Google redirect is back

Solved
By Shambo9
May 26, 2011
Topic Status:
Not open for further replies.
  1. Sigh...

    And my DDS won't run. It runs for a second and then closes itself out a second later.

    Malwarebytes' Anti-Malware 1.50.1.1100
    www.malwarebytes.org

    Database version: 6682

    Windows 6.0.6001 Service Pack 1
    Internet Explorer 7.0.6001.18000

    5/26/2011 12:28:25 AM
    mbam-log-2011-05-26 (00-28-25).txt

    Scan type: Quick scan
    Objects scanned: 170805
    Time elapsed: 21 minute(s), 59 second(s)

    Memory Processes Infected: 0
    Memory Modules Infected: 0
    Registry Keys Infected: 0
    Registry Values Infected: 0
    Registry Data Items Infected: 0
    Folders Infected: 0
    Files Infected: 2

    Memory Processes Infected:
    (No malicious items detected)

    Memory Modules Infected:
    (No malicious items detected)

    Registry Keys Infected:
    (No malicious items detected)

    Registry Values Infected:
    (No malicious items detected)

    Registry Data Items Infected:
    (No malicious items detected)

    Folders Infected:
    (No malicious items detected)

    Files Infected:
    c:\Windows\temp\ppxn\out5sd.exe (Adware.Agent) -> Quarantined and deleted successfully.
    c:\Windows\temp\ppxn\setup.exe (Trojan.Downloader) -> Quarantined and deleted successfully.



    GMER 1.0.15.15627 - http://www.gmer.net
    Rootkit quick scan 2011-05-26 00:56:13
    Windows 6.0.6001 Service Pack 1 Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T0L0-0 Hitachi_HTS542525K9SA00 rev.BBFOC33P
    Running: gx5r3e5p.exe; Driver: C:\Users\thomas\AppData\Local\Temp\uxliipob.sys


    ---- Disk sectors - GMER 1.0.15 ----

    Disk \Device\Harddisk0\DR0 TDL4@MBR code has been found <-- ROOTKIT !!!
    Disk \Device\Harddisk0\DR0 sector 00: rootkit-like behavior

    ---- Devices - GMER 1.0.15 ----

    AttachedDevice \Driver\kbdclass \Device\KeyboardClass0 Wdf01000.sys (WDF Dynamic/Microsoft Corporation)
    AttachedDevice \Driver\kbdclass \Device\KeyboardClass1 Wdf01000.sys (WDF Dynamic/Microsoft Corporation)

    ---- EOF - GMER 1.0.15 ----
  2. Broni

    Broni Malware Annihilator Posts: 46,127   +251

    Please, observe following rules:
    • Read all of my instructions very carefully. Your mistakes during cleaning process may have very serious consequences, like unbootable computer.
    • If you're stuck, or you're not sure about certain step, always ask before doing anything else.
    • Please refrain from running tools or applying updates other than those I suggest.
    • Never run more than one scan at a time.
    • Keep updating me regarding your computer behavior, good, or bad.
    • The cleaning process, once started, has to be completed. Even if your computer appears to act better, it may still be infected. Once the computer is totally clean, I'll certainly let you know.
    • If you leave the topic without explanation in the middle of a cleaning process, you may not be eligible to receive any more help in malware removal forum.
    • I close my topics if you have not replied in 5 days. If you need more time, simply let me know. If I closed your topic and you need it to be reopened, simply PM me.

    =====================================================================

    You got your computer messed up again pretty quickly....hmmmmmmmmmm....

    You're infected with a rootkit.

    Download TDSSKiller and save it to your desktop.
    • Extract (unzip) its contents to your desktop.
    • Open the TDSSKiller folder and doubleclick on TDSSKiller.exe to run the application, then on Start Scan.
    • If an infected file is detected, the default action will be Cure, click on Continue.
    • If a suspicious file is detected, the default action will be Skip, click on Continue.
    • It may ask you to reboot the computer to complete the process. Click on Reboot Now.
    • If no reboot is require, click on Report. A log file should appear. Please copy and paste the contents of that file here.
    • If a reboot is required, the report can also be found in your root directory (usually C:\ folder) in the form of TDSSKiller_xxxx_log.txt. Please copy and paste the contents of that file here.
  3. Shambo9

    Shambo9 Newcomer, in training Topic Starter Posts: 113

    2011/05/27 06:43:53.0451 4864 TDSS rootkit removing tool 2.5.3.0 May 25 2011 07:09:24
    2011/05/27 06:43:53.0916 4864 ================================================================================
    2011/05/27 06:43:53.0916 4864 SystemInfo:
    2011/05/27 06:43:53.0917 4864
    2011/05/27 06:43:53.0917 4864 OS Version: 6.0.6001 ServicePack: 1.0
    2011/05/27 06:43:53.0917 4864 Product type: Workstation
    2011/05/27 06:43:53.0917 4864 ComputerName: THOMAS-PC
    2011/05/27 06:43:53.0918 4864 UserName: thomas
    2011/05/27 06:43:53.0918 4864 Windows directory: C:\Windows
    2011/05/27 06:43:53.0918 4864 System windows directory: C:\Windows
    2011/05/27 06:43:53.0918 4864 Processor architecture: Intel x86
    2011/05/27 06:43:53.0918 4864 Number of processors: 2
    2011/05/27 06:43:53.0918 4864 Page size: 0x1000
    2011/05/27 06:43:53.0918 4864 Boot type: Normal boot
    2011/05/27 06:43:53.0918 4864 ================================================================================
    2011/05/27 06:43:55.0568 4864 Initialize success
    2011/05/27 06:44:06.0251 9572 ================================================================================
    2011/05/27 06:44:06.0251 9572 Scan started
    2011/05/27 06:44:06.0251 9572 Mode: Manual;
    2011/05/27 06:44:06.0251 9572 ================================================================================
    2011/05/27 06:44:08.0900 9572 ACPI (fcb8c7210f0135e24c6580f7f649c73c) C:\Windows\system32\drivers\acpi.sys
    2011/05/27 06:44:08.0966 9572 adp94xx (04f0fcac69c7c71a3ac4eb97fafc8303) C:\Windows\system32\drivers\adp94xx.sys
    2011/05/27 06:44:09.0092 9572 adpahci (60505e0041f7751bdbb80f88bf45c2ce) C:\Windows\system32\drivers\adpahci.sys
    2011/05/27 06:44:09.0144 9572 adpu160m (8a42779b02aec986eab64ecfc98f8bd7) C:\Windows\system32\drivers\adpu160m.sys
    2011/05/27 06:44:09.0257 9572 adpu320 (241c9e37f8ce45ef51c3de27515ca4e5) C:\Windows\system32\drivers\adpu320.sys
    2011/05/27 06:44:09.0344 9572 AFD (763e172a55177e478cb419f88fd0ba03) C:\Windows\system32\drivers\afd.sys
    2011/05/27 06:44:09.0457 9572 AgereSoftModem (ce91b158fa490cf4c4d487a4130f4660) C:\Windows\system32\DRIVERS\AGRSM.sys
    2011/05/27 06:44:09.0609 9572 agp440 (13f9e33747e6b41a3ff305c37db0d360) C:\Windows\system32\drivers\agp440.sys
    2011/05/27 06:44:09.0655 9572 aic78xx (ae1fdf7bf7bb6c6a70f67699d880592a) C:\Windows\system32\drivers\djsvs.sys
    2011/05/27 06:44:09.0720 9572 aliide (9eaef5fc9b8e351afa7e78a6fae91f91) C:\Windows\system32\drivers\aliide.sys
    2011/05/27 06:44:09.0771 9572 amdagp (c47344bc706e5f0b9dce369516661578) C:\Windows\system32\drivers\amdagp.sys
    2011/05/27 06:44:09.0876 9572 amdide (9b78a39a4c173fdbc1321e0dd659b34c) C:\Windows\system32\drivers\amdide.sys
    2011/05/27 06:44:09.0916 9572 AmdK7 (18f29b49ad23ecee3d2a826c725c8d48) C:\Windows\system32\drivers\amdk7.sys
    2011/05/27 06:44:09.0987 9572 AmdK8 (93ae7f7dd54ab986a6f1a1b37be7442d) C:\Windows\system32\drivers\amdk8.sys
    2011/05/27 06:44:10.0171 9572 appliand (05eda44c080ebaf758f8a318488ffd75) C:\Windows\system32\DRIVERS\appliand.sys
    2011/05/27 06:44:10.0214 9572 appliandMP (05eda44c080ebaf758f8a318488ffd75) C:\Windows\system32\DRIVERS\appliand.sys
    2011/05/27 06:44:10.0289 9572 arc (5d2888182fb46632511acee92fdad522) C:\Windows\system32\drivers\arc.sys
    2011/05/27 06:44:10.0341 9572 arcsas (5e2a321bd7c8b3624e41fdec3e244945) C:\Windows\system32\drivers\arcsas.sys
    2011/05/27 06:44:10.0433 9572 AsyncMac (53b202abee6455406254444303e87be1) C:\Windows\system32\DRIVERS\asyncmac.sys
    2011/05/27 06:44:10.0617 9572 atapi (0d83c87a801a3dfcd1bf73893fe7518c) C:\Windows\system32\drivers\atapi.sys
    2011/05/27 06:44:10.0778 9572 athr (8899bbd6740fefbdffd38eb88693dd26) C:\Windows\system32\DRIVERS\athr.sys
    2011/05/27 06:44:11.0025 9572 atikmdag (a2b6478963451a99c28da8133b648142) C:\Windows\system32\DRIVERS\atikmdag.sys
    2011/05/27 06:44:11.0226 9572 AtiPcie (4aa1eb65481c392955939e735d27118b) C:\Windows\system32\DRIVERS\AtiPcie.sys
    2011/05/27 06:44:11.0310 9572 avgntflt (47b879406246ffdced59e18d331a0e7d) C:\Windows\system32\DRIVERS\avgntflt.sys
    2011/05/27 06:44:11.0364 9572 avipbb (5fedef54757b34fb611b9ec8fb399364) C:\Windows\system32\DRIVERS\avipbb.sys
    2011/05/27 06:44:11.0479 9572 Beep (67e506b75bd5326a3ec7b70bd014dfb6) C:\Windows\system32\drivers\Beep.sys
    2011/05/27 06:44:11.0551 9572 blbdrive (d4df28447741fd3d953526e33a617397) C:\Windows\system32\drivers\blbdrive.sys
    2011/05/27 06:44:11.0631 9572 bowser (8153396d5551276227fa146900f734e6) C:\Windows\system32\DRIVERS\bowser.sys
    2011/05/27 06:44:11.0741 9572 BrFiltLo (9f9acc7f7ccde8a15c282d3f88b43309) C:\Windows\system32\drivers\brfiltlo.sys
    2011/05/27 06:44:11.0805 9572 BrFiltUp (56801ad62213a41f6497f96dee83755a) C:\Windows\system32\drivers\brfiltup.sys
    2011/05/27 06:44:11.0871 9572 Brserid (b304e75cff293029eddf094246747113) C:\Windows\system32\drivers\brserid.sys
    2011/05/27 06:44:11.0920 9572 BrSerWdm (203f0b1e73adadbbb7b7b1fabd901f6b) C:\Windows\system32\drivers\brserwdm.sys
    2011/05/27 06:44:12.0026 9572 BrUsbMdm (bd456606156ba17e60a04e18016ae54b) C:\Windows\system32\drivers\brusbmdm.sys
    2011/05/27 06:44:12.0077 9572 BrUsbSer (af72ed54503f717a43268b3cc5faec2e) C:\Windows\system32\drivers\brusbser.sys
    2011/05/27 06:44:12.0128 9572 BTHMODEM (ad07c1ec6665b8b35741ab91200c6b68) C:\Windows\system32\drivers\bthmodem.sys
    2011/05/27 06:44:12.0178 9572 cdfs (7add03e75beb9e6dd102c3081d29840a) C:\Windows\system32\DRIVERS\cdfs.sys
    2011/05/27 06:44:12.0239 9572 cdrom (1ec25cea0de6ac4718bf89f9e1778b57) C:\Windows\system32\DRIVERS\cdrom.sys
    2011/05/27 06:44:12.0453 9572 circlass (e5d4133f37219dbcfe102bc61072589d) C:\Windows\system32\drivers\circlass.sys
    2011/05/27 06:44:12.0556 9572 CLFS (465745561c832b29f7c48b488aab3842) C:\Windows\system32\CLFS.sys
    2011/05/27 06:44:12.0673 9572 CmBatt (99afc3795b58cc478fbbbcdc658fcb56) C:\Windows\system32\DRIVERS\CmBatt.sys
    2011/05/27 06:44:12.0723 9572 cmdide (0ca25e686a4928484e9fdabd168ab629) C:\Windows\system32\drivers\cmdide.sys
    2011/05/27 06:44:12.0773 9572 Compbatt (6afef0b60fa25de07c0968983ee4f60a) C:\Windows\system32\DRIVERS\compbatt.sys
    2011/05/27 06:44:12.0844 9572 crcdisk (741e9dff4f42d2d8477d0fc1dc0df871) C:\Windows\system32\drivers\crcdisk.sys
    2011/05/27 06:44:12.0899 9572 Crusoe (1f07becdca750766a96cda811ba86410) C:\Windows\system32\drivers\crusoe.sys
    2011/05/27 06:44:13.0062 9572 DfsC (9e635ae5e8ad93e2b5989e2e23679f97) C:\Windows\system32\Drivers\dfsc.sys
    2011/05/27 06:44:13.0146 9572 disk (64109e623abd6955c8fb110b592e68b7) C:\Windows\system32\drivers\disk.sys
    2011/05/27 06:44:13.0249 9572 drmkaud (97fef831ab90bee128c9af390e243f80) C:\Windows\system32\drivers\drmkaud.sys
    2011/05/27 06:44:13.0325 9572 DXGKrnl (85f33880b8cfb554bd3d9ccdb486845a) C:\Windows\System32\drivers\dxgkrnl.sys
    2011/05/27 06:44:13.0439 9572 E1G60 (5425f74ac0c1dbd96a1e04f17d63f94c) C:\Windows\system32\DRIVERS\E1G60I32.sys
    2011/05/27 06:44:13.0502 9572 Ecache (dd2cd259d83d8b72c02c5f2331ff9d68) C:\Windows\system32\drivers\ecache.sys
    2011/05/27 06:44:13.0679 9572 elxstor (23b62471681a124889978f6295b3f4c6) C:\Windows\system32\drivers\elxstor.sys
    2011/05/27 06:44:13.0887 9572 ErrDev (3db974f3935483555d7148663f726c61) C:\Windows\system32\drivers\errdev.sys
    2011/05/27 06:44:13.0999 9572 exfat (0d858eb20589a34efb25695acaa6aa2d) C:\Windows\system32\drivers\exfat.sys
    2011/05/27 06:44:14.0058 9572 fastfat (3c489390c2e2064563727752af8eab9e) C:\Windows\system32\drivers\fastfat.sys
    2011/05/27 06:44:14.0176 9572 fdc (afe1e8b9782a0dd7fb46bbd88e43f89a) C:\Windows\system32\DRIVERS\fdc.sys
    2011/05/27 06:44:14.0268 9572 FileInfo (a8c0139a884861e3aae9cfe73b208a9f) C:\Windows\system32\drivers\fileinfo.sys
    2011/05/27 06:44:14.0321 9572 Filetrace (0ae429a696aecbc5970e3cf2c62635ae) C:\Windows\system32\drivers\filetrace.sys
    2011/05/27 06:44:14.0383 9572 flpydisk (85b7cf99d532820495d68d747fda9ebd) C:\Windows\system32\DRIVERS\flpydisk.sys
    2011/05/27 06:44:14.0440 9572 FltMgr (05ea53afe985443011e36dab07343b46) C:\Windows\system32\drivers\fltmgr.sys
    2011/05/27 06:44:14.0569 9572 Fs_Rec (65ea8b77b5851854f0c55c43fa51a198) C:\Windows\system32\drivers\Fs_Rec.sys
    2011/05/27 06:44:14.0622 9572 FwLnk (cbc22823628544735625b280665e434e) C:\Windows\system32\DRIVERS\FwLnk.sys
    2011/05/27 06:44:14.0670 9572 gagp30kx (34582a6e6573d54a07ece5fe24a126b5) C:\Windows\system32\drivers\gagp30kx.sys
    2011/05/27 06:44:14.0804 9572 GEARAspiWDM (8182ff89c65e4d38b2de4bb0fb18564e) C:\Windows\system32\Drivers\GEARAspiWDM.sys
    2011/05/27 06:44:14.0920 9572 hamachi (833051c6c6c42117191935f734cfbd97) C:\Windows\system32\DRIVERS\hamachi.sys
    2011/05/27 06:44:14.0982 9572 HdAudAddService (cb04c744be0a61b1d648faed182c3b59) C:\Windows\system32\drivers\HdAudio.sys
    2011/05/27 06:44:15.0100 9572 HDAudBus (c87b1ee051c0464491c1a7b03fa0bc99) C:\Windows\system32\DRIVERS\HDAudBus.sys
    2011/05/27 06:44:15.0165 9572 HidBth (1338520e78d90154ed6be8f84de5fceb) C:\Windows\system32\drivers\hidbth.sys
    2011/05/27 06:44:15.0218 9572 HidIr (ff3160c3a2445128c5a6d9b076da519e) C:\Windows\system32\drivers\hidir.sys
    2011/05/27 06:44:15.0282 9572 HidUsb (854ca287ab7faf949617a788306d967e) C:\Windows\system32\DRIVERS\hidusb.sys
    2011/05/27 06:44:15.0414 9572 HpCISSs (16ee7b23a009e00d835cdb79574a91a6) C:\Windows\system32\drivers\hpcisss.sys
    2011/05/27 06:44:15.0486 9572 HTTP (96e241624c71211a79c84f50a8e71cab) C:\Windows\system32\drivers\HTTP.sys
    2011/05/27 06:44:15.0637 9572 i2omp (c6b032d69650985468160fc9937cf5b4) C:\Windows\system32\drivers\i2omp.sys
    2011/05/27 06:44:15.0704 9572 i8042prt (22d56c8184586b7a1f6fa60be5f5a2bd) C:\Windows\system32\DRIVERS\i8042prt.sys
    2011/05/27 06:44:15.0772 9572 iaStorV (54155ea1b0df185878e0fc9ec3ac3a14) C:\Windows\system32\drivers\iastorv.sys
    2011/05/27 06:44:16.0070 9572 iirsp (2d077bf86e843f901d8db709c95b49a5) C:\Windows\system32\drivers\iirsp.sys
    2011/05/27 06:44:16.0481 9572 IntcAzAudAddService (b9cbd3dea7ca02868621173bf7a2af9f) C:\Windows\system32\drivers\RTKVHDA.sys
    2011/05/27 06:44:16.0724 9572 intelide (83aa759f3189e6370c30de5dc5590718) C:\Windows\system32\drivers\intelide.sys
    2011/05/27 06:44:16.0782 9572 intelppm (224191001e78c89dfa78924c3ea595ff) C:\Windows\system32\DRIVERS\intelppm.sys
    2011/05/27 06:44:16.0860 9572 IpFilterDriver (62c265c38769b864cb25b4bcf62df6c3) C:\Windows\system32\DRIVERS\ipfltdrv.sys
    2011/05/27 06:44:17.0098 9572 IPMIDRV (b25aaf203552b7b3491139d582b39ad1) C:\Windows\system32\drivers\ipmidrv.sys
    2011/05/27 06:44:17.0161 9572 IPNAT (8793643a67b42cec66490b2a0cf92d68) C:\Windows\system32\DRIVERS\ipnat.sys
    2011/05/27 06:44:17.0511 9572 IRENUM (109c0dfb82c3632fbd11949b73aeeac9) C:\Windows\system32\drivers\irenum.sys
    2011/05/27 06:44:17.0823 9572 isapnp (6c70698a3e5c4376c6ab5c7c17fb0614) C:\Windows\system32\drivers\isapnp.sys
    2011/05/27 06:44:17.0993 9572 iScsiPrt (f247eec28317f6c739c16de420097301) C:\Windows\system32\DRIVERS\msiscsi.sys
    2011/05/27 06:44:18.0190 9572 iteatapi (bced60d16156e428f8df8cf27b0df150) C:\Windows\system32\drivers\iteatapi.sys
    2011/05/27 06:44:18.0263 9572 iteraid (06fa654504a498c30adca8bec4e87e7e) C:\Windows\system32\drivers\iteraid.sys
    2011/05/27 06:44:18.0352 9572 jswpslwf (11ad410f41af42ba12e63187e3ec141a) C:\Windows\system32\DRIVERS\jswpslwf.sys
    2011/05/27 06:44:18.0434 9572 kbdclass (37605e0a8cf00cbba538e753e4344c6e) C:\Windows\system32\DRIVERS\kbdclass.sys
    2011/05/27 06:44:18.0518 9572 kbdhid (18247836959ba67e3511b62846b9c2e0) C:\Windows\system32\drivers\kbdhid.sys
    2011/05/27 06:44:18.0618 9572 KR10I (e8ca038f51f7761bd6e3a3b0b8014263) C:\Windows\system32\drivers\kr10i.sys
    2011/05/27 06:44:18.0710 9572 KR10N (6a4adb9186dd0e114e623daf57e42b31) C:\Windows\system32\drivers\kr10n.sys
    2011/05/27 06:44:18.0852 9572 KSecDD (7a0cf7908b6824d6a2a1d313e5ae3dca) C:\Windows\system32\Drivers\ksecdd.sys
    2011/05/27 06:44:19.0004 9572 lltdio (d1c5883087a0c3f1344d9d55a44901f6) C:\Windows\system32\DRIVERS\lltdio.sys
    2011/05/27 06:44:19.0138 9572 LSI_FC (c7e15e82879bf3235b559563d4185365) C:\Windows\system32\drivers\lsi_fc.sys
    2011/05/27 06:44:19.0178 9572 LSI_SAS (ee01ebae8c9bf0fa072e0ff68718920a) C:\Windows\system32\drivers\lsi_sas.sys
    2011/05/27 06:44:19.0284 9572 LSI_SCSI (912a04696e9ca30146a62afa1463dd5c) C:\Windows\system32\drivers\lsi_scsi.sys
    2011/05/27 06:44:19.0349 9572 luafv (8f5c7426567798e62a3b3614965d62cc) C:\Windows\system32\drivers\luafv.sys
    2011/05/27 06:44:19.0484 9572 megasas (0001ce609d66632fa17b84705f658879) C:\Windows\system32\drivers\megasas.sys
    2011/05/27 06:44:19.0646 9572 MegaSR (c252f32cd9a49dbfc25ecf26ebd51a99) C:\Windows\system32\drivers\megasr.sys
    2011/05/27 06:44:19.0986 9572 Modem (e13b5ea0f51ba5b1512ec671393d09ba) C:\Windows\system32\drivers\modem.sys
    2011/05/27 06:44:20.0387 9572 monitor (0a9bb33b56e294f686abb7c1e4e2d8a8) C:\Windows\system32\DRIVERS\monitor.sys
    2011/05/27 06:44:20.0570 9572 mouclass (5bf6a1326a335c5298477754a506d263) C:\Windows\system32\DRIVERS\mouclass.sys
    2011/05/27 06:44:20.0684 9572 mouhid (93b8d4869e12cfbe663915502900876f) C:\Windows\system32\DRIVERS\mouhid.sys
    2011/05/27 06:44:20.0723 9572 MountMgr (bdafc88aa6b92f7842416ea6a48e1600) C:\Windows\system32\drivers\mountmgr.sys
    2011/05/27 06:44:20.0895 9572 mpio (511d011289755dd9f9a7579fb0b064e6) C:\Windows\system32\drivers\mpio.sys
    2011/05/27 06:44:20.0956 9572 mpsdrv (22241feba9b2defa669c8cb0a8dd7d2e) C:\Windows\system32\drivers\mpsdrv.sys
    2011/05/27 06:44:21.0032 9572 Mraid35x (4fbbb70d30fd20ec51f80061703b001e) C:\Windows\system32\drivers\mraid35x.sys
    2011/05/27 06:44:21.0135 9572 MRxDAV (ae3de84536b6799d2267443cec8edbb9) C:\Windows\system32\drivers\mrxdav.sys
    2011/05/27 06:44:21.0534 9572 mrxsmb (cc752d233ef39875ca6885d9415ba869) C:\Windows\system32\DRIVERS\mrxsmb.sys
    2011/05/27 06:44:21.0665 9572 mrxsmb10 (9049dddd4bd27d43d82f5968f1da76e4) C:\Windows\system32\DRIVERS\mrxsmb10.sys
    2011/05/27 06:44:21.0755 9572 mrxsmb20 (91dc069b6831ef564e7d8c97eaf0343e) C:\Windows\system32\DRIVERS\mrxsmb20.sys
    2011/05/27 06:44:21.0854 9572 msahci (f70590424eefbf5c27a40c67afdb8383) C:\Windows\system32\drivers\msahci.sys
    2011/05/27 06:44:21.0932 9572 msdsm (4468b0f385a86ecddaf8d3ca662ec0e7) C:\Windows\system32\drivers\msdsm.sys
    2011/05/27 06:44:22.0051 9572 Msfs (a9927f4a46b816c92f461acb90cf8515) C:\Windows\system32\drivers\Msfs.sys
    2011/05/27 06:44:22.0113 9572 msisadrv (1e00b9b8601f24a96ad71a7d0fc5f136) C:\Windows\system32\drivers\msisadrv.sys
    2011/05/27 06:44:22.0195 9572 MSKSSRV (d8c63d34d9c9e56c059e24ec7185cc07) C:\Windows\system32\drivers\MSKSSRV.sys
    2011/05/27 06:44:22.0292 9572 MSPCLOCK (1d373c90d62ddb641d50e55b9e78d65e) C:\Windows\system32\drivers\MSPCLOCK.sys
    2011/05/27 06:44:22.0359 9572 MSPQM (b572da05bf4e098d4bba3a4734fb505b) C:\Windows\system32\drivers\MSPQM.sys
    2011/05/27 06:44:22.0401 9572 MsRPC (b5614aecb05a9340aa0fb55bf561cc63) C:\Windows\system32\drivers\MsRPC.sys
    2011/05/27 06:44:22.0493 9572 mssmbios (215634cf935b696e3ebca813d02e9165) C:\Windows\system32\DRIVERS\mssmbios.sys
    2011/05/27 06:44:22.0592 9572 MSTEE (7199c1eec1e4993caf96b8c0a26bd58a) C:\Windows\system32\drivers\MSTEE.sys
    2011/05/27 06:44:22.0639 9572 Mup (6dfd1d322de55b0b7db7d21b90bec49c) C:\Windows\system32\Drivers\mup.sys
    2011/05/27 06:44:22.0738 9572 NativeWifiP (3c21ce48ff529bb73dadb98770b54025) C:\Windows\system32\DRIVERS\nwifi.sys
    2011/05/27 06:44:22.0898 9572 NDIS (9bdc71790fa08f0a0b5f10462b1bd0b1) C:\Windows\system32\drivers\ndis.sys
    2011/05/27 06:44:23.0001 9572 NdisTapi (0e186e90404980569fb449ba7519ae61) C:\Windows\system32\DRIVERS\ndistapi.sys
    2011/05/27 06:44:23.0062 9572 Ndisuio (d6973aa34c4d5d76c0430b181c3cd389) C:\Windows\system32\DRIVERS\ndisuio.sys
    2011/05/27 06:44:23.0102 9572 NdisWan (3d14c3b3496f88890d431e8aa022a411) C:\Windows\system32\DRIVERS\ndiswan.sys
    2011/05/27 06:44:23.0205 9572 NDProxy (71dab552b41936358f3b541ae5997fb3) C:\Windows\system32\drivers\NDProxy.sys
    2011/05/27 06:44:23.0276 9572 NetBIOS (bcd093a5a6777cf626434568dc7dba78) C:\Windows\system32\DRIVERS\netbios.sys
    2011/05/27 06:44:23.0321 9572 netbt (7c5fee5b1c5728507cd96fb4a13e7a02) C:\Windows\system32\DRIVERS\netbt.sys
    2011/05/27 06:44:23.0525 9572 nfrd960 (2e7fb731d4790a1bc6270accefacb36e) C:\Windows\system32\drivers\nfrd960.sys
    2011/05/27 06:44:23.0622 9572 Npfs (ecb5003f484f9ed6c608d6d6c7886cbb) C:\Windows\system32\drivers\Npfs.sys
    2011/05/27 06:44:23.0669 9572 nsiproxy (609773e344a97410ce4ebf74a8914fcf) C:\Windows\system32\drivers\nsiproxy.sys
    2011/05/27 06:44:23.0800 9572 Ntfs (b4effe29eb4f15538fd8a9681108492d) C:\Windows\system32\drivers\Ntfs.sys
    2011/05/27 06:44:23.0923 9572 ntrigdigi (e875c093aec0c978a90f30c9e0dfbb72) C:\Windows\system32\drivers\ntrigdigi.sys
    2011/05/27 06:44:23.0974 9572 Null (c5dbbcda07d780bda9b685df333bb41e) C:\Windows\system32\drivers\Null.sys
    2011/05/27 06:44:24.0019 9572 nvraid (2edf9e7751554b42cbb60116de727101) C:\Windows\system32\drivers\nvraid.sys
    2011/05/27 06:44:24.0075 9572 nvstor (abed0c09758d1d97db0042dbb2688177) C:\Windows\system32\drivers\nvstor.sys
    2011/05/27 06:44:24.0223 9572 nv_agp (18bbdf913916b71bd54575bdb6eeac0b) C:\Windows\system32\drivers\nv_agp.sys
    2011/05/27 06:44:24.0356 9572 ohci1394 (be32da025a0be1878f0ee8d6d9386cd5) C:\Windows\system32\drivers\ohci1394.sys
    2011/05/27 06:44:24.0639 9572 Parport (0fa9b5055484649d63c303fe404e5f4d) C:\Windows\system32\drivers\parport.sys
    2011/05/27 06:44:24.0701 9572 partmgr (3b38467e7c3daed009dfe359e17f139f) C:\Windows\system32\drivers\partmgr.sys
    2011/05/27 06:44:24.0756 9572 Parvdm (4f9a6a8a31413180d0fcb279ad5d8112) C:\Windows\system32\drivers\parvdm.sys
    2011/05/27 06:44:24.0837 9572 pci (eca39351296d905baa4fa3244c152b00) C:\Windows\system32\drivers\pci.sys
    2011/05/27 06:44:24.0923 9572 pciide (fc175f5ddab666d7f4d17449a547626f) C:\Windows\system32\drivers\pciide.sys
    2011/05/27 06:44:24.0995 9572 pcmcia (e6f3fb1b86aa519e7698ad05e58b04e5) C:\Windows\system32\drivers\pcmcia.sys
    2011/05/27 06:44:25.0065 9572 PEAUTH (6349f6ed9c623b44b52ea3c63c831a92) C:\Windows\system32\drivers\peauth.sys
    2011/05/27 06:44:25.0347 9572 PptpMiniport (ecfffaec0c1ecd8dbc77f39070ea1db1) C:\Windows\system32\DRIVERS\raspptp.sys
    2011/05/27 06:44:25.0388 9572 Processor (2027293619dd0f047c584cf2e7df4ffd) C:\Windows\system32\DRIVERS\processr.sys
    2011/05/27 06:44:25.0488 9572 PSched (bfef604508a0ed1eae2a73e872555ffb) C:\Windows\system32\DRIVERS\pacer.sys
    2011/05/27 06:44:25.0602 9572 PxHelp20 (49452bfcec22f36a7a9b9c2181bc3042) C:\Windows\system32\Drivers\PxHelp20.sys
    2011/05/27 06:44:25.0680 9572 ql2300 (0a6db55afb7820c99aa1f3a1d270f4f6) C:\Windows\system32\drivers\ql2300.sys
    2011/05/27 06:44:25.0820 9572 ql40xx (81a7e5c076e59995d54bc1ed3a16e60b) C:\Windows\system32\drivers\ql40xx.sys
    2011/05/27 06:44:25.0883 9572 QWAVEdrv (9f5e0e1926014d17486901c88eca2db7) C:\Windows\system32\drivers\qwavedrv.sys
    2011/05/27 06:44:25.0926 9572 RasAcd (147d7f9c556d259924351feb0de606c3) C:\Windows\system32\DRIVERS\rasacd.sys
    2011/05/27 06:44:26.0039 9572 Rasl2tp (a214adbaf4cb47dd2728859ef31f26b0) C:\Windows\system32\DRIVERS\rasl2tp.sys
    2011/05/27 06:44:26.0098 9572 RasPppoe (3e9d9b048107b40d87b97df2e48e0744) C:\Windows\system32\DRIVERS\raspppoe.sys
    2011/05/27 06:44:26.0156 9572 RasSstp (a7d141684e9500ac928a772ed8e6b671) C:\Windows\system32\DRIVERS\rassstp.sys
    2011/05/27 06:44:26.0219 9572 rdbss (6e1c5d0457622f9ee35f683110e93d14) C:\Windows\system32\DRIVERS\rdbss.sys
    2011/05/27 06:44:26.0333 9572 RDPCDD (89e59be9a564262a3fb6c4f4f1cd9899) C:\Windows\system32\DRIVERS\RDPCDD.sys
    2011/05/27 06:44:26.0406 9572 rdpdr (fbc0bacd9c3d7f6956853f64a66e252d) C:\Windows\system32\drivers\rdpdr.sys
    2011/05/27 06:44:26.0442 9572 RDPENCDD (9d91fe5286f748862ecffa05f8a0710c) C:\Windows\system32\drivers\rdpencdd.sys
    2011/05/27 06:44:26.0519 9572 RDPWD (e1c18f4097a5abcec941dc4b2f99db7e) C:\Windows\system32\drivers\RDPWD.sys
    2011/05/27 06:44:26.0676 9572 rspndr (9c508f4074a39e8b4b31d27198146fad) C:\Windows\system32\DRIVERS\rspndr.sys
    2011/05/27 06:44:26.0722 9572 RTL8169 (7157e70a90cce49deb8885d23a073a39) C:\Windows\system32\DRIVERS\Rtlh86.sys
    2011/05/27 06:44:26.0771 9572 RTSTOR (9ff7d9cf3a5f296613588b0e8db83afe) C:\Windows\system32\drivers\RTSTOR.SYS
    2011/05/27 06:44:26.0840 9572 sbp2port (3ce8f073a557e172b330109436984e30) C:\Windows\system32\drivers\sbp2port.sys
    2011/05/27 06:44:27.0012 9572 SCDEmu (20b2751cd4c8f3fd989739ca661b9f30) C:\Windows\system32\drivers\SCDEmu.sys
    2011/05/27 06:44:27.0100 9572 secdrv (90a3935d05b494a5a39d37e71f09a677) C:\Windows\system32\drivers\secdrv.sys
    2011/05/27 06:44:27.0196 9572 Serenum (68e44e331d46f0fb38f0863a84cd1a31) C:\Windows\system32\drivers\serenum.sys
    2011/05/27 06:44:27.0312 9572 Serial (c70d69a918b178d3c3b06339b40c2e1b) C:\Windows\system32\drivers\serial.sys
    2011/05/27 06:44:27.0357 9572 sermouse (8af3d28a879bf75db53a0ee7a4289624) C:\Windows\system32\drivers\sermouse.sys
    2011/05/27 06:44:27.0480 9572 sffdisk (3efa810bdca87f6ecc24f9832243fe86) C:\Windows\system32\drivers\sffdisk.sys
    2011/05/27 06:44:27.0614 9572 sffp_mmc (e95d451f7ea3e583aec75f3b3ee42dc5) C:\Windows\system32\drivers\sffp_mmc.sys
    2011/05/27 06:44:27.0686 9572 sffp_sd (3d0ea348784b7ac9ea9bd9f317980979) C:\Windows\system32\drivers\sffp_sd.sys
    2011/05/27 06:44:27.0745 9572 sfloppy (46ed8e91793b2e6f848015445a0ac188) C:\Windows\system32\drivers\sfloppy.sys
    2011/05/27 06:44:28.0005 9572 sisagp (1d76624a09a054f682d746b924e2dbc3) C:\Windows\system32\drivers\sisagp.sys
    2011/05/27 06:44:28.0127 9572 SiSRaid2 (43cb7aa756c7db280d01da9b676cfde2) C:\Windows\system32\drivers\sisraid2.sys
    2011/05/27 06:44:28.0184 9572 SiSRaid4 (a99c6c8b0baa970d8aa59ddc50b57f94) C:\Windows\system32\drivers\sisraid4.sys
    2011/05/27 06:44:28.0290 9572 Smb (031e6bcd53c9b2b9ace111eafec347b6) C:\Windows\system32\DRIVERS\smb.sys
    2011/05/27 06:44:28.0364 9572 spldr (7aebdeef071fe28b0eef2cdd69102bff) C:\Windows\system32\drivers\spldr.sys
    2011/05/27 06:44:28.0554 9572 spvads (32984933252f171f5ac5b79701a4d91b) C:\Windows\system32\drivers\spvads.sys
    2011/05/27 06:44:28.0617 9572 srv (2252aef839b1093d16761189f45af885) C:\Windows\system32\DRIVERS\srv.sys
    2011/05/27 06:44:28.0675 9572 srv2 (96512f4a30b741e7d33a7936b9abbc20) C:\Windows\system32\DRIVERS\srv2.sys
    2011/05/27 06:44:28.0781 9572 srvnet (1c69e33e0e23626da5a34ca5ba0dd990) C:\Windows\system32\DRIVERS\srvnet.sys
    2011/05/27 06:44:28.0846 9572 ssmdrv (a36ee93698802cd899f98bfd553d8185) C:\Windows\system32\DRIVERS\ssmdrv.sys
    2011/05/27 06:44:28.0990 9572 SVRPEDRV (3e4239b92139f7174a0da7d53fe5e1ab) C:\Windows\System32\sysprep\PEDrv.sys
    2011/05/27 06:44:29.0115 9572 swenum (97e089971a6aba49ad5592bd6298e416) C:\Windows\system32\DRIVERS\swenum.sys
    2011/05/27 06:44:29.0181 9572 Symc8xx (192aa3ac01df071b541094f251deed10) C:\Windows\system32\drivers\symc8xx.sys
    2011/05/27 06:44:29.0229 9572 Sym_hi (8c8eb8c76736ebaf3b13b633b2e64125) C:\Windows\system32\drivers\sym_hi.sys
    2011/05/27 06:44:29.0273 9572 Sym_u3 (8072af52b5fd103bbba387a1e49f62cb) C:\Windows\system32\drivers\sym_u3.sys
    2011/05/27 06:44:29.0378 9572 SynTP (55f6e55cc2430ca8713387106fa79817) C:\Windows\system32\DRIVERS\SynTP.sys
    2011/05/27 06:44:29.0558 9572 Tcpip (782568ab6a43160a159b6215b70bcce9) C:\Windows\system32\drivers\tcpip.sys
    2011/05/27 06:44:29.0725 9572 Tcpip6 (782568ab6a43160a159b6215b70bcce9) C:\Windows\system32\DRIVERS\tcpip.sys
    2011/05/27 06:44:29.0838 9572 tcpipreg (d4a2e4a4b011f3a883af77315a5ae76b) C:\Windows\system32\drivers\tcpipreg.sys
    2011/05/27 06:44:29.0887 9572 tdcmdpst (6fdfba25002ce4bac463ac866ae71405) C:\Windows\system32\DRIVERS\tdcmdpst.sys
    2011/05/27 06:44:29.0937 9572 TDPIPE (5dcf5e267be67a1ae926f2df77fbcc56) C:\Windows\system32\drivers\tdpipe.sys
    2011/05/27 06:44:30.0052 9572 TDTCP (389c63e32b3cefed425b61ed92d3f021) C:\Windows\system32\drivers\tdtcp.sys
    2011/05/27 06:44:30.0110 9572 tdx (d09276b1fab033ce1d40dcbdf303d10f) C:\Windows\system32\DRIVERS\tdx.sys
    2011/05/27 06:44:30.0148 9572 TermDD (718b2f4355cd8eb2844741addac0e622) C:\Windows\system32\DRIVERS\termdd.sys
    2011/05/27 06:44:30.0254 9572 tos_sps32 (1ea5f27c29405bf49799feca77186da9) C:\Windows\system32\DRIVERS\tos_sps32.sys
    2011/05/27 06:44:30.0419 9572 tssecsrv (dcf0f056a2e4f52287264f5ab29cf206) C:\Windows\system32\DRIVERS\tssecsrv.sys
    2011/05/27 06:44:30.0478 9572 tunmp (caecc0120ac49e3d2f758b9169872d38) C:\Windows\system32\DRIVERS\tunmp.sys
    2011/05/27 06:44:30.0548 9572 tunnel (6042505ff6fa9ac1ef7684d0e03b6940) C:\Windows\system32\DRIVERS\tunnel.sys
    2011/05/27 06:44:30.0654 9572 TVALZ (792a8b80f8188aba4b2be271583f3e46) C:\Windows\system32\DRIVERS\TVALZ_O.SYS
    2011/05/27 06:44:30.0737 9572 uagp35 (7d33c4db2ce363c8518d2dfcf533941f) C:\Windows\system32\drivers\uagp35.sys
    2011/05/27 06:44:30.0805 9572 udfs (c985b36e127ea9b8a92396120bff52d8) C:\Windows\system32\DRIVERS\udfs.sys
    2011/05/27 06:44:30.0952 9572 uliagpkx (b0acfdc9e4af279e9116c03e014b2b27) C:\Windows\system32\drivers\uliagpkx.sys
    2011/05/27 06:44:31.0006 9572 uliahci (9224bb254f591de4ca8d572a5f0d635c) C:\Windows\system32\drivers\uliahci.sys
    2011/05/27 06:44:31.0054 9572 UlSata (8514d0e5cd0534467c5fc61be94a569f) C:\Windows\system32\drivers\ulsata.sys
    2011/05/27 06:44:31.0097 9572 ulsata2 (38c3c6e62b157a6bc46594fada45c62b) C:\Windows\system32\drivers\ulsata2.sys
    2011/05/27 06:44:31.0204 9572 umbus (32cff9f809ae9aed85464492bf3e32d2) C:\Windows\system32\DRIVERS\umbus.sys
    2011/05/27 06:44:31.0295 9572 USBAAPL (d4fb6ecc60a428564ba8768b0e23c0fc) C:\Windows\system32\Drivers\usbaapl.sys
    2011/05/27 06:44:31.0343 9572 usbccgp (caf811ae4c147ffcd5b51750c7f09142) C:\Windows\system32\DRIVERS\usbccgp.sys
    2011/05/27 06:44:31.0459 9572 usbcir (e9476e6c486e76bc4898074768fb7131) C:\Windows\system32\drivers\usbcir.sys
    2011/05/27 06:44:31.0509 9572 usbehci (cebe90821810e76320155beba722fcf9) C:\Windows\system32\DRIVERS\usbehci.sys
    2011/05/27 06:44:31.0560 9572 usbhub (cc6b28e4ce39951357963119ce47b143) C:\Windows\system32\DRIVERS\usbhub.sys
    2011/05/27 06:44:31.0603 9572 usbohci (7bdb7b0e7d45ac0402d78b90789ef47c) C:\Windows\system32\DRIVERS\usbohci.sys
    2011/05/27 06:44:31.0711 9572 usbprint (b51e52acf758be00ef3a58ea452fe360) C:\Windows\system32\drivers\usbprint.sys
    2011/05/27 06:44:31.0757 9572 USBSTOR (87ba6b83c5d19b69160968d07d6e2982) C:\Windows\system32\DRIVERS\USBSTOR.SYS
    2011/05/27 06:44:31.0807 9572 usbuhci (814d653efc4d48be3b04a307eceff56f) C:\Windows\system32\DRIVERS\usbuhci.sys
    2011/05/27 06:44:31.0861 9572 usbvideo (e67998e8f14cb0627a769f6530bcb352) C:\Windows\system32\Drivers\usbvideo.sys
    2011/05/27 06:44:31.0978 9572 UVCFTR (237c444fbd1c697a2e3fa60f02c61f22) C:\Windows\system32\Drivers\UVCFTR_S.SYS
    2011/05/27 06:44:32.0072 9572 vga (87b06e1f30b749a114f74622d013f8d4) C:\Windows\system32\DRIVERS\vgapnp.sys
    2011/05/27 06:44:32.0123 9572 VgaSave (2e93ac0a1d8c79d019db6c51f036636c) C:\Windows\System32\drivers\vga.sys
    2011/05/27 06:44:32.0168 9572 viaagp (5d7159def58a800d5781ba3a879627bc) C:\Windows\system32\drivers\viaagp.sys
    2011/05/27 06:44:32.0285 9572 ViaC7 (c4f3a691b5bad343e6249bd8c2d45dee) C:\Windows\system32\drivers\viac7.sys
    2011/05/27 06:44:32.0327 9572 viaide (aadf5587a4063f52c2c3fed7887426fc) C:\Windows\system32\drivers\viaide.sys
    2011/05/27 06:44:32.0373 9572 volmgr (bdd98bbe7323fc0975a26373d8050471) C:\Windows\system32\drivers\volmgr.sys
    2011/05/27 06:44:32.0424 9572 volmgrx (98f5ffe6316bd74e9e2c97206c190196) C:\Windows\system32\drivers\volmgrx.sys
    2011/05/27 06:44:32.0549 9572 volsnap (d8b4a53dd2769f226b3eb374374987c9) C:\Windows\system32\drivers\volsnap.sys
    2011/05/27 06:44:32.0618 9572 vsmraid (587253e09325e6bf226b299774b728a9) C:\Windows\system32\drivers\vsmraid.sys
    2011/05/27 06:44:32.0738 9572 wacmoumonitor (026d58e9d7701f6b26b0b499f1705334) C:\Windows\system32\DRIVERS\wacmoumonitor.sys
    2011/05/27 06:44:32.0896 9572 wacommousefilter (427a8bc96f16c40df81c2d2f4edd32dd) C:\Windows\system32\DRIVERS\wacommousefilter.sys
    2011/05/27 06:44:32.0966 9572 WacomPen (48dfee8f1af7c8235d4e626f0c4fe031) C:\Windows\system32\drivers\wacompen.sys
    2011/05/27 06:44:33.0002 9572 wacomvhid (846b58ea44bf8c92e4b59f4e2252c4c0) C:\Windows\system32\DRIVERS\wacomvhid.sys
    2011/05/27 06:44:33.0072 9572 Wanarp (55201897378cca7af8b5efd874374a26) C:\Windows\system32\DRIVERS\wanarp.sys
    2011/05/27 06:44:33.0103 9572 Wanarpv6 (55201897378cca7af8b5efd874374a26) C:\Windows\system32\DRIVERS\wanarp.sys
    2011/05/27 06:44:33.0232 9572 Wd (78fe9542363f297b18c027b2d7e7c07f) C:\Windows\system32\drivers\wd.sys
    2011/05/27 06:44:33.0307 9572 Wdf01000 (b6f0a7ad6d4bd325fbcd8bac96cd8d96) C:\Windows\system32\drivers\Wdf01000.sys
    2011/05/27 06:44:33.0636 9572 WmiAcpi (2e7255d172df0b8283cdfb7b433b864e) C:\Windows\system32\drivers\wmiacpi.sys
    2011/05/27 06:44:33.0791 9572 ws2ifsl (e3a3cb253c0ec2494d4a61f5e43a389c) C:\Windows\system32\drivers\ws2ifsl.sys
    2011/05/27 06:44:33.0933 9572 WUDFRd (ac13cb789d93412106b0fb6c7eb2bcb6) C:\Windows\system32\DRIVERS\WUDFRd.sys
    2011/05/27 06:44:34.0039 9572 MBR (0x1B8) (ef1fb3fbba60e54cf5e5a0c96abf6c5b) \Device\Harddisk0\DR0
    2011/05/27 06:44:34.0051 9572 \Device\Harddisk0\DR0 - detected Rootkit.Win32.TDSS.tdl4 (0)
    2011/05/27 06:44:34.0062 9572 ================================================================================
    2011/05/27 06:44:34.0062 9572 Scan finished
    2011/05/27 06:44:34.0062 9572 ================================================================================
    2011/05/27 06:44:34.0090 9596 Detected object count: 1
    2011/05/27 06:44:34.0090 9596 Actual detected object count: 1
    2011/05/27 06:44:46.0951 9596 \Device\Harddisk0\DR0 (Rootkit.Win32.TDSS.tdl4) - will be cured after reboot
    2011/05/27 06:44:46.0952 9596 \Device\Harddisk0\DR0 - ok
    2011/05/27 06:44:46.0954 9596 Rootkit.Win32.TDSS.tdl4(\Device\Harddisk0\DR0) - User select action: Cure
    2011/05/27 06:45:03.0338 0176 Deinitialize success
  4. Broni

    Broni Malware Annihilator Posts: 46,127   +251

    How is redirection?

    Download aswMBR to your desktop.
    Double click the aswMBR.exe to run it.
    Click the "Scan" button to start scan:
    [​IMG]

    On completion of the scan click "Save log", save it to your desktop and post in your next reply:
    [​IMG]

    ==================================================================

    Please download ComboFix from Here or Here to your Desktop.

    **Note: In the event you already have Combofix, this is a new version that I need you to download. It is important that it is saved directly to your desktop**
    1. Please, never rename Combofix unless instructed.
    2. Close any open browsers.
    3. Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.
      • Very Important! Temporarily disable your anti-virus, script blocking and any anti-malware real-time protection before performing a scan. They can interfere with ComboFix or remove some of its embedded files which may cause "unpredictable results".
      • Click on this link to see a list of programs that should be disabled. The list is not all inclusive. If yours is not listed and you don't know how to disable it, please ask.
      NOTE1. If Combofix asks you to install Recovery Console, please allow it.
      NOTE 2. If Combofix asks you to update the program, always do so.
      • Close any open browsers.
      • WARNING: Combofix will disconnect your machine from the Internet as soon as it starts
      • Please do not attempt to re-connect your machine back to the Internet until Combofix has completely finished.
      • If there is no internet connection after running Combofix, then restart your computer to restore back your connection.
    4. Double click on combofix.exe & follow the prompts.
    5. When finished, it will produce a report for you.
    6. Please post the "C:\ComboFix.txt"
    **Note 1: Do not mouseclick combofix's window while it's running. That may cause it to stall
    **Note 2 for AVG users: ComboFix will not run until AVG is uninstalled as a protective measure against the anti-virus. This is because AVG "falsely" detects ComboFix (or its embedded files) as a threat and may remove them resulting in the tool not working correctly which in turn can cause "unpredictable results". Since AVG cannot be effectively disabled before running ComboFix, the author recommends you to uninstall AVG first.
    Use AppRemover to uninstall it: http://www.appremover.com/
    We can reinstall it when we're done with CF.
    **Note 3: If you receive an error "Illegal operation attempted on a registery key that has been marked for deletion", restart computer to fix the issue.



    Make sure, you re-enable your security programs, when you're done with Combofix.

    ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

    NOTE.
    If, for some reason, Combofix refuses to run, try one of the following:

    1. Run Combofix from Safe Mode.

    2. Delete Combofix file, download fresh one, but rename combofix.exe to yourname.exe BEFORE saving it to your desktop.
    Do NOT run it yet.

    Please download and run the below tool named Rkill (courtesy of BleepingComputer.com) which may help allow other programs to run.

    There are 4 different versions. If one of them won't run then download and try to run the other one.

    Vista and Win7 users need to right click Rkill and choose Run as Administrator

    You only need to get one of these to run, not all of them. You may get warnings from your antivirus about this tool, ignore them or shutdown your antivirus.

    Rkill.com
    Rkill.scr
    Rkill.exe

    • Double-click on the Rkill desktop icon to run the tool.
    • If using Vista or Windows 7 right-click on it and choose Run As Administrator.
    • A black DOS box will briefly flash and then disappear. This is normal and indicates the tool ran successfully.
    • If not, delete the file, then download and use the one provided in Link 2.
    • If it does not work, repeat the process and attempt to use one of the remaining links until the tool runs.
    • Do not reboot until instructed.
    • If the tool does not run from any of the links provided, please let me know.

    Once you've gotten one of them to run, immediately run your_name.exe by double clicking on it.

    If normal mode still doesn't work, run BOTH tools from safe mode.

    In case #2, please post BOTH logs, rKill and Combofix.

    DO NOT make any other changes to your computer (like installing programs, using other cleaning tools, etc.), until it's officially declared clean!!!
  5. Shambo9

    Shambo9 Newcomer, in training Topic Starter Posts: 113

    Redirect is no longer an issue. Combofix won't run, even after using it in safe mode and using rkill.

    aswMBR version 0.9.5.256 Copyright(c) 2011 AVAST Software
    Run date: 2011-05-27 22:23:19
    -----------------------------
    22:23:19.393 OS Version: Windows 6.0.6001 Service Pack 1
    22:23:19.394 Number of processors: 2 586 0x301
    22:23:19.397 ComputerName: THOMAS-PC UserName: thomas
    22:23:32.501 Initialize success
    22:23:58.098 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T0L0-0
    22:23:58.112 Disk 0 Vendor: Hitachi_HTS542525K9SA00 BBFOC33P Size: 238475MB BusType: 3
    22:24:00.140 Disk 0 MBR read successfully
    22:24:00.152 Disk 0 MBR scan
    22:24:00.165 Disk 0 unknown MBR code
    22:24:02.182 Disk 0 scanning sectors +488395120
    22:24:02.230 Disk 0 scanning C:\Windows\system32\drivers
    22:24:15.660 Service scanning
    22:24:18.054 Disk 0 trace - called modules:
    22:24:18.102 ntkrnlpa.exe CLASSPNP.SYS disk.sys acpi.sys hal.dll ataport.SYS PCIIDEX.SYS msahci.sys
    22:24:18.120 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0x84f75030]
    22:24:18.138 3 CLASSPNP.SYS[8790c745] -> nt!IofCallDriver -> [0x84f80918]
    22:24:18.156 5 acpi.sys[806156a0] -> nt!IofCallDriver -> \Device\Ide\IdeDeviceP0T0L0-0[0x84f578a8]
    22:24:18.177 Scan finished successfully
    22:24:37.844 Disk 0 MBR has been saved successfully to "C:\Users\thomas\Desktop\MBR.dat"
    22:24:37.855 The log file has been saved successfully to "C:\Users\thomas\Desktop\aswMBR.txt"
  6. Broni

    Broni Malware Annihilator Posts: 46,127   +251

    Please download Rootkit Unhooker from one of the following links and save it to your desktop.
    In order to use this tool if you downloaded from either of the second two links, you will need to extract the RKUnhookerLE.exe file using a program capable of extracing ZIP and RAR compressed files. If you don't have an extraction program, you can downlaod, install and use the free 7-zip utility.

    • Double-click on RKUnhookerLE.exe to start the program.
      Vista/Windows 7 users right-click and select Run As Administrator.
    • Click the Report tab, then click Scan.
    • Check Drivers, Stealth, and uncheck the rest.
    • Click OK.
    • Wait until it's finished and then go to File > Save Report.
    • Save the report to your Desktop.
    • Copy and paste the contents of the report into your next reply.
    -- Note: You may get this warning...just ignore it, click OK and continue: "Rootkit Unhooker has detected a parasite inside itself! It is recommended to remove parasite, okay?".
  7. Shambo9

    Shambo9 Newcomer, in training Topic Starter Posts: 113

    RkU Version: 3.8.388.590, Type LE (SR2)
    ==============================================
    OS Name: Windows Vista
    Version 6.0.6001 (Service Pack 1)
    Number of processors #2
    ==============================================
    >Drivers
    ==============================================
    0x8B60A000 C:\Windows\system32\DRIVERS\atikmdag.sys 5042176 bytes (ATI Technologies Inc., ATI Radeon Kernel Mode Driver)
    0x82648000 C:\Windows\system32\ntkrnlpa.exe 3903488 bytes (Microsoft Corporation, NT Kernel & System)
    0x82648000 PnpManager 3903488 bytes
    0x82648000 RAW 3903488 bytes
    0x82648000 WMIxWDM 3903488 bytes
    0x96CC0000 Win32k 2109440 bytes
    0x96CC0000 C:\Windows\System32\win32k.sys 2109440 bytes (Microsoft Corporation, Multi-User Win32 Driver)
    0x8C600000 C:\Windows\system32\drivers\RTKVHDA.sys 2093056 bytes (Realtek Semiconductor Corp., Realtek(r) High Definition Audio Function Driver)
    0x8C4B1000 C:\Windows\system32\DRIVERS\AGRSM.sys 1163264 bytes (Agere Systems, SoftModem Device Driver)
    0x87A0B000 C:\Windows\System32\Drivers\Ntfs.sys 1110016 bytes (Microsoft Corporation, NT File System Driver)
    0x87678000 C:\Windows\system32\drivers\ndis.sys 1093632 bytes (Microsoft Corporation, NDIS 6.0 wrapper driver)
    0x87803000 C:\Windows\System32\drivers\tcpip.sys 954368 bytes (Microsoft Corporation, TCP/IP Driver)
    0x8C009000 C:\Windows\system32\DRIVERS\athr.sys 933888 bytes (Atheros Communications, Inc., Atheros Extensible Wireless LAN device driver)
    0x8046A000 C:\Windows\system32\CI.dll 917504 bytes (Microsoft Corporation, Code Integrity Module)
    0x9C110000 C:\Windows\system32\drivers\peauth.sys 909312 bytes (Microsoft Corporation, Protected Environment Authentication and Authorization Export Driver)
    0x9823D000 C:\Windows\system32\drivers\spsys.sys 716800 bytes (Microsoft Corporation, security processor)
    0x8BAD9000 C:\Windows\System32\drivers\dxgkrnl.sys 651264 bytes (Microsoft Corporation, DirectX Graphics Kernel)
    0x8054A000 C:\Windows\system32\drivers\Wdf01000.sys 507904 bytes (Microsoft Corporation, WDF Dynamic)
    0x87607000 C:\Windows\System32\Drivers\ksecdd.sys 462848 bytes (Microsoft Corporation, Kernel Security Support Provider Interface)
    0x98343000 C:\Windows\system32\drivers\HTTP.sys 446464 bytes (Microsoft Corporation, HTTP Protocol Stack)
    0x9C0C1000 C:\Windows\System32\DRIVERS\srv.sys 323584 bytes (Microsoft Corporation, Server driver)
    0x87B58000 C:\Windows\system32\DRIVERS\tos_sps32.sys 307200 bytes (TOSHIBA Corporation, tos_sps2)
    0x806B6000 C:\Windows\System32\drivers\volmgrx.sys 303104 bytes (Microsoft Corporation, Volume Manager Extension Driver)
    0x8C8AD000 C:\Windows\system32\drivers\afd.sys 294912 bytes (Microsoft Corporation, Ancillary Function Driver for WinSock)
    0x8060D000 C:\Windows\system32\drivers\acpi.sys 286720 bytes (Microsoft Corporation, ACPI Driver for NT)
    0x80429000 C:\Windows\system32\CLFS.SYS 266240 bytes (Microsoft Corporation, Common Log File System Driver)
    0x87975000 C:\Windows\system32\DRIVERS\storport.sys 266240 bytes (Microsoft Corporation, Microsoft Storage Port Driver)
    0x8C11F000 C:\Windows\system32\DRIVERS\USBPORT.SYS 253952 bytes (Microsoft Corporation, USB 1.1 & 2.0 Port Driver)
    0x8C94E000 C:\Windows\system32\DRIVERS\rdbss.sys 245760 bytes (Microsoft Corporation, Redirected Drive Buffering SubSystem Driver)
    0x877AE000 C:\Windows\system32\drivers\NETIO.SYS 237568 bytes (Microsoft Corporation, Network I/O Subsystem)
    0x9C048000 C:\Windows\system32\DRIVERS\mrxsmb10.sys 233472 bytes (Microsoft Corporation, Longhorn SMB Downlevel SubRdr)
    0x87B1A000 C:\Windows\system32\drivers\volsnap.sys 233472 bytes (Microsoft Corporation, Volume Shadow Copy Driver)
    0x8C40A000 C:\Windows\system32\DRIVERS\usbhub.sys 212992 bytes (Microsoft Corporation, Default Hub Driver for USB)
    0x82615000 ACPI_HAL 208896 bytes
    0x82615000 C:\Windows\system32\hal.dll 208896 bytes (Microsoft Corporation, Hardware Abstraction Layer DLL)
    0x80755000 C:\Windows\system32\drivers\fltmgr.sys 204800 bytes (Microsoft Corporation, Microsoft Filesystem Filter Manager)
    0x8C87B000 C:\Windows\System32\DRIVERS\netbt.sys 204800 bytes (Microsoft Corporation, MBT Transport driver)
    0x8C19C000 C:\Windows\system32\DRIVERS\SynTP.sys 192512 bytes (Synaptics, Inc., Synaptics Touchpad Driver)
    0x8BBA6000 C:\Windows\system32\DRIVERS\msiscsi.sys 188416 bytes (Microsoft Corporation, Microsoft iSCSI Initiator Driver)
    0x8C45F000 C:\Windows\system32\drivers\portcls.sys 184320 bytes (Microsoft Corporation, Port Class (Class Driver for Port/Miniport Devices))
    0x87783000 C:\Windows\system32\drivers\msrpc.sys 176128 bytes (Microsoft Corporation, Kernel Remote Procedure Call Provider)
    0x807B0000 C:\Windows\system32\DRIVERS\ks.sys 172032 bytes (Microsoft Corporation, Kernel CSA Library)
    0x982FC000 C:\Windows\system32\DRIVERS\nwifi.sys 172032 bytes (Microsoft Corporation, NativeWiFi Miniport Driver)
    0x9C099000 C:\Windows\System32\DRIVERS\srv2.sys 163840 bytes (Microsoft Corporation, Smb 2.0 Server driver)
    0x87BBA000 C:\Windows\System32\drivers\ecache.sys 159744 bytes (Microsoft Corporation, Special Memory Device Cache)
    0x80664000 C:\Windows\system32\drivers\pci.sys 159744 bytes (Microsoft Corporation, NT Plug and Play PCI Enumerator)
    0x8C9AB000 C:\Windows\system32\DRIVERS\avipbb.sys 155648 bytes (Avira GmbH, Avira Driver for Security Enhancement)
    0x8C48C000 C:\Windows\system32\drivers\drmk.sys 151552 bytes (Microsoft Corporation, Microsoft Kernel DRM Descrambler Filter)
    0x879B6000 C:\Windows\system32\DRIVERS\ndiswan.sys 143360 bytes (Microsoft Corporation, MS PPP Framing Driver (Strong Encryption))
    0x87907000 C:\Windows\system32\drivers\CLASSPNP.SYS 135168 bytes (Microsoft Corporation, SCSI Class System Dll)
    0x8BB85000 C:\Windows\system32\DRIVERS\Rtlh86.sys 135168 bytes (Realtek Corporation , Realtek 8101E/8168/8169 NDIS6 32-bit Driver )
    0x8C80E000 C:\Windows\System32\Drivers\usbvideo.sys 135168 bytes (Microsoft Corporation, USB Video Class Driver)
    0x805D3000 C:\Windows\System32\drivers\VIDEOPRT.SYS 135168 bytes (Microsoft Corporation, Video Port Driver)
    0x9C009000 C:\Windows\system32\drivers\mrxdav.sys 131072 bytes (Microsoft Corporation, Windows NT WebDav Minirdr)
    0x9C029000 C:\Windows\system32\DRIVERS\mrxsmb.sys 126976 bytes (Microsoft Corporation, Windows NT SMB Minirdr)
    0x8072D000 C:\Windows\system32\drivers\ataport.SYS 122880 bytes (Microsoft Corporation, ATAPI Driver Extension)
    0x983B0000 C:\Windows\System32\DRIVERS\srvnet.sys 118784 bytes (Microsoft Corporation, Server Network driver)
    0x878EC000 C:\Windows\System32\drivers\fwpkclnt.sys 110592 bytes (Microsoft Corporation, FWP/IPsec Kernel-Mode API)
    0x9820D000 C:\Windows\system32\drivers\luafv.sys 110592 bytes (Microsoft Corporation, LUA File Virtualization Filter Driver)
    0x983CD000 C:\Windows\system32\DRIVERS\bowser.sys 102400 bytes (Microsoft Corporation, NT Lan Manager Datagram Receiver Driver)
    0x8C0F7000 C:\Windows\system32\DRIVERS\cdrom.sys 98304 bytes (Microsoft Corporation, SCSI CD-ROM Driver)
    0x9C081000 C:\Windows\system32\DRIVERS\mrxsmb20.sys 98304 bytes (Microsoft Corporation, Longhorn SMB 2.0 Redirector)
    0x8C994000 C:\Windows\System32\Drivers\dfsc.sys 94208 bytes (Microsoft Corporation, DFS Namespace Client Driver)
    0x8BBD4000 C:\Windows\system32\DRIVERS\rasl2tp.sys 94208 bytes (Microsoft Corporation, RAS L2TP mini-port/call-manager driver)
    0x807E7000 C:\Windows\system32\DRIVERS\usbccgp.sys 94208 bytes (Microsoft Corporation, USB Common Class Generic Parent Driver)
    0xA8803000 C:\Windows\system32\DRIVERS\cdfs.sys 90112 bytes (Microsoft Corporation, CD-ROM File System Driver)
    0x8C8FE000 C:\Windows\system32\DRIVERS\pacer.sys 90112 bytes (Microsoft Corporation, QoS Packet Scheduler)
    0x8C851000 C:\Windows\system32\DRIVERS\tdx.sys 90112 bytes (Microsoft Corporation, TDI Translation Driver)
    0x98228000 C:\Windows\system32\DRIVERS\avgntflt.sys 86016 bytes (Avira GmbH, Avira Minifilter Driver)
    0x983E6000 C:\Windows\System32\drivers\mpsdrv.sys 86016 bytes (Microsoft Corporation, Microsoft Protection Service Driver)
    0x877E8000 C:\Windows\system32\DRIVERS\rassstp.sys 86016 bytes (Microsoft Corporation, RAS SSTP Miniport Call Manager)
    0x879E8000 C:\Windows\system32\DRIVERS\raspptp.sys 81920 bytes (Microsoft Corporation, Peer-to-Peer Tunneling Protocol)
    0x8C9D1000 C:\Windows\system32\drivers\RTSTOR.SYS 81920 bytes (Realtek Semiconductor Corp., Realtek USB Mass Storage Driver for Vista)
    0x8C867000 C:\Windows\system32\DRIVERS\smb.sys 81920 bytes (Microsoft Corporation, SMB Transport driver)
    0x8C17E000 C:\Windows\system32\DRIVERS\i8042prt.sys 77824 bytes (Microsoft Corporation, i8042 Port Driver)
    0x98330000 C:\Windows\system32\DRIVERS\rspndr.sys 77824 bytes (Microsoft Corporation, Link-Layer Topology Responder Driver for NDIS 6)
    0x8C927000 C:\Windows\system32\DRIVERS\wanarp.sys 77824 bytes (Microsoft Corporation, MS Remote Access and Routing ARP Driver)
    0x8C16C000 C:\Windows\system32\DRIVERS\HDAudBus.sys 73728 bytes (Microsoft Corporation, High Definition Audio Bus Driver)
    0x87BE1000 C:\Windows\system32\drivers\disk.sys 69632 bytes (Microsoft Corporation, PnP Disk Driver)
    0x8C44E000 C:\Windows\System32\Drivers\NDProxy.SYS 69632 bytes (Microsoft Corporation, NDIS Proxy)
    0x80410000 C:\Windows\system32\PSHED.dll 69632 bytes (Microsoft Corporation, Platform Specific Hardware Error Driver)
    0x80787000 C:\Windows\system32\drivers\fileinfo.sys 65536 bytes (Microsoft Corporation, FileInfo Filter Driver)
    0x8C1DB000 C:\Windows\system32\DRIVERS\HIDCLASS.SYS 65536 bytes (Microsoft Corporation, Hid Class Library)
    0x982EC000 C:\Windows\system32\DRIVERS\lltdio.sys 65536 bytes (Microsoft Corporation, Link-Layer Topology Mapper I/O Driver)
    0x80715000 C:\Windows\System32\drivers\mountmgr.sys 65536 bytes (Microsoft Corporation, Mount Point Manager)
    0x807A0000 C:\Windows\system32\DRIVERS\termdd.sys 65536 bytes (Microsoft Corporation, Terminal Server Driver)
    0x87932000 C:\Windows\system32\DRIVERS\monitor.sys 61440 bytes (Microsoft Corporation, Monitor Driver)
    0x87BAB000 C:\Windows\System32\Drivers\mup.sys 61440 bytes (Microsoft Corporation, Multiple UNC Provider driver)
    0x8068B000 C:\Windows\System32\drivers\partmgr.sys 61440 bytes (Microsoft Corporation, Partition Management Driver)
    0x87966000 C:\Windows\system32\DRIVERS\processr.sys 61440 bytes (Microsoft Corporation, Processor Device Driver)
    0x879D9000 C:\Windows\system32\DRIVERS\raspppoe.sys 61440 bytes (Microsoft Corporation, RAS PPPoE mini-port/call-manager driver)
    0x8C15D000 C:\Windows\system32\DRIVERS\usbehci.sys 61440 bytes (Microsoft Corporation, EHCI eUSB Miniport Driver)
    0x806A7000 C:\Windows\system32\drivers\volmgr.sys 61440 bytes (Microsoft Corporation, Volume Manager Driver)
    0x96F00000 C:\Windows\System32\cdd.dll 57344 bytes (Microsoft Corporation, Canonical Display Driver)
    0x8C919000 C:\Windows\system32\DRIVERS\netbios.sys 57344 bytes (Microsoft Corporation, NetBIOS interface driver)
    0x8C83A000 C:\Windows\System32\Drivers\Npfs.SYS 57344 bytes (Microsoft Corporation, NPFS Driver)
    0x80707000 C:\Windows\system32\drivers\PCIIDEX.SYS 57344 bytes (Microsoft Corporation, PCI IDE Bus Driver Extension)
    0x8C940000 C:\Windows\System32\Drivers\SCDEmu.SYS 57344 bytes (PowerISO Computing, Inc., PowerISO Virtual Drive)
    0x8C9E5000 C:\Windows\System32\Drivers\crashdmp.sys 53248 bytes (Microsoft Corporation, Crash Dump Driver)
    0x8C5CD000 C:\Windows\system32\drivers\modem.sys 53248 bytes (Microsoft Corporation, Modem Device Driver)
    0x807DA000 C:\Windows\system32\DRIVERS\umbus.sys 53248 bytes (Microsoft Corporation, User-Mode Bus Enumerator)
    0x8BB78000 C:\Windows\System32\drivers\watchdog.sys 53248 bytes (Microsoft Corporation, Watchdog Driver)
    0x805C6000 C:\Windows\system32\drivers\WDFLDR.SYS 53248 bytes (Microsoft Corporation, WDFLDR)
    0x98200000 C:\Windows\System32\drivers\tcpipreg.sys 49152 bytes (Microsoft Corporation, TCP/IP Registry Compatibility Driver)
    0x8C5F1000 C:\Windows\System32\drivers\vga.sys 49152 bytes (Microsoft Corporation, VGA/Super VGA Video Driver)
    0xA881B000 C:\Users\thomas\AppData\Local\Temp\aswMBR.sys 45056 bytes
    0x8C9F2000 C:\Windows\System32\Drivers\dump_dumpata.sys 45056 bytes
    0x8C191000 C:\Windows\system32\DRIVERS\kbdclass.sys 45056 bytes (Microsoft Corporation, Keyboard Class Driver)
    0x8C1CD000 C:\Windows\system32\DRIVERS\mouclass.sys 45056 bytes (Microsoft Corporation, Mouse Class Driver)
    0x8C82F000 C:\Windows\System32\Drivers\Msfs.SYS 45056 bytes (Microsoft Corporation, Mailslot driver)
    0x8BBEB000 C:\Windows\system32\DRIVERS\ndistapi.sys 45056 bytes (Microsoft Corporation, NDIS 3.0 connection wrapper driver)
    0x8C1F2000 C:\Windows\system32\DRIVERS\TDI.SYS 45056 bytes (Microsoft Corporation, TDI Wrapper)
    0x8794A000 C:\Windows\system32\DRIVERS\tunnel.sys 45056 bytes (Microsoft Corporation, Microsoft Tunnel Interface Driver)
    0x8BBF6000 C:\Windows\system32\DRIVERS\appliand.sys 40960 bytes (Applian Technologies Inc., APPLIAND helper driver)
    0x8069D000 C:\Windows\system32\DRIVERS\BATTC.SYS 40960 bytes (Microsoft Corporation, Battery Class Driver)
    0x8C800000 C:\Windows\System32\Drivers\dump_msahci.sys 40960 bytes
    0x87928000 C:\Windows\System32\drivers\Dxapi.sys 40960 bytes (Microsoft Corporation, DirectX API Driver)
    0x8074B000 C:\Windows\system32\drivers\msahci.sys 40960 bytes (Microsoft Corporation, MS AHCI 1.0 Standard Driver)
    0x8B600000 C:\Windows\system32\DRIVERS\mssmbios.sys 40960 bytes (Microsoft Corporation, System Management BIOS Driver)
    0x98326000 C:\Windows\system32\DRIVERS\ndisuio.sys 40960 bytes (Microsoft Corporation, NDIS User mode I/O driver)
    0x8C98A000 C:\Windows\system32\drivers\nsiproxy.sys 40960 bytes (Microsoft Corporation, NSI Proxy)
    0x9C1EE000 C:\Windows\System32\Drivers\secdrv.SYS 40960 bytes (Macrovision Corporation, Macrovision Europe Limited, and Macrovision Japan and Asia K.K., Macrovision SECURITY Driver)
    0x8C0ED000 C:\Windows\system32\DRIVERS\tdcmdpst.sys 40960 bytes (TOSHIBA Corporation., TOSHIBA ODD Writing Driver for x86.)
    0x8C115000 C:\Windows\system32\DRIVERS\usbohci.sys 40960 bytes (Microsoft Corporation, OHCI USB Miniport Driver)
    0x87A00000 C:\Windows\system32\drivers\crcdisk.sys 36864 bytes (Microsoft Corporation, Disk Block Verification Filter Driver)
    0x8C5DA000 C:\Windows\System32\Drivers\Fs_Rec.SYS 36864 bytes (Microsoft Corporation, File System Recognizer Driver)
    0x8C400000 C:\Windows\system32\DRIVERS\hidusb.sys 36864 bytes (Microsoft Corporation, USB Miniport Driver for Input Devices)
    0xA8837000 C:\Windows\System32\Drivers\Normandy.SYS 36864 bytes (RKU Driver)
    0x80797000 C:\Windows\System32\Drivers\PxHelp20.sys 36864 bytes (Sonic Solutions, Px Engine Device Driver for Windows 2000/XP)
    0x8C848000 C:\Windows\System32\DRIVERS\rasacd.sys 36864 bytes (Microsoft Corporation, RAS Automatic Connection Driver)
    0x96EE0000 C:\Windows\System32\TSDDD.dll 36864 bytes (Microsoft Corporation, Framebuffer Display Driver)
    0x87955000 C:\Windows\system32\DRIVERS\tunmp.sys 36864 bytes (Microsoft Corporation, Microsoft Tunnel Interface Driver)
    0x80653000 C:\Windows\system32\drivers\WMILIB.SYS 36864 bytes (Microsoft Corporation, WMILIB WMI support library Dll)
    0x8C8F5000 C:\Windows\system32\drivers\ws2ifsl.sys 36864 bytes (Microsoft Corporation, Winsock2 IFS Layer)
    0x80725000 C:\Windows\system32\drivers\atapi.sys 32768 bytes (Microsoft Corporation, ATAPI IDE Miniport Driver)
    0x87BF2000 C:\Windows\system32\DRIVERS\AtiPcie.sys 32768 bytes (ATI Technologies Inc., ATI PCIE Driver for ATI PCIE chipset)
    0x80421000 C:\Windows\system32\BOOTVID.dll 32768 bytes (Microsoft Corporation, VGA Boot Driver)
    0xA8828000 C:\Users\thomas\AppData\Local\Temp\catchme.sys 32768 bytes
    0x8795E000 C:\Windows\system32\DRIVERS\FwLnk.sys 32768 bytes (TOSHIBA Corporation, TOSHIBA Firmware Linkage 32-bit Driver)
    0x80408000 C:\Windows\system32\kdcom.dll 32768 bytes (Microsoft Corporation, Kernel Debugger HW Extension DLL)
    0x8C43E000 C:\Windows\system32\DRIVERS\mouhid.sys 32768 bytes (Microsoft Corporation, HID Mouse Filter Driver)
    0x8065C000 C:\Windows\system32\drivers\msisadrv.sys 32768 bytes (Microsoft Corporation, ISA Driver)
    0x8C000000 C:\Windows\System32\DRIVERS\RDPCDD.sys 32768 bytes (Microsoft Corporation, RDP Miniport)
    0x80600000 C:\Windows\system32\drivers\rdpencdd.sys 32768 bytes (Microsoft Corporation, RDP Miniport)
    0x87BA3000 C:\Windows\System32\Drivers\spldr.sys 32768 bytes (Microsoft Corporation, loader for security processor)
    0x805F4000 C:\Windows\System32\Drivers\UVCFTR_S.SYS 32768 bytes (Chicony Electronics Co., Ltd., UVCFTR_S.sys)
    0x8C446000 C:\Windows\system32\DRIVERS\wacommousefilter.sys 32768 bytes (Wacom Technology, Wacom Mouse Filter Driver)
    0x8C5EA000 C:\Windows\System32\Drivers\Beep.SYS 28672 bytes (Microsoft Corporation, BEEP Driver)
    0x8C1EB000 C:\Windows\system32\DRIVERS\HIDPARSE.SYS 28672 bytes (Microsoft Corporation, Hid Parsing Library)
    0xA8830000 C:\ComboFix\mbr.sys 28672 bytes
    0x8C5E3000 C:\Windows\System32\Drivers\Null.SYS 28672 bytes (Microsoft Corporation, NULL Driver)
    0x80700000 C:\Windows\system32\drivers\pciide.sys 28672 bytes (Microsoft Corporation, Generic PCI IDE Bus Driver)
    0x8C10F000 C:\Windows\System32\Drivers\GEARAspiWDM.sys 24576 bytes (GEAR Software Inc., CD DVD Filter)
    0x8C93A000 C:\Windows\system32\DRIVERS\ssmdrv.sys 24576 bytes (Avira GmbH, AVIRA SnapShot Driver)
    0x8C914000 C:\Windows\system32\DRIVERS\jswpslwf.sys 20480 bytes (Atheros Communications, Inc., Atheros Security NDIS 6.0 Filter Driver)
    0x87B53000 C:\Windows\system32\DRIVERS\TVALZ_O.SYS 20480 bytes (TOSHIBA Corporation, TOSHIBA ACPI-Based Value Added Logical and General Purpose Device Driver)
    0x87BFA000 C:\Windows\system32\DRIVERS\CmBatt.sys 16384 bytes (Microsoft Corporation, Control Method Battery Driver)
    0x8069A000 C:\Windows\system32\DRIVERS\compbatt.sys 12288 bytes (Microsoft Corporation, Composite Battery Driver)
    0x8C1D8000 C:\Windows\system32\DRIVERS\wacomvhid.sys 12288 bytes (Wacom Technology, Virtual Hid Device)
    0xA8826000 C:\Windows\system32\Drivers\PROCEXP113.SYS 8192 bytes
    0x8C1FD000 C:\Windows\system32\DRIVERS\swenum.sys 8192 bytes (Microsoft Corporation, Plug and Play Software Device Enumerator)
    0x8C1CB000 C:\Windows\system32\DRIVERS\USBD.SYS 8192 bytes (Microsoft Corporation, Universal Serial Bus Driver)
    0x9C1F8000 C:\Windows\system32\Drivers\mchInjDrv.sys 4096 bytes
    ==============================================
    >Stealth
    ==============================================
  8. Broni

    Broni Malware Annihilator Posts: 46,127   +251

    Good :)

    Please download ComboFix from Here or Here to your Desktop.

    **Note: In the event you already have Combofix, this is a new version that I need you to download. It is important that it is saved directly to your desktop**
    1. Please, never rename Combofix unless instructed.
    2. Close any open browsers.
    3. Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.
      • Very Important! Temporarily disable your anti-virus, script blocking and any anti-malware real-time protection before performing a scan. They can interfere with ComboFix or remove some of its embedded files which may cause "unpredictable results".
      • Click on this link to see a list of programs that should be disabled. The list is not all inclusive. If yours is not listed and you don't know how to disable it, please ask.
      NOTE1. If Combofix asks you to install Recovery Console, please allow it.
      NOTE 2. If Combofix asks you to update the program, always do so.
      • Close any open browsers.
      • WARNING: Combofix will disconnect your machine from the Internet as soon as it starts
      • Please do not attempt to re-connect your machine back to the Internet until Combofix has completely finished.
      • If there is no internet connection after running Combofix, then restart your computer to restore back your connection.
    4. Double click on combofix.exe & follow the prompts.
    5. When finished, it will produce a report for you.
    6. Please post the "C:\ComboFix.txt"
    **Note 1: Do not mouseclick combofix's window while it's running. That may cause it to stall
    **Note 2 for AVG users: ComboFix will not run until AVG is uninstalled as a protective measure against the anti-virus. This is because AVG "falsely" detects ComboFix (or its embedded files) as a threat and may remove them resulting in the tool not working correctly which in turn can cause "unpredictable results". Since AVG cannot be effectively disabled before running ComboFix, the author recommends you to uninstall AVG first.
    Use AppRemover to uninstall it: http://www.appremover.com/
    We can reinstall it when we're done with CF.
    **Note 3: If you receive an error "Illegal operation attempted on a registery key that has been marked for deletion", restart computer to fix the issue.



    Make sure, you re-enable your security programs, when you're done with Combofix.

    ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

    NOTE.
    If, for some reason, Combofix refuses to run, try one of the following:

    1. Run Combofix from Safe Mode.

    2. Delete Combofix file, download fresh one, but rename combofix.exe to yourname.exe BEFORE saving it to your desktop.
    Do NOT run it yet.

    Please download and run the below tool named Rkill (courtesy of BleepingComputer.com) which may help allow other programs to run.

    There are 4 different versions. If one of them won't run then download and try to run the other one.

    Vista and Win7 users need to right click Rkill and choose Run as Administrator

    You only need to get one of these to run, not all of them. You may get warnings from your antivirus about this tool, ignore them or shutdown your antivirus.

    Rkill.com
    Rkill.scr
    Rkill.exe

    • Double-click on the Rkill desktop icon to run the tool.
    • If using Vista or Windows 7 right-click on it and choose Run As Administrator.
    • A black DOS box will briefly flash and then disappear. This is normal and indicates the tool ran successfully.
    • If not, delete the file, then download and use the one provided in Link 2.
    • If it does not work, repeat the process and attempt to use one of the remaining links until the tool runs.
    • Do not reboot until instructed.
    • If the tool does not run from any of the links provided, please let me know.

    Once you've gotten one of them to run, immediately run your_name.exe by double clicking on it.

    If normal mode still doesn't work, run BOTH tools from safe mode.

    In case #2, please post BOTH logs, rKill and Combofix.

    DO NOT make any other changes to your computer (like installing programs, using other cleaning tools, etc.), until it's officially declared clean!!!
  9. Shambo9

    Shambo9 Newcomer, in training Topic Starter Posts: 113

    I've tried both running it in safe mode and regular after Rkill but it always closes out after saying "attempting to scan, it could take 10 minutes, etc".
  10. Broni

    Broni Malware Annihilator Posts: 46,127   +251

    Delete your Combofix file and download fresh one from HERE.
    I renamed the file for a reason.
  11. Shambo9

    Shambo9 Newcomer, in training Topic Starter Posts: 113

    I've tried running that file in safe mode and regular. Still no dice :(
     
  12. Broni

    Broni Malware Annihilator Posts: 46,127   +251

    Download OTL to your Desktop.

    • Double click on the icon to run it. Make sure all other windows are closed and to let it run uninterrupted.
    • Click the Scan All Users checkbox.
    • Under the Custom Scan box paste this in:


    netsvcs
    drivers32
    %SYSTEMDRIVE%\*.*
    %systemroot%\Fonts\*.com
    %systemroot%\Fonts\*.dll
    %systemroot%\Fonts\*.ini
    %systemroot%\Fonts\*.ini2
    %systemroot%\Fonts\*.exe
    %systemroot%\system32\spool\prtprocs\w32x86\*.*
    %systemroot%\REPAIR\*.bak1
    %systemroot%\REPAIR\*.ini
    %systemroot%\system32\*.jpg
    %systemroot%\*.jpg
    %systemroot%\*.png
    %systemroot%\*.scr
    %systemroot%\*._sy
    %APPDATA%\Adobe\Update\*.*
    %ALLUSERSPROFILE%\Favorites\*.*
    %APPDATA%\Microsoft\*.*
    %PROGRAMFILES%\*.*
    %APPDATA%\Update\*.*
    %systemroot%\*. /mp /s
    CREATERESTOREPOINT
    %systemroot%\System32\config\*.sav
    %PROGRAMFILES%\bak. /s
    %systemroot%\system32\bak. /s
    %ALLUSERSPROFILE%\Start Menu\*.lnk /x
    %systemroot%\system32\config\systemprofile\*.dat /x
    %systemroot%\*.config
    %systemroot%\system32\*.db
    %APPDATA%\Microsoft\Internet Explorer\Quick Launch\*.lnk /x
    %USERPROFILE%\Desktop\*.exe
    %PROGRAMFILES%\Common Files\*.*
    %systemroot%\*.src
    %systemroot%\install\*.*
    %systemroot%\system32\DLL\*.*
    %systemroot%\system32\HelpFiles\*.*
    %systemroot%\system32\rundll\*.*
    %systemroot%\winn32\*.*
    %systemroot%\Java\*.*
    %systemroot%\system32\test\*.*
    %systemroot%\system32\Rundll32\*.*
    %systemroot%\AppPatch\Custom\*.*
    %APPDATA%\Roaming\Microsoft\Windows\Recent\*.lnk /x
    %PROGRAMFILES%\PC-Doctor\Downloads\*.*
    %PROGRAMFILES%\Internet Explorer\*.tmp
    %PROGRAMFILES%\Internet Explorer\*.dat
    %USERPROFILE%\My Documents\*.exe
    %USERPROFILE%\*.exe
    %systemroot%\ADDINS\*.*
    %systemroot%\assembly\*.bak2
    %systemroot%\Config\*.*
    %systemroot%\REPAIR\*.bak2
    %systemroot%\SECURITY\Database\*.sdb /x
    %systemroot%\SYSTEM\*.bak2
    %systemroot%\Web\*.bak2
    %systemroot%\Driver Cache\*.*
    %PROGRAMFILES%\Mozilla Firefox\0*.exe
    %ProgramFiles%\Microsoft Common\*.*
    %ProgramFiles%\TinyProxy.
    %USERPROFILE%\Favorites\*.url /x
    %systemroot%\system32\*.bk
    %systemroot%\*.te
    %systemroot%\system32\system32\*.*
    %ALLUSERSPROFILE%\*.dat /x
    %systemroot%\system32\drivers\*.rmv
    dir /b "%systemroot%\system32\*.exe" | find /i " " /c
    dir /b "%systemroot%\*.exe" | find /i " " /c
    %PROGRAMFILES%\Microsoft\*.*
    %systemroot%\System32\Wbem\proquota.exe
    %PROGRAMFILES%\Mozilla Firefox\*.dat
    %USERPROFILE%\Cookies\*.txt /x
    %SystemRoot%\system32\fonts\*.*
    %systemroot%\system32\winlog\*.*
    %systemroot%\system32\Language\*.*
    %systemroot%\system32\Settings\*.*
    %systemroot%\system32\*.quo
    %SYSTEMROOT%\AppPatch\*.exe
    %SYSTEMROOT%\inf\*.exe
    %SYSTEMROOT%\Installer\*.exe
    %systemroot%\system32\config\*.bak2
    %systemroot%\system32\Computers\*.*
    %SystemRoot%\system32\Sound\*.*
    %SystemRoot%\system32\SpecialImg\*.*
    %SystemRoot%\system32\code\*.*
    %SystemRoot%\system32\draft\*.*
    %SystemRoot%\system32\MSSSys\*.*
    %ProgramFiles%\Javascript\*.*
    %systemroot%\pchealth\helpctr\System\*.exe /s
    %systemroot%\Web\*.exe
    %systemroot%\system32\msn\*.*
    %systemroot%\system32\*.tro
    %AppData%\Microsoft\Installer\msupdates\*.*
    %ProgramFiles%\Messenger\*.*
    %systemroot%\system32\systhem32\*.*
    %systemroot%\system\*.exe
    HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate\AU
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\Auto Update\Results\Install|LastSuccessTime /rs
    /md5start
    /md5stop


    • Click the Quick Scan button. Do not change any settings unless otherwise told to do so. The scan wont take long.
    • When the scan completes, it will open two notepad windows: OTL.txt and Extras.txt. These are saved in the same location as OTL.
    • Please copy (Edit->Select All, Edit->Copy) the contents of these files, one at a time, and post them back here.
  13. Shambo9

    Shambo9 Newcomer, in training Topic Starter Posts: 113

    OTL txt

    OTL logfile created on: 5/29/2011 7:26:11 PM - Run 1
    OTL by OldTimer - Version 3.2.23.0 Folder = C:\Users\thomas\Downloads
    Windows Vista Home Premium Edition Service Pack 1 (Version = 6.0.6001) - Type = NTWorkstation
    Internet Explorer (Version = 7.0.6001.18000)
    Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

    1.75 Gb Total Physical Memory | 0.49 Gb Available Physical Memory | 28.01% Memory free
    3.74 Gb Paging File | 2.17 Gb Available in Paging File | 58.12% Paging File free
    Paging file location(s): ?:\pagefile.sys [binary data]

    %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
    Drive C: | 231.42 Gb Total Space | 77.32 Gb Free Space | 33.41% Space Free | Partition Type: NTFS

    Computer Name: THOMAS-PC | User Name: thomas | Logged in as Administrator.
    Boot Mode: Normal | Scan Mode: All users | Quick Scan
    Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

    ========== Processes (SafeList) ==========

    PRC - [2011/05/29 19:25:03 | 000,580,096 | ---- | M] (OldTimer Tools) -- C:\Users\thomas\Downloads\OTL.exe
    PRC - [2011/05/11 14:12:16 | 000,225,792 | ---- | M] () -- C:\Program Files\Bamboo Dock\Bamboo Dock\Bamboo Dock.exe
    PRC - [2011/05/11 14:10:41 | 000,629,848 | ---- | M] () -- C:\Program Files\Bamboo Dock\BambooCore.exe
    PRC - [2011/04/28 15:16:50 | 000,136,360 | ---- | M] (Avira GmbH) -- C:\Program Files\Avira\AntiVir Desktop\sched.exe
    PRC - [2011/03/16 11:47:07 | 000,269,480 | ---- | M] (Avira GmbH) -- C:\Program Files\Avira\AntiVir Desktop\avguard.exe
    PRC - [2011/01/10 15:23:29 | 000,281,768 | ---- | M] (Avira GmbH) -- C:\Program Files\Avira\AntiVir Desktop\avgnt.exe
    PRC - [2010/07/13 16:26:12 | 004,302,704 | ---- | M] (Wacom Technology, Corp.) -- C:\Program Files\Tablet\Pen\Pen_TouchUser.exe
    PRC - [2010/07/13 16:26:10 | 006,076,272 | ---- | M] (Wacom Technology, Corp.) -- C:\Program Files\Tablet\Pen\Pen_Tablet.exe
    PRC - [2010/07/13 16:26:10 | 002,533,232 | ---- | M] (Wacom Technology, Corp.) -- C:\Program Files\Tablet\Pen\Pen_TabletUser.exe
    PRC - [2010/07/13 16:26:10 | 000,616,816 | ---- | M] (Wacom Technology, Corp.) -- C:\Program Files\Tablet\Pen\Pen_TouchService.exe
    PRC - [2010/04/12 03:40:16 | 000,180,224 | ---- | M] (PowerISO Computing, Inc.) -- C:\Program Files\PowerISO\PWRISOVM.EXE
    PRC - [2010/01/14 22:11:00 | 000,076,968 | ---- | M] (Avira GmbH) -- C:\Program Files\Avira\AntiVir Desktop\avshadow.exe
    PRC - [2010/01/14 19:16:16 | 000,345,600 | ---- | M] (Pharos Systems International) -- C:\Program Files\PharosSystems\Core\CTskMstr.exe
    PRC - [2008/11/26 15:40:52 | 004,751,360 | ---- | M] () -- C:\Program Files\Camera Assistant Software for Toshiba\CEC_MAIN.exe
    PRC - [2008/11/25 15:18:59 | 000,185,872 | ---- | M] (RealNetworks, Inc.) -- C:\Program Files\Common Files\Real\Update_OB\realsched.exe
    PRC - [2008/11/09 15:48:14 | 000,602,392 | ---- | M] (Yahoo! Inc.) -- C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe
    PRC - [2008/10/29 01:29:41 | 002,927,104 | ---- | M] (Microsoft Corporation) -- C:\Windows\explorer.exe
    PRC - [2008/04/29 10:33:28 | 000,417,792 | ---- | M] (Chicony) -- C:\Program Files\Camera Assistant Software for Toshiba\traybar.exe
    PRC - [2008/04/24 20:35:46 | 000,073,728 | ---- | M] (Toshiba) -- C:\Program Files\TOSHIBA\SmartFaceV\SmartFaceVWatchSrv.exe
    PRC - [2008/04/17 02:21:24 | 001,056,768 | ---- | M] (TOSHIBA CORPORATION) -- C:\Program Files\TOSHIBA\ConfigFree\NDSTray.exe
    PRC - [2008/04/17 02:19:48 | 000,040,960 | ---- | M] (TOSHIBA CORPORATION) -- C:\Program Files\TOSHIBA\ConfigFree\CFSvcs.exe
    PRC - [2008/04/17 02:19:16 | 000,405,504 | ---- | M] (TOSHIBA CORPORATION) -- C:\Program Files\TOSHIBA\ConfigFree\CFSwMgr.exe
    PRC - [2008/04/11 02:51:58 | 000,083,312 | ---- | M] (TOSHIBA Corporation) -- C:\Program Files\TOSHIBA\TOSHIBA DVD PLAYER\TNaviSrv.exe
    PRC - [2008/04/08 17:14:50 | 006,037,504 | ---- | M] (Realtek Semiconductor) -- C:\Windows\RtHDVCpl.exe
    PRC - [2007/10/23 18:27:16 | 000,066,928 | ---- | M] () -- c:\TOSHIBA\IVP\swupdate\swupdtmr.exe
    PRC - [2007/07/24 12:15:14 | 000,185,632 | ---- | M] (Protexis Inc.) -- c:\Program Files\Common Files\Protexis\License Service\PsiService_2.exe
    PRC - [2007/01/25 20:47:50 | 000,136,816 | ---- | M] () -- C:\TOSHIBA\IVP\ISM\pinger.exe
    PRC - [2006/10/05 14:10:12 | 000,009,216 | ---- | M] (Agere Systems) -- C:\Windows\System32\agrsmsvc.exe


    ========== Modules (SafeList) ==========

    MOD - [2011/05/29 19:25:03 | 000,580,096 | ---- | M] (OldTimer Tools) -- C:\Users\thomas\Downloads\OTL.exe
    MOD - [2010/08/31 10:39:57 | 001,684,480 | ---- | M] (Microsoft Corporation) -- C:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.6001.18523_none_5cdd65e20837faf2\comctl32.dll


    ========== Win32 Services (SafeList) ==========

    SRV - File not found [Auto | Stopped] -- -- (AMPingService)
    SRV - [2011/04/28 15:16:50 | 000,136,360 | ---- | M] (Avira GmbH) [Auto | Running] -- C:\Program Files\Avira\AntiVir Desktop\sched.exe -- (AntiVirSchedulerService)
    SRV - [2011/03/16 11:47:07 | 000,269,480 | ---- | M] (Avira GmbH) [Auto | Running] -- C:\Program Files\Avira\AntiVir Desktop\avguard.exe -- (AntiVirService)
    SRV - [2010/11/15 15:52:25 | 000,654,848 | ---- | M] (Macrovision Europe Ltd.) [On_Demand | Stopped] -- C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe -- (FLEXnet Licensing Service)
    SRV - [2010/07/13 16:26:10 | 006,076,272 | ---- | M] (Wacom Technology, Corp.) [Auto | Running] -- C:\Program Files\Tablet\Pen\Pen_Tablet.exe -- (TabletServicePen)
    SRV - [2010/07/13 16:26:10 | 000,616,816 | ---- | M] (Wacom Technology, Corp.) [Auto | Running] -- C:\Program Files\Tablet\Pen\Pen_TouchService.exe -- (TouchServicePen)
    SRV - [2010/01/14 19:16:16 | 000,345,600 | ---- | M] (Pharos Systems International) [Auto | Running] -- C:\Program Files\PharosSystems\Core\CTskMstr.exe -- (Pharos Systems ComTaskMaster)
    SRV - [2008/11/09 15:48:14 | 000,602,392 | ---- | M] (Yahoo! Inc.) [Auto | Running] -- C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe -- (YahooAUService)
    SRV - [2008/04/24 20:35:46 | 000,073,728 | ---- | M] (Toshiba) [On_Demand | Running] -- C:\Program Files\TOSHIBA\SmartFaceV\SmartFaceVWatchSrv.exe -- (SmartFaceVWatchSrv)
    SRV - [2008/04/17 02:19:48 | 000,040,960 | ---- | M] (TOSHIBA CORPORATION) [Auto | Running] -- C:\Program Files\TOSHIBA\ConfigFree\CFSvcs.exe -- (ConfigFree Service)
    SRV - [2008/04/16 17:53:00 | 000,954,368 | ---- | M] (Atheros Communications, Inc.) [On_Demand | Stopped] -- C:\Program Files\Jumpstart\jswpsapi.exe -- (jswpsapi)
    SRV - [2008/04/11 02:51:58 | 000,083,312 | ---- | M] (TOSHIBA Corporation) [Auto | Running] -- C:\Program Files\TOSHIBA\TOSHIBA DVD PLAYER\TNaviSrv.exe -- (TNaviSrv)
    SRV - [2008/01/29 12:09:58 | 000,165,416 | ---- | M] (WildTangent, Inc.) [On_Demand | Stopped] -- C:\Program Files\TOSHIBA Games\TOSHIBA Game Console\GameConsoleService.exe -- (GameConsoleService)
    SRV - [2008/01/20 21:23:32 | 000,272,952 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
    SRV - [2007/10/23 18:27:16 | 000,066,928 | ---- | M] () [Auto | Running] -- c:\TOSHIBA\IVP\swupdate\swupdtmr.exe -- (Swupdtmr)
    SRV - [2007/07/24 12:15:14 | 000,185,632 | ---- | M] (Protexis Inc.) [Auto | Running] -- c:\Program Files\Common Files\Protexis\License Service\PsiService_2.exe -- (PSI_SVC_2)
    SRV - [2007/01/25 20:47:50 | 000,136,816 | ---- | M] () [Auto | Running] -- C:\TOSHIBA\IVP\ISM\pinger.exe -- (pinger)
    SRV - [2006/10/05 14:10:12 | 000,009,216 | ---- | M] (Agere Systems) [Auto | Running] -- C:\Windows\System32\agrsmsvc.exe -- (AgereModemAudio)


    ========== Driver Services (SafeList) ==========

    DRV - [2011/03/16 11:47:08 | 000,137,656 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\Windows\System32\drivers\avipbb.sys -- (avipbb)
    DRV - [2011/01/10 15:23:53 | 000,061,960 | ---- | M] (Avira GmbH) [File_System | Auto | Running] -- C:\Windows\System32\drivers\avgntflt.sys -- (avgntflt)
    DRV - [2010/06/24 14:46:12 | 000,028,256 | ---- | M] (Applian Technologies Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\appliand.sys -- (appliandMP)
    DRV - [2010/06/24 14:46:12 | 000,028,256 | ---- | M] (Applian Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\appliand.sys -- (appliand)
    DRV - [2010/06/17 15:27:22 | 000,028,520 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\Windows\System32\drivers\ssmdrv.sys -- (ssmdrv)
    DRV - [2010/05/19 16:52:36 | 000,016,240 | ---- | M] (Wacom Technology) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\wacmoumonitor.sys -- (wacmoumonitor)
    DRV - [2010/04/12 03:44:34 | 000,059,388 | ---- | M] (PowerISO Computing, Inc.) [Kernel | System | Running] -- C:\Windows\System32\drivers\scdemu.sys -- (SCDEmu)
    DRV - [2010/03/08 19:34:04 | 000,048,128 | ---- | M] (Windows (R) Win 7 DDK provider) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\spvads.sys -- (spvads) SoundPlane Audio Device (S)
    DRV - [2009/09/21 18:29:22 | 000,014,120 | ---- | M] (Wacom Technology) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\wacomvhid.sys -- (wacomvhid)
    DRV - [2009/03/18 16:35:40 | 000,026,176 | -H-- | M] (LogMeIn, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\hamachi.sys -- (hamachi)
    DRV - [2008/07/15 20:59:06 | 000,017,960 | ---- | M] (Chicony Electronics Co., Ltd.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\UVCFTR_S.SYS -- (UVCFTR)
    DRV - [2008/04/28 18:59:18 | 000,020,384 | ---- | M] (Atheros Communications, Inc.) [Kernel | System | Running] -- C:\Windows\System32\drivers\jswpslwf.sys -- (jswpslwf)
    DRV - [2008/04/23 02:36:32 | 003,551,232 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\atikmdag.sys -- (atikmdag)
    DRV - [2008/04/18 02:54:16 | 000,909,824 | ---- | M] (Atheros Communications, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\athr.sys -- (athr)
    DRV - [2008/04/15 12:05:08 | 000,118,784 | ---- | M] (Realtek Corporation ) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\Rtlh86.sys -- (RTL8169)
    DRV - [2008/04/10 23:25:30 | 000,285,184 | ---- | M] (TOSHIBA Corporation) [Kernel | Boot | Running] -- C:\Windows\system32\DRIVERS\tos_sps32.sys -- (tos_sps32)
    DRV - [2008/01/18 11:22:00 | 000,009,216 | ---- | M] (Inventec Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\sysprep\PEDRV.SYS -- (SVRPEDRV)
    DRV - [2007/12/14 13:53:24 | 000,024,200 | ---- | M] (TOSHIBA Corporation.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\tdcmdpst.sys -- (tdcmdpst)
    DRV - [2007/11/09 16:00:52 | 000,023,640 | ---- | M] (TOSHIBA Corporation) [Kernel | Boot | Running] -- C:\Windows\system32\DRIVERS\TVALZ_O.SYS -- (TVALZ)
    DRV - [2007/02/16 14:12:36 | 000,011,312 | ---- | M] (Wacom Technology) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\wacommousefilter.sys -- (wacommousefilter)
    DRV - [2006/11/28 17:11:00 | 001,161,888 | ---- | M] (Agere Systems) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\AGRSM.sys -- (AgereSoftModem)
    DRV - [2006/11/20 16:11:14 | 000,007,168 | ---- | M] (TOSHIBA Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\FwLnk.sys -- (FwLnk)
    DRV - [2006/11/09 01:32:00 | 000,219,264 | ---- | M] (TOSHIBA CORPORATION) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\kr10i.sys -- (KR10I)
    DRV - [2006/11/09 01:31:00 | 000,211,072 | ---- | M] (TOSHIBA CORPORATION) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\kr10n.sys -- (KR10N)
    DRV - [2006/10/30 13:23:12 | 000,007,680 | ---- | M] (ATI Technologies Inc.) [Kernel | Boot | Running] -- C:\Windows\system32\DRIVERS\AtiPcie.sys -- (AtiPcie) ATI PCI Express (3GIO)


    ========== Standard Registry (SafeList) ==========


    ========== Internet Explorer ==========

    IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.toshibadirect.com/dpdstart
    IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL = [Binary data over 100 bytes]
    IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Secondary Start Pages = [Binary data over 100 bytes]
    IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.toshibadirect.com/dpdstart


    IE - HKU\.DEFAULT\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.bing.com/?pc=ZUGO&form=ZGAPHP
    IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

    IE - HKU\S-1-5-18\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.bing.com/?pc=ZUGO&form=ZGAPHP
    IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0



    IE - HKU\S-1-5-21-1541862459-1528780420-2752171513-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.toshibadirect.com/dpdstart
    IE - HKU\S-1-5-21-1541862459-1528780420-2752171513-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.toshibadirect.com/dpdstart
    IE - HKU\S-1-5-21-1541862459-1528780420-2752171513-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

    ========== FireFox ==========

    FF - prefs.js..browser.search.useDBForOrder: true
    FF - prefs.js..extensions.enabledItems: {82AF8DCA-6DE9-405D-BD5E-43525BDAD38A}:5.3.0.7280
    FF - prefs.js..network.proxy.type: 0


    FF - HKLM\software\mozilla\Mozilla Firefox 4.0.1\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2011/05/06 20:04:43 | 000,000,000 | ---D | M]
    FF - HKLM\software\mozilla\Mozilla Firefox 4.0.1\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2011/05/06 20:04:43 | 000,000,000 | ---D | M]

    [2011/01/18 21:46:36 | 000,000,000 | ---D | M] (No name found) -- C:\Users\thomas\AppData\Roaming\Mozilla\Extensions
    [2010/06/28 02:58:20 | 000,000,000 | ---D | M] (No name found) -- C:\Users\thomas\AppData\Roaming\Mozilla\Extensions\mozswing@mozswing.org
    [2011/05/06 20:03:45 | 000,000,000 | ---D | M] (No name found) -- C:\Users\thomas\AppData\Roaming\Mozilla\Firefox\Profiles\b06iw1a1.default\extensions
    [2011/01/20 14:05:41 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Users\thomas\AppData\Roaming\Mozilla\Firefox\Profiles\b06iw1a1.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}
    [2011/05/01 18:17:06 | 000,000,000 | ---D | M] (WOT) -- C:\Users\thomas\AppData\Roaming\Mozilla\Firefox\Profiles\b06iw1a1.default\extensions\{a0d7ccb3-214d-498b-b4aa-0e8fda9a7bf7}
    [2011/02/18 11:11:22 | 000,002,306 | ---- | M] () -- C:\Users\thomas\AppData\Roaming\Mozilla\Firefox\Profiles\b06iw1a1.default\searchplugins\wot-safe-search.xml
    [2011/05/06 20:03:45 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions
    [2011/04/29 18:47:55 | 000,000,000 | ---D | M] (Skype extension) -- C:\Program Files\Mozilla Firefox\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A}
    File not found (No name found) --
    [2011/05/06 20:04:33 | 000,142,296 | ---- | M] (Mozilla Foundation) -- C:\Program Files\Mozilla Firefox\components\browsercomps.dll
    [2010/11/12 19:53:06 | 000,472,808 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\Mozilla Firefox\plugins\npdeployJava1.dll
    [2011/05/06 20:04:38 | 000,002,252 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\bing.xml.old

    Hosts file not found
    O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - No CLSID value found.
    O2 - BHO: (Search Toolbar) - {9D425283-D487-4337-BAB6-AB8354A81457} - C:\Program Files\Search Toolbar\SearchToolbar.dll ()
    O2 - BHO: (Skype Plug-In) - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
    O2 - BHO: (Office Document Cache Handler) - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files\Microsoft Office10\Office14\URLREDIR.DLL (Microsoft Corporation)
    O3 - HKLM\..\Toolbar: (Search Toolbar) - {9D425283-D487-4337-BAB6-AB8354A81457} - C:\Program Files\Search Toolbar\SearchToolbar.dll ()
    O3 - HKU\.DEFAULT\..\Toolbar\WebBrowser: (Search Toolbar) - {9D425283-D487-4337-BAB6-AB8354A81457} - C:\Program Files\Search Toolbar\SearchToolbar.dll ()
    O3 - HKU\S-1-5-18\..\Toolbar\WebBrowser: (Search Toolbar) - {9D425283-D487-4337-BAB6-AB8354A81457} - C:\Program Files\Search Toolbar\SearchToolbar.dll ()
    O4 - HKLM..\Run: [AdobeAAMUpdater-1.0] C:\Program Files\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe (Adobe Systems Incorporated)
    O4 - HKLM..\Run: [avgnt] C:\Program Files\Avira\AntiVir Desktop\avgnt.exe (Avira GmbH)
    O4 - HKLM..\Run: [BambooCore] C:\Program Files\Bamboo Dock\BambooCore.exe ()
    O4 - HKLM..\Run: [BCSSync] C:\Program Files\Microsoft Office10\Office14\BCSSync.exe (Microsoft Corporation)
    O4 - HKLM..\Run: [Camera Assistant Software] C:\Program Files\Camera Assistant Software for Toshiba\traybar.exe (Chicony)
    O4 - HKLM..\Run: [NDSTray.exe] File not found
    O4 - HKLM..\Run: [PWRISOVM.EXE] C:\Program Files\PowerISO\PWRISOVM.EXE (PowerISO Computing, Inc.)
    O4 - HKLM..\Run: [RtHDVCpl] C:\Windows\RtHDVCpl.exe (Realtek Semiconductor)
    O4 - HKLM..\Run: [TkBellExe] C:\Program Files\Common Files\Real\Update_OB\realsched.exe (RealNetworks, Inc.)
    O4 - HKU\.DEFAULT..\Run: [SUPERAntiSpyware] File not found
    O4 - HKU\S-1-5-18..\Run: [SUPERAntiSpyware] File not found
    O4 - HKU\S-1-5-21-1541862459-1528780420-2752171513-1000..\Run: [Bamboo Dock] C:\Program Files\Bamboo Dock\Bamboo Dock\Bamboo Dock.exe ()
    O4 - HKU\S-1-5-21-1541862459-1528780420-2752171513-1000..\Run: [Messenger (Yahoo!)] C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe (Yahoo! Inc.)
    O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Main present
    O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
    O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
    O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLUA = 0
    O7 - HKU\.DEFAULT\Software\Policies\Microsoft\Internet Explorer\Control Panel present
    O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: ClassicShell = 0
    O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
    O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableProfileQuota = 1
    O7 - HKU\S-1-5-18\Software\Policies\Microsoft\Internet Explorer\Control Panel present
    O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: ClassicShell = 0
    O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
    O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableProfileQuota = 1
    O7 - HKU\S-1-5-19\Software\Policies\Microsoft\Internet Explorer\Control Panel present
    O7 - HKU\S-1-5-20\Software\Policies\Microsoft\Internet Explorer\Control Panel present
    O7 - HKU\S-1-5-21-1541862459-1528780420-2752171513-1000\Software\Policies\Microsoft\Internet Explorer\Control Panel present
    O7 - HKU\S-1-5-21-1541862459-1528780420-2752171513-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
    O8 - Extra context menu item: Add to Google Photos Screensa&ver - C:\Windows\System32\GPhotos.scr (Google Inc.)
    O8 - Extra context menu item: E&xport to Microsoft Excel - C:\Program Files\Microsoft Office10\Office14\EXCEL.EXE (Microsoft Corporation)
    O8 - Extra context menu item: Se&nd to OneNote - C:\Program Files\Microsoft Office10\Office14\ONBttnIE.dll (Microsoft Corporation)
    O9 - Extra 'Tools' menuitem : Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - Reg Error: Key error. File not found
    O9 - Extra Button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office10\Office14\ONBttnIE.dll (Microsoft Corporation)
    O9 - Extra 'Tools' menuitem : Se&nd to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office10\Office14\ONBttnIE.dll (Microsoft Corporation)
    O9 - Extra Button: OneNote Lin&ked Notes - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files\Microsoft Office10\Office14\ONBttnIELinkedNotes.dll (Microsoft Corporation)
    O9 - Extra 'Tools' menuitem : OneNote Lin&ked Notes - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files\Microsoft Office10\Office14\ONBttnIELinkedNotes.dll (Microsoft Corporation)
    O9 - Extra Button: Skype Plug-In - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
    O9 - Extra 'Tools' menuitem : Skype Plug-In - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
    O10 - NameSpace_Catalog5\Catalog_Entries\000000000007 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
    O16 - DPF: {0CCA191D-13A6-4E29-B746-314DEE697D83} http://upload.facebook.com/controls/2008.10.10_v5.5.8/FacebookPhotoUploader5.cab (Facebook Photo Uploader 5 Control)
    O16 - DPF: {19F91908-F9CD-4876-9EAE-AD6F4C6BAB59} http://www.sunzio.com/global/SunFolderAx.cab (SunFolderElevator Control)
    O16 - DPF: {233C1507-6A77-46A4-9443-F871F945D258} http://download.macromedia.com/pub/shockwave/cabs/director/sw.cab (Shockwave ActiveX Control)
    O16 - DPF: {4871A87A-BFDD-4106-8153-FFDE2BAC2967} http://dlm.tools.akamai.com/dlmanager/versions/activex/dlm-activex-2.2.5.7.cab (DLM Control)
    O16 - DPF: {48DD0448-9209-4F81-9F6D-D83562940134} http://lads.myspace.com/upload/MySpaceUploader1006.cab (MySpace Uploader Control)
    O16 - DPF: {8100D56A-5661-482C-BEE8-AFECE305D968} http://upload.facebook.com/controls/2009.07.28_v5.5.8.1/FacebookPhotoUploader55.cab (Facebook Photo Uploader 5 Control)
    O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cab (Java Plug-in 1.6.0_24)
    O16 - DPF: {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cab (Java Plug-in 1.6.0_24)
    O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cab (Reg Error: Key error.)
    O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.10.1
    O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll (Skype Technologies)
    O18 - Protocol\Handler\skype-ie-addon-data {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
    O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
    O24 - Desktop WallPaper: C:\Users\thomas\AppData\Roaming\Microsoft\Windows Photo Gallery\Windows Photo Gallery Wallpaper.jpg
    O24 - Desktop BackupWallPaper: C:\Users\thomas\AppData\Roaming\Microsoft\Windows Photo Gallery\Windows Photo Gallery Wallpaper.jpg
    O32 - HKLM CDRom: AutoRun - 1
    O32 - AutoRun File - [2006/09/18 16:43:36 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
    O34 - HKLM BootExecute: (autocheck autochk *) - File not found
    O35 - HKLM\..comfile [open] -- "%1" %*
    O35 - HKLM\..exefile [open] -- "%1" %*
    O37 - HKLM\...com [@ = comfile] -- "%1" %*
    O37 - HKLM\...exe [@ = exefile] -- "%1" %*

    NetSvcs: FastUserSwitchingCompatibility - File not found
    NetSvcs: Ias - File not found
    NetSvcs: Nla - File not found
    NetSvcs: Ntmssvc - File not found
    NetSvcs: NWCWorkstation - File not found
    NetSvcs: Nwsapagent - File not found
    NetSvcs: SRService - File not found
    NetSvcs: WmdmPmSp - File not found
    NetSvcs: LogonHours - File not found
    NetSvcs: PCAudit - File not found
    NetSvcs: helpsvc - File not found
    NetSvcs: uploadmgr - File not found

    Drivers32: MSVideo8 - C:\Windows\System32\vfwwdm32.dll (Microsoft Corporation)
    Drivers32: vidc.cvid - C:\Windows\System32\iccvid.dll (Radius Inc.)
    Drivers32: vidc.DIVX - C:\Windows\System32\DivX.dll (DivX, Inc.)
    Drivers32: vidc.XVID - C:\Windows\System32\xvidvfw.dll ()
    Drivers32: vidc.yv12 - C:\Windows\System32\DivX.dll (DivX, Inc.)

    CREATERESTOREPOINT
    Restore point Set: OTL Restore Point

    ========== Files/Folders - Created Within 30 Days ==========

    [2011/05/29 14:40:55 | 000,000,000 | --SD | C] -- C:\broni7004b
    [2011/05/29 14:40:09 | 000,000,000 | --SD | C] -- C:\broni31613b
    [2011/05/29 14:21:45 | 000,000,000 | --SD | C] -- C:\broni7795b
    [2011/05/29 14:21:03 | 000,000,000 | --SD | C] -- C:\broni
    [2011/05/29 14:19:22 | 004,296,655 | R--- | C] (Swearware) -- C:\Users\thomas\Desktop\broni.exe
    [2011/05/28 16:33:32 | 000,000,000 | --SD | C] -- C:\ComboFix
    [2011/05/27 22:33:42 | 000,161,792 | ---- | C] (SteelWerX) -- C:\Windows\SWREG.exe
    [2011/05/27 22:33:42 | 000,136,704 | ---- | C] (SteelWerX) -- C:\Windows\SWSC.exe
    [2011/05/27 22:33:42 | 000,031,232 | ---- | C] (NirSoft) -- C:\Windows\NIRCMD.exe
    [2011/05/27 22:33:19 | 000,000,000 | ---D | C] -- C:\Qoobox
    [2011/05/25 23:48:04 | 000,000,000 | ---D | C] -- C:\Program Files\Search Toolbar
    [2011/05/18 19:05:37 | 000,000,000 | ---D | C] -- C:\ProgramData\Real
    [2009/08/01 22:30:11 | 001,654,869 | ---- | C] (Dynu Systems Inc.) -- C:\ProgramData\DynuEncrypt.dll
    [3 C:\Windows\System32\*.tmp files -> C:\Windows\System32\*.tmp -> ]
    [1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]

    ========== Files - Modified Within 30 Days ==========

    [2011/05/29 19:15:08 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
    [2011/05/29 14:45:38 | 000,003,616 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
    [2011/05/29 14:45:38 | 000,003,616 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
    [2011/05/29 14:45:23 | 1876,783,104 | -HS- | M] () -- C:\hiberfil.sys
    [2011/05/29 14:21:24 | 004,296,655 | R--- | M] (Swearware) -- C:\Users\thomas\Desktop\broni.exe
    [2011/05/27 06:47:30 | 000,000,909 | ---- | M] () -- C:\Users\thomas\Application Data\Microsoft\Internet Explorer\Quick Launch\Windows Media Player.lnk
    [2011/05/23 23:18:01 | 000,083,456 | ---- | M] () -- C:\Users\thomas\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
    [2011/05/11 22:54:29 | 000,643,046 | ---- | M] () -- C:\Windows\System32\perfh009.dat
    [2011/05/11 22:54:29 | 000,119,206 | ---- | M] () -- C:\Windows\System32\perfc009.dat
    [2011/05/11 14:12:53 | 000,000,877 | ---- | M] () -- C:\Users\Public\Desktop\Bamboo Dock.lnk
    [2011/05/07 22:05:15 | 000,002,337 | ---- | M] () -- C:\Users\Public\Desktop\Skype.lnk
    [2011/05/02 13:31:30 | 000,040,934 | ---- | M] () -- C:\Users\thomas\Documents\cc_20110502_133118.reg
    [3 C:\Windows\System32\*.tmp files -> C:\Windows\System32\*.tmp -> ]
    [1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]

    ========== Files Created - No Company Name ==========

    [2011/05/29 14:45:23 | 1876,783,104 | -HS- | C] () -- C:\hiberfil.sys
    [2011/05/27 22:33:42 | 000,256,512 | ---- | C] () -- C:\Windows\PEV.exe
    [2011/05/27 22:33:42 | 000,098,816 | ---- | C] () -- C:\Windows\sed.exe
    [2011/05/27 22:33:42 | 000,089,088 | ---- | C] () -- C:\Windows\MBR.exe
    [2011/05/27 22:33:42 | 000,080,412 | ---- | C] () -- C:\Windows\grep.exe
    [2011/05/27 22:33:42 | 000,068,096 | ---- | C] () -- C:\Windows\zip.exe
    [2011/05/27 06:47:30 | 000,000,909 | ---- | C] () -- C:\Users\thomas\Application Data\Microsoft\Internet Explorer\Quick Launch\Windows Media Player.lnk
    [2011/05/11 14:12:53 | 000,000,889 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Bamboo Dock
    [2011/05/06 20:04:45 | 000,000,829 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mozilla Firefox.lnk
    [2011/05/02 13:31:22 | 000,040,934 | ---- | C] () -- C:\Users\thomas\Documents\cc_20110502_133118.reg
    [2011/04/29 18:53:31 | 000,000,056 | -H-- | C] () -- C:\Windows\System32\ezsidmv.dat
    [2011/03/27 16:31:05 | 000,108,032 | ---- | C] () -- C:\Windows\System32\OpenAL32.dll
    [2010/11/19 06:01:06 | 000,000,067 | ---- | C] () -- C:\Windows\swf2avi.INI
    [2010/11/19 06:01:00 | 000,758,018 | ---- | C] () -- C:\Windows\System32\xvidcore.dll
    [2010/11/19 06:01:00 | 000,180,224 | ---- | C] () -- C:\Windows\System32\xvidvfw.dll
    [2010/11/14 03:32:54 | 002,463,976 | ---- | C] () -- C:\Windows\System32\NPSWF32.dll
    [2010/09/16 00:24:01 | 000,000,000 | ---- | C] () -- C:\Windows\ToDisc.INI
    [2010/08/23 18:35:42 | 000,353,280 | ---- | C] () -- C:\Windows\System32\pythoncom27.dll
    [2010/08/23 18:35:42 | 000,109,568 | ---- | C] () -- C:\Windows\System32\pywintypes27.dll
    [2010/07/30 21:46:23 | 000,053,248 | ---- | C] () -- C:\Windows\System32\CommonDL.dll
    [2010/07/30 21:46:23 | 000,002,413 | ---- | C] () -- C:\Windows\System32\lgAxconfig.ini
    [2009/11/17 01:59:11 | 000,000,218 | ---- | C] () -- C:\Windows\wininit.ini
    [2009/04/27 16:45:16 | 000,001,356 | ---- | C] () -- C:\Users\thomas\AppData\Local\d3d9caps.dat
    [2009/03/13 21:20:18 | 000,000,023 | ---- | C] () -- C:\Windows\ODBCINST.INI
    [2009/03/13 19:45:25 | 000,053,248 | ---- | C] () -- C:\Windows\System32\zlib.dll
    [2009/01/30 18:16:52 | 000,000,376 | ---- | C] () -- C:\Windows\ODBC.INI
    [2009/01/18 16:32:24 | 000,000,000 | ---- | C] () -- C:\Windows\nsreg.dat
    [2008/09/15 19:14:24 | 003,596,288 | ---- | C] () -- C:\Windows\System32\qt-dx331.dll
    [2008/09/15 19:11:10 | 000,012,288 | ---- | C] () -- C:\Windows\System32\DivXWMPExtType.dll
    [2008/08/31 19:25:05 | 000,065,536 | ---- | C] () -- C:\Windows\IFinst27.exe
    [2008/08/29 14:54:44 | 000,083,456 | ---- | C] () -- C:\Users\thomas\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
    [2008/08/23 19:18:40 | 000,106,605 | ---- | C] () -- C:\Windows\System32\StructuredQuerySchema.bin
    [2008/08/23 19:18:40 | 000,018,904 | ---- | C] () -- C:\Windows\System32\StructuredQuerySchemaTrivial.bin
    [2008/08/23 18:23:51 | 000,000,014 | RHS- | C] () -- C:\Windows\System32\drivers\fbd.sys
    [2008/08/23 18:23:50 | 000,000,004 | RHS- | C] () -- C:\Windows\System32\drivers\taishop.sys
    [2008/07/27 00:48:39 | 000,000,000 | ---- | C] () -- C:\Windows\ativpsrm.bin
    [2008/07/27 00:42:39 | 000,128,113 | ---- | C] () -- C:\Windows\System32\csellang.ini
    [2008/07/27 00:42:39 | 000,045,056 | ---- | C] () -- C:\Windows\System32\csellang.dll
    [2008/07/27 00:42:39 | 000,010,150 | ---- | C] () -- C:\Windows\System32\tosmreg.ini
    [2008/07/27 00:42:39 | 000,007,671 | ---- | C] () -- C:\Windows\System32\cseltbl.ini
    [2008/05/05 13:41:42 | 000,000,000 | ---- | C] () -- C:\Windows\NDSTray.INI
    [2008/05/05 04:49:37 | 000,257,053 | ---- | C] () -- C:\Windows\WOLSET.exe
    [2008/05/05 04:49:37 | 000,157,040 | ---- | C] () -- C:\Windows\fdbpinger.exe
    [2008/04/24 20:43:50 | 000,057,344 | ---- | C] () -- C:\Windows\System32\SmartFaceVCapt.dll
    [2008/04/24 20:42:44 | 000,479,232 | ---- | C] () -- C:\Windows\System32\SmartFaceVCP.dll
    [2008/04/24 20:25:46 | 006,701,056 | ---- | C] () -- C:\Windows\System32\FaceHI.dll
    [2008/04/24 20:25:46 | 000,995,328 | ---- | C] () -- C:\Windows\System32\FaceRec.dll
    [2008/04/24 20:25:46 | 000,126,976 | ---- | C] () -- C:\Windows\System32\SmartFaceVCtrl.dll
    [2008/04/24 20:23:58 | 000,094,208 | ---- | C] () -- C:\Windows\System32\IppLib.dll
    [2008/04/23 00:05:08 | 000,159,744 | ---- | C] () -- C:\Windows\System32\atitmmxx.dll
    [2008/04/22 23:35:14 | 003,107,788 | ---- | C] () -- C:\Windows\System32\atiumdva.dat
    [2008/03/06 12:40:54 | 000,168,883 | ---- | C] () -- C:\Windows\System32\atiicdxx.dat
    [2008/03/04 21:02:00 | 000,090,112 | ---- | C] () -- C:\Windows\System32\atibrtmon.exe
    [2007/06/19 23:11:06 | 000,032,768 | ---- | C] () -- C:\Windows\System32\MD5.dll
    [2006/11/02 07:57:28 | 000,067,584 | --S- | C] () -- C:\Windows\bootstat.dat
    [2006/11/02 07:47:37 | 000,411,432 | ---- | C] () -- C:\Windows\System32\FNTCACHE.DAT
    [2006/11/02 07:35:32 | 000,005,632 | ---- | C] () -- C:\Windows\System32\sysprepMCE.dll
    [2006/11/02 05:33:01 | 000,643,046 | ---- | C] () -- C:\Windows\System32\perfh009.dat
    [2006/11/02 05:33:01 | 000,287,440 | ---- | C] () -- C:\Windows\System32\perfi009.dat
    [2006/11/02 05:33:01 | 000,119,206 | ---- | C] () -- C:\Windows\System32\perfc009.dat
    [2006/11/02 05:33:01 | 000,030,674 | ---- | C] () -- C:\Windows\System32\perfd009.dat
    [2006/11/02 05:23:21 | 000,215,943 | ---- | C] () -- C:\Windows\System32\dssec.dat
    [2006/11/02 03:58:30 | 000,043,131 | ---- | C] () -- C:\Windows\mib.bin
    [2006/11/02 03:19:00 | 000,000,741 | ---- | C] () -- C:\Windows\System32\NOISE.DAT
    [2006/11/02 02:40:29 | 000,013,750 | ---- | C] () -- C:\Windows\System32\pacerprf.ini
    [2006/11/02 02:25:31 | 000,673,088 | ---- | C] () -- C:\Windows\System32\mlang.dat
    [2006/03/09 11:58:00 | 001,060,424 | ---- | C] () -- C:\Windows\System32\WdfCoInstaller01000.dll
    [2003/01/07 10:05:08 | 000,002,695 | ---- | C] () -- C:\Windows\System32\OUTLPERF.INI

    ========== LOP Check ==========

    [2011/03/29 15:06:47 | 000,000,000 | ---D | M] -- C:\Users\thomas\AppData\Roaming\.minecraft
    [2009/03/03 15:05:58 | 000,000,000 | ---D | M] -- C:\Users\thomas\AppData\Roaming\acccore
    [2009/01/14 07:47:47 | 000,000,000 | ---D | M] -- C:\Users\thomas\AppData\Roaming\Aim
    [2009/11/19 23:42:47 | 000,000,000 | ---D | M] -- C:\Users\thomas\AppData\Roaming\Blitware
    [2010/11/15 17:07:04 | 000,000,000 | ---D | M] -- C:\Users\thomas\AppData\Roaming\chc.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1
    [2010/11/15 18:23:26 | 000,000,000 | ---D | M] -- C:\Users\thomas\AppData\Roaming\com.adobe.ExMan
    [2008/08/31 03:53:55 | 000,000,000 | ---D | M] -- C:\Users\thomas\AppData\Roaming\DNA
    [2011/02/27 16:42:06 | 000,000,000 | ---D | M] -- C:\Users\thomas\AppData\Roaming\DVDVideoSoft
    [2010/04/25 01:40:16 | 000,000,000 | ---D | M] -- C:\Users\thomas\AppData\Roaming\DVDVideoSoftIEHelpers
    [2011/02/09 22:57:22 | 000,000,000 | ---D | M] -- C:\Users\thomas\AppData\Roaming\Easeware
    [2010/12/18 10:39:17 | 000,000,000 | ---D | M] -- C:\Users\thomas\AppData\Roaming\GetRightToGo
    [2009/08/01 03:35:48 | 000,000,000 | ---D | M] -- C:\Users\thomas\AppData\Roaming\ijjigame
    [2009/04/01 21:21:10 | 000,000,000 | ---D | M] -- C:\Users\thomas\AppData\Roaming\iLike
    [2009/11/19 12:03:49 | 000,000,000 | ---D | M] -- C:\Users\thomas\AppData\Roaming\kgvisa
    [2011/01/05 07:30:46 | 000,000,000 | ---D | M] -- C:\Users\thomas\AppData\Roaming\LimeWire
    [2008/10/06 00:18:16 | 000,000,000 | ---D | M] -- C:\Users\thomas\AppData\Roaming\Memeo
    [2008/11/30 21:48:08 | 000,000,000 | ---D | M] -- C:\Users\thomas\AppData\Roaming\OpenOffice.org
    [2010/11/14 19:16:18 | 000,000,000 | ---D | M] -- C:\Users\thomas\AppData\Roaming\openspaceeditor.ECF9BB42B082DAD413B595721BDA1F54CBEDF132.1
    [2009/03/11 13:08:34 | 000,000,000 | ---D | M] -- C:\Users\thomas\AppData\Roaming\Publish Providers
    [2010/11/08 03:24:55 | 000,000,000 | ---D | M] -- C:\Users\thomas\AppData\Roaming\Replay Media Catcher 4
    [2008/12/23 01:58:55 | 000,000,000 | ---D | M] -- C:\Users\thomas\AppData\Roaming\ScummVM
    [2009/11/15 16:42:51 | 000,000,000 | ---D | M] -- C:\Users\thomas\AppData\Roaming\SmartPCTools
    [2009/11/11 17:41:20 | 000,000,000 | ---D | M] -- C:\Users\thomas\AppData\Roaming\Sony
    [2009/03/13 21:21:39 | 000,000,000 | ---D | M] -- C:\Users\thomas\AppData\Roaming\SQLyog
    [2009/03/17 01:49:50 | 000,000,000 | ---D | M] -- C:\Users\thomas\AppData\Roaming\Thinstall
    [2009/03/03 13:17:17 | 000,000,000 | ---D | M] -- C:\Users\thomas\AppData\Roaming\TOSHIBA
    [2011/05/26 00:28:40 | 000,000,000 | ---D | M] -- C:\Users\thomas\AppData\Roaming\uTorrent
    [2011/01/06 16:12:13 | 000,000,000 | ---D | M] -- C:\Users\thomas\AppData\Roaming\Wacom
    [2011/01/06 16:12:29 | 000,000,000 | ---D | M] -- C:\Users\thomas\AppData\Roaming\wacomid-desktop-launcher.DCFD4B89A63EE70BC162777F06D4B93B6397AEC7.1
    [2009/09/17 11:48:50 | 000,000,000 | ---D | M] -- C:\Users\thomas\AppData\Roaming\WildTangent
    [2008/09/03 09:10:55 | 000,000,000 | ---D | M] -- C:\Users\thomas\AppData\Roaming\WinBatch
    [2008/10/08 08:34:28 | 000,000,000 | ---D | M] -- C:\Users\thomas\AppData\Roaming\XemiComputers
    [2010/11/19 05:59:00 | 000,000,000 | ---D | M] -- C:\Users\thomas\AppData\Roaming\Xilisoft Corporation
    [2011/05/29 14:31:22 | 000,032,586 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT

    ========== Purity Check ==========



    ========== Custom Scans ==========


    < %SYSTEMDRIVE%\*.* >
    [2009/03/18 13:10:36 | 000,000,000 | ---- | M] () -- C:\(null)
    [2006/09/18 16:43:36 | 000,000,024 | ---- | M] () -- C:\autoexec.bat
    [2008/01/20 21:24:42 | 000,333,203 | RHS- | M] () -- C:\bootmgr
    [2008/05/05 04:49:23 | 000,008,192 | R-S- | M] () -- C:\BOOTSECT.BAK
    [2011/02/09 22:10:09 | 000,001,224 | ---- | M] () -- C:\CF-Submit.htm
    [2006/09/18 16:43:37 | 000,000,010 | ---- | M] () -- C:\config.sys
    [2011/05/29 14:45:23 | 1876,783,104 | -HS- | M] () -- C:\hiberfil.sys
    [2008/10/03 20:46:45 | 000,000,000 | RHS- | M] () -- C:\IO.SYS
    [2011/02/14 13:09:44 | 000,001,098 | -H-- | M] () -- C:\IPH.PH
    [2011/03/25 11:29:46 | 000,103,713 | ---- | M] () -- C:\JavaRa.log
    [2008/10/03 20:46:45 | 000,000,000 | RHS- | M] () -- C:\MSDOS.SYS
    [2011/05/29 14:45:21 | 2190,577,664 | -HS- | M] () -- C:\pagefile.sys
    [2011/05/29 14:39:30 | 000,000,437 | ---- | M] () -- C:\rkill.log
    [2011/05/27 06:45:03 | 000,063,486 | ---- | M] () -- C:\TDSSKiller.2.5.3.0_27.05.2011_06.43.53_log.txt
    [2005/01/25 09:52:28 | 001,089,264 | ---- | M] (Microsoft Corporation) -- C:\WindowsXP-KB893048-x86-ENU.exe
    [2005/01/25 09:50:54 | 000,929,520 | ---- | M] (Microsoft Corporation) -- C:\WindowsXP-KB893048-x86-Symbols-ENU.exe

    < %systemroot%\Fonts\*.com >
    [2006/11/02 07:37:12 | 000,026,040 | ---- | M] () -- C:\Windows\Fonts\GlobalMonospace.CompositeFont
    [2006/11/02 07:37:12 | 000,026,489 | ---- | M] () -- C:\Windows\Fonts\GlobalSansSerif.CompositeFont
    [2006/11/02 07:37:12 | 000,029,779 | ---- | M] () -- C:\Windows\Fonts\GlobalSerif.CompositeFont
    [2006/11/02 07:37:12 | 000,030,808 | ---- | M] () -- C:\Windows\Fonts\GlobalUserInterface.CompositeFont

    < %systemroot%\Fonts\*.dll >

    < %systemroot%\Fonts\*.ini >
    [2006/09/18 16:37:34 | 000,000,065 | ---- | M] () -- C:\Windows\Fonts\desktop.ini

    < %systemroot%\Fonts\*.ini2 >

    < %systemroot%\Fonts\*.exe >

    < %systemroot%\system32\spool\prtprocs\w32x86\*.* >
    [2006/11/02 07:35:48 | 000,022,528 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\spool\prtprocs\w32x86\jnwppr.dll
    [2006/10/26 19:56:12 | 000,033,104 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\spool\prtprocs\w32x86\msonpppr.dll

    < %systemroot%\REPAIR\*.bak1 >

    < %systemroot%\REPAIR\*.ini >

    < %systemroot%\system32\*.jpg >

    < %systemroot%\*.jpg >

    < %systemroot%\*.png >

    < %systemroot%\*.scr >

    < %systemroot%\*._sy >

    < %APPDATA%\Adobe\Update\*.* >

    < %ALLUSERSPROFILE%\Favorites\*.* >

    < %APPDATA%\Microsoft\*.* >

    < %PROGRAMFILES%\*.* >
    [2008/01/20 21:43:21 | 000,000,174 | -HS- | M] () -- C:\Program Files\desktop.ini

    < %APPDATA%\Update\*.* >

    < %systemroot%\*. /mp /s >

    < %systemroot%\System32\config\*.sav >
    [2008/05/05 04:49:12 | 012,820,480 | ---- | M] () -- C:\Windows\System32\config\COMPONENTS.SAV
    [2008/05/05 04:49:07 | 000,106,496 | ---- | M] () -- C:\Windows\System32\config\DEFAULT.SAV
    [2008/05/05 04:49:12 | 000,020,480 | ---- | M] () -- C:\Windows\System32\config\SECURITY.SAV
    [2008/05/05 04:49:18 | 017,186,816 | ---- | M] () -- C:\Windows\System32\config\SOFTWARE.SAV
    [2008/05/05 04:49:20 | 006,635,520 | ---- | M] () -- C:\Windows\System32\config\SYSTEM.SAV

    < %PROGRAMFILES%\bak. /s >

    < %systemroot%\system32\bak. /s >

    < %ALLUSERSPROFILE%\Start Menu\*.lnk /x >

    < %systemroot%\system32\config\systemprofile\*.dat /x >

    < %systemroot%\*.config >

    < %systemroot%\system32\*.db >

    < %APPDATA%\Microsoft\Internet Explorer\Quick Launch\*.lnk /x >
    [2011/05/27 06:47:31 | 000,000,286 | -HS- | M] () -- C:\Users\thomas\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\desktop.ini

    < %USERPROFILE%\Desktop\*.exe >
    [2011/05/29 14:21:24 | 004,296,655 | R--- | M] (Swearware) -- C:\Users\thomas\Desktop\broni.exe

    < %PROGRAMFILES%\Common Files\*.* >

    < %systemroot%\*.src >

    < %systemroot%\install\*.* >

    < %systemroot%\system32\DLL\*.* >

    < %systemroot%\system32\HelpFiles\*.* >

    < %systemroot%\system32\rundll\*.* >

    < %systemroot%\winn32\*.* >

    < %systemroot%\Java\*.* >

    < %systemroot%\system32\test\*.* >

    < %systemroot%\system32\Rundll32\*.* >

    < %systemroot%\AppPatch\Custom\*.* >

    < %APPDATA%\Roaming\Microsoft\Windows\Recent\*.lnk /x >

    < %PROGRAMFILES%\PC-Doctor\Downloads\*.* >

    < %PROGRAMFILES%\Internet Explorer\*.tmp >

    < %PROGRAMFILES%\Internet Explorer\*.dat >

    < %USERPROFILE%\My Documents\*.exe >

    < %USERPROFILE%\*.exe >

    < %systemroot%\ADDINS\*.* >

    < %systemroot%\assembly\*.bak2 >

    < %systemroot%\Config\*.* >

    < %systemroot%\REPAIR\*.bak2 >

    < %systemroot%\SECURITY\Database\*.sdb /x >
    [2008/07/26 23:53:08 | 000,008,192 | ---- | M] () -- C:\Windows\security\database\edb.chk
    [2008/07/26 23:52:38 | 001,048,576 | ---- | M] () -- C:\Windows\security\database\edb.log
    [2008/07/26 23:52:38 | 001,048,576 | ---- | M] () -- C:\Windows\security\database\edbres00001.jrs
    [2008/07/26 23:52:38 | 001,048,576 | ---- | M] () -- C:\Windows\security\database\edbres00002.jrs
    [2008/07/26 23:52:38 | 001,048,576 | ---- | M] () -- C:\Windows\security\database\edbtmp.log
    [2008/07/26 23:52:38 | 001,056,768 | ---- | M] () -- C:\Windows\security\database\tmp.edb

    < %systemroot%\SYSTEM\*.bak2 >

    < %systemroot%\Web\*.bak2 >

    < %systemroot%\Driver Cache\*.* >

    < %PROGRAMFILES%\Mozilla Firefox\0*.exe >

    < %ProgramFiles%\Microsoft Common\*.* >

    < %ProgramFiles%\TinyProxy. >

    < %USERPROFILE%\Favorites\*.url /x >
    [2008/08/23 18:24:07 | 000,000,402 | -HS- | M] () -- C:\Users\thomas\Favorites\desktop.ini
    [2009/02/25 11:11:08 | 000,000,452 | ---- | M] () -- C:\Users\thomas\Favorites\NCH Audio and Telephony Software.lnk
    [2009/03/10 15:28:52 | 000,000,508 | ---- | M] () -- C:\Users\thomas\Favorites\NCH Software Download.lnk

    < %systemroot%\system32\*.bk >

    < %systemroot%\*.te >

    < %systemroot%\system32\system32\*.* >

    < %ALLUSERSPROFILE%\*.dat /x >
    [2008/04/30 21:28:08 | 001,654,869 | ---- | M] (Dynu Systems Inc.) -- C:\ProgramData\DynuEncrypt.dll

    < %systemroot%\system32\drivers\*.rmv >

    < dir /b "%systemroot%\system32\*.exe" | find /i " " /c >

    < dir /b "%systemroot%\*.exe" | find /i " " /c >

    < %PROGRAMFILES%\Microsoft\*.* >

    < %systemroot%\System32\Wbem\proquota.exe >

    < %PROGRAMFILES%\Mozilla Firefox\*.dat >

    < %USERPROFILE%\Cookies\*.txt /x >

    < %SystemRoot%\system32\fonts\*.* >

    < %systemroot%\system32\winlog\*.* >

    < %systemroot%\system32\Language\*.* >

    < %systemroot%\system32\Settings\*.* >

    < %systemroot%\system32\*.quo >

    < %SYSTEMROOT%\AppPatch\*.exe >

    < %SYSTEMROOT%\inf\*.exe >

    < %SYSTEMROOT%\Installer\*.exe >

    < %systemroot%\system32\config\*.bak2 >

    < %systemroot%\system32\Computers\*.* >

    < %SystemRoot%\system32\Sound\*.* >

    < %SystemRoot%\system32\SpecialImg\*.* >

    < %SystemRoot%\system32\code\*.* >

    < %SystemRoot%\system32\draft\*.* >

    < %SystemRoot%\system32\MSSSys\*.* >

    < %ProgramFiles%\Javascript\*.* >

    < %systemroot%\pchealth\helpctr\System\*.exe /s >

    < %systemroot%\Web\*.exe >

    < %systemroot%\system32\msn\*.* >

    < %systemroot%\system32\*.tro >

    < %AppData%\Microsoft\Installer\msupdates\*.* >

    < %ProgramFiles%\Messenger\*.* >

    < %systemroot%\system32\systhem32\*.* >

    < %systemroot%\system\*.exe >

    < HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate\AU >

    < HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\ Auto Update\Results\Install|LastSuccessTime /rs >


    < End of report >
  14. Shambo9

    Shambo9 Newcomer, in training Topic Starter Posts: 113

    Extras

    OTL Extras logfile created on: 5/29/2011 7:26:11 PM - Run 1
    OTL by OldTimer - Version 3.2.23.0 Folder = C:\Users\thomas\Downloads
    Windows Vista Home Premium Edition Service Pack 1 (Version = 6.0.6001) - Type = NTWorkstation
    Internet Explorer (Version = 7.0.6001.18000)
    Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

    1.75 Gb Total Physical Memory | 0.49 Gb Available Physical Memory | 28.01% Memory free
    3.74 Gb Paging File | 2.17 Gb Available in Paging File | 58.12% Paging File free
    Paging file location(s): ?:\pagefile.sys [binary data]

    %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
    Drive C: | 231.42 Gb Total Space | 77.32 Gb Free Space | 33.41% Space Free | Partition Type: NTFS

    Computer Name: THOMAS-PC | User Name: thomas | Logged in as Administrator.
    Boot Mode: Normal | Scan Mode: All users | Quick Scan
    Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

    ========== Extra Registry (SafeList) ==========


    ========== File Associations ==========

    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
    .cpl [@ = cplfile] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*
    .hlp [@ = hlpfile] -- C:\Windows\winhlp32.exe (Microsoft Corporation)
    .url [@ = InternetShortcut] -- rundll32.exe ieframe.dll,OpenURL %l

    [HKEY_USERS\.DEFAULT\SOFTWARE\Classes\<extension>]
    .html [@ = FirefoxHTML] -- C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation)

    [HKEY_USERS\S-1-5-18\SOFTWARE\Classes\<extension>]
    .html [@ = FirefoxHTML] -- C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation)

    [HKEY_USERS\S-1-5-21-1541862459-1528780420-2752171513-1000\SOFTWARE\Classes\<extension>]
    .html [@ = htmlfile] -- Reg Error: Key error. File not found

    ========== Shell Spawning ==========

    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
    batfile [open] -- "%1" %*
    cmdfile [open] -- "%1" %*
    comfile [open] -- "%1" %*
    cplfile [cplopen] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*
    exefile [open] -- "%1" %*
    helpfile [open] -- Reg Error: Key error.
    hlpfile [open] -- %SystemRoot%\winhlp32.exe %1 (Microsoft Corporation)
    htmlfile [edit] -- "C:\Program Files\Microsoft Office10\Office14\msohtmed.exe" %1 (Microsoft Corporation)
    htmlfile [print] -- "C:\Program Files\Microsoft Office10\Office14\msohtmed.exe" /p %1 (Microsoft Corporation)
    InternetShortcut [open] -- rundll32.exe ieframe.dll,OpenURL %l
    piffile [open] -- "%1" %*
    regfile [merge] -- Reg Error: Key error.
    scrfile [config] -- "%1"
    scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
    scrfile [open] -- "%1" /S
    txtfile [edit] -- Reg Error: Key error.
    Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
    Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
    Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
    Folder [open] -- %SystemRoot%\Explorer.exe /separate,/idlist,%I,%L (Microsoft Corporation)
    Folder [explore] -- %SystemRoot%\Explorer.exe /separate,/e,/idlist,%I,%L (Microsoft Corporation)
    Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

    ========== Security Center Settings ==========

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
    "cval" = 1
    "FirewallDisableNotify" = 0
    "AntiVirusDisableNotify" = 0
    "AntiVirusOverride" = 0
    "FirewallOverride" = 0
    "FirstRunDisabled" = 
    "UpdatesDisableNotify" = 0

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
    "AntiVirusOverride" = 0
    "AntiSpywareOverride" = 0
    "FirewallOverride" = 0
    "VistaSp1" = Reg Error: Unknown registry data type -- File not found

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\S-1-5-21-1541862459-1528780420-2752171513-1000]
    "EnableNotifications" = 1
    "EnableNotificationsRef" = 2

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]

    ========== System Restore Settings ==========

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]
    "DisableSR" = 0

    ========== Firewall Settings ==========

    [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\StandardProfile]

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
    "EnableFirewall" = 1
    "DisableNotifications" = 0

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
    "EnableFirewall" = 0
    "DisableNotifications" = 0

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
    "EnableFirewall" = 1
    "DisableNotifications" = 0

    ========== Authorized Applications List ==========

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
    "C:\TOSHIBA\ivp\NetInt\Netint.exe" = C:\TOSHIBA\ivp\NetInt\Netint.exe:*:Enabled:NIE - Toshiba Software Upgrades Engine -- (TOSHIBA Corporation)
    "C:\TOSHIBA\Ivp\ISM\pinger.exe" = C:\TOSHIBA\Ivp\ISM\pinger.exe:*:Enabled:Toshiba Software Upgrades Pinger -- ()


    ========== Vista Active Open Ports Exception List ==========

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
    "{3BBE83FC-01BA-4BBD-87D0-EC94E3B55DF5}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=c:\windows\system32\svchost.exe |
    "{609D4A74-C119-4282-89DB-6534E085D2D7}" = lport=6004 | protocol=17 | dir=in | app=c:\program files\microsoft office10\office14\outlook.exe |
    "{A7D2F1F4-70D1-4686-8DB0-F9F2D55794D8}" = lport=2869 | protocol=6 | dir=in | app=system |
    "{AAF0A0DF-9CF0-4E9A-844A-6CF3B2488907}" = lport=6004 | protocol=17 | dir=in | app=c:\program files\microsoft office\office12\outlook.exe |
    "{B0C149AA-A5B4-498C-87E4-AF74383B4554}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=svchost.exe |
    "{E3A1139D-7567-45E2-8F5A-3F784950DFB0}" = lport=808 | protocol=6 | dir=in | svc=nettcpactivator | app=c:\windows\microsoft.net\framework\v4.0.30319\smsvchost.exe |

    ========== Vista Active Application Exception List ==========

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
    "{04A44790-EF9D-4EC4-BB08-E4F6F9C24BA9}" = protocol=6 | dir=in | app=c:\program files\aim6\aim6.exe |
    "{0F007363-3D16-4762-811D-BC160671F480}" = protocol=17 | dir=in | app=c:\program files\ventrilo\ventrilo.exe |
    "{0FB60A29-8321-4A26-B5E1-E22182053877}" = protocol=17 | dir=in | app=c:\program files\spyware doctor\pctstray .exe |
    "{120DD8D2-0467-4FA3-924B-374CB97CDF2A}" = protocol=17 | dir=in | app=c:\windows\system32\lsass.exe |
    "{1ABAB35F-9722-479B-8D47-6C88E60980E5}" = protocol=17 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe |
    "{1BC983FF-3678-4D43-A67A-67576E530844}" = protocol=6 | dir=in | app=c:\windows\system32\lsass.exe |
    "{1CDAC8F6-E302-4816-8312-E0B55943FE6D}" = protocol=17 | dir=in | app=c:\program files\yahoo!\messenger\yahoomessenger.exe |
    "{3392C815-644E-4D5B-A18F-57A8E1F62C97}" = dir=in | app=c:\program files\skype\phone\skype.exe |
    "{34F3B24A-8C64-45F7-9FA4-B0567B79DC32}" = protocol=17 | dir=in | app=c:\users\thomas\desktop\wowclient-downloader.exe |
    "{36B363A9-1000-4333-BEF4-BCB2012CB0F0}" = protocol=17 | dir=in | app=c:\windows\system32\logonui.exe |
    "{3813CE81-F045-4DFA-9B9C-FD39D62866F4}" = protocol=17 | dir=in | app=c:\program files\microsoft office10\office14\onenote.exe |
    "{385F4276-E9E6-4D49-972D-CEF4D7156F61}" = protocol=6 | dir=in | app=c:\program files\yahoo!\messenger\yahoomessenger.exe |
    "{38BEFB6D-546A-46F1-964E-385860BCA81B}" = dir=in | app=c:\program files\itunes\itunes.exe |
    "{3A2B9891-15E9-451E-817C-2C3D3A6D8123}" = protocol=17 | dir=in | app=c:\users\thomas\appdata\local\temp\7zs5b1c.tmp\symnrt.exe |
    "{3B9AA04C-ACE5-4776-B6E8-0B493579E978}" = protocol=17 | dir=in | app=c:\program files\microsoft office\office12\groove.exe |
    "{3F422EF0-293D-49B7-87B8-71A8A128FB25}" = protocol=6 | dir=in | app=c:\program files\spyware doctor\pctstray .exe |
    "{4782E357-EE4B-4F13-9809-45FE9B3C408D}" = protocol=17 | dir=in | app=c:\program files\utorrent\utorrent.exe |
    "{4C052DC1-74D9-4B43-A239-E516A90D3E8D}" = protocol=17 | dir=in | app=c:\program files\aim6\aim6.exe |
    "{4D97A194-6148-485D-8657-31C22E6D15C6}" = protocol=17 | dir=in | app=c:\windows\system32\winlogon.exe |
    "{4DAC69E2-F428-496A-B5FE-F7415298CF5C}" = protocol=17 | dir=in | app=c:\program files\microsoft office\office12\onenote.exe |
    "{526CDE4F-5DEE-429E-A749-B1B09103A133}" = protocol=17 | dir=in | app=c:\program files\common files\aol\loader\aolload.exe |
    "{530A5B13-4F6F-43BD-9817-F760F73D4295}" = protocol=6 | dir=in | app=c:\program files\common files\aol\loader\aolload.exe |
    "{5A601679-0095-4A5D-ACC8-59DBA91E5ADB}" = protocol=17 | dir=in | app=c:\program files\aim6\aim6.exe |
    "{5A62E6F1-80AC-4E8F-9685-8B6AB756ECAF}" = protocol=17 | dir=in | app=c:\windows\system32\lsass.exe |
    "{5C524042-BB42-4256-A386-9E2B83FF214D}" = protocol=6 | dir=in | app=c:\program files\common files\aol\loader\aolload.exe |
    "{6FC9A897-FB2A-4E34-AFF2-36333DBD81BA}" = protocol=6 | dir=in | app=c:\users\thomas\desktop\wowclient-downloader.exe |
    "{7D0AB4C5-5AC8-41D0-B3F6-215EC1340FED}" = protocol=17 | dir=in | app=c:\windows\system32\winlogon.exe |
    "{7E549194-8F13-47E1-82D8-4C0A66E696BC}" = protocol=6 | dir=in | app=c:\windows\system32\logonui.exe |
    "{82BBFB9B-30CB-4FFF-BBF0-38011320CE83}" = protocol=6 | dir=in | app=c:\program files\microsoft office\office12\groove.exe |
    "{877F609A-937E-47FD-B671-6FB58C6D34EC}" = protocol=6 | dir=in | app=c:\program files\limewire\limewire.exe |
    "{8BF3DF6E-01C7-4ABD-9E13-F991459A486C}" = protocol=6 | dir=in | app=c:\windows\system32\wininit.exe |
    "{91522BED-0E75-417E-AE25-3E4481A51D27}" = protocol=17 | dir=in | app=c:\program files\aim7\aim.exe |
    "{99E98170-FE37-4268-8E16-0C2A54FF21B5}" = protocol=6 | dir=in | app=c:\windows\system32\lsass.exe |
    "{9B0E3335-38A9-4291-AF96-5F112C90C1F0}" = protocol=17 | dir=in | app=c:\windows\system32\wininit.exe |
    "{A0FB0C9B-8D17-4F9A-B007-B5BCF1A7378A}" = protocol=6 | dir=in | app=c:\program files\aim6\aim6.exe |
    "{A31F977C-6F7E-4A3F-BD6A-B681CB3AFF32}" = protocol=17 | dir=in | app=c:\program files\common files\aol\loader\aolload.exe |
    "{A6823118-B592-4B34-AA56-5D3D3A3873A3}" = protocol=17 | dir=in | app=c:\windows\explorer.exe |
    "{A7925126-6C85-40D3-BC77-A9B3BEBCD8C4}" = protocol=6 | dir=in | app=c:\program files\ventrilo\ventrilo.exe |
    "{AF2F69A2-2D29-40B4-9C8C-E3920C819A93}" = dir=in | app=c:\program files\windows live\messenger\msnmsgr.exe |
    "{B1669C68-ED54-4A73-9425-788D4476552A}" = protocol=6 | dir=in | app=c:\program files\aim7\aim.exe |
    "{B2EBDB23-29BE-43CA-A0D6-91F9AD78B637}" = protocol=6 | dir=in | app=c:\program files\utorrent\utorrent.exe |
    "{B3131CD2-7D0F-42A3-9F8D-41EEB7C0D8FF}" = protocol=6 | dir=in | app=c:\windows\system32\wininit.exe |
    "{BDEAF536-685C-4185-85C2-5D8238DFC08D}" = protocol=17 | dir=in | app=c:\windows\system32\wininit.exe |
    "{C7BACA25-55AD-4932-98A5-BB7F0C3E5D96}" = protocol=6 | dir=in | app=c:\users\thomas\appdata\local\temp\7zs5b1c.tmp\symnrt.exe |
    "{CD106F2A-C3BB-4A7D-BC03-4AC6F5562D27}" = protocol=17 | dir=in | app=c:\windows\explorer.exe |
    "{D22267AA-83F5-425C-820A-E09F9570A64E}" = dir=in | app=c:\program files\pharossystems\core\ctskmstr.exe |
    "{D66DF269-B97E-4EEB-A175-476B12A36E66}" = protocol=6 | dir=in | app=c:\program files\skuldro\skuldro - patcher.exe |
    "{DA521D4B-A6CE-46EB-B650-9D24C62C5361}" = protocol=6 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe |
    "{DDC76AE8-CA0F-425F-8BA6-0C8CD2F3A230}" = protocol=6 | dir=in | app=c:\program files\microsoft office\office12\onenote.exe |
    "{E01844DE-772F-4D83-8936-A92312170A58}" = protocol=6 | dir=in | app=c:\windows\explorer.exe |
    "{E3467CDA-4433-47C9-A984-1FE23E955867}" = protocol=17 | dir=in | app=c:\program files\limewire\limewire.exe |
    "{E57830AC-8922-481C-972C-28F6B89EC7C6}" = protocol=17 | dir=in | app=c:\program files\skuldro\skuldro - patcher.exe |
    "{F32AE2B9-F015-4066-8C1E-1CB251532001}" = protocol=6 | dir=in | app=c:\program files\microsoft office10\office14\onenote.exe |
    "{F4D0AC37-149E-4AAC-942C-30BDB3B8AD13}" = protocol=6 | dir=in | app=c:\windows\explorer.exe |
    "{F506A85A-0E53-46EE-AA2D-2B340A47D64B}" = protocol=6 | dir=in | app=c:\windows\system32\winlogon.exe |
    "{F6CB88D7-C4EB-473A-BA2F-2F510D3B3EFB}" = protocol=6 | dir=in | app=c:\windows\system32\winlogon.exe |
    "{FA80CF7D-35BB-4BD1-AA0E-8B29A106C2A7}" = dir=in | app=c:\program files\windows live\messenger\wlcsdk.exe |
    "TCP Query User{15096ED7-4570-4F94-BC1B-9DBD2D3AD797}C:\program files\eclipse\server\server.exe" = protocol=6 | dir=in | app=c:\program files\eclipse\server\server.exe |
    "TCP Query User{25992A71-D10D-49B5-924D-8F209BC867F0}C:\program files\java\jre6\bin\javaw.exe" = protocol=6 | dir=in | app=c:\program files\java\jre6\bin\javaw.exe |
    "TCP Query User{32AE5D79-9BAB-4E3D-AC63-A7DA184B2257}C:\users\thomas\appdata\local\temp\plauncher.exe" = protocol=6 | dir=in | app=c:\users\thomas\appdata\local\temp\plauncher.exe |
    "TCP Query User{338CD7DA-CE38-4F8D-8852-71561A3D53A5}C:\windows\system32\javaw.exe" = protocol=6 | dir=in | app=c:\windows\system32\javaw.exe |
    "TCP Query User{3F1D8397-2A7D-4087-949A-7D1E661D4054}C:\program files\te\server\server.exe" = protocol=6 | dir=in | app=c:\program files\te\server\server.exe |
    "TCP Query User{4481514B-8B19-4418-BB29-CD04D9BFA18E}E:\qepwordpress\mysql\bin\mysqld.exe" = protocol=6 | dir=in | app=e:\qepwordpress\mysql\bin\mysqld.exe |
    "TCP Query User{49DFD06B-207E-4F9B-9EC1-6B4FFE7ED774}E:\xampplite\mysql\bin\mysqld.exe" = protocol=6 | dir=in | app=e:\xampplite\mysql\bin\mysqld.exe |
    "TCP Query User{5613C765-B088-4F7B-A65B-E8C7B1B62B4E}E:\qepwordpress\apache\bin\httpd.exe" = protocol=6 | dir=in | app=e:\qepwordpress\apache\bin\httpd.exe |
    "TCP Query User{576562DC-68A7-4C0B-B240-71BCDFC5BDC6}C:\program files\eclipse evolution 2.7\server\server.exe" = protocol=6 | dir=in | app=c:\program files\eclipse evolution 2.7\server\server.exe |
    "TCP Query User{67C9F12E-E186-43ED-A411-134D4D965EBD}C:\program files\yahoo!\messenger\yahoomessenger.exe" = protocol=6 | dir=in | app=c:\program files\yahoo!\messenger\yahoomessenger.exe |
    "TCP Query User{718B0229-03A2-4448-B433-C716B5094811}C:\program files\cyberstep\splash fighters\amped.exe" = protocol=6 | dir=in | app=c:\program files\cyberstep\splash fighters\amped.exe |
    "TCP Query User{76B63DBE-F31E-43C9-A30F-71BD05F76BC7}E:\xampplite\apache\bin\httpd.exe" = protocol=6 | dir=in | app=e:\xampplite\apache\bin\httpd.exe |
    "TCP Query User{95CE4435-3DE2-4850-8990-DDE90D6F3786}C:\arcadia\arcadia.exe" = protocol=6 | dir=in | app=c:\arcadia\arcadia.exe |
    "TCP Query User{97814C7A-629E-41AC-BFEB-7005EE4B09EF}C:\program files\internet explorer\iexplore.exe" = protocol=6 | dir=in | app=c:\program files\internet explorer\iexplore.exe |
    "TCP Query User{A104EE34-5807-469C-816D-FB9A67DAA00E}C:\program files\aim7\aim.exe" = protocol=6 | dir=in | app=c:\program files\aim7\aim.exe |
    "TCP Query User{C515EF17-858F-4CFE-80A1-BFAA92E66FDA}C:\program files\eclipse evolution 2.7\server\server.exe" = protocol=6 | dir=in | app=c:\program files\eclipse evolution 2.7\server\server.exe |
    "TCP Query User{E7F9BB85-D139-427A-BA3F-2C779D6A7A98}C:\program files\smartfoxserverpro_1.6.6\jre\bin\java.exe" = protocol=6 | dir=in | app=c:\program files\smartfoxserverpro_1.6.6\jre\bin\java.exe |
    "UDP Query User{177FF975-C170-40D2-9B8B-0832D6EF9526}C:\program files\yahoo!\messenger\yahoomessenger.exe" = protocol=17 | dir=in | app=c:\program files\yahoo!\messenger\yahoomessenger.exe |
    "UDP Query User{19F839E8-518E-4A9D-A635-CD3BFDEBEACA}C:\arcadia\arcadia.exe" = protocol=17 | dir=in | app=c:\arcadia\arcadia.exe |
    "UDP Query User{2147EAE8-D418-4A88-AC11-44505978AC20}C:\program files\te\server\server.exe" = protocol=17 | dir=in | app=c:\program files\te\server\server.exe |
    "UDP Query User{34C4AACD-ADA0-4CFA-A183-874F5B9F3DCE}C:\program files\java\jre6\bin\javaw.exe" = protocol=17 | dir=in | app=c:\program files\java\jre6\bin\javaw.exe |
    "UDP Query User{4990C0CB-33AC-4034-B0F2-93E5AFB2D17C}E:\qepwordpress\mysql\bin\mysqld.exe" = protocol=17 | dir=in | app=e:\qepwordpress\mysql\bin\mysqld.exe |
    "UDP Query User{4B0D6A65-86D6-4D78-98FD-865DD5B02599}C:\program files\smartfoxserverpro_1.6.6\jre\bin\java.exe" = protocol=17 | dir=in | app=c:\program files\smartfoxserverpro_1.6.6\jre\bin\java.exe |
    "UDP Query User{660D0552-2615-4722-8948-7B04D6D68697}C:\program files\cyberstep\splash fighters\amped.exe" = protocol=17 | dir=in | app=c:\program files\cyberstep\splash fighters\amped.exe |
    "UDP Query User{66FAEA71-1BF3-4271-A038-2F9943032ADD}E:\qepwordpress\apache\bin\httpd.exe" = protocol=17 | dir=in | app=e:\qepwordpress\apache\bin\httpd.exe |
    "UDP Query User{730ACA01-9388-4E08-8474-D59F1B5F6092}C:\program files\eclipse\server\server.exe" = protocol=17 | dir=in | app=c:\program files\eclipse\server\server.exe |
    "UDP Query User{84AEF21D-01A7-49B4-88C8-0E6F49C89FE7}C:\program files\eclipse evolution 2.7\server\server.exe" = protocol=17 | dir=in | app=c:\program files\eclipse evolution 2.7\server\server.exe |
    "UDP Query User{906A04E4-B4A6-4782-BBE3-7E2FA7FBA0C9}C:\windows\system32\javaw.exe" = protocol=17 | dir=in | app=c:\windows\system32\javaw.exe |
    "UDP Query User{91467ADC-D3F2-4F9C-8B9A-0BC40DE34E7D}E:\xampplite\apache\bin\httpd.exe" = protocol=17 | dir=in | app=e:\xampplite\apache\bin\httpd.exe |
    "UDP Query User{9A7D4B32-A3FD-4EB3-859F-9991634E83A4}C:\program files\aim7\aim.exe" = protocol=17 | dir=in | app=c:\program files\aim7\aim.exe |
    "UDP Query User{A0FC3300-144E-4E44-BC57-D349D8BBA153}E:\xampplite\mysql\bin\mysqld.exe" = protocol=17 | dir=in | app=e:\xampplite\mysql\bin\mysqld.exe |
    "UDP Query User{BC6A536E-7DB8-491E-9EC6-92FEF7C5E317}C:\program files\internet explorer\iexplore.exe" = protocol=17 | dir=in | app=c:\program files\internet explorer\iexplore.exe |
    "UDP Query User{C40A9540-3E4A-4BCF-B236-C313E2160640}C:\users\thomas\appdata\local\temp\plauncher.exe" = protocol=17 | dir=in | app=c:\users\thomas\appdata\local\temp\plauncher.exe |
    "UDP Query User{EE381F65-5B46-4540-A9CB-BC1D9B84129D}C:\program files\eclipse evolution 2.7\server\server.exe" = protocol=17 | dir=in | app=c:\program files\eclipse evolution 2.7\server\server.exe |

    ========== HKEY_LOCAL_MACHINE Uninstall List ==========

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
    "_{DCDAB2ED-5741-4C30-A1A4-0FCB8A529001}" = WordPerfect Office X4
    "{002D9D5E-29BA-3E6D-9BC4-3D7D6DBC735C}" = Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148
    "{008D69EB-70FF-46AB-9C75-924620DF191A}" = TOSHIBA Speech System SR Engine(U.S.) Version1.0
    "{033E378E-6AD3-4AD5-BDEB-CBD69B31046C}" = Microsoft_VC90_ATL_x86
    "{04AF207D-9A77-465A-8B76-991F6AB66245}" = Adobe Help Viewer CS3
    "{054EFA56-2AC1-48F4-A883-0AB89874B972}" = Adobe Extension Manager CS4
    "{06A1BE8A-4CA4-4A39-B9E4-E815AA8FE05C}" = Sony Noise Reduction Plug-In 2.0h
    "{07C9627A-CA0B-2AA2-062E-204359DF7BA1}" = Catalyst Control Center Core Implementation
    "{07EF3970-F8E5-4A27-A5A3-230484D35026}" = Microsoft Expression Encoder 4
    "{0840B4D6-7DD1-4187-8523-E6FC0007EFB7}" = Windows Live ID Sign-in Assistant
    "{08B32819-6EEF-4057-AEDA-5AB681A36A23}" = Adobe Bridge Start Meeting
    "{08D2E121-7F6A-43EB-97FD-629B44903403}" = Microsoft_VC90_CRT_x86
    "{08D605B4-DCD1-451F-ABD7-52E6BB868E4E}" = Microsoft Expression Design 4
    "{0A0CADCF-78DA-33C4-A350-CD51849B9702}" = Microsoft .NET Framework 4 Extended
    "{0D2DBE8A-43D0-7830-7AE7-CA6C99A832E7}" = Adobe Community Help
    "{0D5D0BEE-FBA9-4928-A50D-6CDFAB827755}" = TOSHIBA ConfigFree
    "{0EFB2016-41D2-5F30-8F60-25250F6DABDD}" = CCC Help Thai
    "{121634B0-2F4B-11D3-ADA3-00C04F52DD52}" = Windows Installer Clean Up
    "{12B3A009-A080-4619-9A2A-C6DB151D8D67}" = TOSHIBA Assist
    "{184CE391-7E0E-4C63-9935-D7A10EDFD3C6}" = Adobe WinSoft Linguistics Plugin
    "{18D10072035C4515918F7E37EAFAACFC}" = AutoUpdate
    "{1C997E1C-5CE9-4AF3-AAA9-DC65E6090827}" = Microsoft Expression Blend SDK for Silverlight 4
    "{1E57A11B-AB65-C6D1-F999-B3B37AB2298E}" = Catalyst Control Center Localization Japanese
    "{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
    "{2012098D-EEE9-4769-8DD3-B038050854D4}" = Microsoft Silverlight 3 SDK
    "{205C6BDD-7B73-42DE-8505-9A093F35A238}" = Windows Live Upload Tool
    "{206FD69B-F9FE-4164-81BD-D52552BC9C23}" = GearDrvs
    "{22B775E7-6C42-4FC5-8E10-9A5E3257BD94}" = MSVCRT
    "{256E7DAC-9BE8-494E-8DE7-7857BF96B774}" = Microsoft Expression Blend 3 SDK
    "{27265B80-303E-EFFF-6052-B11F91B634C3}" = Catalyst Control Center Localization Italian
    "{2920435D-CE92-5024-1694-DFD43A5FF074}" = Catalyst Control Center Localization Greek
    "{2A697B53-0DE3-42DA-B41D-C3F804B1C538}" = iTunes
    "{2A981294-F14C-4F0F-9627-D793270922F8}" = Bonjour
    "{2CD6D3D2-1EFC-F0B4-1761-FD4FA7F8750F}" = CCC Help Finnish
    "{2DC94AFD-A6E2-4AB4-9132-4A3F8E07B386}" = Apple Application Support
    "{2EFFFC71-1E66-454E-A6E6-CEEC800B96D2}" = Adobe Flash Video Encoder
    "{358004B9-3A16-87FF-4487-4D6F0C70E52F}" = Catalyst Control Center Localization Russian
    "{37C866E4-AA67-4725-9E95-A39968DD7960}" = Camera Assistant Software for Toshiba
    "{38A3E884-313A-7AE0-11BC-482DE0C8766A}" = CCC Help Czech
    "{3BB12DBC-0A8E-ECE2-F179-D06B99B8CD02}" = Catalyst Control Center Localization Czech
    "{3C3901C5-3455-3E0A-A214-0B093A5070A6}" = Microsoft .NET Framework 4 Client Profile
    "{3E0E28DC-DA90-1BA2-FA36-AA3C2E4FB74A}" = Catalyst Control Center Graphics Previews Vista
    "{3E5F43C6-4DF2-49F4-AE2C-0E29CA6B9887}" = iLike Sidebar
    "{3FBF6F99-8EC6-41B4-8527-0A32241B5496}" = TOSHIBA Speech System TTS Engine(U.S.) Version1.0
    "{413D5495-AECA-4FA7-81A9-2300AECB7EFE}" = Adobe Setup
    "{425A2BC2-AA64-4107-9C29-484245BBEA05}" = TOSHIBA Software Upgrades
    "{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
    "{4C6D5779-A766-45DF-9938-D6F595A66F2B}" = Microsoft Expression Blend 4
    "{4C90501F-864B-5AC4-867D-6AC35BE50721}" = ccc-utility
    "{51846830-E7B2-4218-8968-B77F0FF475B8}" = Adobe Color EU Extra Settings
    "{51F96AEC-D902-4434-A0DC-B9692A21AE7C}" = MobileMe Control Panel
    "{5335DADB-34BA-4AE8-A519-648D78498846}" = Skype™ 5.3
    "{54793AA1-5001-42F4-ABB6-C364617C6078}" = Adobe Linguistics CS3
    "{54DF7BDA-1058-4D53-B3D4-2344C69B7D0C}" = Ragnarok Online
    "{55398A75-13E0-570F-BD16-2EE5D9E5523D}" = Catalyst Control Center Localization Norwegian
    "{57752979-A1C9-4C02-856B-FBB27AC4E02C}" = QuickTime
    "{5DA0E02F-970B-424B-BF41-513A5018E4C0}" = TOSHIBA Disc Creator
    "{5EE6E987-1B79-4A93-832B-27472C7D1579}" = WPF Toolkit February 2010 (Version 3.5.50211.1)
    "{5F131988-3326-AD64-1817-D76A2FE3C2D3}" = CCC Help Chinese Traditional
    "{5F8D931D-B230-47F3-A9C0-0C8CA459A332}" = Microsoft Expression Web 4
    "{5FBF37CD-B7F9-564C-BDFC-73D970CF7AF2}" = CCC Help Italian
    "{617C36FD-0CBE-4600-84B2-441CEB12FADF}" = TOSHIBA Extended Tiles for Windows Mobility Center
    "{61C63422-E5E2-8576-2B82-0E01F5AD2538}" = CCC Help English
    "{61F90A4F-AD49-7FFB-F027-5B2CB64F0A70}" = Catalyst Control Center Graphics Light
    "{629044C7-745A-64B8-467F-2F93ED50008B}" = CCC Help Chinese Standard
    "{635FED5B-2C6D-49BE-87E6-7A6FCD22BC5A}" = Microsoft_VC90_MFC_x86
    "{65BF23C0-4EF9-27CC-7B6F-190F4008A569}" = Catalyst Control Center Localization Polish
    "{65D602E4-DCDE-0743-6A0A-F1A203449F47}" = CCC Help German
    "{68BEE9AE-D577-4CFA-9201-02B0CF288FC5}" = Memeo AutoBackup
    "{6956856F-B6B3-4BE0-BA0B-8F495BE32033}" = Apple Software Update
    "{69E5255D-9D43-4CFF-8984-843ABD7753B7}" = Catalyst Control Center - Branding
    "{6B4874CA-13CF-2477-B697-B448201B56B6}" = CCC Help Norwegian
    "{6B52140A-F189-4945-BFFC-DB3F00B8C589}" = Adobe Flash CS3
    "{6C5F3BDC-0A1B-4436-A696-5939629D5C31}" = TOSHIBA DVD PLAYER
    "{6EB0B23B-AA51-6F4E-C94C-C1015ED61EEC}" = CCC Help Japanese
    "{6FF5DD7A-FE28-4439-B8CF-1E9AF4EA0A61}" = Adobe Asset Services CS3
    "{70495081-1DC8-AD4B-C197-12138B8FBC9E}" = CCC Help Danish
    "{71B929E2-3556-93DB-DEC0-FD56D3EFB473}" = Catalyst Control Center Localization Chinese Traditional
    "{71C47830-182D-79FA-0790-0366E6E2C2EB}" = Catalyst Control Center Localization Spanish
    "{73B52EA8-8A5C-4FF5-A9F2-1A0F3259C3D2}" = TOSHIBA Application Disc Creator
    "{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
    "{77CAD946-C573-6647-B222-B6870C072932}" = CCC Help Korean
    "{7B63B2922B174135AFC0E1377DD81EC2}" = DivX Codec
    "{7E83516C-931B-870F-5CDF-01FDF9A4AEF0}" = Catalyst Control Center Localization Turkish
    "{801B0DA3-A3FF-46CC-B97F-D76D510AF5AE}" = Microsoft Silverlight 4 SDK
    "{81128EE8-8EAD-4DB0-85C6-17C2CE50FF71}" = Windows Live Essentials
    "{837b34e3-7c30-493c-8f6a-2b0f04e2912c}" = Microsoft Visual C++ 2005 Redistributable
    "{86728841-C151-B8E4-43C6-DD289DE570B6}" = Catalyst Control Center Localization Swedish
    "{86CE85E6-DBAC-3FFD-B977-E4B79F83C909}" = Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570
    "{86DBA852-5D5E-1856-D828-620E792EDC0D}" = Catalyst Control Center Localization Chinese Standard
    "{8833FFB6-5B0C-4764-81AA-06DFEED9A476}" = Realtek 8169 8168 8101E 8102E Ethernet Driver
    "{88BA2601-8A62-7AB7-DB8A-7AA2840B7C87}" = Catalyst Control Center Localization Thai
    "{890EF3F8-742F-46BD-9E8E-084B3A1F4364}" = QuickBooks Financial Center
    "{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
    "{8ADFC4160D694100B5B8A22DE9DCABD9}" = DivX Player
    "{8B587895-7716-1B99-5D85-3CA4AAF8A0F4}" = Catalyst Control Center Localization Dutch
    "{8BF2C401-02CE-424D-BC26-6C4F9FB446B6}" = Macromedia Flash 8 Video Encoder
    "{8D2BA474-F406-4710-9AE4-D4F22D21F0DD}" = Adobe Device Central CS3
    "{8E6808E2-613D-4FCD-81A2-6C8FA8E03312}" = Adobe Type Support
    "{90110409-6000-11D3-8CFE-0150048383C9}" = Microsoft Office Professional Edition 2003
    "{90120000-0015-0409-0000-0000000FF1CE}_PROHYBRIDR_{4CA4ECC1-DBD4-4591-8F4C-AA12AD2D3E59}" = 2007 Microsoft Office Suite Service Pack 1 (SP1)
    "{90120000-0016-0409-0000-0000000FF1CE}_PROHYBRIDR_{4CA4ECC1-DBD4-4591-8F4C-AA12AD2D3E59}" = 2007 Microsoft Office Suite Service Pack 1 (SP1)
    "{90120000-0018-0409-0000-0000000FF1CE}_PROHYBRIDR_{4CA4ECC1-DBD4-4591-8F4C-AA12AD2D3E59}" = 2007 Microsoft Office Suite Service Pack 1 (SP1)
    "{90120000-0019-0409-0000-0000000FF1CE}_PROHYBRIDR_{4CA4ECC1-DBD4-4591-8F4C-AA12AD2D3E59}" = 2007 Microsoft Office Suite Service Pack 1 (SP1)
    "{90120000-001A-0409-0000-0000000FF1CE}_PROHYBRIDR_{4CA4ECC1-DBD4-4591-8F4C-AA12AD2D3E59}" = 2007 Microsoft Office Suite Service Pack 1 (SP1)
    "{90120000-001B-0409-0000-0000000FF1CE}_PROHYBRIDR_{4CA4ECC1-DBD4-4591-8F4C-AA12AD2D3E59}" = 2007 Microsoft Office Suite Service Pack 1 (SP1)
    "{90120000-001F-0409-0000-0000000FF1CE}_PROHYBRIDR_{3EC77D26-799B-4CD8-914F-C1565E796173}" = 2007 Microsoft Office Suite Service Pack 1 (SP1)
    "{90120000-001F-040C-0000-0000000FF1CE}_PROHYBRIDR_{430971B1-C31E-45DA-81E0-72C095BAB72C}" = 2007 Microsoft Office Suite Service Pack 1 (SP1)
    "{90120000-001F-0C0A-0000-0000000FF1CE}_PROHYBRIDR_{F7A31780-33C4-4E39-951A-5EC9B91D7BF1}" = 2007 Microsoft Office Suite Service Pack 1 (SP1)
    "{90120000-0020-0409-0000-0000000FF1CE}" = Compatibility Pack for the 2007 Office system
    "{90120000-006E-0409-0000-0000000FF1CE}_PROHYBRIDR_{FAD8A83E-9BAC-4179-9268-A35948034D85}" = 2007 Microsoft Office Suite Service Pack 1 (SP1)
    "{90120000-0115-0409-0000-0000000FF1CE}_PROHYBRIDR_{FAD8A83E-9BAC-4179-9268-A35948034D85}" = 2007 Microsoft Office Suite Service Pack 1 (SP1)
    "{90120000-0117-0409-0000-0000000FF1CE}_PROHYBRIDR_{4CA4ECC1-DBD4-4591-8F4C-AA12AD2D3E59}" = 2007 Microsoft Office Suite Service Pack 1 (SP1)
    "{90140000-0011-0000-0000-0000000FF1CE}" = Microsoft Office Professional Plus 2010
    "{90140000-0015-0409-0000-0000000FF1CE}" = Microsoft Office Access MUI (English) 2010
    "{90140000-0016-0409-0000-0000000FF1CE}" = Microsoft Office Excel MUI (English) 2010
    "{90140000-0018-0409-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (English) 2010
    "{90140000-0019-0409-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (English) 2010
    "{90140000-001A-0409-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (English) 2010
    "{90140000-001B-0409-0000-0000000FF1CE}" = Microsoft Office Word MUI (English) 2010
    "{90140000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2010
    "{90140000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2010
    "{90140000-001F-0C0A-0000-0000000FF1CE}" = Microsoft Office Proof (Spanish) 2010
    "{90140000-002C-0409-0000-0000000FF1CE}" = Microsoft Office Proofing (English) 2010
    "{90140000-0044-0409-0000-0000000FF1CE}" = Microsoft Office InfoPath MUI (English) 2010
    "{90140000-006E-0409-0000-0000000FF1CE}" = Microsoft Office Shared MUI (English) 2010
    "{90140000-00A1-0409-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (English) 2010
    "{90140000-00BA-0409-0000-0000000FF1CE}" = Microsoft Office Groove MUI (English) 2010
    "{90140000-0115-0409-0000-0000000FF1CE}" = Microsoft Office Shared Setup Metadata MUI (English) 2010
    "{90140000-0117-0409-0000-0000000FF1CE}" = Microsoft Office Access Setup Metadata MUI (English) 2010
    "{90170409-6000-11D3-8CFE-0150048383C9}" = Microsoft Office FrontPage 2003
    "{90176341-0A8B-4CCC-A78D-F862228A6B95}" = Adobe Anchor Service CS3
    "{91120000-0031-0000-0000-0000000FF1CE}_PROHYBRIDR_{BEE75E01-DD3F-4D5F-B96C-609E6538D419}" = 2007 Microsoft Office Suite Service Pack 1 (SP1)
    "{9244F321-0BBD-9D4A-C1FB-6437E3D0550D}" = Catalyst Control Center Localization German
    "{92D58719-BBC1-4CC3-A08B-56C9E884CC2C}" = Microsoft_VC80_CRT_x86
    "{93F3EBDD-4007-C233-7320-977AC0941054}" = CCC Help Turkish
    "{94AB6CE0-DB26-7048-2A5B-4647EA1FC693}" = ccc-core-static
    "{95120000-00B9-0409-0000-0000000FF1CE}" = Microsoft Application Error Reporting
    "{95655ED4-7CA5-46DF-907F-7144877A32E5}" = Adobe Color NA Recommended Settings
    "{99CDEFC4-8CC3-410A-ABB9-FC58F61DF70E}_is1" = FIFE 0.3.1
    "{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
    "{9B3A1C97-A361-463E-8817-444F9F88CDFE}" = Microsoft Expression Blend SDK for .NET 4
    "{9C9824D9-9000-4373-A6A5-D0E5D4831394}" = Adobe Bridge CS3
    "{9FE35071-CAB2-4E79-93E7-BFC6A2DC5C5D}" = CD/DVD Drive Acoustic Silencer
    "{A06FE62B-CEBC-4E94-AED8-92DCC33BC8EA}" = Microsoft Expression Studio 4
    "{a0fe116e-9a8a-466f-aee0-625cb7c207e3}" = Microsoft Visual C++ 2005 Redistributable - KB2467175
    "{A103C127-2168-4493-8D01-4BF180BED12C}" = CCC Help Portuguese
    "{A2B242BD-FF8D-4840-9DAA-9170EABEC59C}" = Adobe CMaps
    "{A74BBFE5-3F1E-4EEE-A55E-15C32940F330}" = ActiveState ActivePython 2.7.0.2 (32-bit)
    "{A7F27ADB-3C56-0F2B-6B4B-0B8E02A49186}" = ATI Catalyst Install Manager
    "{A85FD55B-891B-4314-97A5-EA96C0BD80B5}" = Windows Live Messenger
    "{AC2EE52D-05CD-8140-5D29-5AA29590971E}" = CCC Help French
    "{AC5B0C19-D851-42F4-BDA0-410ECF7F70A5}" = PDF Settings
    "{AC76BA86-7AD7-1033-7B44-A81200000003}" = Adobe Reader 8.1.2
    "{AD9E6AC8-27B4-326A-69D1-C8A3549DAC22}" = Bamboo Dock
    "{AFF7E080-1974-45BF-9310-10DE1A1F5ED0}" = Adobe AIR
    "{B02A78AE-EA3B-8261-AEBC-8221E22DCC1E}" = CCC Help Polish
    "{B0BCDCBD-863D-4CAB-BF68-8D1F6B1BDC13}" = Atheros Wi-Fi Protected Setup Library
    "{B13A7C41581B411290FBC0395694E2A9}" = DivX Converter
    "{B1D67B62-35A8-A9A1-AA74-F6A495C8271A}" = Catalyst Control Center Localization Danish
    "{B3BF6689-A81D-40D8-9A86-4AC4ACD9FC1C}" = Adobe Camera Raw 4.0
    "{B6CF2967-C81E-40C0-9815-C05774FEF120}" = Skype Toolbars
    "{B7050CBDB2504B34BC2A9CA0A692CC29}" = DivX Web Player
    "{B760782F-738C-58D3-9472-A4E6EE231113}" = OpenSpace Editor
    "{B7CDE13C-6940-4C67-9ADD-B5373A327B2F}" = Replay Media Catcher 4
    "{BC2EA92A-A5A9-A137-5204-F150EDB05DB3}" = CCC Help Hungarian
    "{BC713970-8C3C-852B-4139-636F21114B7F}" = CCC Help Dutch
    "{BE5F3842-8309-4754-92D5-83E02E6077A3}" = Adobe Extension Manager CS3
    "{BF127B80-CFD5-4379-9752-E8AF1A5D0141}" = Microsoft Expression Encoder 4 Screen Capture Codec
    "{C2D69781-F392-4118-A5A7-C7E9C38DBFC2}" = Adobe ExtendScript Toolkit 2
    "{C3A32068-8AB1-4327-BB16-BED9C6219DC7}" = Atheros Driver Installation Program
    "{C4124E95-5061-4776-8D5D-E3D931C778E1}" = Microsoft VC9 runtime libraries
    "{C53D16CC-E56F-47B8-906E-70AAF8EABB4F}" = Toshiba Registration
    "{C5F1A9C4-C041-2E95-5D7E-EF56CED2B522}" = Skins
    "{C730E42C-935A-45BB-A0C5-37E5234D111B}" = TOSHIBA Face Recognition
    "{CACAEB5F-174D-4C7C-AC56-A33289A807CA}" = Apple Mobile Device Support
    "{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
    "{CFEF48A8-BFB8-3EAC-8BA5-DE4F8AA267CE}" = Microsoft .NET Framework 4 Multi-Targeting Pack
    "{D0DFF92A-492E-4C40-B862-A74A173C25C5}" = Adobe Version Cue CS3 Client
    "{D1A19B02-817E-4296-A45B-07853FD74D57}" = Microsoft_VC80_MFC_x86
    "{D2559B88-CC9D-4B48-81BB-F492BAA9C48C}" = Adobe PDF Library Files
    "{D7CC05AF-067D-0D1A-1E4D-9DCBCDCC2D41}" = Catalyst Control Center Graphics Full New
    "{D92BBB52-82FF-42ED-8A3C-4E062F944AB7}" = Microsoft_VC80_MFCLOC_x86
    "{DADD7B8A-BCB0-44F5-967A-ECB6B4F2ECD9}" = Adobe Color Common Settings
    "{DD7DB3C5-6FA3-4FA3-8A71-C2F2940EB029}" = Adobe Color JA Extra Settings
    "{E0FC3A5D-CF52-ABA7-92EF-D9794F372121}" = Catalyst Control Center Graphics Full Existing
    "{E4E188D2-27D5-4E4C-92CE-87F9D24AD2F6}" = Adobe Extension Manager CS5
    "{E69AE897-9E0B-485C-8552-7841F48D42D8}" = Adobe Update Manager CS3
    "{EA7D1919-A6BF-979A-E3A2-F753E23D45FA}" = Catalyst Control Center Localization Hungarian
    "{ED00D08A-3C5F-488D-93A0-A04F21F23956}" = Windows Live Communications Platform
    "{ED2BC5D9-20EE-FBB6-8483-240F19EFCAA5}" = CCC Help Swedish
    "{EE033C1F-443E-41EC-A0E2-559B539A4E4D}" = TOSHIBA Speech System Applications
    "{F0345A2F-1D78-0AEA-7CBB-CEF48622EB44}" = Catalyst Control Center Localization Portuguese
    "{F0646787-1A2F-34E9-A61D-9DAD69F606F8}" = CCC Help Spanish
    "{F0E12BBA-AD66-4022-A453-A1C8A0C4D570}" = Microsoft Choice Guard
    "{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
    "{F50E4D66-5280-FDF8-7F55-2E47FCF23E7D}" = Catalyst Control Center Localization Korean
    "{F67E6AE5-F87B-025F-2D6B-26491304393F}" = CCC Help Russian
    "{F6BD194C-4190-4D73-B1B1-C48C99921BFE}" = Windows Live Call
    "{F9DAAC4B-5E3F-1D39-9D4B-6998664EF402}" = Catalyst Control Center Localization Finnish
    "{F9F66B99-C1B3-ACEA-1F80-404CC4DD96BF}" = Catalyst Control Center Localization French
    "{FA493449-3E34-4E05-8CA7-26A42E9F180E}" = CCC Help Greek
    "{FAD36C92-1E27-4120-B610-693A7762F91C}" = Adobe Setup
    "{FEDD27A0-B306-45EF-BF58-B527406B42C8}" = TOSHIBA Value Added Package
    "{FFC1ADE3-944B-4231-894E-3903C37271D2}" = Adobe Setup
    "7-Zip" = 7-Zip 4.65
    "Adobe AIR" = Adobe AIR
    "Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX
    "Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin
    "Adobe Photoshop 7.0" = Adobe Photoshop 7.0
    "Adobe Shockwave Player" = Adobe Shockwave Player 11.5
    "Adobe_97f0f9ca84f595cf960425cba984151" = Adobe Extension Manager CS4
    "Adobe_c1dfd0398e272486e0e41acbed0d624" = Adobe Extension Manager CS3
    "Adobe_c3c7fe8b09d497ab2b3fd91c9353390" = Adobe Flash CS3 Professional
    "AIM_7" = AIM 7
    "AimOne All to MP3 Converter_is1" = AimOne All to MP3 Converter 1.82
    "Audacity_is1" = Audacity 1.2.6
    "Avira AntiVir Desktop" = Avira AntiVir Personal - Free Antivirus
    "AviSynth" = AviSynth 2.5
    "Bamboo Dock" = Bamboo Dock 3.3
    "Blend_4.0.20525.0" = Microsoft Expression Blend 4
    "CCleaner" = CCleaner
    "CDisplay_is1" = CDisplay 1.8
    "chc.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1" = Adobe Community Help
    "Design_7.0.20516.0" = Microsoft Expression Design 4
    "Desktop Calendar_is1" = Desktop Calendar 0.43b
    "Encoder_4.0.1639.0" = Microsoft Expression Encoder 4
    "ENTERPRISER" = Microsoft Office Enterprise 2007
    "ESET Online Scanner" = ESET Online Scanner v3
    "ExpressBurn" = Express Burn
    "ExpressionStudio_4.0.20525.0" = Microsoft Expression Studio 4
    "FLV Player" = FLV Player 2.0 (build 25)
    "Free Audio CD Burner_is1" = Free Audio CD Burner version 1.2
    "Free M4a to MP3 Converter_is1" = Free M4a to MP3 Converter 6.0
    "Free YouTube to iPod Converter_is1" = Free YouTube to iPod Converter version 3.5
    "Free YouTube to MP3 Converter_is1" = Free YouTube to MP3 Converter version 3.3
    "Free YouTube Uploader_is1" = Free YouTube Uploader version 3.3.11
    "GatheringRO" = GatheringRO
    "HyperCam 2" = HyperCam 2
    "HypreCam Toolbar" = HypreCam Toolbar
    "InstallShield_{617C36FD-0CBE-4600-84B2-441CEB12FADF}" = TOSHIBA Extended Tiles for Windows Mobility Center
    "InstallShield_{68BEE9AE-D577-4CFA-9201-02B0CF288FC5}" = Memeo AutoBackup
    "InstallShield_{C730E42C-935A-45BB-A0C5-37E5234D111B}" = TOSHIBA Face Recognition
    "InstallShield_{FEDD27A0-B306-45EF-BF58-B527406B42C8}" = TOSHIBA Value Added Package
    "LAME for Audacity_is1" = LAME v3.98.2 for Audacity
    "LimeWire" = LimeWire 5.5.10
    "Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware
    "Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
    "Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
    "Microsoft .NET Framework 4 Extended" = Microsoft .NET Framework 4 Extended
    "Mozilla Firefox 4.0.1 (x86 en-US)" = Mozilla Firefox 4.0.1 (x86 en-US)
    "Office14.PROPLUS" = Microsoft Office Professional Plus 2010
    "OpenAL" = OpenAL
    "openspaceeditor.ECF9BB42B082DAD413B595721BDA1F54CBEDF132.1" = OpenSpace Editor
    "Pen Tablet Driver" = Bamboo
    "Pharos" = Pharos
    "Picasa 3" = Picasa 3
    "Pixillion" = Pixillion Image Converter
    "PlayFLV" = PlayFLV
    "PowerISO" = PowerISO
    "PROHYBRIDR" = 2007 Microsoft Office system
    "PROR" = Microsoft Office Professional 2007
    "Ragnarok Sakray" = Ragnarok Sakray
    "RealPlayer 6.0" = RealPlayer
    "Revo Uninstaller" = Revo Uninstaller 1.91
    "save2pc Light_is1" = save2pc Light 3.37
    "ScummVM_is1" = ScummVM 0.10.0
    "Search Toolbar" = Search Toolbar
    "SoftwareUpdUtility" = Download Updater (AOL LLC)
    "Sophos-AntiRootkit" = Sophos Anti-Rootkit 1.5.0
    "SynTPDeinstKey" = Synaptics Pointing Device Driver
    "TOSHIBA Software Modem" = TOSHIBA Software Modem
    "Uninstall_is1" = Uninstall 1.0.0.1
    "uTorrent" = µTorrent
    "ViewpointMediaPlayer" = Viewpoint Media Player
    "VirtuallTek Fighter Factory_is1" = Fighter Factory 1.0.9.2005 + Update Pack 1
    "Wacom WebTabletPlugin for IE" = WebTablet IE Plugin
    "Wacom WebTabletPlugin for Netscape" = WebTablet Netscape Plugin
    "wacomid-desktop-launcher.DCFD4B89A63EE70BC162777F06D4B93B6397AEC7.1" = Bamboo Dock
    "Web_4.0.1165.0" = Microsoft Expression Web 4
    "WildTangent toshiba Master Uninstall" = TOSHIBA Games
    "WinLiveSuite_Wave3" = Windows Live Essentials
    "WinRAR archiver" = WinRAR archiver
    "Yahoo! Messenger" = Yahoo! Messenger
    "Yahoo! Software Update" = Yahoo! Software Update

    ========== HKEY_USERS Uninstall List ==========

    [HKEY_USERS\S-1-5-21-1541862459-1528780420-2752171513-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
    "7451b68527e81f37" = Minecraft Planner v1.0
    "BitTorrent DNA" = DNA

    ========== Last 10 Event Log Errors ==========

    [ Application Events ]
    Error - 6/10/2010 6:32:18 PM | Computer Name = thomas-PC | Source = WinMgmt | ID = 10
    Description =

    Error - 6/10/2010 7:43:17 PM | Computer Name = thomas-PC | Source = Microsoft-Windows-CAPI2 | ID = 131585
    Description =

    Error - 6/10/2010 7:43:25 PM | Computer Name = thomas-PC | Source = Microsoft-Windows-CAPI2 | ID = 131585
    Description =

    Error - 6/10/2010 10:28:27 PM | Computer Name = thomas-PC | Source = Microsoft-Windows-CAPI2 | ID = 131585
    Description =

    Error - 6/10/2010 10:28:29 PM | Computer Name = thomas-PC | Source = Microsoft-Windows-CAPI2 | ID = 131585
    Description =

    Error - 6/11/2010 5:56:12 AM | Computer Name = thomas-PC | Source = Bonjour Service | ID = 100
    Description = 392: ERROR: read_msg errno 10054 (An existing connection was forcibly
    closed by the remote host.)

    Error - 6/11/2010 5:56:13 AM | Computer Name = thomas-PC | Source = Bonjour Service | ID = 100
    Description = 400: ERROR: read_msg errno 10054 (An existing connection was forcibly
    closed by the remote host.)

    Error - 6/11/2010 5:56:13 AM | Computer Name = thomas-PC | Source = Bonjour Service | ID = 100
    Description = 396: ERROR: read_msg errno 10054 (An existing connection was forcibly
    closed by the remote host.)

    Error - 6/11/2010 5:56:13 AM | Computer Name = thomas-PC | Source = Bonjour Service | ID = 100
    Description = 404: ERROR: read_msg errno 10054 (An existing connection was forcibly
    closed by the remote host.)

    Error - 6/11/2010 5:56:13 AM | Computer Name = thomas-PC | Source = Bonjour Service | ID = 100
    Description = 408: ERROR: read_msg errno 10054 (An existing connection was forcibly
    closed by the remote host.)

    [ Media Center Events ]
    Error - 10/3/2008 8:40:13 PM | Computer Name = thomas-PC | Source = Media Center Guide | ID = 0
    Description = Event Info: ERROR: SqmApiWrapper.SqmFlushSession failed; Win32 GetLastError
    returned 0D Process: DefaultDomain Object Name: Media Center Guide

    Error - 4/4/2009 11:39:41 PM | Computer Name = thomas-PC | Source = MCUpdate | ID = 0
    Description = DownloadPackgeTask.SubTasksComplete: failed downloading package SportsSchedule.

    Error - 4/11/2009 11:35:42 PM | Computer Name = thomas-PC | Source = MCUpdate | ID = 0
    Description = DownloadPackgeTask.SubTasksComplete: failed downloading package SportsSchedule.

    Error - 7/2/2009 11:28:45 PM | Computer Name = thomas-PC | Source = MCUpdate | ID = 0
    Description = DownloadPackgeTask.SubTasksComplete: failed downloading package SportsSchedule.

    Error - 9/20/2009 2:24:59 PM | Computer Name = thomas-PC | Source = MCUpdate | ID = 0
    Description = Failed to wait on MCUpdate mutex with exception: 'The wait completed
    due to an abandoned mutex.'.

    Error - 5/7/2010 11:31:09 PM | Computer Name = thomas-PC | Source = MCUpdate | ID = 0
    Description = DownloadPackgeTask.SubTasksComplete: failed downloading package SportsSchedule.

    Error - 9/17/2010 9:17:37 PM | Computer Name = thomas-PC | Source = MCUpdate | ID = 0
    Description = DownloadPackgeTask.SubTasksComplete: failed downloading package SportsSchedule.

    Error - 4/7/2011 1:42:24 PM | Computer Name = thomas-PC | Source = MCUpdate | ID = 0
    Description = DownloadPackgeTask.SubTasksComplete: failed downloading package SportsSchedule.


    ========== Last 10 Event Log Errors ==========

    Error reading Event Logs: The Event Service is not operating properly or the Event Logs are corrupt!

    < End of report >
  15. Broni

    Broni Malware Annihilator Posts: 46,127   +251

    Run OTL
    • Under the Custom Scans/Fixes box at the bottom, paste in the following

      Code:
      :OTL
      O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - No CLSID value found.
      O4 - HKU\.DEFAULT..\Run: [SUPERAntiSpyware] File not found
      O4 - HKU\S-1-5-18..\Run: [SUPERAntiSpyware] File not found
      O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jin...ndows-i586.cab (Reg Error: Key error.)
      [3 C:\Windows\System32\*.tmp files -> C:\Windows\System32\*.tmp -> ]
      [1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]
      
      :Commands
      [purity]
      [emptytemp]
      [emptyflash]
      [Reboot]
      
    • Then click the Run Fix button at the top
    • Let the program run unhindered, reboot the PC when it is done
    • You will get a log that shows the results of the fix. Please post it.

    ===================================================================

    Last scans...

    1. Download Security Check from HERE, and save it to your Desktop.
    • Double-click SecurityCheck.exe
    • Follow the onscreen instructions inside of the black box.
    • A Notepad document should open automatically called checkup.txt; please post the contents of that document.

      NOTE SecurityCheck may produce some false warning(s), so leave the results reading to me.


    2. Download Temp File Cleaner (TFC)
    • Double click on TFC.exe to run the program.
    • Click on Start button to begin cleaning process.
    • TFC will close all running programs, and it may ask you to restart computer.


    3. Please run a free online scan with the ESET Online Scanner

    • Disable your antivirus program
    • Tick the box next to YES, I accept the Terms of Use
    • Click Start
    • IMPORTANT! UN-check Remove found threats
    • Accept any security warnings from your browser.
    • Check Scan archives
    • Click Start
    • ESET will then download updates for itself, install itself, and begin scanning your computer. Please be patient as this can take some time.
    • When the scan completes, push List of found threats
    • Click on Export to text file , and save the file to your desktop using a unique name, such as ESETScan. Include the contents of this report in your next reply.
    • NOTE. If Eset won't find any threats, it won't produce any log.
  16. Shambo9

    Shambo9 Newcomer, in training Topic Starter Posts: 113

    All processes killed
    ========== OTL ==========
    Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{02478D38-C3F9-4efb-9B51-7695ECA05670}\ deleted successfully.
    Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{02478D38-C3F9-4efb-9B51-7695ECA05670}\ not found.
    Registry value HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run\\SUPERAntiSpyware deleted successfully.
    Registry value HKEY_USERS\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Run\\SUPERAntiSpyware not found.
    Starting removal of ActiveX control {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA}
    Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA}\ deleted successfully.
    Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA}\ not found.
    Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA}\ not found.
    Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA}\ not found.
    C:\Windows\System32\REN4C6A.tmp deleted successfully.
    C:\Windows\System32\REN4C7B.tmp deleted successfully.
    C:\Windows\System32\REN4C7C.tmp deleted successfully.
    C:\Windows\DUMP5292.tmp deleted successfully.
    ========== COMMANDS ==========

    [EMPTYTEMP]

    User: All Users

    User: Default
    ->Temp folder emptied: 0 bytes
    ->Temporary Internet Files folder emptied: 33170 bytes
    ->Flash cache emptied: 56466 bytes

    User: Default User
    ->Temp folder emptied: 0 bytes
    ->Temporary Internet Files folder emptied: 0 bytes
    ->Flash cache emptied: 0 bytes

    User: Public
    ->Temp folder emptied: 0 bytes

    User: thomas
    ->Temp folder emptied: 46582 bytes
    ->Temporary Internet Files folder emptied: 42820158 bytes
    ->Java cache emptied: 0 bytes
    ->FireFox cache emptied: 277412248 bytes
    ->Apple Safari cache emptied: 0 bytes
    ->Flash cache emptied: 72507 bytes

    %systemdrive% .tmp files removed: 0 bytes
    %systemroot% .tmp files removed: 0 bytes
    %systemroot%\System32 .tmp files removed: 0 bytes
    %systemroot%\System32\drivers .tmp files removed: 0 bytes
    Windows Temp folder emptied: 295260 bytes
    %systemroot%\system32\config\systemprofile\Local Settings\Temp folder emptied: 1645538 bytes
    %systemroot%\system32\config\systemprofile\Local Settings\Temporary Internet Files folder emptied: 0 bytes
    RecycleBin emptied: 0 bytes

    Total Files Cleaned = 307.00 mb


    [EMPTYFLASH]

    User: All Users

    User: Default
    ->Flash cache emptied: 0 bytes

    User: Default User
    ->Flash cache emptied: 0 bytes

    User: Public

    User: thomas
    ->Flash cache emptied: 0 bytes

    Total Flash Files Cleaned = 0.00 mb


    OTL by OldTimer - Version 3.2.23.0 log created on 05292011_202852

    Files\Folders moved on Reboot...
    File move failed. C:\Windows\temp\Pharos\UpdaterLog.txt scheduled to be moved on reboot.

    Registry entries deleted on Reboot...
  17. Shambo9

    Shambo9 Newcomer, in training Topic Starter Posts: 113

    checkup

    Results of screen317's Security Check version 0.99.7
    Windows Vista Service Pack 1 (UAC is disabled!)
    Out of date service pack!!
    Internet Explorer 7 Out of date!
    ``````````````````````````````
    Antivirus/Firewall Check:

    Windows Firewall Disabled!
    Avira AntiVir Personal - Free Antivirus
    ESET Online Scanner v3
    WMI entry may not exist for antivirus; attempting automatic update.
    Avira successfully updated!
    ```````````````````````````````
    Anti-malware/Other Utilities Check:

    Malwarebytes' Anti-Malware
    CCleaner
    Adobe Flash Player 10.2.153.1
    Adobe Reader 8.1.2
    Out of date Adobe Reader installed!
    Mozilla Firefox (x86 en-US..) Firefox Out of Date!
    ````````````````````````````````
    Process Check:
    objlist.exe by Laurent

    Avira Antivir avgnt.exe
    Avira Antivir avguard.exe
    ``````````End of Log````````````
  18. Broni

    Broni Malware Annihilator Posts: 46,127   +251

    Update Adobe Reader

    You can download it from http://www.adobe.com/products/acrobat/readstep2.html
    After installing the latest Adobe Reader, uninstall all previous versions.
    Note. If you already have Adobe Photoshop® Album Starter Edition installed or do not wish to have it installed UNcheck the box which says Also Download Adobe Photoshop® Album Starter Edition.

    Alternatively, you can uninstall Adobe Reader (33.5 MB), download and install Foxit PDF Reader(3.5MB) from HERE.
    It's a much smaller file to download and uses a lot less resources than Adobe Reader.
    Note: When installing FoxitReader, make sure to UN-check any pre-checked toolbar, or any other garbage.

    ...and Eset....
  19. Shambo9

    Shambo9 Newcomer, in training Topic Starter Posts: 113

    C:\Program Files\Search Toolbar\SearchToolbar.dll Win32/Toolbar.Zugo application
    C:\Users\thomas\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\13\14095e4d-69813e08 probably a variant of Win32/Agent.FQWXKXL trojan
    C:\Users\thomas\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\40\34584228-14b9b69f multiple threats
    C:\Users\thomas\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\44\738e616c-5411e17a probably a variant of Win32/Agent.FQWXKXL trojan
    C:\Users\thomas\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\59\2efd68bb-206d3a63 probably a variant of Win32/Agent.FQWXKXL trojan
    C:\Users\thomas\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\59\8bf65fb-285daee3 multiple threats
    C:\Users\thomas\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\7\55d09f87-358d16d1 probably a variant of Win32/Agent.FQWXKXL trojan
  20. Broni

    Broni Malware Annihilator Posts: 46,127   +251

    Run OTL
    • Under the Custom Scans/Fixes box at the bottom, paste in the following

      Code:
      :OTL
      
      :Services
      
      :Reg
      
      :Files
      C:\Program Files\Search Toolbar\SearchToolbar.dll 
      C:\Users\thomas\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\13\14095e4d-69813e08 
      C:\Users\thomas\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\40\34584228-14b9b69f 
      C:\Users\thomas\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\44\738e616c-5411e17a 
      C:\Users\thomas\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\59\2efd68bb-206d3a63 
      C:\Users\thomas\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\59\8bf65fb-285daee3 
      C:\Users\thomas\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\7\55d09f87-358d16d1
      
      :Commands
      [purity]
      [emptytemp]
      [emptyflash]
      [Reboot]
      
    • Then click the Run Fix button at the top
    • Let the program run unhindered, reboot the PC when it is done
    • You will get a log that shows the results of the fix. Please post it.

    ===================================================================

    Your computer is clean [​IMG]

    1. We need to reset system restore to prevent your computer from being accidentally reinfected by using some old restore point(s). We'll create fresh, clean restore point, using following OTL script:

    Run OTL

    • Under the Custom Scans/Fixes box at the bottom, paste in the following:

    Code:
    :OTL
    :Commands
    [purity]
    [emptytemp]
    [EMPTYFLASH]
    [CLEARALLRESTOREPOINTS]
    [Reboot]
    • Then click the Run Fix button at the top
    • Let the program run unhindered, reboot the PC when it is done
    • Post resulting log.

    2. Now, we'll remove all tools, we used during our cleaning process

    Clean up with OTL:

    • Double-click OTL.exe to start the program.
    • Close all other programs apart from OTL as this step will require a reboot
    • On the OTL main screen, press the CLEANUP button
    • Say Yes to the prompt and then allow the program to reboot your computer.

    If you still have any tools or logs leftover on your computer you can go ahead and delete those off of your computer now.

    3. Make sure, Windows Updates are current.

    4. If any Trojan was listed among your infection(s), make sure, you change all of your on-line important passwords (bank account(s), secured web sites, etc.) immediately!

    5. Download, and install WOT (Web OF Trust): http://www.mywot.com/. It'll warn you (in most cases) about dangerous web sites.

    6. Run Malwarebytes "Quick scan" once in a while to assure safety of your computer.

    7. Run Temporary File Cleaner (TFC) weekly.

    8. Download and install Secunia Personal Software Inspector (PSI): http://secunia.com/vulnerability_scanning/personal/. The Secunia PSI is a FREE security tool designed to detect vulnerable and out-dated programs and plug-ins which expose your PC to attacks. Run it weekly.

    9. (optional) If you want to keep all your programs up to date, download and install FileHippo Update Checker.
    The Update Checker will scan your computer for installed software, check the versions and then send this information to FileHippo.com to see if there are any newer releases.

    10. Run defrag at your convenience.

    11. Read How did I get infected?, With steps so it does not happen again!: http://www.bleepingcomputer.com/forums/topic2520.html

    12. Please, let me know, how your computer is doing.
  21. Shambo9

    Shambo9 Newcomer, in training Topic Starter Posts: 113

    All processes killed
    ========== OTL ==========
    ========== SERVICES/DRIVERS ==========
    ========== REGISTRY ==========
    ========== FILES ==========
    C:\Program Files\Search Toolbar\SearchToolbar.dll moved successfully.
    C:\Users\thomas\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\13\14095e4d-69813e08 moved successfully.
    C:\Users\thomas\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\40\34584228-14b9b69f moved successfully.
    C:\Users\thomas\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\44\738e616c-5411e17a moved successfully.
    C:\Users\thomas\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\59\2efd68bb-206d3a63 moved successfully.
    C:\Users\thomas\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\59\8bf65fb-285daee3 moved successfully.
    C:\Users\thomas\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\7\55d09f87-358d16d1 moved successfully.
    ========== COMMANDS ==========

    [EMPTYTEMP]

    User: All Users

    User: Default
    ->Temp folder emptied: 0 bytes
    ->Temporary Internet Files folder emptied: 0 bytes
    ->Flash cache emptied: 0 bytes

    User: Default User
    ->Temp folder emptied: 0 bytes
    ->Temporary Internet Files folder emptied: 0 bytes
    ->Flash cache emptied: 0 bytes

    User: Public
    ->Temp folder emptied: 0 bytes

    User: thomas
    ->Temp folder emptied: 32798 bytes
    ->Temporary Internet Files folder emptied: 21989093 bytes
    ->Java cache emptied: 0 bytes
    ->FireFox cache emptied: 193382012 bytes
    ->Apple Safari cache emptied: 0 bytes
    ->Flash cache emptied: 3987 bytes

    %systemdrive% .tmp files removed: 0 bytes
    %systemroot% .tmp files removed: 0 bytes
    %systemroot%\System32 .tmp files removed: 0 bytes
    %systemroot%\System32\drivers .tmp files removed: 0 bytes
    Windows Temp folder emptied: 2131 bytes
    %systemroot%\system32\config\systemprofile\Local Settings\Temp folder emptied: 0 bytes
    %systemroot%\system32\config\systemprofile\Local Settings\Temporary Internet Files folder emptied: 0 bytes
    RecycleBin emptied: 0 bytes

    Total Files Cleaned = 205.00 mb


    [EMPTYFLASH]

    User: All Users

    User: Default
    ->Flash cache emptied: 0 bytes

    User: Default User
    ->Flash cache emptied: 0 bytes

    User: Public

    User: thomas
    ->Flash cache emptied: 0 bytes

    Total Flash Files Cleaned = 0.00 mb


    OTL by OldTimer - Version 3.2.23.0 log created on 05302011_180219

    Files\Folders moved on Reboot...
    File move failed. C:\Windows\temp\Pharos\UpdaterLog.txt scheduled to be moved on reboot.

    Registry entries deleted on Reboot...
  22. Shambo9

    Shambo9 Newcomer, in training Topic Starter Posts: 113

    All processes killed
    ========== OTL ==========
    ========== COMMANDS ==========

    [EMPTYTEMP]

    User: All Users

    User: Default
    ->Temp folder emptied: 0 bytes
    ->Temporary Internet Files folder emptied: 0 bytes
    ->Flash cache emptied: 0 bytes

    User: Default User
    ->Temp folder emptied: 0 bytes
    ->Temporary Internet Files folder emptied: 0 bytes
    ->Flash cache emptied: 0 bytes

    User: Public
    ->Temp folder emptied: 0 bytes

    User: thomas
    ->Temp folder emptied: 32307 bytes
    ->Temporary Internet Files folder emptied: 281993 bytes
    ->Java cache emptied: 0 bytes
    ->FireFox cache emptied: 7826268 bytes
    ->Apple Safari cache emptied: 0 bytes
    ->Flash cache emptied: 642 bytes

    %systemdrive% .tmp files removed: 0 bytes
    %systemroot% .tmp files removed: 0 bytes
    %systemroot%\System32 .tmp files removed: 0 bytes
    %systemroot%\System32\drivers .tmp files removed: 0 bytes
    Windows Temp folder emptied: 2260 bytes
    %systemroot%\system32\config\systemprofile\Local Settings\Temp folder emptied: 0 bytes
    %systemroot%\system32\config\systemprofile\Local Settings\Temporary Internet Files folder emptied: 0 bytes
    RecycleBin emptied: 0 bytes

    Total Files Cleaned = 8.00 mb


    [EMPTYFLASH]

    User: All Users

    User: Default
    ->Flash cache emptied: 0 bytes

    User: Default User
    ->Flash cache emptied: 0 bytes

    User: Public

    User: thomas
    ->Flash cache emptied: 0 bytes

    Total Flash Files Cleaned = 0.00 mb



    OTL by OldTimer - Version 3.2.23.0 log created on 05302011_181011

    Files\Folders moved on Reboot...
    File move failed. C:\Windows\temp\Pharos\UpdaterLog.txt scheduled to be moved on reboot.

    Registry entries deleted on Reboot...
  23. Broni

    Broni Malware Annihilator Posts: 46,127   +251

    Whenever ready...
  24. Shambo9

    Shambo9 Newcomer, in training Topic Starter Posts: 113

    All redirects and pop ups have stopped. Thanks :)
  25. Broni

    Broni Malware Annihilator Posts: 46,127   +251

    Way to go!! [​IMG]
    Good luck and stay safe :)
Topic Status:
Not open for further replies.


Add New Comment

TechSpot Members
Login or sign up for free,
it takes about 30 seconds.
You may also...


Get complete access to the TechSpot community. Join thousands of technology enthusiasts that contribute and share knowledge in our forum. Get a private inbox, upload your own photo gallery and more.