Solved Google redirect

eerievon · Oct 30, 2010

Every time that I open up Firefox and try and do a search it attempts to connect me to some various ad sites ( 99.80.55.19, cljkcpixelabn.com, and z0g7yail0.com.) I ran Avast! and it found some trojans and removed them but I am still getting the redirects and here recently I started getting a window that pops up when I run Firefox telling me that I need to clean my registry.
Here are the logs as per the instructions I have to break it up into a couple of posts since the whole thing was too long
Thanks for any help.

Malwarebytes' Anti-Malware 1.46
www.malwarebytes.org

Database version: 4999

Windows 6.1.7600
Internet Explorer 8.0.7600.16385

10/30/2010 12:39:18 PM
mbam-log-2010-10-30 (12-39-18).txt

Scan type: Quick scan
Objects scanned: 139795
Time elapsed: 4 minute(s), 13 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 4
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 2

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
HKEY_CURRENT_USER\SOFTWARE\C8H1KKCTZV (Trojan.FakeAlert) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\U36VRSFLG6 (Trojan.FakeAlert) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\NtWqIVLZEWZU (Trojan.FakeAlert) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\XML (Trojan.FakeAlert) -> Quarantined and deleted successfully.

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
C:\Windows\Xdirea.exe (Rootkit.TDSS) -> Quarantined and deleted successfully.
C:\Windows\Tasks\{BBAEAEAF-1275-40e2-BD6C-BC8F88BD114A}.job (Trojan.Downloader) -> Quarantined and deleted successfully.

eerievon · Oct 30, 2010

GMER 1.0.15.15477 - http://www.gmer.net
Rootkit scan 2010-10-30 13:15:59
Windows 6.1.7600
Running: k7wvk7ol.exe; Driver: C:\Users\Jester\AppData\Local\Temp\uftdypow.sys

---- System - GMER 1.0.15 ----

Code \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software) ZwCreateSection [0x8DDEB9D2]
Code \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software) ZwLoadDriver [0x8DDEBB0C]
Code \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software) NtCreateSection
Code \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software) ObMakeTemporaryObject

---- Kernel code sections - GMER 1.0.15 ----

.text ntkrnlpa.exe!ZwSaveKeyEx + 13AD 82A60599 1 Byte [06]
.text ntkrnlpa.exe!KiDispatchInterrupt + 5A2 82A84F52 19 Bytes [E0, 0F, BA, F0, 07, 73, 09, ...] {LOOPNZ 0x11; MOV EDX, 0x97307f0; MOV CR4, EAX; OR AL, 0x80; MOV CR4, EAX; RET ; MOV ECX, CR3}
? System32\drivers\ltfmygu.sys The system cannot find the path specified. !
? System32\Drivers\sprm.sys The system cannot find the path specified. !
.text USBPORT.SYS!DllUnload 8E039CA0 5 Bytes JMP 862861D8
.text ay2f65c0.SYS 8E1C7000 12 Bytes [44, 28, E3, 82, EE, 26, E3, ...]
.text ay2f65c0.SYS 8E1C700D 9 Bytes [07, E3, 82, 48, 2B, E3, 82, ...] {POP ES; JECXZ 0xffffffffffffff85; DEC EAX; SUB ESP, EBX; ADD BYTE [EAX], 0x0}
.text ay2f65c0.SYS 8E1C7017 170 Bytes [00, DE, 07, 33, 83, E6, 05, ...]
.text ay2f65c0.SYS 8E1C70C3 8 Bytes [00, 00, 00, 00, 00, 00, 00, ...] {ADD [EAX], AL; ADD [EAX], AL; ADD [EAX], AL; ADD [EAX], AL}
.text ay2f65c0.SYS 8E1C70CE 4 Bytes [00, 00, 00, 00] {ADD [EAX], AL; ADD [EAX], AL}
.text ...
.text user32.dll!SetWindowPos 75DB3581 5 Bytes JMP 10001040 \Program Files\DAEMON Tools Lite\Engine.dll (Helper library/DT Soft Ltd)
.text user32.dll!DrawIconEx 75DB4C5D 5 Bytes JMP 100011E0 \Program Files\DAEMON Tools Lite\Engine.dll (Helper library/DT Soft Ltd)
.text user32.dll!GetIconInfo 75DB4FA4 5 Bytes JMP 10001120 \Program Files\DAEMON Tools Lite\Engine.dll (Helper library/DT Soft Ltd)

---- User code sections - GMER 1.0.15 ----

.text C:\Windows\system32\svchost.exe[972] ntdll.dll!NtProtectVirtualMemory 77455380 5 Bytes JMP 0018000A
.text C:\Windows\system32\svchost.exe[972] ntdll.dll!NtWriteVirtualMemory 77455F00 5 Bytes JMP 0019000A
.text C:\Windows\system32\svchost.exe[972] ntdll.dll!KiUserExceptionDispatcher 77456448 5 Bytes JMP 0017000A
.text C:\Windows\system32\svchost.exe[972] ole32.dll!CoCreateInstance 75A0590C 5 Bytes JMP 004D000A
.text C:\Program Files\Alwil Software\Avast5\AvastSvc.exe[1392] kernel32.dll!SetUnhandledExceptionFilter 76153162 4 Bytes [C2, 04, 00, 90] {RET 0x4; NOP }
.text C:\Program Files\Pando Networks\Media Booster\PMB.exe[2160] kernel32.dll!SetUnhandledExceptionFilter 76153162 5 Bytes [33, C0, C2, 04, 00] {XOR EAX, EAX; RET 0x4}
.text C:\Users\Jester\Desktop\k7wvk7ol.exe[2576] USER32.dll!SetWindowPos 75DB3581 5 Bytes JMP 10001040 C:\Program Files\Stardock\CursorFX\CurXP0.dll (CursorFX support DLL/ )
.text C:\Users\Jester\Desktop\k7wvk7ol.exe[2576] USER32.dll!DrawIconEx 75DB4C5D 5 Bytes JMP 100011E0 C:\Program Files\Stardock\CursorFX\CurXP0.dll (CursorFX support DLL/ )
.text C:\Users\Jester\Desktop\k7wvk7ol.exe[2576] USER32.dll!GetIconInfo 75DB4FA4 5 Bytes JMP 10001120 C:\Program Files\Stardock\CursorFX\CurXP0.dll (CursorFX support DLL/ )
.text C:\Windows\Explorer.EXE[3404] ntdll.dll!NtProtectVirtualMemory 77455380 5 Bytes JMP 003E000A
.text C:\Windows\Explorer.EXE[3404] ntdll.dll!NtWriteVirtualMemory 77455F00 5 Bytes JMP 0043000A
.text C:\Windows\Explorer.EXE[3404] ntdll.dll!KiUserExceptionDispatcher 77456448 5 Bytes JMP 003D000A
.text C:\Windows\Explorer.EXE[3404] USER32.dll!SetWindowPos 75DB3581 5 Bytes JMP 10001040 C:\Program Files\Stardock\CursorFX\CurXP0.dll (CursorFX support DLL/ )
.text C:\Windows\Explorer.EXE[3404] USER32.dll!DrawIconEx 75DB4C5D 5 Bytes JMP 100011E0 C:\Program Files\Stardock\CursorFX\CurXP0.dll (CursorFX support DLL/ )
.text C:\Windows\Explorer.EXE[3404] USER32.dll!GetIconInfo 75DB4FA4 5 Bytes JMP 10001120 C:\Program Files\Stardock\CursorFX\CurXP0.dll (CursorFX support DLL/ )
.text C:\Program Files\Alwil Software\Avast5\AvastUI.exe[3580] USER32.dll!SetWindowPos 75DB3581 5 Bytes JMP 10001040 C:\Program Files\Stardock\CursorFX\CurXP0.dll (CursorFX support DLL/ )
.text C:\Program Files\Alwil Software\Avast5\AvastUI.exe[3580] USER32.dll!DrawIconEx 75DB4C5D 5 Bytes JMP 100011E0 C:\Program Files\Stardock\CursorFX\CurXP0.dll (CursorFX support DLL/ )
.text C:\Program Files\Alwil Software\Avast5\AvastUI.exe[3580] USER32.dll!GetIconInfo 75DB4FA4 5 Bytes JMP 10001120 C:\Program Files\Stardock\CursorFX\CurXP0.dll (CursorFX support DLL/ )

---- Kernel IAT/EAT - GMER 1.0.15 ----

IAT \SystemRoot\system32\DRIVERS\atapi.sys[ataport.SYS!AtaPortReadPortUchar] [83234042] \SystemRoot\System32\Drivers\sprm.sys
IAT \SystemRoot\system32\DRIVERS\atapi.sys[ataport.SYS!AtaPortWritePortUchar] [832346D6] \SystemRoot\System32\Drivers\sprm.sys
IAT \SystemRoot\system32\DRIVERS\atapi.sys[ataport.SYS!AtaPortWritePortBufferUshort] [83234800] \SystemRoot\System32\Drivers\sprm.sys
IAT \SystemRoot\system32\DRIVERS\atapi.sys[ataport.SYS!AtaPortReadPortBufferUshort] [8323413E] \SystemRoot\System32\Drivers\sprm.sys
IAT \SystemRoot\System32\Drivers\ay2f65c0.SYS[ataport.SYS!AtaPortNotification] 00147880
IAT \SystemRoot\System32\Drivers\ay2f65c0.SYS[ataport.SYS!AtaPortQuerySystemTime] 78800C75
IAT \SystemRoot\System32\Drivers\ay2f65c0.SYS[ataport.SYS!AtaPortReadPortUchar] 06750015
IAT \SystemRoot\System32\Drivers\ay2f65c0.SYS[ataport.SYS!AtaPortStallExecution] C25DC033
IAT \SystemRoot\System32\Drivers\ay2f65c0.SYS[ataport.SYS!AtaPortWritePortUchar] 458B0008
IAT \SystemRoot\System32\Drivers\ay2f65c0.SYS[ataport.SYS!AtaPortWritePortUlong] 6A006A08
IAT \SystemRoot\System32\Drivers\ay2f65c0.SYS[ataport.SYS!AtaPortGetPhysicalAddress] 50056A24
IAT \SystemRoot\System32\Drivers\ay2f65c0.SYS[ataport.SYS!AtaPortConvertPhysicalAddressToUlong] 005AB7E8
IAT \SystemRoot\System32\Drivers\ay2f65c0.SYS[ataport.SYS!AtaPortGetScatterGatherList] 0001B800
IAT \SystemRoot\System32\Drivers\ay2f65c0.SYS[ataport.SYS!AtaPortGetParentBusType] C25D0000
IAT \SystemRoot\System32\Drivers\ay2f65c0.SYS[ataport.SYS!AtaPortRequestCallback] CCCC0008
IAT \SystemRoot\System32\Drivers\ay2f65c0.SYS[ataport.SYS!AtaPortWritePortBufferUshort] CCCCCCCC
IAT \SystemRoot\System32\Drivers\ay2f65c0.SYS[ataport.SYS!AtaPortGetUnCachedExtension] CCCCCCCC
IAT \SystemRoot\System32\Drivers\ay2f65c0.SYS[ataport.SYS!AtaPortCompleteRequest] CCCCCCCC
IAT \SystemRoot\System32\Drivers\ay2f65c0.SYS[ataport.SYS!AtaPortCopyMemory] 53EC8B55
IAT \SystemRoot\System32\Drivers\ay2f65c0.SYS[ataport.SYS!AtaPortEtwTraceLog] 800C5D8B
IAT \SystemRoot\System32\Drivers\ay2f65c0.SYS[ataport.SYS!AtaPortCompleteAllActiveRequests] 7500117B
IAT \SystemRoot\System32\Drivers\ay2f65c0.SYS[ataport.SYS!AtaPortReleaseRequestSenseIrb] 127B806A
IAT \SystemRoot\System32\Drivers\ay2f65c0.SYS[ataport.SYS!AtaPortBuildRequestSenseIrb] 80647500
IAT \SystemRoot\System32\Drivers\ay2f65c0.SYS[ataport.SYS!AtaPortReadPortBufferUshort] 7500137B
IAT \SystemRoot\System32\Drivers\ay2f65c0.SYS[ataport.SYS!AtaPortInitialize] 157B805E
IAT \SystemRoot\System32\Drivers\ay2f65c0.SYS[ataport.SYS!AtaPortGetDeviceBase] 56587500
IAT \SystemRoot\System32\Drivers\ay2f65c0.SYS[ataport.SYS!AtaPortDeviceStateChange] 8008758B

---- User IAT/EAT - GMER 1.0.15 ----

IAT C:\Windows\system32\rundll32.exe[1788] @ C:\Windows\system32\USER32.dll [KERNEL32.dll!GetProcAddress] [754B5E25] C:\Windows\system32\apphelp.dll (Application Compatibility Client Library/Microsoft Corporation)
IAT C:\Windows\system32\rundll32.exe[1788] @ C:\Windows\system32\GDI32.dll [KERNEL32.dll!GetProcAddress] [754B5E25] C:\Windows\system32\apphelp.dll (Application Compatibility Client Library/Microsoft Corporation)
IAT C:\Windows\system32\rundll32.exe[1788] @ C:\Windows\system32\SHLWAPI.dll [KERNEL32.dll!GetProcAddress] [754B5E25] C:\Windows\system32\apphelp.dll (Application Compatibility Client Library/Microsoft Corporation)
IAT C:\Windows\system32\rundll32.exe[1788] @ C:\Windows\system32\ADVAPI32.dll [KERNEL32.dll!GetProcAddress] [754B5E25] C:\Windows\system32\apphelp.dll (Application Compatibility Client Library/Microsoft Corporation)
IAT C:\Windows\system32\rundll32.exe[1788] @ C:\Windows\system32\WININET.dll [KERNEL32.dll!GetProcAddress] [754B5E25] C:\Windows\system32\apphelp.dll (Application Compatibility Client Library/Microsoft Corporation)
IAT C:\Windows\system32\rundll32.exe[1788] @ C:\Windows\system32\CRYPT32.dll [KERNEL32.dll!GetProcAddress] [754B5E25] C:\Windows\system32\apphelp.dll (Application Compatibility Client Library/Microsoft Corporation)

---- Devices - GMER 1.0.15 ----

Device \FileSystem\Ntfs \Ntfs 84E761F8
Device \FileSystem\udfs \UdfsCdRom 86213500
Device \FileSystem\udfs \UdfsDisk 86213500
Device \Driver\volmgr \Device\VolMgrControl 84E711F8
Device \Driver\usbohci \Device\USBPDO-0 862871F8
Device \Driver\sptd \Device\2370490432 sprm.sys
Device \Driver\usbehci \Device\USBPDO-1 862881F8
Device \Driver\PCI_PNP2432 \Device\00000054 sprm.sys

AttachedDevice \Driver\tdx \Device\Tcp aswTdi.SYS (avast! TDI Filter Driver/AVAST Software)

Device \Driver\nvstor \Device\00000062 84E741F8
Device \Driver\volmgr \Device\HarddiskVolume1 84E711F8

AttachedDevice \Driver\volmgr \Device\HarddiskVolume1 fvevol.sys (BitLocker Drive Encryption Driver/Microsoft Corporation)
AttachedDevice \Driver\volmgr \Device\HarddiskVolume1 rdyboost.sys (ReadyBoost Driver/Microsoft Corporation)

Device \Driver\volmgr \Device\HarddiskVolume2 84E711F8

AttachedDevice \Driver\volmgr \Device\HarddiskVolume2 fvevol.sys (BitLocker Drive Encryption Driver/Microsoft Corporation)
AttachedDevice \Driver\volmgr \Device\HarddiskVolume2 rdyboost.sys (ReadyBoost Driver/Microsoft Corporation)

Device \Driver\cdrom \Device\CdRom0 861BF1F8
Device \Driver\atapi -> DriverStartIo \Device\Ide\IdePort0 8606C292
Device \Driver\atapi \Device\Ide\IdePort0 84E731F8
Device \Driver\atapi -> DriverStartIo \Device\Ide\IdePort1 8606C292
Device \Driver\atapi \Device\Ide\IdePort1 84E731F8
Device \Driver\atapi -> DriverStartIo \Device\Ide\IdePort2 8606C292
Device \Driver\atapi \Device\Ide\IdePort2 84E731F8
Device \Driver\atapi -> DriverStartIo \Device\Ide\IdePort3 8606C292
Device \Driver\atapi \Device\Ide\IdePort3 84E731F8
Device \Driver\cdrom \Device\CdRom1 861BF1F8
Device \Driver\cdrom \Device\CdRom2 861BF1F8
Device \Driver\NetBT \Device\NetBT_Tcpip_{C8105336-785B-4600-B336-72F2B37EF179} 86155500
Device \Driver\NetBT \Device\NetBt_Wins_Export 86155500
Device \Driver\ACPI_HAL \Device\0000004a halmacpi.dll (Hardware Abstraction Layer DLL/Microsoft Corporation)
Device \Driver\nvstor \Device\RaidPort0 84E741F8

AttachedDevice \Driver\tdx \Device\Udp aswTdi.SYS (avast! TDI Filter Driver/AVAST Software)

Device \Driver\nvstor \Device\RaidPort1 84E741F8
Device \Driver\nvstor \Device\RaidPort2 84E741F8
Device \Driver\usbohci \Device\USBFDO-0 862871F8
Device \Driver\usbehci \Device\USBFDO-1 862881F8
Device \Driver\NetBT \Device\NetBT_Tcpip_{AAC461CC-0B1A-473C-9375-12711DC1E862} 86155500
Device \Driver\ay2f65c0 \Device\Scsi\ay2f65c01Port7Path0Target0Lun0 861813F8
Device \Driver\ay2f65c0 \Device\Scsi\ay2f65c01 861813F8
Device \Driver\ay2f65c0 \Device\Scsi\ay2f65c01Port7Path0Target1Lun0 861813F8
Device \Device\Ide\IdeDeviceP0T1L0-7 -> \??\IDE#DiskST3300622A______________________________3.AAH___#5&25bf7624&0&0.1.0#{53f56307-b6bf-11d0-94f2-00a0c91efb8b} device not found

---- Registry - GMER 1.0.15 ----

Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg@s1 771343423
Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg@s2 285507792
Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg@h0 1
Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC
Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@p0 C:\Program Files\DAEMON Tools Lite\
Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@u0 0x00 0x00 0x00 0x00 ...
Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@h0 0
Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@hdf12 0x19 0x74 0xB1 0x7A ...
Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001
Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001@a0 0x20 0x01 0x00 0x00 ...
Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001@hdf12 0x4C 0xC0 0x04 0x27 ...
Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq0
Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq0@hdf12 0x6F 0x37 0xC2 0x08 ...
Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq1
Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq1@hdf12 0xF6 0x1A 0x65 0xA0 ...
Reg HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@p0 C:\Program Files\DAEMON Tools Lite\
Reg HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@u0 0x00 0x00 0x00 0x00 ...
Reg HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@h0 0
Reg HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@hdf12 0xBF 0x10 0x9C 0x42 ...
Reg HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001 (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001@a0 0x20 0x01 0x00 0x00 ...
Reg HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001@hdf12 0x4C 0xC0 0x04 0x27 ...
Reg HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq0 (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq0@hdf12 0x6F 0x37 0xC2 0x08 ...
Reg HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq1 (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq1@hdf12 0xF6 0x1A 0x65 0xA0 ...

---- EOF - GMER 1.0.15 ----

eerievon · Oct 30, 2010

DDS (Ver_10-10-21.02) - NTFSx86
Run by Jester at 13:16:45.14 on Sat 10/30/2010
Internet Explorer: 8.0.7600.16385 BrowserJavaVersion: 1.6.0_21
Microsoft Windows 7 Ultimate 6.1.7600.0.1252.1.1033.18.2046.1132 [GMT -5:00]

============== Running Processes ===============

C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\nvvsvc.exe
C:\Windows\system32\svchost.exe -k RPCSS
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k LocalService
C:\Program Files\NVIDIA Corporation\Display\NvXDSync.exe
C:\Windows\system32\nvvsvc.exe
C:\Windows\system32\svchost.exe -k NetworkService
C:\Program Files\Alwil Software\Avast5\AvastSvc.exe
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\taskeng.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Windows\system32\rundll32.exe
C:\Program Files\Common Files\LightScribe\LSSrvc.exe
C:\Program Files\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Program Files\Nero\Update\NASvc.exe
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\Windows\system32\SearchIndexer.exe
C:\Windows\system32\taskhost.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Program Files\Winamp\winampa.exe
C:\Program Files\Alwil Software\Avast5\AvastUI.exe
C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe
C:\Program Files\Common Files\Java\Java Update\jusched.exe
C:\Program Files\Razer\Imperator\RazerImperatorTray.exe
C:\Program Files\Nero\Nero 10\Nero BackItUp\NBAgent.exe
C:\Program Files\DAEMON Tools Lite\DTLite.exe
C:\Program Files\Stardock\CursorFX\CursorFX.exe
C:\Program Files\Pando Networks\Media Booster\PMB.exe
C:\Program Files\Common Files\LightScribe\LightScribeControlPanel.exe
C:\Windows\System32\svchost.exe -k LocalServicePeerNet
C:\Windows\system32\ctfmon.exe
C:\Windows\system32\AUDIODG.EXE
C:\Windows\system32\SearchProtocolHost.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Windows\system32\DllHost.exe
C:\Users\Jester\Desktop\dds.scr
C:\Windows\system32\conhost.exe
C:\Windows\system32\wbem\wmiprvse.exe

============== Pseudo HJT Report ===============

BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll
BHO: Groove GFS Browser Helper: {72853161-30c5-4d22-b7f9-0bbc1d38a37e} - c:\progra~1\micros~4\office12\GR469A~1.DLL
BHO: Ask Toolbar: {d4027c7f-154a-4066-a1ad-4243d8127440} - c:\program files\ask.com\GenericAskToolbar.dll
BHO: Java(tm) Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
TB: Ask Toolbar: {d4027c7f-154a-4066-a1ad-4243d8127440} - c:\program files\ask.com\GenericAskToolbar.dll
TB: DAEMON Tools Toolbar: {32099aac-c132-4136-9e9a-4e364a424e17} - c:\program files\daemon tools toolbar\DTToolbar.dll
uRun: [DAEMON Tools Lite] "c:\program files\daemon tools lite\DTLite.exe" -autorun
uRun: [Steam] "c:\program files\steam\steam.exe" -silent
uRun: [CursorFX] "c:\program files\stardock\cursorfx\CursorFX.exe"
uRun: [Pando Media Booster] c:\program files\pando networks\media booster\PMB.exe
uRun: [LightScribe Control Panel] c:\program files\common files\lightscribe\LightScribeControlPanel.exe -hidden
mRun: [WinampAgent] "c:\program files\winamp\winampa.exe"
mRun: [avast5] "c:\program files\alwil software\avast5\avastUI.exe" /nogui
mRun: [GrooveMonitor] "c:\program files\microsoft office\office12\GrooveMonitor.exe"
mRun: [SunJavaUpdateSched] "c:\program files\common files\java\java update\jusched.exe"
mRun: [QuickTime Task] "c:\program files\quicktime\QTTask.exe" -atboottime
mRun: [Razer Imperator Driver] c:\program files\razer\imperator\RazerImperatorTray.exe
mRun: [Adobe Reader Speed Launcher] "c:\program files\adobe\reader 9.0\reader\Reader_sl.exe"
mRun: [Adobe ARM] "c:\program files\common files\adobe\arm\1.0\AdobeARM.exe"
mRun: [NBAgent] "c:\program files\nero\nero 10\nero backitup\NBAgent.exe" /WinStart
mPolicies-system: ConsentPromptBehaviorAdmin = 0 (0x0)
mPolicies-system: ConsentPromptBehaviorUser = 3 (0x3)
mPolicies-system: EnableLUA = 0 (0x0)
mPolicies-system: EnableUIADesktopToggle = 0 (0x0)
mPolicies-system: PromptOnSecureDesktop = 0 (0x0)
mPolicies-system: EnableLinkedConnections = 1 (0x1)
IE: E&xport to Microsoft Excel - c:\progra~1\micros~4\office12\EXCEL.EXE/3000
IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - c:\progra~1\micros~4\office12\ONBttnIE.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~4\office12\REFIEBAR.DLL
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_21-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_21-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_21-windows-i586.cab
DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
Handler: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - c:\progra~1\micros~4\office12\GRA32A~1.DLL
SEH: Groove GFS Stub Execution Hook: {b5a7f190-dda6-4420-b3ba-52453494e6cd} - c:\progra~1\micros~4\office12\GR469A~1.DLL
mASetup: {10880D85-AAD9-4558-ABDC-2AB1552D831F} - "c:\program files\common files\lightscribe\LSRunOnce.exe"

================= FIREFOX ===================

FF - ProfilePath - c:\users\jester\appdata\roaming\mozilla\firefox\profiles\c990yxju.default\
FF - prefs.js: browser.startup.homepage - hxxp://www.google.com/ig
FF - component: c:\users\jester\appdata\roaming\mozilla\firefox\profiles\c990yxju.default\extensions\dttoolbar@toolbarnet.com\components\DTToolbarFF.dll
FF - plugin: c:\program files\java\jre6\bin\new_plugin\npdeployJava1.dll
FF - plugin: c:\program files\mozilla firefox\plugins\npwachk.dll
FF - plugin: c:\program files\nvidia corporation\3d vision\npnv3dv.dll
FF - plugin: c:\program files\nvidia corporation\3d vision\npnv3dvstreaming.dll
FF - plugin: c:\program files\pando networks\media booster\npPandoWebPlugin.dll
FF - plugin: c:\programdata\nexonus\ngm\npNxGameUS.dll
FF - HiddenExtension: Java Console: No Registry Reference - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}

---- FIREFOX POLICIES ----
c:\program files\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgbaam7a8h", true);
c:\program files\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--fiqz9s", true); // Traditional
c:\program files\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--fiqs8s", true); // Simplified
c:\program files\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--j6w193g", true);
c:\program files\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgberp4a5d4ar", true);
c:\program files\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgberp4a5d4a87g", true);
c:\program files\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgbqly7c0a67fbc", true);
c:\program files\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgbqly7cvafr", true);
c:\program files\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--kpry57d", true); // Traditional
c:\program files\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--kprw13d", true); // Simplified

============= SERVICES / DRIVERS ===============

R1 aswSP;aswSP;c:\windows\system32\drivers\aswSP.sys [2010-8-30 165584]
R2 aswFsBlk;aswFsBlk;c:\windows\system32\drivers\aswFsBlk.sys [2010-8-30 17744]
R2 aswMonFlt;aswMonFlt;c:\windows\system32\drivers\aswMonFlt.sys [2010-8-30 50768]
R2 avast! Antivirus;avast! Antivirus;c:\program files\alwil software\avast5\AvastSvc.exe [2010-9-11 40384]
R2 NAUpdate;Nero Update;c:\program files\nero\update\NASvc.exe [2010-3-25 490280]
R2 Stereo Service;NVIDIA Stereoscopic 3D Driver Service;c:\program files\nvidia corporation\3d vision\nvSCPAPISvr.exe [2010-9-10 369256]
R2 SVKP;SVKP;c:\windows\system32\SVKP.sys [2010-9-26 2368]
R3 SaiH8000;SaiH8000;c:\windows\system32\drivers\SaiH8000.sys [2008-4-4 136832]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\microsoft.net\framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
S3 athrusb;Atheros Wireless LAN USB device driver;c:\windows\system32\drivers\athrusb.sys [2010-8-26 904192]
S3 avast! Mail Scanner;avast! Mail Scanner;c:\program files\alwil software\avast5\AvastSvc.exe [2010-9-11 40384]
S3 avast! Web Scanner;avast! Web Scanner;c:\program files\alwil software\avast5\AvastSvc.exe [2010-9-11 40384]
S3 b57nd60x;Broadcom NetXtreme Gigabit Ethernet - NDIS 6.0;c:\windows\system32\drivers\b57nd60x.sys [2009-7-13 229888]
S3 WatAdminSvc;WatAdminSvc;c:\windows\system32\wat\WatAdminSvc.exe [2010-8-26 1343400]

=============== Created Last 30 ================

2010-10-30 17:32:40 -------- d-----w- c:\users\jester\appdata\roaming\Malwarebytes
2010-10-30 17:32:34 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2010-10-30 17:32:33 20952 ----a-w- c:\windows\system32\drivers\mbam.sys
2010-10-30 17:32:33 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2010-10-30 17:32:33 -------- d-----w- c:\progra~2\Malwarebytes
2010-10-28 11:11:00 -------- d-----w- c:\users\jester\appdata\roaming\Webroot
2010-10-28 08:37:25 -------- d-----w- c:\users\jester\appdata\local\AskToolbar
2010-10-28 07:27:22 331776 ----a-w- c:\users\jester\appdata\roaming\microsoft\deleteme.exe
2010-10-27 00:59:16 641536 ----a-w- c:\windows\system32\CPFilters.dll
2010-10-27 00:59:16 417792 ----a-w- c:\windows\system32\msdri.dll
2010-10-27 00:59:16 204288 ----a-w- c:\windows\system32\MSNP.ax
2010-10-27 00:59:16 199680 ----a-w- c:\windows\system32\mpg2splt.ax
2010-10-27 00:58:55 26504 ----a-w- c:\windows\system32\drivers\Diskdump.sys
2010-10-26 07:17:26 6146896 ----a-w- c:\progra~2\microsoft\windows defender\definition updates\{57d98d58-4220-426d-9f87-dc8c5be469bc}\mpengine.dll
2010-10-25 17:31:19 -------- d-----w- c:\users\jester\appdata\local\LucasArts
2010-10-23 08:00:32 -------- d-----w- c:\program files\MSXML 4.0
2010-10-23 00:57:28 -------- d-----w- c:\progra~2\LightScribe
2010-10-23 00:46:57 -------- d-----w- c:\progra~2\Nero
2010-10-23 00:46:19 -------- d-----w- c:\program files\Nero
2010-10-23 00:41:17 -------- d-----w- c:\program files\Ask.com
2010-10-22 05:01:19 -------- d-----w- c:\users\jester\appdata\local\FalloutNV
2010-10-12 23:49:14 4247040 ----a-w- c:\program files\windows nt\accessories\wordpad.exe
2010-10-12 23:49:14 1413632 ----a-w- c:\windows\system32\ole32.dll
2010-10-12 23:48:44 109056 ----a-w- c:\windows\system32\t2embed.dll
2010-10-12 23:48:42 224256 ----a-w- c:\windows\system32\schannel.dll
2010-10-12 23:48:41 530432 ----a-w- c:\windows\system32\comctl32.dll
2010-10-12 23:48:38 954752 ----a-w- c:\windows\system32\mfc40.dll
2010-10-12 23:48:38 954288 ----a-w- c:\windows\system32\mfc40u.dll
2010-10-12 23:47:35 164864 ----a-w- c:\program files\windows media player\wmplayer.exe
2010-10-12 23:47:35 12625408 ----a-w- c:\windows\system32\wmploc.DLL
2010-10-12 23:47:18 2327552 ----a-w- c:\windows\system32\win32k.sys
2010-10-12 23:47:15 310784 ----a-w- c:\windows\system32\drivers\srv.sys
2010-10-12 23:47:15 308736 ----a-w- c:\windows\system32\drivers\srv2.sys
2010-10-12 23:47:15 168448 ----a-w- c:\windows\system32\srvsvc.dll
2010-10-12 23:47:15 113664 ----a-w- c:\windows\system32\drivers\srvnet.sys
2010-10-12 23:43:38 738816 ----a-w- c:\windows\system32\wmpmde.dll
2010-10-12 23:43:37 363520 ----a-w- c:\windows\system32\StructuredQuery.dll
2010-10-10 02:36:25 -------- d-----w- c:\users\jester\appdata\local\Focus
2010-10-10 02:36:04 189952 ----a-w- c:\windows\system32\Focus.scr
2010-10-10 02:28:32 -------- d-----w- c:\windows\system32\EWS
2010-10-10 02:26:18 2106368 ----a-w- c:\windows\system32\radarss.scr
2010-10-10 02:26:18 -------- d-----w- c:\program files\Radar Screensaver
2010-10-08 04:35:49 -------- d-----w- c:\users\jester\appdata\local\SKIDROW
2010-10-05 18:02:08 -------- d-----w- c:\progra~2\Nexon
2010-10-05 17:59:14 -------- d-----w- c:\program files\BandiMPEG1
2010-10-05 17:53:07 -------- d-----w- c:\progra~2\NexonUS
2010-10-03 15:06:35 -------- d-----w- c:\program files\Darksiders
2010-10-03 03:45:37 -------- d-----w- c:\users\jester\appdata\local\Darksiders
2010-10-03 03:41:06 -------- d-----w- c:\program files\RegCleaner

==================== Find3M ====================

2010-10-19 16:41:44 222080 ------w- c:\windows\system32\MpSigStub.exe
2010-09-26 18:02:57 2368 ----a-w- c:\windows\system32\SVKP.sys
2010-09-11 16:07:02 423656 ----a-w- c:\windows\system32\deployJava1.dll
2010-09-11 06:46:00 887912 ----a-w- c:\windows\system32\nvdispco322050.dll
2010-09-11 06:46:00 813672 ----a-w- c:\windows\system32\nvgenco322030.dll
2010-09-11 06:46:00 57960 ----a-w- c:\windows\system32\OpenCL.dll
2010-09-11 06:46:00 5399656 ----a-w- c:\windows\system32\nvwgf2um.dll
2010-09-11 06:46:00 4836456 ----a-w- c:\windows\system32\nvcuda.dll
2010-09-11 06:46:00 319080 ----a-w- c:\windows\system32\nvdecodemft.dll
2010-09-11 06:46:00 2912360 ----a-w- c:\windows\system32\nvcuvid.dll
2010-09-11 06:46:00 2666600 ----a-w- c:\windows\system32\nvcuvenc.dll
2010-09-11 06:46:00 1718376 ----a-w- c:\windows\system32\nvapi.dll
2010-09-11 06:46:00 14899816 ----a-w- c:\windows\system32\nvoglv32.dll
2010-09-11 06:46:00 13019752 ----a-w- c:\windows\system32\nvcompiler.dll
2010-09-11 06:46:00 10022504 ----a-w- c:\windows\system32\nvd3dum.dll
2010-09-11 05:02:38 600680 ----a-w- c:\windows\system32\nvvsvc.exe
2010-09-11 05:02:38 110696 ----a-w- c:\windows\system32\nvmctray.dll
2010-09-11 05:02:36 66664 ----a-w- c:\windows\system32\nvshext.dll
2010-09-11 05:02:34 3359848 ----a-w- c:\windows\system32\nvcpl.dll
2010-09-11 05:02:30 2065512 ----a-w- c:\windows\system32\nvsvc.dll
2010-09-10 15:20:32 444952 ----a-w- c:\windows\system32\wrap_oal.dll
2010-09-10 15:20:32 109080 ----a-w- c:\windows\system32\OpenAL32.dll
2010-09-08 16:17:46 94208 ----a-w- c:\windows\system32\QuickTimeVR.qtx
2010-09-08 16:17:46 69632 ----a-w- c:\windows\system32\QuickTime.qts
2010-09-08 04:30:04 978432 ----a-w- c:\windows\system32\wininet.dll
2010-09-08 04:28:15 44544 ----a-w- c:\windows\system32\licmgr10.dll
2010-09-08 03:22:31 386048 ----a-w- c:\windows\system32\html.iec
2010-09-08 02:48:16 1638912 ----a-w- c:\windows\system32\mshtml.tlb
2010-09-07 19:15:26 396672 ----a-w- c:\windows\system32\RzMwApiD.dll
2010-09-07 15:12:17 38848 ----a-w- c:\windows\avastSS.scr
2010-08-29 05:39:32 111960 ----a-w- c:\windows\dxsdkuninst.exe
2010-08-27 04:27:45 409088 ----a-w- c:\windows\system32\systemcpl.dll
2010-08-27 04:27:45 13824 ----a-w- c:\windows\system32\slwga.dll
2010-08-27 04:27:15 811520 ----a-w- c:\windows\system32\user32.dll
2010-08-21 05:32:37 316928 ----a-w- c:\windows\system32\spoolsv.exe

============= FINISH: 13:17:13.82 ===============

eerievon · Oct 30, 2010

DDS (Ver_10-10-21.02)

Microsoft Windows 7 Ultimate
Boot Device: \Device\HarddiskVolume1
Install Date: 8/26/2010 10:15:52 PM
System Uptime: 10/30/2010 12:40:31 PM (1 hours ago)

Motherboard: ASUSTeK Computer INC. | | M2N-SLI DELUXE
Processor: AMD Athlon(tm) 64 X2 Dual Core Processor 6400+ | Socket AM2 | 3214/200mhz

==== Disk Partitions =========================

C: is FIXED (NTFS) - 279 GiB total, 30.417 GiB free.
D: is CDROM (UDF)
E: is CDROM ()
F: is CDROM ()

==== Disabled Device Manager Items =============

==== System Restore Points ===================

No restore point in system.

==== Installed Programs ======================

µTorrent
Adobe Flash Player 10 ActiveX
Adobe Flash Player 10 Plugin
Adobe Reader 9.4.0
Apple Application Support
Apple Software Update
Ask Toolbar
avast! Free Antivirus
Bandisoft MPEG-1 Decoder
ClassicPro© v1.14
Comical 0.8
ComicRack v0.9.130
CursorFX
DAEMON Tools Toolbar
Dark Messiah Might and Magic Single Player
Dead Rising 2
Deus Ex: Game of the Year Edition
DH Driver Cleaner Professional Edition
Fallout 3
Fallout New Vegas
Gothic II
Half-Life 2
High-Definition Video Playback 10
Java Auto Updater
Java(TM) 6 Update 21
Launchpad Enhanced
League of Legends
LightScribe System Software
Mafia 2
Malwarebytes' Anti-Malware
Microsoft .NET Framework 4 Client Profile
Microsoft .NET Framework 4 Extended
Microsoft DirectX SDK (June 2010)
Microsoft Games for Windows - LIVE
Microsoft Games for Windows - LIVE Redistributable
Microsoft Office Access MUI (English) 2007
Microsoft Office Access Setup Metadata MUI (English) 2007
Microsoft Office Enterprise 2007
Microsoft Office Excel MUI (English) 2007
Microsoft Office Groove MUI (English) 2007
Microsoft Office Groove Setup Metadata MUI (English) 2007
Microsoft Office InfoPath MUI (English) 2007
Microsoft Office OneNote MUI (English) 2007
Microsoft Office Outlook MUI (English) 2007
Microsoft Office PowerPoint MUI (English) 2007
Microsoft Office Proof (English) 2007
Microsoft Office Proof (French) 2007
Microsoft Office Proof (Spanish) 2007
Microsoft Office Proofing (English) 2007
Microsoft Office Publisher MUI (English) 2007
Microsoft Office Shared MUI (English) 2007
Microsoft Office Shared Setup Metadata MUI (English) 2007
Microsoft Office Word MUI (English) 2007
Microsoft Primary Interoperability Assemblies 2005
Microsoft Visual C++ 2005 Redistributable
Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
Microsoft Visual C++ 2010 x86 Redistributable - 10.0.30319
Mozilla Firefox (3.6.12)
MSXML 4.0 SP2 (KB954430)
MSXML 4.0 SP2 (KB973688)
Nero 10 Menu TemplatePack Basic
Nero 10 Movie ThemePack Basic
Nero BackItUp 10
Nero BackItUp 10 Help (CHM)
Nero Burning ROM 10
Nero BurningROM 10 Help (CHM)
Nero BurnRights 10
Nero BurnRights 10 Help (CHM)
Nero Control Center 10
Nero ControlCenter 10 Help (CHM)
Nero Core Components 10
Nero CoverDesigner 10
Nero CoverDesigner 10 Help (CHM)
Nero DiscCopy Gadget 10
Nero DiscCopyGadget 10 Help (CHM)
Nero DiscSpeed 10
Nero DiscSpeed 10 Help (CHM)
Nero Dolby Files 10
Nero Express 10
Nero Express 10 Help (CHM)
Nero InfoTool 10
Nero InfoTool 10 Help (CHM)
Nero MediaHub 10
Nero MediaHub 10 Help (CHM)
Nero Multimedia Suite 10
Nero Recode 10
Nero Recode 10 Help (CHM)
Nero RescueAgent 10
Nero RescueAgent 10 Help (CHM)
Nero SoundTrax 10
Nero SoundTrax 10 Help (CHM)
Nero StartSmart 10
Nero StartSmart 10 Help (CHM)
Nero Update
Nero Vision 10
Nero Vision 10 Help (CHM)
Nero WaveEditor 10
Nero WaveEditor 10 Help (CHM)
NVIDIA 3D Vision Driver 260.63
NVIDIA Control Panel 260.63
NVIDIA Graphics Driver 260.63
NVIDIA Install Application
NVIDIA PhysX
NVIDIA PhysX System Software 9.10.0514
NVIDIA Stereoscopic 3D Driver
OpenAL
oZone3D.Net FurMark v1.6.5
Pando Media Booster
QuickTime
Razer Imperator
Red Faction: Guerrilla
Security Update for Microsoft .NET Framework 4 Extended (KB2416472)
Star Wars Galaxies
Star Wars: The Force Unleashed 2
StarCraft II
Steam
Tron 2.0
Vindictus
VLC media player 1.1.4
Warhammer® 40,000™: Dawn of War® II
Winamp
Winamp Detector Plug-in
WinRAR archiver

==== Event Viewer Messages From Past Week ========

10/30/2010 12:39:48 PM, Error: Service Control Manager [7031] - The Windows Update service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 60000 milliseconds: Restart the service.
10/30/2010 12:39:48 PM, Error: Service Control Manager [7031] - The Windows Management Instrumentation service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 120000 milliseconds: Restart the service.
10/30/2010 12:39:48 PM, Error: Service Control Manager [7031] - The User Profile Service service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 120000 milliseconds: Restart the service.
10/30/2010 12:39:48 PM, Error: Service Control Manager [7031] - The Themes service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 60000 milliseconds: Restart the service.
10/30/2010 12:39:48 PM, Error: Service Control Manager [7031] - The Task Scheduler service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 60000 milliseconds: Restart the service.
10/30/2010 12:39:48 PM, Error: Service Control Manager [7031] - The System Event Notification Service service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 120000 milliseconds: Restart the service.
10/30/2010 12:39:48 PM, Error: Service Control Manager [7031] - The Shell Hardware Detection service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 60000 milliseconds: Restart the service.
10/30/2010 12:39:48 PM, Error: Service Control Manager [7031] - The Server service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 60000 milliseconds: Restart the service.
10/30/2010 12:39:48 PM, Error: Service Control Manager [7031] - The Multimedia Class Scheduler service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 120000 milliseconds: Restart the service.
10/30/2010 12:39:48 PM, Error: Service Control Manager [7031] - The IP Helper service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 120000 milliseconds: Restart the service.
10/30/2010 12:39:48 PM, Error: Service Control Manager [7031] - The Group Policy Client service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 120000 milliseconds: Restart the service.
10/30/2010 12:39:48 PM, Error: Service Control Manager [7031] - The Extensible Authentication Protocol service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 120000 milliseconds: Restart the service.
10/30/2010 12:39:48 PM, Error: Service Control Manager [7031] - The Computer Browser service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 120000 milliseconds: Restart the service.
10/30/2010 12:39:48 PM, Error: Service Control Manager [7031] - The Background Intelligent Transfer Service service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 60000 milliseconds: Restart the service.
10/30/2010 12:39:48 PM, Error: Service Control Manager [7031] - The Application Experience service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 60000 milliseconds: Restart the service.
10/30/2010 12:18:31 PM, Error: Service Control Manager [7034] - The NVIDIA Driver Helper Service service terminated unexpectedly. It has done this 1 time(s).
10/28/2010 9:51:45 PM, Error: Service Control Manager [7011] - A timeout (30000 milliseconds) was reached while waiting for a transaction response from the SENS service.
10/28/2010 9:51:45 PM, Error: Service Control Manager [7000] - The System Event Notification Service service failed to start due to the following error: The service did not respond to the start or control request in a timely fashion.
10/28/2010 9:50:45 PM, Error: Service Control Manager [7001] - The IP Helper service depends on the Windows Management Instrumentation service which failed to start because of the following error: The service did not respond to the start or control request in a timely fashion.
10/28/2010 9:49:45 PM, Error: Service Control Manager [7011] - A timeout (30000 milliseconds) was reached while waiting for a transaction response from the ProfSvc service.
10/28/2010 9:49:45 PM, Error: Service Control Manager [7000] - The User Profile Service service failed to start due to the following error: The service did not respond to the start or control request in a timely fashion.
10/28/2010 9:47:25 PM, Error: Service Control Manager [7011] - A timeout (30000 milliseconds) was reached while waiting for a transaction response from the gpsvc service.
10/28/2010 9:47:25 PM, Error: Service Control Manager [7000] - The Group Policy Client service failed to start due to the following error: The service did not respond to the start or control request in a timely fashion.
10/28/2010 9:46:55 PM, Error: Service Control Manager [7011] - A timeout (30000 milliseconds) was reached while waiting for a transaction response from the EapHost service.
10/28/2010 9:46:55 PM, Error: Service Control Manager [7000] - The Extensible Authentication Protocol service failed to start due to the following error: The service did not respond to the start or control request in a timely fashion.
10/28/2010 9:44:35 PM, Error: Service Control Manager [7011] - A timeout (30000 milliseconds) was reached while waiting for a transaction response from the wuauserv service.
10/28/2010 9:44:35 PM, Error: Service Control Manager [7000] - The Windows Update service failed to start due to the following error: The service did not respond to the start or control request in a timely fashion.
10/28/2010 9:44:05 PM, Error: Service Control Manager [7011] - A timeout (30000 milliseconds) was reached while waiting for a transaction response from the Schedule service.
10/28/2010 9:44:05 PM, Error: Service Control Manager [7000] - The Task Scheduler service failed to start due to the following error: The service did not respond to the start or control request in a timely fashion.
10/28/2010 9:43:35 PM, Error: Service Control Manager [7011] - A timeout (30000 milliseconds) was reached while waiting for a transaction response from the ShellHWDetection service.
10/28/2010 9:43:05 PM, Error: Service Control Manager [7011] - A timeout (30000 milliseconds) was reached while waiting for a transaction response from the Themes service.
10/28/2010 9:43:05 PM, Error: Service Control Manager [7000] - The Themes service failed to start due to the following error: The service did not respond to the start or control request in a timely fashion.
10/28/2010 9:42:35 PM, Error: Service Control Manager [7032] - The Service Control Manager tried to take a corrective action (Restart the service) after the unexpected termination of the Server service, but this action failed with the following error: An instance of the service is already running.
10/28/2010 9:42:05 PM, Error: Service Control Manager [7011] - A timeout (30000 milliseconds) was reached while waiting for a transaction response from the BITS service.
10/28/2010 9:42:05 PM, Error: Service Control Manager [7000] - The Background Intelligent Transfer Service service failed to start due to the following error: The service did not respond to the start or control request in a timely fashion.
10/28/2010 9:28:14 PM, Error: VDS Basic Provider [1] - Unexpected failure. Error code: 490@01010004
10/28/2010 9:00:49 PM, Error: Microsoft-Windows-WER-SystemErrorReporting [1001] - The computer has rebooted from a bugcheck. The bugcheck was: 0x0000007e (0xc0000005, 0x82b092f1, 0x9d3eb750, 0x9d3eb330). A dump was saved in: C:\Windows\MEMORY.DMP. Report Id: 102810-30685-01.
10/28/2010 8:57:24 PM, Error: Microsoft-Windows-WER-SystemErrorReporting [1001] - The computer has rebooted from a bugcheck. The bugcheck was: 0x0000007e (0xc0000005, 0x82afa2f1, 0x8af17750, 0x8af17330). A dump was saved in: C:\Windows\MEMORY.DMP. Report Id: 102810-36738-01.
10/28/2010 7:30:32 AM, Error: Service Control Manager [7032] - The Service Control Manager tried to take a corrective action (Restart the service) after the unexpected termination of the Windows Management Instrumentation service, but this action failed with the following error: An instance of the service is already running.
10/28/2010 7:30:32 AM, Error: Service Control Manager [7032] - The Service Control Manager tried to take a corrective action (Restart the service) after the unexpected termination of the Computer Browser service, but this action failed with the following error: An instance of the service is already running.
10/28/2010 5:50:54 AM, Error: Microsoft-Windows-WER-SystemErrorReporting [1001] - The computer has rebooted from a bugcheck. The bugcheck was: 0x0000007e (0xc0000005, 0x00000001, 0x8af23c3c, 0x8af23820). A dump was saved in: C:\Windows\MEMORY.DMP. Report Id: 102810-37034-01.
10/28/2010 5:28:16 PM, Error: Microsoft-Windows-WER-SystemErrorReporting [1001] - The computer has rebooted from a bugcheck. The bugcheck was: 0x0000000a (0xffb927bc, 0x00000002, 0x00000001, 0x82aac784). A dump was saved in: C:\Windows\MEMORY.DMP. Report Id: 102810-26130-01.
10/28/2010 4:32:23 PM, Error: Service Control Manager [7043] - The Group Policy Client service did not shut down properly after receiving a preshutdown control.
10/28/2010 3:35:22 AM, Error: Service Control Manager [7000] - The Diagnostic System Host service failed to start due to the following error: The client of a component requested an operation which is not valid given the state of the component instance.
10/28/2010 3:32:01 AM, Error: Service Control Manager [7000] - The WinHTTP Web Proxy Auto-Discovery Service service failed to start due to the following error: The client of a component requested an operation which is not valid given the state of the component instance.
10/28/2010 3:21:35 AM, Error: Service Control Manager [7000] - The Application Experience service failed to start due to the following error: The client of a component requested an operation which is not valid given the state of the component instance.
10/28/2010 11:08:28 PM, Error: Service Control Manager [7001] - The Network List Service service depends on the Network Location Awareness service which failed to start because of the following error: The dependency service or group failed to start.
10/28/2010 11:06:08 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service WSearch with arguments "" in order to run the server: {9E175B6D-F52A-11D8-B9A5-505054503030}
10/28/2010 11:06:08 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service WSearch with arguments "" in order to run the server: {7D096C5F-AC08-4F1F-BEB7-5C22C517CE39}
10/28/2010 11:06:08 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1068" attempting to start the service netprofm with arguments "" in order to run the server: {A47979D2-C419-11D9-A5B4-001185AD2B89}
10/28/2010 11:06:08 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1068" attempting to start the service netman with arguments "" in order to run the server: {BA126AD1-2166-11D1-B1D0-00805FC1270E}
10/28/2010 11:06:07 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service EventSystem with arguments "" in order to run the server: {1BE1F766-5536-11D1-B726-00C04FB926AF}
10/28/2010 11:06:01 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service ShellHWDetection with arguments "" in order to run the server: {DD522ACC-F821-461A-A407-50B198B896DC}
10/28/2010 11:05:12 PM, Error: Service Control Manager [7026] - The following boot-start or system-start driver(s) failed to load: AFD aswRdr aswSP aswTdi CSC DfsC discache NetBIOS NetBT nsiproxy Psched rdbss spldr sptd tdx Wanarpv6 WfpLwf
10/28/2010 11:05:12 PM, Error: Service Control Manager [7001] - The Workstation service depends on the Network Store Interface Service service which failed to start because of the following error: The dependency service or group failed to start.
10/28/2010 11:05:12 PM, Error: Service Control Manager [7001] - The TCP/IP NetBIOS Helper service depends on the Ancillary Function Driver for Winsock service which failed to start because of the following error: A device attached to the system is not functioning.
10/28/2010 11:05:12 PM, Error: Service Control Manager [7001] - The SMB MiniRedirector Wrapper and Engine service depends on the Redirected Buffering Sub Sysytem service which failed to start because of the following error: A device attached to the system is not functioning.
10/28/2010 11:05:12 PM, Error: Service Control Manager [7001] - The SMB 2.0 MiniRedirector service depends on the SMB MiniRedirector Wrapper and Engine service which failed to start because of the following error: The dependency service or group failed to start.
10/28/2010 11:05:12 PM, Error: Service Control Manager [7001] - The SMB 1.x MiniRedirector service depends on the SMB MiniRedirector Wrapper and Engine service which failed to start because of the following error: The dependency service or group failed to start.
10/28/2010 11:05:12 PM, Error: Service Control Manager [7001] - The Network Store Interface Service service depends on the NSI proxy service driver. service which failed to start because of the following error: A device attached to the system is not functioning.
10/28/2010 11:05:12 PM, Error: Service Control Manager [7001] - The Network Location Awareness service depends on the Network Store Interface Service service which failed to start because of the following error: The dependency service or group failed to start.
10/28/2010 11:05:12 PM, Error: Service Control Manager [7001] - The IP Helper service depends on the Network Store Interface Service service which failed to start because of the following error: The dependency service or group failed to start.
10/28/2010 11:05:12 PM, Error: Service Control Manager [7001] - The DNS Client service depends on the NetIO Legacy TDI Support Driver service which failed to start because of the following error: A device attached to the system is not functioning.
10/28/2010 11:05:12 PM, Error: Service Control Manager [7001] - The DHCP Client service depends on the Ancillary Function Driver for Winsock service which failed to start because of the following error: A device attached to the system is not functioning.
10/28/2010 11:04:49 PM, Error: sptd [4] - Driver detected an internal error in its data structures for .
10/28/2010 10:54:35 PM, Error: Service Control Manager [7011] - A timeout (30000 milliseconds) was reached while waiting for a transaction response from the MMCSS service.
10/28/2010 10:54:35 PM, Error: Service Control Manager [7000] - The Multimedia Class Scheduler service failed to start due to the following error: The service did not respond to the start or control request in a timely fashion.
10/28/2010 10:53:05 PM, Error: Service Control Manager [7011] - A timeout (30000 milliseconds) was reached while waiting for a transaction response from the AeLookupSvc service.
10/28/2010 10:53:05 PM, Error: Service Control Manager [7000] - The Application Experience service failed to start due to the following error: The service did not respond to the start or control request in a timely fashion.
10/28/2010 10:52:35 PM, Error: Service Control Manager [7022] - The Server service hung on starting.
10/28/2010 10:52:35 PM, Error: Service Control Manager [7001] - The Computer Browser service depends on the Server service which failed to start because of the following error: After starting, the service hung in a start-pending state.
10/28/2010 10:12:25 PM, Error: Service Control Manager [7011] - A timeout (30000 milliseconds) was reached while waiting for a transaction response from the Winmgmt service.
10/28/2010 10:12:25 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1053" attempting to start the service winmgmt with arguments "" in order to run the server: {8BC3F05E-D86B-11D0-A075-00C04FB68820}
10/27/2010 3:01:17 AM, Error: Microsoft-Windows-WindowsUpdateClient [20] - Installation Failure: Windows failed to install the following update with error 0x80080005: Update for Windows 7 (KB2249857).
10/27/2010 1:57:13 AM, Error: volsnap [36] - The shadow copies of volume C: were aborted because the shadow copy storage could not grow due to a user imposed limit.

==== End Of File ===========================

Broni · Oct 30, 2010

Welcome aboard

Download TDSSKiller and save it to your desktop.

Extract (unzip) its contents to your desktop.
Open the TDSSKiller folder and doubleclick on TDSSKiller.exe to run the application, then on Start Scan.
If an infected file is detected, the default action will be Cure, click on Continue.
If a suspicious file is detected, the default action will be Skip, click on Continue.
It may ask you to reboot the computer to complete the process. Click on Reboot Now.
If no reboot is require, click on Report. A log file should appear. Please copy and paste the contents of that file here.
If a reboot is required, the report can also be found in your root directory (usually C:\ folder) in the form of TDSSKiller_xxxx_log.txt. Please copy and paste the contents of that file here.

====================================================================

Download MBRCheck to your desktop

Double click MBRCheck.exe to run (Vista and Windows 7 users, right click and select Run as Administrator).
It will show a black screen with some data on it.
Enter N to exit.
A report called MBRcheckxxxx.txt will be on your desktop
Open this report and post its content in your next reply.

eerievon · Oct 30, 2010

TDSS and MBR logs

Hiyas Broni and thanks for the quick reply
here's the logs

2010/10/30 17:42:41.0167 TDSS rootkit removing tool 2.4.5.1 Oct 26 2010 11:28:49
2010/10/30 17:42:41.0167 ================================================================================
2010/10/30 17:42:41.0167 SystemInfo:
2010/10/30 17:42:41.0167
2010/10/30 17:42:41.0167 OS Version: 6.1.7600 ServicePack: 0.0
2010/10/30 17:42:41.0167 Product type: Workstation
2010/10/30 17:42:41.0167 ComputerName: JESTERS-TOY
2010/10/30 17:42:41.0168 UserName: Jester
2010/10/30 17:42:41.0168 Windows directory: C:\Windows
2010/10/30 17:42:41.0168 System windows directory: C:\Windows
2010/10/30 17:42:41.0168 Processor architecture: Intel x86
2010/10/30 17:42:41.0168 Number of processors: 2
2010/10/30 17:42:41.0168 Page size: 0x1000
2010/10/30 17:42:41.0168 Boot type: Normal boot
2010/10/30 17:42:41.0168 ================================================================================
2010/10/30 17:42:45.0013 Initialize success
2010/10/30 17:42:56.0946 ================================================================================
2010/10/30 17:42:56.0946 Scan started
2010/10/30 17:42:56.0946 Mode: Manual;
2010/10/30 17:42:56.0946 ================================================================================
2010/10/30 17:42:57.0931 1394ohci (6d2aca41739bfe8cb86ee8e85f29697d) C:\Windows\system32\DRIVERS\1394ohci.sys
2010/10/30 17:42:57.0968 ACPI (f0e07d144c8685b8774bc32fc8da4df0) C:\Windows\system32\DRIVERS\ACPI.sys
2010/10/30 17:42:58.0011 AcpiPmi (98d81ca942d19f7d9153b095162ac013) C:\Windows\system32\DRIVERS\acpipmi.sys
2010/10/30 17:42:58.0054 adp94xx (21e785ebd7dc90a06391141aac7892fb) C:\Windows\system32\DRIVERS\adp94xx.sys
2010/10/30 17:42:58.0102 adpahci (0c676bc278d5b59ff5abd57bbe9123f2) C:\Windows\system32\DRIVERS\adpahci.sys
2010/10/30 17:42:58.0144 adpu320 (7c7b5ee4b7b822ec85321fe23a27db33) C:\Windows\system32\DRIVERS\adpu320.sys
2010/10/30 17:42:58.0214 AFD (ddc040fdb01ef1712a6b13e52afb104c) C:\Windows\system32\drivers\afd.sys
2010/10/30 17:42:58.0250 agp440 (507812c3054c21cef746b6ee3d04dd6e) C:\Windows\system32\DRIVERS\agp440.sys
2010/10/30 17:42:58.0313 aic78xx (8b30250d573a8f6b4bd23195160d8707) C:\Windows\system32\DRIVERS\djsvs.sys
2010/10/30 17:42:58.0357 aliide (0d40bcf52ea90fc7df2aeab6503dea44) C:\Windows\system32\DRIVERS\aliide.sys
2010/10/30 17:42:58.0389 amdagp (3c6600a0696e90a463771c7422e23ab5) C:\Windows\system32\DRIVERS\amdagp.sys
2010/10/30 17:42:58.0434 amdide (cd5914170297126b6266860198d1d4f0) C:\Windows\system32\DRIVERS\amdide.sys
2010/10/30 17:42:58.0489 AmdK8 (00dda200d71bac534bf56a9db5dfd666) C:\Windows\system32\DRIVERS\amdk8.sys
2010/10/30 17:42:58.0527 AmdPPM (3cbf30f5370fda40dd3e87df38ea53b6) C:\Windows\system32\DRIVERS\amdppm.sys
2010/10/30 17:42:58.0564 amdsata (2101a86c25c154f8314b24ef49d7fbc2) C:\Windows\system32\DRIVERS\amdsata.sys
2010/10/30 17:42:58.0607 amdsbs (ea43af0c423ff267355f74e7a53bdaba) C:\Windows\system32\DRIVERS\amdsbs.sys
2010/10/30 17:42:58.0643 amdxata (b81c2b5616f6420a9941ea093a92b150) C:\Windows\system32\DRIVERS\amdxata.sys
2010/10/30 17:42:58.0697 AppID (feb834c02ce1e84b6a38f953ca067706) C:\Windows\system32\drivers\appid.sys
2010/10/30 17:42:58.0757 arc (2932004f49677bd84dbc72edb754ffb3) C:\Windows\system32\DRIVERS\arc.sys
2010/10/30 17:42:58.0804 arcsas (5d6f36c46fd283ae1b57bd2e9feb0bc7) C:\Windows\system32\DRIVERS\arcsas.sys
2010/10/30 17:42:58.0904 aswFsBlk (a0d86b8ac93ef95620420c7a24ac5344) C:\Windows\system32\drivers\aswFsBlk.sys
2010/10/30 17:42:58.0989 aswMonFlt (bd9119468c32b7ecd1e0544d3f286a73) C:\Windows\system32\drivers\aswMonFlt.sys
2010/10/30 17:42:59.0064 aswRdr (69823954bbd461a73d69774928c9737e) C:\Windows\system32\drivers\aswRdr.sys
2010/10/30 17:42:59.0096 aswSP (7ecc2776638b04553f9a85bd684c3abf) C:\Windows\system32\drivers\aswSP.sys
2010/10/30 17:42:59.0141 aswTdi (095ed820a926aa8189180b305e1bcfc9) C:\Windows\system32\drivers\aswTdi.sys
2010/10/30 17:42:59.0192 AsyncMac (add2ade1c2b285ab8378d2daaf991481) C:\Windows\system32\DRIVERS\asyncmac.sys
2010/10/30 17:42:59.0228 atapi (338c86357871c167a96ab976519bf59e) C:\Windows\system32\DRIVERS\atapi.sys
2010/10/30 17:42:59.0291 athrusb (44fa26470d4c8123ccf71f4200b782d3) C:\Windows\system32\DRIVERS\athrusb.sys
2010/10/30 17:42:59.0400 b06bdrv (1a231abec60fd316ec54c66715543cec) C:\Windows\system32\DRIVERS\bxvbdx.sys
2010/10/30 17:42:59.0461 b57nd60x (bd8869eb9cde6bbe4508d869929869ee) C:\Windows\system32\DRIVERS\b57nd60x.sys
2010/10/30 17:42:59.0516 Beep (505506526a9d467307b3c393dedaf858) C:\Windows\system32\drivers\Beep.sys
2010/10/30 17:42:59.0553 blbdrive (2287078ed48fcfc477b05b20cf38f36f) C:\Windows\system32\DRIVERS\blbdrive.sys
2010/10/30 17:42:59.0583 bowser (fcafaef6798d7b51ff029f99a9898961) C:\Windows\system32\DRIVERS\bowser.sys
2010/10/30 17:42:59.0621 BrFiltLo (9f9acc7f7ccde8a15c282d3f88b43309) C:\Windows\system32\DRIVERS\BrFiltLo.sys
2010/10/30 17:42:59.0668 BrFiltUp (56801ad62213a41f6497f96dee83755a) C:\Windows\system32\DRIVERS\BrFiltUp.sys
2010/10/30 17:42:59.0722 Brserid (845b8ce732e67f3b4133164868c666ea) C:\Windows\System32\Drivers\Brserid.sys
2010/10/30 17:42:59.0765 BrSerWdm (203f0b1e73adadbbb7b7b1fabd901f6b) C:\Windows\System32\Drivers\BrSerWdm.sys
2010/10/30 17:42:59.0808 BrUsbMdm (bd456606156ba17e60a04e18016ae54b) C:\Windows\System32\Drivers\BrUsbMdm.sys
2010/10/30 17:42:59.0844 BrUsbSer (af72ed54503f717a43268b3cc5faec2e) C:\Windows\System32\Drivers\BrUsbSer.sys
2010/10/30 17:42:59.0878 BTHMODEM (ed3df7c56ce0084eb2034432fc56565a) C:\Windows\system32\DRIVERS\bthmodem.sys
2010/10/30 17:42:59.0934 cdfs (77ea11b065e0a8ab902d78145ca51e10) C:\Windows\system32\DRIVERS\cdfs.sys
2010/10/30 17:42:59.0995 cdrom (ba6e70aa0e6091bc39de29477d866a77) C:\Windows\system32\DRIVERS\cdrom.sys
2010/10/30 17:43:00.0043 circlass (3fe3fe94a34df6fb06e6418d0f6a0060) C:\Windows\system32\DRIVERS\circlass.sys
2010/10/30 17:43:00.0103 CLFS (635181e0e9bbf16871bf5380d71db02d) C:\Windows\system32\CLFS.sys
2010/10/30 17:43:00.0167 CmBatt (dea805815e587dad1dd2c502220b5616) C:\Windows\system32\DRIVERS\CmBatt.sys
2010/10/30 17:43:00.0186 cmdide (c537b1db64d495b9b4717b4d6d9edbf2) C:\Windows\system32\DRIVERS\cmdide.sys
2010/10/30 17:43:00.0230 CNG (1b675691ed940766149c93e8f4488d68) C:\Windows\system32\Drivers\cng.sys
2010/10/30 17:43:00.0275 Compbatt (a6023d3823c37043986713f118a89bee) C:\Windows\system32\DRIVERS\compbatt.sys
2010/10/30 17:43:00.0317 CompositeBus (f1724ba27e97d627f808fb0ba77a28a6) C:\Windows\system32\DRIVERS\CompositeBus.sys
2010/10/30 17:43:00.0360 crcdisk (2c4ebcfc84a9b44f209dff6c6e6c61d1) C:\Windows\system32\DRIVERS\crcdisk.sys
2010/10/30 17:43:00.0415 CSC (27c9490bdd0ae48911ab8cf1932591ed) C:\Windows\system32\drivers\csc.sys
2010/10/30 17:43:00.0472 DfsC (8e09e52ee2e3ceb199ef3dd99cf9e3fb) C:\Windows\system32\Drivers\dfsc.sys
2010/10/30 17:43:00.0515 discache (1a050b0274bfb3890703d490f330c0da) C:\Windows\system32\drivers\discache.sys
2010/10/30 17:43:00.0566 Disk (565003f326f99802e68ca78f2a68e9ff) C:\Windows\system32\DRIVERS\disk.sys
2010/10/30 17:43:00.0688 drmkaud (b918e7c5f9bf77202f89e1a9539f2eb4) C:\Windows\system32\drivers\drmkaud.sys
2010/10/30 17:43:00.0744 DXGKrnl (8b6c3464d7fac176500061dbfff42ad4) C:\Windows\System32\drivers\dxgkrnl.sys
2010/10/30 17:43:00.0953 ebdrv (024e1b5cac09731e4d868e64dbfb4ab0) C:\Windows\system32\DRIVERS\evbdx.sys
2010/10/30 17:43:01.0107 elxstor (0ed67910c8c326796faa00b2bf6d9d3c) C:\Windows\system32\DRIVERS\elxstor.sys
2010/10/30 17:43:01.0151 ErrDev (8fc3208352dd3912c94367a206ab3f11) C:\Windows\system32\DRIVERS\errdev.sys
2010/10/30 17:43:01.0219 exfat (2dc9108d74081149cc8b651d3a26207f) C:\Windows\system32\drivers\exfat.sys
2010/10/30 17:43:01.0265 fastfat (7e0ab74553476622fb6ae36f73d97d35) C:\Windows\system32\drivers\fastfat.sys
2010/10/30 17:43:01.0315 fdc (e817a017f82df2a1f8cfdbda29388b29) C:\Windows\system32\DRIVERS\fdc.sys
2010/10/30 17:43:01.0357 FileInfo (6cf00369c97f3cf563be99be983d13d8) C:\Windows\system32\drivers\fileinfo.sys
2010/10/30 17:43:01.0397 Filetrace (42c51dc94c91da21cb9196eb64c45db9) C:\Windows\system32\drivers\filetrace.sys
2010/10/30 17:43:01.0436 flpydisk (87907aa70cb3c56600f1c2fb8841579b) C:\Windows\system32\DRIVERS\flpydisk.sys
2010/10/30 17:43:01.0480 FltMgr (7520ec808e0c35e0ee6f841294316653) C:\Windows\system32\drivers\fltmgr.sys
2010/10/30 17:43:01.0529 FsDepends (1a16b57943853e598cff37fe2b8cbf1d) C:\Windows\system32\drivers\FsDepends.sys
2010/10/30 17:43:01.0557 Fs_Rec (a574b4360e438977038aae4bf60d79a2) C:\Windows\system32\drivers\Fs_Rec.sys
2010/10/30 17:43:01.0606 fvevol (dafbd9fe39197495aed6d51f3b85b5d2) C:\Windows\system32\DRIVERS\fvevol.sys
2010/10/30 17:43:01.0645 gagp30kx (65ee0c7a58b65e74ae05637418153938) C:\Windows\system32\DRIVERS\gagp30kx.sys
2010/10/30 17:43:01.0670 hcw85cir (c44e3c2bab6837db337ddee7544736db) C:\Windows\system32\drivers\hcw85cir.sys
2010/10/30 17:43:01.0741 HdAudAddService (3530cad25deba7dc7de8bb51632cbc5f) C:\Windows\system32\drivers\HdAudio.sys
2010/10/30 17:43:01.0794 HDAudBus (717a2207fd6f13ad3e664c7d5a43c7bf) C:\Windows\system32\DRIVERS\HDAudBus.sys
2010/10/30 17:43:01.0831 HidBatt (1d58a7f3e11a9731d0eaaaa8405acc36) C:\Windows\system32\DRIVERS\HidBatt.sys
2010/10/30 17:43:01.0875 HidBth (89448f40e6df260c206a193a4683ba78) C:\Windows\system32\DRIVERS\hidbth.sys
2010/10/30 17:43:01.0929 HidIr (cf50b4cf4a4f229b9f3c08351f99ca5e) C:\Windows\system32\DRIVERS\hidir.sys
2010/10/30 17:43:01.0970 HidUsb (25072fb35ac90b25f9e4e3bacf774102) C:\Windows\system32\DRIVERS\hidusb.sys
2010/10/30 17:43:02.0014 HpSAMD (295fdc419039090eb8b49ffdbb374549) C:\Windows\system32\DRIVERS\HpSAMD.sys
2010/10/30 17:43:02.0062 HTTP (c531c7fd9e8b62021112787c4e2c5a5a) C:\Windows\system32\drivers\HTTP.sys
2010/10/30 17:43:02.0103 hwpolicy (8305f33cde89ad6c7a0763ed0b5a8d42) C:\Windows\system32\drivers\hwpolicy.sys
2010/10/30 17:43:02.0136 i8042prt (f151f0bdc47f4a28b1b20a0818ea36d6) C:\Windows\system32\DRIVERS\i8042prt.sys
2010/10/30 17:43:02.0184 iaStorV (934af4d7c5f457b9f0743f4299b77b67) C:\Windows\system32\DRIVERS\iaStorV.sys
2010/10/30 17:43:02.0234 iirsp (4173ff5708f3236cf25195fecd742915) C:\Windows\system32\DRIVERS\iirsp.sys
2010/10/30 17:43:02.0282 intelide (a0f12f2c9ba6c72f3987ce780e77c130) C:\Windows\system32\DRIVERS\intelide.sys
2010/10/30 17:43:02.0318 intelppm (3b514d27bfc4accb4037bc6685f766e0) C:\Windows\system32\DRIVERS\intelppm.sys
2010/10/30 17:43:02.0343 IpFilterDriver (709d1761d3b19a932ff0238ea6d50200) C:\Windows\system32\DRIVERS\ipfltdrv.sys
2010/10/30 17:43:02.0397 IPMIDRV (e4454b6c37d7ffd5649611f6496308a7) C:\Windows\system32\DRIVERS\IPMIDrv.sys
2010/10/30 17:43:02.0436 IPNAT (a5fa468d67abcdaa36264e463a7bb0cd) C:\Windows\system32\drivers\ipnat.sys
2010/10/30 17:43:02.0484 IRENUM (42996cff20a3084a56017b7902307e9f) C:\Windows\system32\drivers\irenum.sys
2010/10/30 17:43:02.0522 isapnp (1f32bb6b38f62f7df1a7ab7292638a35) C:\Windows\system32\DRIVERS\isapnp.sys
2010/10/30 17:43:02.0561 iScsiPrt (ed46c223ae46c6866ab77cdc41c404b7) C:\Windows\system32\DRIVERS\msiscsi.sys
2010/10/30 17:43:02.0605 kbdclass (adef52ca1aeae82b50df86b56413107e) C:\Windows\system32\DRIVERS\kbdclass.sys
2010/10/30 17:43:02.0644 kbdhid (3d9f0ebf350edcfd6498057301455964) C:\Windows\system32\DRIVERS\kbdhid.sys
2010/10/30 17:43:02.0703 KSecDD (e36a061ec11b373826905b21be10948f) C:\Windows\system32\Drivers\ksecdd.sys
2010/10/30 17:43:02.0749 KSecPkg (365c6154bbbc5377173f1ca7bfb6cc59) C:\Windows\system32\Drivers\ksecpkg.sys
2010/10/30 17:43:02.0839 lltdio (f7611ec07349979da9b0ae1f18ccc7a6) C:\Windows\system32\DRIVERS\lltdio.sys
2010/10/30 17:43:02.0904 LSI_FC (eb119a53ccf2acc000ac71b065b78fef) C:\Windows\system32\DRIVERS\lsi_fc.sys
2010/10/30 17:43:02.0946 LSI_SAS (8ade1c877256a22e49b75d1cc9161f9c) C:\Windows\system32\DRIVERS\lsi_sas.sys
2010/10/30 17:43:03.0000 LSI_SAS2 (dc9dc3d3daa0e276fd2ec262e38b11e9) C:\Windows\system32\DRIVERS\lsi_sas2.sys
2010/10/30 17:43:03.0043 LSI_SCSI (0a036c7d7cab643a7f07135ac47e0524) C:\Windows\system32\DRIVERS\lsi_scsi.sys
2010/10/30 17:43:03.0094 luafv (6703e366cc18d3b6e534f5cf7df39cee) C:\Windows\system32\drivers\luafv.sys
2010/10/30 17:43:03.0134 megasas (0fff5b045293002ab38eb1fd1fc2fb74) C:\Windows\system32\DRIVERS\megasas.sys
2010/10/30 17:43:03.0186 MegaSR (dcbab2920c75f390caf1d29f675d03d6) C:\Windows\system32\DRIVERS\MegaSR.sys
2010/10/30 17:43:03.0251 Modem (f001861e5700ee84e2d4e52c712f4964) C:\Windows\system32\drivers\modem.sys
2010/10/30 17:43:03.0306 monitor (79d10964de86b292320e9dfe02282a23) C:\Windows\system32\DRIVERS\monitor.sys
2010/10/30 17:43:03.0342 mouclass (fb18cc1d4c2e716b6b903b0ac0cc0609) C:\Windows\system32\DRIVERS\mouclass.sys
2010/10/30 17:43:03.0385 mouhid (2c388d2cd01c9042596cf3c8f3c7b24d) C:\Windows\system32\DRIVERS\mouhid.sys
2010/10/30 17:43:03.0417 mountmgr (921c18727c5920d6c0300736646931c2) C:\Windows\system32\drivers\mountmgr.sys
2010/10/30 17:43:03.0454 mpio (2af5997438c55fb79d33d015c30e1974) C:\Windows\system32\DRIVERS\mpio.sys
2010/10/30 17:43:03.0485 mpsdrv (ad2723a7b53dd1aacae6ad8c0bfbf4d0) C:\Windows\system32\drivers\mpsdrv.sys
2010/10/30 17:43:03.0521 MRxDAV (b1be47008d20e43da3adc37c24cdb89d) C:\Windows\system32\drivers\mrxdav.sys
2010/10/30 17:43:03.0589 mrxsmb (f1b6aa08497ea86ca6ef6f7a08b0bfb8) C:\Windows\system32\DRIVERS\mrxsmb.sys
2010/10/30 17:43:03.0632 mrxsmb10 (5613358b4050f46f5a9832da8050d6e4) C:\Windows\system32\DRIVERS\mrxsmb10.sys
2010/10/30 17:43:03.0667 mrxsmb20 (25c9792778d80feb4c8201e62281bfdf) C:\Windows\system32\DRIVERS\mrxsmb20.sys
2010/10/30 17:43:03.0703 msahci (4326d168944123f38dd3b2d9c37a0b12) C:\Windows\system32\DRIVERS\msahci.sys
2010/10/30 17:43:03.0739 msdsm (455029c7174a2dbb03dba8a0d8bddd9a) C:\Windows\system32\DRIVERS\msdsm.sys
2010/10/30 17:43:03.0798 Msfs (daefb28e3af5a76abcc2c3078c07327f) C:\Windows\system32\drivers\Msfs.sys
2010/10/30 17:43:03.0835 mshidkmdf (3e1e5767043c5af9367f0056295e9f84) C:\Windows\System32\drivers\mshidkmdf.sys
2010/10/30 17:43:03.0875 msisadrv (0a4e5757ae09fa9622e3158cc1aef114) C:\Windows\system32\DRIVERS\msisadrv.sys
2010/10/30 17:43:03.0933 MSKSSRV (8c0860d6366aaffb6c5bb9df9448e631) C:\Windows\system32\drivers\MSKSSRV.sys
2010/10/30 17:43:03.0979 MSPCLOCK (3ea8b949f963562cedbb549eac0c11ce) C:\Windows\system32\drivers\MSPCLOCK.sys
2010/10/30 17:43:04.0015 MSPQM (f456e973590d663b1073e9c463b40932) C:\Windows\system32\drivers\MSPQM.sys
2010/10/30 17:43:04.0048 MsRPC (0e008fc4819d238c51d7c93e7b41e560) C:\Windows\system32\drivers\MsRPC.sys
2010/10/30 17:43:04.0091 mssmbios (fc6b9ff600cc585ea38b12589bd4e246) C:\Windows\system32\DRIVERS\mssmbios.sys
2010/10/30 17:43:04.0128 MSTEE (b42c6b921f61a6e55159b8be6cd54a36) C:\Windows\system32\drivers\MSTEE.sys
2010/10/30 17:43:04.0181 MTConfig (33599130f44e1f34631cea241de8ac84) C:\Windows\system32\DRIVERS\MTConfig.sys
2010/10/30 17:43:04.0229 MTsensor (d48659bb24c48345d926ecb45c1ebdf5) C:\Windows\system32\DRIVERS\ASACPI.sys
2010/10/30 17:43:04.0261 Mup (159fad02f64e6381758c990f753bcc80) C:\Windows\system32\Drivers\mup.sys
2010/10/30 17:43:04.0312 NativeWifiP (26384429fcd85d83746f63e798ab1480) C:\Windows\system32\DRIVERS\nwifi.sys
2010/10/30 17:43:04.0374 NDIS (23759d175a0a9baaf04d05047bc135a8) C:\Windows\system32\drivers\ndis.sys
2010/10/30 17:43:04.0428 NdisCap (0e1787aa6c9191d3d319e8bafe86f80c) C:\Windows\system32\DRIVERS\ndiscap.sys
2010/10/30 17:43:04.0492 NdisTapi (e4a8aec125a2e43a9e32afeea7c9c888) C:\Windows\system32\DRIVERS\ndistapi.sys
2010/10/30 17:43:04.0534 Ndisuio (b30ae7f2b6d7e343b0df32e6c08fce75) C:\Windows\system32\DRIVERS\ndisuio.sys
2010/10/30 17:43:04.0603 NdisWan (267c415eadcbe53c9ca873dee39cf3a4) C:\Windows\system32\DRIVERS\ndiswan.sys
2010/10/30 17:43:04.0633 NDProxy (af7e7c63dcef3f8772726f86039d6eb4) C:\Windows\system32\drivers\NDProxy.sys
2010/10/30 17:43:04.0683 NetBIOS (80b275b1ce3b0e79909db7b39af74d51) C:\Windows\system32\DRIVERS\netbios.sys
2010/10/30 17:43:04.0720 NetBT (dd52a733bf4ca5af84562a5e2f963b91) C:\Windows\system32\DRIVERS\netbt.sys
2010/10/30 17:43:04.0805 nfrd960 (1d85c4b390b0ee09c7a46b91efb2c097) C:\Windows\system32\DRIVERS\nfrd960.sys
2010/10/30 17:43:04.0850 Npfs (1db262a9f8c087e8153d89bef3d2235f) C:\Windows\system32\drivers\Npfs.sys
2010/10/30 17:43:04.0882 nsiproxy (e9a0a4d07e53d8fea2bb8387a3293c58) C:\Windows\system32\drivers\nsiproxy.sys
2010/10/30 17:43:04.0965 Ntfs (3795dcd21f740ee799fb7223234215af) C:\Windows\system32\drivers\Ntfs.sys
2010/10/30 17:43:05.0071 Null (f9756a98d69098dca8945d62858a812c) C:\Windows\system32\drivers\Null.sys
2010/10/30 17:43:05.0138 NVENETFD (b5e37e31c053bc9950455a257526514b) C:\Windows\system32\DRIVERS\nvm62x32.sys
2010/10/30 17:43:05.0403 nvlddmkm (a85091649861ae1a0c900105ea068a0d) C:\Windows\system32\DRIVERS\nvlddmkm.sys
2010/10/30 17:43:05.0633 nvraid (3f3d04b1d08d43c16ea7963954ec768d) C:\Windows\system32\DRIVERS\nvraid.sys
2010/10/30 17:43:05.0662 nvstor (c99f251a5de63c6f129cf71933aced0f) C:\Windows\system32\DRIVERS\nvstor.sys
2010/10/30 17:43:05.0723 nv_agp (5a0983915f02bae73267cc2a041f717d) C:\Windows\system32\DRIVERS\nv_agp.sys
2010/10/30 17:43:05.0773 ohci1394 (08a70a1f2cdde9bb49b885cb817a66eb) C:\Windows\system32\DRIVERS\ohci1394.sys
2010/10/30 17:43:05.0837 Parport (2ea877ed5dd9713c5ac74e8ea7348d14) C:\Windows\system32\DRIVERS\parport.sys
2010/10/30 17:43:05.0875 partmgr (ff4218952b51de44fe910953a3e686b9) C:\Windows\system32\drivers\partmgr.sys
2010/10/30 17:43:05.0914 Parvdm (eb0a59f29c19b86479d36b35983daadc) C:\Windows\system32\DRIVERS\parvdm.sys
2010/10/30 17:43:05.0965 pci (c858cb77c577780ecc456a892e7e7d0f) C:\Windows\system32\DRIVERS\pci.sys
2010/10/30 17:43:06.0001 pciide (afe86f419014db4e5593f69ffe26ce0a) C:\Windows\system32\DRIVERS\pciide.sys
2010/10/30 17:43:06.0041 pcmcia (f396431b31693e71e8a80687ef523506) C:\Windows\system32\DRIVERS\pcmcia.sys
2010/10/30 17:43:06.0089 pcw (250f6b43d2b613172035c6747aeeb19f) C:\Windows\system32\drivers\pcw.sys
2010/10/30 17:43:06.0131 PEAUTH (9e0104ba49f4e6973749a02bf41344ed) C:\Windows\system32\drivers\peauth.sys
2010/10/30 17:43:06.0228 PptpMiniport (631e3e205ad6d86f2aed6a4a8e69f2db) C:\Windows\system32\DRIVERS\raspptp.sys
2010/10/30 17:43:06.0269 Processor (85b1e3a0c7585bc4aae6899ec6fcf011) C:\Windows\system32\DRIVERS\processr.sys
2010/10/30 17:43:06.0333 Psched (6270ccae2a86de6d146529fe55b3246a) C:\Windows\system32\DRIVERS\pacer.sys
2010/10/30 17:43:06.0399 ql2300 (ab95ecf1f6659a60ddc166d8315b0751) C:\Windows\system32\DRIVERS\ql2300.sys
2010/10/30 17:43:06.0460 ql40xx (b4dd51dd25182244b86737dc51af2270) C:\Windows\system32\DRIVERS\ql40xx.sys
2010/10/30 17:43:06.0495 QWAVEdrv (584078ca1b95ca72df2a27c336f9719d) C:\Windows\system32\drivers\qwavedrv.sys
2010/10/30 17:43:06.0525 RasAcd (30a81b53c766d0133bb86d234e5556ab) C:\Windows\system32\DRIVERS\rasacd.sys
2010/10/30 17:43:06.0577 RasAgileVpn (57ec4aef73660166074d8f7f31c0d4fd) C:\Windows\system32\DRIVERS\AgileVpn.sys
2010/10/30 17:43:06.0639 Rasl2tp (d9f91eafec2815365cbe6d167e4e332a) C:\Windows\system32\DRIVERS\rasl2tp.sys
2010/10/30 17:43:06.0774 RasPppoe (0fe8b15916307a6ac12bfb6a63e45507) C:\Windows\system32\DRIVERS\raspppoe.sys
2010/10/30 17:43:06.0865 RasSstp (44101f495a83ea6401d886e7fd70096b) C:\Windows\system32\DRIVERS\rassstp.sys
2010/10/30 17:43:06.0902 rdbss (835d7e81bf517a3b72384bdcc85e1ce6) C:\Windows\system32\DRIVERS\rdbss.sys
2010/10/30 17:43:06.0930 rdpbus (0d8f05481cb76e70e1da06ee9f0da9df) C:\Windows\system32\DRIVERS\rdpbus.sys
2010/10/30 17:43:06.0953 RDPCDD (1e016846895b15a99f9a176a05029075) C:\Windows\system32\DRIVERS\RDPCDD.sys
2010/10/30 17:43:07.0013 RDPDR (c5ff95883ffef704d50c40d21cfb3ab5) C:\Windows\system32\drivers\rdpdr.sys
2010/10/30 17:43:07.0052 RDPENCDD (5a53ca1598dd4156d44196d200c94b8a) C:\Windows\system32\drivers\rdpencdd.sys
2010/10/30 17:43:07.0086 RDPREFMP (44b0a53cd4f27d50ed461dae0c0b4e1f) C:\Windows\system32\drivers\rdprefmp.sys
2010/10/30 17:43:07.0117 RDPWD (801371ba9782282892d00aadb08ee367) C:\Windows\system32\drivers\RDPWD.sys
2010/10/30 17:43:07.0164 rdyboost (4ea225bf1cf05e158853f30a99ca29a7) C:\Windows\system32\drivers\rdyboost.sys
2010/10/30 17:43:07.0220 rspndr (032b0d36ad92b582d869879f5af5b928) C:\Windows\system32\DRIVERS\rspndr.sys
2010/10/30 17:43:07.0260 s3cap (5423d8437051e89dd34749f242c98648) C:\Windows\system32\DRIVERS\vms3cap.sys
2010/10/30 17:43:07.0330 SaiH8000 (34ea7d80b2e7899b99bd525428cdce94) C:\Windows\system32\DRIVERS\SaiH8000.sys
2010/10/30 17:43:07.0374 sbp2port (34ee0c44b724e3e4ce2eff29126de5b5) C:\Windows\system32\DRIVERS\sbp2port.sys
2010/10/30 17:43:07.0405 scfilter (a95c54b2ac3cc9c73fcdf9e51a1d6b51) C:\Windows\system32\DRIVERS\scfilter.sys
2010/10/30 17:43:07.0466 secdrv (90a3935d05b494a5a39d37e71f09a677) C:\Windows\system32\drivers\secdrv.sys
2010/10/30 17:43:07.0522 Serenum (9ad8b8b515e3df6acd4212ef465de2d1) C:\Windows\system32\DRIVERS\serenum.sys
2010/10/30 17:43:07.0566 Serial (5fb7fcea0490d821f26f39cc5ea3d1e2) C:\Windows\system32\DRIVERS\serial.sys
2010/10/30 17:43:07.0602 sermouse (79bffb520327ff916a582dfea17aa813) C:\Windows\system32\DRIVERS\sermouse.sys
2010/10/30 17:43:07.0668 sffdisk (9f976e1eb233df46fce808d9dea3eb9c) C:\Windows\system32\DRIVERS\sffdisk.sys
2010/10/30 17:43:07.0687 sffp_mmc (932a68ee27833cfd57c1639d375f2731) C:\Windows\system32\DRIVERS\sffp_mmc.sys
2010/10/30 17:43:07.0719 sffp_sd (a0708bbd07d245c06ff9de549ca47185) C:\Windows\system32\DRIVERS\sffp_sd.sys
2010/10/30 17:43:07.0747 sfloppy (db96666cc8312ebc45032f30b007a547) C:\Windows\system32\DRIVERS\sfloppy.sys
2010/10/30 17:43:07.0796 sisagp (2565cac0dc9fe0371bdce60832582b2e) C:\Windows\system32\DRIVERS\sisagp.sys
2010/10/30 17:43:07.0851 SiSRaid2 (a9f0486851becb6dda1d89d381e71055) C:\Windows\system32\DRIVERS\SiSRaid2.sys
2010/10/30 17:43:07.0890 SiSRaid4 (3727097b55738e2f554972c3be5bc1aa) C:\Windows\system32\DRIVERS\sisraid4.sys
2010/10/30 17:43:07.0942 Smb (3e21c083b8a01cb70ba1f09303010fce) C:\Windows\system32\DRIVERS\smb.sys
2010/10/30 17:43:07.0992 spldr (95cf1ae7527fb70f7816563cbc09d942) C:\Windows\system32\drivers\spldr.sys
2010/10/30 17:43:08.0067 sptd (cdddec541bc3c96f91ecb48759673505) C:\Windows\system32\Drivers\sptd.sys
2010/10/30 17:43:08.0067 Suspicious file (NoAccess): C:\Windows\system32\Drivers\sptd.sys. md5: cdddec541bc3c96f91ecb48759673505
2010/10/30 17:43:08.0072 sptd - detected Locked file (1)
2010/10/30 17:43:08.0142 srv (2dbedfb1853f06110ec2aa7f3213c89f) C:\Windows\system32\DRIVERS\srv.sys
2010/10/30 17:43:08.0177 srv2 (db37131d1027c50ea7ee21c8bb4536aa) C:\Windows\system32\DRIVERS\srv2.sys
2010/10/30 17:43:08.0205 srvnet (f5980b74124db9233b33f86fc5ebbb4f) C:\Windows\system32\DRIVERS\srvnet.sys
2010/10/30 17:43:08.0274 stexstor (db32d325c192b801df274bfd12a7e72b) C:\Windows\system32\DRIVERS\stexstor.sys
2010/10/30 17:43:08.0325 storflt (957e346ca948668f2496a6ccf6ff82cc) C:\Windows\system32\DRIVERS\vmstorfl.sys
2010/10/30 17:43:08.0352 storvsc (d5751969dc3e4b88bf482ac8ec9fe019) C:\Windows\system32\DRIVERS\storvsc.sys
2010/10/30 17:43:08.0424 SVKP (f05028b163b92c302a74409d683ac9b0) C:\Windows\system32\SVKP.sys
2010/10/30 17:43:08.0451 swenum (e58c78a848add9610a4db6d214af5224) C:\Windows\system32\DRIVERS\swenum.sys
2010/10/30 17:43:08.0532 Tcpip (bb7f39c31c4a4417fd318e7cd184e225) C:\Windows\system32\drivers\tcpip.sys
2010/10/30 17:43:08.0615 TCPIP6 (bb7f39c31c4a4417fd318e7cd184e225) C:\Windows\system32\DRIVERS\tcpip.sys
2010/10/30 17:43:08.0651 tcpipreg (e64444523add154f86567c469bc0b17f) C:\Windows\system32\drivers\tcpipreg.sys
2010/10/30 17:43:08.0707 TDPIPE (1875c1490d99e70e449e3afae9fcbadf) C:\Windows\system32\drivers\tdpipe.sys
2010/10/30 17:43:08.0745 TDTCP (7551e91ea999ee9a8e9c331d5a9c31f3) C:\Windows\system32\drivers\tdtcp.sys
2010/10/30 17:43:08.0783 tdx (cb39e896a2a83702d1737bfd402b3542) C:\Windows\system32\DRIVERS\tdx.sys
2010/10/30 17:43:08.0820 TermDD (c36f41ee20e6999dbf4b0425963268a5) C:\Windows\system32\DRIVERS\termdd.sys
2010/10/30 17:43:08.0924 tssecsrv (98ae6fa07d12cb4ec5cf4a9bfa5f4242) C:\Windows\system32\DRIVERS\tssecsrv.sys
2010/10/30 17:43:08.0971 tunnel (3e461d890a97f9d4c168f5fda36e1d00) C:\Windows\system32\DRIVERS\tunnel.sys
2010/10/30 17:43:09.0005 uagp35 (750fbcb269f4d7dd2e420c56b795db6d) C:\Windows\system32\DRIVERS\uagp35.sys
2010/10/30 17:43:09.0054 udfs (09cc3e16f8e5ee7168e01cf8fcbe061a) C:\Windows\system32\DRIVERS\udfs.sys
2010/10/30 17:43:09.0140 uliagpkx (44e8048ace47befbfdc2e9be4cbc8880) C:\Windows\system32\DRIVERS\uliagpkx.sys
2010/10/30 17:43:09.0188 umbus (049b3a50b3d646baeeee9eec9b0668dc) C:\Windows\system32\DRIVERS\umbus.sys
2010/10/30 17:43:09.0230 UmPass (7550ad0c6998ba1cb4843e920ee0feac) C:\Windows\system32\DRIVERS\umpass.sys
2010/10/30 17:43:09.0341 usbccgp (8455c4ed038efd09e99327f9d2d48ffa) C:\Windows\system32\DRIVERS\usbccgp.sys
2010/10/30 17:43:09.0399 usbcir (04ec7cec62ec3b6d9354eee93327fc82) C:\Windows\system32\DRIVERS\usbcir.sys
2010/10/30 17:43:09.0450 usbehci (ff32d4f3ec3c68b2ca61782c7964f54e) C:\Windows\system32\DRIVERS\usbehci.sys
2010/10/30 17:43:09.0502 usbhub (b0dfc7b484e0ca0c27bda5433b82d94a) C:\Windows\system32\DRIVERS\usbhub.sys
2010/10/30 17:43:09.0549 usbohci (a6fb7957ea7afb1165991e54ce934b74) C:\Windows\system32\DRIVERS\usbohci.sys
2010/10/30 17:43:09.0583 usbprint (797d862fe0875e75c7cc4c1ad7b30252) C:\Windows\system32\DRIVERS\usbprint.sys
2010/10/30 17:43:09.0619 USBSTOR (d8889d56e0d27e57ed4591837fe71d27) C:\Windows\system32\DRIVERS\USBSTOR.SYS
2010/10/30 17:43:09.0661 usbuhci (78780c3ebce17405b1ccd07a3a8a7d72) C:\Windows\system32\DRIVERS\usbuhci.sys
2010/10/30 17:43:09.0711 vdrvroot (a059c4c3edb09e07d21a8e5c0aabd3cb) C:\Windows\system32\DRIVERS\vdrvroot.sys
2010/10/30 17:43:09.0748 vga (17c408214ea61696cec9c66e388b14f3) C:\Windows\system32\DRIVERS\vgapnp.sys
2010/10/30 17:43:09.0772 VgaSave (8e38096ad5c8570a6f1570a61e251561) C:\Windows\System32\drivers\vga.sys
2010/10/30 17:43:09.0814 vhdmp (3be6e1f3a4f1afec8cee0d7883f93583) C:\Windows\system32\DRIVERS\vhdmp.sys
2010/10/30 17:43:09.0865 viaagp (c829317a37b4bea8f39735d4b076e923) C:\Windows\system32\DRIVERS\viaagp.sys
2010/10/30 17:43:09.0903 ViaC7 (e02f079a6aa107f06b16549c6e5c7b74) C:\Windows\system32\DRIVERS\viac7.sys
2010/10/30 17:43:09.0942 viaide (e43574f6a56a0ee11809b48c09e4fd3c) C:\Windows\system32\DRIVERS\viaide.sys
2010/10/30 17:43:09.0971 vmbus (379b349f65f453d2a6e75ea6b7448e49) C:\Windows\system32\DRIVERS\vmbus.sys
2010/10/30 17:43:09.0999 VMBusHID (ec2bbab4b84d0738c6c83d2234dc36fe) C:\Windows\system32\DRIVERS\VMBusHID.sys
2010/10/30 17:43:10.0035 volmgr (384e5a2aa49934295171e499f86ba6f3) C:\Windows\system32\DRIVERS\volmgr.sys
2010/10/30 17:43:10.0067 volmgrx (b5bb72067ddddbbfb04b2f89ff8c3c87) C:\Windows\system32\drivers\volmgrx.sys
2010/10/30 17:43:10.0115 volsnap (58df9d2481a56edde167e51b334d44fd) C:\Windows\system32\DRIVERS\volsnap.sys
2010/10/30 17:43:10.0154 vsmraid (9dfa0cc2f8855a04816729651175b631) C:\Windows\system32\DRIVERS\vsmraid.sys
2010/10/30 17:43:10.0181 vwifibus (90567b1e658001e79d7c8bbd3dde5aa6) C:\Windows\System32\drivers\vwifibus.sys
2010/10/30 17:43:10.0235 WacomPen (de3721e89c653aa281428c8a69745d90) C:\Windows\system32\DRIVERS\wacompen.sys
2010/10/30 17:43:10.0285 WANARP (692a712062146e96d28ba0b7d75de31b) C:\Windows\system32\DRIVERS\wanarp.sys
2010/10/30 17:43:10.0296 Wanarpv6 (692a712062146e96d28ba0b7d75de31b) C:\Windows\system32\DRIVERS\wanarp.sys
2010/10/30 17:43:10.0358 Wd (1112a9badacb47b7c0bb0392e3158dff) C:\Windows\system32\DRIVERS\wd.sys
2010/10/30 17:43:10.0411 Wdf01000 (9950e3d0f08141c7e89e64456ae7dc73) C:\Windows\system32\drivers\Wdf01000.sys
2010/10/30 17:43:10.0505 WfpLwf (8b9a943f3b53861f2bfaf6c186168f79) C:\Windows\system32\DRIVERS\wfplwf.sys
2010/10/30 17:43:10.0543 WIMMount (5cf95b35e59e2a38023836fff31be64c) C:\Windows\system32\drivers\wimmount.sys
2010/10/30 17:43:10.0658 WmiAcpi (0217679b8fca58714c3bf2726d2ca84e) C:\Windows\system32\DRIVERS\wmiacpi.sys
2010/10/30 17:43:10.0715 ws2ifsl (6db3276587b853bf886b69528fdb048c) C:\Windows\system32\drivers\ws2ifsl.sys
2010/10/30 17:43:10.0760 WudfPf (6f9b6c0c93232cff47d0f72d6db1d21e) C:\Windows\system32\drivers\WudfPf.sys
2010/10/30 17:43:10.0830 \HardDisk0\MBR - detected Rootkit.Win32.TDSS.tdl4 (0)
2010/10/30 17:43:10.0834 ================================================================================
2010/10/30 17:43:10.0834 Scan finished
2010/10/30 17:43:10.0834 ================================================================================
2010/10/30 17:43:10.0845 Detected object count: 2
2010/10/30 17:43:43.0531 Locked file(sptd) - User select action: Skip
2010/10/30 17:43:43.0565 \HardDisk0\MBR - will be cured after reboot
2010/10/30 17:43:43.0566 Rootkit.Win32.TDSS.tdl4(\HardDisk0\MBR) - User select action: Cure
2010/10/30 17:43:49.0359 Deinitialize success

MBRCheck, version 1.2.3
(c) 2010, AD

Command-line:
Windows Version: Windows 7 Ultimate Edition
Windows Information: (build 7600), 32-bit
Base Board Manufacturer: ASUSTeK Computer INC.
BIOS Manufacturer: Phoenix Technologies, LTD
System Manufacturer: System manufacturer
System Product Name: System Product Name
Logical Drives Mask: 0x0000003c

Kernel Drivers (total 197):
0x82A4F000 \SystemRoot\system32\ntkrnlpa.exe
0x82A18000 \SystemRoot\system32\halmacpi.dll
0x80BA2000 \SystemRoot\system32\kdcom.dll
0x88828000 \SystemRoot\system32\mcupdate_AuthenticAMD.dll
0x88833000 \SystemRoot\system32\PSHED.dll
0x88844000 \SystemRoot\system32\BOOTVID.dll
0x8884C000 \SystemRoot\system32\CLFS.SYS
0x8888E000 \SystemRoot\system32\CI.dll
0x88939000 \SystemRoot\system32\drivers\Wdf01000.sys
0x889AA000 \SystemRoot\system32\drivers\WDFLDR.SYS
0x88A27000 \SystemRoot\System32\Drivers\spmi.sys
0x88B1A000 \SystemRoot\System32\Drivers\WMILIB.SYS
0x88B23000 \SystemRoot\System32\Drivers\SCSIPORT.SYS
0x88B49000 \SystemRoot\system32\DRIVERS\ACPI.sys
0x88B91000 \SystemRoot\system32\DRIVERS\msisadrv.sys
0x88B99000 \SystemRoot\system32\DRIVERS\vdrvroot.sys
0x88BA4000 \SystemRoot\system32\DRIVERS\pci.sys
0x88BCE000 \SystemRoot\System32\drivers\partmgr.sys
0x88BDF000 \SystemRoot\system32\DRIVERS\volmgr.sys
0x88C2C000 \SystemRoot\System32\drivers\volmgrx.sys
0x88C77000 \SystemRoot\system32\DRIVERS\pciide.sys
0x88C7E000 \SystemRoot\system32\DRIVERS\PCIIDEX.SYS
0x88C8C000 \SystemRoot\System32\drivers\mountmgr.sys
0x88CA2000 \SystemRoot\system32\DRIVERS\atapi.sys
0x88CAB000 \SystemRoot\system32\DRIVERS\ataport.SYS
0x88CCE000 \SystemRoot\system32\DRIVERS\nvstor.sys
0x88CF3000 \SystemRoot\system32\DRIVERS\storport.sys
0x88D3A000 \SystemRoot\system32\DRIVERS\amdxata.sys
0x88D43000 \SystemRoot\system32\drivers\fltmgr.sys
0x88D77000 \SystemRoot\system32\drivers\fileinfo.sys
0x88E34000 \SystemRoot\System32\Drivers\Ntfs.sys
0x88F63000 \SystemRoot\System32\Drivers\msrpc.sys
0x88F8E000 \SystemRoot\System32\Drivers\ksecdd.sys
0x88FA1000 \SystemRoot\System32\Drivers\cng.sys
0x88E00000 \SystemRoot\System32\drivers\pcw.sys
0x88E0E000 \SystemRoot\System32\Drivers\Fs_Rec.sys
0x89014000 \SystemRoot\system32\drivers\ndis.sys
0x890CB000 \SystemRoot\system32\drivers\NETIO.SYS
0x89109000 \SystemRoot\System32\Drivers\ksecpkg.sys
0x89213000 \SystemRoot\System32\drivers\tcpip.sys
0x8935C000 \SystemRoot\System32\drivers\fwpkclnt.sys
0x8938D000 \SystemRoot\system32\DRIVERS\vmstorfl.sys
0x89396000 \SystemRoot\system32\DRIVERS\volsnap.sys
0x893D5000 \SystemRoot\System32\Drivers\spldr.sys
0x8912E000 \SystemRoot\System32\drivers\rdyboost.sys
0x893DD000 \SystemRoot\System32\Drivers\mup.sys
0x893ED000 \SystemRoot\System32\drivers\hwpolicy.sys
0x8915B000 \SystemRoot\System32\DRIVERS\fvevol.sys
0x89200000 \SystemRoot\system32\DRIVERS\disk.sys
0x8918D000 \SystemRoot\system32\DRIVERS\CLASSPNP.SYS
0x891D9000 \SystemRoot\system32\DRIVERS\cdrom.sys
0x891F8000 \SystemRoot\System32\Drivers\Null.SYS
0x89000000 \SystemRoot\System32\Drivers\Beep.SYS
0x89007000 \SystemRoot\System32\drivers\vga.sys
0x88D88000 \SystemRoot\System32\drivers\VIDEOPRT.SYS
0x88E17000 \SystemRoot\System32\drivers\watchdog.sys
0x88E24000 \SystemRoot\System32\DRIVERS\RDPCDD.sys
0x88E2C000 \SystemRoot\system32\drivers\rdpencdd.sys
0x88DA9000 \SystemRoot\system32\drivers\rdprefmp.sys
0x88DB1000 \SystemRoot\System32\Drivers\Msfs.SYS
0x88DBC000 \SystemRoot\System32\Drivers\Npfs.SYS
0x88DCA000 \SystemRoot\system32\DRIVERS\tdx.sys
0x88DE1000 \SystemRoot\system32\DRIVERS\TDI.SYS
0x88DEC000 \SystemRoot\System32\Drivers\aswTdi.SYS
0x889B8000 \SystemRoot\System32\DRIVERS\netbt.sys
0x8DE2E000 \SystemRoot\system32\drivers\afd.sys
0x8DE88000 \SystemRoot\System32\Drivers\aswRdr.SYS
0x8DE8D000 \SystemRoot\system32\DRIVERS\wfplwf.sys
0x8DE94000 \SystemRoot\system32\DRIVERS\pacer.sys
0x8DEB3000 \SystemRoot\system32\DRIVERS\netbios.sys
0x8DEC1000 \SystemRoot\system32\DRIVERS\wanarp.sys
0x8DED4000 \SystemRoot\system32\DRIVERS\termdd.sys
0x8DEE4000 \SystemRoot\system32\DRIVERS\rdbss.sys
0x8DF25000 \SystemRoot\system32\drivers\nsiproxy.sys
0x8DF2F000 \SystemRoot\system32\DRIVERS\mssmbios.sys
0x8DF39000 \SystemRoot\System32\drivers\discache.sys
0x8DF45000 \SystemRoot\system32\drivers\csc.sys
0x8DFA9000 \SystemRoot\System32\Drivers\dfsc.sys
0x8DFC1000 \SystemRoot\system32\DRIVERS\blbdrive.sys
0x8DFCF000 \SystemRoot\System32\Drivers\aswSP.SYS
0x8DE00000 \SystemRoot\system32\DRIVERS\tunnel.sys
0x88C00000 \SystemRoot\system32\DRIVERS\amdk8.sys
0x88C12000 \SystemRoot\system32\DRIVERS\serial.sys
0x8DE21000 \SystemRoot\system32\DRIVERS\serenum.sys
0x88A00000 \SystemRoot\system32\DRIVERS\parport.sys
0x8DFF6000 \SystemRoot\system32\DRIVERS\usbohci.sys
0x8E639000 \SystemRoot\system32\DRIVERS\USBPORT.SYS
0x8E684000 \SystemRoot\system32\DRIVERS\usbehci.sys
0x8E693000 \SystemRoot\system32\DRIVERS\1394ohci.sys
0x8E6BF000 \SystemRoot\system32\DRIVERS\HDAudBus.sys
0x8E6DE000 \SystemRoot\system32\DRIVERS\nvm62x32.sys
0x8F216000 \SystemRoot\system32\DRIVERS\nvlddmkm.sys
0x8FBAC000 \SystemRoot\system32\DRIVERS\nvBridge.kmd
0x8E733000 \SystemRoot\System32\drivers\dxgkrnl.sys
0x8FBAE000 \SystemRoot\System32\drivers\dxgmms1.sys
0x8E600000 \SystemRoot\System32\Drivers\ak79pm0s.SYS
0x8FBE7000 \SystemRoot\system32\DRIVERS\ASACPI.sys
0x8FBE9000 \SystemRoot\system32\DRIVERS\CompositeBus.sys
0x8F200000 \SystemRoot\system32\DRIVERS\AgileVpn.sys
0x88800000 \SystemRoot\system32\DRIVERS\rasl2tp.sys
0x8E7EA000 \SystemRoot\system32\DRIVERS\ndistapi.sys
0x9380F000 \SystemRoot\system32\DRIVERS\ndiswan.sys
0x93831000 \SystemRoot\system32\DRIVERS\raspppoe.sys
0x93849000 \SystemRoot\system32\DRIVERS\raspptp.sys
0x93860000 \SystemRoot\system32\DRIVERS\rassstp.sys
0x93877000 \SystemRoot\system32\DRIVERS\rdpbus.sys
0x93881000 \SystemRoot\system32\DRIVERS\kbdclass.sys
0x9388E000 \SystemRoot\system32\DRIVERS\mouclass.sys
0x9389B000 \SystemRoot\system32\DRIVERS\swenum.sys
0x9389D000 \SystemRoot\system32\DRIVERS\ks.sys
0x938D1000 \SystemRoot\system32\DRIVERS\umbus.sys
0x938DF000 \SystemRoot\system32\DRIVERS\usbhub.sys
0x93923000 \SystemRoot\System32\Drivers\NDProxy.SYS
0x93934000 \SystemRoot\system32\drivers\HdAudio.sys
0x93984000 \SystemRoot\system32\drivers\portcls.sys
0x939B3000 \SystemRoot\system32\drivers\drmk.sys
0x822F0000 \SystemRoot\System32\win32k.sys
0x939CC000 \SystemRoot\System32\drivers\Dxapi.sys
0x89E1C000 \SystemRoot\system32\DRIVERS\udfs.sys
0x89E5C000 \SystemRoot\System32\Drivers\crashdmp.sys
0x89E69000 \SystemRoot\System32\Drivers\dump_dumpata.sys
0x89E74000 \SystemRoot\System32\Drivers\dump_atapi.sys
0x89E7D000 \SystemRoot\System32\Drivers\dump_dumpfve.sys
0x89E8E000 \SystemRoot\system32\DRIVERS\monitor.sys
0x82550000 \SystemRoot\System32\TSDDD.dll
0x82580000 \SystemRoot\System32\cdd.dll
0x89E99000 \SystemRoot\system32\DRIVERS\usbccgp.sys
0x89EB0000 \SystemRoot\system32\DRIVERS\USBD.SYS
0x89EB2000 \SystemRoot\system32\DRIVERS\hidusb.sys
0x89EBD000 \SystemRoot\system32\DRIVERS\HIDCLASS.SYS
0x89ED0000 \SystemRoot\system32\DRIVERS\HIDPARSE.SYS
0x89ED7000 \SystemRoot\system32\DRIVERS\kbdhid.sys
0x89EE3000 \SystemRoot\system32\DRIVERS\SaiH8000.sys
0x89F04000 \SystemRoot\system32\DRIVERS\mouhid.sys
0x89F0F000 \SystemRoot\system32\drivers\luafv.sys
0x89F2A000 \??\C:\Windows\system32\drivers\aswMonFlt.sys
0x89F61000 \SystemRoot\System32\Drivers\aswFsBlk.SYS
0x89F64000 \SystemRoot\system32\DRIVERS\usbprint.sys
0x9531F000 \SystemRoot\system32\DRIVERS\lltdio.sys
0x9532F000 \SystemRoot\system32\DRIVERS\nwifi.sys
0x95375000 \SystemRoot\system32\DRIVERS\ndisuio.sys
0x95385000 \SystemRoot\system32\DRIVERS\rspndr.sys
0x89F6F000 \SystemRoot\system32\drivers\HTTP.sys
0x95398000 \SystemRoot\system32\DRIVERS\bowser.sys
0x953B1000 \SystemRoot\System32\drivers\mpsdrv.sys
0x953C3000 \SystemRoot\system32\DRIVERS\mrxsmb.sys
0x95200000 \SystemRoot\system32\DRIVERS\mrxsmb10.sys
0x89E00000 \SystemRoot\system32\DRIVERS\mrxsmb20.sys
0x953E6000 \SystemRoot\system32\DRIVERS\parvdm.sys
0x9CA01000 \SystemRoot\system32\drivers\peauth.sys
0x9CA98000 \SystemRoot\System32\Drivers\secdrv.SYS
0x9CAA2000 \SystemRoot\System32\DRIVERS\srvnet.sys
0x9CAC3000 \??\C:\Windows\system32\SVKP.sys
0x9CAC4000 \SystemRoot\System32\drivers\tcpipreg.sys
0x9CAD1000 \SystemRoot\System32\DRIVERS\srv2.sys
0x9CB20000 \SystemRoot\System32\DRIVERS\srv.sys
0x9523B000 \SystemRoot\system32\DRIVERS\athrusb.sys
0x77220000 \Windows\System32\ntdll.dll
0x48160000 \Windows\System32\smss.exe
0x77460000 \Windows\System32\apisetschema.dll
0x00460000 \Windows\System32\autochk.exe
0x10000000 \Program Files\DAEMON Tools Lite\Engine.dll
0x77380000 \Windows\System32\msctf.dll
0x77020000 \Windows\System32\iertutil.dll
0x76F90000 \Windows\System32\clbcatq.dll
0x76F40000 \Windows\System32\gdi32.dll
0x77370000 \Windows\System32\normaliz.dll
0x76E60000 \Windows\System32\kernel32.dll
0x76DC0000 \Windows\System32\advapi32.dll
0x76D40000 \Windows\System32\comdlg32.dll
0x76CE0000 \Windows\System32\difxapi.dll
0x76C80000 \Windows\System32\shlwapi.dll
0x76B80000 \Windows\System32\wininet.dll
0x77360000 \Windows\System32\nsi.dll
0x76AE0000 \Windows\System32\usp10.dll
0x76940000 \Windows\System32\setupapi.dll
0x75CF0000 \Windows\System32\shell32.dll
0x75C60000 \Windows\System32\oleaut32.dll
0x75B20000 \Windows\System32\urlmon.dll
0x759C0000 \Windows\System32\ole32.dll
0x75970000 \Windows\System32\Wldap32.dll
0x75930000 \Windows\System32\ws2_32.dll
0x75900000 \Windows\System32\imagehlp.dll
0x758E0000 \Windows\System32\sechost.dll
0x758D0000 \Windows\System32\psapi.dll
0x75820000 \Windows\System32\rpcrt4.dll
0x75810000 \Windows\System32\lpk.dll
0x757F0000 \Windows\System32\imm32.dll
0x75740000 \Windows\System32\msvcrt.dll
0x75670000 \Windows\System32\user32.dll
0x75650000 \Windows\System32\devobj.dll
0x75620000 \Windows\System32\cfgmgr32.dll
0x75500000 \Windows\System32\crypt32.dll
0x75470000 \Windows\System32\comctl32.dll
0x75420000 \Windows\System32\KernelBase.dll
0x753F0000 \Windows\System32\wintrust.dll
0x753E0000 \Windows\System32\msasn1.dll

Processes (total 57):
0 System Idle Process
4 System
240 C:\Windows\System32\smss.exe
332 csrss.exe
392 C:\Windows\System32\wininit.exe
400 csrss.exe
440 C:\Windows\System32\services.exe
456 C:\Windows\System32\lsass.exe
464 C:\Windows\System32\lsm.exe
548 C:\Windows\System32\winlogon.exe
628 C:\Windows\System32\svchost.exe
704 C:\Windows\System32\nvvsvc.exe
744 C:\Windows\System32\svchost.exe
792 C:\Windows\System32\svchost.exe
844 C:\Windows\System32\svchost.exe
892 C:\Windows\System32\svchost.exe
972 C:\Windows\System32\audiodg.exe
1032 C:\Windows\System32\svchost.exe
1148 C:\Windows\System32\svchost.exe
1264 C:\Program Files\Alwil Software\Avast5\AvastSvc.exe
1408 C:\Program Files\NVIDIA Corporation\Display\NvXDSync.exe
1500 C:\Windows\System32\nvvsvc.exe
1764 C:\Windows\System32\taskeng.exe
1772 C:\Windows\System32\spoolsv.exe
1808 C:\Windows\System32\svchost.exe
1872 C:\Windows\System32\rundll32.exe
1976 C:\Program Files\Common Files\LightScribe\LSSrvc.exe
2016 C:\Program Files\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
2192 C:\Windows\System32\svchost.exe
2520 C:\Windows\System32\svchost.exe
2616 C:\Program Files\Nero\Update\NASvc.exe
2680 C:\Program Files\Windows Media Player\wmpnetwk.exe
2728 C:\Windows\System32\SearchIndexer.exe
2840 WmiPrvSE.exe
2972 C:\Windows\System32\SearchProtocolHost.exe
3468 C:\Windows\System32\taskhost.exe
3516 C:\Windows\System32\dwm.exe
3548 C:\Windows\explorer.exe
3692 C:\Program Files\Winamp\winampa.exe
3700 C:\Program Files\Alwil Software\Avast5\AvastUI.exe
3708 C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe
3716 C:\Program Files\Common Files\Java\Java Update\jusched.exe
3752 C:\Program Files\Razer\Imperator\RazerImperatorTray.exe
3760 C:\Program Files\Adobe\Reader 9.0\Reader\reader_sl.exe
3792 C:\Program Files\Nero\Nero 10\Nero BackItUp\NBAgent.exe
4064 C:\Program Files\DAEMON Tools Lite\DTLite.exe
4080 C:\Program Files\Stardock\CursorFX\CursorFX.exe
4092 C:\Program Files\Pando Networks\Media Booster\PMB.exe
656 C:\Program Files\Common Files\LightScribe\LightScribeControlPanel.exe
3276 C:\Program Files\Mozilla Firefox\firefox.exe
2624 C:\Windows\System32\svchost.exe
3644 C:\Program Files\Mozilla Firefox\plugin-container.exe
2812 C:\Windows\System32\SearchFilterHost.exe
2720 C:\Windows\System32\SearchProtocolHost.exe
316 C:\Users\Jester\Downloads\MBRCheck.exe
528 C:\Windows\System32\conhost.exe
1080 C:\Windows\System32\dllhost.exe

\\.\C: --> \\.\PhysicalDrive0 at offset 0x00000000`06500000 (NTFS)

PhysicalDrive0 Model Number: ST3300622A, Rev: 3.AAH

Size Device Name MBR Status
--------------------------------------------
279 GB \\.\PhysicalDrive0 Windows 7 MBR code detected
SHA1: 4379A3D43019B46FA357F7DD6A53B45A3CA8FB79

Done!

Broni · Oct 30, 2010

Good. We took care of a rootkit. Let's see, what else you have there...

Please download ComboFix from Here or Here to your Desktop.

**Note: In the event you already have Combofix, this is a new version that I need you to download. It is important that it is saved directly to your desktop**

Please, never rename Combofix unless instructed.
Close any open browsers.
Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.
- Very Important! Temporarily disable your anti-virus, script blocking and any anti-malware real-time protection before performing a scan. They can interfere with ComboFix or remove some of its embedded files which may cause "unpredictable results".
- Click on this link to see a list of programs that should be disabled. The list is not all inclusive. If yours is not listed and you don't know how to disable it, please ask.
NOTE1. If Combofix asks you to install Recovery Console, please allow it.
NOTE 2. If Combofix asks you to update the program, always do so.
- Close any open browsers.
- WARNING: Combofix will disconnect your machine from the Internet as soon as it starts
- Please do not attempt to re-connect your machine back to the Internet until Combofix has completely finished.
- If there is no internet connection after running Combofix, then restart your computer to restore back your connection.
Double click on combofix.exe & follow the prompts.
When finished, it will produce a report for you.
Please post the "C:\ComboFix.txt"

**Note: Do not mouseclick combofix's window while it's running. That may cause it to stall**

Make sure, you re-enable your security programs, when you're done with Combofix.

DO NOT make any other changes to your computer (like installing programs, using other cleaning tools, etc.), until it's officially declared clean!!!

eerievon · Oct 30, 2010

combo fix log

Well that is good news!
here's the combo fix log

ComboFix 10-10-30.01 - Jester 10/30/2010 19:43:52.1.2 - x86
Microsoft Windows 7 Ultimate 6.1.7600.0.1252.1.1033.18.2046.1362 [GMT -5:00]
Running from: c:\users\Jester\Desktop\ComboFix.exe
* Created a new restore point
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\Install.exe
c:\users\Jester\ace_uninstaller.exe
c:\users\Jester\AppData\Roaming\Microsoft\deleteme.exe

.
((((((((((((((((((((((((( Files Created from 2010-09-28 to 2010-10-31 )))))))))))))))))))))))))))))))
.

2010-10-30 17:32 . 2010-10-30 17:32 -------- d-----w- c:\users\Jester\AppData\Roaming\Malwarebytes
2010-10-30 17:32 . 2010-04-29 20:39 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2010-10-30 17:32 . 2010-10-30 17:32 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2010-10-30 17:32 . 2010-10-30 17:32 -------- d-----w- c:\programdata\Malwarebytes
2010-10-30 17:32 . 2010-04-29 20:39 20952 ----a-w- c:\windows\system32\drivers\mbam.sys
2010-10-28 11:11 . 2010-10-28 11:11 -------- d-----w- c:\users\Jester\AppData\Roaming\Webroot
2010-10-28 08:37 . 2010-10-28 08:37 -------- d-----w- c:\users\Jester\AppData\Local\AskToolbar
2010-10-27 00:59 . 2010-08-04 06:18 641536 ----a-w- c:\windows\system32\CPFilters.dll
2010-10-27 00:59 . 2010-08-04 06:17 417792 ----a-w- c:\windows\system32\msdri.dll
2010-10-27 00:59 . 2010-08-04 06:15 204288 ----a-w- c:\windows\system32\MSNP.ax
2010-10-27 00:59 . 2010-08-04 06:15 199680 ----a-w- c:\windows\system32\mpg2splt.ax
2010-10-27 00:58 . 2010-07-13 05:22 26504 ----a-w- c:\windows\system32\drivers\Diskdump.sys
2010-10-26 07:17 . 2010-10-07 23:21 6146896 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{57D98D58-4220-426D-9F87-DC8C5BE469BC}\mpengine.dll
2010-10-25 17:31 . 2010-10-25 17:31 -------- d-----w- c:\users\Jester\AppData\Local\LucasArts
2010-10-23 08:00 . 2010-10-23 08:00 -------- d-----w- c:\program files\MSXML 4.0
2010-10-23 00:57 . 2010-10-23 00:57 -------- d-----w- c:\programdata\LightScribe
2010-10-23 00:57 . 2010-10-23 00:57 -------- d-----w- c:\users\Jester\AppData\Roaming\Nero
2010-10-23 00:46 . 2010-10-23 00:52 -------- d-----w- c:\programdata\Nero
2010-10-23 00:46 . 2010-10-23 00:46 -------- d-----w- c:\program files\Common Files\Nero
2010-10-23 00:46 . 2010-10-23 00:52 -------- d-----w- c:\program files\Nero
2010-10-23 00:41 . 2010-10-28 23:10 -------- d-----w- c:\program files\Ask.com
2010-10-23 00:40 . 2010-10-23 00:40 -------- d-----w- c:\program files\Common Files\LightScribe
2010-10-22 05:01 . 2010-10-22 05:01 -------- d-----w- c:\users\Jester\AppData\Local\FalloutNV
2010-10-21 00:12 . 2010-10-26 03:44 -------- d-----w- c:\users\Jester\AppData\Roaming\dvdcss
2010-10-20 19:16 . 2010-10-20 19:16 -------- d-----w- c:\programdata\McAfee
2010-10-12 23:49 . 2010-06-29 05:02 1413632 ----a-w- c:\windows\system32\ole32.dll
2010-10-12 23:49 . 2010-06-29 04:57 4247040 ----a-w- c:\program files\Windows NT\Accessories\wordpad.exe
2010-10-12 23:48 . 2010-08-26 04:39 109056 ----a-w- c:\windows\system32\t2embed.dll
2010-10-12 23:48 . 2010-08-21 05:36 224256 ----a-w- c:\windows\system32\schannel.dll
2010-10-12 23:48 . 2010-08-21 05:33 530432 ----a-w- c:\windows\system32\comctl32.dll
2010-10-12 23:48 . 2010-08-31 04:32 954752 ----a-w- c:\windows\system32\mfc40.dll
2010-10-12 23:48 . 2010-08-31 04:32 954288 ----a-w- c:\windows\system32\mfc40u.dll
2010-10-12 23:47 . 2010-09-01 04:26 164864 ----a-w- c:\program files\Windows Media Player\wmplayer.exe
2010-10-12 23:47 . 2010-09-01 04:23 12625408 ----a-w- c:\windows\system32\wmploc.DLL
2010-10-12 23:47 . 2010-09-01 02:34 2327552 ----a-w- c:\windows\system32\win32k.sys
2010-10-12 23:47 . 2010-08-27 05:46 168448 ----a-w- c:\windows\system32\srvsvc.dll
2010-10-12 23:47 . 2010-08-27 03:31 310784 ----a-w- c:\windows\system32\drivers\srv.sys
2010-10-12 23:47 . 2010-08-27 03:30 308736 ----a-w- c:\windows\system32\drivers\srv2.sys
2010-10-12 23:47 . 2010-08-27 03:30 113664 ----a-w- c:\windows\system32\drivers\srvnet.sys
2010-10-12 23:43 . 2010-08-21 05:36 738816 ----a-w- c:\windows\system32\wmpmde.dll
2010-10-12 23:43 . 2010-05-05 06:46 363520 ----a-w- c:\windows\system32\StructuredQuery.dll
2010-10-10 02:36 . 2010-10-10 02:36 -------- d-----w- c:\users\Jester\AppData\Local\Focus
2010-10-10 02:36 . 2010-06-13 17:49 189952 ----a-w- c:\windows\system32\Focus.scr
2010-10-10 02:28 . 2010-10-10 02:28 -------- d-----w- c:\windows\system32\EWS
2010-10-10 02:26 . 2010-10-10 02:26 -------- d-----w- c:\program files\Radar Screensaver
2010-10-10 02:26 . 2010-10-10 02:20 2106368 ----a-w- c:\windows\system32\radarss.scr
2010-10-09 23:43 . 2010-10-09 23:43 -------- d-----w- c:\program files\Common Files\Adobe
2010-10-09 23:29 . 2010-10-09 23:29 -------- d-----w- c:\program files\Razer
2010-10-08 04:35 . 2010-10-08 04:35 -------- d-----w- c:\users\Jester\AppData\Local\SKIDROW
2010-10-05 18:02 . 2010-10-05 18:02 -------- d-----w- c:\programdata\Nexon
2010-10-05 17:59 . 2010-10-05 17:59 -------- d-----w- c:\program files\BandiMPEG1
2010-10-03 15:06 . 2010-10-03 15:31 -------- d-----w- c:\program files\Darksiders
2010-10-03 03:45 . 2010-10-03 03:46 -------- d-----w- c:\users\Jester\AppData\Local\Darksiders
2010-10-03 03:41 . 2010-10-03 03:43 -------- d-----w- c:\program files\RegCleaner

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-10-19 16:41 . 2010-08-27 03:47 222080 ------w- c:\windows\system32\MpSigStub.exe
2010-09-26 18:02 . 2010-09-26 18:02 2368 ----a-w- c:\windows\system32\SVKP.sys
2010-09-11 16:07 . 2010-09-11 16:07 423656 ----a-w- c:\windows\system32\deployJava1.dll
2010-09-11 06:46 . 2010-09-26 19:17 887912 ----a-w- c:\windows\system32\nvdispco322050.dll
2010-09-11 06:46 . 2010-09-26 19:17 813672 ----a-w- c:\windows\system32\nvgenco322030.dll
2010-09-11 06:46 . 2010-09-26 19:17 57960 ----a-w- c:\windows\system32\OpenCL.dll
2010-09-11 06:46 . 2010-09-26 19:17 5399656 ----a-w- c:\windows\system32\nvwgf2um.dll
2010-09-11 06:46 . 2010-09-26 19:17 4836456 ----a-w- c:\windows\system32\nvcuda.dll
2010-09-11 06:46 . 2010-09-26 19:17 319080 ----a-w- c:\windows\system32\nvdecodemft.dll
2010-09-11 06:46 . 2010-09-26 19:17 2912360 ----a-w- c:\windows\system32\nvcuvid.dll
2010-09-11 06:46 . 2010-09-26 19:17 2666600 ----a-w- c:\windows\system32\nvcuvenc.dll
2010-09-11 06:46 . 2010-09-26 19:17 1718376 ----a-w- c:\windows\system32\nvapi.dll
2010-09-11 06:46 . 2010-09-26 19:17 14899816 ----a-w- c:\windows\system32\nvoglv32.dll
2010-09-11 06:46 . 2010-09-26 19:17 13019752 ----a-w- c:\windows\system32\nvcompiler.dll
2010-09-11 06:46 . 2010-09-26 19:17 10920 ----a-w- c:\windows\system32\drivers\nvBridge.kmd
2010-09-11 06:46 . 2010-09-26 19:17 10055112 ----a-w- c:\windows\system32\drivers\nvlddmkm.sys
2010-09-11 06:46 . 2010-09-26 19:17 10022504 ----a-w- c:\windows\system32\nvd3dum.dll
2010-09-11 05:02 . 2010-09-11 05:02 600680 ----a-w- c:\windows\system32\nvvsvc.exe
2010-09-11 05:02 . 2010-09-11 05:02 110696 ----a-w- c:\windows\system32\nvmctray.dll
2010-09-11 05:02 . 2010-09-11 05:02 66664 ----a-w- c:\windows\system32\nvshext.dll
2010-09-11 05:02 . 2010-09-11 05:02 3359848 ----a-w- c:\windows\system32\nvcpl.dll
2010-09-11 05:02 . 2010-09-11 05:02 2065512 ----a-w- c:\windows\system32\nvsvc.dll
2010-09-10 15:20 . 2010-09-10 05:22 444952 ----a-w- c:\windows\system32\wrap_oal.dll
2010-09-10 15:20 . 2010-09-10 05:22 109080 ----a-w- c:\windows\system32\OpenAL32.dll
2010-09-08 16:17 . 2010-09-08 16:17 94208 ----a-w- c:\windows\system32\QuickTimeVR.qtx
2010-09-08 16:17 . 2010-09-08 16:17 69632 ----a-w- c:\windows\system32\QuickTime.qts
2010-09-07 19:15 . 2010-09-07 19:15 396672 ----a-w- c:\windows\system32\RzMwApiD.dll
2010-09-07 15:12 . 2010-08-31 01:51 38848 ----a-w- c:\windows\avastSS.scr
2010-09-07 15:11 . 2010-08-31 01:51 167592 ----a-w- c:\windows\system32\aswBoot.exe
2010-09-07 14:52 . 2010-08-31 01:52 46672 ----a-w- c:\windows\system32\drivers\aswTdi.sys
2010-09-07 14:52 . 2010-08-31 01:52 165584 ----a-w- c:\windows\system32\drivers\aswSP.sys
2010-09-07 14:47 . 2010-08-31 01:52 23376 ----a-w- c:\windows\system32\drivers\aswRdr.sys
2010-09-07 14:47 . 2010-08-31 01:52 50768 ----a-w- c:\windows\system32\drivers\aswMonFlt.sys
2010-09-07 14:47 . 2010-08-31 01:52 17744 ----a-w- c:\windows\system32\drivers\aswFsBlk.sys
2010-08-29 05:39 . 2010-08-29 05:39 111960 ----a-w- c:\windows\dxsdkuninst.exe
2010-08-27 05:16 . 2010-08-27 05:16 691696 ----a-w- c:\windows\system32\drivers\sptd.sys
2010-08-27 04:27 . 2009-07-13 23:40 409088 ----a-w- c:\windows\system32\systemcpl.dll
2010-08-27 04:27 . 2009-07-13 23:36 13824 ----a-w- c:\windows\system32\slwga.dll
2010-08-27 04:27 . 2009-07-13 23:24 811520 ----a-w- c:\windows\system32\user32.dll
2010-08-27 04:27 . 2009-07-13 23:24 78336 ----a-w- c:\users\Jester\AppData\Local\ms01re.dll
2010-08-21 05:32 . 2010-09-15 19:55 316928 ----a-w- c:\windows\system32\spoolsv.exe
.

------- Sigcheck -------

[-] 2010-08-27 . 7BD7F45FF37FA0669CD32CA0EF46E22C . 811520 . . [6.1.7600.16385] . . c:\windows\System32\user32.dll
[7] 2009-07-14 . 34B7E222E81FAFA885F0C5F2CFA56861 . 811520 . . [6.1.7600.16385] . . c:\windows\winsxs\x86_microsoft-windows-user32_31bf3856ad364e35_6.1.7600.16385_none_cd0ec264ceb014a3\user32.dll
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{D4027C7F-154A-4066-A1AD-4243D8127440}]
2010-06-10 22:28 1233288 ----a-w- c:\program files\Ask.com\GenericAskToolbar.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
"{D4027C7F-154A-4066-A1AD-4243D8127440}"= "c:\program files\Ask.com\GenericAskToolbar.dll" [2010-06-10 1233288]

[HKEY_CLASSES_ROOT\clsid\{d4027c7f-154a-4066-a1ad-4243d8127440}]
[HKEY_CLASSES_ROOT\GenericAskToolbar.ToolbarWnd.1]
[HKEY_CLASSES_ROOT\TypeLib\{2996F0E7-292B-4CAE-893F-47B8B1C05B56}]
[HKEY_CLASSES_ROOT\GenericAskToolbar.ToolbarWnd]

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\Webbrowser]
"{D4027C7F-154A-4066-A1AD-4243D8127440}"= "c:\program files\Ask.com\GenericAskToolbar.dll" [2010-06-10 1233288]

[HKEY_CLASSES_ROOT\clsid\{d4027c7f-154a-4066-a1ad-4243d8127440}]
[HKEY_CLASSES_ROOT\GenericAskToolbar.ToolbarWnd.1]
[HKEY_CLASSES_ROOT\TypeLib\{2996F0E7-292B-4CAE-893F-47B8B1C05B56}]
[HKEY_CLASSES_ROOT\GenericAskToolbar.ToolbarWnd]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"DAEMON Tools Lite"="c:\program files\DAEMON Tools Lite\DTLite.exe" [2010-04-01 357696]
"Steam"="c:\program files\steam\steam.exe" [2010-08-30 1242448]
"CursorFX"="c:\program files\Stardock\CursorFX\CursorFX.exe" [2010-03-23 417280]
"Pando Media Booster"="c:\program files\Pando Networks\Media Booster\PMB.exe" [2010-09-17 2969496]
"LightScribe Control Panel"="c:\program files\Common Files\LightScribe\LightScribeControlPanel.exe" [2009-06-17 2363392]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"WinampAgent"="c:\program files\Winamp\winampa.exe" [2010-07-12 74752]
"avast5"="c:\program files\Alwil Software\Avast5\avastUI.exe" [2010-09-07 2838912]
"GrooveMonitor"="c:\program files\Microsoft Office\Office12\GrooveMonitor.exe" [2006-10-27 31016]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2010-05-14 248552]
"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2010-09-08 421888]
"Razer Imperator Driver"="c:\program files\Razer\Imperator\RazerImperatorTray.exe" [2010-09-07 2787224]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2010-09-23 35760]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2010-09-21 932288]
"NBAgent"="c:\program files\Nero\Nero 10\Nero BackItUp\NBAgent.exe" [2010-03-26 1234216]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 0 (0x0)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableLUA"= 0 (0x0)
"EnableUIADesktopToggle"= 0 (0x0)
"PromptOnSecureDesktop"= 0 (0x0)
"EnableLinkedConnections"= 1 (0x1)

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"aux"=wdmaud.drv

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Pwugohe]
2010-08-27 04:27 78336 ----a-w- c:\users\Jester\AppData\Local\ms01re.dll

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\KasperskyAntiVirus]
"DisableMonitoring"=dword:00000001

R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]
R3 WatAdminSvc;WatAdminSvc;c:\windows\system32\Wat\WatAdminSvc.exe [2010-08-27 1343400]
S0 sptd;sptd;c:\windows\System32\Drivers\sptd.sys [2010-08-27 691696]
S1 aswSP;aswSP; [x]
S2 aswFsBlk;aswFsBlk; [x]
S2 aswMonFlt;aswMonFlt;c:\windows\system32\drivers\aswMonFlt.sys [2010-09-07 50768]
S2 NAUpdate;Nero Update;c:\program files\Nero\Update\NASvc.exe [2010-03-25 490280]
S2 Stereo Service;NVIDIA Stereoscopic 3D Driver Service;c:\program files\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe [2010-09-11 369256]
S2 SVKP;SVKP;c:\windows\system32\SVKP.sys [2010-09-26 2368]
S3 athrusb;Atheros Wireless LAN USB device driver;c:\windows\system32\DRIVERS\athrusb.sys [2008-07-29 904192]
S3 SaiH8000;SaiH8000;c:\windows\system32\DRIVERS\SaiH8000.sys [2008-04-04 136832]

[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{10880D85-AAD9-4558-ABDC-2AB1552D831F}]
2009-06-17 17:11 451872 ----a-w- c:\program files\Common Files\LightScribe\LSRunOnce.exe
.
Contents of the 'Scheduled Tasks' folder
.
.
------- Supplementary Scan -------
.
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~4\Office12\EXCEL.EXE/3000
FF - ProfilePath - c:\users\Jester\AppData\Roaming\Mozilla\Firefox\Profiles\c990yxju.default\
FF - prefs.js: browser.startup.homepage - hxxp://www.google.com/ig
FF - component: c:\users\Jester\AppData\Roaming\Mozilla\Firefox\Profiles\c990yxju.default\extensions\DTToolbar@toolbarnet.com\components\DTToolbarFF.dll
FF - plugin: c:\program files\Java\jre6\bin\new_plugin\npdeployJava1.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\npwachk.dll
FF - plugin: c:\program files\NVIDIA Corporation\3D Vision\npnv3dv.dll
FF - plugin: c:\program files\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll
FF - plugin: c:\program files\Pando Networks\Media Booster\npPandoWebPlugin.dll
FF - plugin: c:\programdata\NexonUS\NGM\npNxGameUS.dll

---- FIREFOX POLICIES ----
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgbaam7a8h", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--fiqz9s", true); // Traditional
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--fiqs8s", true); // Simplified
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--j6w193g", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgberp4a5d4ar", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgberp4a5d4a87g", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgbqly7c0a67fbc", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgbqly7cvafr", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--kpry57d", true); // Traditional
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--kprw13d", true); // Simplified
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled", false);
.
- - - - ORPHANS REMOVED - - - -

MSConfigStartUp-U36VRSFLG6 - c:\users\Jester\AppData\Local\Temp\Xlx.exe

.
--------------------- LOCKED REGISTRY KEYS ---------------------

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
Completion time: 2010-10-30 19:49:44
ComboFix-quarantined-files.txt 2010-10-31 00:49

Pre-Run: 32,384,073,728 bytes free
Post-Run: 32,298,917,888 bytes free

- - End Of File - - F823151E870470EC189EA2452BDBF68A

Broni · Oct 30, 2010

Uninstall Ask Toolbar, known adware.

1. Please open Notepad

Click Start , then Run
Type notepad .exe in the Run Box.

2. Now copy/paste the entire content of the codebox below into the Notepad window:

Code:

FCopy::
c:\windows\winsxs\x86_microsoft-windows-user32_31bf3856ad364e35_6.1.7600.16385_none_cd0ec264ceb014a3\user32.dll | c:\windows\System32\user32.dll


File::
c:\users\Jester\AppData\Local\ms01re.dll


Folder::
c:\program files\RegCleaner
c:\users\Jester\AppData\Local\AskToolbar
c:\program files\Ask.com


Registry::
[-HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Pwugohe]

3. Save the above as CFScript.txt

4. Close/disable all anti virus and anti malware programs again, so they do not interfere with the running of ComboFix.

5. Then drag the CFScript.txt into ComboFix.exe as depicted in the animation below. This will start ComboFix again.

6. After reboot, (in case it asks to reboot), please post the following reports/logs into your next reply:

Combofix.txt

eerievon · Oct 30, 2010

combo fix log part 2

funny thing i had never noticed that the ask.com thing was installed on my system
anyway here it the second log
thanks again

ComboFix 10-10-30.01 - Jester 10/30/2010 21:14:52.2.2 - x86
Microsoft Windows 7 Ultimate 6.1.7600.0.1252.1.1033.18.2046.1210 [GMT -5:00]
Running from: c:\users\Jester\Desktop\ComboFix.exe
Command switches used :: c:\users\Jester\Desktop\CFScript.txt
* Created a new restore point

FILE ::
"c:\users\Jester\AppData\Local\ms01re.dll"
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\program files\RegCleaner
c:\program files\RegCleaner\Backups\10.30.2010.11.44.14....30.dat
c:\program files\RegCleaner\Backups\10.30.2010.11.44.14....30.reg
c:\program files\RegCleaner\Backups\10.30.2010.11.44.16....31.dat
c:\program files\RegCleaner\Backups\10.30.2010.11.44.18....32.dat
c:\program files\RegCleaner\Backups\10.30.2010.11.44.18....32.reg
c:\program files\RegCleaner\Backups\10.30.2010.11.44.20....86.dat
c:\program files\RegCleaner\Backups\10.30.2010.11.44.20....86.reg
c:\program files\RegCleaner\Backups\10.30.2010.11.44.22....87.dat
c:\program files\RegCleaner\Backups\10.30.2010.11.44.22....87.reg
c:\program files\RegCleaner\Backups\10.30.2010.11.44.24....88.dat
c:\program files\RegCleaner\Backups\10.30.2010.11.44.24....88.reg
c:\program files\RegCleaner\Backups\10.30.2010.11.44.25....90.dat
c:\program files\RegCleaner\Backups\10.30.2010.11.44.25....90.reg
c:\program files\RegCleaner\Backups\10.30.2010.11.45.16....116.dat
c:\program files\RegCleaner\Backups\10.30.2010.11.45.16....116.reg
c:\program files\RegCleaner\Backups\10.30.2010.11.45.16....4.dat
c:\program files\RegCleaner\Backups\10.30.2010.11.45.16....4.reg
c:\program files\RegCleaner\Backups\10.30.2010.11.46.46....6042.dat
c:\program files\RegCleaner\Backups\10.30.2010.11.46.46....6042.reg
c:\program files\RegCleaner\DefaultColors.dat
c:\program files\RegCleaner\DefaultColumns.dat
c:\program files\RegCleaner\DefaultOptions.dat
c:\program files\RegCleaner\Disclaimed.dat
c:\program files\RegCleaner\ignorelist.dat
c:\program files\RegCleaner\Languages\Bulgarian.rlg
c:\program files\RegCleaner\Languages\Bulgariàn.rlg
c:\program files\RegCleaner\Languages\Catalan.rlg
c:\program files\RegCleaner\Languages\Chinese Big5.rlg
c:\program files\RegCleaner\Languages\Chinese GB.rlg
c:\program files\RegCleaner\Languages\Croatian.rlg
c:\program files\RegCleaner\Languages\Czech.rlg
c:\program files\RegCleaner\Languages\Danish.rlg
c:\program files\RegCleaner\Languages\Deutsch.rlg
c:\program files\RegCleaner\Languages\Dutch.rlg
c:\program files\RegCleaner\Languages\Eesti.rlg
c:\program files\RegCleaner\Languages\English.rlg
c:\program files\RegCleaner\Languages\Finnish.rlg
c:\program files\RegCleaner\Languages\French.rlg
c:\program files\RegCleaner\Languages\Galician.rlg
c:\program files\RegCleaner\Languages\Greek.rlg
c:\program files\RegCleaner\Languages\Hebrew.rlg
c:\program files\RegCleaner\Languages\Hungarian.rlg
c:\program files\RegCleaner\Languages\Indonesian.rlg
c:\program files\RegCleaner\Languages\Italian.rlg
c:\program files\RegCleaner\Languages\Japanese.rlg
c:\program files\RegCleaner\Languages\Korean.rlg
c:\program files\RegCleaner\Languages\Lithuanian.rlg
c:\program files\RegCleaner\Languages\Macedonian.rlg
c:\program files\RegCleaner\Languages\Norwegian.rlg
c:\program files\RegCleaner\Languages\Polish.rlg
c:\program files\RegCleaner\Languages\Portuguese-BR.rlg
c:\program files\RegCleaner\Languages\Portuguese.rlg
c:\program files\RegCleaner\Languages\ROMANIA.rlg
c:\program files\RegCleaner\Languages\ROMANIAN.rlg
c:\program files\RegCleaner\Languages\Russian.rlg
c:\program files\RegCleaner\Languages\Serbian.rlg
c:\program files\RegCleaner\Languages\Slovak.rlg
c:\program files\RegCleaner\Languages\Slovenian.rlg
c:\program files\RegCleaner\Languages\Spanish.rlg
c:\program files\RegCleaner\Languages\Swedish.rlg
c:\program files\RegCleaner\Languages\Thai.rlg
c:\program files\RegCleaner\Languages\Turkish.rlg
c:\program files\RegCleaner\Languages\Ukr41.rlg
c:\program files\RegCleaner\Languages\Ukrainian.rlg
c:\program files\RegCleaner\old.dat
c:\program files\RegCleaner\Options.dat
c:\program files\RegCleaner\readme.htm
c:\program files\RegCleaner\Readme.txt
c:\program files\RegCleaner\RegCleanr.exe
c:\program files\RegCleaner\Uninstall.exe
c:\users\Jester\AppData\Local\ms01re.dll

.
--------------- FCopy ---------------

c:\windows\winsxs\x86_microsoft-windows-user32_31bf3856ad364e35_6.1.7600.16385_none_cd0ec264ceb014a3\user32.dll --> c:\windows\System32\user32.dll
.
((((((((((((((((((((((((( Files Created from 2010-09-28 to 2010-10-31 )))))))))))))))))))))))))))))))
.

2010-10-31 02:18 . 2010-10-31 02:18 -------- d-----w- c:\users\Jester\AppData\Local\temp
2010-10-31 02:18 . 2010-10-31 02:18 -------- d-----w- c:\users\Default\AppData\Local\temp
2010-10-30 17:32 . 2010-10-30 17:32 -------- d-----w- c:\users\Jester\AppData\Roaming\Malwarebytes
2010-10-30 17:32 . 2010-04-29 20:39 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2010-10-30 17:32 . 2010-10-30 17:32 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2010-10-30 17:32 . 2010-10-30 17:32 -------- d-----w- c:\programdata\Malwarebytes
2010-10-30 17:32 . 2010-04-29 20:39 20952 ----a-w- c:\windows\system32\drivers\mbam.sys
2010-10-28 11:11 . 2010-10-28 11:11 -------- d-----w- c:\users\Jester\AppData\Roaming\Webroot
2010-10-27 00:59 . 2010-08-04 06:18 641536 ----a-w- c:\windows\system32\CPFilters.dll
2010-10-27 00:59 . 2010-08-04 06:17 417792 ----a-w- c:\windows\system32\msdri.dll
2010-10-27 00:59 . 2010-08-04 06:15 204288 ----a-w- c:\windows\system32\MSNP.ax
2010-10-27 00:59 . 2010-08-04 06:15 199680 ----a-w- c:\windows\system32\mpg2splt.ax
2010-10-27 00:58 . 2010-07-13 05:22 26504 ----a-w- c:\windows\system32\drivers\Diskdump.sys
2010-10-26 07:17 . 2010-10-07 23:21 6146896 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{57D98D58-4220-426D-9F87-DC8C5BE469BC}\mpengine.dll
2010-10-25 17:31 . 2010-10-25 17:31 -------- d-----w- c:\users\Jester\AppData\Local\LucasArts
2010-10-23 08:00 . 2010-10-23 08:00 -------- d-----w- c:\program files\MSXML 4.0
2010-10-23 00:57 . 2010-10-23 00:57 -------- d-----w- c:\programdata\LightScribe
2010-10-23 00:57 . 2010-10-23 00:57 -------- d-----w- c:\users\Jester\AppData\Roaming\Nero
2010-10-23 00:46 . 2010-10-23 00:52 -------- d-----w- c:\programdata\Nero
2010-10-23 00:46 . 2010-10-23 00:46 -------- d-----w- c:\program files\Common Files\Nero
2010-10-23 00:46 . 2010-10-23 00:52 -------- d-----w- c:\program files\Nero
2010-10-23 00:40 . 2010-10-23 00:40 -------- d-----w- c:\program files\Common Files\LightScribe
2010-10-22 05:01 . 2010-10-22 05:01 -------- d-----w- c:\users\Jester\AppData\Local\FalloutNV
2010-10-21 00:12 . 2010-10-26 03:44 -------- d-----w- c:\users\Jester\AppData\Roaming\dvdcss
2010-10-20 19:16 . 2010-10-20 19:16 -------- d-----w- c:\programdata\McAfee
2010-10-12 23:49 . 2010-06-29 05:02 1413632 ----a-w- c:\windows\system32\ole32.dll
2010-10-12 23:49 . 2010-06-29 04:57 4247040 ----a-w- c:\program files\Windows NT\Accessories\wordpad.exe
2010-10-12 23:48 . 2010-08-26 04:39 109056 ----a-w- c:\windows\system32\t2embed.dll
2010-10-12 23:48 . 2010-08-21 05:36 224256 ----a-w- c:\windows\system32\schannel.dll
2010-10-12 23:48 . 2010-08-21 05:33 530432 ----a-w- c:\windows\system32\comctl32.dll
2010-10-12 23:48 . 2010-08-31 04:32 954752 ----a-w- c:\windows\system32\mfc40.dll
2010-10-12 23:48 . 2010-08-31 04:32 954288 ----a-w- c:\windows\system32\mfc40u.dll
2010-10-12 23:47 . 2010-09-01 04:26 164864 ----a-w- c:\program files\Windows Media Player\wmplayer.exe
2010-10-12 23:47 . 2010-09-01 04:23 12625408 ----a-w- c:\windows\system32\wmploc.DLL
2010-10-12 23:47 . 2010-09-01 02:34 2327552 ----a-w- c:\windows\system32\win32k.sys
2010-10-12 23:47 . 2010-08-27 05:46 168448 ----a-w- c:\windows\system32\srvsvc.dll
2010-10-12 23:47 . 2010-08-27 03:31 310784 ----a-w- c:\windows\system32\drivers\srv.sys
2010-10-12 23:47 . 2010-08-27 03:30 308736 ----a-w- c:\windows\system32\drivers\srv2.sys
2010-10-12 23:47 . 2010-08-27 03:30 113664 ----a-w- c:\windows\system32\drivers\srvnet.sys
2010-10-12 23:43 . 2010-08-21 05:36 738816 ----a-w- c:\windows\system32\wmpmde.dll
2010-10-12 23:43 . 2010-05-05 06:46 363520 ----a-w- c:\windows\system32\StructuredQuery.dll
2010-10-10 02:36 . 2010-10-10 02:36 -------- d-----w- c:\users\Jester\AppData\Local\Focus
2010-10-10 02:36 . 2010-06-13 17:49 189952 ----a-w- c:\windows\system32\Focus.scr
2010-10-10 02:28 . 2010-10-10 02:28 -------- d-----w- c:\windows\system32\EWS
2010-10-10 02:26 . 2010-10-10 02:26 -------- d-----w- c:\program files\Radar Screensaver
2010-10-10 02:26 . 2010-10-10 02:20 2106368 ----a-w- c:\windows\system32\radarss.scr
2010-10-09 23:43 . 2010-10-09 23:43 -------- d-----w- c:\program files\Common Files\Adobe
2010-10-09 23:29 . 2010-10-09 23:29 -------- d-----w- c:\program files\Razer
2010-10-08 04:35 . 2010-10-08 04:35 -------- d-----w- c:\users\Jester\AppData\Local\SKIDROW
2010-10-05 18:02 . 2010-10-05 18:02 -------- d-----w- c:\programdata\Nexon
2010-10-05 17:59 . 2010-10-05 17:59 -------- d-----w- c:\program files\BandiMPEG1
2010-10-03 15:06 . 2010-10-03 15:31 -------- d-----w- c:\program files\Darksiders
2010-10-03 03:45 . 2010-10-03 03:46 -------- d-----w- c:\users\Jester\AppData\Local\Darksiders

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-10-19 16:41 . 2010-08-27 03:47 222080 ------w- c:\windows\system32\MpSigStub.exe
2010-09-26 18:02 . 2010-09-26 18:02 2368 ----a-w- c:\windows\system32\SVKP.sys
2010-09-11 16:07 . 2010-09-11 16:07 423656 ----a-w- c:\windows\system32\deployJava1.dll
2010-09-11 06:46 . 2010-09-26 19:17 887912 ----a-w- c:\windows\system32\nvdispco322050.dll
2010-09-11 06:46 . 2010-09-26 19:17 813672 ----a-w- c:\windows\system32\nvgenco322030.dll
2010-09-11 06:46 . 2010-09-26 19:17 57960 ----a-w- c:\windows\system32\OpenCL.dll
2010-09-11 06:46 . 2010-09-26 19:17 5399656 ----a-w- c:\windows\system32\nvwgf2um.dll
2010-09-11 06:46 . 2010-09-26 19:17 4836456 ----a-w- c:\windows\system32\nvcuda.dll
2010-09-11 06:46 . 2010-09-26 19:17 319080 ----a-w- c:\windows\system32\nvdecodemft.dll
2010-09-11 06:46 . 2010-09-26 19:17 2912360 ----a-w- c:\windows\system32\nvcuvid.dll
2010-09-11 06:46 . 2010-09-26 19:17 2666600 ----a-w- c:\windows\system32\nvcuvenc.dll
2010-09-11 06:46 . 2010-09-26 19:17 1718376 ----a-w- c:\windows\system32\nvapi.dll
2010-09-11 06:46 . 2010-09-26 19:17 14899816 ----a-w- c:\windows\system32\nvoglv32.dll
2010-09-11 06:46 . 2010-09-26 19:17 13019752 ----a-w- c:\windows\system32\nvcompiler.dll
2010-09-11 06:46 . 2010-09-26 19:17 10920 ----a-w- c:\windows\system32\drivers\nvBridge.kmd
2010-09-11 06:46 . 2010-09-26 19:17 10055112 ----a-w- c:\windows\system32\drivers\nvlddmkm.sys
2010-09-11 06:46 . 2010-09-26 19:17 10022504 ----a-w- c:\windows\system32\nvd3dum.dll
2010-09-11 05:02 . 2010-09-11 05:02 600680 ----a-w- c:\windows\system32\nvvsvc.exe
2010-09-11 05:02 . 2010-09-11 05:02 110696 ----a-w- c:\windows\system32\nvmctray.dll
2010-09-11 05:02 . 2010-09-11 05:02 66664 ----a-w- c:\windows\system32\nvshext.dll
2010-09-11 05:02 . 2010-09-11 05:02 3359848 ----a-w- c:\windows\system32\nvcpl.dll
2010-09-11 05:02 . 2010-09-11 05:02 2065512 ----a-w- c:\windows\system32\nvsvc.dll
2010-09-10 15:20 . 2010-09-10 05:22 444952 ----a-w- c:\windows\system32\wrap_oal.dll
2010-09-10 15:20 . 2010-09-10 05:22 109080 ----a-w- c:\windows\system32\OpenAL32.dll
2010-09-08 16:17 . 2010-09-08 16:17 94208 ----a-w- c:\windows\system32\QuickTimeVR.qtx
2010-09-08 16:17 . 2010-09-08 16:17 69632 ----a-w- c:\windows\system32\QuickTime.qts
2010-09-07 19:15 . 2010-09-07 19:15 396672 ----a-w- c:\windows\system32\RzMwApiD.dll
2010-09-07 15:12 . 2010-08-31 01:51 38848 ----a-w- c:\windows\avastSS.scr
2010-09-07 15:11 . 2010-08-31 01:51 167592 ----a-w- c:\windows\system32\aswBoot.exe
2010-09-07 14:52 . 2010-08-31 01:52 46672 ----a-w- c:\windows\system32\drivers\aswTdi.sys
2010-09-07 14:52 . 2010-08-31 01:52 165584 ----a-w- c:\windows\system32\drivers\aswSP.sys
2010-09-07 14:47 . 2010-08-31 01:52 23376 ----a-w- c:\windows\system32\drivers\aswRdr.sys
2010-09-07 14:47 . 2010-08-31 01:52 50768 ----a-w- c:\windows\system32\drivers\aswMonFlt.sys
2010-09-07 14:47 . 2010-08-31 01:52 17744 ----a-w- c:\windows\system32\drivers\aswFsBlk.sys
2010-08-29 05:39 . 2010-08-29 05:39 111960 ----a-w- c:\windows\dxsdkuninst.exe
2010-08-27 05:16 . 2010-08-27 05:16 691696 ----a-w- c:\windows\system32\drivers\sptd.sys
2010-08-27 04:27 . 2009-07-13 23:40 409088 ----a-w- c:\windows\system32\systemcpl.dll
2010-08-27 04:27 . 2009-07-13 23:36 13824 ----a-w- c:\windows\system32\slwga.dll
2010-08-21 05:32 . 2010-09-15 19:55 316928 ----a-w- c:\windows\system32\spoolsv.exe
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"DAEMON Tools Lite"="c:\program files\DAEMON Tools Lite\DTLite.exe" [2010-04-01 357696]
"Steam"="c:\program files\steam\steam.exe" [2010-08-30 1242448]
"CursorFX"="c:\program files\Stardock\CursorFX\CursorFX.exe" [2010-03-23 417280]
"Pando Media Booster"="c:\program files\Pando Networks\Media Booster\PMB.exe" [2010-09-17 2969496]
"LightScribe Control Panel"="c:\program files\Common Files\LightScribe\LightScribeControlPanel.exe" [2009-06-17 2363392]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"WinampAgent"="c:\program files\Winamp\winampa.exe" [2010-07-12 74752]
"avast5"="c:\program files\Alwil Software\Avast5\avastUI.exe" [2010-09-07 2838912]
"GrooveMonitor"="c:\program files\Microsoft Office\Office12\GrooveMonitor.exe" [2006-10-27 31016]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2010-05-14 248552]
"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2010-09-08 421888]
"Razer Imperator Driver"="c:\program files\Razer\Imperator\RazerImperatorTray.exe" [2010-09-07 2787224]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2010-09-23 35760]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2010-09-21 932288]
"NBAgent"="c:\program files\Nero\Nero 10\Nero BackItUp\NBAgent.exe" [2010-03-26 1234216]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 0 (0x0)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableLUA"= 0 (0x0)
"EnableUIADesktopToggle"= 0 (0x0)
"PromptOnSecureDesktop"= 0 (0x0)
"EnableLinkedConnections"= 1 (0x1)

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"aux"=wdmaud.drv

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\KasperskyAntiVirus]
"DisableMonitoring"=dword:00000001

R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]
R3 WatAdminSvc;WatAdminSvc;c:\windows\system32\Wat\WatAdminSvc.exe [2010-08-27 1343400]
S0 sptd;sptd;c:\windows\System32\Drivers\sptd.sys [2010-08-27 691696]
S1 aswSP;aswSP; [x]
S2 aswFsBlk;aswFsBlk; [x]
S2 aswMonFlt;aswMonFlt;c:\windows\system32\drivers\aswMonFlt.sys [2010-09-07 50768]
S2 NAUpdate;Nero Update;c:\program files\Nero\Update\NASvc.exe [2010-03-25 490280]
S2 Stereo Service;NVIDIA Stereoscopic 3D Driver Service;c:\program files\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe [2010-09-11 369256]
S2 SVKP;SVKP;c:\windows\system32\SVKP.sys [2010-09-26 2368]
S3 athrusb;Atheros Wireless LAN USB device driver;c:\windows\system32\DRIVERS\athrusb.sys [2008-07-29 904192]
S3 SaiH8000;SaiH8000;c:\windows\system32\DRIVERS\SaiH8000.sys [2008-04-04 136832]

[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{10880D85-AAD9-4558-ABDC-2AB1552D831F}]
2009-06-17 17:11 451872 ----a-w- c:\program files\Common Files\LightScribe\LSRunOnce.exe
.
.
------- Supplementary Scan -------
.
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~4\Office12\EXCEL.EXE/3000
FF - ProfilePath - c:\users\Jester\AppData\Roaming\Mozilla\Firefox\Profiles\c990yxju.default\
FF - prefs.js: browser.startup.homepage - hxxp://www.google.com/ig
FF - component: c:\users\Jester\AppData\Roaming\Mozilla\Firefox\Profiles\c990yxju.default\extensions\DTToolbar@toolbarnet.com\components\DTToolbarFF.dll
FF - plugin: c:\program files\Java\jre6\bin\new_plugin\npdeployJava1.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\npwachk.dll
FF - plugin: c:\program files\NVIDIA Corporation\3D Vision\npnv3dv.dll
FF - plugin: c:\program files\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll
FF - plugin: c:\program files\Pando Networks\Media Booster\npPandoWebPlugin.dll
FF - plugin: c:\programdata\NexonUS\NGM\npNxGameUS.dll

---- FIREFOX POLICIES ----
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgbaam7a8h", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--fiqz9s", true); // Traditional
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--fiqs8s", true); // Simplified
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--j6w193g", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgberp4a5d4ar", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgberp4a5d4a87g", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgbqly7c0a67fbc", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgbqly7cvafr", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--kpry57d", true); // Traditional
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--kprw13d", true); // Simplified
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled", false);
.
- - - - ORPHANS REMOVED - - - -

WebBrowser-{D4027C7F-154A-4066-A1AD-4243D8127440} - (no file)

.
--------------------- LOCKED REGISTRY KEYS ---------------------

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
Completion time: 2010-10-30 21:19:20
ComboFix-quarantined-files.txt 2010-10-31 02:19
ComboFix2.txt 2010-10-31 00:49

Pre-Run: 32,347,361,280 bytes free
Post-Run: 32,302,239,744 bytes free

- - End Of File - - E62A98148B63A6FED8F1FA3E3EE95A3F

Broni · Oct 30, 2010

Looks good

How is redirection?

Download OTL to your Desktop.

Double click on the icon to run it. Make sure all other windows are closed and to let it run uninterrupted.
Under the Custom Scan box paste this in:

netsvcs
drivers32
%SYSTEMDRIVE%\*.*
%systemroot%\Fonts\*.com
%systemroot%\Fonts\*.dll
%systemroot%\Fonts\*.ini
%systemroot%\Fonts\*.ini2
%systemroot%\Fonts\*.exe
%systemroot%\system32\spool\prtprocs\w32x86\*.*
%systemroot%\REPAIR\*.bak1
%systemroot%\REPAIR\*.ini
%systemroot%\system32\*.jpg
%systemroot%\*.jpg
%systemroot%\*.png
%systemroot%\*.scr
%systemroot%\*._sy
%APPDATA%\Adobe\Update\*.*
%ALLUSERSPROFILE%\Favorites\*.*
%APPDATA%\Microsoft\*.*
%PROGRAMFILES%\*.*
%APPDATA%\Update\*.*
%systemroot%\*. /mp /s
CREATERESTOREPOINT
%systemroot%\System32\config\*.sav
%PROGRAMFILES%\bak. /s
%systemroot%\system32\bak. /s
%ALLUSERSPROFILE%\Start Menu\*.lnk /x
%systemroot%\system32\config\systemprofile\*.dat /x
%systemroot%\*.config
%systemroot%\system32\*.db
%APPDATA%\Microsoft\Internet Explorer\Quick Launch\*.lnk /x
%USERPROFILE%\Desktop\*.exe
%PROGRAMFILES%\Common Files\*.*
%systemroot%\*.src
%systemroot%\install\*.*
%systemroot%\system32\DLL\*.*
%systemroot%\system32\HelpFiles\*.*
%systemroot%\system32\rundll\*.*
%systemroot%\winn32\*.*
%systemroot%\Java\*.*
%systemroot%\system32\test\*.*
%systemroot%\system32\Rundll32\*.*
%systemroot%\AppPatch\Custom\*.*
%APPDATA%\Roaming\Microsoft\Windows\Recent\*.lnk /x
%PROGRAMFILES%\PC-Doctor\Downloads\*.*
%PROGRAMFILES%\Internet Explorer\*.tmp
%PROGRAMFILES%\Internet Explorer\*.dat
%USERPROFILE%\My Documents\*.exe
%USERPROFILE%\*.exe
%systemroot%\ADDINS\*.*
%systemroot%\assembly\*.bak2
%systemroot%\Config\*.*
%systemroot%\REPAIR\*.bak2
%systemroot%\SECURITY\Database\*.sdb /x
%systemroot%\SYSTEM\*.bak2
%systemroot%\Web\*.bak2
%systemroot%\Driver Cache\*.*
%PROGRAMFILES%\Mozilla Firefox\0*.exe
%ProgramFiles%\Microsoft Common\*.*
%ProgramFiles%\TinyProxy.
%USERPROFILE%\Favorites\*.url /x
%systemroot%\system32\*.bk
%systemroot%\*.te
%systemroot%\system32\system32\*.*
%ALLUSERSPROFILE%\*.dat /x
%systemroot%\system32\drivers\*.rmv
dir /b "%systemroot%\system32\*.exe" | find /i " " /c
dir /b "%systemroot%\*.exe" | find /i " " /c
%PROGRAMFILES%\Microsoft\*.*
%systemroot%\System32\Wbem\proquota.exe
%PROGRAMFILES%\Mozilla Firefox\*.dat
%USERPROFILE%\Cookies\*.txt /x
%SystemRoot%\system32\fonts\*.*
%systemroot%\system32\winlog\*.*
%systemroot%\system32\Language\*.*
%systemroot%\system32\Settings\*.*
%systemroot%\system32\*.quo
%SYSTEMROOT%\AppPatch\*.exe
%SYSTEMROOT%\inf\*.exe
%SYSTEMROOT%\Installer\*.exe
%systemroot%\system32\config\*.bak2
%systemroot%\system32\Computers\*.*
%SystemRoot%\system32\Sound\*.*
%SystemRoot%\system32\SpecialImg\*.*
%SystemRoot%\system32\code\*.*
%SystemRoot%\system32\draft\*.*
%SystemRoot%\system32\MSSSys\*.*
%ProgramFiles%\Javascript\*.*
%systemroot%\pchealth\helpctr\System\*.exe /s
%systemroot%\Web\*.exe
%systemroot%\system32\msn\*.*
%systemroot%\system32\*.tro
%AppData%\Microsoft\Installer\msupdates\*.*
%ProgramFiles%\Messenger\*.*
%systemroot%\system32\systhem32\*.*
%systemroot%\system\*.exe
HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate\AU
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\Auto Update\Results\Install|LastSuccessTime /rs
/md5start
/md5stop

Click the Quick Scan button. Do not change any settings unless otherwise told to do so. The scan wont take long.
When the scan completes, it will open two notepad windows: OTL.txt and Extras.txt. These are saved in the same location as OTL.
Please copy (Edit->Select All, Edit->Copy) the contents of these files, one at a time, and post them back here.

eerievon · Oct 30, 2010

OTL and Extras

no more redirects and the browser seems to be running faster or at least as good as it was before all this happened and now for the logs

extras log part 1

OTL Extras logfile created on: 10/30/2010 10:48:16 PM - Run 1
OTL by OldTimer - Version 3.2.17.1 Folder = C:\Users\Jester\Desktop
Ultimate Edition (Version = 6.1.7600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.7600.16385)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

2.00 Gb Total Physical Memory | 1.00 Gb Available Physical Memory | 72.00% Memory free
4.00 Gb Paging File | 3.00 Gb Available in Paging File | 82.00% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 279.36 Gb Total Space | 30.13 Gb Free Space | 10.79% Space Free | Partition Type: NTFS
Drive D: | 7.20 Mb Total Space | 0.00 Mb Free Space | 0.00% Space Free | Partition Type: UDF

Computer Name: JESTERS-TOY | User Name: Jester | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Extra Registry (SafeList) ==========

========== File Associations ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\System32\control.exe (Microsoft Corporation)
.hlp [@ = hlpfile] -- C:\Windows\winhlp32.exe (Microsoft Corporation)

[HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation)

========== Shell Spawning ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
hlpfile [open] -- %SystemRoot%\winhlp32.exe %1 (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l (Microsoft Corporation)
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [AddToPlaylistVLC] -- "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" ()
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [PlayWithVLC] -- "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" ()
Directory [Winamp.Bookmark] -- "C:\Program Files\Winamp\winamp.exe" /BOOKMARK "%1" (Nullsoft, Inc.)
Directory [Winamp.Enqueue] -- "C:\Program Files\Winamp\winamp.exe" /ADD "%1" (Nullsoft, Inc.)
Directory [Winamp.Play] -- "C:\Program Files\Winamp\winamp.exe" "%1" (Nullsoft, Inc.)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

========== Security Center Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1
"FirewallDisableNotify" = 0
"AntiVirusDisableNotify" = 0
"UpdatesDisableNotify" = 0

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus]
"DisableMonitoring" = 1

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"VistaSp1" = Reg Error: Unknown registry data type -- File not found
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]

========== System Restore Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]
"DisableSR" = 0

========== Firewall Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile]

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\StandardProfile]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1

========== Authorized Applications List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]

========== HKEY_LOCAL_MACHINE Uninstall List ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{048298C9-A4D3-490B-9FF9-AB023A9238F3}" = Steam
"{08C8666B-C502-4AB3-B4CB-D74AC42D14FE}" = Nero BackItUp 10 Help (CHM)
"{0A0CADCF-78DA-33C4-A350-CD51849B9702}" = Microsoft .NET Framework 4 Extended
"{16987E99-C95C-4513-9239-7B44A0A71DB5}" = Nero SoundTrax 10 Help (CHM)
"{196BB40D-1578-3D01-B289-BEFC77A11A1E}" = Microsoft Visual C++ 2010 x86 Redistributable - 10.0.30319
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{1F7FB68F-52F6-46A3-B42F-38CE46295AE5}" = Nero MediaHub 10
"{237CCB62-8454-43E3-B158-3ACD0134852E}" = High-Definition Video Playback 10
"{2436F2A8-4B7E-4B6C-AE4E-604C84AA6A4F}" = Nero Core Components 10
"{26A24AE4-039D-4CA4-87B4-2F83216021FF}" = Java(TM) 6 Update 21
"{277C1559-4CF7-44FF-8D07-98AA9C13AABD}" = Nero Multimedia Suite 10
"{28999392-5871-4A39-863A-D2A6EA3260AF}" = League of Legends
"{329411A0-19F3-4740-874F-17400B126F27}" = Nero Vision 10 Help (CHM)
"{33643918-7957-4839-92C7-EA96CB621A98}" = Nero Express 10 Help (CHM)
"{34490F4E-48D0-492E-8249-B48BECF0537C}" = Nero DiscSpeed 10
"{3C3901C5-3455-3E0A-A214-0B093A5070A6}" = Microsoft .NET Framework 4 Client Profile
"{4343080E-91B7-4388-AB4D-FB1000008200}" = Dead Rising 2
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{523B2B1B-D8DB-4B41-90FF-C4D799E2758A}" = Nero ControlCenter 10 Help (CHM)
"{54510837-BD04-4C32-9676-DB1000038201}" = Red Faction: Guerrilla
"{555868C6-49FB-484F-BB43-8980651A1B00}" = Nero BurnRights 10 Help (CHM)
"{5F548A02-80BC-404D-BAE6-F05F9BF6B449}" = Nero DiscCopyGadget 10 Help (CHM)
"{63AA3EAB-23BB-48B2-9AD0-44F878075604}" = Nero 10 Menu TemplatePack Basic
"{65BB0407-4CC8-4DC7-952E-3EEFDF05602A}" = Nero Update
"{66049135-9659-4AAD-9169-9CCA269EBB3E}" = Nero InfoTool 10 Help (CHM)
"{68AB6930-5BFF-4FF6-923B-516A91984FE6}" = Nero BackItUp 10
"{6956856F-B6B3-4BE0-BA0B-8F495BE32033}" = Apple Software Update
"{6DFB899F-17A2-48F0-A533-ED8D6866CF38}" = Nero Control Center 10
"{70550193-1C22-445C-8FA4-564E155DB1A7}" = Nero Express 10
"{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable
"{7A295D8F-484B-4FFB-89AB-C1FD497591FE}" = Nero WaveEditor 10 Help (CHM)
"{7A5D731D-B4B3-490E-B339-75685712BAAB}" = Nero Burning ROM 10
"{82EF29B1-9B60-4142-A155-0599216DD053}" = LightScribe System Software
"{837b34e3-7c30-493c-8f6a-2b0f04e2912c}" = Microsoft Visual C++ 2005 Redistributable
"{88038160-9BCB-47BE-A5C3-5CE2DC115509}" = Star Wars Galaxies
"{8ECEC853-5C3D-4B10-B5C7-FF11FF724807}" = Nero Recode 10
"{8FB1B528-E260-451E-9B55-E9152F94B80B}" = Microsoft Games for Windows - LIVE Redistributable
"{90120000-0015-0409-0000-0000000FF1CE}" = Microsoft Office Access MUI (English) 2007
"{90120000-0016-0409-0000-0000000FF1CE}" = Microsoft Office Excel MUI (English) 2007
"{90120000-0018-0409-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (English) 2007
"{90120000-0019-0409-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (English) 2007
"{90120000-001A-0409-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (English) 2007
"{90120000-001B-0409-0000-0000000FF1CE}" = Microsoft Office Word MUI (English) 2007
"{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007
"{90120000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2007
"{90120000-001F-0C0A-0000-0000000FF1CE}" = Microsoft Office Proof (Spanish) 2007
"{90120000-002C-0409-0000-0000000FF1CE}" = Microsoft Office Proofing (English) 2007
"{90120000-0030-0000-0000-0000000FF1CE}" = Microsoft Office Enterprise 2007
"{90120000-0030-0000-0000-0000000FF1CE}_ENTERPRISE_{CEA4C7D0-ABBE-4074-A488-173BB382CDFF}" =
"{90120000-0044-0409-0000-0000000FF1CE}" = Microsoft Office InfoPath MUI (English) 2007
"{90120000-006E-0409-0000-0000000FF1CE}" = Microsoft Office Shared MUI (English) 2007
"{90120000-00A1-0409-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (English) 2007
"{90120000-00BA-0409-0000-0000000FF1CE}" = Microsoft Office Groove MUI (English) 2007
"{90120000-0114-0409-0000-0000000FF1CE}" = Microsoft Office Groove Setup Metadata MUI (English) 2007
"{90120000-0115-0409-0000-0000000FF1CE}" = Microsoft Office Shared Setup Metadata MUI (English) 2007
"{90120000-0117-0409-0000-0000000FF1CE}" = Microsoft Office Access Setup Metadata MUI (English) 2007
"{92606477-9366-4D3B-8AE3-6BE4B29727AB}" = League of Legends
"{92E25238-61A3-4ACD-A407-3C480EEF47A7}" = Nero RescueAgent 10 Help (CHM)
"{92EC1A84-7FFC-42DF-A8F6-79C21C4765A5}" = Nero DiscCopy Gadget 10
"{943CFD7D-5336-47AF-9418-E02473A5A517}" = Nero BurnRights 10
"{974C4B12-4D02-4879-85E0-61C95CC63E9E}" = Fallout 3
"{980A182F-E0A2-4A40-94C1-AE0C1235902E}" = Pando Media Booster
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{9A4297F3-2A51-4ED9-92CA-4BCB8380947E}" = Nero Vision 10
"{9B6B24BE-80E7-46C4-9FA5-B167D5E0F345}" = Nero BurningROM 10 Help (CHM)
"{A1E1A376-49D4-4960-8599-D5D26A4C2E7B}" = Razer Imperator
"{AC76BA86-7AD7-1033-7B44-A94000000001}" = Adobe Reader 9.4.0
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.3DVision" = NVIDIA 3D Vision Driver 260.63
"{B2FE1952-0186-46c3-BAEC-A80AA35AC5B8}_Display.ControlPanel" = NVIDIA Control Panel 260.63
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver" = NVIDIA Graphics Driver 260.63
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.PhysX" = NVIDIA PhysX System Software 9.10.0514
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_installer" = NVIDIA Install Application
"{B9DB4C76-01A4-46D5-8910-F7AA6376DBAF}" = NVIDIA PhysX
"{BAA11826-70EF-4E44-9E97-8476793E022F}" = Launchpad Enhanced
"{C1080852-065E-4991-9260-F3756E3CC182}" = CursorFX
"{C18A0418-442A-4186-AF98-D08F5054A2FC}" = Nero DiscSpeed 10 Help (CHM)
"{C3273C55-E1E4-41FF-8D69-0158090DB8D8}" = Nero CoverDesigner 10 Help (CHM)
"{C3580AC4-C827-4332-B935-9A282ED5BB97}" = Nero Dolby Files 10
"{D24DB8B9-BB6C-4334-9619-BA1C650E13D3}" = Microsoft Primary Interoperability Assemblies 2005
"{DAEAFD68-BB4A-4507-A241-C8804D2EA66D}" = Apple Application Support
"{DB7C1D4A-08BA-4C7E-A8AA-B7F9BB372DCF}" = Nero Recode 10 Help (CHM)
"{E1EE5339-5D32-458F-BAAB-B19F6301BCE2}" = Nero SoundTrax 10
"{E337E787-CF61-4B7B-B84F-509202A54023}" = Nero RescueAgent 10
"{E7004147-2CCA-431C-AA05-2AB166B9785D}" = QuickTime

eerievon · Oct 30, 2010

extras log part 2

"{EDCDFAD5-DF80-4600-A493-E9DAD6810230}" = Nero WaveEditor 10
"{F412B4AF-388C-4FF5-9B2F-33DB1C536953}" = Nero InfoTool 10
"{F467862A-D9CA-47ED-8D81-B4B3C9399272}" = Nero MediaHub 10 Help (CHM)
"{F5CB822F-B365-43D1-BCC0-4FDA1A2017A7}" = Nero 10 Movie ThemePack Basic
"{F6117F9C-ADB5-4590-9BE4-12C7BEC28702}" = Nero StartSmart 10 Help (CHM)
"{F61D489E-6C44-49AC-AD02-7DA8ACA73A65}" = Nero StartSmart 10
"{F97E3841-CA9D-4964-9D64-26066241D26F}" = Microsoft Games for Windows - LIVE
"{FC272B66-8372-49EF-A642-28CAD2B9EAC9}" = Tron 2.0
"{FCF00A6E-FB58-477A-ABE9-232907105521}" = Nero CoverDesigner 10
"{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022
"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin
"avast5" = avast! Free Antivirus
"BandiMPEG1" = Bandisoft MPEG-1 Decoder
"ClassicPro" = ClassicPro© v1.14
"Comical_is1" = Comical 0.8
"ComicRack" = ComicRack v0.9.130
"CursorFX" = CursorFX
"DAEMON Tools Toolbar" = DAEMON Tools Toolbar
"Driver Cleaner Pro" = DH Driver Cleaner Professional Edition
"ENTERPRISE" = Microsoft Office Enterprise 2007
"Fallout New Vegas_is1" = Fallout New Vegas
"GFWL_{4343080E-91B7-4388-AB4D-FB1000008200}" = Dead Rising 2
"Gothic II" = Gothic II
"Mafia 2_is1" = Mafia 2
"Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"Microsoft .NET Framework 4 Extended" = Microsoft .NET Framework 4 Extended
"Microsoft DirectX SDK (June 2010)" = Microsoft DirectX SDK (June 2010)
"Mozilla Firefox (3.6.12)" = Mozilla Firefox (3.6.12)
"NVIDIAStereo" = NVIDIA Stereoscopic 3D Driver
"OpenAL" = OpenAL
"oZone3D.Net FurMark_is1" = oZone3D.Net FurMark v1.6.5
"Star Wars: The Force Unleashed 2_is1" = Star Wars: The Force Unleashed 2
"StarCraft II" = StarCraft II
"Steam App 15620" = WarhammerÂ® 40,000â„¢: Dawn of WarÂ® II
"Steam App 2100" = Dark Messiah Might and Magic Single Player
"Steam App 220" = Half-Life 2
"Steam App 6910" = Deus Ex: Game of the Year Edition
"uTorrent" = µTorrent
"Vindictus" = Vindictus
"VLC media player" = VLC media player 1.1.4
"Winamp" = Winamp
"WinRAR archiver" = WinRAR archiver

========== HKEY_CURRENT_USER Uninstall List ==========

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"Winamp Detect" = Winamp Detector Plug-in

========== Last 10 Event Log Errors ==========

[ Application Events ]
Error - 10/30/2010 10:34:49 PM | Computer Name = Jesters-Toy | Source = Application Error | ID = 1000
Description = Faulting application name: AUDIODG.EXE, version: 6.1.7600.16385, time
stamp: 0x4a5bcb44 Faulting module name: unknown, version: 0.0.0.0, time stamp: 0x00000000
Exception
code: 0xc0000005 Fault offset: 0x756870a9 Faulting process id: 0xfd8 Faulting application
start time: 0x01cb78a430a6b534 Faulting application path: C:\Windows\system32\AUDIODG.EXE
Faulting
module path: unknown Report Id: 6e5802d4-e497-11df-863f-001fc60827a8

Error - 10/30/2010 10:34:50 PM | Computer Name = Jesters-Toy | Source = Application Error | ID = 1000
Description = Faulting application name: AUDIODG.EXE, version: 6.1.7600.16385, time
stamp: 0x4a5bcb44 Faulting module name: unknown, version: 0.0.0.0, time stamp: 0x00000000
Exception
code: 0xc0000005 Fault offset: 0x756870a9 Faulting process id: 0x8c0 Faulting application
start time: 0x01cb78a430f54294 Faulting application path: C:\Windows\system32\AUDIODG.EXE
Faulting
module path: unknown Report Id: 6ea8f194-e497-11df-863f-001fc60827a8

Error - 10/30/2010 10:34:50 PM | Computer Name = Jesters-Toy | Source = Application Error | ID = 1000
Description = Faulting application name: AUDIODG.EXE, version: 6.1.7600.16385, time
stamp: 0x4a5bcb44 Faulting module name: unknown, version: 0.0.0.0, time stamp: 0x00000000
Exception
code: 0xc0000005 Fault offset: 0x756870a9 Faulting process id: 0xc38 Faulting application
start time: 0x01cb78a43105ec34 Faulting application path: C:\Windows\system32\AUDIODG.EXE
Faulting
module path: unknown Report Id: 6eb99b34-e497-11df-863f-001fc60827a8

Error - 10/30/2010 10:34:50 PM | Computer Name = Jesters-Toy | Source = Application Error | ID = 1000
Description = Faulting application name: AUDIODG.EXE, version: 6.1.7600.16385, time
stamp: 0x4a5bcb44 Faulting module name: unknown, version: 0.0.0.0, time stamp: 0x00000000
Exception
code: 0xc0000005 Fault offset: 0x756870a9 Faulting process id: 0xf5c Faulting application
start time: 0x01cb78a431547994 Faulting application path: C:\Windows\system32\AUDIODG.EXE
Faulting
module path: unknown Report Id: 6f082894-e497-11df-863f-001fc60827a8

Error - 10/30/2010 10:34:50 PM | Computer Name = Jesters-Toy | Source = Application Error | ID = 1000
Description = Faulting application name: AUDIODG.EXE, version: 6.1.7600.16385, time
stamp: 0x4a5bcb44 Faulting module name: unknown, version: 0.0.0.0, time stamp: 0x00000000
Exception
code: 0xc0000005 Fault offset: 0x756870a9 Faulting process id: 0xd94 Faulting application
start time: 0x01cb78a431652334 Faulting application path: C:\Windows\system32\AUDIODG.EXE
Faulting
module path: unknown Report Id: 6f1670d4-e497-11df-863f-001fc60827a8

Error - 10/30/2010 10:34:51 PM | Computer Name = Jesters-Toy | Source = Application Error | ID = 1000
Description = Faulting application name: AUDIODG.EXE, version: 6.1.7600.16385, time
stamp: 0x4a5bcb44 Faulting module name: unknown, version: 0.0.0.0, time stamp: 0x00000000
Exception
code: 0xc0000005 Fault offset: 0x756870a9 Faulting process id: 0xf8c Faulting application
start time: 0x01cb78a431b3b094 Faulting application path: C:\Windows\system32\AUDIODG.EXE
Faulting
module path: unknown Report Id: 6f675f94-e497-11df-863f-001fc60827a8

Error - 10/30/2010 10:34:51 PM | Computer Name = Jesters-Toy | Source = Application Error | ID = 1000
Description = Faulting application name: AUDIODG.EXE, version: 6.1.7600.16385, time
stamp: 0x4a5bcb44 Faulting module name: unknown, version: 0.0.0.0, time stamp: 0x00000000
Exception
code: 0xc0000005 Fault offset: 0x756870a9 Faulting process id: 0x4c4 Faulting application
start time: 0x01cb78a431c91cf4 Faulting application path: C:\Windows\system32\AUDIODG.EXE
Faulting
module path: unknown Report Id: 6f7a6a94-e497-11df-863f-001fc60827a8

Error - 10/30/2010 10:34:52 PM | Computer Name = Jesters-Toy | Source = Application Error | ID = 1000
Description = Faulting application name: AUDIODG.EXE, version: 6.1.7600.16385, time
stamp: 0x4a5bcb44 Faulting module name: unknown, version: 0.0.0.0, time stamp: 0x00000000
Exception
code: 0xc0000005 Fault offset: 0x756870a9 Faulting process id: 0x5d0 Faulting application
start time: 0x01cb78a4321548f4 Faulting application path: C:\Windows\system32\AUDIODG.EXE
Faulting
module path: unknown Report Id: 6fc8f7f4-e497-11df-863f-001fc60827a8

Error - 10/30/2010 10:34:52 PM | Computer Name = Jesters-Toy | Source = Application Error | ID = 1000
Description = Faulting application name: AUDIODG.EXE, version: 6.1.7600.16385, time
stamp: 0x4a5bcb44 Faulting module name: unknown, version: 0.0.0.0, time stamp: 0x00000000
Exception
code: 0xc0000005 Fault offset: 0x756870a9 Faulting process id: 0xd80 Faulting application
start time: 0x01cb78a43225f294 Faulting application path: C:\Windows\system32\AUDIODG.EXE
Faulting
module path: unknown Report Id: 6fd9a194-e497-11df-863f-001fc60827a8

Error - 10/30/2010 10:34:52 PM | Computer Name = Jesters-Toy | Source = Application Error | ID = 1000
Description = Faulting application name: AUDIODG.EXE, version: 6.1.7600.16385, time
stamp: 0x4a5bcb44 Faulting module name: unknown, version: 0.0.0.0, time stamp: 0x00000000
Exception
code: 0xc0000005 Fault offset: 0x756870a9 Faulting process id: 0x558 Faulting application
start time: 0x01cb78a432747ff4 Faulting application path: C:\Windows\system32\AUDIODG.EXE
Faulting
module path: unknown Report Id: 70282ef4-e497-11df-863f-001fc60827a8

[ OSession Events ]
Error - 9/23/2010 12:09:07 AM | Computer Name = Jesters-Toy | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 3, Application Name: Microsoft Office PowerPoint, Application
Version: 12.0.4518.1014, Microsoft Office Version: 12.0.4518.1014. This session
lasted 49509 seconds with 120 seconds of active time. This session ended with a
crash.

Error - 10/6/2010 7:53:20 PM | Computer Name = Jesters-Toy | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 3, Application Name: Microsoft Office PowerPoint, Application
Version: 12.0.4518.1014, Microsoft Office Version: 12.0.4518.1014. This session
lasted 27145 seconds with 300 seconds of active time. This session ended with a
crash.

[ System Events ]
Error - 10/30/2010 2:32:17 PM | Computer Name = Jesters-Toy | Source = Service Control Manager | ID = 7031
Description = The Themes service terminated unexpectedly. It has done this 1 time(s).
The following corrective action will be taken in 60000 milliseconds: Restart the
service.

Error - 10/30/2010 2:32:17 PM | Computer Name = Jesters-Toy | Source = Service Control Manager | ID = 7031
Description = The Windows Management Instrumentation service terminated unexpectedly.
It has done this 1 time(s). The following corrective action will be taken in
120000 milliseconds: Restart the service.

Error - 10/30/2010 2:32:17 PM | Computer Name = Jesters-Toy | Source = Service Control Manager | ID = 7031
Description = The Windows Update service terminated unexpectedly. It has done this
1 time(s). The following corrective action will be taken in 60000 milliseconds:
Restart the service.

Error - 10/30/2010 2:33:17 PM | Computer Name = Jesters-Toy | Source = Service Control Manager | ID = 7032
Description = The Service Control Manager tried to take a corrective action (Restart
the service) after the unexpected termination of the Server service, but this action
failed with the following error: %%1056

Error - 10/30/2010 2:34:17 PM | Computer Name = Jesters-Toy | Source = Service Control Manager | ID = 7032
Description = The Service Control Manager tried to take a corrective action (Restart
the service) after the unexpected termination of the Computer Browser service,
but this action failed with the following error: %%1056

Error - 10/30/2010 2:34:17 PM | Computer Name = Jesters-Toy | Source = Service Control Manager | ID = 7032
Description = The Service Control Manager tried to take a corrective action (Restart
the service) after the unexpected termination of the Windows Management Instrumentation
service, but this action failed with the following error: %%1056

Error - 10/30/2010 8:43:46 PM | Computer Name = Jesters-Toy | Source = Service Control Manager | ID = 7030
Description = The PEVSystemStart service is marked as an interactive service. However,
the system is configured to not allow interactive services. This service may not
function properly.

Error - 10/30/2010 8:48:54 PM | Computer Name = Jesters-Toy | Source = Service Control Manager | ID = 7030
Description = The PEVSystemStart service is marked as an interactive service. However,
the system is configured to not allow interactive services. This service may not
function properly.

Error - 10/30/2010 10:14:38 PM | Computer Name = Jesters-Toy | Source = Service Control Manager | ID = 7030
Description = The PEVSystemStart service is marked as an interactive service. However,
the system is configured to not allow interactive services. This service may not
function properly.

Error - 10/30/2010 10:18:30 PM | Computer Name = Jesters-Toy | Source = Service Control Manager | ID = 7030
Description = The PEVSystemStart service is marked as an interactive service. However,
the system is configured to not allow interactive services. This service may not
function properly.

< End of report >

eerievon · Oct 31, 2010

OTL log part 1

OTL logfile created on: 10/30/2010 10:48:16 PM - Run 1
OTL by OldTimer - Version 3.2.17.1 Folder = C:\Users\Jester\Desktop
Ultimate Edition (Version = 6.1.7600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.7600.16385)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

2.00 Gb Total Physical Memory | 1.00 Gb Available Physical Memory | 72.00% Memory free
4.00 Gb Paging File | 3.00 Gb Available in Paging File | 82.00% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 279.36 Gb Total Space | 30.13 Gb Free Space | 10.79% Space Free | Partition Type: NTFS
Drive D: | 7.20 Mb Total Space | 0.00 Mb Free Space | 0.00% Space Free | Partition Type: UDF

Computer Name: JESTERS-TOY | User Name: Jester | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2010/10/30 22:45:45 | 000,575,488 | ---- | M] (OldTimer Tools) -- C:\Users\Jester\Desktop\OTL.exe
PRC - [2010/09/17 00:24:53 | 002,969,496 | ---- | M] () -- C:\Program Files\Pando Networks\Media Booster\PMB.exe
PRC - [2010/09/11 00:02:30 | 000,791,656 | ---- | M] (NVIDIA Corporation) -- C:\Program Files\NVIDIA Corporation\Display\NvXDSync.exe
PRC - [2010/09/10 23:04:54 | 000,369,256 | ---- | M] (NVIDIA Corporation) -- C:\Program Files\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
PRC - [2010/09/07 14:15:28 | 002,787,224 | ---- | M] (Razer USA Ltd) -- C:\Program Files\Razer\Imperator\RazerImperatorTray.exe
PRC - [2010/09/07 10:12:02 | 002,838,912 | ---- | M] (AVAST Software) -- C:\Program Files\Alwil Software\Avast5\AvastUI.exe
PRC - [2010/09/07 10:11:59 | 000,040,384 | ---- | M] (AVAST Software) -- C:\Program Files\Alwil Software\Avast5\AvastSvc.exe
PRC - [2010/07/12 11:32:48 | 000,074,752 | ---- | M] (Nullsoft, Inc.) -- C:\Program Files\Winamp\winampa.exe
PRC - [2010/04/01 04:16:20 | 000,357,696 | ---- | M] (DT Soft Ltd) -- C:\Program Files\DAEMON Tools Lite\DTLite.exe
PRC - [2010/03/26 10:52:24 | 001,234,216 | ---- | M] (Nero AG) -- C:\Program Files\Nero\Nero 10\Nero BackItUp\NBAgent.exe
PRC - [2010/03/25 14:39:22 | 000,490,280 | ---- | M] (Nero AG) -- C:\Program Files\Nero\Update\NASvc.exe
PRC - [2010/03/23 09:17:43 | 000,417,280 | ---- | M] (Stardock Corporation) -- C:\Program Files\Stardock\CursorFX\CursorFX.exe
PRC - [2009/10/31 00:45:39 | 002,614,272 | ---- | M] (Microsoft Corporation) -- C:\Windows\explorer.exe
PRC - [2009/07/13 20:14:42 | 000,049,152 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\taskhost.exe

========== Modules (SafeList) ==========

MOD - [2010/10/30 22:45:45 | 000,575,488 | ---- | M] (OldTimer Tools) -- C:\Users\Jester\Desktop\OTL.exe
MOD - [2010/08/21 00:21:32 | 001,680,896 | ---- | M] (Microsoft Corporation) -- C:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7600.16661_none_420fe3fa2b8113bd\comctl32.dll
MOD - [2010/03/23 09:17:43 | 000,035,144 | ---- | M] ( ) -- C:\Program Files\Stardock\CursorFX\CurXP0.dll
MOD - [2009/07/13 20:16:15 | 000,099,840 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\sspicli.dll
MOD - [2009/07/13 20:16:13 | 000,092,160 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\sechost.dll
MOD - [2009/07/13 20:16:13 | 000,050,688 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\samcli.dll
MOD - [2009/07/13 20:16:12 | 000,031,744 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\profapi.dll
MOD - [2009/07/13 20:16:03 | 000,022,016 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\netutils.dll
MOD - [2009/07/13 20:15:35 | 000,288,256 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\KernelBase.dll
MOD - [2009/07/13 20:15:13 | 000,067,072 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\dwmapi.dll
MOD - [2009/07/13 20:15:11 | 000,064,512 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\devobj.dll
MOD - [2009/07/13 20:15:07 | 000,036,864 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\cryptbase.dll
MOD - [2009/07/13 20:15:02 | 000,145,920 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\cfgmgr32.dll

========== Win32 Services (SafeList) ==========

SRV - [2010/09/10 23:04:54 | 000,369,256 | ---- | M] (NVIDIA Corporation) [Auto | Running] -- C:\Program Files\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe -- (Stereo Service)
SRV - [2010/09/07 10:11:59 | 000,040,384 | ---- | M] (AVAST Software) [On_Demand | Running] -- C:\Program Files\Alwil Software\Avast5\AvastSvc.exe -- (avast! Web Scanner)
SRV - [2010/09/07 10:11:59 | 000,040,384 | ---- | M] (AVAST Software) [On_Demand | Running] -- C:\Program Files\Alwil Software\Avast5\AvastSvc.exe -- (avast! Mail Scanner)
SRV - [2010/09/07 10:11:59 | 000,040,384 | ---- | M] (AVAST Software) [Auto | Running] -- C:\Program Files\Alwil Software\Avast5\AvastSvc.exe -- (avast! Antivirus)
SRV - [2010/08/26 23:27:37 | 001,343,400 | ---- | M] () [Unknown | Stopped] -- C:\Windows\System32\Wat\WatAdminSvc.exe -- (WatAdminSvc)
SRV - [2010/03/25 14:39:22 | 000,490,280 | ---- | M] (Nero AG) [Auto | Running] -- C:\Program Files\Nero\Update\NASvc.exe -- (NAUpdate)
SRV - [2010/03/18 16:47:22 | 000,035,160 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_state.exe -- (aspnet_state)
SRV - [2010/03/18 13:16:28 | 000,130,384 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32)
SRV - [2010/03/18 13:16:28 | 000,124,240 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\SMSvcHost.exe -- (NetTcpPortSharing)
SRV - [2010/03/18 13:16:28 | 000,124,240 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\SMSvcHost.exe -- (NetTcpActivator)
SRV - [2010/03/18 13:16:28 | 000,124,240 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\SMSvcHost.exe -- (NetPipeActivator)
SRV - [2010/03/18 13:16:28 | 000,124,240 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\SMSvcHost.exe -- (NetMsmqActivator)
SRV - [2009/07/16 17:04:16 | 000,316,664 | ---- | M] (Valve Corporation) [On_Demand | Stopped] -- C:\Program Files\Common Files\Steam\SteamService.exe -- (Steam Client Service)
SRV - [2009/07/13 20:16:21 | 000,185,856 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\wwansvc.dll -- (WwanSvc)
SRV - [2009/07/13 20:16:17 | 000,151,552 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\wbiosrvc.dll -- (WbioSrvc)
SRV - [2009/07/13 20:16:17 | 000,119,808 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\System32\umpo.dll -- (Power)
SRV - [2009/07/13 20:16:16 | 000,037,376 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\System32\themeservice.dll -- (Themes)
SRV - [2009/07/13 20:16:15 | 000,053,760 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\sppuinotify.dll -- (sppuinotify)
SRV - [2009/07/13 20:16:13 | 000,043,520 | ---- | M] (Microsoft Corporation) [Unknown | Running] -- C:\Windows\System32\RpcEpMap.dll -- (RpcEptMapper)
SRV - [2009/07/13 20:16:13 | 000,025,088 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\sensrsvc.dll -- (SensrSvc)
SRV - [2009/07/13 20:16:12 | 001,004,544 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\PeerDistSvc.dll -- (PeerDistSvc)
SRV - [2009/07/13 20:16:12 | 000,269,824 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Windows\System32\pnrpsvc.dll -- (PNRPsvc)
SRV - [2009/07/13 20:16:12 | 000,269,824 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Windows\System32\pnrpsvc.dll -- (p2pimsvc)
SRV - [2009/07/13 20:16:12 | 000,165,376 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Windows\System32\provsvc.dll -- (HomeGroupProvider)
SRV - [2009/07/13 20:16:12 | 000,020,480 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\pnrpauto.dll -- (PNRPAutoReg)
SRV - [2009/07/13 20:15:41 | 000,680,960 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
SRV - [2009/07/13 20:15:36 | 000,194,560 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Windows\System32\ListSvc.dll -- (HomeGroupListener)
SRV - [2009/07/13 20:15:21 | 000,797,696 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Windows\System32\FntCache.dll -- (FontCache)
SRV - [2009/07/13 20:15:11 | 000,253,440 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\System32\dhcpcore.dll -- (Dhcp)
SRV - [2009/07/13 20:15:10 | 000,218,624 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\defragsvc.dll -- (defragsvc)
SRV - [2009/07/13 20:14:59 | 000,076,800 | ---- | M] (Microsoft Corporation) [Unknown | Stopped] -- C:\Windows\System32\bdesvc.dll -- (BDESVC)
SRV - [2009/07/13 20:14:58 | 000,088,064 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\AxInstSv.dll -- (AxInstSV) ActiveX Installer (AxInstSV)
SRV - [2009/07/13 20:14:53 | 000,027,648 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\appidsvc.dll -- (AppIDSvc)
SRV - [2009/07/13 20:14:29 | 003,179,520 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\sppsvc.exe -- (sppsvc)

========== Driver Services (SafeList) ==========

DRV - File not found [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\EagleNT.sys -- (EagleNT)
DRV - File not found [Kernel | On_Demand | Stopped] -- C:\Users\Jester\AppData\Local\Temp\catchme.sys -- (catchme)
DRV - [2010/09/26 13:02:57 | 000,002,368 | ---- | M] (AntiCracking) [Kernel | Auto | Running] -- C:\Windows\System32\SVKP.sys -- (SVKP)
DRV - [2010/09/11 01:46:00 | 010,055,112 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\nvlddmkm.sys -- (nvlddmkm)
DRV - [2010/09/07 09:52:25 | 000,046,672 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\Windows\System32\drivers\aswTdi.sys -- (aswTdi)
DRV - [2010/09/07 09:52:03 | 000,165,584 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\Windows\System32\drivers\aswSP.sys -- (aswSP)
DRV - [2010/09/07 09:47:46 | 000,023,376 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\Windows\System32\drivers\aswRdr.sys -- (aswRdr)
DRV - [2010/09/07 09:47:30 | 000,050,768 | ---- | M] (AVAST Software) [File_System | Auto | Running] -- C:\Windows\System32\drivers\aswMonFlt.sys -- (aswMonFlt)
DRV - [2010/09/07 09:47:07 | 000,017,744 | ---- | M] (AVAST Software) [File_System | Auto | Running] -- C:\Windows\System32\drivers\aswFsBlk.sys -- (aswFsBlk)
DRV - [2010/08/27 00:16:32 | 000,691,696 | ---- | M] () [Kernel | Boot | Running] -- C:\Windows\System32\Drivers\sptd.sys -- (sptd)
DRV - [2009/12/11 02:44:02 | 000,133,720 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\System32\Drivers\ksecpkg.sys -- (KSecPkg)
DRV - [2009/07/13 20:26:21 | 000,015,952 | ---- | M] (CMD Technology, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\cmdide.sys -- (cmdide)
DRV - [2009/07/13 20:26:17 | 000,297,552 | ---- | M] (Adaptec, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\adpahci.sys -- (adpahci)
DRV - [2009/07/13 20:26:15 | 000,422,976 | ---- | M] (Adaptec, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\adp94xx.sys -- (adp94xx)
DRV - [2009/07/13 20:26:15 | 000,159,312 | ---- | M] (AMD Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\amdsbs.sys -- (amdsbs)
DRV - [2009/07/13 20:26:15 | 000,146,512 | ---- | M] (Adaptec, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\adpu320.sys -- (adpu320)
DRV - [2009/07/13 20:26:15 | 000,086,608 | ---- | M] (Adaptec, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\arcsas.sys -- (arcsas)
DRV - [2009/07/13 20:26:15 | 000,079,952 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\amdsata.sys -- (amdsata)
DRV - [2009/07/13 20:26:15 | 000,076,368 | ---- | M] (Adaptec, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\arc.sys -- (arc)
DRV - [2009/07/13 20:26:15 | 000,023,616 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\system32\DRIVERS\amdxata.sys -- (amdxata)
DRV - [2009/07/13 20:26:15 | 000,014,400 | ---- | M] (Acer Laboratories Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\aliide.sys -- (aliide)
DRV - [2009/07/13 20:20:44 | 000,142,416 | ---- | M] (NVIDIA Corporation) [Kernel | Boot | Running] -- C:\Windows\system32\DRIVERS\nvstor.sys -- (nvstor)
DRV - [2009/07/13 20:20:44 | 000,117,312 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\nvraid.sys -- (nvraid)
DRV - [2009/07/13 20:20:44 | 000,044,624 | ---- | M] (IBM Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\nfrd960.sys -- (nfrd960)
DRV - [2009/07/13 20:20:37 | 000,089,168 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\lsi_sas.sys -- (LSI_SAS)
DRV - [2009/07/13 20:20:36 | 000,332,352 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\iaStorV.sys -- (iaStorV)
DRV - [2009/07/13 20:20:36 | 000,235,584 | ---- | M] (LSI Corporation, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\MegaSR.sys -- (MegaSR)
DRV - [2009/07/13 20:20:36 | 000,096,848 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\lsi_scsi.sys -- (LSI_SCSI)
DRV - [2009/07/13 20:20:36 | 000,095,824 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\lsi_fc.sys -- (LSI_FC)
DRV - [2009/07/13 20:20:36 | 000,054,864 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\lsi_sas2.sys -- (LSI_SAS2)
DRV - [2009/07/13 20:20:36 | 000,041,040 | ---- | M] (Intel Corp./ICP vortex GmbH) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\iirsp.sys -- (iirsp)
DRV - [2009/07/13 20:20:36 | 000,030,800 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\megasas.sys -- (megasas)
DRV - [2009/07/13 20:20:36 | 000,013,904 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\System32\drivers\hwpolicy.sys -- (hwpolicy)
DRV - [2009/07/13 20:20:28 | 000,453,712 | ---- | M] (Emulex) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\elxstor.sys -- (elxstor)
DRV - [2009/07/13 20:20:28 | 000,070,720 | ---- | M] (Adaptec, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\djsvs.sys -- (aic78xx)
DRV - [2009/07/13 20:20:28 | 000,067,152 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\HpSAMD.sys -- (HpSAMD)
DRV - [2009/07/13 20:20:28 | 000,046,160 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\System32\drivers\fsdepends.sys -- (FsDepends)
DRV - [2009/07/13 20:19:11 | 000,141,904 | ---- | M] (VIA Technologies Inc.,Ltd) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\vsmraid.sys -- (vsmraid)
DRV - [2009/07/13 20:19:10 | 000,175,824 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\vmbus.sys -- (vmbus)
DRV - [2009/07/13 20:19:10 | 000,159,824 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\vhdmp.sys -- (vhdmp)
DRV - [2009/07/13 20:19:10 | 000,040,896 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\system32\DRIVERS\vmstorfl.sys -- (storflt)
DRV - [2009/07/13 20:19:10 | 000,032,832 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\system32\DRIVERS\vdrvroot.sys -- (vdrvroot)
DRV - [2009/07/13 20:19:10 | 000,028,224 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\storvsc.sys -- (storvsc)
DRV - [2009/07/13 20:19:10 | 000,019,008 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\System32\drivers\wimmount.sys -- (WIMMount)
DRV - [2009/07/13 20:19:10 | 000,016,976 | ---- | M] (VIA Technologies, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\viaide.sys -- (viaide)
DRV - [2009/07/13 20:19:04 | 001,383,488 | ---- | M] (QLogic Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\ql2300.sys -- (ql2300)
DRV - [2009/07/13 20:19:04 | 000,173,648 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\System32\drivers\rdyboost.sys -- (rdyboost)
DRV - [2009/07/13 20:19:04 | 000,106,064 | ---- | M] (QLogic Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\ql40xx.sys -- (ql40xx)
DRV - [2009/07/13 20:19:04 | 000,077,888 | ---- | M] (Silicon Integrated Systems) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\sisraid4.sys -- (SiSRaid4)
DRV - [2009/07/13 20:19:04 | 000,043,088 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\System32\drivers\pcw.sys -- (pcw)
DRV - [2009/07/13 20:19:04 | 000,040,016 | ---- | M] (Silicon Integrated Systems Corp.) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\SiSRaid2.sys -- (SiSRaid2)
DRV - [2009/07/13 20:19:04 | 000,021,072 | ---- | M] (Promise Technology) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\stexstor.sys -- (stexstor)
DRV - [2009/07/13 20:17:54 | 000,369,568 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\System32\Drivers\cng.sys -- (CNG)
DRV - [2009/07/13 19:57:25 | 000,272,128 | ---- | M] (Brother Industries Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\Drivers\Brserid.sys -- (Brserid) Brother MFC Serial Port Interface Driver (WDM)
DRV - [2009/07/13 19:02:41 | 000,018,944 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\rdpbus.sys -- (rdpbus)
DRV - [2009/07/13 19:01:41 | 000,007,168 | ---- | M] (Microsoft Corporation) [Kernel | System | Running] -- C:\Windows\System32\drivers\RDPREFMP.sys -- (RDPREFMP)
DRV - [2009/07/13 18:55:00 | 000,049,152 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\agilevpn.sys -- (RasAgileVpn) WAN Miniport (IKEv2)
DRV - [2009/07/13 18:53:51 | 000,009,728 | ---- | M] (Microsoft Corporation) [Kernel | System | Running] -- C:\Windows\System32\drivers\wfplwf.sys -- (WfpLwf)
DRV - [2009/07/13 18:52:44 | 000,027,136 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\ndiscap.sys -- (NdisCap)
DRV - [2009/07/13 18:52:02 | 000,019,968 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\vwifibus.sys -- (vwifibus)
DRV - [2009/07/13 18:52:00 | 000,163,328 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\1394ohci.sys -- (1394ohci)
DRV - [2009/07/13 18:51:35 | 000,008,192 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\umpass.sys -- (UmPass)
DRV - [2009/07/13 18:51:08 | 000,004,096 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\mshidkmdf.sys -- (mshidkmdf)
DRV - [2009/07/13 18:46:55 | 000,012,288 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\MTConfig.sys -- (MTConfig)
DRV - [2009/07/13 18:45:26 | 000,031,232 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\CompositeBus.sys -- (CompositeBus)
DRV - [2009/07/13 18:36:52 | 000,050,176 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\drivers\appid.sys -- (AppID)
DRV - [2009/07/13 18:33:50 | 000,026,624 | ---- | M] (Microsoft Corporation) [Kernel | Unknown | Stopped] -- C:\Windows\System32\drivers\scfilter.sys -- (scfilter)
DRV - [2009/07/13 18:28:47 | 000,005,632 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\vms3cap.sys -- (s3cap)
DRV - [2009/07/13 18:28:45 | 000,017,920 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\VMBusHID.sys -- (VMBusHID)
DRV - [2009/07/13 18:24:05 | 000,032,256 | ---- | M] (Microsoft Corporation) [Kernel | System | Running] -- C:\Windows\System32\drivers\discache.sys -- (discache)
DRV - [2009/07/13 18:16:36 | 000,009,728 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\acpipmi.sys -- (AcpiPmi)
DRV - [2009/07/13 18:11:04 | 000,052,736 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\amdppm.sys -- (AmdPPM)
DRV - [2009/07/13 17:54:14 | 000,026,624 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\drivers\hcw85cir.sys -- (hcw85cir)
DRV - [2009/07/13 17:53:33 | 000,012,160 | ---- | M] (Brother Industries Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\Drivers\BrUsbMdm.sys -- (BrUsbMdm)
DRV - [2009/07/13 17:53:33 | 000,011,904 | ---- | M] (Brother Industries Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\Drivers\BrUsbSer.sys -- (BrUsbSer)
DRV - [2009/07/13 17:53:32 | 000,062,336 | ---- | M] (Brother Industries Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\Drivers\BrSerWdm.sys -- (BrSerWdm)
DRV - [2009/07/13 17:53:28 | 000,013,568 | ---- | M] (Brother Industries, Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\BrFiltLo.sys -- (BrFiltLo)
DRV - [2009/07/13 17:53:28 | 000,005,248 | ---- | M] (Brother Industries, Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\BrFiltUp.sys -- (BrFiltUp)
DRV - [2009/07/13 17:02:52 | 000,347,264 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\nvm62x32.sys -- (NVENETFD)
DRV - [2009/07/13 17:02:49 | 000,229,888 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\b57nd60x.sys -- (b57nd60x)
DRV - [2009/07/13 17:02:48 | 003,100,160 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\evbdx.sys -- (ebdrv)
DRV - [2009/07/13 17:02:48 | 000,430,080 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\bxvbdx.sys -- (b06bdrv)
DRV - [2008/07/28 20:45:00 | 000,904,192 | ---- | M] (Atheros Communications, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\athrusb.sys -- (athrusb)
DRV - [2008/04/04 14:49:04 | 000,136,832 | ---- | M] (Saitek) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\SaiH8000.sys -- (SaiH8000)
DRV - [2004/08/13 09:56:20 | 000,005,810 | ---- | M] () [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\ASACPI.sys -- (MTsensor)

========== Standard Registry (SafeList) ==========

========== Internet Explorer ==========

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = en-us
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 8C C0 53 A6 C7 51 CB 01 [binary data]
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

========== FireFox ==========

FF - prefs.js..browser.startup.homepage: "http://www.google.com/ig"
FF - prefs.js..extensions.enabledItems: {CE6E6E3B-84DD-4cac-9F63-8D2AE4F30A4B}:3.1.0625
FF - prefs.js..extensions.enabledItems: {d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}:1.2.2
FF - prefs.js..extensions.enabledItems: DTToolbar@toolbarnet.com:1.1.2.0185
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}:6.0.21

FF - HKLM\software\mozilla\Mozilla Firefox 3.6.12\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2010/10/28 21:21:37 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.6.12\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2010/10/28 21:08:19 | 000,000,000 | ---D | M]

[2010/08/26 22:32:52 | 000,000,000 | ---D | M] -- C:\Users\Jester\AppData\Roaming\Mozilla\Extensions
[2010/10/30 21:08:38 | 000,000,000 | ---D | M] -- C:\Users\Jester\AppData\Roaming\Mozilla\Firefox\Profiles\c990yxju.default\extensions
[2010/08/26 22:34:46 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Jester\AppData\Roaming\Mozilla\Firefox\Profiles\c990yxju.default\extensions\{CE6E6E3B-84DD-4cac-9F63-8D2AE4F30A4B}
[2010/08/26 22:34:46 | 000,000,000 | ---D | M] (Adblock Plus) -- C:\Users\Jester\AppData\Roaming\Mozilla\Firefox\Profiles\c990yxju.default\extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}
[2010/08/27 00:17:13 | 000,000,000 | ---D | M] -- C:\Users\Jester\AppData\Roaming\Mozilla\Firefox\Profiles\c990yxju.default\extensions\DTToolbar@toolbarnet.com
[2010/08/27 00:17:10 | 000,002,059 | ---- | M] () -- C:\Users\Jester\AppData\Roaming\Mozilla\Firefox\Profiles\c990yxju.default\searchplugins\daemon-search.xml
[2010/10/30 13:31:23 | 000,000,000 | ---D | M] -- C:\Program Files\Mozilla Firefox\extensions
[2010/09/11 11:07:17 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}
[2010/09/11 11:07:02 | 000,423,656 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\Mozilla Firefox\plugins\npdeployJava1.dll
[2010/07/12 11:33:56 | 000,012,800 | ---- | M] (Nullsoft, Inc.) -- C:\Program Files\Mozilla Firefox\plugins\npwachk.dll

O1 HOSTS File: ([2010/10/30 21:18:29 | 000,000,027 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O3 - HKCU\..\Toolbar\WebBrowser: (DAEMON Tools Toolbar) - {32099AAC-C132-4136-9E9A-4E364A424E17} - C:\Program Files\DAEMON Tools Toolbar\DTToolbar.dll ()
O4 - HKLM..\Run: [avast5] C:\Program Files\Alwil Software\Avast5\avastUI.exe (AVAST Software)
O4 - HKLM..\Run: [NBAgent] C:\Program Files\Nero\Nero 10\Nero BackItUp\NBAgent.exe (Nero AG)
O4 - HKLM..\Run: [Razer Imperator Driver] C:\Program Files\Razer\Imperator\RazerImperatorTray.exe (Razer USA Ltd)
O4 - HKLM..\Run: [WinampAgent] C:\Program Files\Winamp\winampa.exe (Nullsoft, Inc.)
O4 - HKCU..\Run: [CursorFX] C:\Program Files\Stardock\CursorFX\CursorFX.exe (Stardock Corporation)
O4 - HKCU..\Run: [DAEMON Tools Lite] C:\Program Files\DAEMON Tools Lite\DTLite.exe (DT Soft Ltd)
O4 - HKCU..\Run: [Pando Media Booster] C:\Program Files\Pando Networks\Media Booster\PMB.exe ()
O4 - HKCU..\Run: [Steam] c:\program files\steam\steam.exe (Valve Corporation)
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLUA = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: PromptOnSecureDesktop = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLinkedConnections = 1
O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_21-windows-i586.cab (Java Plug-in 1.6.0_21)
O16 - DPF: {CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_21-windows-i586.cab (Java Plug-in 1.6.0_21)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_21-windows-i586.cab (Java Plug-in 1.6.0_21)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab (Shockwave Flash Object)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.0.1
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\System32\SystemPropertiesPerformance.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (/pagefile) - File not found
O28 - HKLM ShellExecuteHooks: {AEB6717E-7E19-11d0-97EE-00C04FD91972} - Reg Error: Key error. File not found
O30 - LSA: Security Packages - (pku2u) - C:\Windows\System32\pku2u.dll (Microsoft Corporation)
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2009/06/10 16:42:20 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = ComFile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

NetSvcs: FastUserSwitchingCompatibility - File not found
NetSvcs: Ias - File not found
NetSvcs: Nla - File not found
NetSvcs: Ntmssvc - File not found
NetSvcs: NWCWorkstation - File not found
NetSvcs: Nwsapagent - File not found
NetSvcs: SRService - File not found
NetSvcs: WmdmPmSp - File not found
NetSvcs: LogonHours - File not found
NetSvcs: PCAudit - File not found
NetSvcs: helpsvc - File not found
NetSvcs: uploadmgr - File not found

eerievon · Oct 31, 2010

part 2

NetSvcs: Themes - C:\Windows\System32\themeservice.dll (Microsoft Corporation)
NetSvcs: BDESVC - C:\Windows\System32\bdesvc.dll (Microsoft Corporation)

Drivers32: msacm.bdmpeg - C:\Windows\System32\bdmpega.acm ()
Drivers32: msacm.l3acm - C:\Windows\System32\l3codeca.acm (Fraunhofer Institut Integrierte Schaltungen IIS)
Drivers32: vidc.cvid - C:\Windows\System32\iccvid.dll (Radius Inc.)
Drivers32: vidc.mpeg - C:\Windows\System32\bdmpegv.dll ()

========== Files/Folders - Created Within 30 Days ==========

[2010/10/30 22:45:44 | 000,575,488 | ---- | C] (OldTimer Tools) -- C:\Users\Jester\Desktop\OTL.exe
[2010/10/30 21:34:59 | 000,000,000 | ---D | C] -- C:\Windows\TEMP
[2010/10/30 21:19:24 | 000,000,000 | -HSD | C] -- C:\$RECYCLE.BIN
[2010/10/30 21:19:21 | 000,000,000 | ---D | C] -- C:\Users\Jester\AppData\Local\temp
[2010/10/30 21:14:14 | 000,000,000 | ---D | C] -- C:\ComboFix
[2010/10/30 21:13:57 | 000,212,480 | ---- | C] (SteelWerX) -- C:\Windows\SWXCACLS.exe
[2010/10/30 19:42:01 | 000,161,792 | ---- | C] (SteelWerX) -- C:\Windows\SWREG.exe
[2010/10/30 19:42:01 | 000,136,704 | ---- | C] (SteelWerX) -- C:\Windows\SWSC.exe
[2010/10/30 19:42:01 | 000,031,232 | ---- | C] (NirSoft) -- C:\Windows\NIRCMD.exe
[2010/10/30 19:41:57 | 000,000,000 | ---D | C] -- C:\Windows\ERDNT
[2010/10/30 19:41:36 | 000,000,000 | ---D | C] -- C:\Qoobox
[2010/10/30 17:42:18 | 001,317,464 | ---- | C] (Kaspersky Lab ZAO) -- C:\Users\Jester\Desktop\TDSSKiller.exe
[2010/10/30 13:15:51 | 000,000,000 | ---D | C] -- C:\Users\Jester\Desktop\logs
[2010/10/30 12:32:40 | 000,000,000 | ---D | C] -- C:\Users\Jester\AppData\Roaming\Malwarebytes
[2010/10/30 12:32:34 | 000,038,224 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbamswissarmy.sys
[2010/10/30 12:32:33 | 000,020,952 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbam.sys
[2010/10/30 12:32:33 | 000,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware
[2010/10/30 12:32:33 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes
[2010/10/30 12:31:57 | 006,153,352 | ---- | C] (Malwarebytes Corporation ) -- C:\Users\Jester\Desktop\mbam-setup-1.46.exe
[2010/10/30 12:18:21 | 000,446,464 | ---- | C] (OldTimer Tools) -- C:\Users\Jester\Desktop\TFC.exe
[2010/10/28 06:11:00 | 000,000,000 | ---D | C] -- C:\Users\Jester\AppData\Roaming\Webroot
[2010/10/25 12:31:19 | 000,000,000 | ---D | C] -- C:\Users\Jester\Documents\LucasArts
[2010/10/25 12:31:19 | 000,000,000 | ---D | C] -- C:\Users\Jester\AppData\Local\LucasArts
[2010/10/23 03:00:32 | 000,000,000 | ---D | C] -- C:\Program Files\MSXML 4.0
[2010/10/22 19:57:28 | 000,000,000 | ---D | C] -- C:\ProgramData\LightScribe
[2010/10/22 19:57:17 | 000,000,000 | ---D | C] -- C:\Users\Jester\AppData\Roaming\Nero
[2010/10/22 19:46:57 | 000,000,000 | ---D | C] -- C:\ProgramData\Nero
[2010/10/22 19:46:28 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Nero
[2010/10/22 19:46:19 | 000,000,000 | ---D | C] -- C:\Program Files\Nero
[2010/10/22 19:40:44 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\LightScribe
[2010/10/22 00:01:19 | 000,000,000 | ---D | C] -- C:\Users\Jester\AppData\Local\FalloutNV
[2010/10/20 19:12:13 | 000,000,000 | ---D | C] -- C:\Users\Jester\AppData\Roaming\dvdcss
[2010/10/20 14:16:47 | 000,000,000 | ---D | C] -- C:\ProgramData\McAfee
[2010/10/09 21:36:25 | 000,000,000 | ---D | C] -- C:\Users\Jester\AppData\Local\Focus
[2010/10/09 21:28:32 | 000,000,000 | ---D | C] -- C:\Windows\System32\EWS
[2010/10/09 21:26:18 | 002,106,368 | ---- | C] (Xander Zerge) -- C:\Windows\System32\radarss.scr
[2010/10/09 21:26:18 | 000,000,000 | ---D | C] -- C:\Program Files\Radar Screensaver
[2010/10/09 18:43:17 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Adobe
[2010/10/09 18:43:17 | 000,000,000 | ---D | C] -- C:\Program Files\Adobe
[2010/10/09 18:29:13 | 000,000,000 | ---D | C] -- C:\Program Files\Razer
[2010/10/07 23:35:49 | 000,000,000 | ---D | C] -- C:\Users\Jester\AppData\Local\SKIDROW
[2010/10/05 13:02:08 | 000,000,000 | ---D | C] -- C:\ProgramData\Nexon
[2010/10/05 13:01:15 | 000,000,000 | ---D | C] -- C:\Users\Jester\Documents\Vindictus
[2010/10/05 12:59:14 | 000,000,000 | ---D | C] -- C:\Program Files\BandiMPEG1
[2010/10/05 12:53:07 | 000,000,000 | ---D | C] -- C:\ProgramData\NexonUS
[2010/10/03 10:06:35 | 000,000,000 | ---D | C] -- C:\Program Files\Darksiders
[2010/10/02 22:45:37 | 000,000,000 | ---D | C] -- C:\Users\Jester\AppData\Local\Darksiders
[2010/10/02 22:39:49 | 000,000,000 | ---D | C] -- C:\Users\Jester\Desktop\Darksiders
[1 C:\Users\Jester\Desktop\*.tmp files -> C:\Users\Jester\Desktop\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2010/10/30 22:45:45 | 000,575,488 | ---- | M] (OldTimer Tools) -- C:\Users\Jester\Desktop\OTL.exe
[2010/10/30 21:40:12 | 000,659,580 | ---- | M] () -- C:\Windows\System32\perfh009.dat
[2010/10/30 21:40:12 | 000,120,508 | ---- | M] () -- C:\Windows\System32\perfc009.dat
[2010/10/30 21:35:53 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2010/10/30 21:35:38 | 1609,424,896 | -HS- | M] () -- C:\hiberfil.sys
[2010/10/30 21:18:29 | 000,000,027 | ---- | M] () -- C:\Windows\System32\drivers\etc\hosts
[2010/10/30 19:39:39 | 003,896,496 | R--- | M] () -- C:\Users\Jester\Desktop\ComboFix.exe
[2010/10/30 17:44:19 | 000,085,504 | ---- | M] () -- C:\Windows\MBR.exe
[2010/10/30 17:43:31 | 000,010,016 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2010/10/30 17:43:31 | 000,010,016 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2010/10/30 12:32:36 | 000,000,979 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes' Anti-Malware.lnk
[2010/10/30 12:20:15 | 000,545,280 | ---- | M] () -- C:\Users\Jester\Desktop\dds.scr
[2010/10/30 12:20:02 | 000,294,912 | ---- | M] () -- C:\Users\Jester\Desktop\k7wvk7ol.exe
[2010/10/30 12:07:11 | 006,153,352 | ---- | M] (Malwarebytes Corporation ) -- C:\Users\Jester\Desktop\mbam-setup-1.46.exe
[2010/10/30 12:06:39 | 000,446,464 | ---- | M] (OldTimer Tools) -- C:\Users\Jester\Desktop\TFC.exe
[2010/10/29 12:59:12 | 000,025,361 | ---- | M] () -- C:\Users\Jester\Desktop\Haloween Costume Essay.docx
[2010/10/28 21:00:28 | 209,309,546 | ---- | M] () -- C:\Windows\MEMORY.DMP
[2010/10/27 18:24:04 | 000,000,162 | -H-- | M] () -- C:\Users\Jester\Documents\~$loween Costume Essay.docx
[2010/10/27 08:50:45 | 000,013,198 | ---- | M] () -- C:\Users\Jester\Documents\next to you meditation.docx
[2010/10/26 21:03:35 | 000,001,288 | ---- | M] () -- C:\Users\Jester\Desktop\SWTFU2.exe - Shortcut.lnk
[2010/10/26 11:30:08 | 001,317,464 | ---- | M] (Kaspersky Lab ZAO) -- C:\Users\Jester\Desktop\TDSSKiller.exe
[2010/10/26 05:36:44 | 000,010,719 | ---- | M] () -- C:\Users\Jester\Documents\Jaclyn Andersen.docx
[2010/10/24 18:28:45 | 000,000,111 | ---- | M] () -- C:\Users\Jester\webct_upload_applet.properties
[2010/10/24 18:27:57 | 000,025,816 | ---- | M] () -- C:\Users\Jester\Documents\Outline Crim. 4.docx
[2010/10/23 15:08:44 | 000,025,346 | ---- | M] () -- C:\Users\Jester\Documents\E.Phil Exam 1 Essay.docx
[2010/10/22 19:51:15 | 000,002,923 | ---- | M] () -- C:\Users\Public\Desktop\Nero StartSmart 10.lnk
[2010/10/22 19:50:25 | 000,002,901 | ---- | M] () -- C:\Users\Public\Desktop\Nero Vision 10.lnk
[2010/10/22 19:49:22 | 000,002,895 | ---- | M] () -- C:\Users\Public\Desktop\Nero MediaHub 10.lnk
[2010/10/22 19:47:43 | 000,003,013 | ---- | M] () -- C:\Users\Public\Desktop\Nero BackItUp 10.lnk
[2010/10/22 19:47:08 | 000,002,915 | ---- | M] () -- C:\Users\Public\Desktop\Nero Burning ROM 10.lnk
[2010/10/22 19:40:48 | 000,002,007 | ---- | M] () -- C:\Users\Public\Desktop\LightScribe.lnk
[2010/10/22 10:45:37 | 000,001,235 | ---- | M] () -- C:\Users\Jester\Desktop\Fallout New Vegas.lnk
[2010/10/21 23:20:42 | 000,023,658 | ---- | M] () -- C:\Users\Jester\Documents\Outline Crim. 3.docx
[2010/10/21 06:58:49 | 000,014,155 | ---- | M] () -- C:\Users\Jester\Documents\Television Response.docx
[2010/10/14 11:29:39 | 000,011,799 | ---- | M] () -- C:\Users\Jester\Documents\Blithe Spirit summary.docx
[2010/10/13 21:39:21 | 000,021,894 | ---- | M] () -- C:\Users\Jester\Documents\take home essay.docx
[2010/10/13 03:19:52 | 000,412,432 | ---- | M] () -- C:\Windows\System32\FNTCACHE.DAT
[2010/10/12 07:12:52 | 000,011,522 | ---- | M] () -- C:\Users\Jester\Documents\Journal 4.docx
[2010/10/11 21:13:47 | 000,012,487 | ---- | M] () -- C:\Users\Jester\Documents\Essay on driving.docx
[2010/10/10 13:51:39 | 002,150,726 | ---- | M] () -- C:\Users\Jester\Desktop\Rosie.jpg
[2010/10/09 21:20:13 | 002,106,368 | ---- | M] (Xander Zerge) -- C:\Windows\System32\radarss.scr
[2010/10/09 18:43:22 | 000,001,984 | ---- | M] () -- C:\Users\Public\Desktop\Adobe Reader 9.lnk
[2010/10/09 18:33:50 | 000,001,830 | ---- | M] () -- C:\Users\Jester\AppData\Roaming\ImperatorProfile0.dat
[2010/10/06 18:37:46 | 000,019,111 | ---- | M] () -- C:\Users\Jester\Desktop\Sociology of the Wedding Industry.docx
[2010/10/05 17:18:46 | 000,015,458 | ---- | M] () -- C:\Users\Jester\Documents\Spiritual Practice Gita.docx
[2010/10/05 12:59:16 | 000,000,207 | ---- | M] () -- C:\Users\Public\Desktop\Vindictus.url
[2010/10/03 12:03:41 | 000,001,257 | ---- | M] () -- C:\Users\Jester\Desktop\Darksiders.lnk
[2010/10/02 22:41:07 | 000,000,928 | ---- | M] () -- C:\Users\Jester\Desktop\RegCleaner.lnk
[2010/10/02 14:39:43 | 000,026,161 | ---- | M] () -- C:\Users\Jester\Documents\Outline Crim. 2.docx
[1 C:\Users\Jester\Desktop\*.tmp files -> C:\Users\Jester\Desktop\*.tmp -> ]

========== Files Created - No Company Name ==========

[2010/10/30 19:42:01 | 000,256,512 | ---- | C] () -- C:\Windows\PEV.exe
[2010/10/30 19:42:01 | 000,098,816 | ---- | C] () -- C:\Windows\sed.exe
[2010/10/30 19:42:01 | 000,085,504 | ---- | C] () -- C:\Windows\MBR.exe
[2010/10/30 19:42:01 | 000,080,412 | ---- | C] () -- C:\Windows\grep.exe
[2010/10/30 19:42:01 | 000,068,096 | ---- | C] () -- C:\Windows\zip.exe
[2010/10/30 19:39:25 | 003,896,496 | R--- | C] () -- C:\Users\Jester\Desktop\ComboFix.exe
[2010/10/30 13:16:42 | 000,545,280 | ---- | C] () -- C:\Users\Jester\Desktop\dds.scr
[2010/10/30 12:45:40 | 000,294,912 | ---- | C] () -- C:\Users\Jester\Desktop\k7wvk7ol.exe
[2010/10/30 12:32:36 | 000,000,979 | ---- | C] () -- C:\Users\Public\Desktop\Malwarebytes' Anti-Malware.lnk
[2010/10/27 18:24:04 | 000,025,361 | ---- | C] () -- C:\Users\Jester\Desktop\Haloween Costume Essay.docx
[2010/10/27 18:24:04 | 000,000,162 | -H-- | C] () -- C:\Users\Jester\Documents\~$loween Costume Essay.docx
[2010/10/27 08:50:44 | 000,013,198 | ---- | C] () -- C:\Users\Jester\Documents\next to you meditation.docx
[2010/10/26 21:03:35 | 000,001,288 | ---- | C] () -- C:\Users\Jester\Desktop\SWTFU2.exe - Shortcut.lnk
[2010/10/25 21:01:06 | 000,010,719 | ---- | C] () -- C:\Users\Jester\Documents\Jaclyn Andersen.docx
[2010/10/24 18:13:21 | 000,025,816 | ---- | C] () -- C:\Users\Jester\Documents\Outline Crim. 4.docx
[2010/10/23 13:59:28 | 000,025,346 | ---- | C] () -- C:\Users\Jester\Documents\E.Phil Exam 1 Essay.docx
[2010/10/22 19:51:15 | 000,002,923 | ---- | C] () -- C:\Users\Public\Desktop\Nero StartSmart 10.lnk
[2010/10/22 19:50:25 | 000,002,901 | ---- | C] () -- C:\Users\Public\Desktop\Nero Vision 10.lnk
[2010/10/22 19:49:22 | 000,002,895 | ---- | C] () -- C:\Users\Public\Desktop\Nero MediaHub 10.lnk
[2010/10/22 19:47:43 | 000,003,013 | ---- | C] () -- C:\Users\Public\Desktop\Nero BackItUp 10.lnk
[2010/10/22 19:47:08 | 000,002,915 | ---- | C] () -- C:\Users\Public\Desktop\Nero Burning ROM 10.lnk
[2010/10/22 19:40:48 | 000,002,007 | ---- | C] () -- C:\Users\Public\Desktop\LightScribe.lnk
[2010/10/22 10:45:37 | 000,001,235 | ---- | C] () -- C:\Users\Jester\Desktop\Fallout New Vegas.lnk
[2010/10/21 23:20:41 | 000,023,658 | ---- | C] () -- C:\Users\Jester\Documents\Outline Crim. 3.docx
[2010/10/20 22:11:08 | 000,014,155 | ---- | C] () -- C:\Users\Jester\Documents\Television Response.docx
[2010/10/20 19:56:40 | 209,309,546 | ---- | C] () -- C:\Windows\MEMORY.DMP
[2010/10/13 18:02:37 | 000,021,894 | ---- | C] () -- C:\Users\Jester\Documents\take home essay.docx
[2010/10/13 14:51:14 | 000,011,799 | ---- | C] () -- C:\Users\Jester\Documents\Blithe Spirit summary.docx
[2010/10/11 20:57:45 | 000,011,522 | ---- | C] () -- C:\Users\Jester\Documents\Journal 4.docx
[2010/10/10 13:51:38 | 002,150,726 | ---- | C] () -- C:\Users\Jester\Desktop\Rosie.jpg
[2010/10/09 21:36:04 | 000,189,952 | ---- | C] () -- C:\Windows\System32\Focus.scr
[2010/10/09 18:43:22 | 000,001,984 | ---- | C] () -- C:\Users\Public\Desktop\Adobe Reader 9.lnk
[2010/10/09 18:31:52 | 000,001,830 | ---- | C] () -- C:\Users\Jester\AppData\Roaming\ImperatorProfile0.dat
[2010/10/06 15:53:11 | 000,019,111 | ---- | C] () -- C:\Users\Jester\Desktop\Sociology of the Wedding Industry.docx
[2010/10/05 15:26:09 | 000,015,458 | ---- | C] () -- C:\Users\Jester\Documents\Spiritual Practice Gita.docx
[2010/10/05 12:59:16 | 000,000,207 | ---- | C] () -- C:\Users\Public\Desktop\Vindictus.url
[2010/10/04 12:58:02 | 000,012,487 | ---- | C] () -- C:\Users\Jester\Documents\Essay on driving.docx
[2010/10/02 22:41:07 | 000,000,928 | ---- | C] () -- C:\Users\Jester\Desktop\RegCleaner.lnk
[2010/09/18 21:32:23 | 000,000,023 | ---- | C] () -- C:\Windows\BlendSettings.ini
[2010/08/30 23:53:59 | 000,000,356 | ---- | C] () -- C:\Windows\qawin32.INI
[2010/08/27 00:16:32 | 000,691,696 | ---- | C] () -- C:\Windows\System32\drivers\sptd.sys
[2010/04/02 17:17:34 | 000,179,091 | ---- | C] () -- C:\Windows\System32\xlive.dll.cat
[2009/07/13 18:51:43 | 000,073,728 | ---- | C] () -- C:\Windows\System32\BthpanContextHandler.dll
[2009/07/13 18:42:10 | 000,064,000 | ---- | C] () -- C:\Windows\System32\BWContextHandler.dll
[2009/07/08 20:03:02 | 000,058,880 | ---- | C] () -- C:\Windows\System32\bdmpegv.dll
[2009/04/15 15:04:38 | 000,104,520 | ---- | C] () -- C:\Windows\System32\OSD.dll
[2008/04/04 14:49:04 | 001,282,048 | ---- | C] () -- C:\Windows\System32\SaiC8000.Dll
[2008/04/04 14:49:04 | 000,008,704 | ---- | C] () -- C:\Windows\System32\SaiC8000_0C.dll
[2008/04/04 14:49:04 | 000,008,192 | ---- | C] () -- C:\Windows\System32\SaiC8000_10.dll
[2008/04/04 14:49:04 | 000,008,192 | ---- | C] () -- C:\Windows\System32\SaiC8000_0A.dll
[2008/04/04 14:49:04 | 000,008,192 | ---- | C] () -- C:\Windows\System32\SaiC8000_07.dll
[2008/04/04 14:49:04 | 000,007,680 | ---- | C] () -- C:\Windows\System32\SaiC8000_09.dll
[2008/04/04 14:49:04 | 000,007,168 | ---- | C] () -- C:\Windows\System32\SaiC8000_0402.dll
[2008/04/04 14:49:04 | 000,005,632 | ---- | C] () -- C:\Windows\System32\SaiC8000_11.dll
[2004/08/13 09:56:20 | 000,005,810 | ---- | C] () -- C:\Windows\System32\drivers\ASACPI.sys

========== LOP Check ==========

[2010/09/19 00:43:23 | 000,000,000 | ---D | M] -- C:\Users\Jester\AppData\Roaming\Big Fish Games
[2010/09/21 23:01:18 | 000,000,000 | ---D | M] -- C:\Users\Jester\AppData\Roaming\cYo
[2010/08/27 09:30:50 | 000,000,000 | ---D | M] -- C:\Users\Jester\AppData\Roaming\DAEMON Tools Lite
[2010/09/17 00:20:52 | 000,000,000 | ---D | M] -- C:\Users\Jester\AppData\Roaming\LolClient
[2010/08/27 19:20:30 | 000,000,000 | ---D | M] -- C:\Users\Jester\AppData\Roaming\LPECommon
[2010/10/30 13:32:15 | 000,025,194 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT

========== Purity Check ==========

========== Custom Scans ==========

< %SYSTEMDRIVE%\*.* >
[2009/06/10 16:42:20 | 000,000,024 | ---- | M] () -- C:\autoexec.bat
[2010/10/30 17:54:58 | 000,000,336 | ---- | M] () -- C:\cmdlog.txt
[2010/10/30 21:19:20 | 000,018,816 | ---- | M] () -- C:\ComboFix.txt
[2009/06/10 16:42:20 | 000,000,010 | ---- | M] () -- C:\config.sys
[2007/11/07 08:00:40 | 000,017,734 | ---- | M] () -- C:\eula.1028.txt
[2007/11/07 08:00:40 | 000,017,734 | ---- | M] () -- C:\eula.1031.txt
[2007/11/07 08:00:40 | 000,010,134 | ---- | M] () -- C:\eula.1033.txt
[2007/11/07 08:00:40 | 000,017,734 | ---- | M] () -- C:\eula.1036.txt
[2007/11/07 08:00:40 | 000,017,734 | ---- | M] () -- C:\eula.1040.txt
[2007/11/07 08:00:40 | 000,000,118 | ---- | M] () -- C:\eula.1041.txt
[2007/11/07 08:00:40 | 000,017,734 | ---- | M] () -- C:\eula.1042.txt
[2007/11/07 08:00:40 | 000,017,734 | ---- | M] () -- C:\eula.2052.txt
[2007/11/07 08:00:40 | 000,017,734 | ---- | M] () -- C:\eula.3082.txt
[2007/11/07 08:00:40 | 000,001,110 | ---- | M] () -- C:\globdata.ini
[2010/10/30 21:35:38 | 1609,424,896 | -HS- | M] () -- C:\hiberfil.sys
[2007/11/07 08:00:40 | 000,000,843 | ---- | M] () -- C:\install.ini
[2007/11/07 08:03:18 | 000,076,304 | ---- | M] (Microsoft Corporation) -- C:\install.res.1028.dll
[2007/11/07 08:03:18 | 000,096,272 | ---- | M] (Microsoft Corporation) -- C:\install.res.1031.dll
[2007/11/07 08:03:18 | 000,091,152 | ---- | M] (Microsoft Corporation) -- C:\install.res.1033.dll
[2007/11/07 08:03:18 | 000,097,296 | ---- | M] (Microsoft Corporation) -- C:\install.res.1036.dll
[2007/11/07 08:03:18 | 000,095,248 | ---- | M] (Microsoft Corporation) -- C:\install.res.1040.dll
[2007/11/07 08:03:18 | 000,081,424 | ---- | M] (Microsoft Corporation) -- C:\install.res.1041.dll
[2007/11/07 08:03:18 | 000,079,888 | ---- | M] (Microsoft Corporation) -- C:\install.res.1042.dll
[2007/11/07 08:03:18 | 000,075,792 | ---- | M] (Microsoft Corporation) -- C:\install.res.2052.dll
[2007/11/07 08:03:18 | 000,096,272 | ---- | M] (Microsoft Corporation) -- C:\install.res.3082.dll
[2010/08/27 22:04:34 | 000,000,000 | RHS- | M] () -- C:\IO.SYS
[2010/08/27 22:04:34 | 000,000,000 | RHS- | M] () -- C:\MSDOS.SYS
[2010/10/30 21:35:52 | 2145,902,592 | -HS- | M] () -- C:\pagefile.sys
[2010/10/30 17:43:49 | 000,061,870 | ---- | M] () -- C:\TDSSKiller.2.4.5.1_30.10.2010_17.42.41_log.txt
[2007/11/07 08:00:40 | 000,005,686 | ---- | M] () -- C:\vcredist.bmp
[2007/11/07 08:09:22 | 001,442,522 | ---- | M] () -- C:\VC_RED.cab
[2007/11/07 08:12:28 | 000,232,960 | ---- | M] () -- C:\VC_RED.MSI

< %systemroot%\Fonts\*.com >
[2009/07/13 23:52:25 | 000,026,040 | ---- | M] () -- C:\Windows\Fonts\GlobalMonospace.CompositeFont
[2009/07/13 23:52:25 | 000,026,489 | ---- | M] () -- C:\Windows\Fonts\GlobalSansSerif.CompositeFont
[2009/07/13 23:52:25 | 000,029,779 | ---- | M] () -- C:\Windows\Fonts\GlobalSerif.CompositeFont
[2009/07/13 23:52:25 | 000,043,318 | ---- | M] () -- C:\Windows\Fonts\GlobalUserInterface.CompositeFont

< %systemroot%\Fonts\*.dll >

< %systemroot%\Fonts\*.ini >
[2009/06/10 16:31:19 | 000,000,065 | ---- | M] () -- C:\Windows\Fonts\desktop.ini

< %systemroot%\Fonts\*.ini2 >

< %systemroot%\Fonts\*.exe >

< %systemroot%\system32\spool\prtprocs\w32x86\*.* >
[2009/07/13 20:15:26 | 000,280,064 | ---- | M] (Hewlett-Packard Corporation) -- C:\Windows\System32\spool\prtprocs\w32x86\hpzppw71.dll
[2009/07/13 20:15:35 | 000,022,528 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\spool\prtprocs\w32x86\jnwppr.dll
[2006/10/26 19:56:12 | 000,033,104 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\spool\prtprocs\w32x86\msonpppr.dll
[2009/07/13 20:16:19 | 000,029,696 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\spool\prtprocs\w32x86\winprint.dll

< %systemroot%\REPAIR\*.bak1 >

< %systemroot%\REPAIR\*.ini >

< %systemroot%\system32\*.jpg >

< %systemroot%\*.jpg >

< %systemroot%\*.png >

< %systemroot%\*.scr >
[2010/09/07 10:12:17 | 000,038,848 | ---- | M] (AVAST Software) -- C:\Windows\avastSS.scr

< %systemroot%\*._sy >

< %APPDATA%\Adobe\Update\*.* >

< %ALLUSERSPROFILE%\Favorites\*.* >

< %APPDATA%\Microsoft\*.* >

< %PROGRAMFILES%\*.* >
[2009/07/13 23:41:57 | 000,000,174 | -HS- | M] () -- C:\Program Files\desktop.ini

< %APPDATA%\Update\*.* >

< %systemroot%\*. /mp /s >

< %systemroot%\System32\config\*.sav >

< %PROGRAMFILES%\bak. /s >

< %systemroot%\system32\bak. /s >

< %ALLUSERSPROFILE%\Start Menu\*.lnk /x >

< %systemroot%\system32\config\systemprofile\*.dat /x >

< %systemroot%\*.config >

< %systemroot%\system32\*.db >

< %APPDATA%\Microsoft\Internet Explorer\Quick Launch\*.lnk /x >
[2010/08/26 22:31:49 | 000,000,221 | -HS- | M] () -- C:\Users\Jester\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\desktop.ini

< %USERPROFILE%\Desktop\*.exe >
[2010/10/30 19:39:39 | 003,896,496 | R--- | M] () -- C:\Users\Jester\Desktop\ComboFix.exe
[2010/10/30 12:20:02 | 000,294,912 | ---- | M] () -- C:\Users\Jester\Desktop\k7wvk7ol.exe
[2010/10/30 12:07:11 | 006,153,352 | ---- | M] (Malwarebytes Corporation ) -- C:\Users\Jester\Desktop\mbam-setup-1.46.exe
[2010/10/30 22:45:45 | 000,575,488 | ---- | M] (OldTimer Tools) -- C:\Users\Jester\Desktop\OTL.exe
[2010/10/26 11:30:08 | 001,317,464 | ---- | M] (Kaspersky Lab ZAO) -- C:\Users\Jester\Desktop\TDSSKiller.exe
[2010/10/30 12:06:39 | 000,446,464 | ---- | M] (OldTimer Tools) -- C:\Users\Jester\Desktop\TFC.exe
[1 C:\Users\Jester\Desktop\*.tmp files -> C:\Users\Jester\Desktop\*.tmp -> ]

< %PROGRAMFILES%\Common Files\*.* >

< %systemroot%\*.src >

< %systemroot%\install\*.* >

< %systemroot%\system32\DLL\*.* >

< %systemroot%\system32\HelpFiles\*.* >

< %systemroot%\system32\rundll\*.* >

< %systemroot%\winn32\*.* >

< %systemroot%\Java\*.* >

< %systemroot%\system32\test\*.* >

< %systemroot%\system32\Rundll32\*.* >

< %systemroot%\AppPatch\Custom\*.* >

< %APPDATA%\Roaming\Microsoft\Windows\Recent\*.lnk /x >

< %PROGRAMFILES%\PC-Doctor\Downloads\*.* >

< %PROGRAMFILES%\Internet Explorer\*.tmp >

< %PROGRAMFILES%\Internet Explorer\*.dat >

< %USERPROFILE%\My Documents\*.exe >

< %USERPROFILE%\*.exe >

< %systemroot%\ADDINS\*.* >
[2009/06/10 16:20:04 | 000,000,802 | ---- | M] () -- C:\Windows\addins\FXSEXT.ecf

< %systemroot%\assembly\*.bak2 >

< %systemroot%\Config\*.* >

< %systemroot%\REPAIR\*.bak2 >

< %systemroot%\SECURITY\Database\*.sdb /x >

< %systemroot%\SYSTEM\*.bak2 >

< %systemroot%\Web\*.bak2 >

< %systemroot%\Driver Cache\*.* >

< %PROGRAMFILES%\Mozilla Firefox\0*.exe >

< %ProgramFiles%\Microsoft Common\*.* >

< %ProgramFiles%\TinyProxy. >

< %USERPROFILE%\Favorites\*.url /x >
[2010/08/26 23:42:06 | 000,000,402 | -HS- | M] () -- C:\Users\Jester\Favorites\desktop.ini

< %systemroot%\system32\*.bk >

< %systemroot%\*.te >

< %systemroot%\system32\system32\*.* >

< %ALLUSERSPROFILE%\*.dat /x >

< %systemroot%\system32\drivers\*.rmv >

< dir /b "%systemroot%\system32\*.exe" | find /i " " /c >

< dir /b "%systemroot%\*.exe" | find /i " " /c >

< %PROGRAMFILES%\Microsoft\*.* >

< %systemroot%\System32\Wbem\proquota.exe >

< %PROGRAMFILES%\Mozilla Firefox\*.dat >

< %USERPROFILE%\Cookies\*.txt /x >

< %SystemRoot%\system32\fonts\*.* >

< %systemroot%\system32\winlog\*.* >

< %systemroot%\system32\Language\*.* >

< %systemroot%\system32\Settings\*.* >

< %systemroot%\system32\*.quo >

< %SYSTEMROOT%\AppPatch\*.exe >

< %SYSTEMROOT%\inf\*.exe >

< %SYSTEMROOT%\Installer\*.exe >

< %systemroot%\system32\config\*.bak2 >

< %systemroot%\system32\Computers\*.* >

< %SystemRoot%\system32\Sound\*.* >

< %SystemRoot%\system32\SpecialImg\*.* >

< %SystemRoot%\system32\code\*.* >

< %SystemRoot%\system32\draft\*.* >

< %SystemRoot%\system32\MSSSys\*.* >

< %ProgramFiles%\Javascript\*.* >

< %systemroot%\pchealth\helpctr\System\*.exe /s >

< %systemroot%\Web\*.exe >

< %systemroot%\system32\msn\*.* >

< %systemroot%\system32\*.tro >

< %AppData%\Microsoft\Installer\msupdates\*.* >

< %ProgramFiles%\Messenger\*.* >

< %systemroot%\system32\systhem32\*.* >

< %systemroot%\system\*.exe >

< HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate\AU >

< HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\ Auto Update\Results\Install|LastSuccessTime /rs >

========== Files - Unicode (All) ==========
[2010/10/05 13:27:59 | 000,000,000 | ---D | M](C:\Users\Jester\Documents\?? ???) -- C:\Users\Jester\Documents\넥슨 플러그
[2010/10/05 13:27:59 | 000,000,000 | ---D | C](C:\Users\Jester\Documents\?? ???) -- C:\Users\Jester\Documents\넥슨 플러그

========== Alternate Data Streams ==========

@Alternate Data Stream - 126 bytes -> C:\ProgramData\TEMP:6BFA43EB
@Alternate Data Stream - 104 bytes -> C:\ProgramData\TEMP

FC5A2B2

< End of report >

Broni · Oct 31, 2010

Good news

Update your Java version: http://java.com/en/download/index.jsp

Note 1: UNCHECK any pre-checked toolbar and/or software offered with the Java update. The pre-checked toolbars/software are not part of the Java update.

Note 2: The Java Quick Starter (JQS.exe) adds a service to improve the initial startup time of Java applets and applications. If you don't want to run another extra service, go to Start > Control Panel > Java > Advanced > Miscellaneous and uncheck the box for Java Quick Starter. Click OK and restart your computer.

Now, we need to remove old Java installations...

Please download JavaRa to your desktop and unzip it to its own folder

Run JavaRa.exe (Vista users! Right click on JavaRa.exe, click Run As Administrator), pick the language of your choice and click Select. Then click Remove Older Versions.
Accept any prompts.

=======================================================================

Run OTL

Under the Custom Scans/Fixes box at the bottom, paste in the following

Code:

:OTL
DRV - File not found [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\EagleNT.sys -- (EagleNT)
O20 - HKLM Winlogon: VMApplet - (/pagefile) - File not found
O28 - HKLM ShellExecuteHooks: {AEB6717E-7E19-11d0-97EE-00C04FD91972} - Reg Error: Key error. File not found
[1 C:\Users\Jester\Desktop\*.tmp files -> C:\Users\Jester\Desktop\*.tmp -> ]
@Alternate Data Stream - 126 bytes -> C:\ProgramData\TEMP:6BFA43EB
@Alternate Data Stream - 104 bytes -> C:\ProgramData\TEMP:DFC5A2B2

:Services

:Reg

:Files

:Commands
[purity]
[emptytemp]
[emptyflash]
[Reboot]

Then click the Run Fix button at the top
Let the program run unhindered, reboot the PC when it is done
You will get a log that shows the results of the fix. Please post it.

=====================================================================

Last scans...

Download Security Check from HERE, and save it to your Desktop.

* Double-click SecurityCheck.exe
* Follow the onscreen instructions inside of the black box.
* A Notepad document should open automatically called checkup.txt; please post the contents of that document.

=======================================================

Download Temp File Cleaner (TFC)
Double click on TFC.exe to run the program.
Click on Start button to begin cleaning process.
TFC will close all running programs, and it may ask you to restart computer.

========================================================

Please run a free online scan with the ESET Online Scanner

Disable your antivirus program
Tick the box next to YES, I accept the Terms of Use
IMPORTANT! UN-check Remove found threats
Click Start
Accept any security warnings from your browser.
Check Scan archives
Click Start
ESET will then download updates for itself, install itself, and begin scanning your computer. Please be patient as this can take some time.
When the scan completes, push List of found threats
Click on Export to text file , and save the file to your desktop using a unique name, such as ESETScan. Include the contents of this report in your next reply.

eerievon · Oct 31, 2010

ESET and OTL logs

Sorry for the delay on those last logs..but the ESET scan was taking forever so i just went to bed and let it run
here be the logs

All processes killed
========== OTL ==========
Error: No service named EagleNT was found to stop!
Service\Driver key EagleNT not found.
File C:\Windows\System32\drivers\EagleNT.sys not found.
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\\VMApplet:/pagefile deleted successfully.
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks\\{AEB6717E-7E19-11d0-97EE-00C04FD91972} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{AEB6717E-7E19-11d0-97EE-00C04FD91972}\ not found.
File/Folder C:\Users\Jester\Desktop\*.tmp not found.
Unable to delete ADS C:\ProgramData\TEMP:6BFA43EB .
Unable to delete ADS C:\ProgramData\TEMP

FC5A2B2 .
========== SERVICES/DRIVERS ==========
========== REGISTRY ==========
========== FILES ==========
========== COMMANDS ==========

[EMPTYTEMP]

User: All Users

User: Default
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes

User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes

User: Jester
->Temp folder emptied: 797 bytes
->Temporary Internet Files folder emptied: 32902 bytes
->Java cache emptied: 0 bytes
->FireFox cache emptied: 44162648 bytes
->Flash cache emptied: 1247 bytes

User: Public
->Temp folder emptied: 0 bytes

%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 0 bytes
RecycleBin emptied: 0 bytes

Total Files Cleaned = 42.00 mb

[EMPTYFLASH]

User: All Users

User: Default

User: Default User

User: Jester
->Flash cache emptied: 0 bytes

User: Public

Total Flash Files Cleaned = 0.00 mb

OTL by OldTimer - Version 3.2.17.1 log created on 10312010_084416

Files\Folders moved on Reboot...
File\Folder C:\Windows\temp\_avast5_\unp86423204.tmp not found!
File move failed. C:\Windows\temp\_avast5_\Webshlock.txt scheduled to be moved on reboot.

Registry entries deleted on Reboot...

eerievon · Oct 31, 2010

ESET log

C:\Qoobox\Quarantine\C\Users\Jester\AppData\Local\ms01re.dll.vir a variant of Win32/Cimag.DS trojan
C:\Qoobox\Quarantine\C\Users\Jester\AppData\Roaming\Microsoft\deleteme.exe.vir a variant of Win32/Injector.DJZ trojan
C:\Users\Jester\Utorrent dl's\Fallout 3 with DLC and Win 7 crash fix\Fallout 3 Final Fix.rar probably a variant of Win32/Agent.DSLWBHV trojan
C:\Users\Jester\Utorrent dl's\Fallout 3 with DLC and Win 7 crash fix\Utilities\WinRar 3.9.exe a variant of Win32/Keygen.AI application
C:\Users\Jester\Utorrent dl's\Nero 10 + Serials & Keygen\Nero Multimedia Suite 10 - Keygen.exe a variant of Win32/Injector.DHB trojan

Broni · Oct 31, 2010

Run OTL

Under the Custom Scans/Fixes box at the bottom, paste in the following

Code:

:OTL

:Services

:Reg

:Files
C:\Users\Jester\Utorrent dl's\Fallout 3 with DLC and Win 7 crash fix\Fallout 3 Final Fix.rar 
C:\Users\Jester\Utorrent dl's\Fallout 3 with DLC and Win 7 crash fix\Utilities\WinRar 3.9.exe 
C:\Users\Jester\Utorrent dl's\Nero 10 + Serials & Keygen\Nero Multimedia Suite 10 - Keygen.exe

:Commands
[purity]
[emptytemp]
[emptyflash]
[Reboot]

Then click the Run Fix button at the top
Let the program run unhindered, reboot the PC when it is done
You will get a log that shows the results of the fix. Please post it.

====================================================================

Your computer is clean

1. We need to reset system restore to prevent your computer from being accidentally reinfected by using some old restore point(s). We'll create fresh, clean restore point, using following OTL script:

Run OTL

Under the Custom Scans/Fixes box at the bottom, paste in the following:

Code:

:OTL
:Commands
[purity]
[emptytemp]
[EMPTYFLASH]
[CLEARALLRESTOREPOINTS]
[Reboot]

Then click the Run Fix button at the top
Let the program run unhindered, reboot the PC when it is done
Post resulting log.

2. Now, we'll remove all tools, we used during our cleaning process

Clean up with OTL:

Double-click OTL.exe to start the program.
Close all other programs apart from OTL as this step will require a reboot
On the OTL main screen, press the CLEANUP button
Say Yes to the prompt and then allow the program to reboot your computer.

If you still have any tools or logs leftover on your computer you can go ahead and delete those off of your computer now.

3. Make sure, Windows Updates are current.

4. If any Trojan was listed among your infection(s), make sure, you change all of your on-line important passwords (bank account(s), secured web sites, etc.) immediately!

5. Download, and install WOT (Web OF Trust): http://www.mywot.com/. It'll warn you (in most cases) about dangerous web sites.

6. Run Malwarebytes "Quick scan" once in a while to assure safety of your computer.

7. Run Temporary File Cleaner (TFC) weekly.

8. Download and install Secunia Personal Software Inspector (PSI): https://www.techspot.com/downloads/4898-secunia-personal-software-inspector-psi.html. The Secunia PSI is a FREE security tool designed to detect vulnerable and out-dated programs and plug-ins which expose your PC to attacks. Run it weekly.

9. (optional) If you want to keep all your programs up to date, download and install FileHippo Update Checker.
The Update Checker will scan your computer for installed software, check the versions and then send this information to FileHippo.com to see if there are any newer releases.

10. Run defrag at your convenience.

11. Read How did I get infected?, With steps so it does not happen again!: http://www.bleepingcomputer.com/forums/topic2520.html

12. Please, let me know, how is your computer doing.

eerievon · Oct 31, 2010

Yay!

Thanks Broni I really do appreciate all the help everything seems to be running fine. It even appears to be running faster now
Here's the last couple of logs

All processes killed
========== OTL ==========
========== SERVICES/DRIVERS ==========
========== REGISTRY ==========
========== FILES ==========
C:\Users\Jester\Utorrent dl's\Fallout 3 with DLC and Win 7 crash fix\Fallout 3 Final Fix.rar moved successfully.
C:\Users\Jester\Utorrent dl's\Fallout 3 with DLC and Win 7 crash fix\Utilities\WinRar 3.9.exe moved successfully.
C:\Users\Jester\Utorrent dl's\Nero 10 + Serials & Keygen\Nero Multimedia Suite 10 - Keygen.exe moved successfully.
========== COMMANDS ==========

[EMPTYTEMP]

User: All Users

User: Default
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes

User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes

User: Jester
->Temp folder emptied: 3751 bytes
->Temporary Internet Files folder emptied: 75502 bytes
->Java cache emptied: 0 bytes
->FireFox cache emptied: 59909599 bytes
->Flash cache emptied: 1813 bytes

User: Public
->Temp folder emptied: 0 bytes

%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 608 bytes
RecycleBin emptied: 0 bytes

Total Files Cleaned = 57.00 mb

[EMPTYFLASH]

User: All Users

User: Default

User: Default User

User: Jester
->Flash cache emptied: 0 bytes

User: Public

Total Flash Files Cleaned = 0.00 mb

OTL by OldTimer - Version 3.2.17.1 log created on 10312010_124627

Files\Folders moved on Reboot...
File\Folder C:\Windows\temp\_avast5_\unp182890855.tmp not found!
File move failed. C:\Windows\temp\_avast5_\Webshlock.txt scheduled to be moved on reboot.

Registry entries deleted on Reboot...

eerievon · Oct 31, 2010

part 2

All processes killed
========== OTL ==========
========== COMMANDS ==========

[EMPTYTEMP]

User: All Users

User: Default
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes

User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes

User: Jester
->Temp folder emptied: 797 bytes
->Temporary Internet Files folder emptied: 33170 bytes
->Java cache emptied: 0 bytes
->FireFox cache emptied: 13578098 bytes
->Flash cache emptied: 456 bytes

User: Public
->Temp folder emptied: 0 bytes

%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 0 bytes
RecycleBin emptied: 0 bytes

Total Files Cleaned = 13.00 mb

[EMPTYFLASH]

User: All Users

User: Default

User: Default User

User: Jester
->Flash cache emptied: 0 bytes

User: Public

Total Flash Files Cleaned = 0.00 mb

OTL by OldTimer - Version 3.2.17.1 log created on 10312010_125915

Files\Folders moved on Reboot...
File move failed. C:\Windows\temp\_avast5_\Webshlock.txt scheduled to be moved on reboot.

Registry entries deleted on Reboot...

Broni · Oct 31, 2010

Cool

Good luck and stay safe

Solved Google redirect

Posts: 20 +0

Posts: 20 +0

Posts: 20 +0

Posts: 20 +0

Posts: 56,041 +516

Posts: 20 +0

Posts: 56,041 +516

Posts: 20 +0

Posts: 56,041 +516

Posts: 20 +0

Posts: 56,041 +516

Posts: 20 +0

Posts: 20 +0

Posts: 20 +0

Posts: 20 +0

Posts: 56,041 +516

Posts: 20 +0

Posts: 20 +0

Posts: 56,041 +516

Posts: 20 +0

Posts: 20 +0

Posts: 56,041 +516

Similar threads