BSOD, Rootkit problem. Oops

Solved
By buggedBoy
Dec 22, 2010
Topic Status:
Not open for further replies.
  1. Looks like I managed to get a rootkit install. I am an *****.

    Here's the requested logs:


    Malwarebytes' Anti-Malware 1.50.1.1100
    www.malwarebytes.org

    Database version: 5379

    Windows 6.1.7600
    Internet Explorer 8.0.7600.16385

    12/22/2010 9:55:45 PM
    mbam-log-2010-12-22 (21-55-45).txt

    Scan type: Quick scan
    Objects scanned: 144735
    Time elapsed: 5 minute(s), 30 second(s)

    Memory Processes Infected: 0
    Memory Modules Infected: 0
    Registry Keys Infected: 0
    Registry Values Infected: 0
    Registry Data Items Infected: 0
    Folders Infected: 0
    Files Infected: 0

    Memory Processes Infected:
    (No malicious items detected)

    Memory Modules Infected:
    (No malicious items detected)

    Registry Keys Infected:
    (No malicious items detected)

    Registry Values Infected:
    (No malicious items detected)

    Registry Data Items Infected:
    (No malicious items detected)

    Folders Infected:
    (No malicious items detected)

    Files Infected:
    (No malicious items detected)
    ====================================


    GMER 1.0.15.15530 - http://www.gmer.net
    Rootkit quick scan 2010-12-22 21:59:09
    Windows 6.1.7600 Harddisk0\DR0 -> \Device\Ide\IdePort0 Hitachi_HTS721080G9SA00 rev.MC4OC10H
    Running: m8908ghl.exe; Driver: C:\Users\rdeluca\AppData\Local\Temp\kxldqpow.sys


    ---- Disk sectors - GMER 1.0.15 ----

    Disk \Device\Harddisk0\DR0 sector 00 (MBR): rootkit-like behavior;
    Disk \Device\Harddisk0\DR0 sector 10: rootkit-like behavior;
    Disk \Device\Harddisk0\DR0 sector 32: rootkit-like behavior;
    Disk \Device\Harddisk0\DR0 sector 33: rootkit-like behavior;
    Disk \Device\Harddisk0\DR0 sector 63: rootkit-like behavior;
    Disk \Device\Harddisk0\DR0 sectors 156301232 (+255): rootkit-like behavior;

    ---- Devices - GMER 1.0.15 ----

    Device \Driver\atapi \Device\Ide\IdePort0 852761F8
    Device \Driver\atapi \Device\Ide\IdePort1 852761F8
    Device \Driver\atapi \Device\Ide\IdeDeviceP1T0L0-1 852761F8
    Device \Driver\VClone \Device\Scsi\VClone1 862C01F8
    Device \FileSystem\Ntfs \Ntfs 852781F8
    Device \FileSystem\fastfat \Fat 87F0A1F8

    AttachedDevice \FileSystem\fastfat \Fat fltmgr.sys (Microsoft Filesystem Filter Manager/Microsoft Corporation)

    Device \Device\Ide\IdeDeviceP0T0L0-0 -> \??\IDE#DiskHitachi_HTS721080G9SA00_________________MC4OC10H#5&796032e&0&0.0.0#{53f56307-b6bf-11d0-94f2-00a0c91efb8b} device not found

    ---- EOF - GMER 1.0.15 ----


    DDS (Ver_10-12-12.02) - NTFSx86
    Run by rdeluca at 21:40:32.26 on Wed 12/22/2010
    Internet Explorer: 8.0.7600.16385
    Microsoft Windows 7 Professional 6.1.7600.0.1252.1.1033.18.2046.1209 [GMT -5:00]

    AV: Microsoft Security Essentials *Enabled/Updated* {BF5CEBDC-F2D3-7540-343C-F0CE11FD6E66}
    AV: AntiVir Desktop *Enabled/Updated* {090F9C29-64CE-6C6F-379C-5901B49A85B7}
    SP: Microsoft Security Essentials *Enabled/Updated* {043D0A38-D4E9-7ACE-0E8C-CBBC6A7A24DB}
    SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
    SP: AntiVir Desktop *Enabled/Updated* {B26E7DCD-42F4-63E1-0D2C-6273CF1DCF0A}

    ============== Running Processes ===============

    C:\Windows\system32\wininit.exe
    C:\Windows\system32\lsm.exe
    C:\Windows\system32\svchost.exe -k DcomLaunch
    C:\Windows\system32\svchost.exe -k RPCSS
    c:\Program Files\Microsoft Security Essentials\MsMpEng.exe
    C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
    C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
    C:\Windows\system32\svchost.exe -k netsvcs
    C:\Windows\system32\svchost.exe -k LocalService
    C:\Windows\SYSTEM32\WISPTIS.EXE
    C:\Program Files\Tablet\Pen\Pen_TouchService.exe
    C:\Windows\system32\WUDFHost.exe
    C:\Windows\system32\svchost.exe -k NetworkService
    C:\Windows\System32\spoolsv.exe
    C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
    C:\Program Files\Avira\AntiVir Desktop\sched.exe
    C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
    C:\Program Files\Avira\AntiVir Desktop\avguard.exe
    C:\Program Files\Intel\WiFi\bin\EvtEng.exe
    C:\Program Files\Avira\AntiVir Desktop\avshadow.exe
    C:\Windows\system32\conhost.exe
    C:\Program Files\Cisco\Cisco NAC Agent\NACAgent.exe
    C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe
    C:\Windows\system32\STacSV.exe
    C:\Windows\system32\svchost.exe -k imgsvc
    C:\Program Files\Tablet\Pen\Pen_Tablet.exe
    C:\Windows\system32\DRIVERS\xaudio.exe
    C:\Windows\system32\wbem\wmiprvse.exe
    C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
    C:\Windows\SYSTEM32\WISPTIS.EXE
    C:\Windows\system32\taskhost.exe
    C:\Windows\system32\Dwm.exe
    C:\Windows\Explorer.EXE
    C:\Program Files\Tablet\Pen\Pen_TabletUser.exe
    C:\Program Files\Tablet\Pen\Pen_Tablet.exe
    C:\Windows\System32\rundll32.exe
    C:\Windows\System32\rundll32.exe
    C:\Program Files\DellTPad\Apoint.exe
    C:\Program Files\SigmaTel\C-Major Audio\WDM\sttray.exe
    C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe
    C:\Program Files\DellTPad\ApMsgFwd.exe
    C:\Windows\System32\rundll32.exe
    C:\Program Files\Microsoft IntelliPoint\ipoint.exe
    C:\Program Files\DellTPad\Apntex.exe
    C:\Windows\system32\conhost.exe
    C:\Program Files\DellTPad\HidFind.exe
    C:\Program Files\Microsoft Security Essentials\msseces.exe
    C:\Program Files\Avira\AntiVir Desktop\avgnt.exe
    C:\Program Files\Digital Line Detect\DLG.exe
    C:\Windows\system32\SearchIndexer.exe
    C:\Program Files\Windows Media Player\wmpnetwk.exe
    C:\Program Files\Tablet\Pen\Pen_TouchUser.exe
    C:\Windows\system32\WLANExt.exe
    C:\Windows\system32\conhost.exe
    C:\Windows\system32\DeviceDisplayObjectProvider.exe
    C:\Windows\system32\taskmgr.exe
    C:\Windows\system32\SearchProtocolHost.exe
    C:\Windows\system32\SearchFilterHost.exe
    C:\Users\rdeluca\Downloads\dds.scr
    C:\Windows\system32\conhost.exe
    C:\Windows\system32\wbem\wmiprvse.exe

    ============== Pseudo HJT Report ===============

    uStart Page = hxxp://mail.lhup.edu/
    uInternet Settings,ProxyOverride = *.local
    uURLSearchHooks: H - No File
    BHO: {02478D38-C3F9-4efb-9B51-7695ECA05670} - No File
    BHO: Groove GFS Browser Helper: {72853161-30c5-4d22-b7f9-0bbc1d38a37e} - c:\program files\microsoft office\office12\GrooveShellExtensions.dll
    BHO: Java(tm) Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
    BHO: {FDAD4DA1-61A2-4FD8-9C17-86F7AC245081} - No File
    TB: {EF99BD32-C1FB-11D2-892F-0090271D4F88} - No File
    uRun: [Google Update] "c:\users\rdeluca\appdata\local\google\update\GoogleUpdate.exe" /c
    mRun: [NvSvc] RUNDLL32.EXE c:\windows\system32\nvsvc.dll,nvsvcStart
    mRun: [NvCplDaemon] RUNDLL32.EXE c:\windows\system32\NvCpl.dll,NvStartup
    mRun: [NvMediaCenter] RUNDLL32.EXE c:\windows\system32\NvMcTray.dll,NvTaskbarInit
    mRun: [NVHotkey] rundll32.exe c:\windows\system32\nvHotkey.dll,Start
    mRun: [Apoint] c:\program files\delltpad\Apoint.exe
    mRun: [SigmatelSysTrayApp] %ProgramFiles%\SigmaTel\C-Major Audio\WDM\sttray.exe
    mRun: [GrooveMonitor] "c:\program files\microsoft office\office12\GrooveMonitor.exe"
    mRun: [IntelliPoint] "c:\program files\microsoft intellipoint\ipoint.exe"
    mRun: [NACAgentUI] c:\program files\cisco\cisco nac agent\NACAgentUI.exe
    mRun: [MSSE] "c:\program files\microsoft security essentials\msseces.exe" -hide -runkey
    mRun: [avgnt] "c:\program files\avira\antivir desktop\avgnt.exe" /min
    StartupFolder: c:\progra~2\micros~1\windows\startm~1\programs\startup\digita~1.lnk - c:\program files\digital line detect\DLG.exe
    mPolicies-system: ConsentPromptBehaviorAdmin = 0 (0x0)
    mPolicies-system: ConsentPromptBehaviorUser = 3 (0x3)
    mPolicies-system: EnableLUA = 0 (0x0)
    mPolicies-system: EnableUIADesktopToggle = 0 (0x0)
    mPolicies-system: PromptOnSecureDesktop = 0 (0x0)
    IE: E&xport to Microsoft Excel - c:\progra~1\micros~4\office12\EXCEL.EXE/3000
    IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - c:\progra~1\micros~4\office12\ONBttnIE.dll
    IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~4\office12\REFIEBAR.DLL
    DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab
    DPF: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab
    DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab
    Handler: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - c:\program files\microsoft office\office12\GrooveSystemServices.dll
    SEH: Groove GFS Stub Execution Hook: {b5a7f190-dda6-4420-b3ba-52453494e6cd} - c:\program files\microsoft office\office12\GrooveShellExtensions.dll
    Hosts: 173.192.164.106 minecraftwiki.net www.minecraftwiki.net

    ============= SERVICES / DRIVERS ===============

    R1 MpFilter;Microsoft Malware Protection Driver;c:\windows\system32\drivers\MpFilter.sys [2010-3-25 151216]
    R2 AntiVirSchedulerService;Avira AntiVir Scheduler;c:\program files\avira\antivir desktop\sched.exe [2010-12-22 135336]
    R2 AntiVirService;Avira AntiVir Guard;c:\program files\avira\antivir desktop\avguard.exe [2010-12-22 267944]
    R2 avgntflt;avgntflt;c:\windows\system32\drivers\avgntflt.sys [2010-3-6 61960]
    R2 NACAgent;Cisco NAC Agent;c:\program files\cisco\cisco nac agent\NACAgent.exe [2010-7-9 1053440]
    R2 TabletServicePen;TabletServicePen;c:\program files\tablet\pen\Pen_Tablet.exe [2010-9-6 6076272]
    R2 TouchServicePen;Wacom Consumer Touch Service;c:\program files\tablet\pen\Pen_TouchService.exe [2010-9-6 616816]
    R3 b57nd60x;Broadcom NetXtreme Gigabit Ethernet - NDIS 6.0;c:\windows\system32\drivers\b57nd60x.sys [2009-7-13 229888]
    R3 netw5v32;Intel(R) Wireless WiFi Link 5000 Series Adapter Driver for Windows Vista 32 Bit;c:\windows\system32\drivers\NETw5v32.sys [2009-5-28 4233728]
    S3 DBGUBZD;DBGUBZD;c:\users\rdeluca\appdata\local\temp\dbgubzd.exe --> c:\users\rdeluca\appdata\local\temp\DBGUBZD.exe [?]
    S3 DXP;DXP;c:\users\rdeluca\appdata\local\temp\dxp.exe --> c:\users\rdeluca\appdata\local\temp\DXP.exe [?]
    S3 epmntdrv;epmntdrv;c:\windows\system32\epmntdrv.sys [2010-11-23 14216]
    S3 EuGdiDrv;EuGdiDrv;c:\windows\system32\EuGdiDrv.sys [2010-11-23 8456]
    S3 KCFEZTAMNFZO;KCFEZTAMNFZO;c:\users\rdeluca\appdata\local\temp\kcfeztamnfzo.exe --> c:\users\rdeluca\appdata\local\temp\KCFEZTAMNFZO.exe [?]
    S3 MotDev;Motorola Inc. USB Device;c:\windows\system32\drivers\motodrv.sys [2009-5-8 42752]
    S3 MpNWMon;Microsoft Malware Protection Network Driver;c:\windows\system32\drivers\MpNWMon.sys [2010-3-25 42368]
    S3 SrvHsfHDA;SrvHsfHDA;c:\windows\system32\drivers\VSTAZL3.SYS [2009-7-13 207360]
    S3 SrvHsfV92;SrvHsfV92;c:\windows\system32\drivers\VSTDPV3.SYS [2009-7-13 980992]
    S3 SrvHsfWinac;SrvHsfWinac;c:\windows\system32\drivers\VSTCNXT3.SYS [2009-7-13 661504]
    S3 StorSvc;Storage Service;c:\windows\system32\svchost.exe -k LocalSystemNetworkRestricted [2009-7-13 20992]
    S3 wacmoumonitor;Wacom Mode Helper;c:\windows\system32\drivers\wacmoumonitor.sys [2010-9-6 16240]
    S3 WAGNZRHIZYK;WAGNZRHIZYK;c:\users\rdeluca\appdata\local\temp\wagnzrhizyk.exe --> c:\users\rdeluca\appdata\local\temp\WAGNZRHIZYK.exe [?]
    S3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\wat\WatAdminSvc.exe [2010-3-9 1343400]

    =============== Created Last 30 ================

    2010-12-22 22:41:01 -------- d-----w- c:\users\rdeluca\appdata\roaming\Malwarebytes
    2010-12-22 22:40:55 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
    2010-12-22 22:40:54 -------- d-----w- c:\progra~2\Malwarebytes
    2010-12-22 22:40:50 20952 ----a-w- c:\windows\system32\drivers\mbam.sys
    2010-12-22 22:40:50 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
    2010-12-22 20:37:05 -------- d-----w- c:\users\rdeluca\appdata\roaming\Avira
    2010-12-22 20:35:33 -------- d-----w- c:\progra~2\Avira
    2010-12-22 20:18:18 -------- d-----w- C:\adfbca92fe17870c1ff1141b9ba4
    2010-12-22 20:18:11 38848 ----a-w- c:\windows\avastSS.scr
    2010-12-22 20:18:01 -------- d-----w- c:\progra~2\Alwil Software
    2010-12-22 20:05:58 6273872 ----a-w- c:\progra~2\microsoft\microsoft antimalware\definition updates\{0cf4aaf1-f829-4b10-9356-c2e93187afc5}\mpengine.dll
    2010-12-21 01:10:49 -------- d-----w- c:\windows\rescache
    2010-12-15 02:52:34 2327552 ----a-w- c:\windows\system32\win32k.sys
    2010-12-15 02:49:52 34304 ----a-w- c:\windows\system32\atmlib.dll
    2010-12-15 02:49:52 294400 ----a-w- c:\windows\system32\atmfd.dll
    2010-12-15 02:49:49 314368 ----a-w- c:\windows\system32\webio.dll
    2010-12-15 02:49:47 101760 ----a-w- c:\windows\system32\consent.exe
    2010-12-10 18:10:22 -------- d-----w- c:\program files\MSXML 4.0
    2010-12-09 18:15:58 539968 ----a-w- c:\progra~2\microsoft\ehome\packages\mcespotlight\mcespotlight-2\SpotlightResources.dll
    2010-12-08 21:42:02 -------- d-----w- c:\program files\Motorola
    2010-12-08 17:56:39 -------- d-----w- c:\program files\common files\Motorola Shared
    2010-12-08 17:54:52 -------- d-----w- C:\android
    2010-12-06 06:00:15 -------- d-----w- c:\progra~2\vsosdk
    2010-12-06 03:48:44 87608 ----a-w- c:\users\rdeluca\appdata\roaming\inst.exe
    2010-12-06 03:48:44 47360 ----a-w- c:\windows\system32\drivers\pcouffin.sys
    2010-12-06 03:48:44 47360 ----a-w- c:\users\rdeluca\appdata\roaming\pcouffin.sys
    2010-12-06 03:48:24 65602 ----a-w- c:\windows\system32\cook3260.dll
    2010-12-06 03:48:24 217127 ----a-w- c:\windows\system32\drv43260.dll
    2010-12-06 03:48:24 208935 ----a-w- c:\windows\system32\drv33260.dll
    2010-12-06 03:48:24 176165 ----a-w- c:\windows\system32\drv23260.dll
    2010-12-06 03:48:24 102439 ----a-w- c:\windows\system32\sipr3260.dll
    2010-12-06 03:48:23 626688 ----a-w- c:\windows\system32\vp7vfw.dll
    2010-12-06 03:48:23 1184984 ----a-w- c:\windows\system32\wvc1dmod.dll
    2010-12-06 03:48:18 -------- d-----w- c:\program files\VSO
    2010-12-06 03:47:24 -------- d-----w- c:\users\rdeluca\appdata\roaming\DAEMON Tools Lite
    2010-12-06 03:47:19 -------- d-----w- c:\progra~2\DAEMON Tools Lite
    2010-11-25 01:05:05 737072 ----a-w- c:\progra~2\microsoft\ehome\packages\sportsv2\sportstemplatecore\Microsoft.MediaCenter.Sports.UI.dll
    2010-11-25 01:04:48 4277016 ----a-w- c:\progra~2\microsoft\ehome\packages\mceclientux\updateablemarkup\markup.dll
    2010-11-25 01:04:35 42776 ----a-w- c:\progra~2\microsoft\ehome\packages\mceclientux\dsm\StartResources.dll
    2010-11-25 01:04:32 588096 ----a-w- c:\progra~2\microsoft\ehome\packages\mcespotlight\mcespotlight\SpotlightResources.dll
    2010-11-24 04:35:43 2217088 ----a-w- c:\windows\system32\BootMan.exe
    2010-11-24 04:35:43 14848 ----a-w- c:\windows\system32\EuEpmGdi.dll
    2010-11-24 04:35:42 86408 ----a-w- c:\windows\system32\setupempdrv03.exe
    2010-11-24 04:35:42 8456 ----a-w- c:\windows\system32\EuGdiDrv.sys
    2010-11-24 04:35:42 14216 ----a-w- c:\windows\system32\epmntdrv.sys
    2010-11-24 04:35:29 -------- d-----w- c:\program files\EASEUS

    ==================== Find3M ====================

    2010-11-04 05:52:17 978944 ----a-w- c:\windows\system32\wininet.dll
    2010-11-04 05:48:36 44544 ----a-w- c:\windows\system32\licmgr10.dll
    2010-11-04 04:41:26 386048 ----a-w- c:\windows\system32\html.iec
    2010-11-04 04:08:54 1638912 ----a-w- c:\windows\system32\mshtml.tlb
    2010-11-02 20:35:41 472808 ----a-w- c:\windows\system32\deployJava1.dll
    2010-11-02 04:41:12 351232 ----a-w- c:\windows\system32\wmicmiplugin.dll
    2010-11-02 04:40:36 496128 ----a-w- c:\windows\system32\taskschd.dll
    2010-11-02 04:40:36 305152 ----a-w- c:\windows\system32\taskcomp.dll
    2010-11-02 04:39:32 749056 ----a-w- c:\windows\system32\schedsvc.dll
    2010-11-02 04:34:44 192000 ----a-w- c:\windows\system32\taskeng.exe
    2010-11-02 04:34:33 179712 ----a-w- c:\windows\system32\schtasks.exe
    2010-10-27 04:32:36 2048 ----a-w- c:\windows\system32\tzres.dll
    2010-10-19 20:51:33 222080 ----a-w- c:\windows\system32\MpSigStub.exe

    =================== ROOTKIT ====================

    Stealth MBR rootkit/Mebroot/Sinowal/TDL4 detector 0.4.2 by Gmer, http://www.gmer.net
    Windows 6.1.7600 Disk: Hitachi_HTS721080G9SA00 rev.MC4OC10H -> Harddisk0\DR0 -> \Device\Ide\IdePort0 P0T0L0-0

    device: opened successfully
    user: MBR read successfully

    Disk trace:
    called modules: ntkrnlpa.exe CLASSPNP.SYS disk.sys ACPI.sys halmacpi.dll >>UNKNOWN [0x860CD555]<<
    _asm { PUSH EBP; MOV EBP, ESP; PUSH ECX; MOV EAX, [EBP+0x8]; CMP EAX, [0x860d37b0]; MOV EAX, [0x860d382c]; PUSH EBX; PUSH ESI; MOV ESI, [EBP+0xc]; MOV EBX, [ESI+0x60]; PUSH EDI; JNZ 0x20; MOV [EBP+0x8], EAX; }
    1 ntkrnlpa!IofCallDriver[0x82C5B458] -> \Device\Harddisk0\DR0[0x860A31C8]
    3 CLASSPNP[0x893B559E] -> ntkrnlpa!IofCallDriver[0x82C5B458] -> [0x85F76918]
    5 ACPI[0x8362B3B2] -> ntkrnlpa!IofCallDriver[0x82C5B458] -> \IdeDeviceP0T0L0-0[0x85FA3030]
    \Driver\atapi[0x860A67E8] -> IRP_MJ_CREATE -> 0x860CD555
    kernel: MBR read successfully
    _asm { XOR AX, AX; MOV SS, AX; MOV SP, 0x7c00; MOV ES, AX; MOV DS, AX; MOV SI, 0x7c00; MOV DI, 0x600; MOV CX, 0x200; CLD ; REP MOVSB ; PUSH AX; PUSH 0x61c; RETF ; STI ; PUSHA ; MOV CX, 0x132; MOV BP, 0x62a; ROR BYTE [BP+0x0], CL; INC BP; }
    detected disk devices:
    \Device\Ide\IdeDeviceP0T0L0-0 -> \??\IDE#DiskHitachi_HTS721080G9SA00_________________MC4OC10H#5&796032e&0&0.0.0#{53f56307-b6bf-11d0-94f2-00a0c91efb8b} device not found
    detected hooks:
    user != kernel MBR !!!
    sectors 156301486 (+255): user != kernel
    Warning: possible TDL4 rootkit infection !
    TDL4 rootkit infection detected ! Use: "mbr.exe -f" to fix.

    ============= FINISH: 21:41:24.98 ===============

    UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
    IF REQUESTED, ZIP IT UP & ATTACH IT

    DDS (Ver_10-12-12.02)

    Microsoft Windows 7 Professional
    Boot Device: \Device\HarddiskVolume3
    Install Date: 3/6/2010 4:29:27 PM
    System Uptime: 12/22/2010 6:04:28 PM (3 hours ago)

    Motherboard: Dell Inc. | | 0FF093
    Processor: Intel(R) Core(TM)2 CPU T7200 @ 2.00GHz | Microprocessor | 2000/166mhz

    ==== Disk Partitions =========================

    C: is FIXED (NTFS) - 72 GiB total, 3.831 GiB free.
    D: is FIXED (NTFS) - 2 GiB total, 1.963 GiB free.
    E: is CDROM ()

    ==== Disabled Device Manager Items =============

    ==== System Restore Points ===================

    No restore point in system.

    ==== Installed Programs ======================

    7-Zip 4.65
    Adobe AIR
    Adobe Anchor Service CS4
    Adobe Bridge CS4
    Adobe CMaps CS4
    Adobe Color - Photoshop Specific CS4
    Adobe Color EU Extra Settings CS4
    Adobe Color JA Extra Settings CS4
    Adobe Color NA Recommended Settings CS4
    Adobe Color Video Profiles CS CS4
    Adobe CSI CS4
    Adobe Default Language CS4
    Adobe ExtendScript Toolkit CS4
    Adobe Extension Manager CS4
    Adobe Flash Player 10 ActiveX
    Adobe Flash Player 10 Plugin
    Adobe Fonts All
    Adobe Linguistics CS4
    Adobe Output Module
    Adobe PDF Library Files CS4
    Adobe Photoshop CS4
    Adobe Photoshop CS4 Support
    Adobe Search for Help
    Adobe Service Manager Extension
    Adobe Setup
    Adobe Type Support CS4
    Adobe Update Manager CS4
    Adobe WinSoft Linguistics Plugin
    Adobe XMP Panels CS4
    AdobeColorCommonSetCMYK
    AdobeColorCommonSetRGB
    Audacity 1.2.6
    Avira AntiVir Personal - Free Antivirus
    Bamboo
    Call of Duty: Modern Warfare 2
    Call of Duty: Modern Warfare 2 - Multiplayer
    Canon Inkjet Printer Driver Add-On Module
    Canon Utilities My Printer
    CCleaner
    Cisco NAC Agent
    Conexant HDA D110 MDC V.92 Modem
    Connect
    ConvertXtoDVD 3.3.2.100
    Cosmic Dodgeball V2.0
    Defraggler
    Dell Driver Download Manager
    Dell Touchpad
    Digital Line Detect
    EASEUS Partition Master 6.5.2 Home Edition
    EndItAll 2.0
    Fraps
    Ghost Master
    Google Chrome
    Half-Life 2
    Hotfix for Microsoft Visual Studio 2008 Professional Edition - ENU (KB971091)
    Hotfix for Microsoft Visual Studio 2008 Professional Edition - ENU (KB973674)
    HxD Hex Editor version 1.7.7.0
    ImgBurn
    Intel PROSet Wireless
    Intel(R) PROSet/Wireless WiFi Software
    Java Auto Updater
    Java DB 10.4.2.1
    Java(TM) 6 Update 22
    Java(TM) SE Development Kit 6 Update 18
    kuler
    League of Legends
    Malwarebytes' Anti-Malware
    Microsoft .NET Compact Framework 2.0 SP2
    Microsoft .NET Compact Framework 3.5
    Microsoft Antimalware
    Microsoft Application Error Reporting
    Microsoft AppLocale
    Microsoft Device Emulator version 3.0 - ENU
    Microsoft Document Explorer 2008
    Microsoft IntelliPoint 7.1
    Microsoft Office 2007 Service Pack 2 (SP2)
    Microsoft Office Access MUI (English) 2007
    Microsoft Office Access Setup Metadata MUI (English) 2007
    Microsoft Office Enterprise 2007
    Microsoft Office Excel MUI (English) 2007
    Microsoft Office Groove MUI (English) 2007
    Microsoft Office Groove Setup Metadata MUI (English) 2007
    Microsoft Office InfoPath MUI (English) 2007
    Microsoft Office OneNote MUI (English) 2007
    Microsoft Office Outlook MUI (English) 2007
    Microsoft Office PowerPoint MUI (English) 2007
    Microsoft Office Proof (English) 2007
    Microsoft Office Proof (French) 2007
    Microsoft Office Proof (Spanish) 2007
    Microsoft Office Proofing (English) 2007
    Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
    Microsoft Office Publisher MUI (English) 2007
    Microsoft Office Shared MUI (English) 2007
    Microsoft Office Shared Setup Metadata MUI (English) 2007
    Microsoft Office SharePoint Designer 2007 Service Pack 2 (SP2)
    Microsoft Office Visual Web Developer 2007
    Microsoft Office Visual Web Developer MUI (English) 2007
    Microsoft Office Word MUI (English) 2007
    Microsoft Security Essentials
    Microsoft SQL Server Compact 3.5 Design Tools ENU
    Microsoft SQL Server Compact 3.5 ENU
    Microsoft SQL Server Compact 3.5 for Devices ENU
    Microsoft SQL Server Database Publishing Wizard 1.2
    Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
    Microsoft Visual C++ 2005 Redistributable
    Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148
    Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022
    Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
    Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
    Microsoft Visual C++ 2010 x86 Redistributable - 10.0.30319
    Microsoft Visual Studio 2005 Tools for Office Runtime
    Microsoft Visual Studio 2008 Professional Edition - ENU
    Microsoft Visual Studio Web Authoring Component
    Microsoft Windows Application Compatibility Database
    Microsoft Windows SDK for Visual Studio 2008 .NET Framework Tools
    Microsoft Windows SDK for Visual Studio 2008 Headers and Libraries
    Microsoft Windows SDK for Visual Studio 2008 SDK Reference Assemblies and IntelliSense
    Microsoft Windows SDK for Visual Studio 2008 Tools
    Microsoft Windows SDK for Visual Studio 2008 Win32 Tools
    Motorola Mobile Drivers Installation 4.8.0
    MSXML 4.0 SP2 (KB954430)
    MSXML 4.0 SP2 (KB973688)
    MySQL Server 5.1
    MySQL Workbench 5.2 CE
    Notepad++
    NTRU TCG Software Stack
    NVIDIA Drivers
    OGA Notifier 2.0.0048.0
    OpenAL
    OZ776 SCR Driver V1.1.4.202
    PDF-Viewer
    PDF Settings CS4
    PFPortChecker 1.0.36
    Photoshop Camera Raw
    PuTTY version 0.60
    Puzzle Quest
    Recuva
    RSDLite
    Security Update for 2007 Microsoft Office System (KB2288621)
    Security Update for 2007 Microsoft Office System (KB2288931)
    Security Update for 2007 Microsoft Office System (KB2289158)
    Security Update for 2007 Microsoft Office System (KB2344875)
    Security Update for 2007 Microsoft Office System (KB2345043)
    Security Update for 2007 Microsoft Office System (KB969559)
    Security Update for 2007 Microsoft Office System (KB976321)
    Security Update for Microsoft Office Access 2007 (KB979440)
    Security Update for Microsoft Office Excel 2007 (KB2345035)
    Security Update for Microsoft Office InfoPath 2007 (KB979441)
    Security Update for Microsoft Office PowerPoint 2007 (KB982158)
    Security Update for Microsoft Office PowerPoint Viewer (KB2413381)
    Security Update for Microsoft Office Publisher 2007 (KB2284697)
    Security Update for Microsoft Office system 2007 (972581)
    Security Update for Microsoft Office system 2007 (KB974234)
    Security Update for Microsoft Office Visio Viewer 2007 (KB973709)
    Security Update for Microsoft Office Word 2007 (KB2344993)
    SigmaTel Audio
    Skype™ 4.2
    SpeedFan (remove only)
    SpinnerDemo
    StarCraft II
    Steam
    Suite Shared Configuration CS4
    System Requirements Lab
    Team Fortress 2
    The Elder Scrolls III: Morrowind
    Trillian
    Update for 2007 Microsoft Office System (KB2284654)
    Update for 2007 Microsoft Office System (KB967642)
    Update for Microsoft Office OneNote 2007 (KB980729)
    Update for Microsoft Office Outlook 2007 (KB2412171)
    Update for Microsoft Visual Studio 2008 Professional Edition - ENU (KB972221)
    Update for Outlook 2007 Junk Email Filter (KB2466076)
    USB Webcam
    VC Runtimes MSI
    VirtualCloneDrive
    Visual Studio 2005 Tools for Office Second Edition Runtime
    Visual Studio Tools for the Office system 3.0 Runtime
    VLC media player 1.0.5
    WebTablet IE Plugin
    WebTablet Netscape Plugin
    Windows Mobile 5.0 SDK R2 for Smartphone
    WinPcap 4.1.1
    WinRAR archiver
    WinSCP 4.2.7
    Wireshark 1.2.6
    Xvid 1.2.1 final uninstall

    ==== Event Viewer Messages From Past Week ========

    12/22/2010 9:36:10 PM, Error: Tcpip [4199] - The system detected an address conflict for IP address 192.168.1.101 with the system having network hardware address 00-14-D1-4D-3D-39. Network operations on this system may be disrupted as a result.
    12/22/2010 6:54:49 PM, Error: volsnap [36] - The shadow copies of volume C: were aborted because the shadow copy storage could not grow due to a user imposed limit.
    12/22/2010 6:17:22 PM, Error: Service Control Manager [7034] - The MySQL service terminated unexpectedly. It has done this 1 time(s).
    12/22/2010 5:58:59 PM, Error: Microsoft-Windows-HAL [12] - The platform firmware has corrupted memory across the previous system power transition. Please check for updated firmware for your system.
    12/22/2010 5:52:06 PM, Error: Service Control Manager [7001] - The NTRU TSS v1.2.1.25 TCS service depends on the TPM Base Services service which failed to start because of the following error: The operation completed successfully.
    12/22/2010 5:51:47 PM, Error: Microsoft Antimalware [3002] - Microsoft Antimalware Real-Time Protection feature has encountered an error and failed. Feature: Behavior Monitoring Error Code: 0x80004005 Error description: Unspecified error Reason: The filter driver requires an up-to-date engine in order to function. You must install the latest definition updates in order to enable real-time protection.
    12/22/2010 5:36:21 PM, Error: Microsoft Antimalware [3002] - Microsoft Antimalware Real-Time Protection feature has encountered an error and failed. Feature: Behavior Monitoring Error Code: 0x80004005 Error description: Unspecified error Reason: The filter driver requires an up-to-date engine in order to function. You must install the latest definition updates in order to enable real-time protection.
    12/22/2010 5:34:00 PM, Error: Service Control Manager [7031] - The Microsoft Antimalware Service service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 15000 milliseconds: Restart the service.
    12/22/2010 5:31:07 PM, Error: Service Control Manager [7034] - The StarWind AE Service service terminated unexpectedly. It has done this 1 time(s).
    12/22/2010 5:28:19 PM, Error: Microsoft Antimalware [3002] - Microsoft Antimalware Real-Time Protection feature has encountered an error and failed. Feature: Behavior Monitoring Error Code: 0x80004005 Error description: Unspecified error Reason: The filter driver requires an up-to-date engine in order to function. You must install the latest definition updates in order to enable real-time protection.
    12/22/2010 5:28:13 PM, Error: Microsoft-Windows-WER-SystemErrorReporting [1001] - The computer has rebooted from a bugcheck. The bugcheck was: 0x000000d1 (0x8cd9aa00, 0x00000002, 0x00000000, 0x836affb6). A dump was saved in: C:\Windows\MEMORY.DMP. Report Id: 122210-30139-01.
    12/22/2010 4:11:03 PM, Error: Microsoft Antimalware [1008] - Microsoft Antimalware has encountered an error when taking action on spyware or other potentially unwanted software. For more information please see the following: http://go.microsoft.com/fwlink/?linkid=37020&name=Exploit:Java/CVE-2010-0840.W&threatid=2147641020 User: Blue-PC\rdeluca Name: Exploit:Java/CVE-2010-0840.W ID: 2147641020 Severity: Severe Category: Exploit Path: Action: Remove Error Code: 0x80508023 Error description: The program could not find the spyware and other potentially unwanted software on this computer. Status: Signature Version: AV: 1.95.2197.0, AS: 1.95.2197.0 Engine Version: 1.1.6402.0
    12/22/2010 4:02:40 PM, Error: Service Control Manager [7030] - The OQFQTU service is marked as an interactive service. However, the system is configured to not allow interactive services. This service may not function properly.
    12/22/2010 4:02:35 PM, Error: Service Control Manager [7034] - The DBGUBZD service terminated unexpectedly. It has done this 1 time(s).
    12/22/2010 3:59:23 PM, Error: Service Control Manager [7030] - The DXP service is marked as an interactive service. However, the system is configured to not allow interactive services. This service may not function properly.
    12/22/2010 3:59:23 PM, Error: Service Control Manager [7030] - The DBGUBZD service is marked as an interactive service. However, the system is configured to not allow interactive services. This service may not function properly.
    12/22/2010 3:59:23 PM, Error: Service Control Manager [7009] - A timeout was reached (30000 milliseconds) while waiting for the KCFEZTAMNFZO service to connect.
    12/22/2010 3:59:23 PM, Error: Service Control Manager [7000] - The KCFEZTAMNFZO service failed to start due to the following error: The service did not respond to the start or control request in a timely fashion.
    12/22/2010 3:58:53 PM, Error: Service Control Manager [7030] - The KCFEZTAMNFZO service is marked as an interactive service. However, the system is configured to not allow interactive services. This service may not function properly.
    12/22/2010 3:58:25 PM, Error: Service Control Manager [7009] - A timeout was reached (30000 milliseconds) while waiting for the WAGNZRHIZYK service to connect.
    12/22/2010 3:58:25 PM, Error: Service Control Manager [7000] - The WAGNZRHIZYK service failed to start due to the following error: The service did not respond to the start or control request in a timely fashion.
    12/22/2010 3:57:53 PM, Error: Service Control Manager [7030] - The WAGNZRHIZYK service is marked as an interactive service. However, the system is configured to not allow interactive services. This service may not function properly.
    12/22/2010 3:55:55 PM, Error: Microsoft Antimalware [3002] - Microsoft Antimalware Real-Time Protection feature has encountered an error and failed. Feature: Behavior Monitoring Error Code: 0x80004005 Error description: Unspecified error Reason: The filter driver requires an up-to-date engine in order to function. You must install the latest definition updates in order to enable real-time protection.
    12/22/2010 3:55:47 PM, Error: Microsoft-Windows-WER-SystemErrorReporting [1001] - The computer has rebooted from a bugcheck. The bugcheck was: 0x0000008e (0xc0000005, 0x82e8c050, 0x8b11b774, 0x00000000). A dump was saved in: C:\Windows\MEMORY.DMP. Report Id: 122210-32697-01.
    12/22/2010 3:36:12 PM, Error: Service Control Manager [7006] - The ScRegSetValueExW call failed for Start with the following error: Access is denied.
    12/22/2010 3:30:34 PM, Error: Microsoft Antimalware [2001] - Microsoft Antimalware has encountered an error trying to update signatures. New Signature Version: Previous Signature Version: 1.95.2197.0 Update Source: Microsoft Update Server Update Stage: Search Source Path: http://www.microsoft.com Signature Type: AntiVirus Update Type: Full User: NT AUTHORITY\SYSTEM Current Engine Version: Previous Engine Version: 1.1.6402.0 Error code: 0x80072efe Error description: The connection with the server was terminated abnormally
    12/22/2010 3:20:03 PM, Error: Microsoft Antimalware [3002] - Microsoft Antimalware Real-Time Protection feature has encountered an error and failed. Feature: Behavior Monitoring Error Code: 0x80004005 Error description: Unspecified error Reason: The filter driver requires an up-to-date engine in order to function. You must install the latest definition updates in order to enable real-time protection.
    12/22/2010 3:19:46 PM, Error: Microsoft-Windows-WER-SystemErrorReporting [1001] - The computer has rebooted from a bugcheck. The bugcheck was: 0x0000007e (0xc0000005, 0x82d042f1, 0x8b113a60, 0x8b113640). A dump was saved in: C:\Windows\MEMORY.DMP. Report Id: 122210-37830-01.
    12/22/2010 3:06:09 PM, Error: Microsoft Antimalware [3002] - Microsoft Antimalware Real-Time Protection feature has encountered an error and failed. Feature: Behavior Monitoring Error Code: 0x80004005 Error description: Unspecified error Reason: The filter driver requires an up-to-date engine in order to function. You must install the latest definition updates in order to enable real-time protection.
    12/22/2010 3:01:02 PM, Error: VDS Basic Provider [1] - Unexpected failure. Error code: 490@01010004
    12/22/2010 2:56:04 PM, Error: Microsoft-Windows-WER-SystemErrorReporting [1001] - The computer has rebooted from a bugcheck. The bugcheck was: 0x0000007e (0xc0000005, 0x82d062f1, 0x8b323a60, 0x8b323640). A dump was saved in: C:\Windows\MEMORY.DMP. Report Id: 122210-33119-01.
    12/22/2010 2:51:26 PM, Error: Service Control Manager [7030] - The WABSLPBF service is marked as an interactive service. However, the system is configured to not allow interactive services. This service may not function properly.
    12/22/2010 2:48:10 PM, Error: Service Control Manager [7009] - A timeout was reached (30000 milliseconds) while waiting for the SMX service to connect.
    12/22/2010 2:48:10 PM, Error: Service Control Manager [7000] - The SMX service failed to start due to the following error: The service did not respond to the start or control request in a timely fashion.
    12/22/2010 2:47:40 PM, Error: Service Control Manager [7030] - The SMX service is marked as an interactive service. However, the system is configured to not allow interactive services. This service may not function properly.
    12/22/2010 12:27:31 PM, Error: Tcpip [4199] - The system detected an address conflict for IP address 192.168.1.101 with the system having network hardware address 00-17-EE-01-AB-CB. Network operations on this system may be disrupted as a result.
    12/22/2010 1:04:02 AM, Error: Server [2505] - The server could not bind to the transport \Device\NetBT_Tcpip_{77E81000-7855-4444-8C21-96A75B56820F} because another computer on the network has the same name. The server could not start.
    12/22/2010 1:03:19 PM, Error: BridgeMP [14702] - Bridge [Adapter Intel(R) PRO/Wireless 3945ABG Network Connection]: The bridge could not modify the network adapter's packet filter. The network adapter will not function correctly.
    12/22/2010 1:03:18 PM, Error: BridgeMP [14702] - Bridge [Adapter Broadcom NetXtreme 57xx Gigabit Controller]: The bridge could not modify the network adapter's packet filter. The network adapter will not function correctly.
    12/22/2010 1:02:35 PM, Error: Server [2505] - The server could not bind to the transport \Device\NetBT_Tcpip_{D008B58B-B602-4C7C-9BE9-607BF50A12C8} because another computer on the network has the same name. The server could not start.
    12/21/2010 9:57:46 PM, Error: Tcpip [4199] - The system detected an address conflict for IP address 0.0.0.0 with the system having network hardware address 00-00-00-00-00-00. Network operations on this system may be disrupted as a result.
    12/21/2010 11:52:39 AM, Error: Service Control Manager [7011] - A timeout (30000 milliseconds) was reached while waiting for a transaction response from the TouchServicePen service.
    12/20/2010 7:18:13 PM, Error: Tcpip [4199] - The system detected an address conflict for IP address 192.168.1.112 with the system having network hardware address 00-25-AE-71-60-5F. Network operations on this system may be disrupted as a result.
    12/20/2010 2:05:32 AM, Error: Service Control Manager [7011] - A timeout (30000 milliseconds) was reached while waiting for a transaction response from the ShellHWDetection service.
    12/18/2010 10:13:05 PM, Error: Service Control Manager [7011] - A timeout (30000 milliseconds) was reached while waiting for a transaction response from the PlugPlay service.
    12/15/2010 4:16:04 PM, Error: Microsoft Antimalware [3002] - Microsoft Antimalware Real-Time Protection feature has encountered an error and failed. Feature: Behavior Monitoring Error Code: 0x80004005 Error description: Unspecified error Reason: The filter driver requires an up-to-date engine in order to function. You must install the latest definition updates in order to enable real-time protection.

    ==== End Of File ===========================

    :-/
  2. Broni

    Broni Malware Annihilator Posts: 46,416   +252

    Welcome aboard [​IMG]

    Please, observe following rules:
    • Read all of my instructions very carefully. Your mistakes during cleaning process may have very serious consequences, like unbootable computer.
    • If you're stuck, or you're not sure about certain step, always ask before doing anything else.
    • Please refrain from running tools or applying updates other than those I suggest.
    • Never run more than one scan at a time.
    • Keep updating me regarding your computer behavior, good, or bad.
    • The cleaning process, once started, has to be completed. Even if your computer appears to act better, it may still be infected. Once the computer is totally clean, I'll certainly let you know.
    • If you leave the topic without explanation in the middle of a cleaning process, you may not be eligible to receive any more help in malware removal forum.
    • I close my topics if you have not replied in 5 days. If you need more time, simply let me know. If I closed your topic and you need it to be reopened, simply PM me.

    ========================================================================

    You're running two AV programs, Microsoft Security Essentials and Avira.
    One of them has to go. Your choice.

    Now....

    Download TDSSKiller and save it to your desktop.
    • Extract (unzip) its contents to your desktop.
    • Open the TDSSKiller folder and doubleclick on TDSSKiller.exe to run the application, then on Start Scan.
    • If an infected file is detected, the default action will be Cure, click on Continue.
    • If a suspicious file is detected, the default action will be Skip, click on Continue.
    • It may ask you to reboot the computer to complete the process. Click on Reboot Now.
    • If no reboot is require, click on Report. A log file should appear. Please copy and paste the contents of that file here.
    • If a reboot is required, the report can also be found in your root directory (usually C:\ folder) in the form of TDSSKiller_xxxx_log.txt. Please copy and paste the contents of that file here.
  3. buggedBoy

    buggedBoy Newcomer, in training Topic Starter

    2010/12/22 22:42:08.0981 TDSS rootkit removing tool 2.4.12.0 Dec 16 2010 09:46:46
    2010/12/22 22:42:08.0981 ================================================================================
    2010/12/22 22:42:08.0981 SystemInfo:
    2010/12/22 22:42:08.0981
    2010/12/22 22:42:08.0981 OS Version: 6.1.7600 ServicePack: 0.0
    2010/12/22 22:42:08.0981 Product type: Workstation
    2010/12/22 22:42:08.0981 ComputerName: BLUE-PC
    2010/12/22 22:42:08.0986 UserName: rdeluca
    2010/12/22 22:42:08.0986 Windows directory: C:\Windows
    2010/12/22 22:42:08.0986 System windows directory: C:\Windows
    2010/12/22 22:42:08.0986 Processor architecture: Intel x86
    2010/12/22 22:42:08.0986 Number of processors: 2
    2010/12/22 22:42:08.0986 Page size: 0x1000
    2010/12/22 22:42:08.0986 Boot type: Normal boot
    2010/12/22 22:42:08.0986 ================================================================================
    2010/12/22 22:42:09.0726 Initialize success
    2010/12/22 22:42:29.0477 ================================================================================
    2010/12/22 22:42:29.0477 Scan started
    2010/12/22 22:42:29.0477 Mode: Manual;
    2010/12/22 22:42:29.0477 ================================================================================
    2010/12/22 22:42:30.0304 1394ohci (6d2aca41739bfe8cb86ee8e85f29697d) C:\Windows\system32\DRIVERS\1394ohci.sys
    2010/12/22 22:42:30.0382 ACPI (f0e07d144c8685b8774bc32fc8da4df0) C:\Windows\system32\DRIVERS\ACPI.sys
    2010/12/22 22:42:30.0413 AcpiPmi (98d81ca942d19f7d9153b095162ac013) C:\Windows\system32\DRIVERS\acpipmi.sys
    2010/12/22 22:42:30.0538 adp94xx (21e785ebd7dc90a06391141aac7892fb) C:\Windows\system32\DRIVERS\adp94xx.sys
    2010/12/22 22:42:30.0601 adpahci (0c676bc278d5b59ff5abd57bbe9123f2) C:\Windows\system32\DRIVERS\adpahci.sys
    2010/12/22 22:42:30.0632 adpu320 (7c7b5ee4b7b822ec85321fe23a27db33) C:\Windows\system32\DRIVERS\adpu320.sys
    2010/12/22 22:42:30.0772 AFD (ddc040fdb01ef1712a6b13e52afb104c) C:\Windows\system32\drivers\afd.sys
    2010/12/22 22:42:30.0819 agp440 (507812c3054c21cef746b6ee3d04dd6e) C:\Windows\system32\DRIVERS\agp440.sys
    2010/12/22 22:42:30.0881 aic78xx (8b30250d573a8f6b4bd23195160d8707) C:\Windows\system32\DRIVERS\djsvs.sys
    2010/12/22 22:42:31.0006 aliide (0d40bcf52ea90fc7df2aeab6503dea44) C:\Windows\system32\DRIVERS\aliide.sys
    2010/12/22 22:42:31.0053 amdagp (3c6600a0696e90a463771c7422e23ab5) C:\Windows\system32\DRIVERS\amdagp.sys
    2010/12/22 22:42:31.0069 amdide (cd5914170297126b6266860198d1d4f0) C:\Windows\system32\DRIVERS\amdide.sys
    2010/12/22 22:42:31.0115 AmdK8 (00dda200d71bac534bf56a9db5dfd666) C:\Windows\system32\DRIVERS\amdk8.sys
    2010/12/22 22:42:31.0147 AmdPPM (3cbf30f5370fda40dd3e87df38ea53b6) C:\Windows\system32\DRIVERS\amdppm.sys
    2010/12/22 22:42:31.0256 amdsata (2101a86c25c154f8314b24ef49d7fbc2) C:\Windows\system32\DRIVERS\amdsata.sys
    2010/12/22 22:42:31.0303 amdsbs (ea43af0c423ff267355f74e7a53bdaba) C:\Windows\system32\DRIVERS\amdsbs.sys
    2010/12/22 22:42:31.0334 amdxata (b81c2b5616f6420a9941ea093a92b150) C:\Windows\system32\DRIVERS\amdxata.sys
    2010/12/22 22:42:31.0412 ApfiltrService (350f19eb5fe4ec37a2414df56cde1aa8) C:\Windows\system32\DRIVERS\Apfiltr.sys
    2010/12/22 22:42:31.0537 AppID (feb834c02ce1e84b6a38f953ca067706) C:\Windows\system32\drivers\appid.sys
    2010/12/22 22:42:31.0615 arc (2932004f49677bd84dbc72edb754ffb3) C:\Windows\system32\DRIVERS\arc.sys
    2010/12/22 22:42:31.0646 arcsas (5d6f36c46fd283ae1b57bd2e9feb0bc7) C:\Windows\system32\DRIVERS\arcsas.sys
    2010/12/22 22:42:31.0771 AsyncMac (add2ade1c2b285ab8378d2daaf991481) C:\Windows\system32\DRIVERS\asyncmac.sys
    2010/12/22 22:42:31.0802 atapi (338c86357871c167a96ab976519bf59e) C:\Windows\system32\DRIVERS\atapi.sys
    2010/12/22 22:42:32.0036 b06bdrv (1a231abec60fd316ec54c66715543cec) C:\Windows\system32\DRIVERS\bxvbdx.sys
    2010/12/22 22:42:32.0098 b57nd60x (bd8869eb9cde6bbe4508d869929869ee) C:\Windows\system32\DRIVERS\b57nd60x.sys
    2010/12/22 22:42:32.0239 Beep (505506526a9d467307b3c393dedaf858) C:\Windows\system32\drivers\Beep.sys
    2010/12/22 22:42:32.0285 blbdrive (2287078ed48fcfc477b05b20cf38f36f) C:\Windows\system32\DRIVERS\blbdrive.sys
    2010/12/22 22:42:32.0317 bowser (fcafaef6798d7b51ff029f99a9898961) C:\Windows\system32\DRIVERS\bowser.sys
    2010/12/22 22:42:32.0348 BrFiltLo (9f9acc7f7ccde8a15c282d3f88b43309) C:\Windows\system32\DRIVERS\BrFiltLo.sys
    2010/12/22 22:42:32.0379 BrFiltUp (56801ad62213a41f6497f96dee83755a) C:\Windows\system32\DRIVERS\BrFiltUp.sys
    2010/12/22 22:42:32.0504 Bridge (77361d72a04f18809d0efb6cceb74d4b) C:\Windows\system32\DRIVERS\bridge.sys
    2010/12/22 22:42:32.0535 BridgeMP (77361d72a04f18809d0efb6cceb74d4b) C:\Windows\system32\DRIVERS\bridge.sys
    2010/12/22 22:42:32.0582 Brserid (845b8ce732e67f3b4133164868c666ea) C:\Windows\System32\Drivers\Brserid.sys
    2010/12/22 22:42:32.0613 BrSerWdm (203f0b1e73adadbbb7b7b1fabd901f6b) C:\Windows\System32\Drivers\BrSerWdm.sys
    2010/12/22 22:42:32.0644 BrUsbMdm (bd456606156ba17e60a04e18016ae54b) C:\Windows\System32\Drivers\BrUsbMdm.sys
    2010/12/22 22:42:32.0738 BrUsbSer (af72ed54503f717a43268b3cc5faec2e) C:\Windows\System32\Drivers\BrUsbSer.sys
    2010/12/22 22:42:32.0769 BTHMODEM (ed3df7c56ce0084eb2034432fc56565a) C:\Windows\system32\DRIVERS\bthmodem.sys
    2010/12/22 22:42:32.0831 cdfs (77ea11b065e0a8ab902d78145ca51e10) C:\Windows\system32\DRIVERS\cdfs.sys
    2010/12/22 22:42:32.0894 cdrom (ba6e70aa0e6091bc39de29477d866a77) C:\Windows\system32\DRIVERS\cdrom.sys
    2010/12/22 22:42:32.0987 circlass (3fe3fe94a34df6fb06e6418d0f6a0060) C:\Windows\system32\DRIVERS\circlass.sys
    2010/12/22 22:42:33.0034 CLFS (635181e0e9bbf16871bf5380d71db02d) C:\Windows\system32\CLFS.sys
    2010/12/22 22:42:33.0112 CmBatt (dea805815e587dad1dd2c502220b5616) C:\Windows\system32\DRIVERS\CmBatt.sys
    2010/12/22 22:42:33.0128 cmdide (c537b1db64d495b9b4717b4d6d9edbf2) C:\Windows\system32\DRIVERS\cmdide.sys
    2010/12/22 22:42:33.0175 CNG (1b675691ed940766149c93e8f4488d68) C:\Windows\system32\Drivers\cng.sys
    2010/12/22 22:42:33.0268 Compbatt (a6023d3823c37043986713f118a89bee) C:\Windows\system32\DRIVERS\compbatt.sys
    2010/12/22 22:42:33.0315 CompositeBus (f1724ba27e97d627f808fb0ba77a28a6) C:\Windows\system32\DRIVERS\CompositeBus.sys
    2010/12/22 22:42:33.0377 crcdisk (2c4ebcfc84a9b44f209dff6c6e6c61d1) C:\Windows\system32\DRIVERS\crcdisk.sys
    2010/12/22 22:42:33.0518 CSC (27c9490bdd0ae48911ab8cf1932591ed) C:\Windows\system32\drivers\csc.sys
    2010/12/22 22:42:33.0611 dc3d (aac6b0c7ae7d25a03d2b8dbd5185c0b3) C:\Windows\system32\DRIVERS\dc3d.sys
    2010/12/22 22:42:33.0674 DfsC (8e09e52ee2e3ceb199ef3dd99cf9e3fb) C:\Windows\system32\Drivers\dfsc.sys
    2010/12/22 22:42:33.0752 discache (1a050b0274bfb3890703d490f330c0da) C:\Windows\system32\drivers\discache.sys
    2010/12/22 22:42:33.0814 Disk (565003f326f99802e68ca78f2a68e9ff) C:\Windows\system32\DRIVERS\disk.sys
    2010/12/22 22:42:33.0908 drmkaud (b918e7c5f9bf77202f89e1a9539f2eb4) C:\Windows\system32\drivers\drmkaud.sys
    2010/12/22 22:42:33.0970 DXGKrnl (8b6c3464d7fac176500061dbfff42ad4) C:\Windows\System32\drivers\dxgkrnl.sys
    2010/12/22 22:42:34.0220 ebdrv (024e1b5cac09731e4d868e64dbfb4ab0) C:\Windows\system32\DRIVERS\evbdx.sys
    2010/12/22 22:42:34.0407 ElbyCDIO (44996a2addd2db7454f2ca40b67d8941) C:\Windows\system32\Drivers\ElbyCDIO.sys
    2010/12/22 22:42:34.0485 elxstor (0ed67910c8c326796faa00b2bf6d9d3c) C:\Windows\system32\DRIVERS\elxstor.sys
    2010/12/22 22:42:34.0641 epmntdrv (539ca34fbc74ec366a0d751028c32a08) C:\Windows\system32\epmntdrv.sys
    2010/12/22 22:42:34.0703 ErrDev (8fc3208352dd3912c94367a206ab3f11) C:\Windows\system32\DRIVERS\errdev.sys
    2010/12/22 22:42:34.0781 EuGdiDrv (1f2f4ab15ce03ecc257feb2f6dc5a013) C:\Windows\system32\EuGdiDrv.sys
    2010/12/22 22:42:34.0937 exfat (2dc9108d74081149cc8b651d3a26207f) C:\Windows\system32\drivers\exfat.sys
    2010/12/22 22:42:34.0984 fastfat (7e0ab74553476622fb6ae36f73d97d35) C:\Windows\system32\drivers\fastfat.sys
    2010/12/22 22:42:35.0015 fdc (e817a017f82df2a1f8cfdbda29388b29) C:\Windows\system32\DRIVERS\fdc.sys
    2010/12/22 22:42:35.0047 FileInfo (6cf00369c97f3cf563be99be983d13d8) C:\Windows\system32\drivers\fileinfo.sys
    2010/12/22 22:42:35.0078 Filetrace (42c51dc94c91da21cb9196eb64c45db9) C:\Windows\system32\drivers\filetrace.sys
    2010/12/22 22:42:35.0187 flpydisk (87907aa70cb3c56600f1c2fb8841579b) C:\Windows\system32\DRIVERS\flpydisk.sys
    2010/12/22 22:42:35.0249 FltMgr (7520ec808e0c35e0ee6f841294316653) C:\Windows\system32\drivers\fltmgr.sys
    2010/12/22 22:42:35.0312 FsDepends (1a16b57943853e598cff37fe2b8cbf1d) C:\Windows\system32\drivers\FsDepends.sys
    2010/12/22 22:42:35.0343 Fs_Rec (a574b4360e438977038aae4bf60d79a2) C:\Windows\system32\drivers\Fs_Rec.sys
    2010/12/22 22:42:35.0405 fvevol (5592f5dba26282d24d2b080eb438a4d7) C:\Windows\system32\DRIVERS\fvevol.sys
    2010/12/22 22:42:35.0530 gagp30kx (65ee0c7a58b65e74ae05637418153938) C:\Windows\system32\DRIVERS\gagp30kx.sys
    2010/12/22 22:42:35.0608 giveio (77ebf3e9386daa51551af429052d88d0) C:\Windows\system32\giveio.sys
    2010/12/22 22:42:35.0764 hcw85cir (c44e3c2bab6837db337ddee7544736db) C:\Windows\system32\drivers\hcw85cir.sys
    2010/12/22 22:42:35.0920 HdAudAddService (3530cad25deba7dc7de8bb51632cbc5f) C:\Windows\system32\drivers\HdAudio.sys
    2010/12/22 22:42:35.0983 HDAudBus (717a2207fd6f13ad3e664c7d5a43c7bf) C:\Windows\system32\DRIVERS\HDAudBus.sys
    2010/12/22 22:42:36.0107 HidBatt (1d58a7f3e11a9731d0eaaaa8405acc36) C:\Windows\system32\DRIVERS\HidBatt.sys
    2010/12/22 22:42:36.0139 HidBth (89448f40e6df260c206a193a4683ba78) C:\Windows\system32\DRIVERS\hidbth.sys
    2010/12/22 22:42:36.0170 HidIr (cf50b4cf4a4f229b9f3c08351f99ca5e) C:\Windows\system32\DRIVERS\hidir.sys
    2010/12/22 22:42:36.0232 HidUsb (25072fb35ac90b25f9e4e3bacf774102) C:\Windows\system32\DRIVERS\hidusb.sys
    2010/12/22 22:42:36.0357 HpSAMD (295fdc419039090eb8b49ffdbb374549) C:\Windows\system32\DRIVERS\HpSAMD.sys
    2010/12/22 22:42:36.0451 HSF_DPV (53229dcf431d76434816cd29251168a0) C:\Windows\system32\DRIVERS\HSX_DPV.sys
    2010/12/22 22:42:36.0575 HSXHWAZL (31f949d452201f2f0af0c88d7db512cd) C:\Windows\system32\DRIVERS\HSXHWAZL.sys
    2010/12/22 22:42:36.0653 HTTP (c531c7fd9e8b62021112787c4e2c5a5a) C:\Windows\system32\drivers\HTTP.sys
    2010/12/22 22:42:36.0716 hwpolicy (8305f33cde89ad6c7a0763ed0b5a8d42) C:\Windows\system32\drivers\hwpolicy.sys
    2010/12/22 22:42:36.0794 i8042prt (f151f0bdc47f4a28b1b20a0818ea36d6) C:\Windows\system32\DRIVERS\i8042prt.sys
    2010/12/22 22:42:36.0856 iaStorV (934af4d7c5f457b9f0743f4299b77b67) C:\Windows\system32\DRIVERS\iaStorV.sys
    2010/12/22 22:42:37.0028 iirsp (4173ff5708f3236cf25195fecd742915) C:\Windows\system32\DRIVERS\iirsp.sys
    2010/12/22 22:42:37.0075 intelide (a0f12f2c9ba6c72f3987ce780e77c130) C:\Windows\system32\DRIVERS\intelide.sys
    2010/12/22 22:42:37.0106 intelppm (3b514d27bfc4accb4037bc6685f766e0) C:\Windows\system32\DRIVERS\intelppm.sys
    2010/12/22 22:42:37.0153 IpFilterDriver (709d1761d3b19a932ff0238ea6d50200) C:\Windows\system32\DRIVERS\ipfltdrv.sys
    2010/12/22 22:42:37.0277 IPMIDRV (e4454b6c37d7ffd5649611f6496308a7) C:\Windows\system32\DRIVERS\IPMIDrv.sys
    2010/12/22 22:42:37.0309 IPNAT (a5fa468d67abcdaa36264e463a7bb0cd) C:\Windows\system32\drivers\ipnat.sys
    2010/12/22 22:42:37.0355 IRENUM (42996cff20a3084a56017b7902307e9f) C:\Windows\system32\drivers\irenum.sys
    2010/12/22 22:42:37.0387 isapnp (1f32bb6b38f62f7df1a7ab7292638a35) C:\Windows\system32\DRIVERS\isapnp.sys
    2010/12/22 22:42:37.0433 iScsiPrt (ed46c223ae46c6866ab77cdc41c404b7) C:\Windows\system32\DRIVERS\msiscsi.sys
    2010/12/22 22:42:37.0574 kbdclass (adef52ca1aeae82b50df86b56413107e) C:\Windows\system32\DRIVERS\kbdclass.sys
    2010/12/22 22:42:37.0621 kbdhid (3d9f0ebf350edcfd6498057301455964) C:\Windows\system32\DRIVERS\kbdhid.sys
    2010/12/22 22:42:37.0683 KSecDD (e36a061ec11b373826905b21be10948f) C:\Windows\system32\Drivers\ksecdd.sys
    2010/12/22 22:42:37.0808 KSecPkg (365c6154bbbc5377173f1ca7bfb6cc59) C:\Windows\system32\Drivers\ksecpkg.sys
    2010/12/22 22:42:37.0901 lltdio (f7611ec07349979da9b0ae1f18ccc7a6) C:\Windows\system32\DRIVERS\lltdio.sys
    2010/12/22 22:42:37.0964 LSI_FC (eb119a53ccf2acc000ac71b065b78fef) C:\Windows\system32\DRIVERS\lsi_fc.sys
    2010/12/22 22:42:38.0089 LSI_SAS (8ade1c877256a22e49b75d1cc9161f9c) C:\Windows\system32\DRIVERS\lsi_sas.sys
    2010/12/22 22:42:38.0120 LSI_SAS2 (dc9dc3d3daa0e276fd2ec262e38b11e9) C:\Windows\system32\DRIVERS\lsi_sas2.sys
    2010/12/22 22:42:38.0151 LSI_SCSI (0a036c7d7cab643a7f07135ac47e0524) C:\Windows\system32\DRIVERS\lsi_scsi.sys
    2010/12/22 22:42:38.0198 luafv (6703e366cc18d3b6e534f5cf7df39cee) C:\Windows\system32\drivers\luafv.sys
    2010/12/22 22:42:38.0307 mdmxsdk (0cea2d0d3fa284b85ed5b68365114f76) C:\Windows\system32\DRIVERS\mdmxsdk.sys
    2010/12/22 22:42:38.0354 megasas (0fff5b045293002ab38eb1fd1fc2fb74) C:\Windows\system32\DRIVERS\megasas.sys
    2010/12/22 22:42:38.0401 MegaSR (dcbab2920c75f390caf1d29f675d03d6) C:\Windows\system32\DRIVERS\MegaSR.sys
    2010/12/22 22:42:38.0541 Modem (f001861e5700ee84e2d4e52c712f4964) C:\Windows\system32\drivers\modem.sys
    2010/12/22 22:42:38.0588 monitor (79d10964de86b292320e9dfe02282a23) C:\Windows\system32\DRIVERS\monitor.sys
    2010/12/22 22:42:38.0666 MotDev (e190ed75bcc7928143f8f2af4c34d91d) C:\Windows\system32\DRIVERS\motodrv.sys
    2010/12/22 22:42:38.0791 mouclass (fb18cc1d4c2e716b6b903b0ac0cc0609) C:\Windows\system32\DRIVERS\mouclass.sys
    2010/12/22 22:42:38.0853 mouhid (2c388d2cd01c9042596cf3c8f3c7b24d) C:\Windows\system32\DRIVERS\mouhid.sys
    2010/12/22 22:42:38.0884 mountmgr (921c18727c5920d6c0300736646931c2) C:\Windows\system32\drivers\mountmgr.sys
    2010/12/22 22:42:38.0993 MpFilter (c98301ad8173a2235a9ab828955c32bb) C:\Windows\system32\DRIVERS\MpFilter.sys
    2010/12/22 22:42:39.0056 mpio (2af5997438c55fb79d33d015c30e1974) C:\Windows\system32\DRIVERS\mpio.sys
    2010/12/22 22:42:39.0071 MpNWMon (aeb186afff5d9cfed823c15d846aac3b) C:\Windows\system32\DRIVERS\MpNWMon.sys
    2010/12/22 22:42:39.0103 mpsdrv (ad2723a7b53dd1aacae6ad8c0bfbf4d0) C:\Windows\system32\drivers\mpsdrv.sys
    2010/12/22 22:42:39.0134 MRxDAV (b1be47008d20e43da3adc37c24cdb89d) C:\Windows\system32\drivers\mrxdav.sys
    2010/12/22 22:42:39.0259 mrxsmb (f1b6aa08497ea86ca6ef6f7a08b0bfb8) C:\Windows\system32\DRIVERS\mrxsmb.sys
    2010/12/22 22:42:39.0305 mrxsmb10 (5613358b4050f46f5a9832da8050d6e4) C:\Windows\system32\DRIVERS\mrxsmb10.sys
    2010/12/22 22:42:39.0337 mrxsmb20 (25c9792778d80feb4c8201e62281bfdf) C:\Windows\system32\DRIVERS\mrxsmb20.sys
    2010/12/22 22:42:39.0383 msahci (4326d168944123f38dd3b2d9c37a0b12) C:\Windows\system32\DRIVERS\msahci.sys
    2010/12/22 22:42:39.0415 msdsm (455029c7174a2dbb03dba8a0d8bddd9a) C:\Windows\system32\DRIVERS\msdsm.sys
    2010/12/22 22:42:39.0524 Msfs (daefb28e3af5a76abcc2c3078c07327f) C:\Windows\system32\drivers\Msfs.sys
    2010/12/22 22:42:39.0571 mshidkmdf (3e1e5767043c5af9367f0056295e9f84) C:\Windows\System32\drivers\mshidkmdf.sys
    2010/12/22 22:42:39.0586 msisadrv (0a4e5757ae09fa9622e3158cc1aef114) C:\Windows\system32\DRIVERS\msisadrv.sys
    2010/12/22 22:42:39.0649 MSKSSRV (8c0860d6366aaffb6c5bb9df9448e631) C:\Windows\system32\drivers\MSKSSRV.sys
    2010/12/22 22:42:39.0758 MSPCLOCK (3ea8b949f963562cedbb549eac0c11ce) C:\Windows\system32\drivers\MSPCLOCK.sys
    2010/12/22 22:42:39.0789 MSPQM (f456e973590d663b1073e9c463b40932) C:\Windows\system32\drivers\MSPQM.sys
    2010/12/22 22:42:39.0820 MsRPC (0e008fc4819d238c51d7c93e7b41e560) C:\Windows\system32\drivers\MsRPC.sys
    2010/12/22 22:42:39.0867 mssmbios (fc6b9ff600cc585ea38b12589bd4e246) C:\Windows\system32\DRIVERS\mssmbios.sys
    2010/12/22 22:42:39.0929 MSTEE (b42c6b921f61a6e55159b8be6cd54a36) C:\Windows\system32\drivers\MSTEE.sys
    2010/12/22 22:42:40.0054 MTConfig (33599130f44e1f34631cea241de8ac84) C:\Windows\system32\DRIVERS\MTConfig.sys
    2010/12/22 22:42:40.0085 Mup (159fad02f64e6381758c990f753bcc80) C:\Windows\system32\Drivers\mup.sys
    2010/12/22 22:42:40.0273 NativeWifiP (26384429fcd85d83746f63e798ab1480) C:\Windows\system32\DRIVERS\nwifi.sys
    2010/12/22 22:42:40.0335 NDIS (23759d175a0a9baaf04d05047bc135a8) C:\Windows\system32\drivers\ndis.sys
    2010/12/22 22:42:40.0475 NdisCap (0e1787aa6c9191d3d319e8bafe86f80c) C:\Windows\system32\DRIVERS\ndiscap.sys
    2010/12/22 22:42:40.0522 NdisTapi (e4a8aec125a2e43a9e32afeea7c9c888) C:\Windows\system32\DRIVERS\ndistapi.sys
    2010/12/22 22:42:40.0553 Ndisuio (b30ae7f2b6d7e343b0df32e6c08fce75) C:\Windows\system32\DRIVERS\ndisuio.sys
    2010/12/22 22:42:40.0600 NdisWan (267c415eadcbe53c9ca873dee39cf3a4) C:\Windows\system32\DRIVERS\ndiswan.sys
    2010/12/22 22:42:40.0631 NDProxy (af7e7c63dcef3f8772726f86039d6eb4) C:\Windows\system32\drivers\NDProxy.sys
    2010/12/22 22:42:40.0741 NetBIOS (80b275b1ce3b0e79909db7b39af74d51) C:\Windows\system32\DRIVERS\netbios.sys
    2010/12/22 22:42:40.0787 NetBT (dd52a733bf4ca5af84562a5e2f963b91) C:\Windows\system32\DRIVERS\netbt.sys
    2010/12/22 22:42:41.0037 netw5v32 (f0c42e0cdce558d658fa53a222b4ccb1) C:\Windows\system32\DRIVERS\netw5v32.sys
    2010/12/22 22:42:41.0302 nfrd960 (1d85c4b390b0ee09c7a46b91efb2c097) C:\Windows\system32\DRIVERS\nfrd960.sys
    2010/12/22 22:42:41.0365 NPF (b9730495e0cf674680121e34bd95a73b) C:\Windows\system32\drivers\npf.sys
    2010/12/22 22:42:41.0396 Npfs (1db262a9f8c087e8153d89bef3d2235f) C:\Windows\system32\drivers\Npfs.sys
    2010/12/22 22:42:41.0427 nsiproxy (e9a0a4d07e53d8fea2bb8387a3293c58) C:\Windows\system32\drivers\nsiproxy.sys
    2010/12/22 22:42:41.0505 Ntfs (3795dcd21f740ee799fb7223234215af) C:\Windows\system32\drivers\Ntfs.sys
    2010/12/22 22:42:41.0661 NuidFltr (cf7e041663119e09d2e118521ada9300) C:\Windows\system32\DRIVERS\NuidFltr.sys
    2010/12/22 22:42:41.0708 Null (f9756a98d69098dca8945d62858a812c) C:\Windows\system32\drivers\Null.sys
    2010/12/22 22:42:41.0989 nvlddmkm (beb7035b5c4fd07dfd6f640291c540cf) C:\Windows\system32\DRIVERS\nvlddmkm.sys
    2010/12/22 22:42:42.0332 nvraid (3f3d04b1d08d43c16ea7963954ec768d) C:\Windows\system32\DRIVERS\nvraid.sys
    2010/12/22 22:42:42.0379 nvstor (c99f251a5de63c6f129cf71933aced0f) C:\Windows\system32\DRIVERS\nvstor.sys
    2010/12/22 22:42:42.0410 nv_agp (5a0983915f02bae73267cc2a041f717d) C:\Windows\system32\DRIVERS\nv_agp.sys
    2010/12/22 22:42:42.0441 ohci1394 (08a70a1f2cdde9bb49b885cb817a66eb) C:\Windows\system32\DRIVERS\ohci1394.sys
    2010/12/22 22:42:42.0503 omci (2d67ddaea9cbcf2cf47b87336563c173) C:\Windows\system32\DRIVERS\omci.sys
    2010/12/22 22:42:42.0644 Parport (2ea877ed5dd9713c5ac74e8ea7348d14) C:\Windows\system32\DRIVERS\parport.sys
    2010/12/22 22:42:42.0675 partmgr (ff4218952b51de44fe910953a3e686b9) C:\Windows\system32\drivers\partmgr.sys
    2010/12/22 22:42:42.0706 Parvdm (eb0a59f29c19b86479d36b35983daadc) C:\Windows\system32\DRIVERS\parvdm.sys
    2010/12/22 22:42:42.0737 pci (c858cb77c577780ecc456a892e7e7d0f) C:\Windows\system32\DRIVERS\pci.sys
    2010/12/22 22:42:42.0769 pciide (afe86f419014db4e5593f69ffe26ce0a) C:\Windows\system32\DRIVERS\pciide.sys
    2010/12/22 22:42:42.0800 pcmcia (f396431b31693e71e8a80687ef523506) C:\Windows\system32\DRIVERS\pcmcia.sys
    2010/12/22 22:42:42.0956 pcouffin (5b6c11de7e839c05248ced8825470fef) C:\Windows\system32\Drivers\pcouffin.sys
    2010/12/22 22:42:43.0003 pcw (250f6b43d2b613172035c6747aeeb19f) C:\Windows\system32\drivers\pcw.sys
    2010/12/22 22:42:43.0049 PEAUTH (9e0104ba49f4e6973749a02bf41344ed) C:\Windows\system32\drivers\peauth.sys
    2010/12/22 22:42:43.0221 Point32 (04df0452fbededf9297fd2e5440cb3c9) C:\Windows\system32\DRIVERS\point32k.sys
    2010/12/22 22:42:43.0315 PptpMiniport (631e3e205ad6d86f2aed6a4a8e69f2db) C:\Windows\system32\DRIVERS\raspptp.sys
    2010/12/22 22:42:43.0330 Processor (85b1e3a0c7585bc4aae6899ec6fcf011) C:\Windows\system32\DRIVERS\processr.sys
    2010/12/22 22:42:43.0471 Psched (6270ccae2a86de6d146529fe55b3246a) C:\Windows\system32\DRIVERS\pacer.sys
    2010/12/22 22:42:43.0549 ql2300 (ab95ecf1f6659a60ddc166d8315b0751) C:\Windows\system32\DRIVERS\ql2300.sys
    2010/12/22 22:42:43.0689 ql40xx (b4dd51dd25182244b86737dc51af2270) C:\Windows\system32\DRIVERS\ql40xx.sys
    2010/12/22 22:42:43.0736 QWAVEdrv (584078ca1b95ca72df2a27c336f9719d) C:\Windows\system32\drivers\qwavedrv.sys
    2010/12/22 22:42:43.0767 RasAcd (30a81b53c766d0133bb86d234e5556ab) C:\Windows\system32\DRIVERS\rasacd.sys
    2010/12/22 22:42:43.0814 RasAgileVpn (57ec4aef73660166074d8f7f31c0d4fd) C:\Windows\system32\DRIVERS\AgileVpn.sys
    2010/12/22 22:42:43.0845 Rasl2tp (d9f91eafec2815365cbe6d167e4e332a) C:\Windows\system32\DRIVERS\rasl2tp.sys
    2010/12/22 22:42:43.0970 RasPppoe (0fe8b15916307a6ac12bfb6a63e45507) C:\Windows\system32\DRIVERS\raspppoe.sys
    2010/12/22 22:42:44.0017 RasSstp (44101f495a83ea6401d886e7fd70096b) C:\Windows\system32\DRIVERS\rassstp.sys
    2010/12/22 22:42:44.0048 rdbss (835d7e81bf517a3b72384bdcc85e1ce6) C:\Windows\system32\DRIVERS\rdbss.sys
    2010/12/22 22:42:44.0079 rdpbus (0d8f05481cb76e70e1da06ee9f0da9df) C:\Windows\system32\DRIVERS\rdpbus.sys
    2010/12/22 22:42:44.0110 RDPCDD (1e016846895b15a99f9a176a05029075) C:\Windows\system32\DRIVERS\RDPCDD.sys
    2010/12/22 22:42:44.0157 RDPDR (c5ff95883ffef704d50c40d21cfb3ab5) C:\Windows\system32\drivers\rdpdr.sys
    2010/12/22 22:42:44.0282 RDPENCDD (5a53ca1598dd4156d44196d200c94b8a) C:\Windows\system32\drivers\rdpencdd.sys
    2010/12/22 22:42:44.0313 RDPREFMP (44b0a53cd4f27d50ed461dae0c0b4e1f) C:\Windows\system32\drivers\rdprefmp.sys
    2010/12/22 22:42:44.0344 RDPWD (801371ba9782282892d00aadb08ee367) C:\Windows\system32\drivers\RDPWD.sys
    2010/12/22 22:42:44.0391 rdyboost (4ea225bf1cf05e158853f30a99ca29a7) C:\Windows\system32\drivers\rdyboost.sys
    2010/12/22 22:42:44.0547 rspndr (032b0d36ad92b582d869879f5af5b928) C:\Windows\system32\DRIVERS\rspndr.sys
    2010/12/22 22:42:44.0594 s3cap (5423d8437051e89dd34749f242c98648) C:\Windows\system32\DRIVERS\vms3cap.sys
    2010/12/22 22:42:44.0641 sbp2port (34ee0c44b724e3e4ce2eff29126de5b5) C:\Windows\system32\DRIVERS\sbp2port.sys
    2010/12/22 22:42:44.0672 scfilter (a95c54b2ac3cc9c73fcdf9e51a1d6b51) C:\Windows\system32\DRIVERS\scfilter.sys
    2010/12/22 22:42:44.0812 secdrv (90a3935d05b494a5a39d37e71f09a677) C:\Windows\system32\drivers\secdrv.sys
    2010/12/22 22:42:44.0890 Serenum (9ad8b8b515e3df6acd4212ef465de2d1) C:\Windows\system32\DRIVERS\serenum.sys
    2010/12/22 22:42:44.0921 Serial (5fb7fcea0490d821f26f39cc5ea3d1e2) C:\Windows\system32\DRIVERS\serial.sys
    2010/12/22 22:42:44.0937 sermouse (79bffb520327ff916a582dfea17aa813) C:\Windows\system32\DRIVERS\sermouse.sys
    2010/12/22 22:42:45.0062 sffdisk (9f976e1eb233df46fce808d9dea3eb9c) C:\Windows\system32\DRIVERS\sffdisk.sys
    2010/12/22 22:42:45.0109 sffp_mmc (932a68ee27833cfd57c1639d375f2731) C:\Windows\system32\DRIVERS\sffp_mmc.sys
    2010/12/22 22:42:45.0124 sffp_sd (4f1e5b0fe7c8050668dbfade8999aefb) C:\Windows\system32\DRIVERS\sffp_sd.sys
    2010/12/22 22:42:45.0155 sfloppy (db96666cc8312ebc45032f30b007a547) C:\Windows\system32\DRIVERS\sfloppy.sys
    2010/12/22 22:42:45.0187 sisagp (2565cac0dc9fe0371bdce60832582b2e) C:\Windows\system32\DRIVERS\sisagp.sys
    2010/12/22 22:42:45.0311 SiSRaid2 (a9f0486851becb6dda1d89d381e71055) C:\Windows\system32\DRIVERS\SiSRaid2.sys
    2010/12/22 22:42:45.0343 SiSRaid4 (3727097b55738e2f554972c3be5bc1aa) C:\Windows\system32\DRIVERS\sisraid4.sys
    2010/12/22 22:42:45.0389 Smb (3e21c083b8a01cb70ba1f09303010fce) C:\Windows\system32\DRIVERS\smb.sys
    2010/12/22 22:42:45.0530 speedfan (5d6401db90ec81b71f8e2c5c8f0fef23) C:\Windows\system32\speedfan.sys
    2010/12/22 22:42:45.0577 spldr (95cf1ae7527fb70f7816563cbc09d942) C:\Windows\system32\drivers\spldr.sys
    2010/12/22 22:42:45.0686 sptd (cdddec541bc3c96f91ecb48759673505) C:\Windows\system32\Drivers\sptd.sys
    2010/12/22 22:42:45.0686 Suspicious file (NoAccess): C:\Windows\system32\Drivers\sptd.sys. md5: cdddec541bc3c96f91ecb48759673505
    2010/12/22 22:42:45.0686 sptd - detected Locked file (1)
    2010/12/22 22:42:45.0811 srv (2dbedfb1853f06110ec2aa7f3213c89f) C:\Windows\system32\DRIVERS\srv.sys
    2010/12/22 22:42:45.0857 srv2 (db37131d1027c50ea7ee21c8bb4536aa) C:\Windows\system32\DRIVERS\srv2.sys
    2010/12/22 22:42:45.0920 SrvHsfHDA (e00fdfaff025e94f9821153750c35a6d) C:\Windows\system32\DRIVERS\VSTAZL3.SYS
    2010/12/22 22:42:46.0060 SrvHsfV92 (ceb4e3b6890e1e42dca6694d9e59e1a0) C:\Windows\system32\DRIVERS\VSTDPV3.SYS
    2010/12/22 22:42:46.0154 SrvHsfWinac (bc0c7ea89194c299f051c24119000e17) C:\Windows\system32\DRIVERS\VSTCNXT3.SYS
    2010/12/22 22:42:46.0263 srvnet (f5980b74124db9233b33f86fc5ebbb4f) C:\Windows\system32\DRIVERS\srvnet.sys
    2010/12/22 22:42:46.0388 stexstor (db32d325c192b801df274bfd12a7e72b) C:\Windows\system32\DRIVERS\stexstor.sys
    2010/12/22 22:42:46.0466 STHDA (6a2a5e809c2c0178326d92b19ee4aad3) C:\Windows\system32\drivers\stwrt.sys
    2010/12/22 22:42:46.0591 storflt (957e346ca948668f2496a6ccf6ff82cc) C:\Windows\system32\DRIVERS\vmstorfl.sys
    2010/12/22 22:42:46.0637 storvsc (d5751969dc3e4b88bf482ac8ec9fe019) C:\Windows\system32\DRIVERS\storvsc.sys
    2010/12/22 22:42:46.0684 swenum (e58c78a848add9610a4db6d214af5224) C:\Windows\system32\DRIVERS\swenum.sys
    2010/12/22 22:42:46.0793 Tcpip (bb7f39c31c4a4417fd318e7cd184e225) C:\Windows\system32\drivers\tcpip.sys
    2010/12/22 22:42:46.0981 TCPIP6 (bb7f39c31c4a4417fd318e7cd184e225) C:\Windows\system32\DRIVERS\tcpip.sys
    2010/12/22 22:42:47.0105 tcpipreg (e64444523add154f86567c469bc0b17f) C:\Windows\system32\drivers\tcpipreg.sys
    2010/12/22 22:42:47.0168 TDPIPE (1875c1490d99e70e449e3afae9fcbadf) C:\Windows\system32\drivers\tdpipe.sys
    2010/12/22 22:42:47.0199 TDTCP (7551e91ea999ee9a8e9c331d5a9c31f3) C:\Windows\system32\drivers\tdtcp.sys
    2010/12/22 22:42:47.0230 tdx (cb39e896a2a83702d1737bfd402b3542) C:\Windows\system32\DRIVERS\tdx.sys
    2010/12/22 22:42:47.0246 TermDD (c36f41ee20e6999dbf4b0425963268a5) C:\Windows\system32\DRIVERS\termdd.sys
    2010/12/22 22:42:47.0402 tssecsrv (98ae6fa07d12cb4ec5cf4a9bfa5f4242) C:\Windows\system32\DRIVERS\tssecsrv.sys
    2010/12/22 22:42:47.0449 tunnel (3e461d890a97f9d4c168f5fda36e1d00) C:\Windows\system32\DRIVERS\tunnel.sys
    2010/12/22 22:42:47.0495 uagp35 (750fbcb269f4d7dd2e420c56b795db6d) C:\Windows\system32\DRIVERS\uagp35.sys
    2010/12/22 22:42:47.0527 udfs (09cc3e16f8e5ee7168e01cf8fcbe061a) C:\Windows\system32\DRIVERS\udfs.sys
    2010/12/22 22:42:47.0667 uliagpkx (44e8048ace47befbfdc2e9be4cbc8880) C:\Windows\system32\DRIVERS\uliagpkx.sys
    2010/12/22 22:42:47.0698 umbus (049b3a50b3d646baeeee9eec9b0668dc) C:\Windows\system32\DRIVERS\umbus.sys
    2010/12/22 22:42:47.0745 UmPass (7550ad0c6998ba1cb4843e920ee0feac) C:\Windows\system32\DRIVERS\umpass.sys
    2010/12/22 22:42:47.0792 usbccgp (8455c4ed038efd09e99327f9d2d48ffa) C:\Windows\system32\DRIVERS\usbccgp.sys
    2010/12/22 22:42:47.0901 usbcir (04ec7cec62ec3b6d9354eee93327fc82) C:\Windows\system32\DRIVERS\usbcir.sys
    2010/12/22 22:42:47.0948 usbehci (1c333bfd60f2fed2c7ad5daf533cb742) C:\Windows\system32\DRIVERS\usbehci.sys
    2010/12/22 22:42:47.0995 usbhub (ee6ef93ccfa94fae8c6ab298273d8ae2) C:\Windows\system32\DRIVERS\usbhub.sys
    2010/12/22 22:42:48.0026 usbohci (a6fb7957ea7afb1165991e54ce934b74) C:\Windows\system32\DRIVERS\usbohci.sys
    2010/12/22 22:42:48.0151 usbprint (797d862fe0875e75c7cc4c1ad7b30252) C:\Windows\system32\DRIVERS\usbprint.sys
    2010/12/22 22:42:48.0182 USBSTOR (d8889d56e0d27e57ed4591837fe71d27) C:\Windows\system32\DRIVERS\USBSTOR.SYS
    2010/12/22 22:42:48.0213 usbuhci (78780c3ebce17405b1ccd07a3a8a7d72) C:\Windows\system32\DRIVERS\usbuhci.sys
    2010/12/22 22:42:48.0275 usb_rndisx (d82f43d15fdaa666856c0190cb73e7c9) C:\Windows\system32\DRIVERS\usb8023x.sys
    2010/12/22 22:42:48.0322 VClone (94d73b62e458fb56c9ce60aa96d914f9) C:\Windows\system32\DRIVERS\VClone.sys
    2010/12/22 22:42:48.0431 vdrvroot (a059c4c3edb09e07d21a8e5c0aabd3cb) C:\Windows\system32\DRIVERS\vdrvroot.sys
    2010/12/22 22:42:48.0494 vga (17c408214ea61696cec9c66e388b14f3) C:\Windows\system32\DRIVERS\vgapnp.sys
    2010/12/22 22:42:48.0525 VgaSave (8e38096ad5c8570a6f1570a61e251561) C:\Windows\System32\drivers\vga.sys
    2010/12/22 22:42:48.0556 vhdmp (3be6e1f3a4f1afec8cee0d7883f93583) C:\Windows\system32\DRIVERS\vhdmp.sys
    2010/12/22 22:42:48.0681 viaagp (c829317a37b4bea8f39735d4b076e923) C:\Windows\system32\DRIVERS\viaagp.sys
    2010/12/22 22:42:48.0712 ViaC7 (e02f079a6aa107f06b16549c6e5c7b74) C:\Windows\system32\DRIVERS\viac7.sys
    2010/12/22 22:42:48.0728 viaide (e43574f6a56a0ee11809b48c09e4fd3c) C:\Windows\system32\DRIVERS\viaide.sys
    2010/12/22 22:42:48.0775 vmbus (379b349f65f453d2a6e75ea6b7448e49) C:\Windows\system32\DRIVERS\vmbus.sys
    2010/12/22 22:42:48.0806 VMBusHID (ec2bbab4b84d0738c6c83d2234dc36fe) C:\Windows\system32\DRIVERS\VMBusHID.sys
    2010/12/22 22:42:48.0837 volmgr (384e5a2aa49934295171e499f86ba6f3) C:\Windows\system32\DRIVERS\volmgr.sys
    2010/12/22 22:42:48.0868 volmgrx (b5bb72067ddddbbfb04b2f89ff8c3c87) C:\Windows\system32\drivers\volmgrx.sys
    2010/12/22 22:42:48.0993 volsnap (58df9d2481a56edde167e51b334d44fd) C:\Windows\system32\DRIVERS\volsnap.sys
    2010/12/22 22:42:49.0055 vsmraid (9dfa0cc2f8855a04816729651175b631) C:\Windows\system32\DRIVERS\vsmraid.sys
    2010/12/22 22:42:49.0102 vwifibus (90567b1e658001e79d7c8bbd3dde5aa6) C:\Windows\System32\drivers\vwifibus.sys
    2010/12/22 22:42:49.0243 wacmoumonitor (026d58e9d7701f6b26b0b499f1705334) C:\Windows\system32\DRIVERS\wacmoumonitor.sys
    2010/12/22 22:42:49.0274 wacommousefilter (427a8bc96f16c40df81c2d2f4edd32dd) C:\Windows\system32\DRIVERS\wacommousefilter.sys
    2010/12/22 22:42:49.0305 WacomPen (de3721e89c653aa281428c8a69745d90) C:\Windows\system32\DRIVERS\wacompen.sys
    2010/12/22 22:42:49.0367 wacomvhid (846b58ea44bf8c92e4b59f4e2252c4c0) C:\Windows\system32\DRIVERS\wacomvhid.sys
    2010/12/22 22:42:49.0508 WANARP (692a712062146e96d28ba0b7d75de31b) C:\Windows\system32\DRIVERS\wanarp.sys
    2010/12/22 22:42:49.0523 Wanarpv6 (692a712062146e96d28ba0b7d75de31b) C:\Windows\system32\DRIVERS\wanarp.sys
    2010/12/22 22:42:49.0601 Wd (1112a9badacb47b7c0bb0392e3158dff) C:\Windows\system32\DRIVERS\wd.sys
    2010/12/22 22:42:49.0633 Wdf01000 (9950e3d0f08141c7e89e64456ae7dc73) C:\Windows\system32\drivers\Wdf01000.sys
    2010/12/22 22:42:49.0789 WfpLwf (8b9a943f3b53861f2bfaf6c186168f79) C:\Windows\system32\DRIVERS\wfplwf.sys
    2010/12/22 22:42:49.0820 WIMMount (5cf95b35e59e2a38023836fff31be64c) C:\Windows\system32\drivers\wimmount.sys
    2010/12/22 22:42:49.0882 winachsf (6d2350bb6e77e800fc4be4e5b7a2e89a) C:\Windows\system32\DRIVERS\HSX_CNXT.sys
    2010/12/22 22:42:50.0038 WinUsb (30fc6e5448d0cbaaa95280eeef7fedae) C:\Windows\system32\DRIVERS\WinUSB.sys
    2010/12/22 22:42:50.0101 WmiAcpi (0217679b8fca58714c3bf2726d2ca84e) C:\Windows\system32\DRIVERS\wmiacpi.sys
    2010/12/22 22:42:50.0163 ws2ifsl (6db3276587b853bf886b69528fdb048c) C:\Windows\system32\drivers\ws2ifsl.sys
    2010/12/22 22:42:50.0210 WudfPf (6f9b6c0c93232cff47d0f72d6db1d21e) C:\Windows\system32\drivers\WudfPf.sys
    2010/12/22 22:42:50.0241 WUDFRd (f91ff1e51fca30b3c3981db7d5924252) C:\Windows\system32\DRIVERS\WUDFRd.sys
    2010/12/22 22:42:50.0381 XAudio (5a7ff9a18ff6d7e0527fe3abf9204ef8) C:\Windows\system32\DRIVERS\xaudio.sys
    2010/12/22 22:42:50.0459 xusb21 (276842a27953be204a2507096f09b1f3) C:\Windows\system32\DRIVERS\xusb21.sys
    2010/12/22 22:42:50.0522 \HardDisk0 - detected Rootkit.Win32.TDSS.tdl4 (0)
    2010/12/22 22:42:50.0522 ================================================================================
    2010/12/22 22:42:50.0522 Scan finished
    2010/12/22 22:42:50.0522 ================================================================================
    2010/12/22 22:42:50.0537 Detected object count: 2
    2010/12/22 22:42:56.0200 Locked file(sptd) - User select action: Skip
    2010/12/22 22:42:56.0231 \HardDisk0 - will be cured after reboot
    2010/12/22 22:42:56.0247 Rootkit.Win32.TDSS.tdl4(\HardDisk0) - User select action: Cure
    2010/12/22 22:42:59.0242 Deinitialize success
  4. Broni

    Broni Malware Annihilator Posts: 46,416   +252

    Good job :)
    Killed!

    Download MBRCheck to your desktop

    Double click MBRCheck.exe to run (Vista and Windows 7 users, right click and select Run as Administrator).
    It will show a black screen with some data on it.
    Enter N to exit.
    A report called MBRcheckxxxx.txt will be on your desktop
    Open this report and post its content in your next reply.

    =======================================================================

    Please download ComboFix from Here or Here to your Desktop.

    **Note: In the event you already have Combofix, this is a new version that I need you to download. It is important that it is saved directly to your desktop**
    1. Please, never rename Combofix unless instructed.
    2. Close any open browsers.
    3. Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.
      • Very Important! Temporarily disable your anti-virus, script blocking and any anti-malware real-time protection before performing a scan. They can interfere with ComboFix or remove some of its embedded files which may cause "unpredictable results".
      • Click on this link to see a list of programs that should be disabled. The list is not all inclusive. If yours is not listed and you don't know how to disable it, please ask.
      NOTE1. If Combofix asks you to install Recovery Console, please allow it.
      NOTE 2. If Combofix asks you to update the program, always do so.
      • Close any open browsers.
      • WARNING: Combofix will disconnect your machine from the Internet as soon as it starts
      • Please do not attempt to re-connect your machine back to the Internet until Combofix has completely finished.
      • If there is no internet connection after running Combofix, then restart your computer to restore back your connection.
    4. Double click on combofix.exe & follow the prompts.
    5. When finished, it will produce a report for you.
    6. Please post the "C:\ComboFix.txt"
    **Note 1: Do not mouseclick combofix's window while it's running. That may cause it to stall
    **Note 2 for AVG users: ComboFix will not run until AVG is uninstalled as a protective measure against the anti-virus. This is because AVG "falsely" detects ComboFix (or its embedded files) as a threat and may remove them resulting in the tool not working correctly which in turn can cause "unpredictable results". Since AVG cannot be effectively disabled before running ComboFix, the author recommends you to uninstall AVG first.
    Use AppRemover to uninstall it: http://www.appremover.com/
    We can reinstall it when we're done with CF.
    **Note 3: If you receive an error "Illegal operation attempted on a registery key that has been marked for deletion", restart computer to fix the issue.



    Make sure, you re-enable your security programs, when you're done with Combofix.

    ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

    NOTE.
    If, for some reason, Combofix refuses to run, try one of the following:

    1. Run Combofix from Safe Mode.

    2. Delete Combofix file, download fresh one, but rename combofix.exe to your_name.exe BEFORE saving it to your desktop.
    Do NOT run it yet.

    Please download and run the below tool named Rkill (courtesy of BleepingComputer.com) which may help allow other programs to run.

    There are 4 different versions. If one of them won't run then download and try to run the other one.

    Vista and Win7 users need to right click Rkill and choose Run as Administrator

    You only need to get one of these to run, not all of them. You may get warnings from your antivirus about this tool, ignore them or shutdown your antivirus.

    Rkill.com
    Rkill.scr
    Rkill.pif
    Rkill.exe

    • Double-click on the Rkill desktop icon to run the tool.
    • If using Vista or Windows 7 right-click on it and choose Run As Administrator.
    • A black DOS box will briefly flash and then disappear. This is normal and indicates the tool ran successfully.
    • If not, delete the file, then download and use the one provided in Link 2.
    • If it does not work, repeat the process and attempt to use one of the remaining links until the tool runs.
    • Do not reboot until instructed.
    • If the tool does not run from any of the links provided, please let me know.

    Once you've gotten one of them to run, immediately run your_name.exe by double clicking on it.

    If normal mode still doesn't work, run BOTH tools from safe mode.

    In case #2, please post BOTH logs, rKill and Combofix.

    DO NOT make any other changes to your computer (like installing programs, using other cleaning tools, etc.), until it's officially declared clean!!!
  5. buggedBoy

    buggedBoy Newcomer, in training Topic Starter

    MBRCheck, version 1.2.3
    (c) 2010, AD

    Command-line:
    Windows Version: Windows 7 Professional
    Windows Information: (build 7600), 32-bit
    Base Board Manufacturer: Dell Inc.
    BIOS Manufacturer: Dell Inc.
    System Manufacturer: Dell Inc.
    System Product Name: Latitude D820
    Logical Drives Mask: 0x0000001c

    Kernel Drivers (total 172):
    0x82C07000 \SystemRoot\system32\ntkrnlpa.exe
    0x83017000 \SystemRoot\system32\halmacpi.dll
    0x80BAB000 \SystemRoot\system32\kdcom.dll
    0x8320E000 \SystemRoot\system32\mcupdate_GenuineIntel.dll
    0x83286000 \SystemRoot\system32\PSHED.dll
    0x83297000 \SystemRoot\system32\BOOTVID.dll
    0x8329F000 \SystemRoot\system32\CLFS.SYS
    0x832E1000 \SystemRoot\system32\CI.dll
    0x8338C000 \SystemRoot\system32\drivers\Wdf01000.sys
    0x83200000 \SystemRoot\system32\drivers\WDFLDR.SYS
    0x88E02000 \SystemRoot\System32\Drivers\spah.sys
    0x88EF5000 \SystemRoot\System32\Drivers\WMILIB.SYS
    0x88EFE000 \SystemRoot\System32\Drivers\SCSIPORT.SYS
    0x88F24000 \SystemRoot\system32\DRIVERS\ACPI.sys
    0x88F6C000 \SystemRoot\system32\DRIVERS\msisadrv.sys
    0x88F74000 \SystemRoot\system32\DRIVERS\vdrvroot.sys
    0x88F7F000 \SystemRoot\system32\DRIVERS\pci.sys
    0x88FA9000 \SystemRoot\System32\drivers\partmgr.sys
    0x88FBA000 \SystemRoot\system32\DRIVERS\compbatt.sys
    0x88FC2000 \SystemRoot\system32\DRIVERS\BATTC.SYS
    0x88FCD000 \SystemRoot\system32\DRIVERS\volmgr.sys
    0x89030000 \SystemRoot\System32\drivers\volmgrx.sys
    0x8907B000 \SystemRoot\system32\DRIVERS\intelide.sys
    0x89082000 \SystemRoot\system32\DRIVERS\PCIIDEX.SYS
    0x89090000 \SystemRoot\system32\DRIVERS\pcmcia.sys
    0x890BE000 \SystemRoot\System32\drivers\mountmgr.sys
    0x890D4000 \SystemRoot\system32\DRIVERS\atapi.sys
    0x890DD000 \SystemRoot\system32\DRIVERS\ataport.SYS
    0x89100000 \SystemRoot\system32\DRIVERS\amdxata.sys
    0x89109000 \SystemRoot\system32\drivers\fltmgr.sys
    0x8913D000 \SystemRoot\system32\drivers\fileinfo.sys
    0x8922B000 \SystemRoot\System32\Drivers\Ntfs.sys
    0x8935A000 \SystemRoot\System32\Drivers\msrpc.sys
    0x89385000 \SystemRoot\System32\Drivers\ksecdd.sys
    0x89398000 \SystemRoot\System32\Drivers\cng.sys
    0x89200000 \SystemRoot\System32\drivers\pcw.sys
    0x8920E000 \SystemRoot\System32\Drivers\Fs_Rec.sys
    0x89422000 \SystemRoot\system32\drivers\ndis.sys
    0x894D9000 \SystemRoot\system32\drivers\NETIO.SYS
    0x89517000 \SystemRoot\System32\Drivers\ksecpkg.sys
    0x89603000 \SystemRoot\System32\drivers\tcpip.sys
    0x8974C000 \SystemRoot\System32\drivers\fwpkclnt.sys
    0x8977D000 \SystemRoot\system32\DRIVERS\vmstorfl.sys
    0x89786000 \SystemRoot\system32\DRIVERS\volsnap.sys
    0x897C5000 \SystemRoot\System32\Drivers\spldr.sys
    0x897CD000 \SystemRoot\system32\speedfan.sys
    0x897CF000 \SystemRoot\System32\drivers\rdyboost.sys
    0x8953C000 \SystemRoot\System32\Drivers\mup.sys
    0x8954C000 \SystemRoot\System32\drivers\hwpolicy.sys
    0x897FC000 \SystemRoot\system32\giveio.sys
    0x89554000 \SystemRoot\System32\DRIVERS\fvevol.sys
    0x89586000 \SystemRoot\system32\DRIVERS\disk.sys
    0x89597000 \SystemRoot\system32\DRIVERS\CLASSPNP.SYS
    0x89400000 \SystemRoot\system32\DRIVERS\cdrom.sys
    0x8914E000 \SystemRoot\system32\DRIVERS\MpFilter.sys
    0x895EE000 \SystemRoot\System32\Drivers\Null.SYS
    0x895F5000 \SystemRoot\System32\Drivers\Beep.SYS
    0x89217000 \SystemRoot\System32\drivers\vga.sys
    0x89171000 \SystemRoot\System32\drivers\VIDEOPRT.SYS
    0x89192000 \SystemRoot\System32\drivers\watchdog.sys
    0x89223000 \SystemRoot\System32\DRIVERS\RDPCDD.sys
    0x893F5000 \SystemRoot\system32\drivers\rdpencdd.sys
    0x8919F000 \SystemRoot\system32\drivers\rdprefmp.sys
    0x891A7000 \SystemRoot\System32\Drivers\Msfs.SYS
    0x891B2000 \SystemRoot\System32\Drivers\Npfs.SYS
    0x891C0000 \SystemRoot\system32\DRIVERS\tdx.sys
    0x891D7000 \SystemRoot\system32\DRIVERS\TDI.SYS
    0x8DC0A000 \SystemRoot\system32\drivers\afd.sys
    0x8DC64000 \SystemRoot\System32\DRIVERS\netbt.sys
    0x8DC96000 \SystemRoot\system32\DRIVERS\wfplwf.sys
    0x8DC9D000 \SystemRoot\system32\DRIVERS\pacer.sys
    0x8DCBC000 \SystemRoot\system32\DRIVERS\netbios.sys
    0x8DCCA000 \SystemRoot\system32\DRIVERS\serial.sys
    0x8DCE4000 \SystemRoot\system32\DRIVERS\wanarp.sys
    0x8DCF7000 \SystemRoot\system32\DRIVERS\termdd.sys
    0x8DD07000 \SystemRoot\system32\DRIVERS\rdbss.sys
    0x8DD48000 \SystemRoot\system32\DRIVERS\omci.sys
    0x8DD53000 \SystemRoot\system32\drivers\nsiproxy.sys
    0x8DD5D000 \SystemRoot\system32\DRIVERS\mssmbios.sys
    0x8DD67000 \SystemRoot\System32\Drivers\ElbyCDIO.sys
    0x8DD6C000 \SystemRoot\System32\drivers\discache.sys
    0x8DD78000 \SystemRoot\system32\drivers\csc.sys
    0x8DDDC000 \SystemRoot\System32\Drivers\dfsc.sys
    0x891E2000 \SystemRoot\system32\DRIVERS\blbdrive.sys
    0x89000000 \SystemRoot\system32\DRIVERS\tunnel.sys
    0x88FDD000 \SystemRoot\system32\DRIVERS\intelppm.sys
    0x8DDF4000 \SystemRoot\system32\DRIVERS\wmiacpi.sys
    0x8DC00000 \SystemRoot\system32\DRIVERS\CmBatt.sys
    0x8E816000 \SystemRoot\system32\DRIVERS\nvlddmkm.sys
    0x8E01D000 \SystemRoot\System32\drivers\dxgkrnl.sys
    0x8E0D4000 \SystemRoot\System32\drivers\dxgmms1.sys
    0x8E10D000 \SystemRoot\system32\DRIVERS\HDAudBus.sys
    0x8F615000 \SystemRoot\system32\DRIVERS\netw5v32.sys
    0x8FA28000 \SystemRoot\system32\DRIVERS\b57nd60x.sys
    0x8FA64000 \SystemRoot\system32\DRIVERS\usbuhci.sys
    0x8FA6F000 \SystemRoot\system32\DRIVERS\USBPORT.SYS
    0x8FABA000 \SystemRoot\system32\DRIVERS\usbehci.sys
    0x8FAC9000 \SystemRoot\system32\DRIVERS\1394ohci.sys
    0x8FAF5000 \SystemRoot\system32\DRIVERS\i8042prt.sys
    0x8FB0D000 \SystemRoot\system32\DRIVERS\Apfiltr.sys
    0x8FB39000 \SystemRoot\system32\DRIVERS\mouclass.sys
    0x8FB46000 \SystemRoot\system32\DRIVERS\kbdclass.sys
    0x8FB53000 \SystemRoot\system32\DRIVERS\serenum.sys
    0x8FB5D000 \SystemRoot\system32\DRIVERS\CompositeBus.sys
    0x8FB6A000 \SystemRoot\system32\DRIVERS\wacomvhid.sys
    0x8FB6D000 \SystemRoot\system32\DRIVERS\HIDCLASS.SYS
    0x8FB80000 \SystemRoot\system32\DRIVERS\HIDPARSE.SYS
    0x8FB87000 \SystemRoot\system32\DRIVERS\AgileVpn.sys
    0x8FB99000 \SystemRoot\system32\DRIVERS\rasl2tp.sys
    0x8FBB1000 \SystemRoot\system32\DRIVERS\ndistapi.sys
    0x8FBBC000 \SystemRoot\system32\DRIVERS\ndiswan.sys
    0x8FBDE000 \SystemRoot\system32\DRIVERS\raspppoe.sys
    0x8E12C000 \SystemRoot\system32\DRIVERS\raspptp.sys
    0x8E143000 \SystemRoot\system32\DRIVERS\rassstp.sys
    0x8F600000 \SystemRoot\System32\Drivers\pcouffin.sys
    0x8FBF6000 \SystemRoot\system32\DRIVERS\rdpbus.sys
    0x8E15A000 \SystemRoot\system32\DRIVERS\VClone.sys
    0x8F60C000 \SystemRoot\system32\DRIVERS\swenum.sys
    0x8E165000 \SystemRoot\system32\DRIVERS\ks.sys
    0x8E199000 \SystemRoot\system32\DRIVERS\umbus.sys
    0x8E1A7000 \SystemRoot\system32\DRIVERS\usbhub.sys
    0x8E1EB000 \SystemRoot\system32\DRIVERS\mouhid.sys
    0x8E1F6000 \SystemRoot\system32\DRIVERS\wacommousefilter.sys
    0x8E000000 \SystemRoot\System32\Drivers\NDProxy.SYS
    0x8EF5D000 \SystemRoot\system32\drivers\stwrt.sys
    0x8EFB2000 \SystemRoot\system32\drivers\portcls.sys
    0x8EFE1000 \SystemRoot\system32\drivers\drmk.sys
    0x90027000 \SystemRoot\system32\DRIVERS\HSXHWAZL.sys
    0x90064000 \SystemRoot\system32\DRIVERS\HSX_DPV.sys
    0x8FE23000 \SystemRoot\system32\DRIVERS\HSX_CNXT.sys
    0x8FED7000 \SystemRoot\system32\drivers\modem.sys
    0x8FEE4000 \SystemRoot\System32\Drivers\crashdmp.sys
    0x8FEF1000 \SystemRoot\System32\Drivers\dump_dumpata.sys
    0x8FEFC000 \SystemRoot\System32\Drivers\dump_atapi.sys
    0x8FF05000 \SystemRoot\System32\Drivers\dump_dumpfve.sys
    0x82300000 \SystemRoot\System32\win32k.sys
    0x8FF16000 \SystemRoot\System32\drivers\Dxapi.sys
    0x8FF4A000 \SystemRoot\system32\DRIVERS\monitor.sys
    0x82560000 \SystemRoot\System32\TSDDD.dll
    0x82590000 \SystemRoot\System32\cdd.dll
    0x825B0000 \SystemRoot\System32\ATMFD.DLL
    0x8FF55000 \SystemRoot\system32\drivers\luafv.sys
    0x8FF70000 \SystemRoot\system32\drivers\WudfPf.sys
    0x8FF8A000 \SystemRoot\system32\DRIVERS\WinUSB.sys
    0x8FF93000 \SystemRoot\system32\DRIVERS\WUDFRd.sys
    0x8FFB4000 \SystemRoot\System32\DRIVERS\scfilter.sys
    0x8FFC0000 \SystemRoot\system32\DRIVERS\lltdio.sys
    0x90167000 \SystemRoot\system32\DRIVERS\nwifi.sys
    0x8FFD0000 \SystemRoot\system32\DRIVERS\ndisuio.sys
    0x8FFE0000 \SystemRoot\system32\DRIVERS\rspndr.sys
    0x99E23000 \SystemRoot\system32\drivers\HTTP.sys
    0x99EA8000 \SystemRoot\system32\DRIVERS\bowser.sys
    0x99EC1000 \SystemRoot\System32\drivers\mpsdrv.sys
    0x99ED3000 \SystemRoot\system32\DRIVERS\mrxsmb.sys
    0x99EF6000 \SystemRoot\system32\DRIVERS\mrxsmb10.sys
    0x99F31000 \SystemRoot\system32\DRIVERS\mrxsmb20.sys
    0x99F64000 \SystemRoot\system32\DRIVERS\mdmxsdk.sys
    0x99F68000 \SystemRoot\system32\DRIVERS\MpNWMon.sys
    0x99F71000 \SystemRoot\system32\drivers\npf.sys
    0x9AC2A000 \SystemRoot\system32\drivers\peauth.sys
    0x9ACC1000 \SystemRoot\System32\Drivers\secdrv.SYS
    0x9ACCB000 \SystemRoot\System32\DRIVERS\srvnet.sys
    0x9ACEC000 \SystemRoot\System32\drivers\tcpipreg.sys
    0x9ACF9000 \SystemRoot\system32\DRIVERS\xaudio.sys
    0x9AD01000 \SystemRoot\System32\DRIVERS\srv2.sys
    0x9AD50000 \SystemRoot\System32\DRIVERS\srv.sys
    0x9ADA1000 \SystemRoot\System32\Drivers\fastfat.SYS
    0x9ADCB000 \SystemRoot\system32\DRIVERS\asyncmac.sys
    0x77780000 \Windows\System32\ntdll.dll
    0x47B60000 \Windows\System32\smss.exe
    0x779C0000 \Windows\System32\apisetschema.dll
    0x00B50000 \Windows\System32\autochk.exe

    Processes (total 74):
    0 System Idle Process
    4 System
    248 C:\Windows\System32\smss.exe
    396 csrss.exe
    456 C:\Windows\System32\wininit.exe
    472 csrss.exe
    520 C:\Windows\System32\services.exe
    528 C:\Windows\System32\lsass.exe
    536 C:\Windows\System32\lsm.exe
    584 C:\Windows\System32\winlogon.exe
    692 C:\Windows\System32\svchost.exe
    772 C:\Windows\System32\svchost.exe
    852 C:\Program Files\Microsoft Security Essentials\MsMpEng.exe
    932 C:\Windows\System32\svchost.exe
    992 C:\Windows\System32\svchost.exe
    1036 C:\Windows\System32\svchost.exe
    1156 C:\Windows\System32\svchost.exe
    1340 C:\Program Files\Tablet\Pen\Pen_TouchService.exe
    1368 C:\Windows\System32\wisptis.exe
    1472 WUDFHost.exe
    1572 C:\Windows\System32\svchost.exe
    1640 C:\Windows\System32\wlanext.exe
    1648 C:\Windows\System32\conhost.exe
    1728 C:\Windows\System32\spoolsv.exe
    1764 C:\Windows\System32\svchost.exe
    1792 C:\Windows\System32\svchost.exe
    1912 C:\Program Files\Intel\WiFi\bin\EvtEng.exe
    1336 C:\Program Files\MySQL\MySQL Server 5.1\bin\mysqld.exe
    1652 C:\Program Files\Cisco\Cisco NAC Agent\NACAgent.exe
    264 C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe
    408 C:\Windows\System32\stacsv.exe
    2068 C:\Windows\System32\svchost.exe
    2160 C:\Program Files\Tablet\Pen\Pen_Tablet.exe
    2212 C:\Windows\System32\drivers\XAudio.exe
    2364 WmiPrvSE.exe
    2904 C:\Windows\System32\svchost.exe
    3324 C:\Windows\System32\wisptis.exe
    3344 C:\Windows\System32\taskhost.exe
    3408 C:\Windows\System32\dwm.exe
    3452 C:\Windows\explorer.exe
    3484 C:\Program Files\Tablet\Pen\Pen_TouchUser.exe
    3652 C:\Windows\System32\rundll32.exe
    3660 C:\Windows\System32\rundll32.exe
    3672 C:\Windows\System32\rundll32.exe
    3684 C:\Program Files\DellTPad\Apoint.exe
    3704 C:\Program Files\SigmaTel\C-Major Audio\WDM\sttray.exe
    3712 C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe
    3724 C:\Program Files\Tablet\Pen\Pen_TabletUser.exe
    3752 C:\Program Files\Microsoft IntelliPoint\ipoint.exe
    3780 C:\Program Files\Cisco\Cisco NAC Agent\NACAgentUI.exe
    3800 C:\Program Files\DellTPad\ApMsgFwd.exe
    3828 C:\Program Files\Microsoft Security Essentials\msseces.exe
    3856 C:\Program Files\Tablet\Pen\Pen_Tablet.exe
    3912 C:\Program Files\Digital Line Detect\DLG.exe
    2428 C:\Program Files\DellTPad\ApntEx.exe
    2892 C:\Program Files\DellTPad\hidfind.exe
    2880 C:\Windows\System32\conhost.exe
    1088 C:\Windows\System32\SearchIndexer.exe
    3244 C:\Program Files\Windows Media Player\wmpnetwk.exe
    2172 C:\Users\rdeluca\AppData\Local\Google\Chrome\Application\chrome.exe
    3016 C:\Users\rdeluca\AppData\Local\Google\Chrome\Application\chrome.exe
    600 C:\Users\rdeluca\AppData\Local\Google\Chrome\Application\chrome.exe
    2624 C:\Users\rdeluca\AppData\Local\Google\Chrome\Application\chrome.exe
    3224 C:\Users\rdeluca\AppData\Local\Google\Chrome\Application\chrome.exe
    1524 C:\Users\rdeluca\AppData\Local\Google\Chrome\Application\chrome.exe
    2760 C:\Users\rdeluca\AppData\Local\Google\Chrome\Application\chrome.exe
    3040 C:\Windows\System32\audiodg.exe
    3304 C:\Program Files\Notepad++\notepad++.exe
    3924 C:\Users\rdeluca\AppData\Local\Google\Chrome\Application\chrome.exe
    3584 C:\Windows\System32\SearchProtocolHost.exe
    1860 C:\Windows\System32\SearchFilterHost.exe
    708 C:\Users\rdeluca\Desktop\MBRCheck.exe
    1444 C:\Windows\System32\conhost.exe
    3580 C:\Windows\System32\dllhost.exe

    \\.\C: --> \\.\PhysicalDrive0 at offset 0x00000000`84700000 (NTFS)
    \\.\D: --> \\.\PhysicalDrive0 at offset 0x00000000`04700000 (NTFS)

    PhysicalDrive0 Model Number: HitachiHTS721080G9SA00, Rev: MC4OC10H

    Size Device Name MBR Status
    --------------------------------------------
    74 GB \\.\PhysicalDrive0 Windows 7 MBR code detected
    SHA1: 4379A3D43019B46FA357F7DD6A53B45A3CA8FB79


    Done!

    ComboFix 10-12-22.01 - rdeluca 12/22/2010 23:11:46.1.2 - x86
    Microsoft Windows 7 Professional 6.1.7600.0.1252.1.1033.18.2046.1226 [GMT -5:00]
    Running from: c:\users\rdeluca\Desktop\ComboFix.exe
    AV: Microsoft Security Essentials *Disabled/Updated* {BF5CEBDC-F2D3-7540-343C-F0CE11FD6E66}
    SP: Microsoft Security Essentials *Disabled/Updated* {043D0A38-D4E9-7ACE-0E8C-CBBC6A7A24DB}
    SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
    * Created a new restore point
    .

    ((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
    .

    C:\install.exe
    c:\users\rdeluca\AppData\Roaming\inst.exe
    c:\windows\AppPatch\Custom\{deb7008b-681e-4a4a-8aae-cc833e8216ce}.sdb
    c:\windows\XSxS

    .
    ((((((((((((((((((((((((( Files Created from 2010-11-23 to 2010-12-23 )))))))))))))))))))))))))))))))
    .

    2010-12-23 04:19 . 2010-12-23 04:19 -------- d-----w- c:\users\rdeluca\AppData\Local\temp
    2010-12-22 22:41 . 2010-12-22 22:41 -------- d-----w- c:\users\rdeluca\AppData\Roaming\Malwarebytes
    2010-12-22 22:40 . 2010-12-20 23:09 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
    2010-12-22 22:40 . 2010-12-22 22:40 -------- d-----w- c:\programdata\Malwarebytes
    2010-12-22 22:40 . 2010-12-22 22:40 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
    2010-12-22 22:40 . 2010-12-20 23:08 20952 ----a-w- c:\windows\system32\drivers\mbam.sys
    2010-12-22 20:18 . 2010-12-22 20:18 -------- d-----w- C:\adfbca92fe17870c1ff1141b9ba4
    2010-12-22 20:18 . 2010-09-07 16:12 38848 ----a-w- c:\windows\avastSS.scr
    2010-12-22 20:18 . 2010-09-07 16:11 167592 ----a-w- c:\windows\system32\aswBoot.exe
    2010-12-22 20:18 . 2010-12-22 20:18 -------- d-----w- c:\programdata\Alwil Software
    2010-12-22 20:18 . 2010-12-22 20:18 -------- d-----w- c:\program files\Alwil Software
    2010-12-22 20:05 . 2010-11-10 04:33 6273872 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{0CF4AAF1-F829-4B10-9356-C2E93187AFC5}\mpengine.dll
    2010-12-21 17:14 . 2010-12-21 17:14 -------- d-----w- c:\users\rdeluca\AppData\Roaming\dvdcss
    2010-12-21 01:10 . 2010-12-21 01:12 -------- d-----w- c:\windows\rescache
    2010-12-15 02:52 . 2010-10-20 03:00 2327552 ----a-w- c:\windows\system32\win32k.sys
    2010-12-15 02:49 . 2010-10-20 04:54 34304 ----a-w- c:\windows\system32\atmlib.dll
    2010-12-15 02:49 . 2010-10-20 02:58 294400 ----a-w- c:\windows\system32\atmfd.dll
    2010-12-15 02:49 . 2010-10-16 04:36 314368 ----a-w- c:\windows\system32\webio.dll
    2010-12-15 02:49 . 2010-10-16 04:41 101760 ----a-w- c:\windows\system32\consent.exe
    2010-12-10 18:10 . 2010-12-10 18:10 -------- d-----w- c:\program files\MSXML 4.0
    2010-12-09 18:15 . 2010-12-09 18:15 539968 ----a-w- c:\programdata\Microsoft\eHome\Packages\MCESpotlight\MCESpotlight-2\SpotlightResources.dll
    2010-12-08 21:42 . 2010-12-08 21:42 -------- d-----w- c:\program files\Motorola
    2010-12-08 17:56 . 2010-12-08 17:56 -------- d-----w- c:\program files\Common Files\Motorola Shared
    2010-12-08 17:54 . 2010-12-09 02:11 -------- d-----w- C:\android
    2010-12-06 06:00 . 2010-12-06 06:00 -------- d-----w- c:\programdata\vsosdk
    2010-12-06 04:11 . 2010-12-06 04:11 -------- d-----w- c:\users\rdeluca\AppData\Roaming\ImgBurn
    2010-12-06 03:48 . 2010-12-06 03:48 47360 ----a-w- c:\windows\system32\drivers\pcouffin.sys
    2010-12-06 03:48 . 2010-12-06 03:48 47360 ----a-w- c:\users\rdeluca\AppData\Roaming\pcouffin.sys
    2010-12-06 03:48 . 2010-12-21 18:19 -------- d-----w- c:\users\rdeluca\AppData\Roaming\Vso
    2010-12-06 03:48 . 2007-03-19 01:37 65602 ----a-w- c:\windows\system32\cook3260.dll
    2010-12-06 03:48 . 2006-09-29 17:26 176165 ----a-w- c:\windows\system32\drv23260.dll
    2010-12-06 03:48 . 2006-09-29 17:25 208935 ----a-w- c:\windows\system32\drv33260.dll
    2010-12-06 03:48 . 2006-09-29 17:24 217127 ----a-w- c:\windows\system32\drv43260.dll
    2010-12-06 03:48 . 2002-12-10 07:20 102439 ----a-w- c:\windows\system32\sipr3260.dll
    2010-12-06 03:48 . 2006-05-20 21:16 1184984 ----a-w- c:\windows\system32\wvc1dmod.dll
    2010-12-06 03:48 . 2006-05-12 00:21 626688 ----a-w- c:\windows\system32\vp7vfw.dll
    2010-12-06 03:48 . 2010-12-06 03:48 -------- d-----w- c:\program files\VSO
    2010-12-06 03:47 . 2010-12-06 03:47 -------- d-----w- c:\users\rdeluca\AppData\Roaming\DAEMON Tools Lite
    2010-12-06 03:47 . 2010-12-06 03:47 -------- d-----w- c:\programdata\DAEMON Tools Lite
    2010-12-01 03:03 . 2010-12-01 03:03 -------- d-----w- c:\program files\Recuva
    2010-11-25 01:05 . 2010-11-25 01:05 737072 ----a-w- c:\programdata\Microsoft\eHome\Packages\SportsV2\SportsTemplateCore\Microsoft.MediaCenter.Sports.UI.dll
    2010-11-25 01:04 . 2010-11-25 01:04 4277016 ----a-w- c:\programdata\Microsoft\eHome\Packages\MCEClientUX\UpdateableMarkup\markup.dll
    2010-11-25 01:04 . 2010-11-25 01:04 42776 ----a-w- c:\programdata\Microsoft\eHome\Packages\MCEClientUX\dSM\StartResources.dll
    2010-11-25 01:04 . 2010-11-25 01:04 588096 ----a-w- c:\programdata\Microsoft\eHome\Packages\MCESpotlight\MCESpotlight\SpotlightResources.dll
    2010-11-24 04:35 . 2010-10-28 17:23 2217088 ----a-w- c:\windows\system32\BootMan.exe
    2010-11-24 04:35 . 2010-07-15 13:44 14848 ----a-w- c:\windows\system32\EuEpmGdi.dll
    2010-11-24 04:35 . 2010-07-15 13:44 86408 ----a-w- c:\windows\system32\setupempdrv03.exe
    2010-11-24 04:35 . 2010-07-15 13:44 8456 ----a-w- c:\windows\system32\EuGdiDrv.sys
    2010-11-24 04:35 . 2010-07-15 13:44 14216 ----a-w- c:\windows\system32\epmntdrv.sys
    2010-11-24 04:35 . 2010-11-24 04:35 -------- d-----w- c:\program files\EASEUS

    .
    (((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
    .
    2010-11-10 04:33 . 2010-08-31 16:37 6273872 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\Backup\mpengine.dll
    2010-11-02 20:35 . 2010-11-02 20:35 472808 ----a-w- c:\windows\system32\deployJava1.dll
    2010-10-19 20:51 . 2010-03-06 21:35 222080 ----a-w- c:\windows\system32\MpSigStub.exe
    .

    ((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
    .
    .
    *Note* empty entries & legit default entries are not shown
    REGEDIT4

    [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "Google Update"="c:\users\rdeluca\AppData\Local\Google\Update\GoogleUpdate.exe" [2010-12-22 136176]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "NvSvc"="c:\windows\system32\nvsvc.dll" [2007-11-17 86016]
    "NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2007-11-17 8501792]
    "NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2007-11-17 81920]
    "NVHotkey"="c:\windows\system32\nvHotkey.dll" [2007-11-17 86016]
    "Apoint"="c:\program files\DellTPad\Apoint.exe" [2007-07-02 159744]
    "GrooveMonitor"="c:\program files\Microsoft Office\Office12\GrooveMonitor.exe" [2008-10-25 31072]
    "IntelliPoint"="c:\program files\Microsoft IntelliPoint\ipoint.exe" [2009-11-11 1468256]
    "NACAgentUI"="c:\program files\Cisco\Cisco NAC Agent\NACAgentUI.exe" [2010-07-09 487680]
    "MSSE"="c:\program files\Microsoft Security Essentials\msseces.exe" [2010-09-15 1094224]

    c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
    Digital Line Detect.lnk - c:\program files\Digital Line Detect\DLG.exe [2010-3-6 50688]

    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
    "ConsentPromptBehaviorAdmin"= 0 (0x0)
    "ConsentPromptBehaviorUser"= 3 (0x3)
    "EnableLUA"= 0 (0x0)
    "EnableUIADesktopToggle"= 0 (0x0)
    "PromptOnSecureDesktop"= 0 (0x0)

    [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
    "mixer"=wdmaud.drv

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MsMpSvc]
    @="Service"

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]
    @="Driver"

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AdobeCS4ServiceManager]
    2008-08-14 11:58 611712 ----a-w- c:\program files\Common Files\Adobe\CS4ServiceManager\CS4ServiceManager.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Steam]
    2010-08-30 01:58 1242448 ----a-w- c:\program files\Steam\steam.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\VirtualCloneDrive]
    2009-06-17 11:44 85160 ----a-w- c:\program files\Elaborate Bytes\VirtualCloneDrive\VCDDaemon.exe

    R3 DBGUBZD;DBGUBZD;c:\users\rdeluca\AppData\Local\Temp\DBGUBZD.exe [x]
    R3 dc3d;MS Hardware Device Detection Driver (HID);c:\windows\system32\DRIVERS\dc3d.sys [2009-11-10 22384]
    R3 DXP;DXP;c:\users\rdeluca\AppData\Local\Temp\DXP.exe [x]
    R3 epmntdrv;epmntdrv;c:\windows\system32\epmntdrv.sys [2010-07-15 14216]
    R3 EuGdiDrv;EuGdiDrv;c:\windows\system32\EuGdiDrv.sys [2010-07-15 8456]
    R3 KCFEZTAMNFZO;KCFEZTAMNFZO;c:\users\rdeluca\AppData\Local\Temp\KCFEZTAMNFZO.exe [x]
    R3 MotDev;Motorola Inc. USB Device;c:\windows\system32\DRIVERS\motodrv.sys [2009-05-08 42752]
    R3 SrvHsfHDA;SrvHsfHDA;c:\windows\system32\DRIVERS\VSTAZL3.SYS [2009-07-13 207360]
    R3 SrvHsfV92;SrvHsfV92;c:\windows\system32\DRIVERS\VSTDPV3.SYS [2009-07-13 980992]
    R3 SrvHsfWinac;SrvHsfWinac;c:\windows\system32\DRIVERS\VSTCNXT3.SYS [2009-07-13 661504]
    R3 wacmoumonitor;Wacom Mode Helper;c:\windows\system32\DRIVERS\wacmoumonitor.sys [2010-05-19 16240]
    R3 WAGNZRHIZYK;WAGNZRHIZYK;c:\users\rdeluca\AppData\Local\Temp\WAGNZRHIZYK.exe [x]
    R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe [2010-03-09 1343400]
    S0 sptd;sptd;c:\windows\System32\Drivers\sptd.sys [2010-03-07 691696]
    S2 NACAgent;Cisco NAC Agent;c:\program files\Cisco\Cisco NAC Agent\NACAgent.exe [2010-07-09 1053440]
    S2 NPF;NetGroup Packet Filter Driver;c:\windows\system32\drivers\npf.sys [2009-10-20 50704]
    S2 TabletServicePen;TabletServicePen;c:\program files\Tablet\Pen\Pen_Tablet.exe [2010-07-13 6076272]
    S2 TouchServicePen;Wacom Consumer Touch Service;c:\program files\Tablet\Pen\Pen_TouchService.exe [2010-07-13 616816]
    S3 MpNWMon;Microsoft Malware Protection Network Driver;c:\windows\system32\DRIVERS\MpNWMon.sys [2010-03-26 42368]
    S3 netw5v32;Intel(R) Wireless WiFi Link 5000 Series Adapter Driver for Windows Vista 32 Bit;c:\windows\system32\DRIVERS\netw5v32.sys [2009-05-29 4233728]

    .
    Contents of the 'Scheduled Tasks' folder

    2010-12-22 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1441931260-54369168-2957783495-1001Core.job
    - c:\users\rdeluca\AppData\Local\Google\Update\GoogleUpdate.exe [2010-12-22 20:15]

    2010-12-23 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1441931260-54369168-2957783495-1001UA.job
    - c:\users\rdeluca\AppData\Local\Google\Update\GoogleUpdate.exe [2010-12-22 20:15]
    .
    .
    ------- Supplementary Scan -------
    .
    uStart Page = hxxp://mail.lhup.edu/
    uInternet Settings,ProxyOverride = *.local
    IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~4\Office12\EXCEL.EXE/3000
    .
    - - - - ORPHANS REMOVED - - - -

    HKLM-Run-SigmatelSysTrayApp - %ProgramFiles%\SigmaTel\C-Major Audio\WDM\sttray.exe
    MSConfigStartUp-AlcoholAutomount - c:\program files\Alcohol Soft\Alcohol 120\axcmd.exe
    MSConfigStartUp-DAEMON Tools Pro Agent - c:\program files\DAEMON Tools Pro\DTProAgent.exe



    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\MySQL]
    "ImagePath"="\"c:\program files\MySQL\MySQL Server 5.1\bin\mysqld\" --defaults-file=\"c:\program files\MySQL\MySQL Server 5.1\my.ini\" MySQL"
    .
    --------------------- LOCKED REGISTRY KEYS ---------------------

    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
    @Denied: (A) (Users)
    @Denied: (A) (Everyone)
    @Allowed: (B 1 2 3 4 5) (S-1-5-20)
    "BlindDial"=dword:00000000

    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
    @Denied: (Full) (Everyone)
    .
    Completion time: 2010-12-22 23:21:41
    ComboFix-quarantined-files.txt 2010-12-23 04:21

    Pre-Run: 3,783,008,256 bytes free
    Post-Run: 3,691,540,480 bytes free

    - - End Of File - - D85181D071C5AB377673E5B7DF9E67AA
  6. Broni

    Broni Malware Annihilator Posts: 46,416   +252

    Previously, I said:
    Please, do it now and post fresh Combofix log.
  7. buggedBoy

    buggedBoy Newcomer, in training Topic Starter

    Uhh? I did uninstall Avira before I ran those but I made sure it was completely gone (it was) and ran combofix again
    ----------------========================-------------------------------------------------------


    ComboFix 10-12-22.03 - rdeluca 12/22/2010 23:53:26.2.2 - x86
    Microsoft Windows 7 Professional 6.1.7600.0.1252.1.1033.18.2046.972 [GMT -5:00]
    Running from: c:\users\rdeluca\Desktop\ComboFix.exe
    AV: Microsoft Security Essentials *Disabled/Updated* {BF5CEBDC-F2D3-7540-343C-F0CE11FD6E66}
    SP: Microsoft Security Essentials *Disabled/Updated* {043D0A38-D4E9-7ACE-0E8C-CBBC6A7A24DB}
    SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
    .

    ((((((((((((((((((((((((( Files Created from 2010-11-23 to 2010-12-23 )))))))))))))))))))))))))))))))
    .

    2010-12-23 05:00 . 2010-12-23 05:00 -------- d-----w- c:\users\Default\AppData\Local\temp
    2010-12-23 05:00 . 2010-12-23 05:00 -------- d-----w- c:\users\Administrator\AppData\Local\temp
    2010-12-23 04:21 . 2010-12-23 05:00 -------- d-----w- c:\users\rdeluca\AppData\Local\temp
    2010-12-22 22:41 . 2010-12-22 22:41 -------- d-----w- c:\users\rdeluca\AppData\Roaming\Malwarebytes
    2010-12-22 22:40 . 2010-12-20 23:09 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
    2010-12-22 22:40 . 2010-12-22 22:40 -------- d-----w- c:\programdata\Malwarebytes
    2010-12-22 22:40 . 2010-12-22 22:40 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
    2010-12-22 22:40 . 2010-12-20 23:08 20952 ----a-w- c:\windows\system32\drivers\mbam.sys
    2010-12-22 20:18 . 2010-12-22 20:18 -------- d-----w- C:\adfbca92fe17870c1ff1141b9ba4
    2010-12-22 20:18 . 2010-09-07 16:12 38848 ----a-w- c:\windows\avastSS.scr
    2010-12-22 20:18 . 2010-09-07 16:11 167592 ----a-w- c:\windows\system32\aswBoot.exe
    2010-12-22 20:18 . 2010-12-22 20:18 -------- d-----w- c:\programdata\Alwil Software
    2010-12-22 20:18 . 2010-12-22 20:18 -------- d-----w- c:\program files\Alwil Software
    2010-12-22 20:05 . 2010-11-10 04:33 6273872 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{0CF4AAF1-F829-4B10-9356-C2E93187AFC5}\mpengine.dll
    2010-12-21 17:14 . 2010-12-21 17:14 -------- d-----w- c:\users\rdeluca\AppData\Roaming\dvdcss
    2010-12-21 01:10 . 2010-12-21 01:12 -------- d-----w- c:\windows\rescache
    2010-12-15 02:52 . 2010-10-20 03:00 2327552 ----a-w- c:\windows\system32\win32k.sys
    2010-12-15 02:49 . 2010-10-20 04:54 34304 ----a-w- c:\windows\system32\atmlib.dll
    2010-12-15 02:49 . 2010-10-20 02:58 294400 ----a-w- c:\windows\system32\atmfd.dll
    2010-12-15 02:49 . 2010-10-16 04:36 314368 ----a-w- c:\windows\system32\webio.dll
    2010-12-15 02:49 . 2010-10-16 04:41 101760 ----a-w- c:\windows\system32\consent.exe
    2010-12-10 18:10 . 2010-12-10 18:10 -------- d-----w- c:\program files\MSXML 4.0
    2010-12-09 18:15 . 2010-12-09 18:15 539968 ----a-w- c:\programdata\Microsoft\eHome\Packages\MCESpotlight\MCESpotlight-2\SpotlightResources.dll
    2010-12-08 21:42 . 2010-12-08 21:42 -------- d-----w- c:\program files\Motorola
    2010-12-08 17:56 . 2010-12-08 17:56 -------- d-----w- c:\program files\Common Files\Motorola Shared
    2010-12-08 17:54 . 2010-12-09 02:11 -------- d-----w- C:\android
    2010-12-06 06:00 . 2010-12-06 06:00 -------- d-----w- c:\programdata\vsosdk
    2010-12-06 04:11 . 2010-12-06 04:11 -------- d-----w- c:\users\rdeluca\AppData\Roaming\ImgBurn
    2010-12-06 03:48 . 2010-12-06 03:48 47360 ----a-w- c:\windows\system32\drivers\pcouffin.sys
    2010-12-06 03:48 . 2010-12-06 03:48 47360 ----a-w- c:\users\rdeluca\AppData\Roaming\pcouffin.sys
    2010-12-06 03:48 . 2010-12-21 18:19 -------- d-----w- c:\users\rdeluca\AppData\Roaming\Vso
    2010-12-06 03:48 . 2007-03-19 01:37 65602 ----a-w- c:\windows\system32\cook3260.dll
    2010-12-06 03:48 . 2006-09-29 17:26 176165 ----a-w- c:\windows\system32\drv23260.dll
    2010-12-06 03:48 . 2006-09-29 17:25 208935 ----a-w- c:\windows\system32\drv33260.dll
    2010-12-06 03:48 . 2006-09-29 17:24 217127 ----a-w- c:\windows\system32\drv43260.dll
    2010-12-06 03:48 . 2002-12-10 07:20 102439 ----a-w- c:\windows\system32\sipr3260.dll
    2010-12-06 03:48 . 2006-05-20 21:16 1184984 ----a-w- c:\windows\system32\wvc1dmod.dll
    2010-12-06 03:48 . 2006-05-12 00:21 626688 ----a-w- c:\windows\system32\vp7vfw.dll
    2010-12-06 03:48 . 2010-12-06 03:48 -------- d-----w- c:\program files\VSO
    2010-12-06 03:47 . 2010-12-06 03:47 -------- d-----w- c:\users\rdeluca\AppData\Roaming\DAEMON Tools Lite
    2010-12-06 03:47 . 2010-12-06 03:47 -------- d-----w- c:\programdata\DAEMON Tools Lite
    2010-12-01 03:03 . 2010-12-01 03:03 -------- d-----w- c:\program files\Recuva
    2010-11-25 01:05 . 2010-11-25 01:05 737072 ----a-w- c:\programdata\Microsoft\eHome\Packages\SportsV2\SportsTemplateCore\Microsoft.MediaCenter.Sports.UI.dll
    2010-11-25 01:04 . 2010-11-25 01:04 4277016 ----a-w- c:\programdata\Microsoft\eHome\Packages\MCEClientUX\UpdateableMarkup\markup.dll
    2010-11-25 01:04 . 2010-11-25 01:04 42776 ----a-w- c:\programdata\Microsoft\eHome\Packages\MCEClientUX\dSM\StartResources.dll
    2010-11-25 01:04 . 2010-11-25 01:04 588096 ----a-w- c:\programdata\Microsoft\eHome\Packages\MCESpotlight\MCESpotlight\SpotlightResources.dll
    2010-11-24 04:35 . 2010-10-28 17:23 2217088 ----a-w- c:\windows\system32\BootMan.exe
    2010-11-24 04:35 . 2010-07-15 13:44 14848 ----a-w- c:\windows\system32\EuEpmGdi.dll
    2010-11-24 04:35 . 2010-07-15 13:44 86408 ----a-w- c:\windows\system32\setupempdrv03.exe
    2010-11-24 04:35 . 2010-07-15 13:44 8456 ----a-w- c:\windows\system32\EuGdiDrv.sys
    2010-11-24 04:35 . 2010-07-15 13:44 14216 ----a-w- c:\windows\system32\epmntdrv.sys
    2010-11-24 04:35 . 2010-11-24 04:35 -------- d-----w- c:\program files\EASEUS

    .
    (((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
    .
    2010-11-10 04:33 . 2010-08-31 16:37 6273872 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\Backup\mpengine.dll
    2010-11-02 20:35 . 2010-11-02 20:35 472808 ----a-w- c:\windows\system32\deployJava1.dll
    2010-10-19 20:51 . 2010-03-06 21:35 222080 ----a-w- c:\windows\system32\MpSigStub.exe
    .

    ((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
    .
    .
    *Note* empty entries & legit default entries are not shown
    REGEDIT4

    [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "Google Update"="c:\users\rdeluca\AppData\Local\Google\Update\GoogleUpdate.exe" [2010-12-22 136176]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "NvSvc"="c:\windows\system32\nvsvc.dll" [2007-11-17 86016]
    "NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2007-11-17 8501792]
    "NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2007-11-17 81920]
    "NVHotkey"="c:\windows\system32\nvHotkey.dll" [2007-11-17 86016]
    "Apoint"="c:\program files\DellTPad\Apoint.exe" [2007-07-02 159744]
    "GrooveMonitor"="c:\program files\Microsoft Office\Office12\GrooveMonitor.exe" [2008-10-25 31072]
    "IntelliPoint"="c:\program files\Microsoft IntelliPoint\ipoint.exe" [2009-11-11 1468256]
    "NACAgentUI"="c:\program files\Cisco\Cisco NAC Agent\NACAgentUI.exe" [2010-07-09 487680]
    "MSSE"="c:\program files\Microsoft Security Essentials\msseces.exe" [2010-09-15 1094224]

    c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
    Digital Line Detect.lnk - c:\program files\Digital Line Detect\DLG.exe [2010-3-6 50688]

    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
    "ConsentPromptBehaviorAdmin"= 0 (0x0)
    "ConsentPromptBehaviorUser"= 3 (0x3)
    "EnableLUA"= 0 (0x0)
    "EnableUIADesktopToggle"= 0 (0x0)
    "PromptOnSecureDesktop"= 0 (0x0)

    [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
    "mixer"=wdmaud.drv

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MsMpSvc]
    @="Service"

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]
    @="Driver"

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AdobeCS4ServiceManager]
    2008-08-14 11:58 611712 ----a-w- c:\program files\Common Files\Adobe\CS4ServiceManager\CS4ServiceManager.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Steam]
    2010-08-30 01:58 1242448 ----a-w- c:\program files\Steam\steam.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\VirtualCloneDrive]
    2009-06-17 11:44 85160 ----a-w- c:\program files\Elaborate Bytes\VirtualCloneDrive\VCDDaemon.exe

    R3 DBGUBZD;DBGUBZD;c:\users\rdeluca\AppData\Local\Temp\DBGUBZD.exe [x]
    R3 dc3d;MS Hardware Device Detection Driver (HID);c:\windows\system32\DRIVERS\dc3d.sys [2009-11-10 22384]
    R3 DXP;DXP;c:\users\rdeluca\AppData\Local\Temp\DXP.exe [x]
    R3 epmntdrv;epmntdrv;c:\windows\system32\epmntdrv.sys [2010-07-15 14216]
    R3 EuGdiDrv;EuGdiDrv;c:\windows\system32\EuGdiDrv.sys [2010-07-15 8456]
    R3 KCFEZTAMNFZO;KCFEZTAMNFZO;c:\users\rdeluca\AppData\Local\Temp\KCFEZTAMNFZO.exe [x]
    R3 MotDev;Motorola Inc. USB Device;c:\windows\system32\DRIVERS\motodrv.sys [2009-05-08 42752]
    R3 SrvHsfHDA;SrvHsfHDA;c:\windows\system32\DRIVERS\VSTAZL3.SYS [2009-07-13 207360]
    R3 SrvHsfV92;SrvHsfV92;c:\windows\system32\DRIVERS\VSTDPV3.SYS [2009-07-13 980992]
    R3 SrvHsfWinac;SrvHsfWinac;c:\windows\system32\DRIVERS\VSTCNXT3.SYS [2009-07-13 661504]
    R3 wacmoumonitor;Wacom Mode Helper;c:\windows\system32\DRIVERS\wacmoumonitor.sys [2010-05-19 16240]
    R3 WAGNZRHIZYK;WAGNZRHIZYK;c:\users\rdeluca\AppData\Local\Temp\WAGNZRHIZYK.exe [x]
    R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe [2010-03-09 1343400]
    S0 sptd;sptd;c:\windows\System32\Drivers\sptd.sys [2010-03-07 691696]
    S2 NACAgent;Cisco NAC Agent;c:\program files\Cisco\Cisco NAC Agent\NACAgent.exe [2010-07-09 1053440]
    S2 NPF;NetGroup Packet Filter Driver;c:\windows\system32\drivers\npf.sys [2009-10-20 50704]
    S2 TabletServicePen;TabletServicePen;c:\program files\Tablet\Pen\Pen_Tablet.exe [2010-07-13 6076272]
    S2 TouchServicePen;Wacom Consumer Touch Service;c:\program files\Tablet\Pen\Pen_TouchService.exe [2010-07-13 616816]
    S3 MpNWMon;Microsoft Malware Protection Network Driver;c:\windows\system32\DRIVERS\MpNWMon.sys [2010-03-26 42368]
    S3 netw5v32;Intel(R) Wireless WiFi Link 5000 Series Adapter Driver for Windows Vista 32 Bit;c:\windows\system32\DRIVERS\netw5v32.sys [2009-05-29 4233728]

    .
    Contents of the 'Scheduled Tasks' folder

    2010-12-22 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1441931260-54369168-2957783495-1001Core.job
    - c:\users\rdeluca\AppData\Local\Google\Update\GoogleUpdate.exe [2010-12-22 20:15]

    2010-12-23 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1441931260-54369168-2957783495-1001UA.job
    - c:\users\rdeluca\AppData\Local\Google\Update\GoogleUpdate.exe [2010-12-22 20:15]
    .
    .
    ------- Supplementary Scan -------
    .
    uStart Page = hxxp://mail.lhup.edu/
    uInternet Settings,ProxyOverride = *.local
    IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~4\Office12\EXCEL.EXE/3000
    .

    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\MySQL]
    "ImagePath"="\"c:\program files\MySQL\MySQL Server 5.1\bin\mysqld\" --defaults-file=\"c:\program files\MySQL\MySQL Server 5.1\my.ini\" MySQL"
    .
    --------------------- LOCKED REGISTRY KEYS ---------------------

    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
    @Denied: (A) (Users)
    @Denied: (A) (Everyone)
    @Allowed: (B 1 2 3 4 5) (S-1-5-20)
    "BlindDial"=dword:00000000

    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
    @Denied: (Full) (Everyone)
    .
    Completion time: 2010-12-23 00:02:04
    ComboFix-quarantined-files.txt 2010-12-23 05:02
    ComboFix2.txt 2010-12-23 04:21

    Pre-Run: 3,719,507,968 bytes free
    Post-Run: 3,673,636,864 bytes free

    - - End Of File - - 16297ED8774C09D61F1E85EF6CB9C50A
  8. buggedBoy

    buggedBoy Newcomer, in training Topic Starter

    So am I clean then?
  9. Broni

    Broni Malware Annihilator Posts: 46,416   +252

    I didn't get any email notification about your reply.
    Hold on for a sec...
  10. Broni

    Broni Malware Annihilator Posts: 46,416   +252

    1. Please open Notepad
    • Click Start , then Run
    • Type notepad .exe in the Run Box.

    2. Now copy/paste the entire content of the codebox below into the Notepad window:

    Code:
    File::
    c:\windows\avastSS.scr
    c:\windows\system32\aswBoot.exe
    
    
    Folder::
    c:\programdata\Alwil Software
    c:\program files\Alwil Software
    
    
    Driver::
    DBGUBZD
    DXP
    KCFEZTAMNFZO
    WAGNZRHIZYK
    
    

    3. Save the above as CFScript.txt

    4. Close/disable all anti virus and anti malware programs again, so they do not interfere with the running of ComboFix.

    5. Then drag the CFScript.txt into ComboFix.exe as depicted in the animation below. This will start ComboFix again.

    [​IMG]


    6. After reboot, (in case it asks to reboot), please post the following reports/logs into your next reply:
    • Combofix.txt
  11. buggedBoy

    buggedBoy Newcomer, in training Topic Starter

    ComboFix 10-12-23.02 - rdeluca 12/23/2010 18:31:08.3.2 - x86
    Microsoft Windows 7 Professional 6.1.7600.0.1252.1.1033.18.2046.1225 [GMT -5:00]
    Running from: c:\users\rdeluca\Desktop\ComboFix.exe
    Command switches used :: c:\users\rdeluca\Desktop\CFScript.txt
    AV: Microsoft Security Essentials *Disabled/Updated* {BF5CEBDC-F2D3-7540-343C-F0CE11FD6E66}
    SP: Microsoft Security Essentials *Disabled/Updated* {043D0A38-D4E9-7ACE-0E8C-CBBC6A7A24DB}
    SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

    FILE ::
    "c:\windows\avastSS.scr"
    "c:\windows\system32\aswBoot.exe"
    .

    ((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
    .

    c:\program files\Alwil Software
    c:\program files\Alwil Software\Avast5\1033\aswClnTg.htm
    c:\program files\Alwil Software\Avast5\1033\aswClnTg.txt
    c:\program files\Alwil Software\Avast5\1033\aswInfTg.htm
    c:\program files\Alwil Software\Avast5\1033\aswInfTg.txt
    c:\program files\Alwil Software\Avast5\1033\Avast5_1033.chm
    c:\program files\Alwil Software\Avast5\1033\Base.dll
    c:\program files\Alwil Software\Avast5\1033\Boot.dll
    c:\program files\Alwil Software\Avast5\1033\uiLangRes.dll
    c:\program files\Alwil Software\Avast5\Aavm4h.dll
    c:\program files\Alwil Software\Avast5\AavmRpch.dll
    c:\program files\Alwil Software\Avast5\AhResBhv.dll
    c:\program files\Alwil Software\Avast5\AhResMai.dll
    c:\program files\Alwil Software\Avast5\ahResMes.dll
    c:\program files\Alwil Software\Avast5\AhResNS.dll
    c:\program files\Alwil Software\Avast5\ahResP2P.dll
    c:\program files\Alwil Software\Avast5\AhResStd.dll
    c:\program files\Alwil Software\Avast5\AhResWS.dll
    c:\program files\Alwil Software\Avast5\ashBase.dll
    c:\program files\Alwil Software\Avast5\ashMaiSv.dll
    c:\program files\Alwil Software\Avast5\ashOutXt.dll
    c:\program files\Alwil Software\Avast5\ashQuick.exe
    c:\program files\Alwil Software\Avast5\ashServ.dll
    c:\program files\Alwil Software\Avast5\ashShell.dll
    c:\program files\Alwil Software\Avast5\ashTask.dll
    c:\program files\Alwil Software\Avast5\ashTaskEx.dll
    c:\program files\Alwil Software\Avast5\ashUpd.exe
    c:\program files\Alwil Software\Avast5\ashWebSv.dll
    c:\program files\Alwil Software\Avast5\ashWsFtr.dll
    c:\program files\Alwil Software\Avast5\aswAux.dll
    c:\program files\Alwil Software\Avast5\aswChLic.exe
    c:\program files\Alwil Software\Avast5\aswCmnBS.dll
    c:\program files\Alwil Software\Avast5\aswCmnIS.dll
    c:\program files\Alwil Software\Avast5\aswCmnOS.dll
    c:\program files\Alwil Software\Avast5\aswData.dll
    c:\program files\Alwil Software\Avast5\aswDld.dll
    c:\program files\Alwil Software\Avast5\aswEngLdr.dll
    c:\program files\Alwil Software\Avast5\aswIdle.dll
    c:\program files\Alwil Software\Avast5\aswLog.dll
    c:\program files\Alwil Software\Avast5\aswMonDS.sys
    c:\program files\Alwil Software\Avast5\aswMonVD.dll
    c:\program files\Alwil Software\Avast5\aswProperty.dll
    c:\program files\Alwil Software\Avast5\aswRegSvr.exe
    c:\program files\Alwil Software\Avast5\aswRegSvr64.exe
    c:\program files\Alwil Software\Avast5\aswRunDll.exe
    c:\program files\Alwil Software\Avast5\aswSqLt.dll
    c:\program files\Alwil Software\Avast5\aswUtil.dll
    c:\program files\Alwil Software\Avast5\avastSS.dll
    c:\program files\Alwil Software\Avast5\AvastSvc.exe
    c:\program files\Alwil Software\Avast5\AvastUI.exe
    c:\program files\Alwil Software\Avast5\AvSSHook.dll
    c:\program files\Alwil Software\Avast5\CommonRes.dll
    c:\program files\Alwil Software\Avast5\flash\amcharts_key.txt
    c:\program files\Alwil Software\Avast5\flash\amline.swf
    c:\program files\Alwil Software\Avast5\flash\ammap\ammap.swf
    c:\program files\Alwil Software\Avast5\flash\ammap\ammap_key.txt
    c:\program files\Alwil Software\Avast5\flash\ammap\ammap_settings_summary.xml
    c:\program files\Alwil Software\Avast5\flash\ammap\ammap_settings_tracert.xml
    c:\program files\Alwil Software\Avast5\flash\ammap\empty_map.xml
    c:\program files\Alwil Software\Avast5\flash\ammap\icons\arrow.swf
    c:\program files\Alwil Software\Avast5\flash\ammap\icons\bubble.swf
    c:\program files\Alwil Software\Avast5\flash\ammap\icons\cross.swf
    c:\program files\Alwil Software\Avast5\flash\ammap\icons\flag.swf
    c:\program files\Alwil Software\Avast5\flash\ammap\icons\pin.swf
    c:\program files\Alwil Software\Avast5\flash\ammap\icons\zoom_out.swf
    c:\program files\Alwil Software\Avast5\flash\ammap\maps\world.swf
    c:\program files\Alwil Software\Avast5\sched.exe
    c:\program files\Alwil Software\Avast5\Setup\ais_core-21d.vpx
    c:\program files\Alwil Software\Avast5\Setup\ais_dll_eng-21f.vpx
    c:\program files\Alwil Software\Avast5\Setup\ais_res-15f.vpx
    c:\program files\Alwil Software\Avast5\Setup\avast.setup
    c:\program files\Alwil Software\Avast5\Setup\INF\Aavmker4.sys
    c:\program files\Alwil Software\Avast5\Setup\INF\aswFsBlk.sys
    c:\program files\Alwil Software\Avast5\Setup\INF\aswMon.sys
    c:\program files\Alwil Software\Avast5\Setup\INF\aswMon2.sys
    c:\program files\Alwil Software\Avast5\Setup\INF\aswMonFlt.sys
    c:\program files\Alwil Software\Avast5\Setup\INF\AswRdr.sys
    c:\program files\Alwil Software\Avast5\Setup\INF\aswSP.sys
    c:\program files\Alwil Software\Avast5\Setup\INF\AswTdi.sys
    c:\program files\Alwil Software\Avast5\Setup\jrog-a7.vpx
    c:\program files\Alwil Software\Avast5\Setup\jrog2-bc.vpx
    c:\program files\Alwil Software\Avast5\Setup\part-jrog-a7.vpx
    c:\program files\Alwil Software\Avast5\Setup\part-jrog2-bc.vpx
    c:\program files\Alwil Software\Avast5\Setup\part-prg_ais-2a5.vpx
    c:\program files\Alwil Software\Avast5\Setup\part-setup_ais-2a5.vpx
    c:\program files\Alwil Software\Avast5\Setup\part-vps_win32-10120300.vpx
    c:\program files\Alwil Software\Avast5\Setup\prod-ais.vpx
    c:\program files\Alwil Software\Avast5\Setup\servers.def
    c:\program files\Alwil Software\Avast5\Setup\servers.def.vpx
    c:\program files\Alwil Software\Avast5\Setup\setif_ais-2a5.vpx
    c:\program files\Alwil Software\Avast5\Setup\setiface.dll
    c:\program files\Alwil Software\Avast5\Setup\setiface.ovr
    c:\program files\Alwil Software\Avast5\Setup\setup.ini
    c:\program files\Alwil Software\Avast5\Setup\setup.ovr
    c:\program files\Alwil Software\Avast5\Setup\setup_ais-2a5.vpx
    c:\program files\Alwil Software\Avast5\Setup\vps_32-362.vpx
    c:\program files\Alwil Software\Avast5\Setup\vps_win32-376.vpx
    c:\program files\Alwil Software\Avast5\Setup\winsys-3.vpx
    c:\program files\Alwil Software\Avast5\vcredist_x86_sp1.exe
    c:\program files\Alwil Software\Avast5\VisthAux.exe
    c:\programdata\Alwil Software
    c:\programdata\Alwil Software\Avast5\avast5.ini
    c:\programdata\Alwil Software\Avast5\HtmlData\Blocked.htm
    c:\programdata\Alwil Software\Avast5\HtmlData\image001.png
    c:\programdata\Alwil Software\Avast5\sounds\1033\pup_detected.wav
    c:\programdata\Alwil Software\Avast5\sounds\1033\scan_completed.wav
    c:\programdata\Alwil Software\Avast5\sounds\1033\suspicious_detected.wav
    c:\programdata\Alwil Software\Avast5\sounds\1033\threat_detected.wav
    c:\programdata\Alwil Software\Avast5\sounds\1033\virus_db_updated.wav
    c:\programdata\Alwil Software\Avast5\sounds\1033\welcome.wav
    c:\programdata\Alwil Software\Avast5\sounds\fw_question.wav
    c:\programdata\Alwil Software\Avast5\sounds\scan_completed.wav
    c:\programdata\Alwil Software\Avast5\sounds\threat_detected.wav
    c:\programdata\Alwil Software\Avast5\sounds\virus_db_updated.wav
    c:\windows\avastSS.scr
    c:\windows\system32\aswBoot.exe

    .
    ((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
    .

    -------\Service_DBGUBZD
    -------\Service_DXP
    -------\Service_KCFEZTAMNFZO
    -------\Service_WAGNZRHIZYK


    ((((((((((((((((((((((((( Files Created from 2010-11-24 to 2010-12-24 )))))))))))))))))))))))))))))))
    .

    2010-12-23 23:38 . 2010-12-24 00:24 -------- d-----w- c:\users\rdeluca\AppData\Local\temp
    2010-12-23 23:38 . 2010-12-23 23:38 -------- d-----w- c:\users\Default\AppData\Local\temp
    2010-12-23 23:38 . 2010-12-23 23:38 -------- d-----w- c:\users\Administrator\AppData\Local\temp
    2010-12-23 23:15 . 2010-11-10 04:33 6273872 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{A67EC15F-F53A-4A70-B3E0-CD11C9079571}\mpengine.dll
    2010-12-22 22:41 . 2010-12-22 22:41 -------- d-----w- c:\users\rdeluca\AppData\Roaming\Malwarebytes
    2010-12-22 22:40 . 2010-12-20 23:09 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
    2010-12-22 22:40 . 2010-12-22 22:40 -------- d-----w- c:\programdata\Malwarebytes
    2010-12-22 22:40 . 2010-12-22 22:40 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
    2010-12-22 22:40 . 2010-12-20 23:08 20952 ----a-w- c:\windows\system32\drivers\mbam.sys
    2010-12-22 20:18 . 2010-12-22 20:18 -------- d-----w- C:\adfbca92fe17870c1ff1141b9ba4
    2010-12-21 17:14 . 2010-12-21 17:14 -------- d-----w- c:\users\rdeluca\AppData\Roaming\dvdcss
    2010-12-21 01:10 . 2010-12-21 01:12 -------- d-----w- c:\windows\rescache
    2010-12-15 02:52 . 2010-10-20 03:00 2327552 ----a-w- c:\windows\system32\win32k.sys
    2010-12-15 02:49 . 2010-10-20 04:54 34304 ----a-w- c:\windows\system32\atmlib.dll
    2010-12-15 02:49 . 2010-10-20 02:58 294400 ----a-w- c:\windows\system32\atmfd.dll
    2010-12-15 02:49 . 2010-10-16 04:36 314368 ----a-w- c:\windows\system32\webio.dll
    2010-12-15 02:49 . 2010-10-16 04:41 101760 ----a-w- c:\windows\system32\consent.exe
    2010-12-10 18:10 . 2010-12-10 18:10 -------- d-----w- c:\program files\MSXML 4.0
    2010-12-09 18:15 . 2010-12-09 18:15 539968 ----a-w- c:\programdata\Microsoft\eHome\Packages\MCESpotlight\MCESpotlight-2\SpotlightResources.dll
    2010-12-08 21:42 . 2010-12-08 21:42 -------- d-----w- c:\program files\Motorola
    2010-12-08 17:56 . 2010-12-08 17:56 -------- d-----w- c:\program files\Common Files\Motorola Shared
    2010-12-08 17:54 . 2010-12-09 02:11 -------- d-----w- C:\android
    2010-12-06 06:00 . 2010-12-06 06:00 -------- d-----w- c:\programdata\vsosdk
    2010-12-06 04:11 . 2010-12-06 04:11 -------- d-----w- c:\users\rdeluca\AppData\Roaming\ImgBurn
    2010-12-06 03:48 . 2010-12-06 03:48 47360 ----a-w- c:\windows\system32\drivers\pcouffin.sys
    2010-12-06 03:48 . 2010-12-06 03:48 47360 ----a-w- c:\users\rdeluca\AppData\Roaming\pcouffin.sys
    2010-12-06 03:48 . 2010-12-21 18:19 -------- d-----w- c:\users\rdeluca\AppData\Roaming\Vso
    2010-12-06 03:48 . 2007-03-19 01:37 65602 ----a-w- c:\windows\system32\cook3260.dll
    2010-12-06 03:48 . 2006-09-29 17:26 176165 ----a-w- c:\windows\system32\drv23260.dll
    2010-12-06 03:48 . 2006-09-29 17:25 208935 ----a-w- c:\windows\system32\drv33260.dll
    2010-12-06 03:48 . 2006-09-29 17:24 217127 ----a-w- c:\windows\system32\drv43260.dll
    2010-12-06 03:48 . 2002-12-10 07:20 102439 ----a-w- c:\windows\system32\sipr3260.dll
    2010-12-06 03:48 . 2006-05-20 21:16 1184984 ----a-w- c:\windows\system32\wvc1dmod.dll
    2010-12-06 03:48 . 2006-05-12 00:21 626688 ----a-w- c:\windows\system32\vp7vfw.dll
    2010-12-06 03:48 . 2010-12-06 03:48 -------- d-----w- c:\program files\VSO
    2010-12-06 03:47 . 2010-12-06 03:47 -------- d-----w- c:\users\rdeluca\AppData\Roaming\DAEMON Tools Lite
    2010-12-06 03:47 . 2010-12-06 03:47 -------- d-----w- c:\programdata\DAEMON Tools Lite
    2010-12-01 03:03 . 2010-12-01 03:03 -------- d-----w- c:\program files\Recuva
    2010-11-25 01:05 . 2010-11-25 01:05 737072 ----a-w- c:\programdata\Microsoft\eHome\Packages\SportsV2\SportsTemplateCore\Microsoft.MediaCenter.Sports.UI.dll
    2010-11-25 01:04 . 2010-11-25 01:04 4277016 ----a-w- c:\programdata\Microsoft\eHome\Packages\MCEClientUX\UpdateableMarkup\markup.dll
    2010-11-25 01:04 . 2010-11-25 01:04 42776 ----a-w- c:\programdata\Microsoft\eHome\Packages\MCEClientUX\dSM\StartResources.dll
    2010-11-25 01:04 . 2010-11-25 01:04 588096 ----a-w- c:\programdata\Microsoft\eHome\Packages\MCESpotlight\MCESpotlight\SpotlightResources.dll
    2010-11-24 04:35 . 2010-10-28 17:23 2217088 ----a-w- c:\windows\system32\BootMan.exe
    2010-11-24 04:35 . 2010-07-15 13:44 14848 ----a-w- c:\windows\system32\EuEpmGdi.dll
    2010-11-24 04:35 . 2010-07-15 13:44 86408 ----a-w- c:\windows\system32\setupempdrv03.exe
    2010-11-24 04:35 . 2010-07-15 13:44 8456 ----a-w- c:\windows\system32\EuGdiDrv.sys
    2010-11-24 04:35 . 2010-07-15 13:44 14216 ----a-w- c:\windows\system32\epmntdrv.sys
    2010-11-24 04:35 . 2010-11-24 04:35 -------- d-----w- c:\program files\EASEUS

    .
    (((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
    .
    2010-11-10 04:33 . 2010-08-31 16:37 6273872 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\Backup\mpengine.dll
    2010-11-02 20:35 . 2010-11-02 20:35 472808 ----a-w- c:\windows\system32\deployJava1.dll
    2010-10-19 20:51 . 2010-03-06 21:35 222080 ------w- c:\windows\system32\MpSigStub.exe
    .

    ((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
    .
    .
    *Note* empty entries & legit default entries are not shown
    REGEDIT4

    [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "Google Update"="c:\users\rdeluca\AppData\Local\Google\Update\GoogleUpdate.exe" [2010-12-22 136176]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "NvSvc"="c:\windows\system32\nvsvc.dll" [2007-11-17 86016]
    "NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2007-11-17 8501792]
    "NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2007-11-17 81920]
    "NVHotkey"="c:\windows\system32\nvHotkey.dll" [2007-11-17 86016]
    "Apoint"="c:\program files\DellTPad\Apoint.exe" [2007-07-02 159744]
    "GrooveMonitor"="c:\program files\Microsoft Office\Office12\GrooveMonitor.exe" [2008-10-25 31072]
    "IntelliPoint"="c:\program files\Microsoft IntelliPoint\ipoint.exe" [2009-11-11 1468256]
    "NACAgentUI"="c:\program files\Cisco\Cisco NAC Agent\NACAgentUI.exe" [2010-07-09 487680]
    "MSSE"="c:\program files\Microsoft Security Essentials\msseces.exe" [2010-09-15 1094224]

    c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
    Digital Line Detect.lnk - c:\program files\Digital Line Detect\DLG.exe [2010-3-6 50688]

    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
    "ConsentPromptBehaviorAdmin"= 0 (0x0)
    "ConsentPromptBehaviorUser"= 3 (0x3)
    "EnableLUA"= 0 (0x0)
    "EnableUIADesktopToggle"= 0 (0x0)
    "PromptOnSecureDesktop"= 0 (0x0)

    [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
    "mixer"=wdmaud.drv

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MsMpSvc]
    @="Service"

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]
    @="Driver"

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AdobeCS4ServiceManager]
    2008-08-14 11:58 611712 ----a-w- c:\program files\Common Files\Adobe\CS4ServiceManager\CS4ServiceManager.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Steam]
    2010-08-30 01:58 1242448 ----a-w- c:\program files\Steam\steam.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\VirtualCloneDrive]
    2009-06-17 11:44 85160 ----a-w- c:\program files\Elaborate Bytes\VirtualCloneDrive\VCDDaemon.exe

    R3 dc3d;MS Hardware Device Detection Driver (HID);c:\windows\system32\DRIVERS\dc3d.sys [2009-11-10 22384]
    R3 epmntdrv;epmntdrv;c:\windows\system32\epmntdrv.sys [2010-07-15 14216]
    R3 EuGdiDrv;EuGdiDrv;c:\windows\system32\EuGdiDrv.sys [2010-07-15 8456]
    R3 MotDev;Motorola Inc. USB Device;c:\windows\system32\DRIVERS\motodrv.sys [2009-05-08 42752]
    R3 MpNWMon;Microsoft Malware Protection Network Driver;c:\windows\system32\DRIVERS\MpNWMon.sys [2010-03-26 42368]
    R3 SrvHsfHDA;SrvHsfHDA;c:\windows\system32\DRIVERS\VSTAZL3.SYS [2009-07-13 207360]
    R3 SrvHsfV92;SrvHsfV92;c:\windows\system32\DRIVERS\VSTDPV3.SYS [2009-07-13 980992]
    R3 SrvHsfWinac;SrvHsfWinac;c:\windows\system32\DRIVERS\VSTCNXT3.SYS [2009-07-13 661504]
    R3 wacmoumonitor;Wacom Mode Helper;c:\windows\system32\DRIVERS\wacmoumonitor.sys [2010-05-19 16240]
    R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe [2010-03-09 1343400]
    S0 sptd;sptd;c:\windows\System32\Drivers\sptd.sys [2010-03-07 691696]
    S2 NACAgent;Cisco NAC Agent;c:\program files\Cisco\Cisco NAC Agent\NACAgent.exe [2010-07-09 1053440]
    S2 NPF;NetGroup Packet Filter Driver;c:\windows\system32\drivers\npf.sys [2009-10-20 50704]
    S2 TabletServicePen;TabletServicePen;c:\program files\Tablet\Pen\Pen_Tablet.exe [2010-07-13 6076272]
    S2 TouchServicePen;Wacom Consumer Touch Service;c:\program files\Tablet\Pen\Pen_TouchService.exe [2010-07-13 616816]
    S3 netw5v32;Intel(R) Wireless WiFi Link 5000 Series Adapter Driver for Windows Vista 32 Bit;c:\windows\system32\DRIVERS\netw5v32.sys [2009-05-29 4233728]

    .
    Contents of the 'Scheduled Tasks' folder

    2010-12-22 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1441931260-54369168-2957783495-1001Core.job
    - c:\users\rdeluca\AppData\Local\Google\Update\GoogleUpdate.exe [2010-12-22 20:15]

    2010-12-24 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1441931260-54369168-2957783495-1001UA.job
    - c:\users\rdeluca\AppData\Local\Google\Update\GoogleUpdate.exe [2010-12-22 20:15]
    .
    .
    ------- Supplementary Scan -------
    .
    uStart Page = hxxp://mail.lhup.edu/
    uInternet Settings,ProxyOverride = *.local
    IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~4\Office12\EXCEL.EXE/3000
    .

    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\MySQL]
    "ImagePath"="\"c:\program files\MySQL\MySQL Server 5.1\bin\mysqld\" --defaults-file=\"c:\program files\MySQL\MySQL Server 5.1\my.ini\" MySQL"
    .
    --------------------- LOCKED REGISTRY KEYS ---------------------

    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
    @Denied: (A) (Users)
    @Denied: (A) (Everyone)
    @Allowed: (B 1 2 3 4 5) (S-1-5-20)
    "BlindDial"=dword:00000000

    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
    @Denied: (Full) (Everyone)
    .
    --------------------- DLLs Loaded Under Running Processes ---------------------

    - - - - - - - > 'Explorer.exe'(1476)
    c:\program files\WinSCP\DragExt.dll
    .
    ------------------------ Other Running Processes ------------------------
    .
    c:\program files\Microsoft Security Essentials\MsMpEng.exe
    c:\windows\SYSTEM32\WISPTIS.EXE
    c:\windows\system32\WUDFHost.exe
    c:\windows\system32\WLANExt.exe
    c:\windows\system32\conhost.exe
    c:\program files\Intel\WiFi\bin\EvtEng.exe
    c:\program files\MySQL\MySQL Server 5.1\bin\mysqld.exe
    c:\program files\Common Files\Intel\WirelessCommon\RegSrvc.exe
    c:\windows\system32\STacSV.exe
    c:\windows\system32\DRIVERS\xaudio.exe
    c:\program files\Windows Media Player\wmpnetwk.exe
    c:\windows\SYSTEM32\WISPTIS.EXE
    c:\program files\Tablet\Pen\Pen_TouchUser.exe
    c:\windows\system32\taskhost.exe
    c:\windows\system32\conhost.exe
    c:\program files\Tablet\Pen\Pen_TabletUser.exe
    c:\windows\System32\rundll32.exe
    c:\windows\System32\rundll32.exe
    c:\windows\System32\rundll32.exe
    c:\program files\DellTPad\ApMsgFwd.exe
    c:\program files\DellTPad\HidFind.exe
    c:\program files\DellTPad\Apntex.exe
    c:\windows\system32\conhost.exe
    .
    **************************************************************************
    .
    Completion time: 2010-12-23 19:27:38 - machine was rebooted
    ComboFix-quarantined-files.txt 2010-12-24 00:27
    ComboFix2.txt 2010-12-23 05:02
    ComboFix3.txt 2010-12-23 04:21

    Pre-Run: 3,519,475,712 bytes free
    Post-Run: 3,345,727,488 bytes free

    - - End Of File - - A8DFC897398F1DC674DDAD0A46AF91A6
     
  12. Broni

    Broni Malware Annihilator Posts: 46,416   +252

    Good job :)

    How is computer doing?

    Download OTL to your Desktop.

    • Double click on the icon to run it. Make sure all other windows are closed and to let it run uninterrupted.
    • Under the Custom Scan box paste this in:


    netsvcs
    drivers32
    %SYSTEMDRIVE%\*.*
    %systemroot%\Fonts\*.com
    %systemroot%\Fonts\*.dll
    %systemroot%\Fonts\*.ini
    %systemroot%\Fonts\*.ini2
    %systemroot%\Fonts\*.exe
    %systemroot%\system32\spool\prtprocs\w32x86\*.*
    %systemroot%\REPAIR\*.bak1
    %systemroot%\REPAIR\*.ini
    %systemroot%\system32\*.jpg
    %systemroot%\*.jpg
    %systemroot%\*.png
    %systemroot%\*.scr
    %systemroot%\*._sy
    %APPDATA%\Adobe\Update\*.*
    %ALLUSERSPROFILE%\Favorites\*.*
    %APPDATA%\Microsoft\*.*
    %PROGRAMFILES%\*.*
    %APPDATA%\Update\*.*
    %systemroot%\*. /mp /s
    CREATERESTOREPOINT
    %systemroot%\System32\config\*.sav
    %PROGRAMFILES%\bak. /s
    %systemroot%\system32\bak. /s
    %ALLUSERSPROFILE%\Start Menu\*.lnk /x
    %systemroot%\system32\config\systemprofile\*.dat /x
    %systemroot%\*.config
    %systemroot%\system32\*.db
    %APPDATA%\Microsoft\Internet Explorer\Quick Launch\*.lnk /x
    %USERPROFILE%\Desktop\*.exe
    %PROGRAMFILES%\Common Files\*.*
    %systemroot%\*.src
    %systemroot%\install\*.*
    %systemroot%\system32\DLL\*.*
    %systemroot%\system32\HelpFiles\*.*
    %systemroot%\system32\rundll\*.*
    %systemroot%\winn32\*.*
    %systemroot%\Java\*.*
    %systemroot%\system32\test\*.*
    %systemroot%\system32\Rundll32\*.*
    %systemroot%\AppPatch\Custom\*.*
    %APPDATA%\Roaming\Microsoft\Windows\Recent\*.lnk /x
    %PROGRAMFILES%\PC-Doctor\Downloads\*.*
    %PROGRAMFILES%\Internet Explorer\*.tmp
    %PROGRAMFILES%\Internet Explorer\*.dat
    %USERPROFILE%\My Documents\*.exe
    %USERPROFILE%\*.exe
    %systemroot%\ADDINS\*.*
    %systemroot%\assembly\*.bak2
    %systemroot%\Config\*.*
    %systemroot%\REPAIR\*.bak2
    %systemroot%\SECURITY\Database\*.sdb /x
    %systemroot%\SYSTEM\*.bak2
    %systemroot%\Web\*.bak2
    %systemroot%\Driver Cache\*.*
    %PROGRAMFILES%\Mozilla Firefox\0*.exe
    %ProgramFiles%\Microsoft Common\*.*
    %ProgramFiles%\TinyProxy.
    %USERPROFILE%\Favorites\*.url /x
    %systemroot%\system32\*.bk
    %systemroot%\*.te
    %systemroot%\system32\system32\*.*
    %ALLUSERSPROFILE%\*.dat /x
    %systemroot%\system32\drivers\*.rmv
    dir /b "%systemroot%\system32\*.exe" | find /i " " /c
    dir /b "%systemroot%\*.exe" | find /i " " /c
    %PROGRAMFILES%\Microsoft\*.*
    %systemroot%\System32\Wbem\proquota.exe
    %PROGRAMFILES%\Mozilla Firefox\*.dat
    %USERPROFILE%\Cookies\*.txt /x
    %SystemRoot%\system32\fonts\*.*
    %systemroot%\system32\winlog\*.*
    %systemroot%\system32\Language\*.*
    %systemroot%\system32\Settings\*.*
    %systemroot%\system32\*.quo
    %SYSTEMROOT%\AppPatch\*.exe
    %SYSTEMROOT%\inf\*.exe
    %SYSTEMROOT%\Installer\*.exe
    %systemroot%\system32\config\*.bak2
    %systemroot%\system32\Computers\*.*
    %SystemRoot%\system32\Sound\*.*
    %SystemRoot%\system32\SpecialImg\*.*
    %SystemRoot%\system32\code\*.*
    %SystemRoot%\system32\draft\*.*
    %SystemRoot%\system32\MSSSys\*.*
    %ProgramFiles%\Javascript\*.*
    %systemroot%\pchealth\helpctr\System\*.exe /s
    %systemroot%\Web\*.exe
    %systemroot%\system32\msn\*.*
    %systemroot%\system32\*.tro
    %AppData%\Microsoft\Installer\msupdates\*.*
    %ProgramFiles%\Messenger\*.*
    %systemroot%\system32\systhem32\*.*
    %systemroot%\system\*.exe
    HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate\AU
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\Auto Update\Results\Install|LastSuccessTime /rs
    /md5start
    /md5stop


    • Click the Quick Scan button. Do not change any settings unless otherwise told to do so. The scan wont take long.
    • When the scan completes, it will open two notepad windows: OTL.txt and Extras.txt. These are saved in the same location as OTL.
    • Please copy (Edit->Select All, Edit->Copy) the contents of these files, one at a time, and post them back here.
  13. buggedBoy

    buggedBoy Newcomer, in training Topic Starter

    This thing is way too long so I'm splitting it up...


    OTL logfile created on: 12/23/2010 7:35:55 PM - Run 1
    OTL by OldTimer - Version 3.2.18.0 Folder = C:\Users\rdeluca\Desktop\OTL
    An unknown product (Version = 6.1.7600) - Type = NTWorkstation
    Internet Explorer (Version = 8.0.7600.16385)
    Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

    2.00 Gb Total Physical Memory | 1.00 Gb Available Physical Memory | 51.00% Memory free
    4.00 Gb Paging File | 3.00 Gb Available in Paging File | 70.00% Paging File free
    Paging file location(s): ?:\pagefile.sys [binary data]

    %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
    Drive C: | 72.46 Gb Total Space | 3.18 Gb Free Space | 4.38% Space Free | Partition Type: NTFS
    Drive D: | 2.00 Gb Total Space | 1.96 Gb Free Space | 98.14% Space Free | Partition Type: NTFS

    Computer Name: BLUE-PC | User Name: rdeluca | Logged in as Administrator.
    Boot Mode: Normal | Scan Mode: Current user | Quick Scan
    Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

    ========== Processes (SafeList) ==========

    PRC - [2010/12/23 19:34:58 | 000,602,624 | ---- | M] (OldTimer Tools) -- C:\Users\rdeluca\Desktop\OTL\OTL.exe
    PRC - [2010/12/08 18:28:23 | 000,991,800 | ---- | M] (Google Inc.) -- C:\Users\rdeluca\AppData\Local\Google\Chrome\Application\chrome.exe
    PRC - [2010/09/15 03:34:02 | 001,094,224 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Microsoft Security Essentials\msseces.exe
    PRC - [2010/07/13 13:26:12 | 004,302,704 | ---- | M] (Wacom Technology, Corp.) -- C:\Program Files\Tablet\Pen\Pen_TouchUser.exe
    PRC - [2010/07/13 13:26:10 | 006,076,272 | ---- | M] (Wacom Technology, Corp.) -- C:\Program Files\Tablet\Pen\Pen_Tablet.exe
    PRC - [2010/07/13 13:26:10 | 002,533,232 | ---- | M] (Wacom Technology, Corp.) -- C:\Program Files\Tablet\Pen\Pen_TabletUser.exe
    PRC - [2010/07/13 13:26:10 | 000,616,816 | ---- | M] (Wacom Technology, Corp.) -- C:\Program Files\Tablet\Pen\Pen_TouchService.exe
    PRC - [2010/07/09 13:58:10 | 000,487,680 | ---- | M] (Cisco Systems, Inc.) -- C:\Program Files\Cisco\Cisco NAC Agent\NACAgentUI.exe
    PRC - [2010/07/09 13:55:32 | 001,053,440 | ---- | M] (Cisco Systems, Inc.) -- C:\Program Files\Cisco\Cisco NAC Agent\NACAgent.exe
    PRC - [2010/03/25 20:40:44 | 000,017,904 | ---- | M] (Microsoft Corporation) -- c:\Program Files\Microsoft Security Essentials\MsMpEng.exe
    PRC - [2009/10/31 00:45:39 | 002,614,272 | ---- | M] (Microsoft Corporation) -- C:\Windows\explorer.exe
    PRC - [2009/07/13 20:14:46 | 000,334,336 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\wisptis.exe
    PRC - [2009/07/13 20:14:42 | 000,049,152 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\taskhost.exe
    PRC - [2009/07/13 20:14:15 | 000,271,360 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\conhost.exe
    PRC - [2009/05/21 14:28:38 | 000,874,768 | ---- | M] (Intel(R) Corporation) -- C:\Program Files\Intel\WiFi\bin\EvtEng.exe
    PRC - [2009/05/21 13:04:14 | 000,473,360 | ---- | M] (Intel(R) Corporation) -- C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe
    PRC - [2007/09/13 14:45:38 | 000,102,400 | ---- | M] (IDT, Inc.) -- C:\Windows\System32\stacsv.exe
    PRC - [2007/07/02 13:29:22 | 000,159,744 | ---- | M] (Alps Electric Co., Ltd.) -- C:\Program Files\DellTPad\Apoint.exe
    PRC - [2007/06/06 16:44:44 | 000,049,152 | ---- | M] (Alps Electric Co., Ltd.) -- C:\Program Files\DellTPad\ApntEx.exe
    PRC - [2007/05/22 14:18:56 | 000,050,736 | ---- | M] (Alps Electric Co., Ltd.) -- C:\Program Files\DellTPad\ApMsgFwd.exe
    PRC - [2006/11/03 18:02:14 | 000,050,688 | ---- | M] (Avanquest Software ) -- C:\Program Files\Digital Line Detect\DLG.exe
    PRC - [2006/09/08 15:10:22 | 000,040,960 | ---- | M] (Alps Electric Co., Ltd.) -- C:\Program Files\DellTPad\hidfind.exe


    ========== Modules (SafeList) ==========

    MOD - [2010/12/23 19:34:58 | 000,602,624 | ---- | M] (OldTimer Tools) -- C:\Users\rdeluca\Desktop\OTL\OTL.exe
    MOD - [2010/08/21 00:21:32 | 001,680,896 | ---- | M] (Microsoft Corporation) -- C:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7600.16661_none_420fe3fa2b8113bd\comctl32.dll
    MOD - [2009/07/13 20:16:15 | 000,099,840 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\sspicli.dll
    MOD - [2009/07/13 20:16:13 | 000,092,160 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\sechost.dll
    MOD - [2009/07/13 20:16:13 | 000,050,688 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\samcli.dll
    MOD - [2009/07/13 20:16:12 | 000,031,744 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\profapi.dll
    MOD - [2009/07/13 20:16:03 | 000,022,016 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\netutils.dll
    MOD - [2009/07/13 20:15:35 | 000,288,256 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\KernelBase.dll
    MOD - [2009/07/13 20:15:13 | 000,067,072 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\dwmapi.dll
    MOD - [2009/07/13 20:15:11 | 000,064,512 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\devobj.dll
    MOD - [2009/07/13 20:15:07 | 000,036,864 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\cryptbase.dll
    MOD - [2009/07/13 20:15:02 | 000,145,920 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\cfgmgr32.dll


    ========== Win32 Services (SafeList) ==========

    SRV - [2010/09/15 12:37:07 | 000,037,376 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\System32\themeservice.dll -- (Themes)
    SRV - [2010/09/06 13:48:38 | 000,655,624 | ---- | M] (Acresso Software Inc.) [On_Demand | Stopped] -- C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe -- (FLEXnet Licensing Service)
    SRV - [2010/07/13 13:26:10 | 006,076,272 | ---- | M] (Wacom Technology, Corp.) [Auto | Running] -- C:\Program Files\Tablet\Pen\Pen_Tablet.exe -- (TabletServicePen)
    SRV - [2010/07/13 13:26:10 | 000,616,816 | ---- | M] (Wacom Technology, Corp.) [Auto | Running] -- C:\Program Files\Tablet\Pen\Pen_TouchService.exe -- (TouchServicePen)
    SRV - [2010/07/09 13:55:32 | 001,053,440 | ---- | M] (Cisco Systems, Inc.) [Auto | Running] -- C:\Program Files\Cisco\Cisco NAC Agent\NACAgent.exe -- (NACAgent)
    SRV - [2010/03/25 20:40:44 | 000,017,904 | ---- | M] (Microsoft Corporation) [Auto | Running] -- c:\Program Files\Microsoft Security Essentials\MsMpEng.exe -- (MsMpSvc)
    SRV - [2010/03/09 14:17:20 | 001,343,400 | ---- | M] (Microsoft Corporation) [Unknown | Stopped] -- C:\Windows\System32\Wat\WatAdminSvc.exe -- (WatAdminSvc)
    SRV - [2010/03/06 17:22:53 | 000,332,720 | ---- | M] (Valve Corporation) [On_Demand | Stopped] -- C:\Program Files\Common Files\Steam\SteamService.exe -- (Steam Client Service)
    SRV - [2009/10/20 13:19:48 | 000,117,264 | ---- | M] (CACE Technologies, Inc.) [On_Demand | Stopped] -- C:\Program Files\WinPcap\rpcapd.exe -- (rpcapd) Remote Packet Capture Protocol v.0 (experimental)
    SRV - [2009/07/13 20:16:21 | 000,185,856 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\wwansvc.dll -- (WwanSvc)
    SRV - [2009/07/13 20:16:17 | 000,151,552 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\wbiosrvc.dll -- (WbioSrvc)
    SRV - [2009/07/13 20:16:17 | 000,119,808 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\System32\umpo.dll -- (Power)
    SRV - [2009/07/13 20:16:15 | 000,053,760 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\sppuinotify.dll -- (sppuinotify)
    SRV - [2009/07/13 20:16:15 | 000,016,384 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\StorSvc.dll -- (StorSvc)
    SRV - [2009/07/13 20:16:13 | 000,043,520 | ---- | M] (Microsoft Corporation) [Unknown | Running] -- C:\Windows\System32\RpcEpMap.dll -- (RpcEptMapper)
    SRV - [2009/07/13 20:16:13 | 000,025,088 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\sensrsvc.dll -- (SensrSvc)
    SRV - [2009/07/13 20:16:12 | 001,004,544 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\PeerDistSvc.dll -- (PeerDistSvc)
    SRV - [2009/07/13 20:16:12 | 000,269,824 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\pnrpsvc.dll -- (PNRPsvc)
    SRV - [2009/07/13 20:16:12 | 000,269,824 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\pnrpsvc.dll -- (p2pimsvc)
    SRV - [2009/07/13 20:16:12 | 000,165,376 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\provsvc.dll -- (HomeGroupProvider)
    SRV - [2009/07/13 20:16:12 | 000,020,480 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\pnrpauto.dll -- (PNRPAutoReg)
    SRV - [2009/07/13 20:15:41 | 000,680,960 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
    SRV - [2009/07/13 20:15:36 | 000,194,560 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\ListSvc.dll -- (HomeGroupListener)
    SRV - [2009/07/13 20:15:21 | 000,797,696 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\FntCache.dll -- (FontCache)
    SRV - [2009/07/13 20:15:11 | 000,253,440 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\System32\dhcpcore.dll -- (Dhcp)
    SRV - [2009/07/13 20:15:10 | 000,218,624 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\defragsvc.dll -- (defragsvc)
    SRV - [2009/07/13 20:14:59 | 000,076,800 | ---- | M] (Microsoft Corporation) [Unknown | Stopped] -- C:\Windows\System32\bdesvc.dll -- (BDESVC)
    SRV - [2009/07/13 20:14:58 | 000,088,064 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\AxInstSv.dll -- (AxInstSV) ActiveX Installer (AxInstSV)
    SRV - [2009/07/13 20:14:53 | 000,027,648 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\appidsvc.dll -- (AppIDSvc)
    SRV - [2009/07/13 20:14:29 | 003,179,520 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\System32\sppsvc.exe -- (sppsvc)
    SRV - [2009/05/21 14:28:38 | 000,874,768 | ---- | M] (Intel(R) Corporation) [Auto | Running] -- C:\Program Files\Intel\WiFi\bin\EvtEng.exe -- (EvtEng) Intel(R)
    SRV - [2009/05/21 13:04:14 | 000,473,360 | ---- | M] (Intel(R) Corporation) [Auto | Running] -- C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe -- (RegSrvc) Intel(R)
    SRV - [2007/11/08 22:50:10 | 001,552,384 | ---- | M] () [Auto | Stopped] -- C:\Program Files\NTRU Cryptosystems\NTRU TCG Software Stack\bin\tcsd_win32.exe -- (tcsd_win32.exe)
    SRV - [2007/11/07 07:58:18 | 003,004,416 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Program Files\Microsoft Visual Studio 9.0\Common7\IDE\Remote Debugger\x86\msvsmon.exe -- (msvsmon90)
    SRV - [2007/09/13 14:45:38 | 000,102,400 | ---- | M] (IDT, Inc.) [Auto | Running] -- C:\Windows\System32\stacsv.exe -- (STacSV)


    ========== Driver Services (SafeList) ==========

    DRV - File not found [Kernel | On_Demand | Stopped] -- C:\Users\rdeluca\AppData\Local\Temp\catchme.sys -- (catchme)
    DRV - [2010/07/15 08:44:20 | 000,014,216 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\Windows\System32\epmntdrv.sys -- (epmntdrv)
    DRV - [2010/07/15 08:44:20 | 000,008,456 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\Windows\System32\EuGdiDrv.sys -- (EuGdiDrv)
    DRV - [2010/05/19 13:52:36 | 000,016,240 | ---- | M] (Wacom Technology) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\wacmoumonitor.sys -- (wacmoumonitor)
    DRV - [2010/03/25 20:30:22 | 000,042,368 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\System32\drivers\MpNWMon.sys -- (MpNWMon)
    DRV - [2010/03/06 21:36:47 | 000,691,696 | ---- | M] () [Kernel | Boot | Running] -- C:\Windows\System32\Drivers\sptd.sys -- (sptd)
    DRV - [2009/12/17 17:25:12 | 000,026,024 | ---- | M] (Elaborate Bytes AG) [Kernel | System | Running] -- C:\Windows\System32\drivers\ElbyCDIO.sys -- (ElbyCDIO)
    DRV - [2009/12/11 02:44:02 | 000,133,720 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\System32\Drivers\ksecpkg.sys -- (KSecPkg)
    DRV - [2009/11/11 16:23:46 | 000,030,576 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\point32k.sys -- (Point32)
    DRV - [2009/11/10 16:05:06 | 000,022,384 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\dc3d.sys -- (dc3d) MS Hardware Device Detection Driver (HID)
    DRV - [2009/10/20 13:19:44 | 000,050,704 | ---- | M] (CACE Technologies, Inc.) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\npf.sys -- (NPF)
    DRV - [2009/09/25 11:53:42 | 000,020,480 | ---- | M] (Dell Inc.) [Kernel | System | Running] -- C:\Windows\System32\drivers\omci.sys -- (omci)
    DRV - [2009/09/21 15:29:22 | 000,014,120 | ---- | M] (Wacom Technology) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\wacomvhid.sys -- (wacomvhid)
    DRV - [2009/08/21 00:52:10 | 000,066,152 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\xusb21.sys -- (xusb21)
    DRV - [2009/08/09 16:25:56 | 000,029,696 | ---- | M] (Elaborate Bytes AG) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\VClone.sys -- (VClone)
    DRV - [2009/07/13 20:26:21 | 000,015,952 | ---- | M] (CMD Technology, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\cmdide.sys -- (cmdide)
    DRV - [2009/07/13 20:26:17 | 000,297,552 | ---- | M] (Adaptec, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\adpahci.sys -- (adpahci)
    DRV - [2009/07/13 20:26:15 | 000,422,976 | ---- | M] (Adaptec, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\adp94xx.sys -- (adp94xx)
    DRV - [2009/07/13 20:26:15 | 000,159,312 | ---- | M] (AMD Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\amdsbs.sys -- (amdsbs)
    DRV - [2009/07/13 20:26:15 | 000,146,512 | ---- | M] (Adaptec, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\adpu320.sys -- (adpu320)
    DRV - [2009/07/13 20:26:15 | 000,086,608 | ---- | M] (Adaptec, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\arcsas.sys -- (arcsas)
    DRV - [2009/07/13 20:26:15 | 000,079,952 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\amdsata.sys -- (amdsata)
    DRV - [2009/07/13 20:26:15 | 000,076,368 | ---- | M] (Adaptec, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\arc.sys -- (arc)
    DRV - [2009/07/13 20:26:15 | 000,023,616 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\system32\DRIVERS\amdxata.sys -- (amdxata)
    DRV - [2009/07/13 20:26:15 | 000,014,400 | ---- | M] (Acer Laboratories Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\aliide.sys -- (aliide)
    DRV - [2009/07/13 20:20:44 | 000,142,416 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\nvstor.sys -- (nvstor)
    DRV - [2009/07/13 20:20:44 | 000,117,312 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\nvraid.sys -- (nvraid)
    DRV - [2009/07/13 20:20:44 | 000,044,624 | ---- | M] (IBM Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\nfrd960.sys -- (nfrd960)
    DRV - [2009/07/13 20:20:37 | 000,089,168 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\lsi_sas.sys -- (LSI_SAS)
    DRV - [2009/07/13 20:20:36 | 000,332,352 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\iaStorV.sys -- (iaStorV)
    DRV - [2009/07/13 20:20:36 | 000,235,584 | ---- | M] (LSI Corporation, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\MegaSR.sys -- (MegaSR)
    DRV - [2009/07/13 20:20:36 | 000,096,848 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\lsi_scsi.sys -- (LSI_SCSI)
    DRV - [2009/07/13 20:20:36 | 000,095,824 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\lsi_fc.sys -- (LSI_FC)
    DRV - [2009/07/13 20:20:36 | 000,054,864 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\lsi_sas2.sys -- (LSI_SAS2)
    DRV - [2009/07/13 20:20:36 | 000,041,040 | ---- | M] (Intel Corp./ICP vortex GmbH) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\iirsp.sys -- (iirsp)
    DRV - [2009/07/13 20:20:36 | 000,030,800 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\megasas.sys -- (megasas)
    DRV - [2009/07/13 20:20:36 | 000,013,904 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\System32\drivers\hwpolicy.sys -- (hwpolicy)
    DRV - [2009/07/13 20:20:28 | 000,453,712 | ---- | M] (Emulex) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\elxstor.sys -- (elxstor)
    DRV - [2009/07/13 20:20:28 | 000,070,720 | ---- | M] (Adaptec, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\djsvs.sys -- (aic78xx)
    DRV - [2009/07/13 20:20:28 | 000,067,152 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\HpSAMD.sys -- (HpSAMD)
    DRV - [2009/07/13 20:20:28 | 000,046,160 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\System32\drivers\fsdepends.sys -- (FsDepends)
    DRV - [2009/07/13 20:19:11 | 000,141,904 | ---- | M] (VIA Technologies Inc.,Ltd) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\vsmraid.sys -- (vsmraid)
    DRV - [2009/07/13 20:19:10 | 000,175,824 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\vmbus.sys -- (vmbus)
    DRV - [2009/07/13 20:19:10 | 000,159,824 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\vhdmp.sys -- (vhdmp)
    DRV - [2009/07/13 20:19:10 | 000,040,896 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\system32\DRIVERS\vmstorfl.sys -- (storflt)
    DRV - [2009/07/13 20:19:10 | 000,032,832 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\system32\DRIVERS\vdrvroot.sys -- (vdrvroot)
    DRV - [2009/07/13 20:19:10 | 000,028,224 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\storvsc.sys -- (storvsc)
    DRV - [2009/07/13 20:19:10 | 000,019,008 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\System32\drivers\wimmount.sys -- (WIMMount)
    DRV - [2009/07/13 20:19:10 | 000,016,976 | ---- | M] (VIA Technologies, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\viaide.sys -- (viaide)
    DRV - [2009/07/13 20:19:04 | 001,383,488 | ---- | M] (QLogic Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\ql2300.sys -- (ql2300)
    DRV - [2009/07/13 20:19:04 | 000,173,648 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\System32\drivers\rdyboost.sys -- (rdyboost)
    DRV - [2009/07/13 20:19:04 | 000,106,064 | ---- | M] (QLogic Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\ql40xx.sys -- (ql40xx)
    DRV - [2009/07/13 20:19:04 | 000,077,888 | ---- | M] (Silicon Integrated Systems) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\sisraid4.sys -- (SiSRaid4)
    DRV - [2009/07/13 20:19:04 | 000,043,088 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\System32\drivers\pcw.sys -- (pcw)
    DRV - [2009/07/13 20:19:04 | 000,040,016 | ---- | M] (Silicon Integrated Systems Corp.) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\SiSRaid2.sys -- (SiSRaid2)
    DRV - [2009/07/13 20:19:04 | 000,021,072 | ---- | M] (Promise Technology) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\stexstor.sys -- (stexstor)
    DRV - [2009/07/13 20:17:54 | 000,369,568 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\System32\Drivers\cng.sys -- (CNG)
    DRV - [2009/07/13 19:57:25 | 000,272,128 | ---- | M] (Brother Industries Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\Drivers\Brserid.sys -- (Brserid) Brother MFC Serial Port Interface Driver (WDM)
    DRV - [2009/07/13 19:02:41 | 000,018,944 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\rdpbus.sys -- (rdpbus)
    DRV - [2009/07/13 19:01:41 | 000,007,168 | ---- | M] (Microsoft Corporation) [Kernel | System | Running] -- C:\Windows\System32\drivers\RDPREFMP.sys -- (RDPREFMP)
    DRV - [2009/07/13 18:55:00 | 000,049,152 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\agilevpn.sys -- (RasAgileVpn) WAN Miniport (IKEv2)
    DRV - [2009/07/13 18:53:51 | 000,009,728 | ---- | M] (Microsoft Corporation) [Kernel | System | Running] -- C:\Windows\System32\drivers\wfplwf.sys -- (WfpLwf)
    DRV - [2009/07/13 18:52:44 | 000,027,136 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\ndiscap.sys -- (NdisCap)
    DRV - [2009/07/13 18:52:02 | 000,019,968 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\vwifibus.sys -- (vwifibus)
    DRV - [2009/07/13 18:52:00 | 000,163,328 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\1394ohci.sys -- (1394ohci)
    DRV - [2009/07/13 18:51:35 | 000,008,192 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\umpass.sys -- (UmPass)
    DRV - [2009/07/13 18:51:11 | 000,034,944 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\winusb.sys -- (WinUsb)
    DRV - [2009/07/13 18:51:08 | 000,004,096 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\mshidkmdf.sys -- (mshidkmdf)
    DRV - [2009/07/13 18:46:55 | 000,012,288 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\MTConfig.sys -- (MTConfig)
    DRV - [2009/07/13 18:45:26 | 000,031,232 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\CompositeBus.sys -- (CompositeBus)
    DRV - [2009/07/13 18:36:52 | 000,050,176 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\drivers\appid.sys -- (AppID)
    DRV - [2009/07/13 18:33:50 | 000,026,624 | ---- | M] (Microsoft Corporation) [Kernel | Unknown | Running] -- C:\Windows\System32\drivers\scfilter.sys -- (scfilter)
    DRV - [2009/07/13 18:28:47 | 000,005,632 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\vms3cap.sys -- (s3cap)
    DRV - [2009/07/13 18:28:45 | 000,017,920 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\VMBusHID.sys -- (VMBusHID)
    DRV - [2009/07/13 18:24:05 | 000,032,256 | ---- | M] (Microsoft Corporation) [Kernel | System | Running] -- C:\Windows\System32\drivers\discache.sys -- (discache)
    DRV - [2009/07/13 18:16:36 | 000,009,728 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\acpipmi.sys -- (AcpiPmi)
    DRV - [2009/07/13 18:11:04 | 000,052,736 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\amdppm.sys -- (AmdPPM)
    DRV - [2009/07/13 17:54:14 | 000,026,624 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\drivers\hcw85cir.sys -- (hcw85cir)
    DRV - [2009/07/13 17:53:33 | 000,012,160 | ---- | M] (Brother Industries Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\Drivers\BrUsbMdm.sys -- (BrUsbMdm)
    DRV - [2009/07/13 17:53:33 | 000,011,904 | ---- | M] (Brother Industries Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\Drivers\BrUsbSer.sys -- (BrUsbSer)
    DRV - [2009/07/13 17:53:32 | 000,062,336 | ---- | M] (Brother Industries Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\Drivers\BrSerWdm.sys -- (BrSerWdm)
    DRV - [2009/07/13 17:53:28 | 000,013,568 | ---- | M] (Brother Industries, Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\BrFiltLo.sys -- (BrFiltLo)
    DRV - [2009/07/13 17:53:28 | 000,005,248 | ---- | M] (Brother Industries, Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\BrFiltUp.sys -- (BrFiltUp)
    DRV - [2009/07/13 17:13:46 | 000,980,992 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\VSTDPV3.SYS -- (SrvHsfV92)
    DRV - [2009/07/13 17:13:45 | 000,661,504 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\VSTCNXT3.SYS -- (SrvHsfWinac)
    DRV - [2009/07/13 17:13:45 | 000,207,360 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\VSTAZL3.SYS -- (SrvHsfHDA)
    DRV - [2009/07/13 17:02:49 | 000,229,888 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\b57nd60x.sys -- (b57nd60x)
    DRV - [2009/07/13 17:02:48 | 003,100,160 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\evbdx.sys -- (ebdrv)
    DRV - [2009/07/13 17:02:48 | 000,430,080 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\bxvbdx.sys -- (b06bdrv)
    DRV - [2009/05/28 22:41:28 | 004,233,728 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\NETw5v32.sys -- (netw5v32) Intel(R)
    DRV - [2009/05/08 11:56:12 | 000,042,752 | ---- | M] (Motorola Inc) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\motodrv.sys -- (MotDev)
    DRV - [2007/11/17 03:03:00 | 007,630,336 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\nvlddmkm.sys -- (nvlddmkm)
    DRV - [2007/09/13 14:46:06 | 000,330,240 | ---- | M] (IDT, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\stwrt.sys -- (STHDA)
    DRV - [2007/06/25 18:53:10 | 000,155,136 | ---- | M] (Alps Electric Co., Ltd.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\Apfiltr.sys -- (ApfiltrService)
    DRV - [2007/02/16 10:12:36 | 000,011,312 | ---- | M] (Wacom Technology) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\wacommousefilter.sys -- (wacommousefilter)
    DRV - [2006/10/18 10:09:26 | 000,986,624 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\HSX_DPV.sys -- (HSF_DPV)
    DRV - [2006/10/18 10:08:14 | 000,206,848 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\HSXHWAZL.sys -- (HSXHWAZL)
    DRV - [2006/10/18 10:08:04 | 000,659,968 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\HSX_CNXT.sys -- (winachsf)
    DRV - [2006/09/24 08:28:46 | 000,005,248 | ---- | M] (Windows (R) 2000 DDK provider) [Kernel | Boot | Running] -- C:\Windows\system32\speedfan.sys -- (speedfan)
    DRV - [2006/08/04 16:39:10 | 000,008,192 | ---- | M] (Conexant Systems, Inc.) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\XAudio.sys -- (XAudio)
    DRV - [1996/04/03 14:33:26 | 000,005,248 | ---- | M] () [Kernel | Boot | Running] -- C:\Windows\system32\giveio.sys -- (giveio)


    ========== Standard Registry (SafeList) ==========


    ========== Internet Explorer ==========


    IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://mail.lhup.edu/
    IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = en-us
    IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = A0 CC E2 4A 45 4D CB 01 [binary data]
    IE - HKCU\..\URLSearchHook: {EF99BD32-C1FB-11D2-892F-0090271D4F88} - Reg Error: Key error. File not found
    IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
    IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local


    [2010/04/05 10:45:38 | 000,000,000 | ---D | M] -- C:\Users\rdeluca\AppData\Roaming\Mozilla\Extensions
    [2010/04/05 10:45:38 | 000,000,000 | ---D | M] (No name found) -- C:\Users\rdeluca\AppData\Roaming\Mozilla\Extensions\{3550f703-e582-4d05-9a08-453d09bdfdc6}

    O1 HOSTS File: ([2010/12/23 19:24:44 | 000,000,027 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts
    O1 - Hosts: 127.0.0.1 localhost
    O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - No CLSID value found.
    O2 - BHO: (no name) - {FDAD4DA1-61A2-4FD8-9C17-86F7AC245081} - No CLSID value found.
    O3 - HKLM\..\Toolbar: (no name) - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - No CLSID value found.
    O4 - HKLM..\Run: [Apoint] C:\Program Files\DellTPad\Apoint.exe (Alps Electric Co., Ltd.)
    O4 - HKLM..\Run: [MSSE] C:\Program Files\Microsoft Security Essentials\msseces.exe (Microsoft Corporation)
    O4 - HKLM..\Run: [NACAgentUI] C:\Program Files\Cisco\Cisco NAC Agent\NACAgentUI.exe (Cisco Systems, Inc.)
    O4 - HKLM..\Run: [NvCplDaemon] C:\Windows\System32\NvCpl.DLL (NVIDIA Corporation)
    O4 - HKLM..\Run: [NVHotkey] C:\Windows\System32\nvHotkey.DLL (NVIDIA Corporation)
    O4 - HKLM..\Run: [NvMediaCenter] C:\Windows\System32\NvMcTray.DLL (NVIDIA Corporation)
    O4 - HKLM..\Run: [NvSvc] C:\Windows\System32\nvsvc.DLL (NVIDIA Corporation)
    O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
    O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
    O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 0
    O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
    O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLUA = 0
    O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: PromptOnSecureDesktop = 0
    O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
    O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
    O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
    O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab (Java Plug-in 1.6.0_22)
    O16 - DPF: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab (Java Plug-in 1.6.0_22)
    O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab (Java Plug-in 1.6.0_22)
    O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 68.87.75.198 68.87.64.150
    O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
    O20 - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\System32\SystemPropertiesPerformance.exe (Microsoft Corporation)
    O20 - HKLM Winlogon: VMApplet - (/pagefile) - File not found
    O28 - HKLM ShellExecuteHooks: {AEB6717E-7E19-11d0-97EE-00C04FD91972} - Reg Error: Key error. File not found
    O30 - LSA: Security Packages - (pku2u) - C:\Windows\System32\pku2u.dll (Microsoft Corporation)
    O32 - HKLM CDRom: AutoRun - 1
    O32 - AutoRun File - [2009/06/10 16:42:20 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
    O34 - HKLM BootExecute: (autocheck autochk *) - File not found
    O35 - HKLM\..comfile [open] -- "%1" %*
    O35 - HKLM\..exefile [open] -- "%1" %*
    O37 - HKLM\...com [@ = ComFile] -- "%1" %*
    O37 - HKLM\...exe [@ = exefile] -- "%1" %*

    NetSvcs: FastUserSwitchingCompatibility - File not found
    NetSvcs: Ias - File not found
    NetSvcs: Nla - File not found
    NetSvcs: Ntmssvc - File not found
    NetSvcs: NWCWorkstation - File not found
    NetSvcs: Nwsapagent - File not found
    NetSvcs: SRService - File not found
    NetSvcs: WmdmPmSp - File not found
    NetSvcs: LogonHours - File not found
    NetSvcs: PCAudit - File not found
    NetSvcs: helpsvc - File not found
    NetSvcs: uploadmgr - File not found
    NetSvcs: Themes - C:\Windows\System32\themeservice.dll (Microsoft Corporation)
    NetSvcs: BDESVC - C:\Windows\System32\bdesvc.dll (Microsoft Corporation)

    Drivers32: msacm.l3acm - C:\Windows\System32\l3codeca.acm (Fraunhofer Institut Integrierte Schaltungen IIS)
    Drivers32: vidc.cvid - C:\Windows\System32\iccvid.dll (Radius Inc.)
    Drivers32: VIDC.FPS1 - C:\Windows\System32\frapsvid.dll (Beepa P/L)
    Drivers32: vidc.i420 - C:\Windows\System32\i420vfw.dll (www.helixcommunity.org)
    Drivers32: vidc.XVID - C:\Windows\System32\xvidvfw.dll ()
    Drivers32: vidc.yv12 - C:\Windows\System32\yv12vfw.dll (www.helixcommunity.org)


    ========== Files/Folders - Created Within 30 Days ==========

    [2010/12/23 19:35:25 | 000,000,000 | ---D | C] -- C:\Users\rdeluca\Desktop\OTL
    [2010/12/23 19:27:39 | 000,000,000 | ---D | C] -- C:\Users\rdeluca\AppData\Local\temp
    [2010/12/23 19:26:30 | 000,000,000 | -HSD | C] -- C:\$RECYCLE.BIN
    [2010/12/23 18:38:21 | 000,000,000 | ---D | C] -- C:\Windows\temp
    [2010/12/23 18:26:52 | 000,212,480 | ---- | C] (SteelWerX) -- C:\Windows\SWXCACLS.exe
    [2010/12/22 23:08:06 | 000,161,792 | ---- | C] (SteelWerX) -- C:\Windows\SWREG.exe
    [2010/12/22 23:08:06 | 000,136,704 | ---- | C] (SteelWerX) -- C:\Windows\SWSC.exe
    [2010/12/22 23:08:06 | 000,031,232 | ---- | C] (NirSoft) -- C:\Windows\NIRCMD.exe
    [2010/12/22 23:08:01 | 000,000,000 | ---D | C] -- C:\Windows\ERDNT
    [2010/12/22 23:06:10 | 000,000,000 | ---D | C] -- C:\Qoobox
    [2010/12/22 22:55:09 | 000,000,000 | ---D | C] -- C:\Users\rdeluca\Documents\BotScrapyard
    [2010/12/22 22:41:42 | 001,345,624 | ---- | C] (Kaspersky Lab ZAO) -- C:\Users\rdeluca\Desktop\TDSSKiller.exe
    [2010/12/22 22:41:42 | 000,000,000 | ---D | C] -- C:\Users\rdeluca\Desktop\tdsskiller
    [2010/12/22 17:41:01 | 000,000,000 | ---D | C] -- C:\Users\rdeluca\AppData\Roaming\Malwarebytes
    [2010/12/22 17:40:55 | 000,038,224 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbamswissarmy.sys
    [2010/12/22 17:40:54 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes
    [2010/12/22 17:40:50 | 000,020,952 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbam.sys
    [2010/12/22 17:40:50 | 000,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware
    [2010/12/22 15:53:07 | 000,000,000 | ---D | C] -- C:\Users\rdeluca\Desktop\rktkitrevlear
    [2010/12/22 15:18:18 | 000,000,000 | ---D | C] -- C:\adfbca92fe17870c1ff1141b9ba4
    [2010/12/21 12:14:08 | 000,000,000 | ---D | C] -- C:\Users\rdeluca\AppData\Roaming\dvdcss
    [2010/12/20 20:10:49 | 000,000,000 | ---D | C] -- C:\Windows\rescache
    [2010/12/10 13:10:22 | 000,000,000 | ---D | C] -- C:\Program Files\MSXML 4.0
    [2010/12/09 01:16:25 | 000,000,000 | ---D | C] -- C:\Users\rdeluca\Documents\LongPaper
    [2010/12/08 16:42:02 | 000,000,000 | ---D | C] -- C:\Program Files\Motorola
    [2010/12/08 12:56:39 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Motorola Shared
    [2010/12/08 12:54:52 | 000,000,000 | ---D | C] -- C:\android
    [2010/12/06 01:00:15 | 000,000,000 | ---D | C] -- C:\ProgramData\vsosdk
    [2010/12/06 00:06:05 | 000,000,000 | ---D | C] -- C:\Users\rdeluca\Documents\ConvertXtoDVD
    [2010/12/05 23:11:40 | 000,000,000 | ---D | C] -- C:\Users\rdeluca\AppData\Roaming\ImgBurn
    [2010/12/05 22:48:44 | 000,047,360 | ---- | C] (VSO Software) -- C:\Users\rdeluca\AppData\Roaming\pcouffin.sys
    [2010/12/05 22:48:44 | 000,000,000 | ---D | C] -- C:\Users\rdeluca\Documents\PcSetup
    [2010/12/05 22:48:43 | 000,000,000 | ---D | C] -- C:\Users\rdeluca\AppData\Roaming\Vso
    [2010/12/05 22:48:23 | 000,626,688 | ---- | C] (On2.com) -- C:\Windows\System32\vp7vfw.dll
    [2010/12/05 22:48:18 | 000,000,000 | ---D | C] -- C:\Program Files\VSO
    [2010/12/05 22:47:24 | 000,000,000 | ---D | C] -- C:\Users\rdeluca\AppData\Roaming\DAEMON Tools Lite
    [2010/12/05 22:47:19 | 000,000,000 | ---D | C] -- C:\ProgramData\DAEMON Tools Lite
    [2010/11/30 22:03:43 | 000,000,000 | ---D | C] -- C:\Program Files\Recuva
    [2010/11/30 21:05:51 | 000,000,000 | ---D | C] -- C:\Users\rdeluca\Documents\improv
    [2010/11/23 23:35:29 | 000,000,000 | ---D | C] -- C:\Program Files\EASEUS
    [2010/11/23 23:33:48 | 010,398,264 | ---- | C] (EASEUS ) -- C:\Users\rdeluca\Desktop\EPMSetup.exe
    [1 C:\Users\rdeluca\Documents\*.tmp files -> C:\Users\rdeluca\Documents\*.tmp -> ]
    [1 C:\Users\rdeluca\Documents\*.tmp files -> C:\Users\rdeluca\Documents\*.tmp -> ]

    ========== Files - Modified Within 30 Days ==========

    [2010/12/23 19:35:21 | 000,028,029 | ---- | M] () -- C:\Users\rdeluca\AppData\Roaming\nvModes.001
    [2010/12/23 19:24:44 | 000,000,027 | ---- | M] () -- C:\Windows\System32\drivers\etc\hosts
    [2010/12/23 19:20:00 | 000,000,916 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-1441931260-54369168-2957783495-1001UA.job
    [2010/12/23 18:47:23 | 000,014,304 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
    [2010/12/23 18:47:23 | 000,014,304 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
    [2010/12/23 18:44:12 | 000,618,264 | ---- | M] () -- C:\Windows\System32\perfh009.dat
    [2010/12/23 18:44:12 | 000,104,546 | ---- | M] () -- C:\Windows\System32\perfc009.dat
    [2010/12/23 18:39:43 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
    [2010/12/23 18:39:35 | 1609,134,080 | -HS- | M] () -- C:\hiberfil.sys
    [2010/12/23 18:26:33 | 003,997,850 | R--- | M] () -- C:\Users\rdeluca\Desktop\ComboFix.exe
    [2010/12/22 23:03:43 | 000,780,283 | ---- | M] () -- C:\Users\rdeluca\Desktop\rkill.com
    [2010/12/22 22:56:39 | 000,080,384 | ---- | M] () -- C:\Users\rdeluca\Desktop\MBRCheck.exe
    [2010/12/22 22:40:57 | 000,000,069 | ---- | M] () -- C:\Users\rdeluca\Desktop\BSOD, Rootkit problem. Oops - TechSpot OpenBoards.url
    [2010/12/22 22:40:36 | 001,232,020 | ---- | M] () -- C:\Users\rdeluca\Desktop\tdsskiller.zip
    [2010/12/22 17:39:03 | 000,000,068 | ---- | M] () -- C:\Users\rdeluca\Desktop\UPDATED 8-step Viruses-Spyware-Malware Preliminary Removal Instructions - TechSpot OpenBoards.url
    [2010/12/22 17:25:29 | 000,016,520 | ---- | M] () -- C:\Users\rdeluca\Documents\Cover Letter.docx
    [2010/12/22 17:05:37 | 000,296,448 | ---- | M] () -- C:\Users\rdeluca\Desktop\m8908ghl.exe
    [2010/12/22 16:08:45 | 124,545,842 | ---- | M] () -- C:\Windows\System32\IK
    [2010/12/22 16:04:27 | 000,028,029 | ---- | M] () -- C:\Users\rdeluca\AppData\Roaming\nvModes.dat
    [2010/12/22 16:04:26 | 049,479,680 | ---- | M] () -- C:\Windows\System32\PPTIJFB
    [2010/12/22 15:20:03 | 000,000,864 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-1441931260-54369168-2957783495-1001Core.job
    [2010/12/22 13:59:38 | 000,015,725 | ---- | M] () -- C:\Users\rdeluca\Documents\RDelucaResume.docx
    [2010/12/21 13:19:37 | 000,000,671 | ---- | M] () -- C:\Users\rdeluca\AppData\Roaming\vso_ts_preview.xml
    [2010/12/20 18:09:00 | 000,038,224 | ---- | M] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbamswissarmy.sys
    [2010/12/20 18:08:40 | 000,020,952 | ---- | M] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbam.sys
    [2010/12/16 09:47:52 | 001,345,624 | ---- | M] (Kaspersky Lab ZAO) -- C:\Users\rdeluca\Desktop\TDSSKiller.exe
    [2010/12/15 16:17:39 | 000,019,573 | ---- | M] () -- C:\Users\rdeluca\Documents\RichardDeLucaParallelProgrammingFinal.xlsx
    [2010/12/15 16:16:00 | 002,371,688 | ---- | M] () -- C:\Windows\System32\FNTCACHE.DAT
    [2010/12/15 03:09:11 | 000,028,869 | ---- | M] () -- C:\Users\rdeluca\Documents\RichardDeLucaPPFinal.zip
    [2010/12/15 03:07:41 | 000,014,087 | ---- | M] () -- C:\Users\rdeluca\Documents\RichardDeLucaParallelProgrammingFinal.ods
    [2010/12/15 03:06:30 | 000,000,600 | ---- | M] () -- C:\Users\rdeluca\AppData\Roaming\winscp.rnd
    [2010/12/15 02:24:10 | 000,000,600 | ---- | M] () -- C:\Users\rdeluca\PUTTY.RND
    [2010/12/14 23:00:08 | 000,003,798 | ---- | M] () -- C:\Users\rdeluca\Desktop\matMux.tgz
    [2010/12/14 15:54:00 | 000,000,670 | ---- | M] () -- C:\Users\rdeluca\Desktop\readability.html
    [2010/12/09 01:16:07 | 000,019,534 | ---- | M] () -- C:\Users\rdeluca\Documents\DigitalDistribution.docx
    [2010/12/08 16:46:30 | 000,002,597 | ---- | M] () -- C:\Users\rdeluca\Desktop\RSD Lite.lnk
    [2010/12/07 23:18:37 | 000,031,716 | ---- | M] () -- C:\Users\rdeluca\Desktop\augmentation_completion.pdf
    [2010/12/07 18:43:30 | 000,041,823 | ---- | M] () -- C:\Users\rdeluca\Desktop\are-you-wizard.jpg
    [2010/12/07 18:29:48 | 000,012,142 | ---- | M] () -- C:\Users\rdeluca\Documents\Sum.docx
    [2010/12/07 17:00:32 | 000,015,326 | ---- | M] () -- C:\Users\rdeluca\Documents\Richard De Luca Critical Thinking Assig 3.docx
    [2010/12/05 22:48:44 | 000,047,360 | ---- | M] (VSO Software) -- C:\Users\rdeluca\AppData\Roaming\pcouffin.sys
    [2010/12/05 22:48:44 | 000,007,887 | ---- | M] () -- C:\Users\rdeluca\AppData\Roaming\pcouffin.cat
    [2010/12/05 22:48:44 | 000,001,144 | ---- | M] () -- C:\Users\rdeluca\AppData\Roaming\pcouffin.inf
    [2010/12/05 22:48:37 | 000,001,114 | ---- | M] () -- C:\Users\rdeluca\Desktop\ConvertXtoDvd 3.lnk
    [2010/12/05 20:56:40 | 000,001,304 | ---- | M] () -- C:\Users\rdeluca\Desktop\Notepad.lnk
    [2010/11/30 23:26:12 | 004,709,291 | ---- | M] () -- C:\Users\rdeluca\Documents\DangerouslyImprov MiniPosters.psd
    [2010/11/30 23:25:46 | 000,246,376 | ---- | M] () -- C:\Users\rdeluca\Documents\Dangerously Improv Sign.psd
    [2010/11/27 16:36:54 | 000,007,608 | ---- | M] () -- C:\Users\rdeluca\AppData\Local\resmon.resmoncfg
    [2010/11/25 21:14:20 | 000,015,260 | ---- | M] () -- C:\Users\rdeluca\Documents\RDelucaResume2010.docx
    [2010/11/25 21:12:00 | 000,023,304 | ---- | M] () -- C:\Users\rdeluca\Documents\R_DeLuca_Software_Engineer.docx
    [2010/11/25 21:09:11 | 000,051,200 | ---- | M] () -- C:\Users\rdeluca\Documents\R_DeLuca_Software_Engineer.doc
    [2010/11/24 20:10:15 | 000,000,362 | RHS- | M] () -- C:\ProgramData\ntuser.pol
    [2010/11/24 00:49:04 | 000,001,224 | -H-- | M] () -- C:\Windows\EPMBatch.ept
    [1 C:\Users\rdeluca\Documents\*.tmp files -> C:\Users\rdeluca\Documents\*.tmp -> ]
    [1 C:\Users\rdeluca\Documents\*.tmp files -> C:\Users\rdeluca\Documents\*.tmp -> ]

    ========== Files Created - No Company Name ==========

    [2010/12/22 23:08:06 | 000,256,512 | ---- | C] () -- C:\Windows\PEV.exe
    [2010/12/22 23:08:06 | 000,098,816 | ---- | C] () -- C:\Windows\sed.exe
    [2010/12/22 23:08:06 | 000,089,088 | ---- | C] () -- C:\Windows\MBR.exe
    [2010/12/22 23:08:06 | 000,080,412 | ---- | C] () -- C:\Windows\grep.exe
    [2010/12/22 23:08:06 | 000,068,096 | ---- | C] () -- C:\Windows\zip.exe
    [2010/12/22 23:03:46 | 000,780,283 | ---- | C] () -- C:\Users\rdeluca\Desktop\rkill.com
    [2010/12/22 22:57:05 | 003,997,850 | R--- | C] () -- C:\Users\rdeluca\Desktop\ComboFix.exe
    [2010/12/22 22:56:44 | 000,080,384 | ---- | C] () -- C:\Users\rdeluca\Desktop\MBRCheck.exe
    [2010/12/22 22:40:57 | 000,000,069 | ---- | C] () -- C:\Users\rdeluca\Desktop\BSOD, Rootkit problem. Oops - TechSpot OpenBoards.url
    [2010/12/22 22:40:38 | 001,232,020 | ---- | C] () -- C:\Users\rdeluca\Desktop\tdsskiller.zip
    [2010/12/22 17:39:03 | 000,000,068 | ---- | C] () -- C:\Users\rdeluca\Desktop\UPDATED 8-step Viruses-Spyware-Malware Preliminary Removal Instructions - TechSpot OpenBoards.url
    [2010/12/22 17:25:45 | 000,296,448 | ---- | C] () -- C:\Users\rdeluca\Desktop\m8908ghl.exe
    [2010/12/22 16:02:51 | 049,479,680 | ---- | C] () -- C:\Windows\System32\PPTIJFB
    [2010/12/22 16:02:04 | 124,545,842 | ---- | C] () -- C:\Windows\System32\IK
    [2010/12/21 23:47:02 | 000,016,520 | ---- | C] () -- C:\Users\rdeluca\Documents\Cover Letter.docx
    [2010/12/15 03:09:10 | 000,028,869 | ---- | C] () -- C:\Users\rdeluca\Documents\RichardDeLucaPPFinal.zip
    [2010/12/15 03:07:38 | 000,014,087 | ---- | C] () -- C:\Users\rdeluca\Documents\RichardDeLucaParallelProgrammingFinal.ods
    [2010/12/15 03:07:24 | 000,019,573 | ---- | C] () -- C:\Users\rdeluca\Documents\RichardDeLucaParallelProgrammingFinal.xlsx
    [2010/12/14 23:00:03 | 000,003,798 | ---- | C] () -- C:\Users\rdeluca\Desktop\matMux.tgz
    [2010/12/14 15:54:00 | 000,000,670 | ---- | C] () -- C:\Users\rdeluca\Desktop\readability.html
    [2010/12/08 16:46:30 | 000,002,597 | ---- | C] () -- C:\Users\rdeluca\Desktop\RSD Lite.lnk
    [2010/12/07 23:18:17 | 000,031,716 | ---- | C] () -- C:\Users\rdeluca\Desktop\augmentation_completion.pdf
    [2010/12/07 18:43:30 | 000,041,823 | ---- | C] () -- C:\Users\rdeluca\Desktop\are-you-wizard.jpg
    [2010/12/07 16:59:30 | 000,015,326 | ---- | C] () -- C:\Users\rdeluca\Documents\Richard De Luca Critical Thinking Assig 3.docx
    [2010/12/05 22:50:27 | 000,000,671 | ---- | C] () -- C:\Users\rdeluca\AppData\Roaming\vso_ts_preview.xml
    [2010/12/05 22:49:57 | 000,000,034 | ---- | C] () -- C:\Users\rdeluca\AppData\Roaming\pcouffin.log
    [2010/12/05 22:48:44 | 000,007,887 | ---- | C] () -- C:\Users\rdeluca\AppData\Roaming\pcouffin.cat
    [2010/12/05 22:48:44 | 000,001,144 | ---- | C] () -- C:\Users\rdeluca\AppData\Roaming\pcouffin.inf
    [2010/12/05 22:48:37 | 000,001,114 | ---- | C] () -- C:\Users\rdeluca\Desktop\ConvertXtoDvd 3.lnk
    [2010/12/05 22:12:05 | 000,019,534 | ---- | C] () -- C:\Users\rdeluca\Documents\DigitalDistribution.docx
    [2010/12/05 20:56:40 | 000,001,304 | ---- | C] () -- C:\Users\rdeluca\Desktop\Notepad.lnk
    [2010/11/25 21:14:27 | 000,015,725 | ---- | C] () -- C:\Users\rdeluca\Documents\RDelucaResume.docx
    [2010/11/25 21:14:20 | 000,015,260 | ---- | C] () -- C:\Users\rdeluca\Documents\RDelucaResume2010.docx
    [2010/11/25 21:11:57 | 000,023,304 | ---- | C] () -- C:\Users\rdeluca\Documents\R_DeLuca_Software_Engineer.docx
    [2010/11/24 20:09:28 | 000,000,362 | RHS- | C] () -- C:\ProgramData\ntuser.pol
    [2010/11/23 23:46:17 | 000,001,224 | -H-- | C] () -- C:\Windows\EPMBatch.ept
    [2010/11/23 23:35:43 | 002,217,088 | ---- | C] () -- C:\Windows\System32\BootMan.exe
    [2010/11/23 23:35:43 | 000,014,848 | ---- | C] () -- C:\Windows\System32\EuEpmGdi.dll
    [2010/11/23 23:35:42 | 000,086,408 | ---- | C] () -- C:\Windows\System32\setupempdrv03.exe
    [2010/11/23 23:35:42 | 000,014,216 | ---- | C] () -- C:\Windows\System32\epmntdrv.sys
    [2010/11/23 23:35:42 | 000,008,456 | ---- | C] () -- C:\Windows\System32\EuGdiDrv.sys
    [2010/09/19 21:41:19 | 000,004,608 | ---- | C] () -- C:\Users\rdeluca\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
    [2010/09/19 19:21:04 | 000,815,104 | ---- | C] () -- C:\Windows\System32\xvidcore.dll
    [2010/09/19 19:21:02 | 000,180,224 | ---- | C] () -- C:\Windows\System32\xvidvfw.dll
    [2010/07/02 18:49:12 | 000,027,648 | ---- | C] () -- C:\Windows\System32\AVSredirect.dll
    [2010/06/03 18:41:31 | 000,007,608 | ---- | C] () -- C:\Users\rdeluca\AppData\Local\resmon.resmoncfg
    [2010/03/29 20:13:57 | 002,463,976 | ---- | C] () -- C:\Windows\System32\NPSWF32.dll
    [2010/03/07 19:31:35 | 000,000,600 | ---- | C] () -- C:\Users\rdeluca\AppData\Local\PUTTY.RND
    [2010/03/06 21:36:47 | 000,691,696 | ---- | C] () -- C:\Windows\System32\drivers\sptd.sys
    [2010/03/06 21:25:51 | 000,028,029 | ---- | C] () -- C:\Users\rdeluca\AppData\Roaming\nvModes.001
    [2010/03/06 21:21:49 | 000,028,029 | ---- | C] () -- C:\Users\rdeluca\AppData\Roaming\nvModes.dat
    [2010/03/06 16:59:35 | 000,000,600 | ---- | C] () -- C:\Users\rdeluca\AppData\Roaming\winscp.rnd
    [2009/10/20 13:19:30 | 000,053,299 | ---- | C] () -- C:\Windows\System32\pthreadVC.dll
    [2009/08/03 14:07:42 | 000,403,816 | ---- | C] () -- C:\Windows\System32\OGACheckControl.dll
    [2009/07/13 18:51:43 | 000,073,728 | ---- | C] () -- C:\Windows\System32\BthpanContextHandler.dll
    [2009/07/13 18:42:10 | 000,064,000 | ---- | C] () -- C:\Windows\System32\BWContextHandler.dll
    [1996/04/03 14:33:26 | 000,005,248 | ---- | C] () -- C:\Windows\System32\giveio.sys

    ========== LOP Check ==========

    [2010/11/12 16:09:37 | 000,000,000 | ---D | M] -- C:\Users\rdeluca\AppData\Roaming\.minecraft
    [2010/04/18 19:07:56 | 000,000,000 | ---D | M] -- C:\Users\rdeluca\AppData\Roaming\CiscoCAA
    [2010/12/05 22:47:24 | 000,000,000 | ---D | M] -- C:\Users\rdeluca\AppData\Roaming\DAEMON Tools Lite
    [2010/03/06 21:45:21 | 000,000,000 | ---D | M] -- C:\Users\rdeluca\AppData\Roaming\DAEMON Tools Pro
    [2010/12/05 23:11:40 | 000,000,000 | ---D | M] -- C:\Users\rdeluca\AppData\Roaming\ImgBurn
    [2010/06/10 21:41:43 | 000,000,000 | ---D | M] -- C:\Users\rdeluca\AppData\Roaming\LolClient
    [2010/10/10 20:15:59 | 000,000,000 | ---D | M] -- C:\Users\rdeluca\AppData\Roaming\maario
    [2010/03/07 22:10:44 | 000,000,000 | ---D | M] -- C:\Users\rdeluca\AppData\Roaming\Mael
    [2010/07/24 17:19:10 | 000,000,000 | ---D | M] -- C:\Users\rdeluca\AppData\Roaming\MotioninJoy
    [2010/10/03 23:14:58 | 000,000,000 | ---D | M] -- C:\Users\rdeluca\AppData\Roaming\MySQL
    [2010/03/06 21:54:29 | 000,000,000 | ---D | M] -- C:\Users\rdeluca\AppData\Roaming\Notepad++
    [2010/04/22 09:45:24 | 000,000,000 | ---D | M] -- C:\Users\rdeluca\AppData\Roaming\OpenOffice.org
    [2010/03/08 23:51:50 | 000,000,000 | ---D | M] -- C:\Users\rdeluca\AppData\Roaming\SystemRequirementsLab
    [2010/04/05 10:45:38 | 000,000,000 | ---D | M] -- C:\Users\rdeluca\AppData\Roaming\Thunderbird
    [2010/08/09 20:16:05 | 000,000,000 | ---D | M] -- C:\Users\rdeluca\AppData\Roaming\Trillian
    [
  14. buggedBoy

    buggedBoy Newcomer, in training Topic Starter

    2010/12/22 15:04:43 | 000,000,000 | ---D | M] -- C:\Users\rdeluca\AppData\Roaming\uTorrent
    [2010/12/21 13:19:38 | 000,000,000 | ---D | M] -- C:\Users\rdeluca\AppData\Roaming\Vso
    [2010/03/22 11:02:44 | 000,000,000 | ---D | M] -- C:\Users\rdeluca\AppData\Roaming\Wireshark
    [2009/07/13 23:53:46 | 000,013,122 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT

    ========== Purity Check ==========





    ========== Custom Scans ==========


    < %SYSTEMDRIVE%\*.* >
    [2009/06/10 16:42:20 | 000,000,024 | ---- | M] () -- C:\autoexec.bat
    [2009/07/13 20:38:58 | 000,383,562 | RHS- | M] () -- C:\bootmgr
    [2010/03/06 18:53:10 | 000,008,192 | RHS- | M] () -- C:\BOOTSECT.BAK
    [2010/12/23 19:27:38 | 000,019,517 | ---- | M] () -- C:\ComboFix.txt
    [2009/06/10 16:42:20 | 000,000,010 | ---- | M] () -- C:\config.sys
    [2007/11/07 07:00:40 | 000,001,110 | ---- | M] () -- C:\globdata.ini
    [2010/12/23 18:39:35 | 1609,134,080 | -HS- | M] () -- C:\hiberfil.sys
    [2007/11/07 07:00:40 | 000,000,843 | ---- | M] () -- C:\install.ini
    [2007/11/07 07:03:18 | 000,076,304 | ---- | M] (Microsoft Corporation) -- C:\install.res.1028.dll
    [2007/11/07 07:03:18 | 000,096,272 | ---- | M] (Microsoft Corporation) -- C:\install.res.1031.dll
    [2007/11/07 07:03:18 | 000,091,152 | ---- | M] (Microsoft Corporation) -- C:\install.res.1033.dll
    [2007/11/07 07:03:18 | 000,097,296 | ---- | M] (Microsoft Corporation) -- C:\install.res.1036.dll
    [2007/11/07 07:03:18 | 000,095,248 | ---- | M] (Microsoft Corporation) -- C:\install.res.1040.dll
    [2007/11/07 07:03:18 | 000,081,424 | ---- | M] (Microsoft Corporation) -- C:\install.res.1041.dll
    [2007/11/07 07:03:18 | 000,079,888 | ---- | M] (Microsoft Corporation) -- C:\install.res.1042.dll
    [2007/11/07 07:03:18 | 000,075,792 | ---- | M] (Microsoft Corporation) -- C:\install.res.2052.dll
    [2007/11/07 07:03:18 | 000,096,272 | ---- | M] (Microsoft Corporation) -- C:\install.res.3082.dll
    [2010/12/23 18:39:36 | 2145,513,472 | -HS- | M] () -- C:\pagefile.sys
    [2010/12/22 23:29:29 | 000,000,361 | ---- | M] () -- C:\rkill.log
    [2010/12/22 22:42:59 | 000,067,676 | ---- | M] () -- C:\TDSSKiller.2.4.12.0_22.12.2010_22.42.08_log.txt
    [2007/11/07 07:00:40 | 000,005,686 | ---- | M] () -- C:\vcredist.bmp
    [2007/11/07 07:09:22 | 001,442,522 | ---- | M] () -- C:\VC_RED.cab
    [2007/11/07 07:12:28 | 000,232,960 | ---- | M] () -- C:\VC_RED.MSI
    [2010/07/10 21:59:31 | 000,004,134 | ---- | M] () -- C:\WirelessDiagLog.csv

    < %systemroot%\Fonts\*.com >
    [2009/07/13 23:52:25 | 000,026,040 | ---- | M] () -- C:\Windows\Fonts\GlobalMonospace.CompositeFont
    [2009/07/13 23:52:25 | 000,026,489 | ---- | M] () -- C:\Windows\Fonts\GlobalSansSerif.CompositeFont
    [2009/07/13 23:52:25 | 000,029,779 | ---- | M] () -- C:\Windows\Fonts\GlobalSerif.CompositeFont
    [2009/07/13 23:52:25 | 000,043,318 | ---- | M] () -- C:\Windows\Fonts\GlobalUserInterface.CompositeFont

    < %systemroot%\Fonts\*.dll >

    < %systemroot%\Fonts\*.ini >
    [2009/06/10 16:31:19 | 000,000,065 | ---- | M] () -- C:\Windows\Fonts\desktop.ini

    < %systemroot%\Fonts\*.ini2 >

    < %systemroot%\Fonts\*.exe >

    < %systemroot%\system32\spool\prtprocs\w32x86\*.* >
    [2009/07/13 20:15:05 | 000,070,144 | ---- | M] (CANON INC.) -- C:\Windows\System32\spool\prtprocs\w32x86\CNBPP3.DLL
    [2006/10/26 18:56:12 | 000,033,104 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\spool\prtprocs\w32x86\msonpppr.dll
    [2009/07/13 20:16:19 | 000,029,696 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\spool\prtprocs\w32x86\winprint.dll

    < %systemroot%\REPAIR\*.bak1 >

    < %systemroot%\REPAIR\*.ini >

    < %systemroot%\system32\*.jpg >

    < %systemroot%\*.jpg >

    < %systemroot%\*.png >

    < %systemroot%\*.scr >

    < %systemroot%\*._sy >

    < %APPDATA%\Adobe\Update\*.* >

    < %ALLUSERSPROFILE%\Favorites\*.* >

    < %APPDATA%\Microsoft\*.* >

    < %PROGRAMFILES%\*.* >
    [2009/07/13 23:41:57 | 000,000,174 | -HS- | M] () -- C:\Program Files\desktop.ini

    < %APPDATA%\Update\*.* >

    < %systemroot%\*. /mp /s >

    < %systemroot%\System32\config\*.sav >

    < %PROGRAMFILES%\bak. /s >

    < %systemroot%\system32\bak. /s >

    < %ALLUSERSPROFILE%\Start Menu\*.lnk /x >

    < %systemroot%\system32\config\systemprofile\*.dat /x >

    < %systemroot%\*.config >

    < %systemroot%\system32\*.db >

    < %APPDATA%\Microsoft\Internet Explorer\Quick Launch\*.lnk /x >
    [2010/03/06 20:38:28 | 000,000,221 | -HS- | M] () -- C:\Users\rdeluca\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\desktop.ini

    < %USERPROFILE%\Desktop\*.exe >
    [2010/12/23 18:26:33 | 003,997,850 | R--- | M] () -- C:\Users\rdeluca\Desktop\ComboFix.exe
    [2010/04/18 23:02:17 | 001,460,010 | ---- | M] (DOSBox Team) -- C:\Users\rdeluca\Desktop\DOSBox0.73-win32-installer.exe
    [2010/11/14 10:41:24 | 010,398,264 | ---- | M] (EASEUS ) -- C:\Users\rdeluca\Desktop\EPMSetup.exe
    [2010/12/22 17:05:37 | 000,296,448 | ---- | M] () -- C:\Users\rdeluca\Desktop\m8908ghl.exe
    [2010/12/22 22:56:39 | 000,080,384 | ---- | M] () -- C:\Users\rdeluca\Desktop\MBRCheck.exe
    [2010/09/21 23:45:20 | 000,232,501 | ---- | M] () -- C:\Users\rdeluca\Desktop\Minecraft .exe
    [2009/10/05 18:12:00 | 000,342,016 | ---- | M] () -- C:\Users\rdeluca\Desktop\NUSD_13Beta.exe
    [2010/03/07 19:23:03 | 000,421,888 | ---- | M] () -- C:\Users\rdeluca\Desktop\putty.exe
    [2003/05/21 21:29:00 | 000,195,781 | ---- | M] () -- C:\Users\rdeluca\Desktop\smallftpd.exe
    [2010/12/16 09:47:52 | 001,345,624 | ---- | M] (Kaspersky Lab ZAO) -- C:\Users\rdeluca\Desktop\TDSSKiller.exe
    [2010/03/07 19:28:36 | 000,271,312 | ---- | M] (RealVNC Ltd.) -- C:\Users\rdeluca\Desktop\vncviewer.exe
    [2010/05/30 16:10:09 | 000,136,329 | ---- | M] (Team USB Loader GX) -- C:\Users\rdeluca\Desktop\Wiiload_1.1_Installer.exe

    < %PROGRAMFILES%\Common Files\*.* >

    < %systemroot%\*.src >

    < %systemroot%\install\*.* >

    < %systemroot%\system32\DLL\*.* >

    < %systemroot%\system32\HelpFiles\*.* >

    < %systemroot%\system32\rundll\*.* >

    < %systemroot%\winn32\*.* >

    < %systemroot%\Java\*.* >

    < %systemroot%\system32\test\*.* >

    < %systemroot%\system32\Rundll32\*.* >

    < %systemroot%\AppPatch\Custom\*.* >

    < %APPDATA%\Roaming\Microsoft\Windows\Recent\*.lnk /x >

    < %PROGRAMFILES%\PC-Doctor\Downloads\*.* >

    < %PROGRAMFILES%\Internet Explorer\*.tmp >

    < %PROGRAMFILES%\Internet Explorer\*.dat >

    < %USERPROFILE%\My Documents\*.exe >

    < %USERPROFILE%\*.exe >

    < %systemroot%\ADDINS\*.* >

    < %systemroot%\assembly\*.bak2 >

    < %systemroot%\Config\*.* >

    < %systemroot%\REPAIR\*.bak2 >

    < %systemroot%\SECURITY\Database\*.sdb /x >

    < %systemroot%\SYSTEM\*.bak2 >

    < %systemroot%\Web\*.bak2 >

    < %systemroot%\Driver Cache\*.* >

    < %PROGRAMFILES%\Mozilla Firefox\0*.exe >

    < %ProgramFiles%\Microsoft Common\*.* >

    < %ProgramFiles%\TinyProxy. >

    < %USERPROFILE%\Favorites\*.url /x >
    [2010/08/28 01:37:00 | 000,000,402 | -HS- | M] () -- C:\Users\rdeluca\Favorites\desktop.ini

    < %systemroot%\system32\*.bk >

    < %systemroot%\*.te >

    < %systemroot%\system32\system32\*.* >

    < %ALLUSERSPROFILE%\*.dat /x >
    [2010/11/24 20:10:15 | 000,000,362 | RHS- | M] () -- C:\ProgramData\ntuser.pol

    < %systemroot%\system32\drivers\*.rmv >

    < dir /b "%systemroot%\system32\*.exe" | find /i " " /c >

    < dir /b "%systemroot%\*.exe" | find /i " " /c >

    < %PROGRAMFILES%\Microsoft\*.* >

    < %systemroot%\System32\Wbem\proquota.exe >

    < %PROGRAMFILES%\Mozilla Firefox\*.dat >

    < %USERPROFILE%\Cookies\*.txt /x >

    < %SystemRoot%\system32\fonts\*.* >

    < %systemroot%\system32\winlog\*.* >

    < %systemroot%\system32\Language\*.* >

    < %systemroot%\system32\Settings\*.* >

    < %systemroot%\system32\*.quo >

    < %SYSTEMROOT%\AppPatch\*.exe >
    [2003/06/13 16:23:06 | 000,050,176 | ---- | M] (Microsoft Corporation) -- C:\Windows\AppPatch\AppLoc.exe

    < %SYSTEMROOT%\inf\*.exe >

    < %SYSTEMROOT%\Installer\*.exe >

    < %systemroot%\system32\config\*.bak2 >

    < %systemroot%\system32\Computers\*.* >

    < %SystemRoot%\system32\Sound\*.* >

    < %SystemRoot%\system32\SpecialImg\*.* >

    < %SystemRoot%\system32\code\*.* >

    < %SystemRoot%\system32\draft\*.* >

    < %SystemRoot%\system32\MSSSys\*.* >

    < %ProgramFiles%\Javascript\*.* >

    < %systemroot%\pchealth\helpctr\System\*.exe /s >

    < %systemroot%\Web\*.exe >

    < %systemroot%\system32\msn\*.* >

    < %systemroot%\system32\*.tro >

    < %AppData%\Microsoft\Installer\msupdates\*.* >

    < %ProgramFiles%\Messenger\*.* >

    < %systemroot%\system32\systhem32\*.* >

    < %systemroot%\system\*.exe >

    < HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate\AU >

    < HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\ Auto Update\Results\Install|LastSuccessTime /rs >


    < End of report >



    OTL Extras logfile created on: 12/23/2010 7:35:55 PM - Run 1
    OTL by OldTimer - Version 3.2.18.0 Folder = C:\Users\rdeluca\Desktop\OTL
    An unknown product (Version = 6.1.7600) - Type = NTWorkstation
    Internet Explorer (Version = 8.0.7600.16385)
    Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

    2.00 Gb Total Physical Memory | 1.00 Gb Available Physical Memory | 51.00% Memory free
    4.00 Gb Paging File | 3.00 Gb Available in Paging File | 70.00% Paging File free
    Paging file location(s): ?:\pagefile.sys [binary data]

    %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
    Drive C: | 72.46 Gb Total Space | 3.18 Gb Free Space | 4.38% Space Free | Partition Type: NTFS
    Drive D: | 2.00 Gb Total Space | 1.96 Gb Free Space | 98.14% Space Free | Partition Type: NTFS

    Computer Name: BLUE-PC | User Name: rdeluca | Logged in as Administrator.
    Boot Mode: Normal | Scan Mode: Current user | Quick Scan
    Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

    ========== Extra Registry (SafeList) ==========


    ========== File Associations ==========

    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
    .cpl [@ = cplfile] -- C:\Windows\System32\control.exe (Microsoft Corporation)
    .hlp [@ = hlpfile] -- C:\Windows\winhlp32.exe (Microsoft Corporation)

    [HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>]
    .html [@ = ChromeHTML] -- Reg Error: Key error. File not found

    ========== Shell Spawning ==========

    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
    batfile [open] -- "%1" %*
    cmdfile [open] -- "%1" %*
    comfile [open] -- "%1" %*
    cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
    exefile [open] -- "%1" %*
    helpfile [open] -- Reg Error: Key error.
    hlpfile [open] -- %SystemRoot%\winhlp32.exe %1 (Microsoft Corporation)
    piffile [open] -- "%1" %*
    regfile [merge] -- Reg Error: Key error.
    scrfile [config] -- "%1"
    scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l (Microsoft Corporation)
    scrfile [open] -- "%1" /S
    txtfile [edit] -- Reg Error: Key error.
    Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
    Directory [AddToPlaylistVLC] -- "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" ()
    Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
    Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
    Directory [PlayWithVLC] -- "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" ()
    Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
    Folder [explore] -- Reg Error: Value error.
    Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

    ========== Security Center Settings ==========

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
    "cval" = 1
    "FirewallDisableNotify" = 0
    "AntiVirusDisableNotify" = 0
    "UpdatesDisableNotify" = 0

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
    "VistaSp1" = Reg Error: Unknown registry data type -- File not found
    "AntiVirusOverride" = 0
    "AntiSpywareOverride" = 0
    "FirewallOverride" = 0

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]

    ========== System Restore Settings ==========

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]
    "DisableSR" = 0

    ========== Firewall Settings ==========

    [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\StandardProfile]

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
    "DisableNotifications" = 0
    "EnableFirewall" = 1

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
    "DisableNotifications" = 0
    "EnableFirewall" = 0

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
    "DisableNotifications" = 0
    "EnableFirewall" = 0

    ========== Authorized Applications List ==========

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]


    ========== HKEY_LOCAL_MACHINE Uninstall List ==========

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
    "{002D9D5E-29BA-3E6D-9BC4-3D7D6DBC735C}" = Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148
    "{00ADFB20-AE75-46F4-AD2C-F48B15AC3100}" = Adobe Color NA Recommended Settings CS4
    "{048298C9-A4D3-490B-9FF9-AB023A9238F3}" = Steam
    "{05308C4E-7285-4066-BAE3-6B50DA6ED755}" = Adobe Update Manager CS4
    "{054EFA56-2AC1-48F4-A883-0AB89874B972}" = Adobe Extension Manager CS4
    "{05EC21B8-4593-3037-A781-A6B5AFFCB19D}" = Microsoft Windows SDK for Visual Studio 2008 .NET Framework Tools
    "{098727E1-775A-4450-B573-3F441F1CA243}" = kuler
    "{0D6013AB-A0C7-41DC-973C-E93129C9A29F}" = Adobe Color JA Extra Settings CS4
    "{0D67A4E4-5BE0-4C9A-8AD8-AB552B433F23}" = Adobe Setup
    "{0F723FC1-7606-4867-866C-CE80AD292DAF}" = Adobe CSI CS4
    "{1618734A-3957-4ADD-8199-F973763109A8}" = Adobe Anchor Service CS4
    "{16E6D2C1-7C90-4309-8EC4-D2212690AAA4}" = AdobeColorCommonSetRGB
    "{196BB40D-1578-3D01-B289-BEFC77A11A1E}" = Microsoft Visual C++ 2010 x86 Redistributable - 10.0.30319
    "{1BA8864E-AE9C-42AA-8F34-D76B7EE68817}" = MySQL Workbench 5.2 CE
    "{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
    "{241F2BF7-69EB-42A4-9156-96B2426C7504}" = Microsoft SQL Server Compact 3.5 for Devices ENU
    "{26A24AE4-039D-4CA4-87B4-2F83216022FF}" = Java(TM) 6 Update 22
    "{291B3A3B-F808-45B8-8113-DF232FCB6C82}" = Microsoft .NET Compact Framework 3.5
    "{2E5C075E-11AB-4BDD-918C-7B9A68953FF8}" = Microsoft SQL Server Compact 3.5 Design Tools ENU
    "{31A49E0E-1989-4E2F-9085-D90A732193F4}" = MySQL Server 5.1
    "{32A3A4F4-B792-11D6-A78A-00B0D0160180}" = Java(TM) SE Development Kit 6 Update 18
    "{35D94F92-1D3A-43C5-8605-EA268B1A7BD9}" = PDF Settings CS4
    "{388E4B09-3E71-4649-8921-F44A3A2954A7}" = Microsoft Visual Studio 2005 Tools for Office Runtime
    "{394BE3D9-7F57-4638-A8D1-1D88671913B7}" = Microsoft AppLocale
    "{3A4E8896-C2E7-4084-A4A4-B8FD1894E739}" = Adobe XMP Panels CS4
    "{3D2C9DE6-9ADE-4252-A241-E43723B0CE02}" = Adobe Color - Photoshop Specific CS4
    "{3DA8DF9A-044E-46C4-8531-DEDBB0EE37FF}" = Adobe WinSoft Linguistics Plugin
    "{3F470FED-77A1-4545-BF6E-AF687FF0B42D}" = RSDLite
    "{4943EFF5-229F-435D-BEA9-BE3CAEA783A7}" = Adobe Service Manager Extension
    "{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
    "{5570C7F0-43D0-4916-8A9E-AEDD52FA86F4}" = Adobe Color EU Extra Settings CS4
    "{5C474A83-A45F-470C-9AC8-2BD1C251BF9A}" = Skype™ 4.2
    "{63C24A08-70F3-4C8E-B9FB-9F21A903801D}" = Adobe Color Video Profiles CS CS4
    "{63E5CDBF-8214-4F03-84F8-CD3CE48639AD}" = Adobe Photoshop CS4 Support
    "{64c5b887-b5ee-42b8-8596-78905a6b5f1f}" = Microsoft Windows SDK for Visual Studio 2008 SDK Reference Assemblies and IntelliSense
    "{6753B40C-0FBD-3BED-8A9D-0ACAC2DCD85D}" = Microsoft Document Explorer 2008
    "{68243FF8-83CA-466B-B2B8-9F99DA5479C4}" = AdobeColorCommonSetCMYK
    "{7057ABC2-EFF3-4E43-9806-8BCB6EEA9FE6}" = Microsoft IntelliPoint 7.1
    "{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable
    "{72EEB695-388B-4835-8EA6-0C04545B06B9}" = Intel(R) PROSet/Wireless WiFi Software
    "{74D2638F-E20C-4EC0-97AA-6B6ECACA5D5C}" = Motorola Mobile Drivers Installation 4.8.0
    "{76C24F39-B161-498F-BD8B-C64789812D13}_is1" = ConvertXtoDVD 3.3.2.100
    "{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
    "{820D3F45-F6EE-4AAF-81EF-CE21FF21D230}" = Adobe Type Support CS4
    "{83877DB1-8B77-45BC-AB43-2BAC22E093E0}" = Adobe Bridge CS4
    "{842B4B72-9E8F-4962-B3C1-1C422A5C4434}" = Suite Shared Configuration CS4
    "{842FAF7C-50EF-4463-9B8F-6222E1384D7D}" = Microsoft Windows SDK for Visual Studio 2008 Headers and Libraries
    "{8D273DE5-ABFA-4BD0-A9D7-EE9C971438C4}_is1" = PDF-Viewer
    "{8FB53850-246A-3507-8ADE-0060093FFEA6}" = Visual Studio Tools for the Office system 3.0 Runtime
    "{90120000-0015-0409-0000-0000000FF1CE}" = Microsoft Office Access MUI (English) 2007
    "{90120000-0015-0409-0000-0000000FF1CE}_ENTERPRISE_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
    "{90120000-0016-0409-0000-0000000FF1CE}" = Microsoft Office Excel MUI (English) 2007
    "{90120000-0016-0409-0000-0000000FF1CE}_ENTERPRISE_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
    "{90120000-0018-0409-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (English) 2007
    "{90120000-0018-0409-0000-0000000FF1CE}_ENTERPRISE_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
    "{90120000-0019-0409-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (English) 2007
    "{90120000-0019-0409-0000-0000000FF1CE}_ENTERPRISE_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
    "{90120000-001A-0409-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (English) 2007
    "{90120000-001A-0409-0000-0000000FF1CE}_ENTERPRISE_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
    "{90120000-001B-0409-0000-0000000FF1CE}" = Microsoft Office Word MUI (English) 2007
    "{90120000-001B-0409-0000-0000000FF1CE}_ENTERPRISE_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
    "{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007
    "{90120000-001F-0409-0000-0000000FF1CE}_ENTERPRISE_{ABDDE972-355B-4AF1-89A8-DA50B7B5C045}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
    "{90120000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2007
    "{90120000-001F-040C-0000-0000000FF1CE}_ENTERPRISE_{F580DDD5-8D37-4998-968E-EBB76BB86787}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
    "{90120000-001F-0C0A-0000-0000000FF1CE}" = Microsoft Office Proof (Spanish) 2007
    "{90120000-001F-0C0A-0000-0000000FF1CE}_ENTERPRISE_{187308AB-5FA7-4F14-9AB9-D290383A10D9}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
    "{90120000-0021-0000-0000-0000000FF1CE}" = Microsoft Office Visual Web Developer 2007
    "{90120000-0021-0000-0000-0000000FF1CE}_VisualWebDeveloper_{3D019598-7B59-447A-80AE-815B703B84FF}" = Security Update for Microsoft Office system 2007 (972581)
    "{90120000-0021-0409-0000-0000000FF1CE}" = Microsoft Office Visual Web Developer MUI (English) 2007
    "{90120000-0021-0409-0000-0000000FF1CE}_VisualWebDeveloper_{E1044ED2-E4AD-4B39-B500-31109750F6B4}" = Microsoft Office SharePoint Designer 2007 Service Pack 2 (SP2)
    "{90120000-002C-0409-0000-0000000FF1CE}" = Microsoft Office Proofing (English) 2007
    "{90120000-0030-0000-0000-0000000FF1CE}" = Microsoft Office Enterprise 2007
    "{90120000-0030-0000-0000-0000000FF1CE}_ENTERPRISE_{0B36C6D6-F5D8-4EAF-BF94-4376A230AD5B}" = Microsoft Office 2007 Service Pack 2 (SP2)
    "{90120000-0030-0000-0000-0000000FF1CE}_ENTERPRISE_{3D019598-7B59-447A-80AE-815B703B84FF}" = Security Update for Microsoft Office system 2007 (972581)
    "{90120000-0044-0409-0000-0000000FF1CE}" = Microsoft Office InfoPath MUI (English) 2007
    "{90120000-0044-0409-0000-0000000FF1CE}_ENTERPRISE_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
    "{90120000-006E-0409-0000-0000000FF1CE}" = Microsoft Office Shared MUI (English) 2007
    "{90120000-006E-0409-0000-0000000FF1CE}_ENTERPRISE_{DE5A002D-8122-4278-A7EE-3121E7EA254E}" = Microsoft Office 2007 Service Pack 2 (SP2)
    "{90120000-006E-0409-0000-0000000FF1CE}_VisualWebDeveloper_{DE5A002D-8122-4278-A7EE-3121E7EA254E}" = Microsoft Office 2007 Service Pack 2 (SP2)
    "{90120000-00A1-0409-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (English) 2007
    "{90120000-00A1-0409-0000-0000000FF1CE}_ENTERPRISE_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
    "{90120000-00BA-0409-0000-0000000FF1CE}" = Microsoft Office Groove MUI (English) 2007
    "{90120000-00BA-0409-0000-0000000FF1CE}_ENTERPRISE_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
    "{90120000-0114-0409-0000-0000000FF1CE}" = Microsoft Office Groove Setup Metadata MUI (English) 2007
    "{90120000-0114-0409-0000-0000000FF1CE}_ENTERPRISE_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
    "{90120000-0115-0409-0000-0000000FF1CE}" = Microsoft Office Shared Setup Metadata MUI (English) 2007
    "{90120000-0115-0409-0000-0000000FF1CE}_ENTERPRISE_{DE5A002D-8122-4278-A7EE-3121E7EA254E}" = Microsoft Office 2007 Service Pack 2 (SP2)
    "{90120000-0115-0409-0000-0000000FF1CE}_VisualWebDeveloper_{DE5A002D-8122-4278-A7EE-3121E7EA254E}" = Microsoft Office 2007 Service Pack 2 (SP2)
    "{90120000-0117-0409-0000-0000000FF1CE}" = Microsoft Office Access Setup Metadata MUI (English) 2007
    "{90120000-0117-0409-0000-0000000FF1CE}_ENTERPRISE_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
    "{92606477-9366-4D3B-8AE3-6BE4B29727AB}" = League of Legends
    "{926C96FB-9D0A-4504-8000-C6D3A4A3118E}" = Java DB 10.4.2.1
    "{931AB7EA-3656-4BB7-864D-022B09E3DD67}" = Adobe Linguistics CS4
    "{94D398EB-D2FD-4FD1-B8C4-592635E8A191}" = Adobe CMaps CS4
    "{95120000-00B9-0409-0000-0000000FF1CE}" = Microsoft Application Error Reporting
    "{9656F3AC-6BA9-43F0-ABED-F214B5DAB27B}" = Windows Mobile 5.0 SDK R2 for Smartphone
    "{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
    "{9A33B83D-FFC4-44CF-BEEF-632DECEF2FCD}" = Microsoft SQL Server Database Publishing Wizard 1.2
    "{9E1BAB75-EB78-440D-94C0-A3857BE2E733}" = System Requirements Lab
    "{9F72EF8B-AEC9-4CA5-B483-143980AFD6FD}" = Dell Touchpad
    "{A462213D-EED4-42C2-9A60-7BDD4D4B0B17}" = SigmaTel Audio
    "{B194272D-1F92-46DF-99EB-8D5CE91CB4EC}" = Adobe AIR
    "{B2544A03-10D0-4E5E-BA69-0362FFC20D18}" = OGA Notifier 2.0.0048.0
    "{B268E9A1-04A9-40D0-9866-846BE2B74BA7}" = Microsoft Windows SDK for Visual Studio 2008 Win32 Tools
    "{B29AD377-CC12-490A-A480-1452337C618D}" = Connect
    "{B32E7732-B2FB-3FD0-81AC-6025B1104C66}" = Microsoft Device Emulator version 3.0 - ENU
    "{B65BA85C-0A27-4BC0-A22D-A66F0E5B9494}" = Adobe Photoshop CS4
    "{B6FC0292-2F77-4907-BF0E-61B23F5E10BD}" = Cisco NAC Agent
    "{BB4E33EC-8181-4685-96F7-8554293DEC6A}" = Adobe Output Module
    "{BCC899FE-2DAA-460C-A5FB-60291E73D9C3}" = Microsoft SQL Server Compact 3.5 ENU
    "{C3234E43-10BF-470E-BD2B-2E36EA29D11C}" = League of Legends
    "{C52E3EC1-048C-45E1-8D53-10B0C6509683}" = Adobe Default Language CS4
    "{CAA376AF-0DE8-4FCA-942E-C6AC579B94B3}" = Microsoft Windows SDK for Visual Studio 2008 Tools
    "{CC75AB5C-2110-4A7F-AF52-708680D22FE8}" = Photoshop Camera Raw
    "{D7DAD1E4-45F4-3B2B-899A-EA728167EC4F}" = Microsoft Visual Studio 2008 Professional Edition - ENU
    "{deb7008b-681e-4a4a-8aae-cc833e8216ce}.sdb" = Microsoft Windows Application Compatibility Database
    "{E4848436-0345-47E2-B648-8B522FCDA623}" = Adobe Photoshop CS4
    "{E62A1F01-07B7-4541-A835-EE5B0BF064C2}" = Microsoft Antimalware
    "{E646DCF0-5A68-11D5-B229-002078017FBF}" = Digital Line Detect
    "{EDC2B89F-3F72-48EA-B63E-985BC51622E4}" = OZ776 SCR Driver V1.1.4.202
    "{EDDF99D9-9FE3-4871-A7DB-D1522C51EE9A}" = Microsoft .NET Compact Framework 2.0 SP2
    "{EF98A02A-1748-4762-9B7D-5ED1600520D5}" = Microsoft Security Essentials
    "{F0E64E2E-3A60-40D8-A55D-92F6831875DA}" = Adobe Search for Help
    "{F8EF2B3F-C345-4F20-8FE4-791A20333CD5}" = Adobe ExtendScript Toolkit CS4
    "{F93C84A6-0DC6-42AF-89FA-776F7C377353}" = Adobe PDF Library Files CS4
    "{FCDD51BB-CAD0-4BB1-B7DF-CE86D1032794}" = Adobe Fonts All
    "{FEC193E4-6C5F-40E9-A249-7D8C8404A9EC}" = NTRU TCG Software Stack
    "{FF29527A-44CD-3422-945E-981A13584000}" = VC Runtimes MSI
    "{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022
    "7-Zip" = 7-Zip 4.65
    "Adobe AIR" = Adobe AIR
    "Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX
    "Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin
    "Adobe_faf656ef605427ee2f42989c3ad31b8" = Adobe Photoshop CS4
    "Audacity_is1" = Audacity 1.2.6
    "CANONIJINBOXADDON100" = Canon Inkjet Printer Driver Add-On Module
    "CanonMyPrinter" = Canon Utilities My Printer
    "CCleaner" = CCleaner
    "CNXT_MODEM_HDAUDIO_VEN_14F1&DEV_2BFA&SUBSYS_14F100C3" = Conexant HDA D110 MDC V.92 Modem
    "Defraggler" = Defraggler
    "EASEUS Partition Master Home Edition_is1" = EASEUS Partition Master 6.5.2 Home Edition
    "EndItAll_is1" = EndItAll 2.0
    "ENTERPRISE" = Microsoft Office Enterprise 2007
    "Fraps" = Fraps
    "HxD Hex Editor_is1" = HxD Hex Editor version 1.7.7.0
    "ImgBurn" = ImgBurn
    "InstallShield_{EDC2B89F-3F72-48EA-B63E-985BC51622E4}" = OZ776 SCR Driver V1.1.4.202
    "Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware
    "Microsoft Document Explorer 2008" = Microsoft Document Explorer 2008
    "Microsoft Security Essentials" = Microsoft Security Essentials
    "Microsoft Visual Studio 2005 Tools for Office Runtime" = Visual Studio 2005 Tools for Office Second Edition Runtime
    "Microsoft Visual Studio 2008 Professional Edition - ENU" = Microsoft Visual Studio 2008 Professional Edition - ENU
    "Notepad++" = Notepad++
    "NVIDIA Drivers" = NVIDIA Drivers
    "OpenAL" = OpenAL
    "Pen Tablet Driver" = Bamboo
    "PFPortChecker" = PFPortChecker 1.0.36
    "ProInst" = Intel PROSet Wireless
    "PuTTY_is1" = PuTTY version 0.60
    "Puzzle Quest1.01" = Puzzle Quest
    "Recuva" = Recuva
    "SpeedFan" = SpeedFan (remove only)
    "StarCraft II" = StarCraft II
    "Steam App 10180" = Call of Duty: Modern Warfare 2
    "Steam App 10190" = Call of Duty: Modern Warfare 2 - Multiplayer
    "Steam App 220" = Half-Life 2
    "Steam App 22320" = The Elder Scrolls III: Morrowind
    "Steam App 440" = Team Fortress 2
    "Steam App 6200" = Ghost Master
    "Trillian" = Trillian
    "USBWebcam" = USB Webcam
    "VirtualCloneDrive" = VirtualCloneDrive
    "Visual Studio Tools for the Office system 3.0 Runtime" = Visual Studio Tools for the Office system 3.0 Runtime
    "VisualWebDeveloper" = Microsoft Visual Studio Web Authoring Component
    "VLC media player" = VLC media player 1.0.5
    "Wacom WebTabletPlugin for IE" = WebTablet IE Plugin
    "Wacom WebTabletPlugin for Netscape" = WebTablet Netscape Plugin
    "WinPcapInst" = WinPcap 4.1.1
    "WinRAR archiver" = WinRAR archiver
    "winscp3_is1" = WinSCP 4.2.7
    "Wireshark" = Wireshark 1.2.6
    "Xvid_is1" = Xvid 1.2.1 final uninstall

    ========== HKEY_CURRENT_USER Uninstall List ==========

    [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
    "Cosmic Dodgeball V2.0" = Cosmic Dodgeball V2.0
    "f031ef6ac137efc5" = Dell Driver Download Manager
    "Google Chrome" = Google Chrome
    "SpinnerDemo" = SpinnerDemo

    ========== Last 10 Event Log Errors ==========

    [ Application Events ]
    Error - 12/22/2010 5:12:40 PM | Computer Name = Blue-PC | Source = Microsoft-Windows-CAPI2 | ID = 4107
    Description = Failed extract of third-party root list from auto update cab at: <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab>
    with error: A required certificate is not within its validity period when verifying
    against the current system clock or the timestamp in the signed file. .

    Error - 12/22/2010 5:12:40 PM | Computer Name = Blue-PC | Source = Microsoft-Windows-CAPI2 | ID = 4107
    Description = Failed extract of third-party root list from auto update cab at: <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab>
    with error: A required certificate is not within its validity period when verifying
    against the current system clock or the timestamp in the signed file. .

    Error - 12/22/2010 5:16:16 PM | Computer Name = Blue-PC | Source = Microsoft-Windows-CAPI2 | ID = 4107
    Description = Failed extract of third-party root list from auto update cab at: <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab>
    with error: A required certificate is not within its validity period when verifying
    against the current system clock or the timestamp in the signed file. .

    Error - 12/22/2010 5:43:13 PM | Computer Name = Blue-PC | Source = Microsoft-Windows-CAPI2 | ID = 4107
    Description = Failed extract of third-party root list from auto update cab at: <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab>
    with error: A required certificate is not within its validity period when verifying
    against the current system clock or the timestamp in the signed file. .

    Error - 12/22/2010 6:12:50 PM | Computer Name = Blue-PC | Source = Microsoft-Windows-CAPI2 | ID = 4107
    Description = Failed extract of third-party root list from auto update cab at: <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab>
    with error: A required certificate is not within its validity period when verifying
    against the current system clock or the timestamp in the signed file. .

    Error - 12/22/2010 7:39:32 PM | Computer Name = Blue-PC | Source = SideBySide | ID = 16842785
    Description = Activation context generation failed for "c:\program files\EASEUS\easeus
    partition master 6.5.2 home edition\bin\x64\WinChkdsk.exe". Dependent Assembly Microsoft.VC80.CRT,processorArchitecture="amd64",publicKeyToken="1fc8b3b9a1e18e3b",type="win32",version="8.0.50727.762"
    could not be found. Please use sxstrace.exe for detailed diagnosis.

    Error - 12/22/2010 7:41:28 PM | Computer Name = Blue-PC | Source = SideBySide | ID = 16842785
    Description = Activation context generation failed for "c:\Program Files\Microsoft
    Visual Studio 9.0\Common7\IDE\Remote Debugger\x64\msvsmon.exe". Dependent Assembly
    Microsoft.Windows.Common-Controls,language="*",processorArchitecture="amd64",publicKeyToken="6595b64144ccf1df",type="win32",version="6.0.0.0"
    could not be found. Please use sxstrace.exe for detailed diagnosis.

    Error - 12/22/2010 7:43:52 PM | Computer Name = Blue-PC | Source = VSS | ID = 8193
    Description =

    Error - 12/23/2010 8:10:25 PM | Computer Name = Blue-PC | Source = SideBySide | ID = 16842785
    Description = Activation context generation failed for "c:\program files\EASEUS\easeus
    partition master 6.5.2 home edition\bin\x64\WinChkdsk.exe". Dependent Assembly Microsoft.VC80.CRT,processorArchitecture="amd64",publicKeyToken="1fc8b3b9a1e18e3b",type="win32",version="8.0.50727.762"
    could not be found. Please use sxstrace.exe for detailed diagnosis.

    Error - 12/23/2010 8:11:25 PM | Computer Name = Blue-PC | Source = SideBySide | ID = 16842785
    Description = Activation context generation failed for "c:\Program Files\Microsoft
    Visual Studio 9.0\Common7\IDE\Remote Debugger\x64\msvsmon.exe". Dependent Assembly
    Microsoft.Windows.Common-Controls,language="*",processorArchitecture="amd64",publicKeyToken="6595b64144ccf1df",type="win32",version="6.0.0.0"
    could not be found. Please use sxstrace.exe for detailed diagnosis.

    [ Media Center Events ]
    Error - 11/24/2010 9:09:57 PM | Computer Name = Blue-PC | Source = Microsoft-Windows-Media Center Extender | ID = 545
    Description =

    Error - 11/24/2010 9:10:24 PM | Computer Name = Blue-PC | Source = Microsoft-Windows-Media Center Extender | ID = 544
    Description =

    Error - 12/3/2010 12:28:15 PM | Computer Name = Blue-PC | Source = MCUpdate | ID = 0
    Description = 11:26:26 AM - Failed to retrieve SportsSchedule (Error: Unable to
    connect to the remote server)

    [ System Events ]
    Error - 10/17/2010 4:20:07 PM | Computer Name = Blue-PC | Source = volsnap | ID = 393252
    Description = The shadow copies of volume C: were aborted because the shadow copy
    storage could not grow due to a user imposed limit.

    Error - 10/17/2010 8:37:31 PM | Computer Name = Blue-PC | Source = Microsoft-Windows-HAL | ID = 12
    Description = The platform firmware has corrupted memory across the previous system
    power transition. Please check for updated firmware for your system.

    Error - 10/19/2010 4:54:33 PM | Computer Name = Blue-PC | Source = SCardSvr | ID = 610
    Description =

    Error - 10/19/2010 9:13:57 PM | Computer Name = Blue-PC | Source = volsnap | ID = 393252
    Description = The shadow copies of volume C: were aborted because the shadow copy
    storage could not grow due to a user imposed limit.

    Error - 10/20/2010 3:39:17 PM | Computer Name = Blue-PC | Source = Service Control Manager | ID = 7011
    Description = A timeout (30000 milliseconds) was reached while waiting for a transaction
    response from the TouchServicePen service.

    Error - 10/20/2010 6:59:34 PM | Computer Name = Blue-PC | Source = volsnap | ID = 393252
    Description = The shadow copies of volume C: were aborted because the shadow copy
    storage could not grow due to a user imposed limit.

    Error - 10/20/2010 11:03:21 PM | Computer Name = Blue-PC | Source = volsnap | ID = 393252
    Description = The shadow copies of volume C: were aborted because the shadow copy
    storage could not grow due to a user imposed limit.

    Error - 10/23/2010 5:33:22 PM | Computer Name = Blue-PC | Source = Service Control Manager | ID = 7011
    Description = A timeout (30000 milliseconds) was reached while waiting for a transaction
    response from the TouchServicePen service.

    Error - 10/23/2010 11:45:18 PM | Computer Name = Blue-PC | Source = volsnap | ID = 393252
    Description = The shadow copies of volume C: were aborted because the shadow copy
    storage could not grow due to a user imposed limit.

    Error - 10/24/2010 8:57:30 AM | Computer Name = Blue-PC | Source = Service Control Manager | ID = 7011
    Description = A timeout (30000 milliseconds) was reached while waiting for a transaction
    response from the TouchServicePen service.


    < End of report >
  15. Broni

    Broni Malware Annihilator Posts: 46,416   +252

    You're running very low on C drive free space. It's time to start moving some stuff out.
    =====================================================================

    Update your Java version here: http://www.java.com/en/download/installed.jsp

    Note 1: UNCHECK any pre-checked toolbar and/or software offered with the Java update. The pre-checked toolbars/software are not part of the Java update.

    Note 2: The Java Quick Starter (JQS.exe) adds a service to improve the initial startup time of Java applets and applications. If you don't want to run another extra service, go to Start > Control Panel > Java > Advanced > Miscellaneous and uncheck the box for Java Quick Starter. Click OK and restart your computer.

    Now, we need to remove old Java version and its remnants...

    Download JavaRa to your desktop and unzip it to its own folder
    • Run JavaRa.exe (Vista users! Right click on JavaRa.exe, click Run As Administrator), pick the language of your choice and click Select. Then click Remove Older Versions.
    • Accept any prompts.

    ======================================================================

    Run OTL
    • Under the Custom Scans/Fixes box at the bottom, paste in the following

      Code:
      :OTL
      IE - HKCU\..\URLSearchHook: {EF99BD32-C1FB-11D2-892F-0090271D4F88} - Reg Error: Key error. File not found
      O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - No CLSID value found.
      O2 - BHO: (no name) - {FDAD4DA1-61A2-4FD8-9C17-86F7AC245081} - No CLSID value found.
      O3 - HKLM\..\Toolbar: (no name) - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - No CLSID value found.
      O28 - HKLM ShellExecuteHooks: {AEB6717E-7E19-11d0-97EE-00C04FD91972} - Reg Error: Key error. File not found
      [1 C:\Users\rdeluca\Documents\*.tmp files -> C:\Users\rdeluca\Documents\*.tmp -> ]
      [1 C:\Users\rdeluca\Documents\*.tmp files -> C:\Users\rdeluca\Documents\*.tmp -> ]
      
      
      :Services
      
      :Reg
      
      :Files
      
      :Commands
      [purity]
      [emptytemp]
      [emptyflash]
      [Reboot]
      
    • Then click the Run Fix button at the top
    • Let the program run unhindered, reboot the PC when it is done
    • You will get a log that shows the results of the fix. Please post it.

    =====================================================================

    Last scans...

    1. Download Security Check from HERE, and save it to your Desktop.
    • Double-click SecurityCheck.exe
    • Follow the onscreen instructions inside of the black box.
    • A Notepad document should open automatically called checkup.txt; please post the contents of that document.

      NOTE SecurityCheck may produce some false warning(s), so leave the results reading to me.


    2. Download Temp File Cleaner (TFC)
    • Double click on TFC.exe to run the program.
    • Click on Start button to begin cleaning process.
    • TFC will close all running programs, and it may ask you to restart computer.


    3. Please run a free online scan with the ESET Online Scanner

    • Disable your antivirus program
    • Tick the box next to YES, I accept the Terms of Use
    • Click Start
    • IMPORTANT! UN-check Remove found threats
    • Accept any security warnings from your browser.
    • Check Scan archives
    • Click Start
    • ESET will then download updates for itself, install itself, and begin scanning your computer. Please be patient as this can take some time.
    • When the scan completes, push List of found threats
    • Click on Export to text file , and save the file to your desktop using a unique name, such as ESETScan. Include the contents of this report in your next reply.
    • NOTE. If Eset won't find any threats, it won't produce any log.
  16. buggedBoy

    buggedBoy Newcomer, in training Topic Starter

    All processes killed
    ========== OTL ==========
    Registry value HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\URLSearchHooks\\{EF99BD32-C1FB-11D2-892F-0090271D4F88} deleted successfully.
    Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{EF99BD32-C1FB-11D2-892F-0090271D4F88}\ not found.
    Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{02478D38-C3F9-4efb-9B51-7695ECA05670}\ deleted successfully.
    Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{02478D38-C3F9-4efb-9B51-7695ECA05670}\ not found.
    Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{FDAD4DA1-61A2-4FD8-9C17-86F7AC245081}\ deleted successfully.
    Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{FDAD4DA1-61A2-4FD8-9C17-86F7AC245081}\ not found.
    Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Toolbar\\{EF99BD32-C1FB-11D2-892F-0090271D4F88} deleted successfully.
    Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{EF99BD32-C1FB-11D2-892F-0090271D4F88}\ not found.
    Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks\\{AEB6717E-7E19-11d0-97EE-00C04FD91972} deleted successfully.
    Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{AEB6717E-7E19-11d0-97EE-00C04FD91972}\ not found.
    C:\Users\rdeluca\Documents\~WRL1271.tmp deleted successfully.
    ========== SERVICES/DRIVERS ==========
    ========== REGISTRY ==========
    ========== FILES ==========
    ========== COMMANDS ==========

    [EMPTYTEMP]

    User: Administrator
    ->Temp folder emptied: 0 bytes

    User: All Users

    User: Default
    ->Temp folder emptied: 0 bytes
    ->Temporary Internet Files folder emptied: 0 bytes

    User: Default User
    ->Temp folder emptied: 0 bytes
    ->Temporary Internet Files folder emptied: 0 bytes

    User: Public
    ->Temp folder emptied: 0 bytes

    User: rdeluca
    ->Temp folder emptied: 16054 bytes
    ->Temporary Internet Files folder emptied: 124111 bytes
    ->Java cache emptied: 2027 bytes
    ->Google Chrome cache emptied: 203397811 bytes
    ->Flash cache emptied: 5535 bytes

    %systemdrive% .tmp files removed: 0 bytes
    %systemroot% .tmp files removed: 0 bytes
    %systemroot%\System32 .tmp files removed: 0 bytes
    %systemroot%\System32\drivers .tmp files removed: 0 bytes
    Windows Temp folder emptied: 0 bytes
    %systemroot%\system32\config\systemprofile\Local Settings\Temporary Internet Files folder emptied: 0 bytes
    RecycleBin emptied: 0 bytes

    Total Files Cleaned = 194.00 mb


    [EMPTYFLASH]

    User: Administrator

    User: All Users

    User: Default

    User: Default User

    User: Public

    User: rdeluca
    ->Flash cache emptied: 0 bytes

    Total Flash Files Cleaned = 0.00 mb


    OTL by OldTimer - Version 3.2.18.0 log created on 12232010_202416

    Files\Folders moved on Reboot...

    Registry entries deleted on Reboot...

    --------------------------=============================------------------------

    Results of screen317's Security Check version 0.99.7
    Windows 7 (UAC is disabled!)
    Internet Explorer 8
    ``````````````````````````````
    Antivirus/Firewall Check:

    Windows Security Center service is not running! This report may not be accurate!
    Windows Firewall Disabled!
    Microsoft Security Essentials
    WMI entry may not exist for antivirus; attempting automatic update.
    Microsoft Security Essentials successfully updated!
    ```````````````````````````````
    Anti-malware/Other Utilities Check:

    Malwarebytes' Anti-Malware
    CCleaner
    Java(TM) 6 Update 23
    Java(TM) SE Development Kit 6 Update 18
    Java DB 10.4.2.1
    Out of date Java installed!
    Adobe Flash Player 10.1.102.64
    ````````````````````````````````
    Process Check:
    objlist.exe by Laurent

    Windows Defender MSMpEng.exe
    Microsoft Security Essentials msseces.exe
    ``````````End of Log````````````




    No threats found
  17. Broni

    Broni Malware Annihilator Posts: 46,416   +252

    Unless you're Java developer uninstall these:
    Java(TM) SE Development Kit 6 Update 18
    Java DB 10.4.2.1


    ====================================================================

    Your computer is clean [​IMG]

    1. We need to reset system restore to prevent your computer from being accidentally reinfected by using some old restore point(s). We'll create fresh, clean restore point, using following OTL script:

    Run OTL

    • Under the Custom Scans/Fixes box at the bottom, paste in the following:

    Code:
    :OTL
    :Commands
    [purity]
    [emptytemp]
    [EMPTYFLASH]
    [CLEARALLRESTOREPOINTS]
    [Reboot]
    • Then click the Run Fix button at the top
    • Let the program run unhindered, reboot the PC when it is done
    • Post resulting log.

    2. Now, we'll remove all tools, we used during our cleaning process

    Clean up with OTL:

    • Double-click OTL.exe to start the program.
    • Close all other programs apart from OTL as this step will require a reboot
    • On the OTL main screen, press the CLEANUP button
    • Say Yes to the prompt and then allow the program to reboot your computer.

    If you still have any tools or logs leftover on your computer you can go ahead and delete those off of your computer now.

    3. Make sure, Windows Updates are current.

    4. If any Trojan was listed among your infection(s), make sure, you change all of your on-line important passwords (bank account(s), secured web sites, etc.) immediately!

    5. Download, and install WOT (Web OF Trust): http://www.mywot.com/. It'll warn you (in most cases) about dangerous web sites.

    6. Run Malwarebytes "Quick scan" once in a while to assure safety of your computer.

    7. Run Temporary File Cleaner (TFC) weekly.

    8. Download and install Secunia Personal Software Inspector (PSI): http://secunia.com/vulnerability_scanning/personal/. The Secunia PSI is a FREE security tool designed to detect vulnerable and out-dated programs and plug-ins which expose your PC to attacks. Run it weekly.

    9. (optional) If you want to keep all your programs up to date, download and install FileHippo Update Checker.
    The Update Checker will scan your computer for installed software, check the versions and then send this information to FileHippo.com to see if there are any newer releases.

    10. Run defrag at your convenience.

    11. Read How did I get infected?, With steps so it does not happen again!: http://www.bleepingcomputer.com/forums/topic2520.html

    12. Please, let me know, how your computer is doing.
  18. buggedBoy

    buggedBoy Newcomer, in training Topic Starter

    Computer is working much better now.

    Thank you so much for the cleanup and all the tips.

    So much easier than doing a full wipe and reinstall.

    Have a great day, holiday and New Year.
  19. Broni

    Broni Malware Annihilator Posts: 46,416   +252

    Way to go!! [​IMG]
    Good luck and stay safe :)

    Merry Christmas :)
Topic Status:
Not open for further replies.


Add New Comment

TechSpot Members
Login or sign up for free,
it takes about 30 seconds.
You may also...


Get complete access to the TechSpot community. Join thousands of technology enthusiasts that contribute and share knowledge in our forum. Get a private inbox, upload your own photo gallery and more.