Solved Google redirect virus, streams not working, can't connect to certain websites

Status
Not open for further replies.

sullyy1288

Posts: 20   +0
A month or two back I had a trojan that caused a fake windows security center to pop up and make my computer unusable, I got rid of it with malewarebytes but also had a problem with google redirecting me to fake results. I never got rid of that problem as I switched to chrome which doesn't have that problem. Since then I feel like my laptop's been slower and some programs close down the first time that I try to open them, most recently yesterday there were some streams on own3d.tv that I watched regularly but inexplicably stopped working though I know that they were working for others and I suddenly couldn't connect to some websites like IGN.com and IMDB.com with my web browsers saying that they couldn't make a connection (I now can). I don't know how many of these are directly linked to any virus but I definitely have been having problems since I got rid of the trojan.

Here are my logs from the 8 steps, just as a note I ran GMER twice because the first time I left my computer and it turned off so I wasn't sure if it ran fully and ran it again, but the log I saw the first time was a few lines longer. Thanks in advance.


Malwarebytes' Anti-Malware 1.50.1.1100
www.malwarebytes.org

Database version: 6432

Windows 6.0.6002 Service Pack 2
Internet Explorer 8.0.6001.19048

4/24/2011 4:38:49 AM
mbam-log-2011-04-24 (04-38-49).txt

Scan type: Quick scan
Objects scanned: 157239
Time elapsed: 9 minute(s), 50 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 0

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
(No malicious items detected)



GMER 1.0.15.15570 - http://www.gmer.net
Rootkit scan 2011-04-24 12:54:15
Windows 6.0.6002 Service Pack 2
Running: 63ru5dec.exe


---- Registry - GMER 1.0.15 ----

Reg HKLM\SYSTEM\CurrentControlSet\Services\Eventlog\Application@Sources MSDMine?MpfService?STacS?ST?STa
Reg HKLM\SYSTEM\ControlSet002\Services\Eventlog\Application@Sources MSDMine?MpfService?STacS?ST?STa

---- EOF - GMER 1.0.15 ----




.
DDS (Ver_11-03-05.01) - NTFS_AMD64
Run by Mike at 12:58:41.13 on Sun 04/24/2011
Internet Explorer: 8.0.6001.19048 BrowserJavaVersion: 1.6.0_24
Microsoft® Windows Vista™ Home Premium 6.0.6002.2.1252.1.1033.18.4093.2113 [GMT -4:00]
.
AV: McAfee Anti-Virus and Anti-Spyware *Enabled/Updated* {86355677-4064-3EA7-ABB3-1B136EB04637}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
SP: McAfee Anti-Virus and Anti-Spyware *Enabled/Updated* {3D54B793-665E-3129-9103-206115370C8A}
FW: McAfee Firewall *Enabled* {BE0ED752-0A0B-3FFF-80EC-B2269063014C}
.
============== Running Processes ===============
.
C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\nvvsvc.exe
C:\Windows\system32\svchost.exe -k rpcss
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k GPSvcGroup
C:\Windows\system32\SLsvc.exe
C:\Windows\system32\svchost.exe -k LocalService
C:\Program Files\Dell\DellDock\DockLogin.exe
C:\Windows\system32\rundll32.exe
C:\Windows\system32\svchost.exe -k NetworkService
C:\Program Files\Fingerprint Reader Suite\upeksvr.exe
C:\Windows\System32\WLTRYSVC.EXE
C:\Windows\System32\bcmwltry.exe
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Windows\system32\WLANExt.exe
C:\Windows\System32\DriverStore\FileRepository\stwrt64.inf_bb0e6831\AESTSr64.exe
C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
C:\Program Files (x86)\Bonjour\mDNSResponder.exe
C:\Windows\system32\lxeccoms.exe
C:\Program Files\Common Files\McAfee\SystemCore\mfevtps.exe
C:\Windows\SysWOW64\PnkBstrA.exe
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\Windows\System32\DriverStore\FileRepository\stwrt64.inf_bb0e6831\STacSV64.exe
C:\Windows\system32\svchost.exe -k imgsvc
C:\Windows\System32\svchost.exe -k WerSvcGroup
C:\Windows\system32\SearchIndexer.exe
C:\Program Files\Common Files\McAfee\SystemCore\mcshield.exe
C:\Program Files\Common Files\McAfee\SystemCore\mfefire.exe
C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe
C:\Windows\system32\taskeng.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Windows\system32\taskeng.exe
C:\Program Files\DellTPad\Apoint.exe
C:\Windows\System32\rundll32.exe
C:\Windows\System32\rundll32.exe
C:\Windows\System32\WLTRAY.EXE
C:\Program Files\Sigmatel\C-Major Audio\WDM\sttray64.exe
C:\Program Files (x86)\Lexmark Pro800-Pro900 Series\lxecmon.exe
C:\Program Files (x86)\Lexmark Pro800-Pro900 Series\ezprint.exe
C:\Program Files (x86)\Steam\Steam.exe
C:\Program Files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Users\Mike\AppData\Roaming\Octoshape\Octoshape Streaming Services\OctoshapeClient.exe
C:\Windows\ehome\ehtray.exe
C:\Windows\OEM02Mon.exe
C:\Program Files\McAfee.com\Agent\mcagent.exe
C:\Program Files (x86)\iTunes\iTunesHelper.exe
C:\Program Files (x86)\Razer\DeathAdder\razerhid.exe
C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
C:\Program Files\Fingerprint Reader Suite\psqltray.exe
C:\Windows\ehome\ehmsas.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files (x86)\Razer\DeathAdder\razerofa.exe
C:\Program Files\DellTPad\ApMsgFwd.exe
C:\Program Files\DellTPad\HidFind.exe
C:\Program Files\DellTPad\Apntex.exe
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Program Files (x86)\Common Files\Steam\SteamService.exe
C:\Program Files\McAfee\VirusScan\mcods.exe
C:\Users\Mike\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Mike\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Windows\SysWOW64\rundll32.exe
C:\Users\Mike\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Windows\servicing\TrustedInstaller.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Windows\system32\NOTEPAD.EXE
C:\Windows\system32\SearchProtocolHost.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Users\Mike\Desktop\dds.scr
.
============== Pseudo HJT Report ===============
.
uStart Page = hxxp://www.google.com/ig/dell?hl=en&client=dell-usuk&channel=us&ibd=0090811
uDefault_Page_URL = hxxp://www.google.com/ig/dell?hl=en&client=dell-usuk&channel=us&ibd=0090811
mDefault_Page_URL = hxxp://www.google.com/ig/dell?hl=en&client=dell-usuk&channel=us&ibd=0090811
uInternet Settings,ProxyOverride = <local>;*.local
mWinlogon: Userinit=userinit.exe,
BHO: MRI_DISABLED - No File
BHO: Octh Class: {000123b4-9b42-4900-b3f7-f4b073efc214} - C:\Users\Mike\Downloads\orbit\Orbitdownloader\orbitcth.dll
BHO: Lexmark Toolbar: {1017a80c-6f09-4548-a84d-edd6ac9525f0} - C:\Program Files (x86)\Lexmark Toolbar\toolband.dll
BHO: McAfee Phishing Filter: {27b4851a-3207-45a2-b947-be8afe6163ab} - c:\PROGRA~1\mcafee\msk\mskapbho.dll
BHO: scriptproxy: {7db2d5a0-7241-4e79-b68d-6309f01c5231} - C:\Program Files (x86)\Common Files\McAfee\SystemCore\ScriptSn.20101105041954.dll
BHO: Search Toolbar: {9d425283-d487-4337-bab6-ab8354a81457} - C:\Program Files (x86)\Search Toolbar\SearchToolbar.dll
BHO: Google Toolbar Helper: {aa58ed58-01dd-4d91-8333-cf10577473f7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll
BHO: Google Toolbar Notifier BHO: {af69de43-7d58-4638-b6fa-ce66b5ad205d} - C:\Program Files (x86)\Google\GoogleToolbarNotifier\5.6.6209.1142\swg.dll
BHO: Lexmark Printable Web: {d2c5e510-be6d-42cc-9f61-e4f939078474} - C:\Program Files\Lexmark Printable Web\bho.dll
BHO: Java(tm) Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll
TB: Lexmark Toolbar: {1017a80c-6f09-4548-a84d-edd6ac9525f0} - C:\Program Files (x86)\Lexmark Toolbar\toolband.dll
TB: Search Toolbar: {9d425283-d487-4337-bab6-ab8354a81457} - C:\Program Files (x86)\Search Toolbar\SearchToolbar.dll
TB: Google Toolbar: {2318c2b1-4965-11d4-9b18-009027a5cd4f} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll
uRun: [Steam] "C:\Program Files (x86)\Steam\Steam.exe" -silent
uRun: [Google Update] "C:\Users\Mike\AppData\Local\Google\Update\GoogleUpdate.exe" /c
uRun: [swg] "C:\Program Files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe"
uRun: [Octoshape Streaming Services] "C:\Users\Mike\AppData\Roaming\Octoshape\Octoshape Streaming Services\OctoshapeClient.exe" -inv:bootrun
uRun: [ehTray.exe] C:\Windows\ehome\ehTray.exe
uRun: [WMPNSCFG] C:\Program Files (x86)\Windows Media Player\WMPNSCFG.exe
mRun: [OEM02Mon.exe] C:\Windows\OEM02Mon.exe
mRun: [mcui_exe] "C:\Program Files\McAfee.com\Agent\mcagent.exe" /runkey
mRun: [QuickTime Task] "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime
mRun: [iTunesHelper] "C:\Program Files (x86)\iTunes\iTunesHelper.exe"
mRun: [DeathAdder] "C:\Program Files (x86)\Razer\DeathAdder\razerhid.exe"
mRun: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
StartupFolder: C:\PROGRA~3\MICROS~1\Windows\STARTM~1\Programs\Startup\MRI_DI~1\QuickSet.lnk - C:\Program Files\Dell\QuickSet\quickset.exe
mPolicies-explorer: NoActiveDesktop = 1 (0x1)
mPolicies-explorer: NoActiveDesktopChanges = 1 (0x1)
mPolicies-explorer: BindDirectlyToPropertySetStorage = 0 (0x0)
mPolicies-system: EnableUIADesktopToggle = 0 (0x0)
mPolicies-system: DisableCAD = 1 (0x1)
IE: &Download by Orbit - C:\Users\Mike\Downloads\orbit\Orbitdownloader\orbitmxt.dll/201
IE: &Grab video by Orbit - C:\Users\Mike\Downloads\orbit\Orbitdownloader\orbitmxt.dll/204
IE: Do&wnload selected by Orbit - C:\Users\Mike\Downloads\orbit\Orbitdownloader\orbitmxt.dll/203
IE: Down&load all by Orbit - C:\Users\Mike\Downloads\orbit\Orbitdownloader\orbitmxt.dll/202
IE: E&xport to Microsoft Excel - C:\PROGRA~2\MICROS~1\Office12\EXCEL.EXE/3000
IE: Google Sidewiki... - C:\Program Files (x86)\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_D183CA64F05FDD98.dll/cmsidewiki.html
IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - C:\PROGRA~2\MICROS~1\Office12\ONBttnIE.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - C:\PROGRA~2\MICROS~1\Office12\REFIEBAR.DLL
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cab
DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
LSA: Notification Packages = scecli psqlpwd
BHO-X64: McAfee Phishing Filter: {27B4851A-3207-45A2-B947-BE8AFE6163AB} - c:\PROGRA~1\mcafee\msk\MSKAPB~1.DLL
BHO-X64: McAfee Phishing Filter - No File
BHO-X64: scriptproxy: {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - C:\Program Files\Common Files\McAfee\SystemCore\ScriptSn.20101105041954.dll
BHO-X64: scriptproxy - No File
BHO-X64: Google Toolbar Helper: {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll
BHO-X64: Google Toolbar Notifier BHO: {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.6.6209.1142\swg64.dll
BHO-X64: Java(tm) Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
TB-X64: Google Toolbar: {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll
TB-X64: {1017A80C-6F09-4548-A84D-EDD6AC9525F0} - No File
TB-X64: {9D425283-D487-4337-BAB6-AB8354A81457} - No File
mRun-x64: [Apoint] C:\Program Files\DellTPad\Apoint.exe
mRun-x64: [NvCplDaemon] RUNDLL32.EXE C:\Windows\system32\NvCpl.dll,NvStartup
mRun-x64: [NvMediaCenter] RUNDLL32.EXE C:\Windows\system32\NvMcTray.dll,NvTaskbarInit
mRun-x64: [NVHotkey] rundll32.exe C:\Windows\system32\nvHotkey.dll,Start
mRun-x64: [PSQLLauncher] "C:\Program Files\Fingerprint Reader Suite\launcher.exe" /startup
mRun-x64: [Broadcom Wireless Manager UI] C:\Windows\system32\WLTRAY.exe
mRun-x64: [SigmatelSysTrayApp] %ProgramFiles%\SigmaTel\C-Major Audio\WDM\sttray64.exe
mRun-x64: [lxecmon.exe] "C:\Program Files (x86)\Lexmark Pro800-Pro900 Series\lxecmon.exe"
mRun-x64: [EzPrint] "C:\Program Files (x86)\Lexmark Pro800-Pro900 Series\ezprint.exe"
.
================= FIREFOX ===================
.
FF - ProfilePath - C:\Users\Mike\AppData\Roaming\Mozilla\Firefox\Profiles\o1lev4nw.default\
FF - prefs.js: browser.search.selectedEngine - Bing
FF - prefs.js: browser.startup.homepage - hxxp://www.bing.com/?pc=ZUGO&form=ZGAPHP
FF - prefs.js: keyword.URL - hxxp://www.bing.com/search?pc=ZUGO&form=ZGAADF&q=
FF - prefs.js: network.proxy.type - 0
FF - component: C:\Users\Mike\Downloads\orbit\Orbitdownloader\addons\OneClickYouTubeDownloader\components\GrabXpcom.dll
FF - plugin: C:\Program Files (x86)\Google\Update\1.2.183.17\npGoogleOneClick8.dll
FF - plugin: C:\Program Files (x86)\Google\Update\1.2.183.23\npGoogleOneClick8.dll
FF - plugin: C:\Program Files (x86)\Google\Update\1.2.183.29\npGoogleOneClick8.dll
FF - plugin: C:\Program Files (x86)\Google\Update\1.2.183.39\npGoogleOneClick8.dll
FF - plugin: C:\Program Files (x86)\Java\jre6\bin\new_plugin\npdeployJava1.dll
FF - plugin: C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll
FF - plugin: C:\Program Files (x86)\QuickTime\Plugins\npqtplugin8.dll
FF - plugin: C:\Users\Mike\AppData\Local\Google\Update\1.3.21.53\npGoogleUpdate3.dll
FF - plugin: C:\Users\Mike\AppData\Roaming\Mozilla\plugins\npoctoshape.dll
FF - plugin: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32.dll
FF - Ext: Default: {972ce4c6-7e08-4474-a285-3208198ce6fd} - C:\Program Files (x86)\Mozilla Firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA} - C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA}
FF - Ext: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension
FF - Ext: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - %profile%\extensions\{20a82645-c095-46ed-80e3-08825760534b}
FF - Ext: Undo Closed Tabs Button: undoclosedtabsbutton@supernova00.biz - %profile%\extensions\undoclosedtabsbutton@supernova00.biz
FF - Ext: Search Toolbar: searchtoolbar@zugo.com - %profile%\extensions\searchtoolbar@zugo.com
.
============= SERVICES / DRIVERS ===============
.
R0 mfehidk;McAfee Inc. mfehidk;C:\Windows\System32\drivers\mfehidk.sys [2009-8-12 529128]
R0 PxHlpa64;PxHlpa64;C:\Windows\System32\drivers\PxHlpa64.sys [2009-8-12 53488]
R1 mfenlfk;McAfee NDIS Light Filter;C:\Windows\System32\drivers\mfenlfk.sys [2010-8-17 75032]
R1 mfewfpk;McAfee Inc. mfewfpk;C:\Windows\System32\drivers\mfewfpk.sys [2010-8-17 283360]
R2 AESTFilters;Andrea ST Filters Service;C:\Windows\System32\DriverStore\FileRepository\stwrt64.inf_bb0e6831\AESTSr64.exe [2009-8-11 86016]
R2 DockLoginService;Dock Login Service;C:\Program Files\Dell\DellDock\DockLogin.exe [2008-12-18 155648]
R2 FontCache;Windows Font Cache Service;C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation [2008-1-20 27648]
R2 lxec_device;lxec_device;C:\Windows\system32\lxeccoms.exe -service --> C:\Windows\system32\lxeccoms.exe -service [?]
R2 McMPFSvc;McAfee Personal Firewall Service;"C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe" /McCoreSvc [2010-8-17 355440]
R2 McNaiAnn;McAfee VirusScan Announcer;"C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe" /McCoreSvc [2010-8-17 355440]
R2 McProxy;McAfee Proxy Service;"C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe" /McCoreSvc [2010-8-17 355440]
R2 McShield;McShield;C:\Program Files\Common Files\McAfee\SystemCore\mcshield.exe [2010-8-17 200056]
R2 mfefire;McAfee Firewall Core Service;C:\Program Files\Common Files\McAfee\SystemCore\mfefire.exe [2010-8-17 245352]
R2 mfevtp;McAfee Validation Trust Protection Service;C:\Program Files\Common Files\McAfee\SystemCore\mfevtps.exe [2010-8-17 149032]
R3 cfwids;McAfee Inc. cfwids;C:\Windows\System32\drivers\cfwids.sys [2010-8-17 62800]
R3 mfeavfk;McAfee Inc. mfeavfk;C:\Windows\System32\drivers\mfeavfk.sys [2009-8-12 190136]
R3 mfefirek;McAfee Inc. mfefirek;C:\Windows\System32\drivers\mfefirek.sys [2010-8-17 441328]
R3 mferkdet;McAfee Inc. mferkdet;C:\Windows\System32\drivers\mferkdet.sys [2010-8-17 94864]
R3 yukonx64;NDIS6.0 Miniport Driver for Marvell Yukon Ethernet Controller;C:\Windows\System32\drivers\yk60x64.sys [2009-8-11 369152]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-3-18 138576]
S2 gupdate;Google Update Service (gupdate);C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2010-2-11 135664]
S2 lxecCATSCustConnectService;lxecCATSCustConnectService;C:\Windows\System32\spool\drivers\x64\3\lxecserv.exe [2010-4-14 45736]
S3 DAdderFltr;DeathAdder Mouse;C:\Windows\System32\drivers\dadder.sys [2011-2-2 12672]
S3 mferkdk;McAfee Inc. mferkdk;C:\Windows\System32\drivers\mferkdk.sys [2009-8-12 40904]
S3 mfesmfk;McAfee Inc. mfesmfk;C:\Windows\System32\drivers\mfesmfk.sys [2009-8-12 49480]
S3 PerfHost;Performance Counter DLL Host;C:\Windows\SysWOW64\perfhost.exe [2008-1-20 19968]
S3 USBAAPL64;Apple Mobile USB Driver;C:\Windows\System32\drivers\usbaapl64.sys [2010-9-28 51712]
S3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\WPF\WPFFontCache_v0400.exe [2010-3-18 1020768]
S4 clr_optimization_v2.0.50727_64;Microsoft .NET Framework NGEN v2.0.50727_X64;C:\Windows\Microsoft.NET\Framework64\v2.0.50727\mscorsvw.exe [2009-11-8 89920]
.
=============== File Associations ===============
.
JSEFile=C:\Windows\SysWOW64\WScript.exe "%1" %*
.
=============== Created Last 30 ================
.
2011-04-15 19:47:07 472808 ----a-w- C:\Windows\SysWow64\deployJava1.dll
2011-04-15 19:47:07 472808 ----a-w- C:\Program Files (x86)\Mozilla Firefox\plugins\npdeployJava1.dll
2011-04-15 19:20:19 274432 ----a-w- C:\Windows\System32\drivers\mrxsmb10.sys
2011-04-15 19:20:18 90624 ----a-w- C:\Windows\System32\drivers\bowser.sys
2011-04-15 19:20:18 135680 ----a-w- C:\Windows\System32\drivers\mrxsmb.sys
2011-04-15 19:20:18 106496 ----a-w- C:\Windows\System32\drivers\mrxsmb20.sys
2011-04-15 19:20:12 975872 ----a-w- C:\Windows\System32\inetcomm.dll
2011-04-15 19:20:11 739328 ----a-w- C:\Windows\SysWow64\inetcomm.dll
2011-04-15 19:20:06 2409784 ----a-w- C:\Program Files\Windows Mail\OESpamFilter.dat
2011-04-15 19:20:06 2409784 ----a-w- C:\Program Files (x86)\Windows Mail\OESpamFilter.dat
2011-04-15 19:18:53 28672 ----a-w- C:\Windows\System32\dnscacheugc.exe
2011-04-15 19:18:53 25088 ----a-w- C:\Windows\SysWow64\dnscacheugc.exe
2011-04-15 19:18:53 117760 ----a-w- C:\Windows\System32\dnsrslvr.dll
2011-04-04 07:02:17 2048 ----a-w- C:\Windows\SysWow64\winrsmgr.dll
2011-04-04 07:02:17 2048 ----a-w- C:\Windows\System32\winrsmgr.dll
2011-04-04 07:02:15 13312 ----a-w- C:\Windows\System32\wsmplpxy.dll
2011-04-04 07:02:15 13312 ----a-w- C:\Windows\System32\winrssrv.dll
2011-04-04 07:02:05 10240 ----a-w- C:\Windows\SysWow64\wsmplpxy.dll
2011-04-04 07:02:04 10240 ----a-w- C:\Windows\SysWow64\winrssrv.dll
2011-03-31 07:39:50 -------- d-----w- C:\Windows\SysWow64\spool
2011-03-31 07:39:49 -------- d-----w- C:\Program Files (x86)\Windows Portable Devices
2011-03-31 07:39:48 -------- d-----w- C:\Program Files\Windows Portable Devices
2011-03-31 07:15:57 167424 ----a-w- C:\Program Files\Windows Portable Devices\sqmapi.dll
2011-03-31 07:12:50 4096 ----a-w- C:\Windows\SysWow64\oleaccrc.dll
2011-03-31 07:12:50 4096 ----a-w- C:\Windows\System32\oleaccrc.dll
2011-03-31 07:12:48 736256 ----a-w- C:\Windows\System32\UIAutomationCore.dll
2011-03-31 07:12:48 555520 ----a-w- C:\Windows\SysWow64\UIAutomationCore.dll
2011-03-31 07:12:48 315904 ----a-w- C:\Windows\System32\oleacc.dll
2011-03-31 07:12:48 234496 ----a-w- C:\Windows\SysWow64\oleacc.dll
2011-03-31 07:02:52 92672 ----a-w- C:\Windows\SysWow64\UIAnimation.dll
2011-03-31 07:02:52 103424 ----a-w- C:\Windows\System32\UIAnimation.dll
2011-03-31 07:02:50 1164800 ----a-w- C:\Windows\System32\UIRibbonRes.dll
2011-03-31 07:02:49 3815424 ----a-w- C:\Windows\System32\UIRibbon.dll
2011-03-31 07:02:49 1164800 ----a-w- C:\Windows\SysWow64\UIRibbonRes.dll
2011-03-31 07:02:48 3023360 ----a-w- C:\Windows\SysWow64\UIRibbon.dll
2011-03-30 00:44:59 900480 ----a-w- C:\Windows\System32\drivers\dxgkrnl.sys
2011-03-30 00:42:45 288768 ----a-w- C:\Windows\SysWow64\XpsGdiConverter.dll
2011-03-30 00:42:43 479744 ----a-w- C:\Windows\System32\XpsGdiConverter.dll
2011-03-30 00:42:39 1555968 ----a-w- C:\Windows\System32\DWrite.dll
2011-03-30 00:42:39 1149440 ----a-w- C:\Windows\System32\FntCache.dll
2011-03-30 00:42:38 1068544 ----a-w- C:\Windows\SysWow64\DWrite.dll
2011-03-30 00:40:52 1486848 ----a-w- C:\Program Files\Windows Media Player\setup_wm.exe
2011-03-30 00:40:52 1418752 ----a-w- C:\Program Files (x86)\Windows Media Player\setup_wm.exe
2011-03-30 00:40:51 372736 ----a-w- C:\Windows\System32\unregmp2.exe
2011-03-30 00:40:51 310784 ----a-w- C:\Windows\SysWow64\unregmp2.exe
2011-03-30 00:36:21 880640 ----a-w- C:\Windows\System32\timedate.cpl
2011-03-30 00:36:20 714240 ----a-w- C:\Windows\SysWow64\timedate.cpl
2011-03-30 00:36:01 471552 ----a-w- C:\Windows\SysWow64\secproc_isv.dll
2011-03-30 00:36:01 471552 ----a-w- C:\Windows\SysWow64\secproc.dll
2011-03-30 00:36:00 538624 ----a-w- C:\Windows\System32\secproc_isv.dll
2011-03-30 00:32:02 1927680 ----a-w- C:\Windows\System32\gameux.dll
2011-03-30 00:32:01 1696256 ----a-w- C:\Windows\SysWow64\gameux.dll
2011-03-30 00:31:59 32256 ----a-w- C:\Windows\System32\Apphlpdm.dll
2011-03-30 00:31:59 28672 ----a-w- C:\Windows\SysWow64\Apphlpdm.dll
2011-03-30 00:31:58 4240384 ----a-w- C:\Windows\SysWow64\GameUXLegacyGDFs.dll
2011-03-30 00:31:57 4240384 ----a-w- C:\Windows\System32\GameUXLegacyGDFs.dll
2011-03-26 04:46:56 -------- d-----w- C:\Users\Mike\AppData\Roaming\AnvSoft
2011-03-26 04:46:48 -------- d-----w- C:\Program Files (x86)\AnvSoft
2011-03-26 04:42:57 80896 ----a-w- C:\Windows\SysWow64\ff_vfw.dll
2011-03-26 04:42:55 -------- d-----w- C:\Program Files (x86)\ffdshow
2011-03-26 03:17:25 -------- d-----w- C:\Program Files (x86)\Search Toolbar
2011-03-26 03:16:59 462112 ----a-w- C:\Program Files (x86)\Common Files\ZugoInstaller.exe
2011-03-26 03:16:53 -------- d-----w- C:\Program Files (x86)\Free YouTube Downloader
.
==================== Find3M ====================
.
2011-03-10 17:18:03 1360384 ----a-w- C:\Windows\System32\mfc42u.dll
2011-03-10 17:18:02 1398784 ----a-w- C:\Windows\System32\mfc42.dll
2011-03-10 17:03:51 1162240 ----a-w- C:\Windows\SysWow64\mfc42u.dll
2011-03-10 17:03:51 1136640 ----a-w- C:\Windows\SysWow64\mfc42.dll
2011-03-03 13:46:31 2762240 ----a-w- C:\Windows\System32\win32k.sys
2011-02-24 16:38:07 991104 ----a-w- C:\Windows\System32\winresume.efi
2011-02-24 16:38:07 979840 ----a-w- C:\Windows\System32\winresume.exe
2011-02-24 16:37:57 1076608 ----a-w- C:\Windows\System32\winload.efi
2011-02-24 16:37:57 1063296 ----a-w- C:\Windows\System32\winload.exe
2011-02-24 16:37:53 20864 ----a-w- C:\Windows\System32\kdusb.dll
2011-02-24 16:37:53 18816 ----a-w- C:\Windows\System32\kd1394.dll
2011-02-24 16:37:53 17792 ----a-w- C:\Windows\System32\kdcom.dll
2011-02-22 06:50:39 1147904 ----a-w- C:\Windows\System32\wininet.dll
2011-02-22 06:46:49 56832 ----a-w- C:\Windows\System32\licmgr10.dll
2011-02-22 06:46:34 1538560 ----a-w- C:\Windows\System32\inetcpl.cpl
2011-02-22 06:46:20 132096 ----a-w- C:\Windows\System32\iesysprep.dll
2011-02-22 06:46:19 77312 ----a-w- C:\Windows\System32\iesetup.dll
2011-02-22 06:21:28 916480 ----a-w- C:\Windows\SysWow64\wininet.dll
2011-02-22 06:17:08 43520 ----a-w- C:\Windows\SysWow64\licmgr10.dll
2011-02-22 06:16:53 1469440 ----a-w- C:\Windows\SysWow64\inetcpl.cpl
2011-02-22 06:16:40 71680 ----a-w- C:\Windows\SysWow64\iesetup.dll
2011-02-22 06:16:40 109056 ----a-w- C:\Windows\SysWow64\iesysprep.dll
2011-02-22 05:56:46 479232 ----a-w- C:\Windows\System32\html.iec
2011-02-22 05:20:39 385024 ----a-w- C:\Windows\SysWow64\html.iec
2011-02-22 05:15:51 162816 ----a-w- C:\Windows\System32\ieUnatt.exe
2011-02-22 05:14:35 1638912 ----a-w- C:\Windows\System32\mshtml.tlb
2011-02-22 04:43:54 133632 ----a-w- C:\Windows\SysWow64\ieUnatt.exe
2011-02-22 04:42:38 1638912 ----a-w- C:\Windows\SysWow64\mshtml.tlb
2011-02-18 14:18:15 450560 ----a-w- C:\Windows\System32\drivers\srv.sys
2011-02-18 14:17:59 176128 ----a-w- C:\Windows\System32\drivers\srv2.sys
2011-02-18 14:17:57 145920 ----a-w- C:\Windows\System32\drivers\srvnet.sys
2011-02-17 07:21:33 613376 ----a-w- C:\Windows\System32\vbscript.dll
2011-02-17 06:23:50 420864 ----a-w- C:\Windows\SysWow64\vbscript.dll
2011-02-16 16:37:47 48128 ----a-w- C:\Windows\System32\atmlib.dll
2011-02-16 16:16:37 34304 ----a-w- C:\Windows\SysWow64\atmlib.dll
2011-02-16 14:15:24 367616 ----a-w- C:\Windows\System32\atmfd.dll
2011-02-16 14:02:23 292864 ----a-w- C:\Windows\SysWow64\atmfd.dll
2011-02-02 21:45:37 8132637 ----a-w- C:\Users\Mike\DeathAdder_driver_v3.01_Eng.exe
.
============= FINISH: 13:00:29.62 ===============


.
UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
IF REQUESTED, ZIP IT UP & ATTACH IT
.
DDS (Ver_11-03-05.01)
.
Microsoft® Windows Vista™ Home Premium
Boot Device: \Device\HarddiskVolume3
Install Date: 8/12/2009 7:41:02 AM
System Uptime: 4/24/2011 9:20:23 AM (4 hours ago)
.
Motherboard: Dell Inc. | |
Processor: Intel(R) Core(TM)2 Duo CPU T5900 @ 2.20GHz | Microprocessor | 800/200mhz
.
==== Disk Partitions =========================
.
C: is FIXED (NTFS) - 448 GiB total, 259.223 GiB free.
D: is FIXED (NTFS) - 15 GiB total, 7.867 GiB free.
E: is CDROM (UDF)
.
==== Disabled Device Manager Items =============
.
==== System Restore Points ===================
.
.
==== Installed Programs ======================
.
ABBYY FineReader 6.0 Sprint
Acrobat.com
Adobe AIR
Adobe Flash Player 10 ActiveX
Adobe Flash Player 10 Plugin
Adobe Reader 9.3
Adobe Shockwave Player 11.5
Advanced Audio FX Engine
Advanced Video FX Engine
Age of Mythology
Any Video Converter 3.2.1
Apple Application Support
Apple Software Update
Audacity 1.2.6
Avidemux 2.5
Battlefield 2: Deluxe Edition
Bloodline Champions
Braid Demo
Browser Address Error Redirector
Call of Duty: Modern Warfare 2 - Multiplayer
Cisco EAP-FAST Module
Cisco LEAP Module
Cisco PEAP Module
Cogs
Darwinia
DEFCON
Defcon v1.6
Dell DataSafe Online
Dell Getting Started Guide
Dell Video Chat
Dell Webcam Center
Dell Webcam Manager
Disciples II Expansion
EA Download Manager
Eufloria
ffdshow v1.1.3771 [2011-03-07]
Free YouTube Downloader 3.2.77
GOM Player
GOMTV Streamer
Google Chrome
Google Toolbar for Internet Explorer
Google Update Helper
Greed Corp
HiJackThis
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB953595)
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB958484)
Java Auto Updater
Java(TM) 6 Update 24
LAME v3.98.2 for Audacity
League of Legends
Lexmark Printable Web
Lexmark Toolbar
Lexmark Tools for Office
Live! Cam Avatar Creator
Live! Cam Avatar v1.0
Lords of Magic Special Edition Demo
Magic Online
Magicka
Majesty - Gold Edition
Majesty 2
Malwarebytes' Anti-Malware
McAfee SecurityCenter
MediaDirect
Microsoft Office Excel MUI (English) 2007
Microsoft Office Home and Student 2007
Microsoft Office OneNote MUI (English) 2007
Microsoft Office PowerPoint MUI (English) 2007
Microsoft Office PowerPoint Viewer 2007 (English)
Microsoft Office Proof (English) 2007
Microsoft Office Proof (French) 2007
Microsoft Office Proof (Spanish) 2007
Microsoft Office Proofing (English) 2007
Microsoft Office Shared MUI (English) 2007
Microsoft Office Shared Setup Metadata MUI (English) 2007
Microsoft Office Word MUI (English) 2007
Microsoft Visual C++ 2005 Redistributable
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
Microsoft XNA Framework Redistributable 3.1
Mozilla Firefox (3.6.16)
MSXML 4.0 SP2 (KB927978)
MSXML 4.0 SP2 (KB954430)
MSXML 4.0 SP2 (KB973688)
MSXML4 Parser
NVIDIA PhysX
Octoshape Streaming Services
OpenAL
Orbit Downloader
OutlookAddinSetup
Overlord II
Pando Media Booster
Pharaoh
Plain Sight
Pocket Tanks v1.3
Portal
PunkBuster Services
QualXServ Service Agreement
QuickTime
R.U.S.E. Demo
Railroad Tycoon 3
Razer DeathAdder(TM) Mouse
Roxio Creator Audio
Roxio Creator Copy
Roxio Creator Data
Roxio Creator DE
Roxio Creator Tools
Roxio Express Labeler 3
Roxio Update Manager
Safari
Search Toolbar
Security Update for Microsoft .NET Framework 3.5 SP1 (KB2416473)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2160841)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2446708)
Sid Meier's Civilization V - Demo
Sierra Utilities
Source SDK
SPORE™
StarCraft II
StarCraft II Beta
Steam
Team Fortress 2
Update for Microsoft .NET Framework 3.5 SP1 (KB963707)
Update for Microsoft .NET Framework 4 Client Profile (KB2473228)
Windows 7 Upgrade Advisor
Windows Media Player Firefox Plugin
Xiph QuickTime Components
.
==== End Of File ===========================
 
Please, observe following rules:
  • Read all of my instructions very carefully. Your mistakes during cleaning process may have very serious consequences, like unbootable computer.
  • If you're stuck, or you're not sure about certain step, always ask before doing anything else.
  • Please refrain from running tools or applying updates other than those I suggest.
  • Never run more than one scan at a time.
  • Keep updating me regarding your computer behavior, good, or bad.
  • The cleaning process, once started, has to be completed. Even if your computer appears to act better, it may still be infected. Once the computer is totally clean, I'll certainly let you know.
  • If you leave the topic without explanation in the middle of a cleaning process, you may not be eligible to receive any more help in malware removal forum.
  • I close my topics if you have not replied in 5 days. If you need more time, simply let me know. If I closed your topic and you need it to be reopened, simply PM me.

=====================================================================

Download MBRCheck to your desktop

Double click MBRCheck.exe to run (Vista and Windows 7 users, right click and select Run as Administrator).
It will show a black screen with some data on it.
Enter N to exit.
A report called MBRcheckxxxx.txt will be on your desktop
Open this report and post its content in your next reply.

=======================================================================

Please download ComboFix from Here or Here to your Desktop.

**Note: In the event you already have Combofix, this is a new version that I need you to download. It is important that it is saved directly to your desktop**
  1. Please, never rename Combofix unless instructed.
  2. Close any open browsers.
  3. Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.
    • Very Important! Temporarily disable your anti-virus, script blocking and any anti-malware real-time protection before performing a scan. They can interfere with ComboFix or remove some of its embedded files which may cause "unpredictable results".
    • Click on this link to see a list of programs that should be disabled. The list is not all inclusive. If yours is not listed and you don't know how to disable it, please ask.
    NOTE1. If Combofix asks you to install Recovery Console, please allow it.
    NOTE 2. If Combofix asks you to update the program, always do so.
    • Close any open browsers.
    • WARNING: Combofix will disconnect your machine from the Internet as soon as it starts
    • Please do not attempt to re-connect your machine back to the Internet until Combofix has completely finished.
    • If there is no internet connection after running Combofix, then restart your computer to restore back your connection.
  4. Double click on combofix.exe & follow the prompts.
  5. When finished, it will produce a report for you.
  6. Please post the "C:\ComboFix.txt"
**Note 1: Do not mouseclick combofix's window while it's running. That may cause it to stall
**Note 2 for AVG users: ComboFix will not run until AVG is uninstalled as a protective measure against the anti-virus. This is because AVG "falsely" detects ComboFix (or its embedded files) as a threat and may remove them resulting in the tool not working correctly which in turn can cause "unpredictable results". Since AVG cannot be effectively disabled before running ComboFix, the author recommends you to uninstall AVG first.
Use AppRemover to uninstall it: https://www.techspot.com/downloads/5514-appremover.html
We can reinstall it when we're done with CF.
**Note 3: If you receive an error "Illegal operation attempted on a registery key that has been marked for deletion", restart computer to fix the issue.



Make sure, you re-enable your security programs, when you're done with Combofix.

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

NOTE.
If, for some reason, Combofix refuses to run, try one of the following:

1. Run Combofix from Safe Mode.

2. Delete Combofix file, download fresh one, but rename combofix.exe to your_name.exe BEFORE saving it to your desktop.
Do NOT run it yet.

Please download and run the below tool named Rkill (courtesy of BleepingComputer.com) which may help allow other programs to run.

There are 4 different versions. If one of them won't run then download and try to run the other one.

Vista and Win7 users need to right click Rkill and choose Run as Administrator

You only need to get one of these to run, not all of them. You may get warnings from your antivirus about this tool, ignore them or shutdown your antivirus.

Rkill.com
Rkill.scr
Rkill.exe

  • Double-click on the Rkill desktop icon to run the tool.
  • If using Vista or Windows 7 right-click on it and choose Run As Administrator.
  • A black DOS box will briefly flash and then disappear. This is normal and indicates the tool ran successfully.
  • If not, delete the file, then download and use the one provided in Link 2.
  • If it does not work, repeat the process and attempt to use one of the remaining links until the tool runs.
  • Do not reboot until instructed.
  • If the tool does not run from any of the links provided, please let me know.

Once you've gotten one of them to run, immediately run your_name.exe by double clicking on it.

If normal mode still doesn't work, run BOTH tools from safe mode.

In case #2, please post BOTH logs, rKill and Combofix.

DO NOT make any other changes to your computer (like installing programs, using other cleaning tools, etc.), until it's officially declared clean!!!
 
Here are the MBRCheck and Combofix logs

MBRCheck, version 1.2.3
(c) 2010, AD

Command-line:
Windows Version: Windows Vista Home Premium Edition
Windows Information: Service Pack 2 (build 6002), 64-bit
Base Board Manufacturer: Dell Inc.
BIOS Manufacturer: Dell Inc.
System Manufacturer: Dell Inc.
System Product Name: XPS M1530
Logical Drives Mask: 0x0000001c

Kernel Drivers (total 153):
0x02252000 \SystemRoot\system32\ntoskrnl.exe
0x0220C000 \SystemRoot\system32\hal.dll
0x00608000 \SystemRoot\system32\kdcom.dll
0x00612000 \SystemRoot\system32\mcupdate_GenuineIntel.dll
0x0064D000 \SystemRoot\system32\PSHED.dll
0x00661000 \SystemRoot\system32\CLFS.SYS
0x006BE000 \SystemRoot\system32\CI.dll
0x0080C000 \SystemRoot\system32\drivers\Wdf01000.sys
0x008E6000 \SystemRoot\system32\drivers\WDFLDR.SYS
0x008F4000 \SystemRoot\system32\drivers\acpi.sys
0x0094A000 \SystemRoot\system32\drivers\WMILIB.SYS
0x00953000 \SystemRoot\system32\drivers\msisadrv.sys
0x0095D000 \SystemRoot\system32\drivers\pci.sys
0x0098D000 \SystemRoot\System32\drivers\partmgr.sys
0x009A2000 \SystemRoot\system32\DRIVERS\compbatt.sys
0x009A6000 \SystemRoot\system32\DRIVERS\BATTC.SYS
0x009B2000 \SystemRoot\system32\drivers\volmgr.sys
0x00770000 \SystemRoot\System32\drivers\volmgrx.sys
0x009C6000 \SystemRoot\system32\DRIVERS\intelide.sys
0x009CE000 \SystemRoot\system32\DRIVERS\PCIIDEX.SYS
0x009DE000 \SystemRoot\system32\drivers\pciide.sys
0x009E5000 \SystemRoot\System32\drivers\mountmgr.sys
0x00A05000 \SystemRoot\system32\drivers\iastor.sys
0x00B09000 \SystemRoot\system32\drivers\atapi.sys
0x00B11000 \SystemRoot\system32\drivers\ataport.SYS
0x00B35000 \SystemRoot\system32\drivers\fltmgr.sys
0x00B7C000 \SystemRoot\system32\drivers\fileinfo.sys
0x00C05000 \SystemRoot\system32\drivers\mfehidk.sys
0x00C84000 \SystemRoot\System32\Drivers\PxHlpa64.sys
0x00C90000 \SystemRoot\System32\Drivers\ksecdd.sys
0x00E04000 \SystemRoot\system32\drivers\ndis.sys
0x00D17000 \SystemRoot\system32\drivers\msrpc.sys
0x00D67000 \SystemRoot\system32\drivers\NETIO.SYS
0x0100B000 \SystemRoot\System32\Drivers\Ntfs.sys
0x0118B000 \SystemRoot\system32\drivers\volsnap.sys
0x011CF000 \SystemRoot\System32\Drivers\spldr.sys
0x011D7000 \SystemRoot\System32\Drivers\mup.sys
0x00FC7000 \SystemRoot\System32\drivers\ecache.sys
0x011E9000 \SystemRoot\system32\drivers\disk.sys
0x00DC0000 \SystemRoot\system32\drivers\CLASSPNP.SYS
0x01000000 \SystemRoot\system32\drivers\crcdisk.sys
0x02108000 \SystemRoot\system32\DRIVERS\tunnel.sys
0x02115000 \SystemRoot\system32\DRIVERS\tunmp.sys
0x0211E000 \SystemRoot\system32\DRIVERS\intelppm.sys
0x02403000 \SystemRoot\system32\DRIVERS\nvlddmkm.sys
0x02209000 \SystemRoot\System32\drivers\dxgkrnl.sys
0x022EC000 \SystemRoot\System32\drivers\watchdog.sys
0x022FC000 \SystemRoot\system32\DRIVERS\usbuhci.sys
0x02308000 \SystemRoot\system32\DRIVERS\USBPORT.SYS
0x0234E000 \SystemRoot\system32\DRIVERS\usbehci.sys
0x02E0F000 \SystemRoot\system32\DRIVERS\HDAudBus.sys
0x02EFC000 \SystemRoot\system32\DRIVERS\yk60x64.sys
0x0300E000 \SystemRoot\system32\DRIVERS\bcmwl664.sys
0x03186000 \SystemRoot\system32\DRIVERS\ohci1394.sys
0x03198000 \SystemRoot\system32\DRIVERS\1394BUS.SYS
0x031A8000 \SystemRoot\system32\DRIVERS\sdbus.sys
0x031C8000 \SystemRoot\system32\DRIVERS\rimmpx64.sys
0x031DD000 \SystemRoot\system32\DRIVERS\rimspx64.sys
0x02F5A000 \SystemRoot\system32\DRIVERS\rixdpx64.sys
0x02FB1000 \SystemRoot\system32\DRIVERS\i8042prt.sys
0x02FC7000 \SystemRoot\system32\DRIVERS\Apfiltr.sys
0x031F4000 \SystemRoot\system32\DRIVERS\mouclass.sys
0x03000000 \SystemRoot\system32\DRIVERS\kbdclass.sys
0x0235F000 \SystemRoot\system32\DRIVERS\cdrom.sys
0x02E00000 \SystemRoot\system32\DRIVERS\GEARAspiWDM.sys
0x0237B000 \SystemRoot\system32\DRIVERS\CmBatt.sys
0x02380000 \SystemRoot\system32\DRIVERS\wmiacpi.sys
0x02389000 \SystemRoot\system32\DRIVERS\msiscsi.sys
0x02D4C000 \SystemRoot\system32\DRIVERS\storport.sys
0x023C2000 \SystemRoot\system32\DRIVERS\TDI.SYS
0x023CF000 \SystemRoot\system32\DRIVERS\rasl2tp.sys
0x023F2000 \SystemRoot\system32\DRIVERS\ndistapi.sys
0x02DA9000 \SystemRoot\system32\DRIVERS\ndiswan.sys
0x02DDA000 \SystemRoot\system32\DRIVERS\raspppoe.sys
0x02131000 \SystemRoot\system32\DRIVERS\rassstp.sys
0x02E0D000 \SystemRoot\system32\DRIVERS\vHidDev.sys
0x02DEA000 \SystemRoot\system32\DRIVERS\HIDCLASS.SYS
0x02200000 \SystemRoot\system32\DRIVERS\HIDPARSE.SYS
0x02149000 \SystemRoot\system32\DRIVERS\termdd.sys
0x02FFC000 \SystemRoot\system32\DRIVERS\swenum.sys
0x0215C000 \SystemRoot\system32\DRIVERS\ks.sys
0x02190000 \SystemRoot\system32\DRIVERS\mssmbios.sys
0x0219B000 \SystemRoot\system32\DRIVERS\umbus.sys
0x021AB000 \SystemRoot\system32\DRIVERS\usbhub.sys
0x00B90000 \SystemRoot\System32\Drivers\NDProxy.SYS
0x021F3000 \SystemRoot\system32\DRIVERS\mouhid.sys
0x00FF3000 \SystemRoot\system32\DRIVERS\kbdhid.sys
0x03E06000 \SystemRoot\system32\drivers\stwrt64.sys
0x03E6A000 \SystemRoot\system32\drivers\portcls.sys
0x03EA5000 \SystemRoot\system32\drivers\drmk.sys
0x03EC8000 \SystemRoot\system32\drivers\ksthunk.sys
0x03ECE000 \SystemRoot\system32\DRIVERS\usbccgp.sys
0x03EEA000 \SystemRoot\system32\DRIVERS\USBD.SYS
0x03EEC000 \SystemRoot\system32\DRIVERS\OEM02Dev.sys
0x03F2E000 \SystemRoot\system32\DRIVERS\OEM02Vfx.sys
0x03F37000 \SystemRoot\System32\Drivers\Fs_Rec.SYS
0x03F41000 \SystemRoot\System32\Drivers\tcusb.sys
0x03F53000 \SystemRoot\System32\Drivers\Null.SYS
0x03F5C000 \SystemRoot\System32\drivers\vga.sys
0x03F6A000 \SystemRoot\System32\drivers\VIDEOPRT.SYS
0x03F8F000 \SystemRoot\System32\DRIVERS\RDPCDD.sys
0x03F98000 \SystemRoot\system32\drivers\rdpencdd.sys
0x03FA1000 \SystemRoot\System32\Drivers\Msfs.SYS
0x03FAC000 \SystemRoot\System32\Drivers\Npfs.SYS
0x03FBD000 \SystemRoot\System32\DRIVERS\rasacd.sys
0x04201000 \SystemRoot\System32\drivers\tcpip.sys
0x04377000 \SystemRoot\System32\drivers\fwpkclnt.sys
0x043A3000 \SystemRoot\system32\drivers\mfewfpk.sys
0x03FC6000 \SystemRoot\system32\DRIVERS\tdx.sys
0x03FE3000 \SystemRoot\system32\DRIVERS\smb.sys
0x00BA4000 \SystemRoot\System32\DRIVERS\netbt.sys
0x04005000 \SystemRoot\system32\drivers\afd.sys
0x04070000 \SystemRoot\system32\DRIVERS\pacer.sys
0x0408E000 \SystemRoot\system32\DRIVERS\mfenlfk.sys
0x0409F000 \SystemRoot\system32\DRIVERS\netbios.sys
0x040AE000 \SystemRoot\system32\DRIVERS\wanarp.sys
0x040C9000 \SystemRoot\system32\DRIVERS\rdbss.sys
0x04116000 \SystemRoot\system32\drivers\nsiproxy.sys
0x04122000 \SystemRoot\System32\Drivers\dfsc.sys
0x0413F000 \SystemRoot\system32\drivers\mfeavfk.sys
0x0416C000 \SystemRoot\system32\drivers\mfefirek.sys
0x02000000 \SystemRoot\system32\DRIVERS\udfs.sys
0x041D6000 \SystemRoot\System32\Drivers\crashdmp.sys
0x0440E000 \SystemRoot\System32\Drivers\dump_iaStor.sys
0x00050000 \SystemRoot\System32\win32k.sys
0x04512000 \SystemRoot\System32\drivers\Dxapi.sys
0x004B0000 \SystemRoot\System32\TSDDD.dll
0x006E0000 \SystemRoot\System32\cdd.dll
0x04531000 \SystemRoot\system32\drivers\luafv.sys
0x04553000 \SystemRoot\system32\drivers\spsys.sys
0x041E4000 \SystemRoot\system32\DRIVERS\lltdio.sys
0x0204E000 \SystemRoot\system32\DRIVERS\nwifi.sys
0x045ED000 \SystemRoot\system32\DRIVERS\ndisuio.sys
0x043E7000 \SystemRoot\system32\DRIVERS\rspndr.sys
0x08806000 \SystemRoot\system32\drivers\HTTP.sys
0x088A9000 \SystemRoot\System32\DRIVERS\srvnet.sys
0x088D2000 \SystemRoot\system32\DRIVERS\bowser.sys
0x088F0000 \SystemRoot\System32\drivers\mpsdrv.sys
0x0890A000 \SystemRoot\system32\drivers\mrxdav.sys
0x08931000 \SystemRoot\system32\DRIVERS\mrxsmb.sys
0x0895A000 \SystemRoot\system32\DRIVERS\mrxsmb10.sys
0x089A3000 \SystemRoot\system32\DRIVERS\mrxsmb20.sys
0x089C2000 \SystemRoot\System32\DRIVERS\srv2.sys
0x08C0A000 \SystemRoot\System32\DRIVERS\srv.sys
0x08C9D000 \SystemRoot\system32\drivers\peauth.sys
0x08D53000 \SystemRoot\System32\Drivers\secdrv.SYS
0x08D5E000 \SystemRoot\System32\Drivers\fastfat.SYS
0x08D93000 \SystemRoot\System32\drivers\tcpipreg.sys
0x08DD0000 \SystemRoot\system32\drivers\cfwids.sys
0x08DDE000 \SystemRoot\system32\drivers\BCM42RLY.sys
0x08DE7000 \SystemRoot\system32\DRIVERS\monitor.sys
0x08DA3000 \SystemRoot\system32\drivers\mfeapfk.sys
0x77AC0000 \Windows\System32\ntdll.dll

Processes (total 80):
0 System Idle Process
4 System
532 C:\Windows\System32\smss.exe
636 csrss.exe
680 C:\Windows\System32\wininit.exe
700 csrss.exe
736 C:\Windows\System32\services.exe
748 C:\Windows\System32\lsass.exe
756 C:\Windows\System32\lsm.exe
912 C:\Windows\System32\svchost.exe
956 C:\Windows\System32\nvvsvc.exe
984 C:\Windows\System32\svchost.exe
388 C:\Windows\System32\svchost.exe
408 C:\Windows\System32\svchost.exe
460 C:\Windows\System32\svchost.exe
564 C:\Windows\System32\winlogon.exe
752 C:\Windows\System32\audiodg.exe
360 C:\Windows\System32\svchost.exe
464 C:\Windows\System32\SLsvc.exe
1112 C:\Windows\System32\svchost.exe
1180 C:\Program Files\Dell\DellDock\DockLogin.exe
1252 C:\Windows\System32\rundll32.exe
1336 C:\Windows\System32\svchost.exe
1384 C:\Program Files\Fingerprint Reader Suite\upeksvr.exe
1652 C:\Windows\System32\WLTRYSVC.EXE
1664 C:\Windows\System32\BCMWLTRY.EXE
1772 C:\Windows\System32\spoolsv.exe
1868 C:\Windows\System32\svchost.exe
1944 C:\Windows\System32\wlanext.exe
1372 C:\Windows\System32\DriverStore\FileRepository\stwrt64.inf_bb0e6831\AESTSr64.exe
1720 C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
1788 C:\Program Files (x86)\Bonjour\mDNSResponder.exe
1980 C:\Windows\System32\lxeccoms.exe
540 C:\Program Files\Common Files\McAfee\SystemCore\mfevtps.exe
2096 C:\Windows\SysWOW64\PnkBstrA.exe
2124 C:\Windows\System32\svchost.exe
2148 C:\Windows\System32\DriverStore\FileRepository\stwrt64.inf_bb0e6831\stacsv64.exe
2268 C:\Windows\System32\svchost.exe
2300 C:\Windows\System32\svchost.exe
2364 C:\Windows\System32\SearchIndexer.exe
2408 C:\Program Files\Common Files\McAfee\SystemCore\mcshield.exe
2436 C:\Program Files\Common Files\McAfee\SystemCore\mfefire.exe
2516 C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe
2724 C:\Windows\System32\taskeng.exe
936 C:\Windows\System32\dwm.exe
2344 C:\Windows\explorer.exe
2804 C:\Windows\System32\taskeng.exe
3548 C:\Program Files\DellTPad\Apoint.exe
3564 C:\Windows\System32\rundll32.exe
3572 C:\Windows\System32\rundll32.exe
3600 C:\Windows\System32\WLTRAY.EXE
3608 C:\Program Files\Sigmatel\C-Major Audio\WDM\sttray64.exe
3624 C:\Program Files (x86)\Lexmark Pro800-Pro900 Series\lxecmon.exe
3632 C:\Program Files (x86)\Lexmark Pro800-Pro900 Series\ezprint.exe
3640 C:\Program Files (x86)\Steam\Steam.exe
3660 C:\Program Files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
3696 C:\Users\Mike\AppData\Roaming\Octoshape\Octoshape Streaming Services\OctoshapeClient.exe
3704 C:\Windows\ehome\ehtray.exe
3776 C:\Windows\OEM02Mon.exe
3784 C:\Program Files\McAfee.com\Agent\mcagent.exe
3828 C:\Program Files (x86)\iTunes\iTunesHelper.exe
3884 C:\Program Files (x86)\Razer\DeathAdder\razerhid.exe
3900 C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
4004 C:\Program Files\Fingerprint Reader Suite\psqltray.exe
3256 C:\Windows\ehome\ehmsas.exe
1048 C:\Program Files\iPod\bin\iPodService.exe
2200 C:\Program Files (x86)\Razer\DeathAdder\razerofa.exe
4640 C:\Program Files\DellTPad\ApMsgFwd.exe
4700 C:\Program Files\DellTPad\hidfind.exe
4708 C:\Program Files\DellTPad\ApntEx.exe
2736 C:\Windows\System32\svchost.exe
4000 C:\Program Files (x86)\Common Files\Steam\SteamService.exe
4536 C:\Users\Mike\AppData\Local\Google\Chrome\Application\chrome.exe
4384 C:\Users\Mike\AppData\Local\Google\Chrome\Application\chrome.exe
3036 C:\Windows\SysWOW64\rundll32.exe
2872 C:\Users\Mike\AppData\Local\Google\Chrome\Application\chrome.exe
5404 C:\Users\Mike\AppData\Local\Google\Chrome\Application\chrome.exe
4360 dllhost.exe
5660 dllhost.exe
2708 C:\Users\Mike\Desktop\MBRCheck (2).exe

\\.\C: --> \\.\PhysicalDrive0 at offset 0x00000003`c3700000 (NTFS)
\\.\D: --> \\.\PhysicalDrive0 at offset 0x00000000`03700000 (NTFS)

PhysicalDrive0 Model Number: TOSHIBAMK5055GSX, Rev: FG000D

Size Device Name MBR Status
--------------------------------------------
465 GB \\.\PhysicalDrive0 Unknown MBR code
SHA1: 0C0E7F154151469D03B17DE3B60CAFCFD0398D69


Found non-standard or infected MBR.
Enter 'Y' and hit ENTER for more options, or 'N' to exit:

Done!







ComboFix 11-04-24.03 - Mike 04/24/2011 22:44:18.1.2 - x64
Microsoft® Windows Vista™ Home Premium 6.0.6002.2.1252.1.1033.18.4093.2121 [GMT -4:00]
Running from: c:\users\Mike\Desktop\ComboFix.exe
AV: McAfee Anti-Virus and Anti-Spyware *Disabled/Updated* {86355677-4064-3EA7-ABB3-1B136EB04637}
FW: McAfee Firewall *Disabled* {BE0ED752-0A0B-3FFF-80EC-B2269063014C}
SP: McAfee Anti-Virus and Anti-Spyware *Disabled/Updated* {3D54B793-665E-3129-9103-206115370C8A}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\program files (x86)\Search Toolbar
c:\program files (x86)\Search Toolbar\icon.ico
c:\program files (x86)\Search Toolbar\SearchToolbar.dll
c:\program files (x86)\Search Toolbar\SearchToolbarUninstall.exe
c:\program files (x86)\Search Toolbar\SearchToolbarUpdater.exe
c:\programdata\Amazon.ico
c:\programdata\MercadoLivre.ico
c:\programdata\QuickStores.ico
c:\users\Mike\DeathAdder_driver_v3.01_Eng.exe
.
.
((((((((((((((((((((((((( Files Created from 2011-03-25 to 2011-04-25 )))))))))))))))))))))))))))))))
.
.
2011-04-25 03:05 . 2011-04-25 03:09 -------- d-----w- c:\users\Mike\AppData\Local\temp
2011-04-25 03:05 . 2011-04-25 03:05 -------- d-----w- c:\users\Default\AppData\Local\temp
2011-04-15 19:47 . 2011-04-15 19:47 -------- d-----w- c:\program files (x86)\Common Files\Java
2011-04-15 19:47 . 2011-02-03 01:40 472808 ----a-w- c:\program files (x86)\Mozilla Firefox\plugins\npdeployJava1.dll
2011-04-15 19:47 . 2011-02-03 01:40 472808 ----a-w- c:\windows\SysWow64\deployJava1.dll
2011-04-15 19:20 . 2011-02-18 14:16 274432 ----a-w- c:\windows\system32\drivers\mrxsmb10.sys
2011-04-15 19:20 . 2011-02-18 14:16 135680 ----a-w- c:\windows\system32\drivers\mrxsmb.sys
2011-04-15 19:20 . 2011-02-18 14:16 106496 ----a-w- c:\windows\system32\drivers\mrxsmb20.sys
2011-04-15 19:20 . 2011-02-18 14:16 90624 ----a-w- c:\windows\system32\drivers\bowser.sys
2011-04-15 19:20 . 2011-03-03 16:02 975872 ----a-w- c:\windows\system32\inetcomm.dll
2011-04-15 19:20 . 2011-03-03 15:42 739328 ----a-w- c:\windows\SysWow64\inetcomm.dll
2011-04-15 19:20 . 2011-03-03 10:51 2409784 ----a-w- c:\program files\Windows Mail\OESpamFilter.dat
2011-04-15 19:20 . 2011-03-03 10:50 2409784 ----a-w- c:\program files (x86)\Windows Mail\OESpamFilter.dat
2011-04-15 19:18 . 2011-03-02 16:12 117760 ----a-w- c:\windows\system32\dnsrslvr.dll
2011-04-15 19:18 . 2009-05-04 10:21 28672 ----a-w- c:\windows\system32\dnscacheugc.exe
2011-04-15 19:18 . 2009-05-04 09:59 25088 ----a-w- c:\windows\SysWow64\dnscacheugc.exe
2011-04-04 07:02 . 2009-10-09 21:56 2048 ----a-w- c:\windows\SysWow64\winrsmgr.dll
2011-04-04 07:02 . 2009-10-09 21:35 2048 ----a-w- c:\windows\system32\winrsmgr.dll
2011-04-04 07:02 . 2009-10-09 21:35 13312 ----a-w- c:\windows\system32\wsmplpxy.dll
2011-04-04 07:02 . 2009-10-09 21:34 13312 ----a-w- c:\windows\system32\winrssrv.dll
2011-04-04 07:02 . 2009-10-09 21:56 10240 ----a-w- c:\windows\SysWow64\wsmplpxy.dll
2011-04-04 07:02 . 2009-10-09 21:56 10240 ----a-w- c:\windows\SysWow64\winrssrv.dll
2011-03-31 07:39 . 2011-03-31 07:39 -------- d-----w- c:\windows\SysWow64\spool
2011-03-31 07:39 . 2011-03-31 07:39 -------- d-----w- c:\program files (x86)\Windows Portable Devices
2011-03-31 07:39 . 2011-03-31 07:39 -------- d-----w- c:\program files\Windows Portable Devices
2011-03-31 07:15 . 2009-10-01 01:02 30208 ----a-w- c:\windows\SysWow64\WPDShextAutoplay.exe
2011-03-31 07:12 . 2009-10-08 21:07 4096 ----a-w- c:\windows\SysWow64\oleaccrc.dll
2011-03-31 07:12 . 2009-10-08 21:07 4096 ----a-w- c:\windows\system32\oleaccrc.dll
2011-03-31 07:12 . 2009-10-08 21:08 736256 ----a-w- c:\windows\system32\UIAutomationCore.dll
2011-03-31 07:12 . 2009-10-08 21:08 555520 ----a-w- c:\windows\SysWow64\UIAutomationCore.dll
2011-03-31 07:12 . 2009-10-08 21:08 234496 ----a-w- c:\windows\SysWow64\oleacc.dll
2011-03-31 07:12 . 2009-10-08 21:07 315904 ----a-w- c:\windows\system32\oleacc.dll
2011-03-31 07:02 . 2009-09-10 02:05 103424 ----a-w- c:\windows\system32\UIAnimation.dll
2011-03-31 07:02 . 2009-09-10 02:00 92672 ----a-w- c:\windows\SysWow64\UIAnimation.dll
2011-03-31 07:02 . 2009-09-10 02:06 1164800 ----a-w- c:\windows\system32\UIRibbonRes.dll
2011-03-31 07:02 . 2009-09-10 02:07 3815424 ----a-w- c:\windows\system32\UIRibbon.dll
2011-03-31 07:02 . 2009-09-10 02:00 1164800 ----a-w- c:\windows\SysWow64\UIRibbonRes.dll
2011-03-31 07:02 . 2009-09-10 02:01 3023360 ----a-w- c:\windows\SysWow64\UIRibbon.dll
2011-03-30 00:44 . 2011-01-20 16:46 900480 ----a-w- c:\windows\system32\drivers\dxgkrnl.sys
2011-03-30 00:42 . 2011-02-22 14:13 288768 ----a-w- c:\windows\SysWow64\XpsGdiConverter.dll
2011-03-30 00:42 . 2011-02-22 14:47 479744 ----a-w- c:\windows\system32\XpsGdiConverter.dll
2011-03-30 00:42 . 2011-02-22 13:53 1555968 ----a-w- c:\windows\system32\DWrite.dll
2011-03-30 00:42 . 2011-02-22 13:53 1149440 ----a-w- c:\windows\system32\FntCache.dll
2011-03-30 00:42 . 2011-02-22 13:33 1068544 ----a-w- c:\windows\SysWow64\DWrite.dll
2011-03-30 00:40 . 2009-09-10 15:27 1486848 ----a-w- c:\program files\Windows Media Player\setup_wm.exe
2011-03-30 00:40 . 2009-09-10 14:58 1418752 ----a-w- c:\program files (x86)\Windows Media Player\setup_wm.exe
2011-03-30 00:40 . 2009-09-10 15:27 372736 ----a-w- c:\windows\system32\unregmp2.exe
2011-03-30 00:40 . 2009-09-10 14:58 310784 ----a-w- c:\windows\SysWow64\unregmp2.exe
2011-03-30 00:36 . 2009-10-23 17:30 880640 ----a-w- c:\windows\system32\timedate.cpl
2011-03-30 00:36 . 2009-10-23 17:10 714240 ----a-w- c:\windows\SysWow64\timedate.cpl
2011-03-30 00:36 . 2010-01-25 12:00 471552 ----a-w- c:\windows\SysWow64\secproc_isv.dll
2011-03-30 00:36 . 2010-01-25 12:00 471552 ----a-w- c:\windows\SysWow64\secproc.dll
2011-03-30 00:36 . 2010-01-25 12:10 538624 ----a-w- c:\windows\system32\secproc_isv.dll
2011-03-30 00:32 . 2010-08-26 17:42 1927680 ----a-w- c:\windows\system32\gameux.dll
2011-03-30 00:32 . 2010-08-26 16:34 1696256 ----a-w- c:\windows\SysWow64\gameux.dll
2011-03-30 00:31 . 2010-08-26 17:40 32256 ----a-w- c:\windows\system32\Apphlpdm.dll
2011-03-30 00:31 . 2010-08-26 16:33 28672 ----a-w- c:\windows\SysWow64\Apphlpdm.dll
2011-03-30 00:31 . 2010-08-26 14:23 4240384 ----a-w- c:\windows\SysWow64\GameUXLegacyGDFs.dll
2011-03-30 00:31 . 2010-08-26 15:30 4240384 ----a-w- c:\windows\system32\GameUXLegacyGDFs.dll
2011-03-26 04:46 . 2011-03-26 04:46 -------- d-----w- c:\users\Mike\AppData\Roaming\AnvSoft
2011-03-26 04:46 . 2011-03-26 04:46 -------- d-----w- c:\program files (x86)\AnvSoft
2011-03-26 04:42 . 2010-12-22 03:41 80896 ----a-w- c:\windows\SysWow64\ff_vfw.dll
2011-03-26 04:42 . 2011-03-26 04:42 -------- d-----w- c:\program files (x86)\ffdshow
2011-03-26 03:16 . 2010-10-01 05:11 462112 ----a-w- c:\program files (x86)\Common Files\ZugoInstaller.exe
2011-03-26 03:16 . 2011-03-26 03:16 -------- d-----w- c:\program files (x86)\Free YouTube Downloader
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2011-01-28 15:49 . 2011-01-28 15:49 388096 ----a-r- c:\users\Mike\AppData\Roaming\Microsoft\Installer\{45A66726-69BC-466B-A7A4-12FCBA4883D7}\HiJackThis.exe
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Steam"="c:\program files (x86)\Steam\Steam.exe" [2010-11-20 1242448]
"swg"="c:\program files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2009-08-12 39408]
"Octoshape Streaming Services"="c:\users\Mike\AppData\Roaming\Octoshape\Octoshape Streaming Services\OctoshapeClient.exe" [2009-01-08 70936]
"ehTray.exe"="c:\windows\ehome\ehTray.exe" [2008-01-21 138240]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"OEM02Mon.exe"="c:\windows\OEM02Mon.exe" [2008-08-06 36864]
"mcui_exe"="c:\program files\McAfee.com\Agent\mcagent.exe" [2010-09-30 1484856]
"QuickTime Task"="c:\program files (x86)\QuickTime\QTTask.exe" [2010-11-29 421888]
"iTunesHelper"="c:\program files (x86)\iTunes\iTunesHelper.exe" [2010-12-13 421160]
"DeathAdder"="c:\program files (x86)\Razer\DeathAdder\razerhid.exe" [2010-05-05 251392]
"SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe" [2010-10-29 249064]
.
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\MRI_DISABLED
QuickSet.lnk - c:\program files\Dell\QuickSet\quickset.exe [2008-2-22 1556560]
.
c:\users\Default User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
Dell Dock First Run.lnk - c:\program files\Dell\DellDock\DellDock.exe [2009-5-28 1320288]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableUIADesktopToggle"= 0 (0x0)
"DisableCAD"= 1 (0x1)
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\drivers32]
"mixer1"=wdmaud.drv
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\mcmscsvc]
@=""
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MCODS]
@=""
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]
@="Driver"
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe ARM]
2009-12-11 20:57 948672 ----a-r- c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher]
2009-12-22 06:57 35760 ----a-w- c:\program files (x86)\Adobe\Reader 9.0\Reader\reader_sl.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Dell DataSafe Online]
2009-11-13 21:15 1807600 ----a-w- c:\program files (x86)\Dell DataSafe Online\DataSafeOnline.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DELL Webcam Manager]
2007-07-27 21:43 118784 ----a-w- c:\program files (x86)\Dell\Dell Webcam Manager\DellWMgr.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper]
2010-12-13 22:16 421160 ----a-w- c:\program files (x86)\iTunes\iTunesHelper.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\mcagent_exe]
2010-07-01 04:07 428064 ----a-w- c:\program files (x86)\McAfee.com\Agent\mcagent.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PCMService]
2007-12-21 15:58 184320 ----a-w- c:\program files (x86)\Dell\MediaDirect\PCMService.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
2010-11-29 22:38 421888 ----a-w- c:\program files (x86)\QuickTime\QTTask.exe
.
R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]
R2 gupdate;Google Update Service (gupdate);c:\program files (x86)\Google\Update\GoogleUpdate.exe [2010-02-11 135664]
R2 lxecCATSCustConnectService;lxecCATSCustConnectService;c:\windows\system32\spool\DRIVERS\x64\3\\lxecserv.exe [2010-04-15 45736]
R3 DAdderFltr;DeathAdder Mouse;c:\windows\system32\drivers\dadder.sys [x]
R3 mferkdet;McAfee Inc. mferkdet;c:\windows\system32\drivers\mferkdet.sys [x]
R3 USBAAPL64;Apple Mobile USB Driver;c:\windows\system32\Drivers\usbaapl64.sys [x]
R3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;c:\windows\Microsoft.NET\Framework64\v4.0.30319\WPF\WPFFontCache_v0400.exe [2010-03-18 1020768]
S0 PxHlpa64;PxHlpa64;c:\windows\System32\Drivers\PxHlpa64.sys [x]
S1 mfenlfk;McAfee NDIS Light Filter;c:\windows\system32\DRIVERS\mfenlfk.sys [x]
S1 mfewfpk;McAfee Inc. mfewfpk;c:\windows\system32\drivers\mfewfpk.sys [x]
S2 AESTFilters;Andrea ST Filters Service;c:\windows\System32\DriverStore\FileRepository\stwrt64.inf_bb0e6831\AESTSr64.exe [x]
S2 DockLoginService;Dock Login Service;c:\program files\Dell\DellDock\DockLogin.exe [2008-12-18 155648]
S2 lxec_device;lxec_device;c:\windows\system32\lxeccoms.exe [2010-04-14 1052328]
S2 McMPFSvc;McAfee Personal Firewall Service;c:\program files\Common Files\McAfee\McSvcHost\McSvHost.exe [2010-03-10 355440]
S2 McNaiAnn;McAfee VirusScan Announcer;c:\program files\Common Files\McAfee\McSvcHost\McSvHost.exe [2010-03-10 355440]
S2 mfefire;McAfee Firewall Core Service;c:\program files\Common Files\McAfee\SystemCore\\mfefire.exe [2010-10-14 245352]
S2 mfevtp;McAfee Validation Trust Protection Service;c:\program files\Common Files\McAfee\SystemCore\mfevtps.exe [2010-10-14 149032]
S3 cfwids;McAfee Inc. cfwids;c:\windows\system32\drivers\cfwids.sys [x]
S3 mfefirek;McAfee Inc. mfefirek;c:\windows\system32\drivers\mfefirek.sys [x]
S3 yukonx64;NDIS6.0 Miniport Driver for Marvell Yukon Ethernet Controller;c:\windows\system32\DRIVERS\yk60x64.sys [x]
.
.
--- Other Services/Drivers In Memory ---
.
*Deregistered* - mfeavfk01
.
Contents of the 'Scheduled Tasks' folder
.
2011-04-25 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2010-02-11 18:01]
.
2011-04-25 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2010-02-11 18:01]
.
2011-04-25 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2520582024-2885647733-2161914160-1000Core.job
- c:\users\Mike\AppData\Local\Google\Update\GoogleUpdate.exe [2010-03-12 00:56]
.
2011-04-25 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2520582024-2885647733-2161914160-1000UA.job
- c:\users\Mike\AppData\Local\Google\Update\GoogleUpdate.exe [2010-03-12 00:56]
.
2010-12-18 c:\windows\Tasks\User_Feed_Synchronization-{10A17ADA-F7FE-4E0E-ADE3-DF47CB0337D9}.job
- c:\windows\system32\msfeedssync.exe [2011-04-15 04:43]
.
.
--------- x86-64 -----------
.
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\UEAFOverlay]
@="{F2F31467-B1AC-4df0-AE79-FD5FA085E22B}"
[HKEY_CLASSES_ROOT\CLSID\{F2F31467-B1AC-4df0-AE79-FD5FA085E22B}]
2007-09-10 21:50 3380736 ----a-w- c:\program files\Fingerprint Reader Suite\farchns.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\UEAFOverlayOpen]
@="{A3E208F7-0E3A-4182-A7A6-B169D5D691AA}"
[HKEY_CLASSES_ROOT\CLSID\{A3E208F7-0E3A-4182-A7A6-B169D5D691AA}]
2007-09-10 21:50 3380736 ----a-w- c:\program files\Fingerprint Reader Suite\farchns.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"combofix"="c:\combofix\CF16326.cfxxe" [X]
"Apoint"="c:\program files\DellTPad\Apoint.exe" [2008-07-23 271872]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2008-09-25 15872032]
"NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2008-09-25 82464]
"NVHotkey"="c:\windows\system32\nvHotkey.dll" [2008-09-25 89120]
"PSQLLauncher"="c:\program files\Fingerprint Reader Suite\launcher.exe" [2007-04-17 67088]
"Broadcom Wireless Manager UI"="c:\windows\system32\WLTRAY.exe" [2008-12-18 4119552]
"lxecmon.exe"="c:\program files (x86)\Lexmark Pro800-Pro900 Series\lxecmon.exe" [2010-05-17 770728]
"EzPrint"="c:\program files (x86)\Lexmark Pro800-Pro900 Series\ezprint.exe" [2010-05-17 148280]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
"LoadAppInit_DLLs"=0x0
.
------- Supplementary Scan -------
.
uLocal Page = c:\windows\system32\blank.htm
uStart Page = hxxp://www.google.com/ig/dell?hl=en&client=dell-usuk&channel=us&ibd=0090811
mLocal Page = c:\windows\SysWOW64\blank.htm
uInternet Settings,ProxyOverride = <local>;*.local
IE: &Download by Orbit - c:\users\Mike\Downloads\orbit\Orbitdownloader\orbitmxt.dll/201
IE: &Grab video by Orbit - c:\users\Mike\Downloads\orbit\Orbitdownloader\orbitmxt.dll/204
IE: Do&wnload selected by Orbit - c:\users\Mike\Downloads\orbit\Orbitdownloader\orbitmxt.dll/203
IE: Down&load all by Orbit - c:\users\Mike\Downloads\orbit\Orbitdownloader\orbitmxt.dll/202
IE: E&xport to Microsoft Excel - c:\progra~2\MICROS~1\Office12\EXCEL.EXE/3000
IE: Google Sidewiki... - c:\program files (x86)\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_D183CA64F05FDD98.dll/cmsidewiki.html
FF - ProfilePath - c:\users\Mike\AppData\Roaming\Mozilla\Firefox\Profiles\o1lev4nw.default\
FF - prefs.js: browser.search.selectedEngine - Bing
FF - prefs.js: browser.startup.homepage - hxxp://www.bing.com/?pc=ZUGO&form=ZGAPHP
FF - prefs.js: keyword.URL - hxxp://www.bing.com/search?pc=ZUGO&form=ZGAADF&q=
FF - prefs.js: network.proxy.type - 0
FF - Ext: Default: {972ce4c6-7e08-4474-a285-3208198ce6fd} - c:\program files (x86)\Mozilla Firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA} - c:\program files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA}
FF - Ext: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension
FF - Ext: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - %profile%\extensions\{20a82645-c095-46ed-80e3-08825760534b}
FF - Ext: Undo Closed Tabs Button: undoclosedtabsbutton@supernova00.biz - %profile%\extensions\undoclosedtabsbutton@supernova00.biz
FF - Ext: Search Toolbar: searchtoolbar@zugo.com - %profile%\extensions\searchtoolbar@zugo.com
.
- - - - ORPHANS REMOVED - - - -
.
Wow6432Node-HKCU-Run-WMPNSCFG - c:\program files (x86)\Windows Media Player\WMPNSCFG.exe
MSConfigStartUp-SunJavaUpdateSched - c:\program files (x86)\Java\jre6\bin\jusched.exe
HKLM-Run-SigmatelSysTrayApp - %ProgramFiles%\SigmaTel\C-Major Audio\WDM\sttray64.exe
AddRemove-Adobe Shockwave Player - c:\windows\system32\Adobe\Shockwave 11\uninstaller.exe
AddRemove-PunkBusterSvc - c:\windows\system32\pbsvc.exe
AddRemove-Search Toolbar - c:\program files (x86)\Search Toolbar\SearchToolbarUninstall.exe
.
.
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_USERS\S-1-5-21-2520582024-2885647733-2161914160-1000\Software\SecuROM\License information*]
"datasecu"=hex:d7,98,0b,21,14,9a,fb,a5,84,10,56,ee,35,48,90,e5,03,af,af,da,74,
99,76,be,8d,11,bb,de,bc,4c,b0,58,66,f4,eb,26,c5,c2,68,0c,53,08,70,16,da,45,\
"rkeysecu"=hex:cb,bd,f2,61,5a,4e,c6,95,f2,29,8b,82,ba,6b,3d,44
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil10h_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil10h_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10h.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.10"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10h.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10h.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10h.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]
@Denied: (A 2) (Everyone)
@="IFlashBroker4"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\TypeLib\{D27CDB6B-AE6D-11CF-96B8-444553540000}]
@Denied: (A 2) (Everyone)
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\TypeLib\{D27CDB6B-AE6D-11CF-96B8-444553540000}\1.0]
@="Shockwave Flash"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\TypeLib\{FAB3E735-69C7-453B-A446-B6823C6DF1C9}]
@Denied: (A 2) (Everyone)
@=""
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\TypeLib\{FAB3E735-69C7-453B-A446-B6823C6DF1C9}\1.0]
@="FlashBroker"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\McAfee]
"SymbolicLinkValue"=hex(6):5c,00,72,00,65,00,67,00,69,00,73,00,74,00,72,00,79,
00,5c,00,6d,00,61,00,63,00,68,00,69,00,6e,00,65,00,5c,00,53,00,6f,00,66,00,\
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Classes]
"SymbolicLinkValue"=hex(6):5c,00,52,00,45,00,47,00,49,00,53,00,54,00,52,00,59,
00,5c,00,4d,00,41,00,43,00,48,00,49,00,4e,00,45,00,5c,00,53,00,4f,00,46,00,\
.
------------------------ Other Running Processes ------------------------
.
c:\program files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
c:\program files (x86)\Bonjour\mDNSResponder.exe
c:\windows\SysWOW64\PnkBstrA.exe
c:\program files (x86)\Razer\DeathAdder\razerofa.exe
c:\program files (x86)\Common Files\Steam\SteamService.exe
.
**************************************************************************
.
Completion time: 2011-04-24 23:20:17 - machine was rebooted
ComboFix-quarantined-files.txt 2011-04-25 03:20
.
Pre-Run: 278,198,476,800 bytes free
Post-Run: 277,725,757,440 bytes free
.
- - End Of File - - 598A1037BD4D42F07D70FAF2EC13E095
 
How is redirection?

Download Bootkit Remover to your Desktop.

  • You then need to extract the remover.exe file from the RAR using a program capable of extracing RAR compressed files. If you don't have an extraction program, you can use 7-Zip: http://www.7-zip.org/
  • After extracing remover.exe to your Desktop, double-click on remover.exe to run the program (Vista/7 users,right click on remover.exe and click Run As Administrator).
  • It will show a Black screen with some data on it.
  • Right click on the screen and click Select All.
  • Press CTRL+C
  • Open a Notepad and press CTRL+V
  • Post the output back here.
 
Wow you respond quickly! Well I'm not getting redirected after a few searches I just did it's been very intermittent so I wouldn't say that means a whole lot, here's the remover copy and paste.


Bootkit Remover
(c) 2009 eSage Lab
www.esagelab.com

Program version: 1.2.0.0
OS Version: Microsoft Windows Vista Home Premium Edition Service Pack 2 (build 6
002), 64-bit

System volume is \\.\C:
main(): CreateFile() ERROR 5
ERROR: Can't open volume device \\.\C:

Done;
Press any key to quit...
 
Download TDSSKiller and save it to your desktop.
  • Extract (unzip) its contents to your desktop.
  • Open the TDSSKiller folder and doubleclick on TDSSKiller.exe to run the application, then on Start Scan.
  • If an infected file is detected, the default action will be Cure, click on Continue.
  • If a suspicious file is detected, the default action will be Skip, click on Continue.
  • It may ask you to reboot the computer to complete the process. Click on Reboot Now.
  • If no reboot is require, click on Report. A log file should appear. Please copy and paste the contents of that file here.
  • If a reboot is required, the report can also be found in your root directory (usually C:\ folder) in the form of TDSSKiller_xxxx_log.txt. Please copy and paste the contents of that file here.
 
ok here's the report after a reboot


2011/04/24 23:57:08.0610 4236 TDSS rootkit removing tool 2.4.21.0 Mar 10 2011 12:26:28
2011/04/24 23:57:09.0300 4236 ================================================================================
2011/04/24 23:57:09.0300 4236 SystemInfo:
2011/04/24 23:57:09.0300 4236
2011/04/24 23:57:09.0300 4236 OS Version: 6.0.6002 ServicePack: 2.0
2011/04/24 23:57:09.0300 4236 Product type: Workstation
2011/04/24 23:57:09.0300 4236 ComputerName: MIKES-LAPTOP
2011/04/24 23:57:09.0301 4236 UserName: Mike
2011/04/24 23:57:09.0301 4236 Windows directory: C:\Windows
2011/04/24 23:57:09.0301 4236 System windows directory: C:\Windows
2011/04/24 23:57:09.0301 4236 Running under WOW64
2011/04/24 23:57:09.0301 4236 Processor architecture: Intel x64
2011/04/24 23:57:09.0301 4236 Number of processors: 2
2011/04/24 23:57:09.0301 4236 Page size: 0x1000
2011/04/24 23:57:09.0301 4236 Boot type: Normal boot
2011/04/24 23:57:09.0301 4236 ================================================================================
2011/04/24 23:57:10.0095 4236 Initialize success
2011/04/24 23:57:12.0161 3424 ================================================================================
2011/04/24 23:57:12.0161 3424 Scan started
2011/04/24 23:57:12.0161 3424 Mode: Manual;
2011/04/24 23:57:12.0162 3424 ================================================================================
2011/04/24 23:57:12.0864 3424 ACPI (1965aaffab07e3fb03c77f81beba3547) C:\Windows\system32\drivers\acpi.sys
2011/04/24 23:57:13.0060 3424 adp94xx (f14215e37cf124104575073f782111d2) C:\Windows\system32\drivers\adp94xx.sys
2011/04/24 23:57:13.0181 3424 adpahci (7d05a75e3066861a6610f7ee04ff085c) C:\Windows\system32\drivers\adpahci.sys
2011/04/24 23:57:13.0351 3424 adpu160m (820a201fe08a0c345b3bedbc30e1a77c) C:\Windows\system32\drivers\adpu160m.sys
2011/04/24 23:57:13.0412 3424 adpu320 (9b4ab6854559dc168fbb4c24fc52e794) C:\Windows\system32\drivers\adpu320.sys
2011/04/24 23:57:13.0639 3424 AFD (12415ccfd3e7cec55b5184e67b039fe4) C:\Windows\system32\drivers\afd.sys
2011/04/24 23:57:13.0806 3424 agp440 (f6f6793b7f17b550ecfdbd3b229173f7) C:\Windows\system32\drivers\agp440.sys
2011/04/24 23:57:13.0953 3424 aic78xx (222cb641b4b8a1d1126f8033f9fd6a00) C:\Windows\system32\drivers\djsvs.sys
2011/04/24 23:57:14.0095 3424 aliide (9544c2c55541c0c6bfd7b489d0e7d430) C:\Windows\system32\drivers\aliide.sys
2011/04/24 23:57:14.0330 3424 amdide (970fa5059e61e30d25307b99903e991e) C:\Windows\system32\drivers\amdide.sys
2011/04/24 23:57:14.0467 3424 AmdK8 (cdc3632a3a5ea4dbb83e46076a3165a1) C:\Windows\system32\drivers\amdk8.sys
2011/04/24 23:57:14.0627 3424 ApfiltrService (48f957a11af8b8278c4a38eeeddd49b9) C:\Windows\system32\DRIVERS\Apfiltr.sys
2011/04/24 23:57:14.0909 3424 arc (ba8417d4765f3988ff921f30f630e303) C:\Windows\system32\drivers\arc.sys
2011/04/24 23:57:15.0075 3424 arcsas (9d41c435619733b34cc16a511e644b11) C:\Windows\system32\drivers\arcsas.sys
2011/04/24 23:57:15.0229 3424 AsyncMac (22d13ff3dafec2a80634752b1eaa2de6) C:\Windows\system32\DRIVERS\asyncmac.sys
2011/04/24 23:57:15.0364 3424 atapi (e68d9b3a3905619732f7fe039466a623) C:\Windows\system32\drivers\atapi.sys
2011/04/24 23:57:15.0569 3424 BCM42RLY (a7c9995ba861fce78b2ceaae61d39fd7) C:\Windows\system32\drivers\BCM42RLY.sys
2011/04/24 23:57:15.0856 3424 BCM43XX (d32f962b71fee6bdaaee630bb2c17280) C:\Windows\system32\DRIVERS\bcmwl664.sys
2011/04/24 23:57:16.0249 3424 blbdrive (79feeb40056683f8f61398d81dda65d2) C:\Windows\system32\drivers\blbdrive.sys
2011/04/24 23:57:16.0404 3424 bowser (2348447a80920b2493a9b582a23e81e1) C:\Windows\system32\DRIVERS\bowser.sys
2011/04/24 23:57:16.0651 3424 BrFiltLo (f09eee9edc320b5e1501f749fde686c8) C:\Windows\system32\drivers\brfiltlo.sys
2011/04/24 23:57:16.0799 3424 BrFiltUp (b114d3098e9bdb8bea8b053685831be6) C:\Windows\system32\drivers\brfiltup.sys
2011/04/24 23:57:16.0969 3424 Brserid (f0f0ba4d815be446aa6a4583ca3bca9b) C:\Windows\system32\drivers\brserid.sys
2011/04/24 23:57:17.0108 3424 BrSerWdm (a6eca2151b08a09caceca35c07f05b42) C:\Windows\system32\drivers\brserwdm.sys
2011/04/24 23:57:17.0238 3424 BrUsbMdm (b79968002c277e869cf38bd22cd61524) C:\Windows\system32\drivers\brusbmdm.sys
2011/04/24 23:57:17.0359 3424 BrUsbSer (a87528880231c54e75ea7a44943b38bf) C:\Windows\system32\drivers\brusbser.sys
2011/04/24 23:57:17.0510 3424 BTHMODEM (e0777b34e05f8a82a21856efc900c29f) C:\Windows\system32\drivers\bthmodem.sys
2011/04/24 23:57:17.0710 3424 cdfs (b4d787db8d30793a4d4df9feed18f136) C:\Windows\system32\DRIVERS\cdfs.sys
2011/04/24 23:57:17.0929 3424 cdrom (c025aa69be3d0d25c7a2e746ef6f94fc) C:\Windows\system32\DRIVERS\cdrom.sys
2011/04/24 23:57:18.0103 3424 cfwids (e02c9cdb15f13de4eb2ff67660e62317) C:\Windows\system32\drivers\cfwids.sys
2011/04/24 23:57:18.0332 3424 circlass (02ea568d498bbdd4ba55bf3fce34d456) C:\Windows\system32\drivers\circlass.sys
2011/04/24 23:57:18.0452 3424 CLFS (3dca9a18b204939cfb24bea53e31eb48) C:\Windows\system32\CLFS.sys
2011/04/24 23:57:18.0661 3424 CmBatt (b52d9a14ce4101577900a364ba86f3df) C:\Windows\system32\DRIVERS\CmBatt.sys
2011/04/24 23:57:18.0781 3424 cmdide (e5d5499a1c50a54b5161296b6afe6192) C:\Windows\system32\drivers\cmdide.sys
2011/04/24 23:57:18.0844 3424 Compbatt (7fb8ad01db0eabe60c8a861531a8f431) C:\Windows\system32\DRIVERS\compbatt.sys
2011/04/24 23:57:18.0983 3424 crcdisk (a8585b6412253803ce8efcbd6d6dc15c) C:\Windows\system32\drivers\crcdisk.sys
2011/04/24 23:57:19.0170 3424 DAdderFltr (5bc67f1efb6b1d039b151cf7353ec742) C:\Windows\system32\drivers\dadder.sys
2011/04/24 23:57:19.0405 3424 DfsC (36cd31121f228e7e79bae60aa45764c6) C:\Windows\system32\Drivers\dfsc.sys
2011/04/24 23:57:19.0598 3424 disk (b0107e40ecdb5fa692ebf832f295d905) C:\Windows\system32\drivers\disk.sys
2011/04/24 23:57:19.0805 3424 drmkaud (f1a78a98cfc2ee02144c6bec945447e6) C:\Windows\system32\drivers\drmkaud.sys
2011/04/24 23:57:19.0960 3424 DXGKrnl (b8e554e502d5123bc111f99d6a2181b4) C:\Windows\System32\drivers\dxgkrnl.sys
2011/04/24 23:57:20.0312 3424 e1express (17d40652ef3e55eeae187a89df40965a) C:\Windows\system32\DRIVERS\e1e6032e.sys
2011/04/24 23:57:20.0467 3424 E1G60 (264cee7b031a9d6c827f3d0cb031f2fe) C:\Windows\system32\DRIVERS\E1G6032E.sys
2011/04/24 23:57:20.0640 3424 Ecache (5f94962be5a62db6e447ff6470c4f48a) C:\Windows\system32\drivers\ecache.sys
2011/04/24 23:57:20.0827 3424 elxstor (c4636d6e10469404ab5308d9fd45ed07) C:\Windows\system32\drivers\elxstor.sys
2011/04/24 23:57:21.0013 3424 ErrDev (991fab6aa066e1214efb5b496fb7959a) C:\Windows\system32\drivers\errdev.sys
2011/04/24 23:57:21.0276 3424 exfat (486844f47b6636044a42454614ed4523) C:\Windows\system32\drivers\exfat.sys
2011/04/24 23:57:21.0404 3424 fastfat (1a4bee34277784619ddaf0422c0c6e23) C:\Windows\system32\drivers\fastfat.sys
2011/04/24 23:57:21.0557 3424 fdc (81b79b6df71fa1d2c6d688d830616e39) C:\Windows\system32\DRIVERS\fdc.sys
2011/04/24 23:57:21.0729 3424 FileInfo (457b7d1d533e4bd62a99aed9c7bb4c59) C:\Windows\system32\drivers\fileinfo.sys
2011/04/24 23:57:21.0864 3424 Filetrace (d421327fd6efccaf884a54c58e1b0d7f) C:\Windows\system32\drivers\filetrace.sys
2011/04/24 23:57:22.0010 3424 flpydisk (230923ea2b80f79b0f88d90f87b87ebd) C:\Windows\system32\DRIVERS\flpydisk.sys
2011/04/24 23:57:22.0143 3424 FltMgr (e3041bc26d6930d61f42aedb79c91720) C:\Windows\system32\drivers\fltmgr.sys
2011/04/24 23:57:22.0317 3424 Fs_Rec (29d99e860a1ca0a03c6a733fdd0da703) C:\Windows\system32\drivers\Fs_Rec.sys
2011/04/24 23:57:22.0442 3424 gagp30kx (c8e416668d3dc2be3d4fe4c79224997f) C:\Windows\system32\drivers\gagp30kx.sys
2011/04/24 23:57:22.0592 3424 GEARAspiWDM (e403aacf8c7bb11375122d2464560311) C:\Windows\system32\DRIVERS\GEARAspiWDM.sys
2011/04/24 23:57:22.0896 3424 HDAudBus (f942c5820205f2fb453243edfec82a3d) C:\Windows\system32\DRIVERS\HDAudBus.sys
2011/04/24 23:57:23.0065 3424 HidBth (b4881c84a180e75b8c25dc1d726c375f) C:\Windows\system32\drivers\hidbth.sys
2011/04/24 23:57:23.0212 3424 HidIr (4e77a77e2c986e8f88f996bb3e1ad829) C:\Windows\system32\drivers\hidir.sys
2011/04/24 23:57:23.0360 3424 HidUsb (443bdd2d30bb4f00795c797e2cf99edf) C:\Windows\system32\DRIVERS\hidusb.sys
2011/04/24 23:57:23.0615 3424 HpCISSs (d7109a1e6bd2dfdbcba72a6bc626a13b) C:\Windows\system32\drivers\hpcisss.sys
2011/04/24 23:57:23.0828 3424 HTTP (098f1e4e5c9cb5b0063a959063631610) C:\Windows\system32\drivers\HTTP.sys
2011/04/24 23:57:24.0008 3424 i2omp (da94c854cea5fac549d4e1f6e88349e8) C:\Windows\system32\drivers\i2omp.sys
2011/04/24 23:57:24.0161 3424 i8042prt (cbb597659a2713ce0c9cc20c88c7591f) C:\Windows\system32\DRIVERS\i8042prt.sys
2011/04/24 23:57:24.0294 3424 iaStor (16a4671255cfb842225f0fdb6dbdb414) C:\Windows\system32\drivers\iastor.sys
2011/04/24 23:57:24.0469 3424 iaStorV (3e3bf3627d886736d0b4e90054f929f6) C:\Windows\system32\drivers\iastorv.sys
2011/04/24 23:57:24.0668 3424 iirsp (8c3951ad2fe886ef76c7b5027c3125d3) C:\Windows\system32\drivers\iirsp.sys
2011/04/24 23:57:24.0839 3424 intelide (df797a12176f11b2d301c5b234bb200e) C:\Windows\system32\DRIVERS\intelide.sys
2011/04/24 23:57:24.0972 3424 intelppm (bfd84af32fa1bad6231c4585cb469630) C:\Windows\system32\DRIVERS\intelppm.sys
2011/04/24 23:57:25.0138 3424 IpFilterDriver (d8aabc341311e4780d6fce8c73c0ad81) C:\Windows\system32\DRIVERS\ipfltdrv.sys
2011/04/24 23:57:25.0346 3424 IPMIDRV (9c2ee2e6e5a7203bfae15c299475ec67) C:\Windows\system32\drivers\ipmidrv.sys
2011/04/24 23:57:25.0508 3424 IPNAT (b7e6212f581ea5f6ab0c3a6ceeeb89be) C:\Windows\system32\DRIVERS\ipnat.sys
2011/04/24 23:57:25.0668 3424 IRENUM (8c42ca155343a2f11d29feca67faa88d) C:\Windows\system32\drivers\irenum.sys
2011/04/24 23:57:25.0809 3424 isapnp (0672bfcedc6fc468a2b0500d81437f4f) C:\Windows\system32\drivers\isapnp.sys
2011/04/24 23:57:25.0926 3424 iScsiPrt (e4fdf99599f27ec25d2cf6d754243520) C:\Windows\system32\DRIVERS\msiscsi.sys
2011/04/24 23:57:26.0080 3424 iteatapi (63c766cdc609ff8206cb447a65abba4a) C:\Windows\system32\drivers\iteatapi.sys
2011/04/24 23:57:26.0228 3424 iteraid (1281fe73b17664631d12f643cbea3f59) C:\Windows\system32\drivers\iteraid.sys
2011/04/24 23:57:26.0364 3424 kbdclass (423696f3ba6472dd17699209b933bc26) C:\Windows\system32\DRIVERS\kbdclass.sys
2011/04/24 23:57:26.0493 3424 kbdhid (dbdf75d51464fbc47d0104ec3d572c05) C:\Windows\system32\DRIVERS\kbdhid.sys
2011/04/24 23:57:26.0650 3424 KSecDD (476e2c1dcea45895994bef11c2a98715) C:\Windows\system32\Drivers\ksecdd.sys
2011/04/24 23:57:26.0785 3424 ksthunk (1d419cf43db29396ecd7113d129d94eb) C:\Windows\system32\drivers\ksthunk.sys
2011/04/24 23:57:26.0958 3424 lltdio (96ece2659b6654c10a0c310ae3a6d02c) C:\Windows\system32\DRIVERS\lltdio.sys
2011/04/24 23:57:27.0068 3424 LSI_FC (acbe1af32d3123e330a07bfbc5ec4a9b) C:\Windows\system32\drivers\lsi_fc.sys
2011/04/24 23:57:27.0221 3424 LSI_SAS (799ffb2fc4729fa46d2157c0065b3525) C:\Windows\system32\drivers\lsi_sas.sys
2011/04/24 23:57:27.0371 3424 LSI_SCSI (f445ff1daad8a226366bfaf42551226b) C:\Windows\system32\drivers\lsi_scsi.sys
2011/04/24 23:57:27.0512 3424 luafv (52f87b9cc8932c2a7375c3b2a9be5e3e) C:\Windows\system32\drivers\luafv.sys
2011/04/24 23:57:27.0849 3424 megasas (5c5cd6aaced32fb26c3fb34b3dcf972f) C:\Windows\system32\drivers\megasas.sys
2011/04/24 23:57:27.0991 3424 MegaSR (859bc2436b076c77c159ed694acfe8f8) C:\Windows\system32\drivers\megasr.sys
2011/04/24 23:57:28.0163 3424 mfeapfk (c1556ca9695fcd6bbd23d75d402fd43d) C:\Windows\system32\drivers\mfeapfk.sys
2011/04/24 23:57:28.0409 3424 mfeavfk (8857ee8b49f3338fc1fad476bfcca146) C:\Windows\system32\drivers\mfeavfk.sys
2011/04/24 23:57:28.0777 3424 mfefirek (19c44295f6bf085c83352d48397f7870) C:\Windows\system32\drivers\mfefirek.sys
2011/04/24 23:57:29.0031 3424 mfehidk (5f915e20ab56121c41c6bf9a91a83bda) C:\Windows\system32\drivers\mfehidk.sys
2011/04/24 23:57:29.0257 3424 mfenlfk (23ae332e32ff615ca5e5224c8d91af11) C:\Windows\system32\DRIVERS\mfenlfk.sys
2011/04/24 23:57:29.0482 3424 mferkdet (9c7a9273e345f8d653394b5c542bf86a) C:\Windows\system32\drivers\mferkdet.sys
2011/04/24 23:57:29.0707 3424 mferkdk (624d717b11e5004f68442b5740f17f21) C:\Windows\system32\drivers\mferkdk.sys
2011/04/24 23:57:29.0949 3424 mfesmfk (0cd9de7b96735f33f078c4ea044e8b34) C:\Windows\system32\drivers\mfesmfk.sys
2011/04/24 23:57:30.0123 3424 mfewfpk (3140b2c56d7119ba314f68fc785683f0) C:\Windows\system32\drivers\mfewfpk.sys
2011/04/24 23:57:30.0360 3424 Modem (59848d5cc74606f0ee7557983bb73c2e) C:\Windows\system32\drivers\modem.sys
2011/04/24 23:57:30.0489 3424 monitor (c247cc2a57e0a0c8c6dccf7807b3e9e5) C:\Windows\system32\DRIVERS\monitor.sys
2011/04/24 23:57:30.0627 3424 mouclass (9367304e5e412b120cf5f4ea14e4e4f1) C:\Windows\system32\DRIVERS\mouclass.sys
2011/04/24 23:57:30.0753 3424 mouhid (c2c2bd5c5ce5aaf786ddd74b75d2ac69) C:\Windows\system32\DRIVERS\mouhid.sys
2011/04/24 23:57:30.0879 3424 MountMgr (11bc9b1e8801b01f7f6adb9ead30019b) C:\Windows\system32\drivers\mountmgr.sys
2011/04/24 23:57:31.0019 3424 mpio (f8276eb8698142884498a528dfea8478) C:\Windows\system32\drivers\mpio.sys
2011/04/24 23:57:31.0157 3424 mpsdrv (c92b9abdb65a5991e00c28f13491dba2) C:\Windows\system32\drivers\mpsdrv.sys
2011/04/24 23:57:31.0291 3424 Mraid35x (3c200630a89ef2c0864d515b7a75802e) C:\Windows\system32\drivers\mraid35x.sys
2011/04/24 23:57:31.0415 3424 MRxDAV (7c1de4aa96dc0c071611f9e7de02a68d) C:\Windows\system32\drivers\mrxdav.sys
2011/04/24 23:57:31.0550 3424 mrxsmb (dc434b4769e18da09ce1b7755d4c64e9) C:\Windows\system32\DRIVERS\mrxsmb.sys
2011/04/24 23:57:31.0796 3424 mrxsmb10 (64713fcfe3de8881d62f8f3f2f794241) C:\Windows\system32\DRIVERS\mrxsmb10.sys
2011/04/24 23:57:32.0018 3424 mrxsmb20 (0005c599a2abf767a815afcd32e523e3) C:\Windows\system32\DRIVERS\mrxsmb20.sys
2011/04/24 23:57:32.0246 3424 msahci (730b784962d22d2c6481eae2370e7c8c) C:\Windows\system32\drivers\msahci.sys
2011/04/24 23:57:32.0468 3424 msdsm (264bbb4aaf312a485f0e44b65a6b7202) C:\Windows\system32\drivers\msdsm.sys
2011/04/24 23:57:32.0644 3424 Msfs (704f59bfc4512d2bb0146aec31b10a7c) C:\Windows\system32\drivers\Msfs.sys
2011/04/24 23:57:32.0799 3424 msisadrv (00ebc952961664780d43dca157e79b27) C:\Windows\system32\drivers\msisadrv.sys
2011/04/24 23:57:32.0980 3424 MSKSSRV (0ea73e498f53b96d83dbfca074ad4cf8) C:\Windows\system32\drivers\MSKSSRV.sys
2011/04/24 23:57:33.0087 3424 MSPCLOCK (52e59b7e992a58e740aa63f57edbae8b) C:\Windows\system32\drivers\MSPCLOCK.sys
2011/04/24 23:57:33.0206 3424 MSPQM (49084a75bae043ae02d5b44d02991bb2) C:\Windows\system32\drivers\MSPQM.sys
2011/04/24 23:57:33.0340 3424 MsRPC (dc6ccf440cdede4293db41c37a5060a5) C:\Windows\system32\drivers\MsRPC.sys
2011/04/24 23:57:33.0468 3424 mssmbios (855796e59df77ea93af46f20155bf55b) C:\Windows\system32\DRIVERS\mssmbios.sys
2011/04/24 23:57:33.0614 3424 MSTEE (86d632d75d05d5b7c7c043fa3564ae86) C:\Windows\system32\drivers\MSTEE.sys
2011/04/24 23:57:33.0728 3424 Mup (0cc49f78d8aca0877d885f149084e543) C:\Windows\system32\Drivers\mup.sys
2011/04/24 23:57:33.0901 3424 NativeWifiP (2007b826c4acd94ae32232b41f0842b9) C:\Windows\system32\DRIVERS\nwifi.sys
2011/04/24 23:57:34.0069 3424 NDIS (65950e07329fcee8e6516b17c8d0abb6) C:\Windows\system32\drivers\ndis.sys
2011/04/24 23:57:34.0231 3424 NdisTapi (64df698a425478e321981431ac171334) C:\Windows\system32\DRIVERS\ndistapi.sys
2011/04/24 23:57:34.0368 3424 Ndisuio (8baa43196d7b5bb972c9a6b2bbf61a19) C:\Windows\system32\DRIVERS\ndisuio.sys
2011/04/24 23:57:34.0490 3424 NdisWan (f8158771905260982ce724076419ef19) C:\Windows\system32\DRIVERS\ndiswan.sys
2011/04/24 23:57:34.0621 3424 NDProxy (9cb77ed7cb72850253e973a2d6afdf49) C:\Windows\system32\drivers\NDProxy.sys
2011/04/24 23:57:34.0727 3424 NetBIOS (a499294f5029a7862adc115bda7371ce) C:\Windows\system32\DRIVERS\netbios.sys
2011/04/24 23:57:34.0842 3424 netbt (fc2c792ebddc8e28df939d6a92c83d61) C:\Windows\system32\DRIVERS\netbt.sys
2011/04/24 23:57:35.0069 3424 nfrd960 (4ac08bd6af2df42e0c3196d826c8aea7) C:\Windows\system32\drivers\nfrd960.sys
2011/04/24 23:57:35.0209 3424 Npfs (b298874f8e0ea93f06ec40aa8d146478) C:\Windows\system32\drivers\Npfs.sys
2011/04/24 23:57:35.0378 3424 nsiproxy (1523af19ee8b030ba682f7a53537eaeb) C:\Windows\system32\drivers\nsiproxy.sys
2011/04/24 23:57:35.0581 3424 Ntfs (bac869dfb98e499ba4d9bb1fb43270e1) C:\Windows\system32\drivers\Ntfs.sys
2011/04/24 23:57:35.0776 3424 Null (dd5d684975352b85b52e3fd5347c20cb) C:\Windows\system32\drivers\Null.sys
2011/04/24 23:57:36.0314 3424 nvlddmkm (ceb509d5e8dbd1d35d7f27ab535173af) C:\Windows\system32\DRIVERS\nvlddmkm.sys
2011/04/24 23:57:36.0694 3424 nvraid (2c040b7ada5b06f6facadac8514aa034) C:\Windows\system32\drivers\nvraid.sys
2011/04/24 23:57:36.0833 3424 nvstor (f7ea0fe82842d05eda3efdd376dbfdba) C:\Windows\system32\drivers\nvstor.sys
2011/04/24 23:57:36.0977 3424 nv_agp (19067ca93075ef4823e3938a686f532f) C:\Windows\system32\drivers\nv_agp.sys
2011/04/24 23:57:37.0306 3424 OEM02Dev (cfa5bc0c22d1c3155accd56bcae12f47) C:\Windows\system32\DRIVERS\OEM02Dev.sys
2011/04/24 23:57:37.0534 3424 OEM02Vfx (766f689564bc30e5a91f8621ce65ad68) C:\Windows\system32\DRIVERS\OEM02Vfx.sys
2011/04/24 23:57:37.0786 3424 ohci1394 (b5b1ce65ac15bbd11c0619e3ef7cfc28) C:\Windows\system32\DRIVERS\ohci1394.sys
2011/04/24 23:57:37.0979 3424 Parport (aecd57f94c887f58919f307c35498ea0) C:\Windows\system32\drivers\parport.sys
2011/04/24 23:57:38.0118 3424 partmgr (f9b5eda4c17a2be7663f064dbf0fe254) C:\Windows\system32\drivers\partmgr.sys
2011/04/24 23:57:38.0254 3424 pci (47ab1e0fc9d0e12bb53ba246e3a0906d) C:\Windows\system32\drivers\pci.sys
2011/04/24 23:57:38.0428 3424 pciide (2657f6c0b78c36d95034be109336e382) C:\Windows\system32\drivers\pciide.sys
2011/04/24 23:57:38.0616 3424 pcmcia (037661f3d7c507c9993b7010ceee6288) C:\Windows\system32\drivers\pcmcia.sys
2011/04/24 23:57:38.0780 3424 PEAUTH (58865916f53592a61549b04941bfd80d) C:\Windows\system32\drivers\peauth.sys
2011/04/24 23:57:39.0315 3424 PptpMiniport (23386e9952025f5f21c368971e2e7301) C:\Windows\system32\DRIVERS\raspptp.sys
2011/04/24 23:57:39.0466 3424 Processor (5080e59ecee0bc923f14018803aa7a01) C:\Windows\system32\drivers\processr.sys
2011/04/24 23:57:39.0705 3424 PSched (c5ab7f0809392d0da027f4a2a81bfa31) C:\Windows\system32\DRIVERS\pacer.sys
2011/04/24 23:57:39.0846 3424 PxHlpa64 (46851bc18322da70f3f2299a1007c479) C:\Windows\system32\Drivers\PxHlpa64.sys
2011/04/24 23:57:40.0131 3424 ql2300 (0b83f4e681062f3839be2ec1d98fd94a) C:\Windows\system32\drivers\ql2300.sys
2011/04/24 23:57:40.0483 3424 ql40xx (e1c80f8d4d1e39ef9595809c1369bf2a) C:\Windows\system32\drivers\ql40xx.sys
2011/04/24 23:57:40.0728 3424 QWAVEdrv (e8d76edab77ec9c634c27b8eac33adc5) C:\Windows\system32\drivers\qwavedrv.sys
2011/04/24 23:57:41.0020 3424 R300 (2a09a6b271d1f50adf5e33b37d460de6) C:\Windows\system32\DRIVERS\atikmdag.sys
2011/04/24 23:57:41.0284 3424 RasAcd (1013b3b663a56d3ddd784f581c1bd005) C:\Windows\system32\DRIVERS\rasacd.sys
2011/04/24 23:57:41.0477 3424 Rasl2tp (ac7bc4d42a7e558718dfdec599bbfc2c) C:\Windows\system32\DRIVERS\rasl2tp.sys
2011/04/24 23:57:41.0643 3424 RasPppoe (4517fbf8b42524afe4ede1de102aae3e) C:\Windows\system32\DRIVERS\raspppoe.sys
2011/04/24 23:57:41.0797 3424 RasSstp (c6a593b51f34c33e5474539544072527) C:\Windows\system32\DRIVERS\rassstp.sys
2011/04/24 23:57:41.0942 3424 rdbss (322db5c6b55e8d8ee8d6f358b2aaabb1) C:\Windows\system32\DRIVERS\rdbss.sys
2011/04/24 23:57:42.0127 3424 RDPCDD (603900cc05f6be65ccbf373800af3716) C:\Windows\system32\DRIVERS\RDPCDD.sys
2011/04/24 23:57:42.0363 3424 rdpdr (c045d1fb111c28df0d1be8d4bda22c06) C:\Windows\system32\drivers\rdpdr.sys
2011/04/24 23:57:42.0524 3424 RDPENCDD (cab9421daf3d97b33d0d055858e2c3ab) C:\Windows\system32\drivers\rdpencdd.sys
2011/04/24 23:57:42.0675 3424 RDPWD (b1d741c87cea8d7282146366cc9c3f81) C:\Windows\system32\drivers\RDPWD.sys
2011/04/24 23:57:42.0911 3424 rimmptsk (d13d70fac45fc1df69f88559b1f72f0a) C:\Windows\system32\DRIVERS\rimmpx64.sys
2011/04/24 23:57:43.0122 3424 rimsptsk (bb9edc55b0b8cb4fcd713428820e0776) C:\Windows\system32\DRIVERS\rimspx64.sys
2011/04/24 23:57:43.0345 3424 rismxdp (481c3fdeacaae04b74c58288dbc91df9) C:\Windows\system32\DRIVERS\rixdpx64.sys
2011/04/24 23:57:43.0691 3424 rspndr (22a9cb08b1a6707c1550c6bf099aae73) C:\Windows\system32\DRIVERS\rspndr.sys
2011/04/24 23:57:43.0872 3424 sbp2port (cd9c693589c60ad59bbbcfb0e524e01b) C:\Windows\system32\drivers\sbp2port.sys
2011/04/24 23:57:44.0068 3424 sdbus (be100bc2be2513314c717bb2c4cfff10) C:\Windows\system32\DRIVERS\sdbus.sys
2011/04/24 23:57:44.0261 3424 secdrv (3ea8a16169c26afbeb544e0e48421186) C:\Windows\system32\drivers\secdrv.sys
2011/04/24 23:57:44.0457 3424 Serenum (f71bfe7ac6c52273b7c82cbf1bb2a222) C:\Windows\system32\drivers\serenum.sys
2011/04/24 23:57:44.0588 3424 Serial (e62fac91ee288db29a9696a9d279929c) C:\Windows\system32\drivers\serial.sys
2011/04/24 23:57:44.0717 3424 sermouse (a842f04833684bceea7336211be478df) C:\Windows\system32\drivers\sermouse.sys
2011/04/24 23:57:44.0927 3424 sffdisk (14d4b4465193a87c127933978e8c4106) C:\Windows\system32\drivers\sffdisk.sys
2011/04/24 23:57:45.0060 3424 sffp_mmc (7073aee3f82f3d598e3825962aa98ab2) C:\Windows\system32\drivers\sffp_mmc.sys
2011/04/24 23:57:45.0193 3424 sffp_sd (35e59ebe4a01a0532ed67975161c7b82) C:\Windows\system32\drivers\sffp_sd.sys
2011/04/24 23:57:45.0359 3424 sfloppy (6b7838c94135768bd455cbdc23e39e5f) C:\Windows\system32\drivers\sfloppy.sys
2011/04/24 23:57:45.0533 3424 SiSRaid2 (7a5de502aeb719d4594c6471060a78b3) C:\Windows\system32\drivers\sisraid2.sys
2011/04/24 23:57:45.0666 3424 SiSRaid4 (3a2f769fab9582bc720e11ea1dfb184d) C:\Windows\system32\drivers\sisraid4.sys
2011/04/24 23:57:45.0831 3424 Smb (290b6f6a0ec4fcdfc90f5cb6d7020473) C:\Windows\system32\DRIVERS\smb.sys
2011/04/24 23:57:46.0009 3424 spldr (386c3c63f00a7040c7ec5e384217e89d) C:\Windows\system32\drivers\spldr.sys
2011/04/24 23:57:46.0190 3424 srv (880a57fccb571ebd063d4dd50e93e46d) C:\Windows\system32\DRIVERS\srv.sys
2011/04/24 23:57:46.0463 3424 srv2 (fa36d119249bf27bc4c0079734e1f33b) C:\Windows\system32\DRIVERS\srv2.sys
2011/04/24 23:57:46.0704 3424 srvnet (cfe7bc92d52c7e79427545909a0182f8) C:\Windows\system32\DRIVERS\srvnet.sys
2011/04/24 23:57:47.0022 3424 STHDA (e964db5400cfd56fc99cd2ab1b21213f) C:\Windows\system32\drivers\stwrt64.sys
2011/04/24 23:57:47.0329 3424 swenum (8a851ca908b8b974f89c50d2e18d4f0c) C:\Windows\system32\DRIVERS\swenum.sys
2011/04/24 23:57:47.0491 3424 Symc8xx (2f26a2c6fc96b29beff5d8ed74e6625b) C:\Windows\system32\drivers\symc8xx.sys
2011/04/24 23:57:47.0645 3424 Sym_hi (a909667976d3bccd1df813fed517d837) C:\Windows\system32\drivers\sym_hi.sys
2011/04/24 23:57:47.0831 3424 Sym_u3 (36887b56ec2d98b9c362f6ae4de5b7b0) C:\Windows\system32\drivers\sym_u3.sys
2011/04/24 23:57:48.0108 3424 Tcpip (973658a2ea9c06b2976884b9046dfc6c) C:\Windows\system32\drivers\tcpip.sys
2011/04/24 23:57:48.0463 3424 Tcpip6 (973658a2ea9c06b2976884b9046dfc6c) C:\Windows\system32\DRIVERS\tcpip.sys
2011/04/24 23:57:48.0610 3424 tcpipreg (c7e72a4071ee0200e3c075dacfb2b334) C:\Windows\system32\drivers\tcpipreg.sys
2011/04/24 23:57:48.0750 3424 TcUsb (c050f120451b08fbf79588f66bf51ccd) C:\Windows\system32\Drivers\tcusb.sys
2011/04/24 23:57:48.0992 3424 TDPIPE (1d8bf4aaa5fb7a2761475781dc1195bc) C:\Windows\system32\drivers\tdpipe.sys
2011/04/24 23:57:49.0116 3424 TDTCP (7f7e00cdf609df657f4cda02dd1c9bb1) C:\Windows\system32\drivers\tdtcp.sys
2011/04/24 23:57:49.0261 3424 tdx (458919c8c42e398dc4802178d5ffee27) C:\Windows\system32\DRIVERS\tdx.sys
2011/04/24 23:57:49.0397 3424 TermDD (8c19678d22649ec002ef2282eae92f98) C:\Windows\system32\DRIVERS\termdd.sys
2011/04/24 23:57:49.0722 3424 tssecsrv (9e5409cd17c8bef193aad498f3bc2cb8) C:\Windows\system32\DRIVERS\tssecsrv.sys
2011/04/24 23:57:49.0858 3424 tunmp (89ec74a9e602d16a75a4170511029b3c) C:\Windows\system32\DRIVERS\tunmp.sys
2011/04/24 23:57:50.0027 3424 tunnel (30a9b3f45ad081bffc3bcaa9c812b609) C:\Windows\system32\DRIVERS\tunnel.sys
2011/04/24 23:57:50.0166 3424 uagp35 (fec266ef401966311744bd0f359f7f56) C:\Windows\system32\drivers\uagp35.sys
2011/04/24 23:57:50.0309 3424 udfs (faf2640a2a76ed03d449e443194c4c34) C:\Windows\system32\DRIVERS\udfs.sys
2011/04/24 23:57:50.0487 3424 uliagpkx (4ec9447ac3ab462647f60e547208ca00) C:\Windows\system32\drivers\uliagpkx.sys
2011/04/24 23:57:50.0641 3424 uliahci (697f0446134cdc8f99e69306184fbbb4) C:\Windows\system32\drivers\uliahci.sys
2011/04/24 23:57:50.0804 3424 UlSata (31707f09846056651ea2c37858f5ddb0) C:\Windows\system32\drivers\ulsata.sys
2011/04/24 23:57:50.0952 3424 ulsata2 (85e5e43ed5b48c8376281bab519271b7) C:\Windows\system32\drivers\ulsata2.sys
2011/04/24 23:57:51.0094 3424 umbus (46e9a994c4fed537dd951f60b86ad3f4) C:\Windows\system32\DRIVERS\umbus.sys
2011/04/24 23:57:51.0270 3424 USBAAPL64 (f724b03c3dfaacf08d17d38bf3333583) C:\Windows\system32\Drivers\usbaapl64.sys
2011/04/24 23:57:51.0487 3424 usbccgp (07e3498fc60834219d2356293da0fecc) C:\Windows\system32\DRIVERS\usbccgp.sys
2011/04/24 23:57:51.0616 3424 usbcir (9247f7e0b65852c1f6631480984d6ed2) C:\Windows\system32\drivers\usbcir.sys
2011/04/24 23:57:51.0771 3424 usbehci (827e44de934a736ea31e91d353eb126f) C:\Windows\system32\DRIVERS\usbehci.sys
2011/04/24 23:57:51.0900 3424 usbhub (bb35cd80a2ececfadc73569b3d70c7d1) C:\Windows\system32\DRIVERS\usbhub.sys
2011/04/24 23:57:52.0037 3424 usbohci (eba14ef0c07cec233f1529c698d0d154) C:\Windows\system32\drivers\usbohci.sys
2011/04/24 23:57:52.0165 3424 usbprint (28b693b6d31e7b9332c1bdcefef228c1) C:\Windows\system32\DRIVERS\usbprint.sys
2011/04/24 23:57:52.0303 3424 usbscan (ea0bf666868964fbe8cb10e50c97b9f1) C:\Windows\system32\DRIVERS\usbscan.sys
2011/04/24 23:57:52.0426 3424 USBSTOR (b854c1558fca0c269a38663e8b59b581) C:\Windows\system32\DRIVERS\USBSTOR.SYS
2011/04/24 23:57:52.0548 3424 usbuhci (b2872cbf9f47316abd0e0c74a1aba507) C:\Windows\system32\DRIVERS\usbuhci.sys
2011/04/24 23:57:52.0685 3424 vga (916b94bcf1e09873fff2d5fb11767bbc) C:\Windows\system32\DRIVERS\vgapnp.sys
2011/04/24 23:57:52.0826 3424 VgaSave (b83ab16b51feda65dd81b8c59d114d63) C:\Windows\System32\drivers\vga.sys
2011/04/24 23:57:52.0987 3424 vhidmini (1161acff728d97f75d74d2f1465f8a46) C:\Windows\system32\DRIVERS\vHidDev.sys
2011/04/24 23:57:53.0195 3424 viaide (8294b6c3fdb6c33f24e150de647ecdaa) C:\Windows\system32\drivers\viaide.sys
2011/04/24 23:57:53.0330 3424 volmgr (2b7e885ed951519a12c450d24535dfca) C:\Windows\system32\drivers\volmgr.sys
2011/04/24 23:57:53.0462 3424 volmgrx (cec5ac15277d75d9e5dec2e1c6eaf877) C:\Windows\system32\drivers\volmgrx.sys
2011/04/24 23:57:53.0620 3424 volsnap (5280aada24ab36b01a84a6424c475c8d) C:\Windows\system32\drivers\volsnap.sys
2011/04/24 23:57:53.0745 3424 vsmraid (a68f455ed2673835209318dd61bfbb0e) C:\Windows\system32\drivers\vsmraid.sys
2011/04/24 23:57:53.0927 3424 WacomPen (fef8fe5923fead2cee4dfabfce3393a7) C:\Windows\system32\drivers\wacompen.sys
2011/04/24 23:57:54.0071 3424 Wanarp (b8e7049622300d20ba6d8be0c47c0cfd) C:\Windows\system32\DRIVERS\wanarp.sys
2011/04/24 23:57:54.0108 3424 Wanarpv6 (b8e7049622300d20ba6d8be0c47c0cfd) C:\Windows\system32\DRIVERS\wanarp.sys
2011/04/24 23:57:54.0255 3424 Wd (0c17a0816f65b89e362e682ad5e7266e) C:\Windows\system32\drivers\wd.sys
2011/04/24 23:57:54.0366 3424 Wdf01000 (d02e7e4567da1e7582fbf6a91144b0df) C:\Windows\system32\drivers\Wdf01000.sys
2011/04/24 23:57:54.0733 3424 WmiAcpi (e18aebaaa5a773fe11aa2c70f65320f5) C:\Windows\system32\DRIVERS\wmiacpi.sys
2011/04/24 23:57:54.0937 3424 WpdUsb (5e2401b3fc1089c90e081291357371a9) C:\Windows\system32\DRIVERS\wpdusb.sys
2011/04/24 23:57:55.0075 3424 ws2ifsl (8a900348370e359b6bff6a550e4649e1) C:\Windows\system32\drivers\ws2ifsl.sys
2011/04/24 23:57:55.0280 3424 WUDFRd (501a65252617b495c0f1832f908d54d8) C:\Windows\system32\DRIVERS\WUDFRd.sys
2011/04/24 23:57:55.0515 3424 xnacc (da1c23f65ef1894ab5b6ff79d81f544a) C:\Windows\system32\DRIVERS\xnacc.sys
2011/04/24 23:57:55.0716 3424 yukonx64 (827aaae4f84945658b0b03da805df44e) C:\Windows\system32\DRIVERS\yk60x64.sys
2011/04/24 23:57:55.0974 3424 \HardDisk0 - detected Rootkit.Win32.TDSS.tdl4 (0)
2011/04/24 23:57:55.0986 3424 ================================================================================
2011/04/24 23:57:55.0986 3424 Scan finished
2011/04/24 23:57:55.0986 3424 ================================================================================
2011/04/24 23:57:56.0018 2320 Detected object count: 1
2011/04/24 23:58:06.0298 2320 \HardDisk0 (Rootkit.Win32.TDSS.tdl4) - will be cured after reboot
2011/04/24 23:58:06.0298 2320 \HardDisk0 - ok
2011/04/24 23:58:06.0306 2320 Rootkit.Win32.TDSS.tdl4(\HardDisk0) - User select action: Cure
2011/04/24 23:58:19.0953 3880 Deinitialize success
 
I ran it again but it seems to have gotten the same result here it is anyway. By the way what exactly is a rootkit?


Bootkit Remover
(c) 2009 eSage Lab
www.esagelab.com

Program version: 1.2.0.0
OS Version: Microsoft Windows Vista Home Premium Edition Service Pack 2 (build 6
002), 64-bit

System volume is \\.\C:
main(): CreateFile() ERROR 5
ERROR: Can't open volume device \\.\C:

Done;
Press any key to quit...
 
Thanks -.- ok stupid question, but here's the log from MBR.



MBRCheck, version 1.2.3
(c) 2010, AD

Command-line:
Windows Version: Windows Vista Home Premium Edition
Windows Information: Service Pack 2 (build 6002), 64-bit
Base Board Manufacturer: Dell Inc.
BIOS Manufacturer: Dell Inc.
System Manufacturer: Dell Inc.
System Product Name: XPS M1530
Logical Drives Mask: 0x0000001c

Kernel Drivers (total 153):
0x0221B000 \SystemRoot\system32\ntoskrnl.exe
0x02733000 \SystemRoot\system32\hal.dll
0x00603000 \SystemRoot\system32\kdcom.dll
0x0060D000 \SystemRoot\system32\mcupdate_GenuineIntel.dll
0x00648000 \SystemRoot\system32\PSHED.dll
0x0065C000 \SystemRoot\system32\CLFS.SYS
0x006B9000 \SystemRoot\system32\CI.dll
0x00802000 \SystemRoot\system32\drivers\Wdf01000.sys
0x008DC000 \SystemRoot\system32\drivers\WDFLDR.SYS
0x008EA000 \SystemRoot\system32\drivers\acpi.sys
0x00940000 \SystemRoot\system32\drivers\WMILIB.SYS
0x00949000 \SystemRoot\system32\drivers\msisadrv.sys
0x00953000 \SystemRoot\system32\drivers\pci.sys
0x00983000 \SystemRoot\System32\drivers\partmgr.sys
0x00998000 \SystemRoot\system32\DRIVERS\compbatt.sys
0x0099C000 \SystemRoot\system32\DRIVERS\BATTC.SYS
0x009A8000 \SystemRoot\system32\drivers\volmgr.sys
0x0076B000 \SystemRoot\System32\drivers\volmgrx.sys
0x009BC000 \SystemRoot\system32\DRIVERS\intelide.sys
0x009C4000 \SystemRoot\system32\DRIVERS\PCIIDEX.SYS
0x009D4000 \SystemRoot\system32\drivers\pciide.sys
0x009DB000 \SystemRoot\System32\drivers\mountmgr.sys
0x00A0B000 \SystemRoot\system32\drivers\iastor.sys
0x00B0F000 \SystemRoot\system32\drivers\atapi.sys
0x00B17000 \SystemRoot\system32\drivers\ataport.SYS
0x00B3B000 \SystemRoot\system32\drivers\fltmgr.sys
0x00B82000 \SystemRoot\system32\drivers\fileinfo.sys
0x00C08000 \SystemRoot\system32\drivers\mfehidk.sys
0x00C87000 \SystemRoot\System32\Drivers\PxHlpa64.sys
0x00C93000 \SystemRoot\System32\Drivers\ksecdd.sys
0x00E0C000 \SystemRoot\system32\drivers\ndis.sys
0x00D1A000 \SystemRoot\system32\drivers\msrpc.sys
0x00D6A000 \SystemRoot\system32\drivers\NETIO.SYS
0x0100E000 \SystemRoot\System32\Drivers\Ntfs.sys
0x0118E000 \SystemRoot\system32\drivers\volsnap.sys
0x011D2000 \SystemRoot\System32\Drivers\spldr.sys
0x011DA000 \SystemRoot\System32\Drivers\mup.sys
0x00FCF000 \SystemRoot\System32\drivers\ecache.sys
0x011EC000 \SystemRoot\system32\drivers\disk.sys
0x00DC3000 \SystemRoot\system32\drivers\CLASSPNP.SYS
0x01000000 \SystemRoot\system32\drivers\crcdisk.sys
0x02112000 \SystemRoot\system32\DRIVERS\tunnel.sys
0x0211F000 \SystemRoot\system32\DRIVERS\tunmp.sys
0x02128000 \SystemRoot\system32\DRIVERS\intelppm.sys
0x02208000 \SystemRoot\system32\DRIVERS\nvlddmkm.sys
0x02C05000 \SystemRoot\System32\drivers\dxgkrnl.sys
0x02CE8000 \SystemRoot\System32\drivers\watchdog.sys
0x02CF8000 \SystemRoot\system32\DRIVERS\usbuhci.sys
0x02D04000 \SystemRoot\system32\DRIVERS\USBPORT.SYS
0x02D4A000 \SystemRoot\system32\DRIVERS\usbehci.sys
0x02E0A000 \SystemRoot\system32\DRIVERS\HDAudBus.sys
0x02EF7000 \SystemRoot\system32\DRIVERS\yk60x64.sys
0x03002000 \SystemRoot\system32\DRIVERS\bcmwl664.sys
0x0317A000 \SystemRoot\system32\DRIVERS\ohci1394.sys
0x0318C000 \SystemRoot\system32\DRIVERS\1394BUS.SYS
0x0319C000 \SystemRoot\system32\DRIVERS\sdbus.sys
0x031BC000 \SystemRoot\system32\DRIVERS\rimmpx64.sys
0x031D1000 \SystemRoot\system32\DRIVERS\rimspx64.sys
0x02F55000 \SystemRoot\system32\DRIVERS\rixdpx64.sys
0x031E8000 \SystemRoot\system32\DRIVERS\i8042prt.sys
0x02FAC000 \SystemRoot\system32\DRIVERS\Apfiltr.sys
0x02FE1000 \SystemRoot\system32\DRIVERS\mouclass.sys
0x02FED000 \SystemRoot\system32\DRIVERS\kbdclass.sys
0x02D5B000 \SystemRoot\system32\DRIVERS\cdrom.sys
0x02D77000 \SystemRoot\system32\DRIVERS\GEARAspiWDM.sys
0x02FFB000 \SystemRoot\system32\DRIVERS\CmBatt.sys
0x02E00000 \SystemRoot\system32\DRIVERS\wmiacpi.sys
0x02D84000 \SystemRoot\system32\DRIVERS\msiscsi.sys
0x02B51000 \SystemRoot\system32\DRIVERS\storport.sys
0x02DBD000 \SystemRoot\system32\DRIVERS\TDI.SYS
0x02DCA000 \SystemRoot\system32\DRIVERS\rasl2tp.sys
0x02DED000 \SystemRoot\system32\DRIVERS\ndistapi.sys
0x02BAE000 \SystemRoot\system32\DRIVERS\ndiswan.sys
0x02BDF000 \SystemRoot\system32\DRIVERS\raspppoe.sys
0x0213B000 \SystemRoot\system32\DRIVERS\rassstp.sys
0x031FE000 \SystemRoot\system32\DRIVERS\vHidDev.sys
0x02153000 \SystemRoot\system32\DRIVERS\HIDCLASS.SYS
0x02BEF000 \SystemRoot\system32\DRIVERS\HIDPARSE.SYS
0x02165000 \SystemRoot\system32\DRIVERS\termdd.sys
0x03000000 \SystemRoot\system32\DRIVERS\swenum.sys
0x02178000 \SystemRoot\system32\DRIVERS\ks.sys
0x021AC000 \SystemRoot\system32\DRIVERS\mssmbios.sys
0x021B7000 \SystemRoot\system32\DRIVERS\umbus.sys
0x00B96000 \SystemRoot\system32\DRIVERS\usbhub.sys
0x021C7000 \SystemRoot\System32\Drivers\NDProxy.SYS
0x021DB000 \SystemRoot\system32\DRIVERS\mouhid.sys
0x021E6000 \SystemRoot\system32\DRIVERS\kbdhid.sys
0x03E0B000 \SystemRoot\system32\drivers\stwrt64.sys
0x03E6F000 \SystemRoot\system32\drivers\portcls.sys
0x03EAA000 \SystemRoot\system32\drivers\drmk.sys
0x03ECD000 \SystemRoot\system32\drivers\ksthunk.sys
0x03ED3000 \SystemRoot\system32\DRIVERS\usbccgp.sys
0x03EEF000 \SystemRoot\system32\DRIVERS\USBD.SYS
0x03EF1000 \SystemRoot\system32\DRIVERS\OEM02Dev.sys
0x03F33000 \SystemRoot\system32\DRIVERS\OEM02Vfx.sys
0x03F3C000 \SystemRoot\System32\Drivers\Fs_Rec.SYS
0x03F46000 \SystemRoot\System32\Drivers\Null.SYS
0x03F4F000 \SystemRoot\System32\drivers\vga.sys
0x03F5D000 \SystemRoot\System32\drivers\VIDEOPRT.SYS
0x03F82000 \SystemRoot\System32\Drivers\tcusb.sys
0x03F94000 \SystemRoot\System32\DRIVERS\RDPCDD.sys
0x03F9D000 \SystemRoot\system32\drivers\rdpencdd.sys
0x03FA6000 \SystemRoot\System32\Drivers\Msfs.SYS
0x03FB1000 \SystemRoot\System32\Drivers\Npfs.SYS
0x03FC2000 \SystemRoot\System32\DRIVERS\rasacd.sys
0x04201000 \SystemRoot\System32\drivers\tcpip.sys
0x04377000 \SystemRoot\System32\drivers\fwpkclnt.sys
0x043A3000 \SystemRoot\system32\drivers\mfewfpk.sys
0x03FCB000 \SystemRoot\system32\DRIVERS\tdx.sys
0x00BDE000 \SystemRoot\system32\DRIVERS\smb.sys
0x0440C000 \SystemRoot\System32\DRIVERS\netbt.sys
0x04450000 \SystemRoot\system32\drivers\afd.sys
0x044BB000 \SystemRoot\system32\DRIVERS\pacer.sys
0x044D9000 \SystemRoot\system32\DRIVERS\mfenlfk.sys
0x044EA000 \SystemRoot\system32\DRIVERS\netbios.sys
0x044F9000 \SystemRoot\system32\DRIVERS\wanarp.sys
0x04514000 \SystemRoot\system32\DRIVERS\rdbss.sys
0x04561000 \SystemRoot\system32\drivers\nsiproxy.sys
0x0456D000 \SystemRoot\System32\Drivers\dfsc.sys
0x0458A000 \SystemRoot\system32\drivers\mfeavfk.sys
0x04609000 \SystemRoot\system32\drivers\mfefirek.sys
0x04673000 \SystemRoot\system32\DRIVERS\udfs.sys
0x046C1000 \SystemRoot\System32\Drivers\crashdmp.sys
0x046CF000 \SystemRoot\System32\Drivers\dump_iaStor.sys
0x00090000 \SystemRoot\System32\win32k.sys
0x047D3000 \SystemRoot\System32\drivers\Dxapi.sys
0x047DF000 \SystemRoot\system32\DRIVERS\monitor.sys
0x00420000 \SystemRoot\System32\TSDDD.dll
0x006D0000 \SystemRoot\System32\cdd.dll
0x045B7000 \SystemRoot\system32\drivers\luafv.sys
0x02000000 \SystemRoot\system32\drivers\spsys.sys
0x045D9000 \SystemRoot\system32\DRIVERS\lltdio.sys
0x0209A000 \SystemRoot\system32\DRIVERS\nwifi.sys
0x047F2000 \SystemRoot\system32\DRIVERS\ndisuio.sys
0x043E7000 \SystemRoot\system32\DRIVERS\rspndr.sys
0x08805000 \SystemRoot\system32\drivers\HTTP.sys
0x088A8000 \SystemRoot\System32\DRIVERS\srvnet.sys
0x088D1000 \SystemRoot\system32\DRIVERS\bowser.sys
0x088EF000 \SystemRoot\System32\drivers\mpsdrv.sys
0x08909000 \SystemRoot\system32\drivers\mrxdav.sys
0x08930000 \SystemRoot\system32\DRIVERS\mrxsmb.sys
0x08959000 \SystemRoot\system32\DRIVERS\mrxsmb10.sys
0x089A2000 \SystemRoot\system32\DRIVERS\mrxsmb20.sys
0x089C1000 \SystemRoot\System32\DRIVERS\srv2.sys
0x08A0C000 \SystemRoot\System32\DRIVERS\srv.sys
0x08A9F000 \SystemRoot\system32\drivers\peauth.sys
0x08B55000 \SystemRoot\System32\Drivers\secdrv.SYS
0x08B60000 \SystemRoot\System32\Drivers\fastfat.SYS
0x08B95000 \SystemRoot\System32\drivers\tcpipreg.sys
0x08BD2000 \SystemRoot\system32\drivers\cfwids.sys
0x08BE0000 \SystemRoot\system32\drivers\BCM42RLY.sys
0x08BA5000 \SystemRoot\system32\drivers\mfeapfk.sys
0x77090000 \Windows\System32\ntdll.dll

Processes (total 81):
0 System Idle Process
4 System
560 C:\Windows\System32\smss.exe
640 csrss.exe
684 C:\Windows\System32\wininit.exe
704 csrss.exe
740 C:\Windows\System32\services.exe
752 C:\Windows\System32\lsass.exe
760 C:\Windows\System32\lsm.exe
920 C:\Windows\System32\svchost.exe
964 C:\Windows\System32\nvvsvc.exe
992 C:\Windows\System32\svchost.exe
420 C:\Windows\System32\svchost.exe
532 C:\Windows\System32\winlogon.exe
576 C:\Windows\System32\svchost.exe
212 C:\Windows\System32\svchost.exe
376 C:\Windows\System32\audiodg.exe
1052 C:\Windows\System32\svchost.exe
1072 C:\Windows\System32\SLsvc.exe
1100 C:\Windows\System32\svchost.exe
1180 C:\Program Files\Dell\DellDock\DockLogin.exe
1288 C:\Windows\System32\svchost.exe
1320 C:\Windows\System32\rundll32.exe
1404 C:\Program Files\Fingerprint Reader Suite\upeksvr.exe
1660 C:\Windows\System32\WLTRYSVC.EXE
1672 C:\Windows\System32\BCMWLTRY.EXE
1788 C:\Windows\System32\spoolsv.exe
1840 C:\Windows\System32\svchost.exe
1868 C:\Windows\System32\wlanext.exe
1784 C:\Windows\System32\DriverStore\FileRepository\stwrt64.inf_bb0e6831\AESTSr64.exe
1852 C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
800 C:\Program Files (x86)\Bonjour\mDNSResponder.exe
1644 C:\Windows\System32\lxeccoms.exe
804 C:\Program Files\Common Files\McAfee\SystemCore\mfevtps.exe
2176 C:\Windows\SysWOW64\PnkBstrA.exe
2192 C:\Windows\System32\svchost.exe
2236 C:\Windows\System32\DriverStore\FileRepository\stwrt64.inf_bb0e6831\stacsv64.exe
2412 C:\Windows\System32\svchost.exe
2448 C:\Windows\System32\svchost.exe
2488 C:\Windows\System32\SearchIndexer.exe
2512 C:\Program Files\Common Files\McAfee\SystemCore\mcshield.exe
2560 C:\Program Files\Common Files\McAfee\SystemCore\mfefire.exe
2780 C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe
2404 C:\Windows\System32\dwm.exe
2356 C:\Windows\explorer.exe
1904 C:\Windows\System32\taskeng.exe
3140 C:\Program Files\DellTPad\Apoint.exe
3156 C:\Windows\System32\rundll32.exe
3164 C:\Windows\System32\rundll32.exe
3192 C:\Windows\System32\WLTRAY.EXE
3200 C:\Program Files\Sigmatel\C-Major Audio\WDM\sttray64.exe
3288 C:\Program Files (x86)\Lexmark Pro800-Pro900 Series\lxecmon.exe
3500 C:\Program Files (x86)\Lexmark Pro800-Pro900 Series\ezprint.exe
3512 C:\Program Files (x86)\Steam\Steam.exe
3520 C:\Program Files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
3560 C:\Users\Mike\AppData\Roaming\Octoshape\Octoshape Streaming Services\OctoshapeClient.exe
3596 C:\Windows\System32\taskeng.exe
3636 C:\Windows\ehome\ehtray.exe
3964 C:\Users\Mike\AppData\Local\Google\Chrome\Application\chrome.exe
3984 C:\Windows\OEM02Mon.exe
4004 C:\Program Files\McAfee.com\Agent\mcagent.exe
4080 C:\Program Files (x86)\iTunes\iTunesHelper.exe
2844 C:\Program Files (x86)\Razer\DeathAdder\razerhid.exe
1192 C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
944 C:\Program Files (x86)\Razer\DeathAdder\razerofa.exe
3928 C:\Program Files\Fingerprint Reader Suite\psqltray.exe
3476 C:\Program Files\iPod\bin\iPodService.exe
3088 C:\Windows\ehome\ehmsas.exe
3944 C:\Users\Mike\AppData\Local\Google\Chrome\Application\chrome.exe
4276 C:\Program Files\DellTPad\ApMsgFwd.exe
4352 C:\Windows\SysWOW64\rundll32.exe
4384 C:\Users\Mike\AppData\Local\Google\Chrome\Application\chrome.exe
4580 C:\Program Files\DellTPad\hidfind.exe
4608 C:\Program Files\DellTPad\ApntEx.exe
2340 C:\Windows\System32\svchost.exe
4472 C:\Program Files (x86)\Common Files\Steam\SteamService.exe
3452 C:\Users\Mike\AppData\Local\Google\Chrome\Application\chrome.exe
4348 C:\Users\Mike\AppData\Local\Google\Chrome\Application\chrome.exe
3096 dllhost.exe
2668 dllhost.exe
2816 C:\Users\Mike\Desktop\MBRCheck (2).exe

\\.\C: --> \\.\PhysicalDrive0 at offset 0x00000003`c3700000 (NTFS)
\\.\D: --> \\.\PhysicalDrive0 at offset 0x00000000`03700000 (NTFS)

PhysicalDrive0 Model Number: TOSHIBAMK5055GSX, Rev: FG000D

Size Device Name MBR Status
--------------------------------------------
465 GB \\.\PhysicalDrive0 Windows Vista MBR code detected
SHA1: 8DF43F2BDE2D9451948FA14B5279969C777A7979


Done!
 
Looks good :)

Download OTL to your Desktop.

  • Double click on the icon to run it. Make sure all other windows are closed and to let it run uninterrupted.
  • Click the Scan All Users checkbox.
  • Under the Custom Scan box paste this in:


netsvcs
drivers32
%SYSTEMDRIVE%\*.*
%systemroot%\Fonts\*.com
%systemroot%\Fonts\*.dll
%systemroot%\Fonts\*.ini
%systemroot%\Fonts\*.ini2
%systemroot%\Fonts\*.exe
%systemroot%\system32\spool\prtprocs\w32x86\*.*
%systemroot%\REPAIR\*.bak1
%systemroot%\REPAIR\*.ini
%systemroot%\system32\*.jpg
%systemroot%\*.jpg
%systemroot%\*.png
%systemroot%\*.scr
%systemroot%\*._sy
%APPDATA%\Adobe\Update\*.*
%ALLUSERSPROFILE%\Favorites\*.*
%APPDATA%\Microsoft\*.*
%PROGRAMFILES%\*.*
%APPDATA%\Update\*.*
%systemroot%\*. /mp /s
CREATERESTOREPOINT
%systemroot%\System32\config\*.sav
%PROGRAMFILES%\bak. /s
%systemroot%\system32\bak. /s
%ALLUSERSPROFILE%\Start Menu\*.lnk /x
%systemroot%\system32\config\systemprofile\*.dat /x
%systemroot%\*.config
%systemroot%\system32\*.db
%APPDATA%\Microsoft\Internet Explorer\Quick Launch\*.lnk /x
%USERPROFILE%\Desktop\*.exe
%PROGRAMFILES%\Common Files\*.*
%systemroot%\*.src
%systemroot%\install\*.*
%systemroot%\system32\DLL\*.*
%systemroot%\system32\HelpFiles\*.*
%systemroot%\system32\rundll\*.*
%systemroot%\winn32\*.*
%systemroot%\Java\*.*
%systemroot%\system32\test\*.*
%systemroot%\system32\Rundll32\*.*
%systemroot%\AppPatch\Custom\*.*
%APPDATA%\Roaming\Microsoft\Windows\Recent\*.lnk /x
%PROGRAMFILES%\PC-Doctor\Downloads\*.*
%PROGRAMFILES%\Internet Explorer\*.tmp
%PROGRAMFILES%\Internet Explorer\*.dat
%USERPROFILE%\My Documents\*.exe
%USERPROFILE%\*.exe
%systemroot%\ADDINS\*.*
%systemroot%\assembly\*.bak2
%systemroot%\Config\*.*
%systemroot%\REPAIR\*.bak2
%systemroot%\SECURITY\Database\*.sdb /x
%systemroot%\SYSTEM\*.bak2
%systemroot%\Web\*.bak2
%systemroot%\Driver Cache\*.*
%PROGRAMFILES%\Mozilla Firefox\0*.exe
%ProgramFiles%\Microsoft Common\*.*
%ProgramFiles%\TinyProxy.
%USERPROFILE%\Favorites\*.url /x
%systemroot%\system32\*.bk
%systemroot%\*.te
%systemroot%\system32\system32\*.*
%ALLUSERSPROFILE%\*.dat /x
%systemroot%\system32\drivers\*.rmv
dir /b "%systemroot%\system32\*.exe" | find /i " " /c
dir /b "%systemroot%\*.exe" | find /i " " /c
%PROGRAMFILES%\Microsoft\*.*
%systemroot%\System32\Wbem\proquota.exe
%PROGRAMFILES%\Mozilla Firefox\*.dat
%USERPROFILE%\Cookies\*.txt /x
%SystemRoot%\system32\fonts\*.*
%systemroot%\system32\winlog\*.*
%systemroot%\system32\Language\*.*
%systemroot%\system32\Settings\*.*
%systemroot%\system32\*.quo
%SYSTEMROOT%\AppPatch\*.exe
%SYSTEMROOT%\inf\*.exe
%SYSTEMROOT%\Installer\*.exe
%systemroot%\system32\config\*.bak2
%systemroot%\system32\Computers\*.*
%SystemRoot%\system32\Sound\*.*
%SystemRoot%\system32\SpecialImg\*.*
%SystemRoot%\system32\code\*.*
%SystemRoot%\system32\draft\*.*
%SystemRoot%\system32\MSSSys\*.*
%ProgramFiles%\Javascript\*.*
%systemroot%\pchealth\helpctr\System\*.exe /s
%systemroot%\Web\*.exe
%systemroot%\system32\msn\*.*
%systemroot%\system32\*.tro
%AppData%\Microsoft\Installer\msupdates\*.*
%ProgramFiles%\Messenger\*.*
%systemroot%\system32\systhem32\*.*
%systemroot%\system\*.exe
HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate\AU
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\Auto Update\Results\Install|LastSuccessTime /rs
/md5start
/md5stop


  • Click the Quick Scan button. Do not change any settings unless otherwise told to do so. The scan wont take long.
  • When the scan completes, it will open two notepad windows: OTL.txt and Extras.txt. These are saved in the same location as OTL.
  • Please copy (Edit->Select All, Edit->Copy) the contents of these files, one at a time, and post them back here.
 
Thanks for everything so far and tere are the two logs, the first one is split because it was too long, but just wondering, is it unimportant that the bootkit remover didn't change its result? Thanks.


OTL logfile created on: 4/25/2011 12:36:42 AM - Run 1
OTL by OldTimer - Version 3.2.22.3 Folder = C:\Users\Mike\Desktop
64bit-Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.19048)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

4.00 Gb Total Physical Memory | 3.00 Gb Available Physical Memory | 74.00% Memory free
8.00 Gb Paging File | 7.00 Gb Available in Paging File | 80.00% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 448.21 Gb Total Space | 258.58 Gb Free Space | 57.69% Space Free | Partition Type: NTFS
Drive D: | 15.00 Gb Total Space | 7.87 Gb Free Space | 52.45% Space Free | Partition Type: NTFS
Drive E: | 6.75 Gb Total Space | 0.00 Gb Free Space | 0.00% Space Free | Partition Type: UDF

Computer Name: MIKES-LAPTOP | User Name: Mike | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users | Quick Scan | Include 64bit Scans
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2011/04/25 00:32:25 | 000,580,608 | ---- | M] (OldTimer Tools) -- C:\Users\Mike\Desktop\OTL.exe
PRC - [2011/04/16 13:37:21 | 000,403,240 | ---- | M] (Valve Corporation) -- C:\Program Files (x86)\Common Files\Steam\SteamService.exe
PRC - [2010/11/20 02:04:30 | 001,242,448 | ---- | M] (Valve Corporation) -- C:\Program Files (x86)\Steam\Steam.exe
PRC - [2010/06/10 16:05:58 | 000,075,064 | ---- | M] () -- C:\Windows\SysWOW64\PnkBstrA.exe
PRC - [2010/05/17 10:14:11 | 000,148,280 | ---- | M] () -- C:\Program Files (x86)\Lexmark Pro800-Pro900 Series\ezprint.exe
PRC - [2010/05/17 10:14:09 | 000,770,728 | ---- | M] () -- C:\Program Files (x86)\Lexmark Pro800-Pro900 Series\lxecmon.exe
PRC - [2010/05/05 17:56:06 | 000,251,392 | ---- | M] () -- C:\Program Files (x86)\Razer\DeathAdder\razerhid.exe
PRC - [2009/01/08 09:44:06 | 000,070,936 | ---- | M] (Octoshape ApS) -- C:\Users\Mike\AppData\Roaming\Octoshape\Octoshape Streaming Services\OctoshapeClient.exe
PRC - [2008/12/18 15:05:28 | 000,155,648 | ---- | M] (Stardock Corporation) -- C:\Program Files\Dell\DellDock\DockLogin.exe
PRC - [2008/08/06 08:40:26 | 000,036,864 | ---- | M] (Creative Technology Ltd.) -- C:\Windows\OEM02Mon.exe
PRC - [2007/12/19 12:58:24 | 000,163,840 | ---- | M] (Razer Inc.) -- C:\Program Files (x86)\Razer\DeathAdder\razerofa.exe


========== Modules (SafeList) ==========

MOD - [2011/04/25 00:32:25 | 000,580,608 | ---- | M] (OldTimer Tools) -- C:\Users\Mike\Desktop\OTL.exe
MOD - [2010/08/31 11:43:52 | 001,686,016 | ---- | M] (Microsoft Corporation) -- C:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.6002.18305_none_5cb72f2a088b0ed3\comctl32.dll


========== Win32 Services (SafeList) ==========

SRV:64bit: - [2010/10/13 22:28:54 | 000,245,352 | ---- | M] (McAfee, Inc.) [Auto | Running] -- C:\Program Files\Common Files\McAfee\SystemCore\mfefire.exe -- (mfefire)
SRV:64bit: - [2010/10/13 22:28:54 | 000,149,032 | ---- | M] (McAfee, Inc.) [Unknown | Running] -- C:\Program Files\Common Files\McAfee\SystemCore\mfevtps.exe -- (mfevtp)
SRV:64bit: - [2010/10/07 21:34:28 | 000,509,416 | ---- | M] (McAfee, Inc.) [On_Demand | Stopped] -- C:\Program Files\McAfee\VirusScan\mcods.exe -- (McODS)
SRV:64bit: - [2010/08/24 14:57:38 | 000,200,056 | ---- | M] () [Unknown | Running] -- C:\Program Files\Common Files\McAfee\SystemCore\\mcshield.exe -- (McShield)
SRV:64bit: - [2010/04/14 21:08:24 | 000,045,736 | ---- | M] () [Auto | Stopped] -- C:\Windows\SysNative\spool\DRIVERS\x64\3\\lxecserv.exe -- (lxecCATSCustConnectService)
SRV:64bit: - [2010/04/14 16:08:30 | 001,052,328 | ---- | M] ( ) [Auto | Running] -- C:\Windows\SysNative\lxeccoms.exe -- (lxec_device)
SRV:64bit: - [2010/03/10 10:14:44 | 000,355,440 | ---- | M] (McAfee, Inc.) [Auto | Running] -- C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe -- (MSK80Service)
SRV:64bit: - [2010/03/10 10:14:44 | 000,355,440 | ---- | M] (McAfee, Inc.) [Auto | Running] -- C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe -- (McProxy)
SRV:64bit: - [2010/03/10 10:14:44 | 000,355,440 | ---- | M] (McAfee, Inc.) [Auto | Running] -- C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe -- (McNASvc)
SRV:64bit: - [2010/03/10 10:14:44 | 000,355,440 | ---- | M] (McAfee, Inc.) [Auto | Running] -- C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe -- (McNaiAnn)
SRV:64bit: - [2010/03/10 10:14:44 | 000,355,440 | ---- | M] (McAfee, Inc.) [Auto | Running] -- C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe -- (mcmscsvc)
SRV:64bit: - [2010/03/10 10:14:44 | 000,355,440 | ---- | M] (McAfee, Inc.) [Auto | Running] -- C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe -- (McMPFSvc)
SRV:64bit: - [2008/12/18 15:05:28 | 000,155,648 | ---- | M] (Stardock Corporation) [Auto | Running] -- C:\Program Files\Dell\DellDock\DockLogin.exe -- (DockLoginService)
SRV:64bit: - [2008/12/18 05:58:44 | 000,032,768 | ---- | M] () [Auto | Running] -- C:\Windows\SysNative\WLTRYSVC.EXE -- (wltrysvc)
SRV:64bit: - [2008/07/17 08:23:00 | 000,122,880 | ---- | M] (IDT, Inc.) [Auto | Running] -- C:\Windows\SysNative\DriverStore\FileRepository\stwrt64.inf_bb0e6831\STacSV64.exe -- (STacSV)
SRV:64bit: - [2008/07/17 08:22:52 | 000,086,016 | ---- | M] (Andrea Electronics Corporation) [Auto | Running] -- C:\Windows\SysNative\DriverStore\FileRepository\stwrt64.inf_bb0e6831\AESTSr64.exe -- (AESTFilters)
SRV:64bit: - [2008/01/20 22:47:32 | 000,383,544 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
SRV - [2011/04/16 13:37:21 | 000,403,240 | ---- | M] (Valve Corporation) [On_Demand | Running] -- C:\Program Files (x86)\Common Files\Steam\SteamService.exe -- (Steam Client Service)
SRV - [2010/06/10 16:05:58 | 000,075,064 | ---- | M] () [Auto | Running] -- C:\Windows\SysWOW64\PnkBstrA.exe -- (PnkBstrA)
SRV - [2010/04/14 16:08:12 | 000,598,696 | ---- | M] ( ) [Auto | Running] -- C:\Windows\SysWow64\lxeccoms.exe -- (lxec_device)
SRV - [2010/03/18 13:16:28 | 000,130,384 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32)
SRV - [2009/03/30 00:42:14 | 000,066,368 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32)


========== Driver Services (SafeList) ==========

DRV:64bit: - [2010/10/13 22:28:54 | 000,529,128 | ---- | M] (McAfee, Inc.) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\mfehidk.sys -- (mfehidk)
DRV:64bit: - [2010/10/13 22:28:54 | 000,441,328 | ---- | M] (McAfee, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\mfefirek.sys -- (mfefirek)
DRV:64bit: - [2010/10/13 22:28:54 | 000,283,360 | ---- | M] (McAfee, Inc.) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\mfewfpk.sys -- (mfewfpk)
DRV:64bit: - [2010/10/13 22:28:54 | 000,190,136 | ---- | M] (McAfee, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\mfeavfk.sys -- (mfeavfk)
DRV:64bit: - [2010/10/13 22:28:54 | 000,121,248 | ---- | M] (McAfee, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\mfeapfk.sys -- (mfeapfk)
DRV:64bit: - [2010/10/13 22:28:54 | 000,094,864 | ---- | M] (McAfee, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\mferkdet.sys -- (mferkdet)
DRV:64bit: - [2010/10/13 22:28:54 | 000,075,032 | ---- | M] (McAfee, Inc.) [Kernel | System | Running] -- C:\Windows\SysNative\DRIVERS\mfenlfk.sys -- (mfenlfk)
DRV:64bit: - [2010/10/13 22:28:54 | 000,062,800 | ---- | M] (McAfee, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\cfwids.sys -- (cfwids)
DRV:64bit: - [2010/09/28 16:44:52 | 000,051,712 | ---- | M] (Apple, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\usbaapl64.sys -- (USBAAPL64)
DRV:64bit: - [2009/12/21 22:50:00 | 000,007,552 | ---- | M] (Windows (R) Win 7 DDK provider) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\DRIVERS\vHidDev.sys -- (vhidmini)
DRV:64bit: - [2009/09/30 20:51:42 | 000,046,592 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\DRIVERS\wpdusb.sys -- (WpdUsb)
DRV:64bit: - [2009/09/16 11:22:40 | 000,049,480 | ---- | M] (McAfee, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\mfesmfk.sys -- (mfesmfk)
DRV:64bit: - [2009/09/16 11:15:38 | 000,040,904 | ---- | M] (McAfee, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\mferkdk.sys -- (mferkdk)
DRV:64bit: - [2009/05/18 15:17:08 | 000,034,152 | ---- | M] (GEAR Software Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\DRIVERS\GEARAspiWDM.sys -- (GEARAspiWDM)
DRV:64bit: - [2009/04/11 01:03:32 | 000,111,104 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\DRIVERS\sdbus.sys -- (sdbus)
DRV:64bit: - [2008/12/18 05:58:20 | 000,022,520 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\BCM42RLY.sys -- (BCM42RLY)
DRV:64bit: - [2008/12/18 05:57:12 | 001,526,776 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\DRIVERS\bcmwl664.sys -- (BCM43XX)
DRV:64bit: - [2008/10/23 01:45:58 | 000,057,856 | ---- | M] (REDC) [Kernel | Auto | Running] -- C:\Windows\SysNative\DRIVERS\rixdpx64.sys -- (rismxdp)
DRV:64bit: - [2008/10/23 01:45:56 | 000,062,976 | ---- | M] (REDC) [Kernel | Auto | Running] -- C:\Windows\SysNative\DRIVERS\rimmpx64.sys -- (rimmptsk)
DRV:64bit: - [2008/10/23 01:45:54 | 000,055,296 | ---- | M] (REDC) [Kernel | Auto | Running] -- C:\Windows\SysNative\DRIVERS\rimspx64.sys -- (rimsptsk)
DRV:64bit: - [2008/09/22 07:44:28 | 000,384,024 | ---- | M] (Intel Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\iastor.sys -- (iaStor)
DRV:64bit: - [2008/08/06 08:40:30 | 000,012,288 | ---- | M] (EyePower Games Pte. Ltd.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\DRIVERS\OEM02Vfx.sys -- (OEM02Vfx)
DRV:64bit: - [2008/08/06 08:40:26 | 000,266,496 | ---- | M] (Creative Technology Ltd.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\DRIVERS\OEM02Dev.sys -- (OEM02Dev)
DRV:64bit: - [2008/07/23 05:51:08 | 000,199,728 | ---- | M] (Alps Electric Co., Ltd.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\DRIVERS\Apfiltr.sys -- (ApfiltrService)
DRV:64bit: - [2008/07/17 08:30:24 | 000,369,152 | ---- | M] (Marvell) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\DRIVERS\yk60x64.sys -- (yukonx64)
DRV:64bit: - [2008/07/17 08:23:14 | 000,393,216 | ---- | M] (IDT, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\stwrt64.sys -- (STHDA)
DRV:64bit: - [2008/01/20 22:47:27 | 000,903,168 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\DRIVERS\xnacc.sys -- (xnacc)
DRV:64bit: - [2008/01/20 22:46:55 | 000,317,952 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\DRIVERS\e1e6032e.sys -- (e1express) Intel(R)
DRV:64bit: - [2007/11/14 04:00:00 | 000,053,488 | ---- | M] (Sonic Solutions) [Kernel | Boot | Running] -- C:\Windows\SysNative\Drivers\PxHlpa64.sys -- (PxHlpa64)
DRV:64bit: - [2007/09/10 17:50:02 | 000,057,872 | ---- | M] (UPEK Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\Drivers\tcusb.sys -- (TcUsb)
DRV:64bit: - [2007/08/02 18:33:04 | 000,012,672 | ---- | M] (Razer (Asia-Pacific) Pte Ltd) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\dadder.sys -- (DAdderFltr)
DRV:64bit: - [2006/11/02 03:48:50 | 002,488,320 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\DRIVERS\atikmdag.sys -- (R300)
DRV:64bit: - [2006/09/18 17:36:24 | 000,000,308 | ---- | M] () [File_System | On_Demand | Running] -- C:\Windows\SysNative\wbem\ntfs.mof -- (Ntfs)

========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm


IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = <local>
IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyServer" = http=127.0.0.1:59274

IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = <local>
IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyServer" = http=127.0.0.1:59274



IE - HKU\S-1-5-21-2520582024-2885647733-2161914160-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.com/ig/dell?hl=en&client=dell-usuk&channel=us&ibd=0090811
IE - HKU\S-1-5-21-2520582024-2885647733-2161914160-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Restore = http://www.google.com/ig
IE - HKU\S-1-5-21-2520582024-2885647733-2161914160-1000\SOFTWARE\Microsoft\Internet Explorer\Main,StartPageCache = 1
IE - HKU\S-1-5-21-2520582024-2885647733-2161914160-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-21-2520582024-2885647733-2161914160-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = <local>;*.local

========== FireFox ==========

FF - prefs.js..browser.search.selectedEngine: "Bing"
FF - prefs.js..browser.startup.homepage: "http://www.bing.com/?pc=ZUGO&form=ZGAPHP"
FF - prefs.js..extensions.enabledItems: {35379F86-8CCB-4724-AE33-4278DE266C70}:1.0.4
FF - prefs.js..extensions.enabledItems: undoclosedtabsbutton@supernova00.biz:3.6.2
FF - prefs.js..extensions.enabledItems: searchtoolbar@zugo.com:1.2
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA}:6.0.24
FF - prefs.js..keyword.URL: "http://www.bing.com/search?pc=ZUGO&form=ZGAADF&q="
FF - prefs.js..network.proxy.type: 0

FF - HKLM\software\mozilla\Mozilla Firefox 3.6.16\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2011/03/25 23:17:50 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.6.16\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins [2011/04/23 04:44:21 | 000,000,000 | ---D | M]

[2010/01/28 16:37:50 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Mike\AppData\Roaming\Mozilla\Extensions
[2011/04/24 17:29:47 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Mike\AppData\Roaming\Mozilla\Firefox\Profiles\o1lev4nw.default\extensions
[2010/09/21 23:51:39 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Users\Mike\AppData\Roaming\Mozilla\Firefox\Profiles\o1lev4nw.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}
[2011/03/25 23:18:10 | 000,000,000 | ---D | M] (Search Toolbar) -- C:\Users\Mike\AppData\Roaming\Mozilla\Firefox\Profiles\o1lev4nw.default\extensions\searchtoolbar@zugo.com
[2010/03/11 22:35:31 | 000,000,000 | ---D | M] ("Undo Closed Tabs Button") -- C:\Users\Mike\AppData\Roaming\Mozilla\Firefox\Profiles\o1lev4nw.default\extensions\undoclosedtabsbutton@supernova00.biz
[2011/03/25 23:18:12 | 000,001,919 | ---- | M] () -- C:\Users\Mike\AppData\Roaming\Mozilla\Firefox\Profiles\o1lev4nw.default\searchplugins\bing-zugo.xml
[2011/04/15 15:47:33 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\Mozilla Firefox\extensions
[2011/04/15 15:47:33 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA}
[2010/03/06 22:09:28 | 000,000,000 | ---D | M] (OneClick YouTube Downloader) -- C:\USERS\MIKE\DOWNLOADS\ORBIT\ORBITDOWNLOADER\ADDONS\ONECLICKYOUTUBEDOWNLOADER
[2010/10/13 22:28:54 | 000,024,376 | ---- | M] (McAfee, Inc.) -- C:\Program Files (x86)\Mozilla Firefox\components\Scriptff.dll
[2011/02/02 21:40:24 | 000,472,808 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files (x86)\Mozilla Firefox\plugins\npdeployJava1.dll

O1 HOSTS File: ([2011/04/24 23:08:04 | 000,000,027 | ---- | M]) - C:\Windows\SysNative\drivers\etc\Hosts
O1 - Hosts: 127.0.0.1 localhost
O2:64bit: - BHO: (McAfee Phishing Filter) - {27B4851A-3207-45A2-B947-BE8AFE6163AB} - c:\Program Files\McAfee\MSK\mskapbho64.dll ()
O2:64bit: - BHO: (scriptproxy) - {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - C:\Program Files\Common Files\McAfee\SystemCore\ScriptSn.20101105041954.dll (McAfee, Inc.)
O2:64bit: - BHO: (Google Toolbar Helper) - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
O2:64bit: - BHO: (Google Toolbar Notifier BHO) - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.6.6209.1142\swg64.dll (Google Inc.)
O2 - BHO: (Octh Class) - {000123B4-9B42-4900-B3F7-F4B073EFC214} - C:\Users\Mike\Downloads\orbit\Orbitdownloader\orbitcth.dll (Orbitdownloader.com)
O2 - BHO: (Lexmark Toolbar) - {1017A80C-6F09-4548-A84D-EDD6AC9525F0} - C:\Program Files (x86)\Lexmark Toolbar\toolband.dll ()
O2 - BHO: (McAfee Phishing Filter) - {27B4851A-3207-45A2-B947-BE8AFE6163AB} - c:\Program Files\McAfee\MSK\mskapbho.dll ()
O2 - BHO: (scriptproxy) - {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - C:\Program Files (x86)\Common Files\McAfee\SystemCore\ScriptSn.20101105041954.dll (McAfee, Inc.)
O2 - BHO: (Google Toolbar Notifier BHO) - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files (x86)\Google\GoogleToolbarNotifier\5.6.6209.1142\swg.dll (Google Inc.)
O2 - BHO: (Lexmark Printable Web) - {D2C5E510-BE6D-42CC-9F61-E4F939078474} - C:\Program Files\Lexmark Printable Web\bho.dll ()
O2 - BHO: (no name) - MRI_DISABLED - No CLSID value found.
O3:64bit: - HKLM\..\Toolbar: (Google Toolbar) - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
O3 - HKLM\..\Toolbar: (Lexmark Toolbar) - {1017A80C-6F09-4548-A84D-EDD6AC9525F0} - C:\Program Files (x86)\Lexmark Toolbar\toolband.dll ()
O3 - HKU\S-1-5-21-2520582024-2885647733-2161914160-1000\..\Toolbar\WebBrowser: (Lexmark Toolbar) - {1017A80C-6F09-4548-A84D-EDD6AC9525F0} - C:\Program Files (x86)\Lexmark Toolbar\toolband.dll ()
O3:64bit: - HKU\S-1-5-21-2520582024-2885647733-2161914160-1000\..\Toolbar\WebBrowser: (Google Toolbar) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
O4:64bit: - HKLM..\Run: [Apoint] C:\Program Files\DellTPad\Apoint.exe (Alps Electric Co., Ltd.)
O4:64bit: - HKLM..\Run: [Broadcom Wireless Manager UI] C:\Windows\SysNative\WLTRAY.exe (Dell Inc.)
O4:64bit: - HKLM..\Run: [EzPrint] C:\Program Files (x86)\Lexmark Pro800-Pro900 Series\ezprint.exe ()
O4:64bit: - HKLM..\Run: [lxecmon.exe] C:\Program Files (x86)\Lexmark Pro800-Pro900 Series\lxecmon.exe ()
O4:64bit: - HKLM..\Run: [NvCplDaemon] C:\Windows\SysNative\NvCpl.dll (NVIDIA Corporation)
O4:64bit: - HKLM..\Run: [NVHotkey] C:\Windows\SysNative\nvHotkey.dll (NVIDIA Corporation)
O4:64bit: - HKLM..\Run: [NvMediaCenter] C:\Windows\SysNative\NvMcTray.dll (NVIDIA Corporation)
O4:64bit: - HKLM..\Run: [PSQLLauncher] C:\Program Files\Fingerprint Reader Suite\launcher.exe (UPEK Inc.)
O4:64bit: - HKLM..\Run: [SigmatelSysTrayApp] C:\Program Files\Sigmatel\C-Major Audio\WDM\sttray64.exe (IDT, Inc.)
O4 - HKLM..\Run: [DeathAdder] C:\Program Files (x86)\Razer\DeathAdder\razerhid.exe ()
O4 - HKLM..\Run: [mcui_exe] C:\Program Files\McAfee.com\Agent\mcagent.exe (McAfee, Inc.)
O4 - HKLM..\Run: [OEM02Mon.exe] C:\Windows\OEM02Mon.exe (Creative Technology Ltd.)
O4 - HKU\S-1-5-21-2520582024-2885647733-2161914160-1000..\Run: [Octoshape Streaming Services] C:\Users\Mike\AppData\Roaming\Octoshape\Octoshape Streaming Services\OctoshapeClient.exe (Octoshape ApS)
O4 - HKU\S-1-5-21-2520582024-2885647733-2161914160-1000..\Run: [Steam] C:\Program Files (x86)\Steam\Steam.exe (Valve Corporation)
O4 - Startup: C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dell Dock First Run.lnk = File not found
O4 - Startup: C:\Users\Default User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dell Dock First Run.lnk = File not found
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: DisableCAD = 1
O7 - HKU\.DEFAULT\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-18\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-19\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-20\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-21-2520582024-2885647733-2161914160-1000\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-21-2520582024-2885647733-2161914160-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O8:64bit: - Extra context menu item: &Download by Orbit - C:\Users\Mike\Downloads\orbit\Orbitdownloader\orbitmxt.dll (Orbitdownloader.com)
O8:64bit: - Extra context menu item: &Grab video by Orbit - C:\Users\Mike\Downloads\orbit\Orbitdownloader\orbitmxt.dll (Orbitdownloader.com)
O8:64bit: - Extra context menu item: Do&wnload selected by Orbit - C:\Users\Mike\Downloads\orbit\Orbitdownloader\orbitmxt.dll (Orbitdownloader.com)
O8:64bit: - Extra context menu item: Down&load all by Orbit - C:\Users\Mike\Downloads\orbit\Orbitdownloader\orbitmxt.dll (Orbitdownloader.com)
O8:64bit: - Extra context menu item: Google Sidewiki... - C:\Program Files (x86)\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_D183CA64F05FDD98.dll (Google Inc.)
O8 - Extra context menu item: &Download by Orbit - C:\Users\Mike\Downloads\orbit\Orbitdownloader\orbitmxt.dll (Orbitdownloader.com)
O8 - Extra context menu item: &Grab video by Orbit - C:\Users\Mike\Downloads\orbit\Orbitdownloader\orbitmxt.dll (Orbitdownloader.com)
O8 - Extra context menu item: Do&wnload selected by Orbit - C:\Users\Mike\Downloads\orbit\Orbitdownloader\orbitmxt.dll (Orbitdownloader.com)
O8 - Extra context menu item: Down&load all by Orbit - C:\Users\Mike\Downloads\orbit\Orbitdownloader\orbitmxt.dll (Orbitdownloader.com)
O8 - Extra context menu item: Google Sidewiki... - C:\Program Files (x86)\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_D183CA64F05FDD98.dll (Google Inc.)
O10:64bit: - NameSpace_Catalog5\Catalog_Entries\000000000007 [] - C:\Program Files (x86)\Bonjour\mdnsNSP.dll (Apple Inc.)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000007 [] - C:\Program Files (x86)\Bonjour\mdnsNSP.dll (Apple Inc.)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_13-windows-i586.cab (Java Plug-in 1.6.0_13)
O16 - DPF: {CAFEEFAC-0016-0000-0013-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_13-windows-i586.cab (Java Plug-in 1.6.0_13)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_13-windows-i586.cab (Java Plug-in 1.6.0_13)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cab (Java Plug-in 1.6.0_24)
O16 - DPF: {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cab (Java Plug-in 1.6.0_24)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cab (Java Plug-in 1.6.0_24)
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab (Reg Error: Key error.)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 167.206.254.2 167.206.254.1
O18:64bit: - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - Reg Error: Key error. File not found
O20:64bit: - HKLM Winlogon: Shell - (Explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: GinaDLL - (vrlogon.dll) - C:\Windows\SysNative\vrlogon.dll (UPEK Inc.)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O20:64bit: - Winlogon\Notify\psfus: DllName - Reg Error: Key error. - C:\Windows\SysNative\psqlpwd.dll (UPEK Inc.)
O24 - Desktop WallPaper: C:\Windows\Web\Wallpaper\XPS_NB_1280x864_Black.jpg
O24 - Desktop BackupWallPaper: C:\Windows\Web\Wallpaper\XPS_NB_1280x864_Black.jpg
O28:64bit: - HKLM ShellExecuteHooks: {AEB6717E-7E19-11d0-97EE-00C04FD91972} - Reg Error: Key error. File not found
O28 - HKLM ShellExecuteHooks: {AEB6717E-7E19-11d0-97EE-00C04FD91972} - Reg Error: Key error. File not found
O32 - HKLM CDRom: AutoRun - 1
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = ComFile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = ComFile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*


Drivers32:64bit: msacm.l3acm - C:\Windows\System32\l3codeca.acm (Fraunhofer Institut Integrierte Schaltungen IIS)
Drivers32: msacm.divxa32 - C:\Windows\SysWow64\msaud32_divx.acm (Microsoft Corporation)
Drivers32: msacm.l3acm - C:\Windows\SysWOW64\l3codeca.acm (Fraunhofer Institut Integrierte Schaltungen IIS)
Drivers32: vidc.cvid - C:\Windows\SysWow64\iccvid.dll (Radius Inc.)
Drivers32: VIDC.FFDS - C:\Windows\SysWow64\ff_vfw.dll ()

CREATERESTOREPOINT
Restore point Set: OTL Restore Point

========== Files/Folders - Created Within 30 Days ==========

[2011/04/25 00:32:20 | 000,580,608 | ---- | C] (OldTimer Tools) -- C:\Users\Mike\Desktop\OTL.exe
[2011/04/24 23:59:44 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\McAfee
[2011/04/24 23:56:35 | 000,000,000 | ---D | C] -- C:\Users\Mike\Desktop\tdsskiller
[2011/04/24 23:42:43 | 000,083,968 | ---- | C] (eSage Lab) -- C:\Users\Mike\Desktop\remover.exe
[2011/04/24 23:39:35 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\7-Zip
[2011/04/24 23:39:34 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\7-Zip
[2011/04/24 23:20:20 | 000,000,000 | ---D | C] -- C:\Windows\temp
[2011/04/24 23:20:20 | 000,000,000 | ---D | C] -- C:\Users\Mike\AppData\Local\temp
[2011/04/24 23:08:10 | 000,000,000 | ---D | C] -- C:\$RECYCLE.BIN
[2011/04/24 22:41:28 | 000,161,792 | ---- | C] (SteelWerX) -- C:\Windows\SWREG.exe
[2011/04/24 22:41:28 | 000,136,704 | ---- | C] (SteelWerX) -- C:\Windows\SWSC.exe
[2011/04/24 22:41:28 | 000,031,232 | ---- | C] (NirSoft) -- C:\Windows\NIRCMD.exe
[2011/04/24 22:41:18 | 000,000,000 | ---D | C] -- C:\Windows\ERDNT
[2011/04/24 22:40:44 | 000,000,000 | ---D | C] -- C:\Qoobox
[2011/04/24 22:40:20 | 000,212,480 | ---- | C] (SteelWerX) -- C:\Windows\SWXCACLS.exe
[2011/04/24 22:40:13 | 000,000,000 | ---D | C] -- C:\32788R22FWJFW
[2011/04/15 15:47:56 | 000,000,000 | ---D | C] -- C:\ProgramData\Sun
[2011/04/15 15:47:49 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Java
[2011/04/08 16:21:12 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Riot Games
[2011/04/08 15:43:16 | 000,000,000 | ---D | C] -- C:\Users\Mike\Desktop\League of Legends
[2011/04/04 03:05:44 | 000,000,000 | ---D | C] -- C:\Windows\SysWow64\WindowsPowerShell
[2011/04/04 03:05:42 | 000,000,000 | ---D | C] -- C:\Windows\SysNative\WindowsPowerShell
[2011/03/31 03:39:50 | 000,000,000 | ---D | C] -- C:\Windows\SysWow64\spool
[2011/03/31 03:39:49 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Windows Portable Devices
[2011/03/31 03:39:48 | 000,000,000 | ---D | C] -- C:\Program Files\Windows Portable Devices
[2011/03/26 00:47:17 | 000,000,000 | ---D | C] -- C:\Users\Mike\Documents\Any Video Converter
[2011/03/26 00:47:06 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AnvSoft
[2011/03/26 00:46:56 | 000,000,000 | ---D | C] -- C:\Users\Mike\AppData\Roaming\AnvSoft
[2011/03/26 00:46:48 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\AnvSoft
[2011/03/25 23:16:59 | 000,462,112 | ---- | C] (How Inc.) -- C:\Program Files (x86)\Common Files\ZugoInstaller.exe
[2010/11/22 00:51:24 | 000,364,544 | ---- | C] ( ) -- C:\Windows\SysWow64\lxecinpa.dll
[2010/11/22 00:51:24 | 000,344,064 | ---- | C] ( ) -- C:\Windows\SysWow64\lxeciesc.dll
[2010/11/22 00:51:22 | 000,643,072 | ---- | C] ( ) -- C:\Windows\SysWow64\lxecpmui.dll
[2010/11/22 00:51:20 | 001,048,576 | ---- | C] ( ) -- C:\Windows\SysWow64\lxecserv.dll
[2010/11/22 00:51:20 | 000,847,872 | ---- | C] ( ) -- C:\Windows\SysWow64\lxecusb1.dll
[2010/11/22 00:51:19 | 000,577,536 | ---- | C] ( ) -- C:\Windows\SysWow64\lxeclmpm.dll
[2010/11/22 00:51:19 | 000,324,264 | ---- | C] ( ) -- C:\Windows\SysWow64\lxecih.exe
[2010/11/22 00:51:18 | 000,688,128 | ---- | C] ( ) -- C:\Windows\SysWow64\lxechbn3.dll
[2010/11/22 00:51:18 | 000,598,696 | ---- | C] ( ) -- C:\Windows\SysWow64\lxeccoms.exe
[2010/11/22 00:51:17 | 000,802,816 | ---- | C] ( ) -- C:\Windows\SysWow64\lxeccomc.dll
[2010/11/22 00:51:17 | 000,373,416 | ---- | C] ( ) -- C:\Windows\SysWow64\lxeccfg.exe
[2010/11/22 00:51:17 | 000,372,736 | ---- | C] ( ) -- C:\Windows\SysWow64\lxeccomm.dll
[2010/01/28 16:18:50 | 008,653,312 | ---- | C] (Dell, Inc. ) -- C:\Users\Mike\AppData\Roaming\DataSafeDotNet.exe

========== Files - Modified Within 30 Days ==========

[2011/04/25 00:32:25 | 000,580,608 | ---- | M] (OldTimer Tools) -- C:\Users\Mike\Desktop\OTL.exe
[2011/04/25 00:20:00 | 000,000,898 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2011/04/25 00:13:01 | 000,000,904 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-2520582024-2885647733-2161914160-1000UA.job
[2011/04/25 00:02:38 | 000,027,744 | ---- | M] () -- C:\ProgramData\nvModes.001
[2011/04/25 00:00:09 | 000,003,616 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
[2011/04/25 00:00:08 | 000,003,616 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
[2011/04/24 23:59:51 | 000,000,894 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2011/04/24 23:59:14 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2011/04/24 23:59:09 | 4292,935,680 | -HS- | M] () -- C:\hiberfil.sys
[2011/04/24 23:56:06 | 001,263,721 | ---- | M] () -- C:\Users\Mike\Desktop\tdsskiller.zip
[2011/04/24 23:13:09 | 000,000,852 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-2520582024-2885647733-2161914160-1000Core.job
[2011/04/24 23:08:04 | 000,000,027 | ---- | M] () -- C:\Windows\SysNative\drivers\etc\hosts
[2011/04/24 22:34:33 | 004,328,852 | R--- | M] () -- C:\Users\Mike\Desktop\ComboFix.exe
[2011/04/24 21:25:11 | 000,080,384 | ---- | M] () -- C:\Users\Mike\Desktop\MBRCheck (2).exe
[2011/04/24 12:57:46 | 000,625,664 | ---- | M] () -- C:\Users\Mike\Desktop\dds.scr
[2011/04/24 00:39:19 | 000,703,388 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI
[2011/04/24 00:39:19 | 000,604,502 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat
[2011/04/24 00:39:19 | 000,104,170 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat
[2011/04/22 00:46:02 | 000,002,039 | ---- | M] () -- C:\Users\Mike\Desktop\Google Chrome.lnk
[2011/04/22 00:46:02 | 000,002,001 | ---- | M] () -- C:\Users\Mike\Application Data\Microsoft\Internet Explorer\Quick Launch\Google Chrome.lnk
[2011/04/20 17:46:24 | 000,002,341 | ---- | M] () -- C:\Users\Mike\Application Data\Microsoft\Internet Explorer\Quick Launch\Apple Safari.lnk
[2011/04/16 04:00:14 | 000,266,840 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT
[2011/04/09 09:04:04 | 000,027,744 | ---- | M] () -- C:\ProgramData\nvModes.dat
[2011/04/08 16:30:02 | 000,001,670 | ---- | M] () -- C:\Users\Public\Desktop\Play League of Legends.lnk
[2011/03/31 03:39:06 | 000,000,000 | -H-- | M] () -- C:\Windows\SysNative\drivers\Msft_User_WpdMtpDr_01_07_00.Wdf
[2011/03/31 03:38:56 | 000,000,000 | -H-- | M] () -- C:\Windows\SysNative\drivers\Msft_User_WpdFs_01_07_00.Wdf
[2011/03/26 02:55:27 | 000,007,680 | ---- | M] () -- C:\Users\Mike\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini

========== Files Created - No Company Name ==========

[2011/04/24 23:56:01 | 001,263,721 | ---- | C] () -- C:\Users\Mike\Desktop\tdsskiller.zip
[2011/04/24 22:41:28 | 000,256,512 | ---- | C] () -- C:\Windows\PEV.exe
[2011/04/24 22:41:28 | 000,098,816 | ---- | C] () -- C:\Windows\sed.exe
[2011/04/24 22:41:28 | 000,089,088 | ---- | C] () -- C:\Windows\MBR.exe
[2011/04/24 22:41:28 | 000,080,412 | ---- | C] () -- C:\Windows\grep.exe
[2011/04/24 22:41:28 | 000,068,096 | ---- | C] () -- C:\Windows\zip.exe
[2011/04/24 22:34:18 | 004,328,852 | R--- | C] () -- C:\Users\Mike\Desktop\ComboFix.exe
[2011/04/24 21:25:42 | 000,080,384 | ---- | C] () -- C:\Users\Mike\Desktop\MBRCheck (2).exe
[2011/04/24 12:58:06 | 000,625,664 | ---- | C] () -- C:\Users\Mike\Desktop\dds.scr
[2011/04/08 16:30:02 | 000,001,670 | ---- | C] () -- C:\Users\Public\Desktop\Play League of Legends.lnk
[2011/04/04 03:01:20 | 000,201,184 | ---- | C] () -- C:\Windows\SysWow64\winrm.vbs
[2011/04/04 03:01:20 | 000,201,184 | ---- | C] () -- C:\Windows\SysNative\winrm.vbs
[2011/04/04 03:01:20 | 000,004,675 | ---- | C] () -- C:\Windows\SysWow64\wsmanconfig_schema.xml
[2011/04/04 03:01:20 | 000,004,675 | ---- | C] () -- C:\Windows\SysNative\wsmanconfig_schema.xml
[2011/04/04 03:01:20 | 000,002,426 | ---- | C] () -- C:\Windows\SysWow64\WsmTxt.xsl
[2011/04/04 03:01:20 | 000,002,426 | ---- | C] () -- C:\Windows\SysNative\WsmTxt.xsl
[2011/04/03 15:44:10 | 4292,935,680 | -HS- | C] () -- C:\hiberfil.sys
[2011/03/31 03:39:06 | 000,000,000 | -H-- | C] () -- C:\Windows\SysNative\drivers\Msft_User_WpdMtpDr_01_07_00.Wdf
[2011/03/31 03:38:56 | 000,000,000 | -H-- | C] () -- C:\Windows\SysNative\drivers\Msft_User_WpdFs_01_07_00.Wdf
[2011/03/26 00:47:07 | 000,001,073 | ---- | C] () -- C:\Users\Mike\Desktop\Any Video Converter.lnk
[2011/03/26 00:42:57 | 000,080,896 | ---- | C] () -- C:\Windows\SysWow64\ff_vfw.dll
[2011/02/24 18:41:42 | 000,000,112 | ---- | C] () -- C:\ProgramData\bh4ccW.dat
[2010/11/22 00:51:25 | 000,331,776 | ---- | C] () -- C:\Windows\SysWow64\LXECinst.dll
[2010/11/22 00:51:24 | 000,344,064 | ---- | C] () -- C:\Windows\SysWow64\lxeccomx.dll
[2010/11/22 00:51:23 | 000,106,496 | ---- | C] () -- C:\Windows\SysWow64\lxecinsr.dll
[2010/11/22 00:51:23 | 000,057,344 | ---- | C] () -- C:\Windows\SysWow64\lxecjswr.dll
[2010/11/22 00:51:23 | 000,036,864 | ---- | C] () -- C:\Windows\SysWow64\lxeccur.dll
[2010/11/22 00:51:22 | 000,323,584 | ---- | C] () -- C:\Windows\SysWow64\lxecins.dll
[2010/11/22 00:51:22 | 000,262,144 | ---- | C] () -- C:\Windows\SysWow64\lxecinsb.dll
[2010/11/22 00:51:21 | 000,253,952 | ---- | C] () -- C:\Windows\SysWow64\lxeccu.dll
[2010/11/22 00:51:21 | 000,090,112 | ---- | C] () -- C:\Windows\SysWow64\lxeccub.dll
[2010/11/22 00:50:09 | 000,299,008 | ---- | C] () -- C:\Windows\SysWow64\LXECsm.dll
[2010/11/22 00:50:09 | 000,023,552 | ---- | C] () -- C:\Windows\SysWow64\LXECsmr.dll
[2010/06/20 01:42:12 | 000,000,633 | ---- | C] () -- C:\Windows\SIERRA.INI
[2010/06/10 16:05:58 | 000,234,536 | ---- | C] () -- C:\Windows\SysWow64\PnkBstrB.exe
[2010/06/10 16:05:58 | 000,075,064 | ---- | C] () -- C:\Windows\SysWow64\PnkBstrA.exe
[2010/06/10 15:40:34 | 000,794,408 | ---- | C] () -- C:\Windows\SysWow64\pbsvc.exe
[2010/04/17 18:40:06 | 000,000,680 | ---- | C] () -- C:\Users\Mike\AppData\Local\d3d9caps.dat
[2009/11/28 23:22:57 | 000,007,680 | ---- | C] () -- C:\Users\Mike\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2009/11/26 18:31:41 | 000,000,000 | ---- | C] () -- C:\Windows\PowerReg.dat
[2009/11/11 18:11:01 | 000,027,744 | ---- | C] () -- C:\ProgramData\nvModes.001
[2009/11/11 17:12:45 | 000,027,744 | ---- | C] () -- C:\ProgramData\nvModes.dat
[2009/11/08 16:51:24 | 000,117,248 | ---- | C] () -- C:\Windows\SysWow64\EhStorAuthn.dll
[2009/11/08 16:49:45 | 000,107,612 | ---- | C] () -- C:\Windows\SysWow64\StructuredQuerySchema.bin
[2009/11/08 16:48:34 | 000,368,640 | ---- | C] () -- C:\Windows\SysWow64\msjetoledb40.dll
[2009/08/12 13:00:02 | 000,000,076 | RHS- | C] () -- C:\Windows\CT4CET.bin
[2009/04/24 23:58:05 | 000,018,904 | ---- | C] () -- C:\Windows\SysWow64\StructuredQuerySchemaTrivial.bin
[2008/10/07 10:13:22 | 000,058,648 | ---- | C] () -- C:\Windows\SysWow64\AgCPanelTraditionalChinese.dll
[2008/10/07 10:13:20 | 000,058,648 | ---- | C] () -- C:\Windows\SysWow64\AgCPanelSwedish.dll
[2008/10/07 10:13:20 | 000,058,648 | ---- | C] () -- C:\Windows\SysWow64\AgCPanelSpanish.dll
[2008/10/07 10:13:20 | 000,058,648 | ---- | C] () -- C:\Windows\SysWow64\AgCPanelSimplifiedChinese.dll
[2008/10/07 10:13:20 | 000,058,648 | ---- | C] () -- C:\Windows\SysWow64\AgCPanelPortugese.dll
[2008/10/07 10:13:20 | 000,058,648 | ---- | C] () -- C:\Windows\SysWow64\AgCPanelKorean.dll
[2008/10/07 10:13:20 | 000,058,648 | ---- | C] () -- C:\Windows\SysWow64\AgCPanelJapanese.dll
[2008/10/07 10:13:20 | 000,058,648 | ---- | C] () -- C:\Windows\SysWow64\AgCPanelGerman.dll
[2008/10/07 10:13:20 | 000,058,648 | ---- | C] () -- C:\Windows\SysWow64\AgCPanelFrench.dll
[2008/06/05 09:58:26 | 000,197,912 | ---- | C] () -- C:\Windows\SysWow64\physxcudart_20.dll
[2008/01/20 22:50:05 | 000,060,124 | ---- | C] () -- C:\Windows\SysWow64\tcpmon.ini
[2006/11/02 11:37:05 | 000,067,584 | --S- | C] () -- C:\Windows\bootstat.dat
[2006/11/02 08:37:14 | 000,215,943 | ---- | C] () -- C:\Windows\SysWow64\dssec.dat
[2006/11/02 08:24:17 | 000,000,741 | ---- | C] () -- C:\Windows\SysWow64\NOISE.DAT
[2006/11/02 08:18:17 | 000,673,088 | ---- | C] () -- C:\Windows\SysWow64\mlang.dat
[2006/11/02 05:47:54 | 000,043,131 | ---- | C] () -- C:\Windows\mib.bin

========== LOP Check ==========

[2011/01/15 13:19:10 | 000,000,000 | ---D | M] -- C:\Users\Mike\AppData\Roaming\.minecraft
[2011/03/26 00:46:56 | 000,000,000 | ---D | M] -- C:\Users\Mike\AppData\Roaming\AnvSoft
[2010/03/08 02:28:02 | 000,000,000 | ---D | M] -- C:\Users\Mike\AppData\Roaming\avidemux
[2010/12/23 20:02:09 | 000,000,000 | ---D | M] -- C:\Users\Mike\AppData\Roaming\Braid
[2009/11/14 23:14:53 | 000,000,000 | ---D | M] -- C:\Users\Mike\AppData\Roaming\com.adobe.mauby.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1
[2010/05/31 01:28:05 | 000,000,000 | ---D | M] -- C:\Users\Mike\AppData\Roaming\CVS
[2010/04/28 13:50:27 | 000,000,000 | ---D | M] -- C:\Users\Mike\AppData\Roaming\Elluminate
[2011/01/09 19:53:08 | 000,000,000 | ---D | M] -- C:\Users\Mike\AppData\Roaming\GetRightToGo
[2010/05/02 14:17:20 | 000,000,000 | ---D | M] -- C:\Users\Mike\AppData\Roaming\GrabPro
[2010/03/06 22:26:00 | 000,000,000 | ---D | M] -- C:\Users\Mike\AppData\Roaming\gtk-2.0
[2011/01/09 19:55:00 | 000,000,000 | ---D | M] -- C:\Users\Mike\AppData\Roaming\iPhone Tool Kits
[2010/12/29 21:46:24 | 000,000,000 | ---D | M] -- C:\Users\Mike\AppData\Roaming\LolClient
[2010/10/15 22:07:00 | 000,000,000 | ---D | M] -- C:\Users\Mike\AppData\Roaming\Octoshape
[2010/11/11 18:37:15 | 000,000,000 | ---D | M] -- C:\Users\Mike\AppData\Roaming\Orbit
[2011/02/02 17:57:02 | 000,000,000 | ---D | M] -- C:\Users\Mike\AppData\Roaming\Razer
[2010/04/03 17:11:40 | 000,000,000 | ---D | M] -- C:\Users\Mike\AppData\Roaming\SPORE
[2010/02/04 21:57:16 | 000,000,000 | ---D | M] -- C:\Users\Mike\AppData\Roaming\Wizards of the Coast
[2011/04/24 23:58:30 | 000,032,624 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT
[2010/12/18 00:57:44 | 000,000,432 | -H-- | M] () -- C:\Windows\Tasks\User_Feed_Synchronization-{10A17ADA-F7FE-4E0E-ADE3-DF47CB0337D9}.job

========== Purity Check ==========
 
========== Custom Scans ==========


< %SYSTEMDRIVE%\*.* >
[2009/04/11 02:36:36 | 000,333,257 | RHS- | M] () -- C:\bootmgr
[2011/04/24 23:20:18 | 000,023,873 | ---- | M] () -- C:\ComboFix.txt
[2009/08/11 14:03:35 | 000,005,297 | RH-- | M] () -- C:\dell.sdr
[2011/04/24 23:59:09 | 4292,935,680 | -HS- | M] () -- C:\hiberfil.sys
[2006/12/02 00:37:14 | 000,904,704 | ---- | M] (Microsoft Corporation) -- C:\msdia80.dll
[2011/04/24 23:59:07 | 311,578,623 | -HS- | M] () -- C:\pagefile.sys
[2011/04/24 23:58:19 | 000,061,468 | ---- | M] () -- C:\TDSSKiller.2.4.21.0_24.04.2011_23.57.08_log.txt

< %systemroot%\Fonts\*.com >
[2006/11/02 11:06:41 | 000,026,040 | ---- | M] () -- C:\Windows\Fonts\GlobalMonospace.CompositeFont
[2006/11/02 11:06:41 | 000,026,489 | ---- | M] () -- C:\Windows\Fonts\GlobalSansSerif.CompositeFont
[2006/11/02 11:06:41 | 000,029,779 | ---- | M] () -- C:\Windows\Fonts\GlobalSerif.CompositeFont
[2010/01/28 16:00:25 | 000,037,665 | ---- | M] () -- C:\Windows\Fonts\GlobalUserInterface.CompositeFont

< %systemroot%\Fonts\*.dll >

< %systemroot%\Fonts\*.ini >
[2006/09/18 17:35:48 | 000,000,065 | ---- | M] () -- C:\Windows\Fonts\desktop.ini

< %systemroot%\Fonts\*.ini2 >

< %systemroot%\Fonts\*.exe >

< %systemroot%\system32\spool\prtprocs\w32x86\*.* >

< %systemroot%\REPAIR\*.bak1 >

< %systemroot%\REPAIR\*.ini >

< %systemroot%\system32\*.jpg >

< %systemroot%\*.jpg >

< %systemroot%\*.png >

< %systemroot%\*.scr >

< %systemroot%\*._sy >

< %APPDATA%\Adobe\Update\*.* >

< %ALLUSERSPROFILE%\Favorites\*.* >

< %APPDATA%\Microsoft\*.* >

< %PROGRAMFILES%\*.* >
[2008/01/20 23:21:59 | 000,000,174 | -HS- | M] () -- C:\Program Files (x86)\desktop.ini

< %APPDATA%\Update\*.* >

< %systemroot%\*. /mp /s >

< %systemroot%\System32\config\*.sav >

< %PROGRAMFILES%\bak. /s >

< %systemroot%\system32\bak. /s >

< %ALLUSERSPROFILE%\Start Menu\*.lnk /x >

< %systemroot%\system32\config\systemprofile\*.dat /x >

< %systemroot%\*.config >

< %systemroot%\system32\*.db >

< %APPDATA%\Microsoft\Internet Explorer\Quick Launch\*.lnk /x >
[2009/11/28 03:20:16 | 000,000,365 | -HS- | M] () -- C:\Users\Mike\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\desktop.ini

< %USERPROFILE%\Desktop\*.exe >
[2011/04/24 22:34:33 | 004,328,852 | R--- | M] () -- C:\Users\Mike\Desktop\ComboFix.exe
[2011/04/24 21:25:11 | 000,080,384 | ---- | M] () -- C:\Users\Mike\Desktop\MBRCheck (2).exe
[2011/02/06 21:36:36 | 000,080,384 | ---- | M] () -- C:\Users\Mike\Desktop\MBRCheck.exe
[2011/04/25 00:32:25 | 000,580,608 | ---- | M] (OldTimer Tools) -- C:\Users\Mike\Desktop\OTL.exe
[2010/09/01 15:33:49 | 000,083,968 | ---- | M] (eSage Lab) -- C:\Users\Mike\Desktop\remover.exe

< %PROGRAMFILES%\Common Files\*.* >
[2010/10/01 01:11:56 | 000,462,112 | ---- | M] (How Inc.) -- C:\Program Files (x86)\Common Files\ZugoInstaller.exe

< %systemroot%\*.src >

< %systemroot%\install\*.* >

< %systemroot%\system32\DLL\*.* >

< %systemroot%\system32\HelpFiles\*.* >

< %systemroot%\system32\rundll\*.* >

< %systemroot%\winn32\*.* >

< %systemroot%\Java\*.* >

< %systemroot%\system32\test\*.* >

< %systemroot%\system32\Rundll32\*.* >

< %systemroot%\AppPatch\Custom\*.* >

< %APPDATA%\Roaming\Microsoft\Windows\Recent\*.lnk /x >

< %PROGRAMFILES%\PC-Doctor\Downloads\*.* >

< %PROGRAMFILES%\Internet Explorer\*.tmp >

< %PROGRAMFILES%\Internet Explorer\*.dat >

< %USERPROFILE%\My Documents\*.exe >

< %USERPROFILE%\*.exe >

< %systemroot%\ADDINS\*.* >

< %systemroot%\assembly\*.bak2 >

< %systemroot%\Config\*.* >

< %systemroot%\REPAIR\*.bak2 >

< %systemroot%\SECURITY\Database\*.sdb /x >

< %systemroot%\SYSTEM\*.bak2 >

< %systemroot%\Web\*.bak2 >

< %systemroot%\Driver Cache\*.* >

< %PROGRAMFILES%\Mozilla Firefox\0*.exe >

< %ProgramFiles%\Microsoft Common\*.* >

< %ProgramFiles%\TinyProxy. >

< %USERPROFILE%\Favorites\*.url /x >
[2009/11/08 15:34:16 | 000,000,402 | -HS- | M] () -- C:\Users\Mike\Favorites\desktop.ini

< %systemroot%\system32\*.bk >

< %systemroot%\*.te >

< %systemroot%\system32\system32\*.* >

< %ALLUSERSPROFILE%\*.dat /x >
[2011/01/06 07:40:50 | 000,000,000 | ---- | M] () -- C:\ProgramData\cmn_upld.log
[2010/11/24 21:06:58 | 000,000,816 | ---- | M] () -- C:\ProgramData\FastPics.log
[2011/01/06 07:40:21 | 000,010,258 | ---- | M] () -- C:\ProgramData\lxecJSW.log
[2011/04/25 00:00:34 | 000,005,926 | ---- | M] () -- C:\ProgramData\lxecscan.log
[2011/01/06 07:40:50 | 000,000,000 | ---- | M] () -- C:\ProgramData\LxWbGwLog.log
[2011/04/25 00:02:38 | 000,027,744 | ---- | M] () -- C:\ProgramData\nvModes.001
[2010/11/22 00:50:16 | 000,000,000 | ---- | M] () -- C:\ProgramData\UpdaterLog.txt

< %systemroot%\system32\drivers\*.rmv >

< dir /b "%systemroot%\system32\*.exe" | find /i " " /c >

< dir /b "%systemroot%\*.exe" | find /i " " /c >

< %PROGRAMFILES%\Microsoft\*.* >

< %systemroot%\System32\Wbem\proquota.exe >

< %PROGRAMFILES%\Mozilla Firefox\*.dat >

< %USERPROFILE%\Cookies\*.txt /x >

< %SystemRoot%\system32\fonts\*.* >

< %systemroot%\system32\winlog\*.* >

< %systemroot%\system32\Language\*.* >

< %systemroot%\system32\Settings\*.* >

< %systemroot%\system32\*.quo >

< %SYSTEMROOT%\AppPatch\*.exe >

< %SYSTEMROOT%\inf\*.exe >

< %SYSTEMROOT%\Installer\*.exe >

< %systemroot%\system32\config\*.bak2 >

< %systemroot%\system32\Computers\*.* >

< %SystemRoot%\system32\Sound\*.* >

< %SystemRoot%\system32\SpecialImg\*.* >

< %SystemRoot%\system32\code\*.* >

< %SystemRoot%\system32\draft\*.* >

< %SystemRoot%\system32\MSSSys\*.* >

< %ProgramFiles%\Javascript\*.* >

< %systemroot%\pchealth\helpctr\System\*.exe /s >

< %systemroot%\Web\*.exe >

< %systemroot%\system32\msn\*.* >

< %systemroot%\system32\*.tro >

< %AppData%\Microsoft\Installer\msupdates\*.* >

< %ProgramFiles%\Messenger\*.* >

< %systemroot%\system32\systhem32\*.* >

< %systemroot%\system\*.exe >

< HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate\AU >

< HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\ Auto Update\Results\Install|LastSuccessTime /rs >


========== Alternate Data Streams ==========

@Alternate Data Stream - 130 bytes -> C:\ProgramData\TEMP:5D432CE3

< End of report >



OTL Extras logfile created on: 4/25/2011 12:36:42 AM - Run 1
OTL by OldTimer - Version 3.2.22.3 Folder = C:\Users\Mike\Desktop
64bit-Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.19048)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

4.00 Gb Total Physical Memory | 3.00 Gb Available Physical Memory | 74.00% Memory free
8.00 Gb Paging File | 7.00 Gb Available in Paging File | 80.00% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 448.21 Gb Total Space | 258.58 Gb Free Space | 57.69% Space Free | Partition Type: NTFS
Drive D: | 15.00 Gb Total Space | 7.87 Gb Free Space | 52.45% Space Free | Partition Type: NTFS
Drive E: | 6.75 Gb Total Space | 0.00 Gb Free Space | 0.00% Space Free | Partition Type: UDF

Computer Name: MIKES-LAPTOP | User Name: Mike | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users | Quick Scan | Include 64bit Scans
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Extra Registry (SafeList) ==========


========== File Associations ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*
.url[@ = InternetShortcut] -- C:\Windows\SysNative\rundll32.exe (Microsoft Corporation)

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*

[HKEY_USERS\S-1-5-21-2520582024-2885647733-2161914160-1000\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Program Files (x86)\Mozilla Firefox\firefox.exe (Mozilla Corporation)

========== Shell Spawning ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %* File not found
cmdfile [open] -- "%1" %* File not found
comfile [open] -- "%1" %* File not found
cplfile [cplopen] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%* File not found
exefile [open] -- "%1" %* File not found
helpfile [open] -- Reg Error: Key error.
htmlfile [print] -- rundll32.exe %SystemRoot%\system32\mshtml.dll,PrintHTML "%1" (Microsoft Corporation)
inffile [install] -- %SystemRoot%\System32\rundll32.exe setupapi,InstallHinfSection DefaultInstall 132 %1 (Microsoft Corporation)
InternetShortcut [open] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\ieframe.dll",OpenURL %l (Microsoft Corporation)
InternetShortcut [print] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation)
piffile [open] -- "%1" %* File not found
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1" File not found
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l File not found
scrfile [open] -- "%1" /S File not found
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1 File not found
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe /separate,/idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /separate,/e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe /separate,/idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /separate,/e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

========== Security Center Settings ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1
"FirewallDisableNotify" = 0
"AntiVirusDisableNotify" = 0
"UpdatesDisableNotify" = 0

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
"VistaSp1" = 9F 9E 16 8C DC 5B C8 01 [binary data]
"VistaSp2" = 9E 87 A5 BB 56 A0 CA 01 [binary data]

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"FirewallDisableNotify" = 0
"AntiVirusDisableNotify" = 0
"UpdatesDisableNotify" = 0

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"oobe_av" = 1

========== System Restore Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]
"DisableSR" = 0

========== Firewall Settings ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall]

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile]

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\StandardProfile]

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile]

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\StandardProfile]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"EnableFirewall" = 0
"DisableNotifications" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 0
"DisableNotifications" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"EnableFirewall" = 0
"DisableNotifications" = 0

========== Authorized Applications List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"C:\Users\Mike\Downloads\orbit\Orbitdownloader\orbitdm.exe" = C:\Users\Mike\Downloads\orbit\Orbitdownloader\orbitdm.exe:*:Enabled:Orbit -- (Orbitdownloader.com)
"C:\Users\Mike\Downloads\orbit\Orbitdownloader\orbitnet.exe" = C:\Users\Mike\Downloads\orbit\Orbitdownloader\orbitnet.exe:*:Enabled:Orbit -- (Orbitdownloader.com)
"C:\Users\Mike\Downloads\orbit\Orbitdownloader\orbitdm.exe" = C:\Users\Mike\Downloads\orbit\Orbitdownloader\orbitdm.exe:*:Enabled:Orbit -- (Orbitdownloader.com)
"C:\Users\Mike\Downloads\orbit\Orbitdownloader\orbitnet.exe" = C:\Users\Mike\Downloads\orbit\Orbitdownloader\orbitnet.exe:*:Enabled:Orbit -- (Orbitdownloader.com)


========== Vista Active Open Ports Exception List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{013FA5AB-F30E-4B50-A787-EF9D54008020}" = lport=8381 | protocol=6 | dir=in | name=league of legends launcher |
"{0BCB1847-C81B-42C5-8270-7B1983C6061D}" = lport=139 | protocol=6 | dir=in | app=system |
"{26E006A6-216E-47DA-A143-E1ED1559B750}" = lport=rpc | protocol=6 | dir=in | svc=spooler | app=%systemroot%\system32\spoolsv.exe |
"{2C91A5CF-26B7-4FC9-8FC8-C5F2801E1447}" = lport=138 | protocol=17 | dir=in | app=system |
"{A144DAB4-BC22-4DD4-AE3E-83F22A3BAE37}" = lport=8381 | protocol=17 | dir=in | name=league of legends launcher |
"{AA0C35DE-5636-415A-9BA8-7187F558A519}" = rport=138 | protocol=17 | dir=out | app=system |
"{BEFD0730-1A4A-45B6-9478-E8AFF72E503B}" = lport=445 | protocol=6 | dir=in | app=system |
"{D5300B79-5F77-47E8-86BC-427EE53F18B7}" = rport=445 | protocol=6 | dir=out | app=system |
"{DB043EDA-F22E-4223-A927-F6513BC7B665}" = rport=139 | protocol=6 | dir=out | app=system |
"{E7D30358-EB38-4032-8D3F-88124BEEFB4C}" = lport=rpc-epmap | protocol=6 | dir=in | svc=rpcss | name=@firewallapi.dll,-28539 |
"{E834FDDB-CA3A-42B1-A556-39B18E7561BD}" = rport=137 | protocol=17 | dir=out | app=system |
"{F9C2EC7C-95C6-4892-BB37-ED567E1DD841}" = lport=137 | protocol=17 | dir=in | app=system |

========== Vista Active Application Exception List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{033E08F7-9006-4C61-B0C1-77F22F3CE6D7}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\sid meier's civilization v - demo\launcher.exe |
"{045F3E77-7F2D-4067-980A-73849BE9F230}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\cogs\cogs.exe |
"{0CD5C764-340E-430E-9FC7-31240E503B25}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\greed corp\game.exe |
"{11D54B14-6A6B-410A-919F-A94D872523A8}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\sid meier's civilization v - demo\civilizationv.exe |
"{14FF7292-9D25-4970-8852-85363F1950C8}" = dir=in | app=c:\program files (x86)\dell\mediadirect\kernel\dmp\clbrowserengine.exe |
"{1C5B1956-57D5-45A5-AF15-7A6E1E7D9C2B}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\r.u.s.e. beta\ruse.exe |
"{1D8564D4-9355-4AE4-BF65-0829CDF04A36}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\magicka\magicka.exe |
"{306959C0-B002-4BE4-93EE-BA168967EB8A}" = dir=in | app=c:\program files (x86)\dell\mediadirect\kernel\dms\clmsservice.exe |
"{361634F4-0400-4FF2-813A-228EE6967EC1}" = protocol=17 | dir=in | app=c:\windows\syswow64\pnkbstrb.exe |
"{3AE3964B-C448-4270-98FA-610666B6C5E0}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\sid meier's civilization v - demo\civilizationv.exe |
"{40D62E90-EDEC-4322-ABA1-003F2E50EEB0}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\overlord ii\config.exe |
"{41046434-4193-41A3-81B7-A9F5ECC0C090}" = protocol=6 | dir=in | app=c:\program files (x86)\abbyy finereader 6.0 sprint\scan\scanman6.exe |
"{4105C39C-DF95-4809-9720-8EDFE4C22114}" = protocol=17 | dir=in | app=c:\riot games\league of legends\game\league of legends.exe |
"{45E428C4-FC21-42ED-B80D-4301971FA9A9}" = protocol=17 | dir=in | app=c:\program files (x86)\pando networks\media booster\pmb.exe |
"{4EF59B98-7F3F-4452-BA90-133E06548E14}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\eufloria\eufloria.exe |
"{4F2B1508-4073-4FF6-879A-58A2A80D524A}" = dir=in | app=c:\program files (x86)\dell\mediadirect\mediadirect.exe |
"{5096F125-5233-4324-8AEB-47CB669F4F3F}" = protocol=6 | dir=in | app=c:\program files (x86)\dell video chat\dellvideochat.exe |
"{530F6541-753E-4583-AE03-AE5183C5947D}" = dir=in | app=c:\program files (x86)\dell\mediadirect\pcmservice.exe |
"{531189D7-8ADF-47F2-9F43-ED70573DA452}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\eufloria\eufloria.exe |
"{531B9BC5-6685-42E9-BB58-DC6B692F6734}" = protocol=17 | dir=in | app=c:\program files (x86)\ea games\battlefield 2\bf2.exe |
"{584A511D-E7F2-4835-896F-B9564E7270AA}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\majesty 2\m2editor.exe |
"{5DDF6D3F-D643-43C3-AD9D-C90B139BAFDB}" = protocol=58 | dir=out | name=@firewallapi.dll,-28546 |
"{603F0AFE-B76A-407C-B6B6-E136E8C49434}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\darwinia\darwinia.exe |
"{680CE327-6600-4800-B753-3FAB0834BF3A}" = protocol=17 | dir=in | app=c:\program files (x86)\bonjour\mdnsresponder.exe |
"{69560806-BAE6-4362-A3FC-962709929DD0}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\plain sight\plainsight.exe |
"{6D5F4843-B239-401F-8A64-9BB8E0AB6374}" = protocol=17 | dir=in | app=c:\riot games\league of legends\air\lolclient.exe |
"{71CAEC3D-E2D9-45B7-97B2-FFA89610C283}" = protocol=1 | dir=out | name=@firewallapi.dll,-28544 |
"{720635F0-F2B4-4332-8EE3-DA4DF697C681}" = dir=in | app=c:\program files (x86)\itunes\itunes.exe |
"{74573407-07B8-4B84-B581-A20037A40CAA}" = protocol=58 | dir=in | name=@firewallapi.dll,-28545 |
"{74D35353-E5F9-4C13-9D4D-8F8E9E681F64}" = protocol=1 | dir=in | name=@firewallapi.dll,-28543 |
"{7A7EFE14-50D6-4E67-BA62-7DDF64169B6D}" = protocol=17 | dir=in | app=c:\program files (x86)\dell video chat\dellvideochat.exe |
"{7CD6464F-81AD-4FFC-A1FD-50F74000C9F5}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\call of duty modern warfare 2\iw4mp.exe |
"{7D64DE2B-AE95-4185-A892-488C5DAD1BBC}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\majesty 2\majesty2.exe |
"{7F6B4952-1C27-4EF7-BEA1-CEF064A27456}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\plain sight\plainsight.exe |
"{849C0ADF-819C-4041-96FB-781E58F455BD}" = dir=in | app=c:\windows\system32\lxeccoms.exe |
"{881DD592-F4B3-4E6E-8DD3-A6E7E97D9DBF}" = protocol=6 | dir=in | app=c:\windows\syswow64\pnkbstra.exe |
"{8BE5DB4E-B861-40A8-8428-A896AFF727B1}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\overlord ii\overlord2.exe |
"{955B54E3-4BDA-45E3-ACD1-517E306F548E}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\greed corp\game.exe |
"{9965365C-8837-4259-9277-209155691300}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\r.u.s.e. beta\ruse.exe |
"{9A0A783E-0913-4416-AD1E-EAF54F0CA603}" = dir=in | app=c:\windows\system32\lxeccoms.exe |
"{9A5D2A0A-75BD-4571-9446-E3458716EF4C}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steam.exe |
"{A6341359-10EC-4BD8-B4C8-8ADEC9EB6CED}" = protocol=17 | dir=in | app=c:\windows\syswow64\pnkbstra.exe |
"{A92B2171-4077-425A-93E4-40EC5467B3EA}" = dir=in | app=c:\windows\system32\lxeccoms.exe |
"{A943AAAE-5E01-4D03-A255-4AFCF417EB68}" = protocol=17 | dir=in | app=c:\program files (x86)\abbyy finereader 6.0 sprint\scan\scanman6.exe |
"{A9695FFB-AA83-4670-8570-C28F55514181}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\darwinia\darwinia.exe |
"{AE11F0FD-EF34-41D8-9850-6BA8B4746476}" = dir=in | app=c:\program files (x86)\common files\mcafee\mna\mcnasvc.exe |
"{AE22BB64-2904-4443-83C8-41401EEED5BC}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\sid meier's civilization v - demo\launcher.exe |
"{AE9629A4-C561-47E7-890B-9C1CC77E605A}" = protocol=6 | dir=in | app=c:\program files (x86)\pando networks\media booster\pmb.exe |
"{B0030A06-C582-4954-8CA9-B8BEF2D5B5A2}" = protocol=6 | dir=in | app=c:\windows\syswow64\pnkbstrb.exe |
"{B030C2C9-63F9-43BD-878C-3F3A40AEC2E2}" = protocol=6 | dir=in | app=c:\riot games\league of legends\game\league of legends.exe |
"{B27CC36A-7C44-40F4-95E9-B638E706DEC9}" = protocol=6 | dir=in | app=c:\program files (x86)\bonjour\mdnsresponder.exe |
"{B4D66069-769E-4643-9DC5-1517E37E15C7}" = protocol=17 | dir=in | app=c:\program files (x86)\microsoft office\office12\onenote.exe |
"{B68866C8-9D10-4791-A2A5-4D60F1B4E2C5}" = dir=in | app=c:\program files (x86)\pando networks\media booster\pmb.exe |
"{B971B829-AB54-4F1D-9601-EBDDD937AA03}" = protocol=6 | dir=in | app=c:\program files (x86)\pando networks\media booster\pmb.exe |
"{BAA23284-11AE-4775-891B-8E477AA0B717}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\r.u.s.e. demo\ruse.exe |
"{BCC52907-3B52-4FEE-835A-BE6E31755739}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\magicka\magicka.exe |
"{C9048197-9148-4255-A82B-F67728013520}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\cogs\cogs.exe |
"{CAB543E9-E9B3-4068-AD99-6D566EE67FB2}" = protocol=17 | dir=in | app=c:\program files (x86)\pando networks\media booster\pmb.exe |
"{CECEBBE2-A4F3-40A0-9561-A0E4BFDD109D}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\overlord ii\overlord2.exe |
"{D3020EBF-42F5-4335-8386-92A64ECE1520}" = dir=in | app=c:\windows\system32\lxeccoms.exe |
"{D8A56DFC-92B2-41AD-BAF9-3393CF2DA57C}" = protocol=6 | dir=in | app=c:\riot games\league of legends\air\lolclient.exe |
"{DAF06B4A-CA36-466B-A79F-1E4B289B7F6C}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\r.u.s.e. demo\ruse.exe |
"{DDE4145B-F2EA-49E7-8037-497A23BBD94F}" = dir=in | app=c:\program files\common files\mcafee\mcsvchost\mcsvhost.exe |
"{DFA139EE-095E-4BBD-AAB4-44D937ACF5BC}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\overlord ii\config.exe |
"{E05D7986-3F8E-455A-99F6-C5D8BC49D80F}" = protocol=6 | dir=in | app=c:\program files (x86)\microsoft office\office12\onenote.exe |
"{E64798CA-2755-4DE4-9D25-C454513B70B9}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\majesty 2\m2editor.exe |
"{E72873E3-AA7F-44F0-B6D5-B8BBDC3AF235}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steam.exe |
"{EC5908A0-2E3E-4AED-B3C7-7285F06332E5}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\call of duty modern warfare 2\iw4mp.exe |
"{F73FD016-96A1-4443-AC96-6308B4E9CA15}" = protocol=6 | dir=in | app=c:\program files (x86)\ea games\battlefield 2\bf2.exe |
"{FC61A3A0-0DDE-4C18-9AAA-8FD3C07C2A5B}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\majesty 2\majesty2.exe |
"TCP Query User{26C40A1D-E833-4EC5-8525-06855C606957}C:\program files (x86)\mozilla firefox\firefox.exe" = protocol=6 | dir=in | app=c:\program files (x86)\mozilla firefox\firefox.exe |
"TCP Query User{5A937A3E-7076-4A42-9EC1-3DAB0D7C2BDC}C:\program files (x86)\starcraft ii\versions\base15405\sc2.exe" = protocol=6 | dir=in | app=c:\program files (x86)\starcraft ii\versions\base15405\sc2.exe |
"TCP Query User{98079780-549B-42AE-88DE-18C2EFCC02D4}C:\program files (x86)\starcraft ii\starcraft ii.exe" = protocol=6 | dir=in | app=c:\program files (x86)\starcraft ii\starcraft ii.exe |
"TCP Query User{BD0669D3-6A81-45C1-94DB-76E30D896DB7}C:\program files (x86)\starcraft ii\support\blizzarddownloader.exe" = protocol=6 | dir=in | app=c:\program files (x86)\starcraft ii\support\blizzarddownloader.exe |
"UDP Query User{1FA7D2E3-EF22-41BC-8CA1-8A24EC469029}C:\program files (x86)\starcraft ii\starcraft ii.exe" = protocol=17 | dir=in | app=c:\program files (x86)\starcraft ii\starcraft ii.exe |
"UDP Query User{3952A128-2318-49F3-8D2A-93CC1FDDE138}C:\program files (x86)\starcraft ii\support\blizzarddownloader.exe" = protocol=17 | dir=in | app=c:\program files (x86)\starcraft ii\support\blizzarddownloader.exe |
"UDP Query User{5390810C-1139-467E-A299-7F05968B8050}C:\program files (x86)\starcraft ii\versions\base15405\sc2.exe" = protocol=17 | dir=in | app=c:\program files (x86)\starcraft ii\versions\base15405\sc2.exe |
"UDP Query User{8BD32D9B-9B6F-4FAE-8807-3528A0686B8A}C:\program files (x86)\mozilla firefox\firefox.exe" = protocol=17 | dir=in | app=c:\program files (x86)\mozilla firefox\firefox.exe |

========== HKEY_LOCAL_MACHINE Uninstall List ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{071c9b48-7c32-4621-a0ac-3f809523288f}" = Microsoft Visual C++ 2005 Redistributable (x64)
"{0C682623-8F66-46A8-B9B3-93FE1E66A001}" = iTunes
"{26A24AE4-039D-4CA4-87B4-2F86416013FF}" = Java(TM) 6 Update 13 (64-bit)
"{5563A0F6-CF81-451E-87AD-A50075BCA9B7}" = QuickSet
"{8220EEFE-38CD-377E-8595-13398D740ACE}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17
"{8EBA8727-ADC2-477B-9D9A-1A1836BE4E05}" = Dell Edoc Viewer
"{90120000-002A-0000-1000-0000000FF1CE}" = Microsoft Office Office 64-bit Components 2007
"{90120000-002A-0409-1000-0000000FF1CE}" = Microsoft Office Shared 64-bit MUI (English) 2007
"{90120000-0116-0409-1000-0000000FF1CE}" = Microsoft Office Shared 64-bit Setup Metadata MUI (English) 2007
"{963BFE7E-C350-4346-B43C-B02358306A45}" = Apple Mobile Device Support
"{9F72EF8B-AEC9-4CA5-B483-143980AFD6FD}" = Dell Touchpad
"{A2289997-10A3-48F2-AA03-99180D761661}" = Fingerprint Reader Suite 5.6
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{E4F5E48E-7155-4CF9-88CD-7F377EC9AC54}" = Bonjour
"{F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4}" = Microsoft .NET Framework 4 Client Profile
"{F6CB42B9-F033-4152-8813-FF11DA8E6A78}" = Dell Dock
"Broadcom 802.11 Application" = Dell Wireless WLAN Card Utility
"Creative OEM002" = Laptop Integrated Webcam Driver (1.03.02.0719)
"Cucusoft iPhone Tool Kits_is1" = iPhone Tool Kits 2.5.1
"Lexmark Pro800-Pro900 Series" = Lexmark Pro800-Pro900 Series
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"NVIDIA Drivers" = NVIDIA Drivers

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{01501EBA-EC35-4F9F-8889-3BE346E5DA13}" = MSXML4 Parser
"{048298C9-A4D3-490B-9FF9-AB023A9238F3}" = Steam
"{04858915-9F49-4B2A-AED4-DC49A7DE6A7B}" = Battlefield 2: Deluxe Edition
"{08E81ABD-79F7-49C2-881F-FD6CB0975693}" = Roxio Creator Data
"{09760D42-E223-42AD-8C3E-55B47D0DDAC3}" = Roxio Creator DE
"{1017A80C-6F09-4548-A84D-EDD6AC9525F0}" = Lexmark Toolbar
"{10812DE7-2E57-4740-B226-6B3BE34AF9D7}" = Lexmark Tools for Office
"{111DB3F0-0C58-4475-9954-1BD5B7B28618}" = League of Legends
"{13766F76-6C8C-4E57-A9F3-3212D1C6E0D1}" = Dell DataSafe Online
"{18455581-E099-4BA8-BC6B-F34B2F06600C}" = Google Toolbar for Internet Explorer
"{19BFDA5D-1FE2-4F25-97F9-1A79DD04EE20}" = Microsoft XNA Framework Redistributable 3.1
"{1D5E29AD-39A9-4D0A-A8B6-46A6FCD8C995}" = Live! Cam Avatar v1.0
"{1F54DAFA-9261-4A62-B59D-6C9F26B48FE4}" = Roxio Creator Tools
"{212125C1-E5A3-4810-A057-C20FB2A79327}" = Majesty - Gold Edition
"{2318C2B1-4965-11d4-9B18-009027A5CD4F}" = Google Toolbar for Internet Explorer
"{26A24AE4-039D-4CA4-87B4-2F83216013FF}" = Java(TM) 6 Update 24
"{27F00C63-449B-2FAB-CBE8-24AB80E17449}" = Acrobat.com
"{30465B6C-B53F-49A1-9EBA-A3F187AD502E}" = Roxio Update Manager
"{3763A2B4-B07A-4E4D-994D-7D2C6AF0CF9E}" = Safari
"{3EE33958-7381-4E7B-A4F3-6E43098E9E9C}" = Browser Address Error Redirector
"{415B2719-AD3A-4944-B404-C472DB6085B3}" = Cisco EAP-FAST Module
"{45A66726-69BC-466B-A7A4-12FCBA4883D7}" = HiJackThis
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{57752979-A1C9-4C02-856B-FBB27AC4E02C}" = QuickTime
"{62230596-37E5-4618-A329-0D21F529A86F}" = Browser Address Error Redirector
"{65D0C510-D7B6-4438-9FC8-E6B91115AB0D}" = Live! Cam Avatar Creator
"{6675CA7F-E51B-4F6A-99D4-F8F0124C6EAA}" = Roxio Express Labeler 3
"{669C7BD8-DAA2-49B6-966C-F1E2AAE6B17E}" = Cisco PEAP Module
"{69FDFBB6-351D-4B8C-89D8-867DC9D0A2A4}" = Windows Media Player Firefox Plugin
"{6C90C4C4-559D-4FE8-A4BF-37550E74D1FC}" = Bloodline Champions
"{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable
"{73A4F29F-31AC-4EBD-AA1B-0CC5F18C8F83}" = Roxio Creator Audio
"{7DB9F1E5-9ACB-410D-A7DC-7A3D023CE045}" = Dell Getting Started Guide
"{83770D14-21B9-44B3-8689-F7B523F94560}" = Cisco LEAP Module
"{90120000-0016-0409-0000-0000000FF1CE}" = Microsoft Office Excel MUI (English) 2007
"{90120000-0018-0409-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (English) 2007
"{90120000-001B-0409-0000-0000000FF1CE}" = Microsoft Office Word MUI (English) 2007
"{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007
"{90120000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2007
"{90120000-001F-0C0A-0000-0000000FF1CE}" = Microsoft Office Proof (Spanish) 2007
"{90120000-002C-0409-0000-0000000FF1CE}" = Microsoft Office Proofing (English) 2007
"{90120000-006E-0409-0000-0000000FF1CE}" = Microsoft Office Shared MUI (English) 2007
"{90120000-00A1-0409-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (English) 2007
"{90120000-0115-0409-0000-0000000FF1CE}" = Microsoft Office Shared Setup Metadata MUI (English) 2007
"{903679E8-44C8-4C07-9600-05C92654FC50}" = QualXServ Service Agreement
"{91120000-002F-0000-0000-0000000FF1CE}" = Microsoft Office Home and Student 2007
"{92606477-9366-4D3B-8AE3-6BE4B29727AB}" = League of Legends
"{95120000-00AF-0409-0000-0000000FF1CE}" = Microsoft Office PowerPoint Viewer 2007 (English)
"{980A182F-E0A2-4A40-94C1-AE0C1235902E}" = Pando Media Booster
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{9BDEF074-020E-458D-ADC5-8FF68E0C9B56}" = OutlookAddinSetup
"{9C6978E8-B6D0-4AB7-A7A0-D81A74FBF745}" = MediaDirect
"{9DF0196F-B6B8-4C3A-8790-DE42AA530101}" = SPORE™
"{A2BCA9F1-566C-4805-97D1-7FDC93386723}" = Adobe AIR
"{A5DD7359-5EB4-4D35-BBAF-E6A88269790B}" = League of Legends
"{A7E19604-93AF-4611-8C9F-CE509C2B286F}_is1" = Free YouTube Downloader 3.2.77
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{AB05F2C8-F608-403b-95E1-FD8ADFACD31E}" = Windows 7 Upgrade Advisor
"{AC76BA86-7AD7-1033-7B44-A93000000001}" = Adobe Reader 9.3
"{ACF60000-22B9-4CE9-98D6-2CCF359BAC07}" = ABBYY FineReader 6.0 Sprint
"{AF7733C1-FB0B-4FED-9730-E0433AF7A2EF}" = Magic Online
"{B6A26DE5-F2B5-4D58-9570-4FC760E00FCD}" = Roxio Creator Copy
"{BA688606-4B20-4982-995E-EDADC6A6817E}" = League of Legends
"{C41300B9-185D-475E-BFEC-39EF732F19B1}" = Apple Software Update
"{D2C5E510-BE6D-42CC-9F61-E4F939078474}" = Lexmark Printable Web
"{DD1865F0-AD73-40FB-B23E-1822E02396FF}" = NVIDIA PhysX
"{DE29025A-091F-4998-AD2D-24C84421190F}" = Railroad Tycoon 3
"{EB1B8449-CD8F-485B-ADB6-02FBCFE180D3}" = Razer DeathAdder(TM) Mouse
"{ED439A64-F018-4DD4-8BA5-328D85AB09AB}" = Roxio Creator DE
"{EE6097DD-05F4-4178-9719-D3170BF098E8}" = Apple Application Support
"{EF7E931D-DC84-471B-8DB6-A83358095474}" = EA Download Manager
"7-Zip" = 7-Zip 9.20
"Adobe AIR" = Adobe AIR
"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin
"Adobe Shockwave Player" = Adobe Shockwave Player 11.5
"Advanced Audio FX Engine" = Advanced Audio FX Engine
"Advanced Video FX Engine" = Advanced Video FX Engine
"Age of Mythology 1.0" = Age of Mythology
"Any Video Converter_is1" = Any Video Converter 3.2.1
"Audacity_is1" = Audacity 1.2.6
"Avidemux 2.5" = Avidemux 2.5
"com.adobe.mauby.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1" = Acrobat.com
"Defcon_is1" = Defcon v1.6
"Dell Video Chat" = Dell Video Chat
"Dell Webcam Center" = Dell Webcam Center
"Dell Webcam Manager" = Dell Webcam Manager
"Disciples II Expansion" = Disciples II Expansion
"ffdshow_is1" = ffdshow v1.1.3771 [2011-03-07]
"GOM Player" = GOM Player
"GomTVStreamer" = GOMTV Streamer
"HOMESTUDENTR" = Microsoft Office Home and Student 2007
"InstallShield_{EF7E931D-DC84-471B-8DB6-A83358095474}" = EA Download Manager
"LAME for Audacity_is1" = LAME v3.98.2 for Audacity
"Lords of Magic Special Edition Demo" = Lords of Magic Special Edition Demo
"Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware
"Mozilla Firefox (3.6.16)" = Mozilla Firefox (3.6.16)
"MSC" = McAfee SecurityCenter
"OpenAL" = OpenAL
"Orbit_is1" = Orbit Downloader
"Pharaoh" = Pharaoh
"Pocket Tanks_is1" = Pocket Tanks v1.3
"PunkBusterSvc" = PunkBuster Services
"Search Toolbar" = Search Toolbar
"Sierra Utilities" = Sierra Utilities
"StarCraft II" = StarCraft II
"StarCraft II Beta" = StarCraft II Beta
"Steam App 10190" = Call of Duty: Modern Warfare 2 - Multiplayer
"Steam App 12810" = Overlord II
"Steam App 1500" = Darwinia
"Steam App 1520" = DEFCON
"Steam App 211" = Source SDK
"Steam App 25980" = Majesty 2
"Steam App 26500" = Cogs
"Steam App 26810" = Braid Demo
"Steam App 33310" = R.U.S.E. Demo
"Steam App 400" = Portal
"Steam App 41210" = Eufloria
"Steam App 42910" = Magicka
"Steam App 440" = Team Fortress 2
"Steam App 48950" = Greed Corp
"Steam App 49900" = Plain Sight
"Steam App 65900" = Sid Meier's Civilization V - Demo
"XiphQT" = Xiph QuickTime Components

========== HKEY_USERS Uninstall List ==========

[HKEY_USERS\S-1-5-21-2520582024-2885647733-2161914160-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"Google Chrome" = Google Chrome
"Octoshape Streaming Services" = Octoshape Streaming Services

========== Last 10 Event Log Errors ==========

[ Application Events ]
Error - 4/16/2011 2:21:11 PM | Computer Name = Mikes-Laptop | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: m->NextScheduledSPRetry 556097

Error - 4/16/2011 2:21:12 PM | Computer Name = Mikes-Laptop | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: Continuously busy for more than a second

Error - 4/16/2011 2:21:12 PM | Computer Name = Mikes-Laptop | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: m->NextScheduledEvent 557220

Error - 4/16/2011 2:21:12 PM | Computer Name = Mikes-Laptop | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: m->NextScheduledSPRetry 557220

Error - 4/16/2011 2:21:13 PM | Computer Name = Mikes-Laptop | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: Continuously busy for more than a second

Error - 4/16/2011 2:21:13 PM | Computer Name = Mikes-Laptop | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: m->NextScheduledEvent 558234

Error - 4/16/2011 2:21:13 PM | Computer Name = Mikes-Laptop | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: m->NextScheduledSPRetry 558234

Error - 4/16/2011 2:21:17 PM | Computer Name = Mikes-Laptop | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: Continuously busy for more than a second

Error - 4/16/2011 2:21:17 PM | Computer Name = Mikes-Laptop | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: m->NextScheduledEvent 562743

Error - 4/16/2011 2:21:17 PM | Computer Name = Mikes-Laptop | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: m->NextScheduledSPRetry 562743

[ Broadcom Wireless LAN Events ]
Error - 3/8/2011 12:55:48 AM | Computer Name = Mikes-Laptop | Source = WLAN-Tray | ID = 0
Description = 23:55:47, Mon, Mar 07, 11 Error - Unable to gain access to user store


[ System Events ]
Error - 4/24/2011 11:04:14 PM | Computer Name = Mikes-Laptop | Source = Application Popup | ID = 1060
Description = \??\C:\ComboFix\catchme.sys has been blocked from loading due to incompatibility
with this system. Please contact your software vendor for a compatible version
of the driver.

Error - 4/24/2011 11:05:24 PM | Computer Name = Mikes-Laptop | Source = Service Control Manager | ID = 7030
Description =

Error - 4/24/2011 11:05:40 PM | Computer Name = Mikes-Laptop | Source = Service Control Manager | ID = 7030
Description =

Error - 4/24/2011 11:07:46 PM | Computer Name = Mikes-Laptop | Source = netbt | ID = 4321
Description = The name "WORKGROUP :1d" could not be registered on the interface
with IP address 192.168.1.100. The computer with the IP address 192.168.1.104 did
not allow the name to be claimed by this computer.

Error - 4/24/2011 11:08:51 PM | Computer Name = Mikes-Laptop | Source = Service Control Manager | ID = 7009
Description =

Error - 4/24/2011 11:08:51 PM | Computer Name = Mikes-Laptop | Source = Service Control Manager | ID = 7000
Description =

Error - 4/24/2011 11:08:51 PM | Computer Name = Mikes-Laptop | Source = Service Control Manager | ID = 7026
Description =

Error - 4/25/2011 12:00:54 AM | Computer Name = Mikes-Laptop | Source = Service Control Manager | ID = 7009
Description =

Error - 4/25/2011 12:00:54 AM | Computer Name = Mikes-Laptop | Source = Service Control Manager | ID = 7000
Description =

Error - 4/25/2011 12:00:54 AM | Computer Name = Mikes-Laptop | Source = Service Control Manager | ID = 7026
Description =


< End of report >
 
is it unimportant that the bootkit remover didn't change its result?
MBRCheck does the same thing and it looks good.

We need to remove old Java version and its remnants...

Download JavaRa to your desktop and unzip it to its own folder
  • Run JavaRa.exe (Vista users! Right click on JavaRa.exe, click Run As Administrator), pick the language of your choice and click Select. Then click Remove Older Versions.
  • Accept any prompts.

========================================================================

Run OTL
  • Under the Custom Scans/Fixes box at the bottom, paste in the following

    Code:
    :OTL
    IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = <local>
    IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyServer" = http=127.0.0.1:59274
    IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = <local>
    IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyServer" = http=127.0.0.1:59274
    IE - HKU\S-1-5-21-2520582024-2885647733-2161914160-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = <local>;*.local
    FF - prefs.js..extensions.enabledItems: searchtoolbar@zugo.com:1.2
    FF - prefs.js..browser.startup.homepage: "http://www.bing.com/?pc=ZUGO&form=ZGAPHP"
    FF - prefs.js..keyword.URL: "http://www.bing.com/search?pc=ZUGO&form=ZGAADF&q="
    [2011/03/25 23:18:12 | 000,001,919 | ---- | M] () -- C:\Users\Mike\AppData\Roaming\Mozilla\Firefox\Profiles\o1lev4nw.default\sea rchplugins\bing-zugo.xml
    O2 - BHO: (no name) - MRI_DISABLED - No CLSID value found.
    O4 - Startup: C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dell Dock First Run.lnk = File not found
    O4 - Startup: C:\Users\Default User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dell Dock First Run.lnk = File not found
    O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab (Reg Error: Key error.)
    O28:64bit: - HKLM ShellExecuteHooks: {AEB6717E-7E19-11d0-97EE-00C04FD91972} - Reg Error: Key error. File not found
    O28 - HKLM ShellExecuteHooks: {AEB6717E-7E19-11d0-97EE-00C04FD91972} - Reg Error: Key error. File not found
    [2011/03/25 23:16:59 | 000,462,112 | ---- | C] (How Inc.) -- C:\Program Files (x86)\Common Files\ZugoInstaller.exe
    @Alternate Data Stream - 130 bytes -> C:\ProgramData\TEMP:5D432CE3
    
    :Commands
    [purity]
    [emptytemp]
    [emptyflash]
    [Reboot]
  • Then click the Run Fix button at the top
  • Let the program run unhindered, reboot the PC when it is done
  • You will get a log that shows the results of the fix. Please post it.

=====================================================================

Last scans...

1. Download Security Check from HERE, and save it to your Desktop.
  • Double-click SecurityCheck.exe
  • Follow the onscreen instructions inside of the black box.
  • A Notepad document should open automatically called checkup.txt; please post the contents of that document.

    NOTE SecurityCheck may produce some false warning(s), so leave the results reading to me.


2. Download Temp File Cleaner (TFC)
  • Double click on TFC.exe to run the program.
  • Click on Start button to begin cleaning process.
  • TFC will close all running programs, and it may ask you to restart computer.


3. Please run a free online scan with the ESET Online Scanner

  • Disable your antivirus program
  • Tick the box next to YES, I accept the Terms of Use
  • Click Start
  • IMPORTANT! UN-check Remove found threats
  • Accept any security warnings from your browser.
  • Check Scan archives
  • Click Start
  • ESET will then download updates for itself, install itself, and begin scanning your computer. Please be patient as this can take some time.
  • When the scan completes, push List of found threats
  • Click on Export to text file , and save the file to your desktop using a unique name, such as ESETScan. Include the contents of this report in your next reply.
  • NOTE. If Eset won't find any threats, it won't produce any log.
 
Here are the logs


All processes killed
========== OTL ==========
HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings\\ProxyOverride| /E : value set successfully!
HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings\\ProxyServer| /E : value set successfully!
HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings\\ProxyOverride| /E : value set successfully!
HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings\\ProxyServer| /E : value set successfully!
HKU\S-1-5-21-2520582024-2885647733-2161914160-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings\\ProxyOverride| /E : value set successfully!
Prefs.js: searchtoolbar@zugo.com:1.2 removed from extensions.enabledItems
Prefs.js: "http://www.bing.com/?pc=ZUGO&form=ZGAPHP" removed from browser.startup.homepage
Prefs.js: "http://www.bing.com/search?pc=ZUGO&form=ZGAADF&q=" removed from keyword.URL
File C:\Users\Mike\AppData\Roaming\Mozilla\Firefox\Profiles\o1lev4nw.default\sea rchplugins\bing-zugo.xml not found.
Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\MRI_DISABLED\ deleted successfully.
C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dell Dock First Run.lnk moved successfully.
File move failed. C:\Users\Default User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dell Dock First Run.lnk scheduled to be moved on reboot.
Starting removal of ActiveX control {E2883E8F-472F-4FB0-9522-AC9BF37916A7}
C:\Windows\Downloaded Program Files\gp.inf not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{E2883E8F-472F-4FB0-9522-AC9BF37916A7}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{E2883E8F-472F-4FB0-9522-AC9BF37916A7}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{E2883E8F-472F-4FB0-9522-AC9BF37916A7}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{E2883E8F-472F-4FB0-9522-AC9BF37916A7}\ not found.
64bit-Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks\\{AEB6717E-7E19-11d0-97EE-00C04FD91972} deleted successfully.
64bit-Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{AEB6717E-7E19-11d0-97EE-00C04FD91972}\ not found.
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks\\{AEB6717E-7E19-11d0-97EE-00C04FD91972} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{AEB6717E-7E19-11d0-97EE-00C04FD91972}\ not found.
C:\Program Files (x86)\Common Files\ZugoInstaller.exe moved successfully.
ADS C:\ProgramData\TEMP:5D432CE3 deleted successfully.
========== COMMANDS ==========

[EMPTYTEMP]

User: All Users

User: Default
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->Flash cache emptied: 0 bytes

User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->Flash cache emptied: 0 bytes

User: Mike
->Temp folder emptied: 33656 bytes
->Temporary Internet Files folder emptied: 7358460 bytes
->Java cache emptied: 0 bytes
->FireFox cache emptied: 22997052 bytes
->Google Chrome cache emptied: 288209790 bytes
->Apple Safari cache emptied: 0 bytes
->Flash cache emptied: 3534 bytes

User: Public
->Temp folder emptied: 0 bytes

%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32 (64bit) .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 90 bytes
%systemroot%\sysnative\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files folder emptied: 32969 bytes
RecycleBin emptied: 0 bytes

Total Files Cleaned = 304.00 mb


[EMPTYFLASH]

User: All Users

User: Default
->Flash cache emptied: 0 bytes

User: Default User
->Flash cache emptied: 0 bytes

User: Mike
->Flash cache emptied: 0 bytes

User: Public

Total Flash Files Cleaned = 0.00 mb


OTL by OldTimer - Version 3.2.22.3 log created on 04252011_161719

Files\Folders moved on Reboot...
File\Folder C:\Users\Default User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dell Dock First Run.lnk not found!

Registry entries deleted on Reboot...




Results of screen317's Security Check version 0.99.7
Windows Vista (UAC is enabled)
Out of date service pack!!
Internet Explorer 8
``````````````````````````````
Antivirus/Firewall Check:

Windows Firewall Disabled!
McAfee SecurityCenter
[size=1]WMI entry may not exist for antivirus; attempting automatic update.[/size]
```````````````````````````````
Anti-malware/Other Utilities Check:

Malwarebytes' Anti-Malware
Java(TM) 6 Update 24
Out of date Java installed!
Adobe Flash Player 10.2.159.1
Adobe Reader 9.3
Out of date Adobe Reader installed!
````````````````````````````````
Process Check:
objlist.exe by Laurent

``````````End of Log````````````




C:\Qoobox\Quarantine\C\Program Files (x86)\Search Toolbar\SearchToolbar.dll.vir Win32/Toolbar.Zugo application
C:\Users\Mike\Downloads\FreeYouTubeDownloaderSetup.exe Win32/Toolbar.Zugo application
C:\_OTL\MovedFiles\04252011_161719\C_Program Files (x86)\Common Files\ZugoInstaller.exe Win32/Toolbar.Zugo application
 
Run OTL
  • Under the Custom Scans/Fixes box at the bottom, paste in the following

    Code:
    :OTL
    
    :Services
    
    :Reg
    
    :Files
    C:\Users\Mike\Downloads\FreeYouTubeDownloaderSetup.exe
    
    :Commands
    [purity]
    [emptytemp]
    [emptyflash]
    [Reboot]
  • Then click the Run Fix button at the top
  • Let the program run unhindered, reboot the PC when it is done
  • You will get a log that shows the results of the fix. Please post it.

=======================================================================

Update Adobe Reader

You can download it from https://www.techspot.com/downloads/2083-adobe-reader-dc.html
After installing the latest Adobe Reader, uninstall all previous versions.
Note. If you already have Adobe Photoshop® Album Starter Edition installed or do not wish to have it installed UNcheck the box which says Also Download Adobe Photoshop® Album Starter Edition.

Alternatively, you can uninstall Adobe Reader (33.5 MB), download and install Foxit PDF Reader(3.5MB) from HERE.
It's a much smaller file to download and uses a lot less resources than Adobe Reader.
Note: When installing FoxitReader, make sure to UN-check any pre-checked toolbar, or any other garbage.

=====================================================================

Your computer is clean

1. We need to reset system restore to prevent your computer from being accidentally reinfected by using some old restore point(s). We'll create fresh, clean restore point, using following OTL script:

Run OTL

  • Under the Custom Scans/Fixes box at the bottom, paste in the following:

Code:
:OTL
:Commands
[purity]
[emptytemp]
[EMPTYFLASH]
[CLEARALLRESTOREPOINTS]
[Reboot]

  • Then click the Run Fix button at the top
  • Let the program run unhindered, reboot the PC when it is done
  • Post resulting log.

2. Now, we'll remove all tools, we used during our cleaning process

Clean up with OTL:

  • Double-click OTL.exe to start the program.
  • Close all other programs apart from OTL as this step will require a reboot
  • On the OTL main screen, press the CLEANUP button
  • Say Yes to the prompt and then allow the program to reboot your computer.

If you still have any tools or logs leftover on your computer you can go ahead and delete those off of your computer now.

3. Make sure, Windows Updates are current.

4. If any Trojan was listed among your infection(s), make sure, you change all of your on-line important passwords (bank account(s), secured web sites, etc.) immediately!

5. Download, and install WOT (Web OF Trust): http://www.mywot.com/. It'll warn you (in most cases) about dangerous web sites.

6. Run Malwarebytes "Quick scan" once in a while to assure safety of your computer.

7. Run Temporary File Cleaner (TFC) weekly.

8. Download and install Secunia Personal Software Inspector (PSI): https://www.techspot.com/downloads/4898-secunia-personal-software-inspector-psi.html. The Secunia PSI is a FREE security tool designed to detect vulnerable and out-dated programs and plug-ins which expose your PC to attacks. Run it weekly.

9. (optional) If you want to keep all your programs up to date, download and install FileHippo Update Checker.
The Update Checker will scan your computer for installed software, check the versions and then send this information to FileHippo.com to see if there are any newer releases.

10. Run defrag at your convenience.

11. Read How did I get infected?, With steps so it does not happen again!: http://www.bleepingcomputer.com/forums/topic2520.html

12. Please, let me know, how your computer is doing.
 
Status
Not open for further replies.
Back