TechSpot

Cannot get rid of Backdoor.Tidserv!inf in nvatabus.sys

Solved
By KriegSohn
May 26, 2011
  1. Good day,

    I am having a problem for the last months (ish)... Norton 360 is flagging Backdoor.Tidserv!inf infecting nvatabus.sys (system32\drivers). However, I can't remove it using their (Symantec) Backdoor.Tidserv Remover (FixTDSS), nor with Norton Power Eraser. When I try to boot in safemode I get a blue screen with "¬ ?".
    At one point I played with msconfig to boot in safe mode, but couldn't boot at all afterwards. I had to connect my HDD (slaved) to another pc and modify boot.ini to its original state...

    P.S. Once this is done, I'll change to Avira...

    Here are the logs...

    Many thanks
     

    Attached Files:

  2. Broni

    Broni Malware Annihilator Posts: 47,037   +255

    Welcome aboard [​IMG]

    Please, observe following rules:
    • Read all of my instructions very carefully. Your mistakes during cleaning process may have very serious consequences, like unbootable computer.
    • If you're stuck, or you're not sure about certain step, always ask before doing anything else.
    • Please refrain from running tools or applying updates other than those I suggest.
    • Never run more than one scan at a time.
    • Keep updating me regarding your computer behavior, good, or bad.
    • The cleaning process, once started, has to be completed. Even if your computer appears to act better, it may still be infected. Once the computer is totally clean, I'll certainly let you know.
    • If you leave the topic without explanation in the middle of a cleaning process, you may not be eligible to receive any more help in malware removal forum.
    • I close my topics if you have not replied in 5 days. If you need more time, simply let me know. If I closed your topic and you need it to be reopened, simply PM me.

    =====================================================================

    All logs have to be pasted, not attached.
     
  3. KriegSohn

    KriegSohn TS Rookie Topic Starter Posts: 18

    Here are the pasted logs.

    Malwarebytes' Anti-Malware 1.50.1.1100
    www.malwarebytes.org

    Database version: 6688

    Windows 5.1.2600 Service Pack 2
    Internet Explorer 6.0.2900.2180

    26/05/2011 7:12:58 PM
    mbam-log-2011-05-26 (19-12-58).txt

    Scan type: Quick scan
    Objects scanned: 176512
    Time elapsed: 2 minute(s), 1 second(s)

    Memory Processes Infected: 0
    Memory Modules Infected: 0
    Registry Keys Infected: 0
    Registry Values Infected: 0
    Registry Data Items Infected: 0
    Folders Infected: 0
    Files Infected: 0

    Memory Processes Infected:
    (No malicious items detected)

    Memory Modules Infected:
    (No malicious items detected)

    Registry Keys Infected:
    (No malicious items detected)

    Registry Values Infected:
    (No malicious items detected)

    Registry Data Items Infected:
    (No malicious items detected)

    Folders Infected:
    (No malicious items detected)

    Files Infected:
    (No malicious items detected)


    -------------------------------------------



    GMER 1.0.15.15627 - http://www.gmer.net
    Rootkit quick scan 2011-05-26 19:17:29
    Windows 5.1.2600 Service Pack 2 Harddisk0\DR0 -> \Device\00000084 ST3320620AS rev.3.ADG
    Running: onsl17tk.exe; Driver: C:\DOCUME~1\Vincent\LOCALS~1\Temp\uxldypog.sys


    ---- Devices - GMER 1.0.15 ----

    AttachedDevice \Driver\Tcpip \Device\Ip SYMTDI.SYS (Network Dispatch Driver/Symantec Corporation)
    AttachedDevice \Driver\Tcpip \Device\Tcp SYMTDI.SYS (Network Dispatch Driver/Symantec Corporation)
    AttachedDevice \Driver\Tcpip \Device\Udp SYMTDI.SYS (Network Dispatch Driver/Symantec Corporation)
    AttachedDevice \Driver\Tcpip \Device\RawIp SYMTDI.SYS (Network Dispatch Driver/Symantec Corporation)

    ---- EOF - GMER 1.0.15 ----



    ---------------------------------------



    DDS (Ver_2011-05-26.01) - NTFS_x86
    Internet Explorer: 6.0.2900.2180
    Run by Vincent at 20:07:59 on 2011-05-26
    Microsoft Windows XP Professional 5.1.2600.2.1252.1.1033.18.2045.1398 [GMT -4:00]
    .
    .
    ============== Running Processes ===============
    .
    C:\WINDOWS\system32\svchost -k DcomLaunch
    svchost.exe
    C:\WINDOWS\System32\svchost.exe -k netsvcs
    svchost.exe
    svchost.exe
    C:\Program Files\Cisco\Cisco AnyConnect VPN Client\vpnagent.exe
    C:\WINDOWS\system32\spoolsv.exe
    C:\WINDOWS\Explorer.EXE
    C:\WINDOWS\system32\RUNDLL32.EXE
    svchost.exe
    C:\Documents and Settings\All Users\Application Data\Norton\NUA.exe
    C:\WINDOWS\eHome\ehRecvr.exe
    C:\WINDOWS\eHome\ehSched.exe
    C:\WINDOWS\system32\svchost.exe -k hpdevmgmt
    C:\Program Files\Norton 360\Engine\4.3.0.5\ccSvcHst.exe
    C:\WINDOWS\System32\svchost.exe -k HPZ12
    C:\WINDOWS\System32\svchost.exe -k HPZ12
    svchost.exe
    C:\WINDOWS\system32\svchost.exe -k imgsvc
    C:\Program Files\Western Digital\WD SmartWare\WD Drive Manager\WDDMService.exe
    C:\Program Files\Western Digital\WD SmartWare\Front Parlor\WDSmartWareBackgroundService.exe
    C:\WINDOWS\system32\MsPMSPSv.exe
    C:\Program Files\Norton 360\Engine\4.3.0.5\ccSvcHst.exe
    C:\WINDOWS\system32\dllhost.exe
    C:\WINDOWS\System32\svchost.exe -k HTTPFilter
    C:\WINDOWS\system32\wuauclt.exe
    C:\WINDOWS\system32\wuauclt.exe
    .
    ============== Pseudo HJT Report ===============
    .
    uStart Page = hxxp://google.com/
    uSearch Page = hxxp://www.google.ca/hws/sb/dell-row/en/side.html?channel=ca
    uDefault_Page_URL = www.google.ca/ig/dell?hl=en&client=dell-row&channel=ca&ibd=0071029
    uSearch Bar = hxxp://www.google.ca/hws/sb/dell-row/en/side.html?channel=ca
    mDefault_Page_URL = hxxp://www1.ca.dell.com/content/default.aspx?c=ca&l=en&s=gen
    mStart Page = hxxp://www1.ca.dell.com/content/default.aspx?c=ca&l=en&s=gen
    mSearchAssistant = hxxp://www.google.ca/hws/sb/dell-row/en/side.html?channel=ca
    BHO: HP Print Enhancer: {0347c33e-8762-4905-bf09-768834316c61} - c:\program files\hp\digital imaging\smart web printing\hpswp_printenhancer.dll
    BHO: Adobe PDF Reader Link Helper: {06849e9f-c8d7-4d59-b87d-784b7d6be0b3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelper.dll
    BHO: Spybot-S&D IE Protection: {53707962-6f74-2d53-2644-206d7942484f} - c:\progra~1\spybot~1\SDHelper.dll
    BHO: {5C255C8A-E604-49b4-9D64-90988571CECB} - No File
    BHO: Symantec NCO BHO: {602adb0e-4aff-4217-8aa1-95dac4dfa408} - c:\program files\norton 360\engine\4.3.0.5\coIEPlg.dll
    BHO: Symantec Intrusion Prevention: {6d53ec84-6aae-4787-aeee-f4628f01010c} - c:\program files\norton 360\engine\4.3.0.5\IPSBHO.DLL
    BHO: SSVHelper Class: {761497bb-d6f0-462c-b6eb-d4daf1d92d43} - c:\program files\java\jre1.5.0_06\bin\ssv.dll
    BHO: CBrowserHelperObject Object: {ca6319c0-31b7-401e-a518-a07c3db8f777} - c:\program files\dell\bae\BAE.dll
    BHO: HP Smart BHO Class: {ffffffff-cf4e-4f2b-bdc2-0e72e116a856} - c:\program files\hp\digital imaging\smart web printing\hpswp_BHO.dll
    TB: Norton Toolbar: {7febefe3-6b19-4349-98d2-ffb09d4b49ca} - c:\program files\norton 360\engine\4.3.0.5\coIEPlg.dll
    EB: HP Smart Web Printing: {555d4d79-4bd2-4094-a395-cfc534424a05} - c:\program files\hp\digital imaging\smart web printing\hpswp_bho.dll
    uRun: [msnmsgr] "c:\program files\windows live\messenger\msnmsgr.exe" /background
    uRun: [NortonUpdateAgent] c:\documents and settings\all users\application data\norton\NUA.exe
    mRun: [NvMediaCenter] RUNDLL32.EXE c:\windows\system32\NvMcTray.dll,NvTaskbarInit
    mRun: [NvCplDaemon] RUNDLL32.EXE c:\windows\system32\NvCpl.dll,NvStartup
    mRun: [nwiz] c:\program files\nvidia corporation\nview\nwiz.exe /installquiet
    mRun: [Adobe Reader Speed Launcher] "c:\program files\adobe\reader 8.0\reader\Reader_sl.exe"
    mRun: [Adobe ARM] "c:\program files\common files\adobe\arm\1.0\AdobeARM.exe"
    dRun: [CTFMON.EXE] c:\windows\system32\CTFMON.EXE
    IE: E&xport to Microsoft Excel - c:\progra~1\mi1933~1\office10\EXCEL.EXE/3000
    IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
    IE: {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - {CAFEEFAC-0015-0000-0006-ABCDEFFEDCBC} - c:\program files\java\jre1.5.0_06\bin\ssv.dll
    IE: {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - {2EAF5BB0-070F-11D3-9307-00C04FAE2D4F} - c:\progra~1\mi3aa1~1\INetRepl.dll
    IE: {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - {2EAF5BB0-070F-11D3-9307-00C04FAE2D4F} - c:\progra~1\mi3aa1~1\INetRepl.dll
    IE: {DDE87865-83C5-48c4-8357-2F5B1AA84522} - {DDE87865-83C5-48c4-8357-2F5B1AA84522} - c:\program files\hp\digital imaging\smart web printing\hpswp_BHO.dll
    IE: {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - {53707962-6F74-2D53-2644-206D7942484F} - c:\progra~1\spybot~1\SDHelper.dll
    DPF: {01A88BB1-1174-41EC-ACCB-963509EAE56B} - hxxp://support.dell.com/systemprofiler/SysPro.CAB
    DPF: {17492023-C23A-453E-A040-C7C580BBF700} - hxxp://go.microsoft.com/fwlink/?linkid=39204
    DPF: {55963676-2F5E-4BAF-AC28-CF26AA587566} - hxxps://vpn2.cae.com/CACHE/stc/1/binaries/vpnweb.cab
    DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.5.0/jinstall-1_5_0_06-windows-i586.cab
    DPF: {CAFEEFAC-0015-0000-0006-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.5.0/jinstall-1_5_0_06-windows-i586.cab
    DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.5.0/jinstall-1_5_0_06-windows-i586.cab
    DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://download.macromedia.com/pub/shockwave/cabs/flash/swflash.cab
    DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
    DPF: {F27237D7-93C8-44C2-AC6E-D6057B9A918F} - hxxps://vpn.umontreal.ca/dana-cached/sc/JuniperSetupClient.cab
    Handler: cdo - {CD00020A-8B95-11D1-82DB-00C04FB1625D} - c:\program files\common files\microsoft shared\web folders\PKMCDO.DLL
    Handler: cetihpz - {CF184AD3-CDCB-4168-A3F7-8E447D129300} - c:\program files\hp\hpcoretech\comp\hpuiprot.dll
    Handler: mctp - {d7b95390-b1c5-11d0-b111-0080c712fe82} -
    WinCE Filter: image/bmp - {86F59FAE-FB3A-11D1-AA72-00C04FAE2D4B} -
    WinCE Filter: image/gif - {86F59FAE-FB3A-11D1-AA72-00C04FAE2D4B} -
    WinCE Filter: image/jpeg - {86F59FAE-FB3A-11D1-AA72-00C04FAE2D4B} -
    WinCE Filter: image/xbm - {86F59FAE-FB3A-11D1-AA72-00C04FAE2D4B} -
    WinCE Filter: text/asp - {6C5C3074-FFAB-11d1-8EC4-00C04F98D57A} -
    WinCE Filter: text/html - {6C5C3074-FFAB-11d1-8EC4-00C04F98D57A} -
    SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll
    SecurityProviders: msapsspc.dll, schannel.dll, digest.dll, msnsspc.dll, digiwet.dll
    mASetup: {44BBA840-CC51-11CF-AAFA-00AA00B6015C} - "%ProgramFiles%\Outlook Express\setup50.exe" /APP:OE /CALLER:WINNT /user /install
    mASetup: {7790769C-0471-11d2-AF11-00C04FA35D02} - "%ProgramFiles%\Outlook Express\setup50.exe" /APP:WAB /CALLER:WINNT /user /install
    Hosts: 127.0.0.1 www.spywareinfo.com
    .
    ================= FIREFOX ===================
    .
    FF - ProfilePath - c:\documents and settings\vincent\application data\mozilla\firefox\profiles\m3nhrhfe.default\
    FF - prefs.js: browser.startup.homepage - hxxp://google.com/
    FF - component: c:\documents and settings\all users\application data\norton\{0c55c096-0f1d-4f28-aaa2-85ef591126e7}\n360_4.1.0.32\coffplgn\components\coFFPlgn.dll
    FF - component: c:\documents and settings\all users\application data\norton\{0c55c096-0f1d-4f28-aaa2-85ef591126e7}\n360_4.1.0.32\ipsffplgn\components\IPSFFPl.dll
    FF - component: c:\program files\hp\digital imaging\smart web printing\mozillaaddon3\components\hpClipBook.dll
    FF - component: c:\program files\hp\digital imaging\smart web printing\mozillaaddon3\components\hpClipBookDB.dll
    FF - component: c:\program files\hp\digital imaging\smart web printing\mozillaaddon3\components\hpNeoLogger.dll
    FF - component: c:\program files\hp\digital imaging\smart web printing\mozillaaddon3\components\hpSaturn.dll
    FF - component: c:\program files\hp\digital imaging\smart web printing\mozillaaddon3\components\hpSeymour.dll
    FF - component: c:\program files\hp\digital imaging\smart web printing\mozillaaddon3\components\hpSmartSelect.dll
    FF - component: c:\program files\hp\digital imaging\smart web printing\mozillaaddon3\components\hpSmartWebPrinting.dll
    FF - component: c:\program files\hp\digital imaging\smart web printing\mozillaaddon3\components\hpSWPOperation.dll
    FF - component: c:\program files\hp\digital imaging\smart web printing\mozillaaddon3\components\hpXPLogging.dll
    FF - component: c:\program files\hp\digital imaging\smart web printing\mozillaaddon3\components\hpXPMTC.dll
    FF - component: c:\program files\hp\digital imaging\smart web printing\mozillaaddon3\components\hpXPMTL.dll
    FF - component: c:\program files\hp\digital imaging\smart web printing\mozillaaddon3\components\hpXREStub.dll
    FF - plugin: c:\documents and settings\all users\application data\real\realplayer\browserrecordplugin\mozillaplugins\nprphtml5videoshim.dll
    FF - plugin: c:\documents and settings\vincent\application data\facebook\npfbplugin_1_0_3.dll
    FF - plugin: c:\documents and settings\vincent\application data\move networks\plugins\npqmp071502000008.dll
    FF - plugin: c:\documents and settings\vincent\local settings\application data\unity\webplayer\loader\npUnity3D32.dll
    FF - plugin: c:\program files\google\google earth\plugin\npgeplugin.dll
    FF - plugin: c:\program files\google\update\1.3.21.53\npGoogleUpdate3.dll
    FF - plugin: c:\program files\hp\digital imaging\smart web printing\mozillaaddon3\plugins\nphpclipbook.dll
    FF - plugin: c:\program files\java\jre1.5.0_06\bin\NPJava11.dll
    FF - plugin: c:\program files\java\jre1.5.0_06\bin\NPJava12.dll
    FF - plugin: c:\program files\java\jre1.5.0_06\bin\NPJava13.dll
    FF - plugin: c:\program files\java\jre1.5.0_06\bin\NPJava14.dll
    FF - plugin: c:\program files\java\jre1.5.0_06\bin\NPJava32.dll
    FF - plugin: c:\program files\java\jre1.5.0_06\bin\NPJPI150_06.dll
    FF - plugin: c:\program files\java\jre1.5.0_06\bin\NPOJI610.dll
    FF - plugin: c:\program files\mozilla firefox\plugins\npViewpoint.dll
    FF - plugin: c:\program files\viewpoint\viewpoint media player\npViewpoint.dll
    FF - plugin: c:\program files\vlc\npvlc.dll
    FF - Ext: Default: {972ce4c6-7e08-4474-a285-3208198ce6fd} - c:\program files\mozilla firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
    FF - Ext: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - %profile%\extensions\{20a82645-c095-46ed-80e3-08825760534b}
    FF - Ext: HP Smart Web Printing: smartwebprinting@hp.com - c:\program files\hp\digital imaging\smart web printing\MozillaAddOn3
    FF - Ext: Norton IPS: {BBDA0591-3099-440a-AA10-41764D9DB4DB} - c:\documents and settings\all users\application data\norton\{0c55c096-0f1d-4f28-aaa2-85ef591126e7}\n360_4.1.0.32\IPSFFPlgn
    FF - Ext: Norton Toolbar: {2D3F3651-74B9-4795-BDEC-6DA2F431CB62} - c:\documents and settings\all users\application data\norton\{0c55c096-0f1d-4f28-aaa2-85ef591126e7}\n360_4.1.0.32\coFFPlgn
    FF - Ext: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\microsoft.net\framework\v3.5\windows presentation foundation\DotNetAssistantExtension
    FF - Ext: Move Media Player: moveplayer@movenetworks.com - c:\documents and settings\vincent\application data\Move Networks
    FF - Ext: HP Smart Web Printing: smartwebprinting@hp.com - c:\program files\hp\digital imaging\smart web printing\MozillaAddOn3
    .
    ============= SERVICES / DRIVERS ===============
    .
    R0 SMR162;Symantec SMR Utility Service 1.6.2;c:\windows\system32\drivers\SMR162.SYS [2011-5-26 76920]
    R0 SymDS;Symantec Data Store;c:\windows\system32\drivers\n360\0403000.005\symds.sys [2010-9-21 328752]
    R0 SymEFA;Symantec Extended File Attributes;c:\windows\system32\drivers\n360\0403000.005\symefa.sys [2010-9-21 173104]
    R1 BHDrvx86;BHDrvx86;c:\documents and settings\all users\application data\norton\{0c55c096-0f1d-4f28-aaa2-85ef591126e7}\n360_4.1.0.32\definitions\bashdefs\20110518.001\BHDrvx86.sys [2011-5-18 802936]
    R1 ccHP;Symantec Hash Provider;c:\windows\system32\drivers\n360\0403000.005\cchpx86.sys [2010-9-21 501888]
    R1 SymIRON;Symantec Iron Driver;c:\windows\system32\drivers\n360\0403000.005\ironx86.sys [2010-9-21 116784]
    R2 McrdSvc;Media Center Extender Service;c:\windows\ehome\mcrdsvc.exe [2005-8-5 99328]
    R2 N360;Norton 360;c:\program files\norton 360\engine\4.3.0.5\ccsvchst.exe [2010-9-21 126392]
    R2 vpnagent;Cisco AnyConnect VPN Agent;c:\program files\cisco\cisco anyconnect vpn client\vpnagent.exe [2008-12-10 417464]
    R2 WDDMService;WD SmartWare Drive Manager;c:\program files\western digital\wd smartware\wd drive manager\WDDMService.exe [2010-1-21 110592]
    R2 WDSmartWareBackgroundService;WD SmartWare Background Service;c:\program files\western digital\wd smartware\front parlor\WDSmartWareBackgroundService.exe [2009-6-16 20480]
    R3 athena;athena;c:\windows\system32\drivers\athena.sys [2007-10-29 107392]
    R3 EraserUtilRebootDrv;EraserUtilRebootDrv;c:\program files\common files\symantec shared\eengine\EraserUtilRebootDrv.sys [2011-5-25 105592]
    R3 IDSxpx86;IDSxpx86;c:\documents and settings\all users\application data\norton\{0c55c096-0f1d-4f28-aaa2-85ef591126e7}\n360_4.1.0.32\definitions\ipsdefs\20110518.001\IDSXpx86.sys [2011-5-18 341944]
    R3 libusb0;LibUsb-Win32 - Kernel Driver, Version 0.1.10.1;c:\windows\system32\drivers\libusb0.sys [2010-2-2 33792]
    R3 NAVENG;NAVENG;c:\documents and settings\all users\application data\norton\{0c55c096-0f1d-4f28-aaa2-85ef591126e7}\n360_4.1.0.32\definitions\virusdefs\20110526.002\NAVENG.SYS [2011-5-26 86008]
    R3 NAVEX15;NAVEX15;c:\documents and settings\all users\application data\norton\{0c55c096-0f1d-4f28-aaa2-85ef591126e7}\n360_4.1.0.32\definitions\virusdefs\20110526.002\NAVEX15.SYS [2011-5-26 1542392]
    R3 WDC_SAM;WD SCSI Pass Thru driver;c:\windows\system32\drivers\wdcsam.sys [2010-7-18 11520]
    S0 Lbd;Lbd;c:\windows\system32\drivers\lbd.sys --> c:\windows\system32\drivers\Lbd.sys [?]
    S3 COMMONFX;COMMONFX;c:\windows\system32\drivers\COMMONFX.sys [2008-6-27 99352]
    S3 CTAUDFX;CTAUDFX;c:\windows\system32\drivers\CTAUDFX.sys [2008-6-27 555032]
    S3 CTERFXFX;CTERFXFX;c:\windows\system32\drivers\CTERFXFX.sys [2008-6-27 100888]
    S3 CTSBLFX;CTSBLFX;c:\windows\system32\drivers\CTSBLFX.sys [2008-6-27 566296]
    S3 Lavasoft Kernexplorer;Lavasoft helper driver;c:\program files\lavasoft\ad-aware\kernexplorer.sys [2011-4-29 15232]
    S3 MotioninJoyXFilter;MotioninJoy Virtual Xinput device Filter Driver;c:\windows\system32\drivers\MijXfilt.sys [2011-3-26 81168]
    S3 yeddef;YEDDEF driver;c:\windows\system32\drivers\yeddef.sys --> c:\windows\system32\drivers\yeddef.sys [?]
    S4 gupdate;Service Google Update (gupdate);c:\program files\google\update\GoogleUpdate.exe [2010-3-7 135664]
    S4 gupdatem;Service Google Update (gupdatem);c:\program files\google\update\GoogleUpdate.exe [2010-3-7 135664]
    S4 Lavasoft Ad-Aware Service;Lavasoft Ad-Aware Service;c:\program files\lavasoft\ad-aware\AAWService.exe [2011-4-29 2151128]
    S4 libusbd;LibUsb-Win32 - Daemon, Version 0.1.10.1;system32\libusbd-nt.exe --> system32\libusbd-nt.exe [?]
    S4 Viewpoint Manager Service;Viewpoint Manager Service;c:\program files\viewpoint\common\ViewpointService.exe [2007-12-4 24652]
    .
    =============== Created Last 30 ================
    .
    2011-05-26 22:39:01 76920 ----a-w- c:\windows\system32\drivers\SMR162.SYS
    2011-05-25 07:41:28 16432 ----a-w- c:\windows\system32\lsdelete.exe
    2011-05-25 00:58:00 98392 ----a-w- c:\windows\system32\drivers\SBREDrv.sys
    2011-05-24 23:58:35 -------- dc----w- c:\documents and settings\all users\application data\{83C91755-2546-441D-AC40-9A6B4B860800}
    2011-05-20 02:17:31 -------- d-----w- c:\documents and settings\vincent\application data\Malwarebytes
    2011-05-20 02:17:26 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
    2011-05-20 02:17:25 -------- d-----w- c:\documents and settings\all users\application data\Malwarebytes
    2011-05-20 02:17:22 20952 ----a-w- c:\windows\system32\drivers\mbam.sys
    2011-05-20 02:17:22 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
    2011-05-20 01:28:42 -------- d-----w- c:\documents and settings\vincent\local settings\application data\NPE
    .
    ==================== Find3M ====================
    .
    2011-04-18 02:05:25 2471776 ----a-w- c:\windows\system32\AutoPartNt.exe
    2011-04-18 02:01:36 169472 ----a-w- c:\windows\system32\drivers\snapman.sys
    2010-06-15 11:33:38 1990728 ----a-w- c:\program files\Install_Facebook_Plug-In_1.0.3.exe
    .
    ============= FINISH: 20:08:14.84 ===============




    --------------------------------------------------






    .
    UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
    IF REQUESTED, ZIP IT UP & ATTACH IT
    .
    DDS (Ver_2011-05-26.01)
    .
    Microsoft Windows XP Professional
    Boot Device: \Device\HarddiskVolume2
    Install Date: 06/11/2007 9:04:12 PM
    System Uptime: 26/05/2011 6:46:30 PM (2 hours ago)
    .
    Motherboard: Dell Inc. | | 0YU822
    Processor: Intel(R) Core(TM)2 Duo CPU E6750 @ 2.66GHz | Microprocessor | 2666/1333mhz
    Processor: Intel(R) Core(TM)2 Duo CPU E6750 @ 2.66GHz | Microprocessor | 2666/1333mhz
    .
    ==== Disk Partitions =========================
    .
    C: is FIXED (NTFS) - 293 GiB total, 220.97 GiB free.
    D: is CDROM (CDFS)
    E: is CDROM ()
    F: is CDROM (UDF)
    G: is Removable
    H: is Removable
    I: is Removable
    J: is Removable
    K: is Removable
    L: is FIXED (NTFS) - 1862 GiB total, 1532.107 GiB free.
    Z: is FIXED (NTFS) - 1863 GiB total, 1642.771 GiB free.
    .
    ==== Disabled Device Manager Items =============
    .
    Class GUID: {4D36E972-E325-11CE-BFC1-08002BE10318}
    Description: Cisco AnyConnect VPN Virtual Miniport Adapter for Windows
    Device ID: ROOT\NET\0000
    Manufacturer: Cisco Systems
    Name: Cisco AnyConnect VPN Virtual Miniport Adapter for Windows
    PNP Device ID: ROOT\NET\0000
    Service: vpnva
    .
    ==== System Restore Points ===================
    .
    No restore point in system.
    .
    ==== Installed Programs ======================
    .
    32 Bit HP CIO Components Installer
    32 bit Windows Card Reader Driver
    Ad-Aware
    Adobe AIR
    Adobe Anchor Service CS3
    Adobe Asset Services CS3
    Adobe Bridge 1.0
    Adobe Bridge CS3
    Adobe Bridge Start Meeting
    Adobe Camera Raw 4.0
    Adobe CMaps
    Adobe Color Common Settings
    Adobe Color EU Extra Settings
    Adobe Color JA Extra Settings
    Adobe Color NA Recommended Settings
    Adobe Common File Installer
    Adobe Device Central CS3
    Adobe ExtendScript Toolkit 2
    Adobe Flash CS3
    Adobe Flash CS3 Professional
    Adobe Flash Player 10 ActiveX
    Adobe Flash Player 10 Plugin
    Adobe Flash Video Encoder
    Adobe Help Center 1.0
    Adobe Help Viewer CS3
    Adobe Linguistics CS3
    Adobe PDF Library Files
    Adobe Photoshop CS2
    Adobe Reader 8.2.0
    Adobe Setup
    Adobe Shockwave Player 11.5
    Adobe Stock Photos 1.0
    Adobe Type Support
    Adobe Update Manager CS3
    Adobe Version Cue CS3 Client
    Adobe WinSoft Linguistics Plugin
    AGEIA PhysX Engines
    AndreaMosaic 3.21
    Antares Auto-Tune 3.06 DirectX
    Antares Tube v1.0
    Apple Software Update
    Broadcom Management Programs
    Browser Address Error Redirector
    BufferChm
    C4600
    Cakewalk Pro Audio 9
    Call of Duty(R) - World at War(TM) 1.1 Patch
    Call of Duty(R) - World at War(TM) 1.2 Patch
    Call of Duty(R) - World at War(TM) 1.4 Patch
    Call of Duty(R) 4 - Modern Warfare(TM) 1.2 Patch
    Call of Duty: Black Ops
    Call of Duty: Black Ops - Multiplayer
    Call of Duty: Modern Warfare 2
    Call of Duty: Modern Warfare 2 - Multiplayer
    Canon Camera Access Library
    Canon Camera Support Core Library
    Canon Camera Window DC_DV 5 for ZoomBrowser EX
    Canon Camera Window DC_DV 6 for ZoomBrowser EX
    Canon Camera Window MC 6 for ZoomBrowser EX
    Canon G.726 WMP-Decoder
    Canon MovieEdit Task for ZoomBrowser EX
    Canon RAW Image Task for ZoomBrowser EX
    Canon RemoteCapture Task for ZoomBrowser EX
    Canon Utilities PhotoStitch
    Canon Utilities ZoomBrowser EX
    Cisco AnyConnect VPN Client
    CoD Builder 0.79 Beta
    Coding Workshop Polyphonic Wizard
    CoDpiler (remove only)
    Core FTP LE 2.1
    Corel Snapfire DVD Maker
    Corel Snapfire Plus
    Creative MediaSource
    Creative System Information
    Dell DataSafe Online
    Dell Driver Download Manager
    Dell Support Center (Support Software)
    Dell System Restore
    DellSupport
    Destinations
    DeviceDiscovery
    DivX Web Player
    EA Download Manager
    EA Download Manager UI
    ESPNMotion
    Facebook Plug-In
    ffdshow [rev 1723] [2007-12-24]
    Free M4a to MP3 Converter 5.9
    FruityLoops v3.4
    FXCM Trading Station
    FXOrder2Go
    GemMaster Mystic
    Google Chrome
    Google Earth
    Google Toolbar for Internet Explorer
    Google Update Helper
    GPBaseService2
    High Definition Audio Driver Package - KB835221
    HijackThis 2.0.2
    Hotfix for Microsoft .NET Framework 3.5 SP1 (KB953595)
    Hotfix for Microsoft .NET Framework 3.5 SP1 (KB958484)
    Hotfix for Windows Media Player 10 (KB903157)
    Hotfix for Windows XP (KB888795)
    Hotfix for Windows XP (KB891593)
    Hotfix for Windows XP (KB895961)
    Hotfix for Windows XP (KB896256)
    Hotfix for Windows XP (KB899337)
    Hotfix for Windows XP (KB899510)
    Hotfix for Windows XP (KB902841)
    Hotfix for Windows XP (KB906569)
    Hotfix for Windows XP (KB908673)
    Hotfix for Windows XP (KB909095)
    Hotfix for Windows XP (KB909394)
    Hotfix for Windows XP (KB912024)
    Hotfix for Windows XP (KB922120-v6)
    Hotfix for Windows XP (KB923293)
    Hotfix for Windows XP (KB926239)
    Hotfix for Windows XP (KB934428-v2)
    Hotfix for Windows XP (KB935448)
    Hotfix for Windows XP (KB936357-v2)
    Hotfix for Windows XP (KB952287)
    Hotfix for Windows XP (KB954550-v5)
    Hotfix for Windows XP (KB961118)
    Hotfix for Windows XP (KB970653-v3)
    Hotfix for Windows XP (KB976098-v2)
    Hotfix for Windows XP (KB979306)
    Hotfix for Windows XP (KB981793)
    HP Customer Participation Program 13.0
    HP Deskjet 6500
    HP Imaging Device Functions 13.0
    HP Photosmart C4600 All-In-One Driver Software 13.0 Rel .5
    HP Print Projects 1.0
    HP Smart Web Printing 4.5
    HP Solution Center 13.0
    HP Update
    hpPrintProjects
    HPProductAssistant
    HPSSupply
    hpWLPGInstaller
    Installation Windows Live
    InterActual Player
    IsoBuster 2.4
    J2SE Runtime Environment 5.0 Update 6
    Lecteur Windows Media*11
    Left 4 Dead
    Left 4 Dead 2 Demo
    LibUSB-Win32-0.1.10.1
    Macromedia Dreamweaver 8
    Macromedia Extension Manager
    MagicDisc 2.7.101
    MagicDisc 2.7.105
    Malwarebytes' Anti-Malware
    MarketResearch
    MF Trader 4 4.00
    Microsoft .NET Framework 1.0 Hotfix (KB930494)
    Microsoft .NET Framework 1.0 Hotfix (KB953295)
    Microsoft .NET Framework 1.0 Hotfix (KB979904)
    Microsoft .NET Framework 1.1
    Microsoft .NET Framework 1.1 Security Update (KB979906)
    Microsoft .NET Framework 2.0 Service Pack 2
    Microsoft .NET Framework 3.0 Service Pack 2
    Microsoft .NET Framework 3.5 SP1
    Microsoft ActiveSync
    Microsoft Application Error Reporting
    Microsoft Choice Guard
    Microsoft Compression Client Pack 1.0 for Windows XP
    Microsoft Kernel-Mode Driver Framework Feature Pack 1.9
    Microsoft Office Visio Viewer 2007
    Microsoft Office XP Professional with FrontPage
    Microsoft Plus! Digital Media Edition Installer
    Microsoft Plus! Photo Story 2 LE
    Microsoft Silverlight
    Microsoft User-Mode Driver Framework Feature Pack 1.0
    Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
    Microsoft Visual C++ 2005 Redistributable
    Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148
    Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
    Microsoft WinUsb 2.0
    Microsoft Works
    mkv2vob
    Monkey's Audio
    MotioninJoy ds3 driver version 0.6.0003
    Move Media Player
    Mozilla Firefox (3.5.19)
    MPIO Manager
    MSN
    MSVCRT
    MSXML 4.0 SP2 (KB936181)
    MSXML 4.0 SP2 (KB954430)
    MSXML 4.0 SP2 (KB973688)
    MSXML 6 Service Pack 2 (KB973686)
    Multi RemoteCommander
    Native Instruments Kontakt Player Sibelius
    Native Instruments Sibelius Player
    Neuratron PhotoScore Lite
    Norton 360
    NVIDIA Control Panel 260.99
    NVIDIA Graphics Driver 260.99
    NVIDIA Install Application
    NVIDIA nView 135.36
    NVIDIA nView Desktop Manager
    NVIDIA Photoshop Plug-ins
    NVIDIA PhysX
    NVIDIA PhysX System Software 9.10.0514
    Otto
    Outil de téléchargement Windows Live
    PDF Settings
    Polyphonic Wizard v4.5
    PowerDVD
    PS_AIO_05_C4600_Software_Min
    PunkBuster Services
    QuickSet
    QuickSFV (Remove only)
    QuickTime
    RealPlayer
    RealUpgrade 1.0
    ReValver
    Rosetta Stone V3
    Roxio Creator Audio
    Roxio Creator BDAV Plugin
    Roxio Creator Copy
    Roxio Creator Data
    Roxio Creator DE
    Roxio Creator Tools
    Roxio Drag-to-Disc
    Roxio Express Labeler
    Roxio MyDVD DE
    Roxio Update Manager
    Scan
    ScrabBot 5.1
    SearchAssist
    Security Update for CAPICOM (KB931906)
    Security Update for Windows Media Player (KB911564)
    Security Update for Windows Media Player (KB952069)
    Security Update for Windows Media Player (KB954155)
    Security Update for Windows Media Player (KB968816)
    Security Update for Windows Media Player (KB973540)
    Security Update for Windows Media Player (KB978695)
    Security Update for Windows Media Player 10 (KB936782)
    Security Update for Windows Media Player 6.4 (KB925398)
    Security Update for Windows XP (KB2229593)
    Security Update for Windows XP (KB893756)
    Security Update for Windows XP (KB896358)
    Security Update for Windows XP (KB896423)
    Security Update for Windows XP (KB896428)
    Security Update for Windows XP (KB899587)
    Security Update for Windows XP (KB899588)
    Security Update for Windows XP (KB899591)
    Security Update for Windows XP (KB900725)
    Security Update for Windows XP (KB901017)
    Security Update for Windows XP (KB901214)
    Security Update for Windows XP (KB902400)
    Security Update for Windows XP (KB904706)
    Security Update for Windows XP (KB905414)
    Security Update for Windows XP (KB905749)
    Security Update for Windows XP (KB908519)
    Security Update for Windows XP (KB908531)
    Security Update for Windows XP (KB911562)
    Security Update for Windows XP (KB911927)
    Security Update for Windows XP (KB913580)
    Security Update for Windows XP (KB914388)
    Security Update for Windows XP (KB914389)
    Security Update for Windows XP (KB917344)
    Security Update for Windows XP (KB917422)
    Security Update for Windows XP (KB917953)
    Security Update for Windows XP (KB918118)
    Security Update for Windows XP (KB918439)
    Security Update for Windows XP (KB919007)
    Security Update for Windows XP (KB920213)
    Security Update for Windows XP (KB920670)
    Security Update for Windows XP (KB920683)
    Security Update for Windows XP (KB920685)
    Security Update for Windows XP (KB921503)
    Security Update for Windows XP (KB922819)
    Security Update for Windows XP (KB923191)
    Security Update for Windows XP (KB923414)
    Security Update for Windows XP (KB923561)
    Security Update for Windows XP (KB923689)
    Security Update for Windows XP (KB923980)
    Security Update for Windows XP (KB924191)
    Security Update for Windows XP (KB924270)
    Security Update for Windows XP (KB924496)
    Security Update for Windows XP (KB924667)
    Security Update for Windows XP (KB925902)
    Security Update for Windows XP (KB926255)
    Security Update for Windows XP (KB926436)
    Security Update for Windows XP (KB927779)
    Security Update for Windows XP (KB927802)
    Security Update for Windows XP (KB928255)
    Security Update for Windows XP (KB928843)
    Security Update for Windows XP (KB929123)
    Security Update for Windows XP (KB930178)
    Security Update for Windows XP (KB931261)
    Security Update for Windows XP (KB931784)
    Security Update for Windows XP (KB932168)
    Security Update for Windows XP (KB933729)
    Security Update for Windows XP (KB935839)
    Security Update for Windows XP (KB935840)
    Security Update for Windows XP (KB936021)
    Security Update for Windows XP (KB937143)
    Security Update for Windows XP (KB937894)
    Security Update for Windows XP (KB938127)
    Security Update for Windows XP (KB938464)
    Security Update for Windows XP (KB938829)
    Security Update for Windows XP (KB939653)
    Security Update for Windows XP (KB941202)
    Security Update for Windows XP (KB941568)
    Security Update for Windows XP (KB941569)
    Security Update for Windows XP (KB941644)
    Security Update for Windows XP (KB941693)
    Security Update for Windows XP (KB942615)
    Security Update for Windows XP (KB943055)
    Security Update for Windows XP (KB943460)
    Security Update for Windows XP (KB943485)
    Security Update for Windows XP (KB944338)
    Security Update for Windows XP (KB944533)
    Security Update for Windows XP (KB944653)
    Security Update for Windows XP (KB945553)
    Security Update for Windows XP (KB946026)
    Security Update for Windows XP (KB946648)
    Security Update for Windows XP (KB947864)
    Security Update for Windows XP (KB948590)
    Security Update for Windows XP (KB948881)
    Security Update for Windows XP (KB950749)
    Security Update for Windows XP (KB950759)
    Security Update for Windows XP (KB950760)
    Security Update for Windows XP (KB950762)
    Security Update for Windows XP (KB950974)
    Security Update for Windows XP (KB951066)
    Security Update for Windows XP (KB951376-v2)
    Security Update for Windows XP (KB951376)
    Security Update for Windows XP (KB951698)
    Security Update for Windows XP (KB951748)
    Security Update for Windows XP (KB952004)
    Security Update for Windows XP (KB952954)
    Security Update for Windows XP (KB953838)
    Security Update for Windows XP (KB953839)
    Security Update for Windows XP (KB954211)
    Security Update for Windows XP (KB954600)
    Security Update for Windows XP (KB955069)
    Security Update for Windows XP (KB956390)
    Security Update for Windows XP (KB956391)
    Security Update for Windows XP (KB956572)
    Security Update for Windows XP (KB956802)
    Security Update for Windows XP (KB956803)
    Security Update for Windows XP (KB956841)
    Security Update for Windows XP (KB956844)
    Security Update for Windows XP (KB957095)
    Security Update for Windows XP (KB957097)
    Security Update for Windows XP (KB958215)
    Security Update for Windows XP (KB958470)
    Security Update for Windows XP (KB958644)
    Security Update for Windows XP (KB958687)
    Security Update for Windows XP (KB958690)
    Security Update for Windows XP (KB958869)
    Security Update for Windows XP (KB959426)
    Security Update for Windows XP (KB960225)
    Security Update for Windows XP (KB960714)
    Security Update for Windows XP (KB960715)
    Security Update for Windows XP (KB960803)
    Security Update for Windows XP (KB960859)
    Security Update for Windows XP (KB961371)
    Security Update for Windows XP (KB961373)
    Security Update for Windows XP (KB961501)
    Security Update for Windows XP (KB963027)
    Security Update for Windows XP (KB968537)
    Security Update for Windows XP (KB969059)
    Security Update for Windows XP (KB969897)
    Security Update for Windows XP (KB969898)
    Security Update for Windows XP (KB969947)
    Security Update for Windows XP (KB970238)
    Security Update for Windows XP (KB970430)
    Security Update for Windows XP (KB971032)
    Security Update for Windows XP (KB971468)
    Security Update for Windows XP (KB971486)
    Security Update for Windows XP (KB971557)
    Security Update for Windows XP (KB971633)
    Security Update for Windows XP (KB971657)
    Security Update for Windows XP (KB971961)
    Security Update for Windows XP (KB972260)
    Security Update for Windows XP (KB972270)
    Security Update for Windows XP (KB973346)
    Security Update for Windows XP (KB973354)
    Security Update for Windows XP (KB973507)
    Security Update for Windows XP (KB973525)
    Security Update for Windows XP (KB973869)
    Security Update for Windows XP (KB973904)
    Security Update for Windows XP (KB974112)
    Security Update for Windows XP (KB974318)
    Security Update for Windows XP (KB974392)
    Security Update for Windows XP (KB974455)
    Security Update for Windows XP (KB974571)
    Security Update for Windows XP (KB975025)
    Security Update for Windows XP (KB975467)
    Security Update for Windows XP (KB975560)
    Security Update for Windows XP (KB975561)
    Security Update for Windows XP (KB975562)
    Security Update for Windows XP (KB976325)
    Security Update for Windows XP (KB977165)
    Security Update for Windows XP (KB977816)
    Security Update for Windows XP (KB977914)
    Security Update for Windows XP (KB978037)
    Security Update for Windows XP (KB978251)
    Security Update for Windows XP (KB978262)
    Security Update for Windows XP (KB978338)
    Security Update for Windows XP (KB978542)
    Security Update for Windows XP (KB978601)
    Security Update for Windows XP (KB978706)
    Security Update for Windows XP (KB979309)
    Security Update for Windows XP (KB979482)
    Security Update for Windows XP (KB979559)
    Security Update for Windows XP (KB980195)
    Security Update for Windows XP (KB980218)
    Security Update for Windows XP (KB980232)
    Security Update for Windows XP (KB981350)
    Security Update for Windows XP (KB982381)
    Segoe UI
    Shop for HP Supplies
    Sibelius 4
    Sibelius Scorch (Firefox, Opera, Netscape only)
    SmartFTP Client
    SmartFTP Client 2.5 Setup Files (remove only)
    SmartFTP Client 3.0 Setup Files (remove only)
    SmartWebPrinting
    SolutionCenter
    Sonic Activation Module
    Sonic Encoders
    Sony Sound Forge 8.0
    Sound Blaster Audigy 2 ZS
    SPORE™
    Spybot - Search & Destroy
    Status
    Steam
    Steinberg The Grand
    StepMania (remove only)
    Stereogram magician (V3.22)
    Switch
    TeamSpeak 2 RC2
    Toolbox
    TrayApp
    Try Corel Snapfire muvee autoProducer add on
    TVersity Codec Pack 1.2
    TVersity Media Server 1.8 Beta
    Unity Web Player
    Update for Microsoft .NET Framework 3.5 SP1 (KB963707)
    Update for Windows Media Player 10 (KB910393)
    Update for Windows Media Player 10 (KB913800)
    Update for Windows Media Player 10 (KB926251)
    Update for Windows XP (KB894391)
    Update for Windows XP (KB898461)
    Update for Windows XP (KB900485)
    Update for Windows XP (KB910437)
    Update for Windows XP (KB911280)
    Update for Windows XP (KB912945)
    Update for Windows XP (KB916595)
    Update for Windows XP (KB920872)
    Update for Windows XP (KB922582)
    Update for Windows XP (KB925720)
    Update for Windows XP (KB927891)
    Update for Windows XP (KB930916)
    Update for Windows XP (KB931836)
    Update for Windows XP (KB933360)
    Update for Windows XP (KB938828)
    Update for Windows XP (KB942763)
    Update for Windows XP (KB942840)
    Update for Windows XP (KB946627)
    Update for Windows XP (KB951072-v2)
    Update for Windows XP (KB955759)
    Update for Windows XP (KB955839)
    Update for Windows XP (KB961503)
    Update for Windows XP (KB967715)
    Update for Windows XP (KB968389)
    Update for Windows XP (KB971737)
    Update for Windows XP (KB973687)
    Update for Windows XP (KB973815)
    Update for Windows XP (KB976749)
    Update for Windows XP (KB978207)
    Update for Windows XP (KB980182)
    Update Rollup 2 for Windows XP Media Center Edition 2005
    Ventrilo Client
    Viewpoint Manager (Remove Only)
    Viewpoint Media Player
    Visual C++ 2008 x86 Runtime - (v9.0.30729)
    Visual C++ 2008 x86 Runtime - v9.0.30729.01
    VLC media player 1.0.3
    WD Align - Powered by Acronis
    WD SmartWare
    WebFldrs XP
    WebReg
    Winamp
    Windows Imaging Component
    Windows Installer 3.1 (KB893803)
    Windows Live Call
    Windows Live Communications Platform
    Windows Live Messenger
    Windows Live Sign-in Assistant
    Windows Media Format 11 runtime
    Windows Media Player 10
    Windows Media Player 10 Hotfix - KB894476
    Windows Media Player 10 Hotfix [See EmeraldQFE2 for more information]
    Windows Media Player 11
    Windows Media Player Firefox Plugin
    Windows Mobile Daylight Saving Time 2007 Updates
    Windows Mobile® Device Handbook
    Windows XP Hotfix - KB873339
    Windows XP Hotfix - KB885250
    Windows XP Hotfix - KB885835
    Windows XP Hotfix - KB885836
    Windows XP Hotfix - KB885884
    Windows XP Hotfix - KB886185
    Windows XP Hotfix - KB887472
    Windows XP Hotfix - KB888302
    Windows XP Hotfix - KB889673
    Windows XP Hotfix - KB890859
    Windows XP Hotfix - KB890927
    Windows XP Hotfix - KB891781
    Windows XP Media Center Edition 2005 KB2502898
    Windows XP Media Center Edition 2005 KB908246
    Windows XP Media Center Edition 2005 KB912067
    Windows XP Media Center Edition 2005 KB973768
    WinRAR archiver
    Xfire (remove only)
    .
    ==== Event Viewer Messages From Past Week ========
    .
    26/05/2011 1:49:00 AM, error: Service Control Manager [7026] - The following boot-start or system-start driver(s) failed to load: Lbd
    24/05/2011 9:08:02 PM, error: DCOM [10005] - DCOM got error "%1058" attempting to start the service ntmssvc with arguments "-Service" in order to run the server: {D61A27C6-8F53-11D0-BFA0-00A024151983}
    24/05/2011 8:08:28 PM, error: Service Control Manager [7026] - The following boot-start or system-start driver(s) failed to load: Lbd nvraid
    20/05/2011 8:20:01 PM, error: DCOM [10005] - DCOM got error "%1058" attempting to start the service gupdate with arguments "/comsvc" in order to run the server: {4EB61BAC-A3B6-4760-9581-655041EF4D69}
    20/05/2011 7:58:34 AM, error: sr [1] - The System Restore filter encountered the unexpected error '0xC0000001' while processing the file '' on the volume 'HarddiskVolume2'. It has stopped monitoring the volume.
    20/05/2011 1:25:33 AM, error: PlugPlayManager [11] - The device Root\LEGACY_SMR162\0000 disappeared from the system without first being prepared for removal.
    19/05/2011 9:42:47 PM, error: Disk [11] - The driver detected a controller error on \Device\Harddisk1\D.
    19/05/2011 3:00:55 AM, error: Windows Update Agent [20] - Installation Failure: Windows failed to install the following update with error 0x8007f0f4: Security Update for Windows XP (KB979683).
    19/05/2011 10:30:08 PM, error: Service Control Manager [7026] - The following boot-start or system-start driver(s) failed to load: nvraid
    19/05/2011 10:29:22 PM, error: Ftdisk [49] - Configuring the Page file for crash dump failed. Make sure there is a page file on the boot partition and that is large enough to contain all physical memory.
    19/05/2011 10:29:22 PM, error: Ftdisk [45] - The system could not sucessfully load the crash dump driver.
    .
    ==== End Of File ===========================
     
  4. Broni

    Broni Malware Annihilator Posts: 47,037   +255

    Download aswMBR to your desktop.
    Double click the aswMBR.exe to run it.
    Click the "Scan" button to start scan:
    [​IMG]

    On completion of the scan click "Save log", save it to your desktop and post in your next reply:
    [​IMG]

    ==============================================================

    Please download Rootkit Unhooker from one of the following links and save it to your desktop.
    In order to use this tool if you downloaded from either of the second two links, you will need to extract the RKUnhookerLE.exe file using a program capable of extracing ZIP and RAR compressed files. If you don't have an extraction program, you can downlaod, install and use the free 7-zip utility.

    • Double-click on RKUnhookerLE.exe to start the program.
      Vista/Windows 7 users right-click and select Run As Administrator.
    • Click the Report tab, then click Scan.
    • Check Drivers, Stealth, and uncheck the rest.
    • Click OK.
    • Wait until it's finished and then go to File > Save Report.
    • Save the report to your Desktop.
    • Copy and paste the contents of the report into your next reply.
    -- Note: You may get this warning...just ignore it, click OK and continue: "Rootkit Unhooker has detected a parasite inside itself! It is recommended to remove parasite, okay?".
     
  5. KriegSohn

    KriegSohn TS Rookie Topic Starter Posts: 18

    The logs:

    aswMBR version 0.9.5.256 Copyright(c) 2011 AVAST Software
    Run date: 2011-05-26 23:06:58
    -----------------------------
    23:06:58.215 OS Version: Windows 5.1.2600 Service Pack 2
    23:06:58.215 Number of processors: 2 586 0xF0B
    23:06:58.215 ComputerName: VINCENT UserName: Vincent
    23:06:59.480 Initialize success
    23:07:20.324 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\00000084
    23:07:20.324 Disk 0 Vendor: ST3320620AS 3.ADG Size: 305245MB BusType: 3
    23:07:20.324 Disk 1 \Device\Harddisk1\DR1 -> \Device\00000086
    23:07:20.324 Disk 1 Vendor: WDC_WD20EARS-00MVWB0 51.0AB51 Size: 1907729MB BusType: 3
    23:07:22.355 Disk 0 MBR read successfully
    23:07:22.355 Disk 0 MBR scan
    23:07:22.355 Disk 0 unknown MBR code
    23:07:24.355 Disk 0 scanning sectors +625137345
    23:07:24.371 Disk 0 scanning C:\WINDOWS\system32\drivers
    23:07:37.090 Service scanning
    23:07:38.996 Disk 0 trace - called modules:
    23:07:38.996 ntkrnlpa.exe CLASSPNP.SYS disk.sys nvatabus.sys hal.dll
    23:07:38.996 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0x8a729ab8]
    23:07:39.012 3 CLASSPNP.SYS[b80c905b] -> nt!IofCallDriver -> \Device\00000084[0x8a70d030]
    23:07:39.012 \Driver\nvatabus[0x8a72ab90] -> IRP_MJ_DEVICE_CONTROL -> 0x8a61e8ba
    23:07:39.012 Scan finished successfully
    23:07:56.230 Disk 0 MBR has been saved successfully to "C:\Documents and Settings\Vincent\Desktop\MBR.dat"
    23:07:56.230 The log file has been saved successfully to "C:\Documents and Settings\Vincent\Desktop\aswMBR.txt"



    --------------------------------------



    RkU Version: 3.8.388.590, Type LE (SR2)
    ==============================================
    OS Name: Windows XP
    Version 5.1.2600 (Service Pack 2)
    Number of processors #2
    ==============================================
    >Drivers
    ==============================================
    0xB693E000 C:\WINDOWS\system32\DRIVERS\nv4_mini.sys 9625600 bytes (NVIDIA Corporation, NVIDIA Compatible Windows 2000 Miniport Driver, Version 260.99 )
    0xBD012000 C:\WINDOWS\System32\nv4_disp.dll 6361088 bytes (NVIDIA Corporation, NVIDIA Compatible Windows 2000 Display driver, Version 260.99 )
    0x804D7000 C:\WINDOWS\system32\ntkrnlpa.exe 2142208 bytes (Microsoft Corporation, NT Kernel & System)
    0x804D7000 PnpManager 2142208 bytes
    0x804D7000 RAW 2142208 bytes
    0x804D7000 WMIxWDM 2142208 bytes
    0xBF800000 Win32k 1851392 bytes
    0xBF800000 C:\WINDOWS\System32\win32k.sys 1851392 bytes (Microsoft Corporation, Multi-User Win32 Driver)
    0xA92A2000 C:\Documents and Settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_4.1.0.32\Definitions\VirusDefs\20110526.019\NAVEX15.SYS 1536000 bytes (Symantec Corporation, AV Engine)
    0xB3162000 C:\WINDOWS\system32\drivers\sthda.sys 1126400 bytes (SigmaTel, Inc., NDRC)
    0xAFFE8000 C:\WINDOWS\System32\drivers\ha10kx2k.sys 1089536 bytes (Creative Technology Ltd, Creative EMU10KX HAL (WDM))
    0xAF519000 C:\Documents and Settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_4.1.0.32\Definitions\BASHDefs\20110518.001\BHDrvx86.sys 819200 bytes (Symantec Corporation, BASH Driver)
    0xAFEF4000 C:\WINDOWS\System32\drivers\ctac32k.sys 638976 bytes (Creative Technology Ltd, Creative AC3 SW Decoder Device Driver (WDM))
    0xAFD21000 C:\WINDOWS\system32\CTSBLFX.DLL 581632 bytes (Creative Technology Ltd, Creative SB FX Plug-in)
    0xB7D6A000 Ntfs.sys 577536 bytes (Microsoft Corporation, NT File System Driver)
    0xAFDAF000 C:\WINDOWS\system32\CTAUDFX.DLL 569344 bytes (Creative Technology Ltd, Creative SB FX Plug-in)
    0xAF5E1000 C:\WINDOWS\system32\drivers\N360\0403000.005\ccHPx86.sys 520192 bytes (Symantec Corporation, Common Client Hash Provider Driver)
    0xB64FA000 C:\WINDOWS\system32\drivers\ctaud2k.sys 516096 bytes (Creative Technology Ltd, Creative WDM Audio Device Driver)
    0xAF6DC000 C:\WINDOWS\system32\DRIVERS\mrxsmb.sys 454656 bytes (Microsoft Corporation, Windows NT SMB Minirdr)
    0xAF67E000 C:\Program Files\Common Files\Symantec Shared\EENGINE\eeCtrl.sys 385024 bytes (Symantec Corporation, Symantec Eraser Control Driver)
    0xB5D06000 C:\WINDOWS\system32\DRIVERS\update.sys 364544 bytes (Microsoft Corporation, Update Driver)
    0xA9236000 C:\Documents and Settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_4.1.0.32\Definitions\IPSDefs\20110526.002\IDSxpx86.sys 360448 bytes (Symantec Corporation, IDS Core Driver)
    0xAF958000 C:\WINDOWS\system32\DRIVERS\tcpip.sys 360448 bytes (Microsoft Corporation, TCP/IP Protocol Driver)
    0xAFBB2000 C:\WINDOWS\System32\Drivers\N360\0403000.005\SRTSP.SYS 356352 bytes (Symantec Corporation, Symantec AutoProtect)
    0xADBE4000 C:\WINDOWS\system32\DRIVERS\srv.sys 356352 bytes (Microsoft Corporation, Server driver)
    0xAF901000 C:\WINDOWS\System32\Drivers\N360\0403000.005\SYMTDI.SYS 356352 bytes (Symantec Corporation, Network Dispatch Driver)
    0xB7E51000 SYMDS.SYS 352256 bytes
    0xBFFA0000 C:\WINDOWS\System32\ATMFD.DLL 286720 bytes (Adobe Systems Incorporated, Windows NT OpenType/Type 1 Font Driver)
    0xADD2B000 C:\WINDOWS\System32\Drivers\HTTP.sys 266240 bytes (Microsoft Corporation, HTTP Protocol Stack)
    0xB622C000 C:\WINDOWS\system32\drivers\ctoss2k.sys 212992 bytes (Creative Technology Ltd., Creative OS Services Driver (WDM))
    0xB5DE9000 C:\WINDOWS\system32\DRIVERS\rdpdr.sys 200704 bytes (Microsoft Corporation, Microsoft RDP Device redirector)
    0xAFFB9000 C:\WINDOWS\System32\drivers\emupia2k.sys 192512 bytes (Creative Technology Ltd, E-mu Plug-in Architecture Driver (WDM))
    0xB7F45000 ACPI.sys 188416 bytes (Microsoft Corporation, ACPI Driver for NT)
    0xB7D3D000 NDIS.sys 184320 bytes (Microsoft Corporation, NDIS 5.1 wrapper driver)
    0xB7E24000 SYMEFA.SYS 184320 bytes
    0xAE2BF000 C:\WINDOWS\system32\DRIVERS\mrxdav.sys 180224 bytes (Microsoft Corporation, Windows NT WebDav Minirdr)
    0xB5F74000 C:\WINDOWS\system32\DRIVERS\b57xp32.sys 176128 bytes (Broadcom Corporation, Broadcom NetXtreme Gigabit Ethernet NDIS5.1 Driver.)
    0xB00F2000 C:\WINDOWS\System32\drivers\hap16v2k.sys 176128 bytes (Creative Technology Ltd, Creative EMU10KX-P16v HAL (WDM))
    0xA7D20000 C:\WINDOWS\system32\drivers\kmixer.sys 176128 bytes (Microsoft Corporation, Kernel Mode Audio Mixer)
    0xAF74B000 C:\WINDOWS\system32\DRIVERS\rdbss.sys 176128 bytes (Microsoft Corporation, Redirected Drive Buffering SubSystem Driver)
    0xAFF90000 C:\WINDOWS\System32\drivers\ctsfm2k.sys 167936 bytes (Creative Technology Ltd, SoundFont(R) Manager (WDM))
    0xAF798000 C:\WINDOWS\system32\DRIVERS\netbt.sys 163840 bytes (Microsoft Corporation, MBT Transport driver)
    0xB7D15000 snapman.sys 163840 bytes (Acronis, Acronis Snapshot API)
    0xB7EEF000 dmio.sys 155648 bytes (Microsoft Corp., Veritas Software, NT Disk Manager I/O Driver)
    0xB600F000 C:\WINDOWS\system32\DRIVERS\HDAudBus.sys 155648 bytes (Windows (R) Server 2003 DDK provider, High Definition Audio Bus Driver v1.0)
    0xAF9F7000 C:\WINDOWS\system32\Drivers\SYMEVENT.SYS 151552 bytes (Symantec Corporation, Symantec Event Library)
    0xB66EB000 C:\WINDOWS\system32\DRIVERS\ks.sys 143360 bytes (Microsoft Corporation, Kernel CSA Library)
    0xB68C2000 C:\WINDOWS\system32\DRIVERS\USBPORT.SYS 143360 bytes (Microsoft Corporation, USB 1.1 & 2.0 Port Driver)
    0xAF776000 C:\WINDOWS\System32\drivers\afd.sys 139264 bytes (Microsoft Corporation, Ancillary Function Driver for WinSock)
    0xB6330000 C:\WINDOWS\system32\drivers\portcls.sys 139264 bytes (Microsoft Corporation, Port Class (Class Driver for Port/Miniport Devices))
    0xAF8E0000 C:\WINDOWS\system32\DRIVERS\ipnat.sys 135168 bytes (Microsoft Corporation, IP Network Address Translator)
    0x806E2000 ACPI_HAL 134272 bytes
    0x806E2000 C:\WINDOWS\system32\hal.dll 134272 bytes (Microsoft Corporation, Hardware Abstraction Layer DLL)
    0xB7F73000 C:\WINDOWS\System32\drivers\FLTMGR.SYS 131072 bytes (Microsoft Corporation, Microsoft Filesystem Filter Manager)
    0xB7F15000 ftdisk.sys 126976 bytes (Microsoft Corporation, FT Disk Driver)
    0xAFB93000 C:\WINDOWS\system32\drivers\N360\0403000.005\Ironx86.SYS 126976 bytes (Symantec Corporation, Iron Driver)
    0xAF660000 C:\Program Files\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys 122880 bytes (Symantec Corporation, Symantec Eraser Utility Driver)
    0xB5D8A000 C:\WINDOWS\system32\DRIVERS\mcdbus.sys 118784 bytes (MagicISO, Inc., MagicISO SCSI Host Controller)
    0xB66B0000 C:\WINDOWS\system32\DRIVERS\athena.sys 110592 bytes (AGEIA Technologies, PhysX Processor WDM Driver)
    0xAFE3A000 C:\WINDOWS\system32\COMMONFX.DLL 110592 bytes (Creative Technology Ltd, Creative Common FX Plug-in)
    0xB7CFA000 Mup.sys 110592 bytes (Microsoft Corporation, Multiple UNC Provider driver)
    0xB7EA7000 nvatabus.sys 106496 bytes
    0xACFFC000 C:\DOCUME~1\Vincent\LOCALS~1\Temp\uxldypog.sys 102400 bytes
    0xB7EC1000 atapi.sys 98304 bytes (Microsoft Corporation, IDE/ATAPI Port Driver)
    0xAE833000 C:\WINDOWS\System32\DLA\DLAIFS_M.SYS 98304 bytes (Roxio, Drive Letter Access Component)
    0xB5D72000 C:\WINDOWS\system32\DRIVERS\SCSIPORT.SYS 98304 bytes (Microsoft Corporation, SCSI Port Driver)
    0xAE806000 C:\WINDOWS\System32\DLA\DLAUDF_M.SYS 94208 bytes (Roxio, Drive Letter Access Component)
    0xB7DF7000 KSecDD.sys 94208 bytes (Microsoft Corporation, Kernel Security Support Provider Interface)
    0xB5E96000 C:\WINDOWS\system32\DRIVERS\ndiswan.sys 94208 bytes (Microsoft Corporation, MS PPP Framing Driver (Strong Encryption))
    0xADAB5000 C:\WINDOWS\system32\drivers\PfModNT.sys 94208 bytes (Creative Technology Ltd., PCI/ISA Device Info. Service)
    0xAE81D000 C:\WINDOWS\System32\DLA\DLAUDFAM.SYS 90112 bytes (Roxio, Drive Letter Access Component)
    0xB7E0E000 DRVMCDB.SYS 90112 bytes (Sonic Solutions, Device Driver)
    0xAE4F9000 C:\WINDOWS\system32\drivers\wdmaud.sys 86016 bytes (Microsoft Corporation, MMSYSTEM Wave/Midi API mapper)
    0xA928E000 C:\Documents and Settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_4.1.0.32\Definitions\VirusDefs\20110526.019\NAVENG.SYS 81920 bytes (Symantec Corporation, AV Engine)
    0xB7F93000 SMR162.SYS 81920 bytes (Symantec Corporation, SMR)
    0xB692A000 C:\WINDOWS\system32\DRIVERS\VIDEOPRT.SYS 81920 bytes (Microsoft Corporation, Video Port Driver)
    0xAF9B0000 C:\WINDOWS\system32\DRIVERS\ipsec.sys 77824 bytes (Microsoft Corporation, IPSec Driver)
    0xBD000000 C:\WINDOWS\System32\drivers\dxg.sys 73728 bytes (Microsoft Corporation, DirectX Graphics Driver)
    0xB7F34000 pci.sys 69632 bytes (Microsoft Corporation, NT Plug and Play PCI Enumerator)
    0xB5E2B000 C:\WINDOWS\system32\DRIVERS\psched.sys 69632 bytes (Microsoft Corporation, MS QoS Packet Scheduler)
    0xAF4E0000 C:\WINDOWS\System32\Drivers\Udfs.SYS 69632 bytes (Microsoft Corporation, UDF File System Driver)
    0xAFCE1000 C:\WINDOWS\System32\Drivers\Cdfs.SYS 65536 bytes (Microsoft Corporation, CD-ROM File System Driver)
    0xB8148000 C:\WINDOWS\system32\DRIVERS\nic1394.sys 65536 bytes (Microsoft Corporation, IEEE1394 Ndis Miniport and Call Manager)
    0xAE8FB000 C:\WINDOWS\system32\DRIVERS\rspndr.sys 65536 bytes (Microsoft Corporation, Link-Layer Topology Responder Driver for NDIS 6)
    0xAFD01000 C:\WINDOWS\system32\DRIVERS\arp1394.sys 61440 bytes (Microsoft Corporation, IP/1394 Arp Client)
    0xB81C8000 C:\WINDOWS\system32\drivers\drmk.sys 61440 bytes (Microsoft Corporation, Microsoft Kernel DRM Descrambler Filter)
    0xB8108000 ohci1394.sys 61440 bytes (Microsoft Corporation, 1394 OpenHCI Port Driver)
    0xB8168000 C:\WINDOWS\system32\DRIVERS\redbook.sys 61440 bytes (Microsoft Corporation, Redbook Audio Filter Driver)
    0xAF8B0000 C:\WINDOWS\system32\drivers\sysaudio.sys 61440 bytes (Microsoft Corporation, System Audio WDM Filter)
    0xB81F8000 C:\WINDOWS\system32\DRIVERS\usbhub.sys 61440 bytes (Microsoft Corporation, Default Hub Driver for USB)
    0xB8228000 C:\WINDOWS\system32\drivers\libusb0.sys 57344 bytes
    0xB8118000 C:\WINDOWS\system32\DRIVERS\1394BUS.SYS 53248 bytes (Microsoft Corporation, 1394 Bus Device Driver)
    0xB8158000 C:\WINDOWS\system32\DRIVERS\cdrom.sys 53248 bytes (Microsoft Corporation, SCSI CD-ROM Driver)
    0xB80C8000 C:\WINDOWS\system32\drivers\CLASSPNP.SYS 53248 bytes (Microsoft Corporation, SCSI Class System Dll)
    0xB6650000 C:\WINDOWS\system32\DRIVERS\HPZid412.sys 53248 bytes (HP, IEEE-1284.4-1999 Driver (Windows 2000))
    0xB82F8000 C:\WINDOWS\system32\DRIVERS\i8042prt.sys 53248 bytes (Microsoft Corporation, i8042 Port Driver)
    0xB8208000 C:\WINDOWS\system32\DRIVERS\rasl2tp.sys 53248 bytes (Microsoft Corporation, RAS L2TP mini-port/call-manager driver)
    0xB80D8000 VolSnap.sys 53248 bytes (Microsoft Corporation, Volume Shadow Copy Driver)
    0xB8248000 C:\WINDOWS\system32\DRIVERS\raspptp.sys 49152 bytes (Microsoft Corporation, Peer-to-Peer Tunneling Protocol)
    0xAD65D000 C:\DOCUME~1\Vincent\LOCALS~1\Temp\aswMBR.sys 45056 bytes
    0xAE97B000 C:\WINDOWS\System32\Drivers\DRVNDDM.SYS 45056 bytes (Roxio, Device Driver Manager)
    0xB8138000 C:\WINDOWS\system32\DRIVERS\imapi.sys 45056 bytes (Microsoft Corporation, IMAPI Kernel Driver)
    0xB80B8000 MountMgr.sys 45056 bytes (Microsoft Corporation, Mount Manager)
    0xB8238000 C:\WINDOWS\system32\DRIVERS\raspppoe.sys 45056 bytes (Microsoft Corporation, RAS PPPoE mini-port/call-manager driver)
    0xB8298000 C:\WINDOWS\System32\Drivers\NDProxy.SYS 40960 bytes (Microsoft Corporation, NDIS Proxy)
    0xB8178000 C:\WINDOWS\system32\drivers\N360\0403000.005\SRTSPX.SYS 40960 bytes (Symantec Corporation, Symantec AutoProtect)
    0xB8268000 C:\WINDOWS\system32\DRIVERS\termdd.sys 40960 bytes (Microsoft Corporation, Terminal Server Driver)
    0xB80E8000 disk.sys 36864 bytes (Microsoft Corporation, PnP Disk Driver)
    0xAF8A0000 C:\WINDOWS\System32\Drivers\Fips.SYS 36864 bytes (Microsoft Corporation, FIPS Crypto Driver)
    0xB781F000 C:\WINDOWS\system32\DRIVERS\HIDCLASS.SYS 36864 bytes (Microsoft Corporation, Hid Class Library)
    0xB8198000 C:\WINDOWS\system32\DRIVERS\intelppm.sys 36864 bytes (Microsoft Corporation, Processor Device Driver)
    0xB80A8000 isapnp.sys 36864 bytes (Microsoft Corporation, PNP ISA Bus Driver)
    0xB8258000 C:\WINDOWS\system32\DRIVERS\msgpc.sys 36864 bytes (Microsoft Corporation, MS General Packet Classifier)
    0xAF8C0000 C:\WINDOWS\system32\DRIVERS\netbios.sys 36864 bytes (Microsoft Corporation, NetBIOS interface driver)
    0xADA5D000 C:\WINDOWS\System32\Drivers\Normandy.SYS 36864 bytes (RKU Driver)
    0xB80F8000 PxHelp20.sys 36864 bytes (Sonic Solutions, Px Engine Device Driver for Windows 2000/XP)
    0xAFD11000 C:\WINDOWS\system32\DRIVERS\wanarp.sys 36864 bytes (Microsoft Corporation, MS Remote Access and Routing ARP Driver)
    0xB84A0000 C:\WINDOWS\System32\drivers\ctprxy2k.sys 32768 bytes (Creative Technology Ltd, Creative Proxy Device Driver (WDM))
    0xB8488000 C:\WINDOWS\System32\Drivers\Npfs.SYS 32768 bytes (Microsoft Corporation, NPFS Driver)
    0xB83B8000 C:\WINDOWS\system32\DRIVERS\usbccgp.sys 32768 bytes (Microsoft Corporation, USB Common Class Generic Parent Driver)
    0xB8378000 C:\WINDOWS\System32\DLA\DLABMFSM.SYS 28672 bytes (Roxio, Drive Letter Access Component)
    0xB8478000 C:\WINDOWS\System32\DLA\DLABOIOM.SYS 28672 bytes (Roxio, Drive Letter Access Component)
    0xB8340000 C:\WINDOWS\system32\DRIVERS\HIDPARSE.SYS 28672 bytes (Microsoft Corporation, Hid Parsing Library)
    0xADFFA000 C:\DOCUME~1\Vincent\LOCALS~1\Temp\mbr.sys 28672 bytes
    0xB8328000 C:\WINDOWS\system32\DRIVERS\PCIIDEX.SYS 28672 bytes (Microsoft Corporation, PCI IDE Bus Driver Extension)
    0xB8440000 C:\WINDOWS\system32\DRIVERS\usbehci.sys 28672 bytes (Microsoft Corporation, EHCI eUSB Miniport Driver)
    0xB83D0000 C:\WINDOWS\system32\DRIVERS\usbprint.sys 28672 bytes (Microsoft Corporation, USB Printer driver)
    0xB83A0000 C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS 28672 bytes (Microsoft Corporation, USB Mass Storage Class Driver)
    0xB8408000 C:\WINDOWS\System32\Drivers\DLARTL_M.SYS 24576 bytes (Roxio, Shared Driver Component)
    0xB8468000 C:\WINDOWS\system32\DRIVERS\GEARAspiWDM.sys 24576 bytes (GEAR Software Inc., CD DVD Filter)
    0xB83E0000 C:\WINDOWS\system32\DRIVERS\HPZius12.sys 24576 bytes (HP, 1284.4<->Usb Datalink Driver (Windows 2000))
    0xB8420000 C:\WINDOWS\system32\DRIVERS\kbdclass.sys 24576 bytes (Microsoft Corporation, Keyboard Class Driver)
    0xB8388000 C:\WINDOWS\system32\DRIVERS\mouclass.sys 24576 bytes (Microsoft Corporation, Mouse Class Driver)
    0xB8410000 C:\WINDOWS\System32\drivers\vga.sys 24576 bytes (Microsoft Corporation, VGA/Super VGA Video Driver)
    0xB8398000 C:\WINDOWS\System32\DLA\DLAOPIOM.SYS 20480 bytes (Roxio, Drive Letter Access Component)
    0xB8458000 C:\WINDOWS\System32\Drivers\Msfs.SYS 20480 bytes (Microsoft Corporation, Mailslot driver)
    0xB8330000 PartMgr.sys 20480 bytes (Microsoft Corporation, Partition Manager)
    0xB83C8000 C:\WINDOWS\system32\DRIVERS\ptilink.sys 20480 bytes (Parallel Technologies, Inc., Parallel Technologies DirectParallel IO Library)
    0xB8380000 C:\WINDOWS\system32\DRIVERS\raspti.sys 20480 bytes (Microsoft Corporation, PTI DirectParallel(R) mini-port/call-manager driver)
    0xB8368000 C:\WINDOWS\system32\DRIVERS\TDI.SYS 20480 bytes (Microsoft Corporation, TDI Wrapper)
    0xB8430000 C:\WINDOWS\system32\DRIVERS\usbohci.sys 20480 bytes (Microsoft Corporation, OHCI USB Miniport Driver)
    0xB8460000 C:\WINDOWS\System32\watchdog.sys 20480 bytes (Microsoft Corporation, Watchdog Driver)
    0xAF838000 C:\WINDOWS\SYSTEM32\DRIVERS\APPDRV.SYS 16384 bytes (Dell Inc, App Support Driver)
    0xAFC79000 C:\WINDOWS\system32\DRIVERS\HPZipr12.sys 16384 bytes (HP, IEEE-1284.4-1999 Print Class Driver)
    0xB7CAD000 C:\WINDOWS\system32\DRIVERS\mssmbios.sys 16384 bytes (Microsoft Corporation, System Management BIOS Driver)
    0xAE853000 C:\WINDOWS\system32\DRIVERS\ndisuio.sys 16384 bytes (Microsoft Corporation, NDIS User mode I/O Driver)
    0xB5DC9000 C:\WINDOWS\system32\DRIVERS\usbscan.sys 16384 bytes (Microsoft Corporation, USB Scanner Driver)
    0xB84B8000 C:\WINDOWS\system32\BOOTVID.dll 12288 bytes (Microsoft Corporation, VGA Boot Driver)
    0xB53EE000 C:\WINDOWS\System32\drivers\Dxapi.sys 12288 bytes (Microsoft Corporation, DirectX API Driver)
    0xB7CC5000 C:\WINDOWS\system32\DRIVERS\gameenum.sys 12288 bytes (Microsoft Corporation, Game Port Enumerator)
    0xB53FA000 C:\WINDOWS\system32\DRIVERS\hidusb.sys 12288 bytes (Microsoft Corporation, USB Miniport Driver for Input Devices)
    0xB5DE5000 C:\WINDOWS\system32\DRIVERS\mouhid.sys 12288 bytes (Microsoft Corporation, HID Mouse Filter Driver)
    0xB7924000 C:\WINDOWS\system32\DRIVERS\ndistapi.sys 12288 bytes (Microsoft Corporation, NDIS 3.0 connection wrapper driver)
    0xAFC3D000 C:\WINDOWS\system32\DRIVERS\rasacd.sys 12288 bytes (Microsoft Corporation, RAS Automatic Connection Driver)
    0xB5DD5000 C:\WINDOWS\system32\DRIVERS\wdcsam.sys 12288 bytes (Western Digital Technologies, WD SCSI Architecture Model (SAM) driver)
    0xB7CC1000 C:\WINDOWS\system32\DRIVERS\wmiacpi.sys 12288 bytes (Microsoft Corporation, Windows Management Interface for ACPI)
    0xB8640000 C:\WINDOWS\System32\Drivers\Beep.SYS 8192 bytes (Microsoft Corporation, BEEP Driver)
    0xB85F8000 C:\WINDOWS\System32\Drivers\DLACDBHM.SYS 8192 bytes (Roxio, Shared Driver Component)
    0xB8620000 C:\WINDOWS\System32\DLA\DLAPoolM.SYS 8192 bytes (Roxio, Drive Letter Access Component)
    0xB85AC000 dmload.sys 8192 bytes (Microsoft Corp., Veritas Software., NT Disk Manager Startup Driver)
    0xB862E000 C:\WINDOWS\system32\DRIVERS\dsunidrv.sys 8192 bytes (Gteko Ltd., GUniDriver)
    0xB863E000 C:\WINDOWS\System32\Drivers\Fs_Rec.SYS 8192 bytes (Microsoft Corporation, File System Recognizer Driver)
    0xB864A000 C:\WINDOWS\System32\Drivers\i2omgmt.SYS 8192 bytes (Microsoft Corporation, I2O Utility Filter)
    0xB85A8000 C:\WINDOWS\system32\KDCOM.DLL 8192 bytes (Microsoft Corporation, Kernel Debugger HW Extension DLL)
    0xB8642000 C:\WINDOWS\System32\Drivers\mnmdd.SYS 8192 bytes (Microsoft Corporation, Frame buffer simulator)
    0xB8634000 C:\WINDOWS\System32\DRIVERS\RDPCDD.sys 8192 bytes (Microsoft Corporation, RDP Miniport)
    0xB8606000 C:\WINDOWS\system32\DRIVERS\swenum.sys 8192 bytes (Microsoft Corporation, Plug and Play Software Device Enumerator)
    0xB865C000 C:\WINDOWS\system32\DRIVERS\USBD.SYS 8192 bytes (Microsoft Corporation, Universal Serial Bus Driver)
    0xB85AA000 C:\WINDOWS\system32\DRIVERS\WMILIB.SYS 8192 bytes (Microsoft Corporation, WMILIB WMI support library Dll)
    0xB86D8000 C:\WINDOWS\system32\DRIVERS\audstub.sys 4096 bytes (Microsoft Corporation, AudStub Driver)
    0xB8754000 C:\WINDOWS\System32\DLA\DLADResM.SYS 4096 bytes (Roxio, Drive Letter Access Component)
    0xB8793000 C:\WINDOWS\System32\drivers\dxgthk.sys 4096 bytes (Microsoft Corporation, DirectX Graphics Driver Thunk)
    0xB8742000 C:\WINDOWS\System32\Drivers\Null.SYS 4096 bytes (Microsoft Corporation, NULL Driver)
    0xB8670000 pciide.sys 4096 bytes (Microsoft Corporation, Generic PCI IDE Bus Driver)
    0x8A61E8BA unknown_irp_handler 1862 bytes
    ==============================================
    >Stealth
    ==============================================
    0xB7EA7000 WARNING: Virus alike driver modification [nvatabus.sys], 106496 bytes
    0x00CE0000 Hidden Image-->System.Runtime.Remoting.dll [ EPROCESS 0x88E70DA0 ] PID: 2232, 307200 bytes
    0x009E0000 Hidden Image-->MemeoRemoteCore.dll [ EPROCESS 0x88E70DA0 ] PID: 2232, 36864 bytes
    WARNING: File locked for read access [C:\WINDOWS\system32\drivers\nvatabus.sys]
     
  6. Broni

    Broni Malware Annihilator Posts: 47,037   +255

    Please download ComboFix from Here or Here to your Desktop.

    **Note: In the event you already have Combofix, this is a new version that I need you to download. It is important that it is saved directly to your desktop**
    1. Please, never rename Combofix unless instructed.
    2. Close any open browsers.
    3. Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.
      • Very Important! Temporarily disable your anti-virus, script blocking and any anti-malware real-time protection before performing a scan. They can interfere with ComboFix or remove some of its embedded files which may cause "unpredictable results".
      • Click on this link to see a list of programs that should be disabled. The list is not all inclusive. If yours is not listed and you don't know how to disable it, please ask.
      NOTE1. If Combofix asks you to install Recovery Console, please allow it.
      NOTE 2. If Combofix asks you to update the program, always do so.
      • Close any open browsers.
      • WARNING: Combofix will disconnect your machine from the Internet as soon as it starts
      • Please do not attempt to re-connect your machine back to the Internet until Combofix has completely finished.
      • If there is no internet connection after running Combofix, then restart your computer to restore back your connection.
    4. Double click on combofix.exe & follow the prompts.
    5. When finished, it will produce a report for you.
    6. Please post the "C:\ComboFix.txt"
    **Note 1: Do not mouseclick combofix's window while it's running. That may cause it to stall
    **Note 2 for AVG users: ComboFix will not run until AVG is uninstalled as a protective measure against the anti-virus. This is because AVG "falsely" detects ComboFix (or its embedded files) as a threat and may remove them resulting in the tool not working correctly which in turn can cause "unpredictable results". Since AVG cannot be effectively disabled before running ComboFix, the author recommends you to uninstall AVG first.
    Use AppRemover to uninstall it: http://www.appremover.com/
    We can reinstall it when we're done with CF.
    **Note 3: If you receive an error "Illegal operation attempted on a registery key that has been marked for deletion", restart computer to fix the issue.



    Make sure, you re-enable your security programs, when you're done with Combofix.

    ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

    NOTE.
    If, for some reason, Combofix refuses to run, try one of the following:

    1. Run Combofix from Safe Mode.

    2. Delete Combofix file, download fresh one, but rename combofix.exe to yourname.exe BEFORE saving it to your desktop.
    Do NOT run it yet.

    Please download and run the below tool named Rkill (courtesy of BleepingComputer.com) which may help allow other programs to run.

    There are 4 different versions. If one of them won't run then download and try to run the other one.

    Vista and Win7 users need to right click Rkill and choose Run as Administrator

    You only need to get one of these to run, not all of them. You may get warnings from your antivirus about this tool, ignore them or shutdown your antivirus.

    Rkill.com
    Rkill.scr
    Rkill.exe

    • Double-click on the Rkill desktop icon to run the tool.
    • If using Vista or Windows 7 right-click on it and choose Run As Administrator.
    • A black DOS box will briefly flash and then disappear. This is normal and indicates the tool ran successfully.
    • If not, delete the file, then download and use the one provided in Link 2.
    • If it does not work, repeat the process and attempt to use one of the remaining links until the tool runs.
    • Do not reboot until instructed.
    • If the tool does not run from any of the links provided, please let me know.

    Once you've gotten one of them to run, immediately run your_name.exe by double clicking on it.

    If normal mode still doesn't work, run BOTH tools from safe mode.

    In case #2, please post BOTH logs, rKill and Combofix.

    DO NOT make any other changes to your computer (like installing programs, using other cleaning tools, etc.), until it's officially declared clean!!!
     
  7. KriegSohn

    KriegSohn TS Rookie Topic Starter Posts: 18

    A problem has been detected and Windows has been shut down to prevent any damage to your computer.

    Plug and Play detected an error most likely caused by a faulty driver.

    [...]

    Technical information

    *** STOP: 0x000000CA (0x00000004,0x88609DF0,0x00000000,0x00000000)

    Tried rebooting in Safe Mode... but got that "¬ ?" blue screen.

    ComboFix failed around "Completed Stage 20" ish... (I wasn't looking when it failed, but it completed stage 15+. Windows Recovery was installed properly. I cannot find any ComboFix.txt in C:\.

    Thanks
     
  8. KriegSohn

    KriegSohn TS Rookie Topic Starter Posts: 18

    Oh... precision in the Safe Mode blue screen. It crashes at drivers\Mup.sys.
     
  9. Broni

    Broni Malware Annihilator Posts: 47,037   +255

    Are you saying, that you can't boot your computer in any mode now?
     
  10. KriegSohn

    KriegSohn TS Rookie Topic Starter Posts: 18

    I can boot in normal mode... takes about 5 minutes to boot.
    That problem was already there before we started. As soon as I try safemode, it fails. And XP Recovery CD too gives a blue screen after the drivers have been loaded.
     
  11. Broni

    Broni Malware Annihilator Posts: 47,037   +255

    Download TDSSKiller and save it to your desktop.
    • Extract (unzip) its contents to your desktop.
    • Open the TDSSKiller folder and doubleclick on TDSSKiller.exe to run the application, then on Start Scan.
    • If an infected file is detected, the default action will be Cure, click on Continue.
    • If a suspicious file is detected, the default action will be Skip, click on Continue.
    • It may ask you to reboot the computer to complete the process. Click on Reboot Now.
    • If no reboot is require, click on Report. A log file should appear. Please copy and paste the contents of that file here.
    • If a reboot is required, the report can also be found in your root directory (usually C:\ folder) in the form of TDSSKiller_xxxx_log.txt. Please copy and paste the contents of that file here.
     
     
  12. KriegSohn

    KriegSohn TS Rookie Topic Starter Posts: 18

    Ok... TDSSKiller has found the nvatabus.sys so continued, and reboot. Now I am on another computer since I can't click on anything on my PC Desktop. Basically it seems that the desktop kind of froze. Even the animation when hovering over a quick launch icon doesn't work. Is that normal? The only thing that works (with keyboard and mouse) is ctrl-alt-del.
     
  13. Broni

    Broni Malware Annihilator Posts: 47,037   +255

    Shut it down.
    Wait 1 minute.
    Restart.
    See, if it helped.
     
  14. KriegSohn

    KriegSohn TS Rookie Topic Starter Posts: 18

    Ok, that's what I wanted to do, but wanted to have your GO.
    So I am back with good news it seems (still took 5 min to boot though, if that's related).

    2011/05/27 22:22:26.0250 3372 TDSS rootkit removing tool 2.5.3.0 May 25 2011 07:09:24
    2011/05/27 22:22:26.0875 3372 ================================================================================
    2011/05/27 22:22:26.0875 3372 SystemInfo:
    2011/05/27 22:22:26.0875 3372
    2011/05/27 22:22:26.0875 3372 OS Version: 5.1.2600 ServicePack: 2.0
    2011/05/27 22:22:26.0875 3372 Product type: Workstation
    2011/05/27 22:22:26.0875 3372 ComputerName: VINCENT
    2011/05/27 22:22:26.0875 3372 UserName: Vincent
    2011/05/27 22:22:26.0875 3372 Windows directory: C:\WINDOWS
    2011/05/27 22:22:26.0875 3372 System windows directory: C:\WINDOWS
    2011/05/27 22:22:26.0875 3372 Processor architecture: Intel x86
    2011/05/27 22:22:26.0875 3372 Number of processors: 2
    2011/05/27 22:22:26.0875 3372 Page size: 0x1000
    2011/05/27 22:22:26.0875 3372 Boot type: Normal boot
    2011/05/27 22:22:26.0875 3372 ================================================================================
    2011/05/27 22:22:27.0968 3372 !crdlk
    2011/05/27 22:22:28.0484 3372 Initialize success
    2011/05/27 22:22:49.0109 2156 ================================================================================
    2011/05/27 22:22:49.0109 2156 Scan started
    2011/05/27 22:22:49.0109 2156 Mode: Manual;
    2011/05/27 22:22:49.0109 2156 ================================================================================
    2011/05/27 22:22:49.0359 2156 abp480n5 (6abb91494fe6c59089b9336452ab2ea3) C:\WINDOWS\system32\DRIVERS\ABP480N5.SYS
    2011/05/27 22:22:49.0437 2156 ACPI (a10c7534f7223f4a73a948967d00e69b) C:\WINDOWS\system32\DRIVERS\ACPI.sys
    2011/05/27 22:22:49.0515 2156 ACPIEC (9859c0f6936e723e4892d7141b1327d5) C:\WINDOWS\system32\drivers\ACPIEC.sys
    2011/05/27 22:22:49.0609 2156 adpu160m (9a11864873da202c996558b2106b0bbc) C:\WINDOWS\system32\DRIVERS\adpu160m.sys
    2011/05/27 22:22:49.0734 2156 aec (1ee7b434ba961ef845de136224c30fec) C:\WINDOWS\system32\drivers\aec.sys
    2011/05/27 22:22:49.0812 2156 AFD (55e6e1c51b6d30e54335750955453702) C:\WINDOWS\System32\drivers\afd.sys
    2011/05/27 22:22:49.0859 2156 agp440 (2c428fa0c3e3a01ed93c9b2a27d8d4bb) C:\WINDOWS\system32\DRIVERS\agp440.sys
    2011/05/27 22:22:49.0906 2156 agpCPQ (67288b07d6aba6c1267b626e67bc56fd) C:\WINDOWS\system32\DRIVERS\agpCPQ.sys
    2011/05/27 22:22:49.0984 2156 Aha154x (c23ea9b5f46c7f7910db3eab648ff013) C:\WINDOWS\system32\DRIVERS\aha154x.sys
    2011/05/27 22:22:50.0062 2156 aic78u2 (19dd0fb48b0c18892f70e2e7d61a1529) C:\WINDOWS\system32\DRIVERS\aic78u2.sys
    2011/05/27 22:22:50.0093 2156 aic78xx (b7fe594a7468aa0132deb03fb8e34326) C:\WINDOWS\system32\DRIVERS\aic78xx.sys
    2011/05/27 22:22:50.0125 2156 AliIde (1140ab9938809700b46bb88e46d72a96) C:\WINDOWS\system32\DRIVERS\aliide.sys
    2011/05/27 22:22:50.0187 2156 alim1541 (f312b7cef21eff52fa23056b9d815fad) C:\WINDOWS\system32\DRIVERS\alim1541.sys
    2011/05/27 22:22:50.0250 2156 amdagp (675c16a3c1f8482f85ee4a97fc0dde3d) C:\WINDOWS\system32\DRIVERS\amdagp.sys
    2011/05/27 22:22:50.0343 2156 amsint (79f5add8d24bd6893f2903a3e2f3fad6) C:\WINDOWS\system32\DRIVERS\amsint.sys
    2011/05/27 22:22:50.0437 2156 APPDRV (ec94e05b76d033b74394e7b2175103cf) C:\WINDOWS\SYSTEM32\DRIVERS\APPDRV.SYS
    2011/05/27 22:22:50.0515 2156 Arp1394 (f0d692b0bffb46e30eb3cea168bbc49f) C:\WINDOWS\system32\DRIVERS\arp1394.sys
    2011/05/27 22:22:50.0625 2156 asc (62d318e9a0c8fc9b780008e724283707) C:\WINDOWS\system32\DRIVERS\asc.sys
    2011/05/27 22:22:50.0734 2156 asc3350p (69eb0cc7714b32896ccbfd5edcbea447) C:\WINDOWS\system32\DRIVERS\asc3350p.sys
    2011/05/27 22:22:50.0812 2156 asc3550 (5d8de112aa0254b907861e9e9c31d597) C:\WINDOWS\system32\DRIVERS\asc3550.sys
    2011/05/27 22:22:50.0906 2156 AsyncMac (02000abf34af4c218c35d257024807d6) C:\WINDOWS\system32\DRIVERS\asyncmac.sys
    2011/05/27 22:22:50.0953 2156 atapi (cdfe4411a69c224bd1d11b2da92dac51) C:\WINDOWS\system32\DRIVERS\atapi.sys
    2011/05/27 22:22:51.0015 2156 athena (22910f4def0ac92b90d89884fa6407eb) C:\WINDOWS\system32\DRIVERS\athena.sys
    2011/05/27 22:22:51.0078 2156 Atmarpc (ec88da854ab7d7752ec8be11a741bb7f) C:\WINDOWS\system32\DRIVERS\atmarpc.sys
    2011/05/27 22:22:51.0156 2156 audstub (d9f724aa26c010a217c97606b160ed68) C:\WINDOWS\system32\DRIVERS\audstub.sys
    2011/05/27 22:22:51.0187 2156 b57w2k (f96038aa1ec4013a93d2420fc689d1e9) C:\WINDOWS\system32\DRIVERS\b57xp32.sys
    2011/05/27 22:22:51.0265 2156 Beep (da1f27d85e0d1525f6621372e7b685e9) C:\WINDOWS\system32\drivers\Beep.sys
    2011/05/27 22:22:51.0593 2156 BHDrvx86 (925a191c8c06124426c63ceb2ea93085) C:\Documents and Settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_4.1.0.32\Definitions\BASHDefs\20110518.001\BHDrvx86.sys
    2011/05/27 22:22:51.0843 2156 cbidf (90a673fc8e12a79afbed2576f6a7aaf9) C:\WINDOWS\system32\DRIVERS\cbidf2k.sys
    2011/05/27 22:22:51.0906 2156 cbidf2k (90a673fc8e12a79afbed2576f6a7aaf9) C:\WINDOWS\system32\drivers\cbidf2k.sys
    2011/05/27 22:22:51.0984 2156 ccHP (e941e709847fa00e0dd6d58d2b8fb5e1) C:\WINDOWS\system32\drivers\N360\0403000.005\ccHPx86.sys
    2011/05/27 22:22:52.0078 2156 cd20xrnt (f3ec03299634490e97bbce94cd2954c7) C:\WINDOWS\system32\DRIVERS\cd20xrnt.sys
    2011/05/27 22:22:52.0109 2156 Cdaudio (c1b486a7658353d33a10cc15211a873b) C:\WINDOWS\system32\drivers\Cdaudio.sys
    2011/05/27 22:22:52.0187 2156 Cdfs (cd7d5152df32b47f4e36f710b35aae02) C:\WINDOWS\system32\drivers\Cdfs.sys
    2011/05/27 22:22:52.0218 2156 Cdrom (af9c19b3100fe010496b1a27181fbf72) C:\WINDOWS\system32\DRIVERS\cdrom.sys
    2011/05/27 22:22:52.0312 2156 CmdIde (e5dcb56c533014ecbc556a8357c929d5) C:\WINDOWS\system32\DRIVERS\cmdide.sys
    2011/05/27 22:22:52.0375 2156 COMMONFX (12a4291c1853ad2d857a49940e02c597) C:\WINDOWS\system32\drivers\COMMONFX.SYS
    2011/05/27 22:22:52.0468 2156 COMMONFX.DLL (1ef05b641e9a67ded74ac8ad40055dbf) C:\WINDOWS\system32\COMMONFX.DLL
    2011/05/27 22:22:52.0578 2156 Cpqarray (3ee529119eed34cd212a215e8c40d4b6) C:\WINDOWS\system32\DRIVERS\cpqarray.sys
    2011/05/27 22:22:52.0656 2156 CT20XUT.DLL (6191a973461852a09d643609e1d5f7c6) C:\WINDOWS\system32\CT20XUT.DLL
    2011/05/27 22:22:52.0734 2156 ctac32k (8ac5f77e30e37d2d11bd99eff0c53d8c) C:\WINDOWS\system32\drivers\ctac32k.sys
    2011/05/27 22:22:52.0828 2156 ctaud2k (673241d314e932f4890509ae8ebf26db) C:\WINDOWS\system32\drivers\ctaud2k.sys
    2011/05/27 22:22:52.0906 2156 CTAUDFX (97f388eb52f19e149f9cdab405c53fa7) C:\WINDOWS\system32\drivers\CTAUDFX.SYS
    2011/05/27 22:22:53.0000 2156 CTAUDFX.DLL (472b82d7e549e7fab428852e4d16f21d) C:\WINDOWS\system32\CTAUDFX.DLL
    2011/05/27 22:22:53.0046 2156 ctdvda2k (ed316d4c3d39c5b6c23de067e275c183) C:\WINDOWS\system32\drivers\ctdvda2k.sys
    2011/05/27 22:22:53.0078 2156 CTEAPSFX.DLL (6a57f82009563aee8826f117e1d3c72c) C:\WINDOWS\system32\CTEAPSFX.DLL
    2011/05/27 22:22:53.0109 2156 CTEDSPFX.DLL (c8ac1ffaeadd655193d7b1811a572d8d) C:\WINDOWS\system32\CTEDSPFX.DLL
    2011/05/27 22:22:53.0171 2156 CTEDSPIO.DLL (44495d9daf675257d00b25b041ee6667) C:\WINDOWS\system32\CTEDSPIO.DLL
    2011/05/27 22:22:53.0218 2156 CTEDSPSY.DLL (8e90b1762cb42e2fc76dac9210c83c66) C:\WINDOWS\system32\CTEDSPSY.DLL
    2011/05/27 22:22:53.0250 2156 CTERFXFX (547f1e690a5994091665a1fcd2bfc091) C:\WINDOWS\system32\drivers\CTERFXFX.SYS
    2011/05/27 22:22:53.0312 2156 CTERFXFX.DLL (d3fbd9983325435b06795f29cb57ed3d) C:\WINDOWS\system32\CTERFXFX.DLL
    2011/05/27 22:22:53.0359 2156 CTEXFIFX.DLL (2c48e9d8ca703964463f27ae341115b7) C:\WINDOWS\system32\CTEXFIFX.DLL
    2011/05/27 22:22:53.0453 2156 CTHWIUT.DLL (f7657c598e7c29c6683c1e4a8dd68884) C:\WINDOWS\system32\CTHWIUT.DLL
    2011/05/27 22:22:53.0484 2156 ctprxy2k (34e7f8a499fd8361df14fedb724c0ad3) C:\WINDOWS\system32\drivers\ctprxy2k.sys
    2011/05/27 22:22:53.0546 2156 CTSBLFX (b40b38463c9747f5614bd8982d212dae) C:\WINDOWS\system32\drivers\CTSBLFX.SYS
    2011/05/27 22:22:53.0656 2156 CTSBLFX.DLL (679ae21eb7f48a08184813aebabdec7c) C:\WINDOWS\system32\CTSBLFX.DLL
    2011/05/27 22:22:53.0687 2156 ctsfm2k (32098497cb4dfe9ea7660fa62dd91060) C:\WINDOWS\system32\drivers\ctsfm2k.sys
    2011/05/27 22:22:53.0765 2156 dac2w2k (e550e7418984b65a78299d248f0a7f36) C:\WINDOWS\system32\DRIVERS\dac2w2k.sys
    2011/05/27 22:22:53.0828 2156 dac960nt (683789caa3864eb46125ae86ff677d34) C:\WINDOWS\system32\DRIVERS\dac960nt.sys
    2011/05/27 22:22:53.0890 2156 Disk (00ca44e4534865f8a3b64f7c0984bff0) C:\WINDOWS\system32\DRIVERS\disk.sys
    2011/05/27 22:22:53.0953 2156 DLABMFSM (0659e6e0a95564f958d9df7313f7701e) C:\WINDOWS\system32\DLA\DLABMFSM.SYS
    2011/05/27 22:22:53.0968 2156 DLABOIOM (8691c78908f0bd66170669db268369f2) C:\WINDOWS\system32\DLA\DLABOIOM.SYS
    2011/05/27 22:22:53.0984 2156 DLACDBHM (76167b5eb2dffc729edc36386876b40b) C:\WINDOWS\system32\Drivers\DLACDBHM.SYS
    2011/05/27 22:22:54.0015 2156 DLADResM (5615744a1056933b90e6ac54feb86f35) C:\WINDOWS\system32\DLA\DLADResM.SYS
    2011/05/27 22:22:54.0031 2156 DLAIFS_M (1aeca2afa5005ce4a550cf8eb55a8c88) C:\WINDOWS\system32\DLA\DLAIFS_M.SYS
    2011/05/27 22:22:54.0046 2156 DLAOPIOM (840e7f6abb885c72b9ffddb022ef5b6d) C:\WINDOWS\system32\DLA\DLAOPIOM.SYS
    2011/05/27 22:22:54.0046 2156 DLAPoolM (0294d18731ac05da80132ce88f8a876b) C:\WINDOWS\system32\DLA\DLAPoolM.SYS
    2011/05/27 22:22:54.0062 2156 DLARTL_M (91886fed52a3f9966207bce46cfd794f) C:\WINDOWS\system32\Drivers\DLARTL_M.SYS
    2011/05/27 22:22:54.0062 2156 DLAUDFAM (cca4e121d599d7d1706a30f603731e59) C:\WINDOWS\system32\DLA\DLAUDFAM.SYS
    2011/05/27 22:22:54.0078 2156 DLAUDF_M (7dab85c33135df24419951da4e7d38e5) C:\WINDOWS\system32\DLA\DLAUDF_M.SYS
    2011/05/27 22:22:54.0109 2156 dmboot (c0fbb516e06e243f0cf31f597e7ebf7d) C:\WINDOWS\system32\drivers\dmboot.sys
    2011/05/27 22:22:54.0171 2156 dmio (f5e7b358a732d09f4bcf2824b88b9e28) C:\WINDOWS\system32\drivers\dmio.sys
    2011/05/27 22:22:54.0171 2156 dmload (e9317282a63ca4d188c0df5e09c6ac5f) C:\WINDOWS\system32\drivers\dmload.sys
    2011/05/27 22:22:54.0218 2156 DMusic (a6f881284ac1150e37d9ae47ff601267) C:\WINDOWS\system32\drivers\DMusic.sys
    2011/05/27 22:22:54.0296 2156 dpti2o (40f3b93b4e5b0126f2f5c0a7a5e22660) C:\WINDOWS\system32\DRIVERS\dpti2o.sys
    2011/05/27 22:22:54.0328 2156 drmkaud (1ed4dbbae9f5d558dbba4cc450e3eb2e) C:\WINDOWS\system32\drivers\drmkaud.sys
    2011/05/27 22:22:54.0359 2156 DRVMCDB (c00440385cf9f3d142917c63f989e244) C:\WINDOWS\system32\Drivers\DRVMCDB.SYS
    2011/05/27 22:22:54.0375 2156 DRVNDDM (6e6ab29d3c06e64ce81feacda85394b5) C:\WINDOWS\system32\Drivers\DRVNDDM.SYS
    2011/05/27 22:22:54.0468 2156 DSproct (413f2d5f9d802688242c23b38f767ecb) C:\Program Files\DellSupport\GTAction\triggers\DSproct.sys
    2011/05/27 22:22:54.0515 2156 dsunidrv (dfeabb7cfffadea4a912ab95bdc3177a) C:\WINDOWS\system32\DRIVERS\dsunidrv.sys
    2011/05/27 22:22:54.0562 2156 dwusbdnt (732ab6d2fc7f2afebc4a9d2750655b7f) C:\WINDOWS\system32\DRIVERS\dwusbdnt.sys
    2011/05/27 22:22:54.0640 2156 E100B (3fca03cbca11269f973b70fa483c88ef) C:\WINDOWS\system32\DRIVERS\e100b325.sys
    2011/05/27 22:22:54.0750 2156 eeCtrl (5461f01b7def17dc90d90b029f874c3b) C:\Program Files\Common Files\Symantec Shared\EENGINE\eeCtrl.sys
    2011/05/27 22:22:54.0859 2156 emupia (2885f72d2daffd0329272f12e16d6579) C:\WINDOWS\system32\drivers\emupia2k.sys
    2011/05/27 22:22:54.0906 2156 EraserUtilRebootDrv (17fcc372d03ba39f3aee85198c0ec594) C:\Program Files\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys
    2011/05/27 22:22:54.0968 2156 Fastfat (3117f595e9615e04f05a54fc15a03b20) C:\WINDOWS\system32\drivers\Fastfat.sys
    2011/05/27 22:22:55.0046 2156 Fdc (ced2e8396a8838e59d8fd529c680e02c) C:\WINDOWS\system32\DRIVERS\fdc.sys
    2011/05/27 22:22:55.0093 2156 Fips (e153ab8a11de5452bcf5ac7652dbf3ed) C:\WINDOWS\system32\drivers\Fips.sys
    2011/05/27 22:22:55.0125 2156 Flpydisk (0dd1de43115b93f4d85e889d7a86f548) C:\WINDOWS\system32\DRIVERS\flpydisk.sys
    2011/05/27 22:22:55.0171 2156 FltMgr (3d234fb6d6ee875eb009864a299bea29) C:\WINDOWS\system32\DRIVERS\fltMgr.sys
    2011/05/27 22:22:55.0250 2156 Fs_Rec (3e1e2bd4f39b0e2b7dc4f4d2bcc2779a) C:\WINDOWS\system32\drivers\Fs_Rec.sys
    2011/05/27 22:22:55.0296 2156 Ftdisk (6ac26732762483366c3969c9e4d2259d) C:\WINDOWS\system32\DRIVERS\ftdisk.sys
    2011/05/27 22:22:55.0343 2156 gameenum (5f92fd09e5610a5995da7d775eadcd12) C:\WINDOWS\system32\DRIVERS\gameenum.sys
    2011/05/27 22:22:55.0406 2156 GEARAspiWDM (8182ff89c65e4d38b2de4bb0fb18564e) C:\WINDOWS\system32\DRIVERS\GEARAspiWDM.sys
    2011/05/27 22:22:55.0468 2156 Gpc (c0f1d4a21de5a415df8170616703debf) C:\WINDOWS\system32\DRIVERS\msgpc.sys
    2011/05/27 22:22:55.0531 2156 ha10kx2k (da2c735b66d2e7b739f9a46146581a9d) C:\WINDOWS\system32\drivers\ha10kx2k.sys
    2011/05/27 22:22:55.0562 2156 hap16v2k (5c7d6d68796e4621b4168c879908dae0) C:\WINDOWS\system32\drivers\hap16v2k.sys
    2011/05/27 22:22:55.0593 2156 hap17v2k (a595b88ad16d8b5693ddf08113caf30e) C:\WINDOWS\system32\drivers\hap17v2k.sys
    2011/05/27 22:22:55.0640 2156 HDAudBus (e31363d186b3e1d7c4e9117884a6aee5) C:\WINDOWS\system32\DRIVERS\HDAudBus.sys
    2011/05/27 22:22:55.0687 2156 hidgame (923ee4eef2582909a056904ca8026015) C:\WINDOWS\system32\DRIVERS\hidgame.sys
    2011/05/27 22:22:55.0750 2156 HidUsb (1de6783b918f540149aa69943bdfeba8) C:\WINDOWS\system32\DRIVERS\hidusb.sys
    2011/05/27 22:22:55.0828 2156 hpn (b028377dea0546a5fcfba928a8aefae0) C:\WINDOWS\system32\DRIVERS\hpn.sys
    2011/05/27 22:22:55.0890 2156 HPZid412 (d03d10f7ded688fecf50f8fbf1ea9b8a) C:\WINDOWS\system32\DRIVERS\HPZid412.sys
    2011/05/27 22:22:55.0953 2156 HPZipr12 (89f41658929393487b6b7d13c8528ce3) C:\WINDOWS\system32\DRIVERS\HPZipr12.sys
    2011/05/27 22:22:55.0984 2156 HPZius12 (abcb05ccdbf03000354b9553820e39f8) C:\WINDOWS\system32\DRIVERS\HPZius12.sys
    2011/05/27 22:22:56.0093 2156 HTTP (9f8b0f4276f618964fd118be4289b7cd) C:\WINDOWS\system32\Drivers\HTTP.sys
    2011/05/27 22:22:56.0109 2156 i2omgmt (8f09f91b5c91363b77bcd15599570f2c) C:\WINDOWS\system32\drivers\i2omgmt.sys
    2011/05/27 22:22:56.0140 2156 i2omp (ed6bf9e441fdea13292a6d30a64a24c3) C:\WINDOWS\system32\DRIVERS\i2omp.sys
    2011/05/27 22:22:56.0281 2156 i8042prt (5502b58eef7486ee6f93f3f164dcb808) C:\WINDOWS\system32\DRIVERS\i8042prt.sys
    2011/05/27 22:22:56.0656 2156 IDSxpx86 (50fa4c70534cf3b5c17ec83debe07afd) C:\Documents and Settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_4.1.0.32\Definitions\IPSDefs\20110527.001\IDSxpx86.sys
    2011/05/27 22:22:56.0765 2156 Imapi (f8aa320c6a0409c0380e5d8a99d76ec6) C:\WINDOWS\system32\DRIVERS\imapi.sys
    2011/05/27 22:22:56.0843 2156 ini910u (4a40e045faee58631fd8d91afc620719) C:\WINDOWS\system32\DRIVERS\ini910u.sys
    2011/05/27 22:22:56.0937 2156 IntelIde (2d722b2b54ab55b2fa475eb58d7b2aad) C:\WINDOWS\system32\DRIVERS\intelide.sys
    2011/05/27 22:22:57.0000 2156 intelppm (279fb78702454dff2bb445f238c048d2) C:\WINDOWS\system32\DRIVERS\intelppm.sys
    2011/05/27 22:22:57.0062 2156 Ip6Fw (4448006b6bc60e6c027932cfc38d6855) C:\WINDOWS\system32\DRIVERS\Ip6Fw.sys
    2011/05/27 22:22:57.0125 2156 IpFilterDriver (731f22ba402ee4b62748adaf6363c182) C:\WINDOWS\system32\DRIVERS\ipfltdrv.sys
    2011/05/27 22:22:57.0218 2156 IpInIp (e1ec7f5da720b640cd8fb8424f1b14bb) C:\WINDOWS\system32\DRIVERS\ipinip.sys
    2011/05/27 22:22:57.0312 2156 IpNat (e2168cbc7098ffe963c6f23f472a3593) C:\WINDOWS\system32\DRIVERS\ipnat.sys
    2011/05/27 22:22:57.0343 2156 IPSec (64537aa5c003a6afeee1df819062d0d1) C:\WINDOWS\system32\DRIVERS\ipsec.sys
    2011/05/27 22:22:57.0421 2156 IRENUM (50708daa1b1cbb7d6ac1cf8f56a24410) C:\WINDOWS\system32\DRIVERS\irenum.sys
    2011/05/27 22:22:57.0484 2156 isapnp (e504f706ccb699c2596e9a3da1596e87) C:\WINDOWS\system32\DRIVERS\isapnp.sys
    2011/05/27 22:22:57.0546 2156 Kbdclass (ebdee8a2ee5393890a1acee971c4c246) C:\WINDOWS\system32\DRIVERS\kbdclass.sys
    2011/05/27 22:22:57.0625 2156 kbdhid (e182fa8e49e8ee41b4adc53093f3c7e6) C:\WINDOWS\system32\DRIVERS\kbdhid.sys
    2011/05/27 22:22:57.0750 2156 kmixer (ba5deda4d934e6288c2f66caf58d2562) C:\WINDOWS\system32\drivers\kmixer.sys
    2011/05/27 22:22:57.0843 2156 KSecDD (1be7cc2535d760ae4d481576eb789f24) C:\WINDOWS\system32\drivers\KSecDD.sys
    2011/05/27 22:22:58.0015 2156 Lavasoft Kernexplorer (6c4a3804510ad8e0f0c07b5be3d44ddb) C:\Program Files\Lavasoft\Ad-Aware\KernExplorer.sys
    2011/05/27 22:22:58.0140 2156 libusb0 (e2f1dcf4a68cc6cf694fbfba1842f4cd) C:\WINDOWS\system32\drivers\libusb0.sys
    2011/05/27 22:22:58.0250 2156 mcdbus (af61a1c34e2d3f7543f9ccfc323170b8) C:\WINDOWS\system32\DRIVERS\mcdbus.sys
    2011/05/27 22:22:58.0343 2156 MHNDRV (7f2f1d2815a6449d346fcccbc569fbd6) C:\WINDOWS\system32\DRIVERS\mhndrv.sys
    2011/05/27 22:22:58.0406 2156 mnmdd (4ae068242760a1fb6e1a44bf4e16afa6) C:\WINDOWS\system32\drivers\mnmdd.sys
    2011/05/27 22:22:58.0484 2156 Modem (6fc6f9d7acc36dca9b914565a3aeda05) C:\WINDOWS\system32\drivers\Modem.sys
    2011/05/27 22:22:58.0578 2156 MotioninJoyXFilter (61448ba3cca3063541437694a5527af2) C:\WINDOWS\system32\DRIVERS\MijXfilt.sys
    2011/05/27 22:22:58.0671 2156 Mouclass (34e1f0031153e491910e12551400192c) C:\WINDOWS\system32\DRIVERS\mouclass.sys
    2011/05/27 22:22:58.0750 2156 mouhid (b1c303e17fb9d46e87a98e4ba6769685) C:\WINDOWS\system32\DRIVERS\mouhid.sys
    2011/05/27 22:22:58.0843 2156 MountMgr (65653f3b4477f3c63e68a9659f85ee2e) C:\WINDOWS\system32\drivers\MountMgr.sys
    2011/05/27 22:22:58.0921 2156 mraid35x (3f4bb95e5a44f3be34824e8e7caf0737) C:\WINDOWS\system32\DRIVERS\mraid35x.sys
    2011/05/27 22:22:59.0000 2156 MRxDAV (29414447eb5bde2f8397dc965dbb3156) C:\WINDOWS\system32\DRIVERS\mrxdav.sys
    2011/05/27 22:22:59.0125 2156 MRxSmb (fb6c89bb3ce282b08bdb1e3c179e1c39) C:\WINDOWS\system32\DRIVERS\mrxsmb.sys
    2011/05/27 22:22:59.0218 2156 Msfs (561b3a4333ca2dbdba28b5b956822519) C:\WINDOWS\system32\drivers\Msfs.sys
    2011/05/27 22:22:59.0281 2156 MSKSSRV (ae431a8dd3c1d0d0610cdbac16057ad0) C:\WINDOWS\system32\drivers\MSKSSRV.sys
    2011/05/27 22:22:59.0359 2156 MSPCLOCK (13e75fef9dfeb08eeded9d0246e1f448) C:\WINDOWS\system32\drivers\MSPCLOCK.sys
    2011/05/27 22:22:59.0421 2156 MSPQM (1988a33ff19242576c3d0ef9ce785da7) C:\WINDOWS\system32\drivers\MSPQM.sys
    2011/05/27 22:22:59.0484 2156 mssmbios (469541f8bfd2b32659d5d463a6714bce) C:\WINDOWS\system32\DRIVERS\mssmbios.sys
    2011/05/27 22:22:59.0531 2156 Mup (82035e0f41c2dd05ae41d27fe6cf7de1) C:\WINDOWS\system32\drivers\Mup.sys
    2011/05/27 22:22:59.0843 2156 NAVENG (920d9701bba90dbb7ccfd3536ea4d6f9) C:\Documents and Settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_4.1.0.32\Definitions\VirusDefs\20110527.019\NAVENG.SYS
    2011/05/27 22:22:59.0937 2156 NAVEX15 (31b1a9b53c3319b97f7874347cd992d2) C:\Documents and Settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_4.1.0.32\Definitions\VirusDefs\20110527.019\NAVEX15.SYS
    2011/05/27 22:23:00.0031 2156 NDIS (558635d3af1c7546d26067d5d9b6959e) C:\WINDOWS\system32\drivers\NDIS.sys
    2011/05/27 22:23:00.0078 2156 NdisTapi (08d43bbdacdf23f34d79e44ed35c1b4c) C:\WINDOWS\system32\DRIVERS\ndistapi.sys
    2011/05/27 22:23:00.0156 2156 Ndisuio (eefa1ce63805d2145978621be5c6d955) C:\WINDOWS\system32\DRIVERS\ndisuio.sys
    2011/05/27 22:23:00.0203 2156 NdisWan (0b90e255a9490166ab368cd55a529893) C:\WINDOWS\system32\DRIVERS\ndiswan.sys
    2011/05/27 22:23:00.0218 2156 NDProxy (59fc3fb44d2669bc144fd87826bb571f) C:\WINDOWS\system32\drivers\NDProxy.sys
    2011/05/27 22:23:00.0265 2156 NetBIOS (3a2aca8fc1d7786902ca434998d7ceb4) C:\WINDOWS\system32\DRIVERS\netbios.sys
    2011/05/27 22:23:00.0359 2156 NetBT (0c80e410cd2f47134407ee7dd19cc86b) C:\WINDOWS\system32\DRIVERS\netbt.sys
    2011/05/27 22:23:00.0468 2156 NIC1394 (5c5c53db4fef16cf87b9911c7e8c6fbc) C:\WINDOWS\system32\DRIVERS\nic1394.sys
    2011/05/27 22:23:00.0546 2156 Npfs (4f601bcb8f64ea3ac0994f98fed03f8e) C:\WINDOWS\system32\drivers\Npfs.sys
    2011/05/27 22:23:00.0656 2156 Ntfs (19a811ef5f1ed5c926a028ce107ff1af) C:\WINDOWS\system32\drivers\Ntfs.sys
    2011/05/27 22:23:00.0703 2156 Null (73c1e1f395918bc2c6dd67af7591a3ad) C:\WINDOWS\system32\drivers\Null.sys
    2011/05/27 22:23:01.0015 2156 nv (b9b1bb146eb9a83dcf0f5635b09d3d43) C:\WINDOWS\system32\DRIVERS\nv4_mini.sys
    2011/05/27 22:23:01.0359 2156 nvatabus (c7edd63fe26325f288006bb6f82f05c2) C:\WINDOWS\system32\drivers\nvatabus.sys
    2011/05/27 22:23:01.0359 2156 Suspicious file (NoAccess): C:\WINDOWS\system32\drivers\nvatabus.sys. md5: c7edd63fe26325f288006bb6f82f05c2
    2011/05/27 22:23:01.0359 2156 nvatabus - detected Rootkit.Win32.TDSS.tdl3 (0)
    2011/05/27 22:23:01.0421 2156 nvraid (ea4017441889a7e66d8a77bd41ac11c0) C:\WINDOWS\system32\drivers\nvraid.sys
    2011/05/27 22:23:01.0468 2156 NwlnkFlt (b305f3fad35083837ef46a0bbce2fc57) C:\WINDOWS\system32\DRIVERS\nwlnkflt.sys
    2011/05/27 22:23:01.0484 2156 NwlnkFwd (c99b3415198d1aab7227f2c88fd664b9) C:\WINDOWS\system32\DRIVERS\nwlnkfwd.sys
    2011/05/27 22:23:01.0500 2156 ohci1394 (0951db8e5823ea366b0e408d71e1ba2a) C:\WINDOWS\system32\DRIVERS\ohci1394.sys
    2011/05/27 22:23:01.0578 2156 ossrv (61c85afeaa6ef0c1b32d43f84f7bfbcf) C:\WINDOWS\system32\drivers\ctoss2k.sys
    2011/05/27 22:23:01.0625 2156 Parport (29744eb4ce659dfe3b4122deb45bc478) C:\WINDOWS\system32\DRIVERS\parport.sys
    2011/05/27 22:23:01.0640 2156 PartMgr (3334430c29dc338092f79c38ef7b4cd0) C:\WINDOWS\system32\drivers\PartMgr.sys
    2011/05/27 22:23:01.0687 2156 ParVdm (70e98b3fd8e963a6a46a2e6247e0bea1) C:\WINDOWS\system32\drivers\ParVdm.sys
    2011/05/27 22:23:01.0734 2156 PCI (8086d9979234b603ad5bc2f5d890b234) C:\WINDOWS\system32\DRIVERS\pci.sys
    2011/05/27 22:23:01.0843 2156 PCIIde (ccf5f451bb1a5a2a522a76e670000ff0) C:\WINDOWS\system32\DRIVERS\pciide.sys
    2011/05/27 22:23:01.0953 2156 Pcmcia (82a087207decec8456fbe8537947d579) C:\WINDOWS\system32\drivers\Pcmcia.sys
    2011/05/27 22:23:02.0343 2156 perc2 (6c14b9c19ba84f73d3a86dba11133101) C:\WINDOWS\system32\DRIVERS\perc2.sys
    2011/05/27 22:23:02.0406 2156 perc2hib (f50f7c27f131afe7beba13e14a3b9416) C:\WINDOWS\system32\DRIVERS\perc2hib.sys
    2011/05/27 22:23:02.0484 2156 PfModNT (6dabb70783ef470492adb7b9a6e60bf3) C:\WINDOWS\system32\drivers\PfModNT.sys
    2011/05/27 22:23:02.0593 2156 PnkBstrK (3c14f9c6ad6fb22b6695cd120ae94308) C:\WINDOWS\system32\drivers\PnkBstrK.sys
    2011/05/27 22:23:02.0687 2156 PptpMiniport (1c5cc65aac0783c344f16353e60b72ac) C:\WINDOWS\system32\DRIVERS\raspptp.sys
    2011/05/27 22:23:02.0734 2156 PSched (48671f327553dcf1d27f6197f622a668) C:\WINDOWS\system32\DRIVERS\psched.sys
    2011/05/27 22:23:02.0781 2156 Ptilink (80d317bd1c3dbc5d4fe7b1678c60cadd) C:\WINDOWS\system32\DRIVERS\ptilink.sys
    2011/05/27 22:23:02.0828 2156 PxHelp20 (e70bf61ff293370b58909fc9727c8187) C:\WINDOWS\system32\Drivers\PxHelp20.sys
    2011/05/27 22:23:02.0921 2156 ql1080 (0a63fb54039eb5662433caba3b26dba7) C:\WINDOWS\system32\DRIVERS\ql1080.sys
    2011/05/27 22:23:02.0984 2156 Ql10wnt (6503449e1d43a0ff0201ad5cb1b8c706) C:\WINDOWS\system32\DRIVERS\ql10wnt.sys
    2011/05/27 22:23:03.0000 2156 ql12160 (156ed0ef20c15114ca097a34a30d8a01) C:\WINDOWS\system32\DRIVERS\ql12160.sys
    2011/05/27 22:23:03.0015 2156 ql1240 (70f016bebde6d29e864c1230a07cc5e6) C:\WINDOWS\system32\DRIVERS\ql1240.sys
    2011/05/27 22:23:03.0031 2156 ql1280 (907f0aeea6bc451011611e732bd31fcf) C:\WINDOWS\system32\DRIVERS\ql1280.sys
    2011/05/27 22:23:03.0062 2156 RasAcd (fe0d99d6f31e4fad8159f690d68ded9c) C:\WINDOWS\system32\DRIVERS\rasacd.sys
    2011/05/27 22:23:03.0093 2156 Rasl2tp (98faeb4a4dcf812ba1c6fca4aa3e115c) C:\WINDOWS\system32\DRIVERS\rasl2tp.sys
    2011/05/27 22:23:03.0093 2156 RasPppoe (7306eeed8895454cbed4669be9f79faa) C:\WINDOWS\system32\DRIVERS\raspppoe.sys
    2011/05/27 22:23:03.0109 2156 Raspti (fdbb1d60066fcfbb7452fd8f9829b242) C:\WINDOWS\system32\DRIVERS\raspti.sys
    2011/05/27 22:23:03.0156 2156 Rdbss (03b965b1ca47f6ef60eb5e51cb50e0af) C:\WINDOWS\system32\DRIVERS\rdbss.sys
    2011/05/27 22:23:03.0203 2156 RDPCDD (4912d5b403614ce99c28420f75353332) C:\WINDOWS\system32\DRIVERS\RDPCDD.sys
    2011/05/27 22:23:03.0250 2156 rdpdr (a2cae2c60bc37e0751ef9dda7ceaf4ad) C:\WINDOWS\system32\DRIVERS\rdpdr.sys
    2011/05/27 22:23:03.0296 2156 RDPWD (b54cd38a9ebfbf2b3561426e3fe26f62) C:\WINDOWS\system32\drivers\RDPWD.sys
    2011/05/27 22:23:03.0359 2156 redbook (b31b4588e4086d8d84adbf9845c2402b) C:\WINDOWS\system32\DRIVERS\redbook.sys
    2011/05/27 22:23:03.0437 2156 rspndr (0e11b35e972796042044bc27ce13b065) C:\WINDOWS\system32\DRIVERS\rspndr.sys
    2011/05/27 22:23:03.0531 2156 Secdrv (90a3935d05b494a5a39d37e71f09a677) C:\WINDOWS\system32\DRIVERS\secdrv.sys
    2011/05/27 22:23:03.0546 2156 serenum (a2d868aeeff612e70e213c451a70cafb) C:\WINDOWS\system32\DRIVERS\serenum.sys
    2011/05/27 22:23:03.0578 2156 Serial (cd9404d115a00d249f70a371b46d5a26) C:\WINDOWS\system32\DRIVERS\serial.sys
    2011/05/27 22:23:03.0609 2156 Sfloppy (0d13b6df6e9e101013a7afb0ce629fe0) C:\WINDOWS\system32\drivers\Sfloppy.sys
    2011/05/27 22:23:03.0640 2156 sisagp (732d859b286da692119f286b21a2a114) C:\WINDOWS\system32\DRIVERS\sisagp.sys
    2011/05/27 22:23:03.0734 2156 snapman (e92be8a451c56b5506f0f3eba2a3628e) C:\WINDOWS\system32\DRIVERS\snapman.sys
    2011/05/27 22:23:03.0812 2156 Sparrow (83c0f71f86d3bdaf915685f3d568b20e) C:\WINDOWS\system32\DRIVERS\sparrow.sys
    2011/05/27 22:23:03.0875 2156 splitter (0ce218578fff5f4f7e4201539c45c78f) C:\WINDOWS\system32\drivers\splitter.sys
    2011/05/27 22:23:03.0906 2156 sr (e41b6d037d6cd08461470af04500dc24) C:\WINDOWS\system32\DRIVERS\sr.sys
    2011/05/27 22:23:03.0953 2156 SRTSP (ec5c3c6260f4019b03dfaa03ec8cbf6a) C:\WINDOWS\System32\Drivers\N360\0403000.005\SRTSP.SYS
    2011/05/27 22:23:03.0984 2156 SRTSPX (55d5c37ed41231e3ac2063d16df50840) C:\WINDOWS\system32\drivers\N360\0403000.005\SRTSPX.SYS
    2011/05/27 22:23:04.0046 2156 Srv (7a4f147cc6b133f905f6e65e2f8669fb) C:\WINDOWS\system32\DRIVERS\srv.sys
    2011/05/27 22:23:04.0203 2156 STHDA (8990440e4b2a7ca5a56a1833b03741fd) C:\WINDOWS\system32\drivers\sthda.sys
    2011/05/27 22:23:04.0375 2156 swenum (03c1bae4766e2450219d20b993d6e046) C:\WINDOWS\system32\DRIVERS\swenum.sys
    2011/05/27 22:23:04.0453 2156 swmidi (94abc808fc4b6d7d2bbf42b85e25bb4d) C:\WINDOWS\system32\drivers\swmidi.sys
    2011/05/27 22:23:04.0515 2156 symc810 (1ff3217614018630d0a6758630fc698c) C:\WINDOWS\system32\DRIVERS\symc810.sys
    2011/05/27 22:23:04.0593 2156 symc8xx (070e001d95cf725186ef8b20335f933c) C:\WINDOWS\system32\DRIVERS\symc8xx.sys
    2011/05/27 22:23:04.0718 2156 SymDS (56890bf9d9204b93042089d4b45ae671) C:\WINDOWS\system32\drivers\N360\0403000.005\SYMDS.SYS
    2011/05/27 22:23:04.0828 2156 SymEFA (1c91df5188150510a6f0cf78f7d94b69) C:\WINDOWS\system32\drivers\N360\0403000.005\SYMEFA.SYS
    2011/05/27 22:23:04.0921 2156 SymEvent (961b48b86f94d4cc8ceb483f8aa89374) C:\WINDOWS\system32\Drivers\SYMEVENT.SYS
    2011/05/27 22:23:05.0000 2156 SymIRON (dc80fbf0a348e54853ef82eed4e11e35) C:\WINDOWS\system32\drivers\N360\0403000.005\Ironx86.SYS
    2011/05/27 22:23:05.0093 2156 SYMTDI (41aad61f87ca8e3b5d0f7fe7fba0797d) C:\WINDOWS\System32\Drivers\N360\0403000.005\SYMTDI.SYS
    2011/05/27 22:23:05.0203 2156 sym_hi (80ac1c4abbe2df3b738bf15517a51f2c) C:\WINDOWS\system32\DRIVERS\sym_hi.sys
    2011/05/27 22:23:05.0281 2156 sym_u3 (bf4fab949a382a8e105f46ebb4937058) C:\WINDOWS\system32\DRIVERS\sym_u3.sys
    2011/05/27 22:23:05.0390 2156 sysaudio (650ad082d46bac0e64c9c0e0928492fd) C:\WINDOWS\system32\drivers\sysaudio.sys
    2011/05/27 22:23:05.0484 2156 Tcpip (2a5554fc5b1e04e131230e3ce035c3f9) C:\WINDOWS\system32\DRIVERS\tcpip.sys
    2011/05/27 22:23:05.0593 2156 TDPIPE (38d437cf2d98965f239b0abcd66dcb0f) C:\WINDOWS\system32\drivers\TDPIPE.sys
    2011/05/27 22:23:05.0640 2156 TDTCP (ed0580af02502d00ad8c4c066b156be9) C:\WINDOWS\system32\drivers\TDTCP.sys
    2011/05/27 22:23:05.0703 2156 TermDD (a540a99c281d933f3d69d55e48727f47) C:\WINDOWS\system32\DRIVERS\termdd.sys
    2011/05/27 22:23:05.0734 2156 TosIde (f2790f6af01321b172aa62f8e1e187d9) C:\WINDOWS\system32\DRIVERS\toside.sys
    2011/05/27 22:23:05.0796 2156 Udfs (12f70256f140cd7d52c58c7048fde657) C:\WINDOWS\system32\drivers\Udfs.sys
    2011/05/27 22:23:05.0859 2156 ultra (1b698a51cd528d8da4ffaed66dfc51b9) C:\WINDOWS\system32\DRIVERS\ultra.sys
    2011/05/27 22:23:05.0968 2156 Update (5a51b4cd1709c6a12fe6715b51229ed0) C:\WINDOWS\system32\DRIVERS\update.sys
    2011/05/27 22:23:06.0109 2156 usbccgp (bffd9f120cc63bcbaa3d840f3eef9f79) C:\WINDOWS\system32\DRIVERS\usbccgp.sys
    2011/05/27 22:23:06.0234 2156 usbehci (708579b01fed227aadb393cb0c3b4a2c) C:\WINDOWS\system32\DRIVERS\usbehci.sys
    2011/05/27 22:23:06.0281 2156 usbhub (c72f40947f92cea56a8fb532edf025f1) C:\WINDOWS\system32\DRIVERS\usbhub.sys
    2011/05/27 22:23:06.0421 2156 usbohci (bdfe799a8531bad8a5a985821fe78760) C:\WINDOWS\system32\DRIVERS\usbohci.sys
    2011/05/27 22:23:06.0453 2156 usbprint (a42369b7cd8886cd7c70f33da6fcbcf5) C:\WINDOWS\system32\DRIVERS\usbprint.sys
    2011/05/27 22:23:06.0546 2156 usbscan (a6bc71402f4f7dd5b77fd7f4a8ddba85) C:\WINDOWS\system32\DRIVERS\usbscan.sys
    2011/05/27 22:23:06.0625 2156 USBSTOR (6cd7b22193718f1d17a47a1cd6d37e75) C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS
    2011/05/27 22:23:06.0703 2156 usbuhci (f8fd1400092e23c8f2f31406ef06167b) C:\WINDOWS\system32\DRIVERS\usbuhci.sys
    2011/05/27 22:23:06.0781 2156 usb_rndisx (ae4df3b7d1db9373b08db4ed224e26b6) C:\WINDOWS\system32\DRIVERS\usb8023x.sys
    2011/05/27 22:23:06.0859 2156 VgaSave (8a60edd72b4ea5aea8202daf0e427925) C:\WINDOWS\System32\drivers\vga.sys
    2011/05/27 22:23:06.0921 2156 viaagp (d92e7c8a30cfd14d8e15b5f7f032151b) C:\WINDOWS\system32\DRIVERS\viaagp.sys
    2011/05/27 22:23:07.0000 2156 ViaIde (59cb1338ad3654417bea49636457f65d) C:\WINDOWS\system32\DRIVERS\viaide.sys
    2011/05/27 22:23:07.0062 2156 VolSnap (ee4660083deba849ff6c485d944b379b) C:\WINDOWS\system32\drivers\VolSnap.sys
    2011/05/27 22:23:07.0140 2156 vpnva (2fa9fb828d29fed55efc800e267be09d) C:\WINDOWS\system32\DRIVERS\vpnva.sys
    2011/05/27 22:23:07.0250 2156 Wanarp (984ef0b9788abf89974cfed4bfbaacbc) C:\WINDOWS\system32\DRIVERS\wanarp.sys
    2011/05/27 22:23:07.0328 2156 wceusbsh (46a247f6617526afe38b6f12f5512120) C:\WINDOWS\system32\DRIVERS\wceusbsh.sys
    2011/05/27 22:23:07.0437 2156 WDC_SAM (d6efaf429fd30c5df613d220e344cce7) C:\WINDOWS\system32\DRIVERS\wdcsam.sys
    2011/05/27 22:23:07.0546 2156 Wdf01000 (d918617b46457b9ac28027722e30f647) C:\WINDOWS\system32\Drivers\wdf01000.sys
    2011/05/27 22:23:07.0734 2156 wdmaud (efd235ca22b57c81118c1aeb4798f1c1) C:\WINDOWS\system32\drivers\wdmaud.sys
    2011/05/27 22:23:07.0812 2156 WinUSB (30fc6e5448d0cbaaa95280eeef7fedae) C:\WINDOWS\system32\DRIVERS\WinUSB.sys
    2011/05/27 22:23:07.0937 2156 WmiAcpi (ae2c8544e747c20062db27456ea2d67a) C:\WINDOWS\system32\DRIVERS\wmiacpi.sys
    2011/05/27 22:23:08.0015 2156 WpdUsb (c60dc16d4e406810fad54b98dc92d5ec) C:\WINDOWS\system32\Drivers\wpdusb.sys
    2011/05/27 22:23:08.0140 2156 WudfPf (f15feafffbb3644ccc80c5da584e6311) C:\WINDOWS\system32\DRIVERS\WudfPf.sys
    2011/05/27 22:23:08.0234 2156 WudfRd (28b524262bce6de1f7ef9f510ba3985b) C:\WINDOWS\system32\DRIVERS\wudfrd.sys
    2011/05/27 22:23:08.0343 2156 xusb21 (ee9144207ee0211eb5656ba6808ac4a0) C:\WINDOWS\system32\DRIVERS\xusb21.sys
    2011/05/27 22:23:08.0390 2156 MBR (0x1B8) (5cb90281d1a59b251f6603134774eec3) \Device\Harddisk0\DR0
    2011/05/27 22:23:08.0390 2156 MBR (0x1B8) (8f558eb6672622401da993e1e865c861) \Device\Harddisk1\DR4
    2011/05/27 22:23:08.0406 2156 ================================================================================
    2011/05/27 22:23:08.0406 2156 Scan finished
    2011/05/27 22:23:08.0406 2156 ================================================================================
    2011/05/27 22:23:08.0406 3572 Detected object count: 1
    2011/05/27 22:23:08.0406 3572 Actual detected object count: 1
    2011/05/27 22:23:27.0984 3572 nvatabus (c7edd63fe26325f288006bb6f82f05c2) C:\WINDOWS\system32\drivers\nvatabus.sys
    2011/05/27 22:23:27.0984 3572 Suspicious file (NoAccess): C:\WINDOWS\system32\drivers\nvatabus.sys. md5: c7edd63fe26325f288006bb6f82f05c2
    2011/05/27 22:23:28.0125 3572 Backup copy not found, trying to cure infected file..
    2011/05/27 22:23:28.0125 3572 Cure success, using it..
    2011/05/27 22:23:28.0203 3572 C:\WINDOWS\system32\drivers\nvatabus.sys - will be cured after reboot
    2011/05/27 22:23:28.0203 3572 Rootkit.Win32.TDSS.tdl3(nvatabus) - User select action: Cure
    2011/05/27 22:23:33.0515 3184 Deinitialize success
     
  15. Broni

    Broni Malware Annihilator Posts: 47,037   +255

    Well done :)
    It was curing a rootkit, so it took time.

    Retry Combofix in normal mode now.
     
  16. KriegSohn

    KriegSohn TS Rookie Topic Starter Posts: 18

    ComboFix 11-05-27.01 - Vincent 27/05/2011 23:12:03.2.2 - x86
    Microsoft Windows XP Professional 5.1.2600.2.1252.1.1033.18.2045.1410 [GMT -4:00]
    Running from: c:\documents and settings\Vincent\Desktop\ComboFix.exe
    AV: Norton 360 *Disabled/Updated* {E10A9785-9598-4754-B552-92431C1C35F8}
    FW: Norton 360 *Disabled* {7C21A4C9-F61F-4AC4-B722-A6E19C16F220}
    .
    .
    ((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
    .
    .
    c:\documents and settings\Vincent\WINDOWS
    c:\windows\gendel32.exe
    c:\windows\system32\Ijl11.dll
    c:\windows\wiaservim.log
    .
    .
    ((((((((((((((((((((((((( Files Created from 2011-04-28 to 2011-05-28 )))))))))))))))))))))))))))))))
    .
    .
    2011-05-25 07:41 . 2011-05-25 00:58 16432 ----a-w- c:\windows\system32\lsdelete.exe
    2011-05-25 00:58 . 2011-05-25 00:58 98392 ----a-w- c:\windows\system32\drivers\SBREDrv.sys
    2011-05-24 23:58 . 2011-05-24 23:58 -------- dc----w- c:\documents and settings\All Users\Application Data\{83C91755-2546-441D-AC40-9A6B4B860800}
    2011-05-20 02:17 . 2011-05-20 02:17 -------- d-----w- c:\documents and settings\Vincent\Application Data\Malwarebytes
    2011-05-20 02:17 . 2010-12-20 22:09 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
    2011-05-20 02:17 . 2011-05-20 02:17 -------- d-----w- c:\documents and settings\All Users\Application Data\Malwarebytes
    2011-05-20 02:17 . 2011-05-20 02:17 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
    2011-05-20 02:17 . 2010-12-20 22:08 20952 ----a-w- c:\windows\system32\drivers\mbam.sys
    2011-05-20 01:28 . 2011-05-20 01:38 -------- d-----w- c:\documents and settings\Vincent\Local Settings\Application Data\NPE
    .
    .
    .
    (((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
    .
    2011-05-28 02:24 . 2007-10-29 17:58 105472 ----a-w- c:\windows\system32\drivers\nvatabus.sys
    2011-04-18 02:05 . 2011-04-18 02:05 2471776 ----a-w- c:\windows\system32\AutoPartNt.exe
    2011-04-18 02:01 . 2011-04-18 02:01 169472 ----a-w- c:\windows\system32\drivers\snapman.sys
    2010-06-15 11:33 . 2010-06-15 11:25 1990728 ----a-w- c:\program files\Install_Facebook_Plug-In_1.0.3.exe
    2008-04-25 18:32 . 2008-04-25 18:32 5817064 ----a-w- c:\program files\mozilla firefox\plugins\ScorchPDFWrapper.dll
    .
    .
    ((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
    .
    .
    *Note* empty entries & legit default entries are not shown
    REGEDIT4
    .
    [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "msnmsgr"="c:\program files\Windows Live\Messenger\msnmsgr.exe" [2010-04-17 3872080]
    "NortonUpdateAgent"="c:\documents and settings\All Users\Application Data\Norton\NUA.exe" [2011-04-05 2692024]
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2010-10-16 110696]
    "NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2010-10-16 13851752]
    "nwiz"="c:\program files\NVIDIA Corporation\nView\nwiz.exe" [2010-08-26 1753192]
    "Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2009-12-18 40368]
    "Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2010-09-21 932288]
    .
    [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
    "CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2004-08-10 15360]
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Lavasoft Ad-Aware Service]
    @="Service"
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]
    @="Driver"
    .
    [HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^HP Digital Imaging Monitor.lnk]
    path=c:\documents and settings\All Users\Start Menu\Programs\Startup\HP Digital Imaging Monitor.lnk
    backup=c:\windows\pss\HP Digital Imaging Monitor.lnkCommon Startup
    .
    [HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Microsoft Office.lnk]
    path=c:\documents and settings\All Users\Start Menu\Programs\Startup\Microsoft Office.lnk
    backup=c:\windows\pss\Microsoft Office.lnkCommon Startup
    .
    [HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^WDDMStatus.lnk]
    path=c:\documents and settings\All Users\Start Menu\Programs\Startup\WDDMStatus.lnk
    backup=c:\windows\pss\WDDMStatus.lnkCommon Startup
    .
    [HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^WDSmartWare.lnk]
    path=c:\documents and settings\All Users\Start Menu\Programs\Startup\WDSmartWare.lnk
    backup=c:\windows\pss\WDSmartWare.lnkCommon Startup
    .
    [HKLM\~\startupfolder\C:^Documents and Settings^Vincent^Start Menu^Programs^Startup^Adobe Gamma.lnk]
    path=c:\documents and settings\Vincent\Start Menu\Programs\Startup\Adobe Gamma.lnk
    backup=c:\windows\pss\Adobe Gamma.lnkStartup
    .
    [HKLM\~\startupfolder\C:^Documents and Settings^Vincent^Start Menu^Programs^Startup^MagicDisc.lnk]
    path=c:\documents and settings\Vincent\Start Menu\Programs\Startup\MagicDisc.lnk
    backup=c:\windows\pss\MagicDisc.lnkStartup
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\KernelFaultCheck]
    c:\windows\system32\dumprep 0 -k [X]
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\UserFaultCheck]
    c:\windows\system32\dumprep 0 -u [X]
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Ad-Watch]
    2011-05-13 09:11 1191216 ----a-w- c:\program files\Lavasoft\Ad-Aware\AAWTray.exe
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher]
    2009-12-18 12:58 40368 ----a-w- c:\program files\Adobe\Reader 8.0\Reader\reader_sl.exe
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Corel Photo Downloader]
    2007-03-21 06:33 478800 ----a-w- c:\program files\Corel\Corel Snapfire Plus\Corel Photo Downloader.exe
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\CTDVDDET]
    2003-06-18 05:00 45056 ----a-w- c:\program files\Creative\SBAudigy2ZS\DVDAudio\CTDVDDET.exe
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\CTHelper]
    2007-04-09 16:32 19456 ----a-w- c:\windows\system32\CtHelper.exe
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\CTSysVol]
    2003-07-02 14:03 57344 ----a-w- c:\program files\Creative\SBAudigy2ZS\Surround Mixer\CTSysVol.exe
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Dell QuickSet]
    2007-04-04 22:48 1236992 ----a-w- c:\program files\Dell\QuickSet\quickset.exe
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DellSupport]
    2007-03-15 17:09 460784 ----a-w- c:\program files\DellSupport\DSAgnt.exe
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DellSupportCenter]
    2009-05-21 14:55 206064 ----a-w- c:\program files\Dell Support Center\bin\sprtcmd.exe
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\dscactivate]
    2007-11-15 14:24 16384 ----a-w- c:\program files\Dell Support Center\gs_agent\custom\dsca.exe
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ehTray]
    2005-09-29 19:01 67584 ----a-w- c:\windows\ehome\ehtray.exe
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\H/PC Connection Agent]
    2006-11-13 18:39 1289000 ----a-w- c:\program files\Microsoft ActiveSync\wcescomm.exe
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HP Component Manager]
    2003-12-22 13:38 241664 ----a-w- c:\program files\HP\hpcoretech\hpcmpmgr.exe
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HP Software Update]
    2007-05-08 20:24 54840 ----a-w- c:\program files\Hewlett-Packard\HP Software Update\hpwuSchd2.exe
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HPDJ Taskbar Utility]
    2004-03-04 14:46 172032 ----a-w- c:\windows\system32\spool\drivers\w32x86\3\hpztsb10.exe
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ISUSPM Startup]
    2006-10-03 16:35 221184 ----a-w- c:\progra~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ISUSScheduler]
    2006-10-03 16:37 81920 ----a-w- c:\program files\Common Files\InstallShield\UpdateService\issch.exe
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MsnMsgr]
    2010-04-17 03:12 3872080 ----a-w- c:\program files\Windows Live\Messenger\msnmsgr.exe
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NvCplDaemon]
    2010-10-16 17:04 13851752 ----a-w- c:\windows\system32\nvcpl.dll
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NvMediaCenter]
    2010-10-16 17:04 110696 ----a-w- c:\windows\system32\nvmctray.dll
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PDVDDXSrv]
    2006-10-20 22:23 118784 ------w- c:\program files\CyberLink\PowerDVD DX\PDVDDXSrv.exe
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
    2007-10-20 01:16 286720 ----a-w- c:\program files\QuickTime\QTTask.exe
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RemoteCenter]
    2003-06-12 13:47 135168 ----a-w- c:\program files\Creative\MediaSource\RemoteControl\RcMan.exe
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RoxioDragToDisc]
    2006-08-17 14:00 1116920 ----a-w- c:\program files\Roxio\Drag-to-Disc\DrgToDsc.exe
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RoxWatchTray]
    2006-11-05 16:22 221184 ----a-w- c:\program files\Common Files\Roxio Shared\9.0\SharedCOM\RoxWatchTray9.exe
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SBDrvDet]
    2002-12-03 22:06 45056 ----a-w- c:\program files\Creative\SB Drive Det\SBDrvDet.exe
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SigmatelSysTrayApp]
    2007-04-12 11:16 282624 ----a-w- c:\windows\stsystra.exe
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SpybotSD TeaTimer]
    2009-03-05 20:07 2260480 --sha-r- c:\program files\Spybot - Search & Destroy\TeaTimer.exe
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Steam]
    2010-11-17 21:37 1242448 ----a-w- c:\program files\Steam\steam.exe
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
    2005-11-10 18:03 36975 ----a-w- c:\program files\Java\jre1.5.0_06\bin\jusched.exe
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TkBellExe]
    2010-04-19 22:34 202256 ----a-w- c:\program files\Common Files\Real\Update_OB\realsched.exe
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\UpdReg]
    2000-05-11 05:00 90112 ------w- c:\windows\Updreg.EXE
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WinampAgent]
    2011-03-22 18:37 74752 ----a-w- c:\program files\Winamp\winampa.exe
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]
    "WMPNetworkSvc"=3 (0x3)
    "Viewpoint Manager Service"=2 (0x2)
    "TVersityMediaServer"=2 (0x2)
    "stllssvr"=3 (0x3)
    "sprtsvc_dellsupportcenter"=2 (0x2)
    "RoxWatch9"=2 (0x2)
    "RoxMediaDB9"=3 (0x3)
    "ProtexisLicensing"=2 (0x2)
    "PnkBstrB"=2 (0x2)
    "PnkBstrA"=2 (0x2)
    "NVSvc"=2 (0x2)
    "N360"=2 (0x2)
    "libusbd"=2 (0x2)
    "Lavasoft Ad-Aware Service"=2 (0x2)
    "idsvc"=3 (0x3)
    "IDriverT"=3 (0x3)
    "gupdate"=2 (0x2)
    "FLEXnet Licensing Service"=3 (0x3)
    "DSBrokerService"=3 (0x3)
    "Creative Service for CDROM Access"=2 (0x2)
    "CCALib8"=2 (0x2)
    "Bonjour Service"=2 (0x2)
    "Adobe LM Service"=3 (0x3)
    "gupdatem"=3 (0x3)
    "Fax"=2 (0x2)
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
    "DisableMonitoring"=dword:00000001
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
    "DisableMonitoring"=dword:00000001
    .
    [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
    "EnableFirewall"= 0 (0x0)
    .
    [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
    "%windir%\\system32\\sessmgr.exe"=
    "c:\\Program Files\\uTorrent\\utorrent.exe"=
    "c:\\WINDOWS\\system32\\PnkBstrA.exe"=
    "c:\\WINDOWS\\system32\\PnkBstrB.exe"=
    "c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
    "c:\program files\Microsoft ActiveSync\rapimgr.exe"= c:\program files\Microsoft ActiveSync\rapimgr.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync RAPI Manager
    "c:\program files\Microsoft ActiveSync\wcescomm.exe"= c:\program files\Microsoft ActiveSync\wcescomm.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync Connection Manager
    "c:\program files\Microsoft ActiveSync\WCESMgr.exe"= c:\program files\Microsoft ActiveSync\WCESMgr.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync Application
    "c:\\Program Files\\Rosetta Stone\\Rosetta Stone V3\\support\\bin\\win\\RosettaStoneLtdServices.exe"=
    "c:\\Program Files\\Rosetta Stone\\Rosetta Stone V3\\RosettaStoneVersion3.exe"=
    "c:\\Program Files\\SmartFTP Client\\SmartFTP.exe"=
    "c:\\Program Files\\Ventrilo\\Ventrilo.exe"=
    "c:\\WINDOWS\\pchealth\\helpctr\\binaries\\HelpCtr.exe"=
    "c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqtra08.exe"=
    "c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqste08.exe"=
    "c:\\Program Files\\HP\\Digital Imaging\\bin\\hposid01.exe"=
    "c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqkygrp.exe"=
    "c:\\Program Files\\HP\\Digital Imaging\\bin\\hpfcCopy.exe"=
    "c:\\Program Files\\HP\\Digital Imaging\\bin\\hpoews01.exe"=
    "c:\\Program Files\\HP\\Digital Imaging\\bin\\hpiscnapp.exe"=
    "c:\\Program Files\\Common Files\\HP\\Digital Imaging\\Bin\\hpqPhotoCrm.exe"=
    "c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqgplgtupl.exe"=
    "c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqgpc01.exe"=
    "c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqusgm.exe"=
    "c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqusgh.exe"=
    "c:\\Program Files\\HP\\Digital Imaging\\smart web printing\\SmartWebPrintExe.exe"=
    "c:\\Program Files\\TVersity\\Media Server\\MediaServer.exe"=
    "c:\\Program Files\\Steam\\steamapps\\common\\call of duty modern warfare 2\\iw4sp.exe"=
    "c:\\Program Files\\Steam\\steamapps\\common\\call of duty modern warfare 2\\iw4mp.exe"=
    "c:\\Program Files\\Messenger\\msmsgs.exe"=
    "c:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
    "c:\\Program Files\\Steam\\steamapps\\common\\left 4 dead\\left4dead.exe"=
    "c:\\Program Files\\Steam\\steamapps\\common\\call of duty black ops\\BlackOpsMP.exe"=
    "c:\\Program Files\\Steam\\steamapps\\common\\call of duty black ops\\BlackOps.exe"=
    .
    [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
    "26675:TCP"= 26675:TCP:169.254.2.0/255.255.255.0:Enabled:ActiveSync Service
    "<NO NAME>"=
    .
    R0 SymDS;Symantec Data Store;c:\windows\system32\drivers\N360\0403000.005\symds.sys [21/09/2010 5:22 PM 328752]
    R0 SymEFA;Symantec Extended File Attributes;c:\windows\system32\drivers\N360\0403000.005\symefa.sys [21/09/2010 5:22 PM 173104]
    R1 BHDrvx86;BHDrvx86;c:\documents and settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_4.1.0.32\Definitions\BASHDefs\20110518.001\BHDrvx86.sys [18/05/2011 6:19 PM 802936]
    R1 ccHP;Symantec Hash Provider;c:\windows\system32\drivers\N360\0403000.005\cchpx86.sys [21/09/2010 5:22 PM 501888]
    R1 SymIRON;Symantec Iron Driver;c:\windows\system32\drivers\N360\0403000.005\ironx86.sys [21/09/2010 5:22 PM 116784]
    R2 N360;Norton 360;c:\program files\Norton 360\Engine\4.3.0.5\ccsvchst.exe [21/09/2010 5:22 PM 126392]
    R2 vpnagent;Cisco AnyConnect VPN Agent;c:\program files\Cisco\Cisco AnyConnect VPN Client\vpnagent.exe [10/12/2008 8:03 PM 417464]
    R2 WDDMService;WD SmartWare Drive Manager;c:\program files\Western Digital\WD SmartWare\WD Drive Manager\WDDMService.exe [21/01/2010 4:24 PM 110592]
    R2 WDSmartWareBackgroundService;WD SmartWare Background Service;c:\program files\Western Digital\WD SmartWare\Front Parlor\WDSmartWareBackgroundService.exe [16/06/2009 8:58 AM 20480]
    R3 athena;athena;c:\windows\system32\drivers\athena.sys [29/10/2007 1:58 PM 107392]
    R3 EraserUtilRebootDrv;EraserUtilRebootDrv;c:\program files\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [25/05/2011 11:54 AM 105592]
    R3 IDSxpx86;IDSxpx86;c:\documents and settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_4.1.0.32\Definitions\IPSDefs\20110527.001\IDSXpx86.sys [27/05/2011 5:55 PM 341944]
    R3 libusb0;LibUsb-Win32 - Kernel Driver, Version 0.1.10.1;c:\windows\system32\drivers\libusb0.sys [02/02/2010 9:35 PM 33792]
    R3 WDC_SAM;WD SCSI Pass Thru driver;c:\windows\system32\drivers\wdcsam.sys [18/07/2010 9:01 PM 11520]
    S0 Lbd;Lbd;c:\windows\system32\DRIVERS\Lbd.sys --> c:\windows\system32\DRIVERS\Lbd.sys [?]
    S3 COMMONFX;COMMONFX;c:\windows\system32\drivers\COMMONFX.sys [27/06/2008 7:21 PM 99352]
    S3 CTAUDFX;CTAUDFX;c:\windows\system32\drivers\CTAUDFX.sys [27/06/2008 7:21 PM 555032]
    S3 CTERFXFX;CTERFXFX;c:\windows\system32\drivers\CTERFXFX.sys [27/06/2008 7:21 PM 100888]
    S3 CTSBLFX;CTSBLFX;c:\windows\system32\drivers\CTSBLFX.sys [27/06/2008 7:21 PM 566296]
    S3 Lavasoft Kernexplorer;Lavasoft helper driver;c:\program files\Lavasoft\Ad-Aware\kernexplorer.sys [29/04/2011 12:11 PM 15232]
    S3 MotioninJoyXFilter;MotioninJoy Virtual Xinput device Filter Driver;c:\windows\system32\drivers\MijXfilt.sys [26/03/2011 2:05 PM 81168]
    S3 yeddef;YEDDEF driver;c:\windows\system32\Drivers\yeddef.sys --> c:\windows\system32\Drivers\yeddef.sys [?]
    S4 gupdate;Service Google Update (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [07/03/2010 11:56 PM 135664]
    S4 gupdatem;Service Google Update (gupdatem);c:\program files\Google\Update\GoogleUpdate.exe [07/03/2010 11:56 PM 135664]
    S4 Lavasoft Ad-Aware Service;Lavasoft Ad-Aware Service;c:\program files\Lavasoft\Ad-Aware\AAWService.exe [29/04/2011 12:11 PM 2151128]
    S4 libusbd;LibUsb-Win32 - Daemon, Version 0.1.10.1;system32\libusbd-nt.exe --> system32\libusbd-nt.exe [?]
    S4 Viewpoint Manager Service;Viewpoint Manager Service;c:\program files\Viewpoint\Common\ViewpointService.exe [04/12/2007 9:36 PM 24652]
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
    HPZ12 REG_MULTI_SZ Pml Driver HPZ12 Net Driver HPZ12
    hpdevmgmt REG_MULTI_SZ hpqcxs08 hpqddsvc
    .
    Contents of the 'Scheduled Tasks' folder
    .
    2011-05-28 c:\windows\Tasks\Ad-Aware Update (Weekly).job
    - c:\program files\Lavasoft\Ad-Aware\Ad-AwareAdmin.exe [2011-04-29 09:11]
    .
    2011-05-23 c:\windows\Tasks\AppleSoftwareUpdate.job
    - c:\program files\Apple Software Update\SoftwareUpdate.exe [2007-08-29 19:57]
    .
    2011-05-28 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
    - c:\program files\Google\Update\GoogleUpdate.exe [2010-03-08 03:56]
    .
    2011-05-28 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
    - c:\program files\Google\Update\GoogleUpdate.exe [2010-03-08 03:56]
    .
    2011-05-28 c:\windows\Tasks\RealUpgradeLogonTaskS-1-5-21-3259613652-3807671696-3229074984-1005.job
    - c:\program files\Real\RealUpgrade\realupgrade.exe [2010-02-25 02:09]
    .
    2011-05-27 c:\windows\Tasks\RealUpgradeScheduledTaskS-1-5-21-3259613652-3807671696-3229074984-1005.job
    - c:\program files\Real\RealUpgrade\realupgrade.exe [2010-02-25 02:09]
    .
    .
    ------- Supplementary Scan -------
    .
    uStart Page = hxxp://google.com/
    mStart Page = hxxp://www1.ca.dell.com/content/default.aspx?c=ca&l=en&s=gen
    IE: E&xport to Microsoft Excel - c:\progra~1\MI1933~1\Office10\EXCEL.EXE/3000
    TCP: DhcpNameServer = 24.200.243.189 24.200.241.37 24.201.245.77
    DPF: {55963676-2F5E-4BAF-AC28-CF26AA587566} - hxxps://vpn2.cae.com/CACHE/stc/1/binaries/vpnweb.cab
    FF - ProfilePath - c:\documents and settings\Vincent\Application Data\Mozilla\Firefox\Profiles\m3nhrhfe.default\
    FF - prefs.js: browser.startup.homepage - hxxp://google.com/
    FF - Ext: Default: {972ce4c6-7e08-4474-a285-3208198ce6fd} - c:\program files\Mozilla Firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
    FF - Ext: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - %profile%\extensions\{20a82645-c095-46ed-80e3-08825760534b}
    FF - Ext: HP Smart Web Printing: smartwebprinting@hp.com - c:\program files\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3
    FF - Ext: Norton IPS: {BBDA0591-3099-440a-AA10-41764D9DB4DB} - c:\documents and settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_4.1.0.32\IPSFFPlgn
    FF - Ext: Norton Toolbar: {2D3F3651-74B9-4795-BDEC-6DA2F431CB62} - c:\documents and settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_4.1.0.32\coFFPlgn
    FF - Ext: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension
    FF - Ext: Move Media Player: moveplayer@movenetworks.com - c:\documents and settings\Vincent\Application Data\Move Networks
    FF - Ext: HP Smart Web Printing: smartwebprinting@hp.com - c:\program files\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3
    .
    - - - - ORPHANS REMOVED - - - -
    .
    SafeBoot-29022368.sys
    MSConfigStartUp-EA Core - c:\program files\Electronic Arts\EADM\Core.exe
    MSConfigStartUp-ECenter - c:\dell\E-Center\EULALauncher.exe
    MSConfigStartUp-nwiz - nwiz.exe
    .
    .
    .
    **************************************************************************
    .
    catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
    Rootkit scan 2011-05-27 23:20
    Windows 5.1.2600 Service Pack 2 NTFS
    .
    scanning hidden processes ...
    .
    scanning hidden autostart entries ...
    .
    scanning hidden files ...
    .
    scan completed successfully
    hidden files: 0
    .
    **************************************************************************
    .
    [HKEY_LOCAL_MACHINE\System\ControlSet001\Services\N360]
    "ImagePath"="\"c:\program files\Norton 360\Engine\4.3.0.5\ccSvcHst.exe\" /s \"N360\" /m \"c:\program files\Norton 360\Engine\4.3.0.5\diMaster.dll\" /prefetch:1"
    .
    --------------------- LOCKED REGISTRY KEYS ---------------------
    .
    [HKEY_USERS\S-1-5-21-3259613652-3807671696-3229074984-1005\Software\SecuROM\License information*]
    "datasecu"=hex:ef,82,85,4b,68,e1,19,86,02,f7,36,9f,dd,9d,b6,4f,27,d4,16,76,e2,
    47,86,2c,a9,66,44,67,cd,08,8c,45,0a,c3,b2,b3,34,77,22,3d,b5,b4,5b,36,7a,d8,\
    "rkeysecu"=hex:cb,bd,f2,61,5a,4e,c6,95,f2,29,8b,82,ba,6b,3d,44
    .
    Completion time: 2011-05-27 23:23:26
    ComboFix-quarantined-files.txt 2011-05-28 03:23
    .
    Pre-Run: 236,937,568,256 bytes free
    Post-Run: 237,053,190,144 bytes free
    .
    - - End Of File - - 8657906A88A13E16F90AA1E4481D0C83
     
  17. Broni

    Broni Malware Annihilator Posts: 47,037   +255

    Combofix log looks good.

    How is computer doing?

    Unless you installed Viewpoint Manager knowledgeably...
    Go Start>Control Panel>Add\Remove (Programs and Features in Vista), and...
    Uninstall any of the following programs associated with Viewpoint:
    * Viewpoint Manager
    * Viewpoint Media Player
    * Viewpoint Toolbar
    This program does not do anything bad such as deliver ads or spy on you, but it is considered foistware ("drive-by-install") as it is installed without your consent through programs like AOL, AIM, Compuserve, etc.

    ====================================================================

    Download OTL to your Desktop.

    • Double click on the icon to run it. Make sure all other windows are closed and to let it run uninterrupted.
    • Click the Scan All Users checkbox.
    • Under the Custom Scan box paste this in:


    netsvcs
    drivers32
    %SYSTEMDRIVE%\*.*
    %systemroot%\Fonts\*.com
    %systemroot%\Fonts\*.dll
    %systemroot%\Fonts\*.ini
    %systemroot%\Fonts\*.ini2
    %systemroot%\Fonts\*.exe
    %systemroot%\system32\spool\prtprocs\w32x86\*.*
    %systemroot%\REPAIR\*.bak1
    %systemroot%\REPAIR\*.ini
    %systemroot%\system32\*.jpg
    %systemroot%\*.jpg
    %systemroot%\*.png
    %systemroot%\*.scr
    %systemroot%\*._sy
    %APPDATA%\Adobe\Update\*.*
    %ALLUSERSPROFILE%\Favorites\*.*
    %APPDATA%\Microsoft\*.*
    %PROGRAMFILES%\*.*
    %APPDATA%\Update\*.*
    %systemroot%\*. /mp /s
    CREATERESTOREPOINT
    %systemroot%\System32\config\*.sav
    %PROGRAMFILES%\bak. /s
    %systemroot%\system32\bak. /s
    %ALLUSERSPROFILE%\Start Menu\*.lnk /x
    %systemroot%\system32\config\systemprofile\*.dat /x
    %systemroot%\*.config
    %systemroot%\system32\*.db
    %APPDATA%\Microsoft\Internet Explorer\Quick Launch\*.lnk /x
    %USERPROFILE%\Desktop\*.exe
    %PROGRAMFILES%\Common Files\*.*
    %systemroot%\*.src
    %systemroot%\install\*.*
    %systemroot%\system32\DLL\*.*
    %systemroot%\system32\HelpFiles\*.*
    %systemroot%\system32\rundll\*.*
    %systemroot%\winn32\*.*
    %systemroot%\Java\*.*
    %systemroot%\system32\test\*.*
    %systemroot%\system32\Rundll32\*.*
    %systemroot%\AppPatch\Custom\*.*
    %APPDATA%\Roaming\Microsoft\Windows\Recent\*.lnk /x
    %PROGRAMFILES%\PC-Doctor\Downloads\*.*
    %PROGRAMFILES%\Internet Explorer\*.tmp
    %PROGRAMFILES%\Internet Explorer\*.dat
    %USERPROFILE%\My Documents\*.exe
    %USERPROFILE%\*.exe
    %systemroot%\ADDINS\*.*
    %systemroot%\assembly\*.bak2
    %systemroot%\Config\*.*
    %systemroot%\REPAIR\*.bak2
    %systemroot%\SECURITY\Database\*.sdb /x
    %systemroot%\SYSTEM\*.bak2
    %systemroot%\Web\*.bak2
    %systemroot%\Driver Cache\*.*
    %PROGRAMFILES%\Mozilla Firefox\0*.exe
    %ProgramFiles%\Microsoft Common\*.*
    %ProgramFiles%\TinyProxy.
    %USERPROFILE%\Favorites\*.url /x
    %systemroot%\system32\*.bk
    %systemroot%\*.te
    %systemroot%\system32\system32\*.*
    %ALLUSERSPROFILE%\*.dat /x
    %systemroot%\system32\drivers\*.rmv
    dir /b "%systemroot%\system32\*.exe" | find /i " " /c
    dir /b "%systemroot%\*.exe" | find /i " " /c
    %PROGRAMFILES%\Microsoft\*.*
    %systemroot%\System32\Wbem\proquota.exe
    %PROGRAMFILES%\Mozilla Firefox\*.dat
    %USERPROFILE%\Cookies\*.txt /x
    %SystemRoot%\system32\fonts\*.*
    %systemroot%\system32\winlog\*.*
    %systemroot%\system32\Language\*.*
    %systemroot%\system32\Settings\*.*
    %systemroot%\system32\*.quo
    %SYSTEMROOT%\AppPatch\*.exe
    %SYSTEMROOT%\inf\*.exe
    %SYSTEMROOT%\Installer\*.exe
    %systemroot%\system32\config\*.bak2
    %systemroot%\system32\Computers\*.*
    %SystemRoot%\system32\Sound\*.*
    %SystemRoot%\system32\SpecialImg\*.*
    %SystemRoot%\system32\code\*.*
    %SystemRoot%\system32\draft\*.*
    %SystemRoot%\system32\MSSSys\*.*
    %ProgramFiles%\Javascript\*.*
    %systemroot%\pchealth\helpctr\System\*.exe /s
    %systemroot%\Web\*.exe
    %systemroot%\system32\msn\*.*
    %systemroot%\system32\*.tro
    %AppData%\Microsoft\Installer\msupdates\*.*
    %ProgramFiles%\Messenger\*.*
    %systemroot%\system32\systhem32\*.*
    %systemroot%\system\*.exe
    HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate\AU
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\Auto Update\Results\Install|LastSuccessTime /rs
    /md5start
    /md5stop


    • Click the Quick Scan button. Do not change any settings unless otherwise told to do so. The scan wont take long.
    • When the scan completes, it will open two notepad windows: OTL.txt and Extras.txt. These are saved in the same location as OTL.
    • Please copy (Edit->Select All, Edit->Copy) the contents of these files, one at a time, and post them back here.
     
  18. KriegSohn

    KriegSohn TS Rookie Topic Starter Posts: 18

    Voilà

    OTL 1/2

    OTL logfile created on: 27/05/2011 11:38:19 PM - Run 1
    OTL by OldTimer - Version 3.2.23.0 Folder = C:\Documents and Settings\Vincent\Desktop
    Windows XP Media Center Edition Service Pack 2 (Version = 5.1.2600) - Type = NTWorkstation
    Internet Explorer (Version = 6.0.2900.2180)
    Locale: 00001009 | Country: Canada | Language: ENC | Date Format: dd/MM/yyyy

    2.00 Gb Total Physical Memory | 1.19 Gb Available Physical Memory | 59.74% Memory free
    3.85 Gb Paging File | 3.17 Gb Available in Paging File | 82.38% Paging File free
    Paging file location(s): C:\pagefile.sys 2046 4092 [binary data]

    %SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
    Drive C: | 293.40 Gb Total Space | 220.80 Gb Free Space | 75.25% Space Free | Partition Type: NTFS
    Drive F: | 442.98 Mb Total Space | 0.00 Mb Free Space | 0.00% Space Free | Partition Type: UDF
    Drive L: | 1862.36 Gb Total Space | 1532.11 Gb Free Space | 82.27% Space Free | Partition Type: NTFS

    Computer Name: VINCENT | User Name: Vincent | Logged in as Administrator.
    Boot Mode: Normal | Scan Mode: All users | Quick Scan
    Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

    ========== Processes (SafeList) ==========

    PRC - [2011/05/27 23:36:29 | 000,580,096 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Vincent\Desktop\OTL.exe
    PRC - [2011/05/03 22:17:21 | 000,910,296 | ---- | M] (Mozilla Corporation) -- C:\Program Files\Mozilla Firefox\firefox.exe
    PRC - [2011/04/05 14:19:16 | 002,692,024 | ---- | M] (Symantec Corporation) -- C:\Documents and Settings\All Users\Application Data\Norton\NUA.exe
    PRC - [2010/02/25 20:21:50 | 000,126,392 | R--- | M] (Symantec Corporation) -- C:\Program Files\Norton 360\Engine\4.3.0.5\ccsvchst.exe
    PRC - [2010/01/21 16:24:08 | 000,110,592 | ---- | M] (WDC) -- C:\Program Files\Western Digital\WD SmartWare\WD Drive Manager\WDDMService.exe
    PRC - [2009/06/16 08:58:08 | 000,020,480 | ---- | M] (Memeo) -- C:\Program Files\Western Digital\WD SmartWare\Front Parlor\WDSmartWareBackgroundService.exe
    PRC - [2008/12/10 20:03:15 | 000,417,464 | ---- | M] (Cisco Systems, Inc.) -- C:\Program Files\Cisco\Cisco AnyConnect VPN Client\vpnagent.exe
    PRC - [2007/06/13 06:23:07 | 001,033,216 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe


    ========== Modules (SafeList) ==========

    MOD - [2011/05/27 23:36:29 | 000,580,096 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Vincent\Desktop\OTL.exe
    MOD - [2010/09/20 15:26:01 | 000,415,088 | R--- | M] (Symantec Corporation) -- C:\Program Files\Norton 360\Engine\4.3.0.5\asoehook.dll
    MOD - [2009/07/12 00:02:02 | 000,653,120 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\WinSxS\x86_Microsoft.VC90.CRT_1fc8b3b9a1e18e3b_9.0.30729.4148_x-ww_d495ac4e\msvcr90.dll
    MOD - [2009/07/12 00:02:00 | 000,569,664 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\WinSxS\x86_Microsoft.VC90.CRT_1fc8b3b9a1e18e3b_9.0.30729.4148_x-ww_d495ac4e\msvcp90.dll
    MOD - [2006/08/25 10:45:56 | 001,054,208 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.2982_x-ww_ac3f9c03\comctl32.dll


    ========== Win32 Services (SafeList) ==========

    SRV - [2011/05/16 08:58:36 | 002,151,128 | ---- | M] (Lavasoft Limited) [Disabled | Stopped] -- C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe -- (Lavasoft Ad-Aware Service)
    SRV - [2010/02/25 20:21:50 | 000,126,392 | R--- | M] (Symantec Corporation) [Unknown | Running] -- C:\Program Files\Norton 360\Engine\4.3.0.5\ccSvcHst.exe -- (N360)
    SRV - [2010/02/25 17:11:04 | 000,856,064 | ---- | M] () [Disabled | Stopped] -- C:\Program Files\TVersity\Media Server\MediaServer.exe -- (TVersityMediaServer)
    SRV - [2010/01/21 16:24:08 | 000,110,592 | ---- | M] (WDC) [Auto | Running] -- C:\Program Files\Western Digital\WD SmartWare\WD Drive Manager\WDDMService.exe -- (WDDMService)
    SRV - [2009/06/16 08:58:08 | 000,020,480 | ---- | M] (Memeo) [Auto | Running] -- C:\Program Files\Western Digital\WD SmartWare\Front Parlor\WDSmartWareBackgroundService.exe -- (WDSmartWareBackgroundService)
    SRV - [2008/12/10 20:03:15 | 000,417,464 | ---- | M] (Cisco Systems, Inc.) [Auto | Running] -- C:\Program Files\Cisco\Cisco AnyConnect VPN Client\vpnagent.exe -- (vpnagent)
    SRV - [2008/08/13 18:32:40 | 000,201,968 | ---- | M] (SupportSoft, Inc.) [Disabled | Stopped] -- C:\Program Files\Dell Support Center\bin\sprtsvc.exe -- (sprtsvc_dellsupportcenter) SupportSoft Sprocket Service (dellsupportcenter)
    SRV - [2008/08/03 20:06:26 | 000,658,432 | ---- | M] (Macrovision Europe Ltd.) [Disabled | Stopped] -- C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe -- (FLEXnet Licensing Service)
    SRV - [2007/03/19 13:44:44 | 000,070,656 | ---- | M] () [Disabled | Stopped] -- C:\Program Files\DellSupport\brkrsvc.exe -- (DSBrokerService)
    SRV - [2006/11/02 21:40:12 | 000,174,656 | ---- | M] () [Disabled | Stopped] -- C:\WINDOWS\system32\PSIService.exe -- (ProtexisLicensing)
    SRV - [2006/03/30 10:15:44 | 000,096,341 | ---- | M] (Canon Inc.) [Disabled | Stopped] -- C:\Program Files\Canon\CAL\CALMAIN.exe -- (CCALib8)
    SRV - [2005/03/09 20:50:18 | 000,018,944 | ---- | M] (http://libusb-win32.sourceforge.net) [Disabled | Stopped] -- C:\WINDOWS\system32\libusbd-nt.exe -- (libusbd)


    ========== Driver Services (SafeList) ==========

    DRV - File not found [Kernel | On_Demand | Running] -- -- (catchme)
    DRV - [2011/05/27 22:24:10 | 000,105,472 | ---- | M] () [Kernel | Boot | Running] -- C:\WINDOWS\system32\drivers\nvatabus.sys -- (nvatabus)
    DRV - [2011/05/17 22:52:37 | 001,542,392 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\Documents and Settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_4.1.0.32\Definitions\VirusDefs\20110527.019\NAVEX15.SYS -- (NAVEX15)
    DRV - [2011/05/17 22:52:36 | 000,086,008 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\Documents and Settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_4.1.0.32\Definitions\VirusDefs\20110527.019\NAVENG.SYS -- (NAVENG)
    DRV - [2011/05/09 22:28:56 | 000,374,392 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Program Files\Common Files\Symantec Shared\EENGINE\eeCtrl.sys -- (eeCtrl)
    DRV - [2011/05/09 22:28:56 | 000,105,592 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\Program Files\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys -- (EraserUtilRebootDrv)
    DRV - [2011/04/29 12:11:58 | 000,015,232 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\Program Files\Lavasoft\Ad-Aware\kernexplorer.sys -- (Lavasoft Kernexplorer)
    DRV - [2011/04/17 22:01:36 | 000,169,472 | ---- | M] (Acronis) [Kernel | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\snapman.sys -- (snapman)
    DRV - [2011/04/15 16:29:05 | 000,802,936 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Documents and Settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_4.1.0.32\Definitions\BASHDefs\20110518.001\BHDrvx86.sys -- (BHDrvx86)
    DRV - [2011/03/14 14:58:34 | 000,341,944 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\Documents and Settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_4.1.0.32\Definitions\IPSDefs\20110527.001\IDSXpx86.sys -- (IDSxpx86)
    DRV - [2011/01/01 10:12:18 | 000,081,168 | ---- | M] (MotioninJoy) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\MijXfilt.sys -- (MotioninJoyXFilter)
    DRV - [2010/10/15 18:22:43 | 000,139,832 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\PnkBstrK.sys -- (PnkBstrK)
    DRV - [2010/06/10 21:51:47 | 000,124,976 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\SYMEVENT.SYS -- (SymEvent)
    DRV - [2010/05/06 00:01:59 | 000,361,904 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\WINDOWS\System32\Drivers\N360\0403000.005\SYMTDI.SYS -- (SYMTDI)
    DRV - [2010/04/29 01:03:51 | 000,116,784 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\N360\0403000.005\Ironx86.SYS -- (SymIRON)
    DRV - [2010/04/21 23:02:20 | 000,173,104 | ---- | M] (Symantec Corporation) [File_System | Boot | Running] -- C:\WINDOWS\system32\drivers\N360\0403000.005\SYMEFA.SYS -- (SymEFA)
    DRV - [2010/04/21 22:29:50 | 000,325,680 | ---- | M] (Symantec Corporation) [File_System | System | Running] -- C:\WINDOWS\System32\Drivers\N360\0403000.005\SRTSP.SYS -- (SRTSP)
    DRV - [2010/04/21 22:29:50 | 000,043,696 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\N360\0403000.005\SRTSPX.SYS -- (SRTSPX) Symantec Real Time Storage Protection (PEL)
    DRV - [2010/02/25 20:22:57 | 000,501,888 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\N360\0403000.005\ccHPx86.sys -- (ccHP)
    DRV - [2010/02/03 21:40:47 | 000,328,752 | R--- | M] (Symantec Corporation) [Kernel | Boot | Running] -- C:\WINDOWS\system32\drivers\N360\0403000.005\SYMDS.SYS -- (SymDS)
    DRV - [2009/07/13 17:51:12 | 000,034,944 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\winusb.sys -- (WinUSB)
    DRV - [2009/02/13 11:02:52 | 000,011,520 | ---- | M] (Western Digital Technologies) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\wdcsam.sys -- (WDC_SAM)
    DRV - [2008/12/10 19:50:39 | 000,020,152 | ---- | M] (Cisco Systems, Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\vpnva.sys -- (vpnva)
    DRV - [2008/07/28 18:19:28 | 000,116,736 | ---- | M] (MagicISO, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\mcdbus.sys -- (mcdbus)
    DRV - [2008/06/27 19:21:44 | 000,100,888 | ---- | M] (Creative Technology Ltd) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\CTERFXFX.sys -- (CTERFXFX)
    DRV - [2008/06/27 19:21:38 | 000,566,296 | ---- | M] (Creative Technology Ltd) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\CTSBLFX.sys -- (CTSBLFX)
    DRV - [2008/06/27 19:21:26 | 000,555,032 | ---- | M] (Creative Technology Ltd) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\CTAUDFX.sys -- (CTAUDFX)
    DRV - [2008/06/27 19:21:18 | 000,099,352 | ---- | M] (Creative Technology Ltd) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\COMMONFX.sys -- (COMMONFX)
    DRV - [2007/04/25 02:02:28 | 000,160,256 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\b57xp32.sys -- (b57w2k)
    DRV - [2007/04/18 08:59:40 | 000,098,600 | ---- | M] (Creative Technology Ltd) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\COMMONFX.DLL -- (COMMONFX.DLL)
    DRV - [2007/04/12 08:10:26 | 000,164,608 | ---- | M] (Creative Technology Ltd.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\CT20XUT.DLL -- (CT20XUT.DLL)
    DRV - [2007/04/12 08:10:26 | 000,066,816 | ---- | M] (Creative Technology Ltd.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\CTHWIUT.DLL -- (CTHWIUT.DLL)
    DRV - [2007/04/12 08:10:24 | 001,317,632 | ---- | M] (Creative Technology Ltd.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\CTEXFIFX.DLL -- (CTEXFIFX.DLL)
    DRV - [2007/04/12 08:10:22 | 000,323,328 | ---- | M] (Creative Technology Ltd) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\CTEDSPSY.DLL -- (CTEDSPSY.DLL)
    DRV - [2007/04/12 08:10:22 | 000,128,768 | ---- | M] (Creative Technology Ltd) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\CTEDSPIO.DLL -- (CTEDSPIO.DLL)
    DRV - [2007/04/12 08:10:20 | 000,280,320 | ---- | M] (Creative Technology Ltd) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\CTEDSPFX.DLL -- (CTEDSPFX.DLL)
    DRV - [2007/04/12 08:10:20 | 000,094,976 | ---- | M] (Creative Technology Ltd) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\CTERFXFX.DLL -- (CTERFXFX.DLL)
    DRV - [2007/04/12 08:10:18 | 000,168,192 | ---- | M] (Creative Technology Ltd) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\CTEAPSFX.DLL -- (CTEAPSFX.DLL)
    DRV - [2007/04/12 08:10:16 | 000,560,384 | ---- | M] (Creative Technology Ltd) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\CTSBLFX.DLL -- (CTSBLFX.DLL)
    DRV - [2007/04/12 08:10:16 | 000,546,048 | ---- | M] (Creative Technology Ltd) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\CTAUDFX.DLL -- (CTAUDFX.DLL)
    DRV - [2007/04/12 07:16:16 | 001,171,464 | ---- | M] (SigmaTel, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\sthda.sys -- (STHDA)
    DRV - [2007/04/10 06:00:24 | 000,157,480 | ---- | M] (Creative Technology Ltd) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ctsfm2k.sys -- (ctsfm2k)
    DRV - [2007/04/10 05:59:04 | 000,126,760 | ---- | M] (Creative Technology Ltd.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ctoss2k.sys -- (ossrv)
    DRV - [2007/04/10 04:32:34 | 000,016,168 | ---- | M] (Creative Technology Ltd.) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\pfmodnt.sys -- (PfModNT)
    DRV - [2007/04/10 04:32:06 | 000,189,736 | ---- | M] (Creative Technology Ltd) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\haP17v2k.sys -- (hap17v2k)
    DRV - [2007/04/10 04:31:18 | 000,163,112 | ---- | M] (Creative Technology Ltd) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\haP16v2k.sys -- (hap16v2k)
    DRV - [2007/04/10 04:29:10 | 000,797,992 | ---- | M] (Creative Technology Ltd) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ha10kx2k.sys -- (ha10kx2k)
    DRV - [2007/04/10 04:28:36 | 000,092,968 | ---- | M] (Creative Technology Ltd) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\emupia2k.sys -- (emupia)
    DRV - [2007/04/10 04:25:46 | 000,014,632 | ---- | M] (Creative Technology Ltd) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ctprxy2k.sys -- (ctprxy2k)
    DRV - [2007/04/10 04:21:06 | 000,347,128 | ---- | M] (Creative Technology Ltd) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\ctdvda2k.sys -- (ctdvda2k)
    DRV - [2007/04/10 04:20:38 | 000,520,488 | ---- | M] (Creative Technology Ltd) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ctaud2k.sys -- (ctaud2k) Creative Audio Driver (WDM)
    DRV - [2007/04/10 04:19:30 | 000,511,272 | ---- | M] (Creative Technology Ltd) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ctac32k.sys -- (ctac32k)
    DRV - [2007/02/25 13:10:48 | 000,005,376 | --S- | M] (Gteko Ltd.) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\dsunidrv.sys -- (dsunidrv)
    DRV - [2006/10/05 18:07:28 | 000,004,736 | ---- | M] (Gteko Ltd.) [Kernel | On_Demand | Stopped] -- C:\Program Files\DellSupport\GTAction\triggers\DSproct.sys -- (DSproct)
    DRV - [2006/08/18 14:18:08 | 000,009,400 | ---- | M] (Roxio) [File_System | Auto | Running] -- C:\WINDOWS\system32\DLA\DLADResM.SYS -- (DLADResM)
    DRV - [2006/08/18 14:17:46 | 000,035,096 | ---- | M] (Roxio) [File_System | Auto | Running] -- C:\WINDOWS\system32\DLA\DLABMFSM.SYS -- (DLABMFSM)
    DRV - [2006/08/18 14:17:44 | 000,097,848 | ---- | M] (Roxio) [File_System | Auto | Running] -- C:\WINDOWS\system32\DLA\DLAUDF_M.SYS -- (DLAUDF_M)
    DRV - [2006/08/18 14:17:44 | 000,094,648 | ---- | M] (Roxio) [File_System | Auto | Running] -- C:\WINDOWS\system32\DLA\DLAUDFAM.SYS -- (DLAUDFAM)
    DRV - [2006/08/18 14:17:42 | 000,026,008 | ---- | M] (Roxio) [File_System | Auto | Running] -- C:\WINDOWS\system32\DLA\DLAOPIOM.SYS -- (DLAOPIOM)
    DRV - [2006/08/18 14:17:40 | 000,032,472 | ---- | M] (Roxio) [File_System | Auto | Running] -- C:\WINDOWS\system32\DLA\DLABOIOM.SYS -- (DLABOIOM)
    DRV - [2006/08/18 14:17:38 | 000,104,472 | ---- | M] (Roxio) [File_System | Auto | Running] -- C:\WINDOWS\system32\DLA\DLAIFS_M.SYS -- (DLAIFS_M)
    DRV - [2006/08/18 14:17:38 | 000,014,520 | ---- | M] (Roxio) [File_System | Auto | Running] -- C:\WINDOWS\system32\DLA\DLAPoolM.SYS -- (DLAPoolM)
    DRV - [2006/08/11 11:35:18 | 000,012,920 | ---- | M] (Roxio) [File_System | System | Running] -- C:\WINDOWS\system32\drivers\DLACDBHM.SYS -- (DLACDBHM)
    DRV - [2006/08/11 11:35:16 | 000,028,184 | ---- | M] (Roxio) [File_System | System | Running] -- C:\WINDOWS\system32\drivers\DLARTL_M.SYS -- (DLARTL_M)
    DRV - [2006/02/24 17:06:48 | 000,107,392 | ---- | M] (AGEIA Technologies) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\athena.sys -- (athena)
    DRV - [2005/08/12 18:50:46 | 000,016,128 | ---- | M] (Dell Inc) [Kernel | System | Running] -- C:\WINDOWS\SYSTEM32\DRIVERS\APPDRV.SYS -- (APPDRV)
    DRV - [2005/03/09 21:50:16 | 000,033,792 | ---- | M] () [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\libusb0.sys -- (libusb0)
    DRV - [2004/08/03 23:08:22 | 000,010,624 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\gameenum.sys -- (gameenum)
    DRV - [2002/05/24 12:52:58 | 000,010,368 | ---- | M] (Digit@lway Co., Ltd.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\dwusbdnt.sys -- (dwusbdnt)
    DRV - [2001/08/17 14:02:32 | 000,008,576 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\hidgame.sys -- (hidgame)


    ========== Standard Registry (SafeList) ==========


    ========== Internet Explorer ==========

    IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm
    IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www1.ca.dell.com/content/default.aspx?c=ca&l=en&s=gen
    IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,Default_Page_URL = www.google.ca/ig/dell?hl=en&client=dell-row&channel=ca&ibd=0071029
    IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,Start Page = www.google.ca/ig/dell?hl=en&client=dell-row&channel=ca&ibd=0071029


    IE - HKU\.DEFAULT\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = www.google.ca/ig/dell?hl=en&client=dell-row&channel=ca&ibd=0071029
    IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

    IE - HKU\S-1-5-18\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = www.google.ca/ig/dell?hl=en&client=dell-row&channel=ca&ibd=0071029
    IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0



    IE - HKU\S-1-5-21-3259613652-3807671696-3229074984-1005\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://google.com/
    IE - HKU\S-1-5-21-3259613652-3807671696-3229074984-1005\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

    ========== FireFox ==========

    FF - prefs.js..browser.startup.homepage: "http://google.com/"
    FF - prefs.js..extensions.enabledItems: smartwebprinting@hp.com:4.5
    FF - prefs.js..extensions.enabledItems: moveplayer@movenetworks.com:7
    FF - prefs.js..extensions.enabledItems: {BBDA0591-3099-440a-AA10-41764D9DB4DB}:2.0
    FF - prefs.js..extensions.enabledItems: {2D3F3651-74B9-4795-BDEC-6DA2F431CB62}:4.6

    FF - HKLM\software\mozilla\Firefox\Extensions\\smartwebprinting@hp.com: C:\Program Files\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3 [2010/05/16 15:51:40 | 000,000,000 | ---D | M]
    FF - HKLM\software\mozilla\Firefox\Extensions\\{BBDA0591-3099-440a-AA10-41764D9DB4DB}: C:\Documents and Settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_4.1.0.32\IPSFFPlgn\ [2010/06/11 04:55:16 | 000,000,000 | ---D | M]
    FF - HKLM\software\mozilla\Firefox\Extensions\\{2D3F3651-74B9-4795-BDEC-6DA2F431CB62}: C:\Documents and Settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_4.1.0.32\coFFPlgn\ [2010/06/10 21:52:55 | 000,000,000 | ---D | M]
    FF - HKLM\software\mozilla\Mozilla Firefox 3.5.19\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2011/05/03 22:17:27 | 000,000,000 | ---D | M]
    FF - HKLM\software\mozilla\Mozilla Firefox 3.5.19\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2011/05/27 23:36:07 | 000,000,000 | ---D | M]

    [2008/11/30 15:47:53 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Vincent\Application Data\Mozilla\Extensions
    [2011/05/26 21:39:11 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Vincent\Application Data\Mozilla\Firefox\Profiles\m3nhrhfe.default\extensions
    [2010/09/29 22:41:01 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Documents and Settings\Vincent\Application Data\Mozilla\Firefox\Profiles\m3nhrhfe.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}
    [2008/11/30 15:47:58 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions
    [2010/06/10 21:52:55 | 000,000,000 | ---D | M] (Norton Toolbar) -- C:\DOCUMENTS AND SETTINGS\ALL USERS\APPLICATION DATA\NORTON\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_4.1.0.32\COFFPLGN
    [2010/06/11 04:55:16 | 000,000,000 | ---D | M] (Norton IPS) -- C:\DOCUMENTS AND SETTINGS\ALL USERS\APPLICATION DATA\NORTON\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_4.1.0.32\IPSFFPLGN
    [2009/12/15 19:35:24 | 000,000,000 | ---D | M] (Move Media Player) -- C:\DOCUMENTS AND SETTINGS\VINCENT\APPLICATION DATA\MOVE NETWORKS
    [2010/05/16 15:51:40 | 000,000,000 | ---D | M] (HP Smart Web Printing) -- C:\PROGRAM FILES\HP\DIGITAL IMAGING\SMART WEB PRINTING\MOZILLAADDON3
    [2008/04/25 14:32:20 | 005,817,064 | ---- | M] () -- C:\Program Files\Mozilla Firefox\plugins\ScorchPDFWrapper.dll
    [2010/02/06 19:31:44 | 000,001,516 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\amazon-france.xml
    [2010/02/06 19:31:44 | 000,001,822 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\cnrtl-tlfi-fr.xml
    [2010/02/06 19:31:44 | 000,000,757 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\eBay-france.xml
    [2006/09/10 07:35:08 | 000,000,748 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\MediaDICO-fr.xml
    [2010/02/06 19:31:44 | 000,001,426 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\wikipedia-fr.xml
    [2010/02/06 19:31:44 | 000,000,652 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\yahoo-france.xml

    O1 HOSTS File: ([2011/05/27 23:20:49 | 000,000,027 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\hosts
    O1 - Hosts: 127.0.0.1 localhost
    O2 - BHO: (Adobe PDF Reader Link Helper) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated)
    O2 - BHO: (Spybot-S&D IE Protection) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
    O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - No CLSID value found.
    O2 - BHO: (Symantec NCO BHO) - {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - C:\Program Files\Norton 360\Engine\4.3.0.5\coieplg.dll (Symantec Corporation)
    O2 - BHO: (Symantec Intrusion Prevention) - {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - C:\Program Files\Norton 360\Engine\4.3.0.5\ipsbho.dll (Symantec Corporation)
    O2 - BHO: (SSVHelper Class) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll (Sun Microsystems, Inc.)
    O2 - BHO: (CBrowserHelperObject Object) - {CA6319C0-31B7-401E-A518-A07C3DB8F777} - C:\Program Files\Dell\BAE\BAE.dll (Dell Inc.)
    O3 - HKLM\..\Toolbar: (Norton Toolbar) - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files\Norton 360\Engine\4.3.0.5\coieplg.dll (Symantec Corporation)
    O3 - HKU\S-1-5-21-3259613652-3807671696-3229074984-1005\..\Toolbar\ShellBrowser: (Norton Toolbar) - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files\Norton 360\Engine\4.3.0.5\coieplg.dll (Symantec Corporation)
    O3 - HKU\S-1-5-21-3259613652-3807671696-3229074984-1005\..\Toolbar\WebBrowser: (Norton Toolbar) - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files\Norton 360\Engine\4.3.0.5\coieplg.dll (Symantec Corporation)
    O4 - HKLM..\Run: [NvCplDaemon] C:\WINDOWS\System32\NvCpl.dll (NVIDIA Corporation)
    O4 - HKLM..\Run: [NvMediaCenter] C:\WINDOWS\System32\NvMcTray.dll (NVIDIA Corporation)
    O4 - HKLM..\Run: [nwiz] C:\Program Files\NVIDIA Corporation\nView\nwiz.exe ()
    O4 - HKU\S-1-5-21-3259613652-3807671696-3229074984-1005..\Run: [NortonUpdateAgent] C:\Documents and Settings\All Users\Application Data\Norton\NUA.exe (Symantec Corporation)
    O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
    O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
    O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoCDBurning = 0
    O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
    O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
    O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
    O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: InstallVisualStyle = C:\WINDOWS\Resources\Themes\Royale\Royale.msstyles (Microsoft)
    O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: InstallTheme = C:\WINDOWS\Resources\Themes\Royale.theme ()
    O7 - HKU\.DEFAULT\Software\Policies\Microsoft\Internet Explorer\Control Panel present
    O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
    O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
    O7 - HKU\S-1-5-18\Software\Policies\Microsoft\Internet Explorer\Control Panel present
    O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
    O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
    O7 - HKU\S-1-5-19\Software\Policies\Microsoft\Internet Explorer\Control Panel present
    O7 - HKU\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
    O7 - HKU\S-1-5-20\Software\Policies\Microsoft\Internet Explorer\Control Panel present
    O7 - HKU\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
    O7 - HKU\S-1-5-21-3259613652-3807671696-3229074984-1005\Software\Policies\Microsoft\Internet Explorer\Control Panel present
    O7 - HKU\S-1-5-21-3259613652-3807671696-3229074984-1005\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
    O7 - HKU\S-1-5-21-3259613652-3807671696-3229074984-1005\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
    O7 - HKU\S-1-5-21-3259613652-3807671696-3229074984-1005\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
    O9 - Extra 'Tools' menuitem : Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\NPJPI150_06.dll (Sun Microsystems, Inc.)
    O9 - Extra 'Tools' menuitem : Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
    O10 - NameSpace_Catalog5\Catalog_Entries\000000000004 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Computer, Inc.)
    O16 - DPF: {01A88BB1-1174-41EC-ACCB-963509EAE56B} http://support.dell.com/systemprofiler/SysPro.CAB (SysProWmi Class)
    O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} http://go.microsoft.com/fwlink/?linkid=39204 (Windows Genuine Advantage Validation Tool)
    O16 - DPF: {55963676-2F5E-4BAF-AC28-CF26AA587566} https://vpn2.cae.com/CACHE/stc/1/binaries/vpnweb.cab (Cisco AnyConnect VPN Client Web Control)
    O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.5.0/jinstall-1_5_0_06-windows-i586.cab (Java Plug-in 1.5.0_06)
    O16 - DPF: {CAFEEFAC-0015-0000-0006-ABCDEFFEDCBA} http://java.sun.com/update/1.5.0/jinstall-1_5_0_06-windows-i586.cab (Java Plug-in 1.5.0_06)
    O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.5.0/jinstall-1_5_0_06-windows-i586.cab (Java Plug-in 1.5.0_06)
    O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://download.macromedia.com/pub/shockwave/cabs/flash/swflash.cab (Shockwave Flash Object)
    O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab (Reg Error: Key error.)
    O16 - DPF: {F27237D7-93C8-44C2-AC6E-D6057B9A918F} https://vpn.umontreal.ca/dana-cached/sc/JuniperSetupClient.cab (JuniperSetupClientControl Class)
    O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 24.200.243.189 24.200.241.37 24.201.245.77
    O18 - Protocol\Handler\cetihpz {CF184AD3-CDCB-4168-A3F7-8E447D129300} - C:\Program Files\HP\hpcoretech\comp\hpuiprot.dll (Hewlett-Packard Company)
    O18 - Protocol\Handler\mctp {d7b95390-b1c5-11d0-b111-0080c712fe82} - File not found
    O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
    O24 - Desktop WallPaper: C:\Documents and Settings\Vincent\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
    O24 - Desktop BackupWallPaper: C:\Documents and Settings\Vincent\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
    O32 - HKLM CDRom: AutoRun - 1
    O32 - AutoRun File - [2005/08/16 06:43:04 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
    O32 - AutoRun File - [2010/01/28 16:00:27 | 000,000,088 | R--- | M] () - F:\autorun.inf -- [ UDF ]
    O34 - HKLM BootExecute: (autocheck autochk *) - File not found
    O34 - HKLM BootExecute: (lsdelete) - C:\WINDOWS\System32\lsdelete.exe ()
    O35 - HKLM\..comfile [open] -- "%1" %*
    O35 - HKLM\..exefile [open] -- "%1" %*
    O37 - HKLM\...com [@ = ComFile] -- "%1" %*
    O37 - HKLM\...exe [@ = exefile] -- "%1" %*

    NetSvcs: 6to4 - File not found
    NetSvcs: Ias - File not found
    NetSvcs: Iprip - File not found
    NetSvcs: Irmon - File not found
    NetSvcs: NWCWorkstation - File not found
    NetSvcs: Nwsapagent - File not found
    NetSvcs: WmdmPmSp - File not found

    Drivers32: MSACM.CEGSM - mobilev.acm File not found
    Drivers32: msacm.iac2 - C:\WINDOWS\system32\iac25_32.ax (Intel Corporation)
    Drivers32: msacm.l3acm - C:\WINDOWS\system32\l3codeca.acm (Fraunhofer Institut Integrierte Schaltungen IIS)
    Drivers32: msacm.lhacm - C:\WINDOWS\System32\lhacm.acm (Microsoft Corporation)
    Drivers32: MSACM.MI-SC4 - MI-SC4.acm File not found
    Drivers32: msacm.sl_anet - C:\WINDOWS\System32\sl_anet.acm (Sipro Lab Telecom Inc.)
    Drivers32: msacm.trspch - C:\WINDOWS\System32\tssoft32.acm (DSP GROUP, INC.)
    Drivers32: vidc.cvid - C:\WINDOWS\System32\iccvid.dll (Radius Inc.)
    Drivers32: VIDC.FFDS - C:\WINDOWS\System32\ff_vfw.dll ()
    Drivers32: vidc.iv31 - C:\WINDOWS\System32\ir32_32.dll ()
    Drivers32: vidc.iv32 - C:\WINDOWS\System32\ir32_32.dll ()
    Drivers32: vidc.iv41 - C:\WINDOWS\System32\ir41_32.ax (Intel Corporation)
    Drivers32: vidc.iv50 - C:\WINDOWS\System32\ir50_32.dll (Intel Corporation)
    Drivers32: VIDC.XFR1 - C:\WINDOWS\System32\xfcodec.dll ()

    CREATERESTOREPOINT
    Restore point Set: OTL Restore Point (54619756233228288)

    ========== Files/Folders - Created Within 30 Days ==========

    [2011/05/27 23:36:27 | 000,580,096 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\Vincent\Desktop\OTL.exe
    [2011/05/27 22:21:54 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Vincent\Desktop\tdsskiller
    [2011/05/27 21:44:38 | 000,000,000 | RHSD | C] -- C:\cmdcons
    [2011/05/27 21:41:38 | 000,212,480 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWXCACLS.exe
    [2011/05/27 21:41:38 | 000,161,792 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWREG.exe
    [2011/05/27 21:41:38 | 000,136,704 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWSC.exe
    [2011/05/27 21:41:38 | 000,031,232 | ---- | C] (NirSoft) -- C:\WINDOWS\NIRCMD.exe
    [2011/05/27 21:41:31 | 000,000,000 | ---D | C] -- C:\WINDOWS\ERDNT
    [2011/05/27 21:41:27 | 000,000,000 | ---D | C] -- C:\Qoobox
    [2011/05/27 21:34:08 | 004,296,381 | R--- | C] (Swearware) -- C:\Documents and Settings\Vincent\Desktop\ComboFix.exe
    [2011/05/26 23:06:03 | 000,589,632 | ---- | C] (AVAST Software) -- C:\Documents and Settings\Vincent\Desktop\aswMBR.exe
    [2011/05/26 19:19:29 | 000,000,000 | R--D | C] -- C:\Documents and Settings\Vincent\Start Menu\Programs\Administrative Tools
    [2011/05/26 18:57:45 | 000,610,953 | R--- | C] (Swearware) -- C:\Documents and Settings\Vincent\Desktop\dds.scr
    [2011/05/25 23:23:32 | 001,930,720 | ---- | C] (Symantec Corporation) -- C:\Documents and Settings\Vincent\Desktop\FixTDSS.exe
    [2011/05/24 20:58:00 | 000,098,392 | ---- | C] (Sunbelt Software) -- C:\WINDOWS\System32\drivers\SBREDrv.sys
    [2011/05/24 20:53:24 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\Lavasoft
    [2011/05/24 19:58:35 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\{83C91755-2546-441D-AC40-9A6B4B860800}
    [2011/05/19 22:17:31 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Vincent\Application Data\Malwarebytes
    [2011/05/19 22:17:26 | 000,038,224 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbamswissarmy.sys
    [2011/05/19 22:17:26 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\Malwarebytes' Anti-Malware
    [2011/05/19 22:17:25 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Malwarebytes
    [2011/05/19 22:17:22 | 000,020,952 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys
    [2011/05/19 22:17:22 | 000,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware
    [2011/05/19 21:28:42 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Vincent\Local Settings\Application Data\NPE
    [2011/05/19 21:28:30 | 006,141,880 | ---- | C] (Symantec Corporation) -- C:\Documents and Settings\Vincent\Desktop\NPE.exe
    [2010/06/15 07:25:37 | 001,990,728 | ---- | C] (Facebook, Inc.) -- C:\Program Files\Install_Facebook_Plug-In_1.0.3.exe
    [2007/04/09 12:32:58 | 000,034,816 | ---- | C] ( ) -- C:\WINDOWS\System32\a3d.dll
    [2007/04/09 12:19:16 | 000,010,240 | ---- | C] ( ) -- C:\WINDOWS\System32\killapps.exe
    [2 C:\*.tmp files -> C:\*.tmp -> ]
    [1 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]
    [1 C:\Documents and Settings\Vincent\Application Data\*.tmp files -> C:\Documents and Settings\Vincent\Application Data\*.tmp -> ]

    ========== Files - Modified Within 30 Days ==========

    [2011/05/27 23:36:29 | 000,580,096 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Vincent\Desktop\OTL.exe
    [2011/05/27 23:20:49 | 000,000,027 | ---- | M] () -- C:\WINDOWS\System32\drivers\etc\hosts
    [2011/05/27 23:05:29 | 000,001,940 | ---- | M] () -- C:\Documents and Settings\Vincent\Local Settings\Application Data\{96C87F53-AC72-4604-A9CC-186A49F17F3C}.ini
    [2011/05/27 23:02:28 | 000,442,466 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat
    [2011/05/27 23:02:28 | 000,071,732 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat
    [2011/05/27 22:58:15 | 000,001,054 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineCore.job
    [2011/05/27 22:58:15 | 000,000,282 | ---- | M] () -- C:\WINDOWS\tasks\RealUpgradeLogonTaskS-1-5-21-3259613652-3807671696-3229074984-1005.job
    [2011/05/27 22:58:05 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
    [2011/05/27 22:58:01 | 2144,702,464 | -HS- | M] () -- C:\hiberfil.sys
    [2011/05/27 22:48:52 | 000,031,812 | ---- | M] () -- C:\WINDOWS\System32\BMXCtrlState-{00000002-00000000-00000005-00001102-00000004-20021102}.rfx
    [2011/05/27 22:48:52 | 000,031,812 | ---- | M] () -- C:\WINDOWS\System32\BMXBkpCtrlState-{00000002-00000000-00000005-00001102-00000004-20021102}.rfx
    [2011/05/27 22:48:52 | 000,031,440 | ---- | M] () -- C:\WINDOWS\System32\BMXStateBkp-{00000002-00000000-00000005-00001102-00000004-20021102}.rfx
    [2011/05/27 22:48:52 | 000,031,440 | ---- | M] () -- C:\WINDOWS\System32\BMXState-{00000002-00000000-00000005-00001102-00000004-20021102}.rfx
    [2011/05/27 22:48:52 | 000,011,564 | ---- | M] () -- C:\WINDOWS\System32\DVCState-{00000002-00000000-00000005-00001102-00000004-20021102}.rfx
    [2011/05/27 22:24:10 | 000,105,472 | ---- | M] () -- C:\WINDOWS\System32\drivers\nvatabus.sys
    [2011/05/27 22:21:19 | 001,301,452 | ---- | M] () -- C:\Documents and Settings\Vincent\Desktop\tdsskiller.zip
    [2011/05/27 22:20:00 | 000,001,058 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineUA.job
    [2011/05/27 21:44:44 | 000,000,325 | RHS- | M] () -- C:\boot.ini
    [2011/05/27 21:35:12 | 001,007,108 | ---- | M] () -- C:\Documents and Settings\Vincent\Desktop\rkill.com
    [2011/05/27 21:34:08 | 004,296,381 | R--- | M] (Swearware) -- C:\Documents and Settings\Vincent\Desktop\ComboFix.exe
    [2011/05/27 20:54:29 | 000,000,486 | ---- | M] () -- C:\WINDOWS\tasks\Ad-Aware Update (Weekly).job
    [2011/05/27 17:08:01 | 000,000,290 | ---- | M] () -- C:\WINDOWS\tasks\RealUpgradeScheduledTaskS-1-5-21-3259613652-3807671696-3229074984-1005.job
    [2011/05/27 01:21:33 | 000,001,848 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Google Chrome.lnk
    [2011/05/26 23:08:29 | 000,133,632 | ---- | M] () -- C:\Documents and Settings\Vincent\Desktop\RKUnhookerLE.EXE
    [2011/05/26 23:07:56 | 000,000,512 | ---- | M] () -- C:\Documents and Settings\Vincent\Desktop\MBR.dat
    [2011/05/26 23:06:06 | 000,589,632 | ---- | M] (AVAST Software) -- C:\Documents and Settings\Vincent\Desktop\aswMBR.exe
    [2011/05/26 20:27:07 | 052,676,424 | ---- | M] () -- C:\Documents and Settings\Vincent\Desktop\avira_antivir_personal_en.exe
    [2011/05/26 18:57:46 | 000,610,953 | R--- | M] (Swearware) -- C:\Documents and Settings\Vincent\Desktop\dds.scr
    [2011/05/26 18:57:33 | 000,302,080 | ---- | M] () -- C:\Documents and Settings\Vincent\Desktop\onsl17tk.exe
    [2011/05/26 18:49:40 | 000,000,209 | ---- | M] () -- C:\Boot.bak
    [2011/05/25 23:23:33 | 001,930,720 | ---- | M] (Symantec Corporation) -- C:\Documents and Settings\Vincent\Desktop\FixTDSS.exe
    [2011/05/24 21:27:04 | 000,247,296 | ---- | M] () -- C:\Documents and Settings\Vincent\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
    [2011/05/24 20:58:00 | 000,098,392 | ---- | M] (Sunbelt Software) -- C:\WINDOWS\System32\drivers\SBREDrv.sys
    [2011/05/24 20:58:00 | 000,016,432 | ---- | M] () -- C:\WINDOWS\System32\lsdelete.exe
    [2011/05/24 20:53:35 | 000,000,832 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Ad-Aware.lnk
    [2011/05/24 19:53:17 | 009,994,240 | ---- | M] () -- C:\Documents and Settings\Vincent\Desktop\Ad-Aware90Install.msi
    [2011/05/23 16:54:03 | 000,000,284 | ---- | M] () -- C:\WINDOWS\tasks\AppleSoftwareUpdate.job
    [2011/05/22 19:25:11 | 000,054,156 | -H-- | M] () -- C:\WINDOWS\QTFont.qfn
    [2011/05/19 21:28:32 | 006,141,880 | ---- | M] (Symantec Corporation) -- C:\Documents and Settings\Vincent\Desktop\NPE.exe
    [2011/05/12 21:22:15 | 000,001,080 | ---- | M] () -- C:\WINDOWS\System32\settingsbkup.sfm
    [2011/05/12 21:22:15 | 000,001,080 | ---- | M] () -- C:\WINDOWS\System32\settings.sfm
    [2011/05/10 18:38:21 | 000,001,764 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Adobe Reader 8.lnk
    [2011/05/04 20:11:22 | 000,943,509 | ---- | M] () -- C:\Documents and Settings\Vincent\Desktop\U-Haul.jpg
    [2011/05/03 20:13:33 | 000,000,707 | ---- | M] () -- C:\Documents and Settings\Vincent\Application Data\Microsoft\Internet Explorer\Quick Launch\Winamp.lnk
    [2011/05/03 20:12:58 | 000,000,155 | ---- | M] () -- C:\WINDOWS\winamp.ini
    [2 C:\*.tmp files -> C:\*.tmp -> ]
    [1 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]
    [1 C:\Documents and Settings\Vincent\Application Data\*.tmp files -> C:\Documents and Settings\Vincent\Application Data\*.tmp -> ]
     
  19. KriegSohn

    KriegSohn TS Rookie Topic Starter Posts: 18

    OTL 2/2

    ========== Files Created - No Company Name ==========

    [2011/05/27 22:21:17 | 001,301,452 | ---- | C] () -- C:\Documents and Settings\Vincent\Desktop\tdsskiller.zip
    [2011/05/27 21:44:44 | 000,000,209 | ---- | C] () -- C:\Boot.bak
    [2011/05/27 21:44:38 | 000,260,272 | RHS- | C] () -- C:\cmldr
    [2011/05/27 21:41:38 | 000,256,512 | ---- | C] () -- C:\WINDOWS\PEV.exe
    [2011/05/27 21:41:38 | 000,098,816 | ---- | C] () -- C:\WINDOWS\sed.exe
    [2011/05/27 21:41:38 | 000,089,088 | ---- | C] () -- C:\WINDOWS\MBR.exe
    [2011/05/27 21:41:38 | 000,080,412 | ---- | C] () -- C:\WINDOWS\grep.exe
    [2011/05/27 21:41:38 | 000,068,096 | ---- | C] () -- C:\WINDOWS\zip.exe
    [2011/05/27 21:35:11 | 001,007,108 | ---- | C] () -- C:\Documents and Settings\Vincent\Desktop\rkill.com
    [2011/05/26 23:08:28 | 000,133,632 | ---- | C] () -- C:\Documents and Settings\Vincent\Desktop\RKUnhookerLE.EXE
    [2011/05/26 23:07:56 | 000,000,512 | ---- | C] () -- C:\Documents and Settings\Vincent\Desktop\MBR.dat
    [2011/05/26 20:25:25 | 052,676,424 | ---- | C] () -- C:\Documents and Settings\Vincent\Desktop\avira_antivir_personal_en.exe
    [2011/05/26 18:57:32 | 000,302,080 | ---- | C] () -- C:\Documents and Settings\Vincent\Desktop\onsl17tk.exe
    [2011/05/25 03:41:28 | 000,016,432 | ---- | C] () -- C:\WINDOWS\System32\lsdelete.exe
    [2011/05/24 20:53:35 | 000,000,832 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Ad-Aware.lnk
    [2011/05/24 19:52:57 | 009,994,240 | ---- | C] () -- C:\Documents and Settings\Vincent\Desktop\Ad-Aware90Install.msi
    [2011/05/12 15:18:11 | 000,001,940 | ---- | C] () -- C:\Documents and Settings\Vincent\Local Settings\Application Data\{96C87F53-AC72-4604-A9CC-186A49F17F3C}.ini
    [2011/05/12 15:13:09 | 000,001,940 | ---- | C] () -- C:\Documents and Settings\LocalService\Local Settings\Application Data\{96C87F53-AC72-4604-A9CC-186A49F17F3C}.ini
    [2011/05/10 18:38:19 | 000,001,804 | ---- | C] () -- C:\Documents and Settings\All Users\Start Menu\Programs\Adobe Reader 8.lnk
    [2011/05/10 18:38:19 | 000,001,764 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Adobe Reader 8.lnk
    [2011/05/04 20:11:25 | 000,943,509 | ---- | C] () -- C:\Documents and Settings\Vincent\Desktop\U-Haul.jpg
    [2011/02/05 10:17:41 | 000,158,480 | ---- | C] () -- C:\Documents and Settings\LocalService\Local Settings\Application Data\FontCache3.0.0.0.dat
    [2011/02/05 10:14:40 | 000,004,608 | ---- | C] () -- C:\WINDOWS\System32\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
    [2010/11/19 18:37:19 | 000,240,592 | ---- | C] () -- C:\WINDOWS\System32\nvdrsdb0.bin
    [2010/11/19 18:37:17 | 000,240,592 | ---- | C] () -- C:\WINDOWS\System32\nvdrsdb1.bin
    [2010/11/19 18:37:17 | 000,000,001 | ---- | C] () -- C:\WINDOWS\System32\nvdrssel.bin
    [2010/11/19 18:37:01 | 002,293,194 | ---- | C] () -- C:\WINDOWS\System32\nvdata.bin
    [2010/10/13 19:07:02 | 002,601,752 | ---- | C] () -- C:\WINDOWS\System32\pbsvc_moh.exe
    [2010/07/05 03:27:44 | 000,002,528 | ---- | C] () -- C:\Documents and Settings\LocalService\Application Data\$_hpcst$.hpc
    [2010/07/04 14:27:21 | 000,007,680 | ---- | C] () -- C:\WINDOWS\System32\ff_vfw.dll
    [2010/05/16 15:44:31 | 000,166,562 | ---- | C] () -- C:\WINDOWS\hpoins36.dat
    [2010/05/16 15:44:31 | 000,000,652 | ---- | C] () -- C:\WINDOWS\hpomdl36.dat
    [2010/02/02 21:35:42 | 000,033,792 | ---- | C] () -- C:\WINDOWS\System32\drivers\libusb0.sys
    [2009/12/15 20:17:17 | 000,002,554 | ---- | C] () -- C:\WINDOWS\WAVEMIX.INI
    [2009/10/02 21:45:51 | 000,000,000 | ---- | C] () -- C:\WINDOWS\srp_open.INI
    [2009/10/02 21:23:23 | 000,000,000 | ---- | C] () -- C:\WINDOWS\srp.INI
    [2009/06/10 23:15:47 | 000,021,504 | ---- | C] () -- C:\WINDOWS\System32\WBCustomizer.dll
    [2009/05/21 18:49:20 | 001,097,728 | ---- | C] () -- C:\WINDOWS\System32\vorbis.dll
    [2009/05/21 18:49:20 | 001,003,520 | ---- | C] () -- C:\WINDOWS\System32\vorbisenc.dll
    [2009/05/21 18:49:20 | 000,511,488 | ---- | C] () -- C:\WINDOWS\System32\pwmdtl40.dll
    [2009/05/21 18:49:20 | 000,182,784 | ---- | C] () -- C:\WINDOWS\System32\DGVorbis.dll
    [2009/05/21 18:49:20 | 000,118,784 | ---- | C] () -- C:\WINDOWS\System32\Mp3dec.dll
    [2009/05/21 18:49:20 | 000,049,152 | ---- | C] () -- C:\WINDOWS\System32\MP3enc.dll
    [2009/05/21 18:49:20 | 000,032,768 | ---- | C] () -- C:\WINDOWS\System32\vorbisfile.dll
    [2009/05/21 18:49:20 | 000,032,768 | ---- | C] () -- C:\WINDOWS\System32\ogg.dll
    [2009/05/21 18:49:19 | 000,598,016 | ---- | C] () -- C:\WINDOWS\System32\viscomqtde.dll
    [2009/05/21 18:33:16 | 000,511,488 | ---- | C] () -- C:\WINDOWS\System32\pwmdtl36.dll
    [2009/05/21 18:33:16 | 000,102,400 | ---- | C] () -- C:\WINDOWS\System32\cwsmaf40.dll
    [2009/05/21 18:33:16 | 000,077,824 | ---- | C] () -- C:\WINDOWS\System32\cwpwmd10.dll
    [2009/04/05 12:36:03 | 000,000,044 | ---- | C] () -- C:\WINDOWS\MixBUda.INI
    [2008/11/30 16:39:23 | 000,000,262 | ---- | C] () -- C:\WINDOWS\{789289CA-F73A-4A16-A331-54D498CE069F}_WiseFW.ini
    [2008/11/30 15:41:52 | 000,000,008 | ---- | C] () -- C:\WINDOWS\System32\nvModes.dat
    [2008/10/07 10:13:22 | 000,058,648 | ---- | C] () -- C:\WINDOWS\System32\AgCPanelTraditionalChinese.dll
    [2008/10/07 10:13:20 | 000,058,648 | ---- | C] () -- C:\WINDOWS\System32\AgCPanelSwedish.dll
    [2008/10/07 10:13:20 | 000,058,648 | ---- | C] () -- C:\WINDOWS\System32\AgCPanelSpanish.dll
    [2008/10/07 10:13:20 | 000,058,648 | ---- | C] () -- C:\WINDOWS\System32\AgCPanelSimplifiedChinese.dll
    [2008/10/07 10:13:20 | 000,058,648 | ---- | C] () -- C:\WINDOWS\System32\AgCPanelPortugese.dll
    [2008/10/07 10:13:20 | 000,058,648 | ---- | C] () -- C:\WINDOWS\System32\AgCPanelKorean.dll
    [2008/10/07 10:13:20 | 000,058,648 | ---- | C] () -- C:\WINDOWS\System32\AgCPanelJapanese.dll
    [2008/10/07 10:13:20 | 000,058,648 | ---- | C] () -- C:\WINDOWS\System32\AgCPanelGerman.dll
    [2008/10/07 10:13:20 | 000,058,648 | ---- | C] () -- C:\WINDOWS\System32\AgCPanelFrench.dll
    [2008/09/13 16:04:27 | 000,000,384 | ---- | C] () -- C:\WINDOWS\System32\DVCStateBkp-{00000002-00000000-00000005-00001102-00000004-20021102}.dat
    [2008/09/13 16:04:27 | 000,000,384 | ---- | C] () -- C:\WINDOWS\System32\DVCState-{00000002-00000000-00000005-00001102-00000004-20021102}.dat
    [2008/09/13 13:01:54 | 000,000,231 | ---- | C] () -- C:\WINDOWS\AC3API.INI
    [2008/09/13 13:01:53 | 001,048,576 | ---- | C] () -- C:\WINDOWS\System32\SFMAN.DAT
    [2008/09/13 13:01:15 | 000,043,080 | ---- | C] () -- C:\WINDOWS\System32\e10kxwdm.ini
    [2008/09/13 13:00:53 | 000,005,515 | ---- | C] () -- C:\WINDOWS\System32\ENSDEF.INI
    [2008/09/13 13:00:51 | 000,184,320 | ---- | C] () -- C:\WINDOWS\PSCONV.EXE
    [2008/09/13 13:00:04 | 000,831,600 | ---- | C] () -- C:\WINDOWS\System32\Ctaa1.dat
    [2008/09/13 12:58:16 | 000,000,136 | ---- | C] () -- C:\WINDOWS\SBWIN.INI
    [2008/09/13 12:52:01 | 000,409,600 | ---- | C] () -- C:\WINDOWS\System32\wrap_oal.dll
    [2008/06/19 19:39:12 | 000,000,376 | ---- | C] () -- C:\WINDOWS\ODBC.INI
    [2008/05/11 14:22:04 | 000,000,000 | ---- | C] () -- C:\WINDOWS\PROTOCOL.INI
    [2008/05/11 14:17:01 | 000,036,608 | ---- | C] () -- C:\WINDOWS\System32\BASSMOD.DLL
    [2008/05/11 14:17:01 | 000,028,108 | ---- | C] () -- C:\WINDOWS\System32\UNRAR.DLL
    [2008/05/11 14:17:01 | 000,025,088 | ---- | C] () -- C:\WINDOWS\System32\UNACE.DLL
    [2008/03/05 22:47:46 | 000,002,528 | ---- | C] () -- C:\Documents and Settings\Vincent\Application Data\$_hpcst$.hpc
    [2008/02/28 22:44:52 | 002,463,976 | ---- | C] () -- C:\WINDOWS\System32\NPSWF32.dll
    [2008/01/30 22:02:38 | 000,054,608 | ---- | C] () -- C:\WINDOWS\System32\xfcodec.dll
    [2008/01/13 03:31:18 | 000,000,025 | ---- | C] () -- C:\WINDOWS\cdplayer.ini
    [2007/12/29 13:55:11 | 000,000,668 | ---- | C] () -- C:\WINDOWS\MPIO.ini
    [2007/12/05 23:56:47 | 000,003,350 | -HS- | C] () -- C:\WINDOWS\System32\KGyGaAvL.sys
    [2007/12/05 23:56:47 | 000,000,008 | RHS- | C] () -- C:\WINDOWS\System32\C413840F68.sys
    [2007/12/03 19:10:39 | 000,262,144 | ---- | C] () -- C:\WINDOWS\System32\lame_enc.dll
    [2007/12/02 12:48:14 | 000,022,328 | ---- | C] () -- C:\Documents and Settings\Vincent\Application Data\PnkBstrK.sys
    [2007/12/02 12:47:55 | 000,000,319 | ---- | C] () -- C:\WINDOWS\game.ini
    [2007/11/10 23:32:00 | 000,000,604 | -H-- | C] () -- C:\Documents and Settings\All Users\Application Data\T2
    [2007/11/10 23:32:00 | 000,000,604 | -H-- | C] () -- C:\Program Files\STLL Notifier
    [2007/11/10 02:55:47 | 000,000,155 | ---- | C] () -- C:\WINDOWS\winamp.ini
    [2007/11/07 22:46:38 | 000,247,296 | ---- | C] () -- C:\Documents and Settings\Vincent\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
    [2007/11/07 01:08:20 | 000,001,290 | ---- | C] () -- C:\WINDOWS\mozver.dat
    [2007/11/06 23:04:01 | 000,139,832 | ---- | C] () -- C:\WINDOWS\System32\drivers\PnkBstrK.sys
    [2007/11/06 23:03:55 | 000,218,496 | ---- | C] () -- C:\WINDOWS\System32\PnkBstrB.exe
    [2007/11/06 23:03:48 | 000,075,064 | ---- | C] () -- C:\WINDOWS\System32\PnkBstrA.exe
    [2007/11/06 22:18:36 | 000,000,000 | ---- | C] () -- C:\WINDOWS\nsreg.dat
    [2007/11/06 22:10:04 | 000,007,257 | ---- | C] () -- C:\WINDOWS\hpdj6500.ini
    [2007/11/06 22:08:47 | 000,000,414 | ---- | C] () -- C:\WINDOWS\hpbvspst.ini
    [2007/11/06 22:04:24 | 000,000,130 | ---- | C] () -- C:\Documents and Settings\Vincent\Local Settings\Application Data\fusioncache.dat
    [2007/10/29 14:29:28 | 000,000,061 | ---- | C] () -- C:\WINDOWS\smscfg.ini
    [2007/10/29 14:19:11 | 000,056,056 | ---- | C] () -- C:\WINDOWS\System32\DLAAPI_W.DLL
    [2007/10/29 14:19:11 | 000,000,224 | ---- | C] () -- C:\WINDOWS\wininit.ini
    [2007/10/29 13:58:04 | 000,105,472 | ---- | C] () -- C:\WINDOWS\System32\drivers\nvatabus.sys
    [2007/10/29 13:57:52 | 000,077,824 | ---- | C] () -- C:\WINDOWS\setpwr32.exe
    [2007/10/29 13:57:08 | 000,001,218 | ---- | C] () -- C:\WINDOWS\System32\OEMINFO.INI
    [2007/04/12 08:10:28 | 000,105,728 | ---- | C] () -- C:\WINDOWS\System32\APOMgrH.dll
    [2007/04/09 12:55:14 | 000,097,785 | ---- | C] () -- C:\WINDOWS\System32\instwdm.ini
    [2007/04/09 12:55:14 | 000,000,054 | ---- | C] () -- C:\WINDOWS\System32\ctzapxx.ini
    [2007/04/09 12:33:50 | 000,043,520 | ---- | C] () -- C:\WINDOWS\System32\CTBurst.dll
    [2007/04/09 12:32:32 | 000,037,888 | ---- | C] () -- C:\WINDOWS\System32\psconv.exe
    [2007/04/09 12:24:30 | 000,325,821 | ---- | C] () -- C:\WINDOWS\System32\ctdlang.dat
    [2007/04/09 12:24:30 | 000,046,273 | ---- | C] () -- C:\WINDOWS\System32\ctdnlstr.dat
    [2007/04/09 12:21:44 | 000,048,128 | ---- | C] () -- C:\WINDOWS\System32\regplib.exe
    [2007/04/09 12:21:28 | 000,149,838 | ---- | C] () -- C:\WINDOWS\System32\ctbas2w.dat
    [2007/04/09 12:19:44 | 000,274,587 | ---- | C] () -- C:\WINDOWS\System32\ctsbas2w.dat
    [2007/04/09 12:19:36 | 000,241,084 | ---- | C] () -- C:\WINDOWS\System32\CTSBASW.DAT
    [2007/04/09 12:19:36 | 000,115,166 | ---- | C] () -- C:\WINDOWS\System32\CTBASICW.DAT
    [2007/04/09 12:19:20 | 000,313,207 | ---- | C] () -- C:\WINDOWS\System32\ctstatic.dat
    [2007/04/09 12:19:20 | 000,053,932 | ---- | C] () -- C:\WINDOWS\System32\ctdaught.dat
    [2007/04/09 12:19:18 | 000,005,120 | ---- | C] () -- C:\WINDOWS\System32\enlocstr.exe
    [2006/11/07 06:25:58 | 000,000,000 | ---- | C] () -- C:\WINDOWS\System32\px.ini
    [2006/11/02 21:40:12 | 000,174,656 | ---- | C] () -- C:\WINDOWS\System32\PSIService.exe
    [2006/10/02 09:25:18 | 000,000,307 | ---- | C] () -- C:\WINDOWS\System32\kill.ini
    [2006/09/17 00:36:50 | 000,520,192 | ---- | C] () -- C:\WINDOWS\System32\CddbPlaylist2Roxio.dll
    [2006/09/17 00:36:50 | 000,204,800 | ---- | C] () -- C:\WINDOWS\System32\CddbFileTaggerRoxio.dll
    [2005/08/16 06:48:31 | 000,002,048 | --S- | C] () -- C:\WINDOWS\bootstat.dat
    [2005/08/16 06:38:45 | 000,021,640 | ---- | C] () -- C:\WINDOWS\System32\emptyregdb.dat
    [2005/08/16 06:37:24 | 000,001,793 | ---- | C] () -- C:\WINDOWS\System32\fxsperf.ini
    [2005/08/16 06:33:38 | 000,004,161 | ---- | C] () -- C:\WINDOWS\ODBCINST.INI
    [2005/08/16 06:27:59 | 000,330,688 | ---- | C] () -- C:\WINDOWS\System32\FNTCACHE.DAT
    [2005/08/16 06:18:35 | 000,004,569 | ---- | C] () -- C:\WINDOWS\System32\secupd.dat
    [2005/08/16 06:18:33 | 000,442,466 | ---- | C] () -- C:\WINDOWS\System32\perfh009.dat
    [2005/08/16 06:18:33 | 000,272,128 | ---- | C] () -- C:\WINDOWS\System32\perfi009.dat
    [2005/08/16 06:18:33 | 000,071,732 | ---- | C] () -- C:\WINDOWS\System32\perfc009.dat
    [2005/08/16 06:18:33 | 000,028,626 | ---- | C] () -- C:\WINDOWS\System32\perfd009.dat
    [2005/08/16 06:18:32 | 000,004,627 | ---- | C] () -- C:\WINDOWS\System32\oembios.dat
    [2005/08/16 06:18:30 | 013,107,200 | ---- | C] () -- C:\WINDOWS\System32\oembios.bin
    [2005/08/16 06:18:28 | 000,000,741 | ---- | C] () -- C:\WINDOWS\System32\noise.dat
    [2005/08/16 06:18:23 | 000,673,088 | ---- | C] () -- C:\WINDOWS\System32\mlang.dat
    [2005/08/16 06:18:23 | 000,046,258 | ---- | C] () -- C:\WINDOWS\System32\mib.bin
    [2005/08/16 06:18:15 | 000,218,003 | ---- | C] () -- C:\WINDOWS\System32\dssec.dat
    [2005/08/16 06:18:08 | 000,001,788 | ---- | C] () -- C:\WINDOWS\System32\Dcache.bin
    [2005/08/05 16:01:54 | 000,239,104 | ---- | C] () -- C:\WINDOWS\System32\psisdecd.dll
    [2005/06/16 10:17:16 | 000,071,680 | ---- | C] () -- C:\WINDOWS\System32\ctmmactl.dll
    [2004/03/17 09:12:48 | 000,000,362 | ---- | C] () -- C:\WINDOWS\hpfins_s04_main.dat
    [2004/03/17 09:11:51 | 000,005,428 | ---- | C] () -- C:\WINDOWS\hpfmdl_s04_main.dat
    [1997/06/14 04:56:08 | 000,056,832 | ---- | C] () -- C:\WINDOWS\System32\iyvu9_32.dll

    ========== LOP Check ==========

    [2011/03/04 09:26:33 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Cisco
    [2005/08/16 22:54:52 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\DIGStream
    [2010/10/13 19:10:32 | 000,000,000 | -HSD | M] -- C:\Documents and Settings\All Users\Application Data\DSS
    [2010/11/17 17:12:37 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\EA Logs
    [2010/10/13 19:04:16 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Electronic Arts
    [2007/11/11 23:36:53 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\NCH Swift Sound
    [2010/06/10 21:29:33 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\PCSettings
    [2010/07/04 11:33:35 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Rosetta Stone
    [2010/11/03 18:32:33 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Sony
    [2007/12/03 22:41:19 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\SupportSoft
    [2009/05/22 15:50:58 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\TEMP
    [2011/05/27 23:36:07 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Viewpoint
    [2010/07/18 21:09:09 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\WD_SmartWareCommon
    [2010/07/18 21:01:57 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Western Digital
    [2007/10/29 14:21:36 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\YAHOO
    [2011/05/24 19:58:35 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\{83C91755-2546-441D-AC40-9A6B4B860800}
    [2008/01/22 21:55:30 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Vincent\Application Data\Canon
    [2011/03/11 09:10:07 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Vincent\Application Data\Cisco
    [2010/01/17 20:39:46 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Vincent\Application Data\CoreFTP
    [2010/06/15 07:33:54 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Vincent\Application Data\Facebook
    [2010/02/28 19:30:09 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Vincent\Application Data\Juniper Networks
    [2011/03/26 13:57:53 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Vincent\Application Data\MotioninJoy
    [2007/11/11 23:36:31 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Vincent\Application Data\NCH Swift Sound
    [2007/12/01 17:03:50 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Vincent\Application Data\Opera
    [2007/12/06 00:44:50 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Vincent\Application Data\PTC
    [2007/11/12 00:04:18 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Vincent\Application Data\Publish Providers
    [2010/12/03 21:10:44 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Vincent\Application Data\Sony
    [2011/01/14 20:04:35 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Vincent\Application Data\Sony Creative Software Inc
    [2008/12/31 15:54:11 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Vincent\Application Data\SPORE
    [2010/10/08 18:11:02 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Vincent\Application Data\Tific
    [2010/09/29 22:49:37 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Vincent\Application Data\Unity
    [2011/05/26 20:06:39 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Vincent\Application Data\uTorrent
    [2010/07/18 21:02:00 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Vincent\Application Data\Western Digital
    [2011/05/27 20:54:29 | 000,000,486 | ---- | M] () -- C:\WINDOWS\Tasks\Ad-Aware Update (Weekly).job

    ========== Purity Check ==========



    ========== Custom Scans ==========


    < %SYSTEMDRIVE%\*.* >
    [2011/05/27 22:57:58 | 000,029,587 | ---- | M] () -- C:\aaw7boot.log
    [2008/08/19 15:50:58 | 000,000,000 | ---- | M] () -- C:\AILog.txt
    [2008/06/30 22:47:30 | 000,018,974 | ---- | M] () -- C:\ASLog.txt
    [2005/08/16 06:43:04 | 000,000,000 | ---- | M] () -- C:\AUTOEXEC.BAT
    [2011/05/26 18:49:40 | 000,000,209 | ---- | M] () -- C:\Boot.bak
    [2011/05/27 21:44:44 | 000,000,325 | RHS- | M] () -- C:\boot.ini
    [2004/08/03 23:00:00 | 000,260,272 | RHS- | M] () -- C:\cmldr
    [2011/05/27 23:23:27 | 000,022,864 | ---- | M] () -- C:\ComboFix.txt
    [2005/08/16 06:43:04 | 000,000,000 | ---- | M] () -- C:\CONFIG.SYS
    [2007/10/29 13:59:20 | 000,007,609 | RH-- | M] () -- C:\dell.sdr
    [2011/05/27 22:58:01 | 2144,702,464 | -HS- | M] () -- C:\hiberfil.sys
    [2010/05/02 11:33:17 | 000,245,981 | ---- | M] () -- C:\hpfr6500.log
    [2007/11/10 16:11:46 | 000,004,128 | ---- | M] () -- C:\INFCACHE.1
    [2005/08/16 06:43:04 | 000,000,000 | -H-- | M] () -- C:\IO.SYS
    [2005/08/16 06:43:04 | 000,000,000 | -H-- | M] () -- C:\MSDOS.SYS
    [2004/08/10 07:00:00 | 000,047,564 | RHS- | M] () -- C:\NTDETECT.COM
    [2004/08/10 07:00:00 | 000,250,032 | RHS- | M] () -- C:\ntldr
    [2011/05/27 22:57:59 | 2145,386,496 | -HS- | M] () -- C:\pagefile.sys
    [2008/06/19 19:49:47 | 000,007,399 | ---- | M] () -- C:\ptcsetup.bak
    [2008/08/24 12:44:45 | 000,019,325 | ---- | M] () -- C:\ptcsetup.log
    [2008/03/24 19:46:05 | 000,000,268 | -H-- | M] () -- C:\sqmdata00.sqm
    [2009/01/24 22:41:26 | 000,000,268 | -H-- | M] () -- C:\sqmdata01.sqm
    [2009/04/06 15:31:39 | 000,000,268 | -H-- | M] () -- C:\sqmdata02.sqm
    [2009/04/06 18:14:51 | 000,000,268 | -H-- | M] () -- C:\sqmdata03.sqm
    [2008/03/24 19:46:05 | 000,000,244 | -H-- | M] () -- C:\sqmnoopt00.sqm
    [2009/01/24 22:41:26 | 000,000,244 | -H-- | M] () -- C:\sqmnoopt01.sqm
    [2009/04/06 15:31:39 | 000,000,244 | -H-- | M] () -- C:\sqmnoopt02.sqm
    [2009/04/06 18:14:51 | 000,000,244 | -H-- | M] () -- C:\sqmnoopt03.sqm
    [2008/04/01 19:23:31 | 004,823,488 | ---- | M] () -- C:\TaleofTwoBrains.wmv
    [2008/04/01 22:16:46 | 004,735,568 | ---- | M] () -- C:\TaleofTwoBrains.zip
    [2011/05/27 22:23:33 | 000,067,842 | ---- | M] () -- C:\TDSSKiller.2.5.3.0_27.05.2011_22.22.26_log.txt
    [2008/07/27 14:54:10 | 000,076,548 | ---- | M] () -- C:\tstamps.log
    [2 C:\*.tmp files -> C:\*.tmp -> ]

    < %systemroot%\Fonts\*.com >
    [2006/04/18 15:39:28 | 000,026,040 | ---- | M] () -- C:\WINDOWS\Fonts\GlobalMonospace.CompositeFont
    [2006/06/29 14:53:56 | 000,026,489 | ---- | M] () -- C:\WINDOWS\Fonts\GlobalSansSerif.CompositeFont
    [2006/04/18 15:39:28 | 000,029,779 | ---- | M] () -- C:\WINDOWS\Fonts\GlobalSerif.CompositeFont
    [2006/06/29 14:58:52 | 000,030,808 | ---- | M] () -- C:\WINDOWS\Fonts\GlobalUserInterface.CompositeFont

    < %systemroot%\Fonts\*.dll >

    < %systemroot%\Fonts\*.ini >
    [2005/08/16 06:42:12 | 000,000,067 | -HS- | M] () -- C:\WINDOWS\Fonts\desktop.ini

    < %systemroot%\Fonts\*.ini2 >

    < %systemroot%\Fonts\*.exe >

    < %systemroot%\system32\spool\prtprocs\w32x86\*.* >
    [2008/07/06 08:06:10 | 000,089,088 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\spool\prtprocs\w32x86\filterpipelineprintproc.dll
    [2008/10/06 15:37:30 | 000,315,392 | ---- | M] (Hewlett-Packard Corporation) -- C:\WINDOWS\system32\spool\prtprocs\w32x86\hpfpp083.dll
    [2008/07/06 06:50:03 | 000,597,504 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\spool\prtprocs\w32x86\printfilterpipelinesvc.exe

    < %systemroot%\REPAIR\*.bak1 >

    < %systemroot%\REPAIR\*.ini >

    < %systemroot%\system32\*.jpg >

    < %systemroot%\*.jpg >

    < %systemroot%\*.png >

    < %systemroot%\*.scr >

    < %systemroot%\*._sy >

    < %APPDATA%\Adobe\Update\*.* >

    < %ALLUSERSPROFILE%\Favorites\*.* >

    < %APPDATA%\Microsoft\*.* >

    < %PROGRAMFILES%\*.* >
    [2010/06/15 07:33:38 | 001,990,728 | ---- | M] (Facebook, Inc.) -- C:\Program Files\Install_Facebook_Plug-In_1.0.3.exe
    [2007/11/10 23:32:00 | 000,000,604 | -H-- | M] () -- C:\Program Files\STLL Notifier

    < %APPDATA%\Update\*.* >

    < %systemroot%\*. /mp /s >

    < %systemroot%\System32\config\*.sav >
    [2005/08/16 06:27:08 | 000,094,208 | ---- | M] () -- C:\WINDOWS\system32\config\default.sav
    [2005/08/16 06:27:08 | 000,659,456 | ---- | M] () -- C:\WINDOWS\system32\config\software.sav
    [2005/08/16 06:27:08 | 000,876,544 | ---- | M] () -- C:\WINDOWS\system32\config\system.sav

    < %PROGRAMFILES%\bak. /s >
    [2008/02/04 01:15:33 | 000,000,000 | ---D | M] -- C:\Program Files\Call of Duty Game of the Year Edition\Main\maps\bak

    < %systemroot%\system32\bak. /s >

    < %ALLUSERSPROFILE%\Start Menu\*.lnk /x >
    [2005/08/16 06:43:10 | 000,000,294 | -HS- | M] () -- C:\Documents and Settings\All Users\Start Menu\desktop.ini

    < %systemroot%\system32\config\systemprofile\*.dat /x >

    < %systemroot%\*.config >

    < %systemroot%\system32\*.db >

    < %APPDATA%\Microsoft\Internet Explorer\Quick Launch\*.lnk /x >
    [2007/11/06 22:04:34 | 000,000,170 | -HS- | M] () -- C:\Documents and Settings\Vincent\Application Data\Microsoft\Internet Explorer\Quick Launch\desktop.ini
    [2005/08/16 06:50:28 | 000,000,079 | ---- | M] () -- C:\Documents and Settings\Vincent\Application Data\Microsoft\Internet Explorer\Quick Launch\Show Desktop.scf

    < %USERPROFILE%\Desktop\*.exe >
    [2010/07/13 22:05:07 | 000,629,399 | ---- | M] (Xceed Software Inc. 1-450-442-2626 info@xceedsoft.com www.xceedsoft.com) -- C:\Documents and Settings\Vincent\Desktop\297201_ENU_i386_zip.exe
    [2010/07/13 21:56:22 | 000,633,358 | ---- | M] (Xceed Software Inc. 1-450-442-2626 info@xceedsoft.com www.xceedsoft.com) -- C:\Documents and Settings\Vincent\Desktop\297204_FRA_i386_zip.exe
    [2010/07/14 18:53:43 | 000,630,864 | ---- | M] (Xceed Software Inc. 1-450-442-2626 info@xceedsoft.com www.xceedsoft.com) -- C:\Documents and Settings\Vincent\Desktop\311182_ENU_i386_zip.exe
    [2008/12/07 19:29:29 | 000,626,934 | ---- | M] (Xceed Software Inc. 1-450-442-2626 info@xceedsoft.com www.xceedsoft.com) -- C:\Documents and Settings\Vincent\Desktop\350011_ENU_i386_zip.exe
    [2008/12/07 19:24:29 | 000,631,480 | ---- | M] (Xceed Software Inc. 1-450-442-2626 info@xceedsoft.com www.xceedsoft.com) -- C:\Documents and Settings\Vincent\Desktop\350014_FRA_i386_zip.exe
    [2011/04/17 16:46:35 | 047,620,584 | ---- | M] (Acronis) -- C:\Documents and Settings\Vincent\Desktop\AcronisAlignTool_s_e_314.exe
    [2008/02/28 22:19:17 | 423,321,216 | ---- | M] (Adobe Systems Incorporated) -- C:\Documents and Settings\Vincent\Desktop\ADBEFLPRCS3_WWE.exe
    [2008/02/10 14:30:01 | 002,570,493 | ---- | M] () -- C:\Documents and Settings\Vincent\Desktop\afcl_setup_v1.0.2.87.exe
    [2008/02/10 14:31:26 | 002,163,108 | ---- | M] () -- C:\Documents and Settings\Vincent\Desktop\afms_setup_v4.0.1.166.exe
    [2011/05/26 23:06:06 | 000,589,632 | ---- | M] (AVAST Software) -- C:\Documents and Settings\Vincent\Desktop\aswMBR.exe
    [2008/12/28 22:14:13 | 002,359,648 | ---- | M] (PortableApps.com) -- C:\Documents and Settings\Vincent\Desktop\Audacity_Portable_1.2.6_Rev_3.paf.exe
    [2011/05/26 20:27:07 | 052,676,424 | ---- | M] () -- C:\Documents and Settings\Vincent\Desktop\avira_antivir_personal_en.exe
    [2009/04/27 19:39:52 | 609,608,161 | ---- | M] (Activision ) -- C:\Documents and Settings\Vincent\Desktop\CoDWaW-1.2-1.4-PatchSetup.exe
    [2008/02/17 01:36:28 | 037,853,246 | ---- | M] () -- C:\Documents and Settings\Vincent\Desktop\CoD_1.5_Patch.exe
    [2011/05/27 21:34:08 | 004,296,381 | R--- | M] (Swearware) -- C:\Documents and Settings\Vincent\Desktop\ComboFix.exe
    [2008/10/19 21:05:45 | 003,486,227 | ---- | M] () -- C:\Documents and Settings\Vincent\Desktop\coreftplite.exe
    [2010/11/19 18:18:24 | 000,288,088 | ---- | M] (Microsoft Corporation) -- C:\Documents and Settings\Vincent\Desktop\dxwebsetup.exe
    [2011/05/25 23:23:33 | 001,930,720 | ---- | M] (Symantec Corporation) -- C:\Documents and Settings\Vincent\Desktop\FixTDSS.exe
    [2010/02/16 18:17:19 | 001,964,460 | ---- | M] (ManiacTools.com ) -- C:\Documents and Settings\Vincent\Desktop\free-m4a-to-mp3-converter_free_m4a_to_mp3_converter_5.9_francais_216462.exe
    [2010/03/07 23:56:19 | 000,569,696 | ---- | M] (Google Inc.) -- C:\Documents and Settings\Vincent\Desktop\googleupdatesetup.exe
    [2009/03/26 21:35:12 | 000,812,344 | ---- | M] (Trend Micro Inc.) -- C:\Documents and Settings\Vincent\Desktop\HJTInstall.exe
    [2007/11/06 22:18:36 | 002,402,832 | ---- | M] (Microsoft Corporation) -- C:\Documents and Settings\Vincent\Desktop\Installation de Windows Live.exe
    [2008/02/10 17:47:14 | 000,060,450 | ---- | M] () -- C:\Documents and Settings\Vincent\Desktop\Install_CoDpiler.exe
    [2008/08/03 17:54:00 | 004,452,400 | ---- | M] (Smart Projects ) -- C:\Documents and Settings\Vincent\Desktop\isobuster_all_lang.exe
    [2010/09/22 20:33:29 | 006,197,704 | ---- | M] (MetaQuotes Software Corp.) -- C:\Documents and Settings\Vincent\Desktop\mftrader4setup.exe
    [2010/07/04 12:31:59 | 008,192,000 | ---- | M] () -- C:\Documents and Settings\Vincent\Desktop\mkv2vob247.exe
    [2011/05/19 21:28:32 | 006,141,880 | ---- | M] (Symantec Corporation) -- C:\Documents and Settings\Vincent\Desktop\NPE.exe
    [2010/10/25 17:37:20 | 004,074,296 | ---- | M] (Microsoft Corporation) -- C:\Documents and Settings\Vincent\Desktop\office2007-kb973709-fullfile-x86-glb.exe
    [2011/05/26 18:57:33 | 000,302,080 | ---- | M] () -- C:\Documents and Settings\Vincent\Desktop\onsl17tk.exe
    [2011/05/27 23:36:29 | 000,580,096 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Vincent\Desktop\OTL.exe
    [2008/02/16 22:46:35 | 000,768,512 | ---- | M] () -- C:\Documents and Settings\Vincent\Desktop\pbsetup.exe
    [2008/01/13 03:28:50 | 000,325,168 | ---- | M] (RealNetworks, Inc.) -- C:\Documents and Settings\Vincent\Desktop\RealPlayer11GOLD.exe
    [2011/05/26 23:08:29 | 000,133,632 | ---- | M] () -- C:\Documents and Settings\Vincent\Desktop\RKUnhookerLE.EXE
    [2008/09/13 16:11:22 | 036,591,040 | ---- | M] (Creative Technology Ltd) -- C:\Documents and Settings\Vincent\Desktop\SBAX_PCDRV_LB_2_18_0001.exe
    [2008/01/25 17:24:08 | 008,423,837 | ---- | M] () -- C:\Documents and Settings\Vincent\Desktop\Scrabbot-51-install.exe
    [2008/10/19 13:00:29 | 007,747,944 | ---- | M] (SmartSoft Ltd) -- C:\Documents and Settings\Vincent\Desktop\SFTPMSI.exe
    [2011/04/22 18:07:29 | 004,877,616 | ---- | M] (Adobe Systems Inc.) -- C:\Documents and Settings\Vincent\Desktop\Shockwave_Installer_Slim.exe
    [2008/06/07 21:02:48 | 001,427,520 | ---- | M] () -- C:\Documents and Settings\Vincent\Desktop\Silverlight.exe
    [2009/10/02 21:20:48 | 012,754,550 | ---- | M] () -- C:\Documents and Settings\Vincent\Desktop\SRPRDSFR68.exe
    [2010/07/04 14:25:13 | 014,245,258 | ---- | M] () -- C:\Documents and Settings\Vincent\Desktop\TVersitySetup_1_8.exe
    [2010/09/29 22:33:43 | 003,249,480 | ---- | M] (Unity Technologies ApS) -- C:\Documents and Settings\Vincent\Desktop\UnityWebPlayer.exe
    [2008/02/08 23:52:07 | 002,732,032 | ---- | M] () -- C:\Documents and Settings\Vincent\Desktop\ventrilo-3.0.1-Windows-i386.exe
    [2008/11/30 16:38:39 | 003,064,736 | ---- | M] () -- C:\Documents and Settings\Vincent\Desktop\ventrilo-3.0.4-Windows-i386.exe
    [2010/10/25 17:38:02 | 010,345,152 | ---- | M] (Microsoft Corporation) -- C:\Documents and Settings\Vincent\Desktop\visioviewer2007sp2-kb953335-fullfile-en-us.exe
    [2009/12/28 20:26:55 | 018,030,130 | ---- | M] () -- C:\Documents and Settings\Vincent\Desktop\vlc-1.0.3-win32.exe
    [2007/12/04 21:36:06 | 003,003,000 | ---- | M] () -- C:\Documents and Settings\Vincent\Desktop\vmp_full_installer.exe
    [2010/07/04 12:27:58 | 025,769,600 | ---- | M] (Microsoft Corporation) -- C:\Documents and Settings\Vincent\Desktop\wmp11-windowsxp-x86-FR-FR.exe
    [2007/12/11 23:57:51 | 000,318,904 | ---- | M] (Microsoft Corporation) -- C:\Documents and Settings\Vincent\Desktop\wmpfirefoxplugin.exe

    < %PROGRAMFILES%\Common Files\*.* >

    < %systemroot%\*.src >

    < %systemroot%\install\*.* >

    < %systemroot%\system32\DLL\*.* >

    < %systemroot%\system32\HelpFiles\*.* >

    < %systemroot%\system32\rundll\*.* >

    < %systemroot%\winn32\*.* >

    < %systemroot%\Java\*.* >

    < %systemroot%\system32\test\*.* >

    < %systemroot%\system32\Rundll32\*.* >

    < %systemroot%\AppPatch\Custom\*.* >

    < %APPDATA%\Roaming\Microsoft\Windows\Recent\*.lnk /x >

    < %PROGRAMFILES%\PC-Doctor\Downloads\*.* >

    < %PROGRAMFILES%\Internet Explorer\*.tmp >

    < %PROGRAMFILES%\Internet Explorer\*.dat >

    < %USERPROFILE%\My Documents\*.exe >

    < %USERPROFILE%\*.exe >

    < %systemroot%\ADDINS\*.* >
    [2004/08/10 07:00:00 | 000,000,791 | ---- | M] () -- C:\WINDOWS\addins\fxsext.ecf

    < %systemroot%\assembly\*.bak2 >

    < %systemroot%\Config\*.* >

    < %systemroot%\REPAIR\*.bak2 >

    < %systemroot%\SECURITY\Database\*.sdb /x >

    < %systemroot%\SYSTEM\*.bak2 >

    < %systemroot%\Web\*.bak2 >

    < %systemroot%\Driver Cache\*.* >

    < %PROGRAMFILES%\Mozilla Firefox\0*.exe >

    < %ProgramFiles%\Microsoft Common\*.* >

    < %ProgramFiles%\TinyProxy. >

    < %USERPROFILE%\Favorites\*.url /x >
    [2007/11/06 22:04:33 | 000,000,122 | -HS- | M] () -- C:\Documents and Settings\Vincent\Favorites\Desktop.ini
    [2007/11/11 23:36:33 | 000,000,180 | ---- | M] () -- C:\Documents and Settings\Vincent\Favorites\NCH Audio and Telephony Software Page.lnk

    < %systemroot%\system32\*.bk >

    < %systemroot%\*.te >

    < %systemroot%\system32\system32\*.* >

    < %ALLUSERSPROFILE%\*.dat /x >

    < %systemroot%\system32\drivers\*.rmv >

    < dir /b "%systemroot%\system32\*.exe" | find /i " " /c >

    < dir /b "%systemroot%\*.exe" | find /i " " /c >

    < %PROGRAMFILES%\Microsoft\*.* >

    < %systemroot%\System32\Wbem\proquota.exe >

    < %PROGRAMFILES%\Mozilla Firefox\*.dat >

    < %USERPROFILE%\Cookies\*.txt /x >
    [2011/05/27 23:35:52 | 000,344,064 | ---- | M] () -- C:\Documents and Settings\Vincent\Cookies\index.dat

    < %SystemRoot%\system32\fonts\*.* >

    < %systemroot%\system32\winlog\*.* >

    < %systemroot%\system32\Language\*.* >

    < %systemroot%\system32\Settings\*.* >

    < %systemroot%\system32\*.quo >

    < %SYSTEMROOT%\AppPatch\*.exe >

    < %SYSTEMROOT%\inf\*.exe >
    [2009/02/04 15:20:38 | 000,318,976 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\inf\unregmp2.exe

    < %SYSTEMROOT%\Installer\*.exe >

    < %systemroot%\system32\config\*.bak2 >

    < %systemroot%\system32\Computers\*.* >

    < %SystemRoot%\system32\Sound\*.* >

    < %SystemRoot%\system32\SpecialImg\*.* >

    < %SystemRoot%\system32\code\*.* >

    < %SystemRoot%\system32\draft\*.* >

    < %SystemRoot%\system32\MSSSys\*.* >

    < %ProgramFiles%\Javascript\*.* >

    < %systemroot%\pchealth\helpctr\System\*.exe /s >

    < %systemroot%\Web\*.exe >

    < %systemroot%\system32\msn\*.* >

    < %systemroot%\system32\*.tro >

    < %AppData%\Microsoft\Installer\msupdates\*.* >

    < %ProgramFiles%\Messenger\*.* >
    [2004/08/10 07:00:00 | 000,028,672 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Messenger\custsat.dll
    [2004/08/04 03:06:34 | 000,004,821 | ---- | M] () -- C:\Program Files\Messenger\logowin.gif
    [2004/08/04 03:06:34 | 000,007,047 | ---- | M] () -- C:\Program Files\Messenger\lvback.gif
    [2008/05/02 10:22:02 | 000,083,968 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Messenger\msgsc.dll
    [2004/08/04 03:06:34 | 000,180,224 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Messenger\msgslang.dll
    [2004/10/13 12:24:37 | 001,694,208 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Messenger\msmsgs.exe
    [2004/08/04 03:06:36 | 000,002,882 | ---- | M] () -- C:\Program Files\Messenger\newalert.wav
    [2004/08/04 03:06:36 | 000,006,156 | ---- | M] () -- C:\Program Files\Messenger\newemail.wav
    [2004/08/04 03:06:36 | 000,006,160 | ---- | M] () -- C:\Program Files\Messenger\online.wav
    [2004/08/04 03:06:36 | 000,004,454 | ---- | M] () -- C:\Program Files\Messenger\type.wav
    [2004/08/04 03:06:36 | 000,115,981 | ---- | M] () -- C:\Program Files\Messenger\xpmsgr.chm

    < %systemroot%\system32\systhem32\*.* >

    < %systemroot%\system\*.exe >

    < HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate\AU >

    < HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\ Auto Update\Results\Install|LastSuccessTime /rs >


    ========== Alternate Data Streams ==========

    @Alternate Data Stream - 115 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:1A8B731E

    < End of report >
     
  20. KriegSohn

    KriegSohn TS Rookie Topic Starter Posts: 18

    Extras

    OTL Extras logfile created on: 27/05/2011 11:38:19 PM - Run 1
    OTL by OldTimer - Version 3.2.23.0 Folder = C:\Documents and Settings\Vincent\Desktop
    Windows XP Media Center Edition Service Pack 2 (Version = 5.1.2600) - Type = NTWorkstation
    Internet Explorer (Version = 6.0.2900.2180)
    Locale: 00001009 | Country: Canada | Language: ENC | Date Format: dd/MM/yyyy

    2.00 Gb Total Physical Memory | 1.19 Gb Available Physical Memory | 59.74% Memory free
    3.85 Gb Paging File | 3.17 Gb Available in Paging File | 82.38% Paging File free
    Paging file location(s): C:\pagefile.sys 2046 4092 [binary data]

    %SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
    Drive C: | 293.40 Gb Total Space | 220.80 Gb Free Space | 75.25% Space Free | Partition Type: NTFS
    Drive F: | 442.98 Mb Total Space | 0.00 Mb Free Space | 0.00% Space Free | Partition Type: UDF
    Drive L: | 1862.36 Gb Total Space | 1532.11 Gb Free Space | 82.27% Space Free | Partition Type: NTFS

    Computer Name: VINCENT | User Name: Vincent | Logged in as Administrator.
    Boot Mode: Normal | Scan Mode: All users | Quick Scan
    Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

    ========== Extra Registry (SafeList) ==========


    ========== File Associations ==========

    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
    .cpl [@ = cplfile] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*
    .html [@ = FirefoxHTML] --
    .url [@ = InternetShortcut] -- rundll32.exe shdocvw.dll,OpenURL %l

    [HKEY_USERS\S-1-5-21-3259613652-3807671696-3229074984-1005\SOFTWARE\Classes\<extension>]
    .html [@ = FirefoxHTML] -- C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation)

    ========== Shell Spawning ==========

    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
    batfile [open] -- "%1" %*
    cmdfile [open] -- "%1" %*
    comfile [open] -- "%1" %*
    cplfile [cplopen] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*
    exefile [open] -- "%1" %*
    htmlfile [edit] -- Reg Error: Key error.
    https [open] -- "C:\Program Files\Mozilla Firefox\firefox.exe" -requestPending -osint -url "%1" (Mozilla Corporation)
    InternetShortcut [open] -- rundll32.exe shdocvw.dll,OpenURL %l
    jsfile [edit] -- "C:\Program Files\Macromedia\Dreamweaver 8\dreamweaver.exe" "%1" (Macromedia, Inc.)
    piffile [open] -- "%1" %*
    regfile [merge] -- Reg Error: Key error.
    scrfile [config] -- "%1"
    scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
    scrfile [open] -- "%1" /S
    txtfile [edit] -- Reg Error: Key error.
    Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
    Directory [AddToPlaylistVLC] -- "C:\Program Files\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" ()
    Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
    Directory [PlayWithVLC] -- "C:\Program Files\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" ()
    Directory [TVersity] -- "C:\Program Files\TVersity\Media Server\GUILaunch.exe" -type "folder" -url "%1" -title "" -tags "" ()
    Directory [Winamp.Bookmark] -- "C:\Program Files\Winamp\Winamp.exe" /BOOKMARK "%1" (Nullsoft, Inc.)
    Directory [Winamp.Enqueue] -- "C:\Program Files\Winamp\Winamp.exe" /ADD "%1" (Nullsoft, Inc.)
    Directory [Winamp.Play] -- "C:\Program Files\Winamp\Winamp.exe" "%1" (Nullsoft, Inc.)
    Folder [open] -- %SystemRoot%\Explorer.exe /idlist,%I,%L (Microsoft Corporation)
    Folder [explore] -- %SystemRoot%\Explorer.exe /e,/idlist,%I,%L (Microsoft Corporation)
    Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

    ========== Security Center Settings ==========

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
    "FirstRunDisabled" = 1
    "AntiVirusDisableNotify" = 0
    "FirewallDisableNotify" = 0
    "UpdatesDisableNotify" = 0
    "AntiVirusOverride" = 0
    "FirewallOverride" = 0

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]
    "DisableMonitoring" = 1

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]
    "DisableMonitoring" = 1

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall]

    ========== System Restore Settings ==========

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]
    "DisableSR" = 0

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Sr]
    "Start" = 0

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SrService]
    "Start" = 2

    ========== Firewall Settings ==========

    [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\StandardProfile]

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
    "" =
    "DisableNotifications" = 0
    "DoNotAllowExceptions" = 0

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\GloballyOpenPorts\List]
    "139:TCP" = 139:TCP:*:Enabled:mad:xpsp2res.dll,-22004
    "445:TCP" = 445:TCP:*:Enabled:mad:xpsp2res.dll,-22005
    "137:UDP" = 137:UDP:*:Enabled:mad:xpsp2res.dll,-22001
    "138:UDP" = 138:UDP:*:Enabled:mad:xpsp2res.dll,-22002
    "26675:TCP" = 26675:TCP:169.254.2.0/255.255.255.0:Enabled:ActiveSync Service
    "" =

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
    "EnableFirewall" = 0

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]
    "1900:UDP" = 1900:UDP:LocalSubNet:Enabled:mad:xpsp2res.dll,-22007
    "2869:TCP" = 2869:TCP:LocalSubNet:Enabled:mad:xpsp2res.dll,-22008
    "139:TCP" = 139:TCP:LocalSubNet:Enabled:mad:xpsp2res.dll,-22004
    "445:TCP" = 445:TCP:LocalSubNet:Enabled:mad:xpsp2res.dll,-22005
    "137:UDP" = 137:UDP:LocalSubNet:Enabled:mad:xpsp2res.dll,-22001
    "138:UDP" = 138:UDP:LocalSubNet:Enabled:mad:xpsp2res.dll,-22002
    "26675:TCP" = 26675:TCP:169.254.2.0/255.255.255.0:Enabled:ActiveSync Service
    "" =

    ========== Authorized Applications List ==========

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]
    "C:\Program Files\Rosetta Stone\Rosetta Stone V3\support\bin\win\RosettaStoneLtdServices.exe" = C:\Program Files\Rosetta Stone\Rosetta Stone V3\support\bin\win\RosettaStoneLtdServices.exe:*:Enabled:Rosetta Stone Ltd Services -- ()
    "C:\Program Files\Rosetta Stone\Rosetta Stone V3\RosettaStoneVersion3.exe" = C:\Program Files\Rosetta Stone\Rosetta Stone V3\RosettaStoneVersion3.exe:*:Enabled:Rosetta Stone V3 Application -- ()
    "C:\Program Files\HP\Digital Imaging\bin\hposid01.exe" = C:\Program Files\HP\Digital Imaging\bin\hposid01.exe:*:Enabled:hposid01.exe -- (Hewlett-Packard Co.)
    "C:\Program Files\HP\Digital Imaging\bin\hpfcCopy.exe" = C:\Program Files\HP\Digital Imaging\bin\hpfcCopy.exe:*:Enabled:hpfccopy.exe -- ()
    "C:\Program Files\HP\Digital Imaging\bin\hpoews01.exe" = C:\Program Files\HP\Digital Imaging\bin\hpoews01.exe:*:Enabled:hpoews01.exe -- (Hewlett-Packard Co.)
    "C:\Program Files\HP\Digital Imaging\bin\hpiscnapp.exe" = C:\Program Files\HP\Digital Imaging\bin\hpiscnapp.exe:*:Enabled:hpiscnapp.exe -- (Hewlett-Packard)
    "C:\Program Files\Common Files\HP\Digital Imaging\Bin\hpqPhotoCrm.exe" = C:\Program Files\Common Files\HP\Digital Imaging\Bin\hpqPhotoCrm.exe:*:Enabled:hpqphotocrm.exe -- (Hewlett-Packard Co.)
    "C:\Program Files\HP\Digital Imaging\bin\hpqgplgtupl.exe" = C:\Program Files\HP\Digital Imaging\bin\hpqgplgtupl.exe:*:Enabled:hpqgplgtupl.exe -- (Hewlett-Packard Co.)
    "C:\Program Files\HP\Digital Imaging\bin\hpqusgm.exe" = C:\Program Files\HP\Digital Imaging\bin\hpqusgm.exe:*:Enabled:hpqusgm.exe -- (Hewlett-Packard Co.)
    "C:\Program Files\HP\Digital Imaging\bin\hpqusgh.exe" = C:\Program Files\HP\Digital Imaging\bin\hpqusgh.exe:*:Enabled:hpqusgh.exe -- (Hewlett-Packard Co.)
    "C:\Program Files\HP\Digital Imaging\smart web printing\SmartWebPrintExe.exe" = C:\Program Files\HP\Digital Imaging\smart web printing\SmartWebPrintExe.exe:*:Enabled:smartwebprintexe.exe -- (Hewlett-Packard Co.)

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
    "C:\Program Files\uTorrent\utorrent.exe" = C:\Program Files\uTorrent\utorrent.exe:*:Enabled:µTorrent -- ()
    "C:\Program Files\Rosetta Stone\Rosetta Stone V3\support\bin\win\RosettaStoneLtdServices.exe" = C:\Program Files\Rosetta Stone\Rosetta Stone V3\support\bin\win\RosettaStoneLtdServices.exe:*:Enabled:Rosetta Stone Ltd Services -- ()
    "C:\Program Files\Rosetta Stone\Rosetta Stone V3\RosettaStoneVersion3.exe" = C:\Program Files\Rosetta Stone\Rosetta Stone V3\RosettaStoneVersion3.exe:*:Enabled:Rosetta Stone V3 Application -- ()
    "C:\Program Files\SmartFTP Client\SmartFTP.exe" = C:\Program Files\SmartFTP Client\SmartFTP.exe:*:Enabled:SmartFTP Client 3.0 -- (SmartSoft Ltd.)
    "C:\Program Files\Ventrilo\Ventrilo.exe" = C:\Program Files\Ventrilo\Ventrilo.exe:*:Enabled:Ventrilo.exe -- ()
    "C:\Program Files\HP\Digital Imaging\bin\hposid01.exe" = C:\Program Files\HP\Digital Imaging\bin\hposid01.exe:*:Enabled:hposid01.exe -- (Hewlett-Packard Co.)
    "C:\Program Files\HP\Digital Imaging\bin\hpfcCopy.exe" = C:\Program Files\HP\Digital Imaging\bin\hpfcCopy.exe:*:Enabled:hpfccopy.exe -- ()
    "C:\Program Files\HP\Digital Imaging\bin\hpoews01.exe" = C:\Program Files\HP\Digital Imaging\bin\hpoews01.exe:*:Enabled:hpoews01.exe -- (Hewlett-Packard Co.)
    "C:\Program Files\HP\Digital Imaging\bin\hpiscnapp.exe" = C:\Program Files\HP\Digital Imaging\bin\hpiscnapp.exe:*:Enabled:hpiscnapp.exe -- (Hewlett-Packard)
    "C:\Program Files\Common Files\HP\Digital Imaging\Bin\hpqPhotoCrm.exe" = C:\Program Files\Common Files\HP\Digital Imaging\Bin\hpqPhotoCrm.exe:*:Enabled:hpqphotocrm.exe -- (Hewlett-Packard Co.)
    "C:\Program Files\HP\Digital Imaging\bin\hpqgplgtupl.exe" = C:\Program Files\HP\Digital Imaging\bin\hpqgplgtupl.exe:*:Enabled:hpqgplgtupl.exe -- (Hewlett-Packard Co.)
    "C:\Program Files\HP\Digital Imaging\bin\hpqusgm.exe" = C:\Program Files\HP\Digital Imaging\bin\hpqusgm.exe:*:Enabled:hpqusgm.exe -- (Hewlett-Packard Co.)
    "C:\Program Files\HP\Digital Imaging\bin\hpqusgh.exe" = C:\Program Files\HP\Digital Imaging\bin\hpqusgh.exe:*:Enabled:hpqusgh.exe -- (Hewlett-Packard Co.)
    "C:\Program Files\HP\Digital Imaging\smart web printing\SmartWebPrintExe.exe" = C:\Program Files\HP\Digital Imaging\smart web printing\SmartWebPrintExe.exe:*:Enabled:smartwebprintexe.exe -- (Hewlett-Packard Co.)
    "C:\Program Files\TVersity\Media Server\MediaServer.exe" = C:\Program Files\TVersity\Media Server\MediaServer.exe:*:Enabled:TVersity Media Server -- ()
    "C:\Program Files\Steam\steamapps\common\call of duty modern warfare 2\iw4sp.exe" = C:\Program Files\Steam\steamapps\common\call of duty modern warfare 2\iw4sp.exe:*:Enabled:Call of Duty: Modern Warfare 2 -- ()
    "C:\Program Files\Steam\steamapps\common\call of duty modern warfare 2\iw4mp.exe" = C:\Program Files\Steam\steamapps\common\call of duty modern warfare 2\iw4mp.exe:*:Enabled:Call of Duty: Modern Warfare 2 - Multiplayer -- ()
    "C:\Program Files\Steam\steamapps\common\left 4 dead\left4dead.exe" = C:\Program Files\Steam\steamapps\common\left 4 dead\left4dead.exe:*:Enabled:Left 4 Dead -- ()
    "C:\Program Files\Steam\steamapps\common\call of duty black ops\BlackOpsMP.exe" = C:\Program Files\Steam\steamapps\common\call of duty black ops\BlackOpsMP.exe:*:Enabled:Call of Duty: Black Ops - Multiplayer -- ()
    "C:\Program Files\Steam\steamapps\common\call of duty black ops\BlackOps.exe" = C:\Program Files\Steam\steamapps\common\call of duty black ops\BlackOps.exe:*:Enabled:Call of Duty: Black Ops -- ()


    ========== HKEY_LOCAL_MACHINE Uninstall List ==========

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
    "{002D9D5E-29BA-3E6D-9BC4-3D7D6DBC735C}" = Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148
    "{00405945-70C1-4B1D-9A3C-45A2883366AF}" = PS_AIO_05_C4600_Software_Min
    "{0394CDC8-FABD-4ed8-B104-03393876DFDF}" = Roxio Creator Tools
    "{048298C9-A4D3-490B-9FF9-AB023A9238F3}" = Steam
    "{04AF207D-9A77-465A-8B76-991F6AB66245}" = Adobe Help Viewer CS3
    "{07FB17D8-7DB6-4F06-80C4-8BE1719CB6A1}" = hpWLPGInstaller
    "{0837A661-FEC3-48B3-876C-91E7D32048A9}" = Macromedia Dreamweaver 8
    "{08B32819-6EEF-4057-AEDA-5AB681A36A23}" = Adobe Bridge Start Meeting
    "{0D397393-9B50-4c52-84D5-77E344289F87}" = Roxio Creator Data
    "{0EB5D9B7-8E6C-4A9E-B74F-16B7EE89A67B}" = Microsoft Plus! Photo Story 2 LE
    "{0F367CA3-3B2F-43F9-A44A-25A8EE69E45D}" = Scan
    "{12665B01-3F3A-4433-B179-9D8E352D7547}" = Try Corel Snapfire muvee autoProducer add on
    "{133742BA-6F46-4D3E-85AF-78631D9AD8B8}" = Installation Windows Live
    "{175F0111-2968-4935-8F70-33108C6A4DE3}" = MarketResearch
    "{17E14D89-3A9F-4706-9F9B-C2DFC7ABE94B}" = Corel Snapfire DVD Maker
    "{184CE391-7E0E-4C63-9935-D7A10EDFD3C6}" = Adobe WinSoft Linguistics Plugin
    "{205C6BDD-7B73-42DE-8505-9A093F35A238}" = Outil de téléchargement Windows Live
    "{21A2F5EE-1DC5-488A-BE7E-E526F8C61488}" = DeviceDiscovery
    "{21AE04E8-EBF6-40DB-9AA9-B7A80C5D057D}" = mkv2vob
    "{224F7A6E-1D66-46B6-888A-D025E5AC20F6}" = MPIO Manager
    "{22B775E7-6C42-4FC5-8E10-9A5E3257BD94}" = MSVCRT
    "{232DB76D-4751-41A9-9EC2-CDC0DAC1FAB6}" = WD SmartWare
    "{236BB7C4-4419-42FD-0409-1E257A25E34D}" = Adobe Photoshop CS2
    "{23F79416-CAD1-41BF-99A3-040F6C814AAA}" = NVIDIA Photoshop Plug-ins
    "{24D7346D-D4B4-45E8-98EA-75EC14B42DD8}" = Adobe ExtendScript Toolkit 2
    "{281ECE39-F043-492B-8337-F2E546B5604A}" = PowerDVD
    "{28AAE6A5-B887-4E19-B06C-E367F3C43EDB}" = Cisco AnyConnect VPN Client
    "{2C6C74C2-042F-4D36-B7B0-0C538FCF01AB}" = Dell DataSafe Online
    "{2C7D6B7D-1314-4FA7-97BF-62B978728110}" = AGEIA PhysX Engines
    "{2EEA7AA4-C203-4b90-A34F-19FB7EF1C81C}" = BufferChm
    "{2EFFFC71-1E66-454E-A6E6-CEEC800B96D2}" = Adobe Flash Video Encoder
    "{2F4C24E6-CBD4-4AAC-B56F-C9FD44DE5668}" = Roxio Drag-to-Disc
    "{30465B6C-B53F-49A1-9EBA-A3F187AD502E}" = Roxio Update Manager
    "{3175E049-F9A9-4A3D-8F19-AC9FB04514D1}" = Windows Live Communications Platform
    "{3248F0A8-6813-11D6-A77B-00B0D0150060}" = J2SE Runtime Environment 5.0 Update 6
    "{330DAC67-5B62-452A-A0E4-6B4A5923940F}_is1" = MotioninJoy ds3 driver version 0.6.0003
    "{33BB4982-DC52-4886-A03B-F4C5C80BEE89}" = Windows Media Player 10
    "{350C97B0-3D7C-4EE8-BAA9-00BCB3D54227}" = WebFldrs XP
    "{35E1EC43-D4FC-4E4A-AAB3-20DDA27E8BB0}" = Sonic Activation Module
    "{3D50E33F-0DB8-4E3B-B75C-2B872A33D87B}" = HP Deskjet 6500
    "{3E5CBADD-2E51-47C1-BBE2-B802DB6DA56A}" = MF Trader 4 4.00
    "{4286E640-B5FB-11DF-AC4B-005056C00008}" = Google Earth
    "{43CDF946-F5D9-4292-B006-BA0D92013021}" = WebReg
    "{445B183D-F4F1-45C8-B9DB-F11355CA657B}" = Windows Live Messenger
    "{44C81D1A-0520-49BB-B510-98B8DD414EA1}" = HP Photosmart C4600 All-In-One Driver Software 13.0 Rel .5
    "{4A70EF07-7F88-4434-BB61-D1DE8AE93DD4}" = SolutionCenter
    "{51846830-E7B2-4218-8968-B77F0FF475B8}" = Adobe Color EU Extra Settings
    "{54793AA1-5001-42F4-ABB6-C364617C6078}" = Adobe Linguistics CS3
    "{5546CDB5-2CE2-498B-B059-5B3BF81FC41F}" = Macromedia Extension Manager
    "{56F3E1FF-54FE-4384-A153-6CCABA097814}" = Creative MediaSource
    "{5B09BD67-4C99-46A1-8161-B7208CE18121}" = QuickTime
    "{5F4B558D-8AEB-4DEE-AAB3-C00D1D9A86BA}" = Sibelius Scorch (Firefox, Opera, Netscape only)
    "{619CDD8A-14B6-43a1-AB6C-0F4EE48CE048}" = Roxio Creator Copy
    "{62230596-37E5-4618-A329-0D21F529A86F}" = Browser Address Error Redirector
    "{63FF21C9-A810-464F-B60A-3111747B1A6D}" = GPBaseService2
    "{64C1FA9A-FA94-4B6E-B3E4-8573738E4AD1}" = Adobe Setup
    "{6675CA7F-E51B-4F6A-99D4-F8F0124C6EAA}" = Roxio Express Labeler
    "{68A10D12-0D0F-4212-BDE6-D87FAD32A8FA}" = SmartWebPrinting
    "{69FDFBB6-351D-4B8C-89D8-867DC9D0A2A4}" = Windows Media Player Firefox Plugin
    "{6B2FFB21-AC88-45C3-9A7D-4BB3E744EC91}" = HPSSupply
    "{6B52140A-F189-4945-BFFC-DB3F00B8C589}" = Adobe Flash CS3
    "{6BBA26E9-AB03-4FE7-831A-3535584CA002}" = Toolbox
    "{6D4AC5A4-4CF9-4F90-8111-B9B53CE257BF}" = Adobe Color Common Settings
    "{6D52C408-B09A-4520-9B18-475B81D393F1}" = Microsoft Works
    "{6E45BA47-383C-4C1E-8ED0-0D4845C293D7}" = Microsoft Plus! Digital Media Edition Installer
    "{6F23C1A3-9F62-470C-BD12-B83F04E67865}" = SmartFTP Client
    "{6FF5DD7A-FE28-4439-B8CF-1E9AF4EA0A61}" = Adobe Asset Services CS3
    "{7059BDA7-E1DB-442C-B7A1-6144596720A4}" = HP Update
    "{71F6261F-C0EC-46EF-85D6-67EDEEE2EF89}" = Corel Snapfire Plus
    "{7210BCFE-ED8D-4261-8537-81B5A4BDFA2A}" = Rosetta Stone V3
    "{74F7662C-B1DB-489E-A8AC-07A06B24978B}" = Dell System Restore
    "{767572FD-4D01-4FA3-B0A6-4B09FB2CFC37}" = Sony Sound Forge 8.0
    "{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
    "{786C5747-1033-0000-B58E-000000000001}" = Adobe Stock Photos 1.0
    "{789289CA-F73A-4A16-A331-54D498CE069F}" = Ventrilo Client
    "{79F86C69-2B17-4368-9234-472A23639E16}" = Ad-Aware
    "{7CDD7C4C-5224-40E4-951F-51C12FEAB8AB}" = C4600
    "{7EFA5E6F-74F7-4AFB-8AEA-AA790BD3A76D}" = DellSupport
    "{837b34e3-7c30-493c-8f6a-2b0f04e2912c}" = Microsoft Visual C++ 2005 Redistributable
    "{83FFCFC7-88C6-41c6-8752-958A45325C82}" = Roxio Creator Audio
    "{880AF49C-34F7-4285-A8AD-8F7A3D1C33DC}" = Roxio Creator BDAV Plugin
    "{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
    "{8D2BA474-F406-4710-9AE4-D4F22D21F0DD}" = Adobe Device Central CS3
    "{8E6808E2-613D-4FCD-81A2-6C8FA8E03312}" = Adobe Type Support
    "{8EDBA74D-0686-4C99-BFDD-F894678E5B39}" = Adobe Common File Installer
    "{90176341-0A8B-4CCC-A78D-F862228A6B95}" = Adobe Anchor Service CS3
    "{90280409-6000-11D3-8CFE-0050048383C9}" = Microsoft Office XP Professional with FrontPage
    "{92127AF5-FDD8-4ADF-BC40-C356C9EE0B7D}" = 32 Bit HP CIO Components Installer
    "{9422C8EA-B0C6-4197-B8FC-DC797658CA00}" = Windows Live Sign-in Assistant
    "{95120000-0052-0409-0000-0000000FF1CE}" = Microsoft Office Visio Viewer 2007
    "{95120000-00B9-0409-0000-0000000FF1CE}" = Microsoft Application Error Reporting
    "{95655ED4-7CA5-46DF-907F-7144877A32E5}" = Adobe Color NA Recommended Settings
    "{99052DB7-9592-4522-A558-5417BBAD48EE}" = Microsoft ActiveSync
    "{9941F0AA-B903-4AF4-A055-83A9815CC011}" = Sonic Encoders
    "{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
    "{9C9824D9-9000-4373-A6A5-D0E5D4831394}" = Adobe Bridge CS3
    "{9DF0196F-B6B8-4C3A-8790-DE42AA530101}" = SPORE™
    "{9E2514D9-DC24-4634-B348-61F3EF0F1628}" = Sound Blaster Audigy 2 ZS
    "{A1F66FC9-11EE-4F2F-98C9-16F8D1E69FB7}" = Segoe UI
    "{A2B242BD-FF8D-4840-9DAA-9170EABEC59C}" = Adobe CMaps
    "{A3051CD0-2F64-3813-A88D-B8DCCDE8F8C7}" = Microsoft .NET Framework 3.0 Service Pack 2
    "{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
    "{AC5B0C19-D851-42F4-BDA0-410ECF7F70A5}" = PDF Settings
    "{AC76BA86-7AD7-1033-7B44-A82000000003}" = Adobe Reader 8.2.0
    "{ACFC6B2B-8A6A-448F-BD4C-53A2FBE29920}" = Multi RemoteCommander
    "{AE8705FB-E13C-40A9-8A2D-68D6733FBFC2}" = Status
    "{B194272D-1F92-46DF-99EB-8D5CE91CB4EC}" = Adobe AIR
    "{B2FE1952-0186-46c3-BAEC-A80AA35AC5B8}_Display.ControlPanel" = NVIDIA Control Panel 260.99
    "{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver" = NVIDIA Graphics Driver 260.99
    "{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.NView" = NVIDIA nView 135.36
    "{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.PhysX" = NVIDIA PhysX System Software 9.10.0514
    "{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_installer" = NVIDIA Install Application
    "{B3B487E7-6171-4376-9074-B28082CEB504}" = Windows Live Call
    "{B3BF6689-A81D-40D8-9A86-4AC4ACD9FC1C}" = Adobe Camera Raw 4.0
    "{B3C02EC1-A7B0-4987-9A43-8789426AAA7D}" = Adobe Setup
    "{B4092C6D-E886-4CB2-BA68-FE5A88D31DE6}_is1" = Spybot - Search & Destroy
    "{B46690D9-2FE5-436F-8D13-568BC18D2ACC}" = CoD Builder 0.79 Beta
    "{B7050CBDB2504B34BC2A9CA0A692CC29}" = DivX Web Player
    "{B74D4E10-1033-0000-0000-000000000001}" = Adobe Bridge 1.0
    "{B74F042E-E1B9-4A5B-8D46-387BB172F0A4}" = Apple Software Update
    "{B9DB4C76-01A4-46D5-8910-F7AA6376DBAF}" = NVIDIA PhysX
    "{BD7204BA-DD64-499E-9B55-6A282CDF4FA4}" = Destinations
    "{C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F}" = Microsoft .NET Framework 2.0 Service Pack 2
    "{C43326F5-F135-4551-8270-7F7ABA0462E1}" = HPProductAssistant
    "{C5074CC4-0E26-4716-A307-960272A90040}" = QuickSet
    "{C75CDBA2-3C86-481e-BD10-BDDA758F9DFF}" = hpPrintProjects
    "{C8B0680B-CDAE-4809-9F91-387B6DE00F7C}" = Roxio Creator DE
    "{C99C0593-3B48-41D9-B42F-6E035B320449}" = Broadcom Management Programs
    "{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}" = Microsoft .NET Framework 1.1
    "{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
    "{CE6DEE87-1C87-42ED-A108-7369BFE9076F}" = 32 bit Windows Card Reader Driver
    "{D0DFF92A-492E-4C40-B862-A74A173C25C5}" = Adobe Version Cue CS3 Client
    "{D2559B88-CC9D-4B48-81BB-F492BAA9C48C}" = Adobe PDF Library Files
    "{D639085F-4B6E-4105-9F37-A0DBB023E2FB}" = Roxio MyDVD DE
    "{DBEA1034-5882-4A88-8033-81C4EF0CFA29}" = Google Toolbar for Internet Explorer
    "{DC0A5F99-FD66-433F-9D3A-05DCBA64BE42}" = TrayApp
    "{DD7DB3C5-6FA3-4FA3-8A71-C2F2940EB029}" = Adobe Color JA Extra Settings
    "{E17141A6-211D-5854-61D9-69827A430D82}" = EA Download Manager UI
    "{E239F8B2-AE00-467D-9F05-47C8E1FAAFA7}" = WD Align - Powered by Acronis
    "{E3BFEE55-39E2-4BE0-B966-89FE583822C1}" = Dell Support Center (Support Software)
    "{E69AE897-9E0B-485C-8552-7841F48D42D8}" = Adobe Update Manager CS3
    "{E9787678-1033-0000-8E67-000000000001}" = Adobe Help Center 1.0
    "{F0E12BBA-AD66-4022-A453-A1C8A0C4D570}" = Microsoft Choice Guard
    "{F2B5644C-0183-4529-99F0-409C5C79C8C0}" = Windows Mobile Daylight Saving Time 2007 Updates
    "{F333A33D-125C-32A2-8DCE-5C5D14231E27}" = Visual C++ 2008 x86 Runtime - (v9.0.30729)
    "{F333A33D-125C-32A2-8DCE-5C5D14231E27}.vc_x86runtime_30729_01" = Visual C++ 2008 x86 Runtime - v9.0.30729.01
    "{F4F4F84E-804F-4E9A-84D7-C34283F0088F}" = RealUpgrade 1.0
    "{FFC1ADE3-944B-4231-894E-3903C37271D2}" = Adobe Setup
    "12133444-BF36-4d4e-B7FB-A3424C645DE4" = GemMaster Mystic
    "Adobe AIR" = Adobe AIR
    "Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX
    "Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin
    "Adobe Photoshop CS2 - {236BB7C4-4419-42FD-0409-1E257A25E34D}" = Adobe Photoshop CS2
    "Adobe Shockwave Player" = Adobe Shockwave Player 11.5
    "Adobe_3e054d2218e7aa282c2369d939e58ff" = Adobe ExtendScript Toolkit 2
    "Adobe_6c8e2cb4fd241c55406016127a6ab2e" = Adobe Color Common Settings
    "Adobe_c3c7fe8b09d497ab2b3fd91c9353390" = Adobe Flash CS3 Professional
    "AndreaMosaicVersion3" = AndreaMosaic 3.21
    "Antares Auto-Tune 3.06 DirectX" = Antares Auto-Tune 3.06 DirectX
    "Antares Tube v1.0" = Antares Tube v1.0
    "B3EE3001-DC24-4cd1-8743-5692C716659F" = Otto
    "Cakewalk Pro Audio 9" = Cakewalk Pro Audio 9
    "CAL" = Canon Camera Access Library
    "CameraWindowDVC5" = Canon Camera Window DC_DV 5 for ZoomBrowser EX
    "CameraWindowDVC6" = Canon Camera Window DC_DV 6 for ZoomBrowser EX
    "CameraWindowMC" = Canon Camera Window MC 6 for ZoomBrowser EX
    "Canon G.726 WMP-Decoder" = Canon G.726 WMP-Decoder
    "Coding Workshop Polyphonic Wizard" = Coding Workshop Polyphonic Wizard
    "CoDpiler" = CoDpiler (remove only)
    "com.ea.Vault.919CACB699904AC5D41B606703500DD39747C02D.1" = EA Download Manager UI
    "Core FTP LE 2.1" = Core FTP LE 2.1
    "CSCLIB" = Canon Camera Support Core Library
    "EA Download Manager" = EA Download Manager
    "EmeraldQFE2" = Windows Media Player 10 Hotfix [See EmeraldQFE2 for more information]
    "ESPNMotion" = ESPNMotion
    "ffdshow_is1" = ffdshow [rev 1723] [2007-12-24]
    "Free M4a to MP3 Converter_is1" = Free M4a to MP3 Converter 5.9
    "FruityLoops v3.4" = FruityLoops v3.4
    "FXCM Trading Station" = FXCM Trading Station
    "FXOrder2Go" = FXOrder2Go
    "Google Chrome" = Google Chrome
    "HijackThis" = HijackThis 2.0.2
    "HP Imaging Device Functions" = HP Imaging Device Functions 13.0
    "HP Print Projects" = HP Print Projects 1.0
    "HP Smart Web Printing" = HP Smart Web Printing 4.5
    "HP Solution Center & Imaging Support Tools" = HP Solution Center 13.0
    "HPExtendedCapabilities" = HP Customer Participation Program 13.0
    "InstallShield_{2BF0AE92-C3BC-4112-9066-1546342B1FAE}" = Call of Duty(R) - World at War(TM) 1.2 Patch
    "InstallShield_{9F01A67B-7D67-482F-9D4F-D5980A440FD4}" = Call of Duty(R) - World at War(TM) 1.4 Patch
    "InstallShield_{AFAE2B15-89A0-4215-A030-F7B5B478886B}" = Call of Duty(R) - World at War(TM) 1.1 Patch
    "InstallShield_{E5141379-B2D9-4BBC-BB2A-5805541571DD}" = Call of Duty(R) 4 - Modern Warfare(TM) 1.2 Patch
    "InterActual Player" = InterActual Player
    "IsoBuster_is1" = IsoBuster 2.4
    "LibUSB-Win32_is1" = LibUSB-Win32-0.1.10.1
    "MagicDisc 2.7.101" = MagicDisc 2.7.101
    "MagicDisc 2.7.105" = MagicDisc 2.7.105
    "Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware
    "Microsoft .NET Framework 1.1 (1033)" = Microsoft .NET Framework 1.1
    "Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
    "Monkey's Audio_is1" = Monkey's Audio
    "MovieEditTask" = Canon MovieEdit Task for ZoomBrowser EX
    "Mozilla Firefox (3.5.19)" = Mozilla Firefox (3.5.19)
    "MSCompPackV1" = Microsoft Compression Client Pack 1.0 for Windows XP
    "MSNINST" = MSN
    "N360" = Norton 360
    "Native Instruments Kontakt Player Sibelius" = Native Instruments Kontakt Player Sibelius
    "Native Instruments Sibelius Player" = Native Instruments Sibelius Player
    "Neuratron PhotoScore Lite" = Neuratron PhotoScore Lite
    "NVIDIA nView Desktop Manager" = NVIDIA nView Desktop Manager
    "PhotoStitch" = Canon Utilities PhotoStitch
    "Polyphonic Wizard v4.5" = Polyphonic Wizard v4.5
    "PunkBusterSvc" = PunkBuster Services
    "QuickSFV" = QuickSFV (Remove only)
    "RAW Image Task" = Canon RAW Image Task for ZoomBrowser EX
    "RealPlayer 12.0" = RealPlayer
    "RemoteCaptureTask" = Canon RemoteCapture Task for ZoomBrowser EX
    "ReValver" = ReValver
    "ScrabBot 5.1" = ScrabBot 5.1
    "SearchAssist" = SearchAssist
    "Shop for HP Supplies" = Shop for HP Supplies
    "Sibelius 4" = Sibelius 4
    "SmartFTP Client 2.5 Setup Files" = SmartFTP Client 2.5 Setup Files (remove only)
    "SmartFTP Client 3.0 Setup Files" = SmartFTP Client 3.0 Setup Files (remove only)
    "Steam App 10180" = Call of Duty: Modern Warfare 2
    "Steam App 10190" = Call of Duty: Modern Warfare 2 - Multiplayer
    "Steam App 42700" = Call of Duty: Black Ops
    "Steam App 42710" = Call of Duty: Black Ops - Multiplayer
    "Steam App 500" = Left 4 Dead
    "Steam App 590" = Left 4 Dead 2 Demo
    "StepMania" = StepMania (remove only)
    "Stereogram magician_is1" = Stereogram magician (V3.22)
    "Switch" = Switch
    "SysInfo" = Creative System Information
    "Teamspeak 2 RC2_is1" = TeamSpeak 2 RC2
    "The Grand" = Steinberg The Grand
    "TVersity Codec Pack" = TVersity Codec Pack 1.2
    "TVersity Media Server" = TVersity Media Server 1.8 Beta
    "VLC media player" = VLC media player 1.0.3
    "Wdf01009" = Microsoft Kernel-Mode Driver Framework Feature Pack 1.9
    "WIC" = Windows Imaging Component
    "Winamp" = Winamp
    "Windows Media Format Runtime" = Windows Media Format 11 runtime
    "Windows Media Player" = Lecteur Windows Media*11
    "Windows Mobile Device Handbook" = Windows Mobile® Device Handbook
    "WinLiveSuite_Wave3" = Installation Windows Live
    "WinRAR archiver" = WinRAR archiver
    "winusb0200" = Microsoft WinUsb 2.0
    "WMFDist11" = Windows Media Format 11 runtime
    "wmp11" = Windows Media Player 11
    "Wudf01000" = Microsoft User-Mode Driver Framework Feature Pack 1.0
    "Xfire" = Xfire (remove only)
    "ZoomBrowser EX" = Canon Utilities ZoomBrowser EX

    ========== HKEY_USERS Uninstall List ==========

    [HKEY_USERS\S-1-5-21-3259613652-3807671696-3229074984-1005\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
    "f031ef6ac137efc5" = Dell Driver Download Manager
    "Facebook Plug-In" = Facebook Plug-In
    "Move Media Player" = Move Media Player
    "UnityWebPlayer" = Unity Web Player

    ========== Last 10 Event Log Errors ==========

    [ Application Events ]
    Error - 24/05/2011 7:44:05 PM | Computer Name = VINCENT | Source = Application Hang | ID = 1002
    Description = Hanging application explorer.exe, version 6.0.2900.3156, hang module
    hungapp, version 0.0.0.0, hang address 0x00000000.

    Error - 24/05/2011 7:48:43 PM | Computer Name = VINCENT | Source = Lavasoft Ad-Aware Service | ID = 0
    Description =

    Error - 24/05/2011 7:49:20 PM | Computer Name = VINCENT | Source = Lavasoft Ad-Aware Service | ID = 0
    Description =

    Error - 24/05/2011 7:54:08 PM | Computer Name = VINCENT | Source = Lavasoft Ad-Aware Service | ID = 0
    Description =

    Error - 24/05/2011 7:54:08 PM | Computer Name = VINCENT | Source = Lavasoft Ad-Aware Service | ID = 0
    Description =

    Error - 27/05/2011 9:37:28 PM | Computer Name = VINCENT | Source = Lavasoft Ad-Aware Service | ID = 0
    Description =

    Error - 27/05/2011 9:38:11 PM | Computer Name = VINCENT | Source = Lavasoft Ad-Aware Service | ID = 0
    Description =

    Error - 27/05/2011 9:39:17 PM | Computer Name = VINCENT | Source = Lavasoft Ad-Aware Service | ID = 0
    Description =

    Error - 27/05/2011 9:40:02 PM | Computer Name = VINCENT | Source = Lavasoft Ad-Aware Service | ID = 0
    Description =

    Error - 27/05/2011 10:33:03 PM | Computer Name = VINCENT | Source = Application Hang | ID = 1002
    Description = Hanging application taskmgr.exe, version 5.1.2600.2180, hang module
    hungapp, version 0.0.0.0, hang address 0x00000000.

    [ Cisco AnyConnect VPN Client Events ]
    Error - 12/03/2011 9:13:49 AM | Computer Name = VINCENT | Source = vpnagent | ID = 50331669
    Description = Failed Route change: Action: AddRoute Destination: 192.168.1.255 Netmask:
    255.255.255.255 Gateway: 10.2.3.1 Interface: 10.2.3.93 Metric: 1

    Error - 12/03/2011 9:13:49 AM | Computer Name = VINCENT | Source = vpnagent | ID = 50331649
    Description = Function: AddRouteChange Return code: 0xFE07000D File: .\ChangeRouteHelper.cpp
    Line:
    222 Description: ROUTETABLE_ERROR_CREATEIPFORWARDENTRY_FAILED

    Error - 09/04/2011 4:44:14 PM | Computer Name = VINCENT | Source = vpnagent | ID = 50331649
    Description = Function: AddRouteChange Return code: 0xFE07000D File: .\ChangeRouteHelper.cpp
    Line:
    1271 Description: ROUTETABLE_ERROR_CREATEIPFORWARDENTRY_FAILED

    Error - 09/04/2011 4:44:14 PM | Computer Name = VINCENT | Source = vpnagent | ID = 50331669
    Description = Failed Route change: Action: AddRoute Destination: 192.168.1.255 Netmask:
    255.255.255.255 Gateway: 10.2.4.1 Interface: 10.2.4.4 Metric: 1

    Error - 09/04/2011 4:44:14 PM | Computer Name = VINCENT | Source = vpnagent | ID = 50331649
    Description = Function: AddRouteChange Return code: 0xFE07000D File: .\ChangeRouteHelper.cpp
    Line:
    222 Description: ROUTETABLE_ERROR_CREATEIPFORWARDENTRY_FAILED

    Error - 10/04/2011 5:21:10 PM | Computer Name = VINCENT | Source = vpnagent | ID = 50331649
    Description = Function: AddRouteChange Return code: 0xFE07000D File: .\ChangeRouteHelper.cpp
    Line:
    1271 Description: ROUTETABLE_ERROR_CREATEIPFORWARDENTRY_FAILED

    Error - 10/04/2011 5:21:10 PM | Computer Name = VINCENT | Source = vpnagent | ID = 50331669
    Description = Failed Route change: Action: AddRoute Destination: 192.168.1.255 Netmask:
    255.255.255.255 Gateway: 10.2.3.1 Interface: 10.2.3.243 Metric: 1

    Error - 10/04/2011 5:21:10 PM | Computer Name = VINCENT | Source = vpnagent | ID = 50331649
    Description = Function: AddRouteChange Return code: 0xFE07000D File: .\ChangeRouteHelper.cpp
    Line:
    222 Description: ROUTETABLE_ERROR_CREATEIPFORWARDENTRY_FAILED

    Error - 09/05/2011 10:44:14 PM | Computer Name = VINCENT | Source = vpnagent | ID = 50331650
    Description = Termination reason code 9: Client PC is shutting down.

    Error - 19/05/2011 9:36:24 PM | Computer Name = VINCENT | Source = vpnagent | ID = 50331650
    Description = Termination reason code 9: Client PC is shutting down.

    [ System Events ]
    Error - 27/05/2011 1:20:00 AM | Computer Name = VINCENT | Source = DCOM | ID = 10005
    Description = DCOM got error "%1058" attempting to start the service gupdate with
    arguments "/comsvc" in order to run the server: {4EB61BAC-A3B6-4760-9581-655041EF4D69}

    Error - 27/05/2011 3:01:11 AM | Computer Name = VINCENT | Source = Windows Update Agent | ID = 20
    Description = Installation Failure: Windows failed to install the following update
    with error 0x8007f0f4: Security Update for Windows XP (KB979683).

    Error - 27/05/2011 6:20:00 AM | Computer Name = VINCENT | Source = DCOM | ID = 10005
    Description = DCOM got error "%1058" attempting to start the service gupdate with
    arguments "/comsvc" in order to run the server: {4EB61BAC-A3B6-4760-9581-655041EF4D69}

    Error - 27/05/2011 11:20:00 AM | Computer Name = VINCENT | Source = DCOM | ID = 10005
    Description = DCOM got error "%1058" attempting to start the service gupdate with
    arguments "/comsvc" in order to run the server: {4EB61BAC-A3B6-4760-9581-655041EF4D69}

    Error - 27/05/2011 4:20:06 PM | Computer Name = VINCENT | Source = DCOM | ID = 10005
    Description = DCOM got error "%1058" attempting to start the service gupdate with
    arguments "/comsvc" in order to run the server: {4EB61BAC-A3B6-4760-9581-655041EF4D69}

    Error - 27/05/2011 9:20:00 PM | Computer Name = VINCENT | Source = DCOM | ID = 10005
    Description = DCOM got error "%1058" attempting to start the service gupdate with
    arguments "/comsvc" in order to run the server: {4EB61BAC-A3B6-4760-9581-655041EF4D69}

    Error - 27/05/2011 10:25:38 PM | Computer Name = VINCENT | Source = sr | ID = 1
    Description = The System Restore filter encountered the unexpected error '0xC0000001'
    while processing the file '' on the volume 'HarddiskVolume2'. It has stopped monitoring
    the volume.

    Error - 27/05/2011 10:25:45 PM | Computer Name = VINCENT | Source = Print | ID = 19
    Description = Sharing printer failed + 1722, Printer HP Photosmart C4600 series
    share name **** Me Printer.

    Error - 27/05/2011 10:26:08 PM | Computer Name = VINCENT | Source = Service Control Manager | ID = 7026
    Description = The following boot-start or system-start driver(s) failed to load:
    Lbd nvraid

    Error - 27/05/2011 10:58:30 PM | Computer Name = VINCENT | Source = Service Control Manager | ID = 7026
    Description = The following boot-start or system-start driver(s) failed to load:
    Lbd


    < End of report >
     
  21. Broni

    Broni Malware Annihilator Posts: 47,037   +255

    I can't continue, because....

    ...you didn't say:
     
  22. KriegSohn

    KriegSohn TS Rookie Topic Starter Posts: 18

    Oh true... doing fine. Computer seems faster :)
     
  23. Broni

    Broni Malware Annihilator Posts: 47,037   +255

    Very well. Hold on...
     
  24. Broni

    Broni Malware Annihilator Posts: 47,037   +255

    1. Update your Java version here: http://www.java.com/en/download/installed.jsp

    Note 1: UNCHECK any pre-checked toolbar and/or software offered with the Java update. The pre-checked toolbars/software are not part of the Java update.

    Note 2: The Java Quick Starter (JQS.exe) adds a service to improve the initial startup time of Java applets and applications. If you don't want to run another extra service, go to Start > Control Panel > Java > Advanced > Miscellaneous and uncheck the box for Java Quick Starter. Click OK and restart your computer.

    2. Now, we need to remove old Java version and its remnants...

    Download JavaRa to your desktop and unzip it to its own folder
    • Run JavaRa.exe (Vista users! Right click on JavaRa.exe, click Run As Administrator), pick the language of your choice and click Select. Then click Remove Older Versions.
    • Accept any prompts.

    =================================================================

    Run OTL
    • Under the Custom Scans/Fixes box at the bottom, paste in the following

      Code:
      :OTL
      O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - No CLSID value found.
      O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab (Reg Error: Key error.)
      [2 C:\*.tmp files -> C:\*.tmp -> ]
      [1 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]
      [1 C:\Documents and Settings\Vincent\Application Data\*.tmp files -> C:\Documents and Settings\Vincent\Application Data\*.tmp -> ]
      [2007/12/05 23:56:47 | 000,000,008 | RHS- | C] () -- C:\WINDOWS\System32\C413840F68.sys
      [2011/05/27 23:36:07 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Viewpoint
      @Alternate Data Stream - 115 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:1A8B731E
      
      
      :Services
      
      :Reg
      [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]
      "DisableMonitoring" =-
      [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]
      "DisableMonitoring" =-
      
      :Files
      
      :Commands
      [purity]
      [emptytemp]
      [emptyflash]
      [Reboot]
      
    • Then click the Run Fix button at the top
    • Let the program run unhindered, reboot the PC when it is done
    • You will get a log that shows the results of the fix. Please post it.

    ======================================================================

    Last scans....

    1. Download Security Check from HERE, and save it to your Desktop.
    • Double-click SecurityCheck.exe
    • Follow the onscreen instructions inside of the black box.
    • A Notepad document should open automatically called checkup.txt; please post the contents of that document.

      NOTE SecurityCheck may produce some false warning(s), so leave the results reading to me.


    2. Download Temp File Cleaner (TFC)
    • Double click on TFC.exe to run the program.
    • Click on Start button to begin cleaning process.
    • TFC will close all running programs, and it may ask you to restart computer.


    3. Please run a free online scan with the ESET Online Scanner

    • Disable your antivirus program
    • Tick the box next to YES, I accept the Terms of Use
    • Click Start
    • IMPORTANT! UN-check Remove found threats
    • Accept any security warnings from your browser.
    • Check Scan archives
    • Click Start
    • ESET will then download updates for itself, install itself, and begin scanning your computer. Please be patient as this can take some time.
    • When the scan completes, push List of found threats
    • Click on Export to text file , and save the file to your desktop using a unique name, such as ESETScan. Include the contents of this report in your next reply.
    • NOTE. If Eset won't find any threats, it won't produce any log.
     
  25. KriegSohn

    KriegSohn TS Rookie Topic Starter Posts: 18

    Good morning,

    I just woke up this morning and it looked like the PC has rebooted by itself. Seems like NAV did a quick scan and Windows installed updates. NAV reported TDSS, but in restore folder, not in nvatabus.sys anymore.
    Do I run the scans anyway? I already updated Java.

    Thanks
     
Topic Status:
Not open for further replies.


Add New Comment

TechSpot Members
Login or sign up for free,
it takes about 30 seconds.
You may also...


Get complete access to the TechSpot community. Join thousands of technology enthusiasts that contribute and share knowledge in our forum. Get a private inbox, upload your own photo gallery and more.