8) C:\Windows\system32\DRIVERS\sscdmdfl.sys
2011/05/12 22:24:05.0304 0768 sscdmdm (55a15707e32b6709242ad127e62ca55a) C:\Windows\system32\DRIVERS\sscdmdm.sys
2011/05/12 22:24:05.0337 0768 StarOpen (306521935042fc0a6988d528643619b3) C:\Windows\system32\drivers\StarOpen.sys
2011/05/12 22:24:05.0372 0768 swenum (1379bdb336f8158c176a465e30759f57) C:\Windows\system32\DRIVERS\swenum.sys
2011/05/12 22:24:05.0405 0768 Symc8xx (192aa3ac01df071b541094f251deed10) C:\Windows\system32\drivers\symc8xx.sys
2011/05/12 22:24:05.0436 0768 Sym_hi (8c8eb8c76736ebaf3b13b633b2e64125) C:\Windows\system32\drivers\sym_hi.sys
2011/05/12 22:24:05.0459 0768 Sym_u3 (8072af52b5fd103bbba387a1e49f62cb) C:\Windows\system32\drivers\sym_u3.sys
2011/05/12 22:24:05.0639 0768 Tcpip (4a82fa8f0df67aa354580c3faaf8bde3) C:\Windows\system32\drivers\tcpip.sys
2011/05/12 22:24:05.0659 0768 Tcpip6 (4a82fa8f0df67aa354580c3faaf8bde3) C:\Windows\system32\DRIVERS\tcpip.sys
2011/05/12 22:24:05.0692 0768 tcpipreg (5ce0c4a7b12d0067dad527d72b68c726) C:\Windows\system32\drivers\tcpipreg.sys
2011/05/12 22:24:05.0724 0768 TDPIPE (964248aef49c31fa6a93201a73ffaf50) C:\Windows\system32\drivers\tdpipe.sys
2011/05/12 22:24:05.0863 0768 TDTCP (7d2c1ae1648a60fce4aa0f7982e419d3) C:\Windows\system32\drivers\tdtcp.sys
2011/05/12 22:24:05.0935 0768 tdx (ab4fde8af4a0270a46a001c08cbce1c2) C:\Windows\system32\DRIVERS\tdx.sys
2011/05/12 22:24:05.0970 0768 TermDD (2c549bd9dd091fbfaa0a2a48e82ec2fb) C:\Windows\system32\DRIVERS\termdd.sys
2011/05/12 22:24:06.0023 0768 tssecsrv (29f0eca726f0d51f7e048bdb0b372f29) C:\Windows\system32\DRIVERS\tssecsrv.sys
2011/05/12 22:24:06.0065 0768 tunmp (65e953bc0084d44498b51f59784d2a82) C:\Windows\system32\DRIVERS\tunmp.sys
2011/05/12 22:24:07.0318 0768 tunnel (4a39bda5e0fd30bdf4884f9d33ae6105) C:\Windows\system32\DRIVERS\tunnel.sys
2011/05/12 22:24:07.0394 0768 uagp35 (c3ade15414120033a36c0f293d4a4121) C:\Windows\system32\drivers\uagp35.sys
2011/05/12 22:24:07.0513 0768 udfs (6348da98707ceda8a0dfb05820e17732) C:\Windows\system32\DRIVERS\udfs.sys
2011/05/12 22:24:07.0573 0768 uliagpkx (75e6890ebfce0841d3291b02e7a8bdb0) C:\Windows\system32\drivers\uliagpkx.sys
2011/05/12 22:24:07.0594 0768 uliahci (3cd4ea35a6221b85dcc25daa46313f8d) C:\Windows\system32\drivers\uliahci.sys
2011/05/12 22:24:07.0637 0768 UlSata (8514d0e5cd0534467c5fc61be94a569f) C:\Windows\system32\drivers\ulsata.sys
2011/05/12 22:24:07.0669 0768 ulsata2 (38c3c6e62b157a6bc46594fada45c62b) C:\Windows\system32\drivers\ulsata2.sys
2011/05/12 22:24:07.0705 0768 umbus (3fb78f1d1dd86d87bececd9dffa24dd9) C:\Windows\system32\DRIVERS\umbus.sys
2011/05/12 22:24:07.0774 0768 UMPass (08ea9c0247f391af4d4a16885a1c159d) C:\Windows\system32\DRIVERS\umpass.sys
2011/05/12 22:24:07.0881 0768 USBAAPL (d4fb6ecc60a428564ba8768b0e23c0fc) C:\Windows\system32\Drivers\usbaapl.sys
2011/05/12 22:24:07.0924 0768 usbaudio (f6bf998ae33e3fb6c7d27f0560f1173f) C:\Windows\system32\drivers\usbaudio.sys
2011/05/12 22:24:07.0960 0768 usbccgp (8bd3ae150d97ba4e633c6c5c51b41ae1) C:\Windows\system32\DRIVERS\usbccgp.sys
2011/05/12 22:24:07.0979 0768 usbcir (e9476e6c486e76bc4898074768fb7131) C:\Windows\system32\drivers\usbcir.sys
2011/05/12 22:24:08.0018 0768 usbehci (63fe924d8a1113c3ba6750693fbec7d3) C:\Windows\system32\DRIVERS\usbehci.sys
2011/05/12 22:24:08.0041 0768 usbhub (5edec5510592c905e91817707dce62a2) C:\Windows\system32\DRIVERS\usbhub.sys
2011/05/12 22:24:08.0111 0768 usbohci (38dbc7dd6cc5a72011f187425384388b) C:\Windows\system32\drivers\usbohci.sys
2011/05/12 22:24:08.0180 0768 usbprint (b51e52acf758be00ef3a58ea452fe360) C:\Windows\system32\drivers\usbprint.sys
2011/05/12 22:24:08.0268 0768 USBSTOR (7887ce56934e7f104e98c975f47353c5) C:\Windows\system32\DRIVERS\USBSTOR.SYS
2011/05/12 22:24:08.0278 0768 usbuhci (325dbbacb8a36af9988ccf40eac228cc) C:\Windows\system32\DRIVERS\usbuhci.sys
2011/05/12 22:24:08.0339 0768 vga (7d92be0028ecdedec74617009084b5ef) C:\Windows\system32\DRIVERS\vgapnp.sys
2011/05/12 22:24:08.0351 0768 VgaSave (17a8f877314e4067f8c8172cc6d9101c) C:\Windows\System32\drivers\vga.sys
2011/05/12 22:24:08.0407 0768 viaagp (045d9961e591cf0674a920b6ba3ba5cb) C:\Windows\system32\drivers\viaagp.sys
2011/05/12 22:24:08.0430 0768 ViaC7 (56a4de5f02f2e88182b0981119b4dd98) C:\Windows\system32\drivers\viac7.sys
2011/05/12 22:24:08.0491 0768 viaide (58c8d5ac5c3eef40e7e704a5ced7987d) C:\Windows\system32\drivers\viaide.sys
2011/05/12 22:24:08.0535 0768 volmgr (103e84c95832d0ed93507997cc7b54e8) C:\Windows\system32\drivers\volmgr.sys
2011/05/12 22:24:08.0557 0768 volmgrx (294da8d3f965f6a8db934a83c7b461ff) C:\Windows\system32\drivers\volmgrx.sys
2011/05/12 22:24:08.0570 0768 volsnap (80dc0c9bcb579ed9815001a4d37cbfd5) C:\Windows\system32\drivers\volsnap.sys
2011/05/12 22:24:08.0596 0768 vsmraid (d984439746d42b30fc65a4c3546c6829) C:\Windows\system32\drivers\vsmraid.sys
2011/05/12 22:24:08.0658 0768 WacomPen (48dfee8f1af7c8235d4e626f0c4fe031) C:\Windows\system32\drivers\wacompen.sys
2011/05/12 22:24:08.0688 0768 Wanarp (6798c1209a53b5a0ded8d437c45145ff) C:\Windows\system32\DRIVERS\wanarp.sys
2011/05/12 22:24:08.0697 0768 Wanarpv6 (6798c1209a53b5a0ded8d437c45145ff) C:\Windows\system32\DRIVERS\wanarp.sys
2011/05/12 22:24:08.0732 0768 Wd (afc5ad65b991c1e205cf25cfdbf7a6f4) C:\Windows\system32\drivers\wd.sys
2011/05/12 22:24:08.0772 0768 Wdf01000 (9950e3d0f08141c7e89e64456ae7dc73) C:\Windows\system32\drivers\Wdf01000.sys
2011/05/12 22:24:08.0860 0768 WinUSB (086d2e78eecd6195667282adc6ca109f) C:\Windows\system32\DRIVERS\WinUSB.sys
2011/05/12 22:24:08.0896 0768 WmiAcpi (701a9f884a294327e9141d73746ee279) C:\Windows\system32\drivers\wmiacpi.sys
2011/05/12 22:24:08.0961 0768 WpdUsb (2d27171b16a577ef14c1273668753485) C:\Windows\system32\DRIVERS\wpdusb.sys
2011/05/12 22:24:09.0026 0768 ws2ifsl (84620aecdcfd2a7a14e6263927d8c0ed) C:\Windows\system32\drivers\ws2ifsl.sys
2011/05/12 22:24:09.0122 0768 WudfPf (6f9b6c0c93232cff47d0f72d6db1d21e) C:\Windows\system32\drivers\WudfPf.sys
2011/05/12 22:24:09.0180 0768 WUDFRd (f91ff1e51fca30b3c3981db7d5924252) C:\Windows\system32\DRIVERS\WUDFRd.sys
2011/05/12 22:24:09.0223 0768 xusb21 (a640c90b007762939507c28a021be3b3) C:\Windows\system32\DRIVERS\xusb21.sys
2011/05/12 22:24:09.0246 0768 \HardDisk0 - detected Rootkit.Win32.TDSS.tdl4 (0)
2011/05/12 22:24:09.0257 0768 \HardDisk1 - detected Trojan-Clicker.Win32.Wistler.a (0)
2011/05/12 22:24:09.0260 0768 ================================================================================
2011/05/12 22:24:09.0260 0768 Scan finished
2011/05/12 22:24:09.0260 0768 ================================================================================
2011/05/12 22:24:09.0269 5016 Detected object count: 2
2011/05/12 22:24:50.0992 5016 \HardDisk0 (Rootkit.Win32.TDSS.tdl4) - will be cured after reboot
2011/05/12 22:24:51.0017 5016 \HardDisk0 (Trojan-Clicker.Win32.Wistler.a) - will be cured after reboot
2011/05/12 22:24:51.0017 5016 \HardDisk0 - ok
2011/05/12 22:24:51.0018 5016 Rootkit.Win32.TDSS.tdl4(\HardDisk0) - User select action: Cure
2011/05/12 22:24:51.0021 5016 \HardDisk1 - processing error
2011/05/12 22:25:00.0712 5016 \HardDisk1 - will be restored after reboot
2011/05/12 22:25:00.0712 5016 Trojan-Clicker.Win32.Wistler.a(\HardDisk1) - User select action: Cure Restore
2011/05/12 22:25:26.0102 4996 Deinitialize success


OTL.txt

OTL logfile created on: 5/12/2011 10:33:17 PM - Run 1
OTL by OldTimer - Version 3.2.22.3 Folder = C:\Users\Mazzocchi\Desktop
Windows Vista Home Premium Edition (Version = 6.0.6000) - Type = NTWorkstation
Internet Explorer (Version = 7.0.6000.16982)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

3.00 Gb Total Physical Memory | 2.00 Gb Available Physical Memory | 55.00% Memory free
7.00 Gb Paging File | 5.00 Gb Available in Paging File | 80.00% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 931.51 Gb Total Space | 487.00 Gb Free Space | 52.28% Space Free | Partition Type: NTFS
Drive D: | 465.76 Gb Total Space | 144.35 Gb Free Space | 30.99% Space Free | Partition Type: NTFS

Computer Name: MAZZOCCHI-PC | User Name: Mazzocchi | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2011/05/12 22:32:16 | 000,580,608 | ---- | M] (OldTimer Tools) -- C:\Users\Mazzocchi\Desktop\OTL.exe
PRC - [2011/05/10 08:10:58 | 003,459,712 | ---- | M] (AVAST Software) -- C:\Program Files\Alwil Software\Avast5\AvastUI.exe
PRC - [2011/05/10 08:10:57 | 000,042,184 | ---- | M] (AVAST Software) -- C:\Program Files\Alwil Software\Avast5\AvastSvc.exe
PRC - [2011/05/05 16:05:16 | 000,924,632 | ---- | M] (Mozilla Corporation) -- C:\Program Files\Mozilla Firefox\firefox.exe
PRC - [2011/04/08 13:46:30 | 000,061,864 | ---- | M] () -- C:\Program Files\Raptr\Raptr.exe
PRC - [2011/04/08 13:46:30 | 000,043,944 | ---- | M] () -- C:\Program Files\Raptr\raptr_im.exe
PRC - [2011/04/01 16:07:44 | 000,572,328 | ---- | M] (Raptr Inc.) -- C:\Program Files\Raptr\raptr_ep32.exe
PRC - [2010/11/17 11:54:16 | 001,242,448 | ---- | M] (Valve Corporation) -- C:\Program Files\Steam\steam.exe
PRC - [2010/09/24 13:19:08 | 006,351,600 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Zune\ZuneNss.exe
PRC - [2010/09/24 13:19:08 | 000,159,472 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Zune\ZuneLauncher.exe
PRC - [2010/09/03 02:45:02 | 000,255,536 | ---- | M] (McAfee, Inc.) -- C:\Program Files\McAfee Security Scan\2.1.121\SSScheduler.exe
PRC - [2010/09/01 02:39:18 | 001,164,584 | ---- | M] () -- C:\Program Files\DivX\DivX Update\DivXUpdate.exe
PRC - [2010/02/26 01:10:20 | 021,979,992 | ---- | M] () -- C:\Users\Mazzocchi\AppData\Roaming\Dropbox\bin\Dropbox.exe
PRC - [2009/11/08 16:44:43 | 002,923,520 | ---- | M] (Microsoft Corporation) -- C:\Windows\explorer.exe
PRC - [2009/11/01 07:47:00 | 000,119,296 | ---- | M] () -- C:\Program Files\Rainmeter\Rainmeter.exe
PRC - [2009/01/26 16:31:16 | 002,144,088 | RHS- | M] (Safer Networking Limited) -- C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe


========== Modules (SafeList) ==========

MOD - [2011/05/12 22:32:16 | 000,580,608 | ---- | M] (OldTimer Tools) -- C:\Users\Mazzocchi\Desktop\OTL.exe
MOD - [2011/05/10 08:10:55 | 000,199,792 | ---- | M] (AVAST Software) -- C:\Program Files\Alwil Software\Avast5\snxhk.dll
MOD - [2011/04/01 16:07:42 | 000,576,936 | ---- | M] (Raptr Inc.) -- C:\Program Files\Raptr\ltc_help32-48855.dll
MOD - [2006/11/02 05:38:57 | 001,648,128 | ---- | M] (Microsoft Corporation) -- C:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.6000.16386_none_5d07289e07e1d100\comctl32.dll


========== Win32 Services (SafeList) ==========

SRV - File not found [Auto | Stopped] -- -- (Norton Internet Security)
SRV - [2011/05/10 08:10:57 | 000,042,184 | ---- | M] (AVAST Software) [Auto | Running] -- C:\Program Files\Alwil Software\Avast5\AvastSvc.exe -- (avast! Antivirus)
SRV - [2011/04/26 02:52:35 | 000,403,240 | ---- | M] (Valve Corporation) [On_Demand | Stopped] -- C:\Program Files\Common Files\Steam\SteamService.exe -- (Steam Client Service)
SRV - [2010/09/24 13:19:16 | 000,444,656 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\ZuneWlanCfgSvc.exe -- (ZuneWlanCfgSvc)
SRV - [2010/09/24 13:19:16 | 000,268,528 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Zune\WMZuneComm.exe -- (WMZuneComm)
SRV - [2010/09/24 13:19:08 | 006,351,600 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Zune\ZuneNss.exe -- (ZuneNetworkSvc)
SRV - [2010/09/03 02:45:02 | 000,227,232 | ---- | M] (McAfee, Inc.) [On_Demand | Stopped] -- C:\Program Files\McAfee Security Scan\2.1.121\McCHSvc.exe -- (McComponentHostService)
SRV - [2010/03/29 08:53:22 | 000,068,000 | ---- | M] (NOS Microsystems Ltd.) [On_Demand | Stopped] -- C:\Program Files\NOS\bin\getPlus_Helper.dll -- (getPlusHelper) getPlus®
SRV - [2010/03/03 00:11:58 | 000,172,032 | ---- | M] (AMD) [Disabled | Stopped] -- C:\Windows\System32\atiesrxx.exe -- (AMD External Events Utility)
SRV - [2009/12/13 19:02:01 | 000,655,624 | ---- | M] (Acresso Software Inc.) [Disabled | Stopped] -- C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe -- (FLEXnet Licensing Service)
SRV - [2009/03/02 15:06:16 | 000,068,136 | ---- | M] () [Disabled | Stopped] -- C:\Program Files\Gigabyte\EasySaver\ESSVR.EXE -- (ES lite Service)
SRV - [2009/02/19 09:34:32 | 000,233,472 | ---- | M] (Teruten) [Disabled | Stopped] -- C:\Windows\System32\FsUsbExService.Exe -- (FsUsbExService)
SRV - [2008/04/07 10:17:30 | 000,430,592 | ---- | M] (Nokia.) [Disabled | Stopped] -- C:\Program Files\PC Connectivity Solution\ServiceLayer.exe -- (ServiceLayer)
SRV - [2007/07/20 00:42:30 | 000,141,848 | ---- | M] (Logitech Inc.) [Disabled | Stopped] -- C:\Program Files\Common Files\logishrd\SrvLnch\SrvLnch.exe -- (LVSrvLauncher)
SRV - [2007/07/20 00:40:48 | 000,137,752 | ---- | M] (Logitech Inc.) [Disabled | Stopped] -- C:\Program Files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe -- (LVPrcSrv)
SRV - [2007/07/20 00:38:54 | 000,186,904 | ---- | M] (Logitech Inc.) [Disabled | Stopped] -- C:\Program Files\Common Files\LogiShrd\LVCOMSER\LVComSer.exe -- (LVCOMSer)


========== Driver Services (SafeList) ==========

DRV - [2011/05/10 08:03:54 | 000,441,176 | ---- | M] (AVAST Software) [File_System | System | Running] -- C:\Windows\System32\drivers\aswSnx.sys -- (aswSnx)
DRV - [2011/05/10 08:03:44 | 000,307,928 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\Windows\System32\drivers\aswSP.sys -- (aswSP)
DRV - [2011/05/10 08:02:37 | 000,049,240 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\Windows\System32\drivers\aswTdi.sys -- (aswTdi)
DRV - [2011/05/10 07:59:56 | 000,025,432 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\Windows\System32\drivers\aswRdr.sys -- (aswRdr)
DRV - [2011/05/10 07:59:44 | 000,053,592 | ---- | M] (AVAST Software) [File_System | Auto | Running] -- C:\Windows\System32\drivers\aswMonFlt.sys -- (aswMonFlt)
DRV - [2011/05/10 07:59:35 | 000,019,544 | ---- | M] (AVAST Software) [File_System | Auto | Running] -- C:\Windows\System32\drivers\aswFsBlk.sys -- (aswFsBlk)
DRV - [2010/07/20 02:42:56 | 000,017,488 | ---- | M] (Windows ® 2000 DDK provider) [Kernel | On_Demand | Stopped] -- C:\Windows\gdrv.sys -- (gdrv)
DRV - [2010/03/03 00:22:26 | 005,340,160 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\atipmdag.sys -- (amdkmdag)
DRV - [2010/03/02 23:07:16 | 000,152,064 | ---- | M] (Advanced Micro Devices, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\atikmpag.sys -- (amdkmdap)
DRV - [2009/11/09 01:38:08 | 000,005,632 | ---- | M] () [File_System | System | Running] -- C:\Windows\System32\drivers\StarOpen.sys -- (StarOpen)
DRV - [2009/11/08 01:17:39 | 000,691,696 | ---- | M] (Duplex Secure Ltd.) [Kernel | Disabled | Stopped] -- C:\Windows\System32\Drivers\sptd.sys -- (sptd)
DRV - [2009/09/02 04:09:24 | 000,176,128 | ---- | M] (Realtek ) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\Rtlh86.sys -- (RTL8169)
DRV - [2009/02/19 09:34:30 | 000,036,608 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\Windows\System32\FsUsbExDisk.Sys -- (FsUsbExDisk)
DRV - [2008/12/04 14:25:38 | 000,112,640 | ---- | M] (Intel® Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\IntcHdmi.sys -- (IntcHdmiAddService) Intel®
DRV - [2008/07/29 15:04:10 | 000,106,496 | ---- | M] (Saitek) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\SaiK8018.sys -- (SaiK8018)
DRV - [2008/01/27 13:29:36 | 000,010,880 | ---- | M] (nerds.de) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\loopbe1.sys -- (LoopBeMidi1) nerds.de LoopBe1 - Internal Midi Port SvcDesc(WDM)
DRV - [2007/09/17 16:53:26 | 000,021,632 | ---- | M] (Nokia) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\pccsmcfd.sys -- (pccsmcfd)
DRV - [2007/07/20 00:39:50 | 002,142,488 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\LVMVdrv.sys -- (LVMVDrv)
DRV - [2007/07/20 00:37:56 | 002,109,592 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\Lvckap.sys -- (LVcKap)
DRV - [2007/07/18 20:44:00 | 000,041,752 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\LVUSBSta.sys -- (LVUSBSta)
DRV - [2007/07/18 17:42:42 | 000,025,624 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\LVPr2Mon.sys -- (LVPr2Mon)
DRV - [2007/07/03 16:58:20 | 000,106,792 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\sscdmdm.sys -- (sscdmdm)
DRV - [2007/07/03 16:57:24 | 000,011,944 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\sscdmdfl.sys -- (sscdmdfl)
DRV - [2007/07/03 16:54:24 | 000,080,552 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\sscdbus.sys -- (sscdbus) SAMSUNG USB Composite Device driver (WDM)
DRV - [2007/02/03 11:25:56 | 001,075,360 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\Camdrl.sys -- (CamDrL) Logitech QuickCam Pro 3000(CamDrl)
DRV - [2006/12/12 12:16:06 | 000,022,528 | ---- | M] (Pinnacle Systems GmbH) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\emAudio.sys -- (emAudio)
DRV - [2006/11/02 04:55:05 | 000,031,616 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\winusb.sys -- (WinUSB)
DRV - [2005/12/21 10:14:52 | 000,100,957 | ---- | M] (eMPIA Technology, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\emDevice.sys -- (DCamUSBEMPIA)
DRV - [2005/12/21 10:14:52 | 000,005,245 | ---- | M] (eMPIA Technology, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\emFilter.sys -- (FiltUSBEMPIA)
DRV - [2005/12/21 10:14:52 | 000,004,493 | ---- | M] (eMPIA Technology, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\emScan.sys -- (ScanUSBEMPIA)
DRV - [2005/09/24 00:18:32 | 000,171,520 | ---- | M] (Pinnacle Systems GmbH) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\MarvinBus.sys -- (MarvinBus)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm


IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 1
IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = <local>
IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyServer" = http=127.0.0.1:18810

IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 1
IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = <local>
IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyServer" = http=127.0.0.1:18810



IE - HKU\S-1-5-21-2424540610-1425839361-1836360759-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = about:blank
IE - HKU\S-1-5-21-2424540610-1425839361-1836360759-1000\..\URLSearchHook: {0063BF63-BFFF-4B8F-9D26-4267DF7F17DD} - C:\Windows\System32\dvmurl.dll (DeviceVM Inc.)
IE - HKU\S-1-5-21-2424540610-1425839361-1836360759-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-21-2424540610-1425839361-1836360759-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = <local>;*.local

========== FireFox ==========

FF - prefs.js..browser.search.selectedEngine: "Wikipedia (en)"
FF - prefs.js..extensions.enabledItems: {E2883E8F-472F-4fb0-9522-AC9BF37916A7}:1.6.2.63
FF - prefs.js..extensions.enabledItems: {AB2CE124-6272-4b12-94A9-7303C7397BD1}:4.2.0.5198
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA}:6.0.24
FF - prefs.js..extensions.enabledItems: {d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}:1.3.6
FF - prefs.js..network.proxy.backup.ftp: ""
FF - prefs.js..network.proxy.backup.ftp_port: 0
FF - prefs.js..network.proxy.backup.gopher: ""
FF - prefs.js..network.proxy.backup.gopher_port: 0
FF - prefs.js..network.proxy.backup.socks: ""
FF - prefs.js..network.proxy.backup.socks_port: 0
FF - prefs.js..network.proxy.backup.ssl: ""
FF - prefs.js..network.proxy.backup.ssl_port: 0
FF - prefs.js..network.proxy.ftp: "195.175.37.6"
FF - prefs.js..network.proxy.ftp_port: 8080
FF - prefs.js..network.proxy.gopher: "195.175.37.6"
FF - prefs.js..network.proxy.gopher_port: 8080
FF - prefs.js..network.proxy.http: "195.175.37.6"
FF - prefs.js..network.proxy.http_port: 8080
FF - prefs.js..network.proxy.share_proxy_settings: true
FF - prefs.js..network.proxy.socks: "195.175.37.6"
FF - prefs.js..network.proxy.socks_port: 8080
FF - prefs.js..network.proxy.ssl: "195.175.37.6"
FF - prefs.js..network.proxy.ssl_port: 8080

FF - HKLM\software\mozilla\Mozilla Firefox 4.0.1\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2011/05/05 16:05:20 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 4.0.1\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2011/05/05 16:05:20 | 000,000,000 | ---D | M]

[2009/11/10 03:32:26 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Mazzocchi\AppData\Roaming\Mozilla\Extensions
[2009/11/09 06:48:22 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Mazzocchi\AppData\Roaming\Mozilla\Extensions\mozswing@mozswing.org
[2011/05/05 15:34:57 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Mazzocchi\AppData\Roaming\Mozilla\Firefox\Profiles\zmchlnj9.default\extensions
[2010/04/30 13:38:19 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Users\Mazzocchi\AppData\Roaming\Mozilla\Firefox\Profiles\zmchlnj9.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}
[2011/05/04 03:09:25 | 000,000,000 | ---D | M] (Adblock Plus) -- C:\Users\Mazzocchi\AppData\Roaming\Mozilla\Firefox\Profiles\zmchlnj9.default\extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}
[2010/06/23 16:59:31 | 000,000,000 | ---D | M] (Adobe DLM (powered by getPlus®)) -- C:\Users\Mazzocchi\AppData\Roaming\Mozilla\Firefox\Profiles\zmchlnj9.default\extensions\{E2883E8F-472F-4fb0-9522-AC9BF37916A7}
[2011/05/05 15:34:57 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions
[2010/08/18 00:49:16 | 000,000,000 | ---D | M] (Skype extension for Firefox) -- C:\Program Files\Mozilla Firefox\extensions\{AB2CE124-6272-4b12-94A9-7303C7397BD1}
[2011/03/25 03:01:28 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA}
File not found (No name found) --
[2011/05/05 16:05:15 | 000,142,296 | ---- | M] (Mozilla Foundation) -- C:\Program Files\Mozilla Firefox\components\browsercomps.dll
[2011/02/02 21:40:24 | 000,472,808 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\Mozilla Firefox\plugins\npdeployJava1.dll
[2010/03/30 12:57:04 | 000,098,304 | ---- | M] (NHN USA Inc.) -- C:\Program Files\Mozilla Firefox\plugins\npijjiautoinstallpluginff.dll
[2011/05/05 16:05:17 | 000,002,252 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\bing.xml

Hosts file not found
O2 - BHO: (Spybot-S&D IE Protection) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
O2 - BHO: (Skype add-on for Internet Explorer) - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O4 - HKLM..\Run: [avast5] C:\Program Files\Alwil Software\Avast5\AvastUI.exe (AVAST Software)
O4 - HKLM..\Run: [DivXUpdate] C:\Program Files\DivX\DivX Update\DivXUpdate.exe ()
O4 - HKLM..\Run: [MSConfig] C:\Windows\System32\msconfig.exe (Microsoft Corporation)
O4 - HKLM..\Run: [NPSStartup] File not found
O4 - HKLM..\Run: [Zune Launcher] C:\Program Files\Zune\ZuneLauncher.exe (Microsoft Corporation)
O4 - HKU\.DEFAULT..\Run: [tfeqgccb] File not found
O4 - HKU\S-1-5-18..\Run: [tfeqgccb] File not found
O4 - HKU\S-1-5-19..\Run: [WindowsWelcomeCenter] C:\Windows\System32\oobefldr.dll (Microsoft Corporation)
O4 - HKU\S-1-5-20..\Run: [WindowsWelcomeCenter] C:\Windows\System32\oobefldr.dll (Microsoft Corporation)
O4 - HKU\S-1-5-21-2424540610-1425839361-1836360759-1000..\Run: [AdobeBridge] File not found
O4 - HKU\S-1-5-21-2424540610-1425839361-1836360759-1000..\Run: [Raptr] C:\Program Files\Raptr\RaptrStub.exe ()
O4 - HKU\S-1-5-21-2424540610-1425839361-1836360759-1000..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe (Safer Networking Limited)
O4 - HKU\S-1-5-21-2424540610-1425839361-1836360759-1000..\Run: [Steam] c:\program files\steam\steam.exe (Valve Corporation)
O4 - HKU\.DEFAULT..\RunOnce: [FlashPlayerUpdate] C:\Windows\System32\Macromed\Flash\FlashUtil9f.exe (Adobe Systems, Inc.)
O4 - HKU\S-1-5-18..\RunOnce: [FlashPlayerUpdate] C:\Windows\System32\Macromed\Flash\FlashUtil9f.exe (Adobe Systems, Inc.)
O4 - Startup: C:\Users\Mazzocchi\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk = C:\Users\Mazzocchi\AppData\Roaming\Dropbox\bin\Dropbox.exe ()
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLUA = 0
O7 - HKU\S-1-5-21-2424540610-1425839361-1836360759-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HideSCAHealth = 1
O9 - Extra Button: Skype add-on for Internet Explorer - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O9 - Extra 'Tools' menuitem : Skype add-on for Internet Explorer - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O9 - Extra Button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM95\aim.exe (America Online, Inc.)
O9 - Extra 'Tools' menuitem : Spybot - Search && Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000007 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O13 - gopher Prefix: missing
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cab (Java Plug-in 1.6.0_24)
O16 - DPF: {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cab (Java Plug-in 1.6.0_24)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cab (Java Plug-in 1.6.0_24)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O18 - Protocol\Handler\skype-ie-addon-data {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O21 - SSODL: IconPackager Repair - {1799460C-0BC8-4865-B9DF-4A36CD703FF0} - C:\Program Files\Stardock\Object Desktop\IconPackager\iprepair.dll (Stardock.net, Inc)
O24 - Desktop WallPaper: C:\Users\Mazzocchi\AppData\Roaming\Microsoft\Windows Photo Gallery\Windows Photo Gallery Wallpaper.jpg
O24 - Desktop BackupWallPaper: C:\Users\Mazzocchi\AppData\Roaming\Microsoft\Windows Photo Gallery\Windows Photo Gallery Wallpaper.jpg
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2006/09/18 17:43:36 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O33 - MountPoints2\{21db1025-16e5-11e0-bffb-00241d8d5cfc}\Shell - "" = AutoRun
O33 - MountPoints2\{21db1025-16e5-11e0-bffb-00241d8d5cfc}\Shell\AutoRun\command - "" = L:\LaunchU3.exe -a
O33 - MountPoints2\{2237c516-cc26-11de-9ffd-00241d8d5cfc}\Shell - "" = AutoRun
O33 - MountPoints2\{2237c516-cc26-11de-9ffd-00241d8d5cfc}\Shell\AutoRun\command - "" = K:\Autorun.exe
O33 - MountPoints2\{35fb614e-0521-11df-b87b-00241d8d5cfc}\Shell - "" = AutoRun
O33 - MountPoints2\{35fb614e-0521-11df-b87b-00241d8d5cfc}\Shell\AutoRun\command - "" = L:\MI.exe
O33 - MountPoints2\L\Shell - "" = AutoRun
O33 - MountPoints2\L\Shell\AutoRun\command - "" = L:\LaunchU3.exe -a
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O35 - HKU\S-1-5-21-2424540610-1425839361-1836360759-1000..exefile [open] -- "%1" %*
O36 - AppCertDlls: AtBrfrag - (C:\Windows\system32\choirver.dll) - File not found
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKU\S-1-5-21-2424540610-1425839361-1836360759-1000\...exe [@ = exefile] -- "%1" %*

========== Files/Folders - Created Within 30 Days ==========

[2011/05/12 22:32:13 | 000,580,608 | ---- | C] (OldTimer Tools) -- C:\Users\Mazzocchi\Desktop\OTL.exe
[2011/05/12 22:22:57 | 001,407,280 | ---- | C] (Kaspersky Lab ZAO) -- C:\Users\Mazzocchi\Desktop\TDSSKiller.exe
[2011/05/11 03:13:11 | 000,000,000 | ---D | C] -- C:\Users\Mazzocchi\Desktop\Turtleneck & Chain
[2011/05/10 18:55:36 | 000,441,176 | ---- | C] (AVAST Software) -- C:\Windows\System32\drivers\aswSnx.sys
[2011/05/10 18:55:32 | 000,040,112 | ---- | C] (AVAST Software) -- C:\Windows\avastSS.scr
[2011/05/05 15:54:48 | 026,595,896 | ---- | C] (Google Inc.) -- C:\Users\Mazzocchi\Desktop\chrome_installer_10.0.648.151.exe
[2011/05/01 01:06:42 | 000,000,000 | ---D | C] -- C:\Users\Mazzocchi\Desktop\New Folder (4)
[2011/04/30 16:00:18 | 000,000,000 | ---D | C] -- C:\Users\Mazzocchi\Desktop\Placeholder
[2011/04/30 02:25:52 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Magma
[2011/04/26 03:28:56 | 000,568,672 | ---- | C] (Google Inc.) -- C:\Users\Mazzocchi\Desktop\ChromeSetup.exe
[2011/04/26 03:20:07 | 000,000,000 | ---D | C] -- C:\Users\Mazzocchi\Desktop\New Folder (2)
[2011/04/25 22:23:18 | 000,000,000 | ---D | C] -- C:\Users\Mazzocchi\AppData\Roaming\Malwarebytes
[2011/04/25 22:23:03 | 000,038,224 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbamswissarmy.sys
[2011/04/25 22:23:03 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware
[2011/04/25 22:23:03 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes
[2011/04/25 22:22:58 | 000,020,952 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbam.sys
[2011/04/25 22:22:58 | 000,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware
[2011/04/25 22:17:39 | 000,000,000 | ---D | C] -- C:\Users\Mazzocchi\AppData\Roaming\U3
[2011/04/25 17:34:52 | 000,000,000 | ---D | C] -- C:\Users\Mazzocchi\AppData\Roaming\Ulbiet
[2011/04/25 17:34:52 | 000,000,000 | ---D | C] -- C:\Users\Mazzocchi\AppData\Roaming\Ixwiq
[2011/04/25 12:57:29 | 000,000,000 | ---D | C] -- C:\age
[2011/04/25 12:46:59 | 000,000,000 | -H-D | C] -- C:\ProgramData\{B98A2B83-8BB0-42E7-AA1D-D6FA6E7C8F31}
[2011/04/25 12:46:50 | 000,000,000 | ---D | C] -- C:\Users\Public\Documents\Stardock
[2011/04/25 12:46:50 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Stardock
[2011/04/25 12:46:49 | 000,000,000 | ---D | C] -- C:\Program Files\Stardock
[2011/04/18 20:42:06 | 000,000,000 | ---D | C] -- C:\Program Files\PuTTY
[2011/04/18 19:20:39 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\iTunes
[2011/04/18 19:19:58 | 000,000,000 | ---D | C] -- C:\Program Files\iPod
[2011/04/18 19:17:53 | 000,000,000 | ---D | C] -- C:\Program Files\Bonjour
[2011/04/18 17:18:46 | 000,000,000 | ---D | C] -- C:\Users\Mazzocchi\Desktop\ICON Photos
[2011/04/14 22:25:44 | 000,306,688 | ---- | C] (InstallShield Software Corporation) -- C:\Windows\IsUninst.exe
[2011/04/14 05:39:39 | 000,000,000 | ---D | C] -- C:\Users\Mazzocchi\Desktop\Sonic_the_Hedgehog_-_The_Sound_of_Speed_(MP3_Only)
[2011/04/14 05:17:48 | 000,000,000 | ---D | C] -- C:\hegames
[2011/04/13 00:44:07 | 000,000,000 | ---D | C] -- C:\Users\Mazzocchi\AppData\Local\The Wonderful End of the World
[2011/04/13 00:40:15 | 000,000,000 | ---D | C] -- C:\Users\Mazzocchi\AppData\Local\Two Tribes
[2011/04/13 00:33:25 | 000,000,000 | ---D | C] -- C:\Users\Mazzocchi\AppData\Local\Bit.Trip Beat
[2011/04/13 00:25:55 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft.NET
[2011/04/13 00:24:10 | 000,295,264 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\PresentationHost.exe
[2011/04/13 00:24:10 | 000,099,176 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\PresentationHostProxy.dll
[2011/04/13 00:24:10 | 000,049,472 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\netfxperf.dll
[2011/04/13 00:22:47 | 000,444,952 | ---- | C] (Creative Labs) -- C:\Windows\System32\wrap_oal.dll
[2011/04/13 00:22:47 | 000,109,080 | ---- | C] (Portions © Creative Labs Inc. and NVIDIA Corp.) -- C:\Windows\System32\OpenAL32.dll
[2011/04/13 00:22:47 | 000,000,000 | ---D | C] -- C:\Program Files\OpenAL
[2011/04/13 00:22:46 | 000,527,192 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\XAudio2_7.dll
[2011/04/13 00:22:46 | 000,239,960 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\xactengine3_7.dll
[2011/04/13 00:22:46 | 000,074,072 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\XAPOFX1_5.dll
[2011/04/13 00:22:45 | 002,106,216 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\D3DCompiler_43.dll
[2011/04/13 00:22:45 | 001,868,128 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\d3dcsx_43.dll
[2011/04/13 00:22:45 | 000,470,880 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\d3dx10_43.dll
[2011/04/13 00:22:45 | 000,248,672 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\d3dx11_43.dll
[2011/04/13 00:20:30 | 000,238,936 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\xactengine3_6.dll
[2011/04/13 00:20:30 | 000,022,360 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\X3DAudio1_7.dll
[2011/04/13 00:05:50 | 000,000,000 | ---D | C] -- C:\Users\Mazzocchi\AppData\Local\AaaaaRecklessDisregard
[2011/04/13 00:05:01 | 000,000,000 | ---D | C] -- C:\Users\Mazzocchi\AppData\Local\123KickIt
[1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2011/05/12 22:32:16 | 000,580,608 | ---- | M] (OldTimer Tools) -- C:\Users\Mazzocchi\Desktop\OTL.exe
[2011/05/12 22:29:35 | 000,000,312 | -HS- | M] () -- C:\Windows\tasks\Hcbmziipsw.job
[2011/05/12 22:29:29 | 000,004,672 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
[2011/05/12 22:29:28 | 000,004,672 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
[2011/05/12 22:29:24 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2011/05/12 22:29:22 | 3488,079,872 | -HS- | M] () -- C:\hiberfil.sys
[2011/05/12 15:48:00 | 000,000,482 | ---- | M] () -- C:\Windows\tasks\Norton Security Scan for Mazzocchi.job
[2011/05/11 03:13:02 | 000,015,718 | ---- | M] () -- C:\Users\Mazzocchi\Desktop\O-Demonoid.me-O_The_Lonley_Island_Turtleneck_and_Chain_(2011)_7813447.4642.torrent
[2011/05/10 18:55:36 | 000,002,577 | ---- | M] () -- C:\Windows\System32\config.nt
[2011/05/10 08:10:59 | 000,040,112 | ---- | M] (AVAST Software) -- C:\Windows\avastSS.scr
[2011/05/10 08:10:55 | 000,199,304 | ---- | M] (AVAST Software) -- C:\Windows\System32\aswBoot.exe
[2011/05/10 08:03:54 | 000,441,176 | ---- | M] (AVAST Software) -- C:\Windows\System32\drivers\aswSnx.sys
[2011/05/10 08:03:44 | 000,307,928 | ---- | M] (AVAST Software) -- C:\Windows\System32\drivers\aswSP.sys
[2011/05/10 08:02:37 | 000,049,240 | ---- | M] (AVAST Software) -- C:\Windows\System32\drivers\aswTdi.sys
[2011/05/10 07:59:56 | 000,025,432 | ---- | M] (AVAST Software) -- C:\Windows\System32\drivers\aswRdr.sys
[2011/05/10 07:59:44 | 000,053,592 | ---- | M] (AVAST Software) -- C:\Windows\System32\drivers\aswMonFlt.sys
[2011/05/10 07:59:35 | 000,019,544 | ---- | M] (AVAST Software) -- C:\Windows\System32\drivers\aswFsBlk.sys
[2011/05/09 22:34:40 | 000,000,020 | ---- | M] () -- C:\Users\Mazzocchi\defogger_reenable
[2011/05/09 22:34:11 | 000,050,477 | ---- | M] () -- C:\Users\Mazzocchi\Desktop\Defogger.exe
[2011/05/09 21:56:59 | 000,625,664 | ---- | M] () -- C:\Users\Mazzocchi\Desktop\dds.scr
[2011/05/09 18:15:43 | 000,227,840 | ---- | M] () -- C:\Users\Mazzocchi\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2011/05/09 18:15:42 | 575,126,254 | ---- | M] () -- C:\Users\Mazzocchi\Desktop\bmf8044500k.wmv
[2011/05/09 18:15:34 | 486,303,397 | ---- | M] () -- C:\Users\Mazzocchi\Desktop\ap7970500k.wmv
[2011/05/09 03:20:05 | 000,000,600 | ---- | M] () -- C:\Users\Mazzocchi\AppData\Roaming\winscp.rnd
[2011/05/08 22:38:56 | 378,990,704 | ---- | M] () -- C:\Users\Mazzocchi\Desktop\bmf3265500k.wmv
[2011/05/08 22:20:14 | 320,110,396 | ---- | M] () -- C:\Users\Mazzocchi\Desktop\bkb8144500k.wmv
[2011/05/08 04:43:40 | 583,360,267 | ---- | M] () -- C:\Users\Mazzocchi\Desktop\ms8224500k.wmv
[2011/05/08 02:34:59 | 000,000,456 | ---- | M] () -- C:\Windows\tasks\Driver Robot.job
[2011/05/06 00:43:10 | 002,209,320 | ---- | M] () -- C:\Windows\System32\perfh009.dat
[2011/05/06 00:43:10 | 000,656,494 | ---- | M] () -- C:\Windows\System32\perfc009.dat
[2011/05/06 00:09:03 | 1034,276,864 | ---- | M] () -- C:\Users\Mazzocchi\Desktop\299A54C762324762AF7FF7A5D1F087E1FE0C92C841
[2011/05/05 20:13:55 | 677,715,968 | ---- | M] () -- C:\Users\Mazzocchi\Desktop\BB4A4BD7FDB7667E4A9581308556A51A26687C8D41
[2011/05/05 16:21:22 | 523,958,125 | ---- | M] () -- C:\Users\Mazzocchi\Desktop\btra8002500k.wmv
[2011/05/05 15:57:31 | 026,595,896 | ---- | M] (Google Inc.) -- C:\Users\Mazzocchi\Desktop\chrome_installer_10.0.648.151.exe
[2011/05/04 13:54:12 | 000,302,080 | ---- | M] () -- C:\Users\Mazzocchi\Desktop\gmer.exe
[2011/05/01 14:21:34 | 001,407,280 | ---- | M] (Kaspersky Lab ZAO) -- C:\Users\Mazzocchi\Desktop\TDSSKiller.exe
[2011/04/28 00:21:37 | 000,054,016 | ---- | M] () -- C:\Windows\System32\drivers\rpooqw.sys
[2011/04/27 01:18:58 | 000,001,537 | ---- | M] () -- C:\Users\Mazzocchi\Desktop\remove.reg
[2011/04/26 03:28:56 | 000,568,672 | ---- | M] (Google Inc.) -- C:\Users\Mazzocchi\Desktop\ChromeSetup.exe
[2011/04/26 02:07:13 | 000,009,434 | -HS- | M] () -- C:\ProgramData\0502ev3eo777mv3eog47jbb63500rrc0q30
[2011/04/26 02:07:12 | 000,009,434 | -HS- | M] () -- C:\Users\Mazzocchi\AppData\Local\0502ev3eo777mv3eog47jbb63500rrc0q30
[2011/04/25 22:23:03 | 000,000,906 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes' Anti-Malware.lnk
[2011/04/25 14:34:45 | 000,093,184 | RHS- | M] () -- C:\Windows\System32\kdusba.dll
[2011/04/25 13:50:44 | 000,001,672 | ---- | M] () -- C:\Users\Public\Desktop\AOL® Instant Messenger™.lnk
[2011/04/25 13:50:12 | 015,819,776 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\imageres.dll
[2011/04/25 13:40:55 | 000,001,760 | ---- | M] () -- C:\Users\Public\Desktop\Mozilla Firefox.lnk
[2011/04/18 20:53:16 | 000,000,600 | ---- | M] () -- C:\Users\Mazzocchi\AppData\Local\PUTTY.RND
[2011/04/18 20:10:15 | 000,001,664 | ---- | M] () -- C:\Users\Mazzocchi\Application Data\Microsoft\Internet Explorer\Quick Launch\iTunes.lnk
[2011/04/14 17:11:18 | 004,486,064 | ---- | M] () -- C:\Users\Mazzocchi\Desktop\DSC00332.JPG
[2011/04/14 05:18:37 | 000,000,577 | ---- | M] () -- C:\Windows\hegames.ini
[2011/04/13 00:22:47 | 000,444,952 | ---- | M] (Creative Labs) -- C:\Windows\System32\wrap_oal.dll
[2011/04/13 00:22:47 | 000,109,080 | ---- | M] (Portions © Creative Labs Inc. and NVIDIA Corp.) -- C:\Windows\System32\OpenAL32.dll
[1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]

========== Files Created - No Company Name ==========

[2011/05/11 03:13:03 | 000,015,718 | ---- | C] () -- C:\Users\Mazzocchi\Desktop\O-Demonoid.me-O_The_Lonley_Island_Turtleneck_and_Chain_(2011)_7813447.4642.torrent
[2011/05/09 22:34:24 | 000,000,020 | ---- | C] () -- C:\Users\Mazzocchi\defogger_reenable
[2011/05/09 22:34:12 | 000,050,477 | ---- | C] () -- C:\Users\Mazzocchi\Desktop\Defogger.exe
[2011/05/09 21:59:36 | 000,302,080 | ---- | C] () -- C:\Users\Mazzocchi\Desktop\gmer.exe
[2011/05/09 21:56:57 | 000,625,664 | ---- | C] () -- C:\Users\Mazzocchi\Desktop\dds.scr
[2011/05/09 18:06:39 | 486,303,397 | ---- | C] () -- C:\Users\Mazzocchi\Desktop\ap7970500k.wmv
[2011/05/09 18:06:25 | 575,126,254 | ---- | C] () -- C:\Users\Mazzocchi\Desktop\bmf8044500k.wmv
[2011/05/08 22:34:46 | 378,990,704 | ---- | C] () -- C:\Users\Mazzocchi\Desktop\bmf3265500k.wmv
[2011/05/08 22:18:52 | 320,110,396 | ---- | C] () -- C:\Users\Mazzocchi\Desktop\bkb8144500k.wmv
[2011/05/08 04:40:03 | 583,360,267 | ---- | C] () -- C:\Users\Mazzocchi\Desktop\ms8224500k.wmv
[2011/05/06 00:08:39 | 1034,276,864 | ---- | C] () -- C:\Users\Mazzocchi\Desktop\299A54C762324762AF7FF7A5D1F087E1FE0C92C841
[2011/05/05 20:13:40 | 677,715,968 | ---- | C] () -- C:\Users\Mazzocchi\Desktop\BB4A4BD7FDB7667E4A9581308556A51A26687C8D41
[2011/05/05 16:11:58 | 523,958,125 | ---- | C] () -- C:\Users\Mazzocchi\Desktop\btra8002500k.wmv
[2011/05/05 16:05:21 | 000,000,858 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mozilla Firefox.lnk
[2011/04/28 00:21:37 | 000,054,016 | ---- | C] () -- C:\Windows\System32\drivers\rpooqw.sys
[2011/04/27 01:18:57 | 000,001,537 | ---- | C] () -- C:\Users\Mazzocchi\Desktop\remove.reg
[2011/04/27 01:12:12 | 3488,079,872 | -HS- | C] () -- C:\hiberfil.sys
[2011/04/25 22:23:03 | 000,000,906 | ---- | C] () -- C:\Users\Public\Desktop\Malwarebytes' Anti-Malware.lnk
[2011/04/25 16:02:36 | 000,009,434 | -HS- | C] () -- C:\Users\Mazzocchi\AppData\Local\0502ev3eo777mv3eog47jbb63500rrc0q30
[2011/04/25 16:02:36 | 000,009,434 | -HS- | C] () -- C:\ProgramData\0502ev3eo777mv3eog47jbb63500rrc0q30
[2011/04/25 14:34:46 | 000,000,312 | -HS- | C] () -- C:\Windows\tasks\Hcbmziipsw.job
[2011/04/25 14:34:45 | 000,093,184 | RHS- | C] () -- C:\Windows\System32\kdusba.dll
[2011/04/18 20:42:24 | 000,000,600 | ---- | C] () -- C:\Users\Mazzocchi\AppData\Local\PUTTY.RND
[2011/04/18 20:10:15 | 000,001,664 | ---- | C] () -- C:\Users\Mazzocchi\Application Data\Microsoft\Internet Explorer\Quick Launch\iTunes.lnk
[2011/04/14 17:13:52 | 004,486,064 | ---- | C] () -- C:\Users\Mazzocchi\Desktop\DSC00332.JPG
[2011/04/14 05:17:00 | 000,000,577 | ---- | C] () -- C:\Windows\hegames.ini
[2010/12/25 02:58:58 | 000,000,600 | ---- | C] () -- C:\Users\Mazzocchi\AppData\Roaming\winscp.rnd
[2010/12/24 22:41:36 | 000,103,156 | -H-- | C] () -- C:\Windows\System32\mlfcache.dat
[2010/09/29 19:53:41 | 000,000,004 | ---- | C] () -- C:\Program Files\30451.dat
[2010/08/18 00:56:43 | 000,000,056 | -H-- | C] () -- C:\Windows\System32\ezsidmv.dat
[2010/07/09 15:04:40 | 000,041,872 | ---- | C] () -- C:\Windows\System32\xfcodec.dll
[2010/06/15 00:24:57 | 000,138,056 | ---- | C] () -- C:\Users\Mazzocchi\AppData\Roaming\PnkBstrK.sys
[2010/06/15 00:24:41 | 002,419,568 | ---- | C] () -- C:\Windows\System32\pbsvc_apb.exe
[2010/05/16 18:59:40 | 000,009,728 | ---- | C] () -- C:\Windows\System32\uc_karos_launching.dll
[2010/03/31 19:27:12 | 000,000,000 | ---- | C] () -- C:\Windows\ativpsrm.bin
[2010/03/31 19:24:08 | 000,000,552 | ---- | C] () -- C:\Users\Mazzocchi\AppData\Local\d3d8caps.dat
[2010/03/02 23:06:00 | 000,023,040 | ---- | C] () -- C:\Windows\System32\atitmpxx.dll
[2010/02/25 15:55:46 | 000,201,875 | ---- | C] () -- C:\Windows\System32\atiicdxx.dat
[2010/02/23 12:15:02 | 000,001,105 | ---- | C] () -- C:\Windows\System32\atipblag.dat
[2010/01/16 14:36:48 | 000,000,534 | ---- | C] () -- C:\Windows\eReg.dat
[2010/01/14 21:42:25 | 000,000,077 | ---- | C] () -- C:\Windows\huffyuv.ini
[2010/01/14 21:17:24 | 002,378,752 | ---- | C] () -- C:\Windows\System32\x264vfw.dll
[2010/01/14 21:16:14 | 000,178,176 | ---- | C] () -- C:\Windows\System32\unrar.dll
[2010/01/14 21:16:14 | 000,000,038 | ---- | C] () -- C:\Windows\avisplitter.ini
[2010/01/14 21:16:13 | 000,819,200 | ---- | C] () -- C:\Windows\System32\xvidcore.dll
[2010/01/14 21:16:13 | 000,180,224 | ---- | C] () -- C:\Windows\System32\xvidvfw.dll
[2010/01/14 21:16:11 | 000,085,504 | ---- | C] () -- C:\Windows\System32\ff_vfw.dll
[2010/01/12 19:24:53 | 000,001,372 | ---- | C] () -- C:\Windows\cdplayer.ini
[2010/01/12 19:20:09 | 000,001,302 | ---- | C] () -- C:\ProgramData\ss.ini
[2009/12/15 15:26:50 | 000,000,292 | ---- | C] () -- C:\Windows\vtmb.ini
[2009/11/15 00:16:09 | 000,153,088 | ---- | C] () -- C:\Program Files\UNWISE.EXE
[2009/11/10 03:32:24 | 000,000,000 | ---- | C] () -- C:\Windows\nsreg.dat
[2009/11/09 01:47:01 | 000,110,592 | ---- | C] () -- C:\Windows\System32\FsUsbExDevice.Dll
[2009/11/09 01:47:01 | 000,036,608 | ---- | C] () -- C:\Windows\System32\FsUsbExDisk.Sys
[2009/11/09 01:39:25 | 000,000,000 | ---- | C] () -- C:\ProgramData\LauncherAccess.dt
[2009/11/09 01:31:25 | 000,005,632 | ---- | C] () -- C:\Windows\System32\drivers\StarOpen.sys
[2009/11/09 01:17:54 | 000,139,040 | ---- | C] () -- C:\Windows\System32\drivers\PnkBstrK.sys
[2009/11/09 01:17:51 | 000,188,704 | ---- | C] () -- C:\Windows\System32\PnkBstrB.exe
[2009/11/09 01:17:42 | 000,075,064 | ---- | C] () -- C:\Windows\System32\PnkBstrA.exe
[2009/11/07 17:26:28 | 000,227,840 | ---- | C] () -- C:\Users\Mazzocchi\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2009/11/07 16:48:35 | 000,140,288 | ---- | C] () -- C:\Windows\System32\igfxtvcx.dll
[2009/11/07 16:43:58 | 000,004,608 | ---- | C] () -- C:\Windows\System32\HdmiCoin.dll
[2009/11/07 16:43:08 | 000,982,196 | ---- | C] () -- C:\Windows\System32\igkrng500.bin
[2009/11/07 16:43:08 | 000,417,344 | ---- | C] () -- C:\Windows\System32\igcompkrng500.bin
[2009/11/07 16:43:08 | 000,092,168 | ---- | C] () -- C:\Windows\System32\igfcg500m.bin
[2009/11/07 16:43:07 | 000,134,544 | ---- | C] () -- C:\Windows\System32\igfcg500.bin
[2009/11/07 16:36:44 | 000,203,328 | R--- | C] () -- C:\Windows\GSetup.exe
[2009/11/07 16:36:44 | 000,000,010 | ---- | C] () -- C:\Windows\GSetup.ini
[2009/11/07 16:34:29 | 000,000,680 | ---- | C] () -- C:\Users\Mazzocchi\AppData\Local\d3d9caps.dat
[2009/03/05 07:54:58 | 000,073,728 | ---- | C] () -- C:\Windows\System32\RtNicProp32.dll
[2009/02/18 14:55:20 | 000,294,912 | ---- | C] () -- C:\Windows\System32\ATIODE.exe
[2009/02/03 17:52:02 | 000,045,056 | ---- | C] () -- C:\Windows\System32\ATIODCLI.exe
[2008/10/28 18:40:48 | 000,173,552 | ---- | C] () -- C:\Windows\System32\xlive.dll.cat
[2007/07/18 17:42:42 | 000,025,624 | ---- | C] () -- C:\Windows\System32\drivers\LVPr2Mon.sys
[2007/02/03 09:59:04 | 000,050,127 | ---- | C] () -- C:\Windows\System32\lvcoinst.ini
[2006/11/02 08:57:28 | 000,067,584 | --S- | C] () -- C:\Windows\bootstat.dat
[2006/11/02 08:47:37 | 002,182,624 | ---- | C] () -- C:\Windows\System32\FNTCACHE.DAT
[2006/11/02 08:35:32 | 000,005,632 | ---- | C] () -- C:\Windows\System32\sysprepMCE.dll
[2006/11/02 06:33:01 | 002,209,320 | ---- | C] () -- C:\Windows\System32\perfh009.dat
[2006/11/02 06:33:01 | 000,656,494 | ---- | C] () -- C:\Windows\System32\perfc009.dat
[2006/11/02 06:33:01 | 000,287,440 | ---- | C] () -- C:\Windows\System32\perfi009.dat
[2006/11/02 06:33:01 | 000,030,674 | ---- | C] () -- C:\Windows\System32\perfd009.dat
[2006/11/02 06:23:21 | 000,215,943 | ---- | C] () -- C:\Windows\System32\dssec.dat
[2006/11/02 04:58:30 | 000,043,131 | ---- | C] () -- C:\Windows\mib.bin
[2006/11/02 04:19:00 | 000,000,741 | ---- | C] () -- C:\Windows\System32\NOISE.DAT
[2006/11/02 03:40:29 | 000,013,750 | ---- | C] () -- C:\Windows\System32\pacerprf.ini
[2006/11/02 03:25:31 | 000,673,088 | ---- | C] () -- C:\Windows\System32\mlang.dat
[2006/11/02 03:22:43 | 000,099,999 | ---- | C] () -- C:\Windows\System32\StructuredQuerySchema.bin
[2006/11/02 03:22:43 | 000,018,271 | ---- | C] () -- C:\Windows\System32\StructuredQuerySchemaTrivial.bin

========== Alternate Data Streams ==========

@Alternate Data Stream - 110 bytes -> C:\ProgramData\TEMP:888AFB86

< End of report >


Extra.txt

OTL Extras logfile created on: 5/12/2011 10:33:17 PM - Run 1
OTL by OldTimer - Version 3.2.22.3 Folder = C:\Users\Mazzocchi\Desktop
Windows Vista Home Premium Edition (Version = 6.0.6000) - Type = NTWorkstation
Internet Explorer (Version = 7.0.6000.16982)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

3.00 Gb Total Physical Memory | 2.00 Gb Available Physical Memory | 55.00% Memory free
7.00 Gb Paging File | 5.00 Gb Available in Paging File | 80.00% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 931.51 Gb Total Space | 487.00 Gb Free Space | 52.28% Space Free | Partition Type: NTFS
Drive D: | 465.76 Gb Total Space | 144.35 Gb Free Space | 30.99% Space Free | Partition Type: NTFS

Computer Name: MAZZOCCHI-PC | User Name: Mazzocchi | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Extra Registry (SafeList) ==========


========== File Associations ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\System32\control.exe (Microsoft Corporation)
.hlp [@ = hlpfile] -- C:\Windows\winhlp32.exe (Microsoft Corporation)
.url [@ = InternetShortcut] -- rundll32.exe ieframe.dll,OpenURL %l

[HKEY_USERS\S-1-5-21-2424540610-1425839361-1836360759-1000\SOFTWARE\Classes\<extension>]
.html [@ = ChromeHTML] -- Reg Error: Key error. File not found

========== Shell Spawning ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
hlpfile [open] -- %SystemRoot%\winhlp32.exe %1 (Microsoft Corporation)
htmlfile [edit] -- Reg Error: Key error.
htmlfile [print] -- rundll32.exe %windir%\system32\mshtml.dll,PrintHTML "%1"
http [open] -- Reg Error: Key error.
https [open] -- Reg Error: Key error.
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
InternetShortcut [open] -- rundll32.exe ieframe.dll,OpenURL %l
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe /separate,/idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /separate,/e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

========== Security Center Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 0

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0

========== Firewall Settings ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1

========== Authorized Applications List ==========


========== Vista Active Open Ports Exception List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{01F7A655-DCF0-45F0-956B-883027DB8F74}" = lport=7777 | protocol=17 | dir=in | app=%systemroot%\ehome\ehshell.exe |
"{05DB7AC6-1930-49CC-B16D-92AE54081494}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{070F22EE-6FC5-40E5-AE6D-1EAF3B47DA4A}" = lport=1900 | protocol=17 | dir=in | name=udp 1900 |
"{076C7C34-1863-452E-944C-AFC8C84743F8}" = lport=2177 | protocol=6 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{08409ED0-6D2B-495F-BD2A-D5E98E5CA2A3}" = lport=10243 | protocol=6 | dir=in | app=system |
"{0FA06162-0932-4190-9DC0-F374E892A667}" = lport=2177 | protocol=6 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{101C2D11-967C-4AF9-8669-229477E5E972}" = rport=2177 | protocol=17 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{119C887D-68D6-46B0-B50C-9F6BB94A5BF5}" = lport=10243 | protocol=6 | dir=in | app=system |
"{14C5E325-44F4-43B0-AC40-E73CBB9903B0}" = lport=2177 | protocol=17 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{17167271-1883-47EC-B44F-82D04A9A4E4C}" = rport=10243 | protocol=6 | dir=out | app=system |
"{1919EBBC-1520-42F9-8B5C-7DE685D48354}" = lport=2869 | protocol=6 | dir=in | app=system |
"{1BE6F7B2-6596-47B0-A95A-697D77B5C479}" = rport=10244 | protocol=6 | dir=out | app=system |
"{1D4F4BC1-42CC-49DD-BB85-C6EEB24FB84E}" = lport=10243 | protocol=6 | dir=in | app=system |
"{1EFCE61E-4F79-411E-9D5E-41AD19DE265E}" = rport=10243 | protocol=6 | dir=out | app=system |
"{2C594C77-C9A0-421D-8C61-D6D5DBC4DFFF}" = lport=2177 | protocol=17 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{2E0BD708-17EC-43CE-814C-2AF4B39DE2DA}" = rport=2177 | protocol=6 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{36C16BB7-5BE2-4505-A472-CF37BB8AE30D}" = lport=139 | protocol=6 | dir=in | app=system |
"{4276393E-9B92-40C6-A009-8C8E524642FF}" = rport=10243 | protocol=6 | dir=out | app=system |
"{428D432C-C561-41FC-B50D-D3A2B8319E10}" = lport=rpc-epmap | protocol=6 | dir=in | svc=rpcss | name=@firewallapi.dll,-28539 |
"{48E8786A-842A-456C-B880-9F3B09489264}" = lport=2177 | protocol=6 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{4966666A-40F2-43AB-8FC4-5306C5471A21}" = rport=2177 | protocol=17 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{53307670-C75A-4B0B-BC8D-B2AF89EBB663}" = lport=3390 | protocol=6 | dir=in | app=system |
"{559EE6A3-F07A-4994-9E02-8DCB7EDEA3E6}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{58DF3392-7E46-4D77-8B6F-D878C41B0578}" = lport=5353 | protocol=6 | dir=in | name=adobe csi cs4 |
"{60BE9A52-FD86-4725-ACF6-216C2E15529D}" = lport=554 | protocol=6 | dir=in | app=%systemroot%\ehome\ehshell.exe |
"{60F74F94-8D71-41EF-8D3A-B35BFD3B0AE3}" = lport=138 | protocol=17 | dir=in | app=system |
"{69284F44-5FD7-44F7-9EE9-E63C0D1BD53E}" = rport=2177 | protocol=17 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{6B643219-2246-43BE-BD2D-06A482645774}" = lport=2177 | protocol=17 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{6C01E9D1-DBD8-40AD-A584-4E765FFCDC13}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{6E39B761-0A6B-4B63-BED9-DC54D1235DFE}" = lport=2177 | protocol=17 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{724F408A-0111-4279-909C-D703C6FB852B}" = lport=554 | protocol=6 | dir=in | app=%systemroot%\ehome\ehshell.exe |
"{73281480-95AC-4E8F-8C0C-E53993C5B4AF}" = lport=2177 | protocol=6 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{77702262-E425-4D05-A518-06B5F54BDBB2}" = lport=445 | protocol=6 | dir=in | app=system |
"{821EB0A9-C7E0-4C29-A302-BA585E32A7DA}" = lport=10244 | protocol=6 | dir=in | app=system |
"{838E47D5-E706-44A2-ABA3-EB167D9B97C0}" = rport=139 | protocol=6 | dir=out | app=system |
"{880648C3-4FE1-4CD9-AAEF-9E6DBA304CDD}" = rport=2177 | protocol=6 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{8B886669-36BE-4870-AC42-9D112DFF5109}" = lport=2869 | protocol=6 | dir=in | app=system |
"{99D211FD-D63C-4827-A1A0-87C94A2A9AA6}" = rport=2177 | protocol=6 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{9A2577EA-4E7F-4C45-A160-E9E1881AF899}" = lport=2869 | protocol=6 | dir=in | app=system |
"{A1753599-EAA9-4DBC-B9D7-C1B5C250A4E6}" = lport=2177 | protocol=17 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{A22948D4-7631-4783-B04D-B70538881A39}" = lport=10244 | protocol=6 | dir=in | app=system |
"{A3DA20FA-AF79-448A-83C4-C6F221ED174A}" = rport=2177 | protocol=6 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{A49292D1-C474-447C-85C6-F48D7F666707}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{A6C5BBD0-97F1-4F8F-957E-C5ACB0423A9F}" = rport=445 | protocol=6 | dir=out | app=system |
"{A859046B-9B41-4896-851C-7F3EC9C01C54}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{BD4916F8-F7C3-42FB-BCC7-0B0BD2DB26D6}" = lport=3074 | protocol=17 | dir=in | name=ugc port |
"{C6882291-F4D5-42C0-BB55-982C50C49C1C}" = rport=10244 | protocol=6 | dir=out | app=system |
"{C703AA2F-AB97-4839-8523-05EF637E8CD9}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{CBA11360-DF25-4760-A441-864A68416F74}" = lport=rpc | protocol=6 | dir=in | svc=spooler | app=%systemroot%\system32\spoolsv.exe |
"{D073E9BB-060E-452B-AF62-B840D4B07928}" = rport=2177 | protocol=17 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{D37AD92D-83E9-4517-BCCA-EC4AD47241D6}" = lport=2177 | protocol=6 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{D635080E-15DD-4870-89A3-B9DDBBE3E7DE}" = lport=137 | protocol=17 | dir=in | app=system |
"{DE920831-AF52-412F-AC47-3944BF5D1352}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{E126E6C5-4A30-4300-B648-320D1A9B49E6}" = lport=2869 | protocol=6 | dir=in | name=tcp 2869 |
"{E259EDFB-D52E-433B-A06B-42D4D06AC8EB}" = rport=2177 | protocol=6 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{E5E4602E-03F6-4F1F-97C5-033BA41BC7CC}" = rport=138 | protocol=17 | dir=out | app=system |
"{ED6110F7-C53A-47C7-A0F4-718B900DBC6B}" = rport=137 | protocol=17 | dir=out | app=system |
"{FA471DDD-966E-4240-9591-80718153E7A1}" = rport=2177 | protocol=17 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{FACD73C8-739F-43F0-8250-716F823711AD}" = lport=3390 | protocol=6 | dir=in | app=system |
"{FBF4D6D6-48EE-4745-8785-B3B3E889BBEE}" = lport=7777 | protocol=17 | dir=in | app=%systemroot%\ehome\ehshell.exe |
"{FF028D64-B04C-4DFE-AAB2-EC848FE0BEC7}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |

========== Vista Active Application Exception List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{00737F90-18CC-4346-A405-D8A95159DDE0}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{015C670C-5559-418B-8A07-5533447BD5F1}" = protocol=6 | dir=in | app=c:\program files\raptr\raptr.exe |
"{074F074D-5D3E-443C-9427-EC6F9269EA87}" = protocol=6 | dir=out | app=%systemroot%\ehome\ehshell.exe |
"{083A6907-E21B-4D5F-BF04-16A942BE6254}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{09B9CB40-1315-4709-8040-512AF1DBDD1B}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{0A4942AC-9C51-47CA-B6F9-77A84C29A922}" = protocol=6 | dir=in | app=c:\program files\steam\steamapps\common\alien swarm\swarm.exe |
"{0B969E24-691B-4B75-A1CF-9C5C320FFEB6}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{0FD2FDA3-9458-4040-92E5-87D322F71426}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{10E26C9C-EB7B-4096-990D-236E904BAD26}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{11969B61-46A0-4514-99AC-1C14FE4A15C0}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{13AE01D5-93B8-41CE-8533-FC3E2F579230}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{13B103A7-CB15-4FB9-812B-C5F8AF846B4E}" = protocol=6 | dir=out | app=system |
"{13EBAB98-E202-4ED3-BE87-9B2CE04CC64C}" = protocol=17 | dir=in | app=c:\program files\common files\adobe\cs4servicemanager\cs4servicemanager.exe |
"{14AF9E67-92A6-4172-A1DE-64777E1182BF}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{15281671-27EE-4CDF-B315-6276F94D46DE}" = protocol=6 | dir=out | app=%systemroot%\ehome\ehshell.exe |
"{15A41CE6-63CC-492F-8BF4-AF092E207669}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{164427AF-54E3-4B4D-BCE2-DD32201CF2E4}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe |
"{1A986BDF-533B-441B-B037-68936DAE10D8}" = protocol=6 | dir=in | app=c:\program files\activision\call of duty - world at war\codwaw.exe |
"{1BD55404-D20B-4C18-950D-61A8C41CDCF5}" = protocol=1 | dir=in | name=@firewallapi.dll,-28543 |
"{1C64475C-A51B-40D6-AFD5-FE9F72BCE29E}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{1C85DC67-D359-41D3-8C0E-8E9377B09005}" = protocol=6 | dir=in | app=c:\program files\steam\steamapps\common\audiosurf\engine\questviewer.exe |
"{1DAE72ED-4EBC-4E86-B96A-6FDB1D9C9D15}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{1DE07B3B-CC01-488C-8BC6-94DAACBFDFDD}" = protocol=6 | dir=in | app=c:\program files\steam\steamapps\common\portal 2\portal2.exe |
"{21D1866D-D520-48BC-AB36-4E20957BB559}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{222D6484-6AE4-4FB0-AAF0-400C681C9B69}" = protocol=58 | dir=out | name=@firewallapi.dll,-28546 |
"{225D95B3-A3A0-4F40-A433-86EF0F9E396D}" = protocol=6 | dir=out | app=%systemroot%\ehome\mcx2prov.exe |
"{23164195-7530-4C2B-BCF9-2A89B96B7AFE}" = protocol=6 | dir=in | app=c:\program files\samsung\samsung new pc studio\npsasvr.exe |
"{23EEAAA2-BAD7-4283-AE6A-7939294D5D17}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{241453E9-8979-4953-BBE6-08AB418C0C48}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{2638D48C-9A14-4F37-80B0-3757C5B4013A}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{26EE5F57-6F70-4599-A160-F301D95C8DF9}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{27352E34-87AA-438D-9A26-535C5318DCC5}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{27A3210C-6DD8-483D-9968-BCCF8B059EEF}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{28DD8B2B-F0A9-4846-87B8-BAACF47E8294}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{298E9573-3107-421F-9642-309AFFD126A3}" = protocol=6 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe |
"{2B42EEB5-C7FD-4A4D-9C15-E84496DC91B4}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{2C62A3E7-CA20-45B5-B528-69B6D6C241A4}" = protocol=6 | dir=in | app=%programfiles%\zune\zunenss.exe |
"{30BF5ACD-D2B7-4244-A107-49FB86C19426}" = protocol=17 | dir=in | app=c:\program files\steam\steamapps\common\stalker shadow of chernobyl\bin\xr_3da.exe |
"{30C48210-1C44-40D1-BE2B-887E455EF632}" = protocol=6 | dir=in | app=c:\users\mazzocchi\appdata\roaming\dropbox\bin\dropbox.exe |
"{3138FD2C-6CEA-4854-8C95-B5F988A24B82}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe |
"{314DF70B-ADB7-45C6-BB88-F7385062DA78}" = protocol=17 | dir=in | app=c:\program files\samsung\samsung new pc studio\npsvsvr.exe |
"{31B95F8D-B9BF-4DD9-A85E-3F373A76D9B4}" = protocol=6 | dir=out | app=system |
"{343F616C-7CD8-4CEF-9E6C-3BF44B632E83}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{3455D2AC-5617-40E5-93FE-4D03A510BBB4}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{38288FF3-BB7B-4071-A551-5978394ECA87}" = protocol=17 | dir=in | app=c:\program files\samsung\samsung new pc studio\npsasvr.exe |
"{3A09DA15-EF38-4C13-A310-E3323E887C54}" = protocol=6 | dir=in | app=c:\program files\steam\steamapps\common\defensegridtheawakening\defensegrid.exe |
"{3CC0D3F0-8543-42C4-AE47-05D488D8B2BA}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{3E0B07C1-920C-46D5-ABEA-0AAB41CCB0A9}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{3FBE4497-B130-4F6F-970A-182B5B9E33B3}" = protocol=6 | dir=in | app=c:\program files\frostwire\frostwire.exe |
"{41DAB5B8-B2C9-4531-AD71-F08DC0F6243A}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{42F1F830-3A86-4CB9-A6BD-0FB24C528553}" = protocol=17 | dir=in | app=c:\program files\activision\call of duty - world at war\codwaw.exe |
"{47B00F09-8984-4DAF-BE65-6B51557923A7}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{47D9EC41-0347-4EA8-B3A8-BE65AB3731D9}" = protocol=6 | dir=in | app=c:\program files\common files\adobe\cs4servicemanager\cs4servicemanager.exe |
"{486764AD-B1FE-41C8-9DB0-722B16804662}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{4868155E-82DA-4BA2-8B05-05F5EA99337A}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{5313F89B-9E8B-4A9D-9B41-315C4890BFAB}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{53BA7311-D487-4524-ABAC-258713D1309D}" = protocol=17 | dir=in | app=c:\program files\raptr\raptr.exe |
"{57C9E31C-6682-4E05-BD91-B5FE730A2F40}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{58EB56B3-0FDF-4454-AFB5-98F1CB10001A}" = protocol=6 | dir=in | app=c:\windows\system32\pnkbstrb.exe |
"{596BA70C-CACC-4E2B-9DA2-FBE869E2EAA5}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{5A23AAC1-957A-4153-A4CD-E00AA6CD2002}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe |
"{5B4939FF-86F8-4703-9469-3A6AF314C281}" = protocol=6 | dir=in | app=c:\program files\activision\call of duty - world at war\codwawmp.exe |
"{5CD50D9C-BDD8-42B2-9974-0C893672EC88}" = protocol=17 | dir=in | app=c:\program files\steam\steamapps\common\alien swarm\srcds.exe |
"{5E94D7D0-22CF-4A54-A2C7-E267A833911E}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{6002276A-7632-4C3C-92F7-78097198A2A6}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{6160CA8B-0FD3-44A9-B632-949F4340FCFC}" = protocol=17 | dir=in | app=c:\program files\activision\call of duty - world at war\codwawmp.exe |
"{616391E1-08D1-447C-8BFB-01CF8B8DA9E0}" = protocol=6 | dir=out | svc=mcx2svc | app=%systemroot%\system32\svchost.exe |
"{62707942-FB26-44A3-8762-F666E44F633A}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{64FF2130-49A9-4472-B6D7-ABA81A32F672}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{685F383C-7D13-4B0C-B0C3-3D4F32CE129B}" = protocol=17 | dir=in | app=c:\program files\limewire\limewire.exe |
"{68B0C2C9-6199-40BB-A33E-F714CBAA1F3D}" = protocol=17 | dir=in | app=c:\program files\steam\steamapps\common\defensegridtheawakening\defensegrid.exe |
"{696463A9-7707-4CE2-BB81-1702F0F31076}" = protocol=17 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe |
"{6A0B4EE3-8095-42DD-B72F-D6CC65AA2920}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{6C28EA8B-5AA4-46D5-9B3D-14CDEF6D7791}" = protocol=6 | dir=in | app=c:\program files\steam\steam.exe |
"{6DE5CD05-73E9-4688-8C37-2CBA4F66DF76}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{6F3D6FE8-4F42-4197-9BB6-DEC54B08FB8D}" = protocol=6 | dir=in | app=c:\program files\samsung\samsung new pc studio\npsvsvr.exe |
"{70A50702-74DE-423B-9D20-787863CEB144}" = protocol=17 | dir=in | app=c:\program files\raptr\raptr_im.exe |
"{7375A91A-F35A-47AA-B424-A6EBA866AEB7}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{73D0FFF5-1A10-40C2-905F-29AE41830AD3}" = protocol=17 | dir=in | app=c:\program files\steam\steam.exe |
"{7AC95333-F483-47EC-B8D2-E203844EE16B}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{7E642C08-E329-4F5D-A843-04BBC4E31FAA}" = protocol=6 | dir=in | app=c:\program files\steam\steamapps\common\alien swarm\srcds.exe |
"{7EB1E1B3-780D-421C-ABA1-5054EDEB72C9}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{7F06F451-C57E-48CB-AA56-BAC47CAA9298}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{82A63BD4-F342-4B7F-8CDA-A00A1F0BC0A1}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe |
"{86A7B6A2-4053-4A3C-A397-B6C7E2F4DBB9}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{88C521A3-0248-4BA7-BDEF-F375425EAB2B}" = protocol=1 | dir=out | name=@firewallapi.dll,-28544 |
"{89E7BAA7-173F-4CAB-B03D-8B008F6F33B2}" = protocol=17 | dir=in | app=c:\windows\system32\pnkbstra.exe |
"{8C28F5DB-102D-4EF5-A161-B92F1FEB2DD7}" = protocol=17 | dir=in | app=c:\program files\steam\steamapps\common\left 4 dead 2\left4dead2.exe |
"{8C7F59C2-0EFB-4D28-9A20-F5A116A54979}" = protocol=6 | dir=in | app=c:\program files\steam\steamapps\common\amnesia the dark descent\launcher.exe |
"{8E300DF2-1189-4391-BF93-E567A0CE7315}" = protocol=6 | dir=in | app=c:\windows\system32\pnkbstra.exe |
"{918EEF83-8041-4AEC-ACF3-76F143B7877A}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{9A273342-050A-41C9-BD02-B370C292EA7C}" = protocol=17 | dir=in | app=c:\program files\frostwire\frostwire.exe |
"{9AB105AA-4DA9-46C5-AD9F-D2993BE2ADB2}" = protocol=6 | dir=out | app=system |
"{9AEEB1C3-80BE-436A-B841-655CC09A4D7D}" = protocol=17 | dir=in | app=c:\program files\steam\steamapps\common\alien swarm\swarm.exe |
"{9CB3D241-C15C-4DB3-BCCB-CD1FD02DE07F}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{9D64C935-2F03-4F36-AEF8-6B3CB7A9BF46}" = protocol=17 | dir=in | app=c:\users\mazzocchi\appdata\roaming\dropbox\bin\dropbox.exe |
"{9DE40EAF-C7F5-4B22-B9F5-5E471C0B1D3F}" = protocol=17 | dir=in | app=%programfiles%\zune\zunenss.exe |
"{9E76C5F2-CE7D-41A0-A044-AB53D60C70FE}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{A1E4DD80-3011-4440-938F-F331C3ABA9EF}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{A2D3C7FF-EF63-4A3C-B4D2-A30692C827A7}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{A45BF7E5-8585-4BF3-9A77-25CD223058F5}" = protocol=6 | dir=in | app=c:\program files\raptr\raptr_im.exe |
"{AA9B7974-A756-4173-83FA-7B1805026553}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{AB131388-BC7C-42A9-A00B-81F9143B6915}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{AD3DA6D8-1078-438F-B08E-4E23EE1B3CDA}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{AE72CF13-62A9-49BC-BF64-80D764729A7E}" = protocol=17 | dir=in | app=c:\windows\system32\pnkbstrb.exe |
"{AEF87EEF-B58D-40FF-BDFD-D4F0689E068B}" = protocol=17 | dir=in | app=c:\program files\steam\steamapps\common\amnesia the dark descent\launcher.exe |
"{B37AF497-B13A-4B28-8B1F-22731FD7345A}" = protocol=6 | dir=in | app=c:\program files\steam\steamapps\common\left 4 dead 2\left4dead2.exe |
"{B412FF95-C031-446E-87EE-A4984FE9C3D7}" = protocol=17 | dir=in | app=%programfiles%\zune\zunenss.exe |
"{B62EDDF8-9A92-4908-8BF0-ECDF982C52E3}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{BB32CAF2-F7F4-4AC2-8207-4206CA35E41D}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{BBA87F2F-C23D-4B04-B883-60272BA5ED1A}" = protocol=6 | dir=out | app=%programfiles%\zune\zunenss.exe |
"{BFC3F891-160F-4135-ADF7-50803DC64108}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{BFC9A171-A9A0-444C-A067-A74FC6B5FEE2}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{BFE5DD63-9EC6-43D4-B91C-E5EAA417D835}" = protocol=17 | dir=out | app=%systemroot%\ehome\ehshell.exe |
"{C00BE6E7-298A-4D3F-9B33-AF681B6FA357}" = protocol=6 | dir=in | app=%programfiles%\zune\zunenss.exe |
"{C39E83AD-80E5-4079-805B-14C3219B448B}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{C3F38333-E8F3-45B5-AC0B-10E7CD8947CD}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe |
"{C43B4E71-9963-4807-AEF5-E72E482DE6BC}" = protocol=6 | dir=out | app=%programfiles%\zune\zunenss.exe |
"{C581198A-4C35-4547-A072-303B6663C982}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{C6431F06-832C-463A-80DE-6C4F74E7CD52}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{C646A86E-CCB3-40E6-878F-431116B7416C}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{CB21B0F1-FC4F-446A-908F-8C17C5D0CF89}" = protocol=17 | dir=in | app=c:\program files\steam\steamapps\common\portal 2\portal2.exe |
"{CF405216-A041-4BEE-B24C-5B511DFEB9CB}" = dir=in | app=c:\program files\itunes\itunes.exe |
"{D23A616C-508A-4D4E-8F91-48C9AF72850C}" = protocol=17 | dir=out | app=%programfiles%\zune\zunenss.exe |
"{D5805810-AAAD-4D3D-B5DE-257820949232}" = protocol=6 | dir=out | app=%systemroot%\ehome\mcx2prov.exe |
"{D771C989-4441-4B77-AAF5-AD7C778C3007}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe |
"{D797D2B0-650E-4A2C-996B-965A6C75F302}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{DE81E15F-9EDD-46AE-8F86-B2A99A343D43}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{E00276C0-A488-4739-97C1-6C9285203A59}" = protocol=17 | dir=out | app=%programfiles%\zune\zunenss.exe |
"{E12DF945-D0E0-4061-BCD2-925C63D6CCE9}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{E1956ADC-A3BA-4A63-801A-560D38A7B922}" = protocol=6 | dir=in | app=c:\program files\limewire\limewire.exe |
"{E1EA3139-5845-42BB-86AB-35B6BB6A005C}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{E6681D2C-D94D-41AD-9A6C-586D5C15D7F1}" = protocol=6 | dir=in | app=c:\program files\steam\steamapps\common\the ball\binaries\win32\theball.exe |
"{EAFE8F9A-D4A5-4CE7-BCE5-F4148B8DE904}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{EC1D16C5-71B5-44F3-A321-E7FD60181C3D}" = protocol=17 | dir=in | app=c:\program files\steam\steamapps\common\audiosurf\engine\questviewer.exe |
"{ED6143C1-72DD-4321-9F8A-33AF90A4F049}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{EF5B8721-0AA5-4267-9C74-2F4BF37BA7B2}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{EFDE0973-B49A-4D1A-BDA1-CA53BA8AC484}" = protocol=17 | dir=in | app=c:\program files\steam\steamapps\common\the ball\binaries\win32\theball.exe |
"{F1159297-C83C-4ED1-8B3B-6CEC2639FBE3}" = protocol=17 | dir=out | app=%systemroot%\ehome\ehshell.exe |
"{F2F4D97B-3455-4FD7-9258-079A340EB20B}" = dir=in | app=c:\program files\skype\plugin manager\skypepm.exe |
"{F310D097-AE83-44D8-B278-C8C6AC3A3382}" = protocol=6 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe |
"{F5B01290-520B-4C01-803F-6B4B58602B34}" = protocol=6 | dir=in | app=c:\program files\steam\steamapps\common\stalker shadow of chernobyl\bin\xr_3da.exe |
"{F794095D-C6D1-4652-8001-67E9FCF115E4}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{F829032E-E6D5-4E1D-8AB1-C95EC53DFC34}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{F920E953-0A33-45CE-884C-168D29E43B77}" = protocol=6 | dir=out | svc=mcx2svc | app=%systemroot%\system32\svchost.exe |
"{FA9F1DE4-F691-4095-827E-E201ECF17FD1}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe |
"{FFE7E13D-E649-4383-AA45-073EAFB975BF}" = protocol=58 | dir=in | name=@firewallapi.dll,-28545 |
"TCP Query User{0769FB96-EA94-4F6A-B6AA-95344DE9D9E7}C:\windows\explorer.exe" = protocol=6 | dir=in | app=c:\windows\explorer.exe |
"TCP Query User{1F7B1158-0F2D-4676-B6CA-62706562C0F9}C:\windows\system32\taskeng.exe" = protocol=6 | dir=in | app=c:\windows\system32\taskeng.exe |
"TCP Query User{5225513A-DD53-44BF-B887-010431515C2F}C:\program files\steam\steamapps\common\left 4 dead 2 demo\left4dead2.exe" = protocol=6 | dir=in | app=c:\program files\steam\steamapps\common\left 4 dead 2 demo\left4dead2.exe |
"TCP Query User{6866E138-F222-4257-976A-D58CA31200D3}C:\program files\mozilla firefox\firefox.exe" = protocol=6 | dir=in | app=c:\program files\mozilla firefox\firefox.exe |
"TCP Query User{732CF226-40C3-4295-AA37-9E83F9FD2BD6}C:\program files\defcon\defcon.exe" = protocol=6 | dir=in | app=c:\program files\defcon\defcon.exe |
"TCP Query User{86DC823C-036B-4DDF-83E6-AB7100952907}C:\program files\aim95\aim.exe" = protocol=6 | dir=in | app=c:\program files\aim95\aim.exe |
"TCP Query User{932520F9-F86A-4FA9-9D52-2852235EC45B}C:\program files\xfire\xfire.exe" = protocol=6 | dir=in | app=c:\program files\xfire\xfire.exe |
"TCP Query User{949CE396-CEC4-4663-B41A-D48423E88157}C:\program files\g3torrent\g3torrent.exe" = protocol=6 | dir=in | app=c:\program files\g3torrent\g3torrent.exe |
"TCP Query User{98747D5A-5780-47B5-827B-410478B8AE18}C:\program files\raptr\raptrbt.exe" = protocol=6 | dir=in | app=c:\program files\raptr\raptrbt.exe |
"TCP Query User{9A996F0D-A1DD-4A7E-BEC6-526BE2D730E6}C:\program files\steam\steamapps\mazzocchi\team fortress 2\hl2.exe" = protocol=6 | dir=in | app=c:\program files\steam\steamapps\mazzocchi\team fortress 2\hl2.exe |
"TCP Query User{BAC2FD5A-754F-487D-94EC-3AA429256D52}C:\program files\ijji\ijji reactor\reactor.exe" = protocol=6 | dir=in | app=c:\program files\ijji\ijji reactor\reactor.exe |
"TCP Query User{C0A6F01B-400F-44D2-A4FB-B3728FF6921E}C:\program files\frostwire\frostwire.exe" = protocol=6 | dir=in | app=c:\program files\frostwire\frostwire.exe |
"TCP Query User{C442ED51-1292-42AE-84B2-413163C54D3C}C:\program files\raptr\raptr.exe" = protocol=6 | dir=in | app=c:\program files\raptr\raptr.exe |
"TCP Query User{C7C2DFD2-AD61-4205-B12A-70E8AEB0C6C3}C:\program files\java\jre6\bin\javaw.exe" = protocol=6 | dir=in | app=c:\program files\java\jre6\bin\javaw.exe |
"TCP Query User{CFEBB887-53A5-45D9-A5E1-050E53D2A832}C:\program files\java\jre6\bin\java.exe" = protocol=6 | dir=in | app=c:\program files\java\jre6\bin\java.exe |
"TCP Query User{D2F0F982-BBB2-4C0C-90AB-FF61ECBEC157}C:\users\mazzocchi\appdata\local\google\chrome\application\chrome.exe" = protocol=6 | dir=in | app=c:\users\mazzocchi\appdata\local\google\chrome\application\chrome.exe |
"TCP Query User{DD9CEBAA-461A-4F16-A5D4-1EB52F62AD35}C:\program files\aspyr\guitar hero iii\gh3.exe" = protocol=6 | dir=in | app=c:\program files\aspyr\guitar hero iii\gh3.exe |
"TCP Query User{F3174D44-C26E-4E95-8C50-CAD6B9711B5E}C:\program files\realtime worlds\apb north america\binaries\apb.exe" = protocol=6 | dir=in | app=c:\program files\realtime worlds\apb north america\binaries\apb.exe |
"UDP Query User{18DCDAFA-9D42-4EA5-A89E-C50954E049D5}C:\windows\explorer.exe" = protocol=17 | dir=in | app=c:\windows\explorer.exe |
"UDP Query User{244303E4-474D-4A3A-BA7A-3E4B8D4CF409}C:\program files\ijji\ijji reactor\reactor.exe" = protocol=17 | dir=in | app=c:\program files\ijji\ijji reactor\reactor.exe |
"UDP Query User{2B124191-A927-481B-A8ED-3411B2FF0972}C:\program files\defcon\defcon.exe" = protocol=17 | dir=in | app=c:\program files\defcon\defcon.exe |
"UDP Query User{3515CE06-74E5-4798-8263-2B012CBB748B}C:\program files\raptr\raptrbt.exe" = protocol=17 | dir=in | app=c:\program files\raptr\raptrbt.exe |
"UDP Query User{36C7D9BB-EE84-4D5C-932D-D793BDAF10CE}C:\program files\mozilla firefox\firefox.exe" = protocol=17 | dir=in | app=c:\program files\mozilla firefox\firefox.exe |
"UDP Query User{43225434-A288-4FDF-B90A-688A8E210576}C:\program files\xfire\xfire.exe" = protocol=17 | dir=in | app=c:\program files\xfire\xfire.exe |
"UDP Query User{4E257924-1B44-4D66-9705-BC1D0C95BF7D}C:\program files\steam\steamapps\common\left 4 dead 2 demo\left4dead2.exe" = protocol=17 | dir=in | app=c:\program files\steam\steamapps\common\left 4 dead 2 demo\left4dead2.exe |
"UDP Query User{5A2D33EC-1BA4-4E26-8710-BA3B12554501}C:\program files\aspyr\guitar hero iii\gh3.exe" = protocol=17 | dir=in | app=c:\program files\aspyr\guitar hero iii\gh3.exe |
"UDP Query User{5ACC5542-64DE-4CF4-9763-C2E260A9A276}C:\program files\g3torrent\g3torrent.exe" = protocol=17 | dir=in | app=c:\program files\g3torrent\g3torrent.exe |
"UDP Query User{5C8F0FFC-2EA2-4D36-AA08-B6EB86D7B2A2}C:\program files\raptr\raptr.exe" = protocol=17 | dir=in | app=c:\program files\raptr\raptr.exe |
"UDP Query User{5D5BC101-9C4A-44ED-B5BA-328883D2B44C}C:\program files\frostwire\frostwire.exe" = protocol=17 | dir=in | app=c:\program files\frostwire\frostwire.exe |
"UDP Query User{60C798D1-E6C8-47DF-A710-ECF4777276BB}C:\program files\aim95\aim.exe" = protocol=17 | dir=in | app=c:\program files\aim95\aim.exe |
"UDP Query User{8415F6A4-0AD6-419F-90E4-98A325BA30F4}C:\users\mazzocchi\appdata\local\google\chrome\application\chrome.exe" = protocol=17 | dir=in | app=c:\users\mazzocchi\appdata\local\google\chrome\application\chrome.exe |
"UDP Query User{ABCEE10F-2214-4470-8ADD-7EB53C13F79F}C:\program files\steam\steamapps\mazzocchi\team fortress 2\hl2.exe" = protocol=17 | dir=in | app=c:\program files\steam\steamapps\mazzocchi\team fortress 2\hl2.exe |
"UDP Query User{AD7FBFCC-5679-49DC-9EE9-51FD24F5D60E}C:\windows\system32\taskeng.exe" = protocol=17 | dir=in | app=c:\windows\system32\taskeng.exe |
"UDP Query User{C46AB463-2D51-4B79-994A-123C4E73CDCF}C:\program files\java\jre6\bin\javaw.exe" = protocol=17 | dir=in | app=c:\program files\java\jre6\bin\javaw.exe |
"UDP Query User{CBD62636-8C49-43E3-8EB6-714BBC4A09AE}C:\program files\realtime worlds\apb north america\binaries\apb.exe" = protocol=17 | dir=in | app=c:\program files\realtime worlds\apb north america\binaries\apb.exe |
"UDP Query User{E8DED2B5-04FA-4117-981C-930B362C8106}C:\program files\java\jre6\bin\java.exe" = protocol=17 | dir=in | app=c:\program files\java\jre6\bin\java.exe |

========== HKEY_LOCAL_MACHINE Uninstall List ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{00ADFB20-AE75-46F4-AD2C-F48B15AC3100}" = Adobe Color NA Recommended Settings CS4
"{01144BEA-886C-067C-5879-4773516F9A8F}" = Catalyst Control Center Graphics Previews Vista
"{05308C4E-7285-4066-BAE3-6B50DA6ED755}" = Adobe Update Manager CS4
"{054EFA56-2AC1-48F4-A883-0AB89874B972}" = Adobe Extension Manager CS4
"{064DC64E-7A2F-4FDF-B598-E3C0747BBB9C}" = Call of Duty® - World at War™ 1.6 Patch
"{07300F01-89CA-4CF8-92BD-2A605EB83C95}" = EasySaver B9.0316.1
"{07EEE598-5F21-4B57-B40B-46592625B3D9}" = Zune Language Pack (PTB)
"{098727E1-775A-4450-B573-3F441F1CA243}" = kuler
"{0A0CADCF-78DA-33C4-A350-CD51849B9702}" = Microsoft .NET Framework 4 Extended
"{0CE1A6C0-F3F7-49E6-8F9D-2431F9827441}" = Guitar Hero III
"{0D6013AB-A0C7-41DC-973C-E93129C9A29F}" = Adobe Color JA Extra Settings CS4
"{0D67A4E4-5BE0-4C9A-8AD8-AB552B433F23}" = Adobe Setup
"{0F723FC1-7606-4867-866C-CE80AD292DAF}" = Adobe CSI CS4
"{0FC27548-D4DB-8039-456B-D9E743FEF86F}" = CCC Help English
"{13F3917B56CD4C25848BDC69916971BB}" = DivX Converter
"{1618734A-3957-4ADD-8199-F973763109A8}" = Adobe Anchor Service CS4
"{16E16F01-2E2D-4248-A42F-76261C147B6C}" = Adobe Drive CS4
"{16E6D2C1-7C90-4309-8EC4-D2212690AAA4}" = AdobeColorCommonSetRGB
"{196BB40D-1578-3D01-B289-BEFC77A11A1E}" = Microsoft Visual C++ 2010 x86 Redistributable - 10.0.30319
"{1B191E4A-123C-41AD-BB42-966D56A338C8}" = Magma
"{1E99F5D7-4262-4C7C-9135-F066E7485811}" = System Requirements Lab
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{26A24AE4-039D-4CA4-87B4-2F83216016FF}" = Java™ 6 Update 24
"{28996689-E20A-E63B-2BDA-B662AB807C87}" = ATI Catalyst Install Manager
"{2C4E2E4E-A7C9-4CCB-BF03-FE6EBD5D4AB7}" = Windows Mobile Device Updater Component
"{353FE16B-30FE-469A-BF55-B978F4218003}" = iTunes
"{35725FBC-A136-4A46-9F29-091759D9BB93}" = MVision
"{35D94F92-1D3A-43C5-8605-EA268B1A7BD9}" = PDF Settings CS4
"{364EC092-93CF-4DDC-9D7A-7278452028E0}" = Logitech QuickCam
"{39F6E2B4-CFE8-C30A-66E8-489651F0F34C}" = Adobe Media Player
"{3A4E8896-C2E7-4084-A4A4-B8FD1894E739}" = Adobe XMP Panels CS4
"{3C3901C5-3455-3E0A-A214-0B093A5070A6}" = Microsoft .NET Framework 4 Client Profile
"{3D2C9DE6-9ADE-4252-A241-E43723B0CE02}" = Adobe Color - Photoshop Specific CS4
"{3DA8DF9A-044E-46C4-8531-DEDBB0EE37FF}" = Adobe WinSoft Linguistics Plugin
"{3E18D88A-5067-324B-382C-9166D4388ED0}" = ccc-core-static
"{3FC7CBBC4C1E11DCA1A752EA55D89593}" = DivX Version Checker
"{411F3ABA-2AB5-4799-AA19-6ADF0A8F7424}" = Adobe Setup
"{42AF51C0-4028-46CF-B616-FB1F75286457}" = A.V.A
"{44E240EC-2224-4078-A88B-2CEE0D3016EF}" = Adobe After Effects CS4 Presets
"{45EC816C-0771-4C14-AE6D-72D1B578F4C8}" = Adobe After Effects CS4
"{4943EFF5-229F-435D-BEA9-BE3CAEA783A7}" = Adobe Service Manager Extension
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{4AA3D64E-9EC3-4B0F-AB91-5885AC55641F}" = Microsoft Games for Windows - LIVE
"{501451DE-5808-4599-B544-8BD0915B6B24}_is1" = FreeRIP v3.30
"{5570C7F0-43D0-4916-8A9E-AEDD52FA86F4}" = Adobe Color EU Extra Settings CS4
"{561968FD-56A1-49FD-9ED0-F55482C7C5BC}" = Adobe Media Encoder CS4 Exporter
"{57752979-A1C9-4C02-856B-FBB27AC4E02C}" = QuickTime
"{5B07D8FE-CC01-23CE-3961-751687074E54}" = Catalyst Control Center Graphics Previews Common
"{5C93E291-A1CC-4E51-85C6-E194209FCDB4}" = Zune Language Pack (PTG)
"{5EE7D259-D137-4438-9A5F-42F432EC0421}" = VC80CRTRedist - 8.0.50727.4053
"{60DB5894-B5A1-4B62-B0F3-669A22C0EE5D}" = Adobe Dynamiclink Support
"{61731A83-CD62-4A71-9C3E-892A4E2B3560}" = Max Runtime 5.1.3
"{63C24A08-70F3-4C8E-B9FB-9F21A903801D}" = Adobe Color Video Profiles CS CS4
"{63E5CDBF-8214-4F03-84F8-CD3CE48639AD}" = Adobe Photoshop CS4 Support
"{6740BCB0-5863-47F4-80F4-44F394DE4FE2}" = Zune Language Pack (NLD)
"{67A9747A-E1F5-4E9A-81CC-12B5D5B81B6E}" = Adobe After Effects CS4 Third Party Content
"{67F0E67A-8E93-4C2C-B29D-47C48262738A}" = Adobe Device Central CS4
"{6815FCDD-401D-481E-BA88-31B4754C2B46}" = Macromedia Flash Player 8
"{68243FF8-83CA-466B-B2B8-9F99DA5479C4}" = AdobeColorCommonSetCMYK
"{6956856F-B6B3-4BE0-BA0B-8F495BE32033}" = Apple Software Update
"{69FDFBB6-351D-4B8C-89D8-867DC9D0A2A4}" = Windows Media Player Firefox Plugin
"{6B33492E-FBBC-4EC3-8738-09E16E395A10}" = Zune Language Pack (ESP)
"{6BF04C63-EAC0-4F19-9E88-9A745493E7BF}" = IconPackager
"{6C1E7AA1-44E9-446D-AAB2-0DE6D9EFEAB1}" = Safari
"{6DE721A5-5E89-4D74-994C-652BB3C0672E}" = Pinnacle Video Driver
"{6F817DD0-D103-196F-5D63-365DC87B43EE}" = Catalyst Control Center HydraVision Full
"{7006ED29-58F2-40C3-AE87-039287AD20B6}" = Zune
"{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable
"{72DF62BD-FF36-424E-AA5F-D89BAFF2C249}" = RollerCoaster Tycoon 2
"{7B15D70E-9449-4CFB-B9BC-798465B2BD5C}" = Norton Internet Security
"{7E84FAC8-C518-40F9-9807-7455301D6D25}" = SamsungConnectivityCableDriver
"{8186FF34-D389-4B7E-9A2F-C197585BCFBD}" = Adobe Media Encoder CS4 Importer
"{820D3F45-F6EE-4AAF-81EF-CE21FF21D230}" = Adobe Type Support CS4
"{837b34e3-7c30-493c-8f6a-2b0f04e2912c}" = Microsoft Visual C++ 2005 Redistributable
"{83877DB1-8B77-45BC-AB43-2BAC22E093E0}" = Adobe Bridge CS4
"{842B4B72-9E8F-4962-B3C1-1C422A5C4434}" = Suite Shared Configuration CS4
"{853A4763-6643-4604-8D64-28BDD8925F4C}" = Apple Application Support
"{8833FFB6-5B0C-4764-81AA-06DFEED9A476}" = Realtek 8169 8168 8101E 8102E Ethernet Driver
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8D7133DE-27D2-47E5-B248-4180278D32AA}" = Catalyst Control Center - Branding
"{901DC58A-5C1B-4315-BA40-5AD3D3A463B9}" = ijji REACTOR
"{931AB7EA-3656-4BB7-864D-022B09E3DD67}" = Adobe Linguistics CS4
"{94D398EB-D2FD-4FD1-B8C4-592635E8A191}" = Adobe CMaps CS4
"{95120000-00B9-0409-0000-0000000FF1CE}" = Microsoft Application Error Reporting
"{981029E0-7FC9-4CF3-AB39-6F133621921A}" = Skype Toolbars
"{9870C7AE-7C6A-478D-9A75-35827382220F}" = Pinnacle Systems USB-2 Device Drivers
"{9903001D-2728-9D9B-3D8B-F593A502A972}" = Catalyst Control Center InstallProxy
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{9E1BAB75-EB78-440D-94C0-A3857BE2E733}" = System Requirements Lab
"{A20DF6AC-0300-45E2-8152-7D677E4E8CF5}" = HotFile AutoDownloader
"{A2BCA9F1-566C-4805-97D1-7FDC93386723}" = Adobe AIR
"{A71D5E81-B967-43DB-93D7-FD31BFB95748}" = MobileMe Control Panel
"{A7A34FC9-DF24-4A36-00AD-D4EFE94CC116}" = SimCity 4 Deluxe
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{AC599724-5755-48C1-ABE7-ABB857652930}" = PC Connectivity Solution
"{AC76BA86-7AD7-1033-7B44-A93000000001}" = Adobe Reader 9.3
"{AC76BA86-7AD7-5464-3428-900000000004}" = Spelling Dictionaries Support For Adobe Reader 9
"{AD91D676-ABD7-4E41-A321-2D7F93376BC0}_is1" = Zuse version 1.9.7.1
"{B05DE7B7-0B40-4411-BD4B-222CAE2D8F15}" = Adobe MotionPicture Color Files CS4
"{B13A7C41581B411290FBC0395694E2A9}" = DivX Converter
"{B15381DD-FF97-4FCD-A881-ED4DB0975500}" = Adobe Color Video Profiles AE CS4
"{B29AD377-CC12-490A-A480-1452337C618D}" = Connect
"{B4092C6D-E886-4CB2-BA68-FE5A88D31DE6}_is1" = Spybot - Search & Destroy
"{B535DA73-AAD1-51E8-9232-9358D2A20E9B}" = Catalyst Control Center Graphics Full Existing
"{B65BA85C-0A27-4BC0-A22D-A66F0E5B9494}" = Adobe Photoshop CS4
"{BB4E33EC-8181-4685-96F7-8554293DEC6A}" = Adobe Output Module
"{BE236D9A-52EC-4A17-82DA-84B5EAD31E3E}" = Zune Language Pack (DEU)
"{C05D8CDB-417D-4335-A38C-A0659EDFD6B8}" = The Sims™ 3
"{C1212AE3-DBB9-4365-8473-F8ABC7B06BBB}" = Pinnacle Instant DVD Recorder
"{C2E4B5BD-32DB-4817-A060-341AB17C3F90}" = Bonjour
"{C4E2A4A7-B623-40CB-8EEA-72F577E49D56}" = Vampire - The Masquerade Bloodlines
"{C52E3EC1-048C-45E1-8D53-10B0C6509683}" = Adobe Default Language CS4
"{C5D37FFA-7483-410B-982B-91E93FD3B7DA}" = Zune Language Pack (ITA)
"{C68D33B1-0204-4EBE-BC45-A6E432B1D13A}" = Zune Language Pack (FRA)
"{C91BC5DF-C6BD-388B-FEB8-2721B9D5C97B}" = Catalyst Control Center Core Implementation
"{CACAEB5F-174D-4C7C-AC56-A33289A807CA}" = Apple Mobile Device Support
"{CC75AB5C-2110-4A7F-AF52-708680D22FE8}" = Photoshop Camera Raw
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{D103C4BA-F905-437A-8049-DB24763BBE36}" = Skype™ 4.2
"{D575E1CA-56BB-2944-744E-E7CD1EDB9C82}" = Catalyst Control Center Graphics Full New
"{D5A9DA4B-E4F9-FB49-017D-769FC540F1F0}" = EA Download Manager UI
"{D6AAE701-6EA9-FAA1-AB38-227AA94531A1}" = Catalyst Control Center Graphics Light
"{D8508208-4591-2964-3DDB-16A4BE871230}" = ccc-utility
"{DEA314C4-0929-4250-BC92-98E4C105F28D}" = NVIDIA PhysX
"{E2883E8F-472F-4fb0-9522-AC9BF37916A7}" = Adobe Download Manager
"{E3E71D07-CD27-46CB-8448-16D4FB29AA13}" = Microsoft WSE 3.0 Runtime
"{E4848436-0345-47E2-B648-8B522FCDA623}" = Adobe Photoshop CS4
"{E8AEA11B-E60A-455E-B008-E4E763604612}" = Browser Configuration Utility
"{EBD4B79B-C827-4D75-AA98-E352DF216DCF}" = Half-Life 2 Update
"{F0E64E2E-3A60-40D8-A55D-92F6831875DA}" = Adobe Search for Help
"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
"{F193FC0E-9E18-40FC-A974-509A1BDD240A}" = Samsung New PC Studio
"{F751C062-87DA-4D33-8A12-6E7F1D4C051C}" = Netflix in Windows Media Center
"{F8EF2B3F-C345-4F20-8FE4-791A20333CD5}" = Adobe ExtendScript Toolkit CS4
"{F93C84A6-0DC6-42AF-89FA-776F7C377353}" = Adobe PDF Library Files CS4
"{FCDD51BB-CAD0-4BB1-B7DF-CE86D1032794}" = Adobe Fonts All
"{FD052FB9-FE90-4438-B355-15EDC89D8FB1}" = Microsoft Games for Windows - LIVE Redistributable
"{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022
"3A5DEFA413DDE699DBA6EBE0A63534ACA524D30F" = Windows Driver Package - Nokia pccsmcfd (10/12/2007 6.85.4.0)
"7-Zip" = 7-Zip 9.20
"Adobe AIR" = Adobe AIR
"Adobe Flash Player ActiveX" = Adobe Flash Player ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin
"Adobe_3dcb365ab9e01871fb8c6f27b0ea079" = Adobe After Effects CS4
"Adobe_faf656ef605427ee2f42989c3ad31b8" = Adobe Photoshop CS4
"AMCap" = AMCap
"AOL® Instant Messenger™" = AOL® Instant Messenger™
"APB North America" = APB North America
"ASIO4ALL" = ASIO4ALL
"Audacity_is1" = Audacity 1.2.6
"avast" = avast! Free Antivirus
"CCleaner" = CCleaner
"com.adobe.amp.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1" = Adobe Media Player
"com.ea.Vault.919CACB699904AC5D41B606703500DD39747C02D.1" = EA Download Manager UI
"DivX Plus DirectShow Filters" = DivX Plus DirectShow Filters
"DivX Setup.divx.com" = DivX Setup
"EA Download Manager" = EA Download Manager
"EphPod" = EphPod
"FL Studio 9" = FL Studio 9
"FLV Player" = FLV Player 2.0 (build 25)
"FrostWire" = FrostWire 4.21.1
"GMailFS" = GMail Drive Shell Extension
"Hardcore" = Hardcore
"HDMI" = Intel® Graphics Media Accelerator Driver
"Hospital" = Theme Hospital
"HUFFYUV" = Huffyuv AVI lossless video codec (Remove Only)
"IconPackager" = IconPackager
"IL Download Manager" = IL Download Manager
"InstallShield_{064DC64E-7A2F-4FDF-B598-E3C0747BBB9C}" = Call of Duty® - World at War™ 1.6 Patch
"InstallShield_{C4E2A4A7-B623-40CB-8EEA-72F577E49D56}" = Vampire - The Masquerade Bloodlines
"InstallShield_{F193FC0E-9E18-40FC-A974-509A1BDD240A}" = Samsung New PC Studio
"KLiteCodecPack_is1" = K-Lite Mega Codec Pack 5.6.1
"LastFM_is1" = Last.fm 1.5.4.27091
"LimeWire" = LimeWire 5.3.6
"LoopBe1" = LoopBe1 - Internal MIDI Port
"Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware
"McAfee Security Scan" = McAfee Security Scan Plus
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"Microsoft .NET Framework 4 Extended" = Microsoft .NET Framework 4 Extended
"MixMeister BPM Analyzer_is1" = MixMeister BPM Analyzer 1.0
"Mozilla Firefox 4.0.1 (x86 en-US)" = Mozilla Firefox 4.0.1 (x86 en-US)
"NSS" = Norton Security Scan
"OpenAL" = OpenAL
"Out of the Park Baseball11" = Out of the Park Baseball 11
"PoiZone" = PoiZone
"Prism" = Prism Video Converter
"PunkBusterSvc" = PunkBuster Services
"QcDrv" = Logitech® Camera Driver
"Rainmeter" = Rainmeter (remove only)
"Raptr" = Raptr
"REAPER" = REAPER
"Replay Video Capture4.2" = Replay Video Capture
"Rockstar Glow" = Rockstar Glow Screen Saver
"Rockstar Light and Shadow" = Rockstar Light and Shadow Screen Saver
"Sakura" = Sakura
"SAMSUNG Mobile Composite Device" = SAMSUNG Mobile Composite Device Software
"SAMSUNG Mobile Modem" = SAMSUNG Mobile Modem Driver Set
"Samsung Mobile phone USB driver" = Samsung Mobile phone USB driver Software
"SAMSUNG Mobile USB Modem" = SAMSUNG Mobile USB Modem Software
"SAMSUNG Mobile USB Modem 1.0" = SAMSUNG Mobile USB Modem 1.0 Software
"Sawer" = Sawer
"StarCraft" = StarCraft
"Steam App 18500" = Defense Grid: The Awakening
"Steam App 400" = Portal
"Steam App 40800" = Super Meat Boy
"Steam App 4500" = S.T.A.L.K.E.R.: Shadow of Chernobyl
"Steam App 550" = Left 4 Dead 2
"Steam App 564" = Left 4 Dead 2 Add-on Support
"Steam App 57300" = Amnesia: The Dark Descent
"Steam App 620" = Portal 2
"Steam App 630" = Alien Swarm
"Toxic Biohazard" = Toxic Biohazard
"Tropico3" = Tropico 3 1.00
"TurboFire Controller Customizer_is1" = TurboFire Controller Customizer
"TVWiz" = Intel® TV Wizard
"Veetle TV" = Veetle TV 0.9.17
"ViewpointMediaPlayer" = Viewpoint Media Player (Remove Only)
"WinRAR archiver" = WinRAR archiver
"Xfire" = Xfire (remove only)
"Xvid_is1" = Xvid 1.2.2 final uninstall
"Zune" = Zune
"Zuse" = Zuse

========== HKEY_USERS Uninstall List ==========

[HKEY_USERS\S-1-5-21-2424540610-1425839361-1836360759-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"Dropbox" = Dropbox
"UnityWebPlayer" = Unity Web Player

========== Last 10 Event Log Errors ==========

[ Antivirus Events ]
Error - 12/20/2009 3:00:00 AM | Computer Name = Mazzocchi-PC | Source = avast! | ID = 33554522
Description =

[ Application Events ]
Error - 5/6/2011 12:43:07 AM | Computer Name = Mazzocchi-PC | Source = LoadPerf | ID = 3011
Description =

Error - 5/8/2011 7:07:07 PM | Computer Name = Mazzocchi-PC | Source = Perflib | ID = 1008
Description =

Error - 5/8/2011 7:07:07 PM | Computer Name = Mazzocchi-PC | Source = Perflib | ID = 1010
Description =

Error - 5/8/2011 7:07:07 PM | Computer Name = Mazzocchi-PC | Source = Perflib | ID = 1008
Description =

Error - 5/9/2011 10:02:19 PM | Computer Name = Mazzocchi-PC | Source = Perflib | ID = 1008
Description =

Error - 5/9/2011 10:02:19 PM | Computer Name = Mazzocchi-PC | Source = Perflib | ID = 1010
Description =

Error - 5/11/2011 3:31:53 AM | Computer Name = Mazzocchi-PC | Source = ZuneDriver | ID = 80837
Description =

Error - 5/11/2011 3:32:26 AM | Computer Name = Mazzocchi-PC | Source = ZuneDriver | ID = 80837
Description =

Error - 5/11/2011 3:32:59 AM | Computer Name = Mazzocchi-PC | Source = ZuneDriver | ID = 80837
Description =

Error - 5/11/2011 3:33:50 AM | Computer Name = Mazzocchi-PC | Source = ZuneDriver | ID = 80837
Description =

[ Media Center Events ]
Error - 6/20/2010 3:36:37 PM | Computer Name = Mazzocchi-PC | Source = McrMgr | ID = 109
Description =

Error - 6/20/2010 3:37:04 PM | Computer Name = Mazzocchi-PC | Source = Mcx2Svc | ID = 301
Description =

Error - 6/20/2010 3:37:26 PM | Computer Name = Mazzocchi-PC | Source = Media Center Guide | ID = 0
Description = Event Info: ERROR: SqmApiWrapper.SqmFlushSession failed; Win32 GetLastError
returned 0D Process: DefaultDomain Object Name: Media Center Guide

Error - 1/3/2011 3:08:14 AM | Computer Name = Mazzocchi-PC | Source = McrMgr | ID = 107
Description =

Error - 1/3/2011 3:11:04 AM | Computer Name = Mazzocchi-PC | Source = McrMgr | ID = 107
Description =

Error - 1/3/2011 3:17:29 AM | Computer Name = Mazzocchi-PC | Source = Media Center Guide | ID = 0
Description = Event Info: ERROR: SqmApiWrapper.TimerRecord failed; Win32 GetLastError
returned 10000105 Process: DefaultDomain Object Name: Media Center Guide

Error - 1/3/2011 3:17:59 AM | Computer Name = Mazzocchi-PC | Source = McrMgr | ID = 107
Description =

Error - 1/3/2011 3:20:02 AM | Computer Name = Mazzocchi-PC | Source = McrMgr | ID = 107
Description =

Error - 1/4/2011 6:57:06 PM | Computer Name = Mazzocchi-PC | Source = McrMgr | ID = 107
Description =

Error - 4/7/2011 3:05:30 PM | Computer Name = Mazzocchi-PC | Source = MCUpdate | ID = 0
Description = DownloadPackgeTask.SubTasksComplete: failed downloading package SportsSchedule.

[ System Events ]
Error - 3/12/2010 2:26:08 AM | Computer Name = Mazzocchi-PC | Source = DCOM | ID = 10010
Description =

Error - 3/12/2010 1:36:42 PM | Computer Name = Mazzocchi-PC | Source = Service Control Manager | ID = 7009
Description =

Error - 3/12/2010 1:36:42 PM | Computer Name = Mazzocchi-PC | Source = Service Control Manager | ID = 7000
Description =

Error - 3/12/2010 1:36:42 PM | Computer Name = Mazzocchi-PC | Source = Service Control Manager | ID = 7000
Description =

Error - 3/12/2010 1:36:42 PM | Computer Name = Mazzocchi-PC | Source = Service Control Manager | ID = 7026
Description =

Error - 3/15/2010 1:30:00 PM | Computer Name = Mazzocchi-PC | Source = EventLog | ID = 6008
Description = The previous system shutdown at 6:17:02 PM on 3/13/2010 was unexpected.

Error - 3/16/2010 8:08:52 AM | Computer Name = Mazzocchi-PC | Source = Service Control Manager | ID = 7009
Description =

Error - 3/16/2010 8:08:52 AM | Computer Name = Mazzocchi-PC | Source = Service Control Manager | ID = 7000
Description =

Error - 3/16/2010 8:08:52 AM | Computer Name = Mazzocchi-PC | Source = Service Control Manager | ID = 7000
Description =

Error - 3/16/2010 8:08:52 AM | Computer Name = Mazzocchi-PC | Source = Service Control Manager | ID = 7026
Description =


< End of report >



#4 SweetTech

SweetTech

    Agent ST


  • Members
  • 13,421 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Antarctica
  • Local time:11:54 PM

Posted 13 May 2011 - 08:15 AM

Hi!

The main infection that you were infected with is called TDL4.

See the snippet of text below:

2011/05/12 22:24:09.0269 5016 Detected object count: 2
2011/05/12 22:24:50.0992 5016 \HardDisk0 (Rootkit.Win32.TDSS.tdl4) - will be cured after reboot
2011/05/12 22:24:51.0017 5016 \HardDisk0 (Trojan-Clicker.Win32.Wistler.a) - will be cured after reboot
2011/05/12 22:24:51.0017 5016 \HardDisk0 - ok
2011/05/12 22:24:51.0018 5016 Rootkit.Win32.TDSS.tdl4(\HardDisk0) - User select action: Cure
2011/05/12 22:24:51.0021 5016 \HardDisk1 - processing error
2011/05/12 22:25:00.0712 5016 \HardDisk1 - will be restored after reboot
2011/05/12 22:25:00.0712 5016 Trojan-Clicker.Win32.Wistler.a(\HardDisk1) - User select action: Cure Restore
2011/05/12 22:25:26.0102 4996 Deinitialize success


You can read more about this infection here:

Special thanks to quietman7 for providing the above links.



NEXT:



Disable SpyBot TeaTimer
We need to disable Spybot S&D's "TeaTimer"
TeaTimer works by preventing ANY changes to the system. It will attempt to undo any fixes we run, because it blocks these fixes from running.

In order to safeguard your system from problems that can be brought on by a half finished fix, we need to disable TeaTimer. We can reenable it when we're done if you like.
  • Open SpyBot Search and Destroy by going to Start -> All Programs -> Spybot Search and Destroy -> Spybot Search and Destroy.
  • If prompted with a legal dialog, accept the warning.
  • Click Posted Image and then on "Advanced Mode"
    Posted Image
  • You may be presented with a warning dialog. If so, press Posted Image
  • Click on Posted Image
  • Click on Posted Image
  • Uncheck this checkbox:
    Posted Image
  • Close/Exit Spybot Search and Destroy


NEXT:



Did you set these proxies in Firefox?

FF - prefs.js..network.proxy.ftp: "195.175.37.6"
FF - prefs.js..network.proxy.ftp_port: 8080
FF - prefs.js..network.proxy.gopher: "195.175.37.6"
FF - prefs.js..network.proxy.gopher_port: 8080
FF - prefs.js..network.proxy.http: "195.175.37.6"
FF - prefs.js..network.proxy.http_port: 8080
FF - prefs.js..network.proxy.share_proxy_settings: true
FF - prefs.js..network.proxy.socks: "195.175.37.6"
FF - prefs.js..network.proxy.socks_port: 8080
FF - prefs.js..network.proxy.ssl: "195.175.37.6"
FF - prefs.js..network.proxy.ssl_port: 8080

Do you recognize these files?

[2011/05/09 18:15:42 | 575,126,254 | ---- | M] () -- C:\Users\Mazzocchi\Desktop\bmf8044500k.wmv
[2011/05/09 18:15:34 | 486,303,397 | ---- | M] () -- C:\Users\Mazzocchi\Desktop\ap7970500k.wmv
[2011/05/08 22:38:56 | 378,990,704 | ---- | M] () -- C:\Users\Mazzocchi\Desktop\bmf3265500k.wmv
[2011/05/08 22:20:14 | 320,110,396 | ---- | M] () -- C:\Users\Mazzocchi\Desktop\bkb8144500k.wmv
[2011/05/08 04:43:40 | 583,360,267 | ---- | M] () -- C:\Users\Mazzocchi\Desktop\ms8224500k.wmv
[2011/05/06 00:08:39 | 1034,276,864 | ---- | C] () -- C:\Users\Mazzocchi\Desktop\299A54C762324762AF7FF7A5D1F087E1FE0C92C841
[2011/05/05 20:13:40 | 677,715,968 | ---- | C] () -- C:\Users\Mazzocchi\Desktop\BB4A4BD7FDB7667E4A9581308556A51A26687C8D41




NEXT:


OTL Fix

We need to run an OTL Fix
  • Please reopen Posted Image on your desktop.
  • Copy and Paste the following code into the Posted Image textbox.
    :Services
    :OTL
    SRV - File not found [Auto | Stopped] -- -- (Norton Internet Security)
    IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 1
    IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyServer" = http=127.0.0.1:18810
    IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 1
    IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyServer" = http=127.0.0.1:18810
    O4 - HKLM..\Run: [NPSStartup] File not found
    O4 - HKU\.DEFAULT..\Run: [tfeqgccb] File not found
    O4 - HKU\S-1-5-18..\Run: [tfeqgccb] File not found
    O4 - HKU\S-1-5-21-2424540610-1425839361-1836360759-1000..\Run: [AdobeBridge] File not found
    O33 - MountPoints2\{21db1025-16e5-11e0-bffb-00241d8d5cfc}\Shell - "" = AutoRun
    O33 - MountPoints2\{21db1025-16e5-11e0-bffb-00241d8d5cfc}\Shell\AutoRun\command - "" = L:\LaunchU3.exe -a
    O33 - MountPoints2\{2237c516-cc26-11de-9ffd-00241d8d5cfc}\Shell - "" = AutoRun
    O33 - MountPoints2\{2237c516-cc26-11de-9ffd-00241d8d5cfc}\Shell\AutoRun\command - "" = K:\Autorun.exe
    O33 - MountPoints2\{35fb614e-0521-11df-b87b-00241d8d5cfc}\Shell - "" = AutoRun
    O33 - MountPoints2\{35fb614e-0521-11df-b87b-00241d8d5cfc}\Shell\AutoRun\command - "" = L:\MI.exe
    O33 - MountPoints2\L\Shell - "" = AutoRun
    O33 - MountPoints2\L\Shell\AutoRun\command - "" = L:\LaunchU3.exe -a
    O36 - AppCertDlls: AtBrfrag - (C:\Windows\system32\choirver.dll) - File not found
    [2011/04/25 17:34:52 | 000,000,000 | ---D | C] -- C:\Users\Mazzocchi\AppData\Roaming\Ulbiet
    [2011/04/25 17:34:52 | 000,000,000 | ---D | C] -- C:\Users\Mazzocchi\AppData\Roaming\Ixwiq
    [1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]
    [2011/05/12 22:29:35 | 000,000,312 | -HS- | M] () -- C:\Windows\tasks\Hcbmziipsw.job
    [2011/04/28 00:21:37 | 000,054,016 | ---- | M] () -- C:\Windows\System32\drivers\rpooqw.sys
    [2011/04/26 02:07:13 | 000,009,434 | -HS- | M] () -- C:\ProgramData\0502ev3eo777mv3eog47jbb63500rrc0q30
    [2011/04/26 02:07:12 | 000,009,434 | -HS- | M] () -- C:\Users\Mazzocchi\AppData\Local\0502ev3eo777mv3eog47jbb63500rrc0q30
    [2011/04/25 14:34:45 | 000,093,184 | RHS- | M] () -- C:\Windows\System32\kdusba.dll
    [1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]
    [2011/05/06 00:08:39 | 1034,276,864 | ---- | C] () -- C:\Users\Mazzocchi\Desktop\299A54C762324762AF7FF7A5D1F087E1FE0C92C841
    [2011/04/28 00:21:37 | 000,054,016 | ---- | C] () -- C:\Windows\System32\drivers\rpooqw.sys
    [2011/04/25 16:02:36 | 000,009,434 | -HS- | C] () -- C:\Users\Mazzocchi\AppData\Local\0502ev3eo777mv3eog47jbb63500rrc0q30
    [2011/04/25 16:02:36 | 000,009,434 | -HS- | C] () -- C:\ProgramData\0502ev3eo777mv3eog47jbb63500rrc0q30
    [2011/04/25 14:34:46 | 000,000,312 | -HS- | C] () -- C:\Windows\tasks\Hcbmziipsw.job
    [2011/04/25 14:34:45 | 000,093,184 | RHS- | C] () -- C:\Windows\System32\kdusba.dll
    
    :Reg
    
    :Files
    ipconfig /flushdns /c
    :Commands
    [purity]
    [resethosts]
    [CreateRestorePoint]
    [emptytemp]
    [EMPTYFLASH]
    
  • Push Posted Image
  • OTL may ask to reboot the machine. Please do so if asked.
  • Click the OK button.
  • A report will open. Copy and Paste that report in your next reply.
  • If the machine reboots, the log will be located at C:\_OTL\MovedFiles\mmddyyyy_hhmmss.log, where mmddyyyy_hhmmss is the date of the tool run.


NEXT:



Running ComboFix
Download Combofix from either of the links below, and save it to your desktop.

Link 1
Link 2

**Note: It is important that it is saved directly to your desktop**

--------------------------------------------------------------------
IMPORTANT - Disable your AntiVirus and AntiSpyware applications, usually via a right click on the System Tray icon. They may otherwise interfere with our tools. If you have difficulty properly disabling your protective programs, refer to this link here

Note: If AVG or CA Internet Security Suite is installed, you must remove these programs before using Combofix. If for some reason these applications will not uninstall, try uninstalling with AppRemover by Opswat.
--------------------------------------------------------------------

Double click on ComboFix.exe & follow the prompts.
  • When finished, it will produce a report for you.
  • Please post the C:\ComboFix.txt for further review.

Have I helped you? If you'd like to assist in the fight against malware, click here Posted Image


The instructions seen in this post have been specifically tailored to this user and the issues they are experiencing with their computer. If you think you have a similar problem, please first read this topic, and then begin your own, new thread. I do not offer private support via Private Message.


#5 Mazzocchi

Mazzocchi
  • Topic Starter

  • Members
  • 13 posts
  • OFFLINE
  •  
  • Local time:11:54 PM

Posted 13 May 2011 - 02:12 PM

All processes killed
========== SERVICES/DRIVERS ==========
========== OTL ==========
Service Norton Internet Security stopped successfully!
Service Norton Internet Security deleted successfully!
HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings\\ProxyEnable|dword:0 /E : value set successfully!
HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings\\ProxyServer| /E : value set successfully!
HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings\\ProxyEnable|dword:0 /E : value set successfully!
HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings\\ProxyServer| /E : value set successfully!
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\\NPSStartup deleted successfully.
Registry value HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run\\tfeqgccb deleted successfully.
Registry value HKEY_USERS\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Run\\tfeqgccb not found.
Registry value HKEY_USERS\S-1-5-21-2424540610-1425839361-1836360759-1000\Software\Microsoft\Windows\CurrentVersion\Run\\AdobeBridge deleted successfully.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{21db1025-16e5-11e0-bffb-00241d8d5cfc}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{21db1025-16e5-11e0-bffb-00241d8d5cfc}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{21db1025-16e5-11e0-bffb-00241d8d5cfc}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{21db1025-16e5-11e0-bffb-00241d8d5cfc}\ not found.
File L:\LaunchU3.exe -a not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{2237c516-cc26-11de-9ffd-00241d8d5cfc}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{2237c516-cc26-11de-9ffd-00241d8d5cfc}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{2237c516-cc26-11de-9ffd-00241d8d5cfc}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{2237c516-cc26-11de-9ffd-00241d8d5cfc}\ not found.
File K:\Autorun.exe not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{35fb614e-0521-11df-b87b-00241d8d5cfc}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{35fb614e-0521-11df-b87b-00241d8d5cfc}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{35fb614e-0521-11df-b87b-00241d8d5cfc}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{35fb614e-0521-11df-b87b-00241d8d5cfc}\ not found.
File L:\MI.exe not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\L\ deleted successfully.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\L\ not found.
File L:\LaunchU3.exe -a not found.
Registry value HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Session Manager\AppCertDlls\\AtBrfrag deleted successfully.
C:\Users\Mazzocchi\AppData\Roaming\Ulbiet folder moved successfully.
C:\Users\Mazzocchi\AppData\Roaming\Ixwiq folder moved successfully.
C:\Windows\msdownld.tmp folder deleted successfully.
C:\Windows\Tasks\Hcbmziipsw.job moved successfully.
C:\Windows\System32\drivers\rpooqw.sys moved successfully.
C:\ProgramData\0502ev3eo777mv3eog47jbb63500rrc0q30 moved successfully.
C:\Users\Mazzocchi\AppData\Local\0502ev3eo777mv3eog47jbb63500rrc0q30 moved successfully.
C:\Windows\System32\kdusba.dll moved successfully.
C:\Users\Mazzocchi\Desktop\299A54C762324762AF7FF7A5D1F087E1FE0C92C841 moved successfully.
File C:\Windows\System32\drivers\rpooqw.sys not found.
File C:\Users\Mazzocchi\AppData\Local\0502ev3eo777mv3eog47jbb63500rrc0q30 not found.
File C:\ProgramData\0502ev3eo777mv3eog47jbb63500rrc0q30 not found.
File C:\Windows\tasks\Hcbmziipsw.job not found.
File C:\Windows\System32\kdusba.dll not found.
========== REGISTRY ==========
========== FILES ==========
< ipconfig /flushdns /c >
Windows IP Configuration
Successfully flushed the DNS Resolver Cache.
C:\Users\Mazzocchi\Desktop\cmd.bat deleted successfully.
C:\Users\Mazzocchi\Desktop\cmd.txt deleted successfully.
========== COMMANDS ==========
HOSTS file reset successfully


[EMPTYTEMP]

User: All Users

User: Default
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->Flash cache emptied: 41620 bytes

User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->Flash cache emptied: 0 bytes

User: Mazzocchi
->Temp folder emptied: 13426203 bytes
->Temporary Internet Files folder emptied: 3921341 bytes
->Java cache emptied: 67087455 bytes
->FireFox cache emptied: 54866697 bytes
->Google Chrome cache emptied: 0 bytes
->Flash cache emptied: 12787 bytes

User: Mcx1
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 129327 bytes

User: Mcx2
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 146215 bytes
->Flash cache emptied: 41620 bytes

User: Mcx3
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 68205 bytes
->Flash cache emptied: 41620 bytes

User: Public

%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 777678 bytes
RecycleBin emptied: 1851893229 bytes

Total Files Cleaned = 1,900.00 mb


[EMPTYFLASH]

User: All Users

User: Default
->Flash cache emptied: 0 bytes

User: Default User
->Flash cache emptied: 0 bytes

User: Mazzocchi
->Flash cache emptied: 0 bytes

User: Mcx1

User: Mcx2
->Flash cache emptied: 0 bytes

User: Mcx3
->Flash cache emptied: 0 bytes

User: Public

Total Flash Files Cleaned = 0.00 mb


OTL by OldTimer - Version 3.2.22.3 log created on 05132011_141025

Files\Folders moved on Reboot...
File move failed. C:\Windows\temp\_avast_\Webshlock.txt scheduled to be moved on reboot.

Registry entries deleted on Reboot...

ComboFix 11-05-12.04 - Mazzocchi 05/13/2011 14:51:17.1.4 - x86
Microsoft® Windows Vista™ Home Premium 6.0.6000.0.1252.1.1033.18.3326.2147 [GMT -4:00]
Running from: c:\users\Mazzocchi\Desktop\ComboFix.exe
* Created a new restore point
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
C:\install.exe
c:\program files\UNWISE.EXE
c:\programdata\Microsoft\Windows\Start Menu\E-Set 2011
c:\programdata\Microsoft\Windows\Start Menu\E-Set 2011\E-Set Antivirus 2011.lnk
c:\programdata\Microsoft\Windows\Start Menu\E-Set 2011\Uninstall.lnk
c:\users\Mazzocchi\AppData\Roaming\Adobe\plugs
c:\users\Mazzocchi\AppData\Roaming\Adobe\shed
.
.
\\.\PhysicalDrive0 - Bootkit TDL4 was found and disinfected
.
((((((((((((((((((((((((( Files Created from 2011-04-13 to 2011-05-13 )))))))))))))))))))))))))))))))
.
.
2011-05-13 19:06 . 2011-05-13 19:06 -------- d-----w- c:\users\Mazzocchi\AppData\Local\temp
2011-05-13 19:06 . 2011-05-13 19:06 -------- d-----w- c:\users\Mcx3\AppData\Local\temp
2011-05-13 19:06 . 2011-05-13 19:06 -------- d-----w- c:\users\Mcx2\AppData\Local\temp
2011-05-13 18:40 . 2011-05-13 18:41 -------- d-----w- C:\32788R22FWJFW
2011-05-13 15:45 . 2011-05-13 15:45 -------- d-----w- C:\_OTL
2011-05-10 22:55 . 2011-05-10 12:03 441176 ----a-w- c:\windows\system32\drivers\aswSnx.sys
2011-05-10 22:55 . 2011-05-10 12:10 40112 ----a-w- c:\windows\avastSS.scr
2011-05-05 20:05 . 2011-05-05 20:05 89048 ----a-w- c:\program files\Mozilla Firefox\libEGL.dll
2011-05-05 20:05 . 2011-05-05 20:05 781272 ----a-w- c:\program files\Mozilla Firefox\mozsqlite3.dll
2011-05-05 20:05 . 2011-05-05 20:05 465880 ----a-w- c:\program files\Mozilla Firefox\libGLESv2.dll
2011-05-05 20:05 . 2011-05-05 20:05 1874904 ----a-w- c:\program files\Mozilla Firefox\mozjs.dll
2011-05-05 20:05 . 2011-05-05 20:05 15832 ----a-w- c:\program files\Mozilla Firefox\mozalloc.dll
2011-05-05 20:05 . 2011-05-05 20:05 1974616 ----a-w- c:\program files\Mozilla Firefox\D3DCompiler_42.dll
2011-05-05 20:05 . 2011-05-05 20:05 1892184 ----a-w- c:\program files\Mozilla Firefox\d3dx9_42.dll
2011-05-05 20:05 . 2011-05-05 20:05 142296 ----a-w- c:\program files\Mozilla Firefox\components\browsercomps.dll
2011-04-26 02:23 . 2011-04-26 02:23 -------- d-----w- c:\users\Mazzocchi\AppData\Roaming\Malwarebytes
2011-04-26 02:23 . 2011-04-26 02:23 -------- d-----w- c:\programdata\Malwarebytes
2011-04-26 02:23 . 2010-12-20 22:09 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2011-04-26 02:22 . 2011-04-26 02:23 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2011-04-26 02:22 . 2010-12-20 22:08 20952 ----a-w- c:\windows\system32\drivers\mbam.sys
2011-04-26 02:17 . 2011-04-26 02:18 -------- d-----w- c:\users\Mazzocchi\AppData\Roaming\U3
2011-04-25 16:57 . 2011-04-25 16:57 -------- d-----w- C:\age
2011-04-25 16:46 . 2011-04-25 16:47 -------- dc-h--w- c:\programdata\{B98A2B83-8BB0-42E7-AA1D-D6FA6E7C8F31}
2011-04-25 16:46 . 2011-04-25 16:46 -------- d-----w- c:\program files\Stardock
2011-04-19 00:42 . 2011-04-19 00:42 -------- d-----w- c:\program files\PuTTY
2011-04-18 23:19 . 2011-04-18 23:19 -------- d-----w- c:\program files\iPod
2011-04-18 23:17 . 2011-04-18 23:17 -------- d-----w- c:\program files\Bonjour
2011-04-15 02:25 . 1998-10-29 20:45 306688 ----a-w- c:\windows\IsUninst.exe
2011-04-14 09:17 . 2011-04-14 09:18 -------- d-----w- C:\hegames
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2011-05-10 12:10 . 2009-11-07 20:54 199304 ----a-w- c:\windows\system32\aswBoot.exe
2011-05-10 12:03 . 2009-11-07 20:54 307928 ----a-w- c:\windows\system32\drivers\aswSP.sys
2011-05-10 12:02 . 2009-11-07 20:54 49240 ----a-w- c:\windows\system32\drivers\aswTdi.sys
2011-05-10 11:59 . 2009-11-07 20:54 25432 ----a-w- c:\windows\system32\drivers\aswRdr.sys
2011-05-10 11:59 . 2009-11-07 20:54 53592 ----a-w- c:\windows\system32\drivers\aswMonFlt.sys
2011-05-10 11:59 . 2009-11-07 20:54 19544 ----a-w- c:\windows\system32\drivers\aswFsBlk.sys
2011-04-25 17:50 . 2006-11-02 07:26 15819776 ----a-w- c:\windows\system32\imageres.dll
2011-04-13 04:22 . 2011-04-13 04:22 444952 ----a-w- c:\windows\system32\wrap_oal.dll
2011-04-13 04:22 . 2011-04-13 04:22 109080 ----a-w- c:\windows\system32\OpenAL32.dll
2011-04-08 15:46 . 2011-04-08 15:46 679936 ----a-w- c:\windows\system32\Rock7077.scr
2011-04-06 20:20 . 2011-04-06 20:20 91424 ----a-w- c:\windows\system32\dnssd.dll
2011-04-06 20:20 . 2011-04-06 20:20 107808 ----a-w- c:\windows\system32\dns-sd.exe
2011-04-02 01:07 . 2011-04-02 01:07 45056 ----a-r- c:\users\Mazzocchi\AppData\Roaming\Microsoft\Installer\{6815FCDD-401D-481E-BA88-31B4754C2B46}\ARPPRODUCTICON.exe
2011-02-18 21:36 . 2011-02-18 21:36 41984 ----a-w- c:\windows\system32\drivers\usbaapl.sys
2011-02-18 21:36 . 2011-02-18 21:36 4184352 ----a-w- c:\windows\system32\usbaaplrc.dll
2011-05-05 20:05 . 2011-05-05 20:05 142296 ----a-w- c:\program files\mozilla firefox\components\browsercomps.dll
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\00avast]
@="{472083B0-C522-11CF-8763-00608CC02F24}"
[HKEY_CLASSES_ROOT\CLSID\{472083B0-C522-11CF-8763-00608CC02F24}]
2011-05-10 12:10 122512 ----a-w- c:\program files\Alwil Software\Avast5\ashShell.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt1]
@="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}]
2009-12-09 01:19 94208 ----a-w- c:\users\Mazzocchi\AppData\Roaming\Dropbox\bin\DropboxExt.13.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt2]
@="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}]
2009-12-09 01:19 94208 ----a-w- c:\users\Mazzocchi\AppData\Roaming\Dropbox\bin\DropboxExt.13.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt3]
@="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}]
2009-12-09 01:19 94208 ----a-w- c:\users\Mazzocchi\AppData\Roaming\Dropbox\bin\DropboxExt.13.dll
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Steam"="c:\program files\steam\steam.exe" [2010-11-17 1242448]
"Raptr"="c:\progra~1\Raptr\raptrstub.exe" [2011-04-08 53160]
"ehTray.exe"="c:\windows\ehome\ehTray.exe" [2006-11-02 125440]
"WMPNSCFG"="c:\program files\Windows Media Player\WMPNSCFG.exe" [2006-11-02 201728]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2010-10-29 249064]
"DivXUpdate"="c:\program files\DivX\DivX Update\DivXUpdate.exe" [2010-09-01 1164584]
"AppleSyncNotifier"="c:\program files\Common Files\Apple\Mobile Device Support\AppleSyncNotifier.exe" [2010-09-22 47904]
"Zune Launcher"="c:\program files\Zune\ZuneLauncher.exe" [2010-09-24 159472]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2011-04-14 421160]
.
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\RunOnce]
"FlashPlayerUpdate"="c:\windows\system32\Macromed\Flash\FlashUtil9f.exe" [2008-03-25 218496]
.
c:\users\Mazzocchi\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
Dropbox.lnk - c:\users\Mazzocchi\AppData\Roaming\Dropbox\bin\Dropbox.exe [2010-2-26 21979992]
.
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
McAfee Security Scan Plus.lnk - c:\program files\McAfee Security Scan\2.1.121\SSScheduler.exe [2010-9-3 255536]
Rainmeter.lnk - c:\program files\Rainmeter\Rainmeter.exe [2009-11-1 119296]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableLUA"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WudfSvc]
@="Service"
.
[HKLM\~\startupfolder\C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^LoopBe1 Monitor.lnk]
path=c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\LoopBe1 Monitor.lnk
backup=c:\windows\pss\LoopBe1 Monitor.lnk.CommonStartup
backupExtension=.CommonStartup
.
[HKLM\~\startupfolder\C:^Users^Mazzocchi^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^FrostWire On Startup.lnk]
path=c:\users\Mazzocchi\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\FrostWire On Startup.lnk
backup=c:\windows\pss\FrostWire On Startup.lnk.Startup
backupExtension=.Startup
.
[HKLM\~\startupfolder\C:^Users^Mazzocchi^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^LimeWire On Startup.lnk]
path=c:\users\Mazzocchi\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\LimeWire On Startup.lnk
backup=c:\windows\pss\LimeWire On Startup.lnk.Startup
backupExtension=.Startup
.
[HKLM\~\startupfolder\C:^Users^Mazzocchi^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^Xfire.lnk]
path=c:\users\Mazzocchi\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Xfire.lnk
backup=c:\windows\pss\Xfire.lnk.Startup
backupExtension=.Startup
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe ARM]
2010-09-21 18:37 932288 ----a-w- c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher]
2009-12-22 06:57 35760 ----a-w- c:\program files\Adobe\Reader 9.0\Reader\reader_sl.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AdobeCS4ServiceManager]
2010-02-08 18:59 611712 ----a-w- c:\program files\Common Files\Adobe\CS4ServiceManager\CS4ServiceManager.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AIM ®]
2003-07-29 17:44 61440 ----a-w- c:\progra~1\AIM95\aim.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AppleSyncNotifier]
2010-09-22 04:28 47904 ----a-w- c:\program files\Common Files\Apple\Mobile Device Support\AppleSyncNotifier.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AutoStartNPSAgent]
2009-03-05 23:41 98304 ----a-w- c:\program files\Samsung\Samsung New PC Studio\NPSAgent.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DAEMON Tools Lite]
2010-04-01 09:16 357696 ----a-w- c:\program files\DAEMON Tools Lite\DTLite.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ehTray.exe]
2006-11-02 12:35 125440 ----a-w- c:\windows\ehome\ehtray.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HotKeysCmds]
2009-03-25 01:56 175128 ----a-w- c:\windows\System32\hkcmd.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\IgfxTray]
2009-03-25 01:56 141848 ----a-w- c:\windows\System32\igfxtray.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper]
2011-04-14 15:32 421160 ----a-w- c:\program files\iTunes\iTunesHelper.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LogitechCommunicationsManager]
2007-07-25 20:02 563984 ----a-w- c:\program files\Common Files\logishrd\LComMgr\Communications_Helper.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LogitechQuickCamRibbon]
2007-07-25 20:06 2027792 ----a-w- c:\program files\Logitech\QuickCam\Quickcam.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Persistence]
2009-03-25 01:56 153112 ----a-w- c:\windows\System32\igfxpers.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
2010-11-29 22:38 421888 ----a-w- c:\program files\QuickTime\QTTask.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RtHDVCpl]
2009-01-20 19:20 6711840 ------w- c:\program files\Realtek\Audio\HDA\RtHDVCpl.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Sidebar]
2009-11-08 20:26 1232896 ----a-w- c:\program files\Windows Sidebar\sidebar.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\StartCCC]
2010-03-03 02:23 98304 ----a-w- c:\program files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\USB2Check]
2006-11-06 18:31 81920 ----a-w- c:\windows\System32\PCLECoInst.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\USBToolTip]
2007-02-20 17:07 199752 ----a-w- c:\progra~1\Pinnacle\SHARED~1\Programs\USBTip\USBTip.exe
.
R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]
R3 FsUsbExDisk;FsUsbExDisk;c:\windows\system32\FsUsbExDisk.SYS [2009-02-19 36608]
R3 IntcHdmiAddService;Intel® High Definition Audio HDMI;c:\windows\system32\drivers\IntcHdmi.sys [2008-12-04 112640]
R3 McComponentHostService;McAfee Security Scan Component Host Service;c:\program files\McAfee Security Scan\2.1.121\McCHSvc.exe [2010-09-03 227232]
R3 WMZuneComm;Zune Windows Mobile Connectivity Service;c:\program files\Zune\WMZuneComm.exe [2010-09-24 268528]
R3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;c:\windows\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe [2010-03-18 753504]
R3 WPRO_40_1340;WinPcap Packet Driver (WPRO_40_1340);c:\windows\system32\drivers\WPRO_40_1340.sys [x]
R4 AMD External Events Utility;AMD External Events Utility;c:\windows\system32\atiesrxx.exe [2010-03-03 172032]
R4 ES lite Service;ES lite Service for program management.;c:\program files\Gigabyte\EasySaver\ESSVR.EXE [2009-03-02 68136]
R4 FsUsbExService;FsUsbExService;c:\windows\system32\FsUsbExService.Exe [2009-02-19 233472]
R4 sptd;sptd;c:\windows\System32\Drivers\sptd.sys [2009-11-08 691696]
S1 aswSnx;aswSnx; [x]
S1 aswSP;aswSP; [x]
S2 aswFsBlk;aswFsBlk; [x]
S2 aswMonFlt;aswMonFlt;c:\windows\system32\drivers\aswMonFlt.sys [2011-05-10 53592]
S3 amdkmdag;amdkmdag;c:\windows\system32\DRIVERS\atipmdag.sys [2010-03-03 5340160]
S3 amdkmdap;amdkmdap;c:\windows\system32\DRIVERS\atikmpag.sys [2010-03-03 152064]
S3 SaiK8018;SaiK8018;c:\windows\system32\DRIVERS\SaiK8018.sys [2008-07-29 106496]
.
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
getPlusHelper REG_MULTI_SZ getPlusHelper
.
Contents of the 'Scheduled Tasks' folder
.
.
------- Supplementary Scan -------
.
uStart Page = about:blank
uInternet Settings,ProxyOverride = <local>;*.local
FF - ProfilePath - c:\users\Mazzocchi\AppData\Roaming\Mozilla\Firefox\Profiles\zmchlnj9.default\
FF - prefs.js: browser.search.selectedEngine - Wikipedia (en)
.
- - - - ORPHANS REMOVED - - - -
.
SafeBoot-WudfPf
SafeBoot-WudfRd
MSConfigStartUp-Google Update - c:\users\Mazzocchi\AppData\Local\Google\Update\GoogleUpdate.exe
AddRemove-NSS - c:\program files\NortonInstaller\{397E31AA-0D78-4649-A01C-339D73A2ED35}\NSS\LicenseType\2.7.0.52\InstStub.exe
AddRemove-UnityWebPlayer - c:\users\Mazzocchi\AppData\Local\Unity\WebPlayer\Uninstall.exe
.
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2011-05-13 15:06
Windows 6.0.6000 NTFS
.
scanning hidden processes ...
.
scanning hidden autostart entries ...
.
scanning hidden files ...
.
scan completed successfully
hidden files: 0
.
**************************************************************************
.
Stealth MBR rootkit/Mebroot/Sinowal/TDL4 detector 0.4.2 by Gmer, http://www.gmer.net
Windows 6.0.6000
.
CreateFile("\\.\PHYSICALDRIVE0"): The process cannot access the file because it is being used by another process.
device: opened successfully
user: error reading MBR
kernel: MBR read successfully
user != kernel MBR !!!
copy of MBR has been found in sector 9 !
.
**************************************************************************
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
Completion time: 2011-05-13 15:08:38
ComboFix-quarantined-files.txt 2011-05-13 19:08
.
Pre-Run: 524,624,248,832 bytes free
Post-Run: 524,575,293,440 bytes free
.
Current=1 Default=1 Failed=0 LastKnownGood=11 Sets=1,2,3,4,5,6,7,8,9,11
- - End Of File - - 89DDF8B89499783C6896648EB60A4F0A


As for the Proxies in Firefox, I have never set a proxy up in Firefox as far as I know
As for if I recognize those files, I recognize the first 5 (the ones that are .wmv) but I have no idea what the other two are, I don't see them anywhere

#6 SweetTech

SweetTech

    Agent ST


  • Members
  • 13,421 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Antarctica
  • Local time:11:54 PM

Posted 13 May 2011 - 02:31 PM

Hi!

Thanks for the clarification.

I'll remove those proxies in Firefox:


OTL Fix

We need to run an OTL Fix
  • Please reopen Posted Image on your desktop.
  • Copy and Paste the following code into the Posted Image textbox.
    :Processes
    explorer.exe
    :OTL
    FF - prefs.js..network.proxy.ftp: "195.175.37.6" 
    FF - prefs.js..network.proxy.ftp_port: 8080 
    FF - prefs.js..network.proxy.gopher: "195.175.37.6" 
    FF - prefs.js..network.proxy.gopher_port: 8080 
    FF - prefs.js..network.proxy.http: "195.175.37.6" 
    FF - prefs.js..network.proxy.http_port: 8080 
    FF - prefs.js..network.proxy.share_proxy_settings: true 
    FF - prefs.js..network.proxy.socks: "195.175.37.6" 
    FF - prefs.js..network.proxy.socks_port: 8080 
    FF - prefs.js..network.proxy.ssl: "195.175.37.6" 
    FF - prefs.js..network.proxy.ssl_port: 8080
    :Commands
    [CreateRestorePoint]
    
  • Push Posted Image
  • OTL may ask to reboot the machine. Please do so if asked.
  • Click the OK button.
  • A report will open. Copy and Paste that report in your next reply.
  • If the machine reboots, the log will be located at C:\_OTL\MovedFiles\mmddyyyy_hhmmss.log, where mmddyyyy_hhmmss is the date of the tool run.


NEXT:



Running aswMBR.exe

Download aswMBR.exe ( 511KB ) to your desktop.

Double click the aswMBR.exe to run it.


Click the "Scan" button to start scan.


Posted Image


On completion of the scan click save log, save it to your desktop and post in your next reply.


Posted Image

Have I helped you? If you'd like to assist in the fight against malware, click here Posted Image


The instructions seen in this post have been specifically tailored to this user and the issues they are experiencing with their computer. If you think you have a similar problem, please first read this topic, and then begin your own, new thread. I do not offer private support via Private Message.


#7 Mazzocchi

Mazzocchi
  • Topic Starter

  • Members
  • 13 posts
  • OFFLINE
  •  
  • Local time:11:54 PM

Posted 14 May 2011 - 12:45 AM

Here's the log from OTL Fix:

========== PROCESSES ==========
Process explorer.exe killed successfully!
========== OTL ==========
Prefs.js: "195.175.37.6" removed from network.proxy.ftp
Prefs.js: 8080 removed from network.proxy.ftp_port
Prefs.js: "195.175.37.6" removed from network.proxy.gopher
Prefs.js: 8080 removed from network.proxy.gopher_port
Prefs.js: "195.175.37.6" removed from network.proxy.http
Prefs.js: 8080 removed from network.proxy.http_port
Prefs.js: true removed from network.proxy.share_proxy_settings
Prefs.js: "195.175.37.6" removed from network.proxy.socks
Prefs.js: 8080 removed from network.proxy.socks_port
Prefs.js: "195.175.37.6" removed from network.proxy.ssl
Prefs.js: 8080 removed from network.proxy.ssl_port
========== COMMANDS ==========


OTL by OldTimer - Version 3.2.22.3 log created on 05142011_014147

and here's the aswMBR log:

aswMBR version 0.9.5.256 Copyright© 2011 AVAST Software
Run date: 2011-05-14 01:43:10
-----------------------------
01:43:10.863 OS Version: Windows 6.0.6000
01:43:10.863 Number of processors: 4 586 0x170A
01:43:10.864 ComputerName: MAZZOCCHI-PC UserName: Mazzocchi
01:43:12.454 Initialize success
01:43:16.453 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP2T0L0-3
01:43:16.455 Disk 0 Vendor: Size: 0MB BusType: 0
01:43:16.457 Disk 1 \Device\Harddisk1\DR1 -> \Device\Ide\IdeDeviceP3T0L0-4
01:43:16.459 Disk 1 Vendor: WDC_WD5000AAKS-00YGA0 12.01C02 Size: 476940MB BusType: 3
01:43:18.465 Disk 0 MBR read successfully
01:43:18.466 Disk 0 MBR scan
01:43:18.468 Disk 0 TDL4@MBR code has been found
01:43:18.470 Disk 0 MBR hidden
01:43:18.472 Disk 0 MBR [TDL4] **ROOTKIT**
01:43:18.474 Disk 0 scanning C:\Windows\system32\drivers
01:43:26.144 Service scanning
01:43:27.639 Disk 0 trace - called modules:
01:43:27.657 ntkrnlpa.exe CLASSPNP.SYS disk.sys acpi.sys hal.dll ataport.SYS intelide.sys PCIIDEX.SYS atapi.sys
01:43:27.660 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0x861aa9b8]
01:43:27.664 3 ntkrnlpa.exe[82cb07e2] -> nt!IofCallDriver -> [0x8615da98]
01:43:27.667 5 acpi.sys[8047332a] -> nt!IofCallDriver -> \Device\Ide\IdeDeviceP2T0L0-3[0x8574e8b8]
01:43:27.670 Scan finished successfully
01:43:34.552 Disk 0 MBR has been saved successfully to "C:\Users\Mazzocchi\Desktop\MBR.dat"
01:43:34.555 The log file has been saved successfully to "C:\Users\Mazzocchi\Desktop\aswMBR.txt"



#8 SweetTech

SweetTech

    Agent ST


  • Members
  • 13,421 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Antarctica
  • Local time:11:54 PM

Posted 14 May 2011 - 10:01 AM

Hi!


Running aswMBR.exe Fix

Re-Run aswMBR

Click Scan

On completion of the scan

Click the Fix button.

Posted Image


Save the log as before and post in your next reply.



NEXT:




Malwarebytes' Anti-Malware

I see that you have Malwarebytes' Anti-Malware installed on your computer could you please do a scan using these settings:

  • Open Malwarebytes' Anti-Malware
  • Select the Update tab
  • Click Check for Updates
  • After the update have been completed, Select the Scanner tab.
  • Select Perform quick scan, then click on Scan
  • Leave the default options as it is and click on Start Scan
  • When done, you will be prompted. Click OK, then click on Show Results
  • Checked (ticked) all items and click on Remove Selected
  • After it has removed the items, Notepad will open. Please post this log in your next reply. You can also find the log in the Logs tab. The bottom most log is the latest
Extra Note: If MBAM encounters a file that is difficult to remove, you will be presented with 1 of 2 prompts, click OK to either and let MBAM proceed with the disinfection process, if asked to restart the computer, please do so immediately.

Have I helped you? If you'd like to assist in the fight against malware, click here Posted Image


The instructions seen in this post have been specifically tailored to this user and the issues they are experiencing with their computer. If you think you have a similar problem, please first read this topic, and then begin your own, new thread. I do not offer private support via Private Message.


#9 Mazzocchi

Mazzocchi
  • Topic Starter

  • Members
  • 13 posts
  • OFFLINE
  •  
  • Local time:11:54 PM

Posted 14 May 2011 - 12:05 PM

I ran aswMBR, did the scan, but the Fix button didn't light up, so I couldn't click it O_o
Here's the log from that scan though:

aswMBR version 0.9.5.256 Copyright© 2011 AVAST Software
Run date: 2011-05-14 01:43:10
-----------------------------
01:43:10.863 OS Version: Windows 6.0.6000
01:43:10.863 Number of processors: 4 586 0x170A
01:43:10.864 ComputerName: MAZZOCCHI-PC UserName: Mazzocchi
01:43:12.454 Initialize success
01:43:16.453 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP2T0L0-3
01:43:16.455 Disk 0 Vendor: Size: 0MB BusType: 0
01:43:16.457 Disk 1 \Device\Harddisk1\DR1 -> \Device\Ide\IdeDeviceP3T0L0-4
01:43:16.459 Disk 1 Vendor: WDC_WD5000AAKS-00YGA0 12.01C02 Size: 476940MB BusType: 3
01:43:18.465 Disk 0 MBR read successfully
01:43:18.466 Disk 0 MBR scan
01:43:18.468 Disk 0 TDL4@MBR code has been found
01:43:18.470 Disk 0 MBR hidden
01:43:18.472 Disk 0 MBR [TDL4] **ROOTKIT**
01:43:18.474 Disk 0 scanning C:\Windows\system32\drivers
01:43:26.144 Service scanning
01:43:27.639 Disk 0 trace - called modules:
01:43:27.657 ntkrnlpa.exe CLASSPNP.SYS disk.sys acpi.sys hal.dll ataport.SYS intelide.sys PCIIDEX.SYS atapi.sys
01:43:27.660 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0x861aa9b8]
01:43:27.664 3 ntkrnlpa.exe[82cb07e2] -> nt!IofCallDriver -> [0x8615da98]
01:43:27.667 5 acpi.sys[8047332a] -> nt!IofCallDriver -> \Device\Ide\IdeDeviceP2T0L0-3[0x8574e8b8]
01:43:27.670 Scan finished successfully
01:43:34.552 Disk 0 MBR has been saved successfully to "C:\Users\Mazzocchi\Desktop\MBR.dat"
01:43:34.555 The log file has been saved successfully to "C:\Users\Mazzocchi\Desktop\aswMBR.txt"


aswMBR version 0.9.5.256 Copyright© 2011 AVAST Software
Run date: 2011-05-14 12:57:51
-----------------------------
12:57:51.280 OS Version: Windows 6.0.6000
12:57:51.280 Number of processors: 4 586 0x170A
12:57:51.282 ComputerName: MAZZOCCHI-PC UserName: Mazzocchi
12:57:53.088 Initialize success
12:57:55.039 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP2T0L0-3
12:57:55.041 Disk 0 Vendor: Size: 0MB BusType: 0
12:57:55.043 Disk 1 \Device\Harddisk1\DR1 -> \Device\Ide\IdeDeviceP3T0L0-4
12:57:55.044 Disk 1 Vendor: WDC_WD5000AAKS-00YGA0 12.01C02 Size: 476940MB BusType: 3
12:57:57.075 Disk 0 MBR read successfully
12:57:57.077 Disk 0 MBR scan
12:57:57.079 Disk 0 TDL4@MBR code has been found
12:57:57.081 Disk 0 MBR hidden
12:57:57.083 Disk 0 MBR [TDL4] **ROOTKIT**
12:57:57.085 Disk 0 scanning C:\Windows\system32\drivers
12:58:20.391 Service scanning
12:58:22.599 Disk 0 trace - called modules:
12:58:22.612 ntkrnlpa.exe CLASSPNP.SYS disk.sys acpi.sys hal.dll ataport.SYS intelide.sys
12:58:22.615 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0x861aa9b8]
12:58:22.619 3 ntkrnlpa.exe[82cb07e2] -> nt!IofCallDriver -> [0x8615da98]
12:58:22.622 5 acpi.sys[8047332a] -> nt!IofCallDriver -> \Device\Ide\IdeDeviceP2T0L0-3[0x8574e8b8]
12:58:22.625 Scan finished successfully
12:59:15.503 Disk 0 MBR has been saved successfully to "C:\Users\Mazzocchi\Desktop\MBR.dat"
12:59:15.562 The log file has been saved successfully to "C:\Users\Mazzocchi\Desktop\aswMBR.txt"


And here's the Malwarebytes' Anti-alware log:

Malwarebytes' Anti-Malware 1.50.1.1100
www.malwarebytes.org

Database version: 6578

Windows 6.0.6000
Internet Explorer 7.0.6000.16982

5/14/2011 1:03:51 PM
mbam-log-2011-05-14 (13-03-51).txt

Scan type: Quick scan
Objects scanned: 190064
Time elapsed: 3 minute(s), 46 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 0

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
(No malicious items detected)



#10 SweetTech

SweetTech

    Agent ST


  • Members
  • 13,421 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Antarctica
  • Local time:11:54 PM

Posted 14 May 2011 - 12:09 PM

hmm.. Where any buttons lit up?

Could you attach this file for me?

C:\Users\Mazzocchi\Desktop\MBR.dat

Have I helped you? If you'd like to assist in the fight against malware, click here Posted Image


The instructions seen in this post have been specifically tailored to this user and the issues they are experiencing with their computer. If you think you have a similar problem, please first read this topic, and then begin your own, new thread. I do not offer private support via Private Message.


#11 Mazzocchi

Mazzocchi
  • Topic Starter

  • Members
  • 13 posts
  • OFFLINE
  •  
  • Local time:11:54 PM

Posted 14 May 2011 - 12:13 PM

The only buttons that were lit up after the scan was done was FixMBR, Save Log, and Exit

Here's that file you requested, in a .zip file because I it yelled at me when I tried to upload the .dat file itself haha

Attached Files

  • Attached File  MBR.zip   552bytes   3 downloads


#12 SweetTech

SweetTech

    Agent ST


  • Members
  • 13,421 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Antarctica
  • Local time:11:54 PM

Posted 14 May 2011 - 12:38 PM

Hi!

The only buttons that were lit up after the scan was done was FixMBR, Save Log, and Exit

Thanks for providing me with that information.

Here's that file you requested, in a .zip file because I it yelled at me when I tried to upload the .dat file itself haha

Thank you for uploading the file for me. The file you uploaded for me is indicating that your MBR is infected with TDSS.

I am currently waiting to hear back from a colleague on something, and should hopefully hear back from them shortly.

I will get back to you as soon as I hear something.

Have I helped you? If you'd like to assist in the fight against malware, click here Posted Image


The instructions seen in this post have been specifically tailored to this user and the issues they are experiencing with their computer. If you think you have a similar problem, please first read this topic, and then begin your own, new thread. I do not offer private support via Private Message.


#13 SweetTech

SweetTech

    Agent ST


  • Members
  • 13,421 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Antarctica
  • Local time:11:54 PM

Posted 14 May 2011 - 12:43 PM

Mazzocchi,

Can you please delete the current copy of TDSSKiller that you have on your computer, and download a new copy from one of the links provided.


Running TDSSKiller

Please read carefully and follow these steps.
  • Download TDSSKiller and save it to your Desktop.
  • Extract its contents to your desktop.
  • Once extracted, open the TDSSKiller folder and doubleclick on TDSSKiller.exe to run the application, then on Start Scan.


    Posted Image

  • If an infected file is detected, the default action will be Cure, click on Continue.


    Posted Image

  • If a suspicious file is detected, the default action will be Skip, click on Continue.


    Posted Image

  • It may ask you to reboot the computer to complete the process. Click on Reboot Now.


    Posted Image

  • If no reboot is require, click on Report. A log file should appear. Please copy and paste the contents of that file here.
  • If a reboot is required, the report can also be found in your root directory, (usually C:\ folder) in the form of "TDSSKiller.[Version]_[Date]_[Time]_log.txt". Please copy and paste the contents of that file here.

Have I helped you? If you'd like to assist in the fight against malware, click here Posted Image


The instructions seen in this post have been specifically tailored to this user and the issues they are experiencing with their computer. If you think you have a similar problem, please first read this topic, and then begin your own, new thread. I do not offer private support via Private Message.


#14 Mazzocchi

Mazzocchi
  • Topic Starter

  • Members
  • 13 posts
  • OFFLINE
  •  
  • Local time:11:54 PM

Posted 14 May 2011 - 01:06 PM

There was a bunch of TDSS logs, I'm 90% sure this is the most recent though.

2011/05/14 13:52:15.0630 0712 TDSS rootkit removing tool 2.5.1.0 May 13 2011 13:20:29
2011/05/14 13:52:15.0880 0712 ================================================================================
2011/05/14 13:52:15.0880 0712 SystemInfo:
2011/05/14 13:52:15.0880 0712
2011/05/14 13:52:15.0880 0712 OS Version: 6.0.6000 ServicePack: 0.0
2011/05/14 13:52:15.0880 0712 Product type: Workstation
2011/05/14 13:52:16.0852 0712 ComputerName: MAZZOCCHI-PC
2011/05/14 13:52:16.0852 0712 UserName: Mazzocchi
2011/05/14 13:52:16.0852 0712 Windows directory: C:\Windows
2011/05/14 13:52:16.0852 0712 System windows directory: C:\Windows
2011/05/14 13:52:16.0852 0712 Processor architecture: Intel x86
2011/05/14 13:52:16.0852 0712 Number of processors: 4
2011/05/14 13:52:16.0852 0712 Page size: 0x1000
2011/05/14 13:52:16.0852 0712 Boot type: Normal boot
2011/05/14 13:52:16.0852 0712 ================================================================================
2011/05/14 13:52:22.0447 0712 Initialize success
2011/05/14 13:52:24.0740 5008 ================================================================================
2011/05/14 13:52:24.0740 5008 Scan started
2011/05/14 13:52:24.0740 5008 Mode: Manual;
2011/05/14 13:52:24.0740 5008 ================================================================================
2011/05/14 13:52:25.0847 5008 ACPI (84fc6df81212d16be5c4f441682feccc) C:\Windows\system32\drivers\acpi.sys
2011/05/14 13:52:25.0894 5008 adfs (73685e15ef8b0bd9c30f1af413f13d49) C:\Windows\system32\drivers\adfs.sys
2011/05/14 13:52:25.0964 5008 adp94xx (2edc5bbac6c651ece337bde8ed97c9fb) C:\Windows\system32\drivers\adp94xx.sys
2011/05/14 13:52:25.0987 5008 adpahci (b84088ca3cdca97da44a984c6ce1ccad) C:\Windows\system32\drivers\adpahci.sys
2011/05/14 13:52:26.0016 5008 adpu160m (7880c67bccc27c86fd05aa2afb5ea469) C:\Windows\system32\drivers\adpu160m.sys
2011/05/14 13:52:26.0037 5008 adpu320 (9ae713f8e30efc2abccd84904333df4d) C:\Windows\system32\drivers\adpu320.sys
2011/05/14 13:52:26.0073 5008 AFD (5d24caf8efd924a875698ff28384db8b) C:\Windows\system32\drivers\afd.sys
2011/05/14 13:52:26.0101 5008 agp440 (ef23439cdd587f64c2c1b8825cead7d8) C:\Windows\system32\drivers\agp440.sys
2011/05/14 13:52:26.0112 5008 aic78xx (ae1fdf7bf7bb6c6a70f67699d880592a) C:\Windows\system32\drivers\djsvs.sys
2011/05/14 13:52:26.0148 5008 aliide (3a99cb23a2d326fd532618705d6e3048) C:\Windows\system32\drivers\aliide.sys
2011/05/14 13:52:26.0165 5008 amdagp (2b13e304c9dfdfa5eb582f6a149fa2c7) C:\Windows\system32\drivers\amdagp.sys
2011/05/14 13:52:26.0185 5008 amdide (4333c133dbd71c7d7fe4fb1b83f9ee3e) C:\Windows\system32\drivers\amdide.sys
2011/05/14 13:52:26.0194 5008 AmdK7 (dc487885bcef9f28eece6fac0e5ddfc5) C:\Windows\system32\drivers\amdk7.sys
2011/05/14 13:52:26.0217 5008 AmdK8 (0ca0071da4315b00fc1328ca86b425da) C:\Windows\system32\drivers\amdk8.sys
2011/05/14 13:52:26.0342 5008 amdkmdag (70af0409de16e6ef7be74f98652efc37) C:\Windows\system32\DRIVERS\atipmdag.sys
2011/05/14 13:52:26.0448 5008 amdkmdap (0b484b58e0dcb55b8d74952b7d9e8ad2) C:\Windows\system32\DRIVERS\atikmpag.sys
2011/05/14 13:52:26.0479 5008 arc (5f673180268bb1fdb69c99b6619fe379) C:\Windows\system32\drivers\arc.sys
2011/05/14 13:52:26.0491 5008 arcsas (957f7540b5e7f602e44648c7de5a1c05) C:\Windows\system32\drivers\arcsas.sys
2011/05/14 13:52:26.0530 5008 aswFsBlk (7f08d9c504b015d81a8abd75c80028c5) C:\Windows\system32\drivers\aswFsBlk.sys
2011/05/14 13:52:26.0573 5008 aswMonFlt (9bdc8e9ce17b773f69d2c6696c768c4f) C:\Windows\system32\drivers\aswMonFlt.sys
2011/05/14 13:52:26.0591 5008 aswRdr (ac48bdd4cd5d44af33087c06d6e9511c) C:\Windows\system32\drivers\aswRdr.sys
2011/05/14 13:52:26.0635 5008 aswSnx (b64134316fcd1f20e0f10ef3e65bd522) C:\Windows\system32\drivers\aswSnx.sys
2011/05/14 13:52:26.0681 5008 aswSP (d6788e3211afa9951ed7a4d617f68a4f) C:\Windows\system32\drivers\aswSP.sys
2011/05/14 13:52:26.0704 5008 aswTdi (4d100c45517809439c7b6dd98997fa00) C:\Windows\system32\drivers\aswTdi.sys
2011/05/14 13:52:26.0738 5008 AsyncMac (e86cf7ce67d5de898f27ef884dc357d8) C:\Windows\system32\DRIVERS\asyncmac.sys
2011/05/14 13:52:26.0767 5008 atapi (b35cfcef838382ab6490b321c87edf17) C:\Windows\system32\drivers\atapi.sys
2011/05/14 13:52:26.0835 5008 Beep (ac3dd1708b22761ebd7cbe14dcc3b5d7) C:\Windows\system32\drivers\Beep.sys
2011/05/14 13:52:26.0881 5008 bowser (913cd06fbe9105ce6077e90fd4418561) C:\Windows\system32\DRIVERS\bowser.sys
2011/05/14 13:52:26.0895 5008 BrFiltLo (9f9acc7f7ccde8a15c282d3f88b43309) C:\Windows\system32\drivers\brfiltlo.sys
2011/05/14 13:52:26.0913 5008 BrFiltUp (56801ad62213a41f6497f96dee83755a) C:\Windows\system32\drivers\brfiltup.sys
2011/05/14 13:52:26.0946 5008 Brserid (b304e75cff293029eddf094246747113) C:\Windows\system32\drivers\brserid.sys
2011/05/14 13:52:26.0956 5008 BrSerWdm (203f0b1e73adadbbb7b7b1fabd901f6b) C:\Windows\system32\drivers\brserwdm.sys
2011/05/14 13:52:26.0980 5008 BrUsbMdm (bd456606156ba17e60a04e18016ae54b) C:\Windows\system32\drivers\brusbmdm.sys
2011/05/14 13:52:26.0994 5008 BrUsbSer (af72ed54503f717a43268b3cc5faec2e) C:\Windows\system32\drivers\brusbser.sys
2011/05/14 13:52:27.0009 5008 BTHMODEM (ad07c1ec6665b8b35741ab91200c6b68) C:\Windows\system32\drivers\bthmodem.sys
2011/05/14 13:52:27.0098 5008 CamDrL (0f5ca31bb3fdb5c1e63c170cfbecc93b) C:\Windows\system32\DRIVERS\Camdrl.sys
2011/05/14 13:52:27.0381 5008 cdfs (6c3a437fc873c6f6a4fc620b6888cb86) C:\Windows\system32\DRIVERS\cdfs.sys
2011/05/14 13:52:27.0406 5008 cdrom (8d1866e61af096ae8b582454f5e4d303) C:\Windows\system32\DRIVERS\cdrom.sys
2011/05/14 13:52:27.0425 5008 circlass (da8e0afc7baa226c538ef53ac2f90897) C:\Windows\system32\drivers\circlass.sys
2011/05/14 13:52:27.0471 5008 CLFS (1b84fd0937d3b99af9ba38ddff3daf54) C:\Windows\system32\CLFS.sys
2011/05/14 13:52:27.0520 5008 cmdide (dfb94a6fc3a26972b0461ab5f1d8272b) C:\Windows\system32\drivers\cmdide.sys
2011/05/14 13:52:27.0541 5008 Compbatt (82b8c91d327cfecf76cb58716f7d4997) C:\Windows\system32\drivers\compbatt.sys
2011/05/14 13:52:27.0553 5008 crcdisk (2a213ae086bbec5e937553c7d9a2b22c) C:\Windows\system32\drivers\crcdisk.sys
2011/05/14 13:52:27.0564 5008 Crusoe (22a7f883508176489f559ee745b5bf5d) C:\Windows\system32\drivers\crusoe.sys
2011/05/14 13:52:27.0616 5008 DCamUSBEMPIA (5118ea8a2f55fa4d4295516500b78229) C:\Windows\system32\DRIVERS\emDevice.sys
2011/05/14 13:52:27.0631 5008 DfsC (a7179de59ae269ab70345527894ccd7c) C:\Windows\system32\Drivers\dfsc.sys
2011/05/14 13:52:27.0664 5008 disk (841af4c4d41d3e3b2f244e976b0f7963) C:\Windows\system32\drivers\disk.sys
2011/05/14 13:52:27.0720 5008 drmkaud (ee472cd2c01f6f8e8aa1fa06ffef61b6) C:\Windows\system32\drivers\drmkaud.sys
2011/05/14 13:52:27.0806 5008 DXGKrnl (334988883de69adb27e2cf9f9715bbdb) C:\Windows\System32\drivers\dxgkrnl.sys
2011/05/14 13:52:27.0824 5008 E1G60 (f88fb26547fd2ce6d0a5af2985892c48) C:\Windows\system32\DRIVERS\E1G60I32.sys
2011/05/14 13:52:27.0837 5008 Ecache (0efc7531b936ee57fdb4e837664c509f) C:\Windows\system32\drivers\ecache.sys
2011/05/14 13:52:27.0870 5008 elxstor (e8f3f21a71720c84bcf423b80028359f) C:\Windows\system32\drivers\elxstor.sys
2011/05/14 13:52:27.0911 5008 emAudio (200da4f1964c11b3c19a07f937394624) C:\Windows\system32\drivers\emAudio.sys
2011/05/14 13:52:27.0953 5008 fastfat (84a317cb0b3954d3768cdcd018dbf670) C:\Windows\system32\drivers\fastfat.sys
2011/05/14 13:52:27.0975 5008 fdc (63bdada84951b9c03e641800e176898a) C:\Windows\system32\DRIVERS\fdc.sys
2011/05/14 13:52:27.0991 5008 FileInfo (65773d6115c037ffd7ef8280ae85eb9d) C:\Windows\system32\drivers\fileinfo.sys
2011/05/14 13:52:28.0021 5008 Filetrace (c226dd0de060745f3e042f58dcf78402) C:\Windows\system32\drivers\filetrace.sys
2011/05/14 13:52:28.0066 5008 FiltUSBEMPIA (6f87e4706f59463b74bc4fad0f67338f) C:\Windows\system32\DRIVERS\emFilter.sys
2011/05/14 13:52:28.0118 5008 flpydisk (6603957eff5ec62d25075ea8ac27de68) C:\Windows\system32\DRIVERS\flpydisk.sys
2011/05/14 13:52:28.0128 5008 FltMgr (a6a8da7ae4d53394ab22ac3ab6d3f5d3) C:\Windows\system32\drivers\fltmgr.sys
2011/05/14 13:52:28.0182 5008 FsUsbExDisk (790a4ca68f44be35967b3df61f3e4675) C:\Windows\system32\FsUsbExDisk.SYS
2011/05/14 13:52:28.0247 5008 Fs_Rec (66a078591208baa210c7634b11eb392c) C:\Windows\system32\drivers\Fs_Rec.sys
2011/05/14 13:52:28.0264 5008 gagp30kx (4e1cd0a45c50a8882616cae5bf82f3c5) C:\Windows\system32\drivers\gagp30kx.sys
2011/05/14 13:52:28.0293 5008 gdrv (d556cb79967e92b5cc69686d16c1d846) C:\Windows\gdrv.sys
2011/05/14 13:52:28.0308 5008 GEARAspiWDM (8182ff89c65e4d38b2de4bb0fb18564e) C:\Windows\system32\DRIVERS\GEARAspiWDM.sys
2011/05/14 13:52:28.0360 5008 HdAudAddService (cb04c744be0a61b1d648faed182c3b59) C:\Windows\system32\drivers\HdAudio.sys
2011/05/14 13:52:28.0384 5008 HDAudBus (0db613a7e427b5663563677796fd5258) C:\Windows\system32\DRIVERS\HDAudBus.sys
2011/05/14 13:52:28.0406 5008 HidBth (1338520e78d90154ed6be8f84de5fceb) C:\Windows\system32\drivers\hidbth.sys
2011/05/14 13:52:28.0420 5008 HidIr (ff3160c3a2445128c5a6d9b076da519e) C:\Windows\system32\drivers\hidir.sys
2011/05/14 13:52:28.0464 5008 HidUsb (3c64042b95e583b366ba4e5d2450235e) C:\Windows\system32\DRIVERS\hidusb.sys
2011/05/14 13:52:28.0537 5008 HpCISSs (df353b401001246853763c4b7aaa6f50) C:\Windows\system32\drivers\hpcisss.sys
2011/05/14 13:52:28.0605 5008 HTTP (ea24fe637d974a8a31bc650f478e3533) C:\Windows\system32\drivers\HTTP.sys
2011/05/14 13:52:28.0632 5008 i2omp (324c2152ff2c61abae92d09f3cca4d63) C:\Windows\system32\drivers\i2omp.sys
2011/05/14 13:52:28.0686 5008 i8042prt (1c9ee072baa3abb460b91d7ee9152660) C:\Windows\system32\DRIVERS\i8042prt.sys
2011/05/14 13:52:28.0724 5008 iaStorV (c957bf4b5d80b46c5017bf0101e6c906) C:\Windows\system32\drivers\iastorv.sys
2011/05/14 13:52:28.0833 5008 igfx (c74a92abcc2a16c438e43cddb904bf75) C:\Windows\system32\DRIVERS\igdkmd32.sys
2011/05/14 13:52:28.0913 5008 iirsp (2d077bf86e843f901d8db709c95b49a5) C:\Windows\system32\drivers\iirsp.sys
2011/05/14 13:52:29.0007 5008 IntcAzAudAddService (38d5b498c555403ef637806937ab6639) C:\Windows\system32\drivers\RTKVHDA.sys
2011/05/14 13:52:29.0068 5008 IntcHdmiAddService (362b19109f9b6f68c8e2a35efc9144a0) C:\Windows\system32\drivers\IntcHdmi.sys
2011/05/14 13:52:29.0139 5008 intelide (988981c840084f480ba9e3319cebde1b) C:\Windows\system32\drivers\intelide.sys
2011/05/14 13:52:29.0154 5008 intelppm (ce44cc04262f28216dd4341e9e36a16f) C:\Windows\system32\DRIVERS\intelppm.sys
2011/05/14 13:52:29.0191 5008 IpFilterDriver (880c6f86cc3f551b8fea2c11141268c0) C:\Windows\system32\DRIVERS\ipfltdrv.sys
2011/05/14 13:52:29.0213 5008 IPMIDRV (40f34f8aba2a015d780e4b09138b6c17) C:\Windows\system32\drivers\ipmidrv.sys
2011/05/14 13:52:29.0239 5008 IPNAT (10077c35845101548037df04fd1a420b) C:\Windows\system32\DRIVERS\ipnat.sys
2011/05/14 13:52:29.0285 5008 IRENUM (a82f328f4792304184642d6d397bb1e3) C:\Windows\system32\drivers\irenum.sys
2011/05/14 13:52:29.0299 5008 isapnp (350fca7e73cf65bcef43fae1e4e91293) C:\Windows\system32\drivers\isapnp.sys
2011/05/14 13:52:29.0321 5008 iScsiPrt (4dca456d4d5723f8fa9c6760d240b0df) C:\Windows\system32\DRIVERS\msiscsi.sys
2011/05/14 13:52:29.0348 5008 iteatapi (bced60d16156e428f8df8cf27b0df150) C:\Windows\system32\drivers\iteatapi.sys
2011/05/14 13:52:29.0378 5008 iteraid (06fa654504a498c30adca8bec4e87e7e) C:\Windows\system32\drivers\iteraid.sys
2011/05/14 13:52:29.0422 5008 kbdclass (b076b2ab806b3f696dab21375389101c) C:\Windows\system32\DRIVERS\kbdclass.sys
2011/05/14 13:52:29.0442 5008 kbdhid (ed61dbc6603f612b7338283edbacbc4b) C:\Windows\system32\DRIVERS\kbdhid.sys
2011/05/14 13:52:29.0519 5008 KSecDD (0a829977b078dea11641fc2af87ceade) C:\Windows\system32\Drivers\ksecdd.sys
2011/05/14 13:52:29.0567 5008 lltdio (fd015b4f95daa2b712f0e372a116fbad) C:\Windows\system32\DRIVERS\lltdio.sys
2011/05/14 13:52:29.0622 5008 LoopBeMidi1 (de65ebd42567c33c0152e308a982b834) C:\Windows\system32\drivers\loopbe1.sys
2011/05/14 13:52:29.0648 5008 LSI_FC (a2262fb9f28935e862b4db46438c80d2) C:\Windows\system32\drivers\lsi_fc.sys
2011/05/14 13:52:29.0658 5008 LSI_SAS (30d73327d390f72a62f32c103daf1d6d) C:\Windows\system32\drivers\lsi_sas.sys
2011/05/14 13:52:29.0670 5008 LSI_SCSI (e1e36fefd45849a95f1ab81de0159fe3) C:\Windows\system32\drivers\lsi_scsi.sys
2011/05/14 13:52:29.0720 5008 luafv (42885bb44b6e065b8575a8dd6c430c52) C:\Windows\system32\drivers\luafv.sys
2011/05/14 13:52:29.0843 5008 LVcKap (fb548ff809634bfa866312b37d8a18ae) C:\Windows\system32\DRIVERS\LVcKap.sys
2011/05/14 13:52:29.0922 5008 LVMVDrv (fe3fb994f8702d9e37648927819b74b8) C:\Windows\system32\DRIVERS\LVMVDrv.sys
2011/05/14 13:52:30.0006 5008 LVPr2Mon (c7ea51f1ab10b0b2b443f4d5589fc1a5) C:\Windows\system32\DRIVERS\LVPr2Mon.sys
2011/05/14 13:52:30.0117 5008 LVUSBSta (caef4c05ba2c1acad4ebcaa4261cd55d) C:\Windows\system32\drivers\LVUSBSta.sys
2011/05/14 13:52:30.0149 5008 MarvinBus (a3e700d78eec390f1208098cdca5c6b6) C:\Windows\system32\DRIVERS\MarvinBus.sys
2011/05/14 13:52:30.0200 5008 megasas (d153b14fc6598eae8422a2037553adce) C:\Windows\system32\drivers\megasas.sys
2011/05/14 13:52:30.0226 5008 Modem (21755967298a46fb6adfec9db6012211) C:\Windows\system32\drivers\modem.sys
2011/05/14 13:52:30.0269 5008 monitor (7446e104a5fe5987ca9e4983fbac4f97) C:\Windows\system32\DRIVERS\monitor.sys
2011/05/14 13:52:30.0345 5008 mouclass (5fba13c1a1841b0885d316ed3589489d) C:\Windows\system32\DRIVERS\mouclass.sys
2011/05/14 13:52:30.0363 5008 mouhid (a3a6dff7e9e757db3df51a833bc28885) C:\Windows\system32\drivers\mouhid.sys
2011/05/14 13:52:30.0373 5008 MountMgr (01f1e5a3e4877c931cbb31613fec16a6) C:\Windows\system32\drivers\mountmgr.sys
2011/05/14 13:52:30.0404 5008 mpio (583a41f26278d9e0ea548163d6139397) C:\Windows\system32\drivers\mpio.sys
2011/05/14 13:52:30.0473 5008 mpsdrv (6e7a7f0c1193ee5648443fe2d4b789ec) C:\Windows\system32\drivers\mpsdrv.sys
2011/05/14 13:52:30.0485 5008 Mraid35x (4fbbb70d30fd20ec51f80061703b001e) C:\Windows\system32\drivers\mraid35x.sys
2011/05/14 13:52:30.0563 5008 MRxDAV (1d8828b98ee309d65e006f0829e280e5) C:\Windows\system32\drivers\mrxdav.sys
2011/05/14 13:52:30.0616 5008 mrxsmb (8af705ce1bb907932157fab821170f27) C:\Windows\system32\DRIVERS\mrxsmb.sys
2011/05/14 13:52:30.0627 5008 mrxsmb10 (47e13ab23371be3279eef22bbfa2c1be) C:\Windows\system32\DRIVERS\mrxsmb10.sys
2011/05/14 13:52:30.0638 5008 mrxsmb20 (90b3fc7bd6b3d7ee7635debba2187f66) C:\Windows\system32\DRIVERS\mrxsmb20.sys
2011/05/14 13:52:30.0682 5008 msahci (f0ec3a4e0693a34b148723b4da31668c) C:\Windows\system32\drivers\msahci.sys
2011/05/14 13:52:30.0697 5008 msdsm (3fc82a2ae4cc149165a94699183d3028) C:\Windows\system32\drivers\msdsm.sys
2011/05/14 13:52:30.0747 5008 Msfs (729eafefd4e7417165f353a18dbe947d) C:\Windows\system32\drivers\Msfs.sys
2011/05/14 13:52:30.0757 5008 msisadrv (5f454a16a5146cd91a176d70f0cfa3ec) C:\Windows\system32\drivers\msisadrv.sys
2011/05/14 13:52:30.0797 5008 MSKSSRV (892cedefa7e0ffe7be8da651b651d047) C:\Windows\system32\drivers\MSKSSRV.sys
2011/05/14 13:52:30.0810 5008 MSPCLOCK (ae2cb1da69b2676b4cee2a501af5871c) C:\Windows\system32\drivers\MSPCLOCK.sys
2011/05/14 13:52:30.0826 5008 MSPQM (f910da84fa90c44a3addb7cd874463fd) C:\Windows\system32\drivers\MSPQM.sys
2011/05/14 13:52:30.0849 5008 MsRPC (84571c0ae07647ba38d493f5f0015df7) C:\Windows\system32\drivers\MsRPC.sys
2011/05/14 13:52:30.0870 5008 mssmbios (4385c80ede885e25492d408cad91bd6f) C:\Windows\system32\DRIVERS\mssmbios.sys
2011/05/14 13:52:30.0894 5008 MSTEE (c826dd1373f38afd9ca46ec3c436a14e) C:\Windows\system32\drivers\MSTEE.sys
2011/05/14 13:52:30.0920 5008 Mup (fa7aa70050cf5e2d15de00941e5665e5) C:\Windows\system32\Drivers\mup.sys
2011/05/14 13:52:30.0933 5008 NativeWifiP (6da4a0fc7c0e83df0cb3cfd0a514c3bc) C:\Windows\system32\DRIVERS\nwifi.sys
2011/05/14 13:52:31.0029 5008 NDIS (227c11e1e7cf6ef8afb2a238d209760c) C:\Windows\system32\drivers\ndis.sys
2011/05/14 13:52:31.0091 5008 NdisTapi (81659cdcbd0f9a9e07e6878ad8c78d3f) C:\Windows\system32\DRIVERS\ndistapi.sys
2011/05/14 13:52:31.0107 5008 Ndisuio (5de5ee546bf40838ebe0e01cb629df64) C:\Windows\system32\DRIVERS\ndisuio.sys
2011/05/14 13:52:31.0137 5008 NdisWan (397402adcbb8946223a1950101f6cd94) C:\Windows\system32\DRIVERS\ndiswan.sys
2011/05/14 13:52:31.0160 5008 NDProxy (1b24fa907af283199a81b3bb37e5e526) C:\Windows\system32\drivers\NDProxy.sys
2011/05/14 13:52:31.0187 5008 NetBIOS (356dbb9f98e8dc1028dd3092fceeb877) C:\Windows\system32\DRIVERS\netbios.sys
2011/05/14 13:52:31.0221 5008 netbt (e3a168912e7eefc3bd3b814720d68b41) C:\Windows\system32\DRIVERS\netbt.sys
2011/05/14 13:52:31.0262 5008 nfrd960 (2e7fb731d4790a1bc6270accefacb36e) C:\Windows\system32\drivers\nfrd960.sys
2011/05/14 13:52:31.0275 5008 Npfs (4f9832beb9fafd8ceb0e541f1323b26e) C:\Windows\system32\drivers\Npfs.sys
2011/05/14 13:52:31.0288 5008 nsiproxy (b488dfec274de1fc9d653870ef2587be) C:\Windows\system32\drivers\nsiproxy.sys
2011/05/14 13:52:31.0374 5008 Ntfs (37430aa7a66d7a63407adc2c0d05e9f6) C:\Windows\system32\drivers\Ntfs.sys
2011/05/14 13:52:31.0411 5008 ntrigdigi (e875c093aec0c978a90f30c9e0dfbb72) C:\Windows\system32\drivers\ntrigdigi.sys
2011/05/14 13:52:31.0434 5008 Null (ec5efb3c60f1b624648344a328bce596) C:\Windows\system32\drivers\Null.sys
2011/05/14 13:52:31.0511 5008 nvraid (6f785db62a6d8f3fafd3e5695277e849) C:\Windows\system32\drivers\nvraid.sys
2011/05/14 13:52:31.0577 5008 nvstor (4a5fcab82d9bf6af8a023a66802fe9e9) C:\Windows\system32\drivers\nvstor.sys
2011/05/14 13:52:31.0587 5008 nv_agp (07c186427eb8fcc3d8d7927187f260f7) C:\Windows\system32\drivers\nv_agp.sys
2011/05/14 13:52:31.0650 5008 ohci1394 (be32da025a0be1878f0ee8d6d9386cd5) C:\Windows\system32\drivers\ohci1394.sys
2011/05/14 13:52:31.0698 5008 Parport (0fa9b5055484649d63c303fe404e5f4d) C:\Windows\system32\DRIVERS\parport.sys
2011/05/14 13:52:31.0709 5008 partmgr (555a5b2c8022983bc7467bc925b222ee) C:\Windows\system32\drivers\partmgr.sys
2011/05/14 13:52:31.0732 5008 Parvdm (4f9a6a8a31413180d0fcb279ad5d8112) C:\Windows\system32\DRIVERS\parvdm.sys
2011/05/14 13:52:31.0785 5008 pccsmcfd (175cc28dcf819f78caa3fbd44ad9e52a) C:\Windows\system32\DRIVERS\pccsmcfd.sys
2011/05/14 13:52:31.0795 5008 pci (1085d75657807e0e8b32f9e19a1647c3) C:\Windows\system32\drivers\pci.sys
2011/05/14 13:52:31.0830 5008 pciide (20b869152448f80ac49cf10264e91f5e) C:\Windows\system32\drivers\pciide.sys
2011/05/14 13:52:31.0851 5008 pcmcia (e6f3fb1b86aa519e7698ad05e58b04e5) C:\Windows\system32\drivers\pcmcia.sys
2011/05/14 13:52:31.0917 5008 PEAUTH (6349f6ed9c623b44b52ea3c63c831a92) C:\Windows\system32\drivers\peauth.sys
2011/05/14 13:52:31.0967 5008 PptpMiniport (6c359ac71d7b550a0d41f9db4563ce05) C:\Windows\system32\DRIVERS\raspptp.sys
2011/05/14 13:52:31.0998 5008 Processor (0e3cef5d28b40cf273281d620c50700a) C:\Windows\system32\drivers\processr.sys
2011/05/14 13:52:32.0061 5008 PSched (2c8bae55247c4e09352e870292e4d1ab) C:\Windows\system32\DRIVERS\pacer.sys
2011/05/14 13:52:32.0118 5008 ql2300 (ccdac889326317792480c0a67156a1ec) C:\Windows\system32\drivers\ql2300.sys
2011/05/14 13:52:32.0167 5008 ql40xx (81a7e5c076e59995d54bc1ed3a16e60b) C:\Windows\system32\drivers\ql40xx.sys
2011/05/14 13:52:32.0205 5008 QWAVEdrv (d2b3e2b7426dc23e185fbc73c8936c12) C:\Windows\system32\drivers\qwavedrv.sys
2011/05/14 13:52:32.0224 5008 RasAcd (bd7b30f55b3649506dd8b3d38f571d2a) C:\Windows\system32\DRIVERS\rasacd.sys
2011/05/14 13:52:32.0242 5008 Rasl2tp (88587dd843e2059848995b407b67f6cf) C:\Windows\system32\DRIVERS\rasl2tp.sys
2011/05/14 13:52:32.0254 5008 RasPppoe (ccf4e9c6cbbac81437f88cb2ae0b6c96) C:\Windows\system32\DRIVERS\raspppoe.sys
2011/05/14 13:52:32.0285 5008 rdbss (54129c5d9581bbec8bd1ebd3ba813f47) C:\Windows\system32\DRIVERS\rdbss.sys
2011/05/14 13:52:32.0296 5008 RDPCDD (794585276b5d7fca9f3fc15543f9f0b9) C:\Windows\system32\DRIVERS\RDPCDD.sys
2011/05/14 13:52:32.0332 5008 rdpdr (e8bd98d46f2ed77132ba927fccb47d8b) C:\Windows\system32\drivers\rdpdr.sys
2011/05/14 13:52:32.0342 5008 RDPENCDD (980b56e2e273e19d3a9d72d5c420f008) C:\Windows\system32\drivers\rdpencdd.sys
2011/05/14 13:52:32.0382 5008 RDPWD (8830e790a74a96605faba74f9665bb3c) C:\Windows\system32\drivers\RDPWD.sys
2011/05/14 13:52:32.0436 5008 rspndr (97e939d2128fec5d5a3e6e79b290a2f4) C:\Windows\system32\DRIVERS\rspndr.sys
2011/05/14 13:52:32.0503 5008 RTL8169 (a1adc7b4c074744662207da6edcdfbb0) C:\Windows\system32\DRIVERS\Rtlh86.sys
2011/05/14 13:52:32.0563 5008 SaiK8018 (d2400515259ffae22a2ea008baf161a1) C:\Windows\system32\DRIVERS\SaiK8018.sys
2011/05/14 13:52:32.0605 5008 sbp2port (3ce8f073a557e172b330109436984e30) C:\Windows\system32\drivers\sbp2port.sys
2011/05/14 13:52:32.0702 5008 ScanUSBEMPIA (f5a633609777c212ec5ff19927fc5955) C:\Windows\system32\DRIVERS\emScan.sys
2011/05/14 13:52:32.0755 5008 secdrv (90a3935d05b494a5a39d37e71f09a677) C:\Windows\system32\drivers\secdrv.sys
2011/05/14 13:52:32.0772 5008 Serenum (68e44e331d46f0fb38f0863a84cd1a31) C:\Windows\system32\DRIVERS\serenum.sys
2011/05/14 13:52:32.0797 5008 Serial (c70d69a918b178d3c3b06339b40c2e1b) C:\Windows\system32\DRIVERS\serial.sys
2011/05/14 13:52:32.0846 5008 sermouse (450accd77ec5cea720c1cdb9e26b953b) C:\Windows\system32\drivers\sermouse.sys
2011/05/14 13:52:32.0894 5008 sffdisk (103b79418da647736ee95645f305f68a) C:\Windows\system32\drivers\sffdisk.sys
2011/05/14 13:52:32.0911 5008 sffp_mmc (8fd08a310645fe872eeec6e08c6bf3ee) C:\Windows\system32\drivers\sffp_mmc.sys
2011/05/14 13:52:32.0949 5008 sffp_sd (9cfa05fcfcb7124e69cfc812b72f9614) C:\Windows\system32\drivers\sffp_sd.sys
2011/05/14 13:52:32.0978 5008 sfloppy (46ed8e91793b2e6f848015445a0ac188) C:\Windows\system32\drivers\sfloppy.sys
2011/05/14 13:52:33.0015 5008 sisagp (d2a595d6eebeeaf4334f8e50efbc9931) C:\Windows\system32\drivers\sisagp.sys
2011/05/14 13:52:33.0047 5008 SiSRaid2 (cedd6f4e7d84e9f98b34b3fe988373aa) C:\Windows\system32\drivers\sisraid2.sys
2011/05/14 13:52:33.0070 5008 SiSRaid4 (df843c528c4f69d12ce41ce462e973a7) C:\Windows\system32\drivers\sisraid4.sys
2011/05/14 13:52:33.0099 5008 Smb (ac0d90738adb51a6fd12ff00874a2162) C:\Windows\system32\DRIVERS\smb.sys
2011/05/14 13:52:33.0129 5008 spldr (426f9b029aa9162ceccf65369457d046) C:\Windows\system32\drivers\spldr.sys
2011/05/14 13:52:33.0217 5008 sptd (cdddec541bc3c96f91ecb48759673505) C:\Windows\System32\Drivers\sptd.sys
2011/05/14 13:52:33.0297 5008 srv (038579c35f7cad4a4bbf735dbf83277d) C:\Windows\system32\DRIVERS\srv.sys
2011/05/14 13:52:33.0348 5008 srv2 (6971a757af8cb5e2cbcbb76cc530db6c) C:\Windows\system32\DRIVERS\srv2.sys
2011/05/14 13:52:33.0412 5008 srvnet (9e1a4603b874eebce0298113951abefb) C:\Windows\system32\DRIVERS\srvnet.sys
2011/05/14 13:52:33.0475 5008 sscdbus (d6870895fe46a464a19141440eb6cc1e) C:\Windows\system32\DRIVERS\sscdbus.sys
2011/05/14 13:52:33.0508 5008 sscdmdfl (0fe167362e4689b716cdc8d93adedda8) C:\Windows\system32\DRIVERS\sscdmdfl.sys
2011/05/14 13:52:33.0529 5008 sscdmdm (55a15707e32b6709242ad127e62ca55a) C:\Windows\system32\DRIVERS\sscdmdm.sys
2011/05/14 13:52:33.0650 5008 StarOpen (306521935042fc0a6988d528643619b3) C:\Windows\system32\drivers\StarOpen.sys
2011/05/14 13:52:33.0686 5008 swenum (1379bdb336f8158c176a465e30759f57) C:\Windows\system32\DRIVERS\swenum.sys
2011/05/14 13:52:33.0718 5008 Symc8xx (192aa3ac01df071b541094f251deed10) C:\Windows\system32\drivers\symc8xx.sys
2011/05/14 13:52:33.0760 5008 Sym_hi (8c8eb8c76736ebaf3b13b633b2e64125) C:\Windows\system32\drivers\sym_hi.sys
2011/05/14 13:52:33.0783 5008 Sym_u3 (8072af52b5fd103bbba387a1e49f62cb) C:\Windows\system32\drivers\sym_u3.sys
2011/05/14 13:52:33.0875 5008 Tcpip (4a82fa8f0df67aa354580c3faaf8bde3) C:\Windows\system32\drivers\tcpip.sys
2011/05/14 13:52:33.0893 5008 Tcpip6 (4a82fa8f0df67aa354580c3faaf8bde3) C:\Windows\system32\DRIVERS\tcpip.sys
2011/05/14 13:52:33.0917 5008 tcpipreg (5ce0c4a7b12d0067dad527d72b68c726) C:\Windows\system32\drivers\tcpipreg.sys
2011/05/14 13:52:33.0949 5008 TDPIPE (964248aef49c31fa6a93201a73ffaf50) C:\Windows\system32\drivers\tdpipe.sys
2011/05/14 13:52:33.0988 5008 TDTCP (7d2c1ae1648a60fce4aa0f7982e419d3) C:\Windows\system32\drivers\tdtcp.sys
2011/05/14 13:52:34.0005 5008 tdx (ab4fde8af4a0270a46a001c08cbce1c2) C:\Windows\system32\DRIVERS\tdx.sys
2011/05/14 13:52:34.0029 5008 TermDD (2c549bd9dd091fbfaa0a2a48e82ec2fb) C:\Windows\system32\DRIVERS\termdd.sys
2011/05/14 13:52:34.0071 5008 tssecsrv (29f0eca726f0d51f7e048bdb0b372f29) C:\Windows\system32\DRIVERS\tssecsrv.sys
2011/05/14 13:52:34.0101 5008 tunmp (65e953bc0084d44498b51f59784d2a82) C:\Windows\system32\DRIVERS\tunmp.sys
2011/05/14 13:52:34.0112 5008 tunnel (4a39bda5e0fd30bdf4884f9d33ae6105) C:\Windows\system32\DRIVERS\tunnel.sys
2011/05/14 13:52:34.0148 5008 uagp35 (c3ade15414120033a36c0f293d4a4121) C:\Windows\system32\drivers\uagp35.sys
2011/05/14 13:52:34.0179 5008 udfs (6348da98707ceda8a0dfb05820e17732) C:\Windows\system32\DRIVERS\udfs.sys
2011/05/14 13:52:34.0217 5008 uliagpkx (75e6890ebfce0841d3291b02e7a8bdb0) C:\Windows\system32\drivers\uliagpkx.sys
2011/05/14 13:52:34.0248 5008 uliahci (3cd4ea35a6221b85dcc25daa46313f8d) C:\Windows\system32\drivers\uliahci.sys
2011/05/14 13:52:34.0269 5008 UlSata (8514d0e5cd0534467c5fc61be94a569f) C:\Windows\system32\drivers\ulsata.sys
2011/05/14 13:52:34.0301 5008 ulsata2 (38c3c6e62b157a6bc46594fada45c62b) C:\Windows\system32\drivers\ulsata2.sys
2011/05/14 13:52:34.0349 5008 umbus (3fb78f1d1dd86d87bececd9dffa24dd9) C:\Windows\system32\DRIVERS\umbus.sys
2011/05/14 13:52:34.0418 5008 UMPass (08ea9c0247f391af4d4a16885a1c159d) C:\Windows\system32\DRIVERS\umpass.sys
2011/05/14 13:52:34.0469 5008 USBAAPL (d4fb6ecc60a428564ba8768b0e23c0fc) C:\Windows\system32\Drivers\usbaapl.sys
2011/05/14 13:52:34.0545 5008 usbaudio (f6bf998ae33e3fb6c7d27f0560f1173f) C:\Windows\system32\drivers\usbaudio.sys
2011/05/14 13:52:34.0557 5008 usbccgp (8bd3ae150d97ba4e633c6c5c51b41ae1) C:\Windows\system32\DRIVERS\usbccgp.sys
2011/05/14 13:52:34.0600 5008 usbcir (e9476e6c486e76bc4898074768fb7131) C:\Windows\system32\drivers\usbcir.sys
2011/05/14 13:52:34.0670 5008 usbehci (63fe924d8a1113c3ba6750693fbec7d3) C:\Windows\system32\DRIVERS\usbehci.sys
2011/05/14 13:52:34.0695 5008 usbhub (5edec5510592c905e91817707dce62a2) C:\Windows\system32\DRIVERS\usbhub.sys
2011/05/14 13:52:34.0732 5008 usbohci (38dbc7dd6cc5a72011f187425384388b) C:\Windows\system32\drivers\usbohci.sys
2011/05/14 13:52:34.0757 5008 usbprint (b51e52acf758be00ef3a58ea452fe360) C:\Windows\system32\drivers\usbprint.sys
2011/05/14 13:52:34.0834 5008 USBSTOR (7887ce56934e7f104e98c975f47353c5) C:\Windows\system32\DRIVERS\USBSTOR.SYS
2011/05/14 13:52:34.0845 5008 usbuhci (325dbbacb8a36af9988ccf40eac228cc) C:\Windows\system32\DRIVERS\usbuhci.sys
2011/05/14 13:52:34.0894 5008 vga (7d92be0028ecdedec74617009084b5ef) C:\Windows\system32\DRIVERS\vgapnp.sys
2011/05/14 13:52:34.0905 5008 VgaSave (17a8f877314e4067f8c8172cc6d9101c) C:\Windows\System32\drivers\vga.sys
2011/05/14 13:52:34.0940 5008 viaagp (045d9961e591cf0674a920b6ba3ba5cb) C:\Windows\system32\drivers\viaagp.sys
2011/05/14 13:52:34.0963 5008 ViaC7 (56a4de5f02f2e88182b0981119b4dd98) C:\Windows\system32\drivers\viac7.sys
2011/05/14 13:52:35.0057 5008 viaide (58c8d5ac5c3eef40e7e704a5ced7987d) C:\Windows\system32\drivers\viaide.sys
2011/05/14 13:52:35.0090 5008 volmgr (103e84c95832d0ed93507997cc7b54e8) C:\Windows\system32\drivers\volmgr.sys
2011/05/14 13:52:35.0112 5008 volmgrx (294da8d3f965f6a8db934a83c7b461ff) C:\Windows\system32\drivers\volmgrx.sys
2011/05/14 13:52:35.0134 5008 volsnap (80dc0c9bcb579ed9815001a4d37cbfd5) C:\Windows\system32\drivers\volsnap.sys
2011/05/14 13:52:35.0162 5008 vsmraid (d984439746d42b30fc65a4c3546c6829) C:\Windows\system32\drivers\vsmraid.sys
2011/05/14 13:52:35.0191 5008 WacomPen (48dfee8f1af7c8235d4e626f0c4fe031) C:\Windows\system32\drivers\wacompen.sys
2011/05/14 13:52:35.0232 5008 Wanarp (6798c1209a53b5a0ded8d437c45145ff) C:\Windows\system32\DRIVERS\wanarp.sys
2011/05/14 13:52:35.0240 5008 Wanarpv6 (6798c1209a53b5a0ded8d437c45145ff) C:\Windows\system32\DRIVERS\wanarp.sys
2011/05/14 13:52:35.0276 5008 Wd (afc5ad65b991c1e205cf25cfdbf7a6f4) C:\Windows\system32\drivers\wd.sys
2011/05/14 13:52:35.0309 5008 Wdf01000 (9950e3d0f08141c7e89e64456ae7dc73) C:\Windows\system32\drivers\Wdf01000.sys
2011/05/14 13:52:35.0393 5008 WinUSB (086d2e78eecd6195667282adc6ca109f) C:\Windows\system32\DRIVERS\WinUSB.sys
2011/05/14 13:52:35.0429 5008 WmiAcpi (701a9f884a294327e9141d73746ee279) C:\Windows\system32\drivers\wmiacpi.sys
2011/05/14 13:52:35.0538 5008 WpdUsb (2d27171b16a577ef14c1273668753485) C:\Windows\system32\DRIVERS\wpdusb.sys
2011/05/14 13:52:35.0592 5008 ws2ifsl (84620aecdcfd2a7a14e6263927d8c0ed) C:\Windows\system32\drivers\ws2ifsl.sys
2011/05/14 13:52:35.0689 5008 WudfPf (6f9b6c0c93232cff47d0f72d6db1d21e) C:\Windows\system32\drivers\WudfPf.sys
2011/05/14 13:52:35.0735 5008 WUDFRd (f91ff1e51fca30b3c3981db7d5924252) C:\Windows\system32\DRIVERS\WUDFRd.sys
2011/05/14 13:52:35.0789 5008 xusb21 (a640c90b007762939507c28a021be3b3) C:\Windows\system32\DRIVERS\xusb21.sys
2011/05/14 13:52:35.0823 5008 \HardDisk0 - detected Rootkit.Win32.TDSS.tdl4 (0)
2011/05/14 13:52:35.0846 5008 ================================================================================
2011/05/14 13:52:35.0846 5008 Scan finished
2011/05/14 13:52:35.0846 5008 ================================================================================
2011/05/14 13:52:35.0853 5808 Detected object count: 1
2011/05/14 13:52:46.0683 5808 \HardDisk0 (Rootkit.Win32.TDSS.tdl4) - will be cured after reboot
2011/05/14 13:52:46.0694 5808 \HardDisk0 (Trojan-Clicker.Win32.Wistler.a) - will be cured after reboot
2011/05/14 13:52:46.0695 5808 \HardDisk0 - ok
2011/05/14 13:52:46.0695 5808 Rootkit.Win32.TDSS.tdl4(\HardDisk0) - User select action: Cure
2011/05/14 13:53:06.0799 6104 Deinitialize success



#15 SweetTech

SweetTech

    Agent ST


  • Members
  • 13,421 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Antarctica
  • Local time:11:54 PM

Posted 14 May 2011 - 01:15 PM

Yep, that appears to be the latest log file.

I need for you to run a new scan with aswMR and post the log file for me.

Have I helped you? If you'd like to assist in the fight against malware, click here Posted Image


The instructions seen in this post have been specifically tailored to this user and the issues they are experiencing with their computer. If you think you have a similar problem, please first read this topic, and then begin your own, new thread. I do not offer private support via Private Message.





0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users