IE/Firefox redirects, Can't update Vista, IE sometimes hangs

Solved
By ChriskK
Mar 4, 2011
Topic Status:
Not open for further replies.
  1. Symptoms: Google/Yahoo search in IE/Firefox redirects. Vista update blocked. IE sometimes hangs. Multiple incidents of IE in Task Manager. Pop-ups appear. "Host process has stopped working" message appears.

    Step 1:
    Symantec Endpoint, Malware Bytes & Spybot indicate NO malware!

    Step 2:
    TFC was successfully run.

    Step 3:
    Malwarebytes' Anti-Malware 1.50.1.1100
    www.malwarebytes.org

    Database version: 5958

    Windows 6.0.6002 Service Pack 2
    Internet Explorer 8.0.6001.18943

    3/4/2011 10:57:02 PM
    mbam-log-2011-03-04 (22-57-02).txt

    Scan type: Quick scan
    Objects scanned: 147811
    Time elapsed: 4 minute(s), 41 second(s)

    Memory Processes Infected: 0
    Memory Modules Infected: 0
    Registry Keys Infected: 0
    Registry Values Infected: 0
    Registry Data Items Infected: 0
    Folders Infected: 0
    Files Infected: 0

    Memory Processes Infected:
    (No malicious items detected)

    Memory Modules Infected:
    (No malicious items detected)

    Registry Keys Infected:
    (No malicious items detected)

    Registry Values Infected:
    (No malicious items detected)

    Registry Data Items Infected:
    (No malicious items detected)

    Folders Infected:
    (No malicious items detected)

    Files Infected:
    (No malicious items detected)

    Step 4:
    GMER 1.0.15.15530 - http://www.gmer.net
    Rootkit quick scan 2011-03-04 23:03:57
    Windows 6.0.6002 Service Pack 2 Harddisk0\DR0 -> \Device\Ide\IdePort1 ST3320620AS rev.3.AAE
    Running: wwnfbyo5.exe; Driver: C:\Users\CHRIST~1\AppData\Local\Temp\fwldiuod.sys


    ---- Disk sectors - GMER 1.0.15 ----

    Disk \Device\Harddisk0\DR0 sector 00 (MBR): rootkit-like behavior;
    Disk \Device\Harddisk0\DR0 sector 10: rootkit-like behavior;
    Disk \Device\Harddisk0\DR0 sector 32: rootkit-like behavior;
    Disk \Device\Harddisk0\DR0 sector 33: rootkit-like behavior;
    Disk \Device\Harddisk0\DR0 sector 63: rootkit-like behavior;
    Disk \Device\Harddisk0\DR0 sectors 625142192 (+255): rootkit-like behavior;

    ---- Devices - GMER 1.0.15 ----

    Device \Driver\atapi \Device\Ide\IdeDeviceP0T0L0-0 865D21F8
    Device \Driver\atapi \Device\Ide\IdeDeviceP2T0L0-2 865D21F8
    Device \Driver\atapi \Device\Ide\IdePort0 865D21F8
    Device \Driver\atapi \Device\Ide\IdePort1 865D21F8
    Device \Driver\atapi \Device\Ide\IdePort2 865D21F8
    Device \Driver\atapi \Device\Ide\IdeDeviceP0T1L0-5 865D21F8
    Device \Driver\ay07v1el \Device\Scsi\ay07v1el1Port4Path0Target0Lun0 878E31F8
    Device \Driver\ay07v1el \Device\Scsi\ay07v1el1 878E31F8
    Device 865D31F8
    Device Ntfs.sys (NT File System Driver/Microsoft Corporation)

    AttachedDevice \Driver\tdx \Device\Ip SYMTDI.SYS (Network Dispatch Driver/Symantec Corporation)
    AttachedDevice \Driver\tdx \Device\Tcp SYMTDI.SYS (Network Dispatch Driver/Symantec Corporation)
    AttachedDevice \Driver\tdx \Device\Udp SYMTDI.SYS (Network Dispatch Driver/Symantec Corporation)

    Device \Device\Ide\IdeDeviceP1T0L0-1 -> \??\IDE#DiskST3320620AS_____________________________3.AAE___#5&621c102&0&0.0.0#{53f56307-b6bf-11d0-94f2-00a0c91efb8b} device not found

    ---- EOF - GMER 1.0.15 ----

    Step 5:
    .
    DDS (Ver_11-03-05.01) - NTFSx86
    Run by Christian at 23:31:23.79 on Fri 03/04/2011
    Internet Explorer: 8.0.6001.18943 BrowserJavaVersion: 1.6.0_11
    Microsoft® Windows Vista™ Ultimate 6.0.6002.2.1252.1.1033.18.3325.2178 [GMT -5:00]
    .
    AV: Symantec Endpoint Protection *Enabled/Updated* {88C95A36-8C3B-2F2C-1B8B-30FCCFDC4855}
    SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
    SP: Symantec Endpoint Protection *Enabled/Updated* {33A8BBD2-AA01-20A2-213B-0B8EB45B02E8}
    .
    ============== Running Processes ===============
    .
    C:\Windows\system32\wininit.exe
    C:\Windows\system32\lsm.exe
    C:\Windows\system32\svchost.exe -k DcomLaunch
    C:\Windows\system32\svchost.exe -k rpcss
    C:\Windows\system32\atiesrxx.exe
    C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
    C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
    C:\Windows\system32\svchost.exe -k netsvcs
    C:\Program Files\Creative\Shared Files\CTAudSvc.exe
    C:\Windows\system32\svchost.exe -k GPSvcGroup
    C:\Windows\system32\SLsvc.exe
    C:\Windows\system32\svchost.exe -k LocalService
    C:\Program Files\Symantec\Symantec Endpoint Protection\Smc.exe
    C:\Windows\system32\atieclxx.exe
    C:\Windows\system32\svchost.exe -k NetworkService
    C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
    C:\Windows\System32\spoolsv.exe
    C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
    C:\Program Files\Common Files\Acronis\Schedule2\schedul2.exe
    C:\Program Files\JHSecure\VPN Client\cvpnd.exe
    C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\mdm.exe
    C:\Windows\System32\svchost.exe -k HPZ12
    e:\Program Files\Raxco\PerfectDisk\PDAgent.exe
    C:\Windows\System32\svchost.exe -k HPZ12
    C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
    C:\Windows\system32\svchost.exe -k imgsvc
    C:\Program Files\Symantec\Symantec Endpoint Protection\Rtvscan.exe
    C:\Windows\System32\svchost.exe -k WerSvcGroup
    C:\Program Files\Spybot - Search & Destroy\SDWinSec.exe
    e:\Program Files\Raxco\PerfectDisk\PDEngine.exe
    C:\Windows\system32\Dwm.exe
    C:\Windows\system32\taskeng.exe
    C:\Windows\Explorer.EXE
    E:\Program Files\Acronis\TrueImageHome\TrueImageMonitor.exe
    C:\Windows\System32\spool\drivers\w32x86\3\fpdisp5a.exe
    E:\Program Files\Acronis\TrueImageHome\TimounterMonitor.exe
    C:\Program Files\Common Files\Acronis\Schedule2\schedhlp.exe
    C:\Program Files\n52te\n52teHid.exe
    C:\Windows\System32\Ctxfihlp.exe
    E:\ScanSoft\PaperPort\pptd40nt.exe
    C:\Program Files\Canon Electronics\DR1210C\TrkMonitor.exe
    G:\Zune\ZuneLauncher.exe
    C:\Program Files\Common Files\Symantec Shared\ccApp.exe
    C:\Program Files\Windows Sidebar\sidebar.exe
    C:\Windows\ehome\ehtray.exe
    C:\Program Files\DAEMON Tools Lite\DTLite.exe
    C:\Windows\SYSTEM32\CTXFISPI.EXE
    C:\Windows\ehome\ehmsas.exe
    C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
    C:\Program Files\Common Files\LogiShrd\KHAL3\KHALMNPR.EXE
    C:\Program Files\Logitech\SetPointG\SetPointII.exe
    C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CCC.exe
    C:\Windows\system32\conime.exe
    C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe
    C:\Users\Christian\AppData\Local\Temp\BD0C.tmp\MBR.DAT
    C:\Windows\system32\wuauclt.exe
    C:\Windows\system32\msconfig.exe
    C:\Windows\system32\wbem\wmiprvse.exe
    C:\Windows\system32\vssvc.exe
    C:\Windows\System32\svchost.exe -k swprv
    C:\Users\Christian\Desktop\dds.scr
    .
    ============== Pseudo HJT Report ===============
    .
    uStart Page = hxxp://yahoo.com/
    uInternet Settings,ProxyOverride = <local>
    BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll
    BHO: Spybot-S&D IE Protection: {53707962-6f74-2d53-2644-206d7942484f} - c:\progra~1\spybot~1\SDHelper.dll
    BHO: Java(tm) Plug-In SSV Helper: {761497bb-d6f0-462c-b6eb-d4daf1d92d43} - c:\program files\java\jre6\bin\ssv.dll
    BHO: Java(tm) Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
    TB: {C55BBCD6-41AD-48AD-9953-3609C48EACC7} - No File
    TB: {88C7F2AA-F93F-432C-8F0E-B7D85967A527} - No File
    uRun: [Sidebar] c:\program files\windows sidebar\sidebar.exe /autoRun
    uRun: [ehTray.exe] c:\windows\ehome\ehTray.exe
    uRun: [DAEMON Tools Lite] "c:\program files\daemon tools lite\DTLite.exe" -autorun
    mRun: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide
    mRun: [TrueImageMonitor.exe] e:\program files\acronis\trueimagehome\TrueImageMonitor.exe
    mRun: [pdfFactory Pro Dispatcher v3] "c:\windows\system32\spool\drivers\w32x86\3\fppdis3a.exe" /source=HKLM
    mRun: [FinePrint Dispatcher v5] c:\windows\system32\spool\drivers\w32x86\3\fpdisp5a.exe
    mRun: [Adobe Reader Speed Launcher] "c:\program files\adobe\reader 9.0\reader\Reader_sl.exe"
    mRun: [AcronisTimounterMonitor] e:\program files\acronis\trueimagehome\TimounterMonitor.exe
    mRun: [Acronis Scheduler2 Service] "c:\program files\common files\acronis\schedule2\schedhlp.exe"
    mRun: [Jomantha] c:\program files\n52te\n52teHid.exe
    mRun: [SunJavaUpdateSched] "c:\program files\java\jre6\bin\jusched.exe"
    mRun: [CTxfiHlp] CTXFIHLP.EXE
    mRun: [SSBkgdUpdate] "c:\program files\common files\scansoft shared\ssbkgdupdate\SSBkgdupdate.exe" -Embedding -boot
    mRun: [PaperPort PTD] "e:\scansoft\paperport\pptd40nt.exe"
    mRun: [IndexSearch] "e:\scansoft\paperport\IndexSearch.exe"
    mRun: [PPort11reminder] "e:\scansoft\paperport\ereg\ereg.exe" -r "c:\programdata\scansoft\paperport\11\config\ereg\Ereg.ini
    mRun: [TrkMonitor] "c:\program files\canon electronics\dr1210c\TrkMonitor.exe"
    mRun: [BrStsWnd] c:\program files\brownie\BrstsWnd.exe Autorun
    mRun: [NeroFilterCheck] c:\program files\common files\ahead\lib\NeroCheck.exe
    mRun: [StartCCC] "c:\program files\ati technologies\ati.ace\core-static\CLIStart.exe" MSRun
    mRun: [EvtMgr6] c:\program files\logitech\setpointp\SetPoint.exe /launchGaming
    mRun: [Malwarebytes' Anti-Malware] "c:\program files\malwarebytes' anti-malware\mbamgui.exe" /starttray
    mRun: [AVG_TRAY] e:\avg\avg10\avgtray.exe
    mRun: [Zune Launcher] "g:\zune\ZuneLauncher.exe"
    mRun: [ccApp] "c:\program files\common files\symantec shared\ccApp.exe"
    dRun: [CtxfiReg] CTXFIREG.exe /FAIL2
    StartupFolder: c:\users\christ~1\appdata\roaming\micros~1\windows\startm~1\programs\startup\adobeg~1.lnk - c:\program files\common files\adobe\calibration\Adobe Gamma Loader.exe
    mPolicies-explorer: BindDirectlyToPropertySetStorage = 0 (0x0)
    mPolicies-system: EnableLUA = 0 (0x0)
    mPolicies-system: EnableUIADesktopToggle = 0 (0x0)
    IE: E&xport to Microsoft Excel - d:\micros~1\office12\EXCEL.EXE/3000
    IE: Google Sidewiki... - c:\program files\google\google toolbar\component\GoogleToolbarDynamic_mui_en_89D8574934B26AC4.dll/cmsidewiki.html
    IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - d:\micros~1\office12\REFIEBAR.DLL
    IE: {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - {53707962-6F74-2D53-2644-206D7942484F} - c:\progra~1\spybot~1\SDHelper.dll
    DPF: {02BF25D5-8C17-4B23-BC80-D3488ABDDC6B} - hxxp://appldnld.apple.com.edgesuite.net/content.info.apple.com/QuickTime/qtactivex/qtplugin.cab
    DPF: {233C1507-6A77-46A4-9443-F871F945D258} - hxxp://download.macromedia.com/pub/shockwave/cabs/director/sw.cab
    DPF: {283A7932-A386-496A-9AB0-E8DBFACFF1E5} - hxxp://ondisk.co.kr/setup/OnDiskWebControl.cab
    DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_11-windows-i586.cab
    DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} - hxxp://fpdownload.macromedia.com/get/flashplayer/current/polarbear/ultrashim.cab
    DPF: {CAFEEFAC-0016-0000-0011-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_11-windows-i586.cab
    DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_11-windows-i586.cab
    DPF: {CEAF43B1-E8C1-426D-A63C-92C71212E6E5} - hxxp://touch.imbc.com/ActiveX/iMBCOnlineService.cab
    DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
    .
    ================= FIREFOX ===================
    .
    FF - ProfilePath - c:\users\christ~1\appdata\roaming\mozilla\firefox\profiles\9vb1f7xa.default\
    FF - component: c:\users\christian\appdata\roaming\mozilla\firefox\profiles\9vb1f7xa.default\extensions\{88c7f2aa-f93f-432c-8f0e-b7d85967a527}\components\RadioWMPCoreGecko19.dll
    FF - component: c:\users\christian\appdata\roaming\mozilla\firefox\profiles\9vb1f7xa.default\extensions\engine@conduit.com\components\RadioWMPCoreGecko19.dll
    FF - plugin: c:\program files\nos\bin\np_gp.dll
    FF - plugin: c:\users\christian\appdata\roaming\mozilla\firefox\profiles\9vb1f7xa.default\extensions\iaplayer@instantaction.com\plugins\npiaplayer.dll
    FF - Ext: Default: {972ce4c6-7e08-4474-a285-3208198ce6fd} - e:\program files\mozilla firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
    FF - Ext: InstantAction.com Game Launcher: iaplayer@instantaction.com - %profile%\extensions\iaplayer@instantaction.com
    FF - Ext: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - %profile%\extensions\{20a82645-c095-46ed-80e3-08825760534b}
    FF - Ext: Conduit Engine : engine@conduit.com - %profile%\extensions\engine@conduit.com
    FF - Ext: BitTorrentBar Community Toolbar: {88c7f2aa-f93f-432c-8f0e-b7d85967a527} - %profile%\extensions\{88c7f2aa-f93f-432c-8f0e-b7d85967a527}
    FF - Ext: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\microsoft.net\framework\v3.5\windows presentation foundation\DotNetAssistantExtension
    .
    ============= SERVICES / DRIVERS ===============
    .
    R0 tdrpman147;Acronis Try&Decide and Restore Points filter (build 147);c:\windows\system32\drivers\tdrpm147.sys [2008-11-21 971232]
    R2 AMD External Events Utility;AMD External Events Utility;c:\windows\system32\atiesrxx.exe [2010-10-26 176128]
    R2 EBIOS32;EBIOS32 - NT Driver;c:\windows\system32\drivers\EBIOS32.SYS [2008-11-28 13922]
    R2 MBAMService;MBAMService;c:\program files\malwarebytes' anti-malware\mbamservice.exe [2010-1-19 363344]
    R2 SBSDWSCService;SBSD Security Center Service;c:\program files\spybot - search & destroy\SDWinSec.exe [2009-9-26 1153368]
    R2 Symantec AntiVirus;Symantec Endpoint Protection;c:\program files\symantec\symantec endpoint protection\Rtvscan.exe [2011-2-7 1839776]
    R3 amdkmdag;amdkmdag;c:\windows\system32\drivers\atikmdag.sys [2010-10-26 6573568]
    R3 amdkmdap;amdkmdap;c:\windows\system32\drivers\atikmpag.sys [2010-10-26 229888]
    R3 AtiHDAudioService;ATI Function Driver for HD Audio Service;c:\windows\system32\drivers\AtihdLH3.sys [2010-9-24 99856]
    R3 CT20XUT.SYS;CT20XUT.SYS;c:\windows\system32\drivers\CT20XUT.sys [2008-10-8 171032]
    R3 CTEXFIFX.SYS;CTEXFIFX.SYS;c:\windows\system32\drivers\CTEXFIFX.sys [2008-10-8 1324056]
    R3 CTHWIUT.SYS;CTHWIUT.SYS;c:\windows\system32\drivers\CTHWIUT.sys [2008-10-8 72728]
    R3 EraserUtilRebootDrv;EraserUtilRebootDrv;c:\program files\common files\symantec shared\eengine\EraserUtilRebootDrv.sys [2011-3-3 102448]
    R3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [2010-1-19 20952]
    S2 NOD32krn;NOD32 Kernel Service;"e:\program files\eset\nod32krn.exe" --> e:\program files\eset\nod32krn.exe [?]
    S3 COH_Mon;COH_Mon;c:\windows\system32\drivers\COH_Mon.sys [2011-2-7 23888]
    S3 Creative Audio Engine Licensing Service;Creative Audio Engine Licensing Service;c:\program files\common files\creative labs shared\service\CTAELicensing.exe [2009-5-21 79360]
    S3 CT20XUT;CT20XUT;c:\windows\system32\drivers\CT20XUT.sys [2008-10-8 171032]
    S3 CTEXFIFX;CTEXFIFX;c:\windows\system32\drivers\CTEXFIFX.sys [2008-10-8 1324056]
    S3 CTHWIUT;CTHWIUT;c:\windows\system32\drivers\CTHWIUT.sys [2008-10-8 72728]
    S3 JmtFltr;n52te;c:\windows\system32\drivers\JmtFltr.sys [2008-12-16 48896]
    .
    =============== Created Last 30 ================
    .
    2011-03-04 08:10:32 -------- d-----w- c:\windows\system32\drivers\AVG
    2011-03-04 08:10:32 -------- d-----w- c:\progra~2\AVG10
    2011-03-04 08:07:26 -------- d-----w- c:\progra~2\MFAData
    2011-03-04 06:33:02 -------- d-----w- c:\progra~2\AVAST Software
    2011-03-04 05:26:45 167936 ----a-w- c:\windows\system32\drivers\wpshelper.sys
    2011-03-04 04:35:01 39512 ----a-w- c:\windows\system32\drivers\AMonLWLH.sys
    2011-03-04 04:35:00 31424 ----a-w- c:\windows\system32\V3w32se2.dll
    2011-03-04 04:34:23 -------- d-----w- c:\program files\common files\AhnLab
    2011-03-04 04:33:52 -------- d-----w- c:\progra~2\AhnLab
    2011-03-04 04:25:11 99696 ----a-w- c:\windows\system32\drivers\SysPlant.sys
    2011-03-04 04:25:11 357744 ----a-w- c:\windows\system32\Sysfer.dll
    2011-03-04 04:24:57 125488 ----a-w- c:\windows\system32\drivers\SYMEVENT.SYS
    2011-03-04 04:24:51 503808 ----a-w- c:\windows\system32\MSVCP71.DLL
    2011-03-04 02:26:32 -------- d-----w- c:\users\christ~1\appdata\local\Threat Expert
    2011-03-04 02:03:39 -------- d-----w- c:\users\christ~1\appdata\roaming\PC Tools
    2011-03-04 02:03:39 -------- d-----w- c:\program files\PC Tools Security
    2011-03-04 02:03:39 -------- d-----w- c:\program files\common files\PC Tools
    2011-03-04 02:02:15 -------- d-----w- c:\progra~2\PC Tools
    2011-03-03 23:37:21 -------- d-----w- c:\progra~2\Hitman Pro
    2011-03-03 23:18:24 -------- d-----w- c:\progra~2\NortonInstaller
    2011-03-03 23:16:41 -------- d-----w- c:\progra~2\Norton
    2011-03-03 08:06:52 -------- d-----w- c:\users\christ~1\appdata\local\Sunbelt Software
    2011-03-03 08:06:16 -------- dc-h--w- c:\progra~2\{7F66490B-6C2B-46B6-8BA2-867BC3B4F5EB}
    2011-03-03 08:05:38 -------- d-----w- c:\program files\Lavasoft
    2011-03-03 07:55:17 -------- d-----w- c:\program files\Trend Micro
    2011-03-03 05:29:50 -------- d-----w- c:\windows\system32\appmgmt
    2011-02-27 01:29:21 -------- d-----w- c:\users\christ~1\appdata\roaming\Fender
    2011-02-27 01:27:02 -------- d-----w- c:\program files\Fender
    2011-02-20 01:23:53 59928 ----a-w- c:\windows\system32\fxcompchannel.dll
    2011-02-20 01:23:53 281600 ----a-w- c:\windows\system32\spool\prtprocs\w32x86\hpcpp093.DLL
    2011-02-20 01:23:53 161280 ----a-w- c:\windows\system32\hpcpn093.dll
    2011-02-20 01:16:13 331776 ----a-w- c:\windows\system32\hppcpr13.dll
    2011-02-20 01:15:47 -------- d-----w- C:\HP_P2050_full_solution_v6.1_AM-EMEA
    2011-02-08 22:45:31 -------- d-----w- c:\program files\BitTorrent
    .
    ==================== Find3M ====================
    .
    2011-03-04 06:57:22 4578856446 ----a-w- c:\windows\system32\msvcache.dll
    2011-03-04 05:27:04 119296 ----a-w- c:\windows\system32\zlib.dll
    2011-02-07 14:11:38 89600 ----a-w- c:\windows\system32\atl71.dll
    2011-02-07 14:11:38 87408 ----a-w- c:\windows\system32\FwsVpn.dll
    2011-02-07 14:11:38 107888 ----a-w- c:\windows\system32\SymVPN.dll
    2011-01-26 03:53:14 32 ----a-w- c:\windows\system32\wdccom.dat.dll
    2011-01-25 10:11:28 3158016 ----a-w- c:\windows\system32\MpSigsvr.exe
    2011-01-25 10:05:44 1094144 ----a-w- c:\windows\system32\Portax86.dll
    2011-01-19 08:26:54 86016 ----a-w- c:\windows\system32\frapsvid.dll
    .
    ============= FINISH: 23:31:53.18 ===============


    .
    UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
    IF REQUESTED, ZIP IT UP & ATTACH IT
    .
    DDS (Ver_11-03-05.01)
    .
    Microsoft® Windows Vista™ Ultimate
    Boot Device: \Device\HarddiskVolume1
    Install Date: 11/20/2008 9:47:25 PM
    System Uptime: 3/4/2011 11:18:31 PM (0 hours ago)
    .
    Motherboard: Intel Corporation | | D975XBX2
    Processor: Intel(R) Core(TM)2 Quad CPU Q6600 @ 2.40GHz | J3E1 | 2877/266mhz
    .
    ==== Disk Partitions =========================
    .
    C: is FIXED (NTFS) - 78 GiB total, 31.102 GiB free.
    D: is FIXED (NTFS) - 39 GiB total, 34.082 GiB free.
    E: is FIXED (NTFS) - 39 GiB total, 37.28 GiB free.
    F: is FIXED (NTFS) - 142 GiB total, 27.806 GiB free.
    G: is FIXED (NTFS) - 140 GiB total, 63.294 GiB free.
    H: is FIXED (NTFS) - 140 GiB total, 115 GiB free.
    I: is CDROM (UDF)
    J: is CDROM ()
    L: is CDROM ()
    .
    ==== Disabled Device Manager Items =============
    .
    ==== System Restore Points ===================
    .
    RP759: 2/19/2011 2:10:44 PM - Scheduled Checkpoint
    RP761: 2/19/2011 8:21:47 PM - HP Installation Restore Point
    RP762: 2/21/2011 9:03:51 AM - Scheduled Checkpoint
    RP763: 2/22/2011 7:19:09 AM - Scheduled Checkpoint
    RP764: 2/23/2011 10:31:13 PM - Scheduled Checkpoint
    RP765: 2/24/2011 11:27:12 AM - Scheduled Checkpoint
    RP766: 2/25/2011 5:33:45 PM - Scheduled Checkpoint
    RP767: 2/26/2011 11:07:39 AM - Scheduled Checkpoint
    RP768: 2/27/2011 11:47:20 AM - Scheduled Checkpoint
    RP769: 2/28/2011 12:40:16 PM - Scheduled Checkpoint
    RP773: 3/2/2011 9:38:28 PM - Restore Operation
    RP796: 3/3/2011 10:46:40 PM - Restore Operation
    .
    ==== Installed Programs ======================
    .
    .
    2007 Microsoft Office Suite Service Pack 2 (SP2)
    32 Bit HP CIO Components Installer
    3ivx MPEG-4 5.0.3 (remove only)
    Acrobat.com
    Acronis*Disk Director Suite
    Acronis*True*Image*Home
    Adobe AIR
    Adobe Bridge 1.0
    Adobe Common File Installer
    Adobe Connect Add-in
    Adobe Flash Player 10 ActiveX
    Adobe Help Center 1.0
    Adobe Photoshop CS2
    Adobe Reader 9
    Adobe Shockwave Player 11.5
    Adobe Stock Photos 1.0
    ATI Catalyst Install Manager
    Brother HL-2170W
    Canon DR-1210C Driver
    CapturePerfect 3.0
    Carom3D
    Catalyst Control Center - Branding
    Catalyst Control Center Graphics Previews Common
    Catalyst Control Center Graphics Previews Vista
    Catalyst Control Center InstallProxy
    ccc-core-static
    ccc-utility
    CCC Help English
    CCleaner (remove only)
    CommVault Systems DataArchiver Outlook Add-In (Instance001)
    Creative Audio Control Panel
    Creative Sound Blaster Properties
    Dead Space 2
    DisplayFusion 2.2.1
    DNE Update
    DR-1210C Job Tool
    Droplitz
    eReg
    EVEREST Ultimate Edition v4.20
    FileASSASSIN
    FinePrint
    Fraps
    Garmin USB Drivers
    Garmin WebUpdater
    HD Tune 2.55
    Hotfix for Microsoft .NET Framework 3.5 SP1 (KB953595)
    Hotfix for Microsoft .NET Framework 3.5 SP1 (KB958484)
    HP LaserJet P2050 Series 6.0
    hppFonts
    hppQFolderP2050
    Intel(R) Network Connections 14.5.1.0
    Java(TM) 6 Update 11
    LiveUpdate 3.3 (Symantec Corporation)
    Logitech SetPoint 6.20
    Macromedia Dreamweaver MX 2004
    Macromedia Extension Manager
    Malwarebytes' Anti-Malware
    Microsoft .NET Framework 3.5 SP1
    Microsoft Games for Windows - LIVE
    Microsoft Games for Windows - LIVE Redistributable
    Microsoft Office Access MUI (English) 2007
    Microsoft Office Access Setup Metadata MUI (English) 2007
    Microsoft Office Excel MUI (English) 2007
    Microsoft Office InfoPath MUI (English) 2007
    Microsoft Office Outlook MUI (English) 2007
    Microsoft Office PowerPoint MUI (English) 2007
    Microsoft Office Professional Plus 2007
    Microsoft Office Proof (English) 2007
    Microsoft Office Proof (French) 2007
    Microsoft Office Proof (Spanish) 2007
    Microsoft Office Proofing (English) 2007
    Microsoft Office Publisher MUI (English) 2007
    Microsoft Office Shared MUI (English) 2007
    Microsoft Office Shared Setup Metadata MUI (English) 2007
    Microsoft Office Word MUI (English) 2007
    Microsoft Visual C++ 2005 Redistributable
    Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022
    Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
    Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
    Microsoft Visual C++ 2010 x86 Redistributable - 10.0.30319
    Monkey's Audio
    Mozilla Firefox (3.0.19)
    MSXML 4.0 SP2 (KB927978)
    MSXML 4.0 SP2 (KB954430)
    MSXML 4.0 SP2 (KB973688)
    n52te Editor
    Nero 7 Premium
    OpenAL
    ordrumbox-0.8.05
    PASW Statistics 18
    pdfFactory Pro
    PerfectDisk
    Pinnacle Game Profiler
    PTC ProDESKTOP 8.0
    RESIDENT EVIL 5
    ScanSoft PaperPort 11
    SeaTools for Windows
    Security Update for 2007 Microsoft Office System (KB2277947)
    Security Update for 2007 Microsoft Office System (KB2288621)
    Security Update for 2007 Microsoft Office System (KB969559)
    Security Update for 2007 Microsoft Office System (KB976321)
    Security Update for 2007 Microsoft Office System (KB982312)
    Security Update for 2007 Microsoft Office System (KB982331)
    Security Update for Microsoft Office Access 2007 (KB979440)
    Security Update for Microsoft Office Excel 2007 (KB982308)
    Security Update for Microsoft Office InfoPath 2007 (KB979441)
    Security Update for Microsoft Office Outlook 2007 (KB2288953)
    Security Update for Microsoft Office PowerPoint 2007 (KB982158)
    Security Update for Microsoft Office Publisher 2007 (KB982124)
    Security Update for Microsoft Office system 2007 (972581)
    Security Update for Microsoft Office system 2007 (KB974234)
    Security Update for Microsoft Office Visio Viewer 2007 (KB973709)
    Security Update for Microsoft Office Word 2007 (KB2251419)
    SharpKeys
    SPSS 11.5 for Windows
    SPT-667 Phrase Trainer 1
    Spybot - Search & Destroy
    StarCraft
    Steam
    Super Meat Boy
    Symantec Endpoint Protection
    The KMPlayer (remove only)
    Unlocker 1.8.7
    Update for 2007 Microsoft Office System (KB967642)
    Update for Microsoft .NET Framework 3.5 SP1 (KB963707)
    Update for Outlook 2007 Junk Email Filter (kb2291599)
    ViceVersa Pro 1.3.1
    Virtual Pool 3 DL
    VistaGlazz 1.1
    WebReg
    Winamp
    Windows Driver Package - Garmin (grmnusb) GARMIN Devices (03/08/2007 2.2.1.0)
    Windows Media Player Firefox Plugin
    WinRAR archiver
    WinTidy 1.0.11
    Your Uninstaller! 2008 Version 6.2
    YouTube Music Converter V1.3.8
    Youtube Music Downloader V3.6
    Zune
    Zune Language Pack (ES)
    Zune Language Pack (FR)
    .
    ==== Event Viewer Messages From Past Week ========
    .
    3/4/2011 9:03:50 PM, Error: Microsoft-Windows-BitLocker-Driver [24620] - Encrypted volume check: Volume information on K: cannot be read.
    3/4/2011 3:34:12 AM, Error: EventLog [6008] - The previous system shutdown at 3:32:21 AM on 3/4/2011 was unexpected.
    3/4/2011 3:25:25 AM, Error: Service Control Manager [7000] -
    3/4/2011 3:22:46 AM, Error: Service Control Manager [7026] - The following boot-start or system-start driver(s) failed to load: Avgldx86 Avgmfx86 bbfbb
    3/4/2011 3:16:20 AM, Error: Service Control Manager [7009] - A timeout was reached (30000 milliseconds) while waiting for the PinnacleUpdate Service service to connect.
    3/4/2011 3:14:22 AM, Error: EventLog [6008] - The previous system shutdown at 3:10:28 AM on 3/4/2011 was unexpected.
    3/4/2011 2:11:05 AM, Error: Service Control Manager [7032] - The Service Control Manager tried to take a corrective action (Restart the service) after the unexpected termination of the Windows Management Instrumentation service, but this action failed with the following error: An instance of the service is already running.
    3/4/2011 11:24:24 PM, Error: Service Control Manager [7011] - A timeout (30000 milliseconds) was reached while waiting for a transaction response from the SysMain service.
    3/4/2011 11:23:54 PM, Error: Service Control Manager [7011] - A timeout (30000 milliseconds) was reached while waiting for a transaction response from the TrkWks service.
    3/4/2011 11:19:48 PM, Error: Service Control Manager [7034] - The PinnacleUpdate Service service terminated unexpectedly. It has done this 1 time(s).
    3/4/2011 11:19:48 PM, Error: Service Control Manager [7026] - The following boot-start or system-start driver(s) failed to load: bbfbb
    3/4/2011 11:19:48 PM, Error: Service Control Manager [7000] - The NOD32 Kernel Service service failed to start due to the following error: The system cannot find the path specified.
    3/4/2011 11:19:21 PM, Error: EventLog [6008] - The previous system shutdown at 11:17:19 PM on 3/4/2011 was unexpected.
    3/4/2011 10:42:56 PM, Error: Service Control Manager [7034] - The AMD External Events Utility service terminated unexpectedly. It has done this 1 time(s).
    3/4/2011 1:59:11 AM, Error: Service Control Manager [7031] - The avast! Antivirus service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 5000 milliseconds: Restart the service.
    3/4/2011 1:53:43 AM, Error: Service Control Manager [7026] - The following boot-start or system-start driver(s) failed to load: AFD AMonLWLH AMonTDLH aswRdr aswSnx aswSP aswTdi ATamptNt_V3IS80 bbfbb CSC DfsC eeCtrl hdaudbex NetBIOS netbt nsiproxy PSched RasAcd rdbss Smb SPBBCDrv spldr sptd SRTSP SRTSPX SYMTDI tdx usbc2k v3engine V3Flt2K Wanarpv6 WPS
    3/4/2011 1:53:43 AM, Error: Service Control Manager [7001] - The Workstation service depends on the Network Store Interface Service service which failed to start because of the following error: The dependency service or group failed to start.
    3/4/2011 1:53:43 AM, Error: Service Control Manager [7001] - The WebDav Client Redirector Driver service depends on the Redirected Buffering Sub Sysytem service which failed to start because of the following error: A device attached to the system is not functioning.
    3/4/2011 1:53:43 AM, Error: Service Control Manager [7001] - The WebClient service depends on the WebDav Client Redirector Driver service which failed to start because of the following error: The dependency service or group failed to start.
    3/4/2011 1:53:43 AM, Error: Service Control Manager [7001] - The TCP/IP NetBIOS Helper service depends on the Ancilliary Function Driver for Winsock service which failed to start because of the following error: A device attached to the system is not functioning.
    3/4/2011 1:53:43 AM, Error: Service Control Manager [7001] - The SMB MiniRedirector Wrapper and Engine service depends on the Redirected Buffering Sub Sysytem service which failed to start because of the following error: A device attached to the system is not functioning.
    3/4/2011 1:53:43 AM, Error: Service Control Manager [7001] - The SMB 2.0 MiniRedirector service depends on the SMB MiniRedirector Wrapper and Engine service which failed to start because of the following error: The dependency service or group failed to start.
    3/4/2011 1:53:43 AM, Error: Service Control Manager [7001] - The SMB 1.x MiniRedirector service depends on the SMB MiniRedirector Wrapper and Engine service which failed to start because of the following error: The dependency service or group failed to start.
    3/4/2011 1:53:43 AM, Error: Service Control Manager [7001] - The Network Store Interface Service service depends on the NSI proxy service service which failed to start because of the following error: A device attached to the system is not functioning.
    3/4/2011 1:53:43 AM, Error: Service Control Manager [7001] - The Network Location Awareness service depends on the Network Store Interface Service service which failed to start because of the following error: The dependency service or group failed to start.
    3/4/2011 1:53:43 AM, Error: Service Control Manager [7001] - The Network List Service service depends on the Network Location Awareness service which failed to start because of the following error: The dependency service or group failed to start.
    3/4/2011 1:53:43 AM, Error: Service Control Manager [7001] - The IP Helper service depends on the Network Store Interface Service service which failed to start because of the following error: The dependency service or group failed to start.
    3/4/2011 1:53:43 AM, Error: Service Control Manager [7001] - The DNS Client service depends on the NetIO Legacy TDI Support Driver service which failed to start because of the following error: A device attached to the system is not functioning.
    3/4/2011 1:53:43 AM, Error: Service Control Manager [7001] - The DHCP Client service depends on the Ancilliary Function Driver for Winsock service which failed to start because of the following error: A device attached to the system is not functioning.
    3/4/2011 1:53:43 AM, Error: Service Control Manager [7001] - The Creative Audio Service service depends on the Windows Audio service which failed to start because of the following error: The dependency service or group failed to start.
    3/4/2011 1:53:43 AM, Error: Service Control Manager [7001] - The Computer Browser service depends on the Server service which failed to start because of the following error: The dependency service or group failed to start.
    3/4/2011 1:53:09 AM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service MDM with arguments "" in order to run the server: {0C0A3666-30C9-11D0-8F20-00805F2CD064}
    3/4/2011 1:53:01 AM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1068" attempting to start the service netprofm with arguments "" in order to run the server: {A47979D2-C419-11D9-A5B4-001185AD2B89}
    3/4/2011 1:53:01 AM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1068" attempting to start the service netman with arguments "" in order to run the server: {BA126AD1-2166-11D1-B1D0-00805FC1270E}
    3/4/2011 1:53:00 AM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1068" attempting to start the service fdPHost with arguments "" in order to run the server: {145B4335-FE2A-4927-A040-7C35AD3180EF}
    3/4/2011 1:52:57 AM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service EventSystem with arguments "" in order to run the server: {1BE1F766-5536-11D1-B726-00C04FB926AF}
    3/4/2011 1:52:49 AM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service ShellHWDetection with arguments "" in order to run the server: {DD522ACC-F821-461A-A407-50B198B896DC}
    3/4/2011 1:52:23 AM, Error: EventLog [6008] - The previous system shutdown at 1:50:29 AM on 3/4/2011 was unexpected.
    3/4/2011 1:51:48 AM, Error: sptd [4] - Driver detected an internal error in its data structures for .
    3/4/2011 1:47:29 AM, Error: EventLog [6008] - The previous system shutdown at 1:45:16 AM on 3/4/2011 was unexpected.
    3/4/2011 1:33:06 AM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service MSIServer with arguments "" in order to run the server: {000C101C-0000-0000-C000-000000000046}
    3/4/2011 1:30:53 AM, Error: Service Control Manager [7026] - The following boot-start or system-start driver(s) failed to load: ATamptNt_V3IS80 bbfbb eeCtrl hdaudbex SPBBCDrv spldr sptd SRTSP SRTSPX SYMTDI usbc2k v3engine V3Flt2K Wanarpv6
    3/4/2011 1:29:32 AM, Error: EventLog [6008] - The previous system shutdown at 1:27:38 AM on 3/4/2011 was unexpected.
    3/3/2011 9:52:23 PM, Error: EventLog [6008] - The previous system shutdown at 9:50:46 PM on 3/3/2011 was unexpected.
    3/3/2011 9:44:46 PM, Error: EventLog [6008] - The previous system shutdown at 9:43:10 PM on 3/3/2011 was unexpected.
    3/3/2011 9:39:09 PM, Error: EventLog [6008] - The previous system shutdown at 9:37:00 PM on 3/3/2011 was unexpected.
    3/3/2011 9:15:59 PM, Error: EventLog [6008] - The previous system shutdown at 9:14:30 PM on 3/3/2011 was unexpected.
    3/3/2011 9:11:30 PM, Error: EventLog [6008] - The previous system shutdown at 9:09:00 PM on 3/3/2011 was unexpected.
    3/3/2011 9:01:11 PM, Error: Service Control Manager [7022] - The Server service hung on starting.
    3/3/2011 9:01:11 PM, Error: Service Control Manager [7001] - The Computer Browser service depends on the Server service which failed to start because of the following error: After starting, the service hung in a start-pending state.
    3/3/2011 8:58:21 PM, Error: Service Control Manager [7023] - The Server service terminated with the following error: Not enough server storage is available to process this command.
    3/3/2011 3:06:46 AM, Error: Service Control Manager [7030] - The Lavasoft Ad-Aware Service service is marked as an interactive service. However, the system is configured to not allow interactive services. This service may not function properly.
    3/3/2011 12:18:46 AM, Error: EventLog [6008] - The previous system shutdown at 12:17:15 AM on 3/3/2011 was unexpected.
    3/3/2011 11:52:22 PM, Error: Service Control Manager [7043] - The Windows Update service did not shut down properly after receiving a preshutdown control.
    3/3/2011 11:25:09 PM, Error: Service Control Manager [7030] - The Symantec Management Client service is marked as an interactive service. However, the system is configured to not allow interactive services. This service may not function properly.
    3/3/2011 11:17:30 PM, Error: PlugPlayManager [12] - The device 'NAVEX15' (Root\LEGACY_NAVEX15\0000) disappeared from the system without first being prepared for removal.
    3/3/2011 11:11:23 PM, Error: Service Control Manager [7011] - A timeout (30000 milliseconds) was reached while waiting for a transaction response from the ShellHWDetection service.
    3/3/2011 11:09:12 PM, Error: SRTSPL [11] - Unable to allocate open file data.
    3/3/2011 11:09:12 PM, Error: SRTSP [5] - Error loading Symantec real time Anti-Virus driver.
    3/3/2011 11:09:12 PM, Error: SRTSP [4] - Error loading virus definitions.
    3/3/2011 11:09:12 PM, Error: Service Control Manager [7000] - The SRTSPL service failed to start due to the following error: A device attached to the system is not functioning.
    3/3/2011 11:09:12 PM, Error: Service Control Manager [7000] - The SRTSP service failed to start due to the following error: A device attached to the system is not functioning.
    3/3/2011 11:07:24 PM, Error: Service Control Manager [7026] - The following boot-start or system-start driver(s) failed to load: bbfbb eeCtrl SRTSP
    3/3/2011 10:42:13 PM, Error: Service Control Manager [7026] - The following boot-start or system-start driver(s) failed to load: bbfbb SRTSP
    3/3/2011 10:41:51 PM, Error: EventLog [6008] - The previous system shutdown at 10:39:29 PM on 3/3/2011 was unexpected.
    3/3/2011 10:23:55 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service wuauserv with arguments "" in order to run the server: {E60687F7-01A1-40AA-86AC-DB1CBF673334}
    3/3/2011 10:07:56 PM, Error: Service Control Manager [7026] - The following boot-start or system-start driver(s) failed to load: AFD bbfbb CSC DfsC eeCtrl hdaudbex NetBIOS netbt nsiproxy PSched RasAcd rdbss Smb SPBBCDrv spldr sptd SRTSP SRTSPX SYMTDI tdx usbc2k Wanarpv6 WPS ws2ifsl
    3/3/2011 10:07:34 PM, Error: EventLog [6008] - The previous system shutdown at 10:05:23 PM on 3/3/2011 was unexpected.
    3/3/2011 1:05:37 AM, Error: Service Control Manager [7032] - The Service Control Manager tried to take a corrective action (Restart the service) after the unexpected termination of the Remote Access Connection Manager service, but this action failed with the following error: An instance of the service is already running.
    3/3/2011 1:02:37 AM, Error: Service Control Manager [7032] - The Service Control Manager tried to take a corrective action (Restart the service) after the unexpected termination of the Server service, but this action failed with the following error: An instance of the service is already running.
    3/2/2011 6:00:04 PM, Error: EventLog [6008] - The previous system shutdown at 5:55:49 PM on 3/2/2011 was unexpected.
    2/25/2011 4:05:02 PM, Error: Microsoft-Windows-Dhcp-Client [1002] - The IP address lease 192.168.1.100 for the Network Card with network address 001CC0051441 has been denied by the DHCP server 192.168.1.1 (The DHCP Server sent a DHCPNACK message).
    2/25/2011 4:04:59 PM, Error: EventLog [6008] - The previous system shutdown at 11:07:29 AM on 2/25/2011 was unexpected.
    2/25/2011 11:45:31 PM, Error: Service Control Manager [7011] - A timeout (30000 milliseconds) was reached while waiting for a transaction response from the Netman service.
    .
    ==== End Of File ===========================

    Step 6:
    I also ran Ad-aware & Avast. No malware was detected!

    Please help. Thank you!!
  2. Broni

    Broni Malware Annihilator Posts: 46,321   +252

    Welcome aboard [​IMG]

    Please, observe following rules:
    • Read all of my instructions very carefully. Your mistakes during cleaning process may have very serious consequences, like unbootable computer.
    • If you're stuck, or you're not sure about certain step, always ask before doing anything else.
    • Please refrain from running tools or applying updates other than those I suggest.
    • Never run more than one scan at a time.
    • Keep updating me regarding your computer behavior, good, or bad.
    • The cleaning process, once started, has to be completed. Even if your computer appears to act better, it may still be infected. Once the computer is totally clean, I'll certainly let you know.
    • If you leave the topic without explanation in the middle of a cleaning process, you may not be eligible to receive any more help in malware removal forum.
    • I close my topics if you have not replied in 5 days. If you need more time, simply let me know. If I closed your topic and you need it to be reopened, simply PM me.

    =========================================================================

    Download TDSSKiller and save it to your desktop.
    • Extract (unzip) its contents to your desktop.
    • Open the TDSSKiller folder and doubleclick on TDSSKiller.exe to run the application, then on Start Scan.
    • If an infected file is detected, the default action will be Cure, click on Continue.
    • If a suspicious file is detected, the default action will be Skip, click on Continue.
    • It may ask you to reboot the computer to complete the process. Click on Reboot Now.
    • If no reboot is require, click on Report. A log file should appear. Please copy and paste the contents of that file here.
    • If a reboot is required, the report can also be found in your root directory (usually C:\ folder) in the form of TDSSKiller_xxxx_log.txt. Please copy and paste the contents of that file here.
  3. ChriskK

    ChriskK Newcomer, in training Topic Starter Posts: 18

    Holy Cow! It cured my PC!! I thought I'd reinstall the OS.

    God bless you, Broni~~

    I'm curious as to how this virus got into my system. I'm running Symantec Endpoint & Spybot and apparently both program didn't detect it. The only thing that I added to the PC before the symptoms appeared was Adobe Flash.
  4. Broni

    Broni Malware Annihilator Posts: 46,321   +252

    I'm glad to hear good news :)

    There is no perfect security program.
    As long, as you're connected to the net, you're in danger unless you stick to certain rules.

    I still need TDSSKiller log and we'll need to run some more scans to make sure, your computer is totally clean.
  5. ChriskK

    ChriskK Newcomer, in training Topic Starter Posts: 18

    I ran the TDSSkiller again after it killed the TDSS virus. Here's the log. It found one suspicious file.

    2011/03/05 00:38:08.0395 4004 TDSS rootkit removing tool 2.4.20.0 Mar 2 2011 10:44:30
    2011/03/05 00:38:08.0567 4004 ================================================================================
    2011/03/05 00:38:08.0567 4004 SystemInfo:
    2011/03/05 00:38:08.0567 4004
    2011/03/05 00:38:08.0567 4004 OS Version: 6.0.6002 ServicePack: 2.0
    2011/03/05 00:38:08.0567 4004 Product type: Workstation
    2011/03/05 00:38:08.0567 4004 ComputerName: CHRISTIAN-PC
    2011/03/05 00:38:08.0567 4004 UserName: Christian
    2011/03/05 00:38:08.0567 4004 Windows directory: C:\Windows
    2011/03/05 00:38:08.0567 4004 System windows directory: C:\Windows
    2011/03/05 00:38:08.0567 4004 Processor architecture: Intel x86
    2011/03/05 00:38:08.0567 4004 Number of processors: 4
    2011/03/05 00:38:08.0567 4004 Page size: 0x1000
    2011/03/05 00:38:08.0567 4004 Boot type: Normal boot
    2011/03/05 00:38:08.0567 4004 ================================================================================
    2011/03/05 00:38:09.0255 4004 Initialize success
    2011/03/05 00:38:12.0380 5644 ================================================================================
    2011/03/05 00:38:12.0380 5644 Scan started
    2011/03/05 00:38:12.0380 5644 Mode: Manual;
    2011/03/05 00:38:12.0380 5644 ================================================================================
    2011/03/05 00:38:13.0286 5644 61883 (585e64bb6dfbc0a2f1f0b554ded012df) C:\Windows\system32\DRIVERS\61883.sys
    2011/03/05 00:38:13.0333 5644 ACPI (82b296ae1892fe3dbee00c9cf92f8ac7) C:\Windows\system32\drivers\acpi.sys
    2011/03/05 00:38:13.0426 5644 adp94xx (2edc5bbac6c651ece337bde8ed97c9fb) C:\Windows\system32\drivers\adp94xx.sys
    2011/03/05 00:38:13.0473 5644 adpahci (b84088ca3cdca97da44a984c6ce1ccad) C:\Windows\system32\drivers\adpahci.sys
    2011/03/05 00:38:13.0489 5644 adpu160m (7880c67bccc27c86fd05aa2afb5ea469) C:\Windows\system32\drivers\adpu160m.sys
    2011/03/05 00:38:13.0505 5644 adpu320 (9ae713f8e30efc2abccd84904333df4d) C:\Windows\system32\drivers\adpu320.sys
    2011/03/05 00:38:13.0567 5644 AFD (a201207363aa900abf1a388468688570) C:\Windows\system32\drivers\afd.sys
    2011/03/05 00:38:13.0598 5644 agp440 (ef23439cdd587f64c2c1b8825cead7d8) C:\Windows\system32\drivers\agp440.sys
    2011/03/05 00:38:13.0661 5644 aic78xx (ae1fdf7bf7bb6c6a70f67699d880592a) C:\Windows\system32\drivers\djsvs.sys
    2011/03/05 00:38:13.0692 5644 aliide (90395b64600ebb4552e26e178c94b2e4) C:\Windows\system32\drivers\aliide.sys
    2011/03/05 00:38:13.0739 5644 amdagp (2b13e304c9dfdfa5eb582f6a149fa2c7) C:\Windows\system32\drivers\amdagp.sys
    2011/03/05 00:38:13.0770 5644 amdide (0577df1d323fe75a739c787893d300ea) C:\Windows\system32\drivers\amdide.sys
    2011/03/05 00:38:13.0786 5644 AmdK7 (dc487885bcef9f28eece6fac0e5ddfc5) C:\Windows\system32\drivers\amdk7.sys
    2011/03/05 00:38:13.0801 5644 AmdK8 (0ca0071da4315b00fc1328ca86b425da) C:\Windows\system32\drivers\amdk8.sys
    2011/03/05 00:38:14.0161 5644 amdkmdag (a91e07a35c0f31da7905f4a79d1ad924) C:\Windows\system32\DRIVERS\atikmdag.sys
    2011/03/05 00:38:14.0395 5644 amdkmdap (baac8ebb76c4cc16a342670263b0ef4d) C:\Windows\system32\DRIVERS\atikmpag.sys
    2011/03/05 00:38:14.0489 5644 arc (5f673180268bb1fdb69c99b6619fe379) C:\Windows\system32\drivers\arc.sys
    2011/03/05 00:38:14.0505 5644 arcsas (957f7540b5e7f602e44648c7de5a1c05) C:\Windows\system32\drivers\arcsas.sys
    2011/03/05 00:38:14.0551 5644 AsyncMac (53b202abee6455406254444303e87be1) C:\Windows\system32\DRIVERS\asyncmac.sys
    2011/03/05 00:38:14.0583 5644 atapi (1f05b78ab91c9075565a9d8a4b880bc4) C:\Windows\system32\drivers\atapi.sys
    2011/03/05 00:38:14.0661 5644 AtiHDAudioService (2ed0e3565f9ea5fc3a4143e9aaad949c) C:\Windows\system32\drivers\AtihdLH3.sys
    2011/03/05 00:38:14.0708 5644 AtiHdmiService (e6530b7887652ad6ca32401483ae6766) C:\Windows\system32\drivers\AtiHdmi.sys
    2011/03/05 00:38:15.0036 5644 atikmdag (a91e07a35c0f31da7905f4a79d1ad924) C:\Windows\system32\DRIVERS\atikmdag.sys
    2011/03/05 00:38:15.0208 5644 Avc (f4b56425a00beb32f5fa6603ff7b0ea2) C:\Windows\system32\DRIVERS\avc.sys
    2011/03/05 00:38:15.0301 5644 Beep (67e506b75bd5326a3ec7b70bd014dfb6) C:\Windows\system32\drivers\Beep.sys
    2011/03/05 00:38:15.0395 5644 bowser (74b442b2be1260b7588c136177ceac66) C:\Windows\system32\DRIVERS\bowser.sys
    2011/03/05 00:38:15.0426 5644 BrFiltLo (9f9acc7f7ccde8a15c282d3f88b43309) C:\Windows\system32\drivers\brfiltlo.sys
    2011/03/05 00:38:15.0442 5644 BrFiltUp (56801ad62213a41f6497f96dee83755a) C:\Windows\system32\drivers\brfiltup.sys
    2011/03/05 00:38:15.0473 5644 Brserid (b304e75cff293029eddf094246747113) C:\Windows\system32\drivers\brserid.sys
    2011/03/05 00:38:15.0489 5644 BrSerWdm (203f0b1e73adadbbb7b7b1fabd901f6b) C:\Windows\system32\drivers\brserwdm.sys
    2011/03/05 00:38:15.0505 5644 BrUsbMdm (bd456606156ba17e60a04e18016ae54b) C:\Windows\system32\drivers\brusbmdm.sys
    2011/03/05 00:38:15.0551 5644 BrUsbSer (af72ed54503f717a43268b3cc5faec2e) C:\Windows\system32\drivers\brusbser.sys
    2011/03/05 00:38:15.0567 5644 BTHMODEM (ad07c1ec6665b8b35741ab91200c6b68) C:\Windows\system32\drivers\bthmodem.sys
    2011/03/05 00:38:15.0645 5644 cdfs (7add03e75beb9e6dd102c3081d29840a) C:\Windows\system32\DRIVERS\cdfs.sys
    2011/03/05 00:38:15.0692 5644 cdrom (6b4bffb9becd728097024276430db314) C:\Windows\system32\DRIVERS\cdrom.sys
    2011/03/05 00:38:15.0708 5644 circlass (da8e0afc7baa226c538ef53ac2f90897) C:\Windows\system32\drivers\circlass.sys
    2011/03/05 00:38:15.0770 5644 CLFS (d7659d3b5b92c31e84e53c1431f35132) C:\Windows\system32\CLFS.sys
    2011/03/05 00:38:15.0786 5644 cmdide (45201046c776ffdaf3fc8a0029c581c8) C:\Windows\system32\drivers\cmdide.sys
    2011/03/05 00:38:15.0848 5644 COH_Mon (4f2dedeed7c091fafc4dada5534f3d37) C:\Windows\system32\Drivers\COH_Mon.sys
    2011/03/05 00:38:15.0895 5644 Compbatt (82b8c91d327cfecf76cb58716f7d4997) C:\Windows\system32\drivers\compbatt.sys
    2011/03/05 00:38:15.0911 5644 crcdisk (2a213ae086bbec5e937553c7d9a2b22c) C:\Windows\system32\drivers\crcdisk.sys
    2011/03/05 00:38:15.0958 5644 Crusoe (22a7f883508176489f559ee745b5bf5d) C:\Windows\system32\drivers\crusoe.sys
    2011/03/05 00:38:16.0020 5644 CSC (9bdb2e89be8d0ef37b1f25c3d3fc192c) C:\Windows\system32\drivers\csc.sys
    2011/03/05 00:38:16.0098 5644 CT20XUT (f3853ffef16c14214a271db60243d1aa) C:\Windows\system32\drivers\CT20XUT.SYS
    2011/03/05 00:38:16.0145 5644 CT20XUT.SYS (f3853ffef16c14214a271db60243d1aa) C:\Windows\System32\drivers\CT20XUT.SYS
    2011/03/05 00:38:16.0208 5644 ctac32k (7a437a2b771c40e2255f293dc82fd20c) C:\Windows\system32\drivers\ctac32k.sys
    2011/03/05 00:38:16.0239 5644 ctaud2k (2a68b4e68e43a394b22b3424e7a6e5af) C:\Windows\system32\drivers\ctaud2k.sys
    2011/03/05 00:38:16.0286 5644 ctdvda2k (c3fe1c4c353efdfc893c1f3b7847caba) C:\Windows\system32\drivers\ctdvda2k.sys
    2011/03/05 00:38:16.0426 5644 CTEXFIFX (02b287c3305c171bc7611928d4bc3b48) C:\Windows\system32\drivers\CTEXFIFX.SYS
    2011/03/05 00:38:16.0505 5644 CTEXFIFX.SYS (02b287c3305c171bc7611928d4bc3b48) C:\Windows\System32\drivers\CTEXFIFX.SYS
    2011/03/05 00:38:16.0567 5644 CTHWIUT (93f1b4071ef759082d07c5864aaa67b0) C:\Windows\system32\drivers\CTHWIUT.SYS
    2011/03/05 00:38:16.0583 5644 CTHWIUT.SYS (93f1b4071ef759082d07c5864aaa67b0) C:\Windows\System32\drivers\CTHWIUT.SYS
    2011/03/05 00:38:16.0630 5644 ctprxy2k (a57b34c36d1a9c886ef86311f256090f) C:\Windows\system32\drivers\ctprxy2k.sys
    2011/03/05 00:38:16.0739 5644 ctsfm2k (2bf688833a70758aaf6d89469e15a7b9) C:\Windows\system32\drivers\ctsfm2k.sys
    2011/03/05 00:38:16.0801 5644 CVirtA (b5ecadf7708960f1818c7fa015f4c239) C:\Windows\system32\DRIVERS\CVirtA.sys
    2011/03/05 00:38:16.0911 5644 CVPNDRVA (1c2999966f0f36aa44eaecbee70cf770) C:\Windows\system32\Drivers\CVPNDRVA.sys
    2011/03/05 00:38:16.0989 5644 DefragFS (d38c27df7b3e8840b4b92ed5c5c06c2c) C:\Windows\system32\drivers\DefragFS.sys
    2011/03/05 00:38:17.0020 5644 DfsC (218d8ae46c88e82014f5d73d0236d9b2) C:\Windows\system32\Drivers\dfsc.sys
    2011/03/05 00:38:17.0098 5644 disk (5d4aefc3386920236a548271f8f1af6a) C:\Windows\system32\drivers\disk.sys
    2011/03/05 00:38:17.0130 5644 DNE (812f9714b6d2d93078bf4d126167c5ba) C:\Windows\system32\DRIVERS\dne2000.sys
    2011/03/05 00:38:17.0208 5644 drmkaud (97fef831ab90bee128c9af390e243f80) C:\Windows\system32\drivers\drmkaud.sys
    2011/03/05 00:38:17.0286 5644 DXGKrnl (fb85f7f69e9b109820409243f578cc4d) C:\Windows\System32\drivers\dxgkrnl.sys
    2011/03/05 00:38:17.0348 5644 e1express (abfd0739bda1a9295b872a4b27326b9c) C:\Windows\system32\DRIVERS\e1e6032.sys
    2011/03/05 00:38:17.0395 5644 E1G60 (f88fb26547fd2ce6d0a5af2985892c48) C:\Windows\system32\DRIVERS\E1G60I32.sys
    2011/03/05 00:38:17.0458 5644 EBIOS32 (81bee29f3d4a810350312d8b29cb8afa) C:\Windows\system32\Drivers\EBIOS32.SYS
    2011/03/05 00:38:17.0505 5644 Ecache (7f64ea048dcfac7acf8b4d7b4e6fe371) C:\Windows\system32\drivers\ecache.sys
    2011/03/05 00:38:17.0676 5644 eeCtrl (089296aedb9b72b4916ac959752bdc89) C:\Program Files\Common Files\Symantec Shared\EENGINE\eeCtrl.sys
    2011/03/05 00:38:17.0848 5644 elxstor (e8f3f21a71720c84bcf423b80028359f) C:\Windows\system32\drivers\elxstor.sys
    2011/03/05 00:38:17.0895 5644 emupia (ebf597b66f03035c1cc9e8352f964680) C:\Windows\system32\drivers\emupia2k.sys
    2011/03/05 00:38:18.0098 5644 EraserUtilRebootDrv (850259334652d392e33ee3412562e583) C:\Program Files\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys
    2011/03/05 00:38:18.0270 5644 exfat (22b408651f9123527bcee54b4f6c5cae) C:\Windows\system32\drivers\exfat.sys
    2011/03/05 00:38:18.0333 5644 fastfat (1e9b9a70d332103c52995e957dc09ef8) C:\Windows\system32\drivers\fastfat.sys
    2011/03/05 00:38:18.0426 5644 fdc (63bdada84951b9c03e641800e176898a) C:\Windows\system32\DRIVERS\fdc.sys
    2011/03/05 00:38:18.0489 5644 FileInfo (a8c0139a884861e3aae9cfe73b208a9f) C:\Windows\system32\drivers\fileinfo.sys
    2011/03/05 00:38:18.0505 5644 Filetrace (0ae429a696aecbc5970e3cf2c62635ae) C:\Windows\system32\drivers\filetrace.sys
    2011/03/05 00:38:18.0567 5644 flpydisk (6603957eff5ec62d25075ea8ac27de68) C:\Windows\system32\DRIVERS\flpydisk.sys
    2011/03/05 00:38:18.0598 5644 FltMgr (01334f9ea68e6877c4ef05d3ea8abb05) C:\Windows\system32\drivers\fltmgr.sys
    2011/03/05 00:38:18.0723 5644 Fs_Rec (65ea8b77b5851854f0c55c43fa51a198) C:\Windows\system32\drivers\Fs_Rec.sys
    2011/03/05 00:38:18.0770 5644 fvevol (fecf4c2e42440a8d132bf94eee3c3fc9) C:\Windows\system32\DRIVERS\fvevol.sys
    2011/03/05 00:38:18.0817 5644 gagp30kx (4e1cd0a45c50a8882616cae5bf82f3c5) C:\Windows\system32\drivers\gagp30kx.sys
    2011/03/05 00:38:18.0895 5644 giveio (77ebf3e9386daa51551af429052d88d0) C:\Windows\system32\giveio.sys
    2011/03/05 00:38:18.0958 5644 ha20x2k (e9ea9dc7f57103d5d9cb71c27a1a47cf) C:\Windows\system32\drivers\ha20x2k.sys
    2011/03/05 00:38:19.0020 5644 HdAudAddService (cb04c744be0a61b1d648faed182c3b59) C:\Windows\system32\drivers\HdAudio.sys
    2011/03/05 00:38:19.0067 5644 HDAudBus (062452b7ffd68c8c042a6261fe8dff4a) C:\Windows\system32\DRIVERS\HDAudBus.sys
    2011/03/05 00:38:19.0114 5644 HidBth (1338520e78d90154ed6be8f84de5fceb) C:\Windows\system32\drivers\hidbth.sys
    2011/03/05 00:38:19.0145 5644 HidIr (ff3160c3a2445128c5a6d9b076da519e) C:\Windows\system32\drivers\hidir.sys
    2011/03/05 00:38:19.0192 5644 HidUsb (cca4b519b17e23a00b826c55716809cc) C:\Windows\system32\DRIVERS\hidusb.sys
    2011/03/05 00:38:19.0223 5644 HpCISSs (df353b401001246853763c4b7aaa6f50) C:\Windows\system32\drivers\hpcisss.sys
    2011/03/05 00:38:19.0301 5644 HTTP (f870aa3e254628ebeafe754108d664de) C:\Windows\system32\drivers\HTTP.sys
    2011/03/05 00:38:19.0348 5644 i2omp (324c2152ff2c61abae92d09f3cca4d63) C:\Windows\system32\drivers\i2omp.sys
    2011/03/05 00:38:19.0395 5644 i8042prt (22d56c8184586b7a1f6fa60be5f5a2bd) C:\Windows\system32\DRIVERS\i8042prt.sys
    2011/03/05 00:38:19.0442 5644 iaStorV (c957bf4b5d80b46c5017bf0101e6c906) C:\Windows\system32\drivers\iastorv.sys
    2011/03/05 00:38:19.0458 5644 iirsp (2d077bf86e843f901d8db709c95b49a5) C:\Windows\system32\drivers\iirsp.sys
    2011/03/05 00:38:19.0505 5644 intelide (83aa759f3189e6370c30de5dc5590718) C:\Windows\system32\drivers\intelide.sys
    2011/03/05 00:38:19.0520 5644 intelppm (224191001e78c89dfa78924c3ea595ff) C:\Windows\system32\DRIVERS\intelppm.sys
    2011/03/05 00:38:19.0630 5644 IpFilterDriver (62c265c38769b864cb25b4bcf62df6c3) C:\Windows\system32\DRIVERS\ipfltdrv.sys
    2011/03/05 00:38:19.0661 5644 IPMIDRV (40f34f8aba2a015d780e4b09138b6c17) C:\Windows\system32\drivers\ipmidrv.sys
    2011/03/05 00:38:19.0676 5644 IPNAT (8793643a67b42cec66490b2a0cf92d68) C:\Windows\system32\DRIVERS\ipnat.sys
    2011/03/05 00:38:19.0739 5644 IRENUM (109c0dfb82c3632fbd11949b73aeeac9) C:\Windows\system32\drivers\irenum.sys
    2011/03/05 00:38:19.0770 5644 isapnp (350fca7e73cf65bcef43fae1e4e91293) C:\Windows\system32\drivers\isapnp.sys
    2011/03/05 00:38:19.0833 5644 iScsiPrt (232fa340531d940aac623b121a595034) C:\Windows\system32\DRIVERS\msiscsi.sys
    2011/03/05 00:38:19.0848 5644 iteatapi (bced60d16156e428f8df8cf27b0df150) C:\Windows\system32\drivers\iteatapi.sys
    2011/03/05 00:38:19.0880 5644 iteraid (06fa654504a498c30adca8bec4e87e7e) C:\Windows\system32\drivers\iteraid.sys
    2011/03/05 00:38:19.0926 5644 JmtFltr (78cc22326e584d2c02e1ab8b38dbb00f) C:\Windows\system32\Drivers\JmtFltr.sys
    2011/03/05 00:38:19.0973 5644 kbdclass (37605e0a8cf00cbba538e753e4344c6e) C:\Windows\system32\DRIVERS\kbdclass.sys
    2011/03/05 00:38:20.0020 5644 kbdhid (ede59ec70e25c24581add1fbec7325f7) C:\Windows\system32\DRIVERS\kbdhid.sys
    2011/03/05 00:38:20.0067 5644 KSecDD (86165728af9bf72d6442a894fdfb4f8b) C:\Windows\system32\Drivers\ksecdd.sys
    2011/03/05 00:38:20.0130 5644 LHidFilt (318b3d608fbec44b7e0c23bf759dced5) C:\Windows\system32\DRIVERS\LHidFilt.Sys
    2011/03/05 00:38:20.0192 5644 lltdio (d1c5883087a0c3f1344d9d55a44901f6) C:\Windows\system32\DRIVERS\lltdio.sys
    2011/03/05 00:38:20.0208 5644 LMouFilt (84af069d219df3c43dc6792b2bbd7bed) C:\Windows\system32\DRIVERS\LMouFilt.Sys
    2011/03/05 00:38:20.0270 5644 LSI_FC (a2262fb9f28935e862b4db46438c80d2) C:\Windows\system32\drivers\lsi_fc.sys
    2011/03/05 00:38:20.0301 5644 LSI_SAS (30d73327d390f72a62f32c103daf1d6d) C:\Windows\system32\drivers\lsi_sas.sys
    2011/03/05 00:38:20.0333 5644 LSI_SCSI (e1e36fefd45849a95f1ab81de0159fe3) C:\Windows\system32\drivers\lsi_scsi.sys
    2011/03/05 00:38:20.0364 5644 luafv (8f5c7426567798e62a3b3614965d62cc) C:\Windows\system32\drivers\luafv.sys
    2011/03/05 00:38:20.0411 5644 LUsbFilt (9bbd8674c1d3811b851c8cf8a8e30e2c) C:\Windows\system32\Drivers\LUsbFilt.Sys
    2011/03/05 00:38:20.0458 5644 MBAMProtector (836e0e09ca9869be7eb39ef2cf3602c7) C:\Windows\system32\drivers\mbam.sys
    2011/03/05 00:38:20.0505 5644 megasas (d153b14fc6598eae8422a2037553adce) C:\Windows\system32\drivers\megasas.sys
    2011/03/05 00:38:20.0567 5644 Modem (e13b5ea0f51ba5b1512ec671393d09ba) C:\Windows\system32\drivers\modem.sys
    2011/03/05 00:38:20.0630 5644 monitor (0a9bb33b56e294f686abb7c1e4e2d8a8) C:\Windows\system32\DRIVERS\monitor.sys
    2011/03/05 00:38:20.0676 5644 mouclass (5bf6a1326a335c5298477754a506d263) C:\Windows\system32\DRIVERS\mouclass.sys
    2011/03/05 00:38:20.0692 5644 mouhid (93b8d4869e12cfbe663915502900876f) C:\Windows\system32\DRIVERS\mouhid.sys
    2011/03/05 00:38:20.0723 5644 MountMgr (bdafc88aa6b92f7842416ea6a48e1600) C:\Windows\system32\drivers\mountmgr.sys
    2011/03/05 00:38:20.0770 5644 mpio (583a41f26278d9e0ea548163d6139397) C:\Windows\system32\drivers\mpio.sys
    2011/03/05 00:38:20.0801 5644 mpsdrv (22241feba9b2defa669c8cb0a8dd7d2e) C:\Windows\system32\drivers\mpsdrv.sys
    2011/03/05 00:38:20.0817 5644 Mraid35x (4fbbb70d30fd20ec51f80061703b001e) C:\Windows\system32\drivers\mraid35x.sys
    2011/03/05 00:38:20.0848 5644 MRxDAV (82cea0395524aacfeb58ba1448e8325c) C:\Windows\system32\drivers\mrxdav.sys
    2011/03/05 00:38:20.0895 5644 mrxsmb (454341e652bdf5e01b0f2140232b073e) C:\Windows\system32\DRIVERS\mrxsmb.sys
    2011/03/05 00:38:21.0005 5644 mrxsmb10 (2a4901aff069944fa945ed5bbf4dcde3) C:\Windows\system32\DRIVERS\mrxsmb10.sys
    2011/03/05 00:38:21.0036 5644 mrxsmb20 (28b3f1ab44bdd4432c041581412f17d9) C:\Windows\system32\DRIVERS\mrxsmb20.sys
    2011/03/05 00:38:21.0208 5644 msahci (742aed7939e734c36b7e8d6228ce26b7) C:\Windows\system32\drivers\msahci.sys
    2011/03/05 00:38:21.0239 5644 msdsm (3fc82a2ae4cc149165a94699183d3028) C:\Windows\system32\drivers\msdsm.sys
    2011/03/05 00:38:21.0317 5644 MSDV (343291a4dfd7c923c3f71f550830ec1c) C:\Windows\system32\DRIVERS\msdv.sys
    2011/03/05 00:38:21.0333 5644 Msfs (a9927f4a46b816c92f461acb90cf8515) C:\Windows\system32\drivers\Msfs.sys
    2011/03/05 00:38:21.0395 5644 msisadrv (0f400e306f385c56317357d6dea56f62) C:\Windows\system32\drivers\msisadrv.sys
    2011/03/05 00:38:21.0426 5644 MSKSSRV (d8c63d34d9c9e56c059e24ec7185cc07) C:\Windows\system32\drivers\MSKSSRV.sys
    2011/03/05 00:38:21.0489 5644 MSPCLOCK (1d373c90d62ddb641d50e55b9e78d65e) C:\Windows\system32\drivers\MSPCLOCK.sys
    2011/03/05 00:38:21.0520 5644 MSPQM (b572da05bf4e098d4bba3a4734fb505b) C:\Windows\system32\drivers\MSPQM.sys
    2011/03/05 00:38:21.0583 5644 MsRPC (b49456d70555de905c311bcda6ec6adb) C:\Windows\system32\drivers\MsRPC.sys
    2011/03/05 00:38:21.0614 5644 mssmbios (e384487cb84be41d09711c30ca79646c) C:\Windows\system32\DRIVERS\mssmbios.sys
    2011/03/05 00:38:21.0661 5644 MSTEE (7199c1eec1e4993caf96b8c0a26bd58a) C:\Windows\system32\drivers\MSTEE.sys
    2011/03/05 00:38:21.0692 5644 Mup (6a57b5733d4cb702c8ea4542e836b96c) C:\Windows\system32\Drivers\mup.sys
    2011/03/05 00:38:21.0739 5644 NAL (84f896db6036caab40079f5a54f04e9c) C:\Windows\system32\Drivers\iqvw32.sys
    2011/03/05 00:38:21.0801 5644 NativeWifiP (85c44fdff9cf7e72a40dcb7ec06a4416) C:\Windows\system32\DRIVERS\nwifi.sys
    2011/03/05 00:38:22.0005 5644 NAVENG (c8ef74e4d8105b1d02d58ea4734cf616) C:\PROGRA~2\Symantec\DEFINI~1\VIRUSD~1\20110304.018\NAVENG.SYS
    2011/03/05 00:38:22.0176 5644 NAVEX15 (94b3164055d821a62944d9fe84036470) C:\PROGRA~2\Symantec\DEFINI~1\VIRUSD~1\20110304.018\NAVEX15.SYS
    2011/03/05 00:38:22.0505 5644 NDIS (1357274d1883f68300aeadd15d7bbb42) C:\Windows\system32\drivers\ndis.sys
    2011/03/05 00:38:22.0536 5644 NdisTapi (0e186e90404980569fb449ba7519ae61) C:\Windows\system32\DRIVERS\ndistapi.sys
    2011/03/05 00:38:22.0583 5644 Ndisuio (d6973aa34c4d5d76c0430b181c3cd389) C:\Windows\system32\DRIVERS\ndisuio.sys
    2011/03/05 00:38:22.0614 5644 NdisWan (818f648618ae34f729fdb47ec68345c3) C:\Windows\system32\DRIVERS\ndiswan.sys
    2011/03/05 00:38:22.0630 5644 NDProxy (71dab552b41936358f3b541ae5997fb3) C:\Windows\system32\drivers\NDProxy.sys
    2011/03/05 00:38:22.0645 5644 NetBIOS (bcd093a5a6777cf626434568dc7dba78) C:\Windows\system32\DRIVERS\netbios.sys
    2011/03/05 00:38:22.0723 5644 netbt (ecd64230a59cbd93c85f1cd1cab9f3f6) C:\Windows\system32\DRIVERS\netbt.sys
    2011/03/05 00:38:22.0755 5644 nfrd960 (2e7fb731d4790a1bc6270accefacb36e) C:\Windows\system32\drivers\nfrd960.sys
    2011/03/05 00:38:22.0801 5644 Npfs (d36f239d7cce1931598e8fb90a0dbc26) C:\Windows\system32\drivers\Npfs.sys
    2011/03/05 00:38:22.0880 5644 nsiproxy (609773e344a97410ce4ebf74a8914fcf) C:\Windows\system32\drivers\nsiproxy.sys
    2011/03/05 00:38:22.0989 5644 Ntfs (6a4a98cee84cf9e99564510dda4baa47) C:\Windows\system32\drivers\Ntfs.sys
    2011/03/05 00:38:23.0020 5644 ntrigdigi (e875c093aec0c978a90f30c9e0dfbb72) C:\Windows\system32\drivers\ntrigdigi.sys
    2011/03/05 00:38:23.0067 5644 Null (c5dbbcda07d780bda9b685df333bb41e) C:\Windows\system32\drivers\Null.sys
    2011/03/05 00:38:23.0130 5644 nvraid (e69e946f80c1c31c53003bfbf50cbb7c) C:\Windows\system32\drivers\nvraid.sys
    2011/03/05 00:38:23.0145 5644 nvstor (9e0ba19a28c498a6d323d065db76dffc) C:\Windows\system32\drivers\nvstor.sys
    2011/03/05 00:38:23.0161 5644 nv_agp (07c186427eb8fcc3d8d7927187f260f7) C:\Windows\system32\drivers\nv_agp.sys
    2011/03/05 00:38:23.0348 5644 ohci1394 (6f310e890d46e246e0e261a63d9b36b4) C:\Windows\system32\DRIVERS\ohci1394.sys
    2011/03/05 00:38:23.0395 5644 ossrv (0e2f8a96f238d4a45068275fc659a2fc) C:\Windows\system32\drivers\ctoss2k.sys
    2011/03/05 00:38:23.0458 5644 Parport (8a79fdf04a73428597e2caf9d0d67850) C:\Windows\system32\DRIVERS\parport.sys
    2011/03/05 00:38:23.0489 5644 partmgr (57389fa59a36d96b3eb09d0cb91e9cdc) C:\Windows\system32\drivers\partmgr.sys
    2011/03/05 00:38:23.0520 5644 Parvdm (6c580025c81caf3ae9e3617c22cad00e) C:\Windows\system32\DRIVERS\parvdm.sys
    2011/03/05 00:38:23.0551 5644 pci (941dc1d19e7e8620f40bbc206981efdb) C:\Windows\system32\drivers\pci.sys
    2011/03/05 00:38:23.0583 5644 pciide (3b1901e401473e03eb8c874271e50c26) C:\Windows\system32\drivers\pciide.sys
    2011/03/05 00:38:23.0676 5644 pcmcia (e6f3fb1b86aa519e7698ad05e58b04e5) C:\Windows\system32\drivers\pcmcia.sys
    2011/03/05 00:38:23.0739 5644 PEAUTH (6349f6ed9c623b44b52ea3c63c831a92) C:\Windows\system32\drivers\peauth.sys
    2011/03/05 00:38:23.0833 5644 PptpMiniport (ecfffaec0c1ecd8dbc77f39070ea1db1) C:\Windows\system32\DRIVERS\raspptp.sys
    2011/03/05 00:38:23.0864 5644 Processor (0e3cef5d28b40cf273281d620c50700a) C:\Windows\system32\drivers\processr.sys
    2011/03/05 00:38:23.0911 5644 PSched (99514faa8df93d34b5589187db3aa0ba) C:\Windows\system32\DRIVERS\pacer.sys
    2011/03/05 00:38:23.0958 5644 ql2300 (ccdac889326317792480c0a67156a1ec) C:\Windows\system32\drivers\ql2300.sys
    2011/03/05 00:38:23.0973 5644 ql40xx (81a7e5c076e59995d54bc1ed3a16e60b) C:\Windows\system32\drivers\ql40xx.sys
    2011/03/05 00:38:24.0036 5644 QWAVEdrv (9f5e0e1926014d17486901c88eca2db7) C:\Windows\system32\drivers\qwavedrv.sys
    2011/03/05 00:38:24.0051 5644 RasAcd (147d7f9c556d259924351feb0de606c3) C:\Windows\system32\DRIVERS\rasacd.sys
    2011/03/05 00:38:24.0083 5644 Rasl2tp (a214adbaf4cb47dd2728859ef31f26b0) C:\Windows\system32\DRIVERS\rasl2tp.sys
    2011/03/05 00:38:24.0145 5644 RasPppoe (509a98dd18af4375e1fc40bc175f1def) C:\Windows\system32\DRIVERS\raspppoe.sys
    2011/03/05 00:38:24.0176 5644 RasSstp (2005f4a1e05fa09389ac85840f0a9e4d) C:\Windows\system32\DRIVERS\rassstp.sys
    2011/03/05 00:38:24.0286 5644 rdbss (b14c9d5b9add2f84f70570bbbfaa7935) C:\Windows\system32\DRIVERS\rdbss.sys
    2011/03/05 00:38:24.0348 5644 RDPCDD (89e59be9a564262a3fb6c4f4f1cd9899) C:\Windows\system32\DRIVERS\RDPCDD.sys
    2011/03/05 00:38:24.0380 5644 rdpdr (943b18305eae3935598a9b4a3d560b4c) C:\Windows\system32\DRIVERS\rdpdr.sys
    2011/03/05 00:38:24.0411 5644 RDPENCDD (9d91fe5286f748862ecffa05f8a0710c) C:\Windows\system32\drivers\rdpencdd.sys
    2011/03/05 00:38:24.0489 5644 RDPWD (30bfbdfb7f95559ede971f9ddb9a00ba) C:\Windows\system32\drivers\RDPWD.sys
    2011/03/05 00:38:24.0536 5644 rspndr (9c508f4074a39e8b4b31d27198146fad) C:\Windows\system32\DRIVERS\rspndr.sys
    2011/03/05 00:38:24.0583 5644 SaiMini (191b8f3b3dfa1e199d398dbc0c09544e) C:\Windows\system32\DRIVERS\SaiMini.sys
    2011/03/05 00:38:24.0630 5644 SaiNtBus (534161d0a07014a7d81c6721a7ae6c08) C:\Windows\system32\drivers\SaiBus.sys
    2011/03/05 00:38:24.0661 5644 sbp2port (3ce8f073a557e172b330109436984e30) C:\Windows\system32\drivers\sbp2port.sys
    2011/03/05 00:38:24.0723 5644 secdrv (90a3935d05b494a5a39d37e71f09a677) C:\Windows\system32\drivers\secdrv.sys
    2011/03/05 00:38:24.0755 5644 Serenum (68e44e331d46f0fb38f0863a84cd1a31) C:\Windows\system32\drivers\serenum.sys
    2011/03/05 00:38:24.0786 5644 Serial (c70d69a918b178d3c3b06339b40c2e1b) C:\Windows\system32\drivers\serial.sys
    2011/03/05 00:38:24.0817 5644 sermouse (8af3d28a879bf75db53a0ee7a4289624) C:\Windows\system32\drivers\sermouse.sys
    2011/03/05 00:38:24.0942 5644 sffdisk (103b79418da647736ee95645f305f68a) C:\Windows\system32\drivers\sffdisk.sys
    2011/03/05 00:38:24.0973 5644 sffp_mmc (8fd08a310645fe872eeec6e08c6bf3ee) C:\Windows\system32\drivers\sffp_mmc.sys
    2011/03/05 00:38:25.0005 5644 sffp_sd (9cfa05fcfcb7124e69cfc812b72f9614) C:\Windows\system32\drivers\sffp_sd.sys
    2011/03/05 00:38:25.0036 5644 sfloppy (46ed8e91793b2e6f848015445a0ac188) C:\Windows\system32\drivers\sfloppy.sys
    2011/03/05 00:38:25.0098 5644 sisagp (d2a595d6eebeeaf4334f8e50efbc9931) C:\Windows\system32\drivers\sisagp.sys
    2011/03/05 00:38:25.0098 5644 SiSRaid2 (cedd6f4e7d84e9f98b34b3fe988373aa) C:\Windows\system32\drivers\sisraid2.sys
    2011/03/05 00:38:25.0114 5644 SiSRaid4 (df843c528c4f69d12ce41ce462e973a7) C:\Windows\system32\drivers\sisraid4.sys
    2011/03/05 00:38:25.0223 5644 Smb (7b75299a4d201d6a6533603d6914ab04) C:\Windows\system32\DRIVERS\smb.sys
    2011/03/05 00:38:25.0364 5644 snapman380 (5ce1cf27620b144e212d407cdb14d339) C:\Windows\system32\DRIVERS\snman380.sys
    2011/03/05 00:38:25.0583 5644 SPBBCDrv (e87cf104f12c92401c4d33c50a3d5dc8) C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCDrv.sys
    2011/03/05 00:38:25.0770 5644 spldr (7aebdeef071fe28b0eef2cdd69102bff) C:\Windows\system32\drivers\spldr.sys
    2011/03/05 00:38:25.0864 5644 sptd (cdddec541bc3c96f91ecb48759673505) C:\Windows\system32\Drivers\sptd.sys
    2011/03/05 00:38:25.0864 5644 Suspicious file (NoAccess): C:\Windows\system32\Drivers\sptd.sys. md5: cdddec541bc3c96f91ecb48759673505
    2011/03/05 00:38:25.0895 5644 sptd - detected Locked file (1)
    2011/03/05 00:38:25.0989 5644 SRTSP (b36f8d6a02ff2b3a53e250a629782f29) C:\Windows\system32\Drivers\SRTSP.SYS
    2011/03/05 00:38:26.0051 5644 SRTSPL (e99bd98ac171a29fc1ba9376be87ae73) C:\Windows\system32\Drivers\SRTSPL.SYS
    2011/03/05 00:38:26.0114 5644 SRTSPX (1af34729898063e9b7df8d149d767e07) C:\Windows\system32\Drivers\SRTSPX.SYS
    2011/03/05 00:38:26.0176 5644 srv (96a5e2c642af8f591a7366429809506b) C:\Windows\system32\DRIVERS\srv.sys
    2011/03/05 00:38:26.0239 5644 srv2 (71da2d64880c97e5ffc3c81761632751) C:\Windows\system32\DRIVERS\srv2.sys
    2011/03/05 00:38:26.0270 5644 srvnet (2d10de9022822772adaa120b15a9bd03) C:\Windows\system32\DRIVERS\srvnet.sys
    2011/03/05 00:38:26.0348 5644 swenum (7ba58ecf0c0a9a69d44b3dca62becf56) C:\Windows\system32\DRIVERS\swenum.sys
    2011/03/05 00:38:26.0411 5644 Symc8xx (192aa3ac01df071b541094f251deed10) C:\Windows\system32\drivers\symc8xx.sys
    2011/03/05 00:38:26.0458 5644 SymEvent (e42a34e6f5ca71a84d4c2de620aad13d) C:\Windows\system32\Drivers\SYMEVENT.SYS
    2011/03/05 00:38:26.0489 5644 SYMREDRV (394b2368212114d538316812af60fddd) C:\Windows\System32\Drivers\SYMREDRV.SYS
    2011/03/05 00:38:26.0551 5644 SYMTDI (d46676bb414c7531bdffe637a33f5033) C:\Windows\System32\Drivers\SYMTDI.SYS
    2011/03/05 00:38:26.0567 5644 Sym_hi (8c8eb8c76736ebaf3b13b633b2e64125) C:\Windows\system32\drivers\sym_hi.sys
    2011/03/05 00:38:26.0567 5644 Sym_u3 (8072af52b5fd103bbba387a1e49f62cb) C:\Windows\system32\drivers\sym_u3.sys
    2011/03/05 00:38:26.0598 5644 SysPlant (666992d996c524812e713effd836d043) C:\Windows\SYSTEM32\Drivers\SysPlant.sys
    2011/03/05 00:38:26.0770 5644 Tcpip (a474879afa4a596b3a531f3e69730dbf) C:\Windows\system32\drivers\tcpip.sys
    2011/03/05 00:38:26.0895 5644 Tcpip6 (a474879afa4a596b3a531f3e69730dbf) C:\Windows\system32\DRIVERS\tcpip.sys
    2011/03/05 00:38:26.0926 5644 tcpipreg (608c345a255d82a6289c2d468eb41fd7) C:\Windows\system32\drivers\tcpipreg.sys
    2011/03/05 00:38:27.0036 5644 TDPIPE (5dcf5e267be67a1ae926f2df77fbcc56) C:\Windows\system32\drivers\tdpipe.sys
    2011/03/05 00:38:27.0161 5644 tdrpman147 (be7b1a73272648622b39be3c610e3ca0) C:\Windows\system32\DRIVERS\tdrpm147.sys
    2011/03/05 00:38:27.0192 5644 TDTCP (389c63e32b3cefed425b61ed92d3f021) C:\Windows\system32\drivers\tdtcp.sys
    2011/03/05 00:38:27.0301 5644 tdx (76b06eb8a01fc8624d699e7045303e54) C:\Windows\system32\DRIVERS\tdx.sys
    2011/03/05 00:38:27.0364 5644 Teefer2 (f63439ac8fa992bfa0c757eb644a1a0c) C:\Windows\system32\DRIVERS\teefer2.sys
    2011/03/05 00:38:27.0426 5644 TermDD (3cad38910468eab9a6479e2f01db43c7) C:\Windows\system32\DRIVERS\termdd.sys
    2011/03/05 00:38:27.0520 5644 tifsfilter (6dcb8ddb481cd3c40fa68593723b4d89) C:\Windows\system32\DRIVERS\tifsfilt.sys
    2011/03/05 00:38:27.0536 5644 timounter (394fc70b88b7958fa85798bbc76d140a) C:\Windows\system32\DRIVERS\timntr.sys
    2011/03/05 00:38:27.0583 5644 tssecsrv (dcf0f056a2e4f52287264f5ab29cf206) C:\Windows\system32\DRIVERS\tssecsrv.sys
    2011/03/05 00:38:27.0614 5644 tunmp (caecc0120ac49e3d2f758b9169872d38) C:\Windows\system32\DRIVERS\tunmp.sys
    2011/03/05 00:38:27.0645 5644 tunnel (119b8184e106baedc83fce5ddf3950da) C:\Windows\system32\DRIVERS\tunnel.sys
    2011/03/05 00:38:27.0692 5644 uagp35 (c3ade15414120033a36c0f293d4a4121) C:\Windows\system32\drivers\uagp35.sys
    2011/03/05 00:38:27.0723 5644 udfs (d9728af68c4c7693cb100b8441cbdec6) C:\Windows\system32\DRIVERS\udfs.sys
    2011/03/05 00:38:27.0786 5644 uisp (1c768107ac5bd510686c8f0e4da30c48) C:\Windows\system32\Drivers\usbicp.sys
    2011/03/05 00:38:27.0817 5644 uliagpkx (75e6890ebfce0841d3291b02e7a8bdb0) C:\Windows\system32\drivers\uliagpkx.sys
    2011/03/05 00:38:27.0848 5644 uliahci (3cd4ea35a6221b85dcc25daa46313f8d) C:\Windows\system32\drivers\uliahci.sys
    2011/03/05 00:38:27.0911 5644 UlSata (8514d0e5cd0534467c5fc61be94a569f) C:\Windows\system32\drivers\ulsata.sys
    2011/03/05 00:38:27.0958 5644 ulsata2 (38c3c6e62b157a6bc46594fada45c62b) C:\Windows\system32\drivers\ulsata2.sys
    2011/03/05 00:38:28.0005 5644 umbus (32cff9f809ae9aed85464492bf3e32d2) C:\Windows\system32\DRIVERS\umbus.sys
    2011/03/05 00:38:28.0114 5644 UnlockerDriver5 (4847639d852763ee39415c929470f672) e:\Program Files\Unlocker\UnlockerDriver5.sys
    2011/03/05 00:38:28.0192 5644 usbaudio (32db9517628ff0d070682aab61e688f0) C:\Windows\system32\drivers\usbaudio.sys
    2011/03/05 00:38:28.0255 5644 usbccgp (caf811ae4c147ffcd5b51750c7f09142) C:\Windows\system32\DRIVERS\usbccgp.sys
    2011/03/05 00:38:28.0301 5644 usbcir (e9476e6c486e76bc4898074768fb7131) C:\Windows\system32\drivers\usbcir.sys
    2011/03/05 00:38:28.0333 5644 usbehci (79e96c23a97ce7b8f14d310da2db0c9b) C:\Windows\system32\DRIVERS\usbehci.sys
    2011/03/05 00:38:28.0395 5644 usbhub (4673bbcb006af60e7abddbe7a130ba42) C:\Windows\system32\DRIVERS\usbhub.sys
    2011/03/05 00:38:28.0411 5644 usbohci (38dbc7dd6cc5a72011f187425384388b) C:\Windows\system32\drivers\usbohci.sys
    2011/03/05 00:38:28.0473 5644 usbprint (e75c4b5269091d15a2e7dc0b6d35f2f5) C:\Windows\system32\DRIVERS\usbprint.sys
    2011/03/05 00:38:28.0520 5644 usbscan (a508c9bd8724980512136b039bba65e9) C:\Windows\system32\DRIVERS\usbscan.sys
    2011/03/05 00:38:28.0551 5644 USBSTOR (be3da31c191bc222d9ad503c5224f2ad) C:\Windows\system32\DRIVERS\USBSTOR.SYS
    2011/03/05 00:38:28.0583 5644 usbuhci (814d653efc4d48be3b04a307eceff56f) C:\Windows\system32\DRIVERS\usbuhci.sys
    2011/03/05 00:38:28.0645 5644 vga (87b06e1f30b749a114f74622d013f8d4) C:\Windows\system32\DRIVERS\vgapnp.sys
    2011/03/05 00:38:28.0739 5644 VgaSave (2e93ac0a1d8c79d019db6c51f036636c) C:\Windows\System32\drivers\vga.sys
    2011/03/05 00:38:28.0801 5644 vhidmini (dffab3374f554977c4bb1b575a7b6502) C:\Windows\system32\DRIVERS\vhidmini.sys
    2011/03/05 00:38:28.0864 5644 viaagp (045d9961e591cf0674a920b6ba3ba5cb) C:\Windows\system32\drivers\viaagp.sys
    2011/03/05 00:38:28.0880 5644 ViaC7 (56a4de5f02f2e88182b0981119b4dd98) C:\Windows\system32\drivers\viac7.sys
    2011/03/05 00:38:28.0895 5644 viaide (fd2e3175fcada350c7ab4521dca187ec) C:\Windows\system32\drivers\viaide.sys
    2011/03/05 00:38:28.0958 5644 volmgr (69503668ac66c77c6cd7af86fbdf8c43) C:\Windows\system32\drivers\volmgr.sys
    2011/03/05 00:38:28.0989 5644 volmgrx (23e41b834759917bfd6b9a0d625d0c28) C:\Windows\system32\drivers\volmgrx.sys
    2011/03/05 00:38:29.0098 5644 volsnap (147281c01fcb1df9252de2a10d5e7093) C:\Windows\system32\drivers\volsnap.sys
    2011/03/05 00:38:29.0192 5644 vsmraid (d984439746d42b30fc65a4c3546c6829) C:\Windows\system32\drivers\vsmraid.sys
    2011/03/05 00:38:29.0239 5644 WacomPen (48dfee8f1af7c8235d4e626f0c4fe031) C:\Windows\system32\drivers\wacompen.sys
    2011/03/05 00:38:29.0364 5644 Wanarp (55201897378cca7af8b5efd874374a26) C:\Windows\system32\DRIVERS\wanarp.sys
    2011/03/05 00:38:29.0380 5644 Wanarpv6 (55201897378cca7af8b5efd874374a26) C:\Windows\system32\DRIVERS\wanarp.sys
    2011/03/05 00:38:29.0426 5644 Wd (afc5ad65b991c1e205cf25cfdbf7a6f4) C:\Windows\system32\drivers\wd.sys
    2011/03/05 00:38:29.0458 5644 Wdf01000 (b6f0a7ad6d4bd325fbcd8bac96cd8d96) C:\Windows\system32\drivers\Wdf01000.sys
    2011/03/05 00:38:29.0551 5644 WinUSB (676f4b665bdd8053eaa53ac1695b8074) C:\Windows\system32\DRIVERS\WinUSB.sys
    2011/03/05 00:38:29.0583 5644 WmiAcpi (701a9f884a294327e9141d73746ee279) C:\Windows\system32\drivers\wmiacpi.sys
    2011/03/05 00:38:29.0645 5644 WpdUsb (0cec23084b51b8288099eb710224e955) C:\Windows\system32\DRIVERS\wpdusb.sys
    2011/03/05 00:38:29.0692 5644 WPS (9748e527f0d71bc86a1fe45f294e368b) C:\Windows\system32\drivers\wpsdrvnt.sys
    2011/03/05 00:38:29.0723 5644 WpsHelper (ff983a25ae6f7d3f87f26bf51f02a201) C:\Windows\system32\drivers\WpsHelper.sys
    2011/03/05 00:38:29.0755 5644 ws2ifsl (e3a3cb253c0ec2494d4a61f5e43a389c) C:\Windows\system32\drivers\ws2ifsl.sys
    2011/03/05 00:38:29.0817 5644 WUDFRd (ac13cb789d93412106b0fb6c7eb2bcb6) C:\Windows\system32\DRIVERS\WUDFRd.sys
    2011/03/05 00:38:29.0864 5644 xusb21 (f5e5f944e63a9b5f6e76c2ebb2ac462f) C:\Windows\system32\DRIVERS\xusb21.sys
    2011/03/05 00:38:29.0973 5644 ================================================================================
    2011/03/05 00:38:29.0973 5644 Scan finished
    2011/03/05 00:38:29.0973 5644 ================================================================================
    2011/03/05 00:38:29.0973 5592 Detected object count: 1
    2011/03/05 00:38:44.0567 5592 Locked file(sptd) - User select action: Skip
  6. Broni

    Broni Malware Annihilator Posts: 46,321   +252

    That file is safe.

    Download MBRCheck to your desktop

    Double click MBRCheck.exe to run (Vista and Windows 7 users, right click and select Run as Administrator).
    It will show a black screen with some data on it.
    Enter N to exit.
    A report called MBRcheckxxxx.txt will be on your desktop
    Open this report and post its content in your next reply.

    ======================================================================

    Please download ComboFix from Here or Here to your Desktop.

    **Note: In the event you already have Combofix, this is a new version that I need you to download. It is important that it is saved directly to your desktop**
    1. Please, never rename Combofix unless instructed.
    2. Close any open browsers.
    3. Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.
      • Very Important! Temporarily disable your anti-virus, script blocking and any anti-malware real-time protection before performing a scan. They can interfere with ComboFix or remove some of its embedded files which may cause "unpredictable results".
      • Click on this link to see a list of programs that should be disabled. The list is not all inclusive. If yours is not listed and you don't know how to disable it, please ask.
      NOTE1. If Combofix asks you to install Recovery Console, please allow it.
      NOTE 2. If Combofix asks you to update the program, always do so.
      • Close any open browsers.
      • WARNING: Combofix will disconnect your machine from the Internet as soon as it starts
      • Please do not attempt to re-connect your machine back to the Internet until Combofix has completely finished.
      • If there is no internet connection after running Combofix, then restart your computer to restore back your connection.
    4. Double click on combofix.exe & follow the prompts.
    5. When finished, it will produce a report for you.
    6. Please post the "C:\ComboFix.txt"
    **Note 1: Do not mouseclick combofix's window while it's running. That may cause it to stall
    **Note 2 for AVG users: ComboFix will not run until AVG is uninstalled as a protective measure against the anti-virus. This is because AVG "falsely" detects ComboFix (or its embedded files) as a threat and may remove them resulting in the tool not working correctly which in turn can cause "unpredictable results". Since AVG cannot be effectively disabled before running ComboFix, the author recommends you to uninstall AVG first.
    Use AppRemover to uninstall it: http://www.appremover.com/
    We can reinstall it when we're done with CF.
    **Note 3: If you receive an error "Illegal operation attempted on a registery key that has been marked for deletion", restart computer to fix the issue.



    Make sure, you re-enable your security programs, when you're done with Combofix.

    ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

    NOTE.
    If, for some reason, Combofix refuses to run, try one of the following:

    1. Run Combofix from Safe Mode.

    2. Delete Combofix file, download fresh one, but rename combofix.exe to your_name.exe BEFORE saving it to your desktop.
    Do NOT run it yet.

    Please download and run the below tool named Rkill (courtesy of BleepingComputer.com) which may help allow other programs to run.

    There are 4 different versions. If one of them won't run then download and try to run the other one.

    Vista and Win7 users need to right click Rkill and choose Run as Administrator

    You only need to get one of these to run, not all of them. You may get warnings from your antivirus about this tool, ignore them or shutdown your antivirus.

    Rkill.com
    Rkill.scr
    Rkill.exe

    • Double-click on the Rkill desktop icon to run the tool.
    • If using Vista or Windows 7 right-click on it and choose Run As Administrator.
    • A black DOS box will briefly flash and then disappear. This is normal and indicates the tool ran successfully.
    • If not, delete the file, then download and use the one provided in Link 2.
    • If it does not work, repeat the process and attempt to use one of the remaining links until the tool runs.
    • Do not reboot until instructed.
    • If the tool does not run from any of the links provided, please let me know.

    Once you've gotten one of them to run, immediately run your_name.exe by double clicking on it.

    If normal mode still doesn't work, run BOTH tools from safe mode.

    In case #2, please post BOTH logs, rKill and Combofix.

    DO NOT make any other changes to your computer (like installing programs, using other cleaning tools, etc.), until it's officially declared clean!!!
  7. ChriskK

    ChriskK Newcomer, in training Topic Starter Posts: 18

    MBRCheck, version 1.2.3
    (c) 2010, AD

    Command-line:
    Windows Version: Windows Vista Ultimate Edition
    Windows Information: Service Pack 2 (build 6002), 32-bit
    Base Board Manufacturer: Intel Corporation
    BIOS Manufacturer: Intel Corp.
    System Manufacturer:
    System Product Name:
    Logical Drives Mask: 0x00000bfc

    Kernel Drivers (total 178):
    0x82A1F000 \SystemRoot\system32\ntkrnlpa.exe
    0x82DD8000 \SystemRoot\system32\hal.dll
    0x80406000 \SystemRoot\system32\kdcom.dll
    0x8040D000 \SystemRoot\system32\mcupdate_GenuineIntel.dll
    0x8047D000 \SystemRoot\system32\PSHED.dll
    0x8048E000 \SystemRoot\system32\BOOTVID.dll
    0x80496000 \SystemRoot\system32\CLFS.SYS
    0x804D7000 \SystemRoot\system32\CI.dll
    0x80607000 \SystemRoot\system32\drivers\Wdf01000.sys
    0x80683000 \SystemRoot\system32\drivers\WDFLDR.SYS
    0x80690000 \SystemRoot\System32\Drivers\spat.sys
    0x80783000 \SystemRoot\System32\Drivers\WMILIB.SYS
    0x8078C000 \SystemRoot\System32\Drivers\SCSIPORT.SYS
    0x807B2000 \SystemRoot\system32\drivers\acpi.sys
    0x807F8000 \SystemRoot\system32\drivers\msisadrv.sys
    0x805B7000 \SystemRoot\system32\drivers\pci.sys
    0x805DE000 \SystemRoot\System32\drivers\partmgr.sys
    0x805ED000 \SystemRoot\system32\drivers\volmgr.sys
    0x8B609000 \SystemRoot\System32\drivers\volmgrx.sys
    0x8B653000 \SystemRoot\system32\drivers\intelide.sys
    0x8B65A000 \SystemRoot\system32\drivers\PCIIDEX.SYS
    0x8B668000 \SystemRoot\System32\drivers\mountmgr.sys
    0x8B678000 \SystemRoot\system32\drivers\atapi.sys
    0x8B680000 \SystemRoot\system32\drivers\ataport.SYS
    0x8B69E000 \SystemRoot\system32\drivers\fltmgr.sys
    0x8B6D0000 \SystemRoot\system32\drivers\fileinfo.sys
    0x8B6E0000 \SystemRoot\System32\Drivers\ksecdd.sys
    0x8B751000 \SystemRoot\System32\Drivers\DefragFS.sys
    0x8B804000 \SystemRoot\system32\drivers\ndis.sys
    0x8B90F000 \SystemRoot\system32\drivers\msrpc.sys
    0x8B93A000 \SystemRoot\system32\drivers\NETIO.SYS
    0x8BA0D000 \SystemRoot\System32\drivers\tcpip.sys
    0x8BAF7000 \SystemRoot\System32\drivers\fwpkclnt.sys
    0x8BB12000 \SystemRoot\system32\DRIVERS\timntr.sys
    0x8BC05000 \SystemRoot\System32\Drivers\Ntfs.sys
    0x8BD15000 \SystemRoot\system32\drivers\volsnap.sys
    0x8BE09000 \SystemRoot\system32\DRIVERS\tdrpm147.sys
    0x8BEF5000 \SystemRoot\System32\Drivers\spldr.sys
    0x8BEFD000 \SystemRoot\system32\DRIVERS\snman380.sys
    0x8BF1D000 \SystemRoot\System32\Drivers\mup.sys
    0x8BF2C000 \SystemRoot\system32\giveio.sys
    0x8BF2D000 \SystemRoot\System32\drivers\ecache.sys
    0x8BF54000 \SystemRoot\System32\DRIVERS\fvevol.sys
    0x8BF78000 \SystemRoot\system32\drivers\disk.sys
    0x8BF89000 \SystemRoot\system32\drivers\CLASSPNP.SYS
    0x8BFAA000 \SystemRoot\system32\drivers\crcdisk.sys
    0x8BFE4000 \SystemRoot\system32\DRIVERS\tunnel.sys
    0x8BFEF000 \SystemRoot\system32\DRIVERS\tunmp.sys
    0x8BD4E000 \SystemRoot\system32\DRIVERS\intelppm.sys
    0x8BD5D000 \SystemRoot\system32\DRIVERS\atikmpag.sys
    0x8FC0D000 \SystemRoot\system32\DRIVERS\atikmdag.sys
    0x902A0000 \SystemRoot\System32\drivers\dxgkrnl.sys
    0x9033F000 \SystemRoot\System32\drivers\watchdog.sys
    0x9034B000 \SystemRoot\system32\DRIVERS\HDAudBus.sys
    0x8BD9A000 \SystemRoot\system32\DRIVERS\e1e6032.sys
    0x903D8000 \SystemRoot\system32\DRIVERS\usbuhci.sys
    0x8BB95000 \SystemRoot\system32\DRIVERS\USBPORT.SYS
    0x903E3000 \SystemRoot\system32\DRIVERS\usbehci.sys
    0x8B975000 \SystemRoot\system32\drivers\ctaud2k.sys
    0x8BDD2000 \SystemRoot\system32\drivers\portcls.sys
    0x8BBD3000 \SystemRoot\system32\drivers\drmk.sys
    0x8B764000 \SystemRoot\system32\drivers\ks.sys
    0x8B78E000 \SystemRoot\system32\drivers\ctoss2k.sys
    0x903F2000 \SystemRoot\system32\drivers\ctprxy2k.sys
    0x8B7C3000 \SystemRoot\system32\DRIVERS\ohci1394.sys
    0x8B7D3000 \SystemRoot\system32\DRIVERS\1394BUS.SYS
    0x8B7E1000 \SystemRoot\system32\DRIVERS\parport.sys
    0x90804000 \SystemRoot\system32\DRIVERS\cdrom.sys
    0x9081C000 \SystemRoot\System32\Drivers\aijr3okz.SYS
    0x90855000 \SystemRoot\system32\DRIVERS\dne2000.sys
    0x90873000 \SystemRoot\system32\DRIVERS\vhidmini.sys
    0x90877000 \SystemRoot\system32\DRIVERS\HIDCLASS.SYS
    0x90887000 \SystemRoot\system32\DRIVERS\HIDPARSE.SYS
    0x9088E000 \SystemRoot\system32\DRIVERS\msiscsi.sys
    0x908BD000 \SystemRoot\system32\DRIVERS\storport.sys
    0x908FE000 \SystemRoot\system32\DRIVERS\TDI.SYS
    0x90909000 \SystemRoot\system32\DRIVERS\rasl2tp.sys
    0x90920000 \SystemRoot\system32\DRIVERS\ndistapi.sys
    0x9092B000 \SystemRoot\system32\DRIVERS\ndiswan.sys
    0x9094E000 \SystemRoot\system32\DRIVERS\raspppoe.sys
    0x9095D000 \SystemRoot\system32\DRIVERS\raspptp.sys
    0x90971000 \SystemRoot\system32\DRIVERS\rassstp.sys
    0x90C02000 \SystemRoot\system32\DRIVERS\rdpdr.sys
    0x90C8B000 \SystemRoot\system32\DRIVERS\termdd.sys
    0x90C9B000 \SystemRoot\system32\DRIVERS\kbdclass.sys
    0x90CA6000 \SystemRoot\system32\DRIVERS\mouclass.sys
    0x90CB1000 \SystemRoot\system32\DRIVERS\swenum.sys
    0x90CB3000 \SystemRoot\system32\DRIVERS\mssmbios.sys
    0x90CBD000 \SystemRoot\system32\DRIVERS\umbus.sys
    0x90CCA000 \SystemRoot\system32\DRIVERS\usbhub.sys
    0x95207000 \SystemRoot\system32\drivers\ha20x2k.sys
    0x9532A000 \SystemRoot\system32\drivers\emupia2k.sys
    0x9535A000 \SystemRoot\system32\drivers\ctsfm2k.sys
    0x90CFF000 \SystemRoot\system32\drivers\ctac32k.sys
    0x95383000 \SystemRoot\System32\Drivers\NDProxy.SYS
    0x95394000 \SystemRoot\System32\drivers\CTHWIUT.SYS
    0x953A9000 \SystemRoot\System32\drivers\CT20XUT.SYS
    0x95801000 \SystemRoot\System32\drivers\CTEXFIFX.SYS
    0x95948000 \SystemRoot\system32\drivers\AtihdLH3.sys
    0x95963000 \SystemRoot\System32\Drivers\SRTSP.SYS
    0x95E0A000 \??\C:\PROGRA~2\Symantec\DEFINI~1\VIRUSD~1\20110304.018\NAVEX15.SYS
    0x95F55000 \??\C:\Windows\system32\Drivers\SYMEVENT.SYS
    0x95F7A000 \??\C:\PROGRA~2\Symantec\DEFINI~1\VIRUSD~1\20110304.018\NAVENG.SYS
    0x95F8E000 \SystemRoot\system32\DRIVERS\usbccgp.sys
    0x95FA5000 \SystemRoot\system32\DRIVERS\USBD.SYS
    0x95FA7000 \SystemRoot\system32\DRIVERS\hidusb.sys
    0x95FB0000 \SystemRoot\system32\DRIVERS\kbdhid.sys
    0x95FB9000 \SystemRoot\System32\Drivers\SRTSPX.SYS
    0x95FC3000 \SystemRoot\System32\Drivers\Fs_Rec.SYS
    0x95FCC000 \SystemRoot\System32\Drivers\Null.SYS
    0x95FD3000 \SystemRoot\System32\Drivers\Beep.SYS
    0x95FDA000 \SystemRoot\System32\drivers\vga.sys
    0x959AE000 \SystemRoot\System32\drivers\VIDEOPRT.SYS
    0x95FE6000 \SystemRoot\System32\DRIVERS\RDPCDD.sys
    0x95FEE000 \SystemRoot\system32\drivers\rdpencdd.sys
    0x959CF000 \SystemRoot\System32\Drivers\Msfs.SYS
    0x959DA000 \SystemRoot\System32\Drivers\Npfs.SYS
    0x95FF6000 \SystemRoot\System32\DRIVERS\rasacd.sys
    0x959E8000 \SystemRoot\system32\DRIVERS\tdx.sys
    0x90D9B000 \SystemRoot\System32\Drivers\SYMTDI.SYS
    0x953D5000 \??\C:\Windows\system32\drivers\wpsdrvnt.sys
    0x90DC8000 \SystemRoot\System32\DRIVERS\netbt.sys
    0x953E4000 \SystemRoot\system32\DRIVERS\smb.sys
    0x90986000 \SystemRoot\system32\drivers\afd.sys
    0x909CE000 \SystemRoot\system32\DRIVERS\pacer.sys
    0x909E4000 \SystemRoot\system32\DRIVERS\netbios.sys
    0x9A20D000 \SystemRoot\system32\DRIVERS\wanarp.sys
    0x9A220000 \??\C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCDrv.sys
    0x9A28A000 \SystemRoot\system32\DRIVERS\rdbss.sys
    0x9A2C6000 \SystemRoot\system32\drivers\nsiproxy.sys
    0x9A2D0000 \??\C:\Program Files\Common Files\Symantec Shared\EENGINE\eeCtrl.sys
    0x9A32E000 \??\C:\Program Files\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys
    0x9A34B000 \SystemRoot\system32\drivers\csc.sys
    0x9A3A6000 \SystemRoot\System32\Drivers\dfsc.sys
    0x9A3BD000 \SystemRoot\system32\DRIVERS\LHidFilt.Sys
    0x9A3C5000 \SystemRoot\system32\DRIVERS\mouhid.sys
    0x9A3CD000 \SystemRoot\system32\DRIVERS\LMouFilt.Sys
    0x9A3D5000 \SystemRoot\system32\DRIVERS\xusb21.sys
    0x9E208000 \SystemRoot\system32\DRIVERS\udfs.sys
    0x9E243000 \SystemRoot\System32\Drivers\crashdmp.sys
    0x9E250000 \SystemRoot\System32\Drivers\dump_dumpata.sys
    0x9E25B000 \SystemRoot\System32\Drivers\dump_atapi.sys
    0x9E263000 \SystemRoot\System32\Drivers\dump_dumpfve.sys
    0x814C0000 \SystemRoot\System32\win32k.sys
    0x9E274000 \SystemRoot\System32\drivers\Dxapi.sys
    0x9E27E000 \SystemRoot\system32\DRIVERS\monitor.sys
    0x816E0000 \SystemRoot\System32\TSDDD.dll
    0x81700000 \SystemRoot\System32\cdd.dll
    0x9E28D000 \SystemRoot\system32\drivers\luafv.sys
    0x9E2A8000 \SystemRoot\system32\DRIVERS\tifsfilt.sys
    0x9E2BA000 \SystemRoot\system32\DRIVERS\lltdio.sys
    0x9E2CA000 \SystemRoot\system32\drivers\spsys.sys
    0x9E37A000 \SystemRoot\system32\DRIVERS\rspndr.sys
    0x9E38D000 \SystemRoot\system32\drivers\HTTP.sys
    0x9A3E3000 \SystemRoot\System32\DRIVERS\srvnet.sys
    0x9A200000 \SystemRoot\system32\DRIVERS\asyncmac.sys
    0x8BFB3000 \SystemRoot\system32\DRIVERS\bowser.sys
    0x8BFCC000 \SystemRoot\System32\drivers\mpsdrv.sys
    0xABE07000 \SystemRoot\system32\drivers\mrxdav.sys
    0xABE28000 \SystemRoot\system32\DRIVERS\mrxsmb.sys
    0xABE47000 \SystemRoot\system32\DRIVERS\mrxsmb10.sys
    0xABE80000 \SystemRoot\system32\DRIVERS\mrxsmb20.sys
    0xABE98000 \SystemRoot\System32\DRIVERS\srv2.sys
    0xABEBF000 \SystemRoot\System32\DRIVERS\srv.sys
    0xABF0D000 \SystemRoot\system32\DRIVERS\parvdm.sys
    0xABF14000 \??\C:\Windows\system32\Drivers\CVPNDRVA.sys
    0xABFA4000 \SystemRoot\System32\Drivers\EBIOS32.SYS
    0xAE806000 \SystemRoot\system32\drivers\peauth.sys
    0xAE8E4000 \SystemRoot\System32\Drivers\secdrv.SYS
    0xAE8EE000 \SystemRoot\System32\drivers\tcpipreg.sys
    0xAE8FA000 \SystemRoot\system32\DRIVERS\cdfs.sys
    0xAE910000 \SystemRoot\system32\DRIVERS\teefer2.sys
    0xAE932000 \??\C:\Windows\system32\drivers\WpsHelper.sys
    0xAE95A000 \??\C:\Windows\system32\drivers\mbam.sys
    0xAE95E000 \SystemRoot\System32\Drivers\SYMREDRV.SYS
    0x81710000 \SystemRoot\System32\ATMFD.DLL
    0x77970000 \Windows\System32\ntdll.dll
    0x10000000 \Program Files\DAEMON Tools Lite\Engine.dll

    Processes (total 72):
    0 System Idle Process
    4 System
    656 C:\Windows\System32\smss.exe
    732 csrss.exe
    796 C:\Windows\System32\wininit.exe
    804 csrss.exe
    840 C:\Windows\System32\services.exe
    856 C:\Windows\System32\lsass.exe
    864 C:\Windows\System32\lsm.exe
    900 C:\Windows\System32\winlogon.exe
    1060 C:\Windows\System32\svchost.exe
    1120 C:\Windows\System32\svchost.exe
    1188 C:\Windows\System32\atiesrxx.exe
    1236 C:\Windows\System32\svchost.exe
    1268 C:\Windows\System32\svchost.exe
    1280 C:\Windows\System32\svchost.exe
    1384 C:\Windows\System32\audiodg.exe
    1408 C:\Program Files\Creative\Shared Files\CTAudSvc.exe
    1432 C:\Windows\System32\svchost.exe
    1452 C:\Windows\System32\SLsvc.exe
    1560 C:\Windows\System32\atieclxx.exe
    1576 C:\Windows\System32\svchost.exe
    1680 C:\Program Files\Symantec\Symantec Endpoint Protection\Smc.exe
    1812 C:\Windows\System32\svchost.exe
    1924 C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
    600 C:\Windows\System32\spoolsv.exe
    672 C:\Windows\System32\svchost.exe
    2068 C:\Program Files\Common Files\Acronis\Schedule2\schedul2.exe
    2128 C:\Program Files\JHSecure\VPN Client\cvpnd.exe
    2180 C:\Program Files\Common Files\microsoft shared\VS7DEBUG\mdm.exe
    2204 C:\Windows\System32\svchost.exe
    2268 E:\Program Files\RAXCO\PerfectDisk\PDAgent.exe
    2328 C:\Windows\System32\taskeng.exe
    2416 C:\Windows\System32\svchost.exe
    2428 C:\Windows\System32\svchost.exe
    2448 C:\Windows\System32\svchost.exe
    2468 C:\Program Files\Symantec\Symantec Endpoint Protection\Rtvscan.exe
    2576 C:\Windows\System32\svchost.exe
    2632 C:\Program Files\Spybot - Search & Destroy\SDWinSec.exe
    3132 E:\Program Files\RAXCO\PerfectDisk\PDEngine.exe
    3768 C:\Windows\System32\taskeng.exe
    712 C:\Windows\System32\dwm.exe
    2264 C:\Windows\explorer.exe
    3052 C:\Program Files\Symantec\Symantec Endpoint Protection\SmcGui.exe
    1900 E:\Program Files\Acronis\TrueImageHome\TrueImageMonitor.exe
    3048 C:\Windows\System32\spool\drivers\w32x86\3\fpdisp5a.exe
    4012 E:\Program Files\Acronis\TrueImageHome\TimounterMonitor.exe
    3380 C:\Program Files\Common Files\Acronis\Schedule2\schedhlp.exe
    2060 C:\Program Files\n52te\n52teHid.exe
    4064 C:\Windows\System32\Ctxfihlp.exe
    3628 E:\ScanSoft\PaperPort\pptd40nt.exe
    2340 C:\Program Files\Canon Electronics\DR1210C\TrkMonitor.exe
    1340 G:\Zune\ZuneLauncher.exe
    1416 C:\Program Files\Common Files\Symantec Shared\ccApp.exe
    1344 C:\Program Files\Windows Sidebar\sidebar.exe
    1200 C:\Windows\ehome\ehtray.exe
    3404 C:\Program Files\DAEMON Tools Lite\DTLite.exe
    1968 C:\Windows\System32\CTxfispi.exe
    3456 C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
    4236 C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe
    4272 C:\Windows\ehome\ehmsas.exe
    4656 C:\Program Files\Common Files\Logishrd\KHAL3\KHALMNPR.exe
    4756 C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CCC.exe
    4964 C:\Program Files\Logitech\SetPointG\SetPointII.exe
    5616 C:\Windows\System32\wuauclt.exe
    180 C:\Program Files\Internet Explorer\iexplore.exe
    5052 C:\Program Files\Internet Explorer\iexplore.exe
    1352 C:\Program Files\Internet Explorer\iexplore.exe
    4748 C:\Program Files\Internet Explorer\iexplore.exe
    3492 C:\Windows\System32\dllhost.exe
    3976 C:\Users\Christian\Desktop\MBRCheck.exe
    5496 C:\Windows\System32\conime.exe

    \\.\C: --> \\.\PhysicalDrive0 at offset 0x00000000`00007e00 (NTFS)
    \\.\D: --> \\.\PhysicalDrive0 at offset 0x00000013`8836ac00 (NTFS)
    \\.\E: --> \\.\PhysicalDrive0 at offset 0x0000001d`4c908400 (NTFS)
    \\.\F: --> \\.\PhysicalDrive0 at offset 0x00000027`10ea5c00 (NTFS)
    \\.\G: --> \\.\PhysicalDrive1 at offset 0x00000000`00007e00 (NTFS)
    \\.\H: --> \\.\PhysicalDrive1 at offset 0x00000022`ee6efe00 (NTFS)

    PhysicalDrive0 Model Number: ST3320620AS, Rev: 3.AAE
    PhysicalDrive1 Model Number: ST3300622AS, Rev: 3.AAH

    Size Device Name MBR Status
    --------------------------------------------
    298 GB \\.\PhysicalDrive0 Windows 2008 MBR code detected
    SHA1: 8DF43F2BDE2D9451948FA14B5279969C777A7979
    279 GB \\.\PhysicalDrive1 Windows XP MBR code detected
    SHA1: DA38B874B7713D1B51CBC449F4EF809B0DEC644A


    Done!



    *********************
    ComboFix 11-03-04.04 - Christian 03/05/2011 0:48.1.4 - x86
    Microsoft® Windows Vista™ Ultimate 6.0.6002.2.1252.1.1033.18.3325.2117 [GMT -5:00]
    Running from: c:\users\Christian\Desktop\ComboFix.exe
    AV: Symantec Endpoint Protection *Disabled/Updated* {88C95A36-8C3B-2F2C-1B8B-30FCCFDC4855}
    FW: Symantec Endpoint Protection *Disabled* {B0F2DB13-C654-2E74-30D4-99C9310F0F2E}
    SP: Symantec Endpoint Protection *Disabled/Updated* {33A8BBD2-AA01-20A2-213B-0B8EB45B02E8}
    SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
    .
    .
    ((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
    .
    .
    c:\programdata\ntuser.dat
    C:\Recycle
    c:\windows\system32\temp.000
    c:\windows\system32\wdccom.dat.dll
    H:\install.exe
    .
    .
    ((((((((((((((((((((((((( Files Created from 2011-02-05 to 2011-03-05 )))))))))))))))))))))))))))))))
    .
    .
    2011-03-05 05:52 . 2011-03-05 05:53 -------- d-----w- c:\users\Christian\AppData\Local\temp
    2011-03-05 05:47 . 2011-03-05 05:47 -------- d-----w- C:\32788R22FWJFW
    2011-03-05 05:25 . 2011-03-05 05:25 -------- d-----w- c:\windows\LastGood
    2011-03-04 08:10 . 2011-03-04 08:10 -------- d-----w- c:\windows\system32\drivers\AVG
    2011-03-04 08:10 . 2011-03-04 08:10 -------- d-----w- c:\programdata\AVG10
    2011-03-04 08:07 . 2011-03-04 08:26 -------- d-----w- c:\programdata\MFAData
    2011-03-04 06:33 . 2011-03-04 08:02 -------- d-----w- c:\programdata\AVAST Software
    2011-03-04 05:26 . 2010-09-11 03:32 167936 ----a-w- c:\windows\system32\drivers\wpshelper.sys
    2011-03-04 04:35 . 2010-04-20 08:12 39512 ----a-w- c:\windows\system32\drivers\AMonLWLH.sys
    2011-03-04 04:35 . 2009-10-16 12:04 31424 ----a-w- c:\windows\system32\V3w32se2.dll
    2011-03-04 04:34 . 2011-03-04 04:35 -------- d-----w- c:\program files\Common Files\AhnLab
    2011-03-04 04:33 . 2011-03-04 04:35 -------- d-----w- c:\programdata\AhnLab
    2011-03-04 04:25 . 2011-02-07 14:11 99696 ----a-w- c:\windows\system32\drivers\SysPlant.sys
    2011-03-04 04:25 . 2011-02-07 14:11 357744 ----a-w- c:\windows\system32\Sysfer.dll
    2011-03-04 04:24 . 2011-03-04 04:25 125488 ----a-w- c:\windows\system32\drivers\SYMEVENT.SYS
    2011-03-04 04:24 . 2007-03-22 01:33 503808 ----a-w- c:\windows\system32\MSVCP71.DLL
    2011-03-04 02:26 . 2011-03-04 02:26 -------- d-----w- c:\users\Christian\AppData\Local\Threat Expert
    2011-03-04 02:03 . 2011-03-04 03:31 -------- d-----w- c:\program files\Common Files\PC Tools
    2011-03-04 02:03 . 2011-03-04 02:52 -------- d-----w- c:\program files\PC Tools Security
    2011-03-04 02:03 . 2011-03-04 02:03 -------- d-----w- c:\users\Christian\AppData\Roaming\PC Tools
    2011-03-04 02:02 . 2011-03-04 02:03 -------- d-----w- c:\programdata\PC Tools
    2011-03-03 23:37 . 2011-03-03 23:42 -------- d-----w- c:\programdata\Hitman Pro
    2011-03-03 23:16 . 2011-03-03 23:18 -------- d-----w- c:\programdata\Norton
    2011-03-03 08:06 . 2011-03-03 08:06 -------- d-----w- c:\users\Christian\AppData\Local\Sunbelt Software
    2011-03-03 08:06 . 2011-03-03 08:06 -------- dc-h--w- c:\programdata\{7F66490B-6C2B-46B6-8BA2-867BC3B4F5EB}
    2011-03-03 08:05 . 2011-03-03 08:06 -------- d-----w- c:\programdata\Lavasoft
    2011-03-03 08:05 . 2011-03-03 08:05 -------- d-----w- c:\program files\Lavasoft
    2011-03-03 07:55 . 2011-03-03 07:55 -------- d-----w- c:\program files\Trend Micro
    2011-02-27 01:29 . 2011-02-27 01:29 -------- d-----w- c:\users\Christian\AppData\Roaming\Fender
    2011-02-27 01:27 . 2011-03-04 03:59 -------- d-----w- c:\program files\Fender
    2011-02-20 01:24 . 2011-02-20 01:24 -------- d-----w- c:\programdata\Hewlett-Packard
    2011-02-20 01:23 . 2010-04-15 22:33 281600 ----a-w- c:\windows\system32\Spool\prtprocs\w32x86\hpcpp093.DLL
    2011-02-20 01:23 . 2010-04-15 22:33 161280 ----a-w- c:\windows\system32\hpcpn093.dll
    2011-02-20 01:23 . 2007-07-16 20:29 59928 ----a-w- c:\windows\system32\fxcompchannel.dll
    2011-02-20 01:20 . 2011-02-20 01:20 -------- d-----w- c:\programdata\HP
    2011-02-20 01:16 . 2009-11-11 20:07 331776 ----a-w- c:\windows\system32\hppcpr13.dll
    2011-02-20 01:15 . 2011-02-20 01:16 -------- d-----w- C:\HP_P2050_full_solution_v6.1_AM-EMEA
    2011-02-08 22:45 . 2011-02-08 22:53 -------- d-----w- c:\program files\BitTorrent
    .
    .
    (((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
    .
    2011-03-05 05:24 . 2008-12-05 05:26 119296 ----a-w- c:\windows\system32\zlib.dll
    2011-01-25 10:11 . 2011-01-25 10:11 3158016 ----a-w- c:\windows\system32\MpSigsvr.exe
    2011-01-25 10:05 . 2011-01-25 10:05 1094144 ----a-w- c:\windows\system32\Portax86.dll
    2011-01-20 20:48 . 2011-01-20 20:48 644360 ----a-w- c:\programdata\Microsoft\eHome\Packages\MCESpotlight\MCESpotlight\SpotlightResources.dll
    2011-01-19 08:26 . 2011-01-19 08:26 86016 ----a-w- c:\windows\system32\frapsvid.dll
    2010-12-20 23:09 . 2010-01-20 01:06 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
    2010-12-20 23:08 . 2010-01-20 01:06 20952 ----a-w- c:\windows\system32\drivers\mbam.sys
    2010-12-17 15:47 . 2010-12-17 15:47 53248 ----a-r- c:\users\Christian\AppData\Roaming\Microsoft\Installer\{3EE9BCAE-E9A9-45E5-9B1C-83A4D357E05C}\ARPPRODUCTICON.exe
    2010-12-17 15:47 . 2010-06-02 02:16 16400 ----a-w- c:\windows\system32\drivers\LNonPnP.sys
    .
    .
    ((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
    .
    .
    *Note* empty entries & legit default entries are not shown
    REGEDIT4
    .
    [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2009-04-11 1233920]
    "ehTray.exe"="c:\windows\ehome\ehTray.exe" [2008-01-19 125952]
    "DAEMON Tools Lite"="c:\program files\DAEMON Tools Lite\DTLite.exe" [2010-04-01 357696]
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "TrueImageMonitor.exe"="e:\program files\Acronis\TrueImageHome\TrueImageMonitor.exe" [2008-10-13 4344472]
    "pdfFactory Pro Dispatcher v3"="c:\windows\system32\spool\DRIVERS\W32X86\3\fppdis3a.exe" [2008-08-01 565248]
    "FinePrint Dispatcher v5"="c:\windows\system32\spool\DRIVERS\W32X86\3\fpdisp5a.exe" [2004-08-25 442368]
    "Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2008-06-12 34672]
    "AcronisTimounterMonitor"="e:\program files\Acronis\TrueImageHome\TimounterMonitor.exe" [2008-10-13 960376]
    "Acronis Scheduler2 Service"="c:\program files\Common Files\Acronis\Schedule2\schedhlp.exe" [2008-10-13 165144]
    "Jomantha"="c:\program files\n52te\n52teHid.exe" [2008-06-13 159744]
    "SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2009-01-14 136600]
    "CTxfiHlp"="CTXFIHLP.EXE" [2008-10-08 23552]
    "SSBkgdUpdate"="c:\program files\Common Files\Scansoft Shared\SSBkgdUpdate\SSBkgdupdate.exe" [2006-10-25 210472]
    "PaperPort PTD"="e:\scansoft\PaperPort\pptd40nt.exe" [2008-04-30 29984]
    "IndexSearch"="e:\scansoft\PaperPort\IndexSearch.exe" [2008-04-30 46368]
    "PPort11reminder"="e:\scansoft\PaperPort\Ereg\Ereg.exe" [2007-02-01 255528]
    "TrkMonitor"="c:\program files\Canon Electronics\DR1210C\TrkMonitor.exe" [2008-04-24 86016]
    "BrStsWnd"="c:\program files\Brownie\BrstsWnd.exe" [2008-01-08 864256]
    "NeroFilterCheck"="c:\program files\Common Files\Ahead\Lib\NeroCheck.exe" [2006-01-12 155648]
    "StartCCC"="c:\program files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2010-10-27 98304]
    "EvtMgr6"="c:\program files\Logitech\SetPointP\SetPoint.exe" [2010-10-28 1352272]
    "Malwarebytes' Anti-Malware"="c:\program files\Malwarebytes' Anti-Malware\mbamgui.exe" [2010-12-20 443728]
    "Zune Launcher"="g:\zune\ZuneLauncher.exe" [2008-12-12 157312]
    "ccApp"="c:\program files\Common Files\Symantec Shared\ccApp.exe" [2011-02-07 115560]
    .
    [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
    "CtxfiReg"="CTXFIREG.exe" [2008-10-08 47104]
    .
    c:\users\Christian\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
    Adobe Gamma.lnk - c:\program files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe [2005-3-16 113664]
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
    "EnableLUA"= 0 (0x0)
    "EnableUIADesktopToggle"= 0 (0x0)
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
    "aux2"=wdmaud.drv
    .
    [HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]
    BootExecute REG_MULTI_SZ PDBoot.exe\0autocheck autochk *\0c:\progra~1\AVG\AVG10\avgchsvx.exe /sync\0c:\progra~1\AVG\AVG10\avgrsx.exe /sync /restart
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\ccEvtMgr]
    @="Service"
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\ccSetMgr]
    @="Service"
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Symantec Antivirus]
    @="Service"
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
    "DisableMonitoring"=dword:00000001
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\security center\Svc\S-1-5-21-4167628224-1300899903-4152363779-1000]
    "EnableNotificationsRef"=dword:00000001
    .
    R0 bbfbb;bbfbb;c:\windows\System32\drivers\pcpru.sys [x]
    R3 AhnFlt2K;AhnFlt2K;c:\windows\system32\drivers\AhnFlt2K.sys [x]
    R3 AhnRec2K;AhnRec2K;c:\windows\system32\drivers\AhnRec2K.sys [x]
    R3 COH_Mon;COH_Mon;c:\windows\system32\Drivers\COH_Mon.sys [2011-02-07 23888]
    R3 Creative Audio Engine Licensing Service;Creative Audio Engine Licensing Service;c:\program files\Common Files\Creative Labs Shared\Service\CTAELicensing.exe [2009-05-21 79360]
    R3 CT20XUT;CT20XUT;c:\windows\system32\drivers\CT20XUT.SYS [2008-10-08 171032]
    R3 CTEXFIFX;CTEXFIFX;c:\windows\system32\drivers\CTEXFIFX.SYS [2008-10-08 1324056]
    R3 CTHWIUT;CTHWIUT;c:\windows\system32\drivers\CTHWIUT.SYS [2008-10-08 72728]
    R3 JmtFltr;n52te;c:\windows\system32\Drivers\JmtFltr.sys [2007-09-27 48896]
    S0 sptd;sptd;c:\windows\System32\Drivers\sptd.sys [2010-06-21 691696]
    S0 tdrpman147;Acronis Try&Decide and Restore Points filter (build 147);c:\windows\system32\DRIVERS\tdrpm147.sys [2008-11-21 971232]
    S2 AMD External Events Utility;AMD External Events Utility;c:\windows\system32\atiesrxx.exe [2010-10-27 176128]
    S2 EBIOS32;EBIOS32 - NT Driver;c:\windows\system32\Drivers\EBIOS32.SYS [2008-07-03 13922]
    S2 MBAMService;MBAMService;c:\program files\Malwarebytes' Anti-Malware\mbamservice.exe [2010-12-20 363344]
    S2 SBSDWSCService;SBSD Security Center Service;c:\program files\Spybot - Search & Destroy\SDWinSec.exe [2009-01-26 1153368]
    S3 amdkmdag;amdkmdag;c:\windows\system32\DRIVERS\atikmdag.sys [2010-10-27 6573568]
    S3 amdkmdap;amdkmdap;c:\windows\system32\DRIVERS\atikmpag.sys [2010-10-27 229888]
    S3 AtiHDAudioService;ATI Function Driver for HD Audio Service;c:\windows\system32\drivers\AtihdLH3.sys [2010-09-24 99856]
    S3 CT20XUT.SYS;CT20XUT.SYS;c:\windows\System32\drivers\CT20XUT.SYS [2008-10-08 171032]
    S3 CTEXFIFX.SYS;CTEXFIFX.SYS;c:\windows\System32\drivers\CTEXFIFX.SYS [2008-10-08 1324056]
    S3 CTHWIUT.SYS;CTHWIUT.SYS;c:\windows\System32\drivers\CTHWIUT.SYS [2008-10-08 72728]
    S3 EraserUtilRebootDrv;EraserUtilRebootDrv;c:\program files\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [2010-10-18 102448]
    S3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [2010-12-20 20952]
    .
    .
    --- Other Services/Drivers In Memory ---
    .
    *NewlyCreated* - WPSHELPER
    *Deregistered* - klmd25
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
    HPZ12 REG_MULTI_SZ Pml Driver HPZ12 Net Driver HPZ12
    .
    .
    ------- Supplementary Scan -------
    .
    uStart Page = hxxp://yahoo.com/
    uInternet Settings,ProxyOverride = <local>
    IE: E&xport to Microsoft Excel - d:\micros~1\Office12\EXCEL.EXE/3000
    IE: Google Sidewiki... - c:\program files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_89D8574934B26AC4.dll/cmsidewiki.html
    DPF: {283A7932-A386-496A-9AB0-E8DBFACFF1E5} - hxxp://ondisk.co.kr/setup/OnDiskWebControl.cab
    DPF: {CEAF43B1-E8C1-426D-A63C-92C71212E6E5} - hxxp://touch.imbc.com/ActiveX/iMBCOnlineService.cab
    FF - ProfilePath - c:\users\Christian\AppData\Roaming\Mozilla\Firefox\Profiles\9vb1f7xa.default\
    FF - Ext: Default: {972ce4c6-7e08-4474-a285-3208198ce6fd} - e:\program files\Mozilla Firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
    FF - Ext: InstantAction.com Game Launcher: iaplayer@instantaction.com - %profile%\extensions\iaplayer@instantaction.com
    FF - Ext: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - %profile%\extensions\{20a82645-c095-46ed-80e3-08825760534b}
    FF - Ext: Conduit Engine : engine@conduit.com - %profile%\extensions\engine@conduit.com
    FF - Ext: BitTorrentBar Community Toolbar: {88c7f2aa-f93f-432c-8f0e-b7d85967a527} - %profile%\extensions\{88c7f2aa-f93f-432c-8f0e-b7d85967a527}
    FF - Ext: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension
    .
    - - - - ORPHANS REMOVED - - - -
    .
    WebBrowser-{88C7F2AA-F93F-432C-8F0E-B7D85967A527} - (no file)
    SafeBoot-Symantec Antvirus
    MSConfigStartUp-AVG_TRAY - e:\avg\AVG10\avgtray.exe
    AddRemove-Adobe Connect Add-in - c:\users\Christian\AppData\Roaming\Macromedia\Flash Player\www.macromedia.com\bin\connectaddin\connectaddin.exe
    .
    .
    .
    **************************************************************************
    .
    catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
    Rootkit scan 2011-03-05 00:53
    Windows 6.0.6002 Service Pack 2 NTFS
    .
    scanning hidden processes ...
    .
    scanning hidden autostart entries ...
    .
    HKLM\Software\Microsoft\Windows\CurrentVersion\Run
    CTxfiHlp = CTXFIHLP.EXE?
    .
    scanning hidden files ...
    .
    scan completed successfully
    hidden files: 0
    .
    **************************************************************************
    .
    --------------------- LOCKED REGISTRY KEYS ---------------------
    .
    [HKEY_USERS\S-1-5-21-4167628224-1300899903-4152363779-1000\Software\SecuROM\License information*]
    "datasecu"=hex:f7,e7,0f,c7,c8,6c,f2,13,ef,2d,07,46,88,4c,ca,6d,dd,99,73,7f,11,
    a4,52,ce,59,4d,ea,70,f4,c7,45,f9,0c,fe,96,88,5a,c9,6c,53,1d,75,3a,11,d1,83,\
    "rkeysecu"=hex:25,6e,26,75,92,ce,4f,64,cb,53,79,fc,02,ed,22,d1
    .
    [HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]
    @Denied: (A 2) (Everyone)
    @="FlashBroker"
    "LocalizedString"="@c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil10n_ActiveX.exe,-101"
    .
    [HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]
    "Enabled"=dword:00000001
    .
    [HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]
    @="c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil10n_ActiveX.exe"
    .
    [HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]
    @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
    .
    [HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]
    @Denied: (A 2) (Everyone)
    @="IFlashBroker4"
    .
    [HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]
    @="{00020424-0000-0000-C000-000000000046}"
    .
    [HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]
    @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
    "Version"="1.0"
    .
    Completion time: 2011-03-05 00:55:28
    ComboFix-quarantined-files.txt 2011-03-05 05:55
    .
    Pre-Run: 33,779,884,032 bytes free
    Post-Run: 33,737,011,200 bytes free
    .
    - - End Of File - - 74C9854630913DC868B0AE128DC00919
  8. Broni

    Broni Malware Annihilator Posts: 46,321   +252

    1. Please open Notepad
    • Click Start , then Run
    • Type notepad .exe in the Run Box.

    2. Now copy/paste the entire content of the codebox below into the Notepad window:

    Code:
    File::
    c:\windows\system32\drivers\AMonLWLH.sys
    c:\windows\system32\V3w32se2.dll
    c:\program files\Common Files\AhnLab
    c:\programdata\AhnLab
    c:\windows\System32\drivers\pcpru.sys
    
    
    Folder::
    c:\programdata\AVAST Software
    c:\programdata\AVG10
    c:\windows\system32\drivers\AVG
    c:\users\Christian\AppData\Local\Sunbelt Software
    
    
    Driver::
    bbfb
    AhnFlt2K
    AhnRec2K
    
    
    Registry::
    [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
    "DisableMonitoring"=dword:00000000
    
    DDS::
    uInternet Settings,ProxyOverride = <local>
    
    
    

    3. Save the above as CFScript.txt

    4. Close/disable all anti virus and anti malware programs again, so they do not interfere with the running of ComboFix.

    5. Then drag the CFScript.txt into ComboFix.exe as depicted in the animation below. This will start ComboFix again.

    [​IMG]


    6. After reboot, (in case it asks to reboot), please post the following reports/logs into your next reply:
    • Combofix.txt
  9. ChriskK

    ChriskK Newcomer, in training Topic Starter Posts: 18

    ComboFix 11-03-04.04 - Christian 03/05/2011 19:25:41.2.4 - x86
    Microsoft® Windows Vista™ Ultimate 6.0.6002.2.1252.1.1033.18.3325.2043 [GMT -5:00]
    Running from: c:\users\Christian\Desktop\ComboFix.exe
    Command switches used :: c:\users\Christian\Desktop\CFScript.txt
    AV: Symantec Endpoint Protection *Disabled/Updated* {88C95A36-8C3B-2F2C-1B8B-30FCCFDC4855}
    FW: Symantec Endpoint Protection *Disabled* {B0F2DB13-C654-2E74-30D4-99C9310F0F2E}
    SP: Symantec Endpoint Protection *Disabled/Updated* {33A8BBD2-AA01-20A2-213B-0B8EB45B02E8}
    SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
    .
    FILE ::
    "c:\program files\Common Files\AhnLab"
    "c:\programdata\AhnLab"
    "c:\windows\system32\drivers\AMonLWLH.sys"
    "c:\windows\System32\drivers\pcpru.sys"
    "c:\windows\system32\V3w32se2.dll"
    .
    .
    ((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
    .
    .
    c:\programdata\AVAST Software
    c:\programdata\AVG10
    c:\programdata\AVG10\Cfg\admin.cfg
    c:\programdata\AVG10\Cfg\krnl.cfg
    c:\programdata\AVG10\Chjw\3ebc2027bc1fd7eb.dat
    c:\programdata\AVG10\Chjw\5000f42500f413a6.dat
    c:\programdata\AVG10\Chjw\a6d88983d889530b.dat
    c:\programdata\AVG10\Chjw\bcf83461f8341bd8.dat
    c:\programdata\AVG10\Chjw\d8aae642aae61cae.dat
    c:\programdata\AVG10\Chjw\de7cfe617cfe343d.dat
    c:\programdata\AVG10\IDS\config\agentStartup.xml
    c:\programdata\AVG10\IDS\config\analyzerFilterConfig.xml
    c:\programdata\AVG10\IDS\config\BehavioralEventProcessors.xml
    c:\programdata\AVG10\IDS\config\BehavioralEvents.xml
    c:\programdata\AVG10\IDS\config\Classifiers.xml
    c:\programdata\AVG10\IDS\config\Correlations.xml
    c:\programdata\AVG10\IDS\config\downloadManager.xml
    c:\programdata\AVG10\IDS\config\downloads.xml
    c:\programdata\AVG10\IDS\config\EN_US\Characteristics.xml
    c:\programdata\AVG10\IDS\config\EN_US\internalListStrings.xml
    c:\programdata\AVG10\IDS\config\EN_US\reportableevents.xml
    c:\programdata\AVG10\IDS\config\ExecutableEvents.xml
    c:\programdata\AVG10\IDS\config\FileCoverage.xml
    c:\programdata\AVG10\IDS\config\internalList.zip
    c:\programdata\AVG10\IDS\config\messages.xml
    c:\programdata\AVG10\IDS\config\NetworkEvents.xml
    c:\programdata\AVG10\IDS\config\ProductParameters.xml
    c:\programdata\AVG10\IDS\config\RegistryCoverage.xml
    c:\programdata\AVG10\IDS\config\Relationships.xml
    c:\programdata\AVG10\IDS\config\ReportableEventMappings.xml
    c:\programdata\AVG10\IDS\config\SelfProtection.xml
    c:\programdata\AVG10\log\amlog.cfg
    c:\programdata\AVG10\log\arklog.cfg
    c:\programdata\AVG10\log\avgcfg.log
    c:\programdata\AVG10\log\avgcfg.log.lock
    c:\programdata\AVG10\log\avgchjw.log
    c:\programdata\AVG10\log\avgchjw.log.lock
    c:\programdata\AVG10\log\avgchjwsrv.log
    c:\programdata\AVG10\log\avgchjwsrv.log.lock
    c:\programdata\AVG10\log\avgcore.log
    c:\programdata\AVG10\log\avgcore.log.lock
    c:\programdata\AVG10\log\avgldr.log
    c:\programdata\AVG10\log\avgldr.log.lock
    c:\programdata\AVG10\log\avgrs.log
    c:\programdata\AVG10\log\avgrs.log.lock
    c:\programdata\AVG10\log\avgtdi.log
    c:\programdata\AVG10\log\avgtdi.log.lock
    c:\programdata\AVG10\log\avgui.log
    c:\programdata\AVG10\log\avgui.log.lock
    c:\programdata\AVG10\log\avguilog.cfg
    c:\programdata\AVG10\log\cfgexlog.cfg
    c:\programdata\AVG10\log\cfglog.cfg
    c:\programdata\AVG10\log\chjwlog.cfg
    c:\programdata\AVG10\log\corelog.cfg
    c:\programdata\AVG10\log\csllog.cfg
    c:\programdata\AVG10\log\ldrlog.cfg
    c:\programdata\AVG10\log\lnglog.cfg
    c:\programdata\AVG10\log\lscanlog.cfg
    c:\programdata\AVG10\log\nslog.cfg
    c:\programdata\AVG10\log\privlog.cfg
    c:\programdata\AVG10\log\publog.cfg
    c:\programdata\AVG10\log\rslog.cfg
    c:\programdata\AVG10\log\scanlog.cfg
    c:\programdata\AVG10\log\schedlog.cfg
    c:\programdata\AVG10\log\srmlog.cfg
    c:\programdata\AVG10\log\tdilog.cfg
    c:\programdata\AVG10\log\updlog.cfg
    c:\programdata\AVG10\log\vaultlog.cfg
    c:\programdata\AVG10\log\wdlog.cfg
    c:\programdata\AVG10\log\wdsvclog.cfg
    c:\users\Christian\AppData\Local\Sunbelt Software
    c:\windows\system32\drivers\AMonLWLH.sys
    c:\windows\system32\drivers\AVG
    c:\windows\system32\drivers\AVG\iavichjw.avm
    c:\windows\system32\drivers\AVG\incavi.avm
    c:\windows\system32\V3w32se2.dll
    .
    .
    ((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
    -------\Legacy_AHNFLT2K
    -------\Legacy_AHNREC2K
    -------\Service_AhnFlt2K
    -------\Service_AhnRec2K
    .
    .
    ((((((((((((((((((((((((( Files Created from 2011-02-06 to 2011-03-06 )))))))))))))))))))))))))))))))
    .
    .
    2011-03-06 00:30 . 2011-03-06 00:32 -------- d-----w- c:\users\Christian\AppData\Local\temp
    2011-03-04 08:07 . 2011-03-04 08:26 -------- d-----w- c:\programdata\MFAData
    2011-03-04 05:26 . 2010-09-11 03:32 167936 ----a-w- c:\windows\system32\drivers\wpshelper.sys
    2011-03-04 04:34 . 2011-03-04 04:35 -------- d-----w- c:\program files\Common Files\AhnLab
    2011-03-04 04:33 . 2011-03-04 04:35 -------- d-----w- c:\programdata\AhnLab
    2011-03-04 04:25 . 2011-02-07 14:11 99696 ----a-w- c:\windows\system32\drivers\SysPlant.sys
    2011-03-04 04:25 . 2011-02-07 14:11 357744 ----a-w- c:\windows\system32\Sysfer.dll
    2011-03-04 04:24 . 2011-03-04 04:25 125488 ----a-w- c:\windows\system32\drivers\SYMEVENT.SYS
    2011-03-04 04:24 . 2007-03-22 01:33 503808 ----a-w- c:\windows\system32\MSVCP71.DLL
    2011-03-04 02:26 . 2011-03-04 02:26 -------- d-----w- c:\users\Christian\AppData\Local\Threat Expert
    2011-03-04 02:03 . 2011-03-04 03:31 -------- d-----w- c:\program files\Common Files\PC Tools
    2011-03-04 02:03 . 2011-03-04 02:52 -------- d-----w- c:\program files\PC Tools Security
    2011-03-04 02:03 . 2011-03-04 02:03 -------- d-----w- c:\users\Christian\AppData\Roaming\PC Tools
    2011-03-04 02:02 . 2011-03-04 02:03 -------- d-----w- c:\programdata\PC Tools
    2011-03-03 23:37 . 2011-03-03 23:42 -------- d-----w- c:\programdata\Hitman Pro
    2011-03-03 23:16 . 2011-03-03 23:18 -------- d-----w- c:\programdata\Norton
    2011-03-03 08:06 . 2011-03-03 08:06 -------- dc-h--w- c:\programdata\{7F66490B-6C2B-46B6-8BA2-867BC3B4F5EB}
    2011-03-03 08:05 . 2011-03-03 08:06 -------- d-----w- c:\programdata\Lavasoft
    2011-03-03 08:05 . 2011-03-03 08:05 -------- d-----w- c:\program files\Lavasoft
    2011-03-03 07:55 . 2011-03-03 07:55 -------- d-----w- c:\program files\Trend Micro
    2011-02-27 01:29 . 2011-02-27 01:29 -------- d-----w- c:\users\Christian\AppData\Roaming\Fender
    2011-02-27 01:27 . 2011-03-04 03:59 -------- d-----w- c:\program files\Fender
    2011-02-20 01:24 . 2011-02-20 01:24 -------- d-----w- c:\programdata\Hewlett-Packard
    2011-02-20 01:23 . 2010-04-15 22:33 281600 ----a-w- c:\windows\system32\Spool\prtprocs\w32x86\hpcpp093.DLL
    2011-02-20 01:23 . 2010-04-15 22:33 161280 ----a-w- c:\windows\system32\hpcpn093.dll
    2011-02-20 01:23 . 2007-07-16 20:29 59928 ----a-w- c:\windows\system32\fxcompchannel.dll
    2011-02-20 01:20 . 2011-02-20 01:20 -------- d-----w- c:\programdata\HP
    2011-02-20 01:16 . 2009-11-11 20:07 331776 ----a-w- c:\windows\system32\hppcpr13.dll
    2011-02-20 01:15 . 2011-02-20 01:16 -------- d-----w- C:\HP_P2050_full_solution_v6.1_AM-EMEA
    2011-02-08 22:45 . 2011-02-08 22:53 -------- d-----w- c:\program files\BitTorrent
    .
    .
    (((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
    .
    2011-03-05 05:24 . 2008-12-05 05:26 119296 ----a-w- c:\windows\system32\zlib.dll
    2011-01-25 10:11 . 2011-01-25 10:11 3158016 ----a-w- c:\windows\system32\MpSigsvr.exe
    2011-01-25 10:05 . 2011-01-25 10:05 1094144 ----a-w- c:\windows\system32\Portax86.dll
    2011-01-20 20:48 . 2011-01-20 20:48 644360 ----a-w- c:\programdata\Microsoft\eHome\Packages\MCESpotlight\MCESpotlight\SpotlightResources.dll
    2011-01-19 08:26 . 2011-01-19 08:26 86016 ----a-w- c:\windows\system32\frapsvid.dll
    2010-12-20 23:09 . 2010-01-20 01:06 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
    2010-12-20 23:08 . 2010-01-20 01:06 20952 ----a-w- c:\windows\system32\drivers\mbam.sys
    2010-12-17 15:47 . 2010-12-17 15:47 53248 ----a-r- c:\users\Christian\AppData\Roaming\Microsoft\Installer\{3EE9BCAE-E9A9-45E5-9B1C-83A4D357E05C}\ARPPRODUCTICON.exe
    2010-12-17 15:47 . 2010-06-02 02:16 16400 ----a-w- c:\windows\system32\drivers\LNonPnP.sys
    .
    .
    ((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
    .
    .
    *Note* empty entries & legit default entries are not shown
    REGEDIT4
    .
    [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2009-04-11 1233920]
    "ehTray.exe"="c:\windows\ehome\ehTray.exe" [2008-01-19 125952]
    "DAEMON Tools Lite"="c:\program files\DAEMON Tools Lite\DTLite.exe" [2010-04-01 357696]
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "TrueImageMonitor.exe"="e:\program files\Acronis\TrueImageHome\TrueImageMonitor.exe" [2008-10-13 4344472]
    "pdfFactory Pro Dispatcher v3"="c:\windows\system32\spool\DRIVERS\W32X86\3\fppdis3a.exe" [2008-08-01 565248]
    "FinePrint Dispatcher v5"="c:\windows\system32\spool\DRIVERS\W32X86\3\fpdisp5a.exe" [2004-08-25 442368]
    "Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2008-06-12 34672]
    "AcronisTimounterMonitor"="e:\program files\Acronis\TrueImageHome\TimounterMonitor.exe" [2008-10-13 960376]
    "Acronis Scheduler2 Service"="c:\program files\Common Files\Acronis\Schedule2\schedhlp.exe" [2008-10-13 165144]
    "Jomantha"="c:\program files\n52te\n52teHid.exe" [2008-06-13 159744]
    "SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2009-01-14 136600]
    "CTxfiHlp"="CTXFIHLP.EXE" [2008-10-08 23552]
    "SSBkgdUpdate"="c:\program files\Common Files\Scansoft Shared\SSBkgdUpdate\SSBkgdupdate.exe" [2006-10-25 210472]
    "PaperPort PTD"="e:\scansoft\PaperPort\pptd40nt.exe" [2008-04-30 29984]
    "IndexSearch"="e:\scansoft\PaperPort\IndexSearch.exe" [2008-04-30 46368]
    "PPort11reminder"="e:\scansoft\PaperPort\Ereg\Ereg.exe" [2007-02-01 255528]
    "TrkMonitor"="c:\program files\Canon Electronics\DR1210C\TrkMonitor.exe" [2008-04-24 86016]
    "BrStsWnd"="c:\program files\Brownie\BrstsWnd.exe" [2008-01-08 864256]
    "NeroFilterCheck"="c:\program files\Common Files\Ahead\Lib\NeroCheck.exe" [2006-01-12 155648]
    "StartCCC"="c:\program files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2010-10-27 98304]
    "EvtMgr6"="c:\program files\Logitech\SetPointP\SetPoint.exe" [2010-10-28 1352272]
    "Malwarebytes' Anti-Malware"="c:\program files\Malwarebytes' Anti-Malware\mbamgui.exe" [2010-12-20 443728]
    "Zune Launcher"="g:\zune\ZuneLauncher.exe" [2008-12-12 157312]
    "ccApp"="c:\program files\Common Files\Symantec Shared\ccApp.exe" [2011-02-07 115560]
    .
    [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
    "CtxfiReg"="CTXFIREG.exe" [2008-10-08 47104]
    .
    c:\users\Christian\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
    Adobe Gamma.lnk - c:\program files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe [2005-3-16 113664]
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
    "EnableLUA"= 0 (0x0)
    "EnableUIADesktopToggle"= 0 (0x0)
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
    "aux2"=wdmaud.drv
    .
    [HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]
    BootExecute REG_MULTI_SZ PDBoot.exe\0autocheck autochk *\0c:\progra~1\AVG\AVG10\avgchsvx.exe /sync\0c:\progra~1\AVG\AVG10\avgrsx.exe /sync /restart
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\ccEvtMgr]
    @="Service"
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\ccSetMgr]
    @="Service"
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Symantec Antivirus]
    @="Service"
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\security center\Svc\S-1-5-21-4167628224-1300899903-4152363779-1000]
    "EnableNotificationsRef"=dword:00000001
    .
    2;2 MBAMService;MBAMService;c:\program files\Malwarebytes' Anti-Malware\mbamservice.exe [x]
    R0 bbfbb;bbfbb;c:\windows\System32\drivers\pcpru.sys [x]
    R3 COH_Mon;COH_Mon;c:\windows\system32\Drivers\COH_Mon.sys [2011-02-07 23888]
    R3 Creative Audio Engine Licensing Service;Creative Audio Engine Licensing Service;c:\program files\Common Files\Creative Labs Shared\Service\CTAELicensing.exe [2009-05-21 79360]
    R3 CT20XUT;CT20XUT;c:\windows\system32\drivers\CT20XUT.SYS [2008-10-08 171032]
    R3 CTEXFIFX;CTEXFIFX;c:\windows\system32\drivers\CTEXFIFX.SYS [2008-10-08 1324056]
    R3 CTHWIUT;CTHWIUT;c:\windows\system32\drivers\CTHWIUT.SYS [2008-10-08 72728]
    R3 JmtFltr;n52te;c:\windows\system32\Drivers\JmtFltr.sys [2007-09-27 48896]
    S0 sptd;sptd;c:\windows\System32\Drivers\sptd.sys [2010-06-21 691696]
    S0 tdrpman147;Acronis Try&Decide and Restore Points filter (build 147);c:\windows\system32\DRIVERS\tdrpm147.sys [2008-11-21 971232]
    S2 AMD External Events Utility;AMD External Events Utility;c:\windows\system32\atiesrxx.exe [2010-10-27 176128]
    S2 EBIOS32;EBIOS32 - NT Driver;c:\windows\system32\Drivers\EBIOS32.SYS [2008-07-03 13922]
    S2 SBSDWSCService;SBSD Security Center Service;c:\program files\Spybot - Search & Destroy\SDWinSec.exe [2009-01-26 1153368]
    S3 amdkmdag;amdkmdag;c:\windows\system32\DRIVERS\atikmdag.sys [2010-10-27 6573568]
    S3 amdkmdap;amdkmdap;c:\windows\system32\DRIVERS\atikmpag.sys [2010-10-27 229888]
    S3 AtiHDAudioService;ATI Function Driver for HD Audio Service;c:\windows\system32\drivers\AtihdLH3.sys [2010-09-24 99856]
    S3 CT20XUT.SYS;CT20XUT.SYS;c:\windows\System32\drivers\CT20XUT.SYS [2008-10-08 171032]
    S3 CTEXFIFX.SYS;CTEXFIFX.SYS;c:\windows\System32\drivers\CTEXFIFX.SYS [2008-10-08 1324056]
    S3 CTHWIUT.SYS;CTHWIUT.SYS;c:\windows\System32\drivers\CTHWIUT.SYS [2008-10-08 72728]
    S3 EraserUtilRebootDrv;EraserUtilRebootDrv;c:\program files\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [2010-10-18 102448]
    S3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [2010-12-20 20952]
    .
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
    HPZ12 REG_MULTI_SZ Pml Driver HPZ12 Net Driver HPZ12
    .
    .
    ------- Supplementary Scan -------
    .
    uStart Page = hxxp://yahoo.com/
    IE: E&xport to Microsoft Excel - d:\micros~1\Office12\EXCEL.EXE/3000
    IE: Google Sidewiki... - c:\program files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_89D8574934B26AC4.dll/cmsidewiki.html
    DPF: {283A7932-A386-496A-9AB0-E8DBFACFF1E5} - hxxp://ondisk.co.kr/setup/OnDiskWebControl.cab
    DPF: {CEAF43B1-E8C1-426D-A63C-92C71212E6E5} - hxxp://touch.imbc.com/ActiveX/iMBCOnlineService.cab
    FF - ProfilePath - c:\users\Christian\AppData\Roaming\Mozilla\Firefox\Profiles\9vb1f7xa.default\
    FF - Ext: Default: {972ce4c6-7e08-4474-a285-3208198ce6fd} - e:\program files\Mozilla Firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
    FF - Ext: InstantAction.com Game Launcher: iaplayer@instantaction.com - %profile%\extensions\iaplayer@instantaction.com
    FF - Ext: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - %profile%\extensions\{20a82645-c095-46ed-80e3-08825760534b}
    FF - Ext: Conduit Engine : engine@conduit.com - %profile%\extensions\engine@conduit.com
    FF - Ext: BitTorrentBar Community Toolbar: {88c7f2aa-f93f-432c-8f0e-b7d85967a527} - %profile%\extensions\{88c7f2aa-f93f-432c-8f0e-b7d85967a527}
    FF - Ext: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension
    .
    .
    **************************************************************************
    scanning hidden processes ...
    .
    scanning hidden autostart entries ...
    .
    HKLM\Software\Microsoft\Windows\CurrentVersion\Run
    CTxfiHlp = CTXFIHLP.EXE?
    .
    scanning hidden files ...
    .
    scan completed successfully
    hidden files:
    .
    **************************************************************************
    .
    --------------------- LOCKED REGISTRY KEYS ---------------------
    .
    [HKEY_USERS\S-1-5-21-4167628224-1300899903-4152363779-1000\Software\SecuROM\License information*]
    "datasecu"=hex:f7,e7,0f,c7,c8,6c,f2,13,ef,2d,07,46,88,4c,ca,6d,dd,99,73,7f,11,
    a4,52,ce,59,4d,ea,70,f4,c7,45,f9,0c,fe,96,88,5a,c9,6c,53,1d,75,3a,11,d1,83,\
    "rkeysecu"=hex:25,6e,26,75,92,ce,4f,64,cb,53,79,fc,02,ed,22,d1
    .
    [HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]
    @Denied: (A 2) (Everyone)
    @="FlashBroker"
    "LocalizedString"="@c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil10n_ActiveX.exe,-101"
    .
    [HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]
    "Enabled"=dword:00000001
    .
    [HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]
    @="c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil10n_ActiveX.exe"
    .
    [HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]
    @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
    .
    [HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]
    @Denied: (A 2) (Everyone)
    @="IFlashBroker4"
    .
    [HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]
    @="{00020424-0000-0000-C000-000000000046}"
    .
    [HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]
    @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
    "Version"="1.0"
    .
    ------------------------ Other Running Processes ------------------------
    .
    c:\program files\Creative\Shared Files\CTAudSvc.exe
    c:\windows\system32\atieclxx.exe
    c:\program files\Symantec\Symantec Endpoint Protection\Smc.exe
    c:\program files\Common Files\Symantec Shared\ccSvcHst.exe
    c:\program files\Symantec\Symantec Endpoint Protection\SmcGui.exe
    c:\program files\Common Files\Acronis\Schedule2\schedul2.exe
    c:\program files\JHSecure\VPN Client\cvpnd.exe
    c:\program files\Common Files\Microsoft Shared\VS7DEBUG\mdm.exe
    c:\windows\system32\conime.exe
    e:\program files\Raxco\PerfectDisk\PDAgent.exe
    c:\program files\Symantec\Symantec Endpoint Protection\Rtvscan.exe
    e:\program files\Raxco\PerfectDisk\PDEngine.exe
    c:\windows\System32\Ctxfihlp.exe
    c:\windows\SYSTEM32\CTXFISPI.EXE
    c:\windows\ehome\ehmsas.exe
    c:\program files\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
    c:\program files\Common Files\LogiShrd\KHAL3\KHALMNPR.EXE
    c:\program files\Logitech\SetPointG\SetPointII.exe
    c:\program files\ATI Technologies\ATI.ACE\Core-Static\CCC.exe
    c:\\?\c:\windows\system32\wbem\WMIADAP.EXE
    .
    **************************************************************************
    .
    Completion time: 2011-03-05 19:37:20 - machine was rebooted
    ComboFix-quarantined-files.txt 2011-03-06 00:37
    ComboFix2.txt 2011-03-05 05:55
    .
    Pre-Run: 45,694,001,152 bytes free
    Post-Run: 45,123,747,840 bytes free
    .
    - - End Of File - - 728D77F01B61D9B5B1C521708F7330EB


    Hope everything's OK. Fingers crossed...
  10. Broni

    Broni Malware Annihilator Posts: 46,321   +252

    How is redirection?

    Download OTL to your Desktop.

    • Double click on the icon to run it. Make sure all other windows are closed and to let it run uninterrupted.
    • Click the Scan All Users checkbox.
    • Under the Custom Scan box paste this in:


    netsvcs
    drivers32
    %SYSTEMDRIVE%\*.*
    %systemroot%\Fonts\*.com
    %systemroot%\Fonts\*.dll
    %systemroot%\Fonts\*.ini
    %systemroot%\Fonts\*.ini2
    %systemroot%\Fonts\*.exe
    %systemroot%\system32\spool\prtprocs\w32x86\*.*
    %systemroot%\REPAIR\*.bak1
    %systemroot%\REPAIR\*.ini
    %systemroot%\system32\*.jpg
    %systemroot%\*.jpg
    %systemroot%\*.png
    %systemroot%\*.scr
    %systemroot%\*._sy
    %APPDATA%\Adobe\Update\*.*
    %ALLUSERSPROFILE%\Favorites\*.*
    %APPDATA%\Microsoft\*.*
    %PROGRAMFILES%\*.*
    %APPDATA%\Update\*.*
    %systemroot%\*. /mp /s
    CREATERESTOREPOINT
    %systemroot%\System32\config\*.sav
    %PROGRAMFILES%\bak. /s
    %systemroot%\system32\bak. /s
    %ALLUSERSPROFILE%\Start Menu\*.lnk /x
    %systemroot%\system32\config\systemprofile\*.dat /x
    %systemroot%\*.config
    %systemroot%\system32\*.db
    %APPDATA%\Microsoft\Internet Explorer\Quick Launch\*.lnk /x
    %USERPROFILE%\Desktop\*.exe
    %PROGRAMFILES%\Common Files\*.*
    %systemroot%\*.src
    %systemroot%\install\*.*
    %systemroot%\system32\DLL\*.*
    %systemroot%\system32\HelpFiles\*.*
    %systemroot%\system32\rundll\*.*
    %systemroot%\winn32\*.*
    %systemroot%\Java\*.*
    %systemroot%\system32\test\*.*
    %systemroot%\system32\Rundll32\*.*
    %systemroot%\AppPatch\Custom\*.*
    %APPDATA%\Roaming\Microsoft\Windows\Recent\*.lnk /x
    %PROGRAMFILES%\PC-Doctor\Downloads\*.*
    %PROGRAMFILES%\Internet Explorer\*.tmp
    %PROGRAMFILES%\Internet Explorer\*.dat
    %USERPROFILE%\My Documents\*.exe
    %USERPROFILE%\*.exe
    %systemroot%\ADDINS\*.*
    %systemroot%\assembly\*.bak2
    %systemroot%\Config\*.*
    %systemroot%\REPAIR\*.bak2
    %systemroot%\SECURITY\Database\*.sdb /x
    %systemroot%\SYSTEM\*.bak2
    %systemroot%\Web\*.bak2
    %systemroot%\Driver Cache\*.*
    %PROGRAMFILES%\Mozilla Firefox\0*.exe
    %ProgramFiles%\Microsoft Common\*.*
    %ProgramFiles%\TinyProxy.
    %USERPROFILE%\Favorites\*.url /x
    %systemroot%\system32\*.bk
    %systemroot%\*.te
    %systemroot%\system32\system32\*.*
    %ALLUSERSPROFILE%\*.dat /x
    %systemroot%\system32\drivers\*.rmv
    dir /b "%systemroot%\system32\*.exe" | find /i " " /c
    dir /b "%systemroot%\*.exe" | find /i " " /c
    %PROGRAMFILES%\Microsoft\*.*
    %systemroot%\System32\Wbem\proquota.exe
    %PROGRAMFILES%\Mozilla Firefox\*.dat
    %USERPROFILE%\Cookies\*.txt /x
    %SystemRoot%\system32\fonts\*.*
    %systemroot%\system32\winlog\*.*
    %systemroot%\system32\Language\*.*
    %systemroot%\system32\Settings\*.*
    %systemroot%\system32\*.quo
    %SYSTEMROOT%\AppPatch\*.exe
    %SYSTEMROOT%\inf\*.exe
    %SYSTEMROOT%\Installer\*.exe
    %systemroot%\system32\config\*.bak2
    %systemroot%\system32\Computers\*.*
    %SystemRoot%\system32\Sound\*.*
    %SystemRoot%\system32\SpecialImg\*.*
    %SystemRoot%\system32\code\*.*
    %SystemRoot%\system32\draft\*.*
    %SystemRoot%\system32\MSSSys\*.*
    %ProgramFiles%\Javascript\*.*
    %systemroot%\pchealth\helpctr\System\*.exe /s
    %systemroot%\Web\*.exe
    %systemroot%\system32\msn\*.*
    %systemroot%\system32\*.tro
    %AppData%\Microsoft\Installer\msupdates\*.*
    %ProgramFiles%\Messenger\*.*
    %systemroot%\system32\systhem32\*.*
    %systemroot%\system\*.exe
    HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate\AU
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\Auto Update\Results\Install|LastSuccessTime /rs
    /md5start
    /md5stop


    • Click the Quick Scan button. Do not change any settings unless otherwise told to do so. The scan wont take long.
    • When the scan completes, it will open two notepad windows: OTL.txt and Extras.txt. These are saved in the same location as OTL.
    • Please copy (Edit->Select All, Edit->Copy) the contents of these files, one at a time, and post them back here.
  11. ChriskK

    ChriskK Newcomer, in training Topic Starter Posts: 18

    Redirection has gone! I'll post the result of OTL.
     
  12. Broni

    Broni Malware Annihilator Posts: 46,321   +252

    Cool beans :)
  13. ChriskK

    ChriskK Newcomer, in training Topic Starter Posts: 18

    The forum won't allow me to post the contents of OTL.txt and Extras.txt because of too many characters. Each log file has more than 50,000 characters. What should I do? Thanks.
  14. Broni

    Broni Malware Annihilator Posts: 46,321   +252

    If any log doesn't fit into single reply, split it between couple of replies.
  15. ChriskK

    ChriskK Newcomer, in training Topic Starter Posts: 18

    OTL Part 1

    OTL logfile created on: 3/5/2011 9:53:38 PM - Run 1
    OTL by OldTimer - Version 3.2.22.2 Folder = C:\Users\Christian\Desktop
    Windows Vista Ultimate Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
    Internet Explorer (Version = 8.0.6001.18943)
    Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

    3.00 Gb Total Physical Memory | 2.00 Gb Available Physical Memory | 62.00% Memory free
    7.00 Gb Paging File | 6.00 Gb Available in Paging File | 82.00% Paging File free
    Paging file location(s): ?:\pagefile.sys [binary data]

    %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
    Drive C: | 78.13 Gb Total Space | 41.01 Gb Free Space | 52.48% Space Free | Partition Type: NTFS
    Drive D: | 39.07 Gb Total Space | 34.08 Gb Free Space | 87.24% Space Free | Partition Type: NTFS
    Drive E: | 39.07 Gb Total Space | 37.28 Gb Free Space | 95.42% Space Free | Partition Type: NTFS
    Drive F: | 141.82 Gb Total Space | 27.81 Gb Free Space | 19.61% Space Free | Partition Type: NTFS
    Drive G: | 139.73 Gb Total Space | 63.29 Gb Free Space | 45.30% Space Free | Partition Type: NTFS
    Drive H: | 139.73 Gb Total Space | 115.00 Gb Free Space | 82.30% Space Free | Partition Type: NTFS
    Drive I: | 7.31 Gb Total Space | 0.00 Gb Free Space | 0.00% Space Free | Partition Type: UDF

    Computer Name: CHRISTIAN-PC | User Name: Christian | Logged in as Administrator.
    Boot Mode: Normal | Scan Mode: All users | Quick Scan
    Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

    ========== Processes (SafeList) ==========

    PRC - [2011/03/05 21:52:33 | 000,581,120 | ---- | M] (OldTimer Tools) -- C:\Users\Christian\Desktop\OTL.exe
    PRC - [2011/02/07 09:11:36 | 000,115,560 | ---- | M] (Symantec Corporation) -- C:\Program Files\Common Files\Symantec Shared\ccApp.exe
    PRC - [2011/02/07 09:11:36 | 000,108,392 | ---- | M] (Symantec Corporation) -- C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
    PRC - [2011/02/07 09:11:34 | 001,893,728 | ---- | M] (Symantec Corporation) -- C:\Program Files\Symantec\Symantec Endpoint Protection\Smc.exe
    PRC - [2011/02/07 09:11:34 | 001,839,776 | ---- | M] (Symantec Corporation) -- C:\Program Files\Symantec\Symantec Endpoint Protection\Rtvscan.exe
    PRC - [2011/02/07 09:11:34 | 001,459,568 | ---- | M] (Symantec Corporation) -- C:\Program Files\Symantec\Symantec Endpoint Protection\SmcGui.exe
    PRC - [2010/12/20 18:08:58 | 000,363,344 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe
    PRC - [2010/11/09 15:08:58 | 000,146,000 | ---- | M] (Logitech, Inc.) -- C:\Program Files\Common Files\Logishrd\KHAL3\KHALMNPR.exe
    PRC - [2010/10/26 21:51:54 | 000,393,216 | ---- | M] (AMD) -- C:\Windows\System32\atieclxx.exe
    PRC - [2010/10/26 21:51:26 | 000,176,128 | ---- | M] (AMD) -- C:\Windows\System32\atiesrxx.exe
    PRC - [2010/10/14 20:09:30 | 000,451,152 | ---- | M] (Logitech, Inc.) -- C:\Program Files\Logitech\SetPointG\SetPointII.exe
    PRC - [2010/04/01 04:16:20 | 000,357,696 | ---- | M] (DT Soft Ltd) -- C:\Program Files\DAEMON Tools Lite\DTLite.exe
    PRC - [2009/04/10 22:27:38 | 002,926,592 | ---- | M] (Microsoft Corporation) -- C:\Windows\explorer.exe
    PRC - [2009/01/26 14:31:10 | 001,153,368 | ---- | M] (Safer Networking Ltd.) -- C:\Program Files\Spybot - Search & Destroy\SDWinSec.exe
    PRC - [2008/12/12 11:41:06 | 000,157,312 | ---- | M] (Microsoft Corporation) -- G:\Zune\ZuneLauncher.exe
    PRC - [2008/10/31 19:04:40 | 000,307,200 | ---- | M] (Creative Technology Ltd) -- C:\Program Files\Creative\Shared Files\CTAudSvc.exe
    PRC - [2008/10/13 12:22:10 | 000,960,376 | ---- | M] (Acronis) -- E:\Program Files\Acronis\TrueImageHome\TimounterMonitor.exe
    PRC - [2008/10/13 12:16:50 | 000,165,144 | ---- | M] (Acronis) -- C:\Program Files\Common Files\Acronis\Schedule2\schedhlp.exe
    PRC - [2008/10/13 12:16:44 | 000,554,264 | ---- | M] (Acronis) -- C:\Program Files\Common Files\Acronis\Schedule2\schedul2.exe
    PRC - [2008/10/13 12:00:16 | 004,344,472 | ---- | M] (Acronis) -- E:\Program Files\Acronis\TrueImageHome\TrueImageMonitor.exe
    PRC - [2008/10/07 22:41:36 | 000,023,552 | ---- | M] (Creative Technology Ltd) -- C:\Windows\System32\Ctxfihlp.exe
    PRC - [2008/10/07 22:37:38 | 001,212,928 | ---- | M] (Creative Technology Ltd) -- C:\Windows\System32\CTxfispi.exe
    PRC - [2008/06/13 11:19:46 | 000,159,744 | ---- | M] (Razer USA Ltd.) -- C:\Program Files\n52te\n52teHid.exe
    PRC - [2008/04/24 12:27:52 | 000,086,016 | ---- | M] (Canon Electronics Inc.) -- C:\Program Files\Canon Electronics\DR1210C\TrkMonitor.exe
    PRC - [2007/10/29 06:49:06 | 000,734,472 | ---- | M] (Raxco Software, Inc.) -- e:\Program Files\RAXCO\PerfectDisk\PDEngine.exe
    PRC - [2007/10/29 06:48:58 | 000,414,984 | ---- | M] (Raxco Software, Inc.) -- e:\Program Files\RAXCO\PerfectDisk\PDAgent.exe
    PRC - [2007/04/03 16:18:08 | 001,516,584 | ---- | M] (Cisco Systems, Inc.) -- C:\Program Files\JHSecure\VPN Client\cvpnd.exe
    PRC - [2004/08/25 12:26:46 | 000,442,368 | ---- | M] (FinePrint Software, LLC) -- C:\Windows\System32\spool\drivers\w32x86\3\fpdisp5a.exe


    ========== Modules (SafeList) ==========

    MOD - [2011/03/05 21:52:33 | 000,581,120 | ---- | M] (OldTimer Tools) -- C:\Users\Christian\Desktop\OTL.exe
    MOD - [2009/04/10 22:21:40 | 001,686,016 | ---- | M] (Microsoft Corporation) -- C:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.6002.18005_none_5cb72f96088b0de0\comctl32.dll


    ========== Win32 Services (SafeList) ==========

    SRV - File not found [Auto | Stopped] -- -- (NOD32krn)
    SRV - [2011/02/07 09:11:36 | 000,108,392 | ---- | M] (Symantec Corporation) [Auto | Running] -- C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe -- (ccSetMgr)
    SRV - [2011/02/07 09:11:36 | 000,108,392 | ---- | M] (Symantec Corporation) [Auto | Running] -- C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe -- (ccEvtMgr)
    SRV - [2011/02/07 09:11:34 | 001,893,728 | ---- | M] (Symantec Corporation) [Auto | Running] -- C:\Program Files\Symantec\Symantec Endpoint Protection\Smc.exe -- (SmcService)
    SRV - [2011/02/07 09:11:34 | 001,839,776 | ---- | M] (Symantec Corporation) [Auto | Running] -- C:\Program Files\Symantec\Symantec Endpoint Protection\Rtvscan.exe -- (Symantec AntiVirus)
    SRV - [2011/02/07 09:11:34 | 000,357,744 | ---- | M] (Symantec Corporation) [Disabled | Stopped] -- C:\Program Files\Symantec\Symantec Endpoint Protection\SNAC.EXE -- (SNAC)
    SRV - [2010/12/20 18:08:58 | 000,363,344 | ---- | M] (Malwarebytes Corporation) [Auto | Running] -- C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe -- (MBAMService)
    SRV - [2010/11/23 00:32:24 | 000,430,080 | ---- | M] (PowerUp Software, LLC) [Auto | Stopped] -- C:\Program Files\PowerUp Software\Pinnacle Game Profiler\pinnacle_updater.exe -- (PinnacleUpdateSvc)
    SRV - [2010/10/28 05:13:30 | 000,293,456 | ---- | M] (Logitech, Inc.) [On_Demand | Stopped] -- C:\Program Files\Common Files\Logishrd\Bluetooth\LBTServ.exe -- (LBTServ)
    SRV - [2010/10/26 21:51:26 | 000,176,128 | ---- | M] (AMD) [Auto | Running] -- C:\Windows\System32\atiesrxx.exe -- (AMD External Events Utility)
    SRV - [2010/09/07 16:05:51 | 003,093,880 | ---- | M] (Symantec Corporation) [On_Demand | Stopped] -- C:\Program Files\Symantec\LiveUpdate\LuComServer_3_3.EXE -- (LiveUpdate)
    SRV - [2009/12/31 18:59:07 | 000,320,760 | ---- | M] (Valve Corporation) [On_Demand | Stopped] -- C:\Program Files\Common Files\Steam\SteamService.exe -- (Steam Client Service)
    SRV - [2009/10/16 21:05:37 | 000,068,096 | ---- | M] () [On_Demand | Stopped] -- C:\Program Files\Common Files\Macromedia Shared\Service\Macromedia Licensing.exe -- (Macromedia Licensing Service)
    SRV - [2009/05/21 17:46:23 | 000,079,360 | ---- | M] (Creative Labs) [On_Demand | Stopped] -- C:\Program Files\Common Files\Creative Labs Shared\Service\CTAELicensing.exe -- (Creative Audio Engine Licensing Service)
    SRV - [2009/01/26 14:31:10 | 001,153,368 | ---- | M] (Safer Networking Ltd.) [Auto | Running] -- C:\Program Files\Spybot - Search & Destroy\SDWinSec.exe -- (SBSDWSCService)
    SRV - [2008/12/12 11:41:18 | 005,117,568 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- G:\Zune\ZuneNss.exe -- (ZuneNetworkSvc)
    SRV - [2008/12/12 11:41:08 | 000,243,840 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\ZuneWlanCfgSvc.exe -- (ZuneWlanCfgSvc)
    SRV - [2008/10/31 19:04:40 | 000,307,200 | ---- | M] (Creative Technology Ltd) [Auto | Running] -- C:\Program Files\Creative\Shared Files\CTAudSvc.exe -- (CTAudSvcService)
    SRV - [2008/10/13 12:16:44 | 000,554,264 | ---- | M] (Acronis) [Auto | Running] -- C:\Program Files\Common Files\Acronis\Schedule2\schedul2.exe -- (AcrSch2Svc)
    SRV - [2008/01/18 23:38:26 | 000,272,952 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
    SRV - [2007/10/29 06:49:06 | 000,734,472 | ---- | M] (Raxco Software, Inc.) [On_Demand | Running] -- e:\Program Files\Raxco\PerfectDisk\PDEngine.exe -- (PDEngine)
    SRV - [2007/10/29 06:48:58 | 000,414,984 | ---- | M] (Raxco Software, Inc.) [Auto | Running] -- e:\Program Files\Raxco\PerfectDisk\PDAgent.exe -- (PDAgent)
    SRV - [2007/04/03 16:18:08 | 001,516,584 | ---- | M] (Cisco Systems, Inc.) [Auto | Running] -- C:\Program Files\JHSecure\VPN Client\cvpnd.exe -- (CVPND)
    SRV - [2007/02/22 18:53:16 | 002,217,416 | ---- | M] () [Auto | Stopped] -- C:\Program Files\Common Files\Acronis\Acronis Disk Director\oss_reinstall_svc.exe -- (AcronisOSSReinstallSvc)
    SRV - [2006/10/09 21:11:08 | 000,724,992 | ---- | M] (Nero AG) [On_Demand | Stopped] -- E:\Nero 7\Nero BackItUp\NBService.exe -- (NBService)


    ========== Driver Services (SafeList) ==========

    DRV - [2011/03/03 23:25:08 | 000,125,488 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\SYMEVENT.SYS -- (SymEvent)
    DRV - [2011/02/15 04:00:00 | 001,360,760 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\ProgramData\Symantec\Definitions\VirusDefs\20110305.002\NAVEX15.SYS -- (NAVEX15)
    DRV - [2011/02/15 04:00:00 | 000,086,008 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\ProgramData\Symantec\Definitions\VirusDefs\20110305.002\NAVENG.SYS -- (NAVENG)
    DRV - [2011/02/07 09:11:38 | 000,043,888 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Windows\System32\drivers\WPSDRVnt.sys -- (WPS)
    DRV - [2011/02/07 09:11:36 | 000,320,944 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\srtspl.sys -- (SRTSPL)
    DRV - [2011/02/07 09:11:36 | 000,284,720 | ---- | M] (Symantec Corporation) [File_System | System | Running] -- C:\Windows\System32\drivers\srtsp.sys -- (SRTSP)
    DRV - [2011/02/07 09:11:36 | 000,099,696 | ---- | M] (Symantec Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\SYSTEM32\Drivers\SysPlant.sys -- (SysPlant)
    DRV - [2011/02/07 09:11:36 | 000,067,472 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\Teefer2.sys -- (Teefer2)
    DRV - [2011/02/07 09:11:36 | 000,043,696 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Windows\System32\drivers\srtspx.sys -- (SRTSPX)
    DRV - [2011/02/07 09:11:32 | 000,421,424 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCDrv.sys -- (SPBBCDrv)
    DRV - [2011/02/07 09:11:32 | 000,188,080 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Windows\System32\Drivers\SYMTDI.SYS -- (SYMTDI)
    DRV - [2011/02/07 09:11:32 | 000,026,416 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\Drivers\SYMREDRV.SYS -- (SYMREDRV)
    DRV - [2011/02/07 09:11:32 | 000,023,888 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\COH_Mon.sys -- (COH_Mon)
    DRV - [2010/12/20 18:08:40 | 000,020,952 | ---- | M] (Malwarebytes Corporation) [File_System | On_Demand | Running] -- C:\Windows\System32\drivers\mbam.sys -- (MBAMProtector)
    DRV - [2010/10/26 22:59:14 | 006,573,568 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\atikmdag.sys -- (atikmdag)
    DRV - [2010/10/26 22:59:14 | 006,573,568 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\atikmdag.sys -- (amdkmdag)
    DRV - [2010/10/26 21:14:02 | 000,229,888 | ---- | M] (Advanced Micro Devices, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\atikmpag.sys -- (amdkmdap)
    DRV - [2010/10/18 01:00:00 | 000,371,248 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Program Files\Common Files\Symantec Shared\EENGINE\eeCtrl.sys -- (eeCtrl)
    DRV - [2010/10/18 01:00:00 | 000,102,448 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\Program Files\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys -- (EraserUtilRebootDrv)
    DRV - [2010/09/24 07:46:12 | 000,099,856 | ---- | M] (ATI Technologies, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\AtihdLH3.sys -- (AtiHDAudioService)
    DRV - [2010/09/10 22:32:20 | 000,167,936 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\wpshelper.sys -- (WpsHelper)
    DRV - [2010/08/24 12:31:02 | 000,037,328 | ---- | M] (Logitech, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\LMouFilt.Sys -- (LMouFilt)
    DRV - [2010/08/24 12:30:52 | 000,038,864 | ---- | M] (Logitech, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\LHidFilt.Sys -- (LHidFilt)
    DRV - [2010/06/21 00:15:35 | 000,691,696 | ---- | M] () [Kernel | Boot | Running] -- C:\Windows\System32\Drivers\sptd.sys -- (sptd)
    DRV - [2010/05/06 04:21:36 | 000,105,488 | ---- | M] (ATI Technologies, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\AtiHdmi.sys -- (AtiHdmiService)
    DRV - [2009/11/10 06:55:32 | 000,028,560 | ---- | M] (Logitech, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\LUsbFilt.sys -- (LUsbFilt)
    DRV - [2009/06/25 08:50:56 | 000,030,880 | ---- | M] (Intel Corporation ) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\iqvw32.sys -- (NAL)
    DRV - [2009/04/10 20:42:54 | 000,031,616 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\winusb.sys -- (WinUSB)
    DRV - [2008/12/04 22:55:40 | 000,217,728 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\e1e6032.sys -- (e1express) Intel(R)
    DRV - [2008/11/21 00:37:35 | 000,971,232 | ---- | M] (Acronis) [Kernel | Boot | Running] -- C:\Windows\system32\DRIVERS\tdrpm147.sys -- (tdrpman147) Acronis Try&Decide and Restore Points filter (build 147)
    DRV - [2008/11/21 00:37:26 | 000,540,000 | ---- | M] (Acronis) [Kernel | Boot | Running] -- C:\Windows\system32\DRIVERS\timntr.sys -- (timounter)
    DRV - [2008/11/21 00:37:26 | 000,044,704 | ---- | M] (Acronis) [File_System | Auto | Running] -- C:\Windows\System32\drivers\tifsfilt.sys -- (tifsfilter)
    DRV - [2008/11/21 00:37:16 | 000,134,272 | ---- | M] (Acronis) [Kernel | Boot | Running] -- C:\Windows\system32\DRIVERS\snman380.sys -- (snapman380) Acronis Snapshots Manager (Build 380)
    DRV - [2008/10/08 00:22:04 | 001,177,624 | ---- | M] (Creative Technology Ltd) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\ha20x2k.sys -- (ha20x2k)
    DRV - [2008/10/08 00:22:02 | 000,095,768 | ---- | M] (Creative Technology Ltd) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\emupia2k.sys -- (emupia)
    DRV - [2008/10/08 00:22:00 | 000,158,744 | ---- | M] (Creative Technology Ltd) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\ctsfm2k.sys -- (ctsfm2k)
    DRV - [2008/10/08 00:21:58 | 000,014,360 | ---- | M] (Creative Technology Ltd) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\ctprxy2k.sys -- (ctprxy2k)
    DRV - [2008/10/08 00:21:56 | 000,130,072 | ---- | M] (Creative Technology Ltd.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\ctoss2k.sys -- (ossrv)
    DRV - [2008/10/08 00:21:54 | 000,347,080 | ---- | M] (Creative Technology Ltd) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\ctdvda2k.sys -- (ctdvda2k)
    DRV - [2008/10/08 00:21:50 | 000,526,232 | ---- | M] (Creative Technology Ltd) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\ctaud2k.sys -- (ctaud2k) Creative Audio Driver (WDM)
    DRV - [2008/10/08 00:21:46 | 000,511,000 | ---- | M] (Creative Technology Ltd) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\ctac32k.sys -- (ctac32k)
    DRV - [2008/10/08 00:21:44 | 001,324,056 | ---- | M] (Creative Technology Ltd.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\CTEXFIFX.SYS -- (CTEXFIFX.SYS)
    DRV - [2008/10/08 00:21:44 | 001,324,056 | ---- | M] (Creative Technology Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\CTEXFIFX.sys -- (CTEXFIFX)
    DRV - [2008/10/08 00:21:40 | 000,072,728 | ---- | M] (Creative Technology Ltd.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\CTHWIUT.SYS -- (CTHWIUT.SYS)
    DRV - [2008/10/08 00:21:40 | 000,072,728 | ---- | M] (Creative Technology Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\CTHWIUT.sys -- (CTHWIUT)
    DRV - [2008/10/08 00:21:38 | 000,171,032 | ---- | M] (Creative Technology Ltd.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\CT20XUT.SYS -- (CT20XUT.SYS)
    DRV - [2008/10/08 00:21:38 | 000,171,032 | ---- | M] (Creative Technology Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\CT20XUT.sys -- (CT20XUT)
    DRV - [2008/07/03 08:31:06 | 000,013,922 | ---- | M] (Intel Corporation) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\EBIOS32.SYS -- (EBIOS32)
    DRV - [2007/10/22 06:33:40 | 000,068,624 | ---- | M] (Raxco Software, Inc.) [File_System | Boot | Running] -- C:\Windows\System32\drivers\DefragFs.sys -- (DefragFS)
    DRV - [2007/10/05 09:19:26 | 000,035,200 | ---- | M] (Saitek) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\SaiBus.sys -- (SaiNtBus)
    DRV - [2007/10/05 09:19:26 | 000,014,080 | ---- | M] (Saitek) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\SaiMini.sys -- (SaiMini)
    DRV - [2007/09/27 14:46:12 | 000,048,896 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\JmtFltr.sys -- (JmtFltr)
    DRV - [2007/09/19 17:01:06 | 000,012,672 | ---- | M] (Windows (R) Codename Longhorn DDK provider) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\vhidmini.sys -- (vhidmini)
    DRV - [2007/08/01 17:25:06 | 000,128,144 | ---- | M] (Deterministic Networks, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\dne2000.sys -- (DNE)
    DRV - [2007/04/03 16:17:08 | 000,306,295 | ---- | M] (Cisco Systems, Inc.) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\CVPNDRVA.sys -- (CVPNDRVA)
    DRV - [2007/01/18 14:28:02 | 000,005,275 | ---- | M] (Cisco Systems, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\CVirtA.sys -- (CVirtA)
    DRV - [2005/12/22 03:23:26 | 000,014,592 | ---- | M] (Motorola) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\USBICP.sys -- (uisp)
    DRV - [1996/04/03 14:33:26 | 000,005,248 | ---- | M] () [Kernel | Boot | Running] -- C:\Windows\system32\giveio.sys -- (giveio)


    ========== Standard Registry (SafeList) ==========


    ========== Internet Explorer ==========



    IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

    IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0



    IE - HKU\S-1-5-21-4167628224-1300899903-4152363779-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://yahoo.com/
    IE - HKU\S-1-5-21-4167628224-1300899903-4152363779-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = en-us
    IE - HKU\S-1-5-21-4167628224-1300899903-4152363779-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = CE CD B8 F7 42 DA CB 01 [binary data]
    IE - HKU\S-1-5-21-4167628224-1300899903-4152363779-1000\SOFTWARE\Microsoft\Internet Explorer\Main,StartPageCache = 1
    IE - HKU\S-1-5-21-4167628224-1300899903-4152363779-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

    ========== FireFox ==========

    FF - prefs.js..extensions.enabledItems: {88c7f2aa-f93f-432c-8f0e-b7d85967a527}:3.2.5.2
    FF - prefs.js..extensions.enabledItems: engine@conduit.com:3.2.5.2
    FF - prefs.js..extensions.enabledItems: iaplayer@instantaction.com:0.4.1.1

    FF - HKLM\software\mozilla\Firefox\Extensions\\{3f963a5b-e555-4543-90e2-c3908898db71}: E:\AVG\AVG10\Firefox\
    FF - HKLM\software\mozilla\Mozilla Firefox 3.0.19\extensions\\Components: E:\Program Files\Mozilla Firefox\components [2010/10/22 06:58:38 | 000,000,000 | ---D | M]
    FF - HKLM\software\mozilla\Mozilla Firefox 3.0.19\extensions\\Plugins: E:\Program Files\Mozilla Firefox\plugins [2011/03/03 03:18:59 | 000,000,000 | ---D | M]

    [2008/11/22 03:13:38 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Christian\AppData\Roaming\Mozilla\Extensions
    [2011/03/02 17:23:31 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Christian\AppData\Roaming\Mozilla\Firefox\Profiles\9vb1f7xa.default\extensions
    [2009/10/16 21:32:59 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Users\Christian\AppData\Roaming\Mozilla\Firefox\Profiles\9vb1f7xa.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}
    [2011/02/08 17:45:35 | 000,000,000 | ---D | M] (BitTorrentBar Community Toolbar) -- C:\Users\Christian\AppData\Roaming\Mozilla\Firefox\Profiles\9vb1f7xa.default\extensions\{88c7f2aa-f93f-432c-8f0e-b7d85967a527}
    [2011/02/08 17:45:35 | 000,000,000 | ---D | M] (Conduit Engine) -- C:\Users\Christian\AppData\Roaming\Mozilla\Firefox\Profiles\9vb1f7xa.default\extensions\engine@conduit.com
    [2009/09/17 17:18:18 | 000,000,000 | ---D | M] (InstantAction.com Game Launcher) -- C:\Users\Christian\AppData\Roaming\Mozilla\Firefox\Profiles\9vb1f7xa.default\extensions\iaplayer@instantaction.com

    O1 HOSTS File: ([2011/03/05 19:32:31 | 000,000,027 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts
    O1 - Hosts: 127.0.0.1 localhost
    O2 - BHO: (Spybot-S&D IE Protection) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
    O2 - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll (Sun Microsystems, Inc.)
    O3 - HKU\S-1-5-21-4167628224-1300899903-4152363779-1000\..\Toolbar\WebBrowser: (no name) - {C55BBCD6-41AD-48AD-9953-3609C48EACC7} - No CLSID value found.
    O4 - HKLM..\Run: [Acronis Scheduler2 Service] C:\Program Files\Common Files\Acronis\Schedule2\schedhlp.exe (Acronis)
    O4 - HKLM..\Run: [AcronisTimounterMonitor] E:\Program Files\Acronis\TrueImageHome\TimounterMonitor.exe (Acronis)
    O4 - HKLM..\Run: [BrStsWnd] C:\Program Files\Brownie\BrstsWnd.exe (brother)
    O4 - HKLM..\Run: [ccApp] C:\Program Files\Common Files\Symantec Shared\ccApp.exe (Symantec Corporation)
    O4 - HKLM..\Run: [CTxfiHlp] C:\Windows\System32\Ctxfihlp.exe (Creative Technology Ltd)
    O4 - HKLM..\Run: [EvtMgr6] C:\Program Files\Logitech\SetPointP\SetPoint.exe (Logitech, Inc.)
    O4 - HKLM..\Run: [FinePrint Dispatcher v5] C:\Windows\System32\spool\drivers\w32x86\3\fpdisp5a.exe (FinePrint Software, LLC)
    O4 - HKLM..\Run: [Jomantha] C:\Program Files\n52te\n52teHid.exe (Razer USA Ltd.)
    O4 - HKLM..\Run: [Malwarebytes' Anti-Malware] C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe (Malwarebytes Corporation)
    O4 - HKLM..\Run: [NeroFilterCheck] C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe (Nero AG)
    O4 - HKLM..\Run: [pdfFactory Pro Dispatcher v3] C:\Windows\System32\spool\DRIVERS\W32X86\3\fppdis3a.exe (FinePrint Software, LLC)
    O4 - HKLM..\Run: [StartCCC] C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe (Advanced Micro Devices, Inc.)
    O4 - HKLM..\Run: [TrkMonitor] C:\Program Files\Canon Electronics\DR1210C\TrkMonitor.exe (Canon Electronics Inc.)
    O4 - HKLM..\Run: [TrueImageMonitor.exe] E:\Program Files\Acronis\TrueImageHome\TrueImageMonitor.exe (Acronis)
    O4 - HKLM..\Run: [Zune Launcher] G:\Zune\ZuneLauncher.exe (Microsoft Corporation)
    O4 - HKU\.DEFAULT..\Run: [CtxfiReg] C:\Windows\System32\CTxfiReg.exe (Creative Technology Ltd)
    O4 - HKU\S-1-5-18..\Run: [CtxfiReg] C:\Windows\System32\CTxfiReg.exe (Creative Technology Ltd)
    O4 - HKU\S-1-5-21-4167628224-1300899903-4152363779-1000..\Run: [DAEMON Tools Lite] C:\Program Files\DAEMON Tools Lite\DTLite.exe (DT Soft Ltd)
    O4 - Startup: C:\Users\Christian\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Adobe Gamma.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe (Adobe Systems, Inc.)
    O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
    O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 0
    O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
    O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLUA = 0
    O7 - HKU\.DEFAULT\Software\Policies\Microsoft\Internet Explorer\Control Panel present
    O7 - HKU\S-1-5-18\Software\Policies\Microsoft\Internet Explorer\Control Panel present
    O7 - HKU\S-1-5-19\Software\Policies\Microsoft\Internet Explorer\Control Panel present
    O7 - HKU\S-1-5-20\Software\Policies\Microsoft\Internet Explorer\Control Panel present
    O7 - HKU\S-1-5-21-4167628224-1300899903-4152363779-1000\Software\Policies\Microsoft\Internet Explorer\Control Panel present
    O7 - HKU\S-1-5-21-4167628224-1300899903-4152363779-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
    O8 - Extra context menu item: E&xport to Microsoft Excel - D:\Microsoft Office\Office12\EXCEL.EXE (Microsoft Corporation)
    O9 - Extra Button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - D:\Microsoft Office\Office12\REFIEBAR.DLL (Microsoft Corporation)
    O9 - Extra 'Tools' menuitem : Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
    O16 - DPF: {02BF25D5-8C17-4B23-BC80-D3488ABDDC6B} http://appldnld.apple.com.edgesuite.net/content.info.apple.com/QuickTime/qtactivex/qtplugin.cab (QuickTime Plugin Control)
    O16 - DPF: {233C1507-6A77-46A4-9443-F871F945D258} http://download.macromedia.com/pub/shockwave/cabs/director/sw.cab (Shockwave ActiveX Control)
    O16 - DPF: {283A7932-A386-496A-9AB0-E8DBFACFF1E5} http://ondisk.co.kr/setup/OnDiskWebControl.cab (OnDisk File Control)
    O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_11-windows-i586.cab (Java Plug-in 1.6.0_11)
    O16 - DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} http://fpdownload.macromedia.com/get/flashplayer/current/polarbear/ultrashim.cab (Reg Error: Key error.)
    O16 - DPF: {CAFEEFAC-0016-0000-0011-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_11-windows-i586.cab (Java Plug-in 1.6.0_11)
    O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_11-windows-i586.cab (Java Plug-in 1.6.0_11)
    O16 - DPF: {CEAF43B1-E8C1-426D-A63C-92C71212E6E5} http://touch.imbc.com/ActiveX/iMBCOnlineService.cab (PlayerCue Control)
    O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab (Reg Error: Key error.)
    O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 68.87.73.246 68.87.71.230
    O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
    O24 - Desktop WallPaper: C:\Users\Christian\AppData\Roaming\Microsoft\Windows Photo Gallery\Windows Photo Gallery Wallpaper.jpg
    O24 - Desktop BackupWallPaper: C:\Users\Christian\AppData\Roaming\Microsoft\Windows Photo Gallery\Windows Photo Gallery Wallpaper.jpg
    O28 - HKLM ShellExecuteHooks: {AEB6717E-7E19-11d0-97EE-00C04FD91972} - Reg Error: Key error. File not found
    O32 - HKLM CDRom: AutoRun - 1
    O32 - AutoRun File - [2006/09/18 16:43:36 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
    O34 - HKLM BootExecute: (PDBoot.exe) - C:\Windows\System32\PDBoot.exe (Raxco Software, Inc.)
    O34 - HKLM BootExecute: (autocheck autochk *) - File not found
    O34 - HKLM BootExecute: (C:\PROGRA~1\AVG\AVG10\avgchsvx.exe /sync) - File not found
    O34 - HKLM BootExecute: (C:\PROGRA~1\AVG\AVG10\avgrsx.exe /sync /restart) - File not found
    O35 - HKLM\..comfile [open] -- "%1" %*
    O35 - HKLM\..exefile [open] -- "%1" %*
    O37 - HKLM\...com [@ = ComFile] -- "%1" %*
    O37 - HKLM\...exe [@ = exefile] -- "%1" %*

    NetSvcs: FastUserSwitchingCompatibility - File not found
    NetSvcs: Ias - File not found
    NetSvcs: Nla - File not found
    NetSvcs: Ntmssvc - File not found
    NetSvcs: NWCWorkstation - File not found
    NetSvcs: Nwsapagent - File not found
    NetSvcs: SRService - File not found
    NetSvcs: WmdmPmSp - File not found
    NetSvcs: LogonHours - File not found
    NetSvcs: PCAudit - File not found
    NetSvcs: helpsvc - File not found
    NetSvcs: uploadmgr - File not found

    Drivers32: msacm.l3acm - C:\Windows\System32\l3codeca.acm (Fraunhofer Institut Integrierte Schaltungen IIS)
    Drivers32: MSVideo8 - C:\Windows\System32\vfwwdm32.dll (Microsoft Corporation)
    Drivers32: vidc.3IV2 - C:\Windows\System32\3ivxVfWCodec.dll (3ivx Technologies Pty. Ltd.)
    Drivers32: vidc.cvid - C:\Windows\System32\iccvid.dll (Radius Inc.)
    Drivers32: VIDC.FPS1 - C:\Windows\System32\frapsvid.dll (Beepa P/L)

    CREATERESTOREPOINT
    Restore point Set: OTL Restore Point

    ========== Files/Folders - Created Within 30 Days ==========

    [2011/03/05 21:52:32 | 000,581,120 | ---- | C] (OldTimer Tools) -- C:\Users\Christian\Desktop\OTL.exe
    [2011/03/05 19:37:21 | 000,000,000 | ---D | C] -- C:\Windows\temp
    [2011/03/05 19:32:48 | 000,000,000 | -HSD | C] -- C:\$RECYCLE.BIN
    [2011/03/05 19:30:06 | 000,000,000 | ---D | C] -- C:\Users\Christian\AppData\Local\temp
    [2011/03/05 19:24:30 | 000,000,000 | ---D | C] -- C:\ComboFix
    [2011/03/05 19:24:13 | 000,212,480 | ---- | C] (SteelWerX) -- C:\Windows\SWXCACLS.exe
    [2011/03/05 00:47:55 | 000,161,792 | ---- | C] (SteelWerX) -- C:\Windows\SWREG.exe
    [2011/03/05 00:47:55 | 000,136,704 | ---- | C] (SteelWerX) -- C:\Windows\SWSC.exe
    [2011/03/05 00:47:55 | 000,031,232 | ---- | C] (NirSoft) -- C:\Windows\NIRCMD.exe
    [2011/03/05 00:47:52 | 000,000,000 | ---D | C] -- C:\Windows\ERDNT
    [2011/03/05 00:47:38 | 000,000,000 | ---D | C] -- C:\Qoobox
    [2011/03/04 03:07:26 | 000,000,000 | ---D | C] -- C:\ProgramData\MFAData
    [2011/03/04 00:26:45 | 000,167,936 | ---- | C] (Symantec Corporation) -- C:\Windows\System32\drivers\wpshelper.sys
    [2011/03/03 23:34:23 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\AhnLab
    [2011/03/03 23:33:52 | 000,000,000 | ---D | C] -- C:\ProgramData\AhnLab
    [2011/03/03 23:25:11 | 000,357,744 | ---- | C] (Symantec Corporation) -- C:\Windows\System32\Sysfer.dll
    [2011/03/03 23:25:11 | 000,099,696 | ---- | C] (Symantec Corporation) -- C:\Windows\System32\drivers\SysPlant.sys
    [2011/03/03 23:24:57 | 000,125,488 | ---- | C] (Symantec Corporation) -- C:\Windows\System32\drivers\SYMEVENT.SYS
    [2011/03/03 23:24:29 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Symantec Endpoint Protection
    [2011/03/03 21:26:32 | 000,000,000 | ---D | C] -- C:\Users\Christian\AppData\Local\Threat Expert
    [2011/03/03 21:03:39 | 000,000,000 | ---D | C] -- C:\Program Files\PC Tools Security
    [2011/03/03 21:03:39 | 000,000,000 | ---D | C] -- C:\Users\Christian\AppData\Roaming\PC Tools
    [2011/03/03 21:03:39 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\PC Tools
    [2011/03/03 21:02:15 | 000,000,000 | ---D | C] -- C:\ProgramData\PC Tools
    [2011/03/03 18:37:21 | 000,000,000 | ---D | C] -- C:\ProgramData\Hitman Pro
    [2011/03/03 18:18:24 | 000,000,000 | ---D | C] -- C:\ProgramData\NortonInstaller
    [2011/03/03 18:18:20 | 000,000,000 | ---D | C] -- C:\Users\Christian\Documents\Symantec
    [2011/03/03 18:16:41 | 000,000,000 | ---D | C] -- C:\ProgramData\Norton
    [2011/03/03 03:06:16 | 000,000,000 | -H-D | C] -- C:\ProgramData\{7F66490B-6C2B-46B6-8BA2-867BC3B4F5EB}
    [2011/03/03 03:05:38 | 000,000,000 | ---D | C] -- C:\ProgramData\Lavasoft
    [2011/03/03 03:05:38 | 000,000,000 | ---D | C] -- C:\Program Files\Lavasoft
    [2011/03/03 02:55:17 | 000,000,000 | ---D | C] -- C:\Program Files\Trend Micro
    [2011/03/03 00:29:50 | 000,000,000 | ---D | C] -- C:\Windows\System32\appmgmt
    [2011/03/01 18:23:18 | 000,000,000 | ---D | C] -- C:\Windows\Minidump
    [2011/02/26 20:29:28 | 000,000,000 | ---D | C] -- C:\Users\Christian\Documents\Fender
    [2011/02/26 20:29:21 | 000,000,000 | ---D | C] -- C:\Users\Christian\AppData\Roaming\Fender
    [2011/02/26 20:27:56 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Fender FUSE
    [2011/02/26 20:27:02 | 000,000,000 | ---D | C] -- C:\Program Files\Fender
    [2011/02/19 20:24:03 | 000,000,000 | ---D | C] -- C:\ProgramData\Hewlett-Packard
    [2011/02/19 20:20:53 | 000,000,000 | ---D | C] -- C:\ProgramData\HP
    [2011/02/19 20:15:47 | 000,000,000 | ---D | C] -- C:\HP_P2050_full_solution_v6.1_AM-EMEA
    [2011/02/08 17:45:31 | 000,000,000 | ---D | C] -- C:\Program Files\BitTorrent
    [2011/02/07 09:11:38 | 000,107,888 | ---- | C] (Symantec Corporation) -- C:\Windows\System32\SymVPN.dll
    [2011/02/07 09:11:38 | 000,087,408 | ---- | C] (Symantec Corporation) -- C:\Windows\System32\FwsVpn.dll
    [2011/02/07 09:11:38 | 000,043,888 | ---- | C] (Symantec Corporation) -- C:\Windows\System32\drivers\WPSDRVnt.sys
    [2011/02/07 09:11:36 | 000,320,944 | ---- | C] (Symantec Corporation) -- C:\Windows\System32\drivers\srtspl.sys
    [2011/02/07 09:11:36 | 000,284,720 | ---- | C] (Symantec Corporation) -- C:\Windows\System32\drivers\srtsp.sys
    [2011/02/07 09:11:36 | 000,067,472 | ---- | C] (Symantec Corporation) -- C:\Windows\System32\drivers\Teefer2.sys
    [2011/02/07 09:11:36 | 000,043,696 | ---- | C] (Symantec Corporation) -- C:\Windows\System32\drivers\srtspx.sys
    [2011/02/07 09:11:32 | 000,188,080 | ---- | C] (Symantec Corporation) -- C:\Windows\System32\drivers\symtdi.sys
    [2011/02/07 09:11:32 | 000,145,968 | ---- | C] (Symantec Corporation) -- C:\Windows\System32\drivers\symfw.sys
    [2011/02/07 09:11:32 | 000,039,856 | ---- | C] (Symantec Corporation) -- C:\Windows\System32\drivers\symids.sys
    [2011/02/07 09:11:32 | 000,038,448 | ---- | C] (Symantec Corporation) -- C:\Windows\System32\drivers\symndisv.sys
    [2011/02/07 09:11:32 | 000,026,416 | ---- | C] (Symantec Corporation) -- C:\Windows\System32\drivers\symredrv.sys
    [2011/02/07 09:11:32 | 000,023,888 | ---- | C] (Symantec Corporation) -- C:\Windows\System32\drivers\COH_Mon.sys
    [2011/02/07 09:11:32 | 000,012,720 | ---- | C] (Symantec Corporation) -- C:\Windows\System32\drivers\symdns.sys
    [2011/02/04 02:05:24 | 000,000,000 | ---D | C] -- C:\Users\Christian\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Fraps
    [2008/10/07 22:42:42 | 000,060,928 | ---- | C] ( ) -- C:\Windows\System32\a3d.dll
    [2008/10/07 22:23:46 | 000,012,800 | ---- | C] ( ) -- C:\Windows\System32\killapps.exe

    ========== Files - Modified Within 30 Days ==========

    [2017/02/25 12:37:16 | 000,535,537 | ---- | M] () -- C:\Users\Christian\Desktop\SV101988.JPG
    [2011/03/05 21:52:33 | 000,581,120 | ---- | M] (OldTimer Tools) -- C:\Users\Christian\Desktop\OTL.exe
    [2011/03/05 21:40:32 | 000,003,552 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
    [2011/03/05 21:40:32 | 000,003,552 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
    [2011/03/05 19:45:59 | 000,598,350 | ---- | M] () -- C:\Windows\System32\perfh009.dat
    [2011/03/05 19:45:59 | 000,101,988 | ---- | M] () -- C:\Windows\System32\perfc009.dat
    [2011/03/05 19:40:30 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
    [2011/03/05 19:39:21 | 000,054,472 | ---- | M] () -- C:\Windows\System32\BMXStateBkp-{00000004-00000000-00000002-00001102-00000005-00211102}.rfx
    [2011/03/05 19:39:21 | 000,054,472 | ---- | M] () -- C:\Windows\System32\BMXState-{00000004-00000000-00000002-00001102-00000005-00211102}.rfx
    [2011/03/05 19:39:21 | 000,000,788 | ---- | M] () -- C:\Windows\System32\DVCState-{00000004-00000000-00000002-00001102-00000005-00211102}.rfx
    [2011/03/05 19:38:50 | 000,002,335 | ---- | M] () -- C:\Users\Christian\Desktop\Excel.lnk
    [2011/03/05 19:38:35 | 000,002,373 | ---- | M] () -- C:\Users\Christian\Desktop\Word.lnk
    [2011/03/05 19:32:31 | 000,000,027 | ---- | M] () -- C:\Windows\System32\drivers\etc\hosts
    [2011/03/05 04:17:52 | 074,199,551 | ---- | M] () -- C:\Users\Christian\Desktop\SAVCE10.1.9CLT32.exe
    [2011/03/05 04:17:12 | 051,418,805 | ---- | M] () -- C:\Users\Christian\Desktop\savce_10.2.4000_winvista_x64.zip
    [2011/03/05 04:16:09 | 053,868,265 | ---- | M] () -- C:\Users\Christian\Desktop\savce_10.2.4000_winvista_32.zip
    [2011/03/05 00:46:31 | 004,280,620 | R--- | M] () -- C:\Users\Christian\Desktop\ComboFix.exe
    [2011/03/05 00:24:37 | 000,119,296 | ---- | M] () -- C:\Windows\System32\zlib.dll
    [2011/03/04 21:06:16 | 000,126,594 | ---- | M] () -- C:\Users\Christian\Desktop\L6.jpg
    [2011/03/04 01:57:32 | 000,365,416 | ---- | M] () -- C:\Windows\System32\FNTCACHE.DAT
    [2011/03/04 01:57:22 | 283,889,149 | ---- | M] () -- C:\Windows\System32\msvcache.dll
    [2011/03/04 01:34:24 | 000,002,577 | ---- | M] () -- C:\Windows\System32\config.nt
    [2011/03/03 23:25:08 | 000,125,488 | ---- | M] (Symantec Corporation) -- C:\Windows\System32\drivers\SYMEVENT.SYS
    [2011/03/03 23:25:08 | 000,007,456 | ---- | M] () -- C:\Windows\System32\drivers\SYMEVENT.CAT
    [2011/03/03 23:25:08 | 000,000,806 | ---- | M] () -- C:\Windows\System32\drivers\SYMEVENT.INF
    [2011/03/03 23:23:32 | 000,021,844 | ---- | M] () -- C:\Users\Christian\Documents\cc_20110303_232327.reg
    [2011/03/03 23:22:17 | 139,861,102 | ---- | M] () -- C:\Users\Christian\Desktop\setupavas32.exe
    [2011/03/03 22:14:26 | 000,000,680 | ---- | M] () -- C:\Users\Christian\AppData\Local\d3d9caps.dat
    [2011/02/23 02:45:28 | 000,000,069 | ---- | M] () -- C:\Windows\NeroDigital.ini
    [2011/02/19 20:37:11 | 000,180,736 | ---- | M] () -- C:\Users\Christian\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
    [2011/02/19 20:29:18 | 000,173,092 | ---- | M] () -- C:\Windows\hppins13.dat
    [2011/02/19 20:23:42 | 000,000,666 | ---- | M] () -- C:\Windows\hpntwksetup.ini
    [2011/02/07 09:11:38 | 000,107,888 | ---- | M] (Symantec Corporation) -- C:\Windows\System32\SymVPN.dll
    [2011/02/07 09:11:38 | 000,087,408 | ---- | M] (Symantec Corporation) -- C:\Windows\System32\FwsVpn.dll
    [2011/02/07 09:11:38 | 000,043,888 | ---- | M] (Symantec Corporation) -- C:\Windows\System32\drivers\WPSDRVnt.sys
    [2011/02/07 09:11:36 | 000,357,744 | ---- | M] (Symantec Corporation) -- C:\Windows\System32\Sysfer.dll
    [2011/02/07 09:11:36 | 000,320,944 | ---- | M] (Symantec Corporation) -- C:\Windows\System32\drivers\srtspl.sys
    [2011/02/07 09:11:36 | 000,284,720 | ---- | M] (Symantec Corporation) -- C:\Windows\System32\drivers\srtsp.sys
    [2011/02/07 09:11:36 | 000,099,696 | ---- | M] (Symantec Corporation) -- C:\Windows\System32\drivers\SysPlant.sys
    [2011/02/07 09:11:36 | 000,067,472 | ---- | M] (Symantec Corporation) -- C:\Windows\System32\drivers\Teefer2.sys
    [2011/02/07 09:11:36 | 000,043,696 | ---- | M] (Symantec Corporation) -- C:\Windows\System32\drivers\srtspx.sys
    [2011/02/07 09:11:36 | 000,007,351 | ---- | M] () -- C:\Windows\System32\drivers\srtspx.cat
    [2011/02/07 09:11:36 | 000,007,351 | ---- | M] () -- C:\Windows\System32\drivers\srtspl.cat
    [2011/02/07 09:11:36 | 000,007,347 | ---- | M] () -- C:\Windows\System32\drivers\srtsp.cat
    [2011/02/07 09:11:36 | 000,001,430 | ---- | M] () -- C:\Windows\System32\drivers\srtspl.inf
    [2011/02/07 09:11:36 | 000,001,421 | ---- | M] () -- C:\Windows\System32\drivers\srtspx.inf
    [2011/02/07 09:11:36 | 000,001,415 | ---- | M] () -- C:\Windows\System32\drivers\srtsp.inf
    [2011/02/07 09:11:32 | 000,188,080 | ---- | M] (Symantec Corporation) -- C:\Windows\System32\drivers\symtdi.sys
    [2011/02/07 09:11:32 | 000,145,968 | ---- | M] (Symantec Corporation) -- C:\Windows\System32\drivers\symfw.sys
    [2011/02/07 09:11:32 | 000,039,856 | ---- | M] (Symantec Corporation) -- C:\Windows\System32\drivers\symids.sys
    [2011/02/07 09:11:32 | 000,038,448 | ---- | M] (Symantec Corporation) -- C:\Windows\System32\drivers\symndisv.sys
    [2011/02/07 09:11:32 | 000,026,416 | ---- | M] (Symantec Corporation) -- C:\Windows\System32\drivers\symredrv.sys
    [2011/02/07 09:11:32 | 000,023,888 | ---- | M] (Symantec Corporation) -- C:\Windows\System32\drivers\COH_Mon.sys
    [2011/02/07 09:11:32 | 000,012,720 | ---- | M] (Symantec Corporation) -- C:\Windows\System32\drivers\symdns.sys
    [2011/02/07 09:11:32 | 000,010,537 | ---- | M] () -- C:\Windows\System32\drivers\coh_mon.cat
    [2011/02/07 09:11:32 | 000,009,892 | ---- | M] () -- C:\Windows\System32\drivers\SymRedir.cat
    [2011/02/07 09:11:32 | 000,001,356 | ---- | M] () -- C:\Windows\System32\drivers\SymRedir.inf
    [2011/02/07 09:11:32 | 000,000,706 | ---- | M] () -- C:\Windows\System32\drivers\COH_Mon.inf
  16. ChriskK

    ChriskK Newcomer, in training Topic Starter Posts: 18

    OTL Part 2

    ========== Files Created - No Company Name ==========

    [2011/03/05 19:24:04 | 004,280,620 | R--- | C] () -- C:\Users\Christian\Desktop\ComboFix.exe
    [2011/03/05 04:17:52 | 074,199,551 | ---- | C] () -- C:\Users\Christian\Desktop\SAVCE10.1.9CLT32.exe
    [2011/03/05 04:17:12 | 051,418,805 | ---- | C] () -- C:\Users\Christian\Desktop\savce_10.2.4000_winvista_x64.zip
    [2011/03/05 04:16:09 | 053,868,265 | ---- | C] () -- C:\Users\Christian\Desktop\savce_10.2.4000_winvista_32.zip
    [2011/03/05 00:47:55 | 000,256,512 | ---- | C] () -- C:\Windows\PEV.exe
    [2011/03/05 00:47:55 | 000,098,816 | ---- | C] () -- C:\Windows\sed.exe
    [2011/03/05 00:47:55 | 000,089,088 | ---- | C] () -- C:\Windows\MBR.exe
    [2011/03/05 00:47:55 | 000,080,412 | ---- | C] () -- C:\Windows\grep.exe
    [2011/03/05 00:47:55 | 000,068,096 | ---- | C] () -- C:\Windows\zip.exe
    [2011/03/04 21:06:12 | 000,126,594 | ---- | C] () -- C:\Users\Christian\Desktop\L6.jpg
    [2011/03/04 21:04:36 | 000,535,537 | ---- | C] () -- C:\Users\Christian\Desktop\SV101988.JPG
    [2011/03/03 23:24:57 | 000,007,456 | ---- | C] () -- C:\Windows\System32\drivers\SYMEVENT.CAT
    [2011/03/03 23:24:57 | 000,000,806 | ---- | C] () -- C:\Windows\System32\drivers\SYMEVENT.INF
    [2011/03/03 23:23:29 | 000,021,844 | ---- | C] () -- C:\Users\Christian\Documents\cc_20110303_232327.reg
    [2011/03/03 23:22:17 | 139,861,102 | ---- | C] () -- C:\Users\Christian\Desktop\setupavas32.exe
    [2011/02/19 20:20:58 | 000,173,092 | ---- | C] () -- C:\Windows\hppins13.dat
    [2011/02/19 20:20:58 | 000,006,760 | ---- | C] () -- C:\Windows\hppmdl13.dat
    [2011/02/19 20:15:58 | 000,000,619 | ---- | C] () -- C:\Windows\System32\hppapr13.dat
    [2011/02/07 09:11:36 | 000,007,351 | ---- | C] () -- C:\Windows\System32\drivers\srtspx.cat
    [2011/02/07 09:11:36 | 000,007,351 | ---- | C] () -- C:\Windows\System32\drivers\srtspl.cat
    [2011/02/07 09:11:36 | 000,007,347 | ---- | C] () -- C:\Windows\System32\drivers\srtsp.cat
    [2011/02/07 09:11:36 | 000,001,430 | ---- | C] () -- C:\Windows\System32\drivers\srtspl.inf
    [2011/02/07 09:11:36 | 000,001,421 | ---- | C] () -- C:\Windows\System32\drivers\srtspx.inf
    [2011/02/07 09:11:36 | 000,001,415 | ---- | C] () -- C:\Windows\System32\drivers\srtsp.inf
    [2011/02/07 09:11:32 | 000,010,537 | ---- | C] () -- C:\Windows\System32\drivers\coh_mon.cat
    [2011/02/07 09:11:32 | 000,009,892 | ---- | C] () -- C:\Windows\System32\drivers\SymRedir.cat
    [2011/02/07 09:11:32 | 000,001,356 | ---- | C] () -- C:\Windows\System32\drivers\SymRedir.inf
    [2011/02/07 09:11:32 | 000,000,706 | ---- | C] () -- C:\Windows\System32\drivers\COH_Mon.inf
    [2011/01/25 23:00:08 | 283,889,149 | ---- | C] () -- C:\Windows\System32\msvcache.dll
    [2011/01/25 05:11:28 | 003,158,016 | ---- | C] () -- C:\Windows\System32\MpSigsvr.exe
    [2011/01/25 05:05:44 | 001,094,144 | ---- | C] () -- C:\Windows\System32\Portax86.dll
    [2010/12/20 16:22:36 | 000,000,146 | ---- | C] () -- C:\Windows\ODBC.INI
    [2010/11/22 00:53:57 | 000,430,080 | ---- | C] () -- C:\Windows\System32\ZSHP1020.EXE
    [2010/10/15 01:24:03 | 000,000,069 | ---- | C] () -- C:\Windows\NeroDigital.ini
    [2010/09/22 13:27:52 | 000,223,990 | ---- | C] () -- C:\Windows\System32\atiicdxx.dat
    [2010/09/17 13:17:00 | 000,002,888 | ---- | C] () -- C:\Windows\System32\atipblag.dat
    [2010/07/24 19:35:09 | 000,000,305 | ---- | C] () -- C:\Windows\game.ini
    [2010/06/21 00:04:44 | 000,001,025 | ---- | C] () -- C:\Windows\System32\sysprs7.dll
    [2010/06/21 00:04:44 | 000,000,205 | ---- | C] () -- C:\Windows\System32\lsprst7.dll
    [2010/06/01 22:01:03 | 000,002,703 | ---- | C] () -- C:\ProgramData\LUUnInstall.LiveUpdate
    [2010/05/27 11:24:24 | 000,023,040 | ---- | C] () -- C:\Windows\System32\atitmpxx.dll
    [2010/03/20 17:27:56 | 000,000,040 | ---- | C] () -- C:\ProgramData\ra3.ini
    [2010/02/26 20:29:06 | 000,026,931 | ---- | C] () -- C:\Windows\jimglib.dll
    [2010/01/09 22:33:09 | 000,000,026 | ---- | C] () -- C:\Windows\neosetup.INI
    [2009/11/06 09:58:04 | 000,178,975 | ---- | C] () -- C:\Windows\System32\xlive.dll.cat
    [2009/11/05 19:12:46 | 000,151,552 | ---- | C] () -- C:\Windows\System32\msrictoad.dll
    [2009/09/26 20:19:36 | 000,000,034 | ---- | C] () -- C:\Windows\System32\BD2170W.DAT
    [2009/09/26 20:19:10 | 000,009,853 | ---- | C] () -- C:\Windows\HL-2170W.INI
    [2009/09/26 20:19:10 | 000,000,114 | ---- | C] () -- C:\Windows\System32\brlmw03a.ini
    [2009/07/30 21:33:55 | 000,004,905 | ---- | C] () -- C:\Windows\pixcache.ini
    [2009/07/29 22:08:48 | 000,031,561 | ---- | C] () -- C:\Windows\maxlink.ini
    [2009/07/29 21:55:22 | 000,000,182 | ---- | C] () -- C:\Windows\setscan.ini
    [2009/07/27 16:44:08 | 000,000,146 | ---- | C] () -- C:\Windows\BRVIDEO.INI
    [2009/07/27 16:44:08 | 000,000,000 | ---- | C] () -- C:\Windows\brmx2001.ini
    [2009/07/27 16:44:05 | 000,000,426 | ---- | C] () -- C:\Windows\BRWMARK.INI
    [2009/07/27 16:42:44 | 000,000,245 | ---- | C] () -- C:\Windows\Brownie.ini
    [2009/07/15 01:23:35 | 000,000,666 | ---- | C] () -- C:\Windows\hpntwksetup.ini
    [2009/06/14 22:24:18 | 000,062,976 | ---- | C] () -- C:\Windows\System32\PrintBrmUi.exe
    [2009/06/14 22:24:11 | 000,117,248 | ---- | C] () -- C:\Windows\System32\EhStorAuthn.dll
    [2009/06/14 22:23:33 | 000,107,612 | ---- | C] () -- C:\Windows\System32\StructuredQuerySchema.bin
    [2009/06/14 22:23:33 | 000,018,904 | ---- | C] () -- C:\Windows\System32\StructuredQuerySchemaTrivial.bin
    [2009/05/09 22:08:43 | 000,009,846 | ---- | C] () -- C:\Windows\System32\mswintoae.dll
    [2009/04/23 07:18:13 | 000,000,011 | ---- | C] () -- C:\Windows\wanpatan.ini
    [2008/12/16 21:38:59 | 000,048,896 | ---- | C] () -- C:\Windows\System32\drivers\JmtFltr.sys
    [2008/12/14 20:46:27 | 000,022,328 | ---- | C] () -- C:\Users\Christian\AppData\Roaming\PnkBstrK.sys
    [2008/12/05 00:26:47 | 000,119,296 | ---- | C] () -- C:\Windows\System32\zlib.dll
    [2008/12/05 00:26:47 | 000,057,344 | ---- | C] () -- C:\Windows\System32\ADsSecurity.dll
    [2008/12/05 00:26:47 | 000,036,864 | ---- | C] () -- C:\Windows\System32\dxinputdll.dll
    [2008/11/24 14:15:28 | 000,000,086 | ---- | C] () -- C:\Windows\DrSaju.ini
    [2008/11/24 14:12:57 | 000,000,000 | ---- | C] () -- C:\Windows\PROTOCOL.INI
    [2008/11/22 03:13:39 | 000,000,000 | ---- | C] () -- C:\Windows\nsreg.dat
    [2008/11/22 02:08:27 | 000,180,736 | ---- | C] () -- C:\Users\Christian\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
    [2008/11/21 00:43:49 | 000,144,896 | ---- | C] () -- C:\Windows\System32\APOMngr.DLL
    [2008/11/21 00:43:49 | 000,071,168 | ---- | C] () -- C:\Windows\System32\CmdRtr.DLL
    [2008/11/20 23:43:49 | 000,000,000 | ---- | C] () -- C:\Windows\ativpsrm.bin
    [2008/11/20 22:04:15 | 000,081,158 | ---- | C] () -- C:\Windows\System32\manage-bde.ini.en
    [2008/11/20 21:51:42 | 000,000,680 | ---- | C] () -- C:\Users\Christian\AppData\Local\d3d9caps.dat
    [2008/11/20 21:45:57 | 000,021,316 | ---- | C] () -- C:\Windows\System32\emptyregdb.dat
    [2008/10/28 20:41:09 | 003,107,788 | ---- | C] () -- C:\Windows\System32\atiumdva.dat
    [2008/10/07 23:08:38 | 000,020,936 | ---- | C] () -- C:\Windows\System32\instwdm.ini
    [2008/10/07 22:41:40 | 000,002,560 | ---- | C] () -- C:\Windows\System32\CtxfiRes.dll
    [2008/10/07 22:26:38 | 000,016,384 | ---- | C] () -- C:\Windows\System32\regplib.exe
    [2008/10/07 22:23:50 | 000,007,680 | ---- | C] () -- C:\Windows\System32\enlocstr.exe
    [2008/09/12 20:22:40 | 000,000,054 | ---- | C] () -- C:\Windows\System32\ctzapxx.ini
    [2008/08/19 17:39:18 | 000,000,321 | ---- | C] () -- C:\Windows\System32\kill.ini
    [2008/07/11 15:50:28 | 000,003,072 | ---- | C] () -- C:\Windows\CTXFIRES.DLL
    [2008/07/11 15:40:54 | 000,321,512 | ---- | C] () -- C:\Windows\System32\ctdlang.dat
    [2008/07/11 15:40:54 | 000,056,509 | ---- | C] () -- C:\Windows\System32\ctdnlstr.dat
    [2008/02/19 01:33:34 | 000,446,352 | ---- | C] () -- C:\Windows\System32\OpenQuicktimeLib.dll
    [2007/04/03 16:18:26 | 000,197,672 | ---- | C] () -- C:\Windows\System32\vpnapi.dll
    [2007/03/16 17:00:00 | 000,003,403 | ---- | C] () -- C:\Windows\System32\hptcpmon.ini
    [2006/11/02 07:55:52 | 000,067,584 | --S- | C] () -- C:\Windows\bootstat.dat
    [2006/11/02 07:46:27 | 000,365,416 | ---- | C] () -- C:\Windows\System32\FNTCACHE.DAT
    [2006/11/02 07:34:20 | 000,005,632 | ---- | C] () -- C:\Windows\System32\sysprepMCE.dll
    [2006/11/02 05:33:01 | 000,598,350 | ---- | C] () -- C:\Windows\System32\perfh009.dat
    [2006/11/02 05:33:01 | 000,287,440 | ---- | C] () -- C:\Windows\System32\perfi009.dat
    [2006/11/02 05:33:01 | 000,101,988 | ---- | C] () -- C:\Windows\System32\perfc009.dat
    [2006/11/02 05:33:01 | 000,030,674 | ---- | C] () -- C:\Windows\System32\perfd009.dat
    [2006/11/02 05:23:21 | 000,215,943 | ---- | C] () -- C:\Windows\System32\dssec.dat
    [2006/11/02 03:58:30 | 000,043,131 | ---- | C] () -- C:\Windows\mib.bin
    [2006/11/02 03:19:00 | 000,000,741 | ---- | C] () -- C:\Windows\System32\NOISE.DAT
    [2006/11/02 02:40:29 | 000,013,750 | ---- | C] () -- C:\Windows\System32\pacerprf.ini
    [2006/11/02 02:25:31 | 000,673,088 | ---- | C] () -- C:\Windows\System32\mlang.dat
    [1996/04/03 14:33:26 | 000,005,248 | ---- | C] () -- C:\Windows\System32\giveio.sys

    ========== LOP Check ==========

    [2008/11/21 01:21:09 | 000,000,000 | ---D | M] -- C:\Users\Christian\AppData\Roaming\Acronis
    [2010/09/30 21:39:07 | 000,000,000 | ---D | M] -- C:\Users\Christian\AppData\Roaming\Amazon
    [2010/09/30 21:55:47 | 000,000,000 | ---D | M] -- C:\Users\Christian\AppData\Roaming\Apowersoft
    [2011/01/23 00:42:23 | 000,000,000 | ---D | M] -- C:\Users\Christian\AppData\Roaming\Atlus
    [2008/11/22 02:11:08 | 000,000,000 | ---D | M] -- C:\Users\Christian\AppData\Roaming\Binary Fortress Software
    [2011/01/01 22:05:36 | 000,000,000 | ---D | M] -- C:\Users\Christian\AppData\Roaming\Bioshock2
    [2009/07/30 21:33:55 | 000,000,000 | ---D | M] -- C:\Users\Christian\AppData\Roaming\Canon Electronics
    [2009/04/23 12:50:55 | 000,000,000 | ---D | M] -- C:\Users\Christian\AppData\Roaming\DAEMON Tools Lite
    [2011/02/26 20:29:21 | 000,000,000 | ---D | M] -- C:\Users\Christian\AppData\Roaming\Fender
    [2009/09/17 17:19:20 | 000,000,000 | ---D | M] -- C:\Users\Christian\AppData\Roaming\GarageGames
    [2010/09/30 21:33:19 | 000,000,000 | ---D | M] -- C:\Users\Christian\AppData\Roaming\GrabPro
    [2009/07/29 22:06:56 | 000,000,000 | ---D | M] -- C:\Users\Christian\AppData\Roaming\ISIS Drivers
    [2008/12/05 00:31:03 | 000,000,000 | ---D | M] -- C:\Users\Christian\AppData\Roaming\KALiNKOsoft
    [2010/06/01 21:16:33 | 000,000,000 | ---D | M] -- C:\Users\Christian\AppData\Roaming\Leadertech
    [2010/12/22 23:41:09 | 000,000,000 | ---D | M] -- C:\Users\Christian\AppData\Roaming\n52te
    [2010/09/30 21:40:21 | 000,000,000 | ---D | M] -- C:\Users\Christian\AppData\Roaming\Orbit
    [2011/01/25 22:49:17 | 000,000,000 | ---D | M] -- C:\Users\Christian\AppData\Roaming\Passware
    [2010/08/15 20:36:00 | 000,000,000 | ---D | M] -- C:\Users\Christian\AppData\Roaming\PowerUp Software
    [2010/09/30 21:33:22 | 000,000,000 | ---D | M] -- C:\Users\Christian\AppData\Roaming\ProgSense
    [2010/03/20 19:23:35 | 000,000,000 | ---D | M] -- C:\Users\Christian\AppData\Roaming\Red Alert 3
    [2010/04/23 15:54:01 | 000,000,000 | ---D | M] -- C:\Users\Christian\AppData\Roaming\Red Alert 3 Uprising
    [2009/07/29 22:09:15 | 000,000,000 | ---D | M] -- C:\Users\Christian\AppData\Roaming\ScanSoft
    [2008/11/28 00:48:03 | 000,000,000 | ---D | M] -- C:\Users\Christian\AppData\Roaming\URSoft
    [2011/03/05 19:39:18 | 000,032,656 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT

    ========== Purity Check ==========



    ========== Custom Scans ==========


    < %SYSTEMDRIVE%\*.* >
    [2011/03/03 22:07:16 | 000,003,754 | ---- | M] () -- C:\aaw7boot.log
    [2006/09/18 16:43:36 | 000,000,024 | ---- | M] () -- C:\autoexec.bat
    [2009/04/10 22:36:38 | 000,333,257 | RHS- | M] () -- C:\bootmgr
    [2008/11/21 00:36:57 | 000,008,192 | R-S- | M] () -- C:\BOOTSECT.BAK
    [2011/03/05 19:37:20 | 000,018,938 | ---- | M] () -- C:\ComboFix.txt
    [2006/09/18 16:43:37 | 000,000,010 | ---- | M] () -- C:\config.sys
    [2008/11/22 02:01:14 | 000,000,000 | RHS- | M] () -- C:\IO.SYS
    [2010/08/12 11:37:44 | 000,001,015 | R--- | M] () -- C:\logFile.xsl
    [2011/01/04 23:09:19 | 000,078,634 | ---- | M] () -- C:\M1319.log
    [2010/06/29 20:01:59 | 000,000,109 | ---- | M] () -- C:\mbam-error.txt
    [2008/11/22 02:01:14 | 000,000,000 | RHS- | M] () -- C:\MSDOS.SYS
    [2011/03/05 19:40:14 | 3800,842,240 | -HS- | M] () -- C:\pagefile.sys
    [2011/03/05 00:22:43 | 000,071,030 | ---- | M] () -- C:\TDSSKiller.2.4.20.0_05.03.2011_00.21.53_log.txt
    [2011/03/05 00:43:20 | 000,139,902 | ---- | M] () -- C:\TDSSKiller.2.4.20.0_05.03.2011_00.38.08_log.txt

    < %systemroot%\Fonts\*.com >
    [2006/11/02 07:35:26 | 000,026,040 | ---- | M] () -- C:\Windows\Fonts\GlobalMonospace.CompositeFont
    [2006/11/02 07:35:26 | 000,026,489 | ---- | M] () -- C:\Windows\Fonts\GlobalSansSerif.CompositeFont
    [2006/11/02 07:35:26 | 000,029,779 | ---- | M] () -- C:\Windows\Fonts\GlobalSerif.CompositeFont
    [2009/06/14 22:31:15 | 000,037,665 | ---- | M] () -- C:\Windows\Fonts\GlobalUserInterface.CompositeFont

    < %systemroot%\Fonts\*.dll >

    < %systemroot%\Fonts\*.ini >
    [2006/09/18 16:37:34 | 000,000,065 | ---- | M] () -- C:\Windows\Fonts\desktop.ini

    < %systemroot%\Fonts\*.ini2 >

    < %systemroot%\Fonts\*.exe >

    < %systemroot%\system32\spool\prtprocs\w32x86\*.* >
    [2010/04/15 17:33:02 | 000,281,600 | ---- | M] (Hewlett-Packard Corporation) -- C:\Windows\System32\spool\prtprocs\w32x86\hpcpp093.DLL
    [2006/10/26 19:58:12 | 000,030,512 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\spool\prtprocs\w32x86\mdippr.dll
    [2007/12/09 19:00:00 | 000,057,344 | ---- | M] (Zenographics, Inc.) -- C:\Windows\System32\spool\prtprocs\w32x86\ZIMFPRNT.DLL

    < %systemroot%\REPAIR\*.bak1 >

    < %systemroot%\REPAIR\*.ini >

    < %systemroot%\system32\*.jpg >

    < %systemroot%\*.jpg >

    < %systemroot%\*.png >

    < %systemroot%\*.scr >

    < %systemroot%\*._sy >

    < %APPDATA%\Adobe\Update\*.* >

    < %ALLUSERSPROFILE%\Favorites\*.* >

    < %APPDATA%\Microsoft\*.* >

    < %PROGRAMFILES%\*.* >
    [2008/11/20 22:51:42 | 000,000,174 | -HS- | M] () -- C:\Program Files\desktop.ini

    < %APPDATA%\Update\*.* >

    < %systemroot%\*. /mp /s >

    < %systemroot%\System32\config\*.sav >
    [2006/11/02 05:34:05 | 000,008,192 | ---- | M] () -- C:\Windows\System32\config\COMPONENTS.SAV
    [2006/11/02 05:34:05 | 000,020,480 | ---- | M] () -- C:\Windows\System32\config\DEFAULT.SAV
    [2006/11/02 05:34:05 | 000,008,192 | ---- | M] () -- C:\Windows\System32\config\SECURITY.SAV
    [2006/11/02 05:34:08 | 010,133,504 | ---- | M] () -- C:\Windows\System32\config\SOFTWARE.SAV
    [2006/11/02 05:34:08 | 001,826,816 | ---- | M] () -- C:\Windows\System32\config\SYSTEM.SAV

    < %PROGRAMFILES%\bak. /s >

    < %systemroot%\system32\bak. /s >

    < %ALLUSERSPROFILE%\Start Menu\*.lnk /x >

    < %systemroot%\system32\config\systemprofile\*.dat /x >

    < %systemroot%\*.config >

    < %systemroot%\system32\*.db >

    < %APPDATA%\Microsoft\Internet Explorer\Quick Launch\*.lnk /x >
    [2009/10/16 22:56:26 | 000,000,221 | -HS- | M] () -- C:\Users\Christian\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\desktop.ini

    < %USERPROFILE%\Desktop\*.exe >
    [2011/03/05 00:46:31 | 004,280,620 | R--- | M] () -- C:\Users\Christian\Desktop\ComboFix.exe
    [2011/03/05 21:52:33 | 000,581,120 | ---- | M] (OldTimer Tools) -- C:\Users\Christian\Desktop\OTL.exe
    [2011/03/05 04:17:52 | 074,199,551 | ---- | M] () -- C:\Users\Christian\Desktop\SAVCE10.1.9CLT32.exe
    [2011/03/03 23:22:17 | 139,861,102 | ---- | M] () -- C:\Users\Christian\Desktop\setupavas32.exe

    < %PROGRAMFILES%\Common Files\*.* >

    < %systemroot%\*.src >

    < %systemroot%\install\*.* >

    < %systemroot%\system32\DLL\*.* >

    < %systemroot%\system32\HelpFiles\*.* >

    < %systemroot%\system32\rundll\*.* >

    < %systemroot%\winn32\*.* >

    < %systemroot%\Java\*.* >

    < %systemroot%\system32\test\*.* >

    < %systemroot%\system32\Rundll32\*.* >

    < %systemroot%\AppPatch\Custom\*.* >

    < %APPDATA%\Roaming\Microsoft\Windows\Recent\*.lnk /x >

    < %PROGRAMFILES%\PC-Doctor\Downloads\*.* >

    < %PROGRAMFILES%\Internet Explorer\*.tmp >

    < %PROGRAMFILES%\Internet Explorer\*.dat >

    < %USERPROFILE%\My Documents\*.exe >

    < %USERPROFILE%\*.exe >

    < %systemroot%\ADDINS\*.* >
    [2006/11/02 07:33:56 | 000,000,802 | ---- | M] () -- C:\Windows\addins\FXSEXT.ecf

    < %systemroot%\assembly\*.bak2 >

    < %systemroot%\Config\*.* >

    < %systemroot%\REPAIR\*.bak2 >

    < %systemroot%\SECURITY\Database\*.sdb /x >

    < %systemroot%\SYSTEM\*.bak2 >

    < %systemroot%\Web\*.bak2 >

    < %systemroot%\Driver Cache\*.* >

    < %PROGRAMFILES%\Mozilla Firefox\0*.exe >

    < %ProgramFiles%\Microsoft Common\*.* >

    < %ProgramFiles%\TinyProxy. >

    < %USERPROFILE%\Favorites\*.url /x >
    [2008/11/20 21:52:15 | 000,000,402 | -HS- | M] () -- C:\Users\Christian\Favorites\desktop.ini

    < %systemroot%\system32\*.bk >

    < %systemroot%\*.te >

    < %systemroot%\system32\system32\*.* >

    < %ALLUSERSPROFILE%\*.dat /x >
    [2011/02/19 20:29:18 | 000,000,724 | ---- | M] () -- C:\ProgramData\hpzinstall.log
    [2010/06/01 22:01:04 | 000,002,703 | ---- | M] () -- C:\ProgramData\LUUnInstall.LiveUpdate
    [2010/03/20 17:27:56 | 000,000,040 | ---- | M] () -- C:\ProgramData\ra3.ini

    < %systemroot%\system32\drivers\*.rmv >

    < dir /b "%systemroot%\system32\*.exe" | find /i " " /c >

    < dir /b "%systemroot%\*.exe" | find /i " " /c >

    < %PROGRAMFILES%\Microsoft\*.* >

    < %systemroot%\System32\Wbem\proquota.exe >

    < %PROGRAMFILES%\Mozilla Firefox\*.dat >

    < %USERPROFILE%\Cookies\*.txt /x >

    < %SystemRoot%\system32\fonts\*.* >

    < %systemroot%\system32\winlog\*.* >

    < %systemroot%\system32\Language\*.* >

    < %systemroot%\system32\Settings\*.* >

    < %systemroot%\system32\*.quo >

    < %SYSTEMROOT%\AppPatch\*.exe >

    < %SYSTEMROOT%\inf\*.exe >

    < %SYSTEMROOT%\Installer\*.exe >

    < %systemroot%\system32\config\*.bak2 >

    < %systemroot%\system32\Computers\*.* >

    < %SystemRoot%\system32\Sound\*.* >

    < %SystemRoot%\system32\SpecialImg\*.* >

    < %SystemRoot%\system32\code\*.* >

    < %SystemRoot%\system32\draft\*.* >

    < %SystemRoot%\system32\MSSSys\*.* >

    < %ProgramFiles%\Javascript\*.* >

    < %systemroot%\pchealth\helpctr\System\*.exe /s >

    < %systemroot%\Web\*.exe >

    < %systemroot%\system32\msn\*.* >

    < %systemroot%\system32\*.tro >

    < %AppData%\Microsoft\Installer\msupdates\*.* >

    < %ProgramFiles%\Messenger\*.* >

    < %systemroot%\system32\systhem32\*.* >

    < %systemroot%\system\*.exe >

    < HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate\AU >

    < HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\ Auto Update\Results\Install|LastSuccessTime /rs >


    < >

    ========== Files - Unicode (All) ==========
    [2010/06/05 22:24:25 | 000,000,660 | ---- | M] ()(C:\Users\Christian\Application Data\Microsoft\Internet Explorer\Quick Launch\????.lnk) -- C:\Users\Christian\Application Data\Microsoft\Internet Explorer\Quick Launch\온디스크.lnk
    [2010/06/05 22:24:25 | 000,000,660 | ---- | C] ()(C:\Users\Christian\Application Data\Microsoft\Internet Explorer\Quick Launch\????.lnk) -- C:\Users\Christian\Application Data\Microsoft\Internet Explorer\Quick Launch\온디스크.lnk
    [2008/11/20 19:33:46 | 000,024,576 | ---- | C] ()(C:\Users\Christian\Documents\??? ??? ???? postprocess ??? ???? ???? ???.doc) -- C:\Users\Christian\Documents\게임이 설치된 폴더내에 postprocess 폴더에 압축풀어 넣으시면 됩니다.doc
    [2008/11/20 19:33:44 | 000,033,792 | ---- | C] ()(C:\Users\Christian\Documents\D975XBX2 ????? ??? ?? ???????? ?????? ?? ???? ??? ?? ?? ?????.doc) -- C:\Users\Christian\Documents\D975XBX2 전압강하가 아니라 실제 바이오스셋팅값이 바이오스내에 있는 모니터링 측정값 보다 낮게 측정됩니다.doc
    [2008/11/20 19:33:44 | 000,026,112 | ---- | C] ()(C:\Users\Christian\Documents\??? ?? ??????.doc) -- C:\Users\Christian\Documents\해결이 아닌 방지법입니다.doc
    [2008/11/20 19:33:43 | 000,026,112 | ---- | C] ()(C:\Users\Christian\Documents\???? ?? ????.doc) -- C:\Users\Christian\Documents\다운받은 스킨 적용방법.doc
    [2008/11/20 19:33:42 | 000,029,696 | ---- | C] ()(C:\Users\Christian\Documents\?? ??.doc) -- C:\Users\Christian\Documents\안경 처방.doc
    [2008/11/20 19:33:41 | 000,031,232 | ---- | C] ()(C:\Users\Christian\Documents\???? ????.doc) -- C:\Users\Christian\Documents\안드레아 부회장님.doc
    [2008/11/20 19:33:41 | 000,030,208 | ---- | C] ()(C:\Users\Christian\Documents\? ??? ??????.doc) -- C:\Users\Christian\Documents\심 기자님 안녕하십니까.doc
    [2008/11/20 19:33:41 | 000,025,088 | ---- | C] ()(C:\Users\Christian\Documents\??.doc) -- C:\Users\Christian\Documents\제주.doc
    [2008/11/20 19:33:41 | 000,000,237 | ---- | C] ()(C:\Users\Christian\Documents\xp????? ???.txt) -- C:\Users\Christian\Documents\xp프로폐셔널 시디키.txt
    [2008/11/20 19:33:40 | 000,030,208 | ---- | C] ()(C:\Users\Christian\Documents\?? ?? ???2.doc) -- C:\Users\Christian\Documents\미국 출생 증명서2.doc
    [2008/11/20 19:33:40 | 000,029,184 | ---- | C] ()(C:\Users\Christian\Documents\?? ?? ???.doc) -- C:\Users\Christian\Documents\미국 출생 증명서.doc
    [2008/11/20 19:33:40 | 000,024,064 | ---- | C] ()(C:\Users\Christian\Documents\???.doc) -- C:\Users\Christian\Documents\위임장.doc
    [2008/06/07 00:31:08 | 000,024,576 | ---- | M] ()(C:\Users\Christian\Documents\??? ??? ???? postprocess ??? ???? ???? ???.doc) -- C:\Users\Christian\Documents\게임이 설치된 폴더내에 postprocess 폴더에 압축풀어 넣으시면 됩니다.doc
    [2008/02/15 01:32:50 | 000,026,112 | ---- | M] ()(C:\Users\Christian\Documents\??? ?? ??????.doc) -- C:\Users\Christian\Documents\해결이 아닌 방지법입니다.doc
    [2008/01/22 21:34:20 | 000,033,792 | ---- | M] ()(C:\Users\Christian\Documents\D975XBX2 ????? ??? ?? ???????? ?????? ?? ???? ??? ?? ?? ?????.doc) -- C:\Users\Christian\Documents\D975XBX2 전압강하가 아니라 실제 바이오스셋팅값이 바이오스내에 있는 모니터링 측정값 보다 낮게 측정됩니다.doc
    [2007/05/07 13:08:43 | 000,026,112 | ---- | M] ()(C:\Users\Christian\Documents\???? ?? ????.doc) -- C:\Users\Christian\Documents\다운받은 스킨 적용방법.doc
    [2007/02/07 23:16:59 | 000,029,696 | ---- | M] ()(C:\Users\Christian\Documents\?? ??.doc) -- C:\Users\Christian\Documents\안경 처방.doc
    [2006/03/06 22:29:37 | 000,031,232 | ---- | M] ()(C:\Users\Christian\Documents\???? ????.doc) -- C:\Users\Christian\Documents\안드레아 부회장님.doc
    [2005/11/08 02:10:51 | 000,000,237 | ---- | M] ()(C:\Users\Christian\Documents\xp????? ???.txt) -- C:\Users\Christian\Documents\xp프로폐셔널 시디키.txt
    [2005/10/06 17:24:07 | 000,030,208 | ---- | M] ()(C:\Users\Christian\Documents\? ??? ??????.doc) -- C:\Users\Christian\Documents\심 기자님 안녕하십니까.doc
    [2005/09/17 12:59:22 | 000,025,088 | ---- | M] ()(C:\Users\Christian\Documents\??.doc) -- C:\Users\Christian\Documents\제주.doc
    [2005/05/11 20:33:06 | 000,024,064 | ---- | M] ()(C:\Users\Christian\Documents\???.doc) -- C:\Users\Christian\Documents\위임장.doc
    [2005/05/11 18:37:26 | 000,030,208 | ---- | M] ()(C:\Users\Christian\Documents\?? ?? ???2.doc) -- C:\Users\Christian\Documents\미국 출생 증명서2.doc
    [2005/05/11 18:18:41 | 000,029,184 | ---- | M] ()(C:\Users\Christian\Documents\?? ?? ???.doc) -- C:\Users\Christian\Documents\미국 출생 증명서.doc
    (C:\Users\Christian\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\???? 5.0) -- C:\Users\Christian\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\사주박사 5.0

    ========== Alternate Data Streams ==========

    @Alternate Data Stream - 68 bytes -> C:\Users\Christian\Documents\Shortcut to NHL 2005.lnk:KAVICHS
    @Alternate Data Stream - 68 bytes -> C:\Users\Christian\Documents\PASSWORDS.doc:KAVICHS
    @Alternate Data Stream - 68 bytes -> C:\Users\Christian\Documents\MyTheme.Theme:KAVICHS
    @Alternate Data Stream - 68 bytes -> C:\Users\Christian\Documents\MySylvain.Theme:KAVICHS
    @Alternate Data Stream - 68 bytes -> C:\Users\Christian\Documents\MySilver.Theme:KAVICHS
    @Alternate Data Stream - 68 bytes -> C:\Users\Christian\Documents\MyGreen.Theme:KAVICHS
    @Alternate Data Stream - 68 bytes -> C:\Users\Christian\Documents\MyBlue.Theme:KAVICHS
    @Alternate Data Stream - 68 bytes -> C:\Users\Christian\Documents\My.Theme:KAVICHS
    @Alternate Data Stream - 68 bytes -> C:\Users\Christian\Documents\My Violet.Theme:KAVICHS
    @Alternate Data Stream - 68 bytes -> C:\Users\Christian\Documents\My refrigerator stopped cooling on last Monday.doc:KAVICHS
    @Alternate Data Stream - 68 bytes -> C:\Users\Christian\Documents\My Grey.Theme:KAVICHS
    @Alternate Data Stream - 68 bytes -> C:\Users\Christian\Documents\My Grey 2.Theme:KAVICHS
    @Alternate Data Stream - 68 bytes -> C:\Users\Christian\Documents\My Favorite Theme.theme:KAVICHS
    @Alternate Data Stream - 68 bytes -> C:\Users\Christian\Documents\My BLUE222.Theme:KAVICHS
    @Alternate Data Stream - 68 bytes -> C:\Users\Christian\Documents\My Admin Theme.Theme:KAVICHS
    @Alternate Data Stream - 68 bytes -> C:\Users\Christian\Documents\LInkSYS.doc:KAVICHS
    @Alternate Data Stream - 68 bytes -> C:\Users\Christian\Documents\Home_Expense.doc.lnk:KAVICHS
    @Alternate Data Stream - 36 bytes -> C:\Users\Christian\Documents\Yahoo.doc:KAVICHS
    @Alternate Data Stream - 36 bytes -> C:\Users\Christian\Documents\XXXJRRebateEverything.pdf:KAVICHS
    @Alternate Data Stream - 36 bytes -> C:\Users\Christian\Documents\XXX.pdf:KAVICHS
    @Alternate Data Stream - 36 bytes -> C:\Users\Christian\Documents\XXX.log:KAVICHS
    @Alternate Data Stream - 36 bytes -> C:\Users\Christian\Documents\XPGAMES.doc:KAVICHS
    @Alternate Data Stream - 36 bytes -> C:\Users\Christian\Documents\XP Corp Key.doc:KAVICHS
    @Alternate Data Stream - 36 bytes -> C:\Users\Christian\Documents\WonJAE.doc:KAVICHS
    @Alternate Data Stream - 36 bytes -> C:\Users\Christian\Documents\WIRELESSNETWORK.doc:KAVICHS
    @Alternate Data Stream - 36 bytes -> C:\Users\Christian\Documents\Where can I get a license renewal application.doc:KAVICHS
    @Alternate Data Stream - 36 bytes -> C:\Users\Christian\Documents\What documents we need for processing your application.doc:KAVICHS
    @Alternate Data Stream - 36 bytes -> C:\Users\Christian\Documents\WARWICK1.doc:KAVICHS
    @Alternate Data Stream - 36 bytes -> C:\Users\Christian\Documents\Warwick.htm:KAVICHS
    @Alternate Data Stream - 36 bytes -> C:\Users\Christian\Documents\Warwick.doc:KAVICHS
    @Alternate Data Stream - 36 bytes -> C:\Users\Christian\Documents\VisitingScholar.doc:KAVICHS
    @Alternate Data Stream - 36 bytes -> C:\Users\Christian\Documents\visaapp.doc:KAVICHS
    @Alternate Data Stream - 36 bytes -> C:\Users\Christian\Documents\View Participation by Instructor (Response).htm:KAVICHS
    @Alternate Data Stream - 36 bytes -> C:\Users\Christian\Documents\USCIS' new photographic specifications.pdf:KAVICHS
    @Alternate Data Stream - 36 bytes -> C:\Users\Christian\Documents\Unlock Everything.doc:KAVICHS
    @Alternate Data Stream - 36 bytes -> C:\Users\Christian\Documents\To.doc:KAVICHS
    @Alternate Data Stream - 36 bytes -> C:\Users\Christian\Documents\To The US Consulate.doc:KAVICHS
    @Alternate Data Stream - 36 bytes -> C:\Users\Christian\Documents\To the dog owner.doc:KAVICHS
    @Alternate Data Stream - 36 bytes -> C:\Users\Christian\Documents\Therese_de_Lisieux.doc:KAVICHS
    @Alternate Data Stream - 36 bytes -> C:\Users\Christian\Documents\There.htm:KAVICHS
    @Alternate Data Stream - 36 bytes -> C:\Users\Christian\Documents\TenureClock.doc:KAVICHS
    @Alternate Data Stream - 36 bytes -> C:\Users\Christian\Documents\Tennis.xgp:KAVICHS
    @Alternate Data Stream - 36 bytes -> C:\Users\Christian\Documents\Teaching & Research Application.doc:KAVICHS
    @Alternate Data Stream - 36 bytes -> C:\Users\Christian\Documents\SUCCESSSUCCESS.doc:KAVICHS
    @Alternate Data Stream - 36 bytes -> C:\Users\Christian\Documents\STRESS.doc:KAVICHS
    @Alternate Data Stream - 36 bytes -> C:\Users\Christian\Documents\Streamer.doc:KAVICHS
    @Alternate Data Stream - 36 bytes -> C:\Users\Christian\Documents\Start.doc:KAVICHS
    @Alternate Data Stream - 36 bytes -> C:\Users\Christian\Documents\SSCARD.doc:KAVICHS
    @Alternate Data Stream - 36 bytes -> C:\Users\Christian\Documents\SpyKiller2003.exe:KAVICHS
    @Alternate Data Stream - 36 bytes -> C:\Users\Christian\Documents\spider.sav:KAVICHS
    @Alternate Data Stream - 36 bytes -> C:\Users\Christian\Documents\Soldering.doc:KAVICHS
    @Alternate Data Stream - 36 bytes -> C:\Users\Christian\Documents\Serial Nero 6.doc:KAVICHS
    @Alternate Data Stream - 36 bytes -> C:\Users\Christian\Documents\Searched terms.doc:KAVICHS
    @Alternate Data Stream - 36 bytes -> C:\Users\Christian\Documents\SamuelStern.doc:KAVICHS
    @Alternate Data Stream - 36 bytes -> C:\Users\Christian\Documents\Samsung.htm:KAVICHS
    @Alternate Data Stream - 36 bytes -> C:\Users\Christian\Documents\Sales promotion tools such as limited time offer.doc:KAVICHS
    @Alternate Data Stream - 36 bytes -> C:\Users\Christian\Documents\RyePolice.doc:KAVICHS
    @Alternate Data Stream - 36 bytes -> C:\Users\Christian\Documents\Rosalyn Washington.doc:KAVICHS
    @Alternate Data Stream - 36 bytes -> C:\Users\Christian\Documents\ROCCO.doc:KAVICHS
    @Alternate Data Stream - 36 bytes -> C:\Users\Christian\Documents\Reviews JCR.doc:KAVICHS
    @Alternate Data Stream - 36 bytes -> C:\Users\Christian\Documents\Refinance.doc:KAVICHS
    @Alternate Data Stream - 36 bytes -> C:\Users\Christian\Documents\readme.pdf:KAVICHS
    @Alternate Data Stream - 36 bytes -> C:\Users\Christian\Documents\qqq.prn:KAVICHS
    @Alternate Data Stream - 36 bytes -> C:\Users\Christian\Documents\qqq.pdf:KAVICHS
    @Alternate Data Stream - 36 bytes -> C:\Users\Christian\Documents\qqq.log:KAVICHS
    @Alternate Data Stream - 36 bytes -> C:\Users\Christian\Documents\Prof Bagozzi.doc:KAVICHS
    @Alternate Data Stream - 36 bytes -> C:\Users\Christian\Documents\precision american hotrod 2.tif:KAVICHS
    @Alternate Data Stream - 36 bytes -> C:\Users\Christian\Documents\Please complete the following information and eMail it back to us so that we.doc:KAVICHS
    @Alternate Data Stream - 36 bytes -> C:\Users\Christian\Documents\PhD list2.xls:KAVICHS
    @Alternate Data Stream - 36 bytes -> C:\Users\Christian\Documents\PhD list.xls:KAVICHS
    @Alternate Data Stream - 36 bytes -> C:\Users\Christian\Documents\PDFPro.doc:KAVICHS
    @Alternate Data Stream - 36 bytes -> C:\Users\Christian\Documents\pdf.doc:KAVICHS
    @Alternate Data Stream - 36 bytes -> C:\Users\Christian\Documents\ParkingTicket.doc:KAVICHS
    @Alternate Data Stream - 36 bytes -> C:\Users\Christian\Documents\Order.doc:KAVICHS
    @Alternate Data Stream - 36 bytes -> C:\Users\Christian\Documents\OE6COMPACT.doc:KAVICHS
    @Alternate Data Stream - 36 bytes -> C:\Users\Christian\Documents\OCR0001.wri:KAVICHS
    @Alternate Data Stream - 36 bytes -> C:\Users\Christian\Documents\NOISEPROBLEM.doc:KAVICHS
    @Alternate Data Stream - 36 bytes -> C:\Users\Christian\Documents\NEW PC STUFF.doc:KAVICHS
    @Alternate Data Stream - 36 bytes -> C:\Users\Christian\Documents\Neighbors****ingDog.doc:KAVICHS
    @Alternate Data Stream - 36 bytes -> C:\Users\Christian\Documents\myxbox.xgp:KAVICHS
    @Alternate Data Stream - 36 bytes -> C:\Users\Christian\Documents\MyImageRobot.jsc:KAVICHS
    @Alternate Data Stream - 36 bytes -> C:\Users\Christian\Documents\My wife had an accident this morning.doc:KAVICHS
    @Alternate Data Stream - 36 bytes -> C:\Users\Christian\Documents\My Violet 2.Theme:KAVICHS
    @Alternate Data Stream - 36 bytes -> C:\Users\Christian\Documents\My thoughts.doc:KAVICHS
    @Alternate Data Stream - 36 bytes -> C:\Users\Christian\Documents\My Resolutions in 2005.doc:KAVICHS
    @Alternate Data Stream - 36 bytes -> C:\Users\Christian\Documents\My Goals in 2004.doc:KAVICHS
    @Alternate Data Stream - 36 bytes -> C:\Users\Christian\Documents\mv619.pdf:KAVICHS
    @Alternate Data Stream - 36 bytes -> C:\Users\Christian\Documents\Murium.doc:KAVICHS
    @Alternate Data Stream - 36 bytes -> C:\Users\Christian\Documents\MOTOGP2.doc:KAVICHS
    @Alternate Data Stream - 36 bytes -> C:\Users\Christian\Documents\MOTHERBOARDUPGRADE.doc:KAVICHS
    @Alternate Data Stream - 36 bytes -> C:\Users\Christian\Documents\MONKEY.doc:KAVICHS
    @Alternate Data Stream - 36 bytes -> C:\Users\Christian\Documents\MKT3000.doc:KAVICHS
    @Alternate Data Stream - 36 bytes -> C:\Users\Christian\Documents\Mistakes to be corrected on the contract.doc:KAVICHS
    @Alternate Data Stream - 36 bytes -> C:\Users\Christian\Documents\MiltonLetter.doc:KAVICHS
    @Alternate Data Stream - 36 bytes -> C:\Users\Christian\Documents\Milton.doc:KAVICHS
    @Alternate Data Stream - 36 bytes -> C:\Users\Christian\Documents\MidGoOver.ppt:KAVICHS
    @Alternate Data Stream - 36 bytes -> C:\Users\Christian\Documents\Microsoft Word - readme.pdf:KAVICHS
    @Alternate Data Stream - 36 bytes -> C:\Users\Christian\Documents\Microsoft Word - JRRebateEverything.pdf:KAVICHS
    @Alternate Data Stream - 36 bytes -> C:\Users\Christian\Documents\MEMORANDUMS FOR OFFICE HOURS.doc:KAVICHS
    @Alternate Data Stream - 36 bytes -> C:\Users\Christian\Documents\Memo to instructors.doc:KAVICHS
    @Alternate Data Stream - 36 bytes -> C:\Users\Christian\Documents\LINKSYS.pdf:KAVICHS
    @Alternate Data Stream - 36 bytes -> C:\Users\Christian\Documents\Limited Warranty.doc:KAVICHS
    @Alternate Data Stream - 36 bytes -> C:\Users\Christian\Documents\life.doc:KAVICHS
    @Alternate Data Stream - 36 bytes -> C:\Users\Christian\Documents\LETTERtoALANA.doc:KAVICHS
    @Alternate Data Stream - 36 bytes -> C:\Users\Christian\Documents\Let me raise an issue unique to international faculty.doc:KAVICHS
    @Alternate Data Stream - 36 bytes -> C:\Users\Christian\Documents\Last.ppt:KAVICHS
    @Alternate Data Stream - 36 bytes -> C:\Users\Christian\Documents\Kramer.txt:KAVICHS
    @Alternate Data Stream - 36 bytes -> C:\Users\Christian\Documents\KINGChess.doc:KAVICHS
    @Alternate Data Stream - 36 bytes -> C:\Users\Christian\Documents\Katie.doc:KAVICHS
    @Alternate Data Stream - 36 bytes -> C:\Users\Christian\Documents\John Dugan Dean of Faculty.doc:KAVICHS
    @Alternate Data Stream - 36 bytes -> C:\Users\Christian\Documents\JCP Author Feedback Questionnaire.doc:KAVICHS
    @Alternate Data Stream - 36 bytes -> C:\Users\Christian\Documents\ISO1.nri:KAVICHS
    @Alternate Data Stream - 36 bytes -> C:\Users\Christian\Documents\Is it possible for some Milton school cub scouts to visit your fire station.doc:KAVICHS
    @Alternate Data Stream - 36 bytes -> C:\Users\Christian\Documents\IRB.doc:KAVICHS
    @Alternate Data Stream - 36 bytes -> C:\Users\Christian\Documents\INVOICE.doc:KAVICHS
    @Alternate Data Stream - 36 bytes -> C:\Users\Christian\Documents\Insurance.doc:KAVICHS
    @Alternate Data Stream - 36 bytes -> C:\Users\Christian\Documents\INSINSINSINSINSINS.doc:KAVICHS
    @Alternate Data Stream - 36 bytes -> C:\Users\Christian\Documents\IKEA.doc:KAVICHS
    @Alternate Data Stream - 36 bytes -> C:\Users\Christian\Documents\I.doc:KAVICHS
    @Alternate Data Stream - 36 bytes -> C:\Users\Christian\Documents\I want to make an appointment for clean space installation.doc:KAVICHS
    @Alternate Data Stream - 36 bytes -> C:\Users\Christian\Documents\I have a question about my order.doc:KAVICHS
    @Alternate Data Stream - 36 bytes -> C:\Users\Christian\Documents\I had several services done at your dealership including brake pads replacement.doc:KAVICHS
    @Alternate Data Stream - 36 bytes -> C:\Users\Christian\Documents\I got two estimates from two different auto body shops.doc:KAVICHS
    @Alternate Data Stream - 36 bytes -> C:\Users\Christian\Documents\HyeongMinKimCV.doc:KAVICHS
    @Alternate Data Stream - 36 bytes -> C:\Users\Christian\Documents\Hyeong.doc:KAVICHS
    @Alternate Data Stream - 36 bytes -> C:\Users\Christian\Documents\Hyeong Min.doc:KAVICHS
    @Alternate Data Stream - 36 bytes -> C:\Users\Christian\Documents\Hyeong Min Kim.doc:KAVICHS
    @Alternate Data Stream - 36 bytes -> C:\Users\Christian\Documents\Hyeong Min Kim Teaching & Research Application.doc:KAVICHS
    @Alternate Data Stream - 36 bytes -> C:\Users\Christian\Documents\Hyeong Min Ki2.doc:KAVICHS
    @Alternate Data Stream - 36 bytes -> C:\Users\Christian\Documents\Hyeong Min Ki1.doc:KAVICHS
    @Alternate Data Stream - 36 bytes -> C:\Users\Christian\Documents\HUMANESocietyCall.doc:KAVICHS
    @Alternate Data Stream - 36 bytes -> C:\Users\Christian\Documents\HumaneSociety.doc:KAVICHS
    @Alternate Data Stream - 36 bytes -> C:\Users\Christian\Documents\How To Adjust Your Rear Derailleur.doc:KAVICHS
    @Alternate Data Stream - 36 bytes -> C:\Users\Christian\Documents\HomeMay.doc:KAVICHS
    @Alternate Data Stream - 36 bytes -> C:\Users\Christian\Documents\Home_Expense.doc:KAVICHS
    @Alternate Data Stream - 36 bytes -> C:\Users\Christian\Documents\HelenBurns.doc:KAVICHS
    @Alternate Data Stream - 36 bytes -> C:\Users\Christian\Documents\H1b.doc:KAVICHS
    @Alternate Data Stream - 36 bytes -> C:\Users\Christian\Documents\Gulotta Barking Log.doc:KAVICHS
    @Alternate Data Stream - 36 bytes -> C:\Users\Christian\Documents\Guest of.doc:KAVICHS
    @Alternate Data Stream - 36 bytes -> C:\Users\Christian\Documents\GreenCardNoticeforWilliam.doc:KAVICHS
    @Alternate Data Stream - 36 bytes -> C:\Users\Christian\Documents\GarySoldow.doc:KAVICHS
    @Alternate Data Stream - 36 bytes -> C:\Users\Christian\Documents\GA Evaluation Form spr'05.doc:KAVICHS
    @Alternate Data Stream - 36 bytes -> C:\Users\Christian\Documents\****ING-DOG.doc:KAVICHS
    @Alternate Data Stream - 36 bytes -> C:\Users\Christian\Documents\****ingDavid.doc:KAVICHS
    @Alternate Data Stream - 36 bytes -> C:\Users\Christian\Documents\From1.doc:KAVICHS
    @Alternate Data Stream - 36 bytes -> C:\Users\Christian\Documents\From.doc:KAVICHS
    @Alternate Data Stream - 36 bytes -> C:\Users\Christian\Documents\FreedomCheat.doc:KAVICHS
    @Alternate Data Stream - 36 bytes -> C:\Users\Christian\Documents\For college.doc:KAVICHS
    @Alternate Data Stream - 36 bytes -> C:\Users\Christian\Documents\Flood.doc:KAVICHS
    @Alternate Data Stream - 36 bytes -> C:\Users\Christian\Documents\FinePrintHack.doc:KAVICHS
    @Alternate Data Stream - 36 bytes -> C:\Users\Christian\Documents\FIFA SOCCER 2005.doc:KAVICHS
    @Alternate Data Stream - 36 bytes -> C:\Users\Christian\Documents\Fidelis Kim.doc:KAVICHS
    @Alternate Data Stream - 36 bytes -> C:\Users\Christian\Documents\Fender.htm:KAVICHS
    @Alternate Data Stream - 36 bytes -> C:\Users\Christian\Documents\FENDER.doc:KAVICHS
    @Alternate Data Stream - 36 bytes -> C:\Users\Christian\Documents\fake brand pretestModified.doc:KAVICHS
    @Alternate Data Stream - 36 bytes -> C:\Users\Christian\Documents\Eye.pdf:KAVICHS
    @Alternate Data Stream - 36 bytes -> C:\Users\Christian\Documents\EE1B~1.DOC:KAVICHS
    @Alternate Data Stream - 36 bytes -> C:\Users\Christian\Documents\EdmondAddress.doc:KAVICHS
    @Alternate Data Stream - 36 bytes -> C:\Users\Christian\Documents\Driver License.pdf:KAVICHS
    @Alternate Data Stream - 36 bytes -> C:\Users\Christian\Documents\DogLEgal.doc:KAVICHS
    @Alternate Data Stream - 36 bytes -> C:\Users\Christian\Documents\Dawn's20visit.doc:KAVICHS
    @Alternate Data Stream - 36 bytes -> C:\Users\Christian\Documents\CUCMort.doc:KAVICHS
    @Alternate Data Stream - 36 bytes -> C:\Users\Christian\Documents\CUC yesterday.doc:KAVICHS
    @Alternate Data Stream - 36 bytes -> C:\Users\Christian\Documents\CubScout.doc:KAVICHS
    @Alternate Data Stream - 36 bytes -> C:\Users\Christian\Documents\Crucifixion.doc:KAVICHS
    @Alternate Data Stream - 36 bytes -> C:\Users\Christian\Documents\COVER LETTER.doc:KAVICHS
    @Alternate Data Stream - 36 bytes -> C:\Users\Christian\Documents\Corporate.pdf:KAVICHS
    @Alternate Data Stream - 36 bytes -> C:\Users\Christian\Documents\Company.pdf:KAVICHS
    @Alternate Data Stream - 36 bytes -> C:\Users\Christian\Documents\Communication.doc:KAVICHS
    @Alternate Data Stream - 36 bytes -> C:\Users\Christian\Documents\CLP150Manual.pdf:KAVICHS
    @Alternate Data Stream - 36 bytes -> C:\Users\Christian\Documents\CLP150Install.pdf:KAVICHS
    @Alternate Data Stream - 36 bytes -> C:\Users\Christian\Documents\CloneCDRegisteration.doc:KAVICHS
    @Alternate Data Stream - 36 bytes -> C:\Users\Christian\Documents\ChessOpening.doc:KAVICHS
    @Alternate Data Stream - 36 bytes -> C:\Users\Christian\Documents\ChessMasterPerson.doc:KAVICHS
    @Alternate Data Stream - 36 bytes -> C:\Users\Christian\Documents\CeilingStainPaint.doc:KAVICHS
    @Alternate Data Stream - 36 bytes -> C:\Users\Christian\Documents\CAMRYSQEAUL.doc:KAVICHS
    @Alternate Data Stream - 36 bytes -> C:\Users\Christian\Documents\bookmark.htm:KAVICHS
    @Alternate Data Stream - 36 bytes -> C:\Users\Christian\Documents\baseball.pdf:KAVICHS
    @Alternate Data Stream - 36 bytes -> C:\Users\Christian\Documents\Baruchhire.doc:KAVICHS
    @Alternate Data Stream - 36 bytes -> C:\Users\Christian\Documents\Baruchad3.psp:KAVICHS
    @Alternate Data Stream - 36 bytes -> C:\Users\Christian\Documents\BaruchAd.psp:KAVICHS
    @Alternate Data Stream - 36 bytes -> C:\Users\Christian\Documents\Baruch2.psp:KAVICHS
    @Alternate Data Stream - 36 bytes -> C:\Users\Christian\Documents\Baruch.doc:KAVICHS
    @Alternate Data Stream - 36 bytes -> C:\Users\Christian\Documents\BARKINGDOG.doc:KAVICHS
    @Alternate Data Stream - 36 bytes -> C:\Users\Christian\Documents\BARKING.doc:KAVICHS
    @Alternate Data Stream - 36 bytes -> C:\Users\Christian\Documents\August 18, 2005 (2).max:KAVICHS
    @Alternate Data Stream - 36 bytes -> C:\Users\Christian\Documents\ATI.doc:KAVICHS
    @Alternate Data Stream - 36 bytes -> C:\Users\Christian\Documents\Asmodeusoft.doc:KAVICHS
    @Alternate Data Stream - 36 bytes -> C:\Users\Christian\Documents\Application.txt:KAVICHS
    @Alternate Data Stream - 36 bytes -> C:\Users\Christian\Documents\AMEX.doc:KAVICHS
    @Alternate Data Stream - 36 bytes -> C:\Users\Christian\Documents\Address_Labels.doc:KAVICHS
    @Alternate Data Stream - 36 bytes -> C:\Users\Christian\Documents\Adawareback.awb:KAVICHS
    @Alternate Data Stream - 36 bytes -> C:\Users\Christian\Documents\AcrobatSerial.doc:KAVICHS
    @Alternate Data Stream - 36 bytes -> C:\Users\Christian\Documents\About Exam 2.htm:KAVICHS
    @Alternate Data Stream - 36 bytes -> C:\Users\Christian\Documents\aaw6.exe:KAVICHS
    @Alternate Data Stream - 36 bytes -> C:\Users\Christian\Documents\A log of the time I heard the dog constantly barking.doc:KAVICHS
    @Alternate Data Stream - 36 bytes -> C:\Users\Christian\Documents\A letter to myself.doc:KAVICHS
    @Alternate Data Stream - 36 bytes -> C:\Users\Christian\Documents\958159504.doc:KAVICHS
    @Alternate Data Stream - 36 bytes -> C:\Users\Christian\Documents\602-750.doc:KAVICHS
    @Alternate Data Stream - 36 bytes -> C:\Users\Christian\Documents\529.doc:KAVICHS
    @Alternate Data Stream - 36 bytes -> C:\Users\Christian\Documents\38B9~1.DOC:KAVICHS
    @Alternate Data Stream - 36 bytes -> C:\Users\Christian\Documents\356B9~1.DOC:KAVICHS
    @Alternate Data Stream - 227 bytes -> C:\ProgramData\TEMP:B3D74A13
    @Alternate Data Stream - 205 bytes -> C:\ProgramData\TEMP:8927A071
    @Alternate Data Stream - 152 bytes -> C:\ProgramData\TEMP:DFC5A2B2
    @Alternate Data Stream - 128 bytes -> C:\Windows\System32\zlib.dll:SummaryInformation
    @Alternate Data Stream - 127 bytes -> C:\ProgramData\TEMP:430C6D84
    @Alternate Data Stream - 124 bytes -> C:\Windows\System32\zlib.dll:DocumentSummaryInformation
    @Alternate Data Stream - 119 bytes -> C:\ProgramData\TEMP:8303F807
    @Alternate Data Stream - 112 bytes -> C:\ProgramData\TEMP:333D43C5

    < End of report >
  17. ChriskK

    ChriskK Newcomer, in training Topic Starter Posts: 18

    Extras Part 1

    OTL Extras logfile created on: 3/5/2011 9:53:38 PM - Run 1
    OTL by OldTimer - Version 3.2.22.2 Folder = C:\Users\Christian\Desktop
    Windows Vista Ultimate Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
    Internet Explorer (Version = 8.0.6001.18943)
    Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

    3.00 Gb Total Physical Memory | 2.00 Gb Available Physical Memory | 62.00% Memory free
    7.00 Gb Paging File | 6.00 Gb Available in Paging File | 82.00% Paging File free
    Paging file location(s): ?:\pagefile.sys [binary data]

    %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
    Drive C: | 78.13 Gb Total Space | 41.01 Gb Free Space | 52.48% Space Free | Partition Type: NTFS
    Drive D: | 39.07 Gb Total Space | 34.08 Gb Free Space | 87.24% Space Free | Partition Type: NTFS
    Drive E: | 39.07 Gb Total Space | 37.28 Gb Free Space | 95.42% Space Free | Partition Type: NTFS
    Drive F: | 141.82 Gb Total Space | 27.81 Gb Free Space | 19.61% Space Free | Partition Type: NTFS
    Drive G: | 139.73 Gb Total Space | 63.29 Gb Free Space | 45.30% Space Free | Partition Type: NTFS
    Drive H: | 139.73 Gb Total Space | 115.00 Gb Free Space | 82.30% Space Free | Partition Type: NTFS
    Drive I: | 7.31 Gb Total Space | 0.00 Gb Free Space | 0.00% Space Free | Partition Type: UDF

    Computer Name: CHRISTIAN-PC | User Name: Christian | Logged in as Administrator.
    Boot Mode: Normal | Scan Mode: All users | Quick Scan
    Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

    ========== Extra Registry (SafeList) ==========


    ========== File Associations ==========

    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
    .cpl [@ = cplfile] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*
    .hlp [@ = hlpfile] -- C:\Windows\winhlp32.exe (Microsoft Corporation)

    ========== Shell Spawning ==========

    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
    batfile [open] -- "%1" %*
    cmdfile [open] -- "%1" %*
    comfile [open] -- "%1" %*
    cplfile [cplopen] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*
    exefile [open] -- "%1" %*
    helpfile [open] -- Reg Error: Key error.
    hlpfile [open] -- %SystemRoot%\winhlp32.exe %1 (Microsoft Corporation)
    htmlfile [edit] -- "D:\Microsoft Office\Office12\msohtmed.exe" %1 (Microsoft Corporation)
    piffile [open] -- "%1" %*
    regfile [merge] -- Reg Error: Key error.
    scrfile [config] -- "%1"
    scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
    scrfile [open] -- "%1" /S
    txtfile [edit] -- Reg Error: Key error.
    Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
    Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
    Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
    Folder [open] -- %SystemRoot%\Explorer.exe /separate,/idlist,%I,%L (Microsoft Corporation)
    Folder [explore] -- %SystemRoot%\Explorer.exe /separate,/e,/idlist,%I,%L (Microsoft Corporation)
    Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

    ========== Security Center Settings ==========

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
    "cval" = 1
    "FirewallDisableNotify" = 0
    "AntiVirusDisableNotify" = 0
    "UpdatesDisableNotify" = 0

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]
    "DisableMonitoring" = 1

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
    "AntiVirusOverride" = 0
    "AntiSpywareOverride" = 0
    "FirewallOverride" = 0
    "VistaSp1" = Reg Error: Unknown registry data type -- File not found
    "VistaSp2" = Reg Error: Unknown registry data type -- File not found

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\S-1-5-21-4167628224-1300899903-4152363779-1000]
    "EnableNotifications" = 0
    "EnableNotificationsRef" = 1

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]

    ========== System Restore Settings ==========

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]
    "DisableSR" = 0

    ========== Firewall Settings ==========

    [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\StandardProfile]

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
    "DisableNotifications" = 0
    "EnableFirewall" = 1

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
    "DisableNotifications" = 0
    "EnableFirewall" = 1

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
    "DisableNotifications" = 0
    "EnableFirewall" = 1

    ========== Authorized Applications List ==========

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]


    ========== Vista Active Open Ports Exception List ==========

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
    "{2A449B2D-9201-4D6C-823E-7837E9507E08}" = lport=6004 | protocol=17 | dir=in | app=d:\microsoft office\office12\outlook.exe |
    "{31917295-6414-407D-9CA1-86C3CDEDF4F0}" = lport=3702 | protocol=17 | dir=in | svc=fdrespub | app=%systemroot%\system32\svchost.exe |
    "{3717B5E7-D09B-4FF3-B3C5-70A92E0A3CE9}" = lport=139 | protocol=6 | dir=in | app=system |
    "{39E20A3D-70D3-46F6-A1CF-239B45A17D93}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
    "{46FEB35B-537F-4616-9D04-E32267231CA7}" = rport=3702 | protocol=17 | dir=out | svc=fdrespub | app=%systemroot%\system32\svchost.exe |
    "{6DE9D60A-24A5-46CC-9806-2F342B7B0F2D}" = lport=rpc-epmap | protocol=6 | dir=in | svc=rpcss | name=@firewallapi.dll,-28539 |
    "{6F165447-0CAA-4114-9927-099A9A9925F5}" = lport=3702 | protocol=17 | dir=in | svc=fdphost | app=%systemroot%\system32\svchost.exe |
    "{745218C9-7520-4637-A6A1-28CBD1BB61B0}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe |
    "{7FA2B8B0-CAA4-48D9-B303-D86A8D9ECA10}" = rport=445 | protocol=6 | dir=out | app=system |
    "{9057EC2E-7E82-4308-B35E-462AE802709B}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
    "{A4BE94AA-C06B-44AB-BB5B-E92AF891F760}" = lport=rpc | protocol=6 | dir=in | svc=spooler | app=%systemroot%\system32\spoolsv.exe |
    "{B68B89A7-393F-4F4B-90C3-BBF54C975B9C}" = rport=139 | protocol=6 | dir=out | app=system |
    "{C6F932A4-6A7A-482A-AA29-A64DFA18DE90}" = lport=138 | protocol=17 | dir=in | app=system |
    "{D4BF33DA-98EC-414A-9440-D3CEB2E04C42}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe |
    "{D56004EA-F6EC-4DBA-B539-6BE4EC24F478}" = rport=3702 | protocol=17 | dir=out | svc=fdphost | app=%systemroot%\system32\svchost.exe |
    "{D590AE29-A997-442D-A983-9D39CDA87A1D}" = lport=445 | protocol=6 | dir=in | app=system |
    "{DDA0B56F-E8AB-4BA4-B86C-F670B9F8DBD4}" = rport=137 | protocol=17 | dir=out | app=system |
    "{E330D8D7-46A7-4EC1-B419-EDFAB5B81DA0}" = lport=137 | protocol=17 | dir=in | app=system |
    "{FA2202F8-DF10-4D56-A930-EFE60293F520}" = rport=138 | protocol=17 | dir=out | app=system |

    ========== Vista Active Application Exception List ==========

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
    "{047CF96C-8794-451A-B262-5ED63622425E}" = protocol=17 | dir=in | app=f:\celeris\virtual pool 3 dl\vp3.exe |
    "{06947E0C-1A79-4B80-ADF8-1FD5DC1804D6}" = protocol=17 | dir=in | app=c:\program files\common files\symantec shared\ccapp.exe |
    "{0F4394E9-E685-4CE6-B99B-6EF61943E161}" = protocol=17 | dir=in | app=f:\steam\steamapps\common\dead space 2\support\ea help\electronic_arts_technical_support.htm |
    "{14D1ED2A-1B19-4757-8F88-A7E9FB6B6F6C}" = protocol=6 | dir=in | app=c:\windows\system32\pnkbstrb.exe |
    "{19DDF383-0ECC-4F23-BFFC-FA627BE68D1A}" = protocol=17 | dir=in | app=c:\windows\system32\pnkbstrb.exe |
    "{2CD82828-DFB9-4985-8A19-87B32370AEEE}" = protocol=1 | dir=in | name=@firewallapi.dll,-28543 |
    "{32A875DE-1775-4654-8994-0F67E946A132}" = protocol=1 | dir=out | name=@firewallapi.dll,-28544 |
    "{33857D9E-0648-42FC-8101-25D517ED8FA6}" = protocol=6 | dir=in | app=f:\steam\steamapps\common\dead space 2\deadspace2.exe |
    "{406AEBDF-52BD-4993-B765-2635F81325C6}" = protocol=6 | dir=in | app=f:\celeris\virtual pool 3 dl\vp3.exe |
    "{466A161A-1432-46F3-99BA-9222C16E9E61}" = protocol=17 | dir=in | app=f:\capcom\resident evil 5\re5dx9.exe |
    "{5F7C1F97-8D87-4B88-8570-E123AAC0AEA4}" = protocol=6 | dir=in | app=c:\program files\symantec\symantec endpoint protection\snac.exe |
    "{6A5E9540-28BB-4B4E-8F0E-49323B343798}" = protocol=17 | dir=in | app=c:\program files\symantec\symantec endpoint protection\smc.exe |
    "{6E0D7416-9E9D-47B8-BDE4-39CAACC41852}" = protocol=17 | dir=in | app=c:\windows\system32\pnkbstra.exe |
    "{8270CA56-1017-4F66-847A-1D6B5C6DA779}" = protocol=6 | dir=in | app=f:\capcom\resident evil 5\re5dx10.exe |
    "{83654B14-B870-4346-A2E9-CA5B0FEF64FF}" = protocol=17 | dir=in | app=c:\program files\symantec\symantec endpoint protection\snac.exe |
    "{923B4AE7-C489-4E07-AA07-E32E89C90048}" = protocol=6 | dir=in | app=f:\steam\steamapps\common\dead space 2\support\ea help\electronic_arts_technical_support.htm |
    "{9CB474BB-BA78-4EED-9277-494BFDF53DD5}" = protocol=6 | dir=in | app=c:\program files\common files\symantec shared\ccapp.exe |
    "{A0EFAD37-34ED-4EFA-A7C9-D63E004D2FA8}" = protocol=6 | dir=in | app=f:\capcom\resident evil 5\re5dx9.exe |
    "{A393D710-7F52-4529-8EF3-838B4EA8A445}" = protocol=6 | dir=in | app=f:\steam\steamapps\common\droplitz\cascade.exe |
    "{B63683FA-DA1A-4135-996E-E5B1B3852595}" = protocol=6 | dir=in | app=c:\windows\system32\pnkbstra.exe |
    "{BFC59E1F-68AF-4181-817A-5E101107434F}" = protocol=6 | dir=in | app=c:\program files\symantec\symantec endpoint protection\smc.exe |
    "{CDBEBBE7-8FAA-4475-A051-F823159EAB04}" = protocol=17 | dir=in | app=f:\steam\steamapps\common\dead space 2\deadspace2.exe |
    "{CE58A4CE-6174-4569-A88B-87B431CFC099}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe |
    "{E987E6D5-1305-4CD5-BC7E-8D2A34CF1A85}" = protocol=17 | dir=in | app=f:\capcom\resident evil 5\re5dx10.exe |
    "{EEB9CCFE-0AE6-4AC4-8164-6B215004045E}" = protocol=17 | dir=in | app=f:\steam\steamapps\common\droplitz\cascade.exe |
    "{F90FE844-64EC-4A8A-8D87-C2D9E926BFBB}" = protocol=58 | dir=in | name=@firewallapi.dll,-28545 |
    "{FB98D36A-523C-413B-A6A9-3BFCA6AE2400}" = protocol=58 | dir=out | name=@firewallapi.dll,-28546 |
    "TCP Query User{1539E03B-1DF2-4949-8DF9-FDCB75831B3D}E:\program files\nero\nero 7\nero home\nerohome.exe" = protocol=6 | dir=in | app=e:\program files\nero\nero 7\nero home\nerohome.exe |
    "TCP Query User{55CA4E99-424C-4B5E-BBD6-7559F570D6CC}E:\program files\mozilla firefox\firefox.exe" = protocol=6 | dir=in | app=e:\program files\mozilla firefox\firefox.exe |
    "TCP Query User{73B023A4-36ED-41F4-90C7-9B3BF8FBF435}E:\orbitdownloader\orbitnet.exe" = protocol=6 | dir=in | app=e:\orbitdownloader\orbitnet.exe |
    "TCP Query User{81702A28-8EFC-407B-9850-09F9957F8BB2}I:\setup.exe" = protocol=6 | dir=in | app=i:\setup.exe |
    "TCP Query User{ABEB631D-650E-47F7-BDE7-4E332524C376}C:\hp_lj1020-1022_full_solution\setup.exe" = protocol=6 | dir=in | app=c:\hp_lj1020-1022_full_solution\setup.exe |
    "TCP Query User{D2920103-EBFB-4E0D-980A-C48EF00264A2}E:\program files\spyware terminator\spywareterminatorupdate.exe" = protocol=6 | dir=in | app=e:\program files\spyware terminator\spywareterminatorupdate.exe |
    "TCP Query User{D83B6D94-55E8-4AB3-A0A1-D8FB6F89B0FA}C:\program files\starcraft\starcraft.exe" = protocol=6 | dir=in | app=c:\program files\starcraft\starcraft.exe |
    "TCP Query User{F4E778D0-A407-4C57-8C8A-4555B3A9D907}C:\program files\internet explorer\iexplore.exe" = protocol=6 | dir=in | app=c:\program files\internet explorer\iexplore.exe |
    "UDP Query User{0E2D41F9-FB36-4D91-B091-A782A41DBDC2}C:\program files\internet explorer\iexplore.exe" = protocol=17 | dir=in | app=c:\program files\internet explorer\iexplore.exe |
    "UDP Query User{11282039-CAEF-4E35-95DC-83259718F7C9}E:\program files\mozilla firefox\firefox.exe" = protocol=17 | dir=in | app=e:\program files\mozilla firefox\firefox.exe |
    "UDP Query User{1DC374D2-D40A-4FD3-9DA0-B4C89F2C138C}C:\program files\starcraft\starcraft.exe" = protocol=17 | dir=in | app=c:\program files\starcraft\starcraft.exe |
    "UDP Query User{44A93ABC-B3AA-4A8D-9F1F-071E7FF17164}E:\orbitdownloader\orbitnet.exe" = protocol=17 | dir=in | app=e:\orbitdownloader\orbitnet.exe |
    "UDP Query User{4EFD922D-5BED-418B-8B64-A08669FB09B6}E:\program files\spyware terminator\spywareterminatorupdate.exe" = protocol=17 | dir=in | app=e:\program files\spyware terminator\spywareterminatorupdate.exe |
    "UDP Query User{5229CB04-2110-4510-B761-F8D8F6BAF699}I:\setup.exe" = protocol=17 | dir=in | app=i:\setup.exe |
    "UDP Query User{7251134A-1AFB-41D4-876E-E8261F0048B6}C:\hp_lj1020-1022_full_solution\setup.exe" = protocol=17 | dir=in | app=c:\hp_lj1020-1022_full_solution\setup.exe |
    "UDP Query User{E255AE40-E256-40B0-A11D-268DD48AFD7E}E:\program files\nero\nero 7\nero home\nerohome.exe" = protocol=17 | dir=in | app=e:\program files\nero\nero 7\nero home\nerohome.exe |
  18. ChriskK

    ChriskK Newcomer, in training Topic Starter Posts: 18

    Extras Part 2!

    ========== HKEY_LOCAL_MACHINE Uninstall List ==========

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
    "{00203668-8170-44A0-BE44-B632FA4D780F}" = Adobe AIR
    "{0032D29F-7E8F-40E5-AD12-8857AAB0DBFF}" = Catalyst Control Center - Branding
    "{0076E1AC-9E7B-4B9F-A62A-4CC9511AD8E3}" = Zune Language Pack (FR)
    "{00C5F4F4-62F9-40D7-8000-AD8A9CD0C669}" = Microsoft Games for Windows - LIVE Redistributable
    "{0360D8F0-626A-4E87-8A16-938BD0BEBCC5}" = 32 Bit HP CIO Components Installer
    "{048298C9-A4D3-490B-9FF9-AB023A9238F3}" = Steam
    "{05BB2EC5-6BEF-4DDC-9E75-BEE7B161157A}" = Macromedia Dreamweaver MX 2004
    "{0AC8162B-5175-41D7-B963-8307A40BD456}" = n52te Editor
    "{0C4D84F4-90EA-452B-A03F-700DE569ED48}" = DNE Update
    "{107254A0-0ADF-11D4-9397-00D0B7020B38}" =
    "{147A9BB0-00EE-4032-BD01-981B5EDDB690}" = DR-1210C Job Tool
    "{17D8DD6D-E1F9-F2CC-7CB4-6589129923CE}" = Catalyst Control Center Graphics Previews Vista
    "{196BB40D-1578-3D01-B289-BEFC77A11A1E}" = Microsoft Visual C++ 2010 x86 Redistributable - 10.0.30319
    "{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
    "{212F5777-1190-4DEF-8E4D-6B2F313B45E7}" = PerfectDisk
    "{2300EE96-0A41-4FAB-BD03-989EC44577A0}" = Acronis*Disk Director Suite
    "{236BB7C4-4419-42FD-0409-1E257A25E34D}" = Adobe Photoshop CS2
    "{258236B1-6DFE-7363-E4C3-CDC6FCC03BF6}" = Catalyst Control Center InstallProxy
    "{26A24AE4-039D-4CA4-87B4-2F83216011FF}" = Java(TM) 6 Update 11
    "{2C9EE786-1DDB-4C98-8FA4-B1B9B5A66B77}" = Microsoft Games for Windows - LIVE
    "{3595DD89-873E-6911-4AF0-47542B5C8073}" = ATI Catalyst Install Manager
    "{37C8899D-FD70-481F-94AA-1F1B08765E22}" = Acronis*True*Image*Home
    "{3DB05083-3621-D206-CB9B-68E8CDB139AD}" = CCC Help English
    "{3EE9BCAE-E9A9-45E5-9B1C-83A4D357E05C}" = eReg
    "{4733A394-F8D3-4394-857C-D9712386514E}" = ScanSoft PaperPort 11
    "{49BF48CC-ABB6-4795-9B35-B5DE005D8612}" = Pinnacle Game Profiler
    "{4C36BD6F-3C93-3ED7-A4EA-2D1D9A6E215B}" = Catalyst Control Center Graphics Previews Common
    "{50A5C123-C294-4A61-9F5A-914F5700C147}" = Brother HL-2170W
    "{69FDFBB6-351D-4B8C-89D8-867DC9D0A2A4}" = Windows Media Player Firefox Plugin
    "{6C457CDB-18B2-E0AA-F2DD-5A69AE2C0505}" = ccc-utility
    "{6F801026-6AF0-4520-9153-4C9B4CAAB361}" = HP LaserJet P2050 Series 6.0
    "{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable
    "{77DCDCE3-2DED-62F3-8154-05E745472D07}" = Acrobat.com
    "{786C5747-1033-0000-B58E-000000000001}" = Adobe Stock Photos 1.0
    "{7B4873B0-71FF-4BAA-8072-1DEE154C54E4}" = Virtual Pool 3 DL
    "{837b34e3-7c30-493c-8f6a-2b0f04e2912c}" = Microsoft Visual C++ 2005 Redistributable
    "{84B70C16-7032-41EE-965C-3C8D9D566CBB}" = Symantec Endpoint Protection
    "{89B6F63A-7E0C-424A-9D39-C4EF59E96D78}" = hppQFolderP2050
    "{8EDBA74D-0686-4C99-BFDD-F894678E5B39}" = Adobe Common File Installer
    "{90120000-0011-0000-0000-0000000FF1CE}" = Microsoft Office Professional Plus 2007
    "{90120000-0011-0000-0000-0000000FF1CE}_PROPLUS_{0B36C6D6-F5D8-4EAF-BF94-4376A230AD5B}" = 2007 Microsoft Office Suite Service Pack 2 (SP2)
    "{90120000-0011-0000-0000-0000000FF1CE}_PROPLUS_{3D019598-7B59-447A-80AE-815B703B84FF}" = Security Update for Microsoft Office system 2007 (972581)
    "{90120000-0015-0409-0000-0000000FF1CE}" = Microsoft Office Access MUI (English) 2007
    "{90120000-0015-0409-0000-0000000FF1CE}_PROPLUS_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = 2007 Microsoft Office Suite Service Pack 2 (SP2)
    "{90120000-0016-0409-0000-0000000FF1CE}" = Microsoft Office Excel MUI (English) 2007
    "{90120000-0016-0409-0000-0000000FF1CE}_PROPLUS_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = 2007 Microsoft Office Suite Service Pack 2 (SP2)
    "{90120000-0018-0409-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (English) 2007
    "{90120000-0018-0409-0000-0000000FF1CE}_PROPLUS_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = 2007 Microsoft Office Suite Service Pack 2 (SP2)
    "{90120000-0019-0409-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (English) 2007
    "{90120000-0019-0409-0000-0000000FF1CE}_PROPLUS_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = 2007 Microsoft Office Suite Service Pack 2 (SP2)
    "{90120000-001A-0409-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (English) 2007
    "{90120000-001A-0409-0000-0000000FF1CE}_PROPLUS_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = 2007 Microsoft Office Suite Service Pack 2 (SP2)
    "{90120000-001B-0409-0000-0000000FF1CE}" = Microsoft Office Word MUI (English) 2007
    "{90120000-001B-0409-0000-0000000FF1CE}_PROPLUS_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = 2007 Microsoft Office Suite Service Pack 2 (SP2)
    "{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007
    "{90120000-001F-0409-0000-0000000FF1CE}_PROPLUS_{ABDDE972-355B-4AF1-89A8-DA50B7B5C045}" = 2007 Microsoft Office Suite Service Pack 2 (SP2)
    "{90120000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2007
    "{90120000-001F-040C-0000-0000000FF1CE}_PROPLUS_{F580DDD5-8D37-4998-968E-EBB76BB86787}" = 2007 Microsoft Office Suite Service Pack 2 (SP2)
    "{90120000-001F-0C0A-0000-0000000FF1CE}" = Microsoft Office Proof (Spanish) 2007
    "{90120000-001F-0C0A-0000-0000000FF1CE}_PROPLUS_{187308AB-5FA7-4F14-9AB9-D290383A10D9}" = 2007 Microsoft Office Suite Service Pack 2 (SP2)
    "{90120000-002C-0409-0000-0000000FF1CE}" = Microsoft Office Proofing (English) 2007
    "{90120000-0044-0409-0000-0000000FF1CE}" = Microsoft Office InfoPath MUI (English) 2007
    "{90120000-0044-0409-0000-0000000FF1CE}_PROPLUS_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = 2007 Microsoft Office Suite Service Pack 2 (SP2)
    "{90120000-006E-0409-0000-0000000FF1CE}" = Microsoft Office Shared MUI (English) 2007
    "{90120000-006E-0409-0000-0000000FF1CE}_PROPLUS_{DE5A002D-8122-4278-A7EE-3121E7EA254E}" = 2007 Microsoft Office Suite Service Pack 2 (SP2)
    "{90120000-0115-0409-0000-0000000FF1CE}" = Microsoft Office Shared Setup Metadata MUI (English) 2007
    "{90120000-0115-0409-0000-0000000FF1CE}_PROPLUS_{DE5A002D-8122-4278-A7EE-3121E7EA254E}" = 2007 Microsoft Office Suite Service Pack 2 (SP2)
    "{90120000-0117-0409-0000-0000000FF1CE}" = Microsoft Office Access Setup Metadata MUI (English) 2007
    "{90120000-0117-0409-0000-0000000FF1CE}_PROPLUS_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = 2007 Microsoft Office Suite Service Pack 2 (SP2)
    "{98613C99-1399-416C-A07C-1EE1C585D872}" = SeaTools for Windows
    "{995F2783-8311-49BF-833E-DB659774B4F6}" = hppFonts
    "{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
    "{9DE1E6F5-180F-430D-AD8D-E3E4CA25BFC2}_is1" = YouTube Music Converter V1.3.8
    "{A4C4EAEC-5751-11D6-8E4E-009027AA4188}" = PTC ProDESKTOP 8.0
    "{A5BA14E0-7384-11D4-BAE7-00409631A2C8}" = Macromedia Extension Manager
    "{AC08BBA0-96B9-431A-A7D0-D8598E493775}" = RESIDENT EVIL 5
    "{AC76BA86-7AD7-1033-7B44-A90000000001}" = Adobe Reader 9
    "{ADA6637C-88B5-D2D6-E017-8F7C000CAC3E}" = ccc-core-static
    "{B1102A25-3AA3-446B-AA0F-A699B07A02FD}" = Garmin USB Drivers
    "{B4092C6D-E886-4CB2-BA68-FE5A88D31DE6}_is1" = Spybot - Search & Destroy
    "{B5BC214D-8B7D-4634-8834-8553B7B57944}" = Canon DR-1210C Driver
    "{B6685367-A8AD-4414-A2A3-10B40EC5CF30}" = SharpKeys
    "{B74D4E10-1033-0000-0000-000000000001}" = Adobe Bridge 1.0
    "{BBB7AEE0-AE78-44CC-8CD4-083B0B99EA80}" = Intel(R) Network Connections 14.5.1.0
    "{C25215FC-5900-48B0-B93C-8D3379027312}" = PASW Statistics 18
    "{CAC4891C-EF84-11DC-AF8C-00188BF89454}" = CommVault Systems DataArchiver Outlook Add-In (Instance001)
    "{CCB9B81A-167F-4832-B305-D2A0430840B3}" = WebReg
    "{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
    "{D2F3B366-830E-4371-9130-A8D6BE751363}" = CapturePerfect 3.0
    "{E0783143-EAE2-4047-A8D6-E155523C594C}" = Garmin WebUpdater
    "{E9787678-1033-0000-8E67-000000000001}" = Adobe Help Center 1.0
    "{EE4ACABF-531E-419A-9225-B8E0FA4955AF}" = Zune Language Pack (ES)
    "{F14B8ECC-BDA0-4987-9201-D7B7DBE11033}" = Nero 7 Premium
    "{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022
    "{FF70513F-E3A7-402F-84FB-B7810A064BE2}" = Zune
    "3ivx MPEG-4 5.0.3" = 3ivx MPEG-4 5.0.3 (remove only)
    "45A7283175C62FAC673F913C1F532C5361F97841" = Windows Driver Package - Garmin (grmnusb) GARMIN Devices (03/08/2007 2.2.1.0)
    "Adobe AIR" = Adobe AIR
    "Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX
    "Adobe Photoshop CS2 - {236BB7C4-4419-42FD-0409-1E257A25E34D}" = Adobe Photoshop CS2
    "Adobe Shockwave Player" = Adobe Shockwave Player 11.5
    "AudioCS" = Creative Audio Control Panel
    "B076073A-5527-4f4f-B46B-B10692277DA2_is1" = DisplayFusion 2.2.1
    "Carom3D" = Carom3D
    "CCleaner" = CCleaner (remove only)
    "com.adobe.mauby.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1" = Acrobat.com
    "Creative Sound Blaster Properties" = Creative Sound Blaster Properties
    "EVEREST Ultimate Edition_is1" = EVEREST Ultimate Edition v4.20
    "FileASSASSIN" = FileASSASSIN
    "FinePrint" = FinePrint
    "Fraps" = Fraps
    "HD Tune_is1" = HD Tune 2.55
    "LiveUpdate" = LiveUpdate 3.3 (Symantec Corporation)
    "Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware
    "Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
    "Monkey's Audio_is1" = Monkey's Audio
    "Mozilla Firefox (3.0.19)" = Mozilla Firefox (3.0.19)
    "OpenAL" = OpenAL
    "ordrumbox_is1" = ordrumbox-0.8.05
    "PC Magazine's WinTidy_is1" = WinTidy 1.0.11
    "pdfFactory Pro" = pdfFactory Pro
    "PROPLUS" = Microsoft Office Professional Plus 2007
    "PROSetDX" = Intel(R) Network Connections 14.5.1.0
    "sp6" = Logitech SetPoint 6.20
    "SPSS for Windows 11.5" = SPSS 11.5 for Windows
    "SPT-667 Phrase Trainer_is1" = SPT-667 Phrase Trainer 1
    "StarCraft" = StarCraft
    "Steam App 23120" = Droplitz
    "Steam App 40800" = Super Meat Boy
    "Steam App 47780" = Dead Space 2
    "The KMPlayer" = The KMPlayer (remove only)
    "Unlocker" = Unlocker 1.8.7
    "ViceVersa Pro_is1" = ViceVersa Pro 1.3.1
    "VistaGlazz_is1" = VistaGlazz 1.1
    "Winamp" = Winamp
    "WinRAR archiver" = WinRAR archiver
    "Your Uninstaller! 2008_is1" = Your Uninstaller! 2008 Version 6.2
    "Youtube Music Downloader_is1" = Youtube Music Downloader V3.6
    "Zune" = Zune

    ========== Last 10 Event Log Errors ==========

    Error reading Event Logs: The Event Service is not operating properly or the Event Logs are corrupt!

    < End of report >
  19. Broni

    Broni Malware Annihilator Posts: 46,321   +252

    1. Update your Java version here: http://www.java.com/en/download/installed.jsp

    Note 1: UNCHECK any pre-checked toolbar and/or software offered with the Java update. The pre-checked toolbars/software are not part of the Java update.

    Note 2: The Java Quick Starter (JQS.exe) adds a service to improve the initial startup time of Java applets and applications. If you don't want to run another extra service, go to Start > Control Panel > Java > Advanced > Miscellaneous and uncheck the box for Java Quick Starter. Click OK and restart your computer.

    2. Now, we need to remove old Java version and its remnants...

    Download JavaRa to your desktop and unzip it to its own folder
    • Run JavaRa.exe (Vista users! Right click on JavaRa.exe, click Run As Administrator), pick the language of your choice and click Select. Then click Remove Older Versions.
    • Accept any prompts.

    =======================================================================

    Run OTL
    • Under the Custom Scans/Fixes box at the bottom, paste in the following

      Code:
      :OTL
      SRV - File not found [Auto | Stopped] -- -- (NOD32krn)
      O3 - HKU\S-1-5-21-4167628224-1300899903-4152363779-1000\..\Toolbar\WebBrowser: (no name) - {C55BBCD6-41AD-48AD-9953-3609C48EACC7} - No CLSID value found.
      @Alternate Data Stream - 68 bytes -> C:\Users\Christian\Documents\Shortcut to NHL 2005.lnk:KAVICHS
      @Alternate Data Stream - 68 bytes -> C:\Users\Christian\Documents\PASSWORDS.doc:KAVICHS
      @Alternate Data Stream - 68 bytes -> C:\Users\Christian\Documents\MyTheme.Theme:KAVICHS
      @Alternate Data Stream - 68 bytes -> C:\Users\Christian\Documents\MySylvain.Theme:KAVICHS
      @Alternate Data Stream - 68 bytes -> C:\Users\Christian\Documents\MySilver.Theme:KAVICHS
      @Alternate Data Stream - 68 bytes -> C:\Users\Christian\Documents\MyGreen.Theme:KAVICHS
      @Alternate Data Stream - 68 bytes -> C:\Users\Christian\Documents\MyBlue.Theme:KAVICHS
      @Alternate Data Stream - 68 bytes -> C:\Users\Christian\Documents\My.Theme:KAVICHS
      @Alternate Data Stream - 68 bytes -> C:\Users\Christian\Documents\My Violet.Theme:KAVICHS
      @Alternate Data Stream - 68 bytes -> C:\Users\Christian\Documents\My refrigerator stopped cooling on last Monday.doc:KAVICHS
      @Alternate Data Stream - 68 bytes -> C:\Users\Christian\Documents\My Grey.Theme:KAVICHS
      @Alternate Data Stream - 68 bytes -> C:\Users\Christian\Documents\My Grey 2.Theme:KAVICHS
      @Alternate Data Stream - 68 bytes -> C:\Users\Christian\Documents\My Favorite Theme.theme:KAVICHS
      @Alternate Data Stream - 68 bytes -> C:\Users\Christian\Documents\My BLUE222.Theme:KAVICHS
      @Alternate Data Stream - 68 bytes -> C:\Users\Christian\Documents\My Admin Theme.Theme:KAVICHS
      @Alternate Data Stream - 68 bytes -> C:\Users\Christian\Documents\LInkSYS.doc:KAVICHS
      @Alternate Data Stream - 68 bytes -> C:\Users\Christian\Documents\Home_Expense.doc.lnk:KAVICHS
      @Alternate Data Stream - 36 bytes -> C:\Users\Christian\Documents\Yahoo.doc:KAVICHS
      @Alternate Data Stream - 36 bytes -> C:\Users\Christian\Documents\XXXJRRebateEverything.pdf:KAVICHS
      @Alternate Data Stream - 36 bytes -> C:\Users\Christian\Documents\XXX.pdf:KAVICHS
      @Alternate Data Stream - 36 bytes -> C:\Users\Christian\Documents\XXX.log:KAVICHS
      @Alternate Data Stream - 36 bytes -> C:\Users\Christian\Documents\XPGAMES.doc:KAVICHS
      @Alternate Data Stream - 36 bytes -> C:\Users\Christian\Documents\XP Corp Key.doc:KAVICHS
      @Alternate Data Stream - 36 bytes -> C:\Users\Christian\Documents\WonJAE.doc:KAVICHS
      @Alternate Data Stream - 36 bytes -> C:\Users\Christian\Documents\WIRELESSNETWORK.doc:KAVICHS
      @Alternate Data Stream - 36 bytes -> C:\Users\Christian\Documents\Where can I get a license renewal application.doc:KAVICHS
      @Alternate Data Stream - 36 bytes -> C:\Users\Christian\Documents\What documents we need for processing your application.doc:KAVICHS
      @Alternate Data Stream - 36 bytes -> C:\Users\Christian\Documents\WARWICK1.doc:KAVICHS
      @Alternate Data Stream - 36 bytes -> C:\Users\Christian\Documents\Warwick.htm:KAVICHS
      @Alternate Data Stream - 36 bytes -> C:\Users\Christian\Documents\Warwick.doc:KAVICHS
      @Alternate Data Stream - 36 bytes -> C:\Users\Christian\Documents\VisitingScholar.doc:KAVICHS
      @Alternate Data Stream - 36 bytes -> C:\Users\Christian\Documents\visaapp.doc:KAVICHS
      @Alternate Data Stream - 36 bytes -> C:\Users\Christian\Documents\View Participation by Instructor (Response).htm:KAVICHS
      @Alternate Data Stream - 36 bytes -> C:\Users\Christian\Documents\USCIS' new photographic specifications.pdf:KAVICHS
      @Alternate Data Stream - 36 bytes -> C:\Users\Christian\Documents\Unlock Everything.doc:KAVICHS
      @Alternate Data Stream - 36 bytes -> C:\Users\Christian\Documents\To.doc:KAVICHS
      @Alternate Data Stream - 36 bytes -> C:\Users\Christian\Documents\To The US Consulate.doc:KAVICHS
      @Alternate Data Stream - 36 bytes -> C:\Users\Christian\Documents\To the dog owner.doc:KAVICHS
      @Alternate Data Stream - 36 bytes -> C:\Users\Christian\Documents\Therese_de_Lisieux.doc:KAVICHS
      @Alternate Data Stream - 36 bytes -> C:\Users\Christian\Documents\There.htm:KAVICHS
      @Alternate Data Stream - 36 bytes -> C:\Users\Christian\Documents\TenureClock.doc:KAVICHS
      @Alternate Data Stream - 36 bytes -> C:\Users\Christian\Documents\Tennis.xgp:KAVICHS
      @Alternate Data Stream - 36 bytes -> C:\Users\Christian\Documents\Teaching & Research Application.doc:KAVICHS
      @Alternate Data Stream - 36 bytes -> C:\Users\Christian\Documents\SUCCESSSUCCESS.doc:KAVICHS
      @Alternate Data Stream - 36 bytes -> C:\Users\Christian\Documents\STRESS.doc:KAVICHS
      @Alternate Data Stream - 36 bytes -> C:\Users\Christian\Documents\Streamer.doc:KAVICHS
      @Alternate Data Stream - 36 bytes -> C:\Users\Christian\Documents\Start.doc:KAVICHS
      @Alternate Data Stream - 36 bytes -> C:\Users\Christian\Documents\SSCARD.doc:KAVICHS
      @Alternate Data Stream - 36 bytes -> C:\Users\Christian\Documents\SpyKiller2003.exe:KAVICHS
      @Alternate Data Stream - 36 bytes -> C:\Users\Christian\Documents\spider.sav:KAVICHS
      @Alternate Data Stream - 36 bytes -> C:\Users\Christian\Documents\Soldering.doc:KAVICHS
      @Alternate Data Stream - 36 bytes -> C:\Users\Christian\Documents\Serial Nero 6.doc:KAVICHS
      @Alternate Data Stream - 36 bytes -> C:\Users\Christian\Documents\Searched terms.doc:KAVICHS
      @Alternate Data Stream - 36 bytes -> C:\Users\Christian\Documents\SamuelStern.doc:KAVICHS
      @Alternate Data Stream - 36 bytes -> C:\Users\Christian\Documents\Samsung.htm:KAVICHS
      @Alternate Data Stream - 36 bytes -> C:\Users\Christian\Documents\Sales promotion tools such as limited time offer.doc:KAVICHS
      @Alternate Data Stream - 36 bytes -> C:\Users\Christian\Documents\RyePolice.doc:KAVICHS
      @Alternate Data Stream - 36 bytes -> C:\Users\Christian\Documents\Rosalyn Washington.doc:KAVICHS
      @Alternate Data Stream - 36 bytes -> C:\Users\Christian\Documents\ROCCO.doc:KAVICHS
      @Alternate Data Stream - 36 bytes -> C:\Users\Christian\Documents\Reviews JCR.doc:KAVICHS
      @Alternate Data Stream - 36 bytes -> C:\Users\Christian\Documents\Refinance.doc:KAVICHS
      @Alternate Data Stream - 36 bytes -> C:\Users\Christian\Documents\readme.pdf:KAVICHS
      @Alternate Data Stream - 36 bytes -> C:\Users\Christian\Documents\qqq.prn:KAVICHS
      @Alternate Data Stream - 36 bytes -> C:\Users\Christian\Documents\qqq.pdf:KAVICHS
      @Alternate Data Stream - 36 bytes -> C:\Users\Christian\Documents\qqq.log:KAVICHS
      @Alternate Data Stream - 36 bytes -> C:\Users\Christian\Documents\Prof Bagozzi.doc:KAVICHS
      @Alternate Data Stream - 36 bytes -> C:\Users\Christian\Documents\precision american hotrod 2.tif:KAVICHS
      @Alternate Data Stream - 36 bytes -> C:\Users\Christian\Documents\Please complete the following information and eMail it back to us so that we.doc:KAVICHS
      @Alternate Data Stream - 36 bytes -> C:\Users\Christian\Documents\PhD list2.xls:KAVICHS
      @Alternate Data Stream - 36 bytes -> C:\Users\Christian\Documents\PhD list.xls:KAVICHS
      @Alternate Data Stream - 36 bytes -> C:\Users\Christian\Documents\PDFPro.doc:KAVICHS
      @Alternate Data Stream - 36 bytes -> C:\Users\Christian\Documents\pdf.doc:KAVICHS
      @Alternate Data Stream - 36 bytes -> C:\Users\Christian\Documents\ParkingTicket.doc:KAVICHS
      @Alternate Data Stream - 36 bytes -> C:\Users\Christian\Documents\Order.doc:KAVICHS
      @Alternate Data Stream - 36 bytes -> C:\Users\Christian\Documents\OE6COMPACT.doc:KAVICHS
      @Alternate Data Stream - 36 bytes -> C:\Users\Christian\Documents\OCR0001.wri:KAVICHS
      @Alternate Data Stream - 36 bytes -> C:\Users\Christian\Documents\NOISEPROBLEM.doc:KAVICHS
      @Alternate Data Stream - 36 bytes -> C:\Users\Christian\Documents\NEW PC STUFF.doc:KAVICHS
      @Alternate Data Stream - 36 bytes -> C:\Users\Christian\Documents\Neighbors****ingDog.doc:KAVICHS
      @Alternate Data Stream - 36 bytes -> C:\Users\Christian\Documents\myxbox.xgp:KAVICHS
      @Alternate Data Stream - 36 bytes -> C:\Users\Christian\Documents\MyImageRobot.jsc:KAVICHS
      @Alternate Data Stream - 36 bytes -> C:\Users\Christian\Documents\My wife had an accident this morning.doc:KAVICHS
      @Alternate Data Stream - 36 bytes -> C:\Users\Christian\Documents\My Violet 2.Theme:KAVICHS
      @Alternate Data Stream - 36 bytes -> C:\Users\Christian\Documents\My thoughts.doc:KAVICHS
      @Alternate Data Stream - 36 bytes -> C:\Users\Christian\Documents\My Resolutions in 2005.doc:KAVICHS
      @Alternate Data Stream - 36 bytes -> C:\Users\Christian\Documents\My Goals in 2004.doc:KAVICHS
      @Alternate Data Stream - 36 bytes -> C:\Users\Christian\Documents\mv619.pdf:KAVICHS
      @Alternate Data Stream - 36 bytes -> C:\Users\Christian\Documents\Murium.doc:KAVICHS
      @Alternate Data Stream - 36 bytes -> C:\Users\Christian\Documents\MOTOGP2.doc:KAVICHS
      @Alternate Data Stream - 36 bytes -> C:\Users\Christian\Documents\MOTHERBOARDUPGRADE.doc:KAVICHS
      @Alternate Data Stream - 36 bytes -> C:\Users\Christian\Documents\MONKEY.doc:KAVICHS
      @Alternate Data Stream - 36 bytes -> C:\Users\Christian\Documents\MKT3000.doc:KAVICHS
      @Alternate Data Stream - 36 bytes -> C:\Users\Christian\Documents\Mistakes to be corrected on the contract.doc:KAVICHS
      @Alternate Data Stream - 36 bytes -> C:\Users\Christian\Documents\MiltonLetter.doc:KAVICHS
      @Alternate Data Stream - 36 bytes -> C:\Users\Christian\Documents\Milton.doc:KAVICHS
      @Alternate Data Stream - 36 bytes -> C:\Users\Christian\Documents\MidGoOver.ppt:KAVICHS
      @Alternate Data Stream - 36 bytes -> C:\Users\Christian\Documents\Microsoft Word - readme.pdf:KAVICHS
      @Alternate Data Stream - 36 bytes -> C:\Users\Christian\Documents\Microsoft Word - JRRebateEverything.pdf:KAVICHS
      @Alternate Data Stream - 36 bytes -> C:\Users\Christian\Documents\MEMORANDUMS FOR OFFICE HOURS.doc:KAVICHS
      @Alternate Data Stream - 36 bytes -> C:\Users\Christian\Documents\Memo to instructors.doc:KAVICHS
      @Alternate Data Stream - 36 bytes -> C:\Users\Christian\Documents\LINKSYS.pdf:KAVICHS
      @Alternate Data Stream - 36 bytes -> C:\Users\Christian\Documents\Limited Warranty.doc:KAVICHS
      @Alternate Data Stream - 36 bytes -> C:\Users\Christian\Documents\life.doc:KAVICHS
      @Alternate Data Stream - 36 bytes -> C:\Users\Christian\Documents\LETTERtoALANA.doc:KAVICHS
      @Alternate Data Stream - 36 bytes -> C:\Users\Christian\Documents\Let me raise an issue unique to international faculty.doc:KAVICHS
      @Alternate Data Stream - 36 bytes -> C:\Users\Christian\Documents\Last.ppt:KAVICHS
      @Alternate Data Stream - 36 bytes -> C:\Users\Christian\Documents\Kramer.txt:KAVICHS
      @Alternate Data Stream - 36 bytes -> C:\Users\Christian\Documents\KINGChess.doc:KAVICHS
      @Alternate Data Stream - 36 bytes -> C:\Users\Christian\Documents\Katie.doc:KAVICHS
      @Alternate Data Stream - 36 bytes -> C:\Users\Christian\Documents\John Dugan Dean of Faculty.doc:KAVICHS
      @Alternate Data Stream - 36 bytes -> C:\Users\Christian\Documents\JCP Author Feedback Questionnaire.doc:KAVICHS
      @Alternate Data Stream - 36 bytes -> C:\Users\Christian\Documents\ISO1.nri:KAVICHS
      @Alternate Data Stream - 36 bytes -> C:\Users\Christian\Documents\Is it possible for some Milton school cub scouts to visit your fire station.doc:KAVICHS
      @Alternate Data Stream - 36 bytes -> C:\Users\Christian\Documents\IRB.doc:KAVICHS
      @Alternate Data Stream - 36 bytes -> C:\Users\Christian\Documents\INVOICE.doc:KAVICHS
      @Alternate Data Stream - 36 bytes -> C:\Users\Christian\Documents\Insurance.doc:KAVICHS
      @Alternate Data Stream - 36 bytes -> C:\Users\Christian\Documents\INSINSINSINSINSINS.doc:KAVICHS
      @Alternate Data Stream - 36 bytes -> C:\Users\Christian\Documents\IKEA.doc:KAVICHS
      @Alternate Data Stream - 36 bytes -> C:\Users\Christian\Documents\I.doc:KAVICHS
      @Alternate Data Stream - 36 bytes -> C:\Users\Christian\Documents\I want to make an appointment for clean space installation.doc:KAVICHS
      @Alternate Data Stream - 36 bytes -> C:\Users\Christian\Documents\I have a question about my order.doc:KAVICHS
      @Alternate Data Stream - 36 bytes -> C:\Users\Christian\Documents\I had several services done at your dealership including brake pads replacement.doc:KAVICHS
      @Alternate Data Stream - 36 bytes -> C:\Users\Christian\Documents\I got two estimates from two different auto body shops.doc:KAVICHS
      @Alternate Data Stream - 36 bytes -> C:\Users\Christian\Documents\HyeongMinKimCV.doc:KAVICHS
      @Alternate Data Stream - 36 bytes -> C:\Users\Christian\Documents\Hyeong.doc:KAVICHS
      @Alternate Data Stream - 36 bytes -> C:\Users\Christian\Documents\Hyeong Min.doc:KAVICHS
      @Alternate Data Stream - 36 bytes -> C:\Users\Christian\Documents\Hyeong Min Kim.doc:KAVICHS
      @Alternate Data Stream - 36 bytes -> C:\Users\Christian\Documents\Hyeong Min Kim Teaching & Research Application.doc:KAVICHS
      @Alternate Data Stream - 36 bytes -> C:\Users\Christian\Documents\Hyeong Min Ki2.doc:KAVICHS
      @Alternate Data Stream - 36 bytes -> C:\Users\Christian\Documents\Hyeong Min Ki1.doc:KAVICHS
      @Alternate Data Stream - 36 bytes -> C:\Users\Christian\Documents\HUMANESocietyCall.doc:KAVICHS
      @Alternate Data Stream - 36 bytes -> C:\Users\Christian\Documents\HumaneSociety.doc:KAVICHS
      @Alternate Data Stream - 36 bytes -> C:\Users\Christian\Documents\How To Adjust Your Rear Derailleur.doc:KAVICHS
      @Alternate Data Stream - 36 bytes -> C:\Users\Christian\Documents\HomeMay.doc:KAVICHS
      @Alternate Data Stream - 36 bytes -> C:\Users\Christian\Documents\Home_Expense.doc:KAVICHS
      @Alternate Data Stream - 36 bytes -> C:\Users\Christian\Documents\HelenBurns.doc:KAVICHS
      @Alternate Data Stream - 36 bytes -> C:\Users\Christian\Documents\H1b.doc:KAVICHS
      @Alternate Data Stream - 36 bytes -> C:\Users\Christian\Documents\Gulotta Barking Log.doc:KAVICHS
      @Alternate Data Stream - 36 bytes -> C:\Users\Christian\Documents\Guest of.doc:KAVICHS
      @Alternate Data Stream - 36 bytes -> C:\Users\Christian\Documents\GreenCardNoticeforWilliam.doc:KAVICHS
      @Alternate Data Stream - 36 bytes -> C:\Users\Christian\Documents\GarySoldow.doc:KAVICHS
      @Alternate Data Stream - 36 bytes -> C:\Users\Christian\Documents\GA Evaluation Form spr'05.doc:KAVICHS
      @Alternate Data Stream - 36 bytes -> C:\Users\Christian\Documents\****ING-DOG.doc:KAVICHS
      @Alternate Data Stream - 36 bytes -> C:\Users\Christian\Documents\****ingDavid.doc:KAVICHS
      @Alternate Data Stream - 36 bytes -> C:\Users\Christian\Documents\From1.doc:KAVICHS
      @Alternate Data Stream - 36 bytes -> C:\Users\Christian\Documents\From.doc:KAVICHS
      @Alternate Data Stream - 36 bytes -> C:\Users\Christian\Documents\FreedomCheat.doc:KAVICHS
      @Alternate Data Stream - 36 bytes -> C:\Users\Christian\Documents\For college.doc:KAVICHS
      @Alternate Data Stream - 36 bytes -> C:\Users\Christian\Documents\Flood.doc:KAVICHS
      @Alternate Data Stream - 36 bytes -> C:\Users\Christian\Documents\FinePrintHack.doc:KAVICHS
      @Alternate Data Stream - 36 bytes -> C:\Users\Christian\Documents\FIFA SOCCER 2005.doc:KAVICHS
      @Alternate Data Stream - 36 bytes -> C:\Users\Christian\Documents\Fidelis Kim.doc:KAVICHS
      @Alternate Data Stream - 36 bytes -> C:\Users\Christian\Documents\Fender.htm:KAVICHS
      @Alternate Data Stream - 36 bytes -> C:\Users\Christian\Documents\FENDER.doc:KAVICHS
      @Alternate Data Stream - 36 bytes -> C:\Users\Christian\Documents\fake brand pretestModified.doc:KAVICHS
      @Alternate Data Stream - 36 bytes -> C:\Users\Christian\Documents\Eye.pdf:KAVICHS
      @Alternate Data Stream - 36 bytes -> C:\Users\Christian\Documents\EE1B~1.DOC:KAVICHS
      @Alternate Data Stream - 36 bytes -> C:\Users\Christian\Documents\EdmondAddress.doc:KAVICHS
      @Alternate Data Stream - 36 bytes -> C:\Users\Christian\Documents\Driver License.pdf:KAVICHS
      @Alternate Data Stream - 36 bytes -> C:\Users\Christian\Documents\DogLEgal.doc:KAVICHS
      @Alternate Data Stream - 36 bytes -> C:\Users\Christian\Documents\Dawn's20visit.doc:KAVICHS
      @Alternate Data Stream - 36 bytes -> C:\Users\Christian\Documents\CUCMort.doc:KAVICHS
      @Alternate Data Stream - 36 bytes -> C:\Users\Christian\Documents\CUC yesterday.doc:KAVICHS
      @Alternate Data Stream - 36 bytes -> C:\Users\Christian\Documents\CubScout.doc:KAVICHS
      @Alternate Data Stream - 36 bytes -> C:\Users\Christian\Documents\Crucifixion.doc:KAVICHS
      @Alternate Data Stream - 36 bytes -> C:\Users\Christian\Documents\COVER LETTER.doc:KAVICHS
      @Alternate Data Stream - 36 bytes -> C:\Users\Christian\Documents\Corporate.pdf:KAVICHS
      @Alternate Data Stream - 36 bytes -> C:\Users\Christian\Documents\Company.pdf:KAVICHS
      @Alternate Data Stream - 36 bytes -> C:\Users\Christian\Documents\Communication.doc:KAVICHS
      @Alternate Data Stream - 36 bytes -> C:\Users\Christian\Documents\CLP150Manual.pdf:KAVICHS
      @Alternate Data Stream - 36 bytes -> C:\Users\Christian\Documents\CLP150Install.pdf:KAVICHS
      @Alternate Data Stream - 36 bytes -> C:\Users\Christian\Documents\CloneCDRegisteration.doc:KAVICHS
      @Alternate Data Stream - 36 bytes -> C:\Users\Christian\Documents\ChessOpening.doc:KAVICHS
      @Alternate Data Stream - 36 bytes -> C:\Users\Christian\Documents\ChessMasterPerson.doc:KAVICHS
      @Alternate Data Stream - 36 bytes -> C:\Users\Christian\Documents\CeilingStainPaint.doc:KAVICHS
      @Alternate Data Stream - 36 bytes -> C:\Users\Christian\Documents\CAMRYSQEAUL.doc:KAVICHS
      @Alternate Data Stream - 36 bytes -> C:\Users\Christian\Documents\bookmark.htm:KAVICHS
      @Alternate Data Stream - 36 bytes -> C:\Users\Christian\Documents\baseball.pdf:KAVICHS
      @Alternate Data Stream - 36 bytes -> C:\Users\Christian\Documents\Baruchhire.doc:KAVICHS
      @Alternate Data Stream - 36 bytes -> C:\Users\Christian\Documents\Baruchad3.psp:KAVICHS
      @Alternate Data Stream - 36 bytes -> C:\Users\Christian\Documents\BaruchAd.psp:KAVICHS
      @Alternate Data Stream - 36 bytes -> C:\Users\Christian\Documents\Baruch2.psp:KAVICHS
      @Alternate Data Stream - 36 bytes -> C:\Users\Christian\Documents\Baruch.doc:KAVICHS
      @Alternate Data Stream - 36 bytes -> C:\Users\Christian\Documents\BARKINGDOG.doc:KAVICHS
      @Alternate Data Stream - 36 bytes -> C:\Users\Christian\Documents\BARKING.doc:KAVICHS
      @Alternate Data Stream - 36 bytes -> C:\Users\Christian\Documents\August 18, 2005 (2).max:KAVICHS
      @Alternate Data Stream - 36 bytes -> C:\Users\Christian\Documents\ATI.doc:KAVICHS
      @Alternate Data Stream - 36 bytes -> C:\Users\Christian\Documents\Asmodeusoft.doc:KAVICHS
      @Alternate Data Stream - 36 bytes -> C:\Users\Christian\Documents\Application.txt:KAVICHS
      @Alternate Data Stream - 36 bytes -> C:\Users\Christian\Documents\AMEX.doc:KAVICHS
      @Alternate Data Stream - 36 bytes -> C:\Users\Christian\Documents\Address_Labels.doc:KAVICHS
      @Alternate Data Stream - 36 bytes -> C:\Users\Christian\Documents\Adawareback.awb:KAVICHS
      @Alternate Data Stream - 36 bytes -> C:\Users\Christian\Documents\AcrobatSerial.doc:KAVICHS
      @Alternate Data Stream - 36 bytes -> C:\Users\Christian\Documents\About Exam 2.htm:KAVICHS
      @Alternate Data Stream - 36 bytes -> C:\Users\Christian\Documents\aaw6.exe:KAVICHS
      @Alternate Data Stream - 36 bytes -> C:\Users\Christian\Documents\A log of the time I heard the dog constantly barking.doc:KAVICHS
      @Alternate Data Stream - 36 bytes -> C:\Users\Christian\Documents\A letter to myself.doc:KAVICHS
      @Alternate Data Stream - 36 bytes -> C:\Users\Christian\Documents\958159504.doc:KAVICHS
      @Alternate Data Stream - 36 bytes -> C:\Users\Christian\Documents\602-750.doc:KAVICHS
      @Alternate Data Stream - 36 bytes -> C:\Users\Christian\Documents\529.doc:KAVICHS
      @Alternate Data Stream - 36 bytes -> C:\Users\Christian\Documents\38B9~1.DOC:KAVICHS
      @Alternate Data Stream - 36 bytes -> C:\Users\Christian\Documents\356B9~1.DOC:KAVICHS
      @Alternate Data Stream - 227 bytes -> C:\ProgramData\TEMP:B3D74A13
      @Alternate Data Stream - 205 bytes -> C:\ProgramData\TEMP:8927A071
      @Alternate Data Stream - 152 bytes -> C:\ProgramData\TEMP:DFC5A2B2
      @Alternate Data Stream - 128 bytes -> C:\Windows\System32\zlib.dll:SummaryInformation
      @Alternate Data Stream - 127 bytes -> C:\ProgramData\TEMP:430C6D84
      @Alternate Data Stream - 124 bytes -> C:\Windows\System32\zlib.dll:DocumentSummaryInformation
      @Alternate Data Stream - 119 bytes -> C:\ProgramData\TEMP:8303F807
      @Alternate Data Stream - 112 bytes -> C:\ProgramData\TEMP:333D43C5
      
      :Services
      
      :Reg
      [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]
      "DisableMonitoring" =-
      
      :Files
      
      :Commands
      [purity]
      [emptytemp]
      [emptyflash]
      [Reboot]
      
    • Then click the Run Fix button at the top
    • Let the program run unhindered, reboot the PC when it is done
    • You will get a log that shows the results of the fix. Please post it.

    ========================================================================

    Last scans...

    1. Download Security Check from HERE, and save it to your Desktop.
    • Double-click SecurityCheck.exe
    • Follow the onscreen instructions inside of the black box.
    • A Notepad document should open automatically called checkup.txt; please post the contents of that document.

      NOTE SecurityCheck may produce some false warning(s), so leave the results reading to me.


    2. Download Temp File Cleaner (TFC)
    • Double click on TFC.exe to run the program.
    • Click on Start button to begin cleaning process.
    • TFC will close all running programs, and it may ask you to restart computer.


    3. Please run a free online scan with the ESET Online Scanner

    • Disable your antivirus program
    • Tick the box next to YES, I accept the Terms of Use
    • Click Start
    • IMPORTANT! UN-check Remove found threats
    • Accept any security warnings from your browser.
    • Check Scan archives
    • Click Start
    • ESET will then download updates for itself, install itself, and begin scanning your computer. Please be patient as this can take some time.
    • When the scan completes, push List of found threats
    • Click on Export to text file , and save the file to your desktop using a unique name, such as ESETScan. Include the contents of this report in your next reply.
    • NOTE. If Eset won't find any threats, it won't produce any log.
  20. ChriskK

    ChriskK Newcomer, in training Topic Starter Posts: 18

    ========== OTL ==========
    Service NOD32krn stopped successfully!
    Service NOD32krn deleted successfully!
    Registry value HKEY_USERS\S-1-5-21-4167628224-1300899903-4152363779-1000\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{C55BBCD6-41AD-48AD-9953-3609C48EACC7} deleted successfully.
    Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{C55BBCD6-41AD-48AD-9953-3609C48EACC7}\ not found.
    ADS C:\Users\Christian\Documents\Shortcut to NHL 2005.lnk:KAVICHS deleted successfully.
    ADS C:\Users\Christian\Documents\PASSWORDS.doc:KAVICHS deleted successfully.
    ADS C:\Users\Christian\Documents\MyTheme.Theme:KAVICHS deleted successfully.
    ADS C:\Users\Christian\Documents\MySylvain.Theme:KAVICHS deleted successfully.
    ADS C:\Users\Christian\Documents\MySilver.Theme:KAVICHS deleted successfully.
    ADS C:\Users\Christian\Documents\MyGreen.Theme:KAVICHS deleted successfully.
    ADS C:\Users\Christian\Documents\MyBlue.Theme:KAVICHS deleted successfully.
    ADS C:\Users\Christian\Documents\My.Theme:KAVICHS deleted successfully.
    ADS C:\Users\Christian\Documents\My Violet.Theme:KAVICHS deleted successfully.
    ADS C:\Users\Christian\Documents\My refrigerator stopped cooling on last Monday.doc:KAVICHS deleted successfully.
    ADS C:\Users\Christian\Documents\My Grey.Theme:KAVICHS deleted successfully.
    ADS C:\Users\Christian\Documents\My Grey 2.Theme:KAVICHS deleted successfully.
    ADS C:\Users\Christian\Documents\My Favorite Theme.theme:KAVICHS deleted successfully.
    ADS C:\Users\Christian\Documents\My BLUE222.Theme:KAVICHS deleted successfully.
    ADS C:\Users\Christian\Documents\My Admin Theme.Theme:KAVICHS deleted successfully.
    ADS C:\Users\Christian\Documents\LInkSYS.doc:KAVICHS deleted successfully.
    ADS C:\Users\Christian\Documents\Home_Expense.doc.lnk:KAVICHS deleted successfully.
    ADS C:\Users\Christian\Documents\Yahoo.doc:KAVICHS deleted successfully.
    ADS C:\Users\Christian\Documents\XXXJRRebateEverything.pdf:KAVICHS deleted successfully.
    ADS C:\Users\Christian\Documents\XXX.pdf:KAVICHS deleted successfully.
    ADS C:\Users\Christian\Documents\XXX.log:KAVICHS deleted successfully.
    ADS C:\Users\Christian\Documents\XPGAMES.doc:KAVICHS deleted successfully.
    ADS C:\Users\Christian\Documents\XP Corp Key.doc:KAVICHS deleted successfully.
    ADS C:\Users\Christian\Documents\WonJAE.doc:KAVICHS deleted successfully.
    ADS C:\Users\Christian\Documents\WIRELESSNETWORK.doc:KAVICHS deleted successfully.
    ADS C:\Users\Christian\Documents\Where can I get a license renewal application.doc:KAVICHS deleted successfully.
    ADS C:\Users\Christian\Documents\What documents we need for processing your application.doc:KAVICHS deleted successfully.
    ADS C:\Users\Christian\Documents\WARWICK1.doc:KAVICHS deleted successfully.
    ADS C:\Users\Christian\Documents\Warwick.htm:KAVICHS deleted successfully.
    ADS C:\Users\Christian\Documents\Warwick.doc:KAVICHS deleted successfully.
    ADS C:\Users\Christian\Documents\VisitingScholar.doc:KAVICHS deleted successfully.
    ADS C:\Users\Christian\Documents\visaapp.doc:KAVICHS deleted successfully.
    ADS C:\Users\Christian\Documents\View Participation by Instructor (Response).htm:KAVICHS deleted successfully.
    ADS C:\Users\Christian\Documents\USCIS' new photographic specifications.pdf:KAVICHS deleted successfully.
    ADS C:\Users\Christian\Documents\Unlock Everything.doc:KAVICHS deleted successfully.
    ADS C:\Users\Christian\Documents\To.doc:KAVICHS deleted successfully.
    ADS C:\Users\Christian\Documents\To The US Consulate.doc:KAVICHS deleted successfully.
    ADS C:\Users\Christian\Documents\To the dog owner.doc:KAVICHS deleted successfully.
    ADS C:\Users\Christian\Documents\Therese_de_Lisieux.doc:KAVICHS deleted successfully.
    ADS C:\Users\Christian\Documents\There.htm:KAVICHS deleted successfully.
    ADS C:\Users\Christian\Documents\TenureClock.doc:KAVICHS deleted successfully.
    ADS C:\Users\Christian\Documents\Tennis.xgp:KAVICHS deleted successfully.
    ADS C:\Users\Christian\Documents\Teaching & Research Application.doc:KAVICHS deleted successfully.
    ADS C:\Users\Christian\Documents\SUCCESSSUCCESS.doc:KAVICHS deleted successfully.
    ADS C:\Users\Christian\Documents\STRESS.doc:KAVICHS deleted successfully.
    ADS C:\Users\Christian\Documents\Streamer.doc:KAVICHS deleted successfully.
    ADS C:\Users\Christian\Documents\Start.doc:KAVICHS deleted successfully.
    ADS C:\Users\Christian\Documents\SSCARD.doc:KAVICHS deleted successfully.
    ADS C:\Users\Christian\Documents\SpyKiller2003.exe:KAVICHS deleted successfully.
    ADS C:\Users\Christian\Documents\spider.sav:KAVICHS deleted successfully.
    ADS C:\Users\Christian\Documents\Soldering.doc:KAVICHS deleted successfully.
    ADS C:\Users\Christian\Documents\Serial Nero 6.doc:KAVICHS deleted successfully.
    ADS C:\Users\Christian\Documents\Searched terms.doc:KAVICHS deleted successfully.
    ADS C:\Users\Christian\Documents\SamuelStern.doc:KAVICHS deleted successfully.
    ADS C:\Users\Christian\Documents\Samsung.htm:KAVICHS deleted successfully.
    ADS C:\Users\Christian\Documents\Sales promotion tools such as limited time offer.doc:KAVICHS deleted successfully.
    ADS C:\Users\Christian\Documents\RyePolice.doc:KAVICHS deleted successfully.
    ADS C:\Users\Christian\Documents\Rosalyn Washington.doc:KAVICHS deleted successfully.
    ADS C:\Users\Christian\Documents\ROCCO.doc:KAVICHS deleted successfully.
    ADS C:\Users\Christian\Documents\Reviews JCR.doc:KAVICHS deleted successfully.
    ADS C:\Users\Christian\Documents\Refinance.doc:KAVICHS deleted successfully.
    ADS C:\Users\Christian\Documents\readme.pdf:KAVICHS deleted successfully.
    ADS C:\Users\Christian\Documents\qqq.prn:KAVICHS deleted successfully.
    ADS C:\Users\Christian\Documents\qqq.pdf:KAVICHS deleted successfully.
    ADS C:\Users\Christian\Documents\qqq.log:KAVICHS deleted successfully.
    ADS C:\Users\Christian\Documents\Prof Bagozzi.doc:KAVICHS deleted successfully.
    ADS C:\Users\Christian\Documents\precision american hotrod 2.tif:KAVICHS deleted successfully.
    ADS C:\Users\Christian\Documents\Please complete the following information and eMail it back to us so that we.doc:KAVICHS deleted successfully.
    ADS C:\Users\Christian\Documents\PhD list2.xls:KAVICHS deleted successfully.
    ADS C:\Users\Christian\Documents\PhD list.xls:KAVICHS deleted successfully.
    ADS C:\Users\Christian\Documents\PDFPro.doc:KAVICHS deleted successfully.
    ADS C:\Users\Christian\Documents\pdf.doc:KAVICHS deleted successfully.
    ADS C:\Users\Christian\Documents\ParkingTicket.doc:KAVICHS deleted successfully.
    ADS C:\Users\Christian\Documents\Order.doc:KAVICHS deleted successfully.
    ADS C:\Users\Christian\Documents\OE6COMPACT.doc:KAVICHS deleted successfully.
    ADS C:\Users\Christian\Documents\OCR0001.wri:KAVICHS deleted successfully.
    ADS C:\Users\Christian\Documents\NOISEPROBLEM.doc:KAVICHS deleted successfully.
    ADS C:\Users\Christian\Documents\NEW PC STUFF.doc:KAVICHS deleted successfully.
    Unable to delete ADS C:\Users\Christian\Documents\Neighbors****ingDog.doc:KAVICHS .
    ADS C:\Users\Christian\Documents\myxbox.xgp:KAVICHS deleted successfully.
    ADS C:\Users\Christian\Documents\MyImageRobot.jsc:KAVICHS deleted successfully.
    ADS C:\Users\Christian\Documents\My wife had an accident this morning.doc:KAVICHS deleted successfully.
    ADS C:\Users\Christian\Documents\My Violet 2.Theme:KAVICHS deleted successfully.
    ADS C:\Users\Christian\Documents\My thoughts.doc:KAVICHS deleted successfully.
    ADS C:\Users\Christian\Documents\My Resolutions in 2005.doc:KAVICHS deleted successfully.
    ADS C:\Users\Christian\Documents\My Goals in 2004.doc:KAVICHS deleted successfully.
    ADS C:\Users\Christian\Documents\mv619.pdf:KAVICHS deleted successfully.
    ADS C:\Users\Christian\Documents\Murium.doc:KAVICHS deleted successfully.
    ADS C:\Users\Christian\Documents\MOTOGP2.doc:KAVICHS deleted successfully.
    ADS C:\Users\Christian\Documents\MOTHERBOARDUPGRADE.doc:KAVICHS deleted successfully.
    ADS C:\Users\Christian\Documents\MONKEY.doc:KAVICHS deleted successfully.
    ADS C:\Users\Christian\Documents\MKT3000.doc:KAVICHS deleted successfully.
    ADS C:\Users\Christian\Documents\Mistakes to be corrected on the contract.doc:KAVICHS deleted successfully.
    ADS C:\Users\Christian\Documents\MiltonLetter.doc:KAVICHS deleted successfully.
    ADS C:\Users\Christian\Documents\Milton.doc:KAVICHS deleted successfully.
    ADS C:\Users\Christian\Documents\MidGoOver.ppt:KAVICHS deleted successfully.
    ADS C:\Users\Christian\Documents\Microsoft Word - readme.pdf:KAVICHS deleted successfully.
    ADS C:\Users\Christian\Documents\Microsoft Word - JRRebateEverything.pdf:KAVICHS deleted successfully.
    ADS C:\Users\Christian\Documents\MEMORANDUMS FOR OFFICE HOURS.doc:KAVICHS deleted successfully.
    ADS C:\Users\Christian\Documents\Memo to instructors.doc:KAVICHS deleted successfully.
    ADS C:\Users\Christian\Documents\LINKSYS.pdf:KAVICHS deleted successfully.
    ADS C:\Users\Christian\Documents\Limited Warranty.doc:KAVICHS deleted successfully.
    ADS C:\Users\Christian\Documents\life.doc:KAVICHS deleted successfully.
    ADS C:\Users\Christian\Documents\LETTERtoALANA.doc:KAVICHS deleted successfully.
    ADS C:\Users\Christian\Documents\Let me raise an issue unique to international faculty.doc:KAVICHS deleted successfully.
    ADS C:\Users\Christian\Documents\Last.ppt:KAVICHS deleted successfully.
    ADS C:\Users\Christian\Documents\Kramer.txt:KAVICHS deleted successfully.
    ADS C:\Users\Christian\Documents\KINGChess.doc:KAVICHS deleted successfully.
    ADS C:\Users\Christian\Documents\Katie.doc:KAVICHS deleted successfully.
    ADS C:\Users\Christian\Documents\John Dugan Dean of Faculty.doc:KAVICHS deleted successfully.
    ADS C:\Users\Christian\Documents\JCP Author Feedback Questionnaire.doc:KAVICHS deleted successfully.
    ADS C:\Users\Christian\Documents\ISO1.nri:KAVICHS deleted successfully.
    ADS C:\Users\Christian\Documents\Is it possible for some Milton school cub scouts to visit your fire station.doc:KAVICHS deleted successfully.
    ADS C:\Users\Christian\Documents\IRB.doc:KAVICHS deleted successfully.
    ADS C:\Users\Christian\Documents\INVOICE.doc:KAVICHS deleted successfully.
    ADS C:\Users\Christian\Documents\Insurance.doc:KAVICHS deleted successfully.
    ADS C:\Users\Christian\Documents\INSINSINSINSINSINS.doc:KAVICHS deleted successfully.
    ADS C:\Users\Christian\Documents\IKEA.doc:KAVICHS deleted successfully.
    ADS C:\Users\Christian\Documents\I.doc:KAVICHS deleted successfully.
    ADS C:\Users\Christian\Documents\I want to make an appointment for clean space installation.doc:KAVICHS deleted successfully.
    ADS C:\Users\Christian\Documents\I have a question about my order.doc:KAVICHS deleted successfully.
    ADS C:\Users\Christian\Documents\I had several services done at your dealership including brake pads replacement.doc:KAVICHS deleted successfully.
    ADS C:\Users\Christian\Documents\I got two estimates from two different auto body shops.doc:KAVICHS deleted successfully.
    ADS C:\Users\Christian\Documents\HyeongMinKimCV.doc:KAVICHS deleted successfully.
    ADS C:\Users\Christian\Documents\Hyeong.doc:KAVICHS deleted successfully.
    ADS C:\Users\Christian\Documents\Hyeong Min.doc:KAVICHS deleted successfully.
    ADS C:\Users\Christian\Documents\Hyeong Min Kim.doc:KAVICHS deleted successfully.
    ADS C:\Users\Christian\Documents\Hyeong Min Kim Teaching & Research Application.doc:KAVICHS deleted successfully.
    ADS C:\Users\Christian\Documents\Hyeong Min Ki2.doc:KAVICHS deleted successfully.
    ADS C:\Users\Christian\Documents\Hyeong Min Ki1.doc:KAVICHS deleted successfully.
    ADS C:\Users\Christian\Documents\HUMANESocietyCall.doc:KAVICHS deleted successfully.
    ADS C:\Users\Christian\Documents\HumaneSociety.doc:KAVICHS deleted successfully.
    ADS C:\Users\Christian\Documents\How To Adjust Your Rear Derailleur.doc:KAVICHS deleted successfully.
    ADS C:\Users\Christian\Documents\HomeMay.doc:KAVICHS deleted successfully.
    ADS C:\Users\Christian\Documents\Home_Expense.doc:KAVICHS deleted successfully.
    ADS C:\Users\Christian\Documents\HelenBurns.doc:KAVICHS deleted successfully.
    ADS C:\Users\Christian\Documents\H1b.doc:KAVICHS deleted successfully.
    ADS C:\Users\Christian\Documents\Gulotta Barking Log.doc:KAVICHS deleted successfully.
    ADS C:\Users\Christian\Documents\Guest of.doc:KAVICHS deleted successfully.
    ADS C:\Users\Christian\Documents\GreenCardNoticeforWilliam.doc:KAVICHS deleted successfully.
    ADS C:\Users\Christian\Documents\GarySoldow.doc:KAVICHS deleted successfully.
    ADS C:\Users\Christian\Documents\GA Evaluation Form spr'05.doc:KAVICHS deleted successfully.
    Unable to delete ADS C:\Users\Christian\Documents\****ING-DOG.doc:KAVICHS .
    Unable to delete ADS C:\Users\Christian\Documents\****ingDavid.doc:KAVICHS .
    ADS C:\Users\Christian\Documents\From1.doc:KAVICHS deleted successfully.
    ADS C:\Users\Christian\Documents\From.doc:KAVICHS deleted successfully.
    ADS C:\Users\Christian\Documents\FreedomCheat.doc:KAVICHS deleted successfully.
    ADS C:\Users\Christian\Documents\For college.doc:KAVICHS deleted successfully.
    ADS C:\Users\Christian\Documents\Flood.doc:KAVICHS deleted successfully.
    ADS C:\Users\Christian\Documents\FinePrintHack.doc:KAVICHS deleted successfully.
    ADS C:\Users\Christian\Documents\FIFA SOCCER 2005.doc:KAVICHS deleted successfully.
    ADS C:\Users\Christian\Documents\Fidelis Kim.doc:KAVICHS deleted successfully.
    ADS C:\Users\Christian\Documents\Fender.htm:KAVICHS deleted successfully.
    ADS C:\Users\Christian\Documents\FENDER.doc:KAVICHS deleted successfully.
    ADS C:\Users\Christian\Documents\fake brand pretestModified.doc:KAVICHS deleted successfully.
    ADS C:\Users\Christian\Documents\Eye.pdf:KAVICHS deleted successfully.
    ADS C:\Users\Christian\Documents\EE1B~1.DOC:KAVICHS deleted successfully.
    ADS C:\Users\Christian\Documents\EdmondAddress.doc:KAVICHS deleted successfully.
    ADS C:\Users\Christian\Documents\Driver License.pdf:KAVICHS deleted successfully.
    ADS C:\Users\Christian\Documents\DogLEgal.doc:KAVICHS deleted successfully.
    ADS C:\Users\Christian\Documents\Dawn's20visit.doc:KAVICHS deleted successfully.
    ADS C:\Users\Christian\Documents\CUCMort.doc:KAVICHS deleted successfully.
    ADS C:\Users\Christian\Documents\CUC yesterday.doc:KAVICHS deleted successfully.
    ADS C:\Users\Christian\Documents\CubScout.doc:KAVICHS deleted successfully.
    ADS C:\Users\Christian\Documents\Crucifixion.doc:KAVICHS deleted successfully.
    ADS C:\Users\Christian\Documents\COVER LETTER.doc:KAVICHS deleted successfully.
    ADS C:\Users\Christian\Documents\Corporate.pdf:KAVICHS deleted successfully.
    ADS C:\Users\Christian\Documents\Company.pdf:KAVICHS deleted successfully.
    ADS C:\Users\Christian\Documents\Communication.doc:KAVICHS deleted successfully.
    ADS C:\Users\Christian\Documents\CLP150Manual.pdf:KAVICHS deleted successfully.
    ADS C:\Users\Christian\Documents\CLP150Install.pdf:KAVICHS deleted successfully.
    ADS C:\Users\Christian\Documents\CloneCDRegisteration.doc:KAVICHS deleted successfully.
    ADS C:\Users\Christian\Documents\ChessOpening.doc:KAVICHS deleted successfully.
    ADS C:\Users\Christian\Documents\ChessMasterPerson.doc:KAVICHS deleted successfully.
    ADS C:\Users\Christian\Documents\CeilingStainPaint.doc:KAVICHS deleted successfully.
    ADS C:\Users\Christian\Documents\CAMRYSQEAUL.doc:KAVICHS deleted successfully.
    ADS C:\Users\Christian\Documents\bookmark.htm:KAVICHS deleted successfully.
    ADS C:\Users\Christian\Documents\baseball.pdf:KAVICHS deleted successfully.
    ADS C:\Users\Christian\Documents\Baruchhire.doc:KAVICHS deleted successfully.
    ADS C:\Users\Christian\Documents\Baruchad3.psp:KAVICHS deleted successfully.
    ADS C:\Users\Christian\Documents\BaruchAd.psp:KAVICHS deleted successfully.
    ADS C:\Users\Christian\Documents\Baruch2.psp:KAVICHS deleted successfully.
    ADS C:\Users\Christian\Documents\Baruch.doc:KAVICHS deleted successfully.
    ADS C:\Users\Christian\Documents\BARKINGDOG.doc:KAVICHS deleted successfully.
    ADS C:\Users\Christian\Documents\BARKING.doc:KAVICHS deleted successfully.
    ADS C:\Users\Christian\Documents\August 18, 2005 (2).max:KAVICHS deleted successfully.
    ADS C:\Users\Christian\Documents\ATI.doc:KAVICHS deleted successfully.
    ADS C:\Users\Christian\Documents\Asmodeusoft.doc:KAVICHS deleted successfully.
    ADS C:\Users\Christian\Documents\Application.txt:KAVICHS deleted successfully.
    ADS C:\Users\Christian\Documents\AMEX.doc:KAVICHS deleted successfully.
    ADS C:\Users\Christian\Documents\Address_Labels.doc:KAVICHS deleted successfully.
    ADS C:\Users\Christian\Documents\Adawareback.awb:KAVICHS deleted successfully.
    ADS C:\Users\Christian\Documents\AcrobatSerial.doc:KAVICHS deleted successfully.
    ADS C:\Users\Christian\Documents\About Exam 2.htm:KAVICHS deleted successfully.
    ADS C:\Users\Christian\Documents\aaw6.exe:KAVICHS deleted successfully.
    ADS C:\Users\Christian\Documents\A log of the time I heard the dog constantly barking.doc:KAVICHS deleted successfully.
    ADS C:\Users\Christian\Documents\A letter to myself.doc:KAVICHS deleted successfully.
    ADS C:\Users\Christian\Documents\958159504.doc:KAVICHS deleted successfully.
    ADS C:\Users\Christian\Documents\602-750.doc:KAVICHS deleted successfully.
    ADS C:\Users\Christian\Documents\529.doc:KAVICHS deleted successfully.
    ADS C:\Users\Christian\Documents\38B9~1.DOC:KAVICHS deleted successfully.
    ADS C:\Users\Christian\Documents\356B9~1.DOC:KAVICHS deleted successfully.
    ADS C:\ProgramData\TEMP:B3D74A13 deleted successfully.
    ADS C:\ProgramData\TEMP:8927A071 deleted successfully.
    ADS C:\ProgramData\TEMP:DFC5A2B2 deleted successfully.
    ADS C:\Windows\System32\zlib.dll:SummaryInformation deleted successfully.
    ADS C:\ProgramData\TEMP:430C6D84 deleted successfully.
    ADS C:\Windows\System32\zlib.dll:DocumentSummaryInformation deleted successfully.
    ADS C:\ProgramData\TEMP:8303F807 deleted successfully.
    ADS C:\ProgramData\TEMP:333D43C5 deleted successfully.
    ========== SERVICES/DRIVERS ==========
    ========== REGISTRY ==========
    Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus\\DisableMonitoring deleted successfully.
    ========== FILES ==========
    ========== COMMANDS ==========

    OTL by OldTimer - Version 3.2.22.2 log created on 03062011_001448


    Results of screen317's Security Check version 0.99.7
    Windows Vista Service Pack 2 (UAC is disabled!)
    Internet Explorer 8
    ``````````````````````````````
    Antivirus/Firewall Check:

    Windows Firewall Enabled!
    Symantec Endpoint Protection
    WMI entry may not exist for antivirus; attempting automatic update.
    ```````````````````````````````
    Anti-malware/Other Utilities Check:

    Malwarebytes' Anti-Malware
    CCleaner (remove only)
    Java(TM) 6 Update 24
    Out of date Java installed!
    Adobe Flash Player
    Adobe Reader 9
    Out of date Adobe Reader installed!
    ````````````````````````````````
    Process Check:
    objlist.exe by Laurent

    Norton ccSvcHst.exe
    Malwarebytes' Anti-Malware mbamservice.exe
    Spybot Teatimer.exe is disabled!
    ``````````End of Log````````````


    ESET log

    E:\Program Files\Unlocker\eBay_shortcuts_1016.exe Win32/Adware.ADON application
    F:\Steam\steamapps\common\bioshock 2\ntro-bs2.exe probably a variant of Win32/Bifrose.IRFFJML trojan
  21. Broni

    Broni Malware Annihilator Posts: 46,321   +252

    Update Adobe Reader

    You can download it from http://www.adobe.com/products/acrobat/readstep2.html
    After installing the latest Adobe Reader, uninstall all previous versions.
    Note. If you already have Adobe Photoshop® Album Starter Edition installed or do not wish to have it installed UNcheck the box which says Also Download Adobe Photoshop® Album Starter Edition.

    Alternatively, you can uninstall Adobe Reader (33.5 MB), download and install Foxit PDF Reader(3.5MB) from HERE.
    It's a much smaller file to download and uses a lot less resources than Adobe Reader.
    Note: When installing FoxitReader, make sure to UN-check any pre-checked toolbar, or other garbage.

    ======================================================================

    Run OTL
    • Under the Custom Scans/Fixes box at the bottom, paste in the following

      Code:
      :OTL
      
      :Services
      
      :Reg
      
      :Files
      E:\Program Files\Unlocker\eBay_shortcuts_1016.exe 
      F:\Steam\steamapps\common\bioshock 2\ntro-bs2.exe
      
      :Commands
      [purity]
      [emptytemp]
      [emptyflash]
      [Reboot]
      
    • Then click the Run Fix button at the top
    • Let the program run unhindered, reboot the PC when it is done
    • You will get a log that shows the results of the fix. Please post it.

    =======================================================================

    Your computer is clean [​IMG]

    1. We need to reset system restore to prevent your computer from being accidentally reinfected by using some old restore point(s). We'll create fresh, clean restore point, using following OTL script:

    Run OTL

    • Under the Custom Scans/Fixes box at the bottom, paste in the following:

    Code:
    :OTL
    :Commands
    [purity]
    [emptytemp]
    [EMPTYFLASH]
    [CLEARALLRESTOREPOINTS]
    [Reboot]
    • Then click the Run Fix button at the top
    • Let the program run unhindered, reboot the PC when it is done
    • Post resulting log.

    2. Now, we'll remove all tools, we used during our cleaning process

    Clean up with OTL:

    • Double-click OTL.exe to start the program.
    • Close all other programs apart from OTL as this step will require a reboot
    • On the OTL main screen, press the CLEANUP button
    • Say Yes to the prompt and then allow the program to reboot your computer.

    If you still have any tools or logs leftover on your computer you can go ahead and delete those off of your computer now.

    3. Make sure, Windows Updates are current.

    4. If any Trojan was listed among your infection(s), make sure, you change all of your on-line important passwords (bank account(s), secured web sites, etc.) immediately!

    5. Download, and install WOT (Web OF Trust): http://www.mywot.com/. It'll warn you (in most cases) about dangerous web sites.

    6. Run Malwarebytes "Quick scan" once in a while to assure safety of your computer.

    7. Run Temporary File Cleaner (TFC) weekly.

    8. Download and install Secunia Personal Software Inspector (PSI): http://secunia.com/vulnerability_scanning/personal/. The Secunia PSI is a FREE security tool designed to detect vulnerable and out-dated programs and plug-ins which expose your PC to attacks. Run it weekly.

    9. (optional) If you want to keep all your programs up to date, download and install FileHippo Update Checker.
    The Update Checker will scan your computer for installed software, check the versions and then send this information to FileHippo.com to see if there are any newer releases.

    10. Run defrag at your convenience.

    11. Read How did I get infected?, With steps so it does not happen again!: http://www.bleepingcomputer.com/forums/topic2520.html

    12. Please, let me know, how your computer is doing.
  22. ChriskK

    ChriskK Newcomer, in training Topic Starter Posts: 18

    My PC is doing great!

    All processes killed
    ========== OTL ==========
    ========== SERVICES/DRIVERS ==========
    ========== REGISTRY ==========
    ========== FILES ==========
    E:\Program Files\Unlocker\eBay_shortcuts_1016.exe moved successfully.
    F:\Steam\steamapps\common\bioshock 2\ntro-bs2.exe moved successfully.
    ========== COMMANDS ==========

    [EMPTYTEMP]

    User: All Users

    User: Christian
    ->Temp folder emptied: 51515475 bytes
    ->Temporary Internet Files folder emptied: 25110455 bytes
    ->Java cache emptied: 0 bytes
    ->FireFox cache emptied: 0 bytes
    ->Flash cache emptied: 882 bytes

    User: Default
    ->Temp folder emptied: 0 bytes
    ->Temporary Internet Files folder emptied: 0 bytes

    User: Default User
    ->Temp folder emptied: 0 bytes
    ->Temporary Internet Files folder emptied: 0 bytes

    User: Public
    ->Temp folder emptied: 0 bytes

    %systemdrive% .tmp files removed: 0 bytes
    %systemroot% .tmp files removed: 0 bytes
    %systemroot%\System32 .tmp files removed: 0 bytes
    %systemroot%\System32\drivers .tmp files removed: 0 bytes
    Windows Temp folder emptied: 0 bytes
    RecycleBin emptied: 0 bytes

    Total Files Cleaned = 73.00 mb


    [EMPTYFLASH]

    User: All Users

    User: Christian
    ->Flash cache emptied: 0 bytes

    User: Default

    User: Default User

    User: Public

    Total Flash Files Cleaned = 0.00 mb


    OTL by OldTimer - Version 3.2.22.2 log created on 03062011_125825

    Files\Folders moved on Reboot...
    C:\Users\Christian\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\UWN9M4V8\activex[1].htm moved successfully.
    C:\Users\Christian\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\UWN9M4V8\style-nurse[1].htc moved successfully.
    C:\Users\Christian\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\7VPG6N33\sh33[1].html moved successfully.
    C:\Users\Christian\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\7VPG6N33\topic162041-2[1].html moved successfully.

    Registry entries deleted on Reboot...




    All processes killed
    ========== OTL ==========
    ========== COMMANDS ==========

    [EMPTYTEMP]

    User: All Users

    User: Christian
    ->Temp folder emptied: 32511 bytes
    ->Temporary Internet Files folder emptied: 2553977 bytes
    ->Java cache emptied: 0 bytes
    ->FireFox cache emptied: 0 bytes
    ->Flash cache emptied: 456 bytes

    User: Default
    ->Temp folder emptied: 0 bytes
    ->Temporary Internet Files folder emptied: 0 bytes

    User: Default User
    ->Temp folder emptied: 0 bytes
    ->Temporary Internet Files folder emptied: 0 bytes

    User: Public
    ->Temp folder emptied: 0 bytes

    %systemdrive% .tmp files removed: 0 bytes
    %systemroot% .tmp files removed: 0 bytes
    %systemroot%\System32 .tmp files removed: 0 bytes
    %systemroot%\System32\drivers .tmp files removed: 0 bytes
    Windows Temp folder emptied: 0 bytes
    RecycleBin emptied: 5534674 bytes

    Total Files Cleaned = 8.00 mb


    [EMPTYFLASH]

    User: All Users

    User: Christian
    ->Flash cache emptied: 0 bytes

    User: Default

    User: Default User

    User: Public

    Total Flash Files Cleaned = 0.00 mb



    OTL by OldTimer - Version 3.2.22.2 log created on 03062011_130351

    Files\Folders moved on Reboot...
    C:\Users\Christian\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\Y59G32U5\sh33[1].html moved successfully.
    C:\Users\Christian\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\R977MUO9\topic162041-2[1].html moved successfully.

    Registry entries deleted on Reboot...
  23. Broni

    Broni Malware Annihilator Posts: 46,321   +252

    Way to go!! [​IMG]
    Good luck and stay safe :)
  24. ChriskK

    ChriskK Newcomer, in training Topic Starter Posts: 18

    May god bless you!!!
  25. Broni

    Broni Malware Annihilator Posts: 46,321   +252

    Same to you :)
Topic Status:
Not open for further replies.


Add New Comment

TechSpot Members
Login or sign up for free,
it takes about 30 seconds.
You may also...


Get complete access to the TechSpot community. Join thousands of technology enthusiasts that contribute and share knowledge in our forum. Get a private inbox, upload your own photo gallery and more.